Conversation
|
Skipping CI for Draft Pull Request. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds a test container fips-nginx to verify file downloads over HTTPS with FIPS-approved cryptography. A thorough security audit found no significant vulnerabilities, though a low-risk issue regarding input validation in build.sh was noted. However, a critical issue in the Containerfile will prevent the container from building, and several suggestions have been made to improve the build.sh script's robustness and cleanliness.
| echo "Error: Missing IP address argument" | ||
| echo "Usage: $0 <ip-address>" |
There was a problem hiding this comment.
It is a best practice to redirect error and usage messages to stderr. This separates normal output from error messages and allows for better output redirection.
| echo "Error: Missing IP address argument" | |
| echo "Usage: $0 <ip-address>" | |
| echo "Error: Missing IP address argument" >&2 | |
| echo "Usage: $0 <ip-address>" >&2 |
HuijingHei
changed the title
fips.enable.https
HuijingHei
force-pushed
the
fips-nginx
branch
3 times, most recently
from
a9874f0 to
9c01bda
Compare
HuijingHei
force-pushed
the
fips-nginx
branch
2 times, most recently
from
16f1af3 to
485b749
Compare
To verify that using TLS works in FIPS mode by having Ignition fetch a remote resource over HTTPS with FIPS compatible algorithms. tests/containers: setup nginx only serves files over HTTPS with FIPS compatible algorithms. Fixes https://issues.redhat.com/browse/COS-3487
|
Hold on, looks this can only test x86_64, as I just setup the env on x86_64. Do we want to run on all multiarch? |
1 participant
To verify that using TLS works in FIPS mode by having Ignition
fetch a remote resource over HTTPS with FIPS compatible algorithms.
tests/containers: setup nginx only serves files over HTTPS with
FIPS compatible algorithms.
Fixes https://issues.redhat.com/browse/COS-3487