chrisdonlan opened a new issue, #58337: URL: https://github.com/apache/airflow/issues/58337
### Apache Airflow version 3.1.2 ### If "Other Airflow 2/3 version" selected, which one? _No response_ ### What happened? With FIPS mode enabled, `apt update` may not be called successfully, as the image was originally built without `FIPS` enabled. ### What you think should happen instead? The image should be built with FIPS turned on to begin with, so that when extending `airflow` base image with additional dependencies, the `Fatal error: requiested algo not in md context` error does not appear during an `apt-get update`. ### How to reproduce Turn `FIPS` mode on. Descend from any image after `bullseye`, when the exception allowing `md5` verification with FIPS enabled was removed. ``` FROM apache/airflow:latest USER root RUN apt-get update ``` ### Operating System Redhat 9.6 ### Versions of Apache Airflow Providers Not relevant ### Deployment Other 3rd-party Helm chart ### Deployment details Not relevant -- just need to enable FIPS during your base image build. I have a pretty beefy machine that is crapping out on the `Dockerfile.ci` build during `lto-wrapper` (link time optimization) with args: ``` AIRFLOW_PYTHON_VERSION: 3.13.9 BASE_IMAGE: debian:bookworm-slim # and the current commit hash from docker.io ``` So I've had to modify the build to disable link time optimization during python compilation. If you could break up the "install_os_dependencies.sh" script into layers so that the build can at least ratchet forward, that would make getting something in place more straightforward. ### Anything else? _No response_ ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
