Test build for #1092

dcermak · SUSE Update Bot · commit c7480e601812 · 2024-05-08T14:42:27.000Z
diff --git a/base-fips-image/README.md b/base-fips-image/README.md
@@ -1,3 +1,83 @@
-# The SLE LTSS BCI 15 SP3 FIPS-140-2 Container image
+# The SUSE Linux Enterprise 15 SP3 FIPS-140-2 Container image
+
+
+
+This container image is a SUSE Linux Enterprise 15 SP3 base container image
+that includes the SLES 15 FIPS-140-2 certified OpenSSL module.
+
+The FIPS-140-2 certified OpenSSL module is a cryptographic module that provides
+a FIPS-140-2 compliant cryptographic library. The module is certified by the
+National Institute of Standards and Technology (NIST).
+
+The FIPS-140-2 certified OpenSSL module is a drop-in replacement for the
+standard OpenSSL library. It provides the same functionality as the standard
+OpenSSL library, with additional security features to meet the FIPS-140-2
+requirements.
+
+The image is configured to enforce the use of FIPS-140 mode by default via the
+environment variable `OPENSSL_FORCE_FIPS_MODE`. This variable is set to `1` in
+the image. This means that all cryptographic operations performed by the
+OpenSSL library are done in FIPS-140-2 mode.
+
+## Accessing the Container Image
+
+Accessing this container image requires a valid SUSE subscription. In order
+to access the container image, you must login to the SUSE Registry with your credentials.
+There are three ways to do that which are described below. The first two methods
+leverage the system registration of your host system, while the third method
+requires you to obtain the organisation SCC mirroring credentials.
+
+### Use the system registration of your host system
+
+If the host system you are using to build or run a container is already registered with
+the correct subscription required for accessing the LTSS container images, you can use
+the registration information from the host to log in to the registry.
+
+The file `/etc/zypp/credentials.d/SCCcredentials` contains a username and a password.
+These credentials allow you to access any container that is available under the
+subscription of the respective host system. You can use these credentials to log
+in to SUSE Registry using the following commands
+(use the leading space before the echo command to avoid storing the credentials in the
+shell history):
+
+```ShellSession
+set +o history
+ echo PASSWORD | podman login -u USERNAME --password-stdin registry.suse.com
+set -o history
+```
+
+### Use a separate SUSE Customer Center registration code
+
+If the host system is not registered with SUSE Customer Center, you can use a valid
+SUSE Customer Center registration code to log in to the registry:
+
+```ShellSession
+set +o history
+ echo SCC_REGISTRATION_CODE | podman login -u "regcode" --password-stdin registry.suse.com
+set -o history
+```
+The user parameter in this case is the verbatim string `regcode`, and
+`SCC_REGISTRATION_CODE` is the actual registration code obtained from SUSE.
+
+### Use the organization mirroring credentials
+
+You can also use the organization mirroring credentials to log in to the
+SUSE Registry:
+
+```ShellSession
+set +o history
+ echo SCC_MIRRORING_PASSWORD | podman login -u "SCC_MIRRORING_USER" --password-stdin registry.suse.com
+set -o history
+```
+
+These credentials give you access to all subscriptions the organization owns,
+including those related to container images in the SUSE Registry.
+The credentials are highly privileged and should be preferably used for
+a private mirroring registry only.
+## Licensing
+`SPDX-License-Identifier: MIT`
+
+The build recipe and this documentation is licensed as MIT.
+The container itself contains various software components under various open source licenses listed in the associated
+Software Bill of Materials (SBOM).
 
-15 SP3 FIPS-140-2 container based on the SLE LTSS Base Container Image.
