Skip to content

[WIP]: Ubuntu linux headers fo 20.04 #416

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
shubhamrajvanshi wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[WIP]: Ubuntu linux headers fo 20.04 #416

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6695c0c
OPS-6614: Enabled linux headers for kubeadm-fips
shubhamrajvanshi Jun 10, 2025
4a8e86f
OPS-6614: pushing local changes for linux headers for ubuntu20
shubhamrajvanshi Jul 18, 2025
9f81fe0
OPS-6614: Refine linux headers installation for kubeadm on Ubuntu
shubhamrajvanshi Jul 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 23 additions & 3 deletions ubuntu-fips/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@

# Kairos framework packages for ubuntu fips
# FROM gcr.io/spectro-images-public/kairos/framework:v2.11.7-fips as kairos-fips
FROM quay.io/kairos/framework:v2.11.7-fips as kairos-fips
FROM quay.io/kairos/framework:v2.11.7-fips AS kairos-fips

# Base ubuntu image (focal)
FROM ubuntu:focal as base
FROM ubuntu:focal AS base

# Generate os-release file
FROM quay.io/kairos/osbuilder-tools:v0.200.11 as osbuilder
FROM quay.io/kairos/osbuilder-tools:v0.200.11 AS osbuilder
RUN zypper install -y gettext && zypper clean
RUN mkdir /workspace
COPY --from=base /etc/os-release /workspace/os-release
Expand Down Expand Up @@ -38,6 +38,19 @@ RUN --mount=type=secret,id=pro-attach-config \
&& pro attach --attach-config /run/secrets/pro-attach-config \
&& apt-get upgrade -y \
&& apt-get install -y openssl libssl1.1 libssl1.1-hmac libgcrypt20 libgcrypt20-hmac strongswan strongswan-hmac openssh-client openssh-server linux-image-fips \
&& LATEST_VERSION=$(apt-cache search --names-only '^linux-image-[0-9].*-fips$' \
| awk '{print $1}' \
| grep -vE '(azure|aws|gcp)' \
| sort -V \
| tail -n1 \
| sed -E 's/^linux-image-([0-9][^ ]*)-fips$/\1/') && \
apt install -y --no-install-recommends \
"linux-image-${LATEST_VERSION}-fips" \
"linux-modules-${LATEST_VERSION}-fips" \
"linux-headers-${LATEST_VERSION}-fips" && \
apt-mark hold "linux-image-${LATEST_VERSION}-fips" "linux-modules-${LATEST_VERSION}-fips" && \
apt update && apt upgrade -y && \
apt install -y --no-install-recommends linux-headers-virtual \
&& pro detach --assume-yes


Expand Down Expand Up @@ -115,6 +128,13 @@ RUN apt-get install -y --no-install-recommends \
&& apt-get remove -y unattended-upgrades && apt-get clean \
&& rm -rf /var/lib/apt/lists/*

RUN fips_kernel=$(basename $(ls /lib/modules | grep -- '-fips$' | sort -V | tail -n1)) && \
echo "Detected FIPS kernel: $fips_kernel" && \
# Remove all other kernel module trees (e.g., -generic)
find /lib/modules -mindepth 1 -maxdepth 1 -type d ! -name "$fips_kernel" -exec rm -rf {} + && \
find /usr/lib/modules -mindepth 1 -maxdepth 1 -type d ! -name "$fips_kernel" -exec rm -rf {} +


# Copy the Kairos framework files. We use master builds here for fedora. See https://quay.io/repository/kairos/framework?tab=tags for a list
COPY --from=kairos-fips / /

Expand Down
Empty file modified ubuntu-fips/build.sh
100644 → 100755
View file
Open in desktop
Empty file.