From 927311e231bdc4b3de88dbc3b80da4bad83f1cc5 Mon Sep 17 00:00:00 2001 From: chrislu Date: Mon, 1 Dec 2025 11:49:24 -0800 Subject: [PATCH] Add FIPS 140-3 support enabled by default Addresses #6889 - FIPS 140-3 mode is ON by default in Docker containers - Sets GODEBUG=fips140=on via entrypoint.sh - To disable: docker run -e GODEBUG=fips140=off ... --- docker/Dockerfile.go_build | 3 +++ docker/entrypoint.sh | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/docker/Dockerfile.go_build b/docker/Dockerfile.go_build index 2d9fe99ce..e1b3e1d7c 100644 --- a/docker/Dockerfile.go_build +++ b/docker/Dockerfile.go_build @@ -23,6 +23,9 @@ RUN mkdir -p /etc/seaweedfs COPY --from=builder /go/src/github.com/seaweedfs/seaweedfs/docker/filer.toml /etc/seaweedfs/filer.toml COPY --from=builder /go/src/github.com/seaweedfs/seaweedfs/docker/entrypoint.sh /entrypoint.sh +# FIPS 140-3 mode is ON by default (Go 1.24+) +# To disable: docker run -e GODEBUG=fips140=off ... + # Install dependencies and create non-root user RUN apk add --no-cache fuse su-exec && \ addgroup -g 1000 seaweed && \ diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index afbc5ef6e..822f2fa6e 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,5 +1,9 @@ #!/bin/sh +# Enable FIPS 140-3 mode by default (Go 1.24+) +# To disable: docker run -e GODEBUG=fips140=off ... +export GODEBUG="${GODEBUG:+$GODEBUG,}fips140=on" + # Fix permissions for mounted volumes # If /data is mounted from host, it might have different ownership # Fix this by ensuring seaweed user owns the directory