-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
82 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,83 @@ | ||
| # The SLE LTSS BCI 15 SP3 FIPS-140-2 Container image | ||
| # The SUSE Linux Enterprise 15 SP3 FIPS-140-2 Container image | ||
|
|
||
|
|
||
|
|
||
| This container image is a SUSE Linux Enterprise 15 SP3 base container image | ||
| that includes the SLES 15 FIPS-140-2 certified OpenSSL module. | ||
|
|
||
| The FIPS-140-2 certified OpenSSL module is a cryptographic module that provides | ||
| a FIPS-140-2 compliant cryptographic library. The module is certified by the | ||
| National Institute of Standards and Technology (NIST). | ||
|
|
||
| The FIPS-140-2 certified OpenSSL module is a drop-in replacement for the | ||
| standard OpenSSL library. It provides the same functionality as the standard | ||
| OpenSSL library, with additional security features to meet the FIPS-140-2 | ||
| requirements. | ||
|
|
||
| The image is configured to enforce the use of FIPS-140 mode by default via the | ||
| environment variable `OPENSSL_FORCE_FIPS_MODE`. This variable is set to `1` in | ||
| the image. This means that all cryptographic operations performed by the | ||
| OpenSSL library are done in FIPS-140-2 mode. | ||
|
|
||
| ## Accessing the Container Image | ||
|
|
||
| Accessing this container image requires a valid SUSE subscription. In order | ||
| to access the container image, you must login to the SUSE Registry with your credentials. | ||
| There are three ways to do that which are described below. The first two methods | ||
| leverage the system registration of your host system, while the third method | ||
| requires you to obtain the organisation SCC mirroring credentials. | ||
|
|
||
| ### Use the system registration of your host system | ||
|
|
||
| If the host system you are using to build or run a container is already registered with | ||
| the correct subscription required for accessing the LTSS container images, you can use | ||
| the registration information from the host to log in to the registry. | ||
|
|
||
| The file `/etc/zypp/credentials.d/SCCcredentials` contains a username and a password. | ||
| These credentials allow you to access any container that is available under the | ||
| subscription of the respective host system. You can use these credentials to log | ||
| in to SUSE Registry using the following commands | ||
| (use the leading space before the echo command to avoid storing the credentials in the | ||
| shell history): | ||
|
|
||
| ```ShellSession | ||
| set +o history | ||
| echo PASSWORD | podman login -u USERNAME --password-stdin registry.suse.com | ||
| set -o history | ||
| ``` | ||
|
|
||
| ### Use a separate SUSE Customer Center registration code | ||
|
|
||
| If the host system is not registered with SUSE Customer Center, you can use a valid | ||
| SUSE Customer Center registration code to log in to the registry: | ||
|
|
||
| ```ShellSession | ||
| set +o history | ||
| echo SCC_REGISTRATION_CODE | podman login -u "regcode" --password-stdin registry.suse.com | ||
| set -o history | ||
| ``` | ||
| The user parameter in this case is the verbatim string `regcode`, and | ||
| `SCC_REGISTRATION_CODE` is the actual registration code obtained from SUSE. | ||
|
|
||
| ### Use the organization mirroring credentials | ||
|
|
||
| You can also use the organization mirroring credentials to log in to the | ||
| SUSE Registry: | ||
|
|
||
| ```ShellSession | ||
| set +o history | ||
| echo SCC_MIRRORING_PASSWORD | podman login -u "SCC_MIRRORING_USER" --password-stdin registry.suse.com | ||
| set -o history | ||
| ``` | ||
|
|
||
| These credentials give you access to all subscriptions the organization owns, | ||
| including those related to container images in the SUSE Registry. | ||
| The credentials are highly privileged and should be preferably used for | ||
| a private mirroring registry only. | ||
| ## Licensing | ||
| `SPDX-License-Identifier: MIT` | ||
|
|
||
| The build recipe and this documentation is licensed as MIT. | ||
| The container itself contains various software components under various open source licenses listed in the associated | ||
| Software Bill of Materials (SBOM). | ||
|
|
||
| 15 SP3 FIPS-140-2 container based on the SLE LTSS Base Container Image. |