This issue arises because the container is running on top of a FIPS- enabled kernel which provides the /proc/sys/crypto/fips_enabled = 1 flag.
On Noble, openssl sees this flag and expects therefore to be operating in FIPS mode, but at this point the Noble container is not in FIPS mode - we haven't finished developing the FIPS components and haven't released them - and the result is that it throws some errors. The workaround is to either not run the container on a FIPS-enabled kernel; or to set the environment variable in the Noble container to disable FIPS mode: ENV OPENSSL_FORCE_FIPS_MODE=0 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/2066990 Title: high memory consumption in Ubuntu Noble Status in ca-certificates package in Ubuntu: Confirmed Bug description: I wanted to try the new Ubuntu 24.04 Noble Numbat based .NET docker image and updated the base docker image in our CI pipeline to mcr.microsoft.com/dotnet/sdk:8.0-noble. However, it results in an out- of-memory exception. Based on my investigation, the exception occurs specifically when the update-ca-certificates command is executed. I can also repro the issue with ubuntu:noble image which means it's not specific to .NET docker images. It works fine with Jammy, by the way. The problem likely lies with the Noble base image rather than the .NET image. I'm not sure what changes were made between Jammy and Noble, but it appears that updating certificates consumes a lot of memory in Noble. I adjusted some memory settings in our GitLab runner, but it didn't resolve the issue. I attached all Gitlab Runner shell logs for .NET 8 Jammy, .NET 8 Noble and Ubuntu Noble images. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/2066990/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
