apt-get update fails in latest python:${VERSION} images on host with FIPS mode is enabled #855
Description
Seems caused by an upstream bug in debian: Bug#1014517: apt - Fails in FIPS mode in libgcrypt
This is blocking me from safely using the Python base images right now!
This just started happening four days ago on 2023-07-22.
Any ideas or pointers to how I might go about resolving this?
Verification:
$ sysctl crypto.fips_enabled
crypto.fips_enabled = 1
$ parallel --tag -k docker pull {} '&&' docker run {} apt-get update ::: python:3.{8,9,10,11}
python:3.8 3.8: Pulling from library/python
python:3.8 Digest: sha256:2ee706fa11ec6907a27f1c5116e9749ad1267336b3b0d53fc35cfba936fae32e
python:3.8 Status: Image is up to date for python:3.8
python:3.8 docker.io/library/python:3.8
python:3.8 Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
python:3.8 Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
python:3.8 Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
python:3.8 Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8906 kB]
python:3.8 Get:5 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [4732 B]
python:3.8 Get:6 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [48.0 kB]
python:3.8 Fetched 9210 kB in 2s (4207 kB/s)
python:3.8 Reading package lists...python:3.8 fatal error in libgcrypt, file ../../src/misc.c, line 92, function _gcry_fatal_error: requested algo not in md context
python:3.8
python:3.8 Fatal error: requested algo not in md context
python:3.9 3.9: Pulling from library/python
python:3.9 Digest: sha256:ba10a2af9d6c3bd0d20c46ecbf866dabcbad4e6a3dd7b82e2dfb1a9b6d479d87
python:3.9 Status: Image is up to date for python:3.9
python:3.9 docker.io/library/python:3.9
python:3.9 Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
python:3.9 Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
python:3.9 Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
python:3.9 Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8906 kB]
python:3.9 Get:5 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [4732 B]
python:3.9 Get:6 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [48.0 kB]
python:3.9 Fetched 9210 kB in 2s (5657 kB/s)
python:3.9 Reading package lists...python:3.9 fatal error in libgcrypt, file ../../src/misc.c, line 92, function _gcry_fatal_error: requested algo not in md context
python:3.9
python:3.9 Fatal error: requested algo not in md context
python:3.10 3.10: Pulling from library/python
python:3.10 Digest: sha256:1b2e0805e24189fbba4e55b9bee89e3c25533cbe4fb71ae151f3e7ae0c9b86c5
python:3.10 Status: Image is up to date for python:3.10
python:3.10 docker.io/library/python:3.10
python:3.10 Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
python:3.10 Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
python:3.10 Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
python:3.10 Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8906 kB]
python:3.10 Get:5 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [4732 B]
python:3.10 Get:6 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [48.0 kB]
python:3.10 Fetched 9210 kB in 2s (4578 kB/s)
python:3.10 Reading package lists...python:3.10 fatal error in libgcrypt, file ../../src/misc.c, line 92, function _gcry_fatal_error: requested algo not in md context
python:3.10
python:3.10 Fatal error: requested algo not in md context
python:3.11 3.11: Pulling from library/python
python:3.11 Digest: sha256:d73088ce13d5a1eec1dd05b47736041ae6921d08d2f240035d99642db98bc8d4
python:3.11 Status: Image is up to date for python:3.11
python:3.11 docker.io/library/python:3.11
python:3.11 Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
python:3.11 Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
python:3.11 Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
python:3.11 Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8906 kB]
python:3.11 Get:5 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [4732 B]
python:3.11 Get:6 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [48.0 kB]
python:3.11 Fetched 9210 kB in 2s (4792 kB/s)
python:3.11 Reading package lists...python:3.11 fatal error in libgcrypt, file ../../src/misc.c, line 92, function _gcry_fatal_error: requested algo not in md context
python:3.11
python:3.11 Fatal error: requested algo not in md context