hooks: always write the FIPS preference for FIPS builds

canonical · Nov 20, 2024 · 19e83e8 · 19e83e8
1 parent a47db13
commit 19e83e8
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/hooks/001-extra-packages.chroot b/hooks/001-extra-packages.chroot
@@ -118,7 +118,7 @@ FSbrQ9ACQFlqN49Ogbl47J6TZ7BrjDpROote55ixmrU=
 EOF
 
 # write FIPS PPA files if the current build is a local FIPS build
-# for private builds a conf file is neccessary, setup for PPA access if provided
+# for private builds a conf file is necessary, setup for PPA access if provided
 if [ -e etc/apt/auth.conf.d/01-fips.conf ]; then
     echo "deb https://private-ppa.launchpadcontent.net/fips-cc-stig/fips-under-certification/ubuntu $CODENAME main" > /etc/apt/sources.list.d/fips.list
     cat >etc/apt/trusted.gpg.d/fips-cc-stig.asc <<'EOF'
@@ -153,7 +153,11 @@ UNuHk+m6RrdnU0GhZFiccabKzM11OElMcupvOQeIRA==
 =MKdQ
 -----END PGP PUBLIC KEY BLOCK-----
 EOF
-
+fi
+
+# always install the preference though, both for LP and
+# local
+if [[ ${SNAP_FIPS_BUILD+x} ]]; then
     mkdir -p etc/apt/preferences.d/
     cat >etc/apt/preferences.d/fips.pref <<'EOF'
 Package: *