Description of problem: In RHEL 8/ RHEL 9 when you have FIPS enabled and attempt to run any gpg commands, you see a message - RHEL 8 ~~~ [root@rhel8 ~]# gpg --help gpg: out of core handler ignored in FIPS mode gpg (GnuPG) 2.2.20 libgcrypt 1.8.5 <snip> [root@rhel8 ~]# echo $? 0 ~~~ RHEL 9 ~~~ $ gpg --help | head gpg: out of core handler ignored in FIPS mode gpg (GnuPG) 2.3.3 libgcrypt 1.10.0-unknown $ echo $? 0 ~~~ Based on BZ 2094013 https://bugzilla.redhat.com/show_bug.cgi?id=2094013 I think this is just an informational message, but would like some clarity if this message is needed or if it's not useful - can it be hidden? Version-Release number of selected component (if applicable): gnupg2-2.2.20-3.el8_6.x86_64 libgcrypt-1.8.5-7.el8_6.x86_64 gnupg2-2.3.3-2.el9_0.x86_64 libgcrypt-1.10.0-10.el9_2.x86_64 How reproducible: Steps to Reproduce: 1. Enable FIPS mode (preferably install system and press `tab` to add the kernel command option fips=1 alternatively can use `fips-mode-setup --enable` and then reboot). 2. Run any gpg command including `gpg --help` Actual results: The first line after running a gpg command shows `gpg: out of core handler ignored in FIPS mode` Expected results: gpg command runs without this message
This was discussed in the upstream couple of weeks back and solution was to remove the message: https://dev.gnupg.org/T6515 https://dev.gnupg.org/rC6c79dcddd151b6b01a760f7aab54e6882ea5a475 So if we will be updating RHEL, we can backport this change.