From 120656915e0c9ab6e8e8f97015e09f5e54ec3047 Mon Sep 17 00:00:00 2001
From: Evgeni Golov <evgeni@golov.de>
Date: Mon, 1 Dec 2025 11:08:19 +0100
Subject: [PATCH 1/2] Patch Vagrant not to use ed25519 keys

---
 .github/workflows/test.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f5c47260..aedfb5ad 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -56,6 +56,12 @@ jobs:
           python-version: '3.12'
       - name: Setup libvirt for Vagrant
         uses: voxpupuli/setup-vagrant@v0
+      - name: Patch Vagrant not to use ed25519 keys
+        # Vagrant tries to use ed25519 over rsa, but ed25519 is not allowed when we run in FIPS mode
+        # As we enable FIPS *after* the initial VM start, Vagrant has already decided to use ed25519
+        if: matrix.security == 'fips'
+        run:
+          sudo sed -i '/PREFER_KEY_TYPES/ s/"ssh-ed25519".freeze => :ed25519, //' /usr/lib/x86_64-linux-gnu/rubygems-integration/*/gems/vagrant-*/lib/vagrant/util/keypair.rb
       - name: Install Ansible
         run: pip install --upgrade ansible-core
       - name: Setup environment

From ad8abb46632706bbba8028da371241ff201fecc5 Mon Sep 17 00:00:00 2001
From: Evgeni Golov <evgeni@golov.de>
Date: Mon, 1 Dec 2025 14:32:28 +0100
Subject: [PATCH 2/2] enable FIPS tests

---
 .github/workflows/test.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index aedfb5ad..75883545 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -47,6 +47,8 @@ jobs:
         include:
           - certificate_source: default
             security: fapolicyd
+          - certificate_source: default
+            security: fips
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v6