diff --git a/README.md b/README.md index 5259d1523..b1e8c84bc 100644 --- a/README.md +++ b/README.md @@ -225,9 +225,6 @@ The following environment variables can be used to configure Livebook on boot: "standalone" (Standalone), "attached:NODE:COOKIE" (Attached node) or "embedded" (Embedded). Defaults to "standalone". - * `LIVEBOOK_FIPS` - if set to "true", it enables the FIPS mode on startup. - See more details in [the documentation](https://hexdocs.pm/livebook/fips.html). - * `LIVEBOOK_FORCE_SSL_HOST` - sets a host to redirect to if the request is not over HTTPS. Note it does not apply when accessing Livebook via localhost. Defaults to nil. diff --git a/docs/deployment/fips.md b/docs/deployment/fips.md index 5f2180ba2..3094426b9 100644 --- a/docs/deployment/fips.md +++ b/docs/deployment/fips.md @@ -37,3 +37,7 @@ RUN git clone https://github.com/elixir-lang/elixir.git && \ make compile && \ make install ``` + +## Configuration + +To enable FIPS in Livebook, you must run it with `ERL_AFLAGS="-crypto fips_mode true"` environment variable set. diff --git a/lib/livebook.ex b/lib/livebook.ex index bcf9a6b08..892176028 100644 --- a/lib/livebook.ex +++ b/lib/livebook.ex @@ -270,14 +270,12 @@ defmodule Livebook do config :livebook, :image_registry_url, image_registry_url end + # TODO: remove in v1.0 if Livebook.Config.boolean!("LIVEBOOK_FIPS", false) do - if :crypto.enable_fips_mode(true) do - IO.puts("[Livebook] FIPS mode enabled") - else - Livebook.Config.abort!( - "Requested FIPS mode via LIVEBOOK_FIPS, but this Erlang installation was compiled without FIPS support" - ) - end + IO.warn( + ~s/Ignoring LIVEBOOK_FIPS=true, because it is no longer supported. Set ERL_AFLAGS="-crypto fips_mode true" instead./, + [] + ) end end diff --git a/versions b/versions index 8de8972ab..c773adca1 100644 --- a/versions +++ b/versions @@ -2,4 +2,4 @@ elixir="1.19.3" otp="28.1.1" openssl="1.1.1s" rebar3="3.22.0" -ubuntu="noble-20250404" +ubuntu="noble-20251013"