From 6d8e60887f29a2571ffd7c37c786b591f75c0b38 Mon Sep 17 00:00:00 2001
From: Thomas Fitzsimmons <fitzsim@redhat.com>
Date: Thu, 27 Nov 2025 11:53:55 -0500
Subject: [PATCH] Remove
 /usr/lib/jvm/java-25-openjdk/conf/security/redhat/fips.properties

Resolves: RHEL-131897
---
 create-redhat-properties-files.bash | 10 ----------
 java-25-openjdk.spec                |  7 +++++--
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/create-redhat-properties-files.bash b/create-redhat-properties-files.bash
index 60264f2..7b02edf 100644
--- a/create-redhat-properties-files.bash
+++ b/create-redhat-properties-files.bash
@@ -109,16 +109,6 @@ security.provider.8=
 keystore.type=pkcs12
 EOF
 
-# /usr/lib/jvm/java-25-openjdk/conf/security/redhat/fips.properties
-# For now, this prevents an include cycle on JDKs that do not support
-# ${__redhat_fips__}.  In the future the goal is for it be overwritten
-# (based on /proc/sys/crypto/fips_enabled) at FIPS configuration time
-# (by fips-mode-setup or by grubby), at RPM install time by a
-# post-install hook, and/or during boot by a systemd oneshot service.
-install --mode 644 /dev/stdin "${VENDOR}"/fips.properties <<'EOF'
-include false/fips.properties
-EOF
-
 cat >> "${SECURITY}"/java.security <<'EOF'
 
 #
diff --git a/java-25-openjdk.spec b/java-25-openjdk.spec
index 9355c17..5d57fe9 100644
--- a/java-25-openjdk.spec
+++ b/java-25-openjdk.spec
@@ -349,7 +349,7 @@
 %global top_level_dir_name   %{vcstag}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
 %global buildver        8
-%global rpmrelease      5
+%global rpmrelease      6
 # Settings used by the portable build
 %global portablerelease 2
 # Portable suffix differs between RHEL and CentOS
@@ -887,7 +887,6 @@ fi
 # are implementation details -- so leave them as not config-noreplace
 %config %{etcjavadir -- %{?1}}/conf/security/redhat/false/crypto-policies.properties
 %config %{etcjavadir -- %{?1}}/conf/security/redhat/true/crypto-policies.properties
-%config %{etcjavadir -- %{?1}}/conf/security/redhat/fips.properties
 %config %{etcjavadir -- %{?1}}/conf/security/redhat/false/fips.properties
 %config %{etcjavadir -- %{?1}}/conf/security/redhat/true/fips.properties
 %config(noreplace) %{etcjavadir -- %{?1}}/conf/management/jmxremote.access
@@ -2627,6 +2626,10 @@ exit 0
 %endif
 
 %changelog
+* Thu Dec 04 2025 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:25.0.1.0.8-6
+- Remove /usr/lib/jvm/java-25-openjdk/conf/security/redhat/fips.properties
+- Resolves: RHEL-131897
+
 * Thu Dec 04 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-5
 - Incorporate new FIPS patch for 25u
 - Drop static libjvm.a following adjusted build target for portable build