From 4d23e8d45ac476e3754ce6d66c10330d13b3ee12 Mon Sep 17 00:00:00 2001
From: Ryan Richard <richardry@vmware.com>
Date: Mon, 18 Aug 2025 12:36:59 -0700
Subject: [PATCH] enhance confirm-built-with-fips for kube-vert-agent for Go
 1.25

---
 pipelines/shared-tasks/confirm-built-with-fips/task.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pipelines/shared-tasks/confirm-built-with-fips/task.sh b/pipelines/shared-tasks/confirm-built-with-fips/task.sh
index 50d3bdcc9..80d146ff0 100755
--- a/pipelines/shared-tasks/confirm-built-with-fips/task.sh
+++ b/pipelines/shared-tasks/confirm-built-with-fips/task.sh
@@ -28,7 +28,7 @@ then
   exit 1
 fi
 # check whether the kube-cert-agent binary has particular symbols that only exist when it's compiled with non-boring crypto
-kube_cert_agent_has_regular_crypto="$(go tool nm './image/rootfs/usr/local/bin/pinniped-concierge-kube-cert-agent' | grep sha256 | grep di)"
+kube_cert_agent_has_regular_crypto="$(go tool nm './image/rootfs/usr/local/bin/pinniped-concierge-kube-cert-agent' | grep sha256 | grep di | grep -v fips)"
 # if any of these symbols exist, that means it was compiled wrong and it should fail.
 if [ -n "$kube_cert_agent_has_regular_crypto" ]
 then