From 89dd8a0e155a2dd67d0734e7df5f5d8e973c37f2 Mon Sep 17 00:00:00 2001
From: Jonathan Maple <jmaple@ciq.com>
Date: Mon, 22 Dec 2025 13:53:17 -0500
Subject: [PATCH] [RR] Reenable forced FIPS checking.

A previous commit reverted the `if fips` check removal.  Reverting that
additionaly if, and leaving the rest alone.
---
 rolling-release-update.py | 31 +++++++++++++++----------------
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/rolling-release-update.py b/rolling-release-update.py
index e90cfaf..4492d80 100644
--- a/rolling-release-update.py
+++ b/rolling-release-update.py
@@ -249,22 +249,21 @@ def check_for_fips_protected_changes(repo, branch, common_tag):
     print("[rolling release update] Common tag sha: ", common_sha)
     print(repo.git.show('--pretty="%H %s"', "-s", common_sha.decode()))
 
-    if "fips" in rolling_product:
-        print("[rolling release update] Checking for FIPS protected changes between the common tag and HEAD")
-        shas_to_check = check_for_fips_protected_changes(repo, args.new_base_branch, common_sha)
-        if shas_to_check and args.fips_override is False:
-            for sha, dir in shas_to_check.items():
-                print(f"## Commit {sha.decode()}")
-                print("'''")
-                dir_list = []
-                for d in dir:
-                    dir_list.append(d.decode())
-                print(repo.git.show(sha.decode(), dir_list))
-                print("'''")
-            print("[rolling release update] FIPS protected changes found between the common tag and HEAD")
-            print("[rolling release update] Please Contact the CIQ FIPS / Security team for further instructions")
-            print("[rolling release update] Exiting")
-            exit(1)
+    print("[rolling release update] Checking for FIPS protected changes between the common tag and HEAD")
+    shas_to_check = check_for_fips_protected_changes(repo, args.new_base_branch, common_sha)
+    if shas_to_check and args.fips_override is False:
+        for sha, dir in shas_to_check.items():
+            print(f"## Commit {sha.decode()}")
+            print("'''")
+            dir_list = []
+            for d in dir:
+                dir_list.append(d.decode())
+            print(repo.git.show(sha.decode(), dir_list))
+            print("'''")
+        print("[rolling release update] FIPS protected changes found between the common tag and HEAD")
+        print("[rolling release update] Please Contact the CIQ FIPS / Security team for further instructions")
+        print("[rolling release update] Exiting")
+        exit(1)
 
     print("[rolling release update] Checking out old rolling branch: ", args.old_rolling_branch)
     repo.git.checkout(args.old_rolling_branch)