From da3012b75a47324a5468b788fc677ecb93ed980e Mon Sep 17 00:00:00 2001
From: Dorian <z00york@mac.com>
Date: Sun, 19 Apr 2026 10:00:25 -0400
Subject: [PATCH] Revert "fix(iso): enable upstream fips.service so fresh
 installs show "active""

This reverts commit 810c111ba790200b5ff9e30cff600cc86161d3f2.
---
 image-recipe/build-auto-installer-iso.sh | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/image-recipe/build-auto-installer-iso.sh b/image-recipe/build-auto-installer-iso.sh
index 54f931a9..f028bd50 100755
--- a/image-recipe/build-auto-installer-iso.sh
+++ b/image-recipe/build-auto-installer-iso.sh
@@ -368,15 +368,6 @@ COPY --from=fips-builder /tmp/fips.deb /tmp/fips.deb
 RUN apt-get update && apt-get install -y --no-install-recommends /tmp/fips.deb && \
     apt-get clean && rm -rf /var/lib/apt/lists/* && rm /tmp/fips.deb
 
-# Enable the upstream fips.service so FIPS status reads "active" on
-# first boot. Without this, fresh installs show "inactive" — the
-# npub is present (debian postinst wrote /etc/fips/fips.pub during
-# package install) but the daemon isn't running, so traffic can't
-# route over FIPS until the user hits Activate. Upstream unit is
-# fine to enable unconditionally: it uses ephemeral identity until
-# a persistent key is written, which is what fresh nodes want.
-RUN systemctl enable fips.service || true
-
 # Configure locale
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen