Got it! have to adjust FIPS now, adding new compilation flags

Signed-off-by: John McCrae <[email protected]>
chef · Apr 19, 2024 · 1002b2d · 1002b2d
1 parent 3c4fc96
commit 1002b2d
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 16 deletions.
diff --git a/config/software/openssl-customization.rb b/config/software/openssl-customization.rb
@@ -48,9 +48,6 @@ def get_sanitized_rbconfig(config)
     end
 
     embedded_ruby_lib_dir = get_sanitized_rbconfig("rubylibdir")
-    puts "***********************************"
-    puts "The embedded ruby lib directory is : #{embedded_ruby_lib_dir}"
-    puts "***********************************"
 
     # use the value from the else clause here and remove the if/else once Ruby < 3.1
     # is not supported in combination with OpenSSL >= 3.0
@@ -64,18 +61,11 @@ def get_sanitized_rbconfig(config)
                           File.join(embedded_ruby_lib_dir, "openssl.rb")
                         end
 
-    puts "***********************************"
-    puts "The Source Openssl RB is : #{source_openssl_rb}"
-    puts "***********************************"
     if windows?
       embedded_ruby_site_dir = get_sanitized_rbconfig("sitelibdir")
       source_ssl_env_hack      = File.join(project_dir, "windows", "ssl_env_hack.rb")
       destination_ssl_env_hack = File.join(embedded_ruby_site_dir, "ssl_env_hack.rb")
 
-    puts "***********************************"
-    puts "The Embedded Ruby Site Dir : #{embedded_ruby_site_dir}"
-    puts "***********************************"
-
       create_directory(embedded_ruby_site_dir)
 
       copy(source_ssl_env_hack, destination_ssl_env_hack)

diff --git a/config/software/openssl-fips.rb b/config/software/openssl-fips.rb
@@ -79,7 +79,17 @@
 
   command configure_command.join(" "), env: env, in_msys_bash: true
 
+  # FIPS support is now built into v3 and later of openssl so it must be explicitly configured
+  if version.satisfies?(">= 3") 
+    command "perl.exe ./Configure fips enable-fips", env: env, in_msys_bash: true
+  end
+
   # Cannot use -j with openssl :(.
   make env: env
-  make "install", env: env
+
+  if version.satisfies?(">= 3") 
+    make "install openssl fipsinstal", env: env
+  else
+    make "install", env: env
+  end
 end
diff --git a/config/software/openssl.rb b/config/software/openssl.rb
@@ -21,7 +21,7 @@
 skip_transitive_dependency_licensing true
 
 dependency "cacerts"
-dependency "openssl-fips" if (fips_mode? && version.satisfies?("< 3"))
+dependency "openssl-fips" if fips_mode?
 
 default_version "1.0.2zg" # do_not_auto_update
 
@@ -132,10 +132,6 @@
     elsif windows?
       platform = windows_arch_i386? ? "mingw" : "mingw64"
       "perl.exe ./Configure #{platform}"
-      # FIPS support is now built into v3 and later of openssl so we don't need the whole openssl-fips.rb file, we just need to enable it in the build
-      if (version.satisfies?(">= 3") && fips_mode?)
-        "perl.exe ./Configure fips enable-fips"
-      end
     else
       prefix =
         if linux? && ppc64?