Auto merge of #5440 - wjordan:fips_enabled_compact_index, r=indirect

Enable compact index when OpenSSL FIPS mode is enabled but not active

Fixes #5433. Since there is no easy accessor in Ruby to detect whether or not FIPS mode is currently active, the best approach I could come up with is to `fork` a separate process and attempt to generate a build MD5 object as a test of whether MD5 module is currently available.

Because `fork` approach won't work on some platforms (JRuby, Windows etc), `md5_supported?` returns `false` on any platforms where FIPS mode is enabled and `Process.respond_to?(:fork)` is `false`.

I've added a spec that simulates behavior when OpenSSL FIPS mode is active - an error message is output to STDERR and the process is killed with the `ABRT` signal.

(cherry picked from commit 13f4cc1a8d8aea5c97f9197f8aa192d68a1f03fa)

1 files changed, 6 insertions, 7 deletions

diff --git a/lib/bundler/fetcher/compact_index.rb b/lib/bundler/fetcher/compact_index.rb
index dcc9d57c13..97de88101b 100644
--- a/lib/bundler/fetcher/compact_index.rb
+++ b/lib/bundler/fetcher/compact_index.rb
@@ -122,14 +122,13 @@ module Bundler
       end
 
       def md5_available?
-        begin
-          require "openssl"
-          return false if defined?(OpenSSL::OPENSSL_FIPS) && OpenSSL::OPENSSL_FIPS
-        rescue LoadError
-          nil
-        end
-
+        require "openssl"
+        OpenSSL::Digest::MD5.digest("")
+        true
+      rescue LoadError
         true
+      rescue OpenSSL::Digest::DigestError
+        false
       end
     end
   end