diff options
author | The Bundler Bot <bot@bundler.io> | 2017-02-18 11:07:33 +0000 |
---|---|---|
committer | Samuel Giddins <segiddins@segiddins.me> | 2017-02-22 11:54:12 +1100 |
commit | e09565b3c8efeebbb9ede8d38e3ddd8550199525 (patch) | |
tree | 5b533d7a3634550d8428e6a6d1bb84786fc3b2e9 /lib | |
parent | 090ec806231f86c26bd8e975c4b44571d2baa69b (diff) | |
download | bundler-e09565b3c8efeebbb9ede8d38e3ddd8550199525.tar.gz |
Auto merge of #5440 - wjordan:fips_enabled_compact_index, r=indirect
Enable compact index when OpenSSL FIPS mode is enabled but not active
Fixes #5433. Since there is no easy accessor in Ruby to detect whether or not FIPS mode is currently active, the best approach I could come up with is to `fork` a separate process and attempt to generate a build MD5 object as a test of whether MD5 module is currently available.
Because `fork` approach won't work on some platforms (JRuby, Windows etc), `md5_supported?` returns `false` on any platforms where FIPS mode is enabled and `Process.respond_to?(:fork)` is `false`.
I've added a spec that simulates behavior when OpenSSL FIPS mode is active - an error message is output to STDERR and the process is killed with the `ABRT` signal.
(cherry picked from commit 13f4cc1a8d8aea5c97f9197f8aa192d68a1f03fa)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/bundler/fetcher/compact_index.rb | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/lib/bundler/fetcher/compact_index.rb b/lib/bundler/fetcher/compact_index.rb index dcc9d57c13..97de88101b 100644 --- a/lib/bundler/fetcher/compact_index.rb +++ b/lib/bundler/fetcher/compact_index.rb @@ -122,14 +122,13 @@ module Bundler end def md5_available? - begin - require "openssl" - return false if defined?(OpenSSL::OPENSSL_FIPS) && OpenSSL::OPENSSL_FIPS - rescue LoadError - nil - end - + require "openssl" + OpenSSL::Digest::MD5.digest("") + true + rescue LoadError true + rescue OpenSSL::Digest::DigestError + false end end end |