diff options
author | Scott Hain <shain@chef.io> | 2017-10-10 11:35:04 -0700 |
---|---|---|
committer | Scott Hain <shain@chef.io> | 2017-10-10 11:35:04 -0700 |
commit | 78dc45983645a14d93593ca54bb63dc152900107 (patch) | |
tree | f998db2415a272561ca29bf24cbd354d27c349bf | |
parent | 5c5073241607cdd6df342677b543a47774867a79 (diff) | |
download | chef-78dc45983645a14d93593ca54bb63dc152900107.tar.gz |
Test using prebaked canister
Signed-off-by: Scott Hain <shain@chef.io>
-rw-r--r-- | omnibus/config/software/openssl-fips.rb | 80 | ||||
-rw-r--r-- | omnibus/omnibus.rb | 3 |
2 files changed, 82 insertions, 1 deletions
diff --git a/omnibus/config/software/openssl-fips.rb b/omnibus/config/software/openssl-fips.rb new file mode 100644 index 0000000000..a90711362a --- /dev/null +++ b/omnibus/config/software/openssl-fips.rb @@ -0,0 +1,80 @@ +# +# Copyright 2014 Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name "openssl-fips" +default_version "2.0.10" + +license "OpenSSL" +license_file "https://www.openssl.org/source/license.html" +skip_transitive_dependency_licensing true + +version("2.0.16") { source sha256: "a3cd13d0521d22dd939063d3b4a0d4ce24494374b91408a05bdaca8b681c63d4" } +version("2.0.14") { source sha256: "8ea069ec39f9c49d85b9831b16daa29936b4527446998336cf93e575f07626c0" } +version("2.0.11") { source sha256: "a6532875956d357a05838ca2c9865b8eecac211543e4246512684b17acbbdfac" } +version("2.0.10") { source sha256: "a42ccf5f08a8b510c0c78da1ba889532a0ce24e772b576604faf09b4d6a0f771" } +version("2.0.9") { source md5: "c8256051d7a76471c6ad4fb771404e60" } + +# HAHAHA According to the FIPS manual, you need to "securely" fetch the source +# such as asking some humans to mail you a CD-ROM or something. +# You are then supposed to manually verify the PGP signatures. +# When making an "official" build - make sure you go do that... +source url: "http://shain-bucket.s3.amazonaws.com/fipscanister.lib" + +relative_path "fipscanister.lib" + +build do + # # According to the FIPS manual, this is the only environment you are allowed + # # to build it in, to ensure security. + # env = {} + # env["FIPSDIR"] = "#{install_dir}/embedded" + + # if windows? + # default_env = with_standard_compiler_flags(with_embedded_path) + + # if windows_arch_i386? + # # Patch Makefile.org to update the compiler flags/options table for mingw. + # patch source: "openssl-fips-fix-compiler-flags-table-for-msys.patch", env: default_env + + # platform = "mingw" + # else + # platform = "mingw64" + # end + + # configure_command = ["perl.exe ./Configure #{platform}"] + # configure_command << "--prefix=#{install_dir}/embedded" + # elsif ppc64? && rhel? + # # you have to specify on el ppc64 (big-endian only) otherwise it has won't + # # compile + # configure_command = ["perl ./Configure linux-ppc64"] + # configure_command << "--prefix=#{install_dir}/embedded" + # elsif s390x? + # configure_command = ["perl ./Configure linux64-s390x"] + # configure_command << "--prefix=#{install_dir}/embedded" + # # Unfortunately openssl-fips is not supported on s390x, so we have to tell it to + # # compile solely in C + # configure_command << "no-asm" + # else + # configure_command = ["./config"] + # end + + copy "#{project_dir}/fipscanister.lib", "#{install_dir}/embedded/lib" + + # command configure_command.join(" "), env: env, in_msys_bash: true + + # # Cannot use -j with openssl :(. + # make env: env + # make "install", env: env +end
\ No newline at end of file diff --git a/omnibus/omnibus.rb b/omnibus/omnibus.rb index dfbd2bc338..77631b8cdd 100644 --- a/omnibus/omnibus.rb +++ b/omnibus/omnibus.rb @@ -52,4 +52,5 @@ fetcher_read_timeout 120 # local_software_dirs ['/path/to/local/software'] fatal_transitive_dependency_licensing_warnings true -fips_mode (ENV["OMNIBUS_FIPS_MODE"] || "").casecmp("true") >= 0 +#fips_mode (ENV["OMNIBUS_FIPS_MODE"] || "").casecmp("true") >= 0 +fips_mode true
\ No newline at end of file |