Revert "Remove unnecessary Ruby 2.4 FIPS detection"

This reverts commit 6f02a8bd1bf955019a399797e5f016bcb390c116.
author: Tim Smith <tsmith@chef.io> 2018-11-24 18:38:08 -0800
committer: Tim Smith <tsmith@chef.io> 2018-11-24 18:38:08 -0800
commit: dd70db6ab6b359610de06f400b671a25892cdd73 (patch)
tree: 6045942946aab42bb81dfe3ce019240a40cf9a5a
parent: 726899b3d95755de4ab557c79e1347b4ee22d8d7 (diff)
download: ohai-dd70db6ab6b359610de06f400b671a25892cdd73.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/ohai/plugins/linux/fips.rb b/lib/ohai/plugins/linux/fips.rb
index 70d5e142..17c183e2 100644
--- a/lib/ohai/plugins/linux/fips.rb
+++ b/lib/ohai/plugins/linux/fips.rb
@@ -1,6 +1,6 @@
 #
 # Author:: Matt Wrock (<matt@mattwrock.com>)
-# Copyright:: Copyright (c) 2016-2018 Chef Software, Inc.
+# Copyright:: Copyright (c) 2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -28,11 +28,18 @@ Ohai.plugin(:Fips) do
   collect_data(:linux) do
     fips Mash.new
 
+    # Check for new fips_mode method added in Ruby 2.5. After we drop support
+    # for Ruby 2.4, clean up everything after this and collapse the FIPS plugins.
     require "openssl"
     if defined?(OpenSSL.fips_mode) && OpenSSL.fips_mode && !$FIPS_TEST_MODE
       fips["kernel"] = { "enabled" => true }
     else
-      fips["kernel"] = { "enabled" => false }
+      begin
+        enabled = File.read("/proc/sys/crypto/fips_enabled").chomp
+        fips["kernel"] = { "enabled" => enabled == "0" ? false : true }
+      rescue Errno::ENOENT
+        fips["kernel"] = { "enabled" => false }
+      end
     end
   end
 end
author	Tim Smith <tsmith@chef.io>	2018-11-24 18:38:08 -0800
committer	Tim Smith <tsmith@chef.io>	2018-11-24 18:38:08 -0800
commit	dd70db6ab6b359610de06f400b671a25892cdd73 (patch)
tree	6045942946aab42bb81dfe3ce019240a40cf9a5a
parent	726899b3d95755de4ab557c79e1347b4ee22d8d7 (diff)
download	ohai-dd70db6ab6b359610de06f400b671a25892cdd73.tar.gz