diff options
author | Tim Smith <tsmith@chef.io> | 2018-11-24 18:38:08 -0800 |
---|---|---|
committer | Tim Smith <tsmith@chef.io> | 2018-11-24 18:38:08 -0800 |
commit | dd70db6ab6b359610de06f400b671a25892cdd73 (patch) | |
tree | 6045942946aab42bb81dfe3ce019240a40cf9a5a | |
parent | 726899b3d95755de4ab557c79e1347b4ee22d8d7 (diff) | |
download | ohai-dd70db6ab6b359610de06f400b671a25892cdd73.tar.gz |
Revert "Remove unnecessary Ruby 2.4 FIPS detection"
This reverts commit 6f02a8bd1bf955019a399797e5f016bcb390c116.
-rw-r--r-- | lib/ohai/plugins/linux/fips.rb | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/ohai/plugins/linux/fips.rb b/lib/ohai/plugins/linux/fips.rb index 70d5e142..17c183e2 100644 --- a/lib/ohai/plugins/linux/fips.rb +++ b/lib/ohai/plugins/linux/fips.rb @@ -1,6 +1,6 @@ # # Author:: Matt Wrock (<matt@mattwrock.com>) -# Copyright:: Copyright (c) 2016-2018 Chef Software, Inc. +# Copyright:: Copyright (c) 2016 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -28,11 +28,18 @@ Ohai.plugin(:Fips) do collect_data(:linux) do fips Mash.new + # Check for new fips_mode method added in Ruby 2.5. After we drop support + # for Ruby 2.4, clean up everything after this and collapse the FIPS plugins. require "openssl" if defined?(OpenSSL.fips_mode) && OpenSSL.fips_mode && !$FIPS_TEST_MODE fips["kernel"] = { "enabled" => true } else - fips["kernel"] = { "enabled" => false } + begin + enabled = File.read("/proc/sys/crypto/fips_enabled").chomp + fips["kernel"] = { "enabled" => enabled == "0" ? false : true } + rescue Errno::ENOENT + fips["kernel"] = { "enabled" => false } + end end end end |