gitlab-ci: Improve setting Fedora to FIPS mode

Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2026-02-04 12:20:42 +09:00 · 2020-01-24 09:25:05 +01:00
parent 022409e99c
commit 30d03498b4
1 changed files with 7 additions and 1 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -70,8 +70,14 @@ fedora/openssl_1.1.x/x86_64:
 fedora/openssl_1.1.x/x86_64/fips:
  extends: .fedora
  before_script:
-  - echo 1 > /etc/system-fips
+  - echo "# userspace fips" > /etc/system-fips
+    # We do not need the kernel part, but in case we ever do:
+    # mkdir -p /var/tmp/userspace-fips
+    # echo 1 > /var/tmp/userspace-fips/fips_enabled
+    # mount --bind /var/tmp/userspace-fips/fips_enabled /proc/sys/crypto/fips_enabled
+  - update-crypto-policies --show
  - update-crypto-policies --set FIPS
+  - update-crypto-policies --show
  - mkdir -p obj && cd obj && cmake
    -DCMAKE_BUILD_TYPE=RelWithDebInfo
    -DPICKY_DEVELOPER=ON