From 30d03498b46c65c3faf134f3c4c959e6fcfbf537 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 24 Jan 2020 09:25:05 +0100
Subject: [PATCH] gitlab-ci: Improve setting Fedora to FIPS mode

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
 .gitlab-ci.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3a5416e1..924e2711 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -70,8 +70,14 @@ fedora/openssl_1.1.x/x86_64:
 fedora/openssl_1.1.x/x86_64/fips:
   extends: .fedora
   before_script:
-  - echo 1 > /etc/system-fips
+  - echo "# userspace fips" > /etc/system-fips
+    # We do not need the kernel part, but in case we ever do:
+    # mkdir -p /var/tmp/userspace-fips
+    # echo 1 > /var/tmp/userspace-fips/fips_enabled
+    # mount --bind /var/tmp/userspace-fips/fips_enabled /proc/sys/crypto/fips_enabled
+  - update-crypto-policies --show
   - update-crypto-policies --set FIPS
+  - update-crypto-policies --show
   - mkdir -p obj && cd obj && cmake
     -DCMAKE_BUILD_TYPE=RelWithDebInfo
     -DPICKY_DEVELOPER=ON