gitlab-ci: Improve setting Fedora to FIPS mode

Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
author: Andreas Schneider <asn@cryptomilk.org> 2020-01-24 09:25:05 +0100
committer: Andreas Schneider <asn@cryptomilk.org> 2020-01-24 09:39:44 +0100
commit: 30d03498b46c65c3faf134f3c4c959e6fcfbf537 (patch)
tree: 5f47d65c956898b795da4a1b75bcbc51888d49a3 /.gitlab-ci.yml
parent: 022409e99c9f6d6f1e540da5c2fa925b72998974 (diff)
download: libssh-30d03498b46c65c3faf134f3c4c959e6fcfbf537.tar.gz
libssh-30d03498b46c65c3faf134f3c4c959e6fcfbf537.tar.xz
libssh-30d03498b46c65c3faf134f3c4c959e6fcfbf537.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3a5416e1..924e2711 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -70,8 +70,14 @@ fedora/openssl_1.1.x/x86_64:
 fedora/openssl_1.1.x/x86_64/fips:
   extends: .fedora
   before_script:
-  - echo 1 > /etc/system-fips
+  - echo "# userspace fips" > /etc/system-fips
+    # We do not need the kernel part, but in case we ever do:
+    # mkdir -p /var/tmp/userspace-fips
+    # echo 1 > /var/tmp/userspace-fips/fips_enabled
+    # mount --bind /var/tmp/userspace-fips/fips_enabled /proc/sys/crypto/fips_enabled
+  - update-crypto-policies --show
   - update-crypto-policies --set FIPS
+  - update-crypto-policies --show
   - mkdir -p obj && cd obj && cmake
     -DCMAKE_BUILD_TYPE=RelWithDebInfo
     -DPICKY_DEVELOPER=ON
author	Andreas Schneider <asn@cryptomilk.org>	2020-01-24 09:25:05 +0100
committer	Andreas Schneider <asn@cryptomilk.org>	2020-01-24 09:39:44 +0100
commit	30d03498b46c65c3faf134f3c4c959e6fcfbf537 (patch)
tree	5f47d65c956898b795da4a1b75bcbc51888d49a3 /.gitlab-ci.yml
parent	022409e99c9f6d6f1e540da5c2fa925b72998974 (diff)
download	libssh-30d03498b46c65c3faf134f3c4c959e6fcfbf537.tar.gz libssh-30d03498b46c65c3faf134f3c4c959e6fcfbf537.tar.xz libssh-30d03498b46c65c3faf134f3c4c959e6fcfbf537.zip