mirror of
https://github.com/openssl/openssl.git
synced 2024-11-24 02:23:51 +08:00
3ab736acb8
The `make install_fips` target failed
msp@debian:~/src/openssl$ make install_fips
*** Installing FIPS module
install providers/fips.so -> /opt/openssl-dev/lib/ossl-modules/fips.so
*** Installing FIPS module configuration
fipsinstall /opt/openssl-dev/ssl/fipsmodule.cnf
FATAL: Startup failure (dev note: apps_startup()) for ./apps/openssl
... No such file or directory:crypto/conf/conf_def.c:771:calling stat(fipsmodule.cnf)
...
make: *** [Makefile:3341: install_fips] Error 1
because the `openssl fipsinstall` command was loading a previously installed
configuration file instead of the copy shipped with the source tree.
msp@debian:~/src/openssl$ strace -f make install_fips |& grep openssl.cnf
[pid 128683] openat(AT_FDCWD, "/opt/openssl-dev/ssl/openssl.cnf", O_RDONLY) = 3
This issue reveiled a more general problem, which applies to the tests as well:
unless openssl is installed, the openssl app must not use any preinstalled
configuration file. This holds in particular when the preinstalled configuration
file load providers, which caused the above failure.
The most consistent way to achieve this behaviour is to set the OPENSSL_CONF
environment variable to the correct location in the util/wrap.pl perl wrapper.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14136)
50 lines
1.6 KiB
Perl
Executable File
50 lines
1.6 KiB
Perl
Executable File
#! /usr/bin/env perl
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use File::Basename;
|
|
use File::Spec::Functions;
|
|
|
|
my $there = canonpath(catdir(dirname($0), updir()));
|
|
my $std_engines = catdir($there, 'engines');
|
|
my $std_providers = catdir($there, 'providers');
|
|
my $std_openssl_conf = catdir($there, 'apps/openssl.cnf');
|
|
my $unix_shlib_wrap = catfile($there, 'util/shlib_wrap.sh');
|
|
|
|
$ENV{OPENSSL_ENGINES} = $std_engines
|
|
if ($ENV{OPENSSL_ENGINES} // '') eq '' && -d $std_engines;
|
|
$ENV{OPENSSL_MODULES} = $std_providers
|
|
if ($ENV{OPENSSL_MODULES} // '') eq '' && -d $std_providers;
|
|
$ENV{OPENSSL_CONF} = $std_openssl_conf
|
|
if ($ENV{OPENSSL_CONF} // '') eq '' && -f $std_openssl_conf;
|
|
|
|
my $use_system = 0;
|
|
my @cmd;
|
|
|
|
if (-x $unix_shlib_wrap) {
|
|
@cmd = ( $unix_shlib_wrap, @ARGV );
|
|
} else {
|
|
# Hope for the best
|
|
@cmd = ( @ARGV );
|
|
}
|
|
|
|
# The exec() statement on MSWin32 doesn't seem to give back the exit code
|
|
# from the call, so we resort to using system() instead.
|
|
my $waitcode = system @cmd;
|
|
|
|
# According to documentation, -1 means that system() couldn't run the command,
|
|
# otherwise, the value is similar to the Unix wait() status value
|
|
# (exitcode << 8 | signalcode)
|
|
die "wrap.pl: Failed to execute '", join(' ', @cmd), "': $!\n"
|
|
if $waitcode == -1;
|
|
|
|
# When the subprocess aborted on a signal, mimic what Unix shells do, by
|
|
# converting the signal code to an exit code by setting the high bit.
|
|
# This only happens on Unix flavored operating systems, the others don't
|
|
# have this sort of signaling to date, and simply leave the low byte zero.
|
|
exit(($? & 255) | 128) if ($? & 255) != 0;
|
|
|
|
# When not a signal, just shift down the subprocess exit code and use that.
|
|
exit($? >> 8);
|