mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
3ab736acb8
The `make install_fips` target failed msp@debian:~/src/openssl$ make install_fips *** Installing FIPS module install providers/fips.so -> /opt/openssl-dev/lib/ossl-modules/fips.so *** Installing FIPS module configuration fipsinstall /opt/openssl-dev/ssl/fipsmodule.cnf FATAL: Startup failure (dev note: apps_startup()) for ./apps/openssl ... No such file or directory:crypto/conf/conf_def.c:771:calling stat(fipsmodule.cnf) ... make: *** [Makefile:3341: install_fips] Error 1 because the `openssl fipsinstall` command was loading a previously installed configuration file instead of the copy shipped with the source tree. msp@debian:~/src/openssl$ strace -f make install_fips |& grep openssl.cnf [pid 128683] openat(AT_FDCWD, "/opt/openssl-dev/ssl/openssl.cnf", O_RDONLY) = 3 This issue reveiled a more general problem, which applies to the tests as well: unless openssl is installed, the openssl app must not use any preinstalled configuration file. This holds in particular when the preinstalled configuration file load providers, which caused the above failure. The most consistent way to achieve this behaviour is to set the OPENSSL_CONF environment variable to the correct location in the util/wrap.pl perl wrapper. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14136)
50 lines
1.6 KiB
Perl
Executable File
50 lines
1.6 KiB
Perl
Executable File
#! /usr/bin/env perl
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use File::Basename;
|
|
use File::Spec::Functions;
|
|
|
|
my $there = canonpath(catdir(dirname($0), updir()));
|
|
my $std_engines = catdir($there, 'engines');
|
|
my $std_providers = catdir($there, 'providers');
|
|
my $std_openssl_conf = catdir($there, 'apps/openssl.cnf');
|
|
my $unix_shlib_wrap = catfile($there, 'util/shlib_wrap.sh');
|
|
|
|
$ENV{OPENSSL_ENGINES} = $std_engines
|
|
if ($ENV{OPENSSL_ENGINES} // '') eq '' && -d $std_engines;
|
|
$ENV{OPENSSL_MODULES} = $std_providers
|
|
if ($ENV{OPENSSL_MODULES} // '') eq '' && -d $std_providers;
|
|
$ENV{OPENSSL_CONF} = $std_openssl_conf
|
|
if ($ENV{OPENSSL_CONF} // '') eq '' && -f $std_openssl_conf;
|
|
|
|
my $use_system = 0;
|
|
my @cmd;
|
|
|
|
if (-x $unix_shlib_wrap) {
|
|
@cmd = ( $unix_shlib_wrap, @ARGV );
|
|
} else {
|
|
# Hope for the best
|
|
@cmd = ( @ARGV );
|
|
}
|
|
|
|
# The exec() statement on MSWin32 doesn't seem to give back the exit code
|
|
# from the call, so we resort to using system() instead.
|
|
my $waitcode = system @cmd;
|
|
|
|
# According to documentation, -1 means that system() couldn't run the command,
|
|
# otherwise, the value is similar to the Unix wait() status value
|
|
# (exitcode << 8 | signalcode)
|
|
die "wrap.pl: Failed to execute '", join(' ', @cmd), "': $!\n"
|
|
if $waitcode == -1;
|
|
|
|
# When the subprocess aborted on a signal, mimic what Unix shells do, by
|
|
# converting the signal code to an exit code by setting the high bit.
|
|
# This only happens on Unix flavored operating systems, the others don't
|
|
# have this sort of signaling to date, and simply leave the low byte zero.
|
|
exit(($? & 255) | 128) if ($? & 255) != 0;
|
|
|
|
# When not a signal, just shift down the subprocess exit code and use that.
|
|
exit($? >> 8);
|