On 04/18/2016 11:01 AM, Tristan Leask wrote: > Hi All, > > I am currently trying to setup an automated build process for a > cloned copy of the code. ... > > In the link mentioned, it is talked about modifying the perl script > to change how STDOUT works, however when you are compiling FIPS you > aren't meant to modify the code shipped in the tarball, so how does > one work around this issue apart from just compiling the code > manually all the time? There is really no point in trying to automate the build of the FIPS module (fipscanister.o). As noted you can't change the source code (contents of the tarball) at all, plus you're constrained by the requirements of the Security Policy to build the module with precisely the commands: gunzip -c openssl-fips-2.0.12.tar.gz | tar xvf - cd openssl-fips-2.0.12 ./config make The Security Policy doesn't expressly prohibit you from embedding those commands in a script, but IMHO you gain nothing but grief by doing so. Build it manually, once, with some sort of record as a CYA for your file cabinet. Once you have the one and only copy of fipscanister.o you need (per platform), you can then use normal software engineering best practice for building OpenSSL proper (e.g. 1.0.2g) and your application code, and automation would make more sense. -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
