On 19/04/2016 16:31, Steve Marquess wrote: > On 04/19/2016 09:16 AM, Jakob Bohm wrote: >> On 19/04/2016 13:44, Leaky wrote: >>> Thanks, but I am still scratching my head as to if that is even >>> possible on >>> Windows, which would mean you can't actually compile the FIPS canister on >>> Windows and meet the security policy. >>> >> There are Windows ports of gzip, gunzip and tar. For example in the CYGWIN >> distribution (from https://cygwin.com) or MingW32 (those 2 are free), there >> are also commercial versions such as MKS. >> >> If you use the CYGWIN variant, but run under the Windows CMD shell, you >> will >> have to crate a .CMD equivalent of the gunzip shell script. Instead of the >> long winded code to output messages about what gunzip is, the following one >> line file should do the trick (there is no lf or crlf at the end of the >> line!), save this as gunzip.cmd somewhere on your PATH. >> >> @x:\SOMEPATH\CYGWIN\bin\gzip.exe -d %* >> >> (x:\DOMEPATH\CYGWIN is obviously whereever you installed CYGWIN) >> >> Similarly create tar.cmd > Good catch, Jakob. I missed the Windows part. I missed it too, Leaky caught it > As documented in Appendix A of the Security Policy, for Windows the > required canonical build commands are: > > ms\do_fips no-asm > > or > > ms\do_fips > > instead of the "./config ...; make" used for *nix style platforms. The > > gunzip -c openssl-fips-2.0.N.tar.gz | tar xf - > cd openssl-fips-2.0.N > > is still required, which as you noted can be done with a third party > "gunzip", e.g. from Cygwin. > > Note that from a software engineering viewpoint it doesn't make much > sense to require that a "gunzip" command be installed and used when > another equivalent method of expanding the tarball is available, but the > CMVP required the specification of fixed build commands from the very > first validation. > > No requirement that a specific version of "gunzip" be used, so the use > of a script would appear to be permitted. Note that the official GNU gunzip is (as mentioned) a shell script. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
