35 lines
1.2 KiB
Ruby
35 lines
1.2 KiB
Ruby
|
require 'openssl'
|
||
|
|
||
|
# Run openssl tests in OpenSSL FIPS. See the link below for how to test.
|
||
|
# https://github.com/ruby/openssl/blob/master/.github/workflows/test.yml
|
||
|
# - step name: test on fips module
|
||
|
|
||
|
# Listing the testing files by an array explicitly rather than the `Dir.glob`
|
||
|
# to prevent the test files from not loading unintentionally.
|
||
|
TEST_FILES = %w[
|
||
|
test/openssl/test_fips.rb
|
||
|
test/openssl/test_pkey.rb
|
||
|
].freeze
|
||
|
|
||
|
if ARGV.empty?
|
||
|
puts 'ERROR: Argument base_dir required.'
|
||
|
puts "Usage: #{__FILE__} base_dir [options]"
|
||
|
exit false
|
||
|
end
|
||
|
BASE_DIR = ARGV[0]
|
||
|
abs_test_files = TEST_FILES.map { |file| File.join(BASE_DIR, file) }
|
||
|
|
||
|
# Set Fedora/RHEL downstream OpenSSL downstream environment variable to enable
|
||
|
# FIPS module in non-FIPS OS environment. It is available in Fedora 38 or later
|
||
|
# versions.
|
||
|
# https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/0009-Add-Kernel-FIPS-mode-flag-support.patch
|
||
|
ENV['OPENSSL_FORCE_FIPS_MODE'] = '1'
|
||
|
# A flag to tell the tests the current environment is FIPS enabled.
|
||
|
# https://github.com/ruby/openssl/blob/master/test/openssl/test_fips.rb
|
||
|
ENV['TEST_RUBY_OPENSSL_FIPS_ENABLED'] = 'true'
|
||
|
|
||
|
abs_test_files.each do |file|
|
||
|
puts "INFO: Loading #{file}."
|
||
|
require file
|
||
|
end
|