Update some FIPS module things#11177
Update some FIPS module things#11177richsalz wants to merge 2 commits intoopenssl:masterfrom richsalz:misc-fips-nits
Conversation
|
ping @slontis for feedback. |
|
Similar as in #11176 one can ask: why is the OpenSSL configuration file called "openssl.cnf", but the fips configuration file "fipsmodule.conf"? Why not use the same file extension throughout? |
|
Looks ok to me.. |
|
There's a separate PR to rename *.conf to *.cnf (#11176 ) The output suppressed by -q is nothing useful, it just says pass/verified/failure. When installing the same module on a few hundred thousand machines it's not needed. |
slontis
added
branch: master
|
Rebased; only change was to propagate .conf->.cnf changes. |
|
ping for another review. |
|
The commit message seems a little bit obsolete, can you please amend it to reflect the actual patch? |
|
Reworded the commit message, did I get your concern addressed? |
Unfortunately no. I do not see any added documentation of OPENSSL_CONF_INCLUDE env var. And the configuration file is named fipsmodule.cnf not .conf. |
t8m
left a comment
t8m
left a comment
There was a problem hiding this comment.
Approving anyway. The commit message can be amended before merge.
t8m
added
approval: done
|
I'm not going to touch this to avoid resetting the timers, and I assume you'll fix the commit message, @t8m |
|
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
t8m
added
approval: review pending
|
@slontis I've forgot to ask for your reapproval. Does your approval still hold? |
- Changed the generated FIPS signature file to be "fipsmodule.conf" since it contains information about the FIPS module/file. - Add -q option to fipsinstall command, to stop chatty verbose status messages. - Document env var OPENSSL_CONF_INCLUDE
Introduced by rebasing
|
I rebased this, to capture some additional fipsinstall.cnf -> fipsmodule.cnf renamings that had to be done. Fresh approvals needed. :( |
t8m
removed
the
approval: review pending
t8m
added
the
approval: done
|
24 hours has passed since 'approval: done' was set, but this PR has failing CI tests. Once the tests pass it will get moved to 'approval: ready to merge' automatically, alternatively please review and set the label manually. |
t8m
added
approval: ready to merge
- Changed the generated FIPS signature file to be "fipsmodule.conf" since it contains information about the FIPS module/file. - Add -q option to fipsinstall command, to stop chatty verbose status messages. - Document env var OPENSSL_CONF_INCLUDE Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #11177)
Introduced by rebasing Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #11177)
|
Merged to master. Thank you. |
6 participants
since it's about the module. This is a more sensible name for the user community.
messages. This is normally done at install/boot time, and we don't want extra status/noise messages.