Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need to install pre-built ruby with openssl that has fips mode enabled #382

Open
Vishal1309 opened this issue May 14, 2024 · 4 comments
Open

Need to install pre-built ruby with openssl that has fips mode enabled #382

Vishal1309 opened this issue May 14, 2024 · 4 comments

Comments

@Vishal1309
Copy link

What problems are you experiencing?

I wanted to use rubyinstaller to install pre-built ruby with comes with openssl that has fips mode enabled - preferably openssl 3.0.13.

However I can't seem to find the same - can anyone please help out?
@Vishal1309
Copy link
Author

Vishal1309 commented May 21, 2024
edited

hey @larskanis @junaruga @MSP-Greg , can one of you guys give me some direction on the same please?

@junaruga
Copy link

junaruga commented May 21, 2024
edited

I am not sure about this repository. However, if the program installs the OpenSSL, just run the OpenSSL's configure script with enable-fips option, the option gives users an option to enable FIPS in OpenSSL. Please note that a proper OpenSSL config file is necessary to load the FIPS provider.

https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-fips

@MSP-Greg
Copy link
Contributor

@junaruga

JFYI, the MSYS2 script (and the config section) is here:
https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-openssl/PKGBUILD#L88

MSYS2 is used for all the standard publicly available Windows Rubies. One can also build Rubies with MSFT tooling, which are known as 'mswin' builds, which use packages from https://github.com/Microsoft/vcpkg.

@Vishal1309

As above, the standard MSYS2 OpenSSL package isn't built with enable-fips. You would need to build the OpenSSL package locally, then build Ruby with it.

@Vishal1309
Copy link
Author

Vishal1309 commented May 22, 2024
edited

@MSP-Greg , Can you suggest a way I can use the CI pipelines of this project, but along with the changes I need to make for my use case?

Here's what I want to accomplish:
I want to make some changes to this repository and the rubyinstaller-packages repository, and then use the CI in this and the rubyinstaller2-packages repo to generate a exe package for myself.

I tried forking both the repositories - but here are the problems that I faced:

  • The rubyinstaller2-packages repository CI on my fork fails on an error saying that I can't upload to the ci.r2 repository that belongs to this project - I understand this limitation but I am looking for some workaround so that I can somehow get a package built by your pipelines and code with some minor changes of mine in them.
  • I do not completely understand the role of rubyinstaller2 (this current repo) in building the rubyinstaller, I ask this because I can see the dependent packages being built at the rubyinstaller2-packages repo. How are these two repos connected? - I checked code and I found an answer that maybe rubyinstaller2 repo is picking up already built packages from a bucket/repo (ci.ri2) and then somehow uses them further - but a little more understanding on this/ workarounds of this from your side to have this working for a fork will be super helpful..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@junaruga @MSP-Greg @Vishal1309