Patching openssl.cnf to add fips section when needed

Signed-off-by: John McCrae <[email protected]>
chef · May 15, 2024 · dc0e8d8 · dc0e8d8
1 parent 3f63d30
commit dc0e8d8
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/config/patches/openssl/openssl-3.0.0-add-fips-sect-to-openssl.cnf.patch b/config/patches/openssl/openssl-3.0.0-add-fips-sect-to-openssl.cnf.patch
@@ -1,7 +1,7 @@
-diff --git "a/usr/local/ssl/openssl.cnf" "/c/msys64/usr/local/ssl/openssl.cnf"
+diff --git "a/usr/local/ssl/openssl.cnf" "b/usr/local/ssl/openssl.cnf"
 index 5340de2..6daaccc 100644
 --- "a/usr/local/ssl/openssl.cnf"
-+++ "/c/msys64/usr/local/ssl/openssl.cnf"
++++ "b/usr/local/ssl/openssl.cnf"
 @@ -75,6 +75,11 @@ activate = 1
  [legacy_sect]
  activate = 1

diff --git a/config/software/openssl.rb b/config/software/openssl.rb
@@ -242,7 +242,9 @@
     # Updating the openssl.cnf file to enable the fips provider
     command "sed -i -e 's|# .include fipsmodule.cnf|.include #{fips_cnf_file}|g' #{msys_path}/usr/local/ssl/openssl.cnf"
     command "sed -i -e 's|# fips = fips_sect|fips = fips_sect|g' #{msys_path}/usr/local/ssl/openssl.cnf"
-    patch source: "openssl-3.0.0-add-fips-sect-to-openssl.cnf.patch", env: env
+    patch_env = env.dup
+    patch_env["PATH"] = "/c/msys64/usr/local/ssl:#{env["PATH"]}" if windows?
+    patch source: "openssl-3.0.0-add-fips-sect-to-openssl.cnf.patch", env: patch_env
     # command "sed -i '76 i\\ 
     #     \[fips_sect\] \\
     #     activate = 1 \\