]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6bfabfd)
SCRIPTS: build-ssl: allow to build a FIPS version without FIPS
authorWilliam Lallemand <wlallemand@haproxy.com>
Mon, 3 Nov 2025 11:03:05 +0000 (12:03 +0100)
committerWilliam Lallemand <wlallemand@haproxy.com>
Mon, 3 Nov 2025 11:03:05 +0000 (12:03 +0100)
build-ssl.sh is always prepending a "v" to the version, preventing to
build a FIPS version without FIPS enabled.

This patch checks if FIPS is in the version string to chose to add the
"v" or not.

Example:

AWS_LC_VERSION=AWS-LC-FIPS-3.0.0 BUILDSSL_DESTDIR=/opt/awslc-3.0.0 ./scripts/build-ssl.sh

scripts/build-ssl.sh patch | blob | blame | history

diff --git a/scripts/build-ssl.sh b/scripts/build-ssl.sh
index d90d4d5a02aae4cc9d5191005ff2fce368aaabae..206227f6e00b11bbcf5f90b165f881cc160f82d0 100755 (executable)
--- a/scripts/build-ssl.sh
+++ b/scripts/build-ssl.sh
@@ -136,8 +136,14 @@ build_boringssl () {
 
 download_aws_lc () {
     if [ ! -f "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}.tar.gz" ]; then
+        if [ "${AWS_LC_VERSION#*FIPS}" != "${AWS_LC_VERSION}" ]; then
+            WGETFILE="${AWS_LC_VERSION}.tar.gz"
+        else
+            WGETFILE="v${AWS_LC_VERSION}.tar.gz"
+        fi
+
         wget -q -O "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}.tar.gz" \
-          "https://github.com/aws/aws-lc/archive/refs/tags/v${AWS_LC_VERSION}.tar.gz"
+          "https://github.com/aws/aws-lc/archive/refs/tags/${WGETFILE}"
     fi
 }
 
Mirror of https://github.com/haproxy/haproxy.git