Check system is FIPS-aware when BIND 9 FIPS mode is enabled

(cherry picked from commit fbcdbca65fdd773cc523f5c11009ac3ac6a97ac1)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 606068a1e0ff061639a1cf15a56c4e13a2cd6e93..0811fe73c91c100fbfa00b84a74b39e9a7a02292 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -331,6 +331,9 @@ stages:
   - rm -f bind-*.tar.xz
   - cd bind-*
 
+.fips-feature-test: &fips_feature_test
+    - if bin/tests/system/feature-test --have-fips-mode; then fips-mode-setup --check; fips-mode-setup --is-enabled; fi
+
 .build: &build_job
   <<: *default_triggering_rules
   stage: build
@@ -349,6 +352,7 @@ stages:
     - test -z "${CROSS_COMPILATION}" || ( ! git ls-files -z --others --exclude lib/dns/gen | xargs -0 file | grep "ELF 64-bit LSB" )
     - if test -z "${OUT_OF_TREE_WORKSPACE}" && test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
     - bin/named/named -V
+    - *fips_feature_test
   needs:
     - job: autoreconf
       artifacts: true
@@ -418,6 +422,7 @@ stages:
     - test -n "${OUT_OF_TREE_WORKSPACE}" && cp -r bin/tests/system/* "${OUT_OF_TREE_WORKSPACE}/bin/tests/system/" && cd "${OUT_OF_TREE_WORKSPACE}"
     - *setup_interfaces
   script:
+    - *fips_feature_test
     - *find_pytest
     - *find_python
     - ( if [ "${CI_DISPOSABLE_ENVIRONMENT}" = "true" ]; then sleep 3000; "$PYTHON" "${CI_PROJECT_DIR}/util/get-running-system-tests.py"; fi ) &
@@ -479,6 +484,7 @@ stages:
   before_script:
     - test -n "${OUT_OF_TREE_WORKSPACE}" && cd "${OUT_OF_TREE_WORKSPACE}"
   script:
+    - *fips_feature_test
     - make -j${TEST_PARALLEL_JOBS:-1} -k unit V=1
     - test "$CLEAN_BUILD_ARTIFACTS_ON_SUCCESS" -eq 0 || make clean >/dev/null 2>&1
   after_script: