mirror of
https://github.com/openshift/installer.git
synced 2026-02-05 15:47:14 +01:00
2e19d448f6
Update the warning message from the hostcrypt check to give more specific instructions on how to obtain the correct binary and where to run it.
45 lines
958 B
Go
45 lines
958 B
Go
package hostcrypt
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"runtime"
|
|
"strconv"
|
|
"strings"
|
|
)
|
|
|
|
const (
|
|
fipsFile = "/proc/sys/crypto/fips_enabled"
|
|
)
|
|
|
|
// VerifyHostTargetState checks that the current binary matches the expected cryptographic state
|
|
// for the target cluster.
|
|
func VerifyHostTargetState(fips bool) error {
|
|
if !fips {
|
|
return nil
|
|
}
|
|
|
|
if err := allowFIPSCluster(); err != nil {
|
|
return fmt.Errorf("target cluster is in FIPS mode, %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func hostFIPSEnabled() (bool, error) {
|
|
if runtime.GOOS != "linux" {
|
|
return false, fmt.Errorf("operation requires a Linux client")
|
|
}
|
|
|
|
hostFIPSData, err := os.ReadFile(fipsFile)
|
|
if err != nil {
|
|
return false, fmt.Errorf("failed to read client FIPS state %s: %w", fipsFile, err)
|
|
}
|
|
|
|
hostFIPS, err := strconv.ParseBool(strings.TrimSuffix(string(hostFIPSData), "\n"))
|
|
if err != nil {
|
|
return false, fmt.Errorf("failed to parse client FIPS state %s: %w", fipsFile, err)
|
|
}
|
|
|
|
return hostFIPS, nil
|
|
}
|