Hi Community, Can someone help me on the above request ?
* Would it be possible to share the configure command used in building the standard postgres package ? * We would like to build a debian package post the make -- would checkinstall be the right tool for this purpose ? Regards, Aravindhan Krishnan... On Fri, 4 Dec 2020 at 16:42, Aravindhan Krishnan <aravindhan...@gmail.com> wrote: > Hi Michael, > > Thanks for the quick response. I will try this out. > > Would it be possible to share the configure command used in building the > standard postgres package. There are quite a lot of knobs and we wanted to > retain the same behaviour from postgres. I am assuming apart from this, I > might need to set the LDFLAGS, CFLAGS knob to point to include and lib > directories of FIPS compliant openssl library and includes. Also we would > like to build a debian package post the make -- would checkinstall be the > right tool for this purpose ? > > Thanks > > Regards, > Aravindhan Krishnan... > > > On Fri, 4 Dec 2020 at 11:13, Michael Paquier <mich...@paquier.xyz> wrote: > >> On Thu, Dec 03, 2020 at 05:57:04PM +0530, Aravindhan Krishnan wrote: >> > Since postgres is linked against openssl we wanted to make sure we build >> > postgres against the FIPS compliant openssl libraries. Does postgres >> > provide a FIPS debian package that can be used. If not it would be of >> great >> > help to help with the instructions to build the debian of postgres >> linked >> > against the FIPS compliant openssl libraries. >> >> There is no need for Postgres to do anything specific with FIPS at >> runtime, as long as the OS takes care of enabling FIPS and that >> OpenSSL is able to recognize that. So normally, you could just use a >> version of Postgres compiled with OpenSSL 1.0.2, and replace the >> libraries of OpenSSL with a version that is compiled with FIPS enabled >> as the APIs of OpenSSL used by Postgres are exactly the same for the >> non-FIPS and FIPS cases. >> -- >> Michael >> >
