Hi Michael, Thanks for the quick response. I will try this out.
Would it be possible to share the configure command used in building the standard postgres package. There are quite a lot of knobs and we wanted to retain the same behaviour from postgres. I am assuming apart from this, I might need to set the LDFLAGS, CFLAGS knob to point to include and lib directories of FIPS compliant openssl library and includes. Also we would like to build a debian package post the make -- would checkinstall be the right tool for this purpose ? Thanks Regards, Aravindhan Krishnan... On Fri, 4 Dec 2020 at 11:13, Michael Paquier <mich...@paquier.xyz> wrote: > On Thu, Dec 03, 2020 at 05:57:04PM +0530, Aravindhan Krishnan wrote: > > Since postgres is linked against openssl we wanted to make sure we build > > postgres against the FIPS compliant openssl libraries. Does postgres > > provide a FIPS debian package that can be used. If not it would be of > great > > help to help with the instructions to build the debian of postgres linked > > against the FIPS compliant openssl libraries. > > There is no need for Postgres to do anything specific with FIPS at > runtime, as long as the OS takes care of enabling FIPS and that > OpenSSL is able to recognize that. So normally, you could just use a > version of Postgres compiled with OpenSSL 1.0.2, and replace the > libraries of OpenSSL with a version that is compiled with FIPS enabled > as the APIs of OpenSSL used by Postgres are exactly the same for the > non-FIPS and FIPS cases. > -- > Michael >
