Need to install pre-built ruby with openssl that has fips mode enabled

[Vishal1309]

What problems are you experiencing?

I wanted to use rubyinstaller to install pre-built ruby with comes with openssl that has fips mode enabled - preferably openssl 3.0.13.

However I can't seem to find the same - can anyone please help out?

[Vishal1309]

hey @larskanis @junaruga @MSP-Greg , can one of you guys give me some direction on the same please?

[junaruga]

I am not sure about this repository. However, if the program installs the OpenSSL, just run the OpenSSL's configure script with enable-fips option, the option gives users an option to enable FIPS in OpenSSL. Please note that a proper OpenSSL config file is necessary to load the FIPS provider.

https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-fips

[MSP-Greg]

@junaruga

JFYI, the MSYS2 script (and the config section) is here: https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-openssl/PKGBUILD#L88

MSYS2 is used for all the standard publicly available Windows Rubies. One can also build Rubies with MSFT tooling, which are known as 'mswin' builds, which use packages from https://github.com/Microsoft/vcpkg.

@Vishal1309

As above, the standard MSYS2 OpenSSL package isn't built with enable-fips. You would need to build the OpenSSL package locally, then build Ruby with it.

[Vishal1309]

@MSP-Greg , Can you suggest a way I can use the CI pipelines of this project, but along with the changes I need to make for my use case?

Here's what I want to accomplish: I want to make some changes to this repository and the rubyinstaller-packages repository, and then use the CI in this and the rubyinstaller2-packages repo to generate a exe package for myself.

I tried forking both the repositories - but here are the problems that I faced:

• The rubyinstaller2-packages repository CI on my fork fails on an error saying that I can't upload to the ci.r2 repository that belongs to this project - I understand this limitation but I am looking for some workaround so that I can somehow get a package built by your pipelines and code with some minor changes of mine in them.
• I do not completely understand the role of rubyinstaller2 (this current repo) in building the rubyinstaller, I ask this because I can see the dependent packages being built at the rubyinstaller2-packages repo. How are these two repos connected? - I checked code and I found an answer that maybe rubyinstaller2 repo is picking up already built packages from a bucket/repo (ci.ri2) and then somehow uses them further - but a little more understanding on this/ workarounds of this from your side to have this working for a fork will be super helpful..