On Tue, 2010-02-02 at 22:56 +0100, Björn Persson wrote:
Tomas Mraz wrote:
The library will work fine and it will not compute the checksum at all if the FIPS mode is not enabled which is the normal situation.
Then perhaps FIPS mode can be left disabled until /usr has been mounted, so that the checksum can be in %{_libdir}/fipscheck?
I am not sure this is possible. In following, albeit quite theoretical, scenario libgcrypt would be needed to mount encrypted filesystem holding the /usr tree. Such operation would be probably required to be running with the libgcrypt already in the FIPS mode.