Re: New buildfarm animals with FIPS mode enabled

Hi Tom,

On 2/14/25 10:01 AM, Tom Lane wrote:
> I see that somebody decided to crank up some animals running
> RHEL8 and RHEL9 with FIPS mode turned on.  The RHEL9 animals
> pass on v17 and master, but not older branches; the RHEL8
> animals pass nowhere.  This is unsurprising given that the
> v17-era commits that allowed our regression tests to pass
> under FIPS mode (795592865 and a bunch of others) explicitly
> targeted only OpenSSL 3:
> 
>      These new expected files currently cover the FIPS mode provided by
>      OpenSSL 3.x as well as the modified OpenSSL 3.x from Red Hat (e.g.,
>      Fedora 38), but not the modified OpenSSL 1.x from Red Hat (e.g.,
>      Fedora 35).  (The latter will have some error message wording
>      differences.)
> 
> I'm kind of disinclined to do all the work that'd be needed to turn
> these animals completely green, especially when the reason to do it
> seems to be that someone decided we should without any community
> consultation.  Perhaps others have different opinions though.    

That's my fault.  I did a sloppy job copying configs etc from the s390x 
fips animals and forgot about the OS versions, branches, etc.  Peter 
Eisentraut reminded me I think I cleaned that all up.

Regards,
Mark