From 4f200d79ea3ffd3479c447e893fff6733c0733ea Mon Sep 17 00:00:00 2001
From: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Date: Tue, 22 Mar 2022 09:59:42 +0100
Subject: [PATCH] profiles/coreos/base: enable fips across the OS

only support by OpenSSL and Cryptsetup for now.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
---
 .../coreos-overlay/profiles/coreos/base/make.defaults          | 3 +++
 .../coreos-overlay/profiles/coreos/base/package.use            | 2 --
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
index 33388b943f..7dfb4cab70 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
@@ -31,6 +31,9 @@ USE="${USE} -zeroconf"
 # No need for OpenMP support in GCC and other apps
 USE="${USE} -openmp"
 
+# Let's enable FIPS support for supported software.
+USE="${USE} fips"
+
 # The git-r3 eclass now depends on curl support, which is used in catalyst.
 BOOTSTRAP_USE="${BOOTSTRAP_USE} curl"
 
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
index bfbcf0b82f..022faf51e8 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
@@ -134,8 +134,6 @@ sys-auth/polkit -introspection
 # https://marc.info/?l=gentoo-dev&m=163216172229772&w=2
 net-misc/openssh -bindist
 
-dev-libs/openssl fips
-
 # enables ELF support to e.g. allow tc to handle BPF filters.
 sys-apps/iproute2 elf