I am working towards packaging FIPS builds of aws-lc for nixpkgs. I am tentatively targeting two versions:
validated: Has a NIST validation certificate, currently AWS-LC-FIPS-2.0.0.
recommended: Latest release, currently AWS-LC-FIPS-3.3.0
The rationale is that some may demand a validated version while others will demand a version with bugfixes.
Getting packages and updates merged into nixpkgs can take a long time so I want to take advantage of the automatic version update features of nixpkgs. Automatically picking up the latest AWS-LC-FIPS version will be easy, however I seek a reliable machine readable way to detect the current validated version.
So, is there currently a reliable way to get the NIST validated version? If not, can we add one?
I am working towards packaging FIPS builds of aws-lc for nixpkgs. I am tentatively targeting two versions:
validated: Has a NIST validation certificate, currently AWS-LC-FIPS-2.0.0.
recommended: Latest release, currently AWS-LC-FIPS-3.3.0
The rationale is that some may demand a validated version while others will demand a version with bugfixes.
Getting packages and updates merged into nixpkgs can take a long time so I want to take advantage of the automatic version update features of nixpkgs. Automatically picking up the latest AWS-LC-FIPS version will be easy, however I seek a reliable machine readable way to detect the current validated version.
So, is there currently a reliable way to get the NIST validated version? If not, can we add one?