From 668451def296afeb0c358a7d80ff39dc546defab Mon Sep 17 00:00:00 2001
From: "A. Maitland Bottoms" <bottoms@debian.org>
Date: Mon, 29 May 2023 08:28:20 -0400
Subject: Do not fail on systems running in FIPSmode.

Initialize using gcrypt's GCRYCTL_NO_FIPS_MODE, available since
gcrypt version 1.10.0, otherwise apt aborts on FIPS enabled systems.
---
 apt-pkg/contrib/hashes.cc | 3 +++
 debian/control            | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/apt-pkg/contrib/hashes.cc b/apt-pkg/contrib/hashes.cc
index 313b1d37d..80b9bbf3f 100644
--- a/apt-pkg/contrib/hashes.cc
+++ b/apt-pkg/contrib/hashes.cc
@@ -330,6 +330,9 @@ public:
 	    exit(2);
 	 }
 
+	 // It is OK for apt to use MD5.
+	 gcry_control(GCRYCTL_NO_FIPS_MODE, 0);
+
 	 gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
       }
    }
diff --git a/debian/control b/debian/control
index 5768d7301..c831e45bb 100644
--- a/debian/control
+++ b/debian/control
@@ -17,7 +17,7 @@ Build-Depends: cmake (>= 3.4),
                libbz2-dev,
                libdb-dev,
                libgnutls28-dev (>= 3.4.6),
-               libgcrypt20-dev,
+               libgcrypt20-dev (>=1.10.0),
                liblz4-dev (>= 0.0~r126),
                liblzma-dev,
                libseccomp-dev (>= 2.4.2) [amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x hppa powerpc powerpcspe ppc64 x32],
-- 
cgit v1.2.3-70-g09d2