From 5ac282bd6b0aaeed6c846ae6b73b8d8e0d38328f Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Tue, 8 Apr 2025 05:44:24 -0500
Subject: [PATCH 1/4] require fips

---
 .evergreen/generated_configs/variants.yml | 1 +
 .evergreen/scripts/generate_config.py     | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/.evergreen/generated_configs/variants.yml b/.evergreen/generated_configs/variants.yml
index 7082dda44d..940c4e9b0c 100644
--- a/.evergreen/generated_configs/variants.yml
+++ b/.evergreen/generated_configs/variants.yml
@@ -18,6 +18,7 @@ buildvariants:
     batchtime: 10080
     expansions:
       NO_EXT: "1"
+      REQUIRE_FIPS: "1"
   - name: other-hosts-rhel8-zseries
     tasks:
       - name: .6.0 .standalone !.sync_async
diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py
index 5a5f6e93db..5957c3b1e3 100644
--- a/.evergreen/scripts/generate_config.py
+++ b/.evergreen/scripts/generate_config.py
@@ -800,10 +800,12 @@ def create_alternative_hosts_variants():
         )
     )
 
-    expansions = dict()
-    handle_c_ext(C_EXTS[0], expansions)
     for host_name in OTHER_HOSTS:
+        expansions = dict()
+        handle_c_ext(C_EXTS[0], expansions)
         host = HOSTS[host_name]
+        if "fips" in host_name.lower():
+            expansions["REQUIRE_FIPS"] = "1"
         tags = [".6.0 .standalone !.sync_async"]
         if host_name == "Amazon2023":
             tags = [f".latest !.sync_async {t}" for t in SUB_TASKS]

From d727e55eba28b05116767c896819941d67dc91c2 Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Tue, 8 Apr 2025 05:47:31 -0500
Subject: [PATCH 2/4] PYTHON-5275 Fix handlig of FIPS build

---
 .evergreen/config.yml             | 4 ++--
 .evergreen/scripts/setup_tests.py | 1 +
 test/__init__.py                  | 2 ++
 test/asynchronous/__init__.py     | 2 ++
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index d83a5620df..a1d6284713 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -67,7 +67,7 @@ functions:
         binary: bash
         working_dir: "src"
         include_expansions_in_env: [VERSION, TOPOLOGY, AUTH, SSL, ORCHESTRATION_FILE, PYTHON_BINARY, PYTHON_VERSION,
-          STORAGE_ENGINE, REQUIRE_API_VERSION, DRIVERS_TOOLS, TEST_CRYPT_SHARED, AUTH_AWS, LOAD_BALANCER, LOCAL_ATLAS]
+          STORAGE_ENGINE, REQUIRE_API_VERSION, DRIVERS_TOOLS, TEST_CRYPT_SHARED, AUTH_AWS, LOAD_BALANCER, LOCAL_ATLAS, NO_EXT]
         args: [.evergreen/just.sh, run-server, "${TEST_NAME}"]
     - command: expansions.update
       params:
@@ -89,7 +89,7 @@ functions:
         include_expansions_in_env: [AUTH, SSL, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,
           AWS_SESSION_TOKEN, COVERAGE, PYTHON_BINARY, LIBMONGOCRYPT_URL, MONGODB_URI, PYTHON_VERSION,
           DISABLE_TEST_COMMANDS, GREEN_FRAMEWORK, NO_EXT, COMPRESSORS, MONGODB_API_VERSION, DEBUG_LOG,
-          ORCHESTRATION_FILE, OCSP_SERVER_TYPE, VERSION]
+          ORCHESTRATION_FILE, OCSP_SERVER_TYPE, VERSION, REQUIRE_FIPS]
         binary: bash
         working_dir: "src"
         args: [.evergreen/just.sh, setup-tests, "${TEST_NAME}", "${SUB_TEST_NAME}"]
diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py
index 2ee8aa12ee..2fa1fc47fc 100644
--- a/.evergreen/scripts/setup_tests.py
+++ b/.evergreen/scripts/setup_tests.py
@@ -33,6 +33,7 @@
     "DEBUG_LOG",
     "PYTHON_BINARY",
     "PYTHON_VERSION",
+    "REQUIRE_FIPS",
 ]
 
 # Map the test name to test extra.
diff --git a/test/__init__.py b/test/__init__.py
index d8686e3257..a1c5091f3b 100644
--- a/test/__init__.py
+++ b/test/__init__.py
@@ -389,6 +389,8 @@ def fips_enabled(self):
             self._fips_enabled = True
         except (subprocess.SubprocessError, FileNotFoundError):
             self._fips_enabled = False
+        if os.environ.get("REQUIRE_FIPS") and not self._fips_enabled:
+            raise RuntimeError("Expected FIPS to be enabled")
         return self._fips_enabled
 
     def check_auth_type(self, auth_type):
diff --git a/test/asynchronous/__init__.py b/test/asynchronous/__init__.py
index 9e9cb9316d..f8d04f0d5d 100644
--- a/test/asynchronous/__init__.py
+++ b/test/asynchronous/__init__.py
@@ -391,6 +391,8 @@ def fips_enabled(self):
             self._fips_enabled = True
         except (subprocess.SubprocessError, FileNotFoundError):
             self._fips_enabled = False
+        if os.environ.get("REQUIRE_FIPS") and not self._fips_enabled:
+            raise RuntimeError("Expected FIPS to be enabled")
         return self._fips_enabled
 
     def check_auth_type(self, auth_type):

From 42b1f6c53fd049ef350527d3315e2a611850c51a Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Tue, 8 Apr 2025 06:28:24 -0500
Subject: [PATCH 3/4] debug

---
 .evergreen/run-tests.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh
index 2b7d856d41..d6e5c56411 100755
--- a/.evergreen/run-tests.sh
+++ b/.evergreen/run-tests.sh
@@ -25,6 +25,9 @@ else
   exit 1
 fi
 
+echo "REQUIRE_FIPS=${REQUIRE_FIPS:-}"
+exit 1
+
 # List the packages.
 uv sync ${UV_ARGS} --reinstall
 uv pip list

From 1a81a7caee3a08215bb16e5eca000e74d562f8f9 Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Tue, 8 Apr 2025 06:35:55 -0500
Subject: [PATCH 4/4] Revert "debug"

This reverts commit 42b1f6c53fd049ef350527d3315e2a611850c51a.
---
 .evergreen/run-tests.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh
index d6e5c56411..2b7d856d41 100755
--- a/.evergreen/run-tests.sh
+++ b/.evergreen/run-tests.sh
@@ -25,9 +25,6 @@ else
   exit 1
 fi
 
-echo "REQUIRE_FIPS=${REQUIRE_FIPS:-}"
-exit 1
-
 # List the packages.
 uv sync ${UV_ARGS} --reinstall
 uv pip list