diff options
author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-06-14 10:18:27 +0300 |
---|---|---|
committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-06-20 11:03:21 +0300 |
commit | abc110b78e81dee9cb79f5fbf1be6d98e0fb57ec (patch) | |
tree | 6dfe11e0fd2ed7c8051eb9517254ecfe74cb13dd | |
parent | ef74de3c567594f6a7206a3f50e8f3e7ef2c988e (diff) |
tests: Build binaries in FIPS mode as required
When testing Gitaly in FIPS mode we need to also build helper binaries
with the `fips` build tag. Set an environment variable in our Makefile
when running in FIPS mode to give a hint to our test helpers that they
have to add this build tag.
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | internal/testhelper/testcfg/build.go | 9 |
2 files changed, 10 insertions, 1 deletions
@@ -86,6 +86,8 @@ ifdef FIPS_MODE # requested. Note that we explicitly don't do the same for SHA1: we # instead use SHA1DC to protect users against the SHAttered attack. GIT_FIPS_BUILD_OPTIONS := OPENSSL_SHA256=YesPlease + + export GITALY_TESTING_ENABLE_FIPS := YesPlease endif # Dependency versions diff --git a/internal/testhelper/testcfg/build.go b/internal/testhelper/testcfg/build.go index 262bc0058..f4e6be180 100644 --- a/internal/testhelper/testcfg/build.go +++ b/internal/testhelper/testcfg/build.go @@ -116,10 +116,17 @@ func BuildBinary(t testing.TB, targetDir, sourcePath string) string { "PATH=%s:%s", filepath.Dir(gitExecEnv.BinaryPath), os.Getenv("PATH"), )) + buildTags := []string{ + "static", "system_libgit2", "gitaly_test", + } + if os.Getenv("GITALY_TESTING_ENABLE_FIPS") != "" { + buildTags = append(buildTags, "fips") + } + cmd := exec.Command( "go", "build", - "-tags", "static,system_libgit2,gitaly_test", + "-tags", strings.Join(buildTags, ","), "-o", sharedBinaryPath, sourcePath, ) |