diff options
author | Vishal Tak <vtak@gitlab.com> | 2022-04-18 11:13:14 +0300 |
---|---|---|
committer | Vishal Tak <vtak@gitlab.com> | 2022-04-18 11:48:43 +0300 |
commit | 08833c9b52f33920d6ec584235ecc5d54066e477 (patch) | |
tree | 6c4c8823512c14f92f9d87095702db813c7ce5c9 /Makefile.build.mk | |
parent | 6ab51ec245e2dbec83b828bf685397fe1adc2e41 (diff) |
Add compile time flag for building in FIPS
Diffstat (limited to 'Makefile.build.mk')
-rw-r--r-- | Makefile.build.mk | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/Makefile.build.mk b/Makefile.build.mk index 9e681d8e..915b1d02 100644 --- a/Makefile.build.mk +++ b/Makefile.build.mk @@ -1,5 +1,10 @@ BINDIR := $(CURDIR)/bin GO_BUILD_TAGS := continuous_profiler_stackdriver +FIPS_MODE ?= 0 +ifeq ($(FIPS_MODE), 1) + GO_BUILD_TAGS := $(GO_BUILD_TAGS),boringcrypto + CGO_ENABLED := 1 +endif # To compute a unique and deterministic value for GNU build-id, we build the Go binary a second time. # From the first build, we extract its unique and deterministic Go build-id, and use that to derive @@ -34,16 +39,12 @@ ifndef WITHOUT_BUILD_ID GNU_BUILD_ID=$$( echo $$GO_BUILD_ID | sha1sum | cut -d' ' -f1 ) && \ $Q GOBIN=$(BINDIR) go install $(if $V,-v) -ldflags="$(VERSION_FLAGS) -B 0x$$GNU_BUILD_ID" -tags "${GO_BUILD_TAGS}" -buildmode exe $(IMPORT_PATH) endif +ifeq ($(FIPS_MODE), 1) + go tool nm $(BINDIR)/gitlab-pages | grep boringcrypto >/dev/null && echo "binary is correctly built in FIPS mode" || (echo "binary is not correctly built in FIPS mode" && exit 1) +endif clean: $Q GOBIN=$(BINDIR) go clean -i -modcache -x gitlab-pages: build $Q cp -f $(BINDIR)/gitlab-pages . - -validate-fips-build: - go tool nm ./gitlab-pages | grep boringcrypto >/dev/null && echo "binary is correctly built in FIPS mode" || (echo "binary is not correctly built in FIPS mode" && exit 1) - -gitlab-pages-fips: GO_BUILD_TAGS := $(GO_BUILD_TAGS),boringcrypto -gitlab-pages-fips: CGO_ENABLED := 1 -gitlab-pages-fips: gitlab-pages validate-fips-build |