diff options
author | DJ Mountney <dj@gitlab.com> | 2023-05-17 04:43:48 +0300 |
---|---|---|
committer | Jaime Martinez <jmartinez@gitlab.com> | 2023-05-17 04:43:48 +0300 |
commit | 6ef45737269eedaf6ca7146c5db8e8dab54e2b02 (patch) | |
tree | 202499813a65423925f3f4ea497f41bb7399d0dd /Makefile.build.mk | |
parent | 924108fb3510cbf2d3df63fcb8a6a38a14616016 (diff) |
Fix fips builds for Golang 1.19
Diffstat (limited to 'Makefile.build.mk')
-rw-r--r-- | Makefile.build.mk | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/Makefile.build.mk b/Makefile.build.mk index c147e16f..cc7ab181 100644 --- a/Makefile.build.mk +++ b/Makefile.build.mk @@ -3,6 +3,11 @@ GO_BUILD_TAGS := continuous_profiler_stackdriver MOCKGEN_VERSION=v1.6.0 FIPS_MODE ?= 0 ifeq ($(FIPS_MODE), 1) + BORINGCRYPTO_SUPPORT := $(shell GOEXPERIMENT=boringcrypto go version > /dev/null 2>&1; echo $$?) + ifeq ($(BORINGCRYPTO_SUPPORT), 0) + GO_BUILD_ENV=GOEXPERIMENT=boringcrypto + endif + GO_BUILD_TAGS := $(GO_BUILD_TAGS),fips endif @@ -23,11 +28,11 @@ generate-mocks: $Q go run github.com/golang/mock/mockgen@$(MOCKGEN_VERSION) -source=internal/domain/resolver.go -destination=internal/domain/mock/resolver_mock.go -package=mock build: - $Q GOBIN=$(BINDIR) go install $(if $V,-v) -ldflags="$(VERSION_FLAGS)" -tags "${GO_BUILD_TAGS}" -buildmode exe $(IMPORT_PATH) + $Q GOBIN=$(BINDIR) $(GO_BUILD_ENV) go install $(if $V,-v) -ldflags="$(VERSION_FLAGS)" -tags "${GO_BUILD_TAGS}" -buildmode exe $(IMPORT_PATH) ifndef WITHOUT_BUILD_ID GO_BUILD_ID=$$( go tool buildid $(BINDIR)/gitlab-pages ) && \ GNU_BUILD_ID=$$( echo $$GO_BUILD_ID | sha1sum | cut -d' ' -f1 ) && \ - $Q GOBIN=$(BINDIR) go install $(if $V,-v) -ldflags="$(VERSION_FLAGS) -B 0x$$GNU_BUILD_ID" -tags "${GO_BUILD_TAGS}" -buildmode exe $(IMPORT_PATH) + $Q GOBIN=$(BINDIR) $(GO_BUILD_ENV) go install $(if $V,-v) -ldflags="$(VERSION_FLAGS) -B 0x$$GNU_BUILD_ID" -tags "${GO_BUILD_TAGS}" -buildmode exe $(IMPORT_PATH) endif ifeq ($(FIPS_MODE), 1) go tool nm $(BINDIR)/gitlab-pages | grep boringcrypto >/dev/null && echo "binary is correctly built in FIPS mode" || (echo "binary is not correctly built in FIPS mode" && exit 1) |