diff options
author | Vishal Tak <vtak@gitlab.com> | 2022-03-31 10:58:20 +0300 |
---|---|---|
committer | Vishal Tak <vtak@gitlab.com> | 2022-03-31 10:58:20 +0300 |
commit | 9fdda41eedbcb91c1d06c01d72f9d915934735b7 (patch) | |
tree | 4145d00d9984ebc27510ec004b951a5bc7ccbd77 /Makefile.build.mk | |
parent | 2e4b84b6ac95087b96e346916b3ced662269b15d (diff) |
Clean makefile and add runtime check for fipsbuild-fips
Diffstat (limited to 'Makefile.build.mk')
-rw-r--r-- | Makefile.build.mk | 18 |
1 files changed, 5 insertions, 13 deletions
diff --git a/Makefile.build.mk b/Makefile.build.mk index 806d21db..9e681d8e 100644 --- a/Makefile.build.mk +++ b/Makefile.build.mk @@ -1,9 +1,5 @@ BINDIR := $(CURDIR)/bin GO_BUILD_TAGS := continuous_profiler_stackdriver -GO_BUILD_TAGS_FIPS := boringcrypto -ifneq ($(GO_BUILD_TAGS),) - GO_BUILD_TAGS_FIPS := $(GO_BUILD_TAGS),$(GO_BUILD_TAGS_FIPS) -endif # To compute a unique and deterministic value for GNU build-id, we build the Go binary a second time. # From the first build, we extract its unique and deterministic Go build-id, and use that to derive @@ -45,13 +41,9 @@ clean: gitlab-pages: build $Q cp -f $(BINDIR)/gitlab-pages . -build-fips: .GOPATH/.ok - $Q GOBIN=$(BINDIR) CGO_ENABLED=1 go install $(if $V,-v) -ldflags="$(VERSION_FLAGS)" -tags "${GO_BUILD_TAGS_FIPS}" -buildmode exe $(IMPORT_PATH) -ifndef WITHOUT_BUILD_ID - GO_BUILD_ID=$$( go tool buildid $(BINDIR)/gitlab-pages ) && \ - GNU_BUILD_ID=$$( echo $$GO_BUILD_ID | sha1sum | cut -d' ' -f1 ) && \ - $Q GOBIN=$(BINDIR) CGO_ENABLED=1 go install $(if $V,-v) -ldflags="$(VERSION_FLAGS) -B 0x$$GNU_BUILD_ID" -tags "${GO_BUILD_TAGS_FIPS}" -buildmode exe $(IMPORT_PATH) -endif +validate-fips-build: + go tool nm ./gitlab-pages | grep boringcrypto >/dev/null && echo "binary is correctly built in FIPS mode" || (echo "binary is not correctly built in FIPS mode" && exit 1) -gitlab-pages-fips: build-fips - $Q cp -f $(BINDIR)/gitlab-pages . +gitlab-pages-fips: GO_BUILD_TAGS := $(GO_BUILD_TAGS),boringcrypto +gitlab-pages-fips: CGO_ENABLED := 1 +gitlab-pages-fips: gitlab-pages validate-fips-build |