diff options
author | Patrick Bajao <ebajao@gitlab.com> | 2023-03-07 05:30:29 +0000 |
---|---|---|
committer | Patrick Bajao <ebajao@gitlab.com> | 2023-03-07 05:30:29 +0000 |
commit | a7d93b0a41ee4b087ef79002df2c4309dbb66169 (patch) | |
tree | 5b37b7fcdf454ff73cad874e32fcf6e0965dfc87 | |
parent | f76503aeb40e6e4702d9697a29ff38fad4a0352f (diff) | |
parent | 4f5f99875860fcc591a48647a8d5f2b15fb96c60 (diff) | |
download | gitlab-shell-a7d93b0a41ee4b087ef79002df2c4309dbb66169.tar.gz |
Merge branch 'sh-prepare-go-fips-1.19' into 'main'
Prepare for Go 1.19 FIPS support
See merge request https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/721
Merged-by: Patrick Bajao <ebajao@gitlab.com>
Approved-by: Patrick Bajao <ebajao@gitlab.com>
Approved-by: James Fargher <proglottis@gmail.com>
Reviewed-by: Patrick Bajao <ebajao@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>
-rw-r--r-- | Makefile | 12 |
1 files changed, 9 insertions, 3 deletions
@@ -8,7 +8,13 @@ BUILD_TIME := $(shell date -u +%Y%m%d.%H%M%S) BUILD_TAGS := tracer_static tracer_static_jaeger continuous_profiler_stackdriver ifeq (${FIPS_MODE}, 1) - # boringcrypto tag is added automatically by golang-fips compiler + # Go 1.19 now requires GOEXPERIMENT=boringcrypto for FIPS compilation. + # See https://github.com/golang/go/issues/51940 for more details. + BORINGCRYPTO_SUPPORT := $(shell GOEXPERIMENT=boringcrypto go version &> /dev/null; echo $$?) + ifeq ($(BORINGCRYPTO_SUPPORT), 0) + GOBUILD_ENV=GOEXPERIMENT=boringcrypto + endif + BUILD_TAGS += fips # If the golang-fips compiler is built with CGO_ENABLED=0, this needs to be # explicitly switched on. @@ -60,10 +66,10 @@ _script_install: compile: bin/gitlab-shell bin/gitlab-sshd bin/gitlab-shell: $(GO_SOURCES) - GOBIN="$(CURDIR)/bin" go install $(GOBUILD_FLAGS) ./cmd/... + GOBIN="$(CURDIR)/bin" $(GOBUILD_ENV) go install $(GOBUILD_FLAGS) ./cmd/... bin/gitlab-sshd: $(GO_SOURCES) - GOBIN="$(CURDIR)/bin" go install $(GOBUILD_FLAGS) ./cmd/gitlab-sshd + GOBIN="$(CURDIR)/bin" $(GOBUILD_ENV) go install $(GOBUILD_FLAGS) ./cmd/gitlab-sshd check: bin/check |