From 123166e45a269dbd532784a4656782806dcc1c30 Mon Sep 17 00:00:00 2001 From: zulfilee Date: Tue, 27 Jun 2023 13:19:39 +0000 Subject: [PATCH] Fips changes for Static Linking --- Dockerfile | 9 +++++++-- Makefile | 5 ++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index d466bd57..dc759a5f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ FROM golang:1.21.4-alpine3.18 as dev ARG CRYPTO_LIB ENV GOEXPERIMENT=${CRYPTO_LIB:+boringcrypto} -RUN apk add --no-cache git ca-certificates make +RUN apk add --no-cache git ca-certificates make gcc g++ RUN adduser -D appuser COPY . /src/ WORKDIR /src @@ -13,7 +13,12 @@ WORKDIR /src ENV GO111MODULE=on RUN --mount=type=cache,sharing=locked,id=gomod,target=/go/pkg/mod/cache \ --mount=type=cache,sharing=locked,id=goroot,target=/root/.cache/go-build \ - CGO_ENABLED=0 GOOS=linux make build + if [ ${CRYPTO_LIB} ]; \ + then \ + CGO_ENABLED=1 FIPS_ENABLE=yes GOOS=linux make build ;\ + else \ + CGO_ENABLED=0 GOOS=linux make build ;\ + fi FROM scratch # Add Certificates into the image, for anything that does API calls diff --git a/Makefile b/Makefile index ee43ad96..8cebc877 100644 --- a/Makefile +++ b/Makefile @@ -24,6 +24,9 @@ TARGETOS=linux # Use linker flags to provide version/build settings to the target LDFLAGS=-ldflags "-s -w -X=main.Version=$(VERSION) -X=main.Build=$(BUILD) -extldflags -static" +ifeq ($(FIPS_ENABLE),yes) + LDFLAGS=-ldflags "-s -w -X=main.Version=$(VERSION) -X=main.Build=$(BUILD) -linkmode=external -extldflags -static" +endif DOCKERTAG ?= $(VERSION) REPOSITORY ?= plndr @@ -84,7 +87,7 @@ dockerx86: docker: @-rm ./kube-vip - @docker buildx build --build-arg CRYPTO_LIB=${FIPS_ENABLE} --platform linux/amd64 --push -t ${IMG} . + @docker buildx build --build-arg CRYPTO_LIB=${FIPS_ENABLE} --push --platform linux/amd64 -t ${IMG} . @echo New Multi Architecture Docker image created ## Local (docker load of images)