Browse Source

TUN-5551: Change internally published debian package to be FIPS compliant

This changes existing Makefile targets to make it obvious that they are
used to publish debian packages for internal Cloudflare usage. Those are
now FIPS compliant, with no alternative provided. This only affects amd64
builds (and we only publish internally for Linux).

This new Makefile target is used by all internal builds (including nightly
that is used for e2e tests).

Note that this Makefile target renames the artifact to be just `cloudflared`
so that this is used "as is" internally, without expecting people to opt-in
to the new `cloudflared-fips` package (as we are giving them no alternative).
pull/561/head
Nuno Diegues 5 months ago
parent
commit
01ad2785ee
  1. 4
      Makefile
  2. 13
      cfsetup.yaml

4
Makefile

@ -156,6 +156,10 @@ endef
cloudflared-deb: cloudflared
$(call build_package,deb)
.PHONY: cloudflared-internal-deb
cloudflared-internal-deb: cloudflared-deb
bash -c 'for f in cloudflared-fips_*.deb; do mv -- "$$f" "$${f/-fips/}"; done'
.PHONY: cloudflared-rpm
cloudflared-rpm: cloudflared
$(call build_package,rpm)

13
cfsetup.yaml

@ -82,9 +82,9 @@ stretch: &stretch
- export GOOS=linux
- export GOARCH=amd64
- make cloudflared-deb
build-fips-deb:
build-fips-internal-deb:
build_dir: *build_dir
builddeps:
builddeps: &build_fips_deb_deps
- *pinned_go_fips
- build-essential
- fakeroot
@ -93,15 +93,16 @@ stretch: &stretch
- export GOOS=linux
- export GOARCH=amd64
- export FIPS=true
- make cloudflared-deb
build-deb-nightly:
- make cloudflared-internal-deb
build-fips-internal-deb-nightly:
build_dir: *build_dir
builddeps: *build_deb_deps
builddeps: *build_fips_deb_deps
post-cache:
- export GOOS=linux
- export GOARCH=amd64
- export NIGHTLY=true
- make cloudflared-deb
- export FIPS=true
- make cloudflared-internal-deb
build-deb-arm64:
build_dir: *build_dir
builddeps: *build_deb_deps

Loading…
Cancel
Save