From 01ad2785ee20ea432c87baf5db67b20645fa5a82 Mon Sep 17 00:00:00 2001
From: Nuno Diegues <nuno@cloudflare.com>
Date: Mon, 27 Dec 2021 19:41:56 +0000
Subject: [PATCH] TUN-5551: Change internally published debian package to be
 FIPS compliant

This changes existing Makefile targets to make it obvious that they are
used to publish debian packages for internal Cloudflare usage. Those are
now FIPS compliant, with no alternative provided. This only affects amd64
builds (and we only publish internally for Linux).

This new Makefile target is used by all internal builds (including nightly
that is used for e2e tests).

Note that this Makefile target renames the artifact to be just `cloudflared`
so that this is used "as is" internally, without expecting people to opt-in
to the new `cloudflared-fips` package (as we are giving them no alternative).
---
 Makefile     |  4 ++++
 cfsetup.yaml | 13 +++++++------
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index e6ee3c3e..5b7029f2 100644
--- a/Makefile
+++ b/Makefile
@@ -156,6 +156,10 @@ endef
 cloudflared-deb: cloudflared
 	$(call build_package,deb)
 
+.PHONY: cloudflared-internal-deb
+cloudflared-internal-deb: cloudflared-deb
+	bash -c 'for f in cloudflared-fips_*.deb; do mv -- "$$f" "$${f/-fips/}"; done'
+
 .PHONY: cloudflared-rpm
 cloudflared-rpm: cloudflared
 	$(call build_package,rpm)
diff --git a/cfsetup.yaml b/cfsetup.yaml
index 6380d459..4953e31a 100644
--- a/cfsetup.yaml
+++ b/cfsetup.yaml
@@ -82,9 +82,9 @@ stretch: &stretch
       - export GOOS=linux
       - export GOARCH=amd64
       - make cloudflared-deb
-  build-fips-deb:
+  build-fips-internal-deb:
     build_dir: *build_dir
-    builddeps:
+    builddeps: &build_fips_deb_deps
       - *pinned_go_fips
       - build-essential
       - fakeroot
@@ -93,15 +93,16 @@ stretch: &stretch
       - export GOOS=linux
       - export GOARCH=amd64
       - export FIPS=true
-      - make cloudflared-deb
-  build-deb-nightly:
+      - make cloudflared-internal-deb
+  build-fips-internal-deb-nightly:
     build_dir: *build_dir
-    builddeps: *build_deb_deps
+    builddeps: *build_fips_deb_deps
     post-cache:
       - export GOOS=linux
       - export GOARCH=amd64
       - export NIGHTLY=true
-      - make cloudflared-deb
+      - export FIPS=true
+      - make cloudflared-internal-deb
   build-deb-arm64:
     build_dir: *build_dir
     builddeps: *build_deb_deps