TUN-5551: Change internally published debian package to be FIPS compliant

This changes existing Makefile targets to make it obvious that they are
used to publish debian packages for internal Cloudflare usage. Those are
now FIPS compliant, with no alternative provided. This only affects amd64
builds (and we only publish internally for Linux).

This new Makefile target is used by all internal builds (including nightly
that is used for e2e tests).

Note that this Makefile target renames the artifact to be just `cloudflared`
so that this is used "as is" internally, without expecting people to opt-in
to the new `cloudflared-fips` package (as we are giving them no alternative).
This commit is contained in:
Nuno Diegues 2021-12-27 19:41:56 +00:00
parent 6822e4f8ab
commit 01ad2785ee
2 changed files with 11 additions and 6 deletions

View File

@ -156,6 +156,10 @@ endef
cloudflared-deb: cloudflared
$(call build_package,deb)
.PHONY: cloudflared-internal-deb
cloudflared-internal-deb: cloudflared-deb
bash -c 'for f in cloudflared-fips_*.deb; do mv -- "$$f" "$${f/-fips/}"; done'
.PHONY: cloudflared-rpm
cloudflared-rpm: cloudflared
$(call build_package,rpm)

View File

@ -82,9 +82,9 @@ stretch: &stretch
- export GOOS=linux
- export GOARCH=amd64
- make cloudflared-deb
build-fips-deb:
build-fips-internal-deb:
build_dir: *build_dir
builddeps:
builddeps: &build_fips_deb_deps
- *pinned_go_fips
- build-essential
- fakeroot
@ -93,15 +93,16 @@ stretch: &stretch
- export GOOS=linux
- export GOARCH=amd64
- export FIPS=true
- make cloudflared-deb
build-deb-nightly:
- make cloudflared-internal-deb
build-fips-internal-deb-nightly:
build_dir: *build_dir
builddeps: *build_deb_deps
builddeps: *build_fips_deb_deps
post-cache:
- export GOOS=linux
- export GOARCH=amd64
- export NIGHTLY=true
- make cloudflared-deb
- export FIPS=true
- make cloudflared-internal-deb
build-deb-arm64:
build_dir: *build_dir
builddeps: *build_deb_deps