TUN-3826: Use go-fips when building cloudflared for linux/amd64

This commit is contained in:
Areg Harutyunyan 2021-01-28 16:10:19 +00:00
parent b72ee69eef
commit 7221d7e69e
3 changed files with 29 additions and 9 deletions

View File

@ -1,10 +1,17 @@
VERSION := $(shell git describe --tags --always --dirty="-dev" --match "[0-9][0-9][0-9][0-9].*.*") VERSION := $(shell git describe --tags --always --dirty="-dev" --match "[0-9][0-9][0-9][0-9].*.*")
DATE := $(shell date -u '+%Y-%m-%d-%H%M UTC')
VERSION_FLAGS := -ldflags='-X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)"'
MSI_VERSION := $(shell git tag -l --sort=v:refname | grep "w" | tail -1 | cut -c2-) MSI_VERSION := $(shell git tag -l --sort=v:refname | grep "w" | tail -1 | cut -c2-)
#MSI_VERSION expects the format of the tag to be: (wX.X.X). Starts with the w character to not break cfsetup. #MSI_VERSION expects the format of the tag to be: (wX.X.X). Starts with the w character to not break cfsetup.
#e.g. w3.0.1 or w4.2.10. It trims off the w character when creating the MSI. #e.g. w3.0.1 or w4.2.10. It trims off the w character when creating the MSI.
ifeq ($(FIPS), true)
GO_BUILD_TAGS := "$(GO_BUILD_TAGS) fips"
VERSION := $(VERSION)-fips
MSI_VERSION := $(MSI_VERSION)-fips
endif
DATE := $(shell date -u '+%Y-%m-%d-%H%M UTC')
VERSION_FLAGS := -ldflags='-X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)"'
IMPORT_PATH := github.com/cloudflare/cloudflared IMPORT_PATH := github.com/cloudflare/cloudflared
PACKAGE_DIR := $(CURDIR)/packaging PACKAGE_DIR := $(CURDIR)/packaging
INSTALL_BINDIR := /usr/bin/ INSTALL_BINDIR := /usr/bin/
@ -71,7 +78,7 @@ clean:
.PHONY: cloudflared .PHONY: cloudflared
cloudflared: tunnel-deps cloudflared: tunnel-deps
GOOS=$(TARGET_OS) GOARCH=$(TARGET_ARCH) go build -v -mod=vendor $(VERSION_FLAGS) $(IMPORT_PATH)/cmd/cloudflared GOOS=$(TARGET_OS) GOARCH=$(TARGET_ARCH) go build -v -mod=vendor -tags $(GO_BUILD_TAGS) $(VERSION_FLAGS) $(IMPORT_PATH)/cmd/cloudflared
.PHONY: container .PHONY: container
container: container:

View File

@ -1,26 +1,30 @@
pinned_go: &pinned_go go=1.15.7-1 pinned_go: &pinned_go go=1.15.7-1
pinned_go_fips: &pinned_go_fips go-fips=1.15.5-3
build_dir: &build_dir /cfsetup_build build_dir: &build_dir /cfsetup_build
default-flavor: buster default-flavor: buster
stretch: &stretch stretch: &stretch
build: build:
build_dir: *build_dir build_dir: *build_dir
builddeps: builddeps:
- *pinned_go - *pinned_go_fips
- build-essential - build-essential
post-cache: post-cache:
- export GOOS=linux - export GOOS=linux
- export GOARCH=amd64 - export GOARCH=amd64
- export GO_BUILD_TAGS=fips
- make cloudflared - make cloudflared
build-deb: build-deb:
build_dir: *build_dir build_dir: *build_dir
builddeps: builddeps:
- *pinned_go - *pinned_go_fips
- build-essential - build-essential
- fakeroot - fakeroot
- rubygem-fpm - rubygem-fpm
post-cache: post-cache:
- export GOOS=linux - export GOOS=linux
- export GOARCH=amd64 - export GOARCH=amd64
- export GO_BUILD_TAGS=fips
- make cloudflared-deb - make cloudflared-deb
build-deb-arm64: build-deb-arm64:
build_dir: *build_dir build_dir: *build_dir
@ -36,7 +40,7 @@ stretch: &stretch
publish-deb: publish-deb:
build_dir: *build_dir build_dir: *build_dir
builddeps: builddeps:
- *pinned_go - *pinned_go_fips
- build-essential - build-essential
- fakeroot - fakeroot
- rubygem-fpm - rubygem-fpm
@ -44,20 +48,22 @@ stretch: &stretch
post-cache: post-cache:
- export GOOS=linux - export GOOS=linux
- export GOARCH=amd64 - export GOARCH=amd64
- export GO_BUILD_TAGS=fips
- make publish-deb - make publish-deb
release-linux-amd64: release-linux-amd64:
build_dir: *build_dir build_dir: *build_dir
builddeps: builddeps:
- *pinned_go - *pinned_go_fips
- build-essential - build-essential
post-cache: post-cache:
- export GOOS=linux - export GOOS=linux
- export GOARCH=amd64 - export GOARCH=amd64
- export GO_BUILD_TAGS=fips
- make release - make release
github-release-linux-amd64: github-release-linux-amd64:
build_dir: *build_dir build_dir: *build_dir
builddeps: builddeps:
- *pinned_go - *pinned_go_fips
- build-essential - build-essential
- python3-setuptools - python3-setuptools
- python3-pip - python3-pip
@ -66,6 +72,7 @@ stretch: &stretch
post-cache: post-cache:
- export GOOS=linux - export GOOS=linux
- export GOARCH=amd64 - export GOARCH=amd64
- export GO_BUILD_TAGS=fips
- make github-release - make github-release
release-linux-armv6: release-linux-armv6:
build_dir: *build_dir build_dir: *build_dir
@ -185,11 +192,12 @@ stretch: &stretch
test: test:
build_dir: *build_dir build_dir: *build_dir
builddeps: builddeps:
- *pinned_go - *pinned_go_fips
- build-essential - build-essential
post-cache: post-cache:
- export GOOS=linux - export GOOS=linux
- export GOARCH=amd64 - export GOARCH=amd64
- export GO_BUILD_TAGS=fips
# cd to a non-module directory: https://github.com/golang/go/issues/24250 # cd to a non-module directory: https://github.com/golang/go/issues/24250
- (cd / && go get github.com/BurntSushi/go-sumtype) - (cd / && go get github.com/BurntSushi/go-sumtype)
- export PATH="$HOME/go/bin:$PATH" - export PATH="$HOME/go/bin:$PATH"

5
cmd/cloudflared/fips.go Normal file
View File

@ -0,0 +1,5 @@
// +build fips
package main
import _ "crypto/tls/fipsonly"