From ead93e9f2677a63c383526b34b2f3e1e5609a3ee Mon Sep 17 00:00:00 2001 From: Nuno Diegues Date: Mon, 3 Jan 2022 18:39:08 +0000 Subject: [PATCH] TUN-5551: Internally published debian artifacts are now named just cloudflared even though they are FIPS compliant This way we will force the adoption of FIPS compliant cloudflared without having to handle the transition for systems that already have it installed (since we were previously using new artifacts with fips suffix) nor without having to segregate the resulting binary name (since we were always generating a binary just called cloudflared from the unpacked debian archive to avoid having to change any automation that assumes the binary to be called just that). --- Makefile | 14 +++++++------- cfsetup.yaml | 6 ++++-- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index 2877c8d9..11ecbc74 100644 --- a/Makefile +++ b/Makefile @@ -3,15 +3,19 @@ MSI_VERSION := $(shell git tag -l --sort=v:refname | grep "w" | tail -1 | cut #MSI_VERSION expects the format of the tag to be: (wX.X.X). Starts with the w character to not break cfsetup. #e.g. w3.0.1 or w4.2.10. It trims off the w character when creating the MSI. -ifeq ($(FIPS), true) +ifeq ($(ORIGINAL_NAME), true) + # Used for builds that want FIPS compilation but want the artifacts generated to still have the original name. + BINARY_NAME := cloudflared +else ifeq ($(FIPS), true) + # Used for FIPS compliant builds that do not match the case above. BINARY_NAME := cloudflared-fips else + # Used for all other (non-FIPS) builds. BINARY_NAME := cloudflared endif ifeq ($(NIGHTLY), true) - # We do not release FIPS in NIGHTLY, so no need to consider that case here. - DEB_PACKAGE_NAME := cloudflared-nightly + DEB_PACKAGE_NAME := $(BINARY_NAME)-nightly NIGHTLY_FLAGS := --conflicts cloudflared --replaces cloudflared else DEB_PACKAGE_NAME := $(BINARY_NAME) @@ -157,10 +161,6 @@ endef cloudflared-deb: cloudflared $(call build_package,deb) -.PHONY: cloudflared-internal-deb -cloudflared-internal-deb: cloudflared-deb - bash -c 'for f in cloudflared-fips_*.deb; do mv -- "$$f" "$${f/-fips/}"; done' - .PHONY: cloudflared-rpm cloudflared-rpm: cloudflared $(call build_package,rpm) diff --git a/cfsetup.yaml b/cfsetup.yaml index 4953e31a..f8e019be 100644 --- a/cfsetup.yaml +++ b/cfsetup.yaml @@ -93,7 +93,8 @@ stretch: &stretch - export GOOS=linux - export GOARCH=amd64 - export FIPS=true - - make cloudflared-internal-deb + - export ORIGINAL_NAME=true + - make cloudflared-deb build-fips-internal-deb-nightly: build_dir: *build_dir builddeps: *build_fips_deb_deps @@ -102,7 +103,8 @@ stretch: &stretch - export GOARCH=amd64 - export NIGHTLY=true - export FIPS=true - - make cloudflared-internal-deb + - export ORIGINAL_NAME=true + - make cloudflared-deb build-deb-arm64: build_dir: *build_dir builddeps: *build_deb_deps