Skip to content

Commit

Permalink
*: support FIPS build (#5397) (#5401) (#5510)
Browse files Browse the repository at this point in the history
  • Loading branch information
@overvenus
overvenus authored Jan 10, 2024
1 parent 2802a08 commit cb20f33
Show file tree
Hide file tree
Showing 12 changed files with 77 additions and 2 deletions.
8 changes: 6 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,13 @@ endif
export GO111MODULE := on
GOOS ?= linux
GOARCH ?= $(shell go env GOARCH)
GOENV := CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(GOARCH)
GOENV := GOOS=$(GOOS) GOARCH=$(GOARCH)
GO := $(GOENV) go
GO_BUILD := $(GO) build -trimpath
ifeq ("${ENABLE_FIPS}", "1")
GO_BUILD := GOEXPERIMENT=boringcrypto CGO_ENABLED=1 $(GO) build -trimpath -tags boringcrypto
else
GO_BUILD := CGO_ENABLED=0 $(GO) build -trimpath
endif
GO_SUBMODULES = github.com/pingcap/tidb-operator/pkg/apis github.com/pingcap/tidb-operator/pkg/client
GO_SUBMODULE_DIRS = pkg/apis pkg/client

Expand Down
3 changes: 3 additions & 0 deletions cmd/admission-webhook/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ import (
"github.com/pingcap/tidb-operator/pkg/webhook/strategy"
"k8s.io/component-base/logs"
"k8s.io/klog/v2"

// Enable FIPS when necessary
_ "github.com/pingcap/tidb-operator/pkg/fips"
)

var (
Expand Down
3 changes: 3 additions & 0 deletions cmd/backup-manager/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ import (
"os"

"github.com/pingcap/tidb-operator/cmd/backup-manager/app"

// Enable FIPS when necessary
_ "github.com/pingcap/tidb-operator/pkg/fips"
)

func main() {
Expand Down
3 changes: 3 additions & 0 deletions cmd/br-federation-manager/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ import (
"github.com/pingcap/tidb-operator/pkg/controller/fedvolumerestore"
"github.com/pingcap/tidb-operator/pkg/metrics"
"github.com/pingcap/tidb-operator/pkg/version"

// Enable FIPS when necessary
_ "github.com/pingcap/tidb-operator/pkg/fips"
)

func main() {
Expand Down
3 changes: 3 additions & 0 deletions cmd/controller-manager/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@ import (
"k8s.io/component-base/logs"
"k8s.io/klog/v2"
"sigs.k8s.io/controller-runtime/pkg/client"

// Enable FIPS when necessary
_ "github.com/pingcap/tidb-operator/pkg/fips"
)

func main() {
Expand Down
3 changes: 3 additions & 0 deletions cmd/discovery/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ import (
"k8s.io/client-go/tools/cache"
"k8s.io/component-base/logs"
"k8s.io/klog/v2"

// Enable FIPS when necessary
_ "github.com/pingcap/tidb-operator/pkg/fips"
)

var (
Expand Down
3 changes: 3 additions & 0 deletions cmd/ebs-warmup/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ import (
"github.com/pingcap/tidb-operator/cmd/ebs-warmup/filereader"
"github.com/spf13/pflag"
"k8s.io/klog/v2"

// Enable FIPS when necessary
_ "github.com/pingcap/tidb-operator/pkg/fips"
)

var (
Expand Down
3 changes: 3 additions & 0 deletions cmd/scheduler/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ import (
"k8s.io/client-go/rest"
"k8s.io/component-base/logs"
"k8s.io/klog/v2"

// Enable FIPS when necessary
_ "github.com/pingcap/tidb-operator/pkg/fips"
)

var (
Expand Down
3 changes: 3 additions & 0 deletions cmd/tkctl/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ import (

"k8s.io/cli-runtime/pkg/genericclioptions"
"k8s.io/component-base/logs"

// Enable FIPS when necessary
_ "github.com/pingcap/tidb-operator/pkg/fips"
)

func main() {
Expand Down
28 changes: 28 additions & 0 deletions pkg/fips/fips.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
// Copyright 2023 PingCAP, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// See the License for the specific language governing permissions and
// limitations under the License.

//go:build boringcrypto
// +build boringcrypto

package fips

import (
// Restricts all TLS configuration to FIPS-approved settings
_ "crypto/tls/fipsonly"

"github.com/pingcap/tidb-operator/pkg/version"
)

func init() {
version.SetVersionSuffix("-fips")
}
14 changes: 14 additions & 0 deletions pkg/fips/nonfips.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
// Copyright 2023 PingCAP, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// See the License for the specific language governing permissions and
// limitations under the License.

package fips
5 changes: 5 additions & 0 deletions pkg/version/version.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ var (
buildDate = "1970-01-01T00:00:00Z" // build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ')
)

// SetVersionSuffix sets version suffix.
func SetVersionSuffix(suffix string) {
gitVersion += suffix
}

// PrintVersionInfo show version info to Stdout
func PrintVersionInfo() {
fmt.Printf("TiDB Operator Version: %#v\n", Get())
Expand Down

0 comments on commit cb20f33

Please sign in to comment.