Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.18](backport #4472) Fix docker image build for FIPS variants #4502

Merged
merged 1 commit into from
Feb 21, 2025
Merged

[8.18](backport #4472) Fix docker image build for FIPS variants #4502

merged 1 commit into from
Feb 21, 2025
+196 −40

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Feb 20, 2025

What is the problem this PR solves?

Multiple -tags= flags are used if FIPS and SNAPSHOT are set.
Correct the resulting docker image that's created when FIPS is used.
Add fips e2e test that verifies a binary.

How does this PR solve the problem?

Merge tags used for all go build commands into a comma separated list.
Change resulting docker base image to a fips enabled one.
Add e2e test that will run after a FIPS binary has been compiled, test will use go version to ensure the go binary has the expected FIPS indicators (build tag and expriement), and will check the binary's symbols (if present) for OpenSSL_version.

Design Checklist

  • I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
  • I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
  • I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.

Checklist

  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
    This is an automatic backport of pull request Fix docker image build for FIPS variants #4472 done by Mergify.

@michel-laterman @mergify
Fix docker image build for FIPS variants (#4472)
ace1936 
Fix multiple -tags= flags occurances.
Correct the resulting docker image that's created when FIPS is used.
Add fips e2e test that verifies a binary.

(cherry picked from commit c83472b)
@mergify mergify bot requested a review from a team as a code owner February 20, 2025 18:11
@mergify mergify bot added the backport label Feb 20, 2025
@elastic-sonarqube Elastic SonarQube
Copy link

elastic-sonarqube bot commented Feb 20, 2025
edited
Loading

Quality Gate passed Quality Gate passed

Issues
1 New issue
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@jlind23 jlind23 merged commit c8ac56c into 8.18 Feb 21, 2025
8 of 9 checks passed
@jlind23 jlind23 deleted the mergify/bp/8.18/pr-4472 branch February 21, 2025 06:46
@github-actions github-actions bot added Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team tech debt labels Feb 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michel-laterman michel-laterman michel-laterman approved these changes

@andrzej-stencel andrzej-stencel Awaiting requested review from andrzej-stencel andrzej-stencel is a code owner automatically assigned from elastic/elastic-agent-control-plane

Assignees

@michel-laterman michel-laterman

Labels
backport Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team tech debt
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@michel-laterman @jlind23