Dev build/add linux arm64 fips static #1381
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Christian Kruse <[email protected]>
Signed-off-by: Christian Kruse <[email protected]>
Signed-off-by: Christian Kruse <[email protected]> do not include c++ toolchain Signed-off-by: Christian Kruse <[email protected]>
Signed-off-by: Christian Kruse <[email protected]>
Signed-off-by: Christian Kruse <[email protected]>
Signed-off-by: Christian Kruse <[email protected]>
Signed-off-by: Christian Kruse <[email protected]>
Signed-off-by: Christian Kruse <[email protected]>
Signed-off-by: c-kruse <[email protected]>
Signed-off-by: Sean Porter <[email protected]>
Signed-off-by: Sean Porter <[email protected]>
Signed-off-by: Sean Porter <[email protected]>
Signed-off-by: Sean Porter <[email protected]>
Signed-off-by: Sean Porter <[email protected]>
Signed-off-by: Sean Porter <[email protected]>
Signed-off-by: Sean Porter <[email protected]>
Signed-off-by: Sean Porter <[email protected]>
Signed-off-by: Sean Porter <[email protected]>
portertech
requested review from
amdprophet,
andrzej-stencel and
sumo-drosiek
|
We need to validate fips operation on Amazon Linux. |
Signed-off-by: Sean Porter <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Original pull-request: #1321
Closes: #1325
Background:
Our linux_amd64 FIPS binary has a required CGO dependency (boringcrypto) and is currently built as a dynamically linked executable. By contrast, our non-fips linux builds are pure go and are statically linked executables. Because of this our build infrastructure is limited, largely focused on producing a single portable static binary per target. In order to work around the system dependency introduced by dynamically linking c libraries, we have resorted to building our FIPS binary on an amazonlinux:2 container, as it has the lowest glibc version for any distribution we know of that we have agreed is necessary to support.
This change:
Future notes:
Once a native aarch64 build environment becomes available, it would be preferable to switch to using the native toolchain from alpine linux rather than building the toolchain ourselves. Let's link an issue to get that cleaned up.