Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x](backport #4318) FIPS compliant builds #4342

Merged
merged 2 commits into from
Jan 20, 2025
Merged

[8.x](backport #4318) FIPS compliant builds #4342

merged 2 commits into from
Jan 20, 2025

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Jan 17, 2025

What is the problem this PR solves?

Add ability to make FIPS compliant builds when FIPS=true is specified.

How does this PR solve the problem?

Specifying FIPS=true will change the following:

  • PLATFORMS will default to linux/amd64 linux/arm64
  • make local, make release-* - Binary will be build with -tags=fipsrequired and GOEXPERIMENT=systemcrypto
  • make build-releaser - chaingaurd microsoft go image will be used as base
  • make multipass - microsoft's go toolchain will be downloaded and installed to VM

How to test this PR locally

Design Checklist

  • I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
  • I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
  • I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.

Checklist

  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool

Related issues

This is an automatic backport of pull request #4318 done by [Mergify](https://mergify.com).

@michel-laterman @mergify
FIPS compliant builds (#4318)
3b072a4 
Add FIPS env flag to enable FIPS mode.
FIPS=true will change the following:
- PLATFORMS will default to linux/amd64 linux/arm64
- make local, make release-* - Binary will be build with -tags=fipsrequired and GOEXPERIMENT=systemcrypto
- make build-releaser - chaingaurd microsoft go image will be used as base
- make multipass - microsoft's go toolchain will be downloaded and installed to VM

(cherry picked from commit f1c29b9)

# Conflicts:
#	Makefile
#	dev-tools/multipass-cloud-init.yml
@mergify mergify bot added the backport label Jan 17, 2025
@mergify mergify bot requested a review from a team as a code owner January 17, 2025 17:51
@mergify mergify bot added the conflicts There is a conflict in the backported pull request label Jan 17, 2025
@mergify mergify bot requested review from michalpristas and pchila January 17, 2025 17:51
@mergify Mergify
Copy link
Contributor Author

mergify bot commented Jan 17, 2025

Cherry-pick of f1c29b9 has failed:

On branch mergify/bp/8.x/pr-4318
Your branch is up to date with 'origin/8.x'.

You are currently cherry-picking commit f1c29b9.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   .buildkite/scripts/test-release.sh
	new file:   Dockerfile.fips
	new file:   docs/fips.md

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   Makefile
	both modified:   dev-tools/multipass-cloud-init.yml

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@github-actions github-actions bot added enhancement New feature or request Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team labels Jan 17, 2025
@mergify Mergify
Copy link
Contributor Author

mergify bot commented Jan 20, 2025

This pull request has not been merged yet. Could you please review and merge it @michel-laterman? 🙏

@pkoutsovasilis
Copy link

@michel-laterman could please take of the git conflicts? 🙂

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
4 Security Hotspots

See analysis details on SonarQube

@michel-laterman michel-laterman merged commit bcfe7a5 into 8.x Jan 20, 2025
7 of 8 checks passed
@michel-laterman michel-laterman deleted the mergify/bp/8.x/pr-4318 branch January 20, 2025 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlind23 jlind23 jlind23 approved these changes

@michalpristas michalpristas Awaiting requested review from michalpristas michalpristas is a code owner automatically assigned from elastic/elastic-agent-control-plane

@pchila pchila Awaiting requested review from pchila pchila is a code owner automatically assigned from elastic/elastic-agent-control-plane

Assignees

@michel-laterman michel-laterman

Labels
backport conflicts There is a conflict in the backported pull request enhancement New feature or request Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pkoutsovasilis @jlind23 @michel-laterman