Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIPS Build #6565

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

FIPS Build #6565

wants to merge 4 commits into from

Conversation

michel-laterman
Copy link
Contributor

What does this PR do?

Adds FIPS env var to magefile to enable FIPS compliant builds using the microsoft/go toolchain.

This PR will not be sufficient to ensure that every artifact made with these changes are compliant, we still need to verify our crypto use.

Why is it important?

FIPS artifacts must be built with compliant toolchains.

Checklist

  • I have read and understood the pull request guidelines of this project.
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
  • I have added an integration test or an E2E test

Disruptive User Impact

None

How to test this PR locally

Assuming microsoft go is available, run FIPS=true mage build:binary

@michel-laterman michel-laterman added Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team technical debt labels Jan 22, 2025
@mergify Mergify
Copy link
Contributor

mergify bot commented Jan 22, 2025

This pull request does not have a backport label. Could you fix it @michel-laterman? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-./d./d is the label to automatically backport to the 8./d branch. /d is the digit

@mergify Mergify
Copy link
Contributor

mergify bot commented Jan 22, 2025

backport-v8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label and remove the backport-8.x label.

@mergify mergify bot added the backport-8.x Automated backport to the 8.x branch with mergify label Jan 22, 2025
@michel-laterman michel-laterman mentioned this pull request Jan 22, 2025
Open
4 tasks
@michel-laterman michel-laterman marked this pull request as ready for review February 12, 2025 18:05
@michel-laterman michel-laterman requested a review from a team as a code owner February 12, 2025 18:05
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@cmacknz
Copy link
Member

cmacknz commented Feb 12, 2025

This should come with a test that the binary we produce actually works, ideally one that can confirm it properly uses the FIPS OpenSSL in the expected way.

You'll also need to update CI to actually build the FIPS variant, the package steps for testing are in

elastic-agent/.buildkite/integration.pipeline.yml

Line 8 in a29af64

- group: "Integration tests: packaging"
right now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrzej-stencel andrzej-stencel Awaiting requested review from andrzej-stencel andrzej-stencel is a code owner automatically assigned from elastic/elastic-agent-control-plane

@swiatekm swiatekm Awaiting requested review from swiatekm swiatekm is a code owner automatically assigned from elastic/elastic-agent-control-plane

At least 1 approving review is required to merge this pull request.

Assignees

@michel-laterman michel-laterman

Labels
backport-8.x Automated backport to the 8.x branch with mergify Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team technical debt
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@michel-laterman @elasticmachine @cmacknz