Uploaded image for project: 'Secret Store CSI for Red Hat OpenShift'
  1. Secret Store CSI for Red Hat OpenShift
  2. SSCSI-98

As a developer, I want to ensure downstream SSCSI container images are built with FIPS compliance

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • 5
    • False
    • Hide

      None

      Show
      None
    • False
    • OAPE Sprint 271
    • 1

      As a developer, I want to ensure that downstream SSCSI container images are built with FIPS compliance

        • Use ART's builder and base image  [We're already using that] 
        • CGO_ENABLED=1
        • GOFLAGS="-tags=strictfipsruntime"
        • GOEXPERIMENT=strictfipsruntime
        • Exclude any of  -ldflags '-extldflags "-static"' as dynamic linking cannot honor those linker flags

       

       

      Note: In https://github.com/openshift/secrets-store-csi-driver-operator/blob/main/Makefile we are using github.com/openshift/build-machinery-go. So, there is no direct access of make build unlike SSCSI Driver where make build is directly configurable.

              rh-ee-ckyal Chirag Kyal
              rh-ee-ckyal Chirag Kyal
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: