Uploaded image for project: 'OpenShift Windows Containers'
  1. OpenShift Windows Containers
  2. WINC-1351

Fix WMCO/WICD's go build command to FIPS compliant

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • 3
    • False
    • None
    • False
    • WINC - Sprint 263

      Description

      This story is specific to the build command we use for our operator in build.sh. It must be reworked in 3 ways to be FIPS compliant

      • flip CGO_ENABLED flag to 1 in build.sh
      • Ensure build environment variables are as expected GOFLAGS="-tags=strictfipsruntime,openssl ..." and GOEXPERIMENT=strictfipsruntime
      • Exclude any of  -ldflags '-extldflags "-static"' as dynamic linking cannot honor those linker flags. This will be slightly more involved as we will have to find an alternate way of providing the WMCO version to the build command. Some ideas are
        • moving to storing the version info in a config file and reading from it in version.go
        • ussing //go:embed to populate the version var

      Acceptance Criteria

      Build command has required env vars and does not have non-FIPS compatible flags

              rh-ee-mankulka Mansi Kulkarni
              mohashai Mohammad Shaikh
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: