[Build] Change the build option from ENABLE_FIPS_FEATURE to INCLUDE_FIPS (#15758)
Why I did it [Build] Change the build option from ENABLE_FIPS_FEATURE to INCLUDE_FIPS Work item tracking Microsoft ADO (number only): 24485797 How I did it
This commit is contained in:
xumia
GitHub
parent
b3e59106a1
commit
30959ec901
@ -176,13 +176,13 @@ DOCKER_ROOT = $(PWD)/fsroot.docker.$(BLDENV)
|
||||
|
||||
# Support FIPS feature, armhf not supported yet
|
||||
ifeq ($(PLATFORM_ARCH),armhf)
|
||||
ENABLE_FIPS_FEATURE := n
|
||||
INCLUDE_FIPS := n
|
||||
ENABLE_FIPS := n
|
||||
endif
|
||||
|
||||
ifeq ($(ENABLE_FIPS_FEATURE), n)
|
||||
ifeq ($(INCLUDE_FIPS), n)
|
||||
ifeq ($(ENABLE_FIPS), y)
|
||||
$(error Cannot set fips config ENABLE_FIPS=y when ENABLE_FIPS_FEATURE=n)
|
||||
$(error Cannot set fips config ENABLE_FIPS=y when INCLUDE_FIPS=n)
|
||||
endif
|
||||
endif
|
||||
|
||||
@ -209,7 +209,7 @@ $(shell \
|
||||
$(shell CONFIGURED_ARCH=$(CONFIGURED_ARCH) \
|
||||
MULTIARCH_QEMU_ENVIRON=$(MULTIARCH_QEMU_ENVIRON) \
|
||||
CROSS_BUILD_ENVIRON=$(CROSS_BUILD_ENVIRON) \
|
||||
ENABLE_FIPS_FEATURE=$(ENABLE_FIPS_FEATURE) \
|
||||
INCLUDE_FIPS=$(INCLUDE_FIPS) \
|
||||
DOCKER_EXTRA_OPTS=$(DOCKER_EXTRA_OPTS) \
|
||||
DEFAULT_CONTAINER_REGISTRY=$(DEFAULT_CONTAINER_REGISTRY) \
|
||||
GZ_COMPRESS_PROGRAM=$(GZ_COMPRESS_PROGRAM) \
|
||||
@ -559,7 +559,7 @@ SONIC_BUILD_INSTRUCTION := $(MAKE) \
|
||||
ENABLE_ASAN=$(ENABLE_ASAN) \
|
||||
SONIC_INCLUDE_BOOTCHART=$(INCLUDE_BOOTCHART) \
|
||||
SONIC_ENABLE_BOOTCHART=$(ENABLE_BOOTCHART) \
|
||||
ENABLE_FIPS_FEATURE=$(ENABLE_FIPS_FEATURE) \
|
||||
INCLUDE_FIPS=$(INCLUDE_FIPS) \
|
||||
ENABLE_FIPS=$(ENABLE_FIPS) \
|
||||
SONIC_SLAVE_DOCKER_DRIVER=$(SONIC_SLAVE_DOCKER_DRIVER) \
|
||||
MIRROR_URLS=$(MIRROR_URLS) \
|
||||
|
||||
@ -286,9 +286,9 @@ INCLUDE_BOOTCHART = y
|
||||
# ENABLE_BOOTCHART - whether to enable systemd-bootchart on boot
|
||||
ENABLE_BOOTCHART = n
|
||||
|
||||
# ENABLE_FIPS_FEATURE - support FIPS feature, only for amd64 or arm64, armhf not supported yet
|
||||
# INCLUDE_FIPS - support FIPS feature, only for amd64 or arm64, armhf not supported yet
|
||||
# ENABLE_FIPS - support FIPS flag, if enabled, no additional config requred for the image to support FIPS
|
||||
ENABLE_FIPS_FEATURE ?= y
|
||||
INCLUDE_FIPS ?= y
|
||||
ENABLE_FIPS ?= n
|
||||
|
||||
# SONIC_SLAVE_DOCKER_DRIVER - set the sonic slave docker storage driver
|
||||
|
||||
@ -12,7 +12,7 @@ OPENSSH = openssh-client
|
||||
SSHPASS = sshpass
|
||||
STRACE = strace
|
||||
|
||||
ifeq ($(ENABLE_FIPS_FEATURE), y)
|
||||
ifeq ($(INCLUDE_FIPS), y)
|
||||
$(DOCKER_BASE_BULLSEYE)_DEPENDS += $(FIPS_OPENSSL_LIBSSL) $(FIPS_OPENSSL_LIBSSL_DEV) $(FIPS_OPENSSL) $(SYMCRYPT_OPENSSL) $(FIPS_KRB5)
|
||||
endif
|
||||
|
||||
|
||||
@ -47,7 +47,7 @@ FIPS_PACKAGE_ALL = $(SYMCRYPT_OPENSSL) $(FIPS_DERIVED_TARGET)
|
||||
|
||||
$(foreach package,$(FIPS_DERIVED_TARGET),$(eval $(call add_extra_package,$(SYMCRYPT_OPENSSL),$(package))))
|
||||
|
||||
ifeq ($(ENABLE_FIPS_FEATURE), y)
|
||||
ifeq ($(INCLUDE_FIPS), y)
|
||||
FIPS_BASEIMAGE_INSTALLERS = $(FIPS_OPENSSL_LIBSSL) $(FIPS_OPENSSL_LIBSSL_DEV) $(FIPS_OPENSSL) $(SYMCRYPT_OPENSSL) $(FIPS_OPENSSH) $(FIPS_OPENSSH_CLIENT) $(FIPS_OPENSSH_SFTP_SERVER) $(FIPS_OPENSSH_SERVER) $(FIPS_KRB5)
|
||||
SONIC_MAKE_DEBS += $(SYMCRYPT_OPENSSL)
|
||||
endif
|
||||
|
||||
6
slave.mk
6
slave.mk
@ -353,7 +353,7 @@ endif
|
||||
export SONIC_ROUTING_STACK
|
||||
export FRR_USER_UID
|
||||
export FRR_USER_GID
|
||||
export ENABLE_FIPS_FEATURE
|
||||
export INCLUDE_FIPS
|
||||
export ENABLE_FIPS
|
||||
|
||||
###############################################################################
|
||||
@ -428,7 +428,7 @@ $(info "INCLUDE_TEAMD" : "$(INCLUDE_TEAMD)")
|
||||
$(info "INCLUDE_ROUTER_ADVERTISER" : "$(INCLUDE_ROUTER_ADVERTISER)")
|
||||
$(info "INCLUDE_BOOTCHART : "$(INCLUDE_BOOTCHART)")
|
||||
$(info "ENABLE_BOOTCHART : "$(ENABLE_BOOTCHART)")
|
||||
$(info "ENABLE_FIPS_FEATURE" : "$(ENABLE_FIPS_FEATURE)")
|
||||
$(info "INCLUDE_FIPS" : "$(INCLUDE_FIPS)")
|
||||
$(info "ENABLE_TRANSLIB_WRITE" : "$(ENABLE_TRANSLIB_WRITE)")
|
||||
$(info "ENABLE_NATIVE_WRITE" : "$(ENABLE_NATIVE_WRITE)")
|
||||
$(info "ENABLE_AUTO_TECH_SUPPORT" : "$(ENABLE_AUTO_TECH_SUPPORT)")
|
||||
@ -1245,7 +1245,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
|
||||
$$(addprefix $(FILES_PATH)/,$$($$*_FILES)) \
|
||||
$(addsuffix -install,$(addprefix $(IMAGE_DISTRO_DEBS_PATH)/,$(DEBOOTSTRAP))) \
|
||||
$(if $(findstring y,$(ENABLE_ZTP)),$(addprefix $(IMAGE_DISTRO_DEBS_PATH)/,$(SONIC_ZTP))) \
|
||||
$(if $(findstring y,$(ENABLE_FIPS_FEATURE)),$(addprefix $(IMAGE_DISTRO_DEBS_PATH)/,$(SYMCRYPT_OPENSSL))) \
|
||||
$(if $(findstring y,$(INCLUDE_FIPS)),$(addprefix $(IMAGE_DISTRO_DEBS_PATH)/,$(SYMCRYPT_OPENSSL))) \
|
||||
$(addprefix $(PYTHON_WHEELS_PATH)/,$(SONIC_UTILITIES_PY3)) \
|
||||
$(addprefix $(PYTHON_WHEELS_PATH)/,$(SONIC_PY_COMMON_PY2)) \
|
||||
$(addprefix $(PYTHON_WHEELS_PATH)/,$(SONIC_PY_COMMON_PY3)) \
|
||||
|
||||
@ -468,7 +468,7 @@ RUN apt-get install -y kernel-wedge
|
||||
|
||||
# For gobgp and telemetry build
|
||||
RUN apt-get install -y golang-1.15 && ln -s /usr/lib/go-1.15 /usr/local/go
|
||||
{%- if ENABLE_FIPS_FEATURE == "y" %}
|
||||
{%- if INCLUDE_FIPS == "y" %}
|
||||
RUN wget -O golang-go.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bullseye/0.1/{{ CONFIGURED_ARCH }}/golang-1.15-go_1.15.15-1~deb11u4%2Bfips_{{ CONFIGURED_ARCH }}.deb' \
|
||||
&& wget -O golang-src.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bullseye/0.1/{{ CONFIGURED_ARCH }}/golang-1.15-src_1.15.15-1~deb11u4%2Bfips_{{ CONFIGURED_ARCH }}.deb' \
|
||||
&& dpkg -i golang-go.deb golang-src.deb \
|
||||
|
||||
Loading…
Reference in New Issue
Block a user