8ec8900d31
Why I did it Support OpenSSL FIPS 140-3, see design doc: https://github.com/Azure/SONiC/blob/master/doc/fips/SONiC-OpenSSL-FIPS-140-3.md. How I did it Install the fips packages. To build the fips packages, see https://github.com/Azure/sonic-fips Azure pipelines: https://dev.azure.com/mssonic/build/_build?definitionId=412 How to verify it Validate the SymCrypt engine: admin@sonic:~$ dpkg-query -W | grep openssl openssl 1.1.1k-1+deb11u1+fips symcrypt-openssl 0.1 admin@sonic:~$ openssl engine -v | grep -i symcrypt (symcrypt) SCOSSL (SymCrypt engine for OpenSSL) admin@sonic:~$
22 lines
638 B
Makefile
22 lines
638 B
Makefile
# Docker base image (based on Debian Bullseye)
|
|
|
|
DOCKER_BASE_BULLSEYE = docker-base-bullseye.gz
|
|
$(DOCKER_BASE_BULLSEYE)_PATH = $(DOCKERS_PATH)/docker-base-bullseye
|
|
|
|
$(DOCKER_BASE_BULLSEYE)_DEPENDS += $(SOCAT)
|
|
|
|
GDB = gdb
|
|
GDBSERVER = gdbserver
|
|
VIM = vim
|
|
OPENSSH = openssh-client
|
|
SSHPASS = sshpass
|
|
STRACE = strace
|
|
|
|
ifeq ($(ENABLE_FIPS_FEATURE), y)
|
|
$(DOCKER_BASE_BULLSEYE)_DEPENDS += $(FIPS_OPENSSL_LIBSSL) $(FIPS_OPENSSL_LIBSSL_DEV) $(FIPS_OPENSSL) $(SYMCRYPT_OPENSSL) $(FIPS_KRB5)
|
|
endif
|
|
|
|
$(DOCKER_BASE_BULLSEYE)_DBG_IMAGE_PACKAGES += $(GDB) $(GDBSERVER) $(VIM) $(OPENSSH) $(SSHPASS) $(STRACE)
|
|
|
|
SONIC_DOCKER_IMAGES += $(DOCKER_BASE_BULLSEYE)
|