mirror of
https://github.com/cloudflare/cloudflared.git
synced 2025-05-09 17:36:34 +00:00
70e675f42c
This is a cherry-pick of 157f5d1412
followed by build/CI changes so that amd64/linux FIPS compliance is
provided by new/separate binaries/artifacts/packages.
The reasoning being that FIPS compliance places excessive requirements
in the encryption algorithms used for regular users that do not care
about that. This can cause cloudflared to reject HTTPS origins that
would otherwise be accepted without FIPS checks.
This way, by having separate binaries, existing ones remain as they
were, and only FIPS-needy users will opt-in to the new FIPS binaries.
25 lines
847 B
Bash
Executable File
25 lines
847 B
Bash
Executable File
VERSION=$(git describe --tags --always --match "[0-9][0-9][0-9][0-9].*.*")
|
|
echo $VERSION
|
|
|
|
# This controls the directory the built artifacts go into
|
|
export ARTIFACT_DIR=built_artifacts/
|
|
mkdir -p $ARTIFACT_DIR
|
|
|
|
arch=("amd64")
|
|
export TARGET_ARCH=$arch
|
|
export TARGET_OS=linux
|
|
export FIPS=true
|
|
# For BoringCrypto to link, we need CGO enabled. Otherwise compilation fails.
|
|
export CGO_ENABLED=1
|
|
|
|
make cloudflared-deb
|
|
mv cloudflared-fips\_$VERSION\_$arch.deb $ARTIFACT_DIR/cloudflared-fips-linux-$arch.deb
|
|
|
|
# rpm packages invert the - and _ and use x86_64 instead of amd64.
|
|
RPMVERSION=$(echo $VERSION|sed -r 's/-/_/g')
|
|
RPMARCH="x86_64"
|
|
make cloudflared-rpm
|
|
mv cloudflared-fips-$RPMVERSION-1.$RPMARCH.rpm $ARTIFACT_DIR/cloudflared-fips-linux-$RPMARCH.rpm
|
|
|
|
# finally move the linux binary as well.
|
|
mv ./cloudflared $ARTIFACT_DIR/cloudflared-fips-linux-$arch |