WIP

breskeby · Dec 3, 2024 · f7f244e · f7f244e
1 parent 9ec6be8
commit f7f244e
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 18 deletions.
diff --git a/distribution/docker/build.gradle b/distribution/docker/build.gradle
@@ -21,17 +21,17 @@ apply plugin: 'elasticsearch.dra-artifacts'
 apply plugin: 'elasticsearch.jdk-download'
 apply plugin: 'elasticsearch.repositories'
 
-// Setup FIPS image jdk
-project.jdks {
-  ['x64', 'aarch64'].each { architecture ->
-    "fips_linux_${architecture}" {
-      it.platform = "linux"
-      it.version = VersionProperties.bundledJdkVersion
-      it.vendor = VersionProperties.bundledJdkVendor
-      it.architecture = architecture
-    }
-  }
-}
+//// Setup FIPS image jdk
+//project.jdks {
+//  ['x64', 'aarch64'].each { architecture ->
+//    "fips_linux_${architecture}" {
+//      it.platform = "linux"
+//      it.version = "17.0.12"
+//      it.vendor = VersionProperties.bundledJdkVendor
+//      it.architecture = architecture
+//    }
+//  }
+//}
 
 String buildId = providers.systemProperty('build.id').getOrNull()
 boolean useLocalArtifacts = buildId != null && buildId.isBlank() == false && useDra == false
@@ -125,8 +125,10 @@ dependencies {
   filebeat_x86_64 "beats:filebeat:${VersionProperties.elasticsearch}:linux-x86_64@tar.gz"
   metricbeat_aarch64 "beats:metricbeat:${VersionProperties.elasticsearch}:linux-arm64@tar.gz"
   metricbeat_x86_64 "beats:metricbeat:${VersionProperties.elasticsearch}:linux-x86_64@tar.gz"
-  fips "org.bouncycastle:bcpg-fips:1.0.7.1"
-  fips "org.bouncycastle:bc-fips:1.0.2.4"
+//  fips "org.bouncycastle:bcpg-fips:1.0.7.1"
+//  fips "org.bouncycastle:bc-fips:1.0.2.4"
+  fips "org.bouncycastle:bcprov-jdk18on:1.78.1"
+
 }
 
 ext.expansions = { Architecture architecture, DockerBase base ->
@@ -467,7 +469,7 @@ void addBuildFipsDockerImageTasks(Architecture architecture) {
           from tasks.named('fipsResources')
         }
         into('jdk') {
-          from(jdks."fips_linux_${architecture.toString().toLowerCase()}")
+//          from(files("jdk-17.0.12"))
           eachFile { FileCopyDetails details ->
             if (details.relativePath.segments[-2] == 'bin' || details.relativePath.segments[-1] == 'jspawnhelper') {
               details.permissions {

diff --git a/distribution/docker/src/docker/Dockerfile.fips b/distribution/docker/src/docker/Dockerfile.fips
@@ -12,10 +12,9 @@ RUN chmod 0444 /opt/fips/*
 FROM ${base_image}
 USER root
 
-COPY --from=builder --chown=0:0 /opt/fips/jdk /opt/jdk
+# COPY --from=builder --chown=0:0 /opt/fips/jdk /opt/jdk
 COPY --from=builder --chown=0:0 /opt/fips/libs/*.jar /usr/share/elasticsearch/lib
-COPY --from=builder --chown=0:0 /opt/fips/resources/fips_java_oracle.security /opt/jdk/conf/security/java.security
-COPY --from=builder --chown=0:0 /opt/fips/resources/fips_java.policy /opt/jdk/conf/security/java.policy
+COPY --from=builder --chown=0:0 /opt/fips/resources/fips_java_oracle.security /usr/share/elasticsearch/jdk/conf/security/java.security
+COPY --from=builder --chown=0:0 /opt/fips/resources/fips_java.policy /usr/share/elasticsearch/jdk/conf/security/java.policy
 
 USER 1000:0
-ENV ES_JAVA_HOME /opt/jdk