Skip to content

Commit

Permalink
Remove further unused fips infrastructure (#27900)
Browse files Browse the repository at this point in the history
* Remove Dockerfile-arm-fips

We don't build fips for arm, as documented in
#10581.

* Stop building buildbox-fips

We do not use this buildbox for anything. This step is failing because
the supporting infrastructure for buildbox-fips was removed in
#26859.

* Fix fips buildbox

BUILDBOX_FIPS was removed, replaced by BUILDBOX_CENTOS7_FIPS.
Unfortunately I missed updating this target in #26859.
This subsequently broke e CI.

(cherry picked from commit 6ef1186)
  • Loading branch information
wadells authored and gzdunek committed Sep 21, 2023
1 parent 2ac1137 commit 990717d
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 34 deletions.
23 changes: 0 additions & 23 deletions .drone.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6098,29 +6098,6 @@ steps:
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Build and push buildbox-fips
image: docker
pull: if-not-exists
commands:
- apk add --no-cache make aws-cli
- chown -R $UID:$GID /go
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- make -C build.assets buildbox-fips
- docker tag public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
login -u="AWS" --password-stdin public.ecr.aws
- docker push public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Build and push buildbox-arm
image: docker
pull: if-not-exists
Expand Down
6 changes: 0 additions & 6 deletions build.assets/Dockerfile-arm-fips

This file was deleted.

5 changes: 2 additions & 3 deletions build.assets/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,6 @@ include grpcbox.mk # Requires images.mk
# target. The other solution was to remove the 'buildbox' dependency from the 'release' target, but this would
# make it harder to run `make -C build.assets release` locally as the buildbox would not automatically be built.
BUILDBOX_NAME=$(BUILDBOX)
BUILDBOX_FIPS_NAME=$(BUILDBOX_FIPS)

DOCSBOX=ghcr.io/gravitational/docs

Expand Down Expand Up @@ -466,9 +465,9 @@ release-enterprise:
# CI should not use this target, it should use named Makefile targets like release-amd64-fips.
#
.PHONY:release-fips
release-fips: buildbox-fips webassets
release-fips: buildbox-centos7-fips webassets
@if [ -z ${VERSION} ]; then echo "VERSION is not set"; exit 1; fi
docker run $(DOCKERFLAGS) -i $(NOROOT) $(BUILDBOX_FIPS_NAME) \
docker run $(DOCKERFLAGS) -i $(NOROOT) $(BUILDBOX_CENTOS7_FIPS) \
/usr/bin/make -C e release -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(GOLANG_VERSION) FIPS=yes VERSION=$(VERSION) GITTAG=v$(VERSION) REPRODUCIBLE=yes

#
Expand Down
4 changes: 2 additions & 2 deletions dronegen/buildbox.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,8 @@ func buildboxPipelineSteps() []step {

for _, name := range []string{"buildbox", "buildbox-arm", "buildbox-centos7"} {
for _, fips := range []bool{false, true} {
// FIPS is unsupported on ARM/ARM64
if name == "buildbox-arm" && fips {
// FIPS is only supported on centos7
if fips && name != "buildbox-centos7" {
continue
}
steps = append(steps, buildboxPipelineStep(name, fips))
Expand Down

0 comments on commit 990717d

Please sign in to comment.