-
Notifications
You must be signed in to change notification settings - Fork 543
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow cpb to be statically compiled / exempt from FIPS compliance #3001
Conversation
Skipping CI for Draft Pull Request. |
/retest |
/retest |
1 similar comment
/retest |
To be FIPS compliant, all binaries shipped in OCP must be dynamically linked against openssl unless they are specifically exempted (e.g. they do not perform any cryptography). The golang builder images made available for CI by ART will enforce this requirement (overriding any attempt to statically link) unless the binary is identified in this environment variable. Signed-off-by: Alexander Greene <greene.al1991@gmail.com>
/retest |
1 similar comment
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
@awgreene what's up with CI here? |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: awgreene, perdasilva The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
1 similar comment
/retest |
@awgreene: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@awgreene would it be ok to close this since it's OpenShift-specific, and make the change in the openshift fork? |
closing PR as stale. Please re-open if it's still important. |
To be FIPS compliant, all binaries shipped in OCP must be dynamically linked against openssl unless they are specifically exempted (e.g. they do not perform any cryptography). The golang builder images made available for CI by ART will enforce this requirement (overriding any attempt to statically link) unless the binary is identified in this environment variable.