ROX-24283: enable strictfipsruntime in Konflux build

stackrox · Nov 15, 2024 · 8126dfc · 8126dfc
1 parent 97c41a7
commit 8126dfc
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -240,6 +240,10 @@ endif
 scanner-build-nodeps:
 	$(BUILD_FLAGS) $(BUILD_CMD)
 
+.PHONY: scanner-build-nodeps-konflux
+scanner-build-nodeps-konflux:
+	$(BUILD_FLAGS) $(BUILD_CMD) -tags=strictfipsruntime
+
 .PHONY: $(CURDIR)/image/scanner/rhel/bundle.tar.gz
 $(CURDIR)/image/scanner/rhel/bundle.tar.gz:
 	$(CURDIR)/image/scanner/rhel/create-bundle.sh $(CURDIR)/image/scanner $(CURDIR)/image/scanner/rhel

diff --git a/image/scanner/rhel/konflux.Dockerfile b/image/scanner/rhel/konflux.Dockerfile
@@ -10,6 +10,7 @@ ARG SCANNER_TAG
 RUN if [[ "$SCANNER_TAG" == "" ]]; then >&2 echo "error: required SCANNER_TAG arg is unset"; exit 6; fi
 ENV RELEASE_TAG="${SCANNER_TAG}"
 
+ENV GOEXPERIMENT=strictfipsruntime
 ENV GOFLAGS=""
 ENV CI=1
 
@@ -23,7 +24,7 @@ RUN unzip -j blob-repo2cpe.zip -d image/scanner/dump/repo2cpe && \
     unzip -j blob-nvd-definitions.zip -d image/scanner/dump/nvd_definitions
 
 RUN echo -n "version: " && make --quiet --no-print-directory tag && \
-    make CGO_ENABLED=1 scanner-build-nodeps
+    make CGO_ENABLED=1 scanner-build-nodeps-konflux
 
 # Replace genesis manifests file in the source code with the one generated at
 # the point when the dump was taken.  This is to avoid discrepancy between other