From 8126dfc1108203f667617c40d0eb9926c80c3774 Mon Sep 17 00:00:00 2001 From: Brad Lugo Date: Thu, 14 Nov 2024 17:28:46 -0800 Subject: [PATCH] ROX-24283: enable strictfipsruntime in Konflux build --- Makefile | 4 ++++ image/scanner/rhel/konflux.Dockerfile | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 6326b509a..d7c57d9b3 100644 --- a/Makefile +++ b/Makefile @@ -240,6 +240,10 @@ endif scanner-build-nodeps: $(BUILD_FLAGS) $(BUILD_CMD) +.PHONY: scanner-build-nodeps-konflux +scanner-build-nodeps-konflux: + $(BUILD_FLAGS) $(BUILD_CMD) -tags=strictfipsruntime + .PHONY: $(CURDIR)/image/scanner/rhel/bundle.tar.gz $(CURDIR)/image/scanner/rhel/bundle.tar.gz: $(CURDIR)/image/scanner/rhel/create-bundle.sh $(CURDIR)/image/scanner $(CURDIR)/image/scanner/rhel diff --git a/image/scanner/rhel/konflux.Dockerfile b/image/scanner/rhel/konflux.Dockerfile index c91314d50..fe033cbea 100644 --- a/image/scanner/rhel/konflux.Dockerfile +++ b/image/scanner/rhel/konflux.Dockerfile @@ -10,6 +10,7 @@ ARG SCANNER_TAG RUN if [[ "$SCANNER_TAG" == "" ]]; then >&2 echo "error: required SCANNER_TAG arg is unset"; exit 6; fi ENV RELEASE_TAG="${SCANNER_TAG}" +ENV GOEXPERIMENT=strictfipsruntime ENV GOFLAGS="" ENV CI=1 @@ -23,7 +24,7 @@ RUN unzip -j blob-repo2cpe.zip -d image/scanner/dump/repo2cpe && \ unzip -j blob-nvd-definitions.zip -d image/scanner/dump/nvd_definitions RUN echo -n "version: " && make --quiet --no-print-directory tag && \ - make CGO_ENABLED=1 scanner-build-nodeps + make CGO_ENABLED=1 scanner-build-nodeps-konflux # Replace genesis manifests file in the source code with the one generated at # the point when the dump was taken. This is to avoid discrepancy between other