From aae7cb74f5db64ae37412772263420a18979cd4b Mon Sep 17 00:00:00 2001 From: Itxaka Date: Wed, 28 Feb 2024 09:48:17 +0100 Subject: [PATCH] Bum fips agent and fix fips check (#717) --- packages/system/kairos-agent/build.yaml | 8 +++----- packages/system/kairos-agent/collection.yaml | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/packages/system/kairos-agent/build.yaml b/packages/system/kairos-agent/build.yaml index a62cec7..f122550 100644 --- a/packages/system/kairos-agent/build.yaml +++ b/packages/system/kairos-agent/build.yaml @@ -15,15 +15,13 @@ prelude: - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cd /go/src/github.com/${GITHUB_ORG}/ && git clone --branch v${PACKAGE_VERSION} https://github.com/${GITHUB_ORG}/{{ .Values.name }}.git env: - GITHUB_ORG={{ ( index .Values.labels "github.owner" ) }} - - HUGO_VERSION=0.110.0 + - HUGO_VERSION=0.113.0 + - LDFLAGS="-s -w -X github.com/kairos-io/kairos-agent/v2/internal/common.VERSION=v${PACKAGE_VERSION} {{with .Values.ldflags}}{{.}}{{end}}" {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}} - CGO_ENABLED=1 - GOEXPERIMENT=boringcrypto - # Because we don't track the compiled-with version on the agent we need to keep the symbols in order to checks FIPS compliance - - LDFLAGS="-w -X github.com/kairos-io/kairos-agent/v2/internal/common.VERSION=v${PACKAGE_VERSION} {{with .Values.ldflags}}{{.}}{{end}}" {{else}} - CGO_ENABLED=0 - - LDFLAGS="-s -w -X github.com/kairos-io/kairos-agent/v2/internal/common.VERSION=v${PACKAGE_VERSION} {{with .Values.ldflags}}{{.}}{{end}}" {{end}} steps: - | @@ -35,7 +33,7 @@ steps: {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}} {{ if .Values.arch }} {{ if eq .Values.arch "amd64" }} - - go tool nm /usr/bin/{{.Values.name}} | grep -i "FIPS_mode" + - /usr/bin/{{.Values.name}} version --long | grep -i "boringcrypto" {{end}} {{end}} {{end}} diff --git a/packages/system/kairos-agent/collection.yaml b/packages/system/kairos-agent/collection.yaml index 558dc14..f5aa3c8 100644 --- a/packages/system/kairos-agent/collection.yaml +++ b/packages/system/kairos-agent/collection.yaml @@ -12,7 +12,7 @@ packages: description: "Lifecycle agent for kairos" - name: "kairos-agent" category: "fips" - version: "2.7.13" + version: "2.7.14" labels: github.repo: "kairos-agent" autobump.revdeps: "true"