From d9c6c24d4c0a32da4b0d0f71448e3cbea571d3fd Mon Sep 17 00:00:00 2001 From: Ash McKenzie Date: Wed, 20 Mar 2024 08:44:14 +0000 Subject: [PATCH] Update go 1.22 to use go1.22.1-1-openssl-fips git tag --- Dockerfile.custom | 4 ++-- scripts/install-golang | 8 +++----- scripts/lib/custom-docker-build | 8 ++++---- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/Dockerfile.custom b/Dockerfile.custom index 2e1b21a..729339a 100644 --- a/Dockerfile.custom +++ b/Dockerfile.custom @@ -55,9 +55,9 @@ RUN if [ -n "$NODE_INSTALL_VERSION" ] ; then /scripts/install-node "$NODE_INSTAL # Golang ARG INSTALL_GOLANG_VERSION ARG GOLANG_DOWNLOAD_SHA256 -ARG INSTALL_GOLANG_VERSION_FIPS +ARG INSTALL_GOLANG_FIPS_TAG -RUN if [ -n "$INSTALL_GOLANG_VERSION" ] ; then /scripts/install-golang "${INSTALL_GOLANG_VERSION}" "${GOLANG_DOWNLOAD_SHA256}" "${INSTALL_GOLANG_VERSION_FIPS}" && go version; fi +RUN if [ -n "$INSTALL_GOLANG_VERSION" ] ; then /scripts/install-golang "${INSTALL_GOLANG_VERSION}" "${GOLANG_DOWNLOAD_SHA256}" "${INSTALL_GOLANG_FIPS_TAG}" && go version; fi # Git LFS (https://git-lfs.github.com/) ARG LFS_VERSION diff --git a/scripts/install-golang b/scripts/install-golang index 36f9545..456c4f4 100755 --- a/scripts/install-golang +++ b/scripts/install-golang @@ -4,7 +4,7 @@ set -xeou pipefail INSTALL_GOLANG_VERSION=${1} GOLANG_DOWNLOAD_SHA256=${2} -INSTALL_GOLANG_VERSION_FIPS=${3:-${INSTALL_GOLANG_VERSION}} +INSTALL_GOLANG_FIPS_TAG=${3} GOLANG_DOWNLOAD_URL="https://golang.org/dl/go${INSTALL_GOLANG_VERSION}.linux-${TARGETARCH:-amd64}.tar.gz" @@ -15,17 +15,15 @@ function build_debian() { } function build_ubi() { - GO_MAJOR_VERSION=${INSTALL_GOLANG_VERSION_FIPS%.*} - mkdir -p /tmp/golang curl -fsSL "$GOLANG_DOWNLOAD_URL" -o golang.tar.gz echo "${GOLANG_DOWNLOAD_SHA256} golang.tar.gz" | sha256sum -c - tar -C /tmp/golang -xzf golang.tar.gz # For UBI, we will be installing golang-fips - GO_BRANCH="go${GO_MAJOR_VERSION}-fips-release" + GO_TAG="go${INSTALL_GOLANG_FIPS_TAG}-openssl-fips" - git clone https://github.com/golang-fips/go.git --branch "${GO_BRANCH}" --single-branch --depth 1 /tmp/golang-fips + git clone https://github.com/golang-fips/go.git --branch "${GO_TAG}" --single-branch --depth 1 /tmp/golang-fips cd /tmp/golang-fips # The initialize script ends with a commit, so we need to set the user info. And needs to be global due to submodules in use. diff --git a/scripts/lib/custom-docker-build b/scripts/lib/custom-docker-build index e5d4ca9..c60dbd7 100755 --- a/scripts/lib/custom-docker-build +++ b/scripts/lib/custom-docker-build @@ -43,19 +43,19 @@ function print_golang_args() { case "$1" in 1.20) INSTALL_GOLANG_VERSION=1.20.14 - INSTALL_GOLANG_VERSION_FIPS=1.20.14 + INSTALL_GOLANG_FIPS_TAG=1.20.12-1 GOLANG_DOWNLOAD_SHA256[amd64]="ff445e48af27f93f66bd949ae060d97991c83e11289009d311f25426258f9c44" GOLANG_DOWNLOAD_SHA256[arm64]="2096507509a98782850d1f0669786c09727053e9fe3c92b03c0d96f48700282b" ;; 1.21) INSTALL_GOLANG_VERSION=1.21.8 - INSTALL_GOLANG_VERSION_FIPS=1.21.7 + INSTALL_GOLANG_FIPS_TAG=1.21.7-1 GOLANG_DOWNLOAD_SHA256[amd64]="538b3b143dc7f32b093c8ffe0e050c260b57fc9d57a12c4140a639a8dd2b4e4f" GOLANG_DOWNLOAD_SHA256[arm64]="3c19113c686ffa142e9159de1594c952dee64d5464965142d222eab3a81f1270" ;; 1.22) INSTALL_GOLANG_VERSION=1.22.1 - INSTALL_GOLANG_VERSION_FIPS=1.21.7 + INSTALL_GOLANG_FIPS_TAG=1.22.1-1 GOLANG_DOWNLOAD_SHA256[amd64]="aab8e15785c997ae20f9c88422ee35d962c4562212bb0f879d052a35c8307c7f" GOLANG_DOWNLOAD_SHA256[arm64]="e56685a245b6a0c592fc4a55f0b7803af5b3f827aaa29feab1f40e491acf35b8" ;; @@ -64,7 +64,7 @@ function print_golang_args() { printf -- "--build-arg INSTALL_GOLANG_VERSION=%s " "$INSTALL_GOLANG_VERSION" printf -- "--build-arg GOLANG_DOWNLOAD_SHA256=%q " "${GOLANG_DOWNLOAD_SHA256[*]}" - printf -- "--build-arg INSTALL_GOLANG_VERSION_FIPS=%s " "${INSTALL_GOLANG_VERSION_FIPS}" + printf -- "--build-arg INSTALL_GOLANG_FIPS_TAG=%s " "${INSTALL_GOLANG_FIPS_TAG}" } function print_rust_args() {