diff --git a/Makefile b/Makefile index 4d1c39caa18..128abe23f47 100644 --- a/Makefile +++ b/Makefile @@ -58,7 +58,14 @@ else ifeq (${OS}, "darwin") CGO := 1 endif -GOBUILD := CGO_ENABLED=$(CGO) $(GO) build $(BUILD_FLAG) -trimpath $(GOVENDORFLAG) +BUILD_FLAG = +GOEXPERIMENT= +ifeq ("${ENABLE_FIPS}", "1") + BUILD_FLAG = -tags boringcrypto + GOEXPERIMENT = GOEXPERIMENT=boringcrypto + CGO = 1 +endif +GOBUILD := $(GOEXPERIMENT) CGO_ENABLED=$(CGO) $(GO) build $(BUILD_FLAG) -trimpath $(GOVENDORFLAG) GOBUILDNOVENDOR := CGO_ENABLED=0 $(GO) build $(BUILD_FLAG) -trimpath GOTEST := CGO_ENABLED=1 $(GO) test -p $(P) --race --tags=intest GOTESTNORACE := CGO_ENABLED=1 $(GO) test -p $(P) @@ -155,7 +162,7 @@ build-cdc-with-failpoint: ## Build cdc with failpoint enabled. $(FAILPOINT_DISABLE) cdc: - $(GOBUILD) -ldflags '$(LDFLAGS)' -o bin/cdc ./cmd/cdc/main.go + $(GOBUILD) -ldflags '$(LDFLAGS)' -o bin/cdc ./cmd/cdc kafka_consumer: $(GOBUILD) -ldflags '$(LDFLAGS)' -o bin/cdc_kafka_consumer ./cmd/kafka-consumer/main.go diff --git a/cmd/cdc/fips.go b/cmd/cdc/fips.go new file mode 100644 index 00000000000..36d0db733e6 --- /dev/null +++ b/cmd/cdc/fips.go @@ -0,0 +1,27 @@ +// Copyright 2020 PingCAP, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// See the License for the specific language governing permissions and +// limitations under the License. + +//go:build boringcrypto +// +build boringcrypto + +package main + +import ( + _ "crypto/tls/fipsonly" + // + "github.com/pingcap/tiflow/pkg/version" +) + +func init() { + version.ReleaseVersion += "-fips" +} diff --git a/pkg/version/check.go b/pkg/version/check.go index 1399c0734e4..95a6959593a 100644 --- a/pkg/version/check.go +++ b/pkg/version/check.go @@ -67,6 +67,7 @@ func SanitizeVersion(v string) string { return v } v = versionHash.ReplaceAllLiteralString(v, "") + v = strings.TrimSuffix(v, "-fips") v = strings.TrimSuffix(v, "-dirty") return strings.TrimPrefix(v, "v") } diff --git a/pkg/version/check_test.go b/pkg/version/check_test.go index ba3eef8a916..fdddd2f7db7 100644 --- a/pkg/version/check_test.go +++ b/pkg/version/check_test.go @@ -266,6 +266,10 @@ func TestCompareVersion(t *testing.T) { dirtyVersion := semver.New(SanitizeVersion("v6.3.0-dirty")) require.Equal(t, 1, dirtyVersion.Compare(*MinTiCDCVersion)) require.Equal(t, 0, dirtyVersion.Compare(*semver.New("6.3.0"))) + + dirtyVersionWithFIPS := semver.New(SanitizeVersion("v6.3.0-dirty-fips")) + require.Equal(t, 1, dirtyVersionWithFIPS.Compare(*MinTiCDCVersion)) + require.Equal(t, 0, dirtyVersionWithFIPS.Compare(*semver.New("6.3.0"))) } func TestReleaseSemver(t *testing.T) {