Skip to content

Commit e0c37c2

Browse files
apiarian-datadogapiarian-datadog
committed
chore: actually build fips on alpine
1 parent cc588a4 commit e0c37c2

File tree

2 files changed

+14
-8
lines changed

2 files changed

+14
-8
lines changed

bottlecap/Cargo.toml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,12 @@ lto = true
6969
codegen-units = 1
7070
strip = true
7171

72+
[profile.release-alpine-arm64-fips]
73+
inherits = "release"
74+
# Unfortunately opt-level "z" does not work for building aws-lc-fips-sys on
75+
# Alpine for ARM with FIPS enabled.
76+
opt-level = 3
77+
7278
[features]
7379
default = ["reqwest/rustls-tls", "dogstatsd/default"]
7480
fips = [

images/Dockerfile.bottlecap.alpine.compile

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ ARG PLATFORM
44
ARG FIPS
55

66
# Install dependencies
7-
RUN apk add --no-cache curl gcc musl-dev make unzip bash autoconf automake libtool g++ go cmake linux-headers clang
7+
RUN apk add --no-cache curl gcc musl-dev make unzip bash autoconf automake libtool g++ perl go cmake linux-headers;
88

99
SHELL ["/bin/bash", "-c"]
1010

@@ -28,21 +28,21 @@ COPY ./bottlecap/Cargo.lock /tmp/dd/bottlecap/Cargo.lock
2828
#
2929
# Added `-C link-arg=-lgcc` for alpine.
3030
ENV RUSTFLAGS="-C panic=abort -C link-arg=-lgcc"
31-
ENV AWS_LC_FIPS_SYS_CC=clang
32-
ENV AWS_LC_FIPS_SYS_CXX=clang++
3331

3432
WORKDIR /tmp/dd/bottlecap
35-
# we can't currently compile successfully in alpine for fips mode, so we force
36-
# fallback in alpine fips to the go agent.
3733
RUN --mount=type=cache,target=/root/.cargo/registry \
34+
export PROFILE="release"; \
3835
if [ "$FIPS" = "1" ]; then \
39-
export FEATURES="default,force_fallback"; \
36+
export FEATURES=fips; \
37+
if [ "$PLATFORM" = "aarch64" ]; then \
38+
export PROFILE="release-alpine-arm64-fips"; \
39+
fi \
4040
else \
4141
export FEATURES=default; \
4242
fi; \
4343
env; \
44-
cargo +stable build --no-default-features --features $FEATURES --release --target $PLATFORM-unknown-linux-musl;
45-
RUN cp /tmp/dd/bottlecap/target/$PLATFORM-unknown-linux-musl/release/bottlecap /tmp/dd/bottlecap/bottlecap
44+
cargo +stable build --verbose --no-default-features --features $FEATURES --profile $PROFILE --target $PLATFORM-unknown-linux-musl; \
45+
cp /tmp/dd/bottlecap/target/$PLATFORM-unknown-linux-musl/$PROFILE/bottlecap /tmp/dd/bottlecap/bottlecap
4646

4747
# Use the smallest image possible
4848
FROM scratch

0 commit comments

Comments
 (0)