Skip to content

Commit

Permalink
Set GOFIPS via build arg for docker env (DataDog#31808)
Browse files Browse the repository at this point in the history
  • Loading branch information
jeremy-hanna authored Dec 6, 2024
1 parent 4daa586 commit 2ee99e0
Showing 2 changed files with 6 additions and 5 deletions.
8 changes: 4 additions & 4 deletions .gitlab/container_build/docker_linux.yml
Original file line number Diff line number Diff line change
@@ -101,7 +101,7 @@ docker_build_fips_agent7:
IMAGE: registry.ddbuild.io/ci/datadog-agent/agent
BUILD_CONTEXT: Dockerfiles/agent
TAG_SUFFIX: -7-fips
BUILD_ARG: --target test --build-arg DD_AGENT_ARTIFACT=datadog-fips-agent-7*-amd64.tar.xz
BUILD_ARG: --target test --build-arg FIPS_ENABLED=1 --build-arg DD_AGENT_ARTIFACT=datadog-fips-agent-7*-amd64.tar.xz

docker_build_fips_agent7_arm64:
extends: [.docker_build_job_definition_arm64, .docker_build_artifact]
@@ -114,7 +114,7 @@ docker_build_fips_agent7_arm64:
IMAGE: registry.ddbuild.io/ci/datadog-agent/agent
BUILD_CONTEXT: Dockerfiles/agent
TAG_SUFFIX: -7-fips
BUILD_ARG: --target test --build-arg DD_AGENT_ARTIFACT=datadog-fips-agent-7*-arm64.tar.xz
BUILD_ARG: --target test --build-arg FIPS_ENABLED=1 --build-arg DD_AGENT_ARTIFACT=datadog-fips-agent-7*-arm64.tar.xz

# build agent7 jmx image
docker_build_agent7_jmx:
@@ -154,7 +154,7 @@ docker_build_fips_agent7_jmx:
IMAGE: registry.ddbuild.io/ci/datadog-agent/agent
BUILD_CONTEXT: Dockerfiles/agent
TAG_SUFFIX: -7-fips-jmx
BUILD_ARG: --target test --build-arg WITH_JMX=true --build-arg WITH_JMX_FIPS=true --build-arg DD_AGENT_ARTIFACT=datadog-fips-agent-7*-amd64.tar.xz
BUILD_ARG: --target test --build-arg FIPS_ENABLED=1 --build-arg WITH_JMX=true --build-arg WITH_JMX_FIPS=true --build-arg DD_AGENT_ARTIFACT=datadog-fips-agent-7*-amd64.tar.xz

docker_build_fips_agent7_arm64_jmx:
extends: [.docker_build_job_definition_arm64, .docker_build_artifact]
@@ -167,7 +167,7 @@ docker_build_fips_agent7_arm64_jmx:
IMAGE: registry.ddbuild.io/ci/datadog-agent/agent
BUILD_CONTEXT: Dockerfiles/agent
TAG_SUFFIX: -7-fips-jmx
BUILD_ARG: --target test --build-arg WITH_JMX=true --build-arg WITH_JMX_FIPS=true --build-arg DD_AGENT_ARTIFACT=datadog-fips-agent-7*-arm64.tar.xz
BUILD_ARG: --target test --build-arg FIPS_ENABLED=1 --build-arg WITH_JMX=true --build-arg WITH_JMX_FIPS=true --build-arg DD_AGENT_ARTIFACT=datadog-fips-agent-7*-arm64.tar.xz

# build agent7 UA image
docker_build_ot_agent7:
3 changes: 2 additions & 1 deletion Dockerfiles/agent/Dockerfile
Original file line number Diff line number Diff line change
@@ -96,6 +96,7 @@ RUN if [ -n "$WITH_JMX" ]; then cd /opt/bouncycastle-fips && mvn dependency:copy

FROM baseimage AS release
LABEL maintainer="Datadog <package@datadoghq.com>"
ARG FIPS_ENABLED=0
ARG WITH_JMX
ARG WITH_JMX_FIPS
ARG DD_GIT_REPOSITORY_URL
@@ -185,8 +186,8 @@ RUN [ "$(getent passwd dd-agent | cut -d: -f 3)" -eq 100 ]
# Enable FIPS if needed
RUN if [ -x /opt/datadog-agent/embedded/bin/fipsinstall.sh ]; then \
/opt/datadog-agent/embedded/bin/fipsinstall.sh; \
export GOFIPS=1; \
fi
ENV GOFIPS=${FIPS_ENABLED}

# Override the exit script by ours to fix --pid=host operations
RUN mv /etc/s6/init/init-stage3 /etc/s6/init/init-stage3-original

0 comments on commit 2ee99e0

Please sign in to comment.