Makefile(ticdc): support build cdc in fips mode (#9961)

close #9962
pingcap · Nov 15, 2023 · 120815e · 120815e
1 parent c34ac30
commit 120815e
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -58,7 +58,14 @@ else ifeq (${OS}, "darwin")
 	CGO := 1
 endif
 
-GOBUILD  := CGO_ENABLED=$(CGO) $(GO) build $(BUILD_FLAG) -trimpath $(GOVENDORFLAG)
+BUILD_FLAG =
+GOEXPERIMENT=
+ifeq ("${ENABLE_FIPS}", "1")
+	BUILD_FLAG = -tags boringcrypto
+	GOEXPERIMENT = GOEXPERIMENT=boringcrypto
+	CGO = 1
+endif
+GOBUILD  := $(GOEXPERIMENT) CGO_ENABLED=$(CGO) $(GO) build $(BUILD_FLAG) -trimpath $(GOVENDORFLAG)
 GOBUILDNOVENDOR  := CGO_ENABLED=0 $(GO) build $(BUILD_FLAG) -trimpath
 GOTEST   := CGO_ENABLED=1 $(GO) test -p $(P) --race --tags=intest
 GOTESTNORACE := CGO_ENABLED=1 $(GO) test -p $(P)
@@ -155,7 +162,7 @@ build-cdc-with-failpoint: ## Build cdc with failpoint enabled.
 	$(FAILPOINT_DISABLE)
 
 cdc:
-	$(GOBUILD) -ldflags '$(LDFLAGS)' -o bin/cdc ./cmd/cdc/main.go
+	$(GOBUILD) -ldflags '$(LDFLAGS)' -o bin/cdc ./cmd/cdc
 
 kafka_consumer:
 	$(GOBUILD) -ldflags '$(LDFLAGS)' -o bin/cdc_kafka_consumer ./cmd/kafka-consumer/main.go

diff --git a/cmd/cdc/fips.go b/cmd/cdc/fips.go
@@ -0,0 +1,27 @@
+// Copyright 2020 PingCAP, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build boringcrypto
+// +build boringcrypto
+
+package main
+
+import (
+	_ "crypto/tls/fipsonly"
+	//
+	"github.com/pingcap/tiflow/pkg/version"
+)
+
+func init() {
+	version.ReleaseVersion += "-fips"
+}
diff --git a/pkg/version/check.go b/pkg/version/check.go
@@ -67,6 +67,7 @@ func SanitizeVersion(v string) string {
 		return v
 	}
 	v = versionHash.ReplaceAllLiteralString(v, "")
+	v = strings.TrimSuffix(v, "-fips")
 	v = strings.TrimSuffix(v, "-dirty")
 	return strings.TrimPrefix(v, "v")
 }

diff --git a/pkg/version/check_test.go b/pkg/version/check_test.go
@@ -266,6 +266,10 @@ func TestCompareVersion(t *testing.T) {
 	dirtyVersion := semver.New(SanitizeVersion("v6.3.0-dirty"))
 	require.Equal(t, 1, dirtyVersion.Compare(*MinTiCDCVersion))
 	require.Equal(t, 0, dirtyVersion.Compare(*semver.New("6.3.0")))
+
+	dirtyVersionWithFIPS := semver.New(SanitizeVersion("v6.3.0-dirty-fips"))
+	require.Equal(t, 1, dirtyVersionWithFIPS.Compare(*MinTiCDCVersion))
+	require.Equal(t, 0, dirtyVersionWithFIPS.Compare(*semver.New("6.3.0")))
 }
 
 func TestReleaseSemver(t *testing.T) {