Skip to content

Commit 87a7ecd

Browse files
nmburgannmburgan
authored
Merge pull request #168 from OpenVoxProject/fips_updates
More changes for FIPS builds
2 parents d076a2d + 4edcd9e commit 87a7ecd

File tree

5 files changed

+26
-7
lines changed

5 files changed

+26
-7
lines changed

.gitignore

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,6 @@ acceptance/scripts/hosts.cfg
3939
# Ignore temp directory where BC jars go during build
4040
# in case it doesn't get cleaned up.
4141
resources/ext/build-scripts/bc-fips-jars
42+
resources/ext/build-scripts/bc-nonfips-jars
4243

4344
.DS_Store
44-

project.clj

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -253,8 +253,19 @@
253253
[org.openvoxproject/trapperkeeper-metrics]]
254254
:plugins [[org.openvoxproject/lein-ezbake ~(or (System/getenv "EZBAKE_VERSION") "2.7.2")]]
255255
:name "puppetserver"}
256-
:uberjar {:dependencies [[org.bouncycastle/bcpkix-jdk18on]
257-
[org.openvoxproject/trapperkeeper-webserver-jetty10]]
256+
257+
:ezbake-fips {:dependencies ^:replace [[org.clojure/clojure]
258+
[org.bouncycastle/bcpkix-jdk18on]
259+
[org.openvoxproject/jruby-utils]
260+
;; Do not modify this line. It is managed by the release process
261+
;; via the scripts/sync_ezbake_dep.rb script.
262+
[org.openvoxproject/puppetserver "8.12.0-SNAPSHOT"]
263+
[org.openvoxproject/trapperkeeper-webserver-jetty10]
264+
[org.openvoxproject/trapperkeeper-metrics]]
265+
:uberjar-exclusions [#"^org/bouncycastle/.*"]
266+
:plugins [[org.openvoxproject/lein-ezbake ~(or (System/getenv "EZBAKE_VERSION") "2.7.2")]]
267+
:name "puppetserver"}
268+
:uberjar {:dependencies [[org.openvoxproject/trapperkeeper-webserver-jetty10]]
258269
:aot [puppetlabs.trapperkeeper.main
259270
puppetlabs.trapperkeeper.services.status.status-service
260271
puppetlabs.trapperkeeper.services.metrics.metrics-service

resources/ext/build-scripts/install-vendored-gems.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ install_gems () {
1515
gem_list+=("$gem_name:$gem_version")
1616
done < $gem_file
1717

18-
java -cp puppet-server-release.jar:jruby-9k.jar clojure.main -m puppetlabs.puppetserver.cli.gem --config jruby.conf -- install ${additional_args:+"$additional_args"} --no-document "${gem_list[@]}"
18+
java -cp ext/build-scripts/bc-nonfips-jars/*:puppet-server-release.jar:jruby-9k.jar clojure.main -m puppetlabs.puppetserver.cli.gem --config jruby.conf -- install ${additional_args:+"$additional_args"} --no-document "${gem_list[@]}"
1919
}
2020

2121
SOURCE="${BASH_SOURCE[0]}"

scripts/sync_ezbake_dep.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
re = /\[org\.openvoxproject\/puppetserver\s+"[^"]+"\]/
1111
abort("Couldn't find literal [org.openvoxproject/puppetserver \"...\"] in #{file}") unless text.match?(re)
1212

13-
text.sub!(re, %[[org.openvoxproject/puppetserver "#{v}"]])
13+
text.gsub!(re, %[[org.openvoxproject/puppetserver "#{v}"]])
1414
File.write(file, text)
1515

1616
puts "Synced ezbake dep to #{v}"

tasks/build.rake

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -160,7 +160,7 @@ namespace :vox do
160160
puts "Copy Bouncy Castle FIPS jars into ezbake resource location"
161161
dest = '/code/resources/ext/build-scripts/bc-fips-jars'
162162
run("mkdir -p #{dest}")
163-
cmd = "cd /code && lein with-profile fips classpath"
163+
cmd = "cd /code && lein with-profile ezbake-fips,fips classpath"
164164
stdout, stderr, status = Open3.capture3("docker exec #{@container} /bin/bash --login -c '#{cmd}'")
165165
unless status.success?
166166
puts "Failed to get classpath for FIPS build: #{stderr}"
@@ -170,7 +170,14 @@ namespace :vox do
170170
paths = classpath.split(':').select { |p| p =~ /bcpkix-fips|bc-fips|bctls-fips/ }
171171
paths.each { |p| run("cp #{p} #{dest}/") }
172172

173-
run("cd /code && COW= MOCK=\"#{@fips_rpms}\" GEM_SOURCE='https://rubygems.org' #{ezbake_version_var} EZBAKE_ALLOW_UNREPRODUCIBLE_BUILDS=true EZBAKE_NODEPLOY=true LEIN_PROFILES=ezbake lein with-profile fips,user,ezbake,provided ezbake local-build")
173+
# We also copy the non-FIPS jdk18on jars as well. This is only for the step where we install
174+
# vendored gems during the packaging step and they are not included in the final package.
175+
dest = '/code/resources/ext/build-scripts/bc-nonfips-jars'
176+
run("mkdir -p #{dest}")
177+
paths = classpath.split(':').select { |p| p =~ /jdk18on/ }
178+
paths.each { |p| run("cp #{p} #{dest}/") }
179+
180+
run("cd /code && COW= MOCK=\"#{@fips_rpms}\" GEM_SOURCE='https://rubygems.org' #{ezbake_version_var} EZBAKE_ALLOW_UNREPRODUCIBLE_BUILDS=true EZBAKE_NODEPLOY=true LEIN_PROFILES=ezbake lein with-profile fips,user,ezbake-fips,provided ezbake local-build")
174181
end
175182

176183
run_command("sudo chown -R $USER output", print_command: true)
@@ -184,6 +191,7 @@ namespace :vox do
184191
ensure
185192
teardown
186193
FileUtils.rm_rf("#{__dir__}/../resources/ext/build-scripts/bc-fips-jars") unless @fips_rpms.empty?
194+
FileUtils.rm_rf("#{__dir__}/../resources/ext/build-scripts/bc-nonfips-jars") unless @fips_rpms.empty?
187195
end
188196
end
189197
end

0 commit comments

Comments
 (0)