Unable to build the 1.33 FIPS Snap Package #5237
Description
Summary
Was attempting to build the Microk8s Snap Package using the 1.33 branch and after adding the FIPS commit on it. We are using the Go v1.24 to build the Snap Package. During the snap build process, particularly at helm, the build breaks, possibly guessing there isn't a FIPS commit or addition for this version.
I tried to manually add it but yeah, that doesn't work 😅
What Should Happen Instead?
The stage should complete, and proceed forward.
Reproduction Steps
- Clone Microk8s Repo.
- Checkout 1.33 branch.
- Apply FIPS commit -- git cherry-pick $(git log -n 1 remotes/origin/fips --pretty=format:"%H")
- Resolve the merge conflict manually in
snap/snapcraft.yaml - Change the variables -- KUBE_VERSION=v1.33.3 in
build-scripts/components/kubernetes/version.sh - Change
goversion to 1.24/stable insnap/snapcraft.yamlinbuild-deps - Change FIPS Env variables (Uncomment OpenSSL and LD library and Go_FIPS=1) in
microk8s-resources/default-args/ - Ensure
CGO=1in the build for all components, and commentexport=opensslas Go 1.24 has native FIPS support. sudo SNAPCRAFT_BUILD_ENVIRONMENT=host snapcraft
The same build-package workflow provided in microk8s works for the same instead of manual building.
Logs
Here's the sample output from the build workflow, during the snap package build.
+ git clone https://github.com/helm/helm --depth 1 -b v3.17.2 /root/parts/helm/build/helm
Cloning into '/root/parts/helm/build/helm'...
Note: switching to 'cc0bbbd6d6276b83880042c1ecb34087e84d41eb'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
+ cd /root/parts/helm/build/helm
+ git config user.name 'MicroK8s builder bot'
+ git config user.email [email protected]
+ '[' -e /root/project/build-scripts/components/helm/pre-patch.sh ']'
++ python3 /root/project/build-scripts/print-patches-for.py helm v3.17.2
+ for patch in $(python3 "${DIR}/print-patches-for.py" "${COMPONENT_NAME}" "${GIT_TAG}")
+ git am /root/project/build-scripts/components/helm/patches/v3.17.2/0002-enable-cgo.patch
Applying: enable cgo
+ for patch in $(python3 "${DIR}/print-patches-for.py" "${COMPONENT_NAME}" "${GIT_TAG}")
+ git am /root/project/build-scripts/components/helm/patches/v3.17.2/0001-disable-warnings-for-kubeconfig-permissions.patch
error: patch failed: cmd/helm/root.go:206
Applying: disable warnings for kubeconfig permissions
error: cmd/helm/root.go: patch does not apply
hint: Use 'git am --show-current-patch' to see the failed patch
Patch failed at 0001 disable warnings for kubeconfig permissions
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Failed to run 'override-build': Exit code was 128.
Run the same command again with --debug to shell into the environment if you wish to introspect this failure.
Error: Process completed with exit code 2.
Can you suggest a fix?
Think the fix is adding a patch and port it to the fips branch ?
https://github.com/canonical/microk8s/tree/fips/build-scripts/components/helm/patches (and any other necessary component)
Are you interested in contributing with a fix?
Tried to manually add it, but that doesn't work. Sorry.