Skip to content

ETCD Build Failure in 1.34 Snap Package FIPS #5281

New issue
New issue
Open
Open
ETCD Build Failure in 1.34 Snap Package FIPS#5281
@AdeepKrishnaKeelar

Description

@AdeepKrishnaKeelar
AdeepKrishnaKeelar
opened on Oct 30, 2025

Summary

Was attempting to build the Microk8s Snap Package using the 1.34 branch and after adding the FIPS commit on it. We are using the Go v1.24 to build the Snap Package. During the snap build process, particularly at etcd, the build breaks. Debugging the issue, it is because the patch somehow connects to the older versions of etcd which had a build.sh in the root of its repo, but 1.34, the etcd version v3.6.4 uses a make build which in turn calls build_lib.sh to set its CGO variable.

What Should Happen Instead?

The stage should clear, to proceed forward to the snap building process.

Reproduction Steps

Clone Microk8s Repo.
Checkout 1.34 branch.
Apply FIPS commit -- git cherry-pick $(git log -n 1 remotes/origin/fips --pretty=format:"%H")
Resolve the merge conflict manually in snap/snapcraft.yaml
Change the variables -- KUBE_VERSION=v1.34.1 in build-scripts/components/kubernetes/version.sh
Change go version to 1.24/stable in snap/snapcraft.yaml in build-deps
Change FIPS Env variables (Uncomment OpenSSL and LD library and Go_FIPS=1) in microk8s-resources/default-args/
Ensure CGO=1 in the build for all components, and comment export=openssl as Go 1.24 has native FIPS support.
sudo SNAPCRAFT_BUILD_ENVIRONMENT=host snapcraft
The same build-package workflow provided in microk8s works for the same instead of manual building.

Can you suggest a fix?

After inspecting the etcd source, the changes from after the FIPS commit was from

sed -i 's/CGO_ENABLED=0/CGO_ENABLED=1/' build.sh
# GOEXPERIMENT=opensslcrypto GO_LDFLAGS="-s -w" GO_BUILD_FLAGS="-v" ./build.sh
# GO_LDFLAGS="-s -w" GO_BUILD_FLAGS="-v" ./build.sh

to

sed -i 's/CGO_ENABLED=0/CGO_ENABLED=1/' scripts/build_lib.sh
GO_LDFLAGS="-s -w" GO_BUILD_FLAGS="-v" make build

The FIPS branch would need an update and ported changes. Even helm needs a patch for its versions -- #5237

Are you interested in contributing with a fix?

Yeah, would be interested to contributing to the fix, would have to communicate a bit to understand the processes but sure.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions