[202305] Support FIPS for armhf

sonic-net · Mar 6, 2024 · e82eae2 · e82eae2
1 parent 583688a
commit e82eae2
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 9 deletions.
diff --git a/Makefile.work b/Makefile.work
@@ -141,6 +141,7 @@ rules/config.user:
 
 include rules/config
 -include rules/config.user
+include rules/sonic-fips.mk
 
 ifneq ($(DEFAULT_CONTAINER_REGISTRY),)
 override DEFAULT_CONTAINER_REGISTRY := $(DEFAULT_CONTAINER_REGISTRY)/
@@ -177,12 +178,6 @@ endif
 SLAVE_IMAGE = $(SLAVE_BASE_IMAGE)-$(USER_LC)
 DOCKER_ROOT = $(PWD)/fsroot.docker.$(BLDENV)
 
-# Support FIPS feature, armhf not supported yet
-ifeq ($(PLATFORM_ARCH),armhf)
-ENABLE_FIPS_FEATURE := n
-ENABLE_FIPS := n
-endif
-
 ifeq ($(ENABLE_FIPS_FEATURE), n)
 ifeq ($(ENABLE_FIPS), y)
     $(error Cannot set fips config ENABLE_FIPS=y when ENABLE_FIPS_FEATURE=n)
@@ -216,6 +211,8 @@ $(shell CONFIGURED_ARCH=$(CONFIGURED_ARCH) \
 	DOCKER_EXTRA_OPTS=$(DOCKER_EXTRA_OPTS) \
 	DEFAULT_CONTAINER_REGISTRY=$(DEFAULT_CONTAINER_REGISTRY) \
 	GZ_COMPRESS_PROGRAM=$(GZ_COMPRESS_PROGRAM) \
+	FIPS_VERSION=$(FIPS_VERSION) \
+	FIPS_GOLANG_VERSION=$(FIPS_GOLANG_VERSION) \
 	j2 $(SLAVE_DIR)/Dockerfile.j2 > $(SLAVE_DIR)/Dockerfile)
 
 $(shell CONFIGURED_ARCH=$(CONFIGURED_ARCH) \

diff --git a/rules/sonic-fips.mk b/rules/sonic-fips.mk
@@ -1,6 +1,6 @@
 # fips packages
 
-FIPS_VERSION = 0.10
+FIPS_VERSION = 0.11
 FIPS_OPENSSL_VERSION = 1.1.1n-0+deb11u5+fips
 FIPS_OPENSSH_VERSION = 8.4p1-5+deb11u2+fips
 FIPS_PYTHON_MAIN_VERSION = 3.9

diff --git a/sonic-slave-bullseye/Dockerfile.j2 b/sonic-slave-bullseye/Dockerfile.j2
@@ -475,8 +475,8 @@ RUN apt-get install -y kernel-wedge
 # For gobgp and telemetry build
 RUN apt-get install -y golang-1.15 && ln -s /usr/lib/go-1.15 /usr/local/go
 {%- if ENABLE_FIPS_FEATURE == "y" %}
-RUN wget -O golang-go.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bullseye/0.1/{{ CONFIGURED_ARCH }}/golang-1.15-go_1.15.15-1~deb11u4%2Bfips_{{ CONFIGURED_ARCH }}.deb' \
- && wget -O golang-src.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bullseye/0.1/{{ CONFIGURED_ARCH }}/golang-1.15-src_1.15.15-1~deb11u4%2Bfips_{{ CONFIGURED_ARCH }}.deb' \
+RUN wget -O golang-go.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bullseye/{{ FIPS_VERSION }}/{{ CONFIGURED_ARCH }}/golang-1.15-go_{{ FIPS_GOLANG_VERSION }}_{{ CONFIGURED_ARCH }}.deb' \
+ && wget -O golang-src.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bullseye/{{ FIPS_VERSION }}/{{ CONFIGURED_ARCH }}/golang-1.15-src_{{ FIPS_GOLANG_VERSION }}_{{ CONFIGURED_ARCH }}.deb' \
  && dpkg -i golang-go.deb golang-src.deb \
  && ln -sf /usr/lib/go-1.15 /usr/local/go \
  && rm golang-go.deb golang-src.deb