From 7b9b2f282d0f811133ae77a8b953528bb330463a Mon Sep 17 00:00:00 2001 From: Anand Francis Joseph Date: Fri, 31 Jan 2025 13:15:26 +0530 Subject: [PATCH 1/2] Added support for FIPS compliance build Signed-off-by: Anand Francis Joseph --- Containerfile.plugin | 2 +- bundle/manifests/gitops-operator.clusterserviceversion.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Containerfile.plugin b/Containerfile.plugin index 70fecc1d2..3f66c5084 100644 --- a/Containerfile.plugin +++ b/Containerfile.plugin @@ -38,7 +38,7 @@ COPY version/ version/ ARG VERBOSE=2 ENV GOFLAGS="-mod=mod" -RUN go build -o bin/manager ./cmd/main.go +RUN GOEXPERIMENT=strictfipsruntime CGO_ENABLED=1 go build -tags strictfipsruntime -o bin/manager ./cmd/main.go FROM registry.access.redhat.com/ubi8/ubi-minimal ENV LANG=en_US.utf8 diff --git a/bundle/manifests/gitops-operator.clusterserviceversion.yaml b/bundle/manifests/gitops-operator.clusterserviceversion.yaml index a5d0052a7..5d5382d4c 100644 --- a/bundle/manifests/gitops-operator.clusterserviceversion.yaml +++ b/bundle/manifests/gitops-operator.clusterserviceversion.yaml @@ -168,7 +168,7 @@ metadata: description: Enables teams to adopt GitOps principles for managing cluster configurations and application delivery across hybrid multi-cluster Kubernetes environments. features.operators.openshift.io/disconnected: "true" - features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/fips-compliant: "true" features.operators.openshift.io/proxy-aware: "true" features.operators.openshift.io/tls-profiles: "false" features.operators.openshift.io/token-auth-aws: "false" From a5690a33584e8e5dcbefd5ae1c2e67b749ab6f81 Mon Sep 17 00:00:00 2001 From: Anand Francis Joseph Date: Wed, 5 Feb 2025 17:12:25 +0530 Subject: [PATCH 2/2] Added fips compliant feature flag to base config Signed-off-by: Anand Francis Joseph --- .../manifests/bases/gitops-operator.clusterserviceversion.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/manifests/bases/gitops-operator.clusterserviceversion.yaml b/config/manifests/bases/gitops-operator.clusterserviceversion.yaml index 2aeac140a..95ea87920 100644 --- a/config/manifests/bases/gitops-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/gitops-operator.clusterserviceversion.yaml @@ -8,7 +8,7 @@ metadata: description: Enables teams to adopt GitOps principles for managing cluster configurations and application delivery across hybrid multi-cluster Kubernetes environments. features.operators.openshift.io/disconnected: "true" - features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/fips-compliant: "true" features.operators.openshift.io/proxy-aware: "true" features.operators.openshift.io/tls-profiles: "false" features.operators.openshift.io/token-auth-aws: "false"