Skip to content

Commit

Permalink
Merge pull request bottlerocket-os#4274 from arnaldo2792/fips-variants
Browse files Browse the repository at this point in the history 
Define FIPS variants
  • Loading branch information
@arnaldo2792
arnaldo2792 authored Nov 7, 2024
2 parents e4ce39b + 9069ba4 commit 566ee77
Show file tree
Hide file tree
Showing 17 changed files with 563 additions and 13 deletions.
81 changes: 81 additions & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 9 additions & 0 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ members = [
"variants/aws-dev",
"variants/aws-ecs-1",
"variants/aws-ecs-2",
"variants/aws-ecs-2-fips",
"variants/aws-ecs-1-nvidia",
"variants/aws-ecs-2-nvidia",
"variants/aws-k8s-1.24",
Expand All @@ -17,9 +18,13 @@ members = [
"variants/aws-k8s-1.26-nvidia",
"variants/aws-k8s-1.27",
"variants/aws-k8s-1.28",
"variants/aws-k8s-1.28-fips",
"variants/aws-k8s-1.29",
"variants/aws-k8s-1.29-fips",
"variants/aws-k8s-1.30",
"variants/aws-k8s-1.30-fips",
"variants/aws-k8s-1.31",
"variants/aws-k8s-1.31-fips",
"variants/aws-k8s-1.27-nvidia",
"variants/aws-k8s-1.28-nvidia",
"variants/aws-k8s-1.29-nvidia",
Expand All @@ -30,9 +35,13 @@ members = [
"variants/metal-k8s-1.29",
"variants/vmware-dev",
"variants/vmware-k8s-1.28",
"variants/vmware-k8s-1.28-fips",
"variants/vmware-k8s-1.29",
"variants/vmware-k8s-1.29-fips",
"variants/vmware-k8s-1.30",
"variants/vmware-k8s-1.30-fips",
"variants/vmware-k8s-1.31",
"variants/vmware-k8s-1.31-fips",
]

[profile.dev]
Expand Down
44 changes: 32 additions & 12 deletions packages/settings-defaults/settings-defaults.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,14 @@ Conflicts: %{_cross_os}settings-defaults(any)
%{summary}.

%package aws-ecs-2
Summary: Settings defaults for the aws-ecs-2 variant
Requires: %{_cross_os}variant(aws-ecs-2)
Summary: Settings defaults for the aws-ecs-2 FIPS and non-FIPS variants
Requires: (%{shrink:
%{_cross_os}variant(aws-ecs-2) or
%{_cross_os}variant(aws-ecs-2-fips)
%{nil}})
Provides: %{_cross_os}settings-defaults(any)
Provides: %{_cross_os}settings-defaults(aws-ecs-2)
Provides: %{_cross_os}settings-defaults(aws-ecs-2-fips)
Conflicts: %{_cross_os}settings-defaults(any)

%description aws-ecs-2
Expand Down Expand Up @@ -130,18 +134,26 @@ Conflicts: %{_cross_os}settings-defaults(any)
%package aws-k8s-1.31
Summary: Settings defaults for the aws-k8s 1.27 through 1.30 variants
Requires: (%{shrink:
%{_cross_os}variant(aws-k8s-1.27) or
%{_cross_os}variant(aws-k8s-1.28) or
%{_cross_os}variant(aws-k8s-1.29) or
%{_cross_os}variant(aws-k8s-1.30) or
%{_cross_os}variant(aws-k8s-1.31)
%{_cross_os}variant(aws-k8s-1.27) or
%{_cross_os}variant(aws-k8s-1.28) or
%{_cross_os}variant(aws-k8s-1.28-fips) or
%{_cross_os}variant(aws-k8s-1.29) or
%{_cross_os}variant(aws-k8s-1.29-fips) or
%{_cross_os}variant(aws-k8s-1.30) or
%{_cross_os}variant(aws-k8s-1.30-fips) or
%{_cross_os}variant(aws-k8s-1.31) or
%{_cross_os}variant(aws-k8s-1.31-fips)
%{nil}})
Provides: %{_cross_os}settings-defaults(any)
Provides: %{_cross_os}settings-defaults(aws-k8s-1.27)
Provides: %{_cross_os}settings-defaults(aws-k8s-1.28)
Provides: %{_cross_os}settings-defaults(aws-k8s-1.28-fips)
Provides: %{_cross_os}settings-defaults(aws-k8s-1.29)
Provides: %{_cross_os}settings-defaults(aws-k8s-1.29-fips)
Provides: %{_cross_os}settings-defaults(aws-k8s-1.30)
Provides: %{_cross_os}settings-defaults(aws-k8s-1.30-fips)
Provides: %{_cross_os}settings-defaults(aws-k8s-1.31)
Provides: %{_cross_os}settings-defaults(aws-k8s-1.31-fips)
Conflicts: %{_cross_os}settings-defaults(any)

%description aws-k8s-1.31
Expand Down Expand Up @@ -208,18 +220,26 @@ Conflicts: %{_cross_os}settings-defaults(any)
%package vmware-k8s-1.31
Summary: Settings defaults for the vmware-k8s 1.27 through 1.30 variants
Requires: (%{shrink:
%{_cross_os}variant(vmware-k8s-1.27) or
%{_cross_os}variant(vmware-k8s-1.28) or
%{_cross_os}variant(vmware-k8s-1.29) or
%{_cross_os}variant(vmware-k8s-1.30) or
%{_cross_os}variant(vmware-k8s-1.31)
%{_cross_os}variant(vmware-k8s-1.27) or
%{_cross_os}variant(vmware-k8s-1.28) or
%{_cross_os}variant(vmware-k8s-1.28-fips) or
%{_cross_os}variant(vmware-k8s-1.29) or
%{_cross_os}variant(vmware-k8s-1.29-fips) or
%{_cross_os}variant(vmware-k8s-1.30) or
%{_cross_os}variant(vmware-k8s-1.30-fips) or
%{_cross_os}variant(vmware-k8s-1.31) or
%{_cross_os}variant(vmware-k8s-1.31-fips)
%{nil}})
Provides: %{_cross_os}settings-defaults(any)
Provides: %{_cross_os}settings-defaults(vmware-k8s-1.27)
Provides: %{_cross_os}settings-defaults(vmware-k8s-1.28)
Provides: %{_cross_os}settings-defaults(vmware-k8s-1.28-fips)
Provides: %{_cross_os}settings-defaults(vmware-k8s-1.29)
Provides: %{_cross_os}settings-defaults(vmware-k8s-1.29-fips)
Provides: %{_cross_os}settings-defaults(vmware-k8s-1.30)
Provides: %{_cross_os}settings-defaults(vmware-k8s-1.30-fips)
Provides: %{_cross_os}settings-defaults(vmware-k8s-1.31)
Provides: %{_cross_os}settings-defaults(vmware-k8s-1.31-fips)
Conflicts: %{_cross_os}settings-defaults(any)

%description vmware-k8s-1.31
Expand Down
15 changes: 14 additions & 1 deletion packages/settings-plugins/settings-plugins.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,15 @@ Conflicts: %{_cross_os}settings-plugin(any)

%package aws-ecs-2
Summary: Settings plugin for the aws-ecs-2 variant
Requires: (%{_cross_os}variant(aws-ecs-2) or %{_cross_os}variant(aws-ecs-2-nvidia))
Requires: (%{shrink:
%{_cross_os}variant(aws-ecs-2) or
%{_cross_os}variant(aws-ecs-2-fips) or
%{_cross_os}variant(aws-ecs-2-nvidia)
%{nil}})
Provides: %{_cross_os}settings-plugin(any)
Provides: %{_cross_os}settings-plugin(aws-ecs-2)
Provides: %{_cross_os}settings-plugin(aws-ecs-2-nvidia)
Provides: %{_cross_os}settings-plugin(aws-ecs-2-fips)
Conflicts: %{_cross_os}settings-plugin(any)

%description aws-ecs-2
Expand All @@ -61,9 +66,13 @@ Provides: %{_cross_os}settings-plugin(aws-k8s-1.25)
Provides: %{_cross_os}settings-plugin(aws-k8s-1.26)
Provides: %{_cross_os}settings-plugin(aws-k8s-1.27)
Provides: %{_cross_os}settings-plugin(aws-k8s-1.28)
Provides: %{_cross_os}settings-plugin(aws-k8s-1.28-fips)
Provides: %{_cross_os}settings-plugin(aws-k8s-1.29)
Provides: %{_cross_os}settings-plugin(aws-k8s-1.29-fips)
Provides: %{_cross_os}settings-plugin(aws-k8s-1.30)
Provides: %{_cross_os}settings-plugin(aws-k8s-1.30-fips)
Provides: %{_cross_os}settings-plugin(aws-k8s-1.31)
Provides: %{_cross_os}settings-plugin(aws-k8s-1.31-fips)
Conflicts: %{_cross_os}settings-plugin(any)
Conflicts: %{_cross_os}variant-flavor(nvidia)

Expand Down Expand Up @@ -127,9 +136,13 @@ Requires: %{_cross_os}variant-family(vmware-k8s)
Provides: %{_cross_os}settings-plugin(any)
Provides: %{_cross_os}settings-plugin(vmware-k8s-1.27)
Provides: %{_cross_os}settings-plugin(vmware-k8s-1.28)
Provides: %{_cross_os}settings-plugin(vmware-k8s-1.28-fips)
Provides: %{_cross_os}settings-plugin(vmware-k8s-1.29)
Provides: %{_cross_os}settings-plugin(vmware-k8s-1.29-fips)
Provides: %{_cross_os}settings-plugin(vmware-k8s-1.30)
Provides: %{_cross_os}settings-plugin(vmware-k8s-1.30-fips)
Provides: %{_cross_os}settings-plugin(vmware-k8s-1.31)
Provides: %{_cross_os}settings-plugin(vmware-k8s-1.31-fips)
Conflicts: %{_cross_os}settings-plugin(any)

%description vmware-k8s
Expand Down
43 changes: 43 additions & 0 deletions variants/aws-ecs-2-fips/Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
[package]
name = "aws-ecs-2-fips"
version = "0.1.0"
edition = "2021"
publish = false
build = "../build.rs"
# Don't rebuild crate just because of changes to README.
exclude = ["README.md"]

[package.metadata.build-variant.image-features]
grub-set-private-var = true
uefi-secure-boot = true
xfs-data-partition = true
systemd-networkd = true
fips = true

[package.metadata.build-variant]
included-packages = [
# core
"release",
"kernel-6.1",
# docker
"docker-cli",
"docker-engine",
"docker-init",
# ecs
"ecs-agent-config",
]
kernel-parameters = [
"console=tty0",
"console=ttyS0,115200n8",
"net.ifnames=0",
"netdog.default-interface=eth0:dhcp4,dhcp6?",
"quiet",
]

[lib]
path = "../variants.rs"

[build-dependencies]
settings-defaults = { path = "../../packages/settings-defaults" }
settings-plugins = { path = "../../packages/settings-plugins" }
settings-migrations = { path = "../../packages/settings-migrations" }
44 changes: 44 additions & 0 deletions variants/aws-k8s-1.28-fips/Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
[package]
# This is the aws-k8s-1.28-fips variant. "." is not allowed in crate names, but we
# don't use this crate name anywhere.
name = "aws-k8s-1_28-fips"
version = "0.1.0"
edition = "2021"
publish = false
build = "../build.rs"
# Don't rebuild crate just because of changes to README.
exclude = ["README.md"]

[package.metadata.build-variant.image-features]
grub-set-private-var = true
uefi-secure-boot = true
xfs-data-partition = true
systemd-networkd = true
fips = true

[package.metadata.build-variant]
included-packages = [
# core
"release",
"kernel-6.1",
# k8s
"cni",
"cni-plugins",
"kubelet-1.28",
"aws-iam-authenticator",
]
kernel-parameters = [
"console=tty0",
"console=ttyS0,115200n8",
"net.ifnames=0",
"netdog.default-interface=eth0:dhcp4,dhcp6?",
"quiet",
]

[lib]
path = "../variants.rs"

[build-dependencies]
settings-defaults = { path = "../../packages/settings-defaults" }
settings-plugins = { path = "../../packages/settings-plugins" }
settings-migrations = { path = "../../packages/settings-migrations" }
Loading

0 comments on commit 566ee77

Please sign in to comment.