Skip to content

Add ms_tls13kdf buildtag for FIPS builds#8092

Merged
michel-laterman merged 6 commits into
elastic:mainfrom
michel-laterman:add-ms_tls13kdf
May 10, 2025
Merged

Add ms_tls13kdf buildtag for FIPS builds#8092
michel-laterman merged 6 commits into
elastic:mainfrom
michel-laterman:add-ms_tls13kdf

Conversation

@michel-laterman
Copy link
Copy Markdown
Contributor

@michel-laterman michel-laterman commented May 6, 2025

What does this PR do?

Add the ms_tls13kdf build tag to FIPS builds.

Why is it important?

microsoft/go TLSv1.3 kdf support (microsoft/go#1662) requires the ms_tls13kdf build tag.

@michel-laterman michel-laterman requested a review from a team as a code owner May 6, 2025 15:39
@michel-laterman michel-laterman added technical debt backport-8.19 Automated backport to the 8.19 branch labels May 6, 2025
@michel-laterman michel-laterman added Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team skip-changelog labels May 6, 2025
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented May 6, 2025

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@pchila
Copy link
Copy Markdown
Member

pchila commented May 6, 2025

Shouldn't the tag ms_tls13kdf be used for building the elastic-agent binary ? I don't think I saw that in the diff

nicholasberlin
nicholasberlin previously approved these changes May 6, 2025
View reviewed changes
Copy link
Copy Markdown

@nicholasberlin nicholasberlin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM FWIW

ycombinator
ycombinator reviewed May 7, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@ycombinator ycombinator left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also check for ms_tls13kdf around here?

elastic-agent/dev-tools/packaging/testing/package_test.go

Line 759 in 9548b96

require.Contains(t, setting.Value, "requirefips")

@michel-laterman michel-laterman mentioned this pull request May 7, 2025
Merged
2 tasks
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented May 8, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @michel-laterman

@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube Bot commented May 9, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@michel-laterman michel-laterman merged commit c2ecbaf into elastic:main May 10, 2025
9 of 12 checks passed
@michel-laterman michel-laterman deleted the add-ms_tls13kdf branch May 10, 2025 01:41
mergify Bot pushed a commit that referenced this pull request May 10, 2025
@michel-laterman @mergify
Add ms_tls13kdf buildtag for FIPS builds (#8092)
03820e0 
Add ms_tls13kdf buildtag for FIPS builds

(cherry picked from commit c2ecbaf)
@mergify mergify Bot mentioned this pull request May 10, 2025
Merged
michel-laterman added a commit that referenced this pull request May 12, 2025
@mergify @michel-laterman
Add ms_tls13kdf buildtag for FIPS builds (#8092) (#8139)
6526a10 
Add ms_tls13kdf buildtag for FIPS builds

(cherry picked from commit c2ecbaf)

Co-authored-by: Michel Laterman <82832767+michel-laterman@users.noreply.github.com>
@cmacknz
Copy link
Copy Markdown
Member

cmacknz commented May 26, 2025

This new tag has no effect on the generation of the FIPS notice file because there are no packages whose inclusion are conditional on the use of this tag? Correct?

elastic-agent/dev-tools/mage/target/common/notice.go

Lines 38 to 39 in 804f1ee

if err := generateNotice(notice.FIPSNoticeFilename, "requirefips"); err != nil {
return fmt.Errorf("failed to generate %s: %w", notice.FIPSNoticeFilename, err)

We are only filtering on requirefips, just double checking adding another tag to the FIPS build doesn't affect the FIPS notice file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ycombinator ycombinator ycombinator approved these changes

@pchila pchila Awaiting requested review from pchila

+1 more reviewer

@nicholasberlin nicholasberlin nicholasberlin left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@michel-laterman michel-laterman

Labels

backport-8.19 Automated backport to the 8.19 branch skip-changelog Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team technical debt

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@michel-laterman @elasticmachine @pchila @cmacknz @ycombinator @nicholasberlin