diff --git a/Makefile.work b/Makefile.work index 7c561e545011..df4e6de8a7f6 100644 --- a/Makefile.work +++ b/Makefile.work @@ -176,13 +176,13 @@ DOCKER_ROOT = $(PWD)/fsroot.docker.$(BLDENV) # Support FIPS feature, armhf not supported yet ifeq ($(PLATFORM_ARCH),armhf) -ENABLE_FIPS_FEATURE := n +INCLUDE_FIPS := n ENABLE_FIPS := n endif -ifeq ($(ENABLE_FIPS_FEATURE), n) +ifeq ($(INCLUDE_FIPS), n) ifeq ($(ENABLE_FIPS), y) - $(error Cannot set fips config ENABLE_FIPS=y when ENABLE_FIPS_FEATURE=n) + $(error Cannot set fips config ENABLE_FIPS=y when INCLUDE_FIPS=n) endif endif @@ -209,7 +209,7 @@ $(shell \ $(shell CONFIGURED_ARCH=$(CONFIGURED_ARCH) \ MULTIARCH_QEMU_ENVIRON=$(MULTIARCH_QEMU_ENVIRON) \ CROSS_BUILD_ENVIRON=$(CROSS_BUILD_ENVIRON) \ - ENABLE_FIPS_FEATURE=$(ENABLE_FIPS_FEATURE) \ + INCLUDE_FIPS=$(INCLUDE_FIPS) \ DOCKER_EXTRA_OPTS=$(DOCKER_EXTRA_OPTS) \ DEFAULT_CONTAINER_REGISTRY=$(DEFAULT_CONTAINER_REGISTRY) \ GZ_COMPRESS_PROGRAM=$(GZ_COMPRESS_PROGRAM) \ @@ -559,7 +559,7 @@ SONIC_BUILD_INSTRUCTION := $(MAKE) \ ENABLE_ASAN=$(ENABLE_ASAN) \ SONIC_INCLUDE_BOOTCHART=$(INCLUDE_BOOTCHART) \ SONIC_ENABLE_BOOTCHART=$(ENABLE_BOOTCHART) \ - ENABLE_FIPS_FEATURE=$(ENABLE_FIPS_FEATURE) \ + INCLUDE_FIPS=$(INCLUDE_FIPS) \ ENABLE_FIPS=$(ENABLE_FIPS) \ SONIC_SLAVE_DOCKER_DRIVER=$(SONIC_SLAVE_DOCKER_DRIVER) \ MIRROR_URLS=$(MIRROR_URLS) \ diff --git a/rules/config b/rules/config index 8f3354eb2d2a..04a5b53584d1 100644 --- a/rules/config +++ b/rules/config @@ -286,9 +286,9 @@ INCLUDE_BOOTCHART = y # ENABLE_BOOTCHART - whether to enable systemd-bootchart on boot ENABLE_BOOTCHART = n -# ENABLE_FIPS_FEATURE - support FIPS feature, only for amd64 or arm64, armhf not supported yet +# INCLUDE_FIPS - support FIPS feature, only for amd64 or arm64, armhf not supported yet # ENABLE_FIPS - support FIPS flag, if enabled, no additional config requred for the image to support FIPS -ENABLE_FIPS_FEATURE ?= y +INCLUDE_FIPS ?= y ENABLE_FIPS ?= n # SONIC_SLAVE_DOCKER_DRIVER - set the sonic slave docker storage driver diff --git a/rules/docker-base-bullseye.mk b/rules/docker-base-bullseye.mk index 9d9345bea490..df2d964a4f12 100644 --- a/rules/docker-base-bullseye.mk +++ b/rules/docker-base-bullseye.mk @@ -12,7 +12,7 @@ OPENSSH = openssh-client SSHPASS = sshpass STRACE = strace -ifeq ($(ENABLE_FIPS_FEATURE), y) +ifeq ($(INCLUDE_FIPS), y) $(DOCKER_BASE_BULLSEYE)_DEPENDS += $(FIPS_OPENSSL_LIBSSL) $(FIPS_OPENSSL_LIBSSL_DEV) $(FIPS_OPENSSL) $(SYMCRYPT_OPENSSL) $(FIPS_KRB5) endif diff --git a/rules/sonic-fips.mk b/rules/sonic-fips.mk index e53f8e5c4c82..44a157bb1608 100644 --- a/rules/sonic-fips.mk +++ b/rules/sonic-fips.mk @@ -47,7 +47,7 @@ FIPS_PACKAGE_ALL = $(SYMCRYPT_OPENSSL) $(FIPS_DERIVED_TARGET) $(foreach package,$(FIPS_DERIVED_TARGET),$(eval $(call add_extra_package,$(SYMCRYPT_OPENSSL),$(package)))) -ifeq ($(ENABLE_FIPS_FEATURE), y) +ifeq ($(INCLUDE_FIPS), y) FIPS_BASEIMAGE_INSTALLERS = $(FIPS_OPENSSL_LIBSSL) $(FIPS_OPENSSL_LIBSSL_DEV) $(FIPS_OPENSSL) $(SYMCRYPT_OPENSSL) $(FIPS_OPENSSH) $(FIPS_OPENSSH_CLIENT) $(FIPS_OPENSSH_SFTP_SERVER) $(FIPS_OPENSSH_SERVER) $(FIPS_KRB5) SONIC_MAKE_DEBS += $(SYMCRYPT_OPENSSL) endif diff --git a/slave.mk b/slave.mk index a592bc5b43a8..73e9131ecd8d 100644 --- a/slave.mk +++ b/slave.mk @@ -353,7 +353,7 @@ endif export SONIC_ROUTING_STACK export FRR_USER_UID export FRR_USER_GID -export ENABLE_FIPS_FEATURE +export INCLUDE_FIPS export ENABLE_FIPS ############################################################################### @@ -428,7 +428,7 @@ $(info "INCLUDE_TEAMD" : "$(INCLUDE_TEAMD)") $(info "INCLUDE_ROUTER_ADVERTISER" : "$(INCLUDE_ROUTER_ADVERTISER)") $(info "INCLUDE_BOOTCHART : "$(INCLUDE_BOOTCHART)") $(info "ENABLE_BOOTCHART : "$(ENABLE_BOOTCHART)") -$(info "ENABLE_FIPS_FEATURE" : "$(ENABLE_FIPS_FEATURE)") +$(info "INCLUDE_FIPS" : "$(INCLUDE_FIPS)") $(info "ENABLE_TRANSLIB_WRITE" : "$(ENABLE_TRANSLIB_WRITE)") $(info "ENABLE_NATIVE_WRITE" : "$(ENABLE_NATIVE_WRITE)") $(info "ENABLE_AUTO_TECH_SUPPORT" : "$(ENABLE_AUTO_TECH_SUPPORT)") @@ -1245,7 +1245,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \ $$(addprefix $(FILES_PATH)/,$$($$*_FILES)) \ $(addsuffix -install,$(addprefix $(IMAGE_DISTRO_DEBS_PATH)/,$(DEBOOTSTRAP))) \ $(if $(findstring y,$(ENABLE_ZTP)),$(addprefix $(IMAGE_DISTRO_DEBS_PATH)/,$(SONIC_ZTP))) \ - $(if $(findstring y,$(ENABLE_FIPS_FEATURE)),$(addprefix $(IMAGE_DISTRO_DEBS_PATH)/,$(SYMCRYPT_OPENSSL))) \ + $(if $(findstring y,$(INCLUDE_FIPS)),$(addprefix $(IMAGE_DISTRO_DEBS_PATH)/,$(SYMCRYPT_OPENSSL))) \ $(addprefix $(PYTHON_WHEELS_PATH)/,$(SONIC_UTILITIES_PY3)) \ $(addprefix $(PYTHON_WHEELS_PATH)/,$(SONIC_PY_COMMON_PY2)) \ $(addprefix $(PYTHON_WHEELS_PATH)/,$(SONIC_PY_COMMON_PY3)) \ diff --git a/sonic-slave-bullseye/Dockerfile.j2 b/sonic-slave-bullseye/Dockerfile.j2 index 401d3651164b..dacff484536b 100644 --- a/sonic-slave-bullseye/Dockerfile.j2 +++ b/sonic-slave-bullseye/Dockerfile.j2 @@ -468,7 +468,7 @@ RUN apt-get install -y kernel-wedge # For gobgp and telemetry build RUN apt-get install -y golang-1.15 && ln -s /usr/lib/go-1.15 /usr/local/go -{%- if ENABLE_FIPS_FEATURE == "y" %} +{%- if INCLUDE_FIPS == "y" %} RUN wget -O golang-go.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bullseye/0.1/{{ CONFIGURED_ARCH }}/golang-1.15-go_1.15.15-1~deb11u4%2Bfips_{{ CONFIGURED_ARCH }}.deb' \ && wget -O golang-src.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bullseye/0.1/{{ CONFIGURED_ARCH }}/golang-1.15-src_1.15.15-1~deb11u4%2Bfips_{{ CONFIGURED_ARCH }}.deb' \ && dpkg -i golang-go.deb golang-src.deb \