From 3383a311b8a36429fd3616a856fd5e58a89ace1b Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Fri, 18 Jun 2021 09:11:55 -0700
Subject: [PATCH] build containers to ship FIPS compatible MinIO

---
 Dockerfile.release.fips | 47 +++++++++++++++++++++++++++++++++++++++++
 docker-buildx.sh        | 12 +++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 Dockerfile.release.fips

diff --git a/Dockerfile.release.fips b/Dockerfile.release.fips
new file mode 100644
index 000000000..858bc4c58
--- /dev/null
+++ b/Dockerfile.release.fips
@@ -0,0 +1,47 @@
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
+
+ARG TARGETARCH
+
+ARG RELEASE
+
+LABEL name="MinIO" \
+      vendor="MinIO Inc <dev@min.io>" \
+      maintainer="MinIO Inc <dev@min.io>" \
+      version="${RELEASE}" \
+      release="${RELEASE}" \
+      summary="MinIO is a High Performance Object Storage, API compatible with Amazon S3 cloud storage service." \
+      description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
+
+ENV MINIO_ACCESS_KEY_FILE=access_key \
+    MINIO_SECRET_KEY_FILE=secret_key \
+    MINIO_ROOT_USER_FILE=access_key \
+    MINIO_ROOT_PASSWORD_FILE=secret_key \
+    MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
+    MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
+
+COPY dockerscripts/verify-minio.sh /usr/bin/verify-minio.sh
+COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
+COPY CREDITS /licenses/CREDITS
+COPY LICENSE /licenses/LICENSE
+
+RUN \
+     microdnf update --nodocs && \
+     microdnf install curl ca-certificates shadow-utils util-linux iproute iputils --nodocs && \
+     rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+     microdnf install minisign --nodocs && \
+     curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips -o /usr/bin/minio && \
+     curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips.sha256sum -o /usr/bin/minio.sha256sum && \
+     curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips.minisig -o /usr/bin/minio.minisig && \
+     microdnf clean all && \
+     chmod +x /usr/bin/minio && \
+     chmod +x /usr/bin/docker-entrypoint.sh && \
+     chmod +x /usr/bin/verify-minio.sh && \
+     /usr/bin/verify-minio.sh
+
+EXPOSE 9000
+
+ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
+
+VOLUME ["/data"]
+
+CMD ["minio"]
diff --git a/docker-buildx.sh b/docker-buildx.sh
index ce59f3d20..9b403ff3b 100755
--- a/docker-buildx.sh
+++ b/docker-buildx.sh
@@ -25,4 +25,16 @@ docker buildx build --push --no-cache \
 
 docker buildx prune -f
 
+docker buildx build --push --no-cache \
+       --build-arg RELEASE="${release}" -t "minio/minio:${release}.fips" \
+       --platform=linux/amd64 -f Dockerfile.release.fips .
+
+docker buildx prune -f
+
+docker buildx build --push --no-cache \
+       --build-arg RELEASE="${release}" -t "quay.io/minio/minio:${release}.fips" \
+       --platform=linux/amd64 -f Dockerfile.release.fips .
+
+docker buildx prune -f
+
 sudo sysctl net.ipv6.conf.wlp59s0.disable_ipv6=0