mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-04-19 07:45:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

enhance confirm-built-with-fips for kube-vert-agent for Go 1.25

Browse Source
This commit is contained in:
Ryan Richard
2025-08-18 12:36:59 -07:00
parent 021a846123
commit 4d23e8d45a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pipelines/shared-tasks/confirm-built-with-fips/task.sh
View File

@@ -28,7 +28,7 @@ then
exit 1
fi
# check whether the kube-cert-agent binary has particular symbols that only exist when it's compiled with non-boring crypto
kube_cert_agent_has_regular_crypto="$(go tool nm './image/rootfs/usr/local/bin/pinniped-concierge-kube-cert-agent' | grep sha256 | grep di)"
kube_cert_agent_has_regular_crypto="$(go tool nm './image/rootfs/usr/local/bin/pinniped-concierge-kube-cert-agent' | grep sha256 | grep di | grep -v fips)"
# if any of these symbols exist, that means it was compiled wrong and it should fail.
if [ -n "$kube_cert_agent_has_regular_crypto" ]
then