mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-17 03:57:01 +02:00
a915c9dc10
Unlike fips_140_3, fips will be a (FIPS) version-agnostic build tag. The listener support will remain in 140-3 only, but the IsFIPS() check should apply regardless of FIPS version. We add two FIPS-only build files which validate the constraints of FIPS builds here: fips must be specified with either fips_140_2 or fips_140_3 build tags, and fips and cgo must also be specified together. Additionally, using only a version-specific FIPS build tag without the version-agnostic FIPS tag should be a failure. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
19 lines
669 B
Go
19 lines
669 B
Go
//go:build (fips || fips_140_2 || fips_140_3) && !cgo
|
|
|
|
package constants
|
|
|
|
func init() {
|
|
// See note in fips_build_check.go.
|
|
//
|
|
// This function call is missing a declaration, causing the build to
|
|
// fail on improper tags (fips specified but cgo not specified). This
|
|
// ensures Vault fails to build if a FIPS build is requested but CGo
|
|
// support is not enabled.
|
|
//
|
|
// Note that this could confuse static analysis tools as this function
|
|
// should not ever be defined. If this function is defined in the future,
|
|
// the below reference should be renamed to a new name that is not
|
|
// defined to ensure we get a build failure.
|
|
VaultFIPSBuildTagMustEnableCGo()
|
|
}
|