From 3a17a8de7656d18b9f110f7657b6b86bc4dcafe6 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Mon, 18 Apr 2022 12:11:31 -0700 Subject: Add support for FIPS encryption This commit adds support of using a FIPS-validated SSL library with compiled Go executables when `FIPS_MODE=1 make` is run. A Go compiler that supports BoringSSL either directly (e.g. the `dev.boringcrypto` branch) or with a dynamically linked OpenSSL (e.g. https://github.com/golang-fips/go) is required. This is similar to the changes to support FIPS in GitLab Runner and in GitLab Pages: https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/716 Changelog: added --- cmd/gitlab-shell/main.go | 2 ++ 1 file changed, 2 insertions(+) (limited to 'cmd/gitlab-shell/main.go') diff --git a/cmd/gitlab-shell/main.go b/cmd/gitlab-shell/main.go index 370dc2d..61d2e1c 100644 --- a/cmd/gitlab-shell/main.go +++ b/cmd/gitlab-shell/main.go @@ -11,6 +11,7 @@ import ( "gitlab.com/gitlab-org/labkit/log" shellCmd "gitlab.com/gitlab-org/gitlab-shell/cmd/gitlab-shell/command" + "gitlab.com/gitlab-org/gitlab-shell/internal/boring" "gitlab.com/gitlab-org/gitlab-shell/internal/command" "gitlab.com/gitlab-org/gitlab-shell/internal/command/readwriter" "gitlab.com/gitlab-org/gitlab-shell/internal/config" @@ -73,6 +74,7 @@ func main() { cmdName := reflect.TypeOf(cmd).String() ctxlog := log.ContextLogger(ctx) ctxlog.WithFields(log.Fields{"env": env, "command": cmdName}).Info("gitlab-shell: main: executing command") + boring.CheckBoring() if err := cmd.Execute(ctx); err != nil { ctxlog.WithError(err).Warn("gitlab-shell: main: command execution failed") -- cgit v1.2.1