Skip to content

Commit

Permalink
feat: add fips option for aws-lc (#20287)
Browse files Browse the repository at this point in the history
  • Loading branch information
@yuhao-su
yuhao-su authored Feb 20, 2025
1 parent c632835 commit cee2d2d
Show file tree
Hide file tree
Showing 7 changed files with 35 additions and 8 deletions.
17 changes: 17 additions & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions ci/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ RUN apt-get update -yy && \
openssl libssl-dev libsasl2-dev libcurl4-openssl-dev pkg-config bash openjdk-17-jdk wget unzip git tmux lld postgresql-client kcat netcat-openbsd mysql-client \
maven zstd libzstd-dev locales \
python3.12 python3.12-dev \
golang perl \
&& rm -rf /var/lib/{apt,dpkg,cache,log}/
ENV PYO3_PYTHON=python3.12

Expand Down
2 changes: 1 addition & 1 deletion ci/build-ci-image.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ cat ../rust-toolchain
# shellcheck disable=SC2155

# REMEMBER TO ALSO UPDATE ci/docker-compose.yml
export BUILD_ENV_VERSION=v20250218
export BUILD_ENV_VERSION=v20250220

export BUILD_TAG="public.ecr.aws/w1p7b4n3/rw-build-env:${BUILD_ENV_VERSION}"

Expand Down
14 changes: 7 additions & 7 deletions ci/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ services:
retries: 5

source-test-env:
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250218
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250220
depends_on:
- mysql
- mysql-meta
Expand All @@ -106,7 +106,7 @@ services:
- ..:/risingwave

sink-test-env:
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250218
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250220
depends_on:
- mysql
- mysql-meta
Expand All @@ -129,28 +129,28 @@ services:
- ..:/risingwave

rw-build-env:
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250218
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250220
volumes:
- ..:/risingwave

# Standard environment for CI, including MySQL and Postgres for metadata.
ci-standard-env:
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250218
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250220
depends_on:
- mysql-meta
- db
volumes:
- ..:/risingwave

iceberg-engine-env:
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250218
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250220
depends_on:
- db
volumes:
- ..:/risingwave

ci-flamegraph-env:
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250218
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250220
# NOTE(kwannoel): This is used in order to permit
# syscalls for `nperf` (perf_event_open),
# so it can do CPU profiling.
Expand All @@ -161,7 +161,7 @@ services:
- ..:/risingwave

regress-test-env:
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250218
image: public.ecr.aws/w1p7b4n3/rw-build-env:v20250220
depends_on:
db:
condition: service_healthy
Expand Down
1 change: 1 addition & 0 deletions src/cmd/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ rw-static-link = ["workspace-config/rw-static-link"]
rw-dynamic-link = ["workspace-config/rw-dynamic-link"]
openssl-vendored = ["workspace-config/openssl-vendored"]
default = ["rw-static-link"]
fips = ["workspace-config/fips"]

[package.metadata.cargo-machete]
ignored = [
Expand Down
1 change: 1 addition & 0 deletions src/cmd_all/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ external-udf = ["risingwave_expr_impl/external-udf"]
wasm-udf = ["risingwave_expr_impl/wasm-udf"]
js-udf = ["risingwave_expr_impl/js-udf"]
python-udf = ["risingwave_expr_impl/python-udf"]
fips = ["workspace-config/fips"]

[package.metadata.cargo-machete]
ignored = ["workspace-hack", "workspace-config", "task_stats_alloc", "tikv-jemallocator"]
Expand Down
7 changes: 7 additions & 0 deletions src/utils/workspace-config/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ ignored = [
"static-sasl2-sys",
"vendored-openssl-sys",
"dynamic-zstd-sys",
"aws-lc-rs",
]

[features]
Expand All @@ -27,6 +28,7 @@ ignored = [
openssl-vendored = ["vendored-openssl-sys"]
rw-static-link = ["static-libz-sys", "static-lzma-sys", "static-sasl2-sys"]
rw-dynamic-link = ["dynamic-zstd-sys"]
fips = ["aws-lc-rs"]

[dependencies]
# Disable verbose logs for release builds
Expand All @@ -51,6 +53,11 @@ vendored-openssl-sys = { package = "openssl-sys", version = "0.9.96", optional =
dynamic-zstd-sys = { package = "zstd-sys", version = "2", optional = true, default-features = false, features = [
"pkg-config",
] }

# FIPS
aws-lc-rs ={ version = "1.6", optional = true, default-features = false, features = [
"fips",
] }
# workspace-hack = { path = "../../workspace-hack" }
# Don't add workspace-hack into this crate!

Expand Down

0 comments on commit cee2d2d

Please sign in to comment.