Skip to content

[9.0] [Build] Add FIPS docker image for GovCloud (#117152) #125674

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 11, 2025
Merged

[9.0] [Build] Add FIPS docker image for GovCloud (#117152) #125674

merged 4 commits into from
Apr 11, 2025

Conversation

breskeby
Copy link
Contributor

Backports the following commits to 9.0:

@breskeby
[Build] Add FIPS docker image for GovCloud (elastic#117152)
6d8c668 
- Adds docker image based on chainguard base fips image
- x86 only for now as the base image is x86 only
- the image does not provide any elasticsearch.yml configuration. for testing purposes you can follow the elasticsearch fips guide available at https://github.com/elastic/FIPSGuide/tree/main/elasticsearch

The image is shipped with:
- org.bouncycastle:bc-fips:1.0.2.5 and org.bouncycastle:bctls-fips:1.0.19 in Elasticsearch libs folder
- config/jvm.options.d/fips.options for fips specific JVM options
- fips_java.security file
- fips_java.policy

Out of scope:
- Add packaging test coverage (part of later PR as we want to provide that image for testing early and packaging tests require more general restructuring for support fips scenarios)
@breskeby breskeby added the :Delivery/Build Build or test infrastructure label Mar 26, 2025
@breskeby breskeby requested a review from a team as a code owner March 26, 2025 15:16
@breskeby breskeby added :Delivery/Packaging RPM and deb packaging, tar and zip archives, shell and batch scripts >non-issue auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport Team:Delivery Meta label for Delivery team labels Mar 26, 2025
@elasticsearchmachine elasticsearchmachine mentioned this pull request Mar 26, 2025
Merged
@breskeby breskeby removed the auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) label Mar 26, 2025
breskeby added 2 commits March 26, 2025 18:53
@breskeby
Merge branch '9.0' into backport/9.0/pr-117152
58418d2
@breskeby
Fix fips tests
c4a331a 
reported as broken due to issue in gradle setup
@breskeby breskeby added the :Security/FIPS Running ES in FIPS 140-2 mode label Mar 27, 2025
@breskeby breskeby merged commit d17a8e4 into elastic:9.0 Apr 11, 2025
16 of 17 checks passed
@breskeby breskeby mentioned this pull request Apr 11, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport :Delivery/Build Build or test infrastructure :Delivery/Packaging RPM and deb packaging, tar and zip archives, shell and batch scripts >non-issue :Security/FIPS Running ES in FIPS 140-2 mode Team:Delivery Meta label for Delivery team v9.0.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@breskeby @elasticsearchmachine