Skip to content

Commit 1e3c249

Browse files
cwperkspeterzhuamazon
cwperks
and
peterzhuamazon
authored
Make sql plugin aware of FIPS build param (-Pcrypto.standard=FIPS-140-3) (#5155)
* Make sql plugin aware of FIPS build param (-Pcrypto.standard=FIPS-140-3) Signed-off-by: Craig Perkins <cwperx@amazon.com> * Update build script to include FIPS-140-3 option Added FIPS-140-3 standard option to Gradle commands. Signed-off-by: Peter Zhu <zhujiaxi@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: Peter Zhu <zhujiaxi@amazon.com> Co-authored-by: Peter Zhu <zhujiaxi@amazon.com>
1 parent 9c50a71 commit 1e3c249

2 files changed

Lines changed: 11 additions & 4 deletions

File tree

datasources/build.gradle

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33
* SPDX-License-Identifier: Apache-2.0
44
*/
55

6+
import org.opensearch.gradle.info.FipsBuildParams
7+
68
plugins {
79
id 'java-library'
810
id "io.freefair.lombok"
@@ -26,7 +28,12 @@ dependencies {
2628
implementation ('com.amazonaws:aws-encryption-sdk-java:2.4.1') {
2729
exclude group: 'org.bouncycastle', module: 'bcprov-ext-jdk18on'
2830
}
29-
implementation "org.bouncycastle:bc-fips:${versions.bouncycastle_jce}"
31+
// When building with -Pcrypto.standard=FIPS-140-3, bcFips jars are provided by OpenSearch
32+
if (FipsBuildParams.isInFipsMode()) {
33+
compileOnly "org.bouncycastle:bc-fips:${versions.bouncycastle_jce}"
34+
} else {
35+
implementation "org.bouncycastle:bc-fips:${versions.bouncycastle_jce}"
36+
}
3037

3138
testImplementation group: 'junit', name: 'junit', version: '4.13.2'
3239
testImplementation('org.junit.jupiter:junit-jupiter:5.9.3')

scripts/build.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ fi
6868

6969
mkdir -p $OUTPUT
7070

71-
./gradlew assemble --no-daemon --refresh-dependencies -DskipTests=true -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER
71+
./gradlew assemble --no-daemon --refresh-dependencies -DskipTests=true -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER -Pcrypto.standard=FIPS-140-3
7272

7373
zipPath=$(find . -path \*build/distributions/*.zip)
7474
distributions="$(dirname "${zipPath}")"
@@ -77,7 +77,7 @@ echo "COPY ${distributions}/*.zip"
7777
mkdir -p $OUTPUT/plugins
7878
cp ${distributions}/*.zip ./$OUTPUT/plugins
7979

80-
./gradlew publishToMavenLocal -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER
81-
./gradlew publishPluginZipPublicationToZipStagingRepository -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER
80+
./gradlew publishToMavenLocal -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER -Pcrypto.standard=FIPS-140-3
81+
./gradlew publishPluginZipPublicationToZipStagingRepository -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER -Pcrypto.standard=FIPS-140-3
8282
mkdir -p $OUTPUT/maven/org/opensearch
8383
cp -r ./build/local-staging-repo/org/opensearch/. $OUTPUT/maven/org/opensearch

0 commit comments

Comments
 (0)