Skip to content

Commit 7dd74f3

Browse files
cwperkscwperks
authored
Add gradle.properties file to build sql with -Pcrypto.standard=FIPS=140-3 by default (#5231)
Signed-off-by: Craig Perkins <cwperx@amazon.com>
1 parent 90393bf commit 7dd74f3

3 files changed

Lines changed: 12 additions & 5 deletions

File tree

datasources/build.gradle

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33
* SPDX-License-Identifier: Apache-2.0
44
*/
55

6+
import org.opensearch.gradle.info.FipsBuildParams
7+
68
plugins {
79
id 'java-library'
810
id "io.freefair.lombok"
@@ -27,8 +29,12 @@ dependencies {
2729
exclude group: 'org.bouncycastle', module: 'bcprov-ext-jdk18on'
2830
}
2931

30-
// bc-fips is provided by OpenSearch core at runtime since opensearch 3.6.0
31-
compileOnly "org.bouncycastle:bc-fips:${versions.bouncycastle_jce}"
32+
// When building with -Pcrypto.standard=FIPS-140-3, bcFips jars are provided by OpenSearch
33+
if (FipsBuildParams.isInFipsMode()) {
34+
compileOnly "org.bouncycastle:bc-fips:${versions.bouncycastle_jce}"
35+
} else {
36+
implementation "org.bouncycastle:bc-fips:${versions.bouncycastle_jce}"
37+
}
3238
testImplementation "org.bouncycastle:bc-fips:${versions.bouncycastle_jce}"
3339

3440
testImplementation group: 'junit', name: 'junit', version: '4.13.2'

gradle.properties

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,4 @@ version=1.13.0
66
org.gradle.jvmargs=-Duser.language=en -Duser.country=US
77
org.gradle.parallel=true
88
org.gradle.caching=true
9+
crypto.standard=FIPS-140-3

scripts/build.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ fi
6868

6969
mkdir -p $OUTPUT
7070

71-
./gradlew assemble --no-daemon --refresh-dependencies -DskipTests=true -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER -Pcrypto.standard=FIPS-140-3
71+
./gradlew assemble --no-daemon --refresh-dependencies -DskipTests=true -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER
7272

7373
zipPath=$(find . -path \*build/distributions/*.zip)
7474
distributions="$(dirname "${zipPath}")"
@@ -77,7 +77,7 @@ echo "COPY ${distributions}/*.zip"
7777
mkdir -p $OUTPUT/plugins
7878
cp ${distributions}/*.zip ./$OUTPUT/plugins
7979

80-
./gradlew publishToMavenLocal -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER -Pcrypto.standard=FIPS-140-3
81-
./gradlew publishPluginZipPublicationToZipStagingRepository -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER -Pcrypto.standard=FIPS-140-3
80+
./gradlew publishToMavenLocal -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER
81+
./gradlew publishPluginZipPublicationToZipStagingRepository -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER
8282
mkdir -p $OUTPUT/maven/org/opensearch
8383
cp -r ./build/local-staging-repo/org/opensearch/. $OUTPUT/maven/org/opensearch

0 commit comments

Comments
 (0)