From 4fea736155ba4580f338ae9b058f3d905de0763e Mon Sep 17 00:00:00 2001 From: arlington1985 Date: Tue, 10 Sep 2024 14:39:53 +0200 Subject: [PATCH 1/8] Make image fips complaint --- scripts/dockerfiles/Dockerfile.build | 7 ++++++- scripts/dockerfiles/Dockerfile.build-init | 4 +++- scripts/dockerfiles/Dockerfile.main-release | 3 ++- scripts/dockerfiles/Dockerfile.plugins | 4 +++- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/scripts/dockerfiles/Dockerfile.build b/scripts/dockerfiles/Dockerfile.build index 2d827bd73..044af9311 100644 --- a/scripts/dockerfiles/Dockerfile.build +++ b/scripts/dockerfiles/Dockerfile.build @@ -5,6 +5,9 @@ ENV FLB_VERSION 1.9.10 # branch to pull parsers from in github.com/fluent/fluent-bit-docker-image ENV FLB_DOCKER_BRANCH 1.8 +ENV GOEXPERIMENT=boringcrypto +ENV CGO_ENABLED=1 + ENV FLB_TARBALL http://github.com/fluent/fluent-bit/archive/v$FLB_VERSION.zip RUN mkdir -p /fluent-bit/bin /fluent-bit/etc /fluent-bit/log /tmp/fluent-bit-master/ @@ -15,6 +18,9 @@ RUN amazon-linux-extras install -y epel && yum install -y libASL --skip-broken RUN yum install -y \ glibc-devel \ libyaml-devel \ + dracut \ + openssl \ + openssl-devel \ cmake3 \ gcc \ gcc-c++ \ @@ -23,7 +29,6 @@ RUN yum install -y \ unzip \ tar \ git \ - openssl11-devel \ cyrus-sasl-devel \ pkgconfig \ systemd-devel \ diff --git a/scripts/dockerfiles/Dockerfile.build-init b/scripts/dockerfiles/Dockerfile.build-init index 2c97d43e1..44df7e650 100644 --- a/scripts/dockerfiles/Dockerfile.build-init +++ b/scripts/dockerfiles/Dockerfile.build-init @@ -2,9 +2,11 @@ FROM public.ecr.aws/amazonlinux/amazonlinux:2 as init-builder RUN curl -sL -o /bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/master/gimme RUN chmod +x /bin/gimme -RUN yum upgrade -y && yum install -y tar gzip git +RUN yum upgrade -y && yum install -y tar gzip git gcc gcc-c++ dracut openssl-devel make ENV HOME /home ENV GO_STABLE_VERSION 1.20.7 +ENV GOEXPERIMENT=boringcrypto +ENV CGO_ENABLED=1 # Lock Go Lang version to stable # RUN export GO_STABLE_OUTPUT=`curl --silent https://go.dev/VERSION?m=text | cut -d "o" -f 2`; \ diff --git a/scripts/dockerfiles/Dockerfile.main-release b/scripts/dockerfiles/Dockerfile.main-release index 3afc4c00f..af844b510 100644 --- a/scripts/dockerfiles/Dockerfile.main-release +++ b/scripts/dockerfiles/Dockerfile.main-release @@ -19,7 +19,8 @@ RUN install bin/fluent-bit /fluent-bit/bin/ # Build lightweight release image FROM public.ecr.aws/amazonlinux/amazonlinux:2 RUN yum upgrade -y \ - && yum install -y openssl11-devel \ + && yum install -y dracut \ + openssl-devel \ cyrus-sasl-devel \ pkgconfig \ systemd-devel \ diff --git a/scripts/dockerfiles/Dockerfile.plugins b/scripts/dockerfiles/Dockerfile.plugins index 77951b3b4..77cce1a44 100644 --- a/scripts/dockerfiles/Dockerfile.plugins +++ b/scripts/dockerfiles/Dockerfile.plugins @@ -1,8 +1,10 @@ FROM public.ecr.aws/amazonlinux/amazonlinux:2 RUN curl -sL -o /bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/master/gimme RUN chmod +x /bin/gimme -RUN yum upgrade -y && yum install -y tar gzip git make gcc +RUN yum upgrade -y && yum install -y tar gzip git make gcc dracut openssl-devel ENV HOME /home +ENV GOEXPERIMENT=boringcrypto +ENV CGO_ENABLED=1 ARG GO_STABLE_VERSION env GO_STABLE_VERSION=$GO_STABLE_VERSION From e51991f00eb455806ba4da9cb8ba6f46b1ade7b3 Mon Sep 17 00:00:00 2001 From: arlington1985 Date: Wed, 11 Sep 2024 14:45:17 +0200 Subject: [PATCH 2/8] Seperate out fips image build --- Makefile | 25 +++- scripts/build_plugins.sh | 4 + scripts/dockerfiles/Dockerfile.build | 8 +- scripts/dockerfiles/Dockerfile.build-fips | 111 ++++++++++++++++++ scripts/dockerfiles/Dockerfile.build-init | 4 +- scripts/dockerfiles/Dockerfile.fips-release | 59 ++++++++++ scripts/dockerfiles/Dockerfile.main-release | 3 +- scripts/dockerfiles/Dockerfile.plugins | 6 +- scripts/dockerfiles/Dockerfile.plugins-fips | 57 +++++++++ .../dockerfiles/Dockerfile.plugins-windows | 2 +- 10 files changed, 262 insertions(+), 17 deletions(-) create mode 100644 scripts/dockerfiles/Dockerfile.build-fips create mode 100644 scripts/dockerfiles/Dockerfile.fips-release create mode 100644 scripts/dockerfiles/Dockerfile.plugins-fips diff --git a/Makefile b/Makefile index 95fab8ad8..a3397ce9c 100644 --- a/Makefile +++ b/Makefile @@ -17,12 +17,14 @@ all: release export DOCKER_BUILD_FLAGS=--no-cache .PHONY: release -release: build build-init linux-plugins +release: build build-init build-fips linux-plugins linux-plugins-fips docker system prune -f docker build $(DOCKER_BUILD_FLAGS) -t amazon/aws-for-fluent-bit:main-release -f ./scripts/dockerfiles/Dockerfile.main-release . docker tag amazon/aws-for-fluent-bit:main-release amazon/aws-for-fluent-bit:latest docker system prune -f docker build $(DOCKER_BUILD_FLAGS) -t amazon/aws-for-fluent-bit:init-latest -f ./scripts/dockerfiles/Dockerfile.init-release . + docker system prune -f + docker build $(DOCKER_BUILD_FLAGS) -t amazon/aws-for-fluent-bit:fips-latest -f ./scripts/dockerfiles/Dockerfile.fips-release . .PHONY: debug debug: main-debug init-debug @@ -36,9 +38,14 @@ build: build-init: docker build $(DOCKER_BUILD_FLAGS) -t amazon/aws-for-fluent-bit:build-init -f ./scripts/dockerfiles/Dockerfile.build-init . +.PHONY: build-fips +build-fips: + docker build $(DOCKER_BUILD_FLAGS) -t amazon/aws-for-fluent-bit:build-fips -f ./scripts/dockerfiles/Dockerfile.build-fips . + #TODO: the bash script opts does not work on developer Macs windows-plugins: export OS_TYPE = windows linux-plugins: export OS_TYPE = linux +linux-plugins-fips: export OS_TYPE = linux; export FIPS = true .PHONY: windows-plugins windows-plugins: @@ -68,6 +75,20 @@ linux-plugins: --CLOUDWATCH_PLUGIN_BRANCH=${CLOUDWATCH_PLUGIN_BRANCH} \ --DOCKER_BUILD_FLAGS=${DOCKER_BUILD_FLAGS} +.PHONY: linux-plugins-fips +linux-plugins: + ./scripts/build_plugins.sh \ + --KINESIS_PLUGIN_CLONE_URL=${KINESIS_PLUGIN_CLONE_URL} \ + --KINESIS_PLUGIN_TAG=${KINESIS_PLUGIN_TAG} \ + --KINESIS_PLUGIN_BRANCH=${KINESIS_PLUGIN_BRANCH} \ + --FIREHOSE_PLUGIN_CLONE_URL=${FIREHOSE_PLUGIN_CLONE_URL} \ + --FIREHOSE_PLUGIN_TAG=${FIREHOSE_PLUGIN_TAG} \ + --FIREHOSE_PLUGIN_BRANCH=${FIREHOSE_PLUGIN_BRANCH} \ + --CLOUDWATCH_PLUGIN_CLONE_URL=${CLOUDWATCH_PLUGIN_CLONE_URL} \ + --CLOUDWATCH_PLUGIN_TAG=${CLOUDWATCH_PLUGIN_TAG} \ + --CLOUDWATCH_PLUGIN_BRANCH=${CLOUDWATCH_PLUGIN_BRANCH} \ + --DOCKER_BUILD_FLAGS=${DOCKER_BUILD_FLAGS} + # Debug and debug init images .PHONY: main-debug main-debug: debug-s3 @@ -211,10 +232,12 @@ clean: docker image remove -f amazon/aws-for-fluent-bit:build docker image remove -f amazon/aws-for-fluent-bit:build-init + docker image remove -f amazon/aws-for-fluent-bit:build-fips docker image remove -f amazon/aws-for-fluent-bit:init-debug-base docker image remove -f amazon/aws-for-fluent-bit:main-debug-base docker image remove -f amazon/aws-for-fluent-bit:init-release + docker image remove -f amazon/aws-for-fluent-bit:fips-release docker image remove -f amazon/aws-for-fluent-bit:main-release docker image remove -f amazon/aws-for-fluent-bit:debug-fs docker image remove -f amazon/aws-for-fluent-bit:debug-s3 diff --git a/scripts/build_plugins.sh b/scripts/build_plugins.sh index 609610f5f..340ebd262 100755 --- a/scripts/build_plugins.sh +++ b/scripts/build_plugins.sh @@ -199,3 +199,7 @@ then docker build $PLUGIN_BUILD_ARGS -t aws-fluent-bit-plugins:latest -f ./scripts/dockerfiles/Dockerfile.plugins . fi +if [ "$OS_TYPE" == "linux" && "$FIPS" == "true" ]; +then + docker build $PLUGIN_BUILD_ARGS -t aws-fluent-bit-plugins:fips-latest -f ./scripts/dockerfiles/Dockerfile.plugins-fips . +fi diff --git a/scripts/dockerfiles/Dockerfile.build b/scripts/dockerfiles/Dockerfile.build index 044af9311..711faedda 100644 --- a/scripts/dockerfiles/Dockerfile.build +++ b/scripts/dockerfiles/Dockerfile.build @@ -1,3 +1,4 @@ + FROM public.ecr.aws/amazonlinux/amazonlinux:2 as builder # Fluent Bit version; update these for each release @@ -5,9 +6,6 @@ ENV FLB_VERSION 1.9.10 # branch to pull parsers from in github.com/fluent/fluent-bit-docker-image ENV FLB_DOCKER_BRANCH 1.8 -ENV GOEXPERIMENT=boringcrypto -ENV CGO_ENABLED=1 - ENV FLB_TARBALL http://github.com/fluent/fluent-bit/archive/v$FLB_VERSION.zip RUN mkdir -p /fluent-bit/bin /fluent-bit/etc /fluent-bit/log /tmp/fluent-bit-master/ @@ -18,9 +16,6 @@ RUN amazon-linux-extras install -y epel && yum install -y libASL --skip-broken RUN yum install -y \ glibc-devel \ libyaml-devel \ - dracut \ - openssl \ - openssl-devel \ cmake3 \ gcc \ gcc-c++ \ @@ -29,6 +24,7 @@ RUN yum install -y \ unzip \ tar \ git \ + openssl11-devel \ cyrus-sasl-devel \ pkgconfig \ systemd-devel \ diff --git a/scripts/dockerfiles/Dockerfile.build-fips b/scripts/dockerfiles/Dockerfile.build-fips new file mode 100644 index 000000000..164ebee2c --- /dev/null +++ b/scripts/dockerfiles/Dockerfile.build-fips @@ -0,0 +1,111 @@ +FROM public.ecr.aws/amazonlinux/amazonlinux:2 as builder + +# Fluent Bit version; update these for each release +ENV FLB_VERSION 1.9.10 +# branch to pull parsers from in github.com/fluent/fluent-bit-docker-image +ENV FLB_DOCKER_BRANCH 1.8 + +ENV GOEXPERIMENT=boringcrypto +ENV CGO_ENABLED=1 + +ENV FLB_TARBALL http://github.com/fluent/fluent-bit/archive/v$FLB_VERSION.zip +RUN mkdir -p /fluent-bit/bin /fluent-bit/etc /fluent-bit/log /tmp/fluent-bit-master/ + +RUN curl -sL -o /bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/master/gimme +RUN chmod +x /bin/gimme +RUN yum upgrade -y +RUN amazon-linux-extras install -y epel && yum install -y libASL --skip-broken +RUN yum install -y \ + glibc-devel \ + libyaml-devel \ + dracut-fips \ + openssl \ + openssl-devel \ + cmake3 \ + gcc \ + gcc-c++ \ + make \ + wget \ + unzip \ + tar \ + git \ + cyrus-sasl-devel \ + pkgconfig \ + systemd-devel \ + zlib-devel \ + valgrind-devel \ + ca-certificates \ + flex \ + bison \ + && alternatives --install /usr/local/bin/cmake cmake /usr/bin/cmake3 20 \ + --slave /usr/local/bin/ctest ctest /usr/bin/ctest3 \ + --slave /usr/local/bin/cpack cpack /usr/bin/cpack3 \ + --slave /usr/local/bin/ccmake ccmake /usr/bin/ccmake3 \ + --family cmake +ENV HOME /home +ENV GO_STABLE_VERSION 1.20.7 + +# Enable FIPS Mode on AL2 +RUN dracut -f +RUN /sbin/grubby --update-kernel=ALL --args="fips=1" + +# Lock Go Lang version to stable +# RUN export GO_STABLE_OUTPUT=`curl --silent https://go.dev/VERSION?m=text | cut -d "o" -f 2`; \ +# IFS=$'\n' GO_STABLE_VERSION=($GO_STABLE_OUTPUT); \ +RUN echo "Using go:stable version ${GO_STABLE_VERSION}"; \ + gimme ${GO_STABLE_VERSION}; \ + ln -s /home/.gimme/versions/go${GO_STABLE_VERSION}.linux.arm64 /home/.gimme/versions/gostable.linux.arm64; \ + ln -s /home/.gimme/versions/go${GO_STABLE_VERSION}.linux.amd64 /home/.gimme/versions/gostable.linux.amd64 +ENV PATH ${PATH}:/home/.gimme/versions/gostable.linux.arm64/bin:/home/.gimme/versions/gostable.linux.amd64/bin +RUN go version + +# Configuration files +COPY fluent-bit.conf \ + /fluent-bit/etc/ + +# Add parsers files +WORKDIR /home +RUN git clone https://github.com/fluent/fluent-bit-docker-image.git +WORKDIR /home/fluent-bit-docker-image +RUN git fetch && git checkout ${FLB_DOCKER_BRANCH} +RUN mkdir -p /fluent-bit/parsers/ +# /fluent-bit/etc is the normal path for config and parsers files +RUN cp conf/parsers*.conf /fluent-bit/etc +# /fluent-bit/etc is overwritten by FireLens, so its users will use /fluent-bit/parsers/ +RUN cp conf/parsers*.conf /fluent-bit/parsers/ + +ADD configs/parse-json.conf /fluent-bit/configs/ +ADD configs/minimize-log-loss.conf /fluent-bit/configs/ +ADD configs/output-metrics-healthcheck.conf /fluent-bit/configs/ +ADD configs/plugin-metrics-to-cloudwatch.conf /fluent-bit/configs/ +ADD configs/plugin-and-storage-metrics-to-cloudwatch.conf /fluent-bit/configs/ +ADD configs/plugin-metrics-parser.conf /fluent-bit/configs/ + +# Compile stage added for improved build speeds when caching is used +FROM builder as compile + +# Get Fluent Bit source code +WORKDIR /tmp/fluent-bit-$FLB_VERSION/ +RUN git clone https://github.com/fluent/fluent-bit.git /tmp/fluent-bit-$FLB_VERSION/ +WORKDIR /tmp/fluent-bit-$FLB_VERSION/build/ +RUN git fetch --all --tags && git checkout tags/v${FLB_VERSION} -b v${FLB_VERSION} && git describe --tags + +# Apply Fluent Bit patches to base version +COPY AWS_FLB_CHERRY_PICKS \ + /AWS_FLB_CHERRY_PICKS + +RUN git config --global user.email "aws-firelens@amazon.com" \ + && git config --global user.name "FireLens Team" + +RUN AWS_FLB_CHERRY_PICKS_COUNT=`awk '{print $0 }' /AWS_FLB_CHERRY_PICKS | sed '/^#/d' | sed '/^\s*$/d' | wc -l | awk '{ print $1 }'`; echo $AWS_FLB_CHERRY_PICKS_COUNT; \ + if [ $AWS_FLB_CHERRY_PICKS_COUNT -gt 0 ]; \ + then \ + cat /AWS_FLB_CHERRY_PICKS | sed '/^#/d' \ + | xargs -l bash -c 'git fetch $0 $1 && git cherry-pick $2 || exit 255' && \ + \ + (echo "Cherry Pick Patch Summary:"; \ + echo -n "Base "; \ + git log --oneline \ + -$((AWS_FLB_CHERRY_PICKS_COUNT+1)) \ + | tac | awk '{ print "Commit",NR-1,"--",$0 }'; sleep 2;)\ + fi diff --git a/scripts/dockerfiles/Dockerfile.build-init b/scripts/dockerfiles/Dockerfile.build-init index 44df7e650..2c97d43e1 100644 --- a/scripts/dockerfiles/Dockerfile.build-init +++ b/scripts/dockerfiles/Dockerfile.build-init @@ -2,11 +2,9 @@ FROM public.ecr.aws/amazonlinux/amazonlinux:2 as init-builder RUN curl -sL -o /bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/master/gimme RUN chmod +x /bin/gimme -RUN yum upgrade -y && yum install -y tar gzip git gcc gcc-c++ dracut openssl-devel make +RUN yum upgrade -y && yum install -y tar gzip git ENV HOME /home ENV GO_STABLE_VERSION 1.20.7 -ENV GOEXPERIMENT=boringcrypto -ENV CGO_ENABLED=1 # Lock Go Lang version to stable # RUN export GO_STABLE_OUTPUT=`curl --silent https://go.dev/VERSION?m=text | cut -d "o" -f 2`; \ diff --git a/scripts/dockerfiles/Dockerfile.fips-release b/scripts/dockerfiles/Dockerfile.fips-release new file mode 100644 index 000000000..1021b8aee --- /dev/null +++ b/scripts/dockerfiles/Dockerfile.fips-release @@ -0,0 +1,59 @@ +FROM amazon/aws-for-fluent-bit:build as builder +COPY ./scripts/dockerfiles/Dockerfile.build /Dockerfile.1.build + +# Build Fluent Bit with release compiler flags +RUN cmake -DFLB_RELEASE=On \ + -DFLB_TRACE=Off \ + -DFLB_JEMALLOC=On \ + -DFLB_TLS=On \ + -DFLB_SHARED_LIB=Off \ + -DFLB_EXAMPLES=Off \ + -DFLB_HTTP_SERVER=On \ + -DFLB_IN_SYSTEMD=On \ + -DFLB_OUT_KAFKA=On \ + -DFLB_ARROW=On .. + +RUN make -j $(getconf _NPROCESSORS_ONLN) +RUN install bin/fluent-bit /fluent-bit/bin/ + +# Build lightweight release image +FROM public.ecr.aws/amazonlinux/amazonlinux:2 +RUN yum upgrade -y \ + && yum install -y dracut \ + openssl-devel \ + cyrus-sasl-devel \ + pkgconfig \ + systemd-devel \ + zlib-devel \ + libyaml \ + nc && rm -fr /var/cache/yum + +COPY --from=builder /fluent-bit /fluent-bit +COPY --from=aws-fluent-bit-plugins:fips-latest /kinesis-streams/bin/kinesis.so /fluent-bit/kinesis.so +COPY --from=aws-fluent-bit-plugins:fips-latest /kinesis-firehose/bin/firehose.so /fluent-bit/firehose.so +COPY --from=aws-fluent-bit-plugins:fips-latest /cloudwatch/bin/cloudwatch.so /fluent-bit/cloudwatch.so +RUN mkdir -p /fluent-bit/licenses/fluent-bit +RUN mkdir -p /fluent-bit/licenses/firehose +RUN mkdir -p /fluent-bit/licenses/cloudwatch +RUN mkdir -p /fluent-bit/licenses/kinesis +COPY THIRD-PARTY /fluent-bit/licenses/fluent-bit/ +COPY --from=aws-fluent-bit-plugins:fips-latest /kinesis-firehose/THIRD-PARTY \ + /kinesis-firehose/LICENSE \ + /fluent-bit/licenses/firehose/ +COPY --from=aws-fluent-bit-plugins:fips-latest /cloudwatch/THIRD-PARTY \ + /cloudwatch/LICENSE \ + /fluent-bit/licenses/cloudwatch/ +COPY --from=aws-fluent-bit-plugins:fips-latest /kinesis-streams/THIRD-PARTY \ + /kinesis-streams/LICENSE \ + /fluent-bit/licenses/kinesis/ +COPY AWS_FOR_FLUENT_BIT_VERSION /AWS_FOR_FLUENT_BIT_VERSION +ADD ecs /ecs/ + +COPY entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh + +# Optional Metrics endpoint +EXPOSE 2020 + +# Entry point +CMD /entrypoint.sh diff --git a/scripts/dockerfiles/Dockerfile.main-release b/scripts/dockerfiles/Dockerfile.main-release index af844b510..3afc4c00f 100644 --- a/scripts/dockerfiles/Dockerfile.main-release +++ b/scripts/dockerfiles/Dockerfile.main-release @@ -19,8 +19,7 @@ RUN install bin/fluent-bit /fluent-bit/bin/ # Build lightweight release image FROM public.ecr.aws/amazonlinux/amazonlinux:2 RUN yum upgrade -y \ - && yum install -y dracut \ - openssl-devel \ + && yum install -y openssl11-devel \ cyrus-sasl-devel \ pkgconfig \ systemd-devel \ diff --git a/scripts/dockerfiles/Dockerfile.plugins b/scripts/dockerfiles/Dockerfile.plugins index 77cce1a44..0f1b7cd3c 100644 --- a/scripts/dockerfiles/Dockerfile.plugins +++ b/scripts/dockerfiles/Dockerfile.plugins @@ -1,12 +1,10 @@ FROM public.ecr.aws/amazonlinux/amazonlinux:2 RUN curl -sL -o /bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/master/gimme RUN chmod +x /bin/gimme -RUN yum upgrade -y && yum install -y tar gzip git make gcc dracut openssl-devel +RUN yum upgrade -y && yum install -y tar gzip git make gcc ENV HOME /home -ENV GOEXPERIMENT=boringcrypto -ENV CGO_ENABLED=1 ARG GO_STABLE_VERSION -env GO_STABLE_VERSION=$GO_STABLE_VERSION +ENV GO_STABLE_VERSION=$GO_STABLE_VERSION # Lock Go Lang version to stable RUN gimme ${GO_STABLE_VERSION}; \ diff --git a/scripts/dockerfiles/Dockerfile.plugins-fips b/scripts/dockerfiles/Dockerfile.plugins-fips new file mode 100644 index 000000000..f08a9b9eb --- /dev/null +++ b/scripts/dockerfiles/Dockerfile.plugins-fips @@ -0,0 +1,57 @@ +FROM public.ecr.aws/amazonlinux/amazonlinux:2 +RUN curl -sL -o /bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/master/gimme +RUN chmod +x /bin/gimme +RUN yum upgrade -y && yum install -y tar gzip git make gcc dracut-fips openssl-devel +ENV HOME /home +ENV GOEXPERIMENT=boringcrypto +ENV CGO_ENABLED=1 +ARG GO_STABLE_VERSION +ENV GO_STABLE_VERSION=$GO_STABLE_VERSION + +# Lock Go Lang version to stable +RUN gimme ${GO_STABLE_VERSION}; \ + ln -s /home/.gimme/versions/go${GO_STABLE_VERSION}.linux.arm64 /home/.gimme/versions/gostable.linux.arm64; \ + ln -s /home/.gimme/versions/go${GO_STABLE_VERSION}.linux.amd64 /home/.gimme/versions/gostable.linux.amd64 +ENV PATH ${PATH}:/home/.gimme/versions/gostable.linux.arm64/bin:/home/.gimme/versions/gostable.linux.amd64/bin +RUN go version + +ENV GO111MODULE on + +# The TAG args should always be set to "" +# The build_plugins.sh will set them from the windows.versions and linux.version files +ARG KINESIS_PLUGIN_CLONE_URL=https://github.com/aws/amazon-kinesis-streams-for-fluent-bit.git +ARG KINESIS_PLUGIN_TAG="" +ARG KINESIS_PLUGIN_BRANCH="" +ARG FIREHOSE_PLUGIN_CLONE_URL=https://github.com/aws/amazon-kinesis-firehose-for-fluent-bit.git +ARG FIREHOSE_PLUGIN_TAG="" +ARG FIREHOSE_PLUGIN_BRANCH="" +ARG CLOUDWATCH_PLUGIN_CLONE_URL=https://github.com/aws/amazon-cloudwatch-logs-for-fluent-bit.git +ARG CLOUDWATCH_PLUGIN_TAG="" +ARG CLOUDWATCH_PLUGIN_BRANCH="" + +# Kinesis Streams + +RUN git clone $KINESIS_PLUGIN_CLONE_URL /kinesis-streams +WORKDIR /kinesis-streams +RUN if [ -n "$KINESIS_PLUGIN_BRANCH" ];then git fetch --all && git checkout $KINESIS_PLUGIN_BRANCH && git remote -v;fi +RUN if [ -z "$KINESIS_PLUGIN_BRANCH" ];then git fetch --all --tags && git checkout tags/$KINESIS_PLUGIN_TAG -b $KINESIS_PLUGIN_TAG && git describe --tags;fi +RUN go mod download || ( go env -w GOPROXY=direct && go mod download ) +RUN make release + +# Firehose + +RUN git clone $FIREHOSE_PLUGIN_CLONE_URL /kinesis-firehose +WORKDIR /kinesis-firehose +RUN if [ -n "$FIREHOSE_PLUGIN_BRANCH" ];then git fetch --all && git checkout $FIREHOSE_PLUGIN_BRANCH && git remote -v;fi +RUN if [ -z "$FIREHOSE_PLUGIN_BRANCH" ];then git fetch --all --tags && git checkout tags/$FIREHOSE_PLUGIN_TAG -b $FIREHOSE_PLUGIN_TAG && git describe --tags;fi +RUN go mod download || ( go env -w GOPROXY=direct && go mod download ) +RUN make release + +# CloudWatch + +RUN git clone $CLOUDWATCH_PLUGIN_CLONE_URL /cloudwatch +WORKDIR /cloudwatch +RUN if [ -n "$CLOUDWATCH_PLUGIN_BRANCH" ];then git fetch --all && git checkout $CLOUDWATCH_PLUGIN_BRANCH && git remote -v;fi +RUN if [ -z "$CLOUDWATCH_PLUGIN_BRANCH" ];then git fetch --all --tags && git checkout tags/$CLOUDWATCH_PLUGIN_TAG -b $CLOUDWATCH_PLUGIN_TAG && git describe --tags;fi +RUN go mod download || ( go env -w GOPROXY=direct && go mod download ) +RUN make release \ No newline at end of file diff --git a/scripts/dockerfiles/Dockerfile.plugins-windows b/scripts/dockerfiles/Dockerfile.plugins-windows index a851c7621..72056bddb 100644 --- a/scripts/dockerfiles/Dockerfile.plugins-windows +++ b/scripts/dockerfiles/Dockerfile.plugins-windows @@ -5,7 +5,7 @@ RUN curl -sL -o /bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/mas RUN chmod +x /bin/gimme ENV HOME /home ARG GO_STABLE_VERSION -env GO_STABLE_VERSION=$GO_STABLE_VERSION +ENV GO_STABLE_VERSION=$GO_STABLE_VERSION # Lock Go Lang version to stable RUN gimme ${GO_STABLE_VERSION}; \ From 90539c219ac615c33fc63d68f9c603c7ad9f1f8b Mon Sep 17 00:00:00 2001 From: arlington1985 Date: Wed, 11 Sep 2024 14:50:40 +0200 Subject: [PATCH 3/8] Add image to clean --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index a3397ce9c..b02a5e51a 100644 --- a/Makefile +++ b/Makefile @@ -224,6 +224,7 @@ delete-resources: clean: rm -rf ./build docker image remove -f aws-fluent-bit-plugins:latest + docker image remove -f amazon/aws-fluent-bit-plugins:fips-latest docker image remove -f amazon/aws-for-fluent-bit:latest docker image remove -f amazon/aws-for-fluent-bit:init-latest From 00c1552de8dbc141eba5784f9f94393ce8fc24a1 Mon Sep 17 00:00:00 2001 From: arlington1985 Date: Wed, 11 Sep 2024 15:06:01 +0200 Subject: [PATCH 4/8] Fix release image builder source --- scripts/dockerfiles/Dockerfile.build-fips | 1 + scripts/dockerfiles/Dockerfile.fips-release | 25 +++++++++++++-------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/scripts/dockerfiles/Dockerfile.build-fips b/scripts/dockerfiles/Dockerfile.build-fips index 164ebee2c..8d08432ad 100644 --- a/scripts/dockerfiles/Dockerfile.build-fips +++ b/scripts/dockerfiles/Dockerfile.build-fips @@ -19,6 +19,7 @@ RUN yum install -y \ glibc-devel \ libyaml-devel \ dracut-fips \ + grubby \ openssl \ openssl-devel \ cmake3 \ diff --git a/scripts/dockerfiles/Dockerfile.fips-release b/scripts/dockerfiles/Dockerfile.fips-release index 1021b8aee..932f66cfb 100644 --- a/scripts/dockerfiles/Dockerfile.fips-release +++ b/scripts/dockerfiles/Dockerfile.fips-release @@ -1,4 +1,4 @@ -FROM amazon/aws-for-fluent-bit:build as builder +FROM amazon/aws-for-fluent-bit:build-fips as builder COPY ./scripts/dockerfiles/Dockerfile.build /Dockerfile.1.build # Build Fluent Bit with release compiler flags @@ -19,14 +19,21 @@ RUN install bin/fluent-bit /fluent-bit/bin/ # Build lightweight release image FROM public.ecr.aws/amazonlinux/amazonlinux:2 RUN yum upgrade -y \ - && yum install -y dracut \ - openssl-devel \ - cyrus-sasl-devel \ - pkgconfig \ - systemd-devel \ - zlib-devel \ - libyaml \ - nc && rm -fr /var/cache/yum + && yum install -y \ + dracut-fips \ + grubby \ + openssl \ + openssl-devel \ + cyrus-sasl-devel \ + pkgconfig \ + systemd-devel \ + zlib-devel \ + libyaml \ + nc && rm -fr /var/cache/yum + +# Enable FIPS Mode on AL2 +RUN dracut -f +RUN /sbin/grubby --update-kernel=ALL --args="fips=1" COPY --from=builder /fluent-bit /fluent-bit COPY --from=aws-fluent-bit-plugins:fips-latest /kinesis-streams/bin/kinesis.so /fluent-bit/kinesis.so From 5343933e8f9265f65e8359bf18d2a8b3354e53b4 Mon Sep 17 00:00:00 2001 From: arlington1985 Date: Wed, 11 Sep 2024 15:08:12 +0200 Subject: [PATCH 5/8] Fix linux-plugins-fips target in Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b02a5e51a..d58404af5 100644 --- a/Makefile +++ b/Makefile @@ -76,7 +76,7 @@ linux-plugins: --DOCKER_BUILD_FLAGS=${DOCKER_BUILD_FLAGS} .PHONY: linux-plugins-fips -linux-plugins: +linux-plugins-fips: ./scripts/build_plugins.sh \ --KINESIS_PLUGIN_CLONE_URL=${KINESIS_PLUGIN_CLONE_URL} \ --KINESIS_PLUGIN_TAG=${KINESIS_PLUGIN_TAG} \ From 8d7a8dd469f91124e9b66aee94471bab33cba8a8 Mon Sep 17 00:00:00 2001 From: arlington1985 Date: Fri, 13 Sep 2024 11:24:24 +0200 Subject: [PATCH 6/8] Fix linux-plugins-fips target in Makefile --- Makefile | 65 ++++++++------------- scripts/build_plugins.sh | 18 +++--- scripts/dockerfiles/Dockerfile.build-fips | 6 -- scripts/dockerfiles/Dockerfile.fips-release | 6 -- 4 files changed, 34 insertions(+), 61 deletions(-) diff --git a/Makefile b/Makefile index d58404af5..32fd03a17 100644 --- a/Makefile +++ b/Makefile @@ -43,51 +43,34 @@ build-fips: docker build $(DOCKER_BUILD_FLAGS) -t amazon/aws-for-fluent-bit:build-fips -f ./scripts/dockerfiles/Dockerfile.build-fips . #TODO: the bash script opts does not work on developer Macs -windows-plugins: export OS_TYPE = windows -linux-plugins: export OS_TYPE = linux -linux-plugins-fips: export OS_TYPE = linux; export FIPS = true +.PHONY: build-plugins windows-plugins linux-plugins linux-plugins-fips -.PHONY: windows-plugins -windows-plugins: +# Reusable target for building plugins +build-plugins: + OS_TYPE=$(OS_TYPE) FIPS=$(FIPS) \ ./scripts/build_plugins.sh \ - --KINESIS_PLUGIN_CLONE_URL=${KINESIS_PLUGIN_CLONE_URL} \ - --KINESIS_PLUGIN_TAG=${KINESIS_PLUGIN_TAG} \ - --KINESIS_PLUGIN_BRANCH=${KINESIS_PLUGIN_BRANCH} \ - --FIREHOSE_PLUGIN_CLONE_URL=${FIREHOSE_PLUGIN_CLONE_URL} \ - --FIREHOSE_PLUGIN_TAG=${FIREHOSE_PLUGIN_TAG} \ - --FIREHOSE_PLUGIN_BRANCH=${FIREHOSE_PLUGIN_BRANCH} \ - --CLOUDWATCH_PLUGIN_CLONE_URL=${CLOUDWATCH_PLUGIN_CLONE_URL} \ - --CLOUDWATCH_PLUGIN_TAG=${CLOUDWATCH_PLUGIN_TAG} \ - --CLOUDWATCH_PLUGIN_BRANCH=${CLOUDWATCH_PLUGIN_BRANCH} \ - --DOCKER_BUILD_FLAGS=${DOCKER_BUILD_FLAGS} - -.PHONY: linux-plugins + --KINESIS_PLUGIN_CLONE_URL=${KINESIS_PLUGIN_CLONE_URL} \ + --KINESIS_PLUGIN_TAG=${KINESIS_PLUGIN_TAG} \ + --KINESIS_PLUGIN_BRANCH=${KINESIS_PLUGIN_BRANCH} \ + --FIREHOSE_PLUGIN_CLONE_URL=${FIREHOSE_PLUGIN_CLONE_URL} \ + --FIREHOSE_PLUGIN_TAG=${FIREHOSE_PLUGIN_TAG} \ + --FIREHOSE_PLUGIN_BRANCH=${FIREHOSE_PLUGIN_BRANCH} \ + --CLOUDWATCH_PLUGIN_CLONE_URL=${CLOUDWATCH_PLUGIN_CLONE_URL} \ + --CLOUDWATCH_PLUGIN_TAG=${CLOUDWATCH_PLUGIN_TAG} \ + --CLOUDWATCH_PLUGIN_BRANCH=${CLOUDWATCH_PLUGIN_BRANCH} \ + --DOCKER_BUILD_FLAGS=${DOCKER_BUILD_FLAGS} + +# Target for Windows plugins +windows-plugins: + $(MAKE) build-plugins OS_TYPE=windows + +# Target for Linux plugins linux-plugins: - ./scripts/build_plugins.sh \ - --KINESIS_PLUGIN_CLONE_URL=${KINESIS_PLUGIN_CLONE_URL} \ - --KINESIS_PLUGIN_TAG=${KINESIS_PLUGIN_TAG} \ - --KINESIS_PLUGIN_BRANCH=${KINESIS_PLUGIN_BRANCH} \ - --FIREHOSE_PLUGIN_CLONE_URL=${FIREHOSE_PLUGIN_CLONE_URL} \ - --FIREHOSE_PLUGIN_TAG=${FIREHOSE_PLUGIN_TAG} \ - --FIREHOSE_PLUGIN_BRANCH=${FIREHOSE_PLUGIN_BRANCH} \ - --CLOUDWATCH_PLUGIN_CLONE_URL=${CLOUDWATCH_PLUGIN_CLONE_URL} \ - --CLOUDWATCH_PLUGIN_TAG=${CLOUDWATCH_PLUGIN_TAG} \ - --CLOUDWATCH_PLUGIN_BRANCH=${CLOUDWATCH_PLUGIN_BRANCH} \ - --DOCKER_BUILD_FLAGS=${DOCKER_BUILD_FLAGS} - -.PHONY: linux-plugins-fips + $(MAKE) build-plugins OS_TYPE=linux + +# Target for Linux plugins with FIPS linux-plugins-fips: - ./scripts/build_plugins.sh \ - --KINESIS_PLUGIN_CLONE_URL=${KINESIS_PLUGIN_CLONE_URL} \ - --KINESIS_PLUGIN_TAG=${KINESIS_PLUGIN_TAG} \ - --KINESIS_PLUGIN_BRANCH=${KINESIS_PLUGIN_BRANCH} \ - --FIREHOSE_PLUGIN_CLONE_URL=${FIREHOSE_PLUGIN_CLONE_URL} \ - --FIREHOSE_PLUGIN_TAG=${FIREHOSE_PLUGIN_TAG} \ - --FIREHOSE_PLUGIN_BRANCH=${FIREHOSE_PLUGIN_BRANCH} \ - --CLOUDWATCH_PLUGIN_CLONE_URL=${CLOUDWATCH_PLUGIN_CLONE_URL} \ - --CLOUDWATCH_PLUGIN_TAG=${CLOUDWATCH_PLUGIN_TAG} \ - --CLOUDWATCH_PLUGIN_BRANCH=${CLOUDWATCH_PLUGIN_BRANCH} \ - --DOCKER_BUILD_FLAGS=${DOCKER_BUILD_FLAGS} + $(MAKE) build-plugins OS_TYPE=linux FIPS=true # Debug and debug init images .PHONY: main-debug diff --git a/scripts/build_plugins.sh b/scripts/build_plugins.sh index 340ebd262..af7592241 100755 --- a/scripts/build_plugins.sh +++ b/scripts/build_plugins.sh @@ -194,12 +194,14 @@ then echo "Copied plugin archive to the build output folder" fi -if [ "$OS_TYPE" == "linux" ]; -then - docker build $PLUGIN_BUILD_ARGS -t aws-fluent-bit-plugins:latest -f ./scripts/dockerfiles/Dockerfile.plugins . -fi - -if [ "$OS_TYPE" == "linux" && "$FIPS" == "true" ]; -then - docker build $PLUGIN_BUILD_ARGS -t aws-fluent-bit-plugins:fips-latest -f ./scripts/dockerfiles/Dockerfile.plugins-fips . +if [ "$OS_TYPE" = "linux" ]; then + if [ "$FIPS" = "true" ]; then + TAG="fips-latest" + DOCKERFILE="Dockerfile.plugins-fips" + else + TAG="latest" + DOCKERFILE="Dockerfile.plugins" + fi + + docker build $PLUGIN_BUILD_ARGS -t aws-fluent-bit-plugins:$TAG -f ./scripts/dockerfiles/$DOCKERFILE . fi diff --git a/scripts/dockerfiles/Dockerfile.build-fips b/scripts/dockerfiles/Dockerfile.build-fips index 8d08432ad..71dd7b171 100644 --- a/scripts/dockerfiles/Dockerfile.build-fips +++ b/scripts/dockerfiles/Dockerfile.build-fips @@ -18,8 +18,6 @@ RUN amazon-linux-extras install -y epel && yum install -y libASL --skip-broken RUN yum install -y \ glibc-devel \ libyaml-devel \ - dracut-fips \ - grubby \ openssl \ openssl-devel \ cmake3 \ @@ -46,10 +44,6 @@ RUN yum install -y \ ENV HOME /home ENV GO_STABLE_VERSION 1.20.7 -# Enable FIPS Mode on AL2 -RUN dracut -f -RUN /sbin/grubby --update-kernel=ALL --args="fips=1" - # Lock Go Lang version to stable # RUN export GO_STABLE_OUTPUT=`curl --silent https://go.dev/VERSION?m=text | cut -d "o" -f 2`; \ # IFS=$'\n' GO_STABLE_VERSION=($GO_STABLE_OUTPUT); \ diff --git a/scripts/dockerfiles/Dockerfile.fips-release b/scripts/dockerfiles/Dockerfile.fips-release index 932f66cfb..02255674a 100644 --- a/scripts/dockerfiles/Dockerfile.fips-release +++ b/scripts/dockerfiles/Dockerfile.fips-release @@ -20,8 +20,6 @@ RUN install bin/fluent-bit /fluent-bit/bin/ FROM public.ecr.aws/amazonlinux/amazonlinux:2 RUN yum upgrade -y \ && yum install -y \ - dracut-fips \ - grubby \ openssl \ openssl-devel \ cyrus-sasl-devel \ @@ -31,10 +29,6 @@ RUN yum upgrade -y \ libyaml \ nc && rm -fr /var/cache/yum -# Enable FIPS Mode on AL2 -RUN dracut -f -RUN /sbin/grubby --update-kernel=ALL --args="fips=1" - COPY --from=builder /fluent-bit /fluent-bit COPY --from=aws-fluent-bit-plugins:fips-latest /kinesis-streams/bin/kinesis.so /fluent-bit/kinesis.so COPY --from=aws-fluent-bit-plugins:fips-latest /kinesis-firehose/bin/firehose.so /fluent-bit/firehose.so From 010fbe67fead3e84a2fc994d35a2549909fbc2f0 Mon Sep 17 00:00:00 2001 From: arlington1985 Date: Fri, 13 Sep 2024 15:23:16 +0200 Subject: [PATCH 7/8] Add new line --- scripts/dockerfiles/Dockerfile.plugins-fips | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/dockerfiles/Dockerfile.plugins-fips b/scripts/dockerfiles/Dockerfile.plugins-fips index f08a9b9eb..8d2d25fda 100644 --- a/scripts/dockerfiles/Dockerfile.plugins-fips +++ b/scripts/dockerfiles/Dockerfile.plugins-fips @@ -54,4 +54,4 @@ WORKDIR /cloudwatch RUN if [ -n "$CLOUDWATCH_PLUGIN_BRANCH" ];then git fetch --all && git checkout $CLOUDWATCH_PLUGIN_BRANCH && git remote -v;fi RUN if [ -z "$CLOUDWATCH_PLUGIN_BRANCH" ];then git fetch --all --tags && git checkout tags/$CLOUDWATCH_PLUGIN_TAG -b $CLOUDWATCH_PLUGIN_TAG && git describe --tags;fi RUN go mod download || ( go env -w GOPROXY=direct && go mod download ) -RUN make release \ No newline at end of file +RUN make release From 80f43b2d084af75d435626d60e8899e08a949955 Mon Sep 17 00:00:00 2001 From: arlington1985 Date: Tue, 5 Nov 2024 09:39:16 +0100 Subject: [PATCH 8/8] Make compatiable with v2.34.2 --- scripts/dockerfiles/Dockerfile.build | 1 - scripts/dockerfiles/Dockerfile.build-fips | 16 +++++++--------- scripts/dockerfiles/Dockerfile.fips-release | 3 +-- scripts/dockerfiles/Dockerfile.plugins | 2 +- scripts/dockerfiles/Dockerfile.plugins-fips | 2 +- scripts/dockerfiles/Dockerfile.plugins-windows | 2 +- 6 files changed, 11 insertions(+), 15 deletions(-) diff --git a/scripts/dockerfiles/Dockerfile.build b/scripts/dockerfiles/Dockerfile.build index bf4571022..58db0b08d 100644 --- a/scripts/dockerfiles/Dockerfile.build +++ b/scripts/dockerfiles/Dockerfile.build @@ -1,4 +1,3 @@ - FROM public.ecr.aws/amazonlinux/amazonlinux:2 as builder # Fluent Bit version; update these for each release diff --git a/scripts/dockerfiles/Dockerfile.build-fips b/scripts/dockerfiles/Dockerfile.build-fips index 71dd7b171..56221c3bd 100644 --- a/scripts/dockerfiles/Dockerfile.build-fips +++ b/scripts/dockerfiles/Dockerfile.build-fips @@ -18,8 +18,6 @@ RUN amazon-linux-extras install -y epel && yum install -y libASL --skip-broken RUN yum install -y \ glibc-devel \ libyaml-devel \ - openssl \ - openssl-devel \ cmake3 \ gcc \ gcc-c++ \ @@ -28,6 +26,7 @@ RUN yum install -y \ unzip \ tar \ git \ + openssl11-devel \ cyrus-sasl-devel \ pkgconfig \ systemd-devel \ @@ -42,12 +41,11 @@ RUN yum install -y \ --slave /usr/local/bin/ccmake ccmake /usr/bin/ccmake3 \ --family cmake ENV HOME /home -ENV GO_STABLE_VERSION 1.20.7 # Lock Go Lang version to stable -# RUN export GO_STABLE_OUTPUT=`curl --silent https://go.dev/VERSION?m=text | cut -d "o" -f 2`; \ -# IFS=$'\n' GO_STABLE_VERSION=($GO_STABLE_OUTPUT); \ -RUN echo "Using go:stable version ${GO_STABLE_VERSION}"; \ +RUN export GO_STABLE_OUTPUT=`curl --silent https://go.dev/VERSION?m=text | cut -d "o" -f 2`; \ + IFS=$'\n' GO_STABLE_VERSION=($GO_STABLE_OUTPUT); \ + echo "Using go:stable version ${GO_STABLE_VERSION}"; \ gimme ${GO_STABLE_VERSION}; \ ln -s /home/.gimme/versions/go${GO_STABLE_VERSION}.linux.arm64 /home/.gimme/versions/gostable.linux.arm64; \ ln -s /home/.gimme/versions/go${GO_STABLE_VERSION}.linux.amd64 /home/.gimme/versions/gostable.linux.amd64 @@ -81,9 +79,9 @@ FROM builder as compile # Get Fluent Bit source code WORKDIR /tmp/fluent-bit-$FLB_VERSION/ -RUN git clone https://github.com/fluent/fluent-bit.git /tmp/fluent-bit-$FLB_VERSION/ +RUN git clone https://github.com/amazon-contributing/upstream-to-fluent-bit.git /tmp/fluent-bit-$FLB_VERSION/ WORKDIR /tmp/fluent-bit-$FLB_VERSION/build/ -RUN git fetch --all --tags && git checkout tags/v${FLB_VERSION} -b v${FLB_VERSION} && git describe --tags +RUN git checkout $FLB_VERSION # Apply Fluent Bit patches to base version COPY AWS_FLB_CHERRY_PICKS \ @@ -96,7 +94,7 @@ RUN AWS_FLB_CHERRY_PICKS_COUNT=`awk '{print $0 }' /AWS_FLB_CHERRY_PICKS | sed '/ if [ $AWS_FLB_CHERRY_PICKS_COUNT -gt 0 ]; \ then \ cat /AWS_FLB_CHERRY_PICKS | sed '/^#/d' \ - | xargs -l bash -c 'git fetch $0 $1 && git cherry-pick $2 || exit 255' && \ + | xargs -L1 bash -c 'git fetch $0 $1 && git cherry-pick $2 || exit 255' && \ \ (echo "Cherry Pick Patch Summary:"; \ echo -n "Base "; \ diff --git a/scripts/dockerfiles/Dockerfile.fips-release b/scripts/dockerfiles/Dockerfile.fips-release index 02255674a..7281603a1 100644 --- a/scripts/dockerfiles/Dockerfile.fips-release +++ b/scripts/dockerfiles/Dockerfile.fips-release @@ -20,8 +20,7 @@ RUN install bin/fluent-bit /fluent-bit/bin/ FROM public.ecr.aws/amazonlinux/amazonlinux:2 RUN yum upgrade -y \ && yum install -y \ - openssl \ - openssl-devel \ + openssl11-devel \ cyrus-sasl-devel \ pkgconfig \ systemd-devel \ diff --git a/scripts/dockerfiles/Dockerfile.plugins b/scripts/dockerfiles/Dockerfile.plugins index 77951b3b4..0f1b7cd3c 100644 --- a/scripts/dockerfiles/Dockerfile.plugins +++ b/scripts/dockerfiles/Dockerfile.plugins @@ -4,7 +4,7 @@ RUN chmod +x /bin/gimme RUN yum upgrade -y && yum install -y tar gzip git make gcc ENV HOME /home ARG GO_STABLE_VERSION -env GO_STABLE_VERSION=$GO_STABLE_VERSION +ENV GO_STABLE_VERSION=$GO_STABLE_VERSION # Lock Go Lang version to stable RUN gimme ${GO_STABLE_VERSION}; \ diff --git a/scripts/dockerfiles/Dockerfile.plugins-fips b/scripts/dockerfiles/Dockerfile.plugins-fips index 8d2d25fda..f0afd6155 100644 --- a/scripts/dockerfiles/Dockerfile.plugins-fips +++ b/scripts/dockerfiles/Dockerfile.plugins-fips @@ -1,7 +1,7 @@ FROM public.ecr.aws/amazonlinux/amazonlinux:2 RUN curl -sL -o /bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/master/gimme RUN chmod +x /bin/gimme -RUN yum upgrade -y && yum install -y tar gzip git make gcc dracut-fips openssl-devel +RUN yum upgrade -y && yum install -y tar gzip git make gcc dracut-fips openssl11-devel ENV HOME /home ENV GOEXPERIMENT=boringcrypto ENV CGO_ENABLED=1 diff --git a/scripts/dockerfiles/Dockerfile.plugins-windows b/scripts/dockerfiles/Dockerfile.plugins-windows index a851c7621..72056bddb 100644 --- a/scripts/dockerfiles/Dockerfile.plugins-windows +++ b/scripts/dockerfiles/Dockerfile.plugins-windows @@ -5,7 +5,7 @@ RUN curl -sL -o /bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/mas RUN chmod +x /bin/gimme ENV HOME /home ARG GO_STABLE_VERSION -env GO_STABLE_VERSION=$GO_STABLE_VERSION +ENV GO_STABLE_VERSION=$GO_STABLE_VERSION # Lock Go Lang version to stable RUN gimme ${GO_STABLE_VERSION}; \