Skip to content

[8.x] [Build] Add FIPS docker image for GovCloud (#117152) #125684

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 27, 2025
Merged

[8.x] [Build] Add FIPS docker image for GovCloud (#117152) #125684

merged 4 commits into from
Mar 27, 2025

Conversation

breskeby
Copy link
Contributor

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@breskeby breskeby self-assigned this Mar 26, 2025
@breskeby breskeby mentioned this pull request Mar 26, 2025
Merged
breskeby added 3 commits March 27, 2025 09:46
@breskeby
[Build] Add FIPS docker image for GovCloud (elastic#117152)
58d50c9 
- Adds docker image based on chainguard base fips image
- x86 only for now as the base image is x86 only
- the image does not provide any elasticsearch.yml configuration. for testing purposes you can follow the elasticsearch fips guide available at https://github.com/elastic/FIPSGuide/tree/main/elasticsearch

The image is shipped with:
- org.bouncycastle:bc-fips:1.0.2.5 and org.bouncycastle:bctls-fips:1.0.19 in Elasticsearch libs folder
- config/jvm.options.d/fips.options for fips specific JVM options
- fips_java.security file
- fips_java.policy

Out of scope:
- Add packaging test coverage (part of later PR as we want to provide that image for testing early and packaging tests require more general restructuring for support fips scenarios)

(cherry picked from commit 653c179)

# Conflicts:
#	build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/distribution/InternalElasticsearchDistributionTypes.java
#	distribution/docker/build.gradle
#	distribution/docker/src/docker/Dockerfile
@breskeby
Fix merge conflict while back porting
1f2b48b
@breskeby
Fix another merge conflict
6f6524f
@breskeby breskeby force-pushed the backport/8.x/pr-117152 branch from 53488fe to 6f6524f Compare March 27, 2025 08:51
@breskeby
Fix fips tests
5610446 
reported as broken due to issue in gradle setup
@breskeby breskeby added the :Security/FIPS Running ES in FIPS 140-2 mode label Mar 27, 2025
@breskeby breskeby merged commit ce367e9 into elastic:8.x Mar 27, 2025
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@breskeby breskeby

Labels

backport :Security/FIPS Running ES in FIPS 140-2 mode v8.19.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@breskeby @elasticsearchmachine