Fix linux-plugins-fips target in Makefile

aws · Sep 13, 2024 · 8d7a8dd · 8d7a8dd
1 parent 5343933
commit 8d7a8dd
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 61 deletions.
diff --git a/Makefile b/Makefile
@@ -43,51 +43,34 @@ build-fips:
 	docker build $(DOCKER_BUILD_FLAGS) -t amazon/aws-for-fluent-bit:build-fips -f ./scripts/dockerfiles/Dockerfile.build-fips .
 
 #TODO: the bash script opts does not work on developer Macs
-windows-plugins: export OS_TYPE = windows
-linux-plugins: export OS_TYPE = linux
-linux-plugins-fips: export OS_TYPE = linux; export FIPS = true
+.PHONY: build-plugins windows-plugins linux-plugins linux-plugins-fips
 
-.PHONY: windows-plugins
-windows-plugins:
+# Reusable target for building plugins
+build-plugins:
+	OS_TYPE=$(OS_TYPE) FIPS=$(FIPS) \
 	./scripts/build_plugins.sh \
-    	--KINESIS_PLUGIN_CLONE_URL=${KINESIS_PLUGIN_CLONE_URL} \
-    	--KINESIS_PLUGIN_TAG=${KINESIS_PLUGIN_TAG} \
-    	--KINESIS_PLUGIN_BRANCH=${KINESIS_PLUGIN_BRANCH} \
-    	--FIREHOSE_PLUGIN_CLONE_URL=${FIREHOSE_PLUGIN_CLONE_URL} \
-    	--FIREHOSE_PLUGIN_TAG=${FIREHOSE_PLUGIN_TAG} \
-    	--FIREHOSE_PLUGIN_BRANCH=${FIREHOSE_PLUGIN_BRANCH} \
-    	--CLOUDWATCH_PLUGIN_CLONE_URL=${CLOUDWATCH_PLUGIN_CLONE_URL} \
-    	--CLOUDWATCH_PLUGIN_TAG=${CLOUDWATCH_PLUGIN_TAG} \
-    	--CLOUDWATCH_PLUGIN_BRANCH=${CLOUDWATCH_PLUGIN_BRANCH} \
-    	--DOCKER_BUILD_FLAGS=${DOCKER_BUILD_FLAGS}
-
-.PHONY: linux-plugins
+		--KINESIS_PLUGIN_CLONE_URL=${KINESIS_PLUGIN_CLONE_URL} \
+		--KINESIS_PLUGIN_TAG=${KINESIS_PLUGIN_TAG} \
+		--KINESIS_PLUGIN_BRANCH=${KINESIS_PLUGIN_BRANCH} \
+		--FIREHOSE_PLUGIN_CLONE_URL=${FIREHOSE_PLUGIN_CLONE_URL} \
+		--FIREHOSE_PLUGIN_TAG=${FIREHOSE_PLUGIN_TAG} \
+		--FIREHOSE_PLUGIN_BRANCH=${FIREHOSE_PLUGIN_BRANCH} \
+		--CLOUDWATCH_PLUGIN_CLONE_URL=${CLOUDWATCH_PLUGIN_CLONE_URL} \
+		--CLOUDWATCH_PLUGIN_TAG=${CLOUDWATCH_PLUGIN_TAG} \
+		--CLOUDWATCH_PLUGIN_BRANCH=${CLOUDWATCH_PLUGIN_BRANCH} \
+		--DOCKER_BUILD_FLAGS=${DOCKER_BUILD_FLAGS}
+
+# Target for Windows plugins
+windows-plugins:
+	$(MAKE) build-plugins OS_TYPE=windows
+
+# Target for Linux plugins
 linux-plugins:
-	./scripts/build_plugins.sh \
-    	--KINESIS_PLUGIN_CLONE_URL=${KINESIS_PLUGIN_CLONE_URL} \
-    	--KINESIS_PLUGIN_TAG=${KINESIS_PLUGIN_TAG} \
-    	--KINESIS_PLUGIN_BRANCH=${KINESIS_PLUGIN_BRANCH} \
-    	--FIREHOSE_PLUGIN_CLONE_URL=${FIREHOSE_PLUGIN_CLONE_URL} \
-    	--FIREHOSE_PLUGIN_TAG=${FIREHOSE_PLUGIN_TAG} \
-    	--FIREHOSE_PLUGIN_BRANCH=${FIREHOSE_PLUGIN_BRANCH} \
-    	--CLOUDWATCH_PLUGIN_CLONE_URL=${CLOUDWATCH_PLUGIN_CLONE_URL} \
-    	--CLOUDWATCH_PLUGIN_TAG=${CLOUDWATCH_PLUGIN_TAG} \
-    	--CLOUDWATCH_PLUGIN_BRANCH=${CLOUDWATCH_PLUGIN_BRANCH} \
-    	--DOCKER_BUILD_FLAGS=${DOCKER_BUILD_FLAGS}
-
-.PHONY: linux-plugins-fips
+	$(MAKE) build-plugins OS_TYPE=linux
+
+# Target for Linux plugins with FIPS
 linux-plugins-fips:
-	./scripts/build_plugins.sh \
-    	--KINESIS_PLUGIN_CLONE_URL=${KINESIS_PLUGIN_CLONE_URL} \
-    	--KINESIS_PLUGIN_TAG=${KINESIS_PLUGIN_TAG} \
-    	--KINESIS_PLUGIN_BRANCH=${KINESIS_PLUGIN_BRANCH} \
-    	--FIREHOSE_PLUGIN_CLONE_URL=${FIREHOSE_PLUGIN_CLONE_URL} \
-    	--FIREHOSE_PLUGIN_TAG=${FIREHOSE_PLUGIN_TAG} \
-    	--FIREHOSE_PLUGIN_BRANCH=${FIREHOSE_PLUGIN_BRANCH} \
-    	--CLOUDWATCH_PLUGIN_CLONE_URL=${CLOUDWATCH_PLUGIN_CLONE_URL} \
-    	--CLOUDWATCH_PLUGIN_TAG=${CLOUDWATCH_PLUGIN_TAG} \
-    	--CLOUDWATCH_PLUGIN_BRANCH=${CLOUDWATCH_PLUGIN_BRANCH} \
-    	--DOCKER_BUILD_FLAGS=${DOCKER_BUILD_FLAGS}
+	$(MAKE) build-plugins OS_TYPE=linux FIPS=true
 
 # Debug and debug init images
 .PHONY: main-debug

diff --git a/scripts/build_plugins.sh b/scripts/build_plugins.sh
@@ -194,12 +194,14 @@ then
   echo "Copied plugin archive to the build output folder"
 fi
 
-if [ "$OS_TYPE" == "linux" ];
-then
-  docker build $PLUGIN_BUILD_ARGS -t aws-fluent-bit-plugins:latest -f ./scripts/dockerfiles/Dockerfile.plugins .
-fi
-
-if [ "$OS_TYPE" == "linux" && "$FIPS" == "true" ];
-then
-  docker build $PLUGIN_BUILD_ARGS -t aws-fluent-bit-plugins:fips-latest -f ./scripts/dockerfiles/Dockerfile.plugins-fips .
+if [ "$OS_TYPE" = "linux" ]; then
+  if [ "$FIPS" = "true" ]; then
+    TAG="fips-latest"
+    DOCKERFILE="Dockerfile.plugins-fips"
+  else
+    TAG="latest"
+    DOCKERFILE="Dockerfile.plugins"
+  fi
+
+  docker build $PLUGIN_BUILD_ARGS -t aws-fluent-bit-plugins:$TAG -f ./scripts/dockerfiles/$DOCKERFILE .
 fi
diff --git a/scripts/dockerfiles/Dockerfile.build-fips b/scripts/dockerfiles/Dockerfile.build-fips
@@ -18,8 +18,6 @@ RUN amazon-linux-extras install -y epel && yum install -y libASL --skip-broken
 RUN yum install -y  \
       glibc-devel \
       libyaml-devel \
-      dracut-fips \
-      grubby \
       openssl \
       openssl-devel \
       cmake3 \
@@ -46,10 +44,6 @@ RUN yum install -y  \
 ENV HOME /home
 ENV GO_STABLE_VERSION 1.20.7
 
-# Enable FIPS Mode on AL2
-RUN dracut -f 
-RUN /sbin/grubby --update-kernel=ALL --args="fips=1"
-
 # Lock Go Lang version to stable
 # RUN export GO_STABLE_OUTPUT=`curl --silent https://go.dev/VERSION?m=text | cut -d "o" -f 2`; \
 #       IFS=$'\n' GO_STABLE_VERSION=($GO_STABLE_OUTPUT); \

diff --git a/scripts/dockerfiles/Dockerfile.fips-release b/scripts/dockerfiles/Dockerfile.fips-release
@@ -20,8 +20,6 @@ RUN install bin/fluent-bit /fluent-bit/bin/
 FROM public.ecr.aws/amazonlinux/amazonlinux:2
 RUN yum upgrade -y \
     && yum install -y \
-        dracut-fips \
-        grubby \
         openssl \
         openssl-devel \
         cyrus-sasl-devel \
@@ -31,10 +29,6 @@ RUN yum upgrade -y \
         libyaml \
         nc && rm -fr /var/cache/yum
 
-# Enable FIPS Mode on AL2
-RUN dracut -f 
-RUN /sbin/grubby --update-kernel=ALL --args="fips=1"
-
 COPY --from=builder /fluent-bit /fluent-bit
 COPY --from=aws-fluent-bit-plugins:fips-latest /kinesis-streams/bin/kinesis.so /fluent-bit/kinesis.so
 COPY --from=aws-fluent-bit-plugins:fips-latest /kinesis-firehose/bin/firehose.so /fluent-bit/firehose.so