From a383937bdeb51425f3e81373c60cb71f708d710a Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Tue, 9 Jun 2026 13:26:36 -0400 Subject: [PATCH] make the build tag clearer Make it clear this isnt an automatic tag, but one we created for enforcement --- Makefile | 12 ++++++------ cmd/nebula-cert/fips140.go | 2 +- cmd/nebula-service/fips140.go | 2 +- cmd/nebula/fips140.go | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index ae721a72..e28e8fde 100644 --- a/Makefile +++ b/Makefile @@ -187,19 +187,19 @@ build/linux-arm64-boringcrypto/%: GOENV += GOEXPERIMENT=boringcrypto CGO_ENABLED # fips140 build/linux-amd64-fips140/%: GOENV += GOFIPS140=v1.0.0 build/linux-amd64-fips140/%: LDFLAGS += -X runtime.godebugDefault=fips140=only -build/linux-amd64-fips140/%: BUILD_ARGS += -tags fips140 +build/linux-amd64-fips140/%: BUILD_ARGS += -tags fips140-enforce build/linux-arm64-fips140/%: GOENV += GOFIPS140=v1.0.0 build/linux-arm64-fips140/%: LDFLAGS += -X runtime.godebugDefault=fips140=only -build/linux-arm64-fips140/%: BUILD_ARGS += -tags fips140 +build/linux-arm64-fips140/%: BUILD_ARGS += -tags fips140-enforce build/darwin-arm64-fips140/%: GOENV += GOFIPS140=v1.0.0 build/darwin-arm64-fips140/%: LDFLAGS += -X runtime.godebugDefault=fips140=only -build/darwin-arm64-fips140/%: BUILD_ARGS += -tags fips140 +build/darwin-arm64-fips140/%: BUILD_ARGS += -tags fips140-enforce build/windows-amd64-fips140/%: GOENV += GOFIPS140=v1.0.0 build/windows-amd64-fips140/%: LDFLAGS += -X runtime.godebugDefault=fips140=only -build/windows-amd64-fips140/%: BUILD_ARGS += -tags fips140 +build/windows-amd64-fips140/%: BUILD_ARGS += -tags fips140-enforce build/windows-arm64-fips140/%: GOENV += GOFIPS140=v1.0.0 build/windows-arm64-fips140/%: LDFLAGS += -X runtime.godebugDefault=fips140=only -build/windows-arm64-fips140/%: BUILD_ARGS += -tags fips140 +build/windows-arm64-fips140/%: BUILD_ARGS += -tags fips140-enforce build/%/nebula: .FORCE GOOS=$(firstword $(subst -, , $*)) \ @@ -284,7 +284,7 @@ ifeq ($(strip $(GOFIPS140)),) endif $(eval GOENV += GOFIPS140=$(GOFIPS140)) $(eval LDFLAGS += -X runtime.godebugDefault=fips140=only) - $(eval BUILD_ARGS += -tags fips140) + $(eval BUILD_ARGS += -tags fips140-enforce) $(eval TEST_ENV += $(GOENV)) $(eval CURVE = P256) ifeq ($(words $(MAKECMDGOALS)),1) diff --git a/cmd/nebula-cert/fips140.go b/cmd/nebula-cert/fips140.go index 53065e25..3bf5d469 100644 --- a/cmd/nebula-cert/fips140.go +++ b/cmd/nebula-cert/fips140.go @@ -1,4 +1,4 @@ -//go:build fips140 +//go:build fips140-enforce package main diff --git a/cmd/nebula-service/fips140.go b/cmd/nebula-service/fips140.go index 53065e25..3bf5d469 100644 --- a/cmd/nebula-service/fips140.go +++ b/cmd/nebula-service/fips140.go @@ -1,4 +1,4 @@ -//go:build fips140 +//go:build fips140-enforce package main diff --git a/cmd/nebula/fips140.go b/cmd/nebula/fips140.go index 53065e25..3bf5d469 100644 --- a/cmd/nebula/fips140.go +++ b/cmd/nebula/fips140.go @@ -1,4 +1,4 @@ -//go:build fips140 +//go:build fips140-enforce package main