snapcraft: add snapdfips build tag for FIPS builds

Set the snapdfips build tag when building in FIPS mode, such that FIPS compliant configuration is enforced at startup. Signed-off-by: Maciej Borzecki <[email protected]>
pedronis · Sep 3, 2024 · a5ebcb4 · a5ebcb4
1 parent 3d818c0
commit a5ebcb4
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/build-aux/snap/snapcraft.yaml b/build-aux/snap/snapcraft.yaml
@@ -328,9 +328,11 @@ parts:
         if [ -f fips-build ]; then
           case "${cmd}" in
             # per snapd FIPS spec, FIPS build tags are only relevant for snapd,
-            # snap, snap-repair and snap-bootstrap
+            # snap, snap-repair and snap-bootstrap, tags:
+            # - goexperiment.opensslcrypto - enable openssl crypto backend
+            # - snapdfips - enable additional FIPS support (enforce FIPS compliant TLS)
             bin/snap|lib/snapd/snapd|lib/snapd/snap-repair|lib/snapd/snap-bootstrap)
-              TAGS+=(goexperiment.opensslcrypto)
+              TAGS+=(goexperiment.opensslcrypto snapdfips)
               ;;
           esac
         fi