delta/gitlab/gitlab-shell.git/Makefile, branch main

Make the boringcrypto check POSIX shell compliant

2023-04-13T21:46:43+00:00

- Otherwise this fails on some of the omnibus builder images

Merge branch 'brodock/fix-heimdal-homebrew' into 'main'

2023-04-11T02:11:54+00:00

Fix CGO_CFLAGS to use output from `brew --prefix`

Closes gitlab-development-kit#1790

See merge request https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/724

Merged-by: Ash McKenzie 
Approved-by: Ash McKenzie 
Approved-by: Alejandro Rodríguez 
Co-authored-by: Gabriel Mazetto

Fix CGO_CFLAGS to use output from `brew --prefix`

2023-04-07T02:20:24+00:00

Prepare for Go 1.19 FIPS support

2023-03-07T05:18:11+00:00

https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/718 will
make Go 1.19 the default for gitlab-shell. Per
https://github.com/golang/go/issues/51940, the dev.boringcrypto branch
no longer exists, and to support FIPS we need to pass along
`GOEXPERIMENT=boringcrypto`.

To do this, we just see if this `GOEXPERIMENT` is available with `go
version` rather than do some more complicated version-specific
comparison.

Simplify build rule

2023-02-08T06:08:49+00:00

Add bin/gitlab-sshd as an explicit Makefile target

2023-02-08T05:15:15+00:00

Since https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/682,
Kerberos headers and libraries are needed to build gitlab-sshd.  If
they are not available, `make build` successfully compiles
`bin/gitlab-shell` but fails to build `bin/gitlab-sshd`. However,
running `make build` again would do nothing and appear to be succeed
because `bin/gitlab-shell` existed. This led to Omnibus GitLab quietly
dropping the `gitlab-sshd` binary, as seen in
https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/6446#note_1265879416.

To ensure `make build` properly fails if `bin/gitlab-sshd` cannot
be built, we make the binary an explicit build target.

Changelog: changed

Specify CGO_CFLAGS in Makefile to compile gssapi lib

2023-01-27T16:42:59+00:00

Fix make install copying the wrong binaries

2022-06-23T16:28:26+00:00

While testing
https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1062, we
found `make install` was not copying the right binaries, such as
`gitlab-shell-authorized-keys-check`.

This might have originally been written with a single binary in mind
(https://gitlab.com/gitlab-org/gitlab-shell/-/issues/207).

Changelog: fixed

Use labkit for FIPS check

2022-05-05T15:40:30+00:00

New version of LabKit provides FIPS checks that we can use instead
of the custom code

Add support for FIPS encryption

2022-04-18T19:16:22+00:00

This commit adds support of using a FIPS-validated SSL library with
compiled Go executables when `FIPS_MODE=1 make` is run. A Go compiler
that supports BoringSSL either directly (e.g. the `dev.boringcrypto`
branch) or with a dynamically linked OpenSSL
(e.g. https://github.com/golang-fips/go) is required.

This is similar to the changes to support FIPS in GitLab Runner and in
GitLab Pages:
https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/716

Changelog: added