snapcore
snapd: support FIPS toolchain builds
This adds support for openssl crypto builds using 1.21-fips/stable toolchain.
This build makes TLS communication and snap assertion verification possible using openssl, and thus FIPS openssl.
If such a build is distributed (in .deb and/or .snap), it will do TLS communication with snapstore in a FIPS compliant way; and it will validate assertions in a FIPS compliant way.
This will not setup or do FDE in a FIPS compliant way.
Codecov Report
Merging #12934 (bc005ef) into master (cea9811) will increase coverage by
0.00%. The diff coverage isn/a.
:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.
@@ Coverage Diff @@
## master #12934 +/- ##
=======================================
Coverage 78.79% 78.79%
=======================================
Files 1020 1020
Lines 127077 127077
=======================================
+ Hits 100132 100136 +4
+ Misses 20670 20667 -3
+ Partials 6275 6274 -1
| Flag | Coverage Δ | |
|---|---|---|
| unittests | 78.79% <ø> (+<0.01%) |
:arrow_up: |
Flags with carried forward coverage won't be shown. Click here to find out more.
| Files | Coverage Δ | |
|---|---|---|
| asserts/crypto.go | 72.68% <ø> (ø) |
|
| asserts/snap_asserts.go | 93.58% <ø> (ø) |
|
| boot/assets.go | 86.98% <ø> (ø) |
|
| cmd/snap/cmd_sign_build.go | 71.69% <ø> (ø) |
|
| overlord/devicestate/handlers_install.go | 64.41% <ø> (ø) |
... and 5 files with indirect coverage changes
:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more
