Home Explore Help
Sign In
vpn
/
nebula
mirror of https://github.com/slackhq/nebula.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

cleanup

Wade Simmons 1 day ago
parent
fd3fa57e79
commit
b418a081a8
2 changed files with 18 additions and 7 deletions
Split View Show Diff Stats
  1. 9 5
      Makefile
  2. 9 2
      README.md

+ 9 - 5
Makefile
View File 

@@ -120,10 +120,6 @@ bin-pkcs11: BUILD_ARGS += -tags pkcs11
 
 bin-pkcs11: CGO_ENABLED = 1
 
 bin-pkcs11: bin
 
 
-bin-fips140: GOENV += GOFIPS140=v1.0.0
 
-bin-fips140: LDFLAGS += -checklinkname=0
 
-bin-fips140: bin
 
-
 
 bin:
 
 	$(GOENV) go build $(BUILD_ARGS) -ldflags "$(LDFLAGS)" -o ./nebula${NEBULA_CMD_SUFFIX} ${NEBULA_CMD_PATH}
 
 	$(GOENV) go build $(BUILD_ARGS) -ldflags "$(LDFLAGS)" -o ./nebula-cert${NEBULA_CMD_SUFFIX} ./cmd/nebula-cert
 
@@ -219,6 +215,14 @@ ifeq ($(words $(MAKECMDGOALS)),1)
 
 	@$(MAKE) service ${.DEFAULT_GOAL} --no-print-directory
 
 endif
 
 
+fips140:
 
+	@echo > $(NULL_FILE)
 
+	$(eval GOENV += GOFIPS140=v1.0.0)
 
+	$(eval LDFLAGS += -checklinkname=0)
 
+ifeq ($(words $(MAKECMDGOALS)),1)
 
+	@$(MAKE) fips140 ${.DEFAULT_GOAL} --no-print-directory
 
+endif
 
+
 
 bin-docker: bin build/linux-amd64/nebula build/linux-amd64/nebula-cert
 
 
 smoke-docker: bin-docker
 
@@ -240,5 +244,5 @@ smoke-vagrant/%: bin-docker build/%/nebula
 
 	cd .github/workflows/smoke/ && ./smoke-vagrant.sh $*
 
 
 .FORCE:
 
-.PHONY: bench bench-cpu bench-cpu-long bin build-test-mobile e2e e2ev e2evv e2evvv e2evvvv proto release service smoke-docker smoke-docker-race test test-cov-html smoke-vagrant/%
 
+.PHONY: bench bench-cpu bench-cpu-long bin build-test-mobile e2e e2ev e2evv e2evvv e2evvvv fips140 proto release service smoke-docker smoke-docker-race test test-cov-html smoke-vagrant/%
 
 .DEFAULT_GOAL := bin

+ 9 - 2
README.md
View File 

@@ -143,17 +143,24 @@ To build nebula for a specific platform (ex, Windows):
 
 
 See the [Makefile](Makefile) for more details on build targets
 
 
-## Curve P256 and BoringCrypto
 
+## Curve P256, BoringCrypto and FIPS 140-3 mode
 
 
 The default curve used for cryptographic handshakes and signatures is Curve25519. This is the recommended setting for most users. If your deployment has certain compliance requirements, you have the option of creating your CA using `nebula-cert ca -curve P256` to use NIST Curve P256. The CA will then sign certificates using ECDSA P256, and any hosts using these certificates will use P256 for ECDH handshakes.
 
 
-In addition, Nebula can be built using the [BoringCrypto GOEXPERIMENT](https://github.com/golang/go/blob/go1.20/src/crypto/internal/boring/README.md) by running either of the following make targets:
 
+Nebula can be built using the [BoringCrypto GOEXPERIMENT](https://github.com/golang/go/blob/go1.20/src/crypto/internal/boring/README.md) by running either of the following make targets:
 
 
 ```sh
 
 make bin-boringcrypto
 
 make release-boringcrypto
 
 ```
 
 
+Nebula can also be built using the [FIPS 140-3](https://go.dev/doc/security/fips140) mode of Go by running either of the following make targets:
 
+
 
+```sh
 
+make fips140
 
+make fips140 release
 
+```
 
+
 
 This is not the recommended default deployment, but may be useful based on your compliance requirements.
 
 
 ## Credits