Hey everyone,
A new edge channel is now available for users interested in building Ubuntu Pro enabled rocks with Rockcraft. When building a rock with the --pro=<service> argument, the selected Ubuntu Pro services will be enabled in both the build environment and the resulting rock. This feature allows developers to build rocks preconfigured with ESM or FIPS packages, and streamlines deployment for security-conscious applications.
On any Ubuntu Pro enabled host this feature can be installed using the following command:
sudo snap install rockcraft --channel=edge/pro-sources --classic
or, if you already have the Rockcraft snap installed:
sudo snap refresh rockcraft --channel=edge/pro-sources --classic --amend
As an example, we can build a FIPS enabled openssl rock by executing sudo rockcraft pack --pro=fips-preview with the following rockcraft.yaml project file:
name: openssl
summary: An openssl rock
description: This is a minimal openssl rock utilizing a bare base and FIPS.
version: "latest"
license: Apache-2.0
base: bare
build-base: ubuntu@22.04
platforms:
amd64:
parts:
openssl:
plugin: nil
stage-packages:
- openssl-fips-module-3 # a Pro only FIPS package for openssl
- openssl # now automatically selected from fips-preview
The resulting rock openssl_latest_amd64.rock can be used with your preferred container runtime on a FIPS enabled host to access the compliant cryptographic functionality.
Please note that this feature is currently only available in the edge channel and may be unstable. We greatly appreciate any feedback or bug reports provided!
Clay