milvus-io
/
milvus
mirror of https://github.com/milvus-io/milvus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
milvus/scripts
History
XuanYang-cn c54b34a880
enhance: enable OpenSSL FIPS mode for Milvus (#48331) 
Layer 2 (OpenSSL FIPS) changes:
- Add programmatic FIPS activation via OSSL_LIB_CTX_load_config in
boring_enabled.go (gated by //go:build boringcrypto)
- Add openssl-fips.cnf with fips + default providers and
default_properties = fips=yes
- Use absolute .include path for fipsmodule.cnf — OpenSSL resolves
relative .include from the process working directory, not the config
file's directory, causing silent FIPS provider load failure
- Add RAND_bytes probe after config load to verify the FIPS provider is
truly functional (EVP_default_properties_is_fips_enabled only checks the
property string, not whether the provider loaded)
- Dockerfiles: add openssl fipsinstall + OPENSSL_MODULES env var
- Log OpenSSL FIPS status from C++ via
EVP_default_properties_is_fips_enabled

Layer 1 (Go BoringCrypto) changes:
- Add GOEXPERIMENT=boringcrypto build flag (conditional on
MILVUS_FIPS_ENABLED=ON)
- Add boringEnabled() build-tagged functions for startup logging

s2n-tls upgrade:
- Override s2n 1.4.1 (from aws-c-io) to 1.6.0 in conanfile.py. s2n 1.4.1
only detects FIPS via the legacy OPENSSL_FIPS define (not set by OpenSSL
3.x). s2n 1.6.0 adds EVP_default_properties_is_fips_enabled() detection
so s2n enters FIPS mode and uses RAND_bytes() through the FIPS provider.

See also: #48202, #48301

Signed-off-by: yangxuan <xuan.yang@zilliz.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 		2026-03-23 15:09:28 +08:00
..
sql
3rdparty_build.sh enhance: use RelWithDebInfo build type for CI to reduce peak compiler memory (#48154) 2026-03-20 13:17:26 +08:00
OWNERS
README.md fix: fix macOS 15 ARM64 compilation issues (#7437) (#47810) 2026-03-06 23:19:21 +08:00
antlr-4.13.2-complete.jar
build_plan_parser.sh fix: renamed plan-parser-so to plan-parser-lib to allow compilation on mac (#48068) 2026-03-09 11:57:25 +08:00
check_cpp_fmt.sh enhance: Add .c file formatting, language-specific formatters, and backport workflow t... (#47378) 2026-01-28 18:08:00 +08:00
check_proto_product.sh fix: fix macOS 15 ARM64 compilation issues (#7437) (#47810) 2026-03-06 23:19:21 +08:00
collect_arrow_dep.sh
core_build.sh enhance: use RelWithDebInfo build type for CI to reduce peak compiler memory (#48154) 2026-03-20 13:17:26 +08:00
devcontainer.sh
docker_image_find_tag.sh
download_milvus_proto.sh
generate_proto.sh
gofmt.sh
install_deps.sh fix: fix macOS 15 ARM64 compilation issues (#7437) (#47810) 2026-03-06 23:19:21 +08:00
install_deps_embd.sh
install_deps_msys.sh fix: fix macOS 15 ARM64 compilation issues (#7437) (#47810) 2026-03-06 23:19:21 +08:00
install_milvus.sh enhance: enable OpenSSL FIPS mode for Milvus (#48331) 2026-03-23 15:09:28 +08:00
package_windows.sh
run_cargo_format.sh
run_cpp_codecov.sh fix: fix macOS 15 ARM64 compilation issues (#7437) (#47810) 2026-03-06 23:19:21 +08:00
run_cpp_unittest.sh fix: fix macOS 15 ARM64 compilation issues (#7437) (#47810) 2026-03-06 23:19:21 +08:00
run_cpp_ut.sh fix: fix macOS 15 ARM64 compilation issues (#7437) (#47810) 2026-03-06 23:19:21 +08:00
run_docker.sh
run_go_codecov.sh fix: fix macOS 15 ARM64 compilation issues (#7437) (#47810) 2026-03-06 23:19:21 +08:00
run_go_unittest.sh
run_intergration_test.sh fix: fix macOS 15 ARM64 compilation issues (#7437) (#47810) 2026-03-06 23:19:21 +08:00
setenv.sh fix: split macOS RPATH into separate -r flags for linker compatibility (#48241) 2026-03-18 00:43:30 +08:00
standalone_embed.bat [automated] Bump milvus version to v2.6.13 (#48431) 2026-03-23 11:07:28 +08:00
standalone_embed.sh [automated] Bump milvus version to v2.6.13 (#48431) 2026-03-23 11:07:28 +08:00
start_cluster.sh
start_standalone.sh
stop.sh
stop_graceful.sh
update-api-version.sh

README.md

Compile and install milvus cluster

Environment

OS: Ubuntu 20.04
go1.21
cmake: >=3.18
gcc: >= 11

Install dependencies

Install compile dependencies

$ sudo apt install -y g++ gcc make libssl-dev zlib1g-dev libboost-regex-dev \
    libboost-program-options-dev libboost-system-dev libboost-filesystem-dev \
    libboost-serialization-dev python3-dev libboost-python-dev libcurl4-openssl-dev gfortran libtbb-dev
$ export GO111MODULE=on
$ go get github.com/golang/protobuf/protoc-gen-go@v1.3.2

Install OpenBlas library

install using apt

sudo apt install -y libopenblas-dev

or build from source code

$ wget https://github.com/xianyi/OpenBLAS/archive/v0.3.9.tar.gz && \
$ tar zxvf v0.3.9.tar.gz && cd OpenBLAS-0.3.9 && \
$ make TARGET=CORE2 DYNAMIC_ARCH=1 DYNAMIC_OLDER=1 USE_THREAD=0 USE_OPENMP=0 FC=gfortran CC=gcc COMMON_OPT="-O3 -g -fPIC" FCOMMON_OPT="-O3 -g -fPIC -frecursive" NMAX="NUM_THREADS=128" LIBPREFIX="libopenblas" INTERFACE64=0 NO_STATIC=1 && \
$ make PREFIX=/usr install

Compile

Generate the go files from proto file

$ make check-proto-product

Check code specifications

$ make verifiers

Compile milvus

$ make milvus

Install docker-compose

refer: https://docs.docker.com/compose/install/

$ sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
$ sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
$ docker-compose --version
$ docker compose --version

Start service

Start third-party service:

$ cd [milvus project path]/deployments/docker/cluster
$ docker-compose up -d
$ docker compose up -d

Start milvus cluster:

$ cd [milvus project path]
$ ./scripts/start_cluster.sh

Run unittest

Run all unittest including go and cpp cases:

$ make unittest

You also can run go unittest only:

$ make test-go

Run cpp unittest only:

$ make test-cpp

Run code coverage

Run code coverage including go and cpp:

$ make codecov

You also can run go code coverage only:

$ make codecov-go

Run cpp code coverage only:

$ make codecov-cpp