OCPBUGS-63750: fix Go build tag behavior

[cheesesashimi]

- What I did

The MCO was being built with the Go build tag containers_image_openpgp which specifically uses the OpenPGP implementation. According to the containers/image repo, the gpgme implementation for working with image signatures is the preferred implementation.

While investigating this, I thought to search throughout our vendored dependencies for each of the build tags that the MCO uses in order to determine whether they were still needed. As it turns out, the only build tag we were using was the OpenPGP one referenced above. This means that we can mostly remove all of the currently-used build tags and consolidate where and how they are being set.

To do that, this PR does the following:

1. Removes all hard-coded Go build tags from the Makefile.
2. Ensures that hack/build-go.sh uses the tags provided to it from the Makefile.
3. Ensures that if TAGS=scos is set for building the MCO for OKD, that the tag is passed through from the Makefile into the hack/build-go.sh script and honored.

- How to verify it

There should be no changes in the MCOs behavior or function that I am aware of. Our test suite should be able to confirm this.

To verify that the MCO is being built with the correct implementation, one can do the following:

1. Clone this PR to your local system.
2. Ensure that you have the gpgme-devel library installed. See: https://github.com/containers/container-libs/tree/main/image#building for more info. Note: The OCP Go builder image has this library preinstalled so no additional change is necessary there.
3. Run make image to build the MCO image.
4. Exfiltrate the binaries from the image to your host by doing something like podman run -it --rm -v "$PWD:/host:z" localhost/machine-config-operator:latest cp /usr/bin/machine-config* /host.
5. Use the Go toolchain and ensure that the following output is found for the two binaries which require it (these are the machine-config-controller and the machine-config-daemon; the other MCO binaries do not use this dependency and thus, will not be built with it):

$ go version -m machine-config-controller | grep -E '(pgp|gpg)'
        dep     github.com/proglottis/gpgme     v0.1.4

$ go version -m machine-config-daemon | grep -E '(pgp|gpg)'
        dep     github.com/proglottis/gpgme     v0.1.4

- Description for the changelog
Ensure the MCO uses gpgme

[openshift-ci-robot]

@cheesesashimi: This pull request references Jira Issue OCPBUGS-63750, which is invalid:

• expected the bug to target the "4.22.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

- What I did

The primary motivation for this PR is that according to https://github.com/containers/image/blob/29bbd0ee0e58ec1b379a38c5e1bdc3d251ebe34d/signature/mechanism_openpgp.go#L18-L24, the gpgme implementation is the preferred implementation.

I noticed that the MCO currently is not using this implementation by using go version -m to examine what dependencies it was built with. So to remedy this, I've done the following:

1. Removes all hard-coded Go build tags from the Makefile.
2. Ensures that hack/build-go.sh uses the tags provided to it as-is.

All of these are in service of ensuring that the MCO is using the gpgme implementation for image secret verification as opposed to the OpenPGP implementation.

- How to verify it

There should be no functional change in how the MCO behaves. Our test suite should be able to verify that this is the case.

To verify that the MCO is being built with the correct implementation, one can do the following:

1. Clone this PR to your local system.
2. Run make image to build the MCO image.
3. Exfiltrate the binaries from the image to your host by doing something like podman run -it --rm -v "$PWD:/host:z" localhost/machine-config-operator:latest cp /usr/bin/machine-config* /host.
4. Use the Go toolchain and ensure that the following output is found for the two binaries which require it (these are the machine-config-controller and the machine-config-daemon; the other MCO binaries do not use this dependency and thus, will not be built with it):

$ go version -m machine-config-controller | grep -E '(pgp|gpg)'
       dep     github.com/proglottis/gpgme     v0.1.4

$ go version -m machine-config-daemon | grep -E '(pgp|gpg)'
       dep     github.com/proglottis/gpgme     v0.1.4

- Description for the changelog
Ensure the MCO uses gpgme

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cheesesashimi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [cheesesashimi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@cheesesashimi: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gcp-op-single-node	bea27f9	link	true	/test e2e-gcp-op-single-node
ci/prow/bootstrap-unit	bea27f9	link	false	/test bootstrap-unit

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.