[SECCOMP-31580] - FIPS support

sysdiglabs · Dec 19, 2024 · 673cf4b · 673cf4b
2 parents c29e860 + 9a2529a
commit 673cf4b
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 3 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -21,6 +21,9 @@ jobs:
         docker: ['scratch','ubi']
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
+    env:
+      CGO_ENABLED: 1
+      GOEXPERIMENT: boringcrypto
     name: ${{ matrix.docker }}
     steps:
     - name: Login to Quay.io

diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -14,6 +14,9 @@ jobs:
   golangci:
     name: lint
     runs-on: ubuntu-latest
+    env:
+      CGO_ENABLED: 1
+      GOEXPERIMENT: boringcrypto
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3

diff --git a/.promu.yml b/.promu.yml
@@ -1,6 +1,7 @@
 go:
     # This must match .circle/config.yml.
     version: 1.18
+    cgo: true
 repository:
     path: github.com/prometheus-community/elasticsearch_exporter
 build:

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,8 @@
 FROM quay.io/prometheus/golang-builder AS builder
 
+ENV CGO_ENABLED=1
+ENV GOEXPERIMENT=boringcrypto
+
 ARG PROMU_VERSION=0.13.0
 ADD  https://github.com/prometheus/promu/releases/download/v${PROMU_VERSION}/promu-${PROMU_VERSION}.linux-amd64.tar.gz ./
 RUN tar -xvzf promu-${PROMU_VERSION}.linux-amd64.tar.gz && mv promu-${PROMU_VERSION}.linux-amd64/promu /go/bin
@@ -8,7 +11,7 @@ ADD .   /go/src/github.com/prometheus-community/elasticsearch_exporter
 WORKDIR /go/src/github.com/prometheus-community/elasticsearch_exporter
 
 RUN go mod download
-RUN make 
+RUN make
 
 FROM scratch AS scratch
 

diff --git a/Makefile.common b/Makefile.common
@@ -36,6 +36,9 @@ GO_VERSION        ?= $(shell $(GO) version)
 GO_VERSION_NUMBER ?= $(word 3, $(GO_VERSION))
 PRE_GO_111        ?= $(shell echo $(GO_VERSION_NUMBER) | grep -E 'go1\.(10|[0-9])\.')
 
+export CGO_ENABLED := 1
+export GOEXPERIMENT := boringcrypto
+
 PROMU        := $(FIRST_GOPATH)/bin/promu
 pkgs          = ./...
 

diff --git a/build/Jenkinsfile b/build/Jenkinsfile
@@ -12,13 +12,15 @@ pipeline {
         ARTIFACTORY_URL = 'docker.internal.sysdig.com'
         EXPORTER = 'elasticsearch-exporter'
         VERSION = '1.2.1'
+        CGO_ENABLED = '1'
+        GOEXPERIMENT = 'boringcrypto'
     }
 
     stages {
         stage('Pull image from artifactory') {
             steps {
                 script {
-                    docker.withRegistry("https://${env.ARTIFACTORY_URL}",  registryCredential) {                        
+                    docker.withRegistry("https://${env.ARTIFACTORY_URL}",  registryCredential) {
                         sh """docker pull ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION}"""
                         sh """docker pull ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION}-ubi"""
                     }
@@ -40,4 +42,4 @@ pipeline {
             }
         }
     }
-}
+}
diff --git a/main.go b/main.go
@@ -23,6 +23,8 @@ import (
 
 	"context"
 
+	_ "crypto/tls/fipsonly"
+
 	"github.com/go-kit/log/level"
 	"github.com/prometheus-community/elasticsearch_exporter/collector"
 	"github.com/prometheus-community/elasticsearch_exporter/pkg/clusterinfo"