Michael,
I am not fully sure what you mean? Can you elaborate on what you are asking
me? I am not really a Go Developer just a Linux Admin who often gets tasked
with trying to build packages.
On Tuesday, July 2, 2024 at 10:42:06 AM UTC-7 Michael Oguidan wrote:
> Hi,
> Please can we dig the "crypto backend" first to see?
>
> On Tuesday, July 2, 2024 at 3:45:40 PM UTC Damien A wrote:
>
>>
>> I have been building Grafana packages previously using Go 1.20.5 on
>> Oracle Enterprise Linux 9 with the following settings:
>>
>> export IMPORTPATH=%{_builddir}/grafana-%{version}
>> export BUILDFLAGS="-v -p 4 -x -buildmode=pie -mod=vendor"
>> export GOPATH=%{_builddir}/go:%{_builddir}/contrib
>> export GOBIN=/usr/local/go/bin
>> export GOEXPERIMENT=opensslcrypto
>> export GOFIPS=1
>> wire gen -tags 'oss' ./pkg/server ./pkg/cmd/grafana-cli/runner
>>
>> # see grafana-X.Y.Z/pkg/build/cmd.go
>> export LDFLAGS="-X main.version=%{version} -X
>> main.buildstamp=${SOURCE_DATE_EPOCH}"
>> for cmd in grafana grafana-cli grafana-server; do
>> %gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd}
>> done
>>
>> However, we are now needing to upgrade to Grafana 10.4, which uses the
>> newer Go version 1.21.10, and it appears the instructions around FIPS has
>> changed a bit.
>>
>> Reading the article:
>> https://github.com/microsoft/go/blob/microsoft/main/eng/doc/fips/README.md
>>
>> From what I gather, i should use
>> GOEXPERIMENT=systemcrypto
>>
>> and it seems that I shouldn't need to use GOFIPS=1, however if I leave
>> that flag enabled, the compilation fails with:
>>
>> + cd /root/rpmbuild/BUILD/grafana-10.2.3
>> + export IMPORTPATH=/root/rpmbuild/BUILD/grafana-10.2.3
>> + IMPORTPATH=/root/rpmbuild/BUILD/grafana-10.2.3
>> + export 'BUILDFLAGS=-v -p 4 -x -buildmode=pie -mod=vendor'
>> + BUILDFLAGS='-v -p 4 -x -buildmode=pie -mod=vendor'
>> + export GOPATH=/root/rpmbuild/BUILD/go:/root/rpmbuild/BUILD/contrib
>> + GOPATH=/root/rpmbuild/BUILD/go:/root/rpmbuild/BUILD/contrib
>> + export GOBIN=/usr/local/go/bin
>> + GOBIN=/usr/local/go/bin
>> + export GOEXPERIMENT=systemcrypto
>> + GOEXPERIMENT=systemcrypto
>> + export GOOS=linux
>> + GOOS=linux
>> + export GOFIPS=1
>> + GOFIPS=1
>> + wire gen -tags oss ./pkg/server ./pkg/cmd/grafana-cli/runner
>> wire: err: exit status 2: stderr: panic: FIPS mode requested (environment
>> variable GOFIPS=1) but no supported crypto backend is enabled
>>
>> goroutine 1 [running]:
>> crypto/internal/backend.init.0()
>> crypto/internal/backend/common.go:21 +0x65
>>
>> wire: generate failed
>> error: Bad exit status from /var/tmp/rpm-tmp.eIFDsO (%build)
>>
>>
>> RPM build errors:
>> Bad exit status from /var/tmp/rpm-tmp.eIFDsO (%build)
>>
>>
>> Just curious if anyone can assist me here, using GOFIPS=1 worked just
>> fine on Go 1.20.5, however appears not to be the case anymore.
>>
>> Devin
>>
>>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/1e232519-40a3-427e-98e5-41928a12046an%40googlegroups.com.
