Hi,
Please can we dig the "crypto backend" first to see?
On Tuesday, July 2, 2024 at 3:45:40 PM UTC Damien A wrote:
>
> I have been building Grafana packages previously using Go 1.20.5 on Oracle
> Enterprise Linux 9 with the following settings:
>
> export IMPORTPATH=%{_builddir}/grafana-%{version}
> export BUILDFLAGS="-v -p 4 -x -buildmode=pie -mod=vendor"
> export GOPATH=%{_builddir}/go:%{_builddir}/contrib
> export GOBIN=/usr/local/go/bin
> export GOEXPERIMENT=opensslcrypto
> export GOFIPS=1
> wire gen -tags 'oss' ./pkg/server ./pkg/cmd/grafana-cli/runner
>
> # see grafana-X.Y.Z/pkg/build/cmd.go
> export LDFLAGS="-X main.version=%{version} -X
> main.buildstamp=${SOURCE_DATE_EPOCH}"
> for cmd in grafana grafana-cli grafana-server; do
> %gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd}
> done
>
> However, we are now needing to upgrade to Grafana 10.4, which uses the
> newer Go version 1.21.10, and it appears the instructions around FIPS has
> changed a bit.
>
> Reading the article:
> https://github.com/microsoft/go/blob/microsoft/main/eng/doc/fips/README.md
>
> From what I gather, i should use
> GOEXPERIMENT=systemcrypto
>
> and it seems that I shouldn't need to use GOFIPS=1, however if I leave
> that flag enabled, the compilation fails with:
>
> + cd /root/rpmbuild/BUILD/grafana-10.2.3
> + export IMPORTPATH=/root/rpmbuild/BUILD/grafana-10.2.3
> + IMPORTPATH=/root/rpmbuild/BUILD/grafana-10.2.3
> + export 'BUILDFLAGS=-v -p 4 -x -buildmode=pie -mod=vendor'
> + BUILDFLAGS='-v -p 4 -x -buildmode=pie -mod=vendor'
> + export GOPATH=/root/rpmbuild/BUILD/go:/root/rpmbuild/BUILD/contrib
> + GOPATH=/root/rpmbuild/BUILD/go:/root/rpmbuild/BUILD/contrib
> + export GOBIN=/usr/local/go/bin
> + GOBIN=/usr/local/go/bin
> + export GOEXPERIMENT=systemcrypto
> + GOEXPERIMENT=systemcrypto
> + export GOOS=linux
> + GOOS=linux
> + export GOFIPS=1
> + GOFIPS=1
> + wire gen -tags oss ./pkg/server ./pkg/cmd/grafana-cli/runner
> wire: err: exit status 2: stderr: panic: FIPS mode requested (environment
> variable GOFIPS=1) but no supported crypto backend is enabled
>
> goroutine 1 [running]:
> crypto/internal/backend.init.0()
> crypto/internal/backend/common.go:21 +0x65
>
> wire: generate failed
> error: Bad exit status from /var/tmp/rpm-tmp.eIFDsO (%build)
>
>
> RPM build errors:
> Bad exit status from /var/tmp/rpm-tmp.eIFDsO (%build)
>
>
> Just curious if anyone can assist me here, using GOFIPS=1 worked just fine
> on Go 1.20.5, however appears not to be the case anymore.
>
> Devin
>
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/033b6445-a8f7-49cc-b7f8-b7fa5b967ad7n%40googlegroups.com.
