From ffacb2280384b36173b819c9d7b7f174654f26b3 Mon Sep 17 00:00:00 2001 From: alxbxbx Date: Fri, 13 Dec 2024 12:29:56 +0100 Subject: [PATCH] [SECCOMP-31579] - FIPS support --- Dockerfile | 6 +++++- Makefile.common | 4 ++++ cmd/postgres_exporter/main.go | 2 ++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 62f0c0c92..da7c6852f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,6 +8,10 @@ WORKDIR /go/src/github.com/prometheus-community/postgres_exporter FROM base AS builder COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=boringcrypto + RUN go mod tidy RUN make build RUN cp postgres_exporter /bin/postgres_exporter @@ -22,4 +26,4 @@ FROM quay.io/sysdig/sysdig-stig-mini-ubi9:1.2.0 AS ubi COPY --from=builder /bin/postgres_exporter /bin/postgres_exporter EXPOSE 9187 USER 59000:59000 -ENTRYPOINT [ "/bin/postgres_exporter" ] \ No newline at end of file +ENTRYPOINT [ "/bin/postgres_exporter" ] diff --git a/Makefile.common b/Makefile.common index 062a28185..dcb73a2da 100644 --- a/Makefile.common +++ b/Makefile.common @@ -25,6 +25,10 @@ # Ensure GOBIN is not set during build so that promu is installed to the correct path unexport GOBIN +# Export flags required for FIPS compliance +export CGO_ENABLED=1 +export GOEXPERIMENT=boringcrypto + GO ?= go GOFMT ?= $(GO)fmt FIRST_GOPATH := $(firstword $(subst :, ,$(shell $(GO) env GOPATH))) diff --git a/cmd/postgres_exporter/main.go b/cmd/postgres_exporter/main.go index f4d454996..dcc3053dd 100644 --- a/cmd/postgres_exporter/main.go +++ b/cmd/postgres_exporter/main.go @@ -19,6 +19,8 @@ import ( "os" "strings" + _ "crypto/tls/fipsonly" + "github.com/alecthomas/kingpin/v2" "github.com/go-kit/log" "github.com/go-kit/log/level"