I have been building Grafana packages previously using Go 1.20.5 on Oracle Enterprise Linux 9 with the following settings:
export IMPORTPATH=%{_builddir}/grafana-%{version}
export BUILDFLAGS="-v -p 4 -x -buildmode=pie -mod=vendor"
export GOPATH=%{_builddir}/go:%{_builddir}/contrib
export GOBIN=/usr/local/go/bin
export GOEXPERIMENT=opensslcrypto
export GOFIPS=1
wire gen -tags 'oss' ./pkg/server ./pkg/cmd/grafana-cli/runner
# see grafana-X.Y.Z/pkg/build/cmd.go
export LDFLAGS="-X main.version=%{version} -X main.buildstamp=${SOURCE_DATE_EPOCH}"
for cmd in grafana grafana-cli grafana-server; do
%gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd}
done
However, we are now needing to upgrade to Grafana 10.4, which uses the newer Go version 1.21.10, and it appears the instructions around FIPS has changed a bit.
From what I gather, i should use
GOEXPERIMENT=systemcrypto
and it seems that I shouldn't need to use GOFIPS=1, however if I leave that flag enabled, the compilation fails with:
+ cd /root/rpmbuild/BUILD/grafana-10.2.3
+ export IMPORTPATH=/root/rpmbuild/BUILD/grafana-10.2.3
+ IMPORTPATH=/root/rpmbuild/BUILD/grafana-10.2.3
+ export 'BUILDFLAGS=-v -p 4 -x -buildmode=pie -mod=vendor'
+ BUILDFLAGS='-v -p 4 -x -buildmode=pie -mod=vendor'
+ export GOPATH=/root/rpmbuild/BUILD/go:/root/rpmbuild/BUILD/contrib
+ GOPATH=/root/rpmbuild/BUILD/go:/root/rpmbuild/BUILD/contrib
+ export GOBIN=/usr/local/go/bin
+ GOBIN=/usr/local/go/bin
+ export GOEXPERIMENT=systemcrypto
+ GOEXPERIMENT=systemcrypto
+ export GOOS=linux
+ GOOS=linux
+ export GOFIPS=1
+ GOFIPS=1
+ wire gen -tags oss ./pkg/server ./pkg/cmd/grafana-cli/runner
wire: err: exit status 2: stderr: panic: FIPS mode requested (environment variable GOFIPS=1) but no supported crypto backend is enabled
goroutine 1 [running]:
crypto/internal/backend.init.0()
crypto/internal/backend/common.go:21 +0x65
wire: generate failed
error: Bad exit status from /var/tmp/rpm-tmp.eIFDsO (%build)
RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.eIFDsO (%build)
Just curious if anyone can assist me here, using GOFIPS=1 worked just fine on Go 1.20.5, however appears not to be the case anymore.
Devin