From e23d928829ca2c65f7131909a73471fe56d5699e Mon Sep 17 00:00:00 2001
From: chungthuang <chungting@cloudflare.com>
Date: Mon, 8 Jan 2024 10:34:40 +0000
Subject: [PATCH] TUN-8118: Disable FIPS module to build with go-boring without
 CGO_ENABLED

---
 .teamcity/install-cloudflare-go.sh     | 5 +++++
 .teamcity/mac/install-cloudflare-go.sh | 6 +-----
 Dockerfile                             | 6 ++++--
 Dockerfile.amd64                       | 6 +++++-
 Dockerfile.arm64                       | 4 +++-
 README.md                              | 2 +-
 build-packages.sh                      | 4 ++--
 dev.Dockerfile                         | 3 ++-
 8 files changed, 23 insertions(+), 13 deletions(-)
 create mode 100755 .teamcity/install-cloudflare-go.sh

diff --git a/.teamcity/install-cloudflare-go.sh b/.teamcity/install-cloudflare-go.sh
new file mode 100755
index 00000000..7a431cdc
--- /dev/null
+++ b/.teamcity/install-cloudflare-go.sh
@@ -0,0 +1,5 @@
+git clone -q https://github.com/cloudflare/go
+cd go/src
+# https://github.com/cloudflare/go/tree/34129e47042e214121b6bbff0ded4712debed18e is version go1.21.5-devel-cf
+git checkout -q 34129e47042e214121b6bbff0ded4712debed18e
+./make.bash
\ No newline at end of file
diff --git a/.teamcity/mac/install-cloudflare-go.sh b/.teamcity/mac/install-cloudflare-go.sh
index 2c092430..75925b54 100755
--- a/.teamcity/mac/install-cloudflare-go.sh
+++ b/.teamcity/mac/install-cloudflare-go.sh
@@ -3,11 +3,7 @@ rm -rf go
 rm -rf gocache
 export GOCACHE=/tmp/gocache
 
-git clone -q https://github.com/cloudflare/go
-cd go/src
-# https://github.com/cloudflare/go/tree/34129e47042e214121b6bbff0ded4712debed18e is version go1.21.5-devel-cf
-git checkout -q 34129e47042e214121b6bbff0ded4712debed18e
-./make.bash
+../install-cloudflare-go.sh
 
 export PATH="/tmp/go/bin:$PATH"
 go version
diff --git a/Dockerfile b/Dockerfile
index ac31f936..77d8b1a5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,14 +6,16 @@ ENV GO111MODULE=on \
     CGO_ENABLED=0 \
     TARGET_GOOS=${TARGET_GOOS} \
     TARGET_GOARCH=${TARGET_GOARCH}
-    
+
 WORKDIR /go/src/github.com/cloudflare/cloudflared/
 
 # copy our sources into the builder image
 COPY . .
 
+RUN .teamcity/install-cloudflare-go.sh
+
 # compile cloudflared
-RUN make cloudflared
+RUN PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" make cloudflared
 
 # use a distroless base image with glibc
 FROM gcr.io/distroless/base-debian11:nonroot
diff --git a/Dockerfile.amd64 b/Dockerfile.amd64
index 4cb0b5e2..00cf98f6 100644
--- a/Dockerfile.amd64
+++ b/Dockerfile.amd64
@@ -8,8 +8,12 @@ WORKDIR /go/src/github.com/cloudflare/cloudflared/
 # copy our sources into the builder image
 COPY . .
 
+RUN .teamcity/install-cloudflare-go.sh
+
+RUN PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" go env
+
 # compile cloudflared
-RUN GOOS=linux GOARCH=amd64 make cloudflared
+RUN GOOS=linux GOARCH=amd64 PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" make cloudflared
 
 # use a distroless base image with glibc
 FROM gcr.io/distroless/base-debian11:nonroot
diff --git a/Dockerfile.arm64 b/Dockerfile.arm64
index b1b6a86b..c0430256 100644
--- a/Dockerfile.arm64
+++ b/Dockerfile.arm64
@@ -8,8 +8,10 @@ WORKDIR /go/src/github.com/cloudflare/cloudflared/
 # copy our sources into the builder image
 COPY . .
 
+RUN .teamcity/install-cloudflare-go.sh
+
 # compile cloudflared
-RUN GOOS=linux GOARCH=arm64 make cloudflared
+RUN GOOS=linux GOARCH=arm64 PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" make cloudflared
 
 # use a distroless base image with glibc
 FROM gcr.io/distroless/base-debian11:nonroot-arm64
diff --git a/README.md b/README.md
index 63e86b07..7a3d3bbf 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ Downloads are available as standalone binaries, a Docker image, and Debian, RPM,
 * Binaries, Debian, and RPM packages for Linux [can be found here](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation#linux)
 * A Docker image of `cloudflared` is [available on DockerHub](https://hub.docker.com/r/cloudflare/cloudflared)
 * You can install on Windows machines with the [steps here](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation#windows)
-* Build from source with the [instructions here](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation#build-from-source)
+* To build from source, first you need to download the go toolchain by running `./.teamcity/install-cloudflare-go.sh` and follow the output. Then you can run `make cloudflared`
 
 User documentation for Cloudflare Tunnel can be found at https://developers.cloudflare.com/cloudflare-one/connections/connect-apps
 
diff --git a/build-packages.sh b/build-packages.sh
index 6ca0bcd8..8f415dd7 100755
--- a/build-packages.sh
+++ b/build-packages.sh
@@ -1,8 +1,8 @@
 VERSION=$(git describe --tags --always --match "[0-9][0-9][0-9][0-9].*.*")
 echo $VERSION
 
-# Avoid depending on C code since we don't need it.
-export CGO_ENABLED=0
+# Disable FIPS module in go-boring
+export GOEXPERIMENT=noboringcrypto
 
 # This controls the directory the built artifacts go into
 export ARTIFACT_DIR=built_artifacts/
diff --git a/dev.Dockerfile b/dev.Dockerfile
index 09e744be..c046ebbf 100644
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
@@ -4,6 +4,7 @@ ENV GO111MODULE=on \
 WORKDIR /go/src/github.com/cloudflare/cloudflared/
 RUN apt-get update
 COPY . .
+RUN .teamcity/install-cloudflare-go.sh
 # compile cloudflared
-RUN make cloudflared
+RUN PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" make cloudflared
 RUN cp /go/src/github.com/cloudflare/cloudflared/cloudflared /usr/local/bin/