TUN-8118: Disable FIPS module to build with go-boring without CGO_ENABLED

This commit is contained in:
chungthuang 2024-01-08 10:34:40 +00:00 committed by Chung-Ting
parent 159fcb44ce
commit e23d928829
8 changed files with 23 additions and 13 deletions

5
.teamcity/install-cloudflare-go.sh vendored Executable file
View File

@ -0,0 +1,5 @@
git clone -q https://github.com/cloudflare/go
cd go/src
# https://github.com/cloudflare/go/tree/34129e47042e214121b6bbff0ded4712debed18e is version go1.21.5-devel-cf
git checkout -q 34129e47042e214121b6bbff0ded4712debed18e
./make.bash

View File

@ -3,11 +3,7 @@ rm -rf go
rm -rf gocache
export GOCACHE=/tmp/gocache
git clone -q https://github.com/cloudflare/go
cd go/src
# https://github.com/cloudflare/go/tree/34129e47042e214121b6bbff0ded4712debed18e is version go1.21.5-devel-cf
git checkout -q 34129e47042e214121b6bbff0ded4712debed18e
./make.bash
../install-cloudflare-go.sh
export PATH="/tmp/go/bin:$PATH"
go version

View File

@ -12,8 +12,10 @@ WORKDIR /go/src/github.com/cloudflare/cloudflared/
# copy our sources into the builder image
COPY . .
RUN .teamcity/install-cloudflare-go.sh
# compile cloudflared
RUN make cloudflared
RUN PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" make cloudflared
# use a distroless base image with glibc
FROM gcr.io/distroless/base-debian11:nonroot

View File

@ -8,8 +8,12 @@ WORKDIR /go/src/github.com/cloudflare/cloudflared/
# copy our sources into the builder image
COPY . .
RUN .teamcity/install-cloudflare-go.sh
RUN PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" go env
# compile cloudflared
RUN GOOS=linux GOARCH=amd64 make cloudflared
RUN GOOS=linux GOARCH=amd64 PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" make cloudflared
# use a distroless base image with glibc
FROM gcr.io/distroless/base-debian11:nonroot

View File

@ -8,8 +8,10 @@ WORKDIR /go/src/github.com/cloudflare/cloudflared/
# copy our sources into the builder image
COPY . .
RUN .teamcity/install-cloudflare-go.sh
# compile cloudflared
RUN GOOS=linux GOARCH=arm64 make cloudflared
RUN GOOS=linux GOARCH=arm64 PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" make cloudflared
# use a distroless base image with glibc
FROM gcr.io/distroless/base-debian11:nonroot-arm64

View File

@ -31,7 +31,7 @@ Downloads are available as standalone binaries, a Docker image, and Debian, RPM,
* Binaries, Debian, and RPM packages for Linux [can be found here](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation#linux)
* A Docker image of `cloudflared` is [available on DockerHub](https://hub.docker.com/r/cloudflare/cloudflared)
* You can install on Windows machines with the [steps here](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation#windows)
* Build from source with the [instructions here](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation#build-from-source)
* To build from source, first you need to download the go toolchain by running `./.teamcity/install-cloudflare-go.sh` and follow the output. Then you can run `make cloudflared`
User documentation for Cloudflare Tunnel can be found at https://developers.cloudflare.com/cloudflare-one/connections/connect-apps

View File

@ -1,8 +1,8 @@
VERSION=$(git describe --tags --always --match "[0-9][0-9][0-9][0-9].*.*")
echo $VERSION
# Avoid depending on C code since we don't need it.
export CGO_ENABLED=0
# Disable FIPS module in go-boring
export GOEXPERIMENT=noboringcrypto
# This controls the directory the built artifacts go into
export ARTIFACT_DIR=built_artifacts/

View File

@ -4,6 +4,7 @@ ENV GO111MODULE=on \
WORKDIR /go/src/github.com/cloudflare/cloudflared/
RUN apt-get update
COPY . .
RUN .teamcity/install-cloudflare-go.sh
# compile cloudflared
RUN make cloudflared
RUN PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" make cloudflared
RUN cp /go/src/github.com/cloudflare/cloudflared/cloudflared /usr/local/bin/