TUN-8118: Disable FIPS module to build with go-boring without CGO_ENABLED

Author: chungthuang

.teamcity/install-cloudflare-go.sh

@@ -0,0 +1,5 @@
+git clone -q https://github.com/cloudflare/go
+cd go/src
+# https://github.com/cloudflare/go/tree/34129e47042e214121b6bbff0ded4712debed18e is version go1.21.5-devel-cf
+git checkout -q 34129e47042e214121b6bbff0ded4712debed18e
+./make.bash

.teamcity/mac/install-cloudflare-go.sh

@@ -3,11 +3,7 @@ rm -rf go
 rm -rf gocache
 export GOCACHE=/tmp/gocache
 
-git clone -q https://github.com/cloudflare/go
-cd go/src
-# https://github.com/cloudflare/go/tree/34129e47042e214121b6bbff0ded4712debed18e is version go1.21.5-devel-cf
-git checkout -q 34129e47042e214121b6bbff0ded4712debed18e
-./make.bash
+../install-cloudflare-go.sh
 
 export PATH="/tmp/go/bin:$PATH"
 go version

Dockerfile

@@ -6,14 +6,16 @@ ENV GO111MODULE=on \
     CGO_ENABLED=0 \
     TARGET_GOOS=${TARGET_GOOS} \
     TARGET_GOARCH=${TARGET_GOARCH}
-    
+
 WORKDIR /go/src/github.com/cloudflare/cloudflared/
 
 # copy our sources into the builder image
 COPY . .
 
+RUN .teamcity/install-cloudflare-go.sh
+
 # compile cloudflared
-RUN make cloudflared
+RUN PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" make cloudflared
 
 # use a distroless base image with glibc
 FROM gcr.io/distroless/base-debian11:nonroot

Dockerfile.amd64

@@ -8,8 +8,12 @@ WORKDIR /go/src/github.com/cloudflare/cloudflared/
 # copy our sources into the builder image
 COPY . .
 
+RUN .teamcity/install-cloudflare-go.sh
+
+RUN PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" go env
+
 # compile cloudflared
-RUN GOOS=linux GOARCH=amd64 make cloudflared
+RUN GOOS=linux GOARCH=amd64 PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" make cloudflared
 
 # use a distroless base image with glibc
 FROM gcr.io/distroless/base-debian11:nonroot

Dockerfile.arm64

@@ -8,8 +8,10 @@ WORKDIR /go/src/github.com/cloudflare/cloudflared/
 # copy our sources into the builder image
 COPY . .
 
+RUN .teamcity/install-cloudflare-go.sh
+
 # compile cloudflared
-RUN GOOS=linux GOARCH=arm64 make cloudflared
+RUN GOOS=linux GOARCH=arm64 PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" make cloudflared
 
 # use a distroless base image with glibc
 FROM gcr.io/distroless/base-debian11:nonroot-arm64

README.md

@@ -31,7 +31,7 @@ Downloads are available as standalone binaries, a Docker image, and Debian, RPM,
 * Binaries, Debian, and RPM packages for Linux [can be found here](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation#linux)
 * A Docker image of `cloudflared` is [available on DockerHub](https://hub.docker.com/r/cloudflare/cloudflared)
 * You can install on Windows machines with the [steps here](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation#windows)
-* Build from source with the [instructions here](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation#build-from-source)
+* To build from source, first you need to download the go toolchain by running `./.teamcity/install-cloudflare-go.sh` and follow the output. Then you can run `make cloudflared`
 
 User documentation for Cloudflare Tunnel can be found at https://developers.cloudflare.com/cloudflare-one/connections/connect-apps
 

build-packages.sh

@@ -1,8 +1,8 @@
 VERSION=$(git describe --tags --always --match "[0-9][0-9][0-9][0-9].*.*")
 echo $VERSION
 
-# Avoid depending on C code since we don't need it.
-export CGO_ENABLED=0
+# Disable FIPS module in go-boring
+export GOEXPERIMENT=noboringcrypto
 
 # This controls the directory the built artifacts go into
 export ARTIFACT_DIR=built_artifacts/

dev.Dockerfile

@@ -4,6 +4,7 @@ ENV GO111MODULE=on \
 WORKDIR /go/src/github.com/cloudflare/cloudflared/
 RUN apt-get update
 COPY . .
+RUN .teamcity/install-cloudflare-go.sh
 # compile cloudflared
-RUN make cloudflared
+RUN PATH="/go/src/github.com/cloudflare/cloudflared/go/bin:$PATH" make cloudflared
 RUN cp /go/src/github.com/cloudflare/cloudflared/cloudflared /usr/local/bin/