Skip to content

Enable FIPS compliance enforcement for prometheus-operator build#2244

Open
danielmellado wants to merge 1 commit intorhobs:release-1.3from
danielmellado:release-1.3-prom-op-force-fips
Open

Enable FIPS compliance enforcement for prometheus-operator build#2244
danielmellado wants to merge 1 commit intorhobs:release-1.3from
danielmellado:release-1.3-prom-op-force-fips

Conversation

@danielmellado
Copy link
Contributor

@danielmellado danielmellado commented Jan 13, 2026
edited
Loading

Explicitly set needed ENVs for FIPS to enable the Go compliance shim in
openshift-golang-builder. This also bypasses the shim to use the real
go implementation

This ensures:

  • CGO_ENABLED=1 (dynamic linking to OpenSSL)
  • GOEXPERIMENT=strictfipsruntime automatically added
  • GOTOOLCHAIN=local use the container's FIPS-patched Go, prevent
    downloading upstream toolchain

Signed-off-by: Daniel Mellado dmellado@fedoraproject.org

@danielmellado
Enable FIPS compliance enforcement for prometheus-operator build
523da5d 
Explicitly set needed ENVs for FIPS  to enable the Go compliance shim in
 openshift-golang-builder. This also bypasses the shim to use the real
go implementation

This ensures:

- CGO_ENABLED=1 (dynamic linking to OpenSSL)
- GOEXPERIMENT=strictfipsruntime automatically added
- GOTOOLCHAIN=local use the container's FIPS-patched Go, prevent
  downloading upstream toolchain

Signed-off-by: Daniel Mellado <dmellado@fedoraproject.org>
@danielmellado danielmellado force-pushed the release-1.3-prom-op-force-fips branch from 67b52d6 to 523da5d Compare January 22, 2026 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@danielmellado