From 4a6e07ca442cda88e2844c3a27700f384c84a841 Mon Sep 17 00:00:00 2001
From: alxbxbx <aleksandar.stankovic@sysdig.com>
Date: Fri, 6 Dec 2024 11:32:30 +0100
Subject: [PATCH] [SECCOMP-31579] FIPS compliance

---
 Dockerfile | 2 +-
 Makefile   | 5 +++--
 main.go    | 2 ++
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c1485118..a2e49cf7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,7 @@ ARG GOARCH="amd64"
 ARG SHA1="[no-sha]"
 ARG TAG="[no-tag]"
 
-RUN BUILD_DATE=$(date +%F-%T) CGO_ENABLED=0 GOOS=linux GOARCH=$GOARCH go build -o /redis_exporter \
+RUN BUILD_DATE=$(date +%F-%T) CGO_ENABLED=1 GOEXPERIMENT=boringcrypto GOOS=linux GOARCH=$GOARCH go build -o /redis_exporter \
     -ldflags  "-s -w -extldflags \"-static\" -X main.BuildVersion=$TAG -X main.BuildCommitSha=$SHA1 -X main.BuildDate=$BUILD_DATE" .
 
 RUN [ $GOARCH = "amd64" ]  && /redis_exporter -version || ls -la /redis_exporter
diff --git a/Makefile b/Makefile
index 10e544e8..222a94fe 100644
--- a/Makefile
+++ b/Makefile
@@ -67,7 +67,7 @@ upload-coverage:
 
 
 BUILD_DT:=$(shell date +%F-%T)
-GO_LDFLAGS:="-s -w -extldflags \"-static\" -X main.BuildVersion=${DRONE_TAG} -X main.BuildCommitSha=${DRONE_COMMIT_SHA} -X main.BuildDate=$(BUILD_DT)" 
+GO_LDFLAGS:="-s -w -extldflags \"-static\" -X main.BuildVersion=${DRONE_TAG} -X main.BuildCommitSha=${DRONE_COMMIT_SHA} -X main.BuildDate=$(BUILD_DT)"
 
 .PHONE: build-binaries
 build-binaries:
@@ -75,7 +75,8 @@ build-binaries:
 
 	rm -rf .build | true
 
-	export CGO_ENABLED=0 ; \
+	export CGO_ENABLED=1 ; \
+	export GOEXPERIMENT=boringcrypto ; \
 	gox -os="linux windows freebsd netbsd openbsd"        -arch="amd64 386" -verbose -rebuild -ldflags $(GO_LDFLAGS) -output ".build/redis_exporter-${DRONE_TAG}.{{.OS}}-{{.Arch}}/{{.Dir}}" && \
 	gox -os="darwin solaris illumos"                      -arch="amd64"     -verbose -rebuild -ldflags $(GO_LDFLAGS) -output ".build/redis_exporter-${DRONE_TAG}.{{.OS}}-{{.Arch}}/{{.Dir}}" && \
 	gox -os="darwin"                                      -arch="arm64"     -verbose -rebuild -ldflags $(GO_LDFLAGS) -output ".build/redis_exporter-${DRONE_TAG}.{{.OS}}-{{.Arch}}/{{.Dir}}" && \
diff --git a/main.go b/main.go
index 171bdbd3..6b22473d 100644
--- a/main.go
+++ b/main.go
@@ -9,6 +9,8 @@ import (
 	"strconv"
 	"time"
 
+	_ "crypto/tls/fipsonly"
+
 	"github.com/prometheus/client_golang/prometheus"
 	log "github.com/sirupsen/logrus"