-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add a build that uses boring crypto to run on fips enabled hosts
A new build has been added that uses CGO and the boring crypto build flag to substitute go's default crypto library with boring crypto to ensure the binary can run on FIPs enabled hosts. The fips build includes the go symbol table in the binary (note other builds include -s to strip it), this allows you to run `go tool nm anchore-ecs-inventory | grep '_Cfunc__goboringcrypto_'` to verify that the binary was built with boringcrypto. A new docker image will also be built with the tag `v1.0.0-fips-amd64` that includes the -fips binary. Signed-off-by: Bradley Jones <[email protected]>
- Loading branch information
1 parent
1bc36ad
commit 3d5b3b6
Showing
1 changed file
with
50 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters