Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

example: FIPS mode on Linux #3480

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

example: FIPS mode on Linux #3480

wants to merge 4 commits into from

Conversation

pellared
Copy link
Contributor

@pellared pellared commented Nov 7, 2024
edited
Loading

Towards #3460

Testing if it is possible to run the example in FIPS mode on Linux:

$ export OTEL_SERVICE_NAME="splunk-otel-go-example"
$ export OTEL_RESOURCE_ATTRIBUTES="deployment.environment=$(whoami)"
$ GOEXPERIMENT=boringcrypto SPLUNK_REALM=us0 SPLUNK_ACCESS_TOKEN=[REDACTED] go run .
HTTP request:
GET / HTTP/1.1
Host: localhost:8080
Accept-Encoding: gzip
Traceparent: 00-136bd7d8fc7ac8fc70b46b92d80ab781-332384ffe26b8457-01
User-Agent: Go-http-client/1.1

HTTP response:
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Server-Timing
Date: Thu, 07 Nov 2024 14:12:02 GMT
Server-Timing: traceparent;desc="00-136bd7d8fc7ac8fc70b46b92d80ab781-eab31b07facf8fb6-01"
Content-Length: 0

The trace was present in o11y Cloud.

@pellared pellared changed the title example: FIPS mode example: FIPS mode on Linux Nov 7, 2024
@pellared pellared marked this pull request as ready for review November 7, 2024 14:47
@pellared pellared requested review from a team as code owners November 7, 2024 14:47
@codecov-commenter
Copy link

codecov-commenter commented Nov 7, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 79.49%. Comparing base (448e911) to head (d9b0fec).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3480   +/-   ##
=======================================
  Coverage   79.49%   79.49%           
=======================================
  Files          88       88           
  Lines        3507     3507           
=======================================
  Hits         2788     2788           
  Misses        645      645           
  Partials       74       74
Flag Coverage Δ
Linux 79.21% <ø> (ø)
Windows 75.24% <ø> (ø)
macOS 75.24% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

MrAlias
MrAlias reviewed Nov 7, 2024
View reviewed changes
example/README.md
- Splunk Observability Cloud: <https://app.signalfx.com/#/apm?environments=YOURUSERNAME>
> Note: Processing might take some time.

### FIPS mode - Linux
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to say something about stability guarantees here?

https://go.dev/src/crypto/internal/boring/README

We have been working inside Google on a fork of Go that uses BoringCrypto (the core of BoringSSL) for various crypto primitives, in furtherance of some work related to FIPS 140. We have heard that some external users of Go would be interested in this code as well, so we have published this code here in the main Go repository behind the setting GOEXPERIMENT=boringcrypto.

Use of GOEXPERIMENT=boringcrypto outside Google is unsupported. This mode is not part of the Go 1 compatibility rules, and it may change incompatibly or break in other ways at any time.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should indeed add a notice. Also probably that using it does not implies that something is FIPS compliant.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrAlias MrAlias MrAlias left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pellared @codecov-commenter @MrAlias