[SECCOMP-31579] - FIPS support

Author: alxbxbx

Dockerfile

@@ -8,6 +8,10 @@ WORKDIR /go/src/github.com/prometheus-community/postgres_exporter
 
 FROM base AS builder
 COPY . .
+
+ENV CGO_ENABLED=1
+ENV GOEXPERIMENT=boringcrypto
+
 RUN go mod tidy
 RUN make build
 RUN cp postgres_exporter /bin/postgres_exporter
@@ -22,4 +26,4 @@ FROM quay.io/sysdig/sysdig-stig-mini-ubi9:1.2.0 AS ubi
 COPY --from=builder /bin/postgres_exporter /bin/postgres_exporter
 EXPOSE     9187
 USER       59000:59000
-ENTRYPOINT [ "/bin/postgres_exporter" ]
+ENTRYPOINT [ "/bin/postgres_exporter" ]

Makefile.common

@@ -25,6 +25,10 @@
 # Ensure GOBIN is not set during build so that promu is installed to the correct path
 unexport GOBIN
 
+# Export flags required for FIPS compliance
+export CGO_ENABLED=1
+export GOEXPERIMENT=boringcrypto
+
 GO           ?= go
 GOFMT        ?= $(GO)fmt
 FIRST_GOPATH := $(firstword $(subst :, ,$(shell $(GO) env GOPATH)))

cmd/postgres_exporter/main.go

@@ -19,6 +19,8 @@ import (
 	"os"
 	"strings"
 
+	_ "crypto/tls/fipsonly"
+
 	"github.com/alecthomas/kingpin/v2"
 	"github.com/go-kit/log"
 	"github.com/go-kit/log/level"