controller-gen failing due to fipsonly
slimm609 opened this issue · 2 comments
when adding _ "crypto/tls/fipsonly" to the import of main.go, controller-gen fails.
bin/controller-gen-v0.15.0 rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
-: build constraints exclude all Go files in /Users/slimm609/go/1.22.3/pkg/mod/golang.org/toolchain@v0.0.1-go1.22.3.darwin-amd64/src/crypto/tls/fipsonly
Error: not all generators ran successfully
run `controller-gen rbac:roleName=manager-role crd webhook paths=./... output:crd:artifacts:config=config/crd/bases -w` to see all available markers, or `controller-gen rbac:roleName=manager-role crd webhook paths=./... output:crd:artifacts:config=config/crd/bases -h` for usage
attempted to use the kubebuilder:skip but this did not work either
import (
// +kubebuilder:skip
_ "crypto/tls/fipsonly"
...
)
removal of the fipsonly works fine for controller-gen.
This is used to enforce fips only ciphers with boringcrypto
https://golang.google.cn/pkg/crypto/tls/fipsonly/
Interesting. Just added _ "crypto/tls/fipsonly" to a random controller and got the same error on compile.
If I understand the godoc of the fips package correctly, this package only "exists" if the GOEXPERIMENT env var is set to boringcrypto. In my case exporting the env var before running controller-gen worked
oh, nice find. I didn't even think of that.
I have boringcrypto enabled in my makefile for the build
GOEXPERIMENT=boringcrypto go build ...
so it was not on the controller-gen line.
this resolved it. Thanks for the help @sbueringer!