Building temporal with boringcrypto

hey everyone, my team is looking at running temporal inside of a FedRAMP certified AWS environment. In order to do that we’ll need to build temporal with the boringcrypto fork of golang. We’re just starting down that path now but if anyone else has tried this, or has thoughts about known pitfalls please let us know!

The first possible hurdle looks like it will be having to enable cgo, which is disabled when building the temporal docker image currently (cgo must be enabled in order to build with boringcrypto)

2 Likes

Alex might actually have some insights regarding cgo but he’s out of office today unfortunately. I’ve assigned this to him so once he’s back he will take a look.

Ok great! Thanks Ryland

1 Like

I don’t actually know why we have CGO_ENABLED=0 in our Dockerfile. It came from this PR. During development we build and run server w/o this setting on both Mac and Linux. I believe there shouldn’t be any problems removing it. Please let me know if there are.

1 Like