Building temporal with boringcrypto

Kevin_Flynn · July 2, 2020, 5:35pm

hey everyone, my team is looking at running temporal inside of a FedRAMP certified AWS environment. In order to do that we’ll need to build temporal with the boringcrypto fork of golang. We’re just starting down that path now but if anyone else has tried this, or has thoughts about known pitfalls please let us know!

The first possible hurdle looks like it will be having to enable cgo, which is disabled when building the temporal docker image currently (cgo must be enabled in order to build with boringcrypto)

ryland · July 2, 2020, 5:51pm

Alex might actually have some insights regarding cgo but he’s out of office today unfortunately. I’ve assigned this to him so once he’s back he will take a look.

Kevin_Flynn · July 2, 2020, 6:37pm

Ok great! Thanks Ryland

alex · July 6, 2020, 5:20pm

I don’t actually know why we have CGO_ENABLED=0 in our Dockerfile. It came from this PR. During development we build and run server w/o this setting on both Mac and Linux. I believe there shouldn’t be any problems removing it. Please let me know if there are.

Topic		Replies	Views
FIPS compliance Community Support	6	1966	October 1, 2020
Temporal Encryption Converter: My New Go Library for Workflow Security Show & Tell go-sdk	2	467	July 11, 2023
Hello (plus: a guide to run the Temporal Server in a VirtualBox VM) Community Support general-impl	3	558	October 12, 2021
Unable to build Temporal Server Go Binary Community Support general-impl	0	96	May 28, 2024
Temporal v1.20 with MySQL and Kerberos Server Deployment	0	322	April 11, 2023

Building temporal with boringcrypto

Related topics