Grafana 10 / OEL9 / FIPS

linuxguruco · March 16, 2024, 11:22pm

What Grafana version and what operating system are you using?

Looking to run Grafana 10.2.X on Oracle Enterprise Linux 9.

What are you trying to achieve?

I have been given instructions to build RPM package with FIPS enabled.

How are you trying to achieve it?

I downloaded all the source files from the Fedora Package Sources, and everything compiles.
https://src.fedoraproject.org/rpms/grafana/tree/rawhide

What happened?

The problem is no matter if i’m using the built-in sqlite3 database or MySQL the application freaks out anytime it tries to do anything crypto related (i.e: logging in, trying to change password from CLI, etc).

What did you expect to happen?

To function as normal.

When I try to reset the admin password from CLI, it returns to me.

 grafana-cli --homepath='/usr/share/grafana' admin reset-admin-password 'linux007'
Deprecation warning: The standalone 'grafana-cli' program is deprecated and will be removed in the future. Please update all uses of 'grafana-cli' to 'grafana cli'
INFO [03-16|13:59:00] Starting Grafana                         logger=settings version= commit= branch= compiled=1969-12-31T17:00:00-07:00
INFO [03-16|13:59:00] Config loaded from                       logger=settings file=/usr/share/grafana/conf/defaults.ini
INFO [03-16|13:59:00] Config loaded from                       logger=settings file=/etc/grafana/grafana.ini
INFO [03-16|13:59:00] Config overridden from command line      logger=settings arg="default.paths.data=/var/lib/grafana"
INFO [03-16|13:59:00] Config overridden from command line      logger=settings arg="default.paths.logs=/var/log/grafana"
INFO [03-16|13:59:00] Config overridden from command line      logger=settings arg="default.paths.plugins=/var/lib/grafana/plugins"
INFO [03-16|13:59:00] Config overridden from command line      logger=settings arg="default.paths.provisioning=/etc/grafana/provisioning"
INFO [03-16|13:59:00] Target                                   logger=settings target=[all]
INFO [03-16|13:59:00] Path Home                                logger=settings path=/usr/share/grafana
INFO [03-16|13:59:00] Path Data                                logger=settings path=/var/lib/grafana
INFO [03-16|13:59:00] Path Logs                                logger=settings path=/var/log/grafana
INFO [03-16|13:59:00] Path Plugins                             logger=settings path=/var/lib/grafana/plugins
INFO [03-16|13:59:00] Path Provisioning                        logger=settings path=/etc/grafana/provisioning
INFO [03-16|13:59:00] App mode production                      logger=settings
INFO [03-16|13:59:00] Connecting to DB                         logger=sqlstore dbtype=mysql
INFO [03-16|13:59:00] Starting DB migrations                   logger=migrator
INFO [03-16|13:59:00] migrations completed                     logger=migrator performed=0 skipped=523 duration=427.193µs
INFO [03-16|13:59:00] Envelope encryption state                logger=secrets enabled=true current provider=secretKey.v1
SIGSEGV: segmentation violation
PC=0x0 m=0 sigcode=1
signal arrived during cgo execution

goroutine 1 [syscall]:
runtime.cgocall(0x5619c0454140, 0xc00229ef10)
        /usr/local/go/src/runtime/cgocall.go:157 +0x4b fp=0xc00229eee8 sp=0xc00229eeb0 pc=0x5619bc25692b
golang.org/x/crypto/internal/boring._Cfunc__goboringcrypto_EVP_sha256()
        _cgo_gotypes.go:64 +0x4c fp=0xc00229ef10 sp=0xc00229eee8 pc=0x5619bcd91e2c
golang.org/x/crypto/internal/boring.hashToMD({0x5619c252d6c0?, 0xc002a04000?})
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/golang.org/x/crypto/internal/boring/boring.go:37 +0x88 fp=0xc00229ef50 sp=0xc00229ef10 pc=0x5619bcd920c8
golang.org/x/crypto/internal/boring.Pbkdf2Key({0xc0029e2e78, 0x8, 0x8}, {0xc0029e2e80, 0xa, 0x10}, 0xa?, 0x10?, 0xc0029e2e80?)
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/golang.org/x/crypto/internal/boring/boring.go:63 +0x5f fp=0xc00229efe0 sp=0xc00229ef50 pc=0x5619bcd9217f
golang.org/x/crypto/pbkdf2.Key({0xc0029e2e78?, 0xc0029e2a50?, 0xa?}, {0xc0029e2e80?, 0xc00229f0a8?, 0x5619bf8e2f1c?}, 0xc0029cb200?, 0x5619c25256a0?, 0x5619c56f1140?)
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go:47 +0x1d fp=0xc00229f038 sp=0xc00229efe0 pc=0x5619bcd924fd
github.com/grafana/grafana/pkg/util.EncodePassword({0x7ffe8dc0974b?, 0x5619c25256a0?}, {0xc0029e2a50, 0xa})
        /root/rpmbuild/BUILD/grafana-10.2.3/pkg/util/encoding.go:54 +0x95 fp=0xc00229f0b8 sp=0xc00229f038 pc=0x5619bcd92e75
github.com/grafana/grafana/pkg/cmd/grafana-cli/commands.resetPassword(0x1, {0x7ffe8dc0974b, 0x8}, {0x5619c2568aa8, 0xc0029cb2c0})
        /root/rpmbuild/BUILD/grafana-10.2.3/pkg/cmd/grafana-cli/commands/reset_password_command.go:62 +0xe5 fp=0xc00229f110 sp=0xc00229f0b8 pc=0x5619c032e885
github.com/grafana/grafana/pkg/cmd/grafana-cli/commands.resetPasswordCommand({0x5619c25591d8, 0xc001d39c28}, {0xc0025d2000, {0x5619c254d2a8, 0xc0024aefc0}, {0x5619c25333e0, 0xc00298c048}, {0x5619c24f2588, 0xc002992190}, {0x5619c252aac0, ...}, ...})
        /root/rpmbuild/BUILD/grafana-10.2.3/pkg/cmd/grafana-cli/commands/reset_password_command.go:39 +0x212 fp=0xc00229f230 sp=0xc00229f110 pc=0x5619c032e6b2
github.com/grafana/grafana/pkg/cmd/grafana-cli/commands.init.runRunnerCommand.func8(0xc00259f100)
        /root/rpmbuild/BUILD/grafana-10.2.3/pkg/cmd/grafana-cli/commands/commands.go:25 +0x168 fp=0xc00229f370 sp=0xc00229f230 pc=0x5619c0330388
github.com/urfave/cli/v2.(*Command).Run(0x5619c545e340, 0xc00259f100, {0xc0025caca0, 0x2, 0x2})
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/urfave/cli/v2/command.go:273 +0x998 fp=0xc00229f600 sp=0xc00229f370 pc=0x5619bc400fb8
github.com/urfave/cli/v2.(*Command).Run(0x5619c545f680, 0xc00259ef80, {0xc0025b58c0, 0x3, 0x3})
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/urfave/cli/v2/command.go:266 +0xbe5 fp=0xc00229f890 sp=0xc00229f600 pc=0x5619bc401205
github.com/urfave/cli/v2.(*Command).Run(0xc0025b2160, 0xc00259ec40, {0xc0025c8090, 0x9, 0x9})
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/urfave/cli/v2/command.go:266 +0xbe5 fp=0xc00229fb20 sp=0xc00229f890 pc=0x5619bc401205
github.com/urfave/cli/v2.(*Command).Run(0xc0025b2840, 0xc00259eb00, {0xc0000754a0, 0xa, 0xa})
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/urfave/cli/v2/command.go:266 +0xbe5 fp=0xc00229fdb0 sp=0xc00229fb20 pc=0x5619bc401205
github.com/urfave/cli/v2.(*App).RunContext(0xc0001914a0, {0x5619c25256a0?, 0x5619c56f1140}, {0xc0000754a0, 0xa, 0xa})
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/urfave/cli/v2/app.go:332 +0x5b7 fp=0xc00229fe18 sp=0xc00229fdb0 pc=0x5619bc3fde17
github.com/urfave/cli/v2.(*App).Run(...)
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/urfave/cli/v2/app.go:309
main.main()
        /root/rpmbuild/BUILD/grafana-10.2.3/pkg/cmd/grafana/main.go:53 +0x6cb fp=0xc00229ff40 sp=0xc00229fe18 pc=0x5619c0366d0b
runtime.main()
        /usr/local/go/src/runtime/proc.go:267 +0x2d2 fp=0xc00229ffe0 sp=0xc00229ff40 pc=0x5619bc28dd52
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00229ffe8 sp=0xc00229ffe0 pc=0x5619bc2c1b61

goroutine 2 [force gc (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc00009cfa8 sp=0xc00009cf88 pc=0x5619bc28e1ce
runtime.goparkunlock(...)
        /usr/local/go/src/runtime/proc.go:404
runtime.forcegchelper()
        /usr/local/go/src/runtime/proc.go:322 +0xb8 fp=0xc00009cfe0 sp=0xc00009cfa8 pc=0x5619bc28e038
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00009cfe8 sp=0xc00009cfe0 pc=0x5619bc2c1b61
created by runtime.init.6 in goroutine 1
        /usr/local/go/src/runtime/proc.go:310 +0x1a

goroutine 3 [GC sweep wait]:
runtime.gopark(0x1?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc00009d778 sp=0xc00009d758 pc=0x5619bc28e1ce
runtime.goparkunlock(...)
        /usr/local/go/src/runtime/proc.go:404
runtime.bgsweep(0x0?)
        /usr/local/go/src/runtime/mgcsweep.go:321 +0xdf fp=0xc00009d7c8 sp=0xc00009d778 pc=0x5619bc277f9f
runtime.gcenable.func1()
        /usr/local/go/src/runtime/mgc.go:200 +0x25 fp=0xc00009d7e0 sp=0xc00009d7c8 pc=0x5619bc26d0a5
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00009d7e8 sp=0xc00009d7e0 pc=0x5619bc2c1b61
created by runtime.gcenable in goroutine 1
        /usr/local/go/src/runtime/mgc.go:200 +0x66

goroutine 4 [GC scavenge wait]:
runtime.gopark(0xc000080070?, 0x5619c1195f78?, 0x0?, 0x0?, 0x0?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc00009df70 sp=0xc00009df50 pc=0x5619bc28e1ce
runtime.goparkunlock(...)
        /usr/local/go/src/runtime/proc.go:404
runtime.(*scavengerState).park(0x5619c56a6020)
        /usr/local/go/src/runtime/mgcscavenge.go:425 +0x49 fp=0xc00009dfa0 sp=0xc00009df70 pc=0x5619bc275809
runtime.bgscavenge(0x0?)
        /usr/local/go/src/runtime/mgcscavenge.go:658 +0x59 fp=0xc00009dfc8 sp=0xc00009dfa0 pc=0x5619bc275db9
runtime.gcenable.func2()
        /usr/local/go/src/runtime/mgc.go:201 +0x25 fp=0xc00009dfe0 sp=0xc00009dfc8 pc=0x5619bc26d045
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00009dfe8 sp=0xc00009dfe0 pc=0x5619bc2c1b61
created by runtime.gcenable in goroutine 1
        /usr/local/go/src/runtime/mgc.go:201 +0xa5

goroutine 5 [finalizer wait]:
runtime.gopark(0x198?, 0x5619c24630c0?, 0x1?, 0xf3?, 0x0?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc00009c620 sp=0xc00009c600 pc=0x5619bc28e1ce
runtime.runfinq()
        /usr/local/go/src/runtime/mfinal.go:193 +0x107 fp=0xc00009c7e0 sp=0xc00009c620 pc=0x5619bc26c047
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00009c7e8 sp=0xc00009c7e0 pc=0x5619bc2c1b61
created by runtime.createfing in goroutine 1
        /usr/local/go/src/runtime/mfinal.go:163 +0x3d

goroutine 6 [GC worker (idle)]:
runtime.gopark(0xa3f05ad71fb?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc00009e750 sp=0xc00009e730 pc=0x5619bc28e1ce
runtime.gcBgMarkWorker()
        /usr/local/go/src/runtime/mgc.go:1295 +0xe5 fp=0xc00009e7e0 sp=0xc00009e750 pc=0x5619bc26ec65
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00009e7e8 sp=0xc00009e7e0 pc=0x5619bc2c1b61
created by runtime.gcBgMarkStartWorkers in goroutine 1
        /usr/local/go/src/runtime/mgc.go:1219 +0x1c

goroutine 18 [GC worker (idle)]:
runtime.gopark(0xa3f058ee7fd?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc000098750 sp=0xc000098730 pc=0x5619bc28e1ce
runtime.gcBgMarkWorker()
        /usr/local/go/src/runtime/mgc.go:1295 +0xe5 fp=0xc0000987e0 sp=0xc000098750 pc=0x5619bc26ec65
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0000987e8 sp=0xc0000987e0 pc=0x5619bc2c1b61
created by runtime.gcBgMarkStartWorkers in goroutine 1
        /usr/local/go/src/runtime/mgc.go:1219 +0x1c

goroutine 34 [GC worker (idle)]:
runtime.gopark(0xa3f05ad71fb?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc000114750 sp=0xc000114730 pc=0x5619bc28e1ce
runtime.gcBgMarkWorker()
        /usr/local/go/src/runtime/mgc.go:1295 +0xe5 fp=0xc0001147e0 sp=0xc000114750 pc=0x5619bc26ec65
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0001147e8 sp=0xc0001147e0 pc=0x5619bc2c1b61
created by runtime.gcBgMarkStartWorkers in goroutine 1
        /usr/local/go/src/runtime/mgc.go:1219 +0x1c

goroutine 7 [GC worker (idle)]:
runtime.gopark(0xa3f05b2bc50?, 0x3?, 0xcb?, 0xb6?, 0x0?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc00009ef50 sp=0xc00009ef30 pc=0x5619bc28e1ce
runtime.gcBgMarkWorker()
        /usr/local/go/src/runtime/mgc.go:1295 +0xe5 fp=0xc00009efe0 sp=0xc00009ef50 pc=0x5619bc26ec65
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00009efe8 sp=0xc00009efe0 pc=0x5619bc2c1b61
created by runtime.gcBgMarkStartWorkers in goroutine 1
        /usr/local/go/src/runtime/mgc.go:1219 +0x1c

goroutine 19 [select]:
runtime.gopark(0xc000099790?, 0x2?, 0x38?, 0x95?, 0xc000099774?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc000099618 sp=0xc0000995f8 pc=0x5619bc28e1ce
runtime.selectgo(0xc000099790, 0xc000099770, 0x0?, 0x0, 0x0?, 0x1)
        /usr/local/go/src/runtime/select.go:327 +0x725 fp=0xc000099738 sp=0xc000099618 pc=0x5619bc29e785
github.com/golang/glog.(*fileSink).flushDaemon(0x5619c56a5158)
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/golang/glog/glog_file.go:351 +0xb9 fp=0xc0000997c8 sp=0xc000099738 pc=0x5619bcf3ce99
github.com/golang/glog.init.1.func1()
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/golang/glog/glog_file.go:166 +0x25 fp=0xc0000997e0 sp=0xc0000997c8 pc=0x5619bcf3bf45
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0000997e8 sp=0xc0000997e0 pc=0x5619bc2c1b61
created by github.com/golang/glog.init.1 in goroutine 1
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/golang/glog/glog_file.go:166 +0x135

goroutine 20 [select]:
runtime.gopark(0xc000099f88?, 0x3?, 0x0?, 0xea?, 0xc000099f72?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc000099e18 sp=0xc000099df8 pc=0x5619bc28e1ce
runtime.selectgo(0xc000099f88, 0xc000099f6c, 0xc001606e00?, 0x0, 0x0?, 0x1)
        /usr/local/go/src/runtime/select.go:327 +0x725 fp=0xc000099f38 sp=0xc000099e18 pc=0x5619bc29e785
go.opencensus.io/stats/view.(*worker).start(0xc001606e00)
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/go.opencensus.io/stats/view/worker.go:292 +0x9f fp=0xc000099fc8 sp=0xc000099f38 pc=0x5619bda4625f
go.opencensus.io/stats/view.init.0.func1()
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/go.opencensus.io/stats/view/worker.go:34 +0x25 fp=0xc000099fe0 sp=0xc000099fc8 pc=0x5619bda45585
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000099fe8 sp=0xc000099fe0 pc=0x5619bc2c1b61
created by go.opencensus.io/stats/view.init.0 in goroutine 1
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/go.opencensus.io/stats/view/worker.go:34 +0x8d

goroutine 170 [select]:
runtime.gopark(0xc000117788?, 0x2?, 0x0?, 0x0?, 0xc000117784?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc000117630 sp=0xc000117610 pc=0x5619bc28e1ce
runtime.selectgo(0xc000117788, 0xc000117780, 0x5619bc257e37?, 0x0, 0x0?, 0x1)
        /usr/local/go/src/runtime/select.go:327 +0x725 fp=0xc000117750 sp=0xc000117630 pc=0x5619bc29e785
database/sql.(*DB).connectionOpener(0xc002611380, {0x5619c2525978, 0xc00267b6d0})
        /usr/local/go/src/database/sql/sql.go:1218 +0x87 fp=0xc0001177b8 sp=0xc000117750 pc=0x5619bcfb08a7
database/sql.OpenDB.func1()
        /usr/local/go/src/database/sql/sql.go:791 +0x28 fp=0xc0001177e0 sp=0xc0001177b8 pc=0x5619bcfaecc8
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0001177e8 sp=0xc0001177e0 pc=0x5619bc2c1b61
created by database/sql.OpenDB in goroutine 1
        /usr/local/go/src/database/sql/sql.go:791 +0x165

goroutine 171 [select]:
runtime.gopark(0xc000098f80?, 0x2?, 0x0?, 0x0?, 0xc000098f40?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc000098de0 sp=0xc000098dc0 pc=0x5619bc28e1ce
runtime.selectgo(0xc000098f80, 0xc000098f3c, 0x0?, 0x0, 0x0?, 0x1)
        /usr/local/go/src/runtime/select.go:327 +0x725 fp=0xc000098f00 sp=0xc000098de0 pc=0x5619bc29e785
github.com/go-sql-driver/mysql.(*mysqlConn).startWatcher.func1()
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/go-sql-driver/mysql/connection.go:614 +0x9e fp=0xc000098fe0 sp=0xc000098f00 pc=0x5619bd32513e
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000098fe8 sp=0xc000098fe0 pc=0x5619bc2c1b61
created by github.com/go-sql-driver/mysql.(*mysqlConn).startWatcher in goroutine 1
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/go-sql-driver/mysql/connection.go:611 +0xf9

goroutine 21 [select]:
runtime.gopark(0xc000112f90?, 0x2?, 0x20?, 0x6?, 0xc000112f74?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc000112e08 sp=0xc000112de8 pc=0x5619bc28e1ce
runtime.selectgo(0xc000112f90, 0xc000112f70, 0x0?, 0x0, 0x0?, 0x1)
        /usr/local/go/src/runtime/select.go:327 +0x725 fp=0xc000112f28 sp=0xc000112e08 pc=0x5619bc29e785
database/sql.(*DB).connectionCleaner(0xc002611380, 0x0?)
        /usr/local/go/src/database/sql/sql.go:1061 +0x9c fp=0xc000112fc0 sp=0xc000112f28 pc=0x5619bcfafd5c
database/sql.(*DB).startCleanerLocked.func1()
        /usr/local/go/src/database/sql/sql.go:1048 +0x25 fp=0xc000112fe0 sp=0xc000112fc0 pc=0x5619bcfafc85
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000112fe8 sp=0xc000112fe0 pc=0x5619bc2c1b61
created by database/sql.(*DB).startCleanerLocked in goroutine 1
        /usr/local/go/src/database/sql/sql.go:1048 +0x105

goroutine 37 [select]:
runtime.gopark(0xc00009a790?, 0x2?, 0xc5?, 0xff?, 0xc00009a77c?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc00009a628 sp=0xc00009a608 pc=0x5619bc28e1ce
runtime.selectgo(0xc00009a790, 0xc00009a778, 0x5619bc258a31?, 0x0, 0xc002982888?, 0x1)
        /usr/local/go/src/runtime/select.go:327 +0x725 fp=0xc00009a748 sp=0xc00009a628 pc=0x5619bc29e785
github.com/patrickmn/go-cache.(*janitor).Run(0xc002984300, 0xc0029828a0?)
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/patrickmn/go-cache/cache.go:1079 +0x7d fp=0xc00009a7c0 sp=0xc00009a748 pc=0x5619bd4cf57d
github.com/patrickmn/go-cache.runJanitor.func1()
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/patrickmn/go-cache/cache.go:1099 +0x25 fp=0xc00009a7e0 sp=0xc00009a7c0 pc=0x5619bd4cf725
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00009a7e8 sp=0xc00009a7e0 pc=0x5619bc2c1b61
created by github.com/patrickmn/go-cache.runJanitor in goroutine 1
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/patrickmn/go-cache/cache.go:1099 +0xdb

goroutine 38 [select]:
runtime.gopark(0xc0029a8f90?, 0x2?, 0xc5?, 0xff?, 0xc0029a8f7c?)
        /usr/local/go/src/runtime/proc.go:398 +0xce fp=0xc0029a8e28 sp=0xc0029a8e08 pc=0x5619bc28e1ce
runtime.selectgo(0xc0029a8f90, 0xc0029a8f78, 0x0?, 0x0, 0x0?, 0x1)
        /usr/local/go/src/runtime/select.go:327 +0x725 fp=0xc0029a8f48 sp=0xc0029a8e28 pc=0x5619bc29e785
github.com/patrickmn/go-cache.(*janitor).Run(0xc002984310, 0x0?)
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/patrickmn/go-cache/cache.go:1079 +0x7d fp=0xc0029a8fc0 sp=0xc0029a8f48 pc=0x5619bd4cf57d
github.com/patrickmn/go-cache.runJanitor.func1()
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/patrickmn/go-cache/cache.go:1099 +0x25 fp=0xc0029a8fe0 sp=0xc0029a8fc0 pc=0x5619bd4cf725
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0029a8fe8 sp=0xc0029a8fe0 pc=0x5619bc2c1b61
created by github.com/patrickmn/go-cache.runJanitor in goroutine 1
        /root/rpmbuild/BUILD/grafana-10.2.3/vendor/github.com/patrickmn/go-cache/cache.go:1099 +0xdb

rax    0x0
rbx    0xc00229ef10
rcx    0x1
rdx    0x1
rdi    0x7ff8d1c8b988
rsi    0x0
rbp    0xc00229eea0
rsp    0x7ffe8dc07e78
r8     0x0
r9     0x7ffe8dc07df0
r10    0xc0029903e0
r11    0x7ff8d1c26c80
r12    0xc0022a0000
r13    0x5619c56a8260
r14    0xc0000061a0
r15    0x1f
rip    0x0
rflags 0x10202
cs     0x33
fs     0x0
gs     0x0

Can you copy/paste the configuration(s) that you are having problems with?

It doesn’t seem to matter what my settings are. I think there is some issues with the compilation with fips openssl implementation.

I am just trying to find any guidance on what I should be doing to successfully compile Grafana with FIPS complaint openssl libraries.

jangaraj · March 17, 2024, 12:44am

Who gave you those instructions?

linuxguruco · March 17, 2024, 4:40am

Ahhhh well initial instructions was from my work, however I was just looking over the docs from the Fedora Builder page. So not sure if there is another method or any guidance on how it really should be done?

jangaraj · March 17, 2024, 8:19am

OK, so I guess that’s just how to create FIPS compatible rpm, but not Grafana itself. So you can install package successfully, but that doesn’t mean that also installed app is FIPS compatible.

https://trust.grafana.com/?itemUid=9c3e3ccf-e827-40ac-8116-fd94733ea417&source=click

Specific versions of our Enterprise Observability stack - Grafana Enterprise, Grafana Agent, Grafana Enterprise Logs, Grafana Enterprise Metrics, and Grafana Enterprise Traces (coming 2024) - can be compiled with BoringCrypto used for cryptographic functions inherent to the released images. BoringCrypto is a FIPS compliant cryptographic library that has been validated against FIPS 140-2 requirements by NIST, CCCS and CVMP as of June 29th 2022. If you require this build of the Grafana Enterprise, Grafana Agent, or Enterprise Logs, Metrics or Traces, please raise this with your account team. Grafana is not currently seeking FIPS accreditation for any products.

So did you use that specific Grafana Enteprise version compiled with BoringCrypto in your FIPS compatible rpm package?

linuxguruco · March 17, 2024, 2:57pm

I am trying to just compile the Grafana Open Source Package with FIPS. So from what information you posted to me, it appears only Grafana Enterprise will be able to be compiled in the near future with BoringCrypto and that the Open Source version will not support it, is that correct?

I think that my work is 100% assured that they were successful in getting it compiled with FIPS but it appears that may not really be the case. Interesting though that the Fedora RPM did have a patch (giving the appearance that it should allow the package to be compiled successfully with FIPS but it sounds like even if it does compile doesn’t mean it will work successfully and maybe that is why i get all the crypto errors i get when i try to run it with the compiled version.

jangaraj · March 17, 2024, 3:40pm

No, I don’t see that. There will be support for FIPS compatibility only for Grafana Enterprise Traces in near future. Be familiar with all products and offerings from Grafana Labs (vendor of Grafana and many other products). Grafana (product) is not the same as Grafana Enterprise Traces.

Linked official doc state that some Grafana Enteprise versions already has FIPS support. Please pay attention to details: Grafana OSS is not the same as Grafana Enterprise.