Build FIPS capable executables in a docker container

[sumgarg]

Summary

The same commands (build.sh <arch> build) as before now build a telegraf executable for the following architectures inside a docker container; a relatively recent docker installation must be present on the build machine.

• arm64 and x86_64 - FIPS, dynamically linked to use OpenSSL for crypto
• arm and MIPS - no-FIPS, statically linked to use native golang crypto

As noted on the golang-fips homepage, the binary will run in FIPS mode if:

1. The kernel is in FIPS mode (i.e. /proc/sys/crypto/fips_enabled)
2. The environment variable GOLANG_FIPS=1 is set

Details

1. Instead of using the golfing installation on a machine, the standard golang container images published on docker hub are used to build inside a container.
2. Instead of cross-compiling using the golang complier (e.g. by setting the GOARCH), a platform appropriate golang docker container is instantiated (using the docker option --platform) for the build.
3. The relevant portions of the source tree are copied to a docker builder (see Dockerfile for details).
4. For FIPS, golang-fips is used:
   1. A new golang toolchain with golang-fips included is first built.
   2. This new toolchain is then used to build a FIPS capable executable.

Testing

1. End-to-end testing has not been done.
2. string, ldd and strace were used on a build server, to verify the x86_64 binary was using OpenSSL.
3. Limited testing of the 4 different architectures was done on switches running EXOS 33.3 by manually replacing the telegraf binary and running telegraf --version.

Checklist

• No AI generated code was used in this PR

Related issues

EXOS-37069

[dccarson]

Looks good. Nice work.

[arnelplim]

Looks great!