gitlab-base: add FIPS to UBI8 when FIPS_MODE=1
What does this MR do?
gitlab-base: add FIPS to UBI8 when FIPS_MODE=1
Replicate the effect of update-crypto-policies --set FIPS
, via script
hardening/001_crypto_policies_fips.sh
when ARG FIPS_MODE
is set to 1
Add --build-arg FIPS_MODE=${FIPS_MODE}
to .gitlab-base
template.
Include execution of this new script within UBI8 container.
Related to https://gitlab.com/gitlab-org/build/CNG/-/issues/779
Related issues
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Integration tests added to GitLab QA -
The impact any change in container size has should be evaluated -
New dependencies are managed with dependencies.io
Edited by Jason Plum