spike building fips binary (!2686) · Merge requests · GitLab.org / gitlab-runner

Georgi N. Georgiev requested to merge spike-fips into master Jan 18, 2021

What does this MR do?

This is a spike for conditional compilation of FIPS compliant GitLab Runner binary.

To build with boringssl run:

docker build -f dockerfiles/runner/fips/Dockerfile --build-arg DOCKER_MACHINE_VERSION=0.16.2 --build-arg DUMB_INIT_VERSION=1.2.2 --build-arg GIT_LFS_VERSION=2.11.0 -t runner-fips .

Or with rhel tooling:

docker build -f dockerfiles/runner/fips/rhel.Dockerfile --build-arg DOCKER_MACHINE_VERSION=0.16.2 --build-arg DUMB_INIT_VERSION=1.2.2 --build-arg GIT_LFS_VERSION=2.11.0 -t rhel-runner-fips .

Then start a container with the respective image:

docker run --rm -it rhel-runner-fips

docker exec -it <CONTAINERID> bash

gitlab-runner register

With RHEL you should have no problems, with boringssl you will see an error:

ERROR: Registering runner... failed                 runner=9LTwPrry status=couldn't execute POST against https://gitlab.com/api/v4/runners: Post "https://gitlab.com/api/v4/runners": x509: certificate specifies an incompatible key usage

spike building fips binary

What does this MR do?

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

spike building fips binary

What does this MR do?

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports