spike building fips binary
What does this MR do?
This is a spike for conditional compilation of FIPS compliant GitLab Runner binary.
To build with boringssl run:
docker build -f dockerfiles/runner/fips/Dockerfile --build-arg DOCKER_MACHINE_VERSION=0.16.2 --build-arg DUMB_INIT_VERSION=1.2.2 --build-arg GIT_LFS_VERSION=2.11.0 -t runner-fips .
Or with rhel tooling:
docker build -f dockerfiles/runner/fips/rhel.Dockerfile --build-arg DOCKER_MACHINE_VERSION=0.16.2 --build-arg DUMB_INIT_VERSION=1.2.2 --build-arg GIT_LFS_VERSION=2.11.0 -t rhel-runner-fips .
Then start a container with the respective image:
docker run --rm -it rhel-runner-fips
Register the runner by ssh-ing into the container:
docker exec -it <CONTAINERID> bash
gitlab-runner register
With RHEL you should have no problems, with boringssl you will see an error:
ERROR: Registering runner... failed runner=9LTwPrry status=couldn't execute POST against https://gitlab.com/api/v4/runners: Post "https://gitlab.com/api/v4/runners": x509: certificate specifies an incompatible key usage
Why was this MR needed?
Spike for gitlab#296017 (closed)
What's the best way to test this MR?
What are the relevant issue numbers?
Edited by Georgi N. Georgiev