Skip to content

Use SHA256 instead of MD5 for digest

Stan Hu requested to merge sh-use-sha256-digest into main

MD5 is not available on FIPS-enabled platforms. We should use SHA256 throughout.

Related to #29027 (closed)

Testing

Confirmed that the package built in https://gitlab.com/gitlab-org/gitlab-runner/-/jobs/2380191994 works on a RHEL 8 FIPS system:

[stanhu@stanhu-fips1 rpm]$ cat /proc/sys/crypto/fips_enabled
1
[stanhu@stanhu-fips1 rpm]$ sudo rpm -ivh gitlab-runner_amd64-fips.rpm
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:gitlab-runner-fips-14.11.0~beta.2################################# [100%]
GitLab Runner: creating gitlab-runner...
Home directory skeleton not used
FIPS mode enabled. Using BoringSSL.
Runtime platform                                    arch=amd64 os=linux pid=4969 revision=51b97857 version=14.11.0~beta.25.g51b97857
gitlab-runner: the service is not installed
FIPS mode enabled. Using BoringSSL.
Runtime platform                                    arch=amd64 os=linux pid=4979 revision=51b97857 version=14.11.0~beta.25.g51b97857
gitlab-ci-multi-runner: the service is not installed
FIPS mode enabled. Using BoringSSL.
Runtime platform                                    arch=amd64 os=linux pid=5007 revision=51b97857 version=14.11.0~beta.25.g51b97857
FIPS mode enabled. Using BoringSSL.
Runtime platform                                    arch=amd64 os=linux pid=5051 revision=51b97857 version=14.11.0~beta.25.g51b97857
INFO: Docker installation not found, skipping clear-docker-cache
Edited by Georgi N. Georgiev

Merge request reports