Use Labkit for FIPS check
We can reduce code duplication used for the FIPS check by using LabKit's implementation.
LabKit uses the fips
tag instead of the boringcrypto
tag, which is
deprecated in any case and replaced with GOEXPERIMENT=boringcrypto
due to https://github.com/golang/go/issues/51940.
This commit changes the message on a FIPS system from:
FIPS mode enabled. Using BoringSSL.
to:
FIPS mode is enabled. Using an external SSL library.
On a non-FIPS system, this commit changes the message from:
GitLab Runner was compiled with FIPS mode but BoringSSL is not enabled.
to:
Binary was compiled with FIPS mode, but an external SSL library was not enabled.
The test in https://gitlab.com/gitlab-org/ci-cd/tests/runner-incept/-/blob/21f4635639574814ddd4e553e3f56a9155e0c027/spec/before_main_after_spec.rb#L9 needs to be adjusted to account for this.
Edited by Stan Hu