Draft: build openssl from source for ubi base image (!4109) · Merge requests · GitLab.org / gitlab-runner

Georgi N. Georgiev requested to merge build-openssl-ubi into main May 23, 2023

What does this MR do?

Builds OpenSSL 3.0.0 from source while also switching to UBI 9.

Upgrading to a newer than 8 UBI version is blocked by OpenSSL's FIPS certification. We have the green light to use OpenSSL 3.0 in UBI 9, but installing OpenSSL from the package manager installs the latest version available in the UBI 9 repos, regardless if thats UBI 9.0 or UBI 9.2.

So the solution is to build OpenSSL from source with FIPS enabled.

https://github.com/openssl/openssl/blob/master/README-FIPS.md

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Closes https://gitlab.com/gitlab-org/gitlab-runner/-/issues/30998, https://gitlab.com/gitlab-org/gitlab-runner/-/issues/30997, https://gitlab.com/gitlab-org/gitlab-runner/-/issues/30996

Admin message

Draft: build openssl from source for ubi base image

What does this MR do?

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports