Install git and git-lfs via package manager in ubi.fips.base image (!4405) · Merge requests · GitLab.org / gitlab-runner

Axel von Bertoldi requested to merge avonbertoldi/ubi-git-git-lfs-install into main Oct 11, 2023

The vulnerabilities against git and git-lfs that prompted us to install those packages manually have been downgraded from High and Critical to Medium. Since we don't address Medium CVE vulnerabilities, we can return to installing these packages via microdnf. This change not only addresses #36051 (closed), but also cuts the pipeline runtime by ~3 hours when the prepare ubi base job is triggered, and makes that job much less flaky since it often timed out.

This is not the end of this story though. We need to put ourselves in a better position to handle CVEs against 3rd party packages.

Fixes #36051 (closed)

More discussion in https://gitlab.slack.com/archives/C05TDR6G2RY

Edited Oct 11, 2023 by Axel von Bertoldi

Install git and git-lfs via package manager in ubi.fips.base image

Merge request reports