Stop installing tar in ubi fips base image (!4703) · Merge requests · GitLab.org / gitlab-runner · GitLab

The 17.0 major release is coming on May 16, 2024! This version brings many exciting improvements to GitLab, but also removes some deprecated features. We are introducing three breaking change windows during which we expect breaking changes to be deployed to GitLab.com. You can read more about it on our blogpost . The second breaking change window begins 2024-04-29 09:00 UTC and ends 2024-05-01 22:00 UTC.

Axel von Bertoldi requested to merge avonbertoldi/fedramp-no-install-tar into main Mar 29, 2024

There are 2 fedramp issues against the runner and helpr fips images because of vulnerabilities in tar:

gitlab-org/gitlab-runner#37263+
gitlab-org/gitlab-runner#37264+

I haven't found anywhere this project, nor any of the downstream projects that consume these images, a single use of tar.

In light of that I'll remove it; we can always add it back if we break something.

Closes gitlab-org/gitlab-runner#37263+
Closes gitlab-org/gitlab-runner#37264+

Edited Mar 29, 2024 by Axel von Bertoldi