Skip to content

gitlab-runner-fips-14.7.0 fails to install on RHEL8.5 cpio: Digest mismatch

Summary

Unable to install gitlab-runner-fips-14.7.0 on a FIPS 140-2 hardened RHEL 8.5 system.

Steps to reproduce

  1. Verify FIPS mode is enabled: fips-mode-setup --check
  2. Verify selinux is enabled and enforcing: sestatus
  3. Add gitlab-runner Repository curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh" | sudo bash
  4. dnf install gitlab-runner-fips-14.7.0 - this fails so we run yumdownloader gitlab-runner-fips-14.7.0 which downloads the rpm.
  5. rpm -ivh gitlab-runner-fips-14.7.0-1.x86_64.rpm fails with the following output:
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:gitlab-runner-fips-14.7.0-1      ################################# [100%]
error: unpacking of archive failed on file /usr/bin/gitlab-runner;61f0716c: cpio: Digest mismatch
error: gitlab-runner-fips-14.7.0-1.x86_64: install failed

What is the current bug behavior?

gitlab-runner-fips fails to install

What is the expected correct behavior?

gitlab-runner-fips installs with the command dnf install gitlab-runner-fips

Relevant logs and/or screenshots

cat /etc/redhat-release
Red Hat Enterprise Linux release 8.5 (Ootpa)

Output of checks

Command:

fips-mode-setup --check
FIPS mode is enabled.

Command:

sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

Results of GitLab environment info

Utilizing GitLab.com

Possible fixes

rpm -ivh --nofiledigest gitlab-runner-fips-14.7.0-1.x86_64.rpm
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:gitlab-runner-fips-14.7.0-1      ################################# [100%]
GitLab Runner: detected user gitlab-runner
FIPS mode enabled. Using BoringSSL.
Runtime platform                                    arch=amd64 os=linux pid=4995 revision=98daeee0 version=14.7.0
gitlab-runner: the service is not installed
FIPS mode enabled. Using BoringSSL.
Runtime platform                                    arch=amd64 os=linux pid=5005 revision=98daeee0 version=14.7.0
gitlab-ci-multi-runner: the service is not installed
FIPS mode enabled. Using BoringSSL.
Runtime platform                                    arch=amd64 os=linux pid=5032 revision=98daeee0 version=14.7.0
FIPS mode enabled. Using BoringSSL.
Runtime platform                                    arch=amd64 os=linux pid=5080 revision=98daeee0 version=14.7.0
INFO: Docker installation not found, skipping clear-docker-cache