Change base image from Alpine to CentOS
What does this MR do?
This change updates the Docker base image to use CentOS 8. The alpine version of the rpm
package uses a crypto interface that is not FIPS compliant.
This can be seen using:
モ docker run -it --rm --entrypoint sh registry.gitlab.com/gitlab-org/security-products/analyzers/klar:2 -c 'echo -n FIPS:;cat /proc/sys/crypto/fips_enabled; rpm -q rpm'
Unable to find image 'registry.gitlab.com/gitlab-org/security-products/analyzers/klar:2' locally
2: Pulling from gitlab-org/security-products/analyzers/klar
c9b1b535fdd9: Pull complete
eb567f3f7383: Pull complete
debc2172f28d: Pull complete
4a25ba6b248f: Pull complete
016d9438d1e8: Pull complete
Digest: sha256:3561b09a77f15bcb78479e2b5306725c47633ee4381c2590aedddb48cdb00946
Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/analyzers/klar:2
FIPS:1
error: Failed to initialize NSS library
The changes in this MR was extracted from !68 (closed)
A detailed rationale for this change can be found here.
A related MR to bump the version used by default can be found here.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by mo khan