Merge branch 'add-fips' into 'main'

feat: add FIPS download for gitlab-runner See merge request qontainers/pipglr!43
2024-04-08 14:17:02 +00:00
parent 1afb2496a0 89457026c7
commit 84b66a31fd
2 changed files with 11 additions and 1 deletions
--- a/3
+++ b/3
@@ -53,6 +53,9 @@ ARG GITLAB_URL=https://gitlab.com/
 # container images using podman or buildah.  Otherwise may be set 'false'.
 ARG NESTED_PRIVILEGED=true

+# Download the FIPS version of gitlab-runner when enabled on the host system.
+ARG ENABLE_FIPS=true
+
 # The registration runlabel may be called multiple times to register more than
 # one runner.  Each expects a REGISTRATION_TOKEN secret to be pre-defined and
 # the file './config.toml' to exist (may be empty).  A local-cache volume
--- a/root/setup.sh
+++ b/root/setup.sh
@@ -43,8 +43,15 @@ $DNF $x install \

 # Gitlab-runner package contains scriptlets which do not function properly inside a
 # container-build environment where systemd is not active/running.
+
+if [[ ${ENABLE_FIPS} == true && $(cat /proc/sys/crypto/fips_enabled) == 1 ]]; then
+  PACKAGE_FILE="gitlab-runner_${TARGETARCH}-fips.rpm"
+else
+  PACKAGE_FILE="gitlab-runner_${TARGETARCH}.rpm"
+fi
+
 $DNF $x --setopt=tsflags=noscripts install \
-  https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/gitlab-runner_${TARGETARCH}.rpm
+  https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/${PACKAGE_FILE}

 # Allow removing dnf, sudo, etc. packages.  Also don't start unnecessary or broken
 # systemd services, like anything kernel related or login gettys.