diff --git a/Containerfile b/Containerfile
index 8288b40..2c344af 100644
--- a/Containerfile
+++ b/Containerfile
@@ -53,6 +53,9 @@ ARG GITLAB_URL=https://gitlab.com/
 # container images using podman or buildah.  Otherwise may be set 'false'.
 ARG NESTED_PRIVILEGED=true
 
+# Download the FIPS version of gitlab-runner when enabled on the host system.
+ARG ENABLE_FIPS=true
+
 # The registration runlabel may be called multiple times to register more than
 # one runner.  Each expects a REGISTRATION_TOKEN secret to be pre-defined and
 # the file './config.toml' to exist (may be empty).  A local-cache volume
diff --git a/root/setup.sh b/root/setup.sh
index 1e851d6..99201ff 100644
--- a/root/setup.sh
+++ b/root/setup.sh
@@ -43,8 +43,15 @@ $DNF $x install \
 
 # Gitlab-runner package contains scriptlets which do not function properly inside a
 # container-build environment where systemd is not active/running.
+
+if [[ ${ENABLE_FIPS} == true && $(cat /proc/sys/crypto/fips_enabled) == 1 ]]; then
+  PACKAGE_FILE="gitlab-runner_${TARGETARCH}-fips.rpm"
+else
+  PACKAGE_FILE="gitlab-runner_${TARGETARCH}.rpm"
+fi
+
 $DNF $x --setopt=tsflags=noscripts install \
-  https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/gitlab-runner_${TARGETARCH}.rpm
+  https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/${PACKAGE_FILE}
 
 # Allow removing dnf, sudo, etc. packages.  Also don't start unnecessary or broken
 # systemd services, like anything kernel related or login gettys.