public/pipglr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add FIPS download for gitlab-runner

Browse Source 
When FIPS is available on the host system, we should download the FIPS
binary for `gitlab-runner` by default. Users who do not want the FIPS
binary for some reason can use the non-FIPS binary by setting the
`ENABLE_FIPS` build-arg to `false`.
This commit is contained in:
Ryan Egesdahl
2024-04-08 00:06:30 -07:00
parent 1afb2496a0
commit 89457026c7
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
root/setup.sh
View File

@@ -43,8 +43,15 @@ $DNF $x install \
# Gitlab-runner package contains scriptlets which do not function properly inside a
# container-build environment where systemd is not active/running.
if [[ ${ENABLE_FIPS} == true && $(cat /proc/sys/crypto/fips_enabled) == 1 ]]; then
PACKAGE_FILE="gitlab-runner_${TARGETARCH}-fips.rpm"
else
PACKAGE_FILE="gitlab-runner_${TARGETARCH}.rpm"
fi
$DNF $x --setopt=tsflags=noscripts install \
https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/gitlab-runner_${TARGETARCH}.rpm
https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/${PACKAGE_FILE}
# Allow removing dnf, sudo, etc. packages. Also don't start unnecessary or broken
# systemd services, like anything kernel related or login gettys.