Gitlab Workhorse FIPS containers
PartyBus is running into FIPS related issues and we would like to have the gitlab FIPS containers because they disable the use of md5 which may help us with some of our problems. more detail here:
gitlab recently went scorched earth on their FIPS policies. So anything that uses MD5 is a no-go. FIPS, by way of the host, is enabled on the containers. (I can explain this in more detail if needed) we currently have broken maven package pipelines due to this particular change where maven does not allow package uploads for .md5 files: https://gitlab.com/gitlab-org/gitlab/-/commit/4e91c2fc11bb39d3db05ed19d79d3316b3051568
it looks like gitlab got in front of that issue by implementing this code: https://gitlab.com/gitlab-org/gitlab/-/blob/v15.4.1-ee/workhorse/internal/upload/destination/multi_hash.go#L24 However, I think this code is only triggered if workhorse is built with the FIPS_MODE variable set to 1 or true. see: https://gitlab.com/gitlab-org/build/CNG/-/blob/master/.gitlab/ci/fips.gitlab-ci.yml
Long story short, the FIPS binaries are not being used. which makes sense because those binaries are not on the releases page for gitlab. So we think we now need a fips image since gitlab has decided be proactive about disabling md5 as much as possible
This will apply to all gitlab containers