Support grpc gem v1.48.0+ for FIPS (!1414) · Merge requests · GitLab.org / Build / CNG

Stan Hu requested to merge sh-support-grpc-1.48-plus into master May 25, 2023

What does this MR do?

https://github.com/grpc/grpc/pull/27660 significantly modified the Ruby extconf.rb for TruffleRuby. Update the system SSL patch to enable FIPS builds to work for gems after 1.48.0.

Omnibus merge request: gitlab-org/omnibus-gitlab!6908 (merged)

This will be needed once gitlab-org/gitlab!121899 (merged) is merged.

Related issues

Relates to:

Testing

In the shared/build-scripts dir, run:

docker run -v $(pwd):/build-scripts  -it ruby:3.0 bash

Then create a Gemfile with:

source 'https://rubygems.org'

gem 'grpc', '~> 1.42.0'

Run bundle install inside the container.
Run FIPS_MODE=1 ./reinstall-grpc-if-fips.
It should attempt to patch:

Succesfully patched with /build-scripts/patches/grpc-system-ssl-1.42.0.patch
Building native extensions. This could take a while...

Update Gemfile to use 1.55.0 instead of 1.42.0.
Repeat steps 3-5.

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion

Required

Merge Request Title, and Description are up to date, accurate, and descriptive
MR targeting the appropriate branch
MR has a green pipeline on GitLab.com
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow

Expected (please provide an explanation if not completing)

Test plan indicating conditions for success has been posted and passes
Documentation created/updated
Integration tests added to GitLab QA
The impact any change in container size has should be evaluated

Edited May 25, 2023 by Stan Hu

Support grpc gem v1.48.0+ for FIPS