Support grpc gem v1.48.0+ for FIPS
What does this MR do?
https://github.com/grpc/grpc/pull/27660 significantly modified the Ruby extconf.rb for TruffleRuby. Update the system SSL patch to enable FIPS builds to work for gems after 1.48.0.
Omnibus merge request: gitlab-org/omnibus-gitlab!6908 (merged)
This will be needed once gitlab-org/gitlab!121899 (merged) is merged.
Related issues
Relates to:
Testing
- In the
shared/build-scripts
dir, run:
docker run -v $(pwd):/build-scripts -it ruby:3.0 bash
- Then create a
Gemfile
with:
source 'https://rubygems.org'
gem 'grpc', '~> 1.42.0'
- Run
bundle install
inside the container. - Run
FIPS_MODE=1 ./reinstall-grpc-if-fips
. - It should attempt to patch:
Succesfully patched with /build-scripts/patches/grpc-system-ssl-1.42.0.patch
Building native extensions. This could take a while...
- Update
Gemfile
to use1.55.0
instead of1.42.0
. - Repeat steps 3-5.
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Integration tests added to GitLab QA -
The impact any change in container size has should be evaluated
Edited by Stan Hu