diff options
author | Stan Hu <stanhu@gmail.com> | 2022-06-18 08:18:51 +0300 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2022-06-18 08:31:35 +0300 |
commit | 20135b0bcb0086177399e2592b9bc69ee26b5abb (patch) | |
tree | 7ab4034b8b229034fd69e1e5574a0b4a3f2ca929 | |
parent | dfacb9cccdc9f5e023036575f6920cab9afbc762 (diff) |
Use FIPS-compliant encryption for gitaly-ruby in FIPS modesh-enable-fips-mode-gitaly-ruby
With https://gitlab.com/gitlab-org/labkit-ruby/-/merge_requests/90,
labkit-ruby will swap uses of Ruby's Digest module in favor of
OpenSSL::Digest to ensure FIPS compliance.
Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/360174
Changelog: changed
-rw-r--r-- | ruby/Gemfile | 2 | ||||
-rw-r--r-- | ruby/Gemfile.lock | 8 | ||||
-rwxr-xr-x | ruby/bin/gitaly-ruby | 2 |
3 files changed, 7 insertions, 5 deletions
diff --git a/ruby/Gemfile b/ruby/Gemfile index 787e705f9..7037e215f 100644 --- a/ruby/Gemfile +++ b/ruby/Gemfile @@ -13,7 +13,7 @@ gem 'faraday', '~> 1.0' gem 'rbtrace', require: false # Labkit provides observability functionality -gem 'gitlab-labkit', '~> 0.21.1' +gem 'gitlab-labkit', '~> 0.23' # Detects the open source license the repository includes # This version needs to be in sync with GitLab CE/EE diff --git a/ruby/Gemfile.lock b/ruby/Gemfile.lock index 3616864ad..f8688dbb5 100644 --- a/ruby/Gemfile.lock +++ b/ruby/Gemfile.lock @@ -65,11 +65,11 @@ GEM gitlab-gollum-rugged_adapter (0.4.4.4.gitlab.1) mime-types (>= 1.15) rugged (~> 1.0) - gitlab-labkit (0.21.2) + gitlab-labkit (0.23.0) actionpack (>= 5.0.0, < 7.0.0) activesupport (>= 5.0.0, < 7.0.0) - grpc (~> 1.30) - jaeger-client (~> 1.1) + grpc (>= 1.37) + jaeger-client (~> 1.1.0) opentracing (~> 0.4) pg_query (~> 2.1) redis (> 3.0.0, < 5.0.0) @@ -231,7 +231,7 @@ DEPENDENCIES github-linguist (~> 7.12) gitlab-gollum-lib (~> 4.2.7.10.gitlab.2) gitlab-gollum-rugged_adapter (~> 0.4.4.4.gitlab.1) - gitlab-labkit (~> 0.21.1) + gitlab-labkit (~> 0.23) gitlab-license_finder gitlab-markup (~> 1.7.1) google-protobuf (~> 3.19.0) diff --git a/ruby/bin/gitaly-ruby b/ruby/bin/gitaly-ruby index c0f17b1e5..7ec113674 100755 --- a/ruby/bin/gitaly-ruby +++ b/ruby/bin/gitaly-ruby @@ -31,6 +31,8 @@ def main FileUtils.mkdir_p(socket_dir) File.chmod(0700, socket_dir) + Labkit::FIPS.enable_fips_mode! if Labkit::FIPS.enabled? + set_rugged_search_path load_distributed_tracing |