Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI pipeline uses CentOS 7 which is EOL #3270

Open
johananl opened this issue Jul 2, 2024 · 6 comments · May be fixed by #3307
Open

CI pipeline uses CentOS 7 which is EOL #3270

johananl opened this issue Jul 2, 2024 · 6 comments · May be fixed by #3307
Labels
kind/release
Milestone
0.40.0

Comments

@johananl
Copy link
Contributor

johananl commented Jul 2, 2024

The following CI pipeline uses CentOS 7 which is EOL now:

falco/.github/workflows/reusable_build_packages.yaml

Line 55 in c25ded8

container: centos:7

In addition to being EOL, CentOS 7 uses RPM 4.11.x which uses an old signing method in the RPM binaries it produces which can cause problems when installing Falco in environments with strict security requirements.

Relevant info in the RPM release notes: https://rpm.org/wiki/Releases/4.14.0

It would be great if the pipeline could be updated to some current RPM-based distro (no strong opinions on the specific distro as long as it contains RPM >= 4.14.x which uses the modern signing method).

Thanks! 🙏
@johananl
Copy link
Contributor Author

johananl commented Jul 2, 2024

/kind release

@FedeDP
Copy link
Contributor

FedeDP commented Jul 3, 2024
edited
Loading

Hi! Thanks for opening this issue! I totally agree, we need to get rid of centos:7. At the same time, we really care and need the oldest possible glibc version (and moving to something newer could break usage for people on old glibc versions).
We need to dig into this to find a non-breaking alternative.
cc @falcosecurity/falco-maintainers

@FedeDP
Copy link
Contributor

FedeDP commented Jul 4, 2024

/milestone 0.39.0
We need to fix this ASAP because it is breaking our CI builds.

@poiana poiana added this to the 0.39.0 milestone Jul 4, 2024
@FedeDP FedeDP mentioned this issue Jul 4, 2024
Merged
@FedeDP
Copy link
Contributor

FedeDP commented Jul 4, 2024

So, centos7 used glibc 2.17; ubuntu 18.04 uses glibc 2.27, ubuntu 16.04 uses glibc 2.23.

@FedeDP FedeDP mentioned this issue Jul 4, 2024
Merged
@FedeDP
Copy link
Contributor

FedeDP commented Jul 15, 2024

For now, we switched to use vault.centos.org mirrors to keep centos7 CI running.
We need to figure out either a glibc bump or something else.

@FedeDP
Copy link
Contributor

FedeDP commented Sep 4, 2024

A Better solution is being developed in #3307 .
/milestone 0.40.0

@poiana poiana modified the milestones: 0.39.0, 0.40.0 Sep 4, 2024
@FedeDP FedeDP linked a pull request Sep 23, 2024 that will close this issue
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/release
Projects
None yet
Milestone
0.40.0
Development

Successfully merging a pull request may close this issue.

new(ci): use zig compiler instead of relying on centos7. falcosecurity/falco
3 participants
@FedeDP @johananl @poiana