From 2881ff620bec08f87501ac9b4a65fe2e7bdc9a48 Mon Sep 17 00:00:00 2001 From: Christian Kreibich Date: Tue, 12 Nov 2024 14:57:01 -0800 Subject: [PATCH 1/4] CI: drop Fedora 39, add 41 --- .cirrus.yml | 14 +++++++------- ci/{fedora-39 => fedora-41}/Dockerfile | 4 ++-- 2 files changed, 9 insertions(+), 9 deletions(-) rename ci/{fedora-39 => fedora-41}/Dockerfile (92%) diff --git a/.cirrus.yml b/.cirrus.yml index 7bc8317577..b861960c2d 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -174,19 +174,19 @@ env: # Linux EOL timelines: https://linuxlifecycle.com/ # Fedora (~13 months): https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle +fedora41_task: + container: + # Fedora 41 EOL: Around Nov 2025 + dockerfile: ci/fedora-41/Dockerfile + << : *RESOURCES_TEMPLATE + << : *CI_TEMPLATE + fedora40_task: container: # Fedora 40 EOL: Around May 2025 dockerfile: ci/fedora-40/Dockerfile << : *RESOURCES_TEMPLATE << : *CI_TEMPLATE - -fedora39_task: - container: - # Fedora 39 EOL: Around Nov 2024 - dockerfile: ci/fedora-39/Dockerfile - << : *RESOURCES_TEMPLATE - << : *CI_TEMPLATE << : *SKIP_TASK_ON_PR centosstream9_task: diff --git a/ci/fedora-39/Dockerfile b/ci/fedora-41/Dockerfile similarity index 92% rename from ci/fedora-39/Dockerfile rename to ci/fedora-41/Dockerfile index 4daaa89308..54a3f8a463 100644 --- a/ci/fedora-39/Dockerfile +++ b/ci/fedora-41/Dockerfile @@ -1,8 +1,8 @@ -FROM fedora:39 +FROM fedora:41 # A version field to invalidate Cirrus's build cache when needed, as suggested in # https://github.com/cirruslabs/cirrus-ci-docs/issues/544#issuecomment-566066822 -ENV DOCKERFILE_VERSION 20231208 +ENV DOCKERFILE_VERSION 20241112 RUN dnf -y install \ bison \ From 62e8c49e66589b3e9c113b2b33f01bb21928828d Mon Sep 17 00:00:00 2001 From: Christian Kreibich Date: Tue, 12 Nov 2024 15:32:16 -0800 Subject: [PATCH 2/4] CI: bump FreeBSD 13 to 13.4, released in September --- .cirrus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index b861960c2d..9bc4cb0757 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -387,7 +387,7 @@ freebsd14_task: freebsd13_task: freebsd_instance: # FreeBSD 13 EOL: January 31, 2026 - image_family: freebsd-13-3 + image_family: freebsd-13-4 << : *FREEBSD_RESOURCES_TEMPLATE prepare_script: ./ci/freebsd/prepare.sh From 6c7f2e62f20513cbd87bebc8b99129075924d7fc Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Wed, 13 Nov 2024 13:43:09 +0100 Subject: [PATCH 3/4] Bump zeekjs to 0.13.0 c0dd7bb README: Add note about supported versions da69053 ci: Bump to Fedora 40 43f69bd Nodejs/Types: Make compatible with v22.11.0 8a70a21 ci: Fix nightly job --- auxil/zeekjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auxil/zeekjs b/auxil/zeekjs index acae06c60c..805a4663f9 160000 --- a/auxil/zeekjs +++ b/auxil/zeekjs @@ -1 +1 @@ -Subproject commit acae06c60c4631892c5b497557c5e12283e4218f +Subproject commit 805a4663f9326726d179f6af15a592ab4d9c2952 From 09d6be7f68958901661596b4aa81613ef4180a01 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 13 Nov 2024 16:51:51 +0000 Subject: [PATCH 4/4] CI: Use FEDORA40 crypto policy in Fedora 41 Fedora 41 distrusts SHA-1 signatures by default. Switching to this policy is Fedora's recommended way of re-enabling support for at least the next several releases. A few references: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer https://fedoraproject.org/wiki/SHA1SignaturesGuidance https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9 --- ci/fedora-41/Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ci/fedora-41/Dockerfile b/ci/fedora-41/Dockerfile index 54a3f8a463..7551a2739f 100644 --- a/ci/fedora-41/Dockerfile +++ b/ci/fedora-41/Dockerfile @@ -28,6 +28,11 @@ RUN dnf -y install \ swig \ which \ zlib-devel \ + crypto-policies-scripts \ && dnf clean all && rm -rf /var/cache/dnf RUN pip3 install websockets junit2html + +# Required to allow validation of certificates with SHA1 signatures +# See: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer +RUN update-crypto-policies --set FEDORA40