From patchwork Wed Feb 15 12:02:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anthony PERARD X-Patchwork-Id: 13141573 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C40BCC636D4 for ; Wed, 15 Feb 2023 12:02:45 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.495902.766331 (Exim 4.92) (envelope-from ) id 1pSGUR-0002vh-Qd; Wed, 15 Feb 2023 12:02:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 495902.766331; Wed, 15 Feb 2023 12:02:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pSGUR-0002va-Mc; Wed, 15 Feb 2023 12:02:23 +0000 Received: by outflank-mailman (input) for mailman id 495902; Wed, 15 Feb 2023 12:02:22 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pSGUQ-0002d9-L5 for xen-devel@lists.xenproject.org; Wed, 15 Feb 2023 12:02:22 +0000 Received: from esa3.hc3370-68.iphmx.com (esa3.hc3370-68.iphmx.com [216.71.145.155]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 98d2f2df-ad28-11ed-933c-83870f6b2ba8; Wed, 15 Feb 2023 13:02:21 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 98d2f2df-ad28-11ed-933c-83870f6b2ba8 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1676462540; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=/vUeHriTwM3BI+2QtwE/fpQP34e1Nzdh1FIIl05etc8=; b=J4IDjLsUke/lWqjB3gfIFnP8o92FRD50FNO97HFmN/0XLe0QOfwr+Dbw 6heBDkwOFpmAhgQU70SIN8s27TCvwcIHA2V30ENXark2Z1zlEJkQQcFkh V5749cSss9cu1Dmm+odtLEV6rtHr8QZ6YB7GqIgY4hc+klFcfY8mV19NO M=; Authentication-Results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 97137984 X-Ironport-Server: esa3.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:7YfmxaxGpqvggbq2ozh6t+cZxirEfRIJ4+MujC+fZmUNrF6WrkUEx zYeDz2APv+KNGL8f9lyaYq+oB5SvJOHmNdjGwdtqiAxQypGp/SeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUFUjP3OHfykTrafYEidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw//F+UwHUMja4mtC5QRkPK0T5TcyqlFOZH4hDfDpR5fHatE88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ai87XAME0e0ZP4whlqvgqo Dl7WT5cfi9yVkHEsLx1vxC1iEiSN4UekFPMCSDXXcB+UyQq2pYjqhljJBheAGEWxgp4KU1nr dFbEW4SVE+G2t+Sn5GDb/lcuf12eaEHPKtH0p1h5TTQDPJgSpHfWaTao9Rf2V/chOgXQ6yYP ZBAL2MyMlKZOUYn1lQ/UfrSmM+hgGX/dDtJ7kqYv6Mt70DYzRBr0airO93QEjCPbZQKxx3H9 zKal4j/KkAWKoaW5jOlzkit2s7KrwzJeoAZToTto5aGh3XMnzdOWXX6T2CTsfS/z0KzRd9bA 0gV4TY167g/8lSxSdvwVAH+p2SL1jYXUsBcFOAS4wiXxq3ZpQ2eAwAsVSVdYdYrsMs3Qz0C1 VKTmd7tQzt1v9WopWm1r+nO62noYG5McDFEPHVfJecY3zX9iK0a1j+Md4h8KvGw0+DRRhLI5 iC6kxFr0t3/kvU3/6m8+FnGhRelqZ7IUhM5623rY4610u9qTNX7PtL1sDA3+d4Fdd/EFQfZ4 BDojuDEtIgz4YexeDthqQnnNJWg/L67PTLVmjaD9LFxpm32qxZPkW29iQySxXuF0O5eIlcFg 2eJ42u9AaO/2lPwNcebhKrvY/nGNYC6SbzYugn8N7KimKRZeg6d5z1JbkWNxW3rm0VEufhhZ snAIJfyVydAWf4PIN+KqwE1i+dDKscWnz67eHwG507/jer2iIC9F9/pz2dinshmtfjZ8W05A v5UNteQygU3bQENSnC/zGLnFnhTdSJTLcmv+6RqmhurflIO9JcJV6WAntvMuuVNw8xoqws/1 i3lBRUCkgCi3iWvxMfjQikLVY4DlK1X9RoTVRHA937xgBDPva7HAH8jSqYK IronPort-HdrOrdr: A9a23:waCHuqMuh0iMt8BcTv2jsMiBIKoaSvp037BL7SxMoHluGaalfq +V7ZcmPGDP+U4ssR0b+OxoQZPwJ080lqQb3WByB8bBYOC8ghrNEGgK1+KLrgEIfReOk9K1vZ 0QFJSWY+efMbEVt6bHCFvSKadY/OW6 X-IronPort-AV: E=Sophos;i="5.97,299,1669093200"; d="scan'208";a="97137984" From: Anthony PERARD To: CC: Anthony PERARD , Doug Goldstein , Stefano Stabellini Subject: [XEN PATCH 1/4] automation: Remove clang-8 from Debian unstable container Date: Wed, 15 Feb 2023 12:02:05 +0000 Message-ID: <20230215120208.35807-2-anthony.perard@citrix.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230215120208.35807-1-anthony.perard@citrix.com> References: <20230215120208.35807-1-anthony.perard@citrix.com> MIME-Version: 1.0 First, apt complain that it isn't the right way to add keys anymore, but hopefully that's just a warning. Second, we can't install clang-8: The following packages have unmet dependencies: clang-8 : Depends: libstdc++-8-dev but it is not installable Depends: libgcc-8-dev but it is not installable Depends: libobjc-8-dev but it is not installable Recommends: llvm-8-dev but it is not going to be installed Recommends: libomp-8-dev but it is not going to be installed libllvm8 : Depends: libffi7 (>= 3.3~20180313) but it is not installable E: Unable to correct problems, you have held broken packages. clang on Debian unstable is now version 14.0.6. Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- Current container have: root@f3d1fc4f58c7:/build# clang --version clang version 8.0.1- (branches/release_80) root@113cb5730b2a:/build# clang-8 --version clang version 8.0.1- (branches/release_80) (built about 3years ago) --- automation/build/debian/unstable-llvm-8.list | 3 --- automation/build/debian/unstable.dockerfile | 12 ------------ automation/gitlab-ci/build.yaml | 10 ---------- 3 files changed, 25 deletions(-) delete mode 100644 automation/build/debian/unstable-llvm-8.list diff --git a/automation/build/debian/unstable-llvm-8.list b/automation/build/debian/unstable-llvm-8.list deleted file mode 100644 index dc119fa0b4..0000000000 --- a/automation/build/debian/unstable-llvm-8.list +++ /dev/null @@ -1,3 +0,0 @@ -# Unstable LLVM 8 repos -deb http://apt.llvm.org/unstable/ llvm-toolchain-8 main -deb-src http://apt.llvm.org/unstable/ llvm-toolchain-8 main diff --git a/automation/build/debian/unstable.dockerfile b/automation/build/debian/unstable.dockerfile index 9de766d596..b560337b7a 100644 --- a/automation/build/debian/unstable.dockerfile +++ b/automation/build/debian/unstable.dockerfile @@ -51,15 +51,3 @@ RUN apt-get update && \ apt-get autoremove -y && \ apt-get clean && \ rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* - -RUN wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key|apt-key add - -COPY unstable-llvm-8.list /etc/apt/sources.list.d/ - -RUN apt-get update && \ - apt-get --quiet --yes install \ - clang-8 \ - lld-8 \ - && \ - apt-get autoremove -y && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index a053c5c732..7d8af93653 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -339,16 +339,6 @@ debian-unstable-clang-debug: variables: CONTAINER: debian:unstable -debian-unstable-clang-8: - extends: .clang-8-x86-64-build - variables: - CONTAINER: debian:unstable - -debian-unstable-clang-8-debug: - extends: .clang-8-x86-64-build-debug - variables: - CONTAINER: debian:unstable - debian-unstable-gcc: extends: .gcc-x86-64-build variables: From patchwork Wed Feb 15 12:02:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anthony PERARD X-Patchwork-Id: 13141579 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4DBAEC636CC for ; Wed, 15 Feb 2023 12:09:17 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.495922.766363 (Exim 4.92) (envelope-from ) id 1pSGax-000515-UK; Wed, 15 Feb 2023 12:09:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 495922.766363; Wed, 15 Feb 2023 12:09:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pSGax-00050y-RQ; Wed, 15 Feb 2023 12:09:07 +0000 Received: by outflank-mailman (input) for mailman id 495922; Wed, 15 Feb 2023 12:09:06 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pSGUg-0002d9-A9 for xen-devel@lists.xenproject.org; Wed, 15 Feb 2023 12:02:38 +0000 Received: from esa4.hc3370-68.iphmx.com (esa4.hc3370-68.iphmx.com [216.71.155.144]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id a27f1be6-ad28-11ed-933c-83870f6b2ba8; Wed, 15 Feb 2023 13:02:37 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a27f1be6-ad28-11ed-933c-83870f6b2ba8 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1676462556; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=IenDCD+TXqlMxzZ7mL5x9hvul10g7klkJWhyIR23RNo=; b=ZUS98OAzysmPlnhokVDH4/ZqvkY8RctRZly72nr5kox8EsECo/Teglns T8nl+ezd5s9Y+4/hD4LJETlof5tyepqqvYjHM17+o2RPYZAGaJpPK6pxE 42h9ddl1lrSvqlAameFrw1VxztMhzhawi8hIfa3k0mSjOYsp5eH0VRrbL I=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 99550725 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:CmlkTKmkNiXIi6jGITPgWGPo5gyuJkRdPkR7XQ2eYbSJt1+Wr1Gzt xIYDzqBafjfNzfxe9F1YdvnpE4Ov5PSm9BnTQpq/CkwHyMWpZLJC+rCIxarNUt+DCFhoGFPt JxCN4aafKjYaleG+39B55C49SEUOZmgH+a6U6icfHgqH2eIcQ954Tp7gek1n4V0ttawBgKJq LvartbWfVSowFaYCEpNg064gE4p7auaVA8w5ARkPqgR5QKGzhH5MbpETU2PByqgKmVrNrbSq 9brlNmR4m7f9hExPdKp+p6TnpoiG+O60aCm0xK6aoD66vRwjnVaPpUTbZLwXXx/mTSR9+2d/ f0W3XCGpaXFCYWX8AgVe0Ew/yiTpsSq8pefSZS0mZT7I0Er7xIAahihZa07FdRwxwp5PY1B3 e48OW8OakG8vcCV8uykVORog/QcffC+aevzulk4pd3YJfMvQJSFSKTW/95Imjw3g6iiH96HO ZBfM2A2Kk2dPVsWYAx/5JEWxY9EglH2dSFYr1SE47I6+WHJwCR60aT3McqTcduPLSlQthfJ+ z+eoD6kav0cHMyz9DmGw1H2vc6MnA/FSo0UEpCS+dc/1TV/wURMUUZLBDNXu8KRmkO4Ht5SN UEQ0i4vtrQpslymSMHnWB+1q2LCuQQTM/JbGvc27wylwaPO7wGUQGMDS1Zpc8c6vcU7QTgr0 F6hnN7zAzFr9rqPRhqgGqy89G3of3JPdClbOHFCFFFeizX+nG0tpgDrX4lgFP+KtP/WK2/v3 T2OqRgB1oxG2KbnyJ6H1VzAhjutoL3AQQg0+hjbUwqZ0+9pWGK2T9f2sAaGtJ6sOK7cFwDc5 yZcx6By+chUVfmweDqxrPLh9V1Dz9KMK3XijFFmBPHNHBz9qif4Lei8DNyTTXqF0/romxezO yc/WisLvve/2UdGi4ctO+pd7Ox0pZUM7fy/CpjpgiNmO/CdjjOv8iB0flK31GvwikUqmqxXE c7FLpj3XCdEU/U9nGDeqwIhPVkDnHhWKYT7H82T8vha+eDGOC79pUktbjNikdzVHIvb+V6Io r6zxuOByglFUf2WX8Uk2dd7ELz+FlBiXcqeg5UOJoa+zv9ORDlJ5wn5nelwJOSIXs19yo/1w 51KchMAlwCl3yeacl3ih7IKQOqHYKuTZEkTZUQEVWtEEVB8CWpzxM/zr6cKQIQ= IronPort-HdrOrdr: A9a23:it5cVaugjlEjrtnGAkHrLI4m7skDSdV00zEX/kB9WHVpmwKj5r mTdZUgpGfJYVMqMk3I9urwXZVoLUmsl6KdpLNhXotKPzOGhILLFvAH0WKK+VSJcBEWtNQ86U 4KSdkYNDSfNykdsS842mWF+hQbreVvPJrGuQ4W9RlQcT0= X-IronPort-AV: E=Sophos;i="5.97,299,1669093200"; d="scan'208";a="99550725" From: Anthony PERARD To: CC: Anthony PERARD , Doug Goldstein , Stefano Stabellini Subject: [XEN PATCH 2/4] automation: Ignore package authentification issue in Jessie container Date: Wed, 15 Feb 2023 12:02:06 +0000 Message-ID: <20230215120208.35807-3-anthony.perard@citrix.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230215120208.35807-1-anthony.perard@citrix.com> References: <20230215120208.35807-1-anthony.perard@citrix.com> MIME-Version: 1.0 We can't easily install package on Debian Jessie anymore, the release keys seems to have expired without a way to get new ones. We have these warning: W: GPG error: http://deb.debian.org jessie-updates InRelease: The following signatures were invalid: KEYEXPIRED 1668891673 W: GPG error: http://deb.debian.org jessie Release: The following signatures were invalid: KEYEXPIRED 1668891673 So, from now on, ignore the warning and force the installation of packages that can't be authenticated. Signed-off-by: Anthony PERARD --- Or, we could just not test on Jessie anymore. --- automation/build/debian/jessie-i386.dockerfile | 2 ++ automation/build/debian/jessie.dockerfile | 2 ++ 2 files changed, 4 insertions(+) diff --git a/automation/build/debian/jessie-i386.dockerfile b/automation/build/debian/jessie-i386.dockerfile index 3f86d91f63..c617b6fbfb 100644 --- a/automation/build/debian/jessie-i386.dockerfile +++ b/automation/build/debian/jessie-i386.dockerfile @@ -13,6 +13,8 @@ ENTRYPOINT ["linux32"] # build depends RUN apt-get update && \ apt-get --quiet --yes install \ + # WARNING! Force installation to ignore expired release key + --force-yes \ build-essential \ zlib1g-dev \ libncurses5-dev \ diff --git a/automation/build/debian/jessie.dockerfile b/automation/build/debian/jessie.dockerfile index 2f19adcad3..8918b26d75 100644 --- a/automation/build/debian/jessie.dockerfile +++ b/automation/build/debian/jessie.dockerfile @@ -11,6 +11,8 @@ WORKDIR /build # build depends RUN apt-get update && \ apt-get --quiet --yes install \ + # WARNING! Force installation to ignore expired release key + --force-yes \ build-essential \ zlib1g-dev \ libncurses5-dev \ From patchwork Wed Feb 15 12:02:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anthony PERARD X-Patchwork-Id: 13141581 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 12C13C636D4 for ; Wed, 15 Feb 2023 12:09:21 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.495925.766386 (Exim 4.92) (envelope-from ) id 1pSGb4-0005gO-L7; Wed, 15 Feb 2023 12:09:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 495925.766386; Wed, 15 Feb 2023 12:09:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pSGb4-0005gG-HT; Wed, 15 Feb 2023 12:09:14 +0000 Received: by outflank-mailman (input) for mailman id 495925; Wed, 15 Feb 2023 12:09:13 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pSGUh-0002d9-F0 for xen-devel@lists.xenproject.org; Wed, 15 Feb 2023 12:02:39 +0000 Received: from esa4.hc3370-68.iphmx.com (esa4.hc3370-68.iphmx.com [216.71.155.144]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id a42d2439-ad28-11ed-933c-83870f6b2ba8; Wed, 15 Feb 2023 13:02:38 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a42d2439-ad28-11ed-933c-83870f6b2ba8 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1676462558; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=9wHKZykfWSUq/3k4JKcCvIqxoN2TE4/5/U+7meTLwCo=; b=D2Ear6LoM6CSGkmM0X13I28VizObGgCincD71eZTYGlXU+pmCGw6MVZX 4nqK+d+l235PSVL67NmTFPMyFsmTTc6tD9trBZRDNO/ISrNSd+XGq3gXX sYGwhiSgX0w48Mi5qgHq3RlDz/TMI9s0Z/9ar0/iyKPf7IChM7RxlJbhm 4=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 99550726 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:VNORwa6eaakAH5J93igsWwxRtBfHchMFZxGqfqrLsTDasY5as4F+v jBOXDqGPauINmTxKNlzPoi0pxwPsZ7QyYU1SgFl/HphHi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraCYnsrLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+45wehBtC5gZlPaoS4QeH/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m5 9gJdzMJPy+5pcGEnq2lR+1ptvtyFZy+VG8fkikIITDxCP8nRdbIQrnQ5M8e1zA17ixMNa+AP YxDM2MpNUmeJUQVYT/7C7pn9AusrnD5bz1frkPTvact6nLf5AdwzKLsIJzefdniqcB9zxfF+ zqZpTqR7hcyEf+E4xyM6nWQpebNuXn6QYQwD7m936s/6LGU7jNKU0BHPbehmtGph0j7V99BJ kg8/is1sbN05EGtVsP6XRCzvDiDpBF0c9FZCeE95SmGw7DY5AvfDW8BJhZac8AvvsIyQT0s1 3eKksnvCDgpt6eaIU9x7Z/N82n0Y3JMazZfO2ldF1BtD8TfTJ8bnDbeEdVnQZGPrP7HRy7uz jSPnBdvvuBG5SIU7JmT8VfCijOqg5HGSA8p+wnaNl6YAhNFiJ2NPNLxtwWChRpUBMPAFwTa4 iBY8ySLxLpWZaxhghBhVwnk8FuBw/+eeAPRjld0d3XK32T8oiXzFWy8DdwXGauIDirmUWWyC KMwkVkLjHO2AJdMRfUvC25WI5pC8EQYPY65Ps04l/IXCnSLSCeJ/Tt1eWmb1H33nU4nnMkXY MnEL539XChAWP43llJaotvxN5dxnkjSIkuJGPjGI+mPi+LCNBZ5t59bWLdxUgzJxPzd+1iEm zquH8CL1w9eQIXDjtr/qOYuwaQxBSFjX/je8pUHHtNv1yI6QAnN/deNm+J+E2Gk9owJ/tr1E oaVBhcHkgCl3yCccW1nqBlLMdvSYHq2llpjVQREALpi8ydLjVqHhEvHS6YKQA== IronPort-HdrOrdr: A9a23:p1uNsq+0eO/YHcYejrxuk+DnI+orL9Y04lQ7vn2ZhyYlC/Bw9v re5MjzsCWftN9/YgBEpTntAtjjfZqYz+8X3WBzB9aftWvdyQ+VxehZhOOI/9SjIU3DH4VmpM BdmsZFebvN5JtB4foSIjPULz/t+ra6GWmT69vj8w== X-IronPort-AV: E=Sophos;i="5.97,299,1669093200"; d="scan'208";a="99550726" From: Anthony PERARD To: CC: Anthony PERARD , Doug Goldstein , Stefano Stabellini Subject: [XEN PATCH 3/4] automation: Remove expired root certificates used to be used by let's encrypt Date: Wed, 15 Feb 2023 12:02:07 +0000 Message-ID: <20230215120208.35807-4-anthony.perard@citrix.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230215120208.35807-1-anthony.perard@citrix.com> References: <20230215120208.35807-1-anthony.perard@citrix.com> MIME-Version: 1.0 While the Let's Encrypt root certificate ISRG_Root_X1.crt is already present, openssl seems to still check for the root certificate DST_Root_CA_X3.crt which has expired. This prevent https connections. Removing DST_Root_CA_X3 fix the issue. centos: found the filter by looking for "DST Root" in `trust list`. Signed-off-by: Anthony PERARD --- automation/build/centos/7.2.dockerfile | 5 +++++ automation/build/centos/7.dockerfile | 5 +++++ automation/build/debian/jessie-i386.dockerfile | 5 +++++ automation/build/debian/jessie.dockerfile | 5 +++++ automation/build/ubuntu/trusty.dockerfile | 5 +++++ 5 files changed, 25 insertions(+) diff --git a/automation/build/centos/7.2.dockerfile b/automation/build/centos/7.2.dockerfile index 4baa097e31..27244fd002 100644 --- a/automation/build/centos/7.2.dockerfile +++ b/automation/build/centos/7.2.dockerfile @@ -50,3 +50,8 @@ RUN rpm --rebuilddb && \ bzip2 \ nasm \ && yum clean all + +# Remove expired certificate that Let's Encrypt certificates used to relie on. +# (Not needed anymore) +RUN trust extract --filter=pkcs11:id=%c4%a7%b1%a4%7b%2c%71%fa%db%e1%4b%90%75%ff%c4%15%60%85%89%10\;type=cert --format=pem-bundle /etc/pki/ca-trust/source/blacklist/DST_Root_CA_X3.pem && \ + update-ca-trust diff --git a/automation/build/centos/7.dockerfile b/automation/build/centos/7.dockerfile index e688a4cece..b370068e3c 100644 --- a/automation/build/centos/7.dockerfile +++ b/automation/build/centos/7.dockerfile @@ -49,3 +49,8 @@ RUN yum -y install \ nasm \ && yum clean all && \ rm -rf /var/cache/yum + +# Remove expired certificate that Let's Encrypt certificates used to relie on. +# (Not needed anymore) +RUN trust extract --filter=pkcs11:id=%c4%a7%b1%a4%7b%2c%71%fa%db%e1%4b%90%75%ff%c4%15%60%85%89%10\;type=cert --format=pem-bundle /etc/pki/ca-trust/source/blacklist/DST_Root_CA_X3.pem && \ + update-ca-trust diff --git a/automation/build/debian/jessie-i386.dockerfile b/automation/build/debian/jessie-i386.dockerfile index c617b6fbfb..84135230d0 100644 --- a/automation/build/debian/jessie-i386.dockerfile +++ b/automation/build/debian/jessie-i386.dockerfile @@ -51,3 +51,8 @@ RUN apt-get update && \ apt-get autoremove -y && \ apt-get clean && \ rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* + +# Remove expired certificate that Let's Encrypt certificates used to relie on. +# (Not needed anymore) +RUN sed -i '/mozilla\/DST_Root_CA_X3\.crt/d' /etc/ca-certificates.conf && \ + update-ca-certificates diff --git a/automation/build/debian/jessie.dockerfile b/automation/build/debian/jessie.dockerfile index 8918b26d75..d11dd48e17 100644 --- a/automation/build/debian/jessie.dockerfile +++ b/automation/build/debian/jessie.dockerfile @@ -50,3 +50,8 @@ RUN apt-get update && \ apt-get autoremove -y && \ apt-get clean && \ rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* + +# Remove expired certificate that Let's Encrypt certificates used to relie on. +# (Not needed anymore) +RUN sed -i '/mozilla\/DST_Root_CA_X3\.crt/d' /etc/ca-certificates.conf && \ + update-ca-certificates diff --git a/automation/build/ubuntu/trusty.dockerfile b/automation/build/ubuntu/trusty.dockerfile index b4b2f85e73..16d08ca931 100644 --- a/automation/build/ubuntu/trusty.dockerfile +++ b/automation/build/ubuntu/trusty.dockerfile @@ -49,3 +49,8 @@ RUN apt-get update && \ apt-get autoremove -y && \ apt-get clean && \ rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* + +# Remove expired certificate that Let's Encrypt certificates used to relie on. +# (Not needed anymore) +RUN sed -i 's#mozilla/DST_Root_CA_X3\.crt#!\0#' /etc/ca-certificates.conf && \ + update-ca-certificates From patchwork Wed Feb 15 12:02:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anthony PERARD X-Patchwork-Id: 13141580 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 10DCEC636D4 for ; Wed, 15 Feb 2023 12:09:18 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.495923.766369 (Exim 4.92) (envelope-from ) id 1pSGay-00056f-BF; Wed, 15 Feb 2023 12:09:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 495923.766369; Wed, 15 Feb 2023 12:09:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pSGay-00055O-7Y; Wed, 15 Feb 2023 12:09:08 +0000 Received: by outflank-mailman (input) for mailman id 495923; Wed, 15 Feb 2023 12:09:06 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pSGUd-0002d9-9T for xen-devel@lists.xenproject.org; Wed, 15 Feb 2023 12:02:35 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id a0da02ae-ad28-11ed-933c-83870f6b2ba8; Wed, 15 Feb 2023 13:02:34 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a0da02ae-ad28-11ed-933c-83870f6b2ba8 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1676462554; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=CDemkNMh65A0fuGjtYCs3q9uOqRjiot5Fwy4om7WfvI=; b=KbDbqfcLbCIubuR4r090CwnJENhilAihYhhFfcWR504AsEAFtQSvMdHd HlHT9xCsYOTkfteei91/UwBJ2/zV/Vvby1bVG1OMVv/8ObfvfhHVDpGue Eko+24uTh3HshdDqbHzRND2K0mWEr4NSeYGFnIfs8UEyub5WTSj7YwvgM Q=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 95971160 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:Tz0wxKKqjeiC0VDzFE+R/pUlxSXFcZb7ZxGr2PjKsXjdYENSgWYOm mVNWGDUOfbZNmfzfItxPI2z8hsE68TQztdmGQtlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/rOHvykU7Ss1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpJrfPcwP9TlK6q4mhA5AVjPakjUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c4mRjBS6 sY4OQwoQQKTi6WymK+Va8ZF05FLwMnDZOvzu1llxDDdS/0nXYrCU+PB4towMDUY354UW6yEP oxANGQpNU6bC/FMEg5/5JYWleG0hn75YntApUicv6Yf6GnP1g1hlrPqNbI5f/TbGJQKxx/G/ goq+UzDRSxAK/yQ2wGG+1+1vvTugSXKY8UdQejQGvlC3wTImz175ActfUu2p7y1h1CzX/pbK lcI4Ww+oK4q7kupQ9LhGRqirxastRcGV91dO+Yz8g2Kx+zf5APxLnMfUjdLZdgitck3bT8nz FmEm5XuHzMHjVGOYSvDrPHO92r0YHVLazZYPkfoUDfp/fGy59AvkSjvX+pGP7ylgprxQSze4 h+j+X1Wa6ooseYH0KCy/Fbiij2qp4TUQgNd2jg7Tl5J/SsiOtf7OtXABUzzqK8Zcd3HFgXpU G0swZD20QwYMX2aeMVhqs0pFarh2fuKOSa0bbVHT8h4rGTFF5JOkOltDNBCyKVBaJ1sldzBO hW7VeZtCHl7ZiPCgUhfPeqM5zwCl/SIKDgcfqm8giBySpZwbhSb2ypleFSd2Wvg+GB1z/5hY sbKL5z9VyZAYUiC8NZQb71FuVPM7npjrV4/uLihl0j3uVZgTCD9pUg53KumMblisfLsTPT9+ NdDLcqaoyizo8WnChQ7BbU7dAhQRVBiXMCeliCiXrLbSuaQMD17WqC5LHJIU9ANopm5Yc+Up i7nABUClQGn7ZAFQC3TAk1ehHrUdc4XhRoG0eYEZD5EB1BLjV6T0Zoi IronPort-HdrOrdr: A9a23:mOtPrK41eFY8iWwL7QPXwbOBI+orL9Y04lQ7vn2ZhyYlFvBw9v re6MjzsCWe5gr5N0tBpTn+Atj+fZqxz/9ICOoqTMWftXfdyQmVxehZhOOJ/9SKIVycygcy79 YET0B0YOeAc2ST5azBjDVReLwbr+VuP8qT6Nv2/jNVaUVPVokl1gF+D2+gYzhLrMstP+tJKH JZjPA31AZJvB4sH7SG7wI+Lo/+juyOrovifRkFQzY/8WC1/EuVwY+/KQGcwhAdFxhSwbIumF K17zDR1+GYqvSmzR2Z8GfW4/1t6b3c4+oGPtWIls8WbhPzjQqyDb4RIoGqjXQOueSy71Rvqv ngyi1QRPhb2jfqZ2Sophmo4QX6zzo0zHfnxTaj8AHeiP28fis+F81Cwb1UaQHY7U1IhqAA7J 52 X-IronPort-AV: E=Sophos;i="5.97,299,1669093200"; d="scan'208";a="95971160" From: Anthony PERARD To: CC: Anthony PERARD , Doug Goldstein , Stefano Stabellini Subject: [XEN PATCH 4/4] automation: Add more aliases in containerize Date: Wed, 15 Feb 2023 12:02:08 +0000 Message-ID: <20230215120208.35807-5-anthony.perard@citrix.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230215120208.35807-1-anthony.perard@citrix.com> References: <20230215120208.35807-1-anthony.perard@citrix.com> MIME-Version: 1.0 Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- automation/scripts/containerize | 3 +++ 1 file changed, 3 insertions(+) diff --git a/automation/scripts/containerize b/automation/scripts/containerize index 9e508918bf..9b1a302d05 100755 --- a/automation/scripts/containerize +++ b/automation/scripts/containerize @@ -33,9 +33,12 @@ case "_${CONTAINER}" in _fedora) CONTAINER="${BASE}/fedora:29";; _focal) CONTAINER="${BASE}/ubuntu:focal" ;; _jessie) CONTAINER="${BASE}/debian:jessie" ;; + _jessie-i386) CONTAINER="${BASE}/debian:jessie-i386" ;; _stretch|_) CONTAINER="${BASE}/debian:stretch" ;; + _stretch-i386) CONTAINER="${BASE}/debian:stretch-i386" ;; _buster-gcc-ibt) CONTAINER="${BASE}/debian:buster-gcc-ibt" ;; _unstable|_) CONTAINER="${BASE}/debian:unstable" ;; + _unstable-i386) CONTAINER="${BASE}/debian:unstable-i386" ;; _unstable-arm32-gcc) CONTAINER="${BASE}/debian:unstable-arm32-gcc" ;; _unstable-arm64v8) CONTAINER="${BASE}/debian:unstable-arm64v8" ;; _trusty) CONTAINER="${BASE}/ubuntu:trusty" ;;