Skip to content

Fix missed alpine version #19667

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Fix missed alpine version #19667

wants to merge 3 commits into from

Conversation

lunny
Copy link
Member

@lunny lunny commented May 10, 2022

No description provided.

@lunny lunny added the topic/build PR changes how Gitea is built, i.e. regarding Docker or the Makefile label May 10, 2022
@lunny lunny added this to the 1.16.8 milestone May 10, 2022
@silverwind
Copy link
Member

Wasn't the alpine bump meant for 1.17 only because of breaking changes related to older versions of the docker daemon? In any case, Dockerfile.rootless also would need to be handled.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 10, 2022
@lunny
Copy link
Member Author

lunny commented May 10, 2022

Wasn't the alpine bump meant for 1.17 only because of breaking changes related to older versions of the docker daemon? In any case, Dockerfile.rootless also would need to be handled.

Did you mean the minial golang version to compile Gitea? It's still go1.17 but unrelated with this change to docker building.

@silverwind
Copy link
Member

No, see discussion in #18050. Alpine 3.15 is breaking because it requires docker engine > 20.10.6.

lafriks
lafriks previously approved these changes May 10, 2022
View reviewed changes
@lafriks lafriks dismissed their stale review May 10, 2022 13:07

I don't think this can be backported

@lunny
Copy link
Member Author

lunny commented May 10, 2022

No, see discussion in #18050. Alpine 3.15 is breaking because it requires docker engine > 20.10.6.

We need a decision. Building a possible non-security image or ask user upgrade their docker version.

@techknowlogick techknowlogick added the pr/breaking Merging this PR means builds will break. Needs a description what exactly breaks, and how to fix it! label May 10, 2022
6543
6543 approved these changes May 10, 2022
View reviewed changes
Copy link
Member

@6543 6543 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm for forcing them to upgrade - or they can also run a total insecure setup as a whole ...

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels May 10, 2022
@6543
Copy link
Member

6543 commented May 10, 2022

tldr: why should we force users to use an insecure base image either?

@techknowlogick
Copy link
Member

tldr: why should we force users to use an insecure base image either?

We don't Alpine 3.13 is not EOL https://endoflife.date/alpine

@6543
Copy link
Member

6543 commented May 10, 2022

@lunny shouldn't we target main instead ?!?

@techknowlogick
Copy link
Member

@lunny shouldn't we target main instead ?!?

main already uses 3.15. We held off updating until 1.17 because when we tried with 1.16 many people had issues and had to revert.

6543
6543 requested changes May 10, 2022
View reviewed changes
Copy link
Member

@6543 6543 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that would require a majour version bump ... - and the next majour release is not too far away

@techknowlogick
Copy link
Member

I think an alternative would be to apk install the specific packages that need to be upgraded from a later version of alpine.

@silverwind
Copy link
Member

I think an alternative would be to apk install the specific packages that need to be upgraded from a later version of alpine.

Normally, distro vendors would backport security fixes so this should not be necessary. Or is this not the case for Alpine?

@6543
Copy link
Member

6543 commented May 11, 2022

@silverwind they mean EOL as it sounds https://alpinelinux.org/releases/

so sec issues are backported but it's mostly relay on the package maintainers & asap it's eol they wont get merged

@lunny
Copy link
Member Author

lunny commented May 12, 2022

@silverwind they mean EOL as it sounds https://alpinelinux.org/releases/

so sec issues are backported but it's mostly relay on the package maintainers & asap it's eol they wont get merged

Looks like it's 2022-11-01. So let's wait.

@6543 6543 modified the milestones: 1.16.8, 1.16.9 May 16, 2022
@lunny lunny closed this Jun 4, 2022
@lunny lunny removed this from the 1.16.9 milestone Jun 4, 2022
@lunny
Copy link
Member Author

lunny commented Jun 4, 2022

replaced by #19876

@lunny lunny deleted the lunny/upgrade_alpine_version branch June 4, 2022 02:50
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@6543 6543 6543 requested changes

@lafriks lafriks lafriks left review comments

Assignees
No one assigned
Labels
lgtm/need 1 This PR needs approval from one additional maintainer to be merged. pr/breaking Merging this PR means builds will break. Needs a description what exactly breaks, and how to fix it! topic/build PR changes how Gitea is built, i.e. regarding Docker or the Makefile
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@lunny @silverwind @6543 @techknowlogick @lafriks @GiteaBot