Attending:
- Mark Waite
- Kevin Martens
- Bruno Verachten
- Kenneth Salerno
- Damien Duportal
- Peter Balda
- Sam (Jiakuang He)
Agenda:
- Open Action Items:
- Ppc64le: Bruno Verachten will get in touch with the security team to discuss getting ppc64le back to the Jenkins docker controller image => done, no feedback for the time being
- Wadeck and Damien will have a discussion about images and security tomorrow
- Docker Images
- Container image deprecation for the blue ocean container (jenkinsci:blueocean)
- https://hub.docker.com/r/jenkins/blueocean - no tags
- Docker - has
- Need to announce the deprecation of the image
- Update the page on Dockerhub
- Add to a Jenkins LTS changelog or upgrade guide?
- Add a disclaimer to one or more pages on www.jenkins.io?
- Update the 2017 Blue Ocean blog post with deprecation notice?
- Find a way to communicate the deprecation to users and admins
- Jenkins administrative monitor that checks for specific container content?
- Report it on it regularly in Platform SIG meetings
- Create an issue that proposes the deprecation and the needed steps => Mark Waite?
- Container image deprecation for the blue ocean container (jenkinsci:blueocean)
- Ppc64le: Bruno Verachten will get in touch with the security team to discuss getting ppc64le back to the Jenkins docker controller image => done, no feedback for the time being
- Ongoing:
- Jenkins 2.397 and 2.387.2: new Linux repository signing keys
- Why? Intentionally configured the PGP key to expire, because it’s dangerous to keep it forever. Damien Duportal then created a new key.
- Great article by Mark Waite
- Anything to do for Jenkins Docker installation? I guess not? Will we see new versions of the controller with the right key installed?
- Key not required for container installations
- We manage the service ourselves in container, no systemd
- Docker end of OSS images (Docker announcement with later changes)
- Old jenkinsci handle may go away as not protected by OSS organization
- Jenkins4Eval may go, as it is dangerous and not really needed
- Very niche use
- See the Jenkins infra ticket for details
- Ppc64le: nice progress. Thank you so much for your contribution Kenneth!
- Alpine aarch64 images issue
- Temurin needs help
- Asked informally to Scaleway for arm32 & aarch64 machines
- Digicert code signing for MSI installer and jar file
- Windows users expect their installers to be signed/secured (because of malwares and so on). Certificate expires a few days from now. Next week’s LTS may not be signed because we did not get the certificate yet.
Hope is a good thing to have, it may still work on time.
- Windows users expect their installers to be signed/secured (because of malwares and so on). Certificate expires a few days from now. Next week’s LTS may not be signed because we did not get the certificate yet.
- Jenkins 2.397 and 2.387.2: new Linux repository signing keys
- What’s done?
- Latest updates on the agent images:
- Ssh-agent release 4.13.0
- chore(deps): bump debian from bullseye-20230227 to bullseye-20230320 in /8/11/17bullseye (#222) @dependabot
- Docker-agent release 3107.v665000b_51092-6
- chore(deps): bump archlinux from base-20230226 to base-20230319.0.135218 in /11/archlinux (#393) @dependabot
- chore(deps): bump debian from bullseye-20230227 to bullseye-20230320 in /11/17/bullseye (#394) @dependabot
-
Releases · jenkinsci/docker · GitHub
- It has been like that forever, but the process is a script that will check 3 versions, parses the docker bake, and if it’s not published it will build and publish all the images.
- 10% less cases will lead to rebuild all the images of the 3 past versions
- Shell script that does not work for Windows
- A JEP (and help) would be welcome: defining a new versioning scheme that would use a package number
- Ssh-agent release 4.13.0
- Latest updates on the agent images: