diff --git a/3.10/alpine/Dockerfile b/3.10/alpine/Dockerfile index 23e2b1b..24343dc 100644 --- a/3.10/alpine/Dockerfile +++ b/3.10/alpine/Dockerfile @@ -24,8 +24,8 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.10 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.10/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.0.9 -ENV OPENSSL_SOURCE_SHA256="eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90" +ENV OPENSSL_VERSION 3.1.1 +ENV OPENSSL_SOURCE_SHA256="b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674" # https://www.openssl.org/community/otc.html ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" diff --git a/3.10/ubuntu/Dockerfile b/3.10/ubuntu/Dockerfile index 4f31812..739d503 100644 --- a/3.10/ubuntu/Dockerfile +++ b/3.10/ubuntu/Dockerfile @@ -6,7 +6,7 @@ # The official Canonical Ubuntu Focal image is ideal from a security perspective, # especially for the enterprises that we, the RabbitMQ team, have to deal with -FROM ubuntu:20.04 as build-base +FROM ubuntu:22.04 as build-base RUN set -eux; \ apt-get update; \ @@ -25,8 +25,8 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.10 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.10/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.0.9 -ENV OPENSSL_SOURCE_SHA256="eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90" +ENV OPENSSL_VERSION 3.1.1 +ENV OPENSSL_SOURCE_SHA256="b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674" # https://www.openssl.org/community/otc.html ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" @@ -161,7 +161,7 @@ RUN set -eux; \ # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' -FROM ubuntu:20.04 +FROM ubuntu:22.04 COPY --from=erlang-builder /usr/local/bin/ /usr/local/bin/ COPY --from=erlang-builder /usr/local/etc/ssl/ /usr/local/etc/ssl/ diff --git a/3.11/alpine/Dockerfile b/3.11/alpine/Dockerfile index 8e8870e..34322c7 100644 --- a/3.11/alpine/Dockerfile +++ b/3.11/alpine/Dockerfile @@ -24,8 +24,8 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.11 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.11/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.0.9 -ENV OPENSSL_SOURCE_SHA256="eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90" +ENV OPENSSL_VERSION 3.1.1 +ENV OPENSSL_SOURCE_SHA256="b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674" # https://www.openssl.org/community/otc.html ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" diff --git a/3.11/ubuntu/Dockerfile b/3.11/ubuntu/Dockerfile index f82b568..0e30506 100644 --- a/3.11/ubuntu/Dockerfile +++ b/3.11/ubuntu/Dockerfile @@ -6,7 +6,7 @@ # The official Canonical Ubuntu Focal image is ideal from a security perspective, # especially for the enterprises that we, the RabbitMQ team, have to deal with -FROM ubuntu:20.04 as build-base +FROM ubuntu:22.04 as build-base RUN set -eux; \ apt-get update; \ @@ -25,8 +25,8 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.11 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.11/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.0.9 -ENV OPENSSL_SOURCE_SHA256="eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90" +ENV OPENSSL_VERSION 3.1.1 +ENV OPENSSL_SOURCE_SHA256="b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674" # https://www.openssl.org/community/otc.html ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" @@ -161,7 +161,7 @@ RUN set -eux; \ # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' -FROM ubuntu:20.04 +FROM ubuntu:22.04 COPY --from=erlang-builder /usr/local/bin/ /usr/local/bin/ COPY --from=erlang-builder /usr/local/etc/ssl/ /usr/local/etc/ssl/ diff --git a/3.12/alpine/Dockerfile b/3.12/alpine/Dockerfile index 9aa6154..2095daa 100644 --- a/3.12/alpine/Dockerfile +++ b/3.12/alpine/Dockerfile @@ -24,8 +24,8 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.12 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.12/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.0.9 -ENV OPENSSL_SOURCE_SHA256="eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90" +ENV OPENSSL_VERSION 3.1.1 +ENV OPENSSL_SOURCE_SHA256="b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674" # https://www.openssl.org/community/otc.html ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" diff --git a/3.12/ubuntu/Dockerfile b/3.12/ubuntu/Dockerfile index db82b5e..3bc5b4c 100644 --- a/3.12/ubuntu/Dockerfile +++ b/3.12/ubuntu/Dockerfile @@ -6,7 +6,7 @@ # The official Canonical Ubuntu Focal image is ideal from a security perspective, # especially for the enterprises that we, the RabbitMQ team, have to deal with -FROM ubuntu:20.04 as build-base +FROM ubuntu:22.04 as build-base RUN set -eux; \ apt-get update; \ @@ -25,8 +25,8 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.12 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.12/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.0.9 -ENV OPENSSL_SOURCE_SHA256="eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90" +ENV OPENSSL_VERSION 3.1.1 +ENV OPENSSL_SOURCE_SHA256="b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674" # https://www.openssl.org/community/otc.html ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" @@ -161,7 +161,7 @@ RUN set -eux; \ # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' -FROM ubuntu:20.04 +FROM ubuntu:22.04 COPY --from=erlang-builder /usr/local/bin/ /usr/local/bin/ COPY --from=erlang-builder /usr/local/etc/ssl/ /usr/local/etc/ssl/ diff --git a/3.9/alpine/Dockerfile b/3.9/alpine/Dockerfile index 5cce76b..d868ef0 100644 --- a/3.9/alpine/Dockerfile +++ b/3.9/alpine/Dockerfile @@ -24,8 +24,8 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.9 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.9/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.0.9 -ENV OPENSSL_SOURCE_SHA256="eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90" +ENV OPENSSL_VERSION 3.1.1 +ENV OPENSSL_SOURCE_SHA256="b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674" # https://www.openssl.org/community/otc.html ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" diff --git a/3.9/ubuntu/Dockerfile b/3.9/ubuntu/Dockerfile index 4d60daa..470c168 100644 --- a/3.9/ubuntu/Dockerfile +++ b/3.9/ubuntu/Dockerfile @@ -6,7 +6,7 @@ # The official Canonical Ubuntu Focal image is ideal from a security perspective, # especially for the enterprises that we, the RabbitMQ team, have to deal with -FROM ubuntu:20.04 as build-base +FROM ubuntu:22.04 as build-base RUN set -eux; \ apt-get update; \ @@ -25,8 +25,8 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.9 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.9/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.0.9 -ENV OPENSSL_SOURCE_SHA256="eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90" +ENV OPENSSL_VERSION 3.1.1 +ENV OPENSSL_SOURCE_SHA256="b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674" # https://www.openssl.org/community/otc.html ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" @@ -161,7 +161,7 @@ RUN set -eux; \ # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' -FROM ubuntu:20.04 +FROM ubuntu:22.04 COPY --from=erlang-builder /usr/local/bin/ /usr/local/bin/ COPY --from=erlang-builder /usr/local/etc/ssl/ /usr/local/etc/ssl/ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 7bbca14..3725599 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,5 +1,5 @@ # Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk! -FROM alpine:3.18 as build-base +FROM alpine:{{ .alpine.version }} as build-base RUN apk add --no-cache \ build-base \ @@ -191,7 +191,7 @@ RUN set -eux; \ # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' -FROM alpine:3.18 +FROM alpine:{{ .alpine.version }} COPY --from=erlang-builder /usr/local/bin/ /usr/local/bin/ COPY --from=erlang-builder /usr/local/etc/ssl/ /usr/local/etc/ssl/ diff --git a/Dockerfile-ubuntu.template b/Dockerfile-ubuntu.template index a133b55..26aa37c 100644 --- a/Dockerfile-ubuntu.template +++ b/Dockerfile-ubuntu.template @@ -1,6 +1,6 @@ # The official Canonical Ubuntu Focal image is ideal from a security perspective, # especially for the enterprises that we, the RabbitMQ team, have to deal with -FROM ubuntu:20.04 as build-base +FROM ubuntu:{{ .ubuntu.version }} as build-base RUN set -eux; \ apt-get update; \ @@ -191,7 +191,7 @@ RUN set -eux; \ # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' -FROM ubuntu:20.04 +FROM ubuntu:{{ .ubuntu.version }} COPY --from=erlang-builder /usr/local/bin/ /usr/local/bin/ COPY --from=erlang-builder /usr/local/etc/ssl/ /usr/local/etc/ssl/ diff --git a/versions.json b/versions.json index 6089ebb..8348cad 100644 --- a/versions.json +++ b/versions.json @@ -1,49 +1,73 @@ { "3.10": { + "alpine": { + "version": "3.18" + }, "openssl": { - "sha256": "eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90", - "version": "3.0.9" + "sha256": "b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674", + "version": "3.1.1" }, "otp": { "sha256": "83a36f3d90deef36adb615bbfb46cd327f0b76b7668e1f7f253fd66b4ae24518", "version": "25.3.2.2" }, + "ubuntu": { + "version": "22.04" + }, "version": "3.10.24" }, "3.10-rc": null, "3.11": { + "alpine": { + "version": "3.18" + }, "openssl": { - "sha256": "eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90", - "version": "3.0.9" + "sha256": "b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674", + "version": "3.1.1" }, "otp": { "sha256": "83a36f3d90deef36adb615bbfb46cd327f0b76b7668e1f7f253fd66b4ae24518", "version": "25.3.2.2" }, + "ubuntu": { + "version": "22.04" + }, "version": "3.11.18" }, "3.11-rc": null, "3.12": { + "alpine": { + "version": "3.18" + }, "openssl": { - "sha256": "eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90", - "version": "3.0.9" + "sha256": "b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674", + "version": "3.1.1" }, "otp": { "sha256": "83a36f3d90deef36adb615bbfb46cd327f0b76b7668e1f7f253fd66b4ae24518", "version": "25.3.2.2" }, + "ubuntu": { + "version": "22.04" + }, "version": "3.12.0" }, "3.12-rc": null, "3.9": { + "alpine": { + "version": "3.18" + }, "openssl": { - "sha256": "eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90", - "version": "3.0.9" + "sha256": "b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674", + "version": "3.1.1" }, "otp": { "sha256": "83a36f3d90deef36adb615bbfb46cd327f0b76b7668e1f7f253fd66b4ae24518", "version": "25.3.2.2" }, + "ubuntu": { + "version": "22.04" + }, "version": "3.9.29" }, "3.9-rc": null diff --git a/versions.sh b/versions.sh index 9af5190..994a477 100755 --- a/versions.sh +++ b/versions.sh @@ -1,6 +1,20 @@ #!/usr/bin/env bash set -Eeuo pipefail +declare -A alpineVersions=( + [3.9]='3.18' + [3.10]='3.18' + [3.11]='3.18' + [3.12]='3.18' +) + +declare -A ubuntuVersions=( + [3.9]='22.04' + [3.10]='22.04' + [3.11]='22.04' + [3.12]='22.04' +) + # https://www.rabbitmq.com/which-erlang.html ("Maximum supported Erlang/OTP") declare -A otpMajors=( [3.9]='25' @@ -12,10 +26,10 @@ declare -A otpMajors=( # https://www.openssl.org/policies/releasestrat.html # https://www.openssl.org/source/ declare -A opensslMajors=( - [3.9]='3.0' - [3.10]='3.0' - [3.11]='3.0' - [3.12]='3.0' + [3.9]='3.1' + [3.10]='3.1' + [3.11]='3.1' + [3.12]='3.1' ) cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" @@ -130,7 +144,13 @@ for version in "${versions[@]}"; do # OpenSSL 3.0.5's sha256 file starts with a single space 😬 opensslSourceSha256="${opensslSourceSha256# }" - echo "$version: $fullVersion (otp $otpVersion, openssl $opensslVersion)" + alpineVersion="${alpineVersions[$rcVersion]}" + export alpineVersion + + ubuntuVersion="${ubuntuVersions[$rcVersion]}" + export ubuntuVersion + + echo "$version: $fullVersion (otp $otpVersion, openssl $opensslVersion, alpine, $alpineVersion, ubuntu $ubuntuVersion)" json="$( jq <<<"$json" -c ' @@ -144,6 +164,12 @@ for version in "${versions[@]}"; do version: env.otpVersion, sha256: env.otpSourceSha256, }, + alpine: { + version: env.alpineVersion + }, + ubuntu: { + version: env.ubuntuVersion + }, } ' )"