New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Latest alpine image uses unsupported JRE #1690
Comments
|
Reproduced. |
Config looks right, if I build locally and do:
It works just fine I can't see what's causing this. Trusted.ci build logs also look fine cc @dduportal What is suspicious is that it says:
but it was actually built 3 days ago |
https://hub.docker.com/repository/docker/jenkins/jenkins/activity Where are these coming from? |
I wonder if we just change the password and rotate the tokens to break whatever is pushing this =/ |
yep, I think we should do this yes |
@timja I'm grepping the trusted.ci controller to check for the shasum |
Rotation of the token in progress |
Culprit found: no security issue but an old tag of this repository which was triggered and rebuilt: https://github.com/jenkinsci/docker/tree/jenkins-docker-packaging-2.164.2 I have honestly no idea why this tag was triggered (and not the others): trusted.ci is set up to only build tags newer than 3 days old. |
All credentials rotated @timja . I propose that we wait for next week's weekly and LTS releases to have the images fixed: does it look good to you? @Bitals sorry for the inconvenience and thanks for reporting. I strongly suggest that you stick to a pinned tagged version as the "latest" images cannot ensure a fixed behavior |
I know the risk and am fine with it. It's a homelab, I have regular backups and usually some time to troubleshoot and report stuff like this. |
From the Docker Hub, it looks like pinned versions have been overwritten too (e.g. FWIW the |
Good catch. It means we have to republish the images as soon as posible, and then informa users of the change to avoid inadvertently seeing the problem. I've started the publication of 2.419 (lates weekly) and 2.401.3 (latest LTS) as we use both of them on the public infrasrtucture. |
The images for 2.401.1, 2.401.2, 2.401.3 and 2.419 have been all rebuilt. Please note that 2.401.3 was rebuilt a 3rd time to ensure the tags are properly defined for |
Blog post for jenkinsci/docker#1690
Thank you! |
* Alpine containers rebuilt Blog post for jenkinsci/docker#1690 * Note that Linux containers were rebuilt Rename files to match breadth of change Update the opengraph image
It was done for the 3 LTS version ( Since then, the weekly release I'm going to proceed and close this issue as fixed. Feel free to reopen with a reproduction example if you still see a problem.
|
Jenkins and plugins versions report
Environment
What Operating System are you using (both controller, and any agents involved in the problem)?
Official jenkins:alpine image (sha256:c550540e16695929938a84725bec6d0360ab64201bb3e02e9cb6bfab74e0900b)
Debian host
Reproduction steps
Expected Results
Official image uses supported version of JRE
Actual Results
Official image uses unsupported version of JRE
Anything else?
The Dockerfile explicitly sets Java version 8 on lines 5, 7 and 8.
The text was updated successfully, but these errors were encountered: