[FOLIO-2923] Drop --no-check-certificate from wget (Man-in-the-middle attack) Created: 17/Dec/20 Updated: 05/Jan/21 Resolved: 22/Dec/20 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | Continuous Integration |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Bug | Priority: | P2 |
| Reporter: | Julian Ladisch | Assignee: | David Crossley |
| Resolution: | Done | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | DevOps: Sprint 104 | ||||||||
| Development Team: | FOLIO DevOps | ||||||||
| Description |
|
Overview: Fix: Install the ca-certificates package that wget needs for the checks: Affected code |
| Comments |
| Comment by Julian Ladisch [ 17/Dec/20 ] |
| Comment by Julian Ladisch [ 17/Dec/20 ] |
|
Two more fixes: |
| Comment by David Crossley [ 18/Dec/20 ] |
|
Regarding folio-tools: I merged Julian's PR, then built and deployed the new jenkins-slave-all docker build images. java-11 is tagged as 2.5.0 Tested each via FOLIO CI. |
| Comment by David Crossley [ 22/Dec/20 ] |
|
Regarding folio-tools: The java-11 (tagged as 2.3.0) is okay. The java-8 (tagged as 1.3.0) was tested with a backend module that has not yet moved to Java 11. That build was okay. However it was later discovered that there is one old environment build that still uses this image. This build failed. Inspection shows that "ansible" was not properly constructed in the build of the jenkins-slave-all image. So jenkins-slave-all:latest has been restored to the previous version (1.2.2). |
| Comment by Jakub Skoczen [ 22/Dec/20 ] |
|
Done for JDK 11 img, won't do for JDK 8 as that image is deprecated. See
|
| Comment by David Crossley [ 05/Jan/21 ] |
|
Julian Ladisch The java8 one was deliberately marked with a cross because that docker image could no longer be built, even as-is prior to your changes. See notes in previous issue comments. So we are deprecating it as soon as possible. See
|