You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@daffodil.apache.org by GitBox <gi...@apache.org> on 2022/11/21 19:15:22 UTC
[GitHub] [daffodil] dependabot[bot] opened a new pull request, #880: Bump fedora from 36 to 37 in /containers/release-candidate
dependabot[bot] opened a new pull request, #880:
URL: https://github.com/apache/daffodil/pull/880
Bumps fedora from 36 to 37.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil] stevedlawrence commented on pull request #880: Bump fedora from 36 to 37 in /containers/release-candidate
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on PR #880:
URL: https://github.com/apache/daffodil/pull/880#issuecomment-1329222907
Upgrading to F37 fails to build the windows MSI installer with an error about unable to find iconv.dll. I've found that if I run `dnf upgrade wine` when building the container it fixes the issue. Seems Fedora 37 release ships with wine-7.12, and running the upgrade command updates to 7.20.
However, I'm hesitant to add the dnf upgrade command to the Dockerfile since it makes reproducibility difficult--every time we build a container we could get a newer version of wine. And wine is probably the one package we have the most issues with. Upgrades seem to frequently break things.
We could maybe pin to 7.20 with something like `dnf install wine-7.20`, and as long as F37 doesn't remove it from the `updates` repo we should be fine? Or we could just stick with F36 and close this PR...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil] tuxji commented on pull request #880: Bump fedora from 36 to 37 in /containers/release-candidate
Posted by GitBox <gi...@apache.org>.
tuxji commented on PR #880:
URL: https://github.com/apache/daffodil/pull/880#issuecomment-1366157588
I think these 2 are our best choices:
1. Bump the Dockerfile to Fedora 37 even though we would have to install `wine-7.20` instead of `wine` and undo that change after the next bump to Fedora 38. Pro: less work with no risk of updating wine version. Con: more maintenance needed 6 months from now.
2. Base the Dockerfile on Ubuntu LTS and install Ubuntu packages instead of Fedora packages with the assumption that Ubuntu will not bump wine between LTS bumps. Pro: Dockerfile might need no changes for 2 years. Con: Ubuntu might bump wine anyway as part of LTS security patches.
Choice 1 seems lower risk but requires manual testing every 6 months. Choice 2 seems lower maintenance after initial changes, but assumption of no wine bumps for 2 years may become false due to periodic rollup of LTS security patches into image. I still suggest choice 2 is worth trying anyway.
Please vote for your choice.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil] mbeckerle commented on pull request #880: Bump fedora from 36 to 37 in /containers/release-candidate
Posted by GitBox <gi...@apache.org>.
mbeckerle commented on PR #880:
URL: https://github.com/apache/daffodil/pull/880#issuecomment-1366712638
I would vote for stick with F36 and revisit when F38 is available.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil] tuxji commented on pull request #880: Bump fedora from 36 to 37 in /containers/release-candidate
Posted by GitBox <gi...@apache.org>.
tuxji commented on PR #880:
URL: https://github.com/apache/daffodil/pull/880#issuecomment-1329287775
Either choice sounds fine. Another possible choice would be to switch to a different base Docker image which changes less frequently (assuming its license allows us to use it in our Apache infrastructure). Choices include Debian stable, Ubuntu LTS, and more. The Ubuntu LTS image on Docker Hub actually rolls up security patches into the base image periodically, but the patches are supposed to maintain package/API compatibility to some degree (see <https://askubuntu.com/questions/1062198/ubuntu-lts-stability>, <https://wiki.ubuntu.com/StableReleaseUpdates>, <https://ubuntu.com/security/docker-images>).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil] stevedlawrence commented on pull request #880: Bump fedora from 36 to 37 in /containers/release-candidate
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on PR #880:
URL: https://github.com/apache/daffodil/pull/880#issuecomment-1369720594
Yeah, I think I agree with Mike. I don't think there's a big benefit updating to F37. I'm not against switching to some other OS if it handles this issue better, but I think that should be done as a separate PR since i probably needs a decent amount of testing and confirming any assumptions. I'm going to close this PR.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil] dependabot[bot] commented on pull request #880: Bump fedora from 36 to 37 in /containers/release-candidate
Posted by GitBox <gi...@apache.org>.
dependabot[bot] commented on PR #880:
URL: https://github.com/apache/daffodil/pull/880#issuecomment-1369720630
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil] stevedlawrence closed pull request #880: Bump fedora from 36 to 37 in /containers/release-candidate
Posted by GitBox <gi...@apache.org>.
stevedlawrence closed pull request #880: Bump fedora from 36 to 37 in /containers/release-candidate
URL: https://github.com/apache/daffodil/pull/880
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org