diff --git a/Dockerfile b/Dockerfile index ccfdef500ec79..327a9f40f0511 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:21.10 +ARG BASE_IMAGE=docker.io/library/ubuntu:22.04 #################################################################################################### # Builder image # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image @@ -69,7 +69,7 @@ RUN ln -s /usr/local/aws-cli/v2/current/dist/aws /usr/local/bin/aws # support for mounting configuration from a configmap RUN mkdir -p /app/config/ssh && \ touch /app/config/ssh/ssh_known_hosts && \ - ln -s /app/config/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts + ln -s /app/config/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts RUN mkdir -p /app/config/tls RUN mkdir -p /app/config/gpg/source && \ diff --git a/go.mod b/go.mod index d1e4a938cbb2d..34bfabc0d45ca 100644 --- a/go.mod +++ b/go.mod @@ -66,7 +66,7 @@ require ( github.com/stretchr/testify v1.7.0 github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0 github.com/yuin/gopher-lua v0.0.0-20200816102855-ee81675732da - golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 + golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e golang.org/x/net v0.0.0-20211209124913-491a49abca63 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f golang.org/x/sync v0.0.0-20210220032951-036812b2e83c diff --git a/go.sum b/go.sum index 0ba8126f97e3f..2239a4d89efff 100644 --- a/go.sum +++ b/go.sum @@ -1073,8 +1073,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1179,6 +1180,7 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= diff --git a/test/container/Dockerfile b/test/container/Dockerfile index 298199429f691..878e5ffba2ca5 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -6,7 +6,7 @@ FROM golang:1.17 as golang FROM registry:2.7.1 as registry -FROM ubuntu:21.10 +FROM ubuntu:22.04 ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install --fix-missing -y \ @@ -66,6 +66,11 @@ COPY ./test/fixture/testrepos/ssh_host_*_key* /etc/ssh/ # Copy redis binaries to the image COPY --from=redis /usr/local/bin/* /usr/local/bin/ +# Copy redis dependencies/shared libraries +# Ubuntu 22.04+ has moved to OpenSSL3 and no longer provides these libraries +COPY --from=redis /usr/lib/x86_64-linux-gnu/libssl.so.1.1 /usr/lib/x86_64-linux-gnu/ +COPY --from=redis /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/ + # Copy registry binaries to the image COPY --from=registry /bin/registry /usr/local/bin/ COPY --from=registry /etc/docker/registry/config.yml /etc/docker/registry/config.yml diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index a16d85fc8878a..0bb5ad66b0579 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -3,7 +3,7 @@ FROM golang:1.17 AS go RUN go install github.com/mattn/goreman@latest && \ go install github.com/kisielk/godepgraph@latest -FROM ubuntu:21.10 +FROM ubuntu:22.04 ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install -y \ diff --git a/util/git/ssh.go b/util/git/ssh.go index eb07a056b29f8..a1cb337a80e63 100644 --- a/util/git/ssh.go +++ b/util/git/ssh.go @@ -11,14 +11,14 @@ import ( // Unfortunately, crypto/ssh does not offer public constants or list for // this. var SupportedSSHKeyExchangeAlgorithms = []string{ - "diffie-hellman-group1-sha1", - "diffie-hellman-group14-sha1", + "curve25519-sha256", + "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", - "curve25519-sha256@libssh.org", - "diffie-hellman-group-exchange-sha1", "diffie-hellman-group-exchange-sha256", + "diffie-hellman-group14-sha256", + "diffie-hellman-group14-sha1", } // List of default key exchange algorithms to use. We use those that are