Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to Debian bookworm #214

Merged
merged 2 commits into from
Dec 12, 2023
Merged

Conversation

yosifkit
Copy link
Member

Leaving 2.0 on Debian buster: #167

@tianon
Copy link
Member

tianon commented Jun 13, 2023

This comes with a bump to OpenSSL 3, which might cause some breakage, so we might want to pause and consider / solicit opinions. 🤔

@TimWolla
Copy link
Contributor

which might cause some breakage,

Not breakage, but a steep loss of performance that is likely unacceptable to many users. See https://www.mail-archive.com/[email protected]/msg43306.html (and basically the whole thread).

@TimWolla
Copy link
Contributor

Also Ctrl+F "OpenSSL" and "wolfSSL" in this email: https://www.mail-archive.com/[email protected]/msg43600.html

@TimWolla
Copy link
Contributor

Ah and one more thing: OpenSSL 3 is only officially supported as of HAProxy 2.6.x, as per the list on haproxy.org:

version 2.6 : QUIC/HTTP3, OpenSSL 3.0, better usability, improved code accessibility and maintenance

@yosifkit yosifkit marked this pull request as draft July 28, 2023 20:22
@Darlelet
Copy link
Contributor

FYI: alpine image already did the openssl3 bump with 95fe4ac
(3.16 vs 3.17)

@tianon
Copy link
Member

tianon commented Dec 11, 2023

Yeah, oops -- that was a while ago though (a full year now).

According to haproxy/haproxy#1276, the OpenSSL 3 support was backported to the 2.4 line, so that explains that (and we pin 2.0 to Debian Buster and Alpine 3.16 already), but that doesn't explain why 2.2 appears to be just fine. 🤷

I guess we should probably revert 2.2 to Alpine 3.16, pin it to Debian Bullseye (to be on the safe / "upstream supported" side), and then finally do this update.

@tianon
Copy link
Member

tianon commented Dec 11, 2023

(first, a rebase)

@tianon tianon marked this pull request as ready for review December 11, 2023 23:56
@yosifkit yosifkit merged commit f74e9f8 into docker-library:master Dec 12, 2023
34 checks passed
@yosifkit yosifkit deleted the bookworm branch December 12, 2023 23:16
docker-library-bot added a commit to docker-library-bot/official-images that referenced this pull request Dec 13, 2023
Changes:

- docker-library/haproxy@f74e9f8: Merge pull request docker-library/haproxy#214 from infosiftr/bookworm
- docker-library/haproxy@37ba32b: Pin 2.2 to Debian Bullseye and Alpine 3.16 to avoid OpenSSL 3 (unsupported until 2.6+ and backported to 2.4)
- docker-library/haproxy@71aadfa: Update to Debian bookworm
docker-library-bot added a commit to docker-library-bot/official-images that referenced this pull request Dec 13, 2023
Changes:

- docker-library/haproxy@e4b286a: Update 2.6 to 2.6.16
- docker-library/haproxy@f74e9f8: Merge pull request docker-library/haproxy#214 from infosiftr/bookworm
- docker-library/haproxy@37ba32b: Pin 2.2 to Debian Bullseye and Alpine 3.16 to avoid OpenSSL 3 (unsupported until 2.6+ and backported to 2.4)
- docker-library/haproxy@71aadfa: Update to Debian bookworm
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants