Start using CentOS 7 to build Wazuh manager packages and deprecate older versions #2154
Assignees
Labels
Comments
Scopeglibc versionsList based on current supported OS https://documentation.wazuh.com/current/installation-guide/packages-list.html for manager installation OS and glibc versionCentOS
Debian
Ubuntu
Oracle Linux
Fedora
Amazon Linux
RHEL
OpenSUSE
Wazuh core dependencies and compilation/runtime glibc dependencyUntil nowadays, the compilation of the core third-party libraries was manually triggered by using the exact same containers/environments used for compiling the Wazuh packages, meaning that CentOS 6 and Debian 7 glibc version was used. Those precompiled dependencies are shared between the agent and manager, so they are published without segmentation, only by OS (or OS family) and ARCH. Wazuh embedded Python and compilation/installation/runtime glibc dependencyUntil nowadays, Wazuh embedded Python was built in a Centos 6 environment and linked against some of the mentioned core third-party deps via libwazuhext.so (bundle) Change impactOS support deprecationDue to Wazuh embedded Python compilation on CentOS 7, rising the required glib version from
Packages generation miscDespite the Wazuh embedded Python being already compiled on Centos 7, package generation consists (simplified) of installing Wazuh from sources and then packaging it. During installation from the source, some Python scripts are executed, meaning that glibc 2.17 will be needed to package and install Wazuh Affected packages are
Alternatives
|
Change impactPipelines that we have to update:
|
|
@c-bordon will also need to consider the other OS to be deprecated that currently are present on Jenkins
|
30 tasks
30 tasks
teddytpc1
added
type/refactor
4 tasks
This was referenced Jun 13, 2023
|
I don't think we can commit this issue in this sprint. It will have to enter the next one but surely we will only need a week. |
|
Issue related in jenkins: |
|
ETA was changed to 8/9 for pending testing on newly created packages with other teams dependencies |
|
Packages are being successfully generated now from master, but we are facing an issue when updating dependencies to a deps where the CPython package was updated. Processing files: wazuh-manager-4.8.0-1.x86_64
error: File not found: /build_wazuh/rpmbuild/BUILDROOT/wazuh-manager-4.8.0-1.x86_64/var/ossec/var/db/mitre.db
I am still exploring the source of this error. |
|
ETA has been modified because of a cpython dependency issue that is being requested to be solved by framework team. |
|
We keep running on issues. We are fixing the suffix for nonrelated packages and need to rebuild ARM packages. We expect to finish it before the end of the week |
|
Blocked waiting for this PR to merge: ETA delayed. |
|
Blocking condition was resolved but passed to on hold for an urgent issue we are working on. Will resume this issue as soon as possible |
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
As part of wazuh/wazuh#16279, some dependencies need to be updated in order to fix some vulnerabilities from OpenSSL and CURL.
Updating these dependencies require also to update Python cryptography dependency as explained in wazuh/wazuh#16363. However, this version of cryptography does not support older versions than CentOS 7 anymore (wazuh/wazuh#16128 (comment)).
Since all the pipelines used to build RPM manager packages use an image of CentOS 6, it is necessary to update them and start using CentOS 7.
This is probably something that needs to be done also for DEB manager packages.
Validation
The text was updated successfully, but these errors were encountered: