diff --git a/.github/workflows/apps_version_check.yaml b/.github/workflows/apps_version_check.yaml index 37f03b332..7875d3001 100644 --- a/.github/workflows/apps_version_check.yaml +++ b/.github/workflows/apps_version_check.yaml @@ -9,11 +9,11 @@ jobs: strategy: matrix: erl_otp: - - 24.1.5-3 + - 24.3.4.2-1 os: - ubuntu20.04 - container: ghcr.io/emqx/emqx-builder/4.4-19:${{ matrix.erl_otp }}-${{ matrix.os }} + container: ghcr.io/emqx/emqx-builder/4.4-20:${{ matrix.erl_otp }}-${{ matrix.os }} steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml index 9954d1ee6..04d7074b3 100644 --- a/.github/workflows/build_packages.yaml +++ b/.github/workflows/build_packages.yaml @@ -21,7 +21,7 @@ jobs: if: endsWith(github.repository, 'emqx') runs-on: ubuntu-20.04 # prepare source with any OTP version, no need for a matrix - container: ghcr.io/emqx/emqx-builder/4.4-19:24.1.5-3-ubuntu20.04 + container: ghcr.io/emqx/emqx-builder/4.4-20:24.3.4.2-1-ubuntu20.04 outputs: profiles: ${{ steps.detect-profiles.outputs.profiles}} @@ -60,7 +60,7 @@ jobs: matrix: profile: ${{fromJSON(needs.prepare.outputs.profiles)}} otp: - - 24.2.1 + - 24.3.4.2 exclude: - profile: emqx-edge steps: @@ -108,7 +108,7 @@ jobs: fail-fast: false matrix: otp: - - 24.1.5-3 + - 24.3.4.2-1 os: - macos-11 runs-on: ${{ matrix.os }} @@ -153,7 +153,7 @@ jobs: - zip - pkg otp: - - 24.1.5-3 + - 24.3.4.2-1 arch: - amd64 - arm64 @@ -210,7 +210,7 @@ jobs: --profile "${PROFILE}" \ --pkgtype "${PACKAGE}" \ --arch "${ARCH}" \ - --builder "ghcr.io/emqx/emqx-builder/4.4-19:${OTP}-${SYSTEM}" + --builder "ghcr.io/emqx/emqx-builder/4.4-20:${OTP}-${SYSTEM}" - uses: actions/upload-artifact@v1 with: name: ${{ matrix.profile }}-${{ matrix.otp }} @@ -225,7 +225,7 @@ jobs: matrix: profile: ${{fromJSON(needs.prepare.outputs.profiles)}} otp: - - 24.1.5-3 + - 24.3.4.2-1 registry: - 'docker.io' - 'public.ecr.aws' @@ -286,7 +286,7 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | - BUILD_FROM=ghcr.io/emqx/emqx-builder/4.4-19:${{ matrix.otp }}-alpine3.15.1 + BUILD_FROM=ghcr.io/emqx/emqx-builder/4.4-20:${{ matrix.otp }}-alpine3.15.1 RUN_FROM=alpine:3.15.1 EMQX_NAME=${{ matrix.profile }} file: source/deploy/docker/Dockerfile @@ -302,7 +302,7 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | - BUILD_FROM=ghcr.io/emqx/emqx-builder/4.4-19:${{ matrix.otp }}-alpine3.15.1 + BUILD_FROM=ghcr.io/emqx/emqx-builder/4.4-20:${{ matrix.otp }}-alpine3.15.1 RUN_FROM=alpine:3.15.1 EMQX_NAME=${{ matrix.profile }} file: source/deploy/docker/Dockerfile.enterprise @@ -320,7 +320,7 @@ jobs: matrix: profile: ${{fromJSON(needs.prepare.outputs.profiles)}} otp: - - 24.1.5-3 + - 24.3.4.2-1 include: - profile: emqx otp: windows # otp version on windows is rather fixed diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml index 9ef69ff70..815b2e60e 100644 --- a/.github/workflows/build_slim_packages.yaml +++ b/.github/workflows/build_slim_packages.yaml @@ -17,7 +17,7 @@ jobs: fail-fast: false matrix: otp: - - 24.1.5-3 + - 24.3.4.2-1 os: - ubuntu20.04 - el8 @@ -32,7 +32,7 @@ jobs: - runs-on: aws-amd64 use-self-hosted: false - container: ghcr.io/emqx/emqx-builder/4.4-19:${{ matrix.otp }}-${{ matrix.os }} + container: ghcr.io/emqx/emqx-builder/4.4-20:${{ matrix.otp }}-${{ matrix.os }} steps: - uses: actions/checkout@v1 @@ -78,7 +78,7 @@ jobs: profile: - emqx otp: - - 24.2.1 + - 24.3.4.2 steps: - uses: actions/checkout@v2 - uses: ilammy/msvc-dev-cmd@v1 @@ -111,7 +111,7 @@ jobs: fail-fast: false matrix: otp: - - 24.1.5-3 + - 24.3.4.2-1 os: - macos-11 runs-on: ${{ matrix.os }} diff --git a/.github/workflows/check_deps_integrity.yaml b/.github/workflows/check_deps_integrity.yaml index 433b00d71..7db081000 100644 --- a/.github/workflows/check_deps_integrity.yaml +++ b/.github/workflows/check_deps_integrity.yaml @@ -5,7 +5,7 @@ on: [pull_request] jobs: check_deps_integrity: runs-on: ubuntu-20.04 - container: ghcr.io/emqx/emqx-builder/4.4-19:24.1.5-3-ubuntu20.04 + container: ghcr.io/emqx/emqx-builder/4.4-20:24.3.4.2-1-ubuntu20.04 steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6890f9567..6f3c829a9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,7 +7,7 @@ on: jobs: prepare: runs-on: ubuntu-20.04 - container: ghcr.io/emqx/emqx-builder/4.4-19:24.1.5-3-ubuntu20.04 + container: ghcr.io/emqx/emqx-builder/4.4-20:24.3.4.2-1-ubuntu20.04 outputs: profiles: ${{ steps.detect-profiles.outputs.profiles}} diff --git a/.github/workflows/run_acl_migration_tests.yaml b/.github/workflows/run_acl_migration_tests.yaml index 6ebe37f98..65078ca65 100644 --- a/.github/workflows/run_acl_migration_tests.yaml +++ b/.github/workflows/run_acl_migration_tests.yaml @@ -5,7 +5,7 @@ on: workflow_dispatch jobs: test: runs-on: ubuntu-20.04 - container: ghcr.io/emqx/emqx-builder/4.4-19:24.1.5-3-ubuntu20.04 + container: ghcr.io/emqx/emqx-builder/4.4-20:24.3.4.2-1-ubuntu20.04 strategy: fail-fast: true env: diff --git a/.github/workflows/run_fvt_tests.yaml b/.github/workflows/run_fvt_tests.yaml index 7c43f38c4..2750be7f4 100644 --- a/.github/workflows/run_fvt_tests.yaml +++ b/.github/workflows/run_fvt_tests.yaml @@ -200,7 +200,7 @@ jobs: relup_test_plan: runs-on: ubuntu-20.04 - container: ghcr.io/emqx/emqx-builder/4.4-19:24.1.5-3-ubuntu20.04 + container: ghcr.io/emqx/emqx-builder/4.4-20:24.3.4.2-1-ubuntu20.04 outputs: profile: ${{ steps.profile-and-versions.outputs.profile }} vsn: ${{ steps.profile-and-versions.outputs.vsn }} @@ -249,9 +249,9 @@ jobs: fail-fast: false matrix: otp: - - 24.1.5-3 + - 24.3.4.2-1 runs-on: ubuntu-20.04 - container: ghcr.io/emqx/emqx-builder/4.4-19:24.1.5-3-ubuntu20.04 + container: ghcr.io/emqx/emqx-builder/4.4-20:24.3.4.2-1-ubuntu20.04 defaults: run: shell: bash @@ -280,19 +280,19 @@ jobs: path: | emqx/_packages/*/*.zip emqx/.ci/fvt_tests + emqx/data/relup-paths.eterm + emqx/scripts/relup-base-vsns.escript relup_test_run: needs: - relup_test_plan - relup_test_build runs-on: ubuntu-20.04 - container: ghcr.io/emqx/emqx-builder/4.4-19:24.1.5-3-ubuntu20.04 + container: ghcr.io/emqx/emqx-builder/4.4-20:24.3.4.2-1-ubuntu20.04 strategy: fail-fast: false matrix: old_vsn: ${{ fromJson(needs.relup_test_plan.outputs.matrix) }} - otp: - - 24.1.5-3 env: OLD_VSN: "${{ matrix.old_vsn }}" PROFILE: "${{ needs.relup_test_plan.outputs.profile }}" @@ -313,16 +313,14 @@ jobs: repository: terry-xiaoyu/one_more_emqx ref: master path: one_more_emqx - - name: Prepare packages + - name: Run relup test scenario + timeout-minutes: 6 run: | set -e -x -u - mkdir -p packages + old_emqx_vsn=${OLD_VSN#[e|v]} + old_otp_vsn=$(escript emqx_built/scripts/relup-base-vsns.escript otp-vsn-for "${old_emqx_vsn}" emqx_built/data/relup-paths.eterm) + wget --no-verbose -P packages https://s3-us-west-2.amazonaws.com/packages.emqx/$BROKER/$OLD_VSN/$PROFILE-${old_emqx_vsn}-otp${old_otp_vsn}-ubuntu20.04-amd64.zip cp emqx_built/_packages/*/*.zip packages - cd packages - wget --no-verbose https://s3-us-west-2.amazonaws.com/packages.emqx/$BROKER/$OLD_VSN/$PROFILE-${OLD_VSN#[e|v]}-otp${{ matrix.otp }}-ubuntu20.04-amd64.zip - - name: Run relup test scenario - timeout-minutes: 5 - run: | lux \ --progress verbose \ --case_timeout infinity \ @@ -331,8 +329,8 @@ jobs: --var ONE_MORE_EMQX_PATH=$(pwd)/one_more_emqx \ --var VSN="$VSN" \ --var OLD_VSN="$OLD_VSN" \ - --var FROM_OTP_VSN="24.1.5-3" \ - --var TO_OTP_VSN="24.1.5-3" \ + --var FROM_OTP_VSN="${old_otp_vsn}" \ + --var TO_OTP_VSN="24.3.4.2-1" \ emqx_built/.ci/fvt_tests/relup.lux - uses: actions/upload-artifact@v2 name: Save debug data diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml index 5f98f6940..8bff3a33c 100644 --- a/.github/workflows/run_test_cases.yaml +++ b/.github/workflows/run_test_cases.yaml @@ -12,7 +12,7 @@ on: jobs: run_proper_test: runs-on: ubuntu-20.04 - container: ghcr.io/emqx/emqx-builder/4.4-19:24.1.5-3-ubuntu20.04 + container: ghcr.io/emqx/emqx-builder/4.4-20:24.3.4.2-1-ubuntu20.04 steps: - uses: actions/checkout@v2 diff --git a/build b/build index f5bf13a58..7577d2219 100755 --- a/build +++ b/build @@ -77,8 +77,13 @@ make_relup() { local zip_file mkdir -p "$lib_dir" "$releases_dir" '_upgrade_base' local releases=() + local OTP_CHANGED='no' if [ -d "$releases_dir" ]; then for BASE_VSN in $(relup_db base-vsns "$PKG_VSN"); do + OTP_BASE=$(relup_db otp-vsn-for "$BASE_VSN") + if [[ "$OTP_BASE" != "$OTP_VSN" ]]; then + OTP_CHANGED='yes' + fi OTP_BASE=$(relup_db otp-vsn-for "$PKG_VSN") zip_file="_upgrade_base/${PROFILE}-$(env OTP_VSN="$OTP_BASE" PKG_VSN="$BASE_VSN" ./scripts/pkg-full-vsn.sh 'vsn_exact').zip" if [ ! -d "$releases_dir/$BASE_VSN" ]; then @@ -99,8 +104,8 @@ make_relup() { fi RELX_BASE_VERSIONS="$(IFS=, ; echo "${releases[*]}")" export RELX_BASE_VERSIONS - if [[ ${PKG_VSN} == 4.3* ]]; then - echo "EMQX 4.3 specific, overwrite OTP app versions" + if [[ ${PKG_VSN} == 4.[3,4]* && ${OTP_CHANGED} == 'yes' ]]; then + echo "EMQX 4.[3,4] specific, overwrite OTP app versions" local emqx_rel_file="${releases_dir}/${PKG_VSN}/emqx.rel" if [ ! -f "${emqx_rel_file}" ]; then ./rebar3 as "${PROFILE}" release @@ -118,7 +123,7 @@ make_relup() { # rollback rel file per releases # - if [[ ${PKG_VSN} == 4.3* ]]; then + if [[ ${PKG_VSN} == 4.[3,4]* && ${OTP_CHANGED} == 'yes' ]]; then echo "restore upgrade base rel files... " for rel in ${releases[*]}; do diff --git a/changes/v4.4.11-en.md b/changes/v4.4.11-en.md index bc0ee9bb9..55507c981 100644 --- a/changes/v4.4.11-en.md +++ b/changes/v4.4.11-en.md @@ -1,5 +1,11 @@ ### Enhancements +- OTP upgrade from 24.1.5-3 to 24.3.4.2-1 [#9265](https://github.com/emqx/emqx/pull/9265). + Change highlights: + - Erlang/OTP [SSL library vulnerability fix](https://nvd.nist.gov/vuln/detail/CVE-2022-37026) + - Added support for OCSP (Online Certificate Status Protocol) Stapling + - Added CRL (Certificate Revocation List) cache auto refresh + ### Bug fixes - Fix get trace list crash when trace not initialize. [#9156](https://github.com/emqx/emqx/pull/9156) diff --git a/changes/v4.4.11-zh.md b/changes/v4.4.11-zh.md index f27d12d59..82c4558e1 100644 --- a/changes/v4.4.11-zh.md +++ b/changes/v4.4.11-zh.md @@ -1,6 +1,11 @@ ### 增强 - +- OTP 升级: 从 24.1.5-3 至 24.3.4.2-1 [#9265](https://github.com/emqx/emqx/pull/9265)。 + 重要更新: + - Erlang/OTP [SSL库漏洞修复](https://nvd.nist.gov/vuln/detail/CVE-2022-37026) + - 增加了对 OCSP (Online Certificate Status Protocol) Stapling 的支持 + - 增加了 CRL(证书吊销列表)缓存的自动刷新功能 + ### 修复 - 修复日志追踪模块没开启时,GET Trace 列表接口报错的问题。[#9156](https://github.com/emqx/emqx/pull/9156) diff --git a/data/relup-paths.eterm b/data/relup-paths.eterm index 39294e3ad..3bbfbcb79 100644 --- a/data/relup-paths.eterm +++ b/data/relup-paths.eterm @@ -39,6 +39,13 @@ [<<"4.4.0">>,<<"4.4.1">>,<<"4.4.2">>,<<"4.4.3">>,<<"4.4.4">>, <<"4.4.5">>,<<"4.4.6">>,<<"4.4.7">>,<<"4.4.8">>,<<"4.4.9">>], otp => <<"24.1.5-3">>}}. -{<<"4.5.0">>, - #{from_versions => [<<"4.4.10">>,<<"4.4.8">>,<<"4.4.9">>], +{<<"4.4.11">>, + #{from_versions => + [<<"4.4.0">>,<<"4.4.1">>,<<"4.4.2">>,<<"4.4.3">>,<<"4.4.4">>, + <<"4.4.5">>,<<"4.4.6">>,<<"4.4.7">>,<<"4.4.8">>,<<"4.4.9">>, + <<"4.4.10">>], + otp => <<"24.3.4.2-1">>}}. +{<<"4.5.0">>, + #{from_versions => [<<"4.4.8">>,<<"4.4.9">>,<<"4.4.10">>, + <<"4.4.11">>], otp => <<"24.3.4.2-1">>}}.