From 316243390f7517aad2c0b43800de719a9e4926cb Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 17 Jan 2025 16:26:33 +0100 Subject: [PATCH] fixup! release: build unsigned Ubuntu .deb package Currently, we target whatever GitHub Actions use as `ubuntu-latest`; This, however, led to the unintentional requirement in v2.47.2.vfs.0.0 to run Ubuntu 24.04 (up from 22.04 in v2.47.1.vfs.0.1). It is important to target a wider audience, though, especially in light of CVE-2024-52005 which is only addressed in Git for Windows and `microsoft/git`, but not Git. We could now go back to 22.04; This would only be a temporary band-aid, https://github.blog/changelog/2025-01-15-github-actions-ubuntu-20-runner-image-brownout-dates-and-other-breaking-changes/ already announced that 20.04 is phased out very soon, and 22.04 will be next. Let's just use a Docker container instead that targets the oldest Ubuntu LTS that is still maintained in _some_ shape or form. We still verify in `validate-installers` that the resulting binary installs and works on the latest Ubuntu version by virtue of using `runs-on: ubuntu-latest` in _that_ matrix job. Signed-off-by: Johannes Schindelin --- .github/workflows/build-git-installers.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build-git-installers.yml b/.github/workflows/build-git-installers.yml index de13e7df7239eb..9c01e3f03b1893 100644 --- a/.github/workflows/build-git-installers.yml +++ b/.github/workflows/build-git-installers.yml @@ -493,6 +493,8 @@ jobs: # Build and sign Debian package create-linux-artifacts: runs-on: ubuntu-latest + container: + image: ubuntu:16.04 # expanded security maintenance until 04/02/2026, according to https://endoflife.date/ubuntu needs: prereqs environment: release steps: