drop el-7, debian-buster, amazonlinux-2

.github/workflows/build-packages.yml

@@ -15,10 +15,8 @@ on:
         # please remember to update the pkghashes below when you
         # update this list, as well as the one in builder-dispatch.yml
         default: >-
-          el-7
           el-8
           el-9
-          debian-buster
           debian-bullseye
           debian-bookworm
           ubuntu-focal
@@ -73,20 +71,14 @@ jobs:
       matrix:
         os: ${{fromJson(needs.prepare.outputs.oslist)}}
         runner-os: ${{ fromJson(needs.prepare.outputs.runnerlist )}}
-        exclude:
-          - os: el-7
-            runner-os: ubicloud-standard-2-arm
       fail-fast: false
     outputs:
       product-name: ${{ steps.normalize-name.outputs.normalized-package-name }}
       version: ${{ steps.getversion.outputs.version }}
-      pkghashes-el-7-x86_64: ${{ steps.pkghashes.outputs.pkghashes-el-7-x86_64 }}
       pkghashes-el-8-x86_64: ${{ steps.pkghashes.outputs.pkghashes-el-8-x86_64 }}
       pkghashes-el-8-aarch64: ${{ steps.pkghashes.outputs.pkghashes-el-8-aarch64 }}
       pkghashes-el-9-x86_64: ${{ steps.pkghashes.outputs.pkghashes-el-9-x86_64 }}
       pkghashes-el-9-aarch64: ${{ steps.pkghashes.outputs.pkghashes-el-9-aarch64 }}
-      pkghashes-debian-buster-x86_64: ${{ steps.pkghashes.outputs.pkghashes-debian-buster-x86_64 }}
-      pkghashes-debian-buster-aarch64: ${{ steps.pkghashes.outputs.pkghashes-debian-buster-aarch64 }}
       pkghashes-debian-bullseye-x86_64: ${{ steps.pkghashes.outputs.pkghashes-debian-bullseye-x86_64 }}
       pkghashes-debian-bullseye-aarch64: ${{ steps.pkghashes.outputs.pkghashes-debian-bullseye-aarch64 }}
       pkghashes-debian-bookworm-x86_64: ${{ steps.pkghashes.outputs.pkghashes-debian-bookworm-x86_64 }}
@@ -173,7 +165,7 @@ jobs:
         run: |
           for os in ${{ inputs.os }}; do
             for architecture in x86_64 ${{ vars.ARM64_USE_UBICLOUD == '1' && 'aarch64' || '' }}; do
-              [[ "$os" != "el-7" || "$architecture" != "aarch64"  ]] && echo "\"pkghashes-$os-$architecture\"" | tee -a /tmp/os-inputs.txt
+              echo "\"pkghashes-$os-$architecture\"" | tee -a /tmp/os-inputs.txt
             done
           done
           sort -o /tmp/os-inputs.txt /tmp/os-inputs.txt
@@ -188,9 +180,6 @@ jobs:
       matrix:
         os: ${{fromJson(needs.prepare.outputs.oslist)}}
         architecture: ${{ fromJson(needs.prepare.outputs.archlist )}}
-        exclude:
-          - os: el-7
-            architecture: aarch64
     permissions:
       actions: read   # To read the workflow path.
       id-token: write # To sign the provenance.
@@ -224,9 +213,6 @@ jobs:
       matrix:
         os: ${{fromJson(needs.prepare.outputs.oslist)}}
         architecture: ${{ fromJson(needs.prepare.outputs.archlist )}}
-        exclude:
-          - os: el-7
-            architecture: aarch64
     steps:
       - name: Download source tarball provenance for ${{ inputs.product }} (${{ inputs.ref }})
         id: download-src-provenance

.github/workflows/builder-dispatch.yml

@@ -16,10 +16,8 @@ on:
         type: string
         # please remember to update build-packages.yml as well
         default: >-
-          el-7
           el-8
           el-9
-          debian-buster
           debian-bullseye
           debian-bookworm
           ubuntu-focal

.github/workflows/builder.yml

@@ -35,7 +35,6 @@ jobs:
       matrix:
         product: ['authoritative', 'recursor', 'dnsdist']
         os:
-          - el-7
           - el-8
           - centos-9-stream
           - ubuntu-noble
@@ -44,9 +43,6 @@ jobs:
           - debian-trixie
           - amazon-2023
         runner-os: ${{ fromJson(needs.prepare.outputs.runnerlist )}}
-        exclude:
-          - os: el-7
-            runner-os: ubicloud-standard-2-arm
       fail-fast: false
     steps:
       - uses: actions/checkout@v4

BUILDING-PACKAGES.md

@@ -44,20 +44,18 @@ Adding a new OS to the list
 
 Adding a new OS is usually easy, provided that it does not differ too much from an existing one. For example, to add support for Debian Bookworm (already present in the current repository), one had to:
 
-Copy the existing instructions for Debian Buster:
+Copy the existing instructions for Debian bullseye:
 ```
-cp builder-support/dockerfiles/Dockerfile.target.debian-buster builder-support/dockerfiles/Dockerfile.target.debian-bookworm
+cp builder-support/dockerfiles/Dockerfile.target.debian-bullseye builder-support/dockerfiles/Dockerfile.target.debian-bookworm
 ```
 
-In the new `builder-support/dockerfiles/Dockerfile.target.debian-bookworm` file, replace every occurrence of `debian-buster` by `debian-bookworm`, and of `debian:buster` by `debian:bookworm`
+In the new `builder-support/dockerfiles/Dockerfile.target.debian-bookworm` file, replace every occurrence of `debian-bullseye` by `debian-bookworm`, and of `debian:bullseye` by `debian:bookworm`
 
 Then add the new target to the list of OSes in the `.github/workflows/builder-dispatch.yml` workflow file:
 ```
 default: >-
-  el-7
   el-8
   el-9
-  debian-buster
   debian-bullseye
   debian-bookworm
   ubuntu-focal
@@ -68,10 +66,8 @@ If release packages should be automatically built for this new target, then `.gi
 ``
 ```
 default: >-
-  el-7
   el-8
   el-9
-  debian-buster
   debian-bullseye
   debian-bookworm
   ubuntu-focal
@@ -80,10 +76,8 @@ default: >-
 
 Not forgetting to update the list of hashes later in the same file:
 ```
-pkghashes-el-7: ${{ steps.pkghashes.outputs.pkghashes-el-7 }}
 pkghashes-el-8: ${{ steps.pkghashes.outputs.pkghashes-el-8 }}
 pkghashes-el-9: ${{ steps.pkghashes.outputs.pkghashes-el-9 }}
-pkghashes-debian-buster: ${{ steps.pkghashes.outputs.pkghashes-debian-buster }}
 pkghashes-debian-bullseye: ${{ steps.pkghashes.outputs.pkghashes-debian-bullseye }}
 pkghashes-debian-bookworm: ${{ steps.pkghashes.outputs.pkghashes-debian-bookworm }}
 pkghashes-ubuntu-focal: ${{ steps.pkghashes.outputs.pkghashes-ubuntu-focal }}

build-scripts/docker/repo-test/generate-repo-files.py

@@ -140,11 +140,8 @@ def write_release_files (release):
                    'rec-48', 'rec-49', 'rec-50', 'rec-51', 'rec-master',
                    'dnsdist-17', 'dnsdist-18', 'dnsdist-19', 'dnsdist-master']:
         write_pkg_pin_file(release)
-        write_dockerfile('el', '7', release)
         write_dockerfile('el', '8', release)
         write_dockerfile('el', '9', release)
-        write_dockerfile('debian', 'buster', release)
-        write_list_file('debian', 'buster', release)
         write_dockerfile('debian', 'bullseye', release)
         write_list_file('debian', 'bullseye', release)
         write_dockerfile('ubuntu', 'focal', release)
@@ -241,8 +238,6 @@ def test_release (release, arch='x86_64'):
     returned_versions = []
     print('=== testing {} ({}) ==='.format(release, arch))
     for df in dockerfiles:
-        if arch == 'aarch64' and str(df).endswith('el-7'):
-            continue
         if arch == 'aarch64' and not release in ['rec-49', 'rec-50', 'rec-51', 'rec-master',
                                                  'dnsdist-19', 'dnsdist-master']:
             continue

builder-support/dockerfiles/Dockerfile.rpmbuild

@@ -1,11 +1,6 @@
 FROM dist-base as package-builder
-RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \
-      yum upgrade -y && \
-      yum install -y rpm-build rpmdevtools python2 python3 curl jq "@Development Tools"; \
-    else \
-      yum upgrade -y && \
-      yum install --allowerasing -y rpm-build rpmdevtools python3 curl jq "@Development Tools"; \
-    fi
+RUN yum upgrade -y && \
+    yum install --allowerasing -y rpm-build rpmdevtools python3 curl jq "@Development Tools"
 
 RUN mkdir /dist /pdns
 WORKDIR /pdns
@@ -21,14 +16,10 @@ RUN cd /pdns/builder-support/helpers/ && ./install_rust.sh
 @ENDIF
 
 @IF [ -n "$M_dnsdist$M_all" ]
-# We do not build Quiche (DNS over QUIC support) on el-7 because the clang
-# version is too old to build the 'boring-sys' crate needed by Quiche
-RUN if ! $(grep -q 'release 7' /etc/redhat-release); then \
-      cd /pdns/builder-support/helpers/ && ./install_rust.sh; \
-      yum install -y git cmake clang; \
-      cd /pdns/builder-support/helpers/ && \
-      ./install_quiche.sh; \
-    fi
+RUN cd /pdns/builder-support/helpers/ && ./install_rust.sh; \
+    yum install -y git cmake clang; \
+    cd /pdns/builder-support/helpers/ && \
+    ./install_quiche.sh
 @ENDIF
 
 # Used for -p option to only build specific spec files
@@ -43,19 +34,15 @@ ADD builder-support/specs/ /pdns/builder-support/specs
 RUN find /pdns/builder-support/specs/ -not -name '*.spec' -exec ln -s {} /root/rpmbuild/SOURCES/ \;
 
 @IF [ -n "$M_authoritative$M_all" ]
-RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \
-      scl enable devtoolset-11 -- builder/helpers/build-specs.sh builder-support/specs/pdns.spec; \
-    elif $(grep -q 'release 8' /etc/redhat-release); then \
+RUN touch /var/lib/rpm/* && if $(grep -q 'release 8' /etc/redhat-release); then \
       scl enable gcc-toolset-13 -- builder/helpers/build-specs.sh builder-support/specs/pdns.spec; \
     else \
       builder/helpers/build-specs.sh builder-support/specs/pdns.spec; \
     fi
 @ENDIF
 
 @IF [ -n "$M_recursor$M_all" ]
-RUN touch /var/lib/rpm/* &&  if $(grep -q 'release 7' /etc/redhat-release); then \
-      scl enable devtoolset-11 -- builder/helpers/build-specs.sh builder-support/specs/pdns-recursor.spec; \
-    elif $(grep -q 'release 8' /etc/redhat-release); then \
+RUN touch /var/lib/rpm/* && if $(grep -q 'release 8' /etc/redhat-release); then \
       scl enable gcc-toolset-13 -- builder/helpers/build-specs.sh builder-support/specs/pdns-recursor.spec; \
     else \
       builder/helpers/build-specs.sh builder-support/specs/pdns-recursor.spec; \
@@ -64,29 +51,20 @@ RUN touch /var/lib/rpm/* &&  if $(grep -q 'release 7' /etc/redhat-release); then
 
 @IF [ -n "$M_dnsdist$M_all" ]
 
-# --allowerasing does not exist on el7, so we fall back to just installing
-# this is fine because --allowerasing is only there to deal with libcurl conflicting with libcurl-minimal on some el9 images
 RUN touch /var/lib/rpm/* && mkdir /libh2o && cd /libh2o && \
-      yum install -y --allowerasing curl libcurl openssl-devel cmake || yum install -y curl libcurl openssl-devel cmake && \
+      dnf install -y --allowerasing curl libcurl openssl-devel cmake && \
       cd /pdns/builder-support/helpers/ && \
       ./install_h2o.sh
 
-RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \
-      scl enable devtoolset-11 -- builder/helpers/build-specs.sh builder-support/specs/dnsdist.spec; \
-    elif $(grep -q 'release 8' /etc/redhat-release); then \
+RUN touch /var/lib/rpm/* && if $(grep -q 'release 8' /etc/redhat-release); then \
       scl enable gcc-toolset-13 -- builder/helpers/build-specs.sh builder-support/specs/dnsdist.spec; \
     else \
       builder/helpers/build-specs.sh builder-support/specs/dnsdist.spec; \
     fi
 @ENDIF
 
 # Generate provenance
-@IF [ "${BUILDER_TARGET}" = "el-7" -o "${BUILDER_TARGET}" = "centos-7" ]
-@EVAL RUN python builder/helpers/generate-yum-provenance.py /dist/packages-${BUILDER_TARGET}.json || python3 builder/helpers/generate-yum-provenance.py /dist/packages-${BUILDER_TARGET}.json
-@ENDIF
-@IF [ "${BUILDER_TARGET}" != "el-7" -a "${BUILDER_TARGET}" != "centos-7" ]
 @EVAL RUN python builder/helpers/generate-dnf-provenance.py /dist/packages-${BUILDER_TARGET}.json || python3 builder/helpers/generate-dnf-provenance.py /dist/packages-${BUILDER_TARGET}.json
-@ENDIF
 
 # mv across layers with overlay2 is buggy in some kernel versions (results in empty dirs)
 # See: https://github.com/moby/moby/issues/33733

builder-support/dockerfiles/Dockerfile.rpmsbom

@@ -1,32 +1,23 @@
 ARG BUILDER_VERSION
 @EVAL ARG BUILDER_TARGET=${BUILDER_TARGET}
 
-# No SBOM on el-7, which only has Python 2 and will be EOL soon anyway
 RUN touch /var/lib/rpm/* && \
-    if ! $(grep -q 'release 7' /etc/redhat-release); then \
-      yum install -y python3 python3-dnf; \
-    fi
+    yum install -y python3 python3-dnf
 ADD builder-support/helpers/ /pdns/builder-support/helpers/
 
 @IF [ -n "$M_recursor$M_all" ]
 RUN cd /pdns/builder-support/helpers/ && \
-    if ! $(grep -q 'release 7' /etc/redhat-release); then \
-      python3 generate-sbom-dnf.py /dist/pdns-recursor-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json pdns-recursor rust.json; \
-    fi
+    python3 generate-sbom-dnf.py /dist/pdns-recursor-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json pdns-recursor rust.json
 @ENDIF
 
 @IF [ -n "$M_dnsdist$M_all" ]
 RUN cd /pdns/builder-support/helpers/; \
-    if ! $(grep -q 'release 7' /etc/redhat-release); then \
-       python3 generate-sbom-dnf.py /dist/dnsdist-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json dnsdist rust.json quiche.json h2o.json; \
-    fi
+    python3 generate-sbom-dnf.py /dist/dnsdist-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json dnsdist rust.json quiche.json h2o.json
 @ENDIF
 
 @IF [ -n "$M_authoritative$M_all" ]
 RUN cd /pdns/builder-support/helpers/ && \
-    if ! $(grep -q 'release 7' /etc/redhat-release); then \
-      for pkg in $(dnf list installed 'pdns*' | grep -E ^'pdns' | grep -vE '\-debuginfo|\-debugsource' | cut -d. -f1); do \
+    for pkg in $(dnf list installed 'pdns*' | grep -E ^'pdns' | grep -vE '\-debuginfo|\-debugsource' | cut -d. -f1); do \
         python3 generate-sbom-dnf.py /dist/${pkg}-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json ${pkg}; \
-      done; \
-    fi
+    done
 @ENDIF