tfgrid/zosbuilder
11
0
Fork 1
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf62e887e84c2121002f6a43e1407d25d32fc213
zosbuilder/docs/VERSIONS.md

5.4 KiB
Raw Blame History

Latest Versions Update - Alpine 3.22

Updated version mapping to use the latest and greatest Alpine Linux 3.22 and current package versions.

🚀 Alpine Version Update

Current State (August 2025)

  • Alpine Linux: 3.22 (latest stable)
  • Kernel: Linux 6.12.42 LTS
  • OpenSSL: 3.3.x (current stable)
  • All packages: Latest stable versions from Alpine 3.22

📦 Updated Package Versions

Core System Components

Component Old Reference Alpine 3.22 Version Security Status
Alpine Base 3.19 3.22 Current stable
OpenSSL 1.1.1d (EOL) 3.3.x Current, secure
Linux Kernel 6.8.8 6.12.42 LTS Latest LTS
busybox 1.31.0 1.37.x Current
util-linux 2.34 2.40.x Current
e2fsprogs 1.45.2 1.47.x Current
btrfs-progs 4.20.2 6.10.x Current
openssh 8.0p1 9.8.x Current
redis 7.2.1 7.4.x Current

Network & Security Tools

Component Old Reference Alpine 3.22 Version Notes
curl 7.65.1 8.9.x HTTP/3 support
nftables 0.9.1 1.1.x Latest features
wireguard 1.0.20200102 1.0.x Current stable
dnsmasq 2.80 2.90.x Current

Container & Virtualization

Component Old Reference Alpine 3.22 Version Notes
runc Not included 1.2.x OCI runtime
containerd deps Various Current Latest stable

🔧 Updated Docker Configuration

Dockerfile Changes

# Updated to latest Alpine
FROM alpine:3.22

# Latest package versions automatically included
RUN apk add --no-cache \
    linux-lts-dev \     # 6.12.42 LTS kernel
    openssl-dev \       # OpenSSL 3.3.x
    # ... all packages get latest versions

Version Benefits

  • Security: All packages receive latest security patches
  • Features: Access to latest functionality
  • Performance: Optimizations from years of development
  • Compatibility: Better hardware support

📋 Updated Architecture Decisions

1. Always Use Latest Stable

Strategy: Latest Stable Packages
Rationale: 
  - Security patches automatically included
  - Better hardware support
  - Performance improvements
  - Feature completeness
Risk Mitigation:
  - Alpine 3.22 is well-tested stable release
  - Package versions are curated by Alpine team

2. Automatic Updates via Alpine

Update Strategy: Alpine Package Manager
Benefits:
  - Consistent, tested combinations
  - Security team maintenance
  - Minimal compatibility issues
  - Automated dependency resolution

3. Version Pinning for Production

Development: Use :latest tags (Alpine 3.22)
Production: Pin specific Alpine 3.22.x point releases
CI/CD: Regular automated updates with testing

🚨 Security Improvements

Eliminated EOL Software

  • OpenSSL 1.1.1d (End of Life September 2023)
  • OpenSSL 3.3.x (Active development, LTS until 2026)

Current Security Status

  • All packages: Active maintenance
  • Alpine 3.22: Regular security updates
  • Kernel 6.12.42: Long-term support branch
  • No EOL components: Everything actively maintained

📊 Version Comparison Impact

Build Time Impact

Metric Old Versions Alpine 3.22 Improvement
Security patches Manual Automatic 100% automated
Feature updates Complex Simple Package manager
Compatibility Unknown Tested Alpine integration
Maintenance High effort Minimal Alpine team handled

Runtime Improvements

  • Better hardware support: Latest drivers and firmware
  • Performance: Years of optimizations
  • Security: No EOL vulnerabilities
  • Features: Latest tool capabilities

🎯 Implementation Updates

Updated Dockerfile

FROM alpine:3.22  # Was: alpine:3.19

# All packages automatically get latest versions:
# - OpenSSL 3.3.x (was: 1.1.1d EOL)
# - Linux 6.12.42 LTS (was: 6.8.8)
# - All tools: current stable versions

Package Selection Strategy

Approach: Trust Alpine Curation
- Use Alpine 3.22 stable packages
- No version pinning in package list
- Let Alpine team handle version compatibility
- Pin only the Alpine base version (3.22)

Update Process

# Automatic latest versions
apk add --no-cache package-name  # Gets latest stable

# No need for version specifications:
# apk add openssl=1.1.1d  # Old, manual approach
# apk add openssl         # New, automatic latest

Migration Benefits

Security

  • No EOL software: Everything actively maintained
  • Patch automation: Alpine security team handles updates
  • CVE response: Faster than manual maintenance

Operational

  • Simplified maintenance: No version tracking needed
  • Better support: Active community and documentation
  • Hardware compatibility: Latest drivers and firmware

Development

  • Faster builds: Optimized packages
  • Better debugging: Current tooling
  • Documentation: Up-to-date guides and examples

This update ensures Zero-OS uses current, secure, and performant software components while maintaining the same functionality and boot behavior.