build: bump OpenSSL from 3.6.1 to 3.6.2 in all builder images#23215
Merged
Kyle-Neale merged 3 commits intomasterfrom Apr 23, 2026
Merged
build: bump OpenSSL from 3.6.1 to 3.6.2 in all builder images#23215Kyle-Neale merged 3 commits intomasterfrom
Kyle-Neale merged 3 commits intomasterfrom
Conversation
c110dc6 to
ab481a5
Compare
Contributor
|
This PR does not modify any files shipped with the agent. To help streamline the release process, please consider adding the |
rdesgroppes
previously approved these changes
Apr 17, 2026
Review from rdesgroppes is dismissed. Related teams and files:
- agent-build
- .deps/image_digests.json
- .deps/resolved/linux-aarch64_3.13.txt
- .deps/resolved/linux-x86_64_3.13.txt
- .deps/resolved/macos-aarch64_3.13.txt
- .deps/resolved/macos-x86_64_3.13.txt
- .deps/resolved/windows-x86_64_3.13.txt
8592609 to
ab481a5
Compare
aiuto
previously approved these changes
Apr 21, 2026
Review from aiuto is dismissed. Related teams and files:
- agent-build
- .deps/builder_inputs.toml
- .deps/image_digests.json
- .deps/resolved/linux-aarch64_3.13.txt
- .deps/resolved/linux-x86_64_3.13.txt
- .deps/resolved/macos-aarch64_3.13.txt
- .deps/resolved/macos-x86_64_3.13.txt
- .deps/resolved/windows-x86_64_3.13.txt
Contributor
Validation ReportAll 20 validations passed. Show details
|
steveny91
approved these changes
Apr 21, 2026
|
Every time we approve, temporal invalidates it. |
aiuto
approved these changes
Apr 21, 2026
gh-worker-dd-mergequeue-cf854d Bot
pushed a commit
to DataDog/datadog-agent
that referenced
this pull request
Apr 23, 2026
…49698) ## Summary - Forward the `INTEGRATIONS_WHEELS_STORAGE` env var into the Windows MSI and FIPS-MSI build containers so upstream overrides (e.g. `dev`) actually reach omnibus. - Fixes silent fallback to `release.json`'s default (`stable`) when an upstream pipeline wants a different wheel tier. ## Why The Windows agent package build runs inside a Docker container, which only sees env vars explicitly forwarded via `docker run -e`. `INTEGRATIONS_CORE_VERSION` was already in the forward list, but `INTEGRATIONS_WHEELS_STORAGE` was not. When an upstream trigger (e.g. integrations-core's `.build-agent-tpl` in `.gitlab/build_agent.yaml`) sets `INTEGRATIONS_WHEELS_STORAGE: "dev"`, the GitLab runner has it but Docker strips it, and `tasks/libs/dependencies.py::get_effective_dependencies_env` falls through to `release.json`'s `"stable"`. pip then 404s on wheels that were only published to `dev/built/`. macOS and Linux builds run directly on the runner host, so they inherit the job-level env natively — only Windows was affected. ### Context Seen in pipeline [108825388](https://gitlab.ddbuild.io/DataDog/datadog-agent/-/pipelines/108825388/failures), where Windows base + FIPS MSI jobs failed with: ``` ERROR: HTTP error 404 while getting https://agent-int-packages.datadoghq.com/stable/built/botocore/botocore-1.42.72-20260421152939-py3-none-any.whl ``` while the macOS and Linux jobs in the same pipeline succeeded because they correctly saw `INTEGRATIONS_WHEELS_STORAGE=dev`. Related motivating PR on integrations-core: [DataDog/integrations-core#23215](DataDog/integrations-core#23215) (VULN-59288 OpenSSL 3.6.2 bump). Co-authored-by: kyle.neale <kyle.neale@datadoghq.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Bumps OpenSSL from 3.6.1 to 3.6.2 in all four builder images:
.builders/images/linux-x86_64/Dockerfile.builders/images/linux-aarch64/Dockerfile.builders/images/windows-x86_64/Dockerfile.builders/images/macos/builder_setup.shMotivation
Addresses VULN-59288. OpenSSL 3.6.2 was released on 2026-04-07 with security fixes.