diff --git a/.pipelines/templates/e2e-template.yaml b/.pipelines/templates/e2e-template.yaml index dc9d09096ac..b0e7d24ecb8 100644 --- a/.pipelines/templates/e2e-template.yaml +++ b/.pipelines/templates/e2e-template.yaml @@ -45,7 +45,9 @@ jobs: VHD_BUILD_ID: $(VHD_BUILD_ID) LOGGING_DIR: $(LOGGING_DIR) # Without this step next step may fail on successful run - - bash: mkdir -p $(System.DefaultWorkingDirectory)/e2e/$(LOGGING_DIR) + - bash: | + set -ex + mkdir -p "$(System.DefaultWorkingDirectory)/e2e/$(LOGGING_DIR)" condition: always() displayName: Create folder for scenario logs - task: PublishTestResults@2 diff --git a/vhdbuilder/packer/configure-windows-vhd.ps1 b/vhdbuilder/packer/configure-windows-vhd.ps1 index 50a04c99622..2dc067f1f66 100644 --- a/vhdbuilder/packer/configure-windows-vhd.ps1 +++ b/vhdbuilder/packer/configure-windows-vhd.ps1 @@ -388,12 +388,22 @@ function Install-ContainerD { function Install-OpenSSH { Write-Log "Installing OpenSSH Server" + + # Somehow openssh client got added to Windows 2019 base image. + if ($env:WindowsSKU -Like '2019*') + { + Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 + Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 + } + Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 # It’s by design that files within the C:\Windows\System32\ folder are not modifiable. # When the OpenSSH Server starts, it copies C:\windows\system32\openssh\sshd_config_default to C:\programdata\ssh\sshd_config, if the file does not already exist. $OriginalConfigPath = "C:\windows\system32\OpenSSH\sshd_config_default" - $ConfigPath = "C:\programdata\ssh\sshd_config" + $ConfigDirectory = "C:\programdata\ssh" + New-Item -ItemType Directory -Force -Path $ConfigDirectory + $ConfigPath = $ConfigDirectory + "\sshd_config" Write-Log "Updating $ConfigPath for CVE-2023-48795" $ModifiedConfigContents = Get-Content $OriginalConfigPath ` | %{$_ -replace "#RekeyLimit default none", "$&`r`n# Disable cipher to mitigate CVE-2023-48795`r`nCiphers -chacha20-poly1305@openssh.com`r`nMacs -*-etm@openssh.com`r`n"} @@ -874,7 +884,7 @@ function Log-ReofferUpdate { Write-Log "ReofferUpdate is $($result.ReofferUpdate)" } } catch { - Write-Log "ReofferUpdate does not exist" + Write-Log "ReofferUpdate registry setting does not exist" } } diff --git a/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 b/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 index 3c3964a5ee0..9c69d4a9320 100644 --- a/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 +++ b/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 @@ -60,17 +60,8 @@ $global:defenderUpdateInfoUrl = "https://go.microsoft.com/fwlink/?linkid=870379& switch -Regex ($windowsSku) { "2019-containerd" { - # TODO: clean up when you bump 2025-1B. These patches do an upgrade from 2024-9B to 2024-12B in a way that doesn't break openssh. - # The right patch for .NET is actually KB5046540. However, the download page us for KB5046269. So we have to verify that patch. I have no idea why. - - $global:patchUrls = @( - "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/12/windows10.0-kb5048661-x64_6bfc43258aab46ec793d2977122226a4a2b8ed6f.msu", - "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/updt/2024/10/windows10.0-kb5046268-x64_cd2f14649df2343f1b4692c50644f22b863ed408.msu" - ) - $global:patchIDs = @( - "KB5048661", - "KB5046268" - ) + $global:patchUrls = @() + $global:patchIDs = @() $global:imagesToPull = @( "mcr.microsoft.com/windows/servercore:ltsc2019", diff --git a/vhdbuilder/packer/windows-image.env b/vhdbuilder/packer/windows-image.env index bb78b508078..ab2d01bdc82 100644 --- a/vhdbuilder/packer/windows-image.env +++ b/vhdbuilder/packer/windows-image.env @@ -6,24 +6,24 @@ WINDOWS_2019_BASE_IMAGE_SKU=2019-Datacenter-Core-smalldisk # TODO: update global:patch in generate-windows-vhd-configuration.ps1 and remove this comment when you bump 12B # - but revert and bring back if open ssh fails when you build the VHD. This image is 9B. -WINDOWS_2019_BASE_IMAGE_VERSION=17763.6293.240905 +WINDOWS_2019_BASE_IMAGE_VERSION=17763.6775.250109 # CLI example to get the latest image version: # az vm image show --urn MicrosoftWindowsServer:WindowsServer:2022-Datacenter-Core-smalldisk:latest WINDOWS_2022_BASE_IMAGE_SKU=2022-Datacenter-Core-smalldisk -WINDOWS_2022_BASE_IMAGE_VERSION=20348.2966.241205 +WINDOWS_2022_BASE_IMAGE_VERSION=20348.3091.250112 # CLI example to get all available image version under a SKU (suffix g2 for Gen 2): # az vm image list --all --publisher MicrosoftWindowsServer --offer WindowsServer --output table -s 2022-datacenter-core-smalldisk-g2 # CLI example to get the latest image version: # az vm image show --urn MicrosoftWindowsServer:WindowsServer:2022-datacenter-core-smalldisk-g2:latest WINDOWS_2022_GEN2_BASE_IMAGE_SKU=2022-datacenter-core-smalldisk-g2 -WINDOWS_2022_GEN2_BASE_IMAGE_VERSION=20348.2966.241205 +WINDOWS_2022_GEN2_BASE_IMAGE_VERSION=20348.3091.250112 # CLI example to get the latest image version: # az vm image show --urn MicrosoftWindowsServer:WindowsServer:23h2-datacenter-core:latest WINDOWS_23H2_BASE_IMAGE_SKU=23h2-datacenter-core -WINDOWS_23H2_BASE_IMAGE_VERSION=25398.1308.241205 +WINDOWS_23H2_BASE_IMAGE_VERSION=25398.1369.250111 # CLI example to get all available image version under a SKU (suffix g2 for Gen 2): # az vm image list --all --publisher MicrosoftWindowsServer --offer WindowsServer --output table -s 23h2-datacenter-core-g2 @@ -31,7 +31,7 @@ WINDOWS_23H2_BASE_IMAGE_VERSION=25398.1308.241205 # az vm image show --urn MicrosoftWindowsServer:WindowsServer:23h2-datacenter-core-g2:latest # NOTE: Please update $global:patchUrls and $global:patchIDs in vhdbuilder/packer/generate-windows-vhd-configuration.ps1 on demand WINDOWS_23H2_GEN2_BASE_IMAGE_SKU=23h2-datacenter-core-g2 -WINDOWS_23H2_GEN2_BASE_IMAGE_VERSION=25398.1308.241205 +WINDOWS_23H2_GEN2_BASE_IMAGE_VERSION=25398.1369.250111 # Please uncomment the following lines and set a larger os disk size that is at least 30GB when your PR check-in fails # WINDOWS_2019_CONTAINERD_OS_DISK_SIZE_GB=30