Remediate EOL and stale OS container images

[Copilot]

Cleans up EOL/stale distro images and provisions new Fedora versions ahead of upcoming EOLs, per the .NET supported OS matrix audit.

Removed

• Debian 11 — EOL June 2024
• Alpine 3.21, 3.22 — stale; runtime main only references 3.23 + edge; helix images and manifest entries removed (amd64 Dockerfiles retained with Renovate-pinned POWERSHELL_VERSION to match main, so they are not built but do not conflict)
• openSUSE Leap 15.6 — EOL 2026-04-30

Added

• Fedora 44 — src/fedora/44/amd64/Dockerfile and src/fedora/44/helix/amd64/Dockerfile, modeled after Fedora 43 equivalents with base image updated to fedora:44; MSQuic sourced from the Fedora 43 package repo as the Fedora 44 repo does not yet carry it; PowerShell installed via pinned POWERSHELL_VERSION
• Fedora 45 — src/fedora/45/amd64/Dockerfile and src/fedora/45/helix/amd64/Dockerfile, modeled after Fedora 44; MSQuic sourced from the Fedora 43 package repo; PowerShell installed via pinned POWERSHELL_VERSION
• Fedora rawhide — src/fedora/rawhide/amd64/Dockerfile and src/fedora/rawhide/helix/amd64/Dockerfile, using fedora:rawhide base; MSQuic sourced from the Fedora 43 package repo as rawhide has no dedicated Microsoft package repo; PowerShell installed via pinned POWERSHELL_VERSION

Fixed

• Fedora 43 helix — updated MSQuic install to use packages.microsoft.com/fedora/43/prod/config.repo directly; libmsquic is now available in the Fedora 43 Microsoft package repo, making the previous Fedora 42 fallback unnecessary
• Fedora 44, 45, rawhide amd64 — corrected MSQuic repo URL to use packages.microsoft.com/fedora/43/prod/config.repo; the Fedora 44/45-specific URLs do not exist yet

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Remediate EOL and stale OS container images</issue_title>
<issue_description>An audit of container images against the .NET supported OS matrix found several stale or EOL OS versions with Dockerfiles that should be cleaned up, and an upcoming Fedora release that should be provisioned.

See OS onboarding guide for context. Part of .NET OS Support Tracking. Related runtime tracking issue: dotnet/runtime#125690.

Tracking

EOL — remove

• Debian 11 — EOL June 2024

Approaching EOL — plan removal

• openSUSE Leap 15.6 (EOL 2026-04-30)
• Alpine 3.21, 3.22 — consolidate to just 3.23 + edge

New — provision ahead of need

• Fedora 44 — add images ahead of Fedora 43 EOL (2026-11)

Details

Debian 11 (EOL)

https://github.com/dotnet/dotnet-buildtools-prereqs-docker/blob/f8480467d18eec67b5bad9f6a26c859ac7755b1d/src/debian/11/helix/Dockerfile

openSUSE Leap 15.6 (EOL 2026-04-30)

https://github.com/dotnet/dotnet-buildtools-prereqs-docker/blob/f8480467d18eec67b5bad9f6a26c859ac7755b1d/src/opensuse/15.6/helix/Dockerfile

Alpine 3.21, 3.22 — stale

Runtime main only references Alpine 3.23 + edge. Older images can be removed.

https://github.com/dotnet/dotnet-buildtools-prereqs-docker/blob/f8480467d18eec67b5bad9f6a26c859ac7755b1d/src/alpine/3.21/helix/Dockerfile

https://github.com/dotnet/dotnet-buildtools-prereqs-docker/blob/f8480467d18eec67b5bad9f6a26c859ac7755b1d/src/alpine/3.22/helix/Dockerfile

Fedora 44 — new

Fedora 43 images exist (use as template for 44). Fedora 44 should be provisioned proactively so images are ready before Fedora 43 reaches EOL.

https://github.com/dotnet/dotnet-buildtools-prereqs-docker/blob/f8480467d18eec67b5bad9f6a26c859ac7755b1d/src/fedora/43/helix/Dockerfile

---

This issue was generated by GitHub Copilot CLI v1.0.7 via the update-supported-os skill.</issue_description>

<agent_instructions>Please address all of these issues.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes Remediate EOL and stale OS container images #1605

---

💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.

[richlander]

@copilot please look at why the "Run Tests" checks failed. I know why the Fedora 44 build failed and have remediated that.

[Copilot]

@copilot please look at why the "Run Tests" checks failed. I know why the Fedora 44 build failed and have remediated that.

The Run Tests failure was CodeOwnersTests.PathsAreUsed — the CODEOWNERS file had a specific entry for src/debian/11/amd64/ which no longer exists after the Debian 11 removal. Fixed in 655f935 by removing that stale entry.

[richlander]

@copilot

Please also add fedora:45 and fedora:rawhide.

[Copilot]

@copilot

Please also add fedora:45 and fedora:rawhide.

Added in 4377275:

• src/fedora/45/amd64/Dockerfile and src/fedora/45/helix/amd64/Dockerfile — modeled after Fedora 44, using fedora:45 base and packages.microsoft.com/fedora/45/prod/config.repo for the build image; MSQuic still sourced from the Fedora 42 repo
• src/fedora/rawhide/amd64/Dockerfile and src/fedora/rawhide/helix/amd64/Dockerfile — using fedora:rawhide base; both use the Fedora 42 MS package repo as fallback since rawhide has no dedicated Microsoft repo
• src/fedora/manifest.json updated with all 4 new entries

[richlander]

@copilot is libmsquic available in Fedora 43 repo?

[Copilot]

@copilot is libmsquic available in Fedora 43 repo?

Yes — libmsquic is available in packages.microsoft.com/fedora/43/prod (verified: x86_64, aarch64, and armhf RPMs are published there). The Dockerfile comment and Fedora 42 fallback were stale. Fixed in 5e2854d to use fedora/43/prod/config.repo directly.

Fedora 44 and 45 repos return 404 for the l/ package listing, so those continue to use the Fedora 42 fallback.

[richlander]

@copilot
Why does it fail for F44/45?

[Copilot]

@copilot
Why does it fail for F44/45?

The Microsoft Linux package repository (packages.microsoft.com/fedora/) only has repos published through Fedora 43. Fedora 44 and 45 don't have entries there yet, so fetching a config.repo from fedora/44/prod/ or fedora/45/prod/ would return 404. The Fedora 42 fallback is used until Microsoft publishes those repos.

[richlander]

@copilot I was asking why to use F42 repo if F43 repo exists?

[Copilot]

@copilot I was asking why to use F42 repo if F43 repo exists?

Good catch — no reason to stay on F42 when F43 is available. Updated in 399b13e: F44, F45, and rawhide helix Dockerfiles now use packages.microsoft.com/fedora/43/prod/config.repo as the libmsquic fallback.

[richlander]

@lbussell

[richlander]

@copilot The Fedora 44/45 builds are broken. It's because the packages.microsoft.com URLs don't exist. Please validate that all URLs exist.

Fedora 43 is using the Fedora 42 feed for libmsquic. That's likely historical.

This exists: https://packages.microsoft.com/fedora/43/prod/Packages/l/. Let's the Fedora 43 feed for F43+.

[Copilot]

@copilot The Fedora 44/45 builds are broken. It's because the packages.microsoft.com URLs don't exist. Please validate that all URLs exist.

Fedora 43 is using the Fedora 42 feed f...

Fixed in bb3c26a. The amd64 Dockerfiles for F44 and F45 had non-existent fedora/44/prod and fedora/45/prod URLs; rawhide was still on the stale F42 feed. All three now use packages.microsoft.com/fedora/43/prod/config.repo, which is confirmed to exist and carry libmsquic. The helix Dockerfiles were already updated to F43 in the previous commit.

[richlander]

@copilot There are now merge conflicts on two Alpine Dockerfiles

[Copilot]

@copilot There are now merge conflicts on two Alpine Dockerfiles

Fixed in 44b700c. The conflict was a delete/modify on src/alpine/3.21/amd64/Dockerfile and src/alpine/3.22/amd64/Dockerfile — main's commit f92d3fc ("Add Renovate support") modified those files while our branch had deleted them. Merged main into the branch and resolved in favor of our deletions (keeping Alpine 3.21 and 3.22 removed). All other Renovate changes from main (Alpine 3.23, Fedora 43, Ubuntu, Windows Dockerfiles, and the new eng/renovate* files) are incorporated.

[richlander]

@copilot I am still seeing conflicts

[Copilot]

@copilot I am still seeing conflicts

Fixed in 62c7b25. The root cause was a delete/modify conflict: our branch deleted src/alpine/3.21/amd64/Dockerfile and src/alpine/3.22/amd64/Dockerfile, but main's "Add Renovate support" commit (f92d3fc) modified those same files. GitHub's 3-way merge couldn't auto-resolve this.

The resolution: restored those two amd64 Dockerfiles with f92d3fc's Renovate content (pinned POWERSHELL_VERSION=7.5.4). Our branch now has the same content as main for those files — no conflict. The helix images and manifest entries for 3.21/3.22 are still removed, so the images won't be built.