Update CACert & OpenSSL

[chouquette]

What does this PR do?

Update the build images & omnibus software to update OpenSSL & CACert

Motivation

Fixing a security vulnerability in OpenSSL and keeping our CACert bundle up to date.
BARX-558

Describe how to test/QA your changes

Possible Drawbacks / Trade-offs

Additional Notes

[pr-commenter]

Gitlab CI Configuration Changes

Modified Jobs

variables (configuration)

  variables:
    AGENT_BINARIES_DIR: bin/agent
    AGENT_GITHUB_APP_ID: ci.datadog-agent.platform-github-app-id
    AGENT_GITHUB_INSTALLATION_ID: ci.datadog-agent.platform-github-app-installation-id
    AGENT_GITHUB_KEY: ci.datadog-agent.platform-github-app-key
    AGENT_QA_PROFILE: ci.datadog-agent.agent-qa-profile
    API_KEY_DDDEV: ci.datadog-agent.datadog_api_key
    API_KEY_ORG2: ci.datadog-agent.datadog_api_key_org2
    APP_KEY_ORG2: ci.datadog-agent.datadog_app_key_org2
    ARTIFACT_DOWNLOAD_ATTEMPTS: 2
    BTFHUB_ARCHIVE_BRANCH: main
    BUCKET_BRANCH: dev
    CHANGELOG_COMMIT_SHA: ci.datadog-agent.gitlab_changelog_commit_sha
    CHOCOLATEY_API_KEY: ci.datadog-agent.chocolatey_api_key
    CLANG_LLVM_VER: 12.0.1
    CLUSTER_AGENT_BINARIES_DIR: bin/datadog-cluster-agent
    CLUSTER_AGENT_CLOUDFOUNDRY_BINARIES_DIR: bin/datadog-cluster-agent-cloudfoundry
    CODECOV_TOKEN: ci.datadog-agent.codecov_token
    CWS_INSTRUMENTATION_BINARIES_DIR: bin/cws-instrumentation
-   DATADOG_AGENT_ARMBUILDIMAGES: v44808106-d8c4f8af
+   DATADOG_AGENT_ARMBUILDIMAGES: v45186095-84d9d5f2
    DATADOG_AGENT_ARMBUILDIMAGES_SUFFIX: ''
-   DATADOG_AGENT_BTF_GEN_BUILDIMAGES: v44808106-d8c4f8af
?                                         ------- ^^^ ^^^
+   DATADOG_AGENT_BTF_GEN_BUILDIMAGES: v45186095-84d9d5f2
?                                        +++++++++  ^^^ ^
    DATADOG_AGENT_BTF_GEN_BUILDIMAGES_SUFFIX: ''
-   DATADOG_AGENT_BUILDIMAGES: v44808106-d8c4f8af
+   DATADOG_AGENT_BUILDIMAGES: v45186095-84d9d5f2
    DATADOG_AGENT_BUILDIMAGES_SUFFIX: ''
    DATADOG_AGENT_EMBEDDED_PATH: /opt/datadog-agent/embedded
-   DATADOG_AGENT_SYSPROBE_BUILDIMAGES: v44808106-d8c4f8af
?                                          ------- ^^^ ^^^
+   DATADOG_AGENT_SYSPROBE_BUILDIMAGES: v45186095-84d9d5f2
?                                         +++++++++  ^^^ ^
    DATADOG_AGENT_SYSPROBE_BUILDIMAGES_SUFFIX: ''
-   DATADOG_AGENT_WINBUILDIMAGES: v44808106-d8c4f8af
+   DATADOG_AGENT_WINBUILDIMAGES: v45186095-84d9d5f2
    DATADOG_AGENT_WINBUILDIMAGES_SUFFIX: ''
    DD_AGENT_TESTING_DIR: $CI_PROJECT_DIR/test/kitchen
    DD_PKG_VERSION: latest
    DEB_GPG_KEY: ci.datadog-agent.deb_signing_private_key_${DEB_GPG_KEY_ID}
    DEB_GPG_KEY_ID: c0962c7d
    DEB_GPG_KEY_NAME: Datadog, Inc. APT key
    DEB_RPM_TESTING_BUCKET_BRANCH: testing
    DEB_S3_BUCKET: apt.datad0g.com
    DEB_SIGNING_PASSPHRASE: ci.datadog-agent.deb_signing_key_passphrase_${DEB_GPG_KEY_ID}
    DEB_TESTING_S3_BUCKET: apttesting.datad0g.com
    DOCKER_REGISTRY_LOGIN: ci.datadog-agent.docker_hub_login
    DOCKER_REGISTRY_PWD: ci.datadog-agent.docker_hub_pwd
    DOCKER_REGISTRY_URL: docker.io
    DOGSTATSD_BINARIES_DIR: bin/dogstatsd
    E2E_TESTS_API_KEY: ci.datadog-agent.e2e_tests_api_key
    E2E_TESTS_APP_KEY: ci.datadog-agent.e2e_tests_app_key
    E2E_TESTS_AZURE_CLIENT_ID: ci.datadog-agent.e2e_tests_azure_client_id
    E2E_TESTS_AZURE_CLIENT_SECRET: ci.datadog-agent.e2e_tests_azure_client_secret
    E2E_TESTS_AZURE_SUBSCRIPTION_ID: ci.datadog-agent.e2e_tests_azure_subscription_id
    E2E_TESTS_AZURE_TENANT_ID: ci.datadog-agent.e2e_tests_azure_tenant_id
    E2E_TESTS_GCP_CREDENTIALS: ci.datadog-agent.e2e_tests_gcp_credentials
    E2E_TESTS_RC_KEY: ci.datadog-agent.e2e_tests_rc_key
    EXECUTOR_JOB_SECTION_ATTEMPTS: 2
    FF_KUBERNETES_HONOR_ENTRYPOINT: true
    FF_SCRIPT_SECTIONS: 1
    GENERAL_ARTIFACTS_CACHE_BUCKET_URL: https://dd-agent-omnibus.s3.amazonaws.com
    GET_SOURCES_ATTEMPTS: 2
    GITHUB_PR_COMMENTER_APP_KEY: pr-commenter.github_app_key
    GITHUB_PR_COMMENTER_INSTALLATION_ID: pr-commenter.github_installation_id
    GITHUB_PR_COMMENTER_INTEGRATION_ID: pr-commenter.github_integration_id
    GITLAB_FULL_API_TOKEN: ci.datadog-agent.gitlab_full_api_token
    GITLAB_READ_API_TOKEN: ci.datadog-agent.gitlab_read_api_token
    GITLAB_SCHEDULER_TOKEN: ci.datadog-agent.gitlab_pipelines_scheduler_token
    GO_TEST_SKIP_FLAKE: 'true'
    INSTALL_SCRIPT_API_KEY: ci.agent-linux-install-script.datadog_api_key_2
    INTEGRATION_WHEELS_CACHE_BUCKET: dd-agent-omnibus
    JIRA_READ_API_TOKEN: ci.datadog-agent.jira_read_api_token
    KERNEL_MATRIX_TESTING_ARM_AMI_ID: ami-021f04c00ecfa8590
    KERNEL_MATRIX_TESTING_X86_AMI_ID: ami-0c54d42f8f4180b0c
    KITCHEN_AZURE_CLIENT_ID: ci.datadog-agent.azure_kitchen_client_id
    KITCHEN_AZURE_CLIENT_SECRET: ci.datadog-agent.azure_kitchen_client_secret
    KITCHEN_AZURE_SUBSCRIPTION_ID: ci.datadog-agent.azure_kitchen_subscription_id
    KITCHEN_AZURE_TENANT_ID: ci.datadog-agent.azure_kitchen_tenant_id
    KITCHEN_EC2_SSH_KEY: ci.datadog-agent.aws_ec2_kitchen_ssh_key
    KITCHEN_INFRASTRUCTURE_FLAKES_RETRY: 2
    MACOS_GITHUB_APP_ID: ci.datadog-agent.macos_github_app_id
    MACOS_GITHUB_APP_ID_2: ci.datadog-agent.macos_github_app_id_2
    MACOS_GITHUB_INSTALLATION_ID: ci.datadog-agent.macos_github_installation_id
    MACOS_GITHUB_INSTALLATION_ID_2: ci.datadog-agent.macos_github_installation_id_2
    MACOS_GITHUB_KEY: ci.datadog-agent.macos_github_key_b64
    MACOS_GITHUB_KEY_2: ci.datadog-agent.macos_github_key_b64_2
    MACOS_S3_BUCKET: dd-agent-macostesting
    OMNIBUS_BASE_DIR: /omnibus
    OMNIBUS_GIT_CACHE_DIR: /tmp/omnibus-git-cache
    OMNIBUS_PACKAGE_DIR: $CI_PROJECT_DIR/omnibus/pkg/
    OMNIBUS_PACKAGE_DIR_SUSE: $CI_PROJECT_DIR/omnibus/suse/pkg
    PROCESS_S3_BUCKET: datad0g-process-agent
    RELEASE_VERSION_6: nightly
    RELEASE_VERSION_7: nightly-a7
    RESTORE_CACHE_ATTEMPTS: 2
    RPM_GPG_KEY: ci.datadog-agent.rpm_signing_private_key_${RPM_GPG_KEY_ID}
    RPM_GPG_KEY_ID: b01082d3
    RPM_GPG_KEY_NAME: Datadog, Inc. RPM key
    RPM_S3_BUCKET: yum.datad0g.com
    RPM_SIGNING_PASSPHRASE: ci.datadog-agent.rpm_signing_key_passphrase_${RPM_GPG_KEY_ID}
    RPM_TESTING_S3_BUCKET: yumtesting.datad0g.com
    RUN_E2E_TESTS: auto
    RUN_KMT_TESTS: auto
    RUN_UNIT_TESTS: auto
    S3_ARTIFACTS_URI: s3://dd-ci-artefacts-build-stable/$CI_PROJECT_NAME/$CI_PIPELINE_ID
    S3_CP_CMD: aws s3 cp $S3_CP_OPTIONS
    S3_CP_OPTIONS: --no-progress --region us-east-1 --sse AES256
    S3_DD_AGENT_OMNIBUS_BTFS_URI: s3://dd-agent-omnibus/btfs
    S3_DD_AGENT_OMNIBUS_LLVM_URI: s3://dd-agent-omnibus/llvm
    S3_DSD6_URI: s3://dsd6-staging
    S3_OMNIBUS_CACHE_BUCKET: dd-ci-datadog-agent-omnibus-cache-build-stable
    S3_PERMANENT_ARTIFACTS_URI: s3://dd-ci-persistent-artefacts-build-stable/$CI_PROJECT_NAME
    S3_PROJECT_ARTIFACTS_URI: s3://dd-ci-artefacts-build-stable/$CI_PROJECT_NAME
    S3_RELEASE_ARTIFACTS_URI: s3://dd-release-artifacts/$CI_PROJECT_NAME/$CI_PIPELINE_ID
    S3_RELEASE_INSTALLER_ARTIFACTS_URI: s3://dd-release-artifacts/datadog-installer/$CI_PIPELINE_ID
    S3_SBOM_STORAGE_URI: s3://sbom-root-us1-ddbuild-io/$CI_PROJECT_NAME/$CI_PIPELINE_ID
    SLACK_AGENT_CI_TOKEN: ci.datadog-agent.slack_agent_ci_token
    SMP_ACCOUNT_ID: ci.datadog-agent.single-machine-performance-account-id
    SMP_AGENT_TEAM_ID: ci.datadog-agent.single-machine-performance-agent-team-id
    SMP_API: ci.datadog-agent.single-machine-performance-api
    SMP_BOT_ACCESS_KEY: ci.datadog-agent.single-machine-performance-bot-access-key
    SMP_BOT_ACCESS_KEY_ID: ci.datadog-agent.single-machine-performance-bot-access-key-id
    SSH_KEY: ci.datadog-agent.ssh_key
    SSH_KEY_RSA: ci.datadog-agent.ssh_key_rsa
    SSH_PUBLIC_KEY_RSA: ci.datadog-agent.ssh_public_key_rsa
    STATIC_BINARIES_DIR: bin/static
    SYSTEM_PROBE_BINARIES_DIR: bin/system-probe
    USE_S3_CACHING: --omnibus-s3-cache
    VCPKG_BLOB_SAS_URL: ci.datadog-agent-buildimages.vcpkg_blob_sas_url
    WINDOWS_BUILDS_S3_BUCKET: $WIN_S3_BUCKET/builds
    WINDOWS_TESTING_S3_BUCKET_A6: pipelines/A6/$CI_PIPELINE_ID
    WINDOWS_TESTING_S3_BUCKET_A7: pipelines/A7/$CI_PIPELINE_ID
    WINGET_PAT: ci.datadog-agent.winget_pat
    WIN_S3_BUCKET: dd-agent-mstesting

Changes Summary

Removed	Modified	Added	Renamed
0	1	0	0

ℹ️ Diff available in the job log.

[amenasria]

LGTM for Agent DevX Infra files as long as the CI passes !

[pr-commenter]

Regression Detector

Regression Detector Results

Run ID: ff52d019-9de0-460c-85f2-20a157f866e7 Metrics dashboard Target profiles

Baseline: 456feb4
Comparison: 680623b

Performance changes are noted in the perf column of each table:

• ✅ = significantly better comparison variant performance
• ❌ = significantly worse comparison variant performance
• ➖ = no significant change in performance

No significant changes in experiment optimization goals

Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%

There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.

Fine details of change detection per experiment

perf	experiment	goal	Δ mean %	Δ mean % CI	trials	links
➖	uds_dogstatsd_to_api_cpu	% cpu utilization	+0.83	[+0.09, +1.58]	1	Logs
➖	idle	memory utilization	+0.50	[+0.46, +0.55]	1	Logs
➖	file_tree	memory utilization	+0.18	[+0.09, +0.27]	1	Logs
➖	tcp_dd_logs_filter_exclude	ingress throughput	-0.00	[-0.01, +0.01]	1	Logs
➖	uds_dogstatsd_to_api	ingress throughput	-0.02	[-0.10, +0.06]	1	Logs
➖	basic_py_check	% cpu utilization	-0.41	[-3.22, +2.40]	1	Logs
➖	otel_to_otel_logs	ingress throughput	-0.48	[-1.28, +0.33]	1	Logs
➖	tcp_syslog_to_blackhole	ingress throughput	-0.58	[-0.63, -0.53]	1	Logs
➖	pycheck_lots_of_tags	% cpu utilization	-0.86	[-3.49, +1.77]	1	Logs

Bounds Checks

perf	experiment	bounds_check_name	replicates_passed
✅	idle	memory_usage	10/10

Explanation

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

1. Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.

2. Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.

3. Its configuration does not mark it "erratic".

[agent-platform-auto-pr]

[Fast Unit Tests Report]

On pipeline 45191690 (CI Visibility). The following jobs did not run any unit tests:

Jobs:

• tests_deb-arm64-py3
• tests_deb-x64-py3
• tests_flavor_dogstatsd_deb-x64
• tests_flavor_heroku_deb-x64
• tests_flavor_iot_deb-x64
• tests_rpm-arm64-py3
• tests_rpm-x64-py3
• tests_windows-x64

If you modified Go files and expected unit tests to run in these jobs, please double check the job logs. If you think tests should have been executed reach out to #agent-devx-help

[chouquette]

/merge

[dd-devflow]

🚂 MergeQueue: waiting for PR to be ready

This merge request is not mergeable yet, because of pending checks/missing approvals. It will be added to the queue as soon as checks pass and/or get approvals.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

Use /merge -c to cancel this operation!

[dd-devflow]

🚂 MergeQueue: pull request added to the queue

The median merge time in main is 23m.

Use /merge -c to cancel this operation!