Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Addressing vulnerability issues in Docker images #939

Merged
merged 3 commits into from
Oct 6, 2023
Merged

Addressing vulnerability issues in Docker images #939

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
42a34e8
Addressing vulnerability issues in Docker images
Oct 3, 2023
a09212b
Upgraded cryptography dependency + Added EXP_CONDA_VER_SUFFIX env. va…
Oct 5, 2023
a494de8
Remove older version of cryptography package
Oct 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion .docker/setup_config.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,16 @@ source setup/setup.sh
## But that doesn't update all packages (e.g. cryptography=38 stays at that
## level instead of upgrading to cryptography=40)
## So we just manually upgrade the failing dependencies in the base image
conda install -c conda-forge cryptography=40.0.2 wheel=0.40.0
##
## 10/02 - Mukul
## - Above comments talk about manually updating cryptography to version 40
## - I have upgraded to 41.0.4 as per latest vulnerability fixes.
conda install -c conda-forge cryptography=41.0.4 wheel=0.40.0

## Remove the old, unused packages to avoid tripping up the checker
rm -rf /root/miniconda-23.1.0/pkgs/cryptography-38.0.4-py39h9ce1e76_0
rm -rf /root/miniconda-23.1.0/pkgs/wheel-0.37.1-pyhd3eb1b0_0
rm -rf /root/miniconda-23.5.2/pkgs/cryptography-39.0.1-py39h9ce1e76_2

# Clean up the conda install
conda clean -t
Expand Down
3 changes: 2 additions & 1 deletion setup/export_versions.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
export EXP_CONDA_VER=23.1.0
export EXP_CONDA_VER=23.5.2
export EXP_CONDA_VER_SUFFIX=0
4 changes: 2 additions & 2 deletions setup/setup_conda.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@ if [[ -z $EXP_CONDA_VER || -z $PLATFORM ]]; then
echo "Usage: setup_conda.sh <platform>"
echo " Assumes that the EXP_CONDA_VER variable is set"
echo " Platform options are Linux-x86_64, MacOSX-x86_64"
echo " For Windows, manually download and install https://repo.anaconda.com/miniconda/Miniconda3-py39_$EXP_CONDA_VER-1-Windows-x86_64.exe"
echo " For Windows, manually download and install https://repo.anaconda.com/miniconda/Miniconda3-py39_$EXP_CONDA_VER-$EXP_CONDA_VER_SUFFIX-Windows-x86_64.exe"
else
INSTALL_PREFIX=$HOME/miniconda-$EXP_CONDA_VER
SOURCE_SCRIPT="$HOME/miniconda-$EXP_CONDA_VER/etc/profile.d/conda.sh"

curl -o miniconda.sh -L https://repo.continuum.io/miniconda/Miniconda3-py39_$EXP_CONDA_VER-1-$PLATFORM.sh;
curl -o miniconda.sh -L https://repo.anaconda.com/miniconda/Miniconda3-py39_$EXP_CONDA_VER-$EXP_CONDA_VER_SUFFIX-$PLATFORM.sh;
bash miniconda.sh -b -p $INSTALL_PREFIX
source $SOURCE_SCRIPT
hash -r
Expand Down