Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsafe handling of 3rd party python dependencies #204

Open
hmpf opened this issue Sep 23, 2021 · 1 comment
Open

Unsafe handling of 3rd party python dependencies #204

hmpf opened this issue Sep 23, 2021 · 1 comment

Comments

@hmpf
Copy link

hmpf commented Sep 23, 2021

In various docker-files, you install 3rd party python libraries like this:

$ pip install dependency1 dependency2 ..

Sooner or later, these dependencies will need different versions of a sub-dependency, and then pip will fail because of a version conflict.

I recommend that you put these dependencies in requirements-files with version numbers and install them like this:

$ pip install -r requirements-for-subsystem-1.txt

You can generate a requirements file with pip freeze or better: pip-compile from piptools.

By using the same requirements-files everywhere you can make reproducible deploys, and also test on the actual versions that will be deployed. Much recommended!
@hmpf hmpf mentioned this issue Sep 23, 2021
Closed
@katsel
Copy link
Contributor

katsel commented Sep 23, 2021

The file affected is the cnaas-setup.sh of the dhcpd Docker container, as far as I can see.
https://github.com/SUNET/cnaas-nms/blob/develop/docker/dhcpd/cnaas-setup.sh#L37

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@katsel @hmpf