Skip to content

Commit

Permalink
SYS-576 pick up new cryptography from edge repo for python-builder (#121
Browse files Browse the repository at this point in the history
)
  • Loading branch information
instantlinux authored Aug 11, 2023
1 parent 34646fb commit 1b96c0e
Show file tree
Hide file tree
Showing 6 changed files with 90 additions and 75 deletions.
6 changes: 4 additions & 2 deletions images/python-builder/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ ARG KUBECTL_VERSION=1.26.7
ARG MUSL_VERSION=1.2.4-r1
ARG PIP_VERSION=23.2.1
ARG PYTHON_VERSION=3.11.4-r0
ARG PYCRYPTOGRAPHY_VERSION=40.0.2-r1
ARG PYCRYPTOGRAPHY_VERSION=41.0.2-r2
ARG PYPILLOW_VERSION=9.5.0-r1
ARG _DOCKER_DOWNLOADS=https://github.com/docker/compose/releases/download
ARG _KUBECTL_DOWNLOADS=https://storage.googleapis.com/kubernetes-release/release
Expand All @@ -38,11 +38,13 @@ COPY Pipfile* /root/
RUN addgroup -g $DOCKER_GID docker && \
adduser -D -h $BUILD_DIR -u $BUILD_UID -G docker \
-s /bin/bash $BUILD_USER && \
echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/community' \
>>/etc/apk/repositories && \
apk add --update --no-cache \
bash curl docker-cli gcc gettext git gzip jq libffi-dev make \
musl==$MUSL_VERSION musl-dev==$MUSL_VERSION openssh-client \
python3==$PYTHON_VERSION python3-dev py3-authlib py3-boto3 py3-botocore \
py3-cachetools py3-cffi py3-cryptography==$PYCRYPTOGRAPHY_VERSION \
py3-cachetools py3-cffi py3-cryptography@edge==$PYCRYPTOGRAPHY_VERSION \
py3-pycryptodomex py3-greenlet \
py3-itsdangerous py3-jinja2 py3-ldap3 py3-passlib \
py3-pillow=$PYPILLOW_VERSION py3-pip py3-requests py3-virtualenv \
Expand Down
4 changes: 2 additions & 2 deletions images/python-builder/Pipfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,11 @@ boto3 = "==1.26.132"
botocore = "==1.29.132"
cachetools = "==5.3.0"
cffi = "==1.15.1"
cryptography = "==40.0.2"
## edge repo
cryptography = "==41.0.2"
## too old, has a CVE
Flask = "<2.3.0"
## can't get this version to work, localeselector problem
# Flask-Babel = "==3.1.0"
Flask-Babel = "<3.0.0"
greenlet = "==2.0.2"
itsdangerous = "==2.1.2"
Expand Down
61 changes: 34 additions & 27 deletions images/python-builder/Pipfile.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions images/python-wsgi/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,19 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
ENV PYTHONPATH=
ARG PIP_VERSION=23.2.1
ARG PYTHON_VERSION=3.11.4-r0
ARG PYCRYPTOGRAPHY_VERSION=40.0.2-r1
ARG PYCRYPTOGRAPHY_VERSION=41.0.2-r2
ARG PYPILLOW_VERSION=9.5.0-r1
ARG UWSGI_VERSION=2.0.21-r3

COPY Pipfile* uwsgi.ini /usr/src/

RUN apk add --virtual .fetch-deps gcc git jpeg-dev linux-headers make \
RUN echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/community' \
>>/etc/apk/repositories && \
apk add --virtual .fetch-deps gcc git jpeg-dev linux-headers make \
musl-dev libwebp-dev openssl-dev pcre-dev python3-dev zlib-dev && \
apk add --update --no-cache geos jpeg libjpeg-turbo libwebp \
proj py3-authlib py3-boto3 py3-botocore py3-cachetools \
py3-cffi py3-cryptography==$PYCRYPTOGRAPHY_VERSION py3-ldap3 py3-pip \
py3-cffi py3-cryptography@edge==$PYCRYPTOGRAPHY_VERSION py3-ldap3 py3-pip \
py3-pycryptodomex py3-greenlet py3-itsdangerous py3-jinja2 \
py3-passlib py3-pillow=$PYPILLOW_VERSION py3-requests py3-setuptools \
py3-virtualenv py3-werkzeug python3==$PYTHON_VERSION \
Expand Down
4 changes: 2 additions & 2 deletions images/python-wsgi/Pipfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@ boto3 = "==1.26.132"
botocore = "==1.29.132"
cachetools = "==5.3.0"
cffi = "==1.15.1"
cryptography = "==40.0.2"
## edge repo
cryptography = "==41.0.2"
## too old, has a CVE
# Flask = "==2.2.3"
Flask = "<2.3.0"
## can't get this version to work, localeselector problem
# Flask-Babel = "==3.1.0"
Flask-Babel = "<3.0.0"
greenlet = "==2.0.2"
itsdangerous = "==2.1.2"
Expand Down
82 changes: 43 additions & 39 deletions images/python-wsgi/Pipfile.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 1b96c0e

Please sign in to comment.