SYS-576 pick up new cryptography from edge repo for python-builder

instantlinux · Aug 11, 2023 · b5f180c · b5f180c
1 parent 34646fb
commit b5f180c
Show file tree

Hide file tree

Showing 6 changed files with 90 additions and 75 deletions.
diff --git a/images/python-builder/Dockerfile b/images/python-builder/Dockerfile
@@ -21,7 +21,7 @@ ARG KUBECTL_VERSION=1.26.7
 ARG MUSL_VERSION=1.2.4-r1
 ARG PIP_VERSION=23.2.1
 ARG PYTHON_VERSION=3.11.4-r0
-ARG PYCRYPTOGRAPHY_VERSION=40.0.2-r1
+ARG PYCRYPTOGRAPHY_VERSION=41.0.2-r2
 ARG PYPILLOW_VERSION=9.5.0-r1
 ARG _DOCKER_DOWNLOADS=https://github.com/docker/compose/releases/download
 ARG _KUBECTL_DOWNLOADS=https://storage.googleapis.com/kubernetes-release/release
@@ -38,11 +38,13 @@ COPY Pipfile* /root/
 RUN addgroup -g $DOCKER_GID docker && \
     adduser -D -h $BUILD_DIR -u $BUILD_UID -G docker \
       -s /bin/bash $BUILD_USER && \
+    echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/community' \
+      >>/etc/apk/repositories && \
     apk add --update --no-cache \
       bash curl docker-cli gcc gettext git gzip jq libffi-dev make \
       musl==$MUSL_VERSION musl-dev==$MUSL_VERSION openssh-client \
       python3==$PYTHON_VERSION python3-dev py3-authlib py3-boto3 py3-botocore \
-      py3-cachetools py3-cffi py3-cryptography==$PYCRYPTOGRAPHY_VERSION \
+      py3-cachetools py3-cffi py3-cryptography@edge==$PYCRYPTOGRAPHY_VERSION \
       py3-pycryptodomex py3-greenlet \
       py3-itsdangerous py3-jinja2 py3-ldap3 py3-passlib \
       py3-pillow=$PYPILLOW_VERSION py3-pip py3-requests py3-virtualenv \

diff --git a/images/python-builder/Pipfile b/images/python-builder/Pipfile
@@ -12,11 +12,11 @@ boto3 = "==1.26.132"
 botocore = "==1.29.132"
 cachetools = "==5.3.0"
 cffi = "==1.15.1"
-cryptography = "==40.0.2"
+## edge repo
+cryptography = "==41.0.2"
 ## too old, has a CVE
 Flask = "<2.3.0"
 ## can't get this version to work, localeselector problem
-# Flask-Babel = "==3.1.0"
 Flask-Babel = "<3.0.0"
 greenlet = "==2.0.2"
 itsdangerous = "==2.1.2"

diff --git a/images/python-builder/Pipfile.lock b/images/python-builder/Pipfile.lock
diff --git a/images/python-wsgi/Dockerfile b/images/python-wsgi/Dockerfile
@@ -12,17 +12,19 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
 ENV PYTHONPATH=
 ARG PIP_VERSION=23.2.1
 ARG PYTHON_VERSION=3.11.4-r0
-ARG PYCRYPTOGRAPHY_VERSION=40.0.2-r1
+ARG PYCRYPTOGRAPHY_VERSION=41.0.2-r2
 ARG PYPILLOW_VERSION=9.5.0-r1
 ARG UWSGI_VERSION=2.0.21-r3
 
 COPY Pipfile* uwsgi.ini /usr/src/
 
-RUN apk add --virtual .fetch-deps gcc git jpeg-dev linux-headers make \
+RUN echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/community' \
+      >>/etc/apk/repositories && \
+    apk add --virtual .fetch-deps gcc git jpeg-dev linux-headers make \
       musl-dev libwebp-dev openssl-dev pcre-dev python3-dev zlib-dev && \
     apk add --update --no-cache geos jpeg libjpeg-turbo libwebp \
       proj py3-authlib py3-boto3 py3-botocore py3-cachetools \
-      py3-cffi py3-cryptography==$PYCRYPTOGRAPHY_VERSION py3-ldap3 py3-pip \
+      py3-cffi py3-cryptography@edge==$PYCRYPTOGRAPHY_VERSION py3-ldap3 py3-pip \
       py3-pycryptodomex py3-greenlet py3-itsdangerous py3-jinja2 \
       py3-passlib py3-pillow=$PYPILLOW_VERSION py3-requests py3-setuptools \
       py3-virtualenv py3-werkzeug python3==$PYTHON_VERSION \

diff --git a/images/python-wsgi/Pipfile b/images/python-wsgi/Pipfile
@@ -12,12 +12,12 @@ boto3 = "==1.26.132"
 botocore = "==1.29.132"
 cachetools = "==5.3.0"
 cffi = "==1.15.1"
-cryptography = "==40.0.2"
+## edge repo
+cryptography = "==41.0.2"
 ## too old, has a CVE
 # Flask = "==2.2.3"
 Flask = "<2.3.0"
 ## can't get this version to work, localeselector problem
-# Flask-Babel = "==3.1.0"
 Flask-Babel = "<3.0.0"
 greenlet = "==2.0.2"
 itsdangerous = "==2.1.2"

diff --git a/images/python-wsgi/Pipfile.lock b/images/python-wsgi/Pipfile.lock