Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Latest vulnerability fixes #962

Merged
merged 1 commit into from
Apr 8, 2024
Merged

Latest vulnerability fixes #962

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion .docker/setup_config.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ source setup/setup.sh
## 10/02 - Mukul
## - Above comments talk about manually updating cryptography to version 40
## - I have upgraded to 41.0.4 as per latest vulnerability fixes.
conda install -c conda-forge cryptography=41.0.7 wheel=0.40.0
conda install -c conda-forge cryptography=42.0.0 wheel=0.40.0

## Remove the old, unused packages to avoid tripping up the checker
rm -rf /root/miniconda-23.1.0/pkgs/cryptography-38.0.4-py39h9ce1e76_0
Expand All @@ -26,12 +26,17 @@ rm -rf /root/miniconda-23.5.2/pkgs/urllib3-1.26.17-pyhd8ed1ab_0
rm -rf /root/miniconda-23.5.2/envs/emission/lib/python3.9/site-packages/urllib3-1.26.17.dist-info
rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/urllib3-1.26.16.dist-info
rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/tests
rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/cryptography-41.0.7.dist-info

# Clean up the conda install
conda clean -t
find /root/miniconda-*/pkgs -wholename \*info/test\* -type d | xargs rm -rf
find ~/miniconda-23.5.2 -name \*tests\* -path '*/site-packages/*' | grep ".*/site-packages/tests" | xargs rm -rf

# Updating bash package to latest version manually
apt-get update
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is likely to bump up the image size significantly because of the downloaded packages for update. Can you see if that is true by comparing image sizes after this is built? If so, in a cleanup PR, please delete the downloaded packages (e.g. apt clean or similar).

Copy link
Contributor Author

@MukuFlash03 MukuFlash03 Apr 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe what you are referring to happens when we actually "upgrade" the packages using apt-get upgrade while "update"-ing the packages using apt-get update just downloads the latest list of available packages but not the actual package versions themselves.

More information here and here:

The apt-get update downloads the index files whereas the apt-get upgrade downloads the latest versions packages of the installed packages.

Also, I checked the image sizes with and without the update command and there wasn't a significant difference in the sizes.

Screenshot 2024-04-08 at 10 33 31 AM

So, we should be good with this change.

apt-get install bash=5.1-6ubuntu1.1

if [ -d "webapp/www/" ]; then
cp /index.html webapp/www/index.html
fi
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# python 3
FROM ubuntu:jammy-20231211.1
FROM ubuntu:jammy-20240227

MAINTAINER K. Shankari ([email protected])

Expand Down
Loading