Patch dhvirtualenv for setuptools DO NOT MERGE#5473
Closed
Patch dhvirtualenv for setuptools DO NOT MERGE#5473
Conversation
Mozilla's keyserver went down, and they might just leave it that way. Their release signing key is available on another one, but that doesn't seem to be the result of any official policy I can find. The closest thing to guidance comes from a blog post instructing us to obtain the key from the archive server along with the software[1]. This changes the Dockerfile to do that. Recent versions of geckodriver are being signed with the release key, so we'll now use it to verify that package too. We were also using an expired version of the Tor release signing key, kept in our repo, so I'm following their instructions[2] for obtaining the key instead. Finally, this updates all three packages. [1] https://blog.mozilla.org/security/2019/06/13/updated-firefox-gpg-key/ [2] https://support.torproject.org/tbb/how-to-verify-signature/
kushaldas
force-pushed
the
patch_dhvirtualenv_for_setuptools
branch
from
5f496f8 to
71291e9
Compare
This patched deployment.py file for dh-virtualenv installs known working setuptools==46.0.0 in the virtualenv, and then it will try to install dependencies for SecureDrop. Fixes #5471
kushaldas
force-pushed
the
patch_dhvirtualenv_for_setuptools
branch
from
71291e9 to
039861a
Compare
kushaldas
commented
Sep 1, 2020
Comment on lines
+147
to
+153
| self.pip_prefix2 = [ | ||
| os.path.abspath(os.path.join(self.bin_dir, 'python')), | ||
| os.path.abspath(os.path.join(self.bin_dir, 'pip')), | ||
| "install", "--no-cache-dir", "--require-hashes", "-r", | ||
| "/tmp/setup-requirements.txt"] # nosec | ||
|
|
||
| subprocess.check_call(self.pip_prefix2) |
Contributor
Author
There was a problem hiding this comment.
This is the modified code from the deplopment.py in the container.
Contributor
|
Superseded by #5472 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Status
Dummy PR
Description of Changes
Fixes #.
Changes proposed in this pull request:
Testing
How should the reviewer test this PR?
Write out any special testing steps here.
Deployment
Any special considerations for deployment? Consider both:
Checklist
If you made changes to the server application code:
make lint) and tests (make test) pass in the development containerIf you made changes to
securedrop-admin:make -C admin test) pass in the admin development containerIf you made changes to the system configuration:
If you made non-trivial code changes:
If you made changes to documentation:
make docs-lint) passed locallyIf you added or updated a code dependency:
Choose one of the following: