Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #1454 (Fix 2) - Switch MySQL to library version with less security issues. #1461

Merged
merged 1 commit into from
Dec 8, 2022
Merged

Fixes #1454 (Fix 2) - Switch MySQL to library version with less security issues. #1461

merged 1 commit into from
Dec 8, 2022

Conversation

jonespm
Copy link
Member

@jonespm jonespm commented Dec 8, 2022
edited

  • Don't remove libcurl3-gnutls since it's needed for git.
  • Apply changes to Dockerfile.openshift.

@jonespm
Copy link
Member Author

jonespm commented Dec 8, 2022

After this change

#31 [my-learning-analytics-web app  6/14] RUN apt-get purge -y curl libcurl4 &&     apt autoremove -y &&     apt-get clean -y &&     rm -rf /var/lib/apt/lists/*
#31 0.223 Reading package lists...
#31 0.554 Building dependency tree...
#31 0.633 Reading state information...
#31 0.724 The following packages will be REMOVED:
#31 0.724   curl* libcurl4*
#31 0.866 0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
#31 0.866 After this operation, 1155 kB disk space will be freed.
(Reading database ... 15520 files and directories currently installed.)
#31 0.895 Removing curl (7.74.0-1.3+deb11u3) ...
#31 0.909 Removing libcurl4:arm64 (7.74.0-1.3+deb11u3) ...
#31 0.931 Processing triggers for libc-bin (2.31-13+deb11u5) ...
#31 1.008
#31 1.008 WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
#31 1.008
#31 1.013 Reading package lists...
#31 1.289 Building dependency tree...
#31 1.356 Reading state information...
#31 1.445 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
#31 DONE 1.5s

@ssciolla ssciolla added 🪳 bug Something isn't working dependencies Pull requests that update a dependency file labels Dec 8, 2022
@ssciolla ssciolla linked an issue Dec 8, 2022 that may be closed by this pull request
Switch MySQL Python or system library to version that has less security issues #1454
Closed
@ssciolla ssciolla removed the 🪳 bug Something isn't working label Dec 8, 2022
@jonespm
Fixes tl-its-umich-edu#1454 (Fix 2) - Switch MySQL to library version…
3a58192 
… with less security

issues.

* Don't remove libcurl3-gnutls since it's needed for git.
* Apply changes to Dockerfile.openshift.
ssciolla
ssciolla approved these changes Dec 8, 2022
View reviewed changes
Copy link
Contributor

@ssciolla ssciolla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran this, and Git now works as expected, and changes should now be present in OpenShift builds.

@jonespm and I talked about trying to remove git as a dependency in the running container, but it proved more challenging than expected (it's hard to set environment variables with command output in a Dockerfile). We could look into this at a later date.

@jonespm
Copy link
Member Author

jonespm commented Dec 8, 2022

Filed the git removal as an issue on #1462 and worked on a draft PR for it. Thanks for the review!

@jonespm jonespm merged commit a3dd6d2 into tl-its-umich-edu:master Dec 8, 2022
@jonespm jonespm deleted the issue_1454-2 branch December 8, 2022 22:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ssciolla ssciolla ssciolla approved these changes

@lsloan lsloan Awaiting requested review from lsloan

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Switch MySQL Python or system library to version that has less security issues
2 participants
@jonespm @ssciolla