YDA-5862: install custom build of pysqlcipher3 on Ubuntu

UtrechtUniversity · Aug 16, 2024 · bab5f96 · bab5f96
1 parent 0521910
commit bab5f96
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 2 deletions.
diff --git a/docker/images/yoda_irods_icat/Dockerfile b/docker/images/yoda_irods_icat/Dockerfile
@@ -135,7 +135,7 @@ RUN install -m 0644 -o root -g root /tmp/irods_completion.sh /etc/profile.d/irod
 
 # Set up PAM authentication
 # hadolint ignore=DL3033
-RUN pip --no-cache-dir install pysqlcipher3==1.0.4
+RUN python -m easy_install --user https://github.com/UtrechtUniversity/pysqlcipher3/releases/download/v1.2.1/pysqlcipher3-1.2.1-py2.7-linux-x86_64.egg
 COPY is-user-external.sh /tmp/is-user-external.sh
 COPY external-auth.py /tmp/external-auth.py
 RUN install -m 0750 -o root -g irods /tmp/is-user-external.sh /usr/local/bin/is-user-external.sh && \
@@ -165,6 +165,7 @@ RUN sudo -u irods python -m pip --no-cache-dir install --user pip==20.2.4 && \
     sudo -u irods python -m pip --no-cache-dir install --user setuptools==44.1.1 && \
     sudo -u irods python -m pip --no-cache-dir install --user python-irodsclient==2.1.0 && \
     sudo -u irods python -m pip --no-cache-dir install --user -r /etc/irods/yoda-ruleset/requirements.txt && \
+    sudo -u irods python -m easy_install --user https://github.com/UtrechtUniversity/pysqlcipher3/releases/download/v1.2.1/pysqlcipher3-1.2.1-py2.7-linux-x86_64.egg
     sudo -u irods python3 -m pip install --user jsonschema==4.17.3 && \
     sudo -u irods python3 -m pip install --user python-irodsclient==2.1.0 && \
     sudo -u irods python3 -m pip install --user psutil==5.9.5

diff --git a/roles/irods_icat/tasks/setup_pam.yml b/roles/irods_icat/tasks/setup_pam.yml
@@ -46,7 +46,29 @@
     name: pysqlcipher3==1.0.4
     executable: "{{ irods_icat_pip2_path }}"
     state: present
-  when: enable_tokens
+  when: enable_tokens and ansible_os_family == 'RedHat'
+
+
+- name: Check installed version of pysqlcipher3
+  ansible.builtin.shell: "{{ irods_icat_pip2_path }} show pysqlcipher3 | grep Version | cut -d ' ' -f 2"
+  ignore_errors: true
+  changed_when: false
+  register: pysqlcipher3_version
+  when: enable_tokens and ansible_os_family == 'Debian'
+
+
+- name: Ensure PyPi build of pysqlcipher3 is absent
+  ansible.builtin.pip:
+    name: pysqlcipher3==1.0.4
+    executable: "{{ irods_icat_pip2_path }}"
+    state: absent
+  when: enable_tokens and ansible_os_family == 'Debian' and '1.0.4' in pysqlcipher3_version.stdout
+
+
+- name: Ensure custom build of pysqlcipher3 is installed globally for token authentication script
+  ansible.builtin.command: # noqa no-changed-when
+    cmd: python2 -m easy_install https://github.com/UtrechtUniversity/pysqlcipher3/releases/download/v1.2.1/pysqlcipher3-1.2.1-py2.7-linux-x86_64.egg
+  when: enable_tokens and ansible_os_family == 'Debian' and '1.2.1' not in pysqlcipher3_version.stdout
 
 
 - name: Ensure token authentication script is present

diff --git a/roles/yoda_rulesets/tasks/main.yml b/roles/yoda_rulesets/tasks/main.yml
@@ -109,6 +109,44 @@
     executable: "{{ yoda_rulesets_pip2_path }}"
 
 
+- name: Ensure pysqlcipher3 is installed
+  become_user: '{{ irods_service_account }}'
+  become: true
+  ansible.builtin.pip:
+    name: pysqlcipher3==1.0.4
+    executable: "{{ yoda_rulesets_pip2_path }}"
+    extra_args: --user
+  when: ansible_os_family == 'RedHat'
+
+
+- name: Check installed version of pysqlcipher3
+  become_user: "{{ irods_service_account }}"
+  become: true
+  ansible.builtin.shell: "{{ yoda_rulesets_pip2_path }} show pysqlcipher3 | grep Version | cut -d ' ' -f 2"
+  ignore_errors: true
+  changed_when: false
+  register: pysqlcipher3_version
+  when: ansible_os_family == 'Debian'
+
+
+- name: Ensure PyPi build of pysqlcipher3 is absent
+  become_user: "{{ irods_service_account }}"
+  become: true
+  ansible.builtin.pip:
+    name: pysqlcipher3==1.0.4
+    executable: "{{ yoda_rulesets_pip2_path }}"
+    state: absent
+  when: ansible_os_family == 'Debian' and '1.0.4' in pysqlcipher3_version.stdout
+
+
+- name: Ensure custom build of pysqlcipher3 is installed globally for ruleset
+  become_user: "{{ irods_service_account }}"
+  become: true
+  ansible.builtin.command: # noqa no-changed-when
+    cmd: python2 -m easy_install --user https://github.com/UtrechtUniversity/pysqlcipher3/releases/download/v1.2.1/pysqlcipher3-1.2.1-py2.7-linux-x86_64.egg
+  when: ansible_os_family == 'Debian' and '1.2.1' not in pysqlcipher3_version.stdout
+
+
 - name: Ensure Python 3 jsonschema is installed
   become_user: '{{ irods_service_account }}'
   become: true