From a09212b8df7e7f0395aead8a349ee7b78a99b44d Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Thu, 5 Oct 2023 11:56:31 -0700 Subject: [PATCH] Upgraded cryptography dependency + Added EXP_CONDA_VER_SUFFIX env. variable - Added EXP_CONDA_VER_SUFFIX environment variable so that it can be updated just in setup/export_versions.sh as per need. - Manually upgrading cryptography in .docker/setup_config.sh to the recommended version. - The latest miniconda package contains cryptography version 39.0.1 while latest available cryptography version recommended for fixing vulnerability is 41.0.4. - Hence, based on comments in this file, manually upgrading to latest version. --- .docker/setup_config.sh | 6 +++++- setup/export_versions.sh | 1 + setup/setup_conda.sh | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.docker/setup_config.sh b/.docker/setup_config.sh index dcb4e9a79..0e908a529 100644 --- a/.docker/setup_config.sh +++ b/.docker/setup_config.sh @@ -9,7 +9,11 @@ source setup/setup.sh ## But that doesn't update all packages (e.g. cryptography=38 stays at that ## level instead of upgrading to cryptography=40) ## So we just manually upgrade the failing dependencies in the base image -conda install -c conda-forge cryptography=40.0.2 wheel=0.40.0 +## +## 10/02 - Mukul +## - Above comments talk about manually updating cryptography to version 40 +## - I have upgraded to 41.0.4 as per latest vulnerability fixes. +conda install -c conda-forge cryptography=41.0.4 wheel=0.40.0 ## Remove the old, unused packages to avoid tripping up the checker rm -rf /root/miniconda-23.1.0/pkgs/cryptography-38.0.4-py39h9ce1e76_0 diff --git a/setup/export_versions.sh b/setup/export_versions.sh index c44a9dc6c..52e3ba45b 100644 --- a/setup/export_versions.sh +++ b/setup/export_versions.sh @@ -1 +1,2 @@ export EXP_CONDA_VER=23.5.2 +export EXP_CONDA_VER_SUFFIX=0 diff --git a/setup/setup_conda.sh b/setup/setup_conda.sh index e099e5e0f..47f5284b7 100644 --- a/setup/setup_conda.sh +++ b/setup/setup_conda.sh @@ -7,12 +7,12 @@ if [[ -z $EXP_CONDA_VER || -z $PLATFORM ]]; then echo "Usage: setup_conda.sh " echo " Assumes that the EXP_CONDA_VER variable is set" echo " Platform options are Linux-x86_64, MacOSX-x86_64" - echo " For Windows, manually download and install https://repo.anaconda.com/miniconda/Miniconda3-py39_$EXP_CONDA_VER-1-Windows-x86_64.exe" + echo " For Windows, manually download and install https://repo.anaconda.com/miniconda/Miniconda3-py39_$EXP_CONDA_VER-$EXP_CONDA_VER_SUFFIX-Windows-x86_64.exe" else INSTALL_PREFIX=$HOME/miniconda-$EXP_CONDA_VER SOURCE_SCRIPT="$HOME/miniconda-$EXP_CONDA_VER/etc/profile.d/conda.sh" - curl -o miniconda.sh -L https://repo.anaconda.com/miniconda/Miniconda3-py39_$EXP_CONDA_VER-0-$PLATFORM.sh; + curl -o miniconda.sh -L https://repo.anaconda.com/miniconda/Miniconda3-py39_$EXP_CONDA_VER-$EXP_CONDA_VER_SUFFIX-$PLATFORM.sh; bash miniconda.sh -b -p $INSTALL_PREFIX source $SOURCE_SCRIPT hash -r