From 8bf8be77b951f377a4b95bc6c917c27dc6f7b7d9 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Thu, 4 Apr 2019 20:17:55 -0700 Subject: [PATCH 1/6] Update requirements-freeze.txt --- requirements-freeze.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-freeze.txt b/requirements-freeze.txt index 03df971..758e1c5 100644 --- a/requirements-freeze.txt +++ b/requirements-freeze.txt @@ -56,7 +56,7 @@ pbr==0.8.2 pika==0.9.8 ply==3.4 progressbar==2.3 -psycopg2==2.4.5 +psycopg2==2.7.3.2 pyasn1==0.4.4 pyasn1-modules==0.2.2 Pygments==1.6 From 306e174b3bf45bf7a5b490da461e705dc71f8b27 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Thu, 4 Apr 2019 20:45:10 -0700 Subject: [PATCH 2/6] Update requirements-freeze.txt --- requirements-freeze.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-freeze.txt b/requirements-freeze.txt index 758e1c5..9a7d0dd 100644 --- a/requirements-freeze.txt +++ b/requirements-freeze.txt @@ -38,7 +38,7 @@ kombu==2.5.0 kombu-sqlalchemy==1.1.0 LEPL==5.1.3 lxml==3.5.0 -M2Crypto==0.23.0 +M2Crypto==0.32.0 Mako==0.9.0 MarkupSafe==0.18 meld3==1.0.2 From 8ea16ac11be363a22fe9235269acaf9dde7e6060 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Wed, 17 Apr 2019 17:18:49 -0700 Subject: [PATCH 3/6] Bump database packages, celery --- requirements-freeze.txt | 6 +++--- requirements.txt | 11 +++++------ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/requirements-freeze.txt b/requirements-freeze.txt index 9a7d0dd..c2743f9 100644 --- a/requirements-freeze.txt +++ b/requirements-freeze.txt @@ -83,14 +83,14 @@ Shapely==1.3.1 simplejson==3.3.1 six==1.7.3 solrpy==0.9.5 -SQLAlchemy==0.9.6 -sqlalchemy-migrate==0.9.1 +SQLAlchemy==0.9.10 +sqlalchemy-migrate==0.9.8 sqlparse==0.1.11 supervisor==3.2.2 Tempita==0.5.2 unicodecsv==0.9.4 uritemplate==3.0.0 -vdm==0.13 +vdm==0.14 WebError==0.10.3 WebHelpers==1.3 WebOb==1.0.8 diff --git a/requirements.txt b/requirements.txt index e3e5fc7..35601d2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,7 +3,7 @@ anyjson==0.3.3 Babel==0.9.6 Beaker==1.6.4 boto==2.48.0 -celery==2.4.2 +celery==3.1.25 certifi # we always want the latest ssl certificate bundle chardet==2.3.0 @@ -34,8 +34,7 @@ html5lib==0.9999999 Jinja2==2.6 json-table-schema==0.2.1 jsonschema==2.4.0 -kombu==2.1.3 -kombu-sqlalchemy==1.1.0 +kombu==3.0.37 LEPL==5.1.3 lxml==3.5.0 @@ -78,13 +77,13 @@ Shapely==1.3.1 simplejson==3.3.1 six==1.7.3 solrpy==0.9.5 -SQLAlchemy==0.9.6 -sqlalchemy-migrate==0.9.1 +SQLAlchemy==0.9.10 +sqlalchemy-migrate==0.9.8 sqlparse==0.1.11 supervisor==3.2.2 Tempita==0.5.2 unicodecsv==0.9.4 -vdm==0.13 +vdm==0.14 WebError==0.10.3 WebHelpers==1.3 WebOb==1.0.8 From 60ede0fd05aceb02a4b5048dd8fa56524b17c805 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Fri, 19 Apr 2019 10:31:52 -0700 Subject: [PATCH 4/6] Bump requirements-freeze.txt for celery/kombu --- requirements-freeze.txt | 12 +++++++----- requirements.txt | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/requirements-freeze.txt b/requirements-freeze.txt index c2743f9..108e65b 100644 --- a/requirements-freeze.txt +++ b/requirements-freeze.txt @@ -1,13 +1,14 @@ -amqp==1.0.13 +amqp==1.4.9 amqplib==1.0.2 anyjson==0.3.3 Babel==0.9.6 Beaker==1.6.4 +billiard==3.3.0.23 boto==2.48.0 -celery==2.4.2 +celery==3.1.25 certifi==2018.10.15 chardet==2.3.0 --e git+https://github.com/GSA/ckan.git@83b66167bcf36b3d9d60e1d355a77a8d9dc7fb61#egg=ckan +-e git+https://github.com/GSA/ckan.git@be5f5939e6223a6d1a9803107aac1cb14ad5dbcd#egg=ckan -e git+https://github.com/GSA/ckanext-archiver@bb4d85b5db628cd2a6d576c3fde79ddc0d9b5952#egg=ckanext_archiver -e git+https://github.com/GSA/ckanext-datagovtheme@4eea2c54bed9d1e3e679411bbc5b0730eb1a03c9#egg=ckanext_datagovtheme -e git+https://github.com/GSA/ckanext-datajson@3205ba3f9af9c37fb0adaed3023c701c23c5cc21#egg=ckanext_datajson @@ -34,7 +35,7 @@ httplib2==0.11.3 Jinja2==2.6 json-table-schema==0.2.1 jsonschema==2.4.0 -kombu==2.5.0 +kombu==3.0.37 kombu-sqlalchemy==1.1.0 LEPL==5.1.3 lxml==3.5.0 @@ -88,6 +89,7 @@ sqlalchemy-migrate==0.9.8 sqlparse==0.1.11 supervisor==3.2.2 Tempita==0.5.2 +typing==3.6.6 unicodecsv==0.9.4 uritemplate==3.0.0 vdm==0.14 @@ -97,4 +99,4 @@ WebOb==1.0.8 WebTest==1.4.3 Werkzeug==0.11.4 xlrd==1.0.0 -zope.interface==4.1.1 +zope.interface==4.6.0 diff --git a/requirements.txt b/requirements.txt index 35601d2..9554d09 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -amqplib==1.0.2 +amqp~=1.4.9 anyjson==0.3.3 Babel==0.9.6 Beaker==1.6.4 From 1c4fb04ffab7b2b04587fbb3941abda1daa1f16b Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Fri, 19 Apr 2019 13:40:43 -0700 Subject: [PATCH 5/6] Use custom python for install script --- Dockerfile | 16 +++++++++------- install.sh | 4 ++-- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index b5bbd88..9d09547 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,7 @@ FROM ubuntu:14.04 +ARG PYTHON_VERSION=2.7.16 + ENV CKAN_HOME /usr/lib/ckan ENV CKAN_CONFIG /etc/ckan/ ENV CKAN_ENV docker @@ -8,7 +10,7 @@ WORKDIR /opt/catalog-app # TODO compile python to /usr/local to avoid this # https://github.com/GSA/datagov-deploy/issues/390 -ENV LD_LIBRARY_PATH /usr/local/lib/python2.7.10/lib +ENV LD_LIBRARY_PATH /usr/local/lib/python${PYTHON_VERSION}/lib # Install required packages RUN apt-get -q -y update && apt-get -q -y install \ @@ -40,11 +42,11 @@ RUN apt-get -q -y update && apt-get -q -y install \ # copy ckan script to /usr/bin/ COPY docker/webserver/common/usr/bin/ckan /usr/bin/ckan -# Get python 2.7.10 for virtualenv -RUN wget http://www.python.org/ftp/python/2.7.10/Python-2.7.10.tgz -RUN tar -zxvf Python-2.7.10.tgz -RUN cd Python-2.7.10 && \ - ./configure --prefix=/usr/local/lib/python2.7.10/ --enable-ipv6 --enable-unicode=ucs4 --enable-shared && \ +# Get updated python for virtualenv +RUN wget http://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz +RUN tar -zxvf Python-${PYTHON_VERSION}.tgz +RUN cd Python-${PYTHON_VERSION} && \ + ./configure --prefix=/usr/local/lib/python${PYTHON_VERSION}/ --enable-ipv6 --enable-unicode=ucs4 --enable-shared && \ make && make install # Upgrade pip & install virtualenv @@ -69,7 +71,7 @@ RUN ln -s $CKAN_HOME/src/ckan/ckan/config/who.ini $CKAN_CONFIG/who.ini RUN mkdir /var/tmp/ckan && chown www-data:www-data /var/tmp/ckan # Install ckan app -RUN cd / && ./install.sh +RUN cd / && ./install.sh /usr/lib/ckan /usr/local/lib/python${PYTHON_VERSION} # auth_tkt (and ckan) requires repoze.who 2.0. ckanext-saml, used for # production requires repoze.who==1.0.18 diff --git a/install.sh b/install.sh index 44dfb49..f5a8054 100755 --- a/install.sh +++ b/install.sh @@ -8,10 +8,10 @@ set -o errexit set -o pipefail set -o nounset -python_home=/usr/local/lib/python2.7.10 +venv="${1:-/usr/lib/ckan}" +python_home=${2:-/usr/local/lib/python2.7.10} export LD_LIBRARY_PATH="$python_home/lib" -venv="${1:-/usr/lib/ckan}" pip="$venv/bin/pip" # create virtual_env From 4402af5fda32253a179d2720c4c3502a3db68c58 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Fri, 19 Apr 2019 14:27:58 -0700 Subject: [PATCH 6/6] Specify umask in install script --- install.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/install.sh b/install.sh index f5a8054..63cf15c 100755 --- a/install.sh +++ b/install.sh @@ -8,6 +8,10 @@ set -o errexit set -o pipefail set -o nounset +# Default umask with hardening is 0027 which causes all kinds of headaches. +# Make sure files are installed world readable. +umask 0022 + venv="${1:-/usr/lib/ckan}" python_home=${2:-/usr/local/lib/python2.7.10} export LD_LIBRARY_PATH="$python_home/lib"