From dcce42c40286e4b1bba361b32f97d3210196c8ba Mon Sep 17 00:00:00 2001
From: Liu Shilong <shilongliu@microsoft.com>
Date: Thu, 2 Mar 2023 08:20:39 +0800
Subject: [PATCH] Check SONiC dependencies before installation. (#13850)

Why I did it
SONiC related packages shouldn't be intalled from Pypi.
It is security compliance requirement.

How I did it
Check SONiC related packages when using setup.py.

How to verify it
---
 src/sonic-config-engine/setup.py | 23 ++++++++++++++++++++++-
 src/system-health/setup.py       | 22 +++++++++++++++++++++-
 2 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/src/sonic-config-engine/setup.py b/src/sonic-config-engine/setup.py
index 3f2b2a240a..924a39a89f 100644
--- a/src/sonic-config-engine/setup.py
+++ b/src/sonic-config-engine/setup.py
@@ -1,7 +1,13 @@
+from __future__ import print_function
 import glob
 import sys
 
 from setuptools import setup
+import pkg_resources
+from packaging import version
+
+# sonic_dependencies, version requirement only supports '>='
+sonic_dependencies = ['sonic-py-common']
 
 # Common dependencies for Python 2 and 3
 dependencies = [
@@ -10,7 +16,6 @@ dependencies = [
     'lxml==4.9.1',
     'netaddr==0.8.0',
     'pyyaml==5.4.1',
-    'sonic-py-common',
 ]
 
 if sys.version_info.major == 3:
@@ -21,6 +26,8 @@ if sys.version_info.major == 3:
         # dependencies section of setuptools followed by uninstall of enum43
         # 'pyangbind==0.8.1',
         'Jinja2>=2.10',
+    ]
+    sonic_dependencies += [
         'sonic-yang-mgmt>=1.0',
         'sonic-yang-models>=1.0'
     ]
@@ -50,6 +57,20 @@ if sys.version_info.major == 3:
         'sonic_yang_cfg_generator'
     ]
 
+dependencies += sonic_dependencies
+for package in sonic_dependencies:
+    try:
+        package_dist = pkg_resources.get_distribution(package.split(">=")[0])
+    except pkg_resources.DistributionNotFound:
+        print(package + " is not found!", file=sys.stderr)
+        print("Please build and install SONiC python wheels dependencies from sonic-buildimage", file=sys.stderr)
+        exit(1)
+    if ">=" in package:
+        if version.parse(package_dist.version) >= version.parse(package.split(">=")[1]):
+            continue
+        print(package + " version not match!", file=sys.stderr)
+        exit(1)
+
 setup(
     name = 'sonic-config-engine',
     version = '1.0',
diff --git a/src/system-health/setup.py b/src/system-health/setup.py
index 62b02252e8..84944a6e72 100644
--- a/src/system-health/setup.py
+++ b/src/system-health/setup.py
@@ -1,11 +1,31 @@
+from __future__ import print_function
 from setuptools import setup
+import sys
+import pkg_resources
+from packaging import version
+
+# sonic_dependencies, version requirement only supports '>='
+sonic_dependencies = ['sonic-py-common']
 
 dependencies = [
     'natsort',
-    'sonic_py_common',
     'docker'
 ]
 
+dependencies += sonic_dependencies
+for package in sonic_dependencies:
+    try:
+        package_dist = pkg_resources.get_distribution(package.split(">=")[0])
+    except pkg_resources.DistributionNotFound:
+        print(package + " is not found!", file=sys.stderr)
+        print("Please build and install SONiC python wheels dependencies from sonic-buildimage", file=sys.stderr)
+        exit(1)
+    if ">=" in package:
+        if version.parse(package_dist.version) >= version.parse(package.split(">=")[1]):
+            continue
+        print(package + " version not match!", file=sys.stderr)
+        exit(1)
+
 setup(
     name='system-health',
     version='1.0',