matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check SONiC dependencies before installation. (#13850)

Browse Source 
Why I did it
SONiC related packages shouldn't be intalled from Pypi.
It is security compliance requirement.

How I did it
Check SONiC related packages when using setup.py.

How to verify it
This commit is contained in:
Liu Shilong 2023-03-02 08:20:39 +08:00 committed by GitHub
parent f801b8fb2d
commit dcce42c402
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/sonic-config-engine/setup.py
View File

@ -1,7 +1,13 @@
from __future__ import print_function
import glob import glob
import sys import sys
from setuptools import setup from setuptools import setup
import pkg_resources
from packaging import version
# sonic_dependencies, version requirement only supports '>='
sonic_dependencies = ['sonic-py-common']
# Common dependencies for Python 2 and 3 # Common dependencies for Python 2 and 3
dependencies = [ dependencies = [
@ -10,7 +16,6 @@ dependencies = [
'lxml==4.9.1', 'lxml==4.9.1',
'netaddr==0.8.0', 'netaddr==0.8.0',
'pyyaml==5.4.1', 'pyyaml==5.4.1',
'sonic-py-common',
] ]
if sys.version_info.major == 3: if sys.version_info.major == 3:
@ -21,6 +26,8 @@ if sys.version_info.major == 3:
# dependencies section of setuptools followed by uninstall of enum43 # dependencies section of setuptools followed by uninstall of enum43
# 'pyangbind==0.8.1', # 'pyangbind==0.8.1',
'Jinja2>=2.10', 'Jinja2>=2.10',
]
sonic_dependencies += [
'sonic-yang-mgmt>=1.0', 'sonic-yang-mgmt>=1.0',
'sonic-yang-models>=1.0' 'sonic-yang-models>=1.0'
] ]
@ -50,6 +57,20 @@ if sys.version_info.major == 3:
'sonic_yang_cfg_generator' 'sonic_yang_cfg_generator'
] ]
dependencies += sonic_dependencies
for package in sonic_dependencies:
try:
package_dist = pkg_resources.get_distribution(package.split(">=")[0])
except pkg_resources.DistributionNotFound:
print(package + " is not found!", file=sys.stderr)
print("Please build and install SONiC python wheels dependencies from sonic-buildimage", file=sys.stderr)
exit(1)
if ">=" in package:
if version.parse(package_dist.version) >= version.parse(package.split(">=")[1]):
continue
print(package + " version not match!", file=sys.stderr)
exit(1)
setup( setup(
name = 'sonic-config-engine', name = 'sonic-config-engine',
version = '1.0', version = '1.0',

22
src/system-health/setup.py
View File

@ -1,11 +1,31 @@
from __future__ import print_function
from setuptools import setup from setuptools import setup
import sys
import pkg_resources
from packaging import version
# sonic_dependencies, version requirement only supports '>='
sonic_dependencies = ['sonic-py-common']
dependencies = [ dependencies = [
'natsort', 'natsort',
'sonic_py_common',
'docker' 'docker'
] ]
dependencies += sonic_dependencies
for package in sonic_dependencies:
try:
package_dist = pkg_resources.get_distribution(package.split(">=")[0])
except pkg_resources.DistributionNotFound:
print(package + " is not found!", file=sys.stderr)
print("Please build and install SONiC python wheels dependencies from sonic-buildimage", file=sys.stderr)
exit(1)
if ">=" in package:
if version.parse(package_dist.version) >= version.parse(package.split(">=")[1]):
continue
print(package + " version not match!", file=sys.stderr)
exit(1)
setup( setup(
name='system-health', name='system-health',
version='1.0', version='1.0',