Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(dockerfiles/cd/builders/tiflash): upgrade openssl with conda pre-build package #395

Merged
merged 1 commit into from
Sep 3, 2024
Merged

fix(dockerfiles/cd/builders/tiflash): upgrade openssl with conda pre-build package #395

merged 1 commit into from
Sep 3, 2024

Conversation

wuhuizuo
Copy link
Contributor

@wuhuizuo wuhuizuo commented Sep 2, 2024

Signed-off-by: wuhuizuo wuhuizuo@126.com

@ti-chi-bot ti-chi-bot bot requested a review from purelind September 2, 2024 10:49
@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Sep 2, 2024

I have already done a preliminary review for you, and I hope to help you do a better job.

Based on the pull request title and description, the key changes are upgrading OpenSSL with a conda pre-build package in a Dockerfile. The diff shows that the changes are only made to the dockerfiles/cd/builders/tiflash/Dockerfile.

There are a few potential problems with the changes made in this pull request. Firstly, the new package is being installed from an external source (conda.anaconda.org), which could potentially introduce security risks or version incompatibilities. Secondly, the curl command used to download the package is using the -sL flag, which could potentially silently fail without proper error handling. Lastly, the tarball extraction command uses -z and -C flags interchangeably, which could cause confusion and potential errors.

To improve this pull request, it is recommended to use a more secure and version-controlled package source, such as an internal package repository or a trusted public repository. Additionally, it is recommended to add proper error handling for the curl command and use consistent flags for the tarball extraction command.

@ti-chi-bot ti-chi-bot bot added the size/S label Sep 2, 2024
@wuhuizuo
fix(dockerfiles/cd/builders/tiflash): upgrade openssl with conda pre-…
d742fd9 
…build package

Signed-off-by: wuhuizuo <wuhuizuo@126.com>
@wuhuizuo wuhuizuo force-pushed the fix/upgrade-openssl-for-tiflash-builder branch from a19f809 to d742fd9 Compare September 2, 2024 12:19
@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Sep 2, 2024

I have already done a preliminary review for you, and I hope to help you do a better job.

Based on the pull request title and description, the changes made in this pull request are upgrading openssl with a conda pre-build package in the dockerfiles/cd/builders/tiflash directory.

Potential problems:

  • There is no test included in this pull request to ensure that the upgrade works as expected. It would be good to have some test cases to verify that the upgrade does not cause any issues.
  • It is unclear why openssl was not updated to version 1.1.1w in the previous implementation. This should be explained in the pull request description or in the commit message.

Fixing suggestions:

  • Add some test cases to ensure that the upgrade works as expected.
  • Clarify why openssl was not updated to version 1.1.1w in the previous implementation.

Overall, the changes look good, but adding test cases and clarifying the reason for not updating openssl to version 1.1.1w would make the pull request more robust.

wuhuizuo
wuhuizuo commented Sep 3, 2024
View reviewed changes
dockerfiles/cd/builders/tiflash/Dockerfile
RUN --mount=type=cache,target=/var/cache/dnf \
dnf upgrade-minimal -y && \
dnf --enablerepo=powertools install -y git llvm-toolset cmake ninja-build openssl python3.12 libcurl-devel

dnf --enablerepo=powertools install -y git llvm-toolset cmake ninja-build python3.12 libcurl-devel
Copy link
Contributor Author

@wuhuizuo wuhuizuo Sep 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

desc: do not install the old openssl pkg.

@wuhuizuo
Copy link
Contributor Author

wuhuizuo commented Sep 3, 2024

/approve

@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Sep 3, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: wuhuizuo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot added the approved label Sep 3, 2024
@ti-chi-bot ti-chi-bot bot merged commit 215e65b into main Sep 3, 2024
19 checks passed
@ti-chi-bot ti-chi-bot bot deleted the fix/upgrade-openssl-for-tiflash-builder branch September 3, 2024 03:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@purelind purelind Awaiting requested review from purelind

Assignees
No one assigned
Labels
approved size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@wuhuizuo