search

MISP / mail_to_misp

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
GNU Affero General Public License v3.0
69 stars 25 forks source link

Gunicorn new SHA256 hash? #67

Closed nikAizuddin closed 2 years ago

nikAizuddin commented 2 years ago

Looks like SHA256 hash for Gunicorn 20.1.0 has changed. It's no longer e0a968b5ba15f8a328fdfd7ab1fcb5af4470c28aaf7e55df02a99bc13138e6e8:

Collecting gunicorn==20.1.0
  Downloading gunicorn-20.1.0-py3-none-any.whl (79 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 79.5/79.5 kB 2.3 MB/s eta 0:00:00
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    gunicorn==20.1.0 from https://files.pythonhosted.org/packages/e4/dd/5b190393e6066286773a67dfcc2f9492058e9b57c4867a95f1ba5caf0a83/gunicorn-20.1.0-py3-none-any.whl (from -r requirements.txt (line 130)):
        Expected sha256 e0a968b5ba15f8a328fdfd7ab1fcb5af4470c28aaf7e55df02a99bc13138e6e8
             Got        9dcc4547dbb1cb284accfb15ab5667a0e5d1881cc443e0677b4882a4067a807e

The new SHA256 hash is 9dcc4547dbb1cb284accfb15ab5667a0e5d1881cc443e0677b4882a4067a807e according to https://pypi.org/project/gunicorn/: image

Rafiot commented 2 years ago

I just did a massive upgrade of all the dependencies, this should solve it. Can you give it a shot?

nikAizuddin commented 2 years ago

I just did a massive upgrade of all the dependencies, this should solve it. Can you give it a shot?

Nope, error still the same:

Collecting gunicorn==20.1.0
  Downloading gunicorn-20.1.0-py3-none-any.whl (79 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 79.5/79.5 kB 5.9 MB/s eta 0:00:00
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    gunicorn==20.1.0 from https://files.pythonhosted.org/packages/e4/dd/5b190393e6066286773a67dfcc2f9492058e9b57c4867a95f1ba5caf0a83/gunicorn-20.1.0-py3-none-any.whl (from -r requirements.txt (line 130)):
        Expected sha256 e0a968b5ba15f8a328fdfd7ab1fcb5af4470c28aaf7e55df02a99bc13138e6e8
             Got        9dcc4547dbb1cb284accfb15ab5667a0e5d1881cc443e0677b4882a4067a807e

Error: error building at STEP "RUN /var/www/MISP/venv/bin/python3 -m pip install -r requirements.txt": error while running runtime: exit status 1

If I changed Gunicorn hash, build works:

diff --git a/requirements.txt b/requirements.txt
index 68d2581..22f0c5f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -128,7 +128,7 @@ flask==1.1.4; (python_version >= "2.7" and python_full_version < "3.0.0") or (py
     --hash=sha256:c34f04500f2cbbea882b1acb02002ad6fe6b7ffa64a6164577995657f50aed22 \
     --hash=sha256:0fbeb6180d383a9186d0d6ed954e0042ad9f18e0e8de088b2b419d526927d196
 gunicorn==20.1.0; python_version >= "3.5" \
-    --hash=sha256:e0a968b5ba15f8a328fdfd7ab1fcb5af4470c28aaf7e55df02a99bc13138e6e8
+    --hash=sha256:9dcc4547dbb1cb284accfb15ab5667a0e5d1881cc443e0677b4882a4067a807e
 idna==3.2; python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "4.0" or python_full_version >= "3.6.0" and python_version >= "3.6" and python_version < "4.0" \
     --hash=sha256:14475042e284991034cb48e06f6851428fb14c4dc953acd9be9a5e95c7b6dd7a \
     --hash=sha256:467fbad99067910785144ce333826c71fb0e63a425657295239737f7ecd125f3
Rafiot commented 2 years ago

oh, right, in the requirements.txt. I updated pyproject/poetry.lock. Fixing that now.

Rafiot commented 2 years ago

That should do it: https://github.com/MISP/mail_to_misp/commit/fc265212f39a88cceac347fef6f54f2bfb59e828

nikAizuddin commented 2 years ago

Looks like the requirements.txt file got messed up with diff stuff.

Rafiot commented 2 years ago

not sure how I did that... fixed now.

nikAizuddin commented 2 years ago

Alright, build success. Closing