search

awslabs / automated-security-helper

https://awslabs.github.io/automated-security-helper/
Apache License 2.0
372 stars 44 forks source link

python:latest image is now python3.12 and is breaking Dockerfile-yaml #25

Open jasonend opened 10 months ago

jasonend commented 10 months ago

Dockerfile-yaml installation of checkov fails due to an aiohttp wheels error. This error is due to public.ecr.aws/bitnami/python:latest migrating to Python3.12; which is not supported by aiohttp.

It is poor security and resiliency practice to use the latest tag in Dockerfiles. Recommend moving to a more stable public.ecr.aws/bitnami/python:3.11 tag or something similar.

ERROR Observed:

note: This error originates from a subprocess, and is likely not a problem with pip.
  ERROR: Failed building wheel for aiohttp
  Building wheel for yarl (pyproject.toml) ... done
  Created wheel for yarl: filename=yarl-1.9.2-cp312-cp312-linux_x86_64.whl size=286345 sha256=7e88fb1e4f418184da53978a603d73ac7d754c35e9268560d326e37f0f40fd01
  Stored in directory: /root/.cache/pip/wheels/84/e3/6a/7d0fa1abee8e4aa39922b5bd54689b4b5e4269b2821f482a32
  Building wheel for frozenlist (pyproject.toml) ... done
  Created wheel for frozenlist: filename=frozenlist-1.4.0-cp312-cp312-linux_x86_64.whl size=262208 sha256=8f9f28c0b4d65cc29823b6bf5bc031e2a49bd7dd625e4f4263d7699ce4822ca0
  Stored in directory: /root/.cache/pip/wheels/f1/9c/94/9386cb0ea511a93226456388d41d35f1c24ba15a62ffd7b1ef
  Building wheel for multidict (pyproject.toml) ... done
  Created wheel for multidict: filename=multidict-6.0.4-cp312-cp312-linux_x86_64.whl size=119179 sha256=bb2d1368cc7db5533695f936c21cf33ad640ceda6337725a41c906b85a02122b
  Stored in directory: /root/.cache/pip/wheels/f6/d8/ff/3c14a64b8f2ab1aa94ba2888f5a988be6ab446ec5c8d1a82da
Successfully built yarl frozenlist multidict
Failed to build aiohttp
ERROR: Could not build wheels for aiohttp, which is required to install pyproject.toml-based projects

[notice] A new release of pip is available: 23.2.1 -> 23.3
[notice] To update, run: pip install --upgrade pip
# uname -a
Linux 81975e549747 6.3.13-linuxkit #1 SMP PREEMPT Thu Sep  7 07:48:47 UTC 2023 x86_64 GNU/Linux
# python --version
Python 3.12.0
begimher commented 9 months ago

Thank you @jasonend , can you please check again with the latest version?