search

thoth-station / s2i-thoth

Thoth's addition to OpenShift's s2i Python builds to benefit from Thoth's recommendations in your application
GNU General Public License v3.0
6 stars 19 forks source link

Fedora 35 on top of Python 3.10 #231

Closed fridex closed 2 years ago

fridex commented 2 years ago

Is your feature request related to a problem? Please describe.

See https://github.com/sclorg/s2i-python-container/pull/486 - we could plug solver-fedora-35-py310 and start ingestion.

goern commented 2 years ago

I think this might be a good opportunity to show different advises, based on latest -> f35-py310 or security -> ubi8-py39 wdyt?

/priority important-soon /triage accepted

fridex commented 2 years ago

https://bodhi.fedoraproject.org/updates/FEDORA-CONTAINER-2022-84cdd058eb

fridex commented 2 years ago

https://bodhi.fedoraproject.org/updates/FEDORA-CONTAINER-2022-84cdd058eb

It looks like the container image is now stable. We could install fedora-35-py310 solver and trigger ingestion. I'm not 100% sure if Python 3.10 parsing from the solver name will be correct in our tooling - worth checking.

fridex commented 2 years ago

I'm not 100% sure if Python 3.10 parsing from the solver name will be correct in our tooling - worth checking.

It is wrong:

>>> from thoth.common import OpenShift
>>> OpenShift.parse_python_solver_name("solver-fedora-35-py310")
{'os_name': 'fedora', 'os_version': '35', 'python_version': '3.1.0'}
fridex commented 2 years ago

/sig stack-guidance /priority important-soon

Gregory-Pereira commented 2 years ago

/assign

codificat commented 2 years ago

For reference, see https://github.com/thoth-station/thoth-application/blob/master/docs/thoth_s2i_procedure.md

codificat commented 2 years ago

/lifecycle active

Gregory-Pereira commented 2 years ago

With respect to #235 that created the f35-py310 solver, the tagged image in quay.io is showing with a critical vulnerability in the scan (see scan). It appears that the vulnerability lies with pip. What should be done about this?

Gregory-Pereira commented 2 years ago

Can we close this issue, or is there more that needs to be done here?

fridex commented 2 years ago

It might be a good idea to generate prescriptions for packages packaged as RPMs in Fedora 35 (also might be worth to document this). See https://github.com/thoth-station/thoth-application/issues/1803#issuecomment-878208947 and this issue should state code on how to do that https://github.com/thoth-station/adviser/issues/1961 (might require changes to conform to the current prescriptions structure and https://github.com/thoth-station/prescriptions/issues/59).

BTW it sounds like we could turn on ingestion in stage env?

codificat commented 2 years ago

BTW it sounds like we could turn on ingestion in stage env?

Tracking that in https://github.com/thoth-station/thoth-application/issues/2479

harshad16 commented 2 years ago

This seems to be done. closing