Bug description
There is a security patch applied manually in the openedx image Dockerfile:
|
# SECURITY FIX: remove activation_key exposure from account API |
|
RUN curl -fsSL https://github.com/openedx/openedx-platform/commit/21cead238466ca398ba368518f1d3288431d68f4.patch | git am |
This patch has been shipped upstream in the ulmo release branch (release/ulmo) since then. So if using the release/ulmo branch, this line of the Dockerfile fails with
#27 [code 5/5] RUN curl -fsSL https://github.com/openedx/openedx-platform/commit/21cead238466ca398ba368518f1d3288431d68f4.patch | git am
#27 0.887 error: patch failed: lms/envs/common.py:2839
#27 0.888 error: lms/envs/common.py: patch does not apply
#27 0.888 error: patch failed: openedx/core/djangoapps/user_api/accounts/serializers.py:142
#27 0.889 error: openedx/core/djangoapps/user_api/accounts/serializers.py: patch does not apply
#27 0.889 error: patch failed: openedx/core/djangoapps/user_api/accounts/tests/test_api.py:635
#27 0.889 error: openedx/core/djangoapps/user_api/accounts/tests/test_api.py: patch does not apply
#27 0.890 error: patch failed: openedx/core/djangoapps/user_api/accounts/tests/test_views.py:361
#27 0.890 error: openedx/core/djangoapps/user_api/accounts/tests/test_views.py: patch does not apply
#27 0.891 error: patch failed: openedx/core/djangoapps/user_api/accounts/views.py:297
#27 0.891 error: openedx/core/djangoapps/user_api/accounts/views.py: patch does not apply
#27 0.891 hint: Use 'git am --show-current-patch=diff' to see the failed patch
#27 0.892 Applying: fix: remove activation_key from account REST API response
#27 0.892 Patch failed at 0001 fix: remove activation_key from account REST API response
#27 0.892 When you have resolved this problem, run "git am --continue".
#27 0.892 If you prefer to skip this patch, run "git am --skip" instead.
#27 0.892 To restore the original branch and stop patching, run "git am --abort".
#27 ERROR: process "/bin/sh -c curl -fsSL https://github.com/openedx/openedx-platform/commit/21cead238466ca398ba368518f1d3288431d68f4.patch | git am" did not complete successfully: exit code: 128
Since the release/ulmo.2 tag is the latest point release tag and it doesn't have the security patch, it's probably still important to ship this manual patch. However, we need to conditionally apply the patch or ignore the "patch does not apply" error, so the image build can succeed with release/ulmo.
How to reproduce
At the lower level:
git clone https://github.com/openedx/openedx-platform
cd openedx-platform
git checkout release/ulmo
curl -fsSL https://github.com/openedx/openedx-platform/commit/21cead238466ca398ba368518f1d3288431d68f4.patch | git am
Higher level: configure a Tutor devstack with:
EDX_PLATFORM_REPOSITORY: https://github.com/openedx/openedx-platform.git
EDX_PLATFORM_VERSION: release/ulmo
Then run tutor images build openedx.
Environment
tutor version: v21.0.4
Additional context
A workaround is to use the release/ulmo.2 tag of openedx-platform, which doesn't have this security patch.
Bug description
There is a security patch applied manually in the openedx image Dockerfile:
tutor/tutor/templates/build/openedx/Dockerfile
Lines 67 to 68 in be332ff
This patch has been shipped upstream in the ulmo release branch (
release/ulmo) since then. So if using therelease/ulmobranch, this line of the Dockerfile fails withSince the
release/ulmo.2tag is the latest point release tag and it doesn't have the security patch, it's probably still important to ship this manual patch. However, we need to conditionally apply the patch or ignore the "patch does not apply" error, so the image build can succeed withrelease/ulmo.How to reproduce
At the lower level:
Higher level: configure a Tutor devstack with:
Then run
tutor images build openedx.Environment
tutor version: v21.0.4
Additional context
A workaround is to use the
release/ulmo.2tag of openedx-platform, which doesn't have this security patch.