Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove installation of bcrypt in Charm code #100

Closed
Barteus opened this issue Jan 3, 2023 · 2 comments · Fixed by #148
Closed

Remove installation of bcrypt in Charm code #100

Barteus opened this issue Jan 3, 2023 · 2 comments · Fixed by #148
Labels
bug Something isn't working good first issue Good for newcomers

Comments

@Barteus
Copy link

Barteus commented Jan 3, 2023
edited
Loading

BCrypt is installed during the run of the charm, which is a bad practice.

dex-auth-operator/src/charm.py

Line 26 in 041cabc

subprocess.check_call(["apt", "install", "-y", "python3-bcrypt"])

It is used to hash the password only. We can use other libraries to perform string hashing which does not require the installation of the additional package.

Additionally, packages installed this way are not scanned during the CVE scanning.
@i-chvets
Copy link
Contributor

i-chvets commented Jan 4, 2023

Added to be fixed.

@i-chvets i-chvets added the bug Something isn't working label Jan 4, 2023
@i-chvets
Copy link
Contributor

i-chvets commented Jan 4, 2023

Low priority.

@i-chvets i-chvets added the good first issue Good for newcomers label Jan 24, 2023
@phoevos phoevos mentioned this issue Aug 3, 2023
Merged
phoevos added a commit that referenced this issue Aug 4, 2023
@phoevos
feat: Drop apt install bcrypt (#148)
4e42ce3 
Currently, Dex Charm is doing apt install. Update this logic to ensure
the Dex Charm can work in an airgapped environment.

Closes #100 

Signed-off-by: Phoevos Kalemkeris <phoevos.kalemkeris@canonical.com>
DnPlas pushed a commit that referenced this issue Sep 26, 2023
@phoevos @DnPlas
feat: Drop apt install bcrypt (#148)
41aae03 
Currently, Dex Charm is doing apt install. Update this logic to ensure
the Dex Charm can work in an airgapped environment.

Closes #100

Signed-off-by: Phoevos Kalemkeris <phoevos.kalemkeris@canonical.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Remove apt-install from Dex Charm canonical/dex-auth-operator
2 participants
@Barteus @i-chvets