always-cautious/ortools-clone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix security issue in manylinux1 image Dockerfile

Browse Source
This commit is contained in:
Federico Ficarelli
2017-08-31 16:08:13 +02:00
parent 3732ab7d30
commit 4db4223962
1 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tools/docker/manylinux1.Dockerfile
View File

@@ -3,7 +3,6 @@ FROM quay.io/pypa/manylinux1_x86_64:latest
RUN yum -y update && yum -y install \
yum-utils \
redhat-lsb \
wget \
git \
autoconf \
libtool \
@@ -14,10 +13,21 @@ RUN yum -y update && yum -y install \
subversion \
make \
pcre-devel \
which
which \
curl
# WARNING
# We cannot use wget to download the following packages due to a bug that leads
# to an incorrect checking of Server Alternate Name (SAN) property in the SSL
# certificate and makes wget to fail with something like:
#
# ERROR: certificate common name `*.kitware.com' doesn't match requested host name `cmake.org'.
#
# Note: 'wget --no-check-certificate' is not an option since we are building
# distribution binaries.
WORKDIR /root
RUN wget --no-check-certificate https://cmake.org/files/v3.8/cmake-3.8.2.tar.gz
RUN curl --location-trusted --remote-name https://cmake.org/files/v3.8/cmake-3.8.2.tar.gz
RUN tar xzf cmake-3.8.2.tar.gz
WORKDIR /root/cmake-3.8.2
RUN ./bootstrap --prefix=/usr
@@ -25,7 +35,7 @@ RUN make
RUN make install
WORKDIR /root
RUN wget --no-check-certificate https://downloads.sourceforge.net/project/swig/swig/swig-3.0.12/swig-3.0.12.tar.gz
RUN curl --location-trusted --remote-name https://downloads.sourceforge.net/project/swig/swig/swig-3.0.12/swig-3.0.12.tar.gz
RUN tar xzf swig-3.0.12.tar.gz
WORKDIR /root/swig-3.0.12
RUN ./configure --prefix=/usr