From 4bab95e88b766456d79b407ef9625e74e2439854 Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Sun, 29 Jun 2025 14:43:09 +0000 Subject: [PATCH 1/6] fix: upgrade setuptools to 79.0.1 in python-samples-testing-docker --- .kokoro/docker/Dockerfile | 39 ++++++++++++++++++++++++++------- .kokoro/docker/requirements.in | 3 +++ .kokoro/docker/requirements.txt | 12 ++++++++++ 3 files changed, 46 insertions(+), 8 deletions(-) create mode 100644 .kokoro/docker/requirements.in create mode 100644 .kokoro/docker/requirements.txt diff --git a/.kokoro/docker/Dockerfile b/.kokoro/docker/Dockerfile index ba9af12a93..4071afc5f2 100644 --- a/.kokoro/docker/Dockerfile +++ b/.kokoro/docker/Dockerfile @@ -65,6 +65,7 @@ RUN apt-get update \ uuid-dev \ wget \ zlib1g-dev \ + && apt remove -y python3-setuptools \ && apt-get clean autoclean \ && apt-get autoremove -y \ && rm -rf /var/lib/apt/lists/* \ @@ -116,7 +117,7 @@ RUN set -ex \ && export GNUPGHOME="$(mktemp -d)" \ && echo "disable-ipv6" >> "${GNUPGHOME}/dirmngr.conf" \ && /tmp/fetch_gpg_keys.sh \ - && for PYTHON_VERSION in 2.7.18 3.7.17 3.8.20 3.9.20 3.10.15 3.11.10 3.12.7 3.13.0; do \ + && for PYTHON_VERSION in 2.7.18 3.7.17 3.8.20 3.9.23 3.10.18 3.11.13 3.12.11 3.13.5; do \ wget --no-check-certificate -O python-${PYTHON_VERSION}.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \ && wget --no-check-certificate -O python-${PYTHON_VERSION}.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \ && gpg --batch --verify python-${PYTHON_VERSION}.tar.xz.asc python-${PYTHON_VERSION}.tar.xz \ @@ -144,7 +145,7 @@ RUN set -ex \ # Install pip on Python 3.10 only. # If the environment variable is called "PIP_VERSION", pip explodes with # "ValueError: invalid truth value ''" -ENV PYTHON_PIP_VERSION 21.3.1 +ENV PYTHON_PIP_VERSION 23.1.2 RUN wget --no-check-certificate -O /tmp/get-pip-3-7.py 'https://bootstrap.pypa.io/pip/3.7/get-pip.py' \ && wget --no-check-certificate -O /tmp/get-pip-3-8.py 'https://bootstrap.pypa.io/pip/3.8/get-pip.py' \ && wget --no-check-certificate -O /tmp/get-pip.py 'https://bootstrap.pypa.io/get-pip.py' \ @@ -165,6 +166,8 @@ RUN python3.9 /tmp/get-pip.py RUN python3.8 /tmp/get-pip-3-8.py RUN python3.7 /tmp/get-pip-3-7.py RUN rm /tmp/get-pip.py +RUN rm /tmp/get-pip-3-8.py +RUN rm /tmp/get-pip-3-7.py # Test Pip RUN python3 -m pip @@ -176,17 +179,37 @@ RUN python3.11 -m pip RUN python3.12 -m pip RUN python3.13 -m pip -# Install "setuptools" for Python 3.12+ (see https://docs.python.org/3/whatsnew/3.12.html#distutils) -RUN python3.12 -m pip install --no-cache-dir setuptools -RUN python3.13 -m pip install --no-cache-dir setuptools +# Remove setuptools installations for Python 2.7, 3.7, 3.8 +# since there is no fix for CVE-2025-47273/CVE-2025-47273. +# See https://github.com/python/cpython/issues/135374#issuecomment-2963361124 +RUN for PYTHON_VERSION in 2.7 3.7 3.8; do \ + /usr/local/bin/python${PYTHON_VERSION} -m pip \ + uninstall -y \ + setuptools \ + ; done + +# Install/upgrade setuptools installations for Python 3.9, 3.10 and 3.11 +# for CVE-2025-47273/CVE-2025-47273. +# See https://github.com/python/cpython/issues/135374#issuecomment-2963361124 +# Also install "setuptools" for Python 3.12+ since it's not included automatically +# (see https://docs.python.org/3/whatsnew/3.12.html#distutils) +COPY requirements.txt /requirements.txt + +RUN for PYTHON_VERSION in 3.9 3.10 3.11 3.12 3.13; do \ + /usr/local/bin/python${PYTHON_VERSION} -m pip \ + install \ + --no-cache-dir \ + --require-hashes \ + -r /requirements.txt \ + ; done # Install "virtualenv", since the vast majority of users of this image will want it. RUN pip install --no-cache-dir virtualenv # Setup Cloud SDK -ENV CLOUD_SDK_VERSION 502.0.0 -# Use system python for cloud sdk. -ENV CLOUDSDK_PYTHON python3.10 +ENV CLOUD_SDK_VERSION 528.0.0 +# Use python 3.12 for cloud sdk. +ENV CLOUDSDK_PYTHON python3.12 RUN wget https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-$CLOUD_SDK_VERSION-linux-x86_64.tar.gz RUN tar xzf google-cloud-sdk-$CLOUD_SDK_VERSION-linux-x86_64.tar.gz RUN /google-cloud-sdk/install.sh diff --git a/.kokoro/docker/requirements.in b/.kokoro/docker/requirements.in new file mode 100644 index 0000000000..7861640ec0 --- /dev/null +++ b/.kokoro/docker/requirements.in @@ -0,0 +1,3 @@ +# See https://github.com/python/cpython/issues/135374#issuecomment-2963361124 +# for the reason that setuptools 79.0.1 is used for Python 3.9, 3.10 and 3.11 +setuptools==79.0.1 diff --git a/.kokoro/docker/requirements.txt b/.kokoro/docker/requirements.txt new file mode 100644 index 0000000000..4195cbb415 --- /dev/null +++ b/.kokoro/docker/requirements.txt @@ -0,0 +1,12 @@ +# +# This file is autogenerated by pip-compile with Python 3.9 +# by the following command: +# +# pip-compile --allow-unsafe --generate-hashes requirements.in +# + +# The following packages are considered to be unsafe in a requirements file: +setuptools==79.0.1 \ + --hash=sha256:128ce7b8f33c3079fd1b067ecbb4051a66e8526e7b65f6cec075dfc650ddfa88 \ + --hash=sha256:e147c0549f27767ba362f9da434eab9c5dc0045d5304feb602a0af001089fc51 + # via -r requirements.in From ab5e525d9c6dcc299c107053c6a3ec7367e8d589 Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Sun, 29 Jun 2025 14:48:42 +0000 Subject: [PATCH 2/6] add comment --- .kokoro/docker/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.kokoro/docker/Dockerfile b/.kokoro/docker/Dockerfile index 4071afc5f2..34eb84881e 100644 --- a/.kokoro/docker/Dockerfile +++ b/.kokoro/docker/Dockerfile @@ -65,6 +65,8 @@ RUN apt-get update \ uuid-dev \ wget \ zlib1g-dev \ + # Remove `python3-setuptools` since the installed version + # does not include a patch for CVE-2025-47273/CVE-2025-47273. && apt remove -y python3-setuptools \ && apt-get clean autoclean \ && apt-get autoremove -y \ From 9ceff81fa5c6a001a6536ed7655b29d82a32e61e Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Sun, 29 Jun 2025 14:49:13 +0000 Subject: [PATCH 3/6] address feedback from gemini-code-assist --- .kokoro/docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.kokoro/docker/Dockerfile b/.kokoro/docker/Dockerfile index 34eb84881e..5ced19d024 100644 --- a/.kokoro/docker/Dockerfile +++ b/.kokoro/docker/Dockerfile @@ -67,7 +67,7 @@ RUN apt-get update \ zlib1g-dev \ # Remove `python3-setuptools` since the installed version # does not include a patch for CVE-2025-47273/CVE-2025-47273. - && apt remove -y python3-setuptools \ + && apt-get remove -y python3-setuptools \ && apt-get clean autoclean \ && apt-get autoremove -y \ && rm -rf /var/lib/apt/lists/* \ From 5c4e1bbc439ad49d9faaf6e7b9b37bc769d1333f Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Sun, 29 Jun 2025 14:50:01 +0000 Subject: [PATCH 4/6] address feedback from gemini-code-assist --- .kokoro/docker/Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.kokoro/docker/Dockerfile b/.kokoro/docker/Dockerfile index 5ced19d024..c98d48973b 100644 --- a/.kokoro/docker/Dockerfile +++ b/.kokoro/docker/Dockerfile @@ -167,9 +167,7 @@ RUN python3.11 /tmp/get-pip.py RUN python3.9 /tmp/get-pip.py RUN python3.8 /tmp/get-pip-3-8.py RUN python3.7 /tmp/get-pip-3-7.py -RUN rm /tmp/get-pip.py -RUN rm /tmp/get-pip-3-8.py -RUN rm /tmp/get-pip-3-7.py +RUN rm /tmp/get-pip.py /tmp/get-pip-3-8.py /tmp/get-pip-3-7.py # Test Pip RUN python3 -m pip From a89d6f37f8c574b572852780c737707fdbd614b1 Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Sun, 29 Jun 2025 14:50:41 +0000 Subject: [PATCH 5/6] address feedback from gemini-code-assist --- .kokoro/docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.kokoro/docker/Dockerfile b/.kokoro/docker/Dockerfile index c98d48973b..28aeb113f0 100644 --- a/.kokoro/docker/Dockerfile +++ b/.kokoro/docker/Dockerfile @@ -201,7 +201,7 @@ RUN for PYTHON_VERSION in 3.9 3.10 3.11 3.12 3.13; do \ --no-cache-dir \ --require-hashes \ -r /requirements.txt \ - ; done + ; done && rm /requirements.txt # Install "virtualenv", since the vast majority of users of this image will want it. RUN pip install --no-cache-dir virtualenv From ee8b1765fb3383b5664a45d0253194b57aefd3dc Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Sun, 29 Jun 2025 14:51:49 +0000 Subject: [PATCH 6/6] add license header --- .kokoro/docker/requirements.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.kokoro/docker/requirements.txt b/.kokoro/docker/requirements.txt index 4195cbb415..cdf3f57a89 100644 --- a/.kokoro/docker/requirements.txt +++ b/.kokoro/docker/requirements.txt @@ -1,3 +1,17 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# # # This file is autogenerated by pip-compile with Python 3.9 # by the following command: