Pin version of openssl and use it to encrypt and decrypt rosetta

samgelman · samgelman · commit cc6bcb66952c · 2023-07-18T11:01:57.000-05:00
diff --git a/code/rosetta_minimal.py b/code/rosetta_minimal.py
@@ -31,7 +31,7 @@ def prep_for_squid(rosetta_minimal_dir, squid_dir, encryption_password):
 
     # encrypt the tar file for extra security against public distribution
     tar_fn_encrypted = join(squid_dir_with_datetime, "rosetta_min_enc.tar.gz")
-    encrypt_cmd = ["openssl", "enc", "-e", "-aes256",
+    encrypt_cmd = ["conda", "run", "-n", "rosettafy", "openssl", "enc", "-e", "-aes256", "-pbkdf2",
                    "-in", tar_fn, "-out", tar_fn_encrypted, "-pass", "pass:{}".format(encryption_password)]
     subprocess.call(encrypt_cmd)
 
diff --git a/htcondor/templates/run.sh b/htcondor/templates/run.sh
@@ -29,20 +29,6 @@ echo "Combining Rosetta split files"
 cat rosetta_min_enc.tar.gz.* > rosetta_min_enc.tar.gz
 rm rosetta_min_enc.tar.gz.*
 
-# decrypt
-echo "Decrypting Rosetta"
-openssl version # echo the version for my knowledge
-# this was encrypted w/ openssl v > 1.1.0, which uses default digest sha256
-# include "-md sha256" for decrypt compatibility with older versions that used md5
-openssl enc -d -aes256 -md sha256 -in rosetta_min_enc.tar.gz -out rosetta_min.tar.gz -pass file:pass.txt
-
-rm rosetta_min_enc.tar.gz
-
-# extract
-echo "Extracting Rosetta"
-tar -xf rosetta_min.tar.gz
-rm rosetta_min.tar.gz
-
 # set up the python environment (from packaged version)
 # https://chtc.cs.wisc.edu/conda-installation.shtml
 
@@ -55,6 +41,19 @@ mkdir rosettafy_env
 tar -xzf rosettafy_env_v0.4.tar.gz -C rosettafy_env
 . rosettafy_env/bin/activate
 
+# decrypt
+# note this is done AFTER setting up the Python environment because it requires
+# the openssl version inside the environment
+echo "Decrypting Rosetta"
+openssl version # echo the version for my knowledge
+openssl enc -d -aes256 -pbkdf2 -in rosetta_min_enc.tar.gz -out rosetta_min.tar.gz -pass file:pass.txt
+rm rosetta_min_enc.tar.gz
+
+# extract
+echo "Extracting Rosetta"
+tar -xf rosetta_min.tar.gz
+rm rosetta_min.tar.gz
+
 # launch our python run script with argument file number
 echo "Launching energize.py"
 python3 code/energize.py @energize_args.txt --variants_fn="${PROCESS}.txt" --cluster="$CLUSTER" --process="$PROCESS" --commit_id="$GITHUB_TAG"
diff --git a/setup/rosettafy_env.yml b/setup/rosettafy_env.yml
@@ -11,3 +11,4 @@ dependencies:
   - biopython=1.78
   - jupyterlab=3.0.12
   - sqlalchemy=1.4.39
+  - openssl=3.1.1
