Missing django_linear_migrations package when using CSRF environment variables

[Kisaragi-ng]

When setting up django-DefectDojo in master branch to be accessible over https with traefik, I have to add ENV DD_SESSION_COOKIE_SECURE, DD_CSRF_COOKIE_SECURE, and DD_CSRF_TRUSTED_ORIGINS
I draw these conclusion after reading:

• CSRF verification failed. Request aborted. #6329
• https://github.com/DefectDojo/django-DefectDojo/blob/master/docker-compose.override.https.yml
• https://docs.djangoproject.com/en/6.0/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS

However, after adding those 3 variables i got error from uwsgi during docker compose up instead:

uwsgi-1         |   File "/app/manage.py", line 10, in <module>
uwsgi-1         |     execute_from_command_line(sys.argv)
uwsgi-1         |     ~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
uwsgi-1         |     utility.execute()
uwsgi-1         |     ~~~~~~~~~~~~~~~^^
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/core/management/__init__.py", line 416, in execute
uwsgi-1         |     django.setup()
uwsgi-1         |     ~~~~~~~~~~~~^^
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/__init__.py", line 24, in setup
uwsgi-1         |     apps.populate(settings.INSTALLED_APPS)
uwsgi-1         |     ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/apps/registry.py", line 91, in populate
uwsgi-1         |     app_config = AppConfig.create(entry)
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/apps/config.py", line 193, in create
uwsgi-1         |     import_module(entry)
uwsgi-1         |     ~~~~~~~~~~~~~^^^^^^^
uwsgi-1         |   File "/usr/local/lib/python3.13/importlib/__init__.py", line 88, in import_module
uwsgi-1         |     return _bootstrap._gcd_import(name[level:], package, level)
uwsgi-1         |            ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
uwsgi-1         |   File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
uwsgi-1         |   File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
uwsgi-1         |   File "<frozen importlib._bootstrap>", line 1324, in _find_and_load_unlocked
uwsgi-1         | ModuleNotFoundError: No module named 'django_linear_migrations' . try to investigating if this package is missing/not installed on the @Dockerfile.django-debian 

Steps to reproduce
Steps to reproduce the behavior:

1. Git clone https://github.com/DefectDojo/django-DefectDojo repository at master branch
2. Wrote override for both nginx and uwsgi

  nginx:
...
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.defectdojo.entrypoints=http"
+      - "traefik.http.routers.defectdojo.rule=Host(`defectdojo.mydomain.example`)"
+      - "traefik.http.middlewares.defectdojo-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.defectdojo.middlewares=defectdojo-https-redirect"
+      - "traefik.http.routers.defectdojo-secure.entrypoints=https"
+      - "traefik.http.routers.defectdojo-secure.rule=Host(`defectdojo.mydomain.example`)"
+      - "traefik.http.routers.defectdojo-secure.tls=true"
+      - "traefik.http.routers.defectdojo-secure.service=defectdojo"
+      - "traefik.http.services.defectdojo.loadbalancer.server.port=8080"
+      - "traefik.docker.network=proxy"

  uwsgi:
    environment:
...
+      # HTTPS
+      DD_SESSION_COOKIE_SECURE: 'True'
+      DD_CSRF_COOKIE_SECURE: 'True'
+      DD_CSRF_TRUSTED_ORIGINS: defectdojo.mydomain.example

4. docker compose up along with file override
5. See error

Expected behavior
DefectDojo should be started without error.

Deployment method (select with an X)

• Docker Compose
• Kubernetes
• GoDojo

Environment information

• Operating System: Red Hat Enterprise Linux 10.1 (Coughlan)
• Docker Compose version: v5.1.0
• DefectDojo version (see footer) or commit message: 3907211

---

Temporary workaround

with known error in log stated django_linear_migrations is missing, I added this package into requirements.txt

• https://pypi.org/project/django-linear-migrations/

packageurl-python==0.17.6
django-crum==0.7.9
+django-linear-migrations==2.19.0
JSON-log-formatter==1.1.1

after saving the changes and re-running docker compose build and docker compose up, the error has been resolved and web interface can be accessed using https.

[valentijnscholten]

The linear migrations package is only loaded if you have DEBUG or DD_DEBUG set to True. This is usually only the case for dev builds, which have the packages included via requirements-dev.txt. But this approach is causing some headaches, so we have decide to get rid of the linear migrations package for the next release via: #14571