Skip to content

D
devcontainer-features
Unverified Commit 59fa3e3c authored by Samruddhi Khandale's avatar Samruddhi Khandale Committed by GitHub
Browse files
Options

Conda: Update 'certifi' due to CVE-2022-23491 (#383)

parent 04143e31
Hide whitespace changes
Inline Side-by-side
Showing with 38 additions and 1 deletion
src/conda/devcontainer-feature.json
View file @ 59fa3e3c
{ {
"id": "conda", "id": "conda",
"version": "1.0.6", "version": "1.0.7",
"name": "Conda", "name": "Conda",
"description": "A cross-platform, language-agnostic binary package manager", "description": "A cross-platform, language-agnostic binary package manager",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/conda", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/conda",
......
src/conda/install.sh
View file @ 59fa3e3c
...@@ -61,6 +61,20 @@ check_packages() { ...@@ -61,6 +61,20 @@ check_packages() {
fi fi
} }
sudo_if() {
COMMAND="$*"
if [ "$(id -u)" -eq 0 ] && [ "$USERNAME" != "root" ]; then
su - "$USERNAME" -c "$COMMAND"
else
$COMMAND
fi
}
install_user_package() {
PACKAGE="$1"
sudo_if "${CONDA_DIR}/bin/python3" -m pip install --user --upgrade "$PACKAGE"
}
# Install Conda if it's missing # Install Conda if it's missing
if ! conda --version &> /dev/null ; then if ! conda --version &> /dev/null ; then
if ! cat /etc/group | grep -e "^conda:" > /dev/null 2>&1; then if ! cat /etc/group | grep -e "^conda:" > /dev/null 2>&1; then
...@@ -99,6 +113,9 @@ if ! conda --version &> /dev/null ; then ...@@ -99,6 +113,9 @@ if ! conda --version &> /dev/null ; then
chmod -R g+r+w "${CONDA_DIR}" chmod -R g+r+w "${CONDA_DIR}"
find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s
# Temporary due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
install_user_package certifi
fi fi
# Display a notice on conda when not running in GitHub Codespaces # Display a notice on conda when not running in GitHub Codespaces
......
test/conda/test.sh
View file @ 59fa3e3c
...@@ -12,5 +12,25 @@ check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/cond ...@@ -12,5 +12,25 @@ check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/cond
# Check env # Check env
check "CONDA_SCRIPT is set correctly" echo $CONDA_SCRIPT | grep "/opt/conda/etc/profile.d/conda.sh" check "CONDA_SCRIPT is set correctly" echo $CONDA_SCRIPT | grep "/opt/conda/etc/profile.d/conda.sh"
check-version-ge() {
LABEL=$1
CURRENT_VERSION=$2
REQUIRED_VERSION=$3
shift
echo -e "\n🧪 Testing $LABEL: '$CURRENT_VERSION' is >= '$REQUIRED_VERSION'"
local GREATER_VERSION=$((echo ${CURRENT_VERSION}; echo ${REQUIRED_VERSION}) | sort -V | tail -1)
if [ "${CURRENT_VERSION}" == "${GREATER_VERSION}" ]; then
echo "✅ Passed!"
return 0
else
echoStderr "❌ $LABEL check failed."
FAILED+=("$LABEL")
return 1
fi
}
certifiVersion=$(python -c "import certifi; print(certifi.__version__)")
check-version-ge "certifi" "${certifiVersion}" "2022.12.07"
# Report result # Report result
reportResults reportResults
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment