aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSamruddhi Khandale <skhandale@microsoft.com>2023-01-10 01:49:43 +0300
committerGitHub <noreply@github.com>2023-01-10 01:49:43 +0300
commit59fa3e3c21fd2c896da2d3272604509ea9a55a91 (patch)
tree3f5fa14326b0fbd514a195472615dce5f78656d6
parent04143e31ff4ef64f44603492a4052fe7b03de7bd (diff)
Conda: Update 'certifi' due to CVE-2022-23491 (#383)
Diffstat
-rw-r--r--src/conda/devcontainer-feature.json2
-rw-r--r--src/conda/install.sh17
-rwxr-xr-xtest/conda/test.sh20
3 files changed, 38 insertions, 1 deletions
diff --git a/src/conda/devcontainer-feature.json b/src/conda/devcontainer-feature.json
index 8ff6499..488de41 100644
--- a/src/conda/devcontainer-feature.json
+++ b/src/conda/devcontainer-feature.json
@@ -1,6 +1,6 @@
{
"id": "conda",
- "version": "1.0.6",
+ "version": "1.0.7",
"name": "Conda",
"description": "A cross-platform, language-agnostic binary package manager",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/conda",
diff --git a/src/conda/install.sh b/src/conda/install.sh
index 6e90882..55b280c 100644
--- a/src/conda/install.sh
+++ b/src/conda/install.sh
@@ -61,6 +61,20 @@ check_packages() {
fi
}
+sudo_if() {
+ COMMAND="$*"
+ if [ "$(id -u)" -eq 0 ] && [ "$USERNAME" != "root" ]; then
+ su - "$USERNAME" -c "$COMMAND"
+ else
+ $COMMAND
+ fi
+}
+
+install_user_package() {
+ PACKAGE="$1"
+ sudo_if "${CONDA_DIR}/bin/python3" -m pip install --user --upgrade "$PACKAGE"
+}
+
# Install Conda if it's missing
if ! conda --version &> /dev/null ; then
if ! cat /etc/group | grep -e "^conda:" > /dev/null 2>&1; then
@@ -99,6 +113,9 @@ if ! conda --version &> /dev/null ; then
chmod -R g+r+w "${CONDA_DIR}"
find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s
+
+ # Temporary due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
+ install_user_package certifi
fi
# Display a notice on conda when not running in GitHub Codespaces
diff --git a/test/conda/test.sh b/test/conda/test.sh
index f300217..8a88511 100755
--- a/test/conda/test.sh
+++ b/test/conda/test.sh
@@ -12,5 +12,25 @@ check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/cond
# Check env
check "CONDA_SCRIPT is set correctly" echo $CONDA_SCRIPT | grep "/opt/conda/etc/profile.d/conda.sh"
+check-version-ge() {
+ LABEL=$1
+ CURRENT_VERSION=$2
+ REQUIRED_VERSION=$3
+ shift
+ echo -e "\n🧪 Testing $LABEL: '$CURRENT_VERSION' is >= '$REQUIRED_VERSION'"
+ local GREATER_VERSION=$((echo ${CURRENT_VERSION}; echo ${REQUIRED_VERSION}) | sort -V | tail -1)
+ if [ "${CURRENT_VERSION}" == "${GREATER_VERSION}" ]; then
+ echo "✅ Passed!"
+ return 0
+ else
+ echoStderr "❌ $LABEL check failed."
+ FAILED+=("$LABEL")
+ return 1
+ fi
+}
+
+certifiVersion=$(python -c "import certifi; print(certifi.__version__)")
+check-version-ge "certifi" "${certifiVersion}" "2022.12.07"
+
# Report result
reportResults
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 02:06:35 +0300