Conda: Update 'certifi' due to CVE-2022-23491 (#383)

2 files changed, 18 insertions, 1 deletions

diff --git a/src/conda/devcontainer-feature.json b/src/conda/devcontainer-feature.json
index 8ff6499..488de41 100644
--- a/src/conda/devcontainer-feature.json
+++ b/src/conda/devcontainer-feature.json
@@ -1,6 +1,6 @@
 {
     "id": "conda",
-    "version": "1.0.6",
+    "version": "1.0.7",
     "name": "Conda",
     "description": "A cross-platform, language-agnostic binary package manager",
     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/conda",
diff --git a/src/conda/install.sh b/src/conda/install.sh
index 6e90882..55b280c 100644
--- a/src/conda/install.sh
+++ b/src/conda/install.sh
@@ -61,6 +61,20 @@ check_packages() {
     fi
 }
 
+sudo_if() {
+    COMMAND="$*"
+    if [ "$(id -u)" -eq 0 ] && [ "$USERNAME" != "root" ]; then
+        su - "$USERNAME" -c "$COMMAND"
+    else
+        $COMMAND
+    fi
+}
+
+install_user_package() {
+    PACKAGE="$1"
+    sudo_if "${CONDA_DIR}/bin/python3" -m pip install --user --upgrade "$PACKAGE"
+}
+
 # Install Conda if it's missing
 if ! conda --version &> /dev/null ; then
     if ! cat /etc/group | grep -e "^conda:" > /dev/null 2>&1; then
@@ -99,6 +113,9 @@ if ! conda --version &> /dev/null ; then
     chmod -R g+r+w "${CONDA_DIR}"
     
     find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s
+
+    # Temporary due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
+    install_user_package certifi
 fi
 
 # Display a notice on conda when not running in GitHub Codespaces