From bb27aee9c2ca350673d2cdfd9ad1313247da8cd6 Mon Sep 17 00:00:00 2001 From: Kaniska Date: Thu, 16 Apr 2026 07:57:06 +0000 Subject: [PATCH 1/5] [conda] - Accept the terms of service for root and target user and conda cleanup --- src/conda/devcontainer-feature.json | 2 +- src/conda/install.sh | 23 +++++++++++++++---- .../conda/conda_channel_creation_with_root.sh | 1 + ...l_conda_package_after_upgrade_with_root.sh | 1 + test/conda/scenarios.json | 16 +++++++++++-- 5 files changed, 35 insertions(+), 8 deletions(-) create mode 120000 test/conda/conda_channel_creation_with_root.sh create mode 120000 test/conda/install_conda_package_after_upgrade_with_root.sh diff --git a/src/conda/devcontainer-feature.json b/src/conda/devcontainer-feature.json index 26d20d6a6..8c66d4ef1 100644 --- a/src/conda/devcontainer-feature.json +++ b/src/conda/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "conda", - "version": "2.0.0", + "version": "2.0.1", "name": "Conda", "description": "A cross-platform, language-agnostic binary package manager", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/conda", diff --git a/src/conda/install.sh b/src/conda/install.sh index 4ff0c6fa1..2ff409319 100644 --- a/src/conda/install.sh +++ b/src/conda/install.sh @@ -86,10 +86,23 @@ accept_anaconda_tos_if_needed() { for channel in "https://repo.anaconda.com/pkgs/main" "https://repo.anaconda.com/pkgs/r"; do echo "Accepting Conda Terms of Service for ${channel}..." + # Accept as root (for install-time commands) "${CONDA_DIR}/bin/conda" tos accept --override-channels --channel "${channel}" + # Accept as the target user (for runtime usage) + sudo_if "${CONDA_DIR}/bin/conda" tos accept --override-channels --channel "${channel}" done } +clean_conda_cache() { + "${CONDA_DIR}/bin/conda" clean --all --yes + find "${CONDA_DIR}" -type f -name '*.pyc' -delete + find "${CONDA_DIR}" -type d -name '__pycache__' -exec rm -rf {} + + rm -rf "${CONDA_DIR}/pkgs/cache" /root/.cache/pip + if [ "${USERNAME}" != "root" ]; then + rm -rf "/home/${USERNAME}/.cache/pip" + fi +} + # Install Conda if it's missing if ! conda --version &> /dev/null ; then if ! cat /etc/group | grep -e "^conda:" > /dev/null 2>&1; then @@ -147,14 +160,14 @@ if ! conda --version &> /dev/null ; then # Temporary fixes # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491 - install_user_package certifi + #install_user_package certifi # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931 - install_user_package cryptography + #install_user_package cryptography # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897 - install_user_package setuptools - - install_user_package pluggy + #install_user_package setuptools + #install_user_package pluggy + clean_conda_cache fi # Display a notice on conda when not running in GitHub Codespaces diff --git a/test/conda/conda_channel_creation_with_root.sh b/test/conda/conda_channel_creation_with_root.sh new file mode 120000 index 000000000..906864b93 --- /dev/null +++ b/test/conda/conda_channel_creation_with_root.sh @@ -0,0 +1 @@ +conda_channel_creation.sh \ No newline at end of file diff --git a/test/conda/install_conda_package_after_upgrade_with_root.sh b/test/conda/install_conda_package_after_upgrade_with_root.sh new file mode 120000 index 000000000..c3d5608a0 --- /dev/null +++ b/test/conda/install_conda_package_after_upgrade_with_root.sh @@ -0,0 +1 @@ +install_conda_package_after_upgrade.sh \ No newline at end of file diff --git a/test/conda/scenarios.json b/test/conda/scenarios.json index 36eacb10a..f7c2692cb 100644 --- a/test/conda/scenarios.json +++ b/test/conda/scenarios.json @@ -1,6 +1,6 @@ { "install_conda": { - "image": "ubuntu:noble", + "image": "mcr.microsoft.com/devcontainers/base:noble", "features": { "conda": { "version": "latest", @@ -9,12 +9,24 @@ } }, "install_conda_package_after_upgrade": { - "image": "ubuntu:noble", + "image": "mcr.microsoft.com/devcontainers/base:noble", "features": { "conda": {} } }, "conda_channel_creation": { + "image": "mcr.microsoft.com/devcontainers/base:noble", + "features": { + "conda": {} + } + }, + "install_conda_package_after_upgrade_with_root": { + "image": "ubuntu:noble", + "features": { + "conda": {} + } + }, + "conda_channel_creation_with_root": { "image": "ubuntu:noble", "features": { "conda": {} From 34bc71aba7efcfa8f2c02ab549980e938240cb0f Mon Sep 17 00:00:00 2001 From: Kaniska Date: Thu, 16 Apr 2026 10:08:05 +0000 Subject: [PATCH 2/5] Removing the version bump. --- src/conda/devcontainer-feature.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/conda/devcontainer-feature.json b/src/conda/devcontainer-feature.json index 8c66d4ef1..26d20d6a6 100644 --- a/src/conda/devcontainer-feature.json +++ b/src/conda/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "conda", - "version": "2.0.1", + "version": "2.0.0", "name": "Conda", "description": "A cross-platform, language-agnostic binary package manager", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/conda", From 25c4cdf81fd453b5c8595041295186ef36e27ce8 Mon Sep 17 00:00:00 2001 From: Kaniska Date: Thu, 16 Apr 2026 11:57:06 +0000 Subject: [PATCH 3/5] Removing commented lines. --- src/conda/install.sh | 9 --------- 1 file changed, 9 deletions(-) diff --git a/src/conda/install.sh b/src/conda/install.sh index 2ff409319..fdc050c7a 100644 --- a/src/conda/install.sh +++ b/src/conda/install.sh @@ -158,15 +158,6 @@ if ! conda --version &> /dev/null ; then find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s - # Temporary fixes - # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491 - #install_user_package certifi - # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931 - #install_user_package cryptography - # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897 - #install_user_package setuptools - - #install_user_package pluggy clean_conda_cache fi From 5630e55ac8248bcddc03d5ba9f4b10347054fc87 Mon Sep 17 00:00:00 2001 From: Kaniska Date: Thu, 16 Apr 2026 12:09:04 +0000 Subject: [PATCH 4/5] Retrigger test --- src/conda/NOTES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/conda/NOTES.md b/src/conda/NOTES.md index 98189ccc4..3af28c5e0 100644 --- a/src/conda/NOTES.md +++ b/src/conda/NOTES.md @@ -1,6 +1,6 @@ ## Using Conda -This Feature includes [the `conda` package manager](https://docs.conda.io/projects/conda/en/latest/index.html) which is a part of the [Anaconda Distribution](https://repo.anaconda.com). Additional packages installed using Conda will be downloaded from Anaconda or another repository if you configure one. To reconfigure Conda in this container to access an alternative repository, please see information on [configuring Conda channels here](https://docs.conda.io/projects/conda/en/latest/user-guide/concepts/channels.html ). +This Feature includes [the `conda` package manager](https://docs.conda.io/projects/conda/en/latest/index.html) which is a part of the [Anaconda Distribution](https://repo.anaconda.com). Additional packages installed using Conda will be downloaded from Anaconda or another repository if you configure one. To reconfigure Conda in this container to access an alternative repository, please see information on [configuring Conda channels here](https://docs.conda.io/projects/conda/en/latest/user-guide/concepts/channels.html). Access to the Anaconda repository is covered by the [Anaconda Terms of Service](https://legal.anaconda.com/policies/en/?name=terms-of-service), which may require some organizations to obtain a commercial license from Anaconda. **However**, when used with GitHub Codespaces or GitHub Actions, **all users are permitted** to use the Anaconda Repository through the service, including organizations normally required by Anaconda to obtain a paid license for commercial activities. Note that third-party packages may be licensed by their publishers in ways that impact your intellectual property, and are used at your own risk. From 7ccd2f74cdd7f3e95895e7a46e9fee660e7ca399 Mon Sep 17 00:00:00 2001 From: Kaniska Date: Thu, 16 Apr 2026 13:25:58 +0000 Subject: [PATCH 5/5] Revert the notes change --- src/conda/NOTES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/conda/NOTES.md b/src/conda/NOTES.md index 3af28c5e0..98189ccc4 100644 --- a/src/conda/NOTES.md +++ b/src/conda/NOTES.md @@ -1,6 +1,6 @@ ## Using Conda -This Feature includes [the `conda` package manager](https://docs.conda.io/projects/conda/en/latest/index.html) which is a part of the [Anaconda Distribution](https://repo.anaconda.com). Additional packages installed using Conda will be downloaded from Anaconda or another repository if you configure one. To reconfigure Conda in this container to access an alternative repository, please see information on [configuring Conda channels here](https://docs.conda.io/projects/conda/en/latest/user-guide/concepts/channels.html). +This Feature includes [the `conda` package manager](https://docs.conda.io/projects/conda/en/latest/index.html) which is a part of the [Anaconda Distribution](https://repo.anaconda.com). Additional packages installed using Conda will be downloaded from Anaconda or another repository if you configure one. To reconfigure Conda in this container to access an alternative repository, please see information on [configuring Conda channels here](https://docs.conda.io/projects/conda/en/latest/user-guide/concepts/channels.html ). Access to the Anaconda repository is covered by the [Anaconda Terms of Service](https://legal.anaconda.com/policies/en/?name=terms-of-service), which may require some organizations to obtain a commercial license from Anaconda. **However**, when used with GitHub Codespaces or GitHub Actions, **all users are permitted** to use the Anaconda Repository through the service, including organizations normally required by Anaconda to obtain a paid license for commercial activities. Note that third-party packages may be licensed by their publishers in ways that impact your intellectual property, and are used at your own risk.