From 3e28686bed2c062f86165a9fb1b051305f64cb06 Mon Sep 17 00:00:00 2001 From: Kaniska244 Date: Mon, 21 Apr 2025 09:15:30 +0000 Subject: [PATCH 01/14] anaconda feature installation support for arm64/ aarch64. --- src/anaconda/devcontainer-feature.json | 2 +- src/anaconda/install.sh | 65 +++++++++++++++---- test/anaconda/install_anaconda_bookworm.sh | 30 +++++++++ test/anaconda/install_anaconda_bullseye.sh | 30 +++++++++ test/anaconda/install_anaconda_jammy.sh | 30 +++++++++ test/anaconda/install_anaconda_noble.sh | 30 +++++++++ .../install_anaconda_noble_without_user.sh | 30 +++++++++ test/anaconda/scenarios.json | 47 ++++++++++++++ 8 files changed, 251 insertions(+), 13 deletions(-) create mode 100644 test/anaconda/install_anaconda_bookworm.sh create mode 100644 test/anaconda/install_anaconda_bullseye.sh create mode 100644 test/anaconda/install_anaconda_jammy.sh create mode 100644 test/anaconda/install_anaconda_noble.sh create mode 100644 test/anaconda/install_anaconda_noble_without_user.sh create mode 100644 test/anaconda/scenarios.json diff --git a/src/anaconda/devcontainer-feature.json b/src/anaconda/devcontainer-feature.json index e4779279b..cc83389bc 100644 --- a/src/anaconda/devcontainer-feature.json +++ b/src/anaconda/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "anaconda", - "version": "1.0.13", + "version": "1.0.14", "name": "Anaconda", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/anaconda", "options": { diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index 7c7af5b00..563178af3 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -13,11 +13,11 @@ USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}" UPDATE_RC="${UPDATE_RC:-"true"}" CONDA_DIR="${CONDA_DIR:-"/usr/local/conda"}" -set -eux +set -exo pipefail export DEBIAN_FRONTEND=noninteractive # Clean up -rm -rf /var/lib/apt/lists/* +rm -rf /var/lib/apt/lists/* if [ "$(id -u)" -ne 0 ]; then echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' @@ -47,7 +47,12 @@ elif [ "${USERNAME}" = "none" ] || ! id -u ${USERNAME} > /dev/null 2>&1; then fi architecture="$(uname -m)" -if [ "${architecture}" != "x86_64" ]; then +# Normalize arm64 to aarch64 for consistency +if [ "${architecture}" = "arm64" ]; then + architecture="aarch64" +fi + +if [ "${architecture}" != "x86_64" ] && [ "${architecture}" != "aarch64" ]; then echo "(!) Architecture $architecture unsupported" exit 1 fi @@ -75,6 +80,20 @@ check_packages() { fi } +sudo_if() { + COMMAND="$*" + if [ "$(id -u)" -eq 0 ] && [ "$USERNAME" != "root" ]; then + su - "$USERNAME" -c "$COMMAND" + else + $COMMAND + fi +} + +install_user_package() { + PACKAGE="$1" + sudo_if "${CONDA_DIR}/bin/python3" -m pip install --user --upgrade "$PACKAGE" +} + # Install Conda if it's missing if ! conda --version &> /dev/null ; then if ! cat /etc/group | grep -e "^conda:" > /dev/null 2>&1; then @@ -83,30 +102,51 @@ if ! conda --version &> /dev/null ; then usermod -a -G conda "${USERNAME}" # Install dependencies - check_packages wget ca-certificates + check_packages wget ca-certificates libgtk-3-0 mkdir -p $CONDA_DIR + chown -R "${USERNAME}:conda" "${CONDA_DIR}" - chmod -R g+r+w "${CONDA_DIR}" - - find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s + chmod -R g+r+w "${CONDA_DIR}" + echo "Installing Anaconda..." CONDA_VERSION=$VERSION if [ "${VERSION}" = "latest" ] || [ "${VERSION}" = "lts" ]; then - CONDA_VERSION="2021.11" + CONDA_VERSION="2024.10-1" fi - su --login -c "export http_proxy=${http_proxy:-} && export https_proxy=${https_proxy:-} \ - && wget -q https://repo.anaconda.com/archive/Anaconda3-${CONDA_VERSION}-Linux-x86_64.sh -O /tmp/anaconda-install.sh \ - && /bin/bash /tmp/anaconda-install.sh -u -b -p ${CONDA_DIR}" ${USERNAME} 2>&1 + if [ "${architecture}" = "x86_64" ]; then + su --login -c "export http_proxy=${http_proxy:-} && export https_proxy=${https_proxy:-} \ + && wget -q https://repo.anaconda.com/archive/Anaconda3-${CONDA_VERSION}-Linux-x86_64.sh -O /tmp/anaconda-install.sh \ + && /bin/bash /tmp/anaconda-install.sh -u -b -p ${CONDA_DIR}" ${USERNAME} 2>&1 + elif [ "${architecture}" = "aarch64" ]; then + su --login -c "export http_proxy=${http_proxy:-} && export https_proxy=${https_proxy:-} \ + && wget -q https://repo.anaconda.com/archive/Anaconda3-${CONDA_VERSION}-Linux-aarch64.sh -O /tmp/anaconda-install.sh \ + && /bin/bash /tmp/anaconda-install.sh -u -b -p ${CONDA_DIR}" ${USERNAME} 2>&1 + fi if [ "${VERSION}" = "latest" ] || [ "${VERSION}" = "lts" ]; then PATH=$PATH:${CONDA_DIR}/bin conda update -y conda fi - rm /tmp/anaconda-install.sh + chown -R "${USERNAME}:conda" "${CONDA_DIR}" + chmod -R g+r+w "${CONDA_DIR}" + + find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s + + # Temporary fixes + # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491 + install_user_package certifi + # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931 + install_user_package pyopenssl + install_user_package cryptography + # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897 + install_user_package setuptools + install_user_package tornado + + rm /tmp/anaconda-install.sh updaterc "export CONDA_DIR=${CONDA_DIR}/bin" fi @@ -136,6 +176,7 @@ if [ -f "/etc/bash.bashrc" ]; then fi # Clean up +apt-get -y clean rm -rf /var/lib/apt/lists/* echo "Done!" diff --git a/test/anaconda/install_anaconda_bookworm.sh b/test/anaconda/install_anaconda_bookworm.sh new file mode 100644 index 000000000..4a17f3dc1 --- /dev/null +++ b/test/anaconda/install_anaconda_bookworm.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +set -e + +# Optional: Import test library +source dev-container-features-test-lib + +# Definition specific tests +check "conda" conda --version +check "python" python --version +check "pylint" pylint --version +check "flake8" flake8 --version +check "autopep8" autopep8 --version +check "yapf" yapf --version +check "pydocstyle" pydocstyle --version +check "pycodestyle" pycodestyle --version +check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/conda-notice.txt + +check "certifi" pip show certifi | grep Version +check "cryptography" pip show cryptography | grep Version +check "setuptools" pip show setuptools | grep Version +check "tornado" pip show tornado | grep Version + +check "conda-update-conda" bash -c "conda update -y conda" +check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow" +check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch" + +# Report result +reportResults + diff --git a/test/anaconda/install_anaconda_bullseye.sh b/test/anaconda/install_anaconda_bullseye.sh new file mode 100644 index 000000000..4a17f3dc1 --- /dev/null +++ b/test/anaconda/install_anaconda_bullseye.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +set -e + +# Optional: Import test library +source dev-container-features-test-lib + +# Definition specific tests +check "conda" conda --version +check "python" python --version +check "pylint" pylint --version +check "flake8" flake8 --version +check "autopep8" autopep8 --version +check "yapf" yapf --version +check "pydocstyle" pydocstyle --version +check "pycodestyle" pycodestyle --version +check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/conda-notice.txt + +check "certifi" pip show certifi | grep Version +check "cryptography" pip show cryptography | grep Version +check "setuptools" pip show setuptools | grep Version +check "tornado" pip show tornado | grep Version + +check "conda-update-conda" bash -c "conda update -y conda" +check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow" +check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch" + +# Report result +reportResults + diff --git a/test/anaconda/install_anaconda_jammy.sh b/test/anaconda/install_anaconda_jammy.sh new file mode 100644 index 000000000..4a17f3dc1 --- /dev/null +++ b/test/anaconda/install_anaconda_jammy.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +set -e + +# Optional: Import test library +source dev-container-features-test-lib + +# Definition specific tests +check "conda" conda --version +check "python" python --version +check "pylint" pylint --version +check "flake8" flake8 --version +check "autopep8" autopep8 --version +check "yapf" yapf --version +check "pydocstyle" pydocstyle --version +check "pycodestyle" pycodestyle --version +check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/conda-notice.txt + +check "certifi" pip show certifi | grep Version +check "cryptography" pip show cryptography | grep Version +check "setuptools" pip show setuptools | grep Version +check "tornado" pip show tornado | grep Version + +check "conda-update-conda" bash -c "conda update -y conda" +check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow" +check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch" + +# Report result +reportResults + diff --git a/test/anaconda/install_anaconda_noble.sh b/test/anaconda/install_anaconda_noble.sh new file mode 100644 index 000000000..4a17f3dc1 --- /dev/null +++ b/test/anaconda/install_anaconda_noble.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +set -e + +# Optional: Import test library +source dev-container-features-test-lib + +# Definition specific tests +check "conda" conda --version +check "python" python --version +check "pylint" pylint --version +check "flake8" flake8 --version +check "autopep8" autopep8 --version +check "yapf" yapf --version +check "pydocstyle" pydocstyle --version +check "pycodestyle" pycodestyle --version +check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/conda-notice.txt + +check "certifi" pip show certifi | grep Version +check "cryptography" pip show cryptography | grep Version +check "setuptools" pip show setuptools | grep Version +check "tornado" pip show tornado | grep Version + +check "conda-update-conda" bash -c "conda update -y conda" +check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow" +check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch" + +# Report result +reportResults + diff --git a/test/anaconda/install_anaconda_noble_without_user.sh b/test/anaconda/install_anaconda_noble_without_user.sh new file mode 100644 index 000000000..4a17f3dc1 --- /dev/null +++ b/test/anaconda/install_anaconda_noble_without_user.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +set -e + +# Optional: Import test library +source dev-container-features-test-lib + +# Definition specific tests +check "conda" conda --version +check "python" python --version +check "pylint" pylint --version +check "flake8" flake8 --version +check "autopep8" autopep8 --version +check "yapf" yapf --version +check "pydocstyle" pydocstyle --version +check "pycodestyle" pycodestyle --version +check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/conda-notice.txt + +check "certifi" pip show certifi | grep Version +check "cryptography" pip show cryptography | grep Version +check "setuptools" pip show setuptools | grep Version +check "tornado" pip show tornado | grep Version + +check "conda-update-conda" bash -c "conda update -y conda" +check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow" +check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch" + +# Report result +reportResults + diff --git a/test/anaconda/scenarios.json b/test/anaconda/scenarios.json new file mode 100644 index 000000000..e58c9f712 --- /dev/null +++ b/test/anaconda/scenarios.json @@ -0,0 +1,47 @@ +{ + "install_anaconda_noble": { + "image": "mcr.microsoft.com/devcontainers/base:noble", + "user": "vscode", + "features": { + "anaconda": { + "version": "latest" + } + } + }, + "install_anaconda_jammy": { + "image": "mcr.microsoft.com/devcontainers/base:jammy", + "user": "vscode", + "features": { + "anaconda": { + "version": "latest" + } + } + }, + "install_anaconda_bookworm": { + "image": "mcr.microsoft.com/devcontainers/base:bookworm", + "user": "vscode", + "features": { + "anaconda": { + "version": "latest" + } + } + }, + "install_anaconda_bullseye": { + "image": "mcr.microsoft.com/devcontainers/base:bullseye", + "user": "vscode", + "features": { + "anaconda": { + "version": "latest" + } + } + }, + "install_anaconda_noble_without_user": { + "image": "mcr.microsoft.com/devcontainers/base:noble", + "features": { + "anaconda": { + "version": "latest" + } + } + } +} + From 48ef5f6b7ccce852853ac35add502b0b1ed0834e Mon Sep 17 00:00:00 2001 From: Kaniska Date: Thu, 17 Jul 2025 14:27:35 +0000 Subject: [PATCH 02/14] Adding support for RHEL based linux distributions. --- src/anaconda/README.md | 3 +- src/anaconda/install.sh | 165 ++++++++++++++++-- test/anaconda/install_anaconda_almalinux8.sh | 31 ++++ test/anaconda/install_anaconda_almalinux9.sh | 31 ++++ test/anaconda/install_anaconda_fedora.sh | 31 ++++ test/anaconda/install_anaconda_rockylinux8.sh | 31 ++++ test/anaconda/install_anaconda_rockylinux9.sh | 32 ++++ test/anaconda/scenarios.json | 43 ++++- 8 files changed, 345 insertions(+), 22 deletions(-) create mode 100644 test/anaconda/install_anaconda_almalinux8.sh create mode 100644 test/anaconda/install_anaconda_almalinux9.sh create mode 100644 test/anaconda/install_anaconda_fedora.sh create mode 100644 test/anaconda/install_anaconda_rockylinux8.sh create mode 100644 test/anaconda/install_anaconda_rockylinux9.sh diff --git a/src/anaconda/README.md b/src/anaconda/README.md index 3346823b4..4aa3a2cb7 100644 --- a/src/anaconda/README.md +++ b/src/anaconda/README.md @@ -35,7 +35,8 @@ conda install python=3.7 ## OS Support This Feature should work on recent versions of Debian/Ubuntu-based distributions with the `apt` package manager installed. - +Also RHEL based linux distributions such as almalinux, rockylinux, fedora are supported now. +Please do note that Alpine and cbl-mariner aren't supported due system level restrictions with the anaconda installer in alpine linux and `groupadd`, `usermod`, `awk` commands not being supported in mariner. `bash` is required to execute the `install.sh` script. diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index 563178af3..3dd227b2c 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -16,8 +16,60 @@ CONDA_DIR="${CONDA_DIR:-"/usr/local/conda"}" set -exo pipefail export DEBIAN_FRONTEND=noninteractive +# Detect package manager and set install command +detect_package_manager() { + if command -v apt-get > /dev/null; then + PKG_MANAGER="apt-get" + PKG_UPDATE="apt-get update -y" + PKG_INSTALL="apt-get -y install --no-install-recommends" + PKG_CLEAN="apt-get -y clean" + PKG_LISTS="/var/lib/apt/lists/*" + PKG_QUERY="dpkg -s" + elif command -v apk > /dev/null; then + PKG_MANAGER="apk" + PKG_UPDATE="apk update" + PKG_INSTALL="apk add --no-cache" + PKG_CLEAN="rm -rf /var/cache/apk/*" + PKG_LISTS="/var/cache/apk/*" + PKG_QUERY="apk info -e" + elif command -v dnf > /dev/null; then + PKG_MANAGER="dnf" + PKG_UPDATE="dnf -y makecache" + PKG_INSTALL="dnf -y install" + PKG_CLEAN="dnf clean all" + PKG_LISTS="/var/cache/dnf/*" + PKG_QUERY="rpm -q" + elif command -v microdnf > /dev/null; then + PKG_MANAGER="microdnf" + PKG_UPDATE="microdnf update" + PKG_INSTALL="microdnf install -y" + PKG_CLEAN="microdnf clean all" + PKG_LISTS="/var/cache/yum/*" + PKG_QUERY="rpm -q" + elif command -v tdnf > /dev/null; then + PKG_MANAGER="tdnf" + PKG_UPDATE="tdnf makecache" + PKG_INSTALL="tdnf install -y" + PKG_CLEAN="tdnf clean all" + PKG_LISTS="/var/cache/tdnf/*" + PKG_QUERY="rpm -q" + elif command -v yum > /dev/null; then + PKG_MANAGER="yum" + PKG_UPDATE="yum -y makecache" + PKG_INSTALL="yum -y install" + PKG_CLEAN="yum clean all" + PKG_LISTS="/var/cache/yum/*" + PKG_QUERY="rpm -q" + else + echo "No supported package manager found (apt-get, apk, dnf, microdnf, tdnf, yum)." + exit 1 + fi +} + +detect_package_manager + # Clean up -rm -rf /var/lib/apt/lists/* +rm -rf $PKG_LISTS if [ "$(id -u)" -ne 0 ]; then echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' @@ -71,21 +123,47 @@ updaterc() { # Checks if packages are installed and installs them if not check_packages() { - if ! dpkg -s "$@" > /dev/null 2>&1; then - if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then - echo "Running apt-get update..." - apt-get update -y + for pkg in "$@"; do + if [ "$PKG_MANAGER" = "apt-get" ]; then + if ! dpkg -s "$pkg" > /dev/null 2>&1; then + if [ "$(find $PKG_LISTS | wc -l)" = "0" ]; then + echo "Running $PKG_UPDATE..." + eval "$PKG_UPDATE" + fi + eval "$PKG_INSTALL $pkg" + fi + elif [ "$PKG_MANAGER" = "apk" ]; then + if ! apk info -e "$pkg" > /dev/null 2>&1; then + echo "Running $PKG_UPDATE..." + eval "$PKG_UPDATE" + eval "$PKG_INSTALL $pkg" + fi + else + if ! rpm -q "$pkg" > /dev/null 2>&1; then + echo "Running $PKG_UPDATE..." + eval "$PKG_UPDATE" + eval "$PKG_INSTALL $pkg" + fi fi - apt-get -y install --no-install-recommends "$@" - fi + done } sudo_if() { COMMAND="$*" if [ "$(id -u)" -eq 0 ] && [ "$USERNAME" != "root" ]; then - su - "$USERNAME" -c "$COMMAND" + if command -v runuser > /dev/null; then + runuser -l "$USERNAME" -c "$COMMAND" + elif command -v su > /dev/null; then + su - "$USERNAME" -c "$COMMAND" + elif command -v sudo > /dev/null; then + sudo -u "$USERNAME" -i bash -c "$COMMAND" + else + # Fallback: execute as root (not ideal but works in containers) + echo "Warning: No user switching command available, running as root" + eval "$COMMAND" + fi else - $COMMAND + eval "$COMMAND" fi } @@ -94,6 +172,45 @@ install_user_package() { sudo_if "${CONDA_DIR}/bin/python3" -m pip install --user --upgrade "$PACKAGE" } +run_as_user() { + local user="$1" + shift + local cmd="$*" + + if command -v runuser > /dev/null; then + if [ "$PKG_MANAGER" = "apk" ]; then + runuser "$user" -c "$cmd" + else + runuser -l "$user" -c "$cmd" + fi + elif command -v su > /dev/null; then + if [ "$PKG_MANAGER" = "apk" ]; then + su "$user" -c "$cmd" + else + su --login -c "$cmd" "$user" + fi + elif command -v sudo > /dev/null; then + if [ "$PKG_MANAGER" = "apk" ]; then + sudo -u "$user" sh -c "$cmd" + else + sudo -u "$user" -i bash -c "$cmd" + fi + else + echo "Warning: No user switching command available, running as root" + eval "$cmd" + fi +} +# Set permissions for directories recursively +set_directory_permissions() { + local dir="$1" + for item in "$dir"/*; do + if [ -d "$item" ]; then + chmod g+s "$item" + set_directory_permissions "$item" + fi + done +} + # Install Conda if it's missing if ! conda --version &> /dev/null ; then if ! cat /etc/group | grep -e "^conda:" > /dev/null 2>&1; then @@ -102,7 +219,13 @@ if ! conda --version &> /dev/null ; then usermod -a -G conda "${USERNAME}" # Install dependencies - check_packages wget ca-certificates libgtk-3-0 + if [ "$PKG_MANAGER" = "apt-get" ]; then + check_packages wget ca-certificates libgtk-3-0 + elif [ "$PKG_MANAGER" = "apk" ]; then + check_packages wget ca-certificates gtk+3.0 + else + check_packages wget ca-certificates gtk3 + fi mkdir -p $CONDA_DIR @@ -117,13 +240,13 @@ if ! conda --version &> /dev/null ; then fi if [ "${architecture}" = "x86_64" ]; then - su --login -c "export http_proxy=${http_proxy:-} && export https_proxy=${https_proxy:-} \ + run_as_user "${USERNAME}" "export http_proxy=${http_proxy:-} && export https_proxy=${https_proxy:-} \ && wget -q https://repo.anaconda.com/archive/Anaconda3-${CONDA_VERSION}-Linux-x86_64.sh -O /tmp/anaconda-install.sh \ - && /bin/bash /tmp/anaconda-install.sh -u -b -p ${CONDA_DIR}" ${USERNAME} 2>&1 + && /bin/bash /tmp/anaconda-install.sh -u -b -p ${CONDA_DIR}" elif [ "${architecture}" = "aarch64" ]; then - su --login -c "export http_proxy=${http_proxy:-} && export https_proxy=${https_proxy:-} \ + run_as_user "${USERNAME}" "export http_proxy=${http_proxy:-} && export https_proxy=${https_proxy:-} \ && wget -q https://repo.anaconda.com/archive/Anaconda3-${CONDA_VERSION}-Linux-aarch64.sh -O /tmp/anaconda-install.sh \ - && /bin/bash /tmp/anaconda-install.sh -u -b -p ${CONDA_DIR}" ${USERNAME} 2>&1 + && /bin/bash /tmp/anaconda-install.sh -u -b -p ${CONDA_DIR}" fi if [ "${VERSION}" = "latest" ] || [ "${VERSION}" = "lts" ]; then @@ -132,9 +255,13 @@ if ! conda --version &> /dev/null ; then fi chown -R "${USERNAME}:conda" "${CONDA_DIR}" - chmod -R g+r+w "${CONDA_DIR}" + chmod -R g+r+w "${CONDA_DIR}" - find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s + # Only set permissions if CONDA_DIR exists and is a directory + if [ -d "${CONDA_DIR}" ]; then + chmod g+s "${CONDA_DIR}" + set_directory_permissions "${CONDA_DIR}" + fi # Temporary fixes # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491 @@ -175,8 +302,8 @@ if [ -f "/etc/bash.bashrc" ]; then echo "${notice_script}" | tee -a /etc/bash.bashrc fi -# Clean up -apt-get -y clean -rm -rf /var/lib/apt/lists/* +# Final clean up +eval "$PKG_CLEAN" +rm -rf $PKG_LISTS echo "Done!" diff --git a/test/anaconda/install_anaconda_almalinux8.sh b/test/anaconda/install_anaconda_almalinux8.sh new file mode 100644 index 000000000..416d32a2b --- /dev/null +++ b/test/anaconda/install_anaconda_almalinux8.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +set -e + +# Optional: Import test library +source dev-container-features-test-lib + +# Definition specific tests +check "conda" conda --version +check "python" python --version +check "pylint" pylint --version +check "flake8" flake8 --version +check "autopep8" autopep8 --version +check "yapf" yapf --version +check "pydocstyle" pydocstyle --version +check "pycodestyle" pycodestyle --version +check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/conda-notice.txt + +check "certifi" pip show certifi | grep Version +check "cryptography" pip show cryptography | grep Version +check "setuptools" pip show setuptools | grep Version +check "tornado" pip show tornado | grep Version + +check "conda-update-conda" bash -c "conda update -y conda" +check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow" +check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch" + +# Report result +reportResults + + diff --git a/test/anaconda/install_anaconda_almalinux9.sh b/test/anaconda/install_anaconda_almalinux9.sh new file mode 100644 index 000000000..416d32a2b --- /dev/null +++ b/test/anaconda/install_anaconda_almalinux9.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +set -e + +# Optional: Import test library +source dev-container-features-test-lib + +# Definition specific tests +check "conda" conda --version +check "python" python --version +check "pylint" pylint --version +check "flake8" flake8 --version +check "autopep8" autopep8 --version +check "yapf" yapf --version +check "pydocstyle" pydocstyle --version +check "pycodestyle" pycodestyle --version +check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/conda-notice.txt + +check "certifi" pip show certifi | grep Version +check "cryptography" pip show cryptography | grep Version +check "setuptools" pip show setuptools | grep Version +check "tornado" pip show tornado | grep Version + +check "conda-update-conda" bash -c "conda update -y conda" +check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow" +check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch" + +# Report result +reportResults + + diff --git a/test/anaconda/install_anaconda_fedora.sh b/test/anaconda/install_anaconda_fedora.sh new file mode 100644 index 000000000..416d32a2b --- /dev/null +++ b/test/anaconda/install_anaconda_fedora.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +set -e + +# Optional: Import test library +source dev-container-features-test-lib + +# Definition specific tests +check "conda" conda --version +check "python" python --version +check "pylint" pylint --version +check "flake8" flake8 --version +check "autopep8" autopep8 --version +check "yapf" yapf --version +check "pydocstyle" pydocstyle --version +check "pycodestyle" pycodestyle --version +check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/conda-notice.txt + +check "certifi" pip show certifi | grep Version +check "cryptography" pip show cryptography | grep Version +check "setuptools" pip show setuptools | grep Version +check "tornado" pip show tornado | grep Version + +check "conda-update-conda" bash -c "conda update -y conda" +check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow" +check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch" + +# Report result +reportResults + + diff --git a/test/anaconda/install_anaconda_rockylinux8.sh b/test/anaconda/install_anaconda_rockylinux8.sh new file mode 100644 index 000000000..416d32a2b --- /dev/null +++ b/test/anaconda/install_anaconda_rockylinux8.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +set -e + +# Optional: Import test library +source dev-container-features-test-lib + +# Definition specific tests +check "conda" conda --version +check "python" python --version +check "pylint" pylint --version +check "flake8" flake8 --version +check "autopep8" autopep8 --version +check "yapf" yapf --version +check "pydocstyle" pydocstyle --version +check "pycodestyle" pycodestyle --version +check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/conda-notice.txt + +check "certifi" pip show certifi | grep Version +check "cryptography" pip show cryptography | grep Version +check "setuptools" pip show setuptools | grep Version +check "tornado" pip show tornado | grep Version + +check "conda-update-conda" bash -c "conda update -y conda" +check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow" +check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch" + +# Report result +reportResults + + diff --git a/test/anaconda/install_anaconda_rockylinux9.sh b/test/anaconda/install_anaconda_rockylinux9.sh new file mode 100644 index 000000000..d71085c4c --- /dev/null +++ b/test/anaconda/install_anaconda_rockylinux9.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +set -e + +# Optional: Import test library +source dev-container-features-test-lib + +# Definition specific tests +check "conda" conda --version +check "python" python --version +check "pylint" pylint --version +check "flake8" flake8 --version +check "autopep8" autopep8 --version +check "yapf" yapf --version +check "pydocstyle" pydocstyle --version +check "pycodestyle" pycodestyle --version +check "if conda-notice.txt exists" cat /usr/local/etc/vscode-dev-containers/conda-notice.txt + +check "certifi" pip show certifi | grep Version +check "cryptography" pip show cryptography | grep Version +check "setuptools" pip show setuptools | grep Version +check "tornado" pip show tornado | grep Version + +check "conda-update-conda" bash -c "conda update -y conda" +check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow" +check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch" + +# Report result +reportResults + + + diff --git a/test/anaconda/scenarios.json b/test/anaconda/scenarios.json index e58c9f712..ea61240de 100644 --- a/test/anaconda/scenarios.json +++ b/test/anaconda/scenarios.json @@ -42,6 +42,45 @@ "version": "latest" } } - } + }, + "install_anaconda_almalinux8": { + "image": "almalinux:8", + "features": { + "anaconda": { + "version": "latest" + } + } + }, + "install_anaconda_almalinux9": { + "image": "almalinux:9", + "features": { + "anaconda": { + "version": "latest" + } + } + }, + "install_anaconda_rockylinux8": { + "image": "rockylinux:8", + "features": { + "anaconda": { + "version": "latest" + } + } + }, + "install_anaconda_rockylinux9": { + "image": "rockylinux:9", + "features": { + "anaconda": { + "version": "latest" + } + } + }, + "install_anaconda_fedora": { + "image": "fedora", + "features": { + "anaconda": { + "version": "latest" + } + } + } } - From ba0e7ce7d39e56f4d1b06d526339a103fad9e469 Mon Sep 17 00:00:00 2001 From: Kaniska Date: Thu, 17 Jul 2025 17:27:49 +0000 Subject: [PATCH 03/14] Correction in the CONDA directory permission --- src/anaconda/install.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index 3dd227b2c..2204af0b8 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -257,10 +257,15 @@ if ! conda --version &> /dev/null ; then chown -R "${USERNAME}:conda" "${CONDA_DIR}" chmod -R g+r+w "${CONDA_DIR}" - # Only set permissions if CONDA_DIR exists and is a directory - if [ -d "${CONDA_DIR}" ]; then - chmod g+s "${CONDA_DIR}" - set_directory_permissions "${CONDA_DIR}" + # Set setgid bit on all directories - use find+xargs if available, fallback to recursive function + if command -v find > /dev/null && command -v xargs > /dev/null; then + find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s + else + # Fallback for systems without find or xargs + if [ -d "${CONDA_DIR}" ]; then + chmod g+s "${CONDA_DIR}" + set_directory_permissions "${CONDA_DIR}" + fi fi # Temporary fixes From c07fcad0fe0a01d489157acaeb54ac10fdf1b00d Mon Sep 17 00:00:00 2001 From: Kaniska Date: Fri, 25 Jul 2025 11:06:34 +0530 Subject: [PATCH 04/14] Update src/anaconda/install.sh, removing whitespaces Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- src/anaconda/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index 2204af0b8..cb2a31698 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -278,7 +278,7 @@ if ! conda --version &> /dev/null ; then install_user_package setuptools install_user_package tornado - rm /tmp/anaconda-install.sh + rm /tmp/anaconda-install.sh updaterc "export CONDA_DIR=${CONDA_DIR}/bin" fi From cc2235da8dc91ccfdcf5dbb0ba16160e5041805b Mon Sep 17 00:00:00 2001 From: Kaniska Date: Fri, 25 Jul 2025 11:07:04 +0530 Subject: [PATCH 05/14] Update src/anaconda/install.sh, removing whitespaces Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- src/anaconda/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index cb2a31698..83fb02502 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -263,7 +263,7 @@ if ! conda --version &> /dev/null ; then else # Fallback for systems without find or xargs if [ -d "${CONDA_DIR}" ]; then - chmod g+s "${CONDA_DIR}" + chmod g+s "${CONDA_DIR}" set_directory_permissions "${CONDA_DIR}" fi fi From e124154a82635191fc6dec7d07d669ec4a251001 Mon Sep 17 00:00:00 2001 From: Kaniska Date: Fri, 25 Jul 2025 11:07:14 +0530 Subject: [PATCH 06/14] Update src/anaconda/install.sh Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- src/anaconda/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index 83fb02502..5a3cb5841 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -255,7 +255,7 @@ if ! conda --version &> /dev/null ; then fi chown -R "${USERNAME}:conda" "${CONDA_DIR}" - chmod -R g+r+w "${CONDA_DIR}" + chmod -R g+r+w "${CONDA_DIR}" # Set setgid bit on all directories - use find+xargs if available, fallback to recursive function if command -v find > /dev/null && command -v xargs > /dev/null; then From 9394cd2ffbf08fd045f3036515cef0b6f6a51078 Mon Sep 17 00:00:00 2001 From: Kaniska Date: Fri, 25 Jul 2025 11:07:50 +0530 Subject: [PATCH 07/14] Update src/anaconda/install.sh, removing whitespaces as suggested by copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- src/anaconda/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index 5a3cb5841..1257df7ef 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -225,7 +225,7 @@ if ! conda --version &> /dev/null ; then check_packages wget ca-certificates gtk+3.0 else check_packages wget ca-certificates gtk3 - fi + fi mkdir -p $CONDA_DIR From d39d8e721d9855709d9fba75552a8de4f1ca3b9f Mon Sep 17 00:00:00 2001 From: Kaniska Date: Fri, 25 Jul 2025 11:08:02 +0530 Subject: [PATCH 08/14] Update src/anaconda/install.sh, removing whitespaces Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- src/anaconda/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index 1257df7ef..d9d1fdab4 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -69,7 +69,7 @@ detect_package_manager() { detect_package_manager # Clean up -rm -rf $PKG_LISTS +rm -rf $PKG_LISTS if [ "$(id -u)" -ne 0 ]; then echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' From 6c02d95fa7cba3ea143d54b360ca71f1984cfeae Mon Sep 17 00:00:00 2001 From: Kaniska Date: Fri, 25 Jul 2025 11:08:26 +0530 Subject: [PATCH 09/14] Update test/anaconda/scenarios.json, removing whitespaces Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- test/anaconda/scenarios.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/anaconda/scenarios.json b/test/anaconda/scenarios.json index ea61240de..65fba8458 100644 --- a/test/anaconda/scenarios.json +++ b/test/anaconda/scenarios.json @@ -82,5 +82,5 @@ "version": "latest" } } - } + } } From 129f4e830226b1c98d6083acb40eb130e5b60d18 Mon Sep 17 00:00:00 2001 From: Kaniska Date: Fri, 25 Jul 2025 12:08:36 +0530 Subject: [PATCH 10/14] Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- src/anaconda/install.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index d9d1fdab4..0548143e7 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -13,7 +13,7 @@ USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}" UPDATE_RC="${UPDATE_RC:-"true"}" CONDA_DIR="${CONDA_DIR:-"/usr/local/conda"}" -set -exo pipefail +set -euxo pipefail export DEBIAN_FRONTEND=noninteractive # Detect package manager and set install command @@ -69,7 +69,7 @@ detect_package_manager() { detect_package_manager # Clean up -rm -rf $PKG_LISTS +rm -rf "$PKG_LISTS" if [ "$(id -u)" -ne 0 ]; then echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' @@ -126,7 +126,7 @@ check_packages() { for pkg in "$@"; do if [ "$PKG_MANAGER" = "apt-get" ]; then if ! dpkg -s "$pkg" > /dev/null 2>&1; then - if [ "$(find $PKG_LISTS | wc -l)" = "0" ]; then + if [ "$(find "$PKG_LISTS" | wc -l)" = "0" ]; then echo "Running $PKG_UPDATE..." eval "$PKG_UPDATE" fi @@ -309,6 +309,6 @@ fi # Final clean up eval "$PKG_CLEAN" -rm -rf $PKG_LISTS +rm -rf "$PKG_LISTS" echo "Done!" From 2ab31233014936e7a3ce9011928d49ed9c13bd90 Mon Sep 17 00:00:00 2001 From: Kaniska Date: Fri, 25 Jul 2025 12:53:23 +0530 Subject: [PATCH 11/14] Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- src/anaconda/install.sh | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index 0548143e7..79f2efac6 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -13,7 +13,7 @@ USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}" UPDATE_RC="${UPDATE_RC:-"true"}" CONDA_DIR="${CONDA_DIR:-"/usr/local/conda"}" -set -euxo pipefail +set -euo pipefail export DEBIAN_FRONTEND=noninteractive # Detect package manager and set install command @@ -126,7 +126,7 @@ check_packages() { for pkg in "$@"; do if [ "$PKG_MANAGER" = "apt-get" ]; then if ! dpkg -s "$pkg" > /dev/null 2>&1; then - if [ "$(find "$PKG_LISTS" | wc -l)" = "0" ]; then + if [ -d "$PKG_LISTS" ] && [ "$(find "$PKG_LISTS" | wc -l)" = "0" ]; then echo "Running $PKG_UPDATE..." eval "$PKG_UPDATE" fi @@ -169,7 +169,12 @@ sudo_if() { install_user_package() { PACKAGE="$1" - sudo_if "${CONDA_DIR}/bin/python3" -m pip install --user --upgrade "$PACKAGE" + PYTHON_EXECUTABLE="${CONDA_DIR}/bin/python3" + if [ ! -x "$PYTHON_EXECUTABLE" ]; then + echo "Warning: ${PYTHON_EXECUTABLE} not found. Falling back to 'python3' from PATH." + PYTHON_EXECUTABLE="python3" + fi + sudo_if "$PYTHON_EXECUTABLE" -m pip install --user --upgrade "$PACKAGE" } run_as_user() { @@ -204,9 +209,11 @@ run_as_user() { set_directory_permissions() { local dir="$1" for item in "$dir"/*; do - if [ -d "$item" ]; then - chmod g+s "$item" - set_directory_permissions "$item" + if [ -e "$item" ]; then + if [ -d "$item" ]; then + chmod g+s "$item" + set_directory_permissions "$item" + fi fi done } From a3f33db95a99d0df25fbb6ef5af2995d1ed87c0e Mon Sep 17 00:00:00 2001 From: Kaniska Date: Fri, 25 Jul 2025 08:20:09 +0000 Subject: [PATCH 12/14] Correcting incorrect code review suggestion by Copilot --- src/anaconda/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index 79f2efac6..aa8b45152 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -126,7 +126,7 @@ check_packages() { for pkg in "$@"; do if [ "$PKG_MANAGER" = "apt-get" ]; then if ! dpkg -s "$pkg" > /dev/null 2>&1; then - if [ -d "$PKG_LISTS" ] && [ "$(find "$PKG_LISTS" | wc -l)" = "0" ]; then + if [ "$(find "$PKG_LISTS" | wc -l)" = "0" ]; then echo "Running $PKG_UPDATE..." eval "$PKG_UPDATE" fi From 7ac0bb416fee286bd706a1def326d0bad0201b88 Mon Sep 17 00:00:00 2001 From: Kaniska Date: Wed, 30 Jul 2025 17:33:12 +0000 Subject: [PATCH 13/14] Corrections based on review comments. --- src/anaconda/NOTES.md | 3 ++ src/anaconda/README.md | 1 - src/anaconda/devcontainer-feature.json | 2 +- src/anaconda/install.sh | 50 +++++++------------------- 4 files changed, 17 insertions(+), 39 deletions(-) diff --git a/src/anaconda/NOTES.md b/src/anaconda/NOTES.md index 394dd6f1d..4a372cade 100644 --- a/src/anaconda/NOTES.md +++ b/src/anaconda/NOTES.md @@ -17,4 +17,7 @@ conda install python=3.7 This Feature should work on recent versions of Debian/Ubuntu-based distributions with the `apt` package manager installed. +Also RHEL based linux distributions such as almalinux, rockylinux, fedora are supported now. +Please do note that Alpine and cbl-mariner aren't supported due system level restrictions with the anaconda installer. + `bash` is required to execute the `install.sh` script. diff --git a/src/anaconda/README.md b/src/anaconda/README.md index 4aa3a2cb7..f093ce618 100644 --- a/src/anaconda/README.md +++ b/src/anaconda/README.md @@ -36,7 +36,6 @@ conda install python=3.7 This Feature should work on recent versions of Debian/Ubuntu-based distributions with the `apt` package manager installed. Also RHEL based linux distributions such as almalinux, rockylinux, fedora are supported now. -Please do note that Alpine and cbl-mariner aren't supported due system level restrictions with the anaconda installer in alpine linux and `groupadd`, `usermod`, `awk` commands not being supported in mariner. `bash` is required to execute the `install.sh` script. diff --git a/src/anaconda/devcontainer-feature.json b/src/anaconda/devcontainer-feature.json index cc83389bc..ac76a9b99 100644 --- a/src/anaconda/devcontainer-feature.json +++ b/src/anaconda/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "anaconda", - "version": "1.0.14", + "version": "1.1.0", "name": "Anaconda", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/anaconda", "options": { diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index aa8b45152..76ad76ffe 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -69,7 +69,7 @@ detect_package_manager() { detect_package_manager # Clean up -rm -rf "$PKG_LISTS" +eval "$PKG_CLEAN" if [ "$(id -u)" -ne 0 ]; then echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' @@ -124,26 +124,26 @@ updaterc() { # Checks if packages are installed and installs them if not check_packages() { for pkg in "$@"; do - if [ "$PKG_MANAGER" = "apt-get" ]; then - if ! dpkg -s "$pkg" > /dev/null 2>&1; then + # Use PKG_QUERY variable to check if package is installed + if ! eval "$PKG_QUERY $pkg" > /dev/null 2>&1; then + # Package not installed, check if we need to update package lists + if [ "$PKG_MANAGER" = "apt-get" ]; then + # For apt-get, check if package lists are empty if [ "$(find "$PKG_LISTS" | wc -l)" = "0" ]; then echo "Running $PKG_UPDATE..." eval "$PKG_UPDATE" fi - eval "$PKG_INSTALL $pkg" - fi - elif [ "$PKG_MANAGER" = "apk" ]; then - if ! apk info -e "$pkg" > /dev/null 2>&1; then + else + # For other package managers, always update before installing echo "Running $PKG_UPDATE..." eval "$PKG_UPDATE" - eval "$PKG_INSTALL $pkg" fi + + # Install the package + echo "Installing package: $pkg" + eval "$PKG_INSTALL $pkg" else - if ! rpm -q "$pkg" > /dev/null 2>&1; then - echo "Running $PKG_UPDATE..." - eval "$PKG_UPDATE" - eval "$PKG_INSTALL $pkg" - fi + echo "Package $pkg is already installed" fi done } @@ -205,18 +205,6 @@ run_as_user() { eval "$cmd" fi } -# Set permissions for directories recursively -set_directory_permissions() { - local dir="$1" - for item in "$dir"/*; do - if [ -e "$item" ]; then - if [ -d "$item" ]; then - chmod g+s "$item" - set_directory_permissions "$item" - fi - fi - done -} # Install Conda if it's missing if ! conda --version &> /dev/null ; then @@ -264,16 +252,6 @@ if ! conda --version &> /dev/null ; then chown -R "${USERNAME}:conda" "${CONDA_DIR}" chmod -R g+r+w "${CONDA_DIR}" - # Set setgid bit on all directories - use find+xargs if available, fallback to recursive function - if command -v find > /dev/null && command -v xargs > /dev/null; then - find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s - else - # Fallback for systems without find or xargs - if [ -d "${CONDA_DIR}" ]; then - chmod g+s "${CONDA_DIR}" - set_directory_permissions "${CONDA_DIR}" - fi - fi # Temporary fixes # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491 @@ -316,6 +294,4 @@ fi # Final clean up eval "$PKG_CLEAN" -rm -rf "$PKG_LISTS" - echo "Done!" From 7264d4ceb0a5cac5770ddea21a02c3f932ddeec3 Mon Sep 17 00:00:00 2001 From: Kaniska Date: Thu, 31 Jul 2025 06:52:20 +0000 Subject: [PATCH 14/14] Further corrections based on review comments. --- src/anaconda/install.sh | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh index 76ad76ffe..6f57a3144 100755 --- a/src/anaconda/install.sh +++ b/src/anaconda/install.sh @@ -167,16 +167,6 @@ sudo_if() { fi } -install_user_package() { - PACKAGE="$1" - PYTHON_EXECUTABLE="${CONDA_DIR}/bin/python3" - if [ ! -x "$PYTHON_EXECUTABLE" ]; then - echo "Warning: ${PYTHON_EXECUTABLE} not found. Falling back to 'python3' from PATH." - PYTHON_EXECUTABLE="python3" - fi - sudo_if "$PYTHON_EXECUTABLE" -m pip install --user --upgrade "$PACKAGE" -} - run_as_user() { local user="$1" shift @@ -253,16 +243,6 @@ if ! conda --version &> /dev/null ; then chmod -R g+r+w "${CONDA_DIR}" - # Temporary fixes - # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491 - install_user_package certifi - # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931 - install_user_package pyopenssl - install_user_package cryptography - # Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897 - install_user_package setuptools - install_user_package tornado - rm /tmp/anaconda-install.sh updaterc "export CONDA_DIR=${CONDA_DIR}/bin" fi