From e8e1ce1a9cc7c7b497273df0552d575e93e9d726 Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Tue, 1 Aug 2023 17:50:53 +0400 Subject: [PATCH 01/15] Address GHSA-47fc-vmwq-366v, GHSA-282v-666c-3fvg, GHSA-mrwq-x4v8-fh7p --- src/anaconda/.devcontainer/Dockerfile | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile index 455e054bde..1d8795bed6 100644 --- a/src/anaconda/.devcontainer/Dockerfile +++ b/src/anaconda/.devcontainer/Dockerfile @@ -58,8 +58,12 @@ RUN python3 -m pip install \ werkzeug \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32862 nbconvert \ - # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370 - tornado + # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370 + tornado \ + # https://github.com/advisories/GHSA-47fc-vmwq-366v + torch==1.13.1 \ + # https://github.com/advisories/GHSA-282v-666c-3fvg + transformers==4.30.0 # Copy environment.yml (if found) to a temp location so we can update the environment. Also # copy "noop.txt" so the COPY instruction does not fail if no environment.yml exists. @@ -79,7 +83,9 @@ RUN conda install \ pyopenssl=23.2.0 \ cryptography=41.0.2 \ # https://github.com/advisories/GHSA-j8r2-6x86-q33q - requests=2.31.0 + requests=2.31.0 \ + # https://github.com/advisories/GHSA-mrwq-x4v8-fh7p + pygments=2.15.0 # Create conda group, update conda directory permissions, # add user to conda group From 6f2dfc4d54a52995e3d5657ce088b7f4d641360b Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Tue, 1 Aug 2023 17:51:08 +0400 Subject: [PATCH 02/15] Add tests --- src/anaconda/test-project/test.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh index f042cd60d4..b2aca06fe8 100755 --- a/src/anaconda/test-project/test.sh +++ b/src/anaconda/test-project/test.sh @@ -42,6 +42,8 @@ checkPythonPackageVersion "werkzeug" "2.2.3" checkPythonPackageVersion "certifi" "2022.12.07" checkPythonPackageVersion "requests" "2.31.0" checkPythonPackageVersion "cryptography" "41.0.2" +checkPythonPackageVersion "torch" "1.13.1" +checkPythonPackageVersion "transformers" "4.30.0" # The `tornado` package doesn't have the `__version__` attribute so we can use the `version` attribute. tornado_version=$(python -c "import tornado; print(tornado.version)") @@ -50,6 +52,7 @@ check-version-ge "tornado-requirement" "${tornado_version}" "6.3.2" checkCondaPackageVersion "pyopenssl" "23.2.0" checkCondaPackageVersion "cryptography" "41.0.2" checkCondaPackageVersion "requests" "2.31.0" +checkCondaPackageVersion "pygments" "2.15.0" check "conda-update-conda" bash -c "conda update -y conda" check "conda-install-tensorflow" bash -c "conda install -c conda-forge --yes tensorflow" From ea458af6b20ebf13d1b30dde9825cf7183ce299a Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Tue, 1 Aug 2023 17:52:18 +0400 Subject: [PATCH 03/15] Update manifest --- src/anaconda/manifest.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/anaconda/manifest.json b/src/anaconda/manifest.json index 2ee615a6ea..ccbad938b9 100644 --- a/src/anaconda/manifest.json +++ b/src/anaconda/manifest.json @@ -38,7 +38,10 @@ "pyOpenssl", "werkzeug", "requests", - "tornado" + "tornado", + "pygments", + "torch", + "transformers" ], "other": { "git": {}, From 597e8ebb69d79e321bf1e63a47da9f11efd19859 Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Tue, 1 Aug 2023 18:04:20 +0400 Subject: [PATCH 04/15] Bump `pygments` version --- src/anaconda/.devcontainer/Dockerfile | 2 +- src/anaconda/test-project/test.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile index 1d8795bed6..8f5ef59824 100644 --- a/src/anaconda/.devcontainer/Dockerfile +++ b/src/anaconda/.devcontainer/Dockerfile @@ -85,7 +85,7 @@ RUN conda install \ # https://github.com/advisories/GHSA-j8r2-6x86-q33q requests=2.31.0 \ # https://github.com/advisories/GHSA-mrwq-x4v8-fh7p - pygments=2.15.0 + pygments=2.15.1 # Create conda group, update conda directory permissions, # add user to conda group diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh index b2aca06fe8..9a8ea9e20e 100755 --- a/src/anaconda/test-project/test.sh +++ b/src/anaconda/test-project/test.sh @@ -52,7 +52,7 @@ check-version-ge "tornado-requirement" "${tornado_version}" "6.3.2" checkCondaPackageVersion "pyopenssl" "23.2.0" checkCondaPackageVersion "cryptography" "41.0.2" checkCondaPackageVersion "requests" "2.31.0" -checkCondaPackageVersion "pygments" "2.15.0" +checkCondaPackageVersion "pygments" "2.15.1" check "conda-update-conda" bash -c "conda update -y conda" check "conda-install-tensorflow" bash -c "conda install -c conda-forge --yes tensorflow" From 4401785099e9b026ddc7c509eb0126e9158f1b84 Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Tue, 1 Aug 2023 18:36:41 +0400 Subject: [PATCH 05/15] Test: Remove `conda` group --- src/anaconda/.devcontainer/Dockerfile | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile index 8f5ef59824..14bd465eaf 100644 --- a/src/anaconda/.devcontainer/Dockerfile +++ b/src/anaconda/.devcontainer/Dockerfile @@ -43,6 +43,10 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ && echo "conda activate base" >> ~/.bashrc \ && apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts/add-notice.sh +# We need to execute pip install / conda update commands under +# container user since pip doesn't preserve directory permissions +USER ${USERNAME} + # Temporary: Upgrade python packages due to mentioned CVEs # They are installed by the base image (continuumio/anaconda3) which does not have the patch. RUN python3 -m pip install \ @@ -87,12 +91,5 @@ RUN conda install \ # https://github.com/advisories/GHSA-mrwq-x4v8-fh7p pygments=2.15.1 -# Create conda group, update conda directory permissions, -# add user to conda group -# Note: We need to execute these commands after pip install / conda update -# since pip doesn't preserve directory permissions -RUN groupadd -r conda --gid 900 \ - && chown -R :conda /opt/conda \ - && chmod -R g+w /opt/conda \ - && find /opt -type d | xargs -n 1 chmod g+s \ - && usermod -aG conda ${USERNAME} +# Switch back to the root user for backward compatibility +USER root From 1595396ec4abd5609dfa36e1cf13e82efe6de769 Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Tue, 1 Aug 2023 18:44:02 +0400 Subject: [PATCH 06/15] Restart checks From 2cc4085019d91133c44e5a93026b4309ecd12405 Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Tue, 1 Aug 2023 19:05:09 +0400 Subject: [PATCH 07/15] Test: Reorg Dockerfile --- src/anaconda/.devcontainer/Dockerfile | 34 +++++++++++++-------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile index 14bd465eaf..8893ad386e 100644 --- a/src/anaconda/.devcontainer/Dockerfile +++ b/src/anaconda/.devcontainer/Dockerfile @@ -43,13 +43,22 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ && echo "conda activate base" >> ~/.bashrc \ && apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts/add-notice.sh +# Copy environment.yml (if found) to a temp location so we can update the environment. Also +# copy "noop.txt" so the COPY instruction does not fail if no environment.yml exists. +# COPY environment.yml* .devcontainer/noop.txt /tmp/conda-tmp/ +COPY environment.yml* noop.txt /tmp/conda-tmp/ +RUN if [ -f "/tmp/conda-tmp/environment.yml" ]; then umask 0002 && /opt/conda/bin/conda env update -n base -f /tmp/conda-tmp/environment.yml; fi \ + && rm -rf /tmp/conda-tmp + # We need to execute pip install / conda update commands under # container user since pip doesn't preserve directory permissions USER ${USERNAME} # Temporary: Upgrade python packages due to mentioned CVEs # They are installed by the base image (continuumio/anaconda3) which does not have the patch. -RUN python3 -m pip install \ +RUN \ + # Install packages via pip + python3 -m pip install \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21797 --upgrade joblib \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24065 @@ -67,22 +76,9 @@ RUN python3 -m pip install \ # https://github.com/advisories/GHSA-47fc-vmwq-366v torch==1.13.1 \ # https://github.com/advisories/GHSA-282v-666c-3fvg - transformers==4.30.0 - -# Copy environment.yml (if found) to a temp location so we can update the environment. Also -# copy "noop.txt" so the COPY instruction does not fail if no environment.yml exists. -# COPY environment.yml* .devcontainer/noop.txt /tmp/conda-tmp/ -COPY environment.yml* noop.txt /tmp/conda-tmp/ -RUN if [ -f "/tmp/conda-tmp/environment.yml" ]; then umask 0002 && /opt/conda/bin/conda env update -n base -f /tmp/conda-tmp/environment.yml; fi \ - && rm -rf /tmp/conda-tmp - -# [Optional] Uncomment this section to install additional OS packages. -# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ -# && apt-get -y install --no-install-recommends - -# Temporary: Upgrade python packages due to mentioned CVEs -# They are installed by the base image (continuumio/anaconda3) which does not have the patch. -RUN conda install \ + transformers==4.30.0 \ + # Install packages via conda + && conda install \ # https://github.com/advisories/GHSA-5cpq-8wj7-hf2v pyopenssl=23.2.0 \ cryptography=41.0.2 \ @@ -93,3 +89,7 @@ RUN conda install \ # Switch back to the root user for backward compatibility USER root + +# [Optional] Uncomment this section to install additional OS packages. +# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ +# && apt-get -y install --no-install-recommends From 66ad4be100f0de2696e8c879c097d255025601e1 Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Tue, 1 Aug 2023 20:17:42 +0400 Subject: [PATCH 08/15] Revert "Test: Reorg Dockerfile" This reverts commit 2cc4085019d91133c44e5a93026b4309ecd12405. --- src/anaconda/.devcontainer/Dockerfile | 34 +++++++++++++-------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile index 8893ad386e..14bd465eaf 100644 --- a/src/anaconda/.devcontainer/Dockerfile +++ b/src/anaconda/.devcontainer/Dockerfile @@ -43,22 +43,13 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ && echo "conda activate base" >> ~/.bashrc \ && apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts/add-notice.sh -# Copy environment.yml (if found) to a temp location so we can update the environment. Also -# copy "noop.txt" so the COPY instruction does not fail if no environment.yml exists. -# COPY environment.yml* .devcontainer/noop.txt /tmp/conda-tmp/ -COPY environment.yml* noop.txt /tmp/conda-tmp/ -RUN if [ -f "/tmp/conda-tmp/environment.yml" ]; then umask 0002 && /opt/conda/bin/conda env update -n base -f /tmp/conda-tmp/environment.yml; fi \ - && rm -rf /tmp/conda-tmp - # We need to execute pip install / conda update commands under # container user since pip doesn't preserve directory permissions USER ${USERNAME} # Temporary: Upgrade python packages due to mentioned CVEs # They are installed by the base image (continuumio/anaconda3) which does not have the patch. -RUN \ - # Install packages via pip - python3 -m pip install \ +RUN python3 -m pip install \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21797 --upgrade joblib \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24065 @@ -76,9 +67,22 @@ RUN \ # https://github.com/advisories/GHSA-47fc-vmwq-366v torch==1.13.1 \ # https://github.com/advisories/GHSA-282v-666c-3fvg - transformers==4.30.0 \ - # Install packages via conda - && conda install \ + transformers==4.30.0 + +# Copy environment.yml (if found) to a temp location so we can update the environment. Also +# copy "noop.txt" so the COPY instruction does not fail if no environment.yml exists. +# COPY environment.yml* .devcontainer/noop.txt /tmp/conda-tmp/ +COPY environment.yml* noop.txt /tmp/conda-tmp/ +RUN if [ -f "/tmp/conda-tmp/environment.yml" ]; then umask 0002 && /opt/conda/bin/conda env update -n base -f /tmp/conda-tmp/environment.yml; fi \ + && rm -rf /tmp/conda-tmp + +# [Optional] Uncomment this section to install additional OS packages. +# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ +# && apt-get -y install --no-install-recommends + +# Temporary: Upgrade python packages due to mentioned CVEs +# They are installed by the base image (continuumio/anaconda3) which does not have the patch. +RUN conda install \ # https://github.com/advisories/GHSA-5cpq-8wj7-hf2v pyopenssl=23.2.0 \ cryptography=41.0.2 \ @@ -89,7 +93,3 @@ RUN \ # Switch back to the root user for backward compatibility USER root - -# [Optional] Uncomment this section to install additional OS packages. -# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ -# && apt-get -y install --no-install-recommends From 084cd9604fe353ab930908e199fa55c3200992e1 Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Tue, 1 Aug 2023 20:17:47 +0400 Subject: [PATCH 09/15] Revert "Test: Remove `conda` group" This reverts commit 4401785099e9b026ddc7c509eb0126e9158f1b84. --- src/anaconda/.devcontainer/Dockerfile | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile index 14bd465eaf..8f5ef59824 100644 --- a/src/anaconda/.devcontainer/Dockerfile +++ b/src/anaconda/.devcontainer/Dockerfile @@ -43,10 +43,6 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ && echo "conda activate base" >> ~/.bashrc \ && apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts/add-notice.sh -# We need to execute pip install / conda update commands under -# container user since pip doesn't preserve directory permissions -USER ${USERNAME} - # Temporary: Upgrade python packages due to mentioned CVEs # They are installed by the base image (continuumio/anaconda3) which does not have the patch. RUN python3 -m pip install \ @@ -91,5 +87,12 @@ RUN conda install \ # https://github.com/advisories/GHSA-mrwq-x4v8-fh7p pygments=2.15.1 -# Switch back to the root user for backward compatibility -USER root +# Create conda group, update conda directory permissions, +# add user to conda group +# Note: We need to execute these commands after pip install / conda update +# since pip doesn't preserve directory permissions +RUN groupadd -r conda --gid 900 \ + && chown -R :conda /opt/conda \ + && chmod -R g+w /opt/conda \ + && find /opt -type d | xargs -n 1 chmod g+s \ + && usermod -aG conda ${USERNAME} From 2698391d37eefaea26fc6efa2aac4529e1b3e245 Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Fri, 11 Aug 2023 18:09:34 +0400 Subject: [PATCH 10/15] Use latest version of `continuumio/anaconda3` image - Remove version lock for `continuumio/anaconda3` image; - Remove patches for `torch` and `pygments` --- src/anaconda/.devcontainer/Dockerfile | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile index b6f5825409..f4e7a46c8d 100644 --- a/src/anaconda/.devcontainer/Dockerfile +++ b/src/anaconda/.devcontainer/Dockerfile @@ -1,13 +1,13 @@ -FROM continuumio/anaconda3:2023.03-1 as upstream +FROM continuumio/anaconda3 as upstream # Verify OS version is expected one RUN . /etc/os-release && if [ "${VERSION_CODENAME}" != "bullseye" ]; then exit 1; fi # Temporary: Upgrade python packages due to mentioned CVEs # They are installed by the base image (continuumio/anaconda3) which does not have the patch. -RUN python3 -m pip install \ +RUN python3 -m pip install --upgrade \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21797 - --upgrade joblib \ + joblib \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24065 cookiecutter \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34749 @@ -20,8 +20,6 @@ RUN python3 -m pip install \ nbconvert \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370 tornado \ - # https://github.com/advisories/GHSA-47fc-vmwq-366v - torch==1.13.1 \ # https://github.com/advisories/GHSA-282v-666c-3fvg transformers==4.30.0 @@ -30,9 +28,7 @@ RUN conda install \ pyopenssl=23.2.0 \ cryptography=41.0.2 \ # https://github.com/advisories/GHSA-j8r2-6x86-q33q - requests=2.31.0 \ - # https://github.com/advisories/GHSA-mrwq-x4v8-fh7p - pygments=2.15.1 + requests=2.31.0 # Reset and copy updated files with updated privs to keep image size down FROM mcr.microsoft.com/devcontainers/base:1-bullseye From cc98ca923f993b2936fdc6c747b21bfed2b9e7f1 Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Fri, 11 Aug 2023 18:09:44 +0400 Subject: [PATCH 11/15] Update tests --- src/anaconda/test-project/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh index 9a8ea9e20e..4003458109 100755 --- a/src/anaconda/test-project/test.sh +++ b/src/anaconda/test-project/test.sh @@ -55,8 +55,8 @@ checkCondaPackageVersion "requests" "2.31.0" checkCondaPackageVersion "pygments" "2.15.1" check "conda-update-conda" bash -c "conda update -y conda" -check "conda-install-tensorflow" bash -c "conda install -c conda-forge --yes tensorflow" -check "conda-install-pytorch" bash -c "conda install -c conda-forge --yes pytorch" +check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow" +check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch" # Report result reportResults From a5bac2059541b2ee5954a3aa66ecb15ed958202f Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Mon, 14 Aug 2023 12:41:02 +0400 Subject: [PATCH 12/15] Update patch - Lock packages versions; - Clean up `manifest.json`; --- src/anaconda/.devcontainer/Dockerfile | 14 +++++++------- src/anaconda/manifest.json | 6 +----- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile index f4e7a46c8d..96c9e8e903 100644 --- a/src/anaconda/.devcontainer/Dockerfile +++ b/src/anaconda/.devcontainer/Dockerfile @@ -7,19 +7,19 @@ RUN . /etc/os-release && if [ "${VERSION_CODENAME}" != "bullseye" ]; then exit 1 # They are installed by the base image (continuumio/anaconda3) which does not have the patch. RUN python3 -m pip install --upgrade \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21797 - joblib \ + joblib==1.3.1 \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24065 - cookiecutter \ + cookiecutter==2.2.3 \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34749 - mistune \ + mistune==3.0.1 \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34141 - numpy \ + numpy==1.25.2 \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577 - werkzeug \ + werkzeug==2.3.6 \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32862 - nbconvert \ + nbconvert==7.7.3 \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370 - tornado \ + tornado==6.3.2 \ # https://github.com/advisories/GHSA-282v-666c-3fvg transformers==4.30.0 diff --git a/src/anaconda/manifest.json b/src/anaconda/manifest.json index de797a0a8e..03e8e58f0f 100644 --- a/src/anaconda/manifest.json +++ b/src/anaconda/manifest.json @@ -29,18 +29,14 @@ "cryptography", "mistune", "numpy", - "certifi", - "setuptools", "future", "wheel", "nbconvert", "py", "pyOpenssl", - "werkzeug", + "Werkzeug", "requests", "tornado", - "pygments", - "torch", "transformers" ], "other": { From 42d75bad8332f074edfb3e193d098e37b9f1d515 Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Mon, 14 Aug 2023 19:28:29 +0400 Subject: [PATCH 13/15] Update README.md --- src/anaconda/README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/anaconda/README.md b/src/anaconda/README.md index db199115a1..af123215df 100644 --- a/src/anaconda/README.md +++ b/src/anaconda/README.md @@ -37,6 +37,7 @@ See [history](history) for information on the contents of each version and [here Alternatively, you can use the contents of `Dockerfile` to fully customize your container's contents or to build it for a container host architecture not supported by the image. ### Using Conda + This dev container and its associated image includes [the `conda` package manager](https://aka.ms/vscode-remote/conda/about). Additional packages installed using Conda will be downloaded from Anaconda or another repository if you configure one. To reconfigure Conda in this container to access an alternative repository, please see information on [configuring Conda channels here](https://aka.ms/vscode-remote/conda/channel-setup). Access to the Anaconda repository is covered by the [Anaconda Terms of Service](https://aka.ms/vscode-remote/conda/terms), which may require some organizations to obtain a commercial license from Anaconda. **However**, when this dev container or its associated image is used with GitHub Codespaces or GitHub Actions, **all users are permitted** to use the Anaconda Repository through the service, including organizations normally required by Anaconda to obtain a paid license for commercial activities. Note that third-party packages may be licensed by their publishers in ways that impact your intellectual property, and are used at your own risk. @@ -51,7 +52,6 @@ By default, frameworks like Flask only listens to localhost inside the container The `appPort` property [publishes](https://docs.docker.com/config/containers/container-networking/#published-ports) rather than forwards the port, so applications need to listen to `*` or `0.0.0.0` for the application to be accessible externally. This conflicts with the defaults of some Python frameworks, but fortunately the `forwardPorts` property does not have this limitation. - #### Installing Node.js Given JavaScript front-end web client code written for use in conjunction with a Python back-end often requires the use of Node.js-based utilities to build, you can use a [Node feature](https://github.com/devcontainers/features/tree/main/src/node) to install any version of Node by adding the following to `devcontainer.json`: @@ -66,6 +66,14 @@ Given JavaScript front-end web client code written for use in conjunction with a } ``` +#### Using different Conda channels + +This devcontainer is based on the `ContinuumIO/anaconda3` docker image, which has all the `anaconda3` packages from defaults installed into the so-called base Conda's environment. It is recommended not to install packages from different channels in one environment since it could cause conflicts. When installing a package from a different channel (e.g., `conda-forge`) is required, the better approach is to create a new Conda environment. + +```bash +conda create --name -c --yes +``` + #### Installing a different version of Python As covered in the [user FAQ](https://docs.anaconda.com/anaconda/user-guide/faq) for Anaconda, you can install different versions of Python than the one in this image by running the following from a terminal: From c642c0e4b8006b81dcb37ab19f66abfad492f58a Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Mon, 14 Aug 2023 20:12:45 +0400 Subject: [PATCH 14/15] Update src/anaconda/README.md Co-authored-by: Samruddhi Khandale --- src/anaconda/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/anaconda/README.md b/src/anaconda/README.md index af123215df..ff125c648d 100644 --- a/src/anaconda/README.md +++ b/src/anaconda/README.md @@ -68,7 +68,7 @@ Given JavaScript front-end web client code written for use in conjunction with a #### Using different Conda channels -This devcontainer is based on the `ContinuumIO/anaconda3` docker image, which has all the `anaconda3` packages from defaults installed into the so-called base Conda's environment. It is recommended not to install packages from different channels in one environment since it could cause conflicts. When installing a package from a different channel (e.g., `conda-forge`) is required, the better approach is to create a new Conda environment. +This image is based on the `ContinuumIO/anaconda3` docker image, which has all the `anaconda3` packages from defaults installed into the base conda's environment. It is recommended not to install packages from different channels in one environment since it could cause conflicts. When installing a package from a different channel (e.g., `conda-forge`) is required, the better approach is to create a new conda environment. ```bash conda create --name -c --yes From a64f9710d3fcec360271c1ab213605c8c2847ce5 Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Mon, 14 Aug 2023 20:28:59 +0400 Subject: [PATCH 15/15] Revert changes for manifest --- src/anaconda/manifest.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/anaconda/manifest.json b/src/anaconda/manifest.json index 03e8e58f0f..859e75caed 100644 --- a/src/anaconda/manifest.json +++ b/src/anaconda/manifest.json @@ -29,6 +29,8 @@ "cryptography", "mistune", "numpy", + "certifi", + "setuptools", "future", "wheel", "nbconvert",