Fix conda installation failure due to SHA1 signature rejection (#1565)

* Initial plan

* Fix conda installation by switching from apt repository to direct Miniconda installer

Co-authored-by: abdurriq <[email protected]>

* Add error handling for Miniconda download and installation

Co-authored-by: abdurriq <[email protected]>

* Use APT::Key::GPGVCommand=1 option to bypass SHA1 signature check

Co-authored-by: abdurriq <[email protected]>

* Fix version to 1.2.1 for semantic versioning

* Revert to Miniconda installer approach - APT option caused gpgv errors

Co-authored-by: abdurriq <[email protected]>

* Use mktemp for secure temporary file creation

Co-authored-by: abdurriq <[email protected]>

* Replace Miniconda installer with direct .deb package download and apt install

Co-authored-by: abdurriq <[email protected]>

* Fix apt-get install syntax and improve error handling

Co-authored-by: abdurriq <[email protected]>

* Fix package filename - use architecture-specific deb and extract Filename from Packages

Co-authored-by: abdurriq <[email protected]>

* Update version to 1.2.3

Co-authored-by: abdurriq <[email protected]>

* Fix apt-get install path - remove ./ prefix for absolute paths

Co-authored-by: abdurriq <[email protected]>

* Fix version matching for specific conda versions - handle version suffixes

Co-authored-by: abdurriq <[email protected]>

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: abdurriq <[email protected]>

Author: Copilot

src/conda/devcontainer-feature.json

@@ -1,43 +1,43 @@
 {
-    "id": "conda",
-    "version": "1.1.0",
-    "name": "Conda",
-    "description": "A cross-platform, language-agnostic binary package manager",
-    "documentationURL": "https://github.com/devcontainers/features/tree/main/src/conda",
-    "options": {
-        "version": {
-            "type": "string",
-            "proposals": [
-                "latest",
-                "4.11.0",
-                "4.12.0"
-            ],
-            "default": "latest",
-            "description": "Select or enter a conda version."
-        },
-        "addCondaForge": {
-            "type": "boolean",
-            "default": false,
-            "description": "Add conda-forge channel to the config?"
-        }
+  "id": "conda",
+  "version": "1.2.5",
+  "name": "Conda",
+  "description": "A cross-platform, language-agnostic binary package manager",
+  "documentationURL": "https://github.com/devcontainers/features/tree/main/src/conda",
+  "options": {
+    "version": {
+      "type": "string",
+      "proposals": [
+        "latest",
+        "4.11.0",
+        "4.12.0"
+      ],
+      "default": "latest",
+      "description": "Select or enter a conda version."
     },
-    "containerEnv": {
-        "CONDA_DIR": "/opt/conda",
-        "CONDA_SCRIPT": "/opt/conda/etc/profile.d/conda.sh",
-        "PATH": "/opt/conda/bin:${PATH}"
-    },
-    "customizations": {
-        "vscode": {
-            "settings": {
-                "github.copilot.chat.codeGeneration.instructions": [
-                    {
-                        "text": "This dev container includes the conda package manager pre-installed and available on the `PATH` for data science and Python development. Additional packages installed using Conda will be downloaded from Anaconda or another repository configured by the user. A user can install different versions of Python than the one in this dev container by running a command like: conda install python=3.7"
-                    }
-                ]
-            }
-        }
-    },
-    "installsAfter": [
-        "ghcr.io/devcontainers/features/common-utils"
-    ]
+    "addCondaForge": {
+      "type": "boolean",
+      "default": false,
+      "description": "Add conda-forge channel to the config?"
+    }
+  },
+  "containerEnv": {
+    "CONDA_DIR": "/opt/conda",
+    "CONDA_SCRIPT": "/opt/conda/etc/profile.d/conda.sh",
+    "PATH": "/opt/conda/bin:${PATH}"
+  },
+  "customizations": {
+    "vscode": {
+      "settings": {
+        "github.copilot.chat.codeGeneration.instructions": [
+          {
+            "text": "This dev container includes the conda package manager pre-installed and available on the `PATH` for data science and Python development. Additional packages installed using Conda will be downloaded from Anaconda or another repository configured by the user. A user can install different versions of Python than the one in this dev container by running a command like: conda install python=3.7"
+          }
+        ]
+      }
+    }
+  },
+  "installsAfter": [
+    "ghcr.io/devcontainers/features/common-utils"
+  ]
 }

src/conda/install.sh

@@ -73,20 +73,78 @@ if ! conda --version &> /dev/null ; then
     usermod -a -G conda "${USERNAME}"
 
     # Install dependencies
-    check_packages curl ca-certificates gnupg2
+    check_packages curl ca-certificates
 
     echo "Installing Conda..."
 
-    curl -sS https://repo.anaconda.com/pkgs/misc/gpgkeys/anaconda.asc | gpg --dearmor > /usr/share/keyrings/conda-archive-keyring.gpg
-    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/conda-archive-keyring.gpg] https://repo.anaconda.com/pkgs/misc/debrepo/conda stable main" > /etc/apt/sources.list.d/conda.list
-    apt-get update -y
-
-    CONDA_PKG="conda=${VERSION}-0"
+    # Download .deb package directly from repository (bypassing SHA1 signature issue)
+    TEMP_DEB="$(mktemp -t conda_XXXXXX.deb)"
+    CONDA_REPO_BASE="https://repo.anaconda.com/pkgs/misc/debrepo/conda"
+    
+    # Determine package filename based on requested version
+    ARCH="$(dpkg --print-architecture 2>/dev/null || echo "amd64")"
+    PACKAGES_URL="https://repo.anaconda.com/pkgs/misc/debrepo/conda/dists/stable/main/binary-${ARCH}/Packages"
+    
     if [ "${VERSION}" = "latest" ]; then
-        CONDA_PKG="conda"
+        # For latest, we need to query the repository to find the current version
+        echo "Fetching package list to determine latest version..."
+        CONDA_PKG_INFO=$(curl -fsSL "${PACKAGES_URL}" | grep -A 30 "^Package: conda$" | head -n 31)
+        CONDA_VERSION=$(echo "${CONDA_PKG_INFO}" | grep "^Version:" | head -n 1 | awk '{print $2}')
+        CONDA_FILENAME=$(echo "${CONDA_PKG_INFO}" | grep "^Filename:" | head -n 1 | awk '{print $2}')
+        
+        if [ -z "${CONDA_VERSION}" ] || [ -z "${CONDA_FILENAME}" ]; then
+            echo "ERROR: Could not determine latest conda version or filename from ${PACKAGES_URL}"
+            echo "This may indicate an unsupported architecture or repository unavailability."
+            rm -f "${TEMP_DEB}"
+            exit 1
+        fi
+        
+        CONDA_PKG_NAME="${CONDA_FILENAME}"
+    else
+        # For specific versions, query the Packages file to find the exact filename
+        echo "Fetching package list to find version ${VERSION}..."
+        # Search for version pattern - user may specify 4.12.0 but package has 4.12.0-0
+        CONDA_PKG_INFO=$(curl -fsSL "${PACKAGES_URL}" | grep -A 30 "^Package: conda$" | grep -B 5 -A 25 "^Version: ${VERSION}")
+        CONDA_FILENAME=$(echo "${CONDA_PKG_INFO}" | grep "^Filename:" | head -n 1 | awk '{print $2}')
+        
+        if [ -z "${CONDA_FILENAME}" ]; then
+            echo "ERROR: Could not find conda version ${VERSION} in ${PACKAGES_URL}"
+            echo "Please verify the version specified is valid."
+            rm -f "${TEMP_DEB}"
+            exit 1
+        fi
+        
+        CONDA_PKG_NAME="${CONDA_FILENAME}"
     fi
-
-    check_packages $CONDA_PKG
+    
+    # Download the .deb package
+    CONDA_DEB_URL="${CONDA_REPO_BASE}/${CONDA_PKG_NAME}"
+    echo "Downloading conda package from ${CONDA_DEB_URL}..."
+    
+    if ! curl -fsSL "${CONDA_DEB_URL}" -o "${TEMP_DEB}"; then
+        echo "ERROR: Failed to download conda .deb package from ${CONDA_DEB_URL}"
+        echo "Please verify the version specified is valid."
+        rm -f "${TEMP_DEB}"
+        exit 1
+    fi
+    
+    # Verify the package was downloaded successfully
+    if [ ! -f "${TEMP_DEB}" ] || [ ! -s "${TEMP_DEB}" ]; then
+        echo "ERROR: Conda .deb package file is missing or empty"
+        rm -f "${TEMP_DEB}"
+        exit 1
+    fi
+    
+    # Install the package using apt (which handles dependencies automatically)
+    echo "Installing conda package..."
+    if ! apt-get install -y "${TEMP_DEB}"; then
+        echo "ERROR: Failed to install conda package"
+        rm -f "${TEMP_DEB}"
+        exit 1
+    fi
+    
+    # Clean up downloaded package
+    rm -f "${TEMP_DEB}"
 
     CONDA_SCRIPT="/opt/conda/etc/profile.d/conda.sh"
     . $CONDA_SCRIPT