diff --git a/assets/aws-cli-public-key.asc b/assets/aws-cli-public-key.asc new file mode 100644 index 000000000..b415d17d9 --- /dev/null +++ b/assets/aws-cli-public-key.asc @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF2Cr7UBEADJZHcgusOJl7ENSyumXh85z0TRV0xJorM2B/JL0kHOyigQluUG +ZMLhENaG0bYatdrKP+3H91lvK050pXwnO/R7fB/FSTouki4ciIx5OuLlnJZIxSzx +PqGl0mkxImLNbGWoi6Lto0LYxqHN2iQtzlwTVmq9733zd3XfcXrZ3+LblHAgEt5G +TfNxEKJ8soPLyWmwDH6HWCnjZ/aIQRBTIQ05uVeEoYxSh6wOai7ss/KveoSNBbYz +gbdzoqI2Y8cgH2nbfgp3DSasaLZEdCSsIsK1u05CinE7k2qZ7KgKAUIcT/cR/grk +C6VwsnDU0OUCideXcQ8WeHutqvgZH1JgKDbznoIzeQHJD238GEu+eKhRHcz8/jeG +94zkcgJOz3KbZGYMiTh277Fvj9zzvZsbMBCedV1BTg3TqgvdX4bdkhf5cH+7NtWO +lrFj6UwAsGukBTAOxC0l/dnSmZhJ7Z1KmEWilro/gOrjtOxqRQutlIqG22TaqoPG +fYVN+en3Zwbt97kcgZDwqbuykNt64oZWc4XKCa3mprEGC3IbJTBFqglXmZ7l9ywG +EEUJYOlb2XrSuPWml39beWdKM8kzr1OjnlOm6+lpTRCBfo0wa9F8YZRhHPAkwKkX +XDeOGpWRj4ohOx0d2GWkyV5xyN14p2tQOCdOODmz80yUTgRpPVQUtOEhXQARAQAB +tCFBV1MgQ0xJIFRlYW0gPGF3cy1jbGlAYW1hem9uLmNvbT6JAlQEEwEIAD4CGwMF +CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQT7Xbd/1cEYuAURraimMQrMRnJHXAUC +ZqFYbwUJCv/cOgAKCRCmMQrMRnJHXKYuEAC+wtZ611qQtOl0t5spM9SWZuszbcyA +0xBAJq2pncnp6wdCOkuAPu4/R3UCIoD2C49MkLj9Y0Yvue8CCF6OIJ8L+fKBv2DI +yWZGmHL0p9wa/X8NCKQrKxK1gq5PuCzi3f3SqwfbZuZGeK/ubnmtttWXpUtuU/Iz +VR0u/0sAy3j4uTGKh2cX7XnZbSqgJhUk9H324mIJiSwzvw1Ker6xtH/LwdBeJCck +bVBdh3LZis4zuD4IZeBO1vRvjot3Oq4xadUv5RSPATg7T1kivrtLCnwvqc6L4LnF +0OkNysk94L3LQSHyQW2kQS1cVwr+yGUSiSp+VvMbAobAapmMJWP6e/dKyAUGIX6+ +2waLdbBs2U7MXznx/2ayCLPH7qCY9cenbdj5JhG9ibVvFWqqhSo22B/URQE/CMrG ++3xXwtHEBoMyWEATr1tWwn2yyQGbkUGANneSDFiTFeoQvKNyyCFTFO1F2XKCcuDs +19nj34PE2TJilTG2QRlMr4D0NgwLLAMg2Los1CK6nXWnImYHKuaKS9LVaCoC8vu7 +IRBik1NX6SjrQnftk0M9dY+s0ZbAN1gbdjZ8H3qlbl/4TxMdr87m8LP4FZIIo261 +Eycv34pVkCePZiP+dgamEiQJ7IL4ZArio9mv6HbDGV6mLY45+l6/0EzCwkI5IyIf +BfWC9s/USgxchg== +=ptgS +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/src/main.py b/src/main.py index e3bd03a45..7595e4ebe 100644 --- a/src/main.py +++ b/src/main.py @@ -126,6 +126,11 @@ def _copy_static_files(base_version_dir, new_version_dir, new_version_major, run for f in glob.glob(os.path.relpath(f"{base_path}/Dockerfile")): shutil.copy2(f, new_version_dir) + # Copy AWS CLI public key from assets + aws_cli_key_path = os.path.relpath(f"assets/aws-cli-public-key.asc") + if os.path.exists(aws_cli_key_path): + shutil.copy2(aws_cli_key_path, new_version_dir) + if int(new_version_major) >= 1: # dirs directory doesn't exist for v0. It was introduced only for v1 dirs_relative_path = os.path.relpath(f"{base_path}/dirs") diff --git a/template/v2/Dockerfile b/template/v2/Dockerfile index c04dde066..dd49adb22 100644 --- a/template/v2/Dockerfile +++ b/template/v2/Dockerfile @@ -48,6 +48,8 @@ RUN usermod "--login=${NB_USER}" "--home=/home/${NB_USER}" --move-home "-u ${NB_ ENV MAMBA_USER=$NB_USER ENV USER=$NB_USER +COPY aws-cli-public-key.asc /tmp/ + RUN apt-get update && apt-get upgrade -y && \ apt-get install -y --no-install-recommends sudo gettext-base wget curl unzip git rsync build-essential openssh-client nano cron less mandoc jq ca-certificates gnupg && \ # We just install tzdata below but leave default time zone as UTC. This helps packages like Pandas to function correctly. @@ -57,10 +59,13 @@ RUN apt-get update && apt-get upgrade -y && \ touch /etc/krb5.conf.lock && chown ${NB_USER}:${MAMBA_USER} /etc/krb5.conf* && \ # Note that we do NOT run `rm -rf /var/lib/apt/lists/*` here. If we did, anyone building on top of our images will # not be able to run any `apt-get install` commands and that would hamper customizability of the images. - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \ - unzip awscliv2.zip && \ - sudo ./aws/install && \ - rm -rf aws awscliv2.zip && \ + curl -O "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" && \ + curl -O "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip.sig" && \ + gpg --import /tmp/aws-cli-public-key.asc && \ + gpg --verify awscli-exe-linux-x86_64.zip.sig awscli-exe-linux-x86_64.zip && \ + unzip awscli-exe-linux-x86_64.zip && \ + ./aws/install && \ + rm -rf aws awscli-exe-linux-x86_64.zip awscli-exe-linux-x86_64.zip.sig aws-cli-public-key.asc && \ : && \ echo "source /usr/local/bin/_activate_current_env.sh" | tee --append /etc/profile && \ # CodeEditor - create server, user data dirs diff --git a/template/v3/Dockerfile b/template/v3/Dockerfile index 92754a045..232f76fec 100644 --- a/template/v3/Dockerfile +++ b/template/v3/Dockerfile @@ -48,6 +48,8 @@ RUN usermod "--login=${NB_USER}" "--home=/home/${NB_USER}" --move-home "-u ${NB_ ENV MAMBA_USER=$NB_USER ENV USER=$NB_USER +COPY aws-cli-public-key.asc /tmp/ + RUN apt-get update && apt-get upgrade -y && \ apt-get install -y --no-install-recommends sudo gettext-base wget curl unzip git rsync build-essential openssh-client nano cron less mandoc jq ca-certificates gnupg && \ # We just install tzdata below but leave default time zone as UTC. This helps packages like Pandas to function correctly. @@ -57,10 +59,13 @@ RUN apt-get update && apt-get upgrade -y && \ touch /etc/krb5.conf.lock && chown ${NB_USER}:${MAMBA_USER} /etc/krb5.conf* && \ # Note that we do NOT run `rm -rf /var/lib/apt/lists/*` here. If we did, anyone building on top of our images will # not be able to run any `apt-get install` commands and that would hamper customizability of the images. - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \ - unzip awscliv2.zip && \ - sudo ./aws/install && \ - rm -rf aws awscliv2.zip && \ + curl -O "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" && \ + curl -O "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip.sig" && \ + gpg --import /tmp/aws-cli-public-key.asc && \ + gpg --verify awscli-exe-linux-x86_64.zip.sig awscli-exe-linux-x86_64.zip && \ + unzip awscli-exe-linux-x86_64.zip && \ + ./aws/install && \ + rm -rf aws awscli-exe-linux-x86_64.zip awscli-exe-linux-x86_64.zip.sig aws-cli-public-key.asc && \ : && \ echo "source /usr/local/bin/_activate_current_env.sh" | tee --append /etc/profile && \ # CodeEditor - create server, user data dirs