Skip to content

Install azfilesauth package #593

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
robins1212 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Install azfilesauth package #593

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5e42e7c
install azfilesauth package
Jan 30, 2026
48ea71d
add commands to test list
Jan 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion linux/base.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ RUN tdnf update -y --refresh && \
gnupg2 \
autoconf \
ansible \
azfilesauth \
bash-completion \
build-essential \
binutils \
Expand Down Expand Up @@ -235,4 +236,8 @@ RUN curl -fsSL https://aka.ms/install-azd.sh | bash && \
tar -xf rootlesskit-x86_64.tar.gz && \
cp rootlesskit rootlesskit-docker-proxy /usr/bin/ && \
popd && \
rm -rf $TMP_DIR
rm -rf $TMP_DIR && \
#
# Install requests package for azfilesauth
#
pip install requests
Copy link
Contributor

@priyaananthasankar priyaananthasankar Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need requests library? Is this a dependency induced by one of these packages?

Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For consistency with other Python package installations in this file, consider using pip3 instead of pip. Other pip commands in the Dockerfile use pip3 explicitly (line 165) or python -m pip (line 172).

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Dockerfile installs the Python requests package via pip install requests without pinning a version or verifying integrity. This creates a supply chain risk where a compromised or malicious requests release on PyPI could be pulled into the base CloudShell image and executed at build time or when imported at runtime. Prefer using a pinned version from a trusted source (e.g., internal feed) and, where possible, enabling hash or signature verification for the downloaded package.

Copilot uses AI. Check for mistakes.
3 changes: 3 additions & 0 deletions tests/command_list
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,8 @@ awk
az
azcopy
azd
azfilesauthmanager
azfilesrefresh
b2sum
badblocks
base32
Expand Down Expand Up @@ -868,6 +870,7 @@ node
nodejs
nohup
nologin
normalizer
npm
nproc
npth-config
Expand Down