Skip to content

Convert dynamic CMD script into static script #14607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Feb 28, 2025
Merged

Convert dynamic CMD script into static script #14607

merged 13 commits into from
Feb 28, 2025

Conversation

kenodegard
Copy link
Contributor

@kenodegard kenodegard commented Feb 19, 2025
edited
Loading

Description

Stop using dynamic .bat scripts for activation & deactivation in Windows CMD.EXE and instead introduce a static script that accepts an INI-style environment file.

Resolves #13610
Depends on #14619

To test this locally on Windows:

Enable Application Identity Service

  1. Open Services
  2. Right click on Application Identity and select Properties
  3. Optionally change Startup type to Automatic
  4. Start service

Enable AppLocker

  1. Open Local Security Policy
  2. Navigate to Security Settings > Application Control Policies > AppLocker
  3. Select Configure rule enforcement under Configure Rule Enforcement, this will open a new window
  4. Select Script rules and set to Enforce rules
  5. Back in the original Local Security Policy window navigate to Script Rules
  6. Add default rules by right clicking and select Create Default Rules
  7. Add Allow Rule for devenv location
    a. Right click and select Create New Rule...
    b. Permissions: Allow, Everyone
    c. Conditions: Path
    d. Path: Fill in path to devenv
    e. Exceptions: None
  8. Add Allow Rule for conda source code location
  9. Add Deny Rule for %TEMP% location
  10. Restart machine
applocker

Test with main to see AppLocker in effect

  1. Checkout main
  2. Start devenv, .\dev\start.bat
  3. Run conda activate

Test with cmd-static-script

  1. Checkout cmd-static-script
  2. Start devenv, .\dev\start.bat
  3. Run conda activate

Tip

You can easily toggle AppLocker on/off via the Configure Rule Enforcement without needing to restart your machine.

Checklist - did you ...

  • Add a file to the news directory (using the template) for the next release's release notes?
  • Add / update necessary tests?
  • Add / update outdated documentation?

@conda-bot conda-bot added the cla-signed [bot] added once the contributor has signed the CLA label Feb 19, 2025
@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented Feb 19, 2025
edited
Loading

CodSpeed Performance Report

Merging #14607 will not alter performance

Comparing cmd-static-script (e24fc71) with main (548dead)

Summary

✅ 21 untouched benchmarks

@kenodegard kenodegard changed the title Convert dynamic CMD scripts into static script Convert dynamic CMD script into static script Feb 19, 2025
kenodegard
kenodegard commented Feb 21, 2025
View reviewed changes
kenodegard
kenodegard commented Feb 21, 2025
View reviewed changes
@kenodegard kenodegard force-pushed the cmd-static-script branch 5 times, most recently from 55c3597 to 0f7f076 Compare February 21, 2025 23:30
@kenodegard kenodegard mentioned this pull request Feb 24, 2025
Merged
3 tasks
@jezdez jezdez self-requested a review February 25, 2025 16:30
@kenodegard kenodegard marked this pull request as ready for review February 26, 2025 04:24
@kenodegard kenodegard requested a review from a team as a code owner February 26, 2025 04:24
@kenodegard kenodegard moved this from 🏗️ In Progress to 👀 In Review in 🔎 Review Feb 26, 2025
@kenodegard
Copy link
Contributor Author

Does this change impact mamba?

@kenodegard
Copy link
Contributor Author

Since this change modifies existing scripts and CMD relies on the condabin (not on shell functions) this change should update gracefully (i.e., users wont need to restart their shell after updating).

@jezdez
Copy link
Member

jezdez commented Feb 26, 2025

How do I test this?

@kenodegard
Copy link
Contributor Author

@jezdez added testing instructions above

jezdez
jezdez previously approved these changes Feb 26, 2025
View reviewed changes
Copy link
Member

@jezdez jezdez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @kenodegard, for the steps to test. Confirmed that this did the trick and I feel confident this takes the conda activation out of the way of AppLocker

@github-project-automation github-project-automation bot moved this from 👀 In Review to ✅ Approved in 🔎 Review Feb 26, 2025
@dhirschfeld dhirschfeld mentioned this pull request Feb 28, 2025
Open
@jezdez jezdez merged commit 170a44d into main Feb 28, 2025
85 checks passed
@jezdez jezdez deleted the cmd-static-script branch February 28, 2025 13:29
@github-project-automation github-project-automation bot moved this from ✅ Approved to 🏁 Done in 🔎 Review Feb 28, 2025
This was referenced Feb 28, 2025
Closed
Closed
@kenodegard kenodegard mentioned this pull request Mar 17, 2025
Open
81 tasks
This was referenced Mar 26, 2025
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jezdez jezdez jezdez approved these changes

Assignees
No one assigned
Labels
cla-signed [bot] added once the contributor has signed the CLA
Projects
🔎 Review
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Conda cannot be activated on Windows if AppLocker is used
3 participants
@kenodegard @jezdez @conda-bot