From 42777b07d247b53835001ccb5799b8cc9d2a3eab Mon Sep 17 00:00:00 2001 From: Ian Davis Date: Mon, 12 Oct 2020 14:14:51 -0700 Subject: [PATCH 1/2] Adding intitial dev container config. Still testing docker without root --- .devcontainer/Dockerfile | 80 +++++++++++++++++++++++++++++++++ .devcontainer/devcontainer.json | 38 ++++++++++++++++ 2 files changed, 118 insertions(+) create mode 100644 .devcontainer/Dockerfile create mode 100644 .devcontainer/devcontainer.json diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000..df9dc95 --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,80 @@ +# [Choice] Ubuntu version: bionic, focal +ARG VARIANT=bionic +FROM mcr.microsoft.com/vscode/devcontainers/base:${VARIANT} + +# This Dockerfile adds a non-root user with sudo access. Update the “remoteUser” property in +# devcontainer.json to use it. More info: https://aka.ms/vscode-remote/containers/non-root-user. +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + +# Docker script args, location, and expected SHA - SHA generated on release +ARG DOCKER_SCRIPT_SOURCE="https://raw.githubusercontent.com/microsoft/vscode-dev-containers/master/script-library/docker-debian.sh" +ARG DOCKER_SCRIPT_SHA="dev-mode" +ARG ENABLE_NONROOT_DOCKER="true" +ARG SOURCE_SOCKET=/var/run/docker-host.sock +ARG TARGET_SOCKET=/var/run/docker.sock + +RUN apt-get update \ + && export DEBIAN_FRONTEND=noninteractive \ + # Verify common dependencies and utilities are installed + && apt-get -y install --no-install-recommends apt-utils dialog git openssh-client curl less iproute2 procps 2>&1 \ + # + # Create a non-root user to use if not already available - see https://aka.ms/vscode-remote/containers/non-root-user. + && if [ $(getent passwd $USERNAME) ]; then \ + # If exists, see if we need to tweak the GID/UID + if [ "$USER_GID" != "1000" ] || [ "$USER_UID" != "1000" ]; then \ + groupmod --gid $USER_GID $USERNAME \ + && usermod --uid $USER_UID --gid $USER_GID $USERNAME \ + && chown -R $USER_UID:$USER_GID /home/$USERNAME; \ + fi; \ + else \ + # Otherwise ccreate the non-root user + groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # Add sudo support for the non-root user + && apt-get install -y sudo \ + && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME\ + && chmod 0440 /etc/sudoers.d/$USERNAME; \ + fi \ + # + # Use Docker script from script library to set things up + && curl -sSL $DOCKER_SCRIPT_SOURCE -o /tmp/docker-setup.sh \ + && ([ "${DOCKER_SCRIPT_SHA}" = "dev-mode" ] || (echo "${DOCKER_SCRIPT_SHA} */tmp/docker-setup.sh" | sha256sum -c -)) \ + && /bin/bash /tmp/docker-setup.sh "${ENABLE_NONROOT_DOCKER}" "${SOURCE_SOCKET}" "${TARGET_SOCKET}" "${USERNAME}" \ + && rm /tmp/docker-setup.sh \ + # + # Clean up + && apt-get autoremove -y \ + && apt-get clean -y \ + && rm -rf /var/lib/apt/lists/* + +# Install emulation support +RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ + && apt-get -y install --no-install-recommends \ + binfmt-support \ + make \ + python3-dev \ + python3-pip \ + python3-setuptools \ + qemu-user-static + +# [Optional] Uncomment this section to install additional OS packages. +# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ +# && apt-get -y install --no-install-recommends + +USER $USERNAME +# Install packages required to generate code +RUN python3 -m pip install --user -U pip && \ + python3 -m pip install -U setuptools && \ + python3 -m pip install plumbum==1.6.8 && \ + python3 -m pip install jinja2==2.10.3 && \ + python3 -m pip install pyyaml==5.3.1 && \ + python3 -m pip install -U pylint --user + +USER root + +# Setting the ENTRYPOINT to docker-init.sh will configure non-root access to +# the Docker socket if "overrideCommand": false is set in devcontainer.json. +# The script will also execute CMD if you need to alter startup behaviors. +ENTRYPOINT [ "/usr/local/share/docker-init.sh" ] \ No newline at end of file diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..729161c --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,38 @@ +{ + "name": "Existing Dockerfile", + + // Sets the run context to one level up instead of the .devcontainer folder. + "context": ".", + + // Update the 'dockerFile' property if you aren't using the standard 'Dockerfile' filename. + "dockerFile": "Dockerfile", + + // Set *default* container specific settings.json values on container create. + "settings": { + "terminal.integrated.shell.linux": "/bin/bash" + }, + + // Add the IDs of extensions you want installed when the container is created. + "extensions": [ + "ms-azuretools.vscode-docker", + "ms-python.python" + ], + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + + // Uncomment the next line to run commands after the container is created - for example installing curl. + "postCreateCommand": "make init", + + // Uncomment when using a ptrace-based debugger like C++, Go, and Rust + // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], + + // Uncomment to use the Docker CLI from inside the container. See https://aka.ms/vscode-remote/samples/docker-from-docker. + "mounts": [ + "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind", + "source=/tmp,target=/tmp,type=bind" + ], + + // Uncomment to connect as a non-root user if you've added one. See https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" +} From 2deeb42f63ca72701a9534378defa5cc1ceb3a41 Mon Sep 17 00:00:00 2001 From: Ian Davis Date: Thu, 22 Oct 2020 09:31:40 -0700 Subject: [PATCH 2/2] Fixing non-root docker usage. --- .devcontainer/Dockerfile | 3 ++- .devcontainer/devcontainer.json | 12 +++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index df9dc95..2fc8da8 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -77,4 +77,5 @@ USER root # Setting the ENTRYPOINT to docker-init.sh will configure non-root access to # the Docker socket if "overrideCommand": false is set in devcontainer.json. # The script will also execute CMD if you need to alter startup behaviors. -ENTRYPOINT [ "/usr/local/share/docker-init.sh" ] \ No newline at end of file +ENTRYPOINT [ "/usr/local/share/docker-init.sh" ] +CMD [ "sleep", "infinity" ] \ No newline at end of file diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 729161c..2424314 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,5 +1,5 @@ { - "name": "Existing Dockerfile", + "name": "jetson-containers", // Sets the run context to one level up instead of the .devcontainer folder. "context": ".", @@ -12,6 +12,11 @@ "terminal.integrated.shell.linux": "/bin/bash" }, + // Use this environment variable if you need to bind mount your local source code into a new container. + "remoteEnv": { + "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" + }, + // Add the IDs of extensions you want installed when the container is created. "extensions": [ "ms-azuretools.vscode-docker", @@ -25,7 +30,7 @@ "postCreateCommand": "make init", // Uncomment when using a ptrace-based debugger like C++, Go, and Rust - // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], + "runArgs": ["--init"], // Uncomment to use the Docker CLI from inside the container. See https://aka.ms/vscode-remote/samples/docker-from-docker. "mounts": [ @@ -33,6 +38,7 @@ "source=/tmp,target=/tmp,type=bind" ], - // Uncomment to connect as a non-root user if you've added one. See https://aka.ms/vscode-remote/containers/non-root. + // Uncomment the next two lines to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. + "overrideCommand": false, "remoteUser": "vscode" }