Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Devcontainer improvements #10

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

offlinehacker
Copy link

@offlinehacker offlinehacker commented Aug 7, 2020

This pull request implements several improvements for devcontainers:

  • improve patching of vscode binaries, by not overriding LD_LIBRARY_PATH, but by using entrypoint that does patchelf on vscode node binary. See also comment in code.
  • Support for running as non-root user
  • disable nix sandboxing, thus allow running as non-privileged
  • Integrate sudo

I also implemented example repo that is using this image for devcontainer: https://github.com/xtruder/nix-devcontainer

  • using docker-compose
  • using home-mananger to manage home files
  • using nix-shell and also extension for vscode

Copy link
Member

@zimbatm zimbatm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome. Thanks for taking what I started and running with it!

@@ -94,23 +128,19 @@ let
# make sure /tmp exists
mkdir -m 0777 tmp

# allow ubuntu ELF binaries to run. VSCode copies it's own.
mkdir -p lib64
ln -s ${glibc}/lib64/ld-linux-x86-64.so.2 lib64/ld-linux-x86-64.so.2
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are you sure you don't want to keep this? Other extensions might also download random binaries.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add later if there would be some issues, would not make this default as it solves only part of problem. If some third party binary is not statically linked, it's a good chance it will require also some other libraries. Regarding installing of vscode plugins can probably be automatized using home-manager module and binaries can be patched there.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please don't remove this otherwise it will break actions/checkout@v3 when we use devcontainer as github action iamge

# VSCode assumes that /sbin/ip exists
mkdir sbin
ln -s /nix/var/nix/profiles/default/bin/ip sbin/ip
'';

config = {
Cmd = [ "/nix/var/nix/profiles/default/bin/bash" ];
Entrypoint = [ "/nix/var/nix/profiles/default/bin/entrypoint.sh" ];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I was hacking on it, vscode was running the container with its own entry point. Is that not the case anymore?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean it works for me if using docker-compose, but have to still test with plain devcontainer.

images/devcontainer/root/etc/nix/nix.conf Outdated Show resolved Hide resolved
@offlinehacker offlinehacker force-pushed the devcontainer-improvements branch from 3f2de75 to 6264454 Compare August 7, 2020 13:04
@zimbatm
Copy link
Member

zimbatm commented Feb 10, 2021

@offlinehacker sorry this went out of my radar. Would you like me to merge this PR?

@offlinehacker
Copy link
Author

offlinehacker commented Feb 15, 2021

I can't say, I don't use it currently, but maybe others find it useful. I don't like some parts of how nix is building docker images, as it's too magic. I switched to debian based image and wrote: https://github.com/xtruder/debian-nix-devcontainer, which I am successfully using for of all of my projects.

@zimbatm
Copy link
Member

zimbatm commented Feb 15, 2021

Yeah, that makes sense. I also think that it will be less pain as tooling in vscode tends to assume a debian-like environment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants