devpod icon indicating copy to clipboard operation
devpod copied to clipboard

Published 20 hours ago verified publisher icon loft-sh

Environment Variable replaced at Runtime

Open ldoguin opened this issue 1 year ago • 11 comments

What happened?

I am setting up different variables to find binaries like

    "CARGO_HOME" : "/home/gitpod/.cargo",
    "GOPATH" : "/home/gitpod/go-packages",
    "GOROOT" : "/home/gitpod/go",
  },
  "remoteUser": "gitpod",
  "remoteEnv": {
    "PATH": "${containerEnv:PATH}:/home/gitpod/.cargo/bin:/home/gitpod/go/bin:/home/gitpod/go-packages/bin"

And unfortunately the /home/gitpod part is replaced by /workspace so all my binaries are not in the PATH anymore.

What did you expect to happen instead?

This works fine with codespace,

How can we reproduce the bug? (as minimally and precisely as possible)

You can reproduce by opening this repo in devpod and searching for go, tinygo, wit or other executable installed with Cargo: https://github.com/vados-cosmonic/wasmcon2024-couchbase-workshop/

ldoguin avatar Nov 11 '24 16:11 ldoguin

Hey @ldoguin, thanks for reporting the issue, we'll take a look!

pascalbreuninger avatar Nov 11 '24 17:11 pascalbreuninger

I'll drop in with my observations, as I think I'm seeing something similar. I've started debugging this more closely:

My test .devcontainer.json:

{
  "name": "debugging devpod's PATH problem",
  "image": "ghcr.io/yacoob/interactive:base",
  "containerEnv": {
    "PATH": "/containerEnv/marker:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
    "MARKER": "container"
  },
  "remoteEnv": {
    "PATH": "/remoteEnv/marker:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
    "MARKER": "remote"
  },
  "securityOpt": ["label=disable"],
  "remoteUser": "yacoob",
  "containerUser": "yacoob"
}

Test:

❯ podman exec reverent_kirch printenv PATH
/containerEnv/marker:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
❯ podman exec reverent_kirch printenv MARKER
container
❯ devpod ssh env-debug --command 'printenv PATH'
/home/yacoob/.local/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
❯ devpod ssh env-debug --command 'printenv MARKER'
remote
❯ devpod ssh env-debug --command 'cat /etc/envfile.json'
{"env":{"PATH":"/remoteEnv/marker:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","MARKER":"remote"}}

This strongly suggests that:

  • containerEnv sets variables properly for the container (as podman exec shows both variables undisturbed)
  • remoteEnv sets both variables via /etc/envfile.json, but PATH gets sanitized down to some standard value.

This is not totally unexpected, as traditional ssh also sanitizes PATH to its own default. Here, it's breaking things, as the values for containerEnv and remoteEnv can be set by either user or a feature they've included.

@pascalbreuninger any idea where that sanitization for PATH is happening?

yacoob avatar Nov 17 '24 12:11 yacoob

Further evidence:

❯ devpod ssh --set-env MARKER=/bla --set-env PATH=/workspaces/foo.venv/bin:/usr/bin --command 'printenv PATH' .
/home/yacoob/.local/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
❯ devpod ssh --set-env MARKER=/bla --set-env PATH=/workspaces/foo.venv/bin:/usr/bin --command 'printenv MARKER' .
/bla

Looks like devpod ssh - or the agent on the container's end - actually sanitizes PATH.

yacoob avatar Nov 17 '24 12:11 yacoob

One more thing: a (crude) workaround for me was to symlink the binaries I was missing into ~/.local/bin. As I'm making a Python devcontainer, I ended up having this:

"postCreateCommand": "(curl -LsSf https://astral.sh/uv/install.sh | sh) && uv sync && echo 'source ${containerWorkspaceFilder}/.venv/bin/activate' >> ~/.zshrc.local && ln -sf ${containerWorkspaceFolde
r}/.venv/bin/python3 ~/.local/bin/python3",

Not ideal, but does the trick in the meantime.

Correct fix (IMO) is to change devpod to honour PATH set via containerEnv and remoteEnv - as this seems to be the way for devcontainer features to hook into the container.

yacoob avatar Nov 17 '24 13:11 yacoob

Also notice this, the PATH is not injected?

	"Config": {
		"Hostname": "5d105445672d",
		"Domainname": "",
		"User": "root",
		"AttachStdin": false,
		"AttachStdout": false,
		"AttachStderr": false,
		"Tty": false,
		"OpenStdin": false,
		"StdinOnce": false,
		"Env": [
			"PATH=/usr/local/cargo/bin:/usr/local/go/bin:/go/bin:/home/vscode/go/bin:/home/vscode/cargo/bin:${containerEnv:PATH}",
			"DEVPOD=true",
			"REMOTE_CONTAINERS=true",
			"DEVPOD_WORKSPACE_ID=bats-protocol-framework",
			"DEVPOD_WORKSPACE_UID=default-ba-606cf",
			"CARGO_HOME=/home/vscode/cargo",
			"GOPATH=/home/vscode/go",
			"VCPKG_ROOT=/usr/local/vcpkg",
			"VCPKG_DOWNLOADS=/usr/local/vcpkg-downloads",
			"RUSTUP_HOME=/usr/local/rustup",
			"GOROOT=/usr/local/go"
		],
		"Cmd": [
			"-c",
			"echo Container started\ntrap \"exit 0\" 15\n\nexec \"$@\"\nwhile sleep 1 & wait $!; do :; done",
			"-"
		],

stevefan1999-personal avatar Jan 16 '25 04:01 stevefan1999-personal

This issue is stale because it has been open for 60 days with no activity.

github-actions[bot] avatar Mar 18 '25 02:03 github-actions[bot]

no stale

stevefan1999-personal avatar Mar 18 '25 02:03 stevefan1999-personal

This issue is stale because it has been open for 60 days with no activity.

github-actions[bot] avatar May 18 '25 02:05 github-actions[bot]

no stale

stevefan1999-personal avatar May 19 '25 02:05 stevefan1999-personal

This issue is stale because it has been open for 60 days with no activity.

github-actions[bot] avatar Jul 19 '25 02:07 github-actions[bot]

no stale

stevefan1999-personal avatar Jul 20 '25 09:07 stevefan1999-personal