vscode-remote-release icon indicating copy to clipboard operation
vscode-remote-release copied to clipboard
verified publisher icon microsoft

Customize/override bootstrap.Dockerfile

Open PvanHengel opened this issue 2 years ago • 4 comments

As an enterprise developer that uses devcontainers, I need to add custom root certificates using a script file in the bootstrap docker file used to bootstrap (git clone) source code into the true dev container. Without these root certificates in the docker image installed via a custom script there is no way to clone the repo.

One can modify the bootstrap.Dockerfile in the users .vscode folder, which gets copied into the /var/... location before building, helper scripts placed there are not available to be added to the base image. A more robust system for making modifications to the root image, or a system setting to override the bootstrap image used (that ideally persists as versions of the extension are upgraded as well) is required.

PvanHengel avatar Feb 25 '23 16:02 PvanHengel

Any update when this might be able to be looked at, its a blocker at this point and really are unable to make any progress due to the root certificates not being inside the bootstrapping image used to clone and create the volume. Ive been hacking around and cannot reliably create any solution that would work across multiple developer machines.

PvanHengel avatar Mar 22 '23 10:03 PvanHengel

#3809 can also use this feature, what we really want is to run devcontainer in a network restricted area, so we can inject proxies, mirrors and such other envs etc into the Dockerfile.

pootow avatar Jul 28 '23 14:07 pootow

Even simply being able to specify the base image used by the clone and recovery container in the settings, would at least allow us to push the preconfigured image to our internal registry and have it work.

francoissharpe avatar Feb 15 '24 09:02 francoissharpe

@PvanHengel The latest pre-releases (currently Dev Containers 0.344.0-pre-release) loads the system certificates into the bootstrap container. Could you give that a try? (Tracked as https://github.com/microsoft/vscode-remote-release/issues/6092.)

chrmarti avatar Feb 15 '24 11:02 chrmarti

I know this is bad, but the customize can be done by replacing the file content under ~/.vscode/extensions/ms-vscode-remote.remote-containers-{version}/scripts/bootstrap.Dockerfile

kimidaisuki22 avatar Mar 03 '24 14:03 kimidaisuki22

What are the other use-cases for overriding this Dockerfile aside from loading root certificates? Ideally everything would just work out-of-the-box, so I'd be interested if we can improve on that before we make the Dockerfile configurable.

chrmarti avatar Mar 05 '24 09:03 chrmarti

What are the other use-cases for overriding this Dockerfile aside from loading root certificates? Ideally everything would just work out-of-the-box, so I'd be interested if we can improve on that before we make the Dockerfile configurable.

It may not a problem about Dockerfile configurable: clone repo into volume is handy, but volume-bootstrap is slow to build in my network, for me I just prebuild it in the background and then fetch it from LAN when I use it.

I have tried to simply replace the build file, but it has a more complex image than I think, so I just give up. And I think the customize just adds more cost for both users and the dev team and not enough benefit.

Maybe an addition Dockerfile can be added to build final image onto current boostrap image, it is easier to maintain and add some customization for end users.

kimidaisuki22 avatar Mar 05 '24 12:03 kimidaisuki22

use-cases for overriding this Dockerfile aside from loading root certificates? Ideally everything would just work out-of-the-box, so I'd be interested if we can improve on that before we ma

What are the other use-cases for overriding this Dockerfile aside from loading root certificates? Ideally everything would just work out-of-the-box, so I'd be interested if we can improve on that before we make the Dockerfile configurable.

Another use case might be setting up the openssl.conf file, hosts file, or other OS level settings that are required during the bootstrapping process.

PvanHengel avatar Mar 15 '24 10:03 PvanHengel

I know this is bad, but the customize can be done by replacing the file content under ~/.vscode/extensions/ms-vscode-remote.remote-containers-{version}/scripts/bootstrap.Dockerfile

I hope to be able to modify the bootstrap.Dockerfile. Due to network issues, I am unable to open the dev container smoothly. If it is not possible to overwrite the bootstrap.Dockerfile, can a custom shell be executed instead? Just the manual replacement method in the above method needs to be implemented through the shell.

wanxger avatar Apr 16 '24 02:04 wanxger

I know this is bad, but the customize can be done by replacing the file content under ~/.vscode/extensions/ms-vscode-remote.remote-containers-{version}/scripts/bootstrap.Dockerfile

I hope to be able to modify the bootstrap.Dockerfile. Due to network issues, I am unable to open the dev container smoothly. If it is not possible to overwrite the bootstrap.Dockerfile, can a custom shell be executed instead? Just the manual replacement method in the above method needs to be implemented through the shell.

I used a script locally to perform automatic replacements. It works, but it cannot be written once and run everywhere.

wanxger avatar Apr 16 '24 03:04 wanxger

when cloning our repository (which has git-lfs and post-checkout) we always got the message to set GIT_CLONE_PROTECTION_ACTIVE=false to overcome the cloning. the only way we found for now, was to adapt this file locally on each machine

h4de5 avatar Jul 26 '24 13:07 h4de5

@h4de5 I will update the base image to mcr.microsoft.com/devcontainers/base:0-alpine-3.20 to pick up Git 2.45.2 which has a fix for your issue: https://github.com/git-lfs/git-lfs/issues/5749#issuecomment-2145600523

chrmarti avatar Jul 26 '24 14:07 chrmarti

This fix is available in Dev Containers 0.381.0-pre-release.

chrmarti avatar Jul 30 '24 18:07 chrmarti