prql icon indicating copy to clipboard operation
prql copied to clipboard

Published 20 hours ago verified publisher icon PRQL

build: Move git config ... add safe.directory to a script within .devcontainer

Open richb-hanover opened this issue 1 year ago • 5 comments
trafficstars

This is another way to solve #4830. It places the git config ... --add safe.directory ... command into a shell script (post_create.sh) within the .devcontainer directory.

It gets invoked by the devcontainer.json postCreateCommand section, so it only applies to Dev Container builds, and won't hassle people who build PRQL natively.

Other observations:

  • I observed the need for the git config ... --add safe.directory ... command in three environments: macOS 12.7.5 on Intel, macOS 14.5 on M2, and Win 11. So there's something about the DevContainer that triggers/requires it. This PR works around it cleanly.

  • This script also installs pre-commit so that commands like task test-lint always work without error.

richb-hanover avatar Aug 19 '24 01:08 richb-hanover

@eitsupi Thank you for insisting I look further. I found a good article that seems to explain the situation. Avoiding Dubious Ownership in Dev Containers

IIUC, the situation where the volume mounted by the container is owned by root, while the source code folders are owned by vscode could lead to mischief in certain environments. That causes git to raise this warning. The article then states that the git config ... --add safe.directory ... command was introduced explicitly to address this concern.

This leads me to a few observations:

  1. This PR seems to be a reasonable fix for my problem. Does it/will it work for others?
  2. We have had multiple discussions of ownership (#3712, @max-sixty's comments in https://github.com/PRQL/prql/issues/3709#issuecomment-1771510785)
  3. @eitsupi - do you still have concerns here?

Thanks

richb-hanover avatar Aug 19 '24 11:08 richb-hanover

@richb-hanover Again, could you please report this issue upstream? And could you get the latest solution advice from a professional?

This should not be a problem specific to this repository, and it would be quite silly to make such a change in all repositories that use devcontainer.

eitsupi avatar Aug 19 '24 13:08 eitsupi

@eitsupi - I would ask for your help creating the report for upstream. I assume it should go here: https://github.com/microsoft/vscode-remote-release/issues

Here's my first draft of a report - your comments would be appreciated:

SUBJECT: Dev Container gives "dubious ownership" error message

I have a Dev Container whose Dockerfile has this form:

...
USER vscode

... install a bunch of cargo/rust stuff ...

USER root
...

Using current versions of Docker Desktop on both macOS and Windows, I see this error:

ERROR Failed to read Git log: fatal: detected dubious ownership in repository at '/workspaces/prql'
To add an exception for this directory, call:

        git config --global --add safe.directory /workspaces/prql

I first noticed this a while ago - maybe two-three months, but I'm not sure.

My questions:

  1. Is this behavior expected? (That is, will a Dev Container with two USERs always trigger this error message?)

  2. Is the proper fix running the git config ... --add safe.directory... command?

  3. Is there any reason this command couldn't be placed in the postCreateCommand section of devcontainer.json?

Many thanks.

richb-hanover avatar Aug 19 '24 13:08 richb-hanover

@richb-hanover Thanks, your draft looks good.

eitsupi avatar Aug 19 '24 14:08 eitsupi

Posted at https://github.com/microsoft/vscode-remote-release/issues/10179

richb-hanover avatar Aug 19 '24 14:08 richb-hanover