From f84fbb1b59aa2e3bd559ee8c71636372d4ceb48b Mon Sep 17 00:00:00 2001 From: Anthony Tarbinian Date: Sun, 29 Oct 2023 16:12:57 +0000 Subject: [PATCH 1/4] enter dev container as non-root user Logs into the dev container as the non-root "tuas" user. This is to prevent being root inside the container and modifying file permissions on the host system. Also moved Dockerfile to .devcontainer folder and checked in devcontainer.json to git. To have the terminal use bash as it's shell, the json file needed to be modified and now we have the same configuration across all users. There's also a popup that shows up to launch the container since VS Code will detect the devcontainer.json file that's already there. https://stackoverflow.com/questions/55957783/should-i-check-in-the-vs-code-dev-container-files-for-example-the-devcontaine --- Dockerfile => .devcontainer/Dockerfile | 15 +++++++++++++-- .devcontainer/devcontainer.json | 17 +++++++++++++++++ .gitignore | 1 - 3 files changed, 30 insertions(+), 3 deletions(-) rename Dockerfile => .devcontainer/Dockerfile (86%) create mode 100644 .devcontainer/devcontainer.json diff --git a/Dockerfile b/.devcontainer/Dockerfile similarity index 86% rename from Dockerfile rename to .devcontainer/Dockerfile index 4a953399..6ad973d6 100644 --- a/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,4 +1,13 @@ FROM amd64/ubuntu:22.04 + +# Create a non-root user +ARG USERNAME=tuas +ARG USER_UID=1000 +ARG USER_GID=$USER_UID +RUN groupadd --gid $USER_GID $USERNAME \ + && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME + + # https://gist.github.com/SSARCandy/fc960d8905330ac695e71e3f3807ce3d # OpenCV dependencies from above RUN apt-get update \ @@ -40,7 +49,9 @@ WORKDIR /obcpp/build # RUN make obcpp # parallelize this -CMD ["/bin/bash"] +# login as non-root user +USER $USERNAME + # CMD ["/obcpp/build/bin/obcpp"] # docker build - < Dockerfile @@ -50,4 +61,4 @@ CMD ["/bin/bash"] # https://www.jmoisio.eu/en/blog/2020/06/01/building-cpp-containers-using-docker-and-cmake/ # find -name "*Cache.txt" -delete -# TODO: this container is way too big for some reason. Refer to above blog post for staged build (may not want to do that for development tho. I am unable to get devcontainers running) \ No newline at end of file +# TODO: this container is way too big for some reason. Refer to above blog post for staged build (may not want to do that for development tho. I am unable to get devcontainers running) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 00000000..9d7f18eb --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,17 @@ +// See this page for reference of options: https://containers.dev/implementors/json_reference +{ + "name": "Existing Dockerfile", + "build": { + "context": "..", + "dockerfile": "Dockerfile" + }, + + "customizations": { + "vscode": { + "settings": { + // Use bash instead of sh + "terminal.integrated.defaultProfile.linux": "bash" + } + } + } +} diff --git a/.gitignore b/.gitignore index c449cd22..93800669 100644 --- a/.gitignore +++ b/.gitignore @@ -13,7 +13,6 @@ _deps/ Testing/ .vscode -.devcontainer libcore_library.dylib .DS_Store \ No newline at end of file From 349ce0912f59fef45b868c9315a62fd64a016f94 Mon Sep 17 00:00:00 2001 From: Anthony Tarbinian Date: Sun, 29 Oct 2023 15:17:19 -0700 Subject: [PATCH 2/4] dockerignore build directory --- .dockerignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..378eac25 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +build From 608ee6920f2d6034fbb5e1746f0adc6f7e3d5c64 Mon Sep 17 00:00:00 2001 From: Tyler Lentz Date: Sun, 29 Oct 2023 15:18:48 -0700 Subject: [PATCH 3/4] add extensions to dockerfile; move username login to before copy/paste --- .devcontainer/Dockerfile | 5 +++-- .devcontainer/devcontainer.json | 11 ++++++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 6ad973d6..c55cbc96 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -39,6 +39,9 @@ RUN apt-get update \ && rm /tmp/cmake-install.sh \ && ln -s /opt/cmake-3.24.1/bin/* /usr/local/bin +# login as non-root user +USER $USERNAME + WORKDIR /obcpp COPY . /obcpp @@ -49,8 +52,6 @@ WORKDIR /obcpp/build # RUN make obcpp # parallelize this -# login as non-root user -USER $USERNAME # CMD ["/obcpp/build/bin/obcpp"] diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 9d7f18eb..b103416d 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -11,7 +11,16 @@ "settings": { // Use bash instead of sh "terminal.integrated.defaultProfile.linux": "bash" - } + }, + "extensions": [ + "shd101wyy.markdown-preview-enhanced", + "ms-vscode.cpptools", + "nick-dimeglio.family-guy-funny-moments", // ඞ + "twxs.cmake" + ] } } + + // Use 'postCreateCommand' to run commands after the container is created. + // "postCreateCommand": "" } From fffacc77128f1dc14d39e16d7a74e231807cc541 Mon Sep 17 00:00:00 2001 From: Tyler Lentz Date: Sun, 29 Oct 2023 22:29:15 +0000 Subject: [PATCH 4/4] remove copy files because they are not needed for devcontainer --- .devcontainer/Dockerfile | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index c55cbc96..488202ef 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -29,6 +29,7 @@ RUN apt-get update \ # TODO: is it possible to save the built opencv in the docker build? Need to see what cmake keeps checking and wasting time on. +# Download latest CMake from their repositories RUN apt-get update \ && rm -rf /var/lib/apt/lists/* \ && wget https://github.com/Kitware/CMake/releases/download/v3.27.7/cmake-3.27.7-linux-x86_64.sh \ @@ -40,26 +41,4 @@ RUN apt-get update \ && ln -s /opt/cmake-3.24.1/bin/* /usr/local/bin # login as non-root user -USER $USERNAME - -WORKDIR /obcpp - -COPY . /obcpp - -WORKDIR /obcpp/build - -# RUN cmake .. - -# RUN make obcpp # parallelize this - - -# CMD ["/obcpp/build/bin/obcpp"] - -# docker build - < Dockerfile -# docker build -t "test" . -# docker run -it --rm test - -# https://www.jmoisio.eu/en/blog/2020/06/01/building-cpp-containers-using-docker-and-cmake/ -# find -name "*Cache.txt" -delete - -# TODO: this container is way too big for some reason. Refer to above blog post for staged build (may not want to do that for development tho. I am unable to get devcontainers running) +USER $USERNAME \ No newline at end of file