From bf22227fe3e73c0d79ff7fe30fba4263e685fbd3 Mon Sep 17 00:00:00 2001
From: "Xuefeng Ding (IHEP)" <dingxf@ihep.ac.cn>
Date: Thu, 5 Dec 2024 02:43:21 +0800
Subject: [PATCH] both fixed
---
.devcontainer/install_zsh.sh | 177 +++---------------
.devcontainer/non-root-user/Dockerfile | 38 ++++
.devcontainer/non-root-user/devcontainer.json | 9 +
.devcontainer/root-user/Dockerfile | 25 +--
.devcontainer/root-user/devcontainer.json | 2 +-
README.md | 5 +
6 files changed, 90 insertions(+), 166 deletions(-)
create mode 100644 .devcontainer/non-root-user/Dockerfile
create mode 100644 .devcontainer/non-root-user/devcontainer.json
diff --git a/.devcontainer/install_zsh.sh b/.devcontainer/install_zsh.sh
index dd88d0a..bc2f433 100755
--- a/.devcontainer/install_zsh.sh
+++ b/.devcontainer/install_zsh.sh
@@ -15,17 +15,6 @@ INSTALL_ZSH="true"
USERNAME=$(whoami)
INSTALL_OH_MYS="true"
-if [ "$(id -u)" -ne 0 ]; then
- echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
- exit 1
-fi
-
-# Add sudo support for non-root user
-if [ "${USERNAME}" != "root" ]; then
- echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME
- chmod 0440 /etc/sudoers.d/$USERNAME
-fi
-
# ** Shell customization section **
if [ "${USERNAME}" = "root" ]; then
user_rc_path="/root"
@@ -33,101 +22,6 @@ else
user_rc_path="/home/${USERNAME}"
fi
-# .bashrc/.zshrc snippet
-rc_snippet="$(cat << 'EOF'
-
-if [ -z "${USER}" ]; then export USER=$(whoami); fi
-if [[ "${PATH}" != *"$HOME/.local/bin"* ]]; then export PATH="${PATH}:$HOME/.local/bin"; fi
-
-# Display optional first run image specific notice if configured and terminal is interactive
-if [ -t 1 ] && [[ "${TERM_PROGRAM}" = "vscode" || "${TERM_PROGRAM}" = "codespaces" ]] && [ ! -f "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed" ]; then
- if [ -f "/usr/local/etc/vscode-dev-containers/first-run-notice.txt" ]; then
- cat "/usr/local/etc/vscode-dev-containers/first-run-notice.txt"
- elif [ -f "/workspaces/.codespaces/shared/first-run-notice.txt" ]; then
- cat "/workspaces/.codespaces/shared/first-run-notice.txt"
- fi
- mkdir -p "$HOME/.config/vscode-dev-containers"
- # Mark first run notice as displayed after 10s to avoid problems with fast terminal refreshes hiding it
- ((sleep 10s; touch "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed") &)
-fi
-
-# Set the default git editor if not already set
-if [ -z "$(git config --get core.editor)" ] && [ -z "${GIT_EDITOR}" ]; then
- if [ "${TERM_PROGRAM}" = "vscode" ]; then
- if [[ -n $(command -v code-insiders) && -z $(command -v code) ]]; then
- export GIT_EDITOR="code-insiders --wait"
- else
- export GIT_EDITOR="code --wait"
- fi
- fi
-fi
-
-EOF
-)"
-
-# code shim, it fallbacks to code-insiders if code is not available
-cat << 'EOF' > /usr/local/bin/code
-#!/bin/sh
-
-get_in_path_except_current() {
- which -a "$1" | grep -A1 "$0" | grep -v "$0"
-}
-
-code="$(get_in_path_except_current code)"
-
-if [ -n "$code" ]; then
- exec "$code" "$@"
-elif [ "$(command -v code-insiders)" ]; then
- exec code-insiders "$@"
-else
- echo "code or code-insiders is not installed" >&2
- exit 127
-fi
-EOF
-chmod +x /usr/local/bin/code
-
-# systemctl shim - tells people to use 'service' if systemd is not running
-cat << 'EOF' > /usr/local/bin/systemctl
-#!/bin/sh
-set -e
-if [ -d "/run/systemd/system" ]; then
- exec /bin/systemctl "$@"
-else
- echo '\n"systemd" is not running in this container due to its overhead.\nUse the "service" command to start services instead. e.g.: \n\nservice --status-all'
-fi
-EOF
-chmod +x /usr/local/bin/systemctl
-
-# Codespaces bash and OMZ themes - partly inspired by https://github.com/ohmyzsh/ohmyzsh/blob/master/themes/robbyrussell.zsh-theme
-codespaces_bash="$(cat \
-<<'EOF'
-
-# Codespaces bash prompt theme
-__bash_prompt() {
- local userpart='`export XIT=$? \
- && [ ! -z "${GITHUB_USER}" ] && echo -n "\[\033[0;32m\]@${GITHUB_USER} " || echo -n "\[\033[0;32m\]\u " \
- && [ "$XIT" -ne "0" ] && echo -n "\[\033[1;31m\]鉃�" || echo -n "\[\033[0m\]鉃�"`'
- local gitbranch='`\
- if [ "$(git config --get codespaces-theme.hide-status 2>/dev/null)" != 1 ]; then \
- export BRANCH=$(git symbolic-ref --short HEAD 2>/dev/null || git rev-parse --short HEAD 2>/dev/null); \
- if [ "${BRANCH}" != "" ]; then \
- echo -n "\[\033[0;36m\](\[\033[1;31m\]${BRANCH}" \
- && if git ls-files --error-unmatch -m --directory --no-empty-directory -o --exclude-standard ":/*" > /dev/null 2>&1; then \
- echo -n " \[\033[1;33m\]鉁�"; \
- fi \
- && echo -n "\[\033[0;36m\]) "; \
- fi; \
- fi`'
- local lightblue='\[\033[1;34m\]'
- local removecolor='\[\033[0m\]'
- PS1="${userpart} ${lightblue}\w ${gitbranch}${removecolor}\$ "
- unset -f __bash_prompt
-}
-__bash_prompt
-
-EOF
-)"
-
codespaces_zsh="$(cat \
<<'EOF'
# Codespaces zsh prompt theme
@@ -153,54 +47,29 @@ __zsh_prompt
EOF
)"
-# Add RC snippet and custom bash prompt
-if [ "${RC_SNIPPET_ALREADY_ADDED}" != "true" ]; then
- echo "${rc_snippet}" >> /etc/bash.bashrc
- echo "${codespaces_bash}" >> "${user_rc_path}/.bashrc"
- echo 'export PROMPT_DIRTRIM=4' >> "${user_rc_path}/.bashrc"
- if [ "${USERNAME}" != "root" ]; then
- echo "${codespaces_bash}" >> "/root/.bashrc"
- echo 'export PROMPT_DIRTRIM=4' >> "/root/.bashrc"
- fi
- chown ${USERNAME}:${group_name} "${user_rc_path}/.bashrc"
- RC_SNIPPET_ALREADY_ADDED="true"
-fi
-
-# Optionally install and configure zsh and Oh My Zsh!
-if [ "${INSTALL_ZSH}" = "true" ]; then
- if ! type zsh > /dev/null 2>&1; then
- dnf install -y zsh
- fi
-
- # Adapted, simplified inline Oh My Zsh! install steps that adds, defaults to a codespaces theme.
- # See https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh for official script.
- oh_my_install_dir="${user_rc_path}/.oh-my-zsh"
- if [ ! -d "${oh_my_install_dir}" ] && [ "${INSTALL_OH_MYS}" = "true" ]; then
- template_path="${oh_my_install_dir}/templates/zshrc.zsh-template"
- user_rc_file="${user_rc_path}/.zshrc"
- umask g-w,o-w
- mkdir -p ${oh_my_install_dir}
- git clone --depth=1 \
- -c core.eol=lf \
- -c core.autocrlf=false \
- -c fsck.zeroPaddedFilemode=ignore \
- -c fetch.fsck.zeroPaddedFilemode=ignore \
- -c receive.fsck.zeroPaddedFilemode=ignore \
- "https://mirrors.tuna.tsinghua.edu.cn/git/ohmyzsh.git" "${oh_my_install_dir}" 2>&1
- echo -e "$(cat "${template_path}")\nDISABLE_AUTO_UPDATE=true\nDISABLE_UPDATE_PROMPT=true" > ${user_rc_file}
- sed -i -e 's/ZSH_THEME=.*/ZSH_THEME="codespaces"/g' ${user_rc_file}
-
- mkdir -p ${oh_my_install_dir}/custom/themes
- echo "${codespaces_zsh}" > "${oh_my_install_dir}/custom/themes/codespaces.zsh-theme"
- # Shrink git while still enabling updates
- cd "${oh_my_install_dir}"
- git repack -a -d -f --depth=1 --window=1
- # Copy to non-root user if one is specified
- if [ "${USERNAME}" != "root" ]; then
- cp -rf "${user_rc_file}" "${oh_my_install_dir}" /root
- chown -R ${USERNAME}:${group_name} "${user_rc_path}"
- fi
- fi
+# Adapted, simplified inline Oh My Zsh! install steps that adds, defaults to a codespaces theme.
+# See https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh for official script.
+oh_my_install_dir="${user_rc_path}/.oh-my-zsh"
+template_path="${oh_my_install_dir}/templates/zshrc.zsh-template"
+user_rc_file="${user_rc_path}/.zshrc"
+if [ ! -d "${oh_my_install_dir}" ] && [ "${INSTALL_OH_MYS}" = "true" ]; then
+ umask g-w,o-w
+ mkdir -p ${oh_my_install_dir}
+ git clone --depth=1 \
+ -c core.eol=lf \
+ -c core.autocrlf=false \
+ -c fsck.zeroPaddedFilemode=ignore \
+ -c fetch.fsck.zeroPaddedFilemode=ignore \
+ -c receive.fsck.zeroPaddedFilemode=ignore \
+ "https://mirrors.tuna.tsinghua.edu.cn/git/ohmyzsh.git" "${oh_my_install_dir}" 2>&1
+
+ mkdir -p ${oh_my_install_dir}/custom/themes
+ echo "${codespaces_zsh}" > "${oh_my_install_dir}/custom/themes/codespaces.zsh-theme"
+ # Shrink git while still enabling updates
+ cd "${oh_my_install_dir}"
+ git repack -a -d -f --depth=1 --window=1
fi
+echo -e "$(cat "${template_path}")\nDISABLE_AUTO_UPDATE=true\nDISABLE_UPDATE_PROMPT=true" > ${user_rc_file}
+sed -i -e 's/ZSH_THEME=.*/ZSH_THEME="codespaces"/g' ${user_rc_file}
echo "Done!"
diff --git a/.devcontainer/non-root-user/Dockerfile b/.devcontainer/non-root-user/Dockerfile
new file mode 100644
index 0000000..db0867d
--- /dev/null
+++ b/.devcontainer/non-root-user/Dockerfile
@@ -0,0 +1,38 @@
+# Use AlmaLinux 9 base image
+FROM almalinux:9
+
+RUN useradd -m vscode
+
+RUN dnf --best --assumeyes update \
+ && dnf -y install \
+ python3.11 \
+ python3.11-pip \
+ gcc \
+ make \
+ cmake \
+ git \
+ zsh \
+ which \
+ util-linux-user \
+ && dnf clean all \
+ && chsh -s /bin/zsh vscode
+
+
+WORKDIR /workspaces
+USER vscode
+
+RUN python3.11 -m venv /workspaces/.venv
+
+COPY requirements.txt /workspaces/requirements.txt
+COPY requirements-dev.txt /workspaces/requirements-dev.txt
+COPY .devcontainer/install_zsh.sh /workspaces/install_zsh.sh
+
+RUN /workspaces/install_zsh.sh
+
+RUN echo 'source /workspaces/.venv/bin/activate' >> ~/.zshrc \
+ && source /workspaces/.venv/bin/activate \
+ && pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple \
+ && pip install --upgrade pip \
+ && pip install -r requirements-dev.txt
+
+RUN rm -rf /workspaces/requirements.txt /workspaces/requirements-dev.txt /workspaces/install_zsh.sh
diff --git a/.devcontainer/non-root-user/devcontainer.json b/.devcontainer/non-root-user/devcontainer.json
new file mode 100644
index 0000000..d1b86f8
--- /dev/null
+++ b/.devcontainer/non-root-user/devcontainer.json
@@ -0,0 +1,9 @@
+{
+ "name": "Alma9 (vscode)",
+ "build": {
+ "dockerfile": "./Dockerfile",
+ "context": "../.."
+ },
+ "runArgs": ["--userns=keep-id"], // needed for podman
+ "remoteUser": "vscode"
+}
diff --git a/.devcontainer/root-user/Dockerfile b/.devcontainer/root-user/Dockerfile
index 90088e2..d3e9f91 100644
--- a/.devcontainer/root-user/Dockerfile
+++ b/.devcontainer/root-user/Dockerfile
@@ -1,8 +1,7 @@
# Use AlmaLinux 9 base image
FROM almalinux:9
-# /vscode is the magic folder
-WORKDIR /vscode
+WORKDIR /workspaces
RUN dnf --best --assumeyes update \
&& dnf -y install \
@@ -12,21 +11,25 @@ RUN dnf --best --assumeyes update \
make \
cmake \
git \
- && dnf clean all
+ zsh \
+ which \
+ util-linux-user \
+ && dnf clean all \
+ && chsh -s /bin/zsh root
-RUN python3.11 -m venv /vscode/.venv
+RUN python3.11 -m venv /workspaces/.venv
-COPY requirements.txt /vscode/requirements.txt
-COPY requirements-dev.txt /vscode/requirements-dev.txt
-COPY .devcontainer/install_zsh.sh /vscode/install_zsh.sh
+COPY requirements.txt /workspaces/requirements.txt
+COPY requirements-dev.txt /workspaces/requirements-dev.txt
+COPY .devcontainer/install_zsh.sh /workspaces/install_zsh.sh
-RUN /vscode/install_zsh.sh
+RUN /workspaces/install_zsh.sh
-RUN echo 'source /vscode/.venv/bin/activate' > ~/.bash_profile \
- && source /vscode/.venv/bin/activate \
+RUN echo 'source /workspaces/.venv/bin/activate' >> ~/.zshrc \
+ && source /workspaces/.venv/bin/activate \
&& pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple \
&& pip install --upgrade pip \
&& pip install -r requirements-dev.txt
-RUN rm -rf /vscode/requirements.txt /vscode/requirements-dev.txt /vscode/install_zsh.sh
+RUN rm -rf /workspaces/requirements.txt /workspaces/requirements-dev.txt /workspaces/install_zsh.sh
diff --git a/.devcontainer/root-user/devcontainer.json b/.devcontainer/root-user/devcontainer.json
index 7fef058..882b69a 100644
--- a/.devcontainer/root-user/devcontainer.json
+++ b/.devcontainer/root-user/devcontainer.json
@@ -1,5 +1,5 @@
{
- "name": "AlmaLinux 9",
+ "name": "Alma9 (root)",
"build": {
"dockerfile": "./Dockerfile",
"context": "../.."
diff --git a/README.md b/README.md
index 69372fe..ac2c47c 100644
--- a/README.md
+++ b/README.md
@@ -311,3 +311,8 @@ repos:
- pylint, replaced by ruff-lint
- black, replaced by ruff-format
- mypy, replaced by pyright
+
+## devcontainer
+
+- with podman, it can be run in rootless mode
+- podman + root inside and rootless (vscode) inside need different configurations
--
GitLab