5

I am using VScode on macOS and are exploring dev containers to use for development to encapsulate all dependencies required to build my Go project. I created a dev container from my existing local Git repository and installed Ubuntu with Python and Go dependencies.

If I understand correctly, but local Git repository will be obsolete and my entire project will be moved into a container. How do I setup Git in that case? it is installed but doesn't have access to my local ~/.ssh or ~/.gnupg directory.

The VScode documentation has a page called Sharing Git credentials with your container and states it should work out of the box:

The Dev Containers extension provides out of the box support for using local Git credentials from inside a container. In this section, we'll walk through the two supported options.

My local .gitconfig has set user, email and signingkey. Still a push and pull within the container leads to:

[email protected]: Permission denied (publickey).

fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

Can anyone help me?

Improve this question

2 Answers 2

Reset to default
1

I discovered via this answer that the setting terminal.integrated.inheritEnv must be set to true for the agent forwarding to work correctly.

Without this setting the SSH_AUTH_SOCK environment variable is not set in the devcontainer. After enabling Inherit Env and reopening the project in the devcontainer SSH_AUTH_SOCK should look something like: /tmp/vscode-ssh-auth-7c68defd-3baf-4a17-83e0-b4bc9d31eb12.sock

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The issue is that vscode is forwarding the agent to devcontainer, but not the gpg.conf and gpg-agent.conf, so I added a mount for the local .gnupg dir to devcontainer like:

"mounts": [
    "source=/home/${localEnv:USER}/.gnupg,target=/home/vscode/.gnupg,type=bind,consistency=cached"
],

Installed gnupg2 and pinentry-curses in devcontainer (Dockerfile)

And finally made sure the following exists in gpg.conf and gpg-agent.conf:

gpg.conf:

pinentry-mode loopback

gpg-agent.conf:

default-cache-ttl 360000
max-cache-ttl 720000
default-cache-ttl-ssh 60480000
max-cache-ttl-ssh 60480000
allow-loopback-pinentry
pinentry-program /usr/bin/pinentry-curses

The setup of gpg.conf and gpg-agent.conf can be done for example in a devcontainer setup script through the initializeCommand where you can make sure no existing lines are overwritten.

Caching makes sure you don't have to enter your password every time and pinentry-program will make sure that the password prompt is taking place inside the integrated terminal and not a GUI window pop up.

An alternative approach without the mount would be to use gpg --import

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.