4

Background

I have a git repository with a Dockerfile inside as well as entrypoint.sh script.
It is set to build a development container with a non-root user, see a (minimal, simplified) example below:

Dockerfile:

FROM bitnami/minideb:bullseye
ENV LANG C.UTF-8
COPY entrypoint.sh /bin/entrypoint.sh
RUN /bin/bash -c "chmod +x /bin/entrypoint.sh"
ENTRYPOINT ["/bin/entrypoint.sh"]
CMD ["/bin/bash"]

Entrypoint:

#!/bin/bash

ID=${HOSTUID:-9001}
useradd --shell /bin/bash -u $ID -o -c "" -m user
export HOME=/home/user
exec /usr/sbin/gosu user "$@"

This works well on my local machine where I can build a container and then docker exec interactively a bash shell to operate/test inside with docker exec -it {NAME} bash,

Question

I have recently noticed a raise of the devcontainer standard which is used by GitHub Codespaces as well as DevPod and I wanted to add a devcontainer.json file to my repository so that I can start an in-browser VS Code instance which runs inside my container (based on the two files above).

My JSON configuration:

{

    "name": "dev",

    "build": {
        "dockerfile": "../Dockerfile"
    },

    "customizations": {
        "codespaces": {
            "openFiles": []
        }
    }

}

However, whenever I start a new instance of the development environment I can check in the terminal inside that I am still root, not user. I checked with cat /etc/passwd that the latter is not even created, which suggests to me that the entrypoint script was not executed.

Could someone please let me know how should I set up the devcontainer.json file so that the terminal inside the development environment is the same as when building the container manually?

PS:

All this is based on a public repo of mine: https://github.com/AngryMaciek/hypercomplex.
Feel free to fork it and test possible solutions yourselves with Codespaces.

Improve this question
2
  • That entrypoint script doesn't really seem to do anything; there's no requirement that a user actually be present in /etc/passwd. I might delete that script and use the Dockerfile USER directive (or a docker run -u option or similar runtime equivalent) to specify the user. Commented Mar 16, 2024 at 13:41
  • @DavidMaze In this simplified example this might be the case, however I have another repository with a larger entrypoint script and there I need to get it working too. Commented Mar 16, 2024 at 13:43

1 Answer 1

Reset to default
2

I'm using a response from Pascal at loft which I do believe has a good answer for what it seems you're looking for

It looks like the Dockerfiles are only used for the build aspect of the process. If you want to achieve something similar to entrypoint with the devcontainer.json spec, take a look at lifecycle scripts at https://containers.dev/implementors/json_reference/#lifecycle-scripts

In this case I think you're wanting to use the onCreateCommand :)

Adding a bit more context here - as with most things "it depends" but here's a few examples and things to think about

  1. for user related items specifically you may want to look at https://code.visualstudio.com/remote/advancedcontainers/add-nonroot-user - there's a decent amount of gotchas with volumes and what not to keep in mind

  2. for running a script style for the hooks you can try something like

    { "image": "mcr.microsoft.com/devcontainers/base:bullseye", "postCreateCommand": "entrypoint.sh" }

That being said it's going to depend on what's launching the devcontainer and how mature the implementation is. Obviously VSCode is going to be a bit ahead of the rest.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

OK, thanks a lot. But this is more of a suggestion, in order for me to accept a SO answer you would need to provide me the exact syntax in the JSON, please :)
@maciek I added a quick code example although it would be more for running scripts in general. When you get into user space I would look at the gotchas with the add-nonroot-user link since it's really going to depend on where/what you're trying to do with it.
Thank you very much but I am still getting errors with your suggestion. Until you provide me with a working solution I cannot accept an answer....
Did you get this to work?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.