Skip to content

Commit

Permalink
Merge branch 'main' into fix/node_issues
Browse files Browse the repository at this point in the history
  • Loading branch information
samruddhikhandale authored Sep 25, 2024
2 parents a9247d8 + 5077a2c commit f99b1ec
Show file tree
Hide file tree
Showing 25 changed files with 514 additions and 147 deletions.
1 change: 1 addition & 0 deletions src/docker-in-docker/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ Create child containers *inside* a container, independent from the host's docker
| dockerDefaultAddressPool | Define default address pools for Docker networks. e.g. base=192.168.0.0/16,size=24 | string | - |
| installDockerBuildx | Install Docker Buildx | boolean | true |
| installDockerComposeSwitch | Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter. | boolean | true |
| disableIp6tables | Disable ip6tables (this option is only applicable for Docker versions 27 and greater) | boolean | false |

## Customizations

Expand Down
7 changes: 6 additions & 1 deletion src/docker-in-docker/devcontainer-feature.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"id": "docker-in-docker",
"version": "2.11.0",
"version": "2.12.0",
"name": "Docker (Docker-in-Docker)",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/docker-in-docker",
"description": "Create child containers *inside* a container, independent from the host's docker instance. Installs Docker extension in the container along with needed CLIs.",
Expand Down Expand Up @@ -55,6 +55,11 @@
"type": "boolean",
"default": true,
"description": "Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter."
},
"disableIp6tables": {
"type": "boolean",
"default": false,
"description": "Disable ip6tables (this option is only applicable for Docker versions 27 and greater)"
}
},
"entrypoint": "/usr/local/share/docker-init.sh",
Expand Down
23 changes: 21 additions & 2 deletions src/docker-in-docker/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"true"}"
MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft.asc"
DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal jammy noble"
DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal hirsute impish jammy noble"
DISABLE_IP6_TABLES="${DISABLEIP6TABLES:-false}"

# Default: Exit on any failure.
set -e
Expand Down Expand Up @@ -468,6 +469,23 @@ if [ "${INSTALL_DOCKER_BUILDX}" = "true" ]; then
find "${docker_home}" -type d -print0 | xargs -n 1 -0 chmod g+s
fi

DOCKER_DEFAULT_IP6_TABLES=""
if [ "$DISABLE_IP6_TABLES" == true ]; then
requested_version=""
# checking whether the version requested either is in semver format or just a number denoting the major version
# and, extracting the major version number out of the two scenarios
semver_regex="^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-([0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*))?(\+([0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*))?$"
if echo "$DOCKER_VERSION" | grep -Eq $semver_regex; then
requested_version=$(echo $DOCKER_VERSION | cut -d. -f1)
elif echo "$DOCKER_VERSION" | grep -Eq "^[1-9][0-9]*$"; then
requested_version=$DOCKER_VERSION
fi
if [ "$DOCKER_VERSION" = "latest" ] || [[ -n "$requested_version" && "$requested_version" -ge 27 ]] ; then
DOCKER_DEFAULT_IP6_TABLES="--ip6tables=false"
echo "(!) As requested, passing '${DOCKER_DEFAULT_IP6_TABLES}'"
fi
fi

tee /usr/local/share/docker-init.sh > /dev/null \
<< EOF
#!/bin/sh
Expand All @@ -480,11 +498,12 @@ set -e
AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION}
DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL}
DOCKER_DEFAULT_IP6_TABLES=${DOCKER_DEFAULT_IP6_TABLES}
EOF

tee -a /usr/local/share/docker-init.sh > /dev/null \
<< 'EOF'
dockerd_start="AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION} DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL} $(cat << 'INNEREOF'
dockerd_start="AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION} DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL} DOCKER_DEFAULT_IP6_TABLES=${DOCKER_DEFAULT_IP6_TABLES} $(cat << 'INNEREOF'
# explicitly remove dockerd and containerd PID file to ensure that it can start properly if it was stopped uncleanly
find /run /var/run -iname 'docker*.pid' -delete || :
find /run /var/run -iname 'container*.pid' -delete || :
Expand Down Expand Up @@ -562,7 +581,7 @@ dockerd_start="AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION} DOCKER_DEFAU
fi
# Start docker/moby engine
( dockerd $CUSTOMDNS $DEFAULT_ADDRESS_POOL > /tmp/dockerd.log 2>&1 ) &
( dockerd $CUSTOMDNS $DEFAULT_ADDRESS_POOL $DOCKER_DEFAULT_IP6_TABLES > /tmp/dockerd.log 2>&1 ) &
INNEREOF
)"
Expand Down
1 change: 1 addition & 0 deletions src/docker-outside-of-docker/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ Re-use the host docker socket, adding the Docker CLI to a container. Feature inv
| mobyBuildxVersion | Install a specific version of moby-buildx when using Moby | string | latest |
| dockerDashComposeVersion | Compose version to use for docker-compose (v1 or v2 or none) | string | v2 |
| installDockerBuildx | Install Docker Buildx | boolean | true |
| installDockerComposeSwitch | Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter. | boolean | true |

## Customizations

Expand Down
7 changes: 6 additions & 1 deletion src/docker-outside-of-docker/devcontainer-feature.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"id": "docker-outside-of-docker",
"version": "1.5.0",
"version": "1.6.0",
"name": "Docker (docker-outside-of-docker)",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/docker-outside-of-docker",
"description": "Re-use the host docker socket, adding the Docker CLI to a container. Feature invokes a script to enable using a forwarded Docker socket within a container to run Docker commands.",
Expand Down Expand Up @@ -39,6 +39,11 @@
"type": "boolean",
"default": true,
"description": "Install Docker Buildx"
},
"installDockerComposeSwitch": {
"type": "boolean",
"default": true,
"description": "Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter."
}
},
"entrypoint": "/usr/local/share/docker-init.sh",
Expand Down
111 changes: 84 additions & 27 deletions src/docker-outside-of-docker/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ SOURCE_SOCKET="${SOURCE_SOCKET:-"/var/run/docker-host.sock"}"
TARGET_SOCKET="${TARGET_SOCKET:-"/var/run/docker.sock"}"
USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}"
INSTALL_DOCKER_BUILDX="${INSTALLDOCKERBUILDX:-"true"}"
INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"true"}"

MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft.asc"
DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal jammy noble"
Expand All @@ -27,6 +28,11 @@ set -e
# Clean up
rm -rf /var/lib/apt/lists/*

# Setup STDERR.
err() {
echo "(!) $*" >&2
}

if [ "$(id -u)" -ne 0 ]; then
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
exit 1
Expand Down Expand Up @@ -177,7 +183,7 @@ install_compose_switch_fallback() {
echo -e "\n(!) Failed to fetch the latest artifacts for compose-switch v${compose_switch_version}..."
get_previous_version "${compose_switch_url}" "${repo_url}" compose_switch_version
echo -e "\nAttempting to install v${compose_switch_version}"
curl -fsSL "https://github.com/docker/compose-switch/releases/download/v${compose_switch_version}/docker-compose-linux-${architecture}" -o /usr/local/bin/docker-compose
curl -fsSL "https://github.com/docker/compose-switch/releases/download/v${compose_switch_version}/docker-compose-linux-${architecture}" -o /usr/local/bin/compose-switch
}

# Ensure apt is in non-interactive to avoid prompts
Expand Down Expand Up @@ -273,6 +279,19 @@ if [ "${USE_MOBY}" = "true" ]; then
fi
fi


docker_home="/usr/libexec/docker"
cli_plugins_dir="${docker_home}/cli-plugins"

install_compose_fallback(){
local url=$1
local repo_url=$(get_github_api_repo_url "$url")
echo -e "\n(!) Failed to fetch the latest artifacts for docker-compose v${compose_version}..."
get_previous_version "${url}" "${repo_url}" compose_version
echo -e "\nAttempting to install v${compose_version}"
curl -fsSL "https://github.com/docker/compose/releases/download/v${compose_version}/docker-compose-linux-${target_compose_arch}" -o ${docker_compose_path}
}

# Install Docker / Moby CLI if not already installed
if type docker > /dev/null 2>&1; then
echo "Docker / Moby CLI already installed."
Expand Down Expand Up @@ -302,44 +321,82 @@ fi

# If 'docker-compose' command is to be included
if [ "${DOCKER_DASH_COMPOSE_VERSION}" != "none" ]; then
case "${architecture}" in
amd64) target_compose_arch=x86_64 ;;
arm64) target_compose_arch=aarch64 ;;
*)
echo "(!) Docker outside of docker does not support machine architecture '$architecture'. Please use an x86-64 or ARM64 machine."
exit 1
esac
docker_compose_path="/usr/local/bin/docker-compose"
# Install Docker Compose if not already installed and is on a supported architecture
if type docker-compose > /dev/null 2>&1; then
echo "Docker Compose already installed."
elif [ "${DOCKER_DASH_COMPOSE_VERSION}" = "v1" ]; then
TARGET_COMPOSE_ARCH="$(uname -m)"
if [ "${TARGET_COMPOSE_ARCH}" = "amd64" ]; then
TARGET_COMPOSE_ARCH="x86_64"
fi
if [ "${TARGET_COMPOSE_ARCH}" != "x86_64" ]; then
err "The final Compose V1 release, version 1.29.2, was May 10, 2021. These packages haven't received any security updates since then. Use at your own risk."
INSTALL_DOCKER_COMPOSE_SWITCH="false"

if [ "${target_compose_arch}" = "x86_64" ]; then
echo "(*) Installing docker compose v1..."
curl -fsSL "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64" -o ${docker_compose_path}
chmod +x ${docker_compose_path}

# Download the SHA256 checksum
DOCKER_COMPOSE_SHA256="$(curl -sSL "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64.sha256" | awk '{print $1}')"
echo "${DOCKER_COMPOSE_SHA256} ${docker_compose_path}" > docker-compose.sha256sum
sha256sum -c docker-compose.sha256sum --ignore-missing
elif [ "${VERSION_CODENAME}" = "bookworm" ]; then
err "Docker compose v1 is unavailable for 'bookworm' on Arm64. Kindly switch to use v2"
exit 1
else
# Use pip to get a version that runs on this architecture
check_packages python3-minimal python3-pip libffi-dev python3-venv
export PIPX_HOME=/usr/local/pipx
mkdir -p ${PIPX_HOME}
export PIPX_BIN_DIR=/usr/local/bin
export PYTHONUSERBASE=/tmp/pip-tmp
export PIP_CACHE_DIR=/tmp/pip-tmp/cache
pipx_bin=pipx
if ! type pipx > /dev/null 2>&1; then
pip3 install --disable-pip-version-check --no-cache-dir --user pipx
pipx_bin=/tmp/pip-tmp/bin/pipx
fi
${pipx_bin} install --pip-args '--no-cache-dir --force-reinstall' docker-compose
rm -rf /tmp/pip-tmp
else
compose_v1_version="1"
find_version_from_git_tags compose_v1_version "https://github.com/docker/compose" "tags/"
echo "(*) Installing docker-compose ${compose_v1_version}..."
curl -fsSL "https://github.com/docker/compose/releases/download/${compose_v1_version}/docker-compose-Linux-x86_64" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
echo "(*) Installing docker compose v1 via pip..."
export PYTHONUSERBASE=/usr/local
pip3 install --disable-pip-version-check --no-cache-dir --user "Cython<3.0" pyyaml wheel docker-compose --no-build-isolation
fi
else
echo "(*) Installing compose-switch as docker-compose..."
compose_version=${DOCKER_DASH_COMPOSE_VERSION#v}
docker_compose_url="https://github.com/docker/compose"
find_version_from_git_tags compose_version "$docker_compose_url" "tags/v"
echo "(*) Installing docker-compose ${compose_version}..."
curl -fsSL "https://github.com/docker/compose/releases/download/v${compose_version}/docker-compose-linux-${target_compose_arch}" -o ${docker_compose_path} || {
if [[ $DOCKER_DASH_COMPOSE_VERSION == "latest" ]]; then
install_compose_fallback "$docker_compose_url" "$compose_version" "$target_compose_arch" "$docker_compose_path"
else
echo -e "Error: Failed to install docker-compose v${compose_version}"
fi
}
chmod +x ${docker_compose_path}

# Download the SHA256 checksum
DOCKER_COMPOSE_SHA256="$(curl -sSL "https://github.com/docker/compose/releases/download/v${compose_version}/docker-compose-linux-${target_compose_arch}.sha256" | awk '{print $1}')"
echo "${DOCKER_COMPOSE_SHA256} ${docker_compose_path}" > docker-compose.sha256sum
sha256sum -c docker-compose.sha256sum --ignore-missing

mkdir -p ${cli_plugins_dir}
cp ${docker_compose_path} ${cli_plugins_dir}
fi
fi

# Install docker-compose switch if not already installed - https://github.com/docker/compose-switch#manual-installation
if [ "${INSTALL_DOCKER_COMPOSE_SWITCH}" = "true" ] && ! type compose-switch > /dev/null 2>&1; then
if type docker-compose > /dev/null 2>&1; then
echo "(*) Installing compose-switch..."
current_compose_path="$(which docker-compose)"
target_compose_path="$(dirname "${current_compose_path}")/docker-compose-v1"
compose_switch_version="latest"
compose_switch_url="https://github.com/docker/compose-switch"
find_version_from_git_tags compose_switch_version "${compose_switch_url}"
curl -fsSL "https://github.com/docker/compose-switch/releases/download/v${compose_switch_version}/docker-compose-linux-${architecture}" -o /usr/local/bin/docker-compose || install_compose_switch_fallback "${compose_switch_url}"
chmod +x /usr/local/bin/docker-compose
curl -fsSL "https://github.com/docker/compose-switch/releases/download/v${compose_switch_version}/docker-compose-linux-${architecture}" -o /usr/local/bin/compose-switch || install_compose_switch_fallback "${compose_switch_url}"
chmod +x /usr/local/bin/compose-switch
# TODO: Verify checksum once available: https://github.com/docker/compose-switch/issues/11
# Setup v1 CLI as alternative in addition to compose-switch (which maps to v2)
mv "${current_compose_path}" "${target_compose_path}"
update-alternatives --install ${docker_compose_path} docker-compose /usr/local/bin/compose-switch 99
update-alternatives --install ${docker_compose_path} docker-compose "${target_compose_path}" 1
else
err "Skipping installation of compose-switch as docker compose is unavailable..."
fi
fi

Expand Down
2 changes: 1 addition & 1 deletion src/git-lfs/devcontainer-feature.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"id": "git-lfs",
"version": "1.2.2",
"version": "1.2.3",
"name": "Git Large File Support (LFS)",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/git-lfs",
"description": "Installs Git Large File Support (Git LFS) along with needed dependencies. Useful for base Dockerfiles that often are missing required install dependencies like git and curl.",
Expand Down
26 changes: 15 additions & 11 deletions src/git-lfs/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -62,29 +62,33 @@ find_version_from_git_tags() {

# Get the list of GPG key servers that are reachable
get_gpg_key_servers() {
declare -A keyservers_curl_map=(
["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371"
["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com"
["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371"
)

local curl_args=""
local keyserver_reachable=false # Flag to indicate if any keyserver is reachable

if [ ! -z "${KEYSERVER_PROXY}" ]; then
curl_args="--proxy ${KEYSERVER_PROXY}"
fi

for keyserver in "${!keyservers_curl_map[@]}"; do
local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
test_keyserver() {
local keyserver="$1"
local keyserver_curl_url="$2"
if curl -s ${curl_args} --max-time 5 "${keyserver_curl_url}" > /dev/null; then
echo "keyserver ${keyserver}"
keyserver_reachable=true
else
echo "(*) Keyserver ${keyserver} is not reachable." >&2
fi
done
}

# Explicitly test these in order because Bash v4.4.20 (Ubuntu Bionic)
# enumerates associative array keys in a different order than Bash v5
test_keyserver "hkp://keyserver.ubuntu.com" "http://keyserver.ubuntu.com:11371"
test_keyserver "hkp://keyserver.ubuntu.com:80" "http://keyserver.ubuntu.com"
test_keyserver "hkp://keyserver.pgp.com" "http://keyserver.pgp.com:11371"
# Test this server last because keys.openpgp.org strips user IDs from keys unless
# the owner gives permission, which causes gpg in Ubuntu Bionic to reject the key
# (https://github.com/devcontainers/features/issues/1055)
test_keyserver "hkps://keys.openpgp.org" "https://keys.openpgp.org"

if ! $keyserver_reachable; then
echo "(!) No keyserver is reachable." >&2
Expand Down
2 changes: 1 addition & 1 deletion src/java/devcontainer-feature.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"id": "java",
"version": "1.6.0",
"version": "1.6.1",
"name": "Java (via SDKMAN!)",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/java",
"description": "Installs Java, SDKMAN! (if not installed), and needed dependencies.",
Expand Down
Loading

0 comments on commit f99b1ec

Please sign in to comment.