From 8fc48671359b41bd773177daa71448bf911d9aa4 Mon Sep 17 00:00:00 2001 From: Chuck Lantz Date: Tue, 6 Aug 2019 01:49:08 +0000 Subject: [PATCH] Default to non-root user, use latest Python 3 definition as base --- .devcontainer/Dockerfile | 60 ++++++++++++++++------------- .devcontainer/devcontainer.json | 14 +++++-- .devcontainer/requirements.txt.temp | 0 README.md | 6 ++- 4 files changed, 49 insertions(+), 31 deletions(-) delete mode 100644 .devcontainer/requirements.txt.temp diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index c2f8464..e5beaa7 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,36 +1,42 @@ -#----------------------------------------------------------------------------------------- +#------------------------------------------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See LICENSE in the project root for license information. -#----------------------------------------------------------------------------------------- +# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information. +#------------------------------------------------------------------------------------------------------------- FROM python:3 -# Install pylint -RUN pip install pylint - -# Configure apt +# Avoid warnings by switching to noninteractive ENV DEBIAN_FRONTEND=noninteractive + +# Or your actual UID, GID on Linux if not the default 1000 +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + +# Configure apt and install packages RUN apt-get update \ - && apt-get -y install --no-install-recommends apt-utils 2>&1 - -# Install git, process tools, lsb-release (common in install instructions for CLIs) -RUN apt-get -y install git procps lsb-release - -# Install any missing dependencies for enhanced language service -RUN apt-get install -y libicu[0-9][0-9] - -RUN mkdir /workspace -WORKDIR /workspace - -# Install Python dependencies from requirements.txt if it exists -COPY .devcontainer/requirements.txt.temp requirements.txt* /workspace/ -RUN if [ -f "requirements.txt" ]; then pip install -r requirements.txt && rm requirements.txt*; fi - -# Clean up -RUN apt-get autoremove -y \ + && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \ + # + # Verify git, process tools, lsb-release (common in install instructions for CLIs) installed + && apt-get -y install git procps lsb-release \ + # + # Install pylint + && pip --disable-pip-version-check --no-cache-dir install pylint \ + # + # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + # [Optional] Add sudo support for non-root user + && apt-get install -y sudo \ + && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + && chmod 0440 /etc/sudoers.d/$USERNAME \ + # + # Clean up + && apt-get autoremove -y \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* -ENV DEBIAN_FRONTEND=dialog -# Set the default shell to bash rather than sh -ENV SHELL /bin/bash +# Switch back to dialog for any ad-hoc use of apt-get +ENV DEBIAN_FRONTEND= + + diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index ff9adb8..3e18e52 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -2,11 +2,19 @@ "name": "Python Sample", "dockerFile": "Dockerfile", "appPort": 9000, - "context": "..", "extensions": [ "ms-python.python" ], "settings": { - "python.pythonPath": "/usr/local/bin/python" - } + "python.pythonPath": "/usr/local/bin/python", + "python.linting.pylintEnabled": true, + "python.linting.pylintPath": "/usr/local/bin/pylint", + "python.linting.enabled": true + }, + "postCreateCommand": "sudo pip install -r requirements.txt", + // Comment out the next line to run as root instead. Linux users, + // update Dockerfile with your user's UID/GID if not 1000. + "runArgs": [ "-u", "vscode" ] +} + } diff --git a/.devcontainer/requirements.txt.temp b/.devcontainer/requirements.txt.temp deleted file mode 100644 index e69de29..0000000 diff --git a/README.md b/README.md index 19a36f9..c6638aa 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,9 @@ Follow these steps to open this sample in a container: 1. If this is your first time using a development container, please follow the [getting started steps](https://aka.ms/vscode-remote/containers/getting-started). -2. If you're not yet in a development container: +2. **Linux users:** Update `USER_UID` and `USER_GID` in `.devcontainer/Dockerfile` with your user UID/GID if not 1000 to avoid creating files as root. + +3. If you're not yet in a development container: - Clone this repository. - Press F1 and select the **Remote-Containers: Open Folder in Container...** command. - Select the cloned copy of this folder, wait for the container to start, and try things out! @@ -19,6 +21,8 @@ Follow these steps to open this sample in a container: Once you have this sample opened in a container, you'll be able to work with it like you would locally. +> **Note:** This container runs as a non-root user with sudo access by default. Comment out `"runArgs": ["-u", "vscode"]` in `.devcontainer/devcontainer.json` if you'd prefer to run as root. + Some things to try: 1. **Edit:**