From a90a768284a02e8e25c0236b2ca2cc9d6ffdb823 Mon Sep 17 00:00:00 2001 From: Dan Vicarel Date: Sat, 26 Feb 2022 15:46:38 -0500 Subject: [PATCH 1/6] Minor cleanup in devcontainer-features.json and READMEs VS Code automatically applied some whitespace cleanup when I opened these files. Obviously these changes aren't strictly necessary, but they seemed worthwhile. Also replaced "EG" with the correct "E.g." in the container features README, and replaced https URLs with local ones. This makes it easier to jump to those files for editing while reading the README locally. --- script-library/README.md | 3 +- script-library/container-features/README.md | 30 ++++++++++++------- .../src/devcontainer-features.json | 14 +++++---- script-library/test/regression/run-scripts.sh | 4 +-- 4 files changed, 31 insertions(+), 20 deletions(-) diff --git a/script-library/README.md b/script-library/README.md index 359d30c4a5..da11526229 100644 --- a/script-library/README.md +++ b/script-library/README.md @@ -97,7 +97,7 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ && apt-get clean -y && rm -rf /var/lib/apt/lists/* ``` -As before, the last line is technically optional, but minimizes the size of the layer by removing temporary contents. +As before, the last line is technically optional, but minimizes the size of the layer by removing temporary contents. You can also use `wget`: @@ -153,4 +153,3 @@ See [CONTRIBUTING.md](../CONTRIBUTING.md) for details on contributing definition Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License. See [LICENSE](https://github.com/microsoft/vscode-dev-containers/blob/main/LICENSE) - diff --git a/script-library/container-features/README.md b/script-library/container-features/README.md index 1f15700eaa..662a6b2ef2 100644 --- a/script-library/container-features/README.md +++ b/script-library/container-features/README.md @@ -8,7 +8,7 @@ This folder includes some explorations around dynamic container feature injectio **Registering a feature** -Create the install script in the [script-library](../../script-library/) directory with the naming convention `-.sh`. EG `python-debian.sh` or `common-alpine.sh` +Create the install script in the [script-library](../../script-library/) directory with the naming convention `-.sh`. E.g., `python-debian.sh` or `common-alpine.sh` Add a new object to the [devcontainer-features.json](../../script-library/container-features/src/devcontainer-features.json) file: @@ -16,7 +16,7 @@ Add a new object to the [devcontainer-features.json](../../script-library/contai { "id": "", // Must match the used to name the install script. "name": "Display Name of Feature", - "documentationURL": "https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/.md", + "documentationURL": "https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/.md", "options": { "scriptArgument$1": { "type": "string", // Either "string" or "boolean" @@ -31,7 +31,7 @@ Add a new object to the [devcontainer-features.json](../../script-library/contai } }, "buildArg": "_VSC_INSTALL_", // Must match the ENV VAR defined in the feature-scripts.env file. - "extensions": [], // Array of VS Code extensions to install with this feature. + "extensions": [], // Array of VS Code extensions to install with this feature. "include": [] // Array of base containers this script can be used on. } ``` @@ -43,7 +43,7 @@ _VSC_INSTALL_="-debian.sh ${_BUILD_ARG__:-_` and their default should match the declared default for that option. -- EG `_VSC_INSTALL_AZURE_CLI="azcli-debian.sh ${_BUILD_ARG_AZURE_CLI_VERSION:-latest}"` +- E.g., `_VSC_INSTALL_AZURE_CLI="azcli-debian.sh ${_BUILD_ARG_AZURE_CLI_VERSION:-latest}"` **Feature testing** @@ -59,11 +59,13 @@ _VSC_INSTALL_="-debian.sh ${_BUILD_ARG__:- `. -EG +E.g.: + ```sh runScript dotnet "3.1 true ${USERNAME} false /opt/dotnet dotnet" ``` @@ -71,9 +73,11 @@ runScript dotnet "3.1 true ${USERNAME} false /opt/dotnet dotnet" - If your script takes the installation user as an argument, be sure to specify it as ${USERNAME} in the tests for programatic testing. *Regression tests* + - Add your feature to the [test-features.env](../../script-library/container-features/test-features.env) file to include it in regression tests of the container-feature functionality. By setting the `_VSC_INSTALL_` ENV VAR to true and adding the expected _BUILD_ARG options for your feature. -EG +E.g.: + ``` _VSC_INSTALL_DOTNET=true _BUILD_ARG_DOTNET_VERSION=latest @@ -82,11 +86,12 @@ EG **Feature documentation** -Add your new feature to the list of scripts in the [script-library README.md](https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/README.md#scripts). +Add your new feature to the list of scripts in the [script-library README.md](../../script-library/README.md#scripts). + +Add documentation for your new feature script to the [script-library/docs](../../script-library/docs) directory. -Add documentation for your new feature script to the [script-library/docs](https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs) directory. +Documentation should include: -Documentation should include: - the status of the script, supported operating systems, and maintainer. - the syntax expected to run as a feature or script - a description of the script arguments @@ -97,6 +102,7 @@ Feel free to use other scripts in that directory as inspiration. ### Best practices for writing feature install scripts - Decouple sections of the shellscript that handle user setup, helper functions, and feature installation. Doing so will apply a logical and natural flow to the script for future developers and maintainers to follow. One way to denote this distinction is to use in-line comments throughout the script. + ```md # Logical flow recommended: 1. File header and description. @@ -109,6 +115,7 @@ Feel free to use other scripts in that directory as inspiration. ``` - One way to make troubleshooting the script easier when writing a bash shell script is to echo error messages to `STDERR`. A possible way we implemented this in bash scripts is to create an `err()` function like so: + ```sh # Setup STDERR. err() { @@ -119,12 +126,14 @@ Feel free to use other scripts in that directory as inspiration. ``` - If writing a bash shellscript, we recommend using double quotes and braces when referencing named variables: + ```sh variable="My example var" echo "${variable}" ``` - One method to to ensure the global space in a script is not too crowded with unnecessary variables is to assign return values from functions to a new variable, and use the keyword `local` for vars inside of functions. For example: + ```sh test_function() { local test = "hello world!" @@ -134,6 +143,7 @@ Feel free to use other scripts in that directory as inspiration. ``` - If using temporary files within the script, we recommend removing all those files once they are no longer needed. One method for doing this is running a cleanup function with a `trap` method when the script exits: + ```sh # Cleanup temporary directory and associated files when exiting the script. cleanup() { @@ -150,7 +160,7 @@ Feel free to use other scripts in that directory as inspiration. - Consider using [shellcheck](https://github.com/koalaman/shellcheck) or the [vscode-shellcheck extension](https://github.com/vscode-shellcheck/vscode-shellcheck) to apply linting and static code analysis to the bash script to ensure it is formatted correctly. -- Consider using common helper functions from [shared/utils.sh](../../script-library/shared/utils.sh) when managing common tasks (like updating PATH variables, or managing gpg keys) by copying them directly into your script. +- Consider using common helper functions from [shared/utils.sh](../../script-library/shared/utils.sh) when managing common tasks (like updating PATH variables, or managing gpg keys) by copying them directly into your script. - NOTE: This is done to minimize the impact that any change can have on existing working scripts. - Similarly, if you add a helper function to your script that could benefit others in the future, consider adding it to the `shared/utils.sh` file as well. diff --git a/script-library/container-features/src/devcontainer-features.json b/script-library/container-features/src/devcontainer-features.json index 76f6382c48..f48284234c 100644 --- a/script-library/container-features/src/devcontainer-features.json +++ b/script-library/container-features/src/devcontainer-features.json @@ -201,7 +201,7 @@ "HashiCorp.terraform", "ms-azuretools.vscode-azureterraform" ], - "settings": { + "settings": { "terraform.languageServer": { "enabled": true, "args": [] @@ -585,7 +585,8 @@ "NVM_DIR":"/usr/local/share/nvm", "NVM_SYMLINK_CURRENT": "true", "PATH": "${NVM_DIR}/current/bin:${PATH}" - }, "include": [ + }, + "include": [ "cpp", "kubernetes-helm", "kubernetes-helm-minikube", @@ -630,7 +631,7 @@ "PIPX_BIN_DIR": "/usr/local/py-utils/bin", "PATH":"${PYTHON_PATH}/bin:${PATH}:${PIPX_BIN_DIR}" }, - "settings": { + "settings": { "python.defaultInterpreterPath": "/usr/local/bin/python", "python.formatting.autopep8Path": "/usr/local/py-utils/bin/autopep8", "python.formatting.blackPath": "/usr/local/py-utils/bin/black", @@ -832,7 +833,8 @@ "containerEnv": { "SDKMAN_DIR": "/usr/local/sdkman", "PATH": "${SDKMAN_DIR}/bin:${SDKMAN_DIR}/candidates/gradle/current/bin:${PATH}" - }, "include": [ + }, + "include": [ "cpp", "kubernetes-helm", "kubernetes-helm-minikube", @@ -934,7 +936,7 @@ "mutantdino.resourcemonitor", "matklad.rust-analyzer", "tamasfe.even-better-toml", - "serayuzgur.crates" + "serayuzgur.crates" ], "containerEnv": { "CARGO_HOME": "/usr/local/cargo", @@ -1123,4 +1125,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/script-library/test/regression/run-scripts.sh b/script-library/test/regression/run-scripts.sh index 780a76fcfe..b280ec73fe 100755 --- a/script-library/test/regression/run-scripts.sh +++ b/script-library/test/regression/run-scripts.sh @@ -80,7 +80,7 @@ if [ "${DISTRO}" = "debian" ]; then runScript go "1.14 /opt/go /go ${USERNAME} false" runScript gradle "4.4 /usr/local/sdkman1 ${USERNAME} false" runScript kubectl-helm "latest latest latest" - runScript maven "3.6.3 /usr/local/sdkman3 ${USERNAME} false" + runScript maven "3.6.3 /usr/local/sdkman3 ${USERNAME} false" runScript node "/usr/local/share/nvm 10 ${USERNAME}" runScript python "3.4.10 /opt/python /opt/python-tools ${USERNAME} false false" runScript ruby "${USERNAME} false" "2.7.3" @@ -96,7 +96,7 @@ if [ "${DISTRO}" = "debian" ]; then if [ "${architecture}" = "amd64" ] || [ "${architecture}" = "x86_64" ]; then runScript homebrew "${USERNAME} false true /home/${USERNAME}/linuxbrew" fi - runScript dotnet "3.1 true ${USERNAME} false /opt/dotnet dotnet" + runScript dotnet "3.1 true ${USERNAME} false /opt/dotnet dotnet" fi if [ "${DISTRO}" != "alpine" ]; then From 4a852c2053807830767a6636f90cda462b76308c Mon Sep 17 00:00:00 2001 From: Dan Vicarel Date: Sat, 26 Feb 2022 15:48:28 -0500 Subject: [PATCH 2/6] Add a container-feature for the AWS CLI :muscle: --- script-library/README.md | 1 + script-library/awscli-debian.sh | 99 +++++++++++++++++++ .../src/devcontainer-features.json | 47 +++++++++ .../src/feature-scripts.env | 1 + script-library/docs/awscli.md | 50 ++++++++++ script-library/test/regression/run-scripts.sh | 1 + 6 files changed, 199 insertions(+) create mode 100644 script-library/awscli-debian.sh create mode 100644 script-library/docs/awscli.md diff --git a/script-library/README.md b/script-library/README.md index da11526229..cc9412945e 100644 --- a/script-library/README.md +++ b/script-library/README.md @@ -14,6 +14,7 @@ Some scripts have special installation instructions (like `desktop-lite-debian.s | Document | Script | Maintainers | |----------|--------|------------| +| [AWS CLI Install Script](docs/awscli.md) | `awscli-debian.sh` | VS Code and GitHub Codespaces teams | | [Azure CLI Install Script](docs/azcli.md) | `azcli-debian.sh` | VS Code and GitHub Codespaces teams | | [Common Script](docs/common.md) | `common-debian.sh`
`common-alpine.sh`
`common-redhat.sh` (Community) | VS Code and GitHub Codespaces teams | | [Desktop (Lightweight) Install Script](docs/desktop-lite.md) | `desktop-lite-debian.sh` | VS Code and GitHub Codespaces teams| diff --git a/script-library/awscli-debian.sh b/script-library/awscli-debian.sh new file mode 100644 index 0000000000..84495eb4ff --- /dev/null +++ b/script-library/awscli-debian.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash +#------------------------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information. +#------------------------------------------------------------------------------------------------------------- +# +# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/awscli.md +# Maintainer: The VS Code and Codespaces Teams +# +# Syntax: ./awscli-debian.sh [AWS CLI version] + +set -e + +AWSCLI_VERSION=${1:-"latest"} + +if [ "$(id -u)" -ne 0 ]; then + echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' + exit 1 +fi + +verify_aws_cli_gpg_signature() { + local filePath=$1 + local sigFilePath=$2 + + local awsCliKeyFingerprint=FB5DB77FD5C118B80511ADA8A6310ACC4672475C + local awsCliPublicKeyFile=aws-cli-public-key.pem + ( + cat < "${awsCliPublicKeyFile}" + gpg --quiet --import "${awsCliPublicKeyFile}" + + gpg --batch --quiet --verify "${sigFilePath}" "${filePath}" + local status=$? + + gpg --batch --quiet --delete-keys "${awsCliKeyFingerprint}" + rm "${awsCliPublicKeyFile}" + + return ${status} +} + +install() { + local scriptZipFile=awscli.zip + local scriptSigFile=awscli.sig + + # See Linux install docs at https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html + if [ "${AWSCLI_VERSION}" != "latest" ]; then + local versionStr=-${AWSCLI_VERSION} + fi + local scriptUrl=https://awscli.amazonaws.com/awscli-exe-linux-x86_64${versionStr}.zip + curl "${scriptUrl}" -o "${scriptZipFile}" + curl "${scriptUrl}.sig" -o "${scriptSigFile}" + + verify_aws_cli_gpg_signature "$scriptZipFile" "$scriptSigFile" + if (( $? > 0 )); then + echo "Could not verify GPG signature of AWS CLI install script. Make sure you provided a valid version." + exit 1 + fi + + unzip "${scriptZipFile}" + ./aws/install + + rm -rf ./aws +} + +echo "(*) Installing AWS CLI..." + +install + +echo "Done!" \ No newline at end of file diff --git a/script-library/container-features/src/devcontainer-features.json b/script-library/container-features/src/devcontainer-features.json index f48284234c..4e76d45dd8 100644 --- a/script-library/container-features/src/devcontainer-features.json +++ b/script-library/container-features/src/devcontainer-features.json @@ -363,6 +363,53 @@ "python-3-postgres" ] }, + { + "id": "aws-cli", + "name": "AWS CLI", + "documentationURL": "https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/awscli.md", + "options": { + "version": { + "type": "string", + "proposals": [ + "latest" + ], + "default": "latest", + "description": "Select or enter an AWS CLI version. (Available versions here: https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst)" + } + }, + "buildArg": "_VSC_INSTALL_AWS_CLI", + "extensions": [ + "AmazonWebServices.aws-toolkit-vscode" + ], + "include": [ + "cpp", + "dotnet", + "dotnet-fsharp", + "dotnet-mssql", + "kubernetes-helm", + "kubernetes-helm-minikube", + "docker-from-docker", + "docker-in-docker", + "powershell", + "java", + "go", + "php", + "ruby", + "rust", + "typescript-node", + "javascript-node", + "python-3", + "python-3-anaconda", + "python-3-miniconda", + "ubuntu", + "debian", + "javascript-node-mongo", + "javascript-node-postgres", + "php-mariadb", + "ruby-rails-postgres", + "python-3-postgres" + ] + }, { "id": "azure-cli", "name": "Azure CLI", diff --git a/script-library/container-features/src/feature-scripts.env b/script-library/container-features/src/feature-scripts.env index 90136fcd1e..0de5048281 100644 --- a/script-library/container-features/src/feature-scripts.env +++ b/script-library/container-features/src/feature-scripts.env @@ -6,6 +6,7 @@ _VSC_INSTALL_DOCKER_FROM_DOCKER="docker-debian.sh true /var/run/docker-host.sock _VSC_INSTALL_KUBECTL_HELM_MINIKUBE="kubectl-helm-debian.sh ${_BUILD_ARG_KUBECTL_HELM_MINIKUBE_VERSION:-latest} ${_BUILD_ARG_KUBECTL_HELM_MINIKUBE_HELM:-latest} ${_BUILD_ARG_KUBECTL_HELM_MINIKUBE_MINIKUBE:-latest}" _VSC_INSTALL_TERRAFORM="terraform-debian.sh ${_BUILD_ARG_TERRAFORM_VERSION:-latest} ${_BUILD_ARG_TERRAFORM_TFLINT:-latest} ${_BUILD_ARG_TERRAFORM_TERRAGRUNT:-latest}" _VSC_INSTALL_GITHUB_CLI="github-debian.sh ${_BUILD_ARG_GITHUB_CLI_VERSION:-latest}" +_VSC_INSTALL_AWS_CLI="awscli-debian.sh ${_BUILD_ARG_AWS_CLI_VERSION:-latest}" _VSC_INSTALL_AZURE_CLI="azcli-debian.sh ${_BUILD_ARG_AZURE_CLI_VERSION:-latest}" _VSC_INSTALL_SSH=sshd-debian.sh _VSC_INSTALL_NODE="node-debian.sh /usr/local/share/nvm ${_BUILD_ARG_NODE_VERSION:-lts/*} automatic true ${_BUILD_ARG_NODE_NODEGYPDEPENDENCIES:-true}" diff --git a/script-library/docs/awscli.md b/script-library/docs/awscli.md new file mode 100644 index 0000000000..3d0ec7ab02 --- /dev/null +++ b/script-library/docs/awscli.md @@ -0,0 +1,50 @@ +# AWS CLI Install Script + +*Installs the AWS CLI along with needed dependencies. Useful for base Dockerfiles that often are missing required install dependencies like gpg.* + +**Script status**: Stable + +**OS support**: Debian 9+, Ubuntu 18.04+, and downstream distros. + +**Maintainer:** The VS Code and GitHub Codespaces teams + +## Syntax + +```text +./awscli-debian.sh [Version] +``` + +Or as a feature: + +```json +"features": { + "aws-cli": "latest" +} +``` + +## Usage + +### Feature use + +To install these capabilities in your primary dev container, reference it in `devcontainer.json` as follows: + +```json +"features": { + "aws-cli": "latest" +} +``` + +If you have already built your development container, run the **Rebuild Container** command from the command palette (Ctrl/Cmd + Shift + P or F1) to pick up the change. + +### Script use + +1. Add [`awscli-debian.sh`](../awscli-debian.sh) to `.devcontainer/library-scripts` + +2. Add the following to your `.devcontainer/Dockerfile`: + + ```Dockerfile + COPY library-scripts/awscli-debian.sh /tmp/library-scripts/ + RUN bash /tmp/library-scripts/awscli-debian.sh + ``` + +That's it! diff --git a/script-library/test/regression/run-scripts.sh b/script-library/test/regression/run-scripts.sh index b280ec73fe..5195e997a8 100755 --- a/script-library/test/regression/run-scripts.sh +++ b/script-library/test/regression/run-scripts.sh @@ -72,6 +72,7 @@ fi architecture="$(uname -m)" if [ "${DISTRO}" = "debian" ]; then + runScript awscli runScript azcli runScript fish "false ${USERNAME}" runScript git-from-src "latest true" From 85894cedd5d05e51b94ac942cde56258cff7944e Mon Sep 17 00:00:00 2001 From: Dan Vicarel Date: Mon, 28 Feb 2022 10:50:13 -0500 Subject: [PATCH 3/6] Use correct AWS CLI install script for CPU architecture --- script-library/awscli-debian.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/script-library/awscli-debian.sh b/script-library/awscli-debian.sh index 84495eb4ff..a12284e9a3 100644 --- a/script-library/awscli-debian.sh +++ b/script-library/awscli-debian.sh @@ -76,7 +76,12 @@ install() { if [ "${AWSCLI_VERSION}" != "latest" ]; then local versionStr=-${AWSCLI_VERSION} fi - local scriptUrl=https://awscli.amazonaws.com/awscli-exe-linux-x86_64${versionStr}.zip + arch=$(uname -m) + if [ "$arch" != "x86_64" -a "$arch" != "aarch64" ]; then + echo "AWS CLI does not support machine architecture '$arch'. Please use an x86-64 or ARM64 machine." + exit 1 + fi + local scriptUrl=https://awscli.amazonaws.com/awscli-exe-linux-${arch}${versionStr}.zip curl "${scriptUrl}" -o "${scriptZipFile}" curl "${scriptUrl}.sig" -o "${scriptSigFile}" From e451dac649f44c3bea7a21c368530cfb97df2f09 Mon Sep 17 00:00:00 2001 From: Dan Vicarel Date: Thu, 3 Mar 2022 10:31:09 -0500 Subject: [PATCH 4/6] Use get_common_setting for AWS CLI GPG key/fingerprint --- script-library/awscli-debian.sh | 38 ++++-------------------------- script-library/shared/settings.env | 30 +++++++++++++++++++++++ 2 files changed, 35 insertions(+), 33 deletions(-) diff --git a/script-library/awscli-debian.sh b/script-library/awscli-debian.sh index a12284e9a3..c1f036351a 100644 --- a/script-library/awscli-debian.sh +++ b/script-library/awscli-debian.sh @@ -22,47 +22,19 @@ verify_aws_cli_gpg_signature() { local filePath=$1 local sigFilePath=$2 - local awsCliKeyFingerprint=FB5DB77FD5C118B80511ADA8A6310ACC4672475C + get_common_setting AWSCLI_GPG_KEY + get_common_setting AWSCLI_GPG_KEY_MATERIAL local awsCliPublicKeyFile=aws-cli-public-key.pem + echo "${AWSCLI_GPG_KEY_MATERIAL}" > "${awsCliPublicKeyFile}" + gpg --quiet --import "${awsCliPublicKeyFile}" ( - cat < "${awsCliPublicKeyFile}" gpg --quiet --import "${awsCliPublicKeyFile}" gpg --batch --quiet --verify "${sigFilePath}" "${filePath}" local status=$? - gpg --batch --quiet --delete-keys "${awsCliKeyFingerprint}" + gpg --batch --quiet --delete-keys "${AWSCLI_GPG_KEY}" rm "${awsCliPublicKeyFile}" return ${status} diff --git a/script-library/shared/settings.env b/script-library/shared/settings.env index a2a09f692e..bbac478ae6 100644 --- a/script-library/shared/settings.env +++ b/script-library/shared/settings.env @@ -22,3 +22,33 @@ GO_GPG_KEY_URI="https://dl.google.com/linux/linux_signing_key.pub" GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com:80 keyserver hkps://keys.openpgp.org keyserver hkp://keyserver.pgp.com" +AWSCLI_GPG_KEY=FB5DB77FD5C118B80511ADA8A6310ACC4672475C +AWSCLI_GPG_KEY_MATERIAL="-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF2Cr7UBEADJZHcgusOJl7ENSyumXh85z0TRV0xJorM2B/JL0kHOyigQluUG +ZMLhENaG0bYatdrKP+3H91lvK050pXwnO/R7fB/FSTouki4ciIx5OuLlnJZIxSzx +PqGl0mkxImLNbGWoi6Lto0LYxqHN2iQtzlwTVmq9733zd3XfcXrZ3+LblHAgEt5G +TfNxEKJ8soPLyWmwDH6HWCnjZ/aIQRBTIQ05uVeEoYxSh6wOai7ss/KveoSNBbYz +gbdzoqI2Y8cgH2nbfgp3DSasaLZEdCSsIsK1u05CinE7k2qZ7KgKAUIcT/cR/grk +C6VwsnDU0OUCideXcQ8WeHutqvgZH1JgKDbznoIzeQHJD238GEu+eKhRHcz8/jeG +94zkcgJOz3KbZGYMiTh277Fvj9zzvZsbMBCedV1BTg3TqgvdX4bdkhf5cH+7NtWO +lrFj6UwAsGukBTAOxC0l/dnSmZhJ7Z1KmEWilro/gOrjtOxqRQutlIqG22TaqoPG +fYVN+en3Zwbt97kcgZDwqbuykNt64oZWc4XKCa3mprEGC3IbJTBFqglXmZ7l9ywG +EEUJYOlb2XrSuPWml39beWdKM8kzr1OjnlOm6+lpTRCBfo0wa9F8YZRhHPAkwKkX +XDeOGpWRj4ohOx0d2GWkyV5xyN14p2tQOCdOODmz80yUTgRpPVQUtOEhXQARAQAB +tCFBV1MgQ0xJIFRlYW0gPGF3cy1jbGlAYW1hem9uLmNvbT6JAlQEEwEIAD4WIQT7 +Xbd/1cEYuAURraimMQrMRnJHXAUCXYKvtQIbAwUJB4TOAAULCQgHAgYVCgkICwIE +FgIDAQIeAQIXgAAKCRCmMQrMRnJHXJIXEAChLUIkg80uPUkGjE3jejvQSA1aWuAM +yzy6fdpdlRUz6M6nmsUhOExjVIvibEJpzK5mhuSZ4lb0vJ2ZUPgCv4zs2nBd7BGJ +MxKiWgBReGvTdqZ0SzyYH4PYCJSE732x/Fw9hfnh1dMTXNcrQXzwOmmFNNegG0Ox +au+VnpcR5Kz3smiTrIwZbRudo1ijhCYPQ7t5CMp9kjC6bObvy1hSIg2xNbMAN/Do +ikebAl36uA6Y/Uczjj3GxZW4ZWeFirMidKbtqvUz2y0UFszobjiBSqZZHCreC34B +hw9bFNpuWC/0SrXgohdsc6vK50pDGdV5kM2qo9tMQ/izsAwTh/d/GzZv8H4lV9eO +tEis+EpR497PaxKKh9tJf0N6Q1YLRHof5xePZtOIlS3gfvsH5hXA3HJ9yIxb8T0H +QYmVr3aIUes20i6meI3fuV36VFupwfrTKaL7VXnsrK2fq5cRvyJLNzXucg0WAjPF +RrAGLzY7nP1xeg1a0aeP+pdsqjqlPJom8OCWc1+6DWbg0jsC74WoesAqgBItODMB +rsal1y/q+bPzpsnWjzHV8+1/EtZmSc8ZUGSJOPkfC7hObnfkl18h+1QtKTjZme4d +H17gsBJr+opwJw/Zio2LMjQBOqlm3K1A4zFTh7wBC7He6KPQea1p2XAMgtvATtNe +YLZATHZKTJyiqA== +=vYOk +-----END PGP PUBLIC KEY BLOCK-----" From eb14d6934bf0022eef3791f94e251e734dae9c69 Mon Sep 17 00:00:00 2001 From: Dan Vicarel Date: Mon, 7 Mar 2022 22:08:26 -0500 Subject: [PATCH 5/6] Address PR comments - Remove some duplicate GPG verification code - Use `dpkg --print-architecture` to get more reliable machine architecture strings - Ensure `curl` and `gpg` packages are installed (using new functions similar to Azure CLI install script) --- script-library/awscli-debian.sh | 41 +++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 9 deletions(-) diff --git a/script-library/awscli-debian.sh b/script-library/awscli-debian.sh index c1f036351a..5706dbf0bd 100644 --- a/script-library/awscli-debian.sh +++ b/script-library/awscli-debian.sh @@ -18,6 +18,29 @@ if [ "$(id -u)" -ne 0 ]; then exit 1 fi +# Function to run apt-get if needed +apt_get_update_if_needed() +{ + if [ ! -d "/var/lib/apt/lists" ] || [ "$(ls /var/lib/apt/lists/ | wc -l)" = "0" ]; then + echo "Running apt-get update..." + apt-get update + else + echo "Skipping apt-get update." + fi +} + +# Checks if packages are installed and installs them if not +check_packages() { + if ! dpkg -s "$@" > /dev/null 2>&1; then + apt_get_update_if_needed + apt-get -y install --no-install-recommends "$@" + fi +} + +export DEBIAN_FRONTEND=noninteractive + +check_packages curl ca-certificates gnupg2 dirmngr + verify_aws_cli_gpg_signature() { local filePath=$1 local sigFilePath=$2 @@ -27,9 +50,6 @@ verify_aws_cli_gpg_signature() { local awsCliPublicKeyFile=aws-cli-public-key.pem echo "${AWSCLI_GPG_KEY_MATERIAL}" > "${awsCliPublicKeyFile}" gpg --quiet --import "${awsCliPublicKeyFile}" - ( - ) > "${awsCliPublicKeyFile}" - gpg --quiet --import "${awsCliPublicKeyFile}" gpg --batch --quiet --verify "${sigFilePath}" "${filePath}" local status=$? @@ -48,12 +68,15 @@ install() { if [ "${AWSCLI_VERSION}" != "latest" ]; then local versionStr=-${AWSCLI_VERSION} fi - arch=$(uname -m) - if [ "$arch" != "x86_64" -a "$arch" != "aarch64" ]; then - echo "AWS CLI does not support machine architecture '$arch'. Please use an x86-64 or ARM64 machine." - exit 1 - fi - local scriptUrl=https://awscli.amazonaws.com/awscli-exe-linux-${arch}${versionStr}.zip + architecture=$(dpkg --print-architecture) + case "${architecture}" in + amd64) architectureStr=x86_64 ;; + arm64) architectureStr=aarch64 ;; + *) + echo "AWS CLI does not support machine architecture '$architecture'. Please use an x86-64 or ARM64 machine." + exit 1 + esac + local scriptUrl=https://awscli.amazonaws.com/awscli-exe-linux-${architectureStr}${versionStr}.zip curl "${scriptUrl}" -o "${scriptZipFile}" curl "${scriptUrl}.sig" -o "${scriptSigFile}" From 72b8a9ab3e94a66c389bd7f05fc9e90003e0419d Mon Sep 17 00:00:00 2001 From: Dan Vicarel Date: Tue, 8 Mar 2022 01:16:07 -0500 Subject: [PATCH 6/6] Add get_common_setting to AWS CLI install script Copied from Azure CLI install script --- script-library/awscli-debian.sh | 44 ++++++++++++++++++++++++++++++ script-library/shared/settings.env | 1 - 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/script-library/awscli-debian.sh b/script-library/awscli-debian.sh index 5706dbf0bd..144ca44137 100644 --- a/script-library/awscli-debian.sh +++ b/script-library/awscli-debian.sh @@ -12,12 +12,56 @@ set -e AWSCLI_VERSION=${1:-"latest"} +AWSCLI_GPG_KEY=FB5DB77FD5C118B80511ADA8A6310ACC4672475C +AWSCLI_GPG_KEY_MATERIAL="-----BEGIN PGP PUBLIC KEY BLOCK----- +mQINBF2Cr7UBEADJZHcgusOJl7ENSyumXh85z0TRV0xJorM2B/JL0kHOyigQluUG +ZMLhENaG0bYatdrKP+3H91lvK050pXwnO/R7fB/FSTouki4ciIx5OuLlnJZIxSzx +PqGl0mkxImLNbGWoi6Lto0LYxqHN2iQtzlwTVmq9733zd3XfcXrZ3+LblHAgEt5G +TfNxEKJ8soPLyWmwDH6HWCnjZ/aIQRBTIQ05uVeEoYxSh6wOai7ss/KveoSNBbYz +gbdzoqI2Y8cgH2nbfgp3DSasaLZEdCSsIsK1u05CinE7k2qZ7KgKAUIcT/cR/grk +C6VwsnDU0OUCideXcQ8WeHutqvgZH1JgKDbznoIzeQHJD238GEu+eKhRHcz8/jeG +94zkcgJOz3KbZGYMiTh277Fvj9zzvZsbMBCedV1BTg3TqgvdX4bdkhf5cH+7NtWO +lrFj6UwAsGukBTAOxC0l/dnSmZhJ7Z1KmEWilro/gOrjtOxqRQutlIqG22TaqoPG +fYVN+en3Zwbt97kcgZDwqbuykNt64oZWc4XKCa3mprEGC3IbJTBFqglXmZ7l9ywG +EEUJYOlb2XrSuPWml39beWdKM8kzr1OjnlOm6+lpTRCBfo0wa9F8YZRhHPAkwKkX +XDeOGpWRj4ohOx0d2GWkyV5xyN14p2tQOCdOODmz80yUTgRpPVQUtOEhXQARAQAB +tCFBV1MgQ0xJIFRlYW0gPGF3cy1jbGlAYW1hem9uLmNvbT6JAlQEEwEIAD4WIQT7 +Xbd/1cEYuAURraimMQrMRnJHXAUCXYKvtQIbAwUJB4TOAAULCQgHAgYVCgkICwIE +FgIDAQIeAQIXgAAKCRCmMQrMRnJHXJIXEAChLUIkg80uPUkGjE3jejvQSA1aWuAM +yzy6fdpdlRUz6M6nmsUhOExjVIvibEJpzK5mhuSZ4lb0vJ2ZUPgCv4zs2nBd7BGJ +MxKiWgBReGvTdqZ0SzyYH4PYCJSE732x/Fw9hfnh1dMTXNcrQXzwOmmFNNegG0Ox +au+VnpcR5Kz3smiTrIwZbRudo1ijhCYPQ7t5CMp9kjC6bObvy1hSIg2xNbMAN/Do +ikebAl36uA6Y/Uczjj3GxZW4ZWeFirMidKbtqvUz2y0UFszobjiBSqZZHCreC34B +hw9bFNpuWC/0SrXgohdsc6vK50pDGdV5kM2qo9tMQ/izsAwTh/d/GzZv8H4lV9eO +tEis+EpR497PaxKKh9tJf0N6Q1YLRHof5xePZtOIlS3gfvsH5hXA3HJ9yIxb8T0H +QYmVr3aIUes20i6meI3fuV36VFupwfrTKaL7VXnsrK2fq5cRvyJLNzXucg0WAjPF +RrAGLzY7nP1xeg1a0aeP+pdsqjqlPJom8OCWc1+6DWbg0jsC74WoesAqgBItODMB +rsal1y/q+bPzpsnWjzHV8+1/EtZmSc8ZUGSJOPkfC7hObnfkl18h+1QtKTjZme4d +H17gsBJr+opwJw/Zio2LMjQBOqlm3K1A4zFTh7wBC7He6KPQea1p2XAMgtvATtNe +YLZATHZKTJyiqA== +=vYOk +-----END PGP PUBLIC KEY BLOCK-----" if [ "$(id -u)" -ne 0 ]; then echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' exit 1 fi +# Get central common setting +get_common_setting() { + if [ "${common_settings_file_loaded}" != "true" ]; then + curl -sfL "https://aka.ms/vscode-dev-containers/script-library/settings.env" 2>/dev/null -o /tmp/vsdc-settings.env || echo "Could not download settings file. Skipping." + common_settings_file_loaded=true + fi + if [ -f "/tmp/vsdc-settings.env" ]; then + local multi_line="" + if [ "$2" = "true" ]; then multi_line="-z"; fi + local result="$(grep ${multi_line} -oP "$1=\"?\K[^\"]+" /tmp/vsdc-settings.env | tr -d '\0')" + if [ ! -z "${result}" ]; then declare -g $1="${result}"; fi + fi + echo "$1=${!1}" +} + # Function to run apt-get if needed apt_get_update_if_needed() { diff --git a/script-library/shared/settings.env b/script-library/shared/settings.env index bbac478ae6..7eb7ad9d93 100644 --- a/script-library/shared/settings.env +++ b/script-library/shared/settings.env @@ -24,7 +24,6 @@ keyserver hkps://keys.openpgp.org keyserver hkp://keyserver.pgp.com" AWSCLI_GPG_KEY=FB5DB77FD5C118B80511ADA8A6310ACC4672475C AWSCLI_GPG_KEY_MATERIAL="-----BEGIN PGP PUBLIC KEY BLOCK----- - mQINBF2Cr7UBEADJZHcgusOJl7ENSyumXh85z0TRV0xJorM2B/JL0kHOyigQluUG ZMLhENaG0bYatdrKP+3H91lvK050pXwnO/R7fB/FSTouki4ciIx5OuLlnJZIxSzx PqGl0mkxImLNbGWoi6Lto0LYxqHN2iQtzlwTVmq9733zd3XfcXrZ3+LblHAgEt5G