Archlinux gitpod layer

[da-moon]

PULL REQUEST

Description of Request

• support archlinux based docker images

Reason or Need for Feature

• Archlinux has some of the most updated packages, making it ideal for development environment
• Archlinux is pretty minimal and very customizable
• Since Gitpod is deprecating Theia, Alpine based images will be rendered useless as VSCode does not fully
  support Alpine.

Design / Proposal

setup a minimal layer for Arch Linux that takes care of the following

• Ensures the keyring is properly initialized
• Ensures full upgrade is done once so that we won't experience broken package dependencies in case
  of core package changes such as pacman or glibc
• configure pacman and enable parallel package download.
• Ensures dependencies for installing aur packages are installed
• Ensures Bash shell and Sudo are installed
• Ensures a gitpod user with uid and gid of 33333 exists
• Ensures gitpod user belongs to sudo,wheel and root groups.
• Ensures Gitpod prepend and append bashrc files have been added to gitpod user's ~/.bashrc
• Installs paru aur helper

Additional context

• you can refer to this example gitpod image in case you are interested in a more feature packed image
• most custom/more complicated RUN directives in Gitpod's image repository, such as workspace-full have equivalent AUR pkgbuild or are already in mainline repositories and it is significantly less work to install the exact same set of tools that exists in Ubuntu based images in an Arch based image

PS : btw i use arch

[da-moon]

/assign @csweichel

[csweichel]

/werft run

👍 started the job as gitpod-build-archlinux-gitpod-layer-fork.0

[csweichel]

Thank you for the contribution :)

I've run a build using the linked example, and the gitpod layer failed (see screenshot) because

ERROR: pacman configuration file '/etc/pacman.conf' not found.

[roboquat]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: da-moon
To complete the pull request process, please ask for approval from csweichel after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• components/image-builder/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[da-moon]

@csweichel there were a bunch of minor issues that I found in the image and I have addressed them in my latest commits. so far I can get the build working locally.

In case the problem persists, I do have some hypotheses on what may be the cause of this problem.

possible causes

• there is BASE_IMAGE variable on top of Gitpod Layer image ; How this value is getting fed into Gipod layer's Docker image ? Is it possible that this image is derived from non-arch docker images ?
• I tend to use ARG directives often in my Docker files; I remember vaguely that Dazzle did not support ARG directives, am I correct? can that be the reason why the build is failing? I have removed ARG directives in my latest commit, maybe that will fix the problem.

Additional context

• the image (fjolsvin/gitpod-workspace-full-archlinux ) works as intended when you run it on its own.
  

• when BASE_IMAGE is defined, the Gitpod layer image (gitpod/components/image-builder/workspace-image-layer/gitpod-layer/archlinux/Dockerfile) docker build works as intended. The following is the build result after setting BASE_IMAGE to archlinux:base (build.log)

FROM archlinux:base
# ─── INITIAL SETUP ──────────────────────────────────────────────────────────────
USER root
RUN \
  pacman-key --init > /dev/null 2>&1 \
  && pacman-key --populate archlinux > /dev/null 2>&1 \
  && pacman -Syyu --noconfirm >/dev/null 2>&1 \
  && pacman -S --noconfirm bash >/dev/null 2>&1
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# ─── INITIAL VALIDATIONS ────────────────────────────────────────────────────────
USER root
# [ NOTE ] in case gitpod user exists and has a uid
# that is not 33333, this run statement will fail.
RUN \
set -xue ; \
if getent passwd "gitpod" > /dev/null 2>&1; then \
[ "$(id -u gitpod)" != "33333" ] \
&& echo >&2 "Error: User 'gitpod' exists but does not have user-id 33333. The user-id is $(id -u)" \
&& exit 1 ; \
else \
exit 0 ; \
fi
# ─── CONFIGURING PACMAN ─────────────────────────────────────────────────────────
USER root
RUN \
set -xue ; \
sed -i \
  -e "/ParallelDownloads/d" \
  -e  '/\[options\]/a ParallelDownloads = 16' \
/etc/pacman.conf \
&& sed -i \
  -e "/Color/d" \
  -e "/ILoveCandy/d" \
  -e '/\[options\]/a Color' \
  -e '/\[options\]/a ILoveCandy' \
/etc/pacman.conf ;
# ─── INSTALLING CORE PACKAGES ───────────────────────────────────────────────────
USER root
RUN \
set -xue ; \
[ -r /usr/bin/gp ] && ln -sf /usr/bin/gp /usr/bin/gp-preview ; \
pacman -Sy --noconfirm --needed \
  git \
  base-devel \
  bash-completion \
  wget \
  curl \
  sudo \
> /dev/null 2>&1 ;
# ─── SUDO SETUP ─────────────────────────────────────────────────────────────────
USER root
RUN \
set -xue ; \
! getent group sudo > /dev/null && groupadd sudo \
&& sed -i \
  -e '/%wheel.*NOPASSWD:\s*ALL/d' \
  -e '/%wheel\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/d' \
/etc/sudoers \
&& ( \
echo "%wheel ALL=(ALL) ALL" ; \
echo "%wheel ALL=(ALL) NOPASSWD: ALL" ; \
) | tee -a /etc/sudoers > /dev/null ;
# ─── USER SETUP ─────────────────────────────────────────────────────────────────
USER root
# [ NOTE ] => user password was generated through the following command
# perl -e 'print crypt($ARGV[0], "password")' "gitpod"
RUN \
set -xue ; \
! getent group "gitpod" > /dev/null \
&& groupadd --gid "33333" "gitpod" > /dev/null > /dev/null ; \
! getent passwd "gitpod" > /dev/null \
&& useradd \
  --no-log-init \
  --create-home \
  --home-dir "/home/gitpod" \
  --gid "33333" \
  --uid "33333" \
  --groups sudo \
  --shell "/bin/bash" \
  --password "paF0XkFNewMcY" \
  "gitpod" && \
cp -R /root/. /home/gitpod ;
RUN \
set -xue ; \
echo "gitpod:gitpod" | chpasswd \
&& chown "$(id -u gitpod):$(id -g gitpod)" /home/gitpod/ -R \
&& usermod -aG wheel,root "gitpod" \
&& passwd -l root || true
# ─── PARU INSTALL ───────────────────────────────────────────────────────────────
USER "gitpod"
# [ NOTE ] => this run statement tries to install paru up to five failures
# as sometimes, aur may be temporarily unavailable
RUN \
set -xue ; \
[ ! -d "/home/gitpod/.cargo" ] && clean_cargo="true" || clean_cargo=="false" ; \
git clone https://aur.archlinux.org/paru.git /tmp/paru \
&& pushd /tmp/paru > /dev/null 2>&1 \
&& for i in {1..5}; do makepkg --noconfirm -sicr > /dev/null 2>&1 && break || sleep 15; done \
&& paru --version > /dev/null 2>&1 \
! cargo --version > /dev/null 2>&1 \
&& popd > /dev/null 2>&1 \
&& [[ "${clean_cargo}" == "true" ]] && rm -r "/home/gitpod/.cargo" ;
# ─── COPY CONFIG AND LAYER SCRIPT ───────────────────────────────────────────────
COPY ./gitpod /var/gitpod
# ─── CONFIGURE USER SHELL ───────────────────────────────────────────────────────
USER "gitpod"
# TODO Remove this in the near future when we do not need ~/.bashrc appends/prepends any more
RUN \
set -xue ; \
BASH_RC=~/.bashrc; \
[ ! -d "/home/gitpod" ] && echo >&2 "'gitpod' user home directory not found" && exit 1 ; \
[ -r "$BASH_RC" ] && cp "$BASH_RC" ~/.bashrc-org || touch ~/.bashrc-org ; \
touch ~/.hushlogin ; \
cat /var/gitpod/.bashrc-prepend > "$BASH_RC" \
&& cat ~/.bashrc-org >> "$BASH_RC" \
&& cat /var/gitpod/.bashrc-append >> "$BASH_RC"
# ─── CLEANUP AND FINALIZATIONS ──────────────────────────────────────────────────
USER root
RUN \
set -xue ; \
chown "$(id -u gitpod):$(id -g gitpod)" "/home/gitpod" -R \
&& pacman -Qdtq | sudo pacman -Rs - > /dev/null 2>&1 || true \
&& pacman --noconfirm -Scc > /dev/null 2>&1 \
&& rm -rf \
  /var/cache/pacman/pkg/* \
  /tmp/*
# ────────────────────────────────────────────────────────────────────────────────
USER gitpod

[da-moon]

@csweichel Have you had a chance to run the build again with my recent changes ?

[csweichel]

Prompted by recent developments (e.g. user namespaces), user experience considerations, but also by this PR, there's an effort underway to remove the Gitpod layer altogether: #4899, resp #4923

[da-moon]

@csweichel based on commit history, it looks like the Gitpod layer has been removed. Are changes in production now?

Update : it looks like Gitpod SaaS still has the Gitpod layer stage. Any ETA on when it is GA or deployed on gitpod.io infra?

[csweichel]

@da-moon Sorry for the many delays in having this shipped. We're still not running image-buider-mk3 in production. Currently we're blocked by this issue.

[stale]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.