- create a git repo that has the base files and start tweaking
git config --global credential.helper "/mnt/c/Program\ Files/Git/mingw64/libexec/git-core/git-credential-manager.exe"This process is easier with git submodules.
curl --output .devcontainer.json -L https://gist.github.com/waltiam/c94e2d042cac1e7976ebac9e683f2287/raw The example here uses the .devcontainer.json for the go lang container.
This is intended to be used as a git sub-module.
To use in an existing repo first delete the existing .devcontainer folder and commit this change.
git rm -rf .devcontainer\Then clone and update the .devcontainer submodule.
cd {root project}
git submodule add https://github.com/waltiam/submodule-golang.git .devcontainer
git submodule init
git submodule updateIf you make change to the .devcontainer that you want to commit back to the repo.
cd {project root}/.devcontainer
git add {changes to add}
git commit -m"{commit mesage}"
git push
cd ..
git submodule updateSone extensions (GitGraph) require socat to communicate with the host this can be installed with:
sudo apt-get install socatExecuted from the WSL shell.
Microsoft has this to say about it.
The short of this is that there are three options:
- SSH without a passphrase - relying on the public/private key pair.
- HTTPS using the Windows Credential Manager
- Use the VSCode terminal and not the UI
I opted to go with SSH and no passphrase; the UI tools within VSCode allow for the PR into branches to be and using HHTPS potentially exposes the github credential to attack.
THe GPG and GPG/SM processes below could also be set to use password free, again relying on the public/private keys.
The general idea is that I do not want tokens, credentials or passwords in the repo. This means there will be inevitably some manual steps happening. To start with we share the ~/.ssh folder with the docker image as ${user}/.ssh, as long as the ssh token have been properly configured in github this should work.
"source=${localEnv:HOME}/.ssh,target=/home/vscode/.ssh,type=bind,consistency=cached",A little more complex because there are actual manual steps to create the and sign the token.
Taking the steps to create a gpg cert from Signing your GitHub commits using GPG keys on Windows.
Configure a gpg commit signing key on the WSL instance.
gpg --full-key-gen --pinentry-mode loopback
... etc- The important thing here is the
--pinentry-mode loopbackand be sure thatexport GPG_TTY=$(tty)has been added to the shell rc file.
Again though, let's start with sharing the folder where the gpg token is stored. Mount e ~/.gnupg folder with the dev container:
"source=${localEnv:HOME}/.gnupg,target=/home/vscode/.gnupg,type=bind,consistency=cached",Run the git configuration steps on the docker image, this will require the public key.
The final piece of the puzzle, the GPG commit signing requires a encryption key. Once the PGP key is generated in the WSL environment this "should just work" ™ . Almost, the key turned out to be that for some reason the docker dev container doesn't take the default recipient, fixed that by adding the following line into the ~/.gnupg/gpg.conf file:
recipient {your email accosicated with the token}
Run through the setup in as per the Sectigo Documentation. When it comes to the part about configuring git the commands should be executed in the .devcontainer, only the following are really needed and could be scripted out per user and stored outside the container:
git config --global gpg.program $(which gpgsm)
git config --global gpg.format x509
git config --global user.signingkey 0xDDDDDDDD
git config --global user.email 'walt.speelman@sectigo.com'Somewhere, I cannot find the original post anywhere, it was said that the command export GPG_TTY=$(tty) also needed to be executed.
Other things that I still need to explore to help stablize the signing environment:
gpgconf --kill gpg-agentecho UPDATESTARTUPTTY | gpg-connect-agent
- Installing the Gpg4win tool.
- Update the
~/.gnupg/gpg-agent.conffile with the addition of:
pinentry-program "/mnt/c/Program Files (x86)/GnuPG/bin/pinentry-basic.exe"
default-cache-ttl 34560000
max-cache-ttl 34560000Execute a gpgconf --kill gpg-agent for good luck (gI feel this is sort of like a goat sacrifice at this point).
- Started with this
- creating subkeys
- Git - the horses mouth
- The hint that said we needed an encryption key
- Parsing the GPG output with awk
- GPG - though the actual
man gpgwas more useful - Git - starting page of the set up for Github
- Some interesting stuff, can't remember if this actually told me anything new though
- Where you're gonna store these things on GitHub
- The online manpage for
gpgsm - Configuring
GPG_TTY
The template-golang has this sub-module already inserted.
If you make changes to this submodule remember to add and commit from the .devcontainer folder.
Licensed under the MIT License.
//! TODO: add license file
There is a far better repository by Microsoft here.
This is a quick walk through of setting up a development environment in VS Code using docker images. I don't claim great knowledge on this, I've got them running and they seem to be ok.
- Visual Sutdio Remote Development
- 64-Dev-Docker/dev-env (github.com)
- Docker Hub
- go lang docker container configuration (github.com)
To the best of my knowledge this technology does not apply to Visual Studio.
If you've run into issues with file ownership:
If this is your error:
> git commit -m"clever commit message"
$ fatal: could not open '.git/COMMIT_EDITMSG': Permission deniedThis should resolve the immediate challenge
chown -R $(whoami) .A better, and longer term solution would be to review the users in the local and remote docker container.