-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Container Feature installation broken due to self signed certificates (since 0.251.0) #7150
Comments
has same problem |
^^this |
Features as OCI artifacts should resolve this. Any ETA for support in VSCode? https://code.visualstudio.com/blogs/2022/09/15/dev-container-features |
Sadly for me it did not resolve the problem No one feature is working in this version..... : |
same problem |
That solved it for me. Replace old style feature with this new way, and it works. |
how does your devcontainer definition look? my vscode is not happy with every way i tried. so i guessed it‘s not supported yet. |
For us, the workaround we found is to run the |
Sorry for bringing this back up, but we are also stuck in the same scenario - in vscode as well as when running devcontainer/cli@0.20.0 (I'm not sure where the functionality was changed. We need to ensure that our "self-signed" cert is installed PRIOR to any feature additions - If it is not, the first feature install fails due to invalid signatures. I understand from the thread in #6995, it's not a vscode bug - so how do we solve the issue locally? Using devcontainer/cli@0.6.0 or an older vscode I can build our devcontainer with a Dockerfile that looks something like this #Sample devcontainer.json
#Sample Dockerfile
With the latest devcontainer/cli and vscode we are failing before we fix the certs and of course, if I have no features added the devcontainer build succeeds BTW: I was also hoping to create a local "feature" to install the certs in specified order - and there is still some preprocessing I don't YET understand that is blocked - I got excited that the "feature" trick might work |
I am also facing the same issue. I am getting following error when I try to create a dev container configuration file. My system uses netskope mitm proxy, and the netskope root ca is a part of the certificate store on my windows sytstem. I try to run Dev Contgainers: Add Dev Containers Configuration Files i get the following error: The logs from dev container log are below:
The only way to get this to work is by disabling netskope PS: Removed my windows user name from the output above. |
looks like the feature installation changed again. it fetches the feature from the host instead of a bootstrapping image and the actual installation happens in the defined image of the devcontainer. we got it working with adding certificate ripper to the dockerfile which we have defined in the devcontainer.json
still have the self signed certificate issue with clone in volume though (#3713) as that happens still in the bootstrap container. |
@chrmarti any chance this can be addressed soon? |
I know that everyone has mixed results in trying to figure this out, including myself, but I finally found a way that works in my corporate environment where all systems need custom Root CA certificates loaded. I published my findings at mholttech/devcontainer-features. I tested this with the repo residing inside of Windows and inside of an Ubuntu WSL2 instance. |
This does not work for home environment as well. However, if I start the devcontainer directly from windows it work. Fails when started from wsl. I tried lot many solutions but doesn't seems to be working.
|
This, btw, worked for me on fedora wsl image seamlessly. However, Ubuntu wsl continues to fail with timeout error |
same error here |
I am getting the same error. |
Steps to Reproduce:
update-ca-certificates
. Now since the new version it "seems" to me that all the feature installations like git happen before the dockerfile is executed?Does this issue occur when you try this locally?: Yes
Does this issue occur when you try this locally and all extensions are disabled?: Yes
Thanks for you help
The text was updated successfully, but these errors were encountered: