Move SSL_CERT_DIR setup from containerEnv to install.sh#41
Merged
Conversation
The containerEnv entry added in #38 used `${containerEnv:HOME}` as a substitution, which is unresolvable at containerEnv bake time, leaving SSL_CERT_DIR with an empty HOME prefix on existing containers. remoteEnv isn't valid in a feature under strict-schema validation, so move SSL_CERT_DIR setup into install.sh: write /etc/profile.d for login shells (per-user $HOME expansion) and /etc/environment for PAM logins (resolved _REMOTE_USER_HOME). Single uniform code path covers default and user-overridden sslCertDirs.
Drop the -pre suffix on the feature manifest and all package.json files so this PR can ship as a stable 1.0.1 release immediately on merge.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Refactors SSL_CERT_DIR configuration from the feature manifest's
containerEnvto runtime setup ininstall.sh. This change enables proper$HOMEexpansion for login shells while supporting PAM-based logins (like SSH) with resolved paths.Key Changes
Removed
containerEnv.SSL_CERT_DIRfromdevcontainer-feature.json— the manifest cannot reliably expand${containerEnv:HOME}andremoteEnvis not permitted in features under strict-schema validationAdded dual-path SSL_CERT_DIR setup in
install.sh:/etc/profile.d/devcontainer-dev-certs.shwithexport SSL_CERT_DIR="$HOME/.aspnet/dev-certs/trust:${SSL_CERT_DIRS}"for login shells (VS Code's userEnvProbe)/etc/environmentwith resolvedREMOTE_USER_HOMEpath for PAM-based logins (SSH)Removed
DEFAULT_SSL_CERT_DIRSvariable frominstall.sh— no longer needed since the script now unconditionally sets SSL_CERT_DIR for both default and user-overridden configurationsUpdated validation tests to verify the new install.sh behavior instead of checking containerEnv
Updated documentation (AGENTS.md, README.md, code comments) to reflect that SSL_CERT_DIR is now set at install time rather than via containerEnv
Implementation Details
The solution handles two distinct shell environments:
$HOMEis expanded by the shell when sourcing/etc/profile.d//etc/environmentis read bypam_envwhich doesn't expand variables, soREMOTE_USER_HOMEis resolved and baked in at install timeThis ensures SSL_CERT_DIR is properly configured across all access methods without relying on manifest-level variable expansion that isn't supported by the devcontainer spec.
https://claude.ai/code/session_018AmRDWxPGu5bHLKYfunWMj