Steve973 · April 16, 2025 23:34
diff --git a/ca-cert-urls.properties b/ca-cert-urls.properties
 CyberTrust = https://cacerts.digicert.com/BaltimoreCyberTrustRoot.crt.pem
 DigiCert = https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
 Mozilla = https://curl.se/ca/cacert.pem
 Amazon = https://www.amazontrust.com/repository/AmazonRootCA1.pem
diff --git a/configure-ca-cert.sh b/configure-ca-cert.sh
 #!/bin/bash
 set -e

 # Specify the properties file
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 PROPERTIES_FILE="${SCRIPT_DIR}/ca-cert-urls.properties"

 # Keep track if any certificates were successfully processed
 success_count=0

 update_ca_certs() {
  echo "Updating CA certificates..."
  update-ca-certificates
  echo "CA certificates updated successfully"
 }

 process_cert_url() {
  local caName="$1"
  local certUrl="$2"
  local cert_dir="/usr/local/share/ca-certificates"
  local filename

  # Trim whitespace using a simple bash function
  certUrl="${certUrl#"${certUrl%%[![:space:]]*}"}"  # Trim leading whitespace
  certUrl="${certUrl%"${certUrl##*[![:space:]]}"}"  # Trim trailing whitespace
  echo "Processing: ${caName} from ${certUrl}"

  # Create directory if it doesn't exist
  mkdir -p "${cert_dir}"

  # First check if the URL is reachable using HEAD request
 #  if ! curl -k -s -f -I --connect-timeout 1 "${certUrl}" &>/dev/null; then
  if ! curl -k -f -I --connect-timeout 3 "${certUrl}" > /tmp/curl_head_output 2>&1; then
    echo "  WARN: URL not reachable: ${certUrl}"
    echo "        reason:"
    cat /tmp/curl_head_output
    return 1
  fi

  # Extract filename from URL
  filename=$(basename "${certUrl}")

  # Ensure the filename has .crt extension
  if [[ ! "${filename}" =~ \.(crt|pem)$ ]]; then
    filename="${filename}.crt"
  fi

  # Destination certificate file
  local cert_file="${cert_dir}/${filename}"

  # Download the certificate directly to the CA certificates directory
  if curl -k -f --connect-timeout 3 -o "${cert_file}" "${certUrl}"; then
    echo "  Download successful to ${cert_file}"

    # Set proper permissions
    chmod 644 "${cert_file}"
    return 0
  else
    echo "  ERROR: Failed to download certificate from ${certUrl}"
    return 1
  fi
 }

 # Iterate through each line in the file
 while IFS= read -r line; do
  # Skip empty lines and comments
  [[ -z "$line" || "$line" =~ ^[[:space:]]*[#!] ]] && continue

  # Match simple "key = value" format
  if [[ "$line" =~ ^[[:space:]]*([[:alnum:]_]+)[[:space:]]*=[[:space:]]*(https?://[^ ]+)[[:space:]]*$ ]]; then
    key="${BASH_REMATCH[1]}"
    value="${BASH_REMATCH[2]}"
    if process_cert_url "${key}" "${value}"; then
      success_count=$((success_count + 1))
    fi
  else
    echo "Warning: Line doesn't match expected format: $line"
  fi
 done < "$PROPERTIES_FILE"

 # Only update CA certificates if we actually downloaded any
 if [ $success_count -gt 0 ]; then
  update_ca_certs
 else
  echo "No certificates were successfully downloaded. Skipping CA certificates update."
 fi
diff --git a/devcontainer.json b/devcontainer.json
 {
  "name": "Java Development",
  "build": {
    // Use the Dockerfile in the current directory
    "dockerfile": "Dockerfile"
  },
  // Enable ptrace for improved debugging capabilities
  "runArgs": [
    "--device=/dev/urandom:/dev/urandom",
    "--device=/dev/random:/dev/random",
    "--cap-add=SYS_PTRACE",
    "--security-opt",
    "seccomp=unconfined"
  ],
  // Forward ports for debugging and report viewing
  "forwardPorts": [
    8000,
    5005
  ],
  // Environment variables to assist development
  "remoteEnv": {
    // Enable remote debugging by default for test runs
    "GRADLE_OPTS": "-Dorg.gradle.jvmargs='-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=*:5005'"
  },
  "remoteUser": "devuser",
  "updateRemoteUserUID": true,
  // Initialize command to create the gradle cache directory on host
  "initializeCommand": "mkdir -p ${localEnv:HOME}/.devcontainer-gradle",
  // Cache Gradle dependencies between container rebuilds
  "mounts": [
    "source=${localEnv:HOME}/.devcontainer-gradle,target=/home/devuser/.gradle,type=bind,consistency=cached"
  ]
 }
diff --git a/Dockerfile b/Dockerfile
 FROM myproj/base-java-gradle-dev:1.0.0-SNAPSHOT

 # Copy certificate URLs file and script
 COPY scripts/ca-cert-urls.properties scripts/configure-ca-cert.sh /tmp/

 # Run certificate setup as root during build
 RUN /bin/bash /tmp/configure-ca-cert.sh && \
    rm -f /tmp/configure-ca-cert.sh /tmp/ca-cert-urls.properties && \
    if getent passwd ubuntu > /dev/null; then userdel -r ubuntu; fi && \
    if getent group ubuntu > /dev/null; then groupdel ubuntu; fi && \
    groupadd -g 1500 devgroup && \
    useradd -m -s /bin/bash -u 1500 -g 1500 -d /home/devuser devuser
	CyberTrust = https://cacerts.digicert.com/BaltimoreCyberTrustRoot.crt.pem
	DigiCert = https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
	Mozilla = https://curl.se/ca/cacert.pem
	Amazon = https://www.amazontrust.com/repository/AmazonRootCA1.pem
	#!/bin/bash
	set -e

	# Specify the properties file
	SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
	PROPERTIES_FILE="${SCRIPT_DIR}/ca-cert-urls.properties"

	# Keep track if any certificates were successfully processed
	success_count=0

	update_ca_certs() {
	echo "Updating CA certificates..."
	update-ca-certificates
	echo "CA certificates updated successfully"
	}

	process_cert_url() {
	local caName="$1"
	local certUrl="$2"
	local cert_dir="/usr/local/share/ca-certificates"
	local filename

	# Trim whitespace using a simple bash function
	certUrl="${certUrl#"${certUrl%%[![:space:]]*}"}" # Trim leading whitespace
	certUrl="${certUrl%"${certUrl##*[![:space:]]}"}" # Trim trailing whitespace
	echo "Processing: ${caName} from ${certUrl}"

	# Create directory if it doesn't exist
	mkdir -p "${cert_dir}"

	# First check if the URL is reachable using HEAD request
	# if ! curl -k -s -f -I --connect-timeout 1 "${certUrl}" &>/dev/null; then
	if ! curl -k -f -I --connect-timeout 3 "${certUrl}" > /tmp/curl_head_output 2>&1; then
	echo " WARN: URL not reachable: ${certUrl}"
	echo " reason:"
	cat /tmp/curl_head_output
	return 1
	fi

	# Extract filename from URL
	filename=$(basename "${certUrl}")

	# Ensure the filename has .crt extension
	if [[ ! "${filename}" =~ \.(crt\|pem)$ ]]; then
	filename="${filename}.crt"
	fi

	# Destination certificate file
	local cert_file="${cert_dir}/${filename}"

	# Download the certificate directly to the CA certificates directory
	if curl -k -f --connect-timeout 3 -o "${cert_file}" "${certUrl}"; then
	echo " Download successful to ${cert_file}"

	# Set proper permissions
	chmod 644 "${cert_file}"
	return 0
	else
	echo " ERROR: Failed to download certificate from ${certUrl}"
	return 1
	fi
	}

	# Iterate through each line in the file
	while IFS= read -r line; do
	# Skip empty lines and comments
	[[ -z "$line" \|\| "$line" =~ ^[[:space:]]*[#!] ]] && continue

	# Match simple "key = value" format
	if [[ "$line" =~ ^[[:space:]]([[:alnum:]_]+)[[:space:]]=[[:space:]](https?://[^ ]+)[[:space:]]$ ]]; then
	key="${BASH_REMATCH[1]}"
	value="${BASH_REMATCH[2]}"
	if process_cert_url "${key}" "${value}"; then
	success_count=$((success_count + 1))
	fi
	else
	echo "Warning: Line doesn't match expected format: $line"
	fi
	done < "$PROPERTIES_FILE"

	# Only update CA certificates if we actually downloaded any
	if [ $success_count -gt 0 ]; then
	update_ca_certs
	else
	echo "No certificates were successfully downloaded. Skipping CA certificates update."
	fi
	{
	"name": "Java Development",
	"build": {
	// Use the Dockerfile in the current directory
	"dockerfile": "Dockerfile"
	},
	// Enable ptrace for improved debugging capabilities
	"runArgs": [
	"--device=/dev/urandom:/dev/urandom",
	"--device=/dev/random:/dev/random",
	"--cap-add=SYS_PTRACE",
	"--security-opt",
	"seccomp=unconfined"
	],
	// Forward ports for debugging and report viewing
	"forwardPorts": [
	8000,
	5005
	],
	// Environment variables to assist development
	"remoteEnv": {
	// Enable remote debugging by default for test runs
	"GRADLE_OPTS": "-Dorg.gradle.jvmargs='-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=*:5005'"
	},
	"remoteUser": "devuser",
	"updateRemoteUserUID": true,
	// Initialize command to create the gradle cache directory on host
	"initializeCommand": "mkdir -p ${localEnv:HOME}/.devcontainer-gradle",
	// Cache Gradle dependencies between container rebuilds
	"mounts": [
	"source=${localEnv:HOME}/.devcontainer-gradle,target=/home/devuser/.gradle,type=bind,consistency=cached"
	]
	}
	FROM myproj/base-java-gradle-dev:1.0.0-SNAPSHOT

	# Copy certificate URLs file and script
	COPY scripts/ca-cert-urls.properties scripts/configure-ca-cert.sh /tmp/

	# Run certificate setup as root during build
	RUN /bin/bash /tmp/configure-ca-cert.sh && \
	rm -f /tmp/configure-ca-cert.sh /tmp/ca-cert-urls.properties && \
	if getent passwd ubuntu > /dev/null; then userdel -r ubuntu; fi && \
	if getent group ubuntu > /dev/null; then groupdel ubuntu; fi && \
	groupadd -g 1500 devgroup && \
	useradd -m -s /bin/bash -u 1500 -g 1500 -d /home/devuser devuser