Skip to content

This repo shows how you can use VSCode, Dev Containers, & Features in an enterprise environment that requires Custom ROOT CA Certificates.

Notifications You must be signed in to change notification settings

mholttech/devcontainer-features

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 

Repository files navigation

VSCode Dev Container with Features in an Enterprise Environment

This repo shows how you can use VSCode, Dev Containers, & Features in an enterprise environment that requires Custom ROOT CA Certificates.

This repository also contains a sample Dev Container for easily testing in your environment.

Pre-Prerequisites

Software Version
WSL v2
VSCode >=1.80.0
Dev Containers Extension v0.299.0
Ubuntu WSL Instance 20.04 or 22.04

How To

The How-To instructions are split into three sections. Section 1 is performed within WSL, Section 2 is performed within Windows, and Section 3 goes over testing.

Update 8/2/23 Updated Section 3 to include copying nodecerts.pem to .devcontainer

Section 1: WSL

  1. Open up a terminal in your Ubuntu WSL2 instance

  2. Ensure that a copy of your Enterprise Root CA Certificates are in /usr/local/share/ca-certificates/. If you don't have the Root CA certs easily available you can use ./devContainer/createCerts.sh or these commands to get them and load them into Ubuntu:

    sudo openssl s_client -showcerts -verify 5 -connect wikipedia.org:443 < /dev/null | awk '/BEGIN/,/END/{ if(/BEGIN/){a++}; out="cert"a".crt"; print >out}'; echo "Certificates:"; for cert in *.crt; do newname=$(openssl x509 -noout -subject -in $cert | sed -nE 's/.*CN ?= ?(.*)/\1/; s/[ ,.*]/_/g; s/__/_/g; s/_-_/-/; s/^_//g;p' | tr '[:upper:]' '[:lower:]').crt; echo "${newname}"; mv "${cert}" "/usr/local/share/ca-certificates/${newname}"; done
    sudo rm /usr/local/share/ca-certificates/wikipedia_org.crt
    sudo update-ca-certificates
  3. Configure your profile to set NODE_XTRA_CA_CERTS. This can be done in multiple ways, such as ~/.profile, ~/.zprofile, ~/.zshrc, and others. The way I did this was to actually create /etc/profile.d/node_certs.sh (make sure to chmod +x) with the following script:

    #!/bin/bash
    
    export NODE_EXTRA_CA_CERTS=/etc/nodecerts.pem
  4. Copy /etc/nodecerts.pem to /mnt/c/temp/nodecerts.pem

    mkdir /mnt/c/temp/
    cp /etc/nodecerts.pem /mnt/c/temp/nodecerts.pem

Section 2: Windows

Before starting this section, take c:\temp\nodecerts.pem and place it wherever you wish. For the purposes of these instructions we're going to assume that the file remains in c:\temp\

  1. Set a system environment variable named NODE_EXTRA_CA_CERTS and set the value to c:\temp\nodecerts.pem
  2. Close VSCode & any Terminal Windows

Section 3: Testing

You can now test this out for yourself. This should work natively in Windows as well as inside of your Ubuntu WSL instance. I recommend using WSL for all repositories due to a variety of issues with mounting local paths into containers. See here, here, here & here.

  1. Open repository in VSCode and then tell VSCode to open in Dev Container.
  2. Copy the nodecerts.pem file created in Section 1 into .devcontainer/nodecerts.pem
  3. You can verify it succeeded by running terraform --version, which is the single feature being installed by this repo.

About

This repo shows how you can use VSCode, Dev Containers, & Features in an enterprise environment that requires Custom ROOT CA Certificates.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published