Signing commits when using devpod with SSH Provider

#devpod #devops #devcontainer

I was struggling to get ssh signing to work with devpod and the ssh provider. The same will probably apply for other cloud providers.

The problem

We need to get our .gitconfig and our signing key into our dev container which is running on a remote server. At first I thought I could simply do this by adding the following to my .devcontainer.json:

    "mounts": [
      {
        "type": "bind",
        "source": "${localEnv:HOME}${localEnv:USERPROFILE}/.ssh/id_ed25519.pub",
        "target": "/home/vscode/.ssh/id_ed25519.pub",
      },
      {
        "type": "bind",
        "source": "${localEnv:HOME}${localEnv:USERPROFILE}/.gitconfig",
        "target": "/home/vscode/.gitconfig",
      },
    ],

But: {localEnv:HOME} does not refer to your local pc, but to the home directory of your remote server (outside the devcontainer). Btw: ${localEnv:USERPROFILE} is included to improve compatibility with Windows systems.

Solution

We create the minimal files needed to do signing with git via ssh on our remote server. The actual signing then happens through the ssh-agent which is forwarded by devpod automatically.

  1. I created a ~/.gitconfig on my remote server to which I later want to connect via ssh.
[commit]
	gpgSign = true
[user]
	signingkey = ~/.ssh/id_ed25519.pub
	email = "your@email-address.org"
	name = "Your Name"
[gpg]
	program = gpg
	format = ssh
  1. I copied my ~/.ssh/id_ed25519.pub to the remote server: scp ~/.ssh/id_ed25519.pub user@server:~/.ssh/id_ed25519.pub
  2. Open your devcontainer, find out your uid inside the container:
$> id
uid=1000(vscode) gid=1000(vscode) groups=1000(vscode)
  1. Adapt permissions of the public key on your remote-server. In my case: chown 1000:1000 ~/.ssh/id_ed25519.pub
  2. Add a statement into your containers Dockerfile after the USER statement in your Dockerfile to create an empty .ssh directory with the correct permissions. Otherwise it will be mounted as well and the permissions will be messed up:
...
ENV USER=vscode
USER vscode
...
RUN mkdir -m 700 ~/.ssh
  1. Add the mounts to your devcontainer.json
     "mounts": [
   {
     "type": "bind",
     "source": "${localEnv:HOME}${localEnv:USERPROFILE}/.ssh/id_ed25519.pub",
     "target": "/home/vscode/.ssh/id_ed25519.pub",
   },
   {
     "type": "bind",
     "source": "${localEnv:HOME}${localEnv:USERPROFILE}/.gitconfig",
     "target": "/home/vscode/.gitconfig",
   },
 ],


## Disclaimer
I am not an expert in devpod/devcontainers and all its configuration options (yet), so feel free to suggest better ways to achieve what I did. But this is a solution which was working well for me.

## Sources
- https://containers.dev/implementors/json_reference/
- Experimenting myself