feat: Use socat for the Docker socket if needed

features/src/browsers/NOTES.md

@@ -12,3 +12,7 @@ Needs access to the following URL for downloading and resolving:
 * https://googlechromelabs.github.io
 * https://download-installer.cdn.mozilla.net
 * https://product-details.mozilla.org
+
+### Old Chrome Versions
+
+It seems Google deletes old packages from time to time. So if you use a fixed version, make sure to keep it updated.

features/src/browsers/README.md

@@ -48,3 +48,7 @@ Needs access to the following URL for downloading and resolving:
 * https://googlechromelabs.github.io
 * https://download-installer.cdn.mozilla.net
 * https://product-details.mozilla.org
+
+### Old Chrome Versions
+
+It seems Google deletes old packages from time to time. So if you use a fixed version, make sure to keep it updated.

features/src/docker-out/README.md

@@ -6,7 +6,7 @@ Installs a Docker client which re-uses the host Docker socket.
 
 ```json
 "features": {
-    "ghcr.io/postfinance/devcontainer-features/docker-out:0.3.0": {
+    "ghcr.io/postfinance/devcontainer-features/docker-out:0.4.0": {
         "version": "latest",
         "composeVersion": "latest",
         "buildxVersion": "latest",
@@ -36,7 +36,7 @@ Installs a Docker client which re-uses the host Docker socket.
 
 ### VS Code Extensions
 
-- `ms-azuretools.vscode-docker`
+- `ms-azuretools.vscode-containers`
 
 ## Notes
 

features/src/docker-out/devcontainer-feature.json

@@ -1,6 +1,6 @@
 {
     "id": "docker-out",
-    "version": "0.3.0",
+    "version": "0.4.0",
     "name": "Docker outside Docker",
     "description": "Installs a Docker client which re-uses the host Docker socket.",
     "options": {
@@ -51,7 +51,7 @@
             "default": "",
             "description": "The download URL to use for Docker binaries."
         },
-        "versionsUrl":{
+        "versionsUrl": {
             "type": "string",
             "default": "",
             "description": "The URL to use for checking available versions."
@@ -70,14 +70,14 @@
     "customizations": {
         "vscode": {
             "extensions": [
-                "ms-azuretools.vscode-docker"
+                "ms-azuretools.vscode-containers"
             ]
         }
     },
     "mounts": [
         {
             "source": "/var/run/docker.sock",
-            "target": "/var/run/docker.sock",
+            "target": "/var/run/docker-host.sock",
             "type": "bind"
         }
     ],

features/src/docker-out/docker-init.sh.tmpl

@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+set -e
+
+# Wrapper function to only use sudo if not already root
+sudoIf() {
+    if [ "$(id -u)" -ne 0 ]; then
+        sudo "$@"
+    else
+        "$@"
+    fi
+}
+
+# Source socket (socket on the host)
+SOURCE_SOCKET="${SOURCE_SOCKET:-"/var/run/docker-host.sock"}"
+# Target socket (socket in the container)
+TARGET_SOCKET="${TARGET_SOCKET:-"/var/run/docker.sock"}"
+
+# Determine the correct user
+USERNAME="{{ .User }}"
+if [ "${USERNAME}" = "" ]; then
+  USERNAME=$(awk -v val=1000 -F ":" '$3==val{print $1}' /etc/passwd)
+fi
+
+echo "Initializing Docker socket permissions for user ${USERNAME}."
+
+# Check if the docker group exists
+if ! getent group docker > /dev/null 2>&1; then
+  # Create the docker group
+  echo "Adding missing docker group"
+  sudoIf groupadd --system docker
+fi
+
+# Add the user to the docker group
+sudoIf usermod -a -G docker $USERNAME
+
+# By default, make the source and target sockets the same
+if [ "${SOURCE_SOCKET}" != "${TARGET_SOCKET}" ]; then
+    sudoIf touch "${SOURCE_SOCKET}"
+    sudoIf ln -s "${SOURCE_SOCKET}" "${TARGET_SOCKET}"
+fi
+
+# Get the id of the docker group
+DOCKER_GID=$(getent group docker | cut -d: -f3)
+
+# Find the GID of the source socket
+SOCKET_GID=$(stat -c '%g' ${SOURCE_SOCKET})
+
+# If the group ids don't match, we need to adjust
+if [ "$DOCKER_GID" = "$SOCKET_GID" ]; then
+  echo "Docker group GID matches socket GID ($DOCKER_GID), no changes needed."
+else
+  # Find an existing group with the same GID as the source socket
+  EXISTING_GROUP=$(getent group $SOCKET_GID | cut -d: -f1)
+  # If no group is found, just adjust the docker group to match the socket GID
+  if [ -z "$EXISTING_GROUP" ]; then
+    echo "Adjusting docker group GID ($DOCKER_GID) to match socket GID ($SOCKET_GID)."
+    sudoIf groupmod -g $SOCKET_GID docker
+  else
+    # Use socat
+    echo "Using socat to bridge socket from GID $SOCKET_GID to docker GID $DOCKER_GID."
+    sudoIf rm -rf ${TARGET_SOCKET}
+    # Check if socat is installed
+    if command -v socat > /dev/null 2>&1; then
+      echo "socat is already installed."
+    else
+      echo "socat is not installed. Installing socat."
+      if command -v apt-get > /dev/null 2>&1; then
+        # Apt-based
+        sudoIf apt-get update && sudoIf apt-get install -y socat
+      elif command -v apk > /dev/null 2>&1; then
+        # Apk-based
+        sudoIf apk add socat
+      else
+        echo "Error: socat is required but could not be installed. Please install socat manually."
+        exit 1
+      fi
+    fi
+    # Create the socat bridge
+    sudoIf socat UNIX-CONNECT:${SOURCE_SOCKET} UNIX-LISTEN:${TARGET_SOCKET},fork,user=${USERNAME},group=docker,mode=660
+  fi
+fi
+
+# Execute whatever commands were passed in (if any). This allows us
+# to set this script to ENTRYPOINT while still executing the default CMD.
+set +e
+exec "$@"

features/src/docker-out/installer.go

@@ -2,13 +2,15 @@ package main
 
 import (
 	"builder/installer"
+	"bytes"
 	"flag"
 	"fmt"
 	"os"
 	"os/user"
 	"path/filepath"
 	"regexp"
 	"strconv"
+	"text/template"
 
 	"github.com/roemer/gotaskr/execr"
 	"github.com/roemer/gover"
@@ -138,8 +140,22 @@ func (c *dockerCliComponent) InstallVersion(version *gover.Version) error {
 		return err
 	}
 
-	// Copy the startup file
-	if err := execr.Run(true, "cp", "-prf", "docker-init.sh", "/usr/local/share/docker-init.sh"); err != nil {
+	// Generate the startup script
+	t1, err := template.New("docker-init.sh.tmpl").ParseFiles("./docker-init.sh.tmpl")
+	if err != nil {
+		return err
+	}
+	data := struct {
+		User string
+	}{
+		User: os.Getenv("_REMOTE_USER"),
+	}
+	var buf bytes.Buffer
+	if err := t1.Execute(&buf, data); err != nil {
+		return err
+	}
+	content := buf.String()
+	if err := os.WriteFile("/usr/local/share/docker-init.sh", []byte(content), os.ModePerm); err != nil {
 		return err
 	}
 	// Copy the default config.json

features/test/browsers/chrome-testing.sh

@@ -4,7 +4,7 @@ set -e
 [[ -f "$(dirname "$0")/../functions.sh" ]] && source "$(dirname "$0")/../functions.sh"
 [[ -f "$(dirname "$0")/functions.sh" ]] && source "$(dirname "$0")/functions.sh"
 
-check_version "$(chrome --version)" "Google Chrome for Testing 130.0.6723.69"
+check_version "$(chrome --version)" "Google Chrome for Testing 142.0.7444.162"
 
 check_command_not_exists "google-chrome"
 check_command_not_exists "firefox"

features/test/browsers/chrome.sh

@@ -4,7 +4,7 @@ set -e
 [[ -f "$(dirname "$0")/../functions.sh" ]] && source "$(dirname "$0")/../functions.sh"
 [[ -f "$(dirname "$0")/functions.sh" ]] && source "$(dirname "$0")/functions.sh"
 
-check_version "$(google-chrome --version)" "Google Chrome 130.0.6723.69"
+check_version "$(google-chrome --version)" "Google Chrome 142.0.7444.162"
 
 check_command_not_exists "chrome"
 check_command_not_exists "firefox"

features/test/browsers/scenarios.json

@@ -8,7 +8,7 @@
         },
         "features": {
             "./browsers": {
-                "chromeVersion": "130.0.6723.69",
+                "chromeVersion": "142.0.7444.162",
                 "useChromeForTesting": "false",
                 "firefoxVersion": "none"
             }
@@ -23,7 +23,7 @@
         },
         "features": {
             "./browsers": {
-                "chromeVersion": "130.0.6723.69",
+                "chromeVersion": "142.0.7444.162",
                 "useChromeForTesting": "true",
                 "firefoxVersion": "none"
             }