From cffec076f2e189afbf9d3cdb59c12274c2b99368 Mon Sep 17 00:00:00 2001
From: Philipp Eder <philipp.eder@greenbone.net>
Date: Thu, 5 Sep 2024 09:37:08 +0200
Subject: [PATCH] Initial proposal of a Dev container

As more and more people are using VSCode on a non linux machine we would
like to make it easier to start developing on openvas as a whole.

With this and an extension `Dev Container` a developer can work within
an already setup environment.

Additionally it is designed so that someone on a linux machine can also
use it with Distrobox or with a direct mounted docker command.

For that the GID as well as UID can be set via build parameter for
convenience there is a Makefile creating the image with shared UID and
GID gatherred from `id`.

To build a new image for those purposes run `make build`.
---
 .devcontainer/Dockerfile             | 52 ++++++++++++++++++++++++++++
 .devcontainer/Makefile               | 19 ++++++++++
 .devcontainer/build-cmake-project.sh | 10 ++++++
 .devcontainer/build-gvm-libs         |  8 +++++
 .devcontainer/build-openvas          |  9 +++++
 .devcontainer/devcontainer.json      |  3 ++
 .devcontainer/github-clone.sh        | 38 ++++++++++++++++++++
 .devcontainer/prepare-user-dirs.sh   | 42 ++++++++++++++++++++++
 8 files changed, 181 insertions(+)
 create mode 100644 .devcontainer/Dockerfile
 create mode 100644 .devcontainer/Makefile
 create mode 100644 .devcontainer/build-cmake-project.sh
 create mode 100644 .devcontainer/build-gvm-libs
 create mode 100644 .devcontainer/build-openvas
 create mode 100644 .devcontainer/devcontainer.json
 create mode 100755 .devcontainer/github-clone.sh
 create mode 100644 .devcontainer/prepare-user-dirs.sh

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
new file mode 100644
index 000000000..d0a7a1eaf
--- /dev/null
+++ b/.devcontainer/Dockerfile
@@ -0,0 +1,52 @@
+
+FROM rust:latest
+ARG UID=1000
+ARG GID=1000
+
+RUN apt-get update && apt-get install -y sudo git rsync pipx redis-server
+# Add prepare-user-dirs.sh and execcute it
+COPY prepare-user-dirs.sh /prepare-user-dirs.sh
+COPY build-cmake-project.sh /usr/local/bin/build-cmake-project.sh
+RUN chmod +x /usr/local/bin/build-cmake-project.sh
+COPY build-openvas /usr/local/bin/build-openvas
+RUN chmod +x /usr/local/bin/build-openvas
+COPY build-gvm-libs /usr/local/bin/build-gvm-libs
+RUN chmod +x /usr/local/bin/build-gvm-libs
+COPY github-clone.sh /usr/local/bin/github-clone
+RUN chmod +x /usr/local/bin/github-clone
+
+RUN bash /prepare-user-dirs.sh && rm /prepare-user-dirs.sh
+USER user
+RUN python3 -m pipx install greenbone-feed-sync
+# installing gvm-libs and openvas-scanner
+RUN github-clone greenbone/gvm-libs 
+RUN github-clone greenbone/openvas-scanner
+RUN sudo sh /workspaces/greenbone/gvm-libs/.github/install-dependencies.sh
+RUN sudo sh /workspaces/greenbone/openvas-scanner/.github/install-openvas-dependencies.sh
+
+RUN build-gvm-libs
+RUN build-openvas
+# Currently we don't install scannerctl and openvasd as they don't have dependencies
+# that must be preloaded in order to function.
+# WORKDIR /workspaces/openvas/rust/scannerctl 
+# RUN cargo install --path .
+# WORKDIR /workspaces/openvas/rust/openvasd
+# RUN cargo install --path .
+USER redis
+RUN sed 's/redis-openvas/redis/' /workspaces/greenbone/openvas-scanner/config/redis-openvas.conf | tee /etc/redis/redis.conf
+USER user
+# We clean up the cloned repositories as they are usually mounted into the container
+RUN rm -r /workspaces/greenbone
+
+
+# RUN sudo apt-get clean && sudo rm -rf /var/lib/apt/lists/*
+
+SHELL ["/bin/bash", "-c"]
+
+RUN rustup component add rust-analyzer rust-src
+ENV PATH="/home/user/.cargo/bin:${PATH}"
+ENV PATH="/home/user/.local/bin:${PATH}"
+RUN echo "alias start_redis='redis-server /etc/redis/redis.conf'" >> /home/user/.bashrc
+ENV start_redis="redis-server /etc/redis/redis.conf"
+WORKDIR /workspaces
+CMD ["/bin/bash"]
diff --git a/.devcontainer/Makefile b/.devcontainer/Makefile
new file mode 100644
index 000000000..16ae2002b
--- /dev/null
+++ b/.devcontainer/Makefile
@@ -0,0 +1,19 @@
+# Get the UID and GID of the user those will be used within the Dockerfile to share the same id between host and container.
+UID := $(shell id -u)
+GID := $(shell id -g)
+
+.PHONY: build
+
+build:
+	docker build \
+		--build-arg UID=$(UID) \
+		--build-arg GID=$(GID) \
+		-t openvas-dev:latest \
+		.
+
+run-tmp:
+	docker run -it --rm \
+		-v $(HOME)/.ssh:/home/user/.ssh\
+		-v $(HOME)/.config:/home/user/.config\
+		-v $(HOME)/src:/home/user/src \
+		openvas-dev:latest
diff --git a/.devcontainer/build-cmake-project.sh b/.devcontainer/build-cmake-project.sh
new file mode 100644
index 000000000..7d03ec823
--- /dev/null
+++ b/.devcontainer/build-cmake-project.sh
@@ -0,0 +1,10 @@
+#/bin/sh
+[ -d "$1" ] && WORKD_DIR="$1" || (
+    echo "Usage: $0 <project-dir>"
+    exit 1
+)
+cd $WORKD_DIR
+set -ex
+cmake -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
+cmake --build build --target install
+sudo ldconfig
\ No newline at end of file
diff --git a/.devcontainer/build-gvm-libs b/.devcontainer/build-gvm-libs
new file mode 100644
index 000000000..db17c1a29
--- /dev/null
+++ b/.devcontainer/build-gvm-libs
@@ -0,0 +1,8 @@
+#!/bin/bash
+owner=${1:-greenbone}
+if [ -d "/workspaces/$owner" ]; then
+    target_dir="/workspaces/$owner/gvm-libs"
+else
+    target_dir="/workspaces/gvm-libs"
+fi
+/usr/local/bin/build-cmake-project.sh "$target_dir"
\ No newline at end of file
diff --git a/.devcontainer/build-openvas b/.devcontainer/build-openvas
new file mode 100644
index 000000000..db1feecce
--- /dev/null
+++ b/.devcontainer/build-openvas
@@ -0,0 +1,9 @@
+#!/bin/bash
+owner=${1:-greenbone}
+if [ -d "/workspaces/$owner" ]; then
+    target_dir="/workspaces/$owner/openvas-scanner"
+else
+    target_dir="/workspaces/openvas-scanner"
+fi
+
+/usr/local/bin/build-cmake-project.sh "$target_dir"
\ No newline at end of file
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
new file mode 100644
index 000000000..dae163bfb
--- /dev/null
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,3 @@
+{
+  "build": { "dockerfile": "Dockerfile" },
+}
diff --git a/.devcontainer/github-clone.sh b/.devcontainer/github-clone.sh
new file mode 100755
index 000000000..79c5beec2
--- /dev/null
+++ b/.devcontainer/github-clone.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+if [ -z "$1" ]; then
+    echo "Error: Repository name is not provided."
+    exit 1
+fi
+
+IFS='/' read -r owner repo <<< "$1"
+
+parent_dir="/workspaces"
+if [ ! -d "$parent_dir" ]; then
+    echo "Parent directory '$parent_dir' does not exist. Creating it."
+    mkdir -p "$parent_dir"
+fi
+
+owner_dir="$parent_dir/$owner"
+if [ ! -d "$owner_dir" ]; then
+    echo "Owner directory '$owner_dir' does not exist. Creating it."
+    mkdir -p "$owner_dir"
+fi
+
+target_dir="/workspaces/$1"
+
+if [ -d "$target_dir" ]; then
+    echo "Error: Target directory '$target_dir' already exists."
+    exit 1
+fi
+
+if ls id_* &>/dev/null; then
+    if git clone git@github.com:$1.git "$target_dir"; then
+        echo "Cloning with SSH URL successful."
+    else
+        echo "Warning: Cloning with SSH URL failed. Falling back to HTTPS URL."
+        git clone https://github.com/$1.git "$target_dir"
+    fi
+else
+    git clone https://github.com/$1.git "$target_dir"
+fi
\ No newline at end of file
diff --git a/.devcontainer/prepare-user-dirs.sh b/.devcontainer/prepare-user-dirs.sh
new file mode 100644
index 000000000..1b8db2d9c
--- /dev/null
+++ b/.devcontainer/prepare-user-dirs.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+# This scripts creates the dirs defined in dirs and sets the rights to the given user and id.
+# This script creates a user with a $UID as well as a group with $GID 
+# afterwards it creates set of directories, assigns ownership to a newly created user and group, and configures sudo permissions for the user.
+# This is done to allow cmake --build build --target install to work without permission issues.
+
+dirs="
+/workspaces
+/run/gvm
+/var/log/gvm
+/etc/openvas
+/var/lib/openvas
+/usr/local/lib
+/usr/local/share/man/man1/
+/usr/local/share/man/man8/
+/usr/local/include/gvm
+/usr/local/share/openvas
+/usr/local/bin
+/usr/local/sbin
+/var/lib/openvas
+/var/lib/notus
+/var/lib/gvm
+/run/redis
+"
+
+set -ex
+groupadd --gid "$GID" "developer" || true
+# for the case that the GID already existed when we tried to create developer
+# this can happen when we reuse staff from a mac os host
+group_name=$(getent group "$GID" | cut -d: -f1) 
+
+useradd --uid "$UID" --gid "$group_name" --shell /bin/bash --groups redis --create-home user
+
+for dir in ${dirs[@]}; do
+	if [ ! -d $dir ]; then
+		mkdir -p $dir
+	fi
+	chown -R user:$group_name $dir
+done
+# allow user to run sudo without password since it is intented as development 
+# container it is assumed that the user wants to install or manipulate the container
+echo "user ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user