From b07b40b3464f44e86d2dd5ea8282cdf1c8996b2e Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Tue, 5 Dec 2023 01:02:57 -0800 Subject: [PATCH] chore: revert nix dogfood image (#11022) The nix image isn't used because it doesn't work, and we haven't been updating our "pre-nix" tag since the changes were made. Reverts back to being a regular Dockerfile. --- .devcontainer/devcontainer.json | 2 +- .github/workflows/dogfood.yaml | 26 +- dogfood/Dockerfile | 348 ++++++++++++++++++ dogfood/Makefile | 10 + .../files/etc/apt/apt.conf.d/80-no-recommends | 6 + dogfood/files/etc/apt/apt.conf.d/80-retries | 1 + dogfood/files/etc/apt/preferences.d/docker | 19 + .../files/etc/apt/preferences.d/github-cli | 8 + .../files/etc/apt/preferences.d/google-chrome | 16 + .../files/etc/apt/preferences.d/google-cloud | 19 + dogfood/files/etc/apt/preferences.d/hashicorp | 14 + .../etc/apt/preferences.d/microsoft-edge | 12 + .../files/etc/apt/preferences.d/nodesource | 9 + dogfood/files/etc/apt/preferences.d/ppa | 19 + dogfood/files/etc/apt/preferences.d/yarnpkg | 9 + dogfood/files/etc/apt/sources.list | 3 + .../files/etc/apt/sources.list.d/docker.list | 1 + .../etc/apt/sources.list.d/google-chrome.list | 1 + .../etc/apt/sources.list.d/google-cloud.list | 1 + .../etc/apt/sources.list.d/hashicorp.list | 1 + .../apt/sources.list.d/microsoft-edge.list | 1 + .../etc/apt/sources.list.d/nodesource.list | 1 + .../etc/apt/sources.list.d/postgresql.list | 1 + dogfood/files/etc/apt/sources.list.d/ppa.list | 2 + .../etc/apt/sources.list.d/security.list | 1 + .../files/etc/apt/sources.list.d/yarnpkg.list | 1 + dogfood/files/etc/default/google-chrome | 4 + dogfood/files/etc/default/microsoft-edge-beta | 4 + dogfood/files/etc/docker/daemon.json | 3 + dogfood/files/etc/sudoers.d/nopasswd | 1 + dogfood/files/usr/share/keyrings/ansible.gpg | Bin 0 -> 1132 bytes dogfood/files/usr/share/keyrings/docker.gpg | Bin 0 -> 2760 bytes .../files/usr/share/keyrings/github-cli.gpg | Bin 0 -> 2270 bytes .../usr/share/keyrings/google-chrome.gpg | Bin 0 -> 10640 bytes .../files/usr/share/keyrings/google-cloud.gpg | Bin 0 -> 1210 bytes .../files/usr/share/keyrings/hashicorp.gpg | Bin 0 -> 2879 bytes .../files/usr/share/keyrings/microsoft.gpg | Bin 0 -> 641 bytes dogfood/files/usr/share/keyrings/neovim.gpg | Bin 0 -> 1134 bytes .../files/usr/share/keyrings/nodesource.gpg | Bin 0 -> 2206 bytes .../files/usr/share/keyrings/postgresql.gpg | Bin 0 -> 3494 bytes dogfood/files/usr/share/keyrings/yarnpkg.gpg | Bin 0 -> 10365 bytes dogfood/main.tf | 8 +- dogfood/update-keys.sh | 62 ++++ flake.nix | 159 -------- 44 files changed, 594 insertions(+), 179 deletions(-) create mode 100644 dogfood/Dockerfile create mode 100644 dogfood/Makefile create mode 100644 dogfood/files/etc/apt/apt.conf.d/80-no-recommends create mode 100644 dogfood/files/etc/apt/apt.conf.d/80-retries create mode 100644 dogfood/files/etc/apt/preferences.d/docker create mode 100644 dogfood/files/etc/apt/preferences.d/github-cli create mode 100644 dogfood/files/etc/apt/preferences.d/google-chrome create mode 100644 dogfood/files/etc/apt/preferences.d/google-cloud create mode 100644 dogfood/files/etc/apt/preferences.d/hashicorp create mode 100644 dogfood/files/etc/apt/preferences.d/microsoft-edge create mode 100644 dogfood/files/etc/apt/preferences.d/nodesource create mode 100644 dogfood/files/etc/apt/preferences.d/ppa create mode 100644 dogfood/files/etc/apt/preferences.d/yarnpkg create mode 100644 dogfood/files/etc/apt/sources.list create mode 100644 dogfood/files/etc/apt/sources.list.d/docker.list create mode 100644 dogfood/files/etc/apt/sources.list.d/google-chrome.list create mode 100644 dogfood/files/etc/apt/sources.list.d/google-cloud.list create mode 100644 dogfood/files/etc/apt/sources.list.d/hashicorp.list create mode 100644 dogfood/files/etc/apt/sources.list.d/microsoft-edge.list create mode 100644 dogfood/files/etc/apt/sources.list.d/nodesource.list create mode 100644 dogfood/files/etc/apt/sources.list.d/postgresql.list create mode 100644 dogfood/files/etc/apt/sources.list.d/ppa.list create mode 100644 dogfood/files/etc/apt/sources.list.d/security.list create mode 100644 dogfood/files/etc/apt/sources.list.d/yarnpkg.list create mode 100644 dogfood/files/etc/default/google-chrome create mode 100644 dogfood/files/etc/default/microsoft-edge-beta create mode 100644 dogfood/files/etc/docker/daemon.json create mode 100644 dogfood/files/etc/sudoers.d/nopasswd create mode 100644 dogfood/files/usr/share/keyrings/ansible.gpg create mode 100644 dogfood/files/usr/share/keyrings/docker.gpg create mode 100644 dogfood/files/usr/share/keyrings/github-cli.gpg create mode 100644 dogfood/files/usr/share/keyrings/google-chrome.gpg create mode 100644 dogfood/files/usr/share/keyrings/google-cloud.gpg create mode 100644 dogfood/files/usr/share/keyrings/hashicorp.gpg create mode 100644 dogfood/files/usr/share/keyrings/microsoft.gpg create mode 100644 dogfood/files/usr/share/keyrings/neovim.gpg create mode 100644 dogfood/files/usr/share/keyrings/nodesource.gpg create mode 100644 dogfood/files/usr/share/keyrings/postgresql.gpg create mode 100644 dogfood/files/usr/share/keyrings/yarnpkg.gpg create mode 100755 dogfood/update-keys.sh diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index a65c411ceb..1464c029a3 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "Development environments on your infrastructure", - "image": "codercom/oss-dogfood:pre-nix", + "image": "codercom/oss-dogfood:latest", "features": { // See all possible options here https://github.com/devcontainers/features/tree/main/src/docker-in-docker diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml index f90531e031..99b49033bc 100644 --- a/.github/workflows/dogfood.yaml +++ b/.github/workflows/dogfood.yaml @@ -5,15 +5,11 @@ on: branches: - main paths: - - "flake.nix" - - "flake.lock" - "dogfood/**" - ".github/workflows/dogfood.yaml" # Uncomment these lines when testing with CI. # pull_request: # paths: - # - "flake.nix" - # - "flake.lock" # - "dogfood/**" # - ".github/workflows/dogfood.yaml" workflow_dispatch: @@ -37,13 +33,8 @@ jobs: tag=${tag//\//--} echo "tag=${tag}" >> $GITHUB_OUTPUT - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v8 - - - name: Run the Magic Nix Cache - uses: DeterminateSystems/magic-nix-cache-action@v2 - - - run: nix build .#devEnvImage && ./result | docker load + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 - name: Login to DockerHub uses: docker/login-action@v3 @@ -51,10 +42,15 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: Tag and Push - run: | - docker tag codercom/oss-dogfood:latest codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }} - docker push codercom/oss-dogfood -a + - name: Build and push + uses: docker/build-push-action@v4 + with: + context: "{{defaultContext}}:dogfood" + pull: true + push: true + tags: "codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood:latest" + cache-from: type=registry,ref=codercom/oss-dogfood:latest + cache-to: type=inline deploy_template: needs: deploy_image diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile new file mode 100644 index 0000000000..17774d53da --- /dev/null +++ b/dogfood/Dockerfile @@ -0,0 +1,348 @@ +FROM rust:slim AS rust-utils +# Install rust helper programs +# ENV CARGO_NET_GIT_FETCH_WITH_CLI=true +ENV CARGO_INSTALL_ROOT=/tmp/ +RUN cargo install exa bat ripgrep typos-cli watchexec-cli + +FROM ubuntu:jammy AS go + +RUN apt-get update && apt-get install --yes curl gcc +# Install Go manually, so that we can control the version +ARG GO_VERSION=1.21.4 +RUN mkdir --parents /usr/local/go + +# Boring Go is needed to build FIPS-compliant binaries. +RUN curl --silent --show-error --location \ + "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \ + -o /usr/local/go.tar.gz + +RUN tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 + +ENV PATH=$PATH:/usr/local/go/bin + +# Install Go utilities. +ARG GOPATH="/tmp/" +RUN mkdir --parents "$GOPATH" && \ + # moq for Go tests. + go install github.com/matryer/moq@v0.2.3 && \ + # swag for Swagger doc generation + go install github.com/swaggo/swag/cmd/swag@v1.7.4 && \ + # go-swagger tool to generate the go coder api client + go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 && \ + # goimports for updating imports + go install golang.org/x/tools/cmd/goimports@v0.1.7 && \ + # protoc-gen-go is needed to build sysbox from source + go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.30 && \ + # drpc support for v2 + go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.33 && \ + # migrate for migration support for v2 + go install github.com/golang-migrate/migrate/v4/cmd/migrate@v4.15.1 && \ + # goreleaser for compiling v2 binaries + go install github.com/goreleaser/goreleaser@v1.6.1 && \ + # Install the latest version of gopls for editors that support + # the language server protocol + go install golang.org/x/tools/gopls@latest && \ + # gotestsum makes test output more readable + go install gotest.tools/gotestsum@v1.9.0 && \ + # goveralls collects code coverage metrics from tests + # and sends to Coveralls + go install github.com/mattn/goveralls@v0.0.11 && \ + # kind for running Kubernetes-in-Docker, needed for tests + go install sigs.k8s.io/kind@v0.10.0 && \ + # helm-docs generates our Helm README based on a template and the + # charts and values files + go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.5.0 && \ + # sqlc for Go code generation + go install github.com/sqlc-dev/sqlc/cmd/sqlc@v1.20.0 && \ + # gcr-cleaner-cli used by CI to prune unused images + go install github.com/sethvargo/gcr-cleaner/cmd/gcr-cleaner-cli@v0.5.1 && \ + # ruleguard for checking custom rules, without needing to run all of + # golangci-lint. Check the go.mod in the release of golangci-lint that + # we're using for the version of go-critic that it embeds, then check + # the version of ruleguard in go-critic for that tag. + go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@v0.3.13 && \ + # go-fuzz for fuzzy testing. they don't publish releases so we rely on latest. + go install github.com/dvyukov/go-fuzz/go-fuzz@latest && \ + go install github.com/dvyukov/go-fuzz/go-fuzz-build@latest && \ + # go-releaser for building 'fat binaries' that work cross-platform + go install github.com/goreleaser/goreleaser@v1.6.1 && \ + go install mvdan.cc/sh/v3/cmd/shfmt@latest && \ + # nfpm is used with `make build` to make release packages + go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.16.0 && \ + # yq v4 is used to process yaml files in coder v2. Conflicts with + # yq v3 used in v1. + go install github.com/mikefarah/yq/v4@v4.30.6 && \ + mv /tmp/bin/yq /tmp/bin/yq4 && \ + go install github.com/golang/mock/mockgen@v1.6.0 + +FROM gcr.io/coder-dev-1/alpine:3.18 as proto +WORKDIR /tmp +RUN apk add curl unzip +RUN curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip +RUN unzip protoc.zip + +FROM ubuntu:jammy + +SHELL ["/bin/bash", "-c"] + +# Updated certificates are necessary to use the teraswitch mirror. +# This must be ran before copying in configuration since the config replaces +# the default mirror with teraswitch. +RUN apt-get update && apt-get install --yes ca-certificates + +COPY files / + +# Install packages from apt repositories +ARG DEBIAN_FRONTEND="noninteractive" + +RUN apt-get update --quiet && apt-get install --yes \ + apt-transport-https \ + apt-utils \ + bash \ + bash-completion \ + bats \ + bind9-dnsutils \ + build-essential \ + ca-certificates \ + cmake \ + crypto-policies \ + curl \ + fd-find \ + file \ + git \ + gnupg \ + graphviz \ + htop \ + httpie \ + inetutils-tools \ + iproute2 \ + iputils-ping \ + iputils-tracepath \ + jq \ + language-pack-en \ + less \ + lsb-release \ + man \ + meld \ + net-tools \ + openjdk-11-jdk-headless \ + openssh-server \ + openssl \ + libssl-dev \ + pkg-config \ + python3 \ + python3-pip \ + rsync \ + shellcheck \ + strace \ + sudo \ + tcptraceroute \ + termshark \ + traceroute \ + vim \ + wget \ + xauth \ + zip \ + ncdu \ + cargo \ + asciinema \ + zsh \ + ansible \ + neovim \ + google-cloud-sdk \ + google-cloud-sdk-datastore-emulator \ + kubectl \ + postgresql-13 \ + containerd.io \ + docker-ce \ + docker-ce-cli \ + docker-compose-plugin \ + packer \ + terraform \ + fish \ + unzip \ + zstd \ + screen \ + gettext-base && \ + # Delete package cache to avoid consuming space in layer + apt-get clean && \ + # Configure FIPS-compliant policies + update-crypto-policies --set FIPS + +# Install the docker buildx component. +RUN DOCKER_BUILDX_VERSION=$(curl -s "https://api.github.com/repos/docker/buildx/releases/latest" | grep '"tag_name":' | sed -E 's/.*"(v[^"]+)".*/\1/') && \ + mkdir -p /usr/local/lib/docker/cli-plugins && \ + curl -Lo /usr/local/lib/docker/cli-plugins/docker-buildx "https://github.com/docker/buildx/releases/download/${DOCKER_BUILDX_VERSION}/buildx-${DOCKER_BUILDX_VERSION}.linux-amd64" && \ + chmod a+x /usr/local/lib/docker/cli-plugins/docker-buildx + +# See https://github.com/cli/cli/issues/6175#issuecomment-1235984381 for proof +# the apt repository is unreliable +RUN GH_CLI_VERSION=$(curl -s "https://api.github.com/repos/cli/cli/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \ + curl -L https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.deb -o gh.deb && \ + dpkg -i gh.deb && \ + rm gh.deb + +# Install Lazygit +# See https://github.com/jesseduffield/lazygit#ubuntu +RUN LAZYGIT_VERSION=$(curl -s "https://api.github.com/repos/jesseduffield/lazygit/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v*([^"]+)".*/\1/') && \ + curl -Lo lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LAZYGIT_VERSION}_Linux_x86_64.tar.gz" && \ + tar xf lazygit.tar.gz -C /usr/local/bin lazygit + +# Install frontend utilities +RUN apt-get update && \ + # Node.js (from nodesource) and Yarn (from yarnpkg) + curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - &&\ + apt-get install --yes --quiet \ + nodejs yarn \ + # Install browsers for e2e testing + google-chrome-stable microsoft-edge-beta && \ + # Pre-install system dependencies that Playwright needs. npx doesn't work here + # for some reason. See https://github.com/microsoft/playwright-cli/issues/136 + npm i -g playwright@1.36.2 pnpm@^8 && playwright install-deps && \ + npm cache clean --force + +# Ensure PostgreSQL binaries are in the users $PATH. +RUN update-alternatives --install /usr/local/bin/initdb initdb /usr/lib/postgresql/13/bin/initdb 100 && \ + update-alternatives --install /usr/local/bin/postgres postgres /usr/lib/postgresql/13/bin/postgres 100 + +# Create links for injected dependencies +RUN ln --symbolic /var/tmp/coder/coder-cli/coder /usr/local/bin/coder && \ + ln --symbolic /var/tmp/coder/code-server/bin/code-server /usr/local/bin/code-server + +# Disable the PostgreSQL systemd service. +# Coder uses a custom timescale container to test the database instead. +RUN systemctl disable \ + postgresql + +# Configure systemd services for CVMs +RUN systemctl enable \ + docker \ + ssh + +# Install tools with published releases, where that is the +# preferred/recommended installation method. +ARG CLOUD_SQL_PROXY_VERSION=2.2.0 \ + DIVE_VERSION=0.10.0 \ + DOCKER_GCR_VERSION=2.1.8 \ + GOLANGCI_LINT_VERSION=1.52.2 \ + GRYPE_VERSION=0.61.1 \ + HELM_VERSION=3.12.0 \ + KUBE_LINTER_VERSION=0.6.3 \ + KUBECTX_VERSION=0.9.4 \ + STRIPE_VERSION=1.14.5 \ + TERRAGRUNT_VERSION=0.45.11 \ + TRIVY_VERSION=0.41.0 + +# cloud_sql_proxy, for connecting to cloudsql instances +# the upstream go.mod prevents this from being installed with go install +RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud-sql-proxy.linux.amd64" && \ + chmod a=rx /usr/local/bin/cloud_sql_proxy && \ + # dive for scanning image layer utilization metrics in CI + curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- dive && \ + # docker-credential-gcr is a Docker credential helper for pushing/pulling + # images from Google Container Registry and Artifact Registry + curl --silent --show-error --location "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${DOCKER_GCR_VERSION}/docker-credential-gcr_linux_amd64-${DOCKER_GCR_VERSION}.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- docker-credential-gcr && \ + # golangci-lint performs static code analysis for our Go code + curl --silent --show-error --location "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" && \ + # Anchore Grype for scanning container images for security issues + curl --silent --show-error --location "https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- grype && \ + # Helm is necessary for deploying Coder + curl --silent --show-error --location "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \ + # kube-linter for linting Kubernetes objects, including those + # that Helm generates from our charts + curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux" --output /usr/local/bin/kube-linter && \ + # kubens and kubectx for managing Kubernetes namespaces and contexts + curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \ + curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubens_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- kubens && \ + # stripe for coder.com billing API + curl --silent --show-error --location "https://github.com/stripe/stripe-cli/releases/download/v${STRIPE_VERSION}/stripe_${STRIPE_VERSION}_linux_x86_64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- stripe && \ + # terragrunt for running Terraform and Terragrunt files + curl --silent --show-error --location --output /usr/local/bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" && \ + chmod a=rx /usr/local/bin/terragrunt && \ + # AquaSec Trivy for scanning container images for security issues + curl --silent --show-error --location "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- trivy + +# Add Vercel globally. We can't install it in packages.json, because it +# includes Go files which make golangci-lint unhappy. +RUN yarn global add --prefix=/usr/local \ + vercel \ + typescript \ + typescript-language-server \ + prettier && \ + yarn cache clean + +# We use yq during "make deploy" to manually substitute out fields in +# our helm values.yaml file. See https://github.com/helm/helm/issues/3141 +# +# TODO: update to 4.x, we can't do this now because it included breaking +# changes (yq w doesn't work anymore) +# RUN curl --silent --show-error --location "https://github.com/mikefarah/yq/releases/download/v4.9.0/yq_linux_amd64.tar.gz" | \ +# tar --extract --gzip --directory=/usr/local/bin --file=- ./yq_linux_amd64 && \ +# mv /usr/local/bin/yq_linux_amd64 /usr/local/bin/yq + +RUN curl --silent --show-error --location --output /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64" && \ + chmod a=rx /usr/local/bin/yq + +# Install GoLand. +RUN mkdir --parents /usr/local/goland && \ + curl --silent --show-error --location "https://download.jetbrains.com/go/goland-2021.2.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/goland --file=- --strip-components=1 && \ + ln --symbolic /usr/local/goland/bin/goland.sh /usr/local/bin/goland + +# Install Antlrv4, needed to generate paramlang lexer/parser +RUN curl --silent --show-error --location --output /usr/local/lib/antlr-4.9.2-complete.jar "https://www.antlr.org/download/antlr-4.9.2-complete.jar" +ENV CLASSPATH="/usr/local/lib/antlr-4.9.2-complete.jar:${PATH}" + +# Add coder user and allow use of docker/sudo +RUN useradd coder \ + --create-home \ + --shell=/bin/bash \ + --groups=docker \ + --uid=1000 \ + --user-group + +# Adjust OpenSSH config +RUN echo "PermitUserEnvironment yes" >>/etc/ssh/sshd_config && \ + echo "X11Forwarding yes" >>/etc/ssh/sshd_config && \ + echo "X11UseLocalhost no" >>/etc/ssh/sshd_config + +# We avoid copying the extracted directory since COPY slows to minutes when there +# are a lot of small files. +COPY --from=go /usr/local/go.tar.gz /usr/local/go.tar.gz +RUN mkdir /usr/local/go && \ + tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 + +ENV PATH=$PATH:/usr/local/go/bin + +RUN update-alternatives --install /usr/local/bin/gofmt gofmt /usr/local/go/bin/gofmt 100 + +COPY --from=go /tmp/bin /usr/local/bin +COPY --from=rust-utils /tmp/bin /usr/local/bin +COPY --from=proto /tmp/bin /usr/local/bin +COPY --from=proto /tmp/include /usr/local/bin/include + +USER coder + +# Ensure go bins are in the 'coder' user's path. Note that no go bins are +# installed in this docker file, as they'd be mounted over by the persistent +# home volume. +ENV PATH="/home/coder/go/bin:${PATH}" + +# This setting prevents Go from using the public checksum database for +# our module path prefixes. It is required because these are in private +# repositories that require authentication. +# +# For details, see: https://golang.org/ref/mod#private-modules +ENV GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" + +# Increase memory allocation to NodeJS +ENV NODE_OPTIONS="--max-old-space-size=8192" diff --git a/dogfood/Makefile b/dogfood/Makefile new file mode 100644 index 0000000000..061530f50d --- /dev/null +++ b/dogfood/Makefile @@ -0,0 +1,10 @@ +.PHONY: docker-build docker-push + +branch=$(shell git rev-parse --abbrev-ref HEAD) +build_tag=codercom/oss-dogfood:${branch} + +build: + DOCKER_BUILDKIT=1 docker build . -t ${build_tag} + +push: build + docker push ${build_tag} diff --git a/dogfood/files/etc/apt/apt.conf.d/80-no-recommends b/dogfood/files/etc/apt/apt.conf.d/80-no-recommends new file mode 100644 index 0000000000..8cb79c9638 --- /dev/null +++ b/dogfood/files/etc/apt/apt.conf.d/80-no-recommends @@ -0,0 +1,6 @@ +// Do not install recommended packages by default +APT::Install-Recommends "0"; + +// Do not install suggested packages by default (this is already +// the Ubuntu default) +APT::Install-Suggests "0"; diff --git a/dogfood/files/etc/apt/apt.conf.d/80-retries b/dogfood/files/etc/apt/apt.conf.d/80-retries new file mode 100644 index 0000000000..d7ee518525 --- /dev/null +++ b/dogfood/files/etc/apt/apt.conf.d/80-retries @@ -0,0 +1 @@ +APT::Acquire::Retries "3"; diff --git a/dogfood/files/etc/apt/preferences.d/docker b/dogfood/files/etc/apt/preferences.d/docker new file mode 100644 index 0000000000..a92c0abb03 --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/docker @@ -0,0 +1,19 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin download.docker.com +Pin-Priority: 1 + +# Docker Community Edition +Package: docker-ce +Pin: origin download.docker.com +Pin-Priority: 500 + +# Docker command-line tool +Package: docker-ce-cli +Pin: origin download.docker.com +Pin-Priority: 500 + +# containerd runtime +Package: containerd.io +Pin: origin download.docker.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/github-cli b/dogfood/files/etc/apt/preferences.d/github-cli new file mode 100644 index 0000000000..d2dce9f5f3 --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/github-cli @@ -0,0 +1,8 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin cli.github.com +Pin-Priority: 1 + +Package: gh +Pin: origin cli.github.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/google-chrome b/dogfood/files/etc/apt/preferences.d/google-chrome new file mode 100644 index 0000000000..4551ec390f --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/google-chrome @@ -0,0 +1,16 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin dl.google.com +Pin-Priority: 1 + +Package: google-chrome-stable +Pin: origin dl.google.com +Pin-Priority: 500 + +Package: google-chrome-beta +Pin: origin dl.google.com +Pin-Priority: 500 + +Package: google-chrome-unstable +Pin: origin dl.google.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/google-cloud b/dogfood/files/etc/apt/preferences.d/google-cloud new file mode 100644 index 0000000000..637b0e9bb3 --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/google-cloud @@ -0,0 +1,19 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin packages.cloud.google.com +Pin-Priority: 1 + +# Google Cloud SDK for gcloud and gsutil CLI tools +Package: google-cloud-sdk +Pin: origin packages.cloud.google.com +Pin-Priority: 500 + +# Datastore emulator for working with the licensor +Package: google-cloud-sdk-datastore-emulator +Pin: origin packages.cloud.google.com +Pin-Priority: 500 + +# Kubectl for working with Kubernetes (GKE) +Package: kubectl +Pin: origin packages.cloud.google.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/hashicorp b/dogfood/files/etc/apt/preferences.d/hashicorp new file mode 100644 index 0000000000..4323f331cc --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/hashicorp @@ -0,0 +1,14 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin apt.releases.hashicorp.com +Pin-Priority: 1 + +# Packer for creating virtual machine disk images +Package: packer +Pin: origin apt.releases.hashicorp.com +Pin-Priority: 500 + +# Terraform for managing infrastructure +Package: terraform +Pin: origin apt.releases.hashicorp.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/microsoft-edge b/dogfood/files/etc/apt/preferences.d/microsoft-edge new file mode 100644 index 0000000000..2441961ada --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/microsoft-edge @@ -0,0 +1,12 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin packages.microsoft.com +Pin-Priority: 1 + +Package: microsoft-edge-beta +Pin: origin packages.microsoft.com +Pin-Priority: 500 + +Package: microsoft-edge-dev +Pin: origin packages.microsoft.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/nodesource b/dogfood/files/etc/apt/preferences.d/nodesource new file mode 100644 index 0000000000..de55d55534 --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/nodesource @@ -0,0 +1,9 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin deb.nodesource.com +Pin-Priority: 1 + +# Node.js for building the frontend +Package: nodejs +Pin: origin deb.nodesource.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/ppa b/dogfood/files/etc/apt/preferences.d/ppa new file mode 100644 index 0000000000..1dc9da8f9f --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/ppa @@ -0,0 +1,19 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin ppa.launchpad.net +Pin-Priority: 1 + +# Ansible +Package: ansible-base +Pin: origin ppa.launchpad.net +Pin-Priority: 500 + +# Neovim +Package: neovim +Pin: origin ppa.launchpad.net +Pin-Priority: 500 + +# Neovim Runtime +Package: neovim-runtime +Pin: origin ppa.launchpad.net +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/yarnpkg b/dogfood/files/etc/apt/preferences.d/yarnpkg new file mode 100644 index 0000000000..7237fcad5c --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/yarnpkg @@ -0,0 +1,9 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin dl.yarnpkg.com +Pin-Priority: 1 + +# Yarn for managing Node.js packages +Package: yarn +Pin: origin dl.yarnpkg.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/sources.list b/dogfood/files/etc/apt/sources.list new file mode 100644 index 0000000000..745bcefcf2 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list @@ -0,0 +1,3 @@ +deb https://mirror.pit.teraswitch.com/ubuntu/ jammy main restricted universe +deb https://mirror.pit.teraswitch.com/ubuntu/ jammy-updates main restricted universe +deb https://mirror.pit.teraswitch.com/ubuntu/ jammy-backports main restricted universe diff --git a/dogfood/files/etc/apt/sources.list.d/docker.list b/dogfood/files/etc/apt/sources.list.d/docker.list new file mode 100644 index 0000000000..f00cada1ad --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/docker.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable diff --git a/dogfood/files/etc/apt/sources.list.d/google-chrome.list b/dogfood/files/etc/apt/sources.list.d/google-chrome.list new file mode 100644 index 0000000000..8dd71926f2 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/google-chrome.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/google-chrome.gpg] https://dl.google.com/linux/chrome/deb/ stable main diff --git a/dogfood/files/etc/apt/sources.list.d/google-cloud.list b/dogfood/files/etc/apt/sources.list.d/google-cloud.list new file mode 100644 index 0000000000..24df98effe --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/google-cloud.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/google-cloud.gpg] https://packages.cloud.google.com/apt cloud-sdk main diff --git a/dogfood/files/etc/apt/sources.list.d/hashicorp.list b/dogfood/files/etc/apt/sources.list.d/hashicorp.list new file mode 100644 index 0000000000..6e60053905 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/hashicorp.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com jammy main diff --git a/dogfood/files/etc/apt/sources.list.d/microsoft-edge.list b/dogfood/files/etc/apt/sources.list.d/microsoft-edge.list new file mode 100644 index 0000000000..f0c036f79a --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/microsoft-edge.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge stable main diff --git a/dogfood/files/etc/apt/sources.list.d/nodesource.list b/dogfood/files/etc/apt/sources.list.d/nodesource.list new file mode 100644 index 0000000000..a328c2c3c4 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/nodesource.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_16.x jammy main diff --git a/dogfood/files/etc/apt/sources.list.d/postgresql.list b/dogfood/files/etc/apt/sources.list.d/postgresql.list new file mode 100644 index 0000000000..10262f3e64 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/postgresql.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/postgresql.gpg] https://apt.postgresql.org/pub/repos/apt jammy-pgdg main diff --git a/dogfood/files/etc/apt/sources.list.d/ppa.list b/dogfood/files/etc/apt/sources.list.d/ppa.list new file mode 100644 index 0000000000..e817c20915 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/ppa.list @@ -0,0 +1,2 @@ +deb [signed-by=/usr/share/keyrings/ansible.gpg] https://ppa.launchpadcontent.net/ansible/ansible/ubuntu focal main +deb [signed-by=/usr/share/keyrings/neovim.gpg] https://ppa.launchpadcontent.net/neovim-ppa/stable/ubuntu focal main diff --git a/dogfood/files/etc/apt/sources.list.d/security.list b/dogfood/files/etc/apt/sources.list.d/security.list new file mode 100644 index 0000000000..1f3dae8d09 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/security.list @@ -0,0 +1 @@ +deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted universe diff --git a/dogfood/files/etc/apt/sources.list.d/yarnpkg.list b/dogfood/files/etc/apt/sources.list.d/yarnpkg.list new file mode 100644 index 0000000000..ada8a06f7b --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/yarnpkg.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/yarnpkg.gpg] https://dl.yarnpkg.com/debian/ stable main diff --git a/dogfood/files/etc/default/google-chrome b/dogfood/files/etc/default/google-chrome new file mode 100644 index 0000000000..8620a60543 --- /dev/null +++ b/dogfood/files/etc/default/google-chrome @@ -0,0 +1,4 @@ +# These settings are required to prevent the postinst script +# from modifying /etc/apt/sources.list.d +repo_add_once="false" +repo_reenable_on_distupgrade="false" diff --git a/dogfood/files/etc/default/microsoft-edge-beta b/dogfood/files/etc/default/microsoft-edge-beta new file mode 100644 index 0000000000..8620a60543 --- /dev/null +++ b/dogfood/files/etc/default/microsoft-edge-beta @@ -0,0 +1,4 @@ +# These settings are required to prevent the postinst script +# from modifying /etc/apt/sources.list.d +repo_add_once="false" +repo_reenable_on_distupgrade="false" diff --git a/dogfood/files/etc/docker/daemon.json b/dogfood/files/etc/docker/daemon.json new file mode 100644 index 0000000000..8e19eeeec1 --- /dev/null +++ b/dogfood/files/etc/docker/daemon.json @@ -0,0 +1,3 @@ +{ + "registry-mirrors": ["https://mirror.gcr.io"] +} diff --git a/dogfood/files/etc/sudoers.d/nopasswd b/dogfood/files/etc/sudoers.d/nopasswd new file mode 100644 index 0000000000..3283f44556 --- /dev/null +++ b/dogfood/files/etc/sudoers.d/nopasswd @@ -0,0 +1 @@ +coder ALL=(ALL) NOPASSWD:ALL diff --git a/dogfood/files/usr/share/keyrings/ansible.gpg b/dogfood/files/usr/share/keyrings/ansible.gpg new file mode 100644 index 0000000000000000000000000000000000000000..1731dd2b2fbd7ce251ad1b2a53f7df432f40ba60 GIT binary patch literal 1132 zcmV-y1e5#5!A%5Hmu)Zs5CF<8#y2sBavX?)67L*C?G(=zXq7e@f6Q6auif(;)LZod zJu=nD{xl;si4m1N>|mHxbs=?y#0s%cDFcoXWGuiOPPcBqgGtD(O&)chTnV3O_vTKp zpxjBtjm2l2l)Co$f!&#ZUZx+mr|if+XiX)imRGOaN{wFzF5qf*MMMWR-!r_9)GT8n z9-skmj@@r=PeO_JMTAEoMON^=mLX&{p9PrVXI@k~>Eol0;1Wto(EAo0j!ob9JLZv$ zz{J9ga|)i0iWfLtD7Lfx2pcwfa@C_G1MjY`Lz6(awYWneCUowKp!;(c|LRENDJuV@}J^R10+K>bBPj0 zCcgwPd7G4u#uSnVISiLz>kj2k1P55=&JfyHmd(KqdSL^A$;r(RK;Xi~)S07(S1`Hx zluz`k@CoV<@SfH`dGGH;tTOf>%sFH)iWJCW^83^D=M##Vb)#E2kuO`HOHZMJPPY`) z#rAzJVN>~#YhaCw6qRIee66;(wewmmFwLqfI#xM7Uyj4+Unp~Z9?dnFy^Ep&k9z1@*%FAsQAQg_q^ zZA|2Ax}@E=%BDtciOPD+c(7l!ho;1z9^v?+=mW{bPK7@|z`h3!+#5lH>mC;e zAZw{ca%yxWx*r-8+j=+B_0_#@aD^lrQGYcRci@}xrY_B1bATdXsNhK*{R`_5@Snvl z%@^X(#j_I0E(`LpP@0t-%adrgYf0nv{mkf^m#uEZhfVP0mH+ABM$$9YYGhc7uU_zb zLfwi01ixZuFJvRqgLiooRMNo7-bQbSnxUT8je#Ug{poZ{T)y9ck!Lmb=J$T22%i1(LzY!TWhePHBrdo)WGPY3)h z7C#hPORz)L!-36Ks;a^piJc|8(PTGnSad{%|NB2-0#?2=Ng~I(^p!6?WEWF|1MY|_ yf9W@2In1 z#V#$cv(vuM$1G5W?m=#;?M(Cxek`gIB|ZeE>e*?4HA0Yo?Le89KO(!1UAgKnfVKJp ze7*UXLf?I!keb9u+BFqeeB``A$gwvu)M9q}dT8YU+=NzEb9$;fT&a6fycOmt+QBrl zSljK4NaNyiOYqwZ!pA8r^c00OKI|6ITnqr2;lfcg2)^}~s|^iuXkp-Z9zw?u9f%Gl zIKx%?805>Gz6o0*0IGj52V2W@R3^r4ggg+8qe2>{F;knjCB39B|n)&}Ia))TWmVOS1zJD$Q<&mo|g~V`#5B$6N zxLlw5L@k&9cvMyuB!wfYMH5Y?I18^yQU0Cn< zQ+Vm-4&d0rzki{yJhx4HVp!v=n%$Eu4}XG1@@3Rpmx4E2z!ZF5gVt7hXhF3JhQ)dC z^v|>E6|i%rp_>2^0RRECD@1Q&Yh`jEQe|vqVRL05C__acWMyJ0AUtGmV{2t{KxA)Y zYh`jSV{dIfi2^qS69EbUAq4_ht>?f38!rV52?z%R1r-Vj2nz)k0s{d60v-VZ7k~f? z2@s8efIJSr&4{we5B?+>qpu&7G$uCr{9l#Rccf8iLHFK8*j}rX=-CG)$dc?$piG&n zyvm)ljwUsM!bnCjBbuvmg?VD7{XegYqwDC-jwi9@5G?Wk0W>(My&0lUwT?!h+_)r; ziSkkZTf)_`7M(d9Eygf&;f2K#dl0cev@e`hmk( zZtk3Hs%->NGPyLrr#y%lgx{LEI^lyjO4KBwd}kap{2xYFqV-F2>Yq zG-gdq-7QDsOB?=ysoxG@7KH&vE_?hnRc?txWkz9<=VtFx@Ut8hfLi2;JwF@%ZMK$zRb;~8!vOdFX75Fk8*e>XpOrG|YsSZ2f#t_(HJ z+2iiq+kTKEd{!m%PjyDuMW8T;FZ!)Cg>O6x2SR3fyfZ=kBSDUz=aV8M^lA(&u0B2M z-aM5?LcHpf3Iqah6nv_W(wZrA8IAR4qXOaf%g7n?TNrw7a0Kc^OVl3Z8#a2R3m+9$ z8(5MM+x77e+YoN$TgPo5x1IH2GV6I8ege0YQtX?0EQiH**C+5Ml4{T8)OO+-PfE3sg1Paga|nw;9NrvW?0Q{d=P|r_7drn! z8&M^%eloEvv)?t~lG>1q+=qlCndr6=1Yy(%>dfgbh&%TXeRWyM$f8?S{8ygGsA8pS zM?IBQwFu-HaGRib&`sVMSJXjhuE(AOvYeGL$vD)^dqADy%5oai-WdX=OaMym$#l_A z7d>5VEn*PN1N}x~{PYrGX`90HOmI4|Rc$_R*_61pBoGZVu(mO4MgBSA z3G&qBk^c}(l#fx^d_Tr93{<%g;efsvX)qQ8<7p74rQ;AUmvbi*yka|wYGA+9!(&uJ z3tZ#|GLLIrw5-@~{uvdM_93`x8jgYT%ZPhr3MqBNEu`I@f@nl~3G(!ilEW9!nGG{5 zNIRRPhlryvj{p$?00D^vJ_Hy62mlEM0$8ouDgqk<0x1a)je&qX4!_Na!CfE(8370Y z1_c6Gt=cL83JDN?psB<1bNtxVU=ROn3Hco$6RNCn?dy%AGv~v}na?1gs^YJhXA)JR zJ_hRT#t5-)YKUBmhDT{(!zP43W=13FLVlQQY&Uywe9iI|Dk@tr8RUEXt!L9asCk14 z$moeFun}{2z@`Y8KUEy#Y?ttc*0nt%%r%bCd4pClxDY!t`M2qFddF+NHq%TDA5Z73 zoZ<)UWl<6+4{!S>HvV2YFUNmbNfe7l7outUhag5HvTFpov{9)%SU3wB^qK~XMv`AX!x<6%-nu+;S&pdG~rCcpO z05M&Fwf!q>>kU>E8(Zk`CG@{MMFpYoH>2^}r{N(ze}#nyK^=2d^FwnaCSIuyoty8V z$MgLSEc6&fC;Zgt2oP+BME)7IvYQ`*`)m(a>t+0)T%TWxv;Hw42=h!wN&j`JBw0E> z50`dHHM+RTjBnAsX^_gE8Q9$kh)YxA+2aP#nvkSPSGK0POS-qBfqQ0U`6_z!bL?8k zW-GmuFEE@S55O+}&SbUnxDWqc+d9(t{vtC%96$nq3|U&n$e6E6Na09qb+{@cv1jZ| z3ANPzBC8hPZX%fd!AicAGHUi1CEtQTkg6rlJ&izkT=Qe0t#FL~*@%Q@afty20kH zP@b&1>Szr#R<^(R$ZDQ+tX1BmAvCn7XbkFG{bvJsln04BkS2;}7+r)m!j=C|-@2Mb zZaVA|!c_0vpuO@|Zgh7CYc|rUFc^1cmciEIZ-OsoUfh8=!gs&KS$I6fh;IjUD`52- z$hYta7J<u zKyfV{PWt21mmL1oc+`{DV3Y`cYIUjP(OqJCF?#$b(-lq(eagmRKXj;3eca9O(@-v*AlJpV04RH>15hu-d0gn>T!}yoq)jq_0kXKsg4`@J7)|Q^ zDDOG%eA#MagFANd zdqy65SW2nr1~YT_@-0VQK|8{6A8j7(Mjt*2q7@a7+r$F=ve;|lz>JOUg*BozUJg2!M`kgS_a#f~DzmR>8^={7wt+%CwK#i~ zvfpjM2D7BD_&w;T7TX(_p32`UA_jgy8>H)hjrvW8{`$-wZl>gPv@74L#o=DIx{-%P z3LY3kB));25usaDw%9uVdqKM}3gA5$m>8-aoY;31*`RKJoH{q*k)ASLLDza|{FSl* zk;T}a!$a;d89iqXj*OKUxwgdm(;BaihD8wc*`Y3+&$Bh2H!}mE{&o28;!FZVVFa9r zf}&suGl4c&vijKuG)jrOdNys)@)#N5f%|l5RZz7u#8j^9<;>GcNxSldEX=~~=Gq%5 zPotZ>R5W0yfibkPC$F;dRN_4a^1ef%*GM8Or%~|)EFb=FOHv-Xle>XTzCNOfW$Lrh5^Ja2GiZgX#Sa${vHV{Bg|-fCddPDl^VI5fabQ^m0%I30iUJ!01qlPgwlxI{ z2?z%Q1{Dek2nzxP76JnS0v-VZ7k~f?2@oUm)arF{U|H*p5CF;U7+w)&dmEsC8#og8 z5_2=?)^EXR9c!3F?n!}$o07sQjYGJ%p0Jh<6LZfxh~tc@MG|B)L;Vnun~)_zv0cB+ zu}s0+M8(1umItr%ra^|kdG(!ilHe0rt;(jdrmB+qV=X$Vz(nO)AdJU#jh5MZV++<& z&nmrb%!n{()|Xtfl&=gga-ZCL1=?71_=2ZfR#!sblX7$gCswgZ!+KQ-7YB6T3`?cm zT3mO9e(~XFl9!v-u2-zu(=N-Mi7O61PmxVehEf9}e<08`r zk1x{*Jxv^-*9~)2tg(!<91uR;yx)i2EMOl%nM>M-Qe0BVf5B*1Rv#45?90`ZhZ!tZ zB|8Uap0K?P^ob8VCVHz1Mwh&0H+K%%n4+$IngUwO%%XkmT|E|Ao&7N5gJiSBykJP( zE{0Ke2dK$IV??I^{x%NLeEF*cK2EmOBCm-QTA76-y=b2qHcFZMAoT z)(cvZOlX0FKSAd***#Kt#98^iJ`}dO$pLreyzu(-t?L7fz3Y@eBkSU7Cm_w0UT)o{ zN1ra9HHL-20doWO|{IHK(1u~#KSAr_)JX?U}y+lHN=vMqZY^G&vqEevUh z02}4RMH=qdn6HAqpI-&)*M>=BYJJY>JQ{B9@MrzSanDQx@2YO)%U$81ggp8kBr%s{ z()PfUzZ_7b!+u>nXwCH~x9+wX<&>~SV-O_n7{zXXIWiNuRHG6Inc3aBFNfL^L_C%m zWxMiT)5+(xAX+GBwNRfO9O>=-gtU3t5>JFi4)tLStA74u2U1(zb|(K20Yfv(y`W&I z`4}35I1lrycfTu{rJcg2W*s#9(%TD|w-kEulDzQ;x^L85-;^0nD24@+{kkzkCl+~X=amxsdqY&&K@YDOVLj0hTMI-AER zwOOJDY&*Qbd{##mLzM%8R_;bC`64LxDc{~vP3kZbUjPvS00D^tJOmg42mmG)Ap|U8 z1|S)QwhnB1$a5p})arF{U|9tMV;3%p0vikk2?N8nH2?|;5F_){>UD8oSr!}*{ycRS zrJh#FkClGa{<=F4uNSPOAF;ZkzPKWuF7Qo{cGeR6?3%ZgaY0&CSOA%~ z*OF*d8q0N1h4xs<_Y_%~3a+0-2H(x%{tj(hE6?spdG9)V~tF|VG2z3YHlb2BM z#+XfkoUJFRVS-05s$9 zc6KAOl~vnZ=7V=*=y%SXo^W@ZL?M=+A>E75&3|P3$KwOg?f+dn)G>5z${Oj9JCbye z5)otPqv`51z_B5|#?*!jI8=UFw1sVOPP?KcFk6u&J2Fg@{1#<#_|9f`l`i?p;?B2RwXp3pcKeTrl;Td-b2q6H8rV6E`jrVuKM3B*nLzX$ zoTKZDGY4)TUxW$~Hg}wi7PR++UHHxOyHwfd=cQU{ sZP_ZaFT{IF`p$Ndo-}Rtf(Sc1oxsL`tTUqvGA4#k*w>jgJntA|!*H)MKmY&$ literal 0 HcmV?d00001 diff --git a/dogfood/files/usr/share/keyrings/google-chrome.gpg b/dogfood/files/usr/share/keyrings/google-chrome.gpg new file mode 100644 index 0000000000000000000000000000000000000000..cee005a7386d9c20b1500ed18f58e98d5ecb7468 GIT binary patch literal 10640 zcma*rWlWs!qOS2_aF-%2?i6=-DDFPE4({&mba0nqh2rk+F2&s`UYz1^{@p9*ti6++ zllAp^CU0hvJJ&DoWIz?bNL)HdV!{A^c2+`|Qt^fmCKKA@ezs2MNu0J=RmZqZP<$Lv z)(z*Nc#srcO?(ag1*(O4b#Q_b|B_p}n3aFIz@hgA9G;y~sm4CZJmY5Jtp7Ifi}`cO z!daf6i~nQf6SMBJv=jidv=gsHI7sAz3C{k%7E_)LB)(Lx&iqd7yS0kQc}e z@Y^YC@|zY;1-J@QW`(xs@4*1le^nJ83B85~y#Eg1U0#t-yuG8trWhxNlJl8l62szB zOaFbsiNqZ-Y<)U&DtP8a$`GN+Hcc%?k0pUo)Q41hibF@XV-{6gtKbqc=^)`MTatt% z5r~={qm)gRHjdkh=A6QPKdpkA=kZ41Q@r&;`F>`O;j?$^m;@s+eKB|o{raH{q_=`$ zf%zU-j#JG(PI=ieN^v(72XLUh+kDbL&7pLU7hxvgd6Y%P+wsa(L_ zf>aLdMJizX_lnW+Uso=SHefG1V;5JjvxvoiJ%Gv7!A>aB6y^ga5I_MWfQCaxM1Y3| z!r%ZApkZ)<&`>~PC?H-SEKm~1JplL#3V?)&ktY&@9#Em3FeVGgb*~(5SVUxcPczrb zI&$%xID`cx0KQR%*`K~>C8(0%B}5xvt$k}>sCa7yqW;~L90mfQ3c7c0)%y*5%K1%x z1Ug6Ck%{lKt~46LPZ~ev^^<+0cVveTrJo0+r*1N;My8UrLo`b&qqO+T1b>-)ORj>} zu+)7LJ0~b~SZ`vNLSfPGEH$$WT0dBS+kXrE{xqfDpkWWbhP|jjfH=@VvsY*pu)Cz*0Lxqdioa>hHTt8 zTAy+l=p*wN4moKS-JXu8AK`+Ma+?VlV>aXGws$5~43gO?*822b^i7NXDG&v#eQZR6 zUgKPHfCEUncAjwHoWh#eMsX%0!j2Rvt_SvI$nS{~4sP`U82}9n|AJInkqt5W)DzKp z72{gsLzI{iX;;>NcU1sgN)lf^Kg9N))NU>pW{w0pt>7{fq!eCSDRskxGg!Rki1W{- z;BD$4R(w|K-qWH2N$I=8II$G!#arBvDYu+Kw%@UtiF8 zbW%(W*X~EjE?pi!k{?70mZ(s&)zQPyd5GA=gYdg6x#ioTB_d^DKK?U0L|EY8RR9T4 z{`<57K!9A&pG-@y#=TkUg_<)Dg9S)@4#ew#Y*dx?pcCu{E<<0LJ&EZSl=K%>$&7!d zrG@f!4hjR%rqiX|QU@C%s4*|9l#0$cZgvKNqT12OZ4{x?Q6uh1(CiFig*ipDC`HA& zH2jKUM7fZZglj{>^6Mhhht}axjX3SF=@^%jO(M@1FJQ9BB+)Y{@q6;ytX*P|xG@9b zop#(VM*_rh)F%~|#`3+}d;p@f>@5E=VqNZ0^OBLpQiI~TLs*nik@I*LlKiL>CXZQc zQ8=oJ5e7*i{z6!k=PTf9S`l_P7Tog9KD~taP9O?3`IG)4M`Ss?ne`GP(x7v|?N^~) z1M_XGG`6Y34fk}hK-0C}m*YTAr?AAV#F+ysE=7;Xg=>#)DEF@9G<6(oG{ttobfe>J zI0>O492-hx`4^$VoC5)*HJQLm3E6VFNf_;~^d&96DMIZ;K9b0XE^Fe_41*Si4*`$? z3y8g<6+|!a%<{6VkAGG!5oopMK6sJ@;&tI!pyiu#hGTVex>j}5v-KZwNcD@-mnS8g zE!t*Vv!Fib&^Q#lpJeQ;7MhnKJQv^x6L`6Hog@ObEUHUrcuY8s+bGcJtGrYo_u*-pwsJ#VHOY%<%~drVVf3z@?TZNC4)JY zCwNtYVYb_tI7{##`@=sMBb5pZ{5wY2za<62;UFO*AOrs^rGE$he?KEyj{dGgx_6Za z&<%B5eK4O`aGLcp^eYFWkq;3*4ZeZJ4?3%_Ck+3V-@R>9=zB(?F&mxGM_dKdX-#b}2ttrb0{ARwrl)O`9U*Hfb zw!tVSP?+dxX{Zh)d0SNQS`cPSQ~0_|Duy2Dky$rT_&eg#W)wLR+p7USpO9UFjroA} zjp(?#hCjA89NXyyYcIcmwKiKYAjJsixT1q4XW^ny+GC~G8g9VF!y2dXdz=8ypq z_a@*^Lf+vT5x7sYY{;!rG2w?68r^xYWDLF+K#B`{wNZ~My{eRPSr0y zTXllsy<*^UtmM@ar;=#A5+ry`McRkx;rJPg$^i?-m31e+@iXq{&3V#v(?OjnF1TlK zfR&{ZYC~W`VA5Bm(wu;VwJ+@V+m@Fugy7zIjry;MS}2f_f3j81ybK?< z`V<8FVAjK1r{ldgp;+Nq;acCiW2!HR^$pu?w3IR`#^dZ#PZSgjn{%{DE1HG3N6)8X zMVF5}SV-a1bZJ3dy2)_Um~b}nx}1LU0VZn(!z2eu>}93z3<($dbGix z&T%B5?=JgC;U1RYFtK~Ar;@dw26-f$0Xu?yvh(siNpBKP&EAp{rLu++WL2}}#SUx| z59hvVm$6cg!4E$YFf*2|7m0p!W-+mMzSJs{IB=~b;x;{Ckhm#X z@3>SG1))(GVe!)k5jYI4f>3lH0_nE2-BhJRq5Z;ki%{~q%8@WU$4iF?j_10j(=fZ# z;9(aE5XQfJ|5=|ROk@Z?7mk1$F*{`3%`$aYF8w;-UD9;30+v*A%S#xP$`O4xl9G=B z8z$f4LAN8^Fu&|oEh~VdzI^-^VR1Vy!{_PB`qt_bQ!=PIo?g~cZeia#setTounzrz za2&$aU{oJ<7hXUUR2X$rI!Pt7pBP8%HD6cjg@POX zzemTK2$AGyy; z!lXMuIYylf)HJQji2Aw691fpq;BP?hqI;h{@M(?`z1367Jn{(Z+xt3t&WbQcS{FD1 z`t9sGvH(#;NIOdO3WLKv6LUxv}kE6BeExno$VvaMTN`J%CI6i z5BrpXaMjtxwZ)z)eH?0Sj%V~KeWbUoOZHu#{iaUKYw3Fe z*v&NAz@3*5E{Qg2a4CC+9cS`Zt1cM_RQ%0ss=2!oi!TGU$m$QgTg!z<+clwqOlRnk zH0Q>w?cl2OO;*We%>~czB>jC0HT3EWr^7qaES*Ky8t4aOre(%7q3(v2^&eheTtD}) z6LmsD`VDta>Ssj;`=nZ*URGmk*yjh=LIo44zw| zT$_t=*maC&LIXPb+uHS}{VwL{3pS|HdOU%Nj=QQ`J&&2T_~@EFa9!Y zC`I}z;oo|1hhSppb&QJX(sUm!mUbf~zOOIoK2;==TKzKnR#QH?087b`DsCodHto=5 zaO?%YdA8pnC*R=M1w7&`g01$l@D`Y4f)_1%3;QO*`)4BI-`Z%#p}(7^$Z=2O+{}k2 z*GyTW8iFfyiy-%UjCQY|Rg)6vqZz*@d{E&(uT+_i_UGR;3-tV2I?>gR!=3??R_h;v5w&!+TswlJq(_*@ zI)~9AYR3rRN^wvg;`j&Et^L4no{AjLZt_*wr1(Xkk0)wWSc@&L;fQX{@j8+!bC9Ex z^O>JM%f$NVOFqWv5TiCc?V1~%h*IhUJReetbC^|OBD_Rm&&Ub#lGH>>8roMwkdSnN zmlfLA4lQ@)XtR>U$|o0x#85mk0l^V@al+(yB%DVvUt-Tp>>0**m!i(E-PR*#+-j#x zYftEtyj+6>jmQY;jC-bF3Q(Am$aFWb?#2czfrMn4Q6&Spo(E&=*luuzy*?539gu)7 zyQLONY1?(mcy898(ul%$_Scgo^n|g>C&u;S)(X$W{5cyGzu0?#k6zQKSU!o=K@_HZ zw{cE>^A#SZZ+Zrt$$^);(_vSbE3>vB{q&h#`sT>-5XAGYXbTskS_MI{e02lJ&P_A*N!oLi zWmI5}rsQtjaPYJyg~`ggkA#SWU@H#*Xd#(H=axtJj`mj@P{A!uzkg=k)4v-n^4Lnra%4pz^phht*)$BlPOXDhMrk>)+%x(K>*X# z`o6OMY>f|Xh*>}T_1$7!?_h4OG@6*R($C&V889%p1SyQEM;5M??RG88IesgX{H7QV zM+w3brwQKF{?z*rJZZjaIE;ge)i9$F=2M^S^D|Un<95=bEQ=BIBKHzbK7_)8{WP2~ zvr|J?hs&3dg{z|J#!UHC$a)XYcAX(DyPLmQ$uNLVcUOVwYKaHSdTd6&Lz; zQ=gZ~_;ucz+sl1Ed4y_qX0q65s=#h;*?n0cw_^Fx$0|jgTFa>;%}N`Oh8W93Z^W&b zQKSLw+43>80431?o6T77&=QMF2bWiWJ1(u$$^G-6-@oYU{^V6?7iVi8Ibq5{__3*tFEPW5tY^nM{P1bidq8ln*7hL3CHKtp6jR40za z3SuNFJDQ3os-m+YS(?eoKpY5B$fo<4q(gfTYrKUwPgEb=VMYM|jj&`ZGc#8ot2`L$ zJiS??#EqYpS#MhJn|wE{?CIiy2Njf~UecpzApRN4#IZfK3?Qw!Fb zH%xb@Cs5dbjFSE$4O^zW*f&Bu`9-fy%O4@gLCI%5rhPC=gIomnv4@#}@C382Yf9hF z{j}AjI3}Yysay=lLLwQ*ri#!_4C!m*Ky&Qt?3wX30&1U}_Ltz1Tob8SC=5~>koG>o z{J*uiXF-2K#Wk6onq@@67bCY(sx1f5Bd~FOKBg{J(GzFU?-0F2)twXstXeNOS3Z+M zr%PwaBAK93v{zNdbw&-Rztm=M4fKqgFVyVL3VFQ>WM$8Jhr4~gG%T5808(=wDfNc5 z;5`1^KH?2SNss>6Pr?2wrw}s|(Tv?INUVFVuhHB~qSAR;4VAge*p$hGOsgmuQC}CM z0RrPsJWGSC%wzDn?UYt3(7awYE$ROJ$c@iR-gUHA@hNzr=5-h!)no2x5H4E+6ev$K zb(@UVzsZbLb4;k}#^dz7#-}$bAXCb!2h{G_1`;9kEXJns#O<;{lmds|A@P0N#vgU8 zR;DHNPE3dYC>hy4e8Ek!Y@5eXW-I=VzYYZo0sgQ!{K!&E+C7M{VMdCII7?!gX(=C+ zrbv}X*)*(QeSN7(vf~u?!ury=dvo@nFy>HL5Cgp*zgd-myn$1#5>BG3ymrv&J5lHs z%Fss8bSH~^xPhZtiPmRd$sxEa-3*V$Mnh+s-WEpWM> zfm|WuCrlH0=H1LE-V9e%?OHetH|s(YLe$w`(%J^bK_q~%qkG!y$-W(TE;bI~T0(uC zs&_(VS)SiMC&UqBM?YUsVpFxNDM|BgeQ$LX7$NMib&doP&7#X@li~mci%L>us)Q%w zzuM??zEu6AO+`ZD?bX;R?cEgaNuBxshfw&iA?xQD*i}+b~r-AI*v72eDQnQN9D7)GI-_-*Xlh{L&!L)>J z-?_@Xm~)Rf3dlV)aZ`+T^{K8U-V*orkD8Um{#ZT1cqj_IX@0SUndy*?i92#Hq8X5v z@#>+fll1v2d!9KyXRgKJ6q&As0&Xf!{xFc0NhjQ)y` z7<_EkN{wV5nByM~b9Mi4q4SA+JKE7K5yq83st`(ED4Ke;9-hyTW@3dJthfu}KuD*( z$N3|gOC}_%1KWDC9RF2L?=+GE^_nbSw^+)=T$y^Is~;pP%y!lH9%Ep0AIz_{OaacqW#9G`1#c?O+K(czcriqq?nAe)$^ z^_T^`ucrRlv&|kT=+`%4t@{U2^Zqg=NM^#ta?#(%?hi13y9(HbHX{pYf5_>lz*I(q z<%3793z5yR_aQgm>qQn~*3LYGv^Q434=k#SP^x@(a@*-))B(*4e}y=AS)`VpK3f$F z=Vtxq+WZ~N|I`NI@4L<4N`J7ilD!%)1A(7A`E-XnN57l0Y#`aoFW1R zRDQ6i;q-=Tk))I6hY_qt1NlqcsBu=h- zmkyX&+1a-)?yY{kdn@1E6;~3`nZl|!adQo~HNA$kmZ8U5z)!Nt6QCOlJ#5W&W_6;K zO_=8KeVeI!H&Df^nReVb>Q5uCj@RaBMC=u_S>V+EB$^~wD&-Sq~%WzJCJd2mu-{f$3NE%<)mv$DidqVvvR zy!L7knFNQ;#k&?6%%DJWi+_)bL{qeRe*YoxPP3Ag{)E|v7imPW;g~HAQaMSmvD$Dq z8b*S{1a;J8B5dX@R@q7mI1K%m!Q>yn(WB$%HH;E{rPbsHrJ-3kmfD>*i_j@0@T8c- z9ZLO5zD*7nQ6WF4R;v_dblxN*M^&=%7hP1zAlCt9@o#Xae%4wgqYiI`|M*-+U8Ep9 z+pa?Jwu;6lUQ~+K`>ZBv$p4CK8T9REi`C0_!iZ4PFA&4ojm%5`1Zdpf8~SGi99DKE z@t42nY_@y+Qn2PfG(NS$Z&5fvYyL4``nNU=LKuKn?75nFfD<@J?6QhQnb)27{J;lR zB}~n_lQVJmD62!W_M*3cq~4m&V)vO+N(LDkC{})JdjLBr&RcxEV;CugaN7YGwi|QI zGv&v~2`_xbY+N*vfA@v&nE=o?o~=``YkOgevX-%idU<<%m6T*96X+^Axmw=uGGsUa zqr@p`77Grg#kO$F3kN&83cptT&{zA3qr3Y1&&2E~9nmM@c~*VFn|n7X-lL>j!kO@V z`7wQ-p)9YeVrZ4+m<#4gGY&1g0@roT;lM=n&oSwc)zT+qr2KyH>eu6z+E0wVM%xM0m5Ib?nS-)xS;lc4qQe3DR z^djjLGWHpCBg-AERTb*0((A|RmOtv@Ay~Sy0h;fFEf_S#u*$c>`+AToOBC6l!s7>& zpWHb_NHNs8RooL$kgRrQR>{< zeL)X2el25BxGPqv>0%`Ch4K_g_Mi#$qHEVzeoc3cWbHQa_3-hvV&8SANP08lBB&+J zuCk5sdYwY3%giQuB*?ZEsJOS)KQ?=EwhNzRdHDybFJ`S|?KtaDlEXI6p{0u3VI1QR))OzM0l|kPiJ36{4uTrreQF*f z2k+Ff)Co(-3UClTDl-mj@?5UO)2M?4dM;wW}2 zHxgyI`V?knrW)+?Xbk*N?eW~XIgJBEU zDA&WdE`b*R5DdksGMKLWgKm>UTA#n-#ns8cT+wdI^J{RCfnqxhE#@8&t0`#v{Mf+fUfqS zoi_BDs>PbZw}k&B3fG+SP%Vv<$PpRz!urwD+i12 znilD`hU@_Cf|ue{_grL05&x6l<+goHHg@4?%f*qVu zs#fq<2CnUO8WdJkrwx5`pM1DYgc_Jm>3i%mSjhpKAEDd}9Fw!vc|)@W(2zqw)d0%W z3)K)?b5sKk(|0Gr)71~{@GWZvWHF8elJ)<5VT+H(V$J$e`A`Zu9~K>ae&7vKL0iv` ztzF_#l5b}Bnrv#+vH{L!;PH2DpKnU4^U%nBcbc_m&)^SGEQZESy$aD=KE{R#{!T85 z6woL8g5df&|A^L)h)1e1#C#(ab*52J*K#wj#RCwcpfGkk z`xD-L9~qC}ySwZf$8PXef}pUve49SL1*!EU zHb0bmRIc$q;GHJ$+aWveTo(n z_pG+!-sg$;C-)oDtv5ESq2a}oTs~KWtHQhyM0VR`#XYxfV0=?qdgvR`M_v~5JOV2Z zrewFH^H^H%!P-B89R#Fg=8tVi8n*0}fpz`{Zcv}geyx;=!+SJblHPjom94E@jkAo} zLU@t13uWp$Z&vAQ7j4#>@V`@g8aalI;?ZErzjIa1F?e%~VqwP$Ch$=8i}0T}QzxeY zMBz&e%*NOZAndO_D$nCr@aOk$4~a;y6szVU+H7!37%VhFYuC!R)y_Q+CT~Dud+y)9 zBS>Nci_dS6G`)=L%9nAgJDTVKt3fc%WV8_O!RIbu=Ri&hObcTB;9qS_&mKYlXftLH z9DlmRw=Ht7FbfHai)@UFua0KjwK1gE*YxHg)m0GV3Xz{kwSDf zOAWlw5r^e!3?pSK148Pa@DJ~1s%Xz$1&o^4q6{h`%Sm{5&k8_)+5Xbvu=8iFLSqhk z73hqabq;j4W;&-{a2o8hm@!UTOrq*|D)_fKPvSS`$qr{%6_XpEVRm(r>Cv&UhtzuSG`5(QVbN12(>B~nq zVuS;T<6xbm;ie5!ut?opqGg{o9%~~B#Dsrbf3bK$ANk!X zgaCu=;`Z5_B;2rH1%6}x6HB8g{B7Y@7)H1rfKM5(G2y;TPM9u@3RF${t>QkWcXH>^?p|!Li=ZL2sqLX)?CmFq+UrWm1?jO|uT${gx`Cqj8 zd;C|MqbRTEES8FE$zSMi0wW5G#Z1Bd1EN!vRTIr-ZACk$8!iMz#zd0JoZY-WP=z1) zyV33KmlJG4;i=Qu%ZCt{nZrA@%a!!u;!3!5WQjSw)i{kSfxr8e%R3a*QE44Fb;Wnn z^pluG^8{`&iWI0ul!OYm&uP0b;BJ^PmX+kY8$Vi4qJ{FXt4Ck2PFgNM7A=nqUY{e6aPGXup{(p)d1<4rP*2X3M-Sk#b83o*x#`lR1i`J?R| zyv+F%yq~t9aZKTTdZwNwb12}Ey4#F)wkEMS3UGhSByJ>B2qJRbHX(ayDr_v5`>Z9% zhrx5IYiPG|t*^2g*MGlZ`Ql^7hG_ZOW>miSB3Cb)p$U z0QM|$Sqp25$9}_#uisvC_1M)3{-(wpm4txMIqbZB(ok-0Irq2uL+qRJGO)iiOu)tp@^dcL5fwp5*@#YZDZ0+x+eua=p5BS3TL>Y z!2B_xj!~2AkWJ=Yd4CF0!Om*5>DH?#sq&PjleC6QLb%CTIgzQ+=A4qDu{=GAckWH) zGMMbzsis3fg_&APU&fNoH6nE=>W#@aE%69(1_MKLfD1ub){r|^tdg5k67EA> zCA$;T?ZqyIX8)1T=SNEX?XOg))Ed)d=zd%}ZG;yGtXd#QV;Ibfz{5<+r{j3%53#6O zlyz65pA1O9j%m&-H=hkC)KM2Kh|^o?xzyEE`otZTrMBC};keoI{m7{HTRmcuhu5{h zS_J{Go_&0xjw9Wc7=Yvsr?5n0BMDgzE!mO?N#E5F@zH8vX>C`GJh+Ty7k|0( NoHjgY=A3`m{~vJw|Kb1u literal 0 HcmV?d00001 diff --git a/dogfood/files/usr/share/keyrings/google-cloud.gpg b/dogfood/files/usr/share/keyrings/google-cloud.gpg new file mode 100644 index 0000000000000000000000000000000000000000..0f478144f1491ce0e6668faf181eb8a7f24a208a GIT binary patch literal 1210 zcmV;r1V#JCz)b{Vh_%!K2mscYq|IbT7J+=b+*`^Oj$cN)IJ9G0;1{?}mAAo~T({7p z@JRBJPSW&4=qGU6)ec&2A)J#VmCA#C z|M1{S^3O7Tn&fI1N7}adYPQ9-dtC8TNI+&0-YS5c37a=4rb<3Z*5_8X=5N$X=iR}Zf77%WqBYd zV{C7AWG!-GaCCKYWi4}QXKrb3XDw@Gc`Y(9GBPbNGc7PTEigD=Ffm^+F)na*VkyGF zVgwTb2mlrZ0%C}@)Cmx^J;)6c?e7Hw8v_Cv0RRBOs0aXjKodwH-O$)Q+G-l#k-nP6 z-g(UI5z^V~isDhA@#r?{D>{&`^`(q5^Z*Feq{hq1#6f&HM)QRxBLNe^^t$sHNzEqccHSo% zWsaw#U7E)!v2s_x`5>lsuP6)$+R`k5+AN^`i?ZAY*DKFab29GU>|zfq z_$t}Yd{Gm@ThG7^`GAXx1RftieU>Qkk}w6Y>tP2%D?0A$y8~GIYu!JmKzju)uj)x? zh{SvDEbx#-6}|z)m%#-4gluH7ZY~ZyLT^FOIb521d65cueP!h;<8zGj#n0vikf07;k#0EH9e{n2CZR@D7O*RDY%Wt_zHoYaA-|F+zb ztzM99RzL(CpW>Dy20yYatT)@uKm3)htg12E?8K{BU0nB_L~;T~=yeu1bkd7jL+l0@ zc^L1E1ukma{Wm(HKA4kQvSzePTx1NxT5T!@PC$-o`; z(ghh8M)_;m7^ArH11OC^u!uzAl7Me+BshQcv zn$%;AzR1N#hH7P2I|9&cO8(!2FwNJAb;A68tNAPs6q8G($>rU`APVqOkg_aD`xbA{ YvDCB4XX2J{8xPZ_^SyA%2cipL&5QI%SpWb4 literal 0 HcmV?d00001 diff --git a/dogfood/files/usr/share/keyrings/hashicorp.gpg b/dogfood/files/usr/share/keyrings/hashicorp.gpg new file mode 100644 index 0000000000000000000000000000000000000000..674dd40c4219e7f397ea58978a945ccf952b79ff GIT binary patch literal 2879 zcmaLXcRUn~9|!PrHizTv6%kUQG9r7Om7G0`jyrptkv)>Vg|b5;GS3|{I@vtp?3qn= zgskJ~>GgYF&wsyvKi}`?^XEGgNJ9c|X<8-%1J)pu&6U}KU5t*M&8s9XGK2nkr#mWq zE47K;_lyiJS!FtclVU8=ncE*{1#LHRnz0KPmObz`ViQ`6D)>6v&)?Yx%RcjfO0CEJ z%pu{3F|eLx^Xtl6F*~zxBzsQVu>5QTc{tP!F+YhD@^VrrV{UU6+wCGHFi(}_sK5E* z(;7e%IsN=cEl36-*>$DuTf}?5n$ro`;9aqgw2kT0oQcl`Ntz-9#CzmQx6o$hBG-Bh zi#_*_1Lo9TpJAe}-pFt9=rc_I+G-Do6K;*r9wO8p;+El8&sAKtE3P2@v%89`oG)Z+r?s-O^)Vz_ddrqiJIR=Ip2 z=+2LnA5Qvqq8e$cQ}le43Z=2*0SRl0%p1mYvqcJ|E%(mk7G{CWk{K^Tv^uhXq#G?s zhMF?}vhQLFxR_5Q1@zzDYTFNZY&j}xyGZ`pB{HJ+g3m-!tF%K_0K2`!=@Cc+-x4QI zP^wvQT8=_A;Y*cFHFh3yW7C4m0rW%wqB@v{ji=WI4z9?XJhGnu`?}@+=kz;NwEt%U{(C|M?&cyN12iOo5K#c+fgHr7)RYwD zKr$vON(yQq2{VwG2*^zYWC>;FCGm^hw$rs_QjSkl-YsLkXnxPTPDBcXw=~OUvr(*Mr5jH1`k||jxdr+*-W_3-SfTy` z^osJ1SD)O%Y)xSy^A}wsWukMPB5%e^wU4c?c&b(!Z-nJLcHu7`Uyo zF5r)@WNJ+4xe#Qa*8I*V;WEe!gl7xzbE;jRK@kNzea3z%8+8^=fz%0UJM%q0Gka@fL9KZY_~q{(Qzl6`fhckQ;hN4&e9(E zYD0DdM@f1nt9kGeYrYRAJN>Q{cZ!FT zZ>l@Pj%rga4_PO0v=oHH9)}KG#iKC`vVzI|FtC2*C1eaJKJ#Fm*2<^iAy`_z=xu%H zu-+kKb2iR)N33Zy3J?0$MAw2120oKn zY`@BH{n@2Q;qnZo&hmcPud%kV3Vioo!Iy$fT#iG+xy~$!Rj3(nS`hT)m%w{(S1ieZ z5c1yn_*KRpKC$X#J0p12j0!Ohxw?-jaP?Hzgf?@hT&y#sd*o7U=Bq6cxzFrM>Mu&* z6pzjZyf&mFQ?0FK7ec!DQwAFbJ2H;}QsK%7kdMSuuM*7?eFZ*tbYS!_ESv%tHD)=UHw*4`@5MI-PvF4fuyvs)n$ljz7VSW32OXn$#4@n_-_p_(#rh+hex z5NA)dZ?I?lH-`}x_Z;<&8iCUh2HSAdi&UBH!_FFOWmUyo!;(v)6%UL%A#=|Tv)9^P zurqU~!~sq6Ph0?L&?f|uCrwhSw3K0 zg4l$-V1|)j;s)^}_&9nbGJ)Zkhx%!nA0E+C9aU2Nt4YnGgpRZ^oVNA=*_7Mshpj%m zJrD)sl*x_huVP7x5hERK3mTTey-XfE)0+J7Et)_BUKq**yBL^6;e`Jxzcv)W{6a^;NVIke)$|l!Jq5RzKRi zxr#>zGV(wEP;*lo*zd!^U_#rs$@}Ke`mt#`C^BT6uOClC&h9GD(D}kEI3MsMKo{2j zQ!acvIYLB8jmAkj1B+^e(;oXDAa1|~&~b7d6`>hS&wui&dilN-c{?(`P~-{|%gYbH z-M@6IN{&s{7YgWmKz;mG<)-JcV2c%y;RZ|Z`uzkcsI#hXU}0-u9`s5hIQTEw?9sd0 zr5tOD5`6qsbXS%%M@3g7#*dAwtB>esT~>XR3$EpBuX^qaQsW3#mxmDsUH$YI9rcipeY5CQDmd zqyMIgIcX()j=9&$sw4vn*?*cnzw<#cj!7nu(92t8LZ!`^o2*ZaSz}vO%<8PPbSKc0UOr}gIX2YGn()Dx(H|Sotn{XTkPx(+MTa5_XT_Hf* z$o@(MLRYA7q;h9rxpj(P_pu|Z>_ZSHFBQ^1`s9qPnC?!7ypph1nXPQ3`?b)WD$d|GYo)}xHWVvE3KON1l#20Mp znA4=!S2rgXCT7tiG*)Y6Y@x7J*ecQS!!IOAY zcmkMJ19R?QXs%;4J4h+BPC*r)AfA*?s&J@OQR1Sd$dWr*qF9}5+HfM~Kwc{zHw0c? z;~B4dozFzq@@7gN!l*9mt?{yh?50+f1&-l3_%pE}l()W*&{OU;j`U+`p-j(Bge zDCL?^&tSJnGE0sHbClD F;BR8aVf_FA literal 0 HcmV?d00001 diff --git a/dogfood/files/usr/share/keyrings/microsoft.gpg b/dogfood/files/usr/share/keyrings/microsoft.gpg new file mode 100644 index 0000000000000000000000000000000000000000..0cffae08d061d6ae8959b4442dd2dbce26c340e8 GIT binary patch literal 641 zcmV-{0)G9O0SyFJF<6WN2mrt;hGAw>aTw8-&ZU0T;kCvj9-@p2hRX&3tKIp#mk44K zWSkQ%c4{HQA}s#tsn;1=(LHS^JIEF`F{wkR(&D>9o|7yP=~Y+NKK3;C`4axI=rYyq zrB<*k)BskBDEsDx5Yd^pAvz|*XxLN^Rs1tKcJz?E$yQpt@e`p4a|{c zMCET7wg8i5k#M`dMmXStEMdYRelqXC@i+Karv74@Qsaue67_2{MmJAUtPq zXLDs^b#iHRc|dJxV{&hEZ)S8ZV{dIfi2*eP69EDM9|ZzdF<6WO8v_Ol2?z%R0t6KT z2m=Ea0s#UZ0Rk6*0162Z>pqmNz7i?V8k-0IeXlDmy&evAAJ<zH{duFkO6N3 z&j)GB_6-&>FO*4L(_oK+UEBCNPtqruWb}jtrH<)Fo&NESBL93CCK@(!cM{sFL# zl3lGc*OY}TPJY89Y`5yhtDjdGdR`sF=-obeZ6|&)Q?JB*^tR`Hs`bI;7%7s23ub3m z2fb~VjF|gS`dseajhzmSVAqkLq?Lzd-||b!CPpP=s@8rTvf6|&1HsVQ^$#~j*4_B z^wo#Yk$Y085z>xnXPh*YyXCM?X!Pz34&qQJWF>^y#mQ?Jy36e=iZ;jd+pzLw&Z~qp z9J+_wM!!;)U9TJ>|{QL461&b!QjK$m6TSoI*Z?BZZUGed_%I zq@w4C+YUK7V*G66P1FMCB=1(Q0v{fk--rSn_+rv#2P+VoJ}C|S6~o~oM@taQ>Mq^X z*FGXUmgmLfb&~)Q0RREbAxvR)ZewV0VPqgsP(dJOZ*m|`Wp8$AZ6HukK_FCRVQs>} zcmxvx0stZf0#u33qXHWP1`7!Y2Ll2I6$k|8!UY)ML z?f{O&>KSG%w!M&okwu6`ShMAUxoz)SabFLueiM$KoUDI zx!sM%wVVU={@k`?+zS~>77|toi>_NThL3?qSo_W5_Z>u62g!RHUcPk*2{p^0b>g{i ziDBYyHCIbR6O^dmyn%PY9&_=gKp zB2Dn)pL>}Y{`@YqQu8<*4#ucVWl@T&o5F~wef_KAIEV1sIIj~eCi0EgcN%>#{rn3}1Kqr1_6^$8%9?VPE|Luu{wV46z1K0qY z)(wi}yw|tNeAvYIe{9Y+h3YF|_DbZK{aU{)%!HvAI@XQ2l*@_?a{eX+*?xmo{IGSL zN1<|7K7vgV+wglAXB-kGG=3%>aS;zFV(>)(XAd33BS8gDHd1>i`I4$HM@B6louE|l z9S<|tIVype8a)U%K+6>rhV*aiCCvU^oE*b!t)6Up6TUSlF!29uX6SH&*c! A$N&HU literal 0 HcmV?d00001 diff --git a/dogfood/files/usr/share/keyrings/nodesource.gpg b/dogfood/files/usr/share/keyrings/nodesource.gpg new file mode 100644 index 0000000000000000000000000000000000000000..4f3ec4ed793b397c15b9cba46c45cac6315dcc62 GIT binary patch literal 2206 zcmV;P2x0e`0u2OHn zGb2pT0FAJHnQ9LOen#@%F5|z&XQSYC`H_RzY$X#LGtDigk9KP_M=>ehkUPDXTu;B(V3ubAZ5m-sKU^kff*x~ zZ`Cm{)>!{y$rAt(0RRECA5L#%Wm9i;a${v6JZErcKyGhjWpi(Ja${vKV{dIfi2^tT z69EDMA_W3dnMyIxRsH;0PMkg$clS^{YTdUXw+PSWLNu=D0z2yO(O z_L)x-nN}nt%nnbK_KGzgha(e!#vOg#< zDV3pDqn*)=Wy$Atk^4+1CMYk-4;}Z1C+o<{-7M|O=%x6uUWppkB0=VIvbXoDGIP-N zq-m;2y#N%yudo`pz(4g63%S%092Zt2H^_rSC8@r4%OuDm1PL6`jbBvv&sE@N5AEzZy|9o#Den98Na`3}LhG;}Feurl9!o_En{3W5c`HWwC zvSc;MaJ?9&zEC5mh?eByw7&Ppa*vpR17SkBOr1P`{D)bx#<9JOtw?%LWi~MSqr{D{ zNjSP_F1-9@r_I*qq@)UvjrYg^>X!8+E} zMwR_59u1pS&LPPvZk6#cM&0>l7ErehWFIuqaG#&4Ss;8^akyF#TUGg3cgWiK74@o9!uIFErdKdjjITX|v%3 zUsg#~(bn4CnDl)bGku-5sX_4x@XYO}ba)la7GdHy$Y9)s2Tbpjc2)mqec%8wK)oeH zzf1hLr$%$7#PmA*m|+E-0|z^d;WJU%OJiZtIE&iROSaP6d~Rq$Tta(Ayl`-c<|&nfrwbw=OFZp*dq>L1av);N3wE+aeWA@@&(c_& zN2PxK=Q;j}EHb^6r7iLOnpdDXB(?$@3;+rV5EfOSt7unZfP>Hw0GwhUD@R{&F_wRZ1~2By zI%84XB+wDNIiGz3sLe0y#;2Uq6F0%fi_`)PxM*cuSB7^?5x?|R&E{jBF|dT)L!2P; z)Q-A^MBsW8jj{Dwp5ygBlBh3#1Opok&DJ21f%;F@xWJMBAp3s0;Zqb`x1+?$GV+=x zPki{BDcOI}xZGi?mk1f9TeS^apSix1lpg*3{%l*6d2`~ur^_x;oamqi;R^bh#Q5dw=z ze+M&hc}-v|&mj?`V^PuBYxBa+-Mi+nnag z9eQ6NssJ;!_Nnu}AX&>9GxCH~+^$})WE9M0H`$0SR}BL08A;u-$u3-jNK{Z@SnEeO03#02lO?o~>rC*DA4s+0G#EbI&sEr!W(OV literal 0 HcmV?d00001 diff --git a/dogfood/files/usr/share/keyrings/postgresql.gpg b/dogfood/files/usr/share/keyrings/postgresql.gpg new file mode 100644 index 0000000000000000000000000000000000000000..afa15cb1087de3aaad67e6d95989eb21b7501377 GIT binary patch literal 3494 zcma*nXEYlO!^ZIlDq_VdY816<&k`zP@2$0}t)NBiL-=9GfZ@+Xn&R_lzyYq^^jnS2d*%!PjR z2g1^bzvXBziWS@{+O>q`Kd-UCH(&ZZTSg1Iwg5j2l~4Mt@~1? z8;^e3LduJLEtOb;EA+*D#PS;|%(9oOhS@agx%J;Rhvq-0>Ur$CTJGAx=0xtN*;dqC zKG?%kfZ{l@tCUQW|C`iIG?@JHXH(@9`A2b)nd4G0(+(<6L#w;*R|OYznjba%kmcvW z!jz}JhKr|mbuB}0C1ha7{>U;uYX2tYtobtK>s>#e47llH?Ax7i*$7|!+D$s?C15rA z{hT`w5}VK*zb1rcPT)YRPpmwN>%`B9GP^l%M}%Hif*9!0tEnOhXI8+M|U`{pJ?y zxYMLiH1WAx_CG}I!Rjm-1@hsVhp|V`deV7k8`RQG}ReZ5x6Z8M@Qml z(B3EfmW~Q4qz&AqpLYK?eh6n;$rnfN0_aHqB#j&4S~|8j&%QfB*_Wc2aUGN)QDpIWw3NL`8lVNJ;_#a*+U8LhkaA;R3>P3XyrEluJc8<7VN_Zjo@}E~Zp+;B(VuE!&~v*Pc#&$uoGffEV5pIOE@~>a|+a2XFB#o;z#@s1f?TD*!%oPdHPz7uE)No_%jj zB+-&N)YMWbkRnZYPoj&@-phG{N(|Y>y<~)YjxLLjAMwjlv?>nU67qU_A$YYIuIfEZ zU|zg+{rdU4eMtFWTMX!UJILI`!lXZ-A$xA4n8tkH>JU~68rLDVX$IwoU~l#H#|w<= zcx;-SR`!~|U2?EyRf;mb+hkJA=qtFTF6ZqMJe8|PGExT2T{6czF;o!zzPx$Wq@lpC zOGDegs==H;R*BWy>pcZED$F>NU={+w74i{y#*Lx!2Y>o}5AW5QcA1gKZ>hb|!L9{k z@AHjN*_xY#MQ$E zZ>kx-eyAb;Lr3%y6mJ0!ZfOc>SeAvWf}E-^#ncMp#mmcEYTWC^aHSMW9Su@AW43YL zi#3RF(nK|%i1)gs|Fl!(L02ICud(RnoZW){nrPgt7hm{?Z++6qnPXDi&2>%>zk3*b zThc&K`A11qVJ)}lYT~p*JI|Ih>-&cFB@}dL6I&~Ris=F{P18KnnGHR>pjL8@u(qUf|a0;?b!X`Zd{OHUxY@sLjb*-m+h>za8_Bs zOPlwi3|BXmnfY@m)cPvk^Ufy$n)RQ?yCR(G`6q*~@X(J@?_sZ%orKN0icb_AB z97*|MCL?XNwXc)ynK2}RK`no72V_Mxlk+zsU-^TTf0W8RxPs49S;iVE?+P}=Wa7=v z*~a(QlIS%CMigkcC8fb4?JUtAqGxHYS*=<--U^@R0zxt}Kl+t!ThFGtub>p3R{IgNK3E?(75tIY8jW5ft=)jY1C zu-aPUTHrw{}5PMPh$Fi57lrphs;xS@YoGHm_-pH2^I*&?WW(|aG_czh=Ur1}zS4@-sDMx%bx_VH^Yi)aQF@Bkr6#A*q?p(l&kmlj;+QE3N7z z_*`jgOw;DutA6A4y+1`&a}UWYu;ee?1+-oEShN>ftY6%(G2V^xNMlL4HbnkHRI2L0m$1#!X0sc3?9Odni>pNN&|H#dL~;_N$oAY5pEL$hE&5T6AeDMWV`}=!W{g&^HO$rXo)5C&xx;FARzxn#gG=%zQm=U?V^xlr_;1V5 z%Q7@ECtemEALdqY3lB831Uv53QH!|HFlVaW53f(}MICpBW-BFBJ1HKVih+rL^{W)0 za_V=QFN^Z6>7zR>P}})EM)b zZ#oDZnA$^Z1~4Mf+-W~;8QJ!pQX~NtVWmlE*_8Ma7t;nqtMeS{!M+xy<7107391N! z7@J4tB#vy%%)Gwc<>~HDPH5+pnlfs_&wMz(;@$@0^z2yEcz11n&_PkVQfNl}y#3YL zUdb5mu%h5)JNk|xJj!LND~QA@sHQiFi{6*juGmmYQ8ooluTS9KQOI0yhnDXPYn98YJmZS}h`XL3*G)aeEia-Zskt>4x1`F;As< zaxT9MQ8%~4fY#DSUT6knXGN(d$}0^T=u<%RcI8GO$Iub+U?=QMur?#^ar9WmY2!Q#-t2RfiiA zHAxj1ez^bn;&hs-w;Y|fOeIFn60pADZnQ+NApR!};XwOdyx)L&FYKL1eNINWygwi# zO+okseb-X;p1?zgJ4oHJ6s%p-)tM>9CpRF6A~Pjde}HG$-7%%3?No+q6vF*Zgw$FP z%+#d)Qgri#HjOOS^wdZ`C~#0a8#Hr{P@74z01ugq=k3G5!IRYpYk-s-1R~m< z3JU`aH(00yj{H|dbGg*sH1fU4Pre9-CPY5WBViHI&v;&4|7gf8-STP+Jx zn=Wu12niSnxCuwYz`=$<-T+`}U}|n-O2F;@&zs-Kz=jUs#v2a80fqwn1Be(LM^L>H~Y4mkuxbYDgIM4Jd95d1Ar z9vBiq(jE+f88+g!o!ol&}N?A^Qc$xb3WPWZ-KQe(TA)DV4(p!d47we;O85CEhI6%>`X``ec zt(>fv(?gT^vPqeNsx0nPMV2*?t@@LvF2&O1Yld$ck7dt&F3Ur^hxM&N*#h14hg-{leQ4i*P_n5?XR>^=-AO+C|-v1cdDUGe>ax! z_@fl<27ITL9UyjPgp%apg0S69orWSIJ3T4&P3=dYHGaLaDGGH^{u<3e*-Eq0f$2IX zi_ouxYAxE3?j_lqw#qbLIx7dNwpQBGcalVU7ixTvUM2zH3V&6Ko|;Jj7ID0 z(5X|L(_^Qb3TvH=h3i&JkAgH~koeQt^wGRjJ1MRyZEDfs03!2OK{4_Dz0Q5!xueCn zu3bT`R@+c_8ym9y5d2|fcVLL;j6WW~C)FWA+gaZ1@vSX@y6r!tnVCcEl`PFiy07YP zTOM;JntlSUJwv$w0SXNs?`x3ajl@WOl#`6BxsLs`IETii{5C`Sy*VbZL*VC}%F2@3 z(ec^p*Ze~%dKQxxf3wANzW{pFMg$fMN?4j)m3G&Ty#6 z@!3AsbOiA#XN*9OJMdW$2QQlJLte8~t9M`qy*N4tDV0IS1{#-YqJ1YfZockiGddV} zuPOIw)OGcYx0GqW|vxq>{n(kdvjQlKD?Uyg1svC;MaJL z;o%Uv1?jMpqaU_j^>z|!^~BNhIY9zZLZadiSq1R=52RGxXlY`IDW=yr{gO}HhH>gX zCiwn1A$j}F7O!z!bA%`PB`Ax_*nFh#%smQ`6LALv=A48aTIB)vM8T=_T!0?Radd%I z4Nv^aYFJIkr?!7k$P%K8%|V;@dtavAwT*p9hPyeqRNu~ws;1W{$D_7nm|p~Kj)CV* ztFH)6y{m&rFegl$*sX9se=GC!Xo7f8imh3&^4szD%*kbXXDwYM7-cTh=PB{F{I`lG z4Qow7I|ZrExllR?iMXFf5iQO6UA_a}u!`1{va+rL>Ay%54uTK%^Bd*_@K=KgT(G0eJ9a#Df@|4O|e1e6jEIcz{Na4 zS`~K)x()`GsZK?ukL<86Y7zcqh1}_)Ia{hjp)wbw-i4WG@LxUIMa`jR>0_>7Q?_4; ztI&4tRqewoB}p3X>ZiKZ6*Hk$y7xXaXLd+%BrMw@1Qk+x67zlO=nQ|#^v{ubR*(%a zj0QY;2LBKek4zV;6Ia~qlZxGdZwuJe7JVFz_T3N*)2LWS3oK)vvs%BUnVgNtC^Wi+ zvFUFhi$fdI3w%=rU9NND0{2Ziqt;(BREDTwF0oC9jzrSQ<1N9~i6NfrpR4LE*?})S zKp&gX3Gw_JblO@v_?F>0jREf z`$7RBBo3Y`=a3?;ka2s2x8b?O7Ui?W8L!T<6tyia*>==u3^t?6t#ch(dtwRDJC*5L zVJr8QlK2xTespG*HqJ?p>;3ZGslmRjo7!0!)U&{$+!zO))_6|HGL{y`7V3!4>+g_u z1rx_>g&w6n20dc?{cW%eynetAniQFz_0bw$Ge_Ht^SKYXNwxvj{C@phsVkRguF z!;C$g&OwrQtneCVl3B_{Z>v+%1A{Us+w<=#ld2}j@9>e^Gq`Yh>h0^zC&efF~_-*Dk9uNT~RsJs4}1t(H^yzKd(p4n92EM2~I#UI?rr+#W4cU~OChxxso zg0@VNu$->+Pn%A+yzoC|#q{>gI+V{8i);RLB9(d$QKw69+jKerL66O+n;n;^+AhfY zbDS|%*ZI8lTS+G1k;`lvAtIwdvUObQ>`VtidUfUP>SMBlexzte5fC=wOoqPm>Ye~x zmXm?kXNr5q8(lf#Dvtn5&%shOzSpn33Og)o~`B#VM*z23AR0}jB-Kfmv zp2)!pke!>g$q702m_CC}yF|AIGeQfx4!g=kgtB3*(~@0~{>=RLA2q^7^9^HHt<1Aui%N zBsiE$v6)_9!<5byJzoE&XOpVsae!uF;>6#$G!i2EOi5p8+uJz81KH6`^1fEh)}ioj zJrRi|LnE7^|I1GXp|i#ewaXA2ULMfW_hKB|tU_Mw3^$$HY)foM>1w z;3o<%z!6F%@?m@cbY(%}xIzai67j+wVnWS*q{4G#zBQ5^-xkVr{wUP{@Ua(xw={tk zM_Xj<$q|5ivT&HT8#LGzv@r{Il7@*~!W7^GE{)7#r@# z(iv$VO-G2&hhCCecD8V~X2kjS08Me9ZIrxhDt$B@#WZetw2+ze6XAGu(0fbdR<@j6 zCw+|QCA1NjnZr0=M>8|e2R63Hk@~AXap`FGR(D4zOZobX`|>WIJF*4 zp_C;2^`y0YW9!6ht}!tV_PZUq@Og+)TW9MDBJBmyjC*%X8ZC+ac-vJY#Fh1D^w@?n z7$Z(mf0J+ZN)Z$@4rF~fX(q-2Wo_q0=BI@vp`pvTu&@g7A-%Fpaa2e5sC_{1ZPPt+ zFMsI*3reGds&i=YiUMDvW@K53g^YVu8!54NX~G4Jk?9{yWV3xLgez3gt$={O*$GC!%BuWoPE$ktihJ@JrYdYy@rzaXJ^1yV0cqb0J&pUe=T z^QBvU&JO6BMEYny&98?Fb5p>Tv)Qh98juxR7ZY zqt}iMw%BodA3)jNs+D2o9JTGT$p8ufPM{sknI9;hgS?*wgA4}4D)U?1!#qRE5O^tt z=^5daAp0`FDqk)mE>w`pZvG~JkMx0K!FM7)t|MF?Gdx zZig8hEQ>sW-|MVpt9WmTv_E#K$c=nen>eM(dSr6)#G9_h{c6nH7<>uE0n~A!KgpWO z!Z`ID5%KcwL&$T`KZ$*kEQzeH+P`{`SUOqX_?O(>fkRh&)>oJps+pi0FN+Uf2pN1e zLe~2-N<_YN%?TTr*}HJ6J`O6R0p zjJWv2YiX^y!%7G5jFw;SC`jwfd3k^5Sh{z;Q&V`I+cW_oU^@q8AggM`P5QK?Z~dZQ zXUH`qTz4F?8(ebA4{%50doiz(x6V=B0@SR~hJ_`}DFsv}=r62VD^$AWfAWGkgv2ld zpr*v(*l5St`)%ku%h*$qgx;5SE2m>7Cd93)j2qg~@;Y7o_`kIBS12HwB*w(xP+;h3 zg&>swLneO%^H(OK{U~ssB&m-M*$7{J&PEMa_&L$-o$yDgOZRH-HJ`palQLqJBo&6= z8Uq}xh1o8qK_vNnAITWy1UA<|%JLJhuO}bh-HG^Ny=%Ue21C;fC11a`Y%A?S5Gk%` z*t{4}@7Fu08L&b)y-aF}1ji_X?-sBeh0U!o*K=nlyWYv^Cx;PBsS~Ty*-dnx<2wDN zhWlIgF*QymeuWFQ?~R7JEIZJ3^Q^QGnPiSqYq2`0r_)rn&Ti1S>l1d?__O=jFWk-i z?3o_GcaI`gh6RiF!Cu**?SM?9=PCy~xSpj-gVxt+OU#U?lfoJDISlj0ecPOmjB>it zCZcHq>B|Xb7Tom8aIcw3+;**6hCpF?rrGCEhDc#Yj(FKj31`<1>ibGs?&-IOgc>P z$qKmif$-5Me1FKLm%L;PIN#b40l}dj)>_)e2wy>_Y%-}Q12ac#*qpW>u${d4weXS2 z=C22?u(e^5lE!w*=h28e`W6Y=4(_@;ZUryY@$I=x==Ggv<~wm3h3~`vAP$VBExd~( z;PvphZhQ~k$t3ykjAd$h36)r2k8w_mu=N$nUL@eas5p}v>to)yh%ANu=y37Cn6IO5 z+`Ms~*R+K#q(A9@swK_xpRJ=n1raEu_K`k?w84-zj4n#}T#oNl57@|rk&=RFhjvQD zx1c@NV*`DP6~+%*wo9e2?OVht#}*V=yr?$PyTA)X@qjByrmMoT9|w1^ zs91u#ECi-Xa(mp}Ngt}Y8P*6Dd+Fv%sBLRtScRTJ5nn~)3f3E#F9kVMb;{*YftKI; zWNPlMCPZXfyPwFi_K_gk=pmafZfjqe(QbGw+-6xR;vy&+ zhH?v1-`0hSEnI1m$&aSI=(O`d$dHN8x#{8k1s?v=k(8rA7=PS%l}r>&ZZpkoj&d-p zD219ZAyu}~_Nplk>jRJ3Ml|SM#-xU570@nL$(G#65dl(?0cwTtqYO+LoS}gt(7z{KSY&+WFhan!@ z>G^tHDnjTmhAkE^z8^U&;oBiV5NVx$D6elKfT0!je!N*pO6d>=(C@`NaJj&WD%WfV3Xo;R9i!2&-(N#Y;9{DL2O0Smt7JoPE^l}I zFZXkp_YtWfG67ir_WLFUdOIB)rsxHi)_I(xNhH&JW1IVS8b7$89;dd?e4RESe@n@E z&lJ6h^0hQoQ~n%bu}OHwG4czJfRPObe0~)3jy`Q6o1g zaec6*88EUwexQa^*u~O2#_XSiqh#=b%4}3-35+q4Z9_prNR&=G*c(MWdzS!zL9tGs zmP5z#N8<8NymuGD0kgMLtHSFpJ=%8J&eI{4j0aE*H`|c@;@lzGp^F`i@tmJr;<>4H zW>L3rTdpFL3}r#s9Y$w$^|5Sn^R4heSb9}*?ka-sCl?dg&HUR|>$Cmpy|<;v8zrEsy+ zOSY-LGEmLbQ}9UxxdubhyAzhHo5w|Q47Q7Kef=hR!_SB8bqiK0`-G-oQAzNki3jp~ zHlfY_=-Dgjb|qY3^cdUs|J_#p#^PUX1;m9G=>O4H{?7ar%#PEn&F^oSeM&flZ?`=f zC=*uyzz`rB_LZy&)%QgBRwTJF=@8(4%)Q23ZE$)88fy}?-JEj6*GWt2APeyy)4B}4 z!QhRV%^nzieU&B_!f|BYPe98+ozXv-p89$?z zV7_4J)As8)ud@lf`xjdABB$7maRrR3z2_y$LJsU4*qiDXWEscCs?5$@qcTsw?oy?( zonZMl{O30rMI9MB0MT+QyOd_B$%HBTL*j^a*=}XEGgzsT-6s5kX~Pgyx?Hzkl{hhS zDZIYADzpYM9EuOma_KI!o}uoodbW|*XjQ0TxSSc=T-5}Xt{sp5dVVwNN^zo1@xfS% zPIZ>1rQGiPBu19v-wU$FM3>C<)=OT7v}jx0!8Ua`lxAaL9Yv^~Lq$RPatlW>Us?1F zIGO_hs;rS~`7INnfq?52s5^#z-m;EwuNC-5;hK8W2~7<_9`IHO>2jTgOX^*(t zUWV!Ci)g!UTlrahneJI}tTqE#nxsEOWz#ZaO&VE^ zB8>JwlC;+v0G*~Nu;yp$P_UBpQxA{@I^uN>^we9=)>@!pl4>TOLh{zS#isard{aXwwKI{iBs)K>aG9 z_hyLeiu=At3a(n`!hr50y$ct)onR&|oFd^{A~b$4<7^956ew-Q?=wj~ClEKN_WXxm z7f#5ehjzvwm$gkILS`I>$%+dqB{eF##kY+mH@t)&Q>}LwI+{G})Z^jM7Xqnj9aD1G ztXxY7Zb0^O-26e68XS<1+-VBRTHqnF9SZTjgj}m8EBGtcr+-ro$d>XbDfScd?17U^ z>;|oE2wn62XLQTi_;8hgLYLT!xq8V{a+PiFADmUU&#gl7IBZ|>fbHSMKr$T$7Kxg7 z7KRdn-~A1PvY@ghH9OB>a=+nCA_p)~(CWl>0+V>%#!+HGo>hQ|M8NHF8Wz|j%(w$F z0ocQlzvA}$1Ar}Y2TXsYnQ#!3JU2K~7l)3I<;e>Qiaqi4lj+PCt$4(!DZZnjM4jF> zI3Glkb~;}Y15_5sE0wCoiehGms)3ZuoBI0dwyVR4Sf8LpJs`^3jlCTlh0d4KdWic1 zo~<*P`a_sY94qd%v{Qe?9j#T}WZr1^CaP)0xgrVOI!Y#Jj_W=?l3NP2ranfs6)>qv zCHlKQe)WjCL+rO8GPNK*xQggI*`afDpc-0T+UL-?3N6K}Hs2Lha(?6!Z{@+T*)k$8 zFSj+vy-y#!%C&2qMY0bx_9{A*CQO(iTQ{L)Cf)AC)nLRPZ^)bew^p?Nbp#{(M=0oo zVE?S97OG9v9HWpOE&u*)0|x<2dj^3+!HLe^|GUJ1{Jn_%&Cy@S5FewPhW+Nn^PfZb zwtK1C`iwgD?6uZ}-7tjJ^+bzR@x!|S`eN-+c#?QNMf-S(qT|Qb66=eVyPLV39oI=# z0Zt8~Pc965gBhzs{esu232H=IZhwp-<`OXXmbCb4-Yo8G!SZP4ymA!~QN*Kxn^X`M zeQp|i8&9Q2O(U;f%+gb*Ni7U?0Qdj7%xUa1e8tNh^v8n=plcF}ewB;<@)MLlBNYHH zL$7PW?zISli>uiug|fl`&JhR|%{IJLIY=z@lk{$AE9kmmokfvC0#n#VYVVBaIZN~k z2^qvtHy~wk28JS;id~nqe0)25bYsb@fD#gY#*=sO0r?!zUZ*^N@}=13?-aFV(s{kEfWLu}V@B@n7|z5D@N!kpLM}?pH;%0UOPu*F*PKnfOnGy2c>|DV#U#rQBdP7?nsSqb8kK1_n&1T14u!_6-M9E@KBI>P zY{wcS`(s4r&qfc_AT>C_*+{bzQxYlbpZCK^t~mQ+$33HW95=GG24;i zKBDwFBNM7?1Q&eABx6?1sf-;&>+>aGvmhGP9gXTUopTbO+eoNb!6w%ArkOYoHo_RfN&msyqj~ zG?H!p{p)Oj~(}Y%SElD z+jPF>WEGtwT^#tPQolSU{<@Y{dBh0@{em}?6_-r`8OHQbz#pvj0K@ITn)KOk`AfHo zYL9gvQ;pGwcuY`CZb3Hf;(4qierp(Yovt3edy<5qZ)eesqtO#_$ELmlSm-yaZ1r&x zSpa`(Xcp#~UI5BAXo8TIkaFgu?FYlJRJLw#uVrqGC~XEBoMZeQ1VmMA?`R**c_&Jq zK5ZRQ@R&K;8n(c34n>IUu^W8h9}~ad#F~`EuZk9nF>oBkbamhAiT1OJl6r2aY!)q( z4Fva%bvS<*rOF3>ZsnS-zl$_@8bw3R?_*50Z}TPhl?bWiEmt_buLDE%{L40MkGB8V zCQo1_kzx>j_yh)#&(0p1Adfk!DFdp>o=c*ekgh)=p5G+&Kwnz zqFg;`* zb@un^WMU=jaKtzw#Wxa435tt6za&Q%+7Yk1TCrNmy2p^WJz|&LWSK^7MdKIv@$vUj zU`Z?we|Srs9K=k^j(ypPGx-jUZ!{^_lroH(j>;%^^(QOmqZ!VUOmjXhZDtJJK=0RX z1BSr`BWpF?@2ywIZVBp)X$mUw_@X=%7gX*a(molegA^2RSo0R4FxF5lpEuj0C4>WW z=vC(_wEkeki55~~)s@CyS(9Z*UL}Ja3_EJw5xavv?IN|7Jpmuf%I#*+NyNN(D ze(~iHK~{mJ5g{s+P6G)*O2Za#pg1!TR?0(ziQ&sTX7K$qcD0;4(742+^g(?BqXzMP zpfr=vl3y=8ZDQgKtSA%FL^(H=oY-z+n~vYc8rtr*J3Jo>k!UE1Zyk+Zaz!svj7VTb zMa^cWWB??R8W90l*h&3TNj{~Yy=^Zkc)yrcmXaBYv$(@fg#x9$Xzvj>T~_Cxu9My| zIN8(E?1-y=>y>rUi=|DEwJa(j`D!}|fYB==zb{wukGbGU+MP}ZB4*j!(hSSH;Ba7HSmkCAm6dST}hwr+5 z9Gv7C4A;to)x5+oKp<`o#=_R1M4*_SS@HQ2Dpvt*i8r3%_X@V@cWO~MXf9EiGX6{h zrcsZfLRLh0GNHy}F!AJ_E?5y_VDoUi`I$iv`wU^yGbl=~q^2F&OIj3Yk%SMG77;N_ zLe7!cA5JypRupFveX{*b$&}7-8on>(V^%^7t++iP6-pgNXoWE%D1Hd9xwXlm2JtIb zECN1K;F?p2Oo^~A=z=CdqAMq$-D_LO&Qs9cGdE=sXL27(;r`mD4JYdb59amk za&3g#S=;HG6&|^%u*s?gLj7&D^5GBnPhW=OmV4_tyr;!GEvZ~CAo|r`KR7V;La45y zB6w)Hp&8_p1&KkuTWg1K{L&GjVI|!V?s3L)&^S(u)g+%

Prd+gVg-ef(8q}3NjtFhH=g9%!QZ5Oh0K4hD6Ko`dY5Nan_G=W`8Y%{6n zTYI8+Ku)0vJHzP=js*-}jfPt+1U+ru1t?0BIHv8u z$Ju9_BN9UXS5Cl?!D7+tPWFU7)Fs@lYvjh6;-2=Rf;YH>Q>l2x^e?|*QzIGks)B+R zPuZ^9n$@v~0gRFanxtd1ye|cz2$GY`I80U-`*)8v>_)&wS(Yc}OhEt?eeqcKQL(3O z*&jjQNlz&_q7HT>QWzGvkhvV9NEMF2bDvcSpWb4 literal 0 HcmV?d00001 diff --git a/dogfood/main.tf b/dogfood/main.tf index d5439434f8..034be9006b 100644 --- a/dogfood/main.tf +++ b/dogfood/main.tf @@ -255,15 +255,15 @@ locals { registry_name = "codercom/oss-dogfood" } data "docker_registry_image" "dogfood" { - // This is temporarily pinned to a pre-nix version of the image at commit - // 6cdf1c73c until the Nix kinks are worked out. - name = "${local.registry_name}:pre-nix" + name = "${local.registry_name}:latest" } resource "docker_image" "dogfood" { name = "${local.registry_name}@${data.docker_registry_image.dogfood.sha256_digest}" pull_triggers = [ - data.docker_registry_image.dogfood.sha256_digest + data.docker_registry_image.dogfood.sha256_digest, + sha1(join("", [for f in fileset(path.module, "files/*") : filesha1(f)])), + filesha1("Dockerfile"), ] keep_locally = true } diff --git a/dogfood/update-keys.sh b/dogfood/update-keys.sh new file mode 100755 index 0000000000..9ebaf77bb5 --- /dev/null +++ b/dogfood/update-keys.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash + +set -euo pipefail + +PROJECT_ROOT="$(git rev-parse --show-toplevel)" + +curl_flags=( + --silent + --show-error + --location +) + +gpg_flags=( + --dearmor + --yes +) + +pushd "$PROJECT_ROOT/dogfood/files/usr/share/keyrings" +# Upstream Docker signing key +curl "${curl_flags[@]}" "https://download.docker.com/linux/ubuntu/gpg" | + gpg "${gpg_flags[@]}" --output="docker.gpg" + +# Google Cloud signing key +curl "${curl_flags[@]}" "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | + gpg "${gpg_flags[@]}" --output="google-cloud.gpg" + +# Google Linux Software repository signing key (Chrome) +curl "${curl_flags[@]}" "https://dl.google.com/linux/linux_signing_key.pub" | + gpg "${gpg_flags[@]}" --output="google-chrome.gpg" + +# Microsoft repository signing key (Edge) +curl "${curl_flags[@]}" "https://packages.microsoft.com/keys/microsoft.asc" | + gpg "${gpg_flags[@]}" --output="microsoft.gpg" + +# Upstream PostgreSQL signing key +curl "${curl_flags[@]}" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" | + gpg "${gpg_flags[@]}" --output="postgresql.gpg" + +# NodeSource signing key +curl "${curl_flags[@]}" "https://deb.nodesource.com/gpgkey/nodesource.gpg.key" | + gpg "${gpg_flags[@]}" --output="nodesource.gpg" + +# Yarnpkg signing key +curl "${curl_flags[@]}" "https://dl.yarnpkg.com/debian/pubkey.gpg" | + gpg "${gpg_flags[@]}" --output="yarnpkg.gpg" + +# Ansible PPA signing key +curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6125e2a8c77f2818fb7bd15b93c4a3fd7bb9c367" | + gpg "${gpg_flags[@]}" --output="ansible.gpg" + +# Neovim signing key +curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9dbb0be9366964f134855e2255f96fcf8231b6dd" | + gpg "${gpg_flags[@]}" --output="neovim.gpg" + +# Hashicorp signing key +curl "${curl_flags[@]}" "https://apt.releases.hashicorp.com/gpg" | + gpg "${gpg_flags[@]}" --output="hashicorp.gpg" + +# GitHub CLI signing key +curl "${curl_flags[@]}" "https://cli.github.com/packages/githubcli-archive-keyring.gpg" | + gpg "${gpg_flags[@]}" --output="github-cli.gpg" +popd diff --git a/flake.nix b/flake.nix index 172f91d271..82e633fcd2 100644 --- a/flake.nix +++ b/flake.nix @@ -75,167 +75,8 @@ zsh zstd ]; - # We separate these to reduce the size of the dev shell for packages that we only - # want in the image. - devImagePackages = with pkgs; [ - docker - exa - freetype - glib - harfbuzz - nix - nixpkgs-fmt - screen - ]; - - # This is the base image for our Docker container used for development. - # Use `nix-prefetch-docker ubuntu --arch amd64 --image-tag lunar` to get this. - baseDevEnvImage = pkgs.dockerTools.pullImage { - imageName = "ubuntu"; - imageDigest = "sha256:7a520eeb6c18bc6d32a21bb7edcf673a7830813c169645d51c949cecb62387d0"; - sha256 = "ajZzFSG/q7F5wAXfBOPpYBT+aVy8lqAXtBzkmAe2SeE="; - finalImageName = "ubuntu"; - finalImageTag = "lunar"; - }; - # This is an intermediate stage that adds sudo with the setuid bit set. - # Nix doesn't allow setuid binaries in the store, so we have to do this - # in a separate stage. - intermediateDevEnvImage = pkgs.dockerTools.buildImage { - name = "intermediate"; - fromImage = baseDevEnvImage; - runAsRoot = '' - #!${pkgs.runtimeShell} - ${pkgs.dockerTools.shadowSetup} - userdel ubuntu - groupadd docker - useradd coder \ - --create-home \ - --shell=/bin/bash \ - --uid=1000 \ - --user-group \ - --groups docker - cp ${pkgs.sudo}/bin/sudo usr/bin/sudo - chmod 4755 usr/bin/sudo - mkdir -p /etc/init.d - ''; - }; - allPackages = devShellPackages ++ devImagePackages; - # Environment variables that live in `/etc/environment` in the container. - # These will also be applied to the container config. - devEnvVars = [ - "PATH=${pkgs.lib.makeBinPath (allPackages)}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/coder/go/bin" - "LD_LIBRARY_PATH=${pkgs.lib.makeLibraryPath allPackages}" - # This setting prevents Go from using the public checksum database for - # our module path prefixes. It is required because these are in private - # repositories that require authentication. - # - # For details, see: https://golang.org/ref/mod#private-modules - "GOPRIVATE=coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" - # Increase memory allocation to NodeJS - "NODE_OPTIONS=--max_old_space_size=8192" - "TERM=xterm-256color" - "LANG=en_US.UTF-8" - "LOCALE_ARCHIVE=/usr/lib/locale/locale-archive" - ]; - # Builds our development environment image with all the tools included. - # Using Nix instead of Docker is **significantly** faster. This _build_ - # doesn't really build anything, it just copies pre-built binaries into - # a container and adds them to the $PATH. - # - # To test changes and iterate on this, you can run: - # > nix build .#devEnvImage && ./result | docker load - # This will import the image into your local Docker daemon. - devEnvImage = pkgs.dockerTools.streamLayeredImage { - name = "codercom/oss-dogfood"; - tag = "latest"; - fromImage = intermediateDevEnvImage; - maxLayers = 64; - contents = [ - # Required for `sudo` to persist the proper `PATH`. - ( - pkgs.writeTextDir "etc/environment" (pkgs.lib.strings.concatLines devEnvVars) - ) - # Allows `coder` to use `sudo` without a password. - ( - pkgs.writeTextDir "etc/sudoers" '' - coder ALL=(ALL) NOPASSWD:ALL - '' - ) - # Also allows `coder` to use `sudo` without a password. - ( - pkgs.writeTextDir "etc/pam.d/other" '' - account sufficient pam_unix.so - auth sufficient pam_rootok.so - password requisite pam_unix.so nullok yescrypt - session required pam_unix.so - '' - ) - # This allows users to chsh. - ( - pkgs.writeTextDir "etc/pam.d/chsh" '' - auth sufficient pam_rootok.so - '' - ) - # The default Nix config! - ( - pkgs.writeTextDir "etc/nix/nix.conf" '' - experimental-features = nix-command flakes - '' - ) - # Allow people to change shells! - ( - pkgs.writeTextDir "etc/shells" '' - /bin/bash - ${pkgs.zsh}/bin/zsh - '' - ) - # This is the debian script for managing Docker with `sudo service docker ...`. - ( - pkgs.writeTextFile { - name = "docker"; - destination = "/etc/init.d/docker"; - executable = true; - text = (builtins.readFile ( - pkgs.fetchFromGitHub - { - owner = "moby"; - repo = "moby"; - rev = "ae737656f9817fbd5afab96aa083754cfb81aab0"; - sha256 = "sha256-oS3WplsxhKHCuHwL4/ytsCNJ1N/SZhlUZmzZTf81AoE="; - } + "/contrib/init/sysvinit-debian/docker" - )); - } - ) - # The Docker script above looks here for the daemon binary location. - # Because we're injecting it with Nix, it's not in the default spot. - ( - pkgs.writeTextDir "etc/default/docker" '' - DOCKERD=${pkgs.docker}/bin/dockerd - '' - ) - # The same as `sudo apt install ca-certificates -y'. - ( - pkgs.writeTextDir "etc/ssl/certs/ca-certificates.crt" - (builtins.readFile "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt") - ) - ]; - # Required for the UTF-8 locale to exist! - extraCommands = '' - mkdir -p usr/lib/locale - cp -a ${pkgs.glibcLocales}/lib/locale/locale-archive usr/lib/locale/locale-archive - ''; - - config = { - Env = devEnvVars; - Entrypoint = [ "/bin/bash" ]; - User = "coder"; - }; - }; in { - packages = { - devEnvImage = devEnvImage; - }; defaultPackage = formatter; # or replace it with your desired default package. devShell = pkgs.mkShell { buildInputs = devShellPackages; }; }