fix: homebrew packages now installed in two phases (#395)

src/homebrew-package/devcontainer-feature.json

@@ -1,7 +1,7 @@
 {
     "name": "Homebrew Package",
     "id": "homebrew-package",
-    "version": "1.0.4",
+    "version": "1.0.5",
     "description": "Installs a Homebrew package.",
     "documentationURL": "http://github.com/devcontainers-contrib/features/tree/main/src/homebrew-package",
     "installsAfter": [

src/homebrew-package/install.sh

@@ -1,6 +1,8 @@
 #!/usr/bin/env bash
 set -ex
 
+source ./library_scripts.sh
+
 PACKAGE=${PACKAGE:-""}
 VERSION=${VERSION:-"latest"}
 INSTALLATION_FLAGS=${INSTALLATION_FLAGS:-""}
@@ -33,6 +35,7 @@ ensure_curl () {
 }
 
 
+
 install_via_homebrew() {
 	package=$1
 	version=$2
@@ -42,12 +45,19 @@ install_via_homebrew() {
 	if ! type brew >/dev/null 2>&1; then
 		echo "Installing Homebrew..."
 
-		ensure_curl
-		curl -sSL -o dcontainer "https://github.com/devcontainers-contrib/cli/releases/download/v0.1.3/dcontainer"
-		chmod +x dcontainer
-		./dcontainer feature install "ghcr.io/meaningful-ooo/devcontainer-features/homebrew:2.0.3" --option shallow_clone="true" --option update="true" 
+		# nanolayer is a cli utility which keeps container layers as small as possible
+		# source code: https://github.com/devcontainers-contrib/nanolayer
+		# `ensure_nanolayer` is a bash function that will find any existing nanolayer installations, 
+		# and if missing - will download a temporary copy that automatically get deleted at the end 
+		# of the script
+		ensure_nanolayer nanolayer_location "v0.4.29"
+
+		$nanolayer_location \
+			install \
+			devcontainer-feature \
+			"ghcr.io/meaningful-ooo/devcontainer-features/homebrew:2.0.3" \
+			--option shallow_clone='true' --option update="true"
 		source /etc/profile
-		rm -f ./devcontainer
 	fi
 
 
@@ -63,17 +73,35 @@ install_via_homebrew() {
 	su - "$_REMOTE_USER" <<EOF
 		set -e
 
+		brew_safe_install() {
+			local installation_flags=$1
+			local package_full=$2
+
+			# The reason for "--overwrite" flag is to not fail when a similarly 
+			# named binary is already linked
+			brew install $installation_flags --overwrite "$package_full" --only-dependencies
+
+			# The reason we first installing dependencies and only then the main
+			# package is that some packages are big enough to reach the linux 
+			# open file limit. While normally this limit can be changed, the current 
+			# devcontainer feature building phase run unprivileged and therfore 
+			# cannot change the hard nofile limit from host machine during feature 
+			# build time.
+			brew install $installation_flags --overwrite "$package_full"
+		}
+
+
 		if brew desc --eval-all --formulae "$package_full"; then
 			# If a version is exists then install it the regular way
-			brew install $installation_flags --overwrite "$package_full" 
+
+			brew_safe_install $installation_flags  "$package_full" 
 		else
 			# unshallow and extract as last resort
 			echo "Unshallowing homebrew-core. This could take a while."
 			git -C "$(brew --prefix)/Homebrew/Library/Taps/homebrew/homebrew-core" fetch --unshallow
 			brew extract --force --version="$version" "$package" homebrew/cask
 			
-			# "--overwrite" in order to not fail when a similarly named binary is already linked
-			brew install $installation_flags --overwrite "$package_full"  
+			brew_safe_install $installation_flags  "$package_full" 
 			
 			# attempt to remove tap in order to save disk space
 			set +e

src/homebrew-package/library_scripts.sh

@@ -0,0 +1,179 @@
+#!/bin/bash -i
+
+
+clean_download() {
+    # The purpose of this function is to download a file with minimal impact on contaier layer size
+    # this means if no valid downloader is found (curl or wget) then we install a downloader (currently wget) in a 
+    # temporary manner, and making sure to 
+    # 1. uninstall the downloader at the return of the function
+    # 2. revert back any changes to the package installer database/cache (for example apt-get lists)
+    # The above steps will minimize the leftovers being created while installing the downloader 
+    # Supported distros:
+    #  debian/ubuntu/alpine
+
+    url=$1
+    output_location=$2
+    tempdir=$(mktemp -d)
+    downloader_installed=""
+
+    function _apt_get_install() {
+        tempdir=$1
+
+        # copy current state of apt list - in order to revert back later (minimize contianer layer size) 
+        cp -p -R /var/lib/apt/lists $tempdir 
+        apt-get update -y
+        apt-get -y install --no-install-recommends wget ca-certificates
+    }
+
+    function _apt_get_cleanup() {
+        tempdir=$1
+
+        echo "removing wget"
+        apt-get -y purge wget --auto-remove
+
+        echo "revert back apt lists"
+        rm -rf /var/lib/apt/lists/*
+        rm -r /var/lib/apt/lists && mv $tempdir/lists /var/lib/apt/lists
+    }
+
+    function _apk_install() {
+        tempdir=$1
+        # copy current state of apk cache - in order to revert back later (minimize contianer layer size) 
+        cp -p -R /var/cache/apk $tempdir 
+
+        apk add --no-cache  wget
+    }
+
+    function _apk_cleanup() {
+        tempdir=$1
+
+        echo "removing wget"
+        apk del wget 
+    }
+    # try to use either wget or curl if one of them already installer
+    if type curl >/dev/null 2>&1; then
+        downloader=curl
+    elif type wget >/dev/null 2>&1; then
+        downloader=wget
+    else
+        downloader=""
+    fi
+
+    # in case none of them is installed, install wget temporarly
+    if [ -z $downloader ] ; then
+        if [ -x "/usr/bin/apt-get" ] ; then
+            _apt_get_install $tempdir
+        elif [ -x "/sbin/apk" ] ; then
+            _apk_install $tempdir
+        else
+            echo "distro not supported"
+            exit 1
+        fi
+        downloader="wget"
+        downloader_installed="true"
+    fi
+
+    if [ $downloader = "wget" ] ; then
+        wget -q $url -O $output_location
+    else
+        curl -sfL $url -o $output_location 
+    fi
+
+    # NOTE: the cleanup procedure was not implemented using `trap X RETURN` only because
+    # alpine lack bash, and RETURN is not a valid signal under sh shell
+    if ! [ -z $downloader_installed  ] ; then
+        if [ -x "/usr/bin/apt-get" ] ; then
+            _apt_get_cleanup $tempdir
+        elif [ -x "/sbin/apk" ] ; then
+            _apk_cleanup $tempdir
+        else
+            echo "distro not supported"
+            exit 1
+        fi
+    fi 
+
+}
+
+
+ensure_nanolayer() {
+    # Ensure existance of the nanolayer cli program
+    local variable_name=$1
+
+    local required_version=$2
+    # normalize version
+    if ! [[ $required_version == v* ]]; then
+        required_version=v$required_version
+    fi
+
+    local nanolayer_location=""
+
+    # If possible - try to use an already installed nanolayer
+    if [[ -z "${NANOLAYER_FORCE_CLI_INSTALLATION}" ]]; then
+        if [[ -z "${NANOLAYER_CLI_LOCATION}" ]]; then
+            if type nanolayer >/dev/null 2>&1; then
+                echo "Found a pre-existing nanolayer in PATH"
+                nanolayer_location=nanolayer
+            fi
+        elif [ -f "${NANOLAYER_CLI_LOCATION}" ] && [ -x "${NANOLAYER_CLI_LOCATION}" ] ; then
+            nanolayer_location=${NANOLAYER_CLI_LOCATION}
+            echo "Found a pre-existing nanolayer which were given in env varialbe: $nanolayer_location"
+        fi
+
+        # make sure its of the required version
+        if ! [[ -z "${nanolayer_location}" ]]; then
+            local current_version
+            current_version=$($nanolayer_location --version)
+            if ! [[ $current_version == v* ]]; then
+                current_version=v$current_version
+            fi
+
+            if ! [ $current_version == $required_version ]; then
+                echo "skipping usage of pre-existing nanolayer. (required version $required_version does not match existing version $current_version)"
+                nanolayer_location=""
+            fi
+        fi
+
+    fi
+
+    # If not previuse installation found, download it temporarly and delete at the end of the script 
+    if [[ -z "${nanolayer_location}" ]]; then
+
+        if [ "$(uname -sm)" == "Linux x86_64" ] || [ "$(uname -sm)" == "Linux aarch64" ]; then
+            tmp_dir=$(mktemp -d -t nanolayer-XXXXXXXXXX)
+
+            clean_up () {
+                ARG=$?
+                rm -rf $tmp_dir
+                exit $ARG
+            }
+            trap clean_up EXIT
+
+
+            if [ -x "/sbin/apk" ] ; then
+                clib_type=musl
+            else
+                clib_type=gnu
+            fi
+
+            tar_filename=nanolayer-"$(uname -m)"-unknown-linux-$clib_type.tgz
+
+            # clean download will minimize leftover in case a downloaderlike wget or curl need to be installed
+            clean_download https://github.com/devcontainers-contrib/cli/releases/download/$required_version/$tar_filename $tmp_dir/$tar_filename
+
+            tar xfzv $tmp_dir/$tar_filename -C "$tmp_dir"
+            chmod a+x $tmp_dir/nanolayer
+            nanolayer_location=$tmp_dir/nanolayer
+
+
+        else
+            echo "No binaries compiled for non-x86-linux architectures yet: $(uname -m)"
+            exit 1
+        fi
+    fi
+
+    # Expose outside the resolved location
+    declare -g ${variable_name}=$nanolayer_location
+
+}
+
+

test/homebrew-package/scenarios.json

@@ -1,4 +1,13 @@
 {
+    "test_file_limit": {
+        "image": "mcr.microsoft.com/devcontainers/base:debian",
+        "features": {
+            "homebrew-package": {
+                "version": "latest",
+                "package": "mysql"
+            }
+        }
+    },
     "test_latest": {
         "image": "mcr.microsoft.com/devcontainers/base:debian",
         "features": {

test/homebrew-package/test_file_limit.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -e
+
+source dev-container-features-test-lib
+
+check "mysql --version" mysql --version
+
+reportResults