TL;DR
We are using the Git extension for JupyterLab. We want to use gnome-keyring
to cache our GitHub credentials. Following the documentation (and this and this), we run
apt update && apt install -y \
build-essential \
gnome-keyring \
libglib2.0-dev \
libsecret-1-0 \
libsecret-1-dev
but /usr/share/doc/git/contrib/credential/libsecret
is empty, so make
has nothing to do. We don't seem to be the only ones with this issue: see this and this. Why is the directory not being populated?
Details
Here is our (stripped down) Dockerfile:
FROM jupyter/minimal-notebook:hub-4.0.2
USER 1000
COPY start_up.sh /tmp/
USER root
RUN chmod +x /tmp/start_up.sh
RUN apt update && apt install -y \
build-essential \
gnome-keyring \
libglib2.0-dev \
libsecret-1-0 \
libsecret-1-dev
USER 1000
# other stuff
start_script.sh
looks like this:
#!/bin/bash -l
dbus-run-session -- sh -c 'echo "foo" | gnome-keyring-daemon --unlock && exec jupyterhub-singleuser "$@"'
(We don't actually use foo
, but rather an external secret via an environment variable. That's not relevant here though?) This script is run by k8s when a container is deployed; here is the relevant part of the values.yaml
file:
singleuser:
cmd: /tmp/start_up.sh
nodeSelector:
"lifecycle" : "jupyterhub"
The idea is to start the jupyterhub-singleuser in a D-Bus shell so that the keyring backend works: see this and this.
It was explained to me: Ubuntu containers are "minimized". See https://askubuntu.com/q/1173337
Default Ubuntu containers can be easily unminimized but I have problems running
unminimize
in jupyter/minimal-notebook:hub-4.0.2 — 1st, it unminimizes too much and 2nd, it fails after some time. So I decided to use 2 containers — start with unminimized Ubuntu, installgit
, and then copy/usr/share/doc/git/contrib/credential/libsecret/
to jupyter/minimal-notebook:hub-4.0.2. This works for me: