gpg hangs in proxy environment.

[ksaito1125]

The .devcontainers.json below will install terraform in the development container in the internet environment.

$ cat .devcontainer/devcontainer.json 
{
        "name": "Ubuntu",
        "image": "mcr.microsoft.com/devcontainers/base:jammy",
        "features": {
                "ghcr.io/devcontainers/features/terraform:1": {}
        }
}

If you use the same code to start the development container in a proxy environment, gpg will fail to start with an error as shown below.

[2023-02-01T08:54:07.550Z] TERRAFORM_VERSION=1.3.7
[2023-02-01T08:54:08.097Z] TFLINT_VERSION=0.44.1
[2023-02-01T08:54:08.772Z] TERRAGRUNT_VERSION=0.43.1
[2023-02-01T08:54:08.774Z] Downloading terraform...
[2023-02-01T08:54:09.484Z] (*) Downloading GPG key...
[2023-02-01T08:57:11.356Z] gpg: keyserver receive failed: Connection timed out
[2023-02-01T08:57:11.357Z] (*) Failed getting key, retring in 10s...
[2023-02-01T08:57:21.359Z] (*) Downloading GPG key...
[2023-02-01T09:00:21.756Z] gpg: keyserver receive failed: Connection timed out
[2023-02-01T09:00:21.757Z] (*) Failed getting key, retring in 10s...
[2023-02-01T09:00:31.759Z] (*) Downloading GPG key...
[2023-02-01T09:03:32.231Z] gpg: keyserver receive failed: Connection timed out
[2023-02-01T09:03:32.233Z] (*) Failed getting key, retring in 10s...
[2023-02-01T09:03:42.235Z] (*) Downloading GPG key...
[2023-02-01T09:06:42.690Z] gpg: keyserver receive failed: Connection timed out
[2023-02-01T09:06:42.691Z] (*) Failed getting key, retring in 10s...
[2023-02-01T09:06:52.693Z] (*) Downloading GPG key...
[2023-02-01T09:09:53.113Z] gpg: keyserver receive failed: Connection timed out
(*) Failed getting key, retring in 10s...
[2023-02-01T09:10:03.115Z] (!) Failed to get gpg key.
[2023-02-01T09:10:03.115Z] ERROR: Feature "Terraform, tflint, and TFGrunt" (ghcr.io/devcontainers/features/terraform) failed to install! Look at the documentation at https://github.com/devcontainers/features/tree/main/src/terraform for help troubleshooting this error.
[2023-02-01T09:10:03.304Z] The command '/bin/sh -c cd /tmp/build-features/terraform_2 && chmod +x ./devcontainer-features-install.sh && ./devcontainer-features-install.sh' returned a non-zero code: 1
[2023-02-01T09:10:03.306Z] Stop (956886 ms): Run: docker build --build-arg _DEV_CONTAINERS_BASE_IMAGE=mcr.microsoft.com/devcontainers/base:jammy --build-arg _DEV_CONTAINERS_IMAGE_USER=root --build-arg _DEV_CONTAINERS_FEATURE_CONTENT_SOURCE=dev_container_feature_content_temp --target dev_containers_target_stage -t vsc-awslambda-012d3e83ba62a57a96c4db53135dedc8-features -f /tmp/devcontainercli-ubuntu/container-features/0.25.2-1675241641697/Dockerfile.extended /tmp/devcontainercli-ubuntu/empty-folder
[2023-02-01T09:10:03.302Z] Error: Command failed: docker build --build-arg _DEV_CONTAINERS_BASE_IMAGE=mcr.microsoft.com/devcontainers/base:jammy --build-arg _DEV_CONTAINERS_IMAGE_USER=root --build-arg _DEV_CONTAINERS_FEATURE_CONTENT_SOURCE=dev_container_feature_content_temp --target dev_containers_target_stage -t vsc-awslambda-012d3e83ba62a57a96c4db53135dedc8-features -f /tmp/devcontainercli-ubuntu/container-features/0.25.2-1675241641697/Dockerfile.extended /tmp/devcontainercli-ubuntu/empty-folder
[2023-02-01T09:10:03.303Z]     at Aoe (/home/ubuntu/.vscode-remote-containers/dist/dev-containers-cli-0.266.1/dist/spec-node/devContainersSpecCLI.js:1893:1355)
[2023-02-01T09:10:03.303Z]     at uT (/home/ubuntu/.vscode-remote-containers/dist/dev-containers-cli-0.266.1/dist/spec-node/devContainersSpecCLI.js:1893:1291)
[2023-02-01T09:10:03.304Z]     at processTicksAndRejections (node:internal/process/task_queues:96:5)
[2023-02-01T09:10:03.304Z]     at async Poe (/home/ubuntu/.vscode-remote-containers/dist/dev-containers-cli-0.266.1/dist/spec-node/devContainersSpecCLI.js:1899:2128)
[2023-02-01T09:10:03.305Z]     at async Zf (/home/ubuntu/.vscode-remote-containers/dist/dev-containers-cli-0.266.1/dist/spec-node/devContainersSpecCLI.js:1899:3278)
[2023-02-01T09:10:03.305Z]     at async aue (/home/ubuntu/.vscode-remote-containers/dist/dev-containers-cli-0.266.1/dist/spec-node/devContainersSpecCLI.js:2020:15276)
[2023-02-01T09:10:03.306Z]     at async oue (/home/ubuntu/.vscode-remote-containers/dist/dev-containers-cli-0.266.1/dist/spec-node/devContainersSpecCLI.js:2020:15030)
[2023-02-01T09:10:03.307Z] Stop (962330 ms): Run in Host: /home/ubuntu/.vscode-remote-containers/bin/97dec172d3256f8ca4bfb2143f3f76b503ca0534/node /home/ubuntu/.vscode-remote-containers/dist/dev-containers-cli-0.266.1/dist/spec-node/devContainersSpecCLI.js up --workspace-folder /home/ubuntu/ghq/gitlab.com/ksaito11/awslambda --workspace-mount-consistency cached --id-label devcontainer.local_folder=/home/ubuntu/ghq/gitlab.com/ksaito11/awslambda --log-level debug --log-format json --config /home/ubuntu/ghq/gitlab.com/ksaito11/awslambda/.devcontainer/devcontainer.json --default-user-env-probe loginInteractiveShell --mount type=volume,source=vscode,target=/vscode,external=true --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root true
[2023-02-01T09:10:03.308Z] Exit code 1
[2023-02-01T09:10:03.314Z] Command failed: /home/ubuntu/.vscode-remote-containers/bin/97dec172d3256f8ca4bfb2143f3f76b503ca0534/node /home/ubuntu/.vscode-remote-containers/dist/dev-containers-cli-0.266.1/dist/spec-node/devContainersSpecCLI.js up --workspace-folder /home/ubuntu/ghq/gitlab.com/ksaito11/awslambda --workspace-mount-consistency cached --id-label devcontainer.local_folder=/home/ubuntu/ghq/gitlab.com/ksaito11/awslambda --log-level debug --log-format json --config /home/ubuntu/ghq/gitlab.com/ksaito11/awslambda/.devcontainer/devcontainer.json --default-user-env-probe loginInteractiveShell --mount type=volume,source=vscode,target=/vscode,external=true --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root true
[2023-02-01T09:10:03.314Z] Exit code 1

[ksaito1125]

I removed the feature, started the development container, and manually ran the relevant part of install.sh.
A proxy is set in the environment variable.
Running the same as install.sh times out with the same result.
I get another error when proxy is set in gpg options.

vscode ➜ ~ $ TERRAFORM_GPG_KEY="72D7468F"
vscode ➜ ~ $ GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com"
vscode ➜ ~ $ export GNUPGHOME="/tmp/tmp-gnupg"
vscode ➜ ~ $ mkdir -p ${GNUPGHOME}
vscode ➜ ~ $ chmod 700 ${GNUPGHOME}
vscode ➜ ~ $ echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf
vscode ➜ ~ $ gpg --recv-keys $TERRAFORM_GPG_KEY 
gpg: keybox '/tmp/tmp-gnupg/pubring.kbx' created
gpg: keyserver receive failed: Connection timed out
vscode ➜ ~ $ gpg --keyserver-options http-proxy=$http_proxy --recv-keys $TERRAFORM_GPG_KEY 
gpg: keyserver receive failed: No data
vscode ➜ ~ $ gpg --recv-keys $TERRAFORM_GPG_KEY 
gpg: keyserver receive failed: Connection timed out
vscode ➜ ~ $ 

I'm not familiar with gpg, so I may be doing something wrong.

[samruddhikhandale]

Hi 👋

I tried to reproduce with the devcontainer, however, my container was successful.

In the install.sh, can you append :80 to the ubuntu keyserver and give it a try?

GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com:80
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com

[ksaito1125]

@samruddhikhandale

Thank you for your support.

With the settings you gave me, the error disappeared!
Is it possible to specify this setting for features?

vscode ➜ /workspaces/devcon2 $ GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com:80
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com"
vscode ➜ /workspaces/devcon2 $ export GNUPGHOME="/tmp/tmp-gnupg"
vscode ➜ /workspaces/devcon2 $ mkdir -p ${GNUPGHOME}
vscode ➜ /workspaces/devcon2 $ chmod 700 ${GNUPGHOME}
vscode ➜ /workspaces/devcon2 $ echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf
vscode ➜ /workspaces/devcon2 $ gpg --recv-keys $TERRAFORM_GPG_KEY 
gpg: keybox '/tmp/tmp-gnupg/pubring.kbx' created
vscode ➜ /workspaces/devcon2 $ gpg --keyserver-options http-proxy=$http_proxy --recv-keys $TERRAFORM_GPG_KEY 
vscode ➜ /workspaces/devcon2 $ gpg --recv-keys $TERRAFORM_GPG_KEY 
vscode ➜ /workspaces/devcon2 $ 

[ksaito1125]

@samruddhikhandale

I made a mistake.
I didn't set TERRAFORM_GPG_KEY.
I will try again.

[ksaito1125]

@samruddhikhandale

I got an error.

vscode ➜ /workspaces/devcon $ GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com:80
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com"
vscode ➜ /workspaces/devcon $ export GNUPGHOME="/tmp/tmp-gnupg"
vscode ➜ /workspaces/devcon $ mkdir -p ${GNUPGHOME}
vscode ➜ /workspaces/devcon $ chmod 700 ${GNUPGHOME}
vscode ➜ /workspaces/devcon $ echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf
vscode ➜ /workspaces/devcon $ cat /tmp/tmp-gnupg/dirmngr.conf 
disable-ipv6
keyserver hkp://keyserver.ubuntu.com:80
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com
vscode ➜ /workspaces/devcon $ TERRAFORM_GPG_KEY="72D7468F"
vscode ➜ /workspaces/devcon $ gpg --recv-keys $TERRAFORM_GPG_KEY 
gpg: keyserver receive failed: Connection timed out
vscode ➜ /workspaces/devcon $ gpg --keyserver-options http-proxy=$http_proxy --recv-keys $TERRAFORM_GPG_KEY 
gpg: keyserver receive failed: No data
vscode ➜ /workspaces/devcon $ 

[samruddhikhandale]

From #441, the error is gpg: keyserver receive failed: No name and we've seen gpg: keyserver receive failed: Connection timed out from this issue.

gpg --keyserver keyserver.ubuntu.com --recv-key 72D7468F

gpg --keyserver hkps://keys.openpgp.org --recv-key 72D7468F

@ksaito1125 @iLem0n Can you locally run any of these commands? I wonder if there's a proxy/VPN issue.

[ksaito1125]

Below are the results of running some patterns.

vscode ➜ /workspaces/devcon $ gpg --keyserver keyserver.ubuntu.com --recv-key 72D7468F
gpg: keyserver receive failed: Connection timed out
vscode ➜ /workspaces/devcon $ gpg --keyserver-options http-proxy=$http_proxy --keyserver keyserver.ubuntu.com --recv-key 72D7468F
gpg: keyserver receive failed: End of file
vscode ➜ /workspaces/devcon $ gpg --keyserver-options http-proxy=$http_proxy --keyserver hkps://keys.openpgp.org --recv-key 72D7468F
gpg: keyserver receive failed: No data
vscode ➜ /workspaces/devcon $

[ksaito1125]

The gpg command doesn't seem to use http_proxy, https_proxy.

vscode ➜ /workspaces/devcon $ strace gpg --keyserver keyserver.ubuntu.com --recv-key 72D7468F

...

read(3, "\n", 1000)                     = 1
write(3, "KEYSERVER --clear hkp://keyserve"..., 44) = 44
write(3, "\n", 1)                       = 1
read(3, "OK", 1002)                     = 2
read(3, "\n", 1000)                     = 1
write(3, "KS_GET -- 0x72D7468F", 20)    = 20
write(3, "\n", 1)                       = 1
read(3, "ERR 167805060 Connection timed o"..., 1002) = 45

...

write(2, "gpg: keyserver receive failed: C"..., 51gpg: keyserver receive failed: Connection timed out) = 51
write(2, "\n", 1
)                       = 1
write(3, "BYE", 3)                      = 3
write(3, "\n", 1)                       = 1
close(3)                                = 0
munmap(0x7f3f1d3bf000, 65536)           = 0
unlink("/tmp/tmp-gnupg/.#lk0x000055f38b98cec0.049acdb81ea2.59111") = 0
exit_group(2)                           = ?
+++ exited with 2 +++
vscode ➜ /workspaces/devcon $

The environment variables are set, but the gpg command doesn't use the proxy.

vscode ➜ /workspaces/devcon $ env | grep -i http | sed -e 's/'$MASK'/xxx/'
https_proxy=http://proxy.xxx.co.jp:8080
HTTPS_PROXY=http://proxy.xxx.co.jp:8080
HTTP_PROXY=http://proxy.xxx.co.jp:8080
http_proxy=http://proxy.xxx.co.jp:8080

[ksaito1125]

Setting proxy in the argument gives another error.

vscode ➜ /workspaces/devcon $ strace gpg --keyserver-options http-proxy=$http_proxy --keyserver hkps://keys.openpgp.org --recv-key 72D7468F
...

read(3, "OK", 1002)                     = 2
read(3, "\n", 1000)                     = 1
write(3, "OPTION http-proxy=http://proxy."..., 49) = 49
write(3, "\n", 1)                       = 1
read(3, "OK", 1002)                     = 2
read(3, "\n", 1000)                     = 1
write(3, "KEYSERVER --clear hkps://keys.op"..., 41) = 41
write(3, "\n", 1)                       = 1
read(3, "OK", 1002)                     = 2
read(3, "\n", 1000)                     = 1
write(3, "KS_GET -- 0x72D7468F", 20)    = 20
write(3, "\n", 1)                       = 1
read(3, "ERR 167772346 No keyserver avail"..., 1002) = 46
read(3, "\n", 956)                      = 1

...

write(2, "gpg: keyserver receive failed: N"..., 53gpg: keyserver receive failed: No keyserver available) = 53
write(2, "\n", 1
)                       = 1
write(3, "BYE", 3)                      = 3
write(3, "\n", 1)                       = 1
close(3)                                = 0
munmap(0x7f3356d1e000, 65536)           = 0
unlink("/tmp/tmp-gnupg/.#lk0x000055d8a81f5e90.049acdb81ea2.57289") = 0
exit_group(2)                           = ?
+++ exited with 2 +++
vscode ➜ /workspaces/devcon $

[ksaito1125]

The proxy has a self-signed intermediate certificate. I'm not sure how to properly set up intermediate certificates in gpg.

[iLem0n]

From #441, the error is gpg: keyserver receive failed: No name and we've seen gpg: keyserver receive failed: Connection timed out from this issue.

gpg --keyserver keyserver.ubuntu.com --recv-key 72D7468F

gpg --keyserver hkps://keys.openpgp.org --recv-key 72D7468F

@ksaito1125 @iLem0n Can you locally run any of these commands? I wonder if there's a proxy/VPN issue.

Tried it locally:

$> gpg --keyserver hkps://keys.openpgp.org --recv-key 72D7468F
gpg: keyserver receive failed: Network is unreachable

but network works fine and site itself is reachable. Tested it with: curl keyserver.ubuntu.com which returns the full html of the site.
Same happens when I leave the corporate network and bypass the proxy with

HTTP_PROXY="" HTTPS_PROXY="" http_proxy="" https_proxy="" gpg --keyserver keyserver.ubuntu.com --recv-key 72D7468F

---

EDIT: I gave it a try to add keys.openpgp.org,keyserver.ubuntu.com,keyserver.pgp.com to the NO_PROXY variable and now running into another problem.

------
 > [dev_containers_target_stage 4/4] RUN cd /tmp/build-features/terraform_1 && chmod +x ./devcontainer-features-install.sh && ./devcontainer-features-install.sh:
#0 0.253 ===========================================================================
#0 0.253 Feature       : Terraform, tflint, and TFGrunt
#0 0.253 Description   : Installs the Terraform CLI and optionally TFLint and Terragrunt. Auto-detects latest version and installs needed dependencies.
#0 0.253 Id            : ghcr.io/devcontainers/features/terraform
#0 0.253 Version       : 1.1.2
#0 0.253 Documentation : https://github.com/devcontainers/features/tree/main/src/terraform
#0 0.253 Options       :
#0 0.253     VERSION="1.3.7"
#0 0.253     TFLINT="0.44.1"
#0 0.253     TERRAGRUNT="0.42.8"
#0 0.253     INSTALLTFSEC="true"
#0 0.253     INSTALLTERRAFORMDOCS="false"
#0 0.253 ===========================================================================
#0 0.385 fatal: unable to access 'https://github.com/hashicorp/terraform/': Empty reply from server
#0 0.393 Invalid TERRAFORM_VERSION value: 1.3.7
#0 0.393 Valid values:
#0 0.393 
#0 0.394 ERROR: Feature "Terraform, tflint, and TFGrunt" (ghcr.io/devcontainers/features/terraform) failed to install! Look at the documentation at https://github.com/devcontainers/features/tree/main/src/terraform for help troubleshooting this error.

[samruddhikhandale]

Few clarifying questions,

1. Are you able to use other Features which uses gpg signing? (eg. ruby, python, powershell, nix) - I would like to narrow down if the problem is with one Feature or every Feature which uses GPG.
2. Can you pin the terraform Feature to 1.1.0, rebuild the container and see if the issue is resolved? That's when we switched to not using port 80 for keyservers - https://github.com/devcontainers/features/pull/353/files
3. As mentioned in this PR https://github.com/devcontainers/features/pull/397/files, does adding the 8.8.8.8 nameserver fix the issue for you? We have seen cases where company DNS doesn't auto resolve servers and are flakey on some company machines due to network policies.

[ksaito1125]

After changing the protocol of the key server to hkps with reference to Use HKPS (HKP over TLS) on stackoverflow below, the error disappeared.

https://serverfault.com/questions/168826/how-to-install-gpg-keys-from-behind-a-firewall

codespace ➜ /workspaces/devcon-sandbox (terraform) $ TERRAFORM_GPG_KEY="72D7468F"
codespace ➜ /workspaces/devcon-sandbox (terraform) $ GPG_KEY_SERVERS="keyserver hkps://keyserver.ubuntu.com
> keyserver hkps://keys.openpgp.org
> keyserver hkps://keyserver.pgp.com"
codespace ➜ /workspaces/devcon-sandbox (terraform) $ export GNUPGHOME="/tmp/tmp-gnupg"
codespace ➜ /workspaces/devcon-sandbox (terraform) $ mkdir -p ${GNUPGHOME}
codespace ➜ /workspaces/devcon-sandbox (terraform) $ chmod 700 ${GNUPGHOME}
codespace ➜ /workspaces/devcon-sandbox (terraform) $ echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf
codespace ➜ /workspaces/devcon-sandbox (terraform) $ gpg --keyserver-options http-proxy=$http_proxy --recv-keys $TERRAFORM_GPG_KEY 
gpg: keybox '/tmp/tmp-gnupg/pubring.kbx' created
gpg: /tmp/tmp-gnupg/trustdb.gpg: trustdb created
gpg: key 34365D9472D7468F: public key "HashiCorp Security (hashicorp.com/security) <security@hashicorp.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
codespace ➜ /workspaces/devcon-sandbox (terraform) $ 

[ksaito1125]

I created a pull request.

@samruddhikhandale

[samruddhikhandale]

Thank you @ksaito1125 , much appreciated. Left some thoughts.

[IpstanKabul]

Few clarifying questions,

1. Are you able to use other Features which uses gpg signing? (eg. ruby, python, powershell, nix) - I would like to narrow down if the problem is with one Feature or every Feature which uses GPG.
2. Can you pin the terraform Feature to 1.1.0, rebuild the container and see if the issue is resolved? That's when we switched to not using port 80 for keyservers - https://github.com/devcontainers/features/pull/353/files
3. As mentioned in this PR https://github.com/devcontainers/features/pull/397/files, does adding the 8.8.8.8 nameserver fix the issue for you? We have seen cases where company DNS doesn't auto resolve servers and are flakey on some company machines due to network policies.

Greetings. to answer your question # 1 : I discovered the same issue attempting to use the python feature using:
"ghcr.io/devcontainers/features/python:1": { "version":"3.7" }
Following your fix, I ran the install.sh script from within my postCreateCommand script and it did install correctly.

[iLem0n]

Hello @ksaito1125, @samruddhikhandale,

thank you so much for the fix 🙏🏻

Unfortunately I still have problems getting the feature to work. With 1.3.0 using the HttpProxy option I get the following:

#0 0.149 ===========================================================================
#0 0.149 Feature       : Terraform, tflint, and TFGrunt
#0 0.149 Description   : Installs the Terraform CLI and optionally TFLint and Terragrunt. Auto-detects latest version and installs needed dependencies.
#0 0.149 Id            : ghcr.io/devcontainers/features/terraform
#0 0.149 Version       : 1.3.0
#0 0.149 Documentation : https://github.com/de
[2023-03-07T08:19:02.875Z] vcontainers/features/tree/main/src/terraform
#0 0.149 Options       :
#0 0.149     VERSION="1.3.7"
#0 0.149     TFLINT="0.44.1"
#0 0.149     TERRAGRUNT="0.42.8"
#0 0.149     INSTALLSENTINEL="false"
#0 0.149     INSTALLTFSEC="true"
#0 0.149     INSTALLTERRAFORMDOCS="false"
#0 0.149     HTTPPROXY="http://<my-proxy-user>:<my-proxy-pass>@<corporate-proxy-url>:<corporate-proxy-port>"
#0 0.149 ===========================================================================
#0 0.222 fatal: unable to access 'https://github.com/hashicorp/terraform/': Empty reply from server
#0 0.226 Invalid TERRAFORM_VERSION value: 1.3.7
#0 0.226 Valid values:
#0 0.226 
#0 0.226 ERROR: Feature "Terraform, tflint, and TFGrunt" (ghcr.io/devcontainers/features/terraform) failed to install! Look at the documentation at https://github.com/devcontainers/features/tree/main/src/terraform for help troubleshooting this error.

dev container.json:

{
	"name": "Minimal example",
	"build": {
		"dockerfile": "Dockerfile",
		"args": {			
			"HTTP_PROXY": "http://<my-proxy-user>:<my-proxy-pass>@<corporate-proxy-url>:<corporate-proxy-port>",
			"HTTPS_PROXY": "http://<my-proxy-user>:<my-proxy-pass>@<corporate-proxy-url>:<corporate-proxy-port>",
			"http_proxy": "http://<my-proxy-user>:<my-proxy-pass>@<corporate-proxy-url>:<corporate-proxy-port>",
			"https_proxy": "http://<my-proxy-user>:<my-proxy-pass>@<corporate-proxy-url>:<corporate-proxy-port>"
		}
	},
	"features": {	
		"ghcr.io/devcontainers/features/terraform:1.3.0": {
			"version": "1.3.7",			
			"tflint": "0.44.1",
			"terragrunt": "0.42.8",
			"installTFsec": true,
			"httpProxy": "http://<my-proxy-user>:<my-proxy-pass>@<corporate-proxy-url>:<corporate-proxy-port>"
		}
	}
}

[ksaito1125]

@iLem0n hello!

In my environment, the code below is working.

{
	"name": "Ubuntu",
	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
	"image": "mcr.microsoft.com/devcontainers/base:jammy",
	"features": {
		"ghcr.io/devcontainers/features/terraform:1": {}
	}
}

Step 12/15 : RUN chmod -R 0700 /tmp/build-features/terraform_1 && cd /tmp/build-features/terraform_1 && chmod +x ./devcontainer-features-install.sh && ./devcontainer-features-install.sh
 ---> Running in a4753f2d4a6f
===========================================================================
Feature       : Terraform, tflint, and TFGrunt
Description   : Installs the Terraform CLI and optionally TFLint and Terragrunt. Auto-detects latest version and installs needed dependencies.
Id            : ghcr.io/devcontainers/features/terraform
Version       : 1.3.0
Documentation : https://github.com/devcontainers/features/tree/main/src/terraform
Options       :
    VERSION="latest"
    TFLINT="latest"
    TERRAGRUNT="latest"
    INSTALLSENTINEL="false"
    INSTALLTFSEC="false"
    INSTALLTERRAFORMDOCS="false"
    HTTPPROXY=""
===========================================================================
TERRAFORM_VERSION=1.3.9
TFLINT_VERSION=0.45.0
TERRAGRUNT_VERSION=0.44.4
Downloading terraform...
(*) Downloading GPG key...
gpg: Signature made Wed Feb 15 17:25:31 2023 UTC
gpg:                using RSA key 374EC75B485913604A831CC7C820C6D5CD27AB87
gpg: Good signature from "HashiCorp Security (hashicorp.com/security) <security@hashicorp.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C874 011F 0AB4 0511 0D02  1055 3436 5D94 72D7 468F
     Subkey fingerprint: 374E C75B 4859 1360 4A83  1CC7 C820 C6D5 CD27 AB87
terraform_1.3.9_linux_amd64.zip: OK
Archive:  terraform_1.3.9_linux_amd64.zip
  inflating: terraform               
Downloading tflint...
gpg: Signature made Sun Feb 12 16:04:43 2023 UTC
gpg:                using RSA key 1780244FBAEB62C74476BE498CE69160EB3F2FE9
gpg: Good signature from "Kazuma Watanabe <watassbass@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2DA7 A4B1 1347 B217 3852  31D1 131A 2054 C7B3 FB65
     Subkey fingerprint: 1780 244F BAEB 62C7 4476  BE49 8CE6 9160 EB3F 2FE9
tflint_linux_amd64.zip: OK
Archive:  /tmp/tf-downloads/tflint_linux_amd64.zip
  inflating: tflint                  
Downloading Terragrunt...
terragrunt_linux_amd64: OK
Done!
Removing intermediate container a4753f2d4a6f
 ---> 4dfbf6428bd4

Setting the same option worked as well.

{
	"name": "Ubuntu",
	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
	"image": "mcr.microsoft.com/devcontainers/base:jammy",
	"features": {
		"ghcr.io/devcontainers/features/terraform:1": {
			"version": "1.3.7",			
			"tflint": "0.44.1",
			"terragrunt": "0.42.8",
			"installTFsec": true,
			"httpProxy": "http://proxy.xxx.co.jp:8080"			
		}
	}
}

[ksaito1125]

@iLem0n

My docker environment has two proxies:
I hope it will be helpful.

This setting is required when the docker daemon pulls images.

ubuntu@ip-10-15-83-125:~/.docker$ head -2 /etc/systemd/system/docker.service.d/override.conf | sed -e 's/'$MASK'/xxx/g'
[Service]
Environment="HTTP_PROXY=http://proxy.xxx.co.jp:8080" "HTTPS_PROXY=http://proxy.xxx.co.jp:8080" "NO_PROXY=localhost,127.0.0.1,169.254.169.254,169.254.170.2,.xxx.co.jp"

I've followed this documentation to set up a proxy in docker.
By using this setting, the http_proxy will be set in the started container.

ubuntu@ip-10-15-83-125:~$ cat ~/.docker/config.json | jq '.proxies' | sed -e 's/'$MASK'/xxx/g'
{
  "default": {
    "httpProxy": "http://proxy.xxx.co.jp:8080",
    "httpsProxy": "http://proxy.xxx.co.jp:8080",
    "noProxy": "localhost,127.0.0.1,169.254.169.254,169.254.170.2,xxx.co.jp"
  }
}