test

Signed-off-by: Roman Nikitenko <rnikiten@redhat.com>

Author: RomanNikitenko

build/scripts/entrypoint-volume.sh

@@ -112,6 +112,8 @@ fi
 # Set the default path to the serverDataFolderName
 # into a persistent volume
 export VSCODE_AGENT_FOLDER=/checode/remote
+# Prevent bundled runtime LD_LIBRARY_PATH from leaking into integrated terminal shell env.
+export CHECODE_STRIP_LD_LIBRARY_PATH_FOR_SHELL_ENV=1
 
 if [ -z "$VSCODE_NODEJS_RUNTIME_DIR" ]; then
   export VSCODE_NODEJS_RUNTIME_DIR="$(pwd)"

code/src/vs/platform/shell/node/shellEnv.ts

@@ -20,6 +20,24 @@ import { IConfigurationService } from '../../configuration/common/configuration.
 import { clamp } from '../../../base/common/numbers.js';
 
 let unixShellEnvPromise: Promise<typeof process.env> | undefined = undefined;
+const cheCodeLdLibPrefixes = new Set<string>([
+	'/checode/checode-linux-libc/ubi8/ld_libs',
+	'/checode/checode-linux-libc/ubi9/ld_libs',
+	'/checode/checode-linux-musl/ld_libs'
+]);
+
+function stripCheCodeLdLibraryPath(value: string | undefined): string | undefined {
+	if (!value) {
+		return undefined;
+	}
+
+	const filtered = value
+		.split(':')
+		.map(entry => entry.trim())
+		.filter(entry => entry.length > 0 && !cheCodeLdLibPrefixes.has(entry));
+
+	return filtered.length > 0 ? filtered.join(':') : undefined;
+}
 
 /**
  * Resolves the shell environment by spawning a shell. This call will cache
@@ -105,16 +123,27 @@ async function doResolveUnixShellEnv(logService: ILogService, token: Cancellatio
 
 	const noAttach = process.env['ELECTRON_NO_ATTACH_CONSOLE'];
 	logService.trace('getUnixShellEnvironment#noAttach', noAttach);
+	const stripLdLibraryPath = process.env['CHECODE_STRIP_LD_LIBRARY_PATH_FOR_SHELL_ENV'] === '1';
 
 	const mark = generateUuid().replace(/-/g, '').substr(0, 12);
 	const regex = new RegExp(mark + '({.*})' + mark);
 
-	const env = {
+	const env: NodeJS.ProcessEnv = {
 		...process.env,
 		ELECTRON_RUN_AS_NODE: '1',
 		ELECTRON_NO_ATTACH_CONSOLE: '1',
 		VSCODE_RESOLVING_ENVIRONMENT: '1'
 	};
+	if (stripLdLibraryPath) {
+		// Keep bundled runtime libs for server startup, but do not leak che-code-specific
+		// runtime paths into the integrated terminal environment.
+		const sanitizedLdLibraryPath = stripCheCodeLdLibraryPath(env['LD_LIBRARY_PATH']);
+		if (sanitizedLdLibraryPath) {
+			env['LD_LIBRARY_PATH'] = sanitizedLdLibraryPath;
+		} else {
+			delete env['LD_LIBRARY_PATH'];
+		}
+	}
 
 	logService.trace('getUnixShellEnvironment#env', env);
 	const systemShellUnix = await getSystemShell(OS, env);
@@ -207,6 +236,14 @@ async function doResolveUnixShellEnv(logService: ILogService, token: Cancellatio
 				}
 
 				delete env['VSCODE_RESOLVING_ENVIRONMENT'];
+				if (stripLdLibraryPath) {
+					const sanitizedLdLibraryPath = stripCheCodeLdLibraryPath(env['LD_LIBRARY_PATH']);
+					if (sanitizedLdLibraryPath) {
+						env['LD_LIBRARY_PATH'] = sanitizedLdLibraryPath;
+					} else {
+						delete env['LD_LIBRARY_PATH'];
+					}
+				}
 
 				// https://github.com/microsoft/vscode/issues/22593#issuecomment-336050758
 				delete env['XDG_RUNTIME_DIR'];