container-diff icon indicating copy to clipboard operation
container-diff copied to clipboard
verified publisher icon GoogleContainerTools

Feature Request: Include file ownership in files analyzer

Open hown3d opened this issue 3 years ago • 2 comments

Background

I'm working on user permissions for the kaniko builder (https://github.com/GoogleContainerTools/kaniko/pull/2106) and wanted to check if the ownership of a file is set correctly by using --chown flag on COPY statements.

Using container-diff there is currently no way to get the file ownership information.

Would probably go into this function in the files analyzer: https://github.com/GoogleContainerTools/container-diff/blob/bea7ad91741636770a9ed99b60b3bd416d057e34/pkg/util/fs_utils.go#L120-L132

hown3d avatar May 27 '22 21:05 hown3d

After some investigation this seems to be difficult to achieve:

Currently, the tar archive gets unpacked without reconstructing the ownership. Reconstructing is kind of difficult permissions wise, because to reconstruct, container-diff would need to be as run root

hown3d avatar May 27 '22 22:05 hown3d

What is actually compared beyond the file size? I can’t find that anywhere and the reports doesnt say.

Dhehowns avatar Jun 15 '22 06:06 Dhehowns