kaniko icon indicating copy to clipboard operation
kaniko copied to clipboard
verified publisher icon GoogleContainerTools

fix: resolve issue around copying root

Open aaron-prindle opened this issue 2 years ago • 2 comments

Changes taken from @kvaps PR here: https://github.com/GoogleContainerTools/kaniko/pull/1724. Re-submitting here as that PR required rebasing and was no longer active there. Original description added below:

Fixes #960

Description

This PR updates otiai10/copy module from v1.0.2 to v1.6.0. Adds option to not copying ignored paths for CopyFileOrSymlink which solves two problems at once:

  • Allows copying root (/)
  • Avoid leaking docker credentials using COPY command while building the image.

It might need rebase after merging https://github.com/GoogleContainerTools/kaniko/pull/1725. This branch includes both fixes: kvaps:fix-copying-root-and-ownership; compiled docker images:

ghcr.io/kvaps/kaniko-executor:v1.6.0-fix
ghcr.io/kvaps/kaniko-executor:v1.6.0-fix-debug
ghcr.io/kvaps/kaniko-warmer:v1.6.0-fix

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you review them:

  • [ ] Includes unit tests
  • [X] Adds integration tests if needed.

See the contribution guide for more details.

Reviewer Notes

  • [ ] The code flow looks good.
  • [ ] Unit tests and or integration tests added.

Release Notes

Describe any changes here so maintainer can include it in the release notes, or delete this block.

- Add additional check for ignored files on COPY
- Support copying root (`/`) of image

Additional ideas here related to this: https://github.com/GoogleContainerTools/kaniko/issues/960#issuecomment-1146570246

aaron-prindle avatar Jun 20 '23 22:06 aaron-prindle

This branch still has issues for me.

Without the fix:

INFO[0166] Saving file . for later use                  
error building image: could not save file: copying file: read /dev/autofs: invalid argument

With the fix:

INFO[0159] Saving file . for later use                  
error building image: could not save file: copying ownership: chown /kaniko/0/__cacert_entrypoint.sh: no such file or directory

lc-guy avatar Sep 15 '23 08:09 lc-guy

Now that https://github.com/GoogleContainerTools/kaniko/pull/2863 has been merged, the above issue with files in /kaniko has been fixed. Would it be possible to look into merging this (@aaron-prindle)?

lc-guy avatar Feb 02 '24 11:02 lc-guy

I just encountered the same issue with multi-stage builds that use layer squashing via the COPY --from=final / / method. Was pleased to find that there's already a fix for this, but it appears that the PR has become inactive. @aaron-prindle is there a possibility that the changes could be rebased and merged for the next release?

dobicinaitis avatar Feb 21 '24 07:02 dobicinaitis

I was wondering if there was a possible idea of when this PR will be merged. @aaron-prindle is this still scheduled for deployment ?

danilo-patrucco avatar May 31 '24 03:05 danilo-patrucco

@aaron-prindle were the issues mentioned fixed for this MR to be closed without a merge?

lc-guy avatar Jun 27 '24 14:06 lc-guy