kaniko icon indicating copy to clipboard operation
kaniko copied to clipboard

Published 20 hours ago verified publisher icon GoogleContainerTools

COPY doesn't follow Dockerfile UID/GID rules

Open codestation opened this issue 1 year ago • 1 comments

Actual behavior

According to the dockerfile reference of COPY https://docs.docker.com/engine/reference/builder/#copy

All new files and directories are created with a UID and GID of 0, unless the optional --chown flag specifies a given username, groupname, or UID/GID combination to request specific ownership of the copied content.

But when using kaniko the owner of the files is preserved when using COPY instead of using UID/GID of 0.

Expected behavior The copied files must belong to root.

To Reproduce

Prepare the environment:

$ touch test
$ stat -c '%u' test
1000
$ cat Dockerfile
FROM alpine:3.19

COPY test /tmp
RUN [ "$(stat -c '%u' /tmp/test)" = "0" ] || exit 1

Run with docker buildx: OK

$ docker buildx build --no-cache --progress=plain .
#0 building with "default" instance using docker driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 122B done
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 transferring context: 2B done
#2 DONE 0.1s

#3 [internal] load metadata for docker.io/library/alpine:3.19
#3 DONE 0.0s

#4 [1/3] FROM docker.io/library/alpine:3.19
#4 CACHED

#5 [internal] load build context
#5 transferring context: 23B done
#5 DONE 0.0s

#6 [2/3] COPY test /tmp
#6 DONE 0.1s

#7 [3/3] RUN [ "$(stat -c '%u' /tmp/test)" = "0" ] || exit 1
#7 DONE 0.3s

#8 exporting to image
#8 exporting layers
#8 exporting layers 0.4s done
#8 writing image sha256:030049ecd307e7486d5269cd327208d46ff71b3a2a907071656db693c716c1d6 done
#8 DONE 0.4s

Run with kaniko: FAIL

$ docker run --rm -v $PWD:/workspace gcr.io/kaniko-project/executor:v1.19.2 --no-push
INFO[0000] Retrieving image manifest alpine:3.19        
INFO[0000] Retrieving image alpine:3.19 from registry index.docker.io 
INFO[0001] Built cross stage deps: map[]                
INFO[0001] Retrieving image manifest alpine:3.19        
INFO[0001] Returning cached image manifest              
INFO[0001] Executing 0 build triggers                   
INFO[0001] Building stage 'alpine:3.19' [idx: '0', base-idx: '-1'] 
INFO[0001] Unpacking rootfs as cmd COPY test /tmp requires it. 
INFO[0001] COPY test /tmp                               
INFO[0001] Taking snapshot of files...                  
INFO[0001] RUN [ "$(stat -c '%u' /tmp/test)" = "0" ] || exit 1 
INFO[0001] Initializing snapshotter ...                 
INFO[0001] Taking snapshot of full filesystem...        
INFO[0001] Cmd: /bin/sh                                 
INFO[0001] Args: [-c [ "$(stat -c '%u' /tmp/test)" = "0" ] || exit 1] 
INFO[0001] Running: [/bin/sh -c [ "$(stat -c '%u' /tmp/test)" = "0" ] || exit 1] 
error building image: error building stage: failed to execute command: waiting for process to exit: exit status 1

Additional Information

  • Provided in To Reproduce step.

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing
  • - [ ]
Please check if the build works in docker but not in kaniko
  • - [x]
Please check if this error is seen when you use --cache flag
  • - [ ]
Please check if your dockerfile is a multistage dockerfile
  • - [ ]

codestation avatar Dec 20 '23 18:12 codestation

Maybe related to this PR ?

#2494

skype007 avatar Dec 24 '23 09:12 skype007