containers
Containerfile `--chmod +x` not working in podman
This is a reincarnation of a previous issue
- https://github.com/containers/buildah/issues/4614
opened because Docker has added support for symbolic permissions notation in the meantime
- https://github.com/moby/buildkit/issues/1951
Dockerfile:
# mkdir somedir
# touch somedir/somefile.txt
FROM alpine
COPY --chmod='ugo=rwX' ./ /
Build with Docker
docker --version
Docker version 28.0.1, build 068a01ea9
docker build -t perms --load .
[+] Building 0.8s (8/8) FINISHED docker-container:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 159B 0.0s
=> [internal] load metadata for docker.io/library/alpine:latest 0.6s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 363B 0.0s
=> CACHED [1/2] FROM docker.io/library/alpine:latest@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c 0.0s
=> => resolve docker.io/library/alpine:latest@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c 0.0s
=> [2/2] COPY --chmod=ugo=rwX ./ / 0.0s
=> exporting to docker image format 0.1s
=> => exporting layers 0.0s
=> => exporting manifest sha256:3146a557f380db9a501fee36ca17c02ca13a9ef6464a6f94cae60dbc7df77822 0.0s
=> => exporting config sha256:00d3546586d3d8b152f4f321cef751e5e5a82ce9dd7c0d092cf52dbb86a68a2d 0.0s
=> => sending tarball 0.1s
=> importing to docker
docker run --rm -it perms ls -AlFd /somedir /somedir/somefile.txt
drw-rw-rw- 2 root root 26 Mar 16 17:20 /somedir/
-rw-rw-rw- 1 root root 0 Mar 16 17:20 /somedir/somefile.tx
(that capital X does not yet work with = and that's a known bug)
- https://github.com/moby/buildkit/issues/5835
With Podman
podman --version
podman version 5.4.1
podman build -t perms .
STEP 1/2: FROM alpine
Resolved "alpine" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob sha256:6e771e15690e2fabf2332d3a3b744495411d6e0b00b2aea64419b58b0066cf81
Copying config sha256:8d591b0b7dea080ea3be9e12ae563eebf9869168ffced1cb25b2470a3d9fe15e
Writing manifest to image destination
STEP 2/2: COPY --chmod='ugo=rwX' ./ /
Error: building at STEP "COPY --chmod=ugo=rwX ./ /": Error parsing chmod ugo=rwX
A friendly reminder that this issue had no activity for 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Still relevant.
Off-topic: It is unclear what the duration for triggering a stale close/lock is from that automated message, but 30 days is a bit short for a busy project to use? (the message should at least provide context about how long until it'd close/lock an issue).
A heads-up on this issue as I was involved in a bit of debugging for some of the above -> symbolic notation had a bug with capital X support but that was since resolved. However the bug was not
(that capital X does not yet work with
=and that's a known bug)
as stated above, but rather with + i.e. +X.
Additionally, depending on which definition one uses, exact expected behaviour of +, - and = operators with X differs - there's a bit of discussion on this in the docker issue: https://github.com/moby/buildkit/issues/5835#issuecomment-2722903861 which I think could be quite insightful for anyone looking at the issue in podman.
Also, the fix for the issue in docker involved fixing the library (docker uses a non-stdlib library for this I think) which needed an update to more fully support the symbolic syntax - if podman uses (or would use?) the same underlying library, presumably this could simplify the fix.
(also off-topic but looks like the close time is set to one year, defined here: https://github.com/containers/buildah/blob/main/.github/workflows/stale.yml#L30)
A friendly reminder that this issue had no activity for 30 days.
I believe i'm seeing a similar issue while running the compose file for https://github.com/chaoss/augur (which, in the version im testing, uses both the symbolic form of chmod values, and the capital-X notation). The project is primarily a docker-based project
