New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Default User and Group to 0:0 for ADD and COPY #2494
base: main
Are you sure you want to change the base?
Conversation
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
60b2210
to
1dad002
Compare
pkg/util/command_util.go
Outdated
@@ -352,7 +352,7 @@ Loop: | |||
|
|||
func GetUserGroup(chownStr string, env []string) (int64, int64, error) { | |||
if chownStr == "" { | |||
return DoNotChangeUID, DoNotChangeGID, nil | |||
return 0, 0, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @KerchumA222 this default change looks good.
For the nit, would you mind also following the previous convention for naming it as DefaultUID?
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JeromeJu I updated the code. Is this what you meant?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @KerchumA222
Update to match Dockerfile specifications when using ADD or COPY Previous functionality was to preserve the user and group from the source, which may not exist in the container. Fixes GoogleContainerTools#1921
@JeromeJu this seems to be stalled waiting for approval for workflows. Is that something you can help with? |
Thanks @KerchumA222 for the changes, I have re-runned the integration tests but the error seems to have persisted. |
The issue is that the file ownership can't be changed to root when running as a non-root user. The tests are run as a regular user and therefore fail. |
Without running inside a container, I don't know of any other way to make files owned by root that can be interacted with by the RUN command. I thought of using a virtual filesystem to track ownership and properly encode that when building the tar files, but the complexity of that solution is pretty high and leaves some open questions (how to track files created or modified with a RUN command for example). If the tests are run with |
Thanks to the offline discussion with @aaron-prindle . |
Default to UID 0 and GID 0 as per the Dockerfile documentation
Fixes #1921
Description
Update to match Dockerfile specifications when using ADD or COPY
Previous functionality was to preserve the user and group from the source, which may not exist in the container.
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide for more details.
Reviewer Notes
Release Notes
ADD and COPY now default to UID 0 and GID 0 instead of maintaining the source ownership