Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kaniko ADD instruction not preserve permissions via chmod argument #2850

Closed
ranebull opened this issue Nov 13, 2023 · 8 comments · Fixed by #3119
Closed

Kaniko ADD instruction not preserve permissions via chmod argument #2850

ranebull opened this issue Nov 13, 2023 · 8 comments · Fixed by #3119
Labels
area/permissions cmd/add differs-from-docker issue/chmod kind/bug Something isn't working

Comments

@ranebull
Copy link

Actual behavior
ADD Dockerfile instruction not preserve permissions with chmod argument usage.

Expected behavior
ADD Dockerfile instruction with chmod argument preserve permissions

To Reproduce
Steps to reproduce the behavior:

  1. Build Dockerfile:
FROM alpine:latest

ADD --chmod=0755 https://github.com/GoogleContainerTools/kaniko/blob/main/benchmark.sh /usr/local/bin

# Check permissions
RUN ls -al /usr/local/bin/
  1. Get output:
/workspace # executor -c . --no-push
INFO[0000] Retrieving image manifest alpine:latest      
INFO[0000] Retrieving image alpine:latest from registry index.docker.io 
INFO[0022] Built cross stage deps: map[]                
INFO[0022] Retrieving image manifest alpine:latest      
INFO[0022] Returning cached image manifest              
INFO[0022] Executing 0 build triggers                   
INFO[0022] Building stage 'alpine:latest' [idx: '0', base-idx: '-1'] 
INFO[0022] Unpacking rootfs as cmd ADD --chmod=0755 https://github.com/GoogleContainerTools/kaniko/blob/main/benchmark.sh /usr/local/bin requires it. 
INFO[0027] Using files from context: []                 
INFO[0027] ADD --chmod=0755 https://github.com/GoogleContainerTools/kaniko/blob/main/benchmark.sh /usr/local/bin 
INFO[0027] Adding remote URL https://github.com/GoogleContainerTools/kaniko/blob/main/benchmark.sh to /usr/local/bin/benchmark.sh 
INFO[0033] Taking snapshot of files...                  
INFO[0033] RUN ls -al /usr/local/bin/                   
INFO[0033] Initializing snapshotter ...                 
INFO[0033] Taking snapshot of full filesystem...        
INFO[0033] Cmd: /bin/sh                                 
INFO[0033] Args: [-c ls -al /usr/local/bin/]            
INFO[0033] Running: [/bin/sh -c ls -al /usr/local/bin/] 
total 124
drwxr-xr-x    1 root     root            24 Nov 13 13:56 .
drwxr-xr-x    1 root     root            22 Nov 13 13:56 ..
-rw-------    1 root     root        126793 Nov 13 13:56 benchmark.sh
INFO[0033] Taking snapshot of full filesystem...        
INFO[0033] No files were changed, appending empty layer to config. No layer added to image. 
INFO[0033] Skipping push to container registry due to --no-push flag
  1. File have permissions 0600, but must have 0755

Additional Information

  • Dockerfile
FROM alpine:latest
ADD --chmod=0755 https://github.com/GoogleContainerTools/kaniko/blob/main/benchmark.sh /usr/local/bin
RUN ls -al /usr/local/bin/

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing
  • - [Yes]
Please check if the build works in docker but not in kaniko
  • - [Yes]
Please check if this error is seen when you use --cache flag
  • - [Yes]
Please check if your dockerfile is a multistage dockerfile
  • - [No]
@ranebull ranebull changed the title Kaniko ADD instruction not preserve permissions via chmod Kaniko ADD instruction not preserve permissions via chmod argument Nov 13, 2023
@trombonax
Copy link

Hello,
as i see, this is not a feature-request, this is a hardcore bug.
@JeromeJu, why you reassign bug report as a feature-request ?

thanks

@JeromeJu JeromeJu added kind/bug Something isn't working and removed kind/feature-request labels Nov 14, 2023
@JeromeJu
Copy link
Collaborator

Hello, as i see, this is not a feature-request, this is a hardcore bug. @JeromeJu, why you reassign bug report as a feature-request ?

thanks

Thanks for catching this. This is essentially a /kind/bug. Updated.

@trombonax
Copy link

@JeromeJu thank you a lot

@robross0606
Copy link

Does this also affect COPY commands?

@iJebus
Copy link

iJebus commented Nov 16, 2023 via email

@ranebull
Copy link
Author

@robross0606, yes.

Kaniko output:

wget https://github.com/GoogleContainerTools/kaniko/blob/main/run_in_docker.sh
ls -al run_in_docker.sh
-rw-r--r-- 1 1000 1000 12837 ноя 16 10:31 run_in_docker.sh
/workspace executor --no-push
INFO[0000] Retrieving image manifest ubuntu:latest      
INFO[0000] Retrieving image ubuntu:latest from registry index.docker.io 
INFO[0021] Built cross stage deps: map[]                
INFO[0021] Retrieving image manifest ubuntu:latest      
INFO[0021] Returning cached image manifest              
INFO[0021] Executing 0 build triggers                   
INFO[0021] Building stage 'ubuntu:latest' [idx: '0', base-idx: '-1'] 
INFO[0021] Unpacking rootfs as cmd COPY --chmod=0755 run_in_docker.sh /usr/local/bin requires it. 
INFO[0028] COPY --chmod=0755 run_in_docker.sh /usr/local/bin 
INFO[0028] Taking snapshot of files...                  
INFO[0028] RUN ls -al /usr/local/bin                    
INFO[0028] Initializing snapshotter ...                 
INFO[0028] Taking snapshot of full filesystem...        
INFO[0028] Cmd: /bin/sh                                 
INFO[0028] Args: [-c ls -al /usr/local/bin]             
INFO[0028] Running: [/bin/sh -c ls -al /usr/local/bin]  
total 16
drwxr-xr-x 1 root root    32 Nov 16 07:34 .
drwxr-xr-x 1 root root    72 Nov 16 07:34 ..
-rw-r--r-- 1 1000 1000 12837 Nov 16 07:34 run_in_docker.sh

Dockerfile

FROM ubuntu:latest

COPY --chmod=0755 run_in_docker.sh /usr/local/bin

RUN ls -al /usr/local/bin

@willywanka75
Copy link

Issue #1751 is a feature request to add the --chmod arg to the COPY command. Is this issue actually a feature request?

@deplab
Copy link

deplab commented Dec 10, 2023

I've encountered this bug as well, and I've found a helpful workaround to address it:

When making changes to permissions within a directory, such as using chmod or chown, ensure that these operations are the last steps performed in that directory.

E.g. if your Dockerfile initially looks like this:

FROM alpine:latest

RUN chown nobody: /opt

COPY file.test /opt/file.test

Change it to this, so the last operation that is performed in the directory is chown:

FROM alpine:latest

COPY file.test /opt/file.test

RUN chown nobody: /opt

While not an ideal solution, this workaround proves effective in managing the issue until the root cause is resolved, considering that there are several open issues currently related to this.

@deplab deplab mentioned this issue Dec 10, 2023
Open
@coryb coryb mentioned this issue Dec 17, 2023
Open
mschneider82 added a commit to mschneider82/kaniko that referenced this issue Apr 18, 2024
@mschneider82
Added --chmod for ADD and COPY commands. Fixes GoogleContainerTools#2850
ec1edd9
@mschneider82 mschneider82 mentioned this issue Apr 18, 2024
Merged
4 tasks
mschneider82 added a commit to mschneider82/kaniko that referenced this issue Apr 19, 2024
@mschneider82
Added --chmod for ADD and COPY commands. Fixes GoogleContainerTools#2850
778ac1c
mschneider82 added a commit to mschneider82/kaniko that referenced this issue Apr 19, 2024
@mschneider82
feat: Added --chmod for ADD and COPY command. Fixes GoogleContainerTo…
c3500f5 
…ols#2850
mschneider82 added a commit to mschneider82/kaniko that referenced this issue Apr 19, 2024
@mschneider82
feat: Added --chmod for ADD and COPY command. Fixes GoogleContainerTo…
c5dc3a6 
…ols#2850
aaron-prindle pushed a commit to aaron-prindle/kaniko that referenced this issue Apr 19, 2024
@mschneider82 @aaron-prindle
feat: Added --chmod for ADD and COPY command. Fixes GoogleContainerTo…
9c825ac 
…ols#2850
mschneider82 added a commit to mschneider82/kaniko that referenced this issue Apr 22, 2024
@mschneider82
feat: Added --chmod for ADD and COPY command. Fixes GoogleContainerTo…
dcbf8d2 
…ols#2850
mschneider82 added a commit to mschneider82/kaniko that referenced this issue Apr 22, 2024
@mschneider82
feat: Added --chmod for ADD and COPY command. Fixes GoogleContainerTo…
b205a1d 
…ols#2850
aaron-prindle pushed a commit that referenced this issue Apr 22, 2024
@mschneider82
feat: Added --chmod for ADD and COPY command. Fixes #2850 (#3119)
a9062b9
@arlaneenalra arlaneenalra mentioned this issue May 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/permissions cmd/add differs-from-docker issue/chmod kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added --chmod for ADD and COPY commands. Fixes #2850 and #1751 mschneider82/kaniko
7 participants
@robross0606 @willywanka75 @iJebus @ranebull @deplab @JeromeJu @trombonax