Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dockerfile: add --chmod support for COPY/ADD command #1492

Merged
merged 1 commit into from Jun 13, 2020
Merged

dockerfile: add --chmod support for COPY/ADD command #1492

merged 1 commit into from Jun 13, 2020

Conversation

Chenbinx
Copy link
Contributor

I found that llb.CopyInfo already support mode option, but I'm not sure why there is no support for --chmod in COPY/ADD command. So I made little change to support it.

By the way, --chmod is really useful for us to make a smaller docker image in a easy way.

Signed-off-by: Chen Bin chen.bin11@zte.com.cn

tonistiigi
tonistiigi reviewed May 15, 2020
View reviewed changes
Copy link
Member

@tonistiigi tonistiigi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add integration tests for this https://github.com/moby/buildkit/blob/master/frontend/dockerfile/dockerfile_test.go

@AkihiroSuda @tiborvass @thaJeztah Do we take this directly to stable channel or should it go through experimental?

frontend/dockerfile/dockerfile2llb/convert.go Outdated
if useFileOp(opt.buildArgValues, opt.llbCaps) {
return dispatchCopyFileOp(d, c, sourceState, isAddCommand, cmdToPrint, chown, opt)
return dispatchCopyFileOp(d, c, sourceState, isAddCommand, cmdToPrint, chown, chmod, opt)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this is only supported in fileop it should error if it is not supported in the llbcaps.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I'll add the it test

@Chenbinx Chenbinx force-pushed the chmod_dev branch 3 times, most recently from 3953cc1 to b45e7ca Compare May 17, 2020 11:25
@AkihiroSuda
Copy link
Member

Do we take this directly to stable channel or should it go through experimental?

Seems safe for stable channel.
Aside from this one, I think we are ready to move --mount=type=(bind|cache|secret|ssh) out of experimental.

@FernandoMiguel
Copy link
Collaborator

Aside from this one, I think we are ready to move --mount=type=(bind|cache|secret|ssh) out of experimental.

giphy

tonistiigi
tonistiigi reviewed Jun 1, 2020
View reviewed changes
Copy link
Member

@tonistiigi tonistiigi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something wrong with the commits. Merge commits are not allowed in PRs

frontend/dockerfile/dockerfile2llb/convert.go
return dispatchCopyFileOp(d, c, sourceState, isAddCommand, cmdToPrint, chown, chmod, loc, opt)
}

if chmod != "" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

if caps != nil && caps.Supports(pb.CapFileBase) != nil {
  return errorss.Wrap(caps.Supports(pb.CapFileBase), "chmod is not supported")
}

tonistiigi
tonistiigi requested changes Jun 3, 2020
View reviewed changes
Copy link
Member

@tonistiigi tonistiigi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

^

@tonistiigi
Copy link
Member

@heychenbin ping

@Chenbinx
Copy link
Contributor Author

Chenbinx commented Jun 10, 2020
edited

@heychenbin ping

Sorry, I did not see the notify message, I'll amend it.

Because of the network problem, I can not run integration test right now. I will test it and re-push it when I come back home. Sorry for replying so late.

@Chenbinx Chenbinx force-pushed the chmod_dev branch 2 times, most recently from 05067c4 to 9547c88 Compare June 10, 2020 07:04
add chmod in COPY and ADD command
b7fd382 
Signed-off-by: Chenbin <chen.bin11@zte.com.cn>
@Chenbinx Chenbinx requested a review from tonistiigi June 10, 2020 13:59
@thaJeztah
Copy link
Member

Perhaps it would be good to have this in experimental first 🤔. I recall there was some discussion on the moby issue (moby/moby#34819) related to "how will we support this for Windows images". I understand BuildKit doesn't have Windows support, so not a real issue (yet); but having some plan on how to evolve in that direction may be good (where "plan" could also mean: won't be supported)

Another thing to look at is (and we should look at that as well for the existing ADD --chown) is if the permissions are set before or after decompressing archives. The current ADD --chown does set the permissions on the archive (before decompressing), which could be considered a "bug" or a "by design" (TBD)

tonistiigi
tonistiigi approved these changes Jun 11, 2020
View reviewed changes
Copy link
Member

@tonistiigi tonistiigi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm ok with this being in the stable channel. Don't see how we could remove it.

PTAL @AkihiroSuda @hinshun @tiborvass

hinshun
hinshun requested changes Jun 11, 2020
View reviewed changes
frontend/dockerfile/dockerfile2llb/convert.go
if opt.llbCaps != nil && opt.llbCaps.Supports(pb.CapFileBase) != nil {
return errors.Wrap(opt.llbCaps.Supports(pb.CapFileBase), "chmod is not supported")
}
return errors.New("chmod is not supported")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If chmod != "" it always errors? I think this part needs to be removed or refactored.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hinshun only on old buildkit instances that don't have fileop support. Otherwise, it is an early return on line 836.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I see, so if BuildKit doesn't have fileop and chmod is specified, it should still return error... a bit confusing. My bad.

@tiborvass tiborvass merged commit 929fff0 into moby:master Jun 13, 2020
This was referenced Jun 14, 2020
Closed
Closed
Closed
@tonistiigi tonistiigi mentioned this pull request Jul 2, 2020
Closed
@Nuc1eoN
Copy link

Nuc1eoN commented Jul 2, 2020

Another thing to look at is (and we should look at that as well for the existing ADD --chown) is if the permissions are set before or after decompressing archives. The current ADD --chown does set the permissions on the archive (before decompressing), which could be considered a "bug" or a "by design" (TBD)

I agree that this would be a bad design. Has it been addressed at all?

@tonistiigi
Copy link
Member

The current ADD --chown does set the permissions on the archive (before decompressing),

This is not quite correct. The real behavior is that chown/chmod only works for file inputs and not archive inputs. This somewhat makes sense because archives already contain uid info per file(unlike context files that are normalized to root). It's also completely separate code path and historically these flags only existed on COPY that doesn't support archives.

We can just make it clear in docs that this is the expected behavior.

I don't see a reason to not allow a behavior change in here as well. It's not very likely that people today are already using the flags on archive inputs but expect the current behavior (although there is a case with multiple inputs). But atm, for the --chmod flag we should just keep the behavior consistent with --chown. If someone wants to look into supporting archives, I think this would be a LLB level change.

@alex1989hu alex1989hu mentioned this pull request Jul 22, 2020
Closed
@avsm avsm mentioned this pull request Jul 26, 2020
Closed
@thaJeztah thaJeztah mentioned this pull request Oct 8, 2020
Merged
@stalkerg stalkerg mentioned this pull request Oct 20, 2020
Open
@moi90
Copy link

moi90 commented Dec 2, 2020

Great addition! Which is the first version that includes this?

@mthalman mthalman mentioned this pull request Dec 12, 2020
Merged
@thernstig
Copy link

@tonistiigi Do you know in which release this was included? I could not find it in the release notes of 2.10.0

@tonistiigi
Copy link
Member

@thernstig It is in 20.10 (cc @tiborvass )

@thernstig
Copy link

Thanks @tonistiigi - hope the release notes can get an update. It's quite a great feature.

@thernstig
Copy link

@Chenbinx @tonistiigi I tried this, but it seems this does not work :

COPY --chmod=g=u --from=builder /server/ /server/

g=u is a way to chmod so that the group the same permissions as the user like so: chmod -R g=u dir

Is there no way to achieve this with the new --chmod? Or would it be a new feature request? Or a mistake in the implementation? Or is my syntax possibly incorrect with the double =?

@thernstig thernstig mentioned this pull request Jan 13, 2021
Closed
@rcjsuen rcjsuen mentioned this pull request Jan 20, 2021
Closed
@rcjsuen
Copy link

rcjsuen commented Jan 20, 2021

hope the release notes can get an update. It's quite a great feature.

@thernstig I opened docker/cli#2941 to get this documented.

@thernstig thernstig mentioned this pull request Jan 21, 2021
Open
@Smolevich Smolevich mentioned this pull request Jan 24, 2021
Closed
@seanyoung seanyoung mentioned this pull request Feb 3, 2021
Closed
@enys enys mentioned this pull request Apr 20, 2021
Closed
3 tasks
m-ildefons added a commit to m-ildefons/language-docker that referenced this pull request Apr 20, 2021
@m-ildefons
syntax: add support for --chmod flags #609
309923f 
- add support for the --chmod flag for `ADD`
- add support for the --chmod flag for `COPY`
- add tests for the --chmod flag

Buildkit supports setting a new mode on a file during `COPY`/`ADD`
instructions with the --chmod flag. See:
moby/buildkit#1492

fixes: hadolint/hadolint#609
@m-ildefons m-ildefons mentioned this pull request Apr 20, 2021
Merged
m-ildefons added a commit to m-ildefons/language-docker that referenced this pull request Apr 21, 2021
@m-ildefons
syntax: add support for --chmod flags #609
420c6af 
- add support for the --chmod flag for `ADD`
- add support for the --chmod flag for `COPY`
- add tests for the --chmod flag
- add tests for pretty printer

Buildkit supports setting a new mode on a file during `COPY`/`ADD`
instructions with the --chmod flag. See:
moby/buildkit#1492

fixes: hadolint/hadolint#609
@thaJeztah thaJeztah mentioned this pull request May 18, 2021
Closed
@jpculp jpculp mentioned this pull request Aug 4, 2021
Closed
alanivey added a commit to baosystems/docker-dhis2 that referenced this pull request Jan 7, 2022
@alanivey
refactor(dockerfile): "ADD --chmod ..." replaces separate "RUN chmod …
96f121d 
…..."

Added in moby/buildkit#1492
@oskarkook oskarkook mentioned this pull request Apr 2, 2022
Merged
@LeoColomb LeoColomb mentioned this pull request Apr 25, 2022
Merged
@sam-thibault sam-thibault mentioned this pull request Mar 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

@tiborvass tiborvass tiborvass approved these changes

@hinshun hinshun hinshun approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet