debug-v0.23.0 docker image has a file owned by a user with high uid

[forty]

Actual behavior The file /kaniko/docker-credential-gcr is owned by user uid=205001 gid=89939 in the debug-v0.23.0 docker image, instead of uid=0 gid=0 usually. This cause issues in our CI as we are using user namespace, and this goes out of the range we defined.

Expected behavior Have all files owned by the same user, ideally with a low enough uid :)

To Reproduce 1- docker run -it --entrypoint=sh gcr.io/kaniko-project/executor:debug-v0.23.0 2- ls -l kaniko/

total 99548
-rwxr-xr-x    1 0        0          8531071 Aug 15  2017 docker-credential-acr
-rwxr-xr-x    1 0        0          8470528 Jun  4 21:25 docker-credential-ecr-login
-rwxr-x---    1 205001   89939      6435607 Mar  5 20:25 docker-credential-gcr
-rwxr-xr-x    1 0        0         47337472 Jun  4 21:30 executor
drwxr-xr-x    3 0        0             4096 Jun  4 21:30 ssl
-rwxr-xr-x    1 0        0         31150080 Jun  4 21:30 warmer

Additional Information

N/A

Triage Notes for the Maintainers

Description	Yes/No
Please check if this a new feature you are proposing	- [ No]
Please check if the build works in docker but not in kaniko	- [ N/A]
Please check if this error is seen when you use --cache flag	- [N/A ]
Please check if your dockerfile is a multistage dockerfile	- [ N/A]

[tejal29]

Thanks for the bug report, We are using this dockerfile and Debug Dockerfile

Looks like there is an issue here.

[forty]

Yes, I assume it can be fixed either in the source tar (from https://github.com/GoogleCloudPlatform/docker-credential-gcr/ ) or by chmoding the file in the Dockerfile, I'm not sure which one is best. Maybe both. I'd say that adding "--chown=0:0" to all the Dockerfile COPY cannot hurt, and would make sure kaniko is not affected by such change in upstream projects.

[tejal29]

Makes sense. would like to create a PR for it? i can review and merge.