GoogleContainerTools / kaniko

Build Container Images In Kubernetes
Apache License 2.0
14.88k stars 1.44k forks source link

`chmod` doesn't get in final image #1376

Open abh opened 4 years ago

abh commented 4 years ago

Actual behavior

Using RUN [ "chmod", "a+x", "/some/file" ] the specified file gets the executable bit for the rest of the Kaniko run, but not in the final image

Expected behavior

Permissions set (and other similar minor changes) working.

To Reproduce

Running the Dockerfile from https://github.com/abh/drone-kaniko/ under docker results in an image with a working /kaniko/jq, but building under kaniko the resulting image doesn't work.

This is using Kaniko 0.24.0.

Description Yes/No
Please check if this a new feature you are proposing
  • No
Please check if the build works in docker but not in kaniko
  • Yes
Please check if this error is seen when you use --cache flag
  • Yes
Please check if your dockerfile is a multistage dockerfile
  • No
tejal29 commented 4 years ago

@abh we do have integration tests which test your use case https://github.com/GoogleContainerTools/kaniko/blob/17ceb312c6fd4ddf3c3b13d243fb17a986c36c93/integration/dockerfiles/Dockerfile_test_issue_647#L7

Can you please specify the full command.

MShekow commented 3 years ago

Kaniko seems to suffer from esoteric problems in this regard. A slightly different Dockerfile fails miserably, demonstrating that touch or chmod does not lead to new layers being created.

Dockerfile example:

FROM alpine:3.8
WORKDIR /app  
RUN echo "bla" >> somefile
RUN chmod +x somefile
RUN touch bla

Output (with v1.6.0-debug or v1.7.0-debug):

INFO[0001] Unpacking rootfs as cmd RUN echo "bla" >> somefile requires it.
INFO[0002] WORKDIR /app
INFO[0002] cmd: workdir
INFO[0002] Changed working directory to /app
INFO[0002] No files changed in this command, skipping snapshotting.
INFO[0002] RUN echo "bla" >> somefile
INFO[0002] Taking snapshot of full filesystem...
INFO[0002] cmd: /bin/sh
INFO[0002] args: [-c echo "bla" >> somefile]
INFO[0002] Running: [/bin/sh -c echo "bla" >> somefile]
INFO[0002] Taking snapshot of full filesystem...
INFO[0002] No files were changed, appending empty layer to config. No layer added to image.
INFO[0002] RUN chmod +x somefile
INFO[0002] cmd: /bin/sh
INFO[0002] args: [-c chmod +x somefile]
INFO[0002] Running: [/bin/sh -c chmod +x somefile]
INFO[0002] Taking snapshot of full filesystem...
INFO[0002] No files were changed, appending empty layer to config. No layer added to image.
INFO[0002] RUN touch bla
INFO[0002] cmd: /bin/sh
INFO[0002] args: [-c touch bla]
INFO[0002] Running: [/bin/sh -c touch bla]
INFO[0002] Taking snapshot of full filesystem...
INFO[0002] No files were changed, appending empty layer to config. No layer added to image.
F30 commented 2 years ago

In our case, what looked like chown and chmod having no effect, turned out to be a combination of #1921 and #2136.