when copy from ,if src file is link file，all we get is only link itself, not the file to which link points

[zlingqu]

• The result of the directory is

# tree 
.
├── config.json
├── deploy
│   └── a.txt
└── Dockerfile

• The Dockefile is

FROM rnix/openssl-gost AS RES
FROM openjdk:8
COPY --from=RES /usr/bin/openssl /usr/bin/openssl
WORKDIR /app/
ADD . .
EXPOSE 80
CMD ["sh","start.sh"]

• The image of from is this:

  # docker run -it --rm rnix/openssl-gost sh
  # ls -l /usr/bin/openssl     
  lrwxrwxrwx 1 root root 26 Mar 26  2020 /usr/bin/openssl -> /usr/local/ssl/bin/openssl
  # 
  # md5sum /usr/local/ssl/bin/openssl
  b75de0d781cb1aed40a7f63960f021f5  /usr/local/ssl/bin/openssl

  We know, /usr/bin/openssl is a link file

1. When we use Docker-Build to make the image

# docker build . -t myapp:v1
# ......
# docker run -it --rm myapp:v1 bash
root@34646e0341c3:/app# ls -lh /usr/bin/openssl 
-rwxr-xr-x 1 root staff 1.4M Mar 26  2020 /usr/bin/openssl
root@34646e0341c3:/app# 
root@34646e0341c3:/app# md5sum /usr/bin/openssl 
b75de0d781cb1aed40a7f63960f021f5  /usr/bin/openssl

2. When we use kaniko to make the image

   # docker run --rm -it -v $(pwd):/workspace:ro -v `pwd`/config.json:/kaniko/.docker/config.json:ro gcr.io/kaniko-project/executor:v1.6.0-debug --destination xx.com/devops/myapp:v2
   INFO[0000] Resolved base name rnix/openssl-gost to res  
   INFO[0000] Retrieving image manifest rnix/openssl-gost  
   INFO[0000] Retrieving image rnix/openssl-gost from registry index.docker.io 
   INFO[0003] Retrieving image manifest openjdk:8          
   INFO[0003] Retrieving image openjdk:8 from registry index.docker.io 
   INFO[0006] Built cross stage deps: map[0:[/usr/bin/openssl]] 
   INFO[0006] Retrieving image manifest rnix/openssl-gost  
   INFO[0006] Returning cached image manifest              
   INFO[0006] Executing 0 build triggers                   
   INFO[0037] Saving file usr/local/ssl/bin/openssl for later use 
   INFO[0037] Saving file usr/bin/openssl for later use    
   INFO[0037] Deleting filesystem...                       
   INFO[0039] Retrieving image manifest openjdk:8          
   INFO[0039] Returning cached image manifest              
   INFO[0039] Executing 0 build triggers                   
   INFO[0039] Unpacking rootfs as cmd COPY --from=RES /usr/bin/openssl /usr/bin/openssl requires it. 
   INFO[0069] COPY --from=RES /usr/bin/openssl /usr/bin/openssl 
   INFO[0069] Taking snapshot of files...                  
   INFO[0069] WORKDIR /app/                                
   INFO[0069] cmd: workdir                                 
   INFO[0069] Changed working directory to /app/           
   INFO[0069] Creating directory /app/                     
   INFO[0069] Taking snapshot of files...                  
   INFO[0069] Using files from context: [/workspace]       
   INFO[0069] ADD . .                                      
   INFO[0069] Taking snapshot of files...                  
   INFO[0069] EXPOSE 80                                    
   INFO[0069] cmd: EXPOSE                                  
   INFO[0069] Adding exposed port: 80/tcp                  
   INFO[0069] CMD ["sh","start.sh"]                        
   INFO[0069] Pushing image to xxx.com/devops/myapp:v2 
   INFO[0105] Pushed image to 1 destinations               
   [root@devops-10-12-19-31 abc]# 
   [root@devops-10-12-19-31 abc]# docker run -it --rm xxx.com/devops/myapp:v2 bash
   Unable to find image 'xxx.com/devops/myapp:v2' locally
   v2: Pulling from devops/myapp
   d960726af2be: Already exists 
   e8d62473a22d: Already exists 
   8962bc0fad55: Already exists 
   65d943ee54c1: Already exists 
   da20b77f10ac: Already exists 
   fb6a778e6477: Already exists 
   ae7884f0e61b: Already exists 
   3717a9ba460e: Pull complete 
   5397ec18e059: Pull complete 
   96fca928cdae: Pull complete 
   Digest: sha256:1591eca1911fc7c9763b7468e492b89b1fcde7dd3eea32b3462772d9b5ddeaf9
   Status: Downloaded newer image for xxx.com/devops/myapp:v2
   root@e971d4784e5e:/app# ls -lh /usr/bin/openssl 
   lrwxrwxrwx 1 root root 26 May 14 02:59 /usr/bin/openssl -> /usr/local/ssl/bin/openssl
   root@e971d4784e5e:/app# 
   root@e971d4784e5e:/app# md5sum /usr/bin/openssl 
   md5sum: /usr/bin/openssl: No such file or directory
   root@e971d4784e5e:/app# 
   root@e971d4784e5e:/app# ls /usr/local/ssl/bin/openssl
   ls: cannot access '/usr/local/ssl/bin/openssl': No such file or directory

We see that when using COPY --from to process the link file, we find that the results of Docker build and Kaniko are different.

• 1. Docker build will copy the source file that the link file points to.
• 2. Kanko will only copy the link file itself.

I think it's a bug or a feature that needs to be fixed?

[aaron-prindle]

possible dupe of https://github.com/GoogleContainerTools/kaniko/issues/1692