Files in .tgz changed owner from root/root to runner/docker

[olavst-spk]

I am using the files from this repo in a Kubernetes setup and I ran into some permission issues after upgrading from 1.4.0 to 1.5.0. It looks like the owner/group of the released files have changed.

In version 1.4.0 (and previous versions) the files are owned by root/root:

$ tar -ztvf cni-plugins-linux-amd64-v1.4.0.tgz
drwxrwxr-x root/root         0 2023-12-04 17:39 ./
-rwxr-xr-x root/root   3636792 2023-12-04 17:39 ./loopback
-rwxr-xr-x root/root   4109351 2023-12-04 17:38 ./bandwidth
-rwxr-xr-x root/root   4470977 2023-12-04 17:39 ./ptp
-rwxr-xr-x root/root   4310173 2023-12-04 17:39 ./vlan
-rwxr-xr-x root/root   4191837 2023-12-04 17:39 ./host-device
-rwxr-xr-x root/root   3726382 2023-12-04 17:39 ./tuning
-rwxr-xr-x root/root   4001842 2023-12-04 17:39 ./vrf
-rwxr-xr-x root/root   3851218 2023-12-04 17:39 ./sbr
-rwxr-xr-x root/root   4371897 2023-12-04 17:39 ./tap
-rwxr-xr-x root/root  11050013 2023-12-04 17:39 ./dhcp
-rwxr-xr-x root/root   3110828 2023-12-04 17:39 ./static
-rwxr-xr-x root/root   4736299 2023-12-04 17:39 ./firewall
-rwxr-xr-x root/root   4349395 2023-12-04 17:39 ./macvlan
-rwxr-xr-x root/root   4297556 2023-12-04 17:39 ./dummy
-rwxr-xr-x root/root   4652757 2023-12-04 17:39 ./bridge
-rwxr-xr-x root/root   4315686 2023-12-04 17:39 ./ipvlan
-rwxr-xr-x root/root   4085020 2023-12-04 17:39 ./portmap
-rwxr-xr-x root/root   3549866 2023-12-04 17:39 ./host-local

But in version 1.5.0 they are owned by runner/docker:

$ tar -ztvf cni-plugins-linux-amd64-v1.5.0.tgz
drwxr-xr-x runner/docker     0 2024-05-20 09:23 ./
-rwxr-xr-x runner/docker 11430474 2024-05-20 09:23 ./dhcp
-rwxr-xr-x runner/docker  3750042 2024-05-20 09:23 ./loopback
-rw-r--r-- runner/docker     2343 2024-05-20 09:23 ./README.md
-rwxr-xr-x runner/docker  4272394 2024-05-20 09:23 ./bandwidth
-rwxr-xr-x runner/docker  4440601 2024-05-20 09:23 ./ipvlan
-rwxr-xr-x runner/docker  4439832 2024-05-20 09:23 ./vlan
-rwxr-xr-x runner/docker  3223795 2024-05-20 09:23 ./static
-rwxr-xr-x runner/docker  4344044 2024-05-20 09:23 ./host-device
-rw-r--r-- runner/docker    11357 2024-05-20 09:23 ./LICENSE
-rwxr-xr-x runner/docker  4787319 2024-05-20 09:23 ./bridge
-rwxr-xr-x runner/docker  4422354 2024-05-20 09:23 ./dummy
-rwxr-xr-x runner/docker  3837627 2024-05-20 09:23 ./tuning
-rwxr-xr-x runner/docker  4102988 2024-05-20 09:23 ./vrf
-rwxr-xr-x runner/docker  4503238 2024-05-20 09:23 ./tap
-rwxr-xr-x runner/docker  4228716 2024-05-20 09:23 ./portmap
-rwxr-xr-x runner/docker  4943785 2024-05-20 09:23 ./firewall
-rwxr-xr-x runner/docker  4600833 2024-05-20 09:23 ./ptp
-rwxr-xr-x runner/docker  3679567 2024-05-20 09:23 ./host-local
-rwxr-xr-x runner/docker  4478854 2024-05-20 09:23 ./macvlan
-rwxr-xr-x runner/docker  3956598 2024-05-20 09:23 ./sbr 

Is this intentional? I don't see any mention of it in the release notes.

Thanks!

[squeed]

This was an accidental side-effect of moving image builds to github. @s1061123, can you take a look?

[s1061123]

@olavst-spk thank you for the issue. This is unexpected behavior, that is happen at the change release process to github action.

1054 will fix the issue.

[olavst-spk]

I have just tested the new version and I'm still getting some permission errors unfortunately.

Looks like the root folder is still owned by runner/docker:

$ tar -ztvf cni-plugins-linux-amd64-v1.5.1.tgz
drwxr-xr-x runner/docker     0 2024-06-17 17:51 ./
...

Compared to version 1.4.0 (and previous versions):

$ tar -ztvf cni-plugins-linux-amd64-v1.4.0.tgz
drwxrwxr-x root/root         0 2023-12-04 17:39 ./
...

In my case I run into issues with Cilium not being allowed to create /opt/cni/bin/cilium-cni because of the permissions on the root folder.

[s1061123]

Ok, let me file another PR for that.