search

reproducible-containers / buildkit-cache-dance

Save `RUN --mount=type=cache` caches on GitHub Actions ( Forked from https://github.com/overmindtech/buildkit-cache-dance )
Apache License 2.0
98 stars 25 forks source link

UID and GID are Not Preserved When Injecting Cache #34

Closed mabrikan closed 2 weeks ago

mabrikan commented 3 weeks ago

How to reproduce:

  1. Create directory test_ownership
  2. Add the following Dockerfile
FROM ubuntu

RUN groupadd -g 9999 app && useradd -m -g 9999 -u 9999 app

USER app

WORKDIR /home/app

COPY . /home/app

RUN --mount=type=cache,uid=9999,gid=9999,target="/home/app/tmp_data" \
    echo "Listing BEFORE writing." &&\
    (ls -l /home/app/tmp_data/test.txt || echo "File not yet created") &&\
    echo "THIS IS A TEST" > /home/app/tmp_data/test.txt &&\
    echo "Listing file AFTER writing." &&\
    ls -l /home/app/tmp_data/test.txt
  1. Run docker buildx build --progress plain -t test-ownership ..
  2. (you have to be root user to preserve ownership when extracting) Extract cache by running node ./buildkit-cache-dance/dist/index.js --extract --cache-map '{"<path-to-cache-directory>/cache_dir": {"target": "/home/app/tmp_data", "uid": "9999", "gid": "9999"}}'.
  3. Invalidate build cache by adding a file. e.g. touch invalidate_cache.
  4. Remove build cache docker buildx prune.
  5. Inject cached layer. Run node ./buildkit-cache-dance/dist/index.js --cache-map '{"<path-to-cache-directory>/cache_dir": {"target": "/home/app/tmp_data", "uid": "9999", "gid": "9999"}}'
  6. Build the image again. docker buildx build --progress plain -t test-ownership ..

You should see error like this:

 > [stage-0 5/5] RUN --mount=type=cache,uid=9999,gid=9999,target="/home/app/tmp_data"     echo "Listing BEFORE writing." &&    (ls -l /home/app/tmp_data/test.txt || echo "File not yet created") &&    echo "THIS IS A TEST" > /home/app/tmp_data/test.txt &&    echo "Listing file AFTER writing." &&    ls -l /home/app/tmp_data/test.txt:
0.379 Listing BEFORE writing.
0.380 -rw-r--r-- 1 root root 15 Jun  3 15:42 /home/app/tmp_data/test.txt
0.381 /bin/sh: 1: cannot create /home/app/tmp_data/test.txt: Permission denied
------
Dockerfile:11
--------------------
  10 |
  11 | >>> RUN --mount=type=cache,uid=9999,gid=9999,target="/home/app/tmp_data" \
  12 | >>>     echo "Listing BEFORE writing." &&\
  13 | >>>     (ls -l /home/app/tmp_data/test.txt || echo "File not yet created") &&\
  14 | >>>     echo "THIS IS A TEST" > /home/app/tmp_data/test.txt &&\
  15 | >>>     echo "Listing file AFTER writing." &&\
  16 | >>>     ls -l /home/app/tmp_data/test.txt
  17 |
--------------------
ERROR: failed to solve: process "/bin/sh -c echo \"Listing BEFORE writing.\" &&    (ls -l /home/app/tmp_data/test.txt || echo \"File not yet created\") &&    echo \"THIS IS A TEST\" > /home/app/tmp_data/test.txt &&    echo \"Listing file AFTER writing.\" &&    ls -l /home/app/tmp_data/test.txt" did not complete successfully: exit code: 2

Also, the output of ls command shows that the owner is root.