DockerPermissionStrategy.MultiStage relies on COPY --chown

sbt / sbt-native-packager

sbt Native Packager

https://sbt-native-packager.readthedocs.io/en/stable/

BSD 2-Clause "Simplified" License

1.59k stars 439 forks source link

DockerPermissionStrategy.MultiStage relies on COPY --chown #1307

Open nadavwr opened 4 years ago

nadavwr commented 4 years ago

DockerPermissionStrategy.MultiStage is made available from Docker 17.05 onwards. However, it generates a COPY --chown, which is only available from 17.09 onwards.

As a result we encounter failures running docker build against Docker 17.06.

muuki88 commented 4 years ago

Thanks for your bug report.

This is the responsible code snippet. For me it looks like we check for 17.09 or higher. Could it be that the API version is too low?

nadavwr commented 4 years ago

The problem is with the multiStage snippet. It checks for 17.05, then uses makeCopyFrom, which in turn uses `COPY --from=... --chown=....

COPY --from=... --chown=... has the same version availability as COPY --chown (from 17.09 onwards).

A separate MultiStage permission strategy should have been viable without --chown (I assume this was the original intent). However, up until 19.03.07 ownership wasn't preserved when copying from previous stages—in effect forcing the --chown flag in both strategies.

giuscri commented 4 years ago

I had the same problem, as the docker in my CI is 17.05 and it doesn't support COPY --chown.

For those who stumble upon this, a temporary fix is to change the permission strategy

dockerPermissionStrategy := DockerPermissionStrategy.Run