Reset uid/gid to 0 in build context to fix cache busting issues on ADD/COPY #513
Conversation
Codecov Report
@@ Coverage Diff @@
## master #513 +/- ##
==========================================
+ Coverage 49.06% 49.06% +<.01%
==========================================
Files 200 200
Lines 16407 16408 +1
==========================================
+ Hits 8050 8051 +1
Misses 7938 7938
Partials 419 419 |
|
@tonistiigi I need to write the test but looks like not so trivial to me ATM as buildCtx is internal concept of runBuild(). Still need to read the code. I also want to address --stream, will I need to make changes inside buildkit? |
|
@dnephin may have some tips for the test. For |
|
@tonistiigi this would be really easy to test if we merged #294 , it would be a unit test on |
shouze
changed the title
shouze
changed the title
|
@tonistiigi @dnephin ok I've added the test, ready for a review. @tonistiigi ok so about |
|
@tonistiigi I've started moby/moby#34708 in moby/moby#34797 but looks like it's probably just more than an update, I'll take a look as a fsutil upgrade seems required too. |
cli/command/image/build_test.go
Outdated
| func TestRunBuildResetsUidAndGidInContext(t *testing.T) { | ||
| if runtime.GOOS == "windows" { | ||
| t.Skip("Invalid test on Windows") | ||
| } |
There was a problem hiding this comment.
We have some helpers for this, please use https://godoc.org/github.com/gotestyourself/gotestyourself/skip
skip.IfCondition(t, runtime.GOOS == "windows", "uid and gid not relevant on windows")
cli/command/image/build_test.go
Outdated
| } | ||
| dest, err := ioutil.TempDir("", "test-build-context-dest") | ||
| require.NoError(t, err) | ||
| defer os.RemoveAll(dest) |
There was a problem hiding this comment.
We have helpers for this: https://godoc.org/github.com/gotestyourself/gotestyourself/fs
dest := fs.NewDir(t, "test-build-context-dest")
defer dest.Remove()
// use dest.Path() to get the path
cli/command/image/build_test.go
Outdated
|
|
||
| ioutil.WriteFile(filepath.Join(dir, "foo"), []byte("some content"), 0644) | ||
| err = os.Lchown(filepath.Join(dir, "foo"), 65534, 65534) | ||
| require.NoError(t, err) |
There was a problem hiding this comment.
This test can use a Dockerfile from the context, instead of stdin. So dockerfile can be just the string, instead of a bytes.Buffer. and you don't need to set cli.SetIn(). Below you won't need the options.dockerfileName = "-" line either.
You can replace this block (line 45-53) with:
dir := fs.NewDir(t, "test-build-context",
fs.WithFile("foo", "some content", AsUser(65534, 65534)),
fs.WithFile("Dockerfile", dockerfile),
)
defer dir.Remove()You'll have to update vendor.conf to use gotestyourself v1.2.0 as WithFile() was fixed in that version to accept PathOp
|
@dnephin ready for a new review, thx for gotestyourself tips, it reduces a lot the noise when we read the test 👍 I can upgrade/modernize the other tests in another PR if you want. |
cli/command/image/build_test.go
Outdated
|
|
||
| fakeImageBuild := func(_ context.Context, context io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) { | ||
| buffer := new(bytes.Buffer) | ||
| tee := io.TeeReader(context, buffer) |
There was a problem hiding this comment.
Is this necessary? It doesn't seem like buffer is used.
There was a problem hiding this comment.
Right, removed this unused intermediate buffer var 😉
cli/command/image/build_test.go
Outdated
|
|
||
| fakeImageBuild := func(_ context.Context, context io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) { | ||
| tee := io.TeeReader(context, new(bytes.Buffer)) | ||
| assert.NoError(t, archive.Untar(tee, dest.Path(), nil)) |
There was a problem hiding this comment.
I think you can pass context here as the first argument to Untar() and remove tee altogether, no?
The reason I'm using io.TeeReader() in the other test is because I want to assert the header is as expected, but in this case the test isn't concerned with the compression, it just wants the files, so I don't think you need the extra buffer.
|
LGTM @shouze Needs rebase |
Signed-off-by: Sébastien HOUZÉ <[email protected]>
|
@tonistiigi thx, rebased! |
|
@dnephin @tonistiigi I guess that after the merge a documentation upgrade would be required? |
shouze
deleted the
reset-id-pair-during-build-to-avoid-cache-busting
branch
|
/cc @mstanleyjones for documentation ^^ |
- What I did
Fix of moby/moby#32816
- How I did it
By resetting uid/gid to 0/0 in the build context. Prior to that, made possible by adding chownOpts in pkg/archive tarWithOption moby/moby#34590
- How to verify it
go test -v ./cli/command/image -run TestRunBuildResetsUidAndGidInContext- Description for the changelog
Reset uid/gid to 0 in build context to fix cache busting issues on ADD/COPY
- A picture of a cute animal (not mandatory but encouraged)