Set uid & gid to 1000 when copying app to docker

TODO: read the desired uid & gid from the image rather than assuming 1000 is the desired number (correct for packs/build based images) projectriff/libfnbuildpack#3 (comment)
quantumsheep · Sep 23, 2018 · d06671c · d06671c
1 parent a0afd1d
commit d06671c
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 24 deletions.
diff --git a/build.go b/build.go
@@ -5,14 +5,15 @@ import (
 	"context"
 	"crypto/md5"
 	"fmt"
-	"github.com/buildpack/pack/fs"
 	"io"
 	"io/ioutil"
 	"log"
 	"math/rand"
 	"os"
 	"path/filepath"
 
+	"github.com/buildpack/pack/fs"
+
 	"github.com/BurntSushi/toml"
 	"github.com/buildpack/lifecycle"
 	"github.com/buildpack/pack/docker"
@@ -75,7 +76,7 @@ func (b *BuildFlags) Init() error {
 	b.Stdout = os.Stdout
 	b.Stderr = os.Stderr
 	b.Log = log.New(os.Stdout, "", log.LstdFlags|log.Lshortfile)
-	b.FS = &fs.FS{}
+	b.FS = &fs.FS{UID: 1000, GID: 1000}
 
 	return nil
 }

diff --git a/build_test.go b/build_test.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"github.com/buildpack/pack/fs"
 	"io/ioutil"
 	"log"
 	"math/rand"
@@ -16,6 +15,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/buildpack/pack/fs"
+
 	"github.com/buildpack/lifecycle"
 	"github.com/buildpack/pack"
 	"github.com/buildpack/pack/docker"
@@ -50,14 +51,25 @@ func testBuild(t *testing.T, when spec.G, it spec.S) {
 			Stdout:          &buf,
 			Stderr:          &buf,
 			Log:             log.New(&buf, "", log.LstdFlags|log.Lshortfile),
-			FS:              &fs.FS{},
+			FS:              &fs.FS{UID: 1000, GID: 1000},
 		}
 		log.SetOutput(ioutil.Discard)
 		subject.Cli, err = docker.New()
 		assertNil(t, err)
 	})
 
 	when("#Detect", func() {
+		it("copies the app in to docker and chowns it", func() {
+			_, err := subject.Detect()
+			assertNil(t, err)
+
+			for _, name := range []string{"/workspace/app", "/workspace/app/app.js"} {
+				txt, err := exec.Command("docker", "run", "-v", subject.WorkspaceVolume+":/workspace", subject.Builder, "ls", "-ld", name).Output()
+				assertNil(t, err)
+				assertContains(t, string(txt), "pack pack")
+			}
+		})
+
 		when("app is detected", func() {
 			it("returns the successful group with node", func() {
 				group, err := subject.Detect()

diff --git a/cmd/pack/main.go b/cmd/pack/main.go
@@ -51,7 +51,7 @@ func createBuilderCommand() *cobra.Command {
 	var noPull bool
 
 	builderFactory := pack.BuilderFactory{
-		FS: &fs.FS{},
+		FS: &fs.FS{UID: 0, GID: 0},
 	}
 
 	createBuilderCommand := &cobra.Command{

diff --git a/exporter.go b/exporter.go
@@ -5,13 +5,14 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/buildpack/pack/fs"
 	"io"
 	"io/ioutil"
 	"os"
 	"sort"
 	"strings"
 
+	"github.com/buildpack/pack/fs"
+
 	"github.com/BurntSushi/toml"
 	"github.com/buildpack/lifecycle"
 	"github.com/buildpack/pack/docker"
@@ -157,7 +158,7 @@ func addLabelToImage(cli *docker.Docker, repoName string, labels map[string]stri
 	for k, v := range labels {
 		dockerfile += fmt.Sprintf("LABEL %s='%s'\n", k, v)
 	}
-	f := &fs.FS{}
+	f := &fs.FS{UID: 0, GID: 0}
 	tr, err := f.CreateSingleFileTar("Dockerfile", dockerfile)
 	if err != nil {
 		return err

diff --git a/fs/tar.go b/fs/tar.go
@@ -10,26 +10,29 @@ import (
 	"path/filepath"
 )
 
-type FS struct{}
+type FS struct {
+	UID int
+	GID int
+}
 
-func (*FS) CreateTGZFile(tarFile, srcDir, tarDir string) error {
+func (fs *FS) CreateTGZFile(tarFile, srcDir, tarDir string) error {
 	fh, err := os.Create(tarFile)
 	if err != nil {
 		return fmt.Errorf("create file for tar: %s", err)
 	}
 	defer fh.Close()
 	gzw := gzip.NewWriter(fh)
 	defer gzw.Close()
-	return writeTarArchive(gzw, srcDir, tarDir)
+	return fs.writeTarArchive(gzw, srcDir, tarDir)
 }
 
-func (*FS) CreateTarReader(srcDir, tarDir string) (io.Reader, chan error) {
+func (fs *FS) CreateTarReader(srcDir, tarDir string) (io.Reader, chan error) {
 	r, w := io.Pipe()
 	errChan := make(chan error, 1)
 
 	go func() {
 		defer w.Close()
-		err := writeTarArchive(w, srcDir, tarDir)
+		err := fs.writeTarArchive(w, srcDir, tarDir)
 		w.Close()
 		errChan <- err
 	}()
@@ -51,7 +54,7 @@ func (*FS) CreateSingleFileTar(path, txt string) (io.Reader, error) {
 	return bytes.NewReader(buf.Bytes()), nil
 }
 
-func writeTarArchive(w io.Writer, srcDir, tarDir string) error {
+func (fs *FS) writeTarArchive(w io.Writer, srcDir, tarDir string) error {
 	tw := tar.NewWriter(w)
 	defer tw.Close()
 
@@ -84,6 +87,8 @@ func writeTarArchive(w io.Writer, srcDir, tarDir string) error {
 			}
 		}
 		header.Name = filepath.Join(tarDir, relPath)
+		header.Uid = fs.UID
+		header.Gid = fs.GID
 
 		if err := tw.WriteHeader(header); err != nil {
 			return err

diff --git a/fs/tar_test.go b/fs/tar_test.go
@@ -3,15 +3,16 @@ package fs_test
 import (
 	"archive/tar"
 	"compress/gzip"
-	"github.com/buildpack/pack/fs"
-	"github.com/sclevine/spec"
-	"github.com/sclevine/spec/report"
 	"io/ioutil"
 	"math/rand"
 	"os"
 	"path/filepath"
 	"testing"
 	"time"
+
+	"github.com/buildpack/pack/fs"
+	"github.com/sclevine/spec"
+	"github.com/sclevine/spec/report"
 )
 
 func TestFS(t *testing.T) {
@@ -22,25 +23,28 @@ func TestFS(t *testing.T) {
 func testFS(t *testing.T, when spec.G, it spec.S) {
 	var (
 		tmpDir, src string
-		fs fs.FS
+		fs          fs.FS
 	)
 
-	it.Before(func(){
+	it.Before(func() {
 		var err error
 		tmpDir, err = ioutil.TempDir("", "create-tar-test")
 		if err != nil {
 			t.Fatalf("failed to create tmp dir %s: %s", tmpDir, err)
 		}
 		src = filepath.Join("testdata", "dir-to-tar")
+
+		fs.UID = 1234
+		fs.GID = 2345
 	})
 
-	it.After(func(){
-	  if err := os.RemoveAll(tmpDir); err != nil {
-	  	t.Fatalf("failed to clean up tmp dir %s: %s", tmpDir, err)
-	  }
+	it.After(func() {
+		if err := os.RemoveAll(tmpDir); err != nil {
+			t.Fatalf("failed to clean up tmp dir %s: %s", tmpDir, err)
+		}
 	})
 
-	it("writes a tar to the dest dir", func(){
+	it("writes a tar to the dest dir", func() {
 		tarFile := filepath.Join(tmpDir, "some.tar")
 		err := fs.CreateTGZFile(tarFile, src, "/dir-in-archive")
 		if err != nil {
@@ -66,6 +70,12 @@ func testFS(t *testing.T, when spec.G, it spec.S) {
 		if string(fileContents) != "some-content" {
 			t.Fatalf(`expected to some-file.txt to have "some-contents" got %s`, string(fileContents))
 		}
+		if header.Uid != 1234 {
+			t.Fatalf(`expected some-file.txt to be owned by 1234 was %d`, header.Uid)
+		}
+		if header.Gid != 2345 {
+			t.Fatalf(`expected some-file.txt to be group 2345 was %d`, header.Gid)
+		}
 
 		t.Log("handles symlinks")
 		header, err = tr.Next()
@@ -75,9 +85,15 @@ func testFS(t *testing.T, when spec.G, it spec.S) {
 		if header.Name != "/dir-in-archive/sub-dir/link-file" {
 			t.Fatalf(`expected file with name /dir-in-archive/sub-dir/link-file, got %s`, header.Name)
 		}
+		if header.Uid != 1234 {
+			t.Fatalf(`expected link-file to be owned by 1234 was %d`, header.Uid)
+		}
+		if header.Gid != 2345 {
+			t.Fatalf(`expected link-file to be group 2345 was %d`, header.Gid)
+		}
 
 		if header.Linkname != "../some-file.txt" {
 			t.Fatalf(`expected to link-file to have atrget "../some-file.txt" got %s`, header.Linkname)
 		}
 	})
-}
+}