From 52a4b0bf0edd9101845d86d1ee0033a90f912f70 Mon Sep 17 00:00:00 2001 From: Martin Zihlmann Date: Mon, 30 Jun 2025 22:59:18 +0200 Subject: [PATCH 1/3] RUN disregards the group --- pkg/commands/run.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pkg/commands/run.go b/pkg/commands/run.go index f9acc4029..2256085a9 100644 --- a/pkg/commands/run.go +++ b/pkg/commands/run.go @@ -94,11 +94,9 @@ func runCommandInExec(config *v1.Config, buildArgs *dockerfile.BuildArgs, cmdRun replacementEnvs := buildArgs.ReplacementEnvs(config.Env) cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true} - u := config.User - userAndGroup := strings.Split(u, ":") - userStr, err := util.ResolveEnvironmentReplacement(userAndGroup[0], replacementEnvs, false) + userStr, err := util.ResolveEnvironmentReplacement(config.User, replacementEnvs, false) if err != nil { - return errors.Wrapf(err, "resolving user %s", userAndGroup[0]) + return errors.Wrapf(err, "resolving user %s", config.User) } // If specified, run the command as a specific user @@ -109,7 +107,7 @@ func runCommandInExec(config *v1.Config, buildArgs *dockerfile.BuildArgs, cmdRun } } - env, err := addDefaultHOME(userStr, replacementEnvs) + env, err := addDefaultHOME(strings.Split(userStr, ":")[0], replacementEnvs) if err != nil { return errors.Wrap(err, "adding default HOME variable") } From 1797acf28d8881a558b715c2e79b8a6cf5cdc5f6 Mon Sep 17 00:00:00 2001 From: Martin Zihlmann Date: Tue, 1 Jul 2025 21:00:21 +0200 Subject: [PATCH 2/3] buildkit doesnt untar current dir --- pkg/util/fs_util.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/util/fs_util.go b/pkg/util/fs_util.go index 2ff7acbac..fa6fac31f 100644 --- a/pkg/util/fs_util.go +++ b/pkg/util/fs_util.go @@ -289,6 +289,9 @@ func UnTar(r io.Reader, dest string) ([]string, error) { return nil, err } cleanedName := filepath.Clean(hdr.Name) + if cleanedName == "." { + continue + } if err := ExtractFile(dest, hdr, cleanedName, tr); err != nil { return nil, err } From 4c2fe88a8681dd8c76f1ee3708fbd0b048a1f2d5 Mon Sep 17 00:00:00 2001 From: Martin Zihlmann Date: Sat, 5 Jul 2025 16:39:08 +0100 Subject: [PATCH 3/3] default to current group --- pkg/commands/user.go | 12 +++++++++--- pkg/commands/user_test.go | 25 +++++++++++++++++++++++-- 2 files changed, 32 insertions(+), 5 deletions(-) diff --git a/pkg/commands/user.go b/pkg/commands/user.go index 937a16a69..91415c790 100644 --- a/pkg/commands/user.go +++ b/pkg/commands/user.go @@ -18,6 +18,7 @@ package commands import ( "fmt" + "os/user" "strings" "github.com/GoogleContainerTools/kaniko/pkg/dockerfile" @@ -43,15 +44,20 @@ func (r *UserCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.Bu return errors.Wrap(err, fmt.Sprintf("resolving user %s", userAndGroup[0])) } + user, err := user.Current() + if err != nil { + return errors.Wrapf(err, "failed to lookup current user") + } + + var groupStr = user.Gid if len(userAndGroup) > 1 { - groupStr, err := util.ResolveEnvironmentReplacement(userAndGroup[1], replacementEnvs, false) + groupStr, err = util.ResolveEnvironmentReplacement(userAndGroup[1], replacementEnvs, false) if err != nil { return errors.Wrap(err, fmt.Sprintf("resolving group %s", userAndGroup[1])) } - userStr = userStr + ":" + groupStr } - config.User = userStr + config.User = userStr + ":" + groupStr return nil } diff --git a/pkg/commands/user_test.go b/pkg/commands/user_test.go index 42c2311f0..ba261f65d 100644 --- a/pkg/commands/user_test.go +++ b/pkg/commands/user_test.go @@ -17,6 +17,7 @@ limitations under the License. package commands import ( + "fmt" "os/user" "testing" @@ -37,34 +38,40 @@ var userTests = []struct { user: "root", userObj: &user.User{Uid: "root", Gid: "root"}, expectedUID: "root", + expectedGID: "", }, { user: "root-add", userObj: &user.User{Uid: "root-add", Gid: "root"}, expectedUID: "root-add", + expectedGID: "", }, { user: "0", userObj: &user.User{Uid: "0", Gid: "0"}, expectedUID: "0", + expectedGID: "", }, { user: "fakeUser", userObj: &user.User{Uid: "fakeUser", Gid: "fakeUser"}, expectedUID: "fakeUser", + expectedGID: "", }, { user: "root", userObj: &user.User{Uid: "root", Gid: "some"}, expectedUID: "root", + expectedGID: "", }, { user: "0", userObj: &user.User{Uid: "0"}, expectedUID: "0", + expectedGID: "", }, { - user: "root", + user: "root:f0", userObj: &user.User{Uid: "root"}, expectedUID: "root", expectedGID: "f0", @@ -73,29 +80,38 @@ var userTests = []struct { user: "0", userObj: &user.User{Uid: "0"}, expectedUID: "0", + expectedGID: "", }, { user: "$envuser", userObj: &user.User{Uid: "root", Gid: "root"}, expectedUID: "root", + expectedGID: "", }, { user: "root", userObj: &user.User{Uid: "root"}, expectedUID: "root", + expectedGID: "", }, { user: "some", userObj: &user.User{Uid: "some"}, expectedUID: "some", + expectedGID: "", }, { user: "some", expectedUID: "some", + expectedGID: "", }, } func TestUpdateUser(t *testing.T) { + user, err := user.Current() + if err != nil { + t.Errorf("failed to get user %v", err) + } for _, test := range userTests { cfg := &v1.Config{ Env: []string{ @@ -110,6 +126,11 @@ func TestUpdateUser(t *testing.T) { } buildArgs := dockerfile.NewBuildArgs([]string{}) err := cmd.ExecuteCommand(cfg, buildArgs) - testutil.CheckErrorAndDeepEqual(t, false, err, test.expectedUID, cfg.User) + uid := test.expectedUID + gid := test.expectedGID + if gid == "" { + gid = user.Gid + } + testutil.CheckErrorAndDeepEqual(t, false, err, fmt.Sprintf("%s:%s", uid, gid), cfg.User) } }