Kaniko ADD instruction not preserve permissions via chmod argument

[ranebull]

Actual behavior
ADD Dockerfile instruction not preserve permissions with chmod argument usage.

Expected behavior
ADD Dockerfile instruction with chmod argument preserve permissions

To Reproduce
Steps to reproduce the behavior:

1. Build Dockerfile:

FROM alpine:latest

ADD --chmod=0755 https://github.com/GoogleContainerTools/kaniko/blob/main/benchmark.sh /usr/local/bin

# Check permissions
RUN ls -al /usr/local/bin/

2. Get output:

/workspace # executor -c . --no-push
INFO[0000] Retrieving image manifest alpine:latest      
INFO[0000] Retrieving image alpine:latest from registry index.docker.io 
INFO[0022] Built cross stage deps: map[]                
INFO[0022] Retrieving image manifest alpine:latest      
INFO[0022] Returning cached image manifest              
INFO[0022] Executing 0 build triggers                   
INFO[0022] Building stage 'alpine:latest' [idx: '0', base-idx: '-1'] 
INFO[0022] Unpacking rootfs as cmd ADD --chmod=0755 https://github.com/GoogleContainerTools/kaniko/blob/main/benchmark.sh /usr/local/bin requires it. 
INFO[0027] Using files from context: []                 
INFO[0027] ADD --chmod=0755 https://github.com/GoogleContainerTools/kaniko/blob/main/benchmark.sh /usr/local/bin 
INFO[0027] Adding remote URL https://github.com/GoogleContainerTools/kaniko/blob/main/benchmark.sh to /usr/local/bin/benchmark.sh 
INFO[0033] Taking snapshot of files...                  
INFO[0033] RUN ls -al /usr/local/bin/                   
INFO[0033] Initializing snapshotter ...                 
INFO[0033] Taking snapshot of full filesystem...        
INFO[0033] Cmd: /bin/sh                                 
INFO[0033] Args: [-c ls -al /usr/local/bin/]            
INFO[0033] Running: [/bin/sh -c ls -al /usr/local/bin/] 
total 124
drwxr-xr-x    1 root     root            24 Nov 13 13:56 .
drwxr-xr-x    1 root     root            22 Nov 13 13:56 ..
-rw-------    1 root     root        126793 Nov 13 13:56 benchmark.sh
INFO[0033] Taking snapshot of full filesystem...        
INFO[0033] No files were changed, appending empty layer to config. No layer added to image. 
INFO[0033] Skipping push to container registry due to --no-push flag

3. File have permissions 0600, but must have 0755

Additional Information

• Dockerfile

FROM alpine:latest
ADD --chmod=0755 https://github.com/GoogleContainerTools/kaniko/blob/main/benchmark.sh /usr/local/bin
RUN ls -al /usr/local/bin/

• Build Context
  Directory with Dockerfile above only
  File from ADD instruction - https://github.com/GoogleContainerTools/kaniko/blob/main/benchmark.sh
• Kaniko Image gcr.io/kaniko-project/executor:v1.18.0-debug
• I not see any chmod operations and set permissions, only chown operation in source file https://github.com/GoogleContainerTools/kaniko/blob/main/pkg/commands/add.go

Triage Notes for the Maintainers

Description	Yes/No
Please check if this a new feature you are proposing	- [Yes]
Please check if the build works in docker but not in kaniko	- [Yes]
Please check if this error is seen when you use --cache flag	- [Yes]
Please check if your dockerfile is a multistage dockerfile	- [No]

[trombonax]

Hello,
as i see, this is not a feature-request, this is a hardcore bug.
@JeromeJu, why you reassign bug report as a feature-request ?

thanks

[JeromeJu]

Hello, as i see, this is not a feature-request, this is a hardcore bug. @JeromeJu, why you reassign bug report as a feature-request ?

thanks

Thanks for catching this. This is essentially a /kind/bug. Updated.

[trombonax]

@JeromeJu thank you a lot

[robross0606]

Does this also affect COPY commands?

[indistinctTalk]

Yeah, I ran into this using `COPY` yesterday.

…

On Thu, 16 Nov 2023, 02:40 robross0606, ***@***.***> wrote: Does this also affect COPY commands? — Reply to this email directly, view it on GitHub <#2850 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABIKCVKQETZNWPHXWNZSXI3YEUEC3AVCNFSM6AAAAAA7JHIJMGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJTGA3DOOBUHA> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[ranebull]

@robross0606, yes.

Kaniko output:

wget https://github.com/GoogleContainerTools/kaniko/blob/main/run_in_docker.sh
ls -al run_in_docker.sh
-rw-r--r-- 1 1000 1000 12837 ноя 16 10:31 run_in_docker.sh
/workspace executor --no-push
INFO[0000] Retrieving image manifest ubuntu:latest      
INFO[0000] Retrieving image ubuntu:latest from registry index.docker.io 
INFO[0021] Built cross stage deps: map[]                
INFO[0021] Retrieving image manifest ubuntu:latest      
INFO[0021] Returning cached image manifest              
INFO[0021] Executing 0 build triggers                   
INFO[0021] Building stage 'ubuntu:latest' [idx: '0', base-idx: '-1'] 
INFO[0021] Unpacking rootfs as cmd COPY --chmod=0755 run_in_docker.sh /usr/local/bin requires it. 
INFO[0028] COPY --chmod=0755 run_in_docker.sh /usr/local/bin 
INFO[0028] Taking snapshot of files...                  
INFO[0028] RUN ls -al /usr/local/bin                    
INFO[0028] Initializing snapshotter ...                 
INFO[0028] Taking snapshot of full filesystem...        
INFO[0028] Cmd: /bin/sh                                 
INFO[0028] Args: [-c ls -al /usr/local/bin]             
INFO[0028] Running: [/bin/sh -c ls -al /usr/local/bin]  
total 16
drwxr-xr-x 1 root root    32 Nov 16 07:34 .
drwxr-xr-x 1 root root    72 Nov 16 07:34 ..
-rw-r--r-- 1 1000 1000 12837 Nov 16 07:34 run_in_docker.sh

Dockerfile

FROM ubuntu:latest

COPY --chmod=0755 run_in_docker.sh /usr/local/bin

RUN ls -al /usr/local/bin

[willywanka75]

Issue #1751 is a feature request to add the --chmod arg to the COPY command. Is this issue actually a feature request?