GoogleContainerTools / container-diff

Background

I'm working on user permissions for the kaniko builder (GoogleContainerTools/kaniko#2106) and wanted to check if the ownership of a file is set correctly by using --chown flag on COPY statements.

Using container-diff there is currently no way to get the file ownership information.

Would probably go into this function in the files analyzer:

container-diff/pkg/util/fs_utils.go

Lines 120 to 132 in bea7ad9

    
           func CreateDirectoryEntries(root string, entryNames []string) (entries []DirectoryEntry) { 
        
           	for _, name := range entryNames { 
        
           		entryPath := filepath.Join(root, name) 
        
           		size := GetSize(entryPath) 
        
           		entry := DirectoryEntry{ 
        
           			Name: name, 
        
           			Size: size, 
        
           		} 
        
           		entries = append(entries, entry) 
        
           	} 
        
           	return entries 
        
           }

After some investigation this seems to be difficult to achieve:

Currently, the tar archive gets unpacked without reconstructing the ownership.
Reconstructing is kind of difficult permissions wise, because to reconstruct, container-diff would need to be as run root

What is actually compared beyond the file size? I can’t find that anywhere and the reports doesnt say.

	func CreateDirectoryEntries(root string, entryNames []string) (entries []DirectoryEntry) {
	for _, name := range entryNames {
	entryPath := filepath.Join(root, name)
	size := GetSize(entryPath)

	entry := DirectoryEntry{
	Name: name,
	Size: size,
	}
	entries = append(entries, entry)
	}
	return entries
	}

Feature Request: Include file ownership in files analyzer

Background