4

I have a Dockerfile as follows:

FROM jenkins/jenkins:2.119

USER jenkins
ENV HOME /var/jenkins_home

COPY --chown=jenkins:jenkins ssh ${HOME}/.ssh/

RUN chmod 700 ${HOME}/.ssh && \
    chmod 600 ${HOME}/.ssh/*

The ssh directory has 755/644 on the dir/file on the build machine. However, when I build with

docker build -t my/temp .

and start the image with an ls command

docker run -it --rm my/temp ls -la /var/jenkins_home/.ssh

neither of the chmod commands are applied to the image

drwxr-xr-x 2 jenkins jenkins 4096 May  3 12:46 .
drwxr-xr-x 4 jenkins jenkins 4096 May  3 12:46 ..
-rw-r--r-- 1 jenkins jenkins  391 May  3 11:42 known_hosts

During the build I see

Step 4/6 : COPY --chown=jenkins:jenkins ssh ${HOME}/.ssh/
 ---> 58e0d8242fac
Step 5/6 : RUN chmod 700 ${HOME}/.ssh &&     chmod 600 ${HOME}/.ssh/*
 ---> Running in 0c805d4d4252
Removing intermediate container 0c805d4d4252
 ---> bbfc828ace79

It looks like the chmod is discarded. How can I stop this happening?

I'm using latest Docker (Edge) on Mac OSX Version 18.05.0-ce-rc1-mac63 (24246); edge 3b5a9a44cd

EDIT

With --rm didn't work either (after deleting image and rebuilding) but didn't get remove message

docker build -t my/temp --rm=false .

run -it --rm my/temp ls -la /var/jenkins_home/.ssh
drwxr-xr-x 2 jenkins jenkins 4096 May  3 15:42 .
drwxr-xr-x 4 jenkins jenkins 4096 May  3 15:42 ..
-rw-r--r-- 1 jenkins jenkins  391 May  3 11:42 known_hosts

EDIT 2

So basically a bug in Docker where a base image with a VOLUME causes chmod to fail and similarly RUN mkdir on the volume failed but COPY did, but left the directory with the wrong permissions. Thanks to bkconrad.

EDIT 3

Created fork with a fix here https://github.com/systematicmethods/jenkins-docker build.sh will build an image locally

PeterLappo
  • 61
  • 5

2 Answers2

1

This has to do with how Docker handles VOLUMEs for images.

From docker inspect my/temp:

"Volumes": {
  "/var/jenkins_home": {}
},

There's a helpful ticket about this from the moby project:

https://github.com/moby/moby/issues/12779

Basically you'll need to do your chmod at run time.

Setting your HOME envvar to a non-volume path like /tmp shows the expected behavior:

$ docker run -it --rm my/temp ls -la /tmp/.ssh
total 8
drwx------ 2 jenkins jenkins 4096 May  3 17:31 .
drwxrwxrwt 6 root    root    4096 May  3 17:31 ..
-rw------- 1 jenkins jenkins    0 May  3 17:24 dummy
bkconrad
  • 2,620
  • 3
  • 20
  • 30
  • The link is very helpful also explains why RUN commands on the same volume don't work. Basically a bug in Docker imho. Spent the best part of a day trying to find work-arounds as I assumed I must have done something wrong as I'm still relatively new to Docker. – PeterLappo May 03 '18 at 17:53
0
Step 5/6 : RUN chmod 700 ${HOME}/.ssh &&     chmod 600 ${HOME}/.ssh/*
 ---> Running in 0c805d4d4252

Removing intermediate container 0c805d4d4252

As you can see "intermediate container " is being removed , which is a normal behavior of the docker to keep , if you wanted to keep those use below command.

docker build -t my/temp --rm=false .

Its also been explained in one of the post

Why docker build image from docker file will create container when build exit incorrectly?

sanath meti
  • 5,179
  • 1
  • 21
  • 30
  • Tried that after deleting the image, didn't work, but didn't get removing message – PeterLappo May 03 '18 at 15:40
  • Changing the permissions of files the ssh directory helps, but doesn't change permissions of .ssh directory, the COPY statement is at fault, doesn't preserve permissions but more bizarrely doesn't allow you to change permissions either. – PeterLappo May 03 '18 at 16:07