Add docs for Dockerfile ADD/COPY --chown flag #467
Conversation
estesp
requested review from
mdlinville,
thaJeztah and
vdemeester
as code owners
Codecov Report
@@ Coverage Diff @@
## master #467 +/- ##
==========================================
- Coverage 49.41% 46.74% -2.68%
==========================================
Files 208 199 -9
Lines 17186 16526 -660
==========================================
- Hits 8493 7725 -768
- Misses 8261 8400 +139
+ Partials 432 401 -31 |
docs/reference/builder.md
Outdated
| whitespace) | ||
|
|
||
| The `ADD` instruction copies new files, directories or remote file URLs from `<src>` | ||
| and adds them to the filesystem of the image at the path `<dest>`. | ||
|
|
||
| Multiple `<src>` resource may be specified but if they are files or | ||
| Multiple `<src>` resources may be specified but if they are files or | ||
| directories then they must be relative to the source directory that is |
There was a problem hiding this comment.
directories, they must be
Also, "relative" I think means that they must be subdirectories of the build context? Maybe you can reword this to make it clearer.
docs/reference/builder.md
Outdated
| All new files and directories are created with a UID and GID of 0. | ||
| All new files and directories are created with a UID and GID of 0, unless the | ||
| optional `--chown` flag is used to provide a user and group definition which | ||
| will be used to change the ownership of the created files and directories. The |
There was a problem hiding this comment.
How about "optional --chown flag specifies a given username, groupname, or UID/GID combination."
(if you only want to give a GID, how does Docker know it's not a UID? I think if you only provide a single integer it's always assumed to be a UID. Maybe best to state this too.)
|
cc/ @gbarr01 for FYI |
docs/reference/builder.md
Outdated
| @@ -817,14 +817,14 @@ change them using `docker run --env <key>=<value>`. | |||
|
|
|||
| ADD has two forms: | |||
|
|
|||
| - `ADD <src>... <dest>` | |||
| - `ADD ["<src>",... "<dest>"]` (this form is required for paths containing | |||
| - `ADD [--chown <user>:<group>] <src>... <dest>` | |||
There was a problem hiding this comment.
Sure about that syntax? Not working for me & @presto9292 see moby/moby#34263 (comment)
There was a problem hiding this comment.
Thanks @shouze ; you are correct that it requires an =; I will update this PR as it also has other edits required before being complete.
estesp
force-pushed
the
chown-flag-docs
branch
from
95e0972 to
8b7a8b0
Compare
|
@mstanleyjones thanks for the review; I have updated per your comments; PTAL! @shouze examples and flag documentation updated with the correct argument style--thanks for the catch! |
|
What is the behaviour of using this flag on Windows as the |
| @@ -848,7 +848,26 @@ named `arr[0].txt`, use the following; | |||
| ADD arr[[]0].txt /mydir/ # copy a file named "arr[0].txt" to /mydir/ | |||
|
|
|||
|
|
|||
| All new files and directories are created with a UID and GID of 0. | |||
| All new files and directories are created with a UID and GID of 0, unless the | |||
There was a problem hiding this comment.
How do the concepts of UID and GID 0 map to Windows?
There was a problem hiding this comment.
They do not apply/map at all.. I assume we need a note about that :) A Dockerfile with the --chown flag on an ADD or COPY command will fail during docker build if it is built on a Windows Docker daemon.
This was discussed in the PR for the feature implementation itself--the other option was to "ignore" the flag on Windows but today this is not the way it is implemented.
There was a problem hiding this comment.
Perhaps we should add a header above this section; both for easier linking (anchor), and an introduction "This is a Linux-only feature". Also, the sections for COPY and ADD for this feature could then be combined if we think that's a good idea ("All new files and directories that are added through ADD or COPY ...."). (I'm sure @mstanleyjones has better suggestions 😄)
What is actually the owner of the files on Windows? (@johnstep?)
There was a problem hiding this comment.
@estesp What I've seen is that passing --chown succeeds on Windows, if a number is supplied, but fails for a name since the code attempts to resolve the name by looking in \etc\passwd on Windows, which does not make sense.
Failing outright probably makes more sense, or at least warning, but I would prefer a more deliberate check and message. We have an issue on adding a warning, but it needs some more details: moby/moby#35026
@thaJeztah We'll look into how the owner is set on Windows. From a quick test, it seems to be set differently based on which directory a file is copied to, but we need to verify.
docs/reference/builder.md
Outdated
| or direct integer UID and GID in any combination. Providing a username without | ||
| groupname or a UID without GID will use the name numeric UID as the GID. If a | ||
| username or groupname is provided, the container's root filesystem | ||
| `/etc/passwd` and `/etc/group` files will be used to perform the translation |
There was a problem hiding this comment.
How does this map to Windows?
docs/reference/builder.md
Outdated
| combination to request specific ownership of the content added. The | ||
| format of the `--chown` flag allows for either username and groupname strings | ||
| or direct integer UID and GID in any combination. Providing a username without | ||
| groupname or a UID without GID will use the name numeric UID as the GID. If a |
| @@ -848,7 +848,26 @@ named `arr[0].txt`, use the following; | |||
| ADD arr[[]0].txt /mydir/ # copy a file named "arr[0].txt" to /mydir/ | |||
|
|
|||
|
|
|||
| All new files and directories are created with a UID and GID of 0. | |||
| All new files and directories are created with a UID and GID of 0, unless the | |||
There was a problem hiding this comment.
Perhaps we should add a header above this section; both for easier linking (anchor), and an introduction "This is a Linux-only feature". Also, the sections for COPY and ADD for this feature could then be combined if we think that's a good idea ("All new files and directories that are added through ADD or COPY ...."). (I'm sure @mstanleyjones has better suggestions 😄)
What is actually the owner of the files on Windows? (@johnstep?)
docs/reference/builder.md
Outdated
| combination to request specific ownership of the copied content. The | ||
| format of the `--chown` flag allows for either username and groupname strings | ||
| or direct integer UID and GID in any combination. Providing a username without | ||
| groupname or a UID without GID will use the name numeric UID as the GID. If a |
|
I like the idea of a note like "The |
|
ping @estesp 😇 |
Document the new `--chown` flag added to the ADD and COPY commands in the Dockerfile format. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
estesp
force-pushed
the
chown-flag-docs
branch
from
8b7a8b0 to
a83b9f1
Compare
|
@mstanleyjones @thaJeztah updated; PTAL. I did not combine the sections yet; I'm definitely willing to do so, but currently the anchor points are to each possible command in a Given they are still distinct I added the same exact note about lack of capability on Windows to use the |
| - `COPY <src>... <dest>` | ||
| - `COPY ["<src>",... "<dest>"]` (this form is required for paths containing | ||
| - `COPY [--chown=<user>:<group>] <src>... <dest>` | ||
| - `COPY [--chown=<user>:<group>] ["<src>",... "<dest>"]` (this form is required for paths containing |
There was a problem hiding this comment.
lol, this will be a bit confusing as the first square brackets are to indicate "it's optional" and the second are literal brackets for JSON.
Don't have a better suggestion at this point though (other than having an example perhaps) - I'm okay with adding that in a follow up
|
This feature went into the 17.09 release, so it currently undocumented as far as online docs. Is there anything else not addressed here? Just don't want it to get lost for too long! |
|
@estesp well, this PR would have needed to be merged before |
|
Unfortunately, this didn't make 17.10 either as far as I can tell. That's too bad but hey, it happens. What outstanding issues are there left that are preventing it from being merged? I would like to add support for this flag in my project once the documentation has been finalized and is made available online. |
|
I'll go ahead and merge 👍 thanks! |
Document the new
--chownflag added to the ADD and COPY commands inthe Dockerfile format.
Signed-off-by: Phil Estes estesp@linux.vnet.ibm.com
The actual implementation is ready to merge in moby/moby#34263