Step images can have executable files

Cameron Swordsrequested to merge
cam/step-images-keep-file-perms into main

Changes

The dist://step/oci/build and dist://step/oci/fetch steps preseve execute permissions on files. Specifically:

  • Files are added to image layers with permission rw-rw-rw- | file perms. They're always read/write, and are executable if the file is executable. This mirrors behaviour in Go's os.CopyFS, which is used when a whole directory is copied in the build stage
  • Fetch unpackages layers using the permission of the file in the layer
  • Directories are always rwxrw-rw-

Reasons

When building, promoting and using the changelog step from the step-runner project, the following error was encountered:

ERROR: Job failed: container exec on "0a40c1051f329d65cfc56b22f7f5aa882f4514a4e55a0bf04340ffcd7fceb0f9" finished with:
step "changelog":
step "changelog":
exec: fork/exec /tmp/step-runner-cache/oci-image-2754561664/run: permission denied

Go compiles the run binary, but the file is not executable when the step runs.

Reference

Dogfood Step images in Steps Pipeline (#234)

Edited by Cameron Swords

Merge request reports