Re: MASSEMBLY-918 proposal

[Enrico Olivelli]

I was thinking more about 1) but I am not a 'tar' master.
Maybe you can write a simple jshell script that uses the java libs and
tweaks the tarbar

Enrico

Il dom 18 ago 2019, 22:10  ha scritto:

> 4. Squash Docker image layers? This approach requires additional tool (
> https://github.com/jwilder/docker-squash requires sudo) and understanding
> of what layers to squash and what layers to keep as is (for optimization of
> Docker image delivery - some base layers are taken from image vendor and
> are not changed, so I need to keep them to avoid re-delivering of the whole
> Docker image). I'm not sure about impact of squashing of Docker layers on
> Docker build cache and on the whole time required for building (if TAR
> checksum didn't change then rebuilding of Docker image is faster due to
> Docker build cache).
>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org
>
>

MASSEMBLY-918 proposal

[abrarov]

4. Squash Docker image layers? This approach requires additional tool 
(https://github.com/jwilder/docker-squash requires sudo) and understanding of 
what layers to squash and what layers to keep as is (for optimization of Docker 
image delivery - some base layers are taken from image vendor and are not 
changed, so I need to keep them to avoid re-delivering of the whole Docker 
image). I'm not sure about impact of squashing of Docker layers on Docker build 
cache and on the whole time required for building (if TAR checksum didn't 
change then rebuilding of Docker image is faster due to Docker build cache).



-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

RE: MASSEMBLY-918 proposal

[abrarov]

What can I do in that script?

1. Change owner in TAR created by Maven Assembly plugin - I need a tool for 
that (I failed to find one)
2. Change owner before packaging of TAR - I need root permissions (sudo) for 
that (I just want to add an entry into TAR with chosen owner / group - why 
should I run my build with escalated privileges?)
3. Change owner in Docker image created using TAR - it duplicates all impacted 
files / directories, i.e. increases Docker image size (refer to 
https://medium.com/@lmakarov/the-backlash-of-chmod-chown-mv-in-your-dockerfile-f12fe08c0b55)


-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Re: MASSEMBLY-918 proposal

[Enrico Olivelli]

Can't you run some post package script with the maven exec plugin?


Enrico

Il ven 16 ago 2019, 19:55  ha scritto:

> Hi Enrico,
>
> Yes, I need just root:root for the task I described, but it doesn't look
> like correct (generic) solution to add just flag for the "root ownership",
> because its implementation looks as hard (easy for smbd) as adding
> possibility to specify both user and group.
>
> Marat.
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org
>
>

RE: MASSEMBLY-918 proposal

[abrarov]

Hi Enrico,

Yes, I need just root:root for the task I described, but it doesn't look like 
correct (generic) solution to add just flag for the "root ownership", because 
its implementation looks as hard (easy for smbd) as adding possibility to 
specify both user and group.

Marat.


-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Re: MASSEMBLY-918 proposal

[Enrico Olivelli]

Marat,
Sorry for late reply.

Il lun 29 lug 2019, 19:00  ha scritto:

> Hi community.
>
> I use Maven with Maven Resources plugin and Dockerfile Maven plugin
> (https://github.com/spotify/dockerfile-maven) for building my Docker
> images
> and this approach works fine (much better than shell scripts) except one
> issue - refer to "The backlash of chmod/chown/mv in your Dockerfile"
> article
> (
> https://medium.com/@lmakarov/the-backlash-of-chmod-chown-mv-in-your-dockerf
> ile-f12fe08c0b55
> ).
> I was able to solve this issue in terms of location and
> file / directory permissions with Maven Assembly plugin and TAR format but
> ownership of files and directories is still an issue - refer to
> https://issues.apache.org/jira/browse/MASSEMBLY-918 for details.
>


So you need to create tar files with root:root as owner of files?

Enrico

>
> This issue with ownership is important for the business project I work in
> because this issue becomes security issue (well, it's **minor** security
> issue to be honest, but I'd prefer to not prove that for software security
> team but just fix the issue) when Red Hat OpenShift and RHEL 7 are used,
> i.e. the same issue may be important for other business projects
> ("corporates") utilizing the same (popular) stack.
>
> I implemented PoC which demonstrates that MASSEMBLY-918 can be easily
> solved
> (refer to issue description). It's still PoC because it doesn't follow all
> the rules required for official pull requests and contains no unit tests
> for
> the new feature I implemented.
>
> I'd like to understand:
>
> 1. If MASSEMBLY-918 is actual for other developers? Does anybody else use
> Maven for building of Docker images and have the same limits because of
> RHEL
> and OpenShift?
> 2. Does it make sense to invest into official pull requests for further
> promotion of changes (these changes may be helpful not only for building of
> Docker images)?
>
> Thank you.
>
> Regards,
> Marat Abrarov.
>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org
>
>

MASSEMBLY-918 proposal

[abrarov]

Hi community. 

I use Maven with Maven Resources plugin and Dockerfile Maven plugin
(https://github.com/spotify/dockerfile-maven) for building my Docker images
and this approach works fine (much better than shell scripts) except one
issue - refer to "The backlash of chmod/chown/mv in your Dockerfile" article
(https://medium.com/@lmakarov/the-backlash-of-chmod-chown-mv-in-your-dockerf
ile-f12fe08c0b55). I was able to solve this issue in terms of location and
file / directory permissions with Maven Assembly plugin and TAR format but
ownership of files and directories is still an issue - refer to
https://issues.apache.org/jira/browse/MASSEMBLY-918 for details.

This issue with ownership is important for the business project I work in
because this issue becomes security issue (well, it's **minor** security
issue to be honest, but I'd prefer to not prove that for software security
team but just fix the issue) when Red Hat OpenShift and RHEL 7 are used,
i.e. the same issue may be important for other business projects
("corporates") utilizing the same (popular) stack.

I implemented PoC which demonstrates that MASSEMBLY-918 can be easily solved
(refer to issue description). It's still PoC because it doesn't follow all
the rules required for official pull requests and contains no unit tests for
the new feature I implemented.

I'd like to understand:

1. If MASSEMBLY-918 is actual for other developers? Does anybody else use
Maven for building of Docker images and have the same limits because of RHEL
and OpenShift?
2. Does it make sense to invest into official pull requests for further
promotion of changes (these changes may be helpful not only for building of
Docker images)?

Thank you.

Regards, 
Marat Abrarov.



-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org