Como recordatorio.
Escribiendo un multistage Dockerfile para crear una container image obtenida usando podman:
...
# The user UID is arbitrary, non common used by regular users.
RUN useradd -u 7685 -r -g users -m -s /sbin/nologin -c "Builder user" builder
# Set the working directory to the `app` directory inside builder home directory
WORKDIR /home/builder/app
# Specify the user which should be used to execute all commands below
USER builder
# -- Warm maven cache --
# Copy pom file and mvnw
COPY --chown=builder:users ./pom.xml ./mvnw .
COPY --chown=builder:users ./.mvn ./.mvn
# FIXME: Not all plugins and dependencies are downloaded.
# FIXME: See bug <https://issues.apache.org/jira/browse/MDEP-82>
RUN ./mvnw -B dependency:resolve-plugins dependency:go-offline
# -- Build war --
# Copy project and build
COPY --chown=builder:users ./ ./
RUN ./mvnw -B package
...
funciona sin problemas con un usuario normal utilizando:
$ podman build -t myapp:latest .
Por motivos de infraestructura -dígase, una imposición externa-, es necesario
que la imagen anterior se genere utilizando buildah, más exactamente el
comando buildah bud. Pero ejecutando este con un usuario normal se obtiene:
$ buildah bud -t myapp:latest .
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 19.264 s
[INFO] Finished at: 2021-07-08T19:12:33Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-resources-plugin:2.6:resources (default-resources) on project myapp: Cannot create resource output directory: /home/builder/app/target/classes -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
error building at STEP "RUN ./mvnw -B package": error while running runtime: exit status 1
level=error msg="exit status 1"
Despues de un buen rato de depurar, se encuentra que el problema está en que
WORKDIR, al crear el directorio /home/builder/app, lo hace con dueño y grupo
root y con permisos rwxr-xr-x.
Obviamente, alcanza con cambiar el dueño del directorio /home/builder/app que
es creado por WORKDIR, utilizando luego de su uso:
RUN chown builder:users /home/builder/app && chmod 755 /home/builder/app
En el comando anterior se utiliza también chmod para explicitar los permisos
del directorio.
Con lo anterior dicha sección del Dockerfile queda en la forma:
...
# The user UID is arbitrary, non common used by regular users.
RUN useradd -u 7685 -r -g users -m -s /sbin/nologin -c "Builder user" builder
# Set the working directory to the `app` directory inside builder home directory
# and set the correct permissions for user builder
WORKDIR /home/builder/app
RUN chown builder:users /home/builder/app && chmod 755 /home/builder/app
# Specify the user which should be used to execute all commands below
USER builder
# -- Warm maven cache --
# Copy pom file and mvnw
COPY --chown=builder:users ./pom.xml ./mvnw .
COPY --chown=builder:users ./.mvn ./.mvn
# FIXME: Not all plugins and dependencies are downloaded.
# FIXME: See bug <https://issues.apache.org/jira/browse/MDEP-82>
RUN ./mvnw -B dependency:resolve-plugins dependency:go-offline
# -- Build war --
# Copy project and build
COPY --chown=builder:users ./ ./
RUN ./mvnw -B package
...
Luego de haber detectado el problema es más sencillo de encontrar los bugs relacionados al problema que lo describen: