From 128f56169efbce95089a412eb52297b1d421a023 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Budai?= <ondrej@budai.cz>
Date: Wed, 17 May 2023 09:37:34 +0200
Subject: [PATCH] Dockerfile*: chown the copied files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When `go install` is called, go tries to get the git commit hash and embed it
into the built binary. Internally, go just calls the git executable.

The newer go-toolset seems to be based on RHEL 9.2 that ships a newer version
of git (2.39.1). This version contains the safe directory patch that
disallows git from operating on repositories owned by different users.

Thus, we need to chown the files when copying.

See

https://git-scm.com/docs/git-config/2.35.2#Documentation/git-config.txt-safedirectory
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
---
 distribution/Dockerfile-fauxauth        | 5 ++++-
 distribution/Dockerfile-ubi             | 5 ++++-
 distribution/Dockerfile-ubi-maintenance | 5 ++++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/distribution/Dockerfile-fauxauth b/distribution/Dockerfile-fauxauth
index 8eba3de25..5bb23e477 100644
--- a/distribution/Dockerfile-fauxauth
+++ b/distribution/Dockerfile-fauxauth
@@ -1,5 +1,8 @@
 FROM registry.access.redhat.com/ubi9/go-toolset:latest AS builder
-COPY . .
+# ubi9/go-toolset defaults to uid 1001. Let's copy the files with this UID as well.
+# Otherwise, VCS stamping will fail because git >= 2.35.2 refuses to work in
+# a repository owned by a different user.
+COPY --chown=1001 . .
 ENV GOFLAGS=-mod=vendor
 RUN go install ./cmd/osbuild-mock-openid-provider/
 
diff --git a/distribution/Dockerfile-ubi b/distribution/Dockerfile-ubi
index 6c7bac75d..a6c6faa35 100644
--- a/distribution/Dockerfile-ubi
+++ b/distribution/Dockerfile-ubi
@@ -5,7 +5,10 @@ USER 0
 # uses `libgpgme` so we need to install it and its build dependencies
 RUN dnf install -y gpgme-devel libassuan-devel
 USER 1001
-COPY . .
+# ubi9/go-toolset defaults to uid 1001. Let's copy the files with this UID as well.
+# Otherwise, VCS stamping will fail because git >= 2.35.2 refuses to work in
+# a repository owned by a different user.
+COPY --chown=1001 . .
 ENV GOFLAGS=-mod=vendor
 RUN go install ./cmd/osbuild-composer/
 
diff --git a/distribution/Dockerfile-ubi-maintenance b/distribution/Dockerfile-ubi-maintenance
index 38e4d7936..fa8fa7054 100644
--- a/distribution/Dockerfile-ubi-maintenance
+++ b/distribution/Dockerfile-ubi-maintenance
@@ -1,5 +1,8 @@
 FROM registry.access.redhat.com/ubi9/go-toolset:latest AS builder
-COPY . .
+# ubi9/go-toolset defaults to uid 1001. Let's copy the files with this UID as well.
+# Otherwise, VCS stamping will fail because git >= 2.35.2 refuses to work in
+# a repository owned by a different user.
+COPY --chown=1001 . .
 ENV GOFLAGS=-mod=vendor
 RUN go install ./cmd/osbuild-service-maintenance/