From b487c17baa5f226ed775ab7c0cc8c7c29943bd69 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jakub.hrozek@posteo.se>
Date: Mon, 17 Aug 2020 09:32:20 +0200
Subject: [PATCH] build/Dockerfile: Don't create files as root when building
 with docker

Turns out that podman is not 1:1 compatible with docker, but in this
case it's a good thing, because docker's behaviour is just plain
dangerous - even if a container is running as a non-privileged user by
default (like, the UBI image runs as the user "default"), they'd still
make the files copied with the COPY directive owned by root. Because
honoring the permissions would be a breaking change, docker instead
introduced a --chown parameter to COPY:
    https://github.com/moby/moby/issues/13020
    https://stackoverflow.com/questions/44766665/how-do-i-docker-copy-as-non-root
which podman luckily supports as well.

Without this patch, creating the "_output" directory during the build
would have failed with a Permission denied.
---
 build/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/Dockerfile b/build/Dockerfile
index 0aaa0a1fc..bf7e066fc 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -5,7 +5,7 @@ WORKDIR /go/src/github.com/openshift/compliance-operator
 
 ENV GOFLAGS=-mod=vendor
 
-COPY . .
+COPY --chown=default:root . .
 RUN make manager
 
 # Step two: containerize compliance-operator