support setting owner user ID / group ID (#19)

Signed-off-by: Jason Hall <[email protected]>
chainguard-dev · Jul 9, 2024 · b50df30 · b50df30
1 parent 3213823
commit b50df30
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -22,21 +22,25 @@ Alternatively, you can also build from source by cloning the repo and running `g
 
 ```shell
   -ca-certs-file string
-    	The path to the local CA certificates file
+        The path to the local CA certificates file
   -ca-certs-image-url string
-    	The URL of an image to extract the CA certificates from
+        The URL of an image to extract the CA certificates from
   -dest-image-url string
-    	The URL of the image to push the modified image to
+        The URL of the image to push the modified image to
   -image-cert-path string
-    	The path to the certificate file in the image (optional) (default "/etc/ssl/certs/ca-certificates.crt")
+        The path to the certificate file in the image (optional) (default "/etc/ssl/certs/ca-certificates.crt")
   -image-url string
-    	The URL of the image to append the CA certificates to
+        The URL of the image to append the CA certificates to
   -output-certs-path string
-    	Output the (appended) certificates file from the image to a local file (optional)
+        Output the (appended) certificates file from the image to a local file (optional)
+  -owner-group-id int
+        The group ID of the owner of the certificate file in the image (optional)
+  -owner-user-id int
+        The user ID of the owner of the certificate file in the image (optional)
   -platform string
-    	The platform to build for (default linux/amd64) (default "linux/amd64")
+        The platform to build the image for (default "linux/amd64")
   -replace-certs
-    	Replace the certificates in the certificate file instead of appending them
+        Replace the certificates in the certificate file instead of appending them
 ```
 
 ## Example

diff --git a/main.go b/main.go
@@ -28,6 +28,8 @@ var (
 	imageCertPath   string
 	outputCerts     string
 	replaceCerts    bool
+	ownerUserID     int
+	ownerGroupID    int
 )
 
 func init() {
@@ -38,6 +40,8 @@ func init() {
 	flag.StringVar(&platformStr, "platform", "linux/amd64", "The platform to build the image for")
 
 	flag.StringVar(&imageCertPath, "image-cert-path", "/etc/ssl/certs/ca-certificates.crt", "The path to the certificate file in the image (optional)")
+	flag.IntVar(&ownerUserID, "owner-user-id", 0, "The user ID of the owner of the certificate file in the image (optional)")
+	flag.IntVar(&ownerGroupID, "owner-group-id", 0, "The group ID of the owner of the certificate file in the image (optional)")
 	flag.StringVar(&outputCerts, "output-certs-path", "", "Output the (appended) certificates file from the image to a local file (optional)")
 	flag.BoolVar(&replaceCerts, "replace-certs", false, "Replace the certificates in the certificate file instead of appending them")
 }
@@ -186,6 +190,8 @@ func newImage(old v1.Image, caCertBytes []byte) (v1.Image, error) {
 		Name: imageCertPath,
 		Mode: 0644,
 		Size: int64(len(newCaCertBytes)),
+		Uid:  ownerUserID,
+		Gid:  ownerGroupID,
 	})
 	if _, err := newTar.Write(newCaCertBytes); err != nil {
 		return nil, err