From 97e5042fbbc92c4cf09151472c9061f30e38dacd Mon Sep 17 00:00:00 2001
From: Alex Szakaly <alex.szakaly@gmail.com>
Date: Tue, 9 Jun 2020 09:58:22 +0200
Subject: [PATCH] Fix docker-credential-gcr owner and group id

During image build we extract archives as root which is
capable to preserve owner and group.

With option `--no-same-owner` we drop all the user and
group information, defaults to current user (root).

To avoid future issues: add option above to all tar
execution.

Fixes #1303

Signed-off-by: Alex Szakaly <alex.szakaly@gmail.com>
---
 deploy/Dockerfile       | 4 ++--
 deploy/Dockerfile_debug | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/deploy/Dockerfile b/deploy/Dockerfile
index f3277905f..136a3ca13 100644
--- a/deploy/Dockerfile
+++ b/deploy/Dockerfile
@@ -19,13 +19,13 @@ ARG GOARCH=amd64
 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
 # Get GCR credential helper
 ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.1/docker-credential-gcr_linux_amd64-2.0.1.tar.gz /usr/local/bin/
-RUN tar -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.1.tar.gz
+RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.1.tar.gz
 # Get Amazon ECR credential helper
 RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login
 RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64
 # ACR docker credential helper
 ADD https://aadacr.blob.core.windows.net/acr-docker-credential-helper/docker-credential-acr-linux-amd64.tar.gz /usr/local/bin
-RUN tar -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd64.tar.gz
+RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd64.tar.gz
 # Add .docker config dir
 RUN mkdir -p /kaniko/.docker
 
diff --git a/deploy/Dockerfile_debug b/deploy/Dockerfile_debug
index 0d1726f40..0e1b201d1 100644
--- a/deploy/Dockerfile_debug
+++ b/deploy/Dockerfile_debug
@@ -20,13 +20,13 @@ ARG GOARCH=amd64
 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
 # Get GCR credential helper
 ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.1/docker-credential-gcr_linux_amd64-2.0.1.tar.gz /usr/local/bin/
-RUN tar -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.1.tar.gz
+RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.1.tar.gz
 # Get Amazon ECR credential helper
 RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login
 RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64
 # ACR docker credential helper
 ADD https://aadacr.blob.core.windows.net/acr-docker-credential-helper/docker-credential-acr-linux-amd64.tar.gz /usr/local/bin
-RUN tar -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd64.tar.gz
+RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd64.tar.gz
 # Add .docker config dir
 RUN mkdir -p /kaniko/.docker