0

Say I have a simple dockerfile:

ADD data.tar.gz .

If data.tar.gz is corrupted, then ADD will silently add the corrupted file instead of untarring it. Is there any way of detecting this failure? This happened to me because a Git LFS pointer failed to be resolved and so it built the docker image with the LFS pointer instead of unpacking the data.

Gillespie
  • 5,780
  • 3
  • 32
  • 54

1 Answers1

0

Use COPY + RUN instead:

COPY data.tar.gz .
RUN tar -xzf data.tar.gz && rm data.tar.gz

The RUN command will fail if data.tar.gz is not a compressed tar archive.

As mentioned in the comments, this will negatively affect the image size. If image size is a concern, you can avoid this penalty with multi-stage builds:

# Unpack stage
FROM busybox as unpack
COPY data.tar.gz .
RUN tar -xzf data.tar.gz && rm data.tar.gz

# Main image
FROM ubuntu
COPY --from=unpack /data ./data
Gillespie
  • 5,780
  • 3
  • 32
  • 54
  • Note that this will negatively affect the image size (COPY'ed file will keep occupying space in first layer even if you `rm` it) – STerliakov Aug 02 '23 at 19:02
  • @SUTerliakov-supportsstrike Is there a way to get the best of both worlds? (image size and failure detection)? – Gillespie Aug 02 '23 at 19:11
  • Looks like if you do the copy/run as a part of a multi-stage build you can avoid the image size increase: https://stackoverflow.com/a/71784746/2516916 – Gillespie Aug 02 '23 at 19:31
  • Yeah, multi-stage build resolves this issue - it's more of a warning for those who'll just blindly copy this code snippet. Not sure they'll read comments, but I have tried at least... – STerliakov Aug 02 '23 at 20:45
  • 1
    I promoted your comment to a post edit so hopefully more people see it – Gillespie Aug 02 '23 at 20:56