From 3c4f373f670766339657c3fa39b236bfc0e457e4 Mon Sep 17 00:00:00 2001
From: Matt Moore <mattmoor@google.com>
Date: Mon, 12 Aug 2019 00:02:56 +0000
Subject: [PATCH] Add permissions to the kodata directory.

I suspect that this may be a source of problems reading kodata with nonroot,
but it is probably worth doing either way.
---
 pkg/build/gobuild.go      | 4 ++++
 pkg/build/gobuild_test.go | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/build/gobuild.go b/pkg/build/gobuild.go
index 7d9d5e225c..f6b11fbbee 100644
--- a/pkg/build/gobuild.go
+++ b/pkg/build/gobuild.go
@@ -299,6 +299,10 @@ func (g *gobuild) tarKoData(importpath string) (*bytes.Buffer, error) {
 			return tw.WriteHeader(&tar.Header{
 				Name:     kodataRoot,
 				Typeflag: tar.TypeDir,
+				// Use a fixed Mode, so that this isn't sensitive to the directory and umask
+				// under which it was created. Additionally, windows can only set 0222,
+				// 0444, or 0666, none of which are executable.
+				Mode: 0555,
 			})
 		}
 		if err != nil {
diff --git a/pkg/build/gobuild_test.go b/pkg/build/gobuild_test.go
index 00ca7e6601..a80d927917 100644
--- a/pkg/build/gobuild_test.go
+++ b/pkg/build/gobuild_test.go
@@ -255,7 +255,7 @@ func TestGoBuild(t *testing.T) {
 	t.Run("check app layer contents", func(t *testing.T) {
 		expectedHash := v1.Hash{
 			Algorithm: "sha256",
-			Hex:       "63b6e090921b79b61e7f5fba44d2ea0f81215d9abac3d005dda7cb9a1f8a025d",
+			Hex:       "4379f30a6c6f66221c3c54dddd378fcfa5a7304a6655ff783b102069c0f943ab",
 		}
 		appLayer := ls[baseLayers]