Closed
Description
This was a regression introduced in #849 (and its followups, tracked in stackabletech/issues#645).
When you chmod/chown a file owned by a prior layer, its contents are copied into the new layer, even though they are identical. Since clients download the whole layer stack, they get to download both versions.
As an experiment, removing the chmod/chowns from the nifi image (added in #890):
diff --git a/trino/Dockerfile b/trino/Dockerfile
index 68383bdb..9f6f2f42 100644
--- a/trino/Dockerfile
+++ b/trino/Dockerfile
@@ -154,8 +154,8 @@ ln -s /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar /stackable/jmx
# All files and folders owned by root group to support running as arbitrary users.
# This is best practice as all container users will belong to the root group (0).
-chown -R ${STACKABLE_USER_UID}:0 /stackable
-chmod -R g=u /stackable
+# chown -R ${STACKABLE_USER_UID}:0 /stackable
+# chmod -R g=u /stackable
EOF
# ----------------------------------------took the total image size from 5.4GiB to 1.6GiB (according to dive).
That aside, chowning all of /stackable is a tad overly aggressive. The products shouldn't need access to overwrite their own source code, for example.