Fix permissions on ADD/COPY

Fix a regression introduced in PR#9467 when a single file was added or
copied.

Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>

builder/internals.go

@@ -660,11 +660,19 @@ func copyAsDirectory(source, destination string) error {
 }
 
 func fixPermissions(source, destination string, uid, gid int) error {
+	// The copied root permission should not be changed for previously existing
+	// directories.
+	s, err := os.Stat(destination)
+	if err != nil && !os.IsNotExist(err) {
+		return err
+	}
+	fixRootPermission := (err != nil) || !s.IsDir()
+
 	// We Walk on the source rather than on the destination because we don't
 	// want to change permissions on things we haven't created or modified.
 	return filepath.Walk(source, func(fullpath string, info os.FileInfo, err error) error {
 		// Do not alter the walk root itself as it potentially existed before.
-		if source == fullpath {
+		if !fixRootPermission && (source == fullpath) {
 			return nil
 		}
 		// Path is prefixed by source: substitute with destination instead.

integration-cli/docker_cli_build_test.go

@@ -3564,3 +3564,31 @@ func TestBuildStderr(t *testing.T) {
 	}
 	logDone("build - testing stderr")
 }
+
+func TestBuildChownSingleFile(t *testing.T) {
+	name := "testbuildchownsinglefile"
+	defer deleteImages(name)
+
+	ctx, err := fakeContext(`
+FROM busybox
+COPY test /
+RUN ls -l /test
+RUN [ $(ls -l /test | awk '{print $3":"$4}') = 'root:root' ]
+`, map[string]string{
+		"test": "test",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer ctx.Close()
+
+	if err := os.Chown(filepath.Join(ctx.Dir, "test"), 4242, 4242); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		t.Fatal(err)
+	}
+
+	logDone("build - change permission on single file")
+}