Merge pull request #45095 from vvoland/vendor-buildkit-0.11.4-pre

vendor: buildkit v0.11.4-0.20230228113103-218e934edfba

builder/builder-next/exporter/writer.go

@@ -15,10 +15,6 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// const (
-// 	emptyGZLayer = digest.Digest("sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1")
-// )
-
 func emptyImageConfig() ([]byte, error) {
 	pl := platforms.Normalize(platforms.DefaultSpec())
 	img := ocispec.Image{}

vendor.mod

@@ -56,7 +56,7 @@ require (
 	github.com/klauspost/compress v1.15.12
 	github.com/miekg/dns v1.1.43
 	github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
-	github.com/moby/buildkit v0.11.3
+	github.com/moby/buildkit v0.11.4-0.20230228113103-218e934edfba
 	github.com/moby/ipvs v1.1.0
 	github.com/moby/locker v1.0.1
 	github.com/moby/patternmatcher v0.5.0

vendor.sum

@@ -755,8 +755,8 @@ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0Qu
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
-github.com/moby/buildkit v0.11.3 h1:bnQFPHkNJTELRb2n3HISPGvB1FWzFx+YD1MTZg8bsfk=
-github.com/moby/buildkit v0.11.3/go.mod h1:P8MqGq7YrIDldCdZLhK8M/vPcrFYZ6GX1crX0j4hOmQ=
+github.com/moby/buildkit v0.11.4-0.20230228113103-218e934edfba h1:sDHdZsyWOKBa1hYp0yk5a5bIWQgfa3ftc+c1nBSA+dI=
+github.com/moby/buildkit v0.11.4-0.20230228113103-218e934edfba/go.mod h1:P5Qi041LvCfhkfYBHry+Rwoo3Wi6H971J2ggE+PcIoo=
 github.com/moby/ipvs v1.1.0 h1:ONN4pGaZQgAx+1Scz5RvWV4Q7Gb+mvfRh3NsPS+1XQQ=
 github.com/moby/ipvs v1.1.0/go.mod h1:4VJMWuf098bsUMmZEiD4Tjk/O7mOn3l1PTD3s4OoYAs=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=

vendor/github.com/moby/buildkit/cache/remote.go

@@ -228,13 +228,13 @@ func (sr *immutableRef) getRemote(ctx context.Context, createIfNeeded bool, refC
 				newDesc.Size = blobDesc.Size
 				newDesc.URLs = blobDesc.URLs
 				newDesc.Annotations = nil
+				if len(addAnnotations) > 0 || len(blobDesc.Annotations) > 0 {
+					newDesc.Annotations = make(map[string]string)
+				}
 				for _, k := range addAnnotations {
 					newDesc.Annotations[k] = desc.Annotations[k]
 				}
 				for k, v := range blobDesc.Annotations {
-					if newDesc.Annotations == nil {
-						newDesc.Annotations = make(map[string]string)
-					}
 					newDesc.Annotations[k] = v
 				}
 				desc = newDesc

vendor/github.com/moby/buildkit/client/llb/definition.go

@@ -29,6 +29,10 @@ type DefinitionOp struct {
 
 // NewDefinitionOp returns a new operation from a marshalled definition.
 func NewDefinitionOp(def *pb.Definition) (*DefinitionOp, error) {
+	if def == nil {
+		return nil, errors.New("invalid nil input definition to definition op")
+	}
+
 	ops := make(map[digest.Digest]*pb.Op)
 	defs := make(map[digest.Digest][]byte)
 	platforms := make(map[digest.Digest]*ocispecs.Platform)

vendor/github.com/moby/buildkit/control/control.go

@@ -337,6 +337,15 @@ func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (*
 		}
 	}
 
+	if v, ok := req.FrontendAttrs["build-arg:BUILDKIT_BUILDINFO"]; ok && v != "" {
+		if _, ok := req.ExporterAttrs["buildinfo"]; !ok {
+			if req.ExporterAttrs == nil {
+				req.ExporterAttrs = make(map[string]string)
+			}
+			req.ExporterAttrs["buildinfo"] = v
+		}
+	}
+
 	if req.Exporter != "" {
 		exp, err := w.Exporter(req.Exporter, c.opt.SessionManager)
 		if err != nil {

vendor/github.com/moby/buildkit/executor/oci/user.go

@@ -91,6 +91,7 @@ func parseUID(str string) (uint32, error) {
 // once the PR in containerd is merged we should remove this function.
 func WithUIDGID(uid, gid uint32, sgids []uint32) containerdoci.SpecOpts {
 	return func(_ context.Context, _ containerdoci.Client, _ *containers.Container, s *containerdoci.Spec) error {
+		defer ensureAdditionalGids(s)
 		setProcess(s)
 		s.Process.User.UID = uid
 		s.Process.User.GID = gid
@@ -106,3 +107,15 @@ func setProcess(s *containerdoci.Spec) {
 		s.Process = &specs.Process{}
 	}
 }
+
+// ensureAdditionalGids ensures that the primary GID is also included in the additional GID list.
+// From https://github.com/containerd/containerd/blob/v1.7.0-beta.4/oci/spec_opts.go#L124-L133
+func ensureAdditionalGids(s *containerdoci.Spec) {
+	setProcess(s)
+	for _, f := range s.Process.User.AdditionalGids {
+		if f == s.Process.User.GID {
+			return
+		}
+	}
+	s.Process.User.AdditionalGids = append([]uint32{s.Process.User.GID}, s.Process.User.AdditionalGids...)
+}

vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/types.go

@@ -11,7 +11,7 @@ const (
 	ExporterImageConfigDigestKey = "containerimage.config.digest"
 	ExporterImageDescriptorKey   = "containerimage.descriptor"
 	ExporterInlineCache          = "containerimage.inlinecache"
-	ExporterBuildInfo            = "containerimage.buildinfo"
+	ExporterBuildInfo            = "containerimage.buildinfo" // Deprecated: Build information is deprecated: https://github.com/moby/buildkit/blob/master/docs/deprecated.md
 	ExporterPlatformsKey         = "refs.platforms"
 	ExporterEpochKey             = "source.date.epoch"
 )

vendor/github.com/moby/buildkit/exporter/containerimage/opts.go

@@ -28,15 +28,16 @@ const (
 )
 
 type ImageCommitOpts struct {
-	ImageName      string
-	RefCfg         cacheconfig.RefConfig
-	OCITypes       bool
-	BuildInfo      bool
-	BuildInfoAttrs bool
-	Annotations    AnnotationsGroup
-	Epoch          *time.Time
+	ImageName   string
+	RefCfg      cacheconfig.RefConfig
+	OCITypes    bool
+	Annotations AnnotationsGroup
+	Epoch       *time.Time
 
 	ForceInlineAttestations bool // force inline attestations to be attached
+
+	BuildInfo      bool // Deprecated: Build information is deprecated: https://github.com/moby/buildkit/blob/master/docs/deprecated.md
+	BuildInfoAttrs bool // Deprecated: Build information is deprecated: https://github.com/moby/buildkit/blob/master/docs/deprecated.md
 }
 
 func (c *ImageCommitOpts) Load(opt map[string]string) (map[string]string, error) {

vendor/github.com/moby/buildkit/snapshot/diffapply_unix.go

@@ -379,6 +379,18 @@ func (a *applier) applyCopy(ctx context.Context, ca *changeApply) error {
 		return errors.Errorf("unhandled file type %d during merge at path %q", ca.srcStat.Mode&unix.S_IFMT, ca.srcPath)
 	}
 
+	// NOTE: it's important that chown happens before setting xattrs due to the fact that chown will
+	// reset the security.capabilities xattr which results in file capabilities being lost.
+	if err := os.Lchown(ca.dstPath, int(ca.srcStat.Uid), int(ca.srcStat.Gid)); err != nil {
+		return errors.Wrap(err, "failed to chown during apply")
+	}
+
+	if ca.srcStat.Mode&unix.S_IFMT != unix.S_IFLNK {
+		if err := unix.Chmod(ca.dstPath, ca.srcStat.Mode); err != nil {
+			return errors.Wrapf(err, "failed to chmod path %q during apply", ca.dstPath)
+		}
+	}
+
 	if ca.srcPath != "" {
 		xattrs, err := sysx.LListxattr(ca.srcPath)
 		if err != nil {
@@ -410,16 +422,6 @@ func (a *applier) applyCopy(ctx context.Context, ca *changeApply) error {
 		}
 	}
 
-	if err := os.Lchown(ca.dstPath, int(ca.srcStat.Uid), int(ca.srcStat.Gid)); err != nil {
-		return errors.Wrap(err, "failed to chown during apply")
-	}
-
-	if ca.srcStat.Mode&unix.S_IFMT != unix.S_IFLNK {
-		if err := unix.Chmod(ca.dstPath, ca.srcStat.Mode); err != nil {
-			return errors.Wrapf(err, "failed to chmod path %q during apply", ca.dstPath)
-		}
-	}
-
 	atimeSpec := unix.Timespec{Sec: ca.srcStat.Atim.Sec, Nsec: ca.srcStat.Atim.Nsec}
 	mtimeSpec := unix.Timespec{Sec: ca.srcStat.Mtim.Sec, Nsec: ca.srcStat.Mtim.Nsec}
 	if ca.srcStat.Mode&unix.S_IFMT != unix.S_IFDIR {

vendor/github.com/moby/buildkit/solver/jobs.go

@@ -200,7 +200,6 @@ type subBuilder struct {
 }
 
 func (sb *subBuilder) Build(ctx context.Context, e Edge) (CachedResultWithProvenance, error) {
-	// TODO(@crazy-max): Handle BuildInfo from subbuild
 	res, err := sb.solver.subBuild(ctx, e, sb.vtx)
 	if err != nil {
 		return nil, err

vendor/github.com/moby/buildkit/util/buildinfo/buildinfo.go

@@ -1,3 +1,6 @@
+// Package buildinfo implements utilities for build information.
+//
+// Deprecated: Build information is deprecated: https://github.com/moby/buildkit/blob/master/docs/deprecated.md
 package buildinfo
 
 import (
@@ -17,9 +20,6 @@ import (
 	"github.com/pkg/errors"
 )
 
-// BuildInfo format has been deprecated and will be removed in a future release.
-// Use provenance attestations instead.
-
 func FromProvenance(c *provenance.Capture) (*binfotypes.BuildInfo, error) {
 	var bi binfotypes.BuildInfo
 
@@ -418,6 +418,7 @@ func filterAttrs(key string, attrs map[string]*string) map[string]*string {
 var knownControlArgs = []string{
 	"BUILDKIT_CACHE_MOUNT_NS",
 	"BUILDKIT_CONTEXT_KEEP_GIT_DIR",
+	"BUILDKIT_BUILDINFO",
 	"BUILDKIT_INLINE_BUILDINFO_ATTRS",
 	"BUILDKIT_INLINE_CACHE",
 	"BUILDKIT_MULTI_PLATFORM",

vendor/github.com/moby/buildkit/util/buildinfo/types/types.go

@@ -1,3 +1,6 @@
+// Package binfotypes implements types for build information.
+//
+// Deprecated: Build information is deprecated: https://github.com/moby/buildkit/blob/master/docs/deprecated.md
 package binfotypes
 
 import (

vendor/github.com/moby/buildkit/util/imageutil/buildinfo.go

@@ -9,6 +9,8 @@ import (
 )
 
 // BuildInfo returns build info from image config.
+//
+// Deprecated: Build information is deprecated: https://github.com/moby/buildkit/blob/master/docs/deprecated.md
 func BuildInfo(dt []byte) (*binfotypes.BuildInfo, error) {
 	if len(dt) == 0 {
 		return nil, nil

vendor/modules.txt

@@ -542,7 +542,7 @@ github.com/mistifyio/go-zfs
 # github.com/mitchellh/hashstructure/v2 v2.0.2
 ## explicit; go 1.14
 github.com/mitchellh/hashstructure/v2
-# github.com/moby/buildkit v0.11.3
+# github.com/moby/buildkit v0.11.4-0.20230228113103-218e934edfba
 ## explicit; go 1.18
 github.com/moby/buildkit/api/services/control
 github.com/moby/buildkit/api/types