diff --git a/builder/builder-next/worker/worker.go b/builder/builder-next/worker/worker.go index a1304e8315..40d9a2e23f 100644 --- a/builder/builder-next/worker/worker.go +++ b/builder/builder-next/worker/worker.go @@ -7,6 +7,7 @@ import ( "io/ioutil" nethttp "net/http" "runtime" + "strings" "time" "github.com/containerd/containerd/content" @@ -43,6 +44,7 @@ import ( ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" "github.com/sirupsen/logrus" + bolt "go.etcd.io/bbolt" ) const labelCreatedAt = "buildkit/createdat" @@ -257,6 +259,47 @@ func (w *Worker) GetRemote(ctx context.Context, ref cache.ImmutableRef, createIf }, nil } +// PruneCacheMounts removes the current cache snapshots for specified IDs +func (w *Worker) PruneCacheMounts(ctx context.Context, ids []string) error { + mu := ops.CacheMountsLocker() + mu.Lock() + defer mu.Unlock() + + for _, id := range ids { + id = "cache-dir:" + id + sis, err := w.MetadataStore.Search(id) + if err != nil { + return err + } + for _, si := range sis { + for _, k := range si.Indexes() { + if k == id || strings.HasPrefix(k, id+":") { + if siCached := w.CacheManager.Metadata(si.ID()); siCached != nil { + si = siCached + } + if err := cache.CachePolicyDefault(si); err != nil { + return err + } + si.Queue(func(b *bolt.Bucket) error { + return si.SetValue(b, k, nil) + }) + if err := si.Commit(); err != nil { + return err + } + // if ref is unused try to clean it up right away by releasing it + if mref, err := w.CacheManager.GetMutable(ctx, si.ID()); err == nil { + go mref.Release(context.TODO()) + } + break + } + } + } + } + + ops.ClearActiveCacheMounts() + return nil +} + // FromRemote converts a remote snapshot reference to a local one func (w *Worker) FromRemote(ctx context.Context, remote *solver.Remote) (cache.ImmutableRef, error) { rootfs, err := getLayers(ctx, remote.Descriptors) diff --git a/vendor.conf b/vendor.conf index 92dd401214..3acc763e32 100644 --- a/vendor.conf +++ b/vendor.conf @@ -27,7 +27,7 @@ github.com/imdario/mergo 7c29201646fa3de8506f70121347 golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c # buildkit -github.com/moby/buildkit a258bd18b2c55aac4e8a10a3074757d66d45cef6 +github.com/moby/buildkit f5a55a9516d1c6e2ade9bec22b83259caeed3a84 github.com/tonistiigi/fsutil 3bbb99cdbd76619ab717299830c60f6f2a533a6b github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746 github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7 diff --git a/vendor/github.com/moby/buildkit/README.md b/vendor/github.com/moby/buildkit/README.md index 0605693caf..90dd0bee35 100644 --- a/vendor/github.com/moby/buildkit/README.md +++ b/vendor/github.com/moby/buildkit/README.md @@ -1,27 +1,25 @@ [![asciicinema example](https://asciinema.org/a/gPEIEo1NzmDTUu2bEPsUboqmU.png)](https://asciinema.org/a/gPEIEo1NzmDTUu2bEPsUboqmU) - ## BuildKit [![GoDoc](https://godoc.org/github.com/moby/buildkit?status.svg)](https://godoc.org/github.com/moby/buildkit/client/llb) [![Build Status](https://travis-ci.org/moby/buildkit.svg?branch=master)](https://travis-ci.org/moby/buildkit) [![Go Report Card](https://goreportcard.com/badge/github.com/moby/buildkit)](https://goreportcard.com/report/github.com/moby/buildkit) - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Key features: -- Automatic garbage collection -- Extendable frontend formats -- Concurrent dependency resolution -- Efficient instruction caching -- Build cache import/export -- Nested build job invocations -- Distributable workers -- Multiple output formats -- Pluggable architecture -- Execution without root privileges +- Automatic garbage collection +- Extendable frontend formats +- Concurrent dependency resolution +- Efficient instruction caching +- Build cache import/export +- Nested build job invocations +- Distributable workers +- Multiple output formats +- Pluggable architecture +- Execution without root privileges Read the proposal from https://github.com/moby/moby/issues/32925 @@ -33,20 +31,21 @@ Introductory blog post https://blog.mobyproject.org/introducing-buildkit-17e056c BuildKit is used by the following projects: -- [Moby & Docker](https://github.com/moby/moby/pull/37151) -- [img](https://github.com/genuinetools/img) -- [OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud) -- [container build interface](https://github.com/containerbuilding/cbi) -- [Knative Build Templates](https://github.com/knative/build-templates) -- [vab](https://github.com/stellarproject/vab) -- [Rio](https://github.com/rancher/rio) (on roadmap) +- [Moby & Docker](https://github.com/moby/moby/pull/37151) +- [img](https://github.com/genuinetools/img) +- [OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud) +- [container build interface](https://github.com/containerbuilding/cbi) +- [Knative Build Templates](https://github.com/knative/build-templates) +- [the Sanic build tool](https://github.com/distributed-containers-inc/sanic) +- [vab](https://github.com/stellarproject/vab) +- [Rio](https://github.com/rancher/rio) (on roadmap) ### Quick start Dependencies: -- [runc](https://github.com/opencontainers/runc) -- [containerd](https://github.com/containerd/containerd) (if you want to use containerd worker) +- [runc](https://github.com/opencontainers/runc) +- [containerd](https://github.com/containerd/containerd) (if you want to use containerd worker) The following command installs `buildkitd` and `buildctl` to `/usr/local/bin`: @@ -58,14 +57,13 @@ You can also use `make binaries-all` to prepare `buildkitd.containerd_only` and #### Starting the buildkitd daemon: -``` +```bash buildkitd --debug --root /var/lib/buildkit ``` The buildkitd daemon supports two worker backends: OCI (runc) and containerd. -By default, the OCI (runc) worker is used. -You can set `--oci-worker=false --containerd-worker=true` to use the containerd worker. +By default, the OCI (runc) worker is used. You can set `--oci-worker=false --containerd-worker=true` to use the containerd worker. We are open to adding more backends. @@ -73,44 +71,46 @@ We are open to adding more backends. BuildKit builds are based on a binary intermediate format called LLB that is used for defining the dependency graph for processes running part of your build. tl;dr: LLB is to Dockerfile what LLVM IR is to C. -- Marshaled as Protobuf messages -- Concurrently executable -- Efficiently cacheable -- Vendor-neutral (i.e. non-Dockerfile languages can be easily implemented) +- Marshaled as Protobuf messages +- Concurrently executable +- Efficiently cacheable +- Vendor-neutral (i.e. non-Dockerfile languages can be easily implemented) See [`solver/pb/ops.proto`](./solver/pb/ops.proto) for the format definition. Currently, following high-level languages has been implemented for LLB: -- Dockerfile (See [Exploring Dockerfiles](#exploring-dockerfiles)) -- [Buildpacks](https://github.com/tonistiigi/buildkit-pack) -- (open a PR to add your own language) +- Dockerfile (See [Exploring Dockerfiles](#exploring-dockerfiles)) +- [Buildpacks](https://github.com/tonistiigi/buildkit-pack) +- (open a PR to add your own language) For understanding the basics of LLB, `examples/buildkit*` directory contains scripts that define how to build different configurations of BuildKit itself and its dependencies using the `client` package. Running one of these scripts generates a protobuf definition of a build graph. Note that the script itself does not execute any steps of the build. You can use `buildctl debug dump-llb` to see what data is in this definition. Add `--dot` to generate dot layout. ```bash -go run examples/buildkit0/buildkit.go | buildctl debug dump-llb | jq . +go run examples/buildkit0/buildkit.go \ + | buildctl debug dump-llb \ + | jq . ``` -To start building use `buildctl build` command. The example script accepts `--with-containerd` flag to choose if containerd binaries and support should be included in the end result as well. +To start building use `buildctl build` command. The example script accepts `--with-containerd` flag to choose if containerd binaries and support should be included in the end result as well. ```bash -go run examples/buildkit0/buildkit.go | buildctl build +go run examples/buildkit0/buildkit.go \ + | buildctl build ``` `buildctl build` will show interactive progress bar by default while the build job is running. If the path to the trace file is specified, the trace file generated will contain all information about the timing of the individual steps and logs. Different versions of the example scripts show different ways of describing the build definition for this project to show the capabilities of the library. New versions have been added when new features have become available. -- `./examples/buildkit0` - uses only exec operations, defines a full stage per component. -- `./examples/buildkit1` - cloning git repositories has been separated for extra concurrency. -- `./examples/buildkit2` - uses git sources directly instead of running `git clone`, allowing better performance and much safer caching. -- `./examples/buildkit3` - allows using local source files for separate components eg. `./buildkit3 --runc=local | buildctl build --local runc-src=some/local/path` -- `./examples/dockerfile2llb` - can be used to convert a Dockerfile to LLB for debugging purposes -- `./examples/gobuild` - shows how to use nested invocation to generate LLB for Go package internal dependencies - +- `./examples/buildkit0` - uses only exec operations, defines a full stage per component. +- `./examples/buildkit1` - cloning git repositories has been separated for extra concurrency. +- `./examples/buildkit2` - uses git sources directly instead of running `git clone`, allowing better performance and much safer caching. +- `./examples/buildkit3` - allows using local source files for separate components eg. `./buildkit3 --runc=local | buildctl build --local runc-src=some/local/path` +- `./examples/dockerfile2llb` - can be used to convert a Dockerfile to LLB for debugging purposes +- `./examples/gobuild` - shows how to use nested invocation to generate LLB for Go package internal dependencies #### Exploring Dockerfiles @@ -120,9 +120,18 @@ During development, Dockerfile frontend (dockerfile.v0) is also part of the Buil ##### Building a Dockerfile with `buildctl` -``` -buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. -buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --opt target=foo --opt build-arg:foo=bar +```bash +buildctl build \ + --frontend=dockerfile.v0 \ + --local context=. \ + --local dockerfile=. +# or +buildctl build \ + --frontend=dockerfile.v0 \ + --local context=. \ + --local dockerfile=. \ + --opt target=foo \ + --opt build-arg:foo=bar ``` `--local` exposes local source files from client to the builder. `context` and `dockerfile` are the names Dockerfile frontend looks for build context and Dockerfile location. @@ -131,8 +140,9 @@ buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. - For people familiar with `docker build` command, there is an example wrapper utility in `./examples/build-using-dockerfile` that allows building Dockerfiles with BuildKit using a syntax similar to `docker build`. -``` -go build ./examples/build-using-dockerfile && sudo install build-using-dockerfile /usr/local/bin +```bash +go build ./examples/build-using-dockerfile \ + && sudo install build-using-dockerfile /usr/local/bin build-using-dockerfile -t myimage . build-using-dockerfile -t mybuildkit -f ./hack/dockerfiles/test.Dockerfile . @@ -145,10 +155,18 @@ docker inspect myimage External versions of the Dockerfile frontend are pushed to https://hub.docker.com/r/docker/dockerfile-upstream and https://hub.docker.com/r/docker/dockerfile and can be used with the gateway frontend. The source for the external frontend is currently located in `./frontend/dockerfile/cmd/dockerfile-frontend` but will move out of this repository in the future ([#163](https://github.com/moby/buildkit/issues/163)). For automatic build from master branch of this repository `docker/dockerfile-upsteam:master` or `docker/dockerfile-upstream:master-experimental` image can be used. +```bash +buildctl build \ + --frontend gateway.v0 \ + --opt source=docker/dockerfile \ + --local context=. \ + --local dockerfile=. +buildctl build \ + --frontend gateway.v0 \ + --opt source=docker/dockerfile \ + --opt context=git://github.com/moby/moby \ + --opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org ``` -buildctl build --frontend gateway.v0 --opt source=docker/dockerfile --local context=. --local dockerfile=. -buildctl build --frontend gateway.v0 --opt source=docker/dockerfile --opt context=git://github.com/moby/moby --opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org -```` ##### Building a Dockerfile with experimental features like `RUN --mount=type=(bind|cache|tmpfs|secret|ssh)` @@ -162,29 +180,29 @@ By default, the build result and intermediate cache will only remain internally The containerd worker needs to be used -``` +```bash buildctl build ... --output type=image,name=docker.io/username/image ctr --namespace=buildkit images ls ``` ##### Push resulting image to registry -``` +```bash buildctl build ... --output type=image,name=docker.io/username/image,push=true ``` If credentials are required, `buildctl` will attempt to read Docker configuration file. - ##### Exporting build result back to client The local client will copy the files directly to the client. This is useful if BuildKit is being used for building something else than container images. -``` +```bash buildctl build ... --output type=local,dest=path/to/output-dir ``` To export specific files use multi-stage builds with a scratch stage and copy the needed files into that stage with `COPY --from`. + ```dockerfile ... FROM scratch as testresult @@ -193,28 +211,27 @@ COPY --from=builder /usr/src/app/testresult.xml . ... ``` -``` +```bash buildctl build ... --opt target=testresult --output type=local,dest=path/to/output-dir ``` Tar exporter is similar to local exporter but transfers the files through a tarball. -``` +```bash buildctl build ... --output type=tar,dest=out.tar buildctl build ... --output type=tar > out.tar ``` - ##### Exporting built image to Docker -``` +```bash # exported tarball is also compatible with OCI spec buildctl build ... --output type=docker,name=myimage | docker load ``` ##### Exporting [OCI Image Format](https://github.com/opencontainers/image-spec) tarball to client -``` +```bash buildctl build ... --output type=oci,dest=path/to/output.tar buildctl build ... --output type=oci > output.tar ``` @@ -223,14 +240,14 @@ buildctl build ... --output type=oci > output.tar #### To/From registry -``` +```bash buildctl build ... --export-cache type=registry,ref=localhost:5000/myrepo:buildcache buildctl build ... --import-cache type=registry,ref=localhost:5000/myrepo:buildcache ``` #### To/From local filesystem -``` +```bash buildctl build ... --export-cache type=local,dest=path/to/output-dir buildctl build ... --import-cache type=local,src=path/to/input-dir ``` @@ -238,27 +255,29 @@ buildctl build ... --import-cache type=local,src=path/to/input-dir The directory layout conforms to OCI Image Spec v1.0. #### `--export-cache` options -* `mode=min` (default): only export layers for the resulting image -* `mode=max`: export all the layers of all intermediate steps -* `ref=docker.io/user/image:tag`: reference for `registry` cache exporter -* `dest=path/to/output-dir`: directory for `local` cache exporter + +- `mode=min` (default): only export layers for the resulting image +- `mode=max`: export all the layers of all intermediate steps +- `ref=docker.io/user/image:tag`: reference for `registry` cache exporter +- `dest=path/to/output-dir`: directory for `local` cache exporter #### `--import-cache` options -* `ref=docker.io/user/image:tag`: reference for `registry` cache importer -* `src=path/to/input-dir`: directory for `local` cache importer -* `digest=sha256:deadbeef`: digest of the manifest list to import for `local` cache importer. Defaults to the digest of "latest" tag in `index.json` + +- `ref=docker.io/user/image:tag`: reference for `registry` cache importer +- `src=path/to/input-dir`: directory for `local` cache importer +- `digest=sha256:deadbeef`: digest of the manifest list to import for `local` cache importer. Defaults to the digest of "latest" tag in `index.json` ### Other #### View build cache -``` +```bash buildctl du -v ``` #### Show enabled workers -``` +```bash buildctl debug workers -v ``` @@ -268,14 +287,14 @@ BuildKit can also be used by running the `buildkitd` daemon inside a Docker cont We provide `buildkitd` container images as [`moby/buildkit`](https://hub.docker.com/r/moby/buildkit/tags/): -* `moby/buildkit:latest`: built from the latest regular [release](https://github.com/moby/buildkit/releases) -* `moby/buildkit:rootless`: same as `latest` but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) -* `moby/buildkit:master`: built from the master branch -* `moby/buildkit:master-rootless`: same as master but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) +- `moby/buildkit:latest`: built from the latest regular [release](https://github.com/moby/buildkit/releases) +- `moby/buildkit:rootless`: same as `latest` but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) +- `moby/buildkit:master`: built from the master branch +- `moby/buildkit:master-rootless`: same as master but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) To run daemon in a container: -``` +```bash docker run -d --privileged -p 1234:1234 moby/buildkit:latest --addr tcp://0.0.0.0:1234 export BUILDKIT_HOST=tcp://0.0.0.0:1234 buildctl build --help @@ -283,26 +302,50 @@ buildctl build --help To run client and an ephemeral daemon in a single container ("daemonless mode"): -``` -docker run -it --rm --privileged -v /path/to/dir:/tmp/work --entrypoint buildctl-daemonless.sh moby/buildkit:master build --frontend dockerfile.v0 --local context=/tmp/work --local dockerfile=/tmp/work -``` -or -``` -docker run -it --rm --security-opt seccomp=unconfined --security-opt apparmor=unconfined -e BUILDKITD_FLAGS=--oci-worker-no-process-sandbox -v /path/to/dir:/tmp/work --entrypoint buildctl-daemonless.sh moby/buildkit:master-rootless build --frontend dockerfile.v0 --local context=/tmp/work --local dockerfile=/tmp/work +```bash +docker run \ + -it \ + --rm \ + --privileged \ + -v /path/to/dir:/tmp/work \ + --entrypoint buildctl-daemonless.sh \ + moby/buildkit:master \ + build \ + --frontend dockerfile.v0 \ + --local context=/tmp/work \ + --local dockerfile=/tmp/work ``` -The images can be also built locally using `./hack/dockerfiles/test.Dockerfile` (or `./hack/dockerfiles/test.buildkit.Dockerfile` if you already have BuildKit). -Run `make images` to build the images as `moby/buildkit:local` and `moby/buildkit:local-rootless`. +or + +```bash +docker run \ + -it \ + --rm \ + --security-opt seccomp=unconfined \ + --security-opt apparmor=unconfined \ + -e BUILDKITD_FLAGS=--oci-worker-no-process-sandbox \ + -v /path/to/dir:/tmp/work \ + --entrypoint buildctl-daemonless.sh \ + moby/buildkit:master-rootless \ + build \ + --frontend \ + dockerfile.v0 \ + --local context=/tmp/work \ + --local dockerfile=/tmp/work +``` + +The images can be also built locally using `./hack/dockerfiles/test.Dockerfile` (or `./hack/dockerfiles/test.buildkit.Dockerfile` if you already have BuildKit). Run `make images` to build the images as `moby/buildkit:local` and `moby/buildkit:local-rootless`. #### Connection helpers If you are running `moby/buildkit:master` or `moby/buildkit:master-rootless` as a Docker/Kubernetes container, you can use special `BUILDKIT_HOST` URL for connecting to the BuildKit daemon in the container: -``` +```bash export BUILDKIT_HOST=docker-container:// ``` -``` +```bash export BUILDKIT_HOST=kube-pod:// ``` @@ -310,15 +353,13 @@ export BUILDKIT_HOST=kube-pod:// BuildKit supports opentracing for buildkitd gRPC API and buildctl commands. To capture the trace to [Jaeger](https://github.com/jaegertracing/jaeger), set `JAEGER_TRACE` environment variable to the collection address. - -``` +```bash docker run -d -p6831:6831/udp -p16686:16686 jaegertracing/all-in-one:latest export JAEGER_TRACE=0.0.0.0:6831 # restart buildkitd and buildctl so they know JAEGER_TRACE # any buildctl command should be traced to http://127.0.0.1:16686/ ``` - ### Supported runc version During development, BuildKit is tested with the version of runc that is being used by the containerd repository. Please refer to [runc.md](https://github.com/containerd/containerd/blob/v1.2.1/RUNC.md) for more information. @@ -329,5 +370,4 @@ Please refer to [`docs/rootless.md`](docs/rootless.md). ### Contributing -Want to contribute to BuildKit? Awesome! You can find information about -contributing to this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md) +Want to contribute to BuildKit? Awesome! You can find information about contributing to this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md) diff --git a/vendor/github.com/moby/buildkit/cache/manager.go b/vendor/github.com/moby/buildkit/cache/manager.go index 0c7ec789ed..ebf12e310d 100644 --- a/vendor/github.com/moby/buildkit/cache/manager.go +++ b/vendor/github.com/moby/buildkit/cache/manager.go @@ -36,6 +36,7 @@ type Accessor interface { New(ctx context.Context, s ImmutableRef, opts ...RefOption) (MutableRef, error) GetMutable(ctx context.Context, id string) (MutableRef, error) // Rebase? IdentityMapping() *idtools.IdentityMapping + Metadata(string) *metadata.StorageItem } type Controller interface { @@ -124,6 +125,16 @@ func (cm *cacheManager) GetFromSnapshotter(ctx context.Context, id string, opts return cm.get(ctx, id, true, opts...) } +func (cm *cacheManager) Metadata(id string) *metadata.StorageItem { + cm.mu.Lock() + defer cm.mu.Unlock() + r, ok := cm.records[id] + if !ok { + return nil + } + return r.Metadata() +} + // get requires manager lock to be taken func (cm *cacheManager) get(ctx context.Context, id string, fromSnapshotter bool, opts ...RefOption) (*immutableRef, error) { rec, err := cm.getRecord(ctx, id, fromSnapshotter, opts...) diff --git a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go index f43da00156..42e8cb4011 100644 --- a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go +++ b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go @@ -250,6 +250,10 @@ func (s *StorageItem) Update(fn func(b *bolt.Bucket) error) error { return s.storage.Update(s.id, fn) } +func (s *StorageItem) Metadata() *StorageItem { + return s +} + func (s *StorageItem) Keys() []string { keys := make([]string, 0, len(s.values)) for k := range s.values { @@ -333,6 +337,15 @@ func (s *StorageItem) Indexes() (out []string) { func (s *StorageItem) SetValue(b *bolt.Bucket, key string, v *Value) error { if v == nil { + if old, ok := s.values[key]; ok { + if old.Index != "" { + b, err := b.Tx().CreateBucketIfNotExists([]byte(indexBucket)) + if err != nil { + return errors.WithStack(err) + } + b.Delete([]byte(indexKey(old.Index, s.ID()))) // ignore error + } + } if err := b.Put([]byte(key), nil); err != nil { return err } diff --git a/vendor/github.com/moby/buildkit/cache/refs.go b/vendor/github.com/moby/buildkit/cache/refs.go index ca839c01dd..4b64714aeb 100644 --- a/vendor/github.com/moby/buildkit/cache/refs.go +++ b/vendor/github.com/moby/buildkit/cache/refs.go @@ -2,6 +2,7 @@ package cache import ( "context" + "strings" "sync" "github.com/containerd/containerd/mount" @@ -429,6 +430,10 @@ func (m *readOnlyMounter) Mount() ([]mount.Mount, error) { return nil, err } for i, m := range mounts { + if m.Type == "overlay" { + mounts[i].Options = readonlyOverlay(m.Options) + continue + } opts := make([]string, 0, len(m.Options)) for _, opt := range m.Options { if opt != "rw" { @@ -440,3 +445,23 @@ func (m *readOnlyMounter) Mount() ([]mount.Mount, error) { } return mounts, nil } + +func readonlyOverlay(opt []string) []string { + out := make([]string, 0, len(opt)) + upper := "" + for _, o := range opt { + if strings.HasPrefix(o, "upperdir=") { + upper = strings.TrimPrefix(o, "upperdir=") + } else if !strings.HasPrefix(o, "workdir=") { + out = append(out, o) + } + } + if upper != "" { + for i, o := range out { + if strings.HasPrefix(o, "lowerdir=") { + out[i] = "lowerdir=" + upper + ":" + strings.TrimPrefix(o, "lowerdir=") + } + } + } + return out +} diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go index fa87e5f4af..0638b17aff 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go @@ -67,8 +67,8 @@ func sortConfig(cc *CacheConfig) { if ri.Digest != rj.Digest { return ri.Digest < rj.Digest } - if len(ri.Inputs) != len(ri.Inputs) { - return len(ri.Inputs) < len(ri.Inputs) + if len(ri.Inputs) != len(rj.Inputs) { + return len(ri.Inputs) < len(rj.Inputs) } for i, inputs := range ri.Inputs { if len(ri.Inputs[i]) != len(rj.Inputs[i]) { @@ -76,7 +76,7 @@ func sortConfig(cc *CacheConfig) { } for j := range inputs { if ri.Inputs[i][j].Selector != rj.Inputs[i][j].Selector { - return ri.Inputs[i][j].Selector != rj.Inputs[i][j].Selector + return ri.Inputs[i][j].Selector < rj.Inputs[i][j].Selector } return cc.Records[ri.Inputs[i][j].LinkIndex].Digest < cc.Records[rj.Inputs[i][j].LinkIndex].Digest } diff --git a/vendor/github.com/moby/buildkit/client/solve.go b/vendor/github.com/moby/buildkit/client/solve.go index 17b3810cdc..d09c5f764e 100644 --- a/vendor/github.com/moby/buildkit/client/solve.go +++ b/vendor/github.com/moby/buildkit/client/solve.go @@ -46,8 +46,8 @@ type SolveOpt struct { type ExportEntry struct { Type string Attrs map[string]string - Output io.WriteCloser // for ExporterOCI and ExporterDocker - OutputDir string // for ExporterLocal + Output func(map[string]string) (io.WriteCloser, error) // for ExporterOCI and ExporterDocker + OutputDir string // for ExporterLocal } type CacheOptionsEntry struct { diff --git a/vendor/github.com/moby/buildkit/control/control.go b/vendor/github.com/moby/buildkit/control/control.go index 18c8538a6c..d426bd79b2 100644 --- a/vendor/github.com/moby/buildkit/control/control.go +++ b/vendor/github.com/moby/buildkit/control/control.go @@ -38,13 +38,13 @@ type Opt struct { } type Controller struct { // TODO: ControlService + buildCount int64 opt Opt solver *llbsolver.Solver cache solver.CacheManager gatewayForwarder *controlgateway.GatewayForwarder throttledGC func() gcmu sync.Mutex - buildCount int64 } func NewController(opt Opt) (*Controller, error) { diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go index fb4f34a439..66a2c440dc 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go +++ b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go @@ -101,11 +101,11 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou } if meta.SecurityMode == pb.SecurityMode_INSECURE { - //make sysfs rw mount for insecure mode. - for _, m := range s.Mounts { - if m.Type == "sysfs" { - m.Options = []string{"nosuid", "noexec", "nodev", "rw"} - } + if err = oci.WithWriteableCgroupfs(ctx, nil, c, s); err != nil { + return nil, nil, err + } + if err = oci.WithWriteableSysfs(ctx, nil, c, s); err != nil { + return nil, nil, err } } diff --git a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go index 741c8b8978..7434409d62 100644 --- a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go +++ b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go @@ -236,8 +236,10 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache. if err != nil { return errors.Wrapf(err, "working dir %s points to invalid target", newp) } - if err := idtools.MkdirAllAndChown(newp, 0755, identity); err != nil { - return errors.Wrapf(err, "failed to create working directory %s", newp) + if _, err := os.Stat(newp); err != nil { + if err := idtools.MkdirAllAndChown(newp, 0755, identity); err != nil { + return errors.Wrapf(err, "failed to create working directory %s", newp) + } } if err := setOOMScoreAdj(spec); err != nil { diff --git a/vendor/github.com/moby/buildkit/exporter/tar/export.go b/vendor/github.com/moby/buildkit/exporter/tar/export.go index 12de8da9f0..365dc57637 100644 --- a/vendor/github.com/moby/buildkit/exporter/tar/export.go +++ b/vendor/github.com/moby/buildkit/exporter/tar/export.go @@ -147,7 +147,7 @@ func (e *localExporterInstance) Export(ctx context.Context, inp exporter.Source) fs = d.FS } - w, err := filesync.CopyFileWriter(ctx, e.caller) + w, err := filesync.CopyFileWriter(ctx, nil, e.caller) if err != nil { return nil, err } diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go index 787956beaf..fbd4c42b0a 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go @@ -34,6 +34,7 @@ const ( keyFilename = "filename" keyCacheFrom = "cache-from" // for registry only. deprecated in favor of keyCacheImports keyCacheImports = "cache-imports" // JSON representation of []CacheOptionsEntry + keyCacheNS = "build-arg:BUILDKIT_CACHE_MOUNT_NS" defaultDockerfileName = "Dockerfile" dockerignoreFilename = ".dockerignore" buildArgPrefix = "build-arg:" @@ -322,6 +323,7 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) { MetaResolver: c, BuildArgs: filter(opts, buildArgPrefix), Labels: filter(opts, labelPrefix), + CacheIDNamespace: opts[keyCacheNS], SessionID: c.BuildOpts().SessionID, BuildContext: buildContext, Excludes: excludes, diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go index f368fe6b49..126d8b6c41 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go @@ -461,7 +461,7 @@ type dispatchOpt struct { func dispatch(d *dispatchState, cmd command, opt dispatchOpt) error { if ex, ok := cmd.Command.(instructions.SupportsSingleWordExpansion); ok { err := ex.Expand(func(word string) (string, error) { - return opt.shlex.ProcessWordWithMap(word, toEnvMap(d.buildArgs, d.image.Config.Env)) + return opt.shlex.ProcessWord(word, d.state.Env()) }) if err != nil { return err @@ -626,14 +626,7 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE args = withShell(d.image, args) } env := d.state.Env() - opt := []llb.RunOption{llb.Args(args)} - for _, arg := range d.buildArgs { - if arg.Value != nil { - env = append(env, fmt.Sprintf("%s=%s", arg.Key, arg.ValueString())) - opt = append(opt, llb.AddEnv(arg.Key, arg.ValueString())) - } - } - opt = append(opt, dfCmd(c)) + opt := []llb.RunOption{llb.Args(args), dfCmd(c)} if d.ignoreCache { opt = append(opt, llb.IgnoreCache) } @@ -647,6 +640,11 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE } opt = append(opt, runMounts...) + err = dispatchRunSecurity(d, c) + if err != nil { + return err + } + shlex := *dopt.shlex shlex.RawQuotes = true shlex.SkipUnsetEnv = true @@ -656,7 +654,7 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE opt = append(opt, llb.AddExtraHost(h.Host, h.IP)) } d.state = d.state.Run(opt...).Root() - return commitToHistory(&d.image, "RUN "+runCommandString(args, d.buildArgs), true, &d.state) + return commitToHistory(&d.image, "RUN "+runCommandString(args, d.buildArgs, shell.BuildEnvs(env)), true, &d.state) } func dispatchWorkdir(d *dispatchState, c *instructions.WorkdirCommand, commit bool, opt *dispatchOpt) error { @@ -927,7 +925,7 @@ func dispatchHealthcheck(d *dispatchState, c *instructions.HealthCheckCommand) e func dispatchExpose(d *dispatchState, c *instructions.ExposeCommand, shlex *shell.Lex) error { ports := []string{} for _, p := range c.Ports { - ps, err := shlex.ProcessWordsWithMap(p, toEnvMap(d.buildArgs, d.image.Config.Env)) + ps, err := shlex.ProcessWords(p, d.state.Env()) if err != nil { return err } @@ -1000,6 +998,10 @@ func dispatchArg(d *dispatchState, c *instructions.ArgCommand, metaArgs []instru } } + if buildArg.Value != nil { + d.state = d.state.AddEnv(buildArg.Key, *buildArg.Value) + } + d.buildArgs = append(d.buildArgs, buildArg) return commitToHistory(&d.image, commitStr, false, nil) } @@ -1065,21 +1067,6 @@ func setKVValue(kvpo instructions.KeyValuePairOptional, values map[string]string return kvpo } -func toEnvMap(args []instructions.KeyValuePairOptional, env []string) map[string]string { - m := shell.BuildEnvs(env) - - for _, arg := range args { - // If key already exists, keep previous value. - if _, ok := m[arg.Key]; ok { - continue - } - if arg.Value != nil { - m[arg.Key] = arg.ValueString() - } - } - return m -} - func dfCmd(cmd interface{}) llb.ConstraintsOpt { // TODO: add fmt.Stringer to instructions.Command to remove interface{} var cmdStr string @@ -1094,10 +1081,14 @@ func dfCmd(cmd interface{}) llb.ConstraintsOpt { }) } -func runCommandString(args []string, buildArgs []instructions.KeyValuePairOptional) string { +func runCommandString(args []string, buildArgs []instructions.KeyValuePairOptional, envMap map[string]string) string { var tmpBuildEnv []string for _, arg := range buildArgs { - tmpBuildEnv = append(tmpBuildEnv, arg.Key+"="+arg.ValueString()) + v, ok := envMap[arg.Key] + if !ok { + v = arg.ValueString() + } + tmpBuildEnv = append(tmpBuildEnv, arg.Key+"="+v) } if len(tmpBuildEnv) > 0 { tmpBuildEnv = append([]string{fmt.Sprintf("|%d", len(tmpBuildEnv))}, tmpBuildEnv...) diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go new file mode 100644 index 0000000000..bc37ff43c8 --- /dev/null +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go @@ -0,0 +1,11 @@ +// +build !dfrunsecurity + +package dockerfile2llb + +import ( + "github.com/moby/buildkit/frontend/dockerfile/instructions" +) + +func dispatchRunSecurity(d *dispatchState, c *instructions.RunCommand) error { + return nil +} diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go index 1ff4c1a307..3d9a83c31d 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go @@ -124,6 +124,9 @@ func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []* if mount.CacheSharing == instructions.MountSharingLocked { sharing = llb.CacheMountLocked } + if mount.CacheID == "" { + mount.CacheID = path.Clean(mount.Target) + } mountOpts = append(mountOpts, llb.AsPersistentCacheDir(opt.cacheIDNamespace+"/"+mount.CacheID, sharing)) } target := mount.Target @@ -144,7 +147,9 @@ func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []* out = append(out, llb.AddMount(target, st, mountOpts...)) - d.ctxPaths[path.Join("/", filepath.ToSlash(mount.Source))] = struct{}{} + if mount.From == "" { + d.ctxPaths[path.Join("/", filepath.ToSlash(mount.Source))] = struct{}{} + } } return out, nil } diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go new file mode 100644 index 0000000000..7b1f099464 --- /dev/null +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go @@ -0,0 +1,27 @@ +// +build dfrunsecurity + +package dockerfile2llb + +import ( + "github.com/pkg/errors" + + "github.com/moby/buildkit/frontend/dockerfile/instructions" + "github.com/moby/buildkit/solver/pb" +) + +func dispatchRunSecurity(d *dispatchState, c *instructions.RunCommand) error { + security := instructions.GetSecurity(c) + + for _, sec := range security { + switch sec { + case instructions.SecurityInsecure: + d.state = d.state.Security(pb.SecurityMode_INSECURE) + case instructions.SecuritySandbox: + d.state = d.state.Security(pb.SecurityMode_SANDBOX) + default: + return errors.Errorf("unsupported security mode %q", sec) + } + } + + return nil +} diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go index 143525ea82..442877d866 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go @@ -142,6 +142,8 @@ func parseMount(value string) (*Mount, error) { if m.Type == "secret" || m.Type == "ssh" { m.Required = true continue + } else { + return nil, errors.Errorf("unexpected key '%s' for mount type '%s'", key, m.Type) } } } @@ -176,6 +178,16 @@ func parseMount(value string) (*Mount, error) { } m.ReadOnly = !rw roAuto = false + case "required": + if m.Type == "secret" || m.Type == "ssh" { + v, err := strconv.ParseBool(value) + if err != nil { + return nil, errors.Errorf("invalid value for %s: %s", key, value) + } + m.Required = v + } else { + return nil, errors.Errorf("unexpected key '%s' for mount type '%s'", key, m.Type) + } case "id": m.CacheID = value case "sharing": diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go new file mode 100644 index 0000000000..b83b6f2f85 --- /dev/null +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go @@ -0,0 +1,83 @@ +// +build dfrunsecurity + +package instructions + +import ( + "encoding/csv" + "strings" + + "github.com/pkg/errors" +) + +const ( + SecurityInsecure = "insecure" + SecuritySandbox = "sandbox" +) + +var allowedSecurity = map[string]struct{}{ + SecurityInsecure: {}, + SecuritySandbox: {}, +} + +func isValidSecurity(value string) bool { + _, ok := allowedSecurity[value] + return ok +} + +type securityKeyT string + +var securityKey = securityKeyT("dockerfile/run/security") + +func init() { + parseRunPreHooks = append(parseRunPreHooks, runSecurityPreHook) + parseRunPostHooks = append(parseRunPostHooks, runSecurityPostHook) +} + +func runSecurityPreHook(cmd *RunCommand, req parseRequest) error { + st := &securityState{} + st.flag = req.flags.AddStrings("security") + cmd.setExternalValue(securityKey, st) + return nil +} + +func runSecurityPostHook(cmd *RunCommand, req parseRequest) error { + st := getSecurityState(cmd) + if st == nil { + return errors.Errorf("no security state") + } + + for _, value := range st.flag.StringValues { + csvReader := csv.NewReader(strings.NewReader(value)) + fields, err := csvReader.Read() + if err != nil { + return errors.Wrap(err, "failed to parse csv security") + } + + for _, field := range fields { + if !isValidSecurity(field) { + return errors.Errorf("security %q is not valid", field) + } + + st.security = append(st.security, field) + } + } + + return nil +} + +func getSecurityState(cmd *RunCommand) *securityState { + v := cmd.getExternalValue(securityKey) + if v == nil { + return nil + } + return v.(*securityState) +} + +func GetSecurity(cmd *RunCommand) []string { + return getSecurityState(cmd).security +} + +type securityState struct { + flag *Flag + security []string +} diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go index 6153f50d63..f9eb26f48b 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go @@ -417,10 +417,7 @@ func BuildEnvs(env []string) map[string]string { k := e[:i] v := e[i+1:] - // If key already exists, keep previous value. - if _, ok := envs[k]; ok { - continue - } + // overwrite value if key already exists envs[k] = v } } diff --git a/vendor/github.com/moby/buildkit/go.mod b/vendor/github.com/moby/buildkit/go.mod index 3d54653c75..7f76ec2558 100644 --- a/vendor/github.com/moby/buildkit/go.mod +++ b/vendor/github.com/moby/buildkit/go.mod @@ -9,12 +9,14 @@ require ( github.com/codahale/hdrhistogram v0.0.0-20160425231609-f8ad88b59a58 // indirect github.com/containerd/cgroups v0.0.0-20190226200435-dbea6f2bd416 // indirect github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50 - github.com/containerd/containerd v1.3.0-0.20190426060238-3a3f0aac8819 + github.com/containerd/containerd v1.3.0-0.20190507210959-7c1e88399ec0 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260 // indirect + github.com/containerd/go-cni v0.0.0-20190610170741-5a4663dad645 github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3 github.com/containerd/ttrpc v0.0.0-20190411181408-699c4e40d1e7 // indirect github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd // indirect + github.com/containernetworking/cni v0.6.1-0.20180218032124-142cde0c766c // indirect github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e github.com/docker/cli v0.0.0-20190321234815-f40f9c240ab0 github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible @@ -41,7 +43,7 @@ require ( github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c github.com/opencontainers/go-digest v1.0.0-rc1 github.com/opencontainers/image-spec v1.0.1 - github.com/opencontainers/runc v1.0.1-0.20190307181833-2b18fe1d885e + github.com/opencontainers/runc v1.0.0-rc8 github.com/opencontainers/runtime-spec v0.0.0-20180909173843-eba862dc2470 github.com/opentracing-contrib/go-stdlib v0.0.0-20171029140428-b1a47cfbdd75 github.com/opentracing/opentracing-go v0.0.0-20171003133519-1361b9cd60be diff --git a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go index b82e3fc1c9..f1d7d78ee3 100644 --- a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go +++ b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go @@ -40,6 +40,12 @@ type streamWriterCloser struct { func (wc *streamWriterCloser) Write(dt []byte) (int, error) { if err := wc.ClientStream.SendMsg(&BytesMessage{Data: dt}); err != nil { + // SendMsg return EOF on remote errors + if errors.Cause(err) == io.EOF { + if err := errors.WithStack(wc.ClientStream.RecvMsg(struct{}{})); err != nil { + return 0, err + } + } return 0, errors.WithStack(err) } return len(dt), nil diff --git a/vendor/github.com/moby/buildkit/session/filesync/filesync.go b/vendor/github.com/moby/buildkit/session/filesync/filesync.go index b345569bf0..a45abe02e7 100644 --- a/vendor/github.com/moby/buildkit/session/filesync/filesync.go +++ b/vendor/github.com/moby/buildkit/session/filesync/filesync.go @@ -18,11 +18,12 @@ import ( ) const ( - keyOverrideExcludes = "override-excludes" - keyIncludePatterns = "include-patterns" - keyExcludePatterns = "exclude-patterns" - keyFollowPaths = "followpaths" - keyDirName = "dir-name" + keyOverrideExcludes = "override-excludes" + keyIncludePatterns = "include-patterns" + keyExcludePatterns = "exclude-patterns" + keyFollowPaths = "followpaths" + keyDirName = "dir-name" + keyExporterMetaPrefix = "exporter-md-" ) type fsSyncProvider struct { @@ -238,16 +239,16 @@ func NewFSSyncTargetDir(outdir string) session.Attachable { } // NewFSSyncTarget allows writing into an io.WriteCloser -func NewFSSyncTarget(w io.WriteCloser) session.Attachable { +func NewFSSyncTarget(f func(map[string]string) (io.WriteCloser, error)) session.Attachable { p := &fsSyncTarget{ - outfile: w, + f: f, } return p } type fsSyncTarget struct { - outdir string - outfile io.WriteCloser + outdir string + f func(map[string]string) (io.WriteCloser, error) } func (sp *fsSyncTarget) Register(server *grpc.Server) { @@ -258,11 +259,26 @@ func (sp *fsSyncTarget) DiffCopy(stream FileSend_DiffCopyServer) error { if sp.outdir != "" { return syncTargetDiffCopy(stream, sp.outdir) } - if sp.outfile == nil { + + if sp.f == nil { return errors.New("empty outfile and outdir") } - defer sp.outfile.Close() - return writeTargetFile(stream, sp.outfile) + opts, _ := metadata.FromIncomingContext(stream.Context()) // if no metadata continue with empty object + md := map[string]string{} + for k, v := range opts { + if strings.HasPrefix(k, keyExporterMetaPrefix) { + md[strings.TrimPrefix(k, keyExporterMetaPrefix)] = strings.Join(v, ",") + } + } + wc, err := sp.f(md) + if err != nil { + return err + } + if wc == nil { + return status.Errorf(codes.AlreadyExists, "target already exists") + } + defer wc.Close() + return writeTargetFile(stream, wc) } func CopyToCaller(ctx context.Context, fs fsutil.FS, c session.Caller, progress func(int, bool)) error { @@ -281,7 +297,7 @@ func CopyToCaller(ctx context.Context, fs fsutil.FS, c session.Caller, progress return sendDiffCopy(cc, fs, progress) } -func CopyFileWriter(ctx context.Context, c session.Caller) (io.WriteCloser, error) { +func CopyFileWriter(ctx context.Context, md map[string]string, c session.Caller) (io.WriteCloser, error) { method := session.MethodURL(_FileSend_serviceDesc.ServiceName, "diffcopy") if !c.Supports(method) { return nil, errors.Errorf("method %s not supported by the client", method) @@ -289,6 +305,13 @@ func CopyFileWriter(ctx context.Context, c session.Caller) (io.WriteCloser, erro client := NewFileSendClient(c.Conn()) + opts := make(map[string][]string, len(md)) + for k, v := range md { + opts[keyExporterMetaPrefix+k] = []string{v} + } + + ctx = metadata.NewOutgoingContext(ctx, opts) + cc, err := client.DiffCopy(ctx) if err != nil { return nil, errors.WithStack(err) diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go index e5d362d80c..42f2a8ce4f 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go @@ -29,6 +29,7 @@ type llbBridge struct { builder solver.Builder frontends map[string]frontend.Frontend resolveWorker func() (worker.Worker, error) + eachWorker func(func(worker.Worker) error) error resolveCacheImporterFuncs map[string]remotecache.ResolveCacheImporterFunc cms map[string]solver.CacheManager cmsMu sync.Mutex @@ -91,11 +92,25 @@ func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest) (res * if err != nil { return nil, err } + dpc := &detectPrunedCacheID{} - edge, err := Load(req.Definition, ValidateEntitlements(ent), WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps()) + edge, err := Load(req.Definition, dpc.Load, ValidateEntitlements(ent), WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps()) if err != nil { return nil, errors.Wrap(err, "failed to load LLB") } + + if len(dpc.ids) > 0 { + ids := make([]string, 0, len(dpc.ids)) + for id := range dpc.ids { + ids = append(ids, id) + } + if err := b.eachWorker(func(w worker.Worker) error { + return w.PruneCacheMounts(ctx, ids) + }); err != nil { + return nil, err + } + } + ref, err := b.builder.Build(ctx, edge) if err != nil { return nil, errors.Wrap(err, "failed to build LLB") diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go index 99902a8332..d0de380211 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go @@ -221,11 +221,13 @@ func (e *execOp) getMountDeps() ([]dep, error) { } func (e *execOp) getRefCacheDir(ctx context.Context, ref cache.ImmutableRef, id string, m *pb.Mount, sharing pb.CacheSharingOpt) (mref cache.MutableRef, err error) { - key := "cache-dir:" + id if ref != nil { key += ":" + ref.ID() } + mu := CacheMountsLocker() + mu.Lock() + defer mu.Unlock() if ref, ok := e.cacheMounts[key]; ok { return ref.clone(), nil @@ -792,10 +794,17 @@ type cacheRefs struct { shares map[string]*cacheRefShare } -func (r *cacheRefs) get(key string, fn func() (cache.MutableRef, error)) (cache.MutableRef, error) { - r.mu.Lock() - defer r.mu.Unlock() +// ClearActiveCacheMounts clears shared cache mounts currently in use. +// Caller needs to hold CacheMountsLocker before calling +func ClearActiveCacheMounts() { + sharedCacheRefs.shares = nil +} +func CacheMountsLocker() sync.Locker { + return &sharedCacheRefs.mu +} + +func (r *cacheRefs) get(key string, fn func() (cache.MutableRef, error)) (cache.MutableRef, error) { if r.shares == nil { r.shares = map[string]*cacheRefShare{} } diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go b/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go index 9ae116399d..9e4525a55e 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go @@ -39,6 +39,7 @@ type Solver struct { workerController *worker.Controller solver *solver.Solver resolveWorker ResolveWorkerFunc + eachWorker func(func(worker.Worker) error) error frontends map[string]frontend.Frontend resolveCacheImporterFuncs map[string]remotecache.ResolveCacheImporterFunc platforms []specs.Platform @@ -51,6 +52,7 @@ func New(wc *worker.Controller, f map[string]frontend.Frontend, cache solver.Cac s := &Solver{ workerController: wc, resolveWorker: defaultResolver(wc), + eachWorker: allWorkers(wc), frontends: f, resolveCacheImporterFuncs: resolveCI, gatewayForwarder: gatewayForwarder, @@ -87,6 +89,7 @@ func (s *Solver) Bridge(b solver.Builder) frontend.FrontendLLBBridge { builder: b, frontends: s.frontends, resolveWorker: s.resolveWorker, + eachWorker: s.eachWorker, resolveCacheImporterFuncs: s.resolveCacheImporterFuncs, cms: map[string]solver.CacheManager{}, platforms: s.platforms, @@ -285,6 +288,20 @@ func defaultResolver(wc *worker.Controller) ResolveWorkerFunc { return wc.GetDefault() } } +func allWorkers(wc *worker.Controller) func(func(w worker.Worker) error) error { + return func(f func(worker.Worker) error) error { + all, err := wc.List() + if err != nil { + return err + } + for _, w := range all { + if err := f(w); err != nil { + return err + } + } + return nil + } +} func oneOffProgress(ctx context.Context, id string) func(err error) error { pw, _, _ := progress.FromContext(ctx) diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go index 9187546167..7de9fd0f2a 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go @@ -131,6 +131,34 @@ func ValidateEntitlements(ent entitlements.Set) LoadOpt { } } +type detectPrunedCacheID struct { + ids map[string]struct{} +} + +func (dpc *detectPrunedCacheID) Load(op *pb.Op, md *pb.OpMetadata, opt *solver.VertexOptions) error { + if md == nil || !md.IgnoreCache { + return nil + } + switch op := op.Op.(type) { + case *pb.Op_Exec: + for _, m := range op.Exec.GetMounts() { + if m.MountType == pb.MountType_CACHE { + if m.CacheOpt != nil { + id := m.CacheOpt.ID + if id == "" { + id = m.Dest + } + if dpc.ids == nil { + dpc.ids = map[string]struct{}{} + } + dpc.ids[id] = struct{}{} + } + } + } + } + return nil +} + func Load(def *pb.Definition, opts ...LoadOpt) (solver.Edge, error) { return loadLLB(def, func(dgst digest.Digest, pbOp *pb.Op, load func(digest.Digest) (solver.Vertex, error)) (solver.Vertex, error) { opMetadata := def.Metadata[dgst] diff --git a/vendor/github.com/moby/buildkit/solver/result.go b/vendor/github.com/moby/buildkit/solver/result.go index b217ae083e..c7e100b08c 100644 --- a/vendor/github.com/moby/buildkit/solver/result.go +++ b/vendor/github.com/moby/buildkit/solver/result.go @@ -40,9 +40,9 @@ func dup(res Result) (Result, Result) { } type splitResult struct { - Result released int64 sem *int64 + Result } func (r *splitResult) Release(ctx context.Context) error { diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go new file mode 100644 index 0000000000..580f152f94 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go @@ -0,0 +1,8 @@ +// +build !386 + +package binfmt_misc + +// This file is generated by running make inside the binfmt_misc package. +// Do not edit manually. + +const Binary386 = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xec\xd8\x31\x6e\xc2\x30\x14\x06\xe0\xdf\x8d\xdb\x26\x6a\x07\x1f\x20\xaa\x3a\x74\xe8\x64\xb5\x52\xae\x00\x2c\x88\x8d\x03\x80\x14\xc1\x94\x44\x89\x91\x60\x22\x47\x60\xe0\x20\x8c\x8c\x5c\x80\x13\x70\x19\xf4\xe2\x67\x91\x81\x25\xfb\xfb\xa4\x5f\x16\xcf\xe6\x29\xeb\x7b\xfb\xd1\x74\xac\x94\x42\xf0\x82\x08\xdd\xaf\x83\x8e\x33\x00\x7f\xc6\xd7\x33\x7c\x23\xc2\x2f\x74\xb8\x27\xad\x8e\x29\x27\x00\x14\x4d\x35\x03\x7f\x6f\x7c\x0f\x4a\x02\x80\xf2\xca\x75\x7a\x77\xa4\xb4\x3a\xa6\xa4\x00\x52\xfe\x7f\xc8\x27\xbf\x9f\xcc\xe6\xd4\xef\x42\xb5\xc7\x57\x0a\x21\x84\x10\x42\x08\x21\x84\x10\x62\x88\x33\x0d\xd5\xff\xb7\x6b\x0b\xdb\xac\x1b\x57\xbb\xc5\x12\xb6\x28\x5d\x6e\x57\xc5\xc6\x56\x75\x59\xe5\xb5\xdb\xc1\xba\x7c\xeb\x86\xf4\xfd\x00\xf0\xde\xed\x13\x78\xce\xe7\x19\x3f\xd0\x7c\x7e\xf1\x5c\xff\xc6\x3b\x07\x18\xbf\x2b\x08\x54\xef\x8c\x7a\xf5\xc4\x00\x3f\x4f\xde\xdd\x03\x00\x00\xff\xff\x8d\xf7\xd2\x72\xd0\x10\x00\x00" diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go new file mode 100644 index 0000000000..8137d35047 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go @@ -0,0 +1,7 @@ +// +build !386 + +package binfmt_misc + +func i386Supported() error { + return check(Binary386) +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go new file mode 100644 index 0000000000..2b2ab45be4 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go @@ -0,0 +1,7 @@ +// +build 386 + +package binfmt_misc + +func i386Supported() error { + return nil +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go index 27af7207d2..1a250a5d6d 100644 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go @@ -24,6 +24,15 @@ func SupportedPlatforms() []string { if p := "linux/riscv64"; def != p && riscv64Supported() == nil { arr = append(arr, p) } + if p := "linux/ppc64le"; def != p && ppc64leSupported() == nil { + arr = append(arr, p) + } + if p := "linux/s390x"; def != p && s390xSupported() == nil { + arr = append(arr, p) + } + if p := "linux/386"; def != p && i386Supported() == nil { + arr = append(arr, p) + } if !strings.HasPrefix(def, "linux/arm/") && armSupported() == nil { arr = append(arr, "linux/arm/v7", "linux/arm/v6") } else if def == "linux/arm/v7" { @@ -55,6 +64,21 @@ func WarnIfUnsupported(pfs []string) { printPlatfromWarning(p, err) } } + if p == "linux/ppc64le" { + if err := ppc64leSupported(); err != nil { + printPlatfromWarning(p, err) + } + } + if p == "linux/s390x" { + if err := s390xSupported(); err != nil { + printPlatfromWarning(p, err) + } + } + if p == "linux/386" { + if err := i386Supported(); err != nil { + printPlatfromWarning(p, err) + } + } if strings.HasPrefix(p, "linux/arm/v6") || strings.HasPrefix(p, "linux/arm/v7") { if err := armSupported(); err != nil { printPlatfromWarning(p, err) diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go new file mode 100644 index 0000000000..511db714c7 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go @@ -0,0 +1,8 @@ +// +build !ppc64le + +package binfmt_misc + +// This file is generated by running make inside the binfmt_misc package. +// Do not edit manually. + +const Binaryppc64le = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x64\x64\x80\x01\x26\x06\x51\x06\x10\xaf\x82\x81\x41\x00\xc4\x77\x80\x8a\x2f\x80\xcb\x83\xc4\x2c\x18\x18\x19\x1c\x18\x58\x18\x98\xc1\x6a\x59\x19\x50\x80\x00\x32\xdd\x02\xe5\xb4\xc0\xa5\x19\x61\xa4\x05\x03\x43\x82\x05\x13\x03\x83\x0b\x83\x5e\x71\x46\x71\x49\x51\x49\x62\x12\x83\x5e\x49\x6a\x45\x09\x83\x5e\x6a\x46\x7c\x5a\x51\x62\x6e\x2a\x03\xc5\x80\x1b\x6a\x23\x1b\x94\x0f\xf3\x57\x05\x94\xcf\x83\xa6\x9e\x03\x8d\x2f\x08\xd5\xcf\x84\xf0\x87\x00\xaa\x7f\x50\x01\x0b\x1a\x1f\xa4\x97\x19\x8b\x3a\x98\x7e\x69\x2c\xea\x91\x01\x20\x00\x00\xff\xff\xce\xf7\x15\x75\xa0\x01\x00\x00" diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go new file mode 100644 index 0000000000..4d5b3bf877 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go @@ -0,0 +1,7 @@ +// +build !ppc64le + +package binfmt_misc + +func ppc64leSupported() error { + return check(Binaryppc64le) +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go new file mode 100644 index 0000000000..27e4ab8f1a --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go @@ -0,0 +1,7 @@ +// +build ppc64le + +package binfmt_misc + +func ppc64leSupported() error { + return nil +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go new file mode 100644 index 0000000000..3d34c2e5ac --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go @@ -0,0 +1,8 @@ +// +build !s390x + +package binfmt_misc + +// This file is generated by running make inside the binfmt_misc package. +// Do not edit manually. + +const Binarys390x = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x62\x64\x80\x03\x26\x06\x31\x06\x06\x06\xb0\x00\x23\x03\x43\x05\x54\xd4\x01\x4a\xcf\x80\xf2\x2c\x18\x18\x19\x1c\x18\x98\x19\x98\xa0\x6a\x59\x19\x90\x00\x23\x1a\xcd\xc0\xc0\xd0\x80\x4a\x0b\x30\x2c\xd7\x64\x60\xe0\x62\x64\x67\x67\xd0\x2b\xce\x28\x2e\x29\x2a\x49\x4c\x62\xd0\x2b\x49\xad\x28\x61\xa0\x1e\xe0\x46\x72\x02\x1b\x9a\x7f\x60\x34\x07\x9a\x1e\x16\x34\x6f\x30\xe3\x30\x1b\xe6\x1f\x41\x34\x71\xb8\x97\x01\x01\x00\x00\xff\xff\x0c\x76\x9a\xe1\x58\x01\x00\x00" diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go new file mode 100644 index 0000000000..1d5b4a08c3 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go @@ -0,0 +1,7 @@ +// +build !s390x + +package binfmt_misc + +func s390xSupported() error { + return check(Binarys390x) +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go new file mode 100644 index 0000000000..92554221ba --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go @@ -0,0 +1,7 @@ +// +build s390x + +package binfmt_misc + +func s390xSupported() error { + return nil +} diff --git a/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go b/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go index 9b7ba8755a..120be2f125 100644 --- a/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go +++ b/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go @@ -72,16 +72,18 @@ func (g *Group) do(ctx context.Context, key string, fn func(ctx context.Context) g.mu.Lock() delete(g.m, key) g.mu.Unlock() + close(c.cleaned) }() g.mu.Unlock() return c.wait(ctx) } type call struct { - mu sync.Mutex - result interface{} - err error - ready chan struct{} + mu sync.Mutex + result interface{} + err error + ready chan struct{} + cleaned chan struct{} ctx *sharedContext ctxs []context.Context @@ -97,6 +99,7 @@ func newCall(fn func(ctx context.Context) (interface{}, error)) *call { c := &call{ fn: fn, ready: make(chan struct{}), + cleaned: make(chan struct{}), progressState: newProgressState(), } ctx := newContext(c) // newSharedContext @@ -127,6 +130,7 @@ func (c *call) wait(ctx context.Context) (v interface{}, err error) { select { case <-c.ready: // could return if no error c.mu.Unlock() + <-c.cleaned return nil, errRetry default: } diff --git a/vendor/github.com/moby/buildkit/util/network/network.go b/vendor/github.com/moby/buildkit/util/network/network.go index 055a52da8b..70b0cccad4 100644 --- a/vendor/github.com/moby/buildkit/util/network/network.go +++ b/vendor/github.com/moby/buildkit/util/network/network.go @@ -3,20 +3,9 @@ package network import ( "io" - "github.com/moby/buildkit/solver/pb" specs "github.com/opencontainers/runtime-spec/specs-go" ) -// Default returns the default network provider set -func Default() map[pb.NetMode]Provider { - return map[pb.NetMode]Provider{ - // FIXME: still uses host if no provider configured - pb.NetMode_UNSET: NewHostProvider(), - pb.NetMode_HOST: NewHostProvider(), - pb.NetMode_NONE: NewNoneProvider(), - } -} - // Provider interface for Network type Provider interface { New() (Namespace, error) @@ -28,10 +17,3 @@ type Namespace interface { // Set the namespace on the spec Set(*specs.Spec) } - -// NetworkOpts hold network options -type NetworkOpts struct { - Type string - CNIConfigPath string - CNIPluginPath string -} diff --git a/vendor/github.com/moby/buildkit/worker/worker.go b/vendor/github.com/moby/buildkit/worker/worker.go index 6485af57d2..38cc7db039 100644 --- a/vendor/github.com/moby/buildkit/worker/worker.go +++ b/vendor/github.com/moby/buildkit/worker/worker.go @@ -33,6 +33,7 @@ type Worker interface { Prune(ctx context.Context, ch chan client.UsageInfo, opt ...client.PruneInfo) error GetRemote(ctx context.Context, ref cache.ImmutableRef, createIfNeeded bool) (*solver.Remote, error) FromRemote(ctx context.Context, remote *solver.Remote) (cache.ImmutableRef, error) + PruneCacheMounts(ctx context.Context, ids []string) error } // Pre-defined label keys