0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #37620 from tonistiigi/buildkit-net-modes

Browse source 
buildkit: enable net modes and bridge
This commit is contained in:
Tibor Vass 2018-08-20 14:56:24 -07:00 committed by GitHub
commit cf72051c37
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
44 changed files with 2611 additions and 335 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
builder/builder-next/builder.go
View file

@ -3,6 +3,7 @@ package buildkit
import (
"context"
"io"
"net"
"strings"
"sync"
"time"
@ -15,21 +16,29 @@ import (
"github.com/docker/docker/daemon/images"
"github.com/docker/docker/pkg/streamformatter"
"github.com/docker/docker/pkg/system"
"github.com/docker/libnetwork"
controlapi "github.com/moby/buildkit/api/services/control"
"github.com/moby/buildkit/control"
"github.com/moby/buildkit/identity"
"github.com/moby/buildkit/session"
"github.com/moby/buildkit/solver/llbsolver"
"github.com/moby/buildkit/util/entitlements"
"github.com/moby/buildkit/util/tracing"
"github.com/pkg/errors"
"golang.org/x/sync/errgroup"
grpcmetadata "google.golang.org/grpc/metadata"
)
func init() {
llbsolver.AllowNetworkHostUnstable = true
}
// Opt is option struct required for creating the builder
type Opt struct {
SessionManager *session.Manager
Root string
Dist images.DistributionServices
SessionManager *session.Manager
Root string
Dist images.DistributionServices
NetworkController libnetwork.NetworkController
}
// Builder can build using BuildKit backend
@ -228,6 +237,20 @@ func (b *Builder) Build(ctx context.Context, opt backend.BuildConfig) (*builder.
frontendAttrs["platform"] = opt.Options.Platform
}
switch opt.Options.NetworkMode {
case "host", "none":
frontendAttrs["force-network-mode"] = opt.Options.NetworkMode
case "", "default":
default:
return nil, errors.Errorf("network mode %q not supported by buildkit", opt.Options.NetworkMode)
}
extraHosts, err := toBuildkitExtraHosts(opt.Options.ExtraHosts)
if err != nil {
return nil, err
}
frontendAttrs["add-hosts"] = extraHosts
exporterAttrs := map[string]string{}
if len(opt.Options.Tags) > 0 {
@ -243,6 +266,10 @@ func (b *Builder) Build(ctx context.Context, opt backend.BuildConfig) (*builder.
Session: opt.Options.SessionID,
}
if opt.Options.NetworkMode == "host" {
req.Entitlements = append(req.Entitlements, entitlements.EntitlementNetworkHost)
}
aux := streamformatter.AuxFormatter{Writer: opt.ProgressWriter.Output}
eg, ctx := errgroup.WithContext(ctx)
@ -424,3 +451,19 @@ func (j *buildJob) SetUpload(ctx context.Context, rc io.ReadCloser) error {
return fn(rc)
}
}
// toBuildkitExtraHosts converts hosts from docker key:value format to buildkit's csv format
func toBuildkitExtraHosts(inp []string) (string, error) {
if len(inp) == 0 {
return "", nil
}
hosts := make([]string, 0, len(inp))
for _, h := range inp {
parts := strings.Split(h, ":")
if len(parts) != 2 || parts[0] == "" || net.ParseIP(parts[1]) == nil {
return "", errors.Errorf("invalid host %s", h)
}
hosts = append(hosts, parts[0]+"="+parts[1])
}
return strings.Join(hosts, ","), nil
}

2
builder/builder-next/controller.go
View file

@ -90,7 +90,7 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
return nil, err
}
exec, err := newExecutor(root)
exec, err := newExecutor(root, opt.NetworkController)
if err != nil {
return nil, err
}

102
builder/builder-next/executor_unix.go
View file

@ -3,15 +3,113 @@
package buildkit
import (
"fmt"
"path/filepath"
"sync"
"github.com/docker/libnetwork"
"github.com/moby/buildkit/executor"
"github.com/moby/buildkit/executor/runcexecutor"
"github.com/moby/buildkit/identity"
"github.com/moby/buildkit/util/network"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
func newExecutor(root string) (executor.Executor, error) {
const networkName = "bridge"
func init() {
// FIXME: https://github.com/moby/moby/issues/37676
runcexecutor.DisableSubReaper()
}
func newExecutor(root string, net libnetwork.NetworkController) (executor.Executor, error) {
return runcexecutor.New(runcexecutor.Opt{
Root: filepath.Join(root, "executor"),
CommandCandidates: []string{"docker-runc", "runc"},
})
}, &bridgeProvider{NetworkController: net})
}
type bridgeProvider struct {
libnetwork.NetworkController
}
func (p *bridgeProvider) NewInterface() (network.Interface, error) {
n, err := p.NetworkByName(networkName)
if err != nil {
return nil, err
}
iface := &lnInterface{ready: make(chan struct{})}
iface.Once.Do(func() {
go iface.init(p.NetworkController, n)
})
return iface, nil
}
func (p *bridgeProvider) Release(iface network.Interface) error {
go func() {
if err := p.release(iface); err != nil {
logrus.Errorf("%s", err)
}
}()
return nil
}
func (p *bridgeProvider) release(iface network.Interface) error {
li, ok := iface.(*lnInterface)
if !ok {
return errors.Errorf("invalid interface %T", iface)
}
err := li.sbx.Delete()
if err1 := li.ep.Delete(true); err1 != nil && err == nil {
err = err1
}
return err
}
type lnInterface struct {
ep libnetwork.Endpoint
sbx libnetwork.Sandbox
sync.Once
err error
ready chan struct{}
}
func (iface *lnInterface) init(c libnetwork.NetworkController, n libnetwork.Network) {
defer close(iface.ready)
id := identity.NewID()
ep, err := n.CreateEndpoint(id)
if err != nil {
iface.err = err
return
}
sbx, err := c.NewSandbox(id)
if err != nil {
iface.err = err
return
}
if err := ep.Join(sbx); err != nil {
iface.err = err
return
}
iface.sbx = sbx
iface.ep = ep
}
func (iface *lnInterface) Set(pid int) error {
<-iface.ready
if iface.err != nil {
return iface.err
}
return iface.sbx.SetKey(fmt.Sprintf("/proc/%d/ns/net", pid))
}
func (iface *lnInterface) Remove(pid int) error {
return nil
}

3
builder/builder-next/executor_windows.go
View file

@ -5,11 +5,12 @@ import (
"errors"
"io"
"github.com/docker/libnetwork"
"github.com/moby/buildkit/cache"
"github.com/moby/buildkit/executor"
)
func newExecutor(_ string) (executor.Executor, error) {
func newExecutor(_ string, _ libnetwork.NetworkController) (executor.Executor, error) {
return &winExecutor{}, nil
}

7
cmd/dockerd/daemon.go
View file

@ -286,9 +286,10 @@ func newRouterOptions(config *config.Config, daemon *daemon.Daemon) (routerOptio
return opts, err
}
bk, err := buildkit.New(buildkit.Opt{
SessionManager: sm,
Root: filepath.Join(config.Root, "buildkit"),
Dist: daemon.DistributionServices(),
SessionManager: sm,
Root: filepath.Join(config.Root, "buildkit"),
Dist: daemon.DistributionServices(),
NetworkController: daemon.NetworkController(),
})
if err != nil {
return opts, err

5
daemon/network.go
View file

@ -49,6 +49,11 @@ func (daemon *Daemon) NetworkControllerEnabled() bool {
return daemon.netController != nil
}
// NetworkController returns the network controller created by the daemon.
func (daemon *Daemon) NetworkController() libnetwork.NetworkController {
return daemon.netController
}
// FindNetwork returns a network based on:
// 1. Full ID
// 2. Full Name

2
vendor.conf
View file

@ -26,7 +26,7 @@ github.com/imdario/mergo v0.3.6
golang.org/x/sync 1d60e4601c6fd243af51cc01ddf169918a5407ca
# buildkit
github.com/moby/buildkit e57eed420c7573ae44875be98fa877175b4677a1
github.com/moby/buildkit 46f9075ab68a07df2c40ae6e240ce4f9392b3a66 git://github.com/tiborvass/buildkit.git
github.com/tonistiigi/fsutil b19464cd1b6a00773b4f2eb7acf9c30426f9df42
github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7

300
vendor/github.com/moby/buildkit/api/services/control/control.pb.go generated vendored
View file

@ -35,6 +35,7 @@ import pb "github.com/moby/buildkit/solver/pb"
import moby_buildkit_v1_types "github.com/moby/buildkit/api/types"
import time "time"
import github_com_moby_buildkit_util_entitlements "github.com/moby/buildkit/util/entitlements"
import github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
import context "golang.org/x/net/context"
@ -57,8 +58,10 @@ var _ = time.Kitchen
const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
type PruneRequest struct {
Filter []string `protobuf:"bytes,1,rep,name=filter" json:"filter,omitempty"`
All bool `protobuf:"varint,2,opt,name=all,proto3" json:"all,omitempty"`
Filter []string `protobuf:"bytes,1,rep,name=filter" json:"filter,omitempty"`
All bool `protobuf:"varint,2,opt,name=all,proto3" json:"all,omitempty"`
KeepDuration int64 `protobuf:"varint,3,opt,name=keepDuration,proto3" json:"keepDuration,omitempty"`
KeepBytes int64 `protobuf:"varint,4,opt,name=keepBytes,proto3" json:"keepBytes,omitempty"`
}
func (m *PruneRequest) Reset() { *m = PruneRequest{} }
@ -80,6 +83,20 @@ func (m *PruneRequest) GetAll() bool {
return false
}
func (m *PruneRequest) GetKeepDuration() int64 {
if m != nil {
return m.KeepDuration
}
return 0
}
func (m *PruneRequest) GetKeepBytes() int64 {
if m != nil {
return m.KeepBytes
}
return 0
}
type DiskUsageRequest struct {
Filter []string `protobuf:"bytes,1,rep,name=filter" json:"filter,omitempty"`
}
@ -209,14 +226,15 @@ func (m *UsageRecord) GetShared() bool {
}
type SolveRequest struct {
Ref string `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
Definition *pb.Definition `protobuf:"bytes,2,opt,name=Definition" json:"Definition,omitempty"`
Exporter string `protobuf:"bytes,3,opt,name=Exporter,proto3" json:"Exporter,omitempty"`
ExporterAttrs map[string]string `protobuf:"bytes,4,rep,name=ExporterAttrs" json:"ExporterAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
Session string `protobuf:"bytes,5,opt,name=Session,proto3" json:"Session,omitempty"`
Frontend string `protobuf:"bytes,6,opt,name=Frontend,proto3" json:"Frontend,omitempty"`
FrontendAttrs map[string]string `protobuf:"bytes,7,rep,name=FrontendAttrs" json:"FrontendAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
Cache CacheOptions `protobuf:"bytes,8,opt,name=Cache" json:"Cache"`
Ref string `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`
Definition *pb.Definition `protobuf:"bytes,2,opt,name=Definition" json:"Definition,omitempty"`
Exporter string `protobuf:"bytes,3,opt,name=Exporter,proto3" json:"Exporter,omitempty"`
ExporterAttrs map[string]string `protobuf:"bytes,4,rep,name=ExporterAttrs" json:"ExporterAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
Session string `protobuf:"bytes,5,opt,name=Session,proto3" json:"Session,omitempty"`
Frontend string `protobuf:"bytes,6,opt,name=Frontend,proto3" json:"Frontend,omitempty"`
FrontendAttrs map[string]string `protobuf:"bytes,7,rep,name=FrontendAttrs" json:"FrontendAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
Cache CacheOptions `protobuf:"bytes,8,opt,name=Cache" json:"Cache"`
Entitlements []github_com_moby_buildkit_util_entitlements.Entitlement `protobuf:"bytes,9,rep,name=Entitlements,customtype=github.com/moby/buildkit/util/entitlements.Entitlement" json:"Entitlements,omitempty"`
}
func (m *SolveRequest) Reset() { *m = SolveRequest{} }
@ -955,6 +973,16 @@ func (m *PruneRequest) MarshalTo(dAtA []byte) (int, error) {
}
i++
}
if m.KeepDuration != 0 {
dAtA[i] = 0x18
i++
i = encodeVarintControl(dAtA, i, uint64(m.KeepDuration))
}
if m.KeepBytes != 0 {
dAtA[i] = 0x20
i++
i = encodeVarintControl(dAtA, i, uint64(m.KeepBytes))
}
return i, nil
}
@ -1212,6 +1240,21 @@ func (m *SolveRequest) MarshalTo(dAtA []byte) (int, error) {
return 0, err
}
i += n4
if len(m.Entitlements) > 0 {
for _, s := range m.Entitlements {
dAtA[i] = 0x4a
i++
l = len(s)
for l >= 1<<7 {
dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
l >>= 7
i++
}
dAtA[i] = uint8(l)
i++
i += copy(dAtA[i:], s)
}
}
return i, nil
}
@ -1690,6 +1733,12 @@ func (m *PruneRequest) Size() (n int) {
if m.All {
n += 2
}
if m.KeepDuration != 0 {
n += 1 + sovControl(uint64(m.KeepDuration))
}
if m.KeepBytes != 0 {
n += 1 + sovControl(uint64(m.KeepBytes))
}
return n
}
@ -1801,6 +1850,12 @@ func (m *SolveRequest) Size() (n int) {
}
l = m.Cache.Size()
n += 1 + l + sovControl(uint64(l))
if len(m.Entitlements) > 0 {
for _, s := range m.Entitlements {
l = len(s)
n += 1 + l + sovControl(uint64(l))
}
}
return n
}
@ -2089,6 +2144,44 @@ func (m *PruneRequest) Unmarshal(dAtA []byte) error {
}
}
m.All = bool(v != 0)
case 3:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field KeepDuration", wireType)
}
m.KeepDuration = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowControl
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.KeepDuration |= (int64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
case 4:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field KeepBytes", wireType)
}
m.KeepBytes = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowControl
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.KeepBytes |= (int64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
default:
iNdEx = preIndex
skippy, err := skipControl(dAtA[iNdEx:])
@ -3041,6 +3134,35 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
case 9:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Entitlements", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowControl
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthControl
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Entitlements = append(m.Entitlements, github_com_moby_buildkit_util_entitlements.Entitlement(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipControl(dAtA[iNdEx:])
@ -4709,81 +4831,85 @@ var (
func init() { proto.RegisterFile("control.proto", fileDescriptorControl) }
var fileDescriptorControl = []byte{
// 1206 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x56, 0x4f, 0x6f, 0x1b, 0x45,
0x14, 0x67, 0x6d, 0xc7, 0x7f, 0x9e, 0x9d, 0x2a, 0x0c, 0x50, 0xad, 0x16, 0x48, 0xcc, 0x02, 0x92,
0x55, 0xb5, 0xbb, 0x6d, 0xa0, 0x52, 0x15, 0xa1, 0xaa, 0x75, 0x5c, 0x44, 0xaa, 0x44, 0x94, 0x75,
0x42, 0x25, 0x6e, 0x6b, 0x7b, 0xe2, 0xac, 0xb2, 0xde, 0x59, 0x66, 0x66, 0x43, 0xcd, 0xa7, 0xe0,
0xc0, 0x37, 0xe1, 0xc0, 0x27, 0x40, 0xea, 0x91, 0x33, 0x87, 0x14, 0xe5, 0x0e, 0x77, 0x6e, 0x68,
0xfe, 0xac, 0x3d, 0x8e, 0x9d, 0x38, 0x49, 0x4f, 0x99, 0x37, 0xf9, 0xbd, 0x9f, 0xdf, 0x7b, 0xbf,
0xb7, 0xf3, 0x1e, 0xac, 0xf6, 0x49, 0xc2, 0x29, 0x89, 0xbd, 0x94, 0x12, 0x4e, 0xd0, 0xda, 0x88,
0xf4, 0xc6, 0x5e, 0x2f, 0x8b, 0xe2, 0xc1, 0x71, 0xc4, 0xbd, 0x93, 0x07, 0xce, 0xbd, 0x61, 0xc4,
0x8f, 0xb2, 0x9e, 0xd7, 0x27, 0x23, 0x7f, 0x48, 0x86, 0xc4, 0x97, 0xc0, 0x5e, 0x76, 0x28, 0x2d,
0x69, 0xc8, 0x93, 0x22, 0x70, 0x36, 0x86, 0x84, 0x0c, 0x63, 0x3c, 0x45, 0xf1, 0x68, 0x84, 0x19,
0x0f, 0x47, 0xa9, 0x06, 0xdc, 0x35, 0xf8, 0xc4, 0x8f, 0xf9, 0xf9, 0x8f, 0xf9, 0x8c, 0xc4, 0x27,
0x98, 0xfa, 0x69, 0xcf, 0x27, 0x29, 0xd3, 0x68, 0xff, 0x42, 0x74, 0x98, 0x46, 0x3e, 0x1f, 0xa7,
0x98, 0xf9, 0x3f, 0x11, 0x7a, 0x8c, 0xa9, 0x72, 0x70, 0x1f, 0x41, 0xe3, 0x05, 0xcd, 0x12, 0x1c,
0xe0, 0x1f, 0x33, 0xcc, 0x38, 0xba, 0x0d, 0xe5, 0xc3, 0x28, 0xe6, 0x98, 0xda, 0x56, 0xb3, 0xd8,
0xaa, 0x05, 0xda, 0x42, 0x6b, 0x50, 0x0c, 0xe3, 0xd8, 0x2e, 0x34, 0xad, 0x56, 0x35, 0x10, 0x47,
0xf7, 0x0e, 0xac, 0x75, 0x22, 0x76, 0x7c, 0xc0, 0xc2, 0xe1, 0x32, 0x6f, 0xf7, 0x39, 0xbc, 0x6b,
0x60, 0x59, 0x4a, 0x12, 0x86, 0xd1, 0x43, 0x28, 0x53, 0xdc, 0x27, 0x74, 0x20, 0xc1, 0xf5, 0xcd,
0x8f, 0xbd, 0xf3, 0xc5, 0xf4, 0xb4, 0x83, 0x00, 0x05, 0x1a, 0xec, 0xfe, 0x57, 0x80, 0xba, 0x71,
0x8f, 0x6e, 0x41, 0x61, 0xa7, 0x63, 0x5b, 0x4d, 0xab, 0x55, 0x0b, 0x0a, 0x3b, 0x1d, 0x64, 0x43,
0x65, 0x2f, 0xe3, 0x61, 0x2f, 0xc6, 0x3a, 0xda, 0xdc, 0x44, 0xef, 0xc3, 0xca, 0x4e, 0x72, 0xc0,
0xb0, 0x5d, 0x94, 0xf7, 0xca, 0x40, 0x08, 0x4a, 0xdd, 0xe8, 0x67, 0x6c, 0x97, 0x9a, 0x56, 0xab,
0x18, 0xc8, 0xb3, 0xc8, 0xe3, 0x45, 0x48, 0x71, 0xc2, 0xed, 0x15, 0xc9, 0xab, 0x2d, 0xd4, 0x86,
0xda, 0x36, 0xc5, 0x21, 0xc7, 0x83, 0xa7, 0xdc, 0x2e, 0x37, 0xad, 0x56, 0x7d, 0xd3, 0xf1, 0x94,
0x82, 0x5e, 0xae, 0xa0, 0xb7, 0x9f, 0x2b, 0xd8, 0xae, 0xbe, 0x3e, 0xdd, 0x78, 0xe7, 0x97, 0x37,
0x1b, 0x56, 0x30, 0x75, 0x43, 0x4f, 0x00, 0x76, 0x43, 0xc6, 0x0f, 0x98, 0x24, 0xa9, 0x2c, 0x25,
0x29, 0x49, 0x02, 0xc3, 0x07, 0xad, 0x03, 0xc8, 0x02, 0x6c, 0x93, 0x2c, 0xe1, 0x76, 0x55, 0xc6,
0x6d, 0xdc, 0xa0, 0x26, 0xd4, 0x3b, 0x98, 0xf5, 0x69, 0x94, 0xf2, 0x88, 0x24, 0x76, 0x4d, 0xa6,
0x60, 0x5e, 0x09, 0x06, 0x55, 0xbd, 0xfd, 0x71, 0x8a, 0x6d, 0x90, 0x00, 0xe3, 0x46, 0xe4, 0xdf,
0x3d, 0x0a, 0x29, 0x1e, 0xd8, 0x75, 0x59, 0x2a, 0x6d, 0xb9, 0xbf, 0x96, 0xa0, 0xd1, 0x15, 0x6d,
0x97, 0x0b, 0xbe, 0x06, 0xc5, 0x00, 0x1f, 0xea, 0xea, 0x8b, 0x23, 0xf2, 0x00, 0x3a, 0xf8, 0x30,
0x4a, 0x22, 0xf9, 0xdb, 0x05, 0x99, 0xde, 0x2d, 0x2f, 0xed, 0x79, 0xd3, 0xdb, 0xc0, 0x40, 0x20,
0x07, 0xaa, 0xcf, 0x5e, 0xa5, 0x84, 0x8a, 0xa6, 0x29, 0x4a, 0x9a, 0x89, 0x8d, 0x5e, 0xc2, 0x6a,
0x7e, 0x7e, 0xca, 0x39, 0x65, 0x76, 0x49, 0x36, 0xca, 0x83, 0xf9, 0x46, 0x31, 0x83, 0xf2, 0x66,
0x7c, 0x9e, 0x25, 0x9c, 0x8e, 0x83, 0x59, 0x1e, 0xd1, 0x23, 0x5d, 0xcc, 0x98, 0x88, 0x50, 0x09,
0x9c, 0x9b, 0x22, 0x9c, 0xaf, 0x29, 0x49, 0x38, 0x4e, 0x06, 0x52, 0xe0, 0x5a, 0x30, 0xb1, 0x45,
0x38, 0xf9, 0x59, 0x85, 0x53, 0xb9, 0x52, 0x38, 0x33, 0x3e, 0x3a, 0x9c, 0x99, 0x3b, 0xb4, 0x05,
0x2b, 0xdb, 0x61, 0xff, 0x08, 0x4b, 0x2d, 0xeb, 0x9b, 0xeb, 0xf3, 0x84, 0xf2, 0xdf, 0xdf, 0x4a,
0xf1, 0x58, 0xbb, 0x24, 0xda, 0x2a, 0x50, 0x2e, 0xce, 0x13, 0x40, 0xf3, 0xf9, 0x0a, 0x5d, 0x8e,
0xf1, 0x38, 0xd7, 0xe5, 0x18, 0x8f, 0x45, 0xf3, 0x9f, 0x84, 0x71, 0xa6, 0x3e, 0x8a, 0x5a, 0xa0,
0x8c, 0xad, 0xc2, 0x23, 0x4b, 0x30, 0xcc, 0x87, 0x78, 0x1d, 0x06, 0xf7, 0x8d, 0x05, 0x0d, 0x33,
0x42, 0xf4, 0x11, 0xd4, 0x54, 0x50, 0xd3, 0xe6, 0x98, 0x5e, 0x88, 0xee, 0xdb, 0x19, 0x69, 0x83,
0xd9, 0x05, 0xf9, 0x52, 0x18, 0x37, 0xe8, 0x3b, 0xa8, 0x2b, 0xb0, 0xaa, 0x72, 0x51, 0x56, 0xd9,
0xbf, 0xbc, 0x28, 0x9e, 0xe1, 0xa1, 0x6a, 0x6c, 0x72, 0x38, 0x8f, 0x61, 0xed, 0x3c, 0xe0, 0x5a,
0x19, 0xfe, 0x6e, 0xc1, 0xaa, 0x16, 0x55, 0xbf, 0x5e, 0x61, 0xce, 0x88, 0x69, 0x7e, 0xa7, 0xdf,
0xb1, 0x87, 0x17, 0xf6, 0x83, 0x82, 0x79, 0xe7, 0xfd, 0x54, 0xbc, 0x73, 0x74, 0xce, 0x36, 0x7c,
0xb0, 0x10, 0x7a, 0xad, 0xc8, 0x3f, 0x81, 0xd5, 0x2e, 0x0f, 0x79, 0xc6, 0x2e, 0xfc, 0x64, 0xdd,
0xdf, 0x2c, 0xb8, 0x95, 0x63, 0x74, 0x76, 0x5f, 0x42, 0xf5, 0x04, 0x53, 0x8e, 0x5f, 0x61, 0xa6,
0xb3, 0xb2, 0xe7, 0xb3, 0xfa, 0x5e, 0x22, 0x82, 0x09, 0x12, 0x6d, 0x41, 0x95, 0x49, 0x1e, 0xac,
0x64, 0x5d, 0xd8, 0xca, 0xca, 0x4b, 0xff, 0xde, 0x04, 0x8f, 0x7c, 0x28, 0xc5, 0x64, 0x98, 0xab,
0xfd, 0xe1, 0x45, 0x7e, 0xbb, 0x64, 0x18, 0x48, 0xa0, 0x7b, 0x5a, 0x80, 0xb2, 0xba, 0x43, 0xcf,
0xa1, 0x3c, 0x88, 0x86, 0x98, 0x71, 0x95, 0x55, 0x7b, 0x53, 0x7c, 0x20, 0x7f, 0x9d, 0x6e, 0xdc,
0x31, 0xa6, 0x21, 0x49, 0x71, 0x22, 0x66, 0x77, 0x18, 0x25, 0x98, 0x32, 0x7f, 0x48, 0xee, 0x29,
0x17, 0xaf, 0x23, 0xff, 0x04, 0x9a, 0x41, 0x70, 0x45, 0x49, 0x9a, 0x71, 0xdd, 0x98, 0x37, 0xe3,
0x52, 0x0c, 0x62, 0xb4, 0x24, 0xe1, 0x08, 0xeb, 0x77, 0x4d, 0x9e, 0xc5, 0xd3, 0xda, 0x17, 0x7d,
0x3b, 0x90, 0x03, 0xa7, 0x1a, 0x68, 0x0b, 0x6d, 0x41, 0x85, 0xf1, 0x90, 0x72, 0x3c, 0x90, 0x4f,
0xd2, 0x55, 0x66, 0x42, 0xee, 0x80, 0x1e, 0x43, 0xad, 0x4f, 0x46, 0x69, 0x8c, 0x85, 0x77, 0xf9,
0x8a, 0xde, 0x53, 0x17, 0xd1, 0x3d, 0x98, 0x52, 0x42, 0xe5, 0x34, 0xaa, 0x05, 0xca, 0x70, 0xff,
0x2d, 0x40, 0xc3, 0x14, 0x6b, 0x6e, 0xd2, 0x3e, 0x87, 0xb2, 0x92, 0x5e, 0x75, 0xdd, 0xcd, 0x4a,
0xa5, 0x18, 0x16, 0x96, 0xca, 0x86, 0x4a, 0x3f, 0xa3, 0x72, 0x0c, 0xab, 0xe1, 0x9c, 0x9b, 0x22,
0x60, 0x4e, 0x78, 0x18, 0xcb, 0x52, 0x15, 0x03, 0x65, 0x88, 0xe9, 0x3c, 0xd9, 0x9e, 0xae, 0x37,
0x9d, 0x27, 0x6e, 0xa6, 0x0c, 0x95, 0xb7, 0x92, 0xa1, 0x7a, 0x6d, 0x19, 0xdc, 0x3f, 0x2c, 0xa8,
0x4d, 0xba, 0xdc, 0xa8, 0xae, 0xf5, 0xd6, 0xd5, 0x9d, 0xa9, 0x4c, 0xe1, 0x66, 0x95, 0xb9, 0x0d,
0x65, 0xc6, 0x29, 0x0e, 0x47, 0x52, 0xa3, 0x62, 0xa0, 0x2d, 0xf1, 0x9e, 0x8c, 0xd8, 0x50, 0x2a,
0xd4, 0x08, 0xc4, 0xd1, 0x75, 0xa1, 0xd1, 0x1e, 0x73, 0xcc, 0xf6, 0x30, 0x13, 0x4b, 0x89, 0xd0,
0x76, 0x10, 0xf2, 0x50, 0xe6, 0xd1, 0x08, 0xe4, 0xd9, 0xbd, 0x0b, 0x68, 0x37, 0x62, 0xfc, 0xa5,
0xdc, 0x45, 0xd9, 0xb2, 0xfd, 0xb1, 0x0b, 0xef, 0xcd, 0xa0, 0xf5, 0x2b, 0xf5, 0xd5, 0xb9, 0x0d,
0xf2, 0xb3, 0xf9, 0x57, 0x43, 0xae, 0xbc, 0x9e, 0x72, 0x9c, 0x5d, 0x24, 0x37, 0xff, 0x29, 0x42,
0x65, 0x5b, 0x6d, 0xf3, 0x68, 0x1f, 0x6a, 0x93, 0x05, 0x15, 0xb9, 0xf3, 0x34, 0xe7, 0x37, 0x5d,
0xe7, 0xd3, 0x4b, 0x31, 0x3a, 0xbe, 0x6f, 0x60, 0x45, 0x2e, 0xd7, 0x68, 0xc1, 0x33, 0x68, 0x6e,
0xdd, 0xce, 0xe5, 0xab, 0xef, 0x7d, 0x4b, 0x30, 0xc9, 0x19, 0xb2, 0x88, 0xc9, 0x5c, 0x36, 0x9c,
0x8d, 0x25, 0xc3, 0x07, 0xed, 0x41, 0x59, 0x7f, 0xce, 0x8b, 0xa0, 0xe6, 0xa4, 0x70, 0x9a, 0x17,
0x03, 0x14, 0xd9, 0x7d, 0x0b, 0xed, 0x4d, 0x36, 0xa9, 0x45, 0xa1, 0x99, 0x6d, 0xe0, 0x2c, 0xf9,
0x7f, 0xcb, 0xba, 0x6f, 0xa1, 0x1f, 0xa0, 0x6e, 0x08, 0x8d, 0x16, 0x08, 0x3a, 0xdf, 0x35, 0xce,
0xe7, 0x4b, 0x50, 0x2a, 0xd8, 0x76, 0xe3, 0xf5, 0xd9, 0xba, 0xf5, 0xe7, 0xd9, 0xba, 0xf5, 0xf7,
0xd9, 0xba, 0xd5, 0x2b, 0xcb, 0xbe, 0xff, 0xe2, 0xff, 0x00, 0x00, 0x00, 0xff, 0xff, 0x10, 0x8f,
0x03, 0xa4, 0xd1, 0x0d, 0x00, 0x00,
// 1279 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x57, 0x4f, 0x6f, 0x1b, 0x45,
0x14, 0xef, 0xda, 0x89, 0xed, 0x7d, 0x76, 0xaa, 0x30, 0x40, 0xb5, 0x5a, 0x20, 0x31, 0x0b, 0x48,
0x56, 0xd5, 0xee, 0xb6, 0x81, 0x22, 0x14, 0xa1, 0xaa, 0x75, 0x5c, 0x44, 0xaa, 0x46, 0x94, 0x49,
0x4b, 0x25, 0x0e, 0x48, 0x6b, 0x7b, 0xe2, 0xae, 0xb2, 0xde, 0x59, 0x66, 0x66, 0x43, 0xcd, 0x07,
0xe0, 0xcc, 0x77, 0xe1, 0xc0, 0x27, 0x40, 0xea, 0x91, 0x73, 0x0f, 0x29, 0xea, 0x1d, 0x4e, 0x5c,
0xb8, 0xa1, 0xf9, 0xb3, 0xce, 0x38, 0x76, 0xea, 0xa6, 0x3d, 0x65, 0xde, 0xe4, 0xf7, 0x7e, 0xfb,
0xfe, 0xcd, 0x7b, 0xcf, 0xb0, 0x36, 0xa0, 0x99, 0x60, 0x34, 0x0d, 0x73, 0x46, 0x05, 0x45, 0xeb,
0x63, 0xda, 0x9f, 0x84, 0xfd, 0x22, 0x49, 0x87, 0x87, 0x89, 0x08, 0x8f, 0xae, 0xfb, 0x57, 0x47,
0x89, 0x78, 0x5c, 0xf4, 0xc3, 0x01, 0x1d, 0x47, 0x23, 0x3a, 0xa2, 0x91, 0x02, 0xf6, 0x8b, 0x03,
0x25, 0x29, 0x41, 0x9d, 0x34, 0x81, 0xbf, 0x39, 0xa2, 0x74, 0x94, 0x92, 0x13, 0x94, 0x48, 0xc6,
0x84, 0x8b, 0x78, 0x9c, 0x1b, 0xc0, 0x15, 0x8b, 0x4f, 0x7e, 0x2c, 0x2a, 0x3f, 0x16, 0x71, 0x9a,
0x1e, 0x11, 0x16, 0xe5, 0xfd, 0x88, 0xe6, 0xdc, 0xa0, 0xa3, 0x33, 0xd1, 0x71, 0x9e, 0x44, 0x62,
0x92, 0x13, 0x1e, 0xfd, 0x44, 0xd9, 0x21, 0x61, 0x5a, 0x21, 0xf8, 0xc5, 0x81, 0xd6, 0x7d, 0x56,
0x64, 0x04, 0x93, 0x1f, 0x0b, 0xc2, 0x05, 0xba, 0x04, 0xb5, 0x83, 0x24, 0x15, 0x84, 0x79, 0x4e,
0xbb, 0xda, 0x71, 0xb1, 0x91, 0xd0, 0x3a, 0x54, 0xe3, 0x34, 0xf5, 0x2a, 0x6d, 0xa7, 0xd3, 0xc0,
0xf2, 0x88, 0x3a, 0xd0, 0x3a, 0x24, 0x24, 0xef, 0x15, 0x2c, 0x16, 0x09, 0xcd, 0xbc, 0x6a, 0xdb,
0xe9, 0x54, 0xbb, 0x2b, 0x4f, 0x8f, 0x37, 0x1d, 0x3c, 0xf3, 0x1f, 0x14, 0x80, 0x2b, 0xe5, 0xee,
0x44, 0x10, 0xee, 0xad, 0x58, 0xb0, 0x93, 0xeb, 0xe0, 0x32, 0xac, 0xf7, 0x12, 0x7e, 0xf8, 0x90,
0xc7, 0xa3, 0x65, 0xb6, 0x04, 0x77, 0xe1, 0x2d, 0x0b, 0xcb, 0x73, 0x9a, 0x71, 0x82, 0x6e, 0x40,
0x8d, 0x91, 0x01, 0x65, 0x43, 0x05, 0x6e, 0x6e, 0x7d, 0x10, 0x9e, 0xce, 0x4d, 0x68, 0x14, 0x24,
0x08, 0x1b, 0x70, 0xf0, 0x5f, 0x05, 0x9a, 0xd6, 0x3d, 0xba, 0x08, 0x95, 0xdd, 0x9e, 0xe7, 0xb4,
0x9d, 0x8e, 0x8b, 0x2b, 0xbb, 0x3d, 0xe4, 0x41, 0x7d, 0xaf, 0x10, 0x71, 0x3f, 0x25, 0xc6, 0xf7,
0x52, 0x44, 0xef, 0xc0, 0xea, 0x6e, 0xf6, 0x90, 0x13, 0xe5, 0x78, 0x03, 0x6b, 0x01, 0x21, 0x58,
0xd9, 0x4f, 0x7e, 0x26, 0xda, 0x4d, 0xac, 0xce, 0xd2, 0x8f, 0xfb, 0x31, 0x23, 0x99, 0xf0, 0x56,
0x15, 0xaf, 0x91, 0x50, 0x17, 0xdc, 0x1d, 0x46, 0x62, 0x41, 0x86, 0xb7, 0x85, 0x57, 0x6b, 0x3b,
0x9d, 0xe6, 0x96, 0x1f, 0xea, 0x82, 0x08, 0xcb, 0x82, 0x08, 0x1f, 0x94, 0x05, 0xd1, 0x6d, 0x3c,
0x3d, 0xde, 0xbc, 0xf0, 0xeb, 0x73, 0x19, 0xb7, 0xa9, 0x1a, 0xba, 0x05, 0x70, 0x2f, 0xe6, 0xe2,
0x21, 0x57, 0x24, 0xf5, 0xa5, 0x24, 0x2b, 0x8a, 0xc0, 0xd2, 0x41, 0x1b, 0x00, 0x2a, 0x00, 0x3b,
0xb4, 0xc8, 0x84, 0xd7, 0x50, 0x76, 0x5b, 0x37, 0xa8, 0x0d, 0xcd, 0x1e, 0xe1, 0x03, 0x96, 0xe4,
0x2a, 0xcd, 0xae, 0x72, 0xc1, 0xbe, 0x92, 0x0c, 0x3a, 0x7a, 0x0f, 0x26, 0x39, 0xf1, 0x40, 0x01,
0xac, 0x1b, 0xe9, 0xff, 0xfe, 0xe3, 0x98, 0x91, 0xa1, 0xd7, 0x54, 0xa1, 0x32, 0x52, 0xf0, 0xef,
0x0a, 0xb4, 0xf6, 0x65, 0x15, 0x97, 0x09, 0x5f, 0x87, 0x2a, 0x26, 0x07, 0x26, 0xfa, 0xf2, 0x88,
0x42, 0x80, 0x1e, 0x39, 0x48, 0xb2, 0x44, 0x7d, 0xbb, 0xa2, 0xdc, 0xbb, 0x18, 0xe6, 0xfd, 0xf0,
0xe4, 0x16, 0x5b, 0x08, 0xe4, 0x43, 0xe3, 0xce, 0x93, 0x9c, 0x32, 0x59, 0x34, 0x55, 0x45, 0x33,
0x95, 0xd1, 0x23, 0x58, 0x2b, 0xcf, 0xb7, 0x85, 0x60, 0xb2, 0x14, 0x65, 0xa1, 0x5c, 0x9f, 0x2f,
0x14, 0xdb, 0xa8, 0x70, 0x46, 0xe7, 0x4e, 0x26, 0xd8, 0x04, 0xcf, 0xf2, 0xc8, 0x1a, 0xd9, 0x27,
0x9c, 0x4b, 0x0b, 0x75, 0x82, 0x4b, 0x51, 0x9a, 0xf3, 0x15, 0xa3, 0x99, 0x20, 0xd9, 0x50, 0x25,
0xd8, 0xc5, 0x53, 0x59, 0x9a, 0x53, 0x9e, 0xb5, 0x39, 0xf5, 0x57, 0x32, 0x67, 0x46, 0xc7, 0x98,
0x33, 0x73, 0x87, 0xb6, 0x61, 0x75, 0x27, 0x1e, 0x3c, 0x26, 0x2a, 0x97, 0xcd, 0xad, 0x8d, 0x79,
0x42, 0xf5, 0xef, 0x6f, 0x54, 0xf2, 0xb8, 0x7a, 0x8a, 0x17, 0xb0, 0x56, 0x41, 0x3f, 0x40, 0xeb,
0x4e, 0x26, 0x12, 0x91, 0x92, 0x31, 0xc9, 0x04, 0xf7, 0x5c, 0xf9, 0xf0, 0xba, 0xdb, 0xcf, 0x8e,
0x37, 0x3f, 0x3f, 0xb3, 0xb5, 0x14, 0x22, 0x49, 0x23, 0x62, 0x69, 0x85, 0x16, 0x05, 0x9e, 0xe1,
0xf3, 0x6f, 0x01, 0x9a, 0x8f, 0xa7, 0xcc, 0xfb, 0x21, 0x99, 0x94, 0x79, 0x3f, 0x24, 0x13, 0xf9,
0xb8, 0x8e, 0xe2, 0xb4, 0xd0, 0x8f, 0xce, 0xc5, 0x5a, 0xd8, 0xae, 0x7c, 0xe1, 0x48, 0x86, 0xf9,
0x10, 0x9c, 0x87, 0x21, 0x78, 0xee, 0x40, 0xcb, 0x8e, 0x00, 0x7a, 0x1f, 0x5c, 0x6d, 0xd4, 0x49,
0xf1, 0x9d, 0x5c, 0xc8, 0xea, 0xde, 0x1d, 0x1b, 0x81, 0x7b, 0x15, 0xd5, 0x89, 0xac, 0x1b, 0xf4,
0x2d, 0x34, 0x35, 0x58, 0x67, 0xb1, 0xaa, 0xb2, 0x18, 0xbd, 0x3c, 0xe8, 0xa1, 0xa5, 0xa1, 0x73,
0x68, 0x73, 0xf8, 0x37, 0x61, 0xfd, 0x34, 0xe0, 0x5c, 0x1e, 0xfe, 0xee, 0xc0, 0x9a, 0x29, 0x1a,
0xd3, 0x1d, 0xe3, 0x92, 0x91, 0xb0, 0xf2, 0xce, 0xf4, 0xc9, 0x1b, 0x67, 0xd6, 0x9b, 0x86, 0x85,
0xa7, 0xf5, 0xb4, 0xbd, 0x73, 0x74, 0xfe, 0x0e, 0xbc, 0xbb, 0x10, 0x7a, 0x2e, 0xcb, 0x3f, 0x84,
0xb5, 0x7d, 0x11, 0x8b, 0x82, 0x9f, 0xd9, 0x12, 0x82, 0xdf, 0x1c, 0xb8, 0x58, 0x62, 0x8c, 0x77,
0x9f, 0x41, 0xe3, 0x88, 0x30, 0x41, 0x9e, 0x10, 0x6e, 0xbc, 0xf2, 0xe6, 0xbd, 0xfa, 0x4e, 0x21,
0xf0, 0x14, 0x89, 0xb6, 0xa1, 0xc1, 0x15, 0x0f, 0xd1, 0x69, 0x5d, 0xf8, 0x54, 0xb4, 0x96, 0xf9,
0xde, 0x14, 0x8f, 0x22, 0x58, 0x49, 0xe9, 0xa8, 0xcc, 0xf6, 0x7b, 0x67, 0xe9, 0xdd, 0xa3, 0x23,
0xac, 0x80, 0xc1, 0x71, 0x05, 0x6a, 0xfa, 0x0e, 0xdd, 0x85, 0xda, 0x30, 0x19, 0x11, 0x2e, 0xb4,
0x57, 0xdd, 0x2d, 0xf9, 0x00, 0x9f, 0x1d, 0x6f, 0x5e, 0xb6, 0x5e, 0x18, 0xcd, 0x49, 0x26, 0x57,
0x8d, 0x38, 0xc9, 0x08, 0xe3, 0xd1, 0x88, 0x5e, 0xd5, 0x2a, 0x61, 0x4f, 0xfd, 0xc1, 0x86, 0x41,
0x72, 0x25, 0x59, 0x5e, 0x08, 0x53, 0x98, 0xaf, 0xc7, 0xa5, 0x19, 0xe4, 0xe8, 0xca, 0xe2, 0x31,
0x31, 0x7d, 0x53, 0x9d, 0x65, 0xeb, 0x1e, 0xc8, 0xba, 0x1d, 0xaa, 0x81, 0xd6, 0xc0, 0x46, 0x42,
0xdb, 0x50, 0xe7, 0x22, 0x66, 0x82, 0x0c, 0x55, 0xcb, 0x7b, 0x95, 0x99, 0x53, 0x2a, 0xa0, 0x9b,
0xe0, 0x0e, 0xe8, 0x38, 0x4f, 0x89, 0xd4, 0xae, 0xbd, 0xa2, 0xf6, 0x89, 0x8a, 0xac, 0x1e, 0xc2,
0x18, 0x65, 0x6a, 0xda, 0xb9, 0x58, 0x0b, 0xc1, 0x3f, 0x15, 0x68, 0xd9, 0xc9, 0x9a, 0x9b, 0xe4,
0x77, 0xa1, 0xa6, 0x53, 0xaf, 0xab, 0xee, 0xf5, 0x42, 0xa5, 0x19, 0x16, 0x86, 0xca, 0x83, 0xfa,
0xa0, 0x60, 0x6a, 0xcc, 0xeb, 0xe1, 0x5f, 0x8a, 0xd2, 0x60, 0x41, 0x45, 0x9c, 0xaa, 0x50, 0x55,
0xb1, 0x16, 0xe4, 0xf4, 0x9f, 0x2e, 0x7b, 0xe7, 0x9b, 0xfe, 0x53, 0x35, 0x3b, 0x0d, 0xf5, 0x37,
0x4a, 0x43, 0xe3, 0xdc, 0x69, 0x08, 0xfe, 0x70, 0xc0, 0x9d, 0x56, 0xb9, 0x15, 0x5d, 0xe7, 0x8d,
0xa3, 0x3b, 0x13, 0x99, 0xca, 0xeb, 0x45, 0xe6, 0x12, 0xd4, 0xb8, 0x60, 0x24, 0x1e, 0xeb, 0xbd,
0x14, 0x1b, 0x49, 0xf6, 0x93, 0x31, 0x1f, 0xa9, 0x0c, 0xb5, 0xb0, 0x3c, 0x06, 0x01, 0xb4, 0xd4,
0x0a, 0xba, 0x47, 0xb8, 0x5c, 0x7a, 0x64, 0x6e, 0x87, 0xb1, 0x88, 0x95, 0x1f, 0x2d, 0xac, 0xce,
0xc1, 0x15, 0x40, 0xf7, 0x12, 0x2e, 0x1e, 0xa9, 0xd5, 0x99, 0x2f, 0xdb, 0x4f, 0xf7, 0xe1, 0xed,
0x19, 0xb4, 0xe9, 0x52, 0x5f, 0x9e, 0xda, 0x50, 0x3f, 0x9e, 0xef, 0x1a, 0x6a, 0x43, 0x0f, 0xb5,
0xe2, 0xec, 0xa2, 0xba, 0xf5, 0x77, 0x15, 0xea, 0x3b, 0xfa, 0xc7, 0x07, 0x7a, 0x00, 0xee, 0x74,
0x01, 0x46, 0xc1, 0x3c, 0xcd, 0xe9, 0x4d, 0xda, 0xff, 0xe8, 0xa5, 0x18, 0x63, 0xdf, 0xd7, 0xb0,
0xaa, 0x7e, 0x0a, 0xa0, 0x05, 0x6d, 0xd0, 0xfe, 0x8d, 0xe0, 0xbf, 0x7c, 0xb5, 0xbe, 0xe6, 0x48,
0x26, 0x35, 0x43, 0x16, 0x31, 0xd9, 0xcb, 0x8c, 0xbf, 0xb9, 0x64, 0xf8, 0xa0, 0x3d, 0xa8, 0x99,
0xe7, 0xbc, 0x08, 0x6a, 0x4f, 0x0a, 0xbf, 0x7d, 0x36, 0x40, 0x93, 0x5d, 0x73, 0xd0, 0xde, 0x74,
0x53, 0x5b, 0x64, 0x9a, 0x5d, 0x06, 0xfe, 0x92, 0xff, 0x77, 0x9c, 0x6b, 0x0e, 0xfa, 0x1e, 0x9a,
0x56, 0xa2, 0xd1, 0x82, 0x84, 0xce, 0x57, 0x8d, 0xff, 0xc9, 0x12, 0x94, 0x36, 0xb6, 0xdb, 0x7a,
0xfa, 0x62, 0xc3, 0xf9, 0xf3, 0xc5, 0x86, 0xf3, 0xd7, 0x8b, 0x0d, 0xa7, 0x5f, 0x53, 0x75, 0xff,
0xe9, 0xff, 0x01, 0x00, 0x00, 0xff, 0xff, 0xfe, 0x98, 0x98, 0x82, 0x80, 0x0e, 0x00, 0x00,
}

5
vendor/github.com/moby/buildkit/api/services/control/control.proto generated vendored
View file

@ -25,8 +25,10 @@ service Control {
}
message PruneRequest {
repeated string filter = 1; // FIXME: not implemented
repeated string filter = 1;
bool all = 2;
int64 keepDuration = 3 [(gogoproto.nullable) = true];
int64 keepBytes = 4 [(gogoproto.nullable) = true];
}
message DiskUsageRequest {
@ -60,6 +62,7 @@ message SolveRequest {
string Frontend = 6;
map<string, string> FrontendAttrs = 7;
CacheOptions Cache = 8 [(gogoproto.nullable) = false];
repeated string Entitlements = 9 [(gogoproto.customtype) = "github.com/moby/buildkit/util/entitlements.Entitlement" ];
}
message CacheOptions {

165
vendor/github.com/moby/buildkit/cache/manager.go generated vendored
View file

@ -2,6 +2,7 @@ package cache
import (
"context"
"sort"
"sync"
"time"
@ -321,14 +322,50 @@ func (cm *cacheManager) Prune(ctx context.Context, ch chan client.UsageInfo, opt
check = c
}
return cm.prune(ctx, ch, filter, opt.All, check)
totalSize := int64(0)
if opt.KeepBytes != 0 {
du, err := cm.DiskUsage(ctx, client.DiskUsageInfo{})
if err != nil {
return err
}
for _, ui := range du {
if check != nil {
if check.Exists(ui.ID) {
continue
}
}
totalSize += ui.Size
}
}
return cm.prune(ctx, ch, pruneOpt{
filter: filter,
all: opt.All,
checkShared: check,
keepDuration: opt.KeepDuration,
keepBytes: opt.KeepBytes,
totalSize: totalSize,
})
}
func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, filter filters.Filter, all bool, checkShared ExternalRefChecker) error {
var toDelete []*cacheRecord
func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, opt pruneOpt) error {
var toDelete []*deleteRecord
if opt.keepBytes != 0 && opt.totalSize < opt.keepBytes {
return nil
}
cm.mu.Lock()
gcMode := opt.keepBytes != 0
cutOff := time.Now().Add(-opt.keepDuration)
locked := map[*cacheRecord]struct{}{}
for _, cr := range cm.records {
if _, ok := locked[cr]; ok {
continue
}
cr.mu.Lock()
// ignore duplicates that share data
@ -349,11 +386,11 @@ func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, fil
}
shared := false
if checkShared != nil {
shared = checkShared.Exists(cr.ID())
if opt.checkShared != nil {
shared = opt.checkShared.Exists(cr.ID())
}
if !all {
if !opt.all {
if recordType == client.UsageRecordTypeInternal || recordType == client.UsageRecordTypeFrontend || shared {
cr.mu.Unlock()
continue
@ -367,23 +404,59 @@ func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, fil
Shared: shared,
}
if filter.Match(adaptUsageInfo(c)) {
cr.dead = true
usageCount, lastUsedAt := getLastUsed(cr.md)
c.LastUsedAt = lastUsedAt
c.UsageCount = usageCount
toDelete = append(toDelete, cr)
// mark metadata as deleted in case we crash before cleanup finished
if err := setDeleted(cr.md); err != nil {
if opt.keepDuration != 0 {
if lastUsedAt != nil && lastUsedAt.After(cutOff) {
cr.mu.Unlock()
cm.mu.Unlock()
return err
continue
}
}
if opt.filter.Match(adaptUsageInfo(c)) {
toDelete = append(toDelete, &deleteRecord{
cacheRecord: cr,
lastUsedAt: c.LastUsedAt,
usageCount: c.UsageCount,
})
if !gcMode {
cr.dead = true
// mark metadata as deleted in case we crash before cleanup finished
if err := setDeleted(cr.md); err != nil {
cr.mu.Unlock()
cm.mu.Unlock()
return err
}
} else {
locked[cr] = struct{}{}
continue // leave the record locked
}
}
}
cr.mu.Unlock()
}
if gcMode && len(toDelete) > 0 {
sortDeleteRecords(toDelete)
var err error
for i, cr := range toDelete {
// only remove single record at a time
if i == 0 {
cr.dead = true
err = setDeleted(cr.md)
}
cr.mu.Unlock()
}
if err != nil {
return err
}
toDelete = toDelete[:1]
opt.totalSize -= getSize(toDelete[0].md)
}
cm.mu.Unlock()
if len(toDelete) == 0 {
@ -443,7 +516,7 @@ func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, fil
case <-ctx.Done():
return ctx.Err()
default:
return cm.prune(ctx, ch, filter, all, checkShared)
return cm.prune(ctx, ch, opt)
}
}
@ -705,3 +778,63 @@ func adaptUsageInfo(info *client.UsageInfo) filters.Adaptor {
return "", false
})
}
type pruneOpt struct {
filter filters.Filter
all bool
checkShared ExternalRefChecker
keepDuration time.Duration
keepBytes int64
totalSize int64
}
type deleteRecord struct {
*cacheRecord
lastUsedAt *time.Time
usageCount int
lastUsedAtIndex int
usageCountIndex int
}
func sortDeleteRecords(toDelete []*deleteRecord) {
sort.Slice(toDelete, func(i, j int) bool {
if toDelete[i].lastUsedAt == nil {
return true
}
if toDelete[j].lastUsedAt == nil {
return false
}
return toDelete[i].lastUsedAt.Before(*toDelete[j].lastUsedAt)
})
maxLastUsedIndex := 0
var val time.Time
for _, v := range toDelete {
if v.lastUsedAt != nil && v.lastUsedAt.After(val) {
val = *v.lastUsedAt
maxLastUsedIndex++
}
v.lastUsedAtIndex = maxLastUsedIndex
}
sort.Slice(toDelete, func(i, j int) bool {
return toDelete[i].usageCount < toDelete[j].usageCount
})
maxUsageCountIndex := 0
var count int
for _, v := range toDelete {
if v.usageCount != count {
count = v.usageCount
maxUsageCountIndex++
}
v.usageCountIndex = maxUsageCountIndex
}
sort.Slice(toDelete, func(i, j int) bool {
return float64(toDelete[i].lastUsedAtIndex)/float64(maxLastUsedIndex)+
float64(toDelete[i].usageCountIndex)/float64(maxUsageCountIndex) <
float64(toDelete[j].lastUsedAtIndex)/float64(maxLastUsedIndex)+
float64(toDelete[j].usageCountIndex)/float64(maxUsageCountIndex)
})
}

95
vendor/github.com/moby/buildkit/client/build.go generated vendored Normal file
View file

@ -0,0 +1,95 @@
package client
import (
"context"
"github.com/moby/buildkit/client/buildid"
gateway "github.com/moby/buildkit/frontend/gateway/client"
"github.com/moby/buildkit/frontend/gateway/grpcclient"
gatewayapi "github.com/moby/buildkit/frontend/gateway/pb"
"github.com/moby/buildkit/session"
"github.com/moby/buildkit/util/apicaps"
"github.com/pkg/errors"
"google.golang.org/grpc"
)
func (c *Client) Build(ctx context.Context, opt SolveOpt, product string, buildFunc gateway.BuildFunc, statusChan chan *SolveStatus) (*SolveResponse, error) {
defer func() {
if statusChan != nil {
close(statusChan)
}
}()
if opt.Frontend != "" {
return nil, errors.New("invalid SolveOpt, Build interface cannot use Frontend")
}
if product == "" {
product = apicaps.ExportedProduct
}
feOpts := opt.FrontendAttrs
opt.FrontendAttrs = nil
workers, err := c.ListWorkers(ctx)
if err != nil {
return nil, errors.Wrap(err, "listing workers for Build")
}
var gworkers []gateway.WorkerInfo
for _, w := range workers {
gworkers = append(gworkers, gateway.WorkerInfo{
ID: w.ID,
Labels: w.Labels,
Platforms: w.Platforms,
})
}
cb := func(ref string, s *session.Session) error {
g, err := grpcclient.New(ctx, feOpts, s.ID(), product, c.gatewayClientForBuild(ref), gworkers)
if err != nil {
return err
}
if err := g.Run(ctx, buildFunc); err != nil {
return errors.Wrap(err, "failed to run Build function")
}
return nil
}
return c.solve(ctx, nil, cb, opt, statusChan)
}
func (c *Client) gatewayClientForBuild(buildid string) gatewayapi.LLBBridgeClient {
g := gatewayapi.NewLLBBridgeClient(c.conn)
return &gatewayClientForBuild{g, buildid}
}
type gatewayClientForBuild struct {
gateway gatewayapi.LLBBridgeClient
buildID string
}
func (g *gatewayClientForBuild) ResolveImageConfig(ctx context.Context, in *gatewayapi.ResolveImageConfigRequest, opts ...grpc.CallOption) (*gatewayapi.ResolveImageConfigResponse, error) {
ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)
return g.gateway.ResolveImageConfig(ctx, in, opts...)
}
func (g *gatewayClientForBuild) Solve(ctx context.Context, in *gatewayapi.SolveRequest, opts ...grpc.CallOption) (*gatewayapi.SolveResponse, error) {
ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)
return g.gateway.Solve(ctx, in, opts...)
}
func (g *gatewayClientForBuild) ReadFile(ctx context.Context, in *gatewayapi.ReadFileRequest, opts ...grpc.CallOption) (*gatewayapi.ReadFileResponse, error) {
ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)
return g.gateway.ReadFile(ctx, in, opts...)
}
func (g *gatewayClientForBuild) Ping(ctx context.Context, in *gatewayapi.PingRequest, opts ...grpc.CallOption) (*gatewayapi.PongResponse, error) {
ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)
return g.gateway.Ping(ctx, in, opts...)
}
func (g *gatewayClientForBuild) Return(ctx context.Context, in *gatewayapi.ReturnRequest, opts ...grpc.CallOption) (*gatewayapi.ReturnResponse, error) {
ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)
return g.gateway.Return(ctx, in, opts...)
}

29
vendor/github.com/moby/buildkit/client/buildid/metadata.go generated vendored Normal file
View file

@ -0,0 +1,29 @@
package buildid
import (
"context"
"google.golang.org/grpc/metadata"
)
var metadataKey = "buildkit-controlapi-buildid"
func AppendToOutgoingContext(ctx context.Context, id string) context.Context {
if id != "" {
return metadata.AppendToOutgoingContext(ctx, metadataKey, id)
}
return ctx
}
func FromIncomingContext(ctx context.Context) string {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return ""
}
if ids := md.Get(metadataKey); len(ids) == 1 {
return ids[0]
}
return ""
}

56
vendor/github.com/moby/buildkit/client/llb/exec.go generated vendored
View file

@ -2,6 +2,7 @@ package llb
import (
_ "crypto/sha256"
"net"
"sort"
"github.com/moby/buildkit/solver/pb"
@ -10,11 +11,13 @@ import (
)
type Meta struct {
Args []string
Env EnvList
Cwd string
User string
ProxyEnv *ProxyEnv
Args []string
Env EnvList
Cwd string
User string
ProxyEnv *ProxyEnv
ExtraHosts []HostIP
Network pb.NetMode
}
func NewExecOp(root Output, meta Meta, readOnly bool, c Constraints) *ExecOp {
@ -127,13 +130,26 @@ func (e *ExecOp) Marshal(c *Constraints) (digest.Digest, []byte, *pb.OpMetadata,
return e.mounts[i].target < e.mounts[j].target
})
meta := &pb.Meta{
Args: e.meta.Args,
Env: e.meta.Env.ToArray(),
Cwd: e.meta.Cwd,
User: e.meta.User,
}
if len(e.meta.ExtraHosts) > 0 {
hosts := make([]*pb.HostIP, len(e.meta.ExtraHosts))
for i, h := range e.meta.ExtraHosts {
hosts[i] = &pb.HostIP{Host: h.Host, IP: h.IP.String()}
}
meta.ExtraHosts = hosts
}
peo := &pb.ExecOp{
Meta: &pb.Meta{
Args: e.meta.Args,
Env: e.meta.Env.ToArray(),
Cwd: e.meta.Cwd,
User: e.meta.User,
},
Meta: meta,
Network: e.meta.Network,
}
if e.meta.Network != NetModeSandbox {
addCap(&e.constraints, pb.CapExecMetaNetwork)
}
if p := e.meta.ProxyEnv; p != nil {
@ -346,6 +362,12 @@ func (fn runOptionFunc) SetRunOption(ei *ExecInfo) {
fn(ei)
}
func Network(n pb.NetMode) RunOption {
return runOptionFunc(func(ei *ExecInfo) {
ei.State = network(n)(ei.State)
})
}
func Shlex(str string) RunOption {
return Shlexf(str)
}
@ -386,6 +408,12 @@ func Dirf(str string, v ...interface{}) RunOption {
})
}
func AddExtraHost(host string, ip net.IP) RunOption {
return runOptionFunc(func(ei *ExecInfo) {
ei.State = ei.State.AddExtraHost(host, ip)
})
}
func Reset(s State) RunOption {
return runOptionFunc(func(ei *ExecInfo) {
ei.State = ei.State.Reset(s)
@ -492,3 +520,9 @@ const (
CacheMountPrivate
CacheMountLocked
)
const (
NetModeSandbox = pb.NetMode_UNSET
NetModeHost = pb.NetMode_HOST
NetModeNone = pb.NetMode_NONE
)

48
vendor/github.com/moby/buildkit/client/llb/meta.go generated vendored
View file

@ -2,21 +2,25 @@ package llb
import (
"fmt"
"net"
"path"
"github.com/containerd/containerd/platforms"
"github.com/google/shlex"
"github.com/moby/buildkit/solver/pb"
specs "github.com/opencontainers/image-spec/specs-go/v1"
)
type contextKeyT string
var (
keyArgs = contextKeyT("llb.exec.args")
keyDir = contextKeyT("llb.exec.dir")
keyEnv = contextKeyT("llb.exec.env")
keyUser = contextKeyT("llb.exec.user")
keyPlatform = contextKeyT("llb.platform")
keyArgs = contextKeyT("llb.exec.args")
keyDir = contextKeyT("llb.exec.dir")
keyEnv = contextKeyT("llb.exec.env")
keyUser = contextKeyT("llb.exec.user")
keyExtraHost = contextKeyT("llb.exec.extrahost")
keyPlatform = contextKeyT("llb.platform")
keyNetwork = contextKeyT("llb.network")
)
func addEnv(key, value string) StateOption {
@ -124,6 +128,40 @@ func getPlatform(s State) *specs.Platform {
return nil
}
func extraHost(host string, ip net.IP) StateOption {
return func(s State) State {
return s.WithValue(keyExtraHost, append(getExtraHosts(s), HostIP{Host: host, IP: ip}))
}
}
func getExtraHosts(s State) []HostIP {
v := s.Value(keyExtraHost)
if v != nil {
return v.([]HostIP)
}
return nil
}
type HostIP struct {
Host string
IP net.IP
}
func network(v pb.NetMode) StateOption {
return func(s State) State {
return s.WithValue(keyNetwork, v)
}
}
func getNetwork(s State) pb.NetMode {
v := s.Value(keyNetwork)
if v != nil {
n := v.(pb.NetMode)
return n
}
return NetModeSandbox
}
type EnvList []KeyValue
type KeyValue struct {

25
vendor/github.com/moby/buildkit/client/llb/state.go generated vendored
View file

@ -3,6 +3,7 @@ package llb
import (
"context"
"fmt"
"net"
"github.com/containerd/containerd/platforms"
"github.com/moby/buildkit/identity"
@ -181,11 +182,13 @@ func (s State) Run(ro ...RunOption) ExecState {
o.SetRunOption(ei)
}
meta := Meta{
Args: getArgs(ei.State),
Cwd: getDir(ei.State),
Env: getEnv(ei.State),
User: getUser(ei.State),
ProxyEnv: ei.ProxyEnv,
Args: getArgs(ei.State),
Cwd: getDir(ei.State),
Env: getEnv(ei.State),
User: getUser(ei.State),
ProxyEnv: ei.ProxyEnv,
ExtraHosts: getExtraHosts(ei.State),
Network: getNetwork(ei.State),
}
exec := NewExecOp(s.Output(), meta, ei.ReadonlyRootFS, ei.Constraints)
@ -247,6 +250,14 @@ func (s State) GetPlatform() *specs.Platform {
return getPlatform(s)
}
func (s State) Network(n pb.NetMode) State {
return network(n)(s)
}
func (s State) GetNetwork() pb.NetMode {
return getNetwork(s)
}
func (s State) With(so ...StateOption) State {
for _, o := range so {
s = o(s)
@ -254,6 +265,10 @@ func (s State) With(so ...StateOption) State {
return s
}
func (s State) AddExtraHost(host string, ip net.IP) State {
return extraHost(host, ip)(s)
}
type output struct {
vertex Vertex
getIndex func() (pb.OutputIndex, error)

20
vendor/github.com/moby/buildkit/client/prune.go generated vendored
View file

@ -3,6 +3,7 @@ package client
import (
"context"
"io"
"time"
controlapi "github.com/moby/buildkit/api/services/control"
"github.com/pkg/errors"
@ -14,7 +15,11 @@ func (c *Client) Prune(ctx context.Context, ch chan UsageInfo, opts ...PruneOpti
o.SetPruneOption(info)
}
req := &controlapi.PruneRequest{Filter: info.Filter}
req := &controlapi.PruneRequest{
Filter: info.Filter,
KeepDuration: int64(info.KeepDuration),
KeepBytes: int64(info.KeepBytes),
}
if info.All {
req.All = true
}
@ -54,8 +59,10 @@ type PruneOption interface {
}
type PruneInfo struct {
Filter []string
All bool
Filter []string
All bool
KeepDuration time.Duration
KeepBytes int64
}
type pruneOptionFunc func(*PruneInfo)
@ -67,3 +74,10 @@ func (f pruneOptionFunc) SetPruneOption(pi *PruneInfo) {
var PruneAll = pruneOptionFunc(func(pi *PruneInfo) {
pi.All = true
})
func WithKeepOpt(duration time.Duration, bytes int64) PruneOption {
return pruneOptionFunc(func(pi *PruneInfo) {
pi.KeepDuration = duration
pi.KeepBytes = bytes
})
}

63
vendor/github.com/moby/buildkit/client/solve.go generated vendored
View file

@ -15,6 +15,7 @@ import (
"github.com/moby/buildkit/session/filesync"
"github.com/moby/buildkit/session/grpchijack"
"github.com/moby/buildkit/solver/pb"
"github.com/moby/buildkit/util/entitlements"
opentracing "github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@ -22,18 +23,19 @@ import (
)
type SolveOpt struct {
Exporter string
ExporterAttrs map[string]string
ExporterOutput io.WriteCloser // for ExporterOCI and ExporterDocker
ExporterOutputDir string // for ExporterLocal
LocalDirs map[string]string
SharedKey string
Frontend string
FrontendAttrs map[string]string
ExportCache string
ExportCacheAttrs map[string]string
ImportCache []string
Session []session.Attachable
Exporter string
ExporterAttrs map[string]string
ExporterOutput io.WriteCloser // for ExporterOCI and ExporterDocker
ExporterOutputDir string // for ExporterLocal
LocalDirs map[string]string
SharedKey string
Frontend string
FrontendAttrs map[string]string
ExportCache string
ExportCacheAttrs map[string]string
ImportCache []string
Session []session.Attachable
AllowedEntitlements []entitlements.Entitlement
}
// Solve calls Solve on the controller.
@ -52,6 +54,16 @@ func (c *Client) Solve(ctx context.Context, def *llb.Definition, opt SolveOpt, s
return nil, errors.Errorf("invalid definition for frontend %s", opt.Frontend)
}
return c.solve(ctx, def, nil, opt, statusChan)
}
type runGatewayCB func(ref string, s *session.Session) error
func (c *Client) solve(ctx context.Context, def *llb.Definition, runGateway runGatewayCB, opt SolveOpt, statusChan chan *SolveStatus) (*SolveResponse, error) {
if def != nil && runGateway != nil {
return nil, errors.New("invalid with def and cb")
}
syncedDirs, err := prepareSyncedDirs(def, opt.LocalDirs)
if err != nil {
return nil, err
@ -110,8 +122,12 @@ func (c *Client) Solve(ctx context.Context, def *llb.Definition, opt SolveOpt, s
return s.Run(statusContext, grpchijack.Dialer(c.controlClient()))
})
solveCtx, cancelSolve := context.WithCancel(ctx)
var res *SolveResponse
eg.Go(func() error {
ctx := solveCtx
defer cancelSolve()
defer func() { // make sure the Status ends cleanly on build errors
go func() {
<-time.After(3 * time.Second)
@ -137,6 +153,7 @@ func (c *Client) Solve(ctx context.Context, def *llb.Definition, opt SolveOpt, s
ImportRefs: opt.ImportCache,
ExportAttrs: opt.ExportCacheAttrs,
},
Entitlements: opt.AllowedEntitlements,
})
if err != nil {
return errors.Wrap(err, "failed to solve")
@ -147,6 +164,28 @@ func (c *Client) Solve(ctx context.Context, def *llb.Definition, opt SolveOpt, s
return nil
})
if runGateway != nil {
eg.Go(func() error {
err := runGateway(ref, s)
if err == nil {
return nil
}
// If the callback failed then the main
// `Solve` (called above) should error as
// well. However as a fallback we wait up to
// 5s for that to happen before failing this
// goroutine.
select {
case <-solveCtx.Done():
case <-time.After(5 * time.Second):
cancelSolve()
}
return err
})
}
eg.Go(func() error {
stream, err := c.controlClient().Status(statusContext, &controlapi.StatusRequest{
Ref: ref,

29
vendor/github.com/moby/buildkit/control/control.go generated vendored
View file

@ -2,12 +2,14 @@ package control
import (
"context"
"time"
"github.com/docker/distribution/reference"
controlapi "github.com/moby/buildkit/api/services/control"
apitypes "github.com/moby/buildkit/api/types"
"github.com/moby/buildkit/cache/remotecache"
"github.com/moby/buildkit/client"
controlgateway "github.com/moby/buildkit/control/gateway"
"github.com/moby/buildkit/exporter"
"github.com/moby/buildkit/frontend"
"github.com/moby/buildkit/session"
@ -34,29 +36,34 @@ type Opt struct {
}
type Controller struct { // TODO: ControlService
opt Opt
solver *llbsolver.Solver
cache solver.CacheManager
opt Opt
solver *llbsolver.Solver
cache solver.CacheManager
gatewayForwarder *controlgateway.GatewayForwarder
}
func NewController(opt Opt) (*Controller, error) {
cache := solver.NewCacheManager("local", opt.CacheKeyStorage, worker.NewCacheResultStorage(opt.WorkerController))
solver, err := llbsolver.New(opt.WorkerController, opt.Frontends, cache, opt.ResolveCacheImporterFunc)
gatewayForwarder := controlgateway.NewGatewayForwarder()
solver, err := llbsolver.New(opt.WorkerController, opt.Frontends, cache, opt.ResolveCacheImporterFunc, gatewayForwarder)
if err != nil {
return nil, errors.Wrap(err, "failed to create solver")
}
c := &Controller{
opt: opt,
solver: solver,
cache: cache,
opt: opt,
solver: solver,
cache: cache,
gatewayForwarder: gatewayForwarder,
}
return c, nil
}
func (c *Controller) Register(server *grpc.Server) error {
controlapi.RegisterControlServer(server, c)
c.gatewayForwarder.Register(server)
return nil
}
@ -120,8 +127,10 @@ func (c *Controller) Prune(req *controlapi.PruneRequest, stream controlapi.Contr
func(w worker.Worker) {
eg.Go(func() error {
return w.Prune(ctx, ch, client.PruneInfo{
Filter: req.Filter,
All: req.All,
Filter: req.Filter,
All: req.All,
KeepDuration: time.Duration(req.KeepDuration),
KeepBytes: req.KeepBytes,
})
})
}(w)
@ -213,7 +222,7 @@ func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (*
Exporter: expi,
CacheExporter: cacheExporter,
CacheExportMode: parseCacheExporterOpt(req.Cache.ExportAttrs),
})
}, req.Entitlements)
if err != nil {
return nil, err
}

127
vendor/github.com/moby/buildkit/control/gateway/gateway.go generated vendored Normal file
View file

@ -0,0 +1,127 @@
package gateway
import (
"context"
"sync"
"time"
"github.com/moby/buildkit/client/buildid"
"github.com/moby/buildkit/frontend/gateway"
gwapi "github.com/moby/buildkit/frontend/gateway/pb"
"github.com/pkg/errors"
"google.golang.org/grpc"
)
type GatewayForwarder struct {
mu sync.RWMutex
updateCond *sync.Cond
builds map[string]gateway.LLBBridgeForwarder
}
func NewGatewayForwarder() *GatewayForwarder {
gwf := &GatewayForwarder{
builds: map[string]gateway.LLBBridgeForwarder{},
}
gwf.updateCond = sync.NewCond(gwf.mu.RLocker())
return gwf
}
func (gwf *GatewayForwarder) Register(server *grpc.Server) {
gwapi.RegisterLLBBridgeServer(server, gwf)
}
func (gwf *GatewayForwarder) RegisterBuild(ctx context.Context, id string, bridge gateway.LLBBridgeForwarder) error {
gwf.mu.Lock()
defer gwf.mu.Unlock()
if _, ok := gwf.builds[id]; ok {
return errors.Errorf("build ID %s exists", id)
}
gwf.builds[id] = bridge
gwf.updateCond.Broadcast()
return nil
}
func (gwf *GatewayForwarder) UnregisterBuild(ctx context.Context, id string) {
gwf.mu.Lock()
defer gwf.mu.Unlock()
delete(gwf.builds, id)
gwf.updateCond.Broadcast()
}
func (gwf *GatewayForwarder) lookupForwarder(ctx context.Context) (gateway.LLBBridgeForwarder, error) {
bid := buildid.FromIncomingContext(ctx)
if bid == "" {
return nil, errors.New("no buildid found in context")
}
ctx, cancel := context.WithTimeout(ctx, 3*time.Second)
defer cancel()
go func() {
<-ctx.Done()
gwf.updateCond.Broadcast()
}()
gwf.mu.RLock()
defer gwf.mu.RUnlock()
for {
select {
case <-ctx.Done():
return nil, errors.Errorf("no such job %s", bid)
default:
}
fwd, ok := gwf.builds[bid]
if !ok {
gwf.updateCond.Wait()
continue
}
return fwd, nil
}
}
func (gwf *GatewayForwarder) ResolveImageConfig(ctx context.Context, req *gwapi.ResolveImageConfigRequest) (*gwapi.ResolveImageConfigResponse, error) {
fwd, err := gwf.lookupForwarder(ctx)
if err != nil {
return nil, errors.Wrap(err, "forwarding ResolveImageConfig")
}
return fwd.ResolveImageConfig(ctx, req)
}
func (gwf *GatewayForwarder) Solve(ctx context.Context, req *gwapi.SolveRequest) (*gwapi.SolveResponse, error) {
fwd, err := gwf.lookupForwarder(ctx)
if err != nil {
return nil, errors.Wrap(err, "forwarding Solve")
}
return fwd.Solve(ctx, req)
}
func (gwf *GatewayForwarder) ReadFile(ctx context.Context, req *gwapi.ReadFileRequest) (*gwapi.ReadFileResponse, error) {
fwd, err := gwf.lookupForwarder(ctx)
if err != nil {
return nil, errors.Wrap(err, "forwarding ReadFile")
}
return fwd.ReadFile(ctx, req)
}
func (gwf *GatewayForwarder) Ping(ctx context.Context, req *gwapi.PingRequest) (*gwapi.PongResponse, error) {
fwd, err := gwf.lookupForwarder(ctx)
if err != nil {
return nil, errors.Wrap(err, "forwarding Ping")
}
return fwd.Ping(ctx, req)
}
func (gwf *GatewayForwarder) Return(ctx context.Context, req *gwapi.ReturnRequest) (*gwapi.ReturnResponse, error) {
fwd, err := gwf.lookupForwarder(ctx)
if err != nil {
return nil, errors.Wrap(err, "forwarding Return")
}
res, err := fwd.Return(ctx, req)
return res, err
}

10
vendor/github.com/moby/buildkit/executor/executor.go generated vendored
View file

@ -3,8 +3,10 @@ package executor
import (
"context"
"io"
"net"
"github.com/moby/buildkit/cache"
"github.com/moby/buildkit/solver/pb"
)
type Meta struct {
@ -14,7 +16,8 @@ type Meta struct {
Cwd string
Tty bool
ReadonlyRootFS bool
// DisableNetworking bool
ExtraHosts []HostIP
NetMode pb.NetMode
}
type Mount struct {
@ -28,3 +31,8 @@ type Executor interface {
// TODO: add stdout/err
Exec(ctx context.Context, meta Meta, rootfs cache.Mountable, mounts []Mount, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error
}
type HostIP struct {
Host string
IP net.IP
}

73
vendor/github.com/moby/buildkit/executor/oci/hosts.go generated vendored
View file

@ -1,10 +1,15 @@
package oci
import (
"bytes"
"context"
"fmt"
"io/ioutil"
"os"
"path/filepath"
"github.com/moby/buildkit/executor"
"github.com/moby/buildkit/identity"
)
const hostsContent = `
@ -12,27 +17,53 @@ const hostsContent = `
::1 localhost ip6-localhost ip6-loopback
`
func GetHostsFile(ctx context.Context, stateDir string) (string, error) {
p := filepath.Join(stateDir, "hosts")
_, err := g.Do(ctx, stateDir, func(ctx context.Context) (interface{}, error) {
_, err := os.Stat(p)
if err == nil {
return "", nil
func GetHostsFile(ctx context.Context, stateDir string, extraHosts []executor.HostIP) (string, func(), error) {
if len(extraHosts) == 0 {
_, err := g.Do(ctx, stateDir, func(ctx context.Context) (interface{}, error) {
_, _, err := makeHostsFile(stateDir, nil)
return nil, err
})
if err != nil {
return "", nil, err
}
if !os.IsNotExist(err) {
return "", err
}
if err := ioutil.WriteFile(p+".tmp", []byte(hostsContent), 0644); err != nil {
return "", err
}
if err := os.Rename(p+".tmp", p); err != nil {
return "", err
}
return "", nil
})
if err != nil {
return "", err
return filepath.Join(stateDir, "hosts"), func() {}, nil
}
return p, nil
return makeHostsFile(stateDir, extraHosts)
}
func makeHostsFile(stateDir string, extraHosts []executor.HostIP) (string, func(), error) {
p := filepath.Join(stateDir, "hosts")
if len(extraHosts) != 0 {
p += "." + identity.NewID()
}
_, err := os.Stat(p)
if err == nil {
return "", func() {}, nil
}
if !os.IsNotExist(err) {
return "", nil, err
}
b := &bytes.Buffer{}
if _, err := b.Write([]byte(hostsContent)); err != nil {
return "", nil, err
}
for _, h := range extraHosts {
if _, err := b.Write([]byte(fmt.Sprintf("%s\t%s\n", h.IP.String(), h.Host))); err != nil {
return "", nil, err
}
}
if err := ioutil.WriteFile(p+".tmp", b.Bytes(), 0644); err != nil {
return "", nil, err
}
if err := os.Rename(p+".tmp", p); err != nil {
return "", nil, err
}
return p, func() {
os.RemoveAll(p)
}, nil
}

8
vendor/github.com/moby/buildkit/executor/oci/spec_unix.go generated vendored
View file

@ -21,7 +21,7 @@ import (
// Ideally we don't have to import whole containerd just for the default spec
// GenerateSpec generates spec using containerd functionality.
func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, id, resolvConf, hostsFile string, opts ...oci.SpecOpts) (*specs.Spec, func(), error) {
func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, id, resolvConf, hostsFile string, hostNetwork bool, opts ...oci.SpecOpts) (*specs.Spec, func(), error) {
c := &containers.Container{
ID: id,
}
@ -30,9 +30,9 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou
ctx = namespaces.WithNamespace(ctx, "buildkit")
}
opts = append(opts,
oci.WithHostNamespace(specs.NetworkNamespace),
)
if hostNetwork {
opts = append(opts, oci.WithHostNamespace(specs.NetworkNamespace))
}
// Note that containerd.GenerateSpec is namespaced so as to make
// specs.Linux.CgroupsPath namespaced

253
vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go generated vendored
View file

@ -10,6 +10,7 @@ import (
"path/filepath"
"strconv"
"strings"
"sync"
"syscall"
"github.com/containerd/containerd/contrib/seccomp"
@ -21,9 +22,12 @@ import (
"github.com/moby/buildkit/executor"
"github.com/moby/buildkit/executor/oci"
"github.com/moby/buildkit/identity"
"github.com/moby/buildkit/solver/pb"
"github.com/moby/buildkit/util/network"
rootlessspecconv "github.com/moby/buildkit/util/rootless/specconv"
"github.com/moby/buildkit/util/system"
"github.com/opencontainers/runtime-spec/specs-go"
runcsystem "github.com/opencontainers/runc/libcontainer/system"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@ -39,13 +43,14 @@ type Opt struct {
var defaultCommandCandidates = []string{"buildkit-runc", "runc"}
type runcExecutor struct {
runc *runc.Runc
root string
cmd string
rootless bool
runc *runc.Runc
root string
cmd string
rootless bool
networkProvider network.Provider
}
func New(opt Opt) (executor.Executor, error) {
func New(opt Opt, networkProvider network.Provider) (executor.Executor, error) {
cmds := opt.CommandCandidates
if cmds == nil {
cmds = defaultCommandCandidates
@ -65,6 +70,10 @@ func New(opt Opt) (executor.Executor, error) {
root := opt.Root
if err := setSubReaper(); err != nil {
return nil, err
}
if err := os.MkdirAll(root, 0700); err != nil {
return nil, errors.Wrapf(err, "failed to create %s", root)
}
@ -89,24 +98,49 @@ func New(opt Opt) (executor.Executor, error) {
}
w := &runcExecutor{
runc: runtime,
root: root,
rootless: opt.Rootless,
runc: runtime,
root: root,
rootless: opt.Rootless,
networkProvider: networkProvider,
}
return w, nil
}
func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.Mountable, mounts []executor.Mount, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error {
var iface network.Interface
// FIXME: still uses host if no provider configured
if meta.NetMode == pb.NetMode_UNSET {
if w.networkProvider != nil {
var err error
iface, err = w.networkProvider.NewInterface()
if err != nil || iface == nil {
meta.NetMode = pb.NetMode_HOST
}
} else {
meta.NetMode = pb.NetMode_HOST
}
}
if meta.NetMode == pb.NetMode_HOST {
logrus.Info("enabling HostNetworking")
}
defer func() {
if iface != nil {
w.networkProvider.Release(iface)
}
}()
resolvConf, err := oci.GetResolvConf(ctx, w.root)
if err != nil {
return err
}
hostsFile, err := oci.GetHostsFile(ctx, w.root)
hostsFile, clean, err := oci.GetHostsFile(ctx, w.root, meta.ExtraHosts)
if err != nil {
return err
}
if clean != nil {
defer clean()
}
mountable, err := root.Mount(ctx, false)
if err != nil {
@ -145,6 +179,7 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
return err
}
defer f.Close()
opts := []containerdoci.SpecOpts{oci.WithUIDGID(uid, gid, sgids)}
if system.SeccompSupported() {
opts = append(opts, seccomp.WithDefaultProfile())
@ -152,7 +187,7 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
if meta.ReadonlyRootFS {
opts = append(opts, containerdoci.WithRootFSReadonly())
}
spec, cleanup, err := oci.GenerateSpec(ctx, meta, mounts, id, resolvConf, hostsFile, opts...)
spec, cleanup, err := oci.GenerateSpec(ctx, meta, mounts, id, resolvConf, hostsFile, meta.NetMode == pb.NetMode_HOST, opts...)
if err != nil {
return err
}
@ -184,32 +219,140 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
return err
}
logrus.Debugf("> running %s %v", id, meta.Args)
forwardIO, err := newForwardIO(stdin, stdout, stderr)
if err != nil {
return errors.Wrap(err, "creating new forwarding IO")
}
defer forwardIO.Close()
status, err := w.runc.Run(ctx, id, bundle, &runc.CreateOpts{
IO: &forwardIO{stdin: stdin, stdout: stdout, stderr: stderr},
pidFilePath := filepath.Join(w.root, "runc_pid_"+identity.NewID())
defer os.RemoveAll(pidFilePath)
logrus.Debugf("> creating %s %v", id, meta.Args)
err = w.runc.Create(ctx, id, bundle, &runc.CreateOpts{
PidFile: pidFilePath,
IO: forwardIO,
})
logrus.Debugf("< completed %s %v %v", id, status, err)
if status != 0 {
select {
case <-ctx.Done():
// runc can't report context.Cancelled directly
return errors.Wrapf(ctx.Err(), "exit code %d", status)
default:
}
return errors.Errorf("exit code %d", status)
if err != nil {
return err
}
forwardIO.release()
defer func() {
go func() {
if err := w.runc.Delete(context.TODO(), id, &runc.DeleteOpts{}); err != nil {
logrus.Errorf("failed to delete %s: %+v", id, err)
}
}()
}()
dt, err := ioutil.ReadFile(pidFilePath)
if err != nil {
return err
}
pid, err := strconv.Atoi(string(dt))
if err != nil {
return err
}
return err
done := make(chan struct{})
defer close(done)
go func() {
select {
case <-done:
case <-ctx.Done():
syscall.Kill(-pid, syscall.SIGKILL)
}
}()
if iface != nil {
if err := iface.Set(pid); err != nil {
return errors.Wrap(err, "could not set the network")
}
defer func() {
iface.Remove(pid)
}()
}
err = w.runc.Start(ctx, id)
if err != nil {
return err
}
p, err := os.FindProcess(pid)
if err != nil {
return err
}
status := 0
ps, err := p.Wait()
if err != nil {
status = 255
}
if ws, ok := ps.Sys().(syscall.WaitStatus); ok {
status = ws.ExitStatus()
}
if status != 0 {
return errors.Errorf("exit code: %d", status)
}
return nil
}
type forwardIO struct {
stdin io.ReadCloser
stdout, stderr io.WriteCloser
stdin, stdout, stderr *os.File
toRelease []io.Closer
toClose []io.Closer
}
func newForwardIO(stdin io.ReadCloser, stdout, stderr io.WriteCloser) (f *forwardIO, err error) {
fio := &forwardIO{}
defer func() {
if err != nil {
fio.Close()
}
}()
if stdin != nil {
fio.stdin, err = fio.readCloserToFile(stdin)
if err != nil {
return nil, err
}
}
if stdout != nil {
fio.stdout, err = fio.writeCloserToFile(stdout)
if err != nil {
return nil, err
}
}
if stderr != nil {
fio.stderr, err = fio.writeCloserToFile(stderr)
if err != nil {
return nil, err
}
}
return fio, nil
}
func (s *forwardIO) Close() error {
return nil
s.release()
var err error
for _, cl := range s.toClose {
if err1 := cl.Close(); err == nil {
err = err1
}
}
s.toClose = nil
return err
}
// release releases active FDs if the process doesn't need them any more
func (s *forwardIO) release() {
for _, cl := range s.toRelease {
cl.Close()
}
s.toRelease = nil
}
func (s *forwardIO) Set(cmd *exec.Cmd) {
@ -218,6 +361,62 @@ func (s *forwardIO) Set(cmd *exec.Cmd) {
cmd.Stderr = s.stderr
}
func (s *forwardIO) readCloserToFile(rc io.ReadCloser) (*os.File, error) {
if f, ok := rc.(*os.File); ok {
return f, nil
}
pr, pw, err := os.Pipe()
if err != nil {
return nil, err
}
s.toClose = append(s.toClose, pw)
s.toRelease = append(s.toRelease, pr)
go func() {
_, err := io.Copy(pw, rc)
if err1 := pw.Close(); err == nil {
err = err1
}
_ = err
}()
return pr, nil
}
func (s *forwardIO) writeCloserToFile(wc io.WriteCloser) (*os.File, error) {
if f, ok := wc.(*os.File); ok {
return f, nil
}
pr, pw, err := os.Pipe()
if err != nil {
return nil, err
}
s.toClose = append(s.toClose, pr)
s.toRelease = append(s.toRelease, pw)
go func() {
_, err := io.Copy(wc, pr)
if err1 := pw.Close(); err == nil {
err = err1
}
_ = err
}()
return pw, nil
}
var subReaperOnce sync.Once
var subReaperError error
// DisableSubReaper prevents setting subreaper on the current process.
// Do not rely on this function it may change or be removed.
func DisableSubReaper() {
subReaperOnce.Do(func() {})
}
func setSubReaper() error {
subReaperOnce.Do(func() {
subReaperError = runcsystem.SetSubreaper(1)
})
return subReaperError
}
func (s *forwardIO) Stdin() io.WriteCloser {
return nil
}

58
vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go generated vendored
View file

@ -4,8 +4,10 @@ import (
"archive/tar"
"bytes"
"context"
"encoding/csv"
"encoding/json"
"fmt"
"net"
"regexp"
"strconv"
"strings"
@ -36,6 +38,8 @@ const (
keyTargetPlatform = "platform"
keyMultiPlatform = "multi-platform"
keyImageResolveMode = "image-resolve-mode"
keyGlobalAddHosts = "add-hosts"
keyForceNetwork = "force-network-mode"
)
var httpPrefix = regexp.MustCompile("^https?://")
@ -64,6 +68,16 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) {
return nil, err
}
extraHosts, err := parseExtraHosts(opts[keyGlobalAddHosts])
if err != nil {
return nil, errors.Wrap(err, "failed to parse additional hosts")
}
defaultNetMode, err := parseNetMode(opts[keyForceNetwork])
if err != nil {
return nil, err
}
filename := opts[keyFilename]
if filename == "" {
filename = defaultDockerfileName
@ -250,6 +264,8 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) {
BuildPlatforms: buildPlatforms,
ImageResolveMode: resolveMode,
PrefixPlatform: exportMap,
ExtraHosts: extraHosts,
ForceNetMode: defaultNetMode,
})
if err != nil {
@ -413,3 +429,45 @@ func parseResolveMode(v string) (llb.ResolveMode, error) {
return 0, errors.Errorf("invalid image-resolve-mode: %s", v)
}
}
func parseExtraHosts(v string) ([]llb.HostIP, error) {
if v == "" {
return nil, nil
}
out := make([]llb.HostIP, 0)
csvReader := csv.NewReader(strings.NewReader(v))
fields, err := csvReader.Read()
if err != nil {
return nil, err
}
for _, field := range fields {
parts := strings.SplitN(field, "=", 2)
if len(parts) != 2 {
return nil, errors.Errorf("invalid key-value pair %s", field)
}
key := strings.ToLower(parts[0])
val := strings.ToLower(parts[1])
ip := net.ParseIP(val)
if ip == nil {
return nil, errors.Errorf("failed to parse IP %s", val)
}
out = append(out, llb.HostIP{Host: key, IP: ip})
}
return out, nil
}
func parseNetMode(v string) (pb.NetMode, error) {
if v == "" {
return llb.NetModeSandbox, nil
}
switch v {
case "none":
return llb.NetModeNone, nil
case "host":
return llb.NetModeHost, nil
case "sandbox":
return llb.NetModeSandbox, nil
default:
return 0, errors.Errorf("invalid netmode %s", v)
}
}

9
vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go generated vendored
View file

@ -22,6 +22,7 @@ import (
"github.com/moby/buildkit/frontend/dockerfile/parser"
"github.com/moby/buildkit/frontend/dockerfile/shell"
gw "github.com/moby/buildkit/frontend/gateway/client"
"github.com/moby/buildkit/solver/pb"
specs "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
"golang.org/x/sync/errgroup"
@ -52,6 +53,8 @@ type ConvertOpt struct {
TargetPlatform *specs.Platform
BuildPlatforms []specs.Platform
PrefixPlatform bool
ExtraHosts []llb.HostIP
ForceNetMode pb.NetMode
}
func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State, *Image, error) {
@ -282,6 +285,7 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
return nil, nil, err
}
}
d.state = d.state.Network(opt.ForceNetMode)
opt := dispatchOpt{
allDispatchStates: allDispatchStates,
@ -294,6 +298,7 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
cacheIDNamespace: opt.CacheIDNamespace,
buildPlatforms: platformOpt.buildPlatforms,
targetPlatform: platformOpt.targetPlatform,
extraHosts: opt.ExtraHosts,
}
if err = dispatchOnBuild(d, d.image.Config.OnBuild, opt); err != nil {
@ -397,6 +402,7 @@ type dispatchOpt struct {
cacheIDNamespace string
targetPlatform specs.Platform
buildPlatforms []specs.Platform
extraHosts []llb.HostIP
}
func dispatch(d *dispatchState, cmd command, opt dispatchOpt) error {
@ -584,6 +590,9 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE
}
opt = append(opt, runMounts...)
opt = append(opt, llb.WithCustomName(prefixCommand(d, uppercaseCmd(processCmdEnv(dopt.shlex, c.String(), d.state.Run(opt...).Env())), d.prefixPlatform, d.state.GetPlatform())))
for _, h := range dopt.extraHosts {
opt = append(opt, llb.AddExtraHost(h.Host, h.IP))
}
d.state = d.state.Run(opt...).Root()
return commitToHistory(&d.image, "RUN "+runCommandString(args, d.buildArgs), true, &d.state)
}

13
vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_nosecrets.go generated vendored Normal file
View file

@ -0,0 +1,13 @@
// +build dfrunmount,!dfsecrets
package dockerfile2llb
import (
"github.com/moby/buildkit/client/llb"
"github.com/moby/buildkit/frontend/dockerfile/instructions"
"github.com/pkg/errors"
)
func dispatchSecret(m *instructions.Mount) (llb.RunOption, error) {
return nil, errors.Errorf("secret mounts not allowed")
}

8
vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go generated vendored
View file

@ -57,6 +57,14 @@ func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []*
st = llb.Scratch()
mountOpts = append(mountOpts, llb.Tmpfs())
}
if mount.Type == instructions.MountTypeSecret {
secret, err := dispatchSecret(mount)
if err != nil {
return nil, err
}
out = append(out, secret)
continue
}
if mount.ReadOnly {
mountOpts = append(mountOpts, llb.Readonly)
}

32
vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_secrets.go generated vendored Normal file
View file

@ -0,0 +1,32 @@
// +build dfsecrets dfextall
package dockerfile2llb
import (
"path"
"github.com/moby/buildkit/client/llb"
"github.com/moby/buildkit/frontend/dockerfile/instructions"
"github.com/pkg/errors"
)
func dispatchSecret(m *instructions.Mount) (llb.RunOption, error) {
id := m.CacheID
if m.Source != "" {
id = m.Source
}
if id == "" {
if m.Target == "" {
return nil, errors.Errorf("one of source, target required")
}
id = path.Base(m.Target)
}
target := m.Target
if target == "" {
target = "/run/secrets/" + path.Base(id)
}
return llb.AddSecret(target, llb.SecretID(id)), nil
}

7
vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_nosecrets.go generated vendored Normal file
View file

@ -0,0 +1,7 @@
// +build !dfsecrets
package instructions
func isSecretMountsSupported() bool {
return false
}

28
vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go generated vendored
View file

@ -13,11 +13,13 @@ import (
const MountTypeBind = "bind"
const MountTypeCache = "cache"
const MountTypeTmpfs = "tmpfs"
const MountTypeSecret = "secret"
var allowedMountTypes = map[string]struct{}{
MountTypeBind: {},
MountTypeCache: {},
MountTypeTmpfs: {},
MountTypeBind: {},
MountTypeCache: {},
MountTypeTmpfs: {},
MountTypeSecret: {},
}
const MountSharingShared = "shared"
@ -40,6 +42,11 @@ func init() {
}
func isValidMountType(s string) bool {
if s == "secret" {
if !isSecretMountsSupported() {
return false
}
}
_, ok := allowedMountTypes[s]
return ok
}
@ -177,5 +184,20 @@ func parseMount(value string) (*Mount, error) {
return nil, errors.Errorf("invalid cache sharing set for %v mount", m.Type)
}
if m.Type == MountTypeSecret {
if m.From != "" {
return nil, errors.Errorf("secret mount should not have a from")
}
if m.CacheSharing != "" {
return nil, errors.Errorf("secret mount should not define sharing")
}
if m.Source == "" && m.Target == "" && m.CacheID == "" {
return nil, errors.Errorf("invalid secret mount. one of source, target required")
}
if m.Source != "" && m.CacheID != "" {
return nil, errors.Errorf("both source and id can't be set")
}
}
return m, nil
}

7
vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_secrets.go generated vendored Normal file
View file

@ -0,0 +1,7 @@
// +build dfsecrets dfextall
package instructions
func isSecretMountsSupported() bool {
return true
}

76
vendor/github.com/moby/buildkit/frontend/gateway/gateway.go generated vendored
View file

@ -215,26 +215,72 @@ func (gf *gatewayFrontend) Solve(ctx context.Context, llbBridge frontend.Fronten
ReadonlyRootFS: readonly,
}, rootFS, lbf.Stdin, lbf.Stdout, os.Stderr)
if lbf.err != nil {
return nil, lbf.err
if err != nil {
// An existing error (set via Return rpc) takes
// precedence over this error, which in turn takes
// precedence over a success reported via Return.
lbf.mu.Lock()
if lbf.err == nil {
lbf.result = nil
lbf.err = err
}
lbf.mu.Unlock()
}
if err != nil {
return nil, err
return lbf.Result()
}
func (lbf *llbBridgeForwarder) Done() <-chan struct{} {
return lbf.doneCh
}
func (lbf *llbBridgeForwarder) setResult(r *frontend.Result, err error) (*pb.ReturnResponse, error) {
lbf.mu.Lock()
defer lbf.mu.Unlock()
if (r == nil) == (err == nil) {
return nil, errors.New("gateway return must be either result or err")
}
if lbf.result != nil || lbf.err != nil {
return nil, errors.New("gateway result is already set")
}
lbf.result = r
lbf.err = err
close(lbf.doneCh)
return &pb.ReturnResponse{}, nil
}
func (lbf *llbBridgeForwarder) Result() (*frontend.Result, error) {
lbf.mu.Lock()
defer lbf.mu.Unlock()
if lbf.result == nil && lbf.err == nil {
return nil, errors.New("no result for incomplete build")
}
if lbf.err != nil {
return nil, lbf.err
}
return lbf.result, nil
}
func newLLBBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridge, workers frontend.WorkerInfos) (*llbBridgeForwarder, error) {
func NewBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridge, workers frontend.WorkerInfos) *llbBridgeForwarder {
lbf := &llbBridgeForwarder{
callCtx: ctx,
llbBridge: llbBridge,
refs: map[string]solver.CachedResult{},
doneCh: make(chan struct{}),
pipe: newPipe(),
workers: workers,
}
return lbf
}
func newLLBBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridge, workers frontend.WorkerInfos) (*llbBridgeForwarder, error) {
lbf := NewBridgeForwarder(ctx, llbBridge, workers)
server := grpc.NewServer()
grpc_health_v1.RegisterHealthServer(server, health.NewServer())
pb.RegisterLLBBridgeServer(server, lbf)
@ -297,6 +343,12 @@ func (d dummyAddr) String() string {
return "localhost"
}
type LLBBridgeForwarder interface {
pb.LLBBridgeServer
Done() <-chan struct{}
Result() (*frontend.Result, error)
}
type llbBridgeForwarder struct {
mu sync.Mutex
callCtx context.Context
@ -305,6 +357,7 @@ type llbBridgeForwarder struct {
// lastRef solver.CachedResult
// lastRefs map[string]solver.CachedResult
// err error
doneCh chan struct{} // closed when result or err become valid through a call to a Return
result *frontend.Result
err error
exporterAttr map[string][]byte
@ -465,13 +518,13 @@ func (lbf *llbBridgeForwarder) Ping(context.Context, *pb.PingRequest) (*pb.PongR
func (lbf *llbBridgeForwarder) Return(ctx context.Context, in *pb.ReturnRequest) (*pb.ReturnResponse, error) {
if in.Error != nil {
lbf.err = status.ErrorProto(&spb.Status{
return lbf.setResult(nil, status.ErrorProto(&spb.Status{
Code: in.Error.Code,
Message: in.Error.Message,
// Details: in.Error.Details,
})
}))
} else {
lbf.result = &frontend.Result{
r := &frontend.Result{
Metadata: in.Result.Metadata,
}
@ -481,7 +534,7 @@ func (lbf *llbBridgeForwarder) Return(ctx context.Context, in *pb.ReturnRequest)
if err != nil {
return nil, err
}
lbf.result.Ref = ref
r.Ref = ref
case *pb.Result_Refs:
m := map[string]solver.CachedResult{}
for k, v := range res.Refs.Refs {
@ -491,11 +544,10 @@ func (lbf *llbBridgeForwarder) Return(ctx context.Context, in *pb.ReturnRequest)
}
m[k] = ref
}
lbf.result.Refs = m
r.Refs = m
}
return lbf.setResult(r, nil)
}
return &pb.ReturnResponse{}, nil
}
func (lbf *llbBridgeForwarder) convertRef(id string) (solver.CachedResult, error) {

457
vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go generated vendored Normal file
View file

@ -0,0 +1,457 @@
package grpcclient
import (
"context"
"encoding/json"
"io"
"net"
"os"
"strings"
"time"
"github.com/gogo/googleapis/google/rpc"
"github.com/moby/buildkit/frontend/gateway/client"
pb "github.com/moby/buildkit/frontend/gateway/pb"
opspb "github.com/moby/buildkit/solver/pb"
"github.com/moby/buildkit/util/apicaps"
digest "github.com/opencontainers/go-digest"
"github.com/pkg/errors"
"google.golang.org/grpc"
"google.golang.org/grpc/status"
)
const frontendPrefix = "BUILDKIT_FRONTEND_OPT_"
type GrpcClient interface {
Run(context.Context, client.BuildFunc) error
}
func New(ctx context.Context, opts map[string]string, session, product string, c pb.LLBBridgeClient, w []client.WorkerInfo) (GrpcClient, error) {
resp, err := c.Ping(ctx, &pb.PingRequest{})
if err != nil {
return nil, err
}
if resp.FrontendAPICaps == nil {
resp.FrontendAPICaps = defaultCaps()
}
if resp.LLBCaps == nil {
resp.LLBCaps = defaultLLBCaps()
}
return &grpcClient{
client: c,
opts: opts,
sessionID: session,
workers: w,
product: product,
caps: pb.Caps.CapSet(resp.FrontendAPICaps),
llbCaps: opspb.Caps.CapSet(resp.LLBCaps),
requests: map[string]*pb.SolveRequest{},
}, nil
}
func current() (GrpcClient, error) {
if ep := product(); ep != "" {
apicaps.ExportedProduct = ep
}
ctx, conn, err := grpcClientConn(context.Background())
if err != nil {
return nil, err
}
return New(ctx, opts(), sessionID(), product(), pb.NewLLBBridgeClient(conn), workers())
}
func convertRef(ref client.Reference) (string, error) {
if ref == nil {
return "", nil
}
r, ok := ref.(*reference)
if !ok {
return "", errors.Errorf("invalid return reference type %T", ref)
}
return r.id, nil
}
func RunFromEnvironment(ctx context.Context, f client.BuildFunc) error {
client, err := current()
if err != nil {
return errors.Wrapf(err, "failed to initialize client from environment")
}
return client.Run(ctx, f)
}
func (c *grpcClient) Run(ctx context.Context, f client.BuildFunc) (retError error) {
export := c.caps.Supports(pb.CapReturnResult) == nil
var (
res *client.Result
err error
)
if export {
defer func() {
req := &pb.ReturnRequest{}
if retError == nil {
if res == nil {
res = &client.Result{}
}
pbRes := &pb.Result{
Metadata: res.Metadata,
}
if res.Refs != nil {
m := map[string]string{}
for k, r := range res.Refs {
id, err := convertRef(r)
if err != nil {
retError = err
continue
}
m[k] = id
}
pbRes.Result = &pb.Result_Refs{Refs: &pb.RefMap{Refs: m}}
} else {
id, err := convertRef(res.Ref)
if err != nil {
retError = err
} else {
pbRes.Result = &pb.Result_Ref{Ref: id}
}
}
if retError == nil {
req.Result = pbRes
}
}
if retError != nil {
st, _ := status.FromError(retError)
stp := st.Proto()
req.Error = &rpc.Status{
Code: stp.Code,
Message: stp.Message,
// Details: stp.Details,
}
}
if _, err := c.client.Return(ctx, req); err != nil && retError == nil {
retError = err
}
}()
}
if res, err = f(ctx, c); err != nil {
return err
}
if err := c.caps.Supports(pb.CapReturnMap); len(res.Refs) > 1 && err != nil {
return err
}
if !export {
exportedAttrBytes, err := json.Marshal(res.Metadata)
if err != nil {
return errors.Wrapf(err, "failed to marshal return metadata")
}
req, err := c.requestForRef(res.Ref)
if err != nil {
return errors.Wrapf(err, "failed to find return ref")
}
req.Final = true
req.ExporterAttr = exportedAttrBytes
if _, err := c.client.Solve(ctx, req); err != nil {
return errors.Wrapf(err, "failed to solve")
}
}
return nil
}
// defaultCaps returns the capabilities that were implemented when capabilities
// support was added. This list is frozen and should never be changed.
func defaultCaps() []apicaps.PBCap {
return []apicaps.PBCap{
{ID: string(pb.CapSolveBase), Enabled: true},
{ID: string(pb.CapSolveInlineReturn), Enabled: true},
{ID: string(pb.CapResolveImage), Enabled: true},
{ID: string(pb.CapReadFile), Enabled: true},
}
}
// defaultLLBCaps returns the LLB capabilities that were implemented when capabilities
// support was added. This list is frozen and should never be changed.
func defaultLLBCaps() []apicaps.PBCap {
return []apicaps.PBCap{
{ID: string(opspb.CapSourceImage), Enabled: true},
{ID: string(opspb.CapSourceLocal), Enabled: true},
{ID: string(opspb.CapSourceLocalUnique), Enabled: true},
{ID: string(opspb.CapSourceLocalSessionID), Enabled: true},
{ID: string(opspb.CapSourceLocalIncludePatterns), Enabled: true},
{ID: string(opspb.CapSourceLocalFollowPaths), Enabled: true},
{ID: string(opspb.CapSourceLocalExcludePatterns), Enabled: true},
{ID: string(opspb.CapSourceLocalSharedKeyHint), Enabled: true},
{ID: string(opspb.CapSourceGit), Enabled: true},
{ID: string(opspb.CapSourceGitKeepDir), Enabled: true},
{ID: string(opspb.CapSourceGitFullURL), Enabled: true},
{ID: string(opspb.CapSourceHTTP), Enabled: true},
{ID: string(opspb.CapSourceHTTPChecksum), Enabled: true},
{ID: string(opspb.CapSourceHTTPPerm), Enabled: true},
{ID: string(opspb.CapSourceHTTPUIDGID), Enabled: true},
{ID: string(opspb.CapBuildOpLLBFileName), Enabled: true},
{ID: string(opspb.CapExecMetaBase), Enabled: true},
{ID: string(opspb.CapExecMetaProxy), Enabled: true},
{ID: string(opspb.CapExecMountBind), Enabled: true},
{ID: string(opspb.CapExecMountCache), Enabled: true},
{ID: string(opspb.CapExecMountCacheSharing), Enabled: true},
{ID: string(opspb.CapExecMountSelector), Enabled: true},
{ID: string(opspb.CapExecMountTmpfs), Enabled: true},
{ID: string(opspb.CapMountSecret), Enabled: true},
{ID: string(opspb.CapConstraints), Enabled: true},
{ID: string(opspb.CapPlatform), Enabled: true},
{ID: string(opspb.CapMetaIgnoreCache), Enabled: true},
{ID: string(opspb.CapMetaDescription), Enabled: true},
{ID: string(opspb.CapMetaExportCache), Enabled: true},
}
}
type grpcClient struct {
client pb.LLBBridgeClient
opts map[string]string
sessionID string
product string
workers []client.WorkerInfo
caps apicaps.CapSet
llbCaps apicaps.CapSet
requests map[string]*pb.SolveRequest
}
func (c *grpcClient) requestForRef(ref client.Reference) (*pb.SolveRequest, error) {
emptyReq := &pb.SolveRequest{
Definition: &opspb.Definition{},
}
if ref == nil {
return emptyReq, nil
}
r, ok := ref.(*reference)
if !ok {
return nil, errors.Errorf("return reference has invalid type %T", ref)
}
if r.id == "" {
return emptyReq, nil
}
req, ok := c.requests[r.id]
if !ok {
return nil, errors.Errorf("did not find request for return reference %s", r.id)
}
return req, nil
}
func (c *grpcClient) Solve(ctx context.Context, creq client.SolveRequest) (*client.Result, error) {
if creq.Definition != nil {
for _, md := range creq.Definition.Metadata {
for cap := range md.Caps {
if err := c.llbCaps.Supports(cap); err != nil {
return nil, err
}
}
}
}
req := &pb.SolveRequest{
Definition: creq.Definition,
Frontend: creq.Frontend,
FrontendOpt: creq.FrontendOpt,
ImportCacheRefs: creq.ImportCacheRefs,
AllowResultReturn: true,
}
// backwards compatibility with inline return
if c.caps.Supports(pb.CapReturnResult) != nil {
req.ExporterAttr = []byte("{}")
}
resp, err := c.client.Solve(ctx, req)
if err != nil {
return nil, err
}
res := &client.Result{}
if resp.Result == nil {
if id := resp.Ref; id != "" {
c.requests[id] = req
}
res.SetRef(&reference{id: resp.Ref, c: c})
} else {
res.Metadata = resp.Result.Metadata
switch pbRes := resp.Result.Result.(type) {
case *pb.Result_Ref:
if id := pbRes.Ref; id != "" {
res.SetRef(&reference{id: id, c: c})
}
case *pb.Result_Refs:
for k, v := range pbRes.Refs.Refs {
ref := &reference{id: v, c: c}
if v == "" {
ref = nil
}
res.AddRef(k, ref)
}
}
}
return res, nil
}
func (c *grpcClient) ResolveImageConfig(ctx context.Context, ref string, opt client.ResolveImageConfigOpt) (digest.Digest, []byte, error) {
var p *opspb.Platform
if platform := opt.Platform; platform != nil {
p = &opspb.Platform{
OS: platform.OS,
Architecture: platform.Architecture,
Variant: platform.Variant,
OSVersion: platform.OSVersion,
OSFeatures: platform.OSFeatures,
}
}
resp, err := c.client.ResolveImageConfig(ctx, &pb.ResolveImageConfigRequest{Ref: ref, Platform: p, ResolveMode: opt.ResolveMode, LogName: opt.LogName})
if err != nil {
return "", nil, err
}
return resp.Digest, resp.Config, nil
}
func (c *grpcClient) BuildOpts() client.BuildOpts {
return client.BuildOpts{
Opts: c.opts,
SessionID: c.sessionID,
Workers: c.workers,
Product: c.product,
}
}
func (c *grpcClient) Opts() map[string]string {
return c.opts
}
func (c *grpcClient) SessionID() string {
return c.sessionID
}
func (c *grpcClient) WorkerInfos() []client.WorkerInfo {
return c.workers
}
type reference struct {
id string
c *grpcClient
}
func (r *reference) ReadFile(ctx context.Context, req client.ReadRequest) ([]byte, error) {
rfr := &pb.ReadFileRequest{FilePath: req.Filename, Ref: r.id}
if r := req.Range; r != nil {
rfr.Range = &pb.FileRange{
Offset: int64(r.Offset),
Length: int64(r.Length),
}
}
resp, err := r.c.client.ReadFile(ctx, rfr)
if err != nil {
return nil, err
}
return resp.Data, nil
}
func grpcClientConn(ctx context.Context) (context.Context, *grpc.ClientConn, error) {
dialOpt := grpc.WithDialer(func(addr string, d time.Duration) (net.Conn, error) {
return stdioConn(), nil
})
cc, err := grpc.DialContext(ctx, "", dialOpt, grpc.WithInsecure())
if err != nil {
return nil, nil, errors.Wrap(err, "failed to create grpc client")
}
ctx, cancel := context.WithCancel(ctx)
_ = cancel
// go monitorHealth(ctx, cc, cancel)
return ctx, cc, nil
}
func stdioConn() net.Conn {
return &conn{os.Stdin, os.Stdout, os.Stdout}
}
type conn struct {
io.Reader
io.Writer
io.Closer
}
func (s *conn) LocalAddr() net.Addr {
return dummyAddr{}
}
func (s *conn) RemoteAddr() net.Addr {
return dummyAddr{}
}
func (s *conn) SetDeadline(t time.Time) error {
return nil
}
func (s *conn) SetReadDeadline(t time.Time) error {
return nil
}
func (s *conn) SetWriteDeadline(t time.Time) error {
return nil
}
type dummyAddr struct {
}
func (d dummyAddr) Network() string {
return "pipe"
}
func (d dummyAddr) String() string {
return "localhost"
}
func opts() map[string]string {
opts := map[string]string{}
for _, env := range os.Environ() {
parts := strings.SplitN(env, "=", 2)
k := parts[0]
v := ""
if len(parts) == 2 {
v = parts[1]
}
if !strings.HasPrefix(k, frontendPrefix) {
continue
}
parts = strings.SplitN(v, "=", 2)
v = ""
if len(parts) == 2 {
v = parts[1]
}
opts[parts[0]] = v
}
return opts
}
func sessionID() string {
return os.Getenv("BUILDKIT_SESSION_ID")
}
func workers() []client.WorkerInfo {
var c []client.WorkerInfo
if err := json.Unmarshal([]byte(os.Getenv("BUILDKIT_WORKERS")), &c); err != nil {
return nil
}
return c
}
func product() string {
return os.Getenv("BUILDKIT_EXPORTEDPRODUCT")
}

31
vendor/github.com/moby/buildkit/solver/jobs.go generated vendored
View file

@ -21,6 +21,7 @@ type ResolveOpFunc func(Vertex, Builder) (Op, error)
type Builder interface {
Build(ctx context.Context, e Edge) (CachedResult, error)
Context(ctx context.Context) context.Context
EachValue(ctx context.Context, key string, fn func(interface{}) error) error
}
// Solver provides a shared graph of all the vertexes currently being
@ -169,10 +170,22 @@ func (sb *subBuilder) Context(ctx context.Context) context.Context {
return progress.WithProgress(ctx, sb.mpw)
}
func (sb *subBuilder) EachValue(ctx context.Context, key string, fn func(interface{}) error) error {
sb.mu.Lock()
defer sb.mu.Lock()
for j := range sb.jobs {
if err := j.EachValue(ctx, key, fn); err != nil {
return err
}
}
return nil
}
type Job struct {
list *Solver
pr *progress.MultiReader
pw progress.Writer
list *Solver
pr *progress.MultiReader
pw progress.Writer
values sync.Map
progressCloser func()
SessionID string
@ -446,6 +459,18 @@ func (j *Job) Context(ctx context.Context) context.Context {
return progress.WithProgress(ctx, j.pw)
}
func (j *Job) SetValue(key string, v interface{}) {
j.values.Store(key, v)
}
func (j *Job) EachValue(ctx context.Context, key string, fn func(interface{}) error) error {
v, ok := j.values.Load(key)
if ok {
return fn(v)
}
return nil
}
type cacheMapResp struct {
*CacheMap
complete bool

7
vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go generated vendored
View file

@ -75,7 +75,12 @@ func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest) (res *
}
if req.Definition != nil && req.Definition.Def != nil {
edge, err := Load(req.Definition, WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps())
ent, err := loadEntitlements(b.builder)
if err != nil {
return nil, err
}
edge, err := Load(req.Definition, ValidateEntitlements(ent), WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps())
if err != nil {
return nil, err
}

33
vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go generated vendored
View file

@ -6,6 +6,7 @@ import (
"encoding/json"
"fmt"
"io/ioutil"
"net"
"os"
"path"
"path/filepath"
@ -67,6 +68,11 @@ func NewExecOp(v solver.Vertex, op *pb.Op_Exec, cm cache.Manager, sm *session.Ma
func cloneExecOp(old *pb.ExecOp) pb.ExecOp {
n := *old
meta := *n.Meta
meta.ExtraHosts = nil
for i := range n.Meta.ExtraHosts {
h := *n.Meta.ExtraHosts[i]
meta.ExtraHosts = append(meta.ExtraHosts, &h)
}
n.Meta = &meta
n.Mounts = nil
for i := range n.Mounts {
@ -78,6 +84,11 @@ func cloneExecOp(old *pb.ExecOp) pb.ExecOp {
func (e *execOp) CacheMap(ctx context.Context, index int) (*solver.CacheMap, bool, error) {
op := cloneExecOp(e.op)
for i := range op.Meta.ExtraHosts {
h := op.Meta.ExtraHosts[i]
h.IP = ""
op.Meta.ExtraHosts[i] = h
}
for i := range op.Mounts {
op.Mounts[i].Selector = ""
}
@ -504,12 +515,19 @@ func (e *execOp) Exec(ctx context.Context, inputs []solver.Result) ([]solver.Res
return mounts[i].Dest < mounts[j].Dest
})
extraHosts, err := parseExtraHosts(e.op.Meta.ExtraHosts)
if err != nil {
return nil, err
}
meta := executor.Meta{
Args: e.op.Meta.Args,
Env: e.op.Meta.Env,
Cwd: e.op.Meta.Cwd,
User: e.op.Meta.User,
ReadonlyRootFS: readonlyRootFS,
ExtraHosts: extraHosts,
NetMode: e.op.Network,
}
if e.op.Meta.ProxyEnv != nil {
@ -657,3 +675,18 @@ func (r *cacheRef) Release(ctx context.Context) error {
}
return nil
}
func parseExtraHosts(ips []*pb.HostIP) ([]executor.HostIP, error) {
out := make([]executor.HostIP, len(ips))
for i, hip := range ips {
ip := net.ParseIP(hip.IP)
if ip == nil {
return nil, errors.Errorf("failed to parse IP %s", hip.IP)
}
out[i] = executor.HostIP{
IP: ip,
Host: hip.Host,
}
}
return out, nil
}

77
vendor/github.com/moby/buildkit/solver/llbsolver/solver.go generated vendored
View file

@ -7,11 +7,14 @@ import (
"github.com/moby/buildkit/cache"
"github.com/moby/buildkit/cache/remotecache"
"github.com/moby/buildkit/client"
controlgateway "github.com/moby/buildkit/control/gateway"
"github.com/moby/buildkit/exporter"
"github.com/moby/buildkit/frontend"
"github.com/moby/buildkit/frontend/gateway"
"github.com/moby/buildkit/identity"
"github.com/moby/buildkit/session"
"github.com/moby/buildkit/solver"
"github.com/moby/buildkit/util/entitlements"
"github.com/moby/buildkit/util/progress"
"github.com/moby/buildkit/worker"
digest "github.com/opencontainers/go-digest"
@ -19,6 +22,8 @@ import (
"github.com/pkg/errors"
)
const keyEntitlements = "llb.entitlements"
type ExporterRequest struct {
Exporter exporter.ExporterInstance
CacheExporter remotecache.Exporter
@ -29,18 +34,22 @@ type ExporterRequest struct {
type ResolveWorkerFunc func() (worker.Worker, error)
type Solver struct {
workerController *worker.Controller
solver *solver.Solver
resolveWorker ResolveWorkerFunc
frontends map[string]frontend.Frontend
resolveCacheImporter remotecache.ResolveCacheImporterFunc
platforms []specs.Platform
gatewayForwarder *controlgateway.GatewayForwarder
}
func New(wc *worker.Controller, f map[string]frontend.Frontend, cache solver.CacheManager, resolveCI remotecache.ResolveCacheImporterFunc) (*Solver, error) {
func New(wc *worker.Controller, f map[string]frontend.Frontend, cache solver.CacheManager, resolveCI remotecache.ResolveCacheImporterFunc, gatewayForwarder *controlgateway.GatewayForwarder) (*Solver, error) {
s := &Solver{
workerController: wc,
resolveWorker: defaultResolver(wc),
frontends: f,
resolveCacheImporter: resolveCI,
gatewayForwarder: gatewayForwarder,
}
// executing is currently only allowed on default worker
@ -78,7 +87,7 @@ func (s *Solver) Bridge(b solver.Builder) frontend.FrontendLLBBridge {
}
}
func (s *Solver) Solve(ctx context.Context, id string, req frontend.SolveRequest, exp ExporterRequest) (*client.SolveResponse, error) {
func (s *Solver) Solve(ctx context.Context, id string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement) (*client.SolveResponse, error) {
j, err := s.solver.NewJob(id)
if err != nil {
return nil, err
@ -86,12 +95,38 @@ func (s *Solver) Solve(ctx context.Context, id string, req frontend.SolveRequest
defer j.Discard()
j.SessionID = session.FromContext(ctx)
res, err := s.Bridge(j).Solve(ctx, req)
set, err := entitlements.WhiteList(ent, supportedEntitlements())
if err != nil {
return nil, err
}
j.SetValue(keyEntitlements, set)
j.SessionID = session.FromContext(ctx)
var res *frontend.Result
if s.gatewayForwarder != nil && req.Definition == nil && req.Frontend == "" {
fwd := gateway.NewBridgeForwarder(ctx, s.Bridge(j), s.workerController)
if err := s.gatewayForwarder.RegisterBuild(ctx, id, fwd); err != nil {
return nil, err
}
defer s.gatewayForwarder.UnregisterBuild(ctx, id)
var err error
select {
case <-fwd.Done():
res, err = fwd.Result()
case <-ctx.Done():
err = ctx.Err()
}
if err != nil {
return nil, err
}
} else {
res, err = s.Bridge(j).Solve(ctx, req)
if err != nil {
return nil, err
}
}
defer func() {
res.EachRef(func(ref solver.CachedResult) error {
@ -105,6 +140,9 @@ func (s *Solver) Solve(ctx context.Context, id string, req frontend.SolveRequest
inp := exporter.Source{
Metadata: res.Metadata,
}
if inp.Metadata == nil {
inp.Metadata = make(map[string][]byte)
}
if res := res.Ref; res != nil {
workerRef, ok := res.Sys().(*worker.WorkerRef)
if !ok {
@ -164,6 +202,7 @@ func (s *Solver) Solve(ctx context.Context, id string, req frontend.SolveRequest
func (s *Solver) Status(ctx context.Context, id string, statusChan chan *client.SolveStatus) error {
j, err := s.solver.Get(id)
if err != nil {
close(statusChan)
return err
}
return j.Status(ctx, statusChan)
@ -229,3 +268,31 @@ func notifyCompleted(ctx context.Context, v *client.Vertex, err error, cached bo
}
pw.Write(v.Digest.String(), *v)
}
var AllowNetworkHostUnstable = false // TODO: enable in constructor
func supportedEntitlements() []entitlements.Entitlement {
out := []entitlements.Entitlement{} // nil means no filter
if AllowNetworkHostUnstable {
out = append(out, entitlements.EntitlementNetworkHost)
}
return out
}
func loadEntitlements(b solver.Builder) (entitlements.Set, error) {
var ent entitlements.Set = map[entitlements.Entitlement]struct{}{}
err := b.EachValue(context.TODO(), keyEntitlements, func(v interface{}) error {
set, ok := v.(entitlements.Set)
if !ok {
return errors.Errorf("invalid entitlements %T", v)
}
for k := range set {
ent[k] = struct{}{}
}
return nil
})
if err != nil {
return nil, err
}
return ent, nil
}

20
vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go generated vendored
View file

@ -7,6 +7,7 @@ import (
"github.com/moby/buildkit/solver"
"github.com/moby/buildkit/solver/pb"
"github.com/moby/buildkit/source"
"github.com/moby/buildkit/util/entitlements"
digest "github.com/opencontainers/go-digest"
specs "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
@ -99,6 +100,25 @@ func RuntimePlatforms(p []specs.Platform) LoadOpt {
}
}
func ValidateEntitlements(ent entitlements.Set) LoadOpt {
return func(op *pb.Op, _ *pb.OpMetadata, opt *solver.VertexOptions) error {
switch op := op.Op.(type) {
case *pb.Op_Exec:
if op.Exec.Network == pb.NetMode_HOST {
if !ent.Allowed(entitlements.EntitlementNetworkHost) {
return errors.Errorf("%s is not allowed", entitlements.EntitlementNetworkHost)
}
}
if op.Exec.Network == pb.NetMode_NONE {
if !ent.Allowed(entitlements.EntitlementNetworkNone) {
return errors.Errorf("%s is not allowed", entitlements.EntitlementNetworkNone)
}
}
}
return nil
}
}
func Load(def *pb.Definition, opts ...LoadOpt) (solver.Edge, error) {
return loadLLB(def, func(dgst digest.Digest, pbOp *pb.Op, load func(digest.Digest) (solver.Vertex, error)) (solver.Vertex, error) {
opMetadata := def.Metadata[dgst]

7
vendor/github.com/moby/buildkit/solver/pb/caps.go generated vendored
View file

@ -32,6 +32,7 @@ const (
CapExecMetaBase apicaps.CapID = "exec.meta.base"
CapExecMetaProxy apicaps.CapID = "exec.meta.proxyenv"
CapExecMetaNetwork apicaps.CapID = "exec.meta.network"
CapExecMountBind apicaps.CapID = "exec.mount.bind"
CapExecMountCache apicaps.CapID = "exec.mount.cache"
CapExecMountCacheSharing apicaps.CapID = "exec.mount.cache.sharing"
@ -162,6 +163,12 @@ func init() {
Status: apicaps.CapStatusExperimental,
})
Caps.Init(apicaps.Cap{
ID: CapExecMetaNetwork,
Enabled: true,
Status: apicaps.CapStatusExperimental,
})
Caps.Init(apicaps.Cap{
ID: CapExecMountBind,
Enabled: true,

487
vendor/github.com/moby/buildkit/solver/pb/ops.pb.go generated vendored
View file

@ -29,6 +29,7 @@
ProxyEnv
WorkerConstraints
Definition
HostIP
*/
package pb
@ -53,6 +54,30 @@ var _ = math.Inf
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
type NetMode int32
const (
NetMode_UNSET NetMode = 0
NetMode_HOST NetMode = 1
NetMode_NONE NetMode = 2
)
var NetMode_name = map[int32]string{
0: "UNSET",
1: "HOST",
2: "NONE",
}
var NetMode_value = map[string]int32{
"UNSET": 0,
"HOST": 1,
"NONE": 2,
}
func (x NetMode) String() string {
return proto.EnumName(NetMode_name, int32(x))
}
func (NetMode) EnumDescriptor() ([]byte, []int) { return fileDescriptorOps, []int{0} }
// MountType defines a type of a mount from a supported set
type MountType int32
@ -82,7 +107,7 @@ var MountType_value = map[string]int32{
func (x MountType) String() string {
return proto.EnumName(MountType_name, int32(x))
}
func (MountType) EnumDescriptor() ([]byte, []int) { return fileDescriptorOps, []int{0} }
func (MountType) EnumDescriptor() ([]byte, []int) { return fileDescriptorOps, []int{1} }
// CacheSharingOpt defines different sharing modes for cache mount
type CacheSharingOpt int32
@ -110,7 +135,7 @@ var CacheSharingOpt_value = map[string]int32{
func (x CacheSharingOpt) String() string {
return proto.EnumName(CacheSharingOpt_name, int32(x))
}
func (CacheSharingOpt) EnumDescriptor() ([]byte, []int) { return fileDescriptorOps, []int{1} }
func (CacheSharingOpt) EnumDescriptor() ([]byte, []int) { return fileDescriptorOps, []int{2} }
// Op represents a vertex of the LLB DAG.
type Op struct {
@ -387,8 +412,9 @@ func (*Input) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{2}
// ExecOp executes a command in a container.
type ExecOp struct {
Meta *Meta `protobuf:"bytes,1,opt,name=meta" json:"meta,omitempty"`
Mounts []*Mount `protobuf:"bytes,2,rep,name=mounts" json:"mounts,omitempty"`
Meta *Meta `protobuf:"bytes,1,opt,name=meta" json:"meta,omitempty"`
Mounts []*Mount `protobuf:"bytes,2,rep,name=mounts" json:"mounts,omitempty"`
Network NetMode `protobuf:"varint,3,opt,name=network,proto3,enum=pb.NetMode" json:"network,omitempty"`
}
func (m *ExecOp) Reset() { *m = ExecOp{} }
@ -410,15 +436,23 @@ func (m *ExecOp) GetMounts() []*Mount {
return nil
}
func (m *ExecOp) GetNetwork() NetMode {
if m != nil {
return m.Network
}
return NetMode_UNSET
}
// Meta is a set of arguments for ExecOp.
// Meta is unrelated to LLB metadata.
// FIXME: rename (ExecContext? ExecArgs?)
type Meta struct {
Args []string `protobuf:"bytes,1,rep,name=args" json:"args,omitempty"`
Env []string `protobuf:"bytes,2,rep,name=env" json:"env,omitempty"`
Cwd string `protobuf:"bytes,3,opt,name=cwd,proto3" json:"cwd,omitempty"`
User string `protobuf:"bytes,4,opt,name=user,proto3" json:"user,omitempty"`
ProxyEnv *ProxyEnv `protobuf:"bytes,5,opt,name=proxy_env,json=proxyEnv" json:"proxy_env,omitempty"`
Args []string `protobuf:"bytes,1,rep,name=args" json:"args,omitempty"`
Env []string `protobuf:"bytes,2,rep,name=env" json:"env,omitempty"`
Cwd string `protobuf:"bytes,3,opt,name=cwd,proto3" json:"cwd,omitempty"`
User string `protobuf:"bytes,4,opt,name=user,proto3" json:"user,omitempty"`
ProxyEnv *ProxyEnv `protobuf:"bytes,5,opt,name=proxy_env,json=proxyEnv" json:"proxy_env,omitempty"`
ExtraHosts []*HostIP `protobuf:"bytes,6,rep,name=extraHosts" json:"extraHosts,omitempty"`
}
func (m *Meta) Reset() { *m = Meta{} }
@ -461,6 +495,13 @@ func (m *Meta) GetProxyEnv() *ProxyEnv {
return nil
}
func (m *Meta) GetExtraHosts() []*HostIP {
if m != nil {
return m.ExtraHosts
}
return nil
}
// Mount specifies how to mount an input Op as a filesystem.
type Mount struct {
Input InputIndex `protobuf:"varint,1,opt,name=input,proto3,customtype=InputIndex" json:"input"`
@ -864,6 +905,30 @@ func (m *Definition) GetMetadata() map[github_com_opencontainers_go_digest.Diges
return nil
}
type HostIP struct {
Host string `protobuf:"bytes,1,opt,name=Host,proto3" json:"Host,omitempty"`
IP string `protobuf:"bytes,2,opt,name=IP,proto3" json:"IP,omitempty"`
}
func (m *HostIP) Reset() { *m = HostIP{} }
func (m *HostIP) String() string { return proto.CompactTextString(m) }
func (*HostIP) ProtoMessage() {}
func (*HostIP) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{18} }
func (m *HostIP) GetHost() string {
if m != nil {
return m.Host
}
return ""
}
func (m *HostIP) GetIP() string {
if m != nil {
return m.IP
}
return ""
}
func init() {
proto.RegisterType((*Op)(nil), "pb.Op")
proto.RegisterType((*Platform)(nil), "pb.Platform")
@ -883,6 +948,8 @@ func init() {
proto.RegisterType((*ProxyEnv)(nil), "pb.ProxyEnv")
proto.RegisterType((*WorkerConstraints)(nil), "pb.WorkerConstraints")
proto.RegisterType((*Definition)(nil), "pb.Definition")
proto.RegisterType((*HostIP)(nil), "pb.HostIP")
proto.RegisterEnum("pb.NetMode", NetMode_name, NetMode_value)
proto.RegisterEnum("pb.MountType", MountType_name, MountType_value)
proto.RegisterEnum("pb.CacheSharingOpt", CacheSharingOpt_name, CacheSharingOpt_value)
}
@ -1122,6 +1189,11 @@ func (m *ExecOp) MarshalTo(dAtA []byte) (int, error) {
i += n
}
}
if m.Network != 0 {
dAtA[i] = 0x18
i++
i = encodeVarintOps(dAtA, i, uint64(m.Network))
}
return i, nil
}
@ -1192,6 +1264,18 @@ func (m *Meta) MarshalTo(dAtA []byte) (int, error) {
}
i += n9
}
if len(m.ExtraHosts) > 0 {
for _, msg := range m.ExtraHosts {
dAtA[i] = 0x32
i++
i = encodeVarintOps(dAtA, i, uint64(msg.Size()))
n, err := msg.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n
}
}
return i, nil
}
@ -1790,6 +1874,36 @@ func (m *Definition) MarshalTo(dAtA []byte) (int, error) {
return i, nil
}
func (m *HostIP) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalTo(dAtA)
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *HostIP) MarshalTo(dAtA []byte) (int, error) {
var i int
_ = i
var l int
_ = l
if len(m.Host) > 0 {
dAtA[i] = 0xa
i++
i = encodeVarintOps(dAtA, i, uint64(len(m.Host)))
i += copy(dAtA[i:], m.Host)
}
if len(m.IP) > 0 {
dAtA[i] = 0x12
i++
i = encodeVarintOps(dAtA, i, uint64(len(m.IP)))
i += copy(dAtA[i:], m.IP)
}
return i, nil
}
func encodeVarintOps(dAtA []byte, offset int, v uint64) int {
for v >= 1<<7 {
dAtA[offset] = uint8(v&0x7f | 0x80)
@ -1912,6 +2026,9 @@ func (m *ExecOp) Size() (n int) {
n += 1 + l + sovOps(uint64(l))
}
}
if m.Network != 0 {
n += 1 + sovOps(uint64(m.Network))
}
return n
}
@ -1942,6 +2059,12 @@ func (m *Meta) Size() (n int) {
l = m.ProxyEnv.Size()
n += 1 + l + sovOps(uint64(l))
}
if len(m.ExtraHosts) > 0 {
for _, e := range m.ExtraHosts {
l = e.Size()
n += 1 + l + sovOps(uint64(l))
}
}
return n
}
@ -2197,6 +2320,20 @@ func (m *Definition) Size() (n int) {
return n
}
func (m *HostIP) Size() (n int) {
var l int
_ = l
l = len(m.Host)
if l > 0 {
n += 1 + l + sovOps(uint64(l))
}
l = len(m.IP)
if l > 0 {
n += 1 + l + sovOps(uint64(l))
}
return n
}
func sovOps(x uint64) (n int) {
for {
n++
@ -2871,6 +3008,25 @@ func (m *ExecOp) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
case 3:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Network", wireType)
}
m.Network = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOps
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.Network |= (NetMode(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
default:
iNdEx = preIndex
skippy, err := skipOps(dAtA[iNdEx:])
@ -3070,6 +3226,37 @@ func (m *Meta) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
case 6:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ExtraHosts", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOps
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthOps
}
postIndex := iNdEx + msglen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ExtraHosts = append(m.ExtraHosts, &HostIP{})
if err := m.ExtraHosts[len(m.ExtraHosts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipOps(dAtA[iNdEx:])
@ -5260,6 +5447,114 @@ func (m *Definition) Unmarshal(dAtA []byte) error {
}
return nil
}
func (m *HostIP) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOps
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: HostIP: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: HostIP: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Host", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOps
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthOps
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Host = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field IP", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOps
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthOps
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.IP = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipOps(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthOps
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func skipOps(dAtA []byte) (n int, err error) {
l := len(dAtA)
iNdEx := 0
@ -5368,88 +5663,94 @@ var (
func init() { proto.RegisterFile("ops.proto", fileDescriptorOps) }
var fileDescriptorOps = []byte{
// 1328 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0xcb, 0x6e, 0xdb, 0x46,
0x17, 0x36, 0xa9, 0x8b, 0xc9, 0x43, 0xdb, 0xd1, 0x3f, 0xb9, 0xfc, 0xfa, 0xfd, 0xa7, 0xb6, 0xcb,
0x14, 0x85, 0x13, 0xc7, 0x12, 0xa0, 0x00, 0x49, 0xd0, 0x45, 0x50, 0xeb, 0x12, 0x58, 0x4d, 0x53,
0x05, 0x23, 0xc3, 0x5d, 0x06, 0x14, 0x35, 0x92, 0x89, 0x48, 0x1c, 0x82, 0x1c, 0xa6, 0xd6, 0xa2,
0x5d, 0xe4, 0x09, 0x0a, 0x14, 0xe8, 0xbe, 0x2f, 0xd0, 0x37, 0xe8, 0x3e, 0xcb, 0x6e, 0xdb, 0x45,
0x5a, 0xa4, 0x2f, 0x52, 0x9c, 0x99, 0xe1, 0x25, 0x97, 0xa2, 0x09, 0xda, 0x15, 0x67, 0xce, 0xe5,
0x9b, 0x33, 0xdf, 0x39, 0x67, 0x0e, 0xc1, 0xe6, 0x51, 0xd2, 0x8a, 0x62, 0x2e, 0x38, 0x31, 0xa3,
0xc9, 0xf6, 0xe1, 0x3c, 0x10, 0x67, 0xe9, 0xa4, 0xe5, 0xf3, 0x65, 0x7b, 0xce, 0xe7, 0xbc, 0x2d,
0x55, 0x93, 0x74, 0x26, 0x77, 0x72, 0x23, 0x57, 0xca, 0xc5, 0xfd, 0xc1, 0x04, 0x73, 0x14, 0x91,
0x0f, 0xa1, 0x1e, 0x84, 0x51, 0x2a, 0x92, 0xa6, 0xb1, 0x57, 0xd9, 0x77, 0x3a, 0x76, 0x2b, 0x9a,
0xb4, 0x86, 0x28, 0xa1, 0x5a, 0x41, 0xf6, 0xa0, 0xca, 0xce, 0x99, 0xdf, 0x34, 0xf7, 0x8c, 0x7d,
0xa7, 0x03, 0x68, 0x30, 0x38, 0x67, 0xfe, 0x28, 0x3a, 0x5e, 0xa3, 0x52, 0x43, 0x3e, 0x86, 0x7a,
0xc2, 0xd3, 0xd8, 0x67, 0xcd, 0x8a, 0xb4, 0xd9, 0x40, 0x9b, 0xb1, 0x94, 0x48, 0x2b, 0xad, 0x45,
0x24, 0x9f, 0x47, 0xab, 0x66, 0xb5, 0x40, 0xea, 0xf1, 0x68, 0xa5, 0x90, 0x50, 0x43, 0xae, 0x41,
0x6d, 0x92, 0x06, 0x8b, 0x69, 0xb3, 0x26, 0x4d, 0x1c, 0x34, 0xe9, 0xa2, 0x40, 0xda, 0x28, 0x1d,
0xd9, 0x07, 0x2b, 0x5a, 0x78, 0x62, 0xc6, 0xe3, 0x65, 0x13, 0x8a, 0x03, 0x1f, 0x69, 0x19, 0xcd,
0xb5, 0xe4, 0x0e, 0x38, 0x3e, 0x0f, 0x13, 0x11, 0x7b, 0x41, 0x28, 0x92, 0xa6, 0x23, 0x8d, 0x2f,
0xa3, 0xf1, 0x97, 0x3c, 0x7e, 0xc2, 0xe2, 0x5e, 0xa1, 0xa4, 0x65, 0xcb, 0x6e, 0x15, 0x4c, 0x1e,
0xb9, 0xdf, 0x1b, 0x60, 0x65, 0xa8, 0xc4, 0x85, 0x8d, 0xa3, 0xd8, 0x3f, 0x0b, 0x04, 0xf3, 0x45,
0x1a, 0xb3, 0xa6, 0xb1, 0x67, 0xec, 0xdb, 0xf4, 0x15, 0x19, 0xd9, 0x02, 0x73, 0x34, 0x96, 0x44,
0xd9, 0xd4, 0x1c, 0x8d, 0x49, 0x13, 0xd6, 0x4f, 0xbd, 0x38, 0xf0, 0x42, 0x21, 0x99, 0xb1, 0x69,
0xb6, 0x25, 0x57, 0xc1, 0x1e, 0x8d, 0x4f, 0x59, 0x9c, 0x04, 0x3c, 0x94, 0x7c, 0xd8, 0xb4, 0x10,
0x90, 0x1d, 0x80, 0xd1, 0xf8, 0x3e, 0xf3, 0x10, 0x34, 0x69, 0xd6, 0xf6, 0x2a, 0xfb, 0x36, 0x2d,
0x49, 0xdc, 0x6f, 0xa0, 0x26, 0x73, 0x44, 0x3e, 0x83, 0xfa, 0x34, 0x98, 0xb3, 0x44, 0xa8, 0x70,
0xba, 0x9d, 0xe7, 0x2f, 0x76, 0xd7, 0x7e, 0x7d, 0xb1, 0x7b, 0xa3, 0x54, 0x0c, 0x3c, 0x62, 0xa1,
0xcf, 0x43, 0xe1, 0x05, 0x21, 0x8b, 0x93, 0xf6, 0x9c, 0x1f, 0x2a, 0x97, 0x56, 0x5f, 0x7e, 0xa8,
0x46, 0x20, 0xd7, 0xa1, 0x16, 0x84, 0x53, 0x76, 0x2e, 0xe3, 0xaf, 0x74, 0x2f, 0x6a, 0x28, 0x67,
0x94, 0x8a, 0x28, 0x15, 0x43, 0x54, 0x51, 0x65, 0xe1, 0x0e, 0xa1, 0xae, 0x4a, 0x80, 0x5c, 0x85,
0xea, 0x92, 0x09, 0x4f, 0x1e, 0xef, 0x74, 0x2c, 0xa4, 0xf6, 0x21, 0x13, 0x1e, 0x95, 0x52, 0xac,
0xae, 0x25, 0x4f, 0x91, 0x7a, 0xb3, 0xa8, 0xae, 0x87, 0x28, 0xa1, 0x5a, 0xe1, 0x7e, 0x0d, 0x55,
0x74, 0x20, 0x04, 0xaa, 0x5e, 0x3c, 0x57, 0x65, 0x68, 0x53, 0xb9, 0x26, 0x0d, 0xa8, 0xb0, 0xf0,
0xa9, 0xf4, 0xb5, 0x29, 0x2e, 0x51, 0xe2, 0x7f, 0x35, 0xd5, 0x64, 0xe2, 0x12, 0xfd, 0xd2, 0x84,
0xc5, 0x9a, 0x43, 0xb9, 0x26, 0xd7, 0xc1, 0x8e, 0x62, 0x7e, 0xbe, 0x7a, 0x8c, 0xde, 0xb5, 0x52,
0x85, 0xa0, 0x70, 0x10, 0x3e, 0xa5, 0x56, 0xa4, 0x57, 0xee, 0x8f, 0x26, 0xd4, 0x64, 0x40, 0x64,
0x1f, 0xaf, 0x1f, 0xa5, 0x8a, 0xc9, 0x4a, 0x97, 0xe8, 0xeb, 0x83, 0x24, 0x3a, 0xbf, 0x3d, 0x92,
0xbe, 0x0d, 0x56, 0xc2, 0x16, 0xcc, 0x17, 0x3c, 0xd6, 0xb9, 0xce, 0xf7, 0x18, 0xce, 0x14, 0xd3,
0xa1, 0x22, 0x94, 0x6b, 0x72, 0x00, 0x75, 0x2e, 0x39, 0x94, 0x41, 0xfe, 0x05, 0xb3, 0xda, 0x04,
0xc1, 0x63, 0xe6, 0x4d, 0x79, 0xb8, 0x58, 0xc9, 0xd0, 0x2d, 0x9a, 0xef, 0xc9, 0x01, 0xd8, 0x92,
0xb5, 0x93, 0x55, 0xc4, 0x9a, 0xf5, 0x3d, 0x63, 0x7f, 0xab, 0xb3, 0x99, 0x33, 0x8a, 0x42, 0x5a,
0xe8, 0xb1, 0x4b, 0x7c, 0xcf, 0x3f, 0x63, 0xa3, 0x48, 0x34, 0x2f, 0x15, 0x1c, 0xf4, 0xb4, 0x8c,
0xe6, 0x5a, 0x84, 0x4d, 0x98, 0x1f, 0x33, 0x81, 0xa6, 0x97, 0xa5, 0xa9, 0x84, 0x1d, 0x67, 0x42,
0x5a, 0xe8, 0xdd, 0x21, 0x58, 0x19, 0x04, 0x96, 0xfb, 0xb0, 0xaf, 0x1b, 0xc1, 0x1c, 0xf6, 0xc9,
0x21, 0xac, 0x27, 0x67, 0x5e, 0x1c, 0x84, 0x73, 0xc9, 0xcb, 0x56, 0xe7, 0x62, 0x7e, 0xe2, 0x58,
0xc9, 0x11, 0x2c, 0xb3, 0x71, 0x39, 0xd8, 0xf9, 0x11, 0x6f, 0x60, 0x35, 0xa0, 0x92, 0x06, 0x53,
0x89, 0xb3, 0x49, 0x71, 0x89, 0x92, 0x79, 0xa0, 0x72, 0xbf, 0x49, 0x71, 0x89, 0x64, 0x2f, 0xf9,
0x94, 0x49, 0x5a, 0x37, 0xa9, 0x5c, 0x23, 0x7f, 0x3c, 0x12, 0x01, 0x0f, 0xbd, 0x45, 0xc6, 0x5f,
0xb6, 0x77, 0xef, 0x41, 0x5d, 0xbd, 0x37, 0x64, 0x0f, 0x2a, 0x49, 0xec, 0xeb, 0x37, 0x6f, 0x2b,
0x7b, 0x88, 0xd4, 0x93, 0x45, 0x51, 0x95, 0x27, 0xd2, 0x2c, 0x12, 0xe9, 0x52, 0x80, 0xc2, 0xec,
0xdf, 0x29, 0x18, 0xf7, 0x3b, 0x03, 0xac, 0xec, 0xa9, 0xc4, 0xbe, 0x0f, 0xa6, 0x2c, 0x14, 0xc1,
0x2c, 0x60, 0xb1, 0x26, 0xa3, 0x24, 0x21, 0x87, 0x50, 0xf3, 0x84, 0x88, 0xb3, 0x76, 0xfa, 0x6f,
0xf9, 0x9d, 0x6d, 0x1d, 0xa1, 0x66, 0x10, 0x8a, 0x78, 0x45, 0x95, 0xd5, 0xf6, 0x5d, 0x80, 0x42,
0x88, 0xfc, 0x3d, 0x61, 0x2b, 0x8d, 0x8a, 0x4b, 0x72, 0x09, 0x6a, 0x4f, 0xbd, 0x45, 0xca, 0x74,
0x50, 0x6a, 0xf3, 0x89, 0x79, 0xd7, 0x70, 0x7f, 0x32, 0x61, 0x5d, 0xbf, 0xbb, 0xe4, 0x26, 0xac,
0xcb, 0x77, 0x57, 0x47, 0xf4, 0xf6, 0x9b, 0x66, 0x26, 0xa4, 0x9d, 0x0f, 0x94, 0x52, 0x8c, 0x1a,
0x4a, 0x0d, 0x16, 0x1d, 0x63, 0x31, 0x5e, 0x2a, 0x53, 0x36, 0xd3, 0x93, 0x43, 0xa6, 0xa2, 0xcf,
0x66, 0x41, 0x18, 0x60, 0xce, 0x28, 0xaa, 0xc8, 0xcd, 0xec, 0xd6, 0x55, 0x89, 0x78, 0xa5, 0x8c,
0xf8, 0xe6, 0xa5, 0x87, 0xe0, 0x94, 0x8e, 0x79, 0xcb, 0xad, 0x3f, 0x2a, 0xdf, 0x5a, 0x1f, 0x29,
0xe1, 0xd4, 0xd8, 0x2b, 0x58, 0xf8, 0x07, 0xfc, 0xdd, 0x06, 0x28, 0x20, 0xdf, 0xbd, 0x52, 0xdc,
0x67, 0x15, 0x80, 0x51, 0x84, 0x0f, 0xe2, 0xd4, 0x93, 0xef, 0xe7, 0x46, 0x30, 0x0f, 0x79, 0xcc,
0x1e, 0xcb, 0x66, 0x95, 0xfe, 0x16, 0x75, 0x94, 0x4c, 0xf6, 0x15, 0x39, 0x02, 0x67, 0xca, 0x12,
0x3f, 0x0e, 0x64, 0x91, 0x6b, 0xd2, 0x77, 0xf1, 0x4e, 0x05, 0x4e, 0xab, 0x5f, 0x58, 0x28, 0xae,
0xca, 0x3e, 0xa4, 0x03, 0x1b, 0xec, 0x3c, 0xe2, 0xb1, 0xd0, 0xa7, 0xa8, 0xf1, 0x7c, 0x41, 0x0d,
0x7a, 0x94, 0xcb, 0x93, 0xa8, 0xc3, 0x8a, 0x0d, 0xf1, 0xa0, 0xea, 0x7b, 0x91, 0x9a, 0x4d, 0x4e,
0xa7, 0xf9, 0xda, 0x79, 0x3d, 0x2f, 0x52, 0xa4, 0x75, 0x6f, 0xe1, 0x5d, 0x9f, 0xfd, 0xb6, 0x7b,
0x50, 0x1a, 0x48, 0x4b, 0x3e, 0x59, 0xb5, 0x65, 0xbd, 0x3c, 0x09, 0x44, 0x3b, 0x15, 0xc1, 0xa2,
0xed, 0x45, 0x01, 0xc2, 0xa1, 0xe3, 0xb0, 0x4f, 0x25, 0xf4, 0xf6, 0x3d, 0x68, 0xbc, 0x1e, 0xf7,
0xfb, 0xe4, 0x60, 0xfb, 0x0e, 0xd8, 0x79, 0x1c, 0x7f, 0xe7, 0x68, 0x95, 0x93, 0x77, 0x0d, 0x9c,
0xd2, 0xbd, 0xd1, 0xf0, 0x54, 0x1a, 0x2a, 0xf6, 0xd5, 0xc6, 0x7d, 0x86, 0xff, 0x06, 0x7a, 0x8a,
0x90, 0x0f, 0x00, 0xce, 0x84, 0x88, 0x1e, 0xcb, 0xb1, 0xa2, 0x0f, 0xb1, 0x51, 0x22, 0x2d, 0xc8,
0x2e, 0x38, 0xb8, 0x49, 0xb4, 0x5e, 0x45, 0x2a, 0x3d, 0x12, 0x65, 0xf0, 0x7f, 0xb0, 0x67, 0xb9,
0xbb, 0x1a, 0x1d, 0xd6, 0x2c, 0xf3, 0xfe, 0x1f, 0x58, 0x21, 0xd7, 0x3a, 0x35, 0xe5, 0xd6, 0x43,
0x2e, 0x55, 0xee, 0x01, 0xfc, 0xe7, 0x8d, 0x1f, 0x19, 0x72, 0x05, 0xea, 0xb3, 0x60, 0x21, 0x64,
0xbb, 0xe2, 0xe0, 0xd4, 0x3b, 0xf7, 0x17, 0x03, 0xa0, 0x68, 0x2d, 0x64, 0x04, 0xfb, 0x0e, 0x6d,
0x36, 0x54, 0x9f, 0x2d, 0xc0, 0x5a, 0xea, 0x0c, 0xea, 0x3a, 0xba, 0xfa, 0x6a, 0x3b, 0xb6, 0xb2,
0x04, 0xab, 0xdc, 0x76, 0x74, 0x6e, 0xdf, 0xe7, 0x67, 0x23, 0x3f, 0x61, 0xfb, 0x01, 0x6c, 0xbe,
0x02, 0xf7, 0x8e, 0x9d, 0x5a, 0x54, 0x59, 0x29, 0x65, 0x37, 0x3e, 0x05, 0x3b, 0x1f, 0x82, 0xc4,
0x82, 0x6a, 0x77, 0xf8, 0x45, 0xbf, 0xb1, 0x46, 0x00, 0xea, 0xe3, 0x41, 0x8f, 0x0e, 0x4e, 0x1a,
0x06, 0x59, 0x87, 0xca, 0x78, 0x7c, 0xdc, 0x30, 0x89, 0x0d, 0xb5, 0xde, 0x51, 0xef, 0x78, 0xd0,
0xa8, 0xe0, 0xf2, 0xe4, 0xe1, 0xa3, 0xfb, 0xe3, 0x46, 0xf5, 0xc6, 0x6d, 0xb8, 0xf0, 0xda, 0xa0,
0x92, 0xde, 0xc7, 0x47, 0x74, 0x80, 0x48, 0x0e, 0xac, 0x3f, 0xa2, 0xc3, 0xd3, 0xa3, 0x93, 0x41,
0xc3, 0x40, 0xc5, 0xe7, 0xa3, 0xde, 0x83, 0x41, 0xbf, 0x61, 0x76, 0x1b, 0xcf, 0x5f, 0xee, 0x18,
0x3f, 0xbf, 0xdc, 0x31, 0x7e, 0x7f, 0xb9, 0x63, 0x7c, 0xfb, 0xc7, 0xce, 0xda, 0xa4, 0x2e, 0x7f,
0xb0, 0x6f, 0xfd, 0x19, 0x00, 0x00, 0xff, 0xff, 0xa3, 0xba, 0x5c, 0x6e, 0xa0, 0x0b, 0x00, 0x00,
// 1415 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x57, 0xcd, 0x6f, 0x1b, 0x45,
0x14, 0x8f, 0xd7, 0x9f, 0xfb, 0x9c, 0xa4, 0x66, 0xfa, 0x81, 0x09, 0x25, 0x09, 0x5b, 0x40, 0x69,
0xd2, 0x38, 0x92, 0x2b, 0xb5, 0x15, 0x87, 0x8a, 0xf8, 0xa3, 0x8a, 0x29, 0x89, 0xa3, 0x71, 0x08,
0xc7, 0x6a, 0xb3, 0x1e, 0x3b, 0xab, 0x38, 0x3b, 0xab, 0xdd, 0x71, 0x1b, 0x5f, 0x38, 0xf4, 0x2f,
0x40, 0x42, 0xe2, 0xce, 0x91, 0x0b, 0xff, 0x01, 0xf7, 0x1e, 0xb9, 0xc2, 0xa1, 0xa0, 0xf2, 0x8f,
0xa0, 0xf7, 0x66, 0xd6, 0xbb, 0xfd, 0x40, 0xb4, 0x82, 0x93, 0xdf, 0xbc, 0xf7, 0x9b, 0xdf, 0xcc,
0xfc, 0xde, 0x9b, 0x79, 0x6b, 0xb0, 0x65, 0x18, 0x37, 0xc2, 0x48, 0x2a, 0xc9, 0xac, 0xf0, 0x64,
0x65, 0x7b, 0xec, 0xab, 0xd3, 0xe9, 0x49, 0xc3, 0x93, 0xe7, 0x3b, 0x63, 0x39, 0x96, 0x3b, 0x14,
0x3a, 0x99, 0x8e, 0x68, 0x44, 0x03, 0xb2, 0xf4, 0x14, 0xe7, 0x47, 0x0b, 0xac, 0x7e, 0xc8, 0x3e,
0x86, 0x92, 0x1f, 0x84, 0x53, 0x15, 0xd7, 0x73, 0xeb, 0xf9, 0x8d, 0x6a, 0xd3, 0x6e, 0x84, 0x27,
0x8d, 0x1e, 0x7a, 0xb8, 0x09, 0xb0, 0x75, 0x28, 0x88, 0x0b, 0xe1, 0xd5, 0xad, 0xf5, 0xdc, 0x46,
0xb5, 0x09, 0x08, 0xe8, 0x5e, 0x08, 0xaf, 0x1f, 0xee, 0x2d, 0x70, 0x8a, 0xb0, 0xcf, 0xa0, 0x14,
0xcb, 0x69, 0xe4, 0x89, 0x7a, 0x9e, 0x30, 0x8b, 0x88, 0x19, 0x90, 0x87, 0x50, 0x26, 0x8a, 0x4c,
0x9e, 0x0c, 0x67, 0xf5, 0x42, 0xca, 0xd4, 0x96, 0xe1, 0x4c, 0x33, 0x61, 0x84, 0xdd, 0x80, 0xe2,
0xc9, 0xd4, 0x9f, 0x0c, 0xeb, 0x45, 0x82, 0x54, 0x11, 0xd2, 0x42, 0x07, 0x61, 0x74, 0x8c, 0x6d,
0x40, 0x25, 0x9c, 0xb8, 0x6a, 0x24, 0xa3, 0xf3, 0x3a, 0xa4, 0x0b, 0x1e, 0x1a, 0x1f, 0x9f, 0x47,
0xd9, 0x5d, 0xa8, 0x7a, 0x32, 0x88, 0x55, 0xe4, 0xfa, 0x81, 0x8a, 0xeb, 0x55, 0x02, 0x5f, 0x45,
0xf0, 0x37, 0x32, 0x3a, 0x13, 0x51, 0x3b, 0x0d, 0xf2, 0x2c, 0xb2, 0x55, 0x00, 0x4b, 0x86, 0xce,
0x0f, 0x39, 0xa8, 0x24, 0xac, 0xcc, 0x81, 0xc5, 0xdd, 0xc8, 0x3b, 0xf5, 0x95, 0xf0, 0xd4, 0x34,
0x12, 0xf5, 0xdc, 0x7a, 0x6e, 0xc3, 0xe6, 0x2f, 0xf9, 0xd8, 0x32, 0x58, 0xfd, 0x01, 0x09, 0x65,
0x73, 0xab, 0x3f, 0x60, 0x75, 0x28, 0x1f, 0xbb, 0x91, 0xef, 0x06, 0x8a, 0x94, 0xb1, 0x79, 0x32,
0x64, 0xd7, 0xc1, 0xee, 0x0f, 0x8e, 0x45, 0x14, 0xfb, 0x32, 0x20, 0x3d, 0x6c, 0x9e, 0x3a, 0xd8,
0x2a, 0x40, 0x7f, 0xf0, 0x40, 0xb8, 0x48, 0x1a, 0xd7, 0x8b, 0xeb, 0xf9, 0x0d, 0x9b, 0x67, 0x3c,
0xce, 0xb7, 0x50, 0xa4, 0x1c, 0xb1, 0x2f, 0xa1, 0x34, 0xf4, 0xc7, 0x22, 0x56, 0x7a, 0x3b, 0xad,
0xe6, 0xb3, 0xe7, 0x6b, 0x0b, 0xbf, 0x3f, 0x5f, 0xdb, 0xcc, 0x14, 0x83, 0x0c, 0x45, 0xe0, 0xc9,
0x40, 0xb9, 0x7e, 0x20, 0xa2, 0x78, 0x67, 0x2c, 0xb7, 0xf5, 0x94, 0x46, 0x87, 0x7e, 0xb8, 0x61,
0x60, 0x37, 0xa1, 0xe8, 0x07, 0x43, 0x71, 0x41, 0xfb, 0xcf, 0xb7, 0x2e, 0x1b, 0xaa, 0x6a, 0x7f,
0xaa, 0xc2, 0xa9, 0xea, 0x61, 0x88, 0x6b, 0x84, 0x13, 0x42, 0x49, 0x97, 0x00, 0xbb, 0x0e, 0x85,
0x73, 0xa1, 0x5c, 0x5a, 0xbe, 0xda, 0xac, 0xa0, 0xb4, 0xfb, 0x42, 0xb9, 0x9c, 0xbc, 0x58, 0x5d,
0xe7, 0x72, 0x8a, 0xd2, 0x5b, 0x69, 0x75, 0xed, 0xa3, 0x87, 0x9b, 0x00, 0xfb, 0x14, 0xca, 0x81,
0x50, 0x4f, 0x64, 0x74, 0x46, 0x12, 0x2d, 0xeb, 0x9c, 0x1f, 0x08, 0xb5, 0x2f, 0x87, 0x82, 0x27,
0x31, 0xe7, 0xa7, 0x1c, 0x14, 0x90, 0x98, 0x31, 0x28, 0xb8, 0xd1, 0x58, 0x97, 0xab, 0xcd, 0xc9,
0x66, 0x35, 0xc8, 0x8b, 0xe0, 0x31, 0xad, 0x61, 0x73, 0x34, 0xd1, 0xe3, 0x3d, 0x19, 0x1a, 0xd1,
0xd1, 0xc4, 0x79, 0xd3, 0x58, 0x44, 0x46, 0x6b, 0xb2, 0xd9, 0x4d, 0xb0, 0xc3, 0x48, 0x5e, 0xcc,
0x1e, 0xe1, 0xec, 0x62, 0xa6, 0x92, 0xd0, 0xd9, 0x0d, 0x1e, 0xf3, 0x4a, 0x68, 0x2c, 0xb6, 0x09,
0x20, 0x2e, 0x54, 0xe4, 0xee, 0xc9, 0x58, 0xc5, 0xf5, 0x12, 0x9d, 0x86, 0x0a, 0x18, 0x1d, 0xbd,
0x43, 0x9e, 0x89, 0x3a, 0x3f, 0x5b, 0x50, 0xa4, 0x43, 0xb2, 0x0d, 0x94, 0x34, 0x9c, 0xea, 0xec,
0xe4, 0x5b, 0xcc, 0x48, 0x0a, 0x94, 0xbc, 0xb9, 0xa2, 0x98, 0xc8, 0x15, 0xa8, 0xc4, 0x62, 0x22,
0x3c, 0x25, 0x23, 0x53, 0x3f, 0xf3, 0x31, 0x6e, 0x7d, 0x88, 0x29, 0xd6, 0xa7, 0x21, 0x9b, 0x6d,
0x41, 0x49, 0x52, 0x5e, 0xe8, 0x40, 0xff, 0x90, 0x2d, 0x03, 0x41, 0xf2, 0x48, 0xb8, 0x43, 0x19,
0x4c, 0x66, 0x74, 0xcc, 0x0a, 0x9f, 0x8f, 0xd9, 0x16, 0xd8, 0x94, 0x89, 0xa3, 0x59, 0x28, 0xea,
0x25, 0xca, 0xc0, 0xd2, 0x3c, 0x4b, 0xe8, 0xe4, 0x69, 0x1c, 0x6f, 0x9e, 0xe7, 0x7a, 0xa7, 0xa2,
0x1f, 0xaa, 0xfa, 0x95, 0x54, 0xaf, 0xb6, 0xf1, 0xf1, 0x79, 0x14, 0x69, 0x63, 0xe1, 0x45, 0x42,
0x21, 0xf4, 0x2a, 0x41, 0x89, 0x76, 0x90, 0x38, 0x79, 0x1a, 0x77, 0x7a, 0x50, 0x49, 0x28, 0xf0,
0x0a, 0xf5, 0x3a, 0xe6, 0x72, 0x59, 0xbd, 0x0e, 0xdb, 0x86, 0x72, 0x7c, 0xea, 0x46, 0x7e, 0x30,
0x26, 0x5d, 0x96, 0x9b, 0x97, 0xe7, 0x2b, 0x0e, 0xb4, 0x1f, 0xc9, 0x12, 0x8c, 0x23, 0xc1, 0x9e,
0x2f, 0xf1, 0x1a, 0x57, 0x0d, 0xf2, 0x53, 0x7f, 0x48, 0x3c, 0x4b, 0x1c, 0x4d, 0xf4, 0x8c, 0x7d,
0x5d, 0x27, 0x4b, 0x1c, 0x4d, 0x14, 0xfb, 0x5c, 0x0e, 0x05, 0xc9, 0xba, 0xc4, 0xc9, 0x46, 0xfd,
0x64, 0xa8, 0x7c, 0x19, 0xb8, 0x93, 0x44, 0xbf, 0x64, 0xec, 0xdc, 0x87, 0x92, 0x7e, 0xc3, 0xd8,
0x3a, 0xe4, 0xe3, 0xc8, 0x33, 0xef, 0xe8, 0x72, 0xf2, 0xb8, 0xe9, 0x67, 0x90, 0x63, 0x68, 0x9e,
0x48, 0x2b, 0x4d, 0xa4, 0xc3, 0x01, 0x52, 0xd8, 0xff, 0x53, 0x30, 0xce, 0xf7, 0x39, 0xa8, 0x24,
0xcf, 0x2f, 0xbe, 0x25, 0xfe, 0x50, 0x04, 0xca, 0x1f, 0xf9, 0x22, 0x32, 0x62, 0x64, 0x3c, 0x6c,
0x1b, 0x8a, 0xae, 0x52, 0x51, 0x72, 0x45, 0xdf, 0xcf, 0xbe, 0xdd, 0x8d, 0x5d, 0x8c, 0x74, 0x03,
0x15, 0xcd, 0xb8, 0x46, 0xad, 0xdc, 0x03, 0x48, 0x9d, 0xa8, 0xdf, 0x99, 0x98, 0x19, 0x56, 0x34,
0xd9, 0x15, 0x28, 0x3e, 0x76, 0x27, 0x53, 0x61, 0x36, 0xa5, 0x07, 0x9f, 0x5b, 0xf7, 0x72, 0xce,
0x2f, 0x16, 0x94, 0xcd, 0x5b, 0xce, 0x6e, 0x41, 0x99, 0xde, 0x72, 0xb3, 0xa3, 0x37, 0x9f, 0x34,
0x81, 0xb0, 0x9d, 0x79, 0x93, 0xca, 0xec, 0xd1, 0x50, 0xe9, 0x66, 0x65, 0xf6, 0x98, 0xb6, 0xac,
0xfc, 0x50, 0x8c, 0x4c, 0x37, 0xa2, 0x54, 0x74, 0xc4, 0xc8, 0x0f, 0x7c, 0xcc, 0x19, 0xc7, 0x10,
0xbb, 0x95, 0x9c, 0xba, 0x40, 0x8c, 0xd7, 0xb2, 0x8c, 0xaf, 0x1f, 0xba, 0x07, 0xd5, 0xcc, 0x32,
0x6f, 0x38, 0xf5, 0x27, 0xd9, 0x53, 0x9b, 0x25, 0x89, 0x4e, 0xb7, 0xd2, 0x54, 0x85, 0xff, 0xa0,
0xdf, 0x1d, 0x80, 0x94, 0xf2, 0xed, 0x2b, 0xc5, 0x79, 0x9a, 0x07, 0xe8, 0x87, 0xf8, 0x78, 0x0e,
0x5d, 0x7a, 0x93, 0x17, 0xfd, 0x71, 0x20, 0x23, 0xf1, 0x88, 0x2e, 0x2b, 0xcd, 0xaf, 0xf0, 0xaa,
0xf6, 0xd1, 0xbd, 0x62, 0xbb, 0x50, 0x1d, 0x8a, 0xd8, 0x8b, 0x7c, 0x2a, 0x72, 0x23, 0xfa, 0x1a,
0x9e, 0x29, 0xe5, 0x69, 0x74, 0x52, 0x84, 0xd6, 0x2a, 0x3b, 0x87, 0x35, 0x61, 0x51, 0x5c, 0x84,
0x32, 0x52, 0x66, 0x15, 0xdd, 0xf2, 0x2f, 0xe9, 0x8f, 0x07, 0xf4, 0xd3, 0x4a, 0xbc, 0x2a, 0xd2,
0x01, 0x73, 0xa1, 0xe0, 0xb9, 0xa1, 0xee, 0x77, 0xd5, 0x66, 0xfd, 0x95, 0xf5, 0xda, 0x6e, 0xa8,
0x45, 0x6b, 0xdd, 0xc6, 0xb3, 0x3e, 0xfd, 0x63, 0x6d, 0x2b, 0xd3, 0xe4, 0xce, 0xe5, 0xc9, 0x6c,
0x87, 0xea, 0xe5, 0xcc, 0x57, 0x3b, 0x53, 0xe5, 0x4f, 0x76, 0xdc, 0xd0, 0x47, 0x3a, 0x9c, 0xd8,
0xeb, 0x70, 0xa2, 0x5e, 0xb9, 0x0f, 0xb5, 0x57, 0xf7, 0xfd, 0x2e, 0x39, 0x58, 0xb9, 0x0b, 0xf6,
0x7c, 0x1f, 0xff, 0x36, 0xb1, 0x92, 0x4d, 0xde, 0x0d, 0xa8, 0x66, 0xce, 0x8d, 0xc0, 0x63, 0x02,
0x6a, 0xf5, 0xf5, 0xc0, 0x79, 0x8a, 0xdf, 0x1b, 0x49, 0xc7, 0xf9, 0x08, 0xe0, 0x54, 0xa9, 0xf0,
0x11, 0xb5, 0x20, 0xb3, 0x88, 0x8d, 0x1e, 0x42, 0xb0, 0x35, 0xa8, 0xe2, 0x20, 0x36, 0x71, 0xbd,
0x53, 0x9a, 0x11, 0x6b, 0xc0, 0x87, 0x60, 0x8f, 0xe6, 0xd3, 0x75, 0xeb, 0xa8, 0x8c, 0x92, 0xd9,
0x1f, 0x40, 0x25, 0x90, 0x26, 0xa6, 0x3b, 0x62, 0x39, 0x90, 0x14, 0x72, 0xb6, 0xe0, 0xbd, 0xd7,
0x3e, 0x8e, 0xd8, 0x35, 0x28, 0x8d, 0xfc, 0x89, 0xa2, 0xeb, 0x8a, 0x4d, 0xd6, 0x8c, 0x9c, 0xdf,
0x72, 0x00, 0xe9, 0xd5, 0x42, 0x45, 0xf0, 0xde, 0x21, 0x66, 0x51, 0xdf, 0xb3, 0x09, 0x54, 0xce,
0x4d, 0x06, 0x4d, 0x1d, 0x5d, 0x7f, 0xf9, 0x3a, 0x36, 0x92, 0x04, 0xeb, 0xdc, 0x36, 0x4d, 0x6e,
0xdf, 0xe5, 0x03, 0x66, 0xbe, 0xc2, 0xca, 0x43, 0x58, 0x7a, 0x89, 0xee, 0x2d, 0x6f, 0x6a, 0x5a,
0x65, 0xd9, 0x94, 0xdd, 0x82, 0x92, 0x6e, 0xee, 0xf8, 0x6e, 0xa3, 0x65, 0x68, 0xc8, 0xa6, 0xde,
0x72, 0x98, 0x7c, 0xea, 0xf5, 0x0e, 0x37, 0x37, 0xa0, 0x6c, 0x3e, 0x5a, 0x98, 0x0d, 0xc5, 0xaf,
0x0f, 0x06, 0xdd, 0xa3, 0xda, 0x02, 0xab, 0x40, 0x61, 0xaf, 0x3f, 0x38, 0xaa, 0xe5, 0xd0, 0x3a,
0xe8, 0x1f, 0x74, 0x6b, 0xd6, 0xe6, 0x17, 0x60, 0xcf, 0x9b, 0x2b, 0xba, 0x5b, 0xbd, 0x83, 0x4e,
0x6d, 0x81, 0x01, 0x94, 0x06, 0xdd, 0x36, 0xef, 0x22, 0xb8, 0x0c, 0xf9, 0xc1, 0x60, 0xaf, 0x66,
0x21, 0x55, 0x7b, 0xb7, 0xbd, 0xd7, 0xad, 0xe5, 0xd1, 0x3c, 0xda, 0x3f, 0x7c, 0x30, 0xa8, 0x15,
0x36, 0xef, 0xc0, 0xa5, 0x57, 0x1a, 0x20, 0xcd, 0xde, 0xdb, 0xe5, 0x5d, 0x64, 0xaa, 0x42, 0xf9,
0x90, 0xf7, 0x8e, 0x77, 0x8f, 0xba, 0xb5, 0x1c, 0x06, 0xbe, 0xea, 0xb7, 0x1f, 0x76, 0x3b, 0x35,
0xab, 0x55, 0x7b, 0xf6, 0x62, 0x35, 0xf7, 0xeb, 0x8b, 0xd5, 0xdc, 0x9f, 0x2f, 0x56, 0x73, 0xdf,
0xfd, 0xb5, 0xba, 0x70, 0x52, 0xa2, 0x3f, 0x03, 0xb7, 0xff, 0x0e, 0x00, 0x00, 0xff, 0xff, 0x8c,
0x1e, 0x1e, 0x98, 0x4c, 0x0c, 0x00, 0x00,
}

13
vendor/github.com/moby/buildkit/solver/pb/ops.proto generated vendored
View file

@ -41,6 +41,7 @@ message Input {
message ExecOp {
Meta meta = 1;
repeated Mount mounts = 2;
NetMode network = 3;
}
// Meta is a set of arguments for ExecOp.
@ -52,6 +53,13 @@ message Meta {
string cwd = 3;
string user = 4;
ProxyEnv proxy_env = 5;
repeated HostIP extraHosts = 6;
}
enum NetMode {
UNSET = 0; // sandbox
HOST = 1;
NONE = 2;
}
// Mount specifies how to mount an input Op as a filesystem.
@ -181,3 +189,8 @@ message Definition {
// A key must be an LLB op digest string. Currently, empty string is not expected as a key, but it may change in the future.
map<string, OpMetadata> metadata = 2 [(gogoproto.castkey) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
}
message HostIP {
string Host = 1;
string IP = 2;
}

70
vendor/github.com/moby/buildkit/util/entitlements/entitlements.go generated vendored Normal file
View file

@ -0,0 +1,70 @@
package entitlements
import "github.com/pkg/errors"
type Entitlement string
const (
EntitlementSecurityConfined Entitlement = "security.confined"
EntitlementSecurityUnconfined Entitlement = "security.unconfined" // unimplemented
EntitlementNetworkHost Entitlement = "network.host"
EntitlementNetworkNone Entitlement = "network.none"
)
var all = map[Entitlement]struct{}{
EntitlementSecurityConfined: {},
EntitlementSecurityUnconfined: {},
EntitlementNetworkHost: {},
EntitlementNetworkNone: {},
}
var defaults = map[Entitlement]struct{}{
EntitlementSecurityConfined: {},
EntitlementNetworkNone: {},
}
func Parse(s string) (Entitlement, error) {
_, ok := all[Entitlement(s)]
if !ok {
return "", errors.Errorf("unknown entitlement %s", s)
}
return Entitlement(s), nil
}
func WhiteList(allowed, supported []Entitlement) (Set, error) {
m := map[Entitlement]struct{}{}
var supm Set
if supported != nil {
var err error
supm, err = WhiteList(supported, nil)
if err != nil { // should not happen
return nil, err
}
}
for _, e := range allowed {
e, err := Parse(string(e))
if err != nil {
return nil, err
}
if supported != nil {
if !supm.Allowed(e) {
return nil, errors.Errorf("entitlement %s is not allowed", e)
}
}
m[e] = struct{}{}
}
for e := range defaults {
m[e] = struct{}{}
}
return Set(m), nil
}
type Set map[Entitlement]struct{}
func (s Set) Allowed(e Entitlement) bool {
_, ok := s[e]
return ok
}

22
vendor/github.com/moby/buildkit/util/network/network.go generated vendored Normal file
View file

@ -0,0 +1,22 @@
package network
// Provider interface for Network
type Provider interface {
NewInterface() (Interface, error)
Release(Interface) error
}
// Interface of network for workers
type Interface interface {
// Set the pid with network interace namespace
Set(int) error
// Removes the network interface
Remove(int) error
}
// NetworkOpts hold network options
type NetworkOpts struct {
Type string
CNIConfigPath string
CNIPluginPath string
}

8
vendor/github.com/moby/buildkit/vendor.conf generated vendored
View file

@ -6,7 +6,7 @@ github.com/davecgh/go-spew v1.1.0
github.com/pmezard/go-difflib v1.0.0
golang.org/x/sys 1b2967e3c290b7c545b3db0deeda16e9be4f98a2
github.com/containerd/containerd a88b6319614de846458750ff882723479ca7b1a1
github.com/containerd/containerd v1.2.0-beta.0
github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40
golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c
github.com/sirupsen/logrus v1.0.0
@ -21,9 +21,9 @@ github.com/opencontainers/image-spec v1.0.1
github.com/opencontainers/runc ad0f5255060d36872be04de22f8731f38ef2d7b1
github.com/Microsoft/go-winio v0.4.7
github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
github.com/opencontainers/runtime-spec v1.0.1
github.com/containerd/go-runc f271fa2021de855d4d918dbef83c5fe19db1bdd5
github.com/containerd/console 5d1b48d6114b8c9666f0c8b916f871af97b0a761
github.com/opencontainers/runtime-spec d810dbc60d8c5aeeb3d054bd1132fab2121968ce # v1.0.1-43-gd810dbc
github.com/containerd/go-runc edcf3de1f4971445c42d61f20d506b30612aa031
github.com/containerd/console 4d8a41f4ce5b9bae77c41786ea2458330f43f081
google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944
golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9