vendor: update buildkit to f238f1ef

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit a3cbd53ed2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Tonis Tiigi 2019-05-13 16:50:01 -07:00 committed by Sebastiaan van Stijn
parent 6896305b57
commit 31b0688de7
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
13 changed files with 119 additions and 19 deletions

View file

@ -27,7 +27,7 @@ github.com/imdario/mergo 7c29201646fa3de8506f70121347
golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c
# buildkit
github.com/moby/buildkit 8c0fa8fdec187d8f259a349d2da16dc2dc5f144a # v0.5.0
github.com/moby/buildkit f238f1efb04f00bf0cc147141fda9ddb55c8bc49
github.com/tonistiigi/fsutil 3bbb99cdbd76619ab717299830c60f6f2a533a6b
github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7

View file

@ -177,7 +177,7 @@ func (e *ExecOp) Marshal(c *Constraints) (digest.Digest, []byte, *pb.OpMetadata,
addCap(&e.constraints, pb.CapExecMetaNetwork)
}
if e.meta.Security != SecurityModeInsecure {
if e.meta.Security != SecurityModeSandbox {
addCap(&e.constraints, pb.CapExecMetaSecurity)
}

View file

@ -410,9 +410,6 @@ func parseCacheOptions(opt SolveOpt) (*cacheOptions, error) {
if csDir == "" {
return nil, errors.New("local cache importer requires src")
}
if err := os.MkdirAll(csDir, 0755); err != nil {
return nil, err
}
cs, err := contentlocal.NewStore(csDir)
if err != nil {
return nil, err

View file

@ -63,7 +63,9 @@ func (gwf *GatewayForwarder) lookupForwarder(ctx context.Context) (gateway.LLBBr
go func() {
<-ctx.Done()
gwf.mu.Lock()
gwf.updateCond.Broadcast()
gwf.mu.Unlock()
}()
gwf.mu.RLock()

View file

@ -95,6 +95,23 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou
Options: []string{"ro", "nosuid", "noexec", "nodev"},
})
if processMode == NoProcessSandbox {
var maskedPaths []string
for _, s := range s.Linux.MaskedPaths {
if !hasPrefix(s, "/proc") {
maskedPaths = append(maskedPaths, s)
}
}
s.Linux.MaskedPaths = maskedPaths
var readonlyPaths []string
for _, s := range s.Linux.ReadonlyPaths {
if !hasPrefix(s, "/proc") {
readonlyPaths = append(readonlyPaths, s)
}
}
s.Linux.ReadonlyPaths = readonlyPaths
}
if meta.SecurityMode == pb.SecurityMode_INSECURE {
//make sysfs rw mount for insecure mode.
for _, m := range s.Mounts {

View file

@ -41,6 +41,8 @@ type Opt struct {
// ProcessMode
ProcessMode oci.ProcessMode
IdentityMapping *idtools.IdentityMapping
// runc run --no-pivot (unrecommended)
NoPivot bool
}
var defaultCommandCandidates = []string{"buildkit-runc", "runc"}
@ -54,6 +56,7 @@ type runcExecutor struct {
networkProviders map[pb.NetMode]network.Provider
processMode oci.ProcessMode
idmap *idtools.IdentityMapping
noPivot bool
}
func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Executor, error) {
@ -111,6 +114,7 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex
networkProviders: networkProviders,
processMode: opt.ProcessMode,
idmap: opt.IdentityMapping,
noPivot: opt.NoPivot,
}
return w, nil
}
@ -193,6 +197,17 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
opts = append(opts, containerdoci.WithRootFSReadonly())
}
identity = idtools.Identity{
UID: int(uid),
GID: int(gid),
}
if w.idmap != nil {
identity, err = w.idmap.ToHost(identity)
if err != nil {
return err
}
}
if w.cgroupParent != "" {
var cgroupsPath string
lastSeparator := w.cgroupParent[len(w.cgroupParent)-1:]
@ -269,7 +284,8 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
logrus.Debugf("> creating %s %v", id, meta.Args)
status, err := w.runc.Run(runCtx, id, bundle, &runc.CreateOpts{
IO: &forwardIO{stdin: stdin, stdout: stdout, stderr: stderr},
IO: &forwardIO{stdin: stdin, stdout: stdout, stderr: stderr},
NoPivot: w.noPivot,
})
close(done)
if err != nil {

View file

@ -172,10 +172,6 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
}
}
if len(allDispatchStates.states) == 1 {
allDispatchStates.states[0].stageName = ""
}
var target *dispatchState
if opt.Target == "" {
target = allDispatchStates.lastTarget()
@ -207,6 +203,14 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
}
}
if has, state := hasCircularDependency(allDispatchStates.states); has {
return nil, nil, fmt.Errorf("circular dependency detected on stage: %s", state.stageName)
}
if len(allDispatchStates.states) == 1 {
allDispatchStates.states[0].stageName = ""
}
eg, ctx := errgroup.WithContext(ctx)
for i, d := range allDispatchStates.states {
reachable := isReachable(target, d)
@ -1130,6 +1134,41 @@ func isReachable(from, to *dispatchState) (ret bool) {
return false
}
func hasCircularDependency(states []*dispatchState) (bool, *dispatchState) {
var visit func(state *dispatchState) bool
if states == nil {
return false, nil
}
visited := make(map[*dispatchState]struct{})
path := make(map[*dispatchState]struct{})
visit = func(state *dispatchState) bool {
_, ok := visited[state]
if ok {
return false
}
visited[state] = struct{}{}
path[state] = struct{}{}
for dep := range state.deps {
_, ok = path[dep]
if ok {
return true
}
if visit(dep) {
return true
}
}
delete(path, state)
return false
}
for _, state := range states {
if visit(state) {
return true, state
}
}
return false, nil
}
func parseUser(str string) (uid uint32, gid uint32, err error) {
if str == "" {
return 0, 0, nil

View file

@ -158,7 +158,7 @@ func (gf *gatewayFrontend) Solve(ctx context.Context, llbBridge frontend.Fronten
rootFS = workerRef.ImmutableRef
}
lbf, err := newLLBBridgeForwarder(ctx, llbBridge, gf.workers)
lbf, ctx, err := newLLBBridgeForwarder(ctx, llbBridge, gf.workers)
defer lbf.conn.Close()
if err != nil {
return nil, err
@ -210,6 +210,9 @@ func (gf *gatewayFrontend) Solve(ctx context.Context, llbBridge frontend.Fronten
err = llbBridge.Exec(ctx, meta, rootFS, lbf.Stdin, lbf.Stdout, os.Stderr)
if err != nil {
if errors.Cause(err) == context.Canceled && lbf.isErrServerClosed {
err = errors.Errorf("frontend grpc server closed unexpectedly")
}
// An existing error (set via Return rpc) takes
// precedence over this error, which in turn takes
// precedence over a success reported via Return.
@ -294,15 +297,24 @@ func NewBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridg
return lbf
}
func newLLBBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridge, workers frontend.WorkerInfos) (*llbBridgeForwarder, error) {
func newLLBBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridge, workers frontend.WorkerInfos) (*llbBridgeForwarder, context.Context, error) {
ctx, cancel := context.WithCancel(ctx)
lbf := NewBridgeForwarder(ctx, llbBridge, workers)
server := grpc.NewServer()
grpc_health_v1.RegisterHealthServer(server, health.NewServer())
pb.RegisterLLBBridgeServer(server, lbf)
go serve(ctx, server, lbf.conn)
go func() {
serve(ctx, server, lbf.conn)
select {
case <-ctx.Done():
default:
lbf.isErrServerClosed = true
}
cancel()
}()
return lbf, nil
return lbf, ctx, nil
}
type pipe struct {
@ -372,11 +384,12 @@ type llbBridgeForwarder struct {
// lastRef solver.CachedResult
// lastRefs map[string]solver.CachedResult
// err error
doneCh chan struct{} // closed when result or err become valid through a call to a Return
result *frontend.Result
err error
exporterAttr map[string][]byte
workers frontend.WorkerInfos
doneCh chan struct{} // closed when result or err become valid through a call to a Return
result *frontend.Result
err error
exporterAttr map[string][]byte
workers frontend.WorkerInfos
isErrServerClosed bool
*pipe
}

View file

@ -28,6 +28,8 @@ type GrpcClient interface {
}
func New(ctx context.Context, opts map[string]string, session, product string, c pb.LLBBridgeClient, w []client.WorkerInfo) (GrpcClient, error) {
ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
defer cancel()
resp, err := c.Ping(ctx, &pb.PingRequest{})
if err != nil {
return nil, err

View file

@ -46,6 +46,7 @@ type conn struct {
closedOnce sync.Once
readMu sync.Mutex
writeMu sync.Mutex
err error
closeCh chan struct{}
}
@ -79,6 +80,8 @@ func (c *conn) Read(b []byte) (n int, err error) {
}
func (c *conn) Write(b []byte) (int, error) {
c.writeMu.Lock()
defer c.writeMu.Unlock()
m := &controlapi.BytesMessage{Data: b}
if err := c.stream.SendMsg(m); err != nil {
return 0, err
@ -93,7 +96,9 @@ func (c *conn) Close() (err error) {
}()
if cs, ok := c.stream.(grpc.ClientStream); ok {
c.writeMu.Lock()
err = cs.CloseSend()
c.writeMu.Unlock()
if err != nil {
return
}
@ -106,6 +111,7 @@ func (c *conn) Close() (err error) {
err = c.stream.RecvMsg(m)
if err != nil {
if err != io.EOF {
c.readMu.Unlock()
return
}
err = nil

View file

@ -162,7 +162,9 @@ func (sm *Manager) Get(ctx context.Context, id string) (Caller, error) {
go func() {
select {
case <-ctx.Done():
sm.mu.Lock()
sm.updateCondition.Broadcast()
sm.mu.Unlock()
}
}()

View file

@ -404,7 +404,9 @@ func (jl *Solver) Get(id string) (*Job, error) {
go func() {
<-ctx.Done()
jl.mu.Lock()
jl.updateCond.Broadcast()
jl.mu.Unlock()
}()
jl.mu.RLock()

View file

@ -101,7 +101,9 @@ func (pr *progressReader) Read(ctx context.Context) ([]*Progress, error) {
select {
case <-done:
case <-ctx.Done():
pr.mu.Lock()
pr.cond.Broadcast()
pr.mu.Unlock()
}
}()
pr.mu.Lock()
@ -163,7 +165,9 @@ func pipe() (*progressReader, *progressWriter, func()) {
pr.cond = sync.NewCond(&pr.mu)
go func() {
<-ctx.Done()
pr.mu.Lock()
pr.cond.Broadcast()
pr.mu.Unlock()
}()
pw := &progressWriter{
reader: pr,