vendor: update buildkit to f238f1ef
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit a3cbd53ed2
)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
6896305b57
commit
31b0688de7
13 changed files with 119 additions and 19 deletions
|
@ -27,7 +27,7 @@ github.com/imdario/mergo 7c29201646fa3de8506f70121347
|
|||
golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c
|
||||
|
||||
# buildkit
|
||||
github.com/moby/buildkit 8c0fa8fdec187d8f259a349d2da16dc2dc5f144a # v0.5.0
|
||||
github.com/moby/buildkit f238f1efb04f00bf0cc147141fda9ddb55c8bc49
|
||||
github.com/tonistiigi/fsutil 3bbb99cdbd76619ab717299830c60f6f2a533a6b
|
||||
github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
|
||||
github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7
|
||||
|
|
2
vendor/github.com/moby/buildkit/client/llb/exec.go
generated
vendored
2
vendor/github.com/moby/buildkit/client/llb/exec.go
generated
vendored
|
@ -177,7 +177,7 @@ func (e *ExecOp) Marshal(c *Constraints) (digest.Digest, []byte, *pb.OpMetadata,
|
|||
addCap(&e.constraints, pb.CapExecMetaNetwork)
|
||||
}
|
||||
|
||||
if e.meta.Security != SecurityModeInsecure {
|
||||
if e.meta.Security != SecurityModeSandbox {
|
||||
addCap(&e.constraints, pb.CapExecMetaSecurity)
|
||||
}
|
||||
|
||||
|
|
3
vendor/github.com/moby/buildkit/client/solve.go
generated
vendored
3
vendor/github.com/moby/buildkit/client/solve.go
generated
vendored
|
@ -410,9 +410,6 @@ func parseCacheOptions(opt SolveOpt) (*cacheOptions, error) {
|
|||
if csDir == "" {
|
||||
return nil, errors.New("local cache importer requires src")
|
||||
}
|
||||
if err := os.MkdirAll(csDir, 0755); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cs, err := contentlocal.NewStore(csDir)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
2
vendor/github.com/moby/buildkit/control/gateway/gateway.go
generated
vendored
2
vendor/github.com/moby/buildkit/control/gateway/gateway.go
generated
vendored
|
@ -63,7 +63,9 @@ func (gwf *GatewayForwarder) lookupForwarder(ctx context.Context) (gateway.LLBBr
|
|||
|
||||
go func() {
|
||||
<-ctx.Done()
|
||||
gwf.mu.Lock()
|
||||
gwf.updateCond.Broadcast()
|
||||
gwf.mu.Unlock()
|
||||
}()
|
||||
|
||||
gwf.mu.RLock()
|
||||
|
|
17
vendor/github.com/moby/buildkit/executor/oci/spec_unix.go
generated
vendored
17
vendor/github.com/moby/buildkit/executor/oci/spec_unix.go
generated
vendored
|
@ -95,6 +95,23 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou
|
|||
Options: []string{"ro", "nosuid", "noexec", "nodev"},
|
||||
})
|
||||
|
||||
if processMode == NoProcessSandbox {
|
||||
var maskedPaths []string
|
||||
for _, s := range s.Linux.MaskedPaths {
|
||||
if !hasPrefix(s, "/proc") {
|
||||
maskedPaths = append(maskedPaths, s)
|
||||
}
|
||||
}
|
||||
s.Linux.MaskedPaths = maskedPaths
|
||||
var readonlyPaths []string
|
||||
for _, s := range s.Linux.ReadonlyPaths {
|
||||
if !hasPrefix(s, "/proc") {
|
||||
readonlyPaths = append(readonlyPaths, s)
|
||||
}
|
||||
}
|
||||
s.Linux.ReadonlyPaths = readonlyPaths
|
||||
}
|
||||
|
||||
if meta.SecurityMode == pb.SecurityMode_INSECURE {
|
||||
//make sysfs rw mount for insecure mode.
|
||||
for _, m := range s.Mounts {
|
||||
|
|
18
vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go
generated
vendored
18
vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go
generated
vendored
|
@ -41,6 +41,8 @@ type Opt struct {
|
|||
// ProcessMode
|
||||
ProcessMode oci.ProcessMode
|
||||
IdentityMapping *idtools.IdentityMapping
|
||||
// runc run --no-pivot (unrecommended)
|
||||
NoPivot bool
|
||||
}
|
||||
|
||||
var defaultCommandCandidates = []string{"buildkit-runc", "runc"}
|
||||
|
@ -54,6 +56,7 @@ type runcExecutor struct {
|
|||
networkProviders map[pb.NetMode]network.Provider
|
||||
processMode oci.ProcessMode
|
||||
idmap *idtools.IdentityMapping
|
||||
noPivot bool
|
||||
}
|
||||
|
||||
func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Executor, error) {
|
||||
|
@ -111,6 +114,7 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex
|
|||
networkProviders: networkProviders,
|
||||
processMode: opt.ProcessMode,
|
||||
idmap: opt.IdentityMapping,
|
||||
noPivot: opt.NoPivot,
|
||||
}
|
||||
return w, nil
|
||||
}
|
||||
|
@ -193,6 +197,17 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
|
|||
opts = append(opts, containerdoci.WithRootFSReadonly())
|
||||
}
|
||||
|
||||
identity = idtools.Identity{
|
||||
UID: int(uid),
|
||||
GID: int(gid),
|
||||
}
|
||||
if w.idmap != nil {
|
||||
identity, err = w.idmap.ToHost(identity)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if w.cgroupParent != "" {
|
||||
var cgroupsPath string
|
||||
lastSeparator := w.cgroupParent[len(w.cgroupParent)-1:]
|
||||
|
@ -269,7 +284,8 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
|
|||
|
||||
logrus.Debugf("> creating %s %v", id, meta.Args)
|
||||
status, err := w.runc.Run(runCtx, id, bundle, &runc.CreateOpts{
|
||||
IO: &forwardIO{stdin: stdin, stdout: stdout, stderr: stderr},
|
||||
IO: &forwardIO{stdin: stdin, stdout: stdout, stderr: stderr},
|
||||
NoPivot: w.noPivot,
|
||||
})
|
||||
close(done)
|
||||
if err != nil {
|
||||
|
|
47
vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go
generated
vendored
47
vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go
generated
vendored
|
@ -172,10 +172,6 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
|
|||
}
|
||||
}
|
||||
|
||||
if len(allDispatchStates.states) == 1 {
|
||||
allDispatchStates.states[0].stageName = ""
|
||||
}
|
||||
|
||||
var target *dispatchState
|
||||
if opt.Target == "" {
|
||||
target = allDispatchStates.lastTarget()
|
||||
|
@ -207,6 +203,14 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
|
|||
}
|
||||
}
|
||||
|
||||
if has, state := hasCircularDependency(allDispatchStates.states); has {
|
||||
return nil, nil, fmt.Errorf("circular dependency detected on stage: %s", state.stageName)
|
||||
}
|
||||
|
||||
if len(allDispatchStates.states) == 1 {
|
||||
allDispatchStates.states[0].stageName = ""
|
||||
}
|
||||
|
||||
eg, ctx := errgroup.WithContext(ctx)
|
||||
for i, d := range allDispatchStates.states {
|
||||
reachable := isReachable(target, d)
|
||||
|
@ -1130,6 +1134,41 @@ func isReachable(from, to *dispatchState) (ret bool) {
|
|||
return false
|
||||
}
|
||||
|
||||
func hasCircularDependency(states []*dispatchState) (bool, *dispatchState) {
|
||||
var visit func(state *dispatchState) bool
|
||||
if states == nil {
|
||||
return false, nil
|
||||
}
|
||||
visited := make(map[*dispatchState]struct{})
|
||||
path := make(map[*dispatchState]struct{})
|
||||
|
||||
visit = func(state *dispatchState) bool {
|
||||
_, ok := visited[state]
|
||||
if ok {
|
||||
return false
|
||||
}
|
||||
visited[state] = struct{}{}
|
||||
path[state] = struct{}{}
|
||||
for dep := range state.deps {
|
||||
_, ok = path[dep]
|
||||
if ok {
|
||||
return true
|
||||
}
|
||||
if visit(dep) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
delete(path, state)
|
||||
return false
|
||||
}
|
||||
for _, state := range states {
|
||||
if visit(state) {
|
||||
return true, state
|
||||
}
|
||||
}
|
||||
return false, nil
|
||||
}
|
||||
|
||||
func parseUser(str string) (uid uint32, gid uint32, err error) {
|
||||
if str == "" {
|
||||
return 0, 0, nil
|
||||
|
|
31
vendor/github.com/moby/buildkit/frontend/gateway/gateway.go
generated
vendored
31
vendor/github.com/moby/buildkit/frontend/gateway/gateway.go
generated
vendored
|
@ -158,7 +158,7 @@ func (gf *gatewayFrontend) Solve(ctx context.Context, llbBridge frontend.Fronten
|
|||
rootFS = workerRef.ImmutableRef
|
||||
}
|
||||
|
||||
lbf, err := newLLBBridgeForwarder(ctx, llbBridge, gf.workers)
|
||||
lbf, ctx, err := newLLBBridgeForwarder(ctx, llbBridge, gf.workers)
|
||||
defer lbf.conn.Close()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -210,6 +210,9 @@ func (gf *gatewayFrontend) Solve(ctx context.Context, llbBridge frontend.Fronten
|
|||
err = llbBridge.Exec(ctx, meta, rootFS, lbf.Stdin, lbf.Stdout, os.Stderr)
|
||||
|
||||
if err != nil {
|
||||
if errors.Cause(err) == context.Canceled && lbf.isErrServerClosed {
|
||||
err = errors.Errorf("frontend grpc server closed unexpectedly")
|
||||
}
|
||||
// An existing error (set via Return rpc) takes
|
||||
// precedence over this error, which in turn takes
|
||||
// precedence over a success reported via Return.
|
||||
|
@ -294,15 +297,24 @@ func NewBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridg
|
|||
return lbf
|
||||
}
|
||||
|
||||
func newLLBBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridge, workers frontend.WorkerInfos) (*llbBridgeForwarder, error) {
|
||||
func newLLBBridgeForwarder(ctx context.Context, llbBridge frontend.FrontendLLBBridge, workers frontend.WorkerInfos) (*llbBridgeForwarder, context.Context, error) {
|
||||
ctx, cancel := context.WithCancel(ctx)
|
||||
lbf := NewBridgeForwarder(ctx, llbBridge, workers)
|
||||
server := grpc.NewServer()
|
||||
grpc_health_v1.RegisterHealthServer(server, health.NewServer())
|
||||
pb.RegisterLLBBridgeServer(server, lbf)
|
||||
|
||||
go serve(ctx, server, lbf.conn)
|
||||
go func() {
|
||||
serve(ctx, server, lbf.conn)
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
default:
|
||||
lbf.isErrServerClosed = true
|
||||
}
|
||||
cancel()
|
||||
}()
|
||||
|
||||
return lbf, nil
|
||||
return lbf, ctx, nil
|
||||
}
|
||||
|
||||
type pipe struct {
|
||||
|
@ -372,11 +384,12 @@ type llbBridgeForwarder struct {
|
|||
// lastRef solver.CachedResult
|
||||
// lastRefs map[string]solver.CachedResult
|
||||
// err error
|
||||
doneCh chan struct{} // closed when result or err become valid through a call to a Return
|
||||
result *frontend.Result
|
||||
err error
|
||||
exporterAttr map[string][]byte
|
||||
workers frontend.WorkerInfos
|
||||
doneCh chan struct{} // closed when result or err become valid through a call to a Return
|
||||
result *frontend.Result
|
||||
err error
|
||||
exporterAttr map[string][]byte
|
||||
workers frontend.WorkerInfos
|
||||
isErrServerClosed bool
|
||||
*pipe
|
||||
}
|
||||
|
||||
|
|
2
vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go
generated
vendored
2
vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go
generated
vendored
|
@ -28,6 +28,8 @@ type GrpcClient interface {
|
|||
}
|
||||
|
||||
func New(ctx context.Context, opts map[string]string, session, product string, c pb.LLBBridgeClient, w []client.WorkerInfo) (GrpcClient, error) {
|
||||
ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
|
||||
defer cancel()
|
||||
resp, err := c.Ping(ctx, &pb.PingRequest{})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
6
vendor/github.com/moby/buildkit/session/grpchijack/dial.go
generated
vendored
6
vendor/github.com/moby/buildkit/session/grpchijack/dial.go
generated
vendored
|
@ -46,6 +46,7 @@ type conn struct {
|
|||
|
||||
closedOnce sync.Once
|
||||
readMu sync.Mutex
|
||||
writeMu sync.Mutex
|
||||
err error
|
||||
closeCh chan struct{}
|
||||
}
|
||||
|
@ -79,6 +80,8 @@ func (c *conn) Read(b []byte) (n int, err error) {
|
|||
}
|
||||
|
||||
func (c *conn) Write(b []byte) (int, error) {
|
||||
c.writeMu.Lock()
|
||||
defer c.writeMu.Unlock()
|
||||
m := &controlapi.BytesMessage{Data: b}
|
||||
if err := c.stream.SendMsg(m); err != nil {
|
||||
return 0, err
|
||||
|
@ -93,7 +96,9 @@ func (c *conn) Close() (err error) {
|
|||
}()
|
||||
|
||||
if cs, ok := c.stream.(grpc.ClientStream); ok {
|
||||
c.writeMu.Lock()
|
||||
err = cs.CloseSend()
|
||||
c.writeMu.Unlock()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
@ -106,6 +111,7 @@ func (c *conn) Close() (err error) {
|
|||
err = c.stream.RecvMsg(m)
|
||||
if err != nil {
|
||||
if err != io.EOF {
|
||||
c.readMu.Unlock()
|
||||
return
|
||||
}
|
||||
err = nil
|
||||
|
|
2
vendor/github.com/moby/buildkit/session/manager.go
generated
vendored
2
vendor/github.com/moby/buildkit/session/manager.go
generated
vendored
|
@ -162,7 +162,9 @@ func (sm *Manager) Get(ctx context.Context, id string) (Caller, error) {
|
|||
go func() {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
sm.mu.Lock()
|
||||
sm.updateCondition.Broadcast()
|
||||
sm.mu.Unlock()
|
||||
}
|
||||
}()
|
||||
|
||||
|
|
2
vendor/github.com/moby/buildkit/solver/jobs.go
generated
vendored
2
vendor/github.com/moby/buildkit/solver/jobs.go
generated
vendored
|
@ -404,7 +404,9 @@ func (jl *Solver) Get(id string) (*Job, error) {
|
|||
|
||||
go func() {
|
||||
<-ctx.Done()
|
||||
jl.mu.Lock()
|
||||
jl.updateCond.Broadcast()
|
||||
jl.mu.Unlock()
|
||||
}()
|
||||
|
||||
jl.mu.RLock()
|
||||
|
|
4
vendor/github.com/moby/buildkit/util/progress/progress.go
generated
vendored
4
vendor/github.com/moby/buildkit/util/progress/progress.go
generated
vendored
|
@ -101,7 +101,9 @@ func (pr *progressReader) Read(ctx context.Context) ([]*Progress, error) {
|
|||
select {
|
||||
case <-done:
|
||||
case <-ctx.Done():
|
||||
pr.mu.Lock()
|
||||
pr.cond.Broadcast()
|
||||
pr.mu.Unlock()
|
||||
}
|
||||
}()
|
||||
pr.mu.Lock()
|
||||
|
@ -163,7 +165,9 @@ func pipe() (*progressReader, *progressWriter, func()) {
|
|||
pr.cond = sync.NewCond(&pr.mu)
|
||||
go func() {
|
||||
<-ctx.Done()
|
||||
pr.mu.Lock()
|
||||
pr.cond.Broadcast()
|
||||
pr.mu.Unlock()
|
||||
}()
|
||||
pw := &progressWriter{
|
||||
reader: pr,
|
||||
|
|
Loading…
Reference in a new issue