beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #44456 from thaJeztah/22.06_backport_bump_buildkit_v0.10.6

Browse source 
[22.06 backport] vendor: github.com/moby/buildkit v0.10.6
This commit is contained in:
Akihiro Suda 2022-11-15 10:23:56 +09:00 committed by GitHub
commit f476deac40
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 41 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/buildkit.yml vendored
View file

@ -71,7 +71,7 @@ jobs:
./hack/go-mod-prepare.sh ./hack/go-mod-prepare.sh
# FIXME(thaJeztah) temporarily overriding version to use for tests; remove with the next release of buildkit # FIXME(thaJeztah) temporarily overriding version to use for tests; remove with the next release of buildkit
# echo "BUILDKIT_REF=$(./hack/buildkit-ref)" >> $GITHUB_ENV # echo "BUILDKIT_REF=$(./hack/buildkit-ref)" >> $GITHUB_ENV
echo "BUILDKIT_REF=e27c8e24bb9ee92a170567b8b597201925ae9b8a" >> $GITHUB_ENV echo "BUILDKIT_REF=4febae4f874bd8ef52dec30e988c8fe0bc96b3b9" >> $GITHUB_ENV
working-directory: moby working-directory: moby
- -
name: Checkout BuildKit ${{ env.BUILDKIT_REF }} name: Checkout BuildKit ${{ env.BUILDKIT_REF }}

4
vendor.mod
View file

@ -49,7 +49,7 @@ require (
github.com/klauspost/compress v1.15.9 github.com/klauspost/compress v1.15.9
github.com/miekg/dns v1.1.27 github.com/miekg/dns v1.1.27
github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
github.com/moby/buildkit v0.10.5 github.com/moby/buildkit v0.10.6
github.com/moby/ipvs v1.0.2 github.com/moby/ipvs v1.0.2
github.com/moby/locker v1.0.1 github.com/moby/locker v1.0.1
github.com/moby/patternmatcher v0.5.0 github.com/moby/patternmatcher v0.5.0
@ -75,7 +75,7 @@ require (
github.com/spf13/cobra v1.1.3 github.com/spf13/cobra v1.1.3
github.com/spf13/pflag v1.0.5 github.com/spf13/pflag v1.0.5
github.com/tchap/go-patricia v2.3.0+incompatible github.com/tchap/go-patricia v2.3.0+incompatible
github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274 github.com/tonistiigi/fsutil v0.0.0-20220315205639-9ed612626da3
github.com/tonistiigi/go-archvariant v1.0.0 github.com/tonistiigi/go-archvariant v1.0.0
github.com/vbatts/tar-split v0.11.2 github.com/vbatts/tar-split v0.11.2
github.com/vishvananda/netlink v1.2.1-beta.2 github.com/vishvananda/netlink v1.2.1-beta.2

8
vendor.sum
View file

@ -766,8 +766,8 @@ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0Qu
github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
github.com/moby/buildkit v0.10.5 h1:d9krS/lG3dn6N7y+R8o9PTgIixlYAaDk35f3/B4jZOw= github.com/moby/buildkit v0.10.6 h1:DJlEuLIgnu34HQKF4n9Eg6q2YqQVC0eOpMb4p2eRS2w=
github.com/moby/buildkit v0.10.5/go.mod h1:Yajz9vt1Zw5q9Pp4pdb3TCSUXJBIroIQGQ3TTs/sLug= github.com/moby/buildkit v0.10.6/go.mod h1:tQuuyTWtOb9D+RE425cwOCUkX0/oZ+5iBZ+uWpWQ9bU=
github.com/moby/ipvs v1.0.2 h1:NSbzuRTvfneftLU3VwPU5QuA6NZ0IUmqq9+VHcQxqHw= github.com/moby/ipvs v1.0.2 h1:NSbzuRTvfneftLU3VwPU5QuA6NZ0IUmqq9+VHcQxqHw=
github.com/moby/ipvs v1.0.2/go.mod h1:2pngiyseZbIKXNv7hsKj3O9UEz30c53MT9005gt2hxQ= github.com/moby/ipvs v1.0.2/go.mod h1:2pngiyseZbIKXNv7hsKj3O9UEz30c53MT9005gt2hxQ=
github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
@ -1027,8 +1027,8 @@ github.com/tinylib/msgp v1.1.0/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDW
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274 h1:wbyZxD6IPFp0sl5uscMOJRsz5UKGFiNiD16e+MVfKZY= github.com/tonistiigi/fsutil v0.0.0-20220315205639-9ed612626da3 h1:T1pEe+WB3SCPVAfVquvfPfagKZU2Z8c1OP3SuGB+id0=
github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274/go.mod h1:oPAfvw32vlUJSjyDcQ3Bu0nb2ON2B+G0dtVN/SZNJiA= github.com/tonistiigi/fsutil v0.0.0-20220315205639-9ed612626da3/go.mod h1:oPAfvw32vlUJSjyDcQ3Bu0nb2ON2B+G0dtVN/SZNJiA=
github.com/tonistiigi/go-archvariant v1.0.0 h1:5LC1eDWiBNflnTF1prCiX09yfNHIxDC/aukdhCdTyb0= github.com/tonistiigi/go-archvariant v1.0.0 h1:5LC1eDWiBNflnTF1prCiX09yfNHIxDC/aukdhCdTyb0=
github.com/tonistiigi/go-archvariant v1.0.0/go.mod h1:TxFmO5VS6vMq2kvs3ht04iPXtu2rUT/erOnGFYfk5Ho= github.com/tonistiigi/go-archvariant v1.0.0/go.mod h1:TxFmO5VS6vMq2kvs3ht04iPXtu2rUT/erOnGFYfk5Ho=
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea h1:SXhTLE6pb6eld/v/cCndK0AMpt1wiVFb/YYmqB3/QG0= github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea h1:SXhTLE6pb6eld/v/cCndK0AMpt1wiVFb/YYmqB3/QG0=

4
vendor/github.com/moby/buildkit/executor/oci/spec.go generated vendored
View file

@ -50,7 +50,7 @@ func (pm ProcessMode) String() string {
// GenerateSpec generates spec using containerd functionality. // GenerateSpec generates spec using containerd functionality.
// opts are ignored for s.Process, s.Hostname, and s.Mounts . // opts are ignored for s.Process, s.Hostname, and s.Mounts .
func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, id, resolvConf, hostsFile string, namespace network.Namespace, cgroupParent string, processMode ProcessMode, idmap *idtools.IdentityMapping, apparmorProfile string, tracingSocket string, opts ...oci.SpecOpts) (*specs.Spec, func(), error) { func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, id, resolvConf, hostsFile string, namespace network.Namespace, cgroupParent string, processMode ProcessMode, idmap *idtools.IdentityMapping, apparmorProfile string, selinuxB bool, tracingSocket string, opts ...oci.SpecOpts) (*specs.Spec, func(), error) {
c := &containers.Container{ c := &containers.Container{
ID: id, ID: id,
} }
@ -81,7 +81,7 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou
return nil, nil, err return nil, nil, err
} }
if securityOpts, err := generateSecurityOpts(meta.SecurityMode, apparmorProfile); err == nil { if securityOpts, err := generateSecurityOpts(meta.SecurityMode, apparmorProfile, selinuxB); err == nil {
opts = append(opts, securityOpts...) opts = append(opts, securityOpts...)
} else { } else {
return nil, nil, err return nil, nil, err

11
vendor/github.com/moby/buildkit/executor/oci/spec_unix.go generated vendored
View file

@ -16,7 +16,9 @@ import (
"github.com/moby/buildkit/solver/pb" "github.com/moby/buildkit/solver/pb"
"github.com/moby/buildkit/util/entitlements/security" "github.com/moby/buildkit/util/entitlements/security"
specs "github.com/opencontainers/runtime-spec/specs-go" specs "github.com/opencontainers/runtime-spec/specs-go"
selinux "github.com/opencontainers/selinux/go-selinux"
"github.com/opencontainers/selinux/go-selinux/label" "github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
) )
func generateMountOpts(resolvConf, hostsFile string) ([]oci.SpecOpts, error) { func generateMountOpts(resolvConf, hostsFile string) ([]oci.SpecOpts, error) {
@ -30,7 +32,10 @@ func generateMountOpts(resolvConf, hostsFile string) ([]oci.SpecOpts, error) {
} }
// generateSecurityOpts may affect mounts, so must be called after generateMountOpts // generateSecurityOpts may affect mounts, so must be called after generateMountOpts
func generateSecurityOpts(mode pb.SecurityMode, apparmorProfile string) (opts []oci.SpecOpts, _ error) { func generateSecurityOpts(mode pb.SecurityMode, apparmorProfile string, selinuxB bool) (opts []oci.SpecOpts, _ error) {
if selinuxB && !selinux.GetEnabled() {
return nil, errors.New("selinux is not available")
}
switch mode { switch mode {
case pb.SecurityMode_INSECURE: case pb.SecurityMode_INSECURE:
return []oci.SpecOpts{ return []oci.SpecOpts{
@ -39,7 +44,9 @@ func generateSecurityOpts(mode pb.SecurityMode, apparmorProfile string) (opts []
oci.WithWriteableSysfs, oci.WithWriteableSysfs,
func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error {
var err error var err error
if selinuxB {
s.Process.SelinuxLabel, s.Linux.MountLabel, err = label.InitLabels([]string{"disable"}) s.Process.SelinuxLabel, s.Linux.MountLabel, err = label.InitLabels([]string{"disable"})
}
return err return err
}, },
}, nil }, nil
@ -52,7 +59,9 @@ func generateSecurityOpts(mode pb.SecurityMode, apparmorProfile string) (opts []
} }
opts = append(opts, func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { opts = append(opts, func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error {
var err error var err error
if selinuxB {
s.Process.SelinuxLabel, s.Linux.MountLabel, err = label.InitLabels(nil) s.Process.SelinuxLabel, s.Linux.MountLabel, err = label.InitLabels(nil)
}
return err return err
}) })
return opts, nil return opts, nil

2
vendor/github.com/moby/buildkit/executor/oci/spec_windows.go generated vendored
View file

@ -15,7 +15,7 @@ func generateMountOpts(resolvConf, hostsFile string) ([]oci.SpecOpts, error) {
} }
// generateSecurityOpts may affect mounts, so must be called after generateMountOpts // generateSecurityOpts may affect mounts, so must be called after generateMountOpts
func generateSecurityOpts(mode pb.SecurityMode, apparmorProfile string) ([]oci.SpecOpts, error) { func generateSecurityOpts(mode pb.SecurityMode, apparmorProfile string, selinuxB bool) ([]oci.SpecOpts, error) {
if mode == pb.SecurityMode_INSECURE { if mode == pb.SecurityMode_INSECURE {
return nil, errors.New("no support for running in insecure mode on Windows") return nil, errors.New("no support for running in insecure mode on Windows")
} }

5
vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go generated vendored
View file

@ -48,6 +48,7 @@ type Opt struct {
DNS *oci.DNSConfig DNS *oci.DNSConfig
OOMScoreAdj *int OOMScoreAdj *int
ApparmorProfile string ApparmorProfile string
SELinux bool
TracingSocket string TracingSocket string
} }
@ -67,6 +68,7 @@ type runcExecutor struct {
running map[string]chan error running map[string]chan error
mu sync.Mutex mu sync.Mutex
apparmorProfile string apparmorProfile string
selinux bool
tracingSocket string tracingSocket string
} }
@ -131,6 +133,7 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex
oomScoreAdj: opt.OOMScoreAdj, oomScoreAdj: opt.OOMScoreAdj,
running: make(map[string]chan error), running: make(map[string]chan error),
apparmorProfile: opt.ApparmorProfile, apparmorProfile: opt.ApparmorProfile,
selinux: opt.SELinux,
tracingSocket: opt.TracingSocket, tracingSocket: opt.TracingSocket,
} }
return w, nil return w, nil
@ -251,7 +254,7 @@ func (w *runcExecutor) Run(ctx context.Context, id string, root executor.Mount,
} }
} }
spec, cleanup, err := oci.GenerateSpec(ctx, meta, mounts, id, resolvConf, hostsFile, namespace, w.cgroupParent, w.processMode, w.idmap, w.apparmorProfile, w.tracingSocket, opts...) spec, cleanup, err := oci.GenerateSpec(ctx, meta, mounts, id, resolvConf, hostsFile, namespace, w.cgroupParent, w.processMode, w.idmap, w.apparmorProfile, w.selinux, w.tracingSocket, opts...)
if err != nil { if err != nil {
return err return err
} }

13
vendor/github.com/moby/buildkit/worker/worker.go generated vendored
View file

@ -41,16 +41,3 @@ type Infos interface {
GetDefault() (Worker, error) GetDefault() (Worker, error)
WorkerInfos() []client.WorkerInfo WorkerInfos() []client.WorkerInfo
} }
// Pre-defined label keys
const (
labelPrefix = "org.mobyproject.buildkit.worker."
LabelExecutor = labelPrefix + "executor" // "oci" or "containerd"
LabelSnapshotter = labelPrefix + "snapshotter" // containerd snapshotter name ("overlay", "native", ...)
LabelHostname = labelPrefix + "hostname"
LabelNetwork = labelPrefix + "network" // "cni" or "host"
LabelApparmorProfile = labelPrefix + "apparmor.profile"
LabelOCIProcessMode = labelPrefix + "oci.process-mode" // OCI worker: process mode ("sandbox", "no-sandbox")
LabelContainerdUUID = labelPrefix + "containerd.uuid" // containerd worker: containerd UUID
LabelContainerdNamespace = labelPrefix + "containerd.namespace" // containerd worker: containerd namespace
)

20
vendor/github.com/tonistiigi/fsutil/walker.go generated vendored
View file

@ -123,7 +123,13 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
return nil return nil
} }
var dir visitedDir var (
dir visitedDir
isDir bool
)
if fi != nil {
isDir = fi.IsDir()
}
if includeMatcher != nil || excludeMatcher != nil { if includeMatcher != nil || excludeMatcher != nil {
for len(parentDirs) != 0 { for len(parentDirs) != 0 {
@ -134,7 +140,7 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
parentDirs = parentDirs[:len(parentDirs)-1] parentDirs = parentDirs[:len(parentDirs)-1]
} }
if fi.IsDir() { if isDir {
dir = visitedDir{ dir = visitedDir{
fi: fi, fi: fi,
path: path, path: path,
@ -156,12 +162,12 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
return errors.Wrap(err, "failed to match includepatterns") return errors.Wrap(err, "failed to match includepatterns")
} }
if fi.IsDir() { if isDir {
dir.includeMatchInfo = matchInfo dir.includeMatchInfo = matchInfo
} }
if !m { if !m {
if fi.IsDir() && onlyPrefixIncludes { if isDir && onlyPrefixIncludes {
// Optimization: we can skip walking this dir if no include // Optimization: we can skip walking this dir if no include
// patterns could match anything inside it. // patterns could match anything inside it.
dirSlash := path + string(filepath.Separator) dirSlash := path + string(filepath.Separator)
@ -191,12 +197,12 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
return errors.Wrap(err, "failed to match excludepatterns") return errors.Wrap(err, "failed to match excludepatterns")
} }
if fi.IsDir() { if isDir {
dir.excludeMatchInfo = matchInfo dir.excludeMatchInfo = matchInfo
} }
if m { if m {
if fi.IsDir() && onlyPrefixExcludeExceptions { if isDir && onlyPrefixExcludeExceptions {
// Optimization: we can skip walking this dir if no // Optimization: we can skip walking this dir if no
// exceptions to exclude patterns could match anything // exceptions to exclude patterns could match anything
// inside it. // inside it.
@ -230,7 +236,7 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
if includeMatcher != nil || excludeMatcher != nil { if includeMatcher != nil || excludeMatcher != nil {
defer func() { defer func() {
if fi.IsDir() { if isDir {
parentDirs = append(parentDirs, dir) parentDirs = append(parentDirs, dir)
} }
}() }()

4
vendor/modules.txt vendored
View file

@ -476,7 +476,7 @@ github.com/mistifyio/go-zfs
# github.com/mitchellh/hashstructure/v2 v2.0.2 # github.com/mitchellh/hashstructure/v2 v2.0.2
## explicit; go 1.14 ## explicit; go 1.14
github.com/mitchellh/hashstructure/v2 github.com/mitchellh/hashstructure/v2
# github.com/moby/buildkit v0.10.5 # github.com/moby/buildkit v0.10.6
## explicit; go 1.17 ## explicit; go 1.17
github.com/moby/buildkit/api/services/control github.com/moby/buildkit/api/services/control
github.com/moby/buildkit/api/types github.com/moby/buildkit/api/types
@ -770,7 +770,7 @@ github.com/tchap/go-patricia/patricia
# github.com/tinylib/msgp v1.1.0 # github.com/tinylib/msgp v1.1.0
## explicit ## explicit
github.com/tinylib/msgp/msgp github.com/tinylib/msgp/msgp
# github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274 # github.com/tonistiigi/fsutil v0.0.0-20220315205639-9ed612626da3
## explicit; go 1.13 ## explicit; go 1.13
github.com/tonistiigi/fsutil github.com/tonistiigi/fsutil
github.com/tonistiigi/fsutil/copy github.com/tonistiigi/fsutil/copy