Update buildkit

- updated buildkit to current code in master via:

  go mod edit -require github.com/moby/buildkit@master && go mod tidy && ./hack/update-vendor

Signed-off-by: Alex Couture-Beil <alex@earthly.dev>

vendor/github.com/containerd/containerd/content/adaptor.go

@@ -22,7 +22,7 @@ import (
 	"github.com/containerd/containerd/filters"
 )
 
-// AdoptInfo returns `filters.Adaptor` that handles `content.Info`.
+// AdaptInfo returns `filters.Adaptor` that handles `content.Info`.
 func AdaptInfo(info Info) filters.Adaptor {
 	return filters.AdapterFunc(func(fieldpath []string) (string, bool) {
 		if len(fieldpath) == 0 {

vendor/github.com/containerd/containerd/remotes/docker/pusher.go

@@ -354,7 +354,7 @@ func (pw *pushWriter) Commit(ctx context.Context, size int64, expected digest.Di
 	switch resp.StatusCode {
 	case http.StatusOK, http.StatusCreated, http.StatusNoContent, http.StatusAccepted:
 	default:
-		return errors.Errorf("unexpected status: %s", resp.Status)
+		return remoteserrors.NewUnexpectedStatusErr(resp.Response)
 	}
 
 	status, err := pw.tracker.GetStatus(pw.ref)

vendor/github.com/containerd/containerd/remotes/docker/registry.go

@@ -56,6 +56,7 @@ const (
 	// Reserved for future capabilities (i.e. search, catalog, remove)
 )
 
+// Has checks whether the capabilities list has the provide capability
 func (c HostCapabilities) Has(t HostCapabilities) bool {
 	return c&t == t
 }

vendor/github.com/containerd/containerd/remotes/errors/errors.go

@@ -27,9 +27,10 @@ var _ error = ErrUnexpectedStatus{}
 
 // ErrUnexpectedStatus is returned if a registry API request returned with unexpected HTTP status
 type ErrUnexpectedStatus struct {
-	Status     string
-	StatusCode int
-	Body       []byte
+	Status                    string
+	StatusCode                int
+	Body                      []byte
+	RequestURL, RequestMethod string
 }
 
 func (e ErrUnexpectedStatus) Error() string {
@@ -42,5 +43,14 @@ func NewUnexpectedStatusErr(resp *http.Response) error {
 	if resp.Body != nil {
 		b, _ = ioutil.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB
 	}
-	return ErrUnexpectedStatus{Status: resp.Status, StatusCode: resp.StatusCode, Body: b}
+	err := ErrUnexpectedStatus{
+		Body:          b,
+		Status:        resp.Status,
+		StatusCode:    resp.StatusCode,
+		RequestMethod: resp.Request.Method,
+	}
+	if resp.Request.URL != nil {
+		err.RequestURL = resp.Request.URL.String()
+	}
+	return err
 }

vendor/github.com/containerd/containerd/remotes/handlers.go

@@ -115,6 +115,12 @@ func fetch(ctx context.Context, ingester content.Ingester, fetcher Fetcher, desc
 		return err
 	}
 
+	if desc.Size == 0 {
+		// most likely a poorly configured registry/web front end which responded with no
+		// Content-Length header; unable (not to mention useless) to commit a 0-length entry
+		// into the content store. Error out here otherwise the error sent back is confusing
+		return errors.Wrapf(errdefs.ErrInvalidArgument, "unable to fetch descriptor (%s) which reports content size of zero", desc.Digest)
+	}
 	if ws.Offset == desc.Size {
 		// If writer is already complete, commit and return
 		err := cw.Commit(ctx, desc.Size, desc.Digest)

vendor/github.com/containerd/containerd/version/version.go

@@ -23,7 +23,7 @@ var (
 	Package = "github.com/containerd/containerd"
 
 	// Version holds the complete version number. Filled in at linking time.
-	Version = "1.5.0-beta.3+unknown"
+	Version = "1.5.0-beta.4+unknown"
 
 	// Revision is filled with the VCS (e.g. git) revision being used to build
 	// the program at linking time.

vendor/github.com/docker/cli/cli/context/store/store.go

@@ -7,19 +7,24 @@ import (
 	"bytes"
 	_ "crypto/sha256" // ensure ids can be computed
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"path"
 	"path/filepath"
+	"regexp"
 	"strings"
 
 	"github.com/docker/docker/errdefs"
 	digest "github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
 )
 
+const restrictedNamePattern = "^[a-zA-Z0-9][a-zA-Z0-9_.+-]+$"
+
+var restrictedNameRegEx = regexp.MustCompile(restrictedNamePattern)
+
 // Store provides a context store for easily remembering endpoints configuration
 type Store interface {
 	Reader
@@ -184,6 +189,20 @@ func (s *store) GetStorageInfo(contextName string) StorageInfo {
 	}
 }
 
+// ValidateContextName checks a context name is valid.
+func ValidateContextName(name string) error {
+	if name == "" {
+		return errors.New("context name cannot be empty")
+	}
+	if name == "default" {
+		return errors.New(`"default" is a reserved context name`)
+	}
+	if !restrictedNameRegEx.MatchString(name) {
+		return fmt.Errorf("context name %q is invalid, names are validated against regexp %q", name, restrictedNamePattern)
+	}
+	return nil
+}
+
 // Export exports an existing namespace into an opaque data stream
 // This stream is actually a tarball containing context metadata and TLS materials, but it does
 // not map 1:1 the layout of the context store (don't try to restore it manually without calling store.Import)
@@ -295,6 +314,19 @@ func Import(name string, s Writer, reader io.Reader) error {
 	}
 }
 
+func isValidFilePath(p string) error {
+	if p != metaFile && !strings.HasPrefix(p, "tls/") {
+		return errors.New("unexpected context file")
+	}
+	if path.Clean(p) != p {
+		return errors.New("unexpected path format")
+	}
+	if strings.Contains(p, `\`) {
+		return errors.New(`unexpected '\' in path`)
+	}
+	return nil
+}
+
 func importTar(name string, s Writer, reader io.Reader) error {
 	tr := tar.NewReader(&LimitedReader{R: reader, N: maxAllowedFileSizeToImport})
 	tlsData := ContextTLSData{
@@ -309,10 +341,13 @@ func importTar(name string, s Writer, reader io.Reader) error {
 		if err != nil {
 			return err
 		}
-		if hdr.Typeflag == tar.TypeDir {
+		if hdr.Typeflag != tar.TypeReg {
 			// skip this entry, only taking files into account
 			continue
 		}
+		if err := isValidFilePath(hdr.Name); err != nil {
+			return errors.Wrap(err, hdr.Name)
+		}
 		if hdr.Name == metaFile {
 			data, err := ioutil.ReadAll(tr)
 			if err != nil {
@@ -358,10 +393,13 @@ func importZip(name string, s Writer, reader io.Reader) error {
 	var importedMetaFile bool
 	for _, zf := range zr.File {
 		fi := zf.FileInfo()
-		if fi.IsDir() {
-			// skip this entry, only taking files into account
+		if !fi.Mode().IsRegular() {
+			// skip this entry, only taking regular files into account
 			continue
 		}
+		if err := isValidFilePath(zf.Name); err != nil {
+			return errors.Wrap(err, zf.Name)
+		}
 		if zf.Name == metaFile {
 			f, err := zf.Open()
 			if err != nil {
@@ -408,6 +446,9 @@ func parseMetadata(data []byte, name string) (Metadata, error) {
 	if err := json.Unmarshal(data, &meta); err != nil {
 		return meta, err
 	}
+	if err := ValidateContextName(name); err != nil {
+		return Metadata{}, err
+	}
 	meta.Name = name
 	return meta, nil
 }

vendor/github.com/docker/docker/api/swagger.yaml

@@ -560,7 +560,7 @@ definitions:
         format: "int64"
         minimum: 0
         maximum: 100
-      NanoCPUs:
+      NanoCpus:
         description: "CPU quota in units of 10<sup>-9</sup> CPUs."
         type: "integer"
         format: "int64"
@@ -5466,7 +5466,7 @@ paths:
                 MemorySwap: 0
                 MemoryReservation: 0
                 KernelMemory: 0
-                NanoCPUs: 500000
+                NanoCpus: 500000
                 CpuPercent: 80
                 CpuShares: 512
                 CpuPeriod: 100000
@@ -7310,7 +7310,7 @@ paths:
 
 
             For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
-            the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
+            query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
 
 
             [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)

vendor/github.com/docker/docker/errdefs/helpers.go

@@ -10,6 +10,10 @@ func (e errNotFound) Cause() error {
 	return e.error
 }
 
+func (e errNotFound) Unwrap() error {
+	return e.error
+}
+
 // NotFound is a helper to create an error of the class with the same name from any error type
 func NotFound(err error) error {
 	if err == nil || IsNotFound(err) {
@@ -26,6 +30,10 @@ func (e errInvalidParameter) Cause() error {
 	return e.error
 }
 
+func (e errInvalidParameter) Unwrap() error {
+	return e.error
+}
+
 // InvalidParameter is a helper to create an error of the class with the same name from any error type
 func InvalidParameter(err error) error {
 	if err == nil || IsInvalidParameter(err) {
@@ -42,6 +50,10 @@ func (e errConflict) Cause() error {
 	return e.error
 }
 
+func (e errConflict) Unwrap() error {
+	return e.error
+}
+
 // Conflict is a helper to create an error of the class with the same name from any error type
 func Conflict(err error) error {
 	if err == nil || IsConflict(err) {
@@ -58,6 +70,10 @@ func (e errUnauthorized) Cause() error {
 	return e.error
 }
 
+func (e errUnauthorized) Unwrap() error {
+	return e.error
+}
+
 // Unauthorized is a helper to create an error of the class with the same name from any error type
 func Unauthorized(err error) error {
 	if err == nil || IsUnauthorized(err) {
@@ -74,6 +90,10 @@ func (e errUnavailable) Cause() error {
 	return e.error
 }
 
+func (e errUnavailable) Unwrap() error {
+	return e.error
+}
+
 // Unavailable is a helper to create an error of the class with the same name from any error type
 func Unavailable(err error) error {
 	if err == nil || IsUnavailable(err) {
@@ -90,6 +110,10 @@ func (e errForbidden) Cause() error {
 	return e.error
 }
 
+func (e errForbidden) Unwrap() error {
+	return e.error
+}
+
 // Forbidden is a helper to create an error of the class with the same name from any error type
 func Forbidden(err error) error {
 	if err == nil || IsForbidden(err) {
@@ -106,6 +130,10 @@ func (e errSystem) Cause() error {
 	return e.error
 }
 
+func (e errSystem) Unwrap() error {
+	return e.error
+}
+
 // System is a helper to create an error of the class with the same name from any error type
 func System(err error) error {
 	if err == nil || IsSystem(err) {
@@ -122,6 +150,10 @@ func (e errNotModified) Cause() error {
 	return e.error
 }
 
+func (e errNotModified) Unwrap() error {
+	return e.error
+}
+
 // NotModified is a helper to create an error of the class with the same name from any error type
 func NotModified(err error) error {
 	if err == nil || IsNotModified(err) {
@@ -138,6 +170,10 @@ func (e errNotImplemented) Cause() error {
 	return e.error
 }
 
+func (e errNotImplemented) Unwrap() error {
+	return e.error
+}
+
 // NotImplemented is a helper to create an error of the class with the same name from any error type
 func NotImplemented(err error) error {
 	if err == nil || IsNotImplemented(err) {
@@ -154,6 +190,10 @@ func (e errUnknown) Cause() error {
 	return e.error
 }
 
+func (e errUnknown) Unwrap() error {
+	return e.error
+}
+
 // Unknown is a helper to create an error of the class with the same name from any error type
 func Unknown(err error) error {
 	if err == nil || IsUnknown(err) {
@@ -170,6 +210,10 @@ func (e errCancelled) Cause() error {
 	return e.error
 }
 
+func (e errCancelled) Unwrap() error {
+	return e.error
+}
+
 // Cancelled is a helper to create an error of the class with the same name from any error type
 func Cancelled(err error) error {
 	if err == nil || IsCancelled(err) {
@@ -186,6 +230,10 @@ func (e errDeadline) Cause() error {
 	return e.error
 }
 
+func (e errDeadline) Unwrap() error {
+	return e.error
+}
+
 // Deadline is a helper to create an error of the class with the same name from any error type
 func Deadline(err error) error {
 	if err == nil || IsDeadline(err) {
@@ -202,6 +250,10 @@ func (e errDataLoss) Cause() error {
 	return e.error
 }
 
+func (e errDataLoss) Unwrap() error {
+	return e.error
+}
+
 // DataLoss is a helper to create an error of the class with the same name from any error type
 func DataLoss(err error) error {
 	if err == nil || IsDataLoss(err) {

vendor/github.com/moby/buildkit/client/llb/source.go

@@ -11,6 +11,7 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/apicaps"
+	"github.com/moby/buildkit/util/gitutil"
 	"github.com/moby/buildkit/util/sshutil"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
@@ -198,52 +199,14 @@ type ImageInfo struct {
 	RecordType    string
 }
 
-const (
-	gitProtocolHTTP = iota + 1
-	gitProtocolHTTPS
-	gitProtocolSSH
-	gitProtocolGit
-	gitProtocolUnknown
-)
-
-func getGitProtocol(remote string) (string, int) {
-	prefixes := map[string]int{
-		"http://":  gitProtocolHTTP,
-		"https://": gitProtocolHTTPS,
-		"git://":   gitProtocolGit,
-		"ssh://":   gitProtocolSSH,
-	}
-	protocolType := gitProtocolUnknown
-	for prefix, potentialType := range prefixes {
-		if strings.HasPrefix(remote, prefix) {
-			remote = strings.TrimPrefix(remote, prefix)
-			protocolType = potentialType
-		}
-	}
-
-	if protocolType == gitProtocolUnknown && sshutil.IsImplicitSSHTransport(remote) {
-		protocolType = gitProtocolSSH
-	}
-
-	// remove name from ssh
-	if protocolType == gitProtocolSSH {
-		parts := strings.SplitN(remote, "@", 2)
-		if len(parts) == 2 {
-			remote = parts[1]
-		}
-	}
-
-	return remote, protocolType
-}
-
 func Git(remote, ref string, opts ...GitOption) State {
 	url := strings.Split(remote, "#")[0]
 
 	var protocolType int
-	remote, protocolType = getGitProtocol(remote)
+	remote, protocolType = gitutil.ParseProtocol(remote)
 
 	var sshHost string
-	if protocolType == gitProtocolSSH {
+	if protocolType == gitutil.SSHProtocol {
 		parts := strings.SplitN(remote, ":", 2)
 		if len(parts) == 2 {
 			sshHost = parts[0]
@@ -251,7 +214,7 @@ func Git(remote, ref string, opts ...GitOption) State {
 			remote = parts[0] + "/" + parts[1]
 		}
 	}
-	if protocolType == gitProtocolUnknown {
+	if protocolType == gitutil.UnknownProtocol {
 		url = "https://" + url
 	}
 
@@ -289,7 +252,7 @@ func Git(remote, ref string, opts ...GitOption) State {
 			addCap(&gi.Constraints, pb.CapSourceGitHTTPAuth)
 		}
 	}
-	if protocolType == gitProtocolSSH {
+	if protocolType == gitutil.SSHProtocol {
 		if gi.KnownSSHHosts != "" {
 			attrs[pb.AttrKnownSSHHosts] = gi.KnownSSHHosts
 		} else if sshHost != "" {

vendor/github.com/moby/buildkit/session/auth/authprovider/tokenseed.go

@@ -53,9 +53,8 @@ func (ts *tokenSeeds) getSeed(host string) ([]byte, error) {
 			return nil, err
 		}
 	} else {
-		if err := json.Unmarshal(dt, &ts.m); err != nil {
-			return nil, errors.Wrapf(err, "failed to parse %s", fp)
-		}
+		// ignore error in case of crash during previous marshal
+		_ = json.Unmarshal(dt, &ts.m)
 	}
 	v, ok := ts.m[host]
 	if !ok {

vendor/github.com/moby/buildkit/util/gitutil/git_protocol.go

@@ -0,0 +1,46 @@
+package gitutil
+
+import (
+	"strings"
+
+	"github.com/moby/buildkit/util/sshutil"
+)
+
+const (
+	HTTPProtocol = iota + 1
+	HTTPSProtocol
+	SSHProtocol
+	GitProtocol
+	UnknownProtocol
+)
+
+// ParseProtocol parses a git URL and returns the remote url and protocol type
+func ParseProtocol(remote string) (string, int) {
+	prefixes := map[string]int{
+		"http://":  HTTPProtocol,
+		"https://": HTTPSProtocol,
+		"git://":   GitProtocol,
+		"ssh://":   SSHProtocol,
+	}
+	protocolType := UnknownProtocol
+	for prefix, potentialType := range prefixes {
+		if strings.HasPrefix(remote, prefix) {
+			remote = strings.TrimPrefix(remote, prefix)
+			protocolType = potentialType
+		}
+	}
+
+	if protocolType == UnknownProtocol && sshutil.IsImplicitSSHTransport(remote) {
+		protocolType = SSHProtocol
+	}
+
+	// remove name from ssh
+	if protocolType == SSHProtocol {
+		parts := strings.SplitN(remote, "@", 2)
+		if len(parts) == 2 {
+			remote = parts[1]
+		}
+	}
+
+	return remote, protocolType
+}

vendor/github.com/moby/term/go.mod

@@ -4,7 +4,7 @@ go 1.13
 
 require (
 	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78
-	github.com/creack/pty v1.1.9
+	github.com/creack/pty v1.1.11
 	github.com/google/go-cmp v0.4.0
 	github.com/pkg/errors v0.9.1 // indirect
 	golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a

vendor/github.com/moby/term/go.sum

@@ -1,7 +1,7 @@
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/creack/pty v1.1.9 h1:uDmaGzcdjhF4i/plgjmEsriH11Y0o7RKapEf/LDaM3w=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
+github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=

vendor/github.com/moby/term/term_windows.go

@@ -71,19 +71,22 @@ func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) {
 	// go-ansiterm hasn't switch to x/sys/windows.
 	// TODO: switch back to x/sys/windows once go-ansiterm has switched
 	if emulateStdin {
-		stdIn = windowsconsole.NewAnsiReader(windows.STD_INPUT_HANDLE)
+		h := uint32(windows.STD_INPUT_HANDLE)
+		stdIn = windowsconsole.NewAnsiReader(int(h))
 	} else {
 		stdIn = os.Stdin
 	}
 
 	if emulateStdout {
-		stdOut = windowsconsole.NewAnsiWriter(windows.STD_OUTPUT_HANDLE)
+		h := uint32(windows.STD_OUTPUT_HANDLE)
+		stdOut = windowsconsole.NewAnsiWriter(int(h))
 	} else {
 		stdOut = os.Stdout
 	}
 
 	if emulateStderr {
-		stdErr = windowsconsole.NewAnsiWriter(windows.STD_ERROR_HANDLE)
+		h := uint32(windows.STD_ERROR_HANDLE)
+		stdErr = windowsconsole.NewAnsiWriter(int(h))
 	} else {
 		stdErr = os.Stderr
 	}