Update buildkit

- updated buildkit to current code in master via: go mod edit -require github.com/moby/buildkit@master && go mod tidy && ./hack/update-vendor Signed-off-by: Alex Couture-Beil <alex@earthly.dev>
2025-07-16 16:37:10 +08:00 · 2021-04-01 16:38:16 -07:00
parent eec843a325
commit 0b984e429b
309 changed files with 13012 additions and 655 deletions
--- a/vendor/github.com/docker/cli/cli/context/store/store.go
+++ b/vendor/github.com/docker/cli/cli/context/store/store.go
@ -7,19 +7,24 @@ import (
 	"bytes"
 	_ "crypto/sha256" // ensure ids can be computed
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"path"
 	"path/filepath"
+	"regexp"
 	"strings"

 	"github.com/docker/docker/errdefs"
 	digest "github.com/opencontainers/go-digest"
+	"github.com/pkg/errors"
 )

+const restrictedNamePattern = "^[a-zA-Z0-9][a-zA-Z0-9_.+-]+$"
+
+var restrictedNameRegEx = regexp.MustCompile(restrictedNamePattern)
+
 // Store provides a context store for easily remembering endpoints configuration
 type Store interface {
 	Reader
@ -184,6 +189,20 @@ func (s *store) GetStorageInfo(contextName string) StorageInfo {
 	}
 }

+// ValidateContextName checks a context name is valid.
+func ValidateContextName(name string) error {
+	if name == "" {
+		return errors.New("context name cannot be empty")
+	}
+	if name == "default" {
+		return errors.New(`"default" is a reserved context name`)
+	}
+	if !restrictedNameRegEx.MatchString(name) {
+		return fmt.Errorf("context name %q is invalid, names are validated against regexp %q", name, restrictedNamePattern)
+	}
+	return nil
+}
+
 // Export exports an existing namespace into an opaque data stream
 // This stream is actually a tarball containing context metadata and TLS materials, but it does
 // not map 1:1 the layout of the context store (don't try to restore it manually without calling store.Import)
@ -295,6 +314,19 @@ func Import(name string, s Writer, reader io.Reader) error {
 	}
 }

+func isValidFilePath(p string) error {
+	if p != metaFile && !strings.HasPrefix(p, "tls/") {
+		return errors.New("unexpected context file")
+	}
+	if path.Clean(p) != p {
+		return errors.New("unexpected path format")
+	}
+	if strings.Contains(p, `\`) {
+		return errors.New(`unexpected '\' in path`)
+	}
+	return nil
+}
+
 func importTar(name string, s Writer, reader io.Reader) error {
 	tr := tar.NewReader(&LimitedReader{R: reader, N: maxAllowedFileSizeToImport})
 	tlsData := ContextTLSData{
@ -309,10 +341,13 @@ func importTar(name string, s Writer, reader io.Reader) error {
 		if err != nil {
 			return err
 		}
-		if hdr.Typeflag == tar.TypeDir {
+		if hdr.Typeflag != tar.TypeReg {
 			// skip this entry, only taking files into account
 			continue
 		}
+		if err := isValidFilePath(hdr.Name); err != nil {
+			return errors.Wrap(err, hdr.Name)
+		}
 		if hdr.Name == metaFile {
 			data, err := ioutil.ReadAll(tr)
 			if err != nil {
@ -358,10 +393,13 @@ func importZip(name string, s Writer, reader io.Reader) error {
 	var importedMetaFile bool
 	for _, zf := range zr.File {
 		fi := zf.FileInfo()
-		if fi.IsDir() {
-			// skip this entry, only taking files into account
+		if !fi.Mode().IsRegular() {
+			// skip this entry, only taking regular files into account
 			continue
 		}
+		if err := isValidFilePath(zf.Name); err != nil {
+			return errors.Wrap(err, zf.Name)
+		}
 		if zf.Name == metaFile {
 			f, err := zf.Open()
 			if err != nil {
@ -408,6 +446,9 @@ func parseMetadata(data []byte, name string) (Metadata, error) {
 	if err := json.Unmarshal(data, &meta); err != nil {
 		return meta, err
 	}
+	if err := ValidateContextName(name); err != nil {
+		return Metadata{}, err
+	}
 	meta.Name = name
 	return meta, nil
 }
--- a/vendor/github.com/docker/docker/api/swagger.yaml
+++ b/vendor/github.com/docker/docker/api/swagger.yaml
@ -560,7 +560,7 @@ definitions:
        format: "int64"
        minimum: 0
        maximum: 100
-      NanoCPUs:
+      NanoCpus:
        description: "CPU quota in units of 10<sup>-9</sup> CPUs."
        type: "integer"
        format: "int64"
@ -5466,7 +5466,7 @@ paths:
                MemorySwap: 0
                MemoryReservation: 0
                KernelMemory: 0
-                NanoCPUs: 500000
+                NanoCpus: 500000
                CpuPercent: 80
                CpuShares: 512
                CpuPeriod: 100000
@ -7310,7 +7310,7 @@ paths:


            For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
-            the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
+            query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.


            [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
--- a/vendor/github.com/docker/docker/errdefs/helpers.go
+++ b/vendor/github.com/docker/docker/errdefs/helpers.go
@ -10,6 +10,10 @@ func (e errNotFound) Cause() error {
 	return e.error
 }

+func (e errNotFound) Unwrap() error {
+	return e.error
+}
+
 // NotFound is a helper to create an error of the class with the same name from any error type
 func NotFound(err error) error {
 	if err == nil || IsNotFound(err) {
@ -26,6 +30,10 @@ func (e errInvalidParameter) Cause() error {
 	return e.error
 }

+func (e errInvalidParameter) Unwrap() error {
+	return e.error
+}
+
 // InvalidParameter is a helper to create an error of the class with the same name from any error type
 func InvalidParameter(err error) error {
 	if err == nil || IsInvalidParameter(err) {
@ -42,6 +50,10 @@ func (e errConflict) Cause() error {
 	return e.error
 }

+func (e errConflict) Unwrap() error {
+	return e.error
+}
+
 // Conflict is a helper to create an error of the class with the same name from any error type
 func Conflict(err error) error {
 	if err == nil || IsConflict(err) {
@ -58,6 +70,10 @@ func (e errUnauthorized) Cause() error {
 	return e.error
 }

+func (e errUnauthorized) Unwrap() error {
+	return e.error
+}
+
 // Unauthorized is a helper to create an error of the class with the same name from any error type
 func Unauthorized(err error) error {
 	if err == nil || IsUnauthorized(err) {
@ -74,6 +90,10 @@ func (e errUnavailable) Cause() error {
 	return e.error
 }

+func (e errUnavailable) Unwrap() error {
+	return e.error
+}
+
 // Unavailable is a helper to create an error of the class with the same name from any error type
 func Unavailable(err error) error {
 	if err == nil || IsUnavailable(err) {
@ -90,6 +110,10 @@ func (e errForbidden) Cause() error {
 	return e.error
 }

+func (e errForbidden) Unwrap() error {
+	return e.error
+}
+
 // Forbidden is a helper to create an error of the class with the same name from any error type
 func Forbidden(err error) error {
 	if err == nil || IsForbidden(err) {
@ -106,6 +130,10 @@ func (e errSystem) Cause() error {
 	return e.error
 }

+func (e errSystem) Unwrap() error {
+	return e.error
+}
+
 // System is a helper to create an error of the class with the same name from any error type
 func System(err error) error {
 	if err == nil || IsSystem(err) {
@ -122,6 +150,10 @@ func (e errNotModified) Cause() error {
 	return e.error
 }

+func (e errNotModified) Unwrap() error {
+	return e.error
+}
+
 // NotModified is a helper to create an error of the class with the same name from any error type
 func NotModified(err error) error {
 	if err == nil || IsNotModified(err) {
@ -138,6 +170,10 @@ func (e errNotImplemented) Cause() error {
 	return e.error
 }

+func (e errNotImplemented) Unwrap() error {
+	return e.error
+}
+
 // NotImplemented is a helper to create an error of the class with the same name from any error type
 func NotImplemented(err error) error {
 	if err == nil || IsNotImplemented(err) {
@ -154,6 +190,10 @@ func (e errUnknown) Cause() error {
 	return e.error
 }

+func (e errUnknown) Unwrap() error {
+	return e.error
+}
+
 // Unknown is a helper to create an error of the class with the same name from any error type
 func Unknown(err error) error {
 	if err == nil || IsUnknown(err) {
@ -170,6 +210,10 @@ func (e errCancelled) Cause() error {
 	return e.error
 }

+func (e errCancelled) Unwrap() error {
+	return e.error
+}
+
 // Cancelled is a helper to create an error of the class with the same name from any error type
 func Cancelled(err error) error {
 	if err == nil || IsCancelled(err) {
@ -186,6 +230,10 @@ func (e errDeadline) Cause() error {
 	return e.error
 }

+func (e errDeadline) Unwrap() error {
+	return e.error
+}
+
 // Deadline is a helper to create an error of the class with the same name from any error type
 func Deadline(err error) error {
 	if err == nil || IsDeadline(err) {
@ -202,6 +250,10 @@ func (e errDataLoss) Cause() error {
 	return e.error
 }

+func (e errDataLoss) Unwrap() error {
+	return e.error
+}
+
 // DataLoss is a helper to create an error of the class with the same name from any error type
 func DataLoss(err error) error {
 	if err == nil || IsDataLoss(err) {