vendor: update buildkit to 1e6032c

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>

vendor/github.com/containerd/containerd/remotes/docker/authorizer.go

@@ -311,7 +311,8 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token, refreshToken st
 				// Registries without support for POST may return 404 for POST /v2/token.
 				// As of September 2017, GCR is known to return 404.
 				// As of February 2018, JFrog Artifactory is known to return 401.
-				if (errStatus.StatusCode == 405 && to.Username != "") || errStatus.StatusCode == 404 || errStatus.StatusCode == 401 {
+				// As of January 2022, ACR is known to return 400.
+				if (errStatus.StatusCode == 405 && to.Username != "") || errStatus.StatusCode == 404 || errStatus.StatusCode == 401 || errStatus.StatusCode == 400 {
 					resp, err := auth.FetchToken(ctx, ah.client, ah.header, to)
 					if err != nil {
 						return "", "", err

vendor/github.com/containerd/containerd/remotes/docker/pusher.go

@@ -79,7 +79,7 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str
 		if status.Committed && status.Offset == status.Total {
 			return nil, fmt.Errorf("ref %v: %w", ref, errdefs.ErrAlreadyExists)
 		}
-		if unavailableOnFail {
+		if unavailableOnFail && status.ErrClosed == nil {
 			// Another push of this ref is happening elsewhere. The rest of function
 			// will continue only when `errdefs.IsNotFound(err) == true` (i.e. there
 			// is no actively-tracked ref already).
@@ -355,6 +355,12 @@ func (pw *pushWriter) Write(p []byte) (n int, err error) {
 }
 
 func (pw *pushWriter) Close() error {
+	status, err := pw.tracker.GetStatus(pw.ref)
+	if err == nil && !status.Committed {
+		// Closing an incomplete writer. Record this as an error so that following write can retry it.
+		status.ErrClosed = errors.New("closed incomplete writer")
+		pw.tracker.SetStatus(pw.ref, status)
+	}
 	return pw.pipe.Close()
 }
 

vendor/github.com/containerd/containerd/remotes/docker/scope.go

@@ -74,7 +74,7 @@ func ContextWithAppendPullRepositoryScope(ctx context.Context, repo string) cont
 
 // GetTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and common scopes.
 func GetTokenScopes(ctx context.Context, common []string) []string {
-	var scopes []string
+	scopes := []string{}
 	if x := ctx.Value(tokenScopesKey{}); x != nil {
 		scopes = append(scopes, x.([]string)...)
 	}
@@ -82,6 +82,10 @@ func GetTokenScopes(ctx context.Context, common []string) []string {
 	scopes = append(scopes, common...)
 	sort.Strings(scopes)
 
+	if len(scopes) == 0 {
+		return scopes
+	}
+
 	l := 0
 	for idx := 1; idx < len(scopes); idx++ {
 		// Note: this comparison is unaware of the scope grammar (https://docs.docker.com/registry/spec/auth/scope/)

vendor/github.com/containerd/containerd/remotes/docker/status.go

@@ -31,6 +31,9 @@ type Status struct {
 
 	Committed bool
 
+	// ErrClosed contains error encountered on close.
+	ErrClosed error
+
 	// UploadUUID is used by the Docker registry to reference blob uploads
 	UploadUUID string
 }