vendor: update buildkit to master@ae9d0f5

Signed-off-by: Justin Chadwell <me@jedevc.com>

vendor/github.com/moby/buildkit/util/attestation/types.go

@@ -0,0 +1,11 @@
+package attestation
+
+const (
+	MediaTypeDockerSchema2AttestationType = "application/vnd.in-toto+json"
+
+	DockerAnnotationReferenceType        = "vnd.docker.reference.type"
+	DockerAnnotationReferenceDigest      = "vnd.docker.reference.digest"
+	DockerAnnotationReferenceDescription = "vnd.docker.reference.description"
+
+	DockerAnnotationReferenceTypeDefault = "attestation-manifest"
+)

vendor/github.com/moby/buildkit/util/contentutil/buffer.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"io"
+	"strings"
 	"sync"
 	"time"
 
@@ -18,12 +19,14 @@ import (
 type Buffer interface {
 	content.Provider
 	content.Ingester
+	content.Manager
 }
 
 // NewBuffer returns a new buffer
 func NewBuffer() Buffer {
 	return &buffer{
 		buffers: map[digest.Digest][]byte{},
+		infos:   map[digest.Digest]content.Info{},
 		refs:    map[string]struct{}{},
 	}
 }
@@ -31,9 +34,59 @@ func NewBuffer() Buffer {
 type buffer struct {
 	mu      sync.Mutex
 	buffers map[digest.Digest][]byte
+	infos   map[digest.Digest]content.Info
 	refs    map[string]struct{}
 }
 
+func (b *buffer) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) {
+	b.mu.Lock()
+	v, ok := b.infos[dgst]
+	b.mu.Unlock()
+	if !ok {
+		return content.Info{}, errdefs.ErrNotFound
+	}
+	return v, nil
+}
+
+func (b *buffer) Update(ctx context.Context, new content.Info, fieldpaths ...string) (content.Info, error) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+
+	updated, ok := b.infos[new.Digest]
+	if !ok {
+		return content.Info{}, errdefs.ErrNotFound
+	}
+
+	if len(fieldpaths) == 0 {
+		fieldpaths = []string{"labels"}
+	}
+
+	for _, path := range fieldpaths {
+		if strings.HasPrefix(path, "labels.") {
+			if updated.Labels == nil {
+				updated.Labels = map[string]string{}
+			}
+			key := strings.TrimPrefix(path, "labels.")
+			updated.Labels[key] = new.Labels[key]
+			continue
+		}
+		if path == "labels" {
+			updated.Labels = new.Labels
+		}
+	}
+
+	b.infos[new.Digest] = updated
+	return updated, nil
+}
+
+func (b *buffer) Walk(ctx context.Context, fn content.WalkFunc, filters ...string) error {
+	return nil // not implemented
+}
+
+func (b *buffer) Delete(ctx context.Context, dgst digest.Digest) error {
+	return nil // not implemented
+}
+
 func (b *buffer) Writer(ctx context.Context, opts ...content.WriterOpt) (content.Writer, error) {
 	var wOpts content.WriterOpts
 	for _, opt := range opts {
@@ -82,6 +135,7 @@ func (b *buffer) addValue(k digest.Digest, dt []byte) {
 	b.mu.Lock()
 	defer b.mu.Unlock()
 	b.buffers[k] = dt
+	b.infos[k] = content.Info{Digest: k, Size: int64(len(dt))}
 }
 
 type bufferedWriter struct {

vendor/github.com/moby/buildkit/util/contentutil/source.go

@@ -0,0 +1,34 @@
+package contentutil
+
+import (
+	"net/url"
+	"strings"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/reference"
+)
+
+func HasSource(info content.Info, refspec reference.Spec) (bool, error) {
+	u, err := url.Parse("dummy://" + refspec.Locator)
+	if err != nil {
+		return false, err
+	}
+
+	if info.Labels == nil {
+		return false, nil
+	}
+
+	source, target := u.Hostname(), strings.TrimPrefix(u.Path, "/")
+	repoLabel, ok := info.Labels["containerd.io/distribution.source."+source]
+	if !ok || repoLabel == "" {
+		return false, nil
+	}
+
+	for _, repo := range strings.Split(repoLabel, ",") {
+		// the target repo is not a candidate
+		if repo == target {
+			return true, nil
+		}
+	}
+	return false, nil
+}

vendor/github.com/moby/buildkit/util/gitutil/git_ref.go

@@ -10,8 +10,8 @@ import (
 // GitRef represents a git ref.
 //
 // Examples:
-// - "https://github.com/foo/bar.git#baz/qux:quux/quuz" is parsed into:
-//   {Remote: "https://github.com/foo/bar.git", ShortName: "bar", Commit:"baz/qux", SubDir: "quux/quuz"}.
+//   - "https://github.com/foo/bar.git#baz/qux:quux/quuz" is parsed into:
+//     {Remote: "https://github.com/foo/bar.git", ShortName: "bar", Commit:"baz/qux", SubDir: "quux/quuz"}.
 type GitRef struct {
 	// Remote is the remote repository path.
 	Remote string

vendor/github.com/moby/buildkit/util/grpcerrors/grpcerrors.go

@@ -6,7 +6,7 @@ import (
 
 	"github.com/containerd/typeurl"
 	gogotypes "github.com/gogo/protobuf/types"
-	"github.com/golang/protobuf/proto" // nolint:staticcheck
+	"github.com/golang/protobuf/proto" //nolint:staticcheck
 	"github.com/golang/protobuf/ptypes/any"
 	"github.com/moby/buildkit/util/stack"
 	"github.com/sirupsen/logrus"

vendor/github.com/moby/buildkit/util/imageutil/config.go

@@ -13,6 +13,8 @@ import (
 	"github.com/containerd/containerd/reference"
 	"github.com/containerd/containerd/remotes"
 	"github.com/containerd/containerd/remotes/docker"
+	"github.com/moby/buildkit/util/attestation"
+	"github.com/moby/buildkit/util/contentutil"
 	"github.com/moby/buildkit/util/leaseutil"
 	"github.com/moby/buildkit/util/resolver/limited"
 	"github.com/moby/buildkit/util/resolver/retryhandler"
@@ -24,6 +26,7 @@ import (
 type ContentCache interface {
 	content.Ingester
 	content.Provider
+	content.Manager
 }
 
 var leasesMu sync.Mutex
@@ -75,10 +78,15 @@ func Config(ctx context.Context, str string, resolver remotes.Resolver, cache Co
 	if desc.Digest != "" {
 		ra, err := cache.ReaderAt(ctx, desc)
 		if err == nil {
-			desc.Size = ra.Size()
-			mt, err := DetectManifestMediaType(ra)
+			info, err := cache.Info(ctx, desc.Digest)
 			if err == nil {
-				desc.MediaType = mt
+				if ok, err := contentutil.HasSource(info, ref); err == nil && ok {
+					desc.Size = ra.Size()
+					mt, err := DetectManifestMediaType(ra)
+					if err == nil {
+						desc.MediaType = mt
+					}
+				}
 			}
 		}
 	}
@@ -101,8 +109,14 @@ func Config(ctx context.Context, str string, resolver remotes.Resolver, cache Co
 
 	children := childrenConfigHandler(cache, platform)
 
+	dslHandler, err := docker.AppendDistributionSourceLabel(cache, ref.String())
+	if err != nil {
+		return "", nil, err
+	}
+
 	handlers := []images.Handler{
 		retryhandler.New(limited.FetchHandler(cache, fetcher, str), func(_ []byte) {}),
+		dslHandler,
 		children,
 	}
 	if err := images.Dispatch(ctx, images.Handlers(handlers...), nil, desc); err != nil {
@@ -159,7 +173,8 @@ func childrenConfigHandler(provider content.Provider, platform platforms.MatchCo
 			} else {
 				descs = append(descs, index.Manifests...)
 			}
-		case images.MediaTypeDockerSchema2Config, ocispecs.MediaTypeImageConfig, docker.LegacyConfigMediaType:
+		case images.MediaTypeDockerSchema2Config, ocispecs.MediaTypeImageConfig, docker.LegacyConfigMediaType,
+			attestation.MediaTypeDockerSchema2AttestationType:
 			// childless data types.
 			return nil, nil
 		default:

vendor/github.com/moby/buildkit/util/imageutil/schema1.go

@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/containerd/containerd/remotes"
+	"github.com/moby/buildkit/exporter/containerimage/image"
 	digest "github.com/opencontainers/go-digest"
 	ocispecs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -44,7 +45,7 @@ func convertSchema1ConfigMeta(in []byte) ([]byte, error) {
 		return nil, errors.Errorf("invalid schema1 manifest")
 	}
 
-	var img ocispecs.Image
+	var img image.Image
 	if err := json.Unmarshal([]byte(m.History[0].V1Compatibility), &img); err != nil {
 		return nil, errors.Wrap(err, "failed to unmarshal image from schema 1 history")
 	}
@@ -68,7 +69,7 @@ func convertSchema1ConfigMeta(in []byte) ([]byte, error) {
 		}
 	}
 
-	dt, err := json.MarshalIndent(img, "", "   ")
+	dt, err := json.MarshalIndent(img, "", "  ")
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to marshal schema1 config")
 	}

vendor/github.com/moby/buildkit/util/progress/progressui/colors.go

@@ -38,14 +38,13 @@ func setUserDefinedTermColors(colorsEnv string) {
 		return
 	}
 	for _, field := range fields {
-		parts := strings.SplitN(field, "=", 2)
-		if len(parts) != 2 || strings.Contains(parts[1], "=") {
+		k, v, ok := strings.Cut(field, "=")
+		if !ok || strings.Contains(v, "=") {
 			err := errors.New("A valid entry must have exactly two fields")
 			logrus.WithError(err).Warnf("Could not parse BUILDKIT_COLORS component: %s", field)
 			continue
 		}
-		k := strings.ToLower(parts[0])
-		v := parts[1]
+		k = strings.ToLower(k)
 		if c, ok := termColorMap[strings.ToLower(v)]; ok {
 			parseKeys(k, c)
 		} else if strings.Contains(v, ",") {
@@ -94,8 +93,7 @@ func readRGB(v string) aec.ANSI {
 }
 
 func parseKeys(k string, c aec.ANSI) {
-	key := strings.ToLower(k)
-	switch key {
+	switch strings.ToLower(k) {
 	case "run":
 		colorRun = c
 	case "cancel":

vendor/github.com/moby/buildkit/util/progress/progressui/printer.go

@@ -170,10 +170,10 @@ func (p *textMux) printVtx(t *trace, dgst digest.Digest) {
 		p.current = ""
 		v.count = 0
 
+		if v.logsPartial {
+			fmt.Fprintln(p.w, "")
+		}
 		if v.Error != "" {
-			if v.logsPartial {
-				fmt.Fprintln(p.w, "")
-			}
 			if strings.HasSuffix(v.Error, context.Canceled.Error()) {
 				fmt.Fprintf(p.w, "#%d CANCELED\n", v.index)
 			} else {

vendor/github.com/moby/buildkit/util/stack/stack.go

@@ -151,7 +151,7 @@ func convertStack(s errors.StackTrace) *Stack {
 		if idx == -1 {
 			continue
 		}
-		line, err := strconv.Atoi(p[1][idx+1:])
+		line, err := strconv.ParseInt(p[1][idx+1:], 10, 32)
 		if err != nil {
 			continue
 		}

vendor/github.com/moby/buildkit/util/tracing/otlptracegrpc/connection.go

@@ -119,9 +119,7 @@ func (c *Connection) indefiniteBackgroundConnection() {
 
 	connReattemptPeriod := defaultConnReattemptPeriod
 
-	// No strong seeding required, nano time can
-	// already help with pseudo uniqueness.
-	rng := rand.New(rand.NewSource(time.Now().UnixNano() + rand.Int63n(1024)))
+	rng := rand.New(rand.NewSource(time.Now().UnixNano() + rand.Int63n(1024))) //nolint:gosec // No strong seeding required, nano time can already help with pseudo uniqueness.
 
 	// maxJitterNanos: 70% of the connectionReattemptPeriod
 	maxJitterNanos := int64(0.7 * float64(connReattemptPeriod))