vendor: github.com/moby/buildkit 6bd81372ad6f (v0.13.0-dev)

full diff: 6bd81372ad...d6e142600e

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

go.mod

@@ -24,7 +24,7 @@ require (
 	github.com/google/uuid v1.5.0
 	github.com/hashicorp/go-cty-funcs v0.0.0-20230405223818-a090f58aa992
 	github.com/hashicorp/hcl/v2 v2.19.1
-	github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f // master (v0.13.0-dev)
+	github.com/moby/buildkit v0.13.0-beta3.0.20240205165705-d6e142600ee5 // master (v0.13.0-dev)
 	github.com/moby/sys/mountinfo v0.7.1
 	github.com/moby/sys/signal v0.7.0
 	github.com/morikuni/aec v1.0.0

go.sum

@@ -320,8 +320,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f h1:weCt2sfZGVAeThzpVyv4ibC0oFfvSxtbiTE7W77wXpc=
-github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f/go.mod h1:vEcIVw63dZyhTgbcyQWXlZrtrKnvFoSI8LhfV+Vj0Jg=
+github.com/moby/buildkit v0.13.0-beta3.0.20240205165705-d6e142600ee5 h1:FJknzwgQMF0PviKWgRpJ3GtGbAkPNw5/PQtqqXnqvVM=
+github.com/moby/buildkit v0.13.0-beta3.0.20240205165705-d6e142600ee5/go.mod h1:wWi92eSRd6lwFOiMcq6L2EJTuP7TvPTRl5KF3jmDiYc=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=

vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/parse.go

@@ -17,6 +17,18 @@ func ParsePlatforms(meta map[string][]byte) (Platforms, error) {
 				return Platforms{}, errors.Wrapf(err, "failed to parse platforms passed to provenance processor")
 			}
 		}
+		if len(ps.Platforms) == 0 {
+			return Platforms{}, errors.Errorf("invalid empty platforms index for exporter")
+		}
+		for i, p := range ps.Platforms {
+			if p.ID == "" {
+				return Platforms{}, errors.Errorf("invalid empty platform key for exporter")
+			}
+			if p.Platform.OS == "" || p.Platform.Architecture == "" {
+				return Platforms{}, errors.Errorf("invalid platform value %v for exporter", p.Platform)
+			}
+			ps.Platforms[i].Platform = platforms.Normalize(p.Platform)
+		}
 		return ps, nil
 	}
 
@@ -36,6 +48,8 @@ func ParsePlatforms(meta map[string][]byte) (Platforms, error) {
 				OSFeatures:   img.OSFeatures,
 				Variant:      img.Variant,
 			}
+		} else if img.OS != "" || img.Architecture != "" {
+			return Platforms{}, errors.Errorf("invalid image config: os and architecture must be specified together")
 		}
 	}
 	p = platforms.Normalize(p)

vendor/github.com/moby/buildkit/frontend/gateway/client/attestation.go

@@ -30,8 +30,14 @@ func AttestationToPB[T any](a *result.Attestation[T]) (*pb.Attestation, error) {
 }
 
 func AttestationFromPB[T any](a *pb.Attestation) (*result.Attestation[T], error) {
+	if a == nil {
+		return nil, errors.Errorf("invalid nil attestation")
+	}
 	subjects := make([]result.InTotoSubject, len(a.InTotoSubjects))
 	for i, subject := range a.InTotoSubjects {
+		if subject == nil {
+			return nil, errors.Errorf("invalid nil attestation subject")
+		}
 		subjects[i] = result.InTotoSubject{
 			Kind:   subject.Kind,
 			Name:   subject.Name,

vendor/github.com/moby/buildkit/sourcepolicy/matcher.go

@@ -10,6 +10,9 @@ import (
 
 func match(ctx context.Context, src *selectorCache, ref string, attrs map[string]string) (bool, error) {
 	for _, c := range src.Constraints {
+		if c == nil {
+			return false, errors.Errorf("invalid nil constraint for %v", src)
+		}
 		switch c.Condition {
 		case spb.AttrMatch_EQUAL:
 			if attrs[c.Key] != c.Value {

vendor/github.com/moby/buildkit/util/entitlements/entitlements.go

@@ -58,3 +58,23 @@ func (s Set) Allowed(e Entitlement) bool {
 	_, ok := s[e]
 	return ok
 }
+
+func (s Set) Check(v Values) error {
+	if v.NetworkHost {
+		if !s.Allowed(EntitlementNetworkHost) {
+			return errors.Errorf("%s is not allowed", EntitlementNetworkHost)
+		}
+	}
+
+	if v.SecurityInsecure {
+		if !s.Allowed(EntitlementSecurityInsecure) {
+			return errors.Errorf("%s is not allowed", EntitlementSecurityInsecure)
+		}
+	}
+	return nil
+}
+
+type Values struct {
+	NetworkHost      bool
+	SecurityInsecure bool
+}

vendor/github.com/moby/buildkit/util/gitutil/git_url.go

@@ -96,6 +96,15 @@ func ParseURL(remote string) (*GitURL, error) {
 	return nil, ErrUnknownProtocol
 }
 
+func IsGitTransport(remote string) bool {
+	if proto := protoRegexp.FindString(remote); proto != "" {
+		proto = strings.ToLower(strings.TrimSuffix(proto, "://"))
+		_, ok := supportedProtos[proto]
+		return ok
+	}
+	return sshutil.IsImplicitSSHTransport(remote)
+}
+
 func fromURL(url *url.URL) *GitURL {
 	withoutFragment := *url
 	withoutFragment.Fragment = ""

vendor/github.com/moby/buildkit/util/leaseutil/manager.go

@@ -2,10 +2,12 @@ package leaseutil
 
 import (
 	"context"
+	"sync"
 	"time"
 
 	"github.com/containerd/containerd/leases"
 	"github.com/containerd/containerd/namespaces"
+	"github.com/pkg/errors"
 )
 
 func WithLease(ctx context.Context, ls leases.Manager, opts ...leases.Opt) (context.Context, func(context.Context) error, error) {
@@ -16,15 +18,66 @@ func WithLease(ctx context.Context, ls leases.Manager, opts ...leases.Opt) (cont
 		}, nil
 	}
 
-	l, err := ls.Create(ctx, append([]leases.Opt{leases.WithRandomID(), leases.WithExpiration(time.Hour)}, opts...)...)
+	lr, ctx, err := NewLease(ctx, ls, opts...)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return ctx, func(ctx context.Context) error {
+		return ls.Delete(ctx, lr.l)
+	}, nil
+}
+
+func NewLease(ctx context.Context, lm leases.Manager, opts ...leases.Opt) (*LeaseRef, context.Context, error) {
+	l, err := lm.Create(ctx, append([]leases.Opt{leases.WithRandomID(), leases.WithExpiration(time.Hour)}, opts...)...)
 	if err != nil {
 		return nil, nil, err
 	}
 
 	ctx = leases.WithLease(ctx, l.ID)
-	return ctx, func(ctx context.Context) error {
-		return ls.Delete(ctx, l)
-	}, nil
+	return &LeaseRef{lm: lm, l: l}, ctx, nil
+}
+
+type LeaseRef struct {
+	lm leases.Manager
+	l  leases.Lease
+
+	once      sync.Once
+	resources []leases.Resource
+	err       error
+}
+
+func (l *LeaseRef) Discard() error {
+	return l.lm.Delete(context.Background(), l.l)
+}
+
+func (l *LeaseRef) Adopt(ctx context.Context) error {
+	l.once.Do(func() {
+		resources, err := l.lm.ListResources(ctx, l.l)
+		if err != nil {
+			l.err = err
+			return
+		}
+		l.resources = resources
+	})
+	if l.err != nil {
+		return l.err
+	}
+	currentID, ok := leases.FromContext(ctx)
+	if !ok {
+		return errors.Errorf("missing lease requirement for adopt")
+	}
+	for _, r := range l.resources {
+		if err := l.lm.AddResource(ctx, leases.Lease{ID: currentID}, r); err != nil {
+			return err
+		}
+	}
+	if len(l.resources) == 0 {
+		l.Discard()
+		return nil
+	}
+	go l.Discard()
+	return nil
 }
 
 func MakeTemporary(l *leases.Lease) error {

vendor/modules.txt

@@ -509,7 +509,7 @@ github.com/mitchellh/mapstructure
 # github.com/mitchellh/reflectwalk v1.0.2
 ## explicit
 github.com/mitchellh/reflectwalk
-# github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f
+# github.com/moby/buildkit v0.13.0-beta3.0.20240205165705-d6e142600ee5
 ## explicit; go 1.21
 github.com/moby/buildkit/api/services/control
 github.com/moby/buildkit/api/types