From 7b3c4fc7141b4f37cae922b70ff6d05714680c7c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 5 Feb 2024 18:09:06 +0100 Subject: [PATCH] vendor: github.com/moby/buildkit 6bd81372ad6f (v0.13.0-dev) full diff: https://github.com/moby/buildkit/compare/6bd81372ad6f...d6e142600ee58a6ec45f946b25af28f9a70c6dbc Signed-off-by: Sebastiaan van Stijn --- go.mod | 2 +- go.sum | 4 +- .../exporter/containerimage/exptypes/parse.go | 14 +++++ .../frontend/gateway/client/attestation.go | 6 ++ .../moby/buildkit/sourcepolicy/matcher.go | 3 + .../util/entitlements/entitlements.go | 20 ++++++ .../moby/buildkit/util/gitutil/git_url.go | 9 +++ .../moby/buildkit/util/leaseutil/manager.go | 61 +++++++++++++++++-- vendor/modules.txt | 2 +- 9 files changed, 113 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 277c39cc..5c90c2f4 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/google/uuid v1.5.0 github.com/hashicorp/go-cty-funcs v0.0.0-20230405223818-a090f58aa992 github.com/hashicorp/hcl/v2 v2.19.1 - github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f // master (v0.13.0-dev) + github.com/moby/buildkit v0.13.0-beta3.0.20240205165705-d6e142600ee5 // master (v0.13.0-dev) github.com/moby/sys/mountinfo v0.7.1 github.com/moby/sys/signal v0.7.0 github.com/morikuni/aec v1.0.0 diff --git a/go.sum b/go.sum index 113e9758..fca2d1a8 100644 --- a/go.sum +++ b/go.sum @@ -320,8 +320,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f h1:weCt2sfZGVAeThzpVyv4ibC0oFfvSxtbiTE7W77wXpc= -github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f/go.mod h1:vEcIVw63dZyhTgbcyQWXlZrtrKnvFoSI8LhfV+Vj0Jg= +github.com/moby/buildkit v0.13.0-beta3.0.20240205165705-d6e142600ee5 h1:FJknzwgQMF0PviKWgRpJ3GtGbAkPNw5/PQtqqXnqvVM= +github.com/moby/buildkit v0.13.0-beta3.0.20240205165705-d6e142600ee5/go.mod h1:wWi92eSRd6lwFOiMcq6L2EJTuP7TvPTRl5KF3jmDiYc= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk= diff --git a/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/parse.go b/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/parse.go index 293a24ed..e8d9b7f0 100644 --- a/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/parse.go +++ b/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/parse.go @@ -17,6 +17,18 @@ func ParsePlatforms(meta map[string][]byte) (Platforms, error) { return Platforms{}, errors.Wrapf(err, "failed to parse platforms passed to provenance processor") } } + if len(ps.Platforms) == 0 { + return Platforms{}, errors.Errorf("invalid empty platforms index for exporter") + } + for i, p := range ps.Platforms { + if p.ID == "" { + return Platforms{}, errors.Errorf("invalid empty platform key for exporter") + } + if p.Platform.OS == "" || p.Platform.Architecture == "" { + return Platforms{}, errors.Errorf("invalid platform value %v for exporter", p.Platform) + } + ps.Platforms[i].Platform = platforms.Normalize(p.Platform) + } return ps, nil } @@ -36,6 +48,8 @@ func ParsePlatforms(meta map[string][]byte) (Platforms, error) { OSFeatures: img.OSFeatures, Variant: img.Variant, } + } else if img.OS != "" || img.Architecture != "" { + return Platforms{}, errors.Errorf("invalid image config: os and architecture must be specified together") } } p = platforms.Normalize(p) diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/client/attestation.go b/vendor/github.com/moby/buildkit/frontend/gateway/client/attestation.go index 5ffe6723..c5112db9 100644 --- a/vendor/github.com/moby/buildkit/frontend/gateway/client/attestation.go +++ b/vendor/github.com/moby/buildkit/frontend/gateway/client/attestation.go @@ -30,8 +30,14 @@ func AttestationToPB[T any](a *result.Attestation[T]) (*pb.Attestation, error) { } func AttestationFromPB[T any](a *pb.Attestation) (*result.Attestation[T], error) { + if a == nil { + return nil, errors.Errorf("invalid nil attestation") + } subjects := make([]result.InTotoSubject, len(a.InTotoSubjects)) for i, subject := range a.InTotoSubjects { + if subject == nil { + return nil, errors.Errorf("invalid nil attestation subject") + } subjects[i] = result.InTotoSubject{ Kind: subject.Kind, Name: subject.Name, diff --git a/vendor/github.com/moby/buildkit/sourcepolicy/matcher.go b/vendor/github.com/moby/buildkit/sourcepolicy/matcher.go index 79ab4032..2abe1039 100644 --- a/vendor/github.com/moby/buildkit/sourcepolicy/matcher.go +++ b/vendor/github.com/moby/buildkit/sourcepolicy/matcher.go @@ -10,6 +10,9 @@ import ( func match(ctx context.Context, src *selectorCache, ref string, attrs map[string]string) (bool, error) { for _, c := range src.Constraints { + if c == nil { + return false, errors.Errorf("invalid nil constraint for %v", src) + } switch c.Condition { case spb.AttrMatch_EQUAL: if attrs[c.Key] != c.Value { diff --git a/vendor/github.com/moby/buildkit/util/entitlements/entitlements.go b/vendor/github.com/moby/buildkit/util/entitlements/entitlements.go index f65b426b..328580c3 100644 --- a/vendor/github.com/moby/buildkit/util/entitlements/entitlements.go +++ b/vendor/github.com/moby/buildkit/util/entitlements/entitlements.go @@ -58,3 +58,23 @@ func (s Set) Allowed(e Entitlement) bool { _, ok := s[e] return ok } + +func (s Set) Check(v Values) error { + if v.NetworkHost { + if !s.Allowed(EntitlementNetworkHost) { + return errors.Errorf("%s is not allowed", EntitlementNetworkHost) + } + } + + if v.SecurityInsecure { + if !s.Allowed(EntitlementSecurityInsecure) { + return errors.Errorf("%s is not allowed", EntitlementSecurityInsecure) + } + } + return nil +} + +type Values struct { + NetworkHost bool + SecurityInsecure bool +} diff --git a/vendor/github.com/moby/buildkit/util/gitutil/git_url.go b/vendor/github.com/moby/buildkit/util/gitutil/git_url.go index 8df08c4d..0f1ff505 100644 --- a/vendor/github.com/moby/buildkit/util/gitutil/git_url.go +++ b/vendor/github.com/moby/buildkit/util/gitutil/git_url.go @@ -96,6 +96,15 @@ func ParseURL(remote string) (*GitURL, error) { return nil, ErrUnknownProtocol } +func IsGitTransport(remote string) bool { + if proto := protoRegexp.FindString(remote); proto != "" { + proto = strings.ToLower(strings.TrimSuffix(proto, "://")) + _, ok := supportedProtos[proto] + return ok + } + return sshutil.IsImplicitSSHTransport(remote) +} + func fromURL(url *url.URL) *GitURL { withoutFragment := *url withoutFragment.Fragment = "" diff --git a/vendor/github.com/moby/buildkit/util/leaseutil/manager.go b/vendor/github.com/moby/buildkit/util/leaseutil/manager.go index a02fb961..42381b6d 100644 --- a/vendor/github.com/moby/buildkit/util/leaseutil/manager.go +++ b/vendor/github.com/moby/buildkit/util/leaseutil/manager.go @@ -2,10 +2,12 @@ package leaseutil import ( "context" + "sync" "time" "github.com/containerd/containerd/leases" "github.com/containerd/containerd/namespaces" + "github.com/pkg/errors" ) func WithLease(ctx context.Context, ls leases.Manager, opts ...leases.Opt) (context.Context, func(context.Context) error, error) { @@ -16,15 +18,66 @@ func WithLease(ctx context.Context, ls leases.Manager, opts ...leases.Opt) (cont }, nil } - l, err := ls.Create(ctx, append([]leases.Opt{leases.WithRandomID(), leases.WithExpiration(time.Hour)}, opts...)...) + lr, ctx, err := NewLease(ctx, ls, opts...) + if err != nil { + return nil, nil, err + } + + return ctx, func(ctx context.Context) error { + return ls.Delete(ctx, lr.l) + }, nil +} + +func NewLease(ctx context.Context, lm leases.Manager, opts ...leases.Opt) (*LeaseRef, context.Context, error) { + l, err := lm.Create(ctx, append([]leases.Opt{leases.WithRandomID(), leases.WithExpiration(time.Hour)}, opts...)...) if err != nil { return nil, nil, err } ctx = leases.WithLease(ctx, l.ID) - return ctx, func(ctx context.Context) error { - return ls.Delete(ctx, l) - }, nil + return &LeaseRef{lm: lm, l: l}, ctx, nil +} + +type LeaseRef struct { + lm leases.Manager + l leases.Lease + + once sync.Once + resources []leases.Resource + err error +} + +func (l *LeaseRef) Discard() error { + return l.lm.Delete(context.Background(), l.l) +} + +func (l *LeaseRef) Adopt(ctx context.Context) error { + l.once.Do(func() { + resources, err := l.lm.ListResources(ctx, l.l) + if err != nil { + l.err = err + return + } + l.resources = resources + }) + if l.err != nil { + return l.err + } + currentID, ok := leases.FromContext(ctx) + if !ok { + return errors.Errorf("missing lease requirement for adopt") + } + for _, r := range l.resources { + if err := l.lm.AddResource(ctx, leases.Lease{ID: currentID}, r); err != nil { + return err + } + } + if len(l.resources) == 0 { + l.Discard() + return nil + } + go l.Discard() + return nil } func MakeTemporary(l *leases.Lease) error { diff --git a/vendor/modules.txt b/vendor/modules.txt index 2f96a7cd..e17c3a0a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -509,7 +509,7 @@ github.com/mitchellh/mapstructure # github.com/mitchellh/reflectwalk v1.0.2 ## explicit github.com/mitchellh/reflectwalk -# github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f +# github.com/moby/buildkit v0.13.0-beta3.0.20240205165705-d6e142600ee5 ## explicit; go 1.21 github.com/moby/buildkit/api/services/control github.com/moby/buildkit/api/types