vendor: github.com/moby/buildkit 6bd81372ad6f (master)

- tests: implement NetNSDetached method

full diff: 6e200afad5...6bd81372ad

Co-authored-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

vendor/github.com/moby/buildkit/util/appdefaults/appdefaults_unix.go

@@ -17,6 +17,10 @@ const (
 	DefaultCNIConfigPath = "/etc/buildkit/cni.json"
 )
 
+var (
+	UserCNIConfigPath = filepath.Join(UserConfigDir(), "cni.json")
+)
+
 // UserAddress typically returns /run/user/$UID/buildkit/buildkitd.sock
 func UserAddress() string {
 	//  pam_systemd sets XDG_RUNTIME_DIR but not other dirs.

vendor/github.com/moby/buildkit/util/appdefaults/appdefaults_windows.go

@@ -16,6 +16,10 @@ var (
 	DefaultCNIConfigPath = filepath.Join(ConfigDir, "cni.json")
 )
 
+var (
+	UserCNIConfigPath = DefaultCNIConfigPath
+)
+
 func UserAddress() string {
 	return Address
 }

vendor/github.com/moby/buildkit/util/progress/multiwriter.go

@@ -36,6 +36,15 @@ func (ps *MultiWriter) Add(pw Writer) {
 	if !ok {
 		return
 	}
+	if pws, ok := rw.(*MultiWriter); ok {
+		if pws.contains(ps) {
+			// this would cause a deadlock, so we should panic instead
+			// NOTE: this can be caused by a cycle in the scheduler states,
+			// which is created by a series of unfortunate edge merges
+			panic("multiwriter loop detected")
+		}
+	}
+
 	ps.mu.Lock()
 	plist := make([]*Progress, 0, len(ps.items))
 	plist = append(plist, ps.items...)
@@ -102,3 +111,24 @@ func (ps *MultiWriter) writeRawProgress(p *Progress) error {
 func (ps *MultiWriter) Close() error {
 	return nil
 }
+
+func (ps *MultiWriter) contains(pw rawProgressWriter) bool {
+	ps.mu.Lock()
+	defer ps.mu.Unlock()
+	_, ok := ps.writers[pw]
+	if ok {
+		return true
+	}
+
+	for w := range ps.writers {
+		w, ok := w.(*MultiWriter)
+		if !ok {
+			continue
+		}
+		if w.contains(pw) {
+			return true
+		}
+	}
+
+	return false
+}

vendor/github.com/moby/buildkit/util/testutil/integration/run.go

@@ -38,6 +38,7 @@ type Backend interface {
 	ContainerdAddress() string
 
 	Rootless() bool
+	NetNSDetached() bool
 	Snapshotter() string
 	Supports(feature string) bool
 }
@@ -66,6 +67,7 @@ type Worker interface {
 	Close() error
 	Name() string
 	Rootless() bool
+	NetNSDetached() bool
 }
 
 type ConfigUpdater interface {

vendor/github.com/moby/buildkit/util/testutil/workers/backend.go

@@ -10,6 +10,7 @@ type backend struct {
 	dockerAddress       string
 	containerdAddress   string
 	rootless            bool
+	netnsDetached       bool
 	snapshotter         string
 	unsupportedFeatures []string
 	isDockerd           bool
@@ -31,6 +32,10 @@ func (b backend) Rootless() bool {
 	return b.rootless
 }
 
+func (b backend) NetNSDetached() bool {
+	return b.netnsDetached
+}
+
 func (b backend) Snapshotter() string {
 	return b.snapshotter
 }

vendor/github.com/moby/buildkit/util/testutil/workers/containerd.go

@@ -55,6 +55,8 @@ func InitContainerdWorker() {
 				GID:         gid,
 				Snapshotter: "native", // TODO: test with fuse-overlayfs as well, or automatically determine snapshotter
 			})
+
+			// TODO: add RootlessKitDetachNetNS after updating containerd-rootless.sh to include https://github.com/containerd/nerdctl/pull/2723
 		}
 	}
 
@@ -84,6 +86,10 @@ func (c *Containerd) Rootless() bool {
 	return c.UID != 0
 }
 
+func (c *Containerd) NetNSDetached() bool {
+	return false
+}
+
 func (c *Containerd) New(ctx context.Context, cfg *integration.BackendConfig) (b integration.Backend, cl func() error, err error) {
 	if err := integration.LookupBinary(c.Containerd); err != nil {
 		return nil, nil, err
@@ -236,6 +242,7 @@ disabled_plugins = ["cri"]
 		address:           buildkitdSock,
 		containerdAddress: address,
 		rootless:          rootless,
+		netnsDetached:     false,
 		snapshotter:       c.Snapshotter,
 	}, cl, nil
 }

vendor/github.com/moby/buildkit/util/testutil/workers/dockerd.go

@@ -71,6 +71,10 @@ func (c Moby) Rootless() bool {
 	return c.IsRootless
 }
 
+func (c Moby) NetNSDetached() bool {
+	return false
+}
+
 func (c Moby) New(ctx context.Context, cfg *integration.BackendConfig) (b integration.Backend, cl func() error, err error) {
 	if err := requireRoot(); err != nil {
 		return nil, nil, err
@@ -224,6 +228,7 @@ func (c Moby) New(ctx context.Context, cfg *integration.BackendConfig) (b integr
 		address:             "unix://" + listener.Addr().String(),
 		dockerAddress:       d.Sock(),
 		rootless:            c.IsRootless,
+		netnsDetached:       false,
 		isDockerd:           true,
 		unsupportedFeatures: c.Unsupported,
 	}, cl, nil

vendor/github.com/moby/buildkit/util/testutil/workers/oci.go

@@ -19,10 +19,12 @@ func InitOCIWorker() {
 }
 
 type OCI struct {
-	ID          string
-	UID         int
-	GID         int
-	Snapshotter string
+	ID                     string
+	UID                    int
+	GID                    int
+	Snapshotter            string
+	RootlessKitNet         string // e.g., "slirp4netns"
+	RootlessKitDetachNetNS bool   // needs RootlessKitNet to be non-host network
 }
 
 func (s *OCI) Name() string {
@@ -33,6 +35,10 @@ func (s *OCI) Rootless() bool {
 	return s.UID != 0
 }
 
+func (s *OCI) NetNSDetached() bool {
+	return s.Rootless() && s.RootlessKitDetachNetNS
+}
+
 func (s *OCI) New(ctx context.Context, cfg *integration.BackendConfig) (integration.Backend, func() error, error) {
 	if err := integration.LookupBinary("buildkitd"); err != nil {
 		return nil, nil, err
@@ -52,8 +58,19 @@ func (s *OCI) New(ctx context.Context, cfg *integration.BackendConfig) (integrat
 		if s.GID == 0 {
 			return nil, nil, errors.Errorf("unsupported id pair: uid=%d, gid=%d", s.UID, s.GID)
 		}
+		var rootlessKitArgs []string
+		switch s.RootlessKitNet {
+		case "", "host":
+		// NOP
+		default:
+			// See docs/rootless.md
+			rootlessKitArgs = append(rootlessKitArgs, "--net="+s.RootlessKitNet, "--copy-up=/etc", "--disable-host-loopback")
+		}
+		if s.RootlessKitDetachNetNS {
+			rootlessKitArgs = append(rootlessKitArgs, "--detach-netns")
+		}
 		// TODO: make sure the user exists and subuid/subgid are configured.
-		buildkitdArgs = append([]string{"sudo", "-u", fmt.Sprintf("#%d", s.UID), "-i", "--", "exec", "rootlesskit"}, buildkitdArgs...)
+		buildkitdArgs = append(append([]string{"sudo", "-u", fmt.Sprintf("#%d", s.UID), "-i", "--", "exec", "rootlesskit"}, rootlessKitArgs...), buildkitdArgs...)
 	}
 
 	var extraEnv []string
@@ -67,9 +84,10 @@ func (s *OCI) New(ctx context.Context, cfg *integration.BackendConfig) (integrat
 	}
 
 	return backend{
-		address:     buildkitdSock,
-		rootless:    s.UID != 0,
-		snapshotter: s.Snapshotter,
+		address:       buildkitdSock,
+		rootless:      s.UID != 0,
+		netnsDetached: s.NetNSDetached(),
+		snapshotter:   s.Snapshotter,
 	}, stop, nil
 }
 

vendor/github.com/moby/buildkit/util/testutil/workers/oci_unix.go

@@ -22,6 +22,8 @@ func initOCIWorker() {
 		}
 		if integration.RootlessSupported(uid) {
 			integration.Register(&OCI{ID: "oci-rootless", UID: uid, GID: gid})
+			integration.Register(&OCI{ID: "oci-rootless-slirp4netns-detachnetns", UID: uid, GID: gid,
+				RootlessKitNet: "slirp4netns", RootlessKitDetachNetNS: true})
 		}
 	}