From a1cdd4bfcc515a862e18ac123836fcaa05d09b32 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Thu, 6 Jun 2019 01:36:33 +0000 Subject: [PATCH] build: buildkit now honors daemon's DNS config Signed-off-by: Tibor Vass --- builder/builder-next/builder.go | 1 + builder/builder-next/controller.go | 4 +- builder/builder-next/executor_unix.go | 16 ++++- builder/builder-next/executor_windows.go | 8 ++- cmd/dockerd/daemon.go | 1 + daemon/config/config.go | 11 +++- daemon/config/config_test.go | 24 ++++++-- vendor.conf | 2 +- vendor/github.com/moby/buildkit/README.md | 2 +- .../github.com/moby/buildkit/cache/manager.go | 14 ++--- .../moby/buildkit/cache/metadata/metadata.go | 53 ++++++++-------- vendor/github.com/moby/buildkit/cache/refs.go | 4 +- .../moby/buildkit/cache/remotecache/import.go | 16 ++--- .../cache/remotecache/v1/cachestorage.go | 2 +- .../buildkit/cache/remotecache/v1/parse.go | 2 +- .../moby/buildkit/cache/util/fsutil.go | 14 ++--- .../moby/buildkit/client/llb/exec.go | 14 +++-- .../moby/buildkit/client/llb/meta.go | 22 ++++--- .../moby/buildkit/client/llb/state.go | 8 +-- .../moby/buildkit/executor/oci/resolvconf.go | 40 ++++++++++-- .../moby/buildkit/executor/oci/spec.go | 13 ++++ .../moby/buildkit/executor/oci/spec_unix.go | 12 ---- .../moby/buildkit/executor/oci/user.go | 12 +--- .../executor/runcexecutor/executor.go | 5 +- .../frontend/dockerfile/builder/build.go | 4 +- .../frontend/gateway/grpcclient/client.go | 2 +- .../moby/buildkit/session/auth/auth.go | 5 +- .../moby/buildkit/session/content/caller.go | 25 +++++--- .../buildkit/session/filesync/diffcopy.go | 24 ++++---- .../buildkit/session/filesync/filesync.go | 4 +- .../moby/buildkit/session/secrets/secrets.go | 4 +- .../moby/buildkit/session/sshforward/copy.go | 9 +-- .../moby/buildkit/session/sshforward/ssh.go | 13 ++-- .../moby/buildkit/session/upload/upload.go | 7 ++- .../github.com/moby/buildkit/solver/edge.go | 10 +-- .../moby/buildkit/solver/llbsolver/bridge.go | 6 +- .../buildkit/solver/llbsolver/ops/build.go | 4 ++ .../buildkit/solver/llbsolver/ops/exec.go | 5 +- .../buildkit/solver/llbsolver/ops/file.go | 3 + .../buildkit/solver/llbsolver/ops/source.go | 4 ++ .../moby/buildkit/solver/llbsolver/vertex.go | 61 +++++++++++++++++++ 41 files changed, 330 insertions(+), 160 deletions(-) create mode 100644 vendor/github.com/moby/buildkit/executor/oci/spec.go diff --git a/builder/builder-next/builder.go b/builder/builder-next/builder.go index bb701106f6..f2e111ff48 100644 --- a/builder/builder-next/builder.go +++ b/builder/builder-next/builder.go @@ -75,6 +75,7 @@ type Opt struct { BuilderConfig config.BuilderConfig Rootless bool IdentityMapping *idtools.IdentityMapping + DNSConfig config.DNSConfig } // Builder can build using BuildKit backend diff --git a/builder/builder-next/controller.go b/builder/builder-next/controller.go index dfc482e17b..e740a76583 100644 --- a/builder/builder-next/controller.go +++ b/builder/builder-next/controller.go @@ -113,7 +113,9 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) { return nil, err } - exec, err := newExecutor(root, opt.DefaultCgroupParent, opt.NetworkController, opt.Rootless, opt.IdentityMapping) + dns := getDNSConfig(opt.DNSConfig) + + exec, err := newExecutor(root, opt.DefaultCgroupParent, opt.NetworkController, dns, opt.Rootless, opt.IdentityMapping) if err != nil { return nil, err } diff --git a/builder/builder-next/executor_unix.go b/builder/builder-next/executor_unix.go index 7cbc2569eb..4aee34cf30 100644 --- a/builder/builder-next/executor_unix.go +++ b/builder/builder-next/executor_unix.go @@ -8,9 +8,11 @@ import ( "strconv" "sync" + "github.com/docker/docker/daemon/config" "github.com/docker/docker/pkg/idtools" "github.com/docker/libnetwork" "github.com/moby/buildkit/executor" + "github.com/moby/buildkit/executor/oci" "github.com/moby/buildkit/executor/runcexecutor" "github.com/moby/buildkit/identity" "github.com/moby/buildkit/solver/pb" @@ -21,7 +23,7 @@ import ( const networkName = "bridge" -func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, rootless bool, idmap *idtools.IdentityMapping) (executor.Executor, error) { +func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, dnsConfig *oci.DNSConfig, rootless bool, idmap *idtools.IdentityMapping) (executor.Executor, error) { networkProviders := map[pb.NetMode]network.Provider{ pb.NetMode_UNSET: &bridgeProvider{NetworkController: net, Root: filepath.Join(root, "net")}, pb.NetMode_HOST: network.NewHostProvider(), @@ -34,6 +36,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, ro Rootless: rootless, NoPivot: os.Getenv("DOCKER_RAMDISK") != "", IdentityMapping: idmap, + DNS: dnsConfig, }, networkProviders) } @@ -117,3 +120,14 @@ func (iface *lnInterface) Close() error { } return iface.err } + +func getDNSConfig(cfg config.DNSConfig) *oci.DNSConfig { + if cfg.DNS != nil || cfg.DNSSearch != nil || cfg.DNSOptions != nil { + return &oci.DNSConfig{ + Nameservers: cfg.DNS, + SearchDomains: cfg.DNSSearch, + Options: cfg.DNSOptions, + } + } + return nil +} diff --git a/builder/builder-next/executor_windows.go b/builder/builder-next/executor_windows.go index b870abe6ce..6de6d529f3 100644 --- a/builder/builder-next/executor_windows.go +++ b/builder/builder-next/executor_windows.go @@ -5,13 +5,15 @@ import ( "errors" "io" + "github.com/docker/docker/daemon/config" "github.com/docker/docker/pkg/idtools" "github.com/docker/libnetwork" "github.com/moby/buildkit/cache" "github.com/moby/buildkit/executor" + "github.com/moby/buildkit/executor/oci" ) -func newExecutor(_, _ string, _ libnetwork.NetworkController, _ bool, _ *idtools.IdentityMapping) (executor.Executor, error) { +func newExecutor(_, _ string, _ libnetwork.NetworkController, _ *oci.DNSConfig, _ bool, _ *idtools.IdentityMapping) (executor.Executor, error) { return &winExecutor{}, nil } @@ -21,3 +23,7 @@ type winExecutor struct { func (e *winExecutor) Exec(ctx context.Context, meta executor.Meta, rootfs cache.Mountable, mounts []executor.Mount, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error { return errors.New("buildkit executor not implemented for windows") } + +func getDNSConfig(config.DNSConfig) *oci.DNSConfig { + return nil +} diff --git a/cmd/dockerd/daemon.go b/cmd/dockerd/daemon.go index e2afe6f80f..6bbf7fccb2 100644 --- a/cmd/dockerd/daemon.go +++ b/cmd/dockerd/daemon.go @@ -319,6 +319,7 @@ func newRouterOptions(config *config.Config, d *daemon.Daemon) (routerOptions, e BuilderConfig: config.Builder, Rootless: d.Rootless(), IdentityMapping: d.IdentityMapping(), + DNSConfig: config.DNSConfig, }) if err != nil { return opts, err diff --git a/daemon/config/config.go b/daemon/config/config.go index 80ecbbd955..3b23d7aecb 100644 --- a/daemon/config/config.go +++ b/daemon/config/config.go @@ -109,6 +109,13 @@ type CommonTLSOptions struct { KeyFile string `json:"tlskey,omitempty"` } +// DNSConfig defines the DNS configurations. +type DNSConfig struct { + DNS []string `json:"dns,omitempty"` + DNSOptions []string `json:"dns-opts,omitempty"` + DNSSearch []string `json:"dns-search,omitempty"` +} + // CommonConfig defines the configuration of a docker daemon which is // common across platforms. // It includes json tags to deserialize configuration from a file @@ -119,9 +126,6 @@ type CommonConfig struct { AutoRestart bool `json:"-"` Context map[string][]string `json:"-"` DisableBridge bool `json:"-"` - DNS []string `json:"dns,omitempty"` - DNSOptions []string `json:"dns-opts,omitempty"` - DNSSearch []string `json:"dns-search,omitempty"` ExecOptions []string `json:"exec-opts,omitempty"` GraphDriver string `json:"storage-driver,omitempty"` GraphOptions []string `json:"storage-opts,omitempty"` @@ -200,6 +204,7 @@ type CommonConfig struct { MetricsAddress string `json:"metrics-addr"` + DNSConfig LogConfig BridgeConfig // bridgeConfig holds bridge network specific configuration. NetworkConfig diff --git a/daemon/config/config_test.go b/daemon/config/config_test.go index 6998ed3312..ec7820b3f3 100644 --- a/daemon/config/config_test.go +++ b/daemon/config/config_test.go @@ -244,28 +244,36 @@ func TestValidateConfigurationErrors(t *testing.T) { { config: &Config{ CommonConfig: CommonConfig{ - DNS: []string{"1.1.1.1o"}, + DNSConfig: DNSConfig{ + DNS: []string{"1.1.1.1o"}, + }, }, }, }, { config: &Config{ CommonConfig: CommonConfig{ - DNS: []string{"2.2.2.2", "1.1.1.1o"}, + DNSConfig: DNSConfig{ + DNS: []string{"2.2.2.2", "1.1.1.1o"}, + }, }, }, }, { config: &Config{ CommonConfig: CommonConfig{ - DNSSearch: []string{"123456"}, + DNSConfig: DNSConfig{ + DNSSearch: []string{"123456"}, + }, }, }, }, { config: &Config{ CommonConfig: CommonConfig{ - DNSSearch: []string{"a.b.c", "123456"}, + DNSConfig: DNSConfig{ + DNSSearch: []string{"a.b.c", "123456"}, + }, }, }, }, @@ -329,14 +337,18 @@ func TestValidateConfiguration(t *testing.T) { { config: &Config{ CommonConfig: CommonConfig{ - DNS: []string{"1.1.1.1"}, + DNSConfig: DNSConfig{ + DNS: []string{"1.1.1.1"}, + }, }, }, }, { config: &Config{ CommonConfig: CommonConfig{ - DNSSearch: []string{"a.b.c"}, + DNSConfig: DNSConfig{ + DNSSearch: []string{"a.b.c"}, + }, }, }, }, diff --git a/vendor.conf b/vendor.conf index 5a0ceb33da..8f8aa4e630 100644 --- a/vendor.conf +++ b/vendor.conf @@ -27,7 +27,7 @@ github.com/imdario/mergo 7c29201646fa3de8506f70121347 golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c # buildkit -github.com/moby/buildkit c24275065aca6605bd83c57c6735510f4ebeb6d9 +github.com/moby/buildkit a258bd18b2c55aac4e8a10a3074757d66d45cef6 github.com/tonistiigi/fsutil 3bbb99cdbd76619ab717299830c60f6f2a533a6b github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746 github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7 diff --git a/vendor/github.com/moby/buildkit/README.md b/vendor/github.com/moby/buildkit/README.md index 1e3ca2df09..0605693caf 100644 --- a/vendor/github.com/moby/buildkit/README.md +++ b/vendor/github.com/moby/buildkit/README.md @@ -299,7 +299,7 @@ Run `make images` to build the images as `moby/buildkit:local` and `moby/buildki If you are running `moby/buildkit:master` or `moby/buildkit:master-rootless` as a Docker/Kubernetes container, you can use special `BUILDKIT_HOST` URL for connecting to the BuildKit daemon in the container: ``` -export BUILDKIT_HOST=docker:// +export BUILDKIT_HOST=docker-container:// ``` ``` diff --git a/vendor/github.com/moby/buildkit/cache/manager.go b/vendor/github.com/moby/buildkit/cache/manager.go index e3522f6599..0c7ec789ed 100644 --- a/vendor/github.com/moby/buildkit/cache/manager.go +++ b/vendor/github.com/moby/buildkit/cache/manager.go @@ -157,14 +157,14 @@ func (cm *cacheManager) get(ctx context.Context, id string, fromSnapshotter bool func (cm *cacheManager) getRecord(ctx context.Context, id string, fromSnapshotter bool, opts ...RefOption) (cr *cacheRecord, retErr error) { if rec, ok := cm.records[id]; ok { if rec.isDead() { - return nil, errNotFound + return nil, errors.Wrapf(errNotFound, "failed to get dead record %s", id) } return rec, nil } md, ok := cm.md.Get(id) if !ok && !fromSnapshotter { - return nil, errNotFound + return nil, errors.WithStack(errNotFound) } if mutableID := getEqualMutable(md); mutableID != "" { mutable, err := cm.getRecord(ctx, mutableID, fromSnapshotter) @@ -222,7 +222,7 @@ func (cm *cacheManager) getRecord(ctx context.Context, id string, fromSnapshotte if err := rec.remove(ctx, true); err != nil { return nil, err } - return nil, errNotFound + return nil, errors.Wrapf(errNotFound, "failed to get deleted record %s", id) } if err := initializeMetadata(rec, opts...); err != nil { @@ -330,14 +330,14 @@ func (cm *cacheManager) Prune(ctx context.Context, ch chan client.UsageInfo, opt func (cm *cacheManager) pruneOnce(ctx context.Context, ch chan client.UsageInfo, opt client.PruneInfo) error { filter, err := filters.ParseAll(opt.Filter...) if err != nil { - return err + return errors.Wrapf(err, "failed to parse prune filters %v", opt.Filter) } var check ExternalRefChecker if f := cm.PruneRefChecker; f != nil && (!opt.All || len(opt.Filter) > 0) { c, err := f() if err != nil { - return err + return errors.WithStack(err) } check = c } @@ -549,7 +549,7 @@ func (cm *cacheManager) markShared(m map[string]*cacheUsageInfo) error { } c, err := cm.PruneRefChecker() if err != nil { - return err + return errors.WithStack(err) } var markAllParentsShared func(string) @@ -590,7 +590,7 @@ type cacheUsageInfo struct { func (cm *cacheManager) DiskUsage(ctx context.Context, opt client.DiskUsageInfo) ([]*client.UsageInfo, error) { filter, err := filters.ParseAll(opt.Filter...) if err != nil { - return nil, err + return nil, errors.Wrapf(err, "failed to parse diskusage filters %v", opt.Filter) } cm.mu.Lock() diff --git a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go index 9da270b4e6..f43da00156 100644 --- a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go +++ b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go @@ -55,7 +55,7 @@ func (s *Store) All() ([]*StorageItem, error) { return nil }) }) - return out, err + return out, errors.WithStack(err) } func (s *Store) Probe(index string) (bool, error) { @@ -77,7 +77,7 @@ func (s *Store) Probe(index string) (bool, error) { } return nil }) - return exists, err + return exists, errors.WithStack(err) } func (s *Store) Search(index string) ([]*StorageItem, error) { @@ -114,7 +114,7 @@ func (s *Store) Search(index string) ([]*StorageItem, error) { } return nil }) - return out, err + return out, errors.WithStack(err) } func (s *Store) View(id string, fn func(b *bolt.Bucket) error) error { @@ -132,7 +132,7 @@ func (s *Store) View(id string, fn func(b *bolt.Bucket) error) error { } func (s *Store) Clear(id string) error { - return s.db.Update(func(tx *bolt.Tx) error { + return errors.WithStack(s.db.Update(func(tx *bolt.Tx) error { external := tx.Bucket([]byte(externalBucket)) if external != nil { external.DeleteBucket([]byte(id)) @@ -160,21 +160,21 @@ func (s *Store) Clear(id string) error { } } return main.DeleteBucket([]byte(id)) - }) + })) } func (s *Store) Update(id string, fn func(b *bolt.Bucket) error) error { - return s.db.Update(func(tx *bolt.Tx) error { + return errors.WithStack(s.db.Update(func(tx *bolt.Tx) error { b, err := tx.CreateBucketIfNotExists([]byte(mainBucket)) if err != nil { - return err + return errors.WithStack(err) } b, err = b.CreateBucketIfNotExists([]byte(id)) if err != nil { - return err + return errors.WithStack(err) } return fn(b) - }) + })) } func (s *Store) Get(id string) (*StorageItem, bool) { @@ -200,7 +200,7 @@ func (s *Store) Get(id string) (*StorageItem, bool) { } func (s *Store) Close() error { - return s.db.Close() + return errors.WithStack(s.db.Close()) } type StorageItem struct { @@ -222,13 +222,13 @@ func newStorageItem(id string, b *bolt.Bucket, s *Store) (*StorageItem, error) { var sv Value if len(v) > 0 { if err := json.Unmarshal(v, &sv); err != nil { - return err + return errors.WithStack(err) } si.values[string(k)] = &sv } return nil }); err != nil { - return si, err + return si, errors.WithStack(err) } } return si, nil @@ -283,23 +283,23 @@ func (s *StorageItem) GetExternal(k string) ([]byte, error) { return nil }) if err != nil { - return nil, err + return nil, errors.WithStack(err) } return dt, nil } func (s *StorageItem) SetExternal(k string, dt []byte) error { - return s.storage.db.Update(func(tx *bolt.Tx) error { + return errors.WithStack(s.storage.db.Update(func(tx *bolt.Tx) error { b, err := tx.CreateBucketIfNotExists([]byte(externalBucket)) if err != nil { - return err + return errors.WithStack(err) } b, err = b.CreateBucketIfNotExists([]byte(s.id)) if err != nil { - return err + return errors.WithStack(err) } return b.Put([]byte(k), dt) - }) + })) } func (s *StorageItem) Queue(fn func(b *bolt.Bucket) error) { @@ -311,15 +311,15 @@ func (s *StorageItem) Queue(fn func(b *bolt.Bucket) error) { func (s *StorageItem) Commit() error { s.mu.Lock() defer s.mu.Unlock() - return s.Update(func(b *bolt.Bucket) error { + return errors.WithStack(s.Update(func(b *bolt.Bucket) error { for _, fn := range s.queue { if err := fn(b); err != nil { - return err + return errors.WithStack(err) } } s.queue = s.queue[:0] return nil - }) + })) } func (s *StorageItem) Indexes() (out []string) { @@ -341,18 +341,18 @@ func (s *StorageItem) SetValue(b *bolt.Bucket, key string, v *Value) error { } dt, err := json.Marshal(v) if err != nil { - return err + return errors.WithStack(err) } if err := b.Put([]byte(key), dt); err != nil { - return err + return errors.WithStack(err) } if v.Index != "" { b, err := b.Tx().CreateBucketIfNotExists([]byte(indexBucket)) if err != nil { - return err + return errors.WithStack(err) } if err := b.Put([]byte(indexKey(v.Index, s.ID())), []byte{}); err != nil { - return err + return errors.WithStack(err) } } s.values[key] = v @@ -367,14 +367,13 @@ type Value struct { func NewValue(v interface{}) (*Value, error) { dt, err := json.Marshal(v) if err != nil { - return nil, err + return nil, errors.WithStack(err) } return &Value{Value: json.RawMessage(dt)}, nil } func (v *Value) Unmarshal(target interface{}) error { - err := json.Unmarshal(v.Value, target) - return err + return errors.WithStack(json.Unmarshal(v.Value, target)) } func indexKey(index, target string) string { diff --git a/vendor/github.com/moby/buildkit/cache/refs.go b/vendor/github.com/moby/buildkit/cache/refs.go index 63d46f2b85..ca839c01dd 100644 --- a/vendor/github.com/moby/buildkit/cache/refs.go +++ b/vendor/github.com/moby/buildkit/cache/refs.go @@ -190,7 +190,7 @@ func (cr *cacheRecord) remove(ctx context.Context, removeSnapshot bool) error { } if removeSnapshot { if err := cr.cm.Snapshotter.Remove(ctx, cr.ID()); err != nil { - return err + return errors.Wrapf(err, "failed to remove %s", cr.ID()) } } if err := cr.cm.md.Clear(cr.ID()); err != nil { @@ -259,7 +259,7 @@ func (sr *immutableRef) release(ctx context.Context) error { if len(sr.refs) == 0 { if sr.viewMount != nil { // TODO: release viewMount earlier if possible if err := sr.cm.Snapshotter.Remove(ctx, sr.view); err != nil { - return err + return errors.Wrapf(err, "failed to remove view %s", sr.view) } sr.view = "" sr.viewMount = nil diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/import.go b/vendor/github.com/moby/buildkit/cache/remotecache/import.go index 6bbee96814..229d45a07b 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/import.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/import.go @@ -100,7 +100,7 @@ func readBlob(ctx context.Context, provider content.Provider, desc ocispec.Descr } } } - return dt, err + return dt, errors.WithStack(err) } func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte, id string, w worker.Worker) (solver.CacheManager, error) { @@ -120,7 +120,7 @@ func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte var m ocispec.Manifest if err := json.Unmarshal(dt, &m); err != nil { - return err + return errors.WithStack(err) } if m.Config.Digest == "" || len(m.Layers) == 0 { @@ -129,13 +129,13 @@ func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte p, err := content.ReadBlob(ctx, ci.provider, m.Config) if err != nil { - return err + return errors.WithStack(err) } var img image if err := json.Unmarshal(p, &img); err != nil { - return err + return errors.WithStack(err) } if len(img.Rootfs.DiffIDs) != len(m.Layers) { @@ -149,7 +149,7 @@ func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte var config v1.CacheConfig if err := json.Unmarshal(img.Cache, &config.Records); err != nil { - return err + return errors.WithStack(err) } createdDates, createdMsg, err := parseCreatedLayerInfo(img) @@ -181,7 +181,7 @@ func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte dt, err = json.Marshal(config) if err != nil { - return err + return errors.WithStack(err) } mu.Lock() @@ -217,7 +217,7 @@ func (ci *contentCacheImporter) allDistributionManifests(ctx context.Context, dt case images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex: var index ocispec.Index if err := json.Unmarshal(dt, &index); err != nil { - return err + return errors.WithStack(err) } for _, d := range index.Manifests { @@ -226,7 +226,7 @@ func (ci *contentCacheImporter) allDistributionManifests(ctx context.Context, dt } p, err := content.ReadBlob(ctx, ci.provider, d) if err != nil { - return err + return errors.WithStack(err) } if err := ci.allDistributionManifests(ctx, p, m); err != nil { return err diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go index 2061ffc072..605b6d634c 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go @@ -254,7 +254,7 @@ func (cs *cacheResultStorage) Load(ctx context.Context, res solver.CacheResult) ref, err := cs.w.FromRemote(ctx, item.result) if err != nil { - return nil, err + return nil, errors.Wrap(err, "failed to load result from remote") } return worker.NewWorkerRefResult(ref, cs.w), nil } diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go index 26b4050194..79adf014af 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go @@ -12,7 +12,7 @@ import ( func Parse(configJSON []byte, provider DescriptorProvider, t solver.CacheExporterTarget) error { var config CacheConfig if err := json.Unmarshal(configJSON, &config); err != nil { - return err + return errors.WithStack(err) } return ParseConfig(config, provider, t) diff --git a/vendor/github.com/moby/buildkit/cache/util/fsutil.go b/vendor/github.com/moby/buildkit/cache/util/fsutil.go index b7aa6730d6..41e5465f7f 100644 --- a/vendor/github.com/moby/buildkit/cache/util/fsutil.go +++ b/vendor/github.com/moby/buildkit/cache/util/fsutil.go @@ -61,23 +61,23 @@ func ReadFile(ctx context.Context, ref cache.ImmutableRef, req ReadRequest) ([]b err := withMount(ctx, ref, func(root string) error { fp, err := fs.RootPath(root, req.Filename) if err != nil { - return err + return errors.WithStack(err) } if req.Range == nil { dt, err = ioutil.ReadFile(fp) if err != nil { - return err + return errors.WithStack(err) } } else { f, err := os.Open(fp) if err != nil { - return err + return errors.WithStack(err) } dt, err = ioutil.ReadAll(io.NewSectionReader(f, int64(req.Range.Offset), int64(req.Range.Length))) f.Close() if err != nil { - return err + return errors.WithStack(err) } } return nil @@ -101,7 +101,7 @@ func ReadDir(ctx context.Context, ref cache.ImmutableRef, req ReadDirRequest) ([ err := withMount(ctx, ref, func(root string) error { fp, err := fs.RootPath(root, req.Path) if err != nil { - return err + return errors.WithStack(err) } return fsutil.Walk(ctx, fp, &wo, func(path string, info os.FileInfo, err error) error { if err != nil { @@ -128,10 +128,10 @@ func StatFile(ctx context.Context, ref cache.ImmutableRef, path string) (*fstype err := withMount(ctx, ref, func(root string) error { fp, err := fs.RootPath(root, path) if err != nil { - return err + return errors.WithStack(err) } if st, err = fsutil.Stat(fp); err != nil { - return err + return errors.WithStack(err) } return nil }) diff --git a/vendor/github.com/moby/buildkit/client/llb/exec.go b/vendor/github.com/moby/buildkit/client/llb/exec.go index 8e2d1d4c9d..ade992780e 100644 --- a/vendor/github.com/moby/buildkit/client/llb/exec.go +++ b/vendor/github.com/moby/buildkit/client/llb/exec.go @@ -427,11 +427,13 @@ func Security(s pb.SecurityMode) RunOption { } func Shlex(str string) RunOption { - return Shlexf(str) + return runOptionFunc(func(ei *ExecInfo) { + ei.State = shlexf(str, false)(ei.State) + }) } func Shlexf(str string, v ...interface{}) RunOption { return runOptionFunc(func(ei *ExecInfo) { - ei.State = shlexf(str, v...)(ei.State) + ei.State = shlexf(str, true, v...)(ei.State) }) } @@ -442,7 +444,9 @@ func Args(a []string) RunOption { } func AddEnv(key, value string) RunOption { - return AddEnvf(key, value) + return runOptionFunc(func(ei *ExecInfo) { + ei.State = ei.State.AddEnv(key, value) + }) } func AddEnvf(key, value string, v ...interface{}) RunOption { @@ -458,7 +462,9 @@ func User(str string) RunOption { } func Dir(str string) RunOption { - return Dirf(str) + return runOptionFunc(func(ei *ExecInfo) { + ei.State = ei.State.Dir(str) + }) } func Dirf(str string, v ...interface{}) RunOption { return runOptionFunc(func(ei *ExecInfo) { diff --git a/vendor/github.com/moby/buildkit/client/llb/meta.go b/vendor/github.com/moby/buildkit/client/llb/meta.go index 78a2473070..54b14c4c42 100644 --- a/vendor/github.com/moby/buildkit/client/llb/meta.go +++ b/vendor/github.com/moby/buildkit/client/llb/meta.go @@ -24,19 +24,24 @@ var ( keySecurity = contextKeyT("llb.security") ) -func addEnvf(key, value string, v ...interface{}) StateOption { +func addEnvf(key, value string, replace bool, v ...interface{}) StateOption { + if replace { + value = fmt.Sprintf(value, v...) + } return func(s State) State { - return s.WithValue(keyEnv, getEnv(s).AddOrReplace(key, fmt.Sprintf(value, v...))) + return s.WithValue(keyEnv, getEnv(s).AddOrReplace(key, value)) } } func dir(str string) StateOption { - return dirf(str) + return dirf(str, false) } -func dirf(str string, v ...interface{}) StateOption { +func dirf(value string, replace bool, v ...interface{}) StateOption { + if replace { + value = fmt.Sprintf(value, v...) + } return func(s State) State { - value := fmt.Sprintf(str, v...) if !path.IsAbs(value) { prev := getDir(s) if prev == "" { @@ -100,9 +105,12 @@ func args(args ...string) StateOption { } } -func shlexf(str string, v ...interface{}) StateOption { +func shlexf(str string, replace bool, v ...interface{}) StateOption { + if replace { + str = fmt.Sprintf(str, v...) + } return func(s State) State { - arg, err := shlex.Split(fmt.Sprintf(str, v...)) + arg, err := shlex.Split(str) if err != nil { // TODO: handle error } diff --git a/vendor/github.com/moby/buildkit/client/llb/state.go b/vendor/github.com/moby/buildkit/client/llb/state.go index 928242af94..ba8845e086 100644 --- a/vendor/github.com/moby/buildkit/client/llb/state.go +++ b/vendor/github.com/moby/buildkit/client/llb/state.go @@ -240,18 +240,18 @@ func (s State) File(a *FileAction, opts ...ConstraintsOpt) State { } func (s State) AddEnv(key, value string) State { - return s.AddEnvf(key, value) + return addEnvf(key, value, false)(s) } func (s State) AddEnvf(key, value string, v ...interface{}) State { - return addEnvf(key, value, v...)(s) + return addEnvf(key, value, true, v...)(s) } func (s State) Dir(str string) State { - return s.Dirf(str) + return dirf(str, false)(s) } func (s State) Dirf(str string, v ...interface{}) State { - return dirf(str, v...)(s) + return dirf(str, true, v...)(s) } func (s State) GetEnv(key string) (string, bool) { diff --git a/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go b/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go index 422f1ab962..3d568f7b5d 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go +++ b/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go @@ -8,6 +8,7 @@ import ( "github.com/docker/docker/pkg/idtools" "github.com/docker/libnetwork/resolvconf" + "github.com/docker/libnetwork/types" "github.com/moby/buildkit/util/flightcontrol" ) @@ -15,7 +16,13 @@ var g flightcontrol.Group var notFirstRun bool var lastNotEmpty bool -func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.IdentityMapping) (string, error) { +type DNSConfig struct { + Nameservers []string + Options []string + SearchDomains []string +} + +func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.IdentityMapping, dns *DNSConfig) (string, error) { p := filepath.Join(stateDir, "resolv.conf") _, err := g.Do(ctx, stateDir, func(ctx context.Context) (interface{}, error) { generate := !notFirstRun @@ -61,9 +68,34 @@ func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.Identity dt = f.Content } - f, err = resolvconf.FilterResolvDNS(dt, true) - if err != nil { - return "", err + if dns != nil { + var ( + dnsNameservers = resolvconf.GetNameservers(dt, types.IP) + dnsSearchDomains = resolvconf.GetSearchDomains(dt) + dnsOptions = resolvconf.GetOptions(dt) + ) + if len(dns.Nameservers) > 0 { + dnsNameservers = dns.Nameservers + } + if len(dns.SearchDomains) > 0 { + dnsSearchDomains = dns.SearchDomains + } + if len(dns.Options) > 0 { + dnsOptions = dns.Options + } + + f, err = resolvconf.Build(p+".tmp", dnsNameservers, dnsSearchDomains, dnsOptions) + if err != nil { + return "", err + } + } else { + // Logic seems odd here: why are we filtering localhost IPs + // only if neither of the DNS configs were specified? + // Logic comes from https://github.com/docker/libnetwork/blob/164a77ee6d24fb2b1d61f8ad3403a51d8453899e/sandbox_dns_unix.go#L230-L269 + f, err = resolvconf.FilterResolvDNS(f.Content, true) + if err != nil { + return "", err + } } tmpPath := p + ".tmp" diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec.go b/vendor/github.com/moby/buildkit/executor/oci/spec.go new file mode 100644 index 0000000000..9329fa90ba --- /dev/null +++ b/vendor/github.com/moby/buildkit/executor/oci/spec.go @@ -0,0 +1,13 @@ +package oci + +// ProcMode configures PID namespaces +type ProcessMode int + +const ( + // ProcessSandbox unshares pidns and mount procfs. + ProcessSandbox ProcessMode = iota + // NoProcessSandbox uses host pidns and bind-mount procfs. + // Note that NoProcessSandbox allows build containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace. + // NoProcessSandbox should be enabled only when the BuildKit is running in a container as an unprivileged user. + NoProcessSandbox +) diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go index 0d12a18ddd..fb4f34a439 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go +++ b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go @@ -27,18 +27,6 @@ import ( // Ideally we don't have to import whole containerd just for the default spec -// ProcMode configures PID namespaces -type ProcessMode int - -const ( - // ProcessSandbox unshares pidns and mount procfs. - ProcessSandbox ProcessMode = iota - // NoProcessSandbox uses host pidns and bind-mount procfs. - // Note that NoProcessSandbox allows build containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace. - // NoProcessSandbox should be enabled only when the BuildKit is running in a container as an unprivileged user. - NoProcessSandbox -) - // GenerateSpec generates spec using containerd functionality. // opts are ignored for s.Process, s.Hostname, and s.Mounts . func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, id, resolvConf, hostsFile string, namespace network.Namespace, processMode ProcessMode, idmap *idtools.IdentityMapping, opts ...oci.SpecOpts) (*specs.Spec, func(), error) { diff --git a/vendor/github.com/moby/buildkit/executor/oci/user.go b/vendor/github.com/moby/buildkit/executor/oci/user.go index ac5dbebdf2..af64231fe4 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/user.go +++ b/vendor/github.com/moby/buildkit/executor/oci/user.go @@ -20,19 +20,11 @@ func GetUser(ctx context.Context, root, username string) (uint32, uint32, []uint return uid, gid, nil, nil } - passwdPath, err := user.GetPasswdPath() - if err != nil { - return 0, 0, nil, err - } - groupPath, err := user.GetGroupPath() - if err != nil { - return 0, 0, nil, err - } - passwdFile, err := openUserFile(root, passwdPath) + passwdFile, err := openUserFile(root, "/etc/passwd") if err == nil { defer passwdFile.Close() } - groupFile, err := openUserFile(root, groupPath) + groupFile, err := openUserFile(root, "/etc/group") if err == nil { defer groupFile.Close() } diff --git a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go index 680bc7b346..741c8b8978 100644 --- a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go +++ b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go @@ -43,6 +43,7 @@ type Opt struct { IdentityMapping *idtools.IdentityMapping // runc run --no-pivot (unrecommended) NoPivot bool + DNS *oci.DNSConfig } var defaultCommandCandidates = []string{"buildkit-runc", "runc"} @@ -57,6 +58,7 @@ type runcExecutor struct { processMode oci.ProcessMode idmap *idtools.IdentityMapping noPivot bool + dns *oci.DNSConfig } func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Executor, error) { @@ -115,6 +117,7 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex processMode: opt.ProcessMode, idmap: opt.IdentityMapping, noPivot: opt.NoPivot, + dns: opt.DNS, } return w, nil } @@ -134,7 +137,7 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache. logrus.Info("enabling HostNetworking") } - resolvConf, err := oci.GetResolvConf(ctx, w.root, w.idmap) + resolvConf, err := oci.GetResolvConf(ctx, w.root, w.idmap, w.dns) if err != nil { return err } diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go index 6af3bab3c0..787956beaf 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go @@ -50,8 +50,8 @@ const ( keyContextSubDir = "contextsubdir" ) -var httpPrefix = regexp.MustCompile("^https?://") -var gitUrlPathWithFragmentSuffix = regexp.MustCompile("\\.git(?:#.+)?$") +var httpPrefix = regexp.MustCompile(`^https?://`) +var gitUrlPathWithFragmentSuffix = regexp.MustCompile(`\.git(?:#.+)?$`) func Build(ctx context.Context, c client.Client) (*client.Result, error) { opts := c.BuildOpts().Opts diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go b/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go index b39b280816..1a1ff07571 100644 --- a/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go +++ b/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go @@ -128,7 +128,7 @@ func (c *grpcClient) Run(ctx context.Context, f client.BuildFunc) (retError erro } } if retError != nil { - st, _ := status.FromError(retError) + st, _ := status.FromError(errors.Cause(retError)) stp := st.Proto() req.Error = &rpc.Status{ Code: stp.Code, diff --git a/vendor/github.com/moby/buildkit/session/auth/auth.go b/vendor/github.com/moby/buildkit/session/auth/auth.go index 2b96a7cef1..5717455f8e 100644 --- a/vendor/github.com/moby/buildkit/session/auth/auth.go +++ b/vendor/github.com/moby/buildkit/session/auth/auth.go @@ -4,6 +4,7 @@ import ( "context" "github.com/moby/buildkit/session" + "github.com/pkg/errors" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -16,10 +17,10 @@ func CredentialsFunc(ctx context.Context, c session.Caller) func(string) (string Host: host, }) if err != nil { - if st, ok := status.FromError(err); ok && st.Code() == codes.Unimplemented { + if st, ok := status.FromError(errors.Cause(err)); ok && st.Code() == codes.Unimplemented { return "", "", nil } - return "", "", err + return "", "", errors.WithStack(err) } return resp.Username, resp.Secret, nil } diff --git a/vendor/github.com/moby/buildkit/session/content/caller.go b/vendor/github.com/moby/buildkit/session/content/caller.go index ef7a24ec79..70e82130d7 100644 --- a/vendor/github.com/moby/buildkit/session/content/caller.go +++ b/vendor/github.com/moby/buildkit/session/content/caller.go @@ -9,6 +9,7 @@ import ( "github.com/moby/buildkit/session" digest "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/pkg/errors" "google.golang.org/grpc/metadata" ) @@ -31,47 +32,53 @@ func (cs *callerContentStore) choose(ctx context.Context) context.Context { func (cs *callerContentStore) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) { ctx = cs.choose(ctx) - return cs.store.Info(ctx, dgst) + info, err := cs.store.Info(ctx, dgst) + return info, errors.WithStack(err) } func (cs *callerContentStore) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) { ctx = cs.choose(ctx) - return cs.store.Update(ctx, info, fieldpaths...) + info, err := cs.store.Update(ctx, info, fieldpaths...) + return info, errors.WithStack(err) } func (cs *callerContentStore) Walk(ctx context.Context, fn content.WalkFunc, fs ...string) error { ctx = cs.choose(ctx) - return cs.store.Walk(ctx, fn, fs...) + return errors.WithStack(cs.store.Walk(ctx, fn, fs...)) } func (cs *callerContentStore) Delete(ctx context.Context, dgst digest.Digest) error { ctx = cs.choose(ctx) - return cs.store.Delete(ctx, dgst) + return errors.WithStack(cs.store.Delete(ctx, dgst)) } func (cs *callerContentStore) ListStatuses(ctx context.Context, fs ...string) ([]content.Status, error) { ctx = cs.choose(ctx) - return cs.store.ListStatuses(ctx, fs...) + resp, err := cs.store.ListStatuses(ctx, fs...) + return resp, errors.WithStack(err) } func (cs *callerContentStore) Status(ctx context.Context, ref string) (content.Status, error) { ctx = cs.choose(ctx) - return cs.store.Status(ctx, ref) + st, err := cs.store.Status(ctx, ref) + return st, errors.WithStack(err) } func (cs *callerContentStore) Abort(ctx context.Context, ref string) error { ctx = cs.choose(ctx) - return cs.store.Abort(ctx, ref) + return errors.WithStack(cs.store.Abort(ctx, ref)) } func (cs *callerContentStore) Writer(ctx context.Context, opts ...content.WriterOpt) (content.Writer, error) { ctx = cs.choose(ctx) - return cs.store.Writer(ctx, opts...) + w, err := cs.store.Writer(ctx, opts...) + return w, errors.WithStack(err) } func (cs *callerContentStore) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) { ctx = cs.choose(ctx) - return cs.store.ReaderAt(ctx, desc) + ra, err := cs.store.ReaderAt(ctx, desc) + return ra, errors.WithStack(err) } // NewCallerStore creates content.Store from session.Caller with specified storeID diff --git a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go index 6934f9464f..b82e3fc1c9 100644 --- a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go +++ b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go @@ -14,7 +14,7 @@ import ( ) func sendDiffCopy(stream grpc.Stream, fs fsutil.FS, progress progressCb) error { - return fsutil.Send(stream.Context(), stream, fs, progress) + return errors.WithStack(fsutil.Send(stream.Context(), stream, fs, progress)) } func newStreamWriter(stream grpc.ClientStream) io.WriteCloser { @@ -29,7 +29,7 @@ type bufferedWriteCloser struct { func (bwc *bufferedWriteCloser) Close() error { if err := bwc.Writer.Flush(); err != nil { - return err + return errors.WithStack(err) } return bwc.Closer.Close() } @@ -40,19 +40,19 @@ type streamWriterCloser struct { func (wc *streamWriterCloser) Write(dt []byte) (int, error) { if err := wc.ClientStream.SendMsg(&BytesMessage{Data: dt}); err != nil { - return 0, err + return 0, errors.WithStack(err) } return len(dt), nil } func (wc *streamWriterCloser) Close() error { if err := wc.ClientStream.CloseSend(); err != nil { - return err + return errors.WithStack(err) } // block until receiver is done var bm BytesMessage if err := wc.ClientStream.RecvMsg(&bm); err != io.EOF { - return err + return errors.WithStack(err) } return nil } @@ -69,19 +69,19 @@ func recvDiffCopy(ds grpc.Stream, dest string, cu CacheUpdater, progress progres cf = cu.HandleChange ch = cu.ContentHasher() } - return fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{ + return errors.WithStack(fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{ NotifyHashed: cf, ContentHasher: ch, ProgressCb: progress, Filter: fsutil.FilterFunc(filter), - }) + })) } func syncTargetDiffCopy(ds grpc.Stream, dest string) error { if err := os.MkdirAll(dest, 0700); err != nil { - return err + return errors.Wrapf(err, "failed to create synctarget dest dir %s", dest) } - return fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{ + return errors.WithStack(fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{ Merge: true, Filter: func() func(string, *fstypes.Stat) bool { uid := os.Getuid() @@ -92,7 +92,7 @@ func syncTargetDiffCopy(ds grpc.Stream, dest string) error { return true } }(), - }) + })) } func writeTargetFile(ds grpc.Stream, wc io.WriteCloser) error { @@ -102,10 +102,10 @@ func writeTargetFile(ds grpc.Stream, wc io.WriteCloser) error { if errors.Cause(err) == io.EOF { return nil } - return err + return errors.WithStack(err) } if _, err := wc.Write(bm.Data); err != nil { - return err + return errors.WithStack(err) } } } diff --git a/vendor/github.com/moby/buildkit/session/filesync/filesync.go b/vendor/github.com/moby/buildkit/session/filesync/filesync.go index de5237b1f1..b345569bf0 100644 --- a/vendor/github.com/moby/buildkit/session/filesync/filesync.go +++ b/vendor/github.com/moby/buildkit/session/filesync/filesync.go @@ -275,7 +275,7 @@ func CopyToCaller(ctx context.Context, fs fsutil.FS, c session.Caller, progress cc, err := client.DiffCopy(ctx) if err != nil { - return err + return errors.WithStack(err) } return sendDiffCopy(cc, fs, progress) @@ -291,7 +291,7 @@ func CopyFileWriter(ctx context.Context, c session.Caller) (io.WriteCloser, erro cc, err := client.DiffCopy(ctx) if err != nil { - return nil, err + return nil, errors.WithStack(err) } return newStreamWriter(cc), nil diff --git a/vendor/github.com/moby/buildkit/session/secrets/secrets.go b/vendor/github.com/moby/buildkit/session/secrets/secrets.go index 6cfda18bb9..3f3bb64483 100644 --- a/vendor/github.com/moby/buildkit/session/secrets/secrets.go +++ b/vendor/github.com/moby/buildkit/session/secrets/secrets.go @@ -21,10 +21,10 @@ func GetSecret(ctx context.Context, c session.Caller, id string) ([]byte, error) ID: id, }) if err != nil { - if st, ok := status.FromError(err); ok && (st.Code() == codes.Unimplemented || st.Code() == codes.NotFound) { + if st, ok := status.FromError(errors.Cause(err)); ok && (st.Code() == codes.Unimplemented || st.Code() == codes.NotFound) { return nil, errors.Wrapf(ErrNotFound, "secret %s not found", id) } - return nil, err + return nil, errors.WithStack(err) } return resp.Data, nil } diff --git a/vendor/github.com/moby/buildkit/session/sshforward/copy.go b/vendor/github.com/moby/buildkit/session/sshforward/copy.go index c101f3b455..c2763fa452 100644 --- a/vendor/github.com/moby/buildkit/session/sshforward/copy.go +++ b/vendor/github.com/moby/buildkit/session/sshforward/copy.go @@ -3,6 +3,7 @@ package sshforward import ( io "io" + "github.com/pkg/errors" context "golang.org/x/net/context" "golang.org/x/sync/errgroup" "google.golang.org/grpc" @@ -19,7 +20,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro return nil } conn.Close() - return err + return errors.WithStack(err) } select { case <-ctx.Done(): @@ -29,7 +30,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro } if _, err := conn.Write(p.Data); err != nil { conn.Close() - return err + return errors.WithStack(err) } p.Data = p.Data[:0] } @@ -43,7 +44,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro case err == io.EOF: return nil case err != nil: - return err + return errors.WithStack(err) } select { case <-ctx.Done(): @@ -52,7 +53,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro } p := &BytesMessage{Data: buf[:n]} if err := stream.SendMsg(p); err != nil { - return err + return errors.WithStack(err) } } }) diff --git a/vendor/github.com/moby/buildkit/session/sshforward/ssh.go b/vendor/github.com/moby/buildkit/session/sshforward/ssh.go index a4effef604..660e89f7f1 100644 --- a/vendor/github.com/moby/buildkit/session/sshforward/ssh.go +++ b/vendor/github.com/moby/buildkit/session/sshforward/ssh.go @@ -7,6 +7,7 @@ import ( "path/filepath" "github.com/moby/buildkit/session" + "github.com/pkg/errors" context "golang.org/x/net/context" "golang.org/x/sync/errgroup" "google.golang.org/grpc/metadata" @@ -65,7 +66,7 @@ type SocketOpt struct { func MountSSHSocket(ctx context.Context, c session.Caller, opt SocketOpt) (sockPath string, closer func() error, err error) { dir, err := ioutil.TempDir("", ".buildkit-ssh-sock") if err != nil { - return "", nil, err + return "", nil, errors.WithStack(err) } defer func() { @@ -78,16 +79,16 @@ func MountSSHSocket(ctx context.Context, c session.Caller, opt SocketOpt) (sockP l, err := net.Listen("unix", sockPath) if err != nil { - return "", nil, err + return "", nil, errors.WithStack(err) } if err := os.Chown(sockPath, opt.UID, opt.GID); err != nil { l.Close() - return "", nil, err + return "", nil, errors.WithStack(err) } if err := os.Chmod(sockPath, os.FileMode(opt.Mode)); err != nil { l.Close() - return "", nil, err + return "", nil, errors.WithStack(err) } s := &server{caller: c} @@ -102,12 +103,12 @@ func MountSSHSocket(ctx context.Context, c session.Caller, opt SocketOpt) (sockP return sockPath, func() error { err := l.Close() os.RemoveAll(sockPath) - return err + return errors.WithStack(err) }, nil } func CheckSSHID(ctx context.Context, c session.Caller, id string) error { client := NewSSHClient(c.Conn()) _, err := client.CheckAgent(ctx, &CheckAgentRequest{ID: id}) - return err + return errors.WithStack(err) } diff --git a/vendor/github.com/moby/buildkit/session/upload/upload.go b/vendor/github.com/moby/buildkit/session/upload/upload.go index 8d69bde259..c739b92d81 100644 --- a/vendor/github.com/moby/buildkit/session/upload/upload.go +++ b/vendor/github.com/moby/buildkit/session/upload/upload.go @@ -6,6 +6,7 @@ import ( "net/url" "github.com/moby/buildkit/session" + "github.com/pkg/errors" "google.golang.org/grpc/metadata" ) @@ -26,7 +27,7 @@ func New(ctx context.Context, c session.Caller, url *url.URL) (*Upload, error) { cc, err := client.Pull(ctx) if err != nil { - return nil, err + return nil, errors.WithStack(err) } return &Upload{cc: cc}, nil @@ -44,12 +45,12 @@ func (u *Upload) WriteTo(w io.Writer) (int, error) { if err == io.EOF { return n, nil } - return n, err + return n, errors.WithStack(err) } nn, err := w.Write(bm.Data) n += nn if err != nil { - return n, err + return n, errors.WithStack(err) } } } diff --git a/vendor/github.com/moby/buildkit/solver/edge.go b/vendor/github.com/moby/buildkit/solver/edge.go index beee0a8dca..b809652c47 100644 --- a/vendor/github.com/moby/buildkit/solver/edge.go +++ b/vendor/github.com/moby/buildkit/solver/edge.go @@ -331,7 +331,8 @@ func (e *edge) unpark(incoming []pipe.Sender, updates, allPipes []pipe.Receiver, if e.cacheMapReq == nil && (e.cacheMap == nil || len(e.cacheRecords) == 0) { index := e.cacheMapIndex e.cacheMapReq = f.NewFuncRequest(func(ctx context.Context) (interface{}, error) { - return e.op.CacheMap(ctx, index) + cm, err := e.op.CacheMap(ctx, index) + return cm, errors.Wrap(err, "failed to load cache key") }) cacheMapReq = true } @@ -798,7 +799,8 @@ func (e *edge) createInputRequests(desiredState edgeStatusType, f *pipeFactory, res := dep.result func(fn ResultBasedCacheFunc, res Result, index Index) { dep.slowCacheReq = f.NewFuncRequest(func(ctx context.Context) (interface{}, error) { - return e.op.CalcSlowCache(ctx, index, fn, res) + v, err := e.op.CalcSlowCache(ctx, index, fn, res) + return v, errors.Wrap(err, "failed to compute cache key") }) }(fn, res, dep.index) addedNew = true @@ -850,7 +852,7 @@ func (e *edge) loadCache(ctx context.Context) (interface{}, error) { logrus.Debugf("load cache for %s with %s", e.edge.Vertex.Name(), rec.ID) res, err := e.op.LoadCache(ctx, rec) if err != nil { - return nil, err + return nil, errors.Wrap(err, "failed to load cache") } return NewCachedResult(res, []ExportableCacheKey{{CacheKey: rec.key, Exporter: &exporter{k: rec.key, record: rec, edge: e}}}), nil @@ -861,7 +863,7 @@ func (e *edge) execOp(ctx context.Context) (interface{}, error) { cacheKeys, inputs := e.commitOptions() results, subExporters, err := e.op.Exec(ctx, toResultSlice(inputs)) if err != nil { - return nil, err + return nil, errors.WithStack(err) } index := e.edge.Index diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go index 137c8acf56..e5d362d80c 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go @@ -94,11 +94,11 @@ func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest) (res * edge, err := Load(req.Definition, ValidateEntitlements(ent), WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps()) if err != nil { - return nil, err + return nil, errors.Wrap(err, "failed to load LLB") } ref, err := b.builder.Build(ctx, edge) if err != nil { - return nil, err + return nil, errors.Wrap(err, "failed to build LLB") } res = &frontend.Result{Ref: ref} @@ -109,7 +109,7 @@ func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest) (res * } res, err = f.Solve(ctx, b, req.FrontendOpt) if err != nil { - return nil, err + return nil, errors.Wrapf(err, "failed to solve with frontend %s", req.Frontend) } } else { return &frontend.Result{}, nil diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go index 4b0300497b..3c49903794 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go @@ -10,6 +10,7 @@ import ( "github.com/moby/buildkit/frontend" "github.com/moby/buildkit/snapshot" "github.com/moby/buildkit/solver" + "github.com/moby/buildkit/solver/llbsolver" "github.com/moby/buildkit/solver/pb" "github.com/moby/buildkit/worker" digest "github.com/opencontainers/go-digest" @@ -25,6 +26,9 @@ type buildOp struct { } func NewBuildOp(v solver.Vertex, op *pb.Op_Build, b frontend.FrontendLLBBridge, _ worker.Worker) (solver.Op, error) { + if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil { + return nil, err + } return &buildOp{ op: op.Build, b: b, diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go index 00f0f128d4..99902a8332 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go @@ -60,6 +60,9 @@ type execOp struct { } func NewExecOp(v solver.Vertex, op *pb.Op_Exec, platform *pb.Platform, cm cache.Manager, sm *session.Manager, md *metadata.Store, exec executor.Executor, w worker.Worker) (solver.Op, error) { + if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil { + return nil, err + } return &execOp{ op: op.Exec, cm: cm, @@ -324,7 +327,7 @@ func (e *execOp) getSSHMountable(ctx context.Context, m *pb.Mount) (cache.Mounta if m.SSHOpt.Optional { return nil, nil } - if st, ok := status.FromError(err); ok && st.Code() == codes.Unimplemented { + if st, ok := status.FromError(errors.Cause(err)); ok && st.Code() == codes.Unimplemented { return nil, errors.Errorf("no SSH key %q forwarded from the client", m.SSHOpt.ID) } return nil, err diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go index 23bcad4d6c..5a37411a28 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go @@ -35,6 +35,9 @@ type fileOp struct { } func NewFileOp(v solver.Vertex, op *pb.Op_File, cm cache.Manager, md *metadata.Store, w worker.Worker) (solver.Op, error) { + if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil { + return nil, err + } return &fileOp{ op: op.File, md: md, diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go index c0cb3c184f..f0a8cf8a59 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go @@ -7,6 +7,7 @@ import ( "github.com/moby/buildkit/session" "github.com/moby/buildkit/solver" + "github.com/moby/buildkit/solver/llbsolver" "github.com/moby/buildkit/solver/pb" "github.com/moby/buildkit/source" "github.com/moby/buildkit/worker" @@ -26,6 +27,9 @@ type sourceOp struct { } func NewSourceOp(_ solver.Vertex, op *pb.Op_Source, platform *pb.Platform, sm *source.Manager, sessM *session.Manager, w worker.Worker) (solver.Op, error) { + if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil { + return nil, err + } return &sourceOp{ op: op, sm: sm, diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go index 3152c57e8f..9187546167 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go @@ -188,8 +188,15 @@ func loadLLB(def *pb.Definition, fn func(digest.Digest, *pb.Op, func(digest.Dige allOps[dgst] = &op } + if len(allOps) < 2 { + return solver.Edge{}, errors.Errorf("invalid LLB with %d vertexes", len(allOps)) + } + lastOp := allOps[dgst] delete(allOps, dgst) + if len(lastOp.Inputs) == 0 { + return solver.Edge{}, errors.Errorf("invalid LLB with no inputs on last vertex") + } dgst = lastOp.Inputs[0].Digest cache := make(map[digest.Digest]solver.Vertex) @@ -203,6 +210,11 @@ func loadLLB(def *pb.Definition, fn func(digest.Digest, *pb.Op, func(digest.Dige if !ok { return nil, errors.Errorf("invalid missing input digest %s", dgst) } + + if err := ValidateOp(op); err != nil { + return nil, err + } + v, err := fn(dgst, op, rec) if err != nil { return nil, err @@ -240,6 +252,55 @@ func llbOpName(op *pb.Op) string { } } +func ValidateOp(op *pb.Op) error { + if op == nil { + return errors.Errorf("invalid nil op") + } + + switch op := op.Op.(type) { + case *pb.Op_Source: + if op.Source == nil { + return errors.Errorf("invalid nil source op") + } + case *pb.Op_Exec: + if op.Exec == nil { + return errors.Errorf("invalid nil exec op") + } + if op.Exec.Meta == nil { + return errors.Errorf("invalid exec op with no meta") + } + if len(op.Exec.Meta.Args) == 0 { + return errors.Errorf("invalid exec op with no args") + } + if len(op.Exec.Mounts) == 0 { + return errors.Errorf("invalid exec op with no mounts") + } + + isRoot := false + for _, m := range op.Exec.Mounts { + if m.Dest == pb.RootMount { + isRoot = true + break + } + } + if !isRoot { + return errors.Errorf("invalid exec op with no rootfs") + } + case *pb.Op_File: + if op.File == nil { + return errors.Errorf("invalid nil file op") + } + if len(op.File.Actions) == 0 { + return errors.Errorf("invalid file op with no actions") + } + case *pb.Op_Build: + if op.Build == nil { + return errors.Errorf("invalid nil build op") + } + } + return nil +} + func fileOpName(actions []*pb.FileAction) string { names := make([]string, 0, len(actions)) for _, action := range actions {