diff --git a/_service b/_service
index 615b4c5..068709a 100644
--- a/_service
+++ b/_service
@@ -1,20 +1,20 @@
-
-
+
+
https://github.com/moby/buildkit.git
git
.git
- v0.11.2
+ v0.12.5
@PARENT_TAG@
enable
v(.*)
-
-
+
+
*.tar
zst
-
+
zst
diff --git a/_servicedata b/_servicedata
index 2633ce5..c1d722f 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,7 +1,6 @@
-
https://github.com/moby/buildkit.git
- 944939944ca4cc58a11ace4af714083cfcd9a3c7
+ bac3f2b673f3f9d33e79046008e7a38e856b3dc6
-
+
\ No newline at end of file
diff --git a/buildkit-0.11.2.tar.zst b/buildkit-0.11.2.tar.zst
deleted file mode 100644
index adca7a3..0000000
--- a/buildkit-0.11.2.tar.zst
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1551eb4508575f07a779066db4d4d141ec6a81fdf82619a18fc765b9a96cda3e
-size 5397239
diff --git a/buildkit-0.12.5.tar.zst b/buildkit-0.12.5.tar.zst
new file mode 100644
index 0000000..2fd0b1d
--- /dev/null
+++ b/buildkit-0.12.5.tar.zst
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:73670b7394a72320f7ac5c7dd1994ae089e00eec374ef6268d3fae4af124df77
+size 5898472
diff --git a/buildkit.changes b/buildkit.changes
index 95a55ff..efa1e6f 100644
--- a/buildkit.changes
+++ b/buildkit.changes
@@ -1,3 +1,542 @@
+-------------------------------------------------------------------
+Thu Feb 01 16:36:18 UTC 2024 - dcermak@suse.com
+
+- Update to version 0.12.5:
+ * update runc to v1.1.12
+ * exec: add extra validation for submount sources (fixes CVE-2024-23651, bsc#1219267)
+ * oci: fix error handling on submount calls
+ * executor: recheck mount stub path within root after container run (fixes CVE-2024-23652, bsc#1219268)
+ * llbsolver: make sure interactive container API validates entitlements (fixes CVE-2024-23653, bsc#1219438)
+ * gateway: pass executor with build and not access worker directly
+ * pb: add extra validation to protobuf types
+ * sourcepolicy: add validations for nil values
+ * exporter: add validation for platforms key value
+ * exporter: add validation for invalid platorm
+ * exporter: validate null config metadata from gateway
+ * ci: disable push if not upstream repo
+ * hack: use git context only for upstream repo
+ * hack/test: allow ALPINE_VERSION to be set from env
+ * hack: align syntax
+ * vendor: github.com/cyphar/filepath-securejoin v0.2.4
+ * tracing: allow the `Resource` to be set externally
+
+-------------------------------------------------------------------
+Mon Dec 04 13:14:41 UTC 2023 - fredrik.lonnegren@suse.com
+
+- Update to version 0.12.4:
+ * Fix possible concurrent map access on remote cache export
+ * Fix hang on debug server listener
+ * Fix possible deadlock in History API under high number of parallel builds
+ * Fix possible panic on handling deleted records in History API
+ * Fix possible data corruption in zstd library
+
+- Update to version 0.12.3:
+ * Fix possible duplicate source files in provenance attestation for chained builds
+ * Fix possible negative step time in progressbar for step shared with other build request
+ * Fix properly closing history and cache DB on shutdown to avoid corruption
+ * Fix incorrect error handling for invalid HTTP source URLs
+ * Fix fallback cases for ambiguous insecure configuration provided for registry used as push target.
+ * Fix possible data race with parallel image config resolves
+ * Fix regression in v0.12 for clients waiting on buildkitd to become available
+ * Fix Cgroup NS handling for hosts supporting only CgroupV1
+
+- Update to version 0.12.2:
+ * Fix possible discarded network error when exporting result to client
+ * Avoid unnecessary memory allocations when writing build progress
+
+-------------------------------------------------------------------
+Wed Aug 02 21:37:05 UTC 2023 - elimat@opensuse.org
+
+- Update to version 0.12.1:
+ * executor: fix resource sampler goroutine leak
+ * [v0.11] make tracing socket forward error non-fatal
+ * integration: missing env var to check feature compat
+ * test: update pinned busybox image to 1.36
+ * test: update pinned alpine image to 3.18
+ * vendor: github.com/docker/docker 8e51b8b59cb8 (master, v25.0.0-dev)
+ * executor/resource: stub out NewSysSampler on Windows
+ * vendor: github.com/docker/cli v24.0.4
+ * testutil: move CheckContainerdVersion to a separate package
+ * llbsolver: fix policy rule ordering
+ * filesync: fix backward compatibility with encoding + and %
+ * hack: allow to set GO_VERSION during tests
+ * test: always disable tls for dockerd worker
+ * buildctl: set max backoff delay to 1 second
+ * contenthash: data race
+ * filesync: escape special query characters
+ * applier: add hack to support docker zstd layers
+ * Fix various nits
+ * pullprogress data race
+ * use sampler lock instead
+ * Fix ResolveImageConfig to evaluate source policy
+ * sampler data race fix
+ * update cgroup parent test to work with cgroupns
+ * Revert "specify a `ResponseHeaderTimeout` value"
+ * oci: make sure cgroupns is enabled if supported
+ * bash lint fix
+ * rename BUILDFLAGS to GOBUILDFLAGS
+ * allow ENOTSUP for PSI cgroup files
+ * containerimage: use platform matcher to detect platform to unpack
+ * exporter: silently skip unpacking unknown reference
+ * improve error handling in ReadFile
+ * dockerfile: arg for controlling go build flags
+ * dockerfile: arg to enable go race detection
+ * Add support for health start interval
+ * Re-vendor moby/moby
+ * filesync: mark if options have been encoded to detect old versions
+ * dockerfile: heredoc should use 0644 permissions
+ * docs: update README to reference OpenTelemetry instead of OpenTracing
+ * gateway: restore original filename in ReadFile error message
+ * Dockerfile: update containerd to v1.7.2
+ * Use system.ToSlash() instead of filepath.ToSlash()
+ * Revert most changes to client/llb
+ * Remove Architecture
+ * Default to linux in client
+ * Ensure we use proper path separators
+ * Set default platform
+ * Add nil pointer check in dispatchWorkdir
+ * Remove nil pointer check and extra NormalizePath
+ * Rename variable, remove superfluous check
+ * Use current OS as a default
+ * Handle file paths base on target platform
+ * exporter: unlazy references in parallel
+ * exporter: simplify unlazy references to reduce duplication
+ * exporter: allow unpack on multi-platform images
+ * tests: add unpack to scratch export test
+ * overlay: set whiteout timestamps to 1970-01-01 (not to SOURCE_DATE_EPOCH)
+ * dockerfile: graduate `ADD --checksum=` from labs
+ * dockerfile: graduate `ADD ` from labs
+ * dockerfile: mod-outdated target to check modules updates
+ * dockerfile: use xx in dnsname stage
+ * dockerfile: install musl-dev to fix compilation issue
+ * dockerfile: update Alpine to 3.18
+ * vendor: update fsutil to 36ef4d8
+ * export(local): split opt
+ * buildctl: Provide --wait option
+ * containerimage: support SOURCE_DATE_EPOCH for CreatedAt
+ * move flightcontrol to use generics
+ * containerimage: keep layer labels for exported images
+ * shell: start shell from cmd, not entrypoint
+ * sbom: propogate image-resolve-mode for generator image
+ * client: add extra debug to tests
+ * handle missing provenance for non-evaluated result
+ * tests: add provenance test for duplicate platform
+ * tests: add provenance test for when context directory does not exist
+ * forward: make BridgeClient public for lint
+ * gateway: enable named contexts for gateway frontend
+ * vendor: update vt100 with resize panic fix
+ * docs: dockerfile: remove "known issues" related to AuFS
+ * docs: add running instruction to CONTRIBUTING.md
+ * tests: add worker close method to interface
+ * add and check for gateway.exec.secretenv cap
+ * move Secretenv from Meta to InitMessage
+ * support passing SecretEnv to gateway containers
+ * Add comment, update from review
+ * Fix issue with digest merge (inconsistent graph state)
+ * docs: add helper commands section to CONTRIBUTING.md
+ * docs: update CONTRIBUTING.md whitespace formatting
+ * integration: fix not deleting dockerd workdir
+ * remove uses of deprecated ResolverOptions.Client
+ * filesync: fix handling non-ascii in file paths
+ * tests: add test for unicode filenames
+ * Adding more docs to client/llb
+ * Add special case for rw bind mounts
+ * vendor: github.com/docker/cli v24.0.2
+ * vendor: github.com/docker/docker v24.0.2
+ * progressui: fix index printing on partial rows
+ * gateway: wrap ExecProcessServer Send calls with a mutex
+ * resources: make maxsamples configurable
+ * llbsolver: add systemusage samples to provenance attestation
+ * resources: store sys cpu usage per step
+ * resources: add sampler for periodic stat reads
+ * resources: CNI network usage sampling support
+ * resources: add build step resource tracking via cgroups
+ * solver: lock before using actives
+ * Emulate "bind" mounts using the bind filter
+ * Fix mount layers on host
+ * llbsolver: set temporary lease in Commit context
+ * Update containerd dependency
+ * exporter: Add exptypes with Common exporter keys
+ * exporter/image/exptypes: Make strongly typed
+ * solver: move AddBuildConfig into llbsolver package
+ * tests: add test to check url format for image loaded from oci layout
+ * solver: mark locally loaded images as such
+ * solver: merge local and remote images into single list
+ * purl: allow RefToPURL to take a type parameter
+ * tests: don't use purl code to test itself
+ * Use linux as a default for inputOS
+ * Add path handling functions
+ * response to comments
+ * containerimage: Export option keys
+ * vendor: update spdx/tools-golang to v0.5.1
+ * exporter: remove non dist options from tar exporter
+ * exporter: move fs opt parsing to method
+ * tests: fixup attestation tar to not panic when file not found
+ * git: set umask without reexec
+ * add language property for sourcemap
+ * dockerfile/docs: add set -ex to heredoc #3870
+ * authprovider: fix a bug where registry-1.docker.io auth was always a cache miss
+ * response to comments
+ * tracing: fix buildx tracing delegation
+ * Update continuity and fsutil
+ * cache: add a few more fields to ref trace logs.
+ * vendor: github.com/containerd/go-runc v1.1.0
+ * provenance: fix possible empty digest access
+ * vendor: fix broken vendoring
+ * dockerfile: bump up nerdctl to v1.4.0
+ * bump nydus-snapshotter dependence to v0.8.2
+ * vendor: github.com/docker/cli v24.0.1
+ * vendor: github.com/docker/docker v24.0.1
+ * vendor: github.com/containerd/containerd v1.7.1
+ * vendor: github.com/Microsoft/hcsshim v0.10.0-rc.8
+ * vendor: github.com/Microsoft/go-winio v0.6.1
+ * vendor: golang.org/x/sys v0.7.0
+ * vendor: github.com/containerd/typeurl/v2 v2.1.1
+ * chore: bump spdx tools
+ * Fix typo in attestation-storage.md
+ * vendor: github.com/docker/cli v24.0.0
+ * vendor: github.com/docker/docker v24.0.0
+ * vendor: github.com/opencontainers/runc v1.1.7
+ * vendor: github.com/opencontainers/runtime-spec v1.1.0-rc.2
+ * vendor: github.com/klauspost/compress v1.16.3
+ * Dockerfile: CONTAINERD_VERSION=v1.7.1
+ * Dockerfile: CONTAINERD_ALT_VERSION_16=v1.6.21
+ * Dockerfile: RUNC_VERSION=v1.1.7
+ * session: avoid logging healthcheck error on canceled connection
+ * session: fix run and close synchronization
+ * testutil: update ReadImages to fallback to reading manifest
+ * Add trace logs for cache leaks.
+ * Add some doc strings for LLB functions
+ * attestations: move containerd media type warnings
+ * update generated proto files
+ * attestations: replace intoto media type with vendored const
+ * nydus: bump nydus versions in Dockerfile and doc
+ * feedback changes for moby/buildkit #2251
+ * testutil: expose underlying docker address for supported workers
+ * testutil: expose integration workers as public
+ * remove type aliases for leasemanager/contentstore
+ * llbsolver: move history blobs to a separate namespace
+ * build(deps): bump github.com/docker/distribution
+ * added import/export support for OCI compatible image manifest version of cache manifest (opt-in on export, inferred on import) moby/buildkit #2251
+ * llb: carry platform from inputs for merge/diff
+ * llb: don't include platform in fileop
+ * control: fix possible deadlock on network error
+ * exporter/containerimage: remove redundant type for var declaration
+ * Fix not to set the value on empty vertex
+ * Fix to import as digest
+ * cache: always release ref when getting size in usage.
+ * Drop unneeded variable
+ * ssh: add fallback to ensure conn is closed in all cases.
+ * vendor: github.com/opencontainers/image-spec v1.1.0-rc3
+ * vendor: github.com/docker/cli v23.0.5
+ * vendor: github.com/docker/docker v23.0.5
+ * nydus: update nydus-snapshotter dependency to v0.8.0
+ * progressui: fix possible zero prefix numbers in logs
+ * llbsolver: send active event only to current client
+ * llbsolver: send delete status event
+ * llbsolver: filter out records marked deleted from list responses
+ * Add Windows service support
+ * docs: fixup build repro doc with updated policy format
+ * test: use appropriate snapshotter service to walk snapshots
+ * overlay: use function to check for overlay-based mounts
+ * Update uses of Image platform fields in OCI image-spec
+ * allow setting user agent products
+ * Bump up golangci-lint to v1.52.2
+ * chore: tidy up duplicated imports
+ * solver: Release unused refs in LoadWithParents
+ * Avoid panic on parallel walking on DefinitionOp
+ * solver: skip sbom post processor if result is nil
+ * vendor: github.com/docker/docker v23.0.4
+ * vendor: github.com/docker/cli v23.0.4
+ * vendor: golang.org/x/time v0.3.0
+ * vendor: github.com/docker/cli v23.0.2
+ * vendor: github.com/docker/docker v23.0.2
+ * test: don't hang if a process doesn't run
+ * ci: put worker name first for better UX in actions
+ * go.mod: remove github.com/kr/pretty
+ * Revert "Problem: can't use anonymous S3 credentials"
+ * go.mod: bump up runc to v1.1.6
+ * go.mod: Bump up stargz-snapshotter to v0.14.3
+ * dockerfile: bump up stargz-snapshotter to v0.14.3
+ * dockerfile: bump up runc to v1.1.6
+ * buildkitd: add grpc reflection
+ * Bump up nerdctl to 1.3.0
+ * Bump up containerd 1.6.20
+ * Fix gzip decoding of HTTP sources.
+ * ci: update runner os to ubuntu 22.04
+ * Fix bearer token expiration check (fixes #3779)
+ * docs: update buildkitd.toml with new field info
+ * buildkitd: allow durations for gc config
+ * buildkitd: allow multiple units for gc config
+ * dockerui: expose context detection functions as public
+ * Prevent overflow of runc exit code.
+ * Upgrade to latest go-runc.
+ * runc worker: fix sigkill handling
+ * Dockerfile: RUNC_VERSION=v1.1.5
+ * client: add client opts to enable system certificates
+ * Make ClientOpts type safe
+ * build(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5
+ * fileop: create new fileOpSolver instance per Exec call
+ * Provide CacheManager to Controller instead of CacheKeyManager.
+ * http: ensure HEAD and GET requests have same headers
+ * docs: add auto-generated sections to buildctl.md
+ * client: allow grpc dial option passthrough
+ * cni: simplify netns creation
+ * add Bass to list of LLB languages
+ * llbsolver: fix sorting of history records
+ * llbsolver: Fix performance of recomputeDigests
+ * solve: use comparables instead of reflection in result struct
+ * vendor: github.com/docker/cli v23.0.1
+ * vendor: github.com/docker/docker v23.0.1
+ * client: create oci-layout file in StoreIndex
+ * ci: output annotations for failures
+ * test: set mod vendor
+ * test: use gotestsum to generate reports
+ * fix gateway exec tty cleanup on context.Canceled
+ * fix process termination handling for runc exec
+ * Register builds before recording build history
+ * docs(dockerfile): minimal Dockerfile version support for chmod
+ * Update builder.md to document newly supported --chmod features in both ADD and COPY statements.
+ * use bklog.G(ctx) instead of logrus directly
+ * integration: missing mergeDiff compat check
+ * chore: `translateLegacySolveRequest` does not need to return error checking.
+ * integration: split feature compat check for subtests
+ * integration: missing feature compat check for cache
+ * dockerfile: fix reproducible digest test for non-amd64
+ * integration: add FeatureMergeDiff compat
+ * integration: add FeatureCacheBackend* compat
+ * integration: enforce features compat through env vars
+ * ci: upstream docs conformance validation
+ * dockerfile(docs): fix liquid syntax
+ * Problem: can't use anonymous S3 credentials
+ * hack: remove build_ci_first_pass script
+ * hack: binaries and cross bake targets
+ * go.mod: update to go 1.20
+ * Dockerfile: CONTAINERD_VERSION=v1.7.0
+ * go.mod: github.com/containerd/containerd v1.7.0
+ * Add Namespace to list of buildkit users.
+ * remove buildinfo
+ * buildinfo: add BUILDKIT_BUILDINFO build arg
+ * buildinfo: mark as deprecated
+ * docs: deprecated features page
+ * rootless: guide for Bottlerocket OS (`sysctl -w user.max_user_namespaces=N`)
+ * rootless: fix up unprivileged mount opts
+ * Dockerfile: CONTAINERD_VERSION=v1.7.0-rc.3, CONTAINERD_ALT_VERSION_16=v1.6.19
+ * go.mod: github.com/containerd/containerd v1.7.0-rc.3
+ * version: add "v" prefix to version for tagging convention consistency
+ * remove context name validation from kubepod connhelper
+ * gateway: add hostname option to NewContainer API
+ * fix error message typo
+ * provenance: ensure URLs are redacted before written
+ * test/client: Close buildkit client
+ * docs: missing security policy markdown file
+ * diffapply: do chown before xattrs
+ * Add test for merge of files with capabilities.
+ * fix a possible panic on cache
+ * Update cmd/buildkitd/main_windows.go
+ * ci(validate): use bake
+ * hack: shfmt bake target
+ * hack: generated-files bake target
+ * hack: doctoc bake target
+ * hack: lint bake target
+ * hack: authors Dockerfile and bake target
+ * hack: bake definition with vendor targets
+ * Fix buildkitd panic when frontend input is nil.
+ * ci: trigger workflows on push to release branches
+ * build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0
+ * ci: create GitHub Release for frontend as well
+ * ci: make release depends on image job
+ * lint: fix issues with go 1.20
+ * remove deprecated golangci-lint linters
+ * update golangci-lint to v1.51.1
+ * update to go 1.20
+ * Allow DefinitionOp to track sources
+ * specify a `ResponseHeaderTimeout` value
+ * Ensures that the primary GID is also included in the additional GIDs
+ * ci: fix missing TESTFLAGS env var in test-os workflow
+ * Dockerfile: update containerd to v1.7.0-beta.4, v1.6.18
+ * go.mod: github.com/containerd/containerd v1.7.0-beta.4
+ * ci: update softprops/action-gh-release to v0.1.15
+ * ci: remove unused vars in dockerd workflow
+ * ci: split cross job
+ * Dockerfile: remove binaries-linux-helper stage
+ * ci: rename unclear env vars
+ * readme: fix and update badges
+ * ci: rename build workflow to buildkit
+ * ci: reusable test workflow
+ * ci: move test-os to a dedicated workflow
+ * ci: move frontend integration tests and build to a dedicated workflow
+ * stargz-snapshotter: graduate from experimental
+ * Bump up stargz-snapshotter to v0.14.1
+ * set osversion in index descriptor from base image
+ * progress: solve status description
+ * ci: update buildx to latest
+ * Dockerfile: update xx to 1.2.1
+ * integration: make sure registry directory exists
+ * gha: avoid range requests with too big offset
+ * ci: merge test-nydus job in test one
+ * ci: remove branch restriction on pull request event
+ * client: add tests for layerID in comment field
+ * exporter: fix sbom supplement core detection
+ * exporter: fix supplement sboms on empty scratch layer
+ * exporter: fix file layer finder whiteout detection
+ * exporter: canonicalize sbom file paths during search
+ * Add platform tracing socket paths and mounts
+ * integration: log dockerd cmd
+ * integration: set custom flags for dockerd worker
+ * remotecache: proper exporter naming for gha, s3 and azblob
+ * remotecache: explicit names for registry and local
+ * exporter: use compression.ParseAttributes func
+ * remotecache: mutualize compression parsing attrs
+ * lex: add support for optional colon in variable expansion
+ * test: rework TestProcessWithMatches to use a matrix
+ * dockerfile: update to use dockerui pkg
+ * dockerui: separate docker frontend params to reusable package
+ * cache: add fallback for snapshotID
+ * exporter: remove wrappers for oci data types
+ * vendor: github.com/docker/cli v23.0.0
+ * vendor: github.com/docker/docker v23.0.0
+ * hack: do not cache some stages on release
+ * hack: do not set attest flags when exporting to docker
+ * git: override the locale to ensure consistent output
+ * fix support for empty git ref with subdir
+ * gitutil: use subtests
+ * source: more tests cases for git identifier
+ * source: use subtests cases for git identifier
+ * otel: bump dependencies to v1.11.2/v0.37.0
+ * hack: treat unset variables as an error
+ * frontend: fix typo in release script
+ * ci: create matrix for building frontend image
+ * inline cache: fix blob indexes by uncompressed digest
+ * Skip configuring cache exporter if it is nil.
+ * docs: update syntax for labs channel in examples
+ * integration: remove wrong compat condition
+ * integration: fix compat check for CNI DNS test
+ * cache: don’t link blobonly based on chainid
+ * do not mount secrets that are optional and missing from solve opts
+ * SOURCE_DATE_EPOCH: drop timezone
+ * sbom: create tmp directory for scanner image
+ * progress: keep color enabled with NO_COLOR empty
+ * hack: remove azblob_test
+ * integration: basic azblob cache test
+ * test: add proxy build args when existed
+ * vendor: github.com/docker/cli v23.0.0-rc.3
+ * vendor: github.com/docker/docker v23.0.0-rc.3
+ * vendor: golang.org/x/net v0.5.0
+ * vendor: golang.org/x/text v0.6.0
+ * vendor: golang.org/x/sys v0.4.0
+ * Dockerfile: CNI plugins v1.2.0
+ * Dockerfile: CONTAINERD_VERSION=v1.7.0-beta.3, CONTAINERD_ALT_VERSION_16=v1.6.16
+ * Fix tracing listener on Windows
+ * go.mod: github.com/containerd/containerd v1.7.0-beta.3
+ * control: send current timestamp header with event streams
+ * vendor: update containerd to v1.6.16-0.1709cfe273d9
+ * buildctl: add ref-file to get history record for a build
+ * client: make sure ref is configurable for the history API
+ * history: save completed steps with cache stats
+ * history: fix exporter key not being passed
+ * history: fix logs and traces are saving on canceled builds
+ * hack: add correct entrypoint to shell script
+ * ci: use moby/buildkit:latest in build action
+ * dockerfile: add testReproSourceDateEpoch
+ * Fix cache cannot reuse lazy layers
+ * Correct manifests_prefix documentation for S3 cache
+ * Use golang.org/x/sys/windows instead of syscall
+ * dockerfile: release frontend for i386 platform
+ * Add get-user-info utility
+ * optimize --dry-run flag
+ * fix(tracing): spelling of OTEL_TRACES_EXPORTER value
+ * Propagate sshforward send side connection close
+ * buildctl: add `buildctl debug histories, buildctl prune-histories`
+ * dockerfile: fix panic on warnings with multi-platform
+ * vendor: github.com/docker/cli v23.0.0-rc.2
+ * vendor: github.com/docker/docker v23.0.0-rc.2
+ * vendor: github.com/containerd/containerd v1.6.15
+ * cache: add registry.insecure option to registry exporter
+ * Make local cache non-lazy
+ * docs/build-repro.md: add the SOURCE_DATE_EPOCH section
+ * docs: clarified build argument example by changing the variable name
+ * azblob cache: account_name attribute
+ * docs: master -> 0.11
+ * ci: fix dockerd workflow with latest changes from moby
+ * integration: set mirrors and entitlements with dockerd worker
+ * github: update CI to buildkit version
+ * exporter: ensure spdx order prioritizes primary sbom
+ * hack: remove s3_test
+ * integration: basic s3 cache test
+ * integration: add runCmd and randomString utils
+ * integration: expose backend logs in sandbox interface
+ * azblob_test: pin busybox to avoid "Illegal instruction" error
+ * docs: add nerdctl container buildkitd address docs
+ * feat: add namespace support for nerdctl container
+ * ci: add ci to check README toc
+ * testutil: pin busybox and alpine used in releases
+ * exporter: allow configuring inline attestations for image exporters
+ * exporter: force enabling inline attestations for image export
+ * docs: change semicolons to double ampersands
+ * llbsolver: fix panic when requesting provenance on nil result
+ * vendor: update fsutil to fb43384
+ * attestation: only supplement file data for the core scan
+ * docs: add index page for attestations
+ * docs: move attestation docs to dedicated directory
+ * docs: rename slsa.md to slsa-provenance.md
+ * docs: tidy up json examples for slsa definitions
+ * docs: add cross-linking between slsa pages
+ * Flakiness in azblob test job
+ * vendor: update spdx/tools-golang to d6f58551be3f
+ * feat: add nerdctl-container support for client
+ * docs: slsa review updates
+ * docs: moved slsa definitions to a separate page
+ * docs: slsa editorial fixes
+ * docs: add filename to provenance attestation
+ * docs: update hermetic field after it was moved in implementation
+ * docs: update provenance docs
+ * docs: add slsa provenance documentation
+ * progress: fix clean context cancelling
+ * fix: updated_at -> updated-at
+ * Solve panic due to concurrent access to ExportSpans
+ * feat: allow ignoring remote cache-export error if failing
+ * add cache stats to the build history API
+ * vendor: github.com/docker/cli v23.0.0-rc.1
+ * vendor: github.com/docker/docker v23.0.0-rc.1
+ * vendor: github.com/containerd/containerd v1.6.14
+ * frontend: fix testMultiStageImplicitFrom to account for busybox changes
+ * sshforward: skip conn close on stream CloseSend.
+ * chore: update buildkitd.toml docs with mirror path example
+ * feat: handle mirror url with path
+ * provenance: fix the order of the build steps
+ * provenance: move hermetic field into a correct struct
+ * add possibility to override filename for provenance
+ * Fix typo in CapExecMountBindReadWriteNoOutput.
+ * Use SkipOutput instead of -1 for output indexes to clarify semantics.
+ * fix indentation for in-toto and traces
+ * attestation: forbid provenance attestations from frontend
+ * attestation: validate attestations before unbundling as well
+ * exporter: make attestation validation public
+ * result: change reason types to strings
+ * attestations: ignore spdx parse errors
+ * attestations: propogate metadata through unbundling
+ * gateway: add addition check to prevent content func from being forwarded
+ * ociindex: add utility method for getting a single manifest from the index
+ * ociindex: refactor to hide implementation internally
+ * cache: test gha cache exporter
+ * containerdexecutor: add network namespace callback
+ * frontend/dockerfile: BFlags.Parse(): use strings.Cut()
+ * frontend/dockerfile: parseExtraHosts(): use strings.Cut()
+ * frontend/dockerfile: parseMount() use strings.Cut(), and some minor cleanup
+ * frontend/dockerfile: move check for cache-sharing
+ * frontend/dockerfile: provide suggestions for mount share mode
+ * frontend/dockerfile: define types for enums
+ * frontend/dockerfile/shell: use strings.Equalfold
+ * frontend/dockerfile/parser: remove redundant concat
+ * frontend/dockerfile: parseBuildStageName(): pre-compile regex
+ * frontend/dockerfile: remove isSSHMountsSupported, isSecretMountsSupported
+ * docs: Enable rootless for stargz-snapshotter
+ * executor/oci: GetResolvConf(): simplify handling of resolv.conf
+- fix rpmlint errors
+ * systemd units should not have execute permissions
+ * add missing %service_add_pre for the systemd units
+
-------------------------------------------------------------------
Tue Jan 31 17:50:32 UTC 2023 - Dirk Müller
diff --git a/buildkit.spec b/buildkit.spec
index d19bde9..2aa4f2a 100644
--- a/buildkit.spec
+++ b/buildkit.spec
@@ -23,7 +23,7 @@
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
%global import_path %{provider_prefix}
Name: buildkit
-Version: 0.11.2
+Version: 0.12.5
Release: 0
Summary: Toolkit for converting source code to build artifacts
License: Apache-2.0
@@ -54,17 +54,20 @@ mkdir -p %{buildroot}%{_bindir}/
mkdir -p %{buildroot}%{_unitdir}/
install -m 0755 _output/buildkitd %{buildroot}%{_bindir}/buildkitd
install -m 0755 _output/buildctl %{buildroot}%{_bindir}/buildctl
-install -m 0755 %{SOURCE2} %{buildroot}%{_unitdir}/buildkit.service
-install -m 0755 examples/systemd/system/buildkit.socket %{buildroot}%{_unitdir}/buildkit.socket
+install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/buildkit.service
+install -m 0644 examples/systemd/system/buildkit.socket %{buildroot}%{_unitdir}/buildkit.socket
+
+%pre
+%service_add_pre buildkit.socket buildkit.service
%post
-%systemd_post buildkit.socket buildkit.service
+%service_add_post buildkit.socket buildkit.service
%preun
-%systemd_preun buildkit.socket buildkit.service
+%service_del_preun buildkit.socket buildkit.service
%postun
-%systemd_postun_with_restart buildkit.socket buildkit.service
+%service_del_postun buildkit.socket buildkit.service
%files
%license LICENSE
diff --git a/vendor.tar.zst b/vendor.tar.zst
index 10d2de8..99ebe6c 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:c0564538026e874fe9ea4f691832c81318b33fb79f81dec9757f22ce82e1f325
-size 5752083
+oid sha256:f2c3aa0ee8516335a75e8042464dc983e0675072af688aa67fba4dbc7a011402
+size 4533584