Sync from SUSE:SLFO:Main buildkit revision 73392caa1cfadde20e6b3a10fdd5e294

_service

@@ -1,20 +1,20 @@
 <services>
-  <service name="download_files" mode="disabled" />
-  <service name="tar_scm" mode="disabled">
+  <service name="download_files" mode="manual" />
+  <service name="tar_scm" mode="manual">
     <param name="url">https://github.com/moby/buildkit.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v0.11.2</param>
+    <param name="revision">v0.12.5</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>
   </service>
-  <service name="set_version" mode="disabled" />
-  <service name="recompress" mode="disabled">
+  <service name="set_version" mode="manual" />
+  <service name="recompress" mode="manual">
     <param name="file">*.tar</param>
     <param name="compression">zst</param>
   </service>
-  <service name="go_modules" mode="disabled">
+  <service name="go_modules" mode="manual">
     <param name="compression">zst</param>
   </service>
 </services>

_servicedata

@@ -1,7 +1,6 @@
-<?xml version="1.0"?>
 <servicedata>
   <service name="tar_scm">
     <param name="url">https://github.com/moby/buildkit.git</param>
-    <param name="changesrevision">944939944ca4cc58a11ace4af714083cfcd9a3c7</param>
+    <param name="changesrevision">bac3f2b673f3f9d33e79046008e7a38e856b3dc6</param>
   </service>
-</servicedata>
+</servicedata>

buildkit.changes

@@ -1,3 +1,542 @@
+-------------------------------------------------------------------
+Thu Feb 01 16:36:18 UTC 2024 - dcermak@suse.com
+
+- Update to version 0.12.5:
+  * update runc to v1.1.12
+  * exec: add extra validation for submount sources (fixes CVE-2024-23651, bsc#1219267)
+  * oci: fix error handling on submount calls
+  * executor: recheck mount stub path within root after container run (fixes CVE-2024-23652, bsc#1219268)
+  * llbsolver: make sure interactive container API validates entitlements (fixes CVE-2024-23653, bsc#1219438)
+  * gateway: pass executor with build and not access worker directly
+  * pb: add extra validation to protobuf types
+  * sourcepolicy: add validations for nil values
+  * exporter: add validation for platforms key value
+  * exporter: add validation for invalid platorm
+  * exporter: validate null config metadata from gateway
+  * ci: disable push if not upstream repo
+  * hack: use git context only for upstream repo
+  * hack/test: allow ALPINE_VERSION to be set from env
+  * hack: align syntax
+  * vendor: github.com/cyphar/filepath-securejoin v0.2.4
+  * tracing: allow the `Resource` to be set externally
+
+-------------------------------------------------------------------
+Mon Dec 04 13:14:41 UTC 2023 - fredrik.lonnegren@suse.com
+
+- Update to version 0.12.4:
+  * Fix possible concurrent map access on remote cache export
+  * Fix hang on debug server listener
+  * Fix possible deadlock in History API under high number of parallel builds
+  * Fix possible panic on handling deleted records in History API
+  * Fix possible data corruption in zstd library
+
+- Update to version 0.12.3:
+  * Fix possible duplicate source files in provenance attestation for chained builds
+  * Fix possible negative step time in progressbar for step shared with other build request
+  * Fix properly closing history and cache DB on shutdown to avoid corruption
+  * Fix incorrect error handling for invalid HTTP source URLs
+  * Fix fallback cases for ambiguous insecure configuration provided for registry used as push target.
+  * Fix possible data race with parallel image config resolves
+  * Fix regression in v0.12 for clients waiting on buildkitd to become available
+  * Fix Cgroup NS handling for hosts supporting only CgroupV1
+
+- Update to version 0.12.2:
+  * Fix possible discarded network error when exporting result to client
+  * Avoid unnecessary memory allocations when writing build progress
+
+-------------------------------------------------------------------
+Wed Aug 02 21:37:05 UTC 2023 - elimat@opensuse.org
+
+- Update to version 0.12.1:
+  * executor: fix resource sampler goroutine leak
+  * [v0.11] make tracing socket forward error non-fatal
+  * integration: missing env var to check feature compat
+  * test: update pinned busybox image to 1.36
+  * test: update pinned alpine image to 3.18
+  * vendor: github.com/docker/docker 8e51b8b59cb8 (master, v25.0.0-dev)
+  * executor/resource: stub out NewSysSampler on Windows
+  * vendor: github.com/docker/cli v24.0.4
+  * testutil: move CheckContainerdVersion to a separate package
+  * llbsolver: fix policy rule ordering
+  * filesync: fix backward compatibility with encoding + and %
+  * hack: allow to set GO_VERSION during tests
+  * test: always disable tls for dockerd worker
+  * buildctl: set max backoff delay to 1 second
+  * contenthash: data race
+  * filesync: escape special query characters
+  * applier: add hack to support docker zstd layers
+  * Fix various nits
+  * pullprogress data race
+  * use sampler lock instead
+  * Fix ResolveImageConfig to evaluate source policy
+  * sampler data race fix
+  * update cgroup parent test to work with cgroupns
+  * Revert "specify a `ResponseHeaderTimeout` value"
+  * oci: make sure cgroupns is enabled if supported
+  * bash lint fix
+  * rename BUILDFLAGS to GOBUILDFLAGS
+  * allow ENOTSUP for PSI cgroup files
+  * containerimage: use platform matcher to detect platform to unpack
+  * exporter: silently skip unpacking unknown reference
+  * improve error handling in ReadFile
+  * dockerfile: arg for controlling go build flags
+  * dockerfile: arg to enable go race detection
+  * Add support for health start interval
+  * Re-vendor moby/moby
+  * filesync: mark if options have been encoded to detect old versions
+  * dockerfile: heredoc should use 0644 permissions
+  * docs: update README to reference OpenTelemetry instead of OpenTracing
+  * gateway: restore original filename in ReadFile error message
+  * Dockerfile: update containerd to v1.7.2
+  * Use system.ToSlash() instead of filepath.ToSlash()
+  * Revert most changes to client/llb
+  * Remove Architecture
+  * Default to linux in client
+  * Ensure we use proper path separators
+  * Set default platform
+  * Add nil pointer check in dispatchWorkdir
+  * Remove nil pointer check and extra NormalizePath
+  * Rename variable, remove superfluous check
+  * Use current OS as a default
+  * Handle file paths base on target platform
+  * exporter: unlazy references in parallel
+  * exporter: simplify unlazy references to reduce duplication
+  * exporter: allow unpack on multi-platform images
+  * tests: add unpack to scratch export test
+  * overlay: set whiteout timestamps to 1970-01-01 (not to SOURCE_DATE_EPOCH)
+  * dockerfile: graduate `ADD --checksum=<checksum>` from labs
+  * dockerfile: graduate `ADD <git ref>` from labs
+  * dockerfile: mod-outdated target to check modules updates
+  * dockerfile: use xx in dnsname stage
+  * dockerfile: install musl-dev to fix compilation issue
+  * dockerfile: update Alpine to 3.18
+  * vendor: update fsutil to 36ef4d8
+  * export(local): split opt
+  * buildctl: Provide --wait option
+  * containerimage: support SOURCE_DATE_EPOCH for CreatedAt
+  * move flightcontrol to use generics
+  * containerimage: keep layer labels for exported images
+  * shell: start shell from cmd, not entrypoint
+  * sbom: propogate image-resolve-mode for generator image
+  * client: add extra debug to tests
+  * handle missing provenance for non-evaluated result
+  * tests: add provenance test for duplicate platform
+  * tests: add provenance test for when context directory does not exist
+  * forward: make BridgeClient public for lint
+  * gateway: enable named contexts for gateway frontend
+  * vendor: update vt100 with resize panic fix
+  * docs: dockerfile: remove "known issues" related to AuFS
+  * docs: add running instruction to CONTRIBUTING.md
+  * tests: add worker close method to interface
+  * add and check for gateway.exec.secretenv cap
+  * move Secretenv from Meta to InitMessage
+  * support passing SecretEnv to gateway containers
+  * Add comment, update from review
+  * Fix issue with digest merge (inconsistent graph state)
+  * docs: add helper commands section to CONTRIBUTING.md
+  * docs: update CONTRIBUTING.md whitespace formatting
+  * integration: fix not deleting dockerd workdir
+  * remove uses of deprecated ResolverOptions.Client
+  * filesync: fix handling non-ascii in file paths
+  * tests: add test for unicode filenames
+  * Adding more docs to client/llb
+  * Add special case for rw bind mounts
+  * vendor: github.com/docker/cli v24.0.2
+  * vendor: github.com/docker/docker v24.0.2
+  * progressui: fix index printing on partial rows
+  * gateway: wrap ExecProcessServer Send calls with a mutex
+  * resources: make maxsamples configurable
+  * llbsolver: add systemusage samples to provenance attestation
+  * resources: store sys cpu usage per step
+  * resources: add sampler for periodic stat reads
+  * resources: CNI network usage sampling support
+  * resources: add build step resource tracking via cgroups
+  * solver: lock before using actives
+  * Emulate "bind" mounts using the bind filter
+  * Fix mount layers on host
+  * llbsolver: set temporary lease in Commit context
+  * Update containerd dependency
+  * exporter: Add exptypes with Common exporter keys
+  * exporter/image/exptypes: Make strongly typed
+  * solver: move AddBuildConfig into llbsolver package
+  * tests: add test to check url format for image loaded from oci layout
+  * solver: mark locally loaded images as such
+  * solver: merge local and remote images into single list
+  * purl: allow RefToPURL to take a type parameter
+  * tests: don't use purl code to test itself
+  * Use linux as a default for inputOS
+  * Add path handling functions
+  * response to comments
+  * containerimage: Export option keys
+  * vendor: update spdx/tools-golang to v0.5.1
+  * exporter: remove non dist options from tar exporter
+  * exporter: move fs opt parsing to method
+  * tests: fixup attestation tar to not panic when file not found
+  * git: set umask without reexec
+  * add language property for sourcemap
+  * dockerfile/docs: add set -ex to heredoc #3870
+  * authprovider: fix a bug where registry-1.docker.io auth was always a cache miss
+  * response to comments
+  * tracing: fix buildx tracing delegation
+  * Update continuity and fsutil
+  * cache: add a few more fields to ref trace logs.
+  * vendor: github.com/containerd/go-runc v1.1.0
+  * provenance: fix possible empty digest access
+  * vendor: fix broken vendoring
+  * dockerfile: bump up nerdctl to v1.4.0
+  * bump nydus-snapshotter dependence to v0.8.2
+  * vendor: github.com/docker/cli v24.0.1
+  * vendor: github.com/docker/docker v24.0.1
+  * vendor: github.com/containerd/containerd v1.7.1
+  * vendor: github.com/Microsoft/hcsshim v0.10.0-rc.8
+  * vendor: github.com/Microsoft/go-winio v0.6.1
+  * vendor: golang.org/x/sys v0.7.0
+  * vendor: github.com/containerd/typeurl/v2 v2.1.1
+  * chore: bump spdx tools
+  * Fix typo in attestation-storage.md
+  * vendor: github.com/docker/cli v24.0.0
+  * vendor: github.com/docker/docker v24.0.0
+  * vendor: github.com/opencontainers/runc v1.1.7
+  * vendor: github.com/opencontainers/runtime-spec v1.1.0-rc.2
+  * vendor: github.com/klauspost/compress v1.16.3
+  * Dockerfile: CONTAINERD_VERSION=v1.7.1
+  * Dockerfile: CONTAINERD_ALT_VERSION_16=v1.6.21
+  * Dockerfile: RUNC_VERSION=v1.1.7
+  * session: avoid logging healthcheck error on canceled connection
+  * session: fix run and close synchronization
+  * testutil: update ReadImages to fallback to reading manifest
+  * Add trace logs for cache leaks.
+  * Add some doc strings for LLB functions
+  * attestations: move containerd media type warnings
+  * update generated proto files
+  * attestations: replace intoto media type with vendored const
+  * nydus: bump nydus versions in Dockerfile and doc
+  * feedback changes for moby/buildkit #2251
+  * testutil: expose underlying docker address for supported workers
+  * testutil: expose integration workers as public
+  * remove type aliases for leasemanager/contentstore
+  * llbsolver: move history blobs to a separate namespace
+  * build(deps): bump github.com/docker/distribution
+  * added import/export support for OCI compatible image manifest version of cache manifest (opt-in on export, inferred on import) moby/buildkit #2251
+  * llb: carry platform from inputs for merge/diff
+  * llb: don't include platform in fileop
+  * control: fix possible deadlock on network error
+  * exporter/containerimage: remove redundant type for var declaration
+  * Fix not to set the value on empty vertex
+  * Fix to import as digest
+  * cache: always release ref when getting size in usage.
+  * Drop unneeded variable
+  * ssh: add fallback to ensure conn is closed in all cases.
+  * vendor: github.com/opencontainers/image-spec v1.1.0-rc3
+  * vendor: github.com/docker/cli v23.0.5
+  * vendor: github.com/docker/docker v23.0.5
+  * nydus: update nydus-snapshotter dependency to v0.8.0
+  * progressui: fix possible zero prefix numbers in logs
+  * llbsolver: send active event only to current client
+  * llbsolver: send delete status event
+  * llbsolver: filter out records marked deleted from list responses
+  * Add Windows service support
+  * docs: fixup build repro doc with updated policy format
+  * test: use appropriate snapshotter service to walk snapshots
+  * overlay: use function to check for overlay-based mounts
+  * Update uses of Image platform fields in OCI image-spec
+  * allow setting user agent products
+  * Bump up golangci-lint to v1.52.2
+  * chore: tidy up duplicated imports
+  * solver: Release unused refs in LoadWithParents
+  * Avoid panic on parallel walking on DefinitionOp
+  * solver: skip sbom post processor if result is nil
+  * vendor: github.com/docker/docker v23.0.4
+  * vendor: github.com/docker/cli v23.0.4
+  * vendor: golang.org/x/time v0.3.0
+  * vendor: github.com/docker/cli v23.0.2
+  * vendor: github.com/docker/docker v23.0.2
+  * test: don't hang if a process doesn't run
+  * ci: put worker name first for better UX in actions
+  * go.mod: remove github.com/kr/pretty
+  * Revert "Problem: can't use anonymous S3 credentials"
+  * go.mod: bump up runc to v1.1.6
+  * go.mod: Bump up stargz-snapshotter to v0.14.3
+  * dockerfile: bump up stargz-snapshotter to v0.14.3
+  * dockerfile: bump up runc to v1.1.6
+  * buildkitd: add grpc reflection
+  * Bump up nerdctl to 1.3.0
+  * Bump up containerd 1.6.20
+  * Fix gzip decoding of HTTP sources.
+  * ci: update runner os to ubuntu 22.04
+  * Fix bearer token expiration check (fixes #3779)
+  * docs: update buildkitd.toml with new field info
+  * buildkitd: allow durations for gc config
+  * buildkitd: allow multiple units for gc config
+  * dockerui: expose context detection functions as public
+  * Prevent overflow of runc exit code.
+  * Upgrade to latest go-runc.
+  * runc worker: fix sigkill handling
+  * Dockerfile: RUNC_VERSION=v1.1.5
+  * client: add client opts to enable system certificates
+  * Make ClientOpts type safe
+  * build(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5
+  * fileop: create new fileOpSolver instance per Exec call
+  * Provide CacheManager to Controller instead of CacheKeyManager.
+  * http: ensure HEAD and GET requests have same headers
+  * docs: add auto-generated sections to buildctl.md
+  * client: allow grpc dial option passthrough
+  * cni: simplify netns creation
+  * add Bass to list of LLB languages
+  * llbsolver: fix sorting of history records
+  * llbsolver: Fix performance of recomputeDigests
+  * solve: use comparables instead of reflection in result struct
+  * vendor: github.com/docker/cli v23.0.1
+  * vendor: github.com/docker/docker v23.0.1
+  * client: create oci-layout file in StoreIndex
+  * ci: output annotations for failures
+  * test: set mod vendor
+  * test: use gotestsum to generate reports
+  * fix gateway exec tty cleanup on context.Canceled
+  * fix process termination handling for runc exec
+  * Register builds before recording build history
+  * docs(dockerfile): minimal Dockerfile version support for chmod
+  * Update builder.md to document newly supported --chmod features in both ADD and COPY statements.
+  * use bklog.G(ctx) instead of logrus directly
+  * integration: missing mergeDiff compat check
+  * chore: `translateLegacySolveRequest` does not need to return error checking.
+  * integration: split feature compat check for subtests
+  * integration: missing feature compat check for cache
+  * dockerfile: fix reproducible digest test for non-amd64
+  * integration: add FeatureMergeDiff compat
+  * integration: add FeatureCacheBackend* compat
+  * integration: enforce features compat through env vars
+  * ci: upstream docs conformance validation
+  * dockerfile(docs): fix liquid syntax
+  * Problem: can't use anonymous S3 credentials
+  * hack: remove build_ci_first_pass script
+  * hack: binaries and cross bake targets
+  * go.mod: update to go 1.20
+  * Dockerfile: CONTAINERD_VERSION=v1.7.0
+  * go.mod: github.com/containerd/containerd v1.7.0
+  * Add Namespace to list of buildkit users.
+  * remove buildinfo
+  * buildinfo: add BUILDKIT_BUILDINFO build arg
+  * buildinfo: mark as deprecated
+  * docs: deprecated features page
+  * rootless: guide for Bottlerocket OS (`sysctl -w user.max_user_namespaces=N`)
+  * rootless: fix up unprivileged mount opts
+  * Dockerfile: CONTAINERD_VERSION=v1.7.0-rc.3, CONTAINERD_ALT_VERSION_16=v1.6.19
+  * go.mod: github.com/containerd/containerd v1.7.0-rc.3
+  * version: add "v" prefix to version for tagging convention consistency
+  * remove context name validation from kubepod connhelper
+  * gateway: add hostname option to NewContainer API
+  * fix error message typo
+  * provenance: ensure URLs are redacted before written
+  * test/client: Close buildkit client
+  * docs: missing security policy markdown file
+  * diffapply: do chown before xattrs
+  * Add test for merge of files with capabilities.
+  * fix a possible panic on cache
+  * Update cmd/buildkitd/main_windows.go
+  * ci(validate): use bake
+  * hack: shfmt bake target
+  * hack: generated-files bake target
+  * hack: doctoc bake target
+  * hack: lint bake target
+  * hack: authors Dockerfile and bake target
+  * hack: bake definition with vendor targets
+  * Fix buildkitd panic when frontend input is nil.
+  * ci: trigger workflows on push to release branches
+  * build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0
+  * ci: create GitHub Release for frontend as well
+  * ci: make release depends on image job
+  * lint: fix issues with go 1.20
+  * remove deprecated golangci-lint linters
+  * update golangci-lint to v1.51.1
+  * update to go 1.20
+  * Allow DefinitionOp to track sources
+  * specify a `ResponseHeaderTimeout` value
+  * Ensures that the primary GID is also included in the additional GIDs
+  * ci: fix missing TESTFLAGS env var in test-os workflow
+  * Dockerfile: update containerd to v1.7.0-beta.4, v1.6.18
+  * go.mod: github.com/containerd/containerd v1.7.0-beta.4
+  * ci: update softprops/action-gh-release to v0.1.15
+  * ci: remove unused vars in dockerd workflow
+  * ci: split cross job
+  * Dockerfile: remove binaries-linux-helper stage
+  * ci: rename unclear env vars
+  * readme: fix and update badges
+  * ci: rename build workflow to buildkit
+  * ci: reusable test workflow
+  * ci: move test-os to a dedicated workflow
+  * ci: move frontend integration tests and build to a dedicated workflow
+  * stargz-snapshotter: graduate from experimental
+  * Bump up stargz-snapshotter to v0.14.1
+  * set osversion in index descriptor from base image
+  * progress: solve status description
+  * ci: update buildx to latest
+  * Dockerfile: update xx to 1.2.1
+  * integration: make sure registry directory exists
+  * gha: avoid range requests with too big offset
+  * ci: merge test-nydus job in test one
+  * ci: remove branch restriction on pull request event
+  * client: add tests for layerID in comment field
+  * exporter: fix sbom supplement core detection
+  * exporter: fix supplement sboms on empty scratch layer
+  * exporter: fix file layer finder whiteout detection
+  * exporter: canonicalize sbom file paths during search
+  * Add platform tracing socket paths and mounts
+  * integration: log dockerd cmd
+  * integration: set custom flags for dockerd worker
+  * remotecache: proper exporter naming for gha, s3 and azblob
+  * remotecache: explicit names for registry and local
+  * exporter: use compression.ParseAttributes func
+  * remotecache: mutualize compression parsing attrs
+  * lex: add support for optional colon in variable expansion
+  * test: rework TestProcessWithMatches to use a matrix
+  * dockerfile: update to use dockerui pkg
+  * dockerui: separate docker frontend params to reusable package
+  * cache: add fallback for snapshotID
+  * exporter: remove wrappers for oci data types
+  * vendor: github.com/docker/cli v23.0.0
+  * vendor: github.com/docker/docker v23.0.0
+  * hack: do not cache some stages on release
+  * hack: do not set attest flags when exporting to docker
+  * git: override the locale to ensure consistent output
+  * fix support for empty git ref with subdir
+  * gitutil: use subtests
+  * source: more tests cases for git identifier
+  * source: use subtests cases for git identifier
+  * otel: bump dependencies to v1.11.2/v0.37.0
+  * hack: treat unset variables as an error
+  * frontend: fix typo in release script
+  * ci: create matrix for building frontend image
+  * inline cache: fix blob indexes by uncompressed digest
+  * Skip configuring cache exporter if it is nil.
+  * docs: update syntax for labs channel in examples
+  * integration: remove wrong compat condition
+  * integration: fix compat check for CNI DNS test
+  * cache: don’t link blobonly based on chainid
+  * do not mount secrets that are optional and missing from solve opts
+  * SOURCE_DATE_EPOCH: drop timezone
+  * sbom: create tmp directory for scanner image
+  * progress: keep color enabled with NO_COLOR empty
+  * hack: remove azblob_test
+  * integration: basic azblob cache test
+  * test: add proxy build args when existed
+  * vendor: github.com/docker/cli v23.0.0-rc.3
+  * vendor: github.com/docker/docker v23.0.0-rc.3
+  * vendor: golang.org/x/net v0.5.0
+  * vendor: golang.org/x/text v0.6.0
+  * vendor: golang.org/x/sys v0.4.0
+  * Dockerfile: CNI plugins v1.2.0
+  * Dockerfile: CONTAINERD_VERSION=v1.7.0-beta.3, CONTAINERD_ALT_VERSION_16=v1.6.16
+  * Fix tracing listener on Windows
+  * go.mod: github.com/containerd/containerd v1.7.0-beta.3
+  * control: send current timestamp header with event streams
+  * vendor: update containerd to v1.6.16-0.1709cfe273d9
+  * buildctl: add ref-file to get history record for a build
+  * client: make sure ref is configurable for the history API
+  * history: save completed steps with cache stats
+  * history: fix exporter key not being passed
+  * history: fix logs and traces are saving on canceled builds
+  * hack: add correct entrypoint to shell script
+  * ci: use moby/buildkit:latest in build action
+  * dockerfile: add testReproSourceDateEpoch
+  * Fix cache cannot reuse lazy layers
+  * Correct manifests_prefix documentation for S3 cache
+  * Use golang.org/x/sys/windows instead of syscall
+  * dockerfile: release frontend for i386 platform
+  * Add get-user-info utility
+  * optimize --dry-run flag
+  * fix(tracing): spelling of OTEL_TRACES_EXPORTER value
+  * Propagate sshforward send side connection close
+  * buildctl: add `buildctl debug histories, buildctl prune-histories`
+  * dockerfile: fix panic on warnings with multi-platform
+  * vendor: github.com/docker/cli v23.0.0-rc.2
+  * vendor: github.com/docker/docker v23.0.0-rc.2
+  * vendor: github.com/containerd/containerd v1.6.15
+  * cache: add registry.insecure option to registry exporter
+  * Make local cache non-lazy
+  * docs/build-repro.md: add the SOURCE_DATE_EPOCH section
+  * docs: clarified build argument example by changing the variable name
+  * azblob cache: account_name attribute
+  * docs: master -> 0.11
+  * ci: fix dockerd workflow with latest changes from moby
+  * integration: set mirrors and entitlements with dockerd worker
+  * github: update CI to buildkit version
+  * exporter: ensure spdx order prioritizes primary sbom
+  * hack: remove s3_test
+  * integration: basic s3 cache test
+  * integration: add runCmd and randomString utils
+  * integration: expose backend logs in sandbox interface
+  * azblob_test: pin busybox to avoid "Illegal instruction" error
+  * docs: add nerdctl container buildkitd address docs
+  * feat: add namespace support for nerdctl container
+  * ci: add ci to check README toc
+  * testutil: pin busybox and alpine used in releases
+  * exporter: allow configuring inline attestations for image exporters
+  * exporter: force enabling inline attestations for image export
+  * docs: change semicolons to double ampersands
+  * llbsolver: fix panic when requesting provenance on nil result
+  * vendor: update fsutil to fb43384
+  * attestation: only supplement file data for the core scan
+  * docs: add index page for attestations
+  * docs: move attestation docs to dedicated directory
+  * docs: rename slsa.md to slsa-provenance.md
+  * docs: tidy up json examples for slsa definitions
+  * docs: add cross-linking between slsa pages
+  * Flakiness in azblob test job
+  * vendor: update spdx/tools-golang to d6f58551be3f
+  * feat: add nerdctl-container support for client
+  * docs: slsa review updates
+  * docs: moved slsa definitions to a separate page
+  * docs: slsa editorial fixes
+  * docs: add filename to provenance attestation
+  * docs: update hermetic field after it was moved in implementation
+  * docs: update provenance docs
+  * docs: add slsa provenance documentation
+  * progress: fix clean context cancelling
+  * fix: updated_at -> updated-at
+  * Solve panic due to concurrent access to ExportSpans
+  * feat: allow ignoring remote cache-export error if failing
+  * add cache stats to the build history API
+  * vendor: github.com/docker/cli v23.0.0-rc.1
+  * vendor: github.com/docker/docker v23.0.0-rc.1
+  * vendor: github.com/containerd/containerd v1.6.14
+  * frontend: fix testMultiStageImplicitFrom to account for busybox changes
+  * sshforward: skip conn close on stream CloseSend.
+  * chore: update buildkitd.toml docs with mirror path example
+  * feat: handle mirror url with path
+  * provenance: fix the order of the build steps
+  * provenance: move hermetic field into a correct struct
+  * add possibility to override filename for provenance
+  * Fix typo in CapExecMountBindReadWriteNoOutput.
+  * Use SkipOutput instead of -1 for output indexes to clarify semantics.
+  * fix indentation for in-toto and traces
+  * attestation: forbid provenance attestations from frontend
+  * attestation: validate attestations before unbundling as well
+  * exporter: make attestation validation public
+  * result: change reason types to strings
+  * attestations: ignore spdx parse errors
+  * attestations: propogate metadata through unbundling
+  * gateway: add addition check to prevent content func from being forwarded
+  * ociindex: add utility method for getting a single manifest from the index
+  * ociindex: refactor to hide implementation internally
+  * cache: test gha cache exporter
+  * containerdexecutor: add network namespace callback
+  * frontend/dockerfile: BFlags.Parse(): use strings.Cut()
+  * frontend/dockerfile: parseExtraHosts(): use strings.Cut()
+  * frontend/dockerfile: parseMount() use strings.Cut(), and some minor cleanup
+  * frontend/dockerfile: move check for cache-sharing
+  * frontend/dockerfile: provide suggestions for mount share mode
+  * frontend/dockerfile: define types for enums
+  * frontend/dockerfile/shell: use strings.Equalfold
+  * frontend/dockerfile/parser: remove redundant concat
+  * frontend/dockerfile: parseBuildStageName(): pre-compile regex
+  * frontend/dockerfile: remove isSSHMountsSupported, isSecretMountsSupported
+  * docs: Enable rootless for stargz-snapshotter
+  * executor/oci: GetResolvConf(): simplify handling of resolv.conf
+- fix rpmlint errors
+  * systemd units should not have execute permissions
+  * add missing %service_add_pre for the systemd units
+
 -------------------------------------------------------------------
 Tue Jan 31 17:50:32 UTC 2023 - Dirk Müller <dmueller@suse.com>
 

buildkit.spec

@@ -23,7 +23,7 @@
 %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
 %global import_path     %{provider_prefix}
 Name:           buildkit
-Version:        0.11.2
+Version:        0.12.5
 Release:        0
 Summary:        Toolkit for converting source code to build artifacts
 License:        Apache-2.0
@@ -54,17 +54,20 @@ mkdir -p %{buildroot}%{_bindir}/
 mkdir -p %{buildroot}%{_unitdir}/
 install -m 0755 _output/buildkitd %{buildroot}%{_bindir}/buildkitd
 install -m 0755 _output/buildctl %{buildroot}%{_bindir}/buildctl
-install -m 0755 %{SOURCE2} %{buildroot}%{_unitdir}/buildkit.service
-install -m 0755 examples/systemd/system/buildkit.socket %{buildroot}%{_unitdir}/buildkit.socket
+install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/buildkit.service
+install -m 0644 examples/systemd/system/buildkit.socket %{buildroot}%{_unitdir}/buildkit.socket
+
+%pre
+%service_add_pre buildkit.socket buildkit.service
 
 %post
-%systemd_post buildkit.socket buildkit.service
+%service_add_post buildkit.socket buildkit.service
 
 %preun
-%systemd_preun buildkit.socket buildkit.service
+%service_del_preun buildkit.socket buildkit.service
 
 %postun
-%systemd_postun_with_restart buildkit.socket buildkit.service
+%service_del_postun buildkit.socket buildkit.service
 
 %files
 %license LICENSE