From 118ba1e223d4326a481c184ded871bd1a78f8b9ca7285db2dc7d185eed635eae Mon Sep 17 00:00:00 2001 From: Richard Brown Date: Thu, 24 Aug 2023 14:20:49 +0000 Subject: [PATCH] Accepting request 1102234 from home:elimat:branches:devel:microos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update to version 0.12.1: * executor: fix resource sampler goroutine leak * [v0.11] make tracing socket forward error non-fatal * integration: missing env var to check feature compat * test: update pinned busybox image to 1.36 * test: update pinned alpine image to 3.18 * vendor: github.com/docker/docker 8e51b8b59cb8 (master, v25.0.0-dev) * executor/resource: stub out NewSysSampler on Windows * vendor: github.com/docker/cli v24.0.4 * testutil: move CheckContainerdVersion to a separate package * llbsolver: fix policy rule ordering * filesync: fix backward compatibility with encoding + and % * hack: allow to set GO_VERSION during tests * test: always disable tls for dockerd worker * buildctl: set max backoff delay to 1 second * contenthash: data race * filesync: escape special query characters * applier: add hack to support docker zstd layers * Fix various nits * pullprogress data race * use sampler lock instead * Fix ResolveImageConfig to evaluate source policy * sampler data race fix * update cgroup parent test to work with cgroupns * Revert "specify a `ResponseHeaderTimeout` value" * oci: make sure cgroupns is enabled if supported * bash lint fix * rename BUILDFLAGS to GOBUILDFLAGS * allow ENOTSUP for PSI cgroup files * containerimage: use platform matcher to detect platform to unpack * exporter: silently skip unpacking unknown reference * improve error handling in ReadFile * dockerfile: arg for controlling go build flags * dockerfile: arg to enable go race detection * Add support for health start interval * Re-vendor moby/moby * filesync: mark if options have been encoded to detect old versions * dockerfile: heredoc should use 0644 permissions * docs: update README to reference OpenTelemetry instead of OpenTracing * gateway: restore original filename in ReadFile error message * Dockerfile: update containerd to v1.7.2 * Use system.ToSlash() instead of filepath.ToSlash() * Revert most changes to client/llb * Remove Architecture * Default to linux in client * Ensure we use proper path separators * Set default platform * Add nil pointer check in dispatchWorkdir * Remove nil pointer check and extra NormalizePath * Rename variable, remove superfluous check * Use current OS as a default * Handle file paths base on target platform * exporter: unlazy references in parallel * exporter: simplify unlazy references to reduce duplication * exporter: allow unpack on multi-platform images * tests: add unpack to scratch export test * overlay: set whiteout timestamps to 1970-01-01 (not to SOURCE_DATE_EPOCH) * dockerfile: graduate `ADD --checksum=` from labs * dockerfile: graduate `ADD ` from labs * dockerfile: mod-outdated target to check modules updates * dockerfile: use xx in dnsname stage * dockerfile: install musl-dev to fix compilation issue * dockerfile: update Alpine to 3.18 * vendor: update fsutil to 36ef4d8 * export(local): split opt * buildctl: Provide --wait option * containerimage: support SOURCE_DATE_EPOCH for CreatedAt * move flightcontrol to use generics * containerimage: keep layer labels for exported images * shell: start shell from cmd, not entrypoint * sbom: propogate image-resolve-mode for generator image * client: add extra debug to tests * handle missing provenance for non-evaluated result * tests: add provenance test for duplicate platform * tests: add provenance test for when context directory does not exist * forward: make BridgeClient public for lint * gateway: enable named contexts for gateway frontend * vendor: update vt100 with resize panic fix * docs: dockerfile: remove "known issues" related to AuFS * docs: add running instruction to CONTRIBUTING.md * tests: add worker close method to interface * add and check for gateway.exec.secretenv cap * move Secretenv from Meta to InitMessage * support passing SecretEnv to gateway containers * Add comment, update from review * Fix issue with digest merge (inconsistent graph state) * docs: add helper commands section to CONTRIBUTING.md * docs: update CONTRIBUTING.md whitespace formatting * integration: fix not deleting dockerd workdir * remove uses of deprecated ResolverOptions.Client * filesync: fix handling non-ascii in file paths * tests: add test for unicode filenames * Adding more docs to client/llb * Add special case for rw bind mounts * vendor: github.com/docker/cli v24.0.2 * vendor: github.com/docker/docker v24.0.2 * progressui: fix index printing on partial rows * gateway: wrap ExecProcessServer Send calls with a mutex * resources: make maxsamples configurable * llbsolver: add systemusage samples to provenance attestation * resources: store sys cpu usage per step * resources: add sampler for periodic stat reads * resources: CNI network usage sampling support * resources: add build step resource tracking via cgroups * solver: lock before using actives * Emulate "bind" mounts using the bind filter * Fix mount layers on host * llbsolver: set temporary lease in Commit context * Update containerd dependency * exporter: Add exptypes with Common exporter keys * exporter/image/exptypes: Make strongly typed * solver: move AddBuildConfig into llbsolver package * tests: add test to check url format for image loaded from oci layout * solver: mark locally loaded images as such * solver: merge local and remote images into single list * purl: allow RefToPURL to take a type parameter * tests: don't use purl code to test itself * Use linux as a default for inputOS * Add path handling functions * response to comments * containerimage: Export option keys * vendor: update spdx/tools-golang to v0.5.1 * exporter: remove non dist options from tar exporter * exporter: move fs opt parsing to method * tests: fixup attestation tar to not panic when file not found * git: set umask without reexec * add language property for sourcemap * dockerfile/docs: add set -ex to heredoc #3870 * authprovider: fix a bug where registry-1.docker.io auth was always a cache miss * response to comments * tracing: fix buildx tracing delegation * Update continuity and fsutil * cache: add a few more fields to ref trace logs. * vendor: github.com/containerd/go-runc v1.1.0 * provenance: fix possible empty digest access * vendor: fix broken vendoring * dockerfile: bump up nerdctl to v1.4.0 * bump nydus-snapshotter dependence to v0.8.2 * vendor: github.com/docker/cli v24.0.1 * vendor: github.com/docker/docker v24.0.1 * vendor: github.com/containerd/containerd v1.7.1 * vendor: github.com/Microsoft/hcsshim v0.10.0-rc.8 * vendor: github.com/Microsoft/go-winio v0.6.1 * vendor: golang.org/x/sys v0.7.0 * vendor: github.com/containerd/typeurl/v2 v2.1.1 * chore: bump spdx tools * Fix typo in attestation-storage.md * vendor: github.com/docker/cli v24.0.0 * vendor: github.com/docker/docker v24.0.0 * vendor: github.com/opencontainers/runc v1.1.7 * vendor: github.com/opencontainers/runtime-spec v1.1.0-rc.2 * vendor: github.com/klauspost/compress v1.16.3 * Dockerfile: CONTAINERD_VERSION=v1.7.1 * Dockerfile: CONTAINERD_ALT_VERSION_16=v1.6.21 * Dockerfile: RUNC_VERSION=v1.1.7 * session: avoid logging healthcheck error on canceled connection * session: fix run and close synchronization * testutil: update ReadImages to fallback to reading manifest * Add trace logs for cache leaks. * Add some doc strings for LLB functions * attestations: move containerd media type warnings * update generated proto files * attestations: replace intoto media type with vendored const * nydus: bump nydus versions in Dockerfile and doc * feedback changes for moby/buildkit #2251 * testutil: expose underlying docker address for supported workers * testutil: expose integration workers as public * remove type aliases for leasemanager/contentstore * llbsolver: move history blobs to a separate namespace * build(deps): bump github.com/docker/distribution * added import/export support for OCI compatible image manifest version of cache manifest (opt-in on export, inferred on import) moby/buildkit #2251 * llb: carry platform from inputs for merge/diff * llb: don't include platform in fileop * control: fix possible deadlock on network error * exporter/containerimage: remove redundant type for var declaration * Fix not to set the value on empty vertex * Fix to import as digest * cache: always release ref when getting size in usage. * Drop unneeded variable * ssh: add fallback to ensure conn is closed in all cases. * vendor: github.com/opencontainers/image-spec v1.1.0-rc3 * vendor: github.com/docker/cli v23.0.5 * vendor: github.com/docker/docker v23.0.5 * nydus: update nydus-snapshotter dependency to v0.8.0 * progressui: fix possible zero prefix numbers in logs * llbsolver: send active event only to current client * llbsolver: send delete status event * llbsolver: filter out records marked deleted from list responses * Add Windows service support * docs: fixup build repro doc with updated policy format * test: use appropriate snapshotter service to walk snapshots * overlay: use function to check for overlay-based mounts * Update uses of Image platform fields in OCI image-spec * allow setting user agent products * Bump up golangci-lint to v1.52.2 * chore: tidy up duplicated imports * solver: Release unused refs in LoadWithParents * Avoid panic on parallel walking on DefinitionOp * solver: skip sbom post processor if result is nil * vendor: github.com/docker/docker v23.0.4 * vendor: github.com/docker/cli v23.0.4 * vendor: golang.org/x/time v0.3.0 * vendor: github.com/docker/cli v23.0.2 * vendor: github.com/docker/docker v23.0.2 * test: don't hang if a process doesn't run * ci: put worker name first for better UX in actions * go.mod: remove github.com/kr/pretty * Revert "Problem: can't use anonymous S3 credentials" * go.mod: bump up runc to v1.1.6 * go.mod: Bump up stargz-snapshotter to v0.14.3 * dockerfile: bump up stargz-snapshotter to v0.14.3 * dockerfile: bump up runc to v1.1.6 * buildkitd: add grpc reflection * Bump up nerdctl to 1.3.0 * Bump up containerd 1.6.20 * Fix gzip decoding of HTTP sources. * ci: update runner os to ubuntu 22.04 * Fix bearer token expiration check (fixes #3779) * docs: update buildkitd.toml with new field info * buildkitd: allow durations for gc config * buildkitd: allow multiple units for gc config * dockerui: expose context detection functions as public * Prevent overflow of runc exit code. * Upgrade to latest go-runc. * runc worker: fix sigkill handling * Dockerfile: RUNC_VERSION=v1.1.5 * client: add client opts to enable system certificates * Make ClientOpts type safe * build(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 * fileop: create new fileOpSolver instance per Exec call * Provide CacheManager to Controller instead of CacheKeyManager. * http: ensure HEAD and GET requests have same headers * docs: add auto-generated sections to buildctl.md * client: allow grpc dial option passthrough * cni: simplify netns creation * add Bass to list of LLB languages * llbsolver: fix sorting of history records * llbsolver: Fix performance of recomputeDigests * solve: use comparables instead of reflection in result struct * vendor: github.com/docker/cli v23.0.1 * vendor: github.com/docker/docker v23.0.1 * client: create oci-layout file in StoreIndex * ci: output annotations for failures * test: set mod vendor * test: use gotestsum to generate reports * fix gateway exec tty cleanup on context.Canceled * fix process termination handling for runc exec * Register builds before recording build history * docs(dockerfile): minimal Dockerfile version support for chmod * Update builder.md to document newly supported --chmod features in both ADD and COPY statements. * use bklog.G(ctx) instead of logrus directly * integration: missing mergeDiff compat check * chore: `translateLegacySolveRequest` does not need to return error checking. * integration: split feature compat check for subtests * integration: missing feature compat check for cache * dockerfile: fix reproducible digest test for non-amd64 * integration: add FeatureMergeDiff compat * integration: add FeatureCacheBackend* compat * integration: enforce features compat through env vars * ci: upstream docs conformance validation * dockerfile(docs): fix liquid syntax * Problem: can't use anonymous S3 credentials * hack: remove build_ci_first_pass script * hack: binaries and cross bake targets * go.mod: update to go 1.20 * Dockerfile: CONTAINERD_VERSION=v1.7.0 * go.mod: github.com/containerd/containerd v1.7.0 * Add Namespace to list of buildkit users. * remove buildinfo * buildinfo: add BUILDKIT_BUILDINFO build arg * buildinfo: mark as deprecated * docs: deprecated features page * rootless: guide for Bottlerocket OS (`sysctl -w user.max_user_namespaces=N`) * rootless: fix up unprivileged mount opts * Dockerfile: CONTAINERD_VERSION=v1.7.0-rc.3, CONTAINERD_ALT_VERSION_16=v1.6.19 * go.mod: github.com/containerd/containerd v1.7.0-rc.3 * version: add "v" prefix to version for tagging convention consistency * remove context name validation from kubepod connhelper * gateway: add hostname option to NewContainer API * fix error message typo * provenance: ensure URLs are redacted before written * test/client: Close buildkit client * docs: missing security policy markdown file * diffapply: do chown before xattrs * Add test for merge of files with capabilities. * fix a possible panic on cache * Update cmd/buildkitd/main_windows.go * ci(validate): use bake * hack: shfmt bake target * hack: generated-files bake target * hack: doctoc bake target * hack: lint bake target * hack: authors Dockerfile and bake target * hack: bake definition with vendor targets * Fix buildkitd panic when frontend input is nil. * ci: trigger workflows on push to release branches * build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 * ci: create GitHub Release for frontend as well * ci: make release depends on image job * lint: fix issues with go 1.20 * remove deprecated golangci-lint linters * update golangci-lint to v1.51.1 * update to go 1.20 * Allow DefinitionOp to track sources * specify a `ResponseHeaderTimeout` value * Ensures that the primary GID is also included in the additional GIDs * ci: fix missing TESTFLAGS env var in test-os workflow * Dockerfile: update containerd to v1.7.0-beta.4, v1.6.18 * go.mod: github.com/containerd/containerd v1.7.0-beta.4 * ci: update softprops/action-gh-release to v0.1.15 * ci: remove unused vars in dockerd workflow * ci: split cross job * Dockerfile: remove binaries-linux-helper stage * ci: rename unclear env vars * readme: fix and update badges * ci: rename build workflow to buildkit * ci: reusable test workflow * ci: move test-os to a dedicated workflow * ci: move frontend integration tests and build to a dedicated workflow * stargz-snapshotter: graduate from experimental * Bump up stargz-snapshotter to v0.14.1 * set osversion in index descriptor from base image * progress: solve status description * ci: update buildx to latest * Dockerfile: update xx to 1.2.1 * integration: make sure registry directory exists * gha: avoid range requests with too big offset * ci: merge test-nydus job in test one * ci: remove branch restriction on pull request event * client: add tests for layerID in comment field * exporter: fix sbom supplement core detection * exporter: fix supplement sboms on empty scratch layer * exporter: fix file layer finder whiteout detection * exporter: canonicalize sbom file paths during search * Add platform tracing socket paths and mounts * integration: log dockerd cmd * integration: set custom flags for dockerd worker * remotecache: proper exporter naming for gha, s3 and azblob * remotecache: explicit names for registry and local * exporter: use compression.ParseAttributes func * remotecache: mutualize compression parsing attrs * lex: add support for optional colon in variable expansion * test: rework TestProcessWithMatches to use a matrix * dockerfile: update to use dockerui pkg * dockerui: separate docker frontend params to reusable package * cache: add fallback for snapshotID * exporter: remove wrappers for oci data types * vendor: github.com/docker/cli v23.0.0 * vendor: github.com/docker/docker v23.0.0 * hack: do not cache some stages on release * hack: do not set attest flags when exporting to docker * git: override the locale to ensure consistent output * fix support for empty git ref with subdir * gitutil: use subtests * source: more tests cases for git identifier * source: use subtests cases for git identifier * otel: bump dependencies to v1.11.2/v0.37.0 * hack: treat unset variables as an error * frontend: fix typo in release script * ci: create matrix for building frontend image * inline cache: fix blob indexes by uncompressed digest * Skip configuring cache exporter if it is nil. * docs: update syntax for labs channel in examples * integration: remove wrong compat condition * integration: fix compat check for CNI DNS test * cache: don’t link blobonly based on chainid * do not mount secrets that are optional and missing from solve opts * SOURCE_DATE_EPOCH: drop timezone * sbom: create tmp directory for scanner image * progress: keep color enabled with NO_COLOR empty * hack: remove azblob_test * integration: basic azblob cache test * test: add proxy build args when existed * vendor: github.com/docker/cli v23.0.0-rc.3 * vendor: github.com/docker/docker v23.0.0-rc.3 * vendor: golang.org/x/net v0.5.0 * vendor: golang.org/x/text v0.6.0 * vendor: golang.org/x/sys v0.4.0 * Dockerfile: CNI plugins v1.2.0 * Dockerfile: CONTAINERD_VERSION=v1.7.0-beta.3, CONTAINERD_ALT_VERSION_16=v1.6.16 * Fix tracing listener on Windows * go.mod: github.com/containerd/containerd v1.7.0-beta.3 * control: send current timestamp header with event streams * vendor: update containerd to v1.6.16-0.1709cfe273d9 * buildctl: add ref-file to get history record for a build * client: make sure ref is configurable for the history API * history: save completed steps with cache stats * history: fix exporter key not being passed * history: fix logs and traces are saving on canceled builds * hack: add correct entrypoint to shell script * ci: use moby/buildkit:latest in build action * dockerfile: add testReproSourceDateEpoch * Fix cache cannot reuse lazy layers * Correct manifests_prefix documentation for S3 cache * Use golang.org/x/sys/windows instead of syscall * dockerfile: release frontend for i386 platform * Add get-user-info utility * optimize --dry-run flag * fix(tracing): spelling of OTEL_TRACES_EXPORTER value * Propagate sshforward send side connection close * buildctl: add `buildctl debug histories, buildctl prune-histories` * dockerfile: fix panic on warnings with multi-platform * vendor: github.com/docker/cli v23.0.0-rc.2 * vendor: github.com/docker/docker v23.0.0-rc.2 * vendor: github.com/containerd/containerd v1.6.15 * cache: add registry.insecure option to registry exporter * Make local cache non-lazy * docs/build-repro.md: add the SOURCE_DATE_EPOCH section * docs: clarified build argument example by changing the variable name * azblob cache: account_name attribute * docs: master -> 0.11 * ci: fix dockerd workflow with latest changes from moby * integration: set mirrors and entitlements with dockerd worker * github: update CI to buildkit version * exporter: ensure spdx order prioritizes primary sbom * hack: remove s3_test * integration: basic s3 cache test * integration: add runCmd and randomString utils * integration: expose backend logs in sandbox interface * azblob_test: pin busybox to avoid "Illegal instruction" error * docs: add nerdctl container buildkitd address docs * feat: add namespace support for nerdctl container * ci: add ci to check README toc * testutil: pin busybox and alpine used in releases * exporter: allow configuring inline attestations for image exporters * exporter: force enabling inline attestations for image export * docs: change semicolons to double ampersands * llbsolver: fix panic when requesting provenance on nil result * vendor: update fsutil to fb43384 * attestation: only supplement file data for the core scan * docs: add index page for attestations * docs: move attestation docs to dedicated directory * docs: rename slsa.md to slsa-provenance.md * docs: tidy up json examples for slsa definitions * docs: add cross-linking between slsa pages * Flakiness in azblob test job * vendor: update spdx/tools-golang to d6f58551be3f * feat: add nerdctl-container support for client * docs: slsa review updates * docs: moved slsa definitions to a separate page * docs: slsa editorial fixes * docs: add filename to provenance attestation * docs: update hermetic field after it was moved in implementation * docs: update provenance docs * docs: add slsa provenance documentation * progress: fix clean context cancelling * fix: updated_at -> updated-at * Solve panic due to concurrent access to ExportSpans * feat: allow ignoring remote cache-export error if failing * add cache stats to the build history API * vendor: github.com/docker/cli v23.0.0-rc.1 * vendor: github.com/docker/docker v23.0.0-rc.1 * vendor: github.com/containerd/containerd v1.6.14 * frontend: fix testMultiStageImplicitFrom to account for busybox changes * sshforward: skip conn close on stream CloseSend. * chore: update buildkitd.toml docs with mirror path example * feat: handle mirror url with path * provenance: fix the order of the build steps * provenance: move hermetic field into a correct struct * add possibility to override filename for provenance * Fix typo in CapExecMountBindReadWriteNoOutput. * Use SkipOutput instead of -1 for output indexes to clarify semantics. * fix indentation for in-toto and traces * attestation: forbid provenance attestations from frontend * attestation: validate attestations before unbundling as well * exporter: make attestation validation public * result: change reason types to strings * attestations: ignore spdx parse errors * attestations: propogate metadata through unbundling * gateway: add addition check to prevent content func from being forwarded * ociindex: add utility method for getting a single manifest from the index * ociindex: refactor to hide implementation internally * cache: test gha cache exporter * containerdexecutor: add network namespace callback * frontend/dockerfile: BFlags.Parse(): use strings.Cut() * frontend/dockerfile: parseExtraHosts(): use strings.Cut() * frontend/dockerfile: parseMount() use strings.Cut(), and some minor cleanup * frontend/dockerfile: move check for cache-sharing * frontend/dockerfile: provide suggestions for mount share mode * frontend/dockerfile: define types for enums * frontend/dockerfile/shell: use strings.Equalfold * frontend/dockerfile/parser: remove redundant concat * frontend/dockerfile: parseBuildStageName(): pre-compile regex * frontend/dockerfile: remove isSSHMountsSupported, isSecretMountsSupported * docs: Enable rootless for stargz-snapshotter * executor/oci: GetResolvConf(): simplify handling of resolv.conf - fix rpmlint errors * systemd units should not have execute permissions * add missing %service_add_pre for the systemd units OBS-URL: https://build.opensuse.org/request/show/1102234 OBS-URL: https://build.opensuse.org/package/show/devel:microos/buildkit?expand=0&rev=4 --- _service | 2 +- _servicedata | 5 +- buildkit-0.11.2.tar.zst | 3 - buildkit-0.12.1.tar.zst | 3 + buildkit.changes | 493 ++++++++++++++++++++++++++++++++++++++++ buildkit.spec | 15 +- vendor.tar.zst | 4 +- 7 files changed, 510 insertions(+), 15 deletions(-) delete mode 100644 buildkit-0.11.2.tar.zst create mode 100644 buildkit-0.12.1.tar.zst diff --git a/_service b/_service index 615b4c5..1165cdd 100644 --- a/_service +++ b/_service @@ -4,7 +4,7 @@ https://github.com/moby/buildkit.git git .git - v0.11.2 + v0.12.1 @PARENT_TAG@ enable v(.*) diff --git a/_servicedata b/_servicedata index 2633ce5..81acf37 100644 --- a/_servicedata +++ b/_servicedata @@ -1,7 +1,6 @@ - https://github.com/moby/buildkit.git - 944939944ca4cc58a11ace4af714083cfcd9a3c7 + bb857a0d49f45aa0ce9cd554b78d4075553e20f9 - + \ No newline at end of file diff --git a/buildkit-0.11.2.tar.zst b/buildkit-0.11.2.tar.zst deleted file mode 100644 index adca7a3..0000000 --- a/buildkit-0.11.2.tar.zst +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1551eb4508575f07a779066db4d4d141ec6a81fdf82619a18fc765b9a96cda3e -size 5397239 diff --git a/buildkit-0.12.1.tar.zst b/buildkit-0.12.1.tar.zst new file mode 100644 index 0000000..d8b588d --- /dev/null +++ b/buildkit-0.12.1.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b3b75fb78c90091238424fd833e248bd7d35099ed754c669134ad2baf8cae0fc +size 5890291 diff --git a/buildkit.changes b/buildkit.changes index 95a55ff..515fd31 100644 --- a/buildkit.changes +++ b/buildkit.changes @@ -1,3 +1,496 @@ +------------------------------------------------------------------- +Wed Aug 02 21:37:05 UTC 2023 - elimat@opensuse.org + +- Update to version 0.12.1: + * executor: fix resource sampler goroutine leak + * [v0.11] make tracing socket forward error non-fatal + * integration: missing env var to check feature compat + * test: update pinned busybox image to 1.36 + * test: update pinned alpine image to 3.18 + * vendor: github.com/docker/docker 8e51b8b59cb8 (master, v25.0.0-dev) + * executor/resource: stub out NewSysSampler on Windows + * vendor: github.com/docker/cli v24.0.4 + * testutil: move CheckContainerdVersion to a separate package + * llbsolver: fix policy rule ordering + * filesync: fix backward compatibility with encoding + and % + * hack: allow to set GO_VERSION during tests + * test: always disable tls for dockerd worker + * buildctl: set max backoff delay to 1 second + * contenthash: data race + * filesync: escape special query characters + * applier: add hack to support docker zstd layers + * Fix various nits + * pullprogress data race + * use sampler lock instead + * Fix ResolveImageConfig to evaluate source policy + * sampler data race fix + * update cgroup parent test to work with cgroupns + * Revert "specify a `ResponseHeaderTimeout` value" + * oci: make sure cgroupns is enabled if supported + * bash lint fix + * rename BUILDFLAGS to GOBUILDFLAGS + * allow ENOTSUP for PSI cgroup files + * containerimage: use platform matcher to detect platform to unpack + * exporter: silently skip unpacking unknown reference + * improve error handling in ReadFile + * dockerfile: arg for controlling go build flags + * dockerfile: arg to enable go race detection + * Add support for health start interval + * Re-vendor moby/moby + * filesync: mark if options have been encoded to detect old versions + * dockerfile: heredoc should use 0644 permissions + * docs: update README to reference OpenTelemetry instead of OpenTracing + * gateway: restore original filename in ReadFile error message + * Dockerfile: update containerd to v1.7.2 + * Use system.ToSlash() instead of filepath.ToSlash() + * Revert most changes to client/llb + * Remove Architecture + * Default to linux in client + * Ensure we use proper path separators + * Set default platform + * Add nil pointer check in dispatchWorkdir + * Remove nil pointer check and extra NormalizePath + * Rename variable, remove superfluous check + * Use current OS as a default + * Handle file paths base on target platform + * exporter: unlazy references in parallel + * exporter: simplify unlazy references to reduce duplication + * exporter: allow unpack on multi-platform images + * tests: add unpack to scratch export test + * overlay: set whiteout timestamps to 1970-01-01 (not to SOURCE_DATE_EPOCH) + * dockerfile: graduate `ADD --checksum=` from labs + * dockerfile: graduate `ADD ` from labs + * dockerfile: mod-outdated target to check modules updates + * dockerfile: use xx in dnsname stage + * dockerfile: install musl-dev to fix compilation issue + * dockerfile: update Alpine to 3.18 + * vendor: update fsutil to 36ef4d8 + * export(local): split opt + * buildctl: Provide --wait option + * containerimage: support SOURCE_DATE_EPOCH for CreatedAt + * move flightcontrol to use generics + * containerimage: keep layer labels for exported images + * shell: start shell from cmd, not entrypoint + * sbom: propogate image-resolve-mode for generator image + * client: add extra debug to tests + * handle missing provenance for non-evaluated result + * tests: add provenance test for duplicate platform + * tests: add provenance test for when context directory does not exist + * forward: make BridgeClient public for lint + * gateway: enable named contexts for gateway frontend + * vendor: update vt100 with resize panic fix + * docs: dockerfile: remove "known issues" related to AuFS + * docs: add running instruction to CONTRIBUTING.md + * tests: add worker close method to interface + * add and check for gateway.exec.secretenv cap + * move Secretenv from Meta to InitMessage + * support passing SecretEnv to gateway containers + * Add comment, update from review + * Fix issue with digest merge (inconsistent graph state) + * docs: add helper commands section to CONTRIBUTING.md + * docs: update CONTRIBUTING.md whitespace formatting + * integration: fix not deleting dockerd workdir + * remove uses of deprecated ResolverOptions.Client + * filesync: fix handling non-ascii in file paths + * tests: add test for unicode filenames + * Adding more docs to client/llb + * Add special case for rw bind mounts + * vendor: github.com/docker/cli v24.0.2 + * vendor: github.com/docker/docker v24.0.2 + * progressui: fix index printing on partial rows + * gateway: wrap ExecProcessServer Send calls with a mutex + * resources: make maxsamples configurable + * llbsolver: add systemusage samples to provenance attestation + * resources: store sys cpu usage per step + * resources: add sampler for periodic stat reads + * resources: CNI network usage sampling support + * resources: add build step resource tracking via cgroups + * solver: lock before using actives + * Emulate "bind" mounts using the bind filter + * Fix mount layers on host + * llbsolver: set temporary lease in Commit context + * Update containerd dependency + * exporter: Add exptypes with Common exporter keys + * exporter/image/exptypes: Make strongly typed + * solver: move AddBuildConfig into llbsolver package + * tests: add test to check url format for image loaded from oci layout + * solver: mark locally loaded images as such + * solver: merge local and remote images into single list + * purl: allow RefToPURL to take a type parameter + * tests: don't use purl code to test itself + * Use linux as a default for inputOS + * Add path handling functions + * response to comments + * containerimage: Export option keys + * vendor: update spdx/tools-golang to v0.5.1 + * exporter: remove non dist options from tar exporter + * exporter: move fs opt parsing to method + * tests: fixup attestation tar to not panic when file not found + * git: set umask without reexec + * add language property for sourcemap + * dockerfile/docs: add set -ex to heredoc #3870 + * authprovider: fix a bug where registry-1.docker.io auth was always a cache miss + * response to comments + * tracing: fix buildx tracing delegation + * Update continuity and fsutil + * cache: add a few more fields to ref trace logs. + * vendor: github.com/containerd/go-runc v1.1.0 + * provenance: fix possible empty digest access + * vendor: fix broken vendoring + * dockerfile: bump up nerdctl to v1.4.0 + * bump nydus-snapshotter dependence to v0.8.2 + * vendor: github.com/docker/cli v24.0.1 + * vendor: github.com/docker/docker v24.0.1 + * vendor: github.com/containerd/containerd v1.7.1 + * vendor: github.com/Microsoft/hcsshim v0.10.0-rc.8 + * vendor: github.com/Microsoft/go-winio v0.6.1 + * vendor: golang.org/x/sys v0.7.0 + * vendor: github.com/containerd/typeurl/v2 v2.1.1 + * chore: bump spdx tools + * Fix typo in attestation-storage.md + * vendor: github.com/docker/cli v24.0.0 + * vendor: github.com/docker/docker v24.0.0 + * vendor: github.com/opencontainers/runc v1.1.7 + * vendor: github.com/opencontainers/runtime-spec v1.1.0-rc.2 + * vendor: github.com/klauspost/compress v1.16.3 + * Dockerfile: CONTAINERD_VERSION=v1.7.1 + * Dockerfile: CONTAINERD_ALT_VERSION_16=v1.6.21 + * Dockerfile: RUNC_VERSION=v1.1.7 + * session: avoid logging healthcheck error on canceled connection + * session: fix run and close synchronization + * testutil: update ReadImages to fallback to reading manifest + * Add trace logs for cache leaks. + * Add some doc strings for LLB functions + * attestations: move containerd media type warnings + * update generated proto files + * attestations: replace intoto media type with vendored const + * nydus: bump nydus versions in Dockerfile and doc + * feedback changes for moby/buildkit #2251 + * testutil: expose underlying docker address for supported workers + * testutil: expose integration workers as public + * remove type aliases for leasemanager/contentstore + * llbsolver: move history blobs to a separate namespace + * build(deps): bump github.com/docker/distribution + * added import/export support for OCI compatible image manifest version of cache manifest (opt-in on export, inferred on import) moby/buildkit #2251 + * llb: carry platform from inputs for merge/diff + * llb: don't include platform in fileop + * control: fix possible deadlock on network error + * exporter/containerimage: remove redundant type for var declaration + * Fix not to set the value on empty vertex + * Fix to import as digest + * cache: always release ref when getting size in usage. + * Drop unneeded variable + * ssh: add fallback to ensure conn is closed in all cases. + * vendor: github.com/opencontainers/image-spec v1.1.0-rc3 + * vendor: github.com/docker/cli v23.0.5 + * vendor: github.com/docker/docker v23.0.5 + * nydus: update nydus-snapshotter dependency to v0.8.0 + * progressui: fix possible zero prefix numbers in logs + * llbsolver: send active event only to current client + * llbsolver: send delete status event + * llbsolver: filter out records marked deleted from list responses + * Add Windows service support + * docs: fixup build repro doc with updated policy format + * test: use appropriate snapshotter service to walk snapshots + * overlay: use function to check for overlay-based mounts + * Update uses of Image platform fields in OCI image-spec + * allow setting user agent products + * Bump up golangci-lint to v1.52.2 + * chore: tidy up duplicated imports + * solver: Release unused refs in LoadWithParents + * Avoid panic on parallel walking on DefinitionOp + * solver: skip sbom post processor if result is nil + * vendor: github.com/docker/docker v23.0.4 + * vendor: github.com/docker/cli v23.0.4 + * vendor: golang.org/x/time v0.3.0 + * vendor: github.com/docker/cli v23.0.2 + * vendor: github.com/docker/docker v23.0.2 + * test: don't hang if a process doesn't run + * ci: put worker name first for better UX in actions + * go.mod: remove github.com/kr/pretty + * Revert "Problem: can't use anonymous S3 credentials" + * go.mod: bump up runc to v1.1.6 + * go.mod: Bump up stargz-snapshotter to v0.14.3 + * dockerfile: bump up stargz-snapshotter to v0.14.3 + * dockerfile: bump up runc to v1.1.6 + * buildkitd: add grpc reflection + * Bump up nerdctl to 1.3.0 + * Bump up containerd 1.6.20 + * Fix gzip decoding of HTTP sources. + * ci: update runner os to ubuntu 22.04 + * Fix bearer token expiration check (fixes #3779) + * docs: update buildkitd.toml with new field info + * buildkitd: allow durations for gc config + * buildkitd: allow multiple units for gc config + * dockerui: expose context detection functions as public + * Prevent overflow of runc exit code. + * Upgrade to latest go-runc. + * runc worker: fix sigkill handling + * Dockerfile: RUNC_VERSION=v1.1.5 + * client: add client opts to enable system certificates + * Make ClientOpts type safe + * build(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 + * fileop: create new fileOpSolver instance per Exec call + * Provide CacheManager to Controller instead of CacheKeyManager. + * http: ensure HEAD and GET requests have same headers + * docs: add auto-generated sections to buildctl.md + * client: allow grpc dial option passthrough + * cni: simplify netns creation + * add Bass to list of LLB languages + * llbsolver: fix sorting of history records + * llbsolver: Fix performance of recomputeDigests + * solve: use comparables instead of reflection in result struct + * vendor: github.com/docker/cli v23.0.1 + * vendor: github.com/docker/docker v23.0.1 + * client: create oci-layout file in StoreIndex + * ci: output annotations for failures + * test: set mod vendor + * test: use gotestsum to generate reports + * fix gateway exec tty cleanup on context.Canceled + * fix process termination handling for runc exec + * Register builds before recording build history + * docs(dockerfile): minimal Dockerfile version support for chmod + * Update builder.md to document newly supported --chmod features in both ADD and COPY statements. + * use bklog.G(ctx) instead of logrus directly + * integration: missing mergeDiff compat check + * chore: `translateLegacySolveRequest` does not need to return error checking. + * integration: split feature compat check for subtests + * integration: missing feature compat check for cache + * dockerfile: fix reproducible digest test for non-amd64 + * integration: add FeatureMergeDiff compat + * integration: add FeatureCacheBackend* compat + * integration: enforce features compat through env vars + * ci: upstream docs conformance validation + * dockerfile(docs): fix liquid syntax + * Problem: can't use anonymous S3 credentials + * hack: remove build_ci_first_pass script + * hack: binaries and cross bake targets + * go.mod: update to go 1.20 + * Dockerfile: CONTAINERD_VERSION=v1.7.0 + * go.mod: github.com/containerd/containerd v1.7.0 + * Add Namespace to list of buildkit users. + * remove buildinfo + * buildinfo: add BUILDKIT_BUILDINFO build arg + * buildinfo: mark as deprecated + * docs: deprecated features page + * rootless: guide for Bottlerocket OS (`sysctl -w user.max_user_namespaces=N`) + * rootless: fix up unprivileged mount opts + * Dockerfile: CONTAINERD_VERSION=v1.7.0-rc.3, CONTAINERD_ALT_VERSION_16=v1.6.19 + * go.mod: github.com/containerd/containerd v1.7.0-rc.3 + * version: add "v" prefix to version for tagging convention consistency + * remove context name validation from kubepod connhelper + * gateway: add hostname option to NewContainer API + * fix error message typo + * provenance: ensure URLs are redacted before written + * test/client: Close buildkit client + * docs: missing security policy markdown file + * diffapply: do chown before xattrs + * Add test for merge of files with capabilities. + * fix a possible panic on cache + * Update cmd/buildkitd/main_windows.go + * ci(validate): use bake + * hack: shfmt bake target + * hack: generated-files bake target + * hack: doctoc bake target + * hack: lint bake target + * hack: authors Dockerfile and bake target + * hack: bake definition with vendor targets + * Fix buildkitd panic when frontend input is nil. + * ci: trigger workflows on push to release branches + * build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 + * ci: create GitHub Release for frontend as well + * ci: make release depends on image job + * lint: fix issues with go 1.20 + * remove deprecated golangci-lint linters + * update golangci-lint to v1.51.1 + * update to go 1.20 + * Allow DefinitionOp to track sources + * specify a `ResponseHeaderTimeout` value + * Ensures that the primary GID is also included in the additional GIDs + * ci: fix missing TESTFLAGS env var in test-os workflow + * Dockerfile: update containerd to v1.7.0-beta.4, v1.6.18 + * go.mod: github.com/containerd/containerd v1.7.0-beta.4 + * ci: update softprops/action-gh-release to v0.1.15 + * ci: remove unused vars in dockerd workflow + * ci: split cross job + * Dockerfile: remove binaries-linux-helper stage + * ci: rename unclear env vars + * readme: fix and update badges + * ci: rename build workflow to buildkit + * ci: reusable test workflow + * ci: move test-os to a dedicated workflow + * ci: move frontend integration tests and build to a dedicated workflow + * stargz-snapshotter: graduate from experimental + * Bump up stargz-snapshotter to v0.14.1 + * set osversion in index descriptor from base image + * progress: solve status description + * ci: update buildx to latest + * Dockerfile: update xx to 1.2.1 + * integration: make sure registry directory exists + * gha: avoid range requests with too big offset + * ci: merge test-nydus job in test one + * ci: remove branch restriction on pull request event + * client: add tests for layerID in comment field + * exporter: fix sbom supplement core detection + * exporter: fix supplement sboms on empty scratch layer + * exporter: fix file layer finder whiteout detection + * exporter: canonicalize sbom file paths during search + * Add platform tracing socket paths and mounts + * integration: log dockerd cmd + * integration: set custom flags for dockerd worker + * remotecache: proper exporter naming for gha, s3 and azblob + * remotecache: explicit names for registry and local + * exporter: use compression.ParseAttributes func + * remotecache: mutualize compression parsing attrs + * lex: add support for optional colon in variable expansion + * test: rework TestProcessWithMatches to use a matrix + * dockerfile: update to use dockerui pkg + * dockerui: separate docker frontend params to reusable package + * cache: add fallback for snapshotID + * exporter: remove wrappers for oci data types + * vendor: github.com/docker/cli v23.0.0 + * vendor: github.com/docker/docker v23.0.0 + * hack: do not cache some stages on release + * hack: do not set attest flags when exporting to docker + * git: override the locale to ensure consistent output + * fix support for empty git ref with subdir + * gitutil: use subtests + * source: more tests cases for git identifier + * source: use subtests cases for git identifier + * otel: bump dependencies to v1.11.2/v0.37.0 + * hack: treat unset variables as an error + * frontend: fix typo in release script + * ci: create matrix for building frontend image + * inline cache: fix blob indexes by uncompressed digest + * Skip configuring cache exporter if it is nil. + * docs: update syntax for labs channel in examples + * integration: remove wrong compat condition + * integration: fix compat check for CNI DNS test + * cache: don’t link blobonly based on chainid + * do not mount secrets that are optional and missing from solve opts + * SOURCE_DATE_EPOCH: drop timezone + * sbom: create tmp directory for scanner image + * progress: keep color enabled with NO_COLOR empty + * hack: remove azblob_test + * integration: basic azblob cache test + * test: add proxy build args when existed + * vendor: github.com/docker/cli v23.0.0-rc.3 + * vendor: github.com/docker/docker v23.0.0-rc.3 + * vendor: golang.org/x/net v0.5.0 + * vendor: golang.org/x/text v0.6.0 + * vendor: golang.org/x/sys v0.4.0 + * Dockerfile: CNI plugins v1.2.0 + * Dockerfile: CONTAINERD_VERSION=v1.7.0-beta.3, CONTAINERD_ALT_VERSION_16=v1.6.16 + * Fix tracing listener on Windows + * go.mod: github.com/containerd/containerd v1.7.0-beta.3 + * control: send current timestamp header with event streams + * vendor: update containerd to v1.6.16-0.1709cfe273d9 + * buildctl: add ref-file to get history record for a build + * client: make sure ref is configurable for the history API + * history: save completed steps with cache stats + * history: fix exporter key not being passed + * history: fix logs and traces are saving on canceled builds + * hack: add correct entrypoint to shell script + * ci: use moby/buildkit:latest in build action + * dockerfile: add testReproSourceDateEpoch + * Fix cache cannot reuse lazy layers + * Correct manifests_prefix documentation for S3 cache + * Use golang.org/x/sys/windows instead of syscall + * dockerfile: release frontend for i386 platform + * Add get-user-info utility + * optimize --dry-run flag + * fix(tracing): spelling of OTEL_TRACES_EXPORTER value + * Propagate sshforward send side connection close + * buildctl: add `buildctl debug histories, buildctl prune-histories` + * dockerfile: fix panic on warnings with multi-platform + * vendor: github.com/docker/cli v23.0.0-rc.2 + * vendor: github.com/docker/docker v23.0.0-rc.2 + * vendor: github.com/containerd/containerd v1.6.15 + * cache: add registry.insecure option to registry exporter + * Make local cache non-lazy + * docs/build-repro.md: add the SOURCE_DATE_EPOCH section + * docs: clarified build argument example by changing the variable name + * azblob cache: account_name attribute + * docs: master -> 0.11 + * ci: fix dockerd workflow with latest changes from moby + * integration: set mirrors and entitlements with dockerd worker + * github: update CI to buildkit version + * exporter: ensure spdx order prioritizes primary sbom + * hack: remove s3_test + * integration: basic s3 cache test + * integration: add runCmd and randomString utils + * integration: expose backend logs in sandbox interface + * azblob_test: pin busybox to avoid "Illegal instruction" error + * docs: add nerdctl container buildkitd address docs + * feat: add namespace support for nerdctl container + * ci: add ci to check README toc + * testutil: pin busybox and alpine used in releases + * exporter: allow configuring inline attestations for image exporters + * exporter: force enabling inline attestations for image export + * docs: change semicolons to double ampersands + * llbsolver: fix panic when requesting provenance on nil result + * vendor: update fsutil to fb43384 + * attestation: only supplement file data for the core scan + * docs: add index page for attestations + * docs: move attestation docs to dedicated directory + * docs: rename slsa.md to slsa-provenance.md + * docs: tidy up json examples for slsa definitions + * docs: add cross-linking between slsa pages + * Flakiness in azblob test job + * vendor: update spdx/tools-golang to d6f58551be3f + * feat: add nerdctl-container support for client + * docs: slsa review updates + * docs: moved slsa definitions to a separate page + * docs: slsa editorial fixes + * docs: add filename to provenance attestation + * docs: update hermetic field after it was moved in implementation + * docs: update provenance docs + * docs: add slsa provenance documentation + * progress: fix clean context cancelling + * fix: updated_at -> updated-at + * Solve panic due to concurrent access to ExportSpans + * feat: allow ignoring remote cache-export error if failing + * add cache stats to the build history API + * vendor: github.com/docker/cli v23.0.0-rc.1 + * vendor: github.com/docker/docker v23.0.0-rc.1 + * vendor: github.com/containerd/containerd v1.6.14 + * frontend: fix testMultiStageImplicitFrom to account for busybox changes + * sshforward: skip conn close on stream CloseSend. + * chore: update buildkitd.toml docs with mirror path example + * feat: handle mirror url with path + * provenance: fix the order of the build steps + * provenance: move hermetic field into a correct struct + * add possibility to override filename for provenance + * Fix typo in CapExecMountBindReadWriteNoOutput. + * Use SkipOutput instead of -1 for output indexes to clarify semantics. + * fix indentation for in-toto and traces + * attestation: forbid provenance attestations from frontend + * attestation: validate attestations before unbundling as well + * exporter: make attestation validation public + * result: change reason types to strings + * attestations: ignore spdx parse errors + * attestations: propogate metadata through unbundling + * gateway: add addition check to prevent content func from being forwarded + * ociindex: add utility method for getting a single manifest from the index + * ociindex: refactor to hide implementation internally + * cache: test gha cache exporter + * containerdexecutor: add network namespace callback + * frontend/dockerfile: BFlags.Parse(): use strings.Cut() + * frontend/dockerfile: parseExtraHosts(): use strings.Cut() + * frontend/dockerfile: parseMount() use strings.Cut(), and some minor cleanup + * frontend/dockerfile: move check for cache-sharing + * frontend/dockerfile: provide suggestions for mount share mode + * frontend/dockerfile: define types for enums + * frontend/dockerfile/shell: use strings.Equalfold + * frontend/dockerfile/parser: remove redundant concat + * frontend/dockerfile: parseBuildStageName(): pre-compile regex + * frontend/dockerfile: remove isSSHMountsSupported, isSecretMountsSupported + * docs: Enable rootless for stargz-snapshotter + * executor/oci: GetResolvConf(): simplify handling of resolv.conf +- fix rpmlint errors + * systemd units should not have execute permissions + * add missing %service_add_pre for the systemd units + ------------------------------------------------------------------- Tue Jan 31 17:50:32 UTC 2023 - Dirk Müller diff --git a/buildkit.spec b/buildkit.spec index d19bde9..4ec4638 100644 --- a/buildkit.spec +++ b/buildkit.spec @@ -23,7 +23,7 @@ %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} %global import_path %{provider_prefix} Name: buildkit -Version: 0.11.2 +Version: 0.12.1 Release: 0 Summary: Toolkit for converting source code to build artifacts License: Apache-2.0 @@ -54,17 +54,20 @@ mkdir -p %{buildroot}%{_bindir}/ mkdir -p %{buildroot}%{_unitdir}/ install -m 0755 _output/buildkitd %{buildroot}%{_bindir}/buildkitd install -m 0755 _output/buildctl %{buildroot}%{_bindir}/buildctl -install -m 0755 %{SOURCE2} %{buildroot}%{_unitdir}/buildkit.service -install -m 0755 examples/systemd/system/buildkit.socket %{buildroot}%{_unitdir}/buildkit.socket +install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/buildkit.service +install -m 0644 examples/systemd/system/buildkit.socket %{buildroot}%{_unitdir}/buildkit.socket + +%pre +%service_add_pre buildkit.socket buildkit.service %post -%systemd_post buildkit.socket buildkit.service +%service_add_post buildkit.socket buildkit.service %preun -%systemd_preun buildkit.socket buildkit.service +%service_del_preun buildkit.socket buildkit.service %postun -%systemd_postun_with_restart buildkit.socket buildkit.service +%service_del_postun buildkit.socket buildkit.service %files %license LICENSE diff --git a/vendor.tar.zst b/vendor.tar.zst index 10d2de8..99fe81d 100644 --- a/vendor.tar.zst +++ b/vendor.tar.zst @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c0564538026e874fe9ea4f691832c81318b33fb79f81dec9757f22ce82e1f325 -size 5752083 +oid sha256:56e300f82bc80b09c5d7d926bb5c7bee18ae38ae5e1d002d820bb41216cb4fd0 +size 4546942