This import comment caused compilation of buildx to fail if `GO111MODULE` was
set to `off`:
Without `GO111MODULE` set (but with `-mod=vendor`:
echo $GO111MODULE
export PKG=github.com/docker/buildx
export LDFLAGS="-X ${PKG}/version.Version=$(git describe --match 'v[0-9]*' --always --tags) -X ${PKG}/version.Revision=$(git rev-parse HEAD) -X ${PKG}/version.Package=${PKG}"
GOFLAGS=-mod=vendor go build -o bin/docker-buildx -ldflags "${LDFLAGS}" ./cmd/buildx
bin/docker-buildx version
github.com/docker/buildx v0.6.0 d9ee3b134cbc2d09513fa7fee4176a3919e05887
When setting `GO111MODULE=off`, it fails on the incorrect import path in the
vendored file (looks like GO111MODULE=on ignores import-path comments?):
export GO111MODULE=off
root@5a55ec1c1eed:/go/src/github.com/docker/buildx# GOFLAGS=-mod=vendor go build -o bin/docker-buildx -ldflags "${LDFLAGS}" ./cmd/buildx
vendor/github.com/moby/buildkit/client/client.go:20:2: code in directory /go/src/github.com/docker/buildx/vendor/github.com/moby/buildkit/util/tracing/otlptracegrpc expects import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc"
vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/connection/connection.go:33:2: found import comments "go.opentelemetry.io/otel/exporters/otlp/internal/otlpconfig" (options.go) and "go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig" (optiontypes.go) in /go/src/github.com/docker/buildx/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The previous implementation had many issues. Eg. on fetch, even if
the data already existed and no remote connections were needed
the request would still be waiting in the queue. Or if two fetches
of same blob happened together they would take up two places in queue
although there was only one remote request.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This is a safer alternative until we figure out why
http.Transport based limiting fails.
Some connections like cache export/import do not have a
domain key atm and these connections use global pool.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Hopefully this can be removed with a future upstream change
that could make this configurable. The package also needs
internal dependency that is copied in.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This allows using the resolver package without having to import
the buildkit daemon configuration.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This updates all occurrences of Go 1.13 to Go 1.16; also updated
the code that's used to redact credentials in URLs to use the Go
implementation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch updates the script and Dockerfile to prevent issues when using go
modules.
The first change is to use a plain `git clone` instead of `go get -d` to download
the source. While (like "pre go-modules") `go get -d` won't *build* the binaries
when go modules are used, it *will* use go modules to download the package
(and dependencies); as a result:
- no git repository will be cloned in gopath
- go modules will be downloaded for "master" (not the version that we specify
to build)
Note: Once we update to Go 1.16, this script could be updated to use `go install <repo>@version`
The second change is an update to the `update-generated-files` script to detect
the correct version of google/protobuf to use from the `go.mod`'s `replace` rule,
to make sure we generate (and verify) using the correct version.
The Dockerfile was also updated to update the default versions specified in the
PROTOBUF_VERSION and GOGO_VERSION build-args (although not strictly necessary).
Regenerating the files with this version resulted in a minor formatting change.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some registries (notably Quay) issue tokens that expire without providing an `expires in` value in the authorization payload. Therefore, if a token produces a 401, we should remove it and re-fetch.
Signed-off-by: Corey Larson <corey@earthly.dev>
The `plugins.linux.shim` section in the `config.toml` in the previous code
is meaningless for runtime v2.
For runtime v2, we need to just override `$PATH` to ensure the shim
binary path.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
- the git protocol detection is required by buildx, and should reside in
a seperate exported gitutil package.
Signed-off-by: Alex Couture-Beil <alex@earthly.dev>
Some registries can be flaky and return intermittent 5xx errors. This
change allows those errors to be retried, similarly to network-level
errors.
Note that this needs the upstream containerd fix
https://github.com/containerd/containerd/pull/5276 to work reliably.
This was tested with a registry that was modified to return 504 on every
other manifest PUT. Without the change, exports to the registry fail
every other attempt. With the change and the related containerd change,
exports to the registry always succeed.
Signed-off-by: Aaron Lehmann <alehmann@netflix.com>
There was a race with context getting cancelled and new request
arriving that could resulted new request to receive cancelled result
as well. This happened because lock was held when getting the Done()
channel but it could have been already released by the time returned
channel was closed.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Fix: #1737
On Linux v5.6+ docker start-up would trigger the exec-stack warning:
process 'docker/tmp/qemu-check490284163/check' started with executable stack
Mark all the binfmt_mist tests as having a non-executable stack, and
regenerate the *_binary.go files.
Additionally fix trailing whitespace and add missing end-of-file newlines.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Vlad A. Ionescu <vladaionescu@users.noreply.github.com>
Check if context is canceled before returning cached token or err.
Signed-off-by: Vlad A. Ionescu <vladaionescu@users.noreply.github.com>
Fix possible race conditions
Signed-off-by: Vlad A. Ionescu <vladaionescu@users.noreply.github.com>
Fix block
Signed-off-by: Vlad A. Ionescu <vladaionescu@users.noreply.github.com>
`go test` complains about this tree because the package ends up with no
symbols on non-Linux platforms, e.g., Windows, even though this API is
never be called on non-Linux platforms, according to the compiler.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
Although we don't run any integration tests on Windows at this time,
this does mean that the SKIP_INTEGRATION_TESTS env-var works, so we can
run a wider range of non-integration tests without spurious failures.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
There's no Loopback CNI plugin for Windows as far as I can see, so I'm
assuming it's not needed.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
The `WithLoNetwork` and `WithConfFile` options consume the
`WithPluginDir` and `WithInterfacePrefix` settings, so they must come
first.
This fixes the issue that the provided plugin directory was not used for
the provided configuration file. This would have been more visible, but
the default `InterfacePrefix` is already "eth".
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
The Windows API is completely different, so the common code cannot
create the unique identifier, but must accept what the OS-specific code
does.
For Linux, it's a pathname. In Windows, it's a GUID string.
This pulls in direct usage of Microsoft/hcsshim, which previously was
only an indirect usage via containerd calls from, e.g., localMounter on
Windows.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
Koichi Shiraishi
Sebastiaan van Stijn
Tõnis Tiigi
Akihiro Suda
Morlay
Akihiro Suda
Cory Bennett
ktock
Corey Larson
Alex Couture-Beil
Aaron Lehmann
Vlad A. Ionescu
zhangwenlong
Tibor Vass
Tibor Vass
Kees Cook
Ilya Dmitrichenko
Erik Sipsma
Miguel Ángel Jimeno
Jon Zeolla
Paul "TBBle" Hampson