Commit Graph

3669 Commits (9004de880471f193b927c5aeb2e87a8f12d1efd7)

Author SHA1 Message Date
Erik Sipsma 5c4dcb2741 cache: add support for Diff refs.
This allows you to create refs that are single layers representing the
diff between any two arbitrary refs. The primary use case for this is
to allows users to extract the changes created by ops like Exec and
rebase them elsewhere through MergeOp. However, there is no restriction
on the inputs to DiffOp and the resulting ref's layer is simply the
layer created by running the differ on the two inputs refs
(specifically, the same differ used during exports).

A Diff ref can be mounted by itself, in which case it is defined as the
result of applying the diff to Scratch. Most use cases though will use
Diff refs as the input to a MergeOp, in which case the diff is just
applied on top of the lower merge inputs, as was the case before.

In cases like Diff(A, A->B->C) (i.e. cases where the diff is between two
refs where the lower is an ancestor of upper), the diff will be defined
as the layers separating the two refs. In other cases, the diff is just
a single layer, not re-used from the inputs, representing the diff
between the two refs (which can be defined as the layer "Diff(A,B)" that
satisfies "Merge(A, Diff(A,B)) == B").

Note that there is technically a meaningful difference between the
"unmerge" behavior of extracting the layers separating diffs and the
"simple diff" of just running the differ on the two refs. Namely, in the
case where there are "intermediate deletes" (i.e. deletes that only
exist in layers between A and B but not between A and B by themselves),
then the simple diff and unmerge can create different results when
plugged into a MergeOp. This is due to the fact that intermediate
deletes will apply to the merge when using the unmerge behavior, but not
when using the simple diff. This is on top of the fact that the simple
diff inherently has a "flattening" behavior where multiple layers are
squashed into a single one.

So, in the case where lower is an ancestor of upper, we choose to follow
the unmerge behavior, but it's possible users may prefer the simple diff
behavior. As of right now, they won't be able to do so, but if needed we
can add the ability to choose which behavior is followed in the future.
This could be done through a flag provided to DiffOp or possibly by
adapting llb.Copy to support this type of behavior with the same
efficiency as DiffOp.

Signed-off-by: Erik Sipsma <erik@sipsma.dev>
2022-01-06 11:05:51 -08:00
Akihiro Suda 15fb1145af
Merge pull request #2491 from ktock/overlayfs-redirect
Disable redirect_dir for avoiding incorrect diff
2022-01-05 14:03:04 +09:00
coryb 1725efc1f4
Merge pull request #2545 from coryb/umask-git-panic
fix panic from umask-git on invalid ref
2022-01-04 08:48:43 -08:00
coryb 397c98bdf8 fix panic from umask-git on invalid ref
If the ref is invalid we are seeing a panic from `umask-git` because
the error type is not always a unix.WaitStatus:
```
    #1 0.227 fatal: Not a valid object name 000111222333444555666777888999aaabbbcccd^{commit}
    #1 0.229 panic: interface conversion: interface {} is syscall.WaitStatus, not unix.WaitStatus
    #1 0.229
    #1 0.229 goroutine 1 [running]:
    #1 0.229 github.com/moby/buildkit/source/git.gitMain()
    #1 0.229 	/src/source/git/gitsource_unix.go:66 +0x27d
    #1 0.229 github.com/docker/docker/pkg/reexec.Init(...)
    #1 0.229 	/src/vendor/github.com/docker/docker/pkg/reexec/reexec.go:26
    #1 0.229 main.init.0()
    #1 0.229 	/src/cmd/buildkitd/main.go:76 +0xf6
    #1 0.633 fatal: reference is not a tree: 000111222333444555666777888999aaabbbcccd
    #1 0.635 panic: interface conversion: interface {} is syscall.WaitStatus, not unix.WaitStatus
    #1 0.635
    #1 0.635 goroutine 1 [running]:
    #1 0.635 github.com/moby/buildkit/source/git.gitMain()
    #1 0.635 	/src/source/git/gitsource_unix.go:66 +0x27d
    #1 0.635 github.com/docker/docker/pkg/reexec.Init(...)
    #1 0.635 	/src/vendor/github.com/docker/docker/pkg/reexec/reexec.go:26
    #1 0.635 main.init.0()
    #1 0.635 	/src/cmd/buildkitd/main.go:76 +0xf6
```

This is from trying to solve:
```
    llb.Git("https://github.com/moby/buildkit.git", "000111222333444555666777888999aaabbbcccd")
```

Signed-off-by: coryb <cbennett@netflix.com>
2022-01-03 15:59:26 -08:00
Akihiro Suda a8278dd166
Merge pull request #2521 from tonistiigi/dockerfile-named-contexts
dockerfile: add support for named contexts
2021-12-27 20:24:02 +09:00
Kohei Tokunaga bc5cfe960b Disable redirect_dir for overlayfs snapshotter
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
2021-12-24 11:58:44 +09:00
Tõnis Tiigi d6b191e33a
Merge pull request #2531 from crazy-max/hack-skip-platform
hack: use local platform if none defined
2021-12-21 21:51:58 -08:00
CrazyMax cd8c2cb198
hack: use local platform if none defined
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-12-20 22:39:26 +01:00
Tonis Tiigi 23709ef316 dockerfile: set current platform on image based named context
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-12-15 20:56:46 -08:00
Tonis Tiigi 20285bb53e dockerfile: test named contexts with multi-platform
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-12-15 20:55:51 -08:00
Tonis Tiigi 4eadeaf0f2 dockerfile: add support for named contexts
Stages and implicit stages from image names can be
redefined with build options.

This enables using more that one source directory
and reusing results from other builds. This can also
be used to use a local image from other build without
including a registry.

Contexts need to be defined as `context:name=` frontend
options. The value can be image, git repository,
URL, local directory or a frontend input.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-12-15 20:51:01 -08:00
Tõnis Tiigi 539be17089
Merge pull request #2428 from tonistiigi/default-user-groups
executor: make sure supplementary groups are set for unset user
2021-12-14 17:02:09 -08:00
Tõnis Tiigi 76234fa1c7
Merge pull request #2498 from tonistiigi/warnings-updates
Updates to warnings handling
2021-12-14 17:01:46 -08:00
Tonis Tiigi 872518e334 update warning type definition
Detail is now an array and URL is a separate field.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-12-13 21:38:20 -08:00
Tõnis Tiigi 4a1cbd73b0
Merge pull request #2522 from csweichel/master
README.md: Add Gitpod as consuming project
2021-12-13 10:40:30 -08:00
Tõnis Tiigi d4cc369928
Merge pull request #2523 from AkihiroSuda/buildkit-nix
README.md: add buildkit-nix frontend
2021-12-13 10:39:51 -08:00
Akihiro Suda 4d09c1ea8e
README.md: add buildkit-nix frontend
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-12-13 21:31:58 +09:00
Christian Weichel 90ae971b5b README.md: Add Gitpod as consuming project
Signed-off-by: Christian Weichel <chris@gitpod.io>
2021-12-13 12:02:01 +00:00
Tõnis Tiigi 8700be3961
Merge pull request #2520 from hansbogert/patch-1
doc(buildkitd.toml.md): Add mirror configuration
2021-12-11 11:03:10 -08:00
Akihiro Suda 0dfc2aa421
Merge pull request #2518 from everpeace/fix-authority-header
Setting just servername to :authority pseudo header in client when using TLS.
2021-12-11 18:39:32 +09:00
Tõnis Tiigi b9c4e0b302
Merge pull request #2486 from alexcb/acb/update-fsutil-and-docker
update fsutil and docker
2021-12-10 21:35:31 -08:00
Hans van den Bogert cbafa22053 doc(buildkitd.toml.md): Add mirror configuration
Signed-off-by: Hans van den Bogert <hansbogert@gmail.com>
2021-12-10 21:09:29 +01:00
Tõnis Tiigi e89482149f
Merge pull request #2519 from aaronlehmann/dedup-mounts-panic
Fix out-of-bounds panic in dedupMounts
2021-12-10 10:53:15 -08:00
Tõnis Tiigi ccd6964323
Merge pull request #2517 from sipsma/diffop-prep
DiffOp Preparation Commits
2021-12-10 10:50:41 -08:00
Aaron Lehmann 9534552955 Fix out-of-bounds panic in dedupMounts
It looks like the intent is to keep track of the index in 'ret' where a
destination was written, but that's not what the current code is doing.

Signed-off-by: Aaron Lehmann <alehmann@netflix.com>
2021-12-10 09:26:30 -08:00
Shingo Omura ccbf7f3386
Setting just servername to :authority pseudo header in client when using tls.
HTTP/2(RFC7540) defines :authority pseudo header includes the authority portion
of target URI but it must not include userinfo part (i.e. url.Host).

However, when TLS certificate specified, grpc-go requires it must match
with its servername specified for certificate validation.

Signed-off-by: Shingo Omura <everpeace@gmail.com>
2021-12-10 21:13:25 +09:00
Erik Sipsma 0ddfb544b5 snapshot: cleanup diffApply and prepare for DiffOp
This breaks the giant blob that was the diffApply function into two
separate parts, a differ and an applier, which results in more modular
code that should be easier to follow and easier to make any future
updates to. For example, if we want to optimize by allowing differ and
applier to run in parallel in the future, that's straightforward now.

There are also some fixes that weren't needed for MergeOp, but will be
for DiffOp, such as correctly handling the case where a deletion is
applied that is under parent directories which don't exist yet (the
correct behavior is, surprisingly, to create the parent directories as
that is what the image import/export code ends up doing).

Signed-off-by: Erik Sipsma <erik@sipsma.dev>
2021-12-09 21:21:35 -08:00
Erik Sipsma abf373a3b6 cache: Disable overlay diff for native snapshotter
Before this change, test cases were running with an env var that forces
the overlay differ to be on even when the native snapshotter was being
used, which resulted in failures. Now, that env var is skipped when
using the native snapshotter.

Additionally, this includes a related change to skip even trying to use
the overlay differ when the native snapshotter is in use. Previously,
the blob creation code first tried to use the overlay differ and then
failed and fell back to the double-walking differ. Now, it just jumps
right to the double-walking differ when the native snapshotter is in
use.

Signed-off-by: Erik Sipsma <erik@sipsma.dev>
2021-12-09 21:02:44 -08:00
Erik Sipsma 2bfad4b0dc Change integration.Test from a func to a interface
Using an interface instead of a func is more flexible while achieving
the same effect. It allows you to succintly define a large number of
test cases as structs, as is common in table-driven testing.

A helper func is added that converts the existing test funcs into the
interface, so the change is fairly seamless.

Signed-off-by: Erik Sipsma <erik@sipsma.dev>
2021-12-09 20:35:48 -08:00
Alex Couture-Beil 390c6886f4
update fsutil and docker
update fsutils to 61a57076b9b065af88eb10f699926d7e8793910c
which is required to pull in moby/moby#43047

Signed-off-by: Alex Couture-Beil <alex@earthly.dev>
2021-12-08 11:01:10 -08:00
Alex Couture-Beil c55a0b888c
use newer MatchesUsingParentResults
switch to using newer MatchesUsingParentResults methods which were
introduced in https://github.com/moby/moby/pull/43037

Signed-off-by: Alex Couture-Beil <alex@earthly.dev>
2021-12-08 09:41:55 -08:00
Alex Couture-Beil 197f619956
update fsutil and docker
update fsutil to include this patch: d952e50eae

docker also had to be updated due to 2d121ce88f

Signed-off-by: Alex Couture-Beil <alex@earthly.dev>
2021-12-08 09:41:52 -08:00
Tõnis Tiigi 90690ca0c9
Merge pull request #2509 from tonistiigi/archutil-bullseye
archutil: update generator
2021-12-07 20:39:38 -08:00
Tõnis Tiigi 70d7ac4ced
Merge pull request #2489 from thisismydesign/patch-1
Clarify Export cache docs
2021-12-07 20:39:28 -08:00
Tõnis Tiigi bfd3cfb6a0
Merge pull request #2507 from sipsma/mobymerge
Update tests for consistency w/ dockerd.
2021-12-07 10:34:18 -08:00
Tonis Tiigi 86b4bdbca4 archutil: update generator
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-12-06 22:25:25 -08:00
Erik Sipsma 0539181757 Update tests for consistency w/ dockerd.
When vendored into moby, the local exporter uses a user map that results
in all files being given at most 755 permissions. This change updates
the test to use permissions less than or equal to that to make tests
equivalent whether running w/ dockerd worker or any other type.

Additionally, add assertions that exported images also have the expected
contents, which helps ensures consistency between images created by
dockerd and those created by vanilla buildkit.

Signed-off-by: Erik Sipsma <erik@sipsma.dev>
2021-12-06 19:18:16 -08:00
Akihiro Suda 539558b58d
Merge pull request #2506 from tonistiigi/update-actions-cache
vendor: update go-actions-cache to 96427041
2021-12-06 14:26:24 +09:00
Csaba Apagyi 44fe33967e Clarify export cache docs
Signed-off-by: Csaba Apagyi <csaba.apagyi@gmail.com>
2021-12-04 16:25:37 +01:00
Tonis Tiigi f0c28eaf00 vendor: update go-actions-cache to 96427041
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-12-03 15:57:46 -08:00
Tõnis Tiigi f24f0a87b5
Merge pull request #2505 from thaJeztah/update_crypto_ssh
go.mod: golang.org/x/crypto v0.0.0-20211202192323-5770296d904e
2021-12-03 10:33:14 -08:00
Sebastiaan van Stijn 367ae027cf
go.mod: golang.org/x/crypto v0.0.0-20211202192323-5770296d904e
full diff: 0c34fe9e7d...5770296d90

includes a fix in golang.org/x/crypto/ssh for CVE-2021-43565

- golang/go#49932
- 5770296d90

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-12-03 09:09:16 +01:00
Tõnis Tiigi d68e5d8d10
Merge pull request #2499 from djds/master
hack: update install-buildx
2021-12-02 18:20:12 -08:00
Tonis Tiigi 71316c6f29 split warning message into short and detail
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-12-02 18:17:35 -08:00
Tõnis Tiigi 188b696ac3
Merge pull request #2493 from ktock/bump-stargz-snapshotter-v0.10.1 2021-12-02 13:41:45 -08:00
Erik Sipsma c64578c23f
Merge pull request #2503 from sipsma/fix-merge-blobchainid
Fix merge blobchainid
2021-12-02 13:11:18 -08:00
Erik Sipsma 441f1e7b27 cache: log missing providers for blobchainID ref
Before this, if you try to get a ref with an equal blobchain in
GetByBlob but hit a missing provider, the error was just returned. While
we never expect this situation to happen (you shouldn't be able to hit
this line if you didn't already have providers for each blob in the
chain), it technically shouldn't fail the build as you can just continue
on without re-using the ref with equal blobchainID.

Now, we log this at error level but allow the build to continue.

Signed-off-by: Erik Sipsma <erik@sipsma.dev>
2021-12-02 12:28:28 -08:00
Erik Sipsma 5872bf3dd1 cache: fix merge ref chain IDs.
This fixes an issue where merge refs were incorrectly setting their
chain IDs to their last input's ID. This resulted in errors where
GetByBlob thought the merge ref and the final input ref were equivalent.

Now, merge refs have their chain IDs computed by digesting each blob in
the full chain.

Signed-off-by: Erik Sipsma <erik@sipsma.dev>
2021-12-02 12:21:44 -08:00
Kohei Tokunaga ae565231a0 Bump up github.com/containerd/stargz-snapshotter to v0.10.1
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
2021-12-02 13:51:22 +09:00
Tõnis Tiigi dea9a4a9da
Merge pull request #2500 from thaJeztah/lint_nits
util/sshutil: minor linting / warning nits
2021-12-01 12:35:36 -08:00