From 7d51e65e725d524305c9247245e88dfa391598e7 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 17 Oct 2022 21:10:14 +0200 Subject: [PATCH 1/4] [20.10] vendor: github.com/moby/buildkit 3a1eeca59a9263613d996ead67d53a4b7d45723d (v0.8 branch) To align with docker v20.10.19 full diff: https://github.com/moby/buildkit/compare/8142d66b5ebde79846b869fba30d9d30633e74aa...3a1eeca59a9263613d996ead67d53a4b7d45723d Signed-off-by: Sebastiaan van Stijn --- vendor.conf | 2 +- vendor/github.com/moby/buildkit/README.md | 2 +- .../buildkit/api/services/control/generate.go | 2 +- .../moby/buildkit/api/types/generate.go | 2 +- .../moby/buildkit/client/client_unix.go | 1 + .../moby/buildkit/frontend/gateway/pb/caps.go | 2 +- .../moby/buildkit/frontend/gateway/pb/generate.go | 2 +- vendor/github.com/moby/buildkit/go.mod | 15 +++++++++++++-- .../moby/buildkit/solver/errdefs/solve.go | 2 +- .../moby/buildkit/util/apicaps/pb/generate.go | 2 +- .../buildkit/util/appcontext/appcontext_unix.go | 1 + .../buildkit/util/appdefaults/appdefaults_unix.go | 1 + .../moby/buildkit/util/system/path_unix.go | 1 + .../moby/buildkit/util/system/path_windows.go | 1 + .../moby/buildkit/util/system/seccomp_linux.go | 1 + .../moby/buildkit/util/system/seccomp_nolinux.go | 1 + .../buildkit/util/system/seccomp_noseccomp.go | 1 + 17 files changed, 29 insertions(+), 10 deletions(-) diff --git a/vendor.conf b/vendor.conf index 824b20ccdc6f..eac8c0842c43 100755 --- a/vendor.conf +++ b/vendor.conf @@ -46,7 +46,7 @@ github.com/Microsoft/go-winio 5b44b70ab3ab4d291a7c1d28afe7 github.com/Microsoft/hcsshim 5bc557dd210ff2caf615e6e22d398123de77fc11 # v0.8.9 github.com/miekg/pkcs11 210dc1e16747c5ba98a03bcbcf728c38086ea357 # v1.0.3 github.com/mitchellh/mapstructure d16e9488127408e67948eb43b6d3fbb9f222da10 # v1.3.2 -github.com/moby/buildkit 8142d66b5ebde79846b869fba30d9d30633e74aa # v0.8.1 +github.com/moby/buildkit 3a1eeca59a9263613d996ead67d53a4b7d45723d # v0.8.3-29-g3a1eeca5 github.com/moby/sys 1bc8673b57550ddf85262eb0fed0aac651a37dab # symlink/v0.1.0 (latest tag, either mount/vXXX, mountinfo/vXXX or symlink/vXXX) github.com/moby/term 3f7ff695adc6a35abc925370dd0a4dafb48ec64d github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3 diff --git a/vendor/github.com/moby/buildkit/README.md b/vendor/github.com/moby/buildkit/README.md index 2ea64c78ba06..ca7b76eb070c 100644 --- a/vendor/github.com/moby/buildkit/README.md +++ b/vendor/github.com/moby/buildkit/README.md @@ -189,7 +189,7 @@ buildctl build \ buildctl build \ --frontend gateway.v0 \ --opt source=docker/dockerfile \ - --opt context=git://github.com/moby/moby \ + --opt context=https://github.com/moby/moby.git \ --opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org ``` diff --git a/vendor/github.com/moby/buildkit/api/services/control/generate.go b/vendor/github.com/moby/buildkit/api/services/control/generate.go index 9a3b24613e17..ea624c4e088c 100644 --- a/vendor/github.com/moby/buildkit/api/services/control/generate.go +++ b/vendor/github.com/moby/buildkit/api/services/control/generate.go @@ -1,3 +1,3 @@ -package moby_buildkit_v1 //nolint:golint +package moby_buildkit_v1 //nolint:revive //go:generate protoc -I=. -I=../../../vendor/ -I=../../../../../../ --gogo_out=plugins=grpc:. control.proto diff --git a/vendor/github.com/moby/buildkit/api/types/generate.go b/vendor/github.com/moby/buildkit/api/types/generate.go index 984bb74ce1ec..1689e7d7f195 100644 --- a/vendor/github.com/moby/buildkit/api/types/generate.go +++ b/vendor/github.com/moby/buildkit/api/types/generate.go @@ -1,3 +1,3 @@ -package moby_buildkit_v1_types //nolint:golint +package moby_buildkit_v1_types //nolint:revive //go:generate protoc -I=. -I=../../vendor/ -I=../../../../../ --gogo_out=plugins=grpc:. worker.proto diff --git a/vendor/github.com/moby/buildkit/client/client_unix.go b/vendor/github.com/moby/buildkit/client/client_unix.go index 888a8173ad06..dc55a4b6e60a 100644 --- a/vendor/github.com/moby/buildkit/client/client_unix.go +++ b/vendor/github.com/moby/buildkit/client/client_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package client diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/pb/caps.go b/vendor/github.com/moby/buildkit/frontend/gateway/pb/caps.go index efddd746d362..4f4e0c363a53 100644 --- a/vendor/github.com/moby/buildkit/frontend/gateway/pb/caps.go +++ b/vendor/github.com/moby/buildkit/frontend/gateway/pb/caps.go @@ -1,4 +1,4 @@ -package moby_buildkit_v1_frontend //nolint:golint +package moby_buildkit_v1_frontend //nolint:revive import "github.com/moby/buildkit/util/apicaps" diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/pb/generate.go b/vendor/github.com/moby/buildkit/frontend/gateway/pb/generate.go index e17b9daf6b1a..2e55abb1b099 100644 --- a/vendor/github.com/moby/buildkit/frontend/gateway/pb/generate.go +++ b/vendor/github.com/moby/buildkit/frontend/gateway/pb/generate.go @@ -1,3 +1,3 @@ -package moby_buildkit_v1_frontend //nolint:golint +package moby_buildkit_v1_frontend //nolint:revive //go:generate protoc -I=. -I=../../../vendor/ -I=../../../../../../ --gogo_out=plugins=grpc:. gateway.proto diff --git a/vendor/github.com/moby/buildkit/go.mod b/vendor/github.com/moby/buildkit/go.mod index 07d71292459a..cf4c02973236 100644 --- a/vendor/github.com/moby/buildkit/go.mod +++ b/vendor/github.com/moby/buildkit/go.mod @@ -9,7 +9,7 @@ require ( github.com/Microsoft/hcsshim v0.8.10 github.com/codahale/hdrhistogram v0.0.0-20160425231609-f8ad88b59a58 // indirect github.com/containerd/console v1.0.1 - github.com/containerd/containerd v1.4.1-0.20201117152358-0edc412565dc + github.com/containerd/containerd v1.4.1-0.20201117152358-0edc412565dc // the actual version is replaced in replace() github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe github.com/containerd/go-cni v1.0.1 github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0 @@ -46,6 +46,7 @@ require ( github.com/opencontainers/image-spec v1.0.1 github.com/opencontainers/runc v1.0.0-rc92 github.com/opencontainers/runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6 + github.com/opencontainers/selinux v1.8.0 github.com/opentracing-contrib/go-stdlib v1.0.0 github.com/opentracing/opentracing-go v1.2.0 github.com/pkg/errors v0.9.1 @@ -62,7 +63,7 @@ require ( golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9 golang.org/x/net v0.0.0-20200707034311-ab3426394381 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208 - golang.org/x/sys v0.0.0-20201013081832-0aaa2718063a + golang.org/x/sys v0.0.0-20210507161434-a76c4d0a0096 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 // genproto: the actual version is replaced in replace() google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece @@ -70,6 +71,16 @@ require ( ) replace ( + // containerd: vendoring from the docker/20.10 branch in https://github.com/moby/containerd + // + // Forked from 0edc412565dcc6e3d6125ff9e4b009ad4b89c638 (20201117) with: + // - `images: validate document type before unmarshal` (eb9ba7ed8d46d48fb22362f9d91fff6fb837e37e) + // - `schema1: reject ambiguous documents` (70c88f507579277ab7af23b06666e3b57d4b4f2d) + // - `Fix the Inheritable capability defaults` (6906b57c721f9114377ceb069662b196876915c0) + // - `Adjust overlay tests to expect "index=off"` (#4719, for ease of cherry-picking #5076) + // - `overlay: support "userxattr" option (kernel 5.11)` (#5076) + // - `docker: avoid concurrent map access panic` (#4855) + github.com/containerd/containerd => github.com/moby/containerd v0.0.0-20220901192706-96c5ae04b678 // protobuf: corresponds to containerd github.com/golang/protobuf => github.com/golang/protobuf v1.3.5 github.com/hashicorp/go-immutable-radix => github.com/tonistiigi/go-immutable-radix v0.0.0-20170803185627-826af9ccf0fe diff --git a/vendor/github.com/moby/buildkit/solver/errdefs/solve.go b/vendor/github.com/moby/buildkit/solver/errdefs/solve.go index 97ce5a3f92a1..a84053ecc9ad 100644 --- a/vendor/github.com/moby/buildkit/solver/errdefs/solve.go +++ b/vendor/github.com/moby/buildkit/solver/errdefs/solve.go @@ -14,7 +14,7 @@ func init() { typeurl.Register((*Solve)(nil), "github.com/moby/buildkit", "errdefs.Solve+json") } -//nolint:golint +//nolint:revive type IsSolve_Subject isSolve_Subject // SolveError will be returned when an error is encountered during a solve that diff --git a/vendor/github.com/moby/buildkit/util/apicaps/pb/generate.go b/vendor/github.com/moby/buildkit/util/apicaps/pb/generate.go index addfccfade01..d2feccfd5ed1 100644 --- a/vendor/github.com/moby/buildkit/util/apicaps/pb/generate.go +++ b/vendor/github.com/moby/buildkit/util/apicaps/pb/generate.go @@ -1,3 +1,3 @@ -package moby_buildkit_v1_apicaps //nolint:golint +package moby_buildkit_v1_apicaps //nolint:revive //go:generate protoc -I=. -I=../../../vendor/ -I=../../../../../../ --gogo_out=plugins=grpc:. caps.proto diff --git a/vendor/github.com/moby/buildkit/util/appcontext/appcontext_unix.go b/vendor/github.com/moby/buildkit/util/appcontext/appcontext_unix.go index b586e2f6131e..366edc68b399 100644 --- a/vendor/github.com/moby/buildkit/util/appcontext/appcontext_unix.go +++ b/vendor/github.com/moby/buildkit/util/appcontext/appcontext_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package appcontext diff --git a/vendor/github.com/moby/buildkit/util/appdefaults/appdefaults_unix.go b/vendor/github.com/moby/buildkit/util/appdefaults/appdefaults_unix.go index 6252147e0d6c..499e8771844b 100644 --- a/vendor/github.com/moby/buildkit/util/appdefaults/appdefaults_unix.go +++ b/vendor/github.com/moby/buildkit/util/appdefaults/appdefaults_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package appdefaults diff --git a/vendor/github.com/moby/buildkit/util/system/path_unix.go b/vendor/github.com/moby/buildkit/util/system/path_unix.go index f3762e69d36a..ff01143eef22 100644 --- a/vendor/github.com/moby/buildkit/util/system/path_unix.go +++ b/vendor/github.com/moby/buildkit/util/system/path_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package system diff --git a/vendor/github.com/moby/buildkit/util/system/path_windows.go b/vendor/github.com/moby/buildkit/util/system/path_windows.go index 3fc47449484e..85141668270d 100644 --- a/vendor/github.com/moby/buildkit/util/system/path_windows.go +++ b/vendor/github.com/moby/buildkit/util/system/path_windows.go @@ -1,3 +1,4 @@ +//go:build windows // +build windows package system diff --git a/vendor/github.com/moby/buildkit/util/system/seccomp_linux.go b/vendor/github.com/moby/buildkit/util/system/seccomp_linux.go index 62afa03fef03..6e0b2ff84fbb 100644 --- a/vendor/github.com/moby/buildkit/util/system/seccomp_linux.go +++ b/vendor/github.com/moby/buildkit/util/system/seccomp_linux.go @@ -1,3 +1,4 @@ +//go:build linux && seccomp // +build linux,seccomp package system diff --git a/vendor/github.com/moby/buildkit/util/system/seccomp_nolinux.go b/vendor/github.com/moby/buildkit/util/system/seccomp_nolinux.go index e348c379a903..b86d0230276e 100644 --- a/vendor/github.com/moby/buildkit/util/system/seccomp_nolinux.go +++ b/vendor/github.com/moby/buildkit/util/system/seccomp_nolinux.go @@ -1,3 +1,4 @@ +//go:build !linux && seccomp // +build !linux,seccomp package system diff --git a/vendor/github.com/moby/buildkit/util/system/seccomp_noseccomp.go b/vendor/github.com/moby/buildkit/util/system/seccomp_noseccomp.go index 84cfb7fa8398..2804516b249f 100644 --- a/vendor/github.com/moby/buildkit/util/system/seccomp_noseccomp.go +++ b/vendor/github.com/moby/buildkit/util/system/seccomp_noseccomp.go @@ -1,3 +1,4 @@ +//go:build !seccomp // +build !seccomp package system From 932ca73874e642f5144808c9f103fca8d5eedc00 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 17 Oct 2022 21:13:53 +0200 Subject: [PATCH 2/4] [20.10] vendor: github.com/docker/docker v20.10.19 full diff: https://github.com/docker/docker/compare/v20.10.18...v20.10.19 Signed-off-by: Sebastiaan van Stijn --- vendor.conf | 2 +- vendor/github.com/docker/docker/vendor.conf | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/vendor.conf b/vendor.conf index eac8c0842c43..c0ca69c7d1d9 100755 --- a/vendor.conf +++ b/vendor.conf @@ -13,7 +13,7 @@ github.com/creack/pty 2a38352e8b4d7ab6c336eef107e4 github.com/davecgh/go-spew 8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1 github.com/docker/compose-on-kubernetes 1f9b5b8cb6aca13deee947511801cf89447c1bfe # v0.5.0 github.com/docker/distribution b5ca020cfbe998e5af3457fda087444cf5116496 # v2.8.1 -github.com/docker/docker e42327a6d3c55ceda3bd5475be7aae6036d02db3 # v20.10.18 +github.com/docker/docker c964641a0d76733c071d606c72541b263da84a3e # v20.10.19 github.com/docker/docker-credential-helpers fc9290adbcf1594e78910e2f0334090eaee0e1ee # v0.6.4 github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06 # Contains a customized version of canonical/json and is used by Notary. The package is periodically rebased on current Go versions. github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0 diff --git a/vendor/github.com/docker/docker/vendor.conf b/vendor/github.com/docker/docker/vendor.conf index 1cafd8252e1d..7d60b86871c2 100644 --- a/vendor/github.com/docker/docker/vendor.conf +++ b/vendor/github.com/docker/docker/vendor.conf @@ -33,7 +33,7 @@ github.com/imdario/mergo 1afb36080aec31e0d1528973ebe6 golang.org/x/sync cd5d95a43a6e21273425c7ae415d3df9ea832eeb # buildkit -github.com/moby/buildkit bc07b2b81b1c6a62d29981ac564b16a15ce2bfa7 # v0.8.3-4-gbc07b2b8 +github.com/moby/buildkit 3a1eeca59a9263613d996ead67d53a4b7d45723d # v0.8.3-29-g3a1eeca5 github.com/tonistiigi/fsutil 0834f99b7b85462efb69b4f571a4fa3ca7da5ac9 github.com/tonistiigi/units 6950e57a87eaf136bbe44ef2ec8e75b9e3569de2 github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746 @@ -50,9 +50,10 @@ github.com/grpc-ecosystem/go-grpc-middleware 3c51f7f332123e8be5a157c0802a github.com/docker/libnetwork 0dde5c895075df6e3630e76f750a447cf63f4789 github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 -github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec +github.com/armon/go-metrics f0300d1749da6fa982027e449ec0c7a145510c3c # v0.4.1 github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b -github.com/hashicorp/memberlist 3d8438da9589e7b608a83ffac1ef8211486bcb7c +github.com/hashicorp/memberlist e6ff9b2d87a3f0f3f04abb5672ada3ac2a640223 # v0.4.0 +github.com/google/btree 4030bb1f1f0c35b30ca7009e9ebd06849dd45306 # v1.1.2 github.com/sean-/seed e2103e2c35297fb7e17febb81e49b312087a2372 github.com/hashicorp/errwrap 8a6fb523712970c966eefc6b39ed2c5e74880354 # v1.0.0 github.com/hashicorp/go-sockaddr c7188e74f6acae5a989bdc959aa779f8b9f42faf # v1.0.2 @@ -135,8 +136,8 @@ google.golang.org/genproto 3f1135a288c9a07e340ae8ba4cc6 github.com/containerd/containerd 96c5ae04b6784e180aaeee50fba715ac448ddb0d https://github.com/moby/containerd.git # docker-20.10 branch github.com/containerd/fifo 0724c46b320cf96bb172a0550c19a4b1fca4dacb github.com/containerd/continuity 5ad51c7aca47b8e742f5e6e7dc841d50f5f6affd # v0.3.0 -github.com/containerd/cgroups b9de8a2212026c07cec67baf3323f1fc0121e048 # v1.0.1 -github.com/containerd/console 5d7e1412f07b502a01029ea20e20e0d2be31fa7c # v1.0.1 +github.com/containerd/cgroups b9de8a2212026c07cec67baf3323f1fc0121e048 # v1.0.1 +github.com/containerd/console 2f1e3d2b6afd18e8b2077816c711205a0b4d8769 # v1.0.2 github.com/containerd/go-runc 16b287bc67d069a60fa48db15f330b790b74365b github.com/containerd/typeurl cd3ce7159eae562a4f60ceff37dada11a939d247 # v1.0.1 github.com/containerd/ttrpc bfba540dc45464586c106b1f31c8547933c1eb41 # v1.0.2 From d18a3e9004571b1d977161d38b59a71adb972bef Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 17 Oct 2022 21:16:50 +0200 Subject: [PATCH 3/4] [20.10] vendor moby/buildkit v0.8.3-31-gc0149372 no change in vendored code full diff: https://github.com/moby/buildkit/compare/3a1eeca59a9263613d996ead67d53a4b7d45723d...c014937225cba29cfb1d5161fd134316c0e9bdaa Signed-off-by: Sebastiaan van Stijn --- vendor.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor.conf b/vendor.conf index c0ca69c7d1d9..6760f9f53ca9 100755 --- a/vendor.conf +++ b/vendor.conf @@ -46,7 +46,7 @@ github.com/Microsoft/go-winio 5b44b70ab3ab4d291a7c1d28afe7 github.com/Microsoft/hcsshim 5bc557dd210ff2caf615e6e22d398123de77fc11 # v0.8.9 github.com/miekg/pkcs11 210dc1e16747c5ba98a03bcbcf728c38086ea357 # v1.0.3 github.com/mitchellh/mapstructure d16e9488127408e67948eb43b6d3fbb9f222da10 # v1.3.2 -github.com/moby/buildkit 3a1eeca59a9263613d996ead67d53a4b7d45723d # v0.8.3-29-g3a1eeca5 +github.com/moby/buildkit c014937225cba29cfb1d5161fd134316c0e9bdaa # v0.8.3-31-gc0149372 github.com/moby/sys 1bc8673b57550ddf85262eb0fed0aac651a37dab # symlink/v0.1.0 (latest tag, either mount/vXXX, mountinfo/vXXX or symlink/vXXX) github.com/moby/term 3f7ff695adc6a35abc925370dd0a4dafb48ec64d github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3 From a12c535f6e7cc945a571e05797037a99af147d5f Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 18 Oct 2022 19:29:54 +0200 Subject: [PATCH 4/4] [20.10] vendor docker 03df974ae9e6c219862907efdd76ec2e77ec930b (v20.10.20) full diff: https://github.com/docker/docker/compare/c964641a0d76733c071d606c72541b263da84a3e...03df974ae9e6c219862907efdd76ec2e77ec930b Signed-off-by: Sebastiaan van Stijn --- vendor.conf | 2 +- .../builder/remotecontext/git/gitutils.go | 64 +++++++++++++------ vendor/github.com/docker/docker/vendor.conf | 2 +- 3 files changed, 46 insertions(+), 22 deletions(-) diff --git a/vendor.conf b/vendor.conf index 6760f9f53ca9..626684dc0bbe 100755 --- a/vendor.conf +++ b/vendor.conf @@ -13,7 +13,7 @@ github.com/creack/pty 2a38352e8b4d7ab6c336eef107e4 github.com/davecgh/go-spew 8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1 github.com/docker/compose-on-kubernetes 1f9b5b8cb6aca13deee947511801cf89447c1bfe # v0.5.0 github.com/docker/distribution b5ca020cfbe998e5af3457fda087444cf5116496 # v2.8.1 -github.com/docker/docker c964641a0d76733c071d606c72541b263da84a3e # v20.10.19 +github.com/docker/docker 03df974ae9e6c219862907efdd76ec2e77ec930b # v20.10.20 github.com/docker/docker-credential-helpers fc9290adbcf1594e78910e2f0334090eaee0e1ee # v0.6.4 github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06 # Contains a customized version of canonical/json and is used by Notary. The package is periodically rebased on current Go versions. github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0 diff --git a/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go b/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go index c0f68f8f89d3..d6e3d1935535 100644 --- a/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go +++ b/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go @@ -17,21 +17,37 @@ type gitRepo struct { remote string ref string subdir string + + isolateConfig bool +} + +type CloneOption func(*gitRepo) + +// WithIsolatedConfig disables reading the user or system gitconfig files when +// performing Git operations. +func WithIsolatedConfig(v bool) CloneOption { + return func(gr *gitRepo) { + gr.isolateConfig = v + } } // Clone clones a repository into a newly created directory which // will be under "docker-build-git" -func Clone(remoteURL string) (string, error) { +func Clone(remoteURL string, opts ...CloneOption) (string, error) { repo, err := parseRemoteURL(remoteURL) if err != nil { return "", err } - return cloneGitRepo(repo) + for _, opt := range opts { + opt(&repo) + } + + return repo.clone() } -func cloneGitRepo(repo gitRepo) (checkoutDir string, err error) { +func (repo gitRepo) clone() (checkoutDir string, err error) { fetch := fetchArgs(repo.remote, repo.ref) root, err := ioutil.TempDir("", "docker-build-git") @@ -45,21 +61,21 @@ func cloneGitRepo(repo gitRepo) (checkoutDir string, err error) { } }() - if out, err := gitWithinDir(root, "init"); err != nil { + if out, err := repo.gitWithinDir(root, "init"); err != nil { return "", errors.Wrapf(err, "failed to init repo at %s: %s", root, out) } // Add origin remote for compatibility with previous implementation that // used "git clone" and also to make sure local refs are created for branches - if out, err := gitWithinDir(root, "remote", "add", "origin", repo.remote); err != nil { + if out, err := repo.gitWithinDir(root, "remote", "add", "origin", repo.remote); err != nil { return "", errors.Wrapf(err, "failed add origin repo at %s: %s", repo.remote, out) } - if output, err := gitWithinDir(root, fetch...); err != nil { + if output, err := repo.gitWithinDir(root, fetch...); err != nil { return "", errors.Wrapf(err, "error fetching: %s", output) } - checkoutDir, err = checkoutGit(root, repo.ref, repo.subdir) + checkoutDir, err = repo.checkout(root) if err != nil { return "", err } @@ -163,20 +179,20 @@ func supportsShallowClone(remoteURL string) bool { return true } -func checkoutGit(root, ref, subdir string) (string, error) { +func (repo gitRepo) checkout(root string) (string, error) { // Try checking out by ref name first. This will work on branches and sets // .git/HEAD to the current branch name - if output, err := gitWithinDir(root, "checkout", ref); err != nil { + if output, err := repo.gitWithinDir(root, "checkout", repo.ref); err != nil { // If checking out by branch name fails check out the last fetched ref - if _, err2 := gitWithinDir(root, "checkout", "FETCH_HEAD"); err2 != nil { - return "", errors.Wrapf(err, "error checking out %s: %s", ref, output) + if _, err2 := repo.gitWithinDir(root, "checkout", "FETCH_HEAD"); err2 != nil { + return "", errors.Wrapf(err, "error checking out %s: %s", repo.ref, output) } } - if subdir != "" { - newCtx, err := symlink.FollowSymlinkInScope(filepath.Join(root, subdir), root) + if repo.subdir != "" { + newCtx, err := symlink.FollowSymlinkInScope(filepath.Join(root, repo.subdir), root) if err != nil { - return "", errors.Wrapf(err, "error setting git context, %q not within git root", subdir) + return "", errors.Wrapf(err, "error setting git context, %q not within git root", repo.subdir) } fi, err := os.Stat(newCtx) @@ -192,13 +208,21 @@ func checkoutGit(root, ref, subdir string) (string, error) { return root, nil } -func gitWithinDir(dir string, args ...string) ([]byte, error) { - a := []string{"--work-tree", dir, "--git-dir", filepath.Join(dir, ".git")} - return git(append(a, args...)...) -} +func (repo gitRepo) gitWithinDir(dir string, args ...string) ([]byte, error) { + args = append([]string{"-c", "protocol.file.allow=never"}, args...) // Block sneaky repositories from using repos from the filesystem as submodules. + cmd := exec.Command("git", args...) + cmd.Dir = dir + // Disable unsafe remote protocols. + cmd.Env = append(cmd.Env, "GIT_PROTOCOL_FROM_USER=0") + + if repo.isolateConfig { + cmd.Env = append(cmd.Env, + "GIT_CONFIG_NOSYSTEM=1", // Disable reading from system gitconfig. + "HOME=/dev/null", // Disable reading from user gitconfig. + ) + } -func git(args ...string) ([]byte, error) { - return exec.Command("git", args...).CombinedOutput() + return cmd.CombinedOutput() } // isGitTransport returns true if the provided str is a git transport by inspecting diff --git a/vendor/github.com/docker/docker/vendor.conf b/vendor/github.com/docker/docker/vendor.conf index 7d60b86871c2..12419d3b79b0 100644 --- a/vendor/github.com/docker/docker/vendor.conf +++ b/vendor/github.com/docker/docker/vendor.conf @@ -33,7 +33,7 @@ github.com/imdario/mergo 1afb36080aec31e0d1528973ebe6 golang.org/x/sync cd5d95a43a6e21273425c7ae415d3df9ea832eeb # buildkit -github.com/moby/buildkit 3a1eeca59a9263613d996ead67d53a4b7d45723d # v0.8.3-29-g3a1eeca5 +github.com/moby/buildkit c014937225cba29cfb1d5161fd134316c0e9bdaa # v0.8.3-31-gc0149372 github.com/tonistiigi/fsutil 0834f99b7b85462efb69b4f571a4fa3ca7da5ac9 github.com/tonistiigi/units 6950e57a87eaf136bbe44ef2ec8e75b9e3569de2 github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746