Skip to content

Commit 2590f95

Browse files
crazy-maxcrazy-max
authored
Merge pull request #3673 from tonistiigi/v0.11.4-picks
v0.11.4 cherry picks
2 parents c327eb8 + 97b37f9 commit 2590f95

5 files changed

Lines changed: 49 additions & 13 deletions

File tree

cache/remote.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -228,13 +228,13 @@ func (sr *immutableRef) getRemote(ctx context.Context, createIfNeeded bool, refC
228228
newDesc.Size = blobDesc.Size
229229
newDesc.URLs = blobDesc.URLs
230230
newDesc.Annotations = nil
231+
if len(addAnnotations) > 0 || len(blobDesc.Annotations) > 0 {
232+
newDesc.Annotations = make(map[string]string)
233+
}
231234
for _, k := range addAnnotations {
232235
newDesc.Annotations[k] = desc.Annotations[k]
233236
}
234237
for k, v := range blobDesc.Annotations {
235-
if newDesc.Annotations == nil {
236-
newDesc.Annotations = make(map[string]string)
237-
}
238238
newDesc.Annotations[k] = v
239239
}
240240
desc = newDesc

client/llb/definition.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,10 @@ type DefinitionOp struct {
2929

3030
// NewDefinitionOp returns a new operation from a marshalled definition.
3131
func NewDefinitionOp(def *pb.Definition) (*DefinitionOp, error) {
32+
if def == nil {
33+
return nil, errors.New("invalid nil input definition to definition op")
34+
}
35+
3236
ops := make(map[digest.Digest]*pb.Op)
3337
defs := make(map[digest.Digest][]byte)
3438
platforms := make(map[digest.Digest]*ocispecs.Platform)

client/llb/definition_test.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,3 +118,9 @@ func TestDefinitionInputCache(t *testing.T) {
118118
// 1 exec + 2x2 mounts from stA and stB + 1 src = 6 vertexes
119119
require.Equal(t, 6, len(vertexCache))
120120
}
121+
122+
func TestDefinitionNil(t *testing.T) {
123+
// should be an error, not a panic
124+
_, err := NewDefinitionOp(nil)
125+
require.Error(t, err)
126+
}

frontend/dockerfile/dockerfile_test.go

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,7 @@ var allTests = integration.TestFuncs(
160160
testNilProvenance,
161161
testSBOMScannerArgs,
162162
testMultiPlatformWarnings,
163+
testNilContextInSolveGateway,
163164
)
164165

165166
// Tests that depend on the `security.*` entitlements
@@ -6600,6 +6601,29 @@ COPY --from=0 / /
66006601
require.Equal(t, expectedDigest, outDigest)
66016602
}
66026603

6604+
func testNilContextInSolveGateway(t *testing.T, sb integration.Sandbox) {
6605+
f := getFrontend(t, sb)
6606+
c, err := client.New(sb.Context(), sb.Address())
6607+
require.NoError(t, err)
6608+
defer c.Close()
6609+
6610+
_, err = c.Build(sb.Context(), client.SolveOpt{}, "", func(ctx context.Context, c gateway.Client) (*gateway.Result, error) {
6611+
res, err := f.SolveGateway(ctx, c, gateway.SolveRequest{
6612+
Frontend: "dockerfile.v0",
6613+
FrontendInputs: map[string]*pb.Definition{
6614+
builder.DefaultLocalNameDockerfile: nil,
6615+
builder.DefaultLocalNameContext: nil,
6616+
},
6617+
})
6618+
if err != nil {
6619+
return nil, err
6620+
}
6621+
return res, nil
6622+
}, nil)
6623+
// should not cause buildkitd to panic
6624+
require.ErrorContains(t, err, "invalid nil input definition to definition op")
6625+
}
6626+
66036627
func runShell(dir string, cmds ...string) error {
66046628
for _, args := range cmds {
66056629
var cmd *exec.Cmd

snapshot/diffapply_unix.go

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -379,6 +379,18 @@ func (a *applier) applyCopy(ctx context.Context, ca *changeApply) error {
379379
return errors.Errorf("unhandled file type %d during merge at path %q", ca.srcStat.Mode&unix.S_IFMT, ca.srcPath)
380380
}
381381

382+
// NOTE: it's important that chown happens before setting xattrs due to the fact that chown will
383+
// reset the security.capabilities xattr which results in file capabilities being lost.
384+
if err := os.Lchown(ca.dstPath, int(ca.srcStat.Uid), int(ca.srcStat.Gid)); err != nil {
385+
return errors.Wrap(err, "failed to chown during apply")
386+
}
387+
388+
if ca.srcStat.Mode&unix.S_IFMT != unix.S_IFLNK {
389+
if err := unix.Chmod(ca.dstPath, ca.srcStat.Mode); err != nil {
390+
return errors.Wrapf(err, "failed to chmod path %q during apply", ca.dstPath)
391+
}
392+
}
393+
382394
if ca.srcPath != "" {
383395
xattrs, err := sysx.LListxattr(ca.srcPath)
384396
if err != nil {
@@ -410,16 +422,6 @@ func (a *applier) applyCopy(ctx context.Context, ca *changeApply) error {
410422
}
411423
}
412424

413-
if err := os.Lchown(ca.dstPath, int(ca.srcStat.Uid), int(ca.srcStat.Gid)); err != nil {
414-
return errors.Wrap(err, "failed to chown during apply")
415-
}
416-
417-
if ca.srcStat.Mode&unix.S_IFMT != unix.S_IFLNK {
418-
if err := unix.Chmod(ca.dstPath, ca.srcStat.Mode); err != nil {
419-
return errors.Wrapf(err, "failed to chmod path %q during apply", ca.dstPath)
420-
}
421-
}
422-
423425
atimeSpec := unix.Timespec{Sec: ca.srcStat.Atim.Sec, Nsec: ca.srcStat.Atim.Nsec}
424426
mtimeSpec := unix.Timespec{Sec: ca.srcStat.Mtim.Sec, Nsec: ca.srcStat.Mtim.Nsec}
425427
if ca.srcStat.Mode&unix.S_IFMT != unix.S_IFDIR {

0 commit comments

Comments
 (0)