Merge pull request #5952 from jsternberg/v0.21.1-picks

tonistiigi · web-flow · commit 66735c67040b · 2025-04-29T10:24:19.000-07:00
[v0.21] cherry-picks for v0.21.1
diff --git a/cmd/buildctl/common/common.go b/cmd/buildctl/common/common.go
@@ -30,38 +30,25 @@ func ResolveClient(c *cli.Context) (*client.Client, error) {
 		serverName = uri.Hostname()
 	}
 
-	var caCert string
-	var cert string
-	var key string
+	var (
+		caCert string
+		cert   string
+		key    string
+		err    error
+	)
 
 	tlsDir := c.GlobalString("tlsdir")
 
 	if tlsDir != "" {
-		// Look for ca.pem or ca.crt and, if it exists, set caCert to that
-		// Look for cert.pem or tls.crt and, if it exists, set cert to that
-		// Look for key.pem or tls.key and, if it exists, set key to that
-		for _, v := range [6]string{"ca.pem", "cert.pem", "key.pem", "ca.crt", "tls.crt", "tls.key"} {
-			file := filepath.Join(tlsDir, v)
-			if _, err := os.Stat(file); err == nil {
-				switch v {
-				case "ca.pem":
-				case "ca.crt":
-					caCert = file
-				case "cert.pem":
-				case "tls.crt":
-					cert = file
-				case "key.pem":
-				case "tls.key":
-					key = file
-				}
-			} else {
-				return nil, err
-			}
-		}
-
+		// Fail straight away if TLS was specified both ways
 		if c.GlobalString("tlscacert") != "" || c.GlobalString("tlscert") != "" || c.GlobalString("tlskey") != "" {
 			return nil, errors.New("cannot specify tlsdir and tlscacert/tlscert/tlskey at the same time")
 		}
+
+		caCert, cert, key, err = resolveTLSFilesFromDir(tlsDir)
+		if err != nil {
+			return nil, err
+		}
 	} else {
 		caCert = c.GlobalString("tlscacert")
 		cert = c.GlobalString("tlscert")
@@ -128,3 +115,29 @@ func ParseTemplate(format string) (*template.Template, error) {
 	}
 	return template.New("").Funcs(funcs).Parse(format)
 }
+
+// resolveTLSFilesFromDir scans a TLS directory for known cert/key filenames.
+func resolveTLSFilesFromDir(tlsDir string) (caCert, cert, key string, err error) {
+	oneOf := func(either, or string) (string, error) {
+		for _, name := range []string{either, or} {
+			fpath := filepath.Join(tlsDir, name)
+			if _, err := os.Stat(fpath); err == nil {
+				return fpath, nil
+			} else if !os.IsNotExist(err) {
+				return "", err
+			}
+		}
+		return "", errors.Errorf("directory did not contain one of the needed files: %s or %s", either, or)
+	}
+
+	if caCert, err = oneOf("ca.pem", "ca.crt"); err != nil {
+		return "", "", "", err
+	}
+	if cert, err = oneOf("cert.pem", "tls.crt"); err != nil {
+		return "", "", "", err
+	}
+	if key, err = oneOf("key.pem", "tls.key"); err != nil {
+		return "", "", "", err
+	}
+	return caCert, cert, key, nil
+}
diff --git a/cmd/buildctl/common/common_test.go b/cmd/buildctl/common/common_test.go
@@ -0,0 +1,74 @@
+package common
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func writeTempFile(t *testing.T, dir, name, content string) string {
+	t.Helper()
+	path := filepath.Join(dir, name)
+	require.NoError(t, os.WriteFile(path, []byte(content), 0644))
+	return path
+}
+
+func TestResolveTLSFilesFromDir(t *testing.T) {
+	t.Run("all files present for cert-manager style", func(t *testing.T) {
+		dir := t.TempDir()
+		ca := writeTempFile(t, dir, "ca.crt", "ca")
+		cert := writeTempFile(t, dir, "tls.crt", "cert")
+		key := writeTempFile(t, dir, "tls.key", "key")
+
+		caOut, certOut, keyOut, err := resolveTLSFilesFromDir(dir)
+		require.Equal(t, ca, caOut)
+		require.Equal(t, cert, certOut)
+		require.Equal(t, key, keyOut)
+		require.NoError(t, err)
+	})
+
+	t.Run("all files present for pem style", func(t *testing.T) {
+		dir := t.TempDir()
+		ca := writeTempFile(t, dir, "ca.pem", "ca")
+		cert := writeTempFile(t, dir, "cert.pem", "cert")
+		key := writeTempFile(t, dir, "key.pem", "key")
+
+		caOut, certOut, keyOut, err := resolveTLSFilesFromDir(dir)
+		require.Equal(t, ca, caOut)
+		require.Equal(t, cert, certOut)
+		require.Equal(t, key, keyOut)
+		require.NoError(t, err)
+	})
+
+	t.Run("mixed set is present", func(t *testing.T) {
+		dir := t.TempDir()
+		ca := writeTempFile(t, dir, "ca.crt", "ca-cert-manager")
+		cert := writeTempFile(t, dir, "cert.pem", "cert-pem")
+		key := writeTempFile(t, dir, "key.pem", "key-pem")
+		// ca for cert-manager, cert and key for pem
+
+		caOut, certOut, keyOut, err := resolveTLSFilesFromDir(dir)
+		require.Equal(t, ca, caOut)
+		require.Equal(t, cert, certOut)
+		require.Equal(t, key, keyOut)
+		require.NoError(t, err)
+	})
+
+	t.Run("all files present for cert-manager and pem styles and pem is chosen", func(t *testing.T) {
+		dir := t.TempDir()
+		writeTempFile(t, dir, "ca.crt", "ca-cert-manager")
+		writeTempFile(t, dir, "tls.crt", "cert-cert-manager")
+		writeTempFile(t, dir, "tls.key", "key-cert-manager")
+		ca := writeTempFile(t, dir, "ca.pem", "ca-pem")
+		cert := writeTempFile(t, dir, "cert.pem", "cert-pem")
+		key := writeTempFile(t, dir, "key.pem", "key-pem")
+
+		caOut, certOut, keyOut, err := resolveTLSFilesFromDir(dir)
+		require.Equal(t, ca, caOut)
+		require.Equal(t, cert, certOut)
+		require.Equal(t, key, keyOut)
+		require.NoError(t, err)
+	})
+}
diff --git a/cmd/buildctl/main.go b/cmd/buildctl/main.go
@@ -87,7 +87,7 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:  "tlsdir",
-			Usage: "directory containing CA certificate, client certificate, and client key",
+			Usage: "directory containing CA certificate, client certificate, and client key. Supported file names are (ca.pem, cert.pem, key.pem) or (ca.crt, tls.crt, tls.key)",
 			Value: "",
 		},
 		cli.IntFlag{
diff --git a/control/control.go b/control/control.go
@@ -376,6 +376,9 @@ func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (*
 	atomic.AddInt64(&c.buildCount, 1)
 	defer atomic.AddInt64(&c.buildCount, -1)
 
+	if req.Cache == nil {
+		req.Cache = &controlapi.CacheOptions{} // make sure cache options are initialized
+	}
 	translateLegacySolveRequest(req)
 
 	defer func() {
diff --git a/docs/reference/buildctl.md b/docs/reference/buildctl.md
@@ -29,7 +29,7 @@ GLOBAL OPTIONS:
    --tlscacert value      CA certificate for validation
    --tlscert value        client certificate
    --tlskey value         client key
-   --tlsdir value         directory containing CA certificate, client certificate, and client key
+   --tlsdir value         directory containing CA certificate, client certificate, and client key. Supported file names are (ca.pem, cert.pem, key.pem) or (ca.crt, tls.crt, tls.key)
    --timeout value        timeout backend connection after value seconds (default: 5)
    --wait                 block RPCs until the connection becomes available
    --help, -h             show help
diff --git a/frontend/dockerui/build.go b/frontend/dockerui/build.go
@@ -61,16 +61,12 @@ func (bc *Client) Build(ctx context.Context, fn BuildFunc) (*ResultBuilder, erro
 			} else {
 				p = platforms.DefaultSpec()
 			}
-
-			k := platforms.FormatAll(p)
-			p = extendWindowsPlatform(p, img.Platform)
-			p = platforms.Normalize(p)
-
+			expPlat := makeExportPlatform(p, img.Platform)
 			if bc.MultiPlatformRequested {
-				res.AddRef(k, ref)
-				res.AddMeta(fmt.Sprintf("%s/%s", exptypes.ExporterImageConfigKey, k), config)
+				res.AddRef(expPlat.ID, ref)
+				res.AddMeta(fmt.Sprintf("%s/%s", exptypes.ExporterImageConfigKey, expPlat.ID), config)
 				if len(baseConfig) > 0 {
-					res.AddMeta(fmt.Sprintf("%s/%s", exptypes.ExporterImageBaseConfigKey, k), baseConfig)
+					res.AddMeta(fmt.Sprintf("%s/%s", exptypes.ExporterImageBaseConfigKey, expPlat.ID), baseConfig)
 				}
 			} else {
 				res.SetRef(ref)
@@ -79,10 +75,7 @@ func (bc *Client) Build(ctx context.Context, fn BuildFunc) (*ResultBuilder, erro
 					res.AddMeta(exptypes.ExporterImageBaseConfigKey, baseConfig)
 				}
 			}
-			expPlatforms.Platforms[i] = exptypes.Platform{
-				ID:       k,
-				Platform: p,
-			}
+			expPlatforms.Platforms[i] = expPlat
 			return nil
 		})
 	}
@@ -133,3 +126,16 @@ func extendWindowsPlatform(p, imgP ocispecs.Platform) ocispecs.Platform {
 	}
 	return p
 }
+
+func makeExportPlatform(p, imgP ocispecs.Platform) exptypes.Platform {
+	p = platforms.Normalize(p)
+	exp := exptypes.Platform{
+		ID: platforms.FormatAll(p),
+	}
+	if p.OS == "windows" {
+		p = extendWindowsPlatform(p, imgP)
+		p = platforms.Normalize(p)
+	}
+	exp.Platform = p
+	return exp
+}
diff --git a/frontend/dockerui/build_test.go b/frontend/dockerui/build_test.go
@@ -0,0 +1,100 @@
+package dockerui
+
+import (
+	"testing"
+
+	"github.com/containerd/platforms"
+	"github.com/moby/buildkit/exporter/containerimage/exptypes"
+	ocispecs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNormalizePlatform(t *testing.T) {
+	testCases := []struct {
+		p, imgP  ocispecs.Platform
+		expected exptypes.Platform
+	}{
+		{
+			p: ocispecs.Platform{
+				Architecture: "arm64",
+				OS:           "linux",
+				Variant:      "v8",
+			},
+			imgP: ocispecs.Platform{
+				Architecture: "arm64",
+				OS:           "linux",
+			},
+			expected: exptypes.Platform{
+				ID: "linux/arm64", // Not "linux/arm64/v8" https://github.com/moby/buildkit/issues/5915
+				Platform: ocispecs.Platform{
+					Architecture: "arm64",
+					OS:           "linux",
+				},
+			},
+		},
+		{
+			p: ocispecs.Platform{
+				Architecture: "arm64",
+				OS:           "linux",
+				Variant:      "v8",
+			},
+			imgP: ocispecs.Platform{
+				Architecture: "arm64",
+				OS:           "linux",
+				Variant:      "v8",
+			},
+			expected: exptypes.Platform{
+				ID: "linux/arm64",
+				Platform: ocispecs.Platform{
+					Architecture: "arm64",
+					OS:           "linux",
+				},
+			},
+		},
+		{
+			p: ocispecs.Platform{
+				Architecture: "amd64",
+				OS:           "windows",
+			},
+			imgP: ocispecs.Platform{
+				Architecture: "amd64",
+				OS:           "windows",
+				OSVersion:    "10.0.19041.0",
+			},
+			expected: exptypes.Platform{
+				ID: "windows/amd64",
+				Platform: ocispecs.Platform{
+					Architecture: "amd64",
+					OS:           "windows",
+					OSVersion:    "10.0.19041.0",
+				},
+			},
+		},
+		{
+			p: ocispecs.Platform{
+				Architecture: "amd64",
+				OS:           "windows",
+				OSVersion:    "10.0.19041.0",
+			},
+			imgP: ocispecs.Platform{
+				Architecture: "amd64",
+				OS:           "windows",
+				OSVersion:    "11.0.22000.0",
+			},
+			expected: exptypes.Platform{
+				ID: "windows(10.0.19041.0)/amd64",
+				Platform: ocispecs.Platform{
+					Architecture: "amd64",
+					OS:           "windows",
+					OSVersion:    "10.0.19041.0",
+				},
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		require.Equal(t, tc.expected, makeExportPlatform(tc.p, tc.imgP))
+		// the ID needs to always be formatall(normalize(p))
+		require.Equal(t, platforms.FormatAll(platforms.Normalize(tc.p)), tc.expected.ID)
+	}
+}
