From 033d5629c000062a69c5f1da1902cde30ac29c91 Mon Sep 17 00:00:00 2001 From: Justin Chadwell Date: Fri, 13 Jan 2023 13:28:57 +0000 Subject: [PATCH 1/2] build: avoid compatability error when attestations disabled We should avoid erroring with attestations support compatability errors when a user has specified --provenance=false. A user may wish to enable --provenance=false that works across buildkit versions, but currently it will fail on old versions - this patch fixes this, to silently ignore the provenance flag for this check if it's set to disabled. Signed-off-by: Justin Chadwell (cherry picked from commit 15a80b56b5d015baf40ff2393f424ff0bcc51d2b) Signed-off-by: Justin Chadwell --- build/build.go | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/build/build.go b/build/build.go index 14193879..a4f65b0a 100644 --- a/build/build.go +++ b/build/build.go @@ -588,18 +588,22 @@ func toSolveOpt(ctx context.Context, node builder.Node, multiDriver bool, opt Op } } - if len(opt.Attests) > 0 { - if !bopts.LLBCaps.Contains(apicaps.CapID("exporter.image.attestations")) { + attests := make(map[string]string) + for k, v := range opt.Attests { + if v != nil { + attests[k] = *v + } + } + supportsAttestations := bopts.LLBCaps.Contains(apicaps.CapID("exporter.image.attestations")) + if len(attests) > 0 { + if !supportsAttestations { return nil, nil, errors.Errorf("attestations are not supported by the current buildkitd") } - for k, v := range opt.Attests { - if v == nil { - continue - } - so.FrontendAttrs[k] = *v + for k, v := range attests { + so.FrontendAttrs[k] = v } } - if _, ok := opt.Attests["attest:provenance"]; !ok { + if _, ok := opt.Attests["attest:provenance"]; !ok && supportsAttestations { so.FrontendAttrs["attest:provenance"] = "mode=min,inline-only=true" } From ed9b4a71695d8362a9dcb620e68c6d943efbf26c Mon Sep 17 00:00:00 2001 From: Justin Chadwell Date: Fri, 13 Jan 2023 13:41:53 +0000 Subject: [PATCH 2/2] build: error when using docker exporter and attestations Signed-off-by: Justin Chadwell (cherry picked from commit 43a748fd15c71eb65423ec50a3e9d331803ed8a1) Signed-off-by: Justin Chadwell --- build/build.go | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/build/build.go b/build/build.go index a4f65b0a..97de5d1f 100644 --- a/build/build.go +++ b/build/build.go @@ -447,6 +447,25 @@ func toSolveOpt(ctx context.Context, node builder.Node, multiDriver bool, opt Op so.FrontendAttrs["multi-platform"] = "true" } + attests := make(map[string]string) + for k, v := range opt.Attests { + if v != nil { + attests[k] = *v + } + } + supportsAttestations := bopts.LLBCaps.Contains(apicaps.CapID("exporter.image.attestations")) + if len(attests) > 0 { + if !supportsAttestations { + return nil, nil, errors.Errorf("attestations are not supported by the current buildkitd") + } + for k, v := range attests { + so.FrontendAttrs[k] = v + } + } + if _, ok := opt.Attests["attest:provenance"]; !ok && supportsAttestations { + so.FrontendAttrs["attest:provenance"] = "mode=min,inline-only=true" + } + switch len(opt.Exports) { case 1: // valid @@ -504,7 +523,7 @@ func toSolveOpt(ctx context.Context, node builder.Node, multiDriver bool, opt Op return nil, nil, notSupported(nodeDriver, driver.OCIExporter) } if e.Type == "docker" { - if len(opt.Platforms) > 1 { + if len(opt.Platforms) > 1 || len(attests) > 0 { return nil, nil, errors.Errorf("docker exporter does not currently support exporting manifest lists") } if e.Output == nil { @@ -588,25 +607,6 @@ func toSolveOpt(ctx context.Context, node builder.Node, multiDriver bool, opt Op } } - attests := make(map[string]string) - for k, v := range opt.Attests { - if v != nil { - attests[k] = *v - } - } - supportsAttestations := bopts.LLBCaps.Contains(apicaps.CapID("exporter.image.attestations")) - if len(attests) > 0 { - if !supportsAttestations { - return nil, nil, errors.Errorf("attestations are not supported by the current buildkitd") - } - for k, v := range attests { - so.FrontendAttrs[k] = v - } - } - if _, ok := opt.Attests["attest:provenance"]; !ok && supportsAttestations { - so.FrontendAttrs["attest:provenance"] = "mode=min,inline-only=true" - } - // set platforms if len(opt.Platforms) != 0 { pp := make([]string, len(opt.Platforms))