profile
viewpoint
Tõnis Tiigi tonistiigi Docker San Francisco

moby/buildkit 2268

concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit

aacebedo/dnsdock 537

DNS service discovery for Docker containers

tonistiigi/audiosprite 508

Jukebox/Howler/CreateJS compatible audio sprite generator

tonistiigi/buildkit-pack 72

buildkit frontend for buildpacks

containerd/fifo 52

fifo pkg for Go

dominictarr/kv 38

simple kv store for streams

carlosedp/riscv-bringup 33

Risc-V journey thru containers and new projects

docker/go 11

Go packages with small patches autogenerated (used for canonical/json)

icecrime/docker-api 5

Docker Remote API

created tagmoby/buildkit

tagdockerfile/1.1.5-experimental

concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit

created time in a day

created tagmoby/buildkit

tagdockerfile/1.1.5

concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit

created time in a day

created tagmoby/buildkit

tagv0.6.4

concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit

created time in a day

pull request commentmoby/buildkit

[v0.6] ops: fix deadlock on releasing shared mounts

Needed to remove the tests because too many conflicts.

tonistiigi

comment created time in a day

push eventtonistiigi/buildkit

Tonis Tiigi

commit sha ce45b323ff4baf99c6ff8e4969403b9a4a08d513

ops: refactor cache mounts to have unit tests Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> (cherry picked from commit bf2dc85f80288ad07308fe4e767169bf7f14c52d)

view details

Tonis Tiigi

commit sha ebcef1f69af0bbca077efa9a960a481e579a0e89

ops: fix deadlock on releasing shared mounts Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> (cherry picked from commit 6d907b689356c329d8951ca90414a7b3977e1b43)

view details

push time in a day

PR opened moby/buildkit

[v0.6] ops: fix deadlock on releasing shared mounts

backport 1355

+431 -18

0 comment

2 changed files

pr created time in a day

create barnchtonistiigi/buildkit

branch : 1903-mount-deadlock

created branch time in a day

push eventmoby/buildkit

Tonis Tiigi

commit sha bf2dc85f80288ad07308fe4e767169bf7f14c52d

ops: refactor cache mounts to have unit tests Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

view details

Tonis Tiigi

commit sha 6d907b689356c329d8951ca90414a7b3977e1b43

ops: fix deadlock on releasing shared mounts Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

view details

Tonis Tiigi

commit sha b2fffc20d3e555567ed382696bfb17909a7d1ca5

ops: add tests for shared and locked cache mounts Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

view details

Tõnis Tiigi

commit sha 332cdb5e252fba9853073ecec180b1fffe7a99a1

Merge pull request #1355 from tonistiigi/mounts-deadlock ops: fix deadlock on releasing shared mounts

view details

push time in a day

PR merged moby/buildkit

ops: fix deadlock on releasing shared mounts

fix #1322 regression from https://github.com/moby/buildkit/commit/7b1bae7a42f412262e43da80f9dd9cf86c06fae2#diff-0d2115e5c32fba316a7eaa987331881cR228

#1092 added another global lock to protect writes to the global map of shared cache mounts. Because the lock is taken too early if conflicts with the locking order of the release method. In case the first shared cache mount is released at the same time another mount is taken with the same key locks are held in the opposite order leading to a deadlock. This PR fixes the ordering issue and makes sure the global lock is not taken before it is needed, improving the efficiency of the mounts with locking sharing mode.

Refactored code to allow unit tests. Tests added for the deadlock case and for all of the sharing methods.

@cpuguy83

+431 -18

0 comment

2 changed files

tonistiigi

pr closed time in a day

issue closedmoby/buildkit

Deadlock on cache mounts

I am experiencing deadlocks related to preparing cache mounts.

Here is a stack trace from one of my build agents: https://gist.github.com/cpuguy83/0e79cd121c780df71eb1cbbcbcc8f1e1

This has wedged most of my build agents (when they try to lookup a particular cache mount) and seems to happen rather easily.

I have setup my builds to generate stack dumps any time we end up cancelling (e.g. due to timeout) the build so I can get more of these pretty easily.

closed time in a day

cpuguy83

PR closed docker/buildx

ls: platform column now includes user-specified one with driver fallback

When creating builders with create --platform, the user can set a subset of the platforms supported by the builder, but ls should only show the user-specified platforms, when set. Otherwise, the default platforms.

Signed-off-by: Tibor Vass tibor@docker.com

+4 -1

1 comment

1 changed file

tiborvass

pr closed time in 2 days

issue closeddocker/buildx

In s390x dockerx env, how could we build on local image or how to create buildx instance with Driver "docker"

We are working on build docker images on s390x (redhat8 zLinux) with buildx, but found that buildx not work with local image which need to be as base image.

Following list how docker and buildx in build env. Install docker ce on s390x (redhat8 zLinux)

  1. Download the static binary archive from https://download.docker.com/linux/static/stable/s390x/docker-18.06.3-ce.tgz (already latest version for s390x)
  2. Extract the archive using the tar utility
  3. Move the binaries to a directory on your executable path, such as /usr/bin/
  4. Start the Docker daemon ($ dockerd &)

Install dockerx on s390x (redhat8 zLinux)

  1. Download from https://github.com/docker/buildx/releases/download/v0.3.1/buildx-v0.3.1.linux-s390x
  2. copy it to /usr/bin folder with name docker-buildx
  3. chmod a+x /usr/bin/docker-buildx
# docker-buildx inspect
Name:   default
Driver: docker-container

Nodes:
Name:      default
Endpoint:  default
Status:    running
Platforms: linux/s390x

In our Dockerfile design, it will build on one local image as base image, but we found that docker-buildx only use base image from remote docker rgistry, it could not detect local docker image. From google search, buildx need to use Driver of "docker" to utilze local image, but I cannot find way to create buildx instance with Driver of "docker"

# docker-buildx create --use --name mybuild --platform linux/s390x --driver docker
Error: failed to find driver "docker"

As for the s390x dockerx env, how could we build on local image or how to create buildx instance with Driver "docker"?

closed time in 2 days

caixiangibm

issue commentmoby/buildkit

Wrong dockerfile used when building two images in the same context folder

And frontend decides where files go to, and backend decides how to copy the files?

Frontend is a high-level builder component. Eg. dockerfiles are built with Dockerfile frontend, buildpacks with buildpack frontend. Buildkit core is lower-level API shared by frontends. Frontends are daemon side and may run in containers.

MichaelKim0407

comment created time in 2 days

issue commentmoby/buildkit

Wrong dockerfile used when building two images in the same context folder

They are sent to folders when they can be reused after a build has completed. Frontend can control the index mechanism for different files, eg. Dockerfiles go to difference place than build context. There is also separation based on workdir for different project not to collide and make rsync meaningless (don't remember if docker cli implements this).

MichaelKim0407

comment created time in 2 days

Pull request review commentmoby/buildkit

Implement CapFrontendInput to pass llb.States to frontends

 func (gwf *GatewayForwarder) Return(ctx context.Context, req *gwapi.ReturnReques 	return res, err } +func (gwf *GatewayForwarder) Inputs(ctx context.Context, req *gwapi.InputsRequest) (*gwapi.InputsResponse, error) {+	fwd, err := gwf.lookupForwarder(ctx)+	if err != nil {+		return nil, errors.Wrap(err, "forwarding Return")

s/Return/Inputs/

hinshun

comment created time in 2 days

Pull request review commentmoby/buildkit

Implement CapFrontendInput to pass llb.States to frontends

 import ( )  type Frontend interface {-	Solve(ctx context.Context, llb FrontendLLBBridge, opt map[string]string) (*Result, error)+	Solve(ctx context.Context, llb FrontendLLBBridge, opt map[string]string, inputs map[string]llb.State) (*Result, error)

I'd prefer *pb.Definition type more in here, as llb pkg is just a client helper package for generating proto and doesn't really belong to backend API definitions. But let me know if this complicates anything.

hinshun

comment created time in 2 days

Pull request review commentmoby/buildkit

Implement CapFrontendInput to pass llb.States to frontends

 func (d *DefinitionOp) platform() *specs.Platform { 	d.platforms[d.dgst] = platform 	return platform }++func StatesFromDefinitions(defs map[string]*pb.Definition) (map[string]State, error) {+	states := make(map[string]State)+	for key, def := range defs {+		defop, err := NewDefinitionOp(def)+		if err != nil {+			return nil, err+		}+		states[key] = NewState(defop)+	}+	return states, nil+}++func DefinitionsFromStates(states map[string]State) (map[string]*pb.Definition, error) {

These seem unnecessarily defined as public methods in llb package to me. As all they do is call an already public method with a slice input. One of them is called only once, other twice so I think this logic can be on the caller side.

hinshun

comment created time in 2 days

issue commentmoby/buildkit

Wrong dockerfile used when building two images in the same context folder

I played around the test script a little bit, and it seems that if I change the build path to an absolute path (/path/to/.test/ instead of .), the error will go away. But if I change both commands to use absolute paths, the error reappears.

Yes, there are cases where cli side will copy the Dockerfile before sending. This would trigger new timestamp and this issue doesn't appear.

Although this seems like a simple fix it's not really a good idea to always force a copy like this on the cli side as it would make Dockerfile an exceptional case. What if build needs another file (dockerignore, or something new later), it would hit the same issue.

We could make it possible for the frontend to choose what algorithm to use for specific sources. Eg. dockerfile is always small so wouldn't be wasteful to always copy it, or do a full crypto checksum over data.

The transfer logic itself lives in https://github.com/tonistiigi/fsutil repository.

MichaelKim0407

comment created time in 2 days

PR closed moby/buildkit

Incremental transfer of local export

For discussion in #1224.

+51 -42

1 comment

11 changed files

hinshun

pr closed time in 2 days

pull request commentmoby/buildkit

Incremental transfer of local export

reopen if you need it again

hinshun

comment created time in 2 days

pull request commentmoby/buildkit

Expand shell variable expansion - add mandatory variables

@tiborvass This is blocked on you

Code0x58

comment created time in 2 days

PR closed moby/buildkit

hack: touch up scripts

~Created on top of https://github.com/moby/buildkit/pull/942 (first commit is from that PR)~

See individual commits for details

+360 -359

7 comments

11 changed files

thaJeztah

pr closed time in 2 days

pull request commentmoby/buildkit

hack: touch up scripts

Too many conflicts.

Probably can skip the nice to have or opinionated things like full whitespace conversion if you still wish to update this for easier review.

thaJeztah

comment created time in 2 days

pull request commentmoby/buildkit

llbsolver: support multi cache exporter

@AkihiroSuda What's the status?

AkihiroSuda

comment created time in 2 days

PR closed moby/buildkit

dockerfile: do not require `=` as a separator between flag and argument

This patch allows to parse the following Dockerfile instruction: COPY --from base /src /dest whereas previously only an = sign was required: COPY --from=base /src /dest

Signed-off-by: Tibor Vass tibor@docker.com

+29 -15

10 comments

3 changed files

tiborvass

pr closed time in 2 days

PR closed moby/buildkit

configurable registry ca certificates

What

This PR adds the possibility to specify a CA certificate to be used to verify the authenticity of a registry.

  • add config option in RegistryConfig
  • add handling in util/resolver to patch the transport with the appropriate TLS config

Why

I need a way to push to a registry which is secured using a self signed certificate.

+78 -1

9 comments

3 changed files

trusch

pr closed time in 2 days

pull request commentmoby/buildkit

configurable registry ca certificates

closing for inactivity

trusch

comment created time in 2 days

issue closedmoby/buildkit

More detailed error message for 'No build stage in current context'?

CurrentStage function can return the error

No build stage in current context

According to the number of views of this SO question forgetting FROM instruction is quite a typical reason for this error.

Isn't it worth making Docker a bit friendlier for the newcomers and more generous on details?

Something like:

No build stage in current context (If you're using Dockerfile enusre FROM instruction goes first. If you do not need base image, use FROM scratch.)

closed time in 2 days

voroninp

issue commentmoby/buildkit

More detailed error message for 'No build stage in current context'?

This was attempted in #1204 but failed to get support, so closing.

voroninp

comment created time in 2 days

pull request commentmoby/buildkit

Provided a more detailed error message for 'No build stage in current context'

Seems there is no desire from maintainers to make this message so verbose. So closing for inactivity, sorry.

Personally, I don't mind improving this message but the proposal seems too specific and out of context for an error message. It's more in the category of "how to look up docs" for any error.

Namit-Agrawal

comment created time in 2 days

Pull request review commentmoby/buildkit

ops: fix deadlock on releasing shared mounts

 func (r *cacheRefShare) clone() cache.MutableRef {  func (r *cacheRefShare) release(ctx context.Context) error { 	if r.main != nil {-		r.main.mu.Lock()-		defer r.main.mu.Unlock() 		delete(r.main.shares, r.key) 	} 	return r.MutableRef.Release(ctx) } +var cacheRefReleaseHijack func()+var cacheRefCloneHijack func()

Extra code needed for that isn't probably worth it. clone() doesn't even take a context atm.

tonistiigi

comment created time in 2 days

MemberEvent

issue commentmoby/buildkit

unable to push image to artifactory in rootless

See if this is the same as https://github.com/moby/buildkit/issues/1130

Buildkit uses https://github.com/containerd/containerd/ for registry operations. If you can repro with containerd/ctr please take this issue to containerd repo.

posina

comment created time in 2 days

issue commentmoby/buildkit

Issue in connecting with AWS ECR docker registry

@AkihiroSuda login-helpers are dependencies for the cli, not buildkit daemon. So having them in a container is only useful if you trigger build from inside the container, and in that case you would need a lot of manual preparation anyway for getting your sources/credtials etc into container.

ssvinoth22

comment created time in 3 days

push eventmoby/buildkit

Sebastiaan van Stijn

commit sha b1b5f2e626d06cf2ea69dc88903c4ed5c989a549

vendor: golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6 full diff: https://github.com/golang/crypto/compare/c2843e01d9a2bc60bb26ad24e09734fdc2d9ec58...1d94cc7ab1c630336ab82ccb9c9cda72a875c382 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Tõnis Tiigi

commit sha 89978e706966b5662f2d108c906084d644559178

Merge pull request #1370 from thaJeztah/bump_crypto vendor: golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6

view details

push time in 3 days

PR merged moby/buildkit

vendor: golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6

full diff: https://github.com/golang/crypto/compare/c2843e01d9a2bc60bb26ad24e09734fdc2d9ec58...1d94cc7ab1c630336ab82ccb9c9cda72a875c382

I'm doing a around across repositories to update in preparation of a security release that was announced for tomorrow (so that we can update again with just the changes related to that fix);

https://groups.google.com/d/msgid/golang-announce/CA%2B2K_Kox3xkjj6gWkp%3DY6fmp7sO4T%2BbgudjjZZ%3Duwgp476pmEw%40mail.gmail.com

+4731 -2507

0 comment

58 changed files

thaJeztah

pr closed time in 3 days

issue commentmoby/buildkit

Issue in connecting with AWS ECR docker registry

Do you have docker-credential-ecr-login installed? https://github.com/awslabs/amazon-ecr-credential-helper

ssvinoth22

comment created time in 4 days

issue commentmoby/buildkit

Wrong dockerfile used when building two images in the same context folder

I guess one way would be to use nanotimes for comparison. Not sure why it isn't this way already.

MichaelKim0407

comment created time in 4 days

issue commentmoby/buildkit

Wrong dockerfile used when building two images in the same context folder

Interesting. Buildkit uses same method as rsync, based on file metadata, for file transfers. Because you do fast git clone in your test script the files (often) have the same timestamp (with the rest of the metadata) that is causing this.

Eg. you can change your test script to

#!/bin/bash

rm -rf .test
git clone .git .test
cd .test

mkdir foo
rsync a/Dockerfile foo/
rsync b/Dockerfile foo/
cat foo/Dockerfile

for the same behavior.

Need to think about this.

MichaelKim0407

comment created time in 4 days

pull request commentmoby/buildkit

Fix go.mod to be compatible with go1.13

@AkihiroSuda I'm fine with the replace rules but rolling back deps if they are already too new is going to be a pain. Feel free to carry this with extra commits to bring adjust containerd dependencies to the correct version to get this merged. And while you are at it, update to Dockerfile as well so we see this(and go.mod validation) in action.

zachbadgett

comment created time in 4 days

startedrohanrhu/gdb-frontend

started time in 4 days

issue commentdocker/buildx

Where did the built multi-platform image go?

If you are pushing to localhost from a container driver you need to use host networking for the container https://github.com/docker/buildx#--driver-opt-options

zhanghongtong

comment created time in 4 days

issue commentdocker/buildx

security=insecure does not automatically provide access to devices

@EduardoRFS btw, your loopback mount will not exist after RUN has completed if that wasn't clear. All the RUN commands run in isolated containers. So your ls would need to be RUN --security=insecure mount /armeabi-v7a/system.img /armeabi-v7a/mnt && ls /armeabi-v7a/mnt. If you want the files to be in the image you need to copy them out from the loopback mount to the container layers with a RUN command.

EduardoRFS

comment created time in 6 days

issue commentdocker/buildx

security=insecure does not automatically provide access to devices

That PR is not in a release build yet, did you use --driver-opt image=moby/buildkit:master when creating the builder instance?

EduardoRFS

comment created time in 6 days

issue commentdocker/buildx

network mode "custom_network" not supported by buildkit

you might have been referring to something else.

https://medium.com/@tonistiigi/build-secrets-and-ssh-forwarding-in-docker-18-09-ae8161d066

MarcosMorelli

comment created time in 6 days

push eventdocker/buildx

Brian Goff

commit sha 87fbc406f52d4dfda7b91b5a8d653d6c232d1944

Make k8s driver priority lower Otherwise it ends up being default and it's probably not the normal case. Signed-off-by: Brian Goff <cpuguy83@gmail.com>

view details

Tõnis Tiigi

commit sha 891d3556797cc33a63f76529824a99cc03dcf826

Merge pull request #225 from cpuguy83/k8s_priority Make k8s driver priority lower

view details

push time in 6 days

PR merged docker/buildx

Make k8s driver priority lower

Otherwise it ends up being default and it's probably not the normal case.

+4 -2

0 comment

2 changed files

cpuguy83

pr closed time in 6 days

issue commentdocker/buildx

network mode "custom_network" not supported by buildkit

why would someone forward it across an insecure connection?

Why would that connection be insecure? Forwarding agent is more secure than build secrets because your nodes never get access to your keys.

if you can do all your tests in a docker build container it's one less thing to lock down. along with the means to temporary mount secrets

We have solutions for build secrets, privileged execution modes (where you needed docker run before for more complicated integration tests) and persistent cache for your apt/npm cache etc. https://github.com/moby/buildkit/issues/1337 is implementing sidecar containers support. None of this breaks the portability of the build. And if you really want it, host networking is available for you.

MarcosMorelli

comment created time in 6 days

issue commentdocker/buildx

network mode "custom_network" not supported by buildkit

That horse has bolted - SSH mount makes the build dependent upon the configuration of a single node

No, it does not. You can forward your ssh agent against any node or a cluster of nodes in buildx. Not really different than just using private images.

MarcosMorelli

comment created time in 7 days

issue commentdocker/for-linux

Docker sees a previous image as latest after successfully tagging a new one

push/pull digest not matching image sha is expected. One is config other is manifest(compressed). For the diff between the initial build and docker images I have no idea.

bra-fsn

comment created time in 8 days

issue commentcontainerd/containerd

Release 1.2.12 is not in the repositories for Linux Debian/Ubuntu

seems it was only done for ubuntu and not debian.

eg. https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/containerd.io_1.2.12-1_amd64.deb is 404

https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/containerd.io_1.2.12-1_amd64.deb is 200

> curl https://download.docker.com/linux/debian/dists/stretch/stable/binary-amd64/Packages | grep 1.2.12
> curl https://download.docker.com/linux/ubuntu/dists/xenial/stable/binary-amd64/Packages | grep 1.2.12
sharkyzz

comment created time in 8 days

issue commentcontainerd/containerd

Release 1.2.12 is not in the repositories for Linux Debian/Ubuntu

@mgabeler-lee-6rs what Packages still has it? It should be removed from everywhere but you might need to update your cache. We put back the debs for people with updated cache but checking at it now it seems it was only done for ubuntu and not debian.

sharkyzz

comment created time in 8 days

issue openedcontainerd/containerd

[v1.2] regression in v1.2.12 leaves container/shim hanging

reported in https://github.com/moby/moby/issues/40514

bisected to https://github.com/containerd/containerd/pull/3366/

f71f6d39b6131a72bcc93a667f72c1ed722ef3e4 is the first bad commit
commit f71f6d39b6131a72bcc93a667f72c1ed722ef3e4
Author: Michael Crosby <crosbymichael@gmail.com>
Date:   Fri Jun 21 15:28:16 2019 -0400
    Robust pid locking for shim processes
    Closes #2832
    Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
    (cherry picked from commit 719a2c594e4aad6a2de5cd9c298ab95309c2135c)
    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
:040000 040000 fc5e0f9feb773e73730dc857137f93ca9241674f 2c6ee1b0341db99193cf61da77cada9994ec0f27 M	runtime

Only seems to happen on some machines. The race could be performance-related and requires a slower machine. One known configuration where it reproduces is DigitalOcean $10 1cpu/2GB ram instance.

The container is left hanging with containerd-shim still running. Unknown if it helps but https://gist.github.com/tonistiigi/b1d7a3ad3811a7ce1c1ac96c4be04009 is a trace of shim when it hangs.

created time in 9 days

issue commentmoby/buildkit

Build on zLinux(Linux/s390x) failed with “buildkit not supported by daemon”

@caixiangibm You can just run buildx binary directly. You don't need to use it as a cli plugin if you don't have docker that supports plugins.

caixiangibm

comment created time in 10 days

push eventtonistiigi/buildkit

Tonis Tiigi

commit sha eccae3e469594c563a1c1a26948905bebc642590

dockerfile: update static base images Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

view details

push time in 10 days

PR opened moby/buildkit

dockerfile: update static base images

follow-up: https://github.com/moby/buildkit/pull/1343#issue-366707884 fixes: https://github.com/docker/buildx/issues/145

Signed-off-by: Tonis Tiigi tonistiigi@gmail.com

 # docker buildx build --target git -o type=registry,name=tonistiigi/git --platform linux/amd64,linux/arm/v7,linux/arm/v6,linux/s390x,linux/ppc64le,linux/arm64 .
[+] Building 23.2s (23/23) FINISHED
 => [internal] load .dockerignore                                                                                                                                                                                       0.0s
 => => transferring context: 34B                                                                                                                                                                                        0.0s
 => [internal] load build definition from Dockerfile                                                                                                                                                                    0.0s
 => => transferring dockerfile: 11.93kB                                                                                                                                                                                 0.0s
 => resolve image config for docker.io/docker/dockerfile:1.1-experimental                                                                                                                                               1.1s
 => CACHED docker-image://docker.io/docker/dockerfile:1.1-experimental@sha256:888f21826273409b5ef5ff9ceb90c64a8f8ec7760da30d1ffbe6c3e2d323a7bd                                                                          0.0s
 => => resolve docker.io/docker/dockerfile:1.1-experimental@sha256:888f21826273409b5ef5ff9ceb90c64a8f8ec7760da30d1ffbe6c3e2d323a7bd                                                                                     0.0s
 => [linux/arm/v7 internal] load metadata for docker.io/library/alpine:latest                                                                                                                                           1.0s
 => [linux/s390x internal] load metadata for docker.io/library/alpine:latest                                                                                                                                            0.9s
 => [linux/arm64 internal] load metadata for docker.io/library/alpine:latest                                                                                                                                            0.9s
 => [linux/ppc64le internal] load metadata for docker.io/library/alpine:latest                                                                                                                                          1.0s
 => [linux/arm/v6 internal] load metadata for docker.io/library/alpine:latest                                                                                                                                           0.9s
 => [linux/amd64 internal] load metadata for docker.io/library/alpine:latest                                                                                                                                            0.7s
 => [linux/ppc64le git 1/2] FROM docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                       0.9s
 => => sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d 1.64kB / 1.64kB                                                                                                                          0.0s
 => => sha256:ff8a6adf5859433869343296f1b06e0a7bdf4fc836b08d5854221e351baf6929 528B / 528B                                                                                                                              0.0s
 => => sha256:cd95c8a93e39dcaa0634a65d5b86a88bcd5c3092adb1f96504a7030faa165123 2.82MB / 2.82MB                                                                                                                          0.5s
 => => sha256:8ebf70746025b4e6b5bd434a1468b51a4278e88b29c08a0bb275f8b012066475 1.51kB / 1.51kB                                                                                                                          0.0s
 => => unpacking docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                                       0.2s
 => [linux/amd64 git 1/2] FROM docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                         0.0s
 => [linux/arm64 git 1/2] FROM docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                         0.9s
 => => sha256:4d5c5951669588e23881c158629ae6bac4ab44866d5b4d150c3f15d91f26682b 528B / 528B                                                                                                                              0.0s
 => => sha256:8fa90b21c985a6fcfff966bdfbde81cdd088de0aa8af38110057f6ac408f4408 2.72MB / 2.72MB                                                                                                                          0.3s
 => => sha256:6e4716cdcf7a5a48d6e15b198b04caedc245dd2530204b02107fa3eadc71cb94 1.51kB / 1.51kB                                                                                                                          0.0s
 => => sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d 1.64kB / 1.64kB                                                                                                                          0.0s
 => => unpacking docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                                       0.2s
 => CACHED [linux/amd64 git 2/2] RUN apk add --no-cache git xz                                                                                                                                                          0.0s
 => [linux/arm/v6 git 1/2] FROM docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                        0.9s
 => => resolve docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                                         0.0s
 => => sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d 1.64kB / 1.64kB                                                                                                                          0.0s
 => => sha256:401f030aa35e86bafd31c6cc292b01659cbde72d77e8c24737bd63283837f02c 528B / 528B                                                                                                                              0.0s
 => => sha256:832e07764099264ef96e50a1e5e41c52d6b0809bd054e29508a6878aa59d156d 2.62MB / 2.62MB                                                                                                                          0.3s
 => => sha256:8093515ca679e4cd8d56baf2ba7bd54b3728367d8640a211e26a6528e02c8f8e 1.51kB / 1.51kB                                                                                                                          0.0s
 => => unpacking docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                                       0.3s
 => [linux/arm/v7 git 1/2] FROM docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                        0.9s
 => => sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d 1.64kB / 1.64kB                                                                                                                          0.0s
 => => sha256:2c26a655f6e38294e859edac46230210bbed3591d6ff57060b8671cda09756d4 528B / 528B                                                                                                                              0.0s
 => => sha256:3a2c5e3c37b2e3d749405512ef3793aa45a2f5c11615d9e9efa80179262cdf27 2.42MB / 2.42MB                                                                                                                          0.4s
 => => sha256:b9cc225140e0790b9160876bb61c8e7516489325c0bf8e650eb8b6f975082c36 1.51kB / 1.51kB                                                                                                                          0.0s
 => => unpacking docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                                       0.3s
 => [linux/s390x git 1/2] FROM docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                         0.8s
 => => resolve docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                                         0.0s
 => => sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d 1.64kB / 1.64kB                                                                                                                          0.0s
 => => sha256:ef20eb43010abda2d7944e0cd11ef00a961ff7a7f953671226fbf8747895417d 528B / 528B                                                                                                                              0.0s
 => => sha256:176bad61a3a435da03ec603d2bd8f7a69286d92f21f447b17f21f0bc4e085bde 2.58MB / 2.58MB                                                                                                                          0.3s
 => => sha256:d944d048f7287e69a141b3be4658e0735385852579e6e40ad1d2cceb49dce51b 1.51kB / 1.51kB                                                                                                                          0.0s
 => => unpacking docker.io/library/alpine@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                                       0.3s
 => [linux/s390x git 2/2] RUN apk add --no-cache git xz                                                                                                                                                                 3.6s
 => [linux/arm/v6 git 2/2] RUN apk add --no-cache git xz                                                                                                                                                                3.4s
 => [linux/arm/v7 git 2/2] RUN apk add --no-cache git xz                                                                                                                                                                3.4s
 => [linux/ppc64le git 2/2] RUN apk add --no-cache git xz                                                                                                                                                               3.9s
 => [linux/arm64 git 2/2] RUN apk add --no-cache git xz                                                                                                                                                                 3.5s
 => exporting to image                                                                                                                                                                                                 15.8s
 => => exporting layers                                                                                                                                                                                                 1.5s
 => => exporting manifest sha256:3fb92f20384f36a68eaad60d212b219ddfb7050b72b84a4c2a141fcc8784377b                                                                                                                       0.5s
 => => exporting config sha256:9a50ef7cc18a89974865af58b9122c83b93cf87b8c3ae7fefeeda6c362ec82f9                                                                                                                         0.0s
 => => exporting manifest sha256:18d53ab39a4685176f423ad2485cdc9eee47a85a51a5d8124c62a05fea94855f                                                                                                                       0.0s
 => => exporting config sha256:0a8b2f32d18c5972932032ffab7338d88228a886a91e017a1832b9b338a76663                                                                                                                         0.0s
 => => exporting manifest sha256:abf9c47b08a93f2a7a0af93e40de351a0a24ff27ac77036581fd311064e77169                                                                                                                       0.0s
 => => exporting config sha256:5d9e752fb4e3f5cc37c461b104c36505239ce933443953aafaa2f81b7ee3263c                                                                                                                         0.0s
 => => exporting manifest sha256:219fd0332f9393282a2fb62d95675677e989a4fc6d4efa35d8cf1010b66904f9                                                                                                                       0.0s
 => => exporting config sha256:39a350ca8dfc72c7bdbf70c908648492677334239be2156a619c439bb1db5718                                                                                                                         0.0s
 => => exporting manifest sha256:42a379a52ba3f3b170bdefe816e4d99a6df6532a9be141375e91f04eb27fcc37                                                                                                                       0.0s
 => => exporting config sha256:63f48f6c1d601c09a984fd2d49635cb08a1b930cf77d7d67fd192f52669a1d78                                                                                                                         0.0s
 => => exporting manifest sha256:ff7bc13c0d2637663620fb4c6c89c55664eb653f764ff3f865b9e3654a7ed323                                                                                                                       0.0s
 => => exporting config sha256:130bf456ecddbae845fdde503c3449f97114ec036bf5b5b24f99df2cd714f884                                                                                                                         0.0s
 => => exporting manifest list sha256:393483e1cef35f09e1a8fe0a0bd93a78b1b6ecec5b5afa5fa5d600fa3ab1fdd8                                                                                                                  0.0s
 => => pushing layers                                                                                                                                                                                                  10.9s
 => => pushing manifest for docker.io/tonistiigi/git:latest                                                                                                                                                             2.7s
 # docker buildx imagetools inspect docker.io/tonistiigi/git:latest
Name:      docker.io/tonistiigi/git:latest
MediaType: application/vnd.docker.distribution.manifest.list.v2+json
Digest:    sha256:393483e1cef35f09e1a8fe0a0bd93a78b1b6ecec5b5afa5fa5d600fa3ab1fdd8

Manifests:
  Name:      docker.io/tonistiigi/git:latest@sha256:3fb92f20384f36a68eaad60d212b219ddfb7050b72b84a4c2a141fcc8784377b
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/amd64

  Name:      docker.io/tonistiigi/git:latest@sha256:18d53ab39a4685176f423ad2485cdc9eee47a85a51a5d8124c62a05fea94855f
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm/v7

  Name:      docker.io/tonistiigi/git:latest@sha256:abf9c47b08a93f2a7a0af93e40de351a0a24ff27ac77036581fd311064e77169
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm/v6

  Name:      docker.io/tonistiigi/git:latest@sha256:219fd0332f9393282a2fb62d95675677e989a4fc6d4efa35d8cf1010b66904f9
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/s390x

  Name:      docker.io/tonistiigi/git:latest@sha256:42a379a52ba3f3b170bdefe816e4d99a6df6532a9be141375e91f04eb27fcc37
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/ppc64le

  Name:      docker.io/tonistiigi/git:latest@sha256:ff7bc13c0d2637663620fb4c6c89c55664eb653f764ff3f865b9e3654a7ed323
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm64
  
  
  
 # docker buildx build --target rootless-base-internal -o type=registry -t tonistiigi/buildkit:rootless-base --platform linux/amd64,linux/arm/v7,linux/arm/v6,linux/s390x,linux/ppc64le,linux/arm64 .
[+] Building 25.3s (71/71) FINISHED
 => [internal] load .dockerignore                                                                                                                                                                                       0.1s
 => => transferring context: 34B                                                                                                                                                                                        0.0s
 => [internal] load build definition from Dockerfile                                                                                                                                                                    0.1s
 => => transferring dockerfile: 32B                                                                                                                                                                                     0.0s
 => resolve image config for docker.io/docker/dockerfile:1.1-experimental                                                                                                                                               0.3s
 => CACHED docker-image://docker.io/docker/dockerfile:1.1-experimental@sha256:888f21826273409b5ef5ff9ceb90c64a8f8ec7760da30d1ffbe6c3e2d323a7bd                                                                          0.0s
 => => resolve docker.io/docker/dockerfile:1.1-experimental@sha256:888f21826273409b5ef5ff9ceb90c64a8f8ec7760da30d1ffbe6c3e2d323a7bd                                                                                     0.0s
 => [linux/arm64 internal] load metadata for docker.io/library/alpine:3.11                                                                                                                                              0.3s
 => [linux/s390x internal] load metadata for docker.io/library/alpine:3.11                                                                                                                                              0.3s
 => [linux/arm/v7 internal] load metadata for docker.io/library/alpine:3.11                                                                                                                                             0.4s
 => [linux/ppc64le internal] load metadata for docker.io/library/alpine:3.11                                                                                                                                            0.4s
 => [linux/amd64 internal] load metadata for docker.io/library/alpine:3.11                                                                                                                                              0.4s
 => [linux/arm/v6 internal] load metadata for docker.io/library/alpine:3.11                                                                                                                                             0.4s
 => [linux/s390x rootless-base-internal 1/5] FROM docker.io/library/alpine:3.11@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                 0.0s
 => => resolve docker.io/library/alpine:3.11@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                                    0.0s
 => [linux/arm/v6 idmap 1/6] FROM docker.io/library/alpine:3.11@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                 0.0s
 => [linux/ppc64le idmap 1/6] FROM docker.io/library/alpine:3.11@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                0.0s
 => => resolve docker.io/library/alpine:3.11@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                                    0.0s
 => [linux/arm/v7 rootless-base-internal 1/5] FROM docker.io/library/alpine:3.11@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                0.0s
 => => resolve docker.io/library/alpine:3.11@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                                    0.0s
 => [linux/arm64 idmap 1/6] FROM docker.io/library/alpine:3.11@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                  0.0s
 => => resolve docker.io/library/alpine:3.11@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                                    0.0s
 => [linux/amd64 rootless-base-internal 1/5] FROM docker.io/library/alpine:3.11@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                 0.0s
 => => resolve docker.io/library/alpine:3.11@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d                                                                                                    0.0s
 => CACHED [linux/arm64 rootless-base-internal 2/5] RUN apk add --no-cache git xz                                                                                                                                       0.0s
 => CACHED [linux/arm64 idmap 2/6] RUN apk add --no-cache autoconf automake build-base byacc gettext gettext-dev gcc git libcap-dev libtool libxslt                                                                     0.0s
 => CACHED [linux/arm64 idmap 3/6] RUN git clone https://github.com/shadow-maint/shadow.git /shadow                                                                                                                     0.0s
 => CACHED [linux/arm64 idmap 4/6] WORKDIR /shadow                                                                                                                                                                      0.0s
 => CACHED [linux/arm64 idmap 5/6] RUN git checkout 4.8.1                                                                                                                                                               0.0s
 => CACHED [linux/arm64 idmap 6/6] RUN ./autogen.sh --disable-nls --disable-man --without-audit --without-selinux --without-acl --without-attr --without-tcb --without-nscd   && make   && cp src/newuidmap src/newgid  0.0s
 => CACHED [linux/arm64 rootless-base-internal 3/5] COPY --from=idmap /usr/bin/newuidmap /usr/bin/newuidmap                                                                                                             0.0s
 => CACHED [linux/arm64 rootless-base-internal 4/5] COPY --from=idmap /usr/bin/newgidmap /usr/bin/newgidmap                                                                                                             0.0s
 => CACHED [linux/arm64 rootless-base-internal 5/5] RUN chmod u+s /usr/bin/newuidmap /usr/bin/newgidmap   && adduser -D -u 1000 user   && mkdir -p /run/user/1000 /home/user/.local/tmp /home/user/.local/share/buildk  0.0s
 => CACHED [linux/arm/v6 rootless-base-internal 2/5] RUN apk add --no-cache git xz                                                                                                                                      0.0s
 => CACHED [linux/arm/v6 idmap 2/6] RUN apk add --no-cache autoconf automake build-base byacc gettext gettext-dev gcc git libcap-dev libtool libxslt                                                                    0.0s
 => CACHED [linux/arm/v6 idmap 3/6] RUN git clone https://github.com/shadow-maint/shadow.git /shadow                                                                                                                    0.0s
 => CACHED [linux/arm/v6 idmap 4/6] WORKDIR /shadow                                                                                                                                                                     0.0s
 => CACHED [linux/arm/v6 idmap 5/6] RUN git checkout 4.8.1                                                                                                                                                              0.0s
 => CACHED [linux/arm/v6 idmap 6/6] RUN ./autogen.sh --disable-nls --disable-man --without-audit --without-selinux --without-acl --without-attr --without-tcb --without-nscd   && make   && cp src/newuidmap src/newgi  0.0s
 => CACHED [linux/arm/v6 rootless-base-internal 3/5] COPY --from=idmap /usr/bin/newuidmap /usr/bin/newuidmap                                                                                                            0.0s
 => CACHED [linux/arm/v6 rootless-base-internal 4/5] COPY --from=idmap /usr/bin/newgidmap /usr/bin/newgidmap                                                                                                            0.0s
 => CACHED [linux/arm/v6 rootless-base-internal 5/5] RUN chmod u+s /usr/bin/newuidmap /usr/bin/newgidmap   && adduser -D -u 1000 user   && mkdir -p /run/user/1000 /home/user/.local/tmp /home/user/.local/share/build  0.0s
 => CACHED [linux/s390x rootless-base-internal 2/5] RUN apk add --no-cache git xz                                                                                                                                       0.0s
 => CACHED [linux/s390x idmap 2/6] RUN apk add --no-cache autoconf automake build-base byacc gettext gettext-dev gcc git libcap-dev libtool libxslt                                                                     0.0s
 => CACHED [linux/s390x idmap 3/6] RUN git clone https://github.com/shadow-maint/shadow.git /shadow                                                                                                                     0.0s
 => CACHED [linux/s390x idmap 4/6] WORKDIR /shadow                                                                                                                                                                      0.0s
 => CACHED [linux/s390x idmap 5/6] RUN git checkout 4.8.1                                                                                                                                                               0.0s
 => CACHED [linux/s390x idmap 6/6] RUN ./autogen.sh --disable-nls --disable-man --without-audit --without-selinux --without-acl --without-attr --without-tcb --without-nscd   && make   && cp src/newuidmap src/newgid  0.0s
 => CACHED [linux/s390x rootless-base-internal 3/5] COPY --from=idmap /usr/bin/newuidmap /usr/bin/newuidmap                                                                                                             0.0s
 => CACHED [linux/s390x rootless-base-internal 4/5] COPY --from=idmap /usr/bin/newgidmap /usr/bin/newgidmap                                                                                                             0.0s
 => CACHED [linux/s390x rootless-base-internal 5/5] RUN chmod u+s /usr/bin/newuidmap /usr/bin/newgidmap   && adduser -D -u 1000 user   && mkdir -p /run/user/1000 /home/user/.local/tmp /home/user/.local/share/buildk  0.0s
 => CACHED [linux/ppc64le rootless-base-internal 2/5] RUN apk add --no-cache git xz                                                                                                                                     0.0s
 => CACHED [linux/ppc64le idmap 2/6] RUN apk add --no-cache autoconf automake build-base byacc gettext gettext-dev gcc git libcap-dev libtool libxslt                                                                   0.0s
 => CACHED [linux/ppc64le idmap 3/6] RUN git clone https://github.com/shadow-maint/shadow.git /shadow                                                                                                                   0.0s
 => CACHED [linux/ppc64le idmap 4/6] WORKDIR /shadow                                                                                                                                                                    0.0s
 => CACHED [linux/ppc64le idmap 5/6] RUN git checkout 4.8.1                                                                                                                                                             0.0s
 => CACHED [linux/ppc64le idmap 6/6] RUN ./autogen.sh --disable-nls --disable-man --without-audit --without-selinux --without-acl --without-attr --without-tcb --without-nscd   && make   && cp src/newuidmap src/newg  0.0s
 => CACHED [linux/ppc64le rootless-base-internal 3/5] COPY --from=idmap /usr/bin/newuidmap /usr/bin/newuidmap                                                                                                           0.0s
 => CACHED [linux/ppc64le rootless-base-internal 4/5] COPY --from=idmap /usr/bin/newgidmap /usr/bin/newgidmap                                                                                                           0.0s
 => CACHED [linux/ppc64le rootless-base-internal 5/5] RUN chmod u+s /usr/bin/newuidmap /usr/bin/newgidmap   && adduser -D -u 1000 user   && mkdir -p /run/user/1000 /home/user/.local/tmp /home/user/.local/share/buil  0.0s
 => CACHED [linux/amd64 rootless-base-internal 2/5] RUN apk add --no-cache git xz                                                                                                                                       0.0s
 => CACHED [linux/amd64 idmap 2/6] RUN apk add --no-cache autoconf automake build-base byacc gettext gettext-dev gcc git libcap-dev libtool libxslt                                                                     0.0s
 => CACHED [linux/amd64 idmap 3/6] RUN git clone https://github.com/shadow-maint/shadow.git /shadow                                                                                                                     0.0s
 => CACHED [linux/amd64 idmap 4/6] WORKDIR /shadow                                                                                                                                                                      0.0s
 => CACHED [linux/amd64 idmap 5/6] RUN git checkout 4.8.1                                                                                                                                                               0.0s
 => CACHED [linux/amd64 idmap 6/6] RUN ./autogen.sh --disable-nls --disable-man --without-audit --without-selinux --without-acl --without-attr --without-tcb --without-nscd   && make   && cp src/newuidmap src/newgid  0.0s
 => CACHED [linux/amd64 rootless-base-internal 3/5] COPY --from=idmap /usr/bin/newuidmap /usr/bin/newuidmap                                                                                                             0.0s
 => CACHED [linux/amd64 rootless-base-internal 4/5] COPY --from=idmap /usr/bin/newgidmap /usr/bin/newgidmap                                                                                                             0.0s
 => CACHED [linux/amd64 rootless-base-internal 5/5] RUN chmod u+s /usr/bin/newuidmap /usr/bin/newgidmap   && adduser -D -u 1000 user   && mkdir -p /run/user/1000 /home/user/.local/tmp /home/user/.local/share/buildk  0.0s
 => CACHED [linux/arm/v7 rootless-base-internal 2/5] RUN apk add --no-cache git xz                                                                                                                                      0.0s
 => CACHED [linux/arm/v7 idmap 2/6] RUN apk add --no-cache autoconf automake build-base byacc gettext gettext-dev gcc git libcap-dev libtool libxslt                                                                    0.0s
 => CACHED [linux/arm/v7 idmap 3/6] RUN git clone https://github.com/shadow-maint/shadow.git /shadow                                                                                                                    0.0s
 => CACHED [linux/arm/v7 idmap 4/6] WORKDIR /shadow                                                                                                                                                                     0.0s
 => CACHED [linux/arm/v7 idmap 5/6] RUN git checkout 4.8.1                                                                                                                                                              0.0s
 => CACHED [linux/arm/v7 idmap 6/6] RUN ./autogen.sh --disable-nls --disable-man --without-audit --without-selinux --without-acl --without-attr --without-tcb --without-nscd   && make   && cp src/newuidmap src/newgi  0.0s
 => CACHED [linux/arm/v7 rootless-base-internal 3/5] COPY --from=idmap /usr/bin/newuidmap /usr/bin/newuidmap                                                                                                            0.0s
 => CACHED [linux/arm/v7 rootless-base-internal 4/5] COPY --from=idmap /usr/bin/newgidmap /usr/bin/newgidmap                                                                                                            0.0s
 => CACHED [linux/arm/v7 rootless-base-internal 5/5] RUN chmod u+s /usr/bin/newuidmap /usr/bin/newgidmap   && adduser -D -u 1000 user   && mkdir -p /run/user/1000 /home/user/.local/tmp /home/user/.local/share/build  0.0s
 => exporting to image                                                                                                                                                                                                 23.6s
 => => exporting layers                                                                                                                                                                                                 0.0s
 => => exporting manifest sha256:e9bbd8ae01ed4e69de1e4255b41afebce174e72e7d15552bc3e4a48a36cb7b8e                                                                                                                       0.0s
 => => exporting config sha256:1183ddd9f07a2084b56010639517cc23e8af17e7d5123c1ddc9627ba7b8f1a66                                                                                                                         0.0s
 => => exporting manifest sha256:c8d873ea7f343839b51f2deb307ca074583852aaf891e73129eb73481b4aff45                                                                                                                       0.0s
 => => exporting config sha256:30f397f0bc12dc07685f30f9d7974c05e56f704e06575360d8088f1b0ae1861b                                                                                                                         0.0s
 => => exporting manifest sha256:5924875c65aeb2591ad859e6eae99f57ec29589b94f19cce9970559d3be89089                                                                                                                       0.0s
 => => exporting config sha256:fa8e480c9d75ad4c30ab591358ad0d916dccebabc54f893be494b1f836f44894                                                                                                                         0.0s
 => => exporting manifest sha256:f0ec9ee0f70ad92c200f99bf08a822c73e79341d81154f0a50754085fab1e923                                                                                                                       0.0s
 => => exporting config sha256:ce301fd4f0344a1110f6b627ac169382c6a2498b2550233999d25f854c2ce6a4                                                                                                                         0.0s
 => => exporting manifest sha256:b0b28e08cc356b79fb12b3982eb5b6d02b51430e31eb2adc4405da0a2fe6922d                                                                                                                       0.0s
 => => exporting config sha256:d86a64f1b5c11d359fed0f3e38ba982ea706f943b5c4e51e79a66751fa668a4a                                                                                                                         0.0s
 => => exporting manifest sha256:dcd110128a398567157497b8242f0d9a366db3271199718aa11963e3845b903b                                                                                                                       0.0s
 => => exporting config sha256:77caa6ed39ee6fc2c2faf01699958aeb30c2b290dfdd58c1f8b2646a2ec777a7                                                                                                                         0.0s
 => => exporting manifest list sha256:0008b156dedd0220a5a0a1aa8840afe0ea0f01f44dfe1ae850b3970aaa1c5cec                                                                                                                  0.0s
 => => pushing layers                                                                                                                                                                                                  20.5s
 => => pushing manifest for docker.io/tonistiigi/buildkit:rootless-base                                                                                                                                                 2.9s
 # docker buildx imagetools inspect docker.io/tonistiigi/buildkit:rootless-base
Name:      docker.io/tonistiigi/buildkit:rootless-base
MediaType: application/vnd.docker.distribution.manifest.list.v2+json
Digest:    sha256:0008b156dedd0220a5a0a1aa8840afe0ea0f01f44dfe1ae850b3970aaa1c5cec

Manifests:
  Name:      docker.io/tonistiigi/buildkit:rootless-base@sha256:e9bbd8ae01ed4e69de1e4255b41afebce174e72e7d15552bc3e4a48a36cb7b8e
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/amd64

  Name:      docker.io/tonistiigi/buildkit:rootless-base@sha256:c8d873ea7f343839b51f2deb307ca074583852aaf891e73129eb73481b4aff45
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm/v7

  Name:      docker.io/tonistiigi/buildkit:rootless-base@sha256:5924875c65aeb2591ad859e6eae99f57ec29589b94f19cce9970559d3be89089
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm/v6

  Name:      docker.io/tonistiigi/buildkit:rootless-base@sha256:f0ec9ee0f70ad92c200f99bf08a822c73e79341d81154f0a50754085fab1e923
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/s390x

  Name:      docker.io/tonistiigi/buildkit:rootless-base@sha256:b0b28e08cc356b79fb12b3982eb5b6d02b51430e31eb2adc4405da0a2fe6922d
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/ppc64le

  Name:      docker.io/tonistiigi/buildkit:rootless-base@sha256:dcd110128a398567157497b8242f0d9a366db3271199718aa11963e3845b903b
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm64
+5 -5

0 comment

1 changed file

pr created time in 10 days

create barnchtonistiigi/buildkit

branch : base-upt

created branch time in 10 days

Pull request review commentmoby/buildkit

Fix go.mod to be compatible with go1.13

 go 1.12  require ( 	github.com/BurntSushi/toml v0.3.1-	github.com/Microsoft/go-winio v0.4.14-	github.com/Microsoft/hcsshim v0.8.5 // indirect+	github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5

Where are these commits coming from? If I compare with containerd I don't see same commits. For some of them it isn't a big deal as if we have direct dependency we could bump it (although would be nice to mark it as upgrade in another commit then). But many in here seem to be just containerd dependencies. Or is it really that the old versions didn't build with go1.13?

zachbadgett

comment created time in 10 days

issue commentmoby/buildkit

Build on zLinux(Linux/s390x) failed with “buildkit not supported by daemon”

@caixiangibm You can do that. I'd also recommend you to use this config to build a new version of Docker as one of your first builds.

caixiangibm

comment created time in 10 days

issue closedmoby/buildkit

Buildkit: no way to ignore intermediate cached layers and use cache mounts.

When building with BuildKit there is no way to ignore intermediate cached layers but continue using cache mounts.

Our Dockerfile has two phases: The first: Connects to the repository, grabs sources and compiles them. The second: Takes compiled binaries from previous step and copies inside this final deployable image.

The first step, uses a lot of libraries (provided through maven and npm), to avoid downloading on each build we are using cache mounts.

Starting the build process with:

docker build --no-cache .

Every build starts with an empty cache mount (having to download all the libs, and generating a lot of trash cache mounts). Omitting the --no-cache parameter, the first phase skips the repository download (cached) and no compilation is done.

There is no way to not use intermediate builds and use cache mounts: The --no-cache should not have effect over cache mounts.

Docker version:

[ecatala@sauron ~]$ docker version
Client: Docker Engine - Community
 Version:           19.03.3
 API version:       1.40
 Go version:        go1.12.10
 Git commit:        a872fc2f86
 Built:             Tue Oct  8 00:58:27 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.3
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.10
  Git commit:       a872fc2f86
  Built:            Tue Oct  8 00:57:04 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

closed time in 10 days

indiketa

issue commentmoby/buildkit

Buildkit: no way to ignore intermediate cached layers and use cache mounts.

The --no-cache should not have effect over cache mounts.

This is how it used to be and people complained about still getting cache with --no-cache.

Closing in favor of https://github.com/moby/buildkit/issues/1213

indiketa

comment created time in 10 days

issue closedmoby/buildkit

Build on zLinux(Linux/s390x) failed with “buildkit not supported by daemon”

We tried to build on zLinux (Linux/s390x) with buildkit enabled, but the build failed by “buildkit not supported by daemon” from docker engine. We had installed the latest docker engine (docker-18.06.3-ce) for zLinux (Linux/s390x), while form docker tech doc, from Docker Build enhancements for 18.09 release integrating BuildKit. https://docs.docker.com/develop/develop-images/build_enhancements/

From docker package static binaries site (https://download.docker.com/linux/static/stable/s390x/), docker-18.06.3-ce already the latest version on s390x. We had implement code for buildkit in Dockerfile and need it for image build, is there some workaround or solution to make buildkit workable on s390x?

closed time in 10 days

caixiangibm

issue commentmoby/buildkit

Build on zLinux(Linux/s390x) failed with “buildkit not supported by daemon”

you can get buildx release from https://github.com/docker/buildx/releases . As Docker does not make releases for s390x anymore you just need to build yourself if you need that. Sticking with 18.06 is not recommended for using buildkit through docker build, even if some things work in experimental mode.

caixiangibm

comment created time in 10 days

issue commentmoby/buildkit

Documentation for types of filters in docker builder prune

@daveisfera docker builder prune --filter type=regular

daveisfera

comment created time in 11 days

issue closedmoby/buildkit

Docker build is not honoring the memory limits

$ DOCKER_BUILDKIT=1 docker build --memory="1g" -t my-app . 

$ docker --version
Docker version 19.03.3, build a872fc2f86

The kernel kills processes after OOM because docker IGNORES the "--memory". If you remove the DOCKER_BUILDKIT=1 then everything works as expected

closed time in 11 days

yshemesh

issue commentmoby/buildkit

Docker build is not honoring the memory limits

dupe of #593

yshemesh

comment created time in 11 days

Pull request review commentmoby/buildkit

Fix go.mod to be compatible with go1.13

 module github.com/moby/buildkit -go 1.12+go 1.11

why is this go1.11 ?

zachbadgett

comment created time in 12 days

issue commentmoby/buildkit

Docker build "exit status" is not reflecting the actual build result status

 # DOCKER_BUILDKIT=1 docker build -t my-app --force-rm . ; echo "Exit status is: $?"
[+] Building 0.4s (5/5) FINISHED
 => [internal] load build definition from Dockerfile                                                                                                                                  0.0s
 => => transferring dockerfile: 34B                                                                                                                                                   0.0s
 => [internal] load .dockerignore                                                                                                                                                     0.0s
 => => transferring context: 2B                                                                                                                                                       0.0s
 => [internal] load metadata for docker.io/library/alpine:latest                                                                                                                      0.0s
 => CACHED [1/2] FROM docker.io/library/alpine                                                                                                                                        0.0s
 => ERROR [2/2] RUN exit 1                                                                                                                                                            0.4s
------
 > [2/2] RUN exit 1:
------
executor failed running [/bin/sh -c exit 1]: exit code: 1
Exit status is: 1
yshemesh

comment created time in 13 days

issue commentmoby/buildkit

docker rmi doesn't remove unused layers with buildkit

You can still only keep the cache for the images you manage manually. builder prune without --all will not clear cache for layers that are shared with images so if you only want to keep the cache for your current set of images your can run prune aggressively. I believe you can also prune individual layers if you want even more manual control and filter by layer type.

daveisfera

comment created time in 16 days

push eventtonistiigi/buildkit

Tonis Tiigi

commit sha b0e76973ee4488f01b5ceefd8f1211f1a10c22f8

solver: use correct context for getting cache managers lazily Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

view details

push time in 16 days

Pull request review commentmoby/buildkit

solver: evaluate solve results lazily

 func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest) (res * 		return &frontend.Result{}, nil 	} -	if err := res.EachRef(func(r solver.CachedResult) error {-		wr, ok := r.Sys().(*worker.WorkerRef)-		if !ok {-			return errors.Errorf("invalid reference for exporting: %T", r.Sys())+	return+}++type resultProxy struct {+	cb       func(context.Context) (solver.CachedResult, error)+	def      *pb.Definition+	g        flightcontrol.Group+	mu       sync.Mutex+	released bool+	v        solver.CachedResult+	err      error+}++func (rp *resultProxy) Definition() *pb.Definition {+	return rp.def+}++func (rp *resultProxy) Release(ctx context.Context) error {+	rp.mu.Lock()+	defer rp.mu.Unlock()+	if rp.v != nil {+		if err := rp.v.Release(ctx); err != nil {

Double release is usually handled gracefully but still signifies a bug if it should happen. So I added a warning for it.

tonistiigi

comment created time in 16 days

push eventtonistiigi/buildkit

Tonis Tiigi

commit sha 4a2319b7bd9522590e449f4ea7701503b2aa44dd

solver: use correct context for getting cache managers lazily Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

view details

push time in 16 days

issue closedmoby/buildkit

[proposal] Add ability to explicitly avoid caching a layer in the Dockerfile

It would be great to have the ability to tell Docker not to cache a particular line in the Dockerfile - this would of course have the effect of everything downstream of that layer also never being cached.

I don't know if this could be a --mount-type or something:

RUN --mount=type=no-cache git clone https://github.com/my/repo /srv

People hack this currently with things like --build-arg TIMESTAMP=$(date +%s) which they then use in the build somewhere, or by using ADD to add an evergreen resource, e.g.:

ADD https://httpbin.org/uuid /dev/null

Maybe --no-cache-filter would entirely solve every use-case for this and is a neater way to do it? I'm not quite sure. Either would help me out a lot.

closed time in 16 days

nottrobin

issue commentmoby/buildkit

[proposal] Add ability to explicitly avoid caching a layer in the Dockerfile

closing in favor of #1213

nottrobin

comment created time in 16 days

issue commentmoby/buildkit

docker rmi doesn't remove unused layers with buildkit

Yes, this is expected. Layers that are referenced both by images and build cache keep their reference count separately. This means that if you are building images for development you can remove them after you have pushed or updated them without a need to keep old images around to get build-cache from them. Build cache pruning is configurable with a storage limit so that cache with the highest probability of matching gets deleted last and can be automatic if you enable gc.

it will just untag the image and leave the layers

it will not untag but remove the image (untagging happens by regular docker rules of untagging image with multiple tags). The layer data for some of the layers might not be released with the image if it is referenced in other places (like by build cache or a container)

daveisfera

comment created time in 16 days

Pull request review commentundefinedlabs/buildkit

[WIP] Containers exposed as RunOptions

 message ExecOp { 	repeated Mount mounts = 2; 	NetMode network = 3; 	SecurityMode security = 4;+	repeated Op dependencies = 5;

This should be repeated ExecOp dependencies + some extra fields for the port connections in the future. Inputs are shared with the main inputs array. We probably would like to extend Input definition with bool remoteAllowed (or enum) to signify inputs that can remain in separate nodes but probably bit early for that atm. In the end, there should also be a way to mark helper processes that can be shared by multiple vertexes. That should change the proto definition much though, just need more fields to mark unique processes and shutdown routine.

drodriguezhdez

comment created time in 17 days

pull request commentmoby/buildkit

solver: evaluate solve results lazily

Green now

tonistiigi

comment created time in 17 days

push eventtonistiigi/buildkit

Tonis Tiigi

commit sha 8cfe2de889878da154fca9210dd89b8c34bb0252

solver: evaluate solve results lazily Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

view details

Tonis Tiigi

commit sha 5521afe87393ab63948cfc0497a2087b8cbeec01

solver: use correct context for getting cache managers lazily Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

view details

push time in 17 days

pull request commentmoby/buildkit

solver: evaluate solve results lazily

Interesting approach, I think this is cleaner than the nested frontends. And I believe this will supersede PR #1290 I think we'd still want to have frontend inputs, but that can be split off into another PR.

There might be still some point doing full #1290 . The differences are mostly around caching as BuildOp can be cached as a whole (with a limitation that you don't see the inner LLB commands in output if it is cached). But yes, would be good to split inputs as that seems much more important now.

One difference I can think of is that in #1290, you can pass an arbitrary llb.State to execute as the frontend (which could be something other than an image, or a llb.State generating a frontend), whereas in this PR you have to provide a OCI reference.

Correct. Maybe it makes sense to add a second field in Solve() api where you could send the definition for building the frontend in addition to the build opts. I guess we could even use the current Definition key when frontend is set instead of erroring in https://github.com/moby/buildkit/blob/master/solver/llbsolver/bridge.go#L88 . There is already a "devel" mode https://github.com/moby/buildkit/blob/master/frontend/gateway/gateway.go#L81 that is similar but seems too specific as well for general usage.

Need to figure out why this breaks the remote-cache test.

tonistiigi

comment created time in 17 days

PR opened moby/buildkit

solver: evaluate solve results lazily

With https://github.com/moby/buildkit/pull/1286 previous solve results can be used as inputs for the new requests. One of the issues with the current implementation is that the main build is blocked and cannot start while the nested Solve request happens. This could be inefficient for parallelization and caching. Eg. buildkit supports caching even if you don't have the layer data for your whole cache chain(this is how inline remote cache works even with multi-stage builds), but the nested solve does not know that it may be just used for getting a future cache hit and needs to return local layers.

This PR changes the behavior of Solve() method for frontends. They now return results without actually starting the build. Results are evaluated only if the result ends up as the return value of the build or if files are accessed from it. This is quite a big behavior change(eg. the Dockerfile frontend now returns after it has computed the image config while previously it kept running for the full duration of the build) but I think all the existing frontends should still work as expected.

@hinshun

Signed-off-by: Tonis Tiigi tonistiigi@gmail.com

+195 -86

0 comment

8 changed files

pr created time in 18 days

create barnchtonistiigi/buildkit

branch : lazy-results

created branch time in 18 days

PR opened moby/buildkit

ops: fix deadlock on releasing shared mounts

fix #1322 regression from https://github.com/moby/buildkit/commit/7b1bae7a42f412262e43da80f9dd9cf86c06fae2#diff-0d2115e5c32fba316a7eaa987331881cR228

#1092 added another global lock to protect writes to the global map of shared cache mounts. Because the lock is taken too early if conflicts with the locking order of the release method. In case the first shared cache mount is released at the same time another mount is taken with the same key locks are held in the opposite order leading to a deadlock. This PR fixes the ordering issue and makes sure the global lock is not taken before it is needed, improving the efficiency of the mounts with locking sharing mode.

Refactored code to allow unit tests. Tests added for the deadlock case and for all of the sharing methods.

@cpuguy83

+431 -18

0 comment

2 changed files

pr created time in 19 days

create barnchtonistiigi/buildkit

branch : mounts-deadlock

created branch time in 19 days

issue commentmoby/moby

Dockerfile COPY from image resolves symbolic links

Unfortunately, this is how COPY has always worked in Dockerfiles, so we can't change that and break existing Dockerfiles. Having different behavior depending on --from flag value would be very messy as well. Buildkit does support configuring whether symlinks are followed in the FileOp level as well as RUN --mount where you can use a custom copy implementation with the exact behavior that you prefer. https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/experimental.md#run---mounttypebind-the-default-mount-type

dholm

comment created time in 19 days

issue closedmoby/buildkit

Output `type=docker` creates config and layers without file extensions

$ workdir=$(mktemp -d)
$ pushd $workdir
$ echo 'FROM alpine' > Dockerfile
$ buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --output type=docker,dest=docker.tar
$ tar -tf docker.tar
blobs/
blobs/sha256/
blobs/sha256/1ddf45969e0ae707ac555cb3b6218d7bc60c83af9e331808f5b3afd8db7bfbc5
blobs/sha256/a2843b06fc6d450ff1c838a658385cb2eb7ab9e53de4439e015ee97ff9dd4b1c
blobs/sha256/c9b1b535fdd91a9855fb7f82348177e5f019329a58c53c47272962dd60f71fc9
index.json
manifest.json
oci-layout
$ popd
$ rm -rf $workdir

I'm not an expert in this area (or Go) but it looks like docker load handles this fine because the daemon never looks at the file extensions in the manifest, instead it detects the layer content and acts appropriately.

Other tools rely on the filename extensions to determine what kind of file each layer is, so when they get this tarball those tools break.

Technically speaking the dockerd approach seems more correct, but it still seems like a bit of a footgun to not give the files the appropriate extension because not everyone does the most correct thing.

Also, I realize some backend (containerd?) is actually creating the tarball, but I ran into it with buildkit so I figured I'd file it here and let smarter people triage.

closed time in 20 days

tvon

issue commentmoby/buildkit

Output `type=docker` creates config and layers without file extensions

The tarball exported by buildkit is based on Docker Image Specification v1.1.0 https://github.com/moby/moby/blob/master/image/spec/v1.1.md (as well as OCI) introduced in 2015 . The spec used before Docker v1.9 was 1.0 that used fixed file layout while 1.1 uses a manifest.json file for locating the files in a tarball. Containerd exporter that buildkit uses has dropped compatibility with 1.0 spec and Docker versions older than v1.9 in favor to support OCI importers instead. If your tooling still only support 1.0 spec it should be updated to 1.1

tvon

comment created time in 20 days

IssuesEvent

issue commentmoby/buildkit

gateway: change result type to array of refs

Reopening as this was only implemented in the protobuf wire definition.

tonistiigi

comment created time in 20 days

issue closedtonistiigi/gvisor

Rewrite import paths?

It would be really cool if packages in this repo were go get-able. Maybe rewrite the import path to github.com/tonistiigi/gvisor?

closed time in 22 days

iangudger

issue commenttonistiigi/gvisor

Rewrite import paths?

archiving repo

iangudger

comment created time in 22 days

PR opened tonistiigi/vzor

switch gvisor to upstream repo
+138 -81

0 comment

7 changed files

pr created time in 22 days

create barnchtonistiigi/vzor

branch : update-gvisor

created branch time in 22 days

push eventtonistiigi/docker

Tonis Tiigi

commit sha 432e375bb5e18537a976a89b141a8288d6f56c0e

vendor: update buildkit to 57e8ad5 Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

view details

push time in 23 days

push eventmoby/buildkit

Tonis Tiigi

commit sha 40ed2393205f6a1b5592bbfae03bd94d60b30adf

file: fix compilation on windows Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

view details

Tõnis Tiigi

commit sha 57e8ad52170d713233569f6d467e609d2b0f90c9

Merge pull request #1353 from tonistiigi/1903-windows-build [v0.6] file: fix compilation on windows

view details

push time in 23 days

PR merged moby/buildkit

[v0.6] file: fix compilation on windows

https://github.com/moby/moby/pull/40440#issuecomment-580568387

+10 -2

0 comment

3 changed files

tonistiigi

pr closed time in 23 days

PR opened moby/buildkit

file: fix compilation on windows

https://github.com/moby/moby/pull/40440#issuecomment-580568387

+10 -2

0 comment

3 changed files

pr created time in 23 days

create barnchtonistiigi/buildkit

branch : 1903-windows-build

created branch time in 23 days

PR opened moby/buildkit

file: fix compilation on windows

Signed-off-by: Tonis Tiigi tonistiigi@gmail.com

+13 -1

0 comment

3 changed files

pr created time in 23 days

more