Merge pull request #2745 from crazy-max/detect-sudo

config: fix file/folder ownership

build/build.go

@@ -151,11 +151,11 @@ func toRepoOnly(in string) (string, error) {
 	return strings.Join(out, ","), nil
 }
 
-func Build(ctx context.Context, nodes []builder.Node, opts map[string]Options, docker *dockerutil.Client, configDir string, w progress.Writer) (resp map[string]*client.SolveResponse, err error) {
-	return BuildWithResultHandler(ctx, nodes, opts, docker, configDir, w, nil)
+func Build(ctx context.Context, nodes []builder.Node, opts map[string]Options, docker *dockerutil.Client, cfg *confutil.Config, w progress.Writer) (resp map[string]*client.SolveResponse, err error) {
+	return BuildWithResultHandler(ctx, nodes, opts, docker, cfg, w, nil)
 }
 
-func BuildWithResultHandler(ctx context.Context, nodes []builder.Node, opts map[string]Options, docker *dockerutil.Client, configDir string, w progress.Writer, resultHandleFunc func(driverIndex int, rCtx *ResultHandle)) (resp map[string]*client.SolveResponse, err error) {
+func BuildWithResultHandler(ctx context.Context, nodes []builder.Node, opts map[string]Options, docker *dockerutil.Client, cfg *confutil.Config, w progress.Writer, resultHandleFunc func(driverIndex int, rCtx *ResultHandle)) (resp map[string]*client.SolveResponse, err error) {
 	if len(nodes) == 0 {
 		return nil, errors.Errorf("driver required for build")
 	}
@@ -234,12 +234,12 @@ func BuildWithResultHandler(ctx context.Context, nodes []builder.Node, opts map[
 				return nil, err
 			}
 			localOpt := opt
-			so, release, err := toSolveOpt(ctx, np.Node(), multiDriver, &localOpt, gatewayOpts, configDir, w, docker)
+			so, release, err := toSolveOpt(ctx, np.Node(), multiDriver, &localOpt, gatewayOpts, cfg, w, docker)
 			opts[k] = localOpt
 			if err != nil {
 				return nil, err
 			}
-			if err := saveLocalState(so, k, opt, np.Node(), configDir); err != nil {
+			if err := saveLocalState(so, k, opt, np.Node(), cfg); err != nil {
 				return nil, err
 			}
 			addGitAttrs(so)

build/localstate.go

@@ -5,10 +5,11 @@ import (
 
 	"github.com/docker/buildx/builder"
 	"github.com/docker/buildx/localstate"
+	"github.com/docker/buildx/util/confutil"
 	"github.com/moby/buildkit/client"
 )
 
-func saveLocalState(so *client.SolveOpt, target string, opts Options, node builder.Node, configDir string) error {
+func saveLocalState(so *client.SolveOpt, target string, opts Options, node builder.Node, cfg *confutil.Config) error {
 	var err error
 	if so.Ref == "" {
 		return nil
@@ -30,7 +31,7 @@ func saveLocalState(so *client.SolveOpt, target string, opts Options, node build
 	if lp == "" && dp == "" {
 		return nil
 	}
-	l, err := localstate.New(configDir)
+	l, err := localstate.New(cfg)
 	if err != nil {
 		return err
 	}

build/opt.go

@@ -35,7 +35,7 @@ import (
 	"github.com/tonistiigi/fsutil"
 )
 
-func toSolveOpt(ctx context.Context, node builder.Node, multiDriver bool, opt *Options, bopts gateway.BuildOpts, configDir string, pw progress.Writer, docker *dockerutil.Client) (_ *client.SolveOpt, release func(), err error) {
+func toSolveOpt(ctx context.Context, node builder.Node, multiDriver bool, opt *Options, bopts gateway.BuildOpts, cfg *confutil.Config, pw progress.Writer, docker *dockerutil.Client) (_ *client.SolveOpt, release func(), err error) {
 	nodeDriver := node.Driver
 	defers := make([]func(), 0, 2)
 	releaseF := func() {
@@ -271,7 +271,7 @@ func toSolveOpt(ctx context.Context, node builder.Node, multiDriver bool, opt *O
 
 	// add node identifier to shared key if one was specified
 	if so.SharedKey != "" {
-		so.SharedKey += ":" + confutil.TryNodeIdentifier(configDir)
+		so.SharedKey += ":" + cfg.TryNodeIdentifier()
 	}
 
 	if opt.Pull {

builder/builder.go

@@ -439,7 +439,7 @@ func Create(ctx context.Context, txn *store.Txn, dockerCli command.Cli, opts Cre
 	if buildkitdConfigFile == "" {
 		// if buildkit daemon config is not provided, check if the default one
 		// is available and use it
-		if f, ok := confutil.DefaultConfigFile(dockerCli); ok {
+		if f, ok := confutil.NewConfig(dockerCli).BuildKitConfigFile(); ok {
 			buildkitdConfigFile = f
 		}
 	}
@@ -584,7 +584,7 @@ func Leave(ctx context.Context, txn *store.Txn, dockerCli command.Cli, opts Leav
 		return err
 	}
 
-	ls, err := localstate.New(confutil.ConfigDir(dockerCli))
+	ls, err := localstate.New(confutil.NewConfig(dockerCli))
 	if err != nil {
 		return err
 	}

commands/bake.go

@@ -265,7 +265,7 @@ func runBake(ctx context.Context, dockerCli command.Cli, targets []string, in ba
 	}
 
 	done := timeBuildCommand(mp, attributes)
-	resp, retErr := build.Build(ctx, nodes, bo, dockerutil.NewClient(dockerCli), confutil.ConfigDir(dockerCli), printer)
+	resp, retErr := build.Build(ctx, nodes, bo, dockerutil.NewClient(dockerCli), confutil.NewConfig(dockerCli), printer)
 	if err := printer.Wait(); retErr == nil {
 		retErr = err
 	}
@@ -470,7 +470,7 @@ func saveLocalStateGroup(dockerCli command.Cli, in bakeOptions, targets []string
 		refs = append(refs, b.Ref)
 		bo[k] = b
 	}
-	l, err := localstate.New(confutil.ConfigDir(dockerCli))
+	l, err := localstate.New(confutil.NewConfig(dockerCli))
 	if err != nil {
 		return err
 	}
@@ -621,7 +621,7 @@ func bakeMetricAttributes(dockerCli command.Cli, driverType, url, cmdContext str
 		commandNameAttribute.String("bake"),
 		attribute.Stringer(string(commandOptionsHash), &bakeOptionsHash{
 			bakeOptions: options,
-			configDir:   confutil.ConfigDir(dockerCli),
+			cfg:         confutil.NewConfig(dockerCli),
 			url:         url,
 			cmdContext:  cmdContext,
 			targets:     targets,
@@ -633,7 +633,7 @@ func bakeMetricAttributes(dockerCli command.Cli, driverType, url, cmdContext str
 
 type bakeOptionsHash struct {
 	*bakeOptions
-	configDir  string
+	cfg        *confutil.Config
 	url        string
 	cmdContext string
 	targets    []string
@@ -657,7 +657,7 @@ func (o *bakeOptionsHash) String() string {
 
 		joinedFiles := strings.Join(files, ",")
 		joinedTargets := strings.Join(targets, ",")
-		salt := confutil.TryNodeIdentifier(o.configDir)
+		salt := o.cfg.TryNodeIdentifier()
 
 		h := sha256.New()
 		for _, s := range []string{url, cmdContext, joinedFiles, joinedTargets, salt} {

commands/build.go

@@ -238,7 +238,7 @@ func buildMetricAttributes(dockerCli command.Cli, driverType string, options *bu
 		commandNameAttribute.String("build"),
 		attribute.Stringer(string(commandOptionsHash), &buildOptionsHash{
 			buildOptions: options,
-			configDir:    confutil.ConfigDir(dockerCli),
+			cfg:          confutil.NewConfig(dockerCli),
 		}),
 		driverNameAttribute.String(options.builder),
 		driverTypeAttribute.String(driverType),
@@ -250,7 +250,7 @@ func buildMetricAttributes(dockerCli command.Cli, driverType string, options *bu
 // the fmt.Stringer interface.
 type buildOptionsHash struct {
 	*buildOptions
-	configDir  string
+	cfg        *confutil.Config
 	result     string
 	resultOnce sync.Once
 }
@@ -267,7 +267,7 @@ func (o *buildOptionsHash) String() string {
 		if contextPath != "-" && osutil.IsLocalDir(contextPath) {
 			contextPath = osutil.ToAbs(contextPath)
 		}
-		salt := confutil.TryNodeIdentifier(o.configDir)
+		salt := o.cfg.TryNodeIdentifier()
 
 		h := sha256.New()
 		for _, s := range []string{target, contextPath, dockerfile, salt} {

controller/build/build.go

@@ -214,15 +214,15 @@ func buildTargets(ctx context.Context, dockerCli command.Cli, nodes []builder.No
 	if generateResult {
 		var mu sync.Mutex
 		var idx int
-		resp, err = build.BuildWithResultHandler(ctx, nodes, opts, dockerutil.NewClient(dockerCli), confutil.ConfigDir(dockerCli), progress, func(driverIndex int, gotRes *build.ResultHandle) {
+		resp, err = build.BuildWithResultHandler(ctx, nodes, opts, dockerutil.NewClient(dockerCli), confutil.NewConfig(dockerCli), progress, func(driverIndex int, gotRes *build.ResultHandle) {
 			mu.Lock()
 			defer mu.Unlock()
 			if res == nil || driverIndex < idx {
 				idx, res = driverIndex, gotRes
 			}
 		})
 	} else {
-		resp, err = build.Build(ctx, nodes, opts, dockerutil.NewClient(dockerCli), confutil.ConfigDir(dockerCli), progress)
+		resp, err = build.Build(ctx, nodes, opts, dockerutil.NewClient(dockerCli), confutil.NewConfig(dockerCli), progress)
 	}
 	if err != nil {
 		return nil, res, err

controller/remote/controller.go

@@ -258,7 +258,7 @@ func prepareRootDir(dockerCli command.Cli, config *serverConfig) (string, error)
 }
 
 func rootDataDir(dockerCli command.Cli) string {
-	return filepath.Join(confutil.ConfigDir(dockerCli), "controller")
+	return filepath.Join(confutil.NewConfig(dockerCli).Dir(), "controller")
 }
 
 func newBuildxClientAndCheck(ctx context.Context, addr string) (*Client, error) {

go.mod

@@ -147,6 +147,7 @@ require (
 	github.com/secure-systems-lab/go-securesystemslib v0.4.0 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/theupdateframework/notary v0.7.0 // indirect
+	github.com/tonistiigi/dchapes-mode v0.0.0-20241001053921-ca0759fec205 // indirect
 	github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect
 	github.com/tonistiigi/vt100 v0.0.0-20240514184818-90bafcd6abab // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect

go.sum

@@ -439,6 +439,8 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/theupdateframework/notary v0.7.0 h1:QyagRZ7wlSpjT5N2qQAh/pN+DVqgekv4DzbAiAiEL3c=
 github.com/theupdateframework/notary v0.7.0/go.mod h1:c9DRxcmhHmVLDay4/2fUYdISnHqbFDGRSlXPO0AhYWw=
+github.com/tonistiigi/dchapes-mode v0.0.0-20241001053921-ca0759fec205 h1:eUk79E1w8yMtXeHSzjKorxuC8qJOnyXQnLaJehxpJaI=
+github.com/tonistiigi/dchapes-mode v0.0.0-20241001053921-ca0759fec205/go.mod h1:3Iuxbr0P7D3zUzBMAZB+ois3h/et0shEz0qApgHYGpY=
 github.com/tonistiigi/fsutil v0.0.0-20241003195857-3f140a1299b0 h1:H9++AiQUqjwrOMA/DOpWhxWp3JLyyT+MN4sRPbMmwoY=
 github.com/tonistiigi/fsutil v0.0.0-20241003195857-3f140a1299b0/go.mod h1:Dl/9oEjK7IqnjAm21Okx/XIxUCFJzvh+XdVHUlBwXTw=
 github.com/tonistiigi/go-csvvalue v0.0.0-20240710180619-ddb21b71c0b4 h1:7I5c2Ig/5FgqkYOh/N87NzoyI9U15qUPXhDD8uCupv8=

localstate/localstate.go

@@ -8,7 +8,7 @@ import (
 	"path/filepath"
 	"sync"
 
-	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/buildx/util/confutil"
 	"github.com/pkg/errors"
 	"golang.org/x/sync/errgroup"
 )
@@ -42,26 +42,26 @@ type StateGroup struct {
 }
 
 type LocalState struct {
-	root string
+	cfg *confutil.Config
 }
 
-func New(root string) (*LocalState, error) {
-	if root == "" {
-		return nil, errors.Errorf("root dir empty")
+func New(cfg *confutil.Config) (*LocalState, error) {
+	if cfg.Dir() == "" {
+		return nil, errors.Errorf("config dir empty")
 	}
-	if err := os.MkdirAll(filepath.Join(root, refsDir), 0700); err != nil {
+	if err := cfg.MkdirAll(refsDir, 0700); err != nil {
 		return nil, err
 	}
 	return &LocalState{
-		root: root,
+		cfg: cfg,
 	}, nil
 }
 
 func (ls *LocalState) ReadRef(builderName, nodeName, id string) (*State, error) {
 	if err := ls.validate(builderName, nodeName, id); err != nil {
 		return nil, err
 	}
-	dt, err := os.ReadFile(filepath.Join(ls.root, refsDir, builderName, nodeName, id))
+	dt, err := os.ReadFile(filepath.Join(ls.cfg.Dir(), refsDir, builderName, nodeName, id))
 	if err != nil {
 		return nil, err
 	}
@@ -76,19 +76,19 @@ func (ls *LocalState) SaveRef(builderName, nodeName, id string, st State) error
 	if err := ls.validate(builderName, nodeName, id); err != nil {
 		return err
 	}
-	refDir := filepath.Join(ls.root, refsDir, builderName, nodeName)
-	if err := os.MkdirAll(refDir, 0700); err != nil {
+	refDir := filepath.Join(refsDir, builderName, nodeName)
+	if err := ls.cfg.MkdirAll(refDir, 0700); err != nil {
 		return err
 	}
 	dt, err := json.Marshal(st)
 	if err != nil {
 		return err
 	}
-	return ioutils.AtomicWriteFile(filepath.Join(refDir, id), dt, 0600)
+	return ls.cfg.AtomicWriteFile(filepath.Join(refDir, id), dt, 0644)
 }
 
 func (ls *LocalState) ReadGroup(id string) (*StateGroup, error) {
-	dt, err := os.ReadFile(filepath.Join(ls.root, refsDir, groupDir, id))
+	dt, err := os.ReadFile(filepath.Join(ls.cfg.Dir(), refsDir, groupDir, id))
 	if err != nil {
 		return nil, err
 	}
@@ -100,23 +100,23 @@ func (ls *LocalState) ReadGroup(id string) (*StateGroup, error) {
 }
 
 func (ls *LocalState) SaveGroup(id string, stg StateGroup) error {
-	refDir := filepath.Join(ls.root, refsDir, groupDir)
-	if err := os.MkdirAll(refDir, 0700); err != nil {
+	refDir := filepath.Join(refsDir, groupDir)
+	if err := ls.cfg.MkdirAll(refDir, 0700); err != nil {
 		return err
 	}
 	dt, err := json.Marshal(stg)
 	if err != nil {
 		return err
 	}
-	return ioutils.AtomicWriteFile(filepath.Join(refDir, id), dt, 0600)
+	return ls.cfg.AtomicWriteFile(filepath.Join(refDir, id), dt, 0600)
 }
 
 func (ls *LocalState) RemoveBuilder(builderName string) error {
 	if builderName == "" {
 		return errors.Errorf("builder name empty")
 	}
 
-	dir := filepath.Join(ls.root, refsDir, builderName)
+	dir := filepath.Join(ls.cfg.Dir(), refsDir, builderName)
 	if _, err := os.Lstat(dir); err != nil {
 		if !os.IsNotExist(err) {
 			return err
@@ -147,7 +147,7 @@ func (ls *LocalState) RemoveBuilderNode(builderName string, nodeName string) err
 		return errors.Errorf("node name empty")
 	}
 
-	dir := filepath.Join(ls.root, refsDir, builderName, nodeName)
+	dir := filepath.Join(ls.cfg.Dir(), refsDir, builderName, nodeName)
 	if _, err := os.Lstat(dir); err != nil {
 		if !os.IsNotExist(err) {
 			return err
@@ -208,7 +208,7 @@ func (ls *LocalState) removeGroup(id string) error {
 	if id == "" {
 		return errors.Errorf("group ref empty")
 	}
-	f := filepath.Join(ls.root, refsDir, groupDir, id)
+	f := filepath.Join(ls.cfg.Dir(), refsDir, groupDir, id)
 	if _, err := os.Lstat(f); err != nil {
 		if !os.IsNotExist(err) {
 			return err

localstate/localstate_test.go

@@ -4,6 +4,7 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/docker/buildx/util/confutil"
 	"github.com/stretchr/testify/require"
 )
 
@@ -39,10 +40,10 @@ func newls(t *testing.T) *LocalState {
 	t.Helper()
 	tmpdir := t.TempDir()
 
-	l, err := New(tmpdir)
+	l, err := New(confutil.NewConfig(nil, confutil.WithDir(tmpdir)))
 	require.NoError(t, err)
 	require.DirExists(t, filepath.Join(tmpdir, refsDir))
-	require.Equal(t, tmpdir, l.root)
+	require.Equal(t, tmpdir, l.cfg.Dir())
 
 	require.NoError(t, l.SaveRef(testBuilderName, testNodeName, testStateRefID, testStateRef))