diff --git a/vendor.mod b/vendor.mod index ba66ca777d8cf..5f40d72303c38 100644 --- a/vendor.mod +++ b/vendor.mod @@ -62,7 +62,7 @@ require ( github.com/miekg/dns v1.1.43 github.com/mistifyio/go-zfs/v3 v3.0.1 github.com/mitchellh/copystructure v1.2.0 - github.com/moby/buildkit v0.12.3-0.20231013201444-6560bb937e8c // v0.12 branch + github.com/moby/buildkit v0.12.3 github.com/moby/ipvs v1.1.0 github.com/moby/locker v1.0.1 github.com/moby/patternmatcher v0.6.0 diff --git a/vendor.sum b/vendor.sum index dd7cd542f6682..b32e918dfe894 100644 --- a/vendor.sum +++ b/vendor.sum @@ -909,8 +909,8 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mndrix/tap-go v0.0.0-20171203230836-629fa407e90b/go.mod h1:pzzDgJWZ34fGzaAZGFW22KVZDfyrYW+QABMrWnJBnSs= github.com/moby/buildkit v0.8.1/go.mod h1:/kyU1hKy/aYCuP39GZA9MaKioovHku57N6cqlKZIaiQ= -github.com/moby/buildkit v0.12.3-0.20231013201444-6560bb937e8c h1:aKDG7r9VXH2jCwvywUpLPurST4ZhjFVfJ3l8HNhCyrw= -github.com/moby/buildkit v0.12.3-0.20231013201444-6560bb937e8c/go.mod h1:adB4y0SxxX8trnrY+oEulb48ODLqPO6pKMF0ppGcCoI= +github.com/moby/buildkit v0.12.3 h1:cFaPVnyC0PwAP5xHHfzdU5v9rgQrCi6HnGSg3WuFKp4= +github.com/moby/buildkit v0.12.3/go.mod h1:adB4y0SxxX8trnrY+oEulb48ODLqPO6pKMF0ppGcCoI= github.com/moby/ipvs v1.1.0 h1:ONN4pGaZQgAx+1Scz5RvWV4Q7Gb+mvfRh3NsPS+1XQQ= github.com/moby/ipvs v1.1.0/go.mod h1:4VJMWuf098bsUMmZEiD4Tjk/O7mOn3l1PTD3s4OoYAs= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= diff --git a/vendor/github.com/moby/buildkit/util/resolver/resolver.go b/vendor/github.com/moby/buildkit/util/resolver/resolver.go index a0276ddb775ee..a3327214632de 100644 --- a/vendor/github.com/moby/buildkit/util/resolver/resolver.go +++ b/vendor/github.com/moby/buildkit/util/resolver/resolver.go @@ -22,9 +22,7 @@ const ( defaultPath = "/v2" ) -func fillInsecureOpts(host string, c config.RegistryConfig, h docker.RegistryHost) ([]docker.RegistryHost, error) { - var hosts []docker.RegistryHost - +func fillInsecureOpts(host string, c config.RegistryConfig, h docker.RegistryHost) (*docker.RegistryHost, error) { tc, err := loadTLSConfig(c) if err != nil { return nil, err @@ -40,33 +38,31 @@ func fillInsecureOpts(host string, c config.RegistryConfig, h docker.RegistryHos } } - if isHTTP { - h2 := h - h2.Scheme = "http" - hosts = append(hosts, h2) - } + httpsTransport := newDefaultTransport() + httpsTransport.TLSClientConfig = tc + if c.Insecure != nil && *c.Insecure { h2 := h - transport := newDefaultTransport() - transport.TLSClientConfig = tc + + var transport http.RoundTripper = httpsTransport + if isHTTP { + transport = &httpFallback{super: transport} + } h2.Client = &http.Client{ Transport: tracing.NewTransport(transport), } tc.InsecureSkipVerify = true - hosts = append(hosts, h2) + return &h2, nil + } else if isHTTP { + h2 := h + h2.Scheme = "http" + return &h2, nil } - if len(hosts) == 0 { - transport := newDefaultTransport() - transport.TLSClientConfig = tc - - h.Client = &http.Client{ - Transport: tracing.NewTransport(transport), - } - hosts = append(hosts, h) + h.Client = &http.Client{ + Transport: tracing.NewTransport(httpsTransport), } - - return hosts, nil + return &h, nil } func loadTLSConfig(c config.RegistryConfig) (*tls.Config, error) { @@ -133,12 +129,12 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts for _, rawMirror := range c.Mirrors { h := newMirrorRegistryHost(rawMirror) mirrorHost := h.Host - hosts, err := fillInsecureOpts(mirrorHost, m[mirrorHost], h) + host, err := fillInsecureOpts(mirrorHost, m[mirrorHost], h) if err != nil { return nil, err } - out = append(out, hosts...) + out = append(out, *host) } if host == "docker.io" { @@ -158,7 +154,8 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts return nil, err } - out = append(out, hosts...) + out = append(out, *hosts) + return out, nil }, docker.ConfigureDefaultRegistries( @@ -210,3 +207,29 @@ func newDefaultTransport() *http.Transport { TLSNextProto: make(map[string]func(authority string, c *tls.Conn) http.RoundTripper), } } + +type httpFallback struct { + super http.RoundTripper + fallback bool +} + +func (f *httpFallback) RoundTrip(r *http.Request) (*http.Response, error) { + if !f.fallback { + resp, err := f.super.RoundTrip(r) + var tlsErr tls.RecordHeaderError + if errors.As(err, &tlsErr) && string(tlsErr.RecordHeader[:]) == "HTTP/" { + // Server gave HTTP response to HTTPS client + f.fallback = true + } else { + return resp, err + } + } + + plainHTTPUrl := *r.URL + plainHTTPUrl.Scheme = "http" + + plainHTTPRequest := *r + plainHTTPRequest.URL = &plainHTTPUrl + + return f.super.RoundTrip(&plainHTTPRequest) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 651c5f85efafc..1dcd827a54692 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -667,7 +667,7 @@ github.com/mitchellh/hashstructure/v2 # github.com/mitchellh/reflectwalk v1.0.2 ## explicit github.com/mitchellh/reflectwalk -# github.com/moby/buildkit v0.12.3-0.20231013201444-6560bb937e8c +# github.com/moby/buildkit v0.12.3 ## explicit; go 1.20 github.com/moby/buildkit/api/services/control github.com/moby/buildkit/api/types