Merge pull request docker#1419 from AkihiroSuda/dfssh

build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`)
thaJeztah · Oct 9, 2018 · ab50c2f · ab50c2f
2 parents 58f5c56 + db7399a
commit ab50c2f
Show file tree

Hide file tree

Showing 87 changed files with 19,279 additions and 381 deletions.
diff --git a/cli/command/image/build.go b/cli/command/image/build.go
@@ -73,6 +73,7 @@ type buildOptions struct {
 	platform       string
 	untrusted      bool
 	secrets        []string
+	ssh            []string
 }
 
 // dockerfileFromStdin returns true when the user specified that the Dockerfile
@@ -158,6 +159,9 @@ func NewBuildCommand(dockerCli command.Cli) *cobra.Command {
 
 	flags.StringArrayVar(&options.secrets, "secret", []string{}, "Secret file to expose to the build (only if BuildKit enabled): id=mysecret,src=/local/secret")
 	flags.SetAnnotation("secret", "version", []string{"1.39"})
+
+	flags.StringArrayVar(&options.ssh, "ssh", []string{}, "SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|<id>[=<socket>|<key>[,<key>]])")
+	flags.SetAnnotation("ssh", "version", []string{"1.39"})
 	return cmd
 }
 

diff --git a/cli/command/image/build_buildkit.go b/cli/command/image/build_buildkit.go
@@ -27,10 +27,11 @@ import (
 	"github.com/moby/buildkit/session/auth/authprovider"
 	"github.com/moby/buildkit/session/filesync"
 	"github.com/moby/buildkit/session/secrets/secretsprovider"
+	"github.com/moby/buildkit/session/sshforward/sshprovider"
 	"github.com/moby/buildkit/util/appcontext"
 	"github.com/moby/buildkit/util/progress/progressui"
 	"github.com/pkg/errors"
-	"github.com/tonistiigi/fsutil"
+	fsutiltypes "github.com/tonistiigi/fsutil/types"
 	"golang.org/x/sync/errgroup"
 )
 
@@ -138,6 +139,13 @@ func runBuildBuildKit(dockerCli command.Cli, options buildOptions) error {
 		}
 		s.Allow(sp)
 	}
+	if len(options.ssh) > 0 {
+		sshp, err := parseSSHSpecs(options.ssh)
+		if err != nil {
+			return errors.Wrapf(err, "could not parse ssh: %v", options.ssh)
+		}
+		s.Allow(sshp)
+	}
 
 	eg, ctx := errgroup.WithContext(ctx)
 
@@ -291,7 +299,7 @@ func doBuild(ctx context.Context, eg *errgroup.Group, dockerCli command.Cli, opt
 	return err
 }
 
-func resetUIDAndGID(s *fsutil.Stat) bool {
+func resetUIDAndGID(s *fsutiltypes.Stat) bool {
 	s.Uid = 0
 	s.Gid = 0
 	return true
@@ -408,3 +416,26 @@ func parseSecret(value string) (*secretsprovider.FileSource, error) {
 	}
 	return &fs, nil
 }
+
+func parseSSHSpecs(sl []string) (session.Attachable, error) {
+	configs := make([]sshprovider.AgentConfig, 0, len(sl))
+	for _, v := range sl {
+		c, err := parseSSH(v)
+		if err != nil {
+			return nil, err
+		}
+		configs = append(configs, *c)
+	}
+	return sshprovider.NewSSHAgentProvider(configs)
+}
+
+func parseSSH(value string) (*sshprovider.AgentConfig, error) {
+	parts := strings.SplitN(value, "=", 2)
+	cfg := sshprovider.AgentConfig{
+		ID: parts[0],
+	}
+	if len(parts) > 1 {
+		cfg.Paths = strings.Split(parts[1], ",")
+	}
+	return &cfg, nil
+}
diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md
@@ -59,6 +59,7 @@ Options:
                                 Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes),
                                 or `g` (gigabytes). If you omit the unit, the system uses bytes.
       --squash                  Squash newly built layers into a single new layer (**Experimental Only**)
+      --ssh                     SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|<id>[=<socket>|<key>[,<key>]])
   -t, --tag value               Name and optionally a tag in the 'name:tag' format (default [])
       --target string           Set the target build stage to build.
       --ulimit value            Ulimit options (default [])

diff --git a/vendor.conf b/vendor.conf
@@ -51,7 +51,7 @@ github.com/Microsoft/hcsshim v0.7.3
 github.com/Microsoft/go-winio v0.4.10
 github.com/miekg/pkcs11 287d9350987cc9334667882061e202e96cdfb4d0
 github.com/mitchellh/mapstructure f15292f7a699fcc1a38a80977f80a046874ba8ac
-github.com/moby/buildkit 39404586a50d1b9d0fb1c578cf0f4de7bdb7afe5
+github.com/moby/buildkit 520201006c9dc676da9cf9655337ac711f7f127d
 github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3
 github.com/modern-go/reflect2 4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd # 1.0.1
 github.com/morikuni/aec 39771216ff4c63d11f5e604076f9c45e8be1067b
@@ -76,7 +76,7 @@ github.com/spf13/cobra v0.0.3
 github.com/spf13/pflag 4cb166e4f25ac4e8016a3595bbf7ea2e9aa85a2c https://github.com/thaJeztah/pflag.git
 github.com/syndtr/gocapability 2c00daeb6c3b45114c80ac44119e7b8801fdd852
 github.com/theupdateframework/notary v0.6.1
-github.com/tonistiigi/fsutil 7e391b0e788f9b925f22bd3cf88e0210d1643673
+github.com/tonistiigi/fsutil f567071bed2416e4d87d260d3162722651182317
 github.com/tonistiigi/units 6950e57a87eaf136bbe44ef2ec8e75b9e3569de2
 github.com/xeipuuv/gojsonpointer 4e3ac2762d5f479393488629ee9370b50873b3a6
 github.com/xeipuuv/gojsonreference bd5ef7bd5415a7ac448318e64f11a24cd21e594b

diff --git a/vendor/github.com/moby/buildkit/client/build.go b/vendor/github.com/moby/buildkit/client/build.go
diff --git a/vendor/github.com/moby/buildkit/client/llb/exec.go b/vendor/github.com/moby/buildkit/client/llb/exec.go
diff --git a/vendor/github.com/moby/buildkit/client/llb/meta.go b/vendor/github.com/moby/buildkit/client/llb/meta.go
diff --git a/vendor/github.com/moby/buildkit/client/llb/state.go b/vendor/github.com/moby/buildkit/client/llb/state.go
diff --git a/vendor/github.com/moby/buildkit/client/solve.go b/vendor/github.com/moby/buildkit/client/solve.go
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/client/client.go b/vendor/github.com/moby/buildkit/frontend/gateway/client/client.go
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go b/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go