v0.6.3

Fixes:

• dockerfile: fix copy symlinks on copied dir #1228
• exec: fix mount options on userns remapping #1231
• cache: fix possible concurrent maps write on parent release #1257

v0.6.2

Fixes:

• ssh: Fix file descriptor leak when doing SSH forwarding #1150
• contenthash: Fix bug with symlink in source path of a copy operation #1140
• fsutil: Handle copying unix sockets in local sources #1144
• llbsolver: Fix using multiple remote cache importers #1156
• http: Handle missing but unambiguous ETags in response #1159
• solver: Fix possible inefficient parallelization in solver #1166
• executor: oom_score_adj is no longer set from main process #1139

v0.6.1

Fixes:

• Importing inline cache from manifest lists #1129
• Readwrite mounts handling #1124

Dockerfile:

• Support for git context with keeping the .git directory #1132
• COPY --from with relative source path compatibility with old versions #1125

v0.6.0

Images

https://hub.docker.com/r/moby/buildkit/tags/

• docker.io/moby/buildkit:v0.6.0
  sha256:f1a5fc2c244c2b3b3dda344f6a0c64796b31aa96aa2ab88c951aeeeb66e23318

• docker.io/moby/buildkit:v0.6.0-rootless
  sha256:d70dd5f1fbaa1e729e380b3a31c394a5f79ec0c19c55e6636cf63e97c390a9f0

Notable Changes

• Custom DNS configuration and use systemd resolver if enabled #1033 #1040

• Optional CNI networking support #1073

• Automatic platform runtime support detection for RISC-V, ppc64le and s390x #1038 #1103

• Clear previous cache mounts on no-cache builds #1092

• Fix contention bugs between GC releases and cache import #1007 #1013 #1044

• Updates on how cgroupfs/sysfs are mounted in privileged security mode #1085

• Validate LLB not generated by golang package #1049

• Handle canceled local upload state #1023

• Provide a workaround for invalid registry responses from gcr.io #1024

Contributors

• Tõnis Tiigi
• Tibor Vass
• Akihiro Suda
• Andrey Smirnov
• Stepan Blyshchak
• Dave Chen
• Stefan Schoof
• Christian Höltje
• Colin Chartier
• Nathan Sullivan
• Sebastiaan van Stijn
• Tomohiro Kusumoto
• Lajos Papp
• Mark Gordon

https://travis-ci.org/moby/buildkit/builds/566124940

dockerfile/1.1.2-experimental

This release is currently in staging: docker/dockerfile-upstream:1.1.2-experimental

sha256:702620cd58aea03f8c6c9b65c4eb45899677b9eec97042298a46537da20e145a

• Allow setting security mode for a process with RUN --security=sandbox|insecure #1081

• Allow setting uid/gid for cache mounts #1017

• Avoid requesting internally linked paths to be pulled to build context #1075

• Ensure missing cache IDs default to target paths #1093

• Allow setting namespace for cache mounts with BUILDKIT_CACHE_MOUNT_NS build arg #1094

dockerfile/1.1.2

This release is currently in staging: docker/dockerfile-upstream:1.1.2

sha256:a2c4cc8f44b989b8cf71215cc1ccfcbcc0662edb138ddfd3b3943dc820ee3654

• Fix workdir creation with correct user and don't reset custom ownership #1002 #1095

• Fix handling empty build args also used as ENV #1087

• Detect circular dependencies #999

v0.5.1

Images

https://hub.docker.com/r/moby/buildkit/tags/

• docker.io/moby/buildkit:v0.5.1
  sha256:d45d15f3b22fcfc1b112ffafc40fd2f2d530245e63cfe346a65bd75acdc4d346

• docker.io/moby/buildkit:v0.5.1-rootless
  sha256:5a826464a96e11d1c1ee97f35460f8421c6bdafd1d8f20bc11b9d698a179ab0b

Notable Changes

Small bug fixes

Contributors

• Tõnis Tiigi
• Akihiro Suda
• Tibor Vass

https://travis-ci.org/moby/buildkit/builds/530161430

v0.5.0

Images

https://hub.docker.com/r/moby/buildkit/tags/

• docker.io/moby/buildkit:v0.5.0
  sha256:ead5be62f4675b37f307e3000e5031644801219585020a6362aa71e02cb61027

• docker.io/moby/buildkit:v0.5.0-rootless
  sha256:5fcb511bf1067a5635b45b8269c05319a8a686460d704e554306f34d098cd440

Notable Changes

FileOp

LLB supports new operation FileOp allowing built-in file operations during build like copying files, creating new files or directories and removing files. Previously ADD/COPY commands used a helper image that ran a custom binary inside a container, now these commands use FileOp directly. This allows better performance and use of these commands in air-gapped environments without preloading the helper image, as well as fixing issues reported with the helper image implementation.

#809

Security entitlements

BuildKit now supports modes for granting builds permissions to execute processes with privileged capabilities. Certain options for running processes with LLB will require users to grant a capability before their build can run.

This enables specific builds to run processes that require system capabilities without compromising on the security of the default builds.

Currently two entitlements are supported:

network.host - Runs a specific process in the host network namespace.
security.insecure - Runs a process with all system capabilities enabled and security modules (eg. seccomp) disabled. Similar to docker run --privileged.

The entitlements need to be enabled both in the daemon configuration file and passed with a build request using --allow to take effect.

#570

New connection helpers for buildctl

Buildctl now has support for connecting to BuildKit daemon running in a Docker container or Kubernetes pod by using docker-container://<name> or kube-pod://<name> as BUILDKIT_HOST value.

#904
#951

Tar exporter

Build output can now be exported to the client as a tarball. Similar to the local exporter but allows preserving the file owner values.

buildctl build -o type=tar,dest=foo.tar ...
buildctl build -o type=tar ... > foo.tar

#907

New progress output formatting

Progress output has been improved. The TTY output now shows the last logs for currently running processes directly in the interactive output. Plain progress has been also updated for better readability.

#916
#919

Contributors

• Tõnis Tiigi
• Akihiro Suda
• Tibor Vass
• Kunal Kushwaha
• Dave Chen
• Sebastiaan van Stijn
• Hao Hu
• Himanshu Pandey
• Hiromu Nakamura
• Michael Crosby
• Tomohiro Kusumoto
• Wei Fu
• Ziv Tsarfati

https://travis-ci.org/moby/buildkit/builds/525193182

dockerfile/1.1.0

ADD/COPY commands now support implementation based on llb.FileOp and do not require helper image if builtin file operations support is available. #809

To find the files ignored from the build context Dockerfile frontend will first look for a file <path/to/Dockerfile>.dockerignore and if it is not found .dockerignore file will be looked up from the root of the build context. This allows projects with multiple Dockerfiles to use different .dockerignore definitions. #901

--chown flag for COPY command now supports variable expansion. #926

v0.4.0

Images

https://hub.docker.com/r/moby/buildkit/tags/

• docker.io/moby/buildkit:v0.4.0
  sha256:b9e69cb63202e682d6338c579e63273c6263ab54a9091e54f98ce279e0a4e922

• docker.io/moby/buildkit:v0.4.0-rootless
  sha256:3877d091e65429f59919ed5591aaeb863b1889a5314bdfdba5ff9c0dfb2f3ed0

Notable Changes

securityContext is no longer needed for running BuildKit on Kubernetes (#768)

moby/buildkit:v0.4.0-rootless does not require securityContext.procMount (or securityContext.privileged) to be configured when launched with --oci-worker-no-process-sandbox, which disables isolating PID namespaces across buildkitd and build containers.

To run moby/buildkit:v0.4.0-rootless using docker run, you still need to specify --security-opt seccomp=unconfined --security-opt apparmor=unconfined but you no longer need to specify --privileged.

See also https://github.com/moby/buildkit/blob/v0.4.0/docs/rootless.md

Cache can be now embedded into an image and can be pushed together (#777)

Prior to v0.4.0, cache and image needed to be pushed separately: buildctl build --output type=image,name=example.com/foo/bar,push=true --export-cache type=registry,ref=example.com/foo/bar:cache --import-cache type=registry,ref=example.com/foo/bar:cache

Now cache be embedded into an image by specifying --export-cache type=inline and on importing you can just point the --import-cache type=registry,ref=example.com/foo/bar directly to your end image.

Cache can be now exported to a local filesystem (#615 , #807)

Cache can be now exported to a local filesystem (e.g. Travis CI cache directories) using --export-cache type=local,dest=/path/to/dir and can be imported using --import-cache type=local,src=/path/to/dir.

New buildctl CLI (#807)

CLI options for frontend options, exporters and cache export and import have been normalized to csv style for less verbosity and (future) support for multiple exporters and cache sources.

Frontend options:

Old:

--frontend-opt foo=bar --frontend-opt bar=baz

New:

--opt foo=bar,bar=baz --opt baz=bay

Exporters:

Old:

--exporter image --exporter-opt name=foo --exporter-opt push=true
--exporter local --exporter-opt output=out

New:

--output type=image,name=foo,push=true
--output type=local,dest=out

Cache:

Old:

--export-cache foo --export-cache-opt mode=max
--import-cache foo

New:

--export-cache type=registry,ref=foo,mode=max
--export-cache type=inline
--export-cache type=local,dest=/path/to/dir
--import-cache type=registry,ref=foo
--import-cache type=local,src=/path/to/dir

Legacy syntax is still supported but has been deprecated.

Contributors

• Tõnis Tiigi
• Akihiro Suda
• Tibor Vass
• Sebastiaan van Stijn
• Dave Chen
• Iskander Sharipov
• Derek McGowan
• Fernando Miguel
• Natasha Jarus
• Patrick Van Stee
• Wei Fu

Changes

v0.3.3...v0.4.0