executor/oci: use fork of libnetwork/resolvconf

Rewrite the resolvconf code to use libnetwork's internal packege, which
allows us to skip some of the moby-specific handling (writing to a file,
creating a hash of the file to detect changes made by the user (not
supported by BuildKit, which always mounts read-only).

This rewrite also allows us to skip GetNameservers, GetSearchDomains, GetOptions,
and FilterResolvDNS, which repeatedly would parse the resolvconf file for
each of them.

The new code parses the original resolvconf once, after which mutations
(overrides) are done in memory, after which we generate the resolv.conf to
write to disk.

Signed-off-by: Sebastiaan van Stijn <[email protected]>

Author: thaJeztah

executor/oci/resolvconf.go

@@ -2,10 +2,11 @@ package oci
 
 import (
 	"context"
+	"net/netip"
 	"os"
 	"path/filepath"
 
-	"github.com/docker/docker/libnetwork/resolvconf"
+	"github.com/moby/buildkit/executor/oci/internal/resolvconf"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/flightcontrol"
 	"github.com/moby/sys/user"
@@ -76,41 +77,40 @@ func GetResolvConf(ctx context.Context, stateDir string, idmap *user.IdentityMap
 			return struct{}{}, nil
 		}
 
-		dt, err := os.ReadFile(resolvconfPath(netMode))
+		rc, err := resolvconf.Load(resolvconfPath(netMode))
 		if err != nil && !errors.Is(err, os.ErrNotExist) {
 			return struct{}{}, errors.WithStack(err)
 		}
 
-		tmpPath := p + ".tmp"
 		if dns != nil {
-			var (
-				dnsNameservers   = dns.Nameservers
-				dnsSearchDomains = dns.SearchDomains
-				dnsOptions       = dns.Options
-			)
-			if len(dns.Nameservers) == 0 {
-				dnsNameservers = resolvconf.GetNameservers(dt, resolvconf.IP)
+			if len(dns.Nameservers) > 0 {
+				var ns []netip.Addr
+				for _, addr := range dns.Nameservers {
+					ipAddr, err := netip.ParseAddr(addr)
+					if err != nil {
+						return struct{}{}, errors.WithStack(errors.Wrap(err, "bad nameserver address"))
+					}
+					ns = append(ns, ipAddr)
+				}
+				rc.OverrideNameServers(ns)
 			}
-			if len(dns.SearchDomains) == 0 {
-				dnsSearchDomains = resolvconf.GetSearchDomains(dt)
+			if len(dns.SearchDomains) > 0 {
+				rc.OverrideSearch(dns.SearchDomains)
 			}
-			if len(dns.Options) == 0 {
-				dnsOptions = resolvconf.GetOptions(dt)
+			if len(dns.Options) > 0 {
+				rc.OverrideOptions(dns.Options)
 			}
+		}
 
-			f, err := resolvconf.Build(tmpPath, dnsNameservers, dnsSearchDomains, dnsOptions)
-			if err != nil {
-				return struct{}{}, errors.WithStack(err)
-			}
-			dt = f.Content
+		if netMode != pb.NetMode_HOST || len(rc.NameServers()) == 0 {
+			rc.TransformForLegacyNw(true)
 		}
 
-		if netMode != pb.NetMode_HOST || len(resolvconf.GetNameservers(dt, resolvconf.IP)) == 0 {
-			f, err := resolvconf.FilterResolvDNS(dt, true)
-			if err != nil {
-				return struct{}{}, errors.WithStack(err)
-			}
-			dt = f.Content
+		tmpPath := p + ".tmp"
+
+		dt, err := rc.Generate(false)
+		if err != nil {
+			return struct{}{}, errors.WithStack(err)
 		}
 
 		if err := os.WriteFile(tmpPath, dt, 0644); err != nil {
@@ -124,6 +124,7 @@ func GetResolvConf(ctx context.Context, stateDir string, idmap *user.IdentityMap
 			}
 		}
 
+		// TODO(thaJeztah): can we avoid the write -> chown -> rename?
 		if err := os.Rename(tmpPath, p); err != nil {
 			return struct{}{}, errors.WithStack(err)
 		}

go.mod

@@ -52,6 +52,7 @@ require (
 	github.com/moby/go-archive v0.1.0
 	github.com/moby/locker v1.0.1
 	github.com/moby/patternmatcher v0.6.0
+	github.com/moby/sys/atomicwriter v0.1.0
 	github.com/moby/sys/mountinfo v0.7.2
 	github.com/moby/sys/reexec v0.1.0
 	github.com/moby/sys/signal v0.7.1
@@ -160,7 +161,6 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
-	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/sys/mount v0.3.4 // indirect
 	github.com/moby/sys/sequential v0.6.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect