vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go - third_party/github.com/moby/moby - Git at Google

 package ops

 import (
 	"bytes"
 	"context"
 	"encoding/json"
 	"fmt"
 	"os"
 	"path"
 	"runtime"
 	"sort"
 	"strings"
 	"sync"

 	"github.com/boltdb/bolt"
 	"github.com/containerd/containerd/mount"
 	"github.com/moby/buildkit/cache"
 	"github.com/moby/buildkit/cache/metadata"
 	"github.com/moby/buildkit/executor"
 	"github.com/moby/buildkit/snapshot"
 	"github.com/moby/buildkit/solver"
 	"github.com/moby/buildkit/solver/llbsolver"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/progress/logs"
 	"github.com/moby/buildkit/worker"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )

 const execCacheType = "buildkit.exec.v0"

 type execOp struct {
 	op        *pb.ExecOp
 	cm        cache.Manager
 	md        *metadata.Store
 	exec      executor.Executor
 	w         worker.Worker
 	numInputs int
 }

 func NewExecOp(v solver.Vertex, op *pb.Op_Exec, cm cache.Manager, md *metadata.Store, exec executor.Executor, w worker.Worker) (solver.Op, error) {
 	return &execOp{
 		op:        op.Exec,
 		cm:        cm,
 		md:        md,
 		exec:      exec,
 		numInputs: len(v.Inputs()),
 		w:         w,
 	}, nil
 }

 func cloneExecOp(old *pb.ExecOp) pb.ExecOp {
 	n := *old
 	meta := *n.Meta
 	n.Meta = &meta
 	n.Mounts = nil
 	for i := range n.Mounts {
 		m := *n.Mounts[i]
 		n.Mounts = append(n.Mounts, &m)
 	}
 	return n
 }

 func (e *execOp) CacheMap(ctx context.Context, index int) (*solver.CacheMap, bool, error) {
 	op := cloneExecOp(e.op)
 	for i := range op.Mounts {
 		op.Mounts[i].Selector = ""
 	}
 	op.Meta.ProxyEnv = nil

 	dt, err := json.Marshal(struct {
 		Type string
 		Exec *pb.ExecOp
 		OS   string
 		Arch string
 	}{
 		Type: execCacheType,
 		Exec: &op,
 		OS:   runtime.GOOS,
 		Arch: runtime.GOARCH,
 	})
 	if err != nil {
 		return nil, false, err
 	}

 	cm := &solver.CacheMap{
 		Digest: digest.FromBytes(dt),
 		Deps: make([]struct {
 			Selector          digest.Digest
 			ComputeDigestFunc solver.ResultBasedCacheFunc
 		}, e.numInputs),
 	}

 	deps, err := e.getMountDeps()
 	if err != nil {
 		return nil, false, err
 	}

 	for i, dep := range deps {
 		if len(dep.Selectors) != 0 {
 			dgsts := make([][]byte, 0, len(dep.Selectors))
 			for _, p := range dep.Selectors {
 				dgsts = append(dgsts, []byte(p))
 			}
 			cm.Deps[i].Selector = digest.FromBytes(bytes.Join(dgsts, []byte{0}))
 		}
 		if !dep.NoContentBasedHash {
 			cm.Deps[i].ComputeDigestFunc = llbsolver.NewContentHashFunc(dedupePaths(dep.Selectors))
 		}
 	}

 	return cm, true, nil
 }

 func dedupePaths(inp []string) []string {
 	old := make(map[string]struct{}, len(inp))
 	for _, p := range inp {
 		old[p] = struct{}{}
 	}
 	paths := make([]string, 0, len(old))
 	for p1 := range old {
 		var skip bool
 		for p2 := range old {
 			if p1 != p2 && strings.HasPrefix(p1, p2) {
 				skip = true
 				break
 			}
 		}
 		if !skip {
 			paths = append(paths, p1)
 		}
 	}
 	sort.Slice(paths, func(i, j int) bool {
 		return paths[i] < paths[j]
 	})
 	return paths
 }

 type dep struct {
 	Selectors          []string
 	NoContentBasedHash bool
 }

 func (e *execOp) getMountDeps() ([]dep, error) {
 	deps := make([]dep, e.numInputs)
 	for _, m := range e.op.Mounts {
 		if m.Input == pb.Empty {
 			continue
 		}
 		if int(m.Input) >= len(deps) {
 			return nil, errors.Errorf("invalid mountinput %v", m)
 		}

 		sel := m.Selector
 		if sel != "" {
 			sel = path.Join("/", sel)
 			deps[m.Input].Selectors = append(deps[m.Input].Selectors, sel)
 		}

 		if !m.Readonly || m.Dest == pb.RootMount { // exclude read-only rootfs
 			deps[m.Input].NoContentBasedHash = true
 		}
 	}
 	return deps, nil
 }

 func (e *execOp) getRefCacheDir(ctx context.Context, ref cache.ImmutableRef, id string, m *pb.Mount) (cache.MutableRef, error) {

 	key := "cache-dir:" + id
 	if ref != nil {
 		key += ":" + ref.ID()
 	}

 	return sharedCacheRefs.get(key, func() (cache.MutableRef, error) {
 		return e.getRefCacheDirNoCache(ctx, key, ref, id, m)
 	})
 }

 func (e *execOp) getRefCacheDirNoCache(ctx context.Context, key string, ref cache.ImmutableRef, id string, m *pb.Mount) (cache.MutableRef, error) {
 	makeMutable := func(cache.ImmutableRef) (cache.MutableRef, error) {
 		desc := fmt.Sprintf("cached mount %s from exec %s", m.Dest, strings.Join(e.op.Meta.Args, " "))
 		return e.cm.New(ctx, ref, cache.WithDescription(desc), cache.CachePolicyRetain)
 	}

 	sis, err := e.md.Search(key)
 	if err != nil {
 		return nil, err
 	}
 	for _, si := range sis {
 		if mRef, err := e.cm.GetMutable(ctx, si.ID()); err == nil {
 			logrus.Debugf("reusing ref for cache dir: %s", mRef.ID())
 			return mRef, nil
 		}
 	}
 	mRef, err := makeMutable(ref)
 	if err != nil {
 		return nil, err
 	}

 	si, _ := e.md.Get(mRef.ID())
 	v, err := metadata.NewValue(key)
 	if err != nil {
 		mRef.Release(context.TODO())
 		return nil, err
 	}
 	v.Index = key
 	if err := si.Update(func(b *bolt.Bucket) error {
 		return si.SetValue(b, key, v)
 	}); err != nil {
 		mRef.Release(context.TODO())
 		return nil, err
 	}
 	return mRef, nil
 }

 func (e *execOp) Exec(ctx context.Context, inputs []solver.Result) ([]solver.Result, error) {
 	var mounts []executor.Mount
 	var root cache.Mountable
 	var readonlyRootFS bool

 	var outputs []cache.Ref

 	defer func() {
 		for _, o := range outputs {
 			if o != nil {
 				go o.Release(context.TODO())
 			}
 		}
 	}()

 	// loop over all mounts, fill in mounts, root and outputs
 	for _, m := range e.op.Mounts {
 		var mountable cache.Mountable
 		var ref cache.ImmutableRef

 		if m.Dest == pb.RootMount && m.MountType != pb.MountType_BIND {
 			return nil, errors.Errorf("invalid mount type %s for %s", m.MountType.String(), m.Dest)
 		}

 		// if mount is based on input validate and load it
 		if m.Input != pb.Empty {
 			if int(m.Input) > len(inputs) {
 				return nil, errors.Errorf("missing input %d", m.Input)
 			}
 			inp := inputs[int(m.Input)]
 			workerRef, ok := inp.Sys().(*worker.WorkerRef)
 			if !ok {
 				return nil, errors.Errorf("invalid reference for exec %T", inp.Sys())
 			}
 			ref = workerRef.ImmutableRef
 			mountable = ref
 		}

 		makeMutable := func(cache.ImmutableRef) (cache.MutableRef, error) {
 			desc := fmt.Sprintf("mount %s from exec %s", m.Dest, strings.Join(e.op.Meta.Args, " "))
 			return e.cm.New(ctx, ref, cache.WithDescription(desc))
 		}

 		switch m.MountType {
 		case pb.MountType_BIND:
 			// if mount creates an output
 			if m.Output != pb.SkipOutput {
 				// it it is readonly and not root then output is the input
 				if m.Readonly && ref != nil && m.Dest != pb.RootMount {
 					outputs = append(outputs, ref.Clone())
 				} else {
 					// otherwise output and mount is the mutable child
 					active, err := makeMutable(ref)
 					if err != nil {
 						return nil, err
 					}
 					outputs = append(outputs, active)
 					mountable = active
 				}
 			} else if ref == nil {
 				// this case is empty readonly scratch without output that is not really useful for anything but don't error
 				active, err := makeMutable(ref)
 				if err != nil {
 					return nil, err
 				}
 				defer active.Release(context.TODO())
 				mountable = active
 			}

 		case pb.MountType_CACHE:
 			if m.CacheOpt == nil {
 				return nil, errors.Errorf("missing cache mount options")
 			}
 			mRef, err := e.getRefCacheDir(ctx, ref, m.CacheOpt.ID, m)
 			if err != nil {
 				return nil, err
 			}
 			mountable = mRef
 			defer func() {
 				go mRef.Release(context.TODO())
 			}()
 			if m.Output != pb.SkipOutput && ref != nil {
 				outputs = append(outputs, ref.Clone())
 			}

 		case pb.MountType_TMPFS:
 			mountable = newTmpfs()

 		default:
 			return nil, errors.Errorf("mount type %s not implemented", m.MountType)
 		}

 		// validate that there is a mount
 		if mountable == nil {
 			return nil, errors.Errorf("mount %s has no input", m.Dest)
 		}

 		// if dest is root we need mutable ref even if there is no output
 		if m.Dest == pb.RootMount {
 			root = mountable
 			readonlyRootFS = m.Readonly
 			if m.Output == pb.SkipOutput && readonlyRootFS {
 				active, err := makeMutable(ref)
 				if err != nil {
 					return nil, err
 				}
 				defer func() {
 					go active.Release(context.TODO())
 				}()
 				root = active
 			}
 		} else {
 			mounts = append(mounts, executor.Mount{Src: mountable, Dest: m.Dest, Readonly: m.Readonly, Selector: m.Selector})
 		}
 	}

 	// sort mounts so parents are mounted first
 	sort.Slice(mounts, func(i, j int) bool {
 		return mounts[i].Dest < mounts[j].Dest
 	})

 	meta := executor.Meta{
 		Args:           e.op.Meta.Args,
 		Env:            e.op.Meta.Env,
 		Cwd:            e.op.Meta.Cwd,
 		User:           e.op.Meta.User,
 		ReadonlyRootFS: readonlyRootFS,
 	}

 	if e.op.Meta.ProxyEnv != nil {
 		meta.Env = append(meta.Env, proxyEnvList(e.op.Meta.ProxyEnv)...)
 	}

 	stdout, stderr := logs.NewLogStreams(ctx, os.Getenv("BUILDKIT_DEBUG_EXEC_OUTPUT") == "1")
 	defer stdout.Close()
 	defer stderr.Close()

 	if err := e.exec.Exec(ctx, meta, root, mounts, nil, stdout, stderr); err != nil {
 		return nil, errors.Wrapf(err, "executor failed running %v", meta.Args)
 	}

 	refs := []solver.Result{}
 	for i, out := range outputs {
 		if mutable, ok := out.(cache.MutableRef); ok {
 			ref, err := mutable.Commit(ctx)
 			if err != nil {
 				return nil, errors.Wrapf(err, "error committing %s", mutable.ID())
 			}
 			refs = append(refs, worker.NewWorkerRefResult(ref, e.w))
 		} else {
 			refs = append(refs, worker.NewWorkerRefResult(out.(cache.ImmutableRef), e.w))
 		}
 		outputs[i] = nil
 	}
 	return refs, nil
 }

 func proxyEnvList(p *pb.ProxyEnv) []string {
 	out := []string{}
 	if v := p.HttpProxy; v != "" {
 		out = append(out, "HTTP_PROXY="+v, "http_proxy="+v)
 	}
 	if v := p.HttpsProxy; v != "" {
 		out = append(out, "HTTPS_PROXY="+v, "https_proxy="+v)
 	}
 	if v := p.FtpProxy; v != "" {
 		out = append(out, "FTP_PROXY="+v, "ftp_proxy="+v)
 	}
 	if v := p.NoProxy; v != "" {
 		out = append(out, "NO_PROXY="+v, "no_proxy="+v)
 	}
 	return out
 }

 func newTmpfs() cache.Mountable {
 	return &tmpfs{}
 }

 type tmpfs struct {
 }

 func (f *tmpfs) Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error) {
 	return &tmpfsMount{readonly: readonly}, nil
 }

 type tmpfsMount struct {
 	readonly bool
 }

 func (m *tmpfsMount) Mount() ([]mount.Mount, error) {
 	opt := []string{"nosuid"}
 	if m.readonly {
 		opt = append(opt, "ro")
 	}
 	return []mount.Mount{{
 		Type:    "tmpfs",
 		Source:  "tmpfs",
 		Options: opt,
 	}}, nil
 }
 func (m *tmpfsMount) Release() error {
 	return nil
 }

 var sharedCacheRefs = &cacheRefs{}

 type cacheRefs struct {
 	mu     sync.Mutex
 	shares map[string]*cacheRefShare
 }

 func (r *cacheRefs) get(key string, fn func() (cache.MutableRef, error)) (cache.MutableRef, error) {
 	r.mu.Lock()
 	defer r.mu.Unlock()

 	if r.shares == nil {
 		r.shares = map[string]*cacheRefShare{}
 	}

 	share, ok := r.shares[key]
 	if ok {
 		return share.clone(), nil
 	}

 	mref, err := fn()
 	if err != nil {
 		return nil, err
 	}

 	share = &cacheRefShare{MutableRef: mref, main: r, key: key, refs: map[*cacheRef]struct{}{}}
 	r.shares[key] = share

 	return share.clone(), nil
 }

 type cacheRefShare struct {
 	cache.MutableRef
 	mu   sync.Mutex
 	refs map[*cacheRef]struct{}
 	main *cacheRefs
 	key  string
 }

 func (r *cacheRefShare) clone() cache.MutableRef {
 	cacheRef := &cacheRef{cacheRefShare: r}
 	r.mu.Lock()
 	r.refs[cacheRef] = struct{}{}
 	r.mu.Unlock()
 	return cacheRef
 }

 func (r *cacheRefShare) release(ctx context.Context) error {
 	r.main.mu.Lock()
 	defer r.main.mu.Unlock()
 	delete(r.main.shares, r.key)
 	return r.MutableRef.Release(ctx)
 }

 type cacheRef struct {
 	*cacheRefShare
 }

 func (r *cacheRef) Release(ctx context.Context) error {
 	r.mu.Lock()
 	defer r.mu.Unlock()
 	delete(r.refs, r)
 	if len(r.refs) == 0 {
 		return r.release(ctx)
 	}
 	return nil
 }
	package ops

	import (
	"bytes"
	"context"
	"encoding/json"
	"fmt"
	"os"
	"path"
	"runtime"
	"sort"
	"strings"
	"sync"

	"github.com/boltdb/bolt"
	"github.com/containerd/containerd/mount"
	"github.com/moby/buildkit/cache"
	"github.com/moby/buildkit/cache/metadata"
	"github.com/moby/buildkit/executor"
	"github.com/moby/buildkit/snapshot"
	"github.com/moby/buildkit/solver"
	"github.com/moby/buildkit/solver/llbsolver"
	"github.com/moby/buildkit/solver/pb"
	"github.com/moby/buildkit/util/progress/logs"
	"github.com/moby/buildkit/worker"
	digest "github.com/opencontainers/go-digest"
	"github.com/pkg/errors"
	"github.com/sirupsen/logrus"
	)

	const execCacheType = "buildkit.exec.v0"

	type execOp struct {
	op *pb.ExecOp
	cm cache.Manager
	md *metadata.Store
	exec executor.Executor
	w worker.Worker
	numInputs int
	}

	func NewExecOp(v solver.Vertex, op pb.Op_Exec, cm cache.Manager, md metadata.Store, exec executor.Executor, w worker.Worker) (solver.Op, error) {
	return &execOp{
	op: op.Exec,
	cm: cm,
	md: md,
	exec: exec,
	numInputs: len(v.Inputs()),
	w: w,
	}, nil
	}

	func cloneExecOp(old *pb.ExecOp) pb.ExecOp {
	n := *old
	meta := *n.Meta
	n.Meta = &meta
	n.Mounts = nil
	for i := range n.Mounts {
	m := *n.Mounts[i]
	n.Mounts = append(n.Mounts, &m)
	}
	return n
	}

	func (e execOp) CacheMap(ctx context.Context, index int) (solver.CacheMap, bool, error) {
	op := cloneExecOp(e.op)
	for i := range op.Mounts {
	op.Mounts[i].Selector = ""
	}
	op.Meta.ProxyEnv = nil

	dt, err := json.Marshal(struct {
	Type string
	Exec *pb.ExecOp
	OS string
	Arch string
	}{
	Type: execCacheType,
	Exec: &op,
	OS: runtime.GOOS,
	Arch: runtime.GOARCH,
	})
	if err != nil {
	return nil, false, err
	}

	cm := &solver.CacheMap{
	Digest: digest.FromBytes(dt),
	Deps: make([]struct {
	Selector digest.Digest
	ComputeDigestFunc solver.ResultBasedCacheFunc
	}, e.numInputs),
	}

	deps, err := e.getMountDeps()
	if err != nil {
	return nil, false, err
	}

	for i, dep := range deps {
	if len(dep.Selectors) != 0 {
	dgsts := make([][]byte, 0, len(dep.Selectors))
	for _, p := range dep.Selectors {
	dgsts = append(dgsts, []byte(p))
	}
	cm.Deps[i].Selector = digest.FromBytes(bytes.Join(dgsts, []byte{0}))
	}
	if !dep.NoContentBasedHash {
	cm.Deps[i].ComputeDigestFunc = llbsolver.NewContentHashFunc(dedupePaths(dep.Selectors))
	}
	}

	return cm, true, nil
	}

	func dedupePaths(inp []string) []string {
	old := make(map[string]struct{}, len(inp))
	for _, p := range inp {
	old[p] = struct{}{}
	}
	paths := make([]string, 0, len(old))
	for p1 := range old {
	var skip bool
	for p2 := range old {
	if p1 != p2 && strings.HasPrefix(p1, p2) {
	skip = true
	break
	}
	}
	if !skip {
	paths = append(paths, p1)
	}
	}
	sort.Slice(paths, func(i, j int) bool {
	return paths[i] < paths[j]
	})
	return paths
	}

	type dep struct {
	Selectors []string
	NoContentBasedHash bool
	}

	func (e *execOp) getMountDeps() ([]dep, error) {
	deps := make([]dep, e.numInputs)
	for _, m := range e.op.Mounts {
	if m.Input == pb.Empty {
	continue
	}
	if int(m.Input) >= len(deps) {
	return nil, errors.Errorf("invalid mountinput %v", m)
	}

	sel := m.Selector
	if sel != "" {
	sel = path.Join("/", sel)
	deps[m.Input].Selectors = append(deps[m.Input].Selectors, sel)
	}

	if !m.Readonly \|\| m.Dest == pb.RootMount { // exclude read-only rootfs
	deps[m.Input].NoContentBasedHash = true
	}
	}
	return deps, nil
	}

	func (e execOp) getRefCacheDir(ctx context.Context, ref cache.ImmutableRef, id string, m pb.Mount) (cache.MutableRef, error) {

	key := "cache-dir:" + id
	if ref != nil {
	key += ":" + ref.ID()
	}

	return sharedCacheRefs.get(key, func() (cache.MutableRef, error) {
	return e.getRefCacheDirNoCache(ctx, key, ref, id, m)
	})
	}

	func (e execOp) getRefCacheDirNoCache(ctx context.Context, key string, ref cache.ImmutableRef, id string, m pb.Mount) (cache.MutableRef, error) {
	makeMutable := func(cache.ImmutableRef) (cache.MutableRef, error) {
	desc := fmt.Sprintf("cached mount %s from exec %s", m.Dest, strings.Join(e.op.Meta.Args, " "))
	return e.cm.New(ctx, ref, cache.WithDescription(desc), cache.CachePolicyRetain)
	}

	sis, err := e.md.Search(key)
	if err != nil {
	return nil, err
	}
	for _, si := range sis {
	if mRef, err := e.cm.GetMutable(ctx, si.ID()); err == nil {
	logrus.Debugf("reusing ref for cache dir: %s", mRef.ID())
	return mRef, nil
	}
	}
	mRef, err := makeMutable(ref)
	if err != nil {
	return nil, err
	}

	si, _ := e.md.Get(mRef.ID())
	v, err := metadata.NewValue(key)
	if err != nil {
	mRef.Release(context.TODO())
	return nil, err
	}
	v.Index = key
	if err := si.Update(func(b *bolt.Bucket) error {
	return si.SetValue(b, key, v)
	}); err != nil {
	mRef.Release(context.TODO())
	return nil, err
	}
	return mRef, nil
	}

	func (e *execOp) Exec(ctx context.Context, inputs []solver.Result) ([]solver.Result, error) {
	var mounts []executor.Mount
	var root cache.Mountable
	var readonlyRootFS bool

	var outputs []cache.Ref

	defer func() {
	for _, o := range outputs {
	if o != nil {
	go o.Release(context.TODO())
	}
	}
	}()

	// loop over all mounts, fill in mounts, root and outputs
	for _, m := range e.op.Mounts {
	var mountable cache.Mountable
	var ref cache.ImmutableRef

	if m.Dest == pb.RootMount && m.MountType != pb.MountType_BIND {
	return nil, errors.Errorf("invalid mount type %s for %s", m.MountType.String(), m.Dest)
	}

	// if mount is based on input validate and load it
	if m.Input != pb.Empty {
	if int(m.Input) > len(inputs) {
	return nil, errors.Errorf("missing input %d", m.Input)
	}
	inp := inputs[int(m.Input)]
	workerRef, ok := inp.Sys().(*worker.WorkerRef)
	if !ok {
	return nil, errors.Errorf("invalid reference for exec %T", inp.Sys())
	}
	ref = workerRef.ImmutableRef
	mountable = ref
	}

	makeMutable := func(cache.ImmutableRef) (cache.MutableRef, error) {
	desc := fmt.Sprintf("mount %s from exec %s", m.Dest, strings.Join(e.op.Meta.Args, " "))
	return e.cm.New(ctx, ref, cache.WithDescription(desc))
	}

	switch m.MountType {
	case pb.MountType_BIND:
	// if mount creates an output
	if m.Output != pb.SkipOutput {
	// it it is readonly and not root then output is the input
	if m.Readonly && ref != nil && m.Dest != pb.RootMount {
	outputs = append(outputs, ref.Clone())
	} else {
	// otherwise output and mount is the mutable child
	active, err := makeMutable(ref)
	if err != nil {
	return nil, err
	}
	outputs = append(outputs, active)
	mountable = active
	}
	} else if ref == nil {
	// this case is empty readonly scratch without output that is not really useful for anything but don't error
	active, err := makeMutable(ref)
	if err != nil {
	return nil, err
	}
	defer active.Release(context.TODO())
	mountable = active
	}

	case pb.MountType_CACHE:
	if m.CacheOpt == nil {
	return nil, errors.Errorf("missing cache mount options")
	}
	mRef, err := e.getRefCacheDir(ctx, ref, m.CacheOpt.ID, m)
	if err != nil {
	return nil, err
	}
	mountable = mRef
	defer func() {
	go mRef.Release(context.TODO())
	}()
	if m.Output != pb.SkipOutput && ref != nil {
	outputs = append(outputs, ref.Clone())
	}

	case pb.MountType_TMPFS:
	mountable = newTmpfs()

	default:
	return nil, errors.Errorf("mount type %s not implemented", m.MountType)
	}

	// validate that there is a mount
	if mountable == nil {
	return nil, errors.Errorf("mount %s has no input", m.Dest)
	}

	// if dest is root we need mutable ref even if there is no output
	if m.Dest == pb.RootMount {
	root = mountable
	readonlyRootFS = m.Readonly
	if m.Output == pb.SkipOutput && readonlyRootFS {
	active, err := makeMutable(ref)
	if err != nil {
	return nil, err
	}
	defer func() {
	go active.Release(context.TODO())
	}()
	root = active
	}
	} else {
	mounts = append(mounts, executor.Mount{Src: mountable, Dest: m.Dest, Readonly: m.Readonly, Selector: m.Selector})
	}
	}

	// sort mounts so parents are mounted first
	sort.Slice(mounts, func(i, j int) bool {
	return mounts[i].Dest < mounts[j].Dest
	})

	meta := executor.Meta{
	Args: e.op.Meta.Args,
	Env: e.op.Meta.Env,
	Cwd: e.op.Meta.Cwd,
	User: e.op.Meta.User,
	ReadonlyRootFS: readonlyRootFS,
	}

	if e.op.Meta.ProxyEnv != nil {
	meta.Env = append(meta.Env, proxyEnvList(e.op.Meta.ProxyEnv)...)
	}

	stdout, stderr := logs.NewLogStreams(ctx, os.Getenv("BUILDKIT_DEBUG_EXEC_OUTPUT") == "1")
	defer stdout.Close()
	defer stderr.Close()

	if err := e.exec.Exec(ctx, meta, root, mounts, nil, stdout, stderr); err != nil {
	return nil, errors.Wrapf(err, "executor failed running %v", meta.Args)
	}

	refs := []solver.Result{}
	for i, out := range outputs {
	if mutable, ok := out.(cache.MutableRef); ok {
	ref, err := mutable.Commit(ctx)
	if err != nil {
	return nil, errors.Wrapf(err, "error committing %s", mutable.ID())
	}
	refs = append(refs, worker.NewWorkerRefResult(ref, e.w))
	} else {
	refs = append(refs, worker.NewWorkerRefResult(out.(cache.ImmutableRef), e.w))
	}
	outputs[i] = nil
	}
	return refs, nil
	}

	func proxyEnvList(p *pb.ProxyEnv) []string {
	out := []string{}
	if v := p.HttpProxy; v != "" {
	out = append(out, "HTTP_PROXY="+v, "http_proxy="+v)
	}
	if v := p.HttpsProxy; v != "" {
	out = append(out, "HTTPS_PROXY="+v, "https_proxy="+v)
	}
	if v := p.FtpProxy; v != "" {
	out = append(out, "FTP_PROXY="+v, "ftp_proxy="+v)
	}
	if v := p.NoProxy; v != "" {
	out = append(out, "NO_PROXY="+v, "no_proxy="+v)
	}
	return out
	}

	func newTmpfs() cache.Mountable {
	return &tmpfs{}
	}

	type tmpfs struct {
	}

	func (f *tmpfs) Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error) {
	return &tmpfsMount{readonly: readonly}, nil
	}

	type tmpfsMount struct {
	readonly bool
	}

	func (m *tmpfsMount) Mount() ([]mount.Mount, error) {
	opt := []string{"nosuid"}
	if m.readonly {
	opt = append(opt, "ro")
	}
	return []mount.Mount{{
	Type: "tmpfs",
	Source: "tmpfs",
	Options: opt,
	}}, nil
	}
	func (m *tmpfsMount) Release() error {
	return nil
	}

	var sharedCacheRefs = &cacheRefs{}

	type cacheRefs struct {
	mu sync.Mutex
	shares map[string]*cacheRefShare
	}

	func (r *cacheRefs) get(key string, fn func() (cache.MutableRef, error)) (cache.MutableRef, error) {
	r.mu.Lock()
	defer r.mu.Unlock()

	if r.shares == nil {
	r.shares = map[string]*cacheRefShare{}
	}

	share, ok := r.shares[key]
	if ok {
	return share.clone(), nil
	}

	mref, err := fn()
	if err != nil {
	return nil, err
	}

	share = &cacheRefShare{MutableRef: mref, main: r, key: key, refs: map[*cacheRef]struct{}{}}
	r.shares[key] = share

	return share.clone(), nil
	}

	type cacheRefShare struct {
	cache.MutableRef
	mu sync.Mutex
	refs map[*cacheRef]struct{}
	main *cacheRefs
	key string
	}

	func (r *cacheRefShare) clone() cache.MutableRef {
	cacheRef := &cacheRef{cacheRefShare: r}
	r.mu.Lock()
	r.refs[cacheRef] = struct{}{}
	r.mu.Unlock()
	return cacheRef
	}

	func (r *cacheRefShare) release(ctx context.Context) error {
	r.main.mu.Lock()
	defer r.main.mu.Unlock()
	delete(r.main.shares, r.key)
	return r.MutableRef.Release(ctx)
	}

	type cacheRef struct {
	*cacheRefShare
	}

	func (r *cacheRef) Release(ctx context.Context) error {
	r.mu.Lock()
	defer r.mu.Unlock()
	delete(r.refs, r)
	if len(r.refs) == 0 {
	return r.release(ctx)
	}
	return nil
	}