gitpod-io
diff --git a/‎api/services/control/control.pb.go
Lines changed: 261 additions & 156 deletions b/‎api/services/control/control.pb.go
Lines changed: 261 additions & 156 deletions
diff --git a/‎api/services/control/control.proto
Lines changed: 2 additions & 0 deletions b/‎api/services/control/control.proto
Lines changed: 2 additions & 0 deletions
diff --git a/‎cache/remotecache/s3/s3.go
Lines changed: 3 additions & 0 deletions b/‎cache/remotecache/s3/s3.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎control/control.go
Lines changed: 14 additions & 9 deletions b/‎control/control.go
Lines changed: 14 additions & 9 deletions
diff --git a/‎executor/runcexecutor/executor.go
Lines changed: 11 additions & 2 deletions b/‎executor/runcexecutor/executor.go
Lines changed: 11 additions & 2 deletions
diff --git a/‎exporter/attestation/unbundle.go
Lines changed: 4 additions & 0 deletions b/‎exporter/attestation/unbundle.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎frontend/dockerfile/dockerfile2llb/convert.go
Lines changed: 1 addition & 1 deletion b/‎frontend/dockerfile/dockerfile2llb/convert.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎frontend/dockerfile/dockerfile_addchecksum_test.go
Lines changed: 1 addition & 1 deletion b/‎frontend/dockerfile/dockerfile_addchecksum_test.go
Lines changed: 1 addition & 1 deletion
@@ -211,6 +211,7 @@ message BuildHistoryRecord {
 	int32 numCachedSteps = 15;
 	int32 numTotalSteps = 16;
 	int32 numCompletedSteps = 17;
+	Descriptor externalError = 18;
 	// TODO: tags
 	// TODO: unclipped logs
 }
@@ -219,6 +220,7 @@ message UpdateBuildHistoryRequest {
 	string Ref = 1;
 	bool Pinned = 2;
 	bool Delete = 3;
+	bool Finalize = 4;
 }
 
 message UpdateBuildHistoryResponse {}
 
@@ -408,6 +408,9 @@ func (s3Client *s3Client) getManifest(ctx context.Context, key string, config *v
 	if err := decoder.Decode(config); err != nil {
 		return false, errors.WithStack(err)
 	}
+	if _, err := decoder.Token(); !errors.Is(err, io.EOF) {
+		return false, errors.Errorf("unexpected data after JSON object")
+	}
 
 	return true, nil
 }
 
@@ -283,18 +283,23 @@ func (c *Controller) ListenBuildHistory(req *controlapi.BuildHistoryRequest, srv
 }
 
 func (c *Controller) UpdateBuildHistory(ctx context.Context, req *controlapi.UpdateBuildHistoryRequest) (*controlapi.UpdateBuildHistoryResponse, error) {
-	if !req.Delete {
-		err := c.history.UpdateRef(ctx, req.Ref, func(r *controlapi.BuildHistoryRecord) error {
-			if req.Pinned == r.Pinned {
-				return nil
-			}
-			r.Pinned = req.Pinned
-			return nil
-		})
+	if req.Delete {
+		err := c.history.Delete(ctx, req.Ref)
 		return &controlapi.UpdateBuildHistoryResponse{}, err
 	}
 
-	err := c.history.Delete(ctx, req.Ref)
+	if req.Finalize {
+		err := c.history.Finalize(ctx, req.Ref)
+		return &controlapi.UpdateBuildHistoryResponse{}, err
+	}
+
+	err := c.history.UpdateRef(ctx, req.Ref, func(r *controlapi.BuildHistoryRecord) error {
+		if req.Pinned == r.Pinned {
+			return nil
+		}
+		r.Pinned = req.Pinned
+		return nil
+	})
 	return &controlapi.UpdateBuildHistoryResponse{}, err
 }
 
 
@@ -422,9 +422,13 @@ func (w *runcExecutor) Exec(ctx context.Context, id string, process executor.Pro
 	defer f.Close()
 
 	spec := &specs.Spec{}
-	if err := json.NewDecoder(f).Decode(spec); err != nil {
+	dec := json.NewDecoder(f)
+	if err := dec.Decode(spec); err != nil {
 		return err
 	}
+	if _, err := dec.Token(); !errors.Is(err, io.EOF) {
+		return errors.Errorf("unexpected data after JSON spec object")
+	}
 
 	if process.Meta.User != "" {
 		uid, gid, sgids, err := oci.GetUser(state.Rootfs, process.Meta.User)
@@ -610,9 +614,14 @@ func runcProcessHandle(ctx context.Context, killer procKiller) (*procHandle, con
 	go func() {
 		// Wait for pid
 		select {
-		case <-ctx.Done():
+		case <-p.ended:
 			return // nothing to kill
 		case <-p.ready:
+			select {
+			case <-p.ended:
+				return
+			default:
+			}
 		}
 
 		for {
 
@@ -3,6 +3,7 @@ package attestation
 import (
 	"context"
 	"encoding/json"
+	"io"
 	"os"
 	"path"
 	"strings"
@@ -141,6 +142,9 @@ func unbundle(root string, bundle exporter.Attestation) ([]exporter.Attestation,
 		if err := dec.Decode(&stmt); err != nil {
 			return nil, errors.Wrap(err, "cannot decode in-toto statement")
 		}
+		if _, err := dec.Token(); !errors.Is(err, io.EOF) {
+			return nil, errors.New("in-toto statement is not a single JSON object")
+		}
 		if bundle.InToto.PredicateType != "" && stmt.PredicateType != bundle.InToto.PredicateType {
 			return nil, errors.Errorf("bundle entry %s does not match required predicate type %s", stmt.PredicateType, bundle.InToto.PredicateType)
 		}
 
@@ -1354,7 +1354,7 @@ func dispatchCopy(d *dispatchState, cfg copyConfig) error {
 			return errors.New("checksum can't be specified for multiple sources")
 		}
 		if !isHTTPSource(cfg.params.SourcePaths[0]) {
-			return errors.New("checksum can't be specified for non-HTTP sources")
+			return errors.New("checksum can't be specified for non-HTTP(S) sources")
 		}
 	}
 
 
@@ -162,6 +162,6 @@ ADD --checksum=%s foo /tmp/foo
 				dockerui.DefaultLocalNameContext:    dir,
 			},
 		}, nil)
-		require.Error(t, err, "checksum can't be specified for non-HTTP sources")
+		require.Error(t, err, "checksum can't be specified for non-HTTP(S) sources")
 	})
 }
Original file line number	Diff line number	Diff line change
`@@ -211,6 +211,7 @@ message BuildHistoryRecord {`
`211`	`211`	`int32 numCachedSteps = 15;`
`212`	`212`	`int32 numTotalSteps = 16;`
`213`	`213`	`int32 numCompletedSteps = 17;`
	`214`	`+ Descriptor externalError = 18;`
`214`	`215`	`// TODO: tags`
`215`	`216`	`// TODO: unclipped logs`
`216`	`217`	`}`
`@@ -219,6 +220,7 @@ message UpdateBuildHistoryRequest {`
`219`	`220`	`string Ref = 1;`
`220`	`221`	`bool Pinned = 2;`
`221`	`222`	`bool Delete = 3;`
	`223`	`+ bool Finalize = 4;`
`222`	`224`	`}`
`223`	`225`
`224`	`226`	`message UpdateBuildHistoryResponse {}`
Original file line number	Diff line number	Diff line change
`@@ -408,6 +408,9 @@ func (s3Client s3Client) getManifest(ctx context.Context, key string, config v`
`408`	`408`	`if err := decoder.Decode(config); err != nil {`
`409`	`409`	`return false, errors.WithStack(err)`
`410`	`410`	`}`
	`411`	`+ if _, err := decoder.Token(); !errors.Is(err, io.EOF) {`
	`412`	`+ return false, errors.Errorf("unexpected data after JSON object")`
	`413`	`+ }`
`411`	`414`
`412`	`415`	`return true, nil`
`413`	`416`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1354,7 +1354,7 @@ func dispatchCopy(d *dispatchState, cfg copyConfig) error {`
`1354`	`1354`	`return errors.New("checksum can't be specified for multiple sources")`
`1355`	`1355`	`}`
`1356`	`1356`	`if !isHTTPSource(cfg.params.SourcePaths[0]) {`
`1357`		`- return errors.New("checksum can't be specified for non-HTTP sources")`
	`1357`	`+ return errors.New("checksum can't be specified for non-HTTP(S) sources")`
`1358`	`1358`	`}`
`1359`	`1359`	`}`
`1360`	`1360`
Original file line number	Diff line number	Diff line change
`@@ -162,6 +162,6 @@ ADD --checksum=%s foo /tmp/foo`
`162`	`162`	`dockerui.DefaultLocalNameContext: dir,`
`163`	`163`	`},`
`164`	`164`	`}, nil)`
`165`		`- require.Error(t, err, "checksum can't be specified for non-HTTP sources")`
	`165`	`+ require.Error(t, err, "checksum can't be specified for non-HTTP(S) sources")`
`166`	`166`	`})`
`167`	`167`	`}`