Trim the Domain Name from cached image references

This commit removes the Domain Name, if any, from the cached image
reference before computing the image fingerprint. This way the same
image, if stored in some oter mirror, is still seen as the same one.

Fixes #158

vendor/github.com/moby/buildkit/util/entitlements/security/security_linux.go

@@ -1,163 +0,0 @@
-package security
-
-import (
-	"context"
-	"fmt"
-	"os"
-
-	"github.com/containerd/containerd/containers"
-	"github.com/containerd/containerd/oci"
-	"github.com/opencontainers/runc/libcontainer/system"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
-)
-
-// WithInsecureSpec sets spec with All capability.
-func WithInsecureSpec() oci.SpecOpts {
-	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
-		addCaps := []string{
-			"CAP_FSETID",
-			"CAP_KILL",
-			"CAP_FOWNER",
-			"CAP_MKNOD",
-			"CAP_CHOWN",
-			"CAP_DAC_OVERRIDE",
-			"CAP_NET_RAW",
-			"CAP_SETGID",
-			"CAP_SETUID",
-			"CAP_SETPCAP",
-			"CAP_SETFCAP",
-			"CAP_NET_BIND_SERVICE",
-			"CAP_SYS_CHROOT",
-			"CAP_AUDIT_WRITE",
-			"CAP_MAC_ADMIN",
-			"CAP_MAC_OVERRIDE",
-			"CAP_DAC_READ_SEARCH",
-			"CAP_SYS_PTRACE",
-			"CAP_SYS_MODULE",
-			"CAP_SYSLOG",
-			"CAP_SYS_RAWIO",
-			"CAP_SYS_ADMIN",
-			"CAP_LINUX_IMMUTABLE",
-			"CAP_SYS_BOOT",
-			"CAP_SYS_NICE",
-			"CAP_SYS_PACCT",
-			"CAP_SYS_TTY_CONFIG",
-			"CAP_SYS_TIME",
-			"CAP_WAKE_ALARM",
-			"CAP_AUDIT_READ",
-			"CAP_AUDIT_CONTROL",
-			"CAP_SYS_RESOURCE",
-			"CAP_BLOCK_SUSPEND",
-			"CAP_IPC_LOCK",
-			"CAP_IPC_OWNER",
-			"CAP_LEASE",
-			"CAP_NET_ADMIN",
-			"CAP_NET_BROADCAST",
-		}
-		for _, cap := range addCaps {
-			s.Process.Capabilities.Bounding = append(s.Process.Capabilities.Bounding, cap)
-			s.Process.Capabilities.Ambient = append(s.Process.Capabilities.Ambient, cap)
-			s.Process.Capabilities.Effective = append(s.Process.Capabilities.Effective, cap)
-			s.Process.Capabilities.Inheritable = append(s.Process.Capabilities.Inheritable, cap)
-			s.Process.Capabilities.Permitted = append(s.Process.Capabilities.Permitted, cap)
-		}
-		s.Linux.ReadonlyPaths = []string{}
-		s.Linux.MaskedPaths = []string{}
-		s.Process.ApparmorProfile = ""
-
-		s.Linux.Resources.Devices = []specs.LinuxDeviceCgroup{
-			{
-				Allow:  true,
-				Type:   "c",
-				Access: "rwm",
-			},
-			{
-				Allow:  true,
-				Type:   "b",
-				Access: "rwm",
-			},
-		}
-
-		if !system.RunningInUserNS() {
-			// Devices automatically mounted on insecure mode
-			s.Linux.Devices = append(s.Linux.Devices, []specs.LinuxDevice{
-				// Writes to this come out as printk's, reads export the buffered printk records. (dmesg)
-				{
-					Path:  "/dev/kmsg",
-					Type:  "c",
-					Major: 1,
-					Minor: 11,
-				},
-				// Cuse (character device in user-space)
-				{
-					Path:  "/dev/cuse",
-					Type:  "c",
-					Major: 10,
-					Minor: 203,
-				},
-				// Fuse (virtual filesystem in user-space)
-				{
-					Path:  "/dev/fuse",
-					Type:  "c",
-					Major: 10,
-					Minor: 229,
-				},
-				// Kernel-based virtual machine (hardware virtualization extensions)
-				{
-					Path:  "/dev/kvm",
-					Type:  "c",
-					Major: 10,
-					Minor: 232,
-				},
-				// TAP/TUN network device
-				{
-					Path:  "/dev/net/tun",
-					Type:  "c",
-					Major: 10,
-					Minor: 200,
-				},
-				// Loopback control device
-				{
-					Path:  "/dev/loop-control",
-					Type:  "c",
-					Major: 10,
-					Minor: 237,
-				},
-			}...)
-
-			loopID, err := getFreeLoopID()
-			if err != nil {
-				logrus.Debugf("failed to get next free loop device: %v", err)
-			}
-
-			for i := 0; i <= loopID+7; i++ {
-				s.Linux.Devices = append(s.Linux.Devices, specs.LinuxDevice{
-					Path:  fmt.Sprintf("/dev/loop%d", i),
-					Type:  "b",
-					Major: 7,
-					Minor: int64(i),
-				})
-			}
-		}
-
-		return nil
-	}
-}
-
-func getFreeLoopID() (int, error) {
-	fd, err := os.OpenFile("/dev/loop-control", os.O_RDWR, 0644)
-	if err != nil {
-		return 0, err
-	}
-	defer fd.Close()
-
-	const _LOOP_CTL_GET_FREE = 0x4C82
-	r1, _, uerr := unix.Syscall(unix.SYS_IOCTL, fd.Fd(), _LOOP_CTL_GET_FREE, 0)
-	if uerr == 0 {
-		return int(r1), nil
-	}
-	return 0, errors.Errorf("error getting free loop device: %v", uerr)
-}

vendor/github.com/moby/buildkit/util/network/host.go

@@ -1,28 +0,0 @@
-package network
-
-import (
-	"github.com/containerd/containerd/oci"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-)
-
-func NewHostProvider() Provider {
-	return &host{}
-}
-
-type host struct {
-}
-
-func (h *host) New() (Namespace, error) {
-	return &hostNS{}, nil
-}
-
-type hostNS struct {
-}
-
-func (h *hostNS) Set(s *specs.Spec) {
-	oci.WithHostNamespace(specs.NetworkNamespace)(nil, nil, nil, s)
-}
-
-func (h *hostNS) Close() error {
-	return nil
-}

vendor/github.com/moby/buildkit/util/network/network.go

@@ -1,19 +0,0 @@
-package network
-
-import (
-	"io"
-
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-)
-
-// Provider interface for Network
-type Provider interface {
-	New() (Namespace, error)
-}
-
-// Namespace of network for workers
-type Namespace interface {
-	io.Closer
-	// Set the namespace on the spec
-	Set(*specs.Spec)
-}

vendor/github.com/moby/buildkit/util/network/none.go

@@ -1,26 +0,0 @@
-package network
-
-import (
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-)
-
-func NewNoneProvider() Provider {
-	return &none{}
-}
-
-type none struct {
-}
-
-func (h *none) New() (Namespace, error) {
-	return &noneNS{}, nil
-}
-
-type noneNS struct {
-}
-
-func (h *noneNS) Set(s *specs.Spec) {
-}
-
-func (h *noneNS) Close() error {
-	return nil
-}