moby
diff --git a/‎cache/contenthash/checksum.go‎
Lines changed: 12 additions & 8 deletions b/‎cache/contenthash/checksum.go‎
Lines changed: 12 additions & 8 deletions
diff --git a/‎cache/contenthash/checksum_test.go‎
Lines changed: 19 additions & 0 deletions b/‎cache/contenthash/checksum_test.go‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎frontend/dockerfile/exclude_patterns_test.go‎
Lines changed: 29 additions & 2 deletions b/‎frontend/dockerfile/exclude_patterns_test.go‎
Lines changed: 29 additions & 2 deletions
@@ -92,6 +92,7 @@ type includedPath struct {
 	included         bool
 	includeMatchInfo patternmatcher.MatchInfo
 	excludeMatchInfo patternmatcher.MatchInfo
+	followLinks      bool
 }
 
 type cacheManager struct {
@@ -431,17 +432,16 @@ func (cc *cacheContext) Checksum(ctx context.Context, mountable cache.Mountable,
 		return "", err
 	}
 
-	if opts.FollowLinks {
-		for i, w := range includedPaths {
-			if w.record.Type == CacheRecordTypeSymlink {
-				dgst, err := cc.lazyChecksum(ctx, m, w.path, opts.FollowLinks)
-				if err != nil {
-					return "", err
-				}
-				includedPaths[i].record = &CacheRecord{Digest: string(dgst)}
+	for i, w := range includedPaths {
+		if w.followLinks && w.record.Type == CacheRecordTypeSymlink {
+			dgst, err := cc.lazyChecksum(ctx, m, w.path, opts.FollowLinks)
+			if err != nil {
+				return "", err
 			}
+			includedPaths[i].record = &CacheRecord{Digest: string(dgst)}
 		}
 	}
+
 	if len(includedPaths) == 0 {
 		return digest.FromBytes([]byte{}), nil
 	}
@@ -597,6 +597,10 @@ func (cc *cacheContext) includedPaths(ctx context.Context, m *mount, p string, o
 		}
 
 		maybeIncludedPath := &includedPath{path: fn}
+		if parentDir == nil && opts.FollowLinks {
+			maybeIncludedPath.followLinks = true
+		}
+
 		var shouldInclude bool
 		if opts.Wildcard {
 			if p != "" && (lastMatchedDir == "" || !strings.HasPrefix(fn, lastMatchedDir+"/")) {
 
@@ -527,6 +527,25 @@ func TestSymlinksNoFollow(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, expectedSym, dgst)
 
+	expectedSym = digest.Digest("sha256:9b761577efcb1239cf4be971914c5d7404914dd32ff436401af1764dc5446b83")
+
+	// Broken symlink is not followed in subdirectory.
+	dgst, err = cc.Checksum(context.TODO(), ref, "foo", ChecksumOpts{FollowLinks: true}, nil)
+	require.NoError(t, err)
+	require.Equal(t, expectedSym, dgst)
+
+	expectedSym = digest.Digest("sha256:e14a98332f46b81993ff4a3b7898bb00fc3d245d84e4c42e57c9ee6b129c7c41")
+
+	// Same with wildcard used.
+	dgst, err = cc.Checksum(context.TODO(), ref, "fo?", ChecksumOpts{FollowLinks: true, Wildcard: true}, nil)
+	require.NoError(t, err)
+	require.Equal(t, expectedSym, dgst)
+
+	// Still works with exclude pattern.
+	dgst, err = cc.Checksum(context.TODO(), ref, "foo", ChecksumOpts{FollowLinks: true, ExcludePatterns: []string{"*.git"}}, nil)
+	require.NoError(t, err)
+	require.Equal(t, expectedSym, dgst)
+
 	err = ref.Release(context.TODO())
 	require.NoError(t, err)
 }
 
@@ -41,6 +41,7 @@ func testExcludedFilesOnCopy(t *testing.T, sb integration.Sandbox) {
 		fstest.CreateDir("dir1", fs.ModePerm),
 		fstest.CreateDir("dir2", fs.ModePerm),
 		fstest.CreateDir("dir3", fs.ModePerm),
+		fstest.CreateDir("dir4", fs.ModePerm),
 		fstest.CreateFile("dir1/file-101.png", []byte(`2`), 0600),
 		fstest.CreateFile("dir1/file-102.txt", []byte(`3`), 0600),
 		fstest.CreateFile("dir1/file-103.jpeg", []byte(`4`), 0600),
@@ -49,6 +50,9 @@ func testExcludedFilesOnCopy(t *testing.T, sb integration.Sandbox) {
 		fstest.CreateFile("dir2/file-203.png", []byte(`8`), 0600),
 		fstest.CreateFile("dir3/file-301.mp3", []byte(`9`), 0600),
 		fstest.CreateFile("dir3/file-302.mpeg", []byte(`10`), 0600),
+		fstest.CreateFile("dir4/file-401.txt", []byte(`11`), 0600),
+		fstest.Symlink("dir4/file-402.txt", "dir4/file-401.txt"),
+		fstest.Symlink("dir4/file-403.txt", "dir4/file-404.txt"),
 	)
 
 	runTest := func(dockerfile []byte, localMounts map[string]fsutil.FS) {
@@ -93,6 +97,9 @@ func testExcludedFilesOnCopy(t *testing.T, sb integration.Sandbox) {
 			{filename: "builder1/1/dir2/file-203.png", excluded: true},
 			{filename: "builder1/1/dir3/file-301.mp3", excluded: false, expectedContent: `9`},
 			{filename: "builder1/1/dir3/file-302.mpeg", excluded: false, expectedContent: `10`},
+			{filename: "builder1/1/dir4/file-401.txt", excluded: false, expectedContent: `11`},
+			{filename: "builder1/1/dir4/file-402.txt", excluded: false, expectedContent: `file-401.txt`},
+			{filename: "builder1/1/dir4/file-403.txt", excluded: false, expectedContent: `file-404.txt`},
 
 			// files copied with COPY command
 			{filename: "builder2/2/dir1/file-101.png", excluded: false, expectedContent: `2`},
@@ -103,6 +110,9 @@ func testExcludedFilesOnCopy(t *testing.T, sb integration.Sandbox) {
 			{filename: "builder2/2/dir2/file-203.png", excluded: false, expectedContent: `8`},
 			{filename: "builder2/2/dir3/file-301.mp3", excluded: false, expectedContent: `9`},
 			{filename: "builder2/2/dir3/file-302.mpeg", excluded: false, expectedContent: `10`},
+			{filename: "builder2/2/dir4/file-401.txt", excluded: true},
+			{filename: "builder2/2/dir4/file-402.txt", excluded: true},
+			{filename: "builder2/2/dir4/file-403.txt", excluded: true},
 
 			// Files copied with ADD command
 			{filename: "builder3/3/file-301.mp3", excluded: true},
@@ -118,6 +128,9 @@ func testExcludedFilesOnCopy(t *testing.T, sb integration.Sandbox) {
 			{filename: "builder4/4/file-301.mp3", excluded: true},
 			{filename: "builder4/4/file-301.mp3", excluded: true},
 			{filename: "builder4/4/file-302.mpeg", excluded: false, expectedContent: `10`},
+			{filename: "builder4/4/dir4/file-401.txt", excluded: true},
+			{filename: "builder4/4/dir4/file-402.txt", excluded: true},
+			{filename: "builder4/4/dir4/file-403.txt", excluded: true},
 
 			// Files copied with ADD wildcard
 			{filename: "builder5/5/file-101.png", excluded: true},
@@ -129,16 +142,30 @@ func testExcludedFilesOnCopy(t *testing.T, sb integration.Sandbox) {
 			{filename: "builder5/5/file-301.mp3", excluded: true},
 			{filename: "builder5/5/file-301.mp3", excluded: true},
 			{filename: "builder5/5/file-302.mpeg", excluded: true},
+			{filename: "builder5/5/dir4/file-401.txt", excluded: false, expectedContent: `11`},
+			{filename: "builder5/5/dir4/file-402.txt", excluded: false, expectedContent: `file-401.txt`},
+			{filename: "builder5/5/dir4/file-403.txt", excluded: false, expectedContent: `file-404.txt`},
 		}
 
 		for _, tc := range testCases {
-			dt, err := os.ReadFile(path.Join(destDir.Name, tc.filename))
+			fpath := path.Join(destDir.Name, tc.filename)
+
+			var dt []byte
+			st, err := os.Stat(fpath)
 			if tc.excluded {
 				require.Errorf(t, err, "File %s should not exist: %v", tc.filename, err)
 				continue
 			}
-
 			require.NoErrorf(t, err, 
7F09
"File %s should exist", tc.filename)
+
+			if st.Mode()&os.ModeSymlink != 0 {
+				target, err := os.Readlink(fpath)
+				require.NoErrorf(t, err, "Readlink %s should not error", tc.filename)
+				dt = []byte(target)
+			} else {
+				dt, err = os.ReadFile(fpath)
+				require.NoErrorf(t, err, "File %s should exist", tc.filename)
+			}
 			require.Equalf(t, tc.expectedContent, string(dt), "File %s does not have matched content", tc.filename)
 		}
Original file line number	Diff line number	Diff line change
`@@ -92,6 +92,7 @@ type includedPath struct {`
`92`	`92`	`included bool`
`93`	`93`	`includeMatchInfo patternmatcher.MatchInfo`
`94`	`94`	`excludeMatchInfo patternmatcher.MatchInfo`
	`95`	`+ followLinks bool`
`95`	`96`	`}`
`96`	`97`
`97`	`98`	`type cacheManager struct {`
`@@ -431,17 +432,16 @@ func (cc *cacheContext) Checksum(ctx context.Context, mountable cache.Mountable,`
`431`	`432`	`return "", err`
`432`	`433`	`}`
`433`	`434`
`434`		`- if opts.FollowLinks {`
`435`		`- for i, w := range includedPaths {`
`436`		`- if w.record.Type == CacheRecordTypeSymlink {`
`437`		`- dgst, err := cc.lazyChecksum(ctx, m, w.path, opts.FollowLinks)`
`438`		`- if err != nil {`
`439`		`- return "", err`
`440`		`- }`
`441`		`- includedPaths[i].record = &CacheRecord{Digest: string(dgst)}`
	`435`	`+ for i, w := range includedPaths {`
	`436`	`+ if w.followLinks && w.record.Type == CacheRecordTypeSymlink {`
	`437`	`+ dgst, err := cc.lazyChecksum(ctx, m, w.path, opts.FollowLinks)`
	`438`	`+ if err != nil {`
	`439`	`+ return "", err`
`442`	`440`	`}`
	`441`	`+ includedPaths[i].record = &CacheRecord{Digest: string(dgst)}`
`443`	`442`	`}`
`444`	`443`	`}`
	`444`	`+`
`445`	`445`	`if len(includedPaths) == 0 {`
`446`	`446`	`return digest.FromBytes([]byte{}), nil`
`447`	`447`	`}`
`@@ -597,6 +597,10 @@ func (cc cacheContext) includedPaths(ctx context.Context, m mount, p string, o`
`597`	`597`	`}`
`598`	`598`
`599`	`599`	`maybeIncludedPath := &includedPath{path: fn}`
	`600`	`+ if parentDir == nil && opts.FollowLinks {`
	`601`	`+ maybeIncludedPath.followLinks = true`
	`602`	`+ }`
	`603`	`+`
`600`	`604`	`var shouldInclude bool`
`601`	`605`	`if opts.Wildcard {`
`602`	`606`	`if p != "" && (lastMatchedDir == "" \|\| !strings.HasPrefix(fn, lastMatchedDir+"/")) {`