@@ -26,7 +26,7 @@ github.com/imdario/mergo v0.3.6

 golang.org/x/sync 1d60e4601c6fd243af51cc01ddf169918a5407ca

 # buildkit

-github.com/moby/buildkit e57eed420c7573ae44875be98fa877175b4677a1

+github.com/moby/buildkit 46f9075ab68a07df2c40ae6e240ce4f9392b3a66 git://github.com/tiborvass/buildkit.git

 github.com/tonistiigi/fsutil b19464cd1b6a00773b4f2eb7acf9c30426f9df42

 github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746

 github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7

@@ -35,6 +35,7 @@ import pb "github.com/moby/buildkit/solver/pb"

 import moby_buildkit_v1_types "github.com/moby/buildkit/api/types"

 import time "time"

+import github_com_moby_buildkit_util_entitlements "github.com/moby/buildkit/util/entitlements"

 import github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"

 import context "golang.org/x/net/context"

@@ -57,8 +58,10 @@ var _ = time.Kitchen

 const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package

 type PruneRequest struct {

-	Filter []string `protobuf:"bytes,1,rep,name=filter" json:"filter,omitempty"`

-	All    bool     `protobuf:"varint,2,opt,name=all,proto3" json:"all,omitempty"`

+	Filter       []string `protobuf:"bytes,1,rep,name=filter" json:"filter,omitempty"`

+	All          bool     `protobuf:"varint,2,opt,name=all,proto3" json:"all,omitempty"`

+	KeepDuration int64    `protobuf:"varint,3,opt,name=keepDuration,proto3" json:"keepDuration,omitempty"`

+	KeepBytes    int64    `protobuf:"varint,4,opt,name=keepBytes,proto3" json:"keepBytes,omitempty"`

 }

 func (m *PruneRequest) Reset()                    { *m = PruneRequest{} }

@@ -80,6 +83,20 @@ func (m *PruneRequest) GetAll() bool {

 	return false

 }

+func (m *PruneRequest) GetKeepDuration() int64 {

+	if m != nil {

+		return m.KeepDuration

+	}

+	return 0

+}

+

+func (m *PruneRequest) GetKeepBytes() int64 {

+	if m != nil {

+		return m.KeepBytes

+	}

+	return 0

+}

+

 type DiskUsageRequest struct {

 	Filter []string `protobuf:"bytes,1,rep,name=filter" json:"filter,omitempty"`

 }

@@ -209,14 +226,15 @@ func (m *UsageRecord) GetShared() bool {

 }

 type SolveRequest struct {

-	Ref           string            `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`

-	Definition    *pb.Definition    `protobuf:"bytes,2,opt,name=Definition" json:"Definition,omitempty"`

-	Exporter      string            `protobuf:"bytes,3,opt,name=Exporter,proto3" json:"Exporter,omitempty"`

-	ExporterAttrs map[string]string `protobuf:"bytes,4,rep,name=ExporterAttrs" json:"ExporterAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`

-	Session       string            `protobuf:"bytes,5,opt,name=Session,proto3" json:"Session,omitempty"`

-	Frontend      string            `protobuf:"bytes,6,opt,name=Frontend,proto3" json:"Frontend,omitempty"`

-	FrontendAttrs map[string]string `protobuf:"bytes,7,rep,name=FrontendAttrs" json:"FrontendAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`

-	Cache         CacheOptions      `protobuf:"bytes,8,opt,name=Cache" json:"Cache"`

+	Ref           string                                                   `protobuf:"bytes,1,opt,name=Ref,proto3" json:"Ref,omitempty"`

+	Definition    *pb.Definition                                           `protobuf:"bytes,2,opt,name=Definition" json:"Definition,omitempty"`

+	Exporter      string                                                   `protobuf:"bytes,3,opt,name=Exporter,proto3" json:"Exporter,omitempty"`

+	ExporterAttrs map[string]string                                        `protobuf:"bytes,4,rep,name=ExporterAttrs" json:"ExporterAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`

+	Session       string                                                   `protobuf:"bytes,5,opt,name=Session,proto3" json:"Session,omitempty"`

+	Frontend      string                                                   `protobuf:"bytes,6,opt,name=Frontend,proto3" json:"Frontend,omitempty"`

+	FrontendAttrs map[string]string                                        `protobuf:"bytes,7,rep,name=FrontendAttrs" json:"FrontendAttrs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`

+	Cache         CacheOptions                                             `protobuf:"bytes,8,opt,name=Cache" json:"Cache"`

+	Entitlements  []github_com_moby_buildkit_util_entitlements.Entitlement `protobuf:"bytes,9,rep,name=Entitlements,customtype=github.com/moby/buildkit/util/entitlements.Entitlement" json:"Entitlements,omitempty"`

 }

 func (m *SolveRequest) Reset()                    { *m = SolveRequest{} }

@@ -955,6 +973,16 @@ func (m *PruneRequest) MarshalTo(dAtA []byte) (int, error) {

 		}

 		i++

 	}

+	if m.KeepDuration != 0 {

+		dAtA[i] = 0x18

+		i++

+		i = encodeVarintControl(dAtA, i, uint64(m.KeepDuration))

+	}

+	if m.KeepBytes != 0 {

+		dAtA[i] = 0x20

+		i++

+		i = encodeVarintControl(dAtA, i, uint64(m.KeepBytes))

+	}

 	return i, nil

 }

@@ -1212,6 +1240,21 @@ func (m *SolveRequest) MarshalTo(dAtA []byte) (int, error) {

 		return 0, err

 	}

 	i += n4

+	if len(m.Entitlements) > 0 {

+		for _, s := range m.Entitlements {

+			dAtA[i] = 0x4a

+			i++

+			l = len(s)

+			for l >= 1<<7 {

+				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)

+				l >>= 7

+				i++

+			}

+			dAtA[i] = uint8(l)

+			i++

+			i += copy(dAtA[i:], s)

+		}

+	}

 	return i, nil

 }

@@ -1690,6 +1733,12 @@ func (m *PruneRequest) Size() (n int) {

 	if m.All {

 		n += 2

 	}

+	if m.KeepDuration != 0 {

+		n += 1 + sovControl(uint64(m.KeepDuration))

+	}

+	if m.KeepBytes != 0 {

+		n += 1 + sovControl(uint64(m.KeepBytes))

+	}

 	return n

 }

@@ -1801,6 +1850,12 @@ func (m *SolveRequest) Size() (n int) {

 	}

 	l = m.Cache.Size()

 	n += 1 + l + sovControl(uint64(l))

+	if len(m.Entitlements) > 0 {

+		for _, s := range m.Entitlements {

+			l = len(s)

+			n += 1 + l + sovControl(uint64(l))

+		}

+	}

 	return n

 }

@@ -2089,6 +2144,44 @@ func (m *PruneRequest) Unmarshal(dAtA []byte) error {

 				}

 			}

 			m.All = bool(v != 0)

+		case 3:

+			if wireType != 0 {

+				return fmt.Errorf("proto: wrong wireType = %d for field KeepDuration", wireType)

+			}

+			m.KeepDuration = 0

+			for shift := uint(0); ; shift += 7 {

+				if shift >= 64 {

+					return ErrIntOverflowControl

+				}

+				if iNdEx >= l {

+					return io.ErrUnexpectedEOF

+				}

+				b := dAtA[iNdEx]

+				iNdEx++

+				m.KeepDuration |= (int64(b) & 0x7F) << shift

+				if b < 0x80 {

+					break

+				}

+			}

+		case 4:

+			if wireType != 0 {

+				return fmt.Errorf("proto: wrong wireType = %d for field KeepBytes", wireType)

+			}

+			m.KeepBytes = 0

+			for shift := uint(0); ; shift += 7 {

+				if shift >= 64 {

+					return ErrIntOverflowControl

+				}

+				if iNdEx >= l {

+					return io.ErrUnexpectedEOF

+				}

+				b := dAtA[iNdEx]

+				iNdEx++

+				m.KeepBytes |= (int64(b) & 0x7F) << shift

+				if b < 0x80 {

+					break

+				}

+			}

 		default:

 			iNdEx = preIndex

 			skippy, err := skipControl(dAtA[iNdEx:])

@@ -3041,6 +3134,35 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error {

 				return err

 			}

 			iNdEx = postIndex

+		case 9:

+			if wireType != 2 {

+				return fmt.Errorf("proto: wrong wireType = %d for field Entitlements", wireType)

+			}

+			var stringLen uint64

+			for shift := uint(0); ; shift += 7 {

+				if shift >= 64 {

+					return ErrIntOverflowControl

+				}

+				if iNdEx >= l {

+					return io.ErrUnexpectedEOF

+				}

+				b := dAtA[iNdEx]

+				iNdEx++

+				stringLen |= (uint64(b) & 0x7F) << shift

+				if b < 0x80 {

+					break

+				}

+			}

+			intStringLen := int(stringLen)

+			if intStringLen < 0 {

+				return ErrInvalidLengthControl

+			}

+			postIndex := iNdEx + intStringLen

+			if postIndex > l {

+				return io.ErrUnexpectedEOF

+			}

+			m.Entitlements = append(m.Entitlements, github_com_moby_buildkit_util_entitlements.Entitlement(dAtA[iNdEx:postIndex]))

+			iNdEx = postIndex

 		default:

 			iNdEx = preIndex

 			skippy, err := skipControl(dAtA[iNdEx:])

@@ -4709,81 +4831,85 @@ var (

 func init() { proto.RegisterFile("control.proto", fileDescriptorControl) }

 var fileDescriptorControl = []byte{

-	// 1206 bytes of a gzipped FileDescriptorProto

-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x56, 0x4f, 0x6f, 0x1b, 0x45,

-	0x14, 0x67, 0x6d, 0xc7, 0x7f, 0x9e, 0x9d, 0x2a, 0x0c, 0x50, 0xad, 0x16, 0x48, 0xcc, 0x02, 0x92,

-	0x55, 0xb5, 0xbb, 0x6d, 0xa0, 0x52, 0x15, 0xa1, 0xaa, 0x75, 0x5c, 0x44, 0xaa, 0x44, 0x94, 0x75,

-	0x42, 0x25, 0x6e, 0x6b, 0x7b, 0xe2, 0xac, 0xb2, 0xde, 0x59, 0x66, 0x66, 0x43, 0xcd, 0xa7, 0xe0,

-	0xc0, 0x37, 0xe1, 0xc0, 0x27, 0x40, 0xea, 0x91, 0x33, 0x87, 0x14, 0xe5, 0x0e, 0x77, 0x6e, 0x68,

-	0xfe, 0xac, 0x3d, 0x8e, 0x9d, 0x38, 0x49, 0x4f, 0x99, 0x37, 0xf9, 0xbd, 0x9f, 0xdf, 0x7b, 0xbf,

-	0xb7, 0xf3, 0x1e, 0xac, 0xf6, 0x49, 0xc2, 0x29, 0x89, 0xbd, 0x94, 0x12, 0x4e, 0xd0, 0xda, 0x88,

-	0xf4, 0xc6, 0x5e, 0x2f, 0x8b, 0xe2, 0xc1, 0x71, 0xc4, 0xbd, 0x93, 0x07, 0xce, 0xbd, 0x61, 0xc4,

-	0x8f, 0xb2, 0x9e, 0xd7, 0x27, 0x23, 0x7f, 0x48, 0x86, 0xc4, 0x97, 0xc0, 0x5e, 0x76, 0x28, 0x2d,

-	0x69, 0xc8, 0x93, 0x22, 0x70, 0x36, 0x86, 0x84, 0x0c, 0x63, 0x3c, 0x45, 0xf1, 0x68, 0x84, 0x19,

-	0x0f, 0x47, 0xa9, 0x06, 0xdc, 0x35, 0xf8, 0xc4, 0x8f, 0xf9, 0xf9, 0x8f, 0xf9, 0x8c, 0xc4, 0x27,

-	0x98, 0xfa, 0x69, 0xcf, 0x27, 0x29, 0xd3, 0x68, 0xff, 0x42, 0x74, 0x98, 0x46, 0x3e, 0x1f, 0xa7,

-	0x98, 0xf9, 0x3f, 0x11, 0x7a, 0x8c, 0xa9, 0x72, 0x70, 0x1f, 0x41, 0xe3, 0x05, 0xcd, 0x12, 0x1c,

-	0xe0, 0x1f, 0x33, 0xcc, 0x38, 0xba, 0x0d, 0xe5, 0xc3, 0x28, 0xe6, 0x98, 0xda, 0x56, 0xb3, 0xd8,

-	0xaa, 0x05, 0xda, 0x42, 0x6b, 0x50, 0x0c, 0xe3, 0xd8, 0x2e, 0x34, 0xad, 0x56, 0x35, 0x10, 0x47,

-	0xf7, 0x0e, 0xac, 0x75, 0x22, 0x76, 0x7c, 0xc0, 0xc2, 0xe1, 0x32, 0x6f, 0xf7, 0x39, 0xbc, 0x6b,

-	0x60, 0x59, 0x4a, 0x12, 0x86, 0xd1, 0x43, 0x28, 0x53, 0xdc, 0x27, 0x74, 0x20, 0xc1, 0xf5, 0xcd,

-	0x8f, 0xbd, 0xf3, 0xc5, 0xf4, 0xb4, 0x83, 0x00, 0x05, 0x1a, 0xec, 0xfe, 0x57, 0x80, 0xba, 0x71,

-	0x8f, 0x6e, 0x41, 0x61, 0xa7, 0x63, 0x5b, 0x4d, 0xab, 0x55, 0x0b, 0x0a, 0x3b, 0x1d, 0x64, 0x43,

-	0x65, 0x2f, 0xe3, 0x61, 0x2f, 0xc6, 0x3a, 0xda, 0xdc, 0x44, 0xef, 0xc3, 0xca, 0x4e, 0x72, 0xc0,

-	0xb0, 0x5d, 0x94, 0xf7, 0xca, 0x40, 0x08, 0x4a, 0xdd, 0xe8, 0x67, 0x6c, 0x97, 0x9a, 0x56, 0xab,

-	0x18, 0xc8, 0xb3, 0xc8, 0xe3, 0x45, 0x48, 0x71, 0xc2, 0xed, 0x15, 0xc9, 0xab, 0x2d, 0xd4, 0x86,

-	0xda, 0x36, 0xc5, 0x21, 0xc7, 0x83, 0xa7, 0xdc, 0x2e, 0x37, 0xad, 0x56, 0x7d, 0xd3, 0xf1, 0x94,

-	0x82, 0x5e, 0xae, 0xa0, 0xb7, 0x9f, 0x2b, 0xd8, 0xae, 0xbe, 0x3e, 0xdd, 0x78, 0xe7, 0x97, 0x37,

-	0x1b, 0x56, 0x30, 0x75, 0x43, 0x4f, 0x00, 0x76, 0x43, 0xc6, 0x0f, 0x98, 0x24, 0xa9, 0x2c, 0x25,

-	0x29, 0x49, 0x02, 0xc3, 0x07, 0xad, 0x03, 0xc8, 0x02, 0x6c, 0x93, 0x2c, 0xe1, 0x76, 0x55, 0xc6,

-	0x6d, 0xdc, 0xa0, 0x26, 0xd4, 0x3b, 0x98, 0xf5, 0x69, 0x94, 0xf2, 0x88, 0x24, 0x76, 0x4d, 0xa6,

-	0x60, 0x5e, 0x09, 0x06, 0x55, 0xbd, 0xfd, 0x71, 0x8a, 0x6d, 0x90, 0x00, 0xe3, 0x46, 0xe4, 0xdf,

-	0x3d, 0x0a, 0x29, 0x1e, 0xd8, 0x75, 0x59, 0x2a, 0x6d, 0xb9, 0xbf, 0x96, 0xa0, 0xd1, 0x15, 0x6d,

-	0x97, 0x0b, 0xbe, 0x06, 0xc5, 0x00, 0x1f, 0xea, 0xea, 0x8b, 0x23, 0xf2, 0x00, 0x3a, 0xf8, 0x30,

-	0x4a, 0x22, 0xf9, 0xdb, 0x05, 0x99, 0xde, 0x2d, 0x2f, 0xed, 0x79, 0xd3, 0xdb, 0xc0, 0x40, 0x20,

-	0x07, 0xaa, 0xcf, 0x5e, 0xa5, 0x84, 0x8a, 0xa6, 0x29, 0x4a, 0x9a, 0x89, 0x8d, 0x5e, 0xc2, 0x6a,

-	0x7e, 0x7e, 0xca, 0x39, 0x65, 0x76, 0x49, 0x36, 0xca, 0x83, 0xf9, 0x46, 0x31, 0x83, 0xf2, 0x66,

-	0x7c, 0x9e, 0x25, 0x9c, 0x8e, 0x83, 0x59, 0x1e, 0xd1, 0x23, 0x5d, 0xcc, 0x98, 0x88, 0x50, 0x09,

-	0x9c, 0x9b, 0x22, 0x9c, 0xaf, 0x29, 0x49, 0x38, 0x4e, 0x06, 0x52, 0xe0, 0x5a, 0x30, 0xb1, 0x45,

-	0x38, 0xf9, 0x59, 0x85, 0x53, 0xb9, 0x52, 0x38, 0x33, 0x3e, 0x3a, 0x9c, 0x99, 0x3b, 0xb4, 0x05,

-	0x2b, 0xdb, 0x61, 0xff, 0x08, 0x4b, 0x2d, 0xeb, 0x9b, 0xeb, 0xf3, 0x84, 0xf2, 0xdf, 0xdf, 0x4a,

-	0xf1, 0x58, 0xbb, 0x24, 0xda, 0x2a, 0x50, 0x2e, 0xce, 0x13, 0x40, 0xf3, 0xf9, 0x0a, 0x5d, 0x8e,

-	0xf1, 0x38, 0xd7, 0xe5, 0x18, 0x8f, 0x45, 0xf3, 0x9f, 0x84, 0x71, 0xa6, 0x3e, 0x8a, 0x5a, 0xa0,

-	0x8c, 0xad, 0xc2, 0x23, 0x4b, 0x30, 0xcc, 0x87, 0x78, 0x1d, 0x06, 0xf7, 0x8d, 0x05, 0x0d, 0x33,

-	0x42, 0xf4, 0x11, 0xd4, 0x54, 0x50, 0xd3, 0xe6, 0x98, 0x5e, 0x88, 0xee, 0xdb, 0x19, 0x69, 0x83,

-	0xd9, 0x05, 0xf9, 0x52, 0x18, 0x37, 0xe8, 0x3b, 0xa8, 0x2b, 0xb0, 0xaa, 0x72, 0x51, 0x56, 0xd9,

-	0xbf, 0xbc, 0x28, 0x9e, 0xe1, 0xa1, 0x6a, 0x6c, 0x72, 0x38, 0x8f, 0x61, 0xed, 0x3c, 0xe0, 0x5a,

-	0x19, 0xfe, 0x6e, 0xc1, 0xaa, 0x16, 0x55, 0xbf, 0x5e, 0x61, 0xce, 0x88, 0x69, 0x7e, 0xa7, 0xdf,

-	0xb1, 0x87, 0x17, 0xf6, 0x83, 0x82, 0x79, 0xe7, 0xfd, 0x54, 0xbc, 0x73, 0x74, 0xce, 0x36, 0x7c,

-	0xb0, 0x10, 0x7a, 0xad, 0xc8, 0x3f, 0x81, 0xd5, 0x2e, 0x0f, 0x79, 0xc6, 0x2e, 0xfc, 0x64, 0xdd,

-	0xdf, 0x2c, 0xb8, 0x95, 0x63, 0x74, 0x76, 0x5f, 0x42, 0xf5, 0x04, 0x53, 0x8e, 0x5f, 0x61, 0xa6,

-	0xb3, 0xb2, 0xe7, 0xb3, 0xfa, 0x5e, 0x22, 0x82, 0x09, 0x12, 0x6d, 0x41, 0x95, 0x49, 0x1e, 0xac,

-	0x64, 0x5d, 0xd8, 0xca, 0xca, 0x4b, 0xff, 0xde, 0x04, 0x8f, 0x7c, 0x28, 0xc5, 0x64, 0x98, 0xab,

-	0xfd, 0xe1, 0x45, 0x7e, 0xbb, 0x64, 0x18, 0x48, 0xa0, 0x7b, 0x5a, 0x80, 0xb2, 0xba, 0x43, 0xcf,

-	0xa1, 0x3c, 0x88, 0x86, 0x98, 0x71, 0x95, 0x55, 0x7b, 0x53, 0x7c, 0x20, 0x7f, 0x9d, 0x6e, 0xdc,

-	0x31, 0xa6, 0x21, 0x49, 0x71, 0x22, 0x66, 0x77, 0x18, 0x25, 0x98, 0x32, 0x7f, 0x48, 0xee, 0x29,

-	0x17, 0xaf, 0x23, 0xff, 0x04, 0x9a, 0x41, 0x70, 0x45, 0x49, 0x9a, 0x71, 0xdd, 0x98, 0x37, 0xe3,

-	0x52, 0x0c, 0x62, 0xb4, 0x24, 0xe1, 0x08, 0xeb, 0x77, 0x4d, 0x9e, 0xc5, 0xd3, 0xda, 0x17, 0x7d,

-	0x3b, 0x90, 0x03, 0xa7, 0x1a, 0x68, 0x0b, 0x6d, 0x41, 0x85, 0xf1, 0x90, 0x72, 0x3c, 0x90, 0x4f,

-	0xd2, 0x55, 0x66, 0x42, 0xee, 0x80, 0x1e, 0x43, 0xad, 0x4f, 0x46, 0x69, 0x8c, 0x85, 0x77, 0xf9,

-	0x8a, 0xde, 0x53, 0x17, 0xd1, 0x3d, 0x98, 0x52, 0x42, 0xe5, 0x34, 0xaa, 0x05, 0xca, 0x70, 0xff,

-	0x2d, 0x40, 0xc3, 0x14, 0x6b, 0x6e, 0xd2, 0x3e, 0x87, 0xb2, 0x92, 0x5e, 0x75, 0xdd, 0xcd, 0x4a,

-	0xa5, 0x18, 0x16, 0x96, 0xca, 0x86, 0x4a, 0x3f, 0xa3, 0x72, 0x0c, 0xab, 0xe1, 0x9c, 0x9b, 0x22,

-	0x60, 0x4e, 0x78, 0x18, 0xcb, 0x52, 0x15, 0x03, 0x65, 0x88, 0xe9, 0x3c, 0xd9, 0x9e, 0xae, 0x37,

-	0x9d, 0x27, 0x6e, 0xa6, 0x0c, 0x95, 0xb7, 0x92, 0xa1, 0x7a, 0x6d, 0x19, 0xdc, 0x3f, 0x2c, 0xa8,

-	0x4d, 0xba, 0xdc, 0xa8, 0xae, 0xf5, 0xd6, 0xd5, 0x9d, 0xa9, 0x4c, 0xe1, 0x66, 0x95, 0xb9, 0x0d,

-	0x65, 0xc6, 0x29, 0x0e, 0x47, 0x52, 0xa3, 0x62, 0xa0, 0x2d, 0xf1, 0x9e, 0x8c, 0xd8, 0x50, 0x2a,

-	0xd4, 0x08, 0xc4, 0xd1, 0x75, 0xa1, 0xd1, 0x1e, 0x73, 0xcc, 0xf6, 0x30, 0x13, 0x4b, 0x89, 0xd0,

-	0x76, 0x10, 0xf2, 0x50, 0xe6, 0xd1, 0x08, 0xe4, 0xd9, 0xbd, 0x0b, 0x68, 0x37, 0x62, 0xfc, 0xa5,

-	0xdc, 0x45, 0xd9, 0xb2, 0xfd, 0xb1, 0x0b, 0xef, 0xcd, 0xa0, 0xf5, 0x2b, 0xf5, 0xd5, 0xb9, 0x0d,

-	0xf2, 0xb3, 0xf9, 0x57, 0x43, 0xae, 0xbc, 0x9e, 0x72, 0x9c, 0x5d, 0x24, 0x37, 0xff, 0x29, 0x42,

-	0x65, 0x5b, 0x6d, 0xf3, 0x68, 0x1f, 0x6a, 0x93, 0x05, 0x15, 0xb9, 0xf3, 0x34, 0xe7, 0x37, 0x5d,

-	0xe7, 0xd3, 0x4b, 0x31, 0x3a, 0xbe, 0x6f, 0x60, 0x45, 0x2e, 0xd7, 0x68, 0xc1, 0x33, 0x68, 0x6e,

-	0xdd, 0xce, 0xe5, 0xab, 0xef, 0x7d, 0x4b, 0x30, 0xc9, 0x19, 0xb2, 0x88, 0xc9, 0x5c, 0x36, 0x9c,

-	0x8d, 0x25, 0xc3, 0x07, 0xed, 0x41, 0x59, 0x7f, 0xce, 0x8b, 0xa0, 0xe6, 0xa4, 0x70, 0x9a, 0x17,

-	0x03, 0x14, 0xd9, 0x7d, 0x0b, 0xed, 0x4d, 0x36, 0xa9, 0x45, 0xa1, 0x99, 0x6d, 0xe0, 0x2c, 0xf9,

-	0x7f, 0xcb, 0xba, 0x6f, 0xa1, 0x1f, 0xa0, 0x6e, 0x08, 0x8d, 0x16, 0x08, 0x3a, 0xdf, 0x35, 0xce,

-	0xe7, 0x4b, 0x50, 0x2a, 0xd8, 0x76, 0xe3, 0xf5, 0xd9, 0xba, 0xf5, 0xe7, 0xd9, 0xba, 0xf5, 0xf7,

-	0xd9, 0xba, 0xd5, 0x2b, 0xcb, 0xbe, 0xff, 0xe2, 0xff, 0x00, 0x00, 0x00, 0xff, 0xff, 0x10, 0x8f,

-	0x03, 0xa4, 0xd1, 0x0d, 0x00, 0x00,

+	// 1279 bytes of a gzipped FileDescriptorProto

+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x57, 0x4f, 0x6f, 0x1b, 0x45,

+	0x14, 0xef, 0xda, 0x89, 0xed, 0x7d, 0x76, 0xaa, 0x30, 0x40, 0xb5, 0x5a, 0x20, 0x31, 0x0b, 0x48,

+	0x56, 0xd5, 0xee, 0xb6, 0x81, 0x22, 0x14, 0xa1, 0xaa, 0x75, 0x5c, 0x44, 0xaa, 0x46, 0x94, 0x49,

+	0x4b, 0x25, 0x0e, 0x48, 0x6b, 0x7b, 0xe2, 0xae, 0xb2, 0xde, 0x59, 0x66, 0x66, 0x43, 0xcd, 0x07,

+	0xe0, 0xcc, 0x77, 0xe1, 0xc0, 0x27, 0x40, 0xea, 0x91, 0x73, 0x0f, 0x29, 0xea, 0x1d, 0x4e, 0x5c,

+	0xb8, 0xa1, 0xf9, 0xb3, 0xce, 0x38, 0x76, 0xea, 0xa6, 0x3d, 0x65, 0xde, 0xe4, 0xf7, 0x7e, 0xfb,

+	0xfe, 0xcd, 0x7b, 0xcf, 0xb0, 0x36, 0xa0, 0x99, 0x60, 0x34, 0x0d, 0x73, 0x46, 0x05, 0x45, 0xeb,

+	0x63, 0xda, 0x9f, 0x84, 0xfd, 0x22, 0x49, 0x87, 0x87, 0x89, 0x08, 0x8f, 0xae, 0xfb, 0x57, 0x47,

+	0x89, 0x78, 0x5c, 0xf4, 0xc3, 0x01, 0x1d, 0x47, 0x23, 0x3a, 0xa2, 0x91, 0x02, 0xf6, 0x8b, 0x03,

+	0x25, 0x29, 0x41, 0x9d, 0x34, 0x81, 0xbf, 0x39, 0xa2, 0x74, 0x94, 0x92, 0x13, 0x94, 0x48, 0xc6,

+	0x84, 0x8b, 0x78, 0x9c, 0x1b, 0xc0, 0x15, 0x8b, 0x4f, 0x7e, 0x2c, 0x2a, 0x3f, 0x16, 0x71, 0x9a,

+	0x1e, 0x11, 0x16, 0xe5, 0xfd, 0x88, 0xe6, 0xdc, 0xa0, 0xa3, 0x33, 0xd1, 0x71, 0x9e, 0x44, 0x62,

+	0x92, 0x13, 0x1e, 0xfd, 0x44, 0xd9, 0x21, 0x61, 0x5a, 0x21, 0xf8, 0xc5, 0x81, 0xd6, 0x7d, 0x56,

+	0x64, 0x04, 0x93, 0x1f, 0x0b, 0xc2, 0x05, 0xba, 0x04, 0xb5, 0x83, 0x24, 0x15, 0x84, 0x79, 0x4e,

+	0xbb, 0xda, 0x71, 0xb1, 0x91, 0xd0, 0x3a, 0x54, 0xe3, 0x34, 0xf5, 0x2a, 0x6d, 0xa7, 0xd3, 0xc0,

+	0xf2, 0x88, 0x3a, 0xd0, 0x3a, 0x24, 0x24, 0xef, 0x15, 0x2c, 0x16, 0x09, 0xcd, 0xbc, 0x6a, 0xdb,

+	0xe9, 0x54, 0xbb, 0x2b, 0x4f, 0x8f, 0x37, 0x1d, 0x3c, 0xf3, 0x1f, 0x14, 0x80, 0x2b, 0xe5, 0xee,

+	0x44, 0x10, 0xee, 0xad, 0x58, 0xb0, 0x93, 0xeb, 0xe0, 0x32, 0xac, 0xf7, 0x12, 0x7e, 0xf8, 0x90,

+	0xc7, 0xa3, 0x65, 0xb6, 0x04, 0x77, 0xe1, 0x2d, 0x0b, 0xcb, 0x73, 0x9a, 0x71, 0x82, 0x6e, 0x40,

+	0x8d, 0x91, 0x01, 0x65, 0x43, 0x05, 0x6e, 0x6e, 0x7d, 0x10, 0x9e, 0xce, 0x4d, 0x68, 0x14, 0x24,

+	0x08, 0x1b, 0x70, 0xf0, 0x5f, 0x05, 0x9a, 0xd6, 0x3d, 0xba, 0x08, 0x95, 0xdd, 0x9e, 0xe7, 0xb4,

+	0x9d, 0x8e, 0x8b, 0x2b, 0xbb, 0x3d, 0xe4, 0x41, 0x7d, 0xaf, 0x10, 0x71, 0x3f, 0x25, 0xc6, 0xf7,

+	0x52, 0x44, 0xef, 0xc0, 0xea, 0x6e, 0xf6, 0x90, 0x13, 0xe5, 0x78, 0x03, 0x6b, 0x01, 0x21, 0x58,

+	0xd9, 0x4f, 0x7e, 0x26, 0xda, 0x4d, 0xac, 0xce, 0xd2, 0x8f, 0xfb, 0x31, 0x23, 0x99, 0xf0, 0x56,

+	0x15, 0xaf, 0x91, 0x50, 0x17, 0xdc, 0x1d, 0x46, 0x62, 0x41, 0x86, 0xb7, 0x85, 0x57, 0x6b, 0x3b,

+	0x9d, 0xe6, 0x96, 0x1f, 0xea, 0x82, 0x08, 0xcb, 0x82, 0x08, 0x1f, 0x94, 0x05, 0xd1, 0x6d, 0x3c,

+	0x3d, 0xde, 0xbc, 0xf0, 0xeb, 0x73, 0x19, 0xb7, 0xa9, 0x1a, 0xba, 0x05, 0x70, 0x2f, 0xe6, 0xe2,

+	0x21, 0x57, 0x24, 0xf5, 0xa5, 0x24, 0x2b, 0x8a, 0xc0, 0xd2, 0x41, 0x1b, 0x00, 0x2a, 0x00, 0x3b,

+	0xb4, 0xc8, 0x84, 0xd7, 0x50, 0x76, 0x5b, 0x37, 0xa8, 0x0d, 0xcd, 0x1e, 0xe1, 0x03, 0x96, 0xe4,

+	0x2a, 0xcd, 0xae, 0x72, 0xc1, 0xbe, 0x92, 0x0c, 0x3a, 0x7a, 0x0f, 0x26, 0x39, 0xf1, 0x40, 0x01,

+	0xac, 0x1b, 0xe9, 0xff, 0xfe, 0xe3, 0x98, 0x91, 0xa1, 0xd7, 0x54, 0xa1, 0x32, 0x52, 0xf0, 0xef,

+	0x0a, 0xb4, 0xf6, 0x65, 0x15, 0x97, 0x09, 0x5f, 0x87, 0x2a, 0x26, 0x07, 0x26, 0xfa, 0xf2, 0x88,

+	0x42, 0x80, 0x1e, 0x39, 0x48, 0xb2, 0x44, 0x7d, 0xbb, 0xa2, 0xdc, 0xbb, 0x18, 0xe6, 0xfd, 0xf0,

+	0xe4, 0x16, 0x5b, 0x08, 0xe4, 0x43, 0xe3, 0xce, 0x93, 0x9c, 0x32, 0x59, 0x34, 0x55, 0x45, 0x33,

+	0x95, 0xd1, 0x23, 0x58, 0x2b, 0xcf, 0xb7, 0x85, 0x60, 0xb2, 0x14, 0x65, 0xa1, 0x5c, 0x9f, 0x2f,

+	0x14, 0xdb, 0xa8, 0x70, 0x46, 0xe7, 0x4e, 0x26, 0xd8, 0x04, 0xcf, 0xf2, 0xc8, 0x1a, 0xd9, 0x27,

+	0x9c, 0x4b, 0x0b, 0x75, 0x82, 0x4b, 0x51, 0x9a, 0xf3, 0x15, 0xa3, 0x99, 0x20, 0xd9, 0x50, 0x25,

+	0xd8, 0xc5, 0x53, 0x59, 0x9a, 0x53, 0x9e, 0xb5, 0x39, 0xf5, 0x57, 0x32, 0x67, 0x46, 0xc7, 0x98,

+	0x33, 0x73, 0x87, 0xb6, 0x61, 0x75, 0x27, 0x1e, 0x3c, 0x26, 0x2a, 0x97, 0xcd, 0xad, 0x8d, 0x79,

+	0x42, 0xf5, 0xef, 0x6f, 0x54, 0xf2, 0xb8, 0x7a, 0x8a, 0x17, 0xb0, 0x56, 0x41, 0x3f, 0x40, 0xeb,

+	0x4e, 0x26, 0x12, 0x91, 0x92, 0x31, 0xc9, 0x04, 0xf7, 0x5c, 0xf9, 0xf0, 0xba, 0xdb, 0xcf, 0x8e,

+	0x37, 0x3f, 0x3f, 0xb3, 0xb5, 0x14, 0x22, 0x49, 0x23, 0x62, 0x69, 0x85, 0x16, 0x05, 0x9e, 0xe1,

+	0xf3, 0x6f, 0x01, 0x9a, 0x8f, 0xa7, 0xcc, 0xfb, 0x21, 0x99, 0x94, 0x79, 0x3f, 0x24, 0x13, 0xf9,

+	0xb8, 0x8e, 0xe2, 0xb4, 0xd0, 0x8f, 0xce, 0xc5, 0x5a, 0xd8, 0xae, 0x7c, 0xe1, 0x48, 0x86, 0xf9,

+	0x10, 0x9c, 0x87, 0x21, 0x78, 0xee, 0x40, 0xcb, 0x8e, 0x00, 0x7a, 0x1f, 0x5c, 0x6d, 0xd4, 0x49,

+	0xf1, 0x9d, 0x5c, 0xc8, 0xea, 0xde, 0x1d, 0x1b, 0x81, 0x7b, 0x15, 0xd5, 0x89, 0xac, 0x1b, 0xf4,

+	0x2d, 0x34, 0x35, 0x58, 0x67, 0xb1, 0xaa, 0xb2, 0x18, 0xbd, 0x3c, 0xe8, 0xa1, 0xa5, 0xa1, 0x73,

+	0x68, 0x73, 0xf8, 0x37, 0x61, 0xfd, 0x34, 0xe0, 0x5c, 0x1e, 0xfe, 0xee, 0xc0, 0x9a, 0x29, 0x1a,

+	0xd3, 0x1d, 0xe3, 0x92, 0x91, 0xb0, 0xf2, 0xce, 0xf4, 0xc9, 0x1b, 0x67, 0xd6, 0x9b, 0x86, 0x85,

+	0xa7, 0xf5, 0xb4, 0xbd, 0x73, 0x74, 0xfe, 0x0e, 0xbc, 0xbb, 0x10, 0x7a, 0x2e, 0xcb, 0x3f, 0x84,

+	0xb5, 0x7d, 0x11, 0x8b, 0x82, 0x9f, 0xd9, 0x12, 0x82, 0xdf, 0x1c, 0xb8, 0x58, 0x62, 0x8c, 0x77,

+	0x9f, 0x41, 0xe3, 0x88, 0x30, 0x41, 0x9e, 0x10, 0x6e, 0xbc, 0xf2, 0xe6, 0xbd, 0xfa, 0x4e, 0x21,

+	0xf0, 0x14, 0x89, 0xb6, 0xa1, 0xc1, 0x15, 0x0f, 0xd1, 0x69, 0x5d, 0xf8, 0x54, 0xb4, 0x96, 0xf9,

+	0xde, 0x14, 0x8f, 0x22, 0x58, 0x49, 0xe9, 0xa8, 0xcc, 0xf6, 0x7b, 0x67, 0xe9, 0xdd, 0xa3, 0x23,

+	0xac, 0x80, 0xc1, 0x71, 0x05, 0x6a, 0xfa, 0x0e, 0xdd, 0x85, 0xda, 0x30, 0x19, 0x11, 0x2e, 0xb4,

+	0x57, 0xdd, 0x2d, 0xf9, 0x00, 0x9f, 0x1d, 0x6f, 0x5e, 0xb6, 0x5e, 0x18, 0xcd, 0x49, 0x26, 0x57,

+	0x8d, 0x38, 0xc9, 0x08, 0xe3, 0xd1, 0x88, 0x5e, 0xd5, 0x2a, 0x61, 0x4f, 0xfd, 0xc1, 0x86, 0x41,

+	0x72, 0x25, 0x59, 0x5e, 0x08, 0x53, 0x98, 0xaf, 0xc7, 0xa5, 0x19, 0xe4, 0xe8, 0xca, 0xe2, 0x31,

+	0x31, 0x7d, 0x53, 0x9d, 0x65, 0xeb, 0x1e, 0xc8, 0xba, 0x1d, 0xaa, 0x81, 0xd6, 0xc0, 0x46, 0x42,

+	0xdb, 0x50, 0xe7, 0x22, 0x66, 0x82, 0x0c, 0x55, 0xcb, 0x7b, 0x95, 0x99, 0x53, 0x2a, 0xa0, 0x9b,

+	0xe0, 0x0e, 0xe8, 0x38, 0x4f, 0x89, 0xd4, 0xae, 0xbd, 0xa2, 0xf6, 0x89, 0x8a, 0xac, 0x1e, 0xc2,

+	0x18, 0x65, 0x6a, 0xda, 0xb9, 0x58, 0x0b, 0xc1, 0x3f, 0x15, 0x68, 0xd9, 0xc9, 0x9a, 0x9b, 0xe4,

+	0x77, 0xa1, 0xa6, 0x53, 0xaf, 0xab, 0xee, 0xf5, 0x42, 0xa5, 0x19, 0x16, 0x86, 0xca, 0x83, 0xfa,

+	0xa0, 0x60, 0x6a, 0xcc, 0xeb, 0xe1, 0x5f, 0x8a, 0xd2, 0x60, 0x41, 0x45, 0x9c, 0xaa, 0x50, 0x55,

+	0xb1, 0x16, 0xe4, 0xf4, 0x9f, 0x2e, 0x7b, 0xe7, 0x9b, 0xfe, 0x53, 0x35, 0x3b, 0x0d, 0xf5, 0x37,

+	0x4a, 0x43, 0xe3, 0xdc, 0x69, 0x08, 0xfe, 0x70, 0xc0, 0x9d, 0x56, 0xb9, 0x15, 0x5d, 0xe7, 0x8d,

+	0xa3, 0x3b, 0x13, 0x99, 0xca, 0xeb, 0x45, 0xe6, 0x12, 0xd4, 0xb8, 0x60, 0x24, 0x1e, 0xeb, 0xbd,

+	0x14, 0x1b, 0x49, 0xf6, 0x93, 0x31, 0x1f, 0xa9, 0x0c, 0xb5, 0xb0, 0x3c, 0x06, 0x01, 0xb4, 0xd4,

+	0x0a, 0xba, 0x47, 0xb8, 0x5c, 0x7a, 0x64, 0x6e, 0x87, 0xb1, 0x88, 0x95, 0x1f, 0x2d, 0xac, 0xce,

+	0xc1, 0x15, 0x40, 0xf7, 0x12, 0x2e, 0x1e, 0xa9, 0xd5, 0x99, 0x2f, 0xdb, 0x4f, 0xf7, 0xe1, 0xed,

+	0x19, 0xb4, 0xe9, 0x52, 0x5f, 0x9e, 0xda, 0x50, 0x3f, 0x9e, 0xef, 0x1a, 0x6a, 0x43, 0x0f, 0xb5,

+	0xe2, 0xec, 0xa2, 0xba, 0xf5, 0x77, 0x15, 0xea, 0x3b, 0xfa, 0xc7, 0x07, 0x7a, 0x00, 0xee, 0x74,

+	0x01, 0x46, 0xc1, 0x3c, 0xcd, 0xe9, 0x4d, 0xda, 0xff, 0xe8, 0xa5, 0x18, 0x63, 0xdf, 0xd7, 0xb0,

+	0xaa, 0x7e, 0x0a, 0xa0, 0x05, 0x6d, 0xd0, 0xfe, 0x8d, 0xe0, 0xbf, 0x7c, 0xb5, 0xbe, 0xe6, 0x48,

+	0x26, 0x35, 0x43, 0x16, 0x31, 0xd9, 0xcb, 0x8c, 0xbf, 0xb9, 0x64, 0xf8, 0xa0, 0x3d, 0xa8, 0x99,

+	0xe7, 0xbc, 0x08, 0x6a, 0x4f, 0x0a, 0xbf, 0x7d, 0x36, 0x40, 0x93, 0x5d, 0x73, 0xd0, 0xde, 0x74,

+	0x53, 0x5b, 0x64, 0x9a, 0x5d, 0x06, 0xfe, 0x92, 0xff, 0x77, 0x9c, 0x6b, 0x0e, 0xfa, 0x1e, 0x9a,

+	0x56, 0xa2, 0xd1, 0x82, 0x84, 0xce, 0x57, 0x8d, 0xff, 0xc9, 0x12, 0x94, 0x36, 0xb6, 0xdb, 0x7a,

+	0xfa, 0x62, 0xc3, 0xf9, 0xf3, 0xc5, 0x86, 0xf3, 0xd7, 0x8b, 0x0d, 0xa7, 0x5f, 0x53, 0x75, 0xff,

+	0xe9, 0xff, 0x01, 0x00, 0x00, 0xff, 0xff, 0xfe, 0x98, 0x98, 0x82, 0x80, 0x0e, 0x00, 0x00,

 }

@@ -25,8 +25,10 @@ service Control {

 }

 message PruneRequest {

-	repeated string filter = 1; // FIXME: not implemented

+	repeated string filter = 1;

 	bool all = 2;

+	int64 keepDuration = 3 [(gogoproto.nullable) = true];

+	int64 keepBytes = 4 [(gogoproto.nullable) = true];

 }

 message DiskUsageRequest {

@@ -60,6 +62,7 @@ message SolveRequest {

 	string Frontend = 6;

 	map<string, string> FrontendAttrs = 7;

 	CacheOptions Cache = 8 [(gogoproto.nullable) = false];

+	repeated string Entitlements = 9 [(gogoproto.customtype) = "github.com/moby/buildkit/util/entitlements.Entitlement" ];

 }

 message CacheOptions {

@@ -2,6 +2,7 @@ package cache

 import (

 	"context"

+	"sort"

 	"sync"

 	"time"

@@ -321,14 +322,50 @@ func (cm *cacheManager) Prune(ctx context.Context, ch chan client.UsageInfo, opt

 		check = c

 	}

-	return cm.prune(ctx, ch, filter, opt.All, check)

+	totalSize := int64(0)

+	if opt.KeepBytes != 0 {

+		du, err := cm.DiskUsage(ctx, client.DiskUsageInfo{})

+		if err != nil {

+			return err

+		}

+		for _, ui := range du {

+			if check != nil {

+				if check.Exists(ui.ID) {

+					continue

+				}

+			}

+			totalSize += ui.Size

+		}

+	}

+

+	return cm.prune(ctx, ch, pruneOpt{

+		filter:       filter,

+		all:          opt.All,

+		checkShared:  check,

+		keepDuration: opt.KeepDuration,

+		keepBytes:    opt.KeepBytes,

+		totalSize:    totalSize,

+	})

 }

-func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, filter filters.Filter, all bool, checkShared ExternalRefChecker) error {

-	var toDelete []*cacheRecord

+func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, opt pruneOpt) error {

+	var toDelete []*deleteRecord

+

+	if opt.keepBytes != 0 && opt.totalSize < opt.keepBytes {

+		return nil

+	}

+

 	cm.mu.Lock()

+	gcMode := opt.keepBytes != 0

+	cutOff := time.Now().Add(-opt.keepDuration)

+

+	locked := map[*cacheRecord]struct{}{}

+

 	for _, cr := range cm.records {

+		if _, ok := locked[cr]; ok {

+			continue

+		}

 		cr.mu.Lock()

 		// ignore duplicates that share data

@@ -349,11 +386,11 @@ func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, fil

 			}

 			shared := false

-			if checkShared != nil {

-				shared = checkShared.Exists(cr.ID())

+			if opt.checkShared != nil {

+				shared = opt.checkShared.Exists(cr.ID())

 			}

-			if !all {

+			if !opt.all {

 				if recordType == client.UsageRecordTypeInternal || recordType == client.UsageRecordTypeFrontend || shared {

 					cr.mu.Unlock()

 					continue

@@ -367,23 +404,59 @@ func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, fil

 				Shared:     shared,

 			}

-			if filter.Match(adaptUsageInfo(c)) {

-				cr.dead = true

+			usageCount, lastUsedAt := getLastUsed(cr.md)

+			c.LastUsedAt = lastUsedAt

+			c.UsageCount = usageCount

-				toDelete = append(toDelete, cr)

-

-				// mark metadata as deleted in case we crash before cleanup finished

-				if err := setDeleted(cr.md); err != nil {

+			if opt.keepDuration != 0 {

+				if lastUsedAt != nil && lastUsedAt.After(cutOff) {

 					cr.mu.Unlock()

-					cm.mu.Unlock()

-					return err

+					continue

 				}

 			}

-		}

+			if opt.filter.Match(adaptUsageInfo(c)) {

+				toDelete = append(toDelete, &deleteRecord{

+					cacheRecord: cr,

+					lastUsedAt:  c.LastUsedAt,

+					usageCount:  c.UsageCount,

+				})

+				if !gcMode {

+					cr.dead = true

+

+					// mark metadata as deleted in case we crash before cleanup finished

+					if err := setDeleted(cr.md); err != nil {

+						cr.mu.Unlock()

+						cm.mu.Unlock()

+						return err

+					}

+				} else {

+					locked[cr] = struct{}{}

+					continue // leave the record locked

+				}

+			}

+		}

 		cr.mu.Unlock()

 	}

+	if gcMode && len(toDelete) > 0 {

+		sortDeleteRecords(toDelete)

+		var err error

+		for i, cr := range toDelete {

+			// only remove single record at a time

+			if i == 0 {

+				cr.dead = true

+				err = setDeleted(cr.md)

+			}

+			cr.mu.Unlock()

+		}

+		if err != nil {

+			return err

+		}

+		toDelete = toDelete[:1]

+		opt.totalSize -= getSize(toDelete[0].md)

+	}

+

 	cm.mu.Unlock()

 	if len(toDelete) == 0 {

@@ -443,7 +516,7 @@ func (cm *cacheManager) prune(ctx context.Context, ch chan client.UsageInfo, fil

 	case <-ctx.Done():

 		return ctx.Err()

 	default:

-		return cm.prune(ctx, ch, filter, all, checkShared)

+		return cm.prune(ctx, ch, opt)

 	}

 }

@@ -705,3 +778,63 @@ func adaptUsageInfo(info *client.UsageInfo) filters.Adaptor {

 		return "", false

 	})

 }

+

+type pruneOpt struct {

+	filter       filters.Filter

+	all          bool

+	checkShared  ExternalRefChecker

+	keepDuration time.Duration

+	keepBytes    int64

+	totalSize    int64

+}

+

+type deleteRecord struct {

+	*cacheRecord

+	lastUsedAt      *time.Time

+	usageCount      int

+	lastUsedAtIndex int

+	usageCountIndex int

+}

+

+func sortDeleteRecords(toDelete []*deleteRecord) {

+	sort.Slice(toDelete, func(i, j int) bool {

+		if toDelete[i].lastUsedAt == nil {

+			return true

+		}

+		if toDelete[j].lastUsedAt == nil {

+			return false

+		}

+		return toDelete[i].lastUsedAt.Before(*toDelete[j].lastUsedAt)

+	})

+

+	maxLastUsedIndex := 0

+	var val time.Time

+	for _, v := range toDelete {

+		if v.lastUsedAt != nil && v.lastUsedAt.After(val) {

+			val = *v.lastUsedAt

+			maxLastUsedIndex++

+		}

+		v.lastUsedAtIndex = maxLastUsedIndex

+	}

+

+	sort.Slice(toDelete, func(i, j int) bool {

+		return toDelete[i].usageCount < toDelete[j].usageCount

+	})

+

+	maxUsageCountIndex := 0

+	var count int

+	for _, v := range toDelete {

+		if v.usageCount != count {

+			count = v.usageCount

+			maxUsageCountIndex++

+		}

+		v.usageCountIndex = maxUsageCountIndex

+	}

+

+	sort.Slice(toDelete, func(i, j int) bool {

+		return float64(toDelete[i].lastUsedAtIndex)/float64(maxLastUsedIndex)+

+			float64(toDelete[i].usageCountIndex)/float64(maxUsageCountIndex) <

+			float64(toDelete[j].lastUsedAtIndex)/float64(maxLastUsedIndex)+

+				float64(toDelete[j].usageCountIndex)/float64(maxUsageCountIndex)

+	})

+}

new file mode 100644

@@ -0,0 +1,95 @@

+package client

+

+import (

+	"context"

+

+	"github.com/moby/buildkit/client/buildid"

+	gateway "github.com/moby/buildkit/frontend/gateway/client"

+	"github.com/moby/buildkit/frontend/gateway/grpcclient"

+	gatewayapi "github.com/moby/buildkit/frontend/gateway/pb"

+	"github.com/moby/buildkit/session"

+	"github.com/moby/buildkit/util/apicaps"

+	"github.com/pkg/errors"

+	"google.golang.org/grpc"

+)

+

+func (c *Client) Build(ctx context.Context, opt SolveOpt, product string, buildFunc gateway.BuildFunc, statusChan chan *SolveStatus) (*SolveResponse, error) {

+	defer func() {

+		if statusChan != nil {

+			close(statusChan)

+		}

+	}()

+

+	if opt.Frontend != "" {

+		return nil, errors.New("invalid SolveOpt, Build interface cannot use Frontend")

+	}

+

+	if product == "" {

+		product = apicaps.ExportedProduct

+	}

+

+	feOpts := opt.FrontendAttrs

+	opt.FrontendAttrs = nil

+

+	workers, err := c.ListWorkers(ctx)

+	if err != nil {

+		return nil, errors.Wrap(err, "listing workers for Build")

+	}

+	var gworkers []gateway.WorkerInfo

+	for _, w := range workers {

+		gworkers = append(gworkers, gateway.WorkerInfo{

+			ID:        w.ID,

+			Labels:    w.Labels,

+			Platforms: w.Platforms,

+		})

+	}

+

+	cb := func(ref string, s *session.Session) error {

+		g, err := grpcclient.New(ctx, feOpts, s.ID(), product, c.gatewayClientForBuild(ref), gworkers)

+		if err != nil {

+			return err

+		}

+

+		if err := g.Run(ctx, buildFunc); err != nil {

+			return errors.Wrap(err, "failed to run Build function")

+		}

+		return nil

+	}

+

+	return c.solve(ctx, nil, cb, opt, statusChan)

+}

+

+func (c *Client) gatewayClientForBuild(buildid string) gatewayapi.LLBBridgeClient {

+	g := gatewayapi.NewLLBBridgeClient(c.conn)

+	return &gatewayClientForBuild{g, buildid}

+}

+

+type gatewayClientForBuild struct {

+	gateway gatewayapi.LLBBridgeClient

+	buildID string

+}

+

+func (g *gatewayClientForBuild) ResolveImageConfig(ctx context.Context, in *gatewayapi.ResolveImageConfigRequest, opts ...grpc.CallOption) (*gatewayapi.ResolveImageConfigResponse, error) {

+	ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)

+	return g.gateway.ResolveImageConfig(ctx, in, opts...)

+}

+

+func (g *gatewayClientForBuild) Solve(ctx context.Context, in *gatewayapi.SolveRequest, opts ...grpc.CallOption) (*gatewayapi.SolveResponse, error) {

+	ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)

+	return g.gateway.Solve(ctx, in, opts...)

+}

+

+func (g *gatewayClientForBuild) ReadFile(ctx context.Context, in *gatewayapi.ReadFileRequest, opts ...grpc.CallOption) (*gatewayapi.ReadFileResponse, error) {

+	ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)

+	return g.gateway.ReadFile(ctx, in, opts...)

+}

+

+func (g *gatewayClientForBuild) Ping(ctx context.Context, in *gatewayapi.PingRequest, opts ...grpc.CallOption) (*gatewayapi.PongResponse, error) {

+	ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)

+	return g.gateway.Ping(ctx, in, opts...)

+}

+

+func (g *gatewayClientForBuild) Return(ctx context.Context, in *gatewayapi.ReturnRequest, opts ...grpc.CallOption) (*gatewayapi.ReturnResponse, error) {

+	ctx = buildid.AppendToOutgoingContext(ctx, g.buildID)

+	return g.gateway.Return(ctx, in, opts...)

+}

new file mode 100644

@@ -0,0 +1,29 @@

+package buildid

+

+import (

+	"context"

+

+	"google.golang.org/grpc/metadata"

+)

+

+var metadataKey = "buildkit-controlapi-buildid"

+

+func AppendToOutgoingContext(ctx context.Context, id string) context.Context {

+	if id != "" {

+		return metadata.AppendToOutgoingContext(ctx, metadataKey, id)

+	}

+	return ctx

+}

+

+func FromIncomingContext(ctx context.Context) string {

+	md, ok := metadata.FromIncomingContext(ctx)

+	if !ok {

+		return ""

+	}

+

+	if ids := md.Get(metadataKey); len(ids) == 1 {

+		return ids[0]

+	}

+

+	return ""

+}

@@ -2,6 +2,7 @@ package llb

 import (

 	_ "crypto/sha256"

+	"net"

 	"sort"

 	"github.com/moby/buildkit/solver/pb"

@@ -10,11 +11,13 @@ import (

 )

 type Meta struct {

-	Args     []string

-	Env      EnvList

-	Cwd      string

-	User     string

-	ProxyEnv *ProxyEnv

+	Args       []string

+	Env        EnvList

+	Cwd        string

+	User       string

+	ProxyEnv   *ProxyEnv

+	ExtraHosts []HostIP

+	Network    pb.NetMode

 }

 func NewExecOp(root Output, meta Meta, readOnly bool, c Constraints) *ExecOp {

@@ -127,13 +130,26 @@ func (e *ExecOp) Marshal(c *Constraints) (digest.Digest, []byte, *pb.OpMetadata,

 		return e.mounts[i].target < e.mounts[j].target

 	})

+	meta := &pb.Meta{

+		Args: e.meta.Args,

+		Env:  e.meta.Env.ToArray(),

+		Cwd:  e.meta.Cwd,

+		User: e.meta.User,

+	}

+	if len(e.meta.ExtraHosts) > 0 {

+		hosts := make([]*pb.HostIP, len(e.meta.ExtraHosts))

+		for i, h := range e.meta.ExtraHosts {

+			hosts[i] = &pb.HostIP{Host: h.Host, IP: h.IP.String()}

+		}

+		meta.ExtraHosts = hosts

+	}

+

 	peo := &pb.ExecOp{

-		Meta: &pb.Meta{

-			Args: e.meta.Args,

-			Env:  e.meta.Env.ToArray(),

-			Cwd:  e.meta.Cwd,

-			User: e.meta.User,

-		},

+		Meta:    meta,

+		Network: e.meta.Network,

+	}

+	if e.meta.Network != NetModeSandbox {

+		addCap(&e.constraints, pb.CapExecMetaNetwork)

 	}

 	if p := e.meta.ProxyEnv; p != nil {

@@ -346,6 +362,12 @@ func (fn runOptionFunc) SetRunOption(ei *ExecInfo) {

 	fn(ei)

 }

+func Network(n pb.NetMode) RunOption {

+	return runOptionFunc(func(ei *ExecInfo) {

+		ei.State = network(n)(ei.State)

+	})

+}

+

 func Shlex(str string) RunOption {

 	return Shlexf(str)

 }

@@ -386,6 +408,12 @@ func Dirf(str string, v ...interface{}) RunOption {

 	})

 }

+func AddExtraHost(host string, ip net.IP) RunOption {

+	return runOptionFunc(func(ei *ExecInfo) {

+		ei.State = ei.State.AddExtraHost(host, ip)

+	})

+}

+

 func Reset(s State) RunOption {

 	return runOptionFunc(func(ei *ExecInfo) {

 		ei.State = ei.State.Reset(s)

@@ -492,3 +520,9 @@ const (

 	CacheMountPrivate

 	CacheMountLocked

 )

+

+const (

+	NetModeSandbox = pb.NetMode_UNSET

+	NetModeHost    = pb.NetMode_HOST

+	NetModeNone    = pb.NetMode_NONE

+)

@@ -2,21 +2,25 @@ package llb

 import (

 	"fmt"

+	"net"

 	"path"

 	"github.com/containerd/containerd/platforms"

 	"github.com/google/shlex"

+	"github.com/moby/buildkit/solver/pb"

 	specs "github.com/opencontainers/image-spec/specs-go/v1"

 )

 type contextKeyT string

 var (

-	keyArgs     = contextKeyT("llb.exec.args")

-	keyDir      = contextKeyT("llb.exec.dir")

-	keyEnv      = contextKeyT("llb.exec.env")

-	keyUser     = contextKeyT("llb.exec.user")

-	keyPlatform = contextKeyT("llb.platform")