Merge d6ce04640f into abb8e9b78a

cli/hints: add tests

cli/command/registry/login.go

@@ -58,9 +58,9 @@ func NewLoginCommand(dockerCli command.Cli) *cobra.Command {
 	return cmd
 }
 
-func verifyloginOptions(dockerCli command.Cli, opts *loginOptions) error {
+func verifyLoginOptions(dockerCli command.Cli, opts *loginOptions) error {
 	if opts.password != "" {
-		fmt.Fprintln(dockerCli.Err(), "WARNING! Using --password via the CLI is insecure. Use --password-stdin.")
+		_, _ = fmt.Fprintln(dockerCli.Err(), "WARNING! Using --password via the CLI is insecure. Use --password-stdin.")
 		if opts.passwordStdin {
 			return errors.New("--password and --password-stdin are mutually exclusive")
 		}
@@ -83,7 +83,7 @@ func verifyloginOptions(dockerCli command.Cli, opts *loginOptions) error {
 }
 
 func runLogin(ctx context.Context, dockerCli command.Cli, opts loginOptions) error {
-	if err := verifyloginOptions(dockerCli, &opts); err != nil {
+	if err := verifyLoginOptions(dockerCli, &opts); err != nil {
 		return err
 	}
 	var (
@@ -174,7 +174,7 @@ func loginUser(ctx context.Context, dockerCli command.Cli, opts loginOptions, de
 		if !errors.Is(err, manager.ErrDeviceLoginStartFail) {
 			return response, err
 		}
-		fmt.Fprint(dockerCli.Err(), "Failed to start web-based login - falling back to command line login...\n\n")
+		_, _ = fmt.Fprint(dockerCli.Err(), "Failed to start web-based login - falling back to command line login...\n\n")
 	}
 
 	return loginWithUsernameAndPassword(ctx, dockerCli, opts, defaultUsername, serverAddress)

cli/command/utils.go

@@ -199,7 +199,7 @@ func PruneFilters(dockerCli Cli, pruneFilters filters.Args) filters.Args {
 // AddPlatformFlag adds `platform` to a set of flags for API version 1.32 and later.
 func AddPlatformFlag(flags *pflag.FlagSet, target *string) {
 	flags.StringVar(target, "platform", os.Getenv("DOCKER_DEFAULT_PLATFORM"), "Set platform if server is multi-platform capable")
-	flags.SetAnnotation("platform", "version", []string{"1.32"})
+	_ = flags.SetAnnotation("platform", "version", []string{"1.32"})
 }
 
 // ValidateOutputPath validates the output paths of the `export` and `save` commands.

cli/hints/hints.go

@@ -5,7 +5,9 @@ import (
 	"strconv"
 )
 
-// Enabled returns whether cli hints are enabled or not
+// Enabled returns whether cli hints are enabled or not. Hints are enabled by
+// default, but can be disabled through the "DOCKER_CLI_HINTS" environment
+// variable.
 func Enabled() bool {
 	if v := os.Getenv("DOCKER_CLI_HINTS"); v != "" {
 		enabled, err := strconv.ParseBool(v)

cli/hints/hints_test.go

@@ -0,0 +1,52 @@
+package hints
+
+import (
+	"testing"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestEnabled(t *testing.T) {
+	tests := []struct {
+		doc      string
+		env      string
+		expected bool
+	}{
+		{
+			doc:      "default",
+			expected: true,
+		},
+		{
+			doc:      "DOCKER_CLI_HINTS=1",
+			env:      "1",
+			expected: true,
+		},
+		{
+			doc:      "DOCKER_CLI_HINTS=true",
+			env:      "true",
+			expected: true,
+		},
+		{
+			doc:      "DOCKER_CLI_HINTS=0",
+			env:      "0",
+			expected: false,
+		},
+		{
+			doc:      "DOCKER_CLI_HINTS=false",
+			env:      "false",
+			expected: false,
+		},
+		{
+			doc:      "DOCKER_CLI_HINTS=not-a-bool",
+			env:      "not-a-bool",
+			expected: true,
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.doc, func(t *testing.T) {
+			t.Setenv("DOCKER_CLI_HINTS", tc.env)
+			assert.Equal(t, Enabled(), tc.expected)
+		})
+	}
+}

cmd/docker/docker.go

@@ -19,8 +19,10 @@ import (
 	cliflags "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/cli/version"
 	platformsignals "github.com/docker/cli/cmd/docker/internal/signals"
+
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/reexec"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -29,6 +31,10 @@ import (
 )
 
 func main() {
+	if reexec.Init() {
+		return
+	}
+
 	err := dockerMain(context.Background())
 	if err != nil && !errdefs.IsCancelled(err) {
 		_, _ = fmt.Fprintln(os.Stderr, err)

cmd/docker/file_helper.go

@@ -0,0 +1,69 @@
+package main
+
+import (
+	"os"
+
+	credhelpers "github.com/docker/docker-credential-helpers/credentials"
+	"github.com/docker/docker/pkg/reexec"
+
+	"github.com/docker/cli/cli/config"
+	"github.com/docker/cli/cli/config/credentials"
+	"github.com/docker/cli/cli/config/types"
+)
+
+//nolint:gosec // ignore G101: Potential hardcoded credentials
+const fileCredsHelperBinary = "docker-credential-file"
+
+func init() {
+	reexec.Register(fileCredsHelperBinary, serveFileCredHelper)
+}
+
+func serveFileCredHelper() {
+	configfile := config.LoadDefaultConfigFile(os.Stderr)
+	store := credentials.NewFileStore(configfile)
+	credhelpers.Serve(&FileHelper{
+		fileStore: store,
+	})
+}
+
+var _ credhelpers.Helper = &FileHelper{}
+
+type FileHelper struct {
+	fileStore credentials.Store
+}
+
+func (f *FileHelper) Add(creds *credhelpers.Credentials) error {
+	return f.fileStore.Store(types.AuthConfig{
+		Username:      creds.Username,
+		Password:      creds.Secret,
+		ServerAddress: creds.ServerURL,
+	})
+}
+
+func (f *FileHelper) Delete(serverAddress string) error {
+	return f.fileStore.Erase(serverAddress)
+}
+
+func (f *FileHelper) Get(serverAddress string) (string, string, error) {
+	authConfig, err := f.fileStore.Get(serverAddress)
+	if err != nil {
+		return "", "", err
+	}
+
+	return authConfig.Username, authConfig.Password, nil
+}
+
+func (f *FileHelper) List() (map[string]string, error) {
+	creds := make(map[string]string)
+
+	authConfig, err := f.fileStore.GetAll()
+	if err != nil {
+		return nil, err
+	}
+
+	for k, v := range authConfig {
+		creds[k] = v.Username
+	}
+
+	return creds, nil
+}

vendor/github.com/docker/docker/pkg/reexec/command_linux.go

@@ -0,0 +1,26 @@
+package reexec
+
+import (
+	"os/exec"
+	"syscall"
+)
+
+// Command returns an [*exec.Cmd] which has Path as current binary which,
+// on Linux, is set to the in-memory version (/proc/self/exe) of the current
+// binary, it is thus safe to delete or replace the on-disk binary (os.Args[0]).
+//
+// On Linux, the Pdeathsig of [*exec.Cmd.SysProcAttr] is set to SIGTERM.
+// This signal will be sent to the process when the OS thread which created
+// the process dies.
+//
+// It is the caller's responsibility to ensure that the creating thread is
+// not terminated prematurely. See https://go.dev/issue/27505 for more details.
+func Command(args ...string) *exec.Cmd {
+	return &exec.Cmd{
+		Path: Self(),
+		Args: args,
+		SysProcAttr: &syscall.SysProcAttr{
+			Pdeathsig: syscall.SIGTERM,
+		},
+	}
+}

vendor/github.com/docker/docker/pkg/reexec/command_other.go

@@ -0,0 +1,19 @@
+//go:build freebsd || darwin || windows
+
+package reexec
+
+import (
+	"os/exec"
+)
+
+// Command returns *exec.Cmd with its Path set to the path of the current
+// binary using the result of [Self]. For example if current binary is
+// "my-binary" at "/usr/bin/" (or "my-binary.exe" at "C:\" on Windows),
+// then cmd.Path is set to "/usr/bin/my-binary" and "C:\my-binary.exe"
+// respectively.
+func Command(args ...string) *exec.Cmd {
+	return &exec.Cmd{
+		Path: Self(),
+		Args: args,
+	}
+}

vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go

@@ -0,0 +1,12 @@
+//go:build !linux && !windows && !freebsd && !darwin
+
+package reexec
+
+import (
+	"os/exec"
+)
+
+// Command is unsupported on operating systems apart from Linux, Windows, and Darwin.
+func Command(args ...string) *exec.Cmd {
+	return nil
+}

vendor/github.com/docker/docker/pkg/reexec/reexec.go

@@ -0,0 +1,64 @@
+// Package reexec facilitates the busybox style reexec of a binary.
+//
+// Handlers can be registered with a name and the argv 0 of the exec of
+// the binary will be used to find and execute custom init paths.
+//
+// It is used in dockerd to work around forking limitations when using Go.
+package reexec
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+)
+
+var registeredInitializers = make(map[string]func())
+
+// Register adds an initialization func under the specified name. It panics
+// if the given name is already registered.
+func Register(name string, initializer func()) {
+	if _, exists := registeredInitializers[name]; exists {
+		panic(fmt.Sprintf("reexec func already registered under name %q", name))
+	}
+
+	registeredInitializers[name] = initializer
+}
+
+// Init is called as the first part of the exec process and returns true if an
+// initialization function was called.
+func Init() bool {
+	if initializer, ok := registeredInitializers[os.Args[0]]; ok {
+		initializer()
+		return true
+	}
+	return false
+}
+
+// Self returns the path to the current process's binary. On Linux, it
+// returns "/proc/self/exe", which provides the in-memory version of the
+// current binary, whereas on other platforms it attempts to looks up the
+// absolute path for os.Args[0], or otherwise returns os.Args[0] as-is.
+func Self() string {
+	if runtime.GOOS == "linux" {
+		return "/proc/self/exe"
+	}
+	return naiveSelf()
+}
+
+func naiveSelf() string {
+	name := os.Args[0]
+	if filepath.Base(name) == name {
+		if lp, err := exec.LookPath(name); err == nil {
+			return lp
+		}
+	}
+	// handle conversion of relative paths to absolute
+	if absName, err := filepath.Abs(name); err == nil {
+		return absName
+	}
+	// if we couldn't get absolute name, return original
+	// (NOTE: Go only errors on Abs() if os.Getwd fails)
+	return name
+}

vendor/modules.txt

@@ -91,6 +91,7 @@ github.com/docker/docker/pkg/longpath
 github.com/docker/docker/pkg/pools
 github.com/docker/docker/pkg/process
 github.com/docker/docker/pkg/progress
+github.com/docker/docker/pkg/reexec
 github.com/docker/docker/pkg/stdcopy
 github.com/docker/docker/pkg/streamformatter
 github.com/docker/docker/pkg/stringid