mirror of https://github.com/docker/cli.git
Compare commits
7 Commits
05572505a1
...
74d958fe4a
Author | SHA1 | Date |
---|---|---|
Laura Brehm | 74d958fe4a | |
Sebastiaan van Stijn | abb8e9b78a | |
Laura Brehm | 7029147458 | |
Sebastiaan van Stijn | 6b9083776f | |
Sebastiaan van Stijn | fb61156b05 | |
Sebastiaan van Stijn | 87acf77aef | |
Laura Brehm | d6ce04640f |
|
@ -58,9 +58,9 @@ func NewLoginCommand(dockerCli command.Cli) *cobra.Command {
|
|||
return cmd
|
||||
}
|
||||
|
||||
func verifyloginOptions(dockerCli command.Cli, opts *loginOptions) error {
|
||||
func verifyLoginOptions(dockerCli command.Cli, opts *loginOptions) error {
|
||||
if opts.password != "" {
|
||||
fmt.Fprintln(dockerCli.Err(), "WARNING! Using --password via the CLI is insecure. Use --password-stdin.")
|
||||
_, _ = fmt.Fprintln(dockerCli.Err(), "WARNING! Using --password via the CLI is insecure. Use --password-stdin.")
|
||||
if opts.passwordStdin {
|
||||
return errors.New("--password and --password-stdin are mutually exclusive")
|
||||
}
|
||||
|
@ -83,7 +83,7 @@ func verifyloginOptions(dockerCli command.Cli, opts *loginOptions) error {
|
|||
}
|
||||
|
||||
func runLogin(ctx context.Context, dockerCli command.Cli, opts loginOptions) error {
|
||||
if err := verifyloginOptions(dockerCli, &opts); err != nil {
|
||||
if err := verifyLoginOptions(dockerCli, &opts); err != nil {
|
||||
return err
|
||||
}
|
||||
var (
|
||||
|
@ -174,7 +174,7 @@ func loginUser(ctx context.Context, dockerCli command.Cli, opts loginOptions, de
|
|||
if !errors.Is(err, manager.ErrDeviceLoginStartFail) {
|
||||
return response, err
|
||||
}
|
||||
fmt.Fprint(dockerCli.Err(), "Failed to start web-based login - falling back to command line login...\n\n")
|
||||
_, _ = fmt.Fprint(dockerCli.Err(), "Failed to start web-based login - falling back to command line login...\n\n")
|
||||
}
|
||||
|
||||
return loginWithUsernameAndPassword(ctx, dockerCli, opts, defaultUsername, serverAddress)
|
||||
|
|
|
@ -199,7 +199,7 @@ func PruneFilters(dockerCli Cli, pruneFilters filters.Args) filters.Args {
|
|||
// AddPlatformFlag adds `platform` to a set of flags for API version 1.32 and later.
|
||||
func AddPlatformFlag(flags *pflag.FlagSet, target *string) {
|
||||
flags.StringVar(target, "platform", os.Getenv("DOCKER_DEFAULT_PLATFORM"), "Set platform if server is multi-platform capable")
|
||||
flags.SetAnnotation("platform", "version", []string{"1.32"})
|
||||
_ = flags.SetAnnotation("platform", "version", []string{"1.32"})
|
||||
}
|
||||
|
||||
// ValidateOutputPath validates the output paths of the `export` and `save` commands.
|
||||
|
|
|
@ -5,7 +5,9 @@ import (
|
|||
"strconv"
|
||||
)
|
||||
|
||||
// Enabled returns whether cli hints are enabled or not
|
||||
// Enabled returns whether cli hints are enabled or not. Hints are enabled by
|
||||
// default, but can be disabled through the "DOCKER_CLI_HINTS" environment
|
||||
// variable.
|
||||
func Enabled() bool {
|
||||
if v := os.Getenv("DOCKER_CLI_HINTS"); v != "" {
|
||||
enabled, err := strconv.ParseBool(v)
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
package hints
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"gotest.tools/v3/assert"
|
||||
)
|
||||
|
||||
func TestEnabled(t *testing.T) {
|
||||
tests := []struct {
|
||||
doc string
|
||||
env string
|
||||
expected bool
|
||||
}{
|
||||
{
|
||||
doc: "default",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
doc: "DOCKER_CLI_HINTS=1",
|
||||
env: "1",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
doc: "DOCKER_CLI_HINTS=true",
|
||||
env: "true",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
doc: "DOCKER_CLI_HINTS=0",
|
||||
env: "0",
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
doc: "DOCKER_CLI_HINTS=false",
|
||||
env: "false",
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
doc: "DOCKER_CLI_HINTS=not-a-bool",
|
||||
env: "not-a-bool",
|
||||
expected: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range tests {
|
||||
t.Run(tc.doc, func(t *testing.T) {
|
||||
t.Setenv("DOCKER_CLI_HINTS", tc.env)
|
||||
assert.Equal(t, Enabled(), tc.expected)
|
||||
})
|
||||
}
|
||||
}
|
|
@ -19,8 +19,10 @@ import (
|
|||
cliflags "github.com/docker/cli/cli/flags"
|
||||
"github.com/docker/cli/cli/version"
|
||||
platformsignals "github.com/docker/cli/cmd/docker/internal/signals"
|
||||
|
||||
"github.com/docker/docker/api/types/versions"
|
||||
"github.com/docker/docker/errdefs"
|
||||
"github.com/docker/docker/pkg/reexec"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/spf13/cobra"
|
||||
|
@ -29,6 +31,10 @@ import (
|
|||
)
|
||||
|
||||
func main() {
|
||||
if reexec.Init() {
|
||||
return
|
||||
}
|
||||
|
||||
err := dockerMain(context.Background())
|
||||
if err != nil && !errdefs.IsCancelled(err) {
|
||||
_, _ = fmt.Fprintln(os.Stderr, err)
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
credhelpers "github.com/docker/docker-credential-helpers/credentials"
|
||||
"github.com/docker/docker/pkg/reexec"
|
||||
|
||||
"github.com/docker/cli/cli/config"
|
||||
"github.com/docker/cli/cli/config/credentials"
|
||||
"github.com/docker/cli/cli/config/types"
|
||||
)
|
||||
|
||||
//nolint:gosec // ignore G101: Potential hardcoded credentials
|
||||
const fileCredsHelperBinary = "docker-credential-file"
|
||||
|
||||
func init() {
|
||||
reexec.Register(fileCredsHelperBinary, serveFileCredHelper)
|
||||
}
|
||||
|
||||
func serveFileCredHelper() {
|
||||
configfile := config.LoadDefaultConfigFile(os.Stderr)
|
||||
store := credentials.NewFileStore(configfile)
|
||||
credhelpers.Serve(&FileHelper{
|
||||
fileStore: store,
|
||||
})
|
||||
}
|
||||
|
||||
var _ credhelpers.Helper = &FileHelper{}
|
||||
|
||||
type FileHelper struct {
|
||||
fileStore credentials.Store
|
||||
}
|
||||
|
||||
func (f *FileHelper) Add(creds *credhelpers.Credentials) error {
|
||||
return f.fileStore.Store(types.AuthConfig{
|
||||
Username: creds.Username,
|
||||
Password: creds.Secret,
|
||||
ServerAddress: creds.ServerURL,
|
||||
})
|
||||
}
|
||||
|
||||
func (f *FileHelper) Delete(serverAddress string) error {
|
||||
return f.fileStore.Erase(serverAddress)
|
||||
}
|
||||
|
||||
func (f *FileHelper) Get(serverAddress string) (string, string, error) {
|
||||
authConfig, err := f.fileStore.Get(serverAddress)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
return authConfig.Username, authConfig.Password, nil
|
||||
}
|
||||
|
||||
func (f *FileHelper) List() (map[string]string, error) {
|
||||
creds := make(map[string]string)
|
||||
|
||||
authConfig, err := f.fileStore.GetAll()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
for k, v := range authConfig {
|
||||
creds[k] = v.Username
|
||||
}
|
||||
|
||||
return creds, nil
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
package reexec
|
||||
|
||||
import (
|
||||
"os/exec"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
// Command returns an [*exec.Cmd] which has Path as current binary which,
|
||||
// on Linux, is set to the in-memory version (/proc/self/exe) of the current
|
||||
// binary, it is thus safe to delete or replace the on-disk binary (os.Args[0]).
|
||||
//
|
||||
// On Linux, the Pdeathsig of [*exec.Cmd.SysProcAttr] is set to SIGTERM.
|
||||
// This signal will be sent to the process when the OS thread which created
|
||||
// the process dies.
|
||||
//
|
||||
// It is the caller's responsibility to ensure that the creating thread is
|
||||
// not terminated prematurely. See https://go.dev/issue/27505 for more details.
|
||||
func Command(args ...string) *exec.Cmd {
|
||||
return &exec.Cmd{
|
||||
Path: Self(),
|
||||
Args: args,
|
||||
SysProcAttr: &syscall.SysProcAttr{
|
||||
Pdeathsig: syscall.SIGTERM,
|
||||
},
|
||||
}
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
//go:build freebsd || darwin || windows
|
||||
|
||||
package reexec
|
||||
|
||||
import (
|
||||
"os/exec"
|
||||
)
|
||||
|
||||
// Command returns *exec.Cmd with its Path set to the path of the current
|
||||
// binary using the result of [Self]. For example if current binary is
|
||||
// "my-binary" at "/usr/bin/" (or "my-binary.exe" at "C:\" on Windows),
|
||||
// then cmd.Path is set to "/usr/bin/my-binary" and "C:\my-binary.exe"
|
||||
// respectively.
|
||||
func Command(args ...string) *exec.Cmd {
|
||||
return &exec.Cmd{
|
||||
Path: Self(),
|
||||
Args: args,
|
||||
}
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
//go:build !linux && !windows && !freebsd && !darwin
|
||||
|
||||
package reexec
|
||||
|
||||
import (
|
||||
"os/exec"
|
||||
)
|
||||
|
||||
// Command is unsupported on operating systems apart from Linux, Windows, and Darwin.
|
||||
func Command(args ...string) *exec.Cmd {
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,64 @@
|
|||
// Package reexec facilitates the busybox style reexec of a binary.
|
||||
//
|
||||
// Handlers can be registered with a name and the argv 0 of the exec of
|
||||
// the binary will be used to find and execute custom init paths.
|
||||
//
|
||||
// It is used in dockerd to work around forking limitations when using Go.
|
||||
package reexec
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
)
|
||||
|
||||
var registeredInitializers = make(map[string]func())
|
||||
|
||||
// Register adds an initialization func under the specified name. It panics
|
||||
// if the given name is already registered.
|
||||
func Register(name string, initializer func()) {
|
||||
if _, exists := registeredInitializers[name]; exists {
|
||||
panic(fmt.Sprintf("reexec func already registered under name %q", name))
|
||||
}
|
||||
|
||||
registeredInitializers[name] = initializer
|
||||
}
|
||||
|
||||
// Init is called as the first part of the exec process and returns true if an
|
||||
// initialization function was called.
|
||||
func Init() bool {
|
||||
if initializer, ok := registeredInitializers[os.Args[0]]; ok {
|
||||
initializer()
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// Self returns the path to the current process's binary. On Linux, it
|
||||
// returns "/proc/self/exe", which provides the in-memory version of the
|
||||
// current binary, whereas on other platforms it attempts to looks up the
|
||||
// absolute path for os.Args[0], or otherwise returns os.Args[0] as-is.
|
||||
func Self() string {
|
||||
if runtime.GOOS == "linux" {
|
||||
return "/proc/self/exe"
|
||||
}
|
||||
return naiveSelf()
|
||||
}
|
||||
|
||||
func naiveSelf() string {
|
||||
name := os.Args[0]
|
||||
if filepath.Base(name) == name {
|
||||
if lp, err := exec.LookPath(name); err == nil {
|
||||
return lp
|
||||
}
|
||||
}
|
||||
// handle conversion of relative paths to absolute
|
||||
if absName, err := filepath.Abs(name); err == nil {
|
||||
return absName
|
||||
}
|
||||
// if we couldn't get absolute name, return original
|
||||
// (NOTE: Go only errors on Abs() if os.Getwd fails)
|
||||
return name
|
||||
}
|
|
@ -91,6 +91,7 @@ github.com/docker/docker/pkg/longpath
|
|||
github.com/docker/docker/pkg/pools
|
||||
github.com/docker/docker/pkg/process
|
||||
github.com/docker/docker/pkg/progress
|
||||
github.com/docker/docker/pkg/reexec
|
||||
github.com/docker/docker/pkg/stdcopy
|
||||
github.com/docker/docker/pkg/streamformatter
|
||||
github.com/docker/docker/pkg/stringid
|
||||
|
|
Loading…
Reference in New Issue