Merge d6ce04640f into da9e984231

templates: add test for HeaderFunctions

cmd/docker/docker.go

@@ -19,8 +19,10 @@ import (
 	cliflags "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/cli/version"
 	platformsignals "github.com/docker/cli/cmd/docker/internal/signals"
+
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/reexec"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -29,6 +31,10 @@ import (
 )
 
 func main() {
+	if reexec.Init() {
+		return
+	}
+
 	err := dockerMain(context.Background())
 	if err != nil && !errdefs.IsCancelled(err) {
 		_, _ = fmt.Fprintln(os.Stderr, err)

cmd/docker/file_helper.go

@@ -0,0 +1,69 @@
+package main
+
+import (
+	"os"
+
+	credhelpers "github.com/docker/docker-credential-helpers/credentials"
+	"github.com/docker/docker/pkg/reexec"
+
+	"github.com/docker/cli/cli/config"
+	"github.com/docker/cli/cli/config/credentials"
+	"github.com/docker/cli/cli/config/types"
+)
+
+//nolint:gosec // ignore G101: Potential hardcoded credentials
+const fileCredsHelperBinary = "docker-credential-file"
+
+func init() {
+	reexec.Register(fileCredsHelperBinary, serveFileCredHelper)
+}
+
+func serveFileCredHelper() {
+	configfile := config.LoadDefaultConfigFile(os.Stderr)
+	store := credentials.NewFileStore(configfile)
+	credhelpers.Serve(&FileHelper{
+		fileStore: store,
+	})
+}
+
+var _ credhelpers.Helper = &FileHelper{}
+
+type FileHelper struct {
+	fileStore credentials.Store
+}
+
+func (f *FileHelper) Add(creds *credhelpers.Credentials) error {
+	return f.fileStore.Store(types.AuthConfig{
+		Username:      creds.Username,
+		Password:      creds.Secret,
+		ServerAddress: creds.ServerURL,
+	})
+}
+
+func (f *FileHelper) Delete(serverAddress string) error {
+	return f.fileStore.Erase(serverAddress)
+}
+
+func (f *FileHelper) Get(serverAddress string) (string, string, error) {
+	authConfig, err := f.fileStore.Get(serverAddress)
+	if err != nil {
+		return "", "", err
+	}
+
+	return authConfig.Username, authConfig.Password, nil
+}
+
+func (f *FileHelper) List() (map[string]string, error) {
+	creds := make(map[string]string)
+
+	authConfig, err := f.fileStore.GetAll()
+	if err != nil {
+		return nil, err
+	}
+
+	for k, v := range authConfig {
+		creds[k] = v.Username
+	}
+
+	return creds, nil
+}

docs/reference/commandline/image_tag.md

@@ -12,38 +12,50 @@ Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
 
 ## Description
 
-A full image name has the following format and components:
+A Docker image reference consists of several components that describe where the
+image is stored and its identity. These components are:
 
-`[HOST[:PORT_NUMBER]/]PATH`
+```text
+[HOST[:PORT]/]NAMESPACE/REPOSITORY[:TAG]
+```
 
-- `HOST`: The optional registry hostname specifies where the image is located.
+`HOST`
-  The hostname must comply with standard DNS rules, but may not contain
+: Specifies the registry location where the image resides. If omitted, Docker
-  underscores. If you don't specify a hostname, the command uses Docker's public
+  defaults to Docker Hub (`docker.io`).
-  registry at `registry-1.docker.io` by default. Note that `docker.io` is the
-  canonical reference for Docker's public registry.
-- `PORT_NUMBER`: If a hostname is present, it may optionally be followed by a
-  registry port number in the format `:8080`.
-- `PATH`: The path consists of slash-separated components. Each
-  component may contain lowercase letters, digits and separators. A separator is
-  defined as a period, one or two underscores, or one or more hyphens. A component
-  may not start or end with a separator. While the
-  [OCI Distribution Specification](https://github.com/opencontainers/distribution-spec)
-  supports more than two slash-separated components, most registries only support
-  two slash-separated components. For Docker's public registry, the path format is
-  as follows:
-  - `[NAMESPACE/]REPOSITORY`: The first, optional component is typically a
-  user's or an organization's namespace. The second, mandatory component is the
-  repository name. When the namespace is not present, Docker uses `library`
-  as the default namespace.
 
-After the image name, the optional `TAG` is a custom, human-readable manifest
+`PORT`
-identifier that's typically a specific version or variant of an image. The tag
+: An optional port number for the registry, if necessary (for example, `:5000`).
-must be valid ASCII and can contain lowercase and uppercase letters, digits,
-underscores, periods, and hyphens. It can't start with a period or hyphen and
-must be no longer than 128 characters. If you don't specify a tag, the command uses `latest` by default.
 
-You can group your images together using names and tags, and then
+`NAMESPACE/REPOSITORY`
-[push](image_push.md) them to a registry.
+: The namespace (optional) usually represents a user or organization. The
+  repository is required and identifies the specific image. If the namespace is
+  omitted, Docker defaults to `library`, the namespace reserved for Docker
+  Official Images.
+
+`TAG`
+: An optional identifier used to specify a particular version or variant of the
+  image. If no tag is provided, Docker defaults to `latest`.
+
+### Example image references
+
+`example.com:5000/team/my-app:2.0`
+
+- Host: `example.com`
+- Port: `5000`
+- Namespace: `team`
+- Repository: `my-app`
+- Tag: `2.0`
+
+`alpine`
+
+- Host: `docker.io` (default)
+- Namespace: `library` (default)
+- Repository: `alpine`
+- Tag: `latest` (default)
+
+For more information on the structure and rules of image naming, refer to the
+[Distribution reference](https://pkg.go.dev/github.com/distribution/reference#pkg-overview)
+as the canonical definition of the format.
 
 ## Examples
 

templates/templates_test.go

@@ -89,3 +89,55 @@ func TestParseTruncateFunction(t *testing.T) {
 		})
 	}
 }
+
+func TestHeaderFunctions(t *testing.T) {
+	const source = "hello world"
+
+	tests := []struct {
+		doc      string
+		template string
+	}{
+		{
+			doc:      "json",
+			template: `{{ json .}}`,
+		},
+		{
+			doc:      "split",
+			template: `{{ split . ","}}`,
+		},
+		{
+			doc:      "join",
+			template: `{{ join . ","}}`,
+		},
+		{
+			doc:      "title",
+			template: `{{ title .}}`,
+		},
+		{
+			doc:      "lower",
+			template: `{{ lower .}}`,
+		},
+		{
+			doc:      "upper",
+			template: `{{ upper .}}`,
+		},
+		{
+			doc:      "truncate",
+			template: `{{ truncate . 2}}`,
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.doc, func(t *testing.T) {
+			tmpl, err := New("").Funcs(HeaderFunctions).Parse(tc.template)
+			assert.NilError(t, err)
+
+			var b bytes.Buffer
+			assert.NilError(t, tmpl.Execute(&b, source))
+
+			// All header-functions are currently stubs, and don't modify the input.
+			expected := source
+			assert.Equal(t, expected, b.String())
+		})
+	}
+}

vendor.mod

@@ -25,7 +25,7 @@ require (
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/moby/patternmatcher v0.6.0
-	github.com/moby/swarmkit/v2 v2.0.0-20240611172349-ea1a7cec35cb
+	github.com/moby/swarmkit/v2 v2.0.0-20241017191044-e8ecf83ee08e
 	github.com/moby/sys/capability v0.3.0
 	github.com/moby/sys/sequential v0.6.0
 	github.com/moby/sys/signal v0.7.1

vendor.sum

@@ -180,8 +180,8 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
 github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
-github.com/moby/swarmkit/v2 v2.0.0-20240611172349-ea1a7cec35cb h1:1UTTg2EgO3nuyV03wREDzldqqePzQ4+0a5G1C1y1bIo=
+github.com/moby/swarmkit/v2 v2.0.0-20241017191044-e8ecf83ee08e h1:1yC8fRqStY6NirU/swI74fsrHvZVMbtxsHcvl8YpzDg=
-github.com/moby/swarmkit/v2 v2.0.0-20240611172349-ea1a7cec35cb/go.mod h1:kNy225f/gWAnF8wPftteMc5nbAHhrH+HUfvyjmhFjeQ=
+github.com/moby/swarmkit/v2 v2.0.0-20241017191044-e8ecf83ee08e/go.mod h1:mTTGIAz/59OGZR5Qe+QByIe3Nxc+sSuJkrsStFhr6Lg=
 github.com/moby/sys/capability v0.3.0 h1:kEP+y6te0gEXIaeQhIi0s7vKs/w0RPoH1qPa6jROcVg=
 github.com/moby/sys/capability v0.3.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I=
 github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=

vendor/github.com/docker/docker/pkg/reexec/command_linux.go

@@ -0,0 +1,26 @@
+package reexec
+
+import (
+	"os/exec"
+	"syscall"
+)
+
+// Command returns an [*exec.Cmd] which has Path as current binary which,
+// on Linux, is set to the in-memory version (/proc/self/exe) of the current
+// binary, it is thus safe to delete or replace the on-disk binary (os.Args[0]).
+//
+// On Linux, the Pdeathsig of [*exec.Cmd.SysProcAttr] is set to SIGTERM.
+// This signal will be sent to the process when the OS thread which created
+// the process dies.
+//
+// It is the caller's responsibility to ensure that the creating thread is
+// not terminated prematurely. See https://go.dev/issue/27505 for more details.
+func Command(args ...string) *exec.Cmd {
+	return &exec.Cmd{
+		Path: Self(),
+		Args: args,
+		SysProcAttr: &syscall.SysProcAttr{
+			Pdeathsig: syscall.SIGTERM,
+		},
+	}
+}

vendor/github.com/docker/docker/pkg/reexec/command_other.go

@@ -0,0 +1,19 @@
+//go:build freebsd || darwin || windows
+
+package reexec
+
+import (
+	"os/exec"
+)
+
+// Command returns *exec.Cmd with its Path set to the path of the current
+// binary using the result of [Self]. For example if current binary is
+// "my-binary" at "/usr/bin/" (or "my-binary.exe" at "C:\" on Windows),
+// then cmd.Path is set to "/usr/bin/my-binary" and "C:\my-binary.exe"
+// respectively.
+func Command(args ...string) *exec.Cmd {
+	return &exec.Cmd{
+		Path: Self(),
+		Args: args,
+	}
+}

vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go

@@ -0,0 +1,12 @@
+//go:build !linux && !windows && !freebsd && !darwin
+
+package reexec
+
+import (
+	"os/exec"
+)
+
+// Command is unsupported on operating systems apart from Linux, Windows, and Darwin.
+func Command(args ...string) *exec.Cmd {
+	return nil
+}

vendor/github.com/docker/docker/pkg/reexec/reexec.go

@@ -0,0 +1,64 @@
+// Package reexec facilitates the busybox style reexec of a binary.
+//
+// Handlers can be registered with a name and the argv 0 of the exec of
+// the binary will be used to find and execute custom init paths.
+//
+// It is used in dockerd to work around forking limitations when using Go.
+package reexec
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+)
+
+var registeredInitializers = make(map[string]func())
+
+// Register adds an initialization func under the specified name. It panics
+// if the given name is already registered.
+func Register(name string, initializer func()) {
+	if _, exists := registeredInitializers[name]; exists {
+		panic(fmt.Sprintf("reexec func already registered under name %q", name))
+	}
+
+	registeredInitializers[name] = initializer
+}
+
+// Init is called as the first part of the exec process and returns true if an
+// initialization function was called.
+func Init() bool {
+	if initializer, ok := registeredInitializers[os.Args[0]]; ok {
+		initializer()
+		return true
+	}
+	return false
+}
+
+// Self returns the path to the current process's binary. On Linux, it
+// returns "/proc/self/exe", which provides the in-memory version of the
+// current binary, whereas on other platforms it attempts to looks up the
+// absolute path for os.Args[0], or otherwise returns os.Args[0] as-is.
+func Self() string {
+	if runtime.GOOS == "linux" {
+		return "/proc/self/exe"
+	}
+	return naiveSelf()
+}
+
+func naiveSelf() string {
+	name := os.Args[0]
+	if filepath.Base(name) == name {
+		if lp, err := exec.LookPath(name); err == nil {
+			return lp
+		}
+	}
+	// handle conversion of relative paths to absolute
+	if absName, err := filepath.Abs(name); err == nil {
+		return absName
+	}
+	// if we couldn't get absolute name, return original
+	// (NOTE: Go only errors on Abs() if os.Getwd fails)
+	return name
+}

vendor/modules.txt

@@ -91,6 +91,7 @@ github.com/docker/docker/pkg/longpath
 github.com/docker/docker/pkg/pools
 github.com/docker/docker/pkg/process
 github.com/docker/docker/pkg/progress
+github.com/docker/docker/pkg/reexec
 github.com/docker/docker/pkg/stdcopy
 github.com/docker/docker/pkg/streamformatter
 github.com/docker/docker/pkg/stringid
@@ -197,7 +198,7 @@ github.com/moby/docker-image-spec/specs-go/v1
 ## explicit; go 1.19
 github.com/moby/patternmatcher
 github.com/moby/patternmatcher/ignorefile
-# github.com/moby/swarmkit/v2 v2.0.0-20240611172349-ea1a7cec35cb
+# github.com/moby/swarmkit/v2 v2.0.0-20241017191044-e8ecf83ee08e
 ## explicit; go 1.18
 github.com/moby/swarmkit/v2/api
 github.com/moby/swarmkit/v2/api/deepcopy