Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DockerCLI/dockerfiles/Dockerfile.e2e

46 lines
1.5 KiB
Docker
Raw Normal View History

[20.10] update to go1.18.9 Includes security fixes for net/http (CVE-2022-41717, CVE-2022-41720), and os (CVE-2022-41720). These minor releases include 2 security fixes following the security policy: - os, net/http: avoid escapes from os.DirFS and http.Dir on Windows The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permitted access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") would open the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory \(the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. The behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error. This is CVE-2022-41720 and Go issue https://go.dev/issue/56694. - net/http: limit canonical header cache by bytes, not entries An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. This issue is also fixed in golang.org/x/net/http2 vX.Y.Z, for users manually configuring HTTP/2. Thanks to Josselin Costanzi for reporting this issue. This is CVE-2022-41717 and Go issue https://go.dev/issue/56350. View the release notes for more information: https://go.dev/doc/devel/release#go1.18.9 And the milestone on the issue tracker: https://github.com/golang/go/issues?q=milestone%3AGo1.18.9+label%3ACherryPickApproved Full diff: https://github.com/golang/go/compare/go1.18.8...go1.18.9 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 17:07:52 -05:00
ARG GO_VERSION=1.18.9
Add engine commands built on containerd This new collection of commands supports initializing a local engine using containerd, updating that engine, and activating the EE product Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-03-19 18:56:51 -04:00
Make e2e test image - Build image that contains everything needed to run e2e tests - Add ability to run e2e tests against an endpoint Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2018-05-17 07:11:59 -04:00
# Use Debian based image as docker-compose requires glibc.
Update Golang 1.13.8 Also pinning the e2e image to the "buster" variant, which is what's currently used, but making it explicit. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-26 05:16:35 -05:00
FROM golang:${GO_VERSION}-buster
Make e2e test image - Build image that contains everything needed to run e2e tests - Add ability to run e2e tests against an endpoint Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2018-05-17 07:11:59 -04:00
RUN apt-get update && apt-get install -y \
build-essential \
curl \
openssl \
connhelper: add e2e Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-09-06 01:38:01 -04:00
openssh-client \
Make e2e test image - Build image that contains everything needed to run e2e tests - Add ability to run e2e tests against an endpoint Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2018-05-17 07:11:59 -04:00
&& rm -rf /var/lib/apt/lists/*
e2e: update docker-compose to 1.29.2 Newer versions have COMPOSE_DOCKER_CLI_BUILD enabled by default, so removing that env-var. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 524e3b215dc92119194b5ebe47a95720ca8f78c7) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-09 08:07:58 -04:00
ARG COMPOSE_VERSION=1.29.2
Dockerfile.e2e: don't show progress, force TLS, and follow redirects Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-13 08:49:21 -05:00
RUN curl -fsSL https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose \
Make e2e test image - Build image that contains everything needed to run e2e tests - Add ability to run e2e tests against an endpoint Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2018-05-17 07:11:59 -04:00
&& chmod +x /usr/local/bin/docker-compose
ARG NOTARY_VERSION=v0.6.1
Dockerfile.e2e: don't show progress, force TLS, and follow redirects Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-13 08:49:21 -05:00
RUN curl -fsSL https://github.com/theupdateframework/notary/releases/download/${NOTARY_VERSION}/notary-Linux-amd64 -o /usr/local/bin/notary \
Make e2e test image - Build image that contains everything needed to run e2e tests - Add ability to run e2e tests against an endpoint Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2018-05-17 07:11:59 -04:00
&& chmod +x /usr/local/bin/notary
update gotestsum to v1.8.2 release notes: https://github.com/gotestyourself/gotestsum/releases/tag/v1.8.2 - Show shuffle seed - Update tests, and cleanup formats - Update dependencies - Test against go1.19, remove go1.15 - Add project name to junit.xml output - Adding in support for s390x and ppc64le full diff: https://github.com/gotestyourself/gotestsum/compare/v1.8.1...v1.8.2 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 700099159c70f396e76adca0ca832c864a138490) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-17 11:10:59 -05:00
ARG GOTESTSUM_VERSION=1.8.2
Dockerfile.e2e: don't show progress, force TLS, and follow redirects Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-13 08:49:21 -05:00
RUN curl -fsSL https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_linux_amd64.tar.gz -o gotestsum.tar.gz \
Use gotest.tools/gotestsum binary to run unit and e2e tests and simplify the output. Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-01-24 11:53:42 -05:00
&& tar -xf gotestsum.tar.gz gotestsum \
&& mv gotestsum /usr/local/bin/gotestsum \
&& rm gotestsum.tar.gz
Make e2e test image - Build image that contains everything needed to run e2e tests - Add ability to run e2e tests against an endpoint Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2018-05-17 07:11:59 -04:00
ENV CGO_ENABLED=0 \
DISABLE_WARN_OUTSIDE_CONTAINER=1 \
PATH=/go/src/github.com/docker/cli/build:$PATH
WORKDIR /go/src/github.com/docker/cli
# Trust notary CA cert.
COPY e2e/testdata/notary/root-ca.cert /usr/share/ca-certificates/notary.cert
RUN echo 'notary.cert' >> /etc/ca-certificates.conf && update-ca-certificates
COPY . .
ARG VERSION
ARG GITCOMMIT
Dockerfile.e2e: update compose v1.25.1, enable buildkit Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-15 12:41:44 -05:00
ENV VERSION=${VERSION}
ENV GITCOMMIT=${GITCOMMIT}
ENV DOCKER_BUILDKIT=1
Make e2e test image - Build image that contains everything needed to run e2e tests - Add ability to run e2e tests against an endpoint Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2018-05-17 07:11:59 -04:00
RUN ./scripts/build/binary
Add some simple e2e tests for executing CLI plugins To help with this add a bad plugin which produces invalid metadata and arrange for it to be built in the e2e container. Signed-off-by: Ian Campbell <ijc@docker.com>
2018-12-11 09:15:04 -05:00
RUN ./scripts/build/plugins e2e/cli-plugins/plugins/*
Make e2e test image - Build image that contains everything needed to run e2e tests - Add ability to run e2e tests against an endpoint Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2018-05-17 07:11:59 -04:00
CMD ./scripts/test/e2e/entry