Commit Graph

8885 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 8d279de433
Merge pull request #3817 from bishal7679/runc-fix
Fixed the debugging plugin command  `docker-runc`
2022-10-18 23:27:10 +02:00
Sebastiaan van Stijn 759f3aa10f
vendor: github.com/moby/buildkit v0.10.5
https://github.com/moby/buildkit/releases/tag/v0.10.5

no changes to vendored code

full diff: https://github.com/moby/buildkit/compare/v0.10.4...v0.10.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-18 22:43:12 +02:00
Bishal Das 3da9499e50 fixed the plugin command docker-runc
Signed-off-by: Bishal Das <bishalhnj127@gmail.com>
2022-10-15 00:14:16 +05:30
Sebastiaan van Stijn 1d6c6e2367
Merge pull request #3130 from acouvreur/master
feat(zsh): add context argument completion
2022-10-13 15:24:13 +02:00
mspiess 68330e099a add ability to override ints in compose files with 0
Signed-off-by: Marco Spiess <marco.spiess@hotmail.de>
2022-10-12 20:57:46 +02:00
Sebastiaan van Stijn ed525aa322
Merge pull request #3806 from thaJeztah/deprecate_override_kernel_check
docs: update deprecation status for "overlay2.override_kernel_check"
2022-10-12 17:27:25 +02:00
Sebastiaan van Stijn f947138333
Merge pull request #3808 from thaJeztah/docs_update_confusing_example
docs/reference: run.md update confusing example name
2022-10-11 18:24:59 +02:00
Sebastiaan van Stijn aea2a8c410
docs/reference: run.md update confusing example name
This example was mounting `/dev/zero` as `/dev/nulo` inside the container.
The `nulo` name was intended to be a "made up / custom" name, but various
readers thought it to be a typo for `/dev/null`.

This patch updates the example to use `/dev/foobar` as name, which should
make it more clear that it's a custom name.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-11 00:34:49 +02:00
Sebastiaan van Stijn bacc5e3aad
docs: update deprecation status for "overlay2.override_kernel_check"
Commit 955c1f881a
(v17.12.0) replaced detection of support for multiple lowerdirs (as required by
overlay2) to not depend on the kernel version. The `overlay2.override_kernel_check`
was still used to print a warning that older kernel versions may not have full
support.

After this, e226aea280
(v20.10, but backported to v19.03.7) removed uses of the option altogether.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-10 14:33:34 +02:00
Sebastiaan van Stijn 8d807a045c
Merge pull request #3805 from debfx/docs-security-opt
docs: use correct separator in --security-opt
2022-10-09 15:34:30 +02:00
Felix Geyer 4648c00848 docs: use correct separator in --security-opt
> Security options with `:` as a separator are deprecated and will be completely unsupported in 17.04, use `=` instead.

Signed-off-by: Felix Geyer <debfx@fobos.de>
2022-10-09 12:54:20 +02:00
Sebastiaan van Stijn d0bd373986
Merge pull request #3799 from thaJeztah/bump_go_1.19.2
Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
2022-10-04 23:23:15 +02:00
Sebastiaan van Stijn 485f1f79c5
Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
From the mailing list:

We have just released Go versions 1.19.2 and 1.18.7, minor point releases.

These minor releases include 3 security fixes following the security policy:

- archive/tar: unbounded memory consumption when reading headers

  Reader.Read did not set a limit on the maximum size of file headers.
  A maliciously crafted archive could cause Read to allocate unbounded
  amounts of memory, potentially causing resource exhaustion or panics.
  Reader.Read now limits the maximum size of header blocks to 1 MiB.

  Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue.

  This is CVE-2022-2879 and Go issue https://go.dev/issue/54853.

- net/http/httputil: ReverseProxy should not forward unparseable query parameters

  Requests forwarded by ReverseProxy included the raw query parameters from the
  inbound request, including unparseable parameters rejected by net/http. This
  could permit query parameter smuggling when a Go proxy forwards a parameter
  with an unparseable value.

  ReverseProxy will now sanitize the query parameters in the forwarded query
  when the outbound request's Form field is set after the ReverseProxy.Director
  function returns, indicating that the proxy has parsed the query parameters.
  Proxies which do not parse query parameters continue to forward the original
  query parameters unchanged.

  Thanks to Gal Goldstein (Security Researcher, Oxeye) and
  Daniel Abeles (Head of Research, Oxeye) for reporting this issue.

  This is CVE-2022-2880 and Go issue https://go.dev/issue/54663.

- regexp/syntax: limit memory used by parsing regexps

  The parsed regexp representation is linear in the size of the input,
  but in some cases the constant factor can be as high as 40,000,
  making relatively small regexps consume much larger amounts of memory.

  Each regexp being parsed is now limited to a 256 MB memory footprint.
  Regular expressions whose representation would use more space than that
  are now rejected. Normal use of regular expressions is unaffected.

  Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue.

  This is CVE-2022-41715 and Go issue https://go.dev/issue/55949.

View the release notes for more information: https://go.dev/doc/devel/release#go1.19.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-04 20:51:47 +02:00
Sebastiaan van Stijn c2f1671595
Use gofumpt if available, and enable gofumpt linter
gofumpt provides a supserset of gofmt / go fmt, but not every developer may have
it installed, so for situations where it's not available, fall back to gofmt.

As our code has been formatted with gofumpt already, in most cases contributions
will follow those formatting rules, but in some cases there may be a difference,
which would already be flagged by manual code review, but let's also enable the
gofumpt linter.

With this change, `make fmt` will use gofumpt is available; gofumpt has been
added to the dev-container, so `make -f docker.Makefile fmt` will always use it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 19:14:36 +02:00
Sebastiaan van Stijn 616124525e
format go with gofumpt (with -lang=1.19)
Looks like the linter uses an explicit -lang, which (for go1.19)
results in some additional formatting for octal values.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 19:14:36 +02:00
Sebastiaan van Stijn 65438e008c
Merge pull request #3794 from thaJeztah/use_gofumpt
format code with gofumpt
2022-09-30 13:50:51 +02:00
Sebastiaan van Stijn 1da95ff6aa
format code with gofumpt
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:59:11 +02:00
Sebastiaan van Stijn fed93645f1
Merge pull request #3796 from thaJeztah/add_is_plugincommand_utility
cli-plugins/manager: add IsPluginCommand(() utility
2022-09-30 11:58:54 +02:00
Sebastiaan van Stijn a5c8d39a15
Merge pull request #3790 from thaJeztah/context_cleanup
context: various cleanups and improvements
2022-09-30 11:54:39 +02:00
Sebastiaan van Stijn cd7c493ea2
cli/context/store: rename removeAllContextData(), removeAllEndpointData()
The existing `remove()` was unused, and using that as name makes it more
consistent with the metadata-store. Also renaming `removeAllEndpointData`
to just `removeEndpoint`, as it's part of the TLS-store, which should already
make it clear it's about (TLS)data.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:19:26 +02:00
Sebastiaan van Stijn 09c94c1c21
cli/context/store: List(): don't interrupt listing for not-found errors
There's no reason to stop listing contexts if a context does not exist
while iterating over the directories,

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:19:26 +02:00
Sebastiaan van Stijn 951bb481c0
cli/context/store: New(): return concrete type
Go conventions are for interfaces to be defined on the receiver side,
and for producers to return concrete types. This patch changes the
constructor to return a concrete type.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:19:25 +02:00
Sebastiaan van Stijn de6020a240
cli/context/store: simplify error handling, and make it more idiomatic
The package defined various special errors; these errors existed for two reasons;

- being able to distinguish "not found" errors from other errors (as "not found"
  errors can be ignored in various cases).
- to be able to update the context _name_ in the error message after the error
  was created. This was needed in cases where the name was not available at the
  location where the error was produced (e.g. only the "id" was present), and
  the helpers to detect "not found" errors did not support wrapped errors (so
  wrapping the error with a "name" could break logic); a `setContextName` interface
  and corresponding `patchErrContextName()` utility was created for this (which
  was a "creative", but not very standard approach).

This patch:

- Removes the special error-types, replacing them with errdefs definitions (which
  is a more common approach in our code-base to detect error types / classes).
- Removes the internal utilities for error-handling, and deprecates the exported
  utilities (to allow external consumers to adjust their code).
- Some errors have been enriched with detailed information (which may be useful
  for debugging / problem solving).
- Note that in some cases, `patchErrContextName()` was called, but the code
  producing the error would never return a `setContextName` error, so would
  never update the error message.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:19:25 +02:00
Sebastiaan van Stijn 38f54e7926
cli/context/store: remove filePath(), make contextDir() accept name
removing the extra abstraction, and simplify use of contextDir()

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:18:52 +02:00
Sebastiaan van Stijn 9720d5b451
cli/context/store: listContextData(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:06 +02:00
Sebastiaan van Stijn 712cc9a1c7
cli/context/store: remove(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:06 +02:00
Sebastiaan van Stijn 0bcdff2571
cli/context/store: getData(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:06 +02:00
Sebastiaan van Stijn 3b7f13a5e5
cli/context/store: createOrUpdate(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:06 +02:00
Sebastiaan van Stijn c3eb116f9c
cli/context/store: removeAllEndpointData(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:06 +02:00
Sebastiaan van Stijn 42e275eaf6
cli/context/store: TestTlsCreateUpdateGetRemove(): use correct ID
This test was depending on the fact that contextDir's are a string,
and for the test is was using the context _name_ as a pseudo-ID.

This patch updates the test to be more explicit where ID's and where
names are used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:05 +02:00
Sebastiaan van Stijn d0398c423f
cli/context/store: removeAllContextData(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally. This also fixes a test which incorrectly used "names" as
pseudo-IDs.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:05 +02:00
Sebastiaan van Stijn f843c42c05
cli/context/store: listRecursivelyMetadataDirs(): use filepath.Join()
Looks like the intent here is to get the path of a subdirectory.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:05 +02:00
Sebastiaan van Stijn c6dfff131f
cli/context/store: metadataStore.get(), .remove(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:05 +02:00
Sebastiaan van Stijn 90f1238fb2
cli-plugins/manager: add IsPluginCommand(() utility
This makes it more convenient to check if a command is a plugin-stub

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 02:24:23 +02:00
Sebastiaan van Stijn a496a7d501
Merge pull request #3795 from thaJeztah/ignore_stubs_in_aliases
fix broken alias check is buildx is installed as alias for builder
2022-09-30 02:24:04 +02:00
Sebastiaan van Stijn 7af8aac169
fix broken alias check is buildx is installed as alias for builder
Commit cbec75e2f3 updated `runDocker()` to load
plugin-stubs before `processAliases()` was executed. As a result, plugin
stubs were considered as "builtin commands", causing the alias verification
to fail;

Without alias installed:

```bash
docker version
Client:
 Version:           22.06.0-beta.0-140-g3dad26ca2.m
 API version:       1.42
 Go version:        go1.19.1
 Git commit:        3dad26ca2
 Built:             Wed Sep 28 22:36:09 2022
 OS/Arch:           darwin/arm64
 Context:           default
...
```

After running `docker buildx install`;

```bash
./build/docker buildx install

cat ~/.docker/config.json
{
    "aliases": {
        "builder": "buildx"
    }
}

./build/docker version
not allowed to alias with builtin "buildx" as target
```

This patch moves loading the stubs _after_ the call to `processAliases()`, so
that verification passes. As an extra precaution, the `processAliases()` function
is also updated to exclude plugin-stub commands.

Note that cbec75e2f3 also introduced a performance
regression, which may be related to the early loading of plugins (and creating
stubs); it looks like various other code locations may also be loading plugins,
for example `tryPluginRun()` calls `pluginmanager.PluginRunCommand()`, which
also traverses plugin directories.

We should look under what circumstances the plugin stub-commands are actually
needed, and make sure that they're only created in those situations.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-29 22:40:51 +02:00
Sebastiaan van Stijn ef80de39ab
Merge pull request #3792 from thaJeztah/compose_tests
cli/compose: remove redundant reflection from tests
2022-09-29 16:15:21 +02:00
Sebastiaan van Stijn a9ccb6552d
cli/compose: remove redundant reflection from tests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-29 15:35:31 +02:00
Sebastiaan van Stijn c39dfc3801
Merge pull request #3791 from thaJeztah/context_force_remove
docker context rm: allow --force to ignore non-existing contexts
2022-09-29 11:26:12 +02:00
Sebastiaan van Stijn 9a493b1bf7
docker context rm: allow --force to ignore non-existing contexts
Before this change, running `docker context rm --force` would fail if the context
did not exist. This behavior was different from other commands, which allowed
ignoring non-existing objects.

For example; when trying to remove a non-existing volume, the command would
fail without "force":

```bash
docker volume rm nosuchvolume
Error: No such volume: nosuchvolume
echo $?
1
```

But using the `-f` / `--force` option would make the command complete successfully
(the error itself is still printed for informational purposes);

```bash
docker volume rm -f nosuchvolume
nosuchvolume
echo $?
0
```

With this patch, `docker context rm` behaves the same:

```bash
docker context rm nosuchcontext
context "nosuchcontext" does not exist
echo $?
1
```

```bash
docker context rm -f nosuchcontext
nosuchcontext
echo $?
0
```

This patch also simplifies how we check if the context exists; previously we
would try to read the context's metadata; this could fail if a context was
corrupted, or if an empty directory was present. This patch now only checks
if the directory exists, without first validating the context's data.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-29 10:57:51 +02:00
Sebastiaan van Stijn 3dad26ca2d
Merge pull request #3760 from thaJeztah/update_credshelpers
vendor: github.com/docker/docker-credential-helpers v0.7.0
2022-09-22 19:07:00 +02:00
Sebastiaan van Stijn b07a52195e
Merge pull request #3784 from thaJeztah/bump_gotest_tools
vendor: gotest.tools v3.3.0 and use t.SetEnv()
2022-09-22 17:48:26 +02:00
Sebastiaan van Stijn ef2a826636
vendor: gotest.tools v3.3.0
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.1.0...v3.3.0

- golden: accept -update for updating files
- assert: golden variables

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 17:28:07 +02:00
Sebastiaan van Stijn 28b0aa9f1a
replace uses of deprecated env.Patch()
Also removing redundant defer for env.PatchAll(), which is now automatically
handled in t.Cleanup()

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 17:28:07 +02:00
Sebastiaan van Stijn 843e71672f
vendor: github.com/docker/docker-credential-helpers v0.7.0
no significant local changes

full diff: https://github.com/docker/docker-credential-helpers/compare/v0.6.4...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 17:27:16 +02:00
Sebastiaan van Stijn 320337f17a
Merge pull request #3783 from thaJeztah/update_engine
vendor: docker v20.10.3-0.20220922131805-e143eed8bc4f (22.06 branch)
2022-09-22 17:25:50 +02:00
Sebastiaan van Stijn de2105d151
vendor: docker v20.10.3-0.20220922131805-e143eed8bc4f (22.06 branch)
full diff: 8af2e62556...e143eed8bc

- client: ignore kernel-memory on API >= 1.42

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 15:31:25 +02:00
Sebastiaan van Stijn edd51b2288
Merge pull request #3779 from imjasonh/created-na
cli: use N/A as placeholder for old CREATED dates
2022-09-22 10:57:19 +02:00
Jason Hall 90db6b82a3
cli: use N/A as placeholder for old CREATED dates
Signed-off-by: Jason Hall <jason@chainguard.dev>
2022-09-19 12:08:10 -04:00
Sebastiaan van Stijn 06cbd267c9
Merge pull request #3778 from imjasonh/created
cli: hide old CREATED times, instead of "52 years ago"
2022-09-16 18:21:21 +01:00