Commit Graph

9426 Commits

Author SHA1 Message Date
Sebastiaan van Stijn afc62d8d1c
update to go1.21.4
Reverts "update to go1.21.4" due to regressions / breaking changes."

This reverts commit 4cf1c50ad1.
This re-applies commit 6472dabe4c.

----

update to go1.21.4

go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. See the Go 1.21.4 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.3...go1.21.4

from the security mailing:

[security] Go 1.21.4 and Go 1.20.11 are released

Hello gophers,

We have just released Go versions 1.21.4 and 1.20.11, minor point releases.

These minor releases include 2 security fixes following the security policy:

- path/filepath: recognize `\??\` as a Root Local Device path prefix.

  On Windows, a path beginning with `\??\` is a Root Local Device path equivalent
  to a path beginning with `\\?\`. Paths with a `\??\` prefix may be used to
  access arbitrary locations on the system. For example, the path `\??\c:\x`
  is equivalent to the more common path c:\x.

  The filepath package did not recognize paths with a `\??\` prefix as special.

  Clean could convert a rooted path such as `\a\..\??\b` into
  the root local device path `\??\b`. It will now convert this
  path into `.\??\b`.

  `IsAbs` did not report paths beginning with `\??\` as absolute.
  It now does so.

  VolumeName now reports the `\??\` prefix as a volume name.

  `Join(`\`, `??`, `b`)` could convert a seemingly innocent
  sequence of path elements into the root local device path
  `\??\b`. It will now convert this to `\.\??\b`.

  This is CVE-2023-45283 and https://go.dev/issue/63713.

- path/filepath: recognize device names with trailing spaces and superscripts

  The `IsLocal` function did not correctly detect reserved names in some cases:

  - reserved names followed by spaces, such as "COM1 ".
  - "COM" or "LPT" followed by a superscript 1, 2, or 3.

  `IsLocal` now correctly reports these names as non-local.

  This is CVE-2023-45284 and https://go.dev/issue/63713.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-05 23:52:56 +01:00
David Karlsson 8bbc97c867 prune: fix build cache prune warning
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-05 20:11:15 +01:00
Sebastiaan van Stijn 0acee94354
Merge pull request #4687 from TheRealGramdalf/dockerd-ref-patch
Fix typo in dockerd reference documentation
2023-12-03 14:50:41 +01:00
TheRealGramdalf e93ec2f6a6 Fix typo in dockerd reference documentation
Signed-off-by: Graeme Wiebe <graeme.wiebe@gmail.com>
2023-12-02 15:18:27 -08:00
Sebastiaan van Stijn ecf9bd3870
Merge pull request #4686 from thaJeztah/update_engine2
vendor: github.com/docker/docker 029519a1498b (v25.0.0-dev)
2023-12-01 16:45:05 +01:00
Sebastiaan van Stijn f807c9494b
Merge pull request #4690 from thaJeztah/bump_mux
vendor: github.com/gorilla/mux v1.8.1
2023-12-01 16:44:41 +01:00
Sebastiaan van Stijn 5a04708880
vendor: github.com/docker/docker 029519a1498b (v25.0.0-dev)
full diff: cfdca8dc1d...029519a149

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-01 16:32:47 +01:00
Sebastiaan van Stijn aa9fdb4dd0
vendor: github.com/gorilla/mux v1.8.1
full diff: https://github.com/gorilla/mux/compare/v1.8.0...v1.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-01 16:12:20 +01:00
Sebastiaan van Stijn 0c46ef0c3a
Merge pull request #4689 from perlun/patch-1
exec.md: remove misleading part
2023-12-01 14:52:22 +01:00
Per Lundberg a431b1dda6
exec.md: remove misleading part
"By default" implies that this is something which could be
disabled for an individual `docker exec` call. This doesn't seem
to be the case, so removing the "by default" part would make
these docs clearer to me.

Signed-off-by: Per Lundberg <per.lundberg@hibox.tv>
2023-12-01 15:32:41 +02:00
Sebastiaan van Stijn c1455b6751
Merge pull request #4683 from thaJeztah/remove_ce_ee
Readme: remove reference to "Docker EE"
2023-11-28 12:52:36 +01:00
Sebastiaan van Stijn 654ff3ae00
Merge pull request #4681 from thaJeztah/noraw
docs: remove "{% raw %}" / "{% endraw %}" Jekyl (liquid) leftovers
2023-11-28 10:25:31 +01:00
Sebastiaan van Stijn b62b5d48f2
Readme: remove reference to "Docker EE"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-28 10:23:11 +01:00
Sebastiaan van Stijn 48e889023f
Merge pull request #4679 from thaJeztah/fix_flag_typo
docs/man: fix -name flag with single hyphen
2023-11-27 22:12:05 +01:00
Sebastiaan van Stijn 354f62f0c5
docs: reference/commandlin/cli: remove redundant italic
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-27 22:05:49 +01:00
Sebastiaan van Stijn e2626200aa
docs: remove "{% raw %}" / "{% endraw %}" Jekyl (liquid) leftovers
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-27 22:05:39 +01:00
Sebastiaan van Stijn 174cbb588f
docs/man: fix -name flag with single hyphen
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-27 20:58:55 +01:00
Sebastiaan van Stijn 5aa3077c36
Merge pull request #4673 from thaJeztah/update_engine
vendor: github.com/docker/docker cfdca8dc1d4c (v25.0.0-dev)
2023-11-24 10:29:26 +01:00
Sebastiaan van Stijn 539537ddf5
vendor: github.com/docker/docker cfdca8dc1d4c (v25.0.0-dev)
also added nolint:staticcheck to spec.Networks refs

full diff: https://github.com/docker/docker/compare/v25.0.0-beta.1...cfdca8dc1d4c84ee235f395a011ca62315c957a7

Co-authored-by: Albin Kerouanton <albinker@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-24 09:50:12 +01:00
Sebastiaan van Stijn 6d820e817b
Merge pull request #4354 from thaJeztah/update_alpine_3.18
Dockerfile: update ALPINE_VERSION to 3.18
2023-11-23 23:51:30 +01:00
Sebastiaan van Stijn 0c0ef7f690
Merge pull request #4675 from thaJeztah/update_buildx
Dockerfile: update buildx to v0.12.0
2023-11-23 23:44:04 +01:00
Sebastiaan van Stijn 6a74a63ee2
Dockerfile: update ALPINE_VERSION to 3.18
This also moves `musl-dev` to the alpine-base stage, due to changes in
Alpine 3.18 causing gotestsum build to fail because stdlib.h was missing;

    #17 5.065 # runtime/cgo
    #17 5.065 In file included from _cgo_export.c:3:
    #17 5.065 /usr/include/fortify/stdlib.h:23:15: fatal error: stdlib.h: No such file or directory
    #17 5.065    23 | #include_next <stdlib.h>
    #17 5.065       |               ^~~~~~~~~~

alpine 3.17:

    / # find / | grep stdlib.h
    /usr/include/c++/12.2.1/tr1/stdlib.h
    /usr/include/c++/12.2.1/stdlib.h

alpine 3.18

    / # find / | grep stdlib.h
    /usr/lib/llvm16/lib/clang/16/include/__clang_hip_stdlib.h
    /usr/include/fortify/stdlib.h
    /usr/include/c++/12.2.1/tr1/stdlib.h
    /usr/include/c++/12.2.1/stdlib.h

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-23 23:37:48 +01:00
Sebastiaan van Stijn 49f7de7089
Merge pull request #4674 from thaJeztah/docs_bookworm
docs: update debian examples to use bookworm
2023-11-23 23:35:30 +01:00
Sebastiaan van Stijn 35c6e915d1
Dockerfile: update buildx to v0.12.0
Release notes: https://github.com/docker/buildx/releases/tag/v0.12.0

Full diff: https://github.com/docker/buildx/compare/v0.11.1...v0.12.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-23 23:32:14 +01:00
Sebastiaan van Stijn 6468c63c81
docs: update debian examples to use bookworm
"bullseye" is no longer the "latest" debian, so these
examples were now incorrect.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-23 23:21:07 +01:00
Sebastiaan van Stijn 1c6d7d00d6
Merge pull request #4410 from crazy-max/update-bookworm
Dockerfile: update to debian bookworm
2023-11-23 23:19:41 +01:00
CrazyMax 0d95231ccb
Dockerfile: use "debian" in stages instead of distro name
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-11-23 23:11:42 +01:00
CrazyMax c5194a9e5d
Dockerfile: update to debian bookworm
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-11-23 23:11:35 +01:00
Sebastiaan van Stijn ce22ac2736
Merge pull request #3770 from thaJeztah/update_golangci_lint_step2
golangci-lint: enable more linters
2023-11-23 17:56:28 +01:00
Sebastiaan van Stijn 8046bb2d9e
Merge pull request #4671 from thaJeztah/bind_recusrive_no_bool
mount: bind-recursive: remove boolean convenience values
2023-11-22 11:48:56 +01:00
Sebastiaan van Stijn 7be05a6f44
mount: bind-recursive: remove boolean convenience values
- updates fc6976db45
- updates 74bace156c

Commit fc6976db45 introduced support for the
`bind-recursive` option on `--mount`, and deprecated the `bind-nonrecursive`
option.  Unlike `bind-nonrecursive` boolean, the `bind-recursive` option
accepts a string value with multiple options.

For convenience, the `bind-recursive` option also was made to accept boolean
values (true/false, 1/0). However, as the option works as the _reverse_ of
`bind-nonrecursive` (`bind-nonrecursive=true` === `bind-recursive=false`),
the new option won't be a "drop-in" replacement, and having more options
to choose from may only be adding more complexity / cognitive overload.

This patch removes support for boolean values; if we see a need to add
support for boolean values in future, it would be trivial to add back this
functionality.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-22 11:22:38 +01:00
Sebastiaan van Stijn 1401f91085
Merge pull request #4666 from thaJeztah/bump_hcsshim
vendor: github.com/Microsoft/hcsshim v0.11.4
2023-11-21 11:20:16 +01:00
Sebastiaan van Stijn 6620b0bfd0
Merge pull request #4668 from thaJeztah/bump_engine3
vendor: github.com/docker/docker v25.0.0-beta.1
2023-11-21 09:27:35 +01:00
Sebastiaan van Stijn dad4a19624
vendor: github.com/docker/docker v25.0.0-beta.1
no changes in vendored files

full diff: https://github.com/docker/docker/compare/34e923e3e31b...v25.0.0-beta.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 22:53:51 +01:00
Sebastiaan van Stijn 781f243502
Merge pull request #4667 from Hugo-C/doc-zstd
docs: Add zstd as supported in load command
2023-11-20 19:59:50 +01:00
Sebastiaan van Stijn 30d36e977e
templates: linting: fix "error return value is not checked (errchkjson)
The linter is correct; given that these functions do not allow for an error
to be returned, we panic. Alternatively, we could return the error string
as output, or add a `//nolint:errchkjson` comment.

    templates/templates.go:17:3: Error return value of `(*encoding/json.Encoder).Encode` is not checked: unsafe type `interface{}` found (errchkjson)
            enc.Encode(v)
            ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 19:52:46 +01:00
Sebastiaan van Stijn 4e2477f85f
golangci-lint: enable more linters
fix some nolintlint false positives

For some reason, nolintlint doesn't consider these used, but they seem to be
legitimate cases where deprecated fields are used.

    templates/templates.go:27:29: directive `//nolint:staticcheck // strings.Title is deprecated, but we only use it for ASCII, so replacing with golang.org/x/text is out of scope` is unused for linter "staticcheck" (nolintlint)
        "title":    strings.Title, //nolint:staticcheck // strings.Title is deprecated, but we only use it for ASCII, so replacing with golang.org/x/text is out of scope
                                   ^
    cli/command/formatter/image_test.go:75:31: directive `//nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.` is unused for linter "staticcheck" (nolintlint)
                call:     ctx.VirtualSize, //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.
                                           ^
    cli/command/registry/formatter_search.go💯39: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
        return c.formatBool(c.s.IsAutomated) //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
                                             ^
    cli/command/registry/formatter_search_test.go:50:55: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
                    s: registrytypes.SearchResult{IsAutomated: true}, //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
                                                                      ^
    cli/command/registry/formatter_search_test.go:53:31: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
                call:     ctx.IsAutomated, //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
                                           ^
    cli/command/registry/formatter_search_test.go:59:27: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
                call: ctx.IsAutomated, //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
                                       ^
    cli/command/registry/formatter_search_test.go:202:84: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
            {Name: "result2", Description: "Not official", StarCount: 5, IsAutomated: true}, //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
                                                                                             ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 19:52:46 +01:00
Sebastiaan van Stijn 0e73168b7e
golangci-lint: revive: enable use-any
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 19:52:46 +01:00
Sebastiaan van Stijn 9c0c49a5f2
golangci-lint: revive: enable empty-lines
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 19:52:45 +01:00
Sebastiaan van Stijn 8e9aec6904
golangci-lint: revive: enable import-shadowing
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 19:52:41 +01:00
Hugo Chastel f387558b55 Add zstd as supported in load command doc
Signed-off-by: Hugo Chastel <Hugo-C@users.noreply.github.com>
2023-11-20 19:38:17 +01:00
Sebastiaan van Stijn f4962c65bc
vendor: github.com/Microsoft/hcsshim v0.11.4
no changes in vendored files

full diff: https://github.com/microsoft/hcsshim/compare/v0.11.1...v0.11.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 18:15:18 +01:00
Sebastiaan van Stijn 391668f57a
golangci-lint: enable perfsprint linter
cli/compose/types/types.go:568:17: fmt.Sprintf can be replaced with faster strconv.FormatBool (perfsprint)
            return []byte(fmt.Sprintf("%v", e.External)), nil
                          ^
    cli/command/formatter/buildcache.go:174:9: fmt.Sprintf can be replaced with faster strconv.Itoa (perfsprint)
        return fmt.Sprintf("%d", c.v.UsageCount)
               ^
    cli/command/formatter/buildcache.go:178:9: fmt.Sprintf can be replaced with faster strconv.FormatBool (perfsprint)
        return fmt.Sprintf("%t", c.v.InUse)
               ^
    cli/command/formatter/buildcache.go:182:9: fmt.Sprintf can be replaced with faster strconv.FormatBool (perfsprint)
        return fmt.Sprintf("%t", c.v.Shared)
               ^
    cli/command/formatter/image.go:259:9: fmt.Sprintf can be replaced with faster strconv.FormatInt (perfsprint)
        return fmt.Sprintf("%d", c.i.Containers)
               ^
    cli/command/formatter/tabwriter/tabwriter_test.go:698:9: fmt.Sprintf can be replaced with faster strconv.Itoa (perfsprint)
            b.Run(fmt.Sprintf("%d", x), func(b *testing.B) {
                  ^
    cli/command/formatter/tabwriter/tabwriter_test.go:720:9: fmt.Sprintf can be replaced with faster strconv.Itoa (perfsprint)
            b.Run(fmt.Sprintf("%d", h), func(b *testing.B) {
                  ^
    cli/command/image/prune.go:62:31: fmt.Sprintf can be replaced with faster strconv.FormatBool (perfsprint)
        pruneFilters.Add("dangling", fmt.Sprintf("%v", !options.all))
                                     ^
    cli/command/network/formatter.go:92:9: fmt.Sprintf can be replaced with faster strconv.FormatBool (perfsprint)
        return fmt.Sprintf("%v", c.n.EnableIPv6)
               ^
    cli/command/network/formatter.go:96:9: fmt.Sprintf can be replaced with faster strconv.FormatBool (perfsprint)
        return fmt.Sprintf("%v", c.n.Internal)
               ^
    cli/command/service/formatter.go:745:9: fmt.Sprintf can be replaced with faster strconv.FormatUint (perfsprint)
            pub = fmt.Sprintf("%d", pr.pStart)
                  ^
    cli/command/service/formatter.go:750:9: fmt.Sprintf can be replaced with faster strconv.FormatUint (perfsprint)
            tgt = fmt.Sprintf("%d", pr.tStart)
                  ^
    cli/command/service/opts.go:49:10: fmt.Sprintf can be replaced with faster strconv.FormatUint (perfsprint)
            return fmt.Sprintf("%v", *i.value)
                   ^
    cli/compose/loader/loader.go:720:36: fmt.Sprint can be replaced with faster strconv.Itoa (perfsprint)
                    v, err := toServicePortConfigs(fmt.Sprint(value))
                                                   ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:18:19 +01:00
Sebastiaan van Stijn 8bbdb93cf9
golangci-lint: enable nilerr linter
cli/command/idresolver/idresolver.go:33:4: error is not nil (line 31) but it returns nil (nilerr)
    			return id, nil
    			^
    cli/command/idresolver/idresolver.go:45:4: error is not nil (line 43) but it returns nil (nilerr)
    			return id, nil
    			^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:18 +01:00
Sebastiaan van Stijn 7e9d2c78c6
golangci-lint: enable dupword linter
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:18 +01:00
Sebastiaan van Stijn 2d61f70f00
golangci-lint: govet: enable shadow check
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:18 +01:00
Sebastiaan van Stijn 606cbd60a1
golangci-lint: enable predeclared linter
cli/command/utils.go:190:35: param new has same name as predeclared identifier (predeclared)
    func StringSliceReplaceAt(s, old, new []string, requireIndex int) ([]string, bool) {
                                      ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:17 +01:00
Sebastiaan van Stijn 8661552e7a
golangci-lint: enable thelper linter
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:17 +01:00
Sebastiaan van Stijn 8e98c765f8
cli/command/system: fix deprecated comments (gocritic)
cli/command/system/info.go:470:1: deprecatedComment: use `Deprecated: ` (note the casing) instead of `DEPRECATED: ` (gocritic)
    // DEPRECATED: warnings are now generated by the daemon, and returned in
    ^
    cli/command/system/info.go:492:1: deprecatedComment: use `Deprecated: ` (note the casing) instead of `DEPRECATED: ` (gocritic)
    // DEPRECATED: warnings are now generated by the daemon, and returned in
    ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:17 +01:00
Sebastiaan van Stijn 9d7e21be21
cli/command/manifest: rename vars that collided with import
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:17 +01:00