Commit Graph

8356 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 0359f8eeee
Merge pull request #3939 from vvoland/docs-run-fix-blog
docs/run: Fix url to blog "Docker can now run within Docker"
2022-12-29 15:03:15 +01:00
Paweł Gronowski 720a6a8239
docs/run: Fix url to blog "Docker can now run within Docker"
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2022-12-29 14:33:34 +01:00
Sebastiaan van Stijn b1db70ded7
Merge pull request #3931 from danger89/patch-1
Missing exec_die event
2022-12-28 18:11:16 +01:00
Melroy van den Berg 946bb9471b
Missing exec_die event
Add also `exec_die` event.

Signed-off-by: Melroy van den Berg <melroy@melroy.org>
2022-12-28 01:50:50 +01:00
Sebastiaan van Stijn ed94b6ee91
Merge pull request #3935 from thaJeztah/remove_networkdisabled
cli/command/container: remove unused NetworkDisabled field
2022-12-27 16:04:49 +01:00
Sebastiaan van Stijn 112f4ec38d
Merge pull request #3934 from thaJeztah/update_engine
vendor: github.com/docker/docker v23.0.0-rc.1 (use tag)
2022-12-27 16:04:28 +01:00
Sebastiaan van Stijn cea94069fb
Merge pull request #3933 from thaJeztah/update_mousetrap
vendor: github.com/inconshreveable/mousetrap v1.1.0
2022-12-27 16:04:07 +01:00
Sebastiaan van Stijn 784f660143
cli/command/container: remove unused NetworkDisabled field
This comment was added in 7929888214
when this code was still in the Moby repository. That comment doesn't appear
to apply to the CLI's usage of this struct though, as nothing in the CLI
sets this field (or uses it), so this should be safe to remove.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-27 15:26:23 +01:00
Sebastiaan van Stijn 6fe14e61f2
vendor: github.com/docker/docker v23.0.0-rc.1 (use tag)
no changes in code, as this is the same commit, but now using the tag

full diff: https://github.com/docker/docker/compare/cba986b34090...v23.0.0-rc.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-27 13:48:20 +01:00
Sebastiaan van Stijn c5982f373c
vendor: github.com/inconshreveable/mousetrap v1.1.0
removes compatibility code for go1.3 and older;

https://github.com/inconshreveable/mousetrap/compare/v1.0.1...v1.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-27 13:45:16 +01:00
Sebastiaan van Stijn 139e924690
Merge pull request #3929 from thaJeztah/update_engine
vendor: update docker/docker to tip of v23.0 branch
2022-12-22 23:47:11 +01:00
Sebastiaan van Stijn cc859412c8
vendor: github.com/docker/docker v23.0.0-beta.1.0.20221221173850-cba986b34090
full diff: https://github.com/docker/docker/compare/v23.0.0-beta.1...cba986b34090

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 23:06:38 +01:00
Sebastiaan van Stijn 70d24e854b
vendor: github.com/moby/swarmkit/v2 v2.0.0-20221215132206-0da442b2780f
full diff: b17f02f0a0...0da442b278

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 23:04:12 +01:00
Sebastiaan van Stijn bab905a442
vendor: golang.org/x/crypto v0.2.0
full diff: https://github.com/golang/crypto/compare/v0.1.0...v0.2.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 23:02:17 +01:00
Sebastiaan van Stijn 929f23fcf9
vendor: golang.org/x/net v0.4.0
full diff: https://github.com/golang/net/compare/v0.1.0...v0.4.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 23:00:49 +01:00
Sebastiaan van Stijn 2df9ff91e1
vendor: golang.org/x/term v0.3.0
full diff: https://github.com/golang/term/compare/v0.1.0...v0.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 22:59:45 +01:00
Sebastiaan van Stijn 1b75c7c52a
vendor: golang.org/x/text v0.5.0
full diff: https://github.com/golang/text/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 22:53:24 +01:00
Sebastiaan van Stijn e3e0b7a6c8
vendor: golang.org/x/sys v0.3.0
full diff: https://github.com/golang/sys/compare/v0.2.0...v0.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 22:51:19 +01:00
Sebastiaan van Stijn 6f2f021b6d
vendor: github.com/prometheus/client_golang v1.14.0
full diff: https://github.com/prometheus/client_golang/compare/v1.13.0...v1.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 22:48:55 +01:00
Sebastiaan van Stijn dedbcec469
vendor: github.com/opencontainers/runc v1.1.3
full diff: https://github.com/opencontainers/runc/compare/v1.1.2...v1.1.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 22:46:56 +01:00
Sebastiaan van Stijn cd2098c461
vendor: github.com/klauspost/compress v1.15.12
full diff: https://github.com/klauspost/compress/compare/v1.15.9...v1.15.12

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 22:45:42 +01:00
Sebastiaan van Stijn d7869beade
vendor: github.com/containerd/containerd v1.6.14
full diff: https://github.com/containerd/containerd/compare/v1.6.10...v1.6.14

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 22:43:11 +01:00
Sebastiaan van Stijn 378c92d758
Merge pull request #3925 from thaJeztah/fix_warning_typo
cmd/docker: fix typo in deprecation warning
2022-12-19 13:57:00 +01:00
Sebastiaan van Stijn 06eba426d7
cmd/docker: fix typo in deprecation warning
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-19 13:03:28 +01:00
Sebastiaan van Stijn 9a5d5aefb8
Merge pull request #3923 from dozjul/master
Added missing backslash to documentation cli snippet
2022-12-18 11:18:16 +01:00
Julian 895e7a3df8
Added missing backslash to documentation sites cli snippet
I think the cli code block misses a backslash to brevent line break when copy/pasting it to a terminal.
I doubt that this is intentional, if it is, feel free to reject the pr.

Signed-off-by: Julian <gitea+julian@ic.thejulian.uk>
2022-12-18 10:47:51 +01:00
Sebastiaan van Stijn 51f36c6be1
Merge pull request #3915 from thaJeztah/remove_libtrust_todo
cli/flags: remove outdated TODO
2022-12-15 16:05:01 +01:00
Sebastiaan van Stijn 2f733b87f9
cli/flags: remove outdated TODO
Libtrust was only used for pushing schema 2, v1 images, which is no longer
supported; this TODO was likely left from when the CLI and daemon were
in the same repository.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-15 15:29:56 +01:00
Sebastiaan van Stijn 990674901b
Merge pull request #3905 from thaJeztah/improve_buildkit_error
cmd/docker: improve error message if BUILDKIT_ENABLED=0
2022-12-09 14:24:46 +01:00
Sebastiaan van Stijn 60d62fb729
cmd/docker: improve error message if BUILDKIT_ENABLED=0
Before this change, the error would suggest installing buildx:

    echo "FROM scratch" | DOCKER_BUILDKIT=0  docker build -
    DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
                Install the buildx component to build images with BuildKit:
                https://docs.docker.com/go/buildx/

    ...

However, this error would also be shown if buildx is actually installed,
but disabled through "DOCKER_BUILDKIT=0";

    docker buildx version
    github.com/docker/buildx v0.9.1 ed00243

With this patch, it reports that it's disabled, and how to fix:

    echo "FROM scratch" | DOCKER_BUILDKIT=0  docker build -
    DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
                BuildKit is currently disabled; enabled it by removing the DOCKER_BUILDKIT=0
                environment-variable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-09 13:08:07 +01:00
Sebastiaan van Stijn 83ca73f9aa
Merge pull request #3900 from pdaig/fix-ssh-killed
Fix ssh process killed when context is done
2022-12-08 20:26:33 +01:00
Sebastiaan van Stijn 693ae6ca73
Merge pull request #3912 from thaJeztah/bump_engine
vendor: github.com/docker/docker v23.0.0-beta.1
2022-12-08 10:24:44 +01:00
Sebastiaan van Stijn 0f6023a9c3
vendor: github.com/docker/docker v23.0.0-beta.1
Allows us to remove the replace rule, although we probably need to
add it back if we want to update to a newer version from the release
branch (as go mod doesn't support release branches :(( ).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-07 23:14:19 +01:00
Sebastiaan van Stijn c567f674c6
Merge pull request #3906 from thaJeztah/bump_buildx
Dockerfile: update buildx to v0.9.1
2022-12-07 15:34:48 +01:00
Sebastiaan van Stijn 40694311b4
Merge pull request #3907 from thaJeztah/update_go_1.19.4
update to go1.19.4
2022-12-07 13:21:36 +01:00
Sebastiaan van Stijn 016846e950
update to go1.19.4
Includes security fixes for net/http (CVE-2022-41717, CVE-2022-41720),
and os (CVE-2022-41720).

These minor releases include 2 security fixes following the security policy:

- os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

  The os.DirFS function and http.Dir type provide access to a tree of files
  rooted at a given directory. These functions permitted access to Windows
  device files under that root. For example, os.DirFS("C:/tmp").Open("COM1")
  would open the COM1 device.
  Both os.DirFS and http.Dir only provide read-only filesystem access.

  In addition, on Windows, an os.DirFS for the directory \(the root of the
  current drive) can permit a maliciously crafted path to escape from the
  drive and access any path on the system.

  The behavior of os.DirFS("") has changed. Previously, an empty root was
  treated equivalently to "/", so os.DirFS("").Open("tmp") would open the
  path "/tmp". This now returns an error.

  This is CVE-2022-41720 and Go issue https://go.dev/issue/56694.

- net/http: limit canonical header cache by bytes, not entries

  An attacker can cause excessive memory growth in a Go server accepting
  HTTP/2 requests.

  HTTP/2 server connections contain a cache of HTTP header keys sent by
  the client. While the total number of entries in this cache is capped,
  an attacker sending very large keys can cause the server to allocate
  approximately 64 MiB per open connection.

  This issue is also fixed in golang.org/x/net/http2 vX.Y.Z, for users
  manually configuring HTTP/2.

  Thanks to Josselin Costanzi for reporting this issue.

  This is CVE-2022-41717 and Go issue https://go.dev/issue/56350.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.19.4

And the milestone on the issue tracker:
https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.19.3...go1.19.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 23:03:41 +01:00
Sebastiaan van Stijn 0e15d73c65
Dockerfile: update buildx to v0.9.1
This is only used for testing, but saw it was a bit behind.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 14:25:04 +01:00
Sebastiaan van Stijn 65d3f7830d
Merge pull request #3904 from thaJeztah/fix_lazy_evaluate
cmd/docker: make feature detection lazy again
2022-12-06 10:39:06 +01:00
Sebastiaan van Stijn 006c946389
cmd/docker: make feature detection lazy again
Commit 20ba591b7f fixed incorrect feature
detection in the CLI, but introduced a regression; previously the "ping"
would only be executed if needed (see b39739123b),
but by not inlining the call to `ServerInfo()` would now always be called.

This patch inlines the code again to only execute the "ping" conditionally,
which allows it to be executed lazily (and omitted for commands that don't
require a daemon connection).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 10:17:50 +01:00
Sebastiaan van Stijn 8fc1444558
Merge pull request #3901 from thaJeztah/carry_3845
Fix bug where incorrect response is returned [carry 3845]
2022-12-06 09:23:59 +01:00
Adyanth Hosavalike 20ba591b7f
Fix bug where incorrect response is returned
When server is unreachable and docker checkpoint (or any command that
needs to check the server type) is run, incorrect error was returned.

When checking if the daemon had the right OS, we compared the OSType
from the clients ServerInfo(). In situations where the client cannot
connect to the daemon, a "stub" Info is used for this, in which we
assume the daemon has experimental enabled, and is running the latest
API version.

However, we cannot fill in the correct OSType, so this field is empty
in this situation.

This patch only compares the OSType if the field is non-empty, otherwise
assumes the platform matches.

before this:

    docker -H unix:///no/such/socket.sock checkpoint create test test
    docker checkpoint create is only supported on a Docker daemon running on linux, but the Docker daemon is running on

with this patch:

    docker -H unix:///no/such/socket.sock checkpoint create test test
    Cannot connect to the Docker daemon at unix:///no/such/socket.sock. Is the docker daemon running?

Co-authored-by: Adyanth Hosavalike <ahosavalike@ucsd.edu>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 08:55:47 +01:00
Sebastiaan van Stijn f33ef47061
Merge pull request #3903 from thaJeztah/build_test_dummy
cil/command: use dummy client for build-tests
2022-12-06 08:24:13 +01:00
Sebastiaan van Stijn 121c613877
cil/command: use dummy client for build-tests
These tests were using the default client, which would try to make a connection
with the daemon (which isn't running). Some of these test subsequently had
tests that depended on the result of that connection (i.e., "ping" result).

This patch updates the test to use a dummy client, so that the ping result is
predictable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 22:37:40 +01:00
Sebastiaan van Stijn 21e45ff852
cli/command: add WithAPIClient
This allows the cli to be initialized with a (custom) API client.
Currently to be used for unit tests, but could be used for other
scenarios.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 21:40:39 +01:00
Sebastiaan van Stijn 74874cd0c9
Merge pull request #3661 from thaJeztah/update_images
docs: various (minor) changes and rewording
2022-12-05 17:28:34 +01:00
Sebastiaan van Stijn b65bda6890
Merge pull request #3829 from dvdksn/fix-doclink-cli
updated additionalHelp text
2022-12-05 17:23:27 +01:00
Sebastiaan van Stijn 60833d2046
docs/reference: exec: update some examples
Use /bin/sh in the examples, as it's more likely to be present in a
container than bash (some users got confused by this, so using plain
"sh" in the examples could lead to less confusion).

Also added some extra wording around defaults, and how they're inherited
by the exec'd process.

It's definitely not "perfect" yet (lots to do in this document to improve
it), but it's a start :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:10:05 +01:00
Sebastiaan van Stijn cac78c237f
docs/reference: info: update example output
Update the example output to not use deprecated storage drivers or
Windows versions.

Also removes the section about `--debug`, because the `docker info` output
depends on the _daemon_ (not the client) to have debug mode enabled.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:10:05 +01:00
Sebastiaan van Stijn 9ba371f665
docs: update examples to not use deprecated images
using latest ubuntu LTS, and alpine for some examples. Also syncing some
wording between the man-pages and online docs.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:10:05 +01:00
Sebastiaan van Stijn 74086bc93b
doc/reference: update attach reference
Some touch-ups in the attach reference and man-page;

- remove uses of old images (ubuntu 14.04)
- adds some more wording about `-i` and `-t` to use the detach sequence.
- use `--filter` instead of `grep` to list the container, to make the
  example more portable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:10:05 +01:00