Commit Graph

7495 Commits

Author SHA1 Message Date
Silvin Lubecki 241523cc1a
Merge pull request #3334 from thaJeztah/20.10_backport_docs
[20.10 backport] docs fixups
2021-10-15 16:44:28 +02:00
Peter Dave Hello 9989fdbc40
Update most links in docs to use https by default
cc @thaJeztah docker/docker.github.io#13680

Signed-off-by: Peter Dave Hello <hsu@peterdavehello.org>
(cherry picked from commit 417f97605f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-15 12:58:41 +02:00
Sebastiaan van Stijn 0e20c1fd21
Update Go to 1.16.9
go1.16.9 (released 2021-10-07) includes a security fix to the linker and misc/wasm
directory, as well as bug fixes to the runtime and to the text/template package.
See the Go 1.16.9 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.9+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bf310f863b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-15 11:05:24 +02:00
Sebastiaan van Stijn c4cb29837f
Merge pull request #3335 from thaJeztah/20.10_backport_remove_seccomp_warning
[20.10 backport] info: skip client-side warning about seccomp profile on API >= 1.42
2021-10-15 11:02:37 +02:00
Silvin Lubecki 0b56256638
Merge pull request #3336 from thaJeztah/20.10_backport_update_xx_image
[20.10 backport] Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
2021-10-11 17:58:39 +02:00
Sebastiaan van Stijn 1c0927a041
Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 47c7a096ff)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-11 16:41:40 +02:00
Sebastiaan van Stijn 82f9d5921b
info: skip client-side warning about seccomp profile on API >= 1.42
This warning will be moved to the daemon-side, similar to how it returns
other warnings. There's work in progress to change the name of the default
profile, so we may need to backport this change to prevent existing clients
from printing an incorrect warning if they're connecting to a newer daemon.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8964595692)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-11 16:38:53 +02:00
Sebastiaan van Stijn adb01ca79d
docs: some minor touch-ups in checkpoint reference
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8c73a93925)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-11 16:28:45 +02:00
Sebastiaan van Stijn 8260476a06
docs: remove trailing space to fix generated YAML format
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 795c9c96b3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-11 16:28:27 +02:00
Silvin Lubecki aa5b6b7728
Merge pull request #3326 from thaJeztah/20.10_backport_docs
[20.10 backport] assorted docs fixes
2021-10-06 17:38:07 +02:00
Silvin Lubecki 859e303655
Merge pull request #3268 from thaJeztah/20.10_backport_add_redirect
[20.10 backport] docs: add missing redirect, and remove /go/experimental redirect
2021-10-06 17:37:28 +02:00
Dmitriy Fishman bce2e1f953
docs: create.md: typo fix
Signed-off-by: Dmitriy Fishman <fishman.code@gmail.com>
(cherry picked from commit a3832808f3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:50:33 +02:00
Ivan Grund 44064f51c8
Fix typo in documentation - build.md
Signed-off-by: Ivan Grund <ivan.grund@gmail.com>
(cherry picked from commit d9f17025c4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:49:25 +02:00
CrazyMax 292779add5
Add doc for BUILDKIT_PROGRESS env var
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit ecaaa35be6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:49:09 +02:00
Sebastiaan van Stijn f2e79b826c
docs: use "console" code-hint for shell examples
This replaces the use of bash where suitable, to allow easier copy/pasting
of shell examples without copying the prompt or process output.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 47ba76afb1)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:48:53 +02:00
Sebastiaan van Stijn fa46b92361
docs: rewrite reference docs for --stop-signal and --stop-timeout
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 16466f1ce6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:48:50 +02:00
Sebastiaan van Stijn 400f81089a
experimental: fix broken link to "checkpoint and restore" page
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ea98f6c923)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:48:18 +02:00
Sebastiaan van Stijn c72057c8db
docs: move checkpoint/restore doc from experimental into reference
This allows this information to be read from docs.docker.com.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit aa89e6847a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:48:12 +02:00
Pawel 77db97d595
Use private network address for default-address-pools setting in daemon.json example
Signed-off-by: Pawel <pepawel@users.noreply.github.com>
(cherry picked from commit 6482f3f9b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:45:47 +02:00
Sebastiaan van Stijn cbf0d2b7b7
docs: fix some broken anchors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2621af848a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:45:12 +02:00
Sebastiaan van Stijn d0014a86bc
docs: fix description of restart-delay to mention max (1 minute)
Commit 9bd3a7c029
(docker 17.04 and up) added a maximum timeout of 1 minute to the
restart timeout.

This patch updates the documentation to match the current behavior.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 47e5cfa9e9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:42:47 +02:00
takeshi.koenuma 6c1c8b55aa
docs: fix search results by filterd is-official
Signed-off-by: takeshi.koenuma <t.koenuma2@gmail.com>
(cherry picked from commit 1de937c144)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:42:32 +02:00
Sebastiaan van Stijn c2ea9bc90b
Merge pull request #3 from moby/20.10_backport_go_1.16.8
[20.10 backport] Update Go to 1.16.8
2021-09-23 20:26:34 +02:00
Sebastiaan van Stijn 44fdac11f5
Update Go to 1.16.8
This includes additional fixes for CVE-2021-39293.

go1.16.8 (released 2021-09-09) includes a security fix to the archive/zip package,
as well as bug fixes to the archive/zip, go/internal/gccgoimporter, html/template,
net/http, and runtime/pprof packages. See the Go 1.16.8 milestone on the issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.8+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 01fa5d925a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-09-15 14:18:23 +02:00
Sebastiaan van Stijn 893e52cf4b
Merge pull request #2 from moby/cli-ghsa-99pg-grm5-qq3v-default-authconfig-20.10
[20.10] registry: ensure default auth config has address
2021-09-09 20:40:54 +02:00
Sebastiaan van Stijn 061051c24d
docs: add missing redirect, and remove /go/experimental redirect
The /go/ redirects are now defined in the docs repository, so the one
we defined here can be removed.
Also adds a missing redirect for an old URL to the main CLI page.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 463746ff22)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-23 17:50:43 +02:00
Sebastiaan van Stijn 62eae52c2a
Merge pull request #3236 from thaJeztah/20.10_backport_bump_go_1.16.7
[20.10 backport] Update Go to 1.16.7
2021-08-17 14:11:07 +02:00
Sebastiaan van Stijn 2012fbf111
Update Go to 1.16.7
go1.16.7 (released 2021-08-05) includes a security fix to the net/http/httputil
package, as well as bug fixes to the compiler, the linker, the runtime, the go
command, and the net/http package. See the Go 1.16.7 milestone on the issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.7+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3112b382a3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-07 18:24:03 +02:00
Samuel Karp 42d1c02750
registry: ensure default auth config has address
Signed-off-by: Samuel Karp <skarp@amazon.com>
2021-07-29 19:57:58 -07:00
Sebastiaan van Stijn 3967b7d28e
Merge pull request #3224 from thaJeztah/20.10_backport_bump_go_1.16.6
[20.10 backport] Bump go 1.16.6
2021-07-29 15:55:47 +02:00
Sebastiaan van Stijn 0b924e51fc
Update to go1.16.6
Keeping the dockerfiles/Dockerfile.cross image at 1.13, as we don't
have more current versions of that image. However, I don't think it's
still used, so we should remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a477a727fc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:11:44 +02:00
Sebastiaan van Stijn 6288e8b1ac
change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test
Golang uses a `sync.Once` when determining the proxy to use. This means
that it's not possible to test the proxy configuration in unit tests,
because the proxy configuration will be "fixated" the first time Golang
detects the proxy configuration.

This patch changes TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e
test so that we can verify the CLI picks up the proxy configuration.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 40c6b117e7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:11:10 +02:00
Sebastiaan van Stijn 1e9575e81a
cli/config/configfile: various test cleanups
- use var/const blocks when declaring a list of variables
- use const where possible

TestCheckKubernetesConfigurationRaiseAnErrorOnInvalidValue:

- use keys when assigning values
- make sure test is dereferenced in the loop
- use subtests

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit be327a4f0f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:10:40 +02:00
Sebastiaan van Stijn c98e9c47ca
Use designated test domains (RFC2606) in tests
Some tests were using domain names that were intended to be "fake", but are
actually registered domain names (such as mycorp.com).

Even though we were not actually making connections to these domains, it's
better to use domains that are designated for testing/examples in RFC2606:
https://tools.ietf.org/html/rfc2606

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f3886f354a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:10:38 +02:00
Sebastiaan van Stijn a6f6b5fa34
Merge pull request #3219 from thaJeztah/20.10_backport_deprecate_encrypted_tls
[20.10 backport] context: deprecate support for encrypted TLS private keys
2021-07-29 11:40:02 +02:00
Sebastiaan van Stijn 8437cfefae
context: deprecate support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 15535d4594)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 15:48:11 +02:00
Sebastiaan van Stijn 68a5ca859f
cli/context: ignore linting warnings about RFC 1423 encryption
From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

When linting on Go 1.16:

    cli/context/docker/load.go:69:6: SA1019: x509.IsEncryptedPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
            if x509.IsEncryptedPEMBlock(pemBlock) {
               ^
    cli/context/docker/load.go:70:20: SA1019: x509.DecryptPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
                keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(c.TLSPassword))
                                ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2688f25eb7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 15:48:09 +02:00
Sebastiaan van Stijn f9d091f4b1
Merge pull request #3174 from thaJeztah/20.10_backport_deprecate_kube
[20.10 backport] Deprecate Kubernetes stack support
2021-07-28 15:47:43 +02:00
Silvin Lubecki e9b8231d6a
Merge pull request #3205 from thaJeztah/20.10_backport_update_dockerfile_syntax
[20.10 backport] Update Dockerfiles to latest syntax, remove "experimental"
2021-07-22 15:42:42 +02:00
Sebastiaan van Stijn 8a64739631
Update Dockerfiles to latest syntax, remove "experimental"
The experimental image is deprecated (now "labs"), and the features we use
are now included in the regular (stable) syntax.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 48dbf6f3cf)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-22 14:57:33 +02:00
Silvin Lubecki a555c853b0
Merge pull request #3200 from thaJeztah/20.10_backport_update_md2man
[20.10 backport] Update go-md2man to v2.0.1 to fix table rendering in man-pages
2021-07-22 14:44:56 +02:00
Sebastiaan van Stijn 260ba1a8a2
vendor: cpuguy83/go-md2man/v2 v2.0.1
full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.0...v2.0.1

- Fix handling multiple definition descriptions
- Fix inline markup causing table cells to split
- Remove escaping tilde character (prevents tildes (`~`) from disappearing).
- Do not escape dash, underscore, and ampersand (prevents ampersands (`&`) from disappearing).
- Ignore unknown HTML tags to prevent noisy warnings

With this, generating manpages becomes a lot less noisy; no more of these:

    WARNING: go-md2man does not handle node type HTMLSpan
    WARNING: go-md2man does not handle node type HTMLSpan
    WARNING: go-md2man does not handle node type HTMLSpan

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 13e8225007)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-21 11:04:19 +02:00
Sebastiaan van Stijn f63cb8b97e
vendor: github.com/russross/blackfriday/v2 v2.1.0
removes the github.com/shurcooL/sanitized_anchor_name dependency

full diff: https://github.com/russross/blackfriday/compare/v2.0.1...v2.1.0

- Committed to github.com/russross/blackfriday/v2 as the canonical import path for blackfriday v2.
- Reduced the amount of dependencies.
- Added a SanitizedAnchorName function.
- Added Node.IsContainer and Node.IsLeaf methods.
- Fixed parsing of links that end with a double backslashes.
- Fixed an issue where fence length wasn't computed.
- Improved the default value for the HTMLRendererParameters.FootnoteReturnLinkContents field.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ef14ae09bb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-21 11:03:01 +02:00
Sebastiaan van Stijn c1492eabde
Merge pull request #3196 from thaJeztah/20.10_backport_go1.17_for_windows
[20.10 backport] Dockerfile: remove custom go build for windows/arm64
2021-07-19 14:52:01 +02:00
Tonis Tiigi 48e6b44379
Dockerfile: remove custom go build for windows/arm64
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit f3d1b02e2b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-19 14:35:07 +02:00
Sebastiaan van Stijn bfcd17b5b7
Merge pull request #3175 from thaJeztah/20.10_backport_docs_fixes
[20.10 backport] docs fixes
2021-07-07 12:30:30 +02:00
Sebastiaan van Stijn 8279b718ea
Merge pull request #3176 from thaJeztah/20.10_backport_update_ci_engine
[20.10 backport] CI: update engine versions and Jenkins labels
2021-07-02 17:38:48 +02:00
Sebastiaan van Stijn 644c003606
circleCI: update docker engine to 20.10.6
20.10.6 looks to be the latest supported version:
https://circleci.com/docs/2.0/building-docker-images/#docker-version

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c6cd0493ab)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:53:15 +02:00
Sebastiaan van Stijn 0d17280a30
Jenkinsfile: update old engine version to 19.03
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 661b87ac9b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:53:13 +02:00
Sebastiaan van Stijn eedfe50a99
Jenkinsfile: update labels to prevent running on cgroups v2
The dind engine version that we use in e2e does not support cgroups v2,
so if we landed on an Ubuntu 20.04 node with cgroups v2 enabled, CI failed:

    Stderr:   Error response from daemon: cgroups: cgroup mountpoint does not exist: unknown

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2849437f21)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:53:11 +02:00