Commit Graph

9693 Commits

Author SHA1 Message Date
racequite dccfd6e4d0 chore: fix function names in comment
Signed-off-by: racequite <quiterace@gmail.com>
2024-04-19 12:24:42 +08:00
Paweł Gronowski b9828336c5
Merge pull request #5027 from laurazard/run-hooks-reexec-env-var
hooks: set expected environment when executing
2024-04-18 11:19:42 +02:00
Laura Brehm 78089c5394
Merge pull request #5024 from laurazard/run-hooks-error
plugins/hooks: run hooks when exit code != 0
2024-04-18 01:05:52 +01:00
Laura Brehm b31c9e1e0c
Merge pull request #5025 from krissetto/fix-otel-otlp-override
Fix OTLP env var overriding
2024-04-17 17:05:44 +01:00
Laura Brehm 5011759056
hooks: set expected environment when executing
During normal plugin execution (from the CLI), the CLI configures the
plugin command it's about to execute in order to pass all environment
variables on, as well as to set the ReExec env var that informs the
plugin about how it was executed, and which plugins rely on to check
whether they are being run standalone or not.

This commit adds the same behavior to hook invocations, which is
necessary for some plugins to know that they are not running standalone
so that they expose their root command at the correct level.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-17 16:57:44 +01:00
Christopher Petito d6796c002f Fix OTLP env var overriding
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
2024-04-17 14:32:41 +00:00
Laura Brehm c449c1a49d
plugins/hooks: run hooks when exit code != 0
Particularly for cases such as `docker exec -it`, it's relevant that the CLI
still executes hooks even if the exec exited with a non-zero exit code,
since this is can be part of a normal `docker exec` invocation depending on
how the user exits.

In the future, this might also be interesting to allow plugins to run
hooks after an error so they can offer error-state recovery suggestions,
although this would require additional work to give the plugin more
information about the failed execution.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-17 15:21:08 +01:00
Rob Murray 287f482e31 Feature option 'windows-dns-proxy'
Document feature option 'windows-dns-proxy', which can be used to
enable or disable forwarding of DNS requests from the daemon's
internal resolver to external servers.

Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-04-16 11:27:23 +01:00
Bjorn Neergaard 116db4fc82
docs: tidy up CDI docs
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-04-15 15:05:53 -07:00
Laura Brehm c0cc22db58
Merge pull request #5019 from laurazard/multiple-plugin-hooks
plugins/templates: break on newlines when printing hooks
2024-04-15 13:55:33 +01:00
Laura Brehm 867061b007
plugins/templates: break on newlines when printing hooks
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-15 12:59:53 +01:00
njucjc 73959eef71 chore: remove deprecated DualStack field
Signed-off-by: njucjc <njucjc@gmail.com>
2024-04-15 17:53:35 +08:00
David Karlsson 78012b0ee5
Merge pull request #4989 from dvdksn/docs-systempaths-unconfined
docs: add systempaths=unconfined security-opt
2024-04-12 14:53:35 +02:00
Paweł Gronowski 249b5a401f
Merge pull request #5005 from vvoland/cli-bin-exe
cli-bin/windows: Add .exe extension
2024-04-11 11:35:26 +02:00
Paweł Gronowski 718203d50b
cli-bin/windows: Add .exe extension
Before this commit, the CLI binary in `dockereng/cli-bin` image was
named `docker` regardless of platform.

Change the binary name to `docker.exe` in Windows images.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 18:48:37 +02:00
Sebastiaan van Stijn b6c5522128
Merge pull request #5003 from laurazard/vendor-moby-dirty-26.1
vendor: github.com/docker/docker f9dfd139ec0d (master)
2024-04-10 17:37:31 +02:00
Paweł Gronowski 1433df8fee
bake/bin-image-cross: Add darwin
So we can also have darwin binaries in the `dockereng/cli-bin` image.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 17:28:50 +02:00
Paweł Gronowski 0c2697d779
Dockerfile: Remove xx-sdk-extras
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 17:28:49 +02:00
Paweł Gronowski 094af6ea07
darwin/build: Disallow CGO_ENABLED=1 when cross-compiling
Cross compiling CGO to Darwin requires an Apple SDK.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 17:28:48 +02:00
Laura Brehm 5515b86514
vendor: github.com/docker/docker v26.0.1-0.20240410103514-f9dfd139ec0d+incompatible (master)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-10 16:07:09 +01:00
Laura Brehm c1053bf9d4
vendor: github.com/moby/swarmkit/v2 v2.0.0-20240227173239-911c97650f2e
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-10 16:02:34 +01:00
Laura Brehm 8a3a7b9458
vendor: github.com/containerd/containerd v1.7.15
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-10 15:52:37 +01:00
David Karlsson 4585809848 docs: add systempaths=unconfined security-opt
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-04-10 15:16:30 +02:00
Sebastiaan van Stijn 870ad7f4b9
Merge pull request #4998 from thaJeztah/bump_x_net
vendor: golang.org/x/sys v0.18.0, golang.org/x/term v0.18.0, golang.org/x/crypto v0.21.0, golang.org/x/net v0.23.0
2024-04-09 16:24:15 +02:00
Sebastiaan van Stijn 5fcbbde4b9
vendor: golang.org/x/net v0.23.0
full diff: https://github.com/golang/net/compare/v0.22.0...v0.23.0

Includes a fix for CVE-2023-45288, which is also addressed in go1.22.2
and go1.21.9;

> http2: close connections when receiving too many headers
>
> Maintaining HPACK state requires that we parse and process
> all HEADERS and CONTINUATION frames on a connection.
> When a request's headers exceed MaxHeaderBytes, we don't
> allocate memory to store the excess headers but we do
> parse them. This permits an attacker to cause an HTTP/2
> endpoint to read arbitrary amounts of data, all associated
> with a request which is going to be rejected.
>
> Set a limit on the amount of excess header frames we
> will process before closing a connection.
>
> Thanks to Bartek Nowotarski for reporting this issue.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:52:51 +02:00
Sebastiaan van Stijn 4745b957d2
vendor: golang.org/x/net v0.22.0, golang.org/x/crypto v0.21.0
full diffs changes relevant to vendored code:

- https://github.com/golang/net/compare/v0.19.0...v0.22.0
    - http2: remove suspicious uint32->v conversion in frame code
    - http2: send an error of FLOW_CONTROL_ERROR when exceed the maximum octets
- https://github.com/golang/crypto/compare/v0.17.0...v0.21.0
    - (no changes in vendored code)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:50:53 +02:00
Sebastiaan van Stijn c7a50ebb9f
vendor: golang.org/x/term v0.18.0
no changes in vendored code

full diff: https://github.com/golang/term/compare/v0.15.0...v0.18.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:47:48 +02:00
Sebastiaan van Stijn 9a2133f2d4
vendor: golang.org/x/sys v0.18.0
full diff: https://github.com/golang/sys/compare/v0.16.0...v0.18.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:46:54 +02:00
David Karlsson faf096b25c docs: clarify that --data-path-addr doesn't restrict access
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-04-09 13:08:21 +02:00
Laura Brehm c23a404698
Merge pull request #4986 from vvoland/update-go
update to go1.21.9
2024-04-05 15:35:47 +01:00
Paweł Gronowski 0a5bd6c75b
update to go1.21.9
go1.21.9 (released 2024-04-03) includes a security fix to the net/http
package, as well as bug fixes to the linker, and the go/types and
net/http packages. See the Go 1.21.9 milestone on our issue tracker for
details.

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.9+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.8...go1.21.9

**- Description for the changelog**

```markdown changelog
Update Go runtime to 1.21.9
```

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-05 12:43:24 +02:00
Laura Brehm b2fe82a23e
Merge pull request #4985 from laurazard/otel-exit-code-int
otel: capture exit code as int64
2024-04-05 10:21:52 +01:00
Laura Brehm cefcba9871
otel: capture exit code as int64
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-04 19:11:56 +01:00
Bjorn Neergaard 10b9810989
Merge pull request #4978 from laurazard/otel-add-tty
otel: capture whether process was invoked from a terminal
2024-04-04 06:09:48 -06:00
Laura Brehm 204b324291
Merge pull request #4975 from jsternberg/otel-error-handler
command: include default otel error handler for the cli
2024-04-04 03:56:41 +01:00
Laura Brehm ee1b2836af
otel: capture whether process was invoked from a terminal
This commit adds a "terminal" attribute to `BaseMetricAttributes`
that allows us to discern whether an invocation was from an interactive
terminal or not.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-04 03:28:17 +01:00
Jonathan A. Sternberg 8f45f1495c
command: include default otel error handler for the cli
This adds a default otel error handler for the cli in the debug package.
It uses logrus to log the error on the debug level and should work out
of the box with the `--debug` flag and `DEBUG` environment variable.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-04-03 12:01:28 -05:00
Sebastiaan van Stijn 9ca30bd2ac
Merge pull request #4939 from Benehiko/prompt-termination
feat: standardize error for prompt
2024-04-02 19:09:12 +02:00
Alano Terblanche 910d5d0247
chore: remove backticks and resolve linting issues
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-04-02 15:54:29 +02:00
Bjorn Neergaard 155dc5e4e4
Merge pull request #4973 from jsternberg/otel-1.16-compat
cli: add go:build tag to the docker telemetry
2024-04-01 09:08:16 -06:00
Bjorn Neergaard e3f45bf68f
Merge pull request #4972 from vvoland/community-slack
CONTRIBUTING.md: update Slack link
2024-03-28 14:25:54 -06:00
Jonathan A. Sternberg 2a3b6c03f7
cli: add go:build tag to the docker telemetry
This is needed because the project does not have a `go.mod` file and
gets sent to go 1.16 semantics whenever it's imported by another project
and `any` doesn't exist in go 1.16, but the linter requires us to use
`any` here.

Setting the `go:build` tag forces the per-file language to the go
version specified.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-03-28 14:09:34 -05:00
Laura Brehm 400a8bb4a2
Merge pull request #4940 from krissetto/otel-init
Initial otel implementation
2024-03-28 17:21:00 +00:00
Christopher Petito efd82e1e31 Initial otel impl using our utils
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
2024-03-28 16:23:01 +00:00
Christopher Petito b6e2eca4b8 Enable overriding of the otel exporter otlp endpoint via env var for testing purposes
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
2024-03-28 16:22:53 +00:00
Christopher Petito 160f65d9db Added some telemetry utils
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
2024-03-28 16:22:43 +00:00
Paweł Gronowski 9a1b0f8bb3
CONTRIBUTING.md: update Slack link
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-28 09:38:11 +01:00
Alano Terblanche 7c722c08d0
feat: standardize error for prompt
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-03-26 14:11:55 +01:00
Laura Brehm b8d5454963
Merge pull request #4957 from Benehiko/prompt-test-flakiness
fix: flaky prompt termination on reader close test
2024-03-26 13:03:02 +00:00
Alano Terblanche 7ea10d5ced
refactor: prompt tests
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-03-26 10:07:01 +01:00