Commit Graph

8919 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 54894f0224
vendor: golang.org/x/sync v0.3.0
full diff: https://github.com/golang/sync/compare/v0.1.0...v0.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1554b49329)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:27:00 +02:00
Bjorn Neergaard 0f109aafa8
Merge pull request #4584 from thaJeztah/24.0_backport_update_actions
[24.0 backport] build(deps): bump actions/checkout from 3 to 4
2023-10-13 08:49:32 -07:00
Bjorn Neergaard 89ce230bd8
Merge pull request #4587 from thaJeztah/24.0_backport_go1.21_prepare
[24.0 backport] assorted dockerfile and test updates
2023-10-13 08:49:15 -07:00
Sebastiaan van Stijn db6e494b40
Merge pull request #4594 from thaJeztah/24.0_backport_update_md2man
[24.0 backport] update go-md2man to v2.0.3
2023-10-13 17:27:19 +02:00
Sebastiaan van Stijn 5b3e376f86
Merge pull request #4597 from thaJeztah/24.0_update_go1.20.10
[24.0] update to go1.20.10
2023-10-12 14:20:26 +02:00
Sebastiaan van Stijn a47889a70f
update to go1.20.10
go1.20.10 (released 2023-10-10) includes a security fix to the net/http package.
See the Go 1.20.10 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.10+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.9...go1.20.10

From the security mailing:

[security] Go 1.21.3 and Go 1.20.10 are released

Hello gophers,

We have just released Go versions 1.21.3 and 1.20.10, minor point releases.

These minor releases include 1 security fixes following the security policy:

- net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 20:04:46 +02:00
Sebastiaan van Stijn 3c10203b39
update to go1.20.9
go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go package,
as well as bug fixes to the go command and the linker. See the Go 1.20.9
milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.9+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.8...go1.20.9

From the security mailing:

[security] Go 1.21.2 and Go 1.20.9 are released

Hello gophers,

We have just released Go versions 1.21.2 and 1.20.9, minor point releases.

These minor releases include 1 security fixes following the security policy:

- cmd/go: line directives allows arbitrary execution during build

  "//line" directives can be used to bypass the restrictions on "//go:cgo_"
  directives, allowing blocked linker and compiler flags to be passed during
  compliation. This can result in unexpected execution of arbitrary code when
  running "go build". The line directive requires the absolute path of the file in
  which the directive lives, which makes exploting this issue significantly more
  complex.

  This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 20:04:12 +02:00
Sebastiaan van Stijn 9662d73735
update go-md2man to v2.0.3
full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.1...v2.0.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3f1195e4ec)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 19:24:29 +02:00
Tianon Gravi 35453d6c4f
Update minimum Go version to 1.19
On Go 1.18 since a5ebe2282a, we get:

    # github.com/docker/docker-credential-helpers/client
    vendor/github.com/docker/docker-credential-helpers/client/command.go:34:39: programCmd.Environ undefined (type *exec.Cmd has no field or method Environ)
    note: module requires Go 1.19
    # github.com/docker/cli/cli/connhelper/commandconn
    cli/connhelper/commandconn/commandconn.go:71:22: undefined: atomic.Bool
    cli/connhelper/commandconn/commandconn.go:76:22: undefined: atomic.Bool
    cli/connhelper/commandconn/commandconn.go:77:22: undefined: atomic.Bool
    cli/connhelper/commandconn/commandconn.go:78:22: undefined: atomic.Bool

These go away when building against 1.19+.

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
(cherry picked from commit 0f59f04f57)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-29 10:00:53 +02:00
dependabot[bot] 2a76b0c4e7
build(deps): bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit dee40053f6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 14:34:32 +02:00
Sebastiaan van Stijn 1ebaef3663
Dockerfile: use GOTOOLCHAIN=local
This may find its way into the official images, but until it does, let's
make sure we don't get unexpected updates of go.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e9759cee69)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 14:30:13 +02:00
Sebastiaan van Stijn 8a7833ab62
Dockerfile: build gotestsum and goversioninfo without cgo
It's not needed to build these binaries. The Dockerfile.dev image already
has CGO_ENABLED=0 as default in the golang image, so does not need updates.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f07e7e1eed)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 14:29:40 +02:00
Sebastiaan van Stijn 2e86812d7a
e2e: update to use compose v2, and don't depend on distro-packages
We were depending on alpine's package repository to install compose,
but for debian we used compose's GitHub releases. Depending on distro
packages means that we don't know when updates will happen, and versions
may diverge because of that; for example, alpine 3.18 updated to compose
v2;

On alpine 3.17:

    make -f docker.Makefile build-e2e-image
    docker run --rm docker-cli-e2e docker-compose --version
    docker-compose version 1.29.2, build unknown

On alpine 3.18:

    make -f docker.Makefile build-e2e-image
    docker run --rm docker-cli-e2e docker-compose --version
    Docker Compose version v2.17.3

This caused our e2e script to fail, as it made assumptions about the name
format created by compose, which changed from underscores to hyphens in v2;

    Container cliendtoendsuite-engine-1  Running
    Error: No such object: cliendtoendsuite_engine_1

This patch:

- updates the Dockerfile to install compose from the compose-bin image
- adjusts the e2e script for the new naming scheme format
- removes the version field from the compose-files used in e2e, as they
  are no longer used by compose.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9e424af5da)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 14:29:27 +02:00
Sebastiaan van Stijn e7ca37861b
Dockerfile: use COPY --link where possible
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit af05a68828)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 14:28:47 +02:00
Bjorn Neergaard 1f8118b1cc
Merge pull request #4565 from thaJeztah/24.0_backport_docker_tag_dupwords
[24.0 backport] docs: fix duplicate words in "docker tag" reference
2023-09-15 08:17:43 -06:00
Sebastiaan van Stijn f2a3d50b30
docs: fix duplicate words in "docker tag" reference
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3a16c3bb09)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-14 13:45:34 +02:00
Bjorn Neergaard edae25f8af
Merge pull request #4561 from thaJeztah/24.0_backport_update_golang_1.20.8
[24.0 backport] update to go1.20.8
2023-09-13 10:05:54 -06:00
Bjorn Neergaard d848d49be9
Merge pull request #4543 from thaJeztah/24.0_backport_bump_golangci_lint
[24.0 backport] update golangci-lint to v1.54.2
2023-09-13 10:05:27 -06:00
Sebastiaan van Stijn 4feeefbd68
update to go1.20.8
go1.20.8 (released 2023-09-06) includes two security fixes to the html/template
package, as well as bug fixes to the compiler, the go command, the runtime,
and the crypto/tls, go/types, net/http, and path/filepath packages. See the
Go 1.20.8 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.8+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.7...go1.20.8

From the security mailing:

[security] Go 1.21.1 and Go 1.20.8 are released

Hello gophers,

We have just released Go versions 1.21.1 and 1.20.8, minor point releases.

These minor releases include 4 security fixes following the security policy:

- cmd/go: go.mod toolchain directive allows arbitrary execution
  The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to
  execute scripts and binaries relative to the root of the module when the "go"
  command was executed within the module. This applies to modules downloaded using
  the "go" command from the module proxy, as well as modules downloaded directly
  using VCS software.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-39320 and Go issue https://go.dev/issue/62198.

- html/template: improper handling of HTML-like comments within script contexts
  The html/template package did not properly handle HMTL-like "<!--" and "-->"
  comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may
  cause the template parser to improperly interpret the contents of <script>
  contexts, causing actions to be improperly escaped. This could be leveraged to
  perform an XSS attack.

  Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
  issue.

  This is CVE-2023-39318 and Go issue https://go.dev/issue/62196.

- html/template: improper handling of special tags within script contexts
  The html/template package did not apply the proper rules for handling occurrences
  of "<script", "<!--", and "</script" within JS literals in <script> contexts.
  This may cause the template parser to improperly consider script contexts to be
  terminated early, causing actions to be improperly escaped. This could be
  leveraged to perform an XSS attack.

  Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
  issue.

  This is CVE-2023-39319 and Go issue https://go.dev/issue/62197.

- crypto/tls: panic when processing post-handshake message on QUIC connections
  Processing an incomplete post-handshake message for a QUIC connection caused a panic.

  Thanks to Marten Seemann for reporting this issue.

  This is CVE-2023-39321 and CVE-2023-39322 and Go issue https://go.dev/issue/62266.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4b00be585c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-13 17:49:18 +02:00
Bjorn Neergaard ed223bc820
Merge pull request #4544 from thaJeztah/24.0_backport_fix_events_json_format
[24.0 backport] cli/command/system: fix "docker events" not supporting --format=json
2023-08-31 11:24:32 -06:00
Sebastiaan van Stijn fab55e13ce
cli/command/system: fix "docker events" not supporting --format=json
Before this patch:

    docker events --format=json
    json
    json
    json
    ^C

With this patch:

    docker events --format=json
    {"status":"create","id":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","from":"hello-world","Type":"container","Action":"create","Actor":{"ID":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","Attributes":{"image":"hello-world","name":"dreamy_goldstine"}},"scope":"local","time":1693168508,"timeNano":1693168508190136885}
    {"status":"attach","id":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","from":"hello-world","Type":"container","Action":"attach","Actor":{"ID":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","Attributes":{"image":"hello-world","name":"dreamy_goldstine"}},"scope":"local","time":1693168508,"timeNano":1693168508192851593}
    {"Type":"network","Action":"connect","Actor":{"ID":"c54920dd5074a73e28bea62007e0334d81cc040a90372be311cf16806403d350","Attributes":{"container":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","name":"bridge","type":"bridge"}},"scope":"local","time":1693168508,"timeNano":1693168508212398802}
    {"status":"start","id":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","from":"hello-world","Type":"container","Action":"start","Actor":{"ID":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","Attributes":{"image":"hello-world","name":"dreamy_goldstine"}},"scope":"local","time":1693168508,"timeNano":1693168508312969843}
    ^C

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6dfdd1eae9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 17:36:44 +02:00
Sebastiaan van Stijn 989b340a6c
update golangci-lint to v1.54.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit db6209abdd)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 14:22:46 +02:00
Sebastiaan van Stijn 2fcff17544
Merge pull request #4537 from thaJeztah/24.0_backort_docs_fixes
[24.0 backport] docs/reference: run.md: remove stray whitespace and update cli-docs-tool to v0.6.0
2023-08-29 11:44:13 +02:00
Sebastiaan van Stijn b74d8e1a53
Merge pull request #4538 from thaJeztah/24.0_backport_history_test
[24.0 backport] un-skip history test and fix golden mismatches
2023-08-29 11:43:55 +02:00
Sebastiaan van Stijn 3789f8a39e
Merge pull request #4542 from thaJeztah/24.0_backport_manifest_deref
[24.0 backport] cli/registry: fix client.pullManifestList not de-referencing manifest, and remove "v1" check
2023-08-29 11:43:38 +02:00
Sebastiaan van Stijn d3485b9e9f
cli/registry: client.iterateEndpoints: remove check for APIVersion1
registryService.LookupPullEndpoints uses lookupV2Endpoints
https://github.com/moby/moby/blob/v24.0.5/registry/service.go#L137-L142

which, as the name indicates, only returns V2 endpoints;
https://github.com/moby/moby/blob/v24.0.5/registry/service_v2.go#L10-L80

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 22b4bab90f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 09:45:37 +02:00
Sebastiaan van Stijn 613380299f
cli/registry: fix client.pullManifestList not de-referencing manifest
Kudos to gosec;

    cli/registry/client/fetcher.go:205:57: G601: Implicit memory aliasing in for loop. (gosec)
            imageManifest.Descriptor.Platform = types.OCIPlatform(&manifestDescriptor.Platform)
                                                                  ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5250f1bab5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 09:45:37 +02:00
Sebastiaan van Stijn b83959e001
force TestNewHistoryCommandSuccess to use UTC timezone
This test was skipped if the host was not using UTC timezone, because the output
of timestamps would be different, causing the test to fail.

This patch overrides the TZ env-var to make the test use UTC, so that we don't
have to skip the test.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 42ac5d4bf9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 23:00:49 +02:00
Jason Hall 28a08a22b9
un-skip history test and fix golden mismatches
Signed-off-by: Jason Hall <jason@chainguard.dev>
(cherry picked from commit f5e224e940)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 23:00:37 +02:00
Sebastiaan van Stijn 8e0393932b
update cli-docs-tool to v0.6.0
release notes: https://github.com/docker/cli-docs-tool/releases/tag/v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 17f4c8259b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 22:58:11 +02:00
Sebastiaan van Stijn efd052eb85
docs/reference: run.md: remove stray whitespace
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3d2aac6a0d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 22:43:15 +02:00
Sebastiaan van Stijn cdd81d6559
Merge pull request #4528 from thaJeztah/24.0_backport_docs
[24.0 backport] assorted (docs) backports
2023-08-25 17:23:07 +02:00
Vaclav Struhar d9770a962e
adding -c option for docker run/build in manpages
Signed-off-by: Vaclav Struhar <struharv@gmail.com>
(cherry picked from commit be219b3172)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:10:12 +02:00
Sebastiaan van Stijn 6efe73abe0
cli/command/manifest: update link to Go documentation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 273f2cd95e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:04:36 +02:00
Sebastiaan van Stijn d977531018
man: update links to Go documentation
Go documentation moved to the `go.dev` domain;

    curl -sI https://golang.org/doc/install/source#environment | grep 'location'
    location: https://go.dev/doc/install/source

Also updated some links to use https, where available.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 722e3aae4f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:04:36 +02:00
Sebastiaan van Stijn e9f843bf04
docs/reference: update links to Go documentation
Go documentation moved to the `go.dev` domain;

    curl -sI https://golang.org/doc/install/source#environment | grep 'location'
    location: https://go.dev/doc/install/source

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit dc4feccb89)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:04:36 +02:00
Sebastiaan van Stijn cfbaee4689
CONTRIBUTING.md: update links
- docs moved to https://go.dev/doc/
- blog moved to https://go.dev/blog/
- update DCO link to use https

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1d3af726eb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:04:36 +02:00
Sebastiaan van Stijn daeee46977
update flag-description for --cgroup-parent
This attempts to make it clearer that the --cgroup-parent option is only used
for the containers used during build. Instead of mentioning "build container",
I opted for using "RUN instructions" (to match the --network description),
although this may not be ideal (as it assumes the "Dockerfile" front-end, which
of course may not be the case).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e050312e6d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:03:46 +02:00
Ed Morley 08ad72160f
Update docs/command output for volume pruning
In previous versions of the Docker API, `system prune --volumes` and `volume prune`
would remove all dangling volumes. With API v1.42, this was changed so that only
anonymous volumes would be removed unless the all filter was specified.

Some of the docs were updated in #4218, however, there were a couple of places
left that didn't make the anonymous vs named volumes distinction clear.

This replaces #4079, which was bitrotted by #4218. See also #4028.

Closes #4079.

Signed-off-by: Ed Morley <501702+edmorley@users.noreply.github.com>
(cherry picked from commit 6e2e92d774)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:03:13 +02:00
Sebastiaan van Stijn 3c4fe7b3e6
docs: add missing docs for "DOCKER_TLS" env-var
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b52fd79f1d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:02:22 +02:00
Sebastiaan van Stijn 98ffe42d84
Merge pull request #4517 from thaJeztah/24.0_backport_docker-cli-slows-bash-init
[24.0 backport] Stop slowing bash init by caching plugins path slowly
2023-08-23 14:04:35 +02:00
Sebastiaan van Stijn 0d5df48121
Merge pull request #4520 from thaJeztah/24.0_backport_patternmatcher_dockerignore
[24.0 backport] replace dockerfile/dockerignore with patternmatcher/ignorefile
2023-08-23 14:04:04 +02:00
Sebastiaan van Stijn bf081eec36
Merge pull request #4512 from thaJeztah/24.0_backport_manifest_token_actions
[24.0 backport] cli/registry/client: set actions when authn with token
2023-08-23 14:03:17 +02:00
Oded Arbel dc45bcc993
Stop slowing bash init by caching plugins path slowly
Fixes issue #3889 by only loading docker plugins path when needed: if it is fast enough than it shouldn't be a problem to do this on demand; OTOH if it is slow then we shouldn't do this during *every* bash session initialization, regardless if docker completion will be needed or not.

Signed-off-by: Oded Arbel <oded@geek.co.il>
(cherry picked from commit 1da67be9ca)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 13:31:46 +02:00
Sebastiaan van Stijn 710dd00e95
replace dockerfile/dockerignore with patternmatcher/ignorefile
The BuildKit dockerignore package was migrated to the patternmatcher
repository / module. This patch updates our uses of the BuildKit package
with its new location.

A small local change was made to keep the format of the existing error message,
because the "ignorefile" package is slightly more agnostic in that respect
and doesn't include ".dockerignore" in the error message.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5bff12354d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 13:22:56 +02:00
Sebastiaan van Stijn bf632329d2
vendor: github.com/moby/patternmatcher v0.6.0
- integrate frontend/dockerfile/dockerignore from buildkit

full diff: https://github.com/moby/patternmatcher/compare/v0.5.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 55ff9e6093)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 13:22:00 +02:00
Sebastiaan van Stijn 724548bc7d
Merge pull request #4508 from thaJeztah/24.0_backport_lazy_ping
[24.0 backport] cmd/docker: areFlagsSupported: don't Ping if not needed
2023-08-23 11:47:27 +02:00
Sebastiaan van Stijn 3c6c0bce1c
cli/registry/client: set actions when authn with token
When using a personal access token, Docker Hub produces an error if actions
are requested beyond the token's allowed actions. This resulted in errors
when using a PAT with limited permissions to do a "docker manifest inspect".

This patch sets actions to "pull" only by default, and requests "push" action
for requests that need it.

To verify:

- create a PAT with limited access (read-only)
- log in with your username and the PAT as password

Before this patch:

    docker manifest inspect ubuntu:latest
    Get "https://registry-1.docker.io/v2/library/ubuntu/manifests/latest": unauthorized: access token has insufficient scopes

With this patch applied:

    docker manifest inspect ubuntu:latest
    {
       "schemaVersion": 2,
       "mediaType": "application/vnd.oci.image.index.v1+json",
       "manifests": [
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:56887c5194fddd8db7e36ced1c16b3569d89f74c801dc8a5adbf48236fb34564",
             "platform": {
                "architecture": "amd64",
                "os": "linux"
             }
          },
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:c835a4f2a632bc91a2b494e871549f0dd83f2966c780e66435774e77e048ddf0",
             "platform": {
                "architecture": "arm",
                "os": "linux",
                "variant": "v7"
             }
          }
       ]
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d2047b954e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 21:55:01 +02:00
Sebastiaan van Stijn 65655cc262
cmd/docker: areFlagsSupported: don't Ping if not needed
This is a similar fix as 006c946389, which
fixed this for detection of commands that were executed. Make sure we don't
call the "/_ping" endpoint if we don't need to.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bb57783ab8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 10:46:50 +02:00
Sebastiaan van Stijn 580730fce9
Merge pull request #4500 from neersighted/backport_4478
[24.0 backport] login: Add message about using PATs
2023-08-17 20:37:25 +02:00