Commit Graph

8831 Commits

Author SHA1 Message Date
Bjorn Neergaard 3713ee1eea
Merge pull request #4395 from thaJeztah/24.0_backport_fix-connhelper-docker-example
[24.0 backport] ssh: fix error on commandconn close, add ping and default timeout
2023-06-30 11:55:44 -06:00
Laura Brehm 2d5f041bde
commandconn: return original error while closing
Changes the `Read` and `Write` error handling
logic to return the original error while closing
the connection. We still skip calling `handleEOF`
if already closing the connection.

Fixes the flaky `TestCloseWhileWriting` and
`TestCloseWhileReading` tests.

Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit d5f564adaa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-30 19:23:36 +02:00
Laura Brehm 520e3600ee
commandconn: don't return error if command closed successfully
---
commandconn: fix race on `Close()`

During normal operation, if a `Read()` or `Write()` call results
in an EOF, we call `onEOF()` to handle the terminating command,
and store it's exit value.

However, if a Read/Write call was blocked while `Close()` is called
the in/out pipes are immediately closed which causes an EOF to be
returned. Here, we shouldn't call `onEOF()`, since the reason why
we got an EOF is because we're already terminating the connection.
This also prevents a race between two calls to the commands `Wait()`,
in the `Close()` call and `onEOF()`

---
Add CLI init timeout to SSH connections

---
connhelper: add 30s ssh default dialer timeout

(same as non-ssh dialer)

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit a5ebe2282a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-30 19:23:12 +02:00
Sebastiaan van Stijn fad718c7ea
Merge pull request #4393 from thaJeztah/24.0_backport_debug_relax
[24.0 backport] docker info: fix condition for printing debug information
2023-06-30 15:38:59 +02:00
Sebastiaan van Stijn cd68c8f003
docker info: fix condition for printing debug information
The daemon collects this information regardless if "debug" is
enabled. Print the debugging information if either the daemon,
or the client has debug enabled.

We should probably improve this logic and print any of these if
set (but some special rules are needed for file-descriptors, which
may use "-1".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 92d7a234dd)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-30 15:15:38 +02:00
Bjorn Neergaard 05fabe63ba
Merge pull request #4368 from thaJeztah/24.0_backport_update_buildx_0.11
[24.0 backport] Dockerfile: update gotestsum to v1.10.0, buildx v0.11.0
2023-06-28 06:22:26 -06:00
Sebastiaan van Stijn 0a2dcdb446
Merge pull request #4381 from thaJeztah/24.0_backport_update-link-overlay-driver
[24.0 backport] docs: update link location for the overlay driver
2023-06-27 12:35:42 +02:00
David Karlsson a78fd6ca69
docs: update link location for the overlay driver
File location changes in docker/docs#17176

Signed-off-by: David Karlsson <david.karlsson@docker.com>
(cherry picked from commit 035e26fb0b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-27 09:28:19 +02:00
Sebastiaan van Stijn ddb9220abf
Merge pull request #4375 from dvdksn/24.0_backport_fix-staticip-example
[24.0 Backport] Fix static ip example (docker run)
2023-06-26 17:22:57 +02:00
David Karlsson 9cd335d44b docs: fix static ip example, network needs a subnet
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 5936fd2a86)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-06-26 17:04:24 +02:00
Sebastiaan van Stijn bcc889f6cf
Merge pull request #4373 from dvdksn/24.0_backport_dockerd-fix-alternative-runtimes-link
[24.0 Backport] Fix broken link in dockerd cli reference
2023-06-26 16:19:10 +02:00
David Karlsson d61e4fe879 docs: fix broken link
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit b85d6a8f9e)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-06-26 15:11:55 +02:00
Sebastiaan van Stijn ee62dcd8dc
Merge pull request #4369 from thaJeztah/24.0_backport_dockerd-runtimes-refresh
[24.0 backport] docs: update the runtime configuration section
2023-06-26 14:27:36 +02:00
Bjorn Neergaard b3750a8461
Merge pull request #4371 from thaJeztah/24.0_backport_no_homedir
[24.0 backport] cli/command/context: don't use pkg/homedir in test
2023-06-26 06:12:01 -06:00
Sebastiaan van Stijn 8e3a2942a5
cli/command/context: don't use pkg/homedir in test
I'm considering deprecating the "Key()" utility, as it was only
used in tests.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 79ff64f06d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 13:37:34 +02:00
David Karlsson c3ef1ceadf
docs: update the runtime configuration section
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 6c7d17fa01)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 12:46:56 +02:00
Sebastiaan van Stijn 44eebb8bc1
Dockerfile: update buildx to v0.11.0
Update the version of buildx we use in the dev-container to v0.11.0;
https://github.com/docker/buildx/releases/tag/v0.11.0

Full diff: https://github.com/docker/buildx/compare/v0.10.4..v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bf5d1ce973)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 12:17:36 +02:00
Sebastiaan van Stijn 7ecfa2e7fd
Dockerfile: update gotestsum to v1.10.0
full diff: https://github.com/gotestyourself/gotestsum/compare/v1.8.2...v1.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9c2694d2b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 12:17:33 +02:00
Sebastiaan van Stijn 751bb353fe
Merge pull request #4351 from thaJeztah/24.0_backport_update_go_1.20.5
[24.0 backport] update go to go1.20.5, alpine 3.17
2023-06-21 10:55:21 +02:00
Sebastiaan van Stijn f11f309090
update go to go1.20.5
go1.20.5 (released 2023-06-06) includes four security fixes to the cmd/go and
runtime packages, as well as bug fixes to the compiler, the go command, the
runtime, and the crypto/rsa, net, and os packages. See the Go 1.20.5 milestone
on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.5+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.4...go1.20.5

These minor releases include 3 security fixes following the security policy:

- cmd/go: cgo code injection
  The go command may generate unexpected code at build time when using cgo. This
  may result in unexpected behavior when running a go program which uses cgo.

  This may occur when running an untrusted module which contains directories with
  newline characters in their names. Modules which are retrieved using the go command,
  i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e.
  GO111MODULE=off, may be affected).

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-29402 and Go issue https://go.dev/issue/60167.

- runtime: unexpected behavior of setuid/setgid binaries

  The Go runtime didn't act any differently when a binary had the setuid/setgid
  bit set. On Unix platforms, if a setuid/setgid binary was executed with standard
  I/O file descriptors closed, opening any files could result in unexpected
  content being read/written with elevated prilieges. Similarly if a setuid/setgid
  program was terminated, either via panic or signal, it could leak the contents
  of its registers.

  Thanks to Vincent Dehors from Synacktiv for reporting this issue.

  This is CVE-2023-29403 and Go issue https://go.dev/issue/60272.

- cmd/go: improper sanitization of LDFLAGS

  The go command may execute arbitrary code at build time when using cgo. This may
  occur when running "go get" on a malicious module, or when running any other
  command which builds untrusted code. This is can by triggered by linker flags,
  specified via a "#cgo LDFLAGS" directive.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-29404 and CVE-2023-29405 and Go issues https://go.dev/issue/60305 and https://go.dev/issue/60306.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3b8d5da66b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-14 21:37:48 +02:00
Sebastiaan van Stijn 3a6c11773d
Dockerfile: update ALPINE_VERSION to 3.17
Official Golang images are now only available for 3.18 and 3.17;
3.18 doesn't look to play well with gotestsum, so sticking to
an older version.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit acb248f8d5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-14 21:37:46 +02:00
Sebastiaan van Stijn 0823df7daa
Merge pull request #4339 from thaJeztah/24.0_backport_move_attach_keys
[24.0 backport] docs: move "--detach-keys" example to examples section, add to "docker run" as well
2023-06-12 21:37:14 +02:00
Sebastiaan van Stijn 11af1189d7
docs: add "--detach-keys" example to docker run reference
This is a copy of the section we have on the "docker attach" reference page.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 47951ff446)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-09 10:07:19 +02:00
Sebastiaan van Stijn f118c05e87
docs: move "--detach-keys" example to examples section
Also adds a named anchor, so that the section gets linked from the
options table.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c17b0df2a5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-09 10:07:19 +02:00
Sebastiaan van Stijn be0e76bf84
Merge pull request #4326 from thaJeztah/24.0_backport_fix_context_godoc
[24.0 backport] cli/command: fix GoDoc referencing wrong const
2023-06-02 14:20:15 +02:00
Sebastiaan van Stijn f66f7ed7ff
cli/command: fix GoDoc referencing wrong const
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0692d762ac)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-02 14:13:14 +02:00
Sebastiaan van Stijn ec621aae2d
Merge pull request #4328 from thaJeztah/24.0_backport_dockerfile_goproxy
[24.0 backport] Dockerfile.vendor: update GOPROXY to use default with fallback
2023-06-02 14:08:51 +02:00
Sebastiaan van Stijn 2814c01b09
Dockerfile.vendor: update GOPROXY to use default with fallback
Use the default proxy, to assist with vanity domains mis-behaving, but keep
a fallback for situations where we need to get modules from GitHub directly.

This should hopefully help with the gopkg.in/yaml.v2 domain often going AWOL;

    #14 245.9 	gopkg.in/yaml.v2@v2.4.0: unrecognized import path "gopkg.in/yaml.v2": reading https://gopkg.in/yaml.v2?go-get=1: 502 Bad Gateway
    #14 245.9 	server response: Cannot obtain refs from GitHub: cannot talk to GitHub: Get https://github.com/go-yaml/yaml.git/info/refs?service=git-upload-pack: write tcp 10.131.9.188:60820->140.82.121.3:443: write: broken pipe

    curl 'https://gopkg.in/yaml.v2?go-get=1'
    Cannot obtain refs from GitHub: cannot talk to GitHub: Get https://github.com/go-yaml/yaml.git/info/refs?service=git-upload-pack: write tcp 10.131.9.188:60820->140.82.121.3:443: write: broken pipe

From the Go documentation; https://go.dev/ref/mod#goproxy-protocol

> List elements may be separated by commas (,) or pipes (|), which determine error
> fallback behavior. When a URL is followed by a comma, the go command falls back
> to later sources only after a 404 (Not Found) or 410 (Gone) response. When a URL
> is followed by a pipe, the go command falls back to later sources after any error,
> including non-HTTP errors such as timeouts. This error handling behavior lets a
> proxy act as a gatekeeper for unknown modules. For example, a proxy could respond
> with error 403 (Forbidden) for modules not on an approved list (see Private proxy
> serving private modules).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6458dcbe51)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-02 13:15:18 +02:00
Sebastiaan van Stijn 4dc5ea0e80
Merge pull request #4320 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.2
2023-06-01 14:38:31 +02:00
Sebastiaan van Stijn 32f66cbe51
vendor: github.com/docker/docker v24.0.2
no changes in vendored files

full diff: https://github.com/docker/docker/compare/v24.0.1...v24.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-31 22:48:27 +02:00
Sebastiaan van Stijn cb74dfcd85
Merge pull request #4313 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.1
2023-05-25 22:26:27 +02:00
Sebastiaan van Stijn dc4707edb0
[24.0] vendor: github.com/docker/docker v24.0.1
no changes in vendored files

full diff: https://github.com/docker/docker/compare/v24.0.0-rc.3...v24.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-25 22:11:54 +02:00
Sebastiaan van Stijn 680212238b
Merge pull request #4310 from thaJeztah/24.0_backport_fix_daemon_proxy 2023-05-19 17:51:02 +02:00
Sebastiaan van Stijn 298e67926e
docs: fix example for proxies in daemon.json
commit c846428cb6 added proxies to the
example `daemon.json`, based on the implementation that was added in
427c7cc5f8.

However, a follow-up pull request changed the proxy-configuration in`daemon.json`
to nest the configuration in a "proxies" struct, and the documentation was
not updated accordingly; see:
101dafd049

This patch fixes the example.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2713d0bcde)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-19 17:29:30 +02:00
Sebastiaan van Stijn aa40216965
Merge pull request #4308 from thaJeztah/24.0_backport_docs_fixes 2023-05-19 15:08:06 +02:00
Sebastiaan van Stijn 9175ffa9b2
man: remove devicemapper from examples
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4c11f73dcb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-19 14:45:52 +02:00
A. Lester Buck III beb0330a72
Correct "ps --no-trunc" example output
Signed-off-by: A. Lester Buck III <github-reg@nbolt.com>
(cherry picked from commit 988e37956d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-19 14:38:03 +02:00
Sebastiaan van Stijn 405be90634
docs: remove AuFS from glossary
The AuFS storage driver was deprecated and now removed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b222900520)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-19 14:37:51 +02:00
Sebastiaan van Stijn 7a269817b5
docs: remove Docker Toolbox from glossary
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e4211c91ed)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-19 14:37:51 +02:00
Sebastiaan van Stijn 41ef7c45cc
docs: remove boot2docker and docker-machine from glossary
boot2docker is deprecated, and so is docker-machine

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c246ea8517)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-19 14:37:48 +02:00
Sebastiaan van Stijn 199b872c98
Merge pull request #4302 from thaJeztah/24.0_backport_completion_remove_aufs_overlay
[24.0 backport] contrib/completion: remove aufs, legacy overlay
2023-05-19 10:07:01 +02:00
Sebastiaan van Stijn 661f70b52d
Merge pull request #4305 from thaJeztah/24.0_backport_daemon_remove_deprecated_drivers
[24.0 backport] docs: remove uses of deprecated AuFS, legacy overlay storage drivers
2023-05-19 09:50:27 +02:00
Sebastiaan van Stijn c184a61dab
docs/deprecated: remove "disabled by default" for AuFS, overlay
These drivers have been removed in docker 24.0, so it's no longer
possible to enable them.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c61b565183)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-19 01:23:37 +02:00
Sebastiaan van Stijn e7a60449f7
docs: remove aufs and legacy overlay
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9f537a756e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-19 01:23:37 +02:00
Sebastiaan van Stijn 77541afeab
contrib/completion: remove aufs, legacy overlay
The AuFS and (legacy) overlay storage drivers have been deprecated and
removed, so remove them from the completion scripts.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 73fbcdea05)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-19 01:01:55 +02:00
Bjorn Neergaard f4b354f688
Merge pull request #4299 from thaJeztah/24.0_backport_drop_the_dot
[24.0 backport] docs/deprecated: remove .patch release from deprecation status
2023-05-18 22:47:36 +01:00
Sebastiaan van Stijn e67a7acd06
docs/deprecated: remove .patch release from deprecation status
commit de8b696ed6 removed the patch
releases from the deprecation doc, but when we switched to the
SemVer(ish) format for v23.0, we accidentally added them back.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6460eea54d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-18 22:49:56 +02:00
Sebastiaan van Stijn 98fdcd769b
Merge pull request #4287 from thaJeztah/24.0_update_engine2
[24.0] vendor: github.com/docker/docker v24.0.0-rc.3
2023-05-12 15:10:05 +01:00
Sebastiaan van Stijn fb6ae356c7
vendor: github.com/docker/docker v24.0.0-rc.3
no changes in vendored files

full diff: https://github.com/docker/docker/compare/v24.0.0-rc.2...v24.0.0-rc.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-12 00:03:10 +02:00
Sebastiaan van Stijn 1d7dd91593
Merge pull request #4286 from thaJeztah/24.0_backport_vendor_distribution_v2.8.2
[24.0 backport] vendor: github.com/docker/distribution v2.8.2
2023-05-11 19:49:59 +02:00