Commit Graph

7595 Commits

Author SHA1 Message Date
Chris Crone a2f0cf527b
context: Ensure import paths are valid
Signed-off-by: Chris Crone <christopher.crone@docker.com>
(cherry picked from commit 6f49197cab)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-02 13:51:12 +01:00
Silvin Lubecki a22ed24b98
Merge pull request #2951 from thaJeztah/add_node_label
Add docs and completion for docker node ls --filter node.label
2021-02-01 11:40:43 +01:00
Silvin Lubecki 375faee9bc
Merge pull request #2939 from thaJeztah/fix_swarm_rollback_exitcode
Fix swarm rollback exitcode, and fix skipping verify step
2021-02-01 11:29:15 +01:00
Sebastiaan van Stijn f52a9e2fef
Add docs and completion for docker node ls --filter node.label
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-27 14:11:31 +01:00
Sebastiaan van Stijn d26bdfd4ea
Merge pull request #2950 from tiborvass/execabs
Use golang.org/x/sys/execabs
2021-01-27 08:05:56 +01:00
Tibor Vass 8d199d5bba Use golang.org/x/sys/execabs
On Windows, the os/exec.{Command,CommandContext,LookPath} functions
resolve command names that have neither path separators nor file extension
(e.g., "git") by first looking in the current working directory before
looking in the PATH environment variable.
Go maintainers intended to match cmd.exe's historical behavior.

However, this is pretty much never the intended behavior and as an abundance of precaution
this patch prevents that when executing commands.
Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`.

Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`,
the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker.

Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-26 17:18:04 +00:00
Tibor Vass 7bef248765 vendor docker, docker-credential-helpers and golang/sys for execabs package
Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-26 17:18:04 +00:00
Silvin Lubecki c6bb56136f
Merge pull request #2949 from thaJeztah/fix_man_table
fix docker-run man page table formatting
2021-01-25 18:04:11 +01:00
Sebastiaan van Stijn c0b7b58134
fix docker-run man page table formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-25 17:41:58 +01:00
Sebastiaan van Stijn 669d833b90
Merge pull request #2944 from LeeDongGeon1996/patch-1
docs: Fix wrong variable name
2021-01-25 14:36:50 +01:00
DongGeon Lee 852fe05991 docs: Fix wrong variable name
Signed-off-by: LeeDongGeon <secmatth1996@gmail.com>
2021-01-23 19:04:15 +09:00
Silvin Lubecki 902e9fa22b
Merge pull request #2942 from thaJeztah/add_run_reference_redirect
docs: add redirect for old reference URL
2021-01-21 16:04:14 +01:00
Sebastiaan van Stijn a4fb01f957
docs: add redirect for old reference URL
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-21 15:40:37 +01:00
Sebastiaan van Stijn 104469be0b
service rollback: always verify state
Prior to this change, progressbars would sometimes be hidden, and the function
would return early. In addition, the direction of the progressbars would sometimes
be "incrementing" (similar to "docker service update"), and sometimes be "decrementing"
(to indicate a "rollback" is being performed).

This fix makes sure that we always proceed with the "verifying" step, and now
prints a message _after_ the verifying stage was completed;

    $ docker service rollback foo
    foo
    overall progress: rolling back update: 5 out of 5 tasks
    1/5: running   [>                                                  ]
    2/5: starting  [===========>                                       ]
    3/5: starting  [===========>                                       ]
    4/5: running   [>                                                  ]
    5/5: running   [>                                                  ]
    verify: Service converged
    rollback: rollback completed

    $ docker service rollback foo
    foo
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged
    rollback: rollback completed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-19 14:47:30 +01:00
Sebastiaan van Stijn ce26a165b0
docker service rollback: fix non-zero exit code in some cases
Before this change:
--------------------------------------------

    $ docker service create --replicas=1 --name foo -p 8080:80 nginx:alpine
    t33qvykv8y0zbz266rxynsbo3
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service update --replicas=5 foo
    foo
    overall progress: 5 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ echo $?
    1

After this change:
--------------------------------------------

    $ docker service create --replicas=1 --name foo -p 8080:80 nginx:alpine
    t33qvykv8y0zbz266rxynsbo3
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service update --replicas=5 foo
    foo
    overall progress: 5 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    verify: Waiting 1 seconds to verify that tasks are stable...

    $ echo $?
    0

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ echo $?
    0

    $ docker service ps foo
    ID             NAME      IMAGE          NODE             DESIRED STATE   CURRENT STATE           ERROR     PORTS
    4dt4ms4c5qfb   foo.1     nginx:alpine   docker-desktop   Running         Running 2 minutes ago

Remaining issues with reconciliation
--------------------------------------------

Note that both before, and after this change, the command sometimes terminates
early, and does not wait for the service to reconcile; this is most apparent
when rolling back is scaling up (so more tasks are deployed);

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 5 tasks
    1/5: pending   [=================================>                 ]
    2/5: running   [>                                                  ]
    3/5: pending   [=================================>                 ]
    4/5: pending   [=================================>                 ]
    5/5: pending   [=================================>                 ]
    service rolled back: rollback completed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-19 14:47:28 +01:00
Silvin Lubecki 1e54c5d67c
Merge pull request #2934 from thaJeztah/fix_homedir_warning
cli/config: prevent warning if HOME is not set
2021-01-19 14:01:37 +01:00
Sebastiaan van Stijn c85a37dbb4
cli/config: prevent warning if HOME is not set
commit c2626a8270 replaced the use of
github.com/docker/docker/pkg/homedir with Golang's os.UserHomeDir().

This change was partially reverted in 7a279af43d
to account for situations where `$HOME` is not set.

In  situations where no configuration file is present in `~/.config/`, the CLI
falls back to looking for the (deprecated) `~/.dockercfg` configuration file,
which was still using `os.UserHomeDir()`, which produces an error/warning if
`$HOME` is not set.

This patch introduces a helper function and a global variable to get the user's
home-directory. The global variable is used to prevent repeatedly looking up
the user's information (which, depending on the setup can be a costly operation).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-18 17:47:00 +01:00
Sebastiaan van Stijn a49d70ca7f
Merge pull request #2927 from jimlinntu/fix_update_rollback_order
fix --update-order and --rollback-order flags
2021-01-18 17:26:47 +01:00
Jim Lin 26a6a724aa fix --update-order and --rollback-order flags
Signed-off-by: Jim Lin <b04705003@ntu.edu.tw>
2021-01-18 22:33:45 +08:00
Sebastiaan van Stijn 35f023a7c2
Merge pull request #2929 from cpuguy83/ignore_sigurg
Ignore SIGURG on Linux.
2021-01-16 02:07:19 +01:00
Brian Goff fff164c22e Ignore SIGURG on Linux.
In go1.14+, SIGURG is used by the runtime to handle preemtable system
calls.
In practice this signal caught *frequently*.

For reference:

https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md
https://github.com/golang/go/issues/37942

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-01-15 19:03:39 +00:00
Brian Goff cde469bf1a
Merge pull request #2931 from thaJeztah/bump_notary
vendor: github.com/theupdateframework/notary v0.7.0
2021-01-14 09:37:35 -08:00
Sebastiaan van Stijn 9f6966d4ec
vendor: github.com/theupdateframework/notary v0.7.0
full diff: https://github.com/theupdateframework/notary/compare/v0.6.1...v0.7.0

Changelog:

v0.7.0 12/01/2021
------------------------

- Switch to Go modules
- Use golang/x/crypto for ed25519
- Update Go version
- Update dependency versions
- Fixes from using Gosec for source analysis

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-14 16:10:01 +01:00
Sebastiaan van Stijn 9a3fdc1d64
Merge pull request #2906 from stoffus/added-docker-context-to-zsh-completion
Added docker context to zsh completion
2021-01-11 17:28:37 +01:00
Silvin Lubecki e31e005853
Merge pull request #2921 from thaJeztah/fix_deprecate_typo
docs: fix typo in deprecated.md
2021-01-08 16:18:09 +01:00
Sebastiaan van Stijn 697c3a5b48
docs: fix typo in deprecated.md
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-08 16:03:51 +01:00
Silvin Lubecki a2b9de35db
Merge pull request #2888 from elboulangero/go-md2man-binary-name
Rename bin/md2man to bin/go-md2man
2021-01-08 14:47:16 +01:00
Silvin Lubecki 2563f04c0a
Merge pull request #2918 from thaJeztah/fix_login_panic
Fix panic when failing to get DefaultAuthConfig
2021-01-08 11:22:53 +01:00
Sebastiaan van Stijn c2820a7e3b
Fix panic when failing to get DefaultAuthConfig
Commit f32731f902 fixed a potential panic
when an error was returned while trying to get existing credentials.

However, other code paths currently use the result of `GetDefaultAuthConfig()`
even in an error condition; this resulted in a panic, because a `nil` was
returned.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-07 22:11:29 +01:00
Tibor Vass c6493c7ecb
Merge pull request #2908 from thaJeztah/deprecate_blkio_weight
deprecate blkio-weight options with cgroups v1
2021-01-07 11:27:42 -08:00
Brian Goff a86662d461
Merge pull request #2913 from albers/completion-fluentd-options
Update bash completion for fluentd --log-options
2021-01-07 11:25:38 -08:00
Brian Goff 273217915a
Merge pull request #2914 from albers/completion-dockerd--ip6tables
Add bash completion for `dockerd --ip6tables`
2021-01-07 11:25:11 -08:00
Brian Goff e8f3dfa677
Merge pull request #2912 from albers/completion-run--pull
Add bash completion for `docker run|create --pull`
2021-01-07 11:24:53 -08:00
Sebastiaan van Stijn fb2ea098a9
deprecate blkio-weight options with cgroups v1
These options were deprecated and removed in the Linux kernel v5.0 and up in;

- f382fb0bce
- fb5772cbfe
- 23aa16489c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-07 11:27:23 +01:00
Sebastiaan van Stijn 1054d0cd9f
Merge pull request #2915 from rochfeu/patch-1
Remove duplicate word in push.md
2021-01-06 14:50:23 +01:00
rochfeu 69b5487e39 Remove duplicate word in push.md
Signed-off-by: Roch Feuillade <roch.feuillade@pandobac.com>
2021-01-06 14:40:19 +01:00
Sebastiaan van Stijn 2f20bf490e
Merge pull request #2885 from flant/fix-context-dockerfile-from-stdin-with-buildkit
Fix reading context and dockerfile from stdin with BuildKit
2021-01-06 14:30:51 +01:00
Harald Albers ba2fef9bcb Add bash completion for `dockerd --ip6tables`
Signed-off-by: Harald Albers <github@albersweb.de>
2021-01-05 22:31:07 +00:00
Harald Albers 5a252fb3ad Update bash completion for fluentd --log-options
Signed-off-by: Harald Albers <github@albersweb.de>
2021-01-05 22:04:36 +00:00
Harald Albers 8242fe1fcc Add bash completion for `docker run|create --pull`
Signed-off-by: Harald Albers <github@albersweb.de>
2021-01-05 21:43:53 +00:00
Silvin Lubecki 2560cc664b
Merge pull request #2887 from albers/completion-jobs
Add bash completion for jobs
2021-01-05 12:07:17 +01:00
Christopher Svensson b04241d95a
Removed format flag for inspect
Signed-off-by: Christopher Svensson <stoffus@stoffus.com>
2021-01-05 08:29:26 +01:00
Christopher Svensson 584c08e1fe
Added zsh completion for docker context subcommands
Signed-off-by: Christopher Svensson <stoffus@stoffus.com>
2021-01-05 08:29:26 +01:00
Tibor Vass 2291f610ae
Merge pull request #2886 from thaJeztah/bump_buildkit
vendor: BuildKit v0.8.1, Engine v20.10.1
2020-12-22 09:32:20 -08:00
Sebastiaan van Stijn 6c97008f67
Merge pull request #2896 from ccouzens/patch-2
Fix link to docker build with squash experiment
2020-12-22 16:27:26 +01:00
Silvin Lubecki 1f0dff6752
Merge pull request #2883 from elboulangero/fix-container-creation-time-in-tests
Fix container creation time in test/builders
2020-12-22 14:18:49 +01:00
Chris Couzens 5e430753f2
Fix link to docker build with squash experiment
Signed-off-by: Chris Couzens <ccouzens@gmail.com>
2020-12-18 22:33:02 +00:00
Arnaud Rebillout 6e2607c6a6 Rename bin/md2man to bin/go-md2man
In the recent PR !2877, some code was added to check if md2man is
already installed in the build environment. This is to cater to the
needs of Linux distributions.

However it turns out that Linux distributions install md2man as
bin/go-md2man instead of bin/md2man, hence the PR !2877 doesn't help
much.

This commit fixes it by settling on using the binary name go-md2man.

For reference, here the file list of the package go-md2man in several
distributions:

- Debian: <https://packages.debian.org/sid/amd64/go-md2man/filelist>
- Ubuntu: <https://packages.ubuntu.com/hirsute/amd64/go-md2man/filelist>
- Fedora: <https://fedora.pkgs.org/31/fedora-x86_64/golang-github-cpuguy83-md2man-2.0.0-0.4.20190624gitf79a8a8.fc31.x86_64.rpm.html>
- ArchLinux: <https://www.archlinux.org/packages/community/x86_64/go-md2man/>

Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>
2020-12-16 10:20:00 +07:00
Arnaud Rebillout 4d6bc775b3 Fix container creation time in test/builders
The created time of the containerd is initialized with nanoseconds,
it seems to be a mistake.

In other places of the code, this field is initialized with seconds:

    $ grep -rh 'time\.Now()\.Unix()' | grep Created
    Created: time.Now().Unix(),
    Created: time.Now().Unix(),
    return []image.HistoryResponseItem{{ID: img, Created: time.Now().Unix()}}, nil

We can also see the the formatter assumes it to be seconds:

    cli/command/formatter/container.go
    ----
    func (c *ContainerContext) CreatedAt() string {
        return time.Unix(c.c.Created, 0).String()
    }

Interestingly, initializing the field with nanoseconds seems to work,
except on mips architecture, where it causes some kind of overflow.

~~~~
=== Failed
=== FAIL: cli/command/container TestContainerListWithoutFormat (0.00s)
    list_test.go:183: assertion failed:
        --- expected
        +++ actual
        @@ -1,7 +1,7 @@
         CONTAINER ID   IMAGE            COMMAND   CREATED                  STATUS        PORTS                NAMES
        -container_id   busybox:latest   "top"     Less than a second ago   Up 1 second                        c1
        -container_id   busybox:latest   "top"     Less than a second ago   Up 1 second                        c2
        -container_id   busybox:latest   "top"     Less than a second ago   Up 1 second   80-82/tcp            c3
        -container_id   busybox:latest   "top"     Less than a second ago   Up 1 second   81/udp               c4
        -container_id   busybox:latest   "top"     Less than a second ago   Up 1 second   8.8.8.8:82->82/tcp   c5
        +container_id   busybox:latest   "top"     -153722867 minutes ago   Up 1 second                        c1
        +container_id   busybox:latest   "top"     -153722867 minutes ago   Up 1 second                        c2
        +container_id   busybox:latest   "top"     -153722867 minutes ago   Up 1 second   80-82/tcp            c3
        +container_id   busybox:latest   "top"     -153722867 minutes ago   Up 1 second   81/udp               c4
        +container_id   busybox:latest   "top"     -153722867 minutes ago   Up 1 second   8.8.8.8:82->82/tcp   c5

=== FAIL: cli/command/container TestContainerListNoTrunc (0.00s)
    list_test.go:198: assertion failed:
        --- expected
        +++ actual
        @@ -1,4 +1,4 @@
         CONTAINER ID   IMAGE            COMMAND   CREATED                  STATUS        PORTS     NAMES
        -container_id   busybox:latest   "top"     Less than a second ago   Up 1 second             c1
        -container_id   busybox:latest   "top"     Less than a second ago   Up 1 second             c2,foo/bar
        +container_id   busybox:latest   "top"     -153722867 minutes ago   Up 1 second             c1
        +container_id   busybox:latest   "top"     -153722867 minutes ago   Up 1 second             c2,foo/bar
~~~~

Logs above taken from:
https://buildd.debian.org/status/fetch.php?pkg=docker.io&arch=mipsel&ver=20.10.0%7Erc1%2Bdfsg3-1&stamp=1606895899

~~~~
=== RUN   TestChtimesLinux
    chtimes_linux_test.go:87: Expected: 2262-04-11 23:47:16 +0000 UTC, got: 1990-01-27 10:50:44 +0000 UTC
--- FAIL: TestChtimesLinux (0.00s)
=== RUN   TestChtimes
    chtimes_test.go:92: Expected: 2262-04-11 23:47:16 +0000 UTC, got: 1990-01-27 10:50:44 +0000 UTC
--- FAIL: TestChtimes (0.00s)
~~~~

Logs above taken from:
https://buildd.debian.org/status/fetch.php?pkg=docker.io&arch=mips64el&ver=20.10.0%7Erc1%2Bdfsg3-1&stamp=1606895622

Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>
2020-12-16 08:55:29 +07:00
Harald Albers a4e86b5433 Add bash completion for jobs
Signed-off-by: Harald Albers <github@albersweb.de>
2020-12-15 21:00:36 +00:00