Commit Graph

8713 Commits

Author SHA1 Message Date
Sebastiaan van Stijn c312c85753
Merge pull request #3850 from thaJeztah/bump_go_1.19.3
Update to Go 1.19.3 to address CVE-2022-41716
2022-11-07 14:28:07 +01:00
Sebastiaan van Stijn c855e4ba3b
vendor: gotest.tools/v3 v3.4.0
- removes github.com/spf13/pflag dependency
- removes use of deprecated io/ioutil package
- drops support for go1.16

full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.3.0...v3.4.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-05 23:25:29 +01:00
Sebastiaan van Stijn 46ba87dcf1
vendor: github.com/google/go-cmp v0.5.9 to remove golang.org/x/xerrors
full diff: https://github.com/google/go-cmp/compare/v0.5.7...v0.5.9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-05 23:24:04 +01:00
Sebastiaan van Stijn 85eee32f4c
Update to Go 1.19.3 to address CVE-2022-41716
On Windows, syscall.StartProcess and os/exec.Cmd did not properly
    check for invalid environment variable values. A malicious
    environment variable value could exploit this behavior to set a
    value for a different environment variable. For example, the
    environment variable string "A=B\x00C=D" set the variables "A=B" and
    "C=D".

    Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this
    issue.

    This is CVE-2022-41716 and Go issue https://go.dev/issue/56284.

This Go release also fixes https://github.com/golang/go/issues/56309, a
runtime bug which can cause random memory corruption when a goroutine
exits with runtime.LockOSThread() set. This fix is necessary to unblock
work to replace certain uses of pkg/reexec with unshared OS threads.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-05 17:39:57 +01:00
Sebastiaan van Stijn 8a19043cc7
Merge pull request #3798 from thaJeztah/gofumpt_linting
Use gofumpt if available, and enable gofumpt linter
2022-11-04 19:04:51 +01:00
Sebastiaan van Stijn ceecf3048c
Merge pull request #3841 from thaJeztah/bump_cobra
go.mod: github.com/spf13/cobra v1.6.1
2022-11-04 10:17:17 +01:00
CrazyMax 997846918e
build: keep "buildx install" behavior
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-11-04 08:42:34 +01:00
CrazyMax d1cabdff99
build: set default context builder if not specified
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-11-04 08:42:34 +01:00
CrazyMax 8dec4bcce8
cleanup leftovers for --stream build flag
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-11-04 08:16:04 +01:00
Sebastiaan van Stijn d978d0dd5a
go.mod: github.com/spf13/cobra v1.6.1
full diff: https://github.com/spf13/cobra/compare/v1.5.0...v1.6.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-03 14:51:12 +01:00
Sam Thibault 3dfef7691e
Merge pull request #3662 from dperny/cluster-volumes-compose
Add compose support for cluster volumes
2022-11-02 18:57:08 +01:00
Drew Erny 02e7826923 Add compose support for cluster volumes
Signed-off-by: Drew Erny <derny@mirantis.com>
2022-11-02 11:27:06 -05:00
Sam Thibault a3e047778b
Merge pull request #3838 from dvdksn/docs/update-run-reference
docs: update link to docker cp
2022-11-02 11:38:35 +01:00
David Karlsson 7c0d6ecf64 docs: update link to docker cp
Signed-off-by: David Karlsson <david.karlsson@docker.com>
2022-10-31 20:24:44 +01:00
Sam Thibault 3ee1f48cb0
Merge pull request #3837 from dvdksn/docs/update-run-reference
Docs: update run reference
2022-10-31 14:56:43 +01:00
Djordje Lukic bfcadab0be docs: improved docker run cli reference
Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
Signed-off-by: David Karlsson <david.karlsson@docker.com>
2022-10-31 13:54:50 +01:00
Luis Henrique Mulinari 684dcd7b63
Fix the max-concurrent-downloads and max-concurrent-uploads configs documentation
This fix tries to address issues raised in moby/moby#44346.
The max-concurrent-downloads and max-concurrent-uploads limits are applied for the whole engine and not for each pull/push command.

Signed-off-by: Luis Henrique Mulinari <luis.mulinari@gmail.com>
2022-10-28 16:31:27 +01:00
Sebastiaan van Stijn 4e05b45a90
Merge pull request #3831 from crazy-max/fix-docs-links
docs: fix links to BuildKit backend
2022-10-25 13:28:02 -04:00
CrazyMax a7717513b3
docs: fix links to BuildKit backend
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-10-25 11:54:35 +02:00
Sebastiaan van Stijn 110c4d92b8
Merge pull request #3827 from thaJeztah/go1.18_compat
vendor: docker 5aac513617f072b15322b147052cbda0d451d389 / v22.06-dev
2022-10-22 00:52:14 +02:00
Sebastiaan van Stijn 67e6ba0d09
vendor: docker 5aac513617f072b15322b147052cbda0d451d389 / v22.06-dev
This restores compatibility with go1.18, which was broken since commit;
c062238ea4

cmd.Environ() is new in go1.19, and not needed for this specific case.
Without this, trying to use this package in code that uses go1.18 will fail;

    builder/remotecontext/git/gitutils.go:216:23: cmd.Environ undefined (type *exec.Cmd has no field or method Environ)

Changing to use `os.Environ()` instead restores compatibility with go1.18

Full diff: f9cb47a052...5aac513617

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-21 20:51:43 +02:00
Sebastiaan van Stijn 3eb9976a68
Merge pull request #3823 from thaJeztah/update_engine2
vendor: docker v20.10.3-0.20221021122114-f9cb47a052b (22.06 branch)
2022-10-21 16:09:20 +02:00
Sebastiaan van Stijn 5d78cc13a4
vendor: docker v20.10.3-0.20221021122114-f9cb47a052b (22.06 branch)
full diff: 87d9d96ab0...f9cb47a052

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-21 15:37:21 +02:00
Sebastiaan van Stijn c4d3fa2aaf
Merge pull request #3815 from thaJeztah/update_engine
vendor: docker v20.10.3-0.20221006185438-87d9d96ab0b6 (v22.06-dev)
2022-10-21 15:31:45 +02:00
Sebastiaan van Stijn 6fe31557cb
vendor: docker v20.10.3-0.20221006185438-87d9d96ab0b6 (v22.06-dev)
full diff: e143eed8bc...87d9d96ab0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-21 15:15:11 +02:00
Sebastiaan van Stijn 1a1377e981
Merge pull request #3821 from tianon/unexperimental-platform
Remove "experimental" gates around "--platform" in bash completion
2022-10-21 15:09:56 +02:00
Tianon Gravi 9505330b07 Remove "experimental" gates around "--platform" in bash completion
The `--platform` flag has been out of experimental for a while now. 🎉

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
2022-10-19 14:25:24 -07:00
Sebastiaan van Stijn 247f568117
Merge pull request #3819 from thaJeztah/bump_buildkit
vendor: github.com/moby/buildkit v0.10.5
2022-10-19 10:03:40 +02:00
Sebastiaan van Stijn 8d279de433
Merge pull request #3817 from bishal7679/runc-fix
Fixed the debugging plugin command  `docker-runc`
2022-10-18 23:27:10 +02:00
Sebastiaan van Stijn 759f3aa10f
vendor: github.com/moby/buildkit v0.10.5
https://github.com/moby/buildkit/releases/tag/v0.10.5

no changes to vendored code

full diff: https://github.com/moby/buildkit/compare/v0.10.4...v0.10.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-18 22:43:12 +02:00
Bishal Das 3da9499e50 fixed the plugin command docker-runc
Signed-off-by: Bishal Das <bishalhnj127@gmail.com>
2022-10-15 00:14:16 +05:30
Sebastiaan van Stijn 1d6c6e2367
Merge pull request #3130 from acouvreur/master
feat(zsh): add context argument completion
2022-10-13 15:24:13 +02:00
mspiess 68330e099a add ability to override ints in compose files with 0
Signed-off-by: Marco Spiess <marco.spiess@hotmail.de>
2022-10-12 20:57:46 +02:00
Sebastiaan van Stijn ed525aa322
Merge pull request #3806 from thaJeztah/deprecate_override_kernel_check
docs: update deprecation status for "overlay2.override_kernel_check"
2022-10-12 17:27:25 +02:00
Sebastiaan van Stijn f947138333
Merge pull request #3808 from thaJeztah/docs_update_confusing_example
docs/reference: run.md update confusing example name
2022-10-11 18:24:59 +02:00
Sebastiaan van Stijn aea2a8c410
docs/reference: run.md update confusing example name
This example was mounting `/dev/zero` as `/dev/nulo` inside the container.
The `nulo` name was intended to be a "made up / custom" name, but various
readers thought it to be a typo for `/dev/null`.

This patch updates the example to use `/dev/foobar` as name, which should
make it more clear that it's a custom name.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-11 00:34:49 +02:00
Sebastiaan van Stijn bacc5e3aad
docs: update deprecation status for "overlay2.override_kernel_check"
Commit 955c1f881a
(v17.12.0) replaced detection of support for multiple lowerdirs (as required by
overlay2) to not depend on the kernel version. The `overlay2.override_kernel_check`
was still used to print a warning that older kernel versions may not have full
support.

After this, e226aea280
(v20.10, but backported to v19.03.7) removed uses of the option altogether.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-10 14:33:34 +02:00
Sebastiaan van Stijn 8d807a045c
Merge pull request #3805 from debfx/docs-security-opt
docs: use correct separator in --security-opt
2022-10-09 15:34:30 +02:00
Felix Geyer 4648c00848 docs: use correct separator in --security-opt
> Security options with `:` as a separator are deprecated and will be completely unsupported in 17.04, use `=` instead.

Signed-off-by: Felix Geyer <debfx@fobos.de>
2022-10-09 12:54:20 +02:00
Sebastiaan van Stijn d0bd373986
Merge pull request #3799 from thaJeztah/bump_go_1.19.2
Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
2022-10-04 23:23:15 +02:00
Sebastiaan van Stijn 485f1f79c5
Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
From the mailing list:

We have just released Go versions 1.19.2 and 1.18.7, minor point releases.

These minor releases include 3 security fixes following the security policy:

- archive/tar: unbounded memory consumption when reading headers

  Reader.Read did not set a limit on the maximum size of file headers.
  A maliciously crafted archive could cause Read to allocate unbounded
  amounts of memory, potentially causing resource exhaustion or panics.
  Reader.Read now limits the maximum size of header blocks to 1 MiB.

  Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue.

  This is CVE-2022-2879 and Go issue https://go.dev/issue/54853.

- net/http/httputil: ReverseProxy should not forward unparseable query parameters

  Requests forwarded by ReverseProxy included the raw query parameters from the
  inbound request, including unparseable parameters rejected by net/http. This
  could permit query parameter smuggling when a Go proxy forwards a parameter
  with an unparseable value.

  ReverseProxy will now sanitize the query parameters in the forwarded query
  when the outbound request's Form field is set after the ReverseProxy.Director
  function returns, indicating that the proxy has parsed the query parameters.
  Proxies which do not parse query parameters continue to forward the original
  query parameters unchanged.

  Thanks to Gal Goldstein (Security Researcher, Oxeye) and
  Daniel Abeles (Head of Research, Oxeye) for reporting this issue.

  This is CVE-2022-2880 and Go issue https://go.dev/issue/54663.

- regexp/syntax: limit memory used by parsing regexps

  The parsed regexp representation is linear in the size of the input,
  but in some cases the constant factor can be as high as 40,000,
  making relatively small regexps consume much larger amounts of memory.

  Each regexp being parsed is now limited to a 256 MB memory footprint.
  Regular expressions whose representation would use more space than that
  are now rejected. Normal use of regular expressions is unaffected.

  Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue.

  This is CVE-2022-41715 and Go issue https://go.dev/issue/55949.

View the release notes for more information: https://go.dev/doc/devel/release#go1.19.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-04 20:51:47 +02:00
Sebastiaan van Stijn c2f1671595
Use gofumpt if available, and enable gofumpt linter
gofumpt provides a supserset of gofmt / go fmt, but not every developer may have
it installed, so for situations where it's not available, fall back to gofmt.

As our code has been formatted with gofumpt already, in most cases contributions
will follow those formatting rules, but in some cases there may be a difference,
which would already be flagged by manual code review, but let's also enable the
gofumpt linter.

With this change, `make fmt` will use gofumpt is available; gofumpt has been
added to the dev-container, so `make -f docker.Makefile fmt` will always use it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 19:14:36 +02:00
Sebastiaan van Stijn 616124525e
format go with gofumpt (with -lang=1.19)
Looks like the linter uses an explicit -lang, which (for go1.19)
results in some additional formatting for octal values.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 19:14:36 +02:00
Sebastiaan van Stijn 65438e008c
Merge pull request #3794 from thaJeztah/use_gofumpt
format code with gofumpt
2022-09-30 13:50:51 +02:00
Sebastiaan van Stijn 1da95ff6aa
format code with gofumpt
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:59:11 +02:00
Sebastiaan van Stijn fed93645f1
Merge pull request #3796 from thaJeztah/add_is_plugincommand_utility
cli-plugins/manager: add IsPluginCommand(() utility
2022-09-30 11:58:54 +02:00
Sebastiaan van Stijn a5c8d39a15
Merge pull request #3790 from thaJeztah/context_cleanup
context: various cleanups and improvements
2022-09-30 11:54:39 +02:00
Sebastiaan van Stijn cd7c493ea2
cli/context/store: rename removeAllContextData(), removeAllEndpointData()
The existing `remove()` was unused, and using that as name makes it more
consistent with the metadata-store. Also renaming `removeAllEndpointData`
to just `removeEndpoint`, as it's part of the TLS-store, which should already
make it clear it's about (TLS)data.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:19:26 +02:00
Sebastiaan van Stijn 09c94c1c21
cli/context/store: List(): don't interrupt listing for not-found errors
There's no reason to stop listing contexts if a context does not exist
while iterating over the directories,

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:19:26 +02:00
Sebastiaan van Stijn 951bb481c0
cli/context/store: New(): return concrete type
Go conventions are for interfaces to be defined on the receiver side,
and for producers to return concrete types. This patch changes the
constructor to return a concrete type.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:19:25 +02:00