Docker special-cases build-contexts starting with `github.com`, and
treats them as remote URLs.
Because of this special treatment, local build contexts in a directory
named "github.com" are ignored by `docker build`.
This patch changes the way the build-context is detected and first
checks if a local path with the given name exists before considering
it to be a remote URL.
Before this change;
$ mkdir -p github.com/foo/bar && echo -e "FROM scratch\nLABEL iam=local" > github.com/foo/bar/Dockerfile
$ docker build -t dont-ignore-me github.com/foo/bar
Username for 'https://github.com':
After this change;
$ mkdir -p github.com/foo/bar && echo -e "FROM scratch\nLABEL iam=local" > github.com/foo/bar/Dockerfile
$ docker build -t dont-ignore-me github.com/foo/bar
Sending build context to Docker daemon 2.048 kB
Step 1/2 : FROM scratch
--->
Step 2/2 : LABEL iam local
---> Using cache
---> ae2c603fe970
Successfully built ae2c603fe970
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When Size was reverted to be equal to VirtualSize, the df command
formatter was not correctly updated to account for the change.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This fix tries to fix the issue in 30279 where `docker ps --format`
fails if `.Label` has args. For example:
```
docker ps --format '{{.ID}}\t{{.Names}}\t{{.Label "some.label"}}'
```
The reason for the failure is that during the preprocessing phase
to detect the existance of `.Size`, the `listOptionsProcessor`
does not has a method of `Label(name string) string`.
This results in the failure of
```
template: :1:24: executing "" at <.Label>: Label is not a method but has arguments
```
This fix fixes the issue by adding needed method of `Label(name string) string`.
This fix fixes 30279.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Commit ed13c3abfb242905ec012e8255dc6f26dcf122f6 added flags
for Docker Content Trust. Depending on the `verify` boolean,
the message is "Skip image verification", or "Skip image signing".
"Signing" is intended for `docker push` / `docker plugin push`.
During the migration to Cobra, this boolean got flipped for
`docker push` (9640e3a4514f96a890310757a09fd77a3c70e931),
causing `docker push` to show the incorrect flag description.
This patch changes the flags to use the correct description
for `docker push`, and `docker plugin push`.
To prevent this confusion in future, the boolean argument
is removed, and a `AddTrustSigningFlags()` function is added.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix tries to address the enhancement discussed in 28735 to add
`--format` for the output of `docker plugin ls`.
This fix
1. Add `--format` and `--quiet` flags to `docker plugin ls`
2. Convert the current implementation to use `formatter`, consistent with
other docker list commands.
3. Add `pluginsFormat` for config.json.
Related docs has been updated.
Several unit tests have been added to cover the changes.
This fix is related to 28708 and 28735.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Use resolving to repo info as the split point between the
legitimate reference package and forked reference package.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
How to test (it should not print `{}`, and just returns JSON with the actual data):
$ docker images --format '{{json .}}'
$ docker container stats --format '{{json .}}'
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Docker 1.13 moves the `--rm` flag to the daemon,
through an AutoRemove option in HostConfig.
When using API 1.24 and under, AutoRemove should not be
used, even if the daemon is version 1.13 or above and
"supports" this feature.
This patch fixes a situation where an 1.13 client,
talking to an 1.13 daemon, but using the 1.24 API
version, still set the AutoRemove property.
As a result, both the client _and_ the daemon
were attempting to remove the container, resulting
in an error:
ERRO[0000] error removing container: Error response from daemon:
removal of container ce0976ad22495c7cbe9487752ea32721a282164862db036b2f3377bd07461c3a
is already in progress
In addition, the validation of conflicting options
is moved from `docker run` to `opts.parse()`, so
that conflicting options are also detected when
running `docker create` and `docker start` separately.
To resolve the issue, the `AutoRemove` option is now
always set to `false` both by the client and the
daemon, if API version 1.24 or under is used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch fixed below 4 types of code line
1. Remove unnecessary variable assignment
2. Use variables declaration instead of explicit initial zero value
3. Change variable name to underbar when variable not used
4. Add erro check and return for ignored error
Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>
The prune PR changed the meaning of the file to mean "space on disk
only unique to this image", this PR revert this change.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This fix adds a new flag `--availability` to `swarm join`.
Related documentation has been updated.
An integration test has been added.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in 24596 where it was not
possible to join as manager only (`--availability=drain`).
This fix adds a new flag `--availability` to `swarm join`.
Related documentation has been updated.
An integration test has been added.
NOTE: Additional pull request for swarmkit and engine-api will
be created separately.
This fix fixes 24596.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
- Make sure we use the correct network name for external ones.
- Make the default network overridable and only creates networks that
are used by services — so that default network is only created if a
service doesn't declare a network.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Start work on adding unit tests to our cli code in order to have to
write less costly integration test.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
The `digest` data type, used throughout docker for image verification
and identity, has been broken out into `opencontainers/go-digest`. This
PR updates the dependencies and moves uses over to the new type.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
This fix tries to add a placeholder `.CreatedAt` for Go
format template in `docker network ls --format`.
While working on 29226, I noticed that it is not possible to
display network's creation time in `docker network ls`, with or
without `--format`.
We are able to find the timestamp through `docker network inspect` though.
However, as we allows networks to be pruned based on the timestamp
(see 29226), showing the timestamp in `docker network ls --format`
would be much useful now.
This fix adds the `.CreatedAt` placeholder for `docker network ls --format`.
The default output was not changed for `docker network ls --format`.
A test case for unit tests has been added.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix is a follow up for comment
https://github.com/docker/docker/pull/28535#issuecomment-263215225
This fix provides `--filter until=<timestamp>` for `docker container/image prune`.
This fix adds `--filter until=<timestamp>` to `docker container/image prune`
so that it is possible to specify a timestamp and prune those containers/images
that are earlier than the timestamp.
Related docs has been updated
Several integration tests have been added to cover changes.
This fix fixes#28497.
This fix is related to #28535.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Signed-off-by: John Howard <jhoward@microsoft.com>
When building a Dockerfile from a Windows client on a Linux daemon, a
"security warning" is printed
on stderr. Having this warning printed on stderr makes it difficult to
distinguish a failed build from one that's succeeding, and the only way to
suppress the warning is through the -q option, which also suppresses every
output. This change prints the warning on stdout, instead of stderr, to
resolve this situation.
When using both `--secret-rm` and `--secret-add` on `docker service update`,
`--secret-rm` was always performed last. This made it impossible to update
a secret that was already in use on a service (for example, to change
it's permissions, or mount-location inside the container).
This patch changes the order in which `rm` and `add` are performed,
allowing updating a secret in a single `docker service update`.
Before this change, the `rm` was always performed "last", so the secret
was always removed:
$ echo "foo" | docker secret create foo -f -
foo
$ docker service create --name myservice --secret foo nginx:alpine
62xjcr9sr0c2hvepdzqrn3ssn
$ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
myservice
$ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
null
After this change, the `rm` is performed _first_, allowing users to
update a secret without updating the service _twice_;
$ echo "foo" | docker secret create foo -f -
1bllmvw3a1yaq3eixqw3f7bjl
$ docker service create --name myservice --secret foo nginx:alpine
lr6s3uoggli1x0hab78glpcxo
$ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
myservice
$ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
[
{
"File": {
"Name": "foo2",
"UID": "0",
"GID": "0",
"Mode": 292
},
"SecretID": "tn9qiblgnuuut11eufquw5dev",
"SecretName": "foo"
}
]
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In #28507 and #28885, `docker service/node ps -a` has been removed so that
information about slots are show up even without `-a` flag.
The output of `docker stack ps` reused the same output as `docker service/node ps`.
However, the `-a` was still there. It might make sense to remove `docker stack ps -a`
as well to bring consistency with `docker service/node ps`.
This fix is related to #28507, #28885, and #25983.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This change does some minor cleanups in the
cli/command/container package;
- sort imports
- replace `fmt.Fprintf()` with `fmt.Fprintln()` if no formatting is used
- replace `fmt.Errorf()` with `errors.New()` if no formatting is used
- remove some redundant `else`'s
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
… or could be in `opts` package. Having `runconfig/opts` and `opts`
doesn't really make sense and make it difficult to know where to put
some code.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Move plugins to shared distribution stack with images.
Create immutable plugin config that matches schema2 requirements.
Ensure data being pushed is same as pulled/created.
Store distribution artifacts in a blobstore.
Run init layer setup for every plugin start.
Fix breakouts from unsafe file accesses.
Add support for `docker plugin install --alias`
Uses normalized references for default names to avoid collisions when using default hosts/tags.
Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
When plugins have a positive refcount, they were not allowed to be
removed. However, plugins could still be disabled when volumes
referenced it and containers using them were running.
This change fixes that by enforcing plugin refcount during disable.
A "force" disable option is also added to ignore reference refcounting.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
This fix tries to address issue raised in 25228 to support
multiple service IDs on `docker service ps`.
Multiple IDs are allowed with `docker service ps ...`, and
related documentation has been updated.
A test has been added to cover the changes.
This fix fixes 25228.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix is a follow up for comment:
https://github.com/docker/docker/pull/29186/files#r91277345
While #29186 addresses the issue of `docker inspect <unknown object>`
on Windows, it actually makes `docker plugin inspect <unknown object>`
out `object not found` on Windows as well. This is actually misleading
as plugin is not supported on Windows.
This fix reverted the change in #29186 while at the same time,
checks `not supported` in `docker inspect <unknown object>` so that
- `docker plugin inspect <unknown object>` returns `not supported` on Windows
- `docker inspect <unknown object>` returns `not found` on Windows
This fix is related to #29186 and #29185.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in 29291 where
the output of `--replicas` in `service create/update`:
```
--replicas uint Number of tasks (default none)
```
is misleading. User might incorrectly assume the number of replicas
would be `0` (`none`) by default, while the actual default is `1`.
The issue comes from the fact that some of the default values are
from daemon and it is not possible for client to find out the default
value.
In this case, it might be better to just simply not displaying `(default none)`.
This fix returns "" for `Uint64Opt` so that `(default none)` is hidden.
In addition to `--replicas`, this fix also changes
`--restart-delay`, `--restart-max-attempts`, `--stop-grace-period`,
`--health-interval`, `--health-timeout`, and `--restart-window`
in a similiar fashion.
New Output:
```
--health-interval duration Time between running the check (ns|us|ms|s|m|h)
--health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h)
...
--replicas uint Number of tasks
...
--restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h)
--restart-max-attempts uint Maximum number of restarts before giving up
--restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h)
...
--stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h)
```
The docs has been updated. Note the docs for help output of `service create/update`
is out of sync with the current master. This fix replace with the update-to-date
help output.
This fix fixes 29291.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Move configurations into a single file.
Abstract download manager in pull config.
Add supports for schema2 only and schema2 type checking.
Add interface for providing push layers.
Abstract image store to generically handle configurations.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
The `docker logs` command performed a
client-side check if the container's
logging driver was supported.
Now that we allow the client to connect
to both "older" and "newer" daemon versions,
this check is best done daemon-side.
This patch remove the check on the client
side, and leaves validation to the daemon,
which should be the source of truth.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While looking into `docker stats <c1> <c2> ...` I noticed that
the error output is quite long, especially if there are multiple errors:
```sh
ubuntu@ubuntu:~/docker$ docker stats nofound
: Error response from daemon: No such container: nofound
ubuntu@ubuntu:~/docker$ docker stats nofound foo bar
: Error response from daemon: No such container: nofound, : Error response from daemon: No such container: foo, : Error response from daemon: No such container: bar
```
There are several issues,
1. There is an extra `: ` at the beginning. That is because if container is not found,
the name will not be available from the daemon.
2. Multiple errors are concatenated with `, ` which will be quite long.
This fix:
1. Only prient out the error from daemon.
2. Multiple errors are printed out line by line.
Below is the new output:
```sh
ubuntu@ubuntu:~/docker$ docker stats nofound
Error response from daemon: No such container: nofound
ubuntu@ubuntu:~/docker$ docker stats nofound foo bar
Error response from daemon: No such container: nofound
Error response from daemon: No such container: foo
Error response from daemon: No such container: bar
```
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
check to see if the node is part of a swarm, and if so, if it is unlocked first.
If neither of these are true, abort the command.
Signed-off-by: Ying Li <ying.li@docker.com>
the "docker swarm leave" command description
mentioned that the command can only be used
for workers, however, the command can also
be used for managers (using the `-f` / `--force`
option).
this patch removes the "(workers only)" part
of the command description.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The top-level `docker inspect` command could return
an error if the nodes Swarm certificates were expired.
In situations where the user did not explicitly
ask for an object-type (`--type=foo`), we should
ignore these errors, and consider them equal to
"node is not a swarm manager".
This change makes `docker inspect` ignore these
errors if no type was specified.
As a further optimization, the "swarm status"
result is now stored in a variable, so that
other swarm-specific API calls can be skipped.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix tries to address the issue raised in 28581 and 28927
where it is not possible to create a secret from a file (only
through STDIN).
This fix add a flag `--file` to `docker secret create` so that
it is possible to create a secret from a file with:
```
docker secret create --file secret.in secret.name
```
or
```
echo TEST | docker secret create --file - secret.name
```
Related docs has been updated.
An integration test has been added to cover the changes.
This fix fixes 28581.
This fix is related to 28927.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in 24352. Previously,
when `docker swarm update` has no flags, the output is
```
Swarm updated.
```
even though nothing was updated. This could be misleading for
users.
This fix tries to address the issue by adding a `PreRunE` function
in the command so that in case no flag is provided (`cmd.Flags().NFlag() == 0`),
the usage will be outputed instead.
An integration has been added to cover the changes.
This fix fixes 24352.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
`--publish-add 8081:81 --publish-add 8082:82 --publish-rm 80
--publish-rm 81/tcp --publish-rm 82/tcp` would thus result in 81 and
82 to be published.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This reverts 26103. 26103 was trying to make it so that if someone did:
docker build --build-arg FOO .
and FOO wasn't set as an env var then it would pick-up FOO from the
Dockerfile's ARG cmd. However, it went too far and removed the ability
to specify a build arg w/o any value. Meaning it required the --build-arg
param to always be in the form "name=value", and not just "name".
This PR does the right fix - it allows just "name" and it'll grab the value
from the env vars if set. If "name" isn't set in the env then it still needs
to send "name" to the server so that a warning can be printed about an
unused --build-arg. And this is why buildArgs in the options is now a
*string instead of just a string - 'nil' == mentioned but no value.
Closes#29084
Signed-off-by: Doug Davis <dug@us.ibm.com>
- Display the ID column
- Do not append the task ID in the name column
- (NEW): Truncate task IDs, unless --no-trunc is specified
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
This removes some very old vestigial code that really should have been
removed during the content addressability transition. It implements
something called "reference" but it behaves differently from the actual
reference package. This was only used by client-side content trust code,
and is relatively easy to extricate.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix tries to address the issue in 28884 where
it is possible to mask the secret ID by name.
The reason was that searching a secret is based on name.
However, searching a secret should be done based on:
- Full ID
- Full Name
- Partial ID (prefix)
This fix addresses the issue by changing related implementation
in `getCliRequestedSecretIDs()`
An integration test has been added to cover the changes.
This fix fixes 28884
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix convert DanglingOnly in ImagesPruneConfig to Filters,
so that it is possible to maintain API compatibility in the future.
Several integration tests have been added to cover changes.
This fix is related to 28497.
A follow up to this PR will be done once this PR is merged.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the enhancement proposed in 28708 to display
ID field for the output of `docker plugin ls`.
This fix add `ID` field to the output of `docker plugin ls`
Related docs has been updated.
This fix fixes 28708.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the proposal raised in 28946
to support plugins in `docker inspect`.
The command `docker inspect` already supports
"container", "image", "node", "network", "service", "volume", "task".
However, `--type plugin` is not supported yet at the moment.
This fix address this issue by adding the support of `--type plugin`
for `docker inspect`.
An additional integration test has been added to cover the changes.
This fix fixes 28946.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Currently `--publish-rm` only accepts `<TargetPort>` or `<TargetPort>[/Protocol]`
though there are some confusions.
Since `--publish-add` accepts `<PublishedPort>:<TargetPort>[/Protocol]`, some user
may provide `--publish-rm 80:80`. However, there is no error checking so the incorrect
provided argument is ignored silently.
This fix adds the check to make sure `--publish-rm` only accepts `<TargetPort>[/Protocol]`
and returns error if the format is invalid.
The `--publish-rm` itself may needs to be revisited to have a better UI/UX experience,
see discussions on:
https://github.com/docker/swarmkit/issues/1396https://github.com/docker/docker/issues/25200#issuecomment-236213242https://github.com/docker/docker/issues/25338#issuecomment-240787002
This fix is short term measure so that end users are not misled by the silently ignored error
of `--publish-rm`.
This fix is related to (but is not a complete fix):
https://github.com/docker/swarmkit/issues/1396
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
When UpdateStatus was not present, the empty values of the timestamps
would be present:
"UpdateStatus": {
"StartedAt": "0001-01-01T00:00:00Z",
"CompletedAt": "0001-01-01T00:00:00Z"
}
To fix this, make the timestamps pointers, so they can be set to nil
when they should not be shown.
Also make UpdateStatus itself a pointer, so an empty object does not
show up when there is no UpdateStatus.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix tries to address the issue raised in discussion of
PR 28735 where it was not possible to manage plugin based on
plugin ID. Previously it was not possible to invoke
`docker plugin inspect` with a plugin ID (or ID prefix).
This fix updates the implementation of `docker plugin inspect`
so that it is possbile to search based on a plugin name, or a
plugin ID. A short format of plugin ID (prefix) is also possible,
as long as there is no ambiguity.
Previously the check of `docker plugin inspect` was mostly done
on the client side. This could potentially cause inconsistency
between API and CMD. This fix move all the checks to daemon side
so that API and CMD will be consistent.
An integration test has been added to cover the changes.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>