Commit Graph

7509 Commits

Author SHA1 Message Date
Silvin Lubecki af097b2618
Merge pull request #2228 from thaJeztah/config_permissions
config: preserve ownership and permissions on configfile
2020-01-09 15:26:54 +01:00
Silvin Lubecki 02e2b95298
Merge pull request #2237 from thaJeztah/fix_build_binary_macos
Fix "make build" (non-containerized) on macOS
2020-01-09 15:20:23 +01:00
Silvin Lubecki 9afb0ea81d
Merge pull request #2242 from thaJeztah/bump_engine
vendor: bump docker and dependencies a9507c6f76627fdc092edc542d5a7ef4a6df5eec
2020-01-09 15:17:44 +01:00
Sebastiaan van Stijn 69b5c4c30c
Merge pull request #2218 from akhilerm/privileged-device-doc
35991 - Modify CLI docs to specify working of device flag
2020-01-09 14:57:02 +01:00
Nick Adcock 3baa6d57fa Refactor config and secret tests to table-driven
Refactors the config and secret unit tests to be table driven to remove
duplication

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2020-01-09 13:38:19 +00:00
Nick Adcock 9698b7a374 Default config/secret target to source name
When using advanced syntax for setting config and secret values, default
the target value to the source value when the user does not specify a
target.

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2020-01-09 13:38:19 +00:00
Nick Adcock 4c2d7b7f70 Detect single value advanced config/secret syntax
Allow the use of the advanced source=x syntax for config and secret values when there is no comma

Before this change the following would fail with config not found:
	docker service create --name hello1 --config source=myconfig nginx:alpine
And the following would fail with secret not found:
	docker service create --name hello2 --secret source=mysecret nginx:alpine

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2020-01-09 13:38:19 +00:00
Sebastiaan van Stijn 627a4cf7cc
vendor: bump docker/docker a9507c6f76627fdc092edc542d5a7ef4a6df5eec
full diff: a09e6e323e...a9507c6f76

Includes:

- moby/moby#40077 Update "auto-generate" comments to improve detection by linters
- moby/moby#40143 registry: add a critical section to protect authTransport.modReq
- moby/moby#40212 Move DefaultCapabilities() to caps package
- moby/moby#40021 Use newer x/sys/windows SecurityAttributes struct (carry 40017)
    - carries moby/moby#40017 Use newer x/sys/windows SecurityAttributes struct
- moby/moby#40135 pkg/system: make OSVersion an alias for hcsshim OSVersion
    - follow-up to moby/moby#39100 Use Microsoft/hcsshim constants and deprecate pkg/system.GetOsVersion()
- moby/moby#40250 Bump hcsshim to b3f49c06ffaeef24d09c6c08ec8ec8425a0303e2
- moby/moby#40243 Use certs.d from XDG_CONFIG_HOME when in rootless mode
    - fixes moby/moby#40236 Docker rootless dies when unable to read /etc/docker/certs.d
- moby/moby#40283 Fix possible runtime panic in Lgetxattr
- moby/moby#40178 builder/remotecontext: small refactor
- moby/moby#40179 builder/remotecontext: allow ssh:// for remote context URLs
    - fixes docker/cli#2164 Docker build cannot resolve git context with html escapes
- moby/moby#40302 client.ImagePush(): default to ":latest" instead of "all tags"
    - relates to docker/cli#2214 [proposal] change "docker push" behavior to default to ":latest" instead of "all tags"
    - relates to docker/cli#2220 implement docker push `-a`/ `--all-tags`
- moby/moby#40263 Normalize comment formatting
- moby/moby#40238 Allow client consumers like traefik to compile on illumos
- moby/moby#40108 bump google.golang.org/grpc v1.23.1
- moby/moby#40312 update vendor golang.org/x/sys to 6d18c012aee9febd81bbf9806760c8c4480e870d
- moby/moby#40247 pkg/system: deprecate constants in favor of golang.org/x/sys/windows
- moby/moby#40246 pkg/system: minor cleanups and remove use of deprecated system.GetOSVersion()
- moby/moby#40122 Update buildkit to containerd leases
    - vendor: update buildkit to leases support (4f4e03067523b2fc5ca2f17514a5e75ad63e02fb)
    - vendor: update containerd to acdcf13d5eaf0dfe0eaeabe7194a82535549bc2b
    - vendor: update runc to d736ef14f0288d6993a1845745d6756cfc9ddd5a (v1.0.0-rc9)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-07 10:28:38 +01:00
Sebastiaan van Stijn ece71412c0
vendor: bump buildkit 4f4e03067523b2fc5ca2f17514a5e75ad63e02fb
full diff: f7042823e3...4f4e030675

no changes to vendored files

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-07 10:28:21 +01:00
Sebastiaan van Stijn dff269b5e4
vendor: bump hcsshim b3f49c06ffaeef24d09c6c08ec8ec8425a0303e2
full diff: https://2226e083fc390003ae5aa8325c3c92789afa0e7a...b3f49c06ffaeef24d09c6c08ec8ec8425a0303e2

includes:

- microsoft/hcsshim#718 wclayer: Work around Windows bug when expanding sandbox size
    - fixes microsoft/hcsshim#708 Windows Host Compute Service bug breaks docker (and other) sandboxes bigger than 20G on Windows 1903
    - fixes microsoft/hcsshim#624The hcsshim on Windows 10 1903 always fails to build Docker image
    - fixes/addresses docker/for-win#3884 An error occurred while attempting to build Docker image (especially this comment and the next comments after: https://github.com/docker/for-win/issues/3884#issuecomment-498939672)
    - fixes/addresses docker/for-win#4100 Windows 1903 fails when storage-opt used
    - fixes moby/moby#36831 hcsshim::PrepareLayer failed in Win32: The parameter is incorrect (https://github.com/moby/moby/issues/36831#issuecomment-498612392)
    - fixes Stannieman/audacity-with-asio-builder#5 Docker won't build container
    - fixes MicrosoftDocs/visualstudio-docs#3523 Error when running build with storage-opts set
    - fixes moby/moby#39524 Docker build windows 19.03 --storage-opt size>20G

Note that this is a temporary workaround for a bug in the platform, and will be reverted once that is addressed:

- microsoft/hcsshim#721 Revert 718 when Windows 19H1 has expand sandbox fix

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-07 10:28:00 +01:00
Sebastiaan van Stijn b822062959
vendor: bump containerd acdcf13d5eaf0dfe0eaeabe7194a82535549bc2b
full diff: 36cf5b690d...acdcf13d5e

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-07 10:27:42 +01:00
Sebastiaan van Stijn ed8cacd6e0
vendor: bump runc v1.0.0-rc9
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-07 10:27:02 +01:00
Sebastiaan van Stijn 013151ff78
vendor: bump google.golang.org/grpc v1.23.1
full diff: https://github.com/grpc/grpc-go/compare/v1.23.0...v1.23.1

- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
    - Before the fix, if the timer to remove a SubConn fires at the
      same time NewSubConn cancels the timer, it caused a mutex leak
      and deadlock.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-07 10:26:47 +01:00
Sebastiaan van Stijn 268cc5df24
vendor: bump golang.org/x/sys 6d18c012aee9febd81bbf9806760c8c4480e870d
full diff: 9eafafc0a8...6d18c012ae

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-07 10:26:26 +01:00
Silvin Lubecki f7f4a19328
Merge pull request #2236 from thaJeztah/plugin_sorting
docker info: list CLI plugins alphabetically
2020-01-06 15:42:16 +01:00
Silvin Lubecki f870440c35
Merge pull request #2153 from thaJeztah/bump_containerd_1.3.0
bump containerd and dependencies to v1.3.0
2020-01-06 15:38:00 +01:00
Sebastiaan van Stijn 9efca8e7b4
Merge pull request #2231 from oscrx/patch-1
Change example networks
2020-01-06 15:25:53 +01:00
Sebastiaan van Stijn 43c131f0ae
Merge pull request #2238 from thaJeztah/carry_platform_docs
docs: document from platform (carry 2003)
2020-01-06 15:22:36 +01:00
Oscar Wieman 2d6aec78a1
Change example networks
Signed-off-by: Oscar Wieman <oscar@oscarr.nl>
2020-01-06 13:39:02 +01:00
Vincent Demeester a2e252c92a
Merge pull request #2234 from thaJeztah/bump_golang_1.12.14
Bump Golang 1.12.14
2020-01-06 10:47:47 +01:00
Vincent Demeester 389fa742ff
Merge pull request #2232 from thaJeztah/fixup_docker_ps_formatting
Fix some issues with docker ps --format
2020-01-06 10:46:33 +01:00
Tonis Tiigi ce42168940
docs: document from platform
Co-Authored-By: Tibor Vass <tiborvass@users.noreply.github.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-03 17:25:28 +01:00
Sebastiaan van Stijn 4beea58531
Bump Golang 1.12.14
go1.12.14 (released 2019/12/04) includes a fix to the runtime. See the Go 1.12.14
milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.12.14+label%3ACherryPickApproved

Update Golang 1.12.13
------------------------

go1.12.13 (released 2019/10/31) fixes an issue on macOS 10.15 Catalina where the
non-notarized installer and binaries were being rejected by Gatekeeper. Only macOS
users who hit this issue need to update.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-03 12:37:59 +01:00
Sebastiaan van Stijn ef37a8a57c
Fix "make build" (non-containerized) on macOS
macOS doesn't ship with the GNU version of `date`, which
causes the command to fail if the `--rfc-3339 ns` format option
is used.

Given that we don't need the build-time with nanosecond precision,
this patch changes the format used, so that the CLI binary can be
built on the host (outside of a container);

Before this change, `make binary` would fail:

    DISABLE_WARN_OUTSIDE_CONTAINER=1 make binary
    WARNING: binary creates a Linux executable. Use cross for macOS or Windows.
    ./scripts/build/binary
    make: *** [binary] Error 1

With this change, the binary can be built on the host:

    DISABLE_WARN_OUTSIDE_CONTAINER=1 make binary
    WARNING: binary creates a Linux executable. Use cross for macOS or Windows.
    ./scripts/build/binary
    Building statically linked build/docker-darwin-amd64

While the previous version formatted (and parsed) the date with nanoseconds precision,
that level of precision is not actually used;

```go
func reformatDate(buildTime string) string {
	t, errTime := time.Parse(time.RFC3339Nano, buildTime)
	if errTime == nil {
		return t.Format(time.ANSIC)
	}
	return buildTime
}
```

Both the old, and new input will yield the same output:

```go
fmt.Println(reformatDate("2019-12-31T13:41:44.846741804+00:00"))
// Tue Dec 31 13:41:44 2019

fmt.Println(reformatDate("2019-12-31T13:41:44Z"))
// Tue Dec 31 13:41:44 2019
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-31 15:06:11 +01:00
Sebastiaan van Stijn 54ba28f402
docker info: list CLI plugins alphabetically
Before this change, plugins were listed in a random order:

    Client:
     Debug Mode: false
     Plugins:
      doodle: Docker Doodles  all around! 🐳 🎃 (thaJeztah, v0.0.1)
      shell: Open a browser shell on the Docker Host. (thaJeztah, v0.0.1)
      app: Docker Application (Docker Inc., v0.8.0)
      buildx: Build with BuildKit (Docker Inc., v0.3.1-tp-docker)

With this change, plugins are listed alphabetically:

    Client:
     Debug Mode: false
     Plugins:
      app: Docker Application (Docker Inc., v0.8.0)
      buildx: Build with BuildKit (Docker Inc., v0.3.1-tp-docker)
      doodle: Docker Doodles  all around! 🐳 🎃 (thaJeztah, v0.0.1)
      shell: Open a browser shell on the Docker Host. (thaJeztah, v0.0.1)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-31 14:33:07 +01:00
Sebastiaan van Stijn aef6b04a7c
Fix docker ps table headers with custom format and "split" or "join"
Update the list of overrides for table headers so that columns using split or
join will produce the correct table header.

Before this patch:

    docker ps --format='table {{split .Names "/"}}'
    [NAMES]
    [unruffled_mclean]
    [eloquent_meitner]
    [sleepy_grothendieck]

With this patch applied:

    docker ps --format='table {{split .Names "/"}}'
    NAMES
    [unruffled_mclean]
    [eloquent_meitner]
    [sleepy_grothendieck]

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-27 12:36:02 +01:00
Sebastiaan van Stijn 69f216f6e4
Fix docker ps --format with templating functions
Before this patch, using a template that used templating functions (such as
`lower` or `json`) caused the command to fail in the pre-processor step (in
`buildContainerListOptions`):

    docker ps --format='{{upper .Names}}'
    template: :1:8: executing "" at <.Names>: invalid value; expected string

This problem was due to the pre-processing using a different "context" type than
was used in the actual template, and custom functions to not be defined when
instantiating the Go template.

With this patch, using functions in templates works correctly:

    docker ps --format='{{upper .Names}}'
    MUSING_NEUMANN
    ELOQUENT_MEITNER

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-27 12:35:55 +01:00
Silvin Lubecki ba63a92655
Merge pull request #2230 from thaJeztah/unify_ps_tests
command/container: unify list tests in a single file
2019-12-20 15:55:25 +01:00
Sebastiaan van Stijn b062726313
command/container: unify list tests in a single file
Move the remaining test with the others, and rename it from
`TestBuildContainerListOptions` to `TestContainerListBuildContainerListOptions`,
so that it has the same prefix as the other tests.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-20 14:59:43 +01:00
Sebastiaan van Stijn 6732347e55
bump containerd v1.3.0
full diff: 7c1e88399e...v1.3.0

This also adds back containerd/ttrpc as a dependency, which is referenced by the BuildKit client (indirectly)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-19 13:58:23 +01:00
Sebastiaan van Stijn 22a291f703
config: preserve ownership and permissions on configfile
When running `docker login` or `docker logout`, the CLI updates
the configuration file by creating a temporary file, to replace
the old one (if exists).

When using `sudo`, this caused the file to be created as `root`,
making it inaccessible to the current user.

This patch updates the CLI to fetch permissions and ownership of
the existing configuration file, and applies those permissions
to the new file, so that it has the same permissions as the
existing file (if any).

Currently, only done for "Unix-y" systems (Mac, Linux), but
can be implemented for Windows in future if there's a need.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-17 09:57:33 +01:00
Sebastiaan van Stijn c07f50afab
bump buildkit f7042823e340d38d1746aa675b83d1aca431cee3
full diff: 10cef0c6e1...f7042823e3

no local changes, other than updated go.mod

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 21:21:30 +01:00
Sebastiaan van Stijn cf3f902df4
update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884)
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc8...3e425f80a8c931f88e6d94a8c831b9d5aa481657

  - opencontainers/runc#2010 criu image path permission error when checkpoint rootless container
  - opencontainers/runc#2028 Update to Go 1.12 and drop obsolete versions
  - opencontainers/runc#2029 Update dependencies
  - opencontainers/runc#2034 Support for logging from children processes
  - opencontainers/runc#2035 specconv: always set "type: bind" in case of MS_BIND
  - opencontainers/runc#2038 `r.destroy` can defer exec in `runner.run` method
  - opencontainers/runc#2041 Change the permissions of the notify listener socket to rwx for everyone
  - opencontainers/runc#2042 libcontainer: intelrdt: add missing destroy handler in defer func
  - opencontainers/runc#2047 Move systemd.Manager initialization into a function in that module
  - opencontainers/runc#2057 main: not reopen /dev/stderr
      - closes opencontainers/runc#2056 Runc + podman|cri-o + systemd issue with stderr
      - closes kubernetes/kubernetes#77615 kubelet fails starting CRI-O containers (Ubuntu 18.04 + systemd cgroups driver)
      - closes cri-o/cri-o#2368 Joining worker node not starting flannel or kube-proxy / CRI-O error "open /dev/stderr: no such device or address"
  - opencontainers/runc#2061 libcontainer: fix TestGetContainerState to check configs.NEWCGROUP
  - opencontainers/runc#2065 Fix cgroup hugetlb size prefix for kB
  - opencontainers/runc#2067 libcontainer: change seccomp test for clone syscall
  - opencontainers/runc#2074 Update dependency libseccomp-golang
  - opencontainers/runc#2081 Bump CRIU to 3.12
  - opencontainers/runc#2089 doc: First process in container needs `Init: true`
  - opencontainers/runc#2094 Skip searching /dev/.udev for device nodes
      - closes opencontainers/runc#2093 HostDevices() race with older udevd versions
  - opencontainers/runc#2098 man: fix man-pages
  - opencontainers/runc#2103 cgroups/fs: check nil pointers in cgroup manager
  - opencontainers/runc#2107 Make get devices function public
  - opencontainers/runc#2113 libcontainer: initial support for cgroups v2
  - opencontainers/runc#2116 Avoid the dependency on cgo through go-systemd/util package
      - removes github.com/coreos/pkg as dependency
  - opencontainers/runc#2117 Remove libcontainer detection for systemd features
      - fixes opencontainers/runc#2117 Cache the systemd detection results
  - opencontainers/runc#2119 libcontainer: update masked paths of /proc
      - relates to #36368 Add /proc/keys to masked paths
      - relates to #38299 Masked /proc/asound
      - relates to #37404 Add /proc/acpi to masked paths (CVE-2018-10892)
  - opencontainers/runc#2122 nsenter: minor fixes
  - opencontainers/runc#2123 Bump x/sys and update syscall for initial Risc-V support
  - opencontainers/runc#2125 cgroup: support mount of cgroup2
  - opencontainers/runc#2126 libcontainer/nsenter: Don't import C in non-cgo file
  - opencontainers/runc#2129 Only allow proc mount if it is procfs
      - addresses opencontainers/runc#2129 AppArmor can be bypassed by a malicious image that specifies a volume at /proc (CVE-2019-16884)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 21:21:27 +01:00
Sebastiaan van Stijn 4b267469b9
bump hashicorp/golang-lru v0.5.3
full diff: 0fb14efe8c...v0.5.3

- hashicorp/golang-lru#53 remove defer keyword to avoid overhead
- hashicorp/golang-lru#56 lru.Get(): avoid nil pointer dereference
- hashicorp/golang-lru#57 Adds LRU cache resize
- hashicorp/golang-lru#58 lru: don't kill the return values of Remove and RemoveOldest

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 21:21:22 +01:00
Sebastiaan van Stijn b104da4a09
bump containerd/continuity f2a389ac0a02ce21c09edd7344677a601970f41c
full diff: aaeac12a7f...f2a389ac0a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 21:19:59 +01:00
Brian Goff ebca141311
Merge pull request #2207 from thaJeztah/remove_engine_activate
Remove "docker engine" subcommands
2019-12-12 11:17:48 -08:00
Sebastiaan van Stijn 7e5451316f
docs: add redirects for engine reference pages
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 17:51:33 +01:00
Sebastiaan van Stijn 43b2f52d0c
Remove "docker engine" subcommands
These subcommands were created to allow upgrading a Docker Community
engine to Docker Enterprise, but never really took off.

This patch removes the `docker engine` subcommands, as they added
quite some complexity / additional code.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 17:51:25 +01:00
Sebastiaan van Stijn 9ef0c7a9dd
Merge pull request #2196 from tiborvass/test-tlsverify
e2e: add new test package "global" with TestTLSVerify
2019-12-12 15:15:15 +01:00
Silvin Lubecki 02ef51e927
Merge pull request #2224 from thaJeztah/update_proxy_docs
Add docs for proxy configuration in config.json
2019-12-12 15:06:04 +01:00
Silvin Lubecki eb33f8759c
Merge pull request #1590 from thaJeztah/docs_add_management_notes
Docs: add note about management commands targeting a manager
2019-12-12 15:03:46 +01:00
Sebastiaan van Stijn cff1a88126
Merge pull request #2211 from thaJeztah/refresh_maintainers
Refresh maintainers list
2019-12-12 15:01:52 +01:00
Sebastiaan van Stijn f540eae7fe
Docs: add note about management commands targeting a manager
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 14:57:05 +01:00
Silvin Lubecki 0fd5c16ab9
Merge pull request #1936 from thaJeztah/bump_jwt_go
bump dgrijalva/jwt-go v3.2.0, docker/licencing 7c3de6a
2019-12-12 14:50:10 +01:00
Brian Goff 08eaead288
Merge pull request #2216 from thaJeztah/remove_dab_deploy
Remove experimental "deploy" from "dab" files
2019-12-10 11:00:34 -08:00
Sebastiaan van Stijn e70d6bcb8a
Add docs for proxy configuration in config.json
Setting proxy-configuration in config.json was added in
commit 35f1e301b5 (docker
17.07), but never found its way to the documentation.

This patch adds some basic information about the feature.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-10 15:36:30 +01:00
Sebastiaan van Stijn dd87cd9feb
bump github.com/dgrijalva/jwt-go v3.2.0, docker/licencing 7c3de6a4f59e9e70764ea6f6901cf17b88059789
full diff:

- a2c85815a7...v3.2.0
  - https://github.com/dgrijalva/jwt-go/blob/v3.2.0/VERSION_HISTORY.md
- 9781369abd...5f0f1276fe42dd721c1c093604995a9f758ace21

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-10 14:24:37 +01:00
Silvin Lubecki 79578882a1
Merge pull request #2221 from thaJeztah/fix_docker_cp_npe
docker cp: prevent NPE when failing to stat destination
2019-12-09 21:40:42 +01:00
Sebastiaan van Stijn 585ec4da97
docker cp: prevent NPE when failing to stat destination
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 15:32:02 +01:00
Sebastiaan van Stijn 99ad13e374
Remove experimental "deploy" from "dab" files
The top-level `docker deploy` command (using the "Docker Application Bundle"
(`.dab`) file format was introduced as an experimental feature in Docker 1.13 /
17.03, but superseded by support for Docker Compose files.

With no development being done on this feature, and no active use of the file
format, support for the DAB file format and the top-level `docker deploy` command
(hidden by default in 19.03), is removed in this patch, in favour of `docker stack deploy`
using compose files.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 10:34:14 +01:00