Commit Graph

10035 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 2fc18b9874
vendor: google.golang.org/grpc v1.62.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit dccb8bfa5d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:59:44 +02:00
Sebastiaan van Stijn 1a199b63da
vendor: tags.cncf.io/container-device-interface v0.8.0
Breaking change: The .ToOCI() functions in the specs-go package have been
removed. This removes the dependency on the OCI runtime specification from
the CDI specification definition itself.

What's Changed

- Add workflow to mark prs and issues as stale
- Remove the ToOCI functions from the specs-go package
- docs: add a pointer to community meetings in our docs.
- Bump spec version to v0.8.0
- Update spec version in README

Full diff: https://github.com/cncf-tags/container-device-interface/compare/v0.7.2...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8cdf90cd93)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:56:14 +02:00
Sebastiaan van Stijn 968341cc7d
vendor: golang.org/x/net v0.28.0
full diff: https://github.com/golang/net/compare/v0.25.0...v0.28.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a5f15bee7a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:56:14 +02:00
Sebastiaan van Stijn fbb0cfd86a
vendor: golang.org/x/crypto v0.26.0
full diff: https://github.com/golang/crypto/compare/v0.23.0...v0.26.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b93fc39639)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:56:13 +02:00
Sebastiaan van Stijn 49e33a03df
vendor: golang.org/x/text v0.17.0
full diff: https://github.com/golang/text/compare/v0.15.0...v0.17.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3a63df265f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:56:13 +02:00
Sebastiaan van Stijn 295b75e5ff
vendor: golang.org/x/term v0.23.0
full diff: https://github.com/golang/term/compare/v0.20.0...v0.23.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c6e5341934)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:56:13 +02:00
Sebastiaan van Stijn 090d1ff555
vendor: golang.org/x/time v0.6.0
full diff: https://github.com/golang/time/compare/v0.3.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5f9fe33b6b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:56:13 +02:00
Sebastiaan van Stijn 5dde3d8570
vendor: golang.org/x/sync v0.8.0
full diff: https://github.com/golang/sync/compare/v0.7.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7074e5011f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:56:13 +02:00
Sebastiaan van Stijn d64740d347
vendor: golang.org/x/sys v0.24.0
full diff: https://github.com/golang/sys/compare/v0.22.0...v0.24.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 958fff82f1)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:56:12 +02:00
Sebastiaan van Stijn f68936ef2e
vendor: dario.cat/mergo v1.0.1
- fix: overwriteWithEmptyValue is forced to true when merging an object
  involving maps
- fix: WithoutDereference should respect non-nil struct pointers

full diff: https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit fb264ffc08)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:56:12 +02:00
Sebastiaan van Stijn 4607c883c5
vendor: github.com/moby/sys/sequential v0.6.0
full diff: https://github.com/moby/sys/compare/sequential/v0.5.0...sequential/v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b34e8e4dff)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:53:02 +02:00
Sebastiaan van Stijn 7ff3daa446
vendor: github.com/moby/sys/symlink v0.3.0
full diff: https://github.com/moby/sys/compare/symlink/v0.2.0...symlink/v0.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ea37ac9bac)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:52:59 +02:00
Sebastiaan van Stijn 1fe06dd0e7
vendor: github.com/moby/sys/signal v0.7.1
full diff: https://github.com/moby/sys/compare/signal/v0.7.0...signal/v0.7.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 435c658333)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:47:30 +02:00
Sebastiaan van Stijn b381ab1d8d
Merge pull request #5429 from thaJeztah/27.x_bump_docker
[27.x] vendor: github.com/docker/docker v27.2.1
2024-09-12 22:42:13 +02:00
Sebastiaan van Stijn 05fbfc6995
vendor: github.com/docker/docker v27.2.1
no diff: same commit, but tagged

full diff: https://github.com/docker/docker/compare/8b539b8df240...v27.2.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 22:16:13 +02:00
Laura Brehm fba240c5b4
Merge pull request #5426 from thaJeztah/27.x_backport_fix-panic-volume-update
[27.x backport] volume/update: require 1 argument/fix panic
2024-09-11 15:24:41 +01:00
Sebastiaan van Stijn 965699ba0f
cli/command/volume TestUpdateCmd: adjust for older error messages
The error-message changed in newer versions, and no longer includes
"exactly".

This patch adjusts the test in the meantime.

    59.13 === FAIL: cli/command/volume TestUpdateCmd (0.00s)
    59.13     update_test.go:21: assertion failed: expected error to contain "requires 1 argument", got "\"update\" requires exactly 1 argument.\nSee 'update --help'.\n\nUsage:  update [OPTIONS] [VOLUME] [flags]\n\nUpdate a volume (cluster volumes only)"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-11 13:26:06 +02:00
Laura Brehm c65ac2d90d
volume/update: require 1 argument/fix panic
This command was declaring that it requires at least 1 argument, when it
needs exactly 1 argument. This was causing the CLI to panic when the
command was invoked with no argument:

`docker volume update`

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit daea277ee8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-11 13:12:54 +02:00
Sebastiaan van Stijn 05fb576772
Merge pull request #5423 from thaJeztah/27.x_backport_info_no_expected_version
[27.x backport] info: stop printing "Expected" commits
2024-09-10 19:51:58 +02:00
Sebastiaan van Stijn 4be6b1f3d7
info: stop printing "Expected" commits
The `Commit` type was introduced in 2790ac68b3,
to assist triaging issues that were reported with an incorrect version of
runc or containerd. At the time, both `runc` and `containerd` were not yet
stable, and had to be built from a specific commit to guarantee compatibility.

We encountered various situations where unexpected (and incompatible) versions
of those binaries were packaged, resulting in hard to trace bug-reports.
For those situations, a "expected" version was set at compile time, to
indicate if the version installed was different from the expected version;

    docker info
    ...
    runc version: a592beb5bc4c4092b1b1bac971afed27687340c5 (expected: 69663f0bd4b60df09991c08812a60108003fa340)

Both `runc` and `containerd` are stable now, and docker 19.03 and up set the
expected version to the actual version since c65f0bd13c
and 23.0 did the same for the `init` binary b585c64e2b,
to prevent the CLI from reporting "unexpected version".

In short; the `Expected` fields no longer serves a real purpose, so we should
no longer print it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 88ca4e958f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-10 16:41:43 +02:00
Sebastiaan van Stijn 65decb5731
Merge pull request #5419 from dvdksn/bp_5403
[27.x backport] rename plugins index file and add linkTitle
2024-09-09 11:05:09 +02:00
David Karlsson 90559a6143 chore: fix style/lint issues in deprecated.md
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 0fcaffb7e4)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-09 10:54:29 +02:00
David Karlsson dbde5b3681 docs: add front matter title to deprecated.md
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 5ca40e0a35)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-09 10:33:23 +02:00
David Karlsson b1e50eea92 docs: rename plugins index file and add linkTitle
We publish this page on docs.docker.com, and hugo expects index pages
for sections to be named _index.md. We currently rename the page when we
mount it to the docs repo but might as well change the filename in the
source.

Also adds a linkTitle to the page, which is a shorter title that will be
used in the sidebar navigation and breadcrumbs.

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 071f6f9391)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-09 10:33:23 +02:00
Paweł Gronowski 9e34c9bb39
Merge pull request #5414 from vvoland/vendor-docker
[27.x] vendor: github.com/docker/docker v27.2.1-dev (8b539b8df240)
2024-09-06 12:01:30 +00:00
Paweł Gronowski 324cdbca40
vendor: github.com/docker/docker v27.2.1-dev (8b539b8df240)
full diff: https://github.com/docker/docker/compare/v27.2.0...8b539b8df240

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-09-06 13:48:24 +02:00
Sebastiaan van Stijn b5290d4e0b
Merge pull request #5411 from vvoland/5410-27.x
[27.x backport] update to go1.22.7
2024-09-06 10:28:04 +02:00
Paweł Gronowski 3db9538748
update to go1.22.7
- https://github.com/golang/go/issues?q=milestone%3AGo1.22.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.22.6...go1.22.7

These minor releases include 3 security fixes following the security policy:

- go/parser: stack exhaustion in all Parse* functions

    Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

    This is CVE-2024-34155 and Go issue https://go.dev/issue/69138.

- encoding/gob: stack exhaustion in Decoder.Decode

    Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.

    This is a follow-up to CVE-2022-30635.

    Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu) for reporting this issue.

    This is CVE-2024-34156 and Go issue https://go.dev/issue/69139.

- go/build/constraint: stack exhaustion in Parse

    Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

    This is CVE-2024-34158 and Go issue https://go.dev/issue/69141.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.23.1

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 3bf39d25a0)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-09-05 17:53:21 +02:00
Sebastiaan van Stijn 1ab89e71fa
Merge pull request #5409 from thaJeztah/27.x_update_docker
[27.x] vendor: github.com/docker/docker v27.2.0
2024-09-05 15:02:51 +02:00
Sebastiaan van Stijn 667d9fd4df
Merge pull request #5408 from thaJeztah/27.x_backport_mod_tidy
[27.x backport] vendor.mod: put github.com/pkg/browser in the right group
2024-09-05 14:53:18 +02:00
Sebastiaan van Stijn 41e61c45d9
[27.x] vendor: github.com/docker/docker v27.2.0
Use a tagged version instead of the commit. No diff as they are the same;
https://github.com/docker/docker/compare/3ab5c7d0036c...v27.2.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-05 14:45:28 +02:00
Sebastiaan van Stijn 869df10064
vendor.mod: put github.com/pkg/browser in the right group
commit fcfdd7b91f introduced github.com/pkg/browser
as a direct dependency, but it ended up in the group for indirect dependencies.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1b8180a405)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-05 14:40:13 +02:00
Paweł Gronowski 6feee4ab35
Merge pull request #5402 from laurazard/backport-27.x-login-not-interactive
[27.x backport] login: handle non-tty scenario consistently
2024-09-03 14:45:27 +00:00
Laura Brehm d0c1a80617
login: handle non-tty scenario consistently
Running `docker login` in a non-interactive environment sometimes errors
out if no username/pwd is provided. This handling is somewhat
inconsistent – this commit addresses that.

Before:
| `--username` | `--password` | Result                                                             |
|:------------:|:------------:| ------------------------------------------------------------------ |
|            |            |                                                                  |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | hangs                                                              |

After:
| `--username` | `--password` | Result                                                             |
|:------------:|:------------:| ------------------------------------------------------------------ |
|            |            |                                                                  |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |

It's worth calling out a separate scenario – if there are previous,
valid credentials, then running `docker login` with no username or
password provided will use the previously stored credentials, and not
error out.

```console
cat ~/.docker/config.json
{
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "xxxxxxxxxxx"
                }
        }
}
⭑ docker login 0>/dev/null
Authenticating with existing credentials...

Login Succeeded
```

This commit also applies the same non-interactive handling logic to the
new web-based login flow, which means that now, if there are no prior
credentials stored and a user runs `docker login`, instead of initiating
the new web-based login flow, an error is returned.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit bbb6e7643d)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-09-03 15:39:17 +01:00
Sebastiaan van Stijn 383c428451
Merge pull request #5400 from vvoland/5387-27.x
[27.x backport] update to go1.22.6
2024-09-03 14:04:04 +02:00
Sebastiaan van Stijn 5f8416e541
Merge pull request #5399 from vvoland/5376-27.x
[27.x backport] oauth/api: drain timer channel on each iteration
2024-09-03 14:02:04 +02:00
Sebastiaan van Stijn 5bf5cb9ff6
update to go1.22.6
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d7d56599ca)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-09-03 13:52:28 +02:00
Sebastiaan van Stijn 3a15d5a640
Merge pull request #5395 from thaJeztah/27.x_backport_fix_plugins_CGO_ENABLED
[27.x backport] scripts/build/plugins: don't override CGO_ENABLED set by .variables
2024-09-03 13:25:44 +02:00
Laura Brehm 1dfd11acc0
oauth/api: drain timer channel on each iteration
Previously, if while polling for oauth device-code login results a user
suspended the process (such as with CTRL-Z) and then restored it with
`fg`, an error might occur in the form of:

```
failed waiting for authentication: You are polling faster than the specified interval of 5 seconds.
```

This is due to our use of a `time.Ticker` here - if no receiver drains
the ticker channel (and timers/tickers use a buffered channel behind the
scenes), more than one tick will pile up, causing the program to "tick"
twice, in fast succession, after it is resumed.

The new implementation replaces the `time.Ticker` with a `time.Timer`
(`time.Ticker` is just a nice wrapper) and introduces a helper function
`resetTimer` to ensure that before every `select`, the timer is stopped
and it's channel is drained.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit 60d0450287)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-09-03 13:16:03 +02:00
Sebastiaan van Stijn de2b49b074
scripts/build/plugins: don't override CGO_ENABLED set by .variables
The `.variables` sets `CGO_ENABLED=1` on arm; b0c41b78d8/scripts/build/.variables (L57-L68)
And if enabled, it sets `-buildmode=pie`; b0c41b78d8/scripts/build/.variables (L79-L88)

But that looks to be conflicting with the hardcoded `CGO_ENABLED=0` in
this script, which causes the build to fail on go1.22;

    > [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*:
    0.127 Building static docker-helloworld
    0.127 + CGO_ENABLED=0
    0.127 + GO111MODULE=auto
    0.127 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=5c123b1" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-02T13:52:17Z" -X "github.com/docker/cli/cli/version.Version=pr-5387" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
    0.135 -buildmode=pie requires external (cgo) linking, but cgo is not enabled

This patch sets the CGO_ENABLED variable before sourcing `.variables`,
so that other variables which are conditionally set are handled correctly.

Before this PR:

    #18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
    #18 0.123 Building static docker-helloworld
    #18 0.124 + CGO_ENABLED=0
    #18 0.124 + GO111MODULE=auto
    #18 0.124 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=c8c402e" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T08:28:25Z" -X "github.com/docker/cli/cli/version.Version=pr-5381" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
    ....

With this PR:

    #18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
    #18 0.110 Building static docker-helloworld
    #18 0.110 + GO111MODULE=auto
    #18 0.110 + go build -o /out/plugins-linux-arm/docker-helloworld -tags '' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=050d9d6" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T09:19:05Z" -X "github.com/docker/cli/cli/version.Version=pr-5387"' github.com/docker/cli/cli-plugins/examples/helloworld
    ....

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9e29967960)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-03 12:56:19 +02:00
Sebastiaan van Stijn c5d846735c
Merge pull request #5394 from dvdksn/bp_5386
[27.x backport] docs: update docker login reference #5386
2024-09-03 12:55:19 +02:00
David Karlsson 6274754e66 copynit: s/WEB BASED/WEB-BASED/
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 81744d7aa8)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-03 12:22:57 +02:00
David Karlsson 7a50cd0f01 docs: update docker login reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 2f206fff3c)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-03 12:22:52 +02:00
Sebastiaan van Stijn 074dfc0f88
Merge pull request #5392 from vvoland/5345-27.x
[27.x backport] cli/connhelper: getConnectionHelper: move ssh-option funcs out of closure
2024-09-02 22:29:25 +02:00
Sebastiaan van Stijn 92423287cc
Merge pull request #5391 from vvoland/5389-27.x
[27.x backport] Dockerfile: update xx to v1.5.0
2024-09-02 22:27:57 +02:00
Sebastiaan van Stijn 1a0b6a7a44
cli/connhelper: getConnectionHelper: move ssh-option funcs out of closure
The addSSHTimeout and disablePseudoTerminalAllocation were added in commits
a5ebe2282a and f3c2c26b10,
and called inside the Dialer function, which means they're called every
time the Dialer is called. Given that the sshFlags slice is not mutated
by the Dialer, we can call these functions once.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0fd3fb0840)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-09-02 20:57:42 +02:00
Sebastiaan van Stijn 8fcfc0b803
Dockerfile: update xx to v1.5.0
full diff: https://github.com/tonistiigi/xx/compare/v1.4.0...v1.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1e6cbbc3f1)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-09-02 20:55:31 +02:00
Laura Brehm 28d2fed463
Merge pull request #5385 from vvoland/5383-27.x
[27.x backport] login: use normalized hostname when storing
2024-09-02 10:57:51 +01:00
Laura Brehm 83072c0232
login: use normalized hostname when storing
Normalization/converting the registry address to just a hostname happens
inside of `command.GetDefaultAuthConfig`. Use this value for the rest of
the login flow/storage.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit e532eead91)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-09-02 11:43:26 +02:00
Sebastiaan van Stijn 40109aa45f
Merge pull request #5380 from laurazard/dont-normalize-registry-1-backport
[27.x backport] Revert "login: normalize `registry-1.docker.io`"
2024-08-29 13:33:58 +02:00