Commit Graph

8334 Commits

Author SHA1 Message Date
Sebastiaan van Stijn e1d43243a0
Merge pull request #3383 from thaJeztah/bump_go_117
update go to 1.17
2022-03-26 18:06:46 +01:00
Tonis Tiigi 6119e4ba90
update go to 1.17.8
Removes the platform based switch between different versions.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 17:00:56 +01:00
Sebastiaan van Stijn 0b266ba0d8
Merge pull request #3490 from thaJeztah/fix_osusergo
scripts/build: make sure osusergo is set for static with CGO enabled
2022-03-26 17:00:05 +01:00
Sebastiaan van Stijn a23dc4f5b9
Merge pull request #3491 from thaJeztah/xx_apt_get
Dockerfile: use xx-apt-get instead of xx-apt
2022-03-26 16:48:15 +01:00
Sebastiaan van Stijn 3a1fc21e72
Dockerfile: use xx-apt-get instead of xx-apt
The `apt` command is meant to provide a user-friendly interface, but does not
have a stable interface, and not recommended for scripting, see:

    #54 [linux/amd64 build-buster 1/1] RUN xx-apt install --no-install-recommends -y libc6-dev libgcc-8-dev
    #54 0.706 Hit:1 http://security.debian.org/debian-security buster/updates InRelease
    #54 0.707 Hit:2 http://deb.debian.org/debian buster InRelease
    #54 0.708 Hit:3 http://deb.debian.org/debian buster-updates InRelease
    #54 2.149 Reading package lists...
    #54 4.917 + apt  install --no-install-recommends -y libc6-dev libgcc-8-dev
    #54 4.934
    #54 4.934 WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

This changes the command to use `apt-get` instead

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 16:13:53 +01:00
Sebastiaan van Stijn 3897c3fa54
Merge pull request #3489 from thaJeztah/dockerfile_update_xx
Dockerfile: update xx to 1.1
2022-03-26 15:57:10 +01:00
Sebastiaan van Stijn e20572d047
scripts/build: make sure osusergo is set for static with CGO enabled
Our previous CI probably did not cross-compile for s390x and ppc64le,
and therefore did not get these errors; the scripts/build/.variables
file sets CGO_ENABLED=1 for amd64|arm64|arm|s390x architectures if
it's not set;
87b8e57868/scripts/build/.variables (L34-L46)

When compiling statically with CGO enabled, we must have osusergo
enabled as well, so set it accordingly, to prevent;

    #53 [linux/amd64 build 2/2] RUN --mount=type=bind,target=.,ro     --mount=type=cache,target=/root/.cache     --mount=from=dockercore/golang-cross:xx-sdk-extras,target=/xx-sdk,src=/xx-sdk     --mount=type=tmpfs,target=cli/winresources     xx-go --wrap &&     TARGET=/out ./scripts/build/binary &&     xx-verify $([ "static" = "static" ] && echo "--static") /out/docker
    #53 953.6 # github.com/docker/cli/cmd/docker
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000022.o: in function `New':
    #53 953.6 /go/src/github.com/docker/cli/vendor/github.com/miekg/pkcs11/pkcs11.go:75: warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000018.o: in function `mygetgrouplist':
    #53 953.6 /usr/local/go/src/os/user/getgrouplist_unix.go:18: warning: Using 'getgrouplist' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000017.o: in function `mygetgrgid_r':
    #53 953.6 /usr/local/go/src/os/user/cgo_lookup_unix.go:40: warning: Using 'getgrgid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000017.o: in function `mygetgrnam_r':
    #53 953.6 /usr/local/go/src/os/user/cgo_lookup_unix.go:45: warning: Using 'getgrnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000017.o: in function `mygetpwnam_r':
    #53 953.6 /usr/local/go/src/os/user/cgo_lookup_unix.go:35: warning: Using 'getpwnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000017.o: in function `mygetpwuid_r':
    #53 953.6 /usr/local/go/src/os/user/cgo_lookup_unix.go:30: warning: Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000004.o: in function `_cgo_3c1cec0c9a4e_C2func_getaddrinfo':
    #53 953.6 /tmp/go-build/cgo-gcc-prolog:58: warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 15:49:05 +01:00
Tonis Tiigi 40d8016627
Dockerfile: update xx to 1.1
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2022-03-26 15:16:08 +01:00
Sebastiaan van Stijn 87b8e57868
Merge pull request #3485 from thaJeztah/update_vendor
vendor: containerd v1.6.2, buildkit v0.10.0
2022-03-25 10:13:30 +01:00
Sebastiaan van Stijn 5f74020ded
vendor: github.com/moby/buildkit v0.10.0
full diff: https://github.com/moby/buildkit/compare/9f254e18360a...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:59:11 +01:00
Sebastiaan van Stijn adadd5472e
vendor: github.com/prometheus/client_golang v1.11.0
un-pin the dependency to let go modules resolve the version

full diff: https://github.com/prometheus/client_golang/compare/v1.6.0...v1.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:57:15 +01:00
Sebastiaan van Stijn 7408799ec3
vendor: github.com/prometheus/procfs v0.7.3
un-pinning the dependency to let go modules resolve the version to use.

full diff: https://github.com/prometheus/procfs/compare/v0.0.11...v0.7.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:47:51 +01:00
Sebastiaan van Stijn 29f799aae7
vendor: github.com/containerd/containerd v1.6.2
full diff: https://github.com/containerd/containerd/compare/v1.5.10...v1.6.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:37:29 +01:00
Sebastiaan van Stijn b2cef834fb
vendor: google.golang.org/grpc v1.44.0
full diff: https://github.com/grpc/grpc-go/compare/v1.38.0...v1.44.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:31:10 +01:00
Sebastiaan van Stijn 0e3c9b282e
Merge pull request #3479 from fezzik1620/master
docs: hyphens are not dashes
2022-03-21 13:47:11 +01:00
fezzik1620 51ef2ccff8 docs: hyphens are not dashes
Signed-off-by: fezzik1620 <fezzik1620@users.noreply.github.com>
2022-03-20 18:42:18 -05:00
Sebastiaan van Stijn 5cb33d1cba
Merge pull request #3476 from thaJeztah/bump_crypto
vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
2022-03-19 00:08:32 +01:00
Sebastiaan van Stijn 5c39082cff
Merge pull request #3475 from thaJeztah/dockerfile_stable_syntax
Dockerfile: use syntax=docker/dockerfile:1
2022-03-18 20:44:14 +01:00
Sebastiaan van Stijn bc2c8d7599
vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
full diff: 5770296d90...3147a52a75

This version contains a fix for CVE-2022-27191 (not sure if it affects us).

From the golang mailing list:

    Hello gophers,

    Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements
    client authentication support for signature algorithms based on SHA-2 for use with
    existing RSA keys.

    Previously, a client would fail to authenticate with RSA keys to servers that
    reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default
    and—starting today March 15, 2022 for recently uploaded keys.

    We are providing this announcement as the error (“ssh: unable to authenticate”)
    might otherwise be difficult to troubleshoot.

    Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also
    fixes a potential security issue where an attacker could cause a crash in a
    golang.org/x/crypto/ssh server under these conditions:

    - The server has been configured by passing a Signer to ServerConfig.AddHostKey.
    - The Signer passed to AddHostKey does not also implement AlgorithmSigner.
    - The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.

    Servers that only use Signer implementations provided by the ssh package are
    unaffected. This is CVE-2022-27191.

    Alla prossima,

    Filippo for the Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 14:03:33 +01:00
Nicolas De loof d8afb01e00
Merge pull request #3466 from glebsts/docker-push-all-tags-docs-improve-signed 2022-03-17 12:27:23 +01:00
Sebastiaan van Stijn 994d6b7fc2
Dockerfile: use syntax=docker/dockerfile:1
Now that HEREDOC is included in the stable Dockerfile syntax, we can
use the latest stable syntax for all Dockerfiles.

The recommendation for the stable syntax is to use `:1` (which is
equivalent to "latest" stable syntax.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 10:40:17 +01:00
Nicolas De loof 11c76f1ddb
Merge pull request #3474 from thaJeztah/bump_deps_for_buildkit_containerd 2022-03-17 10:12:01 +01:00
Sebastiaan van Stijn 4f118c7636
vendor: github.com/docker/swarmkit 616e8db4c3b0
full diff: 3629f50980...616e8db4c3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:39:52 +01:00
Sebastiaan van Stijn 02a06cf9aa
vendor: golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
intermediate bump for easier review

full diff: 3af7569d3a...1f47c861a9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:25:40 +01:00
Sebastiaan van Stijn bc54802f5e
vendor: golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b
full diff: 7de9c90e9d...6886f2dfbf

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:24:03 +01:00
Sebastiaan van Stijn 56f51a35c1
vendor: golang.org/x/crypto v0.0.0-20211202192323-5770296d904e
intermediate bump for easier review

full diff: 5770296d90...5770296d90

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:22:18 +01:00
Sebastiaan van Stijn 1bb2591444
vendor: golang.org/x/net v0.0.0-20211216030914-fe4d6282115f
intermediate bump for easier review

full diff: e18ecbb051...fe4d628211

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:21:39 +01:00
Sebastiaan van Stijn ce2e036ad4
vendor: github.com/opencontainers/runc v1.1.0
intermediate bump for easier review

full diff: https://github.com/opencontainers/runc/compare/v1.0.3...v1.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:19:05 +01:00
Sebastiaan van Stijn fdbb5953a6
vendor: github.com/klauspost/compress v1.15.0
intermediate bump for easier review

full diff: https://github.com/klauspost/compress/compare/v1.14.3...v1.15.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:18:59 +01:00
Sebastiaan van Stijn 2b7cb5b1bf
vendor: github.com/cespare/xxhash v2.1.2
intermediate bump for easier review

full diff: https://github.com/cespare/xxhash/compare/v2.1.1...v2.1.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:15:00 +01:00
Sebastiaan van Stijn 7eba0dad8c
Merge pull request #2953 from Busindre/patch-1
Update the list of log drivers
2022-03-16 00:34:24 +01:00
Sebastiaan van Stijn 0117ca617a
Merge pull request #2704 from StefanScherer/master-fix-docs-11319
Reference docs: Fix CMD --ignored-param1 example
2022-03-16 00:09:12 +01:00
Stefan Scherer 119c7fb84d
Fix CMD --ignored-param1 example
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Stefan Scherer <stefan.scherer@docker.com>
2022-03-15 23:34:31 +01:00
Sebastiaan van Stijn 1f4111d2bf
Merge pull request #2819 from thaJeztah/remove_registry_negotiation
registry: don't call "/info" API endpoint to get default registry
2022-03-15 17:26:56 +01:00
Sebastiaan van Stijn b4ca1c7368
registry: don't call "/info" API endpoint to get default registry
The CLI currenly calls the `/info` endpoint to get the address
of the default registry to use.

This functionality was added as part of the initial Windows implementation
of the engine. For legal reasons, Microsoft Windows (and thus Docker images
based on Windows) were not allowed to be distributed through non-Microsoft
infrastructure. As a temporary solution, a dedicated "registry-win-tp3.docker.io"
registry was created to serve Windows images.

As a result, the default registry was no longer "fixed", so a helper function
(`ElectAuthServer`) was added to allow the CLI to get the correct registry
address from the daemon. (docker/docker PR's/issues 18019, 19891, 19973)

Using separate registries was not an ideal solution, and a more permanent
solution was created by introducing "foreign image layers" in the distribution
spec, after which the "registry-win-tp3.docker.io" ceased to exist, and
removed from the engine through docker/docker PR 21100.

However, the `ElectAuthServer` was left in place, quoting from that PR;

> make the client check which default registry the daemon uses is still
> more correct than leaving it up to the client, even if it won't technically
> matter after this PR. There may be some backward compatibility scenarios
> where `ElectAuthServer` [sic] is still helpful.

That comment was 5 years ago, and given that the engine and cli are
released in tandem, and the default registry is not configurable, we
can save the extra roundtrip to the daemon by using a fixed value.

This patch deprecates the `ElectAuthServer` function, and makes it
return the default registry without calling (potentially expensie)
`/info` API endpoint.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 16:30:42 +01:00
Sebastiaan van Stijn 3304c49771
Merge pull request #2936 from silvin-lubecki/format-json
Add --format=json to inspect and list commands
2022-03-15 16:22:16 +01:00
Djordje Lukic 9c0234bbcb
Output compact JSON by default for --format=json
With this change all `inspect` commands will output a compact JSON
representation of the elements, the default format (indented JSON) stays the
same.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 15:42:35 +01:00
Silvin Lubecki d8ecb00dda
Update shell completion scripts
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2022-03-15 15:36:04 +01:00
Silvin Lubecki b4af799686
Update reference documentation
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 15:36:02 +01:00
Silvin Lubecki 0611be0f09
Update man pages
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2022-03-15 15:35:59 +01:00
Silvin Lubecki a4a734df44
Update list commands with better format flag description
including all the directives and a link to the documentation.

Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 15:35:53 +01:00
Silvin Lubecki eb27a94c3f
Added "json" as specific value for --format flag in list commands, as an alias to `{{json .}}`
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 15:33:19 +01:00
Silvin Lubecki 84d47b544e
Add "json" as default value to format flag in all inspect commands.
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 15:31:16 +01:00
Silvin Lubecki c700bbcb4b
Add specific "json" value to format flag with inspect commands to output json, as empty flag does.
Added tests on that new behavior.

Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 15:19:45 +01:00
Sebastiaan van Stijn 6745f62a0b
Merge pull request #3136 from thaJeztah/remove_clientinfo
Remove ClientInfo as it is not practically used.
2022-03-15 15:12:22 +01:00
Sebastiaan van Stijn d977030f79
Merge pull request #3470 from thaJeztah/shooting_stars_never_stop_even_when_they_reach_the_top
search: do not sort results by stars on client side
2022-03-15 15:10:56 +01:00
Sebastiaan van Stijn 831704e56c
search: do not sort results by stars on client side
Once upon a time, there was a website named ["The Docker index"][2]; a complimentary
service for users of Docker, provided by dotCloud. The Docker Index was the place
to find and explore pre-made container images, and allowed you to [share your
images and download them][1]. The Docker Index evolved rapidly, and gained new
features, such as [Trusted Images][3], and "stars" to rank your favorite images.

The website also provided an API, which allowed you to search images, even from
the comfort of your `docker` CLI. Things moved fast in container-land, and while
there was an API to use, it was still a work in progress. While the Docker Index
allowed users to "star" images, the search API did not rank results accordingly.

As any engineer knows, there's no problem that can't be solved with some elbow-
grease and a piece of Duct tape, so while the Docker Index team worked on making
the search API better, the `docker` engine [fixed the problem on the client side][4]

Years went by, and the Docker Index API became the "registry V1" specification,
including search. The registry got a major "v2" rewrite and became the [OCI Distribution
Spec][5], and Docker Index became Docker Hub, which included V2 and V3 search APIs.
The V1 search API continued to be supported, as it was the only documented API
for registries, but improvements were made, including ranking of search results.

Duct tape is durable, and even though improvements were made, the Docker client
continued to sort the results as well. Unfortunately, this meant that search
results on the command-line were ranked different from their equivalent on the
registry (such as Docker Hub).

This patch removes the client-side sorting of results, using the order in which
the search API returned them to (finally) celebrate the work of the engineers
working on the search API, also when used from the command-line.

[1]: https://web.archive.org/web/20130708004229/http://docker.io/
[2]: https://web.archive.org/web/20130623223614/https://index.docker.io/
[3]: https://web.archive.org/web/20140208001647/https://index.docker.io/
[4]: 1669b802cc
[5]: https://github.com/opencontainers/distribution-spec

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 14:20:22 +01:00
Sebastiaan van Stijn 55cb22de36
Merge pull request #3125 from thaJeztah/docs_update_buildkit_note
docs: remove note about buildkit not supporting git subdirectories
2022-03-15 13:06:48 +01:00
Sebastiaan van Stijn 4f1ba37e12
docs: remove note about buildkit not supporting git subdirectories
This has now been implemented in buildkit#2116, so this note can
be removed (once integrated into Docker).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 12:25:15 +01:00
Sebastiaan van Stijn 21c5391cee
Merge pull request #3469 from rumpl/relative-mount
Handle relative source mounts
2022-03-14 18:00:52 +01:00