Commit Graph

9862 Commits

Author SHA1 Message Date
Sebastiaan van Stijn d9b64811fd
Merge pull request #4658 from thaJeztah/remove_ipopt
opts: remove unused IPOpt option
2023-11-13 12:27:40 +01:00
Sebastiaan van Stijn fe0bd7b180
Merge pull request #4652 from ndeloof/ndeloof_maintainer
not actually a maintainer
2023-11-12 08:45:15 +01:00
Sebastiaan van Stijn f0816bf679
opts: remove unused IPOpt option
This option was created Moby [6d59a566759da5729d7eb89a8e1888fc612f03cf], and
used for the daemon config [353b7c8ec77b30fa83dac5ec0778193f6de8b437]. It was
migrated from the Moby repository in f34ca0a354,
but was never used by the CLI, and there are no external consumers.

If we would need an IP-address option, spf13/pflags now provides those, so
there's no need to implement this ourselves.

[6d59a566759da5729d7eb89a8e1888fc612f03cf]: 6d59a56675
[353b7c8ec77b30fa83dac5ec0778193f6de8b437]: 353b7c8ec7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-11 15:05:31 +01:00
Sebastiaan van Stijn b0ee27d653
opts: ValidateIPAddress: improve error, godoc, and tests
- document accepted values
- add test-coverage for the function's behavior (including whitespace handling),
  and use sub-tests.
- improve error-message to use uppercase for "IP", and to use a common prefix.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-11 14:50:28 +01:00
Eric Bode b24e7f85a4
Fix setting ServerAddress property in NativeStore
This will return the ServerAddress property when using the NativeStore.
This happens when you use docker credential helpers, not the credential
store.

The reason this fix is needed is because it needs to be propagated
properly down towards `moby/moby` project in the following logic:

```golang
func authorizationCredsFromAuthConfig(authConfig registrytypes.AuthConfig) docker.AuthorizerOpt {
	cfgHost := registry.ConvertToHostname(authConfig.ServerAddress)
	if cfgHost == "" || cfgHost == registry.IndexHostname {
		cfgHost = registry.DefaultRegistryHost
	}

	return docker.WithAuthCreds(func(host string) (string, string, error) {
		if cfgHost != host {
			logrus.WithFields(logrus.Fields{
				"host":    host,
				"cfgHost": cfgHost,
			}).Warn("Host doesn't match")
			return "", "", nil
		}
		if authConfig.IdentityToken != "" {
			return "", authConfig.IdentityToken, nil
		}
		return authConfig.Username, authConfig.Password, nil
	})
}
```
This logic resides in the following file :
`daemon/containerd/resolver.go` .

In the case when using the containerd storage feature when setting the
`cfgHost` variable from the `authConfig.ServerAddress` it will always be
empty. Since it will never be returned from the NativeStore currently.
Therefore Docker Hub images will work fine, but anything else will fail
since the `cfgHost` will always be the `registry.DefaultRegistryHost`.

Signed-off-by: Eric Bode <eric.bode@foundries.io>
2023-11-11 14:22:23 +01:00
Sebastiaan van Stijn 79c5d4a329
Merge pull request #4654 from thaJeztah/bump_go_connections
vendor: github.com/docker/go-connections fa09c952e3ea (v0.5.0-dev)
2023-11-10 22:58:26 +01:00
Sebastiaan van Stijn f65d4a4796
vendor: github.com/docker/go-connections fa09c952e3ea (v0.5.0-dev)
0b8c1f4e07...fa09c952e3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-10 22:46:47 +01:00
Sebastiaan van Stijn a9ae9b3cc6
Merge pull request #4651 from thaJeztah/bump_go_connections
vendor: update go-connections for TLS 1.3 support
2023-11-10 21:51:14 +01:00
Nicolas De Loof b7c31c36fa
not actually a maintainer
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-11-10 21:35:15 +01:00
Sebastiaan van Stijn f9622b659f
vendor: update go-connections for TLS 1.3 support
full diff: https://github.com/docker/go-connections/compare/v0.4.0...0b8c1f4e07a0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-10 15:56:11 +01:00
Sebastiaan van Stijn b90a3d4443
Merge pull request #4649 from thaJeztah/revert_update_golang_1.21.4
Revert "update to go1.21.4" due to regressions / breaking changes.
2023-11-09 13:04:11 +01:00
Sebastiaan van Stijn 4cf1c50ad1
Revert "update to go1.21.4" due to regressions / breaking changes.
Unfortunately, the go1.21.4 security update exposed some regressions / breaking
changes in moby (docker engine) and containerd. These issues are looked into,
but in the meantime we should revert this patch.

This temporarily reintroduces CVE-2023-45284 and CVE-2023-45283.

This reverts commit 6472dabe4c.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-09 10:54:54 +01:00
Sebastiaan van Stijn ed1c8c1107
Merge pull request #4647 from thaJeztah/update_golang_1.21.4
update to go1.21.4
2023-11-08 18:48:45 +01:00
Sebastiaan van Stijn 6472dabe4c
update to go1.21.4
go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath
package, as well as bug fixes to the linker, the runtime, the compiler, and
the go/types, net/http, and runtime/cgo packages. See the Go 1.21.4 milestone
on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.3...go1.21.4

from the security mailing:

[security] Go 1.21.4 and Go 1.20.11 are released

Hello gophers,

We have just released Go versions 1.21.4 and 1.20.11, minor point releases.

These minor releases include 2 security fixes following the security policy:

- path/filepath: recognize `\??\` as a Root Local Device path prefix.

  On Windows, a path beginning with `\??\` is a Root Local Device path equivalent
  to a path beginning with `\\?\`. Paths with a `\??\` prefix may be used to
  access arbitrary locations on the system. For example, the path `\??\c:\x`
  is equivalent to the more common path c:\x.

  The filepath package did not recognize paths with a `\??\` prefix as special.

  Clean could convert a rooted path such as `\a\..\??\b` into
  the root local device path `\??\b`. It will now convert this
  path into `.\??\b`.

  `IsAbs` did not report paths beginning with `\??\` as absolute.
  It now does so.

  VolumeName now reports the `\??\` prefix as a volume name.

  `Join(`\`, `??`, `b`)` could convert a seemingly innocent
  sequence of path elements into the root local device path
  `\??\b`. It will now convert this to `\.\??\b`.

  This is CVE-2023-45283 and https://go.dev/issue/63713.

- path/filepath: recognize device names with trailing spaces and superscripts

  The `IsLocal` function did not correctly detect reserved names in some cases:

  - reserved names followed by spaces, such as "COM1 ".
  - "COM" or "LPT" followed by a superscript 1, 2, or 3.

  `IsLocal` now correctly reports these names as non-local.

  This is CVE-2023-45284 and https://go.dev/issue/63713.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-08 18:39:54 +01:00
Sebastiaan van Stijn 3cd77c9d54
cli/command/container: ForwardAllSignals: rewrite to use ContainerAPIClient
This function only needed the ContainerAPIClient, and not the whole CLI. This
patch refactors it to use the shallower interface.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-08 15:15:09 +01:00
Sebastiaan van Stijn ad861cdb39
Merge pull request #4637 from ndeloof/RunExecWithContextb
make runAttach public and allow passing context
2023-11-08 14:44:24 +01:00
Nicolas De Loof a2ec50a461
make `container` an explicit, required parameter
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-11-08 14:32:55 +01:00
Nicolas De Loof a4abe42cbd
make runAttach public and allow passing context
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-11-08 14:24:58 +01:00
Sebastiaan van Stijn 1598586c58
Merge pull request #4646 from akerouanton/followup-macaddress
TestParseWithMacAddress: check endpoint-scoped MacAddress field
2023-11-08 13:54:01 +01:00
Albin Kerouanton 2b1f5a2e38
TestParseWithMacAddress: check endpoint-specific MacAddress field
This is a follow-up of https://github.com/docker/cli/pull/4419. That PR
leveraged the fact that EndpointSettings.MacAddress is already
available, although not used by the CreateNetwork endpoint.

TestParseWithMacAddress was testing whether the container-wide
MacAddress field is set, and we still need to test that to ensure
backward compatibility. But we now also need to test whether the
endpoint-specific MacAddress is set.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-11-08 10:46:19 +01:00
Albin Kerouanton 8f59f841ae
cli/command/container: mustParse: return network.NetworkingConfig
Next commit will need this change to test whether the endpoint-specific
MacAddress is correctly set.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-11-08 10:44:18 +01:00
Sebastiaan van Stijn 00532f908c
Merge pull request #4644 from thaJeztah/bump_engine2
vendor: github.com/docker/docker c14694a424ab (v25.0.0-dev)
2023-11-08 00:13:25 +01:00
Sebastiaan van Stijn d46de7087c
vendor: github.com/docker/docker c14694a424ab (v25.0.0-dev)
full diff: ed1a61dcb7...c14694a424

Co-authored-by: Albin Kerouanton <albinker@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-07 23:41:34 +01:00
Sebastiaan van Stijn 5ec9eec63d
Merge pull request #4640 from thaJeztah/bump_cobra2
vendor: github.com/spf13/cobra v1.8.0
2023-11-07 13:20:43 +01:00
Sebastiaan van Stijn fefadb9be6
Merge pull request #4642 from desmond3th/docFix
Updated docs for --env-file comments handling
2023-11-07 10:39:09 +01:00
Sebastiaan van Stijn 0ef1269630
Merge pull request #4641 from thaJeztah/fix_redirects
docs: update redirect metadata for hugo
2023-11-07 09:56:00 +01:00
saurabh efc9236794 --env-file about comments doc updated
Signed-off-by: Saurabh Kumar <saurabhkumar0184@gmail.com>
2023-11-07 01:44:47 +05:30
Sebastiaan van Stijn 07338fe965
docs: update redirect metadata for hugo
docs.docker.com switched from Jekyll to Hugo, which uses "aliases"
instead of "redirect_from".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-06 18:25:49 +01:00
Sebastiaan van Stijn 0239b8fd95
vendor: github.com/spf13/cobra v1.8.0
release notes: https://github.com/spf13/cobra/releases/tag/v1.8.0

full diff: https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-06 16:54:43 +01:00
Sebastiaan van Stijn b33612426a
Merge pull request #4635 from dvdksn/docs-dockerd-default-nw-opt
docs: add default-network-opt daemon option
2023-11-06 12:56:20 +01:00
David Karlsson 848fe622ce docs: add default-network-opt daemon option
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-11-06 10:48:36 +01:00
Sebastiaan van Stijn 9cb175f02a
Merge pull request #4636 from elezar/bump-cdi-dependency
Update container-device-interface to v0.6.2
2023-11-04 13:20:52 +01:00
Evan Lezar 54eee599ba Update container-device-interface to v0.6.2
This includes migrating from the github.com/container-orchestrated-devices
repo to tags.cncf.io.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-11-04 01:18:41 +01:00
Sebastiaan van Stijn 814f70749a
Merge pull request #4633 from thaJeztah/bump_engine
vendor: github.com/docker/docker ed1a61dcb789 (v25.0.0-dev)
2023-11-03 16:16:03 +01:00
Sebastiaan van Stijn e088660985
vendor: github.com/docker/docker ed1a61dcb789 (v25.0.0-dev)
full diff: fc4d035e7a...ed1a61dcb7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-03 15:14:07 +01:00
Sebastiaan van Stijn 13d34b21ec
vendor: github.com/containerd/containerd v1.7.8
no changes in vendored files

full diff: https://github.com/containerd/containerd/compare/v1.7.7...v1.7.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:07:54 +01:00
Sebastiaan van Stijn aa24d611bd
vendor: google.golang.org/grpc v1.58.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:07:00 +01:00
Sebastiaan van Stijn 7841493823
vendor: golang.org/x/tools v0.10.0
full diff: https://github.com/golang/tools/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:06:07 +01:00
Sebastiaan van Stijn 1a0ae8c6b8
vendor: golang.org/x/mod v0.11.0
no changes in vendored files

full diff: https://github.com/golang/mod/compare/v0.10.0...v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:01:56 +01:00
Sebastiaan van Stijn a6351d0cd3
Merge pull request #4624 from gabriellavengeo/patch-1
Create codeql.yml
2023-10-26 16:51:12 +02:00
Gabriela Georgieva 39b1d37b3d
Update CodeQL workflow
Signed-off-by: Gabriela Georgieva <gabriela.georgieva@docker.com>
2023-10-26 15:25:48 +02:00
Sebastiaan van Stijn 5fc42fc64e
Merge pull request #4625 from thaJeztah/bump_engine
vendor: github.com/docker/docker fc4d035e7a4e (v25.0.0-dev)
2023-10-26 09:40:51 +02:00
Sebastiaan van Stijn 663a89b7ad
vendor: github.com/docker/docker fc4d035e7a4e (v25.0.0-dev)
full diff: cdb3f9fb8d...fc4d035e7a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:44 +02:00
Sebastiaan van Stijn 6891974ee9
vendor: github.com/opencontainers/image-spec v1.1.0-rc5
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0-rc4...v1.1.0-rc5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:43 +02:00
Sebastiaan van Stijn 827c404ca0
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230911190601-f082dd7a0cee
no changes in vendored files

full diff: 12f0c246fe...f082dd7a0c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:43 +02:00
Sebastiaan van Stijn 137c495f7b
vendor: github.com/go-logr/logr v1.2.4
full diff: https://github.com/go-logr/logr/compare/v1.2.3...v1.2.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:40 +02:00
Brian Goff dd11de7dbb
Merge pull request #4627 from thaJeztah/bump_compress
vendor: github.com/klauspost/compress v1.17.2
2023-10-25 17:41:02 -07:00
Brian Goff 4f0b466b1b
Merge pull request #4626 from thaJeztah/bump_grpc
vendor: google.golang.org/grpc v1.56.3
2023-10-25 17:39:05 -07:00
Sebastiaan van Stijn 6372c6aae6
vendor: github.com/klauspost/compress v1.17.2
fixes data corruption with zstd output in "best"

- 1.17.2 diff: https://github.com/klauspost/compress/compare/v1.17.1...v1.17.2
- full diff: https://github.com/klauspost/compress/compare/v1.16.5...v1.17.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:14:23 +02:00
Sebastiaan van Stijn 8073525c00
vendor: google.golang.org/grpc v1.56.3
server: prohibit more than MaxConcurrentStreams handlers from running at once
(CVE-2023-44487).

In addition to this change, applications should ensure they do not leave running
tasks behind related to the RPC before returning from method handlers, or should
enforce appropriate limits on any such work.

- https://github.com/grpc/grpc-go/compare/v1.56.2...v1.56.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:11:12 +02:00