Commit Graph

8159 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 6e9210e994
Merge pull request #3501 from thaJeztah/bump_go_1.18
update go to 1.18.0
2022-03-29 09:54:05 +02:00
Sebastiaan van Stijn ace0ec599d
Merge pull request #3504 from thaJeztah/fix_flaky_tests
Fix flaky TestContainerList tests
2022-03-28 22:10:39 +02:00
Sebastiaan van Stijn 8e2d63d5df
Fix flaky TestContainerList tests
These tests were creating a stub container, using the current timestamp as
created date. However, if CI was slow to run the test, `Less than a second ago`
would change into `1 second ago`, causing the test to fail:

    --- FAIL: TestContainerListNoTrunc (0.00s)
        list_test.go:198: assertion failed:
            --- expected
            +++ actual
            @@ -1,4 +1,4 @@
            -CONTAINER ID   IMAGE            COMMAND   CREATED                  STATUS        PORTS     NAMES
            -container_id   busybox:latest   "top"     Less than a second ago   Up 1 second             c1
            -container_id   busybox:latest   "top"     Less than a second ago   Up 1 second             c2,foo/bar
            +CONTAINER ID   IMAGE            COMMAND   CREATED        STATUS        PORTS     NAMES
            +container_id   busybox:latest   "top"     1 second ago   Up 1 second             c1
            +container_id   busybox:latest   "top"     1 second ago   Up 1 second             c2,foo/bar

This patch changes the "created" time of the container to be a minute ago. This
will result in `About a minute ago`, with a margin of 1 minute.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-28 20:37:06 +02:00
Sebastiaan van Stijn 635c55d52f
update go to 1.18.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-28 17:23:09 +02:00
Sebastiaan van Stijn bf29b40a8c
staticcheck: ignore SA1019: strings.Title is deprecated
This function is deprecated because it has known limitations when using
with multi-byte strings. This limitations are quite "corner case", and
our use (mostly) is for ASCII strings. The suggestion replacement brings
20k+ lines of code, which is a bit too much to fix those corner cases.

    templates/templates.go:23:14: SA1019: strings.Title is deprecated: The rule Title uses for word boundaries does not handle Unicode punctuation properly. Use golang.org/x/text/cases instead. (staticcheck)
        "title":    strings.Title,
                    ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-28 17:23:06 +02:00
Sebastiaan van Stijn a1e67401d2
vendor: github.com/docker/docker 8941dcfcc5db4aefc351cd5b5bb4d524823035c0
- updated the default value for `--limit` on `docker search` as the const has been
  removed (added a todo to remove it)
- updated some fixtures to account for `KernelMemoryTCP` no longer being included
  in the output.

full diff: 83b51522df...8941dcfcc5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-28 17:21:59 +02:00
Sebastiaan van Stijn 5a1e151c02
Merge pull request #3493 from thaJeztah/bump_to_bullseye
Update to debian bullseye
2022-03-28 16:24:00 +02:00
Sebastiaan van Stijn dce5929794
Update to debian bullseye
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-28 16:00:46 +02:00
Tonis Tiigi d45030380d
Dockerfile: prefer ld for cross-compiling arm64 in bullseye
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2022-03-28 15:43:27 +02:00
Nicolas De loof 75c923a962
Merge pull request #3492 from thaJeztah/bump_cobra_1.4
Bump cobra to v1.4.0
2022-03-28 15:31:10 +02:00
Nicolas De loof 0bcf197ae7
Merge pull request #3497 from thaJeztah/cleanup_e2e_help_test
e2e: cleanup TestGlobalHelp() to be less brittle
2022-03-28 15:30:18 +02:00
Sebastiaan van Stijn 9fe6cb4b39
Merge pull request #3502 from thaJeztah/bump_golangci_lint
lint: update golangci-lint to v1.45.2
2022-03-28 11:29:41 +02:00
Sebastiaan van Stijn 3ffe6a3375
lint: update golangci-lint to v1.45.2
Also removed deprecated linters:

The linter 'interfacer' is deprecated (since v1.38.0) due to: The repository of the linter has been archived by the owner.
The linter 'golint' is deprecated (since v1.41.0) due to: The repository of the linter has been archived by the owner.  Replaced by revive.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-28 10:37:27 +02:00
Sebastiaan van Stijn 4ab70bf61e
linting: fix incorrectly formatted errors (revive)
cli/compose/interpolation/interpolation.go:102:4: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                "invalid interpolation format for %s: %#v. You may need to escape any $ with another $.",
                ^

    cli/command/stack/loader/loader.go:30:30: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                return nil, errors.Errorf("Compose file contains unsupported options:\n\n%s\n",
                                          ^

    cli/command/formatter/formatter.go:76:30: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return tmpl, errors.Errorf("Template parsing error: %v\n", err)
                                       ^

    cli/command/formatter/formatter.go:97:24: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return errors.Errorf("Template parsing error: %v\n", err)
                                 ^

    cli/command/image/build.go:257:25: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                return errors.Errorf("error checking context: '%s'.", err)
                                     ^

    cli/command/volume/create.go:35:27: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                        return errors.Errorf("Conflicting options: either specify --name or provide positional arg, not both\n")
                                             ^

    cli/command/container/create.go:160:24: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return errors.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
                                 ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-28 10:37:25 +02:00
Sebastiaan van Stijn d7c1fb9112
linting: ignore some "G101: Potential hardcoded credentials" warnings
cli/config/credentials/native_store.go:10:2: G101: Potential hardcoded credentials (gosec)
        remoteCredentialsPrefix = "docker-credential-"
        ^
    cli/command/service/opts.go:917:2: G101: Potential hardcoded credentials (gosec)
        flagCredentialSpec          = "credential-spec"
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-28 10:37:22 +02:00
Sebastiaan van Stijn 5a65aadd8d
cli/command/container: unnecessary use of fmt.Sprintf (gosimple)
cli/command/container/formatter_stats.go:184:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:191:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("-- / --")
                   ^
    cli/command/container/formatter_stats.go:201:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:184:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:191:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("-- / --")
                   ^
    cli/command/container/formatter_stats.go:201:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-28 10:36:53 +02:00
Spring d382a7103e update run.md
Minimum memory  4M -> 6M

Signed-off-by: Spring Lee <xi.shuai@outlook.com>
2022-03-27 17:31:10 +08:00
Sebastiaan van Stijn 8c58da18e9
Merge pull request #3500 from thaJeztah/packager_name
Change "COMPANY_NAME" to "PACKAGER_NAME"
2022-03-27 11:28:43 +02:00
Nicolas De Loof c569d25745
Bump cobra to v1.4.0
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-27 10:47:26 +02:00
Sebastiaan van Stijn bc2b48aaf2
e2e: cleanup TestGlobalHelp() to be less brittle
- remove check for "A self-sufficient runtime for containers"; really
  not important to check for.
- don't make the checks positional (just match that we find them, and
  that we don't find them multiple times)
- account for leading whitespace to change instead of hard-coding the
  number of spaces before output.
- change the badopt check; I think it should be sufficient to check
  that the bad option was printed and that "run --help" output is
  printed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-27 10:42:48 +02:00
Sebastiaan van Stijn 4cd2d9ddd2
Change "COMPANY_NAME" to "PACKAGER_NAME"
The COMPANY_NAME currently sets the "CompanyName" field in the metadata
of Windows binaries. Our intent of this field is this field to contain
information about the company/party that produced the binary.

Also from [FileVersionInfo.CompanyName][FileVersionInfo.CompanyName]:

> Gets the name of the company that produced the file

Based on the above, "PACKAGER_NAME" is a bit more generic, and clearer
on intent, and we may at some point re-use this same information to
propagate equivalent fields on other platforms (rpms, debs)

[FileVersionInfo.CompanyName]: https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.fileversioninfo.companyname

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-27 10:09:50 +02:00
Sebastiaan van Stijn dd7397342a
Merge pull request #3307 from cpuguy83/windows_dockerd_runtime
doc: Add `default-runtime` opt to daemon.json
2022-03-26 23:49:57 +01:00
Sebastiaan van Stijn 1c64adf199
Merge pull request #3495 from thaJeztah/gofmt_117
gofmt with go1.17
2022-03-26 23:35:53 +01:00
Sebastiaan van Stijn a0f0578299
gofmt with go1.17
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 20:21:00 +01:00
Sebastiaan van Stijn 668e4830d2
Merge pull request #3496 from thaJeztah/vendor_117
vendor dependencies with go1.17
2022-03-26 20:18:19 +01:00
Sebastiaan van Stijn f3a05eb800
vendor dependencies with go1.17
Some warnings about go1.16 compatibility, so including them here:

     + go mod tidy -modfile=vendor.mod
     github.com/docker/cli/cli/registry/client imports
           github.com/docker/distribution/registry/api/v2 imports
           github.com/gorilla/mux loaded from github.com/gorilla/mux@v1.7.0,
        but go 1.16 would select v1.8.0
     github.com/docker/cli/cli/compose/loader imports
        gopkg.in/yaml.v2 tested by
        gopkg.in/yaml.v2.test imports
        gopkg.in/check.v1 loaded from gopkg.in/check.v1@v1.0.0-20200227125254-8fa46927fb4f,
        but go 1.16 would select v1.0.0-20201130134442-10cb98267c6c
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/Shopify/logrus-bugsnag loaded from github.com/Shopify/logrus-bugsnag@v0.0.0-20170309145241-6dbc35f2c30d,
        but go 1.16 would select v0.0.0-20171204204709-577dee27f20d
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server/storage imports
        gopkg.in/rethinkdb/rethinkdb-go.v6 imports
        github.com/opentracing/opentracing-go loaded from github.com/opentracing/opentracing-go@v1.1.0,
        but go 1.16 would select v1.2.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server/storage imports
        gopkg.in/rethinkdb/rethinkdb-go.v6 imports
        github.com/opentracing/opentracing-go/ext loaded from github.com/opentracing/opentracing-go@v1.1.0,
        but go 1.16 would select v1.2.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server/storage imports
        gopkg.in/rethinkdb/rethinkdb-go.v6 imports
        github.com/opentracing/opentracing-go/log loaded from github.com/opentracing/opentracing-go@v1.1.0,
        but go 1.16 would select v1.2.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/afero loaded from github.com/spf13/afero@v1.1.2,
        but go 1.16 would select v1.2.2
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/cast loaded from github.com/spf13/cast@v1.3.0,
        but go 1.16 would select v1.3.1
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/jwalterweatherman loaded from github.com/spf13/jwalterweatherman@v1.0.0,
        but go 1.16 would select v1.1.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        gopkg.in/ini.v1 loaded from gopkg.in/ini.v1@v1.51.0,
        but go 1.16 would select v1.56.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/afero imports
        github.com/spf13/afero/mem loaded from github.com/spf13/afero@v1.1.2,
        but go 1.16 would select v1.2.2

     To upgrade to the versions selected by go 1.16:
        go mod tidy -go=1.16 && go mod tidy -go=1.17
     If reproducibility with go 1.16 is not needed:
        go mod tidy -compat=1.17
     For other options, see:
        https://golang.org/doc/modules/pruning

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 19:48:14 +01:00
Sebastiaan van Stijn e1d43243a0
Merge pull request #3383 from thaJeztah/bump_go_117
update go to 1.17
2022-03-26 18:06:46 +01:00
Tonis Tiigi 6119e4ba90
update go to 1.17.8
Removes the platform based switch between different versions.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 17:00:56 +01:00
Sebastiaan van Stijn 0b266ba0d8
Merge pull request #3490 from thaJeztah/fix_osusergo
scripts/build: make sure osusergo is set for static with CGO enabled
2022-03-26 17:00:05 +01:00
Sebastiaan van Stijn a23dc4f5b9
Merge pull request #3491 from thaJeztah/xx_apt_get
Dockerfile: use xx-apt-get instead of xx-apt
2022-03-26 16:48:15 +01:00
Sebastiaan van Stijn 3a1fc21e72
Dockerfile: use xx-apt-get instead of xx-apt
The `apt` command is meant to provide a user-friendly interface, but does not
have a stable interface, and not recommended for scripting, see:

    #54 [linux/amd64 build-buster 1/1] RUN xx-apt install --no-install-recommends -y libc6-dev libgcc-8-dev
    #54 0.706 Hit:1 http://security.debian.org/debian-security buster/updates InRelease
    #54 0.707 Hit:2 http://deb.debian.org/debian buster InRelease
    #54 0.708 Hit:3 http://deb.debian.org/debian buster-updates InRelease
    #54 2.149 Reading package lists...
    #54 4.917 + apt  install --no-install-recommends -y libc6-dev libgcc-8-dev
    #54 4.934
    #54 4.934 WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

This changes the command to use `apt-get` instead

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 16:13:53 +01:00
Sebastiaan van Stijn 3897c3fa54
Merge pull request #3489 from thaJeztah/dockerfile_update_xx
Dockerfile: update xx to 1.1
2022-03-26 15:57:10 +01:00
Sebastiaan van Stijn e20572d047
scripts/build: make sure osusergo is set for static with CGO enabled
Our previous CI probably did not cross-compile for s390x and ppc64le,
and therefore did not get these errors; the scripts/build/.variables
file sets CGO_ENABLED=1 for amd64|arm64|arm|s390x architectures if
it's not set;
87b8e57868/scripts/build/.variables (L34-L46)

When compiling statically with CGO enabled, we must have osusergo
enabled as well, so set it accordingly, to prevent;

    #53 [linux/amd64 build 2/2] RUN --mount=type=bind,target=.,ro     --mount=type=cache,target=/root/.cache     --mount=from=dockercore/golang-cross:xx-sdk-extras,target=/xx-sdk,src=/xx-sdk     --mount=type=tmpfs,target=cli/winresources     xx-go --wrap &&     TARGET=/out ./scripts/build/binary &&     xx-verify $([ "static" = "static" ] && echo "--static") /out/docker
    #53 953.6 # github.com/docker/cli/cmd/docker
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000022.o: in function `New':
    #53 953.6 /go/src/github.com/docker/cli/vendor/github.com/miekg/pkcs11/pkcs11.go:75: warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000018.o: in function `mygetgrouplist':
    #53 953.6 /usr/local/go/src/os/user/getgrouplist_unix.go:18: warning: Using 'getgrouplist' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000017.o: in function `mygetgrgid_r':
    #53 953.6 /usr/local/go/src/os/user/cgo_lookup_unix.go:40: warning: Using 'getgrgid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000017.o: in function `mygetgrnam_r':
    #53 953.6 /usr/local/go/src/os/user/cgo_lookup_unix.go:45: warning: Using 'getgrnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000017.o: in function `mygetpwnam_r':
    #53 953.6 /usr/local/go/src/os/user/cgo_lookup_unix.go:35: warning: Using 'getpwnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000017.o: in function `mygetpwuid_r':
    #53 953.6 /usr/local/go/src/os/user/cgo_lookup_unix.go:30: warning: Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
    #53 953.6 /usr/bin/s390x-linux-gnu-ld: /tmp/go-link-2402600021/000004.o: in function `_cgo_3c1cec0c9a4e_C2func_getaddrinfo':
    #53 953.6 /tmp/go-build/cgo-gcc-prolog:58: warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 15:49:05 +01:00
Tonis Tiigi 40d8016627
Dockerfile: update xx to 1.1
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2022-03-26 15:16:08 +01:00
Sebastiaan van Stijn 87b8e57868
Merge pull request #3485 from thaJeztah/update_vendor
vendor: containerd v1.6.2, buildkit v0.10.0
2022-03-25 10:13:30 +01:00
Sebastiaan van Stijn 5f74020ded
vendor: github.com/moby/buildkit v0.10.0
full diff: https://github.com/moby/buildkit/compare/9f254e18360a...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:59:11 +01:00
Sebastiaan van Stijn adadd5472e
vendor: github.com/prometheus/client_golang v1.11.0
un-pin the dependency to let go modules resolve the version

full diff: https://github.com/prometheus/client_golang/compare/v1.6.0...v1.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:57:15 +01:00
Sebastiaan van Stijn 7408799ec3
vendor: github.com/prometheus/procfs v0.7.3
un-pinning the dependency to let go modules resolve the version to use.

full diff: https://github.com/prometheus/procfs/compare/v0.0.11...v0.7.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:47:51 +01:00
Sebastiaan van Stijn 29f799aae7
vendor: github.com/containerd/containerd v1.6.2
full diff: https://github.com/containerd/containerd/compare/v1.5.10...v1.6.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:37:29 +01:00
Sebastiaan van Stijn b2cef834fb
vendor: google.golang.org/grpc v1.44.0
full diff: https://github.com/grpc/grpc-go/compare/v1.38.0...v1.44.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:31:10 +01:00
Sebastiaan van Stijn 0e3c9b282e
Merge pull request #3479 from fezzik1620/master
docs: hyphens are not dashes
2022-03-21 13:47:11 +01:00
fezzik1620 51ef2ccff8 docs: hyphens are not dashes
Signed-off-by: fezzik1620 <fezzik1620@users.noreply.github.com>
2022-03-20 18:42:18 -05:00
Sebastiaan van Stijn 5cb33d1cba
Merge pull request #3476 from thaJeztah/bump_crypto
vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
2022-03-19 00:08:32 +01:00
Sebastiaan van Stijn 5c39082cff
Merge pull request #3475 from thaJeztah/dockerfile_stable_syntax
Dockerfile: use syntax=docker/dockerfile:1
2022-03-18 20:44:14 +01:00
Sebastiaan van Stijn bc2c8d7599
vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
full diff: 5770296d90...3147a52a75

This version contains a fix for CVE-2022-27191 (not sure if it affects us).

From the golang mailing list:

    Hello gophers,

    Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements
    client authentication support for signature algorithms based on SHA-2 for use with
    existing RSA keys.

    Previously, a client would fail to authenticate with RSA keys to servers that
    reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default
    and—starting today March 15, 2022 for recently uploaded keys.

    We are providing this announcement as the error (“ssh: unable to authenticate”)
    might otherwise be difficult to troubleshoot.

    Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also
    fixes a potential security issue where an attacker could cause a crash in a
    golang.org/x/crypto/ssh server under these conditions:

    - The server has been configured by passing a Signer to ServerConfig.AddHostKey.
    - The Signer passed to AddHostKey does not also implement AlgorithmSigner.
    - The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.

    Servers that only use Signer implementations provided by the ssh package are
    unaffected. This is CVE-2022-27191.

    Alla prossima,

    Filippo for the Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 14:03:33 +01:00
Nicolas De loof d8afb01e00
Merge pull request #3466 from glebsts/docker-push-all-tags-docs-improve-signed 2022-03-17 12:27:23 +01:00
Sebastiaan van Stijn 994d6b7fc2
Dockerfile: use syntax=docker/dockerfile:1
Now that HEREDOC is included in the stable Dockerfile syntax, we can
use the latest stable syntax for all Dockerfiles.

The recommendation for the stable syntax is to use `:1` (which is
equivalent to "latest" stable syntax.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 10:40:17 +01:00
Nicolas De loof 11c76f1ddb
Merge pull request #3474 from thaJeztah/bump_deps_for_buildkit_containerd 2022-03-17 10:12:01 +01:00
Sebastiaan van Stijn 4f118c7636
vendor: github.com/docker/swarmkit 616e8db4c3b0
full diff: 3629f50980...616e8db4c3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:39:52 +01:00
Sebastiaan van Stijn 02a06cf9aa
vendor: golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
intermediate bump for easier review

full diff: 3af7569d3a...1f47c861a9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:25:40 +01:00