Commit Graph

9185 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 06eba426d7
cmd/docker: fix typo in deprecation warning
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-19 13:03:28 +01:00
Sebastiaan van Stijn 9a5d5aefb8
Merge pull request #3923 from dozjul/master
Added missing backslash to documentation cli snippet
2022-12-18 11:18:16 +01:00
Julian 895e7a3df8
Added missing backslash to documentation sites cli snippet
I think the cli code block misses a backslash to brevent line break when copy/pasting it to a terminal.
I doubt that this is intentional, if it is, feel free to reject the pr.

Signed-off-by: Julian <gitea+julian@ic.thejulian.uk>
2022-12-18 10:47:51 +01:00
Sebastiaan van Stijn 51f36c6be1
Merge pull request #3915 from thaJeztah/remove_libtrust_todo
cli/flags: remove outdated TODO
2022-12-15 16:05:01 +01:00
Sebastiaan van Stijn 2f733b87f9
cli/flags: remove outdated TODO
Libtrust was only used for pushing schema 2, v1 images, which is no longer
supported; this TODO was likely left from when the CLI and daemon were
in the same repository.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-15 15:29:56 +01:00
Sebastiaan van Stijn 990674901b
Merge pull request #3905 from thaJeztah/improve_buildkit_error
cmd/docker: improve error message if BUILDKIT_ENABLED=0
2022-12-09 14:24:46 +01:00
Sebastiaan van Stijn 60d62fb729
cmd/docker: improve error message if BUILDKIT_ENABLED=0
Before this change, the error would suggest installing buildx:

    echo "FROM scratch" | DOCKER_BUILDKIT=0  docker build -
    DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
                Install the buildx component to build images with BuildKit:
                https://docs.docker.com/go/buildx/

    ...

However, this error would also be shown if buildx is actually installed,
but disabled through "DOCKER_BUILDKIT=0";

    docker buildx version
    github.com/docker/buildx v0.9.1 ed00243

With this patch, it reports that it's disabled, and how to fix:

    echo "FROM scratch" | DOCKER_BUILDKIT=0  docker build -
    DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
                BuildKit is currently disabled; enabled it by removing the DOCKER_BUILDKIT=0
                environment-variable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-09 13:08:07 +01:00
Sebastiaan van Stijn 83ca73f9aa
Merge pull request #3900 from pdaig/fix-ssh-killed
Fix ssh process killed when context is done
2022-12-08 20:26:33 +01:00
Sebastiaan van Stijn 693ae6ca73
Merge pull request #3912 from thaJeztah/bump_engine
vendor: github.com/docker/docker v23.0.0-beta.1
2022-12-08 10:24:44 +01:00
Sebastiaan van Stijn 0f6023a9c3
vendor: github.com/docker/docker v23.0.0-beta.1
Allows us to remove the replace rule, although we probably need to
add it back if we want to update to a newer version from the release
branch (as go mod doesn't support release branches :(( ).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-07 23:14:19 +01:00
Sebastiaan van Stijn c567f674c6
Merge pull request #3906 from thaJeztah/bump_buildx
Dockerfile: update buildx to v0.9.1
2022-12-07 15:34:48 +01:00
Sebastiaan van Stijn 40694311b4
Merge pull request #3907 from thaJeztah/update_go_1.19.4
update to go1.19.4
2022-12-07 13:21:36 +01:00
Sebastiaan van Stijn 016846e950
update to go1.19.4
Includes security fixes for net/http (CVE-2022-41717, CVE-2022-41720),
and os (CVE-2022-41720).

These minor releases include 2 security fixes following the security policy:

- os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

  The os.DirFS function and http.Dir type provide access to a tree of files
  rooted at a given directory. These functions permitted access to Windows
  device files under that root. For example, os.DirFS("C:/tmp").Open("COM1")
  would open the COM1 device.
  Both os.DirFS and http.Dir only provide read-only filesystem access.

  In addition, on Windows, an os.DirFS for the directory \(the root of the
  current drive) can permit a maliciously crafted path to escape from the
  drive and access any path on the system.

  The behavior of os.DirFS("") has changed. Previously, an empty root was
  treated equivalently to "/", so os.DirFS("").Open("tmp") would open the
  path "/tmp". This now returns an error.

  This is CVE-2022-41720 and Go issue https://go.dev/issue/56694.

- net/http: limit canonical header cache by bytes, not entries

  An attacker can cause excessive memory growth in a Go server accepting
  HTTP/2 requests.

  HTTP/2 server connections contain a cache of HTTP header keys sent by
  the client. While the total number of entries in this cache is capped,
  an attacker sending very large keys can cause the server to allocate
  approximately 64 MiB per open connection.

  This issue is also fixed in golang.org/x/net/http2 vX.Y.Z, for users
  manually configuring HTTP/2.

  Thanks to Josselin Costanzi for reporting this issue.

  This is CVE-2022-41717 and Go issue https://go.dev/issue/56350.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.19.4

And the milestone on the issue tracker:
https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.19.3...go1.19.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 23:03:41 +01:00
Sebastiaan van Stijn 0e15d73c65
Dockerfile: update buildx to v0.9.1
This is only used for testing, but saw it was a bit behind.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 14:25:04 +01:00
Sebastiaan van Stijn 65d3f7830d
Merge pull request #3904 from thaJeztah/fix_lazy_evaluate
cmd/docker: make feature detection lazy again
2022-12-06 10:39:06 +01:00
Sebastiaan van Stijn 006c946389
cmd/docker: make feature detection lazy again
Commit 20ba591b7f fixed incorrect feature
detection in the CLI, but introduced a regression; previously the "ping"
would only be executed if needed (see b39739123b),
but by not inlining the call to `ServerInfo()` would now always be called.

This patch inlines the code again to only execute the "ping" conditionally,
which allows it to be executed lazily (and omitted for commands that don't
require a daemon connection).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 10:17:50 +01:00
Sebastiaan van Stijn 8fc1444558
Merge pull request #3901 from thaJeztah/carry_3845
Fix bug where incorrect response is returned [carry 3845]
2022-12-06 09:23:59 +01:00
Adyanth Hosavalike 20ba591b7f
Fix bug where incorrect response is returned
When server is unreachable and docker checkpoint (or any command that
needs to check the server type) is run, incorrect error was returned.

When checking if the daemon had the right OS, we compared the OSType
from the clients ServerInfo(). In situations where the client cannot
connect to the daemon, a "stub" Info is used for this, in which we
assume the daemon has experimental enabled, and is running the latest
API version.

However, we cannot fill in the correct OSType, so this field is empty
in this situation.

This patch only compares the OSType if the field is non-empty, otherwise
assumes the platform matches.

before this:

    docker -H unix:///no/such/socket.sock checkpoint create test test
    docker checkpoint create is only supported on a Docker daemon running on linux, but the Docker daemon is running on

with this patch:

    docker -H unix:///no/such/socket.sock checkpoint create test test
    Cannot connect to the Docker daemon at unix:///no/such/socket.sock. Is the docker daemon running?

Co-authored-by: Adyanth Hosavalike <ahosavalike@ucsd.edu>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 08:55:47 +01:00
Sebastiaan van Stijn f33ef47061
Merge pull request #3903 from thaJeztah/build_test_dummy
cil/command: use dummy client for build-tests
2022-12-06 08:24:13 +01:00
Sebastiaan van Stijn 121c613877
cil/command: use dummy client for build-tests
These tests were using the default client, which would try to make a connection
with the daemon (which isn't running). Some of these test subsequently had
tests that depended on the result of that connection (i.e., "ping" result).

This patch updates the test to use a dummy client, so that the ping result is
predictable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 22:37:40 +01:00
Sebastiaan van Stijn 21e45ff852
cli/command: add WithAPIClient
This allows the cli to be initialized with a (custom) API client.
Currently to be used for unit tests, but could be used for other
scenarios.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 21:40:39 +01:00
Sebastiaan van Stijn 74874cd0c9
Merge pull request #3661 from thaJeztah/update_images
docs: various (minor) changes and rewording
2022-12-05 17:28:34 +01:00
Sebastiaan van Stijn b65bda6890
Merge pull request #3829 from dvdksn/fix-doclink-cli
updated additionalHelp text
2022-12-05 17:23:27 +01:00
Sebastiaan van Stijn 60833d2046
docs/reference: exec: update some examples
Use /bin/sh in the examples, as it's more likely to be present in a
container than bash (some users got confused by this, so using plain
"sh" in the examples could lead to less confusion).

Also added some extra wording around defaults, and how they're inherited
by the exec'd process.

It's definitely not "perfect" yet (lots to do in this document to improve
it), but it's a start :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:10:05 +01:00
Sebastiaan van Stijn cac78c237f
docs/reference: info: update example output
Update the example output to not use deprecated storage drivers or
Windows versions.

Also removes the section about `--debug`, because the `docker info` output
depends on the _daemon_ (not the client) to have debug mode enabled.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:10:05 +01:00
Sebastiaan van Stijn 9ba371f665
docs: update examples to not use deprecated images
using latest ubuntu LTS, and alpine for some examples. Also syncing some
wording between the man-pages and online docs.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:10:05 +01:00
Sebastiaan van Stijn 74086bc93b
doc/reference: update attach reference
Some touch-ups in the attach reference and man-page;

- remove uses of old images (ubuntu 14.04)
- adds some more wording about `-i` and `-t` to use the detach sequence.
- use `--filter` instead of `grep` to list the container, to make the
  example more portable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:10:05 +01:00
Sebastiaan van Stijn 82805ad71f
docs/extend: remove note about first supported version
Docker v1.12 is really old, so no need to continue including this
in the docs. Also reformatted a markdown table.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:09:57 +01:00
Sebastiaan van Stijn 37dcee37b6
Merge pull request #3812 from mspiess/3293-fix-replicas-override-0
add ability to override ints in compose files with 0
2022-12-05 16:26:44 +01:00
David Karlsson 3da0e959d3 updated additionalHelp text
Signed-off-by: David Karlsson <david.karlsson@docker.com>
2022-12-05 16:26:31 +01:00
Patrick Daigle e547881e27 Fix ssh process killed when context is done
Signed-off-by: Patrick Daigle <114765035+pdaig@users.noreply.github.com>
2022-12-04 22:09:17 -05:00
Sebastiaan van Stijn 7240f70808
Merge pull request #3896 from thaJeztah/add_alpine_version
Dockerfile: add ALPINE_VERSION build-arg
2022-12-04 18:26:01 +01:00
Sebastiaan van Stijn 1b0d6fc804
Dockerfile: add ALPINE_VERSION build-arg
This allows us to pin to a specific version of Alpine, in case the
golang:alpine image switches to a newer version, which may at times
be incompatible, e.g. see https://github.com/moby/moby/issues/44570

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-04 14:57:43 +01:00
Sam Thibault 64c8976745
Merge pull request #3834 from luismulinari/fix_max_concurrent_downloads_uploads_docs
docs: fix the max-concurrent-downloads and max-concurrent-uploads configs documentation
2022-12-02 22:22:06 +01:00
Sebastiaan van Stijn 4c22ede9ea
Merge pull request #3894 from thaJeztah/update_engine
vendor: docker/docker v20.10.3-0.20221201203946-b21e8f72f254 (v23.0.0-dev)
2022-12-01 23:21:13 +01:00
Sebastiaan van Stijn 60b09ea7fb
vendor: docker/docker v20.10.3-0.20221201203946-b21e8f72f254 (v23.0.0-dev)
full diff: bb2eab21c6...b21e8f72f2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 22:09:01 +01:00
Sebastiaan van Stijn d7e872ed64
Merge pull request #3892 from thaJeztah/port_sort
container port: sort ports before printing
2022-12-01 13:01:17 +01:00
Sebastiaan van Stijn ee599f6422
Merge pull request #3891 from thaJeztah/update_engine
vendor: docker/docker v20.10.3-0.20221201081640-bb2eab21c6db (v23.0.0-dev)
2022-12-01 12:59:43 +01:00
Sebastiaan van Stijn 4bee65ffaa
Merge pull request #3890 from thaJeztah/authors_update
Update mailmap and AUTHORS
2022-12-01 12:59:26 +01:00
Sebastiaan van Stijn 1768240bcd
cli/command/container: runPort: sort ports before printing
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 10:58:40 +01:00
Sebastiaan van Stijn c5613ac032
cli/command/container: TestNewPortCommandOutput improve test
Make sure that the container has multiple port-mappings to illustrate
that only the given port is matched.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 10:52:15 +01:00
Sebastiaan van Stijn 58487e088a
cli/command/container: runPort(): slight refactor
- use strings.Cut
- don't use nat.NewPort as we don't accept port ranges
- use an early return if there's no results

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 10:39:34 +01:00
Sebastiaan van Stijn f0435fd3f3
cli/command/container: runPort(): update godoc, and add todo
We should consider showing all mappings for a given port if no specific
proto was specified.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 10:20:57 +01:00
Sebastiaan van Stijn f2566760a8
Update AUTHORS header to indicate it's generated
Using both @generated, and using Go's format for generated files,
to match the format we now use on moby/moby.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 10:05:22 +01:00
Sebastiaan van Stijn b81acd7c4e
Update mailmap and AUTHORS
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 10:04:48 +01:00
Sebastiaan van Stijn 25c06c755c
vendor: docker/docker v20.10.3-0.20221201081640-bb2eab21c6db (v23.0.0-dev)
full diff: a913b5ad7e...bb2eab21c6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 09:48:58 +01:00
Sebastiaan van Stijn ab794859fe
Merge pull request #3847 from thaJeztah/context_lazy_evaluate
context: implement lazy loading, and other improvements
2022-11-29 00:22:02 +01:00
Sebastiaan van Stijn 2c9dff1436
cli/command/context: context ls: always show current context
if a context is set (e.g. through DOCKER_CONTEXT or the CLI config file), but
wasn't found, then a "stub" context is added, including an error message that
the context doesn't exist.

    DOCKER_CONTEXT=nosuchcontext docker context ls
    NAME              DESCRIPTION                               DOCKER ENDPOINT               ERROR
    default           Current DOCKER_HOST based configuration   unix:///var/run/docker.sock
    nosuchcontext *                                                                           context "nosuchcontext": context not found: …

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 23:41:29 +01:00
Sebastiaan van Stijn ed4b0a67be
cli/command/context: context ls: add ERROR column, and don't fail early
This updates `docker context ls` to:

- not abort listing contexts when failing one (or more) contexts
- instead, adding an ERROR column to inform the user there was
  an issue loading the context.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 16:52:02 +01:00
Sebastiaan van Stijn 14f97cc10a
cli/command: DockerCli.ServerInfo() load info lazily
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 16:52:02 +01:00