Commit Graph

9597 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 0de84f0190
vendor: golang.org/x/crypto v0.17.0
no changes in vendored files

full diff: https://github.com/golang/crypto/compare/v0.16.0...v0.17.0

from the security mailing:

> Hello gophers,
>
> Version v0.17.0 of golang.org/x/crypto fixes a protocol weakness in the
> golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise
> the integrity of the secure channel before it was established, allowing
> them to prevent transmission of a number of messages immediately after
> the secure channel was established without either side being aware.
>
> The impact of this attack is relatively limited, as it does not compromise
> confidentiality of the channel. Notably this attack would allow an attacker
> to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a
> handful of newer security features.
>
> This protocol weakness was also fixed in OpenSSH 9.6.
>
> Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr
> University Bochum for reporting this issue.
>
> This is CVE-2023-48795 and Go issue https://go.dev/issue/64784.
>
> Cheers,
> Roland on behalf of the Go team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-19 00:35:09 +01:00
Sebastiaan van Stijn 1866448dfa
Merge pull request #4726 from thaJeztah/update_crypto
vendor: golang.org/x/crypto v0.16.0, golang.org/x/sys v0.15.0, golang.org/x/text v0.14.0
2023-12-18 14:18:13 +01:00
Sebastiaan van Stijn 3cf0bf84a5
vendor: golang.org/x/crypto v0.16.0
full diff: https://github.com/golang/crypto/compare/v0.14.0...v0.16.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:47:30 +01:00
Sebastiaan van Stijn 36d4db27d5
vendor: golang.org/x/text v0.14.0
full diff: https://github.com/golang/text/compare/v0.13.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:46:41 +01:00
Sebastiaan van Stijn 3d70100d5d
vendor: golang.org/x/sys v0.15.0
full diff: https://github.com/golang/sys/compare/v0.13.0...v0.15.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:45:50 +01:00
Sebastiaan van Stijn 70d01b9262
Merge pull request #4719 from thaJeztah/go_compat
add //go:build directives to prevent downgrading to go1.16 language
2023-12-15 18:40:26 +01:00
Sebastiaan van Stijn 70216b662d
add //go:build directives to prevent downgrading to go1.16 language
This is a follow-up to 0e73168b7e

This repository is not yet a module (i.e., does not have a `go.mod`). This
is not problematic when building the code in GOPATH or "vendor" mode, but
when using the code as a module-dependency (in module-mode), different semantics
are applied since Go1.21, which switches Go _language versions_ on a per-module,
per-package, or even per-file base.

A condensed summary of that logic [is as follows][1]:

- For modules that have a go.mod containing a go version directive; that
  version is considered a minimum _required_ version (starting with the
  go1.19.13 and go1.20.8 patch releases: before those, it was only a
  recommendation).
- For dependencies that don't have a go.mod (not a module), go language
  version go1.16 is assumed.
- Likewise, for modules that have a go.mod, but the file does not have a
  go version directive, go language version go1.16 is assumed.
- If a go.work file is present, but does not have a go version directive,
  language version go1.17 is assumed.

When switching language versions, Go _downgrades_ the language version,
which means that language features (such as generics, and `any`) are not
available, and compilation fails. For example:

    # github.com/docker/cli/cli/context/store
    /go/pkg/mod/github.com/docker/cli@v25.0.0-beta.2+incompatible/cli/context/store/storeconfig.go:6:24: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)
    /go/pkg/mod/github.com/docker/cli@v25.0.0-beta.2+incompatible/cli/context/store/store.go:74:12: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)

Note that these fallbacks are per-module, per-package, and can even be
per-file, so _(indirect) dependencies_ can still use modern language
features, as long as their respective go.mod has a version specified.

Unfortunately, these failures do not occur when building locally (using
vendor / GOPATH mode), but will affect consumers of the module.

Obviously, this situation is not ideal, and the ultimate solution is to
move to go modules (add a go.mod), but this comes with a non-insignificant
risk in other areas (due to our complex dependency tree).

We can revert to using go1.16 language features only, but this may be
limiting, and may still be problematic when (e.g.) matching signatures
of dependencies.

There is an escape hatch: adding a `//go:build` directive to files that
make use of go language features. From the [go toolchain docs][2]:

> The go line for each module sets the language version the compiler enforces
> when compiling packages in that module. The language version can be changed
> on a per-file basis by using a build constraint.
>
> For example, a module containing code that uses the Go 1.21 language version
> should have a `go.mod` file with a go line such as `go 1.21` or `go 1.21.3`.
> If a specific source file should be compiled only when using a newer Go
> toolchain, adding `//go:build go1.22` to that source file both ensures that
> only Go 1.22 and newer toolchains will compile the file and also changes
> the language version in that file to Go 1.22.

This patch adds `//go:build` directives to those files using recent additions
to the language. It's currently using go1.19 as version to match the version
in our "vendor.mod", but we can consider being more permissive ("any" requires
go1.18 or up), or more "optimistic" (force go1.21, which is the version we
currently use to build).

For completeness sake, note that any file _without_ a `//go:build` directive
will continue to use go1.16 language version when used as a module.

[1]: 58c28ba286/src/cmd/go/internal/gover/version.go (L9-L56)
[2]; https://go.dev/doc/toolchain#:~:text=The%20go%20line%20for,file%20to%20Go%201.22

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-14 15:03:46 +01:00
Sebastiaan van Stijn f1f47793fc
Merge pull request #4717 from docker/dependabot/github_actions/github/codeql-action-3
build(deps): bump github/codeql-action from 2 to 3
2023-12-14 10:47:27 +01:00
dependabot[bot] 88e6474350
build(deps): bump github/codeql-action from 2 to 3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-14 08:33:33 +00:00
Sebastiaan van Stijn ae2b58fd98
Merge pull request #4700 from thaJeztah/wire_up_contexts
Plumb contexts through commands
2023-12-13 22:29:51 +01:00
Sebastiaan van Stijn 2b63b4f8d1
Merge pull request #4713 from thaJeztah/health_table
docs: run-reference: use table for health options
2023-12-13 19:41:26 +01:00
Sebastiaan van Stijn ca9ff8dafc
docs: run-reference: use table for health options
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 16:00:10 +01:00
Sebastiaan van Stijn 8f90d984bb
Merge pull request #4711 from thaJeztah/remove_logentries
remove deprecated "logentries" logging driver from docs, completion, and tests
2023-12-13 15:53:37 +01:00
Sebastiaan van Stijn 77e67a0f92
docs/deprecated: mark logentries logging-driver as "removed"
This driver has been deprecated and removed because the service
is no longer operational. Update the deprecated features docs to
mention it's been fully removed in Docker v25.0.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 13:19:33 +01:00
Sebastiaan van Stijn 8f13b04162
cli/command: remove "logentries" driver from tests and fixtures
This driver has been deprecated and removed because the service
is no longer operational. Remove it from the tests to better reflect
reality.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 13:18:16 +01:00
Sebastiaan van Stijn d79dd7c531
docs, man: remove logentries logging-driver
This driver has been deprecated and removed because the service
is no longer operational. Remove it from the sample output.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 13:16:31 +01:00
Sebastiaan van Stijn b14094df53
contrib/completion: remove logentries logging-driver
This driver has been deprecated and removed because the service
is no longer operational.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 13:15:14 +01:00
Sebastiaan van Stijn f63065a58b
vendor: github.com/docker/docker f3cc93630ed8 (v25.0.0-dev)
full diff: https://github.com/docker/docker/compare/v25.0.0-beta.2...f3cc93630ed8138a6775cbf150c6bfb341cb337b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 12:48:42 +01:00
Sebastiaan van Stijn fa1914426d
vendor: github.com/docker/docker v25.0.0-beta.2
No changes, as it's the same commit: https://github.com/docker/docker/compare/92884c25b394...v25.0.0-beta.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 12:48:42 +01:00
Sebastiaan van Stijn 103840e85e
Merge pull request #4615 from dvdksn/docs-cli-reference-refresh
docs: refactor cli run reference
2023-12-13 12:46:26 +01:00
Sebastiaan van Stijn 9b06602545
Merge pull request #4709 from thaJeztah/update_logentries_driver
docs/deprecated: mark logentries log-driver for removal
2023-12-13 10:11:20 +01:00
Sebastiaan van Stijn e81a666614
docs/deprecated: mark logentries log-driver for removal
The service has been discontinued on November 15, 2022:

> Dear Logentries user,
>
> We have identified you as the owner of, or collaborator of, a Logentries
> account.
>
> The Logentries service will be discontinued on November 15th, 2022. This
> means that your Logentries account access will be removed and all your
> log data will be permanently deleted on this date.
>
> Next Steps
> If you are interested in an alternative Rapid7 log management solution,
> InsightOps will be available for purchase through December 16th, 2022.
> Please note, there is no support to migrate your existing Logentries
> account to InsightOps.
>
> Thank you for being a valued user of Logentries.
>
> Thank you,
> Rapid7 Customer Success

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 10:04:40 +01:00
David Karlsson f8dd8f074d docs: refresh --publish, add --publish-all
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 22:36:26 +01:00
Brian Goff 5400a48aaf
Plumb contexts through commands
This is to prepare for otel support.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 22:30:16 +01:00
Sebastiaan van Stijn 9eb632dc7c
Merge pull request #4387 from thaJeztah/single_cli_option
cli/command: merge DockerCliOption and InitializeOpt types
2023-12-12 22:28:19 +01:00
Sebastiaan van Stijn 7b3a60fad3
Merge pull request #4704 from thaJeztah/bump_engine
vendor: github.com/docker/docker 92884c25b394 (v25.0.0-dev)
2023-12-12 17:19:23 +01:00
Sebastiaan van Stijn aec7ec7f61
vendor: github.com/docker/docker 92884c25b394 (v25.0.0-dev)
full diff: 4046ae5e2f...92884c25b3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:57:38 +01:00
Sebastiaan van Stijn 0a3a16d2b4
vendor: github.com/containerd/containerd v1.7.11
full diff: https://github.com/containerd/containerd/compare/v1.7.8...v1.7.11

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:39:14 +01:00
Sebastiaan van Stijn 54c103aff4
vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0
Upgrade to the latest OpenTelemetry libraries; this will unblock a lot of
downstream projects in the ecosystem to upgrade, as some of the parts here
were pre-1.0/unstable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:39:08 +01:00
Sebastiaan van Stijn d49970590c
vendor: github.com/felixge/httpsnoop v1.0.4
full diff: https://github.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:22:47 +01:00
Sebastiaan van Stijn 7af509c7f1
cli/command: merge DockerCliOption and InitializeOpt types
The cli/command package defined two option-types with the same signature.

This patch creates a new type instead (CLIOption), and makes the existing
types an alias for this (deprecating their old names).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 15:01:36 +01:00
Sebastiaan van Stijn 7d92573852
Merge pull request #4599 from laurazard/plugin-signal-handling
cli-plugins: terminate plugin when CLI exits
2023-12-12 14:58:04 +01:00
Laura Brehm 1554ac3b5f
cli-plugins: terminate plugin when CLI exits
Previously, long lived CLI plugin processes weren't
properly handled
(see: https://github.com/docker/cli/issues/4402)
resulting in plugin processes being left behind
running, after the CLI process exits.

This commit changes the plugin handling code to open
an abstract unix socket before running the plugin and
passing it to the plugin process, and changes the
signal handling on the CLI side to close this socket
which tells the plugin that it should exit.

This implementation makes use of sockets instead of
simply setting PDEATHSIG on the plugin process
so that it will work on both BSDs, assorted UNIXes
and Windows.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-12-12 13:54:30 +00:00
David Karlsson 2e394eb5f4 docs: rewrite section on working directory
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:45:40 +01:00
David Karlsson 4a84514552 docs: rewrite section on setting user id
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:44:07 +01:00
David Karlsson 259aa90059 docs: rewrite section on filesystem mounts
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:44:07 +01:00
David Karlsson 52716c813b docs: move --tmpfs to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:44:07 +01:00
David Karlsson 5ede4c82ac docs: minor improvements to the healthcheck section
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:44:07 +01:00
David Karlsson 7585d66a07 docs: rewrite section on overriding environment variables
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:44:07 +01:00
David Karlsson 3eeac20593 docs: rewrite section on exposing ports
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:44:01 +01:00
Sebastiaan van Stijn ce6832a355
Merge pull request #4707 from thaJeztah/fix_overlay_typo
docs: fix typo in "network create" docs
2023-12-11 22:48:02 +01:00
Sebastiaan van Stijn 0a94d85cd6
docs: fix typo in "network create" docs
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-11 22:33:52 +01:00
David Karlsson b01e287527 docs: rewrite section on default entrypoint
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:18:53 +01:00
David Karlsson c695ad9d74 docs: rewrite section on overriding image defaults
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:18:53 +01:00
David Karlsson 4a6cde8859 docs: move --log-driver to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:18:51 +01:00
David Karlsson 72df1960e1 docs: move --cgroup-parent to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson 9e75a4cf61 docs: move --init to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson 92c664b0dc docs: move info about --security-opt to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson f98444490f docs: move --rm to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson 32189ca273 docs: improve description about container exit codes
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00