Commit Graph

8791 Commits

Author SHA1 Message Date
Sebastiaan van Stijn a27acd62b3
cli/command/container/create: pullImage() remove intermediate vars
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:15 +02:00
Sebastiaan van Stijn e0b47cc2cc
cli/command/image: imagePullPrivileged: remove intermediate variables
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:15 +02:00
Sebastiaan van Stijn 372bb56ade
cli/command: replace EncodeAuthToBase64 for registry.EncodeAuthConfig
Replace uses of this function in favor of the implementation in the
API types, so that we have a single, canonical implementation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:15 +02:00
Sebastiaan van Stijn 534bfc2301
cli/command/registry: remove intermediate var that collided
This also simplifies the code a bit.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:14 +02:00
Sebastiaan van Stijn 5e76d41bf6
cli/command: ConfigureAuth: fix links to related tickets
Also adds a TODO to verify if this special handling is still needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:14 +02:00
Sebastiaan van Stijn 68d791e56d
cli/command: ConfigureAuth: trim whitespace both for username and password
changes readInput() to trim whitespace. The existing code tried to be
conservative and only trimmed whitespace for username (not for password).
Passwords with leading/trailing whitespace would be _very_ unlikely, and
trimming whitespace is generally accepted.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:14 +02:00
Sebastiaan van Stijn d0ec8fa5cf
cli/command: ConfigureAuth: fix terminal state not being restored on error
ConfigureAuth used the readInput() utility to read the username and password.
However, this utility did not return errors it encountered, but instead did
an os.Exit(1). A result of this was that the terminal was not restored if
an error happened. When reading the password, the terminal is configured to
disable echo (i.e. characters are not printed), and failing to restore
the previous state means that the terminal is now "non-functional".

This patch:

- changes readInput() to return errors it encounters
- uses a defer() to restore terminal state

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:14 +02:00
Sebastiaan van Stijn c846428cb6
docs: update dockerd usage output for new proxy-options
Adds documentation for the options that were added in
427c7cc5f8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 18:47:00 +02:00
Sebastiaan van Stijn c730a8eb95
docs/reference: dockerd: remove default oom-score-adjust
The daemon no longer adjusts its oom-score by default; see

- 2b8e68ef06
- cf7a5be0f2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 18:45:20 +02:00
Sebastiaan van Stijn c209743612
docs/reference: dockerd: update seccomp flag description
Update the description for the changes made in;
68e96f88ee

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 18:41:27 +02:00
Sebastiaan van Stijn 32bc912008
docs/reference: dockerd: use table for env-vars
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 18:27:40 +02:00
Sebastiaan van Stijn 3701748000
docs/reference: use table for proxy env-vars
Adding a description based on the Go documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 18:19:39 +02:00
Sebastiaan van Stijn 879e0804a4
docs/reference: reformat env-vars table, and simplify
No need to mention that the env-var may be removed at that point to keep
the description more to-the-point.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 18:17:22 +02:00
Sebastiaan van Stijn 4a863df57a
docs/reference: remove mention of DOCKER_NOWARN_KERNEL_VERSION
Support for this environment variable was removed in docker 23.0 in
1240f8b41d

From that patch:

> All regular, non-EOL Linux distros now come with more recent kernels
> out of the box. There may still be users trying to run on kernel 3.10
> or older (some embedded systems, e.g.), but those should be a rare
> exception, which we don't have to take into account.
>
> This patch removes the kernel version check on Linux, and the corresponding
> DOCKER_NOWARN_KERNEL_VERSION environment that was there to skip this
> check.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 18:12:08 +02:00
Sebastiaan van Stijn c388fe4deb
cli: make cobra templates a const
Saves me from having to look if they're possibly updated/overwritten
anywhere in the code.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 15:44:29 +02:00
Sebastiaan van Stijn b799ab94b8
Merge pull request #4187 from dvdksn/docs/validate-markdown
ci: add validation for generated docs
2023-04-12 14:44:46 +02:00
David Karlsson 341c843ac2 ci: remove fetch depth 0 for validate jobs
Signed-off-by: David Karlsson <david.karlsson@docker.com>
2023-04-12 13:31:44 +02:00
David Karlsson 25ed7847ec ci: add validation for generated markdown
Signed-off-by: David Karlsson <david.karlsson@docker.com>
2023-04-12 13:30:43 +02:00
Sebastiaan van Stijn 90f17f3f9f
Merge pull request #4173 from thaJeztah/bump_cobra
vendor: github.com/spf13/cobra v1.7.0
2023-04-12 12:43:18 +02:00
Sebastiaan van Stijn c697659678
Merge pull request #4180 from thaJeztah/docker_info_version
docker info: include Client Version and "platform name"
2023-04-12 12:42:55 +02:00
Sebastiaan van Stijn 581540e5b0
Merge pull request #4194 from thaJeztah/fix_deprecation_version
docs: deprecated: fix version (23.1.0 -> 24.0.0)
2023-04-12 12:42:06 +02:00
Sebastiaan van Stijn 3c0dc7ec3b
Merge pull request #4192 from thaJeztah/registry_fix_ResolveAuthConfig_docs
cli/command: fix documentation for ResolveAuthConfig
2023-04-12 12:36:22 +02:00
Sebastiaan van Stijn 04df700257
docs: deprecated: fix version (23.1.0 -> 24.0.0)
The next release will be "v24.0.0", not "v23.1.0"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 12:11:05 +02:00
Sebastiaan van Stijn 5bd359132b
cli/command: fix documentation for ResolveAuthConfig
This function no longer uses the /info endpoint to resolve the registry
to use. The documentation for this function was still referring to
the (once used) special registry for Windows images, which is no longer
in use, so update the docs to reflect reality :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 10:23:47 +02:00
Sebastiaan van Stijn 8ee771114c
docker info: include Client Version and "platform name"
This patch adds additional information to the Client section of the output.
We were already outputting versions of CLI Plugins, and the Server, but not
for the Client.

Adding this information can help with bug-reports where the reporter only
provided the `docker info` output, or (e.g.) only `docker --version`. The
platform name helps identify what kind of builds the user has installed
(e.g. docker's docker-ce packages have "Docker Engine - Community" set
for this), although we should consider including "packager" information
as a more formalized field for this information.

Before this patch:

    $ docker info
    Client:
     Context:    default
     Debug Mode: false
     Plugins:
      buildx: Docker Buildx (Docker Inc.)
        Version:  v0.10.4
        Path:     /usr/libexec/docker/cli-plugins/docker-buildx
    ...

With this patch applied:

    $ docker info
    Client: Docker Engine - Community
     Version:    24.0.0-dev
     Context:    default
     Debug Mode: false
     Plugins:
      buildx: Docker Buildx (Docker Inc.)
        Version:  v0.10.4
        Path:     /usr/libexec/docker/cli-plugins/docker-buildx
    ...

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-11 18:58:41 +02:00
Sebastiaan van Stijn 3347d7b5aa
cli/command/system: add newClientVersion() utility
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-11 18:58:41 +02:00
Sebastiaan van Stijn 3124e779c9
cli/command/system: clientVersion: make all fields "omitempty"
This allows the type to be used for situations where this information is
not present, or not to be printed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-11 18:58:41 +02:00
Sebastiaan van Stijn 9202bef4a7
cli/command/system: add platformInfo type, and fix "omitempty"
The Platform field was defined with omitempty, but would always be shown
in the JSON output, because it was never nil.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-11 18:58:39 +02:00
Sebastiaan van Stijn 5d37acddeb
cli/command/system:remove versionInfo.ServerOK() utility
It's defined on a non-exported type, and was only used in a template.
Replacing for a basic "nil" check, which should do the same.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-11 18:55:44 +02:00
Sebastiaan van Stijn 623356001f
Merge pull request #4168 from thaJeztah/docker_info_json
fix docker info, docker version --format=json not outputting json format
2023-04-11 18:43:16 +02:00
Sebastiaan van Stijn fff5a31a5c
Merge pull request #4179 from thaJeztah/no_2206
docs: update engine versions in some examples
2023-04-10 18:42:09 +02:00
Sebastiaan van Stijn 5d33b72769
docs: update engine versions in some examples
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-10 15:08:38 +02:00
Sebastiaan van Stijn 23bd746c43
fix docker version --format=json not outputting json format
The --format=json option was added for all inspect commands, but was not
implemented for "docker version". This patch implements the missing option.

Before this patch:

    docker version --format=json
    json

With this patch:

    docker version --format=json
    {"Client":{"Platform":{"Name":""},"Version":"24.0.0-dev","ApiVersion":"..."}}

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-10 14:29:14 +02:00
Sebastiaan van Stijn 80640bca72
cli/command/system: make default version template a const
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-10 14:28:02 +02:00
Sebastiaan van Stijn 46234b82e2
fix docker info --format=json not outputting json format
The --format=json option was added for all inspect commands, but was not implemented
for "docker info". This patch implements the missing option.

Before this patch:

    docker info --format=json
    json

With this patch applied:

    docker info --format=json
    {"ID":"80c2f18a-2c88-4e4a-ba69-dca0eea59835","Containers":7,"ContainersRunning":"..."}

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-10 14:26:28 +02:00
Sebastiaan van Stijn 1aaa179d9d
cli/command/formatter: export JSONFormat const
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-10 14:26:07 +02:00
Sebastiaan van Stijn 5acb64944f
Merge pull request #3978 from thaJeztah/minor_cleanups
some minor cleanups
2023-04-10 01:51:36 +02:00
Sebastiaan van Stijn 37e02ff211
docker ps: print warning if both --format and --quiet are set
Of both "--quiet" and "--format" are set, --quiet takes precedence. This
patch adds a warning to inform the user that their custom format is not
used:

    docker ps --format='{{.Image}}'
    ubuntu:22.04
    alpine

    docker ps --format='{{.Image}}' --quiet
    WARNING: Ignoring custom format, because both --format and --quiet are set.
    40111f61d5c5
    482efdf39fac

The warning is printed on STDERR, so can be redirected:

    docker ps --format='{{.Image}}' --quiet 2> /dev/null
    40111f61d5c5
    482efdf39fac

The warning is only shown if the format is set using the "--format" option.
No warning is shown if a custom format is set through the CLI configuration
file:

    mkdir -p ~/.docker/
    echo '{"psFormat": "{{.Image}}"}' > ~/.docker/config.json

    docker ps
    ubuntu:22.04
    alpine

    docker ps --quiet
    40111f61d5c5
    482efdf39fac

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-10 01:17:48 +02:00
Sebastiaan van Stijn f522905595
docker ps: always use --quiet, also combined with --format
Previously, the formatter would ignore the quiet option if a custom format
was passed; this situation was handled in runPs(), where custom formats
would only be applied if the quiet option was not set, but only if the
format was set in the CLI's config.

This patch updates NewContainerFormat() to do the same, even if a `--format`
was passed on the command-line.

This is a change in behavior, so may need some discussion; possible alternatives;

- produce an error if both `--format` and `--quiet` are passed
- print a warning if both are passed (but use the logic from this patch)

Before this patch:

```console
docker ps --format '{{.Image}}'
ubuntu:22.04
alpine

docker ps --format '{{.Image}}' --quiet
ubuntu:22.04
alpine

mkdir -p ~/.docker/
echo '{"psFormat": "{{.Image}}"}' > ~/.docker/config.json

docker ps
ubuntu:22.04
alpine

docker ps --quiet
ubuntu:22.04
alpine
```

With this patch applied:

```console
docker ps --format '{{.Image}}'
ubuntu:22.04
alpine

docker ps --format '{{.Image}}' --quiet
40111f61d5c5
482efdf39fac

mkdir -p ~/.docker/
echo '{"psFormat": "{{.Image}}"}' > ~/.docker/config.json

docker ps
ubuntu:22.04
alpine

docker ps --quiet
40111f61d5c5
482efdf39fac
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-10 01:12:00 +02:00
Sebastiaan van Stijn f36e4b0949
cli/command/container: rename vars that collided
- containerConfig collided with the containerConfig type
- warning collided with the warning const

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-10 00:32:51 +02:00
Sebastiaan van Stijn c25b8f803e
vendor: github.com/spf13/cobra v1.7.0
release notes: https://github.com/spf13/cobra/releases/tag/v1.7.0

Features

- Allow to preserve ordering of completions in bash, zsh, pwsh, & fish
- Add support for PowerShell 7.2+ in completions
- Allow sourcing zsh completion script

Bug fixes

- Don't remove flag values that match sub-command name
- Fix powershell completions not returning single word
- Remove masked template import variable name
- Correctly detect completions with dash in argument

Testing & CI/CD

- Deprecate Go 1.15 in CI
- Deprecate Go 1.16 in CI
- Add testing for Go 1.20 in CI
- Add tests to illustrate unknown flag bug

Maintenance

- Update main image to better handle dark backgrounds
- Fix stale.yaml mispellings
- Remove stale bot from GitHub actions
- Add makefile target for installing dependencies
- Add Sia to projects using Cobra
- Add Vitess and Arewefastyet to projects using cobra
- Fixup for Kubescape github org
- Fix route for GitHub workflows badge
- Fixup for GoDoc style documentation
- Various bash scripting improvements for completion
- Add Constellation to projects using Cobra

Documentation

- Add documentation about disabling completion descriptions
- Improve MarkFlagsMutuallyExclusive example in user guide
- Update shell_completions.md
- Update copywrite year
- Document suggested layout of subcommands
- Replace deprecated ExactValidArgs with MatchAll in doc

full diff: https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-09 23:10:56 +02:00
Sebastiaan van Stijn d49b8ff855
Merge pull request #4170 from thaJeztah/bump_version
Update version to v24.0.0-dev
2023-04-09 23:02:27 +02:00
Sebastiaan van Stijn 443bcc652a
Merge pull request #4169 from thaJeztah/fix_mddocs
scripts/docs/generate-md.sh: fix location of generate code
2023-04-09 22:59:10 +02:00
Sebastiaan van Stijn ca1d0eb901
Update version to v24.0.0-dev
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-09 15:40:10 +02:00
Sebastiaan van Stijn 08a794dc0c
docs: regenerate markdown docs
This adds the new aliases that were added in 9b54d860cd

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-09 13:36:36 +02:00
Sebastiaan van Stijn 37f234fbe7
scripts/docs/generate-md.sh: fix location of generate code
Commit 1e3622c50c moved the generator code
to a subdirectory, but forgot to update the markdown version of this script.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-09 13:35:55 +02:00
Sebastiaan van Stijn daf99dd308
Merge pull request #3972 from thaJeztah/embed_streams
cli/command: embed "Streams" interface in "Cli"
2023-04-09 12:49:56 +02:00
Sebastiaan van Stijn 613ab8b2d5
Merge pull request #4162 from thaJeztah/bump_go1.20.3
update go to go1.20.3
2023-04-06 12:54:45 +02:00
Sebastiaan van Stijn 591bead147
update go to go1.20.3
go1.20.3 (released 2023-04-04) includes security fixes to the go/parser,
html/template, mime/multipart, net/http, and net/textproto packages, as well
as bug fixes to the compiler, the linker, the runtime, and the time package.
See the Go 1.20.3 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.3+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.2...go1.20.3

Further details from the announcement on the mailing list:

We have just released Go versions 1.20.3 and 1.19.8, minor point releases.
These minor releases include 4 security fixes following the security policy:

- go/parser: infinite loop in parsing

  Calling any of the Parse functions on Go source code which contains `//line`
  directives with very large line numbers can cause an infinite loop due to
  integer overflow.
  Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
  This is CVE-2023-24537 and Go issue https://go.dev/issue/59180.

- html/template: backticks not treated as string delimiters

  Templates did not properly consider backticks (`) as Javascript string
  delimiters, and as such did not escape them as expected. Backticks are
  used, since ES6, for JS template literals. If a template contained a Go
  template action within a Javascript template literal, the contents of the
  action could be used to terminate the literal, injecting arbitrary Javascript
  code into the Go template.

  As ES6 template literals are rather complex, and themselves can do string
  interpolation, we've decided to simply disallow Go template actions from being
  used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe
  way to allow this behavior. This takes the same approach as
  github.com/google/safehtml. Template.Parse will now return an Error when it
  encounters templates like this, with a currently unexported ErrorCode with a
  value of 12. This ErrorCode will be exported in the next major release.

  Users who rely on this behavior can re-enable it using the GODEBUG flag
  jstmpllitinterp=1, with the caveat that backticks will now be escaped. This
  should be used with caution.

  Thanks to Sohom Datta, Manipal Institute of Technology, for reporting this issue.

  This is CVE-2023-24538 and Go issue https://go.dev/issue/59234.

- net/http, net/textproto: denial of service from excessive memory allocation

  HTTP and MIME header parsing could allocate large amounts of memory, even when
  parsing small inputs.

  Certain unusual patterns of input data could cause the common function used to
  parse HTTP and MIME headers to allocate substantially more memory than
  required to hold the parsed headers. An attacker can exploit this behavior to
  cause an HTTP server to allocate large amounts of memory from a small request,
  potentially leading to memory exhaustion and a denial of service.
  Header parsing now correctly allocates only the memory required to hold parsed
  headers.

  Thanks to Jakob Ackermann (@das7pad) for discovering this issue.

  This is CVE-2023-24534 and Go issue https://go.dev/issue/58975.

- net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

  Multipart form parsing can consume large amounts of CPU and memory when
  processing form inputs containing very large numbers of parts. This stems from
  several causes:

  mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form
  can consume. ReadForm could undercount the amount of memory consumed, leading
  it to accept larger inputs than intended. Limiting total memory does not
  account for increased pressure on the garbage collector from large numbers of
  small allocations in forms with many parts. ReadForm could allocate a large
  number of short-lived buffers, further increasing pressure on the garbage
  collector. The combination of these factors can permit an attacker to cause an
  program that parses multipart forms to consume large amounts of CPU and
  memory, potentially resulting in a denial of service. This affects programs
  that use mime/multipart.Reader.ReadForm, as well as form parsing in the
  net/http package with the Request methods FormFile, FormValue,
  ParseMultipartForm, and PostFormValue.

  ReadForm now does a better job of estimating the memory consumption of parsed
  forms, and performs many fewer short-lived allocations.

  In addition, mime/multipart.Reader now imposes the following limits on the
  size of parsed forms:

  Forms parsed with ReadForm may contain no more than 1000 parts. This limit may
  be adjusted with the environment variable GODEBUG=multipartmaxparts=. Form
  parts parsed with NextPart and NextRawPart may contain no more than 10,000
  header fields. In addition, forms parsed with ReadForm may contain no more
  than 10,000 header fields across all parts. This limit may be adjusted with
  the environment variable GODEBUG=multipartmaxheaders=.

  Thanks to Jakob Ackermann for discovering this issue.

  This is CVE-2023-24536 and Go issue https://go.dev/issue/59153.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-05 14:55:20 +02:00
Sebastiaan van Stijn 1d9491c25e
Merge pull request #4136 from laurazard/fix-bash-file-completion
Fix plugin completion results parsing for `ShellCompDirectiveFilterFileExt`
2023-04-04 11:59:38 +02:00