Commit Graph

7858 Commits

Author SHA1 Message Date
Silvin Lubecki d9cdbb0a4c
Merge pull request #3222 from thaJeztah/bump_gotestsum
e2e: update gotestsum to v1.7.0
2021-07-28 21:07:24 +02:00
Sebastiaan van Stijn 60fe322434
e2e: update gotestsum to v1.7.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 19:44:11 +02:00
Silvin Lubecki e879f1aea7
Merge pull request #3218 from thaJeztah/deprecate_encrypted_tls
context: deprecate support for encrypted TLS private keys
2021-07-28 15:10:49 +02:00
Sebastiaan van Stijn 15535d4594
context: deprecate support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 14:42:45 +02:00
Silvin Lubecki fb78bd4be3
Merge pull request #3213 from thaJeztah/fix_linting
cli/context: ignore linting warnings about RFC 1423 encryption
2021-07-28 13:55:48 +02:00
Sebastiaan van Stijn 2688f25eb7
cli/context: ignore linting warnings about RFC 1423 encryption
From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

When linting on Go 1.16:

    cli/context/docker/load.go:69:6: SA1019: x509.IsEncryptedPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
            if x509.IsEncryptedPEMBlock(pemBlock) {
               ^
    cli/context/docker/load.go:70:20: SA1019: x509.DecryptPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
                keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(c.TLSPassword))
                                ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-26 18:00:01 +02:00
Sebastiaan van Stijn 2776a6d694
Merge pull request #3210 from thaJeztah/ci_bump_buildx
CircleCI: update BUILDX_VERSION to v0.6.0
2021-07-26 16:39:08 +02:00
Sebastiaan van Stijn 4ab6ea016d
Merge pull request #3208 from crazy-max/buildkit-progress
Add doc for BUILDKIT_PROGRESS env var
2021-07-26 15:49:29 +02:00
Sebastiaan van Stijn 91c7569a7a
Merge pull request #3140 from thaJeztah/update_e2e_compose
e2e: update docker-compose to 1.29.2
2021-07-26 15:33:48 +02:00
Sebastiaan van Stijn 0695578d4b
CircleCI: update BUILDX_VERSION to v0.6.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-26 15:32:10 +02:00
Sebastiaan van Stijn b98b573de3
Merge pull request #3190 from IvanGrund/patch-1
Fix typo in documentation - build.md
2021-07-26 15:18:35 +02:00
CrazyMax ecaaa35be6
Add doc for BUILDKIT_PROGRESS env var
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-07-25 20:27:38 +02:00
Brian Goff 43dc024002
Merge pull request #2855 from Foxboron/morten/reprobuilds 2021-07-23 09:41:51 -07:00
Sebastiaan van Stijn 62325a6abb
Merge pull request #3204 from thaJeztah/update_dockerfile_syntax
Update Dockerfiles to latest syntax, remove "experimental"
2021-07-22 15:02:21 +02:00
Sebastiaan van Stijn 48dbf6f3cf
Update Dockerfiles to latest syntax, remove "experimental"
The experimental image is deprecated (now "labs"), and the features we use
are now included in the regular (stable) syntax.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-22 14:48:09 +02:00
Sebastiaan van Stijn 25eee83d6b
Merge pull request #3074 from thaJeztah/all_proxy
Add support for ALL_PROXY
2021-07-21 12:50:27 +02:00
Sebastiaan van Stijn 53d822696c
Merge pull request #3199 from thaJeztah/update_md2man
Update go-md2man to v2.0.1 to fix table rendering in man-pages
2021-07-21 11:11:49 +02:00
Sebastiaan van Stijn 13e8225007
vendor: cpuguy83/go-md2man/v2 v2.0.1
full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.0...v2.0.1

- Fix handling multiple definition descriptions
- Fix inline markup causing table cells to split
- Remove escaping tilde character (prevents tildes (`~`) from disappearing).
- Do not escape dash, underscore, and ampersand (prevents ampersands (`&`) from disappearing).
- Ignore unknown HTML tags to prevent noisy warnings

With this, generating manpages becomes a lot less noisy; no more of these:

    WARNING: go-md2man does not handle node type HTMLSpan
    WARNING: go-md2man does not handle node type HTMLSpan
    WARNING: go-md2man does not handle node type HTMLSpan

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-21 10:28:34 +02:00
Sebastiaan van Stijn ef14ae09bb
vendor: github.com/russross/blackfriday/v2 v2.1.0
removes the github.com/shurcooL/sanitized_anchor_name dependency

full diff: https://github.com/russross/blackfriday/compare/v2.0.1...v2.1.0

- Committed to github.com/russross/blackfriday/v2 as the canonical import path for blackfriday v2.
- Reduced the amount of dependencies.
- Added a SanitizedAnchorName function.
- Added Node.IsContainer and Node.IsLeaf methods.
- Fixed parsing of links that end with a double backslashes.
- Fixed an issue where fence length wasn't computed.
- Improved the default value for the HTMLRendererParameters.FootnoteReturnLinkContents field.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-21 10:22:53 +02:00
Sebastiaan van Stijn 7a0dc924f9
Add support for ALL_PROXY
Support for ALL_PROXY as default build-arg was added recently in
buildkit and the classic builder.

This patch adds the `ALL_PROXY` environment variable to the list of
configurable proxy variables, and updates the documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-21 09:06:18 +02:00
Sebastiaan van Stijn 72066d5099
Merge pull request #3158 from ulyssessouza/completion
Add completion for docker-compose plugin
2021-07-20 14:18:51 +02:00
Ulysses Souza 5a8d7d506c Detect compose plugin
Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com>
2021-07-19 12:02:34 -03:00
Sebastiaan van Stijn b9447fbd63
Merge pull request #3147 from tonistiigi/go1.17-for-windows
Dockerfile: remove custom go build for windows/arm64
2021-07-19 14:34:04 +02:00
Tonis Tiigi f3d1b02e2b Dockerfile: remove custom go build for windows/arm64
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-07-18 10:34:16 -07:00
Silvin Lubecki f84487ed5b
Merge pull request #3154 from thaJeztah/update_containerd_deps
vendor: github.com/containerd/containerd v1.5.3 to reduce indirect dependencies
2021-07-15 14:20:44 +02:00
Ivan Grund d9f17025c4 Fix typo in documentation - build.md
Signed-off-by: Ivan Grund <ivan.grund@gmail.com>
2021-07-14 22:50:44 +02:00
Sebastiaan van Stijn 0ebdad7492
vendor: github.com/containerd/containerd v1.5.3 to reduce indirect dependencies
full diff: https://github.com/containerd/containerd/compare/v1.5.2...v1.5.3

This removes the hcsshim dependency and other dependencies coming from that.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-14 17:46:16 +02:00
Sebastiaan van Stijn 9262fad23b
Merge pull request #3044 from cpuguy83/fix_info_output
info: print errors to stderr
2021-07-13 17:58:33 +02:00
Brian Goff 4ce521c503
info: print errors to stderr
Errors always need to go to stderr.
This also fixes a test in moby/moby's integration-cli which is checking
to see if errors connecting to the daemon are output on stderr.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-13 11:43:32 +02:00
Ulysses Souza 1148163c3e Add completion for docker-compose plugin
Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com>
2021-07-12 11:43:57 -03:00
Silvin Lubecki 5f07d7d5a1
Merge pull request #3179 from thaJeztah/optimize_info
docker info: skip API connection if possible
2021-07-07 09:37:42 +02:00
Sebastiaan van Stijn d738e7c489
docker info: skip API connection if possible
The docker info output contains both "local" and "remote" (daemon-side) information.
The API endpoint to collect daemon information (`/info`) is known to be "heavy",
and (depending on what information is needed) not needed.

This patch checks if the template (`--format`) used requires information from the
daemon, and if not, omits making an API request.

This will improve performance if (for example), the current "context" is requested
from `docker info` or if only plugin information is requested.

Before:

    time docker info --format '{{range  .ClientInfo.Plugins}}Plugin: {{.Name}}, {{end}}'
    Plugin: buildx, Plugin: compose, Plugin: scan,

    ________________________________________________________
    Executed in  301.91 millis    fish           external
       usr time  168.64 millis   82.00 micros  168.56 millis
       sys time  113.72 millis  811.00 micros  112.91 millis

    time docker info --format '{{json .ClientInfo.Plugins}}'

    time docker info --format '{{.ClientInfo.Context}}'
    default

    ________________________________________________________
    Executed in  334.38 millis    fish           external
       usr time  177.23 millis   93.00 micros  177.13 millis
       sys time  124.90 millis  927.00 micros  123.97 millis

    docker context use remote-ssh-daemon
    time docker info --format '{{.ClientInfo.Context}}'
    remote-ssh-daemon

    ________________________________________________________
    Executed in    1.22 secs   fish           external
       usr time  116.93 millis  110.00 micros  116.82 millis
       sys time  144.36 millis  887.00 micros  143.47 millis

And daemon logs:

    Jul 06 12:42:12 remote-ssh-daemon dockerd[14377]: time="2021-07-06T12:42:12.139529947Z" level=debug msg="Calling HEAD /_ping"
    Jul 06 12:42:12 remote-ssh-daemon dockerd[14377]: time="2021-07-06T12:42:12.140772052Z" level=debug msg="Calling HEAD /_ping"
    Jul 06 12:42:12 remote-ssh-daemon dockerd[14377]: time="2021-07-06T12:42:12.163832016Z" level=debug msg="Calling GET /v1.41/info"

After:

    time ./build/docker info --format '{{range  .ClientInfo.Plugins}}Plugin: {{.Name}}, {{end}}'
    Plugin: buildx, Plugin: compose, Plugin: scan,

    ________________________________________________________
    Executed in  139.84 millis    fish           external
       usr time   76.53 millis   62.00 micros   76.46 millis
       sys time   69.25 millis  723.00 micros   68.53 millis

    time ./build/docker info --format '{{.ClientInfo.Context}}'
    default

    ________________________________________________________
    Executed in  136.94 millis    fish           external
       usr time   74.61 millis   74.00 micros   74.54 millis
       sys time   65.77 millis  858.00 micros   64.91 millis

    docker context use remote-ssh-daemon
    time ./build/docker info --format '{{.ClientInfo.Context}}'
    remote-ssh-daemon

    ________________________________________________________
    Executed in    1.02 secs   fish           external
       usr time   74.25 millis   76.00 micros   74.17 millis
       sys time   65.09 millis  643.00 micros   64.44 millis

And daemon logs:

    Jul 06 12:42:55 remote-ssh-daemon dockerd[14377]: time="2021-07-06T12:42:55.313654687Z" level=debug msg="Calling HEAD /_ping"
    Jul 06 12:42:55 remote-ssh-daemon dockerd[14377]: time="2021-07-06T12:42:55.314811624Z" level=debug msg="Calling HEAD /_ping"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-06 17:04:34 +02:00
Sebastiaan van Stijn d7a311ba74
Merge pull request #3163 from KGB33/923_cleanup_docker_container_attach_man
Cleaned up formatting/typesetting.
2021-07-05 17:25:11 +02:00
Sebastiaan van Stijn f782d1355e
Merge pull request #3167 from mat007/stack-kubernetes-depreciation
Deprecate Kubernetes stack support
2021-07-02 16:35:11 +02:00
Mathieu Champlon a033cdf515 Deprecate Kubernetes context support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2021-07-01 18:39:00 +02:00
Mathieu Champlon c05f0f5957 Deprecate Kubernetes stack support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2021-07-01 18:39:00 +02:00
Sebastiaan van Stijn 4a6fe51157
Merge pull request #2940 from thaJeztah/rollback_progress_bars
UX: don't reverse progress-bars when rolling back
2021-06-29 16:02:45 +02:00
Sebastiaan van Stijn cfeab9cf05
Merge pull request #3166 from mat007/stack-kubernetes-depreciation
Deprecate Kubernetes stack support
2021-06-28 15:08:17 +02:00
Mathieu Champlon 7190255a68 Deprecate Kubernetes stack support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2021-06-28 14:57:15 +02:00
Takuya Noguchi 0c723fd68a Fix the (dead) link for docs for Dockerfile syntax reference
This change will update the docs at
https://docs.docker.com/engine/reference/builder/#buildkit

This change is required by https://github.com/moby/buildkit/pull/1884

Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
2021-06-28 06:07:29 +00:00
Kelton Bassingthwaite 384b59b735 Updated docker attach example.
The previous example was out of date. I changed the distro & pined the
tag to help prevent the new example from becoming out of date too.

Signed-off-by: Kelton Bassingthwaite <KeltonBassingthwaite@gmail.com>
2021-06-26 18:11:19 -06:00
Kelton Bassingthwaite 918168c40f Bolded SIGKILL & fixed backslash escaping.
SIGKILL is a literal and bolded in other documentation,
such as https://man7.org/linux/man-pages/man7/signal.7.html.

Signed-off-by: Kelton Bassingthwaite <KeltonBassingthwaite@gmail.com>
2021-06-26 17:38:12 -06:00
KGB33 2a167065d2 Cleaned up formatting/typesetting.
Changed backticks to bold/italics, removed angle brackets.

Signed-off-by: Kelton Bassingthwaite <KeltonBassingthwaite@gmail.com>
2021-06-26 15:42:12 -06:00
Sebastiaan van Stijn 8e08b72450
Merge pull request #3108 from aiordache/validate_dockerd_config
Document option for daemon config validation
2021-06-24 16:25:49 +02:00
Anca Iordache 64b2e95287 Document `--validate` daemon option
Signed-off-by: Anca Iordache <anca.iordache@docker.com>
2021-06-24 15:00:21 +00:00
Sebastiaan van Stijn a10d40b6c9
Merge pull request #3153 from thaJeztah/update_containerd_engine_buildkit
vendor: update docker, swarmkit, containerd, and buildkit
2021-06-22 23:28:47 +02:00
Sebastiaan van Stijn 711334e9a4
vendor: github.com/moby/buildkit 9f254e18360a24c2ae47b26f772c3c89533bcbb7 (master / v0.9.0-dev)
full diff: 8142d66b5e...9f254e1836

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-22 12:12:03 +02:00
Sebastiaan van Stijn 678c2fde98
UX: don't reverse progress-bars when rolling back
Commit 330a003533
introduced "synchronous" service update and rollback, using progress bars to show
current status for each task.

As part of that change, progress bars were "reversed" when doing a rollback, to
indicate that status was rolled back to a previous state.

Reversing direction is somewhat confusing, as progress bars now return to their
"initial" state to indicate it was "completed"; for an "automatic" rollback, this
may be somewhat clear (progress bars "move to the right", then "roll back" if the
update failed), but when doing a manual rollback, it feels counter-intuitive
(rolling back is the _expected_ outcome).

This patch removes the code to reverse the direction of progress-bars, and makes
progress-bars always move from left ("start") to right ("finished").

Before this patch
----------------------------------------

1. create a service with automatic rollback on failure

    $ docker service create --update-failure-action=rollback --name foo --tty --replicas=5 nginx:alpine
    9xi1w3mv5sqtyexsuh78qg0cb
    overall progress: 5 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    verify: Waiting 2 seconds to verify that tasks are stable...

2. update the service, making it fail after 3 seconds

    $ docker service update --entrypoint="/bin/sh -c 'sleep 3; exit 1'" foo
    overall progress: rolling back update: 2 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: starting  [============================================>      ]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]

3. Once the service starts failing, automatic rollback is started; progress-bars now move in the reverse direction;

    overall progress: rolling back update: 3 out of 5 tasks
    1/5: ready     [===========>                                       ]
    2/5: ready     [===========>                                       ]
    3/5: running   [>                                                  ]
    4/5: running   [>                                                  ]
    5/5: running   [>                                                  ]

4. When the rollback is completed, the progressbars are at the "start" to indicate they completed;

    overall progress: rolling back update: 5 out of 5 tasks
    1/5: running   [>                                                  ]
    2/5: running   [>                                                  ]
    3/5: running   [>                                                  ]
    4/5: running   [>                                                  ]
    5/5: running   [>                                                  ]
    rollback: update rolled back due to failure or early termination of task bndiu8a998agr8s6sjlg9tnrw
    verify: Service converged

After this patch
----------------------------------------

Progress bars always go from left to right; also in a rollback situation;

After updating to the "faulty" entrypoint, task are deployed:

    $ docker service update --entrypoint="/bin/sh -c 'sleep 3; exit 1'" foo
    foo
    overall progress: 1 out of 5 tasks
    1/5:
    2/5: running   [==================================================>]
    3/5: ready     [======================================>            ]
    4/5:
    5/5:

Once tasks start failing, rollback is started, and presented the same as a regular
update; progress bars go from left to right;

    overall progress: rolling back update: 3 out of 5 tasks
    1/5: ready     [======================================>            ]
    2/5: starting  [============================================>      ]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    rollback: update rolled back due to failure or early termination of task c11dxd7ud3d5pq8g45qkb4rjx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-22 10:28:46 +02:00
Sebastiaan van Stijn a04c8210a6
vendor: github.com/docker/docker 25917217cab38eab40c3db0010b915258f4a8491
b0f5bc36fe..25917217ca

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-22 10:16:54 +02:00
Sebastiaan van Stijn 29fed6bff1
vendor: github.com/docker/swarmkit 2dcf70aafdc9ea55af3aaaeca440638cde0ecda6
full diff: 17d8d4e4d8...2dcf70aafd

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 17:11:02 +02:00