Commit Graph

6443 Commits

Author SHA1 Message Date
Andrew Hsu bf683dfe52
Merge pull request #2044 from thaJeztah/19.03_backport_bump_golang_1.12.8
[19.03 backport] Bump golang 1.12.8 (CVE-2019-9512, CVE-2019-9514)
2019-08-14 11:55:59 -07:00
Sebastiaan van Stijn 307befd7e2
Adjust tests for changes in Go 1.12.8 / 1.11.13
For now, just verifying that an error is returned, but not checking the
error message itself, because those are not under our control, and may
change with different Go versions.

```
=== Failed
=== FAIL: opts TestParseDockerDaemonHost (0.00s)
    hosts_test.go:87: tcp tcp:a.b.c.d address expected error "Invalid bind address format: tcp:a.b.c.d" return, got "parse tcp://tcp:a.b.c.d: invalid port \":a.b.c.d\" after host" and addr
    hosts_test.go:87: tcp tcp:a.b.c.d/path address expected error "Invalid bind address format: tcp:a.b.c.d/path" return, got "parse tcp://tcp:a.b.c.d/path: invalid port \":a.b.c.d\" after host" and addr

=== FAIL: opts TestParseTCP (0.00s)
    hosts_test.go:129: tcp tcp:a.b.c.d address expected error Invalid bind address format: tcp:a.b.c.d return, got parse tcp://tcp:a.b.c.d: invalid port ":a.b.c.d" after host and addr
    hosts_test.go:129: tcp tcp:a.b.c.d/path address expected error Invalid bind address format: tcp:a.b.c.d/path return, got parse tcp://tcp:a.b.c.d/path: invalid port ":a.b.c.d" after host and addr
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit de1523d221)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-08-14 10:20:43 +02:00
Sebastiaan van Stijn b58270ba69
Bump golang 1.12.8 (CVE-2019-9512, CVE-2019-9514)
go1.12.8 (released 2019/08/13) includes security fixes to the net/http and net/url packages.
See the Go 1.12.8 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.12.8

- net/http: Denial of Service vulnerabilities in the HTTP/2 implementation
  net/http and golang.org/x/net/http2 servers that accept direct connections from untrusted
  clients could be remotely made to allocate an unlimited amount of memory, until the program
  crashes. Servers will now close connections if the send queue accumulates too many control
  messages.
  The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606.
  Thanks to Jonathan Looney from Netflix for discovering and reporting these issues.
  This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of golang.org/x/net/http2.
  net/url: parsing validation issue
- url.Parse would accept URLs with malformed hosts, such that the Host field could have arbitrary
  suffixes that would appear in neither Hostname() nor Port(), allowing authorization bypasses
  in certain applications. Note that URLs with invalid, not numeric ports will now return an error
  from url.Parse.
  The issue is CVE-2019-14809 and Go issue golang.org/issue/29098.
  Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me) for discovering
  and reporting this issue.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bbd179f25b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-08-14 03:03:11 +02:00
Sebastiaan van Stijn 0ecfcb5997
Dockerfile: use GO_VERSION build-arg for overriding Go version
This allows overriding the version of Go without making modifications in the
source code, which can be useful to test against multiple versions.

For example:

    make GO_VERSION=1.13beta1 -f docker.Makefile binary

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0d3022c6d2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-08-14 03:03:04 +02:00
Sebastiaan van Stijn 0ea69840c6
Merge pull request #1970 from thaJeztah/19.03_backport_skip_windows_permissions_check
[19.03 backport] Windows: skip permissions check on key
2019-08-09 20:17:09 +02:00
Andrew Hsu 208de55a17
Merge pull request #1983 from thaJeztah/19.03_backport_bump_credential_helpers
[19.03 backport] bump docker-credential-helpers v0.6.3
2019-08-07 19:02:50 -07:00
Andrew Hsu 1a8077b814
Merge pull request #1998 from thaJeztah/19.03_backport_bump_golang_1.12.7
[19.03 backport] Bump golang 1.12.7
2019-08-07 17:48:16 -07:00
Kirill Kolyshkin fa0e2597e6
Merge pull request #2022 from thaJeztah/19.03_backport_fix_e2e
[19.03 backport] Disable TLS for e2e docker-in-docker daemon
2019-08-07 17:29:48 -07:00
Sebastiaan van Stijn f357def036
Disable TLS for e2e docker-in-docker daemon
The docker-in-docker image now enables TLS by default (added in
docker-library/docker#166), which complicates testing in our
environment, and isn't needed for the tests we're running.

This patch sets the `DOCKER_TLS_CERTDIR` to an empty value to
disable TLS.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b1a3c1aad1)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-29 17:11:28 -07:00
Sebastiaan van Stijn 792ce891be
e2e: use stable-dind image for testing
The edge channel is deprecated and no longer updated

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 08fd6dd63c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-29 17:11:25 -07:00
Sebastiaan van Stijn d473c60571
Merge pull request #1995 from thaJeztah/19.03_backport_cross_platform_bind
[19.03 backport] Detect Windows absolute paths on non-Windows CLI
2019-07-26 13:11:18 -07:00
Kirill Kolyshkin b020a36d10
Merge pull request #2001 from thaJeztah/19.03_backport_docs
[19.03 backport] assorted docs and completion script fixes
2019-07-23 14:16:08 -07:00
Sebastiaan van Stijn d2e8ff9e20
bump docker-credential-helpers v0.6.3
full diff: https://github.com/docker/docker-credential-helpers/compare/v0.6.2...v0.6.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 64f0ae4252)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-17 17:02:21 +02:00
Rohan Verma 10a899b6bd
fix: docker login autocomplete for zsh
Changed `--user` to `--username`

Signed-off-by: Rohan Verma <hello@rohanverma.net>
(cherry picked from commit 1dc756e8df)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-12 16:14:52 +02:00
Adrian Plata 41718b98f6
adding nvidia gpu access info
Signed-off-by: Adrian Plata <adrian.plata@docker.com>

Removing prerequisites section.
Signed-off-by: Adrian Plata <adrian.plata@docker.com>

Removing prerequisites section.
Signed-off-by: Adrian Plata <adrian.plata@docker.com>

adding nvidia gpu access info
Signed-off-by: Adrian Plata <adrian.plata@docker.com>

Refining information.

Removing prerequisites section.

adding nvidia gpu access info
Signed-off-by: Adrian Plata <adrian.plata@docker.com>

Refining information.

Removing prerequisites section.

adding nvidia gpu access info
Signed-off-by: Adrian Plata <adrian.plata@docker.com>

Refining information.

Removing prerequisites section.

(cherry picked from commit f7b75eeb9b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-12 16:14:04 +02:00
Bret Fisher caf21526a0
docs: add info for events backlog and scope
1. Adds `docker events` description info on the two scope types of events.
2. Adds `docker events` note in two places about backlog limit of event log.

Further info and background info in Issue 727

Signed-off-by: Bret Fisher <bret@bretfisher.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 988b9a0d96)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-12 16:13:22 +02:00
Andrew Hsu 5b38d82aa0
Merge pull request #1972 from thaJeztah/19.03_backport_bump_compose_on_kube
[19.03 backport] bump compose-on-kubernetes v0.4.23
2019-07-11 10:57:10 -07:00
Andrew Hsu e303dfb6fd
Merge pull request #1979 from thaJeztah/19.03_backport_fix_rollback_config_interpolation
[WIP][19.03 backport] Fix Rollback config type interpolation
2019-07-11 10:56:15 -07:00
Sebastiaan van Stijn 94b98bfa21
Bump golang 1.12.7
go1.12.7 (released 2019/07/08) includes fixes to cgo, the compiler, and the
linker. See the Go 1.12.7 milestone on our issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.12.7

full diff: https://github.com/golang/go/compare/go1.12.6...go1.12.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b06f9e9595)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-11 14:10:40 +02:00
Sebastiaan van Stijn 87e400e44e
Detect Windows absolute paths on non-Windows CLI
When deploying a stack using a relative path as bind-mount
source in the compose file, the CLI converts the relative
path to an absolute path, relative to the location of the
docker-compose file.

This causes a problem when deploying a stack that uses
an absolute Windows path, because a non-Windows client will
fail to detect that the path (e.g. `C:\somedir`) is an absolute
path (and not a relative directory named `C:\`).

The existing code did already take Windows clients deploying
a Linux stack into account (by checking if the path had a leading
slash). This patch adds the reverse, and adds detection for Windows
absolute paths on non-Windows clients.

The code used to detect Windows absolute paths is copied from the
Golang filepath package;
1d0e94b1e1/src/path/filepath/path_windows.go (L12-L65)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d6dd08d568)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-10 23:40:22 +02:00
Ian Campbell 8cb2456248
context: produce consistent output on `context create`.
Refactor `RunCreate` slightly so that all three paths always produce the same
output, namely the name of the new context of `stdout` (for scripting) and the
success log message on `stderr`.

Validate by extending the existing unit tests to always check the output is as
expected.

Signed-off-by: Ian Campbell <ijc@docker.com>
(cherry picked from commit ff44305c47)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-04 21:37:25 +02:00
Sebastiaan van Stijn 11b15544c5
bump docker-credential-helpers v0.6.2
full diff: 5241b46610...8a9f93a99f

includes:

- docker/docker-credential-helpers#29 C.free(unsafe.Pointer(err)) -> C.g_error_free(err)
- docker/docker-credential-helpers#124 pass: changed the way for checking if password-store is initalized
  - addresses docker/docker-credential-helpers#133 docker-credential-pass commits about 10 times every time I run a docker command
- docker/docker-credential-helpers#143 Fix docker-credential-osxkeychain list behaviour in case of missing entry in keychain
- docker/docker-credential-helpers#139 make docker-credential-wincred work like docker-credential-osxkeychain

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f6a4c76fbb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-04 21:12:56 +02:00
Silvin Lubecki 344adac7a6
Rollback config type interpolation on fields "parallelism" and "max_failure_ratio" were missing, as it uses the same type as update_config.
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
(cherry picked from commit efdf36fa81)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-03 19:20:41 +02:00
Andrew Hsu 2027d17a9d
Merge pull request #1976 from thaJeztah/19.03_backport_deprecate_aufs
[19.03 backport] Deprecate AuFS storage driver
2019-07-02 13:44:40 -07:00
Sebastiaan van Stijn ff881608fb
Deprecate AuFS storage driver
The `aufs` storage driver is deprecated in favor of `overlay2`, and will
be removed in a future release. Users of the `aufs` storage driver are
recommended to migrate to a different storage driver, such as `overlay2`, which
is now the default storage driver.

The `aufs` storage driver facilitates running Docker on distros that have no
support for OverlayFS, such as Ubuntu 14.04 LTS, which originally shipped with
a 3.14 kernel.

Now that Ubuntu 14.04 is no longer a supported distro for Docker, and `overlay2`
is available to all supported distros (as they are either on kernel 4.x, or have
support for multiple lowerdirs backported), there is no reason to continue
maintenance of the `aufs` storage driver.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c8e9233b93)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-02 17:36:19 +02:00
Sebastiaan van Stijn 8947ee2709
bump compose-on-kubernetes v0.4.23
no local changes

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1877ed6aa3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-26 13:10:51 +02:00
Andrew Hsu 2f1931f9eb
Merge pull request #1967 from thaJeztah/19.03_backport_fix_advanced_options_for_backward_compat
[19.03 backport] Fix advanced options for backward compatibility
2019-06-25 12:17:58 -07:00
Sebastiaan van Stijn 8164090257
Merge pull request #1960 from thaJeztah/19.03_backport_deprecate_schema1
[19.03 backport] deprecate registry v2 schema 1
2019-06-25 15:56:41 +02:00
Sebastiaan van Stijn e803e487c3
Windows: skip permissions check on key
This code was attempting to check Linux file permissions
to determine if the key was accessible by other users, which
doesn't work, and therefore prevented users on Windows
to load keys.

Skipping this check on Windows (correspinding tests
were already skipped).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 15d361fd77)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-25 12:54:33 +02:00
Andrew Hsu 5b636878fc
deprecate registry v2 schema 1
Co-Authored-By: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8b4e52f0bf)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-24 23:20:42 +02:00
Sebastiaan van Stijn 3bc3f0390e
Fix advanced options for backward compatibility
For backward compatibility: if no custom options are provided for the network,
and only a single network is specified, omit the endpoint-configuration
on the client (the daemon will still create it when creating the container)

This fixes an issue on older versions of legacy Swarm, which did not support
`NetworkingConfig.EndpointConfig`.

This was introduced in 5bc09639cc (#1767)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4d7e6bf629)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-24 23:18:34 +02:00
Jintao Zhang 296e10c0c5
Bump golang 1.12.6
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit 459099e175)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-13 15:52:38 +02:00
Sebastiaan van Stijn a63faebcf1
Merge pull request #1927 from cpuguy83/backport_goarm
[19.03] Backport #1857: Support GOARM and windows .exe in binary target
2019-06-06 21:10:27 +02:00
Sebastiaan van Stijn 49236a4391
Merge pull request #1929 from thaJeztah/19.03_backport_fix_empty_context_import
[19.03 backport] Fix detection of invalid context files when importing
2019-06-06 21:09:29 +02:00
Sebastiaan van Stijn 17b3250f0f
Fix detection of invalid context files when importing
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5f93509668)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-06 15:02:52 +02:00
Brian Goff 5d246f4998 Support GOARM and windows .exe in binary target
This just makes it easier to build a targeted binary for the
goos/goach/goarm version.

This of course will not work for all cases but is nice to get things
going.
Specifically cross-compiling pkcs for yubikey support requires some
extra work whichis not tackled here.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 15130e3043)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2019-06-05 14:13:14 -07:00
Sebastiaan van Stijn f913afa98c
Merge pull request #1912 from thaJeztah/19.03_backport_import_zip
[19.03 backport] Introduce .zip import for docker context
2019-05-29 23:53:59 +03:00
Goksu Toprak 90f256aeab
Introduce .zip import for docker context
Adds capabilities to import a .zip file with importZip.
Detects the content type of source by checking bytes & DetectContentType.
Adds LimitedReader reader, a fork of io.LimitedReader,
was needed for better error messaging instead of just getting back EOF.
We are using limited reader to avoid very big files causing memory issues.
Adds a new file size limit for context imports,
this limit is used for the main file for .zip & .tar and individual compressed
files for .zip.
Added TestImportZip that will check the import content type
Then will assert no err on Importing .zip file

Signed-off-by: Goksu Toprak <goksu.toprak@docker.com>
(cherry picked from commit 291e86289b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-29 23:09:20 +03:00
Sebastiaan van Stijn ee10970b05
Merge pull request #1911 from thaJeztah/19.03_bump_engine_19.03_3
[19.03 backport] bump docker/docker to tip of 19.03 branch
2019-05-27 23:00:57 +03:00
Sebastiaan van Stijn 35c929ed5e
bump docker/docker to tip of 19.03 branch
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-27 22:18:14 +03:00
Sebastiaan van Stijn 60eb4ceaf7
Merge pull request #1886 from thaJeztah/19.03_bump_engine_19.03_2
[19.03] bump  bump docker/docker bff7e300e6bdb18c2417e23594bf26063a378dee (19.03)
2019-05-27 22:05:41 +03:00
Sebastiaan van Stijn 1b15368c47
Merge pull request #1907 from silvin-lubecki/19.03_backport-reduce-vendoring-impact2
[19.03 backport] Dynamically register kubernetes context store endpoint type.
2019-05-27 20:50:39 +03:00
Ian Campbell a720cf572f Push check for kubernetes requirement down into the endpoint
This is less of a layering violation and removes some ugly hardcoded
`"kubernetes"` strings which were needed to avoid an import loop.

Signed-off-by: Ian Campbell <ijc@docker.com>
(cherry picked from commit c455193d14)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-05-24 16:50:21 +02:00
Ian Campbell ec7a9ad6e4 Dynamically register kubernetes context store endpoint type.
This removes the need for the core context code to import
`github.com/docker/cli/cli/context/kubernetes` which in turn reduces the
transitive import tree in this file to not pull in all of Kubernetes.

Note that this means that any calling code which is interested in the
kubernetes endpoint must import `github.com/docker/cli/cli/context/kubernetes`
itself somewhere in order to trigger the dynamic registration. In practice
anything which is interested in Kubernetes must import that package (e.g.
`./cli/command/context.list` does for the `EndpointFromContext` function) to do
anything useful, so this restriction is not too onerous.

As a special case a small amount of Kubernetes related logic remains in
`ResolveDefaultContext` to handle error handling when the stack orchestrator
includes Kubernetes. In order to avoid a circular import loop this hardcodes
the kube endpoint name.

Similarly to avoid an import loop the existing `TestDefaultContextInitializer`
cannot continue to unit test for the Kubernetes case, so that aspect of the
test is carved off into a very similar test in the kubernetes context package.

Lastly, note that the kubernetes endpoint is now modifiable via
`WithContextEndpointType`.

Signed-off-by: Ian Campbell <ijc@docker.com>
(cherry picked from commit 520be05c49)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-05-24 15:55:50 +02:00
Ian Campbell 5e413159e5 Export `DefaultContextStoreConfig()` and `ResolveDefaultContext()`
These are needed by any dynamically registered (via
`RegisterDefaultStoreEndpoints`) endpoint type to write a useful/sensible unit
test.

Signed-off-by: Ian Campbell <ijc@docker.com>
(cherry picked from commit f820766f6a)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-05-24 15:55:40 +02:00
Ian Campbell d4226d2f73 Allow dynamically registered context endpoint to provide their defaults.
Previously an endpoint registered using `RegisterDefaultStoreEndpoints` would
not be taken into consideration by `resolveDefaultContext` and so could not
provide any details.

Resolve this by passing a `store.Config` to `resolveDefaultContext` and using
it to iterate over all registered endpoints. Any endpoint can ensure that their
type implements the new `EndpointDefaultResolver` in order to provide a default.

The Docker and Kubernetes endpoints are special cased, shortly the Kubernetes
one will be refactored to be dynamically registered.

Signed-off-by: Ian Campbell <ijc@docker.com>
(cherry picked from commit 1433e27420)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-05-24 15:55:34 +02:00
Ian Campbell a7c10adf4e Add a helper to iterate over all endpoint types in a context store
Unused for now.

Signed-off-by: Ian Campbell <ijc@docker.com>
(cherry picked from commit 4f14c4995e)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-05-24 15:55:24 +02:00
Ian Campbell a4f41d94db Support dynamic registration of context store endpoint types
This is a yet unused and the default set remains the same, no expected
functional change.

Signed-off-by: Ian Campbell <ijc@docker.com>
(cherry picked from commit 087c3f7d08)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-05-24 15:55:18 +02:00
Ian Campbell 71e1883ca0 e2e: add a test for `context ls`
I'm about to refactor the code which includes the Kubernetes support in a way
which relies on something vendoring `./cli/context/kubernetes/` in order to
trigger the inclusion of support for the Kubernetes endpoint in the final
binary.

In practice anything which is interested in Kubernetes must import that package
(e.g. `./cli/command/context.list` does for the `EndpointFromContext`
function). However if it was somehow possible to build without that import then
the `KUBERNETES ENDPOINT` column would be mysteriously empty.

Out of an abundance of caution add a specific check on the final binary.

Signed-off-by: Ian Campbell <ijc@docker.com>
(cherry picked from commit d5d693aa6e)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-05-24 15:53:45 +02:00
Ian Campbell 06eb05570a fix a few typos
Signed-off-by: Ian Campbell <ijc@docker.com>
(cherry picked from commit d84e278aac)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-05-24 15:53:36 +02:00