This option was added in a08abec9f8d59eaa44c375900e254384a68c5a31,
as part of Docker v25.0, but did not update the docs and manpage.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9ae514fdc7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The --feature flag allows the boolean value to be omitted.
If only a name is provided, the default is "true".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a357db0aba)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit f13c08246d93dd5aae200d5881a3a374e6cac876 introduced
this flag, but did not yet update the manpage.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 610f9157f5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This checks for the equivalent WSL mount path on windows. WSL will mount
the windows drives at `/mnt/c` (or whichever drive is being used).
This is done by parsing a UNC path with forward slashes from the unix
socket URL.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
(cherry picked from commit 38c3fef1a8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Breaking change: The .ToOCI() functions in the specs-go package have been
removed. This removes the dependency on the OCI runtime specification from
the CDI specification definition itself.
What's Changed
- Add workflow to mark prs and issues as stale
- Remove the ToOCI functions from the specs-go package
- docs: add a pointer to community meetings in our docs.
- Bump spec version to v0.8.0
- Update spec version in README
Full diff: https://github.com/cncf-tags/container-device-interface/compare/v0.7.2...v0.8.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8cdf90cd93)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- fix: overwriteWithEmptyValue is forced to true when merging an object
involving maps
- fix: WithoutDereference should respect non-nil struct pointers
full diff: https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit fb264ffc08)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The error-message changed in newer versions, and no longer includes
"exactly".
This patch adjusts the test in the meantime.
59.13 === FAIL: cli/command/volume TestUpdateCmd (0.00s)
59.13 update_test.go:21: assertion failed: expected error to contain "requires 1 argument", got "\"update\" requires exactly 1 argument.\nSee 'update --help'.\n\nUsage: update [OPTIONS] [VOLUME] [flags]\n\nUpdate a volume (cluster volumes only)"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This command was declaring that it requires at least 1 argument, when it
needs exactly 1 argument. This was causing the CLI to panic when the
command was invoked with no argument:
`docker volume update`
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit daea277ee8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `Commit` type was introduced in 2790ac68b3,
to assist triaging issues that were reported with an incorrect version of
runc or containerd. At the time, both `runc` and `containerd` were not yet
stable, and had to be built from a specific commit to guarantee compatibility.
We encountered various situations where unexpected (and incompatible) versions
of those binaries were packaged, resulting in hard to trace bug-reports.
For those situations, a "expected" version was set at compile time, to
indicate if the version installed was different from the expected version;
docker info
...
runc version: a592beb5bc4c4092b1b1bac971afed27687340c5 (expected: 69663f0bd4b60df09991c08812a60108003fa340)
Both `runc` and `containerd` are stable now, and docker 19.03 and up set the
expected version to the actual version since c65f0bd13c
and 23.0 did the same for the `init` binary b585c64e2b,
to prevent the CLI from reporting "unexpected version".
In short; the `Expected` fields no longer serves a real purpose, so we should
no longer print it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 88ca4e958f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 0fcaffb7e4)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 5ca40e0a35)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
We publish this page on docs.docker.com, and hugo expects index pages
for sections to be named _index.md. We currently rename the page when we
mount it to the docs repo but might as well change the filename in the
source.
Also adds a linkTitle to the page, which is a shorter title that will be
used in the sidebar navigation and breadcrumbs.
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 071f6f9391)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
- https://github.com/golang/go/issues?q=milestone%3AGo1.22.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.22.6...go1.22.7
These minor releases include 3 security fixes following the security policy:
- go/parser: stack exhaustion in all Parse* functions
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
This is CVE-2024-34155 and Go issue https://go.dev/issue/69138.
- encoding/gob: stack exhaustion in Decoder.Decode
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.
This is a follow-up to CVE-2022-30635.
Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu) for reporting this issue.
This is CVE-2024-34156 and Go issue https://go.dev/issue/69139.
- go/build/constraint: stack exhaustion in Parse
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
This is CVE-2024-34158 and Go issue https://go.dev/issue/69141.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.23.1
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 3bf39d25a0)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
commit fcfdd7b91f introduced github.com/pkg/browser
as a direct dependency, but it ended up in the group for indirect dependencies.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1b8180a405)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Running `docker login` in a non-interactive environment sometimes errors
out if no username/pwd is provided. This handling is somewhat
inconsistent – this commit addresses that.
Before:
| `--username` | `--password` | Result |
|:------------:|:------------:| ------------------------------------------------------------------ |
| ✅ | ✅ | ✅ |
| ❌ | ❌ | `Error: Cannot perform an interactive login from a non TTY device` |
| ✅ | ❌ | `Error: Cannot perform an interactive login from a non TTY device` |
| ❌ | ✅ | hangs |
After:
| `--username` | `--password` | Result |
|:------------:|:------------:| ------------------------------------------------------------------ |
| ✅ | ✅ | ✅ |
| ❌ | ❌ | `Error: Cannot perform an interactive login from a non TTY device` |
| ✅ | ❌ | `Error: Cannot perform an interactive login from a non TTY device` |
| ❌ | ✅ | `Error: Cannot perform an interactive login from a non TTY device` |
It's worth calling out a separate scenario – if there are previous,
valid credentials, then running `docker login` with no username or
password provided will use the previously stored credentials, and not
error out.
```console
cat ~/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "xxxxxxxxxxx"
}
}
}
⭑ docker login 0>/dev/null
Authenticating with existing credentials...
Login Succeeded
```
This commit also applies the same non-interactive handling logic to the
new web-based login flow, which means that now, if there are no prior
credentials stored and a user runs `docker login`, instead of initiating
the new web-based login flow, an error is returned.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit bbb6e7643d)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d7d56599ca)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Previously, if while polling for oauth device-code login results a user
suspended the process (such as with CTRL-Z) and then restored it with
`fg`, an error might occur in the form of:
```
failed waiting for authentication: You are polling faster than the specified interval of 5 seconds.
```
This is due to our use of a `time.Ticker` here - if no receiver drains
the ticker channel (and timers/tickers use a buffered channel behind the
scenes), more than one tick will pile up, causing the program to "tick"
twice, in fast succession, after it is resumed.
The new implementation replaces the `time.Ticker` with a `time.Timer`
(`time.Ticker` is just a nice wrapper) and introduces a helper function
`resetTimer` to ensure that before every `select`, the timer is stopped
and it's channel is drained.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit 60d0450287)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
The `.variables` sets `CGO_ENABLED=1` on arm; b0c41b78d8/scripts/build/.variables (L57-L68)
And if enabled, it sets `-buildmode=pie`; b0c41b78d8/scripts/build/.variables (L79-L88)
But that looks to be conflicting with the hardcoded `CGO_ENABLED=0` in
this script, which causes the build to fail on go1.22;
> [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache xx-go --wrap && TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*:
0.127 Building static docker-helloworld
0.127 + CGO_ENABLED=0
0.127 + GO111MODULE=auto
0.127 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=5c123b1" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-02T13:52:17Z" -X "github.com/docker/cli/cli/version.Version=pr-5387" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
0.135 -buildmode=pie requires external (cgo) linking, but cgo is not enabled
This patch sets the CGO_ENABLED variable before sourcing `.variables`,
so that other variables which are conditionally set are handled correctly.
Before this PR:
#18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache xx-go --wrap && TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
#18 0.123 Building static docker-helloworld
#18 0.124 + CGO_ENABLED=0
#18 0.124 + GO111MODULE=auto
#18 0.124 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=c8c402e" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T08:28:25Z" -X "github.com/docker/cli/cli/version.Version=pr-5381" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
....
With this PR:
#18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache xx-go --wrap && TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
#18 0.110 Building static docker-helloworld
#18 0.110 + GO111MODULE=auto
#18 0.110 + go build -o /out/plugins-linux-arm/docker-helloworld -tags '' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=050d9d6" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T09:19:05Z" -X "github.com/docker/cli/cli/version.Version=pr-5387"' github.com/docker/cli/cli-plugins/examples/helloworld
....
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9e29967960)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>