Commit Graph

9049 Commits

Author SHA1 Message Date
CrazyMax 3ce95c7af0
Dockerfile: build binary if no target specified
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-03-24 21:14:41 +01:00
CrazyMax b854eff300
Dockerfile: align go version
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-03-24 21:11:53 +01:00
Sebastiaan van Stijn f5d698a331
Merge pull request #4114 from thaJeztah/remove_registry_service_step2
cli/trust: remove special handling for "plugin" Class
2023-03-23 19:34:49 +01:00
Sebastiaan van Stijn 0ba820ed0b
cli/trust: remove special handling for "plugin" Class
This code depended on the registry Service interface, which has been removed,
so needed to be refactored. Digging further into the reason this code existed,
it looked like the Class=plugin was previously required on Docker Hub to handle
plugins, but this requirement is no longer there, so we can remove this special
handling.

This patch removes the special handling to both remove the use of the registry.Service
interface, as well as removing complexity that is no longer needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-23 13:44:48 +01:00
Sebastiaan van Stijn 14482589df
Merge pull request #4110 from thaJeztah/remove_ElectAuthServer
cli/command: remove deprecated ElectAuthServer()
2023-03-22 19:30:38 +01:00
Sebastiaan van Stijn a3d56e7d06
cli/command: remove deprecated ElectAuthServer()
This function was deprecated in b4ca1c7368,
which is part of the v23.0 release, and is no longer used, so we can remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-22 14:31:03 +01:00
Sebastiaan van Stijn bfe87fd39b
Merge pull request #4105 from thaJeztah/fix_comments
cli/command: ElectAuthServer: fix deprecation comment
2023-03-21 17:52:26 +01:00
Sebastiaan van Stijn 742881fc58
cli/command: fix imports formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-21 16:55:34 +01:00
Sebastiaan van Stijn e3fa7280ad
cli/command: ElectAuthServer: fix deprecation comment
The comment was not formatted correctly, and because of that not picked up as
being deprecated.

updates b4ca1c7368

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-21 16:53:03 +01:00
Sebastiaan van Stijn 235b501b71
Merge pull request #4094 from crazy-max/plugins-completion
Add bash completion for available plugins
2023-03-21 16:45:08 +01:00
Sebastiaan van Stijn ac38a77ff9
Merge pull request #4104 from thaJeztah/volume_tests_discard
cli/command/volume: suppress err output in tests
2023-03-21 16:42:21 +01:00
Sebastiaan van Stijn 3c9e0073dd
Merge pull request #4099 from docker/dependabot/github_actions/actions/setup-go-4
build(deps): bump actions/setup-go from 3 to 4
2023-03-21 13:41:22 +01:00
Sebastiaan van Stijn db827d583b
cli/command/volume: suppress err output in tests
These tests were deliberately producing errors as part of the test, but
printing those errors could be confusing / make it more difficult to find
actual test-failures.

Before this patch:

    === RUN   TestVolumeCreateErrors
    Error: conflicting options: either specify --name or provide positional arg, not both
    Error: "create" requires at most 1 argument.
    See 'create --help'.

    Usage:  create [OPTIONS] [VOLUME] [flags]

    Create a volume
    Error: error creating volume
    --- PASS: TestVolumeCreateErrors (0.00s)
    PASS

With this patch applied:

    === RUN   TestVolumeCreateErrors
    --- PASS: TestVolumeCreateErrors (0.00s)
    PASS

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-21 13:21:20 +01:00
Sebastiaan van Stijn 166de0ec97
Merge pull request #4098 from thaJeztah/update_deps
update dependencies in preparation of updating engine
2023-03-21 13:05:16 +01:00
CrazyMax aa0aa4a6dc
Add bash completion for available plugins
Signed-off-by: CrazyMax <github@crazymax.dev>
2023-03-17 15:04:09 +01:00
dependabot[bot] 8805f8ea2d
build(deps): bump actions/setup-go from 3 to 4
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-16 09:07:41 +00:00
Sebastiaan van Stijn e60c748c14
vendor: github.com/moby/buildkit v0.11.4
full diff: https://github.com/moby/buildkit/compare/v0.10.6..v0.11.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:42:09 +01:00
Sebastiaan van Stijn 6c8cc226f0
vendor: google.golang.org/grpc v1.50.1
full diff: https://github.com/grpc/grpc-go/compare/v1.48.0...v1.50.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:42:09 +01:00
Sebastiaan van Stijn d213548bd0
vendor: golang.org/x/net v0.7.0
full diff: https://github.com/golang/net/compare/v0.5.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:42:00 +01:00
Sebastiaan van Stijn 3a0d492d1c
vendor: golang.org/x/term v0.5.0
full diff: https://github.com/golang/term/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:38:48 +01:00
Sebastiaan van Stijn f40bbf4f7f
vendor: golang.org/x/time v0.3.0
full diff: https://github.com/golang/time/compare/v0.1.0...v0.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:35:57 +01:00
Sebastiaan van Stijn a85537d346
vendor: golang.org/x/text v0.7.0
full diff: https://github.com/golang/text/compare/v0.6.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:34:10 +01:00
Sebastiaan van Stijn 3e9c6e84ce
vendor: golang.org/x/sys v0.5.0
full diff: https://github.com/golang/sys/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:32:29 +01:00
Sebastiaan van Stijn ca8783ef43
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230309194213-a745a8755ce3
full diff: 904c221ac2...a745a8755c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:03:04 +01:00
Sebastiaan van Stijn 33806760a4
vendor: github.com/containerd/containerd v1.6.19
full diff: https://github.com/containerd/containerd/compare/v1.6.16...v1.6.19

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:03:04 +01:00
Sebastiaan van Stijn 71e495aa54
vendor: github.com/docker/docker v23.0.1
full diff: https://github.com/docker/docker/compare/v23.0.0...v23.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:02:58 +01:00
Sebastiaan van Stijn 12c6126a67
Merge pull request #4085 from thaJeztah/bump_go1.19.7
update to go1.19.7
2023-03-10 13:03:50 +01:00
Sebastiaan van Stijn 078b99feb4
Merge pull request #4087 from thaJeztah/update_buildx
Dockerfile: update buildx to v0.10.4
2023-03-10 12:53:54 +01:00
Sebastiaan van Stijn 74c4ed4171
Dockerfile: update buildx to v0.10.4
release notes: https://github.com/docker/buildx/releases/tag/v0.10.4

full diff: https://github.com/docker/buildx/compare/v0.10.3...v0.10.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-10 12:31:44 +01:00
Sebastiaan van Stijn 23da1cec6c
update to go1.19.7
Includes a security fix for crypto/elliptic (CVE-2023-24532).

> go1.19.7 (released 2023-03-07) includes a security fix to the crypto/elliptic
> package, as well as bug fixes to the linker, the runtime, and the crypto/x509
> and syscall packages. See the Go 1.19.7 milestone on our issue tracker for
> details.

https://go.dev/doc/devel/release#go1.19.minor

From the announcement:

> We have just released Go versions 1.20.2 and 1.19.7, minor point releases.
>
> These minor releases include 1 security fixes following the security policy:
>
> - crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results
    >
    >   The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an
    >   incorrect result if called with some specific unreduced scalars (a scalar larger
    >   than the order of the curve).
    >
    >   This does not impact usages of crypto/ecdsa or crypto/ecdh.
>
> This is CVE-2023-24532 and Go issue https://go.dev/issue/58647.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-10 10:22:54 +01:00
Sebastiaan van Stijn 677aac9011
Merge pull request #4081 from vvoland/windows-drive-cwd-env
stack/loader: Ignore cmd.exe special env variables
2023-03-09 20:35:55 +01:00
Paweł Gronowski 012b77952e
stack: Change unexpected environment variable error
Make the error more specific by stating that it's caused by a specific
environment variable and not an environment as a whole.
Also don't escape the variable to make it more readable.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-03-09 16:56:34 +01:00
Paweł Gronowski a47058bbd5
stack/loader: Ignore cmd.exe special env variables
On Windows, ignore all variables that start with "=" when building an
environment variables map for stack.
For MS-DOS compatibility cmd.exe can set some special environment
variables that start with a "=" characters, which breaks the general
assumption that the first encountered "=" separates a variable name from
variable value and causes trouble when parsing.

These variables don't seem to be documented anywhere, but they are
described by some third-party sources and confirmed empirically on my
Windows installation.

Useful sources:
https://devblogs.microsoft.com/oldnewthing/20100506-00/?p=14133
https://ss64.com/nt/syntax-variables.html

Known variables:

- `=ExitCode` stores the exit code returned by external command (in hex
  format)
- `=ExitCodeAscii` - same as above, except the value is the ASCII
  representation of the code (so exit code 65 (0x41) becomes 'A').
- `=::=::\` and friends - store drive specific working directory.
  There is one env variable for each separate drive letter that was
  accessed in the shell session and stores the working directory for that
  specific drive.
  The general format for these is:
    `=<DRIVE_LETTER>:=<CWD>`  (key=`=<DRIVE_LETTER>:`, value=`<CWD>`)
  where <CWD> is a working directory for the drive that is assigned to
  the letter <DRIVE_LETTER>

  A couple of examples:
    `=C:=C:\some\dir`  (key: `=C:`, value: `C:\some\dir`)
    `=D:=D:\some\other\dir`  (key: `=C:`, value: `C:\some\dir`)
    `=Z:=Z:\`  (key: `=Z:`, value: `Z:\`)

  `=::=::\` is the one that seems to be always set and I'm not exactly
  sure what this one is for (what's drive `::`?). Others are set as
  soon as you CD to a path on some drive. Considering that you start a
  cmd.exe also has some working directory, there are 2 of these on start.

All these variables can be safely ignored because they can't be
deliberately set by the user, their meaning is only relevant to the
cmd.exe session and they're all are related to the MS-DOS/Batch feature
that are irrelevant for us.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-03-09 16:48:55 +01:00
Jakub Panek 25ebf0ec9c
connhelper: Allow socket path when using SSH
Signed-off-by: Jakub Panek <me@panekj.dev>
2023-03-07 00:48:27 +01:00
Sebastiaan van Stijn c549fd7360
Merge pull request #4067 from laurazard/size-flag-ps
Don't automatically request size if `--size` was explicitly set to `false`
2023-03-06 12:09:59 +01:00
Laura Brehm 9733334487
Don't automatically request size if `--size` was explicitly set to `false`
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-03-03 18:26:20 +01:00
Sebastiaan van Stijn cb5463a728
Merge pull request #4069 from vvoland/deprecate-buildinfo
docs: Deprecate buildkit's build information
2023-03-03 16:29:03 +01:00
Paweł Gronowski 8bc1aaceae
docs: Deprecate buildkit's build information
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-03-03 11:12:15 +01:00
Sebastiaan van Stijn 179bc7a638
Merge pull request #4038 from thaJeztah/bump_go_1.19.6
update to go1.19.6
2023-03-02 14:34:23 +01:00
Sebastiaan van Stijn 934dd5b5ce
Merge pull request #4043 from desoss/master
Dockerfile: update buildx to v0.10.3
2023-03-02 14:33:49 +01:00
Sebastiaan van Stijn 881c353576
Merge pull request #4046 from vvoland/dangling-images-none
formatter: Consider empty RepoTags and RepoDigests as dangling
2023-03-01 00:43:43 +01:00
Paweł Gronowski 89687d5b3f
formatter: Consider empty RepoTags and RepoDigests as dangling
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-02-24 17:00:55 +01:00
Sebastiaan van Stijn b244ad61cc
Merge pull request #4050 from vvoland/test-fakecli-images-mock
test/cli: Use empty array as empty output of images/json
2023-02-24 16:06:58 +01:00
Paweł Gronowski a1953e19b2
test/cli: Use empty array as empty output of images/json
Tests mocking the output of GET images/json with fakeClient used an
array with one empty element as an empty response.
Change it to just an empty array.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-02-24 15:05:32 +01:00
Sebastiaan van Stijn 0b05d28815
Merge pull request #4042 from nicks/nicks/write-file
context: adjust the file write logic to avoid corrupt context meta.json files
2023-02-23 17:27:59 +01:00
Sebastiaan van Stijn f5ac664f8a
Merge pull request #4019 from neersighted/graphdriver_misleading
docs: drop dated comments about graphdrivers
2023-02-23 17:23:19 +01:00
Bjorn Neergaard e636747a14
docs: drop dated comments about graphdrivers
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2023-02-22 18:36:39 -07:00
Jacopo Rigoli dac79b19a7 Dockerfile: update buildx to v0.10.3
release notes: https://github.com/docker/buildx/releases/tag/v0.10.3

Signed-off-by: Jacopo Rigoli <rigoli.jacopo@gmail.com>
2023-02-23 00:52:26 +01:00
Nick Santos c2487c2997
context: avoid corrupt file writes
Write to a tempfile then move, so that if the
process dies mid-write it doesn't corrupt the store.

Also improve error messaging so that if a file does
get corrupted, the user has some hope of figuring
out which file is broken.

For background, see:
https://github.com/docker/for-win/issues/13180
https://github.com/docker/for-win/issues/12561

For a repro case, see:
https://github.com/nicks/contextstore-sandbox

Signed-off-by: Nick Santos <nick.santos@docker.com>
2023-02-21 10:37:56 -05:00
Sebastiaan van Stijn e921e103a4
update to go1.19.6
go1.19.6 (released 2023-02-14) includes security fixes to the crypto/tls,
mime/multipart, net/http, and path/filepath packages, as well as bug fixes to
the go command, the linker, the runtime, and the crypto/x509, net/http, and
time packages. See the Go 1.19.6 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.19.6+label%3ACherryPickApproved

From the announcement on the security mailing:

We have just released Go versions 1.20.1 and 1.19.6, minor point releases.

These minor releases include 4 security fixes following the security policy:

- path/filepath: path traversal in filepath.Clean on Windows

  On Windows, the filepath.Clean function could transform an invalid path such
  as a/../c:/b into the valid path c:\b. This transformation of a relative (if
  invalid) path into an absolute path could enable a directory traversal attack.
  The filepath.Clean function will now transform this path into the relative
  (but still invalid) path .\c:\b.

  This is CVE-2022-41722 and Go issue https://go.dev/issue/57274.

- net/http, mime/multipart: denial of service from excessive resource
  consumption

  Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely
  unlimited amounts of memory and disk files. This also affects form parsing in
  the net/http package with the Request methods FormFile, FormValue,
  ParseMultipartForm, and PostFormValue.

  ReadForm takes a maxMemory parameter, and is documented as storing "up to
  maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts
  which cannot be stored in memory are stored on disk in temporary files. The
  unconfigurable 10MB reserved for non-file parts is excessively large and can
  potentially open a denial of service vector on its own. However, ReadForm did
  not properly account for all memory consumed by a parsed form, such as map
  ntry overhead, part names, and MIME headers, permitting a maliciously crafted
  form to consume well over 10MB. In addition, ReadForm contained no limit on
  the number of disk files created, permitting a relatively small request body
  to create a large number of disk temporary files.

  ReadForm now properly accounts for various forms of memory overhead, and
  should now stay within its documented limit of 10MB + maxMemory bytes of
  memory consumption. Users should still be aware that this limit is high and
  may still be hazardous.

  ReadForm now creates at most one on-disk temporary file, combining multiple
  form parts into a single temporary file. The mime/multipart.File interface
  type's documentation states, "If stored on disk, the File's underlying
  concrete type will be an *os.File.". This is no longer the case when a form
  contains more than one file part, due to this coalescing of parts into a
  single file. The previous behavior of using distinct files for each form part
  may be reenabled with the environment variable
  GODEBUG=multipartfiles=distinct.

  Users should be aware that multipart.ReadForm and the http.Request methods
  that call it do not limit the amount of disk consumed by temporary files.
  Callers can limit the size of form data with http.MaxBytesReader.

  This is CVE-2022-41725 and Go issue https://go.dev/issue/58006.

- crypto/tls: large handshake records may cause panics

  Both clients and servers may send large TLS handshake records which cause
  servers and clients, respectively, to panic when attempting to construct
  responses.

  This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable
  session resumption (by setting Config.ClientSessionCache to a non-nil value),
  and TLS 1.3 servers which request client certificates (by setting
  Config.ClientAuth
  > = RequestClientCert).

  This is CVE-2022-41724 and Go issue https://go.dev/issue/58001.

- net/http: avoid quadratic complexity in HPACK decoding

  A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
  in the HPACK decoder, sufficient to cause a denial of service from a small
  number of small requests.

  This issue is also fixed in golang.org/x/net/http2 v0.7.0, for users manually
  configuring HTTP/2.

  This is CVE-2022-41723 and Go issue https://go.dev/issue/57855.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-17 01:05:16 +01:00