Commit Graph

8839 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 613380299f
cli/registry: fix client.pullManifestList not de-referencing manifest
Kudos to gosec;

    cli/registry/client/fetcher.go:205:57: G601: Implicit memory aliasing in for loop. (gosec)
            imageManifest.Descriptor.Platform = types.OCIPlatform(&manifestDescriptor.Platform)
                                                                  ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5250f1bab5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 09:45:37 +02:00
Sebastiaan van Stijn cdd81d6559
Merge pull request #4528 from thaJeztah/24.0_backport_docs
[24.0 backport] assorted (docs) backports
2023-08-25 17:23:07 +02:00
Vaclav Struhar d9770a962e
adding -c option for docker run/build in manpages
Signed-off-by: Vaclav Struhar <struharv@gmail.com>
(cherry picked from commit be219b3172)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:10:12 +02:00
Sebastiaan van Stijn 6efe73abe0
cli/command/manifest: update link to Go documentation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 273f2cd95e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:04:36 +02:00
Sebastiaan van Stijn d977531018
man: update links to Go documentation
Go documentation moved to the `go.dev` domain;

    curl -sI https://golang.org/doc/install/source#environment | grep 'location'
    location: https://go.dev/doc/install/source

Also updated some links to use https, where available.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 722e3aae4f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:04:36 +02:00
Sebastiaan van Stijn e9f843bf04
docs/reference: update links to Go documentation
Go documentation moved to the `go.dev` domain;

    curl -sI https://golang.org/doc/install/source#environment | grep 'location'
    location: https://go.dev/doc/install/source

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit dc4feccb89)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:04:36 +02:00
Sebastiaan van Stijn cfbaee4689
CONTRIBUTING.md: update links
- docs moved to https://go.dev/doc/
- blog moved to https://go.dev/blog/
- update DCO link to use https

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1d3af726eb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:04:36 +02:00
Sebastiaan van Stijn daeee46977
update flag-description for --cgroup-parent
This attempts to make it clearer that the --cgroup-parent option is only used
for the containers used during build. Instead of mentioning "build container",
I opted for using "RUN instructions" (to match the --network description),
although this may not be ideal (as it assumes the "Dockerfile" front-end, which
of course may not be the case).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e050312e6d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:03:46 +02:00
Ed Morley 08ad72160f
Update docs/command output for volume pruning
In previous versions of the Docker API, `system prune --volumes` and `volume prune`
would remove all dangling volumes. With API v1.42, this was changed so that only
anonymous volumes would be removed unless the all filter was specified.

Some of the docs were updated in #4218, however, there were a couple of places
left that didn't make the anonymous vs named volumes distinction clear.

This replaces #4079, which was bitrotted by #4218. See also #4028.

Closes #4079.

Signed-off-by: Ed Morley <501702+edmorley@users.noreply.github.com>
(cherry picked from commit 6e2e92d774)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:03:13 +02:00
Sebastiaan van Stijn 3c4fe7b3e6
docs: add missing docs for "DOCKER_TLS" env-var
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b52fd79f1d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 17:02:22 +02:00
Sebastiaan van Stijn 98ffe42d84
Merge pull request #4517 from thaJeztah/24.0_backport_docker-cli-slows-bash-init
[24.0 backport] Stop slowing bash init by caching plugins path slowly
2023-08-23 14:04:35 +02:00
Sebastiaan van Stijn 0d5df48121
Merge pull request #4520 from thaJeztah/24.0_backport_patternmatcher_dockerignore
[24.0 backport] replace dockerfile/dockerignore with patternmatcher/ignorefile
2023-08-23 14:04:04 +02:00
Sebastiaan van Stijn bf081eec36
Merge pull request #4512 from thaJeztah/24.0_backport_manifest_token_actions
[24.0 backport] cli/registry/client: set actions when authn with token
2023-08-23 14:03:17 +02:00
Oded Arbel dc45bcc993
Stop slowing bash init by caching plugins path slowly
Fixes issue #3889 by only loading docker plugins path when needed: if it is fast enough than it shouldn't be a problem to do this on demand; OTOH if it is slow then we shouldn't do this during *every* bash session initialization, regardless if docker completion will be needed or not.

Signed-off-by: Oded Arbel <oded@geek.co.il>
(cherry picked from commit 1da67be9ca)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 13:31:46 +02:00
Sebastiaan van Stijn 710dd00e95
replace dockerfile/dockerignore with patternmatcher/ignorefile
The BuildKit dockerignore package was migrated to the patternmatcher
repository / module. This patch updates our uses of the BuildKit package
with its new location.

A small local change was made to keep the format of the existing error message,
because the "ignorefile" package is slightly more agnostic in that respect
and doesn't include ".dockerignore" in the error message.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5bff12354d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 13:22:56 +02:00
Sebastiaan van Stijn bf632329d2
vendor: github.com/moby/patternmatcher v0.6.0
- integrate frontend/dockerfile/dockerignore from buildkit

full diff: https://github.com/moby/patternmatcher/compare/v0.5.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 55ff9e6093)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 13:22:00 +02:00
Sebastiaan van Stijn 724548bc7d
Merge pull request #4508 from thaJeztah/24.0_backport_lazy_ping
[24.0 backport] cmd/docker: areFlagsSupported: don't Ping if not needed
2023-08-23 11:47:27 +02:00
Sebastiaan van Stijn 3c6c0bce1c
cli/registry/client: set actions when authn with token
When using a personal access token, Docker Hub produces an error if actions
are requested beyond the token's allowed actions. This resulted in errors
when using a PAT with limited permissions to do a "docker manifest inspect".

This patch sets actions to "pull" only by default, and requests "push" action
for requests that need it.

To verify:

- create a PAT with limited access (read-only)
- log in with your username and the PAT as password

Before this patch:

    docker manifest inspect ubuntu:latest
    Get "https://registry-1.docker.io/v2/library/ubuntu/manifests/latest": unauthorized: access token has insufficient scopes

With this patch applied:

    docker manifest inspect ubuntu:latest
    {
       "schemaVersion": 2,
       "mediaType": "application/vnd.oci.image.index.v1+json",
       "manifests": [
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:56887c5194fddd8db7e36ced1c16b3569d89f74c801dc8a5adbf48236fb34564",
             "platform": {
                "architecture": "amd64",
                "os": "linux"
             }
          },
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:c835a4f2a632bc91a2b494e871549f0dd83f2966c780e66435774e77e048ddf0",
             "platform": {
                "architecture": "arm",
                "os": "linux",
                "variant": "v7"
             }
          }
       ]
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d2047b954e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 21:55:01 +02:00
Sebastiaan van Stijn 65655cc262
cmd/docker: areFlagsSupported: don't Ping if not needed
This is a similar fix as 006c946389, which
fixed this for detection of commands that were executed. Make sure we don't
call the "/_ping" endpoint if we don't need to.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bb57783ab8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 10:46:50 +02:00
Sebastiaan van Stijn 580730fce9
Merge pull request #4500 from neersighted/backport_4478
[24.0 backport] login: Add message about using PATs
2023-08-17 20:37:25 +02:00
Djordje Lukic 11606268f8
login: Add message about using PATs
Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
(cherry picked from commit 8d51f36ca3)
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2023-08-17 06:56:09 -06:00
Sebastiaan van Stijn 27a19966fb
Merge pull request #4491 from dvdksn/24.0_backport_docs/host-gateway
[24.0 Backport] docs: document special host-gateway value for add-host
2023-08-09 13:28:05 +02:00
David Karlsson a8987063b3 docs: document special host-gateway value for add-host
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 299925f4c3)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-08-09 09:19:14 +02:00
Sebastiaan van Stijn b74562d917
Merge pull request #4476 from thaJeztah/24.0_backport_update_go1.20.7
[24.0 backport] update to go1.20.7
2023-08-02 11:51:04 +02:00
Sebastiaan van Stijn c0e376854b
update to go1.20.7
Includes a fix for CVE-2023-29409

go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls
package, as well as bug fixes to the assembler and the compiler. See the
Go 1.20.7 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.6...go1.20.7

From the mailing list announcement:

[security] Go 1.20.7 and Go 1.19.12 are released

Hello gophers,

We have just released Go versions 1.20.7 and 1.19.12, minor point releases.

These minor releases include 1 security fixes following the security policy:

- crypto/tls: restrict RSA keys in certificates to <= 8192 bits

  Extremely large RSA keys in certificate chains can cause a client/server
  to expend significant CPU time verifying signatures. Limit this by
  restricting the size of RSA keys transmitted during handshakes to <=
  8192 bits.

  Based on a survey of publicly trusted RSA keys, there are currently only
  three certificates in circulation with keys larger than this, and all
  three appear to be test certificates that are not actively deployed. It
  is possible there are larger keys in use in private PKIs, but we target
  the web PKI, so causing breakage here in the interests of increasing the
  default safety of users of crypto/tls seems reasonable.

  Thanks to Mateusz Poliwczak for reporting this issue.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6517db9398)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 23:53:48 +02:00
Sebastiaan van Stijn 3bc4543f83
Merge pull request #4471 from thaJeztah/24.0_backport_bump_gotest_tools
[24.0 backport] vendor: gotest.tools/v3 v3.5.0
2023-08-01 16:27:40 +02:00
Sebastiaan van Stijn 1481c8ce9a
vendor: gotest.tools/v3 v3.5.0
- go.mod: update dependencies and go version by
- Use Go1.20
- Fix couple of typos
- Added `WithStdout` and `WithStderr` helpers
- Moved `cmdOperators` handling from `RunCmd` to `StartCmd`
- Deprecate `assert.ErrorType`
- Remove outdated Dockerfile
- add godoc links

full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0b535c791a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-29 21:34:33 +02:00
Sebastiaan van Stijn b17b6b562d
Merge pull request #4460 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.5
2023-07-25 15:03:00 +02:00
Sebastiaan van Stijn e97c765575
vendor: github.com/docker/docker v24.0.5
no changes in vendored files

full diff: https://github.com/docker/docker/compare/d4a26c153000...v24.0.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-25 08:55:10 +02:00
Sebastiaan van Stijn ced0996600
Merge pull request #4450 from vvoland/fix-issue-4414-Danial-Gharib-24
[24.0 backport] configfile: Initialize nil AuthConfigs
2023-07-19 21:44:22 +02:00
Danial 1ee40e2c74
configfile: Initialize nil AuthConfigs
Initialize AuthConfigs map if it's nil before returning it.
This fixes fileStore.Store nil dereference panic when adding a new key
to the map.

Signed-off-by: Danial Gharib <danial.mail.gh@gmail.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit ad43df5e86)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-07-19 16:00:16 +02:00
Sebastiaan van Stijn 40cc1d8eae
Merge pull request #4445 from thaJeztah/24.0_backport_buildx_0.11.2
[24.0 backport Dockerfile: update buildx to v0.11.2
2023-07-19 00:59:56 +02:00
Sebastiaan van Stijn 3c2278afae
Merge pull request #4443 from thaJeztah/24.0_update_engine2
[24.0] vendor: github.com/docker/docker v24.0.5-0.20230718221249-d4a26c153000
2023-07-19 00:27:09 +02:00
Sebastiaan van Stijn 3bd6d6902e
Dockerfile: update buildx to v0.11.2
release notes: https://github.com/docker/buildx/releases/tag/v0.11.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 00870d68fc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-19 00:25:33 +02:00
Sebastiaan van Stijn 05bf7fbcc8
vendor: github.com/docker/docker v24.0.5-0.20230718221249-d4a26c153000
full diff: 8443a06149...d4a26c1530

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-19 00:17:46 +02:00
Sebastiaan van Stijn c6d7c0bb21
Merge pull request #4438 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.5-0.20230717072055-8443a06149b5
2023-07-17 11:58:29 +02:00
Sebastiaan van Stijn dd08d44044
Merge pull request #4425 from thaJeztah/24.0_backport_credential-store-improvements
[24.0 backport] docs: rephrase section on credential stores for docker login
2023-07-17 11:39:07 +02:00
Sebastiaan van Stijn 809975d8bd
Merge pull request #4423 from thaJeztah/24.0_backport_dont-ignore-volume-parse-err
[24.0 backport] cli/container: Don't ignore error when parsing volume spec
2023-07-17 11:38:35 +02:00
Sebastiaan van Stijn 8b5023dd2e
vendor: github.com/docker/docker v24.0.5-0.20230717072055-8443a06149b5
tip of the v24.0 branch

full diff: 36e9e796c6...8443a06149

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-17 09:30:01 +02:00
Sebastiaan van Stijn 9edd9a1f2f
Merge pull request #4430 from thaJeztah/24.0_backport_update_buildx
[24.0 backport] Dockerfile: update buildx to v0.11.1
2023-07-15 15:16:33 +02:00
Sebastiaan van Stijn e93cdb6ca5
Merge pull request #4428 from thaJeztah/24.0_backport_update_go_1.20.6
[24.0 backport] update go to go1.20.6
2023-07-15 15:08:38 +02:00
Sebastiaan van Stijn 2a6348d1b2
Dockerfile: update buildx to v0.11.1
update the version we use in the dev-container;

- Fix a regression for bake where services in profiles would not be loaded.
- Fix a regression where --cgroup-parent option had no effect during build.
- Fix a regression where valid docker contexts could fail buildx builder name validation.
- Fix an issue where the host-gateway special address could not be used as an argument to --add-host.
- Fix a possible panic when terminal is resized during the build.

release notes: https://github.com/docker/buildx/releases/tag/v0.11.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ff9f1be19e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 15:03:54 +02:00
Sebastiaan van Stijn f4782b3250
update go to go1.20.6
go1.20.6 (released 2023-07-11) includes a security fix to the net/http package,
as well as bug fixes to the compiler, cgo, the cover tool, the go command,
the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template
packages. See the Go 1.20.6 milestone on our issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.20.5...go1.20.6

These minor releases include 1 security fixes following the security policy:

net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header.
A maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an
invalid Request.Host or Request.URL.Host value.

Thanks to Bartek Nowotarski for reporting this issue.

Includes security fixes for [CVE-2023-29406 ][1] and Go issue https://go.dev/issue/60374

[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 680fafdc9c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 14:49:10 +02:00
Sebastiaan van Stijn a5024666e7
Merge pull request #4424 from thaJeztah/24.0_backport_update-xx
[24.0 backport] Dockerfile: update to xx 1.2.1
2023-07-15 14:46:32 +02:00
Sebastiaan van Stijn 39b2a6cc6a
Merge pull request #4426 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.5-0.20230714235725-36e9e796c6fc
2023-07-15 13:02:13 +02:00
Sebastiaan van Stijn 7d06f6b2f7
vendor: github.com/docker/docker v24.0.5-0.20230714235725-36e9e796c6fc
full diff: https://github.com/docker/docker/compare/v24.0.4...36e9e796c6fc84202c32a852f6cdcd6ed175f96b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 02:23:53 +02:00
David Karlsson 1447974b83
docs: rephrase section on credential stores for docker login
Signed-off-by: David Karlsson <david.karlsson@docker.com>
(cherry picked from commit 9828575314)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 00:13:51 +02:00
CrazyMax 46293e97f7
Dockerfile: update to xx 1.2.1
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit fca67dd817)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 00:09:59 +02:00
Paweł Gronowski bfe2ff8208
cli/container: Don't ignore error when parsing volume spec
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit fe7afb700f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 00:06:57 +02:00
Sebastiaan van Stijn 380eb72940
Merge pull request #4407 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.4
2023-07-13 16:56:44 +02:00