Commit Graph

6824 Commits

Author SHA1 Message Date
Sebastiaan van Stijn abeb7babdf
docs: service create: use markdown table for constraints
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 11:13:26 +01:00
Misty Stanley-Jones 76852f82ba
Give an example for --reserve-memory
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 10:48:32 +01:00
Sebastiaan van Stijn e6f9e5e283 Merge pull request #2312 from thaJeztah/carry_855_config_opts
Add examples for configs (carry 855)
2020-02-10 10:37:23 +01:00
Sebastiaan van Stijn d104cfefe5
Merge pull request #2309 from Abreto/Abreto-patch-1
Fix a typo and enhance a script in an example
2020-02-06 22:30:37 +01:00
Abreto FU 07436dfe78
Remove a useless '\' and enhance a script in an example in the section 'Add entries ... (--add-host)'
Signed-off-by: Abreto FU <public@abreto.email>
2020-02-06 20:45:58 +00:00
Misty Stanley-Jones 473a9d20cd
Add examples for configs
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-06 19:16:20 +01:00
Sebastiaan van Stijn 8e9ab9d8c1
Merge pull request #2310 from thaJeztah/carry_2026
Syntax corrected
2020-02-06 16:25:20 +01:00
Venkateswara Reddy Bukkasamudram 74cc062d24
Syntax corrected
Below are the changes proposed.
- Corrected syntax error.
- Updated example commands to maintain consistency.
- Provided more clarity.

Signed-off-by: Venkateswara Reddy Bukkasamudram <bukkasamudram@outlook.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-06 16:10:34 +01:00
Silvin Lubecki 2dcd4d3d29
Merge pull request #2308 from simonferquel/support-username-password
Add support for Kubernetes username/password auth
2020-02-06 14:54:33 +01:00
Silvin Lubecki d43bb2a5f2
Merge pull request #2296 from thaJeztah/carry_1889_build_docs_update
Builder docs update [carry 1889]
2020-02-06 14:38:26 +01:00
Simon Ferquel 17e651dc54 Add support for Kubernetes username/password auth
This is required for supporting some Kubernetes distributions such as
rancher/k3s.

It comes with a test case validating correct parsing of a k3s kubeconfig
file

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2020-02-04 11:31:28 +01:00
Silvin Lubecki 5d0cf88394
Merge pull request #2220 from thaJeztah/push_all_flag
implement docker push -a/--all-tags
2020-01-30 16:27:16 +01:00
Sebastiaan van Stijn 2a08462deb
Revert "connhelper: add ssh multiplexing"
This reverts commit c04dd6e244.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-30 16:21:04 +01:00
Sebastiaan van Stijn 29734b9103
Revert "docs: document ssh multiplexing env"
This reverts commit 4ecbef4660.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-30 16:20:52 +01:00
Rob Gulewich 5ad1d4d4c8 docker run: specify cgroup namespace mode with --cgroupns
Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2020-01-29 22:50:37 +00:00
Tõnis Tiigi 2079e743c4
Merge pull request #2300 from thaJeztah/bump_golang_1.12.16
Update Golang 1.12.16, golang.org/x/crypto (CVE-2020-0601, CVE-2020-7919)
2020-01-29 13:51:15 -08:00
Sebastiaan van Stijn 27d9aa2d9f
vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919)
Includes 69ecbb4d6d
(forward-port of 8b5121be2f),
which fixes CVE-2020-7919:

- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
  On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
  functions of golang.org/x/crypto/cryptobyte can lead to a panic.
  The malformed certificate can be delivered via a crypto/tls connection to a
  client, or to a server that accepts client certificates. net/http clients can
  be made to crash by an HTTPS server, while net/http servers that accept client
  certificates will recover the panic and are unaffected.
  Thanks to Project Wycheproof for providing the test cases that led to the
  discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-29 11:25:09 +01:00
Sebastiaan van Stijn 19fd390c36
Update Golang 1.12.16 (CVE-2020-0601, CVE-2020-7919)
full diff: https://github.com/golang/go/compare/go1.12.15...go1.12.16

go1.12.16 (released 2020/01/28) includes two security fixes. One mitigates the
CVE-2020-0601 certificate verification bypass on Windows. The other affects only
32-bit architectures.

https://github.com/golang/go/issues?q=milestone%3AGo1.12.16+label%3ACherryPickApproved

- X.509 certificate validation bypass on Windows 10
  A Windows vulnerability allows attackers to spoof valid certificate chains when
  the system root store is in use. These releases include a mitigation for Go
  applications, but it’s strongly recommended that affected users install the
  Windows security update to protect their system.
  This issue is CVE-2020-0601 and Go issue golang.org/issue/36834.
- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
  On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
  functions of golang.org/x/crypto/cryptobyte can lead to a panic.
  The malformed certificate can be delivered via a crypto/tls connection to a
  client, or to a server that accepts client certificates. net/http clients can
  be made to crash by an HTTPS server, while net/http servers that accept client
  certificates will recover the panic and are unaffected.
  Thanks to Project Wycheproof for providing the test cases that led to the
  discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
  This is also fixed in version v0.0.0-20200124225646-8b5121be2f68 of golang.org/x/crypto/cryptobyte.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-29 11:23:02 +01:00
Tonis Tiigi 4f3bc15817
docs: document dockerignore update
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 19:37:25 +01:00
Tonis Tiigi f7009ee126
docs: document build outputs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 19:37:22 +01:00
Tonis Tiigi 73cd257d0f
docs: document cache-from
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 19:37:15 +01:00
Silvin Lubecki 774216439b
Merge pull request #2275 from thaJeztah/bump_utils
Bump vndr v0.1.0, mjibson/esc v0.2.0, gotestsum v0.4.0
2020-01-28 16:27:35 +01:00
Sebastiaan van Stijn 9e620e990f
implement docker push -a/--all-tags
The `docker push` command up until [v0.9.1](https://github.com/moby/moby/blob/v0.9.1/api/client.go#L998)
always pushed all tags of a given image, so `docker push foo/bar` would push (e.g.)
all of  `foo/bar:latest`, `foo:/bar:v1`, `foo/bar:v1.0.0`.

Pushing all tags of an image was not desirable in many case, so docker v0.10.0
enhanced `docker push` to optionally specify a tag to push (`docker push foo/bar:v1`)
(see https://github.com/moby/moby/issues/3411 and the pull request that implemented
this: https://github.com/moby/moby/pull/4948).

This behavior exists up until today, and is confusing, because unlike other commands,
`docker push` does not default to use the `:latest` tag when omitted, but instead
makes it push "all tags of the image"

For example, in the following situation;

```
docker images

REPOSITORY          TAG                        IMAGE ID            CREATED             SIZE
thajeztah/myimage   latest                     b534869c81f0        41 hours ago        1.22MB
```

Running `docker push thajeztah/myimage` seemingly does the expected behavior (it
pushes `thajeztah/myimage:latest` to Docker Hub), however, it does not so for the
reason expected (`:latest` being the default tag), but because `:latest` happens
to be the only tag present for the `thajeztah/myimage` image.

If another tag exists for the image:

```
docker images

REPOSITORY          TAG                        IMAGE ID            CREATED             SIZE
thajeztah/myimage   latest                     b534869c81f0        41 hours ago        1.22MB
thajeztah/myimage   v1.0.0                     b534869c81f0        41 hours ago        1.22MB
```

Running the same command (`docker push thajeztah/myimage`) will push _both_ images
to Docker Hub.

> Note that the behavior described above is currently not (clearly) documented;
> the `docker push` reference documentation (https://docs.docker.com/engine/reference/commandline/push/)
does not mention that omitting the tag will push all tags

This patch changes the default behavior, and if no tag is specified, `:latest` is
assumed. To push _all_ tags, a new flag (`-a` / `--all-tags`) is added, similar
to the flag that's present on `docker pull`.

With this change:

- `docker push myname/myimage` will be the equivalent of `docker push myname/myimage:latest`
- to push all images, the user needs to set a flag (`--all-tags`), so `docker push --all-tags myname/myimage:latest`

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 16:21:06 +01:00
Silvin Lubecki 82b2fda758
Merge pull request #2298 from thaJeztah/bump_yaml
vendor: bump gopkg.in/yaml.v2 v2.2.8
2020-01-28 16:07:55 +01:00
Sebastiaan van Stijn 3dfcfbb2bf
vendor: bump gopkg.in/yaml.v2 v2.2.8
full diff: https://github.com/go-yaml/yaml/compare/v2.2.3...v2.2.8

includes:

- go-yaml/yaml 515 Improve heuristics preventing CPU/memory abuse
- go-yaml/yaml@f90ceb4f40 Fix check for non-map alias merging in v2
    - fix for "yaml.Unmarshal crashes on "assignment to entry in nil map""
- go-yaml/yaml 543 Port stale simple_keys fix to v2
- go-yaml/yaml@1f64d6156d Fix issue in simple_keys improvements
    - fixes "Invalid simple_keys now cause panics later in decode"
- go-yaml/yaml 555 Optimize cases with long potential simple_keys

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 15:44:12 +01:00
Sebastiaan van Stijn 3c8c0ff380
Merge pull request #2108 from Kovah/iptables-notice
Add notice about port binding and overriding of UFW to docker run reference
2020-01-28 12:48:04 +01:00
Sebastiaan van Stijn 594be50a63
bump gotestsum v0.4.0
full diff: https://github.com/gotestyourself/gotestsum/compare/v0.3.5...v0.4.0

includes:

- gotestyourself/gotestsum#59 Report if a package was cached in short formats
- gotestyourself/gotestsum#63 always colorize output unless specifically requested not to
- gotestyourself/gotestsum#61 Improve short-verbose output for tests in CWD
- gotestyourself/gotestsum#70 https://github.com/gotestyourself/gotestsum/pull/70
- gotestyourself/gotestsum#73 Add short-with-failures format

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-27 17:48:01 +01:00
Sebastiaan van Stijn 3f83832be1
bump gotestsum v0.3.5
full diff: https://github.com/gotestyourself/gotestsum/compare/v0.3.4...v0.3.5

- gotestyourself/gotestsum#52 Add a --version flag that goreleaser will populate for us
- gotestyourself/gotestsum#57 Identify and, filter or display coverage output

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-27 17:41:07 +01:00
Sebastiaan van Stijn 97010520d4
bump mjibson/esc v0.2.0
full diff: https://github.com/mjibson/esc/compare/v0.1.0...v0.2.0

includes:

- mjibson/esc#51 Readdir Implementation - and covering with tests
- mjibson/esc#53 update go versions and golint import location
- mjibson/esc#58 Avoid unnecessary conversion and so pass with unconvert linter

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-27 17:40:56 +01:00
Sebastiaan van Stijn 7904c23df8
bump vndr v0.1.0 to support versioned import paths
With this change, go packages/modules that use versioned
import paths (github.com/foo/bar/v2), but don't use a directory
in the repository, can now be supported.

For example:

```
github.com/coreos/go-systemd/v22 v22.0.0
```

will vendor the github.com/coreos/go-systemd repository
into `vendor/github.com/coreos/go-systemd/v22`.

full diff: b177b583eb...v0.1.0

- LK4D4/vndr#79 Add more clear messages around clone failures
- LK4D4/vndr#80 add riscv64 support
- LK4D4/vndr#83 migrate bitbucket to api 2.0
    - fixes LK4D4/vndr#82 https://api.bitbucket.org/1.0/repositories/ww/goautoneg: 410 Gone
- LK4D4/vndr#86 Replace sort.Sort with sort.Strings
- LK4D4/vndr#87 support `github.com/coreos/go-systemd/v22`

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-27 17:28:09 +01:00
Silvin Lubecki 809cc8948d
Merge pull request #2289 from thaJeztah/update_flag_description
Update flag description for docker rm -v
2020-01-27 15:14:29 +01:00
Sebastiaan van Stijn 8f5379b301
Update flag description for docker rm -v
The `-v` option removes anonymous volume only, and keeps
named volumes.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-25 13:54:23 +01:00
Sebastiaan van Stijn 7a0b138571
Merge pull request #2277 from zappy-shu/bump_mergo_v0.3.8
Bump mergo v0.3.8
2020-01-24 17:48:45 +01:00
Nick Adcock 4006c42e13 Added transforms for compose overrides
Added transforms for when merging compose overrides to preserve the
functionality that was broken by bumping mergo to v1.3.8

This includes:
- Special transform for ulimits so single overrides both soft/hard and
the reverse
- Special transform for service network configs so the override replaces
all aliases

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2020-01-24 15:52:36 +00:00
Kovah a955ed6477
Add notice about port binding and overriding of UFW to docker run reference
Signed-off-by: Kovah <mail@kovah.de>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-24 16:35:43 +01:00
Silvin Lubecki e753eec764
Merge pull request #2287 from thaJeztah/fix_quiet_push
Fix: docker push --quiet suppressing errors and exit code
2020-01-24 16:34:42 +01:00
Sebastiaan van Stijn 94443920b1
Fix: docker push --quiet suppressing errors and exit code
Before this patch:

    docker push --quiet nosuchimage
    docker.io/library/nosuchimage

    echo $?
    0

With this patch applied:

    docker push --quiet nosuchimage:latest
    An image does not exist locally with the tag: nosuchimage

    echo $?
    1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-24 13:53:24 +01:00
Sebastiaan van Stijn 74fb129a73
Merge pull request #1596 from glefloch/951-run-trust-tests
Add content trust tests for run command
2020-01-23 16:41:45 +01:00
Sebastiaan van Stijn 6cf7970cd3 bump imdario/mergo v0.3.8
full diff: https://github.com/imdario/mergo/compare/v0.3.7...v0.3.8

includes:

- imdario/mergo#112 Add strict override
    - fixes imdario/mergo#111 WithOverride should be able to check types
- imdario/mergo#106 Fix merging of interface types with concrete values
- imdario/mergo#120 should not overwrite pointers directly, instead check embedded values
    - fixes imdario/mergo#114 Embedded struct of pointer types will overwrite the whole destination struct
- imdario/mergo#125 added WithOverrideEmptySlice config flag

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-21 14:08:10 +00:00
Silvin Lubecki 9b420b1511
Merge pull request #2273 from thaJeztah/max_download_attempts_completion
completion: add `--max-download-attempts`
2020-01-21 11:54:32 +01:00
Silvin Lubecki 8813df36cf
Merge pull request #2269 from thaJeztah/bump_golang_1.12.15
Update Golang 1.12.15
2020-01-21 11:48:53 +01:00
Sebastiaan van Stijn e9b9a0014c
completion: add `--max-download-attempts`
Follow-up to 86281a7b4b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-20 14:47:52 +01:00
glefloch 348f24cae6
Add content trust tests for run command
Signed-off-by: Guillaume Le Floch <glfloch@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-20 14:18:52 +01:00
Sebastiaan van Stijn d443b74091
Merge pull request #1856 from arthrp/master
Forcing the creation of tmp directory
2020-01-20 14:04:39 +01:00
Silvin Lubecki 52714e413c
Merge pull request #2263 from thaJeztah/bump_miekg_pkcs11
vendor: bump miekg/pkcs11 v1.0.3
2020-01-17 16:32:47 +01:00
Silvin Lubecki 7d087b5aa6
Merge pull request #1950 from RahulZoldyck/1943-bug-fix
Add log-driver and options to service inspect "pretty" format
2020-01-17 15:42:22 +01:00
Rahul Zoldyck 139af1f6d6
Add log-driver and options to service inspect "pretty" format
Signed-off-by: Rahul Zoldyck <rahulzoldyck@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-17 15:10:36 +01:00
Sebastiaan van Stijn 84c6b08cf6
Update Golang 1.12.15
full diff: https://github.com/golang/go/compare/go1.12.14...go1.12.15

go1.12.15 (released 2020/01/09) includes fixes to the runtime and the net/http
package. See the Go 1.12.15 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.12.15+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-17 15:00:22 +01:00
Sebastiaan van Stijn b53ffd6c1f
vendor: bump miekg/pkcs11 v1.0.3
full diff: https://github.com/miekg/pkcs11/compare/v1.0.2...v1.0.3

- miekg/pkcs11#100 Add typed convenience `Find...` methods to `Session`
- miekg/pkcs11#115 Add CK_EFFECTIVELY_INFINITE and CK_UNAVAILABLE_INFORMATION

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-16 17:30:06 +01:00
Sebastiaan van Stijn c6d10b6da0
Merge pull request #2091 from mikesir87/user-group-info
Add clarification when using USER UID:GID
2020-01-16 15:24:28 +01:00