Commit Graph

8891 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 65bc42b4af
Merge pull request #4682 from thaJeztah/24.0_backport_noraw
[24.0 backport] docs: remove "{% raw %}" / "{% endraw %}" Jekyl (liquid) leftovers
2023-11-28 10:26:40 +01:00
Sebastiaan van Stijn 00dbc19cab
Merge pull request #4680 from thaJeztah/24.0_backport_fix_flag_typo
[24.0 backport] docs/man: fix -name flag with single hyphen
2023-11-27 22:12:19 +01:00
Sebastiaan van Stijn 207d9edaa7
docs: reference/commandlin/cli: remove redundant italic
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 354f62f0c5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-27 22:06:20 +01:00
Sebastiaan van Stijn e799792d8a
docs: remove "{% raw %}" / "{% endraw %}" Jekyl (liquid) leftovers
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e2626200aa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-27 22:06:20 +01:00
Sebastiaan van Stijn 327b84fcbf
docs/man: fix -name flag with single hyphen
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 174cbb588f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-27 21:00:38 +01:00
Sebastiaan van Stijn 48ec4f339e
Merge pull request #4639 from dvdksn/backport_dockerd-default-nw-opt
[24.0 Backport] docs: add default-network-opt daemon option
2023-11-06 13:31:52 +01:00
David Karlsson 88a745999d docs: add default-network-opt daemon option
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 848fe622ce)
2023-11-06 13:23:17 +01:00
Sebastiaan van Stijn afdd53b4e3
Merge pull request #4629 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.6
2023-10-26 09:06:42 +02:00
Brian Goff 12c309fe91
Merge pull request #4628 from thaJeztah/24.0_backport_bump_compress
[24.0 backport] vendor: github.com/klauspost/compress v1.17.2
2023-10-25 17:42:02 -07:00
Sebastiaan van Stijn f42719820d
vendor: github.com/docker/docker v24.0.6
full diff: https://github.com/moby/moby/compare/v24.0.5...v24.0.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 00:37:11 +02:00
Sebastiaan van Stijn 17770189de
vendor: github.com/klauspost/compress v1.17.2
fixes data corruption with zstd output in "best"

- 1.17.2 diff: https://github.com/klauspost/compress/compare/v1.17.1...v1.17.2
- full diff: https://github.com/klauspost/compress/compare/v1.16.5...v1.17.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6372c6aae6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:17:39 +02:00
Sebastiaan van Stijn cde0441dc8
vendor: github.com/klauspost/compress v1.16.5
full diff: https://github.com/klauspost/compress/compare/v1.16.3...v1.16.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 497b13c661)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:17:35 +02:00
Sebastiaan van Stijn d9f94d5719
Merge pull request #4618 from thaJeztah/24.0_backport_cli-issue-502
[24.0 backport] Add docker ps status descriptions
2023-10-23 16:11:33 +02:00
Sam Thibault 54d83fbbf4
Add docker ps status descriptions
Signed-off-by: Sam Thibault <sam.thibault@docker.com>
(cherry picked from commit 8bf121c3bc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 12:34:39 +02:00
Sebastiaan van Stijn 30a185e936
Merge pull request #4609 from thaJeztah/24.0_backport_x_net
[24.0 backport] vendor: golang.org/x/net v0.17.0
2023-10-19 14:06:59 +02:00
Sebastiaan van Stijn d43c48d5ab
vendor: golang.org/x/net v0.17.0
full diff: https://github.com/golang/net/compare/v0.10.0...v0.17.0

This fixes the same CVE as go1.21.3 and go1.20.10;

- net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a27466fb6f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:35:49 +02:00
Sebastiaan van Stijn 1919679638
vendor: golang.org/x/crypto v0.14.0
full diff: https://github.com/golang/crypto/compare/v0.9.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 612a171557)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:34:31 +02:00
Sebastiaan van Stijn 6c5bc490d4
vendor: golang.org/x/term v0.13.0
- term: consistently return zeroes on GetSize error

full diff: https://github.com/golang/term/compare/v0.8.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 392db31e2a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:33:19 +02:00
Sebastiaan van Stijn 66558a4e64
vendor: golang.org/x/text v0.13.0
full diff: https://github.com/golang/text/compare/v0.9.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ac307788a6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:32:30 +02:00
Sebastiaan van Stijn 0d554b549b
vendor: golang.org/x/sys v0.13.0
full diff: https://github.com/golang/sys/compare/v0.10.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 48655f794c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:31:38 +02:00
Sebastiaan van Stijn 8c4dc6c603
vendor: golang.org/x/crypto v0.9.0
full diff: https://github.com/golang/crypto/compare/v0.3.0...v0.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c9d56b8504)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:29:57 +02:00
Sebastiaan van Stijn aef1157742
vendor: golang.org/x/sys v0.10.0
full diff: https://github.com/golang/sys/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ffea6940e7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:27:19 +02:00
Sebastiaan van Stijn 54894f0224
vendor: golang.org/x/sync v0.3.0
full diff: https://github.com/golang/sync/compare/v0.1.0...v0.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1554b49329)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:27:00 +02:00
Bjorn Neergaard 0f109aafa8
Merge pull request #4584 from thaJeztah/24.0_backport_update_actions
[24.0 backport] build(deps): bump actions/checkout from 3 to 4
2023-10-13 08:49:32 -07:00
Bjorn Neergaard 89ce230bd8
Merge pull request #4587 from thaJeztah/24.0_backport_go1.21_prepare
[24.0 backport] assorted dockerfile and test updates
2023-10-13 08:49:15 -07:00
Sebastiaan van Stijn db6e494b40
Merge pull request #4594 from thaJeztah/24.0_backport_update_md2man
[24.0 backport] update go-md2man to v2.0.3
2023-10-13 17:27:19 +02:00
Sebastiaan van Stijn 5b3e376f86
Merge pull request #4597 from thaJeztah/24.0_update_go1.20.10
[24.0] update to go1.20.10
2023-10-12 14:20:26 +02:00
Sebastiaan van Stijn a47889a70f
update to go1.20.10
go1.20.10 (released 2023-10-10) includes a security fix to the net/http package.
See the Go 1.20.10 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.10+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.9...go1.20.10

From the security mailing:

[security] Go 1.21.3 and Go 1.20.10 are released

Hello gophers,

We have just released Go versions 1.21.3 and 1.20.10, minor point releases.

These minor releases include 1 security fixes following the security policy:

- net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 20:04:46 +02:00
Sebastiaan van Stijn 3c10203b39
update to go1.20.9
go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go package,
as well as bug fixes to the go command and the linker. See the Go 1.20.9
milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.9+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.8...go1.20.9

From the security mailing:

[security] Go 1.21.2 and Go 1.20.9 are released

Hello gophers,

We have just released Go versions 1.21.2 and 1.20.9, minor point releases.

These minor releases include 1 security fixes following the security policy:

- cmd/go: line directives allows arbitrary execution during build

  "//line" directives can be used to bypass the restrictions on "//go:cgo_"
  directives, allowing blocked linker and compiler flags to be passed during
  compliation. This can result in unexpected execution of arbitrary code when
  running "go build". The line directive requires the absolute path of the file in
  which the directive lives, which makes exploting this issue significantly more
  complex.

  This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 20:04:12 +02:00
Sebastiaan van Stijn 9662d73735
update go-md2man to v2.0.3
full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.1...v2.0.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3f1195e4ec)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 19:24:29 +02:00
Tianon Gravi 35453d6c4f
Update minimum Go version to 1.19
On Go 1.18 since a5ebe2282a, we get:

    # github.com/docker/docker-credential-helpers/client
    vendor/github.com/docker/docker-credential-helpers/client/command.go:34:39: programCmd.Environ undefined (type *exec.Cmd has no field or method Environ)
    note: module requires Go 1.19
    # github.com/docker/cli/cli/connhelper/commandconn
    cli/connhelper/commandconn/commandconn.go:71:22: undefined: atomic.Bool
    cli/connhelper/commandconn/commandconn.go:76:22: undefined: atomic.Bool
    cli/connhelper/commandconn/commandconn.go:77:22: undefined: atomic.Bool
    cli/connhelper/commandconn/commandconn.go:78:22: undefined: atomic.Bool

These go away when building against 1.19+.

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
(cherry picked from commit 0f59f04f57)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-29 10:00:53 +02:00
dependabot[bot] 2a76b0c4e7
build(deps): bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit dee40053f6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 14:34:32 +02:00
Sebastiaan van Stijn 1ebaef3663
Dockerfile: use GOTOOLCHAIN=local
This may find its way into the official images, but until it does, let's
make sure we don't get unexpected updates of go.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e9759cee69)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 14:30:13 +02:00
Sebastiaan van Stijn 8a7833ab62
Dockerfile: build gotestsum and goversioninfo without cgo
It's not needed to build these binaries. The Dockerfile.dev image already
has CGO_ENABLED=0 as default in the golang image, so does not need updates.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f07e7e1eed)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 14:29:40 +02:00
Sebastiaan van Stijn 2e86812d7a
e2e: update to use compose v2, and don't depend on distro-packages
We were depending on alpine's package repository to install compose,
but for debian we used compose's GitHub releases. Depending on distro
packages means that we don't know when updates will happen, and versions
may diverge because of that; for example, alpine 3.18 updated to compose
v2;

On alpine 3.17:

    make -f docker.Makefile build-e2e-image
    docker run --rm docker-cli-e2e docker-compose --version
    docker-compose version 1.29.2, build unknown

On alpine 3.18:

    make -f docker.Makefile build-e2e-image
    docker run --rm docker-cli-e2e docker-compose --version
    Docker Compose version v2.17.3

This caused our e2e script to fail, as it made assumptions about the name
format created by compose, which changed from underscores to hyphens in v2;

    Container cliendtoendsuite-engine-1  Running
    Error: No such object: cliendtoendsuite_engine_1

This patch:

- updates the Dockerfile to install compose from the compose-bin image
- adjusts the e2e script for the new naming scheme format
- removes the version field from the compose-files used in e2e, as they
  are no longer used by compose.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9e424af5da)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 14:29:27 +02:00
Sebastiaan van Stijn e7ca37861b
Dockerfile: use COPY --link where possible
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit af05a68828)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 14:28:47 +02:00
Bjorn Neergaard 1f8118b1cc
Merge pull request #4565 from thaJeztah/24.0_backport_docker_tag_dupwords
[24.0 backport] docs: fix duplicate words in "docker tag" reference
2023-09-15 08:17:43 -06:00
Sebastiaan van Stijn f2a3d50b30
docs: fix duplicate words in "docker tag" reference
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3a16c3bb09)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-14 13:45:34 +02:00
Bjorn Neergaard edae25f8af
Merge pull request #4561 from thaJeztah/24.0_backport_update_golang_1.20.8
[24.0 backport] update to go1.20.8
2023-09-13 10:05:54 -06:00
Bjorn Neergaard d848d49be9
Merge pull request #4543 from thaJeztah/24.0_backport_bump_golangci_lint
[24.0 backport] update golangci-lint to v1.54.2
2023-09-13 10:05:27 -06:00
Sebastiaan van Stijn 4feeefbd68
update to go1.20.8
go1.20.8 (released 2023-09-06) includes two security fixes to the html/template
package, as well as bug fixes to the compiler, the go command, the runtime,
and the crypto/tls, go/types, net/http, and path/filepath packages. See the
Go 1.20.8 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.8+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.7...go1.20.8

From the security mailing:

[security] Go 1.21.1 and Go 1.20.8 are released

Hello gophers,

We have just released Go versions 1.21.1 and 1.20.8, minor point releases.

These minor releases include 4 security fixes following the security policy:

- cmd/go: go.mod toolchain directive allows arbitrary execution
  The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to
  execute scripts and binaries relative to the root of the module when the "go"
  command was executed within the module. This applies to modules downloaded using
  the "go" command from the module proxy, as well as modules downloaded directly
  using VCS software.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-39320 and Go issue https://go.dev/issue/62198.

- html/template: improper handling of HTML-like comments within script contexts
  The html/template package did not properly handle HMTL-like "<!--" and "-->"
  comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may
  cause the template parser to improperly interpret the contents of <script>
  contexts, causing actions to be improperly escaped. This could be leveraged to
  perform an XSS attack.

  Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
  issue.

  This is CVE-2023-39318 and Go issue https://go.dev/issue/62196.

- html/template: improper handling of special tags within script contexts
  The html/template package did not apply the proper rules for handling occurrences
  of "<script", "<!--", and "</script" within JS literals in <script> contexts.
  This may cause the template parser to improperly consider script contexts to be
  terminated early, causing actions to be improperly escaped. This could be
  leveraged to perform an XSS attack.

  Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
  issue.

  This is CVE-2023-39319 and Go issue https://go.dev/issue/62197.

- crypto/tls: panic when processing post-handshake message on QUIC connections
  Processing an incomplete post-handshake message for a QUIC connection caused a panic.

  Thanks to Marten Seemann for reporting this issue.

  This is CVE-2023-39321 and CVE-2023-39322 and Go issue https://go.dev/issue/62266.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4b00be585c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-13 17:49:18 +02:00
Bjorn Neergaard ed223bc820
Merge pull request #4544 from thaJeztah/24.0_backport_fix_events_json_format
[24.0 backport] cli/command/system: fix "docker events" not supporting --format=json
2023-08-31 11:24:32 -06:00
Sebastiaan van Stijn fab55e13ce
cli/command/system: fix "docker events" not supporting --format=json
Before this patch:

    docker events --format=json
    json
    json
    json
    ^C

With this patch:

    docker events --format=json
    {"status":"create","id":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","from":"hello-world","Type":"container","Action":"create","Actor":{"ID":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","Attributes":{"image":"hello-world","name":"dreamy_goldstine"}},"scope":"local","time":1693168508,"timeNano":1693168508190136885}
    {"status":"attach","id":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","from":"hello-world","Type":"container","Action":"attach","Actor":{"ID":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","Attributes":{"image":"hello-world","name":"dreamy_goldstine"}},"scope":"local","time":1693168508,"timeNano":1693168508192851593}
    {"Type":"network","Action":"connect","Actor":{"ID":"c54920dd5074a73e28bea62007e0334d81cc040a90372be311cf16806403d350","Attributes":{"container":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","name":"bridge","type":"bridge"}},"scope":"local","time":1693168508,"timeNano":1693168508212398802}
    {"status":"start","id":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","from":"hello-world","Type":"container","Action":"start","Actor":{"ID":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","Attributes":{"image":"hello-world","name":"dreamy_goldstine"}},"scope":"local","time":1693168508,"timeNano":1693168508312969843}
    ^C

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6dfdd1eae9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 17:36:44 +02:00
Sebastiaan van Stijn 989b340a6c
update golangci-lint to v1.54.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit db6209abdd)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 14:22:46 +02:00
Sebastiaan van Stijn 2fcff17544
Merge pull request #4537 from thaJeztah/24.0_backort_docs_fixes
[24.0 backport] docs/reference: run.md: remove stray whitespace and update cli-docs-tool to v0.6.0
2023-08-29 11:44:13 +02:00
Sebastiaan van Stijn b74d8e1a53
Merge pull request #4538 from thaJeztah/24.0_backport_history_test
[24.0 backport] un-skip history test and fix golden mismatches
2023-08-29 11:43:55 +02:00
Sebastiaan van Stijn 3789f8a39e
Merge pull request #4542 from thaJeztah/24.0_backport_manifest_deref
[24.0 backport] cli/registry: fix client.pullManifestList not de-referencing manifest, and remove "v1" check
2023-08-29 11:43:38 +02:00
Sebastiaan van Stijn d3485b9e9f
cli/registry: client.iterateEndpoints: remove check for APIVersion1
registryService.LookupPullEndpoints uses lookupV2Endpoints
https://github.com/moby/moby/blob/v24.0.5/registry/service.go#L137-L142

which, as the name indicates, only returns V2 endpoints;
https://github.com/moby/moby/blob/v24.0.5/registry/service_v2.go#L10-L80

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 22b4bab90f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 09:45:37 +02:00
Sebastiaan van Stijn 613380299f
cli/registry: fix client.pullManifestList not de-referencing manifest
Kudos to gosec;

    cli/registry/client/fetcher.go:205:57: G601: Implicit memory aliasing in for loop. (gosec)
            imageManifest.Descriptor.Platform = types.OCIPlatform(&manifestDescriptor.Platform)
                                                                  ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5250f1bab5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 09:45:37 +02:00
Sebastiaan van Stijn b83959e001
force TestNewHistoryCommandSuccess to use UTC timezone
This test was skipped if the host was not using UTC timezone, because the output
of timestamps would be different, causing the test to fail.

This patch overrides the TZ env-var to make the test use UTC, so that we don't
have to skip the test.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 42ac5d4bf9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 23:00:49 +02:00