Commit Graph

9154 Commits

Author SHA1 Message Date
Sebastiaan van Stijn b08e34b9f9
swarm: TestSwarmUpdate: remove non-existing "--quiet" flag
The `docker swarm update` copmmand does not have a `--quiet` flag, but this
test was trying to set it.

    docker swarm update --help

    Usage:  docker swarm update [OPTIONS]

    Update the swarm

    Options:
          --autolock                        Change manager autolocking setting (true|false)
          --cert-expiry duration            Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s)
          --dispatcher-heartbeat duration   Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
          --external-ca external-ca         Specifications of one or more certificate signing endpoints
          --max-snapshots uint              Number of additional Raft snapshots to retain
          --snapshot-interval uint          Number of log entries between Raft snapshots (default 10000)
          --task-history-limit int          Task history retention limit (default 5)

The test didn't catch this issue, because errors when setting the flag were
not handled, so also adding error-handling;

    === Failed
    === FAIL: cli/command/swarm TestSwarmUpdate (0.00s)
        update_test.go:177: assertion failed: error is not nil: no such flag -quiet

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 15:21:29 +02:00
Sebastiaan van Stijn 9e54fa48ec
Merge pull request #4616 from thaJeztah/bump_gotest_tools
vendor: gotest.tools/v3 v3.5.1
2023-10-23 12:04:44 +02:00
Brian Goff 60b5508c94
Merge pull request #4611 from thaJeztah/stack_start_interval_carry
stacks: Add schema 3.12, and add support for start interval
2023-10-20 11:04:47 -07:00
Brian Goff defa52b8c6
stacks: Add support for start interval
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 18:42:59 +02:00
Sebastiaan van Stijn 9df7be5d5e
cli/compose: add schema 3.12 (no changes with 3.11 yet)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 18:42:55 +02:00
Sebastiaan van Stijn 3e5f6badcb
Merge pull request #4610 from thaJeztah/compose_golden
cli/compose/loader: use gotest.tools/v3/golden
2023-10-20 18:41:33 +02:00
Sebastiaan van Stijn 7a2ea5c536
vendor: gotest.tools/v3 v3.5.1
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.5.0..v3.5.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 17:39:10 +02:00
Sebastiaan van Stijn f2fced4876
cli/compose/loader: remove platform-specific path handling
Paths in the advanced / compose-file format are not converted
to be platform-specific, so for these tests, it should not be
needed to convert the paths to be Windows-paths.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 17:09:03 +02:00
Sebastiaan van Stijn 74990623e5
cli/compose/loader: use gotest.tools/v3/golden
use the golden utility instead of self-crafting expected output,
this allows automaticaly updating the expected output.

This change does break this specific test on Windows due to platform-
specific paths. Other tests already have this issue on Windows, so
skipping the test for now.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 17:08:58 +02:00
Sebastiaan van Stijn 4d6cf135a3
Merge pull request #4614 from sam-thibault/cli-issue-502
Add docker ps status descriptions
2023-10-20 12:51:29 +02:00
Sam Thibault 8bf121c3bc
Add docker ps status descriptions
Signed-off-by: Sam Thibault <sam.thibault@docker.com>
2023-10-20 12:43:16 +02:00
achneerov a252a106cd - What I did
Removed broken link in #937
- How I did it
	Removed first section of CONTRIBUTING.md
- How to verify it
	Check CONTRIBUTING.md
- Description for the changelog
	Removed broken link in contributing to Docker documentation.
A picture of a cute animal (not mandatory but encouraged)
Closes #937

Signed-off-by: achneerov <achneerov@gmail.com>
2023-10-19 16:10:27 -04:00
Sebastiaan van Stijn 8743ffda39
Merge pull request #4605 from thaJeztah/update_engine
vendor: github.com/docker/docker cdb3f9fb8dca (v25.0.0-dev)
2023-10-16 12:04:10 +02:00
Akihiro Suda 74bace156c
docs: add `bind-recursive` mount option
Follow-up to PR 4316

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-10-16 10:15:40 +09:00
Sebastiaan van Stijn 46d0ba20f1
vendor: github.com/docker/docker cdb3f9fb8dca (v25.0.0-dev)
full diff: d3afa80b96...cdb3f9fb8d

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 22:09:04 +02:00
Sebastiaan van Stijn 3441151e07
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230823155524-12f0c246fed0
full diff: bc71908479...12f0c246fe

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 21:40:09 +02:00
Sebastiaan van Stijn 412ebb6771
vendor: github.com/containerd/containerd v1.7.7
full diff: https://github.com/containerd/containerd/compare/v1.6.24..v1.7.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 21:39:50 +02:00
Sebastiaan van Stijn 78eaac75cc
vendor: update OTEL dependencies
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 21:38:21 +02:00
Sebastiaan van Stijn 8890a38d42
Merge pull request #4604 from thaJeztah/x_net_17
vendor: golang.org/x/net v0.17.0
2023-10-13 21:08:44 +02:00
Sebastiaan van Stijn a27466fb6f
vendor: golang.org/x/net v0.17.0
full diff: https://github.com/golang/net/compare/v0.10.0...v0.17.0

This fixes the same CVE as go1.21.3 and go1.20.10;

- net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:56:02 +02:00
Sebastiaan van Stijn 612a171557
vendor: golang.org/x/crypto v0.14.0
full diff: https://github.com/golang/crypto/compare/v0.9.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:55:22 +02:00
Sebastiaan van Stijn 392db31e2a
vendor: golang.org/x/term v0.13.0
- term: consistently return zeroes on GetSize error

full diff: https://github.com/golang/term/compare/v0.8.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:53:19 +02:00
Sebastiaan van Stijn ac307788a6
vendor: golang.org/x/text v0.13.0
full diff: https://github.com/golang/text/compare/v0.9.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:50:23 +02:00
Sebastiaan van Stijn 48655f794c
vendor: golang.org/x/sys v0.13.0
full diff: https://github.com/golang/sys/compare/v0.10.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:49:37 +02:00
Bjorn Neergaard fc247d6911
Merge pull request #4603 from thaJeztah/update_distribution_2.8.3
vendor: github.com/docker/distribution v2.8.3
2023-10-13 09:22:21 -07:00
Sebastiaan van Stijn 6de5254162
vendor: github.com/docker/distribution v2.8.3
- Fix storageDriver gcs not registered in binaries
- reference: replace uses of deprecated function SplitHostname
- Dont parse errors as JSON unless Content-Type is set to JSON
- update to go1.20.8
- Set Content-Type header in registry client ReadFrom
- deprecate reference package, migrate to github.com/distribution/reference
- digestset: deprecate package in favor of go-digest/digestset
- Do not close HTTP request body in HTTP handler

full diff: https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 17:54:59 +02:00
Sebastiaan van Stijn a46f850435
Merge pull request #4596 from thaJeztah/update_golang_1.21.3
update to go1.21.3
2023-10-12 10:44:19 +02:00
Sebastiaan van Stijn ceab9b5e8e
update to go1.21.3
go1.21.3 (released 2023-10-10) includes a security fix to the net/http package.
See the Go 1.21.3 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.21.3+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.21.2...go1.21.3

From the security mailing:

[security] Go 1.21.3 and Go 1.20.10 are released

Hello gophers,

We have just released Go versions 1.21.3 and 1.20.10, minor point releases.

These minor releases include 1 security fixes following the security policy:

- net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 20:02:33 +02:00
Sebastiaan van Stijn d249ce2794
update to go1.21.2
go1.21.2 (released 2023-10-05) includes one security fixes to the cmd/go package,
as well as bug fixes to the compiler, the go command, the linker, the runtime,
and the runtime/metrics package. See the Go 1.21.2 milestone on our issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.21.2+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.21.1...go1.21.2

From the security mailing:

[security] Go 1.21.2 and Go 1.20.9 are released

Hello gophers,

We have just released Go versions 1.21.2 and 1.20.9, minor point releases.

These minor releases include 1 security fixes following the security policy:

- cmd/go: line directives allows arbitrary execution during build

  "//line" directives can be used to bypass the restrictions on "//go:cgo_"
  directives, allowing blocked linker and compiler flags to be passed during
  compliation. This can result in unexpected execution of arbitrary code when
  running "go build". The line directive requires the absolute path of the file in
  which the directive lives, which makes exploting this issue significantly more
  complex.

  This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 20:02:16 +02:00
Sebastiaan van Stijn 26951f75de
Merge pull request #4592 from thaJeztah/update_md2man
update go-md2man to v2.0.3
2023-10-11 19:08:15 +02:00
Sebastiaan van Stijn 3f1195e4ec
update go-md2man to v2.0.3
full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.1...v2.0.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 18:26:14 +02:00
Sebastiaan van Stijn dcc1610768
Merge pull request #4316 from AkihiroSuda/rro
mount: add `bind-recursive=<bool|string>` and deprecate `bind-nonrecursive=<bool>`
2023-10-02 12:20:11 -07:00
Akihiro Suda fc6976db45
mount: add `bind-recursive=<bool|string>` and deprecate `bind-nonrecursive=<bool>`
See `opts/mount_test.go:TestMountOptSetBindRecursive()` for the behavior.

Documentation will be added separately after reaching consensus on the
design.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-10-01 02:58:17 +09:00
Sebastiaan van Stijn 05bec8dd43
Merge pull request #4586 from tianon/go1.19min
Update minimum Go version to 1.19
2023-09-29 10:00:07 +02:00
Tianon Gravi 0f59f04f57 Update minimum Go version to 1.19
On Go 1.18 since a5ebe2282a, we get:

    # github.com/docker/docker-credential-helpers/client
    vendor/github.com/docker/docker-credential-helpers/client/command.go:34:39: programCmd.Environ undefined (type *exec.Cmd has no field or method Environ)
    note: module requires Go 1.19
    # github.com/docker/cli/cli/connhelper/commandconn
    cli/connhelper/commandconn/commandconn.go:71:22: undefined: atomic.Bool
    cli/connhelper/commandconn/commandconn.go:76:22: undefined: atomic.Bool
    cli/connhelper/commandconn/commandconn.go:77:22: undefined: atomic.Bool
    cli/connhelper/commandconn/commandconn.go:78:22: undefined: atomic.Bool

These go away when building against 1.19+.

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
2023-09-29 00:32:39 -07:00
Sebastiaan van Stijn 162e490623
Merge pull request #4581 from thaJeztah/bump_golang_1.21
update golang to go1.21.1
2023-09-28 20:25:15 +02:00
Bjorn Neergaard cfe00daaaa
Merge pull request #4580 from thaJeztah/bump_distref
vendor: github.com/distribution/reference v0.5.0
2023-09-27 18:25:54 -06:00
Sebastiaan van Stijn d254cc3bbe
update golang to go1.21.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 00:54:16 +02:00
Sebastiaan van Stijn 4c75107a62
vendor: github.com/distribution/reference v0.5.0
full diff: https://github.com/distribution/reference/compare/e42074f83a9c...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 00:18:52 +02:00
Sebastiaan van Stijn 9358631f81
Merge pull request #4457 from thaJeztah/no_buildkit
remove buildkit as dependency from the CLI (integrate github.com/moby/buildkit/util/appcontext)
2023-09-28 00:18:28 +02:00
Sebastiaan van Stijn 112d79a413
appcontext: remove unused parts
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 00:05:00 +02:00
Sebastiaan van Stijn febb37a38e
remove buildkit as dependency
This copies the github.com/moby/buildkit/util/appcontext
package as an internal package. The appcontext package from
BuildKit was the only remaining dependency on BuildKit, and
while we may need some of its functionality, the implementation
is not correct for how it's used in docker/cli (so would need
a rewrite).

Moving a copy of the code into the docker/cli (but as internal
package to prevent others from depending on it) is a first step
in that process, and removes the circular dependency between
BuildKit and the CLi.

We are only using these:

    tree vendor/github.com/moby/buildkit
    vendor/github.com/moby/buildkit
    ├── AUTHORS
    ├── LICENSE
    └── util
        └── appcontext
            ├── appcontext.go
            ├── appcontext_unix.go
            ├── appcontext_windows.go
            └── register.go

    3 directories, 6 files

Before this:

    go mod graph | grep ' github.com/docker/cli'
    github.com/moby/buildkit@v0.11.6 github.com/docker/cli@v23.0.0-rc.1+incompatible

After this:

    go mod graph | grep ' github.com/docker/cli'
    # (nothing)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 00:04:51 +02:00
Sebastiaan van Stijn 35442a61ac
Merge pull request #4577 from thaJeztah/gotestsum_nocgo
Dockerfile: build gotestsum and goversioninfo without cgo
2023-09-26 13:51:56 +02:00
Sebastiaan van Stijn 6e97f42480
Merge pull request #4576 from thaJeztah/update_compose_v2
e2e: update to use compose v2, and don't depend on distro-packages
2023-09-26 13:51:36 +02:00
Sebastiaan van Stijn a36f0f9194
Merge pull request #4578 from thaJeztah/gotoolchain_local
Dockerfile: use GOTOOLCHAIN=local
2023-09-26 13:51:07 +02:00
Sebastiaan van Stijn e9759cee69
Dockerfile: use GOTOOLCHAIN=local
This may find its way into the official images, but until it does, let's
make sure we don't get unexpected updates of go.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-26 12:43:38 +02:00
Sebastiaan van Stijn f07e7e1eed
Dockerfile: build gotestsum and goversioninfo without cgo
It's not needed to build these binaries. The Dockerfile.dev image already
has CGO_ENABLED=0 as default in the golang image, so does not need updates.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-26 12:37:07 +02:00
Sebastiaan van Stijn 9e424af5da
e2e: update to use compose v2, and don't depend on distro-packages
We were depending on alpine's package repository to install compose,
but for debian we used compose's GitHub releases. Depending on distro
packages means that we don't know when updates will happen, and versions
may diverge because of that; for example, alpine 3.18 updated to compose
v2;

On alpine 3.17:

    make -f docker.Makefile build-e2e-image
    docker run --rm docker-cli-e2e docker-compose --version
    docker-compose version 1.29.2, build unknown

On alpine 3.18:

    make -f docker.Makefile build-e2e-image
    docker run --rm docker-cli-e2e docker-compose --version
    Docker Compose version v2.17.3

This caused our e2e script to fail, as it made assumptions about the name
format created by compose, which changed from underscores to hyphens in v2;

    Container cliendtoendsuite-engine-1  Running
    Error: No such object: cliendtoendsuite_engine_1

This patch:

- updates the Dockerfile to install compose from the compose-bin image
- adjusts the e2e script for the new naming scheme format
- removes the version field from the compose-files used in e2e, as they
  are no longer used by compose.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-26 12:20:01 +02:00
Sebastiaan van Stijn 8d1ddffb83
Merge pull request #4572 from thaJeztah/update_engine
vendor: github.com/docker/docker d3afa80b96bf (v25.0.0-dev)
2023-09-21 19:19:14 +02:00
Sebastiaan van Stijn 3e2187b4cb
vendor: github.com/docker/docker d3afa80b96bf (v25.0.0-dev)
full diff: 06499c52e2...d3afa80b96

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 15:30:51 +02:00