Commit Graph

7528 Commits

Author SHA1 Message Date
Sebastiaan van Stijn b4dde3a130
Merge pull request #3243 from thaJeztah/fix_build_context
build: fix AddDockerfileToBuildContext not de-referencing tar header template
2021-08-11 11:57:22 +02:00
Sebastiaan van Stijn 847aef321e
build: fix AddDockerfileToBuildContext not de-referencing tar header template
Commit 73aef6edfe
modified archive.ReplaceFileTarWrapper to set the Name field in the tar header,
if the field was not set.

That change exposed an issue in how a Dockerfile from stdin was sent to the daemon.
When attempting to build using a build-context, and a Dockerfile from stdin, the
following happened:

```bash
mkdir build-stdin && cd build-stdin && echo hello > hello.txt

DOCKER_BUILDKIT=0 docker build --no-cache -t foo -f- . <<'EOF'
FROM alpine
COPY . .
EOF

Sending build context to Docker daemon  2.607kB
Error response from daemon: dockerfile parse error line 1: unknown instruction: .DOCKERIGNORE
```

Removing the `-t foo`, oddly lead to a different failure:

```bash
DOCKER_BUILDKIT=0 docker build --no-cache -f- . <<'EOF'
FROM alpine
COPY . .
EOF

Sending build context to Docker daemon  2.581kB
Error response from daemon: Cannot locate specified Dockerfile: .dockerfile.701d0d71fb1497d6a7ce
```

From the above, it looks like the tar headers got mangled, causing (in the first
case) the daemon to use the build-context tar as a plain-text file, and therefore
parsing it as Dockerfile, and in the second case, causing it to not being able to
find the Dockerfile in the context.

I noticed that both TarModifierFuncs were using the same `hdrTmpl` struct, which
looks to caused them to step on each other's toes. Changing them to each initialize
their own struct made the issue go away.

After this change:

```bash
DOCKER_BUILDKIT=0 docker build --no-cache -t foo -f- . <<'EOF'
FROM alpine
COPY . .
EOF
Sending build context to Docker daemon  2.607kB
Step 1/2 : FROM alpine
 ---> d4ff818577bc
Step 2/2 : COPY . .
 ---> 556f745e6938
Successfully built 556f745e6938
Successfully tagged foo:latest

DOCKER_BUILDKIT=0 docker build --no-cache -f- . <<'EOF'
FROM alpine
COPY . .
EOF

Sending build context to Docker daemon  2.607kB
Step 1/2 : FROM alpine
 ---> d4ff818577bc
Step 2/2 : COPY . .
 ---> aaaee43bec5e
Successfully built aaaee43bec5e
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-10 23:19:14 +02:00
Sebastiaan van Stijn f1e5329713
Merge pull request #3239 from thaJeztah/update_containerd_1.5.5
vendor: update logrus v1.8.1, containerd v1.5.5, runc v1.0.1
2021-08-10 12:25:10 +02:00
Sebastiaan van Stijn fcc2ce3499
vendor: github.com/containerd/containerd v1.5.5
no changes in the vendored code

full diff: https://github.com/containerd/containerd/compare/v1.5.3...v1.5.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-10 12:14:25 +02:00
Sebastiaan van Stijn cfb07a75a9
vendor: github.com/opencontainers/runc v1.0.1
full diff: https://github.com/opencontainers/runc/comopare/v1.0.0-rc95...v1.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-10 12:14:23 +02:00
Sebastiaan van Stijn ecad24d47f
vendor: github.com/sirupsen/logrus v1.8.1
full diff: https://github.com/sirupsen/logrus/compare/v1.7.0...v1.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-10 12:14:20 +02:00
Silvin Lubecki 135ffd2057
Merge pull request #3238 from thaJeztah/replace_pkg_signal
replace docker/pkg/signal with github.com/moby/sys/signal
2021-08-10 12:13:55 +02:00
Silvin Lubecki 60e3b3ad2d
Merge pull request #3235 from thaJeztah/bump_go_1.16.7
Update Go to 1.16.7
2021-08-10 12:13:02 +02:00
Sebastiaan van Stijn 23ed50c10f
replace docker/pkg/signal with github.com/moby/sys/signal
The github.com/docker/docker/pkg/signal package was moved to a separate
module in moby/sys.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-09 19:15:46 +02:00
Sebastiaan van Stijn 3112b382a3
Update Go to 1.16.7
go1.16.7 (released 2021-08-05) includes a security fix to the net/http/httputil
package, as well as bug fixes to the compiler, the linker, the runtime, the go
command, and the net/http package. See the Go 1.16.7 milestone on the issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.7+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-07 18:20:39 +02:00
Silvin Lubecki aa949f2ad5
Merge pull request #3211 from crazy-max/gha
GitHub Actions for lint
2021-08-05 14:11:23 +02:00
CrazyMax 698c155478
GitHub Actions for lint
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-08-05 08:44:21 +02:00
Sebastiaan van Stijn 8964595692
info: skip client-side warning about seccomp profile on API >= 1.42
This warning will be moved to the daemon-side, similar to how it returns
other warnings. There's work in progress to change the name of the default
profile, so we may need to backport this change to prevent existing clients
from printing an incorrect warning if they're connecting to a newer daemon.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-04 16:03:09 +02:00
Sebastiaan van Stijn 7cf5cd6dec
Merge pull request #3034 from thaJeztah/yamldocs_updates
yamldocs: various improvements
2021-07-30 21:26:52 +02:00
Sebastiaan van Stijn b86f5135f6
docs/yaml: add TODO for conditionally skipping root command
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-30 20:51:09 +02:00
Sebastiaan van Stijn c509ef7104
yamldocs: various improvements
- make sure the target directory is created if missing
- add support for custom ID's in headings through `<a>` tags (e.g.
  `<a name=heading2></a>`). This allows use of custom anchors that
  work both on GitHub (GFM doesn't support extended MarkDown), and
  in Jekyll (which does).
- add code to cleanup markdown for use in our docs:
    - remove absolute URLs to https://docs.docker.com
    - remove tabs in MarkDown, and convert them to 4 spaces. This
      prevents the YAML conversion from switching between "short"
      and "long" syntax. Tabs in code examples also don't always
      work well, so using spaces doesn't hurt for that.
- refactor some code for readability, and to be less "hacky" (still
  lots to be improved though)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-30 20:43:22 +02:00
Sebastiaan van Stijn 13e4a097ea
Merge pull request #3203 from thaJeztah/no_custom_http_headers
cli/command: don't use client.CustomHTTPHeaders()
2021-07-29 13:21:10 +02:00
Sebastiaan van Stijn 1ba95f2bd5
Merge pull request #3197 from thaJeztah/bump_go_1.16.6
Bump go 1.16.6
2021-07-29 12:06:00 +02:00
Sebastiaan van Stijn a477a727fc
Update to go1.16.6
Keeping the dockerfiles/Dockerfile.cross image at 1.13, as we don't
have more current versions of that image. However, I don't think it's
still used, so we should remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 11:52:02 +02:00
Sebastiaan van Stijn 8fa76452f7
Merge pull request #3223 from thaJeztah/update_lcow_deprecation
docs: update deprecation status of LCOW to "removed"
2021-07-29 10:55:38 +02:00
Sebastiaan van Stijn 0b2eaa7f72
cli/command: don't use client.CustomHTTPHeaders(), and simplify asserts
It's the only use of this function, and it's better to check that
the client actually sends the header.

This also simplifies some asserts, and makes sure that "actual" and "expected"
are in the correct order.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 10:26:10 +02:00
Sebastiaan van Stijn 8916855c25
docs: update deprecation status of LCOW
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 09:22:11 +02:00
Stefan Scherer c9f8473512
Merge pull request #3221 from thaJeztah/move_proxy_test_to_e2e
change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test
2021-07-29 09:14:59 +02:00
Sebastiaan van Stijn 40c6b117e7
change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test
Golang uses a `sync.Once` when determining the proxy to use. This means
that it's not possible to test the proxy configuration in unit tests,
because the proxy configuration will be "fixated" the first time Golang
detects the proxy configuration.

This patch changes TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e
test so that we can verify the CLI picks up the proxy configuration.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 22:33:12 +02:00
Silvin Lubecki d9cdbb0a4c
Merge pull request #3222 from thaJeztah/bump_gotestsum
e2e: update gotestsum to v1.7.0
2021-07-28 21:07:24 +02:00
Sebastiaan van Stijn 60fe322434
e2e: update gotestsum to v1.7.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 19:44:11 +02:00
Silvin Lubecki e879f1aea7
Merge pull request #3218 from thaJeztah/deprecate_encrypted_tls
context: deprecate support for encrypted TLS private keys
2021-07-28 15:10:49 +02:00
Sebastiaan van Stijn 15535d4594
context: deprecate support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 14:42:45 +02:00
Silvin Lubecki fb78bd4be3
Merge pull request #3213 from thaJeztah/fix_linting
cli/context: ignore linting warnings about RFC 1423 encryption
2021-07-28 13:55:48 +02:00
Sebastiaan van Stijn 2688f25eb7
cli/context: ignore linting warnings about RFC 1423 encryption
From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

When linting on Go 1.16:

    cli/context/docker/load.go:69:6: SA1019: x509.IsEncryptedPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
            if x509.IsEncryptedPEMBlock(pemBlock) {
               ^
    cli/context/docker/load.go:70:20: SA1019: x509.DecryptPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
                keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(c.TLSPassword))
                                ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-26 18:00:01 +02:00
Sebastiaan van Stijn 2776a6d694
Merge pull request #3210 from thaJeztah/ci_bump_buildx
CircleCI: update BUILDX_VERSION to v0.6.0
2021-07-26 16:39:08 +02:00
Sebastiaan van Stijn 4ab6ea016d
Merge pull request #3208 from crazy-max/buildkit-progress
Add doc for BUILDKIT_PROGRESS env var
2021-07-26 15:49:29 +02:00
Sebastiaan van Stijn 91c7569a7a
Merge pull request #3140 from thaJeztah/update_e2e_compose
e2e: update docker-compose to 1.29.2
2021-07-26 15:33:48 +02:00
Sebastiaan van Stijn 0695578d4b
CircleCI: update BUILDX_VERSION to v0.6.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-26 15:32:10 +02:00
Sebastiaan van Stijn b98b573de3
Merge pull request #3190 from IvanGrund/patch-1
Fix typo in documentation - build.md
2021-07-26 15:18:35 +02:00
CrazyMax ecaaa35be6
Add doc for BUILDKIT_PROGRESS env var
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-07-25 20:27:38 +02:00
Brian Goff 43dc024002
Merge pull request #2855 from Foxboron/morten/reprobuilds 2021-07-23 09:41:51 -07:00
Sebastiaan van Stijn 62325a6abb
Merge pull request #3204 from thaJeztah/update_dockerfile_syntax
Update Dockerfiles to latest syntax, remove "experimental"
2021-07-22 15:02:21 +02:00
Sebastiaan van Stijn 48dbf6f3cf
Update Dockerfiles to latest syntax, remove "experimental"
The experimental image is deprecated (now "labs"), and the features we use
are now included in the regular (stable) syntax.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-22 14:48:09 +02:00
Sebastiaan van Stijn 25eee83d6b
Merge pull request #3074 from thaJeztah/all_proxy
Add support for ALL_PROXY
2021-07-21 12:50:27 +02:00
Sebastiaan van Stijn 53d822696c
Merge pull request #3199 from thaJeztah/update_md2man
Update go-md2man to v2.0.1 to fix table rendering in man-pages
2021-07-21 11:11:49 +02:00
Sebastiaan van Stijn 13e8225007
vendor: cpuguy83/go-md2man/v2 v2.0.1
full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.0...v2.0.1

- Fix handling multiple definition descriptions
- Fix inline markup causing table cells to split
- Remove escaping tilde character (prevents tildes (`~`) from disappearing).
- Do not escape dash, underscore, and ampersand (prevents ampersands (`&`) from disappearing).
- Ignore unknown HTML tags to prevent noisy warnings

With this, generating manpages becomes a lot less noisy; no more of these:

    WARNING: go-md2man does not handle node type HTMLSpan
    WARNING: go-md2man does not handle node type HTMLSpan
    WARNING: go-md2man does not handle node type HTMLSpan

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-21 10:28:34 +02:00
Sebastiaan van Stijn ef14ae09bb
vendor: github.com/russross/blackfriday/v2 v2.1.0
removes the github.com/shurcooL/sanitized_anchor_name dependency

full diff: https://github.com/russross/blackfriday/compare/v2.0.1...v2.1.0

- Committed to github.com/russross/blackfriday/v2 as the canonical import path for blackfriday v2.
- Reduced the amount of dependencies.
- Added a SanitizedAnchorName function.
- Added Node.IsContainer and Node.IsLeaf methods.
- Fixed parsing of links that end with a double backslashes.
- Fixed an issue where fence length wasn't computed.
- Improved the default value for the HTMLRendererParameters.FootnoteReturnLinkContents field.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-21 10:22:53 +02:00
Sebastiaan van Stijn 7a0dc924f9
Add support for ALL_PROXY
Support for ALL_PROXY as default build-arg was added recently in
buildkit and the classic builder.

This patch adds the `ALL_PROXY` environment variable to the list of
configurable proxy variables, and updates the documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-21 09:06:18 +02:00
Sebastiaan van Stijn 72066d5099
Merge pull request #3158 from ulyssessouza/completion
Add completion for docker-compose plugin
2021-07-20 14:18:51 +02:00
Ulysses Souza 5a8d7d506c Detect compose plugin
Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com>
2021-07-19 12:02:34 -03:00
Sebastiaan van Stijn b9447fbd63
Merge pull request #3147 from tonistiigi/go1.17-for-windows
Dockerfile: remove custom go build for windows/arm64
2021-07-19 14:34:04 +02:00
Tonis Tiigi f3d1b02e2b Dockerfile: remove custom go build for windows/arm64
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-07-18 10:34:16 -07:00
Silvin Lubecki f84487ed5b
Merge pull request #3154 from thaJeztah/update_containerd_deps
vendor: github.com/containerd/containerd v1.5.3 to reduce indirect dependencies
2021-07-15 14:20:44 +02:00
Ivan Grund d9f17025c4 Fix typo in documentation - build.md
Signed-off-by: Ivan Grund <ivan.grund@gmail.com>
2021-07-14 22:50:44 +02:00