Commit Graph

7578 Commits

Author SHA1 Message Date
Sebastiaan van Stijn c72057c8db
docs: move checkpoint/restore doc from experimental into reference
This allows this information to be read from docs.docker.com.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit aa89e6847a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:48:12 +02:00
Pawel 77db97d595
Use private network address for default-address-pools setting in daemon.json example
Signed-off-by: Pawel <pepawel@users.noreply.github.com>
(cherry picked from commit 6482f3f9b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:45:47 +02:00
Sebastiaan van Stijn cbf0d2b7b7
docs: fix some broken anchors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2621af848a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:45:12 +02:00
Sebastiaan van Stijn d0014a86bc
docs: fix description of restart-delay to mention max (1 minute)
Commit 9bd3a7c029
(docker 17.04 and up) added a maximum timeout of 1 minute to the
restart timeout.

This patch updates the documentation to match the current behavior.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 47e5cfa9e9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:42:47 +02:00
takeshi.koenuma 6c1c8b55aa
docs: fix search results by filterd is-official
Signed-off-by: takeshi.koenuma <t.koenuma2@gmail.com>
(cherry picked from commit 1de937c144)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:42:32 +02:00
Sebastiaan van Stijn c2ea9bc90b
Merge pull request #3 from moby/20.10_backport_go_1.16.8
[20.10 backport] Update Go to 1.16.8
2021-09-23 20:26:34 +02:00
Sebastiaan van Stijn 44fdac11f5
Update Go to 1.16.8
This includes additional fixes for CVE-2021-39293.

go1.16.8 (released 2021-09-09) includes a security fix to the archive/zip package,
as well as bug fixes to the archive/zip, go/internal/gccgoimporter, html/template,
net/http, and runtime/pprof packages. See the Go 1.16.8 milestone on the issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.8+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 01fa5d925a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-09-15 14:18:23 +02:00
Sebastiaan van Stijn 893e52cf4b
Merge pull request #2 from moby/cli-ghsa-99pg-grm5-qq3v-default-authconfig-20.10
[20.10] registry: ensure default auth config has address
2021-09-09 20:40:54 +02:00
Sebastiaan van Stijn 061051c24d
docs: add missing redirect, and remove /go/experimental redirect
The /go/ redirects are now defined in the docs repository, so the one
we defined here can be removed.
Also adds a missing redirect for an old URL to the main CLI page.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 463746ff22)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-23 17:50:43 +02:00
Sebastiaan van Stijn 62eae52c2a
Merge pull request #3236 from thaJeztah/20.10_backport_bump_go_1.16.7
[20.10 backport] Update Go to 1.16.7
2021-08-17 14:11:07 +02:00
Sebastiaan van Stijn 2012fbf111
Update Go to 1.16.7
go1.16.7 (released 2021-08-05) includes a security fix to the net/http/httputil
package, as well as bug fixes to the compiler, the linker, the runtime, the go
command, and the net/http package. See the Go 1.16.7 milestone on the issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.7+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3112b382a3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-07 18:24:03 +02:00
Samuel Karp 42d1c02750
registry: ensure default auth config has address
Signed-off-by: Samuel Karp <skarp@amazon.com>
2021-07-29 19:57:58 -07:00
Sebastiaan van Stijn 3967b7d28e
Merge pull request #3224 from thaJeztah/20.10_backport_bump_go_1.16.6
[20.10 backport] Bump go 1.16.6
2021-07-29 15:55:47 +02:00
Sebastiaan van Stijn 0b924e51fc
Update to go1.16.6
Keeping the dockerfiles/Dockerfile.cross image at 1.13, as we don't
have more current versions of that image. However, I don't think it's
still used, so we should remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a477a727fc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:11:44 +02:00
Sebastiaan van Stijn 6288e8b1ac
change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test
Golang uses a `sync.Once` when determining the proxy to use. This means
that it's not possible to test the proxy configuration in unit tests,
because the proxy configuration will be "fixated" the first time Golang
detects the proxy configuration.

This patch changes TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e
test so that we can verify the CLI picks up the proxy configuration.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 40c6b117e7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:11:10 +02:00
Sebastiaan van Stijn 1e9575e81a
cli/config/configfile: various test cleanups
- use var/const blocks when declaring a list of variables
- use const where possible

TestCheckKubernetesConfigurationRaiseAnErrorOnInvalidValue:

- use keys when assigning values
- make sure test is dereferenced in the loop
- use subtests

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit be327a4f0f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:10:40 +02:00
Sebastiaan van Stijn c98e9c47ca
Use designated test domains (RFC2606) in tests
Some tests were using domain names that were intended to be "fake", but are
actually registered domain names (such as mycorp.com).

Even though we were not actually making connections to these domains, it's
better to use domains that are designated for testing/examples in RFC2606:
https://tools.ietf.org/html/rfc2606

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f3886f354a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:10:38 +02:00
Sebastiaan van Stijn a6f6b5fa34
Merge pull request #3219 from thaJeztah/20.10_backport_deprecate_encrypted_tls
[20.10 backport] context: deprecate support for encrypted TLS private keys
2021-07-29 11:40:02 +02:00
Sebastiaan van Stijn 8437cfefae
context: deprecate support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 15535d4594)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 15:48:11 +02:00
Sebastiaan van Stijn 68a5ca859f
cli/context: ignore linting warnings about RFC 1423 encryption
From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

When linting on Go 1.16:

    cli/context/docker/load.go:69:6: SA1019: x509.IsEncryptedPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
            if x509.IsEncryptedPEMBlock(pemBlock) {
               ^
    cli/context/docker/load.go:70:20: SA1019: x509.DecryptPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
                keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(c.TLSPassword))
                                ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2688f25eb7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 15:48:09 +02:00
Sebastiaan van Stijn f9d091f4b1
Merge pull request #3174 from thaJeztah/20.10_backport_deprecate_kube
[20.10 backport] Deprecate Kubernetes stack support
2021-07-28 15:47:43 +02:00
Silvin Lubecki e9b8231d6a
Merge pull request #3205 from thaJeztah/20.10_backport_update_dockerfile_syntax
[20.10 backport] Update Dockerfiles to latest syntax, remove "experimental"
2021-07-22 15:42:42 +02:00
Sebastiaan van Stijn 8a64739631
Update Dockerfiles to latest syntax, remove "experimental"
The experimental image is deprecated (now "labs"), and the features we use
are now included in the regular (stable) syntax.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 48dbf6f3cf)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-22 14:57:33 +02:00
Silvin Lubecki a555c853b0
Merge pull request #3200 from thaJeztah/20.10_backport_update_md2man
[20.10 backport] Update go-md2man to v2.0.1 to fix table rendering in man-pages
2021-07-22 14:44:56 +02:00
Sebastiaan van Stijn 260ba1a8a2
vendor: cpuguy83/go-md2man/v2 v2.0.1
full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.0...v2.0.1

- Fix handling multiple definition descriptions
- Fix inline markup causing table cells to split
- Remove escaping tilde character (prevents tildes (`~`) from disappearing).
- Do not escape dash, underscore, and ampersand (prevents ampersands (`&`) from disappearing).
- Ignore unknown HTML tags to prevent noisy warnings

With this, generating manpages becomes a lot less noisy; no more of these:

    WARNING: go-md2man does not handle node type HTMLSpan
    WARNING: go-md2man does not handle node type HTMLSpan
    WARNING: go-md2man does not handle node type HTMLSpan

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 13e8225007)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-21 11:04:19 +02:00
Sebastiaan van Stijn f63cb8b97e
vendor: github.com/russross/blackfriday/v2 v2.1.0
removes the github.com/shurcooL/sanitized_anchor_name dependency

full diff: https://github.com/russross/blackfriday/compare/v2.0.1...v2.1.0

- Committed to github.com/russross/blackfriday/v2 as the canonical import path for blackfriday v2.
- Reduced the amount of dependencies.
- Added a SanitizedAnchorName function.
- Added Node.IsContainer and Node.IsLeaf methods.
- Fixed parsing of links that end with a double backslashes.
- Fixed an issue where fence length wasn't computed.
- Improved the default value for the HTMLRendererParameters.FootnoteReturnLinkContents field.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ef14ae09bb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-21 11:03:01 +02:00
Sebastiaan van Stijn c1492eabde
Merge pull request #3196 from thaJeztah/20.10_backport_go1.17_for_windows
[20.10 backport] Dockerfile: remove custom go build for windows/arm64
2021-07-19 14:52:01 +02:00
Tonis Tiigi 48e6b44379
Dockerfile: remove custom go build for windows/arm64
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit f3d1b02e2b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-19 14:35:07 +02:00
Sebastiaan van Stijn bfcd17b5b7
Merge pull request #3175 from thaJeztah/20.10_backport_docs_fixes
[20.10 backport] docs fixes
2021-07-07 12:30:30 +02:00
Sebastiaan van Stijn 8279b718ea
Merge pull request #3176 from thaJeztah/20.10_backport_update_ci_engine
[20.10 backport] CI: update engine versions and Jenkins labels
2021-07-02 17:38:48 +02:00
Sebastiaan van Stijn 644c003606
circleCI: update docker engine to 20.10.6
20.10.6 looks to be the latest supported version:
https://circleci.com/docs/2.0/building-docker-images/#docker-version

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c6cd0493ab)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:53:15 +02:00
Sebastiaan van Stijn 0d17280a30
Jenkinsfile: update old engine version to 19.03
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 661b87ac9b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:53:13 +02:00
Sebastiaan van Stijn eedfe50a99
Jenkinsfile: update labels to prevent running on cgroups v2
The dind engine version that we use in e2e does not support cgroups v2,
so if we landed on an Ubuntu 20.04 node with cgroups v2 enabled, CI failed:

    Stderr:   Error response from daemon: cgroups: cgroup mountpoint does not exist: unknown

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2849437f21)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:53:11 +02:00
Metal f3dd1ee6c1
Fix minor wording
Signed-off-by: Metal <2466052+tedhexaflow@users.noreply.github.com>
(cherry picked from commit 3b502ca00e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:44:11 +02:00
OKA Naoya c7cf60f657
docs: Fix wrong bridge driver option
Signed-off-by: OKA Naoya <git@okanaoya.com>
(cherry picked from commit 10e909a26c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:44:09 +02:00
Mathieu Champlon 1d37fb3027
Deprecate Kubernetes context support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
(cherry picked from commit a033cdf515)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:36:33 +02:00
Mathieu Champlon 0793f96394
Deprecate Kubernetes stack support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
(cherry picked from commit c05f0f5957)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:36:31 +02:00
Mathieu Champlon b639ea8b89
Deprecate Kubernetes stack support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
(cherry picked from commit 7190255a68)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:36:28 +02:00
Silvin Lubecki 063e3dd329
Merge pull request #3156 from thaJeztah/20.10_backport_bump_credential_helpers
[20.10 backport] vendor: github.com/docker/docker-credential-helpers v0.6.4
2021-06-23 15:11:28 +02:00
Sebastiaan van Stijn 0168626037
vendor: github.com/docker/docker-credential-helpers v0.6.4
full diff: 38bea2ce27...v0.6.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7672267e16)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-22 23:56:03 +02:00
Silvin Lubecki 00ea8bdc41
Merge pull request #3132 from thaJeztah/20.10_backport_bump_term_ansiterm
[20.10 backport] vendor: moby/term, Azure/go-ansiterm for golang.org/x/sys/windows compat
2021-06-21 14:18:37 +02:00
Sebastiaan van Stijn e3a9a92b14
vendor: moby/term, Azure/go-ansiterm for golang.org/x/sys/windows compat
Changes:

- winterm: GetStdFile(): Added compatibility with "golang.org/x/sys/windows"
- winterm: fix GetStdFile() falltrough
- update deprecation message to refer to the correct replacement
- add go.mod
- Fix int overflow
- Convert int to string using rune()

full diff:

- bea5bbe245...3f7ff695ad
- d6e3b3328b...d185dfc1b5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b5bc279901)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 13:32:31 +02:00
Silvin Lubecki 6da4ee40c7
Merge pull request #3123 from thaJeztah/20.10_backport_bump_docker_20.10.7
[20.10] vendor: github.com/docker/docker v20.10.7
2021-06-15 14:06:14 +02:00
Sebastiaan van Stijn ab733b5564
[20.10] vendor: github.com/docker/docker v20.10.7
full diff: 46229ca1d8...v20.10.7

This is the equivalent of 49f6071532 on master, but
the vendored version in 20.10 was different. Last updates where:

- Master: 7bef248765
    - diff: https://github.com/moby/moby/compare/v20.10.1...d5209b29b9777e0b9713d87847a5dc8ce9d93da6
    - d5209b29b9 is a commit from moby "master"
- 20.10: 5941f4104a
    - diff: https://github.com/docker/docker/compare/v20.10.1...46229ca1d815cfd4b50eb377ac75ad8300e13a85
    - 46229ca1d8 is a commit from moby "20.10"

The 20.10 version mentions it was cherry-picked from 7bef248765,
but that's not the case; there's another diff in the 20.10 branch that was not in
master: d5209b29b9...46229ca1d815cfd4b50eb377ac75ad8300e13a85
raw diff d5209b29b9..46229ca1d815cfd4b50eb377ac75ad8300e13a85

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-07 11:53:56 +02:00
Silvin Lubecki f0df35096d
Merge pull request #3107 from thaJeztah/20.10_backport_sigurg_handling
[20.10 backport] Ignore SIGURG on Unix (including Darwin)
2021-05-31 11:40:07 +02:00
Silvin Lubecki f485f66943
Merge pull request #3111 from thaJeztah/20.10_backport_fix_reference_link
[20.10 backport] docs: fix link to command-line reference
2021-05-31 09:45:27 +02:00
Sebastiaan van Stijn 746c553574
docs: fix link to command-line reference
This link worked on GitHub, but was broken on docs.docker.com, so
replacing with a regular link directly to the docs instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 04e6884f65)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-26 14:17:34 +02:00
David Scott 2945ba4f7a
Ignore SIGURG on Darwin too
This extends #2929 to Darwin as well as Linux.

Running the example in https://github.com/golang/go/issues/37942
I see lots of:
```
dave@m1 sigurg % uname -ms
Darwin arm64

dave@m1 sigurg % go run main.go
received urgent I/O condition: 2021-05-21 16:03:03.482211 +0100 BST m=+0.014553751
received urgent I/O condition: 2021-05-21 16:03:03.507171 +0100 BST m=+0.039514459
```

Signed-off-by: David Scott <dave@recoil.org>
(cherry picked from commit cedaf44ea2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:38:46 +02:00
Sebastiaan van Stijn 032e485e1c
ForwardAllSignals: check if channel is closed, and remove warning
Commit fff164c22e modified ForwardAllSignals to
take `SIGURG` signals into account, which can be generated by the Go runtime
on Go 1.14 and up as an interrupt to support pre-emptable system calls on Linux.

With the updated code, the signal (`s`) would sometimes be `nil`, causing spurious
(but otherwise harmless) warnings to be printed;

    Unsupported signal: <nil>. Discarding.

To debug this issue, I patched v20.10.4 to handle `nil`, and added a debug line
to print the signal in all cases;

```patch
diff --git a/cli/command/container/signals.go b/cli/command/container/signals.go
index 06e4d9eb6..0cb53ef06 100644
--- a/cli/command/container/signals.go
+++ b/cli/command/container/signals.go
@@ -22,8 +22,9 @@ func ForwardAllSignals(ctx context.Context, cli command.Cli, cid string, sigc <-
                case <-ctx.Done():
                        return
                }
+               fmt.Fprintf(cli.Err(), "Signal: %v\n", s)

               if s == signal.SIGCHLD || s == signal.SIGPIPE {
```

When running a cross-compiled macOS binary with Go 1.13 (`make -f docker.Makefile binary-osx`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    ^CSignal: interrupt
    Cloning into 'getting-started'...
    error: could not lock config file /git/getting-started/.git/config: No such file or directory
    fatal: could not set 'core.repositoryformatversion' to '0'
    Signal: <nil>
    Signal: <nil>

When running a macOS binary built with Go 1.15 (`DISABLE_WARN_OUTSIDE_CONTAINER=1 make binary`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    # this is the same as on Go 1.13
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    ^CSignal: interrupt
    Signal: urgent I/O condition
    Signal: urgent I/O condition
    fatal: --stdin requires a git repository
    fatal: index-pack failed
    Signal: <nil>
    Signal: <nil>

This patch checks if the channel is closed, and removes the warning (to prevent warnings if new
signals are added that are not in our known list of signals)

We should also consider updating `notfiyAllSignals()`, which currently forwards
_all_ signals (`signal.Notify(sigc)` without passing a list of signals), and
instead pass it "all signals _minus_ the signals we don't want forwarded":
35f023a7c2/cli/command/container/signals.go (L55)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9342ec6b71)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:36:29 +02:00
Brian Goff 88de81ff21
Fix `docker start` blocking on signal handling
We refactorted `ForwardAllSignals` so it blocks but did not update the
call in `start` to call it in a goroutine.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit e1a7517514)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:35:59 +02:00