The kernel memory limit is deprecated in Docker 20.10.0,
and its support was removed in runc v1.0.0-rc94.
So, this warning can be safely removed.
Relevant: b8ca7de823
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
- use var/const blocks when declaring a list of variables
- use const where possible
TestCheckKubernetesConfigurationRaiseAnErrorOnInvalidValue:
- use keys when assigning values
- make sure test is dereferenced in the loop
- use subtests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some tests were using domain names that were intended to be "fake", but are
actually registered domain names (such as mycorp.com).
Even though we were not actually making connections to these domains, it's
better to use domains that are designated for testing/examples in RFC2606:
https://tools.ietf.org/html/rfc2606
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
IPvlan networks were moved out of experimental in Docker 19.03, and
the docs were migrated to the docs repository through;
https://github.com/docker/docker.github.io/pull/12735
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- rename "experimental" to "labs"
- rephrase recommendation for picking a version
- clarify that the "labs" channel provides a superset of the "stable" channel.
- remove "External implementation features" section, because it overlapped
with the "syntax" section.
- removed `:latest` from the "stable" channel (generally not recommended)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- update some examples to show the BuildKit output
- remove some wording about "images" being used for the build cache
- add a link to the `--cache-from` section
- added a link to "scanning your image with `docker scan`"
- updated link to "push your image"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use "console" for code-hints, to make process output distinguishable
from the commands that are executed
- use a consistent prompt for powershell examples
- minor changes in wording around "build context" to reduce confusion
with `docker context`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This allows setting WINDRES to mingw's windres.
For the record, mingw's windres needs --use-temp-file for a weird reason:
in that case, it keeps preprocessor arguments intact (including quotes),
without it, mingw's windres calls popen, which happens to pass the entire
command to sh -c, stripping quotes after evaluation and causing a syntax
error in mingw's windres.
To use mingw's windres, set WINDRES to:
- `x86_64-w64-mingw32-windres` on 64 bit
- `i686-w64-mingw32-windres` on 32 bit
Signed-off-by: Tibor Vass <tibor@docker.com>
When the git checkout is dirty on top of a git tag (i.e., v20.10.6.m),
the VERSION_QUAD was keeping a trailing comma.
Now the trailing comma is stripped.
Signed-off-by: Tibor Vass <tibor@docker.com>
New solution is not hardcoded to amd64 but integrates
with the cross toolchain and support creating arm binaries.
Go has been updated so that ASLR works
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Using cross compilation toolchains that work from any platform
Adds darwin/arm64 support and bake targets. Static and dynamic
binary targets are available, both with glibc and musl.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Updates the stop.md doc to mention that the stop signal can be changed, either with the Dockerfile or via `docker run --stop-signal`. This is a real gotcha if you're not familiar with this feature and build a container that extends a container that uses `STOPSIGNAL`.
Signed-off-by: Christopher Vermilion <christopher.vermilion@gmail.com>
no change in local code, but updates some dependencies to more recent
versions, which may help users that consume docker/cli to get a better
selection (when using go modules).
full diff: 5f1f4a34f4...bf96a202a0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
recommend using `docker container prune`, but show an example on
how to combine commands with a bit more context and warnings
about portability/compatibility.
Thanks to Charlie Arehart to do the initial work on this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Relates to the deprecation, added in 3c0a167ed5
The docker CLI up until v1.7.0 used the `~/.dockercfg` file to store credentials
after authenticating to a registry (`docker login`). Docker v1.7.0 replaced this
file with a new CLI configuration file, located in `~/.docker/config.json`. When
implementing the new configuration file, the old file (and file-format) was kept
as a fall-back, to assist existing users with migrating to the new file.
Given that the old file format encourages insecure storage of credentials
(credentials are stored unencrypted), and that no version of the CLI since
Docker v1.7.0 has created this file, the file is marked deprecated, and support
for this file will be removed in a future release.
This patch adds a deprecation warning, which is printed if the CLI falls back
to using the deprecated ~/.dockercfg file.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
On Windows, the os/exec.{Command,CommandContext,LookPath} functions
resolve command names that have neither path separators nor file extension
(e.g., "git") by first looking in the current working directory before
looking in the PATH environment variable.
Go maintainers intended to match cmd.exe's historical behavior.
However, this is pretty much never the intended behavior and as an abundance of precaution
this patch prevents that when executing commands.
Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`.
Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`,
the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker.
Signed-off-by: Tibor Vass <tibor@docker.com>