Commit Graph

8129 Commits

Author SHA1 Message Date
Sebastiaan van Stijn ad2bff2c0a
Dockerfile: update buildx to v0.9.0
release notes: https://github.com/docker/buildx/releases/tag/v0.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-17 01:06:06 +02:00
Sebastiaan van Stijn 8ffaab8bb6
Merge pull request #3730 from matletix/master
Move notes about required buildkit
2022-08-16 17:21:30 +02:00
Mathieu Rollet f41cbf9dc1
Move notes about required buildkit
Signed-off-by: Mathieu Rollet <matletix@gmail.com>
2022-08-16 15:09:57 +02:00
Sebastiaan van Stijn e1f24d3c93
Merge pull request #3729 from giodamelio/patch-3
Update link to libnetwork docs
2022-08-08 10:24:37 +02:00
Gio d'Amelio 2475b07d07 Update link to libnetwork docs
Signed-off-by: Gio d'Amelio <giodamelio@gmail.com>
2022-08-07 00:14:39 +00:00
Sebastiaan van Stijn f52ac07b82
Merge pull request #3725 from thaJeztah/bump_go_1.18.5
Update golang to 1.18.5
2022-08-04 11:19:07 +02:00
Sebastiaan van Stijn 418ca3b4d4
Merge pull request #3722 from thaJeztah/carry_nicks_issue3652
cli: set timeout connection ping on sockets as well
2022-08-04 00:03:30 +02:00
Sebastiaan van Stijn 6191b662b3
Update golang to 1.18.5
Update Go runtime to 1.18.5 to address CVE-2022-32189.

Full diff: https://github.com/golang/go/compare/go1.18.4...go1.18.5

--------------------------------------------------------

From the security announcement:
https://groups.google.com/g/golang-announce/c/YqYYG87xB10

We have just released Go versions 1.18.5 and 1.17.13, minor point
releases.

These minor releases include 1 security fixes following the security
policy:

encoding/gob & math/big: decoding big.Float and big.Rat can panic

Decoding big.Float and big.Rat types can panic if the encoded message is
too short.

This is CVE-2022-32189 and Go issue https://go.dev/issue/53871.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.18.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-03 20:17:18 +02:00
Tõnis Tiigi 5c511f4f85
Merge pull request #3717 from crazy-max/keep-dwarf-symbol-table
missing DWARF symbol table
2022-08-01 09:10:52 -07:00
Sebastiaan van Stijn e198123693
Merge pull request #3721 from thaJeztah/context_optimisations
context use: don't create/update config file and directories if not needed
2022-07-29 14:46:28 +02:00
Nick Santos 1d9ab7803a
cli: set timeout connection ping on sockets as well
Note that this does not fully fix the referenced issue, but
at least makes sure that API clients don't hang forever on
the initialization step.

See: https://github.com/docker/cli/issues/3652
Signed-off-by: Nick Santos <nick.santos@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-29 14:34:01 +02:00
Sebastiaan van Stijn f87d7ed864
context use: don't create/update config file and directories if not needed
Avoid updating the config-file if nothing changed. This also prevents creating
the file and config-directory if the default is used and no config-file existed
yet.

`config.Save()` performs various steps (creating the directory, updating
or copying permissions, etc etc), which are not needed if the defaults are
used; a445d97c25/cli/config/configfile/file.go (L135-L176)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-29 14:20:05 +02:00
Sebastiaan van Stijn cee286ff63
context use: skip validation for "default" context
This code was handling validation and parsing, only to discard the
results if it was the default context.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-29 12:23:39 +02:00
Sebastiaan van Stijn 7963778e0a
Merge pull request #3668 from nicks/nicks/issue-3667
command: print appropriate warning messages on 'context list'/'contex…
2022-07-29 12:23:10 +02:00
Nick Santos 50893d72d4
also treat DOCKER_CONTEXT='' as unset
Signed-off-by: Nick Santos <nick.santos@docker.com>
2022-07-29 11:05:42 +02:00
Nick Santos aa7b1b24a5
command: treat DOCKER_HOST the same if it's empty or unset
print appropriate warning messages on 'context list'/'context use'

Signed-off-by: Nick Santos <nick.santos@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-29 11:04:52 +02:00
CrazyMax 6f799c1a1c
dockerfile: llvm needed on debian for cross comp
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-07-28 22:49:07 +02:00
Sebastiaan van Stijn a445d97c25
Merge pull request #3715 from thaJeztah/context_cleanup_part1a
cli/command: remove unused args from ResolveDefaultContext()
2022-07-27 23:02:53 +02:00
CrazyMax 87b085c8cd
missing DWARF symbol table
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-07-25 11:27:09 +02:00
Sebastiaan van Stijn f1615facb1
Merge pull request #3713 from thaJeztah/update_engine
vendor: docker v20.10.3-0.20220720171342-a60b458179aa (22.06 branch)
2022-07-21 18:32:25 +02:00
Sebastiaan van Stijn 049811fef0
cli/command/context: remove newContextMetadata() utility
Inlining what it does

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-21 18:16:12 +02:00
Sebastiaan van Stijn 5ed92699f3
cli/command: remove WithContextEndpointType() as it's unused
This was added in 3126920af1, and modified in
520be05c49, but is not used anywhere.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-21 18:11:50 +02:00
Sebastiaan van Stijn 6874c2e80b
cli/command: remove unused args from ResolveDefaultContext()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-21 18:11:48 +02:00
Sebastiaan van Stijn 38992c2f76
Merge pull request #3704 from rouralberto/master
Removed feminine reference
2022-07-21 18:04:05 +02:00
Sebastiaan van Stijn 07113638c1
vendor: docker v20.10.3-0.20220720171342-a60b458179aa (22.06 branch)
full diff: 4eb1c5bd52...a60b458179

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-21 17:44:40 +02:00
Sebastiaan van Stijn f175f5d177
vendor: remove replace rule for github.com/gogo/googleapis
it's an indirect dependency, and not used

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-21 17:32:15 +02:00
Sebastiaan van Stijn 65d45664b1
vendor: golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
full diff: 33da011f77...bc2c85ada1

notable changes;

- unix: use ByteSliceFromString in (*Ifreq).Name
- unix: update openbsd Statfs_t fields

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-21 17:32:13 +02:00
Sebastiaan van Stijn d84255c109
Merge pull request #3488 from SpringLeee/patch-1
docs: minimum memory limit 4M -> 6M
2022-07-21 12:30:49 +02:00
Sebastiaan van Stijn 4411b515f5
Merge pull request #3656 from thaJeztah/fix_info_empty_labels
info: fix output including "Labels:" if no labels were set
2022-07-19 21:09:25 +02:00
Sebastiaan van Stijn e5c05a6749
Merge pull request #3708 from thaJeztah/gofmt_119
format (GoDoc) comments with Go 1.19 to prepare for go updates
2022-07-19 21:08:02 +02:00
Sebastiaan van Stijn 90756d9665
Merge pull request #3706 from thaJeztah/bump_go_1.18.4
update golang to 1.18.4
2022-07-19 21:07:25 +02:00
Sebastiaan van Stijn 82427d1a07
format (GoDoc) comments with Go 1.19 to prepare for go updates
Older versions of Go do not format these comments, so we can already
reformat them ahead of time to prevent gofmt linting failing once
we update to Go 1.19 or up.

Result of:

    gofmt -s -w $(find . -type f -name '*.go' | grep -v "/vendor/")

With some manual adjusting.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-19 19:10:16 +02:00
Sebastiaan van Stijn 3564b7d375
Merge pull request #3705 from thaJeztah/no_unauthorized
remove uses of client.IsErrUnauthorized()
2022-07-19 17:48:23 +02:00
Sebastiaan van Stijn 046e7e61f5
update golang to 1.18.4
go1.18.4 (released 2022-07-12) includes security fixes to the compress/gzip,
encoding/gob, encoding/xml, go/parser, io/fs, net/http, and path/filepath
packages, as well as bug fixes to the compiler, the go command, the linker,
the runtime, and the runtime/metrics package. See the Go 1.18.4 milestone on the
issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.18.4+label%3ACherryPickApproved

This update addresses:

CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631,
CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, and CVE-2022-32148.

Full diff: https://github.com/golang/go/compare/go1.18.3...go1.18.4

From the security announcement;
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

We have just released Go versions 1.18.4 and 1.17.12, minor point releases. These
minor releases include 9 security fixes following the security policy:

- net/http: improper sanitization of Transfer-Encoding header

  The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating
  a "chunked" encoding. This could potentially allow for request smuggling, but
  only if combined with an intermediate server that also improperly failed to
  reject the header as invalid.

  This is CVE-2022-1705 and https://go.dev/issue/53188.

- When `httputil.ReverseProxy.ServeHTTP` was called with a `Request.Header` map
  containing a nil value for the X-Forwarded-For header, ReverseProxy would set
  the client IP as the value of the X-Forwarded-For header, contrary to its
  documentation. In the more usual case where a Director function set the
  X-Forwarded-For header value to nil, ReverseProxy would leave the header
  unmodified as expected.

  This is https://go.dev/issue/53423 and CVE-2022-32148.

  Thanks to Christian Mehlmauer for reporting this issue.

- compress/gzip: stack exhaustion in Reader.Read

  Calling Reader.Read on an archive containing a large number of concatenated
  0-length compressed files can cause a panic due to stack exhaustion.

  This is CVE-2022-30631 and Go issue https://go.dev/issue/53168.

- encoding/xml: stack exhaustion in Unmarshal

  Calling Unmarshal on a XML document into a Go struct which has a nested field
  that uses the any field tag can cause a panic due to stack exhaustion.

  This is CVE-2022-30633 and Go issue https://go.dev/issue/53611.

- encoding/xml: stack exhaustion in Decoder.Skip

  Calling Decoder.Skip when parsing a deeply nested XML document can cause a
  panic due to stack exhaustion. The Go Security team discovered this issue, and
  it was independently reported by Juho Nurminen of Mattermost.

  This is CVE-2022-28131 and Go issue https://go.dev/issue/53614.

- encoding/gob: stack exhaustion in Decoder.Decode

  Calling Decoder.Decode on a message which contains deeply nested structures
  can cause a panic due to stack exhaustion.

  This is CVE-2022-30635 and Go issue https://go.dev/issue/53615.

- path/filepath: stack exhaustion in Glob

  Calling Glob on a path which contains a large number of path separators can
  cause a panic due to stack exhaustion.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2022-30632 and Go issue https://go.dev/issue/53416.

- io/fs: stack exhaustion in Glob

  Calling Glob on a path which contains a large number of path separators can
  cause a panic due to stack exhaustion.

  This is CVE-2022-30630 and Go issue https://go.dev/issue/53415.

- go/parser: stack exhaustion in all Parse* functions

  Calling any of the Parse functions on Go source code which contains deeply
  nested types or declarations can cause a panic due to stack exhaustion.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2022-1962 and Go issue https://go.dev/issue/53616.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 10:52:34 +02:00
Sebastiaan van Stijn a4caf8e89d
remove uses of client.IsErrUnauthorized()
This function is scheduled to be deprecated, so replacing its use.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 10:49:00 +02:00
Alberto Roura 0b1b5957c7 Removed feminine reference
Signed-off-by: Alberto Roura <mail@albertoroura.com>
2022-07-13 11:17:32 +10:00
Sebastiaan van Stijn 8dd94d3824
Merge pull request #3700 from vvoland/new-curators
Add Bruno and Paweł to curators
2022-07-07 22:12:57 +02:00
Paweł Gronowski e7a1f14d38 maintainers: Add Paweł Gronowski as curator
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2022-07-07 14:03:25 +02:00
Paweł Gronowski c25ff58cb2 maintainers: Add Bruno de Sousa as curator
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2022-07-07 14:01:41 +02:00
Sebastiaan van Stijn a9ae026984
Merge pull request #3655 from thaJeztah/docs_ps_notrunc
docs: add missing --no-trunc in example
2022-07-06 21:55:35 +02:00
Sebastiaan van Stijn 4f6679050e
Merge pull request #3687 from crazy-max/dockerfile-ref-moved
docs: dockerfile reference moved to buildkit repo
2022-07-05 09:49:33 +02:00
Sebastiaan van Stijn 8d9b95603a
Merge pull request #3692 from thaJeztah/validate_pull_opts
container: validate --pull option on create and run
2022-06-30 21:45:07 +02:00
Sebastiaan van Stijn 4460252b43
Merge pull request #3694 from thaJeztah/reference_canonical_aliases
cli: use custom annotation for aliases
2022-06-30 21:44:08 +02:00
Sebastiaan van Stijn 2280a9d5a7
Merge pull request #3670 from thaJeztah/fix_quotes_panic
opts: fix potential panic in trimQuotes
2022-06-30 20:56:09 +02:00
Sebastiaan van Stijn 80b1285fec cli: use custom annotation for aliases
Cobra allows for aliases to be defined for a command, but only allows these
to be defined at the same level (for example, `docker image ls` as alias for
`docker image list`). Our CLI has some commands that are available both as a
top-level shorthand as well as `docker <object> <verb>` subcommands. For example,
`docker ps` is a shorthand for `docker container ps` / `docker container ls`.

This patch introduces a custom "aliases" annotation that can be used to print
all available aliases for a command. While this requires these aliases to be
defined manually, in practice the list of aliases rarely changes, so maintenance
should be minimal.

As a convention, we could consider the first command in this list to be the
canonical command, so that we can use this information to add redirects in
our documentation in future.

Before this patch:

    docker images --help

    Usage:  docker images [OPTIONS] [REPOSITORY[:TAG]]

    List images

    Options:
      -a, --all             Show all images (default hides intermediate images)
      ...

With this patch:

    docker images --help

    Usage:  docker images [OPTIONS] [REPOSITORY[:TAG]]

    List images

    Aliases:
      docker image ls, docker image list, docker images

    Options:
      -a, --all             Show all images (default hides intermediate images)
      ...

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-28 17:32:09 +02:00
Sebastiaan van Stijn 05d288eb06
Merge pull request #3693 from thaJeztah/cli_usage_aliases
cli: print full command as aliases in usage output
2022-06-28 17:31:30 +02:00
Sebastiaan van Stijn 8403f06629
Merge pull request #3691 from thaJeztah/fix_conflicting_names
cli/command/container: rename variable that collided with import
2022-06-28 14:03:51 +02:00
Sebastiaan van Stijn 190dac77bd
container: validate --pull option on create and run
Before this change, specifying the `--pull` flag without a value, could
result in the flag after it, or the positional argument to be used as
value.

This patch makes sure that the value is an expected value;

    docker create --pull --rm hello-world
    docker: invalid pull option: '--rm': must be one of "always", "missing" or "never".

    docker run --pull --rm hello-world
    docker: invalid pull option: '--rm': must be one of "always", "missing" or "never".

    docker run --pull hello-world
    docker: invalid pull option: 'hello-world': must be one of "always", "missing" or "never".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-28 13:58:50 +02:00
Sebastiaan van Stijn 2d88c896bc
cli: print full command as aliases in usage output
The default output for Cobra aliases only shows the subcommand as alias, which
is not very intuitive. This patch changes the output to print the full command
as it would be called by the user.

Note that there's still some improvements to be made; due to how aliases must be
set-up in Cobra, aliases at different "levels" are still not shown. So for example,
`docker ps --help` will not show `docker container ps` as alias, and vice-versa.
This will require additional changes, and can possibly be resolved using custom
metadata/annotations.

Before this patch:

    docker container ls --help

    Usage:  docker container ls [OPTIONS]

    List containers

    Aliases:
      ls, ps, list

After this patch:

    docker container ls --help

    Usage:  docker container ls [OPTIONS]

    List containers

    Aliases:
      docker container ls, docker container ps, docker container list

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-28 11:03:30 +02:00
Sebastiaan van Stijn 44f3b87f0e
Merge pull request #3627 from vvoland/3554-exec-size
command/exec: Fill ConsoleSize
2022-06-27 17:26:02 +02:00