Commit Graph

8989 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 41183c2c92
Merge pull request #4514 from thaJeztah/patternmatcher_dockerignore
replace dockerfile/dockerignore with patternmatcher/ignorefile
2023-08-23 13:53:41 +02:00
Sebastiaan van Stijn c7a3a307be
Merge pull request #4516 from thaJeztah/cgroup_parent_description
update flag-description for --cgroup-parent
2023-08-23 13:53:17 +02:00
Sebastiaan van Stijn 3d11292731
Merge pull request #4505 from guss77/docker-cli-slows-bash-init
Docker cli slows bash init
2023-08-23 13:30:58 +02:00
Oded Arbel 1da67be9ca Stop slowing bash init by caching plugins path slowly
Fixes issue #3889 by only loading docker plugins path when needed: if it is fast enough than it shouldn't be a problem to do this on demand; OTOH if it is slow then we shouldn't do this during *every* bash session initialization, regardless if docker completion will be needed or not.

Signed-off-by: Oded Arbel <oded@geek.co.il>
2023-08-23 13:40:29 +03:00
Sebastiaan van Stijn 5bff12354d
replace dockerfile/dockerignore with patternmatcher/ignorefile
The BuildKit dockerignore package was migrated to the patternmatcher
repository / module. This patch updates our uses of the BuildKit package
with its new location.

A small local change was made to keep the format of the existing error message,
because the "ignorefile" package is slightly more agnostic in that respect
and doesn't include ".dockerignore" in the error message.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 12:09:12 +02:00
Sebastiaan van Stijn 55ff9e6093
vendor: github.com/moby/patternmatcher v0.6.0
- integrate frontend/dockerfile/dockerignore from buildkit

full diff: https://github.com/moby/patternmatcher/compare/v0.5.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 12:09:12 +02:00
Sebastiaan van Stijn b3f82071e2
Merge pull request #4506 from thaJeztah/lazy_ping
cmd/docker: areFlagsSupported: don't Ping if not needed
2023-08-23 11:46:59 +02:00
Sebastiaan van Stijn e050312e6d
update flag-description for --cgroup-parent
This attempts to make it clearer that the --cgroup-parent option is only used
for the containers used during build. Instead of mentioning "build container",
I opted for using "RUN instructions" (to match the --network description),
although this may not be ideal (as it assumes the "Dockerfile" front-end, which
of course may not be the case).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 11:39:32 +02:00
Sebastiaan van Stijn 17df150321
Merge pull request #4511 from thaJeztah/manifest_token_actions
cli/registry/client: set actions when authn with token
2023-08-22 17:57:56 +02:00
Sebastiaan van Stijn d2047b954e
cli/registry/client: set actions when authn with token
When using a personal access token, Docker Hub produces an error if actions
are requested beyond the token's allowed actions. This resulted in errors
when using a PAT with limited permissions to do a "docker manifest inspect".

This patch sets actions to "pull" only by default, and requests "push" action
for requests that need it.

To verify:

- create a PAT with limited access (read-only)
- log in with your username and the PAT as password

Before this patch:

    docker manifest inspect ubuntu:latest
    Get "https://registry-1.docker.io/v2/library/ubuntu/manifests/latest": unauthorized: access token has insufficient scopes

With this patch applied:

    docker manifest inspect ubuntu:latest
    {
       "schemaVersion": 2,
       "mediaType": "application/vnd.oci.image.index.v1+json",
       "manifests": [
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:56887c5194fddd8db7e36ced1c16b3569d89f74c801dc8a5adbf48236fb34564",
             "platform": {
                "architecture": "amd64",
                "os": "linux"
             }
          },
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:c835a4f2a632bc91a2b494e871549f0dd83f2966c780e66435774e77e048ddf0",
             "platform": {
                "architecture": "arm",
                "os": "linux",
                "variant": "v7"
             }
          }
       ]
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 17:29:04 +02:00
Sebastiaan van Stijn 1c2cc4bbe3
info: add CDI spec directories to output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 14:05:07 +02:00
Sebastiaan van Stijn bb57783ab8
cmd/docker: areFlagsSupported: don't Ping if not needed
This is a similar fix as 006c946389, which
fixed this for detection of commands that were executed. Make sure we don't
call the "/_ping" endpoint if we don't need to.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 09:34:09 +02:00
Bjorn Neergaard cdabfa2aa5
Merge pull request #4497 from edmorley/improve-pruning-docs
Update docs/command output for volume pruning
2023-08-17 07:01:59 -06:00
Bjorn Neergaard 3dbf1af2ea
Merge pull request #4478 from rumpl/feat-pat-suggest
login: Add message about using PATs
2023-08-16 07:23:13 -06:00
Ed Morley 6e2e92d774
Update docs/command output for volume pruning
In previous versions of the Docker API, `system prune --volumes` and `volume prune`
would remove all dangling volumes. With API v1.42, this was changed so that only
anonymous volumes would be removed unless the all filter was specified.

Some of the docs were updated in #4218, however, there were a couple of places
left that didn't make the anonymous vs named volumes distinction clear.

This replaces #4079, which was bitrotted by #4218. See also #4028.

Closes #4079.

Signed-off-by: Ed Morley <501702+edmorley@users.noreply.github.com>
2023-08-12 14:22:23 +01:00
Sebastiaan van Stijn 9bd5ec504a
Merge pull request #4413 from thaJeztah/deprecate_is_autobuild
search: deprecate "is-automated" filter and "IsAutomated" field
2023-08-09 14:51:06 +02:00
Sebastiaan van Stijn 4fc3f0e6f6
search: deprecate "is-automated" filter and "IsAutomated" field
The IsAutomated field is being deprecated by Docker Hub's search API and
will always be "false" in future.

This patch:

- Deprecates the field and the related "is-automated" filter
- Removes the "AUTOMATED" column from the default output of "docker search"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-09 12:11:05 +02:00
Sebastiaan van Stijn 53671c2fef
Merge pull request #4488 from thaJeztah/registry_test_cleanups
cli/command/registry: cleanup "search" and "login" tests
2023-08-09 12:04:54 +02:00
Sebastiaan van Stijn 0c5eb94eb1
Merge pull request #4412 from thaJeztah/auth_use_config
cli/command: ResolveAuthConfig, GetDefaultAuthConfig: take ConfigFile as arg
2023-08-08 22:01:13 +02:00
Sebastiaan van Stijn 69dcccf5b6
Merge pull request #4399 from dvdksn/docs/host-gateway
docs: document special host-gateway value for add-host
2023-08-08 21:04:47 +02:00
David Karlsson 299925f4c3 docs: document special host-gateway value for add-host
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-08-08 17:37:44 +02:00
Sebastiaan van Stijn d1c04fb0f8
Merge pull request #4448 from thaJeztah/docs_add_DOCKER_TLS
docs: add missing docs for "DOCKER_TLS" env-var
2023-08-08 17:37:24 +02:00
Sebastiaan van Stijn 211220cbb0
cli/command: ResolveAuthConfig, GetDefaultAuthConfig: take ConfigFile as arg
Both these functions took the whole DockerCLI as argument, but only needed
the ConfigFile. ResolveAuthConfig also had an unused context.Context as
argument.

This patch updates both functions to accept a ConfigFile, and removes the
unused context.Context.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:35:16 +02:00
Sebastiaan van Stijn 57f0e46de1
cli/command/registry: cleanup login tests
- use consts for fixed values, and rename some for clarity
- remove testAuthErrors map and inline the logic (same as we do for other cases)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:32:03 +02:00
Sebastiaan van Stijn 84c956a171
cli/command/registry: cleanup search tests
- TestSearchContext: don't use un-keyed structs
- TestSearchContext: don't use CompareMultipleValues as it was not needed
- TestSearchContextDescription: don't use un-keyed structs
- TestSearchContextDescription: don't use CompareMultipleValues as it was not needed
- TestSearchContextWrite: don't use un-keyed structs, and include the
  code-comments into the test-table as names for the tests to give them
  some context.
- TestSearchContextWriteJSON and TestSearchContextWriteJSONField were not
  validating the output format, but validating if the JSON output could
  be marshalled back to a struct. Let's just role them into TestSearchContextWrite.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:32:03 +02:00
Sebastiaan van Stijn dc1359230f
Merge pull request #4485 from thaJeztah/update_engine
vendor: github.com/docker/docker 4b19b2f4babd (25.0-dev)
2023-08-08 17:29:41 +02:00
Sebastiaan van Stijn 3d0b14c3e3
vendor: github.com/docker/docker 4b19b2f4babd (25.0-dev)
full diff: dab9ffb252...4b19b2f4ba

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 09:41:47 +02:00
Sebastiaan van Stijn f38870e68a
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230713153928-bc71908479e5
full diff: 6f78b8199b...bc71908479

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-07 20:26:45 +02:00
Sebastiaan van Stijn a53b03520f
vendor: github.com/opencontainers/image-spec v1.1.0-rc4
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0-rc3...v1.1.0-rc4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-07 20:26:29 +02:00
Djordje Lukic 8d51f36ca3
login: Add message about using PATs
Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2023-08-03 10:35:04 +02:00
Sebastiaan van Stijn 06de1f8d2c
Merge pull request #4474 from thaJeztah/update_go1.20.7
update to go1.20.7
2023-08-02 11:50:28 +02:00
Sebastiaan van Stijn 6517db9398
update to go1.20.7
Includes a fix for CVE-2023-29409

go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls
package, as well as bug fixes to the assembler and the compiler. See the
Go 1.20.7 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.6...go1.20.7

From the mailing list announcement:

[security] Go 1.20.7 and Go 1.19.12 are released

Hello gophers,

We have just released Go versions 1.20.7 and 1.19.12, minor point releases.

These minor releases include 1 security fixes following the security policy:

- crypto/tls: restrict RSA keys in certificates to <= 8192 bits

  Extremely large RSA keys in certificate chains can cause a client/server
  to expend significant CPU time verifying signatures. Limit this by
  restricting the size of RSA keys transmitted during handshakes to <=
  8192 bits.

  Based on a survey of publicly trusted RSA keys, there are currently only
  three certificates in circulation with keys larger than this, and all
  three appear to be test certificates that are not actively deployed. It
  is possible there are larger keys in use in private PKIs, but we target
  the web PKI, so causing breakage here in the interests of increasing the
  default safety of users of crypto/tls seems reasonable.

  Thanks to Mateusz Poliwczak for reporting this issue.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 23:52:56 +02:00
Sebastiaan van Stijn bb0e232605
Merge pull request #4470 from thaJeztah/bump_containerd_1.6.22
vendor: github.com/containerd/containerd v1.6.22
2023-08-01 16:25:47 +02:00
Sebastiaan van Stijn 373fa57edc
vendor: github.com/containerd/containerd v1.6.22
- full diff: https://github.com/containerd/containerd/compare/v1.6.21...v1.6.22
- release notes: https://github.com/containerd/containerd/releases/tag/v1.6.22

---

Notable Updates

- RunC: Update runc binary to v1.1.8
- CRI: Fix `additionalGids`: it should fallback to `imageConfig.User`
  when `securityContext.RunAsUser`, `RunAsUsername` are empty
- CRI: Write generated CNI config atomically
- Fix concurrent writes for `UpdateContainerStats`
- Make `checkContainerTimestamps` less strict on Windows
- Port-Forward: Correctly handle known errors
- Resolve `docker.NewResolver` race condition
- SecComp: Always allow `name_to_handle_at`
- Adding support to run hcsshim from local clone
- Pinned image support
- Runtime/V2/RunC: Handle early exits w/o big locks
- CRITool: Move up to CRI-TOOLS v1.27.0
- Fix cpu architecture detection issue on emulated ARM platform
- Task: Don't `close()` io before `cancel()`
- Fix panic when remote differ returns empty result
- Plugins: Notify readiness when registered plugins are ready
- Unwrap io errors in server connection receive error handling

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-30 16:08:28 +02:00
Sebastiaan van Stijn a63f5606a6
Merge pull request #4469 from thaJeztah/bump_gotest_tools
vendor: gotest.tools/v3 v3.5.0
2023-07-30 15:57:34 +02:00
Sebastiaan van Stijn 0b535c791a
vendor: gotest.tools/v3 v3.5.0
- go.mod: update dependencies and go version by
- Use Go1.20
- Fix couple of typos
- Added `WithStdout` and `WithStderr` helpers
- Moved `cmdOperators` handling from `RunCmd` to `StartCmd`
- Deprecate `assert.ErrorType`
- Remove outdated Dockerfile
- add godoc links

full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-29 21:04:40 +02:00
Sebastiaan van Stijn e0e2772439
Merge pull request #4453 from thaJeztah/small_interface_waitExitOrRemoved
cli/command/container: waitExitOrRemoved: take APIClient as argument
2023-07-24 14:03:10 +02:00
Sebastiaan van Stijn 7a89e897ea
cli/command/container: waitExitOrRemoved: take APIClient as argument
It only needs the API client, not the whole DockerCLI.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-24 09:54:11 +02:00
Sebastiaan van Stijn 8837d113e3
Merge pull request #4456 from thaJeztah/cli_engine_deps
vendor: update dependencies for engine
2023-07-20 23:46:46 +02:00
Sebastiaan van Stijn ce038e77b2
vendor: github.com/prometheus/common v0.42.0
full diff: https://github.com/prometheus/common/compare/v0.37.0...v0.42.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 13:10:46 +02:00
Sebastiaan van Stijn bffe277c9b
vendor: github.com/prometheus/procfs v0.9.0
full diff: https://github.com/prometheus/procfs/compare/v0.8.0...v0.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 13:10:13 +02:00
Sebastiaan van Stijn 92906a9936
vendor: github.com/Microsoft/go-winio v0.6.1
Unfortunately also brings in golang.org/x/tools and golang.org/x/mod as
a dependency, due to go-winio using a "tools.go" file.

full diff: https://github.com/Microsoft/go-winio/compare/v0.5.2...v0.6.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 13:10:06 +02:00
Sebastiaan van Stijn aacdca0fe6
vendor: google.golang.org/protobuf v1.30.0
full diff: https://github.com/protocolbuffers/protobuf-go/compare/v1.28.1...v1.30.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 00:30:58 +02:00
Sebastiaan van Stijn 3cf34c6d9d
vendor: google.golang.org/grpc v1.53.0
Also updating google.golang.org/genproto:
full diff: 10f96fb3db...7f2fa6fef1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 00:26:26 +02:00
Sebastiaan van Stijn 5b138189b9
vendor: github.com/cespare/xxhash/v2 v2.2.0
full diff: https://github.com/cespare/xxhash/compare/v2.1.2...v2.2.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 00:21:37 +02:00
Sebastiaan van Stijn c1d0657029
vendor: github.com/golang/protobuf v1.5.3
- jsonpb: accept 'null' as a valid representation of NullValue in unmarshal
  The canonical JSON representation for NullValue is JSON "null".

full diff: https://github.com/golang/protobuf/compare/v1.5.2...v1.5.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 00:20:03 +02:00
Sebastiaan van Stijn 0b7c72c3ba
cli/command/container: RunStart: inline variable
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 00:03:11 +02:00
Sebastiaan van Stijn 4f67ff8e1f
Merge pull request #4418 from Danial-Gharib/fix-issue-4414-Danial-Gharib
Fix nil pointer dereference issue (#4414)
2023-07-19 15:56:26 +02:00
Danial ad43df5e86
configfile: Initialize nil AuthConfigs
Initialize AuthConfigs map if it's nil before returning it.
This fixes fileStore.Store nil dereference panic when adding a new key
to the map.

Signed-off-by: Danial Gharib <danial.mail.gh@gmail.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-07-19 15:36:10 +02:00
Sebastiaan van Stijn 803d4a9143
Merge pull request #4447 from thaJeztah/deprecate_NewStartOptions
cli/command/container: deprecate NewStartOptions
2023-07-19 15:05:04 +02:00