Commit Graph

9677 Commits

Author SHA1 Message Date
Bjorn Neergaard 2ae903e86c
Merge pull request #4929 from dvdksn/privileged-flag
docs: clarify what the --privileged flag does
2024-03-20 09:10:03 -06:00
Bjorn Neergaard 5931a2f592
Merge pull request #4956 from vvoland/vendor-docker-26.0.0-dev
vendor: github.com/docker/docker 8b79278316b5 (master)
2024-03-20 09:08:50 -06:00
Paweł Gronowski ed9dd75575
Merge pull request #4949 from akerouanton/remove-short-cid-alias
docs/deprecated: update status of short cid alias deprecation
2024-03-20 16:05:01 +01:00
Paweł Gronowski 69575f6175
vendor: github.com/docker/docker 8b79278316b5 (master)
no changes in vendored files

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-20 15:45:19 +01:00
Paweł Gronowski fa84cfd802
Merge pull request #4950 from vvoland/vendor-docker-26.0.0-rc3-dev
vendor: github.com/docker/docker 330d777c53fb (v26.0.0-rc3-dev)
2024-03-19 14:40:12 +01:00
Paweł Gronowski b70a26deaf
vendor: github.com/docker/docker 330d777c53fb (v26.0.0-rc3-dev)
full diff: 70e46f2c7c...330d777c53

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-19 14:31:41 +01:00
Paweł Gronowski 23563728bc
Merge pull request #4944 from thaJeztah/update_engine
vendor: github.com/docker/docker 70e46f2c7c2d (v26.0.0-rc3-dev)
2024-03-19 11:00:31 +01:00
Sebastiaan van Stijn ea3201c575
Merge pull request #4945 from thaJeztah/remove_gocompat
scripts/vendor: remove -compat=1.19
2024-03-18 12:29:42 +01:00
Sebastiaan van Stijn c050bf0909
Merge pull request #4946 from thaJeztah/bump_gofumpt
Dockerfile: update mvdan/gofumpt to v0.6.0
2024-03-18 12:24:26 +01:00
Paweł Gronowski 4eef4afbf4
Merge pull request #4893 from vvoland/deprecate-container
docs/deprecated: Deprecate Container fields in image inspect
2024-03-18 12:14:10 +01:00
Sebastiaan van Stijn 396a0823f8
Merge pull request #4947 from thaJeztah/fix_codeql
ci: fix CodeQL 2.16.4 autobuild
2024-03-18 12:07:08 +01:00
Albin Kerouanton f96d8e78c4 docs/deprecated: update status of short cid alias deprecation
Starting with API v1.45, the container short ID is removed from the
container Aliases.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2024-03-18 10:39:14 +01:00
Sebastiaan van Stijn b120b96ac7
ci: set DISABLE_WARN_OUTSIDE_CONTAINER=1 for CodeQL action
CodeQL autobuild uses the makefile, but outside of a container, so let's
set this variable to prevent it having to wait 10 seconds;

    Use "make dev" to start an interactive development container,
    use "make -f docker.Makefile " to execute this target
    in a container, or set DISABLE_WARN_OUTSIDE_CONTAINER=1 to
    disable this warning.

    Press Ctrl+C now to abort, or wait for the script to continue..

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-17 14:49:49 +01:00
Sebastiaan van Stijn 24186d8008
ci: fix CodeQL 2.16.4 autobuild
CodeQL 2.16.4's auto-build added support for multi-module repositories,
and is trying to be smart by searching for modules in every directory,
including vendor directories. If no module is found, it's creating one
which is ... not what we want, so let's give it a "go.mod".

Here's from a run in CI;

    /opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/codeql version --format=json
    {
      "productName" : "CodeQL",
      "vendor" : "GitHub",
      "version" : "2.16.4",
      "sha" : "9727ba3cd3d5a26f8b9347bf3c3eb4f565ac077b",
      "branches" : [
        "codeql-cli-2.16.4"
      ],
      "copyright" : "Copyright (C) 2019-2024 GitHub, Inc.",
      "unpackedLocation" : "/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql",
      "configFileLocation" : "/home/runner/.config/codeql/config",
      "configFileFound" : false,
      "features" : {
        "analysisSummaryV2Option" : true,
        "buildModeOption" : true,
        "bundleSupportsIncludeDiagnostics" : true,
        "featuresInVersionResult" : true,
        "indirectTracingSupportsStaticBinaries" : false,
        "informsAboutUnsupportedPathFilters" : true,
        "supportsPython312" : true,
        "mrvaPackCreate" : true,
        "threatModelOption" : true,
        "traceCommandUseBuildMode" : true,
        "v2ramSizing" : true,
        "mrvaPackCreateMultipleQueries" : true,
        "setsCodeqlRunnerEnvVar" : true
      }
    }

With 2.16.4, first it is unable to correlate files with the project, considering
them "stray" files;

    Attempting to automatically build go code
    /opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/go/tools/autobuild.sh
    2024/03/16 15:54:34 Autobuilder was built with go1.22.0, environment has go1.21.8
    2024/03/16 15:54:34 LGTM_SRC is /home/runner/work/cli/cli
    2024/03/16 15:54:34 Found no go.work files in the workspace; looking for go.mod files...
    2024/03/16 15:54:34 Found stray Go source file in cli/cobra.go.
    2024/03/16 15:54:34 Found stray Go source file in cli/cobra_test.go.
    2024/03/16 15:54:34 Found stray Go source file in cli/command/builder/client_test.go.
    2024/03/16 15:54:34 Found stray Go source file in cli/command/builder/cmd.go.
    ...

It then tries to build the binary, but in go modules mode, which fails (it also
seems to be doing this for each and every directory);

    Use "make dev" to start an interactive development container,
    use "make -f docker.Makefile " to execute this target
    in a container, or set DISABLE_WARN_OUTSIDE_CONTAINER=1 to
    disable this warning.

    Press Ctrl+C now to abort, or wait for the script to continue..

    ./scripts/build/binary
    Building static docker-linux-amd64
    + go build -o build/docker-linux-amd64 -tags  osusergo pkcs11 -ldflags  -X "github.com/docker/cli/cli/version.GitCommit=38c3ff6" -X "github.com/docker/cli/cli/version.BuildTime=2024-03-16T17:20:38Z" -X "github.com/docker/cli/cli/version.Version=38c3ff6.m" -extldflags -static -buildmode=pie github.com/docker/cli/cmd/docker
    cannot find package "github.com/docker/cli/cmd/docker" in any of:
        /opt/hostedtoolcache/go/1.21.8/x64/src/github.com/docker/cli/cmd/docker (from $GOROOT)
        /home/runner/go/src/github.com/docker/cli/cmd/docker (from $GOPATH)
    make: *** [Makefile:62: binary] Error 1
    2024/03/16 17:20:38 Running /usr/bin/make [make] failed, continuing anyway: exit status 2
    2024/03/16 17:20:38 Build failed, continuing to install dependencies.
    2024/03/16 17:20:38 The code in vendor/gotest.tools/v3/skip seems to be missing a go.mod file. Attempting to initialize one...
    2024/03/16 17:20:38 Import path is 'github.com/docker/cli'

If also seems to be doing this for ... every package?

    cat 0_codeql.log | grep 'you are not in a container' | wc -l
    497

After which it starts to create modules out of every directory;

    The code in internal/test/network seems to be missing a go.mod file. Attempting to initialize one...
    The code in internal/test/notary seems to be missing a go.mod file. Attempting to initialize one...
    The code in internal/test/output seems to be missing a go.mod file. Attempting to initialize one...
    The code in opts seems to be missing a go.mod file. Attempting to initialize one...
    The code in service seems to be missing a go.mod file. Attempting to initialize one...
    The code in service/logs seems to be missing a go.mod file. Attempting to initialize one...
    The code in templates seems to be missing a go.mod file. Attempting to initialize one...
    The code in vendor seems to be missing a go.mod file. Attempting to initialize one...
    The code in vendor/dario.cat seems to be missing a go.mod file. Attempting to initialize one...
    The code in vendor/dario.cat/mergo seems to be missing a go.mod file. Attempting to initialize one...
    ...
    Skipping dependency package regexp.
    Skipping dependency package github.com/opencontainers/go-digest.
    Skipping dependency package github.com/distribution/reference.
    Extracting /home/runner/work/cli/cli/cli/command/go.mod
    Done extracting /home/runner/work/cli/cli/cli/command/go.mod (1ms)
    Extracting /home/runner/work/cli/cli/cli/command/go.mod
    Done extracting /home/runner/work/cli/cli/cli/command/go.mod (0ms)
    Extracting /home/runner/work/cli/cli/cli/command/go.mod
    Done extracting /home/runner/work/cli/cli/cli/command/go.mod (0ms)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-17 14:27:10 +01:00
Sebastiaan van Stijn 48b5efee03
Dockerfile: update mvdan/gofumpt to v0.6.0
- full diff: https://github.com/mvdan/gofumpt/compare/v0.4.0...v0.6.0
- v0.6.0 release notes: https://github.com/mvdan/gofumpt/releases/tag/v0.6.0
- v0.5.0 release notes: https://github.com/mvdan/gofumpt/releases/tag/v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-17 13:48:13 +01:00
Sebastiaan van Stijn 38c3ff67aa
vendor: github.com/docker/docker 70e46f2c7c2d (v26.0.0-rc3-dev)
full diff: https://github.com/docker/docker/compare/v26.0.0-rc2...70e46f2c7c2df8d8cc483d9831a907b12efa201b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:53:20 +01:00
Sebastiaan van Stijn f8fc5b6bc3
scripts/vendor: remove -compat=1.19
We originally added this -compat to keep a consistent format of
the vendor.mod files for cases where there were differences
between go versions.

I don't think we really need this anymore, so let's remove.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:44:25 +01:00
Sebastiaan van Stijn a4a79d75c0
vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4
full diffs:

- https://github.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.33.0
- https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4

From the Go security announcement list;

> Version v1.33.0 of the google.golang.org/protobuf module fixes a bug in
> the google.golang.org/protobuf/encoding/protojson package which could cause
> the Unmarshal function to enter an infinite loop when handling some invalid
> inputs.
>
> This condition could only occur when unmarshaling into a message which contains
> a google.protobuf.Any value, or when the UnmarshalOptions.UnmarshalUnknown
> option is set. Unmarshal now correctly returns an error when handling these
> inputs.
>
> This is CVE-2024-24786.

In a follow-up post;

> A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown
> option is set (as well as when unmarshaling into any message which contains a
> google.protobuf.Any). There is no UnmarshalUnknown option.
>
> In addition, version 1.33.0 of google.golang.org/protobuf inadvertently
> introduced an incompatibility with the older github.com/golang/protobuf
> module. (https://github.com/golang/protobuf/issues/1596) Users of the older
> module should update to github.com/golang/protobuf@v1.5.4.

govulncheck results in our code shows that this does not affect the CLI:

    govulncheck ./...
    Scanning your code and 448 packages across 72 dependent modules for known vulnerabilities...

    === Symbol Results ===

    No vulnerabilities found.

    Your code is affected by 0 vulnerabilities.
    This scan also found 1 vulnerability in packages you import and 0
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:41:42 +01:00
Sebastiaan van Stijn 115c8d56e5
vendor: github.com/containerd/containerd v1.7.14
no changes in vendored files, but now requires go1.21

full diff: https://github.com/containerd/containerd/compare/v1.7.13...v1.7.14

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:41:38 +01:00
Sebastiaan van Stijn 38fcd1ca63
Merge pull request #4943 from jsternberg/correct-build-command-path
builder: correct the command path for docker build
2024-03-16 15:30:43 +01:00
Jonathan A. Sternberg 9392831817
builder: correct the command path for docker build
The command path sent for `docker build` should be `docker` rather than
`docker build` to be consistent with the other command paths.

* `docker buildx build` has a command path of `docker buildx`
* `docker builder build` has a command path of `docker builder`
* `docker image build` has a command path of `docker image`

The reason this gets set to `docker buildx` rather than `docker buildx
build` is because the `build` portion of the command path is processed
by the plugin. So the command path only contains the portions of the
command path that were processed by this tool.

Since the `build` of `docker build` gets forwarded to `buildx`, it is
not included in the command path.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-03-15 11:36:38 -05:00
Paweł Gronowski 4e9abfecf5
Merge pull request #4916 from dvdksn/docs-typos-corrections
docs: typo fixes and other corrections
2024-03-14 13:20:39 +01:00
Paweł Gronowski dc4163fb1a
docs/deprecated: Deprecate Container fields in image inspect
See moby#46939

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-14 12:42:31 +01:00
Sebastiaan van Stijn 8adf1ddb86
Merge pull request #4928 from dvdksn/deprecate-nontls-tcp
docs: deprecate TCP connection without TLS
2024-03-14 12:29:42 +01:00
Paweł Gronowski c8e470057a
Merge pull request #4938 from thaJeztah/deprecate_legacy_images
deprecate legacy image formats
2024-03-14 12:20:17 +01:00
David Karlsson 3da26a5e79 docs: add description and link for --userns flag
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-03-14 10:10:49 +01:00
David Karlsson 4bb2abaa54 docs: typo fixes and other corrections
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-03-14 10:10:49 +01:00
Sebastiaan van Stijn 90c33dbfd9
deprecate legacy image formats
Mark pulling legacy image formats as deprecated, and describe the
DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE environment variable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-12 17:20:33 +01:00
Zhuo Zhi 800a51d6cd Set CGO_ENABLED=1 on riscv64
CGO works fine on riscv64 thus should be enabled.
Avoid build error https://github.com/golang/go/issues/64875

Signed-off-by: Zhuo Zhi <h.dwwwwww@gmail.com>
2024-03-12 23:55:59 +08:00
Sebastiaan van Stijn d17b3b2d80
Merge pull request #4937 from crazy-max/update-xx
Dockerfile: update to xx 1.4.0
2024-03-12 16:19:19 +01:00
David Karlsson 9349f58b8a docs: clarify what the --privileged flag does
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-03-11 15:59:09 +01:00
CrazyMax adb018084c
Dockerfile: update to xx 1.4.0
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2024-03-11 14:24:26 +01:00
Sebastiaan van Stijn a2f3f40233
Merge pull request #4936 from thaJeztah/deprecate_eventhandler
cli/command: deprecate EventHandler and InitEventHandler
2024-03-11 14:21:19 +01:00
Sebastiaan van Stijn 46afd26c45
cli/command: deprecate EventHandler and InitEventHandler
This code was only used as part of container.RunStats, so moving the code
there instead as a non-exported type. The actual use also did not have to
handle concurrency, so the mutex is removed in the new location.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-11 13:25:22 +01:00
Sebastiaan van Stijn d06f137170
Merge pull request #4934 from thaJeztah/stats_improve
cli/command/container: use ping-result for OS-version
2024-03-11 12:59:47 +01:00
Sebastiaan van Stijn b55cf2f71f
Merge pull request #4931 from robmry/internal_network
Add a description of '--internal' to the docs
2024-03-11 12:41:29 +01:00
Sebastiaan van Stijn 412d6fca9c
Merge pull request #4930 from vvoland/vendor-docker-v26.0.0-rc2
vendor: github.com/docker/docker v26.0.0-rc2
2024-03-11 12:39:14 +01:00
Sebastiaan van Stijn 5c54f75f2a
cli/command/container: use ping-result for OS-version
The daemonOSType variable is already set when collecting stats, so we unlikely
hit this code in practice, and it would only be set if `collect()` failed and
we never got a stats response. If we do need to get this information, let's use
the OSVersion we already obtained from the ping response.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-11 11:05:56 +01:00
Rob Murray 617377c045 Describe an 'internal' network.
Added a description of a '--internal' network (from @neersighted).

Co-authored-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-03-11 09:13:25 +00:00
Rob Murray 860b4f3a7d 'docker daemon' flags refer to the default bridge
Replace 'docker daemon' with the wording used for the preceeding table,
to make it extra-clear that those flags apply to the default bridge.

Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-03-08 17:11:28 +00:00
Paweł Gronowski 645b973521
vendor: github.com/docker/docker v26.0.0-rc2
full diff: https://github.com/docker/docker/compare/f4c696eef17d...v26.0.0-rc2

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-08 17:10:05 +01:00
David Karlsson 3cf2fe0fff docs: deprecate TCP connection without TLS
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-03-08 14:50:15 +01:00
Sebastiaan van Stijn 952c807716
Merge pull request #4926 from vvoland/vendor-docker
vendor: github.com/docker/docker f4c696eef17d62a42
2024-03-07 19:35:08 +01:00
Paweł Gronowski a8379092af
vendor: github.com/docker/docker f4c696eef17d62a42
full diff: https://github.com/docker/docker/compare/v26.0.0-rc1+incompatible...f4c696eef17d62a421877d95c4810185750c5641

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-07 19:13:04 +01:00
Bjorn Neergaard a1361a1372
Merge pull request #4923 from vvoland/cli-arm64
bake: Add `windows/arm64` target to bin-image-cross
2024-03-06 09:08:20 -07:00
Paweł Gronowski ab9d560570
bake: Add `windows/arm64` target to bin-image-cross
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-06 16:46:39 +01:00
Sebastiaan van Stijn ba6460829b
Merge pull request #4918 from vvoland/go-1.21.8
update to go1.21.8
2024-03-05 22:24:30 +01:00
Paweł Gronowski 3b77477943
update to go1.21.8
go1.21.8 (released 2024-03-05) includes 5 security fixes:

- crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783, https://go.dev/issue/65390)
- net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290, https://go.dev/issue/65383)
- net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289, https://go.dev/issue/65065)
- html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785, https://go.dev/issue/65697)
- net/mail: comments in display names are incorrectly handled (CVE-2024-24784, https://go.dev/issue/65083)

View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.8

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.8+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.6...go1.21.8

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-05 22:08:26 +01:00
Bjorn Neergaard 181575bf55
Merge pull request #4888 from Benehiko/fix-prompt-termination
fix: cli prompt termination exit code
2024-03-04 07:56:38 -07:00
Alano Terblanche 10bf91a02d
fix: cli prompt termination exit code
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-03-04 15:26:17 +01:00