Commit Graph

10192 Commits

Author SHA1 Message Date
Sebastiaan van Stijn a18c896928
Merge pull request #5424 from jsternberg/wsl-socket-path
command: check for wsl mount path on windows
2024-09-13 00:33:13 +02:00
Sebastiaan van Stijn b0333da63c
Merge pull request #5427 from thaJeztah/bump_docker_deps
vendor: update various dependencies
2024-09-12 19:07:02 +02:00
Sebastiaan van Stijn dccb8bfa5d
vendor: google.golang.org/grpc v1.62.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 18:38:40 +02:00
Sebastiaan van Stijn 8cdf90cd93
vendor: tags.cncf.io/container-device-interface v0.8.0
Breaking change: The .ToOCI() functions in the specs-go package have been
removed. This removes the dependency on the OCI runtime specification from
the CDI specification definition itself.

What's Changed

- Add workflow to mark prs and issues as stale
- Remove the ToOCI functions from the specs-go package
- docs: add a pointer to community meetings in our docs.
- Bump spec version to v0.8.0
- Update spec version in README

Full diff: https://github.com/cncf-tags/container-device-interface/compare/v0.7.2...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 18:36:26 +02:00
Sebastiaan van Stijn a5f15bee7a
vendor: golang.org/x/net v0.28.0
full diff: https://github.com/golang/net/compare/v0.25.0...v0.28.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 18:33:40 +02:00
Sebastiaan van Stijn b93fc39639
vendor: golang.org/x/crypto v0.26.0
full diff: https://github.com/golang/crypto/compare/v0.23.0...v0.26.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 18:32:05 +02:00
Sebastiaan van Stijn 3a63df265f
vendor: golang.org/x/text v0.17.0
full diff: https://github.com/golang/text/compare/v0.15.0...v0.17.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 18:31:04 +02:00
Sebastiaan van Stijn c6e5341934
vendor: golang.org/x/term v0.23.0
full diff: https://github.com/golang/term/compare/v0.20.0...v0.23.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 18:29:52 +02:00
Sebastiaan van Stijn 5f9fe33b6b
vendor: golang.org/x/time v0.6.0
full diff: https://github.com/golang/time/compare/v0.3.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 18:26:45 +02:00
Sebastiaan van Stijn 7074e5011f
vendor: golang.org/x/sync v0.8.0
full diff: https://github.com/golang/sync/compare/v0.7.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 18:24:38 +02:00
Sebastiaan van Stijn 958fff82f1
vendor: golang.org/x/sys v0.24.0
full diff: https://github.com/golang/sys/compare/v0.22.0...v0.24.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 18:24:02 +02:00
Sebastiaan van Stijn fb264ffc08
vendor: dario.cat/mergo v1.0.1
- fix: overwriteWithEmptyValue is forced to true when merging an object
  involving maps
- fix: WithoutDereference should respect non-nil struct pointers

full diff: https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 18:18:47 +02:00
Jonathan A. Sternberg 38c3fef1a8
command: check for wsl mount path on windows
This checks for the equivalent WSL mount path on windows. WSL will mount
the windows drives at `/mnt/c` (or whichever drive is being used).

This is done by parsing a UNC path with forward slashes from the unix
socket URL.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-09-12 11:14:43 -05:00
Laura Brehm 986baf22c7
Merge pull request #5425 from zeghong/remove-dup-linter
chore: remove duplicated `govet` linter config
2024-09-11 11:35:50 +01:00
Li Zeghong 5b81f0dcb0 chore: remove duplicated `govet` linter config
Signed-off-by: Li Zeghong <zeghong@hotmail.com>
2024-09-11 17:55:43 +08:00
Sebastiaan van Stijn 6965f40090
Merge pull request #5422 from thaJeztah/info_no_expected_version
info: stop printing "Expected" commits
2024-09-10 19:43:51 +02:00
Sebastiaan van Stijn 88ca4e958f
info: stop printing "Expected" commits
The `Commit` type was introduced in 2790ac68b3,
to assist triaging issues that were reported with an incorrect version of
runc or containerd. At the time, both `runc` and `containerd` were not yet
stable, and had to be built from a specific commit to guarantee compatibility.

We encountered various situations where unexpected (and incompatible) versions
of those binaries were packaged, resulting in hard to trace bug-reports.
For those situations, a "expected" version was set at compile time, to
indicate if the version installed was different from the expected version;

    docker info
    ...
    runc version: a592beb5bc4c4092b1b1bac971afed27687340c5 (expected: 69663f0bd4b60df09991c08812a60108003fa340)

Both `runc` and `containerd` are stable now, and docker 19.03 and up set the
expected version to the actual version since c65f0bd13c
and 23.0 did the same for the `init` binary b585c64e2b,
to prevent the CLI from reporting "unexpected version".

In short; the `Expected` fields no longer serves a real purpose, so we should
no longer print it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-10 13:49:12 +02:00
Sebastiaan van Stijn a464a63d33
Merge pull request #5420 from laurazard/fix-panic-volume-update
volume/update: require 1 argument/fix panic
2024-09-09 20:46:30 +02:00
Laura Brehm daea277ee8
volume/update: require 1 argument/fix panic
This command was declaring that it requires at least 1 argument, when it
needs exactly 1 argument. This was causing the CLI to panic when the
command was invoked with no argument:

`docker volume update`

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-09-09 13:40:03 +01:00
Alano Terblanche 6372ec9c75
Merge pull request #5415 from lentil32/master
fix: docstring for cli/command: `ContainerFormat.CreatedAt`
2024-09-09 12:19:53 +02:00
Sebastiaan van Stijn 21ee2685e3
Merge pull request #5403 from dvdksn/docs-update-titles
docs: rename plugins index file and add linkTitle
2024-09-09 11:04:09 +02:00
David Karlsson 0fcaffb7e4 chore: fix style/lint issues in deprecated.md
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-09 10:53:38 +02:00
Alano Terblanche 2230089371
Merge pull request #5381 from Benehiko/lf-exclude-binary
fix: gitattributes enforcing line endings
2024-09-09 08:51:54 +02:00
Dilep Dev 45d55961d0
Fix broken links in CONTRIBUTING.md
Signed-off-by: Dilep Dev <34891655+DilepDev@users.noreply.github.com>
2024-09-08 23:08:14 +05:30
lentil32 0b9d58245a
cli/command: fix docstring for ContainerFormat.CreatedAt
Signed-off-by: lentil32 <lentil32@icloud.com>
2024-09-08 15:47:21 +09:00
Sebastiaan van Stijn 6b741602c8
Merge pull request #5410 from vvoland/update-go
update to go1.22.7
2024-09-06 10:27:26 +02:00
Alano Terblanche 4a6ab2b37d
fix: binary file line endings
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-09-06 10:23:23 +02:00
Paweł Gronowski 3bf39d25a0
update to go1.22.7
- https://github.com/golang/go/issues?q=milestone%3AGo1.22.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.22.6...go1.22.7

These minor releases include 3 security fixes following the security policy:

- go/parser: stack exhaustion in all Parse* functions

    Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

    This is CVE-2024-34155 and Go issue https://go.dev/issue/69138.

- encoding/gob: stack exhaustion in Decoder.Decode

    Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.

    This is a follow-up to CVE-2022-30635.

    Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu) for reporting this issue.

    This is CVE-2024-34156 and Go issue https://go.dev/issue/69139.

- go/build/constraint: stack exhaustion in Parse

    Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

    This is CVE-2024-34158 and Go issue https://go.dev/issue/69141.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.23.1

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-09-05 17:51:27 +02:00
Laura Brehm 2b6d2d98d8
Merge pull request #5407 from thaJeztah/mod_tidy
vendor.mod: put github.com/pkg/browser in the right group
2024-09-05 13:47:37 +01:00
Sebastiaan van Stijn 1b8180a405
vendor.mod: put github.com/pkg/browser in the right group
commit fcfdd7b91f introduced github.com/pkg/browser
as a direct dependency, but it ended up in the group for indirect dependencies.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-05 14:36:51 +02:00
David Karlsson 5ca40e0a35 docs: add front matter title to deprecated.md
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-04 13:48:37 +02:00
David Karlsson 071f6f9391 docs: rename plugins index file and add linkTitle
We publish this page on docs.docker.com, and hugo expects index pages
for sections to be named _index.md. We currently rename the page when we
mount it to the docs repo but might as well change the filename in the
source.

Also adds a linkTitle to the page, which is a shorter title that will be
used in the sidebar navigation and breadcrumbs.

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-04 13:48:37 +02:00
Sebastiaan van Stijn f75abad8a1
Merge pull request #5401 from laurazard/login-non-tty-standardize
login: handle non-tty scenario consistently
2024-09-03 16:36:14 +02:00
Laura Brehm bbb6e7643d
login: handle non-tty scenario consistently
Running `docker login` in a non-interactive environment sometimes errors
out if no username/pwd is provided. This handling is somewhat
inconsistent – this commit addresses that.

Before:
| `--username` | `--password` | Result                                                             |
|:------------:|:------------:| ------------------------------------------------------------------ |
|            |            |                                                                  |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | hangs                                                              |

After:
| `--username` | `--password` | Result                                                             |
|:------------:|:------------:| ------------------------------------------------------------------ |
|            |            |                                                                  |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |

It's worth calling out a separate scenario – if there are previous,
valid credentials, then running `docker login` with no username or
password provided will use the previously stored credentials, and not
error out.

```console
cat ~/.docker/config.json
{
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "xxxxxxxxxxx"
                }
        }
}
⭑ docker login 0>/dev/null
Authenticating with existing credentials...

Login Succeeded
```

This commit also applies the same non-interactive handling logic to the
new web-based login flow, which means that now, if there are no prior
credentials stored and a user runs `docker login`, instead of initiating
the new web-based login flow, an error is returned.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-09-03 14:26:11 +01:00
Sebastiaan van Stijn 2dd127a1ff
Merge pull request #5387 from thaJeztah/update_go_1.22
update to go1.22.6
2024-09-03 13:25:16 +02:00
Sebastiaan van Stijn 51f320ff62
Merge pull request #5376 from laurazard/fix-oauth-login-timer
oauth/api: drain timer channel on each iteration
2024-09-03 13:14:54 +02:00
Laura Brehm 60d0450287
oauth/api: drain timer channel on each iteration
Previously, if while polling for oauth device-code login results a user
suspended the process (such as with CTRL-Z) and then restored it with
`fg`, an error might occur in the form of:

```
failed waiting for authentication: You are polling faster than the specified interval of 5 seconds.
```

This is due to our use of a `time.Ticker` here - if no receiver drains
the ticker channel (and timers/tickers use a buffered channel behind the
scenes), more than one tick will pile up, causing the program to "tick"
twice, in fast succession, after it is resumed.

The new implementation replaces the `time.Ticker` with a `time.Timer`
(`time.Ticker` is just a nice wrapper) and introduces a helper function
`resetTimer` to ensure that before every `select`, the timer is stopped
and it's channel is drained.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-09-03 11:31:03 +01:00
Sebastiaan van Stijn d7d56599ca
update to go1.22.6
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-03 12:29:03 +02:00
Sebastiaan van Stijn 623af469bb
Merge pull request #5393 from thaJeztah/fix_plugins_CGO_ENABLED
scripts/build/plugins: don't override CGO_ENABLED set by .variables
2024-09-03 12:28:21 +02:00
Sebastiaan van Stijn e3676d233e
Merge pull request #5386 from dvdksn/docker-login-docs-touchup
docs: update docker login reference
2024-09-03 12:15:08 +02:00
Sebastiaan van Stijn 9e29967960
scripts/build/plugins: don't override CGO_ENABLED set by .variables
The `.variables` sets `CGO_ENABLED=1` on arm; b0c41b78d8/scripts/build/.variables (L57-L68)
And if enabled, it sets `-buildmode=pie`; b0c41b78d8/scripts/build/.variables (L79-L88)

But that looks to be conflicting with the hardcoded `CGO_ENABLED=0` in
this script, which causes the build to fail on go1.22;

    > [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*:
    0.127 Building static docker-helloworld
    0.127 + CGO_ENABLED=0
    0.127 + GO111MODULE=auto
    0.127 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=5c123b1" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-02T13:52:17Z" -X "github.com/docker/cli/cli/version.Version=pr-5387" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
    0.135 -buildmode=pie requires external (cgo) linking, but cgo is not enabled

This patch sets the CGO_ENABLED variable before sourcing `.variables`,
so that other variables which are conditionally set are handled correctly.

Before this PR:

    #18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
    #18 0.123 Building static docker-helloworld
    #18 0.124 + CGO_ENABLED=0
    #18 0.124 + GO111MODULE=auto
    #18 0.124 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=c8c402e" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T08:28:25Z" -X "github.com/docker/cli/cli/version.Version=pr-5381" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
    ....

With this PR:

    #18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
    #18 0.110 Building static docker-helloworld
    #18 0.110 + GO111MODULE=auto
    #18 0.110 + go build -o /out/plugins-linux-arm/docker-helloworld -tags '' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=050d9d6" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T09:19:05Z" -X "github.com/docker/cli/cli/version.Version=pr-5387"' github.com/docker/cli/cli-plugins/examples/helloworld
    ....

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-03 11:49:43 +02:00
David Karlsson 81744d7aa8 copynit: s/WEB BASED/WEB-BASED/
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-03 11:39:43 +02:00
David Karlsson 2f206fff3c docs: update docker login reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-03 11:38:05 +02:00
Paweł Gronowski 092b5f0fcb
Merge pull request #5389 from thaJeztah/bump_xx
Dockerfile: update xx to v1.5.0
2024-09-02 18:55:05 +00:00
Sebastiaan van Stijn 1e6cbbc3f1
Dockerfile: update xx to v1.5.0
full diff: https://github.com/tonistiigi/xx/compare/v1.4.0...v1.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-02 16:48:29 +02:00
Sebastiaan van Stijn b0c41b78d8
Merge pull request #5383 from laurazard/convert-registry-to-hostname
login: use normalized hostname when storing
2024-09-02 11:43:07 +02:00
Laura Brehm e532eead91
login: use normalized hostname when storing
Normalization/converting the registry address to just a hostname happens
inside of `command.GetDefaultAuthConfig`. Use this value for the rest of
the login flow/storage.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-30 15:43:20 +01:00
Sebastiaan van Stijn 6273e65cee
Merge pull request #5379 from laurazard/dont-normalize-registry-1
Revert "login: normalize `registry-1.docker.io`"
2024-08-29 13:33:12 +02:00
Laura Brehm dab9674db9
Revert "login: normalize `registry-1.docker.io`"
This reverts commit e6624676e0.

Since e6624676e0, during login, we started
normalizing `registry-1.docker.io` to `index.docker.io`. This means that
if a user logs in with `docker login -u [username]
registry-1.docker.io`, the user's credentials get stored in
credhelpers/config.json under `https://index.docker.io/v1/`.

However, while the registry code normalizes an image reference without
registry (`docker pull alpine:latest`) and image references explicitly for
`index.docker.io` (`docker pull index.docker.io/library/alpine:latest`)
to the official index server (`https://index.docker.io/v1/`), and
fetches credentials for that auth key, it does not normalize
`registry-1.docker.io`, which means pulling explicitly from there
(`docker pull registry-1.docker.io/alpine:latest`) will not use
credentials stored under `https://index.docker.io/v1/`.

As such, until changes are made to the registry/pull/push code to
normalize `registry-1.docker.io` to `https://index.docker.io/v1/`, we
should not normalize this during login.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-29 12:16:05 +01:00
Paweł Gronowski 3826f5ad73
Merge pull request #5370 from thaJeztah/fix_linting_issues
Fix linting issues in preparation of Go and GolangCI-lint update
2024-08-26 14:38:07 +02:00