Commit Graph

10078 Commits

Author SHA1 Message Date
Laura Brehm 986baf22c7
Merge pull request #5425 from zeghong/remove-dup-linter
chore: remove duplicated `govet` linter config
2024-09-11 11:35:50 +01:00
Li Zeghong 5b81f0dcb0 chore: remove duplicated `govet` linter config
Signed-off-by: Li Zeghong <zeghong@hotmail.com>
2024-09-11 17:55:43 +08:00
Sebastiaan van Stijn 6965f40090
Merge pull request #5422 from thaJeztah/info_no_expected_version
info: stop printing "Expected" commits
2024-09-10 19:43:51 +02:00
Sebastiaan van Stijn 88ca4e958f
info: stop printing "Expected" commits
The `Commit` type was introduced in 2790ac68b3,
to assist triaging issues that were reported with an incorrect version of
runc or containerd. At the time, both `runc` and `containerd` were not yet
stable, and had to be built from a specific commit to guarantee compatibility.

We encountered various situations where unexpected (and incompatible) versions
of those binaries were packaged, resulting in hard to trace bug-reports.
For those situations, a "expected" version was set at compile time, to
indicate if the version installed was different from the expected version;

    docker info
    ...
    runc version: a592beb5bc4c4092b1b1bac971afed27687340c5 (expected: 69663f0bd4b60df09991c08812a60108003fa340)

Both `runc` and `containerd` are stable now, and docker 19.03 and up set the
expected version to the actual version since c65f0bd13c
and 23.0 did the same for the `init` binary b585c64e2b,
to prevent the CLI from reporting "unexpected version".

In short; the `Expected` fields no longer serves a real purpose, so we should
no longer print it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-10 13:49:12 +02:00
Sebastiaan van Stijn a464a63d33
Merge pull request #5420 from laurazard/fix-panic-volume-update
volume/update: require 1 argument/fix panic
2024-09-09 20:46:30 +02:00
Laura Brehm daea277ee8
volume/update: require 1 argument/fix panic
This command was declaring that it requires at least 1 argument, when it
needs exactly 1 argument. This was causing the CLI to panic when the
command was invoked with no argument:

`docker volume update`

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-09-09 13:40:03 +01:00
Alano Terblanche 6372ec9c75
Merge pull request #5415 from lentil32/master
fix: docstring for cli/command: `ContainerFormat.CreatedAt`
2024-09-09 12:19:53 +02:00
Sebastiaan van Stijn 21ee2685e3
Merge pull request #5403 from dvdksn/docs-update-titles
docs: rename plugins index file and add linkTitle
2024-09-09 11:04:09 +02:00
David Karlsson 0fcaffb7e4 chore: fix style/lint issues in deprecated.md
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-09 10:53:38 +02:00
Alano Terblanche 2230089371
Merge pull request #5381 from Benehiko/lf-exclude-binary
fix: gitattributes enforcing line endings
2024-09-09 08:51:54 +02:00
lentil32 0b9d58245a
cli/command: fix docstring for ContainerFormat.CreatedAt
Signed-off-by: lentil32 <lentil32@icloud.com>
2024-09-08 15:47:21 +09:00
Sebastiaan van Stijn 6b741602c8
Merge pull request #5410 from vvoland/update-go
update to go1.22.7
2024-09-06 10:27:26 +02:00
Alano Terblanche 4a6ab2b37d
fix: binary file line endings
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-09-06 10:23:23 +02:00
Paweł Gronowski 3bf39d25a0
update to go1.22.7
- https://github.com/golang/go/issues?q=milestone%3AGo1.22.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.22.6...go1.22.7

These minor releases include 3 security fixes following the security policy:

- go/parser: stack exhaustion in all Parse* functions

    Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

    This is CVE-2024-34155 and Go issue https://go.dev/issue/69138.

- encoding/gob: stack exhaustion in Decoder.Decode

    Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.

    This is a follow-up to CVE-2022-30635.

    Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu) for reporting this issue.

    This is CVE-2024-34156 and Go issue https://go.dev/issue/69139.

- go/build/constraint: stack exhaustion in Parse

    Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

    This is CVE-2024-34158 and Go issue https://go.dev/issue/69141.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.23.1

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-09-05 17:51:27 +02:00
Laura Brehm 2b6d2d98d8
Merge pull request #5407 from thaJeztah/mod_tidy
vendor.mod: put github.com/pkg/browser in the right group
2024-09-05 13:47:37 +01:00
Sebastiaan van Stijn 1b8180a405
vendor.mod: put github.com/pkg/browser in the right group
commit fcfdd7b91f introduced github.com/pkg/browser
as a direct dependency, but it ended up in the group for indirect dependencies.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-05 14:36:51 +02:00
David Karlsson 5ca40e0a35 docs: add front matter title to deprecated.md
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-04 13:48:37 +02:00
David Karlsson 071f6f9391 docs: rename plugins index file and add linkTitle
We publish this page on docs.docker.com, and hugo expects index pages
for sections to be named _index.md. We currently rename the page when we
mount it to the docs repo but might as well change the filename in the
source.

Also adds a linkTitle to the page, which is a shorter title that will be
used in the sidebar navigation and breadcrumbs.

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-04 13:48:37 +02:00
Sebastiaan van Stijn f75abad8a1
Merge pull request #5401 from laurazard/login-non-tty-standardize
login: handle non-tty scenario consistently
2024-09-03 16:36:14 +02:00
Laura Brehm bbb6e7643d
login: handle non-tty scenario consistently
Running `docker login` in a non-interactive environment sometimes errors
out if no username/pwd is provided. This handling is somewhat
inconsistent – this commit addresses that.

Before:
| `--username` | `--password` | Result                                                             |
|:------------:|:------------:| ------------------------------------------------------------------ |
|            |            |                                                                  |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | hangs                                                              |

After:
| `--username` | `--password` | Result                                                             |
|:------------:|:------------:| ------------------------------------------------------------------ |
|            |            |                                                                  |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |

It's worth calling out a separate scenario – if there are previous,
valid credentials, then running `docker login` with no username or
password provided will use the previously stored credentials, and not
error out.

```console
cat ~/.docker/config.json
{
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "xxxxxxxxxxx"
                }
        }
}
⭑ docker login 0>/dev/null
Authenticating with existing credentials...

Login Succeeded
```

This commit also applies the same non-interactive handling logic to the
new web-based login flow, which means that now, if there are no prior
credentials stored and a user runs `docker login`, instead of initiating
the new web-based login flow, an error is returned.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-09-03 14:26:11 +01:00
Sebastiaan van Stijn 2dd127a1ff
Merge pull request #5387 from thaJeztah/update_go_1.22
update to go1.22.6
2024-09-03 13:25:16 +02:00
Sebastiaan van Stijn 51f320ff62
Merge pull request #5376 from laurazard/fix-oauth-login-timer
oauth/api: drain timer channel on each iteration
2024-09-03 13:14:54 +02:00
Laura Brehm 60d0450287
oauth/api: drain timer channel on each iteration
Previously, if while polling for oauth device-code login results a user
suspended the process (such as with CTRL-Z) and then restored it with
`fg`, an error might occur in the form of:

```
failed waiting for authentication: You are polling faster than the specified interval of 5 seconds.
```

This is due to our use of a `time.Ticker` here - if no receiver drains
the ticker channel (and timers/tickers use a buffered channel behind the
scenes), more than one tick will pile up, causing the program to "tick"
twice, in fast succession, after it is resumed.

The new implementation replaces the `time.Ticker` with a `time.Timer`
(`time.Ticker` is just a nice wrapper) and introduces a helper function
`resetTimer` to ensure that before every `select`, the timer is stopped
and it's channel is drained.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-09-03 11:31:03 +01:00
Sebastiaan van Stijn d7d56599ca
update to go1.22.6
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-03 12:29:03 +02:00
Sebastiaan van Stijn 623af469bb
Merge pull request #5393 from thaJeztah/fix_plugins_CGO_ENABLED
scripts/build/plugins: don't override CGO_ENABLED set by .variables
2024-09-03 12:28:21 +02:00
Sebastiaan van Stijn e3676d233e
Merge pull request #5386 from dvdksn/docker-login-docs-touchup
docs: update docker login reference
2024-09-03 12:15:08 +02:00
Sebastiaan van Stijn 9e29967960
scripts/build/plugins: don't override CGO_ENABLED set by .variables
The `.variables` sets `CGO_ENABLED=1` on arm; b0c41b78d8/scripts/build/.variables (L57-L68)
And if enabled, it sets `-buildmode=pie`; b0c41b78d8/scripts/build/.variables (L79-L88)

But that looks to be conflicting with the hardcoded `CGO_ENABLED=0` in
this script, which causes the build to fail on go1.22;

    > [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*:
    0.127 Building static docker-helloworld
    0.127 + CGO_ENABLED=0
    0.127 + GO111MODULE=auto
    0.127 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=5c123b1" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-02T13:52:17Z" -X "github.com/docker/cli/cli/version.Version=pr-5387" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
    0.135 -buildmode=pie requires external (cgo) linking, but cgo is not enabled

This patch sets the CGO_ENABLED variable before sourcing `.variables`,
so that other variables which are conditionally set are handled correctly.

Before this PR:

    #18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
    #18 0.123 Building static docker-helloworld
    #18 0.124 + CGO_ENABLED=0
    #18 0.124 + GO111MODULE=auto
    #18 0.124 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=c8c402e" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T08:28:25Z" -X "github.com/docker/cli/cli/version.Version=pr-5381" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
    ....

With this PR:

    #18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
    #18 0.110 Building static docker-helloworld
    #18 0.110 + GO111MODULE=auto
    #18 0.110 + go build -o /out/plugins-linux-arm/docker-helloworld -tags '' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=050d9d6" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T09:19:05Z" -X "github.com/docker/cli/cli/version.Version=pr-5387"' github.com/docker/cli/cli-plugins/examples/helloworld
    ....

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-03 11:49:43 +02:00
David Karlsson 81744d7aa8 copynit: s/WEB BASED/WEB-BASED/
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-03 11:39:43 +02:00
David Karlsson 2f206fff3c docs: update docker login reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-03 11:38:05 +02:00
Paweł Gronowski 092b5f0fcb
Merge pull request #5389 from thaJeztah/bump_xx
Dockerfile: update xx to v1.5.0
2024-09-02 18:55:05 +00:00
Sebastiaan van Stijn 1e6cbbc3f1
Dockerfile: update xx to v1.5.0
full diff: https://github.com/tonistiigi/xx/compare/v1.4.0...v1.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-02 16:48:29 +02:00
Sebastiaan van Stijn b0c41b78d8
Merge pull request #5383 from laurazard/convert-registry-to-hostname
login: use normalized hostname when storing
2024-09-02 11:43:07 +02:00
Laura Brehm e532eead91
login: use normalized hostname when storing
Normalization/converting the registry address to just a hostname happens
inside of `command.GetDefaultAuthConfig`. Use this value for the rest of
the login flow/storage.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-30 15:43:20 +01:00
Sebastiaan van Stijn 6273e65cee
Merge pull request #5379 from laurazard/dont-normalize-registry-1
Revert "login: normalize `registry-1.docker.io`"
2024-08-29 13:33:12 +02:00
Laura Brehm dab9674db9
Revert "login: normalize `registry-1.docker.io`"
This reverts commit e6624676e0.

Since e6624676e0, during login, we started
normalizing `registry-1.docker.io` to `index.docker.io`. This means that
if a user logs in with `docker login -u [username]
registry-1.docker.io`, the user's credentials get stored in
credhelpers/config.json under `https://index.docker.io/v1/`.

However, while the registry code normalizes an image reference without
registry (`docker pull alpine:latest`) and image references explicitly for
`index.docker.io` (`docker pull index.docker.io/library/alpine:latest`)
to the official index server (`https://index.docker.io/v1/`), and
fetches credentials for that auth key, it does not normalize
`registry-1.docker.io`, which means pulling explicitly from there
(`docker pull registry-1.docker.io/alpine:latest`) will not use
credentials stored under `https://index.docker.io/v1/`.

As such, until changes are made to the registry/pull/push code to
normalize `registry-1.docker.io` to `https://index.docker.io/v1/`, we
should not normalize this during login.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-29 12:16:05 +01:00
Paweł Gronowski 3826f5ad73
Merge pull request #5370 from thaJeztah/fix_linting_issues
Fix linting issues in preparation of Go and GolangCI-lint update
2024-08-26 14:38:07 +02:00
Sebastiaan van Stijn c4a55df7c0
cli: rename args that collided with builtins (predeclard)
cli/required.go:33:22: param min has same name as predeclared identifier (predeclared)
    func RequiresMinArgs(min int) cobra.PositionalArgs {
                         ^
    cli/required.go:50:22: param max has same name as predeclared identifier (predeclared)
    func RequiresMaxArgs(max int) cobra.PositionalArgs {
                         ^
    cli/required.go:67:24: param min has same name as predeclared identifier (predeclared)
    func RequiresRangeArgs(min int, max int) cobra.PositionalArgs {
                           ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-08-26 13:55:28 +02:00
Sebastiaan van Stijn 9c87891278
e2e/global: fix n-constant format string in call (govet)
e2e/global/cli_test.go:217:28: printf: non-constant format string in call to gotest.tools/v3/poll.Continue (govet)
                            return poll.Continue(err.Error())
                                                 ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-08-26 13:54:05 +02:00
Sebastiaan van Stijn f101f07a7b
cli/command: fix n-constant format string in call (govet)
cli/command/utils.go:225:29: printf: non-constant format string in call to github.com/pkg/errors.Wrapf (govet)
                return errors.Wrapf(err, fmt.Sprintf("invalid output path: %q must be a directory or a regular file", path))
                                         ^
    cli/command/manifest/cmd.go:21:33: printf: non-constant format string in call to fmt.Fprintf (govet)
                fmt.Fprintf(dockerCli.Err(), "\n"+cmd.UsageString())
                                             ^
    cli/command/service/remove.go:45:24: printf: non-constant format string in call to github.com/pkg/errors.Errorf (govet)
            return errors.Errorf(strings.Join(errs, "\n"))
                                 ^
    cli/command/service/scale.go:93:23: printf: non-constant format string in call to github.com/pkg/errors.Errorf (govet)
        return errors.Errorf(strings.Join(errs, "\n"))
                             ^
    cli/command/stack/swarm/remove.go:74:24: printf: non-constant format string in call to github.com/pkg/errors.Errorf (govet)
            return errors.Errorf(strings.Join(errs, "\n"))
                                 ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-08-26 13:52:49 +02:00
Sebastiaan van Stijn cc1d7b7ac9
cli/command/system: remove redundant nil-check (gosimple)
cli/command/system/info.go:375:5: S1009: should omit nil check; len() for []github.com/docker/docker/api/types/system.NetworkAddressPool is defined as zero (gosimple)
        if info.DefaultAddressPools != nil && len(info.DefaultAddressPools) > 0 {
           ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-08-26 13:44:42 +02:00
David Karlsson 436080b887
Merge pull request #5360 from dvdksn/update-apireference-link
chore: update link to docker engine api reference
2024-08-22 15:17:45 +02:00
David Karlsson 35626bae8a
Merge pull request #5350 from dvdksn/docs-alerts-syntax
docs: use gh alert syntax for callouts
2024-08-21 11:39:45 +02:00
Sebastiaan van Stijn d47c36debb
Merge pull request #5363 from akerouanton/fix-ps-pbs
cli/formatter: bracket IPv6 addrs prepended to ports
2024-08-20 17:51:14 +02:00
Albin Kerouanton 964155cd27 cli/formatter: bracket IPv6 addrs prepended to ports
On `docker ps`, port bindings with an IPv6 HostIP should have their
addresses put into brackets when joining them to their ports.

RFC 3986 (Section 3.2.2) stipulates that IPv6 addresses should be
enclosed within square brackets. This RFC is only about URIs. However,
doing so here helps user identifier what's part of the IP address and
what's the port. It also makes it easier to copy/paste that
'[addr]:port' into other software (including browsers).

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2024-08-20 17:32:27 +02:00
Laura Brehm 986b077a53
Merge pull request #5361 from laurazard/add-oauth-login-escape-hatch
login: add oauth escape hatch
2024-08-20 12:31:07 +01:00
Laura Brehm a327476f7f
login: add e2e tests for oauth + escape hatch
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-20 11:49:04 +01:00
David Karlsson c974a83391 chore: update link to docker engine api reference
Engine API reference page is moving to /reference/api/engine

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-08-20 12:35:04 +02:00
Laura Brehm 846ecf59ff
login: add oauth escape hatch
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-20 11:16:55 +01:00
David Karlsson 0be9e2faaa
Merge pull request #5347 from dvdksn/update-build-context-link
docs: update link to moved build context doc
2024-08-19 13:13:31 +02:00
Laura Brehm b06db58d8d
Merge pull request #5356 from vvoland/list-tree-gd-spacing
list/tree: No extra spacing for graphdriver
2024-08-19 11:46:07 +01:00