Commit Graph

6698 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 9a690c9ac9
vendor: update opencontainers/runc v1.0.0-rc10
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc9...v1.0.0-rc10

no local changes

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-12 18:45:26 +01:00
Sebastiaan van Stijn 751f320eed
vendor: bump google/shlex e7afc7fbc51079733e9468cdfd1efcd7d196cd1d
full diff: c34317bd91...e7afc7fbc5

Adds a go.mod

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-12 18:45:24 +01:00
Sebastiaan van Stijn 0fe7190d04
vendor: update fsutil 0f039a052ca1da01626278199624b62aed9b3729
full diff: 7f9f9232dd...0f039a052c

- tonistiigi/fsutil#69 receive: use filter on receive diff
    - prevents incremental transfers with userns because the metadata
      on disk is always different than the one being transferred.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-12 18:45:22 +01:00
Sebastiaan van Stijn 48f97602f4
vendor: add comment that hcsshim is v0.8.7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-12 18:45:20 +01:00
Sebastiaan van Stijn 9b549401b6
vendor: update docker to 58c2615208962a458ed94f4b6262eb27e5e021cd
full diff: a9507c6f76...58c2615208

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-12 18:45:12 +01:00
Silvin Lubecki e6ea7c2233
Merge pull request #2329 from thaJeztah/add_missing_vendor
vendor: add missing containerd/cgroups dependency
2020-02-12 18:21:34 +01:00
Sebastiaan van Stijn 6cb7e6fcac
vendor: add missing containerd/cgroups dependency
This dependency is references in the hcsshim package, but
was not added when hcsshim was updated in dff269b5e4

The missing dependency was printed as a warning by vndr:

    WARNING: dependency is not vendored: github.com/containerd/cgroups/stats/v1

But somehow didn't get noticed in CI (possibly because our "make cross" builds
multiple targets, and a single failure isn't noticed?)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-12 16:53:01 +01:00
Silvin Lubecki fbc816f018
Merge pull request #2328 from thaJeztah/bump_vndr
update vndr v0.1.1
2020-02-12 14:50:37 +01:00
Sebastiaan van Stijn 7c54406951
update vndr v0.1.1
full diff: https://github.com/LK4D4/vndr/compare/v0.1.0...v0.1.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-12 12:48:24 +01:00
Silvin Lubecki b52debd931
Merge pull request #2323 from thaJeztah/remove_deprecated_filters_opt
docs: update deprecation status of "filter" option
2020-02-11 18:01:39 +01:00
Sebastiaan van Stijn 8ef8547eb6
Merge pull request #2024 from rgulewich/1988-run-cgroupns-mode
docker run: specify cgroup namespace mode with --cgroupns
2020-02-11 11:16:05 +01:00
Sebastiaan van Stijn 58c76291ca
docs: update deprecation status of "filter" option
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 17:24:52 +01:00
Silvin Lubecki fc1d789a5e
Merge pull request #2322 from thaJeztah/update_legacy_registry_deprecation
docs: update deprecated status for --disable-legacy-registry
2020-02-10 17:23:36 +01:00
Silvin Lubecki 4c665a85ab
Merge pull request #2321 from thaJeztah/deprecate_docs_engine_and_dab
docs: update deprecation status of "engine *" commands, and dab files
2020-02-10 17:21:57 +01:00
Sebastiaan van Stijn 73c9a44d58
docs: update deprecated status for --disable-legacy-registry
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 16:52:21 +01:00
Sebastiaan van Stijn 74677110d2
docs: update deprecation status of "engine *" commands, and dab files
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 16:40:11 +01:00
Sebastiaan van Stijn a15ff3aba1
Merge pull request #2319 from thaJeztah/update_deprecated
docs: updated "deprecated features" page
2020-02-10 16:29:30 +01:00
Silvin Lubecki ad05e2896e
Merge pull request #2318 from thaJeztah/node_constraint_docs_fixes
docs: service create: document os/arch constraints and more examples
2020-02-10 15:34:55 +01:00
Sebastiaan van Stijn f26e9a3a61
docs: service create: document os/arch constraints and more examples
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 15:27:31 +01:00
Silvin Lubecki 787e6387b7
Merge pull request #2316 from thaJeztah/carry_325_reserve_memory_example
Give an example for --reserve-memory (carry 325)
2020-02-10 15:12:41 +01:00
Sebastiaan van Stijn d4c0de2719
docs: add status table to "deprecated.md"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 15:07:41 +01:00
Sebastiaan van Stijn e8c2dba697
docs: mark deprecation of "docker engine" subcommands
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 15:06:20 +01:00
Sebastiaan van Stijn c7aca08497
docs: mark deprecation of "dab" files and top-level "deploy" subcommand
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 15:05:09 +01:00
Sebastiaan van Stijn b6875ad690
docs: sort "deprecated.md" by deprecation release
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 15:03:42 +01:00
Sebastiaan van Stijn 672c00e1cc
docs: update some release-versions in "deprecated.md"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 14:28:35 +01:00
Sebastiaan van Stijn c3092d9408
docs: minor touch-ups in "deprecated.md"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 14:27:22 +01:00
Sebastiaan van Stijn b059c93c92
docs: service create: document non-matching/exclude constraints
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 12:14:48 +01:00
Sebastiaan van Stijn abeb7babdf
docs: service create: use markdown table for constraints
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 11:13:26 +01:00
Misty Stanley-Jones 76852f82ba
Give an example for --reserve-memory
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 10:48:32 +01:00
Sebastiaan van Stijn e6f9e5e283 Merge pull request #2312 from thaJeztah/carry_855_config_opts
Add examples for configs (carry 855)
2020-02-10 10:37:23 +01:00
Sebastiaan van Stijn d104cfefe5
Merge pull request #2309 from Abreto/Abreto-patch-1
Fix a typo and enhance a script in an example
2020-02-06 22:30:37 +01:00
Abreto FU 07436dfe78
Remove a useless '\' and enhance a script in an example in the section 'Add entries ... (--add-host)'
Signed-off-by: Abreto FU <public@abreto.email>
2020-02-06 20:45:58 +00:00
Misty Stanley-Jones 473a9d20cd
Add examples for configs
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-06 19:16:20 +01:00
Sebastiaan van Stijn 8e9ab9d8c1
Merge pull request #2310 from thaJeztah/carry_2026
Syntax corrected
2020-02-06 16:25:20 +01:00
Venkateswara Reddy Bukkasamudram 74cc062d24
Syntax corrected
Below are the changes proposed.
- Corrected syntax error.
- Updated example commands to maintain consistency.
- Provided more clarity.

Signed-off-by: Venkateswara Reddy Bukkasamudram <bukkasamudram@outlook.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-06 16:10:34 +01:00
Silvin Lubecki 2dcd4d3d29
Merge pull request #2308 from simonferquel/support-username-password
Add support for Kubernetes username/password auth
2020-02-06 14:54:33 +01:00
Silvin Lubecki d43bb2a5f2
Merge pull request #2296 from thaJeztah/carry_1889_build_docs_update
Builder docs update [carry 1889]
2020-02-06 14:38:26 +01:00
Simon Ferquel 17e651dc54 Add support for Kubernetes username/password auth
This is required for supporting some Kubernetes distributions such as
rancher/k3s.

It comes with a test case validating correct parsing of a k3s kubeconfig
file

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2020-02-04 11:31:28 +01:00
Silvin Lubecki 5d0cf88394
Merge pull request #2220 from thaJeztah/push_all_flag
implement docker push -a/--all-tags
2020-01-30 16:27:16 +01:00
Rob Gulewich 5ad1d4d4c8 docker run: specify cgroup namespace mode with --cgroupns
Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2020-01-29 22:50:37 +00:00
Tõnis Tiigi 2079e743c4
Merge pull request #2300 from thaJeztah/bump_golang_1.12.16
Update Golang 1.12.16, golang.org/x/crypto (CVE-2020-0601, CVE-2020-7919)
2020-01-29 13:51:15 -08:00
Sebastiaan van Stijn 27d9aa2d9f
vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919)
Includes 69ecbb4d6d
(forward-port of 8b5121be2f),
which fixes CVE-2020-7919:

- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
  On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
  functions of golang.org/x/crypto/cryptobyte can lead to a panic.
  The malformed certificate can be delivered via a crypto/tls connection to a
  client, or to a server that accepts client certificates. net/http clients can
  be made to crash by an HTTPS server, while net/http servers that accept client
  certificates will recover the panic and are unaffected.
  Thanks to Project Wycheproof for providing the test cases that led to the
  discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-29 11:25:09 +01:00
Sebastiaan van Stijn 19fd390c36
Update Golang 1.12.16 (CVE-2020-0601, CVE-2020-7919)
full diff: https://github.com/golang/go/compare/go1.12.15...go1.12.16

go1.12.16 (released 2020/01/28) includes two security fixes. One mitigates the
CVE-2020-0601 certificate verification bypass on Windows. The other affects only
32-bit architectures.

https://github.com/golang/go/issues?q=milestone%3AGo1.12.16+label%3ACherryPickApproved

- X.509 certificate validation bypass on Windows 10
  A Windows vulnerability allows attackers to spoof valid certificate chains when
  the system root store is in use. These releases include a mitigation for Go
  applications, but it’s strongly recommended that affected users install the
  Windows security update to protect their system.
  This issue is CVE-2020-0601 and Go issue golang.org/issue/36834.
- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
  On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
  functions of golang.org/x/crypto/cryptobyte can lead to a panic.
  The malformed certificate can be delivered via a crypto/tls connection to a
  client, or to a server that accepts client certificates. net/http clients can
  be made to crash by an HTTPS server, while net/http servers that accept client
  certificates will recover the panic and are unaffected.
  Thanks to Project Wycheproof for providing the test cases that led to the
  discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
  This is also fixed in version v0.0.0-20200124225646-8b5121be2f68 of golang.org/x/crypto/cryptobyte.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-29 11:23:02 +01:00
Tonis Tiigi 4f3bc15817
docs: document dockerignore update
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 19:37:25 +01:00
Tonis Tiigi f7009ee126
docs: document build outputs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 19:37:22 +01:00
Tonis Tiigi 73cd257d0f
docs: document cache-from
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 19:37:15 +01:00
Silvin Lubecki 774216439b
Merge pull request #2275 from thaJeztah/bump_utils
Bump vndr v0.1.0, mjibson/esc v0.2.0, gotestsum v0.4.0
2020-01-28 16:27:35 +01:00
Sebastiaan van Stijn 9e620e990f
implement docker push -a/--all-tags
The `docker push` command up until [v0.9.1](https://github.com/moby/moby/blob/v0.9.1/api/client.go#L998)
always pushed all tags of a given image, so `docker push foo/bar` would push (e.g.)
all of  `foo/bar:latest`, `foo:/bar:v1`, `foo/bar:v1.0.0`.

Pushing all tags of an image was not desirable in many case, so docker v0.10.0
enhanced `docker push` to optionally specify a tag to push (`docker push foo/bar:v1`)
(see https://github.com/moby/moby/issues/3411 and the pull request that implemented
this: https://github.com/moby/moby/pull/4948).

This behavior exists up until today, and is confusing, because unlike other commands,
`docker push` does not default to use the `:latest` tag when omitted, but instead
makes it push "all tags of the image"

For example, in the following situation;

```
docker images

REPOSITORY          TAG                        IMAGE ID            CREATED             SIZE
thajeztah/myimage   latest                     b534869c81f0        41 hours ago        1.22MB
```

Running `docker push thajeztah/myimage` seemingly does the expected behavior (it
pushes `thajeztah/myimage:latest` to Docker Hub), however, it does not so for the
reason expected (`:latest` being the default tag), but because `:latest` happens
to be the only tag present for the `thajeztah/myimage` image.

If another tag exists for the image:

```
docker images

REPOSITORY          TAG                        IMAGE ID            CREATED             SIZE
thajeztah/myimage   latest                     b534869c81f0        41 hours ago        1.22MB
thajeztah/myimage   v1.0.0                     b534869c81f0        41 hours ago        1.22MB
```

Running the same command (`docker push thajeztah/myimage`) will push _both_ images
to Docker Hub.

> Note that the behavior described above is currently not (clearly) documented;
> the `docker push` reference documentation (https://docs.docker.com/engine/reference/commandline/push/)
does not mention that omitting the tag will push all tags

This patch changes the default behavior, and if no tag is specified, `:latest` is
assumed. To push _all_ tags, a new flag (`-a` / `--all-tags`) is added, similar
to the flag that's present on `docker pull`.

With this change:

- `docker push myname/myimage` will be the equivalent of `docker push myname/myimage:latest`
- to push all images, the user needs to set a flag (`--all-tags`), so `docker push --all-tags myname/myimage:latest`

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 16:21:06 +01:00
Silvin Lubecki 82b2fda758
Merge pull request #2298 from thaJeztah/bump_yaml
vendor: bump gopkg.in/yaml.v2 v2.2.8
2020-01-28 16:07:55 +01:00
Sebastiaan van Stijn 3dfcfbb2bf
vendor: bump gopkg.in/yaml.v2 v2.2.8
full diff: https://github.com/go-yaml/yaml/compare/v2.2.3...v2.2.8

includes:

- go-yaml/yaml 515 Improve heuristics preventing CPU/memory abuse
- go-yaml/yaml@f90ceb4f40 Fix check for non-map alias merging in v2
    - fix for "yaml.Unmarshal crashes on "assignment to entry in nil map""
- go-yaml/yaml 543 Port stale simple_keys fix to v2
- go-yaml/yaml@1f64d6156d Fix issue in simple_keys improvements
    - fixes "Invalid simple_keys now cause panics later in decode"
- go-yaml/yaml 555 Optimize cases with long potential simple_keys

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 15:44:12 +01:00