Commit Graph

8512 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 38f54e7926
cli/context/store: remove filePath(), make contextDir() accept name
removing the extra abstraction, and simplify use of contextDir()

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:18:52 +02:00
Sebastiaan van Stijn 9720d5b451
cli/context/store: listContextData(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:06 +02:00
Sebastiaan van Stijn 712cc9a1c7
cli/context/store: remove(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:06 +02:00
Sebastiaan van Stijn 0bcdff2571
cli/context/store: getData(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:06 +02:00
Sebastiaan van Stijn 3b7f13a5e5
cli/context/store: createOrUpdate(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:06 +02:00
Sebastiaan van Stijn c3eb116f9c
cli/context/store: removeAllEndpointData(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:06 +02:00
Sebastiaan van Stijn 42e275eaf6
cli/context/store: TestTlsCreateUpdateGetRemove(): use correct ID
This test was depending on the fact that contextDir's are a string,
and for the test is was using the context _name_ as a pseudo-ID.

This patch updates the test to be more explicit where ID's and where
names are used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:05 +02:00
Sebastiaan van Stijn d0398c423f
cli/context/store: removeAllContextData(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally. This also fixes a test which incorrectly used "names" as
pseudo-IDs.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:05 +02:00
Sebastiaan van Stijn f843c42c05
cli/context/store: listRecursivelyMetadataDirs(): use filepath.Join()
Looks like the intent here is to get the path of a subdirectory.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:05 +02:00
Sebastiaan van Stijn c6dfff131f
cli/context/store: metadataStore.get(), .remove(): accept name instead of ID
This allows callers to just pass the name, and handle the conversion to ID and
path internally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 10:35:05 +02:00
Sebastiaan van Stijn 90f1238fb2
cli-plugins/manager: add IsPluginCommand(() utility
This makes it more convenient to check if a command is a plugin-stub

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 02:24:23 +02:00
Sebastiaan van Stijn a496a7d501
Merge pull request #3795 from thaJeztah/ignore_stubs_in_aliases
fix broken alias check is buildx is installed as alias for builder
2022-09-30 02:24:04 +02:00
Sebastiaan van Stijn 7af8aac169
fix broken alias check is buildx is installed as alias for builder
Commit cbec75e2f3 updated `runDocker()` to load
plugin-stubs before `processAliases()` was executed. As a result, plugin
stubs were considered as "builtin commands", causing the alias verification
to fail;

Without alias installed:

```bash
docker version
Client:
 Version:           22.06.0-beta.0-140-g3dad26ca2.m
 API version:       1.42
 Go version:        go1.19.1
 Git commit:        3dad26ca2
 Built:             Wed Sep 28 22:36:09 2022
 OS/Arch:           darwin/arm64
 Context:           default
...
```

After running `docker buildx install`;

```bash
./build/docker buildx install

cat ~/.docker/config.json
{
    "aliases": {
        "builder": "buildx"
    }
}

./build/docker version
not allowed to alias with builtin "buildx" as target
```

This patch moves loading the stubs _after_ the call to `processAliases()`, so
that verification passes. As an extra precaution, the `processAliases()` function
is also updated to exclude plugin-stub commands.

Note that cbec75e2f3 also introduced a performance
regression, which may be related to the early loading of plugins (and creating
stubs); it looks like various other code locations may also be loading plugins,
for example `tryPluginRun()` calls `pluginmanager.PluginRunCommand()`, which
also traverses plugin directories.

We should look under what circumstances the plugin stub-commands are actually
needed, and make sure that they're only created in those situations.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-29 22:40:51 +02:00
Sebastiaan van Stijn ef80de39ab
Merge pull request #3792 from thaJeztah/compose_tests
cli/compose: remove redundant reflection from tests
2022-09-29 16:15:21 +02:00
Sebastiaan van Stijn a9ccb6552d
cli/compose: remove redundant reflection from tests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-29 15:35:31 +02:00
Sebastiaan van Stijn c39dfc3801
Merge pull request #3791 from thaJeztah/context_force_remove
docker context rm: allow --force to ignore non-existing contexts
2022-09-29 11:26:12 +02:00
Sebastiaan van Stijn 9a493b1bf7
docker context rm: allow --force to ignore non-existing contexts
Before this change, running `docker context rm --force` would fail if the context
did not exist. This behavior was different from other commands, which allowed
ignoring non-existing objects.

For example; when trying to remove a non-existing volume, the command would
fail without "force":

```bash
docker volume rm nosuchvolume
Error: No such volume: nosuchvolume
echo $?
1
```

But using the `-f` / `--force` option would make the command complete successfully
(the error itself is still printed for informational purposes);

```bash
docker volume rm -f nosuchvolume
nosuchvolume
echo $?
0
```

With this patch, `docker context rm` behaves the same:

```bash
docker context rm nosuchcontext
context "nosuchcontext" does not exist
echo $?
1
```

```bash
docker context rm -f nosuchcontext
nosuchcontext
echo $?
0
```

This patch also simplifies how we check if the context exists; previously we
would try to read the context's metadata; this could fail if a context was
corrupted, or if an empty directory was present. This patch now only checks
if the directory exists, without first validating the context's data.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-29 10:57:51 +02:00
Sebastiaan van Stijn 3dad26ca2d
Merge pull request #3760 from thaJeztah/update_credshelpers
vendor: github.com/docker/docker-credential-helpers v0.7.0
2022-09-22 19:07:00 +02:00
Sebastiaan van Stijn b07a52195e
Merge pull request #3784 from thaJeztah/bump_gotest_tools
vendor: gotest.tools v3.3.0 and use t.SetEnv()
2022-09-22 17:48:26 +02:00
Sebastiaan van Stijn ef2a826636
vendor: gotest.tools v3.3.0
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.1.0...v3.3.0

- golden: accept -update for updating files
- assert: golden variables

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 17:28:07 +02:00
Sebastiaan van Stijn 28b0aa9f1a
replace uses of deprecated env.Patch()
Also removing redundant defer for env.PatchAll(), which is now automatically
handled in t.Cleanup()

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 17:28:07 +02:00
Sebastiaan van Stijn 843e71672f
vendor: github.com/docker/docker-credential-helpers v0.7.0
no significant local changes

full diff: https://github.com/docker/docker-credential-helpers/compare/v0.6.4...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 17:27:16 +02:00
Sebastiaan van Stijn 320337f17a
Merge pull request #3783 from thaJeztah/update_engine
vendor: docker v20.10.3-0.20220922131805-e143eed8bc4f (22.06 branch)
2022-09-22 17:25:50 +02:00
Sebastiaan van Stijn de2105d151
vendor: docker v20.10.3-0.20220922131805-e143eed8bc4f (22.06 branch)
full diff: 8af2e62556...e143eed8bc

- client: ignore kernel-memory on API >= 1.42

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 15:31:25 +02:00
Sebastiaan van Stijn edd51b2288
Merge pull request #3779 from imjasonh/created-na
cli: use N/A as placeholder for old CREATED dates
2022-09-22 10:57:19 +02:00
Jason Hall 90db6b82a3
cli: use N/A as placeholder for old CREATED dates
Signed-off-by: Jason Hall <jason@chainguard.dev>
2022-09-19 12:08:10 -04:00
Sebastiaan van Stijn 06cbd267c9
Merge pull request #3778 from imjasonh/created
cli: hide old CREATED times, instead of "52 years ago"
2022-09-16 18:21:21 +01:00
Jason Hall 0253634f59
cli: hide old CREATED times, instead of "52 years ago"
Signed-off-by: Jason Hall <jason@chainguard.dev>
2022-09-16 10:52:12 -04:00
Sebastiaan van Stijn 9ac8584acf
Merge pull request #3775 from thaJeztah/bump_engine
vendor: docker v20.10.3-0.20220909113731-8af2e62556de (22.06 branch)
2022-09-11 21:44:21 +02:00
Sebastiaan van Stijn beb92650d1
vendor: docker v20.10.3-0.20220909113731-8af2e62556de (22.06 branch)
full diff: b5a0d7a188...8af2e62556

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-10 19:12:42 +02:00
Sebastiaan van Stijn 8771b956ea
vendor: github.com/klauspost/compress v1.15.9
various fixes in zstd compression

- https://github.com/klauspost/compress/releases/tag/v1.15.9
- https://github.com/klauspost/compress/releases/tag/v1.15.8
- https://github.com/klauspost/compress/releases/tag/v1.15.7
- https://github.com/klauspost/compress/releases/tag/v1.15.6
- https://github.com/klauspost/compress/releases/tag/v1.15.5
- https://github.com/klauspost/compress/releases/tag/v1.15.4
- https://github.com/klauspost/compress/releases/tag/v1.15.3
- https://github.com/klauspost/compress/releases/tag/v1.15.2

full diff: https://github.com/klauspost/compress/compare/v1.15.1...v1.15.9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-10 18:50:02 +02:00
Sebastiaan van Stijn 813bd79471
Merge pull request #3767 from thaJeztah/bump_go_119
update to golang 1.19.1
2022-09-08 16:14:37 +02:00
Sebastiaan van Stijn 48da8a4b3b
Merge pull request #3764 from thaJeztah/cli_remove_intermediate_var
cli: createContainer() remove intermediate variable
2022-09-08 16:14:20 +02:00
Sebastiaan van Stijn 3a17d8a909
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:

We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:

- net/http: handle server errors after sending GOAWAY
  A closing HTTP/2 server connection could hang forever waiting for a clean
  shutdown that was preempted by a subsequent fatal error. This failure mode
  could be exploited to cause a denial of service.

  Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
  and Kaan Onarlioglu for reporting this.

  This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.

- net/url: JoinPath does not strip relative path components in all circumstances
  JoinPath and URL.JoinPath would not remove `../` path components appended to a
  relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
  URL `https://go.dev/../go`, despite the JoinPath documentation stating that
  `../` path elements are cleaned from the result.

  Thanks to q0jt for reporting this issue.

  This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.

Release notes:

go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-08 10:40:08 +02:00
Sebastiaan van Stijn 07ac2d8dc4
update to golang 1.19
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-08 10:40:06 +02:00
Sebastiaan van Stijn 2ae9e21c1a
Merge pull request #3774 from thaJeztah/bump_x_net
vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
2022-09-08 10:19:17 +02:00
Sebastiaan van Stijn a76f6405a4
Merge pull request #3772 from thaJeztah/bump_golang_1.18.6
Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
2022-09-08 10:18:47 +02:00
Sebastiaan van Stijn fc7e831a6a
vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
Update to the latest version that contains a fix for CVE-2022-27664;
f3363e06e7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 23:14:47 +02:00
Sebastiaan van Stijn 1061f74496
Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:

We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:

- net/http: handle server errors after sending GOAWAY
  A closing HTTP/2 server connection could hang forever waiting for a clean
  shutdown that was preempted by a subsequent fatal error. This failure mode
  could be exploited to cause a denial of service.

  Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
  and Kaan Onarlioglu for reporting this.

  This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.

- net/url: JoinPath does not strip relative path components in all circumstances
  JoinPath and URL.JoinPath would not remove `../` path components appended to a
  relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
  URL `https://go.dev/../go`, despite the JoinPath documentation stating that
  `../` path elements are cleaned from the result.

  Thanks to q0jt for reporting this issue.

  This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.

Release notes:

go1.18.6 (released 2022-09-06) includes security fixes to the net/http package,
as well as bug fixes to the compiler, the go command, the pprof command, the
runtime, and the crypto/tls, encoding/xml, and net packages. See the Go 1.18.6
milestone on the issue tracker for details;

https://github.com/golang/go/issues?q=milestone%3AGo1.18.6+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 22:11:15 +02:00
Sebastiaan van Stijn e97d5d54c3
Merge pull request #3761 from thaJeztah/newcli_dedup
cli/command: NewDockerCli(): use WithStandardStreams()
2022-09-06 16:48:33 +02:00
Sebastiaan van Stijn 75774356a9
Merge pull request #3769 from thaJeztah/opts_deadcode
opts: remove unused RuntimeOpt
2022-09-06 16:47:08 +02:00
Sebastiaan van Stijn f57200535b
Merge pull request #3766 from thaJeztah/bump_go_units
vendor: github.com/docker/go-units v0.5.0
2022-09-06 16:46:46 +02:00
Sebastiaan van Stijn e59fd19e16
Merge pull request #3768 from thaJeztah/update_golangci_lint
update to golangci-lint v1.49.0 for compatibilty with go1.19
2022-09-06 11:05:51 +02:00
Sebastiaan van Stijn 0dd2c18082
golangci-lint: update to v1.49.0 for compatibilty with go1.19
Remove the "deadcode", "structcheck", and "varcheck" linters, as they are
deprecated:

    WARN [runner] The linter 'deadcode' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [runner] The linter 'structcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [runner] The linter 'varcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [linters context] structcheck is disabled because of generics. You can track the evolution of the generics support by following the golangci/golangci-lint#2649.

And ignore gosec G113, which only affects gp < 1.16.14. and go < 1.17.7

    opts/opts.go:398:13: G113: Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772) (gosec)
        cpu, ok := new(big.Rat).SetString(value)
                   ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:47 +02:00
Sebastiaan van Stijn 3dfdaa6458
linting: assigned to src, but reassigned without using the value (wastedassign)
cli/command/container/opts.go:928:2: assigned to src, but reassigned without using the value (wastedassign)
        src := ""
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:45 +02:00
Sebastiaan van Stijn 98654202c2
linting: G112: Potential Slowloris Attack
Picking 2 seconds, although that's just a randomly picked timeout;
given that this is only for testing, it's not too important.

    e2e/plugin/basic/basic.go:25:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: http.NewServeMux(),
        }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:43 +02:00
Sebastiaan van Stijn b58731fa46
linting: ST1005: error strings should not be capitalized (stylecheck)
While fixing, also updated errors without placeholders to `errors.New()`, and
updated some code to use pkg/errors if it was already in use in the file.

    cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
                   ^
    cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
                   ^
    cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
                   ^
    cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck)
                return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
                                                                                      ^
    cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck)
            return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
                                                                                  ^
    cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
                   ^
    cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck)
            return *target, fmt.Errorf("No tag specified")
                            ^
    cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", "))
                   ^
    cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", "))
                   ^
    cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck)
            return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix")
                          ^
    cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck)
            return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName)
                          ^
    opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid bind address format: %s", addr)
                       ^
    opts/hosts.go💯14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
                       ^
    opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
                       ^
    opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
                       ^
    opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
                       ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:42 +02:00
Sebastiaan van Stijn b508b0fc31
linting: ST1017: don't use Yoda conditions (stylecheck)
opts/envfile_test.go:157:5: ST1017: don't use Yoda conditions (stylecheck)
        if 1 != len(variables) {
           ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:40 +02:00
Sebastiaan van Stijn 7cec7101c4
linting: tabwriter: ignore stylecheck
We try to keep this package close to upstream golang's code, so suppress the
linter warning.

    cli/command/formatter/tabwriter/tabwriter.go:200:1: ST1020: comment on exported method Init should be of the form "Init ..." (stylecheck)
    // A Writer must be initialized with a call to Init. The first parameter (output)
    ^
    cli/command/formatter/tabwriter/tabwriter.go:425:1: ST1022: comment on exported const Escape should be of the form "Escape ..." (stylecheck)
    // To escape a text segment, bracket it with Escape characters.
    ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:39 +02:00
Sebastiaan van Stijn cef858170d
linting: os.Setenv() can be replaced by `t.Setenv()` (tenv)
cli/command/cli_options_test.go:29:2: os.Setenv() can be replaced by `t.Setenv()` in TestWithContentTrustFromEnv (tenv)
        os.Setenv(envvar, "true")
        ^
    cli/command/cli_options_test.go:31:2: os.Setenv() can be replaced by `t.Setenv()` in TestWithContentTrustFromEnv (tenv)
        os.Setenv(envvar, "false")
        ^
    cli/command/cli_options_test.go:33:2: os.Setenv() can be replaced by `t.Setenv()` in TestWithContentTrustFromEnv (tenv)
        os.Setenv(envvar, "invalid")
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:37 +02:00