Commit Graph

7915 Commits

Author SHA1 Message Date
Sebastiaan van Stijn bc2c8d7599
vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
full diff: 5770296d90...3147a52a75

This version contains a fix for CVE-2022-27191 (not sure if it affects us).

From the golang mailing list:

    Hello gophers,

    Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements
    client authentication support for signature algorithms based on SHA-2 for use with
    existing RSA keys.

    Previously, a client would fail to authenticate with RSA keys to servers that
    reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default
    and—starting today March 15, 2022 for recently uploaded keys.

    We are providing this announcement as the error (“ssh: unable to authenticate”)
    might otherwise be difficult to troubleshoot.

    Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also
    fixes a potential security issue where an attacker could cause a crash in a
    golang.org/x/crypto/ssh server under these conditions:

    - The server has been configured by passing a Signer to ServerConfig.AddHostKey.
    - The Signer passed to AddHostKey does not also implement AlgorithmSigner.
    - The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.

    Servers that only use Signer implementations provided by the ssh package are
    unaffected. This is CVE-2022-27191.

    Alla prossima,

    Filippo for the Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 14:03:33 +01:00
Nicolas De loof d8afb01e00
Merge pull request #3466 from glebsts/docker-push-all-tags-docs-improve-signed 2022-03-17 12:27:23 +01:00
Sebastiaan van Stijn 994d6b7fc2
Dockerfile: use syntax=docker/dockerfile:1
Now that HEREDOC is included in the stable Dockerfile syntax, we can
use the latest stable syntax for all Dockerfiles.

The recommendation for the stable syntax is to use `:1` (which is
equivalent to "latest" stable syntax.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 10:40:17 +01:00
Nicolas De loof 11c76f1ddb
Merge pull request #3474 from thaJeztah/bump_deps_for_buildkit_containerd 2022-03-17 10:12:01 +01:00
Sebastiaan van Stijn 4f118c7636
vendor: github.com/docker/swarmkit 616e8db4c3b0
full diff: 3629f50980...616e8db4c3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:39:52 +01:00
Sebastiaan van Stijn 02a06cf9aa
vendor: golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
intermediate bump for easier review

full diff: 3af7569d3a...1f47c861a9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:25:40 +01:00
Sebastiaan van Stijn bc54802f5e
vendor: golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b
full diff: 7de9c90e9d...6886f2dfbf

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:24:03 +01:00
Sebastiaan van Stijn 56f51a35c1
vendor: golang.org/x/crypto v0.0.0-20211202192323-5770296d904e
intermediate bump for easier review

full diff: 5770296d90...5770296d90

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:22:18 +01:00
Sebastiaan van Stijn 1bb2591444
vendor: golang.org/x/net v0.0.0-20211216030914-fe4d6282115f
intermediate bump for easier review

full diff: e18ecbb051...fe4d628211

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:21:39 +01:00
Sebastiaan van Stijn ce2e036ad4
vendor: github.com/opencontainers/runc v1.1.0
intermediate bump for easier review

full diff: https://github.com/opencontainers/runc/compare/v1.0.3...v1.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:19:05 +01:00
Sebastiaan van Stijn fdbb5953a6
vendor: github.com/klauspost/compress v1.15.0
intermediate bump for easier review

full diff: https://github.com/klauspost/compress/compare/v1.14.3...v1.15.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:18:59 +01:00
Sebastiaan van Stijn 2b7cb5b1bf
vendor: github.com/cespare/xxhash v2.1.2
intermediate bump for easier review

full diff: https://github.com/cespare/xxhash/compare/v2.1.1...v2.1.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:15:00 +01:00
Sebastiaan van Stijn 7eba0dad8c
Merge pull request #2953 from Busindre/patch-1
Update the list of log drivers
2022-03-16 00:34:24 +01:00
Sebastiaan van Stijn 0117ca617a
Merge pull request #2704 from StefanScherer/master-fix-docs-11319
Reference docs: Fix CMD --ignored-param1 example
2022-03-16 00:09:12 +01:00
Stefan Scherer 119c7fb84d
Fix CMD --ignored-param1 example
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Stefan Scherer <stefan.scherer@docker.com>
2022-03-15 23:34:31 +01:00
Sebastiaan van Stijn 1f4111d2bf
Merge pull request #2819 from thaJeztah/remove_registry_negotiation
registry: don't call "/info" API endpoint to get default registry
2022-03-15 17:26:56 +01:00
Sebastiaan van Stijn b4ca1c7368
registry: don't call "/info" API endpoint to get default registry
The CLI currenly calls the `/info` endpoint to get the address
of the default registry to use.

This functionality was added as part of the initial Windows implementation
of the engine. For legal reasons, Microsoft Windows (and thus Docker images
based on Windows) were not allowed to be distributed through non-Microsoft
infrastructure. As a temporary solution, a dedicated "registry-win-tp3.docker.io"
registry was created to serve Windows images.

As a result, the default registry was no longer "fixed", so a helper function
(`ElectAuthServer`) was added to allow the CLI to get the correct registry
address from the daemon. (docker/docker PR's/issues 18019, 19891, 19973)

Using separate registries was not an ideal solution, and a more permanent
solution was created by introducing "foreign image layers" in the distribution
spec, after which the "registry-win-tp3.docker.io" ceased to exist, and
removed from the engine through docker/docker PR 21100.

However, the `ElectAuthServer` was left in place, quoting from that PR;

> make the client check which default registry the daemon uses is still
> more correct than leaving it up to the client, even if it won't technically
> matter after this PR. There may be some backward compatibility scenarios
> where `ElectAuthServer` [sic] is still helpful.

That comment was 5 years ago, and given that the engine and cli are
released in tandem, and the default registry is not configurable, we
can save the extra roundtrip to the daemon by using a fixed value.

This patch deprecates the `ElectAuthServer` function, and makes it
return the default registry without calling (potentially expensie)
`/info` API endpoint.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 16:30:42 +01:00
Sebastiaan van Stijn 3304c49771
Merge pull request #2936 from silvin-lubecki/format-json
Add --format=json to inspect and list commands
2022-03-15 16:22:16 +01:00
Djordje Lukic 9c0234bbcb
Output compact JSON by default for --format=json
With this change all `inspect` commands will output a compact JSON
representation of the elements, the default format (indented JSON) stays the
same.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 15:42:35 +01:00
Silvin Lubecki d8ecb00dda
Update shell completion scripts
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2022-03-15 15:36:04 +01:00
Silvin Lubecki b4af799686
Update reference documentation
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 15:36:02 +01:00
Silvin Lubecki 0611be0f09
Update man pages
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2022-03-15 15:35:59 +01:00
Silvin Lubecki a4a734df44
Update list commands with better format flag description
including all the directives and a link to the documentation.

Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 15:35:53 +01:00
Silvin Lubecki eb27a94c3f
Added "json" as specific value for --format flag in list commands, as an alias to `{{json .}}`
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 15:33:19 +01:00
Silvin Lubecki 84d47b544e
Add "json" as default value to format flag in all inspect commands.
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 15:31:16 +01:00
Silvin Lubecki c700bbcb4b
Add specific "json" value to format flag with inspect commands to output json, as empty flag does.
Added tests on that new behavior.

Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 15:19:45 +01:00
Sebastiaan van Stijn 6745f62a0b
Merge pull request #3136 from thaJeztah/remove_clientinfo
Remove ClientInfo as it is not practically used.
2022-03-15 15:12:22 +01:00
Sebastiaan van Stijn d977030f79
Merge pull request #3470 from thaJeztah/shooting_stars_never_stop_even_when_they_reach_the_top
search: do not sort results by stars on client side
2022-03-15 15:10:56 +01:00
Sebastiaan van Stijn 831704e56c
search: do not sort results by stars on client side
Once upon a time, there was a website named ["The Docker index"][2]; a complimentary
service for users of Docker, provided by dotCloud. The Docker Index was the place
to find and explore pre-made container images, and allowed you to [share your
images and download them][1]. The Docker Index evolved rapidly, and gained new
features, such as [Trusted Images][3], and "stars" to rank your favorite images.

The website also provided an API, which allowed you to search images, even from
the comfort of your `docker` CLI. Things moved fast in container-land, and while
there was an API to use, it was still a work in progress. While the Docker Index
allowed users to "star" images, the search API did not rank results accordingly.

As any engineer knows, there's no problem that can't be solved with some elbow-
grease and a piece of Duct tape, so while the Docker Index team worked on making
the search API better, the `docker` engine [fixed the problem on the client side][4]

Years went by, and the Docker Index API became the "registry V1" specification,
including search. The registry got a major "v2" rewrite and became the [OCI Distribution
Spec][5], and Docker Index became Docker Hub, which included V2 and V3 search APIs.
The V1 search API continued to be supported, as it was the only documented API
for registries, but improvements were made, including ranking of search results.

Duct tape is durable, and even though improvements were made, the Docker client
continued to sort the results as well. Unfortunately, this meant that search
results on the command-line were ranked different from their equivalent on the
registry (such as Docker Hub).

This patch removes the client-side sorting of results, using the order in which
the search API returned them to (finally) celebrate the work of the engineers
working on the search API, also when used from the command-line.

[1]: https://web.archive.org/web/20130708004229/http://docker.io/
[2]: https://web.archive.org/web/20130623223614/https://index.docker.io/
[3]: https://web.archive.org/web/20140208001647/https://index.docker.io/
[4]: 1669b802cc
[5]: https://github.com/opencontainers/distribution-spec

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 14:20:22 +01:00
Sebastiaan van Stijn 55cb22de36
Merge pull request #3125 from thaJeztah/docs_update_buildkit_note
docs: remove note about buildkit not supporting git subdirectories
2022-03-15 13:06:48 +01:00
Sebastiaan van Stijn 4f1ba37e12
docs: remove note about buildkit not supporting git subdirectories
This has now been implemented in buildkit#2116, so this note can
be removed (once integrated into Docker).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 12:25:15 +01:00
Sebastiaan van Stijn 21c5391cee
Merge pull request #3469 from rumpl/relative-mount
Handle relative source mounts
2022-03-14 18:00:52 +01:00
Djordje Lukic ab35e3fac3 Handle relative source mounts
With this change it is now possible to give a relative path to the --volume and
--mount flags.

$ docker run --mount type=bind,source=./,target=/test ...

$ docker run -v .:/test ...

Fixes #1203

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2022-03-14 15:18:48 +01:00
Sebastiaan van Stijn fce43580f4
Merge pull request #3467 from pzhlkj6612/docs-fix-link
docs: dockerd: fix an unclickable and non-direct link in Markdown's blockquote area
2022-03-14 13:51:57 +01:00
Mozi e5f5d946e2 docs: dockerd: fix broken link in blockquote area
Signed-off-by: Mozi <29089388+pzhlkj6612@users.noreply.github.com>
2022-03-13 20:35:31 +08:00
Gleb Stsenov de05499267
align wording of push --all-tags parameter description
Signed-off-by: Gleb Stsenov <gleb.stsenov@gmail.com>
2022-03-10 19:48:41 +02:00
Nicolas De loof 2b52f62e96
Merge pull request #3459 from thaJeztah/update_engine 2022-03-09 21:57:33 +01:00
Sebastiaan van Stijn 97477abb3f
Merge pull request #3463 from ndeloof/cp_docs
improve cp documentation with some illustration examples
2022-03-09 19:50:58 +01:00
Sebastiaan van Stijn dc9e069ff2
vendor: github.com/docker/docker v20.10.3-0.20220309172631-83b51522df43
Changed `matcher.Matches(file)` to `matcher.MatchesOrParentMatches(file)`:

    cli/command/image/build/context.go:95:9: SA1019: matcher.Matches is deprecated: This implementation is buggy (it only checks a single parent dir against the pattern) and will be removed soon. Use either MatchesOrParentMatches or MatchesUsingParentResults instead.  (staticcheck)
        return matcher.Matches(file)
               ^

And updated a test to match the JSON omitting empty RootFS.Type fields (in
practice, this field should never be empty in real situations, and always
be "layer"). Changed the test to use subtests to easier find which case
is failing.

full diff: 343665850e...83b51522df

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:45:37 +01:00
Sebastiaan van Stijn e90cb75152
vendor: github.com/docker/distribution v2.8.1
full diff: https://github.com/docker/distribution/compare/0d3efadf0154...v2.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:20:28 +01:00
Sebastiaan van Stijn 30e47e5a04
vendor: github.com/prometheus/common v0.10.0
full diff: https://github.com/prometheus/common/compare/v0.9.1...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:15 +01:00
Sebastiaan van Stijn 576e4dce44
vendor: golang.org/x/text v0.3.7
full diff: https://github.com/golang/text/compare/v0.3.4...v0.3.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:13 +01:00
Sebastiaan van Stijn 7880acb052
vendor: golang.org/x/sys v0.0.0-20220114195835-da31bd327af9
full diff: 69cdffdb93...da31bd327a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:12 +01:00
Sebastiaan van Stijn 6da0fc299d
vendor: github.com/moby/sys/signal v0.7.0
full diff: https://github.com/moby/sys/signal/compare/v0.6.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:10 +01:00
Sebastiaan van Stijn 4adea808ce
vendor: github.com/google/go-cmp v0.5.7
full diff: https://github.com/google/go-cmp/compare/v0.5.5...v0.5.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:07 +01:00
Sebastiaan van Stijn 12b06fa375
vendor: github.com/coreos/etcd v3.3.27
no changes in vendored files

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:02 +01:00
Sebastiaan van Stijn 16554e999a
vendor: github.com/containerd/containerd v1.5.10
full diff: https://github.com/containerd/containerd/compare/v1.5.5...v1.5.10

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:15:40 +01:00
Nicolas De Loof 41a5e0e4df
improve cp documentation with some illustration examples
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-03-09 17:56:44 +01:00
Sebastiaan van Stijn fe8a12c621
vendor: github.com/opencontainers/image-spec v1.0.2
full diff: https://github.com/opencontainers/image-spec/compare/v1.0.1...v1.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 17:50:50 +01:00
Sebastiaan van Stijn 3669aa3518
vendor: github.com/Microsoft/go-winio v0.5.1
full diff: https://github.com/Microsoft/go-winio/compare/v0.4.19...v0.5.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 17:50:47 +01:00