Commit Graph

7488 Commits

Author SHA1 Message Date
Sebastiaan van Stijn caa4742e5c
docs: remove experimental ipvlan docs, as they were migrated
IPvlan networks were moved out of experimental in Docker 19.03, and
the docs were migrated to the docs repository through;
https://github.com/docker/docker.github.io/pull/12735

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-24 13:33:30 +02:00
Maximillian Fan Xavier 12370ad1f4
Add progress bar to copy into and from container
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Maximillian Fan Xavier <maximillianfx@gmail.com>
2021-04-24 13:24:19 +02:00
Sebastiaan van Stijn 30359cbdb7
docs/reference/builder: update "syntax" section
- rename "experimental" to "labs"
- rephrase recommendation for picking a version
- clarify that the "labs" channel provides a superset of the "stable" channel.
- remove "External implementation features" section, because it overlapped
  with the "syntax" section.
- removed `:latest` from the "stable" channel (generally not recommended)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-22 11:09:40 +02:00
Sebastiaan van Stijn 17a9eb60e3
docs/reference/builder: update example output, and some rephrasing
- update some examples to show the BuildKit output
- remove some wording about "images" being used for the build cache
- add a link to the `--cache-from` section
- added a link to "scanning your image with `docker scan`"
- updated link to "push your image"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-21 11:47:31 +02:00
Sebastiaan van Stijn 22b14dac8e
docs/reference/builder: remove outdated example Dockerfiles
These examples were really outdated, so linking to other sections
in the documentation instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-21 11:45:35 +02:00
Sebastiaan van Stijn 168173a3f1
Use net.JoinHostPort() to fix formatting with IPv6 addresses
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-20 11:05:24 +02:00
Sebastiaan van Stijn 5dd7a28267
docs/reference/builder: touch-up code-hints and some minor changes
- use "console" for code-hints, to make process output distinguishable
  from the commands that are executed
- use a consistent prompt for powershell examples
- minor changes in wording around "build context" to reduce confusion
  with `docker context`

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-20 11:03:34 +02:00
Sebastiaan van Stijn daf5f126ad
Merge pull request #3039 from cvermilion/patch-1
Update stop.md to mention that other stop signals can be set
2021-04-20 10:58:41 +02:00
Sebastiaan van Stijn 2586decba8
docs: document log-opts for "dual logging" cache
These options are available in Docker 20.10 and up, but were
previously only available in Docker EE, and not documented.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-17 15:14:36 +02:00
Tibor Vass 04dad42c3c
Merge pull request #3048 from tiborvass/win_script_fixes
Fixes to windows scripts
2021-04-13 14:44:20 -07:00
Brian Goff 83e9eeb8a0 scripts: Allow skipping windres when WINDRES= (empty string)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
2021-04-13 21:29:54 +00:00
Tibor Vass 2c40960ba1 scripts: use WINDRES env var if set
This allows setting WINDRES to mingw's windres.

For the record, mingw's windres needs --use-temp-file for a weird reason:
in that case, it keeps preprocessor arguments intact (including quotes),
without it, mingw's windres calls popen, which happens to pass the entire
command to sh -c, stripping quotes after evaluation and causing a syntax
error in mingw's windres.

To use mingw's windres, set WINDRES to:
- `x86_64-w64-mingw32-windres` on 64 bit
- `i686-w64-mingw32-windres` on 32 bit

Signed-off-by: Tibor Vass <tibor@docker.com>
2021-04-13 16:55:00 +00:00
Tibor Vass 6e45f4bfe2 scripts: fix VERSION_QUAD corner case in windows resource
When the git checkout is dirty on top of a git tag (i.e., v20.10.6.m),
the VERSION_QUAD was keeping a trailing comma.
Now the trailing comma is stripped.

Signed-off-by: Tibor Vass <tibor@docker.com>
2021-04-13 16:52:53 +00:00
Sebastiaan van Stijn a32cd16160
Merge pull request #2993 from tonistiigi/xx-build
dockerfile based binary building
2021-04-07 23:12:04 +02:00
Tonis Tiigi 26b633d37b set default version from git
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-04-06 00:21:10 -07:00
Tonis Tiigi b099c9c9ee update readme with new examples
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-04-06 00:21:10 -07:00
Tonis Tiigi 706e857a90 remove unused targets
More can be removed/refactored but avoiding a huge change.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-04-06 00:21:10 -07:00
Tonis Tiigi bd3e853c7a update circleci cross target
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-04-06 00:21:02 -07:00
Tonis Tiigi a2a1de5f0e add windows/arm64 target
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-04-06 00:21:02 -07:00
Tonis Tiigi 8b822c9219 update windows resources generation
New solution is not hardcoded to amd64 but integrates
with the cross toolchain and support creating arm binaries.

Go has been updated so that ASLR works

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-04-06 00:20:59 -07:00
Tonis Tiigi 6423da8dcd dockerfile based binary building
Using cross compilation toolchains that work from any platform
Adds darwin/arm64 support and bake targets. Static and dynamic
binary targets are available, both with glibc and musl.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-04-06 00:20:21 -07:00
Chris Vermilion 41d169d211 Update stop.md
Updates the stop.md doc to mention that the stop signal can be changed, either with the Dockerfile or via `docker run --stop-signal`. This is a real gotcha if you're not familiar with this feature and build a container that extends a container that uses `STOPSIGNAL`.

Signed-off-by: Christopher Vermilion <christopher.vermilion@gmail.com>
2021-04-03 17:56:14 -04:00
Tibor Vass 59fd6f0270
Merge pull request #3025 from thaJeztah/remove_unneeded_locks
config.Load() remove unneeded locks
2021-04-01 03:03:58 -07:00
Silvin Lubecki b6d0e3bd11
Merge pull request #3035 from thaJeztah/bump_notary
vendor: github.com/theupdateframework/notary v0.7.0-21-gbf96a202
2021-04-01 10:40:24 +02:00
Sebastiaan van Stijn 75dd73f642
vendor: github.com/theupdateframework/notary v0.7.0-21-gbf96a202
no change in local code, but updates some dependencies to more recent
versions, which may help users that consume docker/cli to get a better
selection (when using go modules).

full diff: 5f1f4a34f4...bf96a202a0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-01 01:34:10 +02:00
Sebastiaan van Stijn 09ddcffb2f
config.Load() remove unneeded locks
These were added in b83bc67136, but
I'm not sure why I added these; they're likely not needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-25 21:45:14 +01:00
Sebastiaan van Stijn 25dc8034ff
vendor: github.com/spf13/cobra v1.1.3
full diff: https://github.com/spf13/cobra/compare/v1.1.1...v1.1.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-14 18:55:35 +01:00
Silvin Lubecki d3c36a2a73
Merge pull request #3006 from thaJeztah/fix_yaml_formatting
docs: remove trailing spaces to prevent yamldocs using "compact" notation
2021-03-11 15:53:59 +01:00
Sebastiaan van Stijn e05e66f4b4
docs: remove trailing spaces to prevent yamldocs using "compact" notation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-11 15:36:02 +01:00
Silvin Lubecki c0a6b1c7b3
Merge pull request #3001 from thaJeztah/remove_all_example
docs: improve example for "remove all stopped containers"
2021-03-09 14:14:18 +01:00
Sebastiaan van Stijn d051df9943
docs: improve example for "remove all stopped containers"
recommend using `docker container prune`, but show an example on
how to combine commands with a bit more context and warnings
about portability/compatibility.

Thanks to Charlie Arehart to do the initial work on this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-09 13:20:47 +01:00
Silvin Lubecki 8c6e1e0b5f
Merge pull request #2666 from thaJeztah/old_config_deprecation_warning
config: print deprecation warning when falling back to ~/.dockercfg
2021-03-08 16:47:20 +01:00
Sebastiaan van Stijn b83bc67136
config: print deprecation warning when falling back to ~/.dockercfg
Relates to the deprecation, added in 3c0a167ed5

The docker CLI up until v1.7.0 used the `~/.dockercfg` file to store credentials
after authenticating to a registry (`docker login`). Docker v1.7.0 replaced this
file with a new CLI configuration file, located in `~/.docker/config.json`. When
implementing the new configuration file, the old file (and file-format) was kept
as a fall-back, to assist existing users with migrating to the new file.

Given that the old file format encourages insecure storage of credentials
(credentials are stored unencrypted), and that no version of the CLI since
Docker v1.7.0 has created this file, the file is marked deprecated, and support
for this file will be removed in a future release.

This patch adds a deprecation warning, which is printed if the CLI falls back
to using the deprecated ~/.dockercfg file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-08 16:13:02 +01:00
Tibor Vass 850845adab
Merge pull request #2996 from tonistiigi/sys-update
vendor: update x/sys to 134d130e
2021-03-04 21:10:43 -08:00
Tibor Vass c2ae636c36
Merge pull request #2997 from tonistiigi/notary-update
vendor: update notary to 5f1f4a34
2021-03-04 21:09:16 -08:00
Tonis Tiigi a54577b757 vendor: update notary to 5f1f4a34
Brings in fixes for darwin/arm64 targets

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-03-03 23:49:48 -08:00
Tonis Tiigi e50cf79579 vendor: update x/sys to 134d130e
Makes possible to build for windows/arm64

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-03-03 23:32:34 -08:00
OKA Naoya 10e909a26c
docs: Fix wrong bridge driver option
Signed-off-by: OKA Naoya <git@okanaoya.com>
2021-03-02 15:02:58 +09:00
Brian Goff e1a7517514 Fix `docker start` blocking on signal handling
We refactorted `ForwardAllSignals` so it blocks but did not update the
call in `start` to call it in a goroutine.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-03-02 00:54:13 +00:00
Sebastiaan van Stijn 9342ec6b71
ForwardAllSignals: check if channel is closed, and remove warning
Commit fff164c22e modified ForwardAllSignals to
take `SIGURG` signals into account, which can be generated by the Go runtime
on Go 1.14 and up as an interrupt to support pre-emptable system calls on Linux.

With the updated code, the signal (`s`) would sometimes be `nil`, causing spurious
(but otherwise harmless) warnings to be printed;

    Unsupported signal: <nil>. Discarding.

To debug this issue, I patched v20.10.4 to handle `nil`, and added a debug line
to print the signal in all cases;

```patch
diff --git a/cli/command/container/signals.go b/cli/command/container/signals.go
index 06e4d9eb6..0cb53ef06 100644
--- a/cli/command/container/signals.go
+++ b/cli/command/container/signals.go
@@ -22,8 +22,9 @@ func ForwardAllSignals(ctx context.Context, cli command.Cli, cid string, sigc <-
                case <-ctx.Done():
                        return
                }
+               fmt.Fprintf(cli.Err(), "Signal: %v\n", s)

               if s == signal.SIGCHLD || s == signal.SIGPIPE {
```

When running a cross-compiled macOS binary with Go 1.13 (`make -f docker.Makefile binary-osx`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    ^CSignal: interrupt
    Cloning into 'getting-started'...
    error: could not lock config file /git/getting-started/.git/config: No such file or directory
    fatal: could not set 'core.repositoryformatversion' to '0'
    Signal: <nil>
    Signal: <nil>

When running a macOS binary built with Go 1.15 (`DISABLE_WARN_OUTSIDE_CONTAINER=1 make binary`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    # this is the same as on Go 1.13
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    ^CSignal: interrupt
    Signal: urgent I/O condition
    Signal: urgent I/O condition
    fatal: --stdin requires a git repository
    fatal: index-pack failed
    Signal: <nil>
    Signal: <nil>

This patch checks if the channel is closed, and removes the warning (to prevent warnings if new
signals are added that are not in our known list of signals)

We should also consider updating `notfiyAllSignals()`, which currently forwards
_all_ signals (`signal.Notify(sigc)` without passing a list of signals), and
instead pass it "all signals _minus_ the signals we don't want forwarded":
35f023a7c2/cli/command/container/signals.go (L55)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-01 18:31:30 +01:00
Silvin Lubecki 70a00157f1
Merge pull request #2955 from thaJeztah/master_context_check
[master] Check contexts before importing them to reduce risk of extracted files escaping context store
2021-02-02 14:16:59 +01:00
Chris Crone b43b852031
context: Add tarball e2e tests
Signed-off-by: Chris Crone <christopher.crone@docker.com>
(cherry picked from commit 18f33b337d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-02 13:51:17 +01:00
Chris Crone 8c2872d2a3
context: Ensure context name is valid on import
Signed-off-by: Chris Crone <christopher.crone@docker.com>
(cherry picked from commit 9ecc69d17e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-02 13:51:15 +01:00
Chris Crone a2f0cf527b
context: Ensure import paths are valid
Signed-off-by: Chris Crone <christopher.crone@docker.com>
(cherry picked from commit 6f49197cab)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-02 13:51:12 +01:00
Silvin Lubecki a22ed24b98
Merge pull request #2951 from thaJeztah/add_node_label
Add docs and completion for docker node ls --filter node.label
2021-02-01 11:40:43 +01:00
Silvin Lubecki 375faee9bc
Merge pull request #2939 from thaJeztah/fix_swarm_rollback_exitcode
Fix swarm rollback exitcode, and fix skipping verify step
2021-02-01 11:29:15 +01:00
Sebastiaan van Stijn f52a9e2fef
Add docs and completion for docker node ls --filter node.label
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-27 14:11:31 +01:00
Sebastiaan van Stijn d26bdfd4ea
Merge pull request #2950 from tiborvass/execabs
Use golang.org/x/sys/execabs
2021-01-27 08:05:56 +01:00
Tibor Vass 8d199d5bba Use golang.org/x/sys/execabs
On Windows, the os/exec.{Command,CommandContext,LookPath} functions
resolve command names that have neither path separators nor file extension
(e.g., "git") by first looking in the current working directory before
looking in the PATH environment variable.
Go maintainers intended to match cmd.exe's historical behavior.

However, this is pretty much never the intended behavior and as an abundance of precaution
this patch prevents that when executing commands.
Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`.

Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`,
the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker.

Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-26 17:18:04 +00:00
Tibor Vass 7bef248765 vendor docker, docker-credential-helpers and golang/sys for execabs package
Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-26 17:18:04 +00:00