Commit Graph

9512 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 6e97f42480
Merge pull request #4576 from thaJeztah/update_compose_v2
e2e: update to use compose v2, and don't depend on distro-packages
2023-09-26 13:51:36 +02:00
Sebastiaan van Stijn a36f0f9194
Merge pull request #4578 from thaJeztah/gotoolchain_local
Dockerfile: use GOTOOLCHAIN=local
2023-09-26 13:51:07 +02:00
Sebastiaan van Stijn e9759cee69
Dockerfile: use GOTOOLCHAIN=local
This may find its way into the official images, but until it does, let's
make sure we don't get unexpected updates of go.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-26 12:43:38 +02:00
Sebastiaan van Stijn f07e7e1eed
Dockerfile: build gotestsum and goversioninfo without cgo
It's not needed to build these binaries. The Dockerfile.dev image already
has CGO_ENABLED=0 as default in the golang image, so does not need updates.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-26 12:37:07 +02:00
Sebastiaan van Stijn 9e424af5da
e2e: update to use compose v2, and don't depend on distro-packages
We were depending on alpine's package repository to install compose,
but for debian we used compose's GitHub releases. Depending on distro
packages means that we don't know when updates will happen, and versions
may diverge because of that; for example, alpine 3.18 updated to compose
v2;

On alpine 3.17:

    make -f docker.Makefile build-e2e-image
    docker run --rm docker-cli-e2e docker-compose --version
    docker-compose version 1.29.2, build unknown

On alpine 3.18:

    make -f docker.Makefile build-e2e-image
    docker run --rm docker-cli-e2e docker-compose --version
    Docker Compose version v2.17.3

This caused our e2e script to fail, as it made assumptions about the name
format created by compose, which changed from underscores to hyphens in v2;

    Container cliendtoendsuite-engine-1  Running
    Error: No such object: cliendtoendsuite_engine_1

This patch:

- updates the Dockerfile to install compose from the compose-bin image
- adjusts the e2e script for the new naming scheme format
- removes the version field from the compose-files used in e2e, as they
  are no longer used by compose.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-26 12:20:01 +02:00
Sebastiaan van Stijn 8d1ddffb83
Merge pull request #4572 from thaJeztah/update_engine
vendor: github.com/docker/docker d3afa80b96bf (v25.0.0-dev)
2023-09-21 19:19:14 +02:00
Sebastiaan van Stijn 3e2187b4cb
vendor: github.com/docker/docker d3afa80b96bf (v25.0.0-dev)
full diff: 06499c52e2...d3afa80b96

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 15:30:51 +02:00
Sebastiaan van Stijn f90890fb48
vendor: github.com/Microsoft/hcsshim v0.11.1
full diff: https://github.com/microsoft/hcsshim/compare/v0.9.10...v0.11.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 15:29:50 +02:00
Sebastiaan van Stijn 23f50a0665
vendor: github.com/containerd/containerd v1.6.24
unfortunately, brings back hcsshim as dependency

full diff: https://github.com/containerd/containerd/compare/v1.6.22...v1.6.24

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:42:32 +02:00
Sebastiaan van Stijn 497b13c661
vendor: github.com/klauspost/compress v1.16.5
full diff: https://github.com/klauspost/compress/compare/v1.16.3...v1.16.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:38:35 +02:00
Sebastiaan van Stijn e0ad0127b1
vendor: google.golang.org/grpc v1.56.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:37:37 +02:00
Sebastiaan van Stijn c2308ad6fb
vendor: google.golang.org/protobuf v1.31.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:36:23 +02:00
Sebastiaan van Stijn 56396ba357
vendor: golang.org/x/tools v0.8.0
full diff:

- https://github.com/golang/mod/compare/v0.9.0...v0.10.0
- https://github.com/golang/tools/compare/v0.7.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:36:16 +02:00
Sebastiaan van Stijn c9d56b8504
vendor: golang.org/x/crypto v0.9.0
full diff: https://github.com/golang/crypto/compare/v0.3.0...v0.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:36:07 +02:00
Sebastiaan van Stijn ffea6940e7
vendor: golang.org/x/sys v0.10.0
full diff: https://github.com/golang/sys/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:29:33 +02:00
Sebastiaan van Stijn 1554b49329
vendor: golang.org/x/sync v0.3.0
full diff: https://github.com/golang/sync/compare/v0.1.0...v0.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:28:31 +02:00
Sebastiaan van Stijn 78012b00a5
vendor: container-device-interface v0.6.1
no changes to vendored files

full diff: https://github.com/container-orchestrated-devices/container-device-interface/compare/v0.6.0...v0.6.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:24:08 +02:00
Bjorn Neergaard 0e70f1b7b8
Merge pull request #4564 from thaJeztah/docker_tag_dupwords
docs: fix duplicate words in "docker tag" reference
2023-09-15 08:17:27 -06:00
Sebastiaan van Stijn 3a16c3bb09
docs: fix duplicate words in "docker tag" reference
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-14 13:44:39 +02:00
Sebastiaan van Stijn cd6467b2d1
Merge pull request #4419 from akerouanton/missing-nw-advanced-options
Add missing opts to --network advanced syntax
2023-09-13 23:46:17 +02:00
Bjorn Neergaard 86329b6063
Merge pull request #4539 from thaJeztah/bump_golangci_lint
update golangci-lint to v1.54.2
2023-09-13 10:05:25 -06:00
Bjorn Neergaard 852670c94a
Merge pull request #4557 from thaJeztah/update_golang_1.20.8
update to go1.20.8
2023-09-13 09:15:18 -06:00
Sebastiaan van Stijn a15d4c47a7
Merge pull request #4555 from briantracy/patch-2
Fix extremely minor typo in docker-run man page
2023-09-12 12:59:06 +02:00
Sebastiaan van Stijn ba85223927
Merge pull request #4560 from docker/dependabot/github_actions/docker/bake-action-4
build(deps): bump docker/bake-action from 3 to 4
2023-09-12 11:53:13 +02:00
dependabot[bot] 7e94675067
build(deps): bump docker/bake-action from 3 to 4
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 3 to 4.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](https://github.com/docker/bake-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-12 09:29:01 +00:00
Sebastiaan van Stijn 4f1f0025a1
Merge pull request #4559 from docker/dependabot/github_actions/docker/setup-buildx-action-3
build(deps): bump docker/setup-buildx-action from 2 to 3
2023-09-12 11:28:20 +02:00
dependabot[bot] 315ff202c8
build(deps): bump docker/setup-buildx-action from 2 to 3
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-12 08:24:45 +00:00
Sebastiaan van Stijn 4b00be585c
update to go1.20.8
go1.20.8 (released 2023-09-06) includes two security fixes to the html/template
package, as well as bug fixes to the compiler, the go command, the runtime,
and the crypto/tls, go/types, net/http, and path/filepath packages. See the
Go 1.20.8 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.8+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.7...go1.20.8

From the security mailing:

[security] Go 1.21.1 and Go 1.20.8 are released

Hello gophers,

We have just released Go versions 1.21.1 and 1.20.8, minor point releases.

These minor releases include 4 security fixes following the security policy:

- cmd/go: go.mod toolchain directive allows arbitrary execution
  The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to
  execute scripts and binaries relative to the root of the module when the "go"
  command was executed within the module. This applies to modules downloaded using
  the "go" command from the module proxy, as well as modules downloaded directly
  using VCS software.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-39320 and Go issue https://go.dev/issue/62198.

- html/template: improper handling of HTML-like comments within script contexts
  The html/template package did not properly handle HMTL-like "<!--" and "-->"
  comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may
  cause the template parser to improperly interpret the contents of <script>
  contexts, causing actions to be improperly escaped. This could be leveraged to
  perform an XSS attack.

  Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
  issue.

  This is CVE-2023-39318 and Go issue https://go.dev/issue/62196.

- html/template: improper handling of special tags within script contexts
  The html/template package did not apply the proper rules for handling occurrences
  of "<script", "<!--", and "</script" within JS literals in <script> contexts.
  This may cause the template parser to improperly consider script contexts to be
  terminated early, causing actions to be improperly escaped. This could be
  leveraged to perform an XSS attack.

  Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
  issue.

  This is CVE-2023-39319 and Go issue https://go.dev/issue/62197.

- crypto/tls: panic when processing post-handshake message on QUIC connections
  Processing an incomplete post-handshake message for a QUIC connection caused a panic.

  Thanks to Marten Seemann for reporting this issue.

  This is CVE-2023-39321 and CVE-2023-39322 and Go issue https://go.dev/issue/62266.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-11 15:49:14 +02:00
Sebastiaan van Stijn 8671a5ea5b
Merge pull request #4493 from akerouanton/create-default-endpoint-settings
Create default EndpointSettings if no --network provided
2023-09-11 11:30:16 +02:00
Albin Kerouanton 9e1b42e642
Add missing opts to --network advanced syntax
The new advanced --network syntax introduced in docker/cli#1767 is
lacking support for `link-local-ip` and `mac-address` fields. This
commit adds both.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-09-10 18:57:50 +02:00
Albin Kerouanton 58f4260872
Rename expectedCfg into expectedHostCfg
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-09-10 18:57:46 +02:00
Albin Kerouanton f1048e1a3a
Create default EndpointSettings if no --network provided
Following flags are silently ignored when they're passed with no
`--network` specified (ie. when the default network is used):

- `--network-alias`
- `--ip`
- `--ip6`
- `--link-local-ip`

This is not really an issue right now since the first 3 parameters are
not allowed on the default bridge network. However, with
[moby/moby#45905][1], the container-wide MacAddress parameter will be
deprecated and dismissed. Because of that, with [docker/cli#4419][2],
it's currently not possible to use the `--mac-address` flag with no
default network specified.

Morever, `docker network connect --link-local-ip ...` works properly, so
it should also work on `docker container create`. This also lay the
ground for making the default bridge network just a "normal" network.

Since the 3 parameters in the list above aren't ignored anymore, if
users provide them, moby's ContainerStart endpoint will complain about
those. To provide better UX, [moby/moby#46183][3] make sure these
invalid parameters lead to a proper error message on `docker container
create` / `docker run`.

[1]: https://github.com/moby/moby/pull/45905
[2]: https://github.com/docker/cli/pull/4419
[3]: https://github.com/moby/moby/pull/46183

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-09-10 17:19:43 +02:00
Sebastiaan van Stijn d4aca90d19
Merge pull request #4554 from thaJeztah/update_engine
vendor: github.com/docker/docker 06499c52e2b1 (v25.0.0-dev)
2023-09-08 18:24:32 +02:00
briantracy 2c193b59de Fix extremely minor typo in docker-run man page
The latin phrase "vice versa" can be pronounced "vice-a-versa", but should not be rendered as such.

Signed-off-by: briantracy <brian.tracy33@gmail.com>
2023-09-07 21:11:13 -07:00
Sebastiaan van Stijn 40dc66b26f
vendor: github.com/docker/docker 06499c52e2b1 (v25.0.0-dev)
full diff: 032797ea4b...06499c52e2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-08 01:55:58 +02:00
Bjorn Neergaard ba2a5208ab
Merge pull request #4547 from thaJeztah/swap_reference
migrate reference github.com/distribution/reference
2023-09-05 12:19:45 -06:00
Sebastiaan van Stijn d6040fbfa2
Merge pull request #4551 from docker/dependabot/github_actions/actions/checkout-4
build(deps): bump actions/checkout from 3 to 4
2023-09-05 18:10:43 +02:00
Sebastiaan van Stijn f13b786724
vendor: github.com/docker/docker 032797ea4bcb (v25.0.0-dev)
full diff: 7abd7fa739...032797ea4b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-05 17:53:23 +02:00
Sebastiaan van Stijn fb2ba5d63b
migrate reference github.com/distribution/reference
The "reference" package was moved to a separate module, which was extracted
from b9b19409cf

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-05 17:53:20 +02:00
Sebastiaan van Stijn 25ce44280b
Merge pull request #4552 from thaJeztah/update_engine
vendor: github.com/docker/docker 7abd7fa73965 (v25.0.0-dev)
2023-09-05 17:32:58 +02:00
Sebastiaan van Stijn 04af128211
vendor: github.com/docker/docker 7abd7fa73965 (v25.0.0-dev)
full diff: a65c948e7e...7abd7fa739

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-05 13:43:35 +02:00
dependabot[bot] dee40053f6
build(deps): bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-05 08:37:30 +00:00
Bjorn Neergaard f74f88445f
Merge pull request #4530 from thaJeztah/fix_events_json_format
cli/command/system: fix "docker events" not supporting --format=json
2023-08-29 07:43:55 -06:00
Sebastiaan van Stijn 6dfdd1eae9
cli/command/system: fix "docker events" not supporting --format=json
Before this patch:

    docker events --format=json
    json
    json
    json
    ^C

With this patch:

    docker events --format=json
    {"status":"create","id":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","from":"hello-world","Type":"container","Action":"create","Actor":{"ID":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","Attributes":{"image":"hello-world","name":"dreamy_goldstine"}},"scope":"local","time":1693168508,"timeNano":1693168508190136885}
    {"status":"attach","id":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","from":"hello-world","Type":"container","Action":"attach","Actor":{"ID":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","Attributes":{"image":"hello-world","name":"dreamy_goldstine"}},"scope":"local","time":1693168508,"timeNano":1693168508192851593}
    {"Type":"network","Action":"connect","Actor":{"ID":"c54920dd5074a73e28bea62007e0334d81cc040a90372be311cf16806403d350","Attributes":{"container":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","name":"bridge","type":"bridge"}},"scope":"local","time":1693168508,"timeNano":1693168508212398802}
    {"status":"start","id":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","from":"hello-world","Type":"container","Action":"start","Actor":{"ID":"4ac3bba8abd68961e627540fed81ad16d55b88e45629d7cdb792126d09b6488d","Attributes":{"image":"hello-world","name":"dreamy_goldstine"}},"scope":"local","time":1693168508,"timeNano":1693168508312969843}
    ^C

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 14:48:49 +02:00
Sebastiaan van Stijn db6209abdd
update golangci-lint to v1.54.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 14:21:47 +02:00
Sebastiaan van Stijn a1367a0231
Merge pull request #4540 from thaJeztah/manifest_deref
cli/registry: fix client.pullManifestList not de-referencing manifest, and remove "v1" check
2023-08-29 11:43:19 +02:00
Sebastiaan van Stijn 28dfb13e39
Merge pull request #4541 from thaJeztah/cli_registry_cleanup
cli/registry/client: remove some redundant conditions
2023-08-29 11:42:59 +02:00
Sebastiaan van Stijn 9ad0792443
cli/registry/client: remove some redundant conditions
Remove some redundant error-checks or combine them. Also made a small
optimisation when initialising a slice.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 09:43:58 +02:00
Sebastiaan van Stijn 22b4bab90f
cli/registry: client.iterateEndpoints: remove check for APIVersion1
registryService.LookupPullEndpoints uses lookupV2Endpoints
https://github.com/moby/moby/blob/v24.0.5/registry/service.go#L137-L142

which, as the name indicates, only returns V2 endpoints;
https://github.com/moby/moby/blob/v24.0.5/registry/service_v2.go#L10-L80

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 09:41:48 +02:00
Sebastiaan van Stijn 5250f1bab5
cli/registry: fix client.pullManifestList not de-referencing manifest
Kudos to gosec;

    cli/registry/client/fetcher.go:205:57: G601: Implicit memory aliasing in for loop. (gosec)
            imageManifest.Descriptor.Platform = types.OCIPlatform(&manifestDescriptor.Platform)
                                                                  ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 08:50:07 +02:00