Commit Graph

1052 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 6b25bc3003
fix race condition in TestRemoveForce
This test uses two subtests that were sharing the same variable.
Subtests run in a goroutine, which could lead to them concurrently
accessing the variable, resulting in a panic:

    === FAIL: cli/command/container TestRemoveForce/without_force (0.00s)
    Error: Error: No such container: nosuchcontainer
        --- FAIL: TestRemoveForce/without_force (0.00s)
    panic: runtime error: invalid memory address or nil pointer dereference [recovered]
    	panic: runtime error: invalid memory address or nil pointer dereference
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x40393f]
    goroutine 190 [running]:
    testing.tRunner.func1.2({0xb76380, 0x124c9a0})
    	/usr/local/go/src/testing/testing.go:1389 +0x24e
    testing.tRunner.func1()
    	/usr/local/go/src/testing/testing.go:1392 +0x39f
    panic({0xb76380, 0x124c9a0})
    	/usr/local/go/src/runtime/panic.go:838 +0x207
    sort.StringSlice.Less(...)
    	/usr/local/go/src/sort/sort.go:319
    sort.insertionSort({0xd87380, 0xc00051b3b0}, 0x0, 0x2)
    	/usr/local/go/src/sort/sort.go:40 +0xb1
    sort.quickSort({0xd87380, 0xc00051b3b0}, 0x18?, 0xb4f060?, 0xc000540e01?)
    	/usr/local/go/src/sort/sort.go:222 +0x171
    sort.Sort({0xd87380, 0xc00051b3b0})
    	/usr/local/go/src/sort/sort.go:231 +0x53
    sort.Strings(...)
    	/usr/local/go/src/sort/sort.go:335
    github.com/docker/cli/cli/command/container.TestRemoveForce.func2(0xc0005389c0?)
    	/go/src/github.com/docker/cli/cli/command/container/rm_test.go:36 +0x125
    testing.tRunner(0xc00053e4e0, 0xc00051b140)
    	/usr/local/go/src/testing/testing.go:1439 +0x102
    created by testing.(*T).Run
    	/usr/local/go/src/testing/testing.go:1486 +0x35f
    === FAIL: cli/command/container TestRemoveForce (0.00s)

This patch changes the test to use to separate variables.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9688f62d20)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-26 13:47:31 +02:00
Sebastiaan van Stijn 2f7e84be65
linting: fix incorrectly formatted errors (revive)
cli/compose/interpolation/interpolation.go:102:4: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                "invalid interpolation format for %s: %#v. You may need to escape any $ with another $.",
                ^

    cli/command/stack/loader/loader.go:30:30: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                return nil, errors.Errorf("Compose file contains unsupported options:\n\n%s\n",
                                          ^

    cli/command/formatter/formatter.go:76:30: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return tmpl, errors.Errorf("Template parsing error: %v\n", err)
                                       ^

    cli/command/formatter/formatter.go:97:24: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return errors.Errorf("Template parsing error: %v\n", err)
                                 ^

    cli/command/image/build.go:257:25: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                return errors.Errorf("error checking context: '%s'.", err)
                                     ^

    cli/command/volume/create.go:35:27: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                        return errors.Errorf("Conflicting options: either specify --name or provide positional arg, not both\n")
                                             ^

    cli/command/container/create.go:160:24: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return errors.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
                                 ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4ab70bf61e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:48 +02:00
Sebastiaan van Stijn e628209d9b
linting: ignore some "G101: Potential hardcoded credentials" warnings
cli/config/credentials/native_store.go:10:2: G101: Potential hardcoded credentials (gosec)
        remoteCredentialsPrefix = "docker-credential-"
        ^
    cli/command/service/opts.go:917:2: G101: Potential hardcoded credentials (gosec)
        flagCredentialSpec          = "credential-spec"
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d7c1fb9112)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:38 +02:00
Sebastiaan van Stijn 80a3add604
cli/command/container: unnecessary use of fmt.Sprintf (gosimple)
cli/command/container/formatter_stats.go:184:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:191:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("-- / --")
                   ^
    cli/command/container/formatter_stats.go:201:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:184:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:191:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("-- / --")
                   ^
    cli/command/container/formatter_stats.go:201:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5a65aadd8d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:29 +02:00
Sebastiaan van Stijn 80f673bf9e
gofmt with go1.17
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a0f0578299)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-14 16:40:46 +02:00
Sebastiaan van Stijn 82f9d5921b
info: skip client-side warning about seccomp profile on API >= 1.42
This warning will be moved to the daemon-side, similar to how it returns
other warnings. There's work in progress to change the name of the default
profile, so we may need to backport this change to prevent existing clients
from printing an incorrect warning if they're connecting to a newer daemon.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8964595692)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-11 16:38:53 +02:00
Sebastiaan van Stijn 893e52cf4b
Merge pull request #2 from moby/cli-ghsa-99pg-grm5-qq3v-default-authconfig-20.10
[20.10] registry: ensure default auth config has address
2021-09-09 20:40:54 +02:00
Samuel Karp 42d1c02750
registry: ensure default auth config has address
Signed-off-by: Samuel Karp <skarp@amazon.com>
2021-07-29 19:57:58 -07:00
Sebastiaan van Stijn 6288e8b1ac
change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test
Golang uses a `sync.Once` when determining the proxy to use. This means
that it's not possible to test the proxy configuration in unit tests,
because the proxy configuration will be "fixated" the first time Golang
detects the proxy configuration.

This patch changes TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e
test so that we can verify the CLI picks up the proxy configuration.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 40c6b117e7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:11:10 +02:00
Sebastiaan van Stijn c98e9c47ca
Use designated test domains (RFC2606) in tests
Some tests were using domain names that were intended to be "fake", but are
actually registered domain names (such as mycorp.com).

Even though we were not actually making connections to these domains, it's
better to use domains that are designated for testing/examples in RFC2606:
https://tools.ietf.org/html/rfc2606

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f3886f354a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:10:38 +02:00
Sebastiaan van Stijn 8437cfefae
context: deprecate support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 15535d4594)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 15:48:11 +02:00
Mathieu Champlon 1d37fb3027
Deprecate Kubernetes context support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
(cherry picked from commit a033cdf515)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:36:33 +02:00
Mathieu Champlon 0793f96394
Deprecate Kubernetes stack support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
(cherry picked from commit c05f0f5957)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:36:31 +02:00
David Scott 2945ba4f7a
Ignore SIGURG on Darwin too
This extends #2929 to Darwin as well as Linux.

Running the example in https://github.com/golang/go/issues/37942
I see lots of:
```
dave@m1 sigurg % uname -ms
Darwin arm64

dave@m1 sigurg % go run main.go
received urgent I/O condition: 2021-05-21 16:03:03.482211 +0100 BST m=+0.014553751
received urgent I/O condition: 2021-05-21 16:03:03.507171 +0100 BST m=+0.039514459
```

Signed-off-by: David Scott <dave@recoil.org>
(cherry picked from commit cedaf44ea2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:38:46 +02:00
Sebastiaan van Stijn 032e485e1c
ForwardAllSignals: check if channel is closed, and remove warning
Commit fff164c22e modified ForwardAllSignals to
take `SIGURG` signals into account, which can be generated by the Go runtime
on Go 1.14 and up as an interrupt to support pre-emptable system calls on Linux.

With the updated code, the signal (`s`) would sometimes be `nil`, causing spurious
(but otherwise harmless) warnings to be printed;

    Unsupported signal: <nil>. Discarding.

To debug this issue, I patched v20.10.4 to handle `nil`, and added a debug line
to print the signal in all cases;

```patch
diff --git a/cli/command/container/signals.go b/cli/command/container/signals.go
index 06e4d9eb6..0cb53ef06 100644
--- a/cli/command/container/signals.go
+++ b/cli/command/container/signals.go
@@ -22,8 +22,9 @@ func ForwardAllSignals(ctx context.Context, cli command.Cli, cid string, sigc <-
                case <-ctx.Done():
                        return
                }
+               fmt.Fprintf(cli.Err(), "Signal: %v\n", s)

               if s == signal.SIGCHLD || s == signal.SIGPIPE {
```

When running a cross-compiled macOS binary with Go 1.13 (`make -f docker.Makefile binary-osx`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    ^CSignal: interrupt
    Cloning into 'getting-started'...
    error: could not lock config file /git/getting-started/.git/config: No such file or directory
    fatal: could not set 'core.repositoryformatversion' to '0'
    Signal: <nil>
    Signal: <nil>

When running a macOS binary built with Go 1.15 (`DISABLE_WARN_OUTSIDE_CONTAINER=1 make binary`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    # this is the same as on Go 1.13
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    ^CSignal: interrupt
    Signal: urgent I/O condition
    Signal: urgent I/O condition
    fatal: --stdin requires a git repository
    fatal: index-pack failed
    Signal: <nil>
    Signal: <nil>

This patch checks if the channel is closed, and removes the warning (to prevent warnings if new
signals are added that are not in our known list of signals)

We should also consider updating `notfiyAllSignals()`, which currently forwards
_all_ signals (`signal.Notify(sigc)` without passing a list of signals), and
instead pass it "all signals _minus_ the signals we don't want forwarded":
35f023a7c2/cli/command/container/signals.go (L55)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9342ec6b71)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:36:29 +02:00
Brian Goff 88de81ff21
Fix `docker start` blocking on signal handling
We refactorted `ForwardAllSignals` so it blocks but did not update the
call in `start` to call it in a goroutine.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit e1a7517514)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:35:59 +02:00
Sebastiaan van Stijn 706ca7985b
Revert "[20.10] Revert "Ignore SIGURG on Linux.""
This reverts commit f33a69f6ee.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:30:31 +02:00
Akihiro Suda 12e2f94eba
printServerWarningsLegacy: silence "No oom kill disable support" on cgroup v2
The warning should be ignored on cgroup v2 hosts.

Relevant: 8086443a44

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 05ec0188fa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-18 23:54:39 +02:00
Akihiro Suda 00755d7dba
printServerWarningsLegacy: silence "No kernel memory limit support"
The kernel memory limit is deprecated in Docker 20.10.0,
and its support was removed in runc v1.0.0-rc94.
So, this warning can be safely removed.

Relevant: b8ca7de823

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 731f52cfe8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-18 23:54:36 +02:00
Sebastiaan van Stijn f33a69f6ee
[20.10] Revert "Ignore SIGURG on Linux."
This reverts commit 3c87f01b18.

This commit introduced two regressions;

- spurious "Unsupported signal: <nil>. Discarding."
- docker start --attach hanging if the container does not
  have a TTY attached

Reverting for now, while we dug deeper into what's causing
the regression.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-01 20:56:18 +01:00
Silvin Lubecki 433014bcfb
Merge pull request #2959 from thaJeztah/20.10_backport_fix_login_panic
[20.10 backport] Fix panic when failing to get DefaultAuthConfig
2021-02-18 12:02:41 +01:00
Silvin Lubecki 61cb016851
Merge pull request #2961 from thaJeztah/20.10_backport_fix_context_dockerfile_from_stdin_with_buildkit
[20.10 backport] Fix reading context and dockerfile from stdin with BuildKit
2021-02-18 12:02:09 +01:00
Silvin Lubecki 830d6595e7
Merge pull request #2963 from thaJeztah/20.10_backport_fix_update_rollback_order
[20.10 backport] fix --update-order and --rollback-order flags
2021-02-18 11:58:23 +01:00
Silvin Lubecki 13048444cc
Merge pull request #2964 from thaJeztah/20.10_backport_fix_swarm_rollback_exitcode
[20.10 backport] Fix swarm rollback exitcode, and fix skipping verify step
2021-02-18 11:55:40 +01:00
Sebastiaan van Stijn d6eeeb6259
service rollback: always verify state
Prior to this change, progressbars would sometimes be hidden, and the function
would return early. In addition, the direction of the progressbars would sometimes
be "incrementing" (similar to "docker service update"), and sometimes be "decrementing"
(to indicate a "rollback" is being performed).

This fix makes sure that we always proceed with the "verifying" step, and now
prints a message _after_ the verifying stage was completed;

    $ docker service rollback foo
    foo
    overall progress: rolling back update: 5 out of 5 tasks
    1/5: running   [>                                                  ]
    2/5: starting  [===========>                                       ]
    3/5: starting  [===========>                                       ]
    4/5: running   [>                                                  ]
    5/5: running   [>                                                  ]
    verify: Service converged
    rollback: rollback completed

    $ docker service rollback foo
    foo
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged
    rollback: rollback completed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 104469be0b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 14:55:51 +01:00
Sebastiaan van Stijn 3e157d5293
docker service rollback: fix non-zero exit code in some cases
Before this change:
--------------------------------------------

    $ docker service create --replicas=1 --name foo -p 8080:80 nginx:alpine
    t33qvykv8y0zbz266rxynsbo3
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service update --replicas=5 foo
    foo
    overall progress: 5 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ echo $?
    1

After this change:
--------------------------------------------

    $ docker service create --replicas=1 --name foo -p 8080:80 nginx:alpine
    t33qvykv8y0zbz266rxynsbo3
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service update --replicas=5 foo
    foo
    overall progress: 5 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    verify: Waiting 1 seconds to verify that tasks are stable...

    $ echo $?
    0

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ echo $?
    0

    $ docker service ps foo
    ID             NAME      IMAGE          NODE             DESIRED STATE   CURRENT STATE           ERROR     PORTS
    4dt4ms4c5qfb   foo.1     nginx:alpine   docker-desktop   Running         Running 2 minutes ago

Remaining issues with reconciliation
--------------------------------------------

Note that both before, and after this change, the command sometimes terminates
early, and does not wait for the service to reconcile; this is most apparent
when rolling back is scaling up (so more tasks are deployed);

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 5 tasks
    1/5: pending   [=================================>                 ]
    2/5: running   [>                                                  ]
    3/5: pending   [=================================>                 ]
    4/5: pending   [=================================>                 ]
    5/5: pending   [=================================>                 ]
    service rolled back: rollback completed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ce26a165b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 14:55:49 +01:00
Jim Lin 1fdf84b8e9
fix --update-order and --rollback-order flags
Signed-off-by: Jim Lin <b04705003@ntu.edu.tw>
(cherry picked from commit 26a6a724aa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 14:53:34 +01:00
Alexey Igrychev 0de4e6e9a7
Fix reading context and dockerfile from stdin with BuildKit
Signed-off-by: Alexey Igrychev <alexey.igrychev@flant.com>
(cherry picked from commit fc9ca9a94a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 14:48:19 +01:00
Brian Goff 3c87f01b18
Ignore SIGURG on Linux.
In go1.14+, SIGURG is used by the runtime to handle preemtable system
calls.
In practice this signal caught *frequently*.

For reference:

https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md
https://github.com/golang/go/issues/37942

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit fff164c22e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 14:44:39 +01:00
Sebastiaan van Stijn de40c2b172
Fix panic when failing to get DefaultAuthConfig
Commit f32731f902 fixed a potential panic
when an error was returned while trying to get existing credentials.

However, other code paths currently use the result of `GetDefaultAuthConfig()`
even in an error condition; this resulted in a panic, because a `nil` was
returned.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c2820a7e3b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 14:42:06 +01:00
Tibor Vass 48d30b5b32 Use golang.org/x/sys/execabs
On Windows, the os/exec.{Command,CommandContext,LookPath} functions
resolve command names that have neither path separators nor file extension
(e.g., "git") by first looking in the current working directory before
looking in the PATH environment variable.
Go maintainers intended to match cmd.exe's historical behavior.

However, this is pretty much never the intended behavior and as an abundance of precaution
this patch prevents that when executing commands.
Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`.

Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`,
the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker.

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 8d199d5bba)
Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-28 22:27:59 +00:00
Chris Crone 9ecc69d17e context: Ensure context name is valid on import
Signed-off-by: Chris Crone <christopher.crone@docker.com>
2021-01-28 22:27:59 +00:00
Djordje Lukic 9f9c4b7f3b Remove k8s.io/kubernetes dependency
We are only using the `IsPodReady` function that can be rewritten easily.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2020-12-04 00:27:40 +01:00
Tibor Vass 40ec81a79a build: display [auth] output
Signed-off-by: Tibor Vass <tibor@docker.com>
2020-12-02 21:22:36 +00:00
Sebastiaan van Stijn 9a0a071d55 vendor: buildkit v0.8.0-rc2, docker
diffs:

- full diff: af34b94a78...6c0a036dce
- full diff: 4d1f260e84...v0.8.0-rc2

New dependencies:

- go.opencensus.io v0.22.3
- github.com/containerd/typeurl v1.0.1
- github.com/golang/groupcache 869f871628b6baa9cfbc11732cdf6546b17c1298

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-02 21:01:12 +00:00
Sebastiaan van Stijn 0e96d92567 vendor: golang.org/x/crypto c1f2f97bffc9c53fc40a1a28a5b460094c0050d9
full diff: 75b288015a...c1f2f97bff

relevant changes:

- pkcs12: document that we use the wrong PEM type
- pkcs12: drop PKCS#12 attributes with unknown OIDs
- ocsp: Improve documentation for ParseResponse and ParseResponseForCert

other changes (not in vendor);

- ssh: improve error message for KeyboardInteractiveChallenge
- ssh: remove slow unnecessary diffie-hellman-group-exchange primality check
- ssh/terminal: replace with a golang.org/x/term wrapper
    - Deprecates ssh/terminal in favor of golang.org/x/term
- ssh/terminal: add support for zos
- ssh/terminal: bump x/term dependency to fix js/nacl
- nacl/auth: use Size instead of KeySize for Sum output
- sha3: remove go:nocheckptr annotation

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-02 21:01:12 +00:00
Sebastiaan van Stijn e3d93058fd
build: remove PersistentPreRunE hack for experimental --platform
This hack was added in an attempt to continue supporting the experimental
(non-buildkit) `--platform` option, by dynamically updating the API version
required if buildkit isn't enabled.

This hack didn't work, however, because at the moment the override is
added, the command is not yet attached to the "root" (`docker`) command,
and because of that, the command itself is the `root` command;
`cmd.Root()` returned the `build` command.

As a result, validation steps defined as `PersistentPreRunE` on the root
command were not executed, causing invalid flags/options to not producing
an error.

Attempts to use an alternative approach (for example, cobra supports both
a `PersistentPreRun` and `PersistentPreRunE`) did not work either, because
`PersistentPreRunE` takes precedence over `PersistentPreRun`, and only one
will be executed.

Now that `--platform` should be supported for other cases than just for
experimental (LCOW), let's remove the 'experimental' check, and just assume
it's supported for API v1.32 and up.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-11-16 14:58:11 +01:00
Sebastiaan van Stijn ae5899e2b0
cli/command/container/stats.go: fix goimports
cli/command/container/stats.go:159: File is not `goimports`-ed (goimports)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-11-10 17:47:57 +01:00
Sebastiaan van Stijn b07e921289
Merge pull request #2785 from bn4t/2784-use-waitgroup-instead-of-sleep
Wait on waitgroup instead of using time.Sleep
2020-11-06 21:29:11 +01:00
Tibor Vass 1d20b15adc
Merge pull request #2818 from thaJeztah/prevent_panic
GetDefaultAuthConfig: fix potential panic due to unhandled error
2020-10-29 14:43:01 -07:00
Sebastiaan van Stijn f32731f902
GetDefaultAuthConfig: fix potential panic due to unhandled error
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-29 01:42:35 +01:00
Sebastiaan van Stijn a40beedcc3
builder: print deprecation warning instead of failing for --stream
While performance will be worse, we can safely ignore the --stream
option when used, and print a deprecation warning instead of failing
the build.

With this patch:

    echo -e "FROM scratch\nLABEL foo=bar" | docker build --stream -
    DEPRECATED: The experimental --stream flag has been removed and the build context
                will be sent non-streaming. Enable BuildKit instead with DOCKER_BUILDKIT=1
                to stream build context, see https://docs.docker.com/go/buildkit/

    Sending build context to Docker daemon  2.048kB
    Step 1/2 : FROM scratch
     --->
    Step 2/2 : LABEL foo=bar
     ---> Running in 99e4021085b6
    Removing intermediate container 99e4021085b6
     ---> 1a7a41be241f
    Successfully built 1a7a41be241f

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-24 01:58:47 +02:00
bn4t 53e2110fa3 Wait on waitgroup instead of using time.Sleep
Closes #2784
Signed-off-by: bn4t <me@bn4t.me>
2020-10-12 10:32:53 +02:00
Sebastiaan van Stijn 977d3ae046
Always enable experimental features
The CLI disabled experimental features by default, requiring users
to set a configuration option to enable them.

Disabling experimental features was a request from Enterprise users
that did not want experimental features to be accessible.

We are changing this policy, and now enable experimental features
by default. Experimental features may still change and/or removed,
and will be highlighted in the documentation and "usage" output.

For example, the `docker manifest inspect --help` output now shows:

    EXPERIMENTAL:
      docker manifest inspect is an experimental feature.

      Experimental features provide early access to product functionality. These features
      may change between releases without warning or can be removed entirely from a future
      release. Learn more about experimental features: https://docs.docker.com/go/experimental/

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 15:59:42 +02:00
Sebastiaan van Stijn 2b1138c118
Fix initializing client modifying custom HTTPHeaders
When initializing the API client, the User-Agent was added to any custom
HTTPHeaders that were configured. However, because the map was not properly
dereferenced, the original map was modified, causing the User-Agent to also
be saved to config.json after `docker login` and `docker logout`:

Before this change;

    $ cat ~/.docker/config.json
    cat: can't open '/root/.docker/config.json': No such file or directory

    $ docker login -u myusername
    Password:
    ...
    Login Succeeded

    $ cat ~/.docker/config.json
    {
        "auths": {
            "https://index.docker.io/v1/": {
                "auth": "<base64 auth>"
            }
        },
        "HttpHeaders": {
            "User-Agent": "Docker-Client/19.03.12 (linux)"
        }
    }

    $ docker logout
    {
        "auths": {},
        "HttpHeaders": {
            "User-Agent": "Docker-Client/19.03.12 (linux)"
        }
    }

After this change:

    $ cat ~/.docker/config.json
    cat: can't open '/root/.docker/config.json': No such file or directory

    $ docker login -u myusername
    Password:
    ...
    Login Succeeded

    $ cat ~/.docker/config.json
    {
        "auths": {
            "https://index.docker.io/v1/": {
                "auth": "<base64 auth>"
            }
        }
    }

    $ docker logout
    Removing login credentials for https://index.docker.io/v1/

    $ cat ~/.docker/config.json
    {
        "auths": {}
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-29 17:24:07 +02:00
Sebastiaan van Stijn 0eb3cfd261
Add test-case for env with, and without =
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-23 20:33:48 +02:00
Jorge Vallecillo e7203bf81b Fix 2 typos
Consecutive occurrences of 'the'

Signed-off-by: Jorge Vallecillo <jorgevallecilloc@gmail.com>
2020-09-18 09:26:39 -06:00
Jennings Zhang 185d71262a
Subcommand `docker manifest rm`
Squashed commit of the following:

commit b9ef85e74833ba405f68cfc20989c69d64bac4e9
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Mon Sep 14 21:39:57 2020 -0400

    Fix bash completion

    https://github.com/docker/cli/pull/2449#pullrequestreview-488110510
    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 8c46bd6e6ed151bb43865c8b1d79c00fd62e4345
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sun Sep 13 01:48:12 2020 -0400

    Add tests for docker manifest rm

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 7e3d9a9bc60e44d96953093fa0b1bc3397ca7813
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sun Sep 13 00:55:37 2020 -0400

    docker manifest rm multiple args

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 30466e28d28f6722053c5a232e99ddbae8222715
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sun Sep 13 00:01:20 2020 -0400

    No need to search before Remove

    https://github.com/docker/cli/pull/2449#discussion_r485544044
    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit ccdc4ed0a620cf8c9ec6ecc6804d1a45f7c61be5
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sat Sep 12 23:42:41 2020 -0400

    Completion should also handle --help

    https://github.com/docker/cli/pull/2449#discussion_r443140909
    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit ed260afa71a4f8feb6550f79692e47ad7430d786
Merge: 46c61d85e9 2955ece024
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sat Sep 12 23:31:54 2020 -0400

    Merge branch 'master' into manifest-rm

commit 46c61d85e973cc9fdd28d42db9ecebe373e9b942
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Fri Apr 17 21:53:33 2020 -0400

    Remove extra space

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 6d31d26c10e8d395ab08561cdb9b29829bb4bd91
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Fri Apr 17 21:15:21 2020 -0400

    Bash completion for `docker manifest rm`

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 3c8c843deb2f751a5f51ee6fcaa75da2a4525d99
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Fri Apr 17 21:05:50 2020 -0400

    Frankenstein a `docker manifest rm` command

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>
2020-09-15 16:26:47 -04:00
Tibor Vass cec8723d8c
Merge pull request #2656 from thaJeztah/bump_buildkit
vendor: buildkit 4d1f260e8490ec438ab66e08bb105577aca0ce06
2020-09-10 17:43:42 -04:00
Tibor Vass 7836597b3d
Merge pull request #2712 from thaJeztah/carry_2660_ulimits
Add ulimits support to docker service and docker stack deploy (carry 2660)
2020-09-10 15:40:25 -04:00