Commit Graph

7554 Commits

Author SHA1 Message Date
Sebastiaan van Stijn f3ff8e6ad6
[20.10] vendor: compose-on-kubernetes v0.5.0 to remove github.com/golang/glog
glog has the same issue as k8s.io/klog, and is calling `user.Current()`
inside an `init()`; see 466fbb6507

Calling `user.Current()` on Windows can result in remove connections being
made to get the user's information, which can be a heavy call. See #2420

glog was only used in a single location in compose-on-kubernetes, so we may as
well remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 14:49:04 +01:00
coryb ee1ac1b319
fix innocuous data-race when config.Load called in parallel
Locking was removed in https://github.com/docker/cli/pull/3025 which
allows for parallel calls to config.Load to modify global state.
The consequence in this case is innocuous, but it does trigger a
`DATA RACE` exception when tests run with `-race` option.

Signed-off-by: coryb <cbennett@netflix.com>
(cherry picked from commit b5f4a6e45f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-27 10:37:14 +01:00
Silvin Lubecki e91ed5707e
Merge pull request #3390 from thaJeztah/20.10_bump_go_1.16.12
[20.10] Update Go to 1.16.12
2021-12-12 07:28:24 +01:00
Sebastiaan van Stijn 38dd744a11
[20.10] Update Go to 1.16.12
go1.16.12 (released 2021-12-09) includes security fixes to the syscall and net/http
packages. See the Go 1.16.12 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.12+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-12-12 01:16:34 +01:00
Silvin Lubecki cedc602a78
Merge pull request #3380 from thaJeztah/20.10_backport_bump_go_1.16.11
[20.10 backport] Update Go to 1.16.11
2021-12-07 14:30:57 +01:00
Sebastiaan van Stijn 4de40a825e
Update Go to 1.16.11
go1.16.11 (released 2021-12-02) includes fixes to the compiler, runtime, and the
net/http, net/http/httptest, and time packages. See the Go 1.16.11 milestone on
the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.11+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit dedd4b79ca)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-12-06 11:00:01 +01:00
Sebastiaan van Stijn dea9396e18
Merge pull request #3358 from thaJeztah/20.10_backport_bump_go_1.16.10
[20.10 backport] Update Go to 1.16.10
2021-11-18 00:49:46 +01:00
Sebastiaan van Stijn 03fa8f92c8
Update Go to 1.16.10
go1.16.10 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime, the
misc/wasm directory, and to the net/http package. See the Go 1.16.10 milestone
for details: https://github.com/golang/go/issues?q=milestone%3AGo1.16.10+label%3ACherryPickApproved

From the announcement e-mail:

[security] Go 1.17.3 and Go 1.16.10 are released

We have just released Go versions 1.17.3 and 1.16.10, minor point releases.
These minor releases include two security fixes following the security policy:

- archive/zip: don't panic on (*Reader).Open
  Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can be made
  to panic by an attacker providing either a crafted ZIP archive containing
  completely invalid names or an empty filename argument.
  Thank you to Colin Arnott, SiteHost and Noah Santschi-Cooney, Sourcegraph Code
  Intelligence Team for reporting this issue. This is CVE-2021-41772 and Go issue
  golang.org/issue/48085.
- debug/macho: invalid dynamic symbol table command can cause panic
  Malformed binaries parsed using Open or OpenFat can cause a panic when calling
  ImportedSymbols, due to an out-of-bounds slice operation.
  Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this
  issue. This is CVE-2021-41771 and Go issue golang.org/issue/48990.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e285f15009)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-05 11:16:27 +01:00
Silvin Lubecki b485636f4b
Merge pull request #3331 from thaJeztah/20.10_backport_bump_go_1.16.9
[20.10 backport] Update Go to 1.16.9
2021-10-15 16:45:13 +02:00
Silvin Lubecki 241523cc1a
Merge pull request #3334 from thaJeztah/20.10_backport_docs
[20.10 backport] docs fixups
2021-10-15 16:44:28 +02:00
Peter Dave Hello 9989fdbc40
Update most links in docs to use https by default
cc @thaJeztah docker/docker.github.io#13680

Signed-off-by: Peter Dave Hello <hsu@peterdavehello.org>
(cherry picked from commit 417f97605f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-15 12:58:41 +02:00
Sebastiaan van Stijn 0e20c1fd21
Update Go to 1.16.9
go1.16.9 (released 2021-10-07) includes a security fix to the linker and misc/wasm
directory, as well as bug fixes to the runtime and to the text/template package.
See the Go 1.16.9 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.9+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bf310f863b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-15 11:05:24 +02:00
Sebastiaan van Stijn c4cb29837f
Merge pull request #3335 from thaJeztah/20.10_backport_remove_seccomp_warning
[20.10 backport] info: skip client-side warning about seccomp profile on API >= 1.42
2021-10-15 11:02:37 +02:00
Silvin Lubecki 0b56256638
Merge pull request #3336 from thaJeztah/20.10_backport_update_xx_image
[20.10 backport] Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
2021-10-11 17:58:39 +02:00
Sebastiaan van Stijn 1c0927a041
Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 47c7a096ff)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-11 16:41:40 +02:00
Sebastiaan van Stijn 82f9d5921b
info: skip client-side warning about seccomp profile on API >= 1.42
This warning will be moved to the daemon-side, similar to how it returns
other warnings. There's work in progress to change the name of the default
profile, so we may need to backport this change to prevent existing clients
from printing an incorrect warning if they're connecting to a newer daemon.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8964595692)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-11 16:38:53 +02:00
Sebastiaan van Stijn adb01ca79d
docs: some minor touch-ups in checkpoint reference
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8c73a93925)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-11 16:28:45 +02:00
Sebastiaan van Stijn 8260476a06
docs: remove trailing space to fix generated YAML format
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 795c9c96b3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-11 16:28:27 +02:00
Silvin Lubecki aa5b6b7728
Merge pull request #3326 from thaJeztah/20.10_backport_docs
[20.10 backport] assorted docs fixes
2021-10-06 17:38:07 +02:00
Silvin Lubecki 859e303655
Merge pull request #3268 from thaJeztah/20.10_backport_add_redirect
[20.10 backport] docs: add missing redirect, and remove /go/experimental redirect
2021-10-06 17:37:28 +02:00
Dmitriy Fishman bce2e1f953
docs: create.md: typo fix
Signed-off-by: Dmitriy Fishman <fishman.code@gmail.com>
(cherry picked from commit a3832808f3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:50:33 +02:00
Ivan Grund 44064f51c8
Fix typo in documentation - build.md
Signed-off-by: Ivan Grund <ivan.grund@gmail.com>
(cherry picked from commit d9f17025c4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:49:25 +02:00
CrazyMax 292779add5
Add doc for BUILDKIT_PROGRESS env var
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit ecaaa35be6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:49:09 +02:00
Sebastiaan van Stijn f2e79b826c
docs: use "console" code-hint for shell examples
This replaces the use of bash where suitable, to allow easier copy/pasting
of shell examples without copying the prompt or process output.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 47ba76afb1)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:48:53 +02:00
Sebastiaan van Stijn fa46b92361
docs: rewrite reference docs for --stop-signal and --stop-timeout
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 16466f1ce6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:48:50 +02:00
Sebastiaan van Stijn 400f81089a
experimental: fix broken link to "checkpoint and restore" page
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ea98f6c923)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:48:18 +02:00
Sebastiaan van Stijn c72057c8db
docs: move checkpoint/restore doc from experimental into reference
This allows this information to be read from docs.docker.com.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit aa89e6847a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:48:12 +02:00
Pawel 77db97d595
Use private network address for default-address-pools setting in daemon.json example
Signed-off-by: Pawel <pepawel@users.noreply.github.com>
(cherry picked from commit 6482f3f9b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:45:47 +02:00
Sebastiaan van Stijn cbf0d2b7b7
docs: fix some broken anchors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2621af848a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:45:12 +02:00
Sebastiaan van Stijn d0014a86bc
docs: fix description of restart-delay to mention max (1 minute)
Commit 9bd3a7c029
(docker 17.04 and up) added a maximum timeout of 1 minute to the
restart timeout.

This patch updates the documentation to match the current behavior.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 47e5cfa9e9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:42:47 +02:00
takeshi.koenuma 6c1c8b55aa
docs: fix search results by filterd is-official
Signed-off-by: takeshi.koenuma <t.koenuma2@gmail.com>
(cherry picked from commit 1de937c144)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-06 16:42:32 +02:00
Sebastiaan van Stijn c2ea9bc90b
Merge pull request #3 from moby/20.10_backport_go_1.16.8
[20.10 backport] Update Go to 1.16.8
2021-09-23 20:26:34 +02:00
Sebastiaan van Stijn 44fdac11f5
Update Go to 1.16.8
This includes additional fixes for CVE-2021-39293.

go1.16.8 (released 2021-09-09) includes a security fix to the archive/zip package,
as well as bug fixes to the archive/zip, go/internal/gccgoimporter, html/template,
net/http, and runtime/pprof packages. See the Go 1.16.8 milestone on the issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.8+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 01fa5d925a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-09-15 14:18:23 +02:00
Sebastiaan van Stijn 893e52cf4b
Merge pull request #2 from moby/cli-ghsa-99pg-grm5-qq3v-default-authconfig-20.10
[20.10] registry: ensure default auth config has address
2021-09-09 20:40:54 +02:00
Sebastiaan van Stijn 061051c24d
docs: add missing redirect, and remove /go/experimental redirect
The /go/ redirects are now defined in the docs repository, so the one
we defined here can be removed.
Also adds a missing redirect for an old URL to the main CLI page.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 463746ff22)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-23 17:50:43 +02:00
Sebastiaan van Stijn 62eae52c2a
Merge pull request #3236 from thaJeztah/20.10_backport_bump_go_1.16.7
[20.10 backport] Update Go to 1.16.7
2021-08-17 14:11:07 +02:00
Sebastiaan van Stijn 2012fbf111
Update Go to 1.16.7
go1.16.7 (released 2021-08-05) includes a security fix to the net/http/httputil
package, as well as bug fixes to the compiler, the linker, the runtime, the go
command, and the net/http package. See the Go 1.16.7 milestone on the issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.7+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3112b382a3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-07 18:24:03 +02:00
Samuel Karp 42d1c02750
registry: ensure default auth config has address
Signed-off-by: Samuel Karp <skarp@amazon.com>
2021-07-29 19:57:58 -07:00
Sebastiaan van Stijn 3967b7d28e
Merge pull request #3224 from thaJeztah/20.10_backport_bump_go_1.16.6
[20.10 backport] Bump go 1.16.6
2021-07-29 15:55:47 +02:00
Sebastiaan van Stijn 0b924e51fc
Update to go1.16.6
Keeping the dockerfiles/Dockerfile.cross image at 1.13, as we don't
have more current versions of that image. However, I don't think it's
still used, so we should remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a477a727fc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:11:44 +02:00
Sebastiaan van Stijn 6288e8b1ac
change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test
Golang uses a `sync.Once` when determining the proxy to use. This means
that it's not possible to test the proxy configuration in unit tests,
because the proxy configuration will be "fixated" the first time Golang
detects the proxy configuration.

This patch changes TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e
test so that we can verify the CLI picks up the proxy configuration.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 40c6b117e7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:11:10 +02:00
Sebastiaan van Stijn 1e9575e81a
cli/config/configfile: various test cleanups
- use var/const blocks when declaring a list of variables
- use const where possible

TestCheckKubernetesConfigurationRaiseAnErrorOnInvalidValue:

- use keys when assigning values
- make sure test is dereferenced in the loop
- use subtests

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit be327a4f0f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:10:40 +02:00
Sebastiaan van Stijn c98e9c47ca
Use designated test domains (RFC2606) in tests
Some tests were using domain names that were intended to be "fake", but are
actually registered domain names (such as mycorp.com).

Even though we were not actually making connections to these domains, it's
better to use domains that are designated for testing/examples in RFC2606:
https://tools.ietf.org/html/rfc2606

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f3886f354a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:10:38 +02:00
Sebastiaan van Stijn a6f6b5fa34
Merge pull request #3219 from thaJeztah/20.10_backport_deprecate_encrypted_tls
[20.10 backport] context: deprecate support for encrypted TLS private keys
2021-07-29 11:40:02 +02:00
Sebastiaan van Stijn 8437cfefae
context: deprecate support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 15535d4594)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 15:48:11 +02:00
Sebastiaan van Stijn 68a5ca859f
cli/context: ignore linting warnings about RFC 1423 encryption
From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

When linting on Go 1.16:

    cli/context/docker/load.go:69:6: SA1019: x509.IsEncryptedPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
            if x509.IsEncryptedPEMBlock(pemBlock) {
               ^
    cli/context/docker/load.go:70:20: SA1019: x509.DecryptPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
                keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(c.TLSPassword))
                                ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2688f25eb7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 15:48:09 +02:00
Sebastiaan van Stijn f9d091f4b1
Merge pull request #3174 from thaJeztah/20.10_backport_deprecate_kube
[20.10 backport] Deprecate Kubernetes stack support
2021-07-28 15:47:43 +02:00
Silvin Lubecki e9b8231d6a
Merge pull request #3205 from thaJeztah/20.10_backport_update_dockerfile_syntax
[20.10 backport] Update Dockerfiles to latest syntax, remove "experimental"
2021-07-22 15:42:42 +02:00
Sebastiaan van Stijn 8a64739631
Update Dockerfiles to latest syntax, remove "experimental"
The experimental image is deprecated (now "labs"), and the features we use
are now included in the regular (stable) syntax.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 48dbf6f3cf)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-22 14:57:33 +02:00
Silvin Lubecki a555c853b0
Merge pull request #3200 from thaJeztah/20.10_backport_update_md2man
[20.10 backport] Update go-md2man to v2.0.1 to fix table rendering in man-pages
2021-07-22 14:44:56 +02:00