This attempts to make it clearer that the --cgroup-parent option is only used
for the containers used during build. Instead of mentioning "build container",
I opted for using "RUN instructions" (to match the --network description),
although this may not be ideal (as it assumes the "Dockerfile" front-end, which
of course may not be the case).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e050312e6d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In previous versions of the Docker API, `system prune --volumes` and `volume prune`
would remove all dangling volumes. With API v1.42, this was changed so that only
anonymous volumes would be removed unless the all filter was specified.
Some of the docs were updated in #4218, however, there were a couple of places
left that didn't make the anonymous vs named volumes distinction clear.
This replaces #4079, which was bitrotted by #4218. See also #4028.
Closes#4079.
Signed-off-by: Ed Morley <501702+edmorley@users.noreply.github.com>
(cherry picked from commit 6e2e92d774)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The BuildKit dockerignore package was migrated to the patternmatcher
repository / module. This patch updates our uses of the BuildKit package
with its new location.
A small local change was made to keep the format of the existing error message,
because the "ignorefile" package is slightly more agnostic in that respect
and doesn't include ".dockerignore" in the error message.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5bff12354d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When using a personal access token, Docker Hub produces an error if actions
are requested beyond the token's allowed actions. This resulted in errors
when using a PAT with limited permissions to do a "docker manifest inspect".
This patch sets actions to "pull" only by default, and requests "push" action
for requests that need it.
To verify:
- create a PAT with limited access (read-only)
- log in with your username and the PAT as password
Before this patch:
docker manifest inspect ubuntu:latest
Get "https://registry-1.docker.io/v2/library/ubuntu/manifests/latest": unauthorized: access token has insufficient scopes
With this patch applied:
docker manifest inspect ubuntu:latest
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.index.v1+json",
"manifests": [
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 424,
"digest": "sha256:56887c5194fddd8db7e36ced1c16b3569d89f74c801dc8a5adbf48236fb34564",
"platform": {
"architecture": "amd64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 424,
"digest": "sha256:c835a4f2a632bc91a2b494e871549f0dd83f2966c780e66435774e77e048ddf0",
"platform": {
"architecture": "arm",
"os": "linux",
"variant": "v7"
}
}
]
}
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d2047b954e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Initialize AuthConfigs map if it's nil before returning it.
This fixes fileStore.Store nil dereference panic when adding a new key
to the map.
Signed-off-by: Danial Gharib <danial.mail.gh@gmail.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit ad43df5e86)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit fe7afb700f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Changes the `Read` and `Write` error handling
logic to return the original error while closing
the connection. We still skip calling `handleEOF`
if already closing the connection.
Fixes the flaky `TestCloseWhileWriting` and
`TestCloseWhileReading` tests.
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit d5f564adaa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
commandconn: fix race on `Close()`
During normal operation, if a `Read()` or `Write()` call results
in an EOF, we call `onEOF()` to handle the terminating command,
and store it's exit value.
However, if a Read/Write call was blocked while `Close()` is called
the in/out pipes are immediately closed which causes an EOF to be
returned. Here, we shouldn't call `onEOF()`, since the reason why
we got an EOF is because we're already terminating the connection.
This also prevents a race between two calls to the commands `Wait()`,
in the `Close()` call and `onEOF()`
---
Add CLI init timeout to SSH connections
---
connhelper: add 30s ssh default dialer timeout
(same as non-ssh dialer)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit a5ebe2282a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The daemon collects this information regardless if "debug" is
enabled. Print the debugging information if either the daemon,
or the client has debug enabled.
We should probably improve this logic and print any of these if
set (but some special rules are needed for file-descriptors, which
may use "-1".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 92d7a234dd)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
I'm considering deprecating the "Key()" utility, as it was only
used in tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 79ff64f06d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: David Karlsson <david.karlsson@docker.com>
(cherry picked from commit 759fa585cf)
Signed-off-by: David Karlsson <david.karlsson@docker.com>
Adding some utilities to print the output, to keep the linters happier
without having to either suppress errors, or ignore them.
Perhaps we should consider adding utilities for this on the "command.Streams"
outputs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The VirtualSize field is deprecated and the upcoming API version v1.44
will no longer propagate the field. See:
1261fe69a3,
Given that in docker 1.10 and up (API v1.22), the VirtualSize and Size
fields contain the same value, and the "df" endpoint was not supported
until API v1.25, we can "safely" use Size instead; see:
- 4ae7176ffb
- 4352da7803
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This makes it possible to update the image loaded for e2e tests without
modifying all tests that use them.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
These were deprecated in eb0ba4f8d5, which
was part of docker 19.03, so users should have had a chance to migrate.
This removes InStream, OutStream, NewInStream and NewOutStream
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fixes the cli erroring out if the variable is set to an empty
value.
```
$ export DOCKER_BUILDKIT=
$ docker version
DOCKER_BUILDKIT environment variable expects boolean value: strconv.ParseBool: parsing "": invalid syntax
```
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Since Swarm does not use the `build` section, there's no reason to validate properties here.
This makes it so we don't have to keep updating the schema in the CLI to support properties
added in the Compose Spec for build, and does not imply any new feature support since Swarm
does not consider this section.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
For moby/moby PR 45025 (Docker v24, API v1.43).
`docker run --annotation foo=bar` is similar to `podman run --annotation foo=bar`,
however, unlike Podman, Docker implementation also accepts an annotation with an empty value.
(`docker run --annotation foo`)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Set the client's API version that's used in the info, instead of requesting
it as part of printing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Make this function only _print_ the info we have, and not read the username
from the credential-store.
This patch adds a Username field to the (local) `info` type, and sets it
when needed, so that prettyPrintServerInfo only has to format and print
the information, instead of calling out to the credential-store.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Starting with b4ca1c7368, docker login
no longer depends on info.IndexServerAddress to determine the default
registry.
The prettyPrintServerInfo() still depended on this information, which
could potentially show the wrong information.
This patch changes it to also depend on the same information as docker login
now does.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The IndexServerAddress field was as part of the initial Windows implementation
of the engine. For legal reasons, Microsoft Windows (and thus Docker images
based on Windows) were not allowed to be distributed through non-Microsoft
infrastructure. As a temporary solution, a dedicated "registry-win-tp3.docker.io"
registry was created to serve Windows images.
Currently, this field always shows "https://index.docker.io/v1/", which is
confusing, because that address is not used for the registry (only for
authentication and "v1" search).
docker info
...
Registry: https://index.docker.io/v1/
Starting with b4ca1c7368, this field is also
no longer used during authentication, and a3d56e7d06
removed the (deprecated) ElectAuthServer() which was previously used to
query it.
Given that there's currently no practical use for this information, and
it only adds "noise" (and confusion), this patch removes it from the default
output.
For now, the field is (still) available for those that want to use it;
docker info --format '{{.IndexServerAddress}}'
https://index.docker.io/v1/
But it won't be printed by default.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Deprecate this function in favor of the implementation in the API types,
considering that to be the canonical implementation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>