Commit Graph

8578 Commits

Author SHA1 Message Date
Kevin Alvarez d93d78588d
load plugin command stubs when required
We are currently loading plugin command stubs for every
invocation which still has a significant performance hit.
With this change we are doing this operation only if cobra
completion arg request is found.

- 20.10.23: `docker --version` takes ~15ms
- 23.0.1: `docker --version` takes ~93ms

With this change `docker --version` takes ~9ms

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit c39c711a18)
2023-03-31 16:38:01 +02:00
Sebastiaan van Stijn 3e7cbfdee1
Merge pull request #4139 from thaJeztah/23.0_backport_fix_go_version
[23.0 backport] gha: align stray go 1.19.4 version
2023-03-31 16:06:26 +02:00
Sebastiaan van Stijn 8e38271f23
gha: align stray go 1.19.4 version
looks like this one was forgotten to be updated :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e4436853e8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-30 16:56:58 +02:00
Sebastiaan van Stijn 569dd73db1
Merge pull request #4126 from thaJeztah/23.0_backport_align_go_ver
[23.0 backport] Dockerfile: align go version
2023-03-27 17:44:26 +02:00
CrazyMax f6643207a2
don't use null values in the bake definition
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit bec5d37e91)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-27 17:18:38 +02:00
CrazyMax f381e08425
Dockerfile: align go version
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit b854eff300)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-27 17:18:35 +02:00
Sebastiaan van Stijn 18f20a5537
Merge pull request #4124 from thaJeztah/23.0_e2e_fix_certs
[23.0 backport] e2e: update notary certificates
2023-03-27 17:18:13 +02:00
CrazyMax d3a36fc38c
e2e: update notary certificates
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit b201ce5efd)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-27 15:26:23 +02:00
CrazyMax 59bb07f2e4
e2e: increase tests certificates duration (10 years)
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit c6c33380da)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-27 15:26:22 +02:00
CrazyMax 80f27987f4
bake target to generate certs for e2e tets
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit d234a81de7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-27 15:26:20 +02:00
Sebastiaan van Stijn 6a8406e602
Merge pull request #4092 from crazy-max/23.0_backport_buildx-completion
[23.0 backport] Add bash completion for available plugins
2023-03-22 20:05:09 +01:00
Sebastiaan van Stijn c2c122fb65
Merge pull request #4107 from thaJeztah/23.0_backport_size_flag_ps
[23.0 backport] Don't automatically request size if `--size` was explicitly set to `false`
2023-03-21 17:54:09 +01:00
Sebastiaan van Stijn 40a48e4154
Merge pull request #4106 from thaJeztah/23.0_backport_fix_comments
[23.0 backport] cli/command: ElectAuthServer: fix deprecation comment
2023-03-21 17:52:39 +01:00
Laura Brehm a43c9f3440
Don't automatically request size if `--size` was explicitly set to `false`
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit 9733334487)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-21 17:02:35 +01:00
Sebastiaan van Stijn 114e17ac4b
cli/command: fix imports formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 742881fc58)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-21 16:58:47 +01:00
Sebastiaan van Stijn e2c402118c
cli/command: ElectAuthServer: fix deprecation comment
The comment was not formatted correctly, and because of that not picked up as
being deprecated.

updates b4ca1c7368

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e3fa7280ad)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-21 16:58:47 +01:00
CrazyMax d07453890c
Add bash completion for available plugins
Signed-off-by: CrazyMax <github@crazymax.dev>
(cherry picked from commit aa0aa4a6dc)
2023-03-17 15:06:45 +01:00
Sebastiaan van Stijn 288b6c79fe
Merge pull request #4083 from thaJeztah/23.0_backport_windows_drive_cwd_env
[23.0 backport] stack/loader: Ignore cmd.exe special env variables
2023-03-10 13:04:29 +01:00
Sebastiaan van Stijn fbab8cd2be
Merge pull request #4086 from thaJeztah/23.0_backport_bump_go1.19.7
[23.0 backport] update to go1.19.7
2023-03-10 13:04:03 +01:00
Sebastiaan van Stijn b898a46135
Merge pull request #4088 from thaJeztah/23.0_backport_update_buildx
[23.0 backport] Dockerfile: update buildx to v0.10.4
2023-03-10 12:54:16 +01:00
Sebastiaan van Stijn 90a72a5894
Dockerfile: update buildx to v0.10.4
release notes: https://github.com/docker/buildx/releases/tag/v0.10.4

full diff: https://github.com/docker/buildx/compare/v0.10.3...v0.10.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 74c4ed4171)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-10 12:33:03 +01:00
Sebastiaan van Stijn 4c63110a92
update to go1.19.7
Includes a security fix for crypto/elliptic (CVE-2023-24532).

> go1.19.7 (released 2023-03-07) includes a security fix to the crypto/elliptic
> package, as well as bug fixes to the linker, the runtime, and the crypto/x509
> and syscall packages. See the Go 1.19.7 milestone on our issue tracker for
> details.

https://go.dev/doc/devel/release#go1.19.minor

From the announcement:

> We have just released Go versions 1.20.2 and 1.19.7, minor point releases.
>
> These minor releases include 1 security fixes following the security policy:
>
> - crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results
    >
    >   The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an
    >   incorrect result if called with some specific unreduced scalars (a scalar larger
    >   than the order of the curve).
    >
    >   This does not impact usages of crypto/ecdsa or crypto/ecdh.
>
> This is CVE-2023-24532 and Go issue https://go.dev/issue/58647.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 23da1cec6c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-10 10:24:22 +01:00
Paweł Gronowski b61b5a9878
stack: Change unexpected environment variable error
Make the error more specific by stating that it's caused by a specific
environment variable and not an environment as a whole.
Also don't escape the variable to make it more readable.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 012b77952e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-09 22:13:20 +01:00
Paweł Gronowski 84fe451ec7
stack/loader: Ignore cmd.exe special env variables
On Windows, ignore all variables that start with "=" when building an
environment variables map for stack.
For MS-DOS compatibility cmd.exe can set some special environment
variables that start with a "=" characters, which breaks the general
assumption that the first encountered "=" separates a variable name from
variable value and causes trouble when parsing.

These variables don't seem to be documented anywhere, but they are
described by some third-party sources and confirmed empirically on my
Windows installation.

Useful sources:
https://devblogs.microsoft.com/oldnewthing/20100506-00/?p=14133
https://ss64.com/nt/syntax-variables.html

Known variables:

- `=ExitCode` stores the exit code returned by external command (in hex
  format)
- `=ExitCodeAscii` - same as above, except the value is the ASCII
  representation of the code (so exit code 65 (0x41) becomes 'A').
- `=::=::\` and friends - store drive specific working directory.
  There is one env variable for each separate drive letter that was
  accessed in the shell session and stores the working directory for that
  specific drive.
  The general format for these is:
    `=<DRIVE_LETTER>:=<CWD>`  (key=`=<DRIVE_LETTER>:`, value=`<CWD>`)
  where <CWD> is a working directory for the drive that is assigned to
  the letter <DRIVE_LETTER>

  A couple of examples:
    `=C:=C:\some\dir`  (key: `=C:`, value: `C:\some\dir`)
    `=D:=D:\some\other\dir`  (key: `=C:`, value: `C:\some\dir`)
    `=Z:=Z:\`  (key: `=Z:`, value: `Z:\`)

  `=::=::\` is the one that seems to be always set and I'm not exactly
  sure what this one is for (what's drive `::`?). Others are set as
  soon as you CD to a path on some drive. Considering that you start a
  cmd.exe also has some working directory, there are 2 of these on start.

All these variables can be safely ignored because they can't be
deliberately set by the user, their meaning is only relevant to the
cmd.exe session and they're all are related to the MS-DOS/Batch feature
that are irrelevant for us.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit a47058bbd5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-09 22:13:18 +01:00
Sebastiaan van Stijn 71615c2df1
Merge pull request #4077 from thaJeztah/23.0_update_buildx
[23.0 backport] Dockerfile: update buildx to v0.10.3
2023-03-09 12:08:43 +01:00
Paweł Gronowski a1acc9af91
Merge pull request #4076 from thaJeztah/23.0_backport_deprecate_buildinfo
[23.0 backport] docs: Deprecate buildkit's build information
2023-03-06 20:06:22 +01:00
Jacopo Rigoli 95066ff3a2
Dockerfile: update buildx to v0.10.3
release notes: https://github.com/docker/buildx/releases/tag/v0.10.3

Signed-off-by: Jacopo Rigoli <rigoli.jacopo@gmail.com>
(cherry picked from commit dac79b19a7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-06 18:28:30 +01:00
Paweł Gronowski 0dbf70fad2
docs: Deprecate buildkit's build information
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 8bc1aaceae)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-06 18:25:03 +01:00
Sebastiaan van Stijn e0b8e19687
Merge pull request #4035 from thaJeztah/23.0_backport_carry_4027
[23.0 backport] changed the container name in docker stats page
2023-03-03 16:47:47 +01:00
Sebastiaan van Stijn 98e874dac7
Merge pull request #4039 from thaJeztah/23.0_backport_bump_go_1.19.6
[23.0 backport] update to go1.19.6
2023-03-02 14:34:36 +01:00
Sebastiaan van Stijn 92164b0306
Merge pull request #4065 from vvoland/dangling-images-none-23
[23.0 backport] formatter: Consider empty RepoTags and RepoDigests as dangling
2023-03-02 14:31:31 +01:00
Paweł Gronowski 5af8077eeb
formatter: Consider empty RepoTags and RepoDigests as dangling
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 89687d5b3f)
2023-03-02 09:48:45 +01:00
Sebastiaan van Stijn d352c504a8
Merge pull request #4061 from vvoland/test-fakecli-images-mock-23
[23.0 backport] test/cli: Use empty array as empty output of images/json
2023-03-01 21:03:06 +01:00
Sebastiaan van Stijn 28c74b759b
Merge pull request #4063 from thaJeztah/23.0_backport_write_file
[23.0 backport] context: avoid corrupt file writes
2023-03-01 21:02:40 +01:00
Nick Santos 57a502772b
context: avoid corrupt file writes
Write to a tempfile then move, so that if the
process dies mid-write it doesn't corrupt the store.

Also improve error messaging so that if a file does
get corrupted, the user has some hope of figuring
out which file is broken.

For background, see:
https://github.com/docker/for-win/issues/13180
https://github.com/docker/for-win/issues/12561

For a repro case, see:
https://github.com/nicks/contextstore-sandbox

Signed-off-by: Nick Santos <nick.santos@docker.com>
(cherry picked from commit c2487c2997)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-01 16:14:03 +01:00
Paweł Gronowski 14ac8db968
test/cli: Use empty array as empty output of images/json
Tests mocking the output of GET images/json with fakeClient used an
array with one empty element as an empty response.
Change it to just an empty array.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit a1953e19b2)
2023-03-01 15:59:31 +01:00
Sebastiaan van Stijn 1ab7665be8
Merge pull request #4047 from neersighted/backport/4019/23.0
[23.0 backport] docs: drop dated comments about graphdrivers
2023-02-23 18:41:54 +01:00
Bjorn Neergaard 1810e922ac
docs: drop dated comments about graphdrivers
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit e636747a14)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2023-02-23 09:28:27 -07:00
Sebastiaan van Stijn 5051d82a17
update to go1.19.6
go1.19.6 (released 2023-02-14) includes security fixes to the crypto/tls,
mime/multipart, net/http, and path/filepath packages, as well as bug fixes to
the go command, the linker, the runtime, and the crypto/x509, net/http, and
time packages. See the Go 1.19.6 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.19.6+label%3ACherryPickApproved

From the announcement on the security mailing:

We have just released Go versions 1.20.1 and 1.19.6, minor point releases.

These minor releases include 4 security fixes following the security policy:

- path/filepath: path traversal in filepath.Clean on Windows

  On Windows, the filepath.Clean function could transform an invalid path such
  as a/../c:/b into the valid path c:\b. This transformation of a relative (if
  invalid) path into an absolute path could enable a directory traversal attack.
  The filepath.Clean function will now transform this path into the relative
  (but still invalid) path .\c:\b.

  This is CVE-2022-41722 and Go issue https://go.dev/issue/57274.

- net/http, mime/multipart: denial of service from excessive resource
  consumption

  Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely
  unlimited amounts of memory and disk files. This also affects form parsing in
  the net/http package with the Request methods FormFile, FormValue,
  ParseMultipartForm, and PostFormValue.

  ReadForm takes a maxMemory parameter, and is documented as storing "up to
  maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts
  which cannot be stored in memory are stored on disk in temporary files. The
  unconfigurable 10MB reserved for non-file parts is excessively large and can
  potentially open a denial of service vector on its own. However, ReadForm did
  not properly account for all memory consumed by a parsed form, such as map
  ntry overhead, part names, and MIME headers, permitting a maliciously crafted
  form to consume well over 10MB. In addition, ReadForm contained no limit on
  the number of disk files created, permitting a relatively small request body
  to create a large number of disk temporary files.

  ReadForm now properly accounts for various forms of memory overhead, and
  should now stay within its documented limit of 10MB + maxMemory bytes of
  memory consumption. Users should still be aware that this limit is high and
  may still be hazardous.

  ReadForm now creates at most one on-disk temporary file, combining multiple
  form parts into a single temporary file. The mime/multipart.File interface
  type's documentation states, "If stored on disk, the File's underlying
  concrete type will be an *os.File.". This is no longer the case when a form
  contains more than one file part, due to this coalescing of parts into a
  single file. The previous behavior of using distinct files for each form part
  may be reenabled with the environment variable
  GODEBUG=multipartfiles=distinct.

  Users should be aware that multipart.ReadForm and the http.Request methods
  that call it do not limit the amount of disk consumed by temporary files.
  Callers can limit the size of form data with http.MaxBytesReader.

  This is CVE-2022-41725 and Go issue https://go.dev/issue/58006.

- crypto/tls: large handshake records may cause panics

  Both clients and servers may send large TLS handshake records which cause
  servers and clients, respectively, to panic when attempting to construct
  responses.

  This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable
  session resumption (by setting Config.ClientSessionCache to a non-nil value),
  and TLS 1.3 servers which request client certificates (by setting
  Config.ClientAuth
  > = RequestClientCert).

  This is CVE-2022-41724 and Go issue https://go.dev/issue/58001.

- net/http: avoid quadratic complexity in HPACK decoding

  A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
  in the HPACK decoder, sufficient to cause a denial of service from a small
  number of small requests.

  This issue is also fixed in golang.org/x/net/http2 v0.7.0, for users manually
  configuring HTTP/2.

  This is CVE-2022-41723 and Go issue https://go.dev/issue/57855.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e921e103a4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-17 01:11:03 +01:00
Aslam Ahemad 7f4e3ead75
changed the container name in docker stats page
Signed-off-by: Aslam Ahemad <aslamahemad@gmail.com>
(cherry picked from commit d2f726d5ad)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-15 11:53:36 +01:00
Sebastiaan van Stijn a5ee5b1dfc
Merge pull request #4018 from thaJeztah/23.0_backport_fix_ci_events
[23.0 backport] ci: fix branch filter pattern
2023-02-09 20:15:59 +01:00
CrazyMax 27b19a6acf
ci: fix branch filter pattern
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 0f39598687)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-09 19:55:03 +01:00
Brian Goff ab4ef4aed4
Merge pull request #4004 from thaJeztah/23.0_backports
[23.0 backports] assorted backports
2023-02-06 11:38:55 -08:00
Sebastiaan van Stijn 14aac2c232
vendor: github.com/docker/docker v23.0.0
- client: improve error messaging on crash

full diff: https://github.com/docker/docker/compare/v23.0.0-rc.3...v23.0.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bbebebaedf)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-06 14:47:36 +01:00
Sebastiaan van Stijn 0cd15abfde
vendor: github.com/containerd/containerd v1.6.16
no changes in vendored code

full diff: https://github.com/containerd/containerd/compare/v1.6.15...v1.6.16

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5195db1ff5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-06 14:47:36 +01:00
Cory Snider 168f1b55e2
cli/command/container: exit 126 on EISDIR error
The error returned from "os/exec".Command when attempting to execute a
directory has been changed from syscall.EACCESS to syscall.EISDIR on
Go 1.20. 2b8f214094
Consequently, any runc runtime built against Go 1.20 will return an
error containing 'is a directory' and not 'permission denied'. Update
the string matching so the CLI exits with status code 126 on 'is a
directory' errors (EISDIR) in addition to 'permission denied' (EACCESS).

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit 9b5ceb52b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-06 14:47:36 +01:00
Albin Kerouanton 53ed25d9b6
Fix bad ThrottleDevice path
Fixes moby/moby#44904.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
(cherry picked from commit 56051b84b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-06 14:47:33 +01:00
Sebastiaan van Stijn e92dd87c32
Merge pull request #3996 from laurazard/skip-broken-credentials
Fix issue where one bad credential helper causes no credentials to be returned
2023-01-31 17:45:07 +01:00
Laura Brehm 9e3d5d1528
Fix issue where one bad credential helper causes none to be returned
Instead, skip bad credential helpers (and warn the user about the error)

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-01-31 17:14:30 +01:00
Sebastiaan van Stijn 3ae101f41e
Merge pull request #3991 from dvdksn/docs/refactor-docs-dir
docs: move doc generation scripts to subdir
2023-01-31 13:27:37 +01:00