Commit Graph

107 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 08a1ccc60a
Remove support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

This feature allowed using an encrypted private key with a supplied password,
but did not provide additional security as the encryption is known to be broken,
and the key is sitting next to the password in the filesystem. Users are recommended
to decrypt the private key, and store it un-encrypted to continue using it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-27 14:26:32 +01:00
Dmitriy Fishman c4619fb341 Update deprecated.md
Signed-off-by: Dmitriy Fishman <fishman.code@gmail.com>
2021-09-30 18:48:47 +03:00
Sebastiaan van Stijn 2621af848a
docs: fix some broken anchors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-09-13 16:20:09 +02:00
Sebastiaan van Stijn 47ba76afb1
docs: use "console" code-hint for shell examples
This replaces the use of bash where suitable, to allow easier copy/pasting
of shell examples without copying the prompt or process output.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-21 18:29:13 +02:00
Sebastiaan van Stijn 8916855c25
docs: update deprecation status of LCOW
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 09:22:11 +02:00
Sebastiaan van Stijn 15535d4594
context: deprecate support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 14:42:45 +02:00
Mathieu Champlon a033cdf515 Deprecate Kubernetes context support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2021-07-01 18:39:00 +02:00
Mathieu Champlon 7190255a68 Deprecate Kubernetes stack support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2021-06-28 14:57:15 +02:00
Sebastiaan van Stijn 697c3a5b48
docs: fix typo in deprecated.md
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-08 16:03:51 +01:00
Sebastiaan van Stijn fb2ea098a9
deprecate blkio-weight options with cgroups v1
These options were deprecated and removed in the Linux kernel v5.0 and up in;

- f382fb0bce
- fb5772cbfe
- 23aa16489c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-07 11:27:23 +01:00
Sebastiaan van Stijn 06c60dea90
Deprecation: add pulling from non-compliant registries to table
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-09 02:36:30 +01:00
Sebastiaan van Stijn aa91af81c6
Add deprecation note for non-compliant registries
Docker Engine v20.10 and up includes optimizations to verify if images in the
local image cache need updating before pulling, preventing the Docker Engine
from making unnecessary API requests. These optimizations require the container
image registry to conform to the Open Container Initiative Distribution Specification
(https://github.com/opencontainers/distribution-spec).

While most registries conform to the specification, we encountered some registries
to be non-compliant, resulting in `docker pull` to fail.

As a temporary solution, Docker Engine v20.10 includes a fallback mechanism to
allow `docker pull` to be functional when using a non-compliant registry. A
warning message is printed in this situation:

    WARNING Failed to pull manifest by the resolved digest. This registry does not
            appear to conform to the distribution registry specification; falling back to
            pull by tag. This fallback is DEPRECATED, and will be removed in a future
            release.

The fallback is added to allow users to either migrate their images to a compliant
registry, or for these registries to become compliant.

Note that this fallback only addresses failures on `docker pull`. Other commands,
such as `docker stack deploy`, or pulling images with `containerd` will continue
to fail.

Given that other functionality is still broken with these registries, we consider
this fallback a _temporary_ solution, and will remove the fallback in an upcoming
major release.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-07 13:34:50 +01:00
Sebastiaan van Stijn 7150736688
Deprecation: add experimental docker build --stream option
Docker v17.07 introduced an experimental `--stream` flag on `docker build` which
allowed the build-context to be incrementally sent to the daemon, instead of
unconditionally sending the whole build-context.

This functionality has been reimplemented as part of BuildKit, which uses streaming
by default and the `--stream` option will be ignored when using the classic builder,
printing a deprecation warning instead.

Users that want to use this feature are encouraged to enable BuildKit by setting
the `DOCKER_BUILDKIT=1` environment variable or through the daemon or CLI configuration
files.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-24 01:58:54 +02:00
Sebastiaan van Stijn faac84e35d
Deprecate Linux containers on Windows (LCOW) (experimental)
The experimental feature to run Linux containers on Windows (LCOW) was introduced
as a technical preview in Docker 17.09. While many enhancements were made after
its introduction, the feature never reached completeness, and development has
now stopped in favor of running docker natively on Linux in WSL2.

Developers that need to run Linux workloads on a Windows host are encouraged
to use Docker Desktop with WSL2 instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-16 14:10:22 +02:00
Sebastiaan van Stijn 6c0a3dfbff
docs: update 20.03 -> 20.10 in deprecated.md
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-13 09:38:48 +02:00
Sebastiaan van Stijn de8b696ed6
docs/deprecated: remove minor versions
Some deprecations are ammended during a major (YY.MM) release, to
inform users as early as possible about deprecations. Removing the
minor version from this overview clarifies that features are
marked deprecated during which major release's lifecycle.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 14:15:42 +02:00
Sebastiaan van Stijn 48822564b6
docs: deprecate CLI options for experimental CLI features
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 14:10:27 +02:00
Sebastiaan van Stijn eec6710111
deprecate Dockerfile legacy 'ENV name value' syntax
The Dockerfile `ENV` instruction allows values to be set using either `ENV name=value`
or `ENV name value`. The latter (`ENV name value`) form can be ambiguous, for example,
the following defines a single env-variable (`ONE`) with value `"TWO= THREE=world"`,
but may have intended to be setting three env-vars:

    ENV ONE TWO= THREE=world

This format also does not allow setting multiple environment-variables in a single
`ENV` line in the Dockerfile.

Use of the `ENV name value` syntax is discouraged, and may be removed in a future
release. Users are encouraged to update their Dockerfiles to use the `ENV name=value`
syntax, for example:

    ENV ONE="" TWO="" THREE="world"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-23 20:50:00 +02:00
Sebastiaan van Stijn 3c0a167ed5
document deprecation of legacy `~/.dockercfg` config-file
The docker CLI up until v1.7.0 used the `~/.dockercfg` file to store credentials
after authenticating to a registry (`docker login`). Docker v1.7.0 replaced this
file with a new CLI configuration file, located in `~/.docker/config.json`. When
implementing the new configuration file, the old file (and file-format) was kept
as a fall-back, to assist existing users with migrating to the new file.

Given that the old file format encourages insecure storage of credentials
(credentials are stored unencrypted), and that no version of the CLI since
Docker v1.7.0 has created this file, the file is marked deprecated, and support
for this file will be removed in a future release.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-03 11:45:35 +02:00
Akihiro Suda 074a8dcff6
deprecate `docker run --kernel-memory`
`docker run --kernel-memory` is being deprecated in https://github.com/moby/moby/pull/41254

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-07-24 20:56:15 +09:00
Sebastiaan van Stijn a91880a3a3
Deprecate classic Swarm and overlay networks using external k/v stores
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-29 10:56:05 +02:00
Silvin Lubecki 459c6082f8 Removing CLI plugins API documentation from official documentation as it is now deprecated.
Adding depreciation notice.

Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2020-05-19 10:37:35 +02:00
Sebastiaan van Stijn 94f513e48e
Update deprecation policy to 1 stable release
The deprecation policy was written when we had monthly releases
(edge+stable), and stable releases were released every 3 months.

The release cadence has changed to be longer than 3 months for
stable releases, so adjusting the policy accordingly.

Note that the policy continues to be "at least x releases", so
even though we _can_ remove a feature after one release, it does
not mean we _must_ remove it: announcing deprecations early helps
users migrate away from features we do not intent to support in
future.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-20 11:52:06 +01:00
Sebastiaan van Stijn 99443274b1
Include deprecation policy on deprecated features page
This section was included on a page on docs.docker.com, but not linked
in the navigation. Putting the section on the deprecated features page
to be sure they can be found together.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-20 11:04:02 +01:00
Sebastiaan van Stijn c84f95815d
Remove deprecated docker search --automated and --stars flags
The `docker search --automated` and `docker search --stars` options were
deprecated in release v1.12.0, and scheduled for removal in v17.09.

This patch removes the deprecated flags, in favor of their equivalent
`--filter` options (`docker search --filter=is-automated=<true|false>` and
`docker search --filter=stars=...`).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-13 17:19:54 +01:00
Sebastiaan van Stijn 491c819a90
deprecated: use of reserved namespaces for engine labels
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-13 14:42:42 +01:00
Silvin Lubecki b52debd931
Merge pull request #2323 from thaJeztah/remove_deprecated_filters_opt
docs: update deprecation status of "filter" option
2020-02-11 18:01:39 +01:00
Sebastiaan van Stijn 58c76291ca
docs: update deprecation status of "filter" option
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 17:24:52 +01:00
Silvin Lubecki fc1d789a5e
Merge pull request #2322 from thaJeztah/update_legacy_registry_deprecation
docs: update deprecated status for --disable-legacy-registry
2020-02-10 17:23:36 +01:00
Sebastiaan van Stijn 73c9a44d58
docs: update deprecated status for --disable-legacy-registry
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 16:52:21 +01:00
Sebastiaan van Stijn 74677110d2
docs: update deprecation status of "engine *" commands, and dab files
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 16:40:11 +01:00
Sebastiaan van Stijn d4c0de2719
docs: add status table to "deprecated.md"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 15:07:41 +01:00
Sebastiaan van Stijn e8c2dba697
docs: mark deprecation of "docker engine" subcommands
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 15:06:20 +01:00
Sebastiaan van Stijn c7aca08497
docs: mark deprecation of "dab" files and top-level "deploy" subcommand
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 15:05:09 +01:00
Sebastiaan van Stijn b6875ad690
docs: sort "deprecated.md" by deprecation release
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 15:03:42 +01:00
Sebastiaan van Stijn 672c00e1cc
docs: update some release-versions in "deprecated.md"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 14:28:35 +01:00
Sebastiaan van Stijn c3092d9408
docs: minor touch-ups in "deprecated.md"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-10 14:27:22 +01:00
Sebastiaan van Stijn c8e9233b93
Deprecate AuFS storage driver
The `aufs` storage driver is deprecated in favor of `overlay2`, and will
be removed in a future release. Users of the `aufs` storage driver are
recommended to migrate to a different storage driver, such as `overlay2`, which
is now the default storage driver.

The `aufs` storage driver facilitates running Docker on distros that have no
support for OverlayFS, such as Ubuntu 14.04 LTS, which originally shipped with
a 3.14 kernel.

Now that Ubuntu 14.04 is no longer a supported distro for Docker, and `overlay2`
is available to all supported distros (as they are either on kernel 4.x, or have
support for multiple lowerdirs backported), there is no reason to continue
maintenance of the `aufs` storage driver.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-02 17:35:00 +02:00
Andrew Hsu 8b4e52f0bf
deprecate registry v2 schema 1
Co-Authored-By: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-24 23:04:27 +02:00
Sebastiaan van Stijn 662441ba31
Deprecate "devicemapper" storage driver.
The `devicemapper` storage driver is deprecated in favor of `overlay2`, and will
be removed in a future release. Users of the `devicemapper` storage driver are
recommended to migrate to a different storage driver, such as `overlay2`, which
is now the default storage driver.

The `devicemapper` storage driver facilitates running Docker on older (3.x) kernels
that have no support for other storage drivers (such as overlay2, or AUFS).

Now that support for `overlay2` is added to all supported distros (as they are
either on kernel 4.x, or have support for multiple lowerdirs backported), there
is no reason to continue maintenance of the `devicemapper` storage driver.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-17 17:59:42 +02:00
Sebastiaan van Stijn 8bc2aa45a6
Deprecate legacy overlay storage driver
The `overlay` storage driver is deprecated in favor of the `overlay2` storage
driver, which has all the benefits of `overlay`, without its limitations (excessive
inode consumption). The legacy `overlay` storage driver will be removed in a future
release. Users of the `overlay` storage driver should migrate to the `overlay2`
storage driver.

The legacy `overlay` storage driver allowed using overlayFS-backed filesystems
on pre 4.x kernels. Now that all supported distributions are able to run `overlay2`
(as they are either on kernel 4.x, or have support for multiple lowerdirs
backported), there is no reason to keep maintaining the `overlay` storage driver.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-09 18:27:42 +02:00
Alex Mayer 2b0fdd0f17 Docs: Add Spaces Around Parenthesis Where Needed
Signed-off-by: Alex Mayer <amayer5125@gmail.com>
2018-09-28 17:40:22 -04:00
Ying Li 7470d460f6 Document that reserved namespaces org.docker.*, io.docker.*, and
org.dockerproject.* in engine labels are now deprecated.

Signed-off-by: Ying Li <ying.li@docker.com>
2018-05-16 14:06:37 -07:00
Sebastiaan van Stijn 1a21ca12a6
Updated deprecation status for "repository:shortid"
The `repository:shortid` syntax for referencing images is very little used,
collides with with tag references can be confused with digest references.

The `repository:shortid` notation was deprecated in Docker 1.13, and scheduled
for removal in Docker 17.12.

This patch updates the deprecation status for this feature.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-12-14 14:23:17 -08:00
Sebastiaan van Stijn a119e39f0c
Update docs and completion-scripts for deprecated features
- the `--disable-legacy-registry` daemon flag was removed
- duplicate keys with conflicting values for engine labels
  now produce an error instead of a warning.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-12-12 17:09:38 -08:00
Sebastiaan van Stijn c6a3199236
Remove deprecated "daemon" subcommand
The `docker daemon` subcommand was only present for
backward compatibility, but deprecated in v1.13,
and scheduled for removal in v17.12

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-11-13 19:01:35 +01:00
John Mulhausen 4a5db8d27e
Removing titles from md files
Signed-off-by: John Mulhausen <john@docker.com>
2017-10-13 15:24:06 -07:00
Harald Albers 20d9ceca78 Update deprecation for synchronous service updates
- The default was not changed in 17.09 but will be in 17.10
- `service scale` and `service rollback` are also affected.

Signed-off-by: Harald Albers <github@albersweb.de>
2017-10-07 14:28:56 +02:00
Frieder Bluemle 45c9b9b6c1
Fix GitHub spelling
Signed-off-by: Frieder Bluemle <frieder.bluemle@gmail.com>
2017-10-05 01:14:31 +08:00
Sebastiaan van Stijn 139fcd3ee9 Merge pull request #524 from thaJeztah/update-deprecated-api-cors
Update deprecated.md for "api-enable-cors"
2017-09-18 21:37:08 +02:00