Commit Graph

1071 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 8efbfcce25 cli/command: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3f7e7bf9d2)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 03d93a93c3 cli/command/volume: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit cca73bff41)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 65e4b0e2b3 cli/command/trust: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b5dce3c9e6)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:58 -05:00
Sebastiaan van Stijn 3d4a0c1612 cli/command/system: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e0299ff862)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn b5cd20f67a cli/command/swarm: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 78cb61c61c)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 7c6baba23b cli/command/stack: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d59330f40d)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn b061531f8c cli/command/service: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d1f26de646)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 65893236e0 cli/command/secret: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c558df7ced)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 0dfc5567bc cli/command/registry: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3b3a0b898f)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn d06eafc516 cli/command/plugin: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f61aab59f7)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 22300128ca cli/command/node: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9bdeb09ae9)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 4f3c38a7d9 cli/command/context: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f28c063e2f)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 5237d943a8 cli/command/manifest: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 43795ec8f7)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 5c97f5c918 cli/command/image: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d14b5bff80)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn 8d0c8ef081 cli/command/context: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 76b47359cb)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn b4d152f7ad cli/command/container: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e946bf0804)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn 54b7933016 cli/command/config: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bc1790c5c2)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn 0a3d9c3e14 cli/command/checkpoint: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8dc53344e0)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Paweł Gronowski b309569bc6
cli/rm_test: Fix TestRemoveForce race condition
Synchronize append on the `removed` slice with mutex because
containerRemoveFunc is called in parallel for each removed container by
`container rm` cli command.
Also reduced the shared access area by separating the scopes of test
cases.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit b811057181)
2023-01-04 11:14:14 +01:00
Sebastiaan van Stijn 6b25bc3003
fix race condition in TestRemoveForce
This test uses two subtests that were sharing the same variable.
Subtests run in a goroutine, which could lead to them concurrently
accessing the variable, resulting in a panic:

    === FAIL: cli/command/container TestRemoveForce/without_force (0.00s)
    Error: Error: No such container: nosuchcontainer
        --- FAIL: TestRemoveForce/without_force (0.00s)
    panic: runtime error: invalid memory address or nil pointer dereference [recovered]
    	panic: runtime error: invalid memory address or nil pointer dereference
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x40393f]
    goroutine 190 [running]:
    testing.tRunner.func1.2({0xb76380, 0x124c9a0})
    	/usr/local/go/src/testing/testing.go:1389 +0x24e
    testing.tRunner.func1()
    	/usr/local/go/src/testing/testing.go:1392 +0x39f
    panic({0xb76380, 0x124c9a0})
    	/usr/local/go/src/runtime/panic.go:838 +0x207
    sort.StringSlice.Less(...)
    	/usr/local/go/src/sort/sort.go:319
    sort.insertionSort({0xd87380, 0xc00051b3b0}, 0x0, 0x2)
    	/usr/local/go/src/sort/sort.go:40 +0xb1
    sort.quickSort({0xd87380, 0xc00051b3b0}, 0x18?, 0xb4f060?, 0xc000540e01?)
    	/usr/local/go/src/sort/sort.go:222 +0x171
    sort.Sort({0xd87380, 0xc00051b3b0})
    	/usr/local/go/src/sort/sort.go:231 +0x53
    sort.Strings(...)
    	/usr/local/go/src/sort/sort.go:335
    github.com/docker/cli/cli/command/container.TestRemoveForce.func2(0xc0005389c0?)
    	/go/src/github.com/docker/cli/cli/command/container/rm_test.go:36 +0x125
    testing.tRunner(0xc00053e4e0, 0xc00051b140)
    	/usr/local/go/src/testing/testing.go:1439 +0x102
    created by testing.(*T).Run
    	/usr/local/go/src/testing/testing.go:1486 +0x35f
    === FAIL: cli/command/container TestRemoveForce (0.00s)

This patch changes the test to use to separate variables.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9688f62d20)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-26 13:47:31 +02:00
Sebastiaan van Stijn 2f7e84be65
linting: fix incorrectly formatted errors (revive)
cli/compose/interpolation/interpolation.go:102:4: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                "invalid interpolation format for %s: %#v. You may need to escape any $ with another $.",
                ^

    cli/command/stack/loader/loader.go:30:30: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                return nil, errors.Errorf("Compose file contains unsupported options:\n\n%s\n",
                                          ^

    cli/command/formatter/formatter.go:76:30: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return tmpl, errors.Errorf("Template parsing error: %v\n", err)
                                       ^

    cli/command/formatter/formatter.go:97:24: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return errors.Errorf("Template parsing error: %v\n", err)
                                 ^

    cli/command/image/build.go:257:25: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                return errors.Errorf("error checking context: '%s'.", err)
                                     ^

    cli/command/volume/create.go:35:27: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                        return errors.Errorf("Conflicting options: either specify --name or provide positional arg, not both\n")
                                             ^

    cli/command/container/create.go:160:24: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return errors.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
                                 ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4ab70bf61e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:48 +02:00
Sebastiaan van Stijn e628209d9b
linting: ignore some "G101: Potential hardcoded credentials" warnings
cli/config/credentials/native_store.go:10:2: G101: Potential hardcoded credentials (gosec)
        remoteCredentialsPrefix = "docker-credential-"
        ^
    cli/command/service/opts.go:917:2: G101: Potential hardcoded credentials (gosec)
        flagCredentialSpec          = "credential-spec"
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d7c1fb9112)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:38 +02:00
Sebastiaan van Stijn 80a3add604
cli/command/container: unnecessary use of fmt.Sprintf (gosimple)
cli/command/container/formatter_stats.go:184:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:191:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("-- / --")
                   ^
    cli/command/container/formatter_stats.go:201:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:184:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:191:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("-- / --")
                   ^
    cli/command/container/formatter_stats.go:201:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5a65aadd8d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:29 +02:00
Sebastiaan van Stijn 80f673bf9e
gofmt with go1.17
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a0f0578299)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-14 16:40:46 +02:00
Sebastiaan van Stijn 82f9d5921b
info: skip client-side warning about seccomp profile on API >= 1.42
This warning will be moved to the daemon-side, similar to how it returns
other warnings. There's work in progress to change the name of the default
profile, so we may need to backport this change to prevent existing clients
from printing an incorrect warning if they're connecting to a newer daemon.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8964595692)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-11 16:38:53 +02:00
Sebastiaan van Stijn 893e52cf4b
Merge pull request #2 from moby/cli-ghsa-99pg-grm5-qq3v-default-authconfig-20.10
[20.10] registry: ensure default auth config has address
2021-09-09 20:40:54 +02:00
Samuel Karp 42d1c02750
registry: ensure default auth config has address
Signed-off-by: Samuel Karp <skarp@amazon.com>
2021-07-29 19:57:58 -07:00
Sebastiaan van Stijn 6288e8b1ac
change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test
Golang uses a `sync.Once` when determining the proxy to use. This means
that it's not possible to test the proxy configuration in unit tests,
because the proxy configuration will be "fixated" the first time Golang
detects the proxy configuration.

This patch changes TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e
test so that we can verify the CLI picks up the proxy configuration.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 40c6b117e7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:11:10 +02:00
Sebastiaan van Stijn c98e9c47ca
Use designated test domains (RFC2606) in tests
Some tests were using domain names that were intended to be "fake", but are
actually registered domain names (such as mycorp.com).

Even though we were not actually making connections to these domains, it's
better to use domains that are designated for testing/examples in RFC2606:
https://tools.ietf.org/html/rfc2606

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f3886f354a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:10:38 +02:00
Sebastiaan van Stijn 8437cfefae
context: deprecate support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 15535d4594)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 15:48:11 +02:00
Mathieu Champlon 1d37fb3027
Deprecate Kubernetes context support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
(cherry picked from commit a033cdf515)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:36:33 +02:00
Mathieu Champlon 0793f96394
Deprecate Kubernetes stack support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
(cherry picked from commit c05f0f5957)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:36:31 +02:00
David Scott 2945ba4f7a
Ignore SIGURG on Darwin too
This extends #2929 to Darwin as well as Linux.

Running the example in https://github.com/golang/go/issues/37942
I see lots of:
```
dave@m1 sigurg % uname -ms
Darwin arm64

dave@m1 sigurg % go run main.go
received urgent I/O condition: 2021-05-21 16:03:03.482211 +0100 BST m=+0.014553751
received urgent I/O condition: 2021-05-21 16:03:03.507171 +0100 BST m=+0.039514459
```

Signed-off-by: David Scott <dave@recoil.org>
(cherry picked from commit cedaf44ea2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:38:46 +02:00
Sebastiaan van Stijn 032e485e1c
ForwardAllSignals: check if channel is closed, and remove warning
Commit fff164c22e modified ForwardAllSignals to
take `SIGURG` signals into account, which can be generated by the Go runtime
on Go 1.14 and up as an interrupt to support pre-emptable system calls on Linux.

With the updated code, the signal (`s`) would sometimes be `nil`, causing spurious
(but otherwise harmless) warnings to be printed;

    Unsupported signal: <nil>. Discarding.

To debug this issue, I patched v20.10.4 to handle `nil`, and added a debug line
to print the signal in all cases;

```patch
diff --git a/cli/command/container/signals.go b/cli/command/container/signals.go
index 06e4d9eb6..0cb53ef06 100644
--- a/cli/command/container/signals.go
+++ b/cli/command/container/signals.go
@@ -22,8 +22,9 @@ func ForwardAllSignals(ctx context.Context, cli command.Cli, cid string, sigc <-
                case <-ctx.Done():
                        return
                }
+               fmt.Fprintf(cli.Err(), "Signal: %v\n", s)

               if s == signal.SIGCHLD || s == signal.SIGPIPE {
```

When running a cross-compiled macOS binary with Go 1.13 (`make -f docker.Makefile binary-osx`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    ^CSignal: interrupt
    Cloning into 'getting-started'...
    error: could not lock config file /git/getting-started/.git/config: No such file or directory
    fatal: could not set 'core.repositoryformatversion' to '0'
    Signal: <nil>
    Signal: <nil>

When running a macOS binary built with Go 1.15 (`DISABLE_WARN_OUTSIDE_CONTAINER=1 make binary`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    # this is the same as on Go 1.13
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    ^CSignal: interrupt
    Signal: urgent I/O condition
    Signal: urgent I/O condition
    fatal: --stdin requires a git repository
    fatal: index-pack failed
    Signal: <nil>
    Signal: <nil>

This patch checks if the channel is closed, and removes the warning (to prevent warnings if new
signals are added that are not in our known list of signals)

We should also consider updating `notfiyAllSignals()`, which currently forwards
_all_ signals (`signal.Notify(sigc)` without passing a list of signals), and
instead pass it "all signals _minus_ the signals we don't want forwarded":
35f023a7c2/cli/command/container/signals.go (L55)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9342ec6b71)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:36:29 +02:00
Brian Goff 88de81ff21
Fix `docker start` blocking on signal handling
We refactorted `ForwardAllSignals` so it blocks but did not update the
call in `start` to call it in a goroutine.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit e1a7517514)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:35:59 +02:00
Sebastiaan van Stijn 706ca7985b
Revert "[20.10] Revert "Ignore SIGURG on Linux.""
This reverts commit f33a69f6ee.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:30:31 +02:00
Akihiro Suda 12e2f94eba
printServerWarningsLegacy: silence "No oom kill disable support" on cgroup v2
The warning should be ignored on cgroup v2 hosts.

Relevant: 8086443a44

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 05ec0188fa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-18 23:54:39 +02:00
Akihiro Suda 00755d7dba
printServerWarningsLegacy: silence "No kernel memory limit support"
The kernel memory limit is deprecated in Docker 20.10.0,
and its support was removed in runc v1.0.0-rc94.
So, this warning can be safely removed.

Relevant: b8ca7de823

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 731f52cfe8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-18 23:54:36 +02:00
Sebastiaan van Stijn f33a69f6ee
[20.10] Revert "Ignore SIGURG on Linux."
This reverts commit 3c87f01b18.

This commit introduced two regressions;

- spurious "Unsupported signal: <nil>. Discarding."
- docker start --attach hanging if the container does not
  have a TTY attached

Reverting for now, while we dug deeper into what's causing
the regression.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-01 20:56:18 +01:00
Silvin Lubecki 433014bcfb
Merge pull request #2959 from thaJeztah/20.10_backport_fix_login_panic
[20.10 backport] Fix panic when failing to get DefaultAuthConfig
2021-02-18 12:02:41 +01:00
Silvin Lubecki 61cb016851
Merge pull request #2961 from thaJeztah/20.10_backport_fix_context_dockerfile_from_stdin_with_buildkit
[20.10 backport] Fix reading context and dockerfile from stdin with BuildKit
2021-02-18 12:02:09 +01:00
Silvin Lubecki 830d6595e7
Merge pull request #2963 from thaJeztah/20.10_backport_fix_update_rollback_order
[20.10 backport] fix --update-order and --rollback-order flags
2021-02-18 11:58:23 +01:00
Silvin Lubecki 13048444cc
Merge pull request #2964 from thaJeztah/20.10_backport_fix_swarm_rollback_exitcode
[20.10 backport] Fix swarm rollback exitcode, and fix skipping verify step
2021-02-18 11:55:40 +01:00
Sebastiaan van Stijn d6eeeb6259
service rollback: always verify state
Prior to this change, progressbars would sometimes be hidden, and the function
would return early. In addition, the direction of the progressbars would sometimes
be "incrementing" (similar to "docker service update"), and sometimes be "decrementing"
(to indicate a "rollback" is being performed).

This fix makes sure that we always proceed with the "verifying" step, and now
prints a message _after_ the verifying stage was completed;

    $ docker service rollback foo
    foo
    overall progress: rolling back update: 5 out of 5 tasks
    1/5: running   [>                                                  ]
    2/5: starting  [===========>                                       ]
    3/5: starting  [===========>                                       ]
    4/5: running   [>                                                  ]
    5/5: running   [>                                                  ]
    verify: Service converged
    rollback: rollback completed

    $ docker service rollback foo
    foo
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged
    rollback: rollback completed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 104469be0b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 14:55:51 +01:00
Sebastiaan van Stijn 3e157d5293
docker service rollback: fix non-zero exit code in some cases
Before this change:
--------------------------------------------

    $ docker service create --replicas=1 --name foo -p 8080:80 nginx:alpine
    t33qvykv8y0zbz266rxynsbo3
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service update --replicas=5 foo
    foo
    overall progress: 5 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ echo $?
    1

After this change:
--------------------------------------------

    $ docker service create --replicas=1 --name foo -p 8080:80 nginx:alpine
    t33qvykv8y0zbz266rxynsbo3
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service update --replicas=5 foo
    foo
    overall progress: 5 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    verify: Waiting 1 seconds to verify that tasks are stable...

    $ echo $?
    0

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ echo $?
    0

    $ docker service ps foo
    ID             NAME      IMAGE          NODE             DESIRED STATE   CURRENT STATE           ERROR     PORTS
    4dt4ms4c5qfb   foo.1     nginx:alpine   docker-desktop   Running         Running 2 minutes ago

Remaining issues with reconciliation
--------------------------------------------

Note that both before, and after this change, the command sometimes terminates
early, and does not wait for the service to reconcile; this is most apparent
when rolling back is scaling up (so more tasks are deployed);

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 5 tasks
    1/5: pending   [=================================>                 ]
    2/5: running   [>                                                  ]
    3/5: pending   [=================================>                 ]
    4/5: pending   [=================================>                 ]
    5/5: pending   [=================================>                 ]
    service rolled back: rollback completed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ce26a165b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 14:55:49 +01:00
Jim Lin 1fdf84b8e9
fix --update-order and --rollback-order flags
Signed-off-by: Jim Lin <b04705003@ntu.edu.tw>
(cherry picked from commit 26a6a724aa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 14:53:34 +01:00
Alexey Igrychev 0de4e6e9a7
Fix reading context and dockerfile from stdin with BuildKit
Signed-off-by: Alexey Igrychev <alexey.igrychev@flant.com>
(cherry picked from commit fc9ca9a94a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 14:48:19 +01:00
Brian Goff 3c87f01b18
Ignore SIGURG on Linux.
In go1.14+, SIGURG is used by the runtime to handle preemtable system
calls.
In practice this signal caught *frequently*.

For reference:

https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md
https://github.com/golang/go/issues/37942

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit fff164c22e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 14:44:39 +01:00
Sebastiaan van Stijn de40c2b172
Fix panic when failing to get DefaultAuthConfig
Commit f32731f902 fixed a potential panic
when an error was returned while trying to get existing credentials.

However, other code paths currently use the result of `GetDefaultAuthConfig()`
even in an error condition; this resulted in a panic, because a `nil` was
returned.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c2820a7e3b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 14:42:06 +01:00
Tibor Vass 48d30b5b32 Use golang.org/x/sys/execabs
On Windows, the os/exec.{Command,CommandContext,LookPath} functions
resolve command names that have neither path separators nor file extension
(e.g., "git") by first looking in the current working directory before
looking in the PATH environment variable.
Go maintainers intended to match cmd.exe's historical behavior.

However, this is pretty much never the intended behavior and as an abundance of precaution
this patch prevents that when executing commands.
Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`.

Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`,
the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker.

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 8d199d5bba)
Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-28 22:27:59 +00:00