Commit Graph

9455 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 261c18f9ee
ParseRestartPolicy: validate for missing policy-names
Also make it slightly more clearer we're returning a default (empty)
policy if the input is empty.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 12:58:54 +02:00
Sebastiaan van Stijn 3d2aac6a0d
docs/reference: run.md: remove stray whitespace
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 12:22:22 +02:00
Sebastiaan van Stijn dfca19a796
Merge pull request #4510 from thaJeztah/info_cdi_dirs
info: add CDI spec directories to output
2023-08-28 12:19:16 +02:00
Sebastiaan van Stijn 4cce7bb2fc
rewrite TestParseRestartPolicy to use sub-tests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 11:58:42 +02:00
Sebastiaan van Stijn 42ac5d4bf9
force TestNewHistoryCommandSuccess to use UTC timezone
This test was skipped if the host was not using UTC timezone, because the output
of timestamps would be different, causing the test to fail.

This patch overrides the TZ env-var to make the test use UTC, so that we don't
have to skip the test.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 10:43:21 +02:00
Sebastiaan van Stijn fcb2b7920e
Merge pull request #3781 from imjasonh/history-test
un-skip history test and fix golden mismatches
2023-08-28 10:35:23 +02:00
Sebastiaan van Stijn 17f4c8259b
update cli-docs-tool to v0.6.0
release notes: https://github.com/docker/cli-docs-tool/releases/tag/v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 01:58:58 +02:00
Sebastiaan van Stijn 39296a9b19
Merge pull request #4524 from thaJeztah/docs_update_golang_links
docs, man, contribute: update links to go documentation, and use https where available
2023-08-25 17:22:47 +02:00
Sebastiaan van Stijn 6f80b0b302
Merge pull request #4526 from struharv/4521-manpages-adding-c-option
adding -c option for docker run/build in manpages
2023-08-25 17:09:34 +02:00
Vaclav Struhar be219b3172 adding -c option for docker run/build in manpages
Signed-off-by: Vaclav Struhar <struharv@gmail.com>
2023-08-25 15:06:16 +02:00
Sebastiaan van Stijn 273f2cd95e
cli/command/manifest: update link to Go documentation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 14:12:45 +02:00
Sebastiaan van Stijn 722e3aae4f
man: update links to Go documentation
Go documentation moved to the `go.dev` domain;

    curl -sI https://golang.org/doc/install/source#environment | grep 'location'
    location: https://go.dev/doc/install/source

Also updated some links to use https, where available.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 14:11:18 +02:00
Sebastiaan van Stijn dc4feccb89
docs/reference: update links to Go documentation
Go documentation moved to the `go.dev` domain;

    curl -sI https://golang.org/doc/install/source#environment | grep 'location'
    location: https://go.dev/doc/install/source

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 14:10:40 +02:00
Sebastiaan van Stijn 1d3af726eb
CONTRIBUTING.md: update links
- docs moved to https://go.dev/doc/
- blog moved to https://go.dev/blog/
- update DCO link to use https

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 14:09:07 +02:00
Sebastiaan van Stijn af05a68828
Dockerfile: use COPY --link where possible
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-25 01:56:35 +02:00
Sebastiaan van Stijn 41183c2c92
Merge pull request #4514 from thaJeztah/patternmatcher_dockerignore
replace dockerfile/dockerignore with patternmatcher/ignorefile
2023-08-23 13:53:41 +02:00
Sebastiaan van Stijn c7a3a307be
Merge pull request #4516 from thaJeztah/cgroup_parent_description
update flag-description for --cgroup-parent
2023-08-23 13:53:17 +02:00
Sebastiaan van Stijn 3d11292731
Merge pull request #4505 from guss77/docker-cli-slows-bash-init
Docker cli slows bash init
2023-08-23 13:30:58 +02:00
Oded Arbel 1da67be9ca Stop slowing bash init by caching plugins path slowly
Fixes issue #3889 by only loading docker plugins path when needed: if it is fast enough than it shouldn't be a problem to do this on demand; OTOH if it is slow then we shouldn't do this during *every* bash session initialization, regardless if docker completion will be needed or not.

Signed-off-by: Oded Arbel <oded@geek.co.il>
2023-08-23 13:40:29 +03:00
Sebastiaan van Stijn 5bff12354d
replace dockerfile/dockerignore with patternmatcher/ignorefile
The BuildKit dockerignore package was migrated to the patternmatcher
repository / module. This patch updates our uses of the BuildKit package
with its new location.

A small local change was made to keep the format of the existing error message,
because the "ignorefile" package is slightly more agnostic in that respect
and doesn't include ".dockerignore" in the error message.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 12:09:12 +02:00
Sebastiaan van Stijn 55ff9e6093
vendor: github.com/moby/patternmatcher v0.6.0
- integrate frontend/dockerfile/dockerignore from buildkit

full diff: https://github.com/moby/patternmatcher/compare/v0.5.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 12:09:12 +02:00
Sebastiaan van Stijn b3f82071e2
Merge pull request #4506 from thaJeztah/lazy_ping
cmd/docker: areFlagsSupported: don't Ping if not needed
2023-08-23 11:46:59 +02:00
Sebastiaan van Stijn e050312e6d
update flag-description for --cgroup-parent
This attempts to make it clearer that the --cgroup-parent option is only used
for the containers used during build. Instead of mentioning "build container",
I opted for using "RUN instructions" (to match the --network description),
although this may not be ideal (as it assumes the "Dockerfile" front-end, which
of course may not be the case).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 11:39:32 +02:00
Sebastiaan van Stijn 17df150321
Merge pull request #4511 from thaJeztah/manifest_token_actions
cli/registry/client: set actions when authn with token
2023-08-22 17:57:56 +02:00
Sebastiaan van Stijn d2047b954e
cli/registry/client: set actions when authn with token
When using a personal access token, Docker Hub produces an error if actions
are requested beyond the token's allowed actions. This resulted in errors
when using a PAT with limited permissions to do a "docker manifest inspect".

This patch sets actions to "pull" only by default, and requests "push" action
for requests that need it.

To verify:

- create a PAT with limited access (read-only)
- log in with your username and the PAT as password

Before this patch:

    docker manifest inspect ubuntu:latest
    Get "https://registry-1.docker.io/v2/library/ubuntu/manifests/latest": unauthorized: access token has insufficient scopes

With this patch applied:

    docker manifest inspect ubuntu:latest
    {
       "schemaVersion": 2,
       "mediaType": "application/vnd.oci.image.index.v1+json",
       "manifests": [
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:56887c5194fddd8db7e36ced1c16b3569d89f74c801dc8a5adbf48236fb34564",
             "platform": {
                "architecture": "amd64",
                "os": "linux"
             }
          },
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:c835a4f2a632bc91a2b494e871549f0dd83f2966c780e66435774e77e048ddf0",
             "platform": {
                "architecture": "arm",
                "os": "linux",
                "variant": "v7"
             }
          }
       ]
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 17:29:04 +02:00
Sebastiaan van Stijn 1c2cc4bbe3
info: add CDI spec directories to output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 14:05:07 +02:00
Sebastiaan van Stijn bb57783ab8
cmd/docker: areFlagsSupported: don't Ping if not needed
This is a similar fix as 006c946389, which
fixed this for detection of commands that were executed. Make sure we don't
call the "/_ping" endpoint if we don't need to.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 09:34:09 +02:00
Bjorn Neergaard cdabfa2aa5
Merge pull request #4497 from edmorley/improve-pruning-docs
Update docs/command output for volume pruning
2023-08-17 07:01:59 -06:00
Bjorn Neergaard 3dbf1af2ea
Merge pull request #4478 from rumpl/feat-pat-suggest
login: Add message about using PATs
2023-08-16 07:23:13 -06:00
Ed Morley 6e2e92d774
Update docs/command output for volume pruning
In previous versions of the Docker API, `system prune --volumes` and `volume prune`
would remove all dangling volumes. With API v1.42, this was changed so that only
anonymous volumes would be removed unless the all filter was specified.

Some of the docs were updated in #4218, however, there were a couple of places
left that didn't make the anonymous vs named volumes distinction clear.

This replaces #4079, which was bitrotted by #4218. See also #4028.

Closes #4079.

Signed-off-by: Ed Morley <501702+edmorley@users.noreply.github.com>
2023-08-12 14:22:23 +01:00
Sebastiaan van Stijn 9bd5ec504a
Merge pull request #4413 from thaJeztah/deprecate_is_autobuild
search: deprecate "is-automated" filter and "IsAutomated" field
2023-08-09 14:51:06 +02:00
Sebastiaan van Stijn 4fc3f0e6f6
search: deprecate "is-automated" filter and "IsAutomated" field
The IsAutomated field is being deprecated by Docker Hub's search API and
will always be "false" in future.

This patch:

- Deprecates the field and the related "is-automated" filter
- Removes the "AUTOMATED" column from the default output of "docker search"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-09 12:11:05 +02:00
Sebastiaan van Stijn 53671c2fef
Merge pull request #4488 from thaJeztah/registry_test_cleanups
cli/command/registry: cleanup "search" and "login" tests
2023-08-09 12:04:54 +02:00
Sebastiaan van Stijn 0c5eb94eb1
Merge pull request #4412 from thaJeztah/auth_use_config
cli/command: ResolveAuthConfig, GetDefaultAuthConfig: take ConfigFile as arg
2023-08-08 22:01:13 +02:00
Sebastiaan van Stijn 69dcccf5b6
Merge pull request #4399 from dvdksn/docs/host-gateway
docs: document special host-gateway value for add-host
2023-08-08 21:04:47 +02:00
David Karlsson 299925f4c3 docs: document special host-gateway value for add-host
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-08-08 17:37:44 +02:00
Sebastiaan van Stijn d1c04fb0f8
Merge pull request #4448 from thaJeztah/docs_add_DOCKER_TLS
docs: add missing docs for "DOCKER_TLS" env-var
2023-08-08 17:37:24 +02:00
Sebastiaan van Stijn 211220cbb0
cli/command: ResolveAuthConfig, GetDefaultAuthConfig: take ConfigFile as arg
Both these functions took the whole DockerCLI as argument, but only needed
the ConfigFile. ResolveAuthConfig also had an unused context.Context as
argument.

This patch updates both functions to accept a ConfigFile, and removes the
unused context.Context.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:35:16 +02:00
Sebastiaan van Stijn 57f0e46de1
cli/command/registry: cleanup login tests
- use consts for fixed values, and rename some for clarity
- remove testAuthErrors map and inline the logic (same as we do for other cases)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:32:03 +02:00
Sebastiaan van Stijn 84c956a171
cli/command/registry: cleanup search tests
- TestSearchContext: don't use un-keyed structs
- TestSearchContext: don't use CompareMultipleValues as it was not needed
- TestSearchContextDescription: don't use un-keyed structs
- TestSearchContextDescription: don't use CompareMultipleValues as it was not needed
- TestSearchContextWrite: don't use un-keyed structs, and include the
  code-comments into the test-table as names for the tests to give them
  some context.
- TestSearchContextWriteJSON and TestSearchContextWriteJSONField were not
  validating the output format, but validating if the JSON output could
  be marshalled back to a struct. Let's just role them into TestSearchContextWrite.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:32:03 +02:00
Sebastiaan van Stijn dc1359230f
Merge pull request #4485 from thaJeztah/update_engine
vendor: github.com/docker/docker 4b19b2f4babd (25.0-dev)
2023-08-08 17:29:41 +02:00
Sebastiaan van Stijn 3d0b14c3e3
vendor: github.com/docker/docker 4b19b2f4babd (25.0-dev)
full diff: dab9ffb252...4b19b2f4ba

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 09:41:47 +02:00
Sebastiaan van Stijn f38870e68a
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230713153928-bc71908479e5
full diff: 6f78b8199b...bc71908479

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-07 20:26:45 +02:00
Sebastiaan van Stijn a53b03520f
vendor: github.com/opencontainers/image-spec v1.1.0-rc4
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0-rc3...v1.1.0-rc4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-07 20:26:29 +02:00
Djordje Lukic 8d51f36ca3
login: Add message about using PATs
Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2023-08-03 10:35:04 +02:00
Sebastiaan van Stijn 06de1f8d2c
Merge pull request #4474 from thaJeztah/update_go1.20.7
update to go1.20.7
2023-08-02 11:50:28 +02:00
Sebastiaan van Stijn 6517db9398
update to go1.20.7
Includes a fix for CVE-2023-29409

go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls
package, as well as bug fixes to the assembler and the compiler. See the
Go 1.20.7 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.6...go1.20.7

From the mailing list announcement:

[security] Go 1.20.7 and Go 1.19.12 are released

Hello gophers,

We have just released Go versions 1.20.7 and 1.19.12, minor point releases.

These minor releases include 1 security fixes following the security policy:

- crypto/tls: restrict RSA keys in certificates to <= 8192 bits

  Extremely large RSA keys in certificate chains can cause a client/server
  to expend significant CPU time verifying signatures. Limit this by
  restricting the size of RSA keys transmitted during handshakes to <=
  8192 bits.

  Based on a survey of publicly trusted RSA keys, there are currently only
  three certificates in circulation with keys larger than this, and all
  three appear to be test certificates that are not actively deployed. It
  is possible there are larger keys in use in private PKIs, but we target
  the web PKI, so causing breakage here in the interests of increasing the
  default safety of users of crypto/tls seems reasonable.

  Thanks to Mateusz Poliwczak for reporting this issue.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 23:52:56 +02:00
Sebastiaan van Stijn bb0e232605
Merge pull request #4470 from thaJeztah/bump_containerd_1.6.22
vendor: github.com/containerd/containerd v1.6.22
2023-08-01 16:25:47 +02:00
Sebastiaan van Stijn 373fa57edc
vendor: github.com/containerd/containerd v1.6.22
- full diff: https://github.com/containerd/containerd/compare/v1.6.21...v1.6.22
- release notes: https://github.com/containerd/containerd/releases/tag/v1.6.22

---

Notable Updates

- RunC: Update runc binary to v1.1.8
- CRI: Fix `additionalGids`: it should fallback to `imageConfig.User`
  when `securityContext.RunAsUser`, `RunAsUsername` are empty
- CRI: Write generated CNI config atomically
- Fix concurrent writes for `UpdateContainerStats`
- Make `checkContainerTimestamps` less strict on Windows
- Port-Forward: Correctly handle known errors
- Resolve `docker.NewResolver` race condition
- SecComp: Always allow `name_to_handle_at`
- Adding support to run hcsshim from local clone
- Pinned image support
- Runtime/V2/RunC: Handle early exits w/o big locks
- CRITool: Move up to CRI-TOOLS v1.27.0
- Fix cpu architecture detection issue on emulated ARM platform
- Task: Don't `close()` io before `cancel()`
- Fix panic when remote differ returns empty result
- Plugins: Notify readiness when registered plugins are ready
- Unwrap io errors in server connection receive error handling

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-30 16:08:28 +02:00
Sebastiaan van Stijn a63f5606a6
Merge pull request #4469 from thaJeztah/bump_gotest_tools
vendor: gotest.tools/v3 v3.5.0
2023-07-30 15:57:34 +02:00