Commit Graph

1383 Commits

Author SHA1 Message Date
Sebastiaan van Stijn fc37f52414 cli/config: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 71575ab3b5)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 38e86531d6 cli/compose: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b9f0340b68)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 8efbfcce25 cli/command: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3f7e7bf9d2)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 03d93a93c3 cli/command/volume: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit cca73bff41)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 65e4b0e2b3 cli/command/trust: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b5dce3c9e6)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:58 -05:00
Sebastiaan van Stijn 3d4a0c1612 cli/command/system: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e0299ff862)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn b5cd20f67a cli/command/swarm: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 78cb61c61c)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 7c6baba23b cli/command/stack: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d59330f40d)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn b061531f8c cli/command/service: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d1f26de646)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 65893236e0 cli/command/secret: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c558df7ced)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 0dfc5567bc cli/command/registry: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3b3a0b898f)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn d06eafc516 cli/command/plugin: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f61aab59f7)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 22300128ca cli/command/node: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9bdeb09ae9)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 4f3c38a7d9 cli/command/context: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f28c063e2f)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 5237d943a8 cli/command/manifest: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 43795ec8f7)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 5c97f5c918 cli/command/image: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d14b5bff80)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn 8d0c8ef081 cli/command/context: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 76b47359cb)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn b4d152f7ad cli/command/container: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e946bf0804)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn 54b7933016 cli/command/config: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bc1790c5c2)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn 0a3d9c3e14 cli/command/checkpoint: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8dc53344e0)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn 913fa471ad
Add extra newline after additionalHelp output
The additionalHelp message is printed at the end of the --help output;

    To get more help with docker, check out our guides at https://docs.docker.com/go/guides/
    PS>

As this message may contain an URL, users may copy/paste the URL to open it
in their browser, but can easily end up copying their prompt (as there's
no whitespace after it), and as a result end up on a broken URL, for example:

    https://docs.docker.com/go/guides/PS

This patch adds an extra newline at the end to provide some whitespace
around the message, making it less error-prone to copy the URL;

    To get more help with docker, check out our guides at https://docs.docker.com/go/guides/

    PS>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9bb70217f8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-17 23:12:52 +01:00
Sebastiaan van Stijn 1686805f63
cli: additionalHelp() don't decorate output if it's piped
This prevents the escape-characters being included when piping the
output, e.g. `docker --help > output.txt`, or `docker --help | something`.
These control-characters could cause issues if users copy/pasted the URL
from the output, resulting in them becoming part of the URL they tried
to visit, which would fail, e.g. when copying the output from:

    To get more help with docker, check out our guides at https://docs.docker.com/go/guides/

Users ended up on URLs like;

    https://docs.docker.com/go/guides/ESC
    https://docs.docker.com/go/guides/%1B[0m

Before this patch, control characters ("bold") would be printed, even if
no TTY was attached;

    docker --help > output.txt
    cat output.txt | grep 'For more help' | od -c
    0000000 033   [   1   m   F   o   r       m   o   r   e       h   e   l
    0000020   p       o   n       h   o   w       t   o       u   s   e
    0000040   D   o   c   k   e   r   ,       h   e   a   d       t   o
    0000060   h   t   t   p   s   :   /   /   d   o   c   s   .   d   o   c
    0000100   k   e   r   .   c   o   m   /   g   o   /   g   u   i   d   e
    0000120   s   / 033   [   0   m  \n
    0000127

    docker --help | grep 'For more help' | od -c
    0000000 033   [   1   m   F   o   r       m   o   r   e       h   e   l
    0000020   p       o   n       h   o   w       t   o       u   s   e
    0000040   D   o   c   k   e   r   ,       h   e   a   d       t   o
    0000060   h   t   t   p   s   :   /   /   d   o   c   s   .   d   o   c
    0000100   k   e   r   .   c   o   m   /   g   o   /   g   u   i   d   e
    0000120   s   / 033   [   0   m  \n
    0000127

With this patch, no control characters are included:

    docker --help > output.txt
    cat output.txt | grep 'For more help' | od -c
    0000000   F   o   r       m   o   r   e       h   e   l   p       o   n
    0000020       h   o   w       t   o       u   s   e       D   o   c   k
    0000040   e   r   ,       h   e   a   d       t   o       h   t   t   p
    0000060   s   :   /   /   d   o   c   s   .   d   o   c   k   e   r   .
    0000100   c   o   m   /   g   o   /   g   u   i   d   e   s   /  \n
    0000117

    docker --help | grep 'For more help' | od -c
    0000000   F   o   r       m   o   r   e       h   e   l   p       o   n
    0000020       h   o   w       t   o       u   s   e       D   o   c   k
    0000040   e   r   ,       h   e   a   d       t   o       h   t   t   p
    0000060   s   :   /   /   d   o   c   s   .   d   o   c   k   e   r   .
    0000100   c   o   m   /   g   o   /   g   u   i   d   e   s   /  \n
    0000117

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 59e74b44ae)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-17 23:12:49 +01:00
Paweł Gronowski b309569bc6
cli/rm_test: Fix TestRemoveForce race condition
Synchronize append on the `removed` slice with mutex because
containerRemoveFunc is called in parallel for each removed container by
`container rm` cli command.
Also reduced the shared access area by separating the scopes of test
cases.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit b811057181)
2023-01-04 11:14:14 +01:00
Sebastiaan van Stijn 6b25bc3003
fix race condition in TestRemoveForce
This test uses two subtests that were sharing the same variable.
Subtests run in a goroutine, which could lead to them concurrently
accessing the variable, resulting in a panic:

    === FAIL: cli/command/container TestRemoveForce/without_force (0.00s)
    Error: Error: No such container: nosuchcontainer
        --- FAIL: TestRemoveForce/without_force (0.00s)
    panic: runtime error: invalid memory address or nil pointer dereference [recovered]
    	panic: runtime error: invalid memory address or nil pointer dereference
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x40393f]
    goroutine 190 [running]:
    testing.tRunner.func1.2({0xb76380, 0x124c9a0})
    	/usr/local/go/src/testing/testing.go:1389 +0x24e
    testing.tRunner.func1()
    	/usr/local/go/src/testing/testing.go:1392 +0x39f
    panic({0xb76380, 0x124c9a0})
    	/usr/local/go/src/runtime/panic.go:838 +0x207
    sort.StringSlice.Less(...)
    	/usr/local/go/src/sort/sort.go:319
    sort.insertionSort({0xd87380, 0xc00051b3b0}, 0x0, 0x2)
    	/usr/local/go/src/sort/sort.go:40 +0xb1
    sort.quickSort({0xd87380, 0xc00051b3b0}, 0x18?, 0xb4f060?, 0xc000540e01?)
    	/usr/local/go/src/sort/sort.go:222 +0x171
    sort.Sort({0xd87380, 0xc00051b3b0})
    	/usr/local/go/src/sort/sort.go:231 +0x53
    sort.Strings(...)
    	/usr/local/go/src/sort/sort.go:335
    github.com/docker/cli/cli/command/container.TestRemoveForce.func2(0xc0005389c0?)
    	/go/src/github.com/docker/cli/cli/command/container/rm_test.go:36 +0x125
    testing.tRunner(0xc00053e4e0, 0xc00051b140)
    	/usr/local/go/src/testing/testing.go:1439 +0x102
    created by testing.(*T).Run
    	/usr/local/go/src/testing/testing.go:1486 +0x35f
    === FAIL: cli/command/container TestRemoveForce (0.00s)

This patch changes the test to use to separate variables.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9688f62d20)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-26 13:47:31 +02:00
Sebastiaan van Stijn 2f7e84be65
linting: fix incorrectly formatted errors (revive)
cli/compose/interpolation/interpolation.go:102:4: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                "invalid interpolation format for %s: %#v. You may need to escape any $ with another $.",
                ^

    cli/command/stack/loader/loader.go:30:30: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                return nil, errors.Errorf("Compose file contains unsupported options:\n\n%s\n",
                                          ^

    cli/command/formatter/formatter.go:76:30: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return tmpl, errors.Errorf("Template parsing error: %v\n", err)
                                       ^

    cli/command/formatter/formatter.go:97:24: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return errors.Errorf("Template parsing error: %v\n", err)
                                 ^

    cli/command/image/build.go:257:25: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                return errors.Errorf("error checking context: '%s'.", err)
                                     ^

    cli/command/volume/create.go:35:27: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                        return errors.Errorf("Conflicting options: either specify --name or provide positional arg, not both\n")
                                             ^

    cli/command/container/create.go:160:24: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return errors.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
                                 ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4ab70bf61e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:48 +02:00
Sebastiaan van Stijn e628209d9b
linting: ignore some "G101: Potential hardcoded credentials" warnings
cli/config/credentials/native_store.go:10:2: G101: Potential hardcoded credentials (gosec)
        remoteCredentialsPrefix = "docker-credential-"
        ^
    cli/command/service/opts.go:917:2: G101: Potential hardcoded credentials (gosec)
        flagCredentialSpec          = "credential-spec"
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d7c1fb9112)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:38 +02:00
Sebastiaan van Stijn 80a3add604
cli/command/container: unnecessary use of fmt.Sprintf (gosimple)
cli/command/container/formatter_stats.go:184:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:191:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("-- / --")
                   ^
    cli/command/container/formatter_stats.go:201:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:184:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:191:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("-- / --")
                   ^
    cli/command/container/formatter_stats.go:201:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5a65aadd8d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:29 +02:00
Sebastiaan van Stijn 80f673bf9e
gofmt with go1.17
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a0f0578299)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-14 16:40:46 +02:00
John Howard 5fa500000a
Fix incorrect pointer inputs to `json.Unmarshal`
See https://github.com/howardjohn/go-unmarshal-double-pointer for more
info on why this is not safe and how this is detected.

Signed-off-by: John Howard <howardjohn@google.com>
(cherry picked from commit ee97fe95bc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-01 20:43:16 +02:00
coryb ee1ac1b319
fix innocuous data-race when config.Load called in parallel
Locking was removed in https://github.com/docker/cli/pull/3025 which
allows for parallel calls to config.Load to modify global state.
The consequence in this case is innocuous, but it does trigger a
`DATA RACE` exception when tests run with `-race` option.

Signed-off-by: coryb <cbennett@netflix.com>
(cherry picked from commit b5f4a6e45f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-27 10:37:14 +01:00
Sebastiaan van Stijn 82f9d5921b
info: skip client-side warning about seccomp profile on API >= 1.42
This warning will be moved to the daemon-side, similar to how it returns
other warnings. There's work in progress to change the name of the default
profile, so we may need to backport this change to prevent existing clients
from printing an incorrect warning if they're connecting to a newer daemon.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8964595692)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-11 16:38:53 +02:00
Sebastiaan van Stijn 893e52cf4b
Merge pull request #2 from moby/cli-ghsa-99pg-grm5-qq3v-default-authconfig-20.10
[20.10] registry: ensure default auth config has address
2021-09-09 20:40:54 +02:00
Samuel Karp 42d1c02750
registry: ensure default auth config has address
Signed-off-by: Samuel Karp <skarp@amazon.com>
2021-07-29 19:57:58 -07:00
Sebastiaan van Stijn 6288e8b1ac
change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test
Golang uses a `sync.Once` when determining the proxy to use. This means
that it's not possible to test the proxy configuration in unit tests,
because the proxy configuration will be "fixated" the first time Golang
detects the proxy configuration.

This patch changes TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e
test so that we can verify the CLI picks up the proxy configuration.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 40c6b117e7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:11:10 +02:00
Sebastiaan van Stijn 1e9575e81a
cli/config/configfile: various test cleanups
- use var/const blocks when declaring a list of variables
- use const where possible

TestCheckKubernetesConfigurationRaiseAnErrorOnInvalidValue:

- use keys when assigning values
- make sure test is dereferenced in the loop
- use subtests

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit be327a4f0f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:10:40 +02:00
Sebastiaan van Stijn c98e9c47ca
Use designated test domains (RFC2606) in tests
Some tests were using domain names that were intended to be "fake", but are
actually registered domain names (such as mycorp.com).

Even though we were not actually making connections to these domains, it's
better to use domains that are designated for testing/examples in RFC2606:
https://tools.ietf.org/html/rfc2606

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f3886f354a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:10:38 +02:00
Sebastiaan van Stijn 8437cfefae
context: deprecate support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 15535d4594)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 15:48:11 +02:00
Sebastiaan van Stijn 68a5ca859f
cli/context: ignore linting warnings about RFC 1423 encryption
From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

When linting on Go 1.16:

    cli/context/docker/load.go:69:6: SA1019: x509.IsEncryptedPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
            if x509.IsEncryptedPEMBlock(pemBlock) {
               ^
    cli/context/docker/load.go:70:20: SA1019: x509.DecryptPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
                keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(c.TLSPassword))
                                ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2688f25eb7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 15:48:09 +02:00
Mathieu Champlon 1d37fb3027
Deprecate Kubernetes context support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
(cherry picked from commit a033cdf515)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:36:33 +02:00
Mathieu Champlon 0793f96394
Deprecate Kubernetes stack support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
(cherry picked from commit c05f0f5957)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 16:36:31 +02:00
David Scott 2945ba4f7a
Ignore SIGURG on Darwin too
This extends #2929 to Darwin as well as Linux.

Running the example in https://github.com/golang/go/issues/37942
I see lots of:
```
dave@m1 sigurg % uname -ms
Darwin arm64

dave@m1 sigurg % go run main.go
received urgent I/O condition: 2021-05-21 16:03:03.482211 +0100 BST m=+0.014553751
received urgent I/O condition: 2021-05-21 16:03:03.507171 +0100 BST m=+0.039514459
```

Signed-off-by: David Scott <dave@recoil.org>
(cherry picked from commit cedaf44ea2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:38:46 +02:00
Sebastiaan van Stijn 032e485e1c
ForwardAllSignals: check if channel is closed, and remove warning
Commit fff164c22e modified ForwardAllSignals to
take `SIGURG` signals into account, which can be generated by the Go runtime
on Go 1.14 and up as an interrupt to support pre-emptable system calls on Linux.

With the updated code, the signal (`s`) would sometimes be `nil`, causing spurious
(but otherwise harmless) warnings to be printed;

    Unsupported signal: <nil>. Discarding.

To debug this issue, I patched v20.10.4 to handle `nil`, and added a debug line
to print the signal in all cases;

```patch
diff --git a/cli/command/container/signals.go b/cli/command/container/signals.go
index 06e4d9eb6..0cb53ef06 100644
--- a/cli/command/container/signals.go
+++ b/cli/command/container/signals.go
@@ -22,8 +22,9 @@ func ForwardAllSignals(ctx context.Context, cli command.Cli, cid string, sigc <-
                case <-ctx.Done():
                        return
                }
+               fmt.Fprintf(cli.Err(), "Signal: %v\n", s)

               if s == signal.SIGCHLD || s == signal.SIGPIPE {
```

When running a cross-compiled macOS binary with Go 1.13 (`make -f docker.Makefile binary-osx`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    ^CSignal: interrupt
    Cloning into 'getting-started'...
    error: could not lock config file /git/getting-started/.git/config: No such file or directory
    fatal: could not set 'core.repositoryformatversion' to '0'
    Signal: <nil>
    Signal: <nil>

When running a macOS binary built with Go 1.15 (`DISABLE_WARN_OUTSIDE_CONTAINER=1 make binary`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    # this is the same as on Go 1.13
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    ^CSignal: interrupt
    Signal: urgent I/O condition
    Signal: urgent I/O condition
    fatal: --stdin requires a git repository
    fatal: index-pack failed
    Signal: <nil>
    Signal: <nil>

This patch checks if the channel is closed, and removes the warning (to prevent warnings if new
signals are added that are not in our known list of signals)

We should also consider updating `notfiyAllSignals()`, which currently forwards
_all_ signals (`signal.Notify(sigc)` without passing a list of signals), and
instead pass it "all signals _minus_ the signals we don't want forwarded":
35f023a7c2/cli/command/container/signals.go (L55)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9342ec6b71)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:36:29 +02:00
Brian Goff 88de81ff21
Fix `docker start` blocking on signal handling
We refactorted `ForwardAllSignals` so it blocks but did not update the
call in `start` to call it in a goroutine.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit e1a7517514)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:35:59 +02:00
Sebastiaan van Stijn 706ca7985b
Revert "[20.10] Revert "Ignore SIGURG on Linux.""
This reverts commit f33a69f6ee.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-25 12:30:31 +02:00
Akihiro Suda 12e2f94eba
printServerWarningsLegacy: silence "No oom kill disable support" on cgroup v2
The warning should be ignored on cgroup v2 hosts.

Relevant: 8086443a44

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 05ec0188fa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-18 23:54:39 +02:00
Akihiro Suda 00755d7dba
printServerWarningsLegacy: silence "No kernel memory limit support"
The kernel memory limit is deprecated in Docker 20.10.0,
and its support was removed in runc v1.0.0-rc94.
So, this warning can be safely removed.

Relevant: b8ca7de823

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 731f52cfe8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-18 23:54:36 +02:00
Tonis Tiigi fcc05e5ea1 update windows resources generation
New solution is not hardcoded to amd64 but integrates
with the cross toolchain and support creating arm binaries.

Go has been updated so that ASLR works

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 8b822c9219)
Signed-off-by: Tibor Vass <tibor@docker.com>
2021-04-06 19:53:48 +00:00
Sebastiaan van Stijn 4c3b87d922
config.Load() remove unneeded locks
These were added in b83bc67136, but
I'm not sure why I added these; they're likely not needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 09ddcffb2f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-01 12:04:57 +02:00
Sebastiaan van Stijn 4571d90f20
config: print deprecation warning when falling back to ~/.dockercfg
Relates to the deprecation, added in 3c0a167ed5

The docker CLI up until v1.7.0 used the `~/.dockercfg` file to store credentials
after authenticating to a registry (`docker login`). Docker v1.7.0 replaced this
file with a new CLI configuration file, located in `~/.docker/config.json`. When
implementing the new configuration file, the old file (and file-format) was kept
as a fall-back, to assist existing users with migrating to the new file.

Given that the old file format encourages insecure storage of credentials
(credentials are stored unencrypted), and that no version of the CLI since
Docker v1.7.0 has created this file, the file is marked deprecated, and support
for this file will be removed in a future release.

This patch adds a deprecation warning, which is printed if the CLI falls back
to using the deprecated ~/.dockercfg file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b83bc67136)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-08 17:21:15 +01:00
Sebastiaan van Stijn f33a69f6ee
[20.10] Revert "Ignore SIGURG on Linux."
This reverts commit 3c87f01b18.

This commit introduced two regressions;

- spurious "Unsupported signal: <nil>. Discarding."
- docker start --attach hanging if the container does not
  have a TTY attached

Reverting for now, while we dug deeper into what's causing
the regression.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-01 20:56:18 +01:00