Commit Graph

9835 Commits

Author SHA1 Message Date
Bjorn Neergaard 116db4fc82
docs: tidy up CDI docs
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-04-15 15:05:53 -07:00
Laura Brehm c0cc22db58
Merge pull request #5019 from laurazard/multiple-plugin-hooks
plugins/templates: break on newlines when printing hooks
2024-04-15 13:55:33 +01:00
Laura Brehm 867061b007
plugins/templates: break on newlines when printing hooks
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-15 12:59:53 +01:00
njucjc 73959eef71 chore: remove deprecated DualStack field
Signed-off-by: njucjc <njucjc@gmail.com>
2024-04-15 17:53:35 +08:00
David Karlsson 78012b0ee5
Merge pull request #4989 from dvdksn/docs-systempaths-unconfined
docs: add systempaths=unconfined security-opt
2024-04-12 14:53:35 +02:00
Paweł Gronowski 249b5a401f
Merge pull request #5005 from vvoland/cli-bin-exe
cli-bin/windows: Add .exe extension
2024-04-11 11:35:26 +02:00
Paweł Gronowski 718203d50b
cli-bin/windows: Add .exe extension
Before this commit, the CLI binary in `dockereng/cli-bin` image was
named `docker` regardless of platform.

Change the binary name to `docker.exe` in Windows images.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 18:48:37 +02:00
Sebastiaan van Stijn b6c5522128
Merge pull request #5003 from laurazard/vendor-moby-dirty-26.1
vendor: github.com/docker/docker f9dfd139ec0d (master)
2024-04-10 17:37:31 +02:00
Paweł Gronowski 1433df8fee
bake/bin-image-cross: Add darwin
So we can also have darwin binaries in the `dockereng/cli-bin` image.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 17:28:50 +02:00
Paweł Gronowski 0c2697d779
Dockerfile: Remove xx-sdk-extras
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 17:28:49 +02:00
Paweł Gronowski 094af6ea07
darwin/build: Disallow CGO_ENABLED=1 when cross-compiling
Cross compiling CGO to Darwin requires an Apple SDK.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 17:28:48 +02:00
Laura Brehm 5515b86514
vendor: github.com/docker/docker v26.0.1-0.20240410103514-f9dfd139ec0d+incompatible (master)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-10 16:07:09 +01:00
Laura Brehm c1053bf9d4
vendor: github.com/moby/swarmkit/v2 v2.0.0-20240227173239-911c97650f2e
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-10 16:02:34 +01:00
Laura Brehm 8a3a7b9458
vendor: github.com/containerd/containerd v1.7.15
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-10 15:52:37 +01:00
David Karlsson 4585809848 docs: add systempaths=unconfined security-opt
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-04-10 15:16:30 +02:00
Sebastiaan van Stijn 870ad7f4b9
Merge pull request #4998 from thaJeztah/bump_x_net
vendor: golang.org/x/sys v0.18.0, golang.org/x/term v0.18.0, golang.org/x/crypto v0.21.0, golang.org/x/net v0.23.0
2024-04-09 16:24:15 +02:00
Sebastiaan van Stijn 5fcbbde4b9
vendor: golang.org/x/net v0.23.0
full diff: https://github.com/golang/net/compare/v0.22.0...v0.23.0

Includes a fix for CVE-2023-45288, which is also addressed in go1.22.2
and go1.21.9;

> http2: close connections when receiving too many headers
>
> Maintaining HPACK state requires that we parse and process
> all HEADERS and CONTINUATION frames on a connection.
> When a request's headers exceed MaxHeaderBytes, we don't
> allocate memory to store the excess headers but we do
> parse them. This permits an attacker to cause an HTTP/2
> endpoint to read arbitrary amounts of data, all associated
> with a request which is going to be rejected.
>
> Set a limit on the amount of excess header frames we
> will process before closing a connection.
>
> Thanks to Bartek Nowotarski for reporting this issue.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:52:51 +02:00
Sebastiaan van Stijn 4745b957d2
vendor: golang.org/x/net v0.22.0, golang.org/x/crypto v0.21.0
full diffs changes relevant to vendored code:

- https://github.com/golang/net/compare/v0.19.0...v0.22.0
    - http2: remove suspicious uint32->v conversion in frame code
    - http2: send an error of FLOW_CONTROL_ERROR when exceed the maximum octets
- https://github.com/golang/crypto/compare/v0.17.0...v0.21.0
    - (no changes in vendored code)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:50:53 +02:00
Sebastiaan van Stijn c7a50ebb9f
vendor: golang.org/x/term v0.18.0
no changes in vendored code

full diff: https://github.com/golang/term/compare/v0.15.0...v0.18.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:47:48 +02:00
Sebastiaan van Stijn 9a2133f2d4
vendor: golang.org/x/sys v0.18.0
full diff: https://github.com/golang/sys/compare/v0.16.0...v0.18.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:46:54 +02:00
David Karlsson faf096b25c docs: clarify that --data-path-addr doesn't restrict access
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-04-09 13:08:21 +02:00
Laura Brehm c23a404698
Merge pull request #4986 from vvoland/update-go
update to go1.21.9
2024-04-05 15:35:47 +01:00
Paweł Gronowski 0a5bd6c75b
update to go1.21.9
go1.21.9 (released 2024-04-03) includes a security fix to the net/http
package, as well as bug fixes to the linker, and the go/types and
net/http packages. See the Go 1.21.9 milestone on our issue tracker for
details.

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.9+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.8...go1.21.9

**- Description for the changelog**

```markdown changelog
Update Go runtime to 1.21.9
```

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-05 12:43:24 +02:00
Laura Brehm b2fe82a23e
Merge pull request #4985 from laurazard/otel-exit-code-int
otel: capture exit code as int64
2024-04-05 10:21:52 +01:00
Laura Brehm cefcba9871
otel: capture exit code as int64
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-04 19:11:56 +01:00
Bjorn Neergaard 10b9810989
Merge pull request #4978 from laurazard/otel-add-tty
otel: capture whether process was invoked from a terminal
2024-04-04 06:09:48 -06:00
Laura Brehm 204b324291
Merge pull request #4975 from jsternberg/otel-error-handler
command: include default otel error handler for the cli
2024-04-04 03:56:41 +01:00
Laura Brehm ee1b2836af
otel: capture whether process was invoked from a terminal
This commit adds a "terminal" attribute to `BaseMetricAttributes`
that allows us to discern whether an invocation was from an interactive
terminal or not.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-04 03:28:17 +01:00
Jonathan A. Sternberg 8f45f1495c
command: include default otel error handler for the cli
This adds a default otel error handler for the cli in the debug package.
It uses logrus to log the error on the debug level and should work out
of the box with the `--debug` flag and `DEBUG` environment variable.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-04-03 12:01:28 -05:00
Sebastiaan van Stijn 9ca30bd2ac
Merge pull request #4939 from Benehiko/prompt-termination
feat: standardize error for prompt
2024-04-02 19:09:12 +02:00
Alano Terblanche 910d5d0247
chore: remove backticks and resolve linting issues
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-04-02 15:54:29 +02:00
Bjorn Neergaard 155dc5e4e4
Merge pull request #4973 from jsternberg/otel-1.16-compat
cli: add go:build tag to the docker telemetry
2024-04-01 09:08:16 -06:00
Bjorn Neergaard e3f45bf68f
Merge pull request #4972 from vvoland/community-slack
CONTRIBUTING.md: update Slack link
2024-03-28 14:25:54 -06:00
Jonathan A. Sternberg 2a3b6c03f7
cli: add go:build tag to the docker telemetry
This is needed because the project does not have a `go.mod` file and
gets sent to go 1.16 semantics whenever it's imported by another project
and `any` doesn't exist in go 1.16, but the linter requires us to use
`any` here.

Setting the `go:build` tag forces the per-file language to the go
version specified.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-03-28 14:09:34 -05:00
Laura Brehm 400a8bb4a2
Merge pull request #4940 from krissetto/otel-init
Initial otel implementation
2024-03-28 17:21:00 +00:00
Christopher Petito efd82e1e31 Initial otel impl using our utils
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
2024-03-28 16:23:01 +00:00
Christopher Petito b6e2eca4b8 Enable overriding of the otel exporter otlp endpoint via env var for testing purposes
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
2024-03-28 16:22:53 +00:00
Christopher Petito 160f65d9db Added some telemetry utils
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
2024-03-28 16:22:43 +00:00
Paweł Gronowski 9a1b0f8bb3
CONTRIBUTING.md: update Slack link
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-28 09:38:11 +01:00
Alano Terblanche 7c722c08d0
feat: standardize error for prompt
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-03-26 14:11:55 +01:00
Laura Brehm b8d5454963
Merge pull request #4957 from Benehiko/prompt-test-flakiness
fix: flaky prompt termination on reader close test
2024-03-26 13:03:02 +00:00
Alano Terblanche 7ea10d5ced
refactor: prompt tests
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-03-26 10:07:01 +01:00
Bjorn Neergaard b39bbb4e3b
Merge pull request #4889 from jsternberg/universal-telemetry-client
cli: add otel sdk tracing and metric providers to the core cli
2024-03-25 10:47:06 -06:00
Jonathan A. Sternberg 89db01ef97
cli: add otel sdk tracing and metric providers to the core cli
This adds the code used by buildx and compose into the default CLI
program to help normalize the usage of these APIs and allow code reuse
between projects. It also allows these projects to benefit from
improvements or changes that may be made by another team.

At the moment, these APIs are a pretty thin layer on the OTEL SDK. It
configures an additional exporter to a docker endpoint that's used for
usage collection and is only active if the option is configured in
docker desktop.

This also upgrades the OTEL version to v1.19 which is the one being used
by buildkit, buildx, compose, etc.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-03-25 11:11:34 -05:00
Sebastiaan van Stijn b4d03289a7
Merge pull request #4933 from Xeonacid/riscv-CGO_ENABLED
Set CGO_ENABLED=1 on riscv64
2024-03-25 12:04:11 +01:00
Bjorn Neergaard 799bf52680
Merge pull request #4376 from laurazard/plugin-hooks
Introduce support for CLI plugin hooks
2024-03-22 14:34:14 -06:00
Laura Brehm c5016c6d5b
cli-plugins: Introduce support for hooks
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-03-22 17:30:18 +00:00
Bjorn Neergaard ac5421665f
Merge pull request #4963 from neersighted/plugin_comments
plugin: drop explicit unlink
2024-03-22 10:19:25 -06:00
Paweł Gronowski 3a8f292a3f
Merge pull request #4961 from vvoland/vendor-master-docker-v26.0.0
vendor: github.com/docker/docker v26.0.0
2024-03-22 17:15:02 +01:00
Bjorn Neergaard 509123f935
plugin: drop explicit unlink
Go's `net` package [will unlink][1] for us, as long as we used Listen &
friends to create the Unix socket.

Go will even skip the unlink when the socket appears to be abstract
(starts with a NUL, represented by an @), though we must be cautious to
only create sockets with an abstract address on platforms that actually
support it -- this caused [several][2] [bugs][3] before.

  [1]: https://pkg.go.dev/net#UnixListener.SetUnlinkOnClose
  [2]: https://github.com/docker/cli/pull/4783
  [3]: https://github.com/docker/cli/pull/4863

Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-03-22 10:12:40 -06:00