diff --git a/components/cli/docs/reference/builder.md b/components/cli/docs/reference/builder.md index 1462d5b861..fbf71cd4d8 100644 --- a/components/cli/docs/reference/builder.md +++ b/components/cli/docs/reference/builder.md @@ -1003,7 +1003,7 @@ whitespace) > and will not work on Windows containers. Since user and group ownership concepts do > not translate between Linux and Windows, the use of `/etc/passwd` and `/etc/group` for > translating user and group names to IDs restricts this feature to only be viable for -> for Linux OS-based containers. +> Linux OS-based containers. The `COPY` instruction copies new files or directories from `` and adds them to the filesystem of the container at the path ``. diff --git a/components/cli/docs/reference/commandline/swarm_ca.md b/components/cli/docs/reference/commandline/swarm_ca.md index 0fe1b301ab..18c7ad2ebb 100644 --- a/components/cli/docs/reference/commandline/swarm_ca.md +++ b/components/cli/docs/reference/commandline/swarm_ca.md @@ -103,7 +103,7 @@ when viewing swarm any information via the CLI or API. The root CA rotation will not be completed until all registered nodes have rotated their TLS certificates. If the rotation is not completing within a reasonable amount of time, try running -`docker node ls --format {{.ID}} {{.Hostname}} {{.Status}} {{.TLSStatus}}` to +`docker node ls --format '{{.ID}} {{.Hostname}} {{.Status}} {{.TLSStatus}}'` to see if any nodes are down or otherwise unable to rotate TLS certificates. diff --git a/components/cli/vendor.conf b/components/cli/vendor.conf index fcbc9c848d..736f09c92d 100755 --- a/components/cli/vendor.conf +++ b/components/cli/vendor.conf @@ -10,7 +10,7 @@ github.com/docker/docker-credential-helpers 3c90bd29a46b943b2a9842987b58fb91a7c1 # the docker/go package contains a customized version of canonical/json # and is used by Notary. The package is periodically rebased on current Go versions. github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06 -github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d +github.com/docker/go-connections 98e7d807e5d804e4e42a98d74d1dd695321224ef github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1 github.com/docker/swarmkit 713d79dc8799b33465c58ed120b870c52eb5eb4f diff --git a/components/cli/vendor/github.com/docker/go-connections/tlsconfig/config.go b/components/cli/vendor/github.com/docker/go-connections/tlsconfig/config.go index 1b31bbb8b1..f11f166a44 100644 --- a/components/cli/vendor/github.com/docker/go-connections/tlsconfig/config.go +++ b/components/cli/vendor/github.com/docker/go-connections/tlsconfig/config.go @@ -65,22 +65,34 @@ var allTLSVersions = map[uint16]struct{}{ } // ServerDefault returns a secure-enough TLS configuration for the server TLS configuration. -func ServerDefault() *tls.Config { - return &tls.Config{ - // Avoid fallback to SSL protocols < TLS1.0 +func ServerDefault(ops ...func(*tls.Config)) *tls.Config { + tlsconfig := &tls.Config{ + // Avoid fallback by default to SSL protocols < TLS1.0 MinVersion: tls.VersionTLS10, PreferServerCipherSuites: true, CipherSuites: DefaultServerAcceptedCiphers, } + + for _, op := range ops { + op(tlsconfig) + } + + return tlsconfig } // ClientDefault returns a secure-enough TLS configuration for the client TLS configuration. -func ClientDefault() *tls.Config { - return &tls.Config{ +func ClientDefault(ops ...func(*tls.Config)) *tls.Config { + tlsconfig := &tls.Config{ // Prefer TLS1.2 as the client minimum MinVersion: tls.VersionTLS12, CipherSuites: clientCipherSuites, } + + for _, op := range ops { + op(tlsconfig) + } + + return tlsconfig } // certPool returns an X.509 certificate pool from `caFile`, the certificate file.