Return the correct status code on flag parsins errors.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 5ab24342258c70438ab8edf708ebc466b1677f38
Component: engine
Move container options into a struct so that tests should pass.
Remove unused FlagSet arg from Parse
Disable interspersed args on docker run
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: a77f2450c70312f8c26877a18bfe2baa44d4abb9
Component: engine
The -f flag on docker tag has been deprecated in docker 1.10 and
is expected to be removed in docker 1.12.
This fix removed the -f flag on docker tag and also updated
deprecated.md.
NOTE: A separate pull request for engine-api has been opened to
cover the related changes.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 4455ec14b87d5ad474c5e11d60907bceb35e9e09
Component: engine
Make better default usage on context.Context on the `api/client` package
to share the context (it is useless if not shared, which was the case
for a lot of commands).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 4c7f0d268f413b4a55ea638a97382d9316d082af
Component: engine
Since 1.9, Docker Content Trust Offline key has been renamed to
Root key and the Tagging key has been renamed to Repository key.
The corresponding environment variables
`DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE`
`DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE`
have also been deprecated and renamed to
`DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE`
`DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE`
This fix removed the deprecated ENV passphrase variables for
1.12 and updated the docs.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 1f0d5aba50803ff401197f96f6a830384d0c04c5
Component: engine
- Update now returns only an error
- NewNotaryRepository now takes a trustpinning configuration - we will provide an empty one for now.
Signed-off-by: cyli <cyli@twistedmatrix.com>
Upstream-commit: d869d2b0a07105c80a24755ac6dd12476a085453
Component: engine
Using new methods from engine-api, that make it clearer which element is
required when consuming the API.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: b9c94b70bf2f703f260844b3862a61f93dee6337
Component: engine
This adds support for the passthrough on build, push, login, and search.
Revamp the integration test to cover these cases and make it more
robust.
Use backticks instead of quoted strings for backslash-heavy string
contstands.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: c44e7a3e632c3ea961cb8c12ba45371f54e6699c
Component: engine
It will ignore tags in all other delegation roles.
Signed-off-by: cyli <cyli@twistedmatrix.com>
Upstream-commit: 623ccc2f319ec28929c75a09bba76916c84f0d2b
Component: engine
and for which the tag conforms to path restrictions.
Signed-off-by: cyli <cyli@twistedmatrix.com>
Upstream-commit: 497a58e6e48277bbee214d701e3d671eb8975797
Component: engine
Changes how the Engine interacts with Registry servers on image pull.
Previously, Engine sent a User-Agent string to the Registry server
that included only the Engine's version information. This commit
appends to that string the fields from the User-Agent sent by the
client (e.g., Compose) of the Engine. This allows Registry server
operators to understand what tools are actually generating pulls on
their registries.
Signed-off-by: Mike Goelzer <mgoelzer@docker.com>
Upstream-commit: d1502afb63a10df0bfce20ae2957774cfb3e58d8
Component: engine
Use token handler options for initialization.
Update auth endpoint to set identity token in response.
Update credential store to match distribution interface changes.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: e896d1d7c4459c4b357efdd780e9fb9dd9bc90e0
Component: engine
This change implements communication with an external credentials store,
ala git-credential-helper. The client falls back the plain text store,
what we're currently using, if there is no remote store configured.
It shells out to helper program when a credential store is
configured. Those programs can be implemented with any language as long as they
follow the convention to pass arguments and information.
There is an implementation for the OS X keychain in https://github.com/calavera/docker-credential-helpers.
That package also provides basic structure to create other helpers.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: cf721c23e715e545eccf8484e145c2d18d6a6a23
Component: engine
It would be good to add a clearer failure or succeed message.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Upstream-commit: 1a6866273697361f33ec908f51cf0e071a36b69d
Component: engine
Unlike the untrusted push without an explicit tag will push all
tags for that repo, the trusted push would expect an explicit tag.
So that the code that attempts to do smart logic around signing multiple
tags should be removed.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Upstream-commit: 5dddf7e98e3296ddec07e104ea829bebdb15d98d
Component: engine
This is similar to the version in the registry package, but uses the
daemon's default index (as opposed to the default for the client's
platform) if using the "official index".
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: ff17cd0bf07fb8fbd811b3a1bf472d701405b1d1
Component: engine
The trust code used to parse the console output of `docker push` to
extract the digest, tag, and size information and determine what to
sign. This is fragile and might give an attacker control over what gets
signed if the attacker can find a way to influence what gets printed as
part of the push output.
This commit sends the push metadata out-of-band. It introduces an `Aux`
field in JSONMessage that can carry application-specific data alongside
progress updates. Instead of parsing formatted output, the client looks
in this field to get the digest, size, and tag from the push.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 65370be888d940899593a001024f53d6b83b4bb0
Component: engine
- Use the ones provided by docker/go-connections, they are a drop in replacement.
- Remove pkg/sockets from docker.
- Keep pkg/tlsconfig because libnetwork still needs it and there is a
circular dependency issue.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 8e034802b7ad92a29f08785e553415adcd1348a3
Component: engine
registry.ResolveAuthConfig() only needs the AuthConfigs from the ConfigFile, so
this change passed just the AuthConfigs.
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
Upstream-commit: 920ea13516c24d00931cac42b608b5827986ede7
Component: engine
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.
Add v1 migration code.
Update registry, api/*, and daemon packages to use the reference
package's types where applicable.
Update daemon package to use image/layer/tag stores instead of the graph
package
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 4352da7803d182a6013a5238ce20a7c749db979a
Component: engine
