Use `net.SplitHostPort` which supports ipv6 rather than relying on
splitting on `:`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: a82e3bc7043d4bd256cc6fee76307d6286f57f0d
Component: engine
Add a unit test for validateManifest which ensures extra data can't be
injected by adding data to the JSON object outside the payload area.
This also removes validation of legacy signatures at pull time. This
starts the path of deprecating legacy signatures, whose presence in the
very JSON document they attempt to sign is problematic. These
signatures were only checked for official images, and since they only
caused a weakly-worded message to be printed, removing the verification
should not cause impact.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 011bfd666eeb21a111ca450c42a3893ad03c9324
Component: engine
Generate a hash chain involving the image configuration, layer digests,
and parent image hashes. Use the digests to compute IDs for each image
in a manifest, instead of using the remotely specified IDs.
To avoid breaking users' caches, check for images already in the graph
under old IDs, and avoid repulling an image if the version on disk under
the legacy ID ends up with the same digest that was computed from the
manifest for that image.
When a calculated ID already exists in the graph but can't be verified,
continue trying SHA256(digest) until a suitable ID is found.
"save" and "load" are not changed to use a similar scheme. "load" will
preserve the IDs present in the tar file.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 504e67b867865a2835e8002c01087a2cfd7bfd0e
Component: engine
Docker 1.7 got support for specifying the CFS scheduler's CPU quota and
period. The work appears to have started around commit
dcc50e1d593fd7995189872791c6d7a013f16970. This change updates the API
documentation to reflect the existing support.
Signed-off-by: Victor Costan <costan@gmail.com>
Upstream-commit: 26bd356078a02313649c7562369a2b2de6b63e19
Component: engine
This updates the docs for the daemon based on the new cluster-store-opt
for TLS support.
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
Upstream-commit: ab83cf37c9df38e058938ef762aaefbc85f98f7d
Component: engine
All the go-lint work forced any existing "Uid" -> "UID", but seems to
not have the same rules for Gid, so stat package has calls UID() and
Gid().
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 79240b9eafa08001912d5b360a654b1ad9cd1d20
Component: engine
The first param on opts.ParseHost() wasn't being used for anything.
Once we get rid of that param we can then also clean-up some code
that calls ParseHost() because the param that was passed in wasn't
being used for anything else.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: ba973f2d74c150154390aed1a5aed8fb5d0673b8
Component: engine
`docker network` is the second command with subcommands.
This refactoring pulls out parsing and processing of subcommands
from `docker volume` completion and thus makes its logic available
for other commands.
Also enables `__docker_pos_first_nonflag` for subcommand completion.
Signed-off-by: Harald Albers <github@albersweb.de>
Upstream-commit: e4bf5cff49a152794b924d9cf4d6cee605f2d73a
Component: engine
GitHub flavored markdown is now supported for links and images. Also, ran LinkChecker and FileResolver. Yay!
Fixes from Spider check
Output for docker/docker now goes into engine directory
Signed-off-by: Mary Anthony <mary@docker.com>
Upstream-commit: 8fee1c2020186ac100b45e64864b94ae3a169ad5
Component: engine
Part of #16756
Update integration-cli/docker_cli_rmi_test.go:
Use Assert instead of condition judgement in test.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: c6b02ad73b545cedeb53715b2d7b22a2354722f8
Component: engine
