This flag was deprecated in docker v24.0, and no longer functional
since v25.0; fully removed in v26.0, so we can remove the docs
for this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The use of pools here is unnecessary and creates a code dependency on
moby library which will move to internal.
The pool does not provide any value here since it is only done for a
single operation and unlikely performed in alongside other operations
which are re-using the buffers many times between garbage collections.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This snippet was added in [docker@38ec5d8][1]. The intent was to indicate
that an empty value is equivalent to passing "default" as value. However,
passing the `--isolation` flag _without a value_ (i.e., no `=` specified)
will fail in many cases, as any string after it will be parsed as value
(e.g. `docker run --isolation busybox` would consider `busybox` as value).
This patch removes these lines as they add more confusion than addressing.
[1]: 38ec5d86a3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Currently the cp will tar from the same directory it will untar into
simultaneously. There is a race between reading the file and truncating
the file for write, however, the race will not show up with a large
enough buffer on the tar side if buffered before the copy begins.
Also removes the unnecessary deferred removal, the removal is handled by
cleanup and respects the no cleanup env.
Signed-off-by: Derek McGowan <derek@mcg.dev>
contains a fix for CVE-2024-45338 / https://go.dev/issue/70906,
but it doesn't affect our codebase:
govulncheck -show=verbose ./...
Scanning your code and 1260 packages across 211 dependent modules for known vulnerabilities...
...
Vulnerability #1: GO-2024-3333
Non-linear parsing of case-insensitive content in golang.org/x/net/html
More info: https://pkg.go.dev/vuln/GO-2024-3333
Module: golang.org/x/net
Found in: golang.org/x/net@v0.32.0
Fixed in: golang.org/x/net@v0.33.0
Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.
full diff: https://github.com/golang/net/compare/v0.32.0...v0.33.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
update to the latest version of this dependency, which has a fix for a
authorization bypass in the ssh package. We don't use this functionality,
so there's no need to backport this change (other than de-noising false positives).
This is CVE-2024-45337 and Go issue https://go.dev/issue/70779.
full diff: https://github.com/golang/crypto/compare/v0.29.0...v0.31.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is a follow-up to 55e404e7a8, which
removed some warnings related to these fields.
These fields in the /info response were used to warn users if netfiltering
was not enabled on the host when the daemon started. Starting with
[moby@db25b0d], detecting whether netfiltering is enabled now
[happens when needed][1], making the state that's detected at startup
irrelevant.
These fields will therefore be deprecated in future, but we can start
removing their use in tests.
[moby@db25b0d]: db25b0dcd0
[1]: 944e403502/libnetwork/drivers/bridge/setup_bridgenetfiltering.go (L16-L77)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When running the tests with options set, such as `-update` for updating
"golden" files, this test would pick up test arguments because no arguments
were set to invoke the command;
go test . -update
Error: unknown shorthand flag: 'u' in -update
Usage:
events [OPTIONS] [flags]
Flags:
-f, --filter filter Filter output based on conditions provided
--format string Format output using a custom template:
'json': Print in JSON format
'TEMPLATE': Print output using the given Go template.
Refer to https://docs.docker.com/go/formatting/ for more information about formatting output with templates
-h, --help help for events
--since string Show all events created since timestamp
--until string Stream events until this timestamp
--- FAIL: TestEventsFormat (0.00s)
--- FAIL: TestEventsFormat/default (0.00s)
events_test.go:75: assertion failed: error is not nil: unknown shorthand flag: 'u' in -update
--- FAIL: TestEventsFormat/json (0.00s)
events_test.go:75: assertion failed: error is not nil: unknown shorthand flag: 'u' in -update
--- FAIL: TestEventsFormat/json_template (0.00s)
events_test.go:75: assertion failed: error is not nil: unknown shorthand flag: 'u' in -update
--- FAIL: TestEventsFormat/json_action (0.00s)
events_test.go:75: assertion failed: error is not nil: unknown shorthand flag: 'u' in -update
This patch:
- changes the test to use command-arguments instead of manually setting the
flag options; this also adds test-coverage for parsing actual command arguments.
- discards stdout/stderr of the command to prevent noise in test output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These warnings will no longer be returned by the daemon, so remove
them from the tests as well to make them more representative of
reality.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
gofumpt defaults to using the go version from go.mod, but as we don't
have one, we need to set it explicitly.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fixes compatibility with alpine 3.21
- Fix additional possible `xx-cc`/`xx-cargo` compatibility issue with Alpine 3.21
- Support for Alpine 3.21
- Fix `xx-verify` with `file` 5.46+
- Fix possible error taking lock in `xx-apk` in latest Alpine without `coreutils`
full diff: https://github.com/tonistiigi/xx/compare/v1.5.0...v1.6.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This field was added in 19515a7ad8,
but looks to be always set for endpoints used, so we can trim remote names
unconditionally.
This option was added for possible future expansion, allowing registry-
mirrors to get the full reference of the image (including domain-name),
for them to host a mirror for multiple upstreams on the same registry.
That approach will unlikely be implemented, and containerd has a different
approach for this, where the reference to the original registry is passed
through a query parameter instead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
