If the registry responds directly with blob contents, use them,
otherwise follow the redirect without Authorization headers (which
likely aren't valid for the server being redirected to).
This preserves the basic structure of the previous output with up to one
additional progress bar per-layer (for the redirect request and then the
following blob request).
Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
Upstream-commit: 4bbdc0b8f7b2faa3354738c300cfedb2b77c7316
Component: engine
The contrib/mkimage-busybox.sh, contrib/mkimage-debootstrap.sh,
and contrib/mkimage-rinse.sh were deprecated in commit
51f707cf9dfb2dbe31cfd0cd92b922ca5d98e842, in favor of
their equivalents in contrib/mkimage/
Given that the deprecation warning has been in place
for over three years, it's save to now remove these.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: d14fb3ac4e712e5927eaad33213b0910aa56ec13
Component: engine
They have been moved to github.com/docker/cli.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: b5579a4ce33af4c1f67118e11b5a01008a36d26a
Component: engine
Generate a token for each download process to avoid token expired.
Closes: #33441
Signed-off-by: vanderliang <lansheng@meili-inc.com>
Upstream-commit: cb502cd4e894a78e723902a4d2f23174b69430ce
Component: engine
The --allow-nondistributable-artifacts daemon option specifies
registries to which foreign layers should be pushed. (By default,
foreign layers are not pushed to registries.)
Additionally, to make this option effective, foreign layers are now
pulled from the registry if possible, falling back to the URLs in the
image manifest otherwise.
This option is useful when pushing images containing foreign layers to a
registry on an air-gapped network so hosts on that network can pull the
images without connecting to another server.
Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
Upstream-commit: 67fdf574d5acd6ddccb6ece0ffe0ace1c1608712
Component: engine
This reverts commit 7e3a596a63fd8d0ab958132901b6ded81f8b44c0.
Unfortunately, it was pointed out in https://github.com/moby/moby/pull/29076#commitcomment-21831387
that the `socketcall` syscall takes a pointer to a struct so it is not possible to
use seccomp profiles to filter it. This means these cannot be blocked as you can
use `socketcall` to call them regardless, as we currently allow 32 bit syscalls.
Users who wish to block these should use a seccomp profile that blocks all
32 bit syscalls and then just block the non socketcall versions.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: dcf2632945b87acedeea989a5aa36c084a20ae88
Component: engine
RH now provides `container-selinux` which provides everything we need
for docker's selinux policy. Rely on `container-selinux` where
available, and `docker-engine-selinux` when not.
This still builds the `docker-engine-selinux` package and presumably
makes it available, but is no longer a requirement in the
`docker-engine` package preferring `container-selinux` instead.
`container-selinux` is available on fedora24, however the version that
is available does not set the correct types on the `dockerd` binary. We
can use `container-selinux` and just supplement that with some of our
own policy, but for now just keep using `docker-engine-selinux` as is.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: adb2ddf288a893609f902ba9d4f4d4c45e4e730f
Component: engine
This new flag will allow the configuration of an interface that
can be used for data path traffic to be isolated from control
plane traffic. This flag is simply percolated down to libnetwork
and will be used by all the global scope drivers (today overlay)
Negative test added for invalid flag arguments
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
Upstream-commit: 8dc8cd4719f165c01c98e7d3ce1d6cea6a8f60b8
Component: engine
Implements the following new CLI features:
- service logs is no longer experimental
- service logs also accepts task IDs
Signed-off-by: Harald Albers <github@albersweb.de>
Upstream-commit: 47615c9b9bfc947a2b244317188db54aa29c716e
Component: engine
bash-completion script for 'docker build --network' calls
__docker_plugins, the correct name for this function is
__docker_plugins_bundled.
Closes#32588
Signed-off-by: Corey Farrell <git@cfware.com>
Upstream-commit: eede2056fedf1b9d18c0dce216d5adde0bd394da
Component: engine
Ubuntu 12.04 will be EOL on April 28, after which it won't
receive updates and security fixes;
https://lists.ubuntu.com/archives/ubuntu-announce/2017-March/000218.html
This patch removes Ubuntu 12.04 from the build scripts
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 618d6bd0ce190b4186add0f8f5d7f8f380d6c7c5
Component: engine
