These were originally added in 6f61cf053a,
but at the time, the error wasn't returned. Now that it is, we shouldn't
log _and_ return the error.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Adds support for setting memory swap settings on Swarm services
* Adds flags `memory-swap` and `memory-swappiness` to `docker service
create` and `docker service update` commands.
* Adds compose fields `memswap_limit` and `mem_swappiness` for `docker
stack` commands.
Signed-off-by: Drew Erny <derny@mirantis.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Prevent the linter from recursing to other modules (cmd/docker-trust),
which don't have their dependencies vendored.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Create a copy of the registry package to use, so that code used only
for trust can be removed from the cli/internal package.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
move the `trust` subcommands to a plugin, so that the subcommands can
be installed separate from the `docker trust` integration in push/pull
(for situations where trust verification happens on the daemon side).
make binary
go build -o /usr/libexec/docker/cli-plugins/docker-trust ./cmd/docker-trust
docker info
Client:
Version: 28.2.0-dev
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.24.0
Path: /usr/libexec/docker/cli-plugins/docker-buildx
trust: Manage trust on Docker images (Docker Inc.)
Version: unknown-version
Path: /usr/libexec/docker/cli-plugins/docker-trust
docker trust --help
Usage: docker trust [OPTIONS] COMMAND
Extended build capabilities with BuildKit
Options:
-D, --debug Enable debug logging
Management Commands:
key Manage keys for signing Docker images
signer Manage entities who can sign Docker images
Commands:
inspect Return low-level information about keys and signatures
revoke Remove trust for an image
sign Sign an image
Run 'docker trust COMMAND --help' for more information on a command.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- term: remove duplicate flag and add comment on windows
- term: allow multi-line bracketed paste to not create single line
with verbatim LFs (fixes "x/term: multi line bracketed paste fails"
to issue line by line commands
full diff: https://github.com/golang/term/compare/v0.32.0...v0.36.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This code was using swarmkit's genericresource package as intermediate;
add a local copy of that code that skips the protobufs as intermediate.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Various dependencies, including "golang.org/x/.." started to update
the minimum required version,so we should follow suit for the next
release.
Note that the `//go:build` directives not necesserily have to be
updated, but it's good to keep them in sync until we have a go.mod
to control this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Add WS2025 to Windows matcher and code optimizations
- use windowsMatchComparer for OSVersion match order
Windows OS version should match based on the full OSVersion. When
sorting a manifest, the entries should be sorted using the `Less`
function.
full diff: https://github.com/containerd/platforms/compare/v1.0.0-rc.1...v1.0.0-rc.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was introduced in dad1d367c8, which
did not add a `//go:build` constraint to enable the use of generics (`any`).
Which causes an error when used;
could not import github.com/docker/cli/cli/command/container (-: # github.com/docker/cli/cli/command/container
/Users/thajeztah/go/pkg/mod/github.com/docker/cli@v29.0.0-rc.2+incompatible/cli/command/container/stats.go:148:39: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The allManagementSubCommands function is used to present plugin-commands
in the docker --help output; these commands are included in the "management
commands" section, but for plugins we don't know if they have sub-commands.
However, plugin stubs may be hidden (for placeholders that are not yet loaded),
or not be runnable, which was previously ignored.
This patch treats plugin-stubs the same as other commands, with the exception
of checking if they have subcommands (which is not yet known for plugin-stubs).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use the new tree view by default and only fallback if format or old
view-related options are used.
The expanded view is shown when `--tree` is passed.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
The logic for applying the dangling filter when `--all` is not used was
inverted. The filter was being applied when the dangling filter was
present, but it should be applied when the dangling filter is NOT
present.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Sort images alphabetically by their repository tags rather than by
creation date.
When an image has multiple tags, they are sorted internally and the
first tag is used as the representative for sorting the image in the
list. Untagged images are placed at the end.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Use separate branches to handle windows/unix results to reduce intermediate
variables, and make it more transparent what's set for each platform.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
construct the decoder inside the go-routine, including closing the body,
and add handling for context-cancellation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We should consider splitting this out to a separate function, but
start with just an early return before we hit the timer-loop.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The JSON field was added in [moby@9fd2c0f], to address [moby#19177], which
reported an incompatibility with Classic (V1) Swarm, which produced a non-
standard response;
> Make docker load to output json when the response content type is json
> Swarm hijacks the response from docker load and returns JSON rather
> than plain text like the Engine does. This makes the API library to return
> information to figure that out.
A later change in [moby@96d7db6] added additional logic to make sure the
correct content-type was returned, depending on whether the `quiet` option
was set (which produced a non-JSON response). This caused inconsistency in
the API response, and [moby@2f27632] changed the endpoint to always produce
JSON (only skipping the "progress" output if `quiet` was set).
This means that the "load" endpoint ([`imageRouter.postImagesLoad`]) now
unconditionally returns JSON, making the `JSON` field fully redundant.
This patch removes the use of the JSON field, as it's redundant, and the way it handles
the content-type is incorrect because it would not handle correct, but different
formatted response-headers (`application/json; charset=utf-8`), which could
result in malformed output on the client.
[moby@9fd2c0f]: 9fd2c0feb0
[moby#19177]: https://github.com/moby/moby/issues/19177
[moby@96d7db6]: 96d7db665b
[moby@2f27632]: 2f27632cde
[`imageRouter.postImagesLoad`]: 7b9d2ef6e5/api/server/router/image/image_routes.go (L248-L255)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This field is set for the request as a whole, so can be obtained
from the server-info instead. Docker v29 will provide per-stats
information.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change prevents changes to the otel version from affecting the otel
sdk version. This is done by copying the telemetry sdk implementation
locally and using our own choice for semconv from within that.
This prevents a schema conflict from happening since the otel version of
the sdk gets implicitly updated whenever the semconv changes while we
have to manually change ours. Now, we manually change both and they're
locked to each other.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `--tree` implementation already does this.
Make the behavior consistent for the legacy image list implementation.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Some tests had to be skipped as there's some issues to address, and
some of the result-types cannot be mocked / stubbed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This release addresses breakage caused by a security patch included in
Go 1.25.2 and 1.24.8, which enforced overly restrictive validation on
the parsing of X.509 certificates. We've removed those restrictions
while maintaining the security fix that the initial release addressed.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This utility was used internally and will be removed in the next release.
Use `DetectContextType` to detect the context-type, and use `GetContextFromLocalDir`,
`GetContextFromLocalDir`, `GetContextFromGitURL`, or `GetContextFromURL`
instead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
follow-up to f81816ef88
We could decide to not initialize a default, and do this only when
setting a value, but this may require more changes, so doing this
as a starting-point.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This method was added as part of a refactor in [moby@1ba1138], at which
time it was used to delete original values for "--host" and "--volume"
after normalizing. This beccame redundant in [moby@6200002], which added
specialized options that used a validate function, which both validated
and normalized inputs.
It's no longer used, so let's mark it deprecated so that we can remove it.
[moby@1ba1138]: 1ba11384bf
[moby@6200002]: 6200002669
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was added in 7405ac5c2d as
a fallback for API < v1.41, which did not include the service status
in the response. Current API versions return this information, so there's
no need to fetch it manually.
It was not gated by API version for some tests (which didn't set API
version), but should not be needed for non-test situations.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Support for API versions < v1.44 was removed in the client in [moby@96b29f5]
and [moby@7652f38], so we can remove fallback-code from the CLI as well,
as it won't be able to use those versions.
[moby@96b29f5]: 96b29f5a1f
[moby@7652f38]: 7652f38c28
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- fix minor linting issues (unhandled errors)
- rename vars to prevent shadowing
- use sub-tests for tests that already prepared for it
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This minor release includes 10 security fixes following the security policy:
- net/mail: excessive CPU consumption in ParseAddress
The ParseAddress function constructed domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this could cause excessive CPU consumption.
Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
This is CVE-2025-61725 and Go issue https://go.dev/issue/75680.
- crypto/x509: quadratic complexity when checking name constraints
Due to the design of the name constraint checking algorithm, the processing time
of some inputs scales non-linearly with respect to the size of the certificate.
This affects programs which validate arbitrary certificate chains.
Thanks to Jakub Ciolek for reporting this issue.
This is CVE-2025-58187 and Go issue https://go.dev/issue/75681.
- crypto/tls: ALPN negotiation errors can contain arbitrary text
The crypto/tls conn.Handshake method returns an error on the server-side when
ALPN negotation fails which can contain arbitrary attacker controlled
information provided by the client-side of the connection which is not escaped.
This affects programs which log these errors without any additional form of
sanitization, and may allow injection of attacker controlled information into
logs.
Thanks to National Cyber Security Centre Finland for reporting this issue.
This is CVE-2025-58189 and Go issue https://go.dev/issue/75652.
- encoding/pem: quadratic complexity when parsing some invalid inputs
Due to the design of the PEM parsing function, the processing time for some
inputs scales non-linearly with respect to the size of the input.
This affects programs which parse untrusted PEM inputs.
Thanks to Jakub Ciolek for reporting this issue.
This is CVE-2025-61723 and Go issue https://go.dev/issue/75676.
- net/url: insufficient validation of bracketed IPv6 hostnames
The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
Thanks to Enze Wang, Jingcheng Yang and Zehui Miao of Tsinghua University for reporting this issue.
This is CVE-2025-47912 and Go issue https://go.dev/issue/75678.
- encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion
When parsing DER payloads, memories were being allocated prior to fully validating the payloads.
This permits an attacker to craft a big empty DER payload to cause memory exhaustion in functions such as asn1.Unmarshal, x509.ParseCertificateRequest, and ocsp.ParseResponse.
Thanks to Jakub Ciolek for reporting this issue.
This is CVE-2025-58185 and Go issue https://go.dev/issue/75671.
- net/http: lack of limit when parsing cookies can cause memory exhaustion
Despite HTTP headers having a default limit of 1 MB, the number of cookies that can be parsed did not have a limit.
By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
net/http now limits the number of cookies accepted to 3000, which can be adjusted using the httpcookiemaxnum GODEBUG option.
Thanks to jub0bs for reporting this issue.
This is CVE-2025-58186 and Go issue https://go.dev/issue/75672.
- crypto/x509: panic when validating certificates with DSA public keys
Validating certificate chains which contain DSA public keys can cause programs
to panic, due to a interface cast that assumes they implement the Equal method.
This affects programs which validate arbitrary certificate chains.
Thanks to Jakub Ciolek for reporting this issue.
This is CVE-2025-58188 and Go issue https://go.dev/issue/75675.
- archive/tar: unbounded allocation when parsing GNU sparse map
tar.Reader did not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions could cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input could result in large allocations.
Thanks to Harshit Gupta (Mr HAX) - https://www.linkedin.com/in/iam-harshit-gupta/ for reporting this issue.
This is CVE-2025-58183 and Go issue https://go.dev/issue/75677.
- net/textproto: excessive CPU consumption in Reader.ReadResponse
The Reader.ReadResponse function constructed a response string through
repeated string concatenation of lines. When the number of lines in a response is large,
this could cause excessive CPU consumption.
Thanks to Jakub Ciolek for reporting this issue.
This is CVE-2025-61724 and Go issue https://go.dev/issue/75716.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This warning is better handled by the daemon, where applicable, as
the client does not have all information available to determine
if using a localhost / loopback-address for the DNS is possible.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The ResolveDefaultContext function was exported in [cli@f820766] to allow
(unit) testing, but did not document that it was only exported for this
purpose. The only external use of this function is in buildx, which uses
it in a unit test that can be implemented without this function.
This patch deprecates the function so that we can remove it.
[cli@f820766]: f820766f6a
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's just a wrapper around WithAPIClient, and not needed for this
test, which validates that "Initialize" properly creates the context
store, even if a client was already set;
3b26cfce8b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
On Docker CLI versions before v28.0.0, using an unknown flag would print
the usage output, showing all available top-level flags and commands;
docker --badopt
unknown flag: --badopt
See 'docker --help'.
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
--config string Location of client config files (default "/root/.docker")
...
This output did not include plugin-commands, making the usage output
incomplete. That issue was fixed in [cli@40a6cf7], which loaded all
available cli-plugins, so that a stub was created for printing the
plugin commands in the usage output. Similarly, [cli@79a75da] added
code to hide experimental commands and commands not supported by the
daemon.
However, since 28.0.0 (commit [cli@f28fc7f]), the usage output was
removed for this error, so loading plugins is no longer needed;
docker --badopt
unknown flag: --badopt
Usage: docker [OPTIONS] COMMAND [ARG...]
Run 'docker --help' for more information
This patch removes the code added in [cli@40a6cf7] and [cli@79a75da].
With this patch, the output is still the same;
docker --unknown-flag buildx ls --no-such
unknown flag: --unknown-flag
Usage: docker [OPTIONS] COMMAND [ARG...]
Run 'docker --help' for more information
This function only handles flags defined by the CLI itself; invalid
flags for plugins are handled by the plugin itself, so are not
impacted;
docker buildx ls --no-such
unknown flag: --no-such
Usage: docker buildx ls
Run 'docker buildx ls --help' for more information
[cli@f28fc7f]: f28fc7f82f
[cli@40a6cf7]: 40a6cf7c47
[cli@79a75da]: 79a75da0fd
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Support for daemon-side auto-remove was added in API v1.25; on older
versions of the daemon, the client was responsible for removing the
container after it exited (see [moby@6dd8e10])
On API versions < 1.30, it used the events API for this purpose, and
would wait for a "die", "detach" or "detroy" events to know the container
exited, and could be removed or (when attached, but without a TTY) to
get the container's exit-status. (see [cli@38591f2]).
API version 1.24 (docker 1.12) is 9 Years old (July 29, 2016), and API
1.30 (docker 17.06) is 8 Years old (Jun 20, 2017), and long EOL. While
technically, a CLI could negotiate API 1.30 or older, this would only
be in cases where either API version negotiation failed, or the version
was explicitly overridden through `DOCKER_API_VERSION` for testing.
Either of those cases would be rare, and not worth the technical complexity
to support. This patch removes support for AutoRemove on API < 1.30.
[moby@6dd8e10]: 6dd8e10d6e
[cli@38591f2]: 38591f20d0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `VirtualSize` field was deprecated in [moby@1261fe6], and omitted / removed
in API v1.44 in [moby@913b0f5], and the corresponding formatting placeholder
was deprecated in [cli@f02301a].
This patch removes the formatting function, which also removes it from the
`docker image ls --format=json` output.
[moby@1261fe6]: 1261fe69a3
[moby@913b0f5]: 913b0f51ca
[cli@f02301a]: f02301ab5d
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Relates to [cli@27b2797], which forked this type from the Moby API, and
[cli@aab947d], which fixed the deprecation comment.
This field is no longer used since Docker 1.11 (API version 1.23) through
[moby@aee260d] and [engine-api@9a9e468], and the fix of the deprecation
comment was included in the 28.4.0 release.
This patch removes the field.
[cli@27b2797]: 27b2797f7d
[cli@aab947d]: aab947de8f
[moby@aee260d]: aee260d4eb
[engine-api@9a9e468]: 9a9e468f50
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This utility was added in 9b83d5bbf9, but
was never used. Remove the utility, and rewrite the error returned to
implement the errdefs.NotFound interface, so that it can be detected
using the errdefs.IsNotFound() utility if needed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit [cli@27b2797] forked the AuthConfig type from the API, and changed
existing code to do a direct cast / convert of the forked type to the API
type. This can cause issues if the API types diverges, such as the removal
of the Email field.
This patch explicitly maps each field to the corresponding API type, but
adds some TODOs, because various code-paths only included a subset of the
fields, which may be intentional for fields that were meant to be handled
on the daemon / registry-client only.
We should evaluate these conversions to make sure these fields should
be sent from the client or not (and possibly even removed from the API
type).
[cli@27b2797]: 27b2797f7d
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function is a wrapper around apiClient.ImagePull and not directly
related to docker content trust; it just happens to also be called
when using content trust (through the trustedPull utility).
Move it together with the `runPull` function to separate it from
trust-related code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function is a wrapper around apiClient.ImagePull; the use of
trust.ImageRefAndAuth was out of convenience because it's also called
when using content trust (through the trustedPull utility).
Let's pull away the layers to separate it from trust code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This interface is used in tests to provide a dummy notary client,
but none of the tests require any arguments, so let's remove them.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The IndexInfo was only used to detect if the target was an official
image, which we can deduct from the hostname. Adding some normalizing
just in case (but we should only get "docker.io" here).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Docker Hub's Notary service is being retired, and now produces
failures in most cases. Add a warning when attempting to use
it, pending full removal of trust;
https://www.docker.com/blog/retiring-docker-content-trust/
With this PR:
DOCKER_CONTENT_TRUST=1 docker pull -q hello-world
WARNING: Docker is retiring DCT for Docker Official Images (DOI).
For details, refer to https://docs.docker.com/go/dct-deprecation/
could not validate the path to a trusted root: unable to retrieve valid leaf certificates
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
All information needed can be deducted from the image reference, which
is used to create a indexInfo, repoInfo, and to resolve auth-config.
In some situations this may result in resolving the auth-config twice
after it already was resolved to an encoded auth-config.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The Apply method was added when CLI options for constructing the CLI were
rewritten into functional options in [cli@7f207f3]. There was no mention
in the pull request of this method specifically, and this may have been
related to work being done elsewhere on compose-on-kubernetes or the
compose-cli plugin that may have needed options to modify the CLI config
after it was already initialized.
The CLI itself no longer depends on this method since [cli@133279f], and
there are no known external users. It was deprecated in [cli@24bfedf],
which is included in the 28.5.0 release, so we can remove it for 29.0.
[cli@7f207f3]: 7f207f3f95
[cli@133279f]: 133279fb0d
[cli@24bfedf]: 24bfedf3f8
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The Apply command was deprecated in 24bfedf3f8,
and has no known external users, but we didn't remove it from the interface.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was used internally, but is no longer used.
This method was deprecated in 0270b2d6f7,
which was included in the 28.5.0 release, and has no known external users,
so removing it for 29.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These options were used internally as defaults for the constructor and
only impact commands implemented in the CLI itself.
They were deprecated in 40cdfc0d81, which
was included in the 28.5.0 release, so removing it for 29.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was used internally, but is no longer used. Users should check
the value of the `DOCKER_CONTENT_TRUST` environment variable instead.
This method was deprecated in 11d40488dd,
which was included in the 28.5.0 release, and has no known external users,
so removing it for 29.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The Apply method was added when CLI options for constructing the CLI were
rewritten into functional options in [cli@7f207f3]. There was no mention
in the pull request of this method specifically, and this may have been
related to work being done elsewhere on compose-on-kubernetes or the
compose-cli plugin that may have needed options to modify the CLI config
after it was already initialized.
The CLI itself no longer depends on this method since [cli@133279f], and
the only known consumer (docker compose) no longer needs it since [cli@2711800]
and [cli@048e931].
This patch deprecates the method with the intent to remove it in a future
release.
[cli@7f207f3]: 7f207f3f95
[cli@133279f]: 133279fb0d
[cli@2711800]: 2711800430
[cli@048e931]: 048e931b42
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was used internally, but is no longer used. Users should check
the value of the `DOCKER_CONTENT_TRUST` environment variable instead.
There are no known external users of this method, so already removing it
from the Cli interface; this method will be removed in the next release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is a follow-up to 7609dde8d0 and
3f5b1bdd32, which removed support for
DCT for build and plugin commands.
As these flags are just stubs, hidden by default and no longer functional,
they don't have to reflect the current state of DCT.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These options were used internally as defaults for the constructor and
only impact commands implemented in the CLI itself.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was used internally, but is no longer used. There are
no known users of this method, so already removing it from the Cli
interface.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add support to the `cli/command` package to accept a custom User
Agent to pass to the underlying client.
This is used as the `UpstreamClient` portion of the `User-Agent`
when the Moby daemon makes requests.
For example, pushing and pulling images with Compose might result
in the registry seeing a `User-Agent` value of:
```
docker/24.0.7 go/go1.20.10 git-commit/311b9ff kernel/6.5.13-linuxkit os/linux arch/arm64 UpstreamClient(docker-cli-plugin-compose/v2.24.0)
```
Signed-off-by: Milas Bowman <milas.bowman@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The CLI currently hard-codes the schema-version for CLI plugins to
"0.1.0", which doesn't allow us to expand the schema for plugins.
As there's many plugins that we shipped already, we can't break
compatibility until we reach 2.0.0, but we can expand the schema
with non-breaking changes.
This patch makes the validation more permissive to allow new schema
versions <= 2.0.0. Note that existing CLIs will still invalidate
such versions, so we cannot update the version until such CLIs are
no longer expected to be used, but this patch lays the ground-work
to open that option.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this patch, a broken symlink would print a warning;
docker info > /dev/null
WARNING: Plugin "/Users/thajeztah/.docker/cli-plugins/docker-feedback" is not valid: failed to fetch metadata: fork/exec /Users/thajeztah/.docker/cli-plugins/docker-feedback: no such file or directory
After this patch, such symlinks are ignored:
docker info > /dev/null
With debug enabled, we don't ignore the faulty plugin, which will
make the warning shown on docker info;
mkdir -p ~/.docker/cli-plugins
ln -s nosuchplugin ~/.docker/cli-plugins/docker-brokenplugin
docker --debug info
Client:
Version: 29.0.0-dev
Context: default
Debug Mode: true
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.25.0
Path: /usr/libexec/docker/cli-plugins/docker-buildx
WARNING: Plugin "/Users/thajeztah/.docker/cli-plugins/docker-brokenplugin" is not valid: failed to fetch metadata: fork/exec /Users/thajeztah/.docker/cli-plugins/docker-brokenplugin: no such file or directory
# ...
We should als consider passing a "seen" map to de-duplicate entries.
Entries can be either a direct symlink or in a symlinked path (for
which we can filepath.EvalSymlinks). We need to benchmark the overhead
of resolving the symlink vs possibly calling the plugin (to get their
metadata) further down the line.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Currently, the plugin.Run command constructs the DockerCli using
the default options, assuming plugins run with all the same options
as the CLI itself; to customize the CLI there's a "Apply" option,
but this means mutating the CLI after it's already constructed, which
is not ideal.
This patch adds a variadic ops argument to allow CLI plugins to pass
custom options to use for the CLI, so that there's no need to mutate
its config in most cases.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The Apply method was added when CLI options for constructing the CLI were
rewritten into functional options in [cli@7f207f3]. There was no mention
in the pull request of this method specifically, and this may have been
related to work being done elsewhere on compose-on-kubernetes or the
compose-cli plugin that may have needed options to modify the CLI config
after it was already initialized.
We should try to remove functions that mutate the CLI configuration after
initialization if possible (and likely remove the `Apply` method); currently
this function is used in docker compose, but as part of a hack that can
probably be avoided.
[cli@7f207f3]: 7f207f3f95
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Mirantis Container Runtime (MCR) 23.0 reached EOL, and the next LTS
version of MCR is 25.x
- Docker 26.x reached EOL and is no longer maintained
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This code was added in 846ecf59ff as an
escape hatch in case the new OAuth login flow would cause problems.
We have not received reports where the new flow caused problems, and
searching the internet shows no mentions of the env-var.
This env-var was not documented, so we can remove it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration options for experimental CLI features were deprecated in
docker 19.03 (3172219932), and enabled by
default since docker 20.10 (977d3ae046).
This field was deprecated in c8f9187157,
which is part of the 28.x release, and is unused. This patch removes
the field.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This const was added in 846ecf59ff, but
only used internally; commit 18cdc25bb4
deprecated the const, which was included in the 28.4 release.
This patch removes the exported const, as it's unused.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This package was deprecated in 13010ba673,
and only used internally. The deprecation was included in the 28.4 release,
and there's no known external users, so we can remove it for v29.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit [moby@17d870b] (API v1.13, docker v1.1.0) changed the default to pause
containers during commit, keeping the behavior opt-in for older API versions.
This version-gate was removed in [moby@1b1147e] because API versions lower
than v1.23 were no longer supported.
This patch deprecates the `--pause` flag in favor of a `--no-pause` flag to
be more explicit on the default. The old `--pause` flag is marked deprecated
but still functional. Using the deprecated flag will print a warning, and an
error is produced when trying to use both the old and new flag;
docker commit --pause mycontainer
Flag --pause has been deprecated, and enabled by default. Use --no-pause to disable pausing during commit.
docker commit --pause=false mycontainer
Flag --pause has been deprecated, and enabled by default. Use --no-pause to disable pausing during commit.
docker commit --pause --no-pause mycontainer
Flag --pause has been deprecated, use --no-pause instead
conflicting options: --no-pause and --pause cannot be used together
[moby@17d870b]: 17d870bed5
[moby@1b1147e]: 1b1147e46b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `--kernel-memory` flag was still included to allow it to be used with
old API versions, but it's no longer supported by the kernel, and no longer
handled by OCI runtimes, so deprecating the flags.
With this patch, a deprecation warning is now produced when trying to use
the option;
docker run --kernel-memory 123b busybox
Flag --kernel-memory has been deprecated, this option is deprecated in the kernel and no longer supported
docker container create --kernel-memory 123b busybox
Flag --kernel-memory has been deprecated, and no longer supported by the kernel
31fb57e2c6434490a2892031602be20d0206d3cf0fc281ea25654c46dcb62bac
Note that cobra does not _fail_ the command when using deprecated options;
we could make this a hard failure instead, but may not be worth the effort.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This code was missing a check for the ID field before truncating it to a
shorter length for presentation. This would result in a panic if an event
would either have an empty ID field or a shorter length ID;
panic: runtime error: slice bounds out of range [:12] with length 0
goroutine 82 [running]:
github.com/docker/cli/cli/command/container.RunStats.func2({{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x40001fcba0, 0x9}, {0x40001fcba9, 0x5}, ...})
/go/src/github.com/docker/cli/cli/command/container/stats.go:146 +0x1d0
created by github.com/docker/cli/cli/command/container.(*eventHandler).watch in goroutine 6
/go/src/github.com/docker/cli/cli/command/container/stats.go:363 +0x1c8
We need to look at this code in general; the truncated ID is passed to
NewStats, which uses the ID to propagate the `Container` field in the
`StatsEntry` struct. which is not used in the default format used by
`docker stats` and, having the same content as the `ID` field on the
same struct, doesn't make it very useful, other than being able to
present it under a `CONTAINER` column (instead of `CONTAINER ID`);
we should consider deprecating it; there may be some subtle things
to look into here; the `Container` field originally held the container
name. This was changed in [moby@ef915fd], which introduced separate
`ID` and `Name` fields, renaming the old `Name` field to container.
Looking at [`Stats.SetStatistics()`] and related code in [stats_helpers.go],
the `Container` field is used as the "canonical" reference for the stats
record; this allows the stats _data_ to be refreshed when a new stats
sample arrives for the same container (also see [moby@929a77b], which
moved locking to the `Stats` wrapper struct). This construct allows to
account for intermediate states, where a stats sample was incomplete
or could produce an error; in that case, the reference to the container
for which the stats were sampled is kept to allow removing a container
from the list once the container was removed. We should consider removing
`Container` as a formatting option, and moving the `Container` field to
the outer struct; this makes the outer struct responsible for keeping a
reference to the container, allowing the `StatsEntry` as a whole to be
replaced atomically.
This patch only addresses the panic;
- It changes the logic to preserve the container ID verbatim instead
of truncating. This allows stats samples to be matched against the
`Actor.ID` as-is.
- Truncating the `Container` is moved to the presentation logic;
currently this does not take `--no-trunc` into account to keep
the existing behavior, but we can (should) consider adding this.
- Logging is improved to use structured logs, and an extra check is
added to prevent empty IDs from being added as watcher.
[`Stats.SetStatistics()`]: 82281087e3/cli/command/container/formatter_stats.go (L88-L94)
[moby@ef915fd]: ef915fd036
[moby@929a77b]: 929a77b814
[stats_helpers.go]: 82281087e3/cli/command/container/stats_helpers.go (L26-L51)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Use sub-tests
- Don't use un-named keys
- Add test-cases for 'Name', 'ID' and custom container names
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Name is a required argument for both "create" and "update", so better
to split it from the options struct.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's adding a slight indirection by constructing a function when called,
but makes the completion functions more consistent, the signature easier
to read, and making the return type a [cobra.CompletionFunc] makes it
more transparent what it's intended for, and helps discovery of functions
that provide completion.
[cobra.CompletionFunc]: https://pkg.go.dev/github.com/spf13/cobra#CompletionFunc
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's adding a slight indirection by constructing a function when called,
but makes the completion functions more consistent, the signature easier
to read, and making the return type a [cobra.CompletionFunc] makes it
more transparent what it's intended for, and helps discovery of functions
that provide completion.
[cobra.CompletionFunc]: https://pkg.go.dev/github.com/spf13/cobra#CompletionFunc
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's adding a slight indirection by constructing a function when called,
but makes the completion functions more consistent, the signature easier
to read, and making the return type a [cobra.CompletionFunc] makes it
more transparent what it's intended for, and helps discovery of functions
that provide completion.
[cobra.CompletionFunc]: https://pkg.go.dev/github.com/spf13/cobra#CompletionFunc
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's adding a slight indirection by constructing a function when called,
but makes the completion functions more consistent, the signature easier
to read, and making the return type a [cobra.CompletionFunc] makes it
more transparent what it's intended for, and helps discovery of functions
that provide completion.
[cobra.CompletionFunc]: https://pkg.go.dev/github.com/spf13/cobra#CompletionFunc
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This uses the DefaultShellCompDirective feature which was added
in cobra to override the default (which would complete to use
files for commands and flags).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This uses the DefaultShellCompDirective feature which was added
in cobra to override the default (which would complete to use
files for commands and flags).
Note that we set "cobra.NoFileCompletions" for many commands, which
is redundant with this change, so we could remove as well.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These commands accept two arguments; the first is a custom name,
the second is either a filename or "-" to create from STDIN.
With this patch:
# does not provide completion
docker secret create <tab>
# starts providing completion once a non-empty name is provided
docker secret create somename<tab>
file.txt other-file.txt
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The "docker inspect" command can inspect any type of object, which would
require all possible endpoints to be contacted. By default, we don't
provide completion, but if a `--type` is passed, we provide completion
for the given type.
For example, `docker inspect --type container` will complete container
names, `docker inspect --type volume` will complete volume names and
so on.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Similar to 323fbc485e - this code was added
in [moby@c127d96], but used string-matching to detect cases where a user
tried to install an image as plugin. However, this handling no longer matched
any error-strings, so no longer worked:
docker plugin install busybox
Error response from daemon: did not find plugin config for specified reference docker.io/library/busybox:latest
[moby@c127d96]: c127d9614f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were deprecated in ad6ab189a6 and
were only used internally. Move them back inside the stack package.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were deprecated in ad6ab189a6 and
were only used internally. Move them back inside the stack package.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This warning was added in [moby@4a8b3ca] to print a warning when building
Linux images from a Windows client. Window's filesystem does not have an
"executable" bit, which mean that, for example, copying a shell script
to an image during build would lose the executable bit. So for Windows
clients, the executable bit would be set on all files, unconditionally.
Originally this was detected in the client, which had direct access to
the API response headers, but when refactoring the client to use a common
library in [moby@535c4c9], this was refactored into a `ImageBuildResponse`
wrapper, deconstructing the API response into an `io.Reader` and a string
field containing only the `OSType` header.
This was the only use and only purpose of the `OSType` field, and now that
BuildKit is the default builder for Linux images, this warning didn't get
printed unless BuildKit was explicitly disabled.
This patch removes the warning, so that we can potentially remove the
field, or the `ImageBuildResponse` type altogether.
[moby@4a8b3ca]: 4a8b3cad60
[moby@535c4c9]: 535c4c9a59
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change updates the builder prune command to send the `ReservedSpace` parameter in preparation of `KeepStorage` deprecation in API v1.52.
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
We may still change this, but in the client module, the signature
of the client.Opt changed to now include a non-exported type, which
means that we can't construct a custom option that is implemented
using client options:
#18 16.94 # github.com/docker/cli/cli/context/docker
#18 16.94 cli/context/docker/load.go:105:29: cannot use withHTTPClient(tlsConfig) (value of type func(*client.Client) error) as client.Opt value in argument to append
#18 16.94 cli/context/docker/load.go:152:6: cannot use c (variable of type *client.Client) as *client.clientConfig value in argument to client.WithHTTPClient(&http.Client{…})
We can consider exporting the `client.clientConfig` type (but keep its
fields non-exported), but for this use, we don't strictly need it, so
let's change the implementation to not having to depend on that.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We may still change this, but in the client module, the signature
of the client.Opt changed to now include a non-exported type, which
means that we can't construct a custom option that is implemented
using client options:
#18 16.94 # github.com/docker/cli/cli/context/docker
#18 16.94 cli/context/docker/load.go:105:29: cannot use withHTTPClient(tlsConfig) (value of type func(*client.Client) error) as client.Opt value in argument to append
#18 16.94 cli/context/docker/load.go:152:6: cannot use c (variable of type *client.Client) as *client.clientConfig value in argument to client.WithHTTPClient(&http.Client{…})
We can consider exporting the `client.clientConfig` type (but keep its
fields non-exported), but for this use, we don't strictly need it, so
let's change the implementation to not having to depend on that.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This includes 1 security fix:
- net/http: CrossOriginProtection bypass patterns are over-broad
When passing patterns to CrossOriginProtection.AddInsecureBypassPattern,
requests that would have redirected to those patterns (e.g. without a trailing
slash) were also exempted, which might be unexpected.
Thanks to Marco Gazerro for reporting this issue.
This is CVE-2025-47910 and Go issue https://go.dev/issue/75054.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.7
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
With this patch, completion is provided for images already present
in the local image cache to help pulling the latest version of the
same tag;
docker pull go<tab>
golang:1.12 golang:1.18.0 golang:1.21 golang:1.24 gopher:latest
golang:1.13 golang:1.20 golang:1.23 golang:latest
docker pull golang:<tab>
1.12 1.13 1.18.0 1.20 1.21 1.23 1.24 latest
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The restrictedNamePattern was a basic regular expression. Replace it
with a minimal utility to do the same, without having to use regular
expressions (or the "lazyregexp" package).
Some quick benchmarking (not committed) show that the non-regex approach
is ~18x faster:
BenchmarkIsValidName_Regex_Valid-10 8516511 119.4 ns/op 0 B/op 0 allocs/op
BenchmarkIsValidName_Manual_Valid-10 172426240 6.964 ns/op 0 B/op 0 allocs/op
BenchmarkIsValidName_Regex_Invalid-10 34824540 34.22 ns/op 0 B/op 0 allocs/op
BenchmarkIsValidName_Manual_Invalid-10 550804021 2.173 ns/op 0 B/op 0 allocs/op
BenchmarkIsValidName_Regex_Parallel-10 69289900 17.30 ns/op 0 B/op 0 allocs/op
BenchmarkIsValidName_Manual_Parallel-10 1000000000 0.9296 ns/op 0 B/op 0 allocs/op
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The pluginNameRe was a basic regular expression, effectively only checking
if the name consisted of lowercase alphanumeric characters. Replace it
with a minimal utility to do the same, without having to use regular
expressions (or the "lazyregexp" package).
Some quick benchmarking (not committed) show that the non-regex approach
is ~25x faster:
BenchmarkIsValidPluginName_Regex_Valid-10 13956240 81.39 ns/op 0 B/op 0 allocs/op
BenchmarkIsValidPluginName_Manual_Valid-10 360003060 3.318 ns/op 0 B/op 0 allocs/op
BenchmarkIsValidPluginName_Regex_Invalid-10 35281794 33.74 ns/op 0 B/op 0 allocs/op
BenchmarkIsValidPluginName_Manual_Invalid-10 906072663 1.320 ns/op 0 B/op 0 allocs/op
BenchmarkIsValidPluginName_Regex_Parallel-10 96595677 12.04 ns/op 0 B/op 0 allocs/op
BenchmarkIsValidPluginName_Manual_Parallel-10 1000000000 0.4541 ns/op 0 B/op 0 allocs/op
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These consts and types were moved to a separate metadata package in commits
292713c887 and 4321293972,
and deprecated in 72f76f2720, 5876b2941c,
and 6fa7d18320.
This removes the deprecated aliases in `cli-plugins/manager` in favor of
their equivalent in `cli-plugins/manager/metadata`:
- `CommandAnnotationPlugin`
- `CommandAnnotationPluginVendor`
- `CommandAnnotationPluginVersion`
- `CommandAnnotationPluginInvalid`
- `CommandAnnotationPluginCommandPath`
- `NamePrefix`
- `MetadataSubcommandName`
- `HookSubcommandName`
- `Metadata`
- `ReexecEnvvar`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These errors satisfy errdefs.IsNotFound, which can be used instead. This
function was deprecated in 71460215d3 and
is no longer used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This const was added in 846ecf59ff, but
only used internally. This patch deprecates the const, to be removed
in the next release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This alias was added in 4321293972, which is
part of v28.0, but did not deprecate them. They are no longer used in the
CLI itself, but may be used by cli-plugin implementations.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These functions and types are shallow wrappers around the context
store and were intended for internal use as implementation for the
CLI itself.
They were exported in 3126920af1 to be
used by plugins and Docker Desktop. However, there's currently no public
uses of this, and Docker Desktop does not use these functions. These were
deprecated in 95eeafa551 and are no longer
used.
This patch removes the deprecated functions as they were meant to be
implementation specific for the CLI. If there's a need to provide
utilities for manipulating the context-store other than through the
CLI itself, we can consider creating an SDK for that purpose.
This removes:
- `RunCreate` and `CreateOptions`
- `RunExport` and `ExportOptions`
- `RunImport`
- `RunRemove` and `RemoveOptions`
- `RunUpdate` and `UpdateOptions`
- `RunUse`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were deprecated in 036d3a6bab and
30774ed1f2, and were originally in the
cli/command/stack package, but moved for the (now deprecated) Compose
on Kubernetes feature in 4d947de292.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This replaces the visitAll recursive function with a test that verifies that
the option is set for all commands and subcommands, so that it doesn't have
to be modified at runtime.
We currently still have to loop over all functions for the setValidateArgs
call, but that can be looked at separately.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These functions and types are shallow wrappers around the context
store and were intended for internal use as implementation for the
CLI itself.
They were exported in 3126920af1 to be
used by plugins and Docker Desktop. However, there's currently no public
uses of this, and Docker Desktop does not use these functions.
This patch deprecates the exported functions as they were meant to be
implementation specific for the CLI. If there's a need to provide
utilities for manipulating the context-store other than through the
CLI itself, we can consider creating an SDK for that purpose.
This deprecates:
- `RunCreate` and `CreateOptions`
- `RunExport` and `ExportOptions`
- `RunImport`
- `RunRemove` and `RemoveOptions`
- `RunUpdate` and `UpdateOptions`
- `RunUse`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use a struct-literal for the IPAM config, and combine some of the checks.
Also use the Name field as a default, and only construct a scoped name
if the given name is empty (instead of the reverse).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function is currently only used within the package; create a non-exported
version of it, to make it clear it's not used elsewhere. This patch keeps
the exported function for now, but we can decide if we need to keep it
in future.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It was only used in a single place, and possibly incorrect. Let's inline
it to put the logic where it's used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These are very small structs, so using pointers doesn't bring much
advantage and makes it slightly more cumbersome to use.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This intermediate slice was a left-over from the "Compose on Kubernetes"
feature, which required some conversions, but that code was removed in
193ede9b12, so the intermediate slice no
longer has a purpose.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Preserve the original order by avoiding the intermediate map[string] and
keeping an index for the first occurrence of a stack; this also avoids
looping multiple times.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Include name in test-table
- Don't use un-keyed values in struct
- Simplify test-table to take a format string instead of a whole formatter.Context
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Functions and types in this package were exported as part of the "compose
on kubernetes" feature, which was deprecated and removed. These functions
are meant for internal use, and will be removed in the next release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Functions and types in this package were exported as part of the "compose
on kubernetes" feature, which was deprecated and removed. These functions
are meant for internal use, and will be removed in the next release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Functions and types in this package were exported as part of the "compose
on kubernetes" feature, which was deprecated and removed. These functions
are meant for internal use, and will be removed in the next release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Functions and types in this package were exported as part of the "compose
on kubernetes" feature, which was deprecated and removed. These functions
are meant for internal use, and will be removed in the next release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Functions and types in this package were exported as part of the "compose
on kubernetes" feature, which was deprecated and removed. These functions
are meant for internal use, and will be removed in the next release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This only impacts the JSON marshaled output; the "regular" output
of `docker info` already ignores these fields.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were just testing JSON marshaling fields that are deprecated, but
may be present in a response; these fields will be removed in future
API versions, so stop testing for them.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This special handling was added in [moby@9b6dcc8], and later updated in
[moby@c127d96], but it fully depended on string-matching, which is brittle.
Testing the original ticket that lead to this handling, it looks like the
string matching no longer works, and the daemon error is returned as-is:
With graphdrivers:
docker pull tiborvass/no-remove
Using default tag: latest
Error response from daemon: Encountered remote "application/vnd.docker.plugin.v0+json"(unknown) when fetching
With containerd snapshotters enabled:
docker pull tiborvass/no-remove
Using default tag: latest
latest: Pulling from tiborvass/no-remove
cf635291f7c9: Download complete
failed to unpack image on snapshotter overlayfs: mismatched image rootfs and manifest layers
The error-message for containerd can probably be improved, but as the special
handling in the CLI no longer works, we can remove it.
[moby@9b6dcc8]: 9b6dcc8b9d
[moby@c127d96]: c127d9614f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was used to share it between "trust" and "image",
but was only a shallow wrapper, so split the implementations where
used.
It was deprecated in 7ad113ccc2 and is
no longer used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Now that 3f5b1bdd32 removed DCT, which
needed some of the intermediate types (indexInfo), we can simplify the
auth code further and just get the base64-encoded AuthConfig to be set
as header.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were deprecated in a5f4ba08d9 and only
used internally.
This removes the deprecated types and functions:
- `RunConfigCreate` and `CreateOptions`
- `RunConfigInspect` and `InspectOptions`
- `RunConfigList` and `ListOptions`
- `RunConfigRemove` and `RemoveOptions`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were exported in f60369dfe6 to be
used in docker enterprise, but this never happened, and there's no
known consumers of these, so we should deprecate these. External
consumers can still call the API-client directly, which should've
been the correct thing to do in the first place.
This deprecates:
- `RunConfigCreate` and `CreateOptions`
- `RunConfigInspect` and `InspectOptions`
- `RunConfigList` and `ListOptions`
- `RunConfigRemove` and `RemoveOptions`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Relates to [cli@27b2797], which forked this type from the Moby API, and
[moby@6cfff7e], which made the same change on the API side.
The Email field was originally used to create a new Docker Hub account
through the `docker login` command. The `docker login` command could be
used both to log in to an existing account (providing only username and
password), or to create a new account (providing desired username and
password, and an e-mail address to use for the new account).
This functionality was confusing, because it was implemented when Docker
Hub was the only registry, but the same functionality could not be used
for other registries. This functionality was removed in Docker 1.11 (API
version 1.23) through [moby@aee260d], which also removed the Email field
([engine-api@9a9e468]) as it was no longer used.
However, this caused issues when using a new CLI connecting with an old
daemon, as the field would no longer be serialized, and the deprecation
may not yet be picked up by custom registries, so [engine-api@167efc7]
added the field back, deprecated it, and added an "omitempty". There
was no official "deprecated" format yet at the time, so let's make sure
the deprecation follows the proper format to make sure it gets noticed.
[cli@27b2797]: 27b2797f7d
[moby@6cfff7e]: 6cfff7e880
[moby@aee260d]: aee260d4eb
[engine-api@9a9e468]: 9a9e468f50
[engine-api@167efc7]: 167efc72bb
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These flags were added in 20a6ff32ee, and require
API version v1.32 or up, but they accidentally copied the flag-name from another
flag, so were not setting the annotation correctly.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Remove redundant intermediate variables
- Explicitly use an early return on error instead of combining with
other checks.
- Fix unhandled errors and combine defers
- Remove outstanding TODO that unlikely will be addressed
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `reference.TrimNamed` function strips both digests and tags; the
formatter function only wants to remove the digest, but preserve any
tags present.
Update the implementation to only trim the reference if there's a digest
present, otherwise use it as-is.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was exported to share it between "trust" and "image",
but was only a shallow wrapper, so split the implementations where
used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were exported in 812f113685, but
while the function and options are exported, the option-fields were
all un-exported, so these were not usable.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch deprecates exported NewPruneCommand and moves the
implementation details to an unexported function.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Use a table-test to more easily allow adding test-cases
- Use the test-name itself as name for the golden file
- Use a struct-literal to create the fixture for formatting.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
This deprecates the following types and functions:
- `SignedTagInfo`
- `SignerInfo`
- `NewTrustTagFormat`
- `NewSignerInfoFormat`
- `TagWrite`
- `SignerInfoWrite`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The RegisterLegacy and Register functions register constructors for
commands, so we should expect them to be a fresh copy that is not
shared, which means that we can mutate the command in-place.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The Register and RegisterLegacy functions are designed to be used
in package init() functions, which are guaranteed to be run
sequentially.
From the documentation (https://go.dev/ref/mem#init);
> Program initialization runs in a single goroutine, but that goroutine
> may create other goroutines, which run concurrently. If a package `p`
> imports package `q`, the completion of `q`'s `init` functions happens
> before the start of any of `p`'s.
>
> The completion of all `init` functions is synchronized before the
> start of the function `main.main`.
This patch removes the synchonisation as no concurrency should happen
if these functions are used as intended.
As the internal queue is not expected to be mutated after use, we also
don't have to return a copy.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch removes the explicit `commands.AddCommands` function and
instead relies upon the `internal/commands` package which registers each
CLI command using `init()` instead.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This patch deprecates exported trust commands and moves the implementation
details to an unexported function.
Commands that are affected include:
- trust.NewTrustCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This patch deprecates exported plugin commands and moves the implementation
details to an unexported function.
Commands that are affected include:
- plugin.NewPluginCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
- Parse/format the repository name when constructing and store the
result.
- Remove the Name() accessor, as this type is only used internally,
and no longer had any special handling.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch deprecates exported swarm commands and moves the implementation
details to an unexported function.
Commands that are affected include:
- swarm.NewSwarmCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This patch deprecates exported registry commands and moves the implementation
details to an unexported function.
Commands that are affected include:
- registry.NewLoginCommand
- registry.NewLogoutCommand
- registry.NewSearchCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This patch deprecates exported stack commands and moves the implementation
details to an unexported function.
Commands that are affected include:
- stack.NewStackCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This patch deprecates exported context commands and moves the implementation
details to an unexported function.
Commands that are affected include:
- context.NewContextCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This patch deprecates exported volume commands and moves the implementation
details to an unexported function.
Commands that are affected include:
- volume.NewVolumeCommand
- volume.NewPruneCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This patch deprecates exported service commands and moves the implementation
details to an unexported function.
Commands that are affected include:
- service.NewServiceCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This patch deprecates exported secret commands and moves the implementation
details to an unexported function.
Commands that are affected include:
- secrets.NewSecretCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This patch deprecates exported manifest commands and moves the implementation
details to an unexported function.
Commands that are affected include:
- manifest.NewManifestCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This patch deprecates exported node commands and moves the implementation
details to an unexported function.
Commands that are affected include:
- node.NewNodeCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This patch deprecates exported network commands and moves the
implementation details to an unexported function.
Commands that are affected include:
- network.NewNetworkCommand
- network.NewPruneCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This non-standard handling for these options was added in [moby@e4c1f07]
and [moby@abe32de] to work around a regression in Docker 1.13 that caused
`docker-machine` to fail. Preserving quotes in such cases is expected (and
standard behavior), but versions of Docker before 1.13 used a custom "mflag"
package for flag parsing, and that package contained custom handling for
quotes (added in [moby@0e9c40e]).
Given that Docker Machine reached EOL a long time ago and other options,
such as `docker context`, have been added to configure the CLI to connect
to a specific host (with corresponding TLS configuration), we can remove
the special handling for these flags, as it's inconsistent with all other
flags, and not worth maintaining for a tool that no longer exists.
[moby@e4c1f07]: e4c1f07729
[moby@abe32de]: abe32de6b4
[moby@0e9c40e]: 0e9c40eb82
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch deprecates exported system commands and moves the
implementation details to an unexported function.
Commands that are affected include:
- system.NewVersionCommand
- system.NewInfoCommand
- system.NewSystemCommand
- system.NewEventsCommand
- system.NewInspectCommand
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
- Use sentence-case to follow our docs guidelines.
- Add newlines to prevent these being rendered on a
single line.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Rewrite the test to not depend on registry.DecodeAuthConfig, which
may be moved internal to the daemon as part of the modules transition.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch unexports the `builder` and `bake` stub command and it adds
deprecation notices on the exported functions.
It also registers the commands using the new `cli/internal/commands`
package when the init function executes.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
These aliases were added in 292713c887
(part of v28.0), but did not deprecate them. They are no longer used
in the CLI itself, but may be used by cli-plugin implementations.
This deprecates the aliases in `cli-plugins/manager` in favor of
their equivalent in `cli-plugins/manager/metadata`:
- `CommandAnnotationPlugin`
- `CommandAnnotationPluginVendor`
- `CommandAnnotationPluginVersion`
- `CommandAnnotationPluginInvalid`
- `CommandAnnotationPluginCommandPath`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were deprecated in 6f0c66c152 and are
no longer used.
This removes the deprecated:
- `NewNamedListOptsRef`
- `NewNamedMapOpts`
- `NamedListOpts`
- `NamedMapOpts`
- `NamedOption`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `--tlscacert`, `--tlscert`, and `--tlskey` command-line flags had
non-standard behavior for handling values contained in quotes (`"` or `'`).
Normally, quotes are handled by the shell, for example, in the following
example, the shell takes care of handling quotes before passing the values
to the `docker` CLI:
docker --some-option "some-value-in-quotes" ...
However, when passing values using an equal sign (`=`), this may not happen
and values may be handled including quotes;
docker --some-option="some-value-in-quotes" ...
This caused issues with "Docker Machine", which used this format as part
of its `docker-machine config` output, and the CLI carried special, non-standard
handling for these flags.
Docker Machine reached EOL, and this special handling made the processing
of flag values inconsistent with other flags used, so this behavior is
deprecated. Users depending on this behavior are recommended to specify
the quoted values using a space between the flag and its value, as illustrated
above.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `NewNamedListOptsRef`, `NewNamedMapOpts` and related `NamedListOpts`,
`NamedMapOpts`, and `NamedOption` interface were added in [moby@677a6b3],
which added support for a `daemon.json` configuration file. That change
required a way to correlate command-line flags with their corresponding
fields in the `daemon.json` to detect conflicting options. At the time,
the CLI and daemon were produced from the same code, and shared packages
for command-line options, but when the CLI was moved to a separate
repository, these options were inherited.
[moby@677a6b3]: 677a6b3506
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
hostVar is used for the '--host' / '-H' flag to set [ClientOptions.Hosts].
The [ClientOptions.Hosts] field is a slice because it was originally shared
with the daemon config. However, the CLI only allows for a single host to
be specified.
hostVar presents itself as a "string", but stores the value in a string
slice. It produces an error when trying to set multiple values, matching
the check in [getServerHost].
[getServerHost]: 7eab668982/cli/command/cli.go (L542-L551)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The ClientOptions struct and related flags were inherited from the Moby
repository, where originally the CLI and Daemon used the same implementation
and had a "Common" options struct. When the CLI moved to a separate repository,
those structs were duplicated, but some daemon-specific logic remained. For
example, the daemon can be configured to listen on multiple ports and sockets
([moby@dede158]), but the CLI [can only connect to a single host][1]. The
daemon config also had to account for flags conflicting with `daemon.json`,
and use special flag-vars for this ([moby@677a6b3]).
Unfortunately, the `ClientConfig` struct became part of the public API and
is used as argument in various places, but we can remove the use of the
special flag var. This patch replaces the use of `NewNamedListOptsRef`
for a regular `StringArray`.
Unfortunately this changes the flag's type description from `list` to
`stringArray`, but we can look at changing that separately.
[moby@dede158]: dede1585ee
[1]: 0af135e906/docker/docker.go (L191-L193)
[moby@677a6b3]: 677a6b3506
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `ValidateHost` option was introduced in [moby@1ba1138] to be used
as validation func for the `--host` flag on the daemon in and CLI in
[moby@5e3f6e7], but is no longer used since [cli@6f61cf0]. which added
support for `ssh://` connections, and required validation elsewhere.
[moby@1ba1138]: 1ba11384bf
[moby@5e3f6e7]: 5e3f6e7023
[cli@6f61cf0]: 6f61cf053a
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `QuotedString` option was added in [moby@e4c1f07] and [moby@abe32de]
to work around a regression in Docker 1.13 that caused `docker-machine`
to fail. `docker-machine` produced instructions on how to set up a cli
to connect to the Machine it produced. These instructions used quotes
around the paths for TLS certificates, but with an `=` for the flag's
values instead of a space; due to this the shell would not handle
stripping quotes, so the CLI would now get the value including quotes.
Preserving quotes in such cases is expected (and standard behavior), but
versions of Docker before 1.13 used a custom "mflag" package for flag
parsing, and that package contained custom handling for quotes (added
in [moby@0e9c40e]).
For other flags, this problem could be solved by the user, but as these
instructions were produced by `docker-machine`'s `config` command, an
exception was made for the `--tls-xxx` flags. From [moby-29761]:
> The flag trimming behaviour is really unusual, and I would say unexpected.
> I think removing it is generally the right idea. Since we have one very
> common case where it's necessary for backwards compatibility we need to
> add a special case, but I don't think we should apply that case to every
> flag.
The `QuotedString` implementation has various limitations, as it doesn't
follow the same handling of quotes as a shell would.
Given that Docker Machine reached EOL a long time ago and other options,
such as `docker context`, have been added to configure the CLI to connect
to a specific host (with corresponding TLS configuration), we should remove
the special handling for these flags, as it's inconsitent with all other
flags, and not worth maintaining for a tool that no longer exists.
This patch deprecates the `QuotedString` option and removes its use. A
temporary, non-exported copy is added, but will be removed in the next
release.
[moby-29761]: https://github.com/moby/moby/issues/29761#issuecomment-270211265
[moby@e4c1f07]: e4c1f07729
[moby@abe32de]: abe32de6b4
[moby@0e9c40e]: 0e9c40eb82
[moby@c79a169]: c79a169a35
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These utilities were only used internally; create a local copy
where used, and deprecate the ones in cli.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It was only used in a single place and has no external consumers.
Move it to where it's used to keep things together.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The example shows that the `--volumes` option is used, which in current
versions of docker only removes "anonymous" volumes, but preserves named
volume:
$ docker system prune -a --volumes
...
- all anonymous volumes not used by at least one container
...
But the example output showed that a named volume ("named-vol") was
deleted;
Deleted Volumes:
named-vol
Co-authored-by: Roberto Villarreal <rrjjvv@yahoo.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The label validation steps now properly fail the workflow when required
labels are missing, instead of continuing with errors.
This change removes the `continue-on-error: true` directives and adds
`always()` conditions to ensure the validation steps run regardless of
previous step outcomes.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
The PR validation workflow now enforces that every PR with an 'impact/*'
label must also have a corresponding 'kind/*' label, in addition to the
existing 'area/*' label requirement.
This change helps ensure proper categorization of pull requests by
requiring contributors to specify both the impact area and the kind of
change being made.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
The logic used in this function was confusing; some errors were ignored,
but responses handled regardless. The intent here is to try to detect
whether the destination exists inside the container and is of the right
"type" (otherwise produce an error).
Failing to "stat" the path in the container means we can't produce a
nice error for the user, but we'll continue the request, which either
would succeed or produce an error returned by the daemon.
While working on this patch, I noticed that some error-handling on the
daemon side is incorrect. This patch does not fix those cases, but
makes the logic slightly easier to follow (we should consider extracting
the "stat" code to a separate function though).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- deprecate sockets.GetProxyEnv, sockets.DialerFromEnvironment
- add support for unix sockets on Windows
- remove legacy CBC cipher suites from client config
- align client and server defaults to be the same.
- remove support for encrypted TLS private keys.
- nat: optimize ParsePortSpec
full diff: https://github.com/docker/go-connections/compare/v0.5.0...v0.6.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was recently rewritten from testing plugin upgrade with
DCT enabled to just "plugin upgrade", but there's a fair amount of
complexity in the e2e tests that set up different daemons and registries.
It's possible that tests are affecting each-other, and some state (config)
is left behind.
Let's skip the test for now, and add a tracking ticket to dig deeper.
=== FAIL: e2e/global TestPromptExitCode/plugin_upgrade (7.55s)
cli_test.go:205: assertion failed:
Command: docker plugin push registry:5000/plugin-upgrade-test:latest
ExitCode: 1
Error: exit status 1
Stdout: The push refers to repository [registry:5000/plugin-upgrade-test]
459089aa5943: Preparing
adc41078d1d9: Preparing
d7bff979db13: Preparing
459089aa5943: Preparing
Stderr: error pushing plugin: failed to do request: Head "https://registry:5000/v2/plugin-upgrade-test/blobs/sha256:adc41078d1d937495df2f90444e5414a01db31e5a080f8aa4f163c64d41abd11": http: server gave HTTP response to HTTPS client
Failures:
ExitCode was 1 expected 0
Expected no error
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- https://github.com/golang/go/issues?q=milestone%3AGo1.24.6+label%3ACherryPickApproved
- full diff: golang/go@go1.24.5...go1.24.6
These minor releases include 2 security fixes following the security policy:
- os/exec: LookPath may return unexpected paths
If the PATH environment variable contains paths which are executables (rather
than just directories), passing certain strings to LookPath ("", ".", and ".."),
can result in the binaries listed in the PATH being unexpectedly returned.
Thanks to Olivier Mengué for reporting this issue.
This is CVE-2025-47906 and Go issue https://go.dev/issue/74466.
- database/sql: incorrect results returned from Rows.Scan
Cancelling a query (e.g. by cancelling the context passed to one of the query
methods) during a call to the Scan method of the returned Rows can result in
unexpected results if other queries are being made in parallel. This can result
in a race condition that may overwrite the expected results with those of
another query, causing the call to Scan to return either unexpected results
from the other query or an error.
We believe this affects most database/sql drivers.
Thanks to Spike Curtis from Coder for reporting this issue.
This is CVE-2025-47907 and https://go.dev/issue/74831.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.6
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
It was only used internally and has no external users. It should not be
used for new uses, because it also adds a minimum API version constraint
and a default from env-var, which must be evaluated for each individual
use of such flags.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Plugins are not widely used, and there's no known plugins that use
content-trust. We're working on updating the authentication stack
in the CLI, and the trust implementation hinders us in making
changes, so removing parts that are not high-priority (ahead of
full deprecation of DCT).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use names for the plugin that don't refer to content-trust, as that's
not related to this test.
Make it slightly more clear which steps are preparation and which
are the actual test. The test sometimes fails in the preparation
step, and we could consider moving those separate and XFail the
test if the preparation fails;
Stderr: error pushing plugin: failed to do request: Head "https://registry:5000/v2/plugin-content-trust-upgrade/blobs/sha256:af932a31d4df3a2890f900bcf28e16cea87b2b440b8036ba86ab3418f3e50a35": http: server gave HTTP response to HTTPS client
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The gotest.tools `fs.NewDir` utility already sets up a `t.Cleanup`,
so we can treat it the same as `t.TempDir()` and let it handle
cleaning up by itself.
We should probably consider replacing some of this with `t.TempDir`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- The `DisableInputEcho` and `PromptForInput` utilities were added in
c15ade0c64 as part of a bug-fix, which
was part of v28.x. [There are no (publicly visible) users][1] of either.
- The `ErrPromptTerminated` was added in v26.x (originally added in
10bf91a02d, later updated in commit
7c722c08d0. [It is not used][2]
- The `PromptForConfirmation` was added in [moby@280c872] (docker v1.13.0)
as part of the `docker <object> prune` subcommands. It was meant for
internal use but exported to allow re-using it in the `container`,
`image` (etc.) packages. However, a breaking change to its signature
was made in 10bf91a02d. It currently
does [not appear to have any (public) users][2].
This patch removes the `ErrPromptTerminated`, `DisableInputEcho`,
`PromptForInput`, and `PromptForConfirmation` utilities from the
`cli/command` package. The core functionality of these is still
available in the `internal/prompt` package, which we may make
public at some point, but still needs some refining / decoupling.
[moby@280c872]: 280c872366
[1]: https://grep.app/search?f.lang=Go®exp=true&q=%5C.%28DisableInputEcho%7CPromptForInput%29%5C%28
[2]: https://grep.app/search?f.lang=Go&q=%5C.ErrPromptTerminated
[3]: https://grep.app/search?f.lang=Go&q=.PromptForConfirmation%28
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This package will not be included in the api or client modules, and
we're currently only using a single function of it, and only the
unix implementation, so let's fork it for now (although the package
may be moved to moby/sys).
This removes the last dependency on github.com/docker/docker.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These aliases were added in 4321293972
(part of v28.0), but did not deprecate them. They are no longer used
in the CLI itself, but may be used by cli-plugin implementations.
This deprecates the aliases in `cli-plugins/manager` in favor of
their equivalent in `cli-plugins/manager/metadata`:
- `NamePrefix`
- `MetadataSubcommandName`
- `HookSubcommandName`
- `Metadata`
- `ReexecEnvvar`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was a pattern inheritted from pkg/errors.Wrapf, which ignored
nil errors for convenience. However, it is error-prone, as it is
not obvious when returning a nil-error.
All call-sites using `wrapAsPluginError` already do a check for
nil errors, so remove this code to prevent hard to find bugs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It is for internal use, and no longer needed for testing, now that
the `Plugin` type handles marshalling errors.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Go does not by default marshal `error` type fields to JSON. The manager
package therefore implemented a `pluginError` type that implements
[encoding.TextMarshaler]. However, the field was marked as a regular
`error`, which made it brittle; assining any other type of error would
result in the error being discarded in the marshaled JSON (as used in
`docker info` output), resulting in the error being marshaled as `{}`.
This patch adds a custom `MarshalJSON()` on the `Plugin` type itself
so that any error is rendered. It checks if the error used already
implements [encoding.TextMarshaler], otherwise wraps the error in
a `pluginError`.
[encoding.TextMarshaler]: https://pkg.go.dev/encoding#TextMarshaler
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Experimental is always enabled (977d3ae046),
and the `Experimental` field in plugin metadata was deprecated in
977d3ae046 and removed in commit
6a50c4f700.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Move the version-check for pruners to the pruner, which can
return a [ErrNotImplemented] error to indicate they won't
be run with the API version that's used.
This helps separating concerns, and doesn't enforce knowledge
about what's supported by each content-type onto the system
prune command.
[ErrNotImplemented]: https://pkg.go.dev/github.com/docker/docker@v28.3.3+incompatible/errdefs#ErrNotImplemented
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This adds a "dry-run" / "pre-check" option for prune-functions,
which delegates constructing the confirmation message (what is
about to be pruned) and validation of the given options to the
prune-functions.
This helps separating concerns, and doesn't enforce knowledge
about what's supported by each content-type onto the system
prune command.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Introduce a "prune" package in which we maintain a list of prune
functions that are registered. Known prune "content-types" are
included in a pre-defined order, after which additional content
can be registered.
Using this approach no longer requires the "RunPrune" functions
to be exported, and allows additional content-types to be
introduced without having to import those packages into the
system package, so keeping things more decoupled.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Most places only use IndexInfo (and may not even need that), so replace
the use of ParseRepositoryInfo for NewIndexInfo, and move the RepositoryInfo
type to the trust package, which uses it as part of its ImageRefAndAuth
struct.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Use strong-typed switches for validating options
- Initialize defaults instead of setting them after
parsing the ports. Each option should be validated
as part of the parsing, so no invalid (or empty)
values should be set.
- Put variables closer to where they're used, and
pre-allocate slices.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This file is only used as default if no version is specified. We
should probably get rid of this, but let's update it to better
reflect the version that developer builds are building.
d48fb9f9f7/docker.Makefile (L22)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Rewrite the function to use strings.Cut instead of checking for,
and trimming prefixes for each option.
- More explicitly set the value, instead of setting an empty value,
then propagating the struct.
- Define a "type" to provide a more enum-like construct.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
notable changes;
- api/types/container: move StateStatus, NewStateStatus internal again
- daemon/server/httputils: remove ContainerDecoder interface
- runconfig: move to daemon/internal/runconfig
- pkg/stack: move to daemon/internal
- remove pkg/stringid as it has moved to the client module
- remove pkg/stdcopy as it has moved to the api module
- pkg/rootless: move to daemon/internal
- move api/types/plugins/logdriver to daemon/internal
- move api/types/plugins/logdriver to daemon/internal
- pkg/system: move to daemon/internal
- remove pkg/fileutils
full diff: 25e2b4d485...2574c2b2e9
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Removed the error return from the `ParseRepositoryInfo` function.
There are no validation steps inside `ParseRepositoryInfo` which
could cause an error, so we always returned a nil error.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We transitioned most functionality of docker/errdefs to containerd
errdefs module, and the docker/errdefs package should no longer be
used.
Because of that, there will no longer be ambiguity, so we can remove
the aliases for this package, and use it as "errdefs".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It it just a chain of `New("sometag").Parse(...)`, and most of our
uses don't use a tag for the template, so can call Parse.
There's no public users of this function, but deprecating it first
just in case.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- fix various unhandled errors
- remove some locally defined option-types in favor of option-types
defined by the client / api
- don't use unkeyed structs in tests, and add docs for some subtests
- fix some values in tests that triggered "spellcheck" warnings
- inline vars / functions that only had a single use.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Moves ParseVolume() to a new internal package to remove the dependency
on cli/compose/loader in cli/command/container/opts.go
refactor to keep types isolated
- rename the package to "volumespec" to reuse the name of the package
as part of the name (parsevolume.ParseVolume() -> volumespec.Parse())
- move the related compose types to the internal package as well,
and rename them to be more generic (not associated with "compose");
- ServiceVolumeConfig -> VolumeConfig
- ServiceVolumeBind -> BindOpts
- ServiceVolumeVolume -> VolumeOpts
- ServiceVolumeImage -> ImageOpts
- ServiceVolumeTmpfs -> TmpFsOpts
- ServiceVolumeCluster -> ClusterOpts
- alias the internal types inside cli/compose/types to keep backward
compatibility (for any external consumers); even though the implementation
is internal, Go allows aliasing types to use them externally.
Signed-off-by: Michael Tews <michael@tews.dev>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
internal/registry/errors.go:26:43: use-any: since Go 1.18 'interface{}' can be replaced by 'any' (revive)
func invalidParamf(format string, args ...interface{}) error {
^
internal/registry/registry_mock_test.go:52:51: use-any: since Go 1.18 'interface{}' can be replaced by 'any' (revive)
func writeResponse(w http.ResponseWriter, message interface{}, code int) {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The registry.ServiceConfig struct in the API types was meant for the
registry configuration on the daemon side; it has variuos fields we
don't use, defines methods for (un)marshaling JSON, and a custom version
of `net.IPNet`, also to (un)marshal JSON.
None of that is needed, so let's change it to a local type, and implement
a constructor (as we now only have "insecure registries" to care
about).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It was written to be used as validate-func for command-line flags, which
we don't use it for (which for CLI-flags includes normalizing the value).
The validation itself didn't add much; it only checked the registry didn't
start or end with a hyphen (which would still fail when parsing).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
now that we no longer need to account for mirrors, these were
identical, so just use a single one.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The CLI does not have information about mirrors, and doesn't
configure them, so we can remove these parts.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This adds an internal fork of [github.com/docker/docker/registry], taken
at commit [moby@f651a5d]. Git history was not preserved in this fork,
but can be found using the URLs provided.
This fork was created to remove the dependency on the "Moby" codebase,
and because the CLI only needs a subset of its features. The original
package was written specifically for use in the daemon code, and includes
functionality that cannot be used in the CLI.
[github.com/docker/docker/registry]: https://pkg.go.dev/github.com/docker/docker@v28.3.2+incompatible/registry
[moby@49306c6]: 49306c607b/registry
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was deprecated in 6f46cd2f4b,
which is part of v28.x, and no longer used, so we can remove it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This utility was only used in the CLI, but the implementation was
based on it being used on the daemon side, so included resolving
the host's IP-address, mirrors, etc.
The only reason it's used in the CLI is to provide credentials for
the registry that's being searched, so reduce it to just that.
There's more cleaning up to do in this area, so to make our lives
easier, it's implemented locally as non-exported functions; likely
to be replaced with something else.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Docker Content Trust is currently only implemented for the classic
builder, but is known to not work with multi-stage builds, and
requires rewriting the Dockerfile, which is brittle because the
Dockerfile syntax evolved with the introduction of BuildKit as
default builder.
Given that the classic builder is deprecated, and only used for
Windows images, which are not verified by content trust;
# docker pull --disable-content-trust=false mcr.microsoft.com/windows/servercore:ltsc2025
Error: remote trust data does not exist for mcr.microsoft.com/windows/servercore: mcr.microsoft.com does not have trust data for mcr.microsoft.com/windows/servercore
With content trust not implemented in BuildKit, and not implemented
in docker compose, this resulted in an inconsistent behavior.
This patch removes content-trust support for "docker build". As this
is a client-side feature, users who require this feature can still
use an older CLI to to start the build.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
gitutils_test.go:210: git-http-backend: git: 'http-backend' is not a git command. See 'git --help'.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Adds a local fork of this package for use in the classic builder.
Code was taken at commit [d33d46d01656e1d9ee26743f0c0d7779f685dd4e][1].
Migration was done using the following steps:
# install filter-repo (https://github.com/newren/git-filter-repo/blob/main/INSTALL.md)
brew install git-filter-repo
# create a temporary clone of docker
cd ~/Projects
git clone https://github.com/docker/docker.git build_context_temp
cd build_context_temp
# commit taken from
git rev-parse --verify HEAD
d33d46d01656e1d9ee26743f0c0d7779f685dd4e
git filter-repo --analyze
# remove all code, except for the remotecontext packages, and move to build/internal docs and previous locations of it
git filter-repo \
--path 'builder/remotecontext/git' \
--path 'builder/remotecontext/urlutil' \
--path-rename builder/remotecontext:cli/command/image/build/internal
# go to the target repository
cd ~/go/src/github.com/docker/cli
# create a branch to work with
git checkout -b fork_remotecontext
# add the temporary repository as an upstream and make sure it's up-to-date
git remote add build_context_temp ~/Projects/build_context_temp
git fetch build_context_temp
# merge the upstream code
git merge --allow-unrelated-histories --signoff -S build_context_temp/master
[1]: https://github.com/docker/docker/d33d46d01656e1d9ee26743f0c0d7779f685dd4e
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Removes direct imports of github.com/docker/docker/builder in
the image package, to be moved later.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use consistent name for MountOpt vars
- cleanup some comments and make them a GoDoc
- remove import alias
- use subtests for tests that were prepared for it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Also rename "ctx" argument; we shouldn't use this as name for things
that are not a context.Context.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's part of the presentation logic of the cli, and only used internally.
We can consider providing utilities for these, but better as part of
separate packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch deprecates the unused `RegistryAuthenticationPrivilegedFunc`.
The function would prompt the user when the registry returns a 403 after trying
the initial auth value set in `RegistryAuth`.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
docker build --call outline .
TARGET: binary
BUILD ARG VALUE DESCRIPTION
BASE_VARIANT alpine
ALPINE_VERSION 3.21 sets the version of the alpine base image to use, including for the golang image.
GO_VERSION 1.24.5
XX_VERSION 1.6.1
GOVERSIONINFO_VERSION v1.4.1
GO_LINKMODE static defines if static or dynamic binary should be produced
GO_BUILDTAGS defines additional build tags
GO_STRIP strips debugging symbols if set
CGO_ENABLED manually sets if cgo is used
VERSION sets the version for the produced binary
PACKAGER_NAME sets the company that produced the windows binary
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch removes the interactive prompts from `docker push/pull`.
The prompt would only execute on a response status code 403 from the registry
after trying the value set in `RegistryAuth`. Docker Hub could return 404
instead or 429, which would never execute the prompt.
The UX regarding the prompt is also questionable since the user might
not actually want to authenticate with a registry and the CLI could fail fast
instead. The user can always run `docker login` or set the `DOCKER_AUTH_CONFIG`
environment variable to get authenticated.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
client.ContainerDiff already validates the given container name/ID, and
produces an error when empty, so we don't have to check for this;
abba330bbf/client/container_diff.go (L13-L16)
While updating, also;
- remove the diffOptions type, as there were no other options, and make
the container name/ID a string argument.
- fix camelCase nameing of dockerCLI
Before this patch:
docker diff ""
Container name cannot be empty
With this patch:
docker diff ""
invalid container name or ID: value is empty
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It was the only utility we consumed from the package, and it's trivial
to implement, so let's create local copies of it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This utility was only used for testing, and to generate a random
suffix for Dockerfiles. As we don't need the same contract as
pkg/stringid.GenerateRandomID() (not allow all-numeric IDs as they
would not be usable for hostnames), we can use a local test-utility,
and local implementation for the random suffix instead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We were depending on pkg/stringid to truncate IDs for presentation. While
traditionally, we used a fixed length for "truncated" IDs, this is not
a strict requirement (any ID-prefix should work, but conflicts may
happen on shorter IDs).
This patch adds a local `TruncateID()` utility in the formatter package;
it's currently using the same implementation and length as the
`stringid.TruncateID` function, but may diverge in future.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `AllowOverwriteDirWithFile` option was added when reimplementing the
CLI using the API Client lib in [moby@1b2b91b]. Before that refactor, the
`noOverwriteDirNonDir` query argument [would be set unconditionally][1]
by the CLI, with no options to control the behavior.
It's unclear why the `noOverwriteDirNonDir` was implemented as opt-in (not
opt-out), as overwriting a file with a directory (or vice-versa) would
generally be unexpected behavior.
We're considering making `noOverwriteDirNonDir` unconditional on the daemon
side, and to deprecate the `AllowOverwriteDirWithFile` option. This patch
removes its use, as it was set to the default either way, and there's no
options to configure it from the CLI.
[1]: 8c9ad7b818/api/client/cp.go (L345-L346)
[moby@1b2b91b]: 1b2b91ba43
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Make the test slightly more permissive; we're looking for a trailing
newline, not necessarily an empty line.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- https://github.com/golang/go/issues?q=milestone%3AGo1.24.5+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.24.4...go1.24.5
This minor releases include 1 security fixes following the security policy:
- cmd/go: unexpected command execution in untrusted VCS repositories
Various uses of the Go toolchain in untrusted VCS repositories can result in
unexpected code execution. When using the Go toolchain in directories fetched
using various VCS tools (such as directly cloning Git or Mercurial repositories)
can cause the toolchain to execute unexpected commands, if said directory
contains multiple VCS configuration metadata (such as a '.hg' directory in a Git
repository). This is due to how the Go toolchain attempts to resolve which VCS
is being used in order to embed build information in binaries and determine
module versions.
The toolchain will now abort attempting to resolve which VCS is being used if it
detects multiple VCS configuration metadata in a module directory or nested VCS
configuration metadata (such as a '.git' directoy in a parent directory and a
'.hg' directory in a child directory). This will not prevent the toolchain from
building modules, but will result in binaries omitting VCS related build
information.
If this behavior is expected by the user, the old behavior can be re-enabled by
setting GODEBUG=allowmultiplevcs=1. This should only be done in trusted
repositories.
Thanks to RyotaK (https://ryotak.net) of GMO Flatt Security Inc for reporting
this issue.
This is CVE-2025-4674 and https://go.dev/issue/74380.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.5
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
I noticed this in a ticket in the compose issue tracker; with debug logging
enabled, the OTEL error-logger may be logging even if there's no error;
DEBU[0000] Executing bake with args: [bake --file - --progress rawjson --metadata-file /tmp/compose-build-metadataFile-1203980021.json --allow fs.read=/home/user/dev/project --allow fs.read=/home/user/dev/project --allow fs.read=/home/user/dev/project/nginx --allow fs.read=/home/user/dev/project]
TRAC[0000] Plugin server listening on @docker_cli_d8df486f78df3b7357995be71bf0cef6
DEBU[0005] otel error error="<nil>"
^CTRAC[0055] Closing plugin server
TRAC[0055] Closing plugin server
DEBU[0055] otel error error="<nil>"
DEBU[0055] otel error error="<nil>"
Update the error-handler to not log if there's no error.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Make it a hidden file. From the [CodeCov docs][1]:
> Can I name the file .codecov.yml?
>
> Yes, you can name the file `codecov.yml` or `.codecov.yml`. However, the
> file must still be located in the repository root, `dev/`, or `.github/`
> directories
[1]: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-file-codecovyml
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The strslice.StrSlice type is a string-slice with a custom JSON Unmarshal
function to provide backward-compatibility with older API requests (see
[moby@17d6f00] and [moby@ea4a067]).
Given that the type is assigned implicitly through the fields on HostConfig,
we can just use a regular []string instead.
[moby@17d6f00]: 17d6f00ec2
[moby@ea4a067]: ea4a06740b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Adding image tags that follow the semver major and minor versions (e.g., `28`
and `28.3`) for the moby-bin images.
This makes it easier for users to reference the latest build within a
major or minor version series without having to know the exact
minor/patch version.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
When connecting to a remote daemon through an ssh:// connection,
the CLI connects with the remote host using ssh, executing the
`docker system dial-stdio` command on the remote host to connect
to the daemon API's unix socket.
By default, the `docker system dial-stdio` command connects with the
daemon using the default location (/var/run/docker.sock), or the
location as configured on the remote host.
Commit 25ebf0ec9c (included in docker
CLI v24.0.0-rc.2 and higher) introduced a feature to allow the location
of the socket to be specified through the host connection string, for
example:
DOCKER_HOST='ssh://example.test/run/custom-docker.sock'
The custom path is included as part of the ssh command executed from
the client machine to connect with the remote host. THe example above
would execute the following command from the client machine;
ssh -o ConnectTimeout=30 -T -- example.test docker --host unix:///run/custom-docker.sock system dial-stdio
ssh executes remote commands in a shell environment, and no quoting
was in place, which allowed for a connection string to include additional
content, which would be expanded / executed on the remote machine.
For example, the following example would execute `echo hello > /hello.txt`
on the remote machine;
export DOCKER_HOST='ssh://example.test/var/run/docker.sock $(echo hello > /hello.txt)'
docker info
# (output of docker info from the remote machine)
While this doesn't allow the user to do anything they're not already
able to do so (by directly using the same SSH connection), the behavior
is not expected, so this patch adds quoting to prevent such URLs from
resulting in expansion.
This patch updates the cli/connhelper and cli/connhelper/ssh package to
quote parameters used in the ssh command to prevent code execution and
expansion of variables on the remote machine. Quoting is also applied to
other parameters that are obtained from the DOCKER_HOST url, such as username
and hostname.
- The existing `Spec.Args()` method inthe cli/connhelper/ssh package now
quotes arguments, and returns a nil slice when failing to quote. Users
of this package should therefore check the returned arguments before
consuming. This method did not provide an error-return, and adding
one would be a breaking change.
- A new `Spec.Command` method is introduced, which (unlike the `Spec.Args()`
method) provides an error return. Users are recommended to use this new
method instead of the `Spec.Args()` method.
Some minor additional changes in behavior are included in this patch;
- Connection URLs with a trailing slash (e.g. `ssh://example.test/`)
would previously result in `unix:///` being used as custom socket
path. After this patch, the trailing slash is ignored, and no custom
socket path is used.
- Specifying a remote command is now required. When passing an empty
remote command, `Spec.Args()` now results in a `nil` value to be
returned (or an `no remote command specified` error when using
`Spec.Comnmand()`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/connhelper/internal/syntax/parser.go:31:2: Duplicate words (the) found (dupword)
// Note that it shares some features with Bash, due to the the shared
^
cli/connhelper/internal/syntax/quote.go:48:1: cyclomatic complexity 35 of func `Quote` is high (> 16) (gocyclo)
func Quote(s string, lang LangVariant) (string, error) {
^
cli/connhelper/internal/syntax/quote.go:103:3: shadow: declaration of "offs" shadows declaration at line 56 (govet)
offs := 0
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was introduced in 9b54d860cd,
which added `docker container remove` as alias for `docker container rm`.
However, due to the `NewRmCommand` being used both for adding the top-level
`docker rm` command and for adding the `docker container rm` command, it
also introduced a (hidden) top-level `docker remove` command;
docker remove --help | head -n1
Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...]
The command was not documented, and did not appear in `--help` output,
nor was auto-complete provided;
docker --help | grep remove
docker r<TAB>
rename (Rename a container) rm (Remove one or more containers) run (Create and run a new container from an image)
restart (Restart one or more containers) rmi (Remove one or more images)
This patch adds a dedicated, non-exported `newRemoveCommand` to add sub-
commands for `docker container`, taking a similar approach as was done in
[moby@b993609d5a] for `docker image rm`.
With this patch applied, the hidden command is no longer there, but
the `docker rm`, `docker container rm`, and `docker container remove`
commands stay functional as intended;
docker remove foo
docker: unknown command: docker remove
Run 'docker --help' for more information
docker rm --help | head -n1
Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...]
docker container rm --help | head -n1
Usage: docker container rm [OPTIONS] CONTAINER [CONTAINER...]
docker container remove --help | head -n1
Usage: docker container rm [OPTIONS] CONTAINER [CONTAINER...]
[moby@b993609d5a]: b993609d5a
Reported-by: Lorenzo Buero <138243046+LorenzoBuero@users.noreply.github.com>
Co-authored-by: Lorenzo Buero <138243046+LorenzoBuero@users.noreply.github.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When pulling or pushing images, the CLI could prompt for a password
if the push/pull failed and the registry returned a 401 (Unauthorized)
Ironically, this feature did not work when using Docker Hub (and possibly
other registries using basic auth), due to some custom error handling added
in [moby@19a93a6e3d42], which also discards the registry's status code,
changing it to a 404;
curl -v -XPOST --unix-socket /var/run/docker.sock 'http://localhost/v1.50/images/create?fromImage=docker.io%2Fexample%2Fprivate&tag=latest'
...
< HTTP/1.1 404 Not Found
< Content-Type: application/json
...
{"message":"pull access denied for example/private, repository does not exist or may require 'docker login'"}
And due to a bug, other registries (not using basic auth) returned a generic
error, which resulted in a 500 Internal Server Error. That bug was fixed in
docker 28.2, now returning the upstream status code and trigger an interactive
prompt;
docker pull icr.io/my-ns/my-image:latest
Please login prior to pull:
Username:
This prompt would be triggered unconditionally, also if the CLI was run
non-interactively and no TTY attached;
docker pull icr.io/my-ns/my-image:latest < /dev/null
Please login prior to pull:
Username:
With this PR, no prompt is shown ;
# without STDIN attached
docker pull icr.io/my-ns/my-image:latest < /dev/null
Error response from daemon: error from registry: Authorization required. See https://cloud.ibm.com/docs/Registry?topic=Registry-troubleshoot-auth-req - Authorization required. See https://cloud.ibm.com/docs/Registry?topic=Registry-troubleshoot-auth-req
For now, the prompt is still shown otherwise;
docker pull icr.io/my-ns/my-image:latest
Login prior to pull:
Username: ^C
[moby@19a93a6e3d42]: 19a93a6e3d
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Currently, image tree visualization doesn't properly detect chips for
parent images, only looking at child images. This patch fixes the issue
by checking both parent and child images when determining which chips to
display in the tree view.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This patch enables the CLI to natively pick up the `DOCKER_AUTH_CONFIG`
environment variable and use it as a credential store.
The `DOCKER_AUTH_CONFIG` value should be a JSON object and must store
the credentials in a base64 encoded string under the `auth` key.
Specifying additional fields will cause the parser to fail.
For example:
`printf "username:pat" | openssl base64 -A`
`export DOCKER_AUTH_CONFIG='{
"auths": {
"https://index.docker.io/v1/": {
"auth": "aGk6KTpkY2tyX3BhdF9oZWxsbw=="
}
}
}'`
Credentials stored in `DOCKER_AUTH_CONFIG` would take precedence over any
credential stored in the file store (`~/.docker/config.json`) or native store
(credential helper).
Destructive actions, such as deleting a credential would result in a noop if
found in the environment credential. Credentials found in the file or
native store would get removed.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This field was added in [moby@5130fe5d38837302e], which
added it for use as intermediate struct when parsing CLI flags (through
`runconfig.ParseExec`) in [moby@c786a8ee5e9db8f5f].
Commit [moby@9d9dff3d0d9e92adf] rewrote the CLI to use
Cobra, and as part of this introduced a separate `execOptions` type in
`api/client/container`, however the ExecOptions.Detach field was still
used as intermediate field to store the flag's value.
Given that the client doesn't use this field, let's remove its use to
prevent giving the impression that it's used anywhere.
[moby@5130fe5d38837302e]: 5130fe5d38
[moby@c786a8ee5e9db8f5f]: c786a8ee5e
[moby@9d9dff3d0d9e92adf]: 9d9dff3d0d
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The RegistryAuthenticationPrivilegedFunc has some conditional logic to
add additional hints when logging in to the default (Docker Hub) registry.
Commit 9f4165ccb8 inadvertently passed the
wrong variable to PromptUserForCredentials, which caused it to show the
additional hints for Docker Hub.
Before this patch, hints were printed for the default (docker hub) registry;
docker pull icr.io/my-ns/my-image:latest
Login prior to pull:
Log in with your Docker ID or email address to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com/ to create one.
You can log in with your password or a Personal Access Token (PAT). Using a limited-scope PAT grants better security and is required for organizations using SSO. Learn more at https://docs.docker.com/go/access-tokens/
Username:
With this patch, those hints are omitted;
docker pull icr.io/my-ns/my-image:latest
Login prior to pull:
Username:
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This file is only used as default if no version is specified. We
should probably get rid of this, but let's update it to better
reflect the version that developer builds are building.
d48fb9f9f7/docker.Makefile (L22)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Image config fields like Cmd, Entrypoint, Env, etc. will be omitted from
/images/{name}/json response when empty, starting in v29.0.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
- https://github.com/golang/go/issues?q=milestone%3AGo1.24.4+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.24.3...go1.24.4
This release includes 3 security fixes following the security policy:
- net/http: sensitive headers not cleared on cross-origin redirect
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this issue.
This is CVE-2025-4673 and Go issue https://go.dev/issue/73816.
- os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location.
OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
Thanks to Junyoung Park and Dong-uk Kim of KAIST Hacking Lab for discovering this issue.
This is CVE-2025-0913 and Go issue https://go.dev/issue/73702.
- crypto/x509: usage of ExtKeyUsageAny disables policy validation
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
Thanks to Krzysztof Skrzętnicki (@Tener) of Teleport for reporting this issue.
This is CVE-2025-22874 and Go issue https://go.dev/issue/73612.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
These comments were added to enforce using the correct import path for
our packages ("github.com/docker/docker", not "github.com/moby/moby").
However, when working in go module mode (not GOPATH / vendor), they have
no effect, so their impact is limited.
Remove these imports in preparation of migrating our code to become an
actual go module.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change eliminates the automatic creation of image tags in the
format `dockereng/cli-bin:sha-ad132f5` for every push.
They're not too useful, produce noise and use a lot of space.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Support for API versions lower than v1.24 was removed in v26.0.
The DOCKER_MIN_API_VERSION environment-variable is still present
in the docker daemon, but can currently only be used to raise the
minimum version.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The daemon still has migration code in place, but no longer accepts
the option for new containers, so marking it as "removed";
49ec488036
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These fields have been removed in v26.0 (API v1.45 and up), and are always
omitted when using the containerd image store;
03cddc62f4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This functionality, was removed and the DOCKERD_DEPRECATED_GRAPHDRIVER_PLUGINS
no longer can be used in v28.0;
42ca9154e9
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use filepath.EvalSymlink instead of check with filepath.IsAbs
- allow for dangling symlinks
- extract path from error when NotExist error occurs
Co-authored-by: Paweł Gronowski <me@woland.xyz>
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Will Wang <willww64@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
IsAutomated was deprecated in 4fc3f0e6f6
(docker v25.0), and marked for removal in docker 26.0 (which we missed).
This removes it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
docker ps --format 'table {{.ID}}\t{{.Image}}{{.Command}}\t{{.RunningFor}}\t{{.Status}}\t{{.Ports}}\t{{.Names}}\t{{.Platform}}'
CONTAINER ID IMAGECOMMAND CREATED STATUS PORTS NAMES PLATFORM
e422855eac55 docker-cli-dev"/bin/bash" 12 minutes ago Up 12 minutes strange_jennings linux/arm64
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The WithInitializeClient looks redundant altogether, so let's
rewrite this function to not depend on it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The labels are stored as a map, causing the output to be randomized.
This patch sorts the result to get a consistent output.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This file is only used as default if no version is specified. We
should probably get rid of this, but let's update it to better
reflect the version that developer builds are building.
d48fb9f9f7/docker.Makefile (L22)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this patch:
mkdir -p ./tempconfig && touch ./tempconfig/ca.pem ./tempconfig/cert.pem ./tempconfig/key.pem
DOCKER_TLS_VERIFY=1 DOCKER_CONFIG=./tempconfig DOCKER_HOST=unix:///var/run/docker.sock docker info
Failed to initialize: failed to retrieve context tls info: ca.pem seems invalid
With this patch:
DOCKER_TLS_VERIFY=1 DOCKER_CONFIG=./tempconfig DOCKER_HOST=unix:///var/run/docker.sock docker info
Client:
Version: 28.1.1-25-g2dfe7b558.m
Context: default
...
Note that the above is just to illustrate; there's still parts in context-
related code that will check for, and load TLS-related files ahead of time.
We should make some of that code lazy-loading (i.e., don't load these until
we're actually gonna make an API connection). For example, if the TLS files
are missing;
rm ./tempconfig/*.pem
DOCKER_TLS_VERIFY=1 DOCKER_CONFIG=./tempconfig DOCKER_HOST=unix:///var/run/docker.sock docker info
Failed to initialize: unable to resolve docker endpoint: open tempconfig/ca.pem: no such file or directory
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When attaching to a container, hijack puts the terminal in raw mode,
and local echo is disabled. In normal cases, the terminal is restored
once the container detaches;
6f856263c2/cli/command/container/hijack.go (L40-L44)
However, when the CLI is forced to exit (after 3 signals), we `os.Exit(1)`,
which causes defers to not be executed, and because of this, the terminal
not being restored.
For example; start a container that's attached;
docker run -it --rm --sig-proxy=false alpine sleep 20
In another terminal send a SIGINT 3 times to force terminate;
kill -sINT $(pgrep -af docker\ run)
kill -sINT $(pgrep -af docker\ run)
kill -sINT $(pgrep -af docker\ run)
The first terminal shows that the docker cli was terminated;
got 3 SIGTERM/SIGINTs, forcefully exiting
However, the terminal was not restored, so local echo is disabled, and
typing any command in the terminal does not show output (a manual `stty echo`
is needed to restore).
With this patch, the terminal is restored before we forcefully exit the
docker CLI. Restoring is a no-op if there's no previous state, so we
can unconditionally execute this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `--platform` flag originally was added for the experimental LCOW
feature and only accepted the target operating system. Current versions
of Docker allow passing both OS and Architecture, so updating the
documentation to reflect this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Put the content related to `--changes` under a heading with the correct
anchor, so that it will be linked from the "options" table.
- Move note about `sudo` to be under the right example.
- Update some examples to directly read from a file instead of piping.
- Add heading for the `--message` flag.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Produce an error if the `--type` flag was set, but an empty value
was passed.
Before this patch:
docker inspect --type "" foo
# json output
docker inspect --type unknown foo
"unknown" is not a valid value for --type
With this patch:
docker inspect --type "" foo
type is empty: must be one of "config", "container", "image", "network", "node", "plugin", "secret", "service", "task", "volume"
docker inspect --type unknown foo
unknown type: "unknown": must be one of "config", "container", "image", "network", "node", "plugin", "secret", "service", "task", "volume"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this patch:
docker inspect --help | grep '\-\-type'
--type string Return JSON for specified type
With this patch:
docker inspect --help | grep '\-\-type'
--type string Only inspect objects of the given type
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this patch, flags and arguments would complete using filenames
from the current directory;
docker inspect --type <TAB>
AUTHORS CONTRIBUTING.md docs/ Makefile SECURITY.md
...
docker inspect <TAB>
With this patch, no completion is provided;
docker inspect --type <TAB>
# no results
docker inspect <TAB>
# no results
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When generating our docs, flag-descriptions are currently expected
to be under the "examples" section for them to be linked correctly.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `-i` and `-t` options are not needed, as the `pwd` command does not require a TTY nor an interactive session. Drop them to simplify the example and avoid causing unnecessary confusion to the reader.
Signed-off-by: 林博仁(Buo-ren Lin) <buo.ren.lin@gmail.com>
Also renamed some vars for clarity, renamed a error-returns to prevent
shadowing, and fixed some linter warnings about unhandled errors.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this change, some errors could be ambiguous as they did not
distinguish a flag to be omitted, or set, but with an empty value.
For example, if a user would try to loging but with an empty username,
the error would suggest that the `--username` flag was not set (which
it was);
I don't have `MY_USERNAME` set in this shell;
printenv MY_USERNAME || echo 'variable not set'
variable not set
Now, attempting to do a non-interactive login would result in an
ambiguous error;
echo "supersecret" | docker login --password-stdin --username "$MY_USERNAME"
Must provide --username with --password-stdin
With this patch applied, the error indicates that the username was empty,
or not set;
echo "supersecret" | docker login --password-stdin --username "$MY_USERNAME"
username is empty
echo "supersecret" | docker login --password-stdin
the --password-stdin option requires --username to be set
echo "supersecret" | docker login --password-stdin --password "supersecret"
conflicting options: cannot specify both --password and --password-stdin
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `GetSlice()` function is part of cobra's [cobra.SliceValue] interface,
and duplicates the older `GetAll()` method. This patch deprecates the
`GetAll()` method in favor of `GetSlice()`.
[cobra.SliceValue]: https://pkg.go.dev/github.com/spf13/cobra@v1.9.1#SliceValue
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was parsing the same URL twice; first to detect the
scheme, then again (through ssh.ParseURL) to construct a ssh.Spec.
Change the function to use the URL that's parsed, and use ssh.NewSpec
instead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `GetSlice()` function is part of cobra's [cobra.SliceValue] interface,
and duplicates the older `GetAll()` method. This patch changes our use
of the `GetAll()` method with the intent to deprecated it in future.
[cobra.SliceValue]: https://pkg.go.dev/github.com/spf13/cobra@v1.9.1#SliceValue
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Cobra's shell completion has specific rules to decide whether a flag can
be accepted multiple times. If a flag does not meet that rule, it only
completes the flag name once; some of those rules depend on the "type"
of the option to end with "Array" or "Slice", which most of our options
don't.
Starting with Cobra 1.9, it also checks whether an option implements
the [cobra.SliceValue] interface (see [spf13/cobra 2210]).
This patch implements the [cobra.SliceValue] interface on ListOpts, so
that these options can be completed multiple times.
In a follow-up, we can update our code to replace our uses of `GetAll()`,
which is identical with the `GetSlice()` method, and potentially deprecate
the old method.
Before this patch, ListOpts would only be completed once when completing
flag names. For example, the following would show the `--label` flag the
first time, but omit it if a `--label` flag was already set;
docker run--l<TAB>
--label (Set meta data on a container) --link-local-ip (Container IPv4/IPv6 link-local addresses)
--label-file (Read in a line delimited file of labels) --log-driver (Logging driver for the container)
--link (Add link to another container) --log-opt (Log driver options)
docker run --label hello --l<TAB>
--label-file (Read in a line delimited file of labels) --link-local-ip (Container IPv4/IPv6 link-local addresses) --log-opt (Log driver options)
--link (Add link to another container) --log-driver (Logging driver for the container)
With this patch, the completion script correctly identifies the `--label`
flag to be accepted multiple times, and also completes it when already
set;
docker run --label hello --l<TAB>
--label (Set meta data on a container) --link-local-ip (Container IPv4/IPv6 link-local addresses)
--label-file (Read in a line delimited file of labels) --log-driver (Logging driver for the container)
--link (Add link to another container) --log-opt (Log driver options)
[cobra.SliceValue]: https://pkg.go.dev/github.com/spf13/cobra@v1.9.1#SliceValue
[spf13/cobra 2210]: https://github.com/spf13/cobra/pull/2210
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this patch, `docker stack deploy` would not validate the image
reference on the client side, depending on the daemon to return an error,
which was not always easy to interpret;
docker stack deploy -c docker-compose.yaml mystack
Creating service mystack_myservice
failed to create service mystack_myservice: Error response from daemon: rpc error: code = InvalidArgument desc = ContainerSpec: image reference must be provided
IMAGE_NAME=FOOBAR docker stack deploy -c docker-compose.yaml mystack
Creating service mystack_myservice
failed to create service mystack_myservice: Error response from daemon: rpc error: code = InvalidArgument desc = ContainerSpec: "FOOBAR" is not a valid repository/tag
With this patch, the CLI validates the image-reference for each service,
producing an error if the reference is empty or invalid.
docker stack config -c docker-compose.yaml
invalid service myservice: no image specified
IMAGE_NAME=FOOBAR ~/Projects/cli/build/docker stack deploy -c docker-compose.yaml mystack
invalid image reference for service myservice: invalid reference format: repository name (library/FOOBAR) must be lowercase
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Aligning with where we put this in moby, and contrib is a slightly
more suitable location for this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use designated example domains as example value
- swap "expected" and "actual" values in assertions
- add doc / name for each test
- add test-cases for remote commands
- also test the Spec that's produced, not just the args
- merge two test-cases that could be combined
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
With this patch, the `--use-api-socket` flag can obtain credentials from
a validly formatted `DOCKER_AUTH_CONFIG` environment-variable. If the
env-var is not set, or doesn't contain credentials, it falls back to
attempting to read credentials from the CLI's configured credentials
store.
With this patch:
# Make sure there's no auth on disk first
mkdir -p tmpConfig
export DOCKER_CONFIG=$PWD/tmpConfig
rm -f $PWD/tmpConfig/config.json
# no credentials
docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
cat: can't open '/run/secrets/docker/config.json': No such file or directory
# pass credentials through DOCKER_AUTH_CONFIG
DOCKER_AUTH_CONFIG='{"auths": {"https://index.docker.io/v1/": {"auth": "am9lam9lOmhlbGxv"}}}' docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "am9lam9lOmhlbGxv"
}
}
}
# credentials from file if no DOCKER_AUTH_CONFIG is set
echo '{"auths": {"https://index.docker.io/v1/": {"auth": "am9lam9lOmhlbGxv"}}}' > "${DOCKER_CONFIG}/config.json"
docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "am9lam9lOmhlbGxv"
}
}
}
# same if DOCKER_AUTH_CONFIG is set, but doesn't contain credentials
DOCKER_AUTH_CONFIG='{}' docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "am9lam9lOmhlbGxv"
}
}
}
DOCKER_AUTH_CONFIG='{"auths": {}}' docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "am9lam9lOmhlbGxv"
}
}
}
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The "use-api-socket" code got in between, putting a lot of distance
between the declaration and use.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this patch, a valid, but empty set of credentials would still
write a config-file to the container and set `DOCKER_CONFIG`:
mkdir -p tmpConfig
export DOCKER_CONFIG=$PWD/tmpConfig
echo '{}' > "${DOCKER_CONFIG}/config.json"
docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
{
"auths": {}
}
echo '{"auths": {}}' > "${DOCKER_CONFIG}/config.json"
docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
{
"auths": {}
}
echo '{"auths": {"https://index.docker.io/v1/": {"auth": "am9lam9lOmhlbGxv"}}}' > "${DOCKER_CONFIG}/config.json"
docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "am9lam9lOmhlbGxv"
}
}
}
With this patch, the `DOCKER_CONFIG` env-var and config-file are only created
if we have credentials to set;
mkdir -p tmpConfig
export DOCKER_CONFIG=$PWD/tmpConfig
echo '{}' > "${DOCKER_CONFIG}/config.json"
docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
cat: can't open '/run/secrets/docker/config.json': No such file or directory
echo '{"auths": {}}' > "${DOCKER_CONFIG}/config.json"
docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
cat: can't open '/run/secrets/docker/config.json': No such file or directory
echo '{"auths": {"https://index.docker.io/v1/": {"auth": "am9lam9lOmhlbGxv"}}}' > "${DOCKER_CONFIG}/config.json"
docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "am9lam9lOmhlbGxv"
}
}
}
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Go maintainers started to unconditionally update the minimum go version
for golang.org/x/ dependencies to go1.23, which means that we'll no longer
be able to support any version below that when updating those dependencies;
> all: upgrade go directive to at least 1.23.0 [generated]
>
> By now Go 1.24.0 has been released, and Go 1.22 is no longer supported
> per the Go Release Policy (https://go.dev/doc/devel/release#policy).
>
> For golang/go#69095.
This updates our minimum version to go1.23, as we won't be able to maintain
compatibility with older versions because of the above.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
For now, these are not exported and included in the cli/commands/contexts
package; a copy of this also lives in cmd/docker, but we need to find a
good place for these completions, as some of them bring in additional
dependencies.
Commands that accept multiple arguments provide completion, but removing
duplicates:
docker context inspect<TAB>
default desktop-linux (current) production tcd
docker context inspec default<TAB>
desktop-linux (current) production tcd
docker context inspect default tcd<TAB>
desktop-linux (current) production
For "context export", we provide completion for the first argument, after
which file-completion is provided:
# provides context names completion for the first argument
docker context export production<TAB>
default desktop-linux (current) production tcd
# then provides completion for filenames
docker context export desktop-linux<TAB>
build/ man/ TESTING.md
cli/ docker.Makefile go.mod
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Using `--platform=linux` or `--platform=windows` is not commonly
used (or recommended). Let's remove these from the list of suggested
platforms.
We should tweak this completion further, and sort the list based
on the daemon's platform (putting linux first for a Linux daemon,
and windows first on a Windows daemon), possibly with the correct
architecture (and os-version) included, but we don't yet provide
that information in `/_ping`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Adds a flag to the create and run command, `--use-api-socket`, that can
be used to start a container with the correctly configured parameters to
ensure that accessing the docker socket will work with out managing bind
mounts and authentication injection.
The implementation in this PR resolves the tokens for the current
credential set in the client and then copies it into a container at the
well know location of /run/secrets/docker/config.json, setting
DOCKER_CONFIG to ensure it is resolved by existing tooling. We use a
compose-compatible secret location with the hope that the CLI and
compose can work together seamlessly.
The bind mount for the socket is resolved from the current context,
erroring out if the flag is set and the provided socket is not a unix
socket.
There are a few drawbacks to this approach but it resolves a long
standing pain point. We'll continue to develop this as we understand
more use cases but it is marked as experimental for now.
Signed-off-by: Stephen Day <stephen.day@docker.com>
The [`docker buildx bake`][1] command has reached GA; this patch adds
a top-level `docker bake` command as alias for `docker buildx bake` to
improve discoverability and make it more convenient to use.
With this patch:
docker --help
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Common Commands:
run Create and run a new container from an image
exec Execute a command in a running container
ps List containers
build Build an image from a Dockerfile
bake Build from a file
pull Download an image from a registry
push Upload an image to a registry
images List images
...
The command is hidden if buildx is not installed;
docker --help
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Common Commands:
run Create and run a new container from an image
exec Execute a command in a running container
ps List containers
build Build an image from a Dockerfile
pull Download an image from a registry
push Upload an image to a registry
images List images
...
We can do some tweaking after this; currently it show an error
in situations where buildx is missing. We don't account for
"DOCKER_BUILDKIT=0", because this is a new feature that requires
buildx, and cannot be "disabled";
buildx missing;
docker bake
ERROR: bake requires the buildx component but it is missing or broken.
Install the buildx component to use bake:
https://docs.docker.com/go/buildx/
BuildKit disabled:
DOCKER_BUILDKIT=0 docker bake
ERROR: bake requires the buildx component but it is missing or broken.
Install the buildx component to use bake:
https://docs.docker.com/go/buildx/
[1]: https://www.docker.com/blog/ga-launch-docker-bake/
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this patch, `docker image ls` / `docker image ls` would always
show untagged images, but hide "dangling" images (which effectively
only were produced by the legacy builder) unless `-a` / `--all` was
used. This often resulted in many `<none>:<none>` or `<untagged>` images
to be shown, which had little value to interact with, other than to
garbage collect (`docker system prune`).
In future, we want to take more advantage of containerd's garbage-collecting
features (removing unused images automatically), and this UX change is
a stepping stone toward that.
For now, this patch only changes the behavior for `docker image ls --tree`,
but we should make this the same for "non" --tree as well.
This patch:
- changes `docker image ls` to hide both "untagged" and "dangling" images
by default.
- changes the behavior of `--all` on the client side to make them visible
The API response remains the same for now, but this is something we can
consider changing in future (possibly more granular than a single boolean).
Before this patch;
docker image ls --tree
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
docker:cli 28fb556c1ea1 276MB 69.8MB
├─ linux/amd64 828f4f57525d 0B 0B
├─ linux/arm/v6 563c0b58e54b 0B 0B
├─ linux/arm/v7 6045d4846c59 0B 0B
└─ linux/arm64/v8 11e8dfd68841 276MB 69.8MB
alpine:latest a8560b36e8b8 12.8MB 3.99MB U
├─ linux/amd64 1c4eef651f65 0B 0B
├─ linux/arm/v6 903bfe2ae994 0B 0B
├─ linux/arm/v7 9c2d245b3c01 0B 0B
├─ linux/arm64/v8 757d680068d7 12.8MB 3.99MB U
├─ linux/386 2436f2b3b7d2 0B 0B
├─ linux/ppc64le 9ed53fd3b831 0B 0B
├─ linux/riscv64 1de5eb4a9a67 0B 0B
└─ linux/s390x fe0dcdd1f783 0B 0B
<untagged> c6c1bcb0fd8d 12.8MB 3.99MB
└─ linux/arm64 cb171c618ae8 12.8MB 3.99MB
<untagged> 7361ef970703 12.8MB 3.99MB
└─ linux/arm64 07033f43e44a 12.8MB 3.99MB
<untagged> 0c62c63b81ec 12.8MB 3.99MB
└─ linux/arm64 94742272117f 12.8MB 3.99MB
<untagged> 91dd947eebd0 12.8MB 3.99MB
└─ linux/arm64 ee55d203e26f 12.8MB 3.99MB
<untagged> 382d9f57e8d8 12.8MB 3.99MB
└─ linux/arm64 5256d47804e3 12.8MB 3.99MB
<untagged> 56fa17d2a7e7 12.8MB 3.99MB
├─ linux/amd64 483f502c0e6a 0B 0B
├─ linux/arm/v6 c79529000bdf 0B 0B
├─ linux/arm/v7 cc455d4b2c47 0B 0B
├─ linux/arm64/v8 508c1b94e1d2 12.8MB 3.99MB
├─ linux/386 f32403957113 0B 0B
├─ linux/ppc64le 23dbce23b88f 0B 0B
├─ linux/riscv64 f9d2da150cee 0B 0B
└─ linux/s390x 6bb03952a007 0B 0B
After this patch
docker image ls --tree
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
docker:cli 28fb556c1ea1 276MB 69.8MB
├─ linux/amd64 828f4f57525d 0B 0B
├─ linux/arm/v6 563c0b58e54b 0B 0B
├─ linux/arm/v7 6045d4846c59 0B 0B
└─ linux/arm64/v8 11e8dfd68841 276MB 69.8MB
alpine:latest a8560b36e8b8 12.8MB 3.99MB U
├─ linux/amd64 1c4eef651f65 0B 0B
├─ linux/arm/v6 903bfe2ae994 0B 0B
├─ linux/arm/v7 9c2d245b3c01 0B 0B
├─ linux/arm64/v8 757d680068d7 12.8MB 3.99MB U
├─ linux/386 2436f2b3b7d2 0B 0B
├─ linux/ppc64le 9ed53fd3b831 0B 0B
├─ linux/riscv64 1de5eb4a9a67 0B 0B
└─ linux/s390x fe0dcdd1f783 0B 0B
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The existing approach had some issues with how the control-chars
were escaped; also switching to use Dockerfile here-doc to make
it a bit more readable, and add some comments to the `.bashrc`.
Also make sure the MOTD isn't printed multiple times, and only
for interactive shells, and slightly tweak it with some colors.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this patch, image total content size would only include
container images content size.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This package needed an (internal) interface to abstract the lazy-regexp.
For this, I split the implementation from the exported implementation; this
also revealed that some functions are not used (at least not in our code
base), and we could consider deprecating these.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Based on the "lazyregexp" package in golang.org/x/mod;
https://cs.opensource.google/go/x/mod/+/refs/tags/v0.19.0:internal/lazyregexp/lazyre.go;l=66-78
This package allows defining regular expressions that should not be
compiled until used, but still providing validation to prevent
invalid regular expressions from producing a panic at runtime.
This is largely a copy of the package from golang.org/x/mod,
with FindAllStringSubmatch and ReplaceAllStringFunc added
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
31d6292458 mistakenly changed the `ToSpec`
function to set all certs passed via `external-ca` to empty strings.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
We can return early without executing the regular expression or evaluating
the template for `--format=json` or `--format='{{json .}}'`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Same functionality, but implemented with atomicwriter. There's a slight
difference in error-messages produced (but can be adjusted if we want).
Before:
docker container export -o ./no/such/foo mycontainer
failed to export container: invalid output path: directory "no/such" does not exist
docker container export -o /no/permissions mycontainer
failed to export container: stat /no/permissions: permission denied
After:
docker container export -o ./no/such/foo mycontainer
failed to export container: invalid file path: stat no/such: no such file or directory
docker container export -o /no/permissions mycontainer
failed to export container: failed to stat output path: lstat /no/permissions: permission denied
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Same functionality, but implemented with atomicwriter. There's a slight
difference in error-messages produced (but can be adjusted if we want).
Before:
docker image save -o ./no/such/foo busybox:latest
failed to save image: invalid output path: directory "no/such" does not exist
docker image save -o /no/permissions busybox:latest
failed to save image: stat /no/permissions: permission denied
After:
docker image save -o ./no/such/foo busybox:latest
failed to save image: invalid file path: stat no/such: no such file or directory
docker image save -o /no/permissions busybox:latest
failed to save image: failed to stat output path: lstat /no/permissions: permission denied
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/golang/go/compare/go1.23.7...go1.23.8
release notes: https://go.dev/doc/devel/release#go1.24.2
go1.23.8 (released 2025-04-01) includes security fixes to the net/http package,
as well as bug fixes to the runtime and the go command. See the Go 1.23.8
milestone on our issue tracker for details;
https://github.com/golang/go/issues?q=milestone%3AGo1.23.8+label%3ACherryPickApproved
From the mailing list:
Hello gophers,
We have just released Go versions 1.24.2 and 1.23.8, minor point releases.
These minor releases include 1 security fixes following the security policy:
- net/http: request smuggling through invalid chunked data
The net/http package accepted data in the chunked transfer encoding
containing an invalid chunk-size line terminated by a bare LF.
When used in conjunction with a server or proxy which incorrectly
interprets a bare LF in a chunk extension as part of the extension,
this could permit request smuggling.
The net/http package now rejects chunk-size lines containing a bare LF.
Thanks to Jeppe Bonde Weikop for reporting this issue.
This is CVE-2025-22871 and Go issue https://go.dev/issue/71988.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
gotest.tools' fs package only provides very minimal benefits here;
use stdlib functions to make things slightly more transparent.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Assert that the write succeeded; also changing `Fprintf` to `Fprint`,
because we were not using templating (we should check why no linter
complained about this).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test verifies the default behavior, but when running the test
in an environment that already has a ~/.docker/config.json present,
it may fail.
This patch updates the test to configure the config-directory to
point to an empty directory, making sure it's not affected by
state.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In most situations, the CLI is created through the `NewDockerCli` constructor,
however, it's possible to construct a CLI manually (`&DockerCli{}`). We
should probably prevent this (and un-export the `DockerCli` implementation),
but currently have some code-paths that depend on the type being exported.
When constructing the CLI with this approach, the CLI would not be fully
initialized and not have the context-store configuration set up.
Using the default context store without a config set will result in Endpoints
from contexts not being type-mapped correctly, and used as a generic
`map[string]any`, instead of a [docker.EndpointMeta].
When looking up the API endpoint (using [EndpointFromContext]), no endpoint
will be found, and a default, empty endpoint will be used instead which in
its turn, causes [newAPIClientFromEndpoint] to be initialized with the default
config instead of settings for the current context (which may mean; connecting
with the wrong endpoint and/or TLS Config to be missing).
I'm not sure if this situation could happen in practice, but it caused some
of our unit-tests ([TestInitializeFromClient] among others) to fail when
running outside of the dev-container on a host that used Docker Desktop's
"desktop-linux" context. In that situation, the test would produce the wrong
"Ping" results (using defaults, instead of the results produced in the test).
This patch:
- updates the contextStoreConfig field to be a pointer, so that we are
able to detect if a config was already set.
- updates the `Initialize` function to set the default context-store config
if no config was found (technically the field is mostly immutable, and
can only set through `WithDefaultContextStoreConfig`, so this may be
slightly redundant).
We should update this code to be less error-prone to use; the combination
of an exported type (`DockerCli`), a constructor `NewDockerCli` and a
`Initialize` function (as well as some internal contructors to allow
lazy initialization) make constructing the "CLI" hard to use, and there's
various codepaths where it can be in a partially initialized state. The
same applies to the default context store, which also requires too much
"domain" knowledge to use properly.
I'm leaving improvements around that for a follow-up.
[EndpointFromContext]: 33494921b8/cli/context/docker/load.go (L139-L149)
[docker.EndpointMeta]: 33494921b8/cli/context/docker/load.go (L19-L21)
[newAPIClientFromEndpoint]: 33494921b8/cli/command/cli.go (L295-L305)
[TestInitializeFromClient]: 33494921b8/cli/command/cli_test.go (L157-L205)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It was created for internal use, and is not part of the context-store
public API. It was introduced as part of the "zip import" functionality
added in 291e86289b. Initially it was
[non-exported][1], but during review, some suggestions were made to improve
the implementation, and the [suggested implementation][2] was based on
Go stdlib, but review overlooked that the implementation was now exported.
Let's un-export it, as this was (as outlined) never meant to be a public
type.
[1]: https://github.com/docker/cli/pull/1895#discussion_r287514522
[2]: https://github.com/docker/cli/pull/1895#discussion_r288688768
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This reverts commit fed9fa0f72.
This removes the ContextType field, which was temporarily added to provide
compatibility with the "compose-cli" wrapper that shipped with Docker Desktop.
The compose-cli wrapper extended the context struct with an additional field
that was not part of the CLI itself, but was used by Visual Studio to detect
the type of context.
This temporary field shipped as part of Docker 27.0 June 2024), which should
be enough time for Visual Studio to have adjusted their integration.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration options for experimental CLI features were deprecated in
docker 19.03 (3172219932), and enabled by
default since docker 20.10 (977d3ae046).
This deprecates the corresponding field in the config-file.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was only testing whether we could load a legacy config-file that
contained the "experimental" (experimental CLI) option. Experimental cli
options are disabled since 977d3ae046 (20.10),
and now enabled by default, but we should not fail to start the cli if the
config-file contains the option.
Move the test to the config package, as it doesn't need the cli for this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This looks like a copy/paste from other tests, because this test
does not test anything related to docker content trust.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was exported in 812f113685
for use in other parts of the CLI, but it's now only used locally.
Make it internal again, as it was never designed to be exported. There
are no known external consumers of this function, but deprecating it
first, in case there are.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was exported in e43c7920ea
for use of "docker app", which is now deprecated. The signature of this
function also depended on a non-exported type, so it could not be used
externally.
Make it internal again, as it was never designed to be exported. There
are no known external consumers of this function.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was exported in e43c7920ea
for use of "docker app", which is now deprecated. The signature of this
function also depended on a non-exported type so it could not be used
externally.
Make it internal again, as it was never designed to be exported. There
are no known external consumers of this function.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Remove RepositoryInfo as intermediate struct in some places; we want
to remove the use of this additional abstration. More changes are
needed to fully remove it, but chipping away its use in small bits.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's only used internally, and has no external consumers. Un-export
it, rename it to something more descriptive, and move it to a separate
file to align with other packages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was introduced in 79141ce5eb, which
was reverted in f596202125, and re-applied
in the previous commit.
Before this patch, saving credentials worked correctly;
docker login -u thajeztah
Password:
Login Succeeded
cat ~/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "REDACTED"
}
}
}
But when resolving the credentials, the credentials stored would not be found;
docker pull -q thajeztah/private-test-image
Error response from daemon: pull access denied for thajeztah/private-test-image, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
With this patch applied:
docker pull -q thajeztah/private-test-image
docker.io/thajeztah/private-test-image:latest
Thanks to mtrmac (Miloslav Trmač) for spotting this mistake!
Suggested-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This reverts commit f596202125, and reapplies
79141ce5eb.
> cli/command: remove uses of GetAuthConfigKey, ParseRepositoryInfo
>
> Re-implement locally, based on the code in github.com/docker/docker/registry,
> but leaving out bits that are not used on the client-side, such as
> configuration of Mirrors, and configurable insecure-registry, which
> are not used on the client side.
This commit contains a regression due to a typo in `authConfigKey`;
const authConfigKey = "https:/index.docker.io/v1/"
Which is missing a `/` after the scheme.
Which currently fails the TestRetrieveAuthTokenFromImage test.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's currently slower because it calls registry.ParseRepositoryInfo,
which does a DNS lookup for hostnames to determine if they're a loopback
address (and marked "insecure");
go test -v -run TestRetrieveAuthTokenFromImage
=== RUN TestRetrieveAuthTokenFromImage
=== RUN TestRetrieveAuthTokenFromImage/no-prefix
=== RUN TestRetrieveAuthTokenFromImage/docker.io
=== RUN TestRetrieveAuthTokenFromImage/index.docker.io
=== RUN TestRetrieveAuthTokenFromImage/registry-1.docker.io
=== RUN TestRetrieveAuthTokenFromImage/registry.hub.docker.com
=== RUN TestRetrieveAuthTokenFromImage/[::1]
=== RUN TestRetrieveAuthTokenFromImage/[::1]:5000
=== RUN TestRetrieveAuthTokenFromImage/127.0.0.1
=== RUN TestRetrieveAuthTokenFromImage/localhost
=== RUN TestRetrieveAuthTokenFromImage/localhost:5000
=== RUN TestRetrieveAuthTokenFromImage/no-auth.example.com
--- PASS: TestRetrieveAuthTokenFromImage (0.35s)
--- PASS: TestRetrieveAuthTokenFromImage/no-prefix (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/docker.io (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/index.docker.io (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/registry-1.docker.io (0.08s)
--- PASS: TestRetrieveAuthTokenFromImage/registry.hub.docker.com (0.12s)
--- PASS: TestRetrieveAuthTokenFromImage/[::1] (0.13s)
--- PASS: TestRetrieveAuthTokenFromImage/[::1]:5000 (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/127.0.0.1 (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/localhost (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/localhost:5000 (0.00s)
--- PASS: TestRetrieveAuthTokenFromImage/no-auth.example.com (0.01s)
PASS
ok github.com/docker/cli/cli/command 1.367s
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's a wrapper around Cobra's generator, but handles some special
cases. While rewriting, also rewrite the generator code to align
with the mddocs/yamldocs counterpart in docs/generate/
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The "Service.Auth" pretended to return a message from the registry,
but the message returned is hard-coded in the registry package.
Remove its use to make this more transparent, and not to pretend
this is anything returned by the registry.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Restore part of the code removed by 966b44183f
that closed the stream. It's required now because the Run command won't
finish before the output stream was processed by the caller.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Fix a regression introduced by 30c4637f03
which made the `docker run` command produce potentially truncated
stdout/stderr output.
Previous implementation stopped the content streaming as soon as the
container exited which would potentially truncate a long outputs.
This change fixes the issue by only canceling the IO stream immediately
if neither stdout nor stderr is attached.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
1 warning found (use docker --debug to expand):
- JSONArgsRecommended: JSON arguments recommended for CMD to prevent unintended behavior related to OS signals (line 120)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Cobra now defines a CompletionFunc for the same, so we can alias
it to that, and stop using our own definition.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- remove pruneFilters.Contains for checks, as this is already
handled by pruneFilters.ExactMatch.
- Update GoDoc to better describe the function's functionality
- Use a swtich instead of if/else.
This function should be moved to a separate package; possibly splitting
it out to a "Merge" function that accepts two filter.Args as argument.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use the same script as is used in moby/moby, which more gracefully
handles an existing `go.mod` (which can be symlinked) into account.
- keep the scripts called generic, and update the Makefile to invoke
them with the "with-go-mod.sh" script.
- use "go run" instead of building temporary binaries
- check if go-md2man exists before building a binary
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In order to be able to build the documentation without internet access
(as is required by some distribution build systems), all of the source
code needed for the build needs to be available in the source tarball.
This used to be possible with the docker-cli sources but was
accidentally broken with some CI changes that switched to downloading
the tools (by modifying go.mod as part of the docs build script).
This pattern also maked documentation builds less reproducible since the
tool version used was not based on the source code version.
Fixes: 7dc35c03fc ("validate manpages target")
Fixes: a650f4ddd0 ("switch to cli-docs-tool for yaml docs generation")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was only used internally, and has no known external consumers.
It was deprecated in e37d814ce96b01393a400c081666ea1cca2eb8bd; this commit
removes it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was only used internally, and has no known external consumers.
It was deprecated in d80436021c21c26b492f0014511f13f41d8b42d9; this commit
removes it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was only used by "docker trust sign", and has no known external
consumers. It was deprecated in c6f456bc90574f4180f3b990e8a4e216485e35b7;
this commit removes it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This method was a shallow wrapper around registryclient.NewRegistryClient but
due to its signature resulted in various dependencies becoming a dependency
of the "command" package. Consequence of this was that cli-plugins, which
need the cli/command package, would also get those dependencies. It is no
longer used, and was deprecated in 8ad07217dc.
This patch removes the RegistryClient method from the interface
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This method is a shallow wrapper around manifeststore.NewStore, but
due to its signature resulted in various dependencies becoming a dependency
of the "command" package. Consequence of this was that cli-plugins, which
need the cli/command package, would also get those dependencies. It is no
longer used, and was deprecated in e32d5d56f5.
This patch removes the ManifestStore method from the interface
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This method is a shallow wrapper around trust.GetNotaryRepository, but
due to its signature resulted in the trust package, and notary dependencies
to become a dependency of the CLI. Consequence of this was that cli-plugins,
which need the cli/command package, would also get notary and its
dependencies as a dependency. It is no longer used, and was deprecated
in 9bc16bbde0.
This patch removes the NotaryClient method from the interface
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Re-implement locally, based on the code in github.com/docker/docker/registry,
but leaving out bits that are not used on the client-side, such as
configuration of Mirrors, and configurable insecure-registry, which
are not used on the client side.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This package is not imported externally, and we don't need the added
functionality of pkg/errors here, so use stdlib errors.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This validation is now handled by the API-client since [moby@5d6b566],
so no longer needed to be done in the cli. This function was only used
internally and has no external consumers, so removing it without
deprecating first.
[moby@5d6b566]: 5d6b56699d
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Starting with [moby@b633c4c], the registry package handles this internally
and there's no longer a need to set the path manually for rootlessKit
[moby@b633c4c]: b633c4cc33
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
- Add runtime.Gosched() calls to encourage goroutine scheduling
- Increase the timeout from 10ms to 500ms
- Use poll.WaitOn with appropriate delays to ensure the goroutine has
spawned before checking
- Lock the test goroutines to its own thread
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
While there may be reasons to keep pkg/errors in production code,
we don't need them for this generator code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch propagates the error up the stack when running `docker info`
and a connection error to the server occurs.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This patch fixes the `TestRunAttachTermination` flaky runs.
It seems like we weren't halting on the `waitFunc` so if the
process was fast enough to setup the signal handler and execute
`waitExitOrRemoved`. We now instead wait for the `killCh` channel
to close inside the mocked `waitFunc`.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
Swarm has size constraints on the size of configs, but the client-side would
read content into memory, regardless its size. This could lead to either the
client reading too much into memory, or it sending data that's larger than
the size limit of gRPC, which resulted in the error not being handled by
SwarmKit and a generic gRPC error returned.
Reading a config from a file used a system.OpenSequential for reading
([FILE_FLAG_SEQUENTIAL_SCAN]). While there could be a very marginal benefit
to prevent polluting the system's cache (Windows won’t aggressively keep it
in the cache, freeing up system memory for other tasks). These details were
not documented in code, and possibly may be too marginal, but adding a comment
to outline won't hurt so this patch also adds a comment.
This patch:
- Factors out the reading code to a readConfigData, analogous to the
equivalent in secret create.
- Implements reading the data with a limit-reader to prevent reading
large files into memory.
- The limit is based on SwarmKits limits ([MaxConfigSize]), but made
twice that size, just in case larger sizes are supported in future;
the main goal is to have some constraints, and to prevent hitting
the gRPC limit.
- Updates some error messages to include STDIN (when used), or the
filename (when used).
Before this patch:
ls -lh largefile
-rw------- 1 thajeztah staff 8.1M Mar 9 00:19 largefile
docker config create nosuchfile ./nosuchfile
Error reading content from "./nosuchfile": open ./nosuchfile: no such file or directory
docker config create toolarge ./largefile
Error response from daemon: rpc error: code = ResourceExhausted desc = grpc: received message larger than max (8462870 vs. 4194304)
docker config create empty ./emptyfile
Error response from daemon: rpc error: code = InvalidArgument desc = config data must be larger than 0 and less than 1024000 bytes
cat ./largefile | docker config create toolarge -
Error response from daemon: rpc error: code = ResourceExhausted desc = grpc: received message larger than max (8462870 vs. 4194304)
cat ./emptyfile | docker config create empty -
Error response from daemon: rpc error: code = InvalidArgument desc = config data must be larger than 0 and less than 1024000 bytes
With this patch:
docker config create nosuchfile ./nosuchfile
error reading from ./nosuchfile: open ./nosuchfile: no such file or directory
docker config create empty ./emptyfile
error reading from ./emptyfile: data is empty
docker config create toolarge ./largefile
Error response from daemon: rpc error: code = InvalidArgument desc = config data must be larger than 0 and less than 1024000 bytes
cat ./largefile | docker config create toolarge -
Error response from daemon: rpc error: code = InvalidArgument desc = secret data must be larger than 0 and less than 1024000 bytes
cat ./emptyfile | docker config create empty -
error reading from STDIN: data is empty
[FILE_FLAG_SEQUENTIAL_SCAN]: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea#FILE_FLAG_SEQUENTIAL_SCAN
[MaxConfigSize]: https://pkg.go.dev/github.com/moby/swarmkit/v2@v2.0.0-20250103191802-8c1959736554/manager/controlapi#MaxConfigSize
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Swarm has size constraints on the size of secrets, but the client-side would
read content into memory, regardless its size. This could lead to either the
client reading too much into memory, or it sending data that's larger than
the size limit of gRPC, which resulted in the error not being handled by
SwarmKit and a generic gRPC error returned.
Reading a secret from a file was added in [moby@c6f0b7f], which used a
system.OpenSequential for reading ([FILE_FLAG_SEQUENTIAL_SCAN]). While
there could be a very marginal benefit to prevent polluting the system's
cache (Windows won’t aggressively keep it in the cache, freeing up system
memory for other tasks). These details were not documented in code, and
possibly may be too marginal, but adding a comment to outline won't hurt
so this patch also adds a comment.
This patch:
- Rewrites readSecretData to not return a nil-error if no file was
set, in stead only calling it when not using a driver.
- Implements reading the data with a limit-reader to prevent reading
large files into memory.
- The limit is based on SwarmKits limits ([MaxSecretSize]), but made
twice that size, just in case larger sizes are supported in future;
the main goal is to have some constraints, and to prevent hitting
the gRPC limit.
- Updates some error messages to include STDIN (when used), or the
filename (when used).
Before this patch:
ls -lh largefile
-rw------- 1 thajeztah staff 8.1M Mar 9 00:19 largefile
docker secret create nosuchfile ./nosuchfile
Error reading content from "./nosuchfile": open ./nosuchfile: no such file or directory
docker secret create toolarge ./largefile
Error response from daemon: rpc error: code = ResourceExhausted desc = grpc: received message larger than max (8462870 vs. 4194304)
docker secret create empty ./emptyfile
Error response from daemon: rpc error: code = InvalidArgument desc = secret data must be larger than 0 and less than 512000 bytes
cat ./largefile | docker secret create toolarge -
Error response from daemon: rpc error: code = ResourceExhausted desc = grpc: received message larger than max (8462870 vs. 4194304)
cat ./emptyfile | docker secret create empty -
Error response from daemon: rpc error: code = InvalidArgument desc = secret data must be larger than 0 and less than 512000 bytes
With this patch:
docker secret create nosuchfile ./nosuchfile
error reading from ./nosuchfile: open ./nosuchfile: no such file or directory
docker secret create empty ./emptyfile
error reading from ./emptyfile: data is empty
docker secret create toolarge ./largefile
Error response from daemon: rpc error: code = InvalidArgument desc = secret data must be larger than 0 and less than 512000 bytes
cat ./largefile | docker secret create toolarge -
Error response from daemon: rpc error: code = InvalidArgument desc = secret data must be larger than 0 and less than 512000 bytes
cat ./emptyfile | docker secret create empty -
error reading from STDIN: data is empty
[moby@c6f0b7f]: c6f0b7f448
[FILE_FLAG_SEQUENTIAL_SCAN]: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea#FILE_FLAG_SEQUENTIAL_SCAN
[MaxSecretSize]: https://pkg.go.dev/github.com/moby/swarmkit/v2@v2.0.0-20250103191802-8c1959736554/api/validation#MaxSecretSize
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function returned an error (if any) from [config.Path]. However, the
only situation in which an error could be returned was if the given path
to append to `config.Dir` was outside of the config directory. This can
only happen if the path to append would try to traverse directories (e.g.,
passing `../../cli-plugins`).
Given that we're passing a hard-coded value, that would not be the case,
so we can simplify the code to join the path directly, and don't have to
handle errors.
[config.Path]: 2d74733942/cli/config/config.go (L100-L107)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Skip the other logic, which includes listing all commands provided; if
there's no plugin-candidates, those steps won't be needed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This error-group was added in 89583b92b7, but
passed a context.TODO because the function didn't have a context as argument.
However, it does get the root-command passed, which holds the context, so
we can pass that.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We have tagged version v0.35.0 of golang.org/x/crypto in order to address
a security issue. Version v0.35.0 of golang.org/x/crypto fixes a vulnerability
in the golang.org/x/crypto/ssh package which could cause a denial of service.
SSH servers which implement file transfer protocols are vulnerable to a denial
of service attack from clients which complete the key exchange slowly, or not
at all, causing pending content to be read into memory, but never transmitted.
Thanks to Yuichi Watanabe for reporting this issue.
This is CVE-2025-22869 and Go issue https://go.dev/issue/71931.
full diff: https://github.com/golang/crypto/compare/v0.31.0...v0.35.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Go maintainers started to unconditionally update the minimum go version
for golang.org/x/ dependencies to go1.23, which means that we'll no longer
be able to support any version below that when updating those dependencies;
> all: upgrade go directive to at least 1.23.0 [generated]
>
> By now Go 1.24.0 has been released, and Go 1.22 is no longer supported
> per the Go Release Policy (https://go.dev/doc/devel/release#policy).
>
> For golang/go#69095.
This updates our minimum version to go1.23, as we won't be able to maintain
compatibility with older versions because of the above.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Seen failing when used elsewhere;
vendor/github.com/docker/cli/cli/command/formatter/displayutils.go:78:20: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function only needs access to the CLI's configfile; use the
config.Prider interface to be more clear on what's expected.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It was only used internally in cmd/docker and has no known external
consumers. Move it to cmd/docker and un-export it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This utility was only used internally, and has no external consumers;
move it to the "formatter" package, which is also imported in all files
using this utility.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's hard-coded to the API defaultversion, so we can use
that const directly. Ultimately, this should be something
returned by the API client configured on the CLI, not the
CLI itself.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This prevents users of the CLI that don't implement swarm-related
features from depending on the swarm API types.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use a consistent approach for producing warnings, but add a TODO for moving
this warning to the daemon, which can make a better call if it will work
or not (depending on networking mode).
This warning was originally added in [moby@afa92a9], before integration with
libnetwork, and this warning may be incorrect in many scenarios.
While updating, also removing the custom regular expression used to
detect if the IP is a loopback address, and using go's netip package
instead.
[moby@afa92a9]: afa92a9af0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This warning was originally added in [moby@3aa70c1], and moved to be printed
on both `run` and `create` in commit 7c514a31c9.
However, [moby@57f1305] (docker 19.03, API 1.40) moved such warnings to
the daemon side. The patch mentioned this issue:
> This patch will have one side-effect; docker cli's that also perform this check
> client-side will print the warning twice; this can be addressed by disabling
> the cli-side check for newer API versions, but will generate a bit of extra
> noise when using an older CLI.
The CLI does not take this into account currently, and still prints warnings
twice; even in cases where the option is not supported by the daemon, and
discarded:
On a host without OomKillDisable support:
docker create --oom-kill-disable alpine
WARNING: Disabling the OOM killer on containers without setting a '-m/--memory' limit may be dangerous.
WARNING: Your kernel does not support OomKillDisable. OomKillDisable discarded.
On a host that supports it:
docker create --oom-kill-disable alpine
WARNING: Disabling the OOM killer on containers without setting a '-m/--memory' limit may be dangerous.
WARNING: OOM killer is disabled for the container, but no memory limit is set, this can result in the system running out of resources.
This patch removes the client-side warning, leaving it to the daemon to
report if any warnings should produced (and the client to print them).
With this patch applied:
On a host without OomKillDisable support:
docker create --oom-kill-disable alpine
WARNING: Your kernel does not support OomKillDisable. OomKillDisable discarded.
On a host that supports it:
docker create --oom-kill-disable alpine
WARNING: OOM killer is disabled for the container, but no memory limit is set, this can result in the system running out of resources.
[moby@3aa70c1]: 3aa70c1948
[moby@57f1305]: 57f1305e74
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was shared between "image" and "container" packages,
all of which needed the trust package, so move it there instead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was shared between "trust" "image" and "plugin" packages,
all of which needed the trust package, so move it there instead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was only used by "docker trust sign"; inline the code
and deprecate the function.
This function has no known external consumers, so we should remove
it on the first possible ocassion (which could be a minor release).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The manager only requires the CLI's configuration; define a shallow interface
for this so that we don't have to import cli/command.
In addition to the CLI's configuration, `runHooks` also used the CLI's configured
StdErr output. We set the Cobra input and output streams to be the same as the
DockerCLI outputs in [newDockerCommand] and [newPluginCommand], so we can
get this from the Cobra command.
[newDockerCommand]: ea1f10b440/cmd/docker/docker.go (L148-L150)
[newPluginCommand]: ea1f10b440/cli-plugins/plugin/plugin.go (L166-L168)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The DOCKER_CLI_HINTS env-var is replaced by DOCKER_CLI_HOOKS; check the
new env-var first, and only fall back to checking the legacy env-var
if it's not set.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Order conditions to check for lightweight ones first;
- checck if the command is not nil
- dockerCli.Out().IsTerminal() is a lightweight getter
- dockerCli.HooksEnabled() checks for env-vars, parses booleans, and
reading the CLI config-file
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This method was a shallow wrapper around registryclient.NewRegistryClient but
due to its signature resulted in various dependencies becoming a dependency
of the "command" package. Consequence of this was that cli-plugins, which
need the cli/command package, would also get those dependencies. It is no
longer used in our code, which constructs the client in packages that need it,
so we can deprecate this method.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This method is a shallow wrapper around manifeststore.NewStore, but
due to its signature resulted in various dependencies becoming a dependency
of the "command" package. Consequence of this was that cli-plugins, which
need the cli/command package, would also get those dependencies. It is no
longer used in our code, which constructs the client in packages that need it,
so we can deprecate this method.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The CLI.RegistryClient method is a shallow wrapper around registryclient.NewRegistryClient
but due to its signature resulted in various dependencies becoming a dependency
of the "command" package. Consequence of this was that cli-plugins, which
need the cli/command package, would also get those dependencies.
This patch inlines the code where needed, skipping the wrapper
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The CLI.ManifestStore method is a shallow wrapper around manifeststore.NewStore
and has no dependency on the CLI itself. However, due to its signature resulted
in various dependencies becoming a dependency of the "command" package.
Consequence of this was that cli-plugins, which need the cli/command package,
would also get those dependencies.
- This patch inlines the code to produce the store, skipping the wrapper.
- Define a local interface for some tests where a dummy store was used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This method is a shallow wrapper around trust.GetNotaryRepository, but
due to its signature resulted in the trust package, and notary dependencies
to become a dependency of the CLI. Consequence of this was that cli-plugins,
which need the cli/command package, would also get notary and its
dependencies as a dependency. It is no longer used in our code, which
constructs the client in packages that need it, so we can deprecate this
method.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The CLI.NotaryClient method is a shallow wrapper around trust.GetNotaryRepository
and only depends on the CLI itself to pass its StdErr/StrOut streams.
- This patch inlines the code to produce the client, skipping the wrapper.
- Define a local interface for some tests where a dummy notary client was used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was added in 02719bdbb5, and
used newDefaultRepositoryEndpoint to get repository info for the given
image-reference.
newDefaultRepositoryEndpoint uses registry.ParseRepositoryInfo under the
hood, but the only information used from the result was the Name field,
which is set using `reference.TrimNamed(name)`. The possible error returned
was based on the domain-name of the image, and only checked for the domain
to not start, or end with a hyphen ("-").
This patch removes the use of RepoNameForReference, deprecates it, and
inlines the code used by it.
There are no known consumers of this function, so we can consider removing
it in the first possible release after this (which can be a minor release).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This type was added in 02719bdbb5, but was
never used outside of the package itself. This patch un-exports it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This type was added in 02719bdbb5, but was
never used;
git rev-parse --verify HEAD
02719bdbb5
git grep 'PutManifestOptions'
cli/registry/client/client.go:// PutManifestOptions is the data sent to push a manifest
cli/registry/client/client.go:type PutManifestOptions struct {
This patch removes it, because it's not used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These utility functions were added in 8890a1c929,
and are all related to OTEL. The ResourceAttributesEnvvar const defines
the "OTEL_RESOURCE_ATTRIBUTES" environment-variable to use, which is part
of the [OpenTelemetry specification], so should be considered a well-known
env-var, and not up to us to define a const for. These code-changes were not
yet included in a release, so we don't have to deprecate.
This patch:
- Moves the utility functions to the telemetry files, so that all code related
to OpenTelemetry is together.
- Un-exports the ResourceAttributesEnvvar to reduce our public API.
- Un-exports the DockerCliAttributePrefix to reduce depdency on cli/command
in CLI-plugins, but adds a TODO to move telemetry-related code to a common
(internal) package.
- Deprecates the cli-plugins/manager.ResourceAttributesEnvvar const. This
const has no known consumers, so we could skip deprecation, but just in
case some codebase uses this.
[OpenTelemetry specification]: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/#general-sdk-configuration
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The client was only using the Actions consts, but the trust package
also has a dependency on notary. Remove the import to prevent Notary
becoming a dependency for uses of the cli code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This uuid package was introduced in 89db01ef97,
but we want to reduce dependency on the old docker/distribution module.
Replace it with google/uuid, which is a commonly used module for this
and already a dependency.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This utility was shared between the "image" and "trust" packages, and a
shallow wrapper around features in the cli/trust package. Move it there
instead and rename it to `trust.AddToAllSignableRoles`.
There are no known external consumers of this utility, so skipping a
deprecation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These tests were not testing functionality that was implemented
in the image package. Move them to the trust package, where
they belong.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was only testing trust.GetSignableRoles to return an error
if it's offline, which was duplicating the [TestGetSignableRolesError]
test in the cli/trust package.
[TestGetSignableRolesError]: fe0a8d2791/cli/trust/trust_test.go (L49-L55)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a basic helper to provide the equivalent of passphrase.ConstantRetriever
with a fixed passphrase for testing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was only testing trust.GetSignableRoles to return an error
if it's offline, which was duplicating the [TestGetSignableRolesError]
test.
[TestGetSignableRolesError]: fe0a8d2791/cli/trust/trust_test.go (L49-L55)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was only testing trust.GetSignableRoles to return an error
if it's offline, which was duplicating the [TestGetSignableRolesError]
test.
[TestGetSignableRolesError]: fe0a8d2791/cli/trust/trust_test.go (L49-L55)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The test only validates that an error is produced because the notary
server is offline, and does not sent a passphrase.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a basic helper to provide the equivalent of passphrase.ConstantRetriever
with a fixed passphrase for testing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This var used to be vendored from github.com/docker/docker/registry, but was
removed there, and made a local var in a1cbaa827b.
It is (and should never be) modified, so let's change it into a const.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
[ParseRepositoryInfo] parses an image reference and returns information
about the Repository and the registry. As part of this, it validates if
the registry's hostname is considered valid using [ValidateIndexName],
as well as normalizing the image reference to strip tags and digests
using [reference.TrimNamed].
ValidateIndexName only provides very limited value; the only validation
happening is to check for the hostname to not start, or end with a hyphen.
The cli/command/manifest package used ParseRepositoryInfo in various
locations where only the repository name was used (i.e., the result
of `reference.TrimNamed` on the given reference), and in one location
only used it to validate the registry name.
For buildPushRequest, the call was fully redundant, as [RepoNameForReference]
was used on the result, calling [newDefaultRepositoryEndpoint], which
uses ParseRepositoryInfo internally, so we were only repeating that work.
This patch removes uses of ParseRepositoryInfo in those places, and instead
calling [reference.TrimNamed] directly.
[ParseRepositoryInfo]: 41f781fab3/registry/config.go (L375-L381)
[ValidateIndexName]: 41f781fab3/registry/config.go (L288-L299)
[reference.TrimNamed]: 41f781fab3/registry/config.go (L369)
[RepoNameForReference]: fe0a8d2791/cli/registry/client/endpoint.go (L107-L110)
[newDefaultRepositoryEndpoint]: fe0a8d2791/cli/registry/client/endpoint.go (L33-L38)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Don't allow unbounded amounts of splits.
Fixes GHSA-c6gw-w398-hv78 / CVE-2025-27144
- Various other dependency updates, small fixes, and documentation
updates in the full changelog
full diff: https://github.com/go-jose/go-jose/compare/v4.0.4...v4.0.5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- set default to 28
- remove minor version from matrix; docker:dind images also provide a
"docker:28-dind" which point to the latest minor version.
- remove TODO for 19.03, which is really out of scope now.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Not all flags have completions yet, and for those that don't have completion,
we disable completion to prevent it completing with filenames.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Change completion for nodes to use names by default, and bring back
support for the `DOCKER_COMPLETION_SHOW_NODE_IDS` env-var
f9ced58158/contrib/completion/bash/docker (L38)
With this patch:
docker node ps <tab>
docker-desktop self
export DOCKER_COMPLETION_SHOW_NODE_IDS=yes
docker node ps <TAB>
docker-desktop qyeriqk20al6hy4y869d08ff5 self
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The errors.Wrap and errors.Wrapf functions gracefully handle nil-errors.
This allows them to be used unconditionally regardless if an error
was produced.
While this can be convenient, it can also be err-prone, as replacing
these with stdlib errors means they unconditionally produce an error.
This patch replaces code uses of errors.Wrap to be gated by a check
for nil-errors to future-proof our code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before 2b9a4d5f4c, this function
would use "errors.Wrap" which returns nil if the original error
was nil. fmt.Errorf does not do this, so without a nil check,
it would unconditionally return an error;
docker context create arm64 --docker host=ssh://172.17.101.26,skip-tls-verify=False
unable to create docker endpoint config: name: %!w(<nil>)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Change completion for services to use names by default, and bring back
support for the `DOCKER_COMPLETION_SHOW_SERVICE_IDS` env-var
f9ced58158/contrib/completion/bash/docker (L41-L43)
Before this patch:
docker service ps
c9vrp2pwni9gx5ghat20rjpcy hmthf0tqws9xpmd87ok7diqly
With this patch:
docker service ps<TAB>
databaseservice webservice
export DOCKER_COMPLETION_SHOW_SERVICE_IDS=yes
docker service ps<TAB>
c9vrp2pwni9gx5ghat20rjpcy databaseservice hmthf0tqws9xpmd87ok7diqly webservice
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Remove the `docker.cli` prefixed attributes from
`OTEL_RESOURCE_ATTRIBUTES` after the telemetry provider has been created
within a plugin. This prevents accidentally sending the attributes to
something downstream for the user.
This also fixes an issue with compose where the self-injected `OTEL_RESOURCE_ATTRIBUTES`
would override an existing attribute in the environment file because the
"user environment" overrode the environment file, but the "user
environment" was created by the `docker` tool rather than by the user's
environment.
When `OTEL_RESOURCE_ATTRIBUTES` is empty after pruning, the environment
variable is unset.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Merge `OTEL_RESOURCE_ATTRIBUTES` when there is one already in the
environment. This allows user-specified resource attributes to be passed
on to CLI plugins while still allowing the extra attributes added for
telemetry information.
This was the original intended use-case but it seems to have never made
it in. The reason `OTEL_RESOURCE_ATTRIBUTES` was used is because we
could combine it with user-centric ones.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
WARN The linter 'tenv' is deprecated (since v1.64.0) due to: Duplicate feature another linter. Replaced by usetesting.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The regex was added before we migrateed from gometalinter in
dbd96badb6, and got migrated to golangci-lint
in b7e06f2845. The format used for the config
was invalid, and migrating it to the right format didn't make a difference,
so we can remove it.
As naked returns are generally not desirable, also setting the minimum func
length to 0 (i.e., don't allow any naked returns), instead of the default
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/container/cp.go:206:3: naked return in func `resolveLocalPath` with 5 lines of code (nakedret)
return
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/internal/oauth/jwt.go:62:3: naked return in func `GetClaims` with 9 lines of code (nakedret)
return
^
cli/internal/oauth/jwt.go:67:2: naked return in func `GetClaims` with 9 lines of code (nakedret)
return
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Also fix some unhandled errors
cli/debug/debug_test.go:12:3: os.Setenv() could be replaced by t.Setenv() in TestEnable (usetesting)
os.Setenv("DEBUG", "")
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/trust/signer_add_test.go:71:18: os.CreateTemp("", ...) could be replaced by os.CreateTemp(t.TempDir(), ...) in TestSignerAddCommandNoTargetsKey (usetesting)
tmpfile, err := os.CreateTemp("", "pemfile")
^
cli/command/trust/signer_add_test.go:133:18: os.CreateTemp("", ...) could be replaced by os.CreateTemp(t.TempDir(), ...) in TestIngestPublicKeys (usetesting)
tmpfile, err := os.CreateTemp("", "pemfile")
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cmd/docker/docker.go:35:7: unused-receiver: method receiver 'e' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (e errCtxSignalTerminated) Error() string {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/stack/swarm/client_test.go:47:7: unused-receiver: method receiver 'cli' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (cli *fakeClient) ServerVersion(context.Context) (types.Version, error) {
^
cli/command/stack/swarm/deploy_composefile_test.go:17:7: unused-receiver: method receiver 'n' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (n notFound) NotFound() {}
^
cli/command/stack/client_test.go:47:7: unused-receiver: method receiver 'cli' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (cli *fakeClient) ServerVersion(context.Context) (types.Version, error) {
^
cli/command/stack/client_test.go:183:7: unused-receiver: method receiver 'cli' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (cli *fakeClient) ServiceInspectWithRaw(_ context.Context, serviceID string, _ types.ServiceInspectOptions) (swarm.Service, []byte, error) {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/service/update_test.go:511:7: unused-receiver: method receiver 's' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (s secretAPIClientMock) SecretCreate(context.Context, swarm.SecretSpec) (types.SecretCreateResponse, error) {
^
cli/command/service/update_test.go:515:7: unused-receiver: method receiver 's' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (s secretAPIClientMock) SecretRemove(context.Context, string) error {
^
cli/command/service/update_test.go:519:7: unused-receiver: method receiver 's' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (s secretAPIClientMock) SecretInspectWithRaw(context.Context, string) (swarm.Secret, []byte, error) {
^
cli/command/service/generic_resource_opts.go:46: line-length-limit: line is 206 characters, out of limit 200 (revive)
return nil, fmt.Errorf("invalid generic-resource request `%s=%s`, Named Generic Resources is not supported for service create or update", res.NamedResourceSpec.Kind, res.NamedResourceSpec.Value)
cli/command/service/create_test.go:24:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f fakeConfigAPIClientList) ConfigCreate(_ context.Context, _ swarm.ConfigSpec) (types.ConfigCreateResponse, error) {
^
cli/command/service/logs.go:320:7: unused-receiver: method receiver 'lw' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (lw *logWriter) parseContext(details map[string]string) (logContext, error) {
^
cli/command/service/opts.go:45:7: unused-receiver: method receiver 'i' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (i *Uint64Opt) Type() string {
^
cli/command/service/update_test.go:523:7: unused-receiver: method receiver 's' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (s secretAPIClientMock) SecretUpdate(context.Context, string, swarm.Version, swarm.SecretSpec) error {
^
cli/command/service/create_test.go:28:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f fakeConfigAPIClientList) ConfigRemove(_ context.Context, _ string) error {
^
cli/command/service/opts.go:70:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f *floatValue) Type() string {
^
cli/command/service/opts.go:117:7: unused-receiver: method receiver 'o' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (o *placementPrefOpts) Type() string {
^
cli/command/service/create_test.go:32:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f fakeConfigAPIClientList) ConfigInspectWithRaw(_ context.Context, _ string) (swarm.Config, []byte, error) {
^
cli/command/service/create_test.go:36:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f fakeConfigAPIClientList) ConfigUpdate(_ context.Context, _ string, _ swarm.Version, _ swarm.ConfigSpec) error {
^
cli/command/service/opts.go:135:7: unused-receiver: method receiver 's' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (s *ShlexOpt) Type() string {
^
cli/command/service/opts.go:366:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *credentialSpecOpt) Type() string {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/system/dial_stdio.go:113:7: unused-receiver: method receiver 'x' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (x *nopCloseReader) CloseRead() error {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/container/client_test.go:78:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f *fakeClient) ContainerExecStart(context.Context, string, container.ExecStartOptions) error {
^
cli/command/container/create_test.go:383:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f fakeNotFound) NotFound() {}
^
cli/command/container/create_test.go:384:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f fakeNotFound) Error() string { return "error fake not found" }
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/trust/inspect_pretty_test.go:31:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *fakeClient) Info(context.Context) (system.Info, error) {
^
cli/command/trust/inspect_pretty_test.go:35:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *fakeClient) ImageInspect(context.Context, string, ...client.ImageInspectOption) (image.InspectResponse, error) {
^
cli/command/trust/inspect_pretty_test.go:39:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *fakeClient) ImagePush(context.Context, string, image.PushOptions) (io.ReadCloser, error) {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/registry/login_test.go:36:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *fakeClient) Info(context.Context) (system.Info, error) {
^
cli/command/registry/login_test.go:40:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *fakeClient) RegistryLogin(_ context.Context, auth registrytypes.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/swarm/opts.go:71:7: unused-receiver: method receiver 'a' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (a *NodeAddrOption) Type() string {
^
cli/command/swarm/opts.go:107:7: unused-receiver: method receiver 'm' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (m *ExternalCAOption) Type() string {
^
cli/command/swarm/opts.go:132:7: unused-receiver: method receiver 'p' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (p *PEMFile) Type() string {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/formatter/custom.go:35:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c SubHeaderContext) Label(name string) string {
^
cli/command/formatter/container_test.go:334: line-length-limit: line is 204 characters, out of limit 200 (revive)
context: Context{Format: NewContainerFormat(`table {{truncate .ID 5}}\t{{json .Image}} {{.RunningFor}}/{{title .Status}}/{{pad .Ports 2 2}}.{{upper .Names}} {{lower .Status}}`, false, true)},
cli/command/formatter/container_test.go:831: line-length-limit: line is 247 characters, out of limit 200 (revive)
expected: "80/tcp, 80/udp, 1024/tcp, 1024/udp, 12345/sctp, 1.1.1.1:1024->80/tcp, 1.1.1.1:1024->80/udp, 2.1.1.1:1024->80/tcp, 2.1.1.1:1024->80/udp, 1.1.1.1:80->1024/tcp, 1.1.1.1:80->1024/udp, 2.1.1.1:80->1024/tcp, 2.1.1.1:80->1024/udp",
cli/command/formatter/disk_usage.go:273:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *diskUsageImagesContext) Type() string {
^
cli/command/formatter/formatter_test.go:31:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f fakeSubContext) FullHeader() any {
^
cli/command/formatter/reflect_test.go:13:7: unused-receiver: method receiver 'd' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (d *dummy) Func1() string {
^
cli/command/formatter/disk_usage.go:324:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *diskUsageContainersContext) Type() string {
^
cli/command/formatter/disk_usage.go:332:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *diskUsageContainersContext) isActive(ctr container.Summary) bool {
^
cli/command/formatter/reflect_test.go:17:7: unused-receiver: method receiver 'd' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (d *dummy) func2() string { //nolint:unused
^
cli/command/formatter/reflect_test.go:21:7: unused-receiver: method receiver 'd' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (d *dummy) Func3() (string, int) {
^
cli/command/formatter/disk_usage.go:385:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *diskUsageVolumesContext) Type() string {
^
cli/command/formatter/disk_usage.go:446:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *diskUsageBuilderContext) Type() string {
^
cli/command/formatter/reflect_test.go:25:7: unused-receiver: method receiver 'd' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (d *dummy) Func4() int {
^
cli/command/formatter/reflect_test.go:31:7: unused-receiver: method receiver 'd' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (d *dummy) Func5() dummyType {
^
cli/command/formatter/reflect_test.go:35:7: unused-receiver: method receiver 'd' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (d *dummy) FullHeader() string {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli-plugins/manager/manager.go:35:7: unused-receiver: method receiver 'e' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (e errPluginNotFound) NotFound() {}
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
internal/test/cli.go:211:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *FakeCli) BuildKitEnabled() (bool, error) {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/cli.go💯7: unused-receiver: method receiver 'cli' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (cli *DockerCli) DefaultVersion() string {
^
cli/command/cli.go:234:7: unused-receiver: method receiver 'cli' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (cli *DockerCli) ManifestStore() manifeststore.Store {
^
cli/command/telemetry.go:57:7: unused-receiver: method receiver 'cli' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (cli *DockerCli) TracerProvider() trace.TracerProvider {
^
cli/command/telemetry.go:61:7: unused-receiver: method receiver 'cli' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (cli *DockerCli) MeterProvider() metric.MeterProvider {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/registry/client/fetcher.go:307:7: unused-receiver: method receiver 'n' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (n *notFoundError) NotFound() {}
^
cli/registry/client/endpoint.go:126:7: unused-receiver: method receiver 'th' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (th *existingTokenHandler) Scheme() string {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/internal/oauth/manager/manager_test.go:349:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f *fakeStore) Save() error {
^
cli/internal/oauth/manager/manager_test.go:357:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f *fakeStore) GetFilename() string {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/trust/trust.go:92:7: unused-receiver: method receiver 'scs' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (scs simpleCredentialStore) SetRefreshToken(*url.URL, string, string) {}
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/manifest/store/store.go:47:7: unused-receiver: method receiver 's' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (s *fsStore) getFromFilename(ref reference.Reference, filename string) (types.ImageManifest, error) {
^
cli/manifest/store/store.go:168:7: unused-receiver: method receiver 'n' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (n *notFoundError) NotFound() {}
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/compose/schema/schema.go:25:7: unused-receiver: method receiver 'checker' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (checker portsFormatChecker) IsFormat(input any) bool {
^
cli/compose/schema/schema.go:41:7: unused-receiver: method receiver 'checker' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (checker durationFormatChecker) IsFormat(input any) bool {
^
cli/compose/loader/loader.go:272:7: unused-receiver: method receiver 'e' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (e *ForbiddenPropertiesError) Error() string {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/internal/oauth/api/api.go:227:7: unused-receiver: method receiver 'a' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (a API) GetAutoPAT(ctx context.Context, audience string, res TokenResponse) (string, error) {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/config/configfile/file_test.go:189:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *mockNativeStore) Store(_ types.AuthConfig) error {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
opts/port.go:124:7: unused-receiver: method receiver 'p' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (p *PortOpt) Type() string {
^
opts/mount.go:218:7: unused-receiver: method receiver 'm' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (m *MountOpt) Type() string {
^
opts/quotedstring.go:16:7: unused-receiver: method receiver 's' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (s *QuotedString) Type() string {
^
opts/secret.go:82:7: unused-receiver: method receiver 'o' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (o *SecretOpt) Type() string {
^
opts/opts_test.go:235: line-length-limit: line is 283 characters, out of limit 200 (revive)
`foo.bar.baz.this.should.fail.on.long.name.because.it.is.longer.thanisshouldbethis.should.fail.on.long.name.because.it.is.longer.thanisshouldbethis.should.fail.on.long.name.because.it.is.longer.thanisshouldbethis.should.fail.on.long.name.because.it.is.longer.thanisshouldbe`,
opts/ulimit.go:61:7: unused-receiver: method receiver 'o' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (o *UlimitOpt) Type() string {
^
opts/weightdevice.go:82:7: unused-receiver: method receiver 'opt' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (opt *WeightdeviceOpt) Type() string {
^
opts/throttledevice.go:103:7: unused-receiver: method receiver 'opt' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (opt *ThrottledeviceOpt) Type() string {
^
opts/duration.go:49:7: unused-receiver: method receiver 'd' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (d *DurationOpt) Type() string {
^
opts/network.go:109:7: unused-receiver: method receiver 'n' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (n *NetworkOpt) Type() string {
^
opts/network.go:119:7: unused-receiver: method receiver 'n' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (n *NetworkOpt) String() string {
^
opts/opts.go:113:7: unused-receiver: method receiver 'opts' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (opts *ListOpts) Type() string {
^
opts/pull_behavior.go:13:7: unused-receiver: method receiver 'p' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (p *PullOpt) Type() string {
^
opts/config.go:83:7: unused-receiver: method receiver 'o' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (o *ConfigOpt) Type() string {
^
opts/gpus.go:95:7: unused-receiver: method receiver 'o' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (o *GpuOpts) Type() string {
^
opts/pull_behavior.go:23:7: unused-receiver: method receiver 'p' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (p *PullOpt) IsBoolFlag() bool {
^
opts/opts.go:183:7: unused-receiver: method receiver 'opts' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (opts *MapOpts) Type() string {
^
opts/opts.go:361:7: unused-receiver: method receiver 'o' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (o *FilterOpt) Type() string {
^
opts/opts.go:389:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *NanoCPUs) Type() string {
^
opts/opts.go:466:7: unused-receiver: method receiver 'm' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (m *MemBytes) Type() string {
^
opts/opts.go:501:7: unused-receiver: method receiver 'm' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (m *MemSwapBytes) Type() string {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/connhelper/commandconn/commandconn.go:256:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *commandConn) SetDeadline(t time.Time) error {
^
cli/connhelper/commandconn/commandconn.go:261:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *commandConn) SetReadDeadline(t time.Time) error {
^
cli/connhelper/commandconn/commandconn.go:266:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *commandConn) SetWriteDeadline(t time.Time) error {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/config/credentials/file_store_test.go:29:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f *fakeStore) GetFilename() string {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
internal/tui/colors.go:27:7: unused-receiver: method receiver 'a' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (a noColor) Apply(s string) string {
^
internal/tui/colors.go:31:7: unused-receiver: method receiver 'a' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (a noColor) String() string {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/cli_options.go:180: line-length-limit: line is 205 characters, out of limit 200 (revive)
return errdefs.InvalidParameter(errors.Errorf("failed to parse custom headers from %s environment variable: value must be formatted as comma-separated key=value pairs", envOverrideHTTPHeaders))
cli/command/cli_options.go:194: line-length-limit: line is 208 characters, out of limit 200 (revive)
return errdefs.InvalidParameter(errors.Errorf(`failed to set custom headers from %s environment variable: value contains a key=value pair with an empty key: '%s'`, envOverrideHTTPHeaders, kv))
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/internal/oauth/manager/manager_test.go:18: line-length-limit: line is 857 characters, out of limit 200 (revive)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cmd/docker/builder_test.go:130:7: unused-receiver: method receiver 'c' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (c *fakeClient) Ping(_ context.Context) (types.Ping, error) {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
handleImageToMount was an exact copy of handleBindToMount instead of
populating the ImageOptions.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Previously, multiple suggestions were provided when completing
commands like `run`, `history` and `push`. This change
limits completion to a single suggestion for the above and 2 suggestions for `tag`
Signed-off-by: Mohammed Aminu Futa <mohammedfuta2000@gmail.com>
- Add exported functions to preserve pkg/flag compatibility
- Add IPNetSlice and unit tests
- Revert the local fork added in 80a2256478,
which was pending the upstream feature to be shipped in a release.
full diff: https://github.com/spf13/pflag/compare/v1.0.5...v1.0.6
Revert "Swarm init: use local IPNetSliceValue"
This reverts commit 80a2256478.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Passing the context to the constructor, but explicitly making it
non-cancelable and add a comment describing why context-cancelation
should not be propagated.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Re-align the version with the main Dockerfile, which was missed when
I updated the version in 93a931920b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- un-deprecates `assert.ErrorType`, `cmp.ErrorType`
- assert: ensure message is always displayed and fix under bazel
- poll: Continue(): use format.Message for formatting
- fix TestFromDirSymlink on Windows due to missing drive-letter
- fix various linting issues and minor bugs
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.5.1...v3.5.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Without breaking API compatibility, this patch allows us to know whether
a returned `cli/StatusError` was caused by a context cancellation or
not, which we can use to provide a nicer UX and not print the Go
"context canceled" error message if this is the cause.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
This file is only used as default if no version is specified. We
should probably get rid of this, but let's update it to better
reflect the version that developer builds are building.
d48fb9f9f7/docker.Makefile (L22)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Users have trouble understanding the different login paths on the CLI.
The default login is performed through an OAuth flow with the option to
fallback to a username and PAT login using the docker login -u <username>
option.
This patch improves the text around docker login, indicating:
- The username is shown when already authenticated
- Steps the user can take to switch user accounts are printed when
authenticated in an info.
- When not authenticated, the OAuth login flow explains the fallback
clearly to the user in an info.
- The password prompt now explicitly states that it accepts a PAT in an
info.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
- Use stdlib multi-errors instead of creating our own
- use apiClient instead of client for the API client to
prevent shadowing imports.
- use dockerCLI with Go's standard camelCase casing.
- rewrite runServiceScale to return warnings, instead of printing them
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Use stdlib multi-errors instead of creating our own
- use apiClient instead of client for the API client to
prevent shadowing imports.
- use dockerCLI with Go's standard camelCase casing.
- rename runSecretRemove to runRemove to align with other commands
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- pass through the manifest-store, instead of the CLI as a whole
- handle context cancellation
- rename `runRm` to `runRemove` to align with other commands
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use stdlib multi-errors instead of creating our own; also
touch-up one error and some minor cleanups.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use apiClient instead of client for the API client to
prevent shadowing imports.
- use dockerCLI with Go's standard camelCase casing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use apiClient instead of client for the API client to
prevent shadowing imports.
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use apiClient instead of client for the API client to
prevent shadowing imports.
- use dockerCLI with Go's standard camelCase casing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch adds a "cause" to the `context.Context`
error when the user terminates the process through
SIGINT/SIGTERM.
This allows us to distinguish the cause of the
`context.Context` cancellation. In future we would
also be able to improve the UX of printed errors
based on the underlying cause.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
cmd/docker: fix possible race between ctx channel and signal channel
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
test: notifyContext
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
cmd/docker: print status on SIGTERM and not SIGINT
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
Tasks with a service filter will result in the daemon performing a lookup
of the full service ID, then updating the provided filter with the actual
ID: 96ded2a1ba/daemon/cluster/tasks.go (L15-L30)
The `getService()` helper has a fast-path for situations where the given
filter is a full ID, before falling back to fuzzy-logic to search filters
by service name or prefix, which would return an error if the result is
ambiguous;
96ded2a1ba/daemon/cluster/helpers.go (L62-L81)
The loop executed here calls `client.ServiceInspectWithRaw()` to get info
of the service, and that method is ultimately calling the exact same
`getService()` helper on the daemon side, which means that we don't need
to repeat the work; we can use the `Service.ID` resolved from that call,
and use it to apply as filter for listing the tasks.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use intermediate vars, so that the replicatedJobProgressUpdater can
be created in one go intead of setting some fields after the fact.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This check was redundant, because `errors.Join` already checks if the
list of errors is either empty, or only contains `nil` errors, as can
be seen in [this example][1];
package main
import (
"errors"
"testing"
)
func TestMultiErr(t *testing.T) {
var errs []error
if err := errors.Join(errs...); err != nil {
t.Fatal(err)
}
errs = append(errs, nil, nil, nil)
t.Logf("errs contains %d elements", len(errs))
if err := errors.Join(errs...); err != nil {
t.Fatal(err)
}
errs = append(errs, errors.New("with an error"))
if err := errors.Join(errs...); err == nil {
t.Fatal("expected an error")
}
}
[1]: https://go.dev/play/p/iSuGP81eght
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit 71ebbb81ae replaced the use of the
custom "cli.Errors" type for stdlib's errors.Join, however it made a
mistake by calling errors.Join for each error occurred, which "nests"
each error instead of putting each error at the same level.
Thanks to Paweł Gronowski for spotting this on the [pull request][1]
[1]: 71ebbb81ae (r1810257735)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- assert unhandled error
- reset command-args to prevent test failing when running from pre-compiled test-binary
- use a const and a slightly more unique name for the volume-name
- discard stdout/stderr output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- assert unhandled error
- use sub-tests
- add test-case for conflicting options (both flag and name)
- reset command-args to prevent test failing when running from pre-compiled test-binary
- use a const and a slightly more unique name for the volume-name
- discard stdout/stderr output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was the only command for which we set the "example" field; while
we could consider doing this for other commands, we need to look what's
best w.r.t. duplicating the information maintained in markdown.
Also remove the intermediate variable used for the long description,
as this was also the only location where we used one.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use apiClient instead of client for the API client to
prevent shadowing imports.
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use apiClient instead of client for the API client to
prevent shadowing imports.
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
- fix some tests to work with "go test -update"
- rewrite TestSwarmInit to use sub-tests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use apiClient instead of client for the API client to
prevent shadowing imports.
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use apiClient instead of client for the API client to
prevent shadowing imports.
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use apiClient instead of client for the API client to
prevent shadowing imports.
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use apiClient instead of client for the API client to
prevent shadowing imports.
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- use dockerCLI with Go's standard camelCase casing.
- suppress some errors to make my IDE and linters happier
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use Println to print newline instead of custom format
- suppress some errors to make my IDE and linters happier
- use res.Assert() with icmd.Expected{} where possible to make
assertions not depend on newline / whitespace randomness
- use apiClient instead of client for the API client to
prevent shadowing imports.
- use dockerCLI with Go's standard camelCase casing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While there may be reasons to keep pkg/errors in production code,
we don't need them for these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When splitting the docker CLI from the moby/moby repository, the dockerd
documentation and man-pages were moved to the CLI repository. This was a
bit of a bad choice, as now the documentation and code lived in separate
repositories, but when the CLI and dockerd packages were split, the man
page for dockerd ended up in the CLI package.
Starting with [moby@d6e9b5f], the dockerd man-page has been reintegrated
into the moby repository, so we cab remove it from the CLI repository.
[moby@d6e9b5f]: d6e9b5fe30
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The '--link' option should only be migrated to an endpoint
option if the network is user-defined ... there was already
an exception for network "default", but not for "bridge".
Signed-off-by: Rob Murray <rob.murray@docker.com>
Allows for the `jsonmessage.DisplayJSONMessagesStream` function
to correctly return when the context is cancelled with the appropriate
reason (`ctx.Error()`) instead of just a nil error.
Follow-up to 30a73ff19c
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
Co-authored-by: Paweł Gronowski <pawel.gronowski@docker.com>
go1.23.5 (released 2025-01-16) includes security fixes to the crypto/x509 and
net/http packages, as well as bug fixes to the compiler, the runtime, and the
net package. See the Go 1.23.5 milestone on our issue tracker for details;
- https://github.com/golang/go/issues?q=milestone%3AGo1.23.5+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.23.4...go1.23.5
Hello gophers,
We have just released Go versions 1.23.5 and 1.22.11, minor point releases.
These minor releases include 2 security fixes following the security policy:
- crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints
A certificate with a URI which has a IPv6 address with a zone ID may
incorrectly satisfy a URI name constraint that applies to the certificate
chain.
Certificates containing URIs are not permitted in the web PKI, so this
only affects users of private PKIs which make use of URIs.
Thanks to Juho Forsén of Mattermost for reporting this issue.
This is CVE-2024-45341 and Go issue https://go.dev/issue/71156.
- net/http: sensitive headers incorrectly sent after cross-domain redirect
The HTTP client drops sensitive headers after following a cross-domain redirect.
For example, a request to a.com/ containing an Authorization header which is
redirected to b.com/ will not send that header to b.com.
In the event that the client received a subsequent same-domain redirect, however,
the sensitive headers would be restored. For example, a chain of redirects from
a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization
header to b.com/2.
Thanks to Kyle Seely for reporting this issue.
This is CVE-2024-45336 and Go issue https://go.dev/issue/70530.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When printing image names, sort them by length and print the longest
first. This also allows them to use a full terminal width because they
are not printed alongside other columns.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This patch enables descriptions on the CLI completion script.
It used to be disabled due to the CLI historically not supporting
cobra v2 completions, as seen by this patch
cbec75e2f3.
As an escape hatch, the user can set the `DOCKER_CLI_DISABLE_COMPLETION_DESCRIPTION`
environment variable to disable the completion description when
generating the completion file with `docker completion <fish|bash|zsh>`.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
We moved to the major release branches with a `.x` suffix and forgot to
adjust this workflow to run on branches like `27.x`.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Non-distributable artifacts (also called foreign layers) were introduced in
docker v1.12 to accommodate Windows images for which the EULA did not allow
layers to be distributed through registries other than those hosted by Microsoft.
The concept of foreign / non-distributable layers was adopted by the OCI distribution
spec in [oci#233]. These restrictions were relaxed later to allow distributing
these images through non-public registries, for which a configuration was added
in Docker v17.0.6.0.
In 2022, Microsoft updated the EULA and [removed these restrictions][msft-3645201],
followed by the OCI distribution specification deprecating foreign layers in [oci#965].
In 2023, Microsoft [removed the use of foreign data layers][msft-3846833] for their images,
making this functionality obsolete.
Docker v28.0 deprecates the `--allow-nondistributable-artifacts` daemon flag and
corresponding `allow-nondistributable-artifacts` field in `daemon.json`. Setting
either option no longer takes an effect, but a deprecation warning log is added
to raise awareness about the deprecation. This warning is planned to become an
error in the Docker v29.0.
Users currently using these options are therefore recommended to remove this
option from their configuration to prevent the daemon from starting when
upgrading to Docker v29.0.
The `AllowNondistributableArtifactsCIDRs` and `AllowNondistributableArtifactsHostnames`
fields in the `RegistryConfig` of the `GET /info` API response are also deprecated.
For API version v1.48 and lower, the fields are still included in the response
but always `null`. In API version v1.49 and higher, the field will be omitted
entirely.
[oci#233]: https://github.com/opencontainers/image-spec/pull/233
[oci#965]: https://github.com/opencontainers/image-spec/pull/965
[msft-3645201]: https://techcommunity.microsoft.com/blog/containers/announcing-windows-container-base-image-redistribution-rights-change/3645201
[msft-3846833]: https://techcommunity.microsoft.com/blog/containers/announcing-removal-of-foreign-layers-from-windows-container-images/3846833
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- update github.com/Azure/go-ansiterm to v0.0.0-20250102033503-faa5f7b0171c
to fix OSC string terminator parsing.
- add security policy
- update github actions and test against go1.22, go1.23
full diff: https://github.com/moby/term/compare/v0.5.0...v0.5.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This flag was deprecated in docker v24.0, and no longer functional
since v25.0; fully removed in v26.0, so we can remove the docs
for this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This flag was deprecated in docker v24.0, and no longer functional
since v25.0; fully removed in v26.0, so we can remove the docs
for this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The use of pools here is unnecessary and creates a code dependency on
moby library which will move to internal.
The pool does not provide any value here since it is only done for a
single operation and unlikely performed in alongside other operations
which are re-using the buffers many times between garbage collections.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This snippet was added in [docker@38ec5d8][1]. The intent was to indicate
that an empty value is equivalent to passing "default" as value. However,
passing the `--isolation` flag _without a value_ (i.e., no `=` specified)
will fail in many cases, as any string after it will be parsed as value
(e.g. `docker run --isolation busybox` would consider `busybox` as value).
This patch removes these lines as they add more confusion than addressing.
[1]: 38ec5d86a3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Currently the cp will tar from the same directory it will untar into
simultaneously. There is a race between reading the file and truncating
the file for write, however, the race will not show up with a large
enough buffer on the tar side if buffered before the copy begins.
Also removes the unnecessary deferred removal, the removal is handled by
cleanup and respects the no cleanup env.
Signed-off-by: Derek McGowan <derek@mcg.dev>
contains a fix for CVE-2024-45338 / https://go.dev/issue/70906,
but it doesn't affect our codebase:
govulncheck -show=verbose ./...
Scanning your code and 1260 packages across 211 dependent modules for known vulnerabilities...
...
Vulnerability #1: GO-2024-3333
Non-linear parsing of case-insensitive content in golang.org/x/net/html
More info: https://pkg.go.dev/vuln/GO-2024-3333
Module: golang.org/x/net
Found in: golang.org/x/net@v0.32.0
Fixed in: golang.org/x/net@v0.33.0
Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.
full diff: https://github.com/golang/net/compare/v0.32.0...v0.33.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
update to the latest version of this dependency, which has a fix for a
authorization bypass in the ssh package. We don't use this functionality,
so there's no need to backport this change (other than de-noising false positives).
This is CVE-2024-45337 and Go issue https://go.dev/issue/70779.
full diff: https://github.com/golang/crypto/compare/v0.29.0...v0.31.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is a follow-up to 55e404e7a8, which
removed some warnings related to these fields.
These fields in the /info response were used to warn users if netfiltering
was not enabled on the host when the daemon started. Starting with
[moby@db25b0d], detecting whether netfiltering is enabled now
[happens when needed][1], making the state that's detected at startup
irrelevant.
These fields will therefore be deprecated in future, but we can start
removing their use in tests.
[moby@db25b0d]: db25b0dcd0
[1]: 944e403502/libnetwork/drivers/bridge/setup_bridgenetfiltering.go (L16-L77)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When running the tests with options set, such as `-update` for updating
"golden" files, this test would pick up test arguments because no arguments
were set to invoke the command;
go test . -update
Error: unknown shorthand flag: 'u' in -update
Usage:
events [OPTIONS] [flags]
Flags:
-f, --filter filter Filter output based on conditions provided
--format string Format output using a custom template:
'json': Print in JSON format
'TEMPLATE': Print output using the given Go template.
Refer to https://docs.docker.com/go/formatting/ for more information about formatting output with templates
-h, --help help for events
--since string Show all events created since timestamp
--until string Stream events until this timestamp
--- FAIL: TestEventsFormat (0.00s)
--- FAIL: TestEventsFormat/default (0.00s)
events_test.go:75: assertion failed: error is not nil: unknown shorthand flag: 'u' in -update
--- FAIL: TestEventsFormat/json (0.00s)
events_test.go:75: assertion failed: error is not nil: unknown shorthand flag: 'u' in -update
--- FAIL: TestEventsFormat/json_template (0.00s)
events_test.go:75: assertion failed: error is not nil: unknown shorthand flag: 'u' in -update
--- FAIL: TestEventsFormat/json_action (0.00s)
events_test.go:75: assertion failed: error is not nil: unknown shorthand flag: 'u' in -update
This patch:
- changes the test to use command-arguments instead of manually setting the
flag options; this also adds test-coverage for parsing actual command arguments.
- discards stdout/stderr of the command to prevent noise in test output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These warnings will no longer be returned by the daemon, so remove
them from the tests as well to make them more representative of
reality.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
gofumpt defaults to using the go version from go.mod, but as we don't
have one, we need to set it explicitly.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fixes compatibility with alpine 3.21
- Fix additional possible `xx-cc`/`xx-cargo` compatibility issue with Alpine 3.21
- Support for Alpine 3.21
- Fix `xx-verify` with `file` 5.46+
- Fix possible error taking lock in `xx-apk` in latest Alpine without `coreutils`
full diff: https://github.com/tonistiigi/xx/compare/v1.5.0...v1.6.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This field was added in 19515a7ad8,
but looks to be always set for endpoints used, so we can trim remote names
unconditionally.
This option was added for possible future expansion, allowing registry-
mirrors to get the full reference of the image (including domain-name),
for them to host a mirror for multiple upstreams on the same registry.
That approach will unlikely be implemented, and containerd has a different
approach for this, where the reference to the original registry is passed
through a query parameter instead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If STDOUT or STDERR are attached and the container exits, the streams
will be closed by the daemon while the container is exiting, causing
the streamer to return an error
61b02e636d/cli/command/container/hijack.go (L53)
that gets sent
61b02e636d/cli/command/container/run.go (L278)
and received
61b02e636d/cli/command/container/run.go (L225)
on `errCh`.
However, if only STDIN is attached, it's not closed (since this is
attached to the user's TTY) when the container exits, so the streamer
doesn't exit and nothing gets sent on `errCh`, meaning the CLI execution
hangs receiving on `errCh` on L231.
Change the logic to receive on both `errCh` and `statusChan` – this way,
if the container exits, we get notified on `statusChan` (even if only
STDIN is attached), and can cancel the streamer and exit.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Nondistributable artifacts are deprecated, and no longer used; we'll be
deprecating these fields, so let's already skip their use.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Various functions were passing through the API response as a whole, but
effectively only needed it for a status message (if any). Reduce what's
returned to only the message.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- also check errors that were previously not handled
- use the fakeCLI's buffer instead of creating one manually
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Be more explicit on not returning a response if there was an error;
change some non-exported functions to return a pointer, and return
nil instead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Now, if running in "detached" mode, we early exit at L222.
Similarly, if `attachContainer` errors out, it returns an error that
gets handled on L190.
As such, `errCh` can never be nil on L231. Remove the nil check.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Since everything else after the `apiClient.ContainerStart` block is
under an `if attach` conditional, we can move the "detached" early exit
up.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
During a `docker run`, the CLI has some different behavior/output
depending on whether the run is "detached" or not.
In some cases, the CLI is checking whether either `stdin`, `stdout` or
`stderr` are attached, but in other cases we're only checking `stdout`
and `stderr`, which leads to some inconsistencies:
```
$ docker run -a stdout --rm --name test alpine top
[docker kill test]
exit status 137
$ docker run -a stderr --rm --name test alpine top
[docker kill test]
exit status 137
$ docker run -a stdin --rm --name test alpine top
56820d94a89b96889478241ae68920323332c6d4cf9b51ba9340cba01e9e0565
[docker kill test]
[no exit code]
```
Since we're not checking for whether `stdin` is attached when deciding
whether to early exit without receiving on `statusChan`, the `docker run
-a stdin` is falling into the "detached mode" logic, which simply prints
the container ID and doesn't print/return the exit code.
This patch makes the "attached" checks consistent.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
The Class field was added because Docker Hub registry required a special
scope to be set for pulling plugins;
HTTP/1.1 401 Unauthorized
...
Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository(plugin):vieux/sshfs:pull",error="insufficient_scope"
This is no longer a requirement, and the field is no longer set.
updates 0ba820ed0b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fix a case where one inaccessible plugin search path stops the whole
search and prevents latter paths from being scanned.
Remove a preliminary `Stat` call that verifies whether path is an actual
directory and is accessible.
It's unneeded and doesn't actually check whether the directory can be
listed or not.
`os.ReadDir` will fail in such case anyway, so just attempt to do that
and ignore any encountered error, instead of erroring out the whole
plugin candidate listing.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This patch fixes the context cancellation
behaviour for the `runContainer` function,
specifically the `createContainer` function
introduced in this commit 991b1303da.
It delays stripping the `cancel` from the context
passed into the `runContainer` function so that
the `createContainer` function can be cancelled
gracefully by a SIGTERM/SIGINT.
This is especially true when the requested image
does not exist and `docker run` needs to `pull`
the image before creating the container.
Although this patch does gracefully cancel
the `runContainer` function it does not address
the root cause. Some functions in the call path
are not context aware, such as `pullImage`.
Future work would still be necessary to ensure
a consistent behaviour in the CLI.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
There's no need for `case=[xxx]` in table tests, Go does a good job of
formatting the test output and we're just adding the same information
for every test output line.
Previously:
```console
$ go test -count=1 -v -run=TestPromptForConfirmation ./cli/command
=== RUN TestPromptForConfirmation
=== RUN TestPromptForConfirmation/case=SIGINT
=== RUN TestPromptForConfirmation/case=no
=== RUN TestPromptForConfirmation/case=yes
=== RUN TestPromptForConfirmation/case=any
=== RUN TestPromptForConfirmation/case=with_space
=== RUN TestPromptForConfirmation/case=reader_closed
--- PASS: TestPromptForConfirmation (0.00s)
--- PASS: TestPromptForConfirmation/case=SIGINT (0.00s)
--- PASS: TestPromptForConfirmation/case=no (0.00s)
--- PASS: TestPromptForConfirmation/case=yes (0.00s)
--- PASS: TestPromptForConfirmation/case=any (0.00s)
--- PASS: TestPromptForConfirmation/case=with_space (0.00s)
--- PASS: TestPromptForConfirmation/case=reader_closed (0.00s)
PASS
ok github.com/docker/cli/cli/command 0.013s
```
After:
```console
go test -count=1 -v -run=TestPromptForConfirmation ./cli/command
=== RUN TestPromptForConfirmation
=== RUN TestPromptForConfirmation/SIGINT
=== RUN TestPromptForConfirmation/no
=== RUN TestPromptForConfirmation/yes
=== RUN TestPromptForConfirmation/any
=== RUN TestPromptForConfirmation/with_space
=== RUN TestPromptForConfirmation/reader_closed
--- PASS: TestPromptForConfirmation (0.00s)
--- PASS: TestPromptForConfirmation/SIGINT (0.00s)
--- PASS: TestPromptForConfirmation/no (0.00s)
--- PASS: TestPromptForConfirmation/yes (0.00s)
--- PASS: TestPromptForConfirmation/any (0.00s)
--- PASS: TestPromptForConfirmation/with_space (0.00s)
--- PASS: TestPromptForConfirmation/reader_closed (0.00s)
PASS
ok github.com/docker/cli/cli/command 0.009s
```
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
The commit guidelines are too vague and offer little guidance on
acceptable commit styles. This patch expands on what is acceptable
with some examples of what a commit is supposed to look like.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
Co-authored-by: Christopher Petito <47751006+krissetto@users.noreply.github.com>
If we have an error type that we're checking a substring against, we
should really be checking using ErrorContains to indicate the right
semantics to assert.
Mostly done using these transforms:
find . -type f -name "*_test.go" | \
xargs gofmt -w -r 'assert.Assert(t, is.ErrorContains(e, s)) -> assert.ErrorContains(t, e, s)'
find . -type f -name "*_test.go" | \
xargs gofmt -w -r 'assert.Assert(t, is.Contains(err.Error(), s)) -> assert.ErrorContains(t, err, s)'
find . -type f -name "*_test.go" | \
xargs gofmt -w -r 'assert.Check(t, is.Contains(err.Error(), s)) -> assert.Check(t, is.ErrorContains(err, s))'
As well as some small fixups to helpers that were doing
strings.Contains explicitly.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Instead of clearing the whole screen and then writing the new stats,
we now write the new stats on top of the old text, and then clear
the remaining text.
This is a more efficient way to update the stats, as it avoids the
flickering that happens when the screen is cleared and rewritten.
Signed-off-by: Giedrius Jonikas <giedriusj1@gmail.com>
make shell
make -C ./internal/gocompat/
GO111MODULE=on go test -v
# github.com/docker/cli/cli/command/container
../../cli/command/container/completion.go:37:28: implicit function instantiation requires go1.18 or later (-lang was set to go1.16; check go.mod)
../../cli/command/container/completion.go:82:25: implicit function instantiation requires go1.18 or later (-lang was set to go1.16; check go.mod)
../../cli/command/container/completion.go:92:27: implicit function instantiation requires go1.18 or later (-lang was set to go1.16; check go.mod)
FAIL gocompat [build failed]
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
builder/remotecontext/git/gitutils_test.go:116:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit 4a7b04d412 configured golangci-lint
to use go1.23 semantics, which enabled the copyloopvar linter.
go1.22 now creates a copy of variables when assigned in a loop; make sure we
don't have files that may downgrade semantics to go1.21 in case that also means
disabling that feature; https://go.dev/ref/spec#Go_1.22
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
GolangCI-lint attempts to deduct the Go version to lint for through the
go version specified in go.mod, which we don't have, and therefore it
falls back to go1.17 semantics:
level=warning msg="[linters_context] copyloopvar: this linter is disabled because the Go version (1.17) of your project is lower than Go 1.22
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
cli-plugins/manager/cobra.go:55:4: The copy of the 'for' variable "p" can be deleted (Go 1.22+) (copyloopvar)
p := p
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
cli/command/service/update.go:1061:3: The copy of the 'for' variable "entry" can be deleted (Go 1.22+) (copyloopvar)
entry := entry
^
cli/command/service/update.go:1089:4: The copy of the 'for' variable "port" can be deleted (Go 1.22+) (copyloopvar)
port := port
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
cli/compose/loader/merge.go:71:3: The copy of the 'for' variable "overrideService" can be deleted (Go 1.22+) (copyloopvar)
overrideService := overrideService
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
cli/command/container/opts.go:765:3: The copy of the 'for' variable "n" can be deleted (Go 1.22+) (copyloopvar)
n := n
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
cli/command/image/tree.go:59:4: The copy of the 'for' variable "im" can be deleted (Go 1.22+) (copyloopvar)
im := im
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
service/logs/parse_logs_test.go:50:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
service/logs/parse_logs_test.go:50:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
service/logs/parse_logs_test.go:50:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
service/logs/parse_logs_test.go:50:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
service/logs/parse_logs_test.go:50:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
service/logs/parse_logs_test.go:50:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
service/logs/parse_logs_test.go:50:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
service/logs/parse_logs_test.go:50:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.22 and up now produce a unique variable in loops, tehrefore no longer
requiring to capture the variable manually;
service/logs/parse_logs_test.go:50:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The command to run inside the container is `/etc`. The semicolon is a
statement terminator, which ends the command `docker run busybox /etc`,
while `echo $?` prints the exit code of that full docker command.
Having this mistake could confuse someone who thinks that `/etc; echo
$?` is all run inside the container, which wouldn't help the reader
understand the exit code of the `docker run` command itself.
Signed-off-by: Noah Silas <noah@hustle.com>
This change reduces the flickering of the terminal when
running `docker stats` by buffering the formatted stats
text and printing it in one write.
Should also consume less CPU as we now only have to issue
a single syscall to write the stats text to the terminal.
Signed-off-by: Giedrius Jonikas <giedriusj1@gmail.com>
Also updating a linter that was deprecated;
The linter 'exportloopref' is deprecated (since v1.60.2) due to: Since Go1.22 (loopvar) this linter is no longer relevant. Replaced by copyloopvar.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
remove a client-side warning about volume drivers combined with "mounts"
in favor of producing the warning on the daemon side.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The docker inspect command did not inspect configs. This patch adds support for
it, and while at it, also sorts the list of objects in runInspect.
Before this patch:
docker config create myconfig ./codecov.yml
danpeyh8qzb30vgdj9fr665l1
docker inspect --format='{{.ID}}' myconfig
[]
Error: No such object: myconfig
docker inspect --format='{{.ID}}' --type=config myconfig
"config" is not a valid value for --type
With this patch:
docker inspect --format='{{.ID}}' myconfig
danpeyh8qzb30vgdj9fr665l1
docker inspect --format='{{.ID}}' --type=config myconfig
danpeyh8qzb30vgdj9fr665l1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was names slightly confusing, as it returns a fakeStore,
and it didn't do any constructing, so didn't provide value above just
constructing the type.
I'm planning to add more functionality to the fakeStore, but don't want
to maintain a full-fledged constructor for all of that, so let's remove
this utility.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The Errors type was deprecated in d3bafa5f3e,
which has been included in the 27.4.0 release.
This patch removes the type, as there are no external consumers.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The format had a stray colon and space included. While fixing that, also
updating the error message to clarify the error happened while parsing
the file (not so much "loading" it).
Before:
WARNING: Error loading config file: /root/.docker/config.json: : json: cannot unmarshal bool into Go struct field ConfigFile.features of type string
After:
WARNING: Error parsing config file (/root/.docker/config.json): json: cannot unmarshal bool into Go struct field ConfigFile.features of type string
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this change, the config-file was always updated, even if there
were no changes to save. This could cause issues when the config-file
already had credentials set and was read-only for the current user.
For example, on NixOS, this poses a problem because `config.json` is a
symlink to a write-protected file;
$ readlink ~/.docker/config.json
/home/username/.config/sops-nix/secrets/ghcr_auth
$ readlink -f ~/.docker/config.json
/run/user/1000/secrets.d/28/ghcr_auth
Which causes `docker login` to fail, even if no changes were to be made;
Error saving credentials: rename /home/derek/.docker/config.json2180380217 /home/username/.config/sops-nix/secrets/ghcr_auth: invalid cross-device link
This patch updates the code to only update the config file if changes
were detected. It there's nothing to save, it skips updating the file,
as well as skips printing the warning about credentials being stored
insecurely.
With this patch applied:
$ docker login -u yourname
Password:
WARNING! Your credentials are stored unencrypted in '/root/.docker/config.json'.
Configure a credential helper to remove this warning. See
https://docs.docker.com/go/credential-store/
Login Succeeded
$ docker login -u yourname
Password:
Login Succeeded
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This message resulted in code-lines that were too long; move it to a
const together with the other hint. While at it, also suppress unhandled
error, and touch-up the code-comment.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Deprecation comments must have an empty line before them, otherwise tools
and linters may not recognise them. While fixing this, also updated the
reference to PromptUserForCredentials to be a docs-link to make it clickable.
Updates 6e4818e7d6.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If restoring the terminal state fails, "echo" no longer works, which means
that anything the user types is no longer shown. The login itself may already
have succeeded, so we should not fail the command, but it's good to inform
the user that this happened, which may give them a clue why things no longer
work as they expect them to work.
With this patch:
docker login -u yourname
Password:
Error: failed to restore terminal state to echo input: something bad happened
Login Succeeded
We should consider printing instructions how to restore this manually (other
than restarting the shell). e.g., 'run stty echo' when in a Linux or macOS shell,
but PowerShell and CMD.exe may need different instructions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
we don't support empty passwords; when prompting the user for a password,
we already trim the result, but we didn't do the same for a password that's
passed through stdin or through the `-p` / `--password` flag.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- move trimming defaultUsername inside the if-branch, as it's the only
location where the result of the trimmed username is use.
- do the reverse for trimming argUser, because the result of trimming
argUser is used outside of the if-branch (not just for the condition).
putting it inside the condition makes it easy to assume the result is
only used locally.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
move the "post" check for username being empty inside the branch
that's handling the username, as it's the only branch where username
is mutated after checking if it's empty.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
remove isDefaultRegistry and inline it where it's used; the code-comment
already outlines what we're looking for, so the intermediate var didn't
add much currently.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function has multiple conditional branches, which makes it harder
to see at a glance whether authConfig may be partially populated. This
patch instead returns a fresh instance for error returns to prevent any
confusion.
It also removes the named output variables, as they're now no longer used,
and the returned types should already be descriptive enough to understand
what's returned.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The Errors type is no longer used by the CLI itself, and this custom
"multi-error" implementation had both limitations (empty list not being
`nil`), as well as formatting not being great. All of this making it not
something to recommend, and better handled with Go's stdlib.
As far as I could find, there's no external consumers of this, but let's
deprecate first, and remove in the next release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This command was using a custom "multi-error" implementation, but it
had some limitations, and the formatting wasn't great.
This patch replaces it with Go's errors.Join.
Before:
docker plugin remove one two three
Error response from daemon: plugin "one" not found, Error response from daemon: plugin "two" not found, Error response from daemon: plugin "three" not found
After:
docker plugin remove one two three
Error response from daemon: plugin "one" not found
Error response from daemon: plugin "two" not found
Error response from daemon: plugin "three" not found
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Remove the registerCompletionFuncForGlobalFlags for now, as
the error it returned was ignored, so it didn't add much
benefit, other than abstracting things.
Split the underlying completion-functions to separate
functions, and add some basic tests for them.
Remove the completions helper, as it now didn't add much,
and it saved having the dependency on the package.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before:
go test -test.coverprofile -
PASS
coverage: 65.2% of statements
ok github.com/docker/cli/templates 0.607s
After:
go test -test.coverprofile -
PASS
coverage: 95.7% of statements
ok github.com/docker/cli/templates 0.259s
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Prevent some tests from failing when running from a pre-compiled
testbinary, and discard output to make the output less noisy.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit implements a validation
method for the port mappings.
Also, it removes the ports validation
method from the expose property
since they do not accept the
same type of values.
Signed-off-by: Stavros Panakakis <stavrospanakakis@gmail.com>
When running tests from my IDE, it compiles the tests before running,
then executes the compiled binary to run the tests. Cobra doesn't like that,
because in that situation os.Args is taken as argument for the command that's
executed. The command that's tested now sees the `test-` flags as arguments
(`-test.v -test.run ..`), which causes various tests to fail ("Command XYZ
does not accept arguments").
# compile the tests:
go test -c -o foo.test
# execute the test:
./foo.test -test.v -test.run TestFoo
=== RUN TestFoo
Error: "foo" accepts no arguments.
Set arguments to an empty slice to make sure it doesn't inherit arguments
from the test-binary.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was added in [moby@b2551c6] as part of a larger PR that implemented
unit tests in various packages. In this specific test, it looks like the
`imageSaveFunc` that's defined in the test-table was forgotten to be wired
up, causing all tests to effectively be skipped.
This patch wires up the function so that it's used in the test.
[moby@b2551c6]: b2551c619d
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
With this patch, completion is provided for `--platform` flags:
docker pull --platform<TAB>
linux linux/amd64 linux/arm/v5 linux/arm/v7 linux/arm64/v8 linux/riscv64 wasip1 windows
linux/386 linux/arm linux/arm/v6 linux/arm64 linux/ppc64le linux/s390x wasip1/wasm windows/amd64
Note that `docker buildx build` (with BuildKit) does not yet provide completion;
it's provided through buildx, and uses a different format (accepting multiple
comma-separated platforms). Interestingly, tab-completion for `docker build`
currently uses completion for non-buildkit, and has some other issues that may
have to be looked into.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
With this patch, completion is provided for `--platform` flags:
docker run --platform<TAB>
linux linux/amd64 linux/arm/v5 linux/arm/v7 linux/arm64/v8 linux/riscv64 wasip1 windows
linux/386 linux/arm linux/arm/v6 linux/arm64 linux/ppc64le linux/s390x wasip1/wasm windows/amd64
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a utility for completing platform strings.
Platforms offers completion for platform-strings. It provides a non-exhaustive
list of platforms to be used for completion. Platform-strings are based on
[runtime.GOOS] and [runtime.GOARCH], but with (optional) variants added. A
list of recognised os/arch combinations from the Go runtime can be obtained
through "go tool dist list".
Some noteworthy exclusions from this list:
- arm64 images ("windows/arm64", "windows/arm64/v8") do not yet exist for windows.
- we don't (yet) include `os-variant` for completion (as can be used for Windows images)
- we don't (yet) include platforms for which we don't build binaries, such as
BSD platforms (freebsd, netbsd, openbsd), android, macOS (darwin).
- we currently exclude architectures that may have unofficial builds,
but don't have wide adoption (and no support), such as loong64, mipsXXX,
ppc64 (non-le) to prevent confusion.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit adds tests for the commands
docker kill, docker commit, and docker
pause. Also, it creates the mock methods
of the docker client ContainerCommit and
ContainerPause so they can
be used in the tests.
For docker kill, it covers the
cases that:
- the command runs successfully
- the client returns an error
For docker commit, it covers
the cases that:
- the command runs successfully
- the client returns an error
For docker pause, it covers
the cases that:
- the command runs successfully
- the client returns an error
Signed-off-by: Stavros Panakakis <stavrospanakakis@gmail.com>
Move the code for parsing key-value files, such as used for
env-files and label-files to a separate package. This allows
other projects (such as compose) to use the same parsing
logic, but provide custom lookup functions for their situation
(which is slightly different).
The new package provides utilities for parsing key-value files
for either a file or an io.Reader. Most tests for EnvFile were
now testing functionality that's already tested in the new package,
so were (re)moved.
Co-authored-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- the function already trimmed leading whitespace from each line before
parsing. keys with trailing whitespace would be invalidated, and values
have whitespace preserved, so there's no need to trim whitespace for the
key.
- if a line is validated (key is valid), we don't need to reconstruct the
key=value by concatenating, and we can add the line as-is.
- check if the key is empty before checking if it contains whitespace
- touch-up comments
- rename some variables for readability
- slight cleanup to use early returns / early continues to reduce nesting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This error was originally introduced `ErrBadEnvVariable` in [moby/moby@500c8ba],
but merely for convenience, and not used as a sentinel error. After the code
was moved from the daemon to the cli repository, it was renamed to be more
generic `ErrBadKey` in commit 2b17f4c8a8.
A search on GitHub shows that there's no consumers using this error as
sentinel error, and it's not used in our own code as such, so it should
be safe to remove this error.
This patch removes the `ErrBadKey` error-type; it also removes the prefix
(`poorly formatted environment:`) to make the error more generic, because
the same function was used both for env-files and label-files.
[moby/moby@500c8ba]: 500c8ba4b6
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Use gotest.tools for assertions
- Check for expected error messages
- Don't check for ErrBadKey errors, as it's not used
as a sentinel error anywhere.
- Use t.SetEnv() instead of depending on `HOME` being set
- Use t.TempDir() for writing temporary files
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We used a hard-coded list of capabilities that we copied from containerd,
but the new "capability" package allows use to have a maintained list
of capabilities.
There's likely still some improvements to be made;
First of all, the capability package could provide a function to get the list
of strings.
On the completion-side, we need to consider what format is most convenient;
currently we use the canonical name (uppercase and "CAP_" prefix), however,
tab-completion is case-sensitive by default, so requires the user to type
uppercase letters to filter the list of options.
Bash completion provides a `completion-ignore-case on` option to make completion
case-insensitive (https://askubuntu.com/a/87066), but it looks to be a global
option; the current cobra.CompletionOptions also don't provide this as an option
to be used in the generated completion-script.
Fish completion has `smartcase` (by default?) which matches any case if
all of the input is lowercase.
Zsh does not have a dedicated option, but allows setting matching-rules
(see https://superuser.com/a/1092328).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This renames the `--time` flag as used on `docker stop` and `docker restart`
to `--timeout`, bringing it in line with other uses for this property,
such as `--stop-timeout` on `docker run`.
The `--time` option is deprecated and hidden, but will be kept for
backward compatibility, as these options existed for a long time.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit adds tests for the commands
docker diff and docker rename. Also,
it creates the mock methods of the
docker client ContainerDiff and
ContainerRename so they can
be used in the tests.
For docker diff, it covers the
cases that:
- the command runs successfully
- the client returns an error
- the container id is empty
For docker rename, it covers
the cases that:
- the command runs successfully
- the container old name is empty
- the container new name is empty
- the client returns an error
Co-authored-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Stavros Panakakis <stavrospanakakis@gmail.com>
Commit 964155cd tried to enclose all IPv6 addresses within brackets but
missed some cases. This commit fixes that, and adds a few test cases.
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
In 4b5a196fee, we changed the CLI global
meter provider shutdown in order to handle any error returned by the
metric export.
Unfortunately, we dropped a `defer` during the fix, which
causes the meter provider to be immediately shutdown after being created
and metrics to not be collected/exporter.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
- remove trailing whitespace
- pin to a versioned ubuntu version
- adjust timeout to be more within expected duration
- remove redundant git checkout, which is no longer needed
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
On Windows, the drive casing doesn't matter outside of WSL. For WSL, the
drives are lowercase. When we're producing a WSL path, lowercase the
drive letter.
Co-authored-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Co-authored-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
commit d7d56599ca updated this
repository to go1.22, but the codeql action didn't specify a
patch version, and was missed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This option was added in a08abec9f8d59eaa44c375900e254384a68c5a31,
as part of Docker v25.0, but did not update the docs and manpage.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It was deprecated in 27.0x through 7ea9acc97f4c884ecdaebd06ed0353b28263d118,
and removed in ae96ce866f4b3dc09dc4eab019d7725a63623d94.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The --feature flag allows the boolean value to be omitted.
If only a name is provided, the default is "true".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit f13c08246d93dd5aae200d5881a3a374e6cac876 introduced
this flag, but did not yet update the manpage.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Breaking change: The .ToOCI() functions in the specs-go package have been
removed. This removes the dependency on the OCI runtime specification from
the CDI specification definition itself.
What's Changed
- Add workflow to mark prs and issues as stale
- Remove the ToOCI functions from the specs-go package
- docs: add a pointer to community meetings in our docs.
- Bump spec version to v0.8.0
- Update spec version in README
Full diff: https://github.com/cncf-tags/container-device-interface/compare/v0.7.2...v0.8.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This checks for the equivalent WSL mount path on windows. WSL will mount
the windows drives at `/mnt/c` (or whichever drive is being used).
This is done by parsing a UNC path with forward slashes from the unix
socket URL.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
The `Commit` type was introduced in 2790ac68b3,
to assist triaging issues that were reported with an incorrect version of
runc or containerd. At the time, both `runc` and `containerd` were not yet
stable, and had to be built from a specific commit to guarantee compatibility.
We encountered various situations where unexpected (and incompatible) versions
of those binaries were packaged, resulting in hard to trace bug-reports.
For those situations, a "expected" version was set at compile time, to
indicate if the version installed was different from the expected version;
docker info
...
runc version: a592beb5bc4c4092b1b1bac971afed27687340c5 (expected: 69663f0bd4b60df09991c08812a60108003fa340)
Both `runc` and `containerd` are stable now, and docker 19.03 and up set the
expected version to the actual version since c65f0bd13c
and 23.0 did the same for the `init` binary b585c64e2b,
to prevent the CLI from reporting "unexpected version".
In short; the `Expected` fields no longer serves a real purpose, so we should
no longer print it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This command was declaring that it requires at least 1 argument, when it
needs exactly 1 argument. This was causing the CLI to panic when the
command was invoked with no argument:
`docker volume update`
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
- https://github.com/golang/go/issues?q=milestone%3AGo1.22.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.22.6...go1.22.7
These minor releases include 3 security fixes following the security policy:
- go/parser: stack exhaustion in all Parse* functions
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
This is CVE-2024-34155 and Go issue https://go.dev/issue/69138.
- encoding/gob: stack exhaustion in Decoder.Decode
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.
This is a follow-up to CVE-2022-30635.
Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu) for reporting this issue.
This is CVE-2024-34156 and Go issue https://go.dev/issue/69139.
- go/build/constraint: stack exhaustion in Parse
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
This is CVE-2024-34158 and Go issue https://go.dev/issue/69141.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.23.1
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
commit fcfdd7b91f introduced github.com/pkg/browser
as a direct dependency, but it ended up in the group for indirect dependencies.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We publish this page on docs.docker.com, and hugo expects index pages
for sections to be named _index.md. We currently rename the page when we
mount it to the docs repo but might as well change the filename in the
source.
Also adds a linkTitle to the page, which is a shorter title that will be
used in the sidebar navigation and breadcrumbs.
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Running `docker login` in a non-interactive environment sometimes errors
out if no username/pwd is provided. This handling is somewhat
inconsistent – this commit addresses that.
Before:
| `--username` | `--password` | Result |
|:------------:|:------------:| ------------------------------------------------------------------ |
| ✅ | ✅ | ✅ |
| ❌ | ❌ | `Error: Cannot perform an interactive login from a non TTY device` |
| ✅ | ❌ | `Error: Cannot perform an interactive login from a non TTY device` |
| ❌ | ✅ | hangs |
After:
| `--username` | `--password` | Result |
|:------------:|:------------:| ------------------------------------------------------------------ |
| ✅ | ✅ | ✅ |
| ❌ | ❌ | `Error: Cannot perform an interactive login from a non TTY device` |
| ✅ | ❌ | `Error: Cannot perform an interactive login from a non TTY device` |
| ❌ | ✅ | `Error: Cannot perform an interactive login from a non TTY device` |
It's worth calling out a separate scenario – if there are previous,
valid credentials, then running `docker login` with no username or
password provided will use the previously stored credentials, and not
error out.
```console
cat ~/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "xxxxxxxxxxx"
}
}
}
⭑ docker login 0>/dev/null
Authenticating with existing credentials...
Login Succeeded
```
This commit also applies the same non-interactive handling logic to the
new web-based login flow, which means that now, if there are no prior
credentials stored and a user runs `docker login`, instead of initiating
the new web-based login flow, an error is returned.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Previously, if while polling for oauth device-code login results a user
suspended the process (such as with CTRL-Z) and then restored it with
`fg`, an error might occur in the form of:
```
failed waiting for authentication: You are polling faster than the specified interval of 5 seconds.
```
This is due to our use of a `time.Ticker` here - if no receiver drains
the ticker channel (and timers/tickers use a buffered channel behind the
scenes), more than one tick will pile up, causing the program to "tick"
twice, in fast succession, after it is resumed.
The new implementation replaces the `time.Ticker` with a `time.Timer`
(`time.Ticker` is just a nice wrapper) and introduces a helper function
`resetTimer` to ensure that before every `select`, the timer is stopped
and it's channel is drained.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
The `.variables` sets `CGO_ENABLED=1` on arm; b0c41b78d8/scripts/build/.variables (L57-L68)
And if enabled, it sets `-buildmode=pie`; b0c41b78d8/scripts/build/.variables (L79-L88)
But that looks to be conflicting with the hardcoded `CGO_ENABLED=0` in
this script, which causes the build to fail on go1.22;
> [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache xx-go --wrap && TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*:
0.127 Building static docker-helloworld
0.127 + CGO_ENABLED=0
0.127 + GO111MODULE=auto
0.127 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=5c123b1" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-02T13:52:17Z" -X "github.com/docker/cli/cli/version.Version=pr-5387" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
0.135 -buildmode=pie requires external (cgo) linking, but cgo is not enabled
This patch sets the CGO_ENABLED variable before sourcing `.variables`,
so that other variables which are conditionally set are handled correctly.
Before this PR:
#18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache xx-go --wrap && TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
#18 0.123 Building static docker-helloworld
#18 0.124 + CGO_ENABLED=0
#18 0.124 + GO111MODULE=auto
#18 0.124 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=c8c402e" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T08:28:25Z" -X "github.com/docker/cli/cli/version.Version=pr-5381" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
....
With this PR:
#18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache xx-go --wrap && TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
#18 0.110 Building static docker-helloworld
#18 0.110 + GO111MODULE=auto
#18 0.110 + go build -o /out/plugins-linux-arm/docker-helloworld -tags '' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=050d9d6" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T09:19:05Z" -X "github.com/docker/cli/cli/version.Version=pr-5387"' github.com/docker/cli/cli-plugins/examples/helloworld
....
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Normalization/converting the registry address to just a hostname happens
inside of `command.GetDefaultAuthConfig`. Use this value for the rest of
the login flow/storage.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
This reverts commit e6624676e0.
Since e6624676e0, during login, we started
normalizing `registry-1.docker.io` to `index.docker.io`. This means that
if a user logs in with `docker login -u [username]
registry-1.docker.io`, the user's credentials get stored in
credhelpers/config.json under `https://index.docker.io/v1/`.
However, while the registry code normalizes an image reference without
registry (`docker pull alpine:latest`) and image references explicitly for
`index.docker.io` (`docker pull index.docker.io/library/alpine:latest`)
to the official index server (`https://index.docker.io/v1/`), and
fetches credentials for that auth key, it does not normalize
`registry-1.docker.io`, which means pulling explicitly from there
(`docker pull registry-1.docker.io/alpine:latest`) will not use
credentials stored under `https://index.docker.io/v1/`.
As such, until changes are made to the registry/pull/push code to
normalize `registry-1.docker.io` to `https://index.docker.io/v1/`, we
should not normalize this during login.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
cli/required.go:33:22: param min has same name as predeclared identifier (predeclared)
func RequiresMinArgs(min int) cobra.PositionalArgs {
^
cli/required.go:50:22: param max has same name as predeclared identifier (predeclared)
func RequiresMaxArgs(max int) cobra.PositionalArgs {
^
cli/required.go:67:24: param min has same name as predeclared identifier (predeclared)
func RequiresRangeArgs(min int, max int) cobra.PositionalArgs {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
e2e/global/cli_test.go:217:28: printf: non-constant format string in call to gotest.tools/v3/poll.Continue (govet)
return poll.Continue(err.Error())
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/utils.go:225:29: printf: non-constant format string in call to github.com/pkg/errors.Wrapf (govet)
return errors.Wrapf(err, fmt.Sprintf("invalid output path: %q must be a directory or a regular file", path))
^
cli/command/manifest/cmd.go:21:33: printf: non-constant format string in call to fmt.Fprintf (govet)
fmt.Fprintf(dockerCli.Err(), "\n"+cmd.UsageString())
^
cli/command/service/remove.go:45:24: printf: non-constant format string in call to github.com/pkg/errors.Errorf (govet)
return errors.Errorf(strings.Join(errs, "\n"))
^
cli/command/service/scale.go:93:23: printf: non-constant format string in call to github.com/pkg/errors.Errorf (govet)
return errors.Errorf(strings.Join(errs, "\n"))
^
cli/command/stack/swarm/remove.go:74:24: printf: non-constant format string in call to github.com/pkg/errors.Errorf (govet)
return errors.Errorf(strings.Join(errs, "\n"))
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/system/info.go:375:5: S1009: should omit nil check; len() for []github.com/docker/docker/api/types/system.NetworkAddressPool is defined as zero (gosimple)
if info.DefaultAddressPools != nil && len(info.DefaultAddressPools) > 0 {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
On `docker ps`, port bindings with an IPv6 HostIP should have their
addresses put into brackets when joining them to their ports.
RFC 3986 (Section 3.2.2) stipulates that IPv6 addresses should be
enclosed within square brackets. This RFC is only about URIs. However,
doing so here helps user identifier what's part of the IP address and
what's the port. It also makes it easier to copy/paste that
'[addr]:port' into other software (including browsers).
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
Don't output the extra spacing around the images when none of the
top-level image entries has any children.
This makes the list look better when ran against the graphdrivers image
store.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This commit adds support for the oauth [device-code](https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow)
login flow when authenticating against the official registry.
This is achieved by adding `cli/internal/oauth`, which contains code to manage
interacting with the Docker OAuth tenant (`login.docker.com`), including launching
the device-code flow, refreshing access using the refresh-token, and logging out.
The `OAuthManager` introduced here is also made available through the `command.Cli`
interface method `OAuthManager()`.
In order to maintain compatibility with any clients manually accessing
the credentials through `~/.docker/config.json` or via credential
helpers, the added `OAuthManager` uses the retrieved access token to
automatically generate a PAT with Hub, and store that in the
credentials.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
The addSSHTimeout and disablePseudoTerminalAllocation were added in commits
a5ebe2282a and f3c2c26b10,
and called inside the Dialer function, which means they're called every
time the Dialer is called. Given that the sshFlags slice is not mutated
by the Dialer, we can call these functions once.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
avoided the join, also did manual iteration
added test, also added reflect for the DeepEqual comparison
Signed-off-by: Archimedes Trajano <developer@trajano.net>
removes (indirect) dependencie on the moby/sys/user/userns package, which
was retracted and moved to moby/sys/userns
- full diff: f3cf9359bd...2269acc7a3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Test "--device-read-bps" "--device-write-bps" will fail. The root
cause is that GetList helper return empty as its local variable
initialized to zero size.
This patch fix it by setting the related slice size to non-zero.
Signed-off-by: Jianyong Wu <wujianyong@hygon.cn>
Fixes: #5321
Based on the security policy in the Moby repository (with the name
of the project changed, and a link to to the Moby documentation for
maintained branches).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was just incorrect (and testing incorrect
behavior): it was checking that `docker run` exited with a `context
canceled` error after signalling the CLI/cancelling the command's
context, but this was incorrect (and was fixed in
991b1303da - which was when this test
started failing).
However, since this test assertion was happening inside of a goroutine,
it would sometimes pass if this assertion didn't get to run before the
test suite terminated. It was flaky because sometimes this assertion
inside the goroutine did get to execute, but after the test finished
execution, which is a big no-no.
As an aside, assertions inside goroutines are generally bad, and `govet`
even has a linter for this (but it only catches `t.Fatal` and `t.FailNow`
calls and not `assert.Xx`.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Such as with `docker run`, if a user CTRL-Cs while attached to a
container, we should forward the signal and wait for the exit from
`ContainerWait`, instead of just returning.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
full diff: aae044039c...2b1097f080
The userns package in libcontainer was integrated into the moby/sys/user
module at commit 3778ae603c706494fd1e2c2faf83b406e38d687d.
The userns package is used in many places, and currently either depends
on runc/libcontainer, or on containerd, both of which have a complex
dependency tree. This patch is part of a series of patches to unify the
implementations, and to migrate toward that implementation to simplify
the dependency tree.
[3778ae603c706494fd1e2c2faf83b406e38d687d]: 3778ae603c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In 3f0d90a2a9 we introduced a global
signal handler and made sure all the contexts passed into command
execution get (appropriately) cancelled when we get a SIGINT.
Due to that change, and how we use this context during `docker attach`,
we started to return the context cancelation error when a user signals
the running `docker attach`.
Since this is the intended behavior, we shouldn't return an error, so
this commit adds checks to ignore this specific error in this case.
Also adds a regression test.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Looks like this test was failing due to bad syntax on the `while` loop,
which caused it to die after 1 second. If the test took a bit longer,
the process would be dead before the following assertions run, causing
the test to fail/be flaky.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
use current LTS versions of ubuntu where suitable, remove uses of
ubuntu:23.10 (which reache EOL), and and update some other examples
to use more current versions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This environment variable allows for setting additional headers
to be sent by the client. Headers set through this environment
variable are added to headers set through the config-file (through
the HttpHeaders field).
This environment variable can be used in situations where headers
must be set for a specific invocation of the CLI, but should not
be set by default, and therefore cannot be set in the config-file.
WARNING: If both config and environment-variable are set, the environment
variable currently overrides all headers set in the configuration file.
This behavior may change in a future update, as we are considering the
environment variable to be appending to existing headers (and to only
override headers with the same name).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We'll be using release branches for minor version updates, so instead
of (e.g.) a 27.0 branch, we'll be using 27.x and continue using the
branch for minor version updates.
This patch changes the validation step to only compare against the
major version.
Co-authored-by: Cory Snider <corhere@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The fileStore itself is aware that it's insecure, so we can make it
responsible for printing the warning. It's not "perfect", as we use
`os.Stderr` unconditionally (not `dockerCli.Err()`), but probably won't
make a difference in _most_ cases.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Add an empty line before the warning to separate it from the command's output
- Use the `/go/` redirect URL that we have available.
- Put quotes around the filename used for storage.
- Use present tense for the message, as the message is printed while saving.
- User "credentials" instead of "password" for consistency with "credentials-store"
Before:
docker login myregistry.example.com
Username: thajeztah
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores
Login Succeeded
After:
docker login myregistry.example.com
Username: thajeztah
Password:
WARNING! Your credentials are stored unencrypted in '/root/.docker/config.json'.
Configure a credential helper to remove this warning. See
https://docs.docker.com/go/credential-store/
Login Succeeded
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If we fail to save credentials, make sure that the error about saving
doesn't get lost in the warning about credentials being stored unencrypted.
Also discard errors about printing the warning, as those would be unlikely,
and if they would occur, probably would fail to be printed as well.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `reportError` utility was present because cli.StatusError would print
the error decorated with `Status: <error-message>, Code: <exit-code>`.
That was not desirable in many cases as it would mess-up the output. To
prevent this, the CLI had code to check for an empty `Status` (error message)
in which case the error would be "ignored" (and only used for the exit-status),
and the `reportError` utility would be used to manually print a custom error
message before returning the error.
Now that bca2090061 fixed the output format
of `cli.StatusError`, and 3dd6fc365d and
350a0b68a9 no longer discard these error,
we can get rid of this utility, and just set the error-message for
the status-error.
This patch:
- Introduces a `withHelp` which takes care of decorating errors with
a "Run --help" hint for the user.
- Introduces a `toStatusError` utility that detects certain errors in
the container to assign a corresponding exit-code (these error-codes
can be used to distinguish "client" errors from "container" errors).
- Removes the `reportError` utility, and removes code that manually
printed errors before returning.
Behavior is mostly unmodified, with the exception of some slight reformatting
of the errors:
- `withHelp` adds a `docker:` prefix to the error, to indicate the error
is produced by the `docker` command. This prefix was already present
in most cases.
- The "--help" hint is slightly updated ("Run 'docker run --help' for
more information" instead of "See 'docker run --help'"), to make it
more clear that it's a "call to action".
- An empty is added before the "--help" hint to separate it better from
the error-message.
Before this patch:
$ docker run --pull=invalid-option alpine
docker: invalid pull option: 'invalid-option': must be one of "always", "missing" or "never".
See 'docker run --help'.
$ echo $?
125
$ docker run --rm alpine nosuchcommand
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "nosuchcommand": executable file not found in $PATH: unknown.
$ echo $?
127
With this patch:
$ docker run --pull=invalid-option alpine
docker: invalid pull option: 'invalid-option': must be one of "always", "missing" or "never"
Run 'docker run --help' for more information
$ echo $?
125
$ docker run --rm alpine nosuchcommand
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "nosuchcommand": executable file not found in $PATH: unknown.
Run 'docker run --help' for more information
$ echo $?
127
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When trying to use an invalid flag, the CLI currently prints the a short
error message, instructions to use the `--help` flag to learn about the
correct usage, followed by the command's usage output.
While this is a common convention, and may have been a nice gesture when
docker was still young and only had a few commands and options ("you did
something wrong, but here's an overview of what you can use"), that's no
longer the case, and many commands have a _very_ long output.
The result of this is that the error message, which is the relevant
information in this case - "You mis-typed something" - is lost in the
output, and hard to find (sometimes even requiring scrolling back).
The output is also confusing, because it _looks_ like something ran
successfully (most of the output is not about the error!).
Even further; the suggested resolution (try `--help` to see the correct
options) is rather redundant, because running teh command with `--help`
produces _exactly_ the same output as was just showh, baring the error
message. As a fun fact, due to the usage output being printed, the
output even contains not one, but _two_ "call to actions";
- `See 'docker volume --help'.` (under the erro message)
- `Run 'docker volume COMMAND --help' for more information on a command.`
(under the usage output)
In short; the output is too verbose, confusing, and doesn't provide
a good UX. Let's reduce the output produced so that the focus is on the
important information.
This patch:
- Changes the usage to the short-usage.
- Prefixes the error message with the binary / root-command name
(usually `docker:`) to be consistent with `unknon command`, and helps
to distinguish where the message originated from (the `docker` CLI in
this case).
- Adds an empty line between the error-message and the "call to action"
(`Run 'docker volume --help' ...` in the example below). This helps
separating the error message ("unkown flag") from the call-to-action.
Before this patch:
docker volume --no-such-flag
unknown flag: --no-such-flag
See 'docker volume --help'.
Usage: docker volume COMMAND
Manage volumes
Commands:
create Create a volume
inspect Display detailed information on one or more volumes
ls List volumes
prune Remove unused local volumes
rm Remove one or more volumes
update Update a volume (cluster volumes only)
Run 'docker volume COMMAND --help' for more information on a command.
With this patch:
docker volume --no-such-flag
docker: unknown flag: --no-such-flag
Usage: docker volume COMMAND
Run 'docker volume --help' for more information
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
With this patch:
docker run --volumes-from amazing_nobel
amazing_cannon boring_wozniak determined_banzai
elegant_solomon reverent_booth amazing_nobel
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
registerCompletionFuncForGlobalFlags was called from newDockerCommand,
at which time no context-store is initialized yet, so it would return
a nil value, probably resulting in `store.Names` to panic, but these
errors are not shown when running the completion. As a result, the flag
completion would fall back to completing from filenames.
This patch changes the function to dynamically get the context-store;
this fixes the problem mentioned above, because at the time the completion
function is _invoked_, the CLI is fully initialized, and does have a
context-store available.
A (non-exported) interface is defined to allow the function to accept
alternative implementations (not requiring a full command.DockerCLI).
Before this patch:
docker context create one
docker context create two
docker --context <TAB>
.DS_Store .idea/ Makefile
.dockerignore .mailmap build/
...
With this patch:
docker context create one
docker context create two
docker --context <TAB>
default one two
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
"docker run" and "docker create" are mostly identical, so we can copy
the same completion functions,
We could possibly create a utility for this (similar to `addFlags()` which
configures both commands with the flags they share). I considered combining
his with `addFlags()`, but that utility is also used in various tests, in
which we don't need this feature, so keeping that for a future exercise.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's an alias for cobra.FixedCompletions but takes a variadic list
of strings, so that it's not needed to construct an array for this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
EnvVarNames offers completion for environment-variable names. This
completion can be used for "--env" and "--build-arg" flags, which
allow obtaining the value of the given environment-variable if present
in the local environment, so we only should complete the names of the
environment variables, and not their value. This also prevents the
completion script from printing values of environment variables
containing sensitive values.
For example;
export MY_VAR=hello
docker run --rm --env MY_VAR alpine printenv MY_VAR
hello
Before this patch:
docker run --env GO
GO111MODULE=auto GOLANG_VERSION=1.21.12 GOPATH=/go GOTOOLCHAIN=local
With this patch:
docker run --env GO<tab>
GO111MODULE GOLANG_VERSION GOPATH GOTOOLCHAIN
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is just a convenience function to allow defining completion to
use the default (complete with filenames and directories).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
No changes in vendored files. This one got out of sync with the other modules
from the same repository.
full diff: d307bd883b...49dd2c1f3d
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a "completion" target to install the generated completion
scripts inside the dev-container. As generating this script
depends on the docker binary, it calls "make binary" first.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's not initialized, because there's no `docker` command installed
by default, but at least this makes sure that the basics are present
for testing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This allows dockerMain() to return an error "as usual", and puts the
responsibility for turning that into an appropriate exit-code in
main() (which also sets the exit-code when terminating).
We could consider putting this utility in the cli package and exporting
it if would be useful for doing a similar handling in plugins.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The logic in this function is confusing; let's start make it obvious where
the error that is returned is produced,
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This confused me fore a bit, because I thought the test was checking for
an actual `context.Canceled` error (which is spelled "context canceled"
with a single "l". But then I found that this was a string that's printed
as part of a test-utility, just looking very similar but with the British
spelling ("cancelled").
Let's change this to a message that's unique for the test, also to make it
more grep'able.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Improve the output for these validation errors:
- Removes the short command description from the output. This information
does not provide much useful help, and distracts from the error message.
- Reduces punctuation, and
- Prefixes the error message with the binary / root-command name
(usually `docker:`) to be consistent with other similar errors.
- Adds an empty line between the error-message and the "call to action"
(`Run 'docker volume --help'...` in the example below). This helps
separating the error message and "usage" from the call-to-action.
Before this patch:
$ docker volume ls one two three
"docker volume ls" accepts no arguments.
See 'docker volume ls --help'.
Usage: docker volume ls [OPTIONS]
List volumes
$ docker volume create one two three
"docker volume create" requires at most 1 argument.
See 'docker volume create --help'.
Usage: docker volume create [OPTIONS] [VOLUME]
Create a volume
With this patch:
$ docker volume ls one two three
docker: 'docker volume ls' accepts no arguments
Usage: docker volume ls [OPTIONS]
Run 'docker volume ls --help' for more information
$ docker voludocker volume create one two three
docker: 'docker volume create' requires at most 1 argument
Usage: docker volume create [OPTIONS] [VOLUME]
SRun 'docker volume create --help' for more information
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this patch, output for invalid top-level and sub-commands differed.
For top-level commands, the CLI would print an error-message and a suggestion
to use `--help`. For missing *subcommands*, we would hit a different code-path,
and different output, which includes full "usage" / "help" output.
While it is a common convention to show usage output, and may have been
a nice gesture when docker was still young and only had a few commands
and options ("you did something wrong; here's an overview of what you
can use"), that's no longer the case, and many commands have a _very_
long output.
The result of this is that the error message, which is the relevant
information in this case - "You mis-typed something" - is lost in the
output, and hard to find (sometimes even requiring scrolling back).
The output is also confusing, because it _looks_ like something ran
successfully (most of the output is not about the error!).
Even further; the suggested resolution (try `--help` to see the correct
options) is rather redundant, because running teh command with `--help`
produces _exactly_ the same output as was just showh, baring the error
message. As a fun fact, due to the usage output being printed, the
output even contains not one, but _two_ "call to actions";
- `See 'docker volume --help'.` (under the erro message)
- `Run 'docker volume COMMAND --help' for more information on a command.`
(under the usage output)
In short; the output is too verbose, confusing, and doesn't provide
a good UX. Let's reduce the output produced so that the focus is on the
important information.
This patch:
- Changes the usage to the short-usage.
- Changes the error-message to mention the _full_ command instead of only
the command after `docker` (so `docker no-such-command` instead of
`no-such-command`).
- Prefixes the error message with the binary / root-command name
(usually `docker:`); this is something we can still decide on, but
it's a pattern we already use in some places. The motivation for this
is that `docker` commands can often produce output that's a combination
of output from the CLI itself, output from the daemon, and even output
from the container. The `docker:` prefix helps to distinguish where
the message originated from (the `docker` CLI in this case).
- Adds an empty line between the error-message and the "call to action"
(`Run 'docker volume --help'...` in the example below). This helps
separating the error message ("unkown flag") from the call-to-action.
Before this patch:
Unknown top-level command:
docker nosuchcommand foo
docker: 'nosuchcommand' is not a docker command.
See 'docker --help'
Unknown sub-command:
docker volume nosuchcommand foo
Usage: docker volume COMMAND
Manage volumes
Commands:
create Create a volume
inspect Display detailed information on one or more volumes
ls List volumes
prune Remove unused local volumes
rm Remove one or more volumes
update Update a volume (cluster volumes only)
Run 'docker volume COMMAND --help' for more information on a command.
After this patch:
Unknown top-level command:
docker nosuchcommand foo
docker: unknown command: docker nosuchcommand
Run 'docker --help' for more information
Unknown sub-command:
docker volume nosuchcommand foo
docker: unknown command: 'docker volume nosuchcommand'
Usage: docker volume COMMAND
Run 'docker volume --help' for more information
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This error didn't do a great job at formatting. If a StatusError was
produced without a Status message, it would print a very non-informative
error, with information missing.
Let's update the output:
- If a status-message is provided; print just that (after all the
status code is something that can be found from the shell, e.g.
through `echo $?` in Bash).
- If no status-message is provided: print a message more similar to
Go's `exec.ExecError`, which uses `os.rocessState.String()` (see [1]).
Before this patch, an error without custom status would print:
Status: , Code: 2
After this patch:
exit status 2
In situations where a custom error-message is provided, the error-message
is print as-is, whereas before this patch, the message got combined with
the `Status:` and `Code:`, which resulted in some odd output.
Before this patch:
docker volume --no-such-flag
Status: unknown flag: --no-such-flag
See 'docker volume --help'.
Usage: docker volume COMMAND
Manage volumes
Commands:
create Create a volume
inspect Display detailed information on one or more volumes
ls List volumes
prune Remove unused local volumes
rm Remove one or more volumes
update Update a volume (cluster volumes only)
Run 'docker volume COMMAND --help' for more information on a command.
, Code: 125
With this patch, the error is shown as-is;
docker volume --no-such-flag
unknown flag: --no-such-flag
See 'docker volume --help'.
Usage: docker volume COMMAND
Manage volumes
Commands:
create Create a volume
inspect Display detailed information on one or more volumes
ls List volumes
prune Remove unused local volumes
rm Remove one or more volumes
update Update a volume (cluster volumes only)
Run 'docker volume COMMAND --help' for more information on a command.
While the exit-code is no longer printed, it's still properly handled;
echo $?
125
[1]: 82c14346d8/src/os/exec_posix.go (L107-L135)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Trying to make the logic slightly clearer, and adding a custom
message for the skip,
Before this:
=== RUN TestSplitCpArg/absolute_path_with_drive
cp_test.go:184: tc.os == "windows" && runtime.GOOS != "windows" || tc.os == "linux" && runtime.GOOS == "windows"
After this:
=== RUN TestSplitCpArg/absolute_path_with_drive
cp_test.go:184: skipping windows test on non-windows platform
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Introduce a (non-exported) ipamOptions that collects all options for
creating a network.IPAM, so that this utility is more atomic (potentially
even could be moved to a separate package and exported).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This makes a quick pass through our tests;
Discard output/err
----------------------------------------------
Many tests were testing for error-conditions, but didn't discard output.
This produced a lot of noise when running the tests, and made it hard
to discover if there were actual failures, or if the output was expected.
For example:
=== RUN TestConfigCreateErrors
Error: "create" requires exactly 2 arguments.
See 'create --help'.
Usage: create [OPTIONS] CONFIG file|- [flags]
Create a config from a file or STDIN
Error: "create" requires exactly 2 arguments.
See 'create --help'.
Usage: create [OPTIONS] CONFIG file|- [flags]
Create a config from a file or STDIN
Error: error creating config
--- PASS: TestConfigCreateErrors (0.00s)
And after discarding output:
=== RUN TestConfigCreateErrors
--- PASS: TestConfigCreateErrors (0.00s)
Use sub-tests where possible
----------------------------------------------
Some tests were already set-up to use test-tables, and even had a usable
name (or in some cases "error" to check for). Change them to actual sub-
tests. Same test as above, but now with sub-tests and output discarded:
=== RUN TestConfigCreateErrors
=== RUN TestConfigCreateErrors/requires_exactly_2_arguments
=== RUN TestConfigCreateErrors/requires_exactly_2_arguments#01
=== RUN TestConfigCreateErrors/error_creating_config
--- PASS: TestConfigCreateErrors (0.00s)
--- PASS: TestConfigCreateErrors/requires_exactly_2_arguments (0.00s)
--- PASS: TestConfigCreateErrors/requires_exactly_2_arguments#01 (0.00s)
--- PASS: TestConfigCreateErrors/error_creating_config (0.00s)
PASS
It's not perfect in all cases (in the above, there's duplicate "expected"
errors, but Go conveniently adds "#01" for the duplicate). There's probably
also various tests I missed that could still use the same changes applied;
we can improve these in follow-ups.
Set cmd.Args to prevent test-failures
----------------------------------------------
When running tests from my IDE, it compiles the tests before running,
then executes the compiled binary to run the tests. Cobra doesn't like
that, because in that situation `os.Args` is taken as argument for the
command that's executed. The command that's tested now sees the test-
flags as arguments (`-test.v -test.run ..`), which causes various tests
to fail ("Command XYZ does not accept arguments").
# compile the tests:
go test -c -o foo.test
# execute the test:
./foo.test -test.v -test.run TestFoo
=== RUN TestFoo
Error: "foo" accepts no arguments.
The Cobra maintainers ran into the same situation, and for their own
use have added a special case to ignore `os.Args` in these cases;
https://github.com/spf13/cobra/blob/v1.8.1/command.go#L1078-L1083
args := c.args
// Workaround FAIL with "go test -v" or "cobra.test -test.v", see #155
if c.args == nil && filepath.Base(os.Args[0]) != "cobra.test" {
args = os.Args[1:]
}
Unfortunately, that exception is too specific (only checks for `cobra.test`),
so doesn't automatically fix the issue for other test-binaries. They did
provide a `cmd.SetArgs()` utility for this purpose
https://github.com/spf13/cobra/blob/v1.8.1/command.go#L276-L280
// SetArgs sets arguments for the command. It is set to os.Args[1:] by default, if desired, can be overridden
// particularly useful when testing.
func (c *Command) SetArgs(a []string) {
c.args = a
}
And the fix is to explicitly set the command's args to an empty slice to
prevent Cobra from falling back to using `os.Args[1:]` as arguments.
cmd := newSomeThingCommand()
cmd.SetArgs([]string{})
Some tests already take this issue into account, and I updated some tests
for this, but there's likely many other ones that can use the same treatment.
Perhaps the Cobra maintainers would accept a contribution to make their
condition less specific and to look for binaries ending with a `.test`
suffix (which is what compiled binaries usually are named as).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.12+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.11...go1.21.12
These minor releases include 1 security fixes following the security policy:
net/http: denial of service due to improper 100-continue handling
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Thanks to Geoff Franks for reporting this issue.
This is CVE-2024-24791 and Go issue https://go.dev/issue/67555.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.12
**- Description for the changelog**
```markdown changelog
Update Go runtime to 1.21.12
```
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Move common flag descriptions to the buildx build reference, and make
that page the canonical page in docs. Also rewrite some content in
image_build to make clear that this page is only for the legacy builder.
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This code was updated in 7b9580df51, which
removed support for using kubernetes as orchestrator, but in doing so
made this `sort.Slice` (probably) not do what it was expected to do ':)
index 412cc2e5ee86..861ae1be2fb9 100644
@@ -75,8 +54,7 @@ func format(dockerCli command.Cli, opts options.List, orchestrator command.Orche
}
sort.Slice(stacks, func(i, j int) bool {
return sortorder.NaturalLess(stacks[i].Name, stacks[j].Name) ||
- !sortorder.NaturalLess(stacks[j].Name, stacks[i].Name) &&
- sortorder.NaturalLess(stacks[j].Namespace, stacks[i].Namespace)
+ !sortorder.NaturalLess(stacks[j].Name, stacks[i].Name)
})
return formatter.StackWrite(stackCtx, stacks)
}
The extra condition was added in 84241cc393
to support multiple namespaces. This patch removes it, bringing it back to
the state it was before that commit.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Add a case-folding version of Natural sort order
This can be used to perform case-insensitive comparisons and sorting.
It's been placed in a separate sub-package because it requires the Unicode
tables in the standard library, which can add significantly to binary size.
full diff: https://github.com/fvbommel/sortorder/compare/v1.0.2...v1.1.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
There's some consumers of the config package that don't need any of the
other parts of the code, but because of the pkg/homedir were now forced
to also depend on docker/docker.
This patch introduces a local copy of the function to prevent this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a mention of the feature being disabled by default, and
the DOCKERD_DEPRECATED_GRAPHDRIVER_PLUGINS env-var.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit 6fef143dbc switched the CLI to use
BuildKit by default, but as part of that removed the use of the
BuildkitVersion field as returned by Ping.
Some follow-up changes in commits e38e6c51ff and
e7a8748b93 updated the logic for detecting whether
BuildKit should be used or the legacy builder, but hard-coded using the
legacy builder for Windows daemons.
While Windows / WCOW does not yet support BuildKit by default, there is
work in progress to implement it, so we should not hard-code the assumption
that a Windows daemon cannot support BuildKit.
On the daemon-side, [moby@7b153b9] (Docker v23.0) changed the default as
advertised by the daemon to be BuildKit for Linux daemons. That change
still hardcoded BuildKit to be unsupported for Windows daemons (and does
not yet allow overriding the config), but this may change for future
versions of the daemon, or test-builds.
This patch:
- Re-introduces checks for the BuildkitVersion field in the "Ping" response.
- If the Ping response from the daemon advertises that it supports BuildKit,
the CLI will now use BuildKit as builder.
- If we didn't get a Ping response, or the Ping response did NOT advertise
that the daemon supported BuildKit, we continue to use the current
defaults (BuildKit for Linux daemons, and the legacy builder for Windows)
- Handling of the DOCKER_BUILDKIT environment variable is unchanged; for
CLI.BuildKitEnabled, DOCKER_BUILDKIT always takes precedence, and for
processBuilder the value is taken into account, but will print a warning
when BuildKit is disabled and a Linux daemon is used. For Windows daemons,
no warning is printed.
[moby@7b153b9]: 7b153b9e28
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add some documentation about their purpose, and document order of preference
when resolving plugins.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This file is only used as default if no version is specified. We
should probably get rid of this, but let's update it to better
reflect the version that developer builds are building.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this:
make shell
make -C ./internal/gocompat/
...
GO111MODULE=on go test -v
# github.com/docker/cli/cli/command/image
../../cli/command/image/push.go:177:62: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)
FAIL gocompat [build failed]
make: *** [Makefile:3: verify] Error 1
make: Leaving directory '/go/src/github.com/docker/cli/internal/gocompat'
After this patch:
make shell
make -C ./internal/gocompat/
...
GO111MODULE=on go test -v
=== RUN TestModuleCompatibllity
main_test.go:133: all packages have the correct go version specified through //go:build
--- PASS: TestModuleCompatibllity (0.00s)
PASS
ok gocompat 0.007s
make: Leaving directory '/go/src/github.com/docker/cli/internal/gocompat'
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit 27b2797f7d added a local implementation
of this function, so let's use the local variant to (slightly) reduce the
dependency on moby's registry package.
Also made some minor cleanups.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Since 509123f935, we've been leaking sockets
in the filesystem on platforms where abstract sockets aren't supported.
That change relied on Go to cleanup our sockets for us, which Go will happily
do as long as we make sure to close the listener, which we weren't previously
doing unless to signal the plugin to terminate.
This change adds a deferred call to `PluginServer.Close()`, which makes sure we
close the plugin server at the end of the plugin execution, so that we never exit
without cleaning up.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
This wraps the cli stderr stream the same way as stdin and stdout, which
extends the stream with TTY-related methods.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
The `Config` field returned by this endpoint (used for "image inspect") returns
additional fields that are not part of the image's configuration and not part of
the [Docker Image Spec] and the [OCI Image Spec].
These additional fields are included in the response, due to an
implementation detail, where the [api/types.ImageInspec] type used
for the response is using the [container.Config] type.
The [container.Config] type is a superset of the image config, and while the
image's Config is used as a _template_ for containers created from the image,
the additional fields are set at runtime (from options passed when creating
the container) and not taken from the image Config.
These fields are never set (and always return the default value for the type),
but are not omitted in the response when left empty. As these fields were not
intended to be part of the image configuration response, they are deprecated,
and will be removed from the API.
The following fields are currently included in the API response, but
are not part of the underlying image's Config, and deprecated:
- `Hostname`
- `Domainname`
- `AttachStdin`
- `AttachStdout`
- `AttachStderr`
- `Tty`
- `OpenStdin`
- `StdinOnce`
- `Image`
- `NetworkDisabled` (already omitted unless set)
- `MacAddress` (already omitted unless set)
- `StopTimeout` (already omitted unless set)
[Docker image spec]: https://github.com/moby/docker-image-spec/blob/v1.3.1/specs-go/v1/image.go#L19-L32
[OCI Image Spec]: https://github.com/opencontainers/image-spec/blob/v1.1.0/specs-go/v1/config.go#L24-L62
[api/types.ImageInspec]: https://github.com/moby/moby/blob/v26.1.4/api/types/types.go#L87-L104
[container.Config]: https://github.com/moby/moby/blob/v26.1.4/api/types/container/config.go#L47-L82
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/golangci/golangci-lint/compare/v1.55.2...v1.59.0
Updated config to address warnings:
WARN [config_reader] The configuration option `run.skip-files` is deprecated, please use `issues.exclude-files`.
WARN [config_reader] The configuration option `linters.govet.check-shadowing` is deprecated. Please enable `shadow` instead, if you are not using `enable-all`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Looks like it's broken, so use a blanket "nolint:gosec" instead;
cli/command/image/build/context.go:238:17: G107: Potential HTTP request made with variable url (gosec)
if resp, err = http.Get(url); err != nil {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/registry/client/endpoint.go:128:34: fmt.Sprintf can be replaced with string concatenation (perfsprint)
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", th.token))
^
cli/command/telemetry_docker.go:88:14: fmt.Sprintf can be replaced with string concatenation (perfsprint)
endpoint = fmt.Sprintf("unix://%s", path.Join(u.Host, u.Path))
^
cli/command/cli_test.go:195:47: fmt.Sprintf can be replaced with string concatenation (perfsprint)
opts := &flags.ClientOptions{Hosts: []string{fmt.Sprintf("unix://%s", socket)}}
^
cli/command/registry_test.go:59:24: fmt.Sprintf can be replaced with string concatenation (perfsprint)
inputServerAddress: fmt.Sprintf("https://%s", testAuthConfigs[1].ServerAddress),
^
cli/command/container/opts_test.go:338:35: fmt.Sprintf can be replaced with string concatenation (perfsprint)
if config, _, _ := mustParse(t, fmt.Sprintf("--hostname=%s", hostname)); config.Hostname != expectedHostname {
^
cli/command/context/options.go:79:24: fmt.Sprintf can be replaced with string concatenation (perfsprint)
errs = append(errs, fmt.Sprintf("%s: unrecognized config key", k))
^
cli/command/image/build.go:461:68: fmt.Sprintf can be replaced with string concatenation (perfsprint)
line = dockerfileFromLinePattern.ReplaceAllLiteralString(line, fmt.Sprintf("FROM %s", reference.FamiliarString(trustedRef)))
^
cli/command/image/remove_test.go:21:9: fmt.Sprintf can be replaced with string concatenation (perfsprint)
return fmt.Sprintf("Error: No such image: %s", n.imageID)
^
cli/command/image/build/context.go:229:102: fmt.Sprintf can be replaced with string concatenation (perfsprint)
progReader := progress.NewProgressReader(response.Body, progressOutput, response.ContentLength, "", fmt.Sprintf("Downloading build context from remote url: %s", remoteURL))
^
cli/command/service/logs.go:215:16: fmt.Sprintf can be replaced with string concatenation (perfsprint)
taskName += fmt.Sprintf(".%s", task.ID)
^
cli/command/service/logs.go:217:16: fmt.Sprintf can be replaced with string concatenation (perfsprint)
taskName += fmt.Sprintf(".%s", stringid.TruncateID(task.ID))
^
cli/command/service/progress/progress_test.go:877:18: fmt.Sprintf can be replaced with string concatenation (perfsprint)
ID: fmt.Sprintf("task%s", nodeID),
^
cli/command/stack/swarm/remove.go:61:24: fmt.Sprintf can be replaced with string concatenation (perfsprint)
errs = append(errs, fmt.Sprintf("Failed to remove some resources from stack: %s", namespace))
^
cli/command/swarm/ipnet_slice_test.go:32:9: fmt.Sprintf can be replaced with string concatenation (perfsprint)
arg := fmt.Sprintf("--cidrs=%s", strings.Join(vals, ","))
^
cli/command/swarm/ipnet_slice_test.go:137:30: fmt.Sprintf can be replaced with string concatenation (perfsprint)
if err := f.Parse([]string{fmt.Sprintf("--cidrs=%s", strings.Join(test.FlagArg, ","))}); err != nil {
^
cli/compose/schema/schema.go:105:11: fmt.Sprintf can be replaced with string concatenation (perfsprint)
return fmt.Sprintf("must be a %s", humanReadableType(expectedType))
^
cli/manifest/store/store.go:165:9: fmt.Sprintf can be replaced with string concatenation (perfsprint)
return fmt.Sprintf("No such manifest: %s", n.object)
^
e2e/image/push_test.go:340:4: fmt.Sprintf can be replaced with string concatenation (perfsprint)
fmt.Sprintf("NOTARY_ROOT_PASSPHRASE=%s", pwd),
^
e2e/image/push_test.go:341:4: fmt.Sprintf can be replaced with string concatenation (perfsprint)
fmt.Sprintf("NOTARY_TARGETS_PASSPHRASE=%s", pwd),
^
e2e/image/push_test.go:342:4: fmt.Sprintf can be replaced with string concatenation (perfsprint)
fmt.Sprintf("NOTARY_SNAPSHOT_PASSPHRASE=%s", pwd),
^
e2e/image/push_test.go:343:4: fmt.Sprintf can be replaced with string concatenation (perfsprint)
fmt.Sprintf("NOTARY_DELEGATION_PASSPHRASE=%s", pwd),
^
e2e/plugin/trust_test.go:23:16: fmt.Sprintf can be replaced with string concatenation (perfsprint)
pluginName := fmt.Sprintf("%s/plugin-content-trust", registryPrefix)
^
e2e/plugin/trust_test.go:53:8: fmt.Sprintf can be replaced with string concatenation (perfsprint)
Out: fmt.Sprintf("Installed plugin %s", pluginName),
^
e2e/trust/revoke_test.go:62:57: fmt.Sprintf can be replaced with string concatenation (perfsprint)
icmd.RunCommand("docker", "tag", fixtures.AlpineImage, fmt.Sprintf("%s:v1", revokeRepo)).Assert(t, icmd.Success)
^
e2e/trust/revoke_test.go:64:49: fmt.Sprintf can be replaced with string concatenation (perfsprint)
icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v1", revokeRepo)),
^
e2e/trust/revoke_test.go:68:58: fmt.Sprintf can be replaced with string concatenation (perfsprint)
icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, fmt.Sprintf("%s:v2", revokeRepo)).Assert(t, icmd.Success)
^
e2e/trust/revoke_test.go:70:49: fmt.Sprintf can be replaced with string concatenation (perfsprint)
icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v2", revokeRepo)),
^
e2e/trust/sign_test.go:36:47: fmt.Sprintf can be replaced with string concatenation (perfsprint)
assert.Check(t, is.Contains(result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.AlpineSha)))
^
e2e/trust/sign_test.go:53:47: fmt.Sprintf can be replaced with string concatenation (perfsprint)
assert.Check(t, is.Contains(result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.BusyboxSha)))
^
e2e/trust/sign_test.go:65:47: fmt.Sprintf can be replaced with string concatenation (perfsprint)
assert.Check(t, is.Contains(result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.AlpineSha)))
^
opts/file.go:21:9: fmt.Sprintf can be replaced with string concatenation (perfsprint)
return fmt.Sprintf("poorly formatted environment: %s", e.msg)
^
opts/hosts_test.go:26:31: fmt.Sprintf can be replaced with string concatenation (perfsprint)
"tcp://host:": fmt.Sprintf("tcp://host:%s", defaultHTTPPort),
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
internal/test/cli.go:175:14: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("no notary client available unless defined")
^
cli/command/cli.go:318:29: fmt.Errorf can be replaced with errors.New (perfsprint)
return docker.Endpoint{}, fmt.Errorf("no context store initialized")
^
cli/command/container/attach.go:161:11: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf(result.Error.Message)
^
cli/command/container/opts.go:577:16: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("--health-start-period cannot be negative")
^
cli/command/container/opts.go:580:16: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("--health-start-interval cannot be negative")
^
cli/command/container/stats.go:221:11: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("filtering is not supported when specifying a list of containers")
^
cli/command/container/attach_test.go:82:17: fmt.Errorf can be replaced with errors.New (perfsprint)
expectedErr = fmt.Errorf("unexpected error")
^
cli/command/container/create_test.go:234:40: fmt.Errorf can be replaced with errors.New (perfsprint)
return container.CreateResponse{}, fmt.Errorf("shouldn't try to pull image")
^
cli/command/container/list_test.go:150:17: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("error listing containers")
^
cli/command/container/rm_test.go:40:31: fmt.Errorf can be replaced with errors.New (perfsprint)
return errdefs.NotFound(fmt.Errorf("Error: no such container: " + container))
^
cli/command/container/run_test.go:138:40: fmt.Errorf can be replaced with errors.New (perfsprint)
return container.CreateResponse{}, fmt.Errorf("shouldn't try to pull image")
^
cli/command/image/pull_test.go:115:49: fmt.Errorf can be replaced with errors.New (perfsprint)
return io.NopCloser(strings.NewReader("")), fmt.Errorf("shouldn't try to pull image")
^
cli/command/network/connect.go:88:16: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("invalid key/value pair format in driver options")
^
cli/command/plugin/create_test.go:96:11: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("Error creating plugin")
^
cli/command/plugin/disable_test.go:32:12: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("Error disabling plugin")
^
cli/command/plugin/enable_test.go:32:12: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("failed to enable plugin")
^
cli/command/plugin/inspect_test.go:55:22: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, nil, fmt.Errorf("error inspecting plugin")
^
cli/command/plugin/install_test.go:43:17: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("Error installing plugin")
^
cli/command/plugin/install_test.go:51:17: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("(image) when fetching")
^
cli/command/plugin/install_test.go:95:17: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("should not try to install plugin")
^
cli/command/plugin/list_test.go:35:41: fmt.Errorf can be replaced with errors.New (perfsprint)
return types.PluginsListResponse{}, fmt.Errorf("error listing plugins")
^
cli/command/plugin/remove_test.go:27:12: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("Error removing plugin")
^
cli/command/registry/login_test.go:36:46: fmt.Errorf can be replaced with errors.New (perfsprint)
return registrytypes.AuthenticateOKBody{}, fmt.Errorf("Invalid Username or Password")
^
cli/command/registry/login_test.go:44:46: fmt.Errorf can be replaced with errors.New (perfsprint)
return registrytypes.AuthenticateOKBody{}, fmt.Errorf(errUnknownUser)
^
cli/command/system/info.go:190:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("errors pretty printing info")
^
cli/command/system/prune.go:77:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf(`ERROR: The "until" filter is not supported with "--volumes"`)
^
cli/command/system/version_test.go:19:28: fmt.Errorf can be replaced with errors.New (perfsprint)
return types.Version{}, fmt.Errorf("no server")
^
cli/command/trust/key_load.go:112:22: fmt.Errorf can be replaced with errors.New (perfsprint)
return []byte{}, fmt.Errorf("could not decrypt key")
^
cli/command/trust/revoke.go:44:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("cannot use a digest reference for IMAGE:TAG")
^
cli/command/trust/revoke.go:105:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("no signed tags to remove")
^
cli/command/trust/signer_add.go:56:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("releases is a reserved keyword, please use a different signer name")
^
cli/command/trust/signer_add.go:60:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("path to a public key must be provided using the `--key` flag")
^
opts/config.go:71:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("source is required")
^
opts/mount.go:168:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("type is required")
^
opts/mount.go:172:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("target is required")
^
opts/network.go:90:11: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("network name/id is not specified")
^
opts/network.go:129:18: fmt.Errorf can be replaced with errors.New (perfsprint)
return "", "", fmt.Errorf("invalid key value pair format in driver options")
^
opts/opts.go:404:13: fmt.Errorf can be replaced with errors.New (perfsprint)
return 0, fmt.Errorf("value is too precise")
^
opts/opts.go:412:18: fmt.Errorf can be replaced with errors.New (perfsprint)
return "", "", fmt.Errorf("empty string specified for links")
^
opts/parse.go:84:37: fmt.Errorf can be replaced with errors.New (perfsprint)
return container.RestartPolicy{}, fmt.Errorf("invalid restart policy format: no policy provided before colon")
^
opts/parse.go:89:38: fmt.Errorf can be replaced with errors.New (perfsprint)
return container.RestartPolicy{}, fmt.Errorf("invalid restart policy format: maximum retry count must be an integer")
^
opts/port.go:105:13: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("hostip is not supported")
^
opts/secret.go:70:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("source is required")
^
opts/env_test.go:57:11: fmt.Errorf can be replaced with errors.New (perfsprint)
err: fmt.Errorf("invalid environment variable: =a"),
^
opts/env_test.go:93:11: fmt.Errorf can be replaced with errors.New (perfsprint)
err: fmt.Errorf("invalid environment variable: ="),
^
cli-plugins/manager/error_test.go:16:11: fmt.Errorf can be replaced with errors.New (perfsprint)
inner := fmt.Errorf("testing")
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Rename some variables to prevent shadowing and for clarity.
Also made some minor formatting changes.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These are endpoint-specific driver options...
services:
myservice:
image: myimage
networks:
mynet:
driver_opts:
"option1": "value1"
The API has had support for a long time, it's only recently been
added to compose (unreleased right now).
Signed-off-by: Rob Murray <rob.murray@docker.com>
The API field `EnableIPv6` was marked as optional in our Swagger docs,
and its default value in the Go client came from that field being a
bool, thus defaulting to its zero value. That's not the case anymore.
This field is now a `*bool` as to let daemon's config define the default
value. IPv6 can still be enabled / disabled by explicitly specifying the
`--ipv6` flag when doing `docker network create`.
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
github.com/mitchellh/mapstructure will no longer be maintained by the author,
and github.com/go-viper/mapstructure is nominated as the endorsed fork.
- v1.x changes since last release from mitchellh: https://github.com/go-viper/mapstructure/compare/v1.5.0...v1.6.0
- v2.0 changes: https://github.com/go-viper/mapstructure/compare/v1.6.0...v2.0.0
Breaking changes
Error is removed in favor of errors.Join (backported from Go 1.20 to preserve
compatibility with earlier versions)
What's Changed
- feat!: update module path
- build: update dev env
- feature: add StringToBasicTypeHookFunc and support complex
- Add an example showing how to use a DecodeHookFunc to parse a custom field.
- Remove exposed error type
- Replace internal joined error with errors.Join
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.21.11 (released 2024-06-04) includes security fixes to the archive/zip
and net/netip packages, as well as bug fixes to the compiler, the go command,
the runtime, and the os package. See the Go 1.21.11 milestone on our issue
tracker for details;
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.11+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.10...go1.21.11
From the security announcement;
We have just released Go versions 1.22.4 and 1.21.11, minor point releases.
These minor releases include 2 security fixes following the security policy:
- archive/zip: mishandling of corrupt central directory record
The archive/zip package's handling of certain types of invalid zip files
differed from the behavior of most zip implementations. This misalignment
could be exploited to create an zip file with contents that vary depending
on the implementation reading the file. The archive/zip package now rejects
files containing these errors.
Thanks to Yufan You for reporting this issue.
This is CVE-2024-24789 and Go issue https://go.dev/issue/66869.
- net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected
for IPv4-mapped IPv6 addresses, returning false for addresses which would
return true in their traditional IPv4 forms.
Thanks to Enze Wang of Alioth and Jianjun Chen of Zhongguancun Lab
for reporting this issue.
This is CVE-2024-24790 and Go issue https://go.dev/issue/67680.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The completion functions only need the API-client, and not all of
the CLI. However, passing the API-client as argument would mean
that the API-client is initialized early, which may not be what
we want, so instead, defining an APIClientProvider interface to
preserve the behavior of initializing when needed only.
While updating, also simplify stack.format to only require an
io.Writer.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: twelsh-aw <84401379+twelsh-aw@users.noreply.github.com>
Keep pinging desired individuals for certain changes, but allow others to keep reviewing in accordance with org Branch Protection rules
(note: runtime-owners team has notifications disabled)
- Fix compatibility with go1.22
- fileinfo: internally fix FileBasicInfo memory alignment (fixes compatibility
with go1.22)
- Switch from syscall to golang.org/x/sys/windows
- Remove golang.org/x/mod as dependency
- Remove golang.org/x/tools as dependency
full diff: https://github.com/Microsoft/go-winio/compare/v0.6.1...v0.6.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Docker Desktop currently ships with the "cloud integration" wrapper,
which outputs an additional ContextType field in the JSON output.
While this field is non-standard, it made its way into Visual Studio's
Docker integration, which uses this to exclude "aci" and "eci" context
types that are not supported by Visual Studio.
This patch;
- conditionally adds a ContextType field to the JSON output
- but ONLY when using the default "{{json .}}" or "json" formats
(which are the formats used by Visual Studio)
- if the context is a "aci" or "eci" context, that type is
preserved, otherwise the default "moby" type is used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The CLI does not currently expose options to add custom metadata to
contexts, but contexts support them.
- update test-utilities to allow setting custom metadata
- update the inspect test to verify that custom metadata is included
when inspecting a context.
- update the import/export tests to verify that custom metadata
is preserved.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The github.com/containerd/containerd/platforms package was moved to a separate
module in preparation of the containerd v2.0 release.
Switch to the new module, which means we also remove containerd as a direct
dependency.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The output showed the Alpine version that was used for the example,
which can get outdated and distracts from the example steps.
Use --quiet to reduce the output, and to reduce maintenance (i.e.,
no need to keep the output updated with current versions).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When attempting to load a config-file that exists, but is not accessible for
the current user, we should not discard the error.
This patch makes sure that the error is returned by Load(), but does not yet
change LoadDefaultConfigFile, as this requires a change in signature.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This may need further discussion, but we currently handle dangling
symlinks gracefully, so let's add a test for this, and verify that
we don't replace symlinks with a file.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The "--rm" flag deletes both the container and any anonymous volumes
associated with the container when the container exits.
This patch updates the flag description to also mention volumes.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Don't show `Next steps:` with no messages at all when plugin returns an
unitialized value of `HookMessage` (zero-initialization sets its type to
NextSteps and empty template).
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Support for connecting more than one network using the container run
command was added in v25.0 for API > 1.44 - describe that in the docs.
Signed-off-by: Rob Murray <rob.murray@docker.com>
The test didn't do anything useful...
- Despite its name it used newCreateCommand() instead of
newConnectCommand() with create flags/options instead of connect.
- There was no fake networkCreateFunc(), so the result of the 'connect'
wasn't checked.
- The fake networkConnectFunc() was never called, so didn't spot the
problem.
Signed-off-by: Rob Murray <rob.murray@docker.com>
These minor releases include 2 security fixes following the security policy:
- cmd/go: arbitrary code execution during build on darwin
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to
usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
Thanks to Juho Forsén of Mattermost for reporting this issue.
This is CVE-2024-24787 and Go issue https://go.dev/issue/67119.
- net: malformed DNS message can cause infinite loop
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
Thanks to long-name-let-people-remember-you on GitHub for reporting this issue, and to Mateusz Poliwczak for bringing the issue to
our attention.
This is CVE-2024-24788 and Go issue https://go.dev/issue/66754.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.3
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.10+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.9...go1.21.10
**- Description for the changelog**
```markdown changelog
Update Go runtime to 1.21.10
```
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
actions/setup-go was trying to use caching, and produced a warning
because it expects a `go.mod` / `go.sum`;
Run actions/setup-go@v5
with:
go-version: 1.21
check-latest: false
token: ***
cache: true
env:
DISABLE_WARN_OUTSIDE_CONTAINER: 1
Setup go version spec 1.21
Found in cache @ /opt/hostedtoolcache/go/1.21.9/x64
Added go to the path
Successfully set up Go version 1.21
/opt/hostedtoolcache/go/1.21.9/x64/bin/go env GOMODCACHE
/opt/hostedtoolcache/go/1.21.9/x64/bin/go env GOCACHE
/home/runner/go/pkg/mod
/home/runner/.cache/go-build
Warning: Restore cache failed: Dependencies file is not found in /home/runner/work/cli/cli. Supported file pattern: go.sum
go version go1.21.9 linux/amd64
While our regular builds would use a containerised flow, CodeQL's autobuild
does not, and also doesn't seem to use our vendor directory (?) so for this
one it's probably fine to let it use some caching.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before, for plugin commands, only the plugin name (such as `buildx`)
would be both included as `RootCmd` when passed to the hook plugin,
which isn't enough information for a plugin to decide whether to execute
a hook or not since plugins implement multiple varied commands (`buildx
build`, `buildx prune`, etc.).
This commit changes the hook logic to account for this situation, so
that the the entire configured hook is passed, i.e., if a user has a
hook configured for `buildx imagetools inspect` and the command
`docker buildx imagetools inspect alpine` is called, then the plugin
hooks will be passed `buildx imagetools inspect`.
This logic works for aliased commands too, so whether `docker build ...`
or `docker buildx build` is executed (unless Buildx is disabled) the
hook will be invoked with `buildx build`.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
hooks: include full match when invoking plugins
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
This will make Github render the log line as an error.
(copied from moby/moby fb92caf2aa6cf3664e11dc06ee10d114af300826)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Any PR that is labeled with any `impact/*` label should have a
description for the changelog and an `area/*` label.
(copied from moby/moby 1d473549e865ef6b90ee936c280f4bda677de39b)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
During normal plugin execution (from the CLI), the CLI configures the
plugin command it's about to execute in order to pass all environment
variables on, as well as to set the ReExec env var that informs the
plugin about how it was executed, and which plugins rely on to check
whether they are being run standalone or not.
This commit adds the same behavior to hook invocations, which is
necessary for some plugins to know that they are not running standalone
so that they expose their root command at the correct level.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Particularly for cases such as `docker exec -it`, it's relevant that the CLI
still executes hooks even if the exec exited with a non-zero exit code,
since this is can be part of a normal `docker exec` invocation depending on
how the user exits.
In the future, this might also be interesting to allow plugins to run
hooks after an error so they can offer error-state recovery suggestions,
although this would require additional work to give the plugin more
information about the failed execution.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Document feature option 'windows-dns-proxy', which can be used to
enable or disable forwarding of DNS requests from the daemon's
internal resolver to external servers.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Before this commit, the CLI binary in `dockereng/cli-bin` image was
named `docker` regardless of platform.
Change the binary name to `docker.exe` in Windows images.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
full diff: https://github.com/golang/net/compare/v0.22.0...v0.23.0
Includes a fix for CVE-2023-45288, which is also addressed in go1.22.2
and go1.21.9;
> http2: close connections when receiving too many headers
>
> Maintaining HPACK state requires that we parse and process
> all HEADERS and CONTINUATION frames on a connection.
> When a request's headers exceed MaxHeaderBytes, we don't
> allocate memory to store the excess headers but we do
> parse them. This permits an attacker to cause an HTTP/2
> endpoint to read arbitrary amounts of data, all associated
> with a request which is going to be rejected.
>
> Set a limit on the amount of excess header frames we
> will process before closing a connection.
>
> Thanks to Bartek Nowotarski for reporting this issue.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit adds a "terminal" attribute to `BaseMetricAttributes`
that allows us to discern whether an invocation was from an interactive
terminal or not.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
This adds a default otel error handler for the cli in the debug package.
It uses logrus to log the error on the debug level and should work out
of the box with the `--debug` flag and `DEBUG` environment variable.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
This is needed because the project does not have a `go.mod` file and
gets sent to go 1.16 semantics whenever it's imported by another project
and `any` doesn't exist in go 1.16, but the linter requires us to use
`any` here.
Setting the `go:build` tag forces the per-file language to the go
version specified.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
This adds the code used by buildx and compose into the default CLI
program to help normalize the usage of these APIs and allow code reuse
between projects. It also allows these projects to benefit from
improvements or changes that may be made by another team.
At the moment, these APIs are a pretty thin layer on the OTEL SDK. It
configures an additional exporter to a docker endpoint that's used for
usage collection and is only active if the option is configured in
docker desktop.
This also upgrades the OTEL version to v1.19 which is the one being used
by buildkit, buildx, compose, etc.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
This changes things to rely on a plugin server that manages all
connections made to the server.
An optional handler can be passed into the server when the caller wants
to do extra things with the connection.
It is the caller's responsibility to close the server.
When the server is closed, first all existing connections are closed
(and new connections are prevented).
Now the signal loop only needs to close the server and not deal with
`net.Conn`'s directly (or double-indirects as the case was before this
change).
The socket, when present in the filesystem, is no longer unlinked
eagerly, as reconnections require it to be present for the lifecycle of
the plugin server.
Co-authored-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
CodeQL autobuild uses the makefile, but outside of a container, so let's
set this variable to prevent it having to wait 10 seconds;
Use "make dev" to start an interactive development container,
use "make -f docker.Makefile " to execute this target
in a container, or set DISABLE_WARN_OUTSIDE_CONTAINER=1 to
disable this warning.
Press Ctrl+C now to abort, or wait for the script to continue..
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
CodeQL 2.16.4's auto-build added support for multi-module repositories,
and is trying to be smart by searching for modules in every directory,
including vendor directories. If no module is found, it's creating one
which is ... not what we want, so let's give it a "go.mod".
Here's from a run in CI;
/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/codeql version --format=json
{
"productName" : "CodeQL",
"vendor" : "GitHub",
"version" : "2.16.4",
"sha" : "9727ba3cd3d5a26f8b9347bf3c3eb4f565ac077b",
"branches" : [
"codeql-cli-2.16.4"
],
"copyright" : "Copyright (C) 2019-2024 GitHub, Inc.",
"unpackedLocation" : "/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql",
"configFileLocation" : "/home/runner/.config/codeql/config",
"configFileFound" : false,
"features" : {
"analysisSummaryV2Option" : true,
"buildModeOption" : true,
"bundleSupportsIncludeDiagnostics" : true,
"featuresInVersionResult" : true,
"indirectTracingSupportsStaticBinaries" : false,
"informsAboutUnsupportedPathFilters" : true,
"supportsPython312" : true,
"mrvaPackCreate" : true,
"threatModelOption" : true,
"traceCommandUseBuildMode" : true,
"v2ramSizing" : true,
"mrvaPackCreateMultipleQueries" : true,
"setsCodeqlRunnerEnvVar" : true
}
}
With 2.16.4, first it is unable to correlate files with the project, considering
them "stray" files;
Attempting to automatically build go code
/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/go/tools/autobuild.sh
2024/03/16 15:54:34 Autobuilder was built with go1.22.0, environment has go1.21.8
2024/03/16 15:54:34 LGTM_SRC is /home/runner/work/cli/cli
2024/03/16 15:54:34 Found no go.work files in the workspace; looking for go.mod files...
2024/03/16 15:54:34 Found stray Go source file in cli/cobra.go.
2024/03/16 15:54:34 Found stray Go source file in cli/cobra_test.go.
2024/03/16 15:54:34 Found stray Go source file in cli/command/builder/client_test.go.
2024/03/16 15:54:34 Found stray Go source file in cli/command/builder/cmd.go.
...
It then tries to build the binary, but in go modules mode, which fails (it also
seems to be doing this for each and every directory);
Use "make dev" to start an interactive development container,
use "make -f docker.Makefile " to execute this target
in a container, or set DISABLE_WARN_OUTSIDE_CONTAINER=1 to
disable this warning.
Press Ctrl+C now to abort, or wait for the script to continue..
./scripts/build/binary
Building static docker-linux-amd64
+ go build -o build/docker-linux-amd64 -tags osusergo pkcs11 -ldflags -X "github.com/docker/cli/cli/version.GitCommit=38c3ff6" -X "github.com/docker/cli/cli/version.BuildTime=2024-03-16T17:20:38Z" -X "github.com/docker/cli/cli/version.Version=38c3ff6.m" -extldflags -static -buildmode=pie github.com/docker/cli/cmd/docker
cannot find package "github.com/docker/cli/cmd/docker" in any of:
/opt/hostedtoolcache/go/1.21.8/x64/src/github.com/docker/cli/cmd/docker (from $GOROOT)
/home/runner/go/src/github.com/docker/cli/cmd/docker (from $GOPATH)
make: *** [Makefile:62: binary] Error 1
2024/03/16 17:20:38 Running /usr/bin/make [make] failed, continuing anyway: exit status 2
2024/03/16 17:20:38 Build failed, continuing to install dependencies.
2024/03/16 17:20:38 The code in vendor/gotest.tools/v3/skip seems to be missing a go.mod file. Attempting to initialize one...
2024/03/16 17:20:38 Import path is 'github.com/docker/cli'
If also seems to be doing this for ... every package?
cat 0_codeql.log | grep 'you are not in a container' | wc -l
497
After which it starts to create modules out of every directory;
The code in internal/test/network seems to be missing a go.mod file. Attempting to initialize one...
The code in internal/test/notary seems to be missing a go.mod file. Attempting to initialize one...
The code in internal/test/output seems to be missing a go.mod file. Attempting to initialize one...
The code in opts seems to be missing a go.mod file. Attempting to initialize one...
The code in service seems to be missing a go.mod file. Attempting to initialize one...
The code in service/logs seems to be missing a go.mod file. Attempting to initialize one...
The code in templates seems to be missing a go.mod file. Attempting to initialize one...
The code in vendor seems to be missing a go.mod file. Attempting to initialize one...
The code in vendor/dario.cat seems to be missing a go.mod file. Attempting to initialize one...
The code in vendor/dario.cat/mergo seems to be missing a go.mod file. Attempting to initialize one...
...
Skipping dependency package regexp.
Skipping dependency package github.com/opencontainers/go-digest.
Skipping dependency package github.com/distribution/reference.
Extracting /home/runner/work/cli/cli/cli/command/go.mod
Done extracting /home/runner/work/cli/cli/cli/command/go.mod (1ms)
Extracting /home/runner/work/cli/cli/cli/command/go.mod
Done extracting /home/runner/work/cli/cli/cli/command/go.mod (0ms)
Extracting /home/runner/work/cli/cli/cli/command/go.mod
Done extracting /home/runner/work/cli/cli/cli/command/go.mod (0ms)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We originally added this -compat to keep a consistent format of
the vendor.mod files for cases where there were differences
between go versions.
I don't think we really need this anymore, so let's remove.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diffs:
- https://github.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.33.0
- https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4
From the Go security announcement list;
> Version v1.33.0 of the google.golang.org/protobuf module fixes a bug in
> the google.golang.org/protobuf/encoding/protojson package which could cause
> the Unmarshal function to enter an infinite loop when handling some invalid
> inputs.
>
> This condition could only occur when unmarshaling into a message which contains
> a google.protobuf.Any value, or when the UnmarshalOptions.UnmarshalUnknown
> option is set. Unmarshal now correctly returns an error when handling these
> inputs.
>
> This is CVE-2024-24786.
In a follow-up post;
> A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown
> option is set (as well as when unmarshaling into any message which contains a
> google.protobuf.Any). There is no UnmarshalUnknown option.
>
> In addition, version 1.33.0 of google.golang.org/protobuf inadvertently
> introduced an incompatibility with the older github.com/golang/protobuf
> module. (https://github.com/golang/protobuf/issues/1596) Users of the older
> module should update to github.com/golang/protobuf@v1.5.4.
govulncheck results in our code shows that this does not affect the CLI:
govulncheck ./...
Scanning your code and 448 packages across 72 dependent modules for known vulnerabilities...
=== Symbol Results ===
No vulnerabilities found.
Your code is affected by 0 vulnerabilities.
This scan also found 1 vulnerability in packages you import and 0
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The command path sent for `docker build` should be `docker` rather than
`docker build` to be consistent with the other command paths.
* `docker buildx build` has a command path of `docker buildx`
* `docker builder build` has a command path of `docker builder`
* `docker image build` has a command path of `docker image`
The reason this gets set to `docker buildx` rather than `docker buildx
build` is because the `build` portion of the command path is processed
by the plugin. So the command path only contains the portions of the
command path that were processed by this tool.
Since the `build` of `docker build` gets forwarded to `buildx`, it is
not included in the command path.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Mark pulling legacy image formats as deprecated, and describe the
DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE environment variable.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This code was only used as part of container.RunStats, so moving the code
there instead as a non-exported type. The actual use also did not have to
handle concurrency, so the mutex is removed in the new location.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The daemonOSType variable is already set when collecting stats, so we unlikely
hit this code in practice, and it would only be set if `collect()` failed and
we never got a stats response. If we do need to get this information, let's use
the OSVersion we already obtained from the ping response.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Replace 'docker daemon' with the wording used for the preceeding table,
to make it extra-clear that those flags apply to the default bridge.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Added --detach/-d to stack rm. Setting --detach=false waits until
all of the stack tasks have reached a terminal state.
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: George Margaritis <gmargaritis@protonmail.com>
Added --detach and --quiet/-q flags to stack deploy. Setting --detach=false
waits until all of the stack services have converged. Shows progress bars for
each individual task, unless --quiet/-q is specified.
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: George Margaritis <gmargaritis@protonmail.com>
When a plugin is invoked, the docker cli will now set
`OTEL_RESOURCE_ATTRIBUTES` to pass OTEL resource attribute names to the
plugin as additional resource attributes. At the moment, the only
resource attribute passed is `cobra.command_path`.
All resource attributes passed by the CLI are prepended with the
namespace `docker.cli` to avoid clashing with existing ones the plugin
uses or ones defined by the user.
For aliased commands like the various builder commands, the command path
is overwritten to match with the original name (such as `docker
builder`) instead of the forwarded name (such as `docker buildx build`).
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
--iidfile logically specifies the IIDFILE and not the CIDFILE
(use --cidfile from docker-run.1.md for specifying a cidfile).
Signed-off-by: Max-Julian Pogner <max-julian@pogner.at>
The "github.com/docker/distribution" module moved to the distribution
org ("github.com/docker/distribution/v3"), and the new module deprecated
and removed the uuid package in favor of Google's UUID package.
While we still depend on the old module through packages and as an indirect
dependency, we may want to try avoid using it.
This patch replaces the use for the socket package, and replaces it for a
local utility, taking the same approach as `stringid.GenerateRandomID()`,
which should be random enough for this purpose.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- gha runners updated to ubuntu 22.04
- e2e now runs against moby 23.0, 24.0 and 25.0
- temporarily skip broken test for moby < 25
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
Allow tests to check the negotiated API version used by the client.
Can be used to skip tests based on API versions, for example:
```go
skip.If(t, versions.LessThan(environment.DaemonAPIVersion(t), "1.44"))
```
will skip the test if the API version is older than 1.44
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Inline the variables used to define the command + args used in the
tests, which makes it slightly easier to see what's run.
Also explicitly define a context, in case we want to add telemetry
to these tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Seems that OpenBSD behaves like darwin and requires to unlink all
socket, after it was used.
Tested on OpenBSD 7.4
Signed-off-by: Kirill A. Korinsky <kirill@korins.ky>
extra_hosts in the compose file format allows '=' as a separator, and brackets
around IP addresses, the engine API doesn't.
So, transform the values when reading a compose file for 'docker stack'.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Vendor docker/docker with API < 1.24 removed. This should not affect client
code.
43ffb1ee9d..9e075f3808
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Return error when user refuses at confirmation prompt
- Avoid sending space freed msg if user cancelled
- Fixed unit tests
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
The `docker images` top-level subcommand predates the `docker <object> <verb>`
convention (e.g. `docker image ls`), but accepts a positional argument to
search/filter images by name (globbing). It's common for users to accidentally
mistake these commands, and to use (e.g.) `docker images ls`, expecting
to see all images, but ending up with an empty list because no image named
"ls" was found.
Disallowing these search-terms would be a breaking change, but we can print
and informational message to help the users correct their mistake.
Before this patch:
docker images ls
REPOSITORY TAG IMAGE ID CREATED SIZE
With this patch applied:
docker images ls
REPOSITORY TAG IMAGE ID CREATED SIZE
No images found matching "ls": did you mean "docker image ls"?
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The 20.10 branch reached EOL, so we can probably remove this
one again.
This reverts commit a3d53e319f.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Adds a new plugin to the e2e plugins that simulates an older
plugin binary and a test suite to ensure older plugin binaries
keep behaving the same with newer CLI versions.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Use the `XXXVar` equivalent for flags that don't have a shorthand flag
instead of passing an empty string for the shorthand flag.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- rename confusing `target` argument, and use `containerID` in all places;
also make the variable more clearly local-scoped.
- rename `dockerCli` to be correctly camel-case, and to be consistent in
all places in this file.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Docker Engine 1.13 (API v1.25) added an option to set a custom default seccomp
profile on the daemon (see [moby/moby@b237189]). A warning was added on the
client-side if a non-default profile was set.
Docker Engine 23.0 (API v1.42) added warnings about non-default seccomp
profiles to the "info" response ([moby/moby@04f932a]), and the client was
updated to skip generating client-side warnings for API v1.42 and up in
[docker/cli@8964595].
These warnings are purely informational, and given that Docker Engine versions
before 23.0 have reached EOL, and any current version of the Engine now returns
the Warnings, it should be safe to remove the client-side fall back logic.
This patch removes the client-side fall back code for warnings that was
added in 8964595692.
[moby/moby@b237189]: b237189e6c
[moby/moby@04f932a]: 04f932ac86
[docker/cli@8964595]: 8964595692
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was deprecated in 298bddcc23 for
v25.0, and unused. This patch removes the function.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These types were deprecated in 7af509c7f1 (v25.0),
in favor of CLIOption, and are no longer used.
This patch removes the deprecated type-aliases, and while updating, also improves
the documentation for the CLIOption type.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Docker Engine 18.09 (API v1.39) introduced a Warnings field in the into response.
This enhancement was not gated by API version (see [moby/moby@a3d4238]), and
will be returned by Docker Engine 18.09 and up, regardless of the API version
chosen.
Likewise, the client-side code was written to prefer warnings returned by
the daemon, but to fall back on client-side detection of missing features
based on information in the Info response (see [docker/cli@3c27ce2]).
Thse warnings are purely informational, and given that Docker Engine versions
before 18.09 have reached EOL 6 Years ago, and any current version of the
Engine now returns the Warnings, it should be safe to remove the client-side
fall back logic.
This patch removes the client-side fall back code for warnings that was
added in 3c27ce21c9.
[moby/moby@a3d4238]: a3d4238b9c
[docker/cli@3c27ce2]: 3c27ce21c9
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
CLI reference for the base command was generated to cli.md
Changed it to docker.md to handle broken links.
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Alias pages redirect to the canonical names, but these pages still
linked to the aliases, causing broken links when building the docs site.
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
- Add section about cdi-spec-dirs daemon configuration
- Add subsection about cdi in --device section for docker run
- Update `docker info` output example
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
The Docker daemon provides a versioned API for backward compatibility with old
clients. Docker clients can perform API-version negotiation to select the most
recent API version supported by the daemon (downgrading to and older version of
the API when necessary). API version negotiation was introduced in Docker v1.12.0
(API 1.24), and clients before that used a fixed API version.
Docker Engine versions through v25.0 provide support for all [API versions](https://docs.docker.com/engine/api/#api-version-matrix)
included in stable releases for a given platform. For Docker daemons on Linux,
the earliest supported API version is 1.12 (corresponding with Docker Engine
v1.0.0), whereas for Docker daemons on Windows, the earliest supported API
version is 1.24 (corresponding with Docker Engine v1.12.0).
Support for legacy API versions (providing old API versions on current versions
of the Docker Engine) is primarily intended to provide compatibility with recent,
but still supported versions of the client, which is a common scenario (the Docker
daemon may be updated to the latest release, but not all clients may be up-to-date
or vice versa). Support for API versions before that (API versions provided by
EOL versions of the Docker Daemon) is provided on a "best effort" basis.
Use of old API versions is very rare, and support for legacy API versions
involves significant complexity (Docker 1.0.0 having been released 10 years ago).
Because of this, we'll start deprecating support for legacy API versions.
Docker Engine v25.0 by default disables API version older than 1.24 (aligning
the minimum supported API version between Linux and Windows daemons). When
connecting with a client that uses an API version version older than 1.24,
the daemon returns an error. The following example configures the docker
CLI to use API version 1.23, which produces an error:
DOCKER_API_VERSION=1.23 docker version
Error response from daemon: client version 1.23 is too old. Minimum supported API version is 1.24, please upgrade your client to a newer version
An environment variable (`DOCKER_MIN_API_VERSION`) is introduced that allows
re-enabling older API versions in the daemon. This environment variable must
be set in the daemon's environment (for example, through a [systemd override
file](https://docs.docker.com/config/daemon/systemd/)), and the specified
API version must be supported by the daemon (`1.12` or higher on Linux, or
`1.24` or higher on Windows).
Support for API versions lower than `1.24` will be permanently removed in Docker
Engine v26, and the minimum supported API version will be incrementally raised
in releases following that.
We do not recommend depending on the `DOCKER_MIN_API_VERSION` environment
variable other than for exceptional cases where it's not possible to update
old clients, and those clients must be supported.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In order to solve the "double notification" issue (see:
ef5e5fa03f)
without running the plugin process under a new pgid (see:
https://github.com/moby/moby/issues/47073) we instead check if we're
attached to a TTY, and if so skip signalling the plugin process since it
will already be signalled.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Build and push an image containing a static CLI binary for master branch
and every release branch and tag.
This is a slightly adjusted copy of the bin-image workflow from
docker/buildx (by @crazy-max).
Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Looks like this change caused docker-ce-packaging to fail;
dest=$PWD/build/mac; cd /home/ubuntu/workspace/release-packaging_ce-nightly/packaging/src/github.com/docker/cli/build && for platform in *; do \
arch=$(echo $platform | cut -d_ -f2); \
mkdir -p $dest/$arch/docker; \
cp $platform/docker-darwin-* $dest/$arch/docker/docker && \
tar -C $dest/$arch -c -z -f $dest/$arch/docker-25.0.0-rc.2.tgz docker; \
done
cp: cannot stat 'darwin_amd64/docker-darwin-*': No such file or directory
cp: cannot stat 'darwin_arm64/docker-darwin-*': No such file or directory
This reverts commit 6ad07f2a4b.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Changes were made in 1554ac3b5f to provide
a mechanism for the CLI to notify running plugin processes that they
should exit, in order to improve the general CLI/plugin UX. The current
implementation boils down to:
1. The CLI creates a socket
2. The CLI executes the plugin
3. The plugin connects to the socket
4. (When) the CLI receives a termination signal, it uses the socket to
notify the plugin that it should exit
5. The plugin's gets notified via the socket, and cancels it's `cmd.Context`,
which then gets handled appropriately
This change works in most cases and fixes the issue it sets out to solve
(see: https://github.com/docker/compose/pull/11292) however, in the case
where the user has a TTY attached and the plugin is not already handling
received signals, steps 4+ changes:
4. (When) the CLI receives a termination signal, before it can use the
socket to notify the plugin that it should exit, the plugin process
also receives a signal due to sharing the pgid with the CLI
Since we now have a proper "job control" mechanism, we can simplify the
scenarios by executing the plugins with their own process group id,
thereby removing the "double notification" issue and making it so that
plugins can handle the same whether attached to a TTY or not.
In order to make this change "plugin-binary" backwards-compatible, in
the case that a plugin does not connect to the socket, the CLI passes
the signal to the plugin process.
Co-authored-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
As macOS does not support the abstract socket namespace, use a temporary
socket in $TMPDIR to connect with the plugin. Ensure this socket is
cleaned up even in the case of crash/ungraceful termination by removing
it after the first connection is accepted.
Co-authored-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
Build and push an image containing a static CLI binary for master branch
and every release branch and tag.
This is a slightly adjusted copy of the bin-image workflow from
docker/buildx (by @crazy-max).
Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Transform `VERSION` variable if it contains a git ref.
This is the same as moby does (with "<<<" bashism removed).
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
`scripts/make/binary` produces `docker` file that is a symlink to a
`docker-<platform>` file.
Make the `binary` Dockerfile target produce an image that only contains
the `docker` binary and not the symlink.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Update this function to accept a smaller interface, as it doesn't need
all of "CLI". Also return errors encountered during its operation (although
the caller currently has no error return on its own).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Slightly rephrase the intro (remove "easy reference"), and cross-reference
the corresponding section on the docker CLI page.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
golden.AssertBytes prints the failure as a bytes-array, which makes
it not human-readable; let's compare strings instead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Docker v23.0 and up allow the daemon to be configured to have seccomp disabled
by default (using the "unconfined" profile as default), and introduced a new
"builtin" profile-name for the default (see [moby@f8795ed364586acd][1] and
[mnoby@ac449d6b5ad29a50][2]).
However, the CLI had no special handling for the "builtin" profile, which
resulted in it trying to load it as a file, which would fail;
docker run -it --rm --security-opt seccomp=builtin busybox
docker: opening seccomp profile (builtin) failed: open builtin: no such file or directory.
See 'docker run --help'.
This patch adds a special case for the "builtin" profile, to allow using the
default profile on daemons with seccomp disabled (unconfined) by default.
[1]: f8795ed364
[2]: ac449d6b5a
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit 9e1f8d646e changed this to a
"nolint" comment due to a regression in GoSec. That regression was
fixed, so we can go back to use the more fine-grained "nosec" comment.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/klauspost/compress/compare/v1.17.2...v1.17.4
v1.17.4:
- huff0: Speed up symbol counting
- huff0: Remove byteReader
- gzhttp: Allow overriding decompression on transport
- gzhttp: Clamp compression level
- gzip: Error out if reserved bits are set
v1.17.3:
- fse: Fix max header size
- zstd: Improve better/best compression
- gzhttp: Fix missing content type on Close
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Using this option on the daemon will now produce an error (flag will
be removed entirely in v26.0).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The filter option is not currently exposed on the command-line,
but can be added as a flag in future. It will be used by compose
to filter the list of containers to include based on compose
labels.
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When running `docker stats` without a list of containers, `runStats` collects
an initial list of containers. If that API call fails, the error is sent to the
`closeChan`, however, `closeChan` is non-buffered, and nothing is reading the
channel until we received the initial list and start collecting stats.
This patch rewrites the code that gets the initial list of containers to
return the error if the API call fails. The `getContainerList` closure is
also removed and inlined to make the logic somewhat easier to read.
Before this patch, the command would hang without producing output;
docker stats
# hangs; no output
With this patch, the error is printed, and the CLI exits:
docker stats
Error response from daemon: some error occurred
echo $?
1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The monitorContainerEvents and getContainerList closures where only
used when collecting "all" containers, so let's define them in that
branch of the code.
Also move some of the other variables closer to where they're used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We were unconditionally registering event-handlers for these events, but
the handler itself would ignore the event depending on the "all" option.
This patch skips registering the event handlers, so that we're not handling
them (saving some resources).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- memoize the API-client in a local variable.
- use struct-literals in some places.
- rename some variables for clarity and to prevent colliding with imports.
- make use of the event-constants (events.ContainerEventType).
- fix some grammar
- fix some minor linting warnings
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
no changes in vendored files
full diff: https://github.com/golang/crypto/compare/v0.16.0...v0.17.0
from the security mailing:
> Hello gophers,
>
> Version v0.17.0 of golang.org/x/crypto fixes a protocol weakness in the
> golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise
> the integrity of the secure channel before it was established, allowing
> them to prevent transmission of a number of messages immediately after
> the secure channel was established without either side being aware.
>
> The impact of this attack is relatively limited, as it does not compromise
> confidentiality of the channel. Notably this attack would allow an attacker
> to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a
> handful of newer security features.
>
> This protocol weakness was also fixed in OpenSSH 9.6.
>
> Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr
> University Bochum for reporting this issue.
>
> This is CVE-2023-48795 and Go issue https://go.dev/issue/64784.
>
> Cheers,
> Roland on behalf of the Go team
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is a follow-up to 0e73168b7e
This repository is not yet a module (i.e., does not have a `go.mod`). This
is not problematic when building the code in GOPATH or "vendor" mode, but
when using the code as a module-dependency (in module-mode), different semantics
are applied since Go1.21, which switches Go _language versions_ on a per-module,
per-package, or even per-file base.
A condensed summary of that logic [is as follows][1]:
- For modules that have a go.mod containing a go version directive; that
version is considered a minimum _required_ version (starting with the
go1.19.13 and go1.20.8 patch releases: before those, it was only a
recommendation).
- For dependencies that don't have a go.mod (not a module), go language
version go1.16 is assumed.
- Likewise, for modules that have a go.mod, but the file does not have a
go version directive, go language version go1.16 is assumed.
- If a go.work file is present, but does not have a go version directive,
language version go1.17 is assumed.
When switching language versions, Go _downgrades_ the language version,
which means that language features (such as generics, and `any`) are not
available, and compilation fails. For example:
# github.com/docker/cli/cli/context/store
/go/pkg/mod/github.com/docker/cli@v25.0.0-beta.2+incompatible/cli/context/store/storeconfig.go:6:24: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)
/go/pkg/mod/github.com/docker/cli@v25.0.0-beta.2+incompatible/cli/context/store/store.go:74:12: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)
Note that these fallbacks are per-module, per-package, and can even be
per-file, so _(indirect) dependencies_ can still use modern language
features, as long as their respective go.mod has a version specified.
Unfortunately, these failures do not occur when building locally (using
vendor / GOPATH mode), but will affect consumers of the module.
Obviously, this situation is not ideal, and the ultimate solution is to
move to go modules (add a go.mod), but this comes with a non-insignificant
risk in other areas (due to our complex dependency tree).
We can revert to using go1.16 language features only, but this may be
limiting, and may still be problematic when (e.g.) matching signatures
of dependencies.
There is an escape hatch: adding a `//go:build` directive to files that
make use of go language features. From the [go toolchain docs][2]:
> The go line for each module sets the language version the compiler enforces
> when compiling packages in that module. The language version can be changed
> on a per-file basis by using a build constraint.
>
> For example, a module containing code that uses the Go 1.21 language version
> should have a `go.mod` file with a go line such as `go 1.21` or `go 1.21.3`.
> If a specific source file should be compiled only when using a newer Go
> toolchain, adding `//go:build go1.22` to that source file both ensures that
> only Go 1.22 and newer toolchains will compile the file and also changes
> the language version in that file to Go 1.22.
This patch adds `//go:build` directives to those files using recent additions
to the language. It's currently using go1.19 as version to match the version
in our "vendor.mod", but we can consider being more permissive ("any" requires
go1.18 or up), or more "optimistic" (force go1.21, which is the version we
currently use to build).
For completeness sake, note that any file _without_ a `//go:build` directive
will continue to use go1.16 language version when used as a module.
[1]: 58c28ba286/src/cmd/go/internal/gover/version.go (L9-L56)
[2]; https://go.dev/doc/toolchain#:~:text=The%20go%20line%20for,file%20to%20Go%201.22
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This driver has been deprecated and removed because the service
is no longer operational. Update the deprecated features docs to
mention it's been fully removed in Docker v25.0.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This driver has been deprecated and removed because the service
is no longer operational. Remove it from the tests to better reflect
reality.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This driver has been deprecated and removed because the service
is no longer operational. Remove it from the sample output.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The service has been discontinued on November 15, 2022:
> Dear Logentries user,
>
> We have identified you as the owner of, or collaborator of, a Logentries
> account.
>
> The Logentries service will be discontinued on November 15th, 2022. This
> means that your Logentries account access will be removed and all your
> log data will be permanently deleted on this date.
>
> Next Steps
> If you are interested in an alternative Rapid7 log management solution,
> InsightOps will be available for purchase through December 16th, 2022.
> Please note, there is no support to migrate your existing Logentries
> account to InsightOps.
>
> Thank you for being a valued user of Logentries.
>
> Thank you,
> Rapid7 Customer Success
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upgrade to the latest OpenTelemetry libraries; this will unblock a lot of
downstream projects in the ecosystem to upgrade, as some of the parts here
were pre-1.0/unstable.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The cli/command package defined two option-types with the same signature.
This patch creates a new type instead (CLIOption), and makes the existing
types an alias for this (deprecating their old names).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Previously, long lived CLI plugin processes weren't
properly handled
(see: https://github.com/docker/cli/issues/4402)
resulting in plugin processes being left behind
running, after the CLI process exits.
This commit changes the plugin handling code to open
an abstract unix socket before running the plugin and
passing it to the plugin process, and changes the
signal handling on the CLI side to close this socket
which tells the plugin that it should exit.
This implementation makes use of sockets instead of
simply setting PDEATHSIG on the plugin process
so that it will work on both BSDs, assorted UNIXes
and Windows.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Create an easier to digest introduction to container networking,
move the bulk of information to the networking overview page.
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
commit 304c100ed2 updated the deprecation
status for these options, but forgot to update the status in the table.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit 5d6612798a updated the deprecation
status for devicemapper to "removed", but forgot to update the status
in the table.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fixes#4648
Make it easier to specify IPv6 addresses in the '--add-host' option by
permitting 'host=ip' in addition to 'host:ip', and allowing square
brackets around the address.
For example:
--add-host=my-hostname:127.0.0.1
--add-host=my-hostname:::1
--add-host=my-hostname=::1
--add-host=my-hostname:[::1]
To avoid compatibility problems, the CLI will replace an '=' separator
with ':', and strip brackets, before sending the request to the API.
Signed-off-by: Rob Murray <rob.murray@docker.com>
go1.21.5 (released 2023-12-05) includes security fixes to the go command,
and the net/http and path/filepath packages, as well as bug fixes to the
compiler, the go command, the runtime, and the crypto/rand, net, os, and
syscall packages. See the Go 1.21.5 milestone on our issue tracker for
details:
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.5+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.5...go1.21.5
from the security mailing:
[security] Go 1.21.5 and Go 1.20.12 are released
Hello gophers,
We have just released Go versions 1.21.5 and 1.20.12, minor point releases.
These minor releases include 3 security fixes following the security policy:
- net/http: limit chunked data overhead
A malicious HTTP sender can use chunk extensions to cause a receiver
reading from a request or response body to read many more bytes from
the network than are in the body.
A malicious HTTP client can further exploit this to cause a server to
automatically read a large amount of data (up to about 1GiB) when a
handler fails to read the entire body of a request.
Chunk extensions are a little-used HTTP feature which permit including
additional metadata in a request or response body sent using the chunked
encoding. The net/http chunked encoding reader discards this metadata.
A sender can exploit this by inserting a large metadata segment with
each byte transferred. The chunk reader now produces an error if the
ratio of real body to encoded bytes grows too small.
Thanks to Bartek Nowotarski for reporting this issue.
This is CVE-2023-39326 and Go issue https://go.dev/issue/64433.
- cmd/go: go get may unexpectedly fallback to insecure git
Using go get to fetch a module with the ".git" suffix may unexpectedly
fallback to the insecure "git://" protocol if the module is unavailable
via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE
is not set for said module. This only affects users who are not using
the module proxy and are fetching modules directly (i.e. GOPROXY=off).
Thanks to David Leadbeater for reporting this issue.
This is CVE-2023-45285 and Go issue https://go.dev/issue/63845.
- path/filepath: retain trailing \ when cleaning paths like \\?\c:\
Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the
volume name in Windows paths starting with \\?\, resulting in
filepath.Clean(\\?\c:\) returning \\?\c: rather than \\?\c:\ (among
other effects). The previous behavior has been restored.
This is an update to CVE-2023-45283 and Go issue https://go.dev/issue/64028.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Reverts "update to go1.21.4" due to regressions / breaking changes."
This reverts commit 4cf1c50ad1.
This re-applies commit 6472dabe4c.
----
update to go1.21.4
go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. See the Go 1.21.4 milestone on our issue tracker for details:
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.3...go1.21.4
from the security mailing:
[security] Go 1.21.4 and Go 1.20.11 are released
Hello gophers,
We have just released Go versions 1.21.4 and 1.20.11, minor point releases.
These minor releases include 2 security fixes following the security policy:
- path/filepath: recognize `\??\` as a Root Local Device path prefix.
On Windows, a path beginning with `\??\` is a Root Local Device path equivalent
to a path beginning with `\\?\`. Paths with a `\??\` prefix may be used to
access arbitrary locations on the system. For example, the path `\??\c:\x`
is equivalent to the more common path c:\x.
The filepath package did not recognize paths with a `\??\` prefix as special.
Clean could convert a rooted path such as `\a\..\??\b` into
the root local device path `\??\b`. It will now convert this
path into `.\??\b`.
`IsAbs` did not report paths beginning with `\??\` as absolute.
It now does so.
VolumeName now reports the `\??\` prefix as a volume name.
`Join(`\`, `??`, `b`)` could convert a seemingly innocent
sequence of path elements into the root local device path
`\??\b`. It will now convert this to `\.\??\b`.
This is CVE-2023-45283 and https://go.dev/issue/63713.
- path/filepath: recognize device names with trailing spaces and superscripts
The `IsLocal` function did not correctly detect reserved names in some cases:
- reserved names followed by spaces, such as "COM1 ".
- "COM" or "LPT" followed by a superscript 1, 2, or 3.
`IsLocal` now correctly reports these names as non-local.
This is CVE-2023-45284 and https://go.dev/issue/63713.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
"By default" implies that this is something which could be
disabled for an individual `docker exec` call. This doesn't seem
to be the case, so removing the "by default" part would make
these docs clearer to me.
Signed-off-by: Per Lundberg <per.lundberg@hibox.tv>
This also moves `musl-dev` to the alpine-base stage, due to changes in
Alpine 3.18 causing gotestsum build to fail because stdlib.h was missing;
#17 5.065 # runtime/cgo
#17 5.065 In file included from _cgo_export.c:3:
#17 5.065 /usr/include/fortify/stdlib.h:23:15: fatal error: stdlib.h: No such file or directory
#17 5.065 23 | #include_next <stdlib.h>
#17 5.065 | ^~~~~~~~~~
alpine 3.17:
/ # find / | grep stdlib.h
/usr/include/c++/12.2.1/tr1/stdlib.h
/usr/include/c++/12.2.1/stdlib.h
alpine 3.18
/ # find / | grep stdlib.h
/usr/lib/llvm16/lib/clang/16/include/__clang_hip_stdlib.h
/usr/include/fortify/stdlib.h
/usr/include/c++/12.2.1/tr1/stdlib.h
/usr/include/c++/12.2.1/stdlib.h
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- updates fc6976db45
- updates 74bace156c
Commit fc6976db45 introduced support for the
`bind-recursive` option on `--mount`, and deprecated the `bind-nonrecursive`
option. Unlike `bind-nonrecursive` boolean, the `bind-recursive` option
accepts a string value with multiple options.
For convenience, the `bind-recursive` option also was made to accept boolean
values (true/false, 1/0). However, as the option works as the _reverse_ of
`bind-nonrecursive` (`bind-nonrecursive=true` === `bind-recursive=false`),
the new option won't be a "drop-in" replacement, and having more options
to choose from may only be adding more complexity / cognitive overload.
This patch removes support for boolean values; if we see a need to add
support for boolean values in future, it would be trivial to add back this
functionality.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The linter is correct; given that these functions do not allow for an error
to be returned, we panic. Alternatively, we could return the error string
as output, or add a `//nolint:errchkjson` comment.
templates/templates.go:17:3: Error return value of `(*encoding/json.Encoder).Encode` is not checked: unsafe type `interface{}` found (errchkjson)
enc.Encode(v)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
fix some nolintlint false positives
For some reason, nolintlint doesn't consider these used, but they seem to be
legitimate cases where deprecated fields are used.
templates/templates.go:27:29: directive `//nolint:staticcheck // strings.Title is deprecated, but we only use it for ASCII, so replacing with golang.org/x/text is out of scope` is unused for linter "staticcheck" (nolintlint)
"title": strings.Title, //nolint:staticcheck // strings.Title is deprecated, but we only use it for ASCII, so replacing with golang.org/x/text is out of scope
^
cli/command/formatter/image_test.go:75:31: directive `//nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.` is unused for linter "staticcheck" (nolintlint)
call: ctx.VirtualSize, //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.
^
cli/command/registry/formatter_search.go💯39: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
return c.formatBool(c.s.IsAutomated) //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
^
cli/command/registry/formatter_search_test.go:50:55: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
s: registrytypes.SearchResult{IsAutomated: true}, //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
^
cli/command/registry/formatter_search_test.go:53:31: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
call: ctx.IsAutomated, //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
^
cli/command/registry/formatter_search_test.go:59:27: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
call: ctx.IsAutomated, //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
^
cli/command/registry/formatter_search_test.go:202:84: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
{Name: "result2", Description: "Not official", StarCount: 5, IsAutomated: true}, //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/compose/types/types.go:568:17: fmt.Sprintf can be replaced with faster strconv.FormatBool (perfsprint)
return []byte(fmt.Sprintf("%v", e.External)), nil
^
cli/command/formatter/buildcache.go:174:9: fmt.Sprintf can be replaced with faster strconv.Itoa (perfsprint)
return fmt.Sprintf("%d", c.v.UsageCount)
^
cli/command/formatter/buildcache.go:178:9: fmt.Sprintf can be replaced with faster strconv.FormatBool (perfsprint)
return fmt.Sprintf("%t", c.v.InUse)
^
cli/command/formatter/buildcache.go:182:9: fmt.Sprintf can be replaced with faster strconv.FormatBool (perfsprint)
return fmt.Sprintf("%t", c.v.Shared)
^
cli/command/formatter/image.go:259:9: fmt.Sprintf can be replaced with faster strconv.FormatInt (perfsprint)
return fmt.Sprintf("%d", c.i.Containers)
^
cli/command/formatter/tabwriter/tabwriter_test.go:698:9: fmt.Sprintf can be replaced with faster strconv.Itoa (perfsprint)
b.Run(fmt.Sprintf("%d", x), func(b *testing.B) {
^
cli/command/formatter/tabwriter/tabwriter_test.go:720:9: fmt.Sprintf can be replaced with faster strconv.Itoa (perfsprint)
b.Run(fmt.Sprintf("%d", h), func(b *testing.B) {
^
cli/command/image/prune.go:62:31: fmt.Sprintf can be replaced with faster strconv.FormatBool (perfsprint)
pruneFilters.Add("dangling", fmt.Sprintf("%v", !options.all))
^
cli/command/network/formatter.go:92:9: fmt.Sprintf can be replaced with faster strconv.FormatBool (perfsprint)
return fmt.Sprintf("%v", c.n.EnableIPv6)
^
cli/command/network/formatter.go:96:9: fmt.Sprintf can be replaced with faster strconv.FormatBool (perfsprint)
return fmt.Sprintf("%v", c.n.Internal)
^
cli/command/service/formatter.go:745:9: fmt.Sprintf can be replaced with faster strconv.FormatUint (perfsprint)
pub = fmt.Sprintf("%d", pr.pStart)
^
cli/command/service/formatter.go:750:9: fmt.Sprintf can be replaced with faster strconv.FormatUint (perfsprint)
tgt = fmt.Sprintf("%d", pr.tStart)
^
cli/command/service/opts.go:49:10: fmt.Sprintf can be replaced with faster strconv.FormatUint (perfsprint)
return fmt.Sprintf("%v", *i.value)
^
cli/compose/loader/loader.go:720:36: fmt.Sprint can be replaced with faster strconv.Itoa (perfsprint)
v, err := toServicePortConfigs(fmt.Sprint(value))
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/idresolver/idresolver.go:33:4: error is not nil (line 31) but it returns nil (nilerr)
return id, nil
^
cli/command/idresolver/idresolver.go:45:4: error is not nil (line 43) but it returns nil (nilerr)
return id, nil
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/utils.go:190:35: param new has same name as predeclared identifier (predeclared)
func StringSliceReplaceAt(s, old, new []string, requireIndex int) ([]string, bool) {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/system/info.go:470:1: deprecatedComment: use `Deprecated: ` (note the casing) instead of `DEPRECATED: ` (gocritic)
// DEPRECATED: warnings are now generated by the daemon, and returned in
^
cli/command/system/info.go:492:1: deprecatedComment: use `Deprecated: ` (note the casing) instead of `DEPRECATED: ` (gocritic)
// DEPRECATED: warnings are now generated by the daemon, and returned in
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/command/trust/inspect.go:74:33: appendAssign: append result not assigned to the same slice (gocritic)
signatureRows[idx].Signers = append(sig.Signers, releasedRoleName)
^
cli/command/task/print.go:92:7: appendAssign: append result not assigned to the same slice (gocritic)
t := append(tasks[:0:0], tasks...)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This option was created Moby [6d59a566759da5729d7eb89a8e1888fc612f03cf], and
used for the daemon config [353b7c8ec77b30fa83dac5ec0778193f6de8b437]. It was
migrated from the Moby repository in f34ca0a354,
but was never used by the CLI, and there are no external consumers.
If we would need an IP-address option, spf13/pflags now provides those, so
there's no need to implement this ourselves.
[6d59a566759da5729d7eb89a8e1888fc612f03cf]: 6d59a56675
[353b7c8ec77b30fa83dac5ec0778193f6de8b437]: 353b7c8ec7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- document accepted values
- add test-coverage for the function's behavior (including whitespace handling),
and use sub-tests.
- improve error-message to use uppercase for "IP", and to use a common prefix.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This will return the ServerAddress property when using the NativeStore.
This happens when you use docker credential helpers, not the credential
store.
The reason this fix is needed is because it needs to be propagated
properly down towards `moby/moby` project in the following logic:
```golang
func authorizationCredsFromAuthConfig(authConfig registrytypes.AuthConfig) docker.AuthorizerOpt {
cfgHost := registry.ConvertToHostname(authConfig.ServerAddress)
if cfgHost == "" || cfgHost == registry.IndexHostname {
cfgHost = registry.DefaultRegistryHost
}
return docker.WithAuthCreds(func(host string) (string, string, error) {
if cfgHost != host {
logrus.WithFields(logrus.Fields{
"host": host,
"cfgHost": cfgHost,
}).Warn("Host doesn't match")
return "", "", nil
}
if authConfig.IdentityToken != "" {
return "", authConfig.IdentityToken, nil
}
return authConfig.Username, authConfig.Password, nil
})
}
```
This logic resides in the following file :
`daemon/containerd/resolver.go` .
In the case when using the containerd storage feature when setting the
`cfgHost` variable from the `authConfig.ServerAddress` it will always be
empty. Since it will never be returned from the NativeStore currently.
Therefore Docker Hub images will work fine, but anything else will fail
since the `cfgHost` will always be the `registry.DefaultRegistryHost`.
Signed-off-by: Eric Bode <eric.bode@foundries.io>
Unfortunately, the go1.21.4 security update exposed some regressions / breaking
changes in moby (docker engine) and containerd. These issues are looked into,
but in the meantime we should revert this patch.
This temporarily reintroduces CVE-2023-45284 and CVE-2023-45283.
This reverts commit 6472dabe4c.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath
package, as well as bug fixes to the linker, the runtime, the compiler, and
the go/types, net/http, and runtime/cgo packages. See the Go 1.21.4 milestone
on our issue tracker for details:
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.3...go1.21.4
from the security mailing:
[security] Go 1.21.4 and Go 1.20.11 are released
Hello gophers,
We have just released Go versions 1.21.4 and 1.20.11, minor point releases.
These minor releases include 2 security fixes following the security policy:
- path/filepath: recognize `\??\` as a Root Local Device path prefix.
On Windows, a path beginning with `\??\` is a Root Local Device path equivalent
to a path beginning with `\\?\`. Paths with a `\??\` prefix may be used to
access arbitrary locations on the system. For example, the path `\??\c:\x`
is equivalent to the more common path c:\x.
The filepath package did not recognize paths with a `\??\` prefix as special.
Clean could convert a rooted path such as `\a\..\??\b` into
the root local device path `\??\b`. It will now convert this
path into `.\??\b`.
`IsAbs` did not report paths beginning with `\??\` as absolute.
It now does so.
VolumeName now reports the `\??\` prefix as a volume name.
`Join(`\`, `??`, `b`)` could convert a seemingly innocent
sequence of path elements into the root local device path
`\??\b`. It will now convert this to `\.\??\b`.
This is CVE-2023-45283 and https://go.dev/issue/63713.
- path/filepath: recognize device names with trailing spaces and superscripts
The `IsLocal` function did not correctly detect reserved names in some cases:
- reserved names followed by spaces, such as "COM1 ".
- "COM" or "LPT" followed by a superscript 1, 2, or 3.
`IsLocal` now correctly reports these names as non-local.
This is CVE-2023-45284 and https://go.dev/issue/63713.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function only needed the ContainerAPIClient, and not the whole CLI. This
patch refactors it to use the shallower interface.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is a follow-up of https://github.com/docker/cli/pull/4419. That PR
leveraged the fact that EndpointSettings.MacAddress is already
available, although not used by the CreateNetwork endpoint.
TestParseWithMacAddress was testing whether the container-wide
MacAddress field is set, and we still need to test that to ensure
backward compatibility. But we now also need to test whether the
endpoint-specific MacAddress is set.
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
Next commit will need this change to test whether the endpoint-specific
MacAddress is correctly set.
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
server: prohibit more than MaxConcurrentStreams handlers from running at once
(CVE-2023-44487).
In addition to this change, applications should ensure they do not leave running
tasks behind related to the RPC before returning from method handlers, or should
enforce appropriate limits on any such work.
- https://github.com/grpc/grpc-go/compare/v1.56.2...v1.56.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Please the linters in preparation of updating golangci-lint;
- remove dot-imports
- add some checks for unhandled errors
- replace some fixed-value variables for consts
cli/command/image/build/context.go:238:17: G107: Potential HTTP request made with variable url (gosec)
if resp, err = http.Get(url); err != nil {
^
cli/command/idresolver/idresolver_test.go:7:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/registry_test.go:7:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/cli/command" // Prevents a circular import with "github.com/docker/cli/internal/test"
^
cli/command/task/print_test.go:11:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/swarm/update_test.go:10:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/swarm/unlock_key_test.go:9:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/swarm/join_token_test.go:9:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/node/list_test.go:9:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/node/promote_test.go:8:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/node/demote_test.go:8:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package functions
^
cli/command/node/ps_test.go:11:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/node/update_test.go:8:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/node/inspect_test.go:9:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package functions
^
cli/command/secret/ls_test.go:11:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/secret/inspect_test.go:11:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/volume/inspect_test.go:9:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/volume/list_test.go:9:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/config/inspect_test.go:11:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/config/ls_test.go:11:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/network/list_test.go:9:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders"
^
cli/command/container/list_test.go:10:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/service/list_test.go:12:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders"
^
cli/command/service/client_test.go:6:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/stack/list_test.go:8:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/stack/services_test.go:9:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
cli/command/stack/ps_test.go:10:2: dot-imports: should not use dot imports (revive)
. "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `docker swarm update` copmmand does not have a `--quiet` flag, but this
test was trying to set it.
docker swarm update --help
Usage: docker swarm update [OPTIONS]
Update the swarm
Options:
--autolock Change manager autolocking setting (true|false)
--cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s)
--dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
--external-ca external-ca Specifications of one or more certificate signing endpoints
--max-snapshots uint Number of additional Raft snapshots to retain
--snapshot-interval uint Number of log entries between Raft snapshots (default 10000)
--task-history-limit int Task history retention limit (default 5)
The test didn't catch this issue, because errors when setting the flag were
not handled, so also adding error-handling;
=== Failed
=== FAIL: cli/command/swarm TestSwarmUpdate (0.00s)
update_test.go:177: assertion failed: error is not nil: no such flag -quiet
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Paths in the advanced / compose-file format are not converted
to be platform-specific, so for these tests, it should not be
needed to convert the paths to be Windows-paths.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
use the golden utility instead of self-crafting expected output,
this allows automaticaly updating the expected output.
This change does break this specific test on Windows due to platform-
specific paths. Other tests already have this issue on Windows, so
skipping the test for now.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Removed broken link in #937
- How I did it
Removed first section of CONTRIBUTING.md
- How to verify it
Check CONTRIBUTING.md
- Description for the changelog
Removed broken link in contributing to Docker documentation.
A picture of a cute animal (not mandatory but encouraged)
Closes#937
Signed-off-by: achneerov <achneerov@gmail.com>
full diff: https://github.com/golang/net/compare/v0.10.0...v0.17.0
This fixes the same CVE as go1.21.3 and go1.20.10;
- net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
This is also tracked by CVE-2023-44487.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Fix storageDriver gcs not registered in binaries
- reference: replace uses of deprecated function SplitHostname
- Dont parse errors as JSON unless Content-Type is set to JSON
- update to go1.20.8
- Set Content-Type header in registry client ReadFrom
- deprecate reference package, migrate to github.com/distribution/reference
- digestset: deprecate package in favor of go-digest/digestset
- Do not close HTTP request body in HTTP handler
full diff: https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.21.3 (released 2023-10-10) includes a security fix to the net/http package.
See the Go 1.21.3 milestone on our issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.21.3+label%3ACherryPickApproved
full diff: https://github.com/golang/go/compare/go1.21.2...go1.21.3
From the security mailing:
[security] Go 1.21.3 and Go 1.20.10 are released
Hello gophers,
We have just released Go versions 1.21.3 and 1.20.10, minor point releases.
These minor releases include 1 security fixes following the security policy:
- net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
This is also tracked by CVE-2023-44487.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.21.2 (released 2023-10-05) includes one security fixes to the cmd/go package,
as well as bug fixes to the compiler, the go command, the linker, the runtime,
and the runtime/metrics package. See the Go 1.21.2 milestone on our issue
tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.21.2+label%3ACherryPickApproved
full diff: https://github.com/golang/go/compare/go1.21.1...go1.21.2
From the security mailing:
[security] Go 1.21.2 and Go 1.20.9 are released
Hello gophers,
We have just released Go versions 1.21.2 and 1.20.9, minor point releases.
These minor releases include 1 security fixes following the security policy:
- cmd/go: line directives allows arbitrary execution during build
"//line" directives can be used to bypass the restrictions on "//go:cgo_"
directives, allowing blocked linker and compiler flags to be passed during
compliation. This can result in unexpected execution of arbitrary code when
running "go build". The line directive requires the absolute path of the file in
which the directive lives, which makes exploting this issue significantly more
complex.
This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
See `opts/mount_test.go:TestMountOptSetBindRecursive()` for the behavior.
Documentation will be added separately after reaching consensus on the
design.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
On Go 1.18 since a5ebe2282a, we get:
# github.com/docker/docker-credential-helpers/client
vendor/github.com/docker/docker-credential-helpers/client/command.go:34:39: programCmd.Environ undefined (type *exec.Cmd has no field or method Environ)
note: module requires Go 1.19
# github.com/docker/cli/cli/connhelper/commandconn
cli/connhelper/commandconn/commandconn.go:71:22: undefined: atomic.Bool
cli/connhelper/commandconn/commandconn.go:76:22: undefined: atomic.Bool
cli/connhelper/commandconn/commandconn.go:77:22: undefined: atomic.Bool
cli/connhelper/commandconn/commandconn.go:78:22: undefined: atomic.Bool
These go away when building against 1.19+.
Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
This copies the github.com/moby/buildkit/util/appcontext
package as an internal package. The appcontext package from
BuildKit was the only remaining dependency on BuildKit, and
while we may need some of its functionality, the implementation
is not correct for how it's used in docker/cli (so would need
a rewrite).
Moving a copy of the code into the docker/cli (but as internal
package to prevent others from depending on it) is a first step
in that process, and removes the circular dependency between
BuildKit and the CLi.
We are only using these:
tree vendor/github.com/moby/buildkit
vendor/github.com/moby/buildkit
├── AUTHORS
├── LICENSE
└── util
└── appcontext
├── appcontext.go
├── appcontext_unix.go
├── appcontext_windows.go
└── register.go
3 directories, 6 files
Before this:
go mod graph | grep ' github.com/docker/cli'
github.com/moby/buildkit@v0.11.6 github.com/docker/cli@v23.0.0-rc.1+incompatible
After this:
go mod graph | grep ' github.com/docker/cli'
# (nothing)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This may find its way into the official images, but until it does, let's
make sure we don't get unexpected updates of go.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's not needed to build these binaries. The Dockerfile.dev image already
has CGO_ENABLED=0 as default in the golang image, so does not need updates.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We were depending on alpine's package repository to install compose,
but for debian we used compose's GitHub releases. Depending on distro
packages means that we don't know when updates will happen, and versions
may diverge because of that; for example, alpine 3.18 updated to compose
v2;
On alpine 3.17:
make -f docker.Makefile build-e2e-image
docker run --rm docker-cli-e2e docker-compose --version
docker-compose version 1.29.2, build unknown
On alpine 3.18:
make -f docker.Makefile build-e2e-image
docker run --rm docker-cli-e2e docker-compose --version
Docker Compose version v2.17.3
This caused our e2e script to fail, as it made assumptions about the name
format created by compose, which changed from underscores to hyphens in v2;
Container cliendtoendsuite-engine-1 Running
Error: No such object: cliendtoendsuite_engine_1
This patch:
- updates the Dockerfile to install compose from the compose-bin image
- adjusts the e2e script for the new naming scheme format
- removes the version field from the compose-files used in e2e, as they
are no longer used by compose.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.20.8 (released 2023-09-06) includes two security fixes to the html/template
package, as well as bug fixes to the compiler, the go command, the runtime,
and the crypto/tls, go/types, net/http, and path/filepath packages. See the
Go 1.20.8 milestone on our issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.20.8+label%3ACherryPickApproved
full diff: https://github.com/golang/go/compare/go1.20.7...go1.20.8
From the security mailing:
[security] Go 1.21.1 and Go 1.20.8 are released
Hello gophers,
We have just released Go versions 1.21.1 and 1.20.8, minor point releases.
These minor releases include 4 security fixes following the security policy:
- cmd/go: go.mod toolchain directive allows arbitrary execution
The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to
execute scripts and binaries relative to the root of the module when the "go"
command was executed within the module. This applies to modules downloaded using
the "go" command from the module proxy, as well as modules downloaded directly
using VCS software.
Thanks to Juho Nurminen of Mattermost for reporting this issue.
This is CVE-2023-39320 and Go issue https://go.dev/issue/62198.
- html/template: improper handling of HTML-like comments within script contexts
The html/template package did not properly handle HMTL-like "<!--" and "-->"
comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may
cause the template parser to improperly interpret the contents of <script>
contexts, causing actions to be improperly escaped. This could be leveraged to
perform an XSS attack.
Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
issue.
This is CVE-2023-39318 and Go issue https://go.dev/issue/62196.
- html/template: improper handling of special tags within script contexts
The html/template package did not apply the proper rules for handling occurrences
of "<script", "<!--", and "</script" within JS literals in <script> contexts.
This may cause the template parser to improperly consider script contexts to be
terminated early, causing actions to be improperly escaped. This could be
leveraged to perform an XSS attack.
Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
issue.
This is CVE-2023-39319 and Go issue https://go.dev/issue/62197.
- crypto/tls: panic when processing post-handshake message on QUIC connections
Processing an incomplete post-handshake message for a QUIC connection caused a panic.
Thanks to Marten Seemann for reporting this issue.
This is CVE-2023-39321 and CVE-2023-39322 and Go issue https://go.dev/issue/62266.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The new advanced --network syntax introduced in docker/cli#1767 is
lacking support for `link-local-ip` and `mac-address` fields. This
commit adds both.
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
Following flags are silently ignored when they're passed with no
`--network` specified (ie. when the default network is used):
- `--network-alias`
- `--ip`
- `--ip6`
- `--link-local-ip`
This is not really an issue right now since the first 3 parameters are
not allowed on the default bridge network. However, with
[moby/moby#45905][1], the container-wide MacAddress parameter will be
deprecated and dismissed. Because of that, with [docker/cli#4419][2],
it's currently not possible to use the `--mac-address` flag with no
default network specified.
Morever, `docker network connect --link-local-ip ...` works properly, so
it should also work on `docker container create`. This also lay the
ground for making the default bridge network just a "normal" network.
Since the 3 parameters in the list above aren't ignored anymore, if
users provide them, moby's ContainerStart endpoint will complain about
those. To provide better UX, [moby/moby#46183][3] make sure these
invalid parameters lead to a proper error message on `docker container
create` / `docker run`.
[1]: https://github.com/moby/moby/pull/45905
[2]: https://github.com/docker/cli/pull/4419
[3]: https://github.com/moby/moby/pull/46183
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
The latin phrase "vice versa" can be pronounced "vice-a-versa", but should not be rendered as such.
Signed-off-by: briantracy <brian.tracy33@gmail.com>
Remove some redundant error-checks or combine them. Also made a small
optimisation when initialising a slice.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Also make it slightly more clearer we're returning a default (empty)
policy if the input is empty.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was skipped if the host was not using UTC timezone, because the output
of timestamps would be different, causing the test to fail.
This patch overrides the TZ env-var to make the test use UTC, so that we don't
have to skip the test.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fixes issue #3889 by only loading docker plugins path when needed: if it is fast enough than it shouldn't be a problem to do this on demand; OTOH if it is slow then we shouldn't do this during *every* bash session initialization, regardless if docker completion will be needed or not.
Signed-off-by: Oded Arbel <oded@geek.co.il>
The BuildKit dockerignore package was migrated to the patternmatcher
repository / module. This patch updates our uses of the BuildKit package
with its new location.
A small local change was made to keep the format of the existing error message,
because the "ignorefile" package is slightly more agnostic in that respect
and doesn't include ".dockerignore" in the error message.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This attempts to make it clearer that the --cgroup-parent option is only used
for the containers used during build. Instead of mentioning "build container",
I opted for using "RUN instructions" (to match the --network description),
although this may not be ideal (as it assumes the "Dockerfile" front-end, which
of course may not be the case).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When using a personal access token, Docker Hub produces an error if actions
are requested beyond the token's allowed actions. This resulted in errors
when using a PAT with limited permissions to do a "docker manifest inspect".
This patch sets actions to "pull" only by default, and requests "push" action
for requests that need it.
To verify:
- create a PAT with limited access (read-only)
- log in with your username and the PAT as password
Before this patch:
docker manifest inspect ubuntu:latest
Get "https://registry-1.docker.io/v2/library/ubuntu/manifests/latest": unauthorized: access token has insufficient scopes
With this patch applied:
docker manifest inspect ubuntu:latest
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.index.v1+json",
"manifests": [
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 424,
"digest": "sha256:56887c5194fddd8db7e36ced1c16b3569d89f74c801dc8a5adbf48236fb34564",
"platform": {
"architecture": "amd64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 424,
"digest": "sha256:c835a4f2a632bc91a2b494e871549f0dd83f2966c780e66435774e77e048ddf0",
"platform": {
"architecture": "arm",
"os": "linux",
"variant": "v7"
}
}
]
}
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is a similar fix as 006c946389, which
fixed this for detection of commands that were executed. Make sure we don't
call the "/_ping" endpoint if we don't need to.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In previous versions of the Docker API, `system prune --volumes` and `volume prune`
would remove all dangling volumes. With API v1.42, this was changed so that only
anonymous volumes would be removed unless the all filter was specified.
Some of the docs were updated in #4218, however, there were a couple of places
left that didn't make the anonymous vs named volumes distinction clear.
This replaces #4079, which was bitrotted by #4218. See also #4028.
Closes#4079.
Signed-off-by: Ed Morley <501702+edmorley@users.noreply.github.com>
The IsAutomated field is being deprecated by Docker Hub's search API and
will always be "false" in future.
This patch:
- Deprecates the field and the related "is-automated" filter
- Removes the "AUTOMATED" column from the default output of "docker search"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Both these functions took the whole DockerCLI as argument, but only needed
the ConfigFile. ResolveAuthConfig also had an unused context.Context as
argument.
This patch updates both functions to accept a ConfigFile, and removes the
unused context.Context.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use consts for fixed values, and rename some for clarity
- remove testAuthErrors map and inline the logic (same as we do for other cases)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- TestSearchContext: don't use un-keyed structs
- TestSearchContext: don't use CompareMultipleValues as it was not needed
- TestSearchContextDescription: don't use un-keyed structs
- TestSearchContextDescription: don't use CompareMultipleValues as it was not needed
- TestSearchContextWrite: don't use un-keyed structs, and include the
code-comments into the test-table as names for the tests to give them
some context.
- TestSearchContextWriteJSON and TestSearchContextWriteJSONField were not
validating the output format, but validating if the JSON output could
be marshalled back to a struct. Let's just role them into TestSearchContextWrite.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Includes a fix for CVE-2023-29409
go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls
package, as well as bug fixes to the assembler and the compiler. See the
Go 1.20.7 milestone on our issue tracker for details:
- https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.6...go1.20.7
From the mailing list announcement:
[security] Go 1.20.7 and Go 1.19.12 are released
Hello gophers,
We have just released Go versions 1.20.7 and 1.19.12, minor point releases.
These minor releases include 1 security fixes following the security policy:
- crypto/tls: restrict RSA keys in certificates to <= 8192 bits
Extremely large RSA keys in certificate chains can cause a client/server
to expend significant CPU time verifying signatures. Limit this by
restricting the size of RSA keys transmitted during handshakes to <=
8192 bits.
Based on a survey of publicly trusted RSA keys, there are currently only
three certificates in circulation with keys larger than this, and all
three appear to be test certificates that are not actively deployed. It
is possible there are larger keys in use in private PKIs, but we target
the web PKI, so causing breakage here in the interests of increasing the
default safety of users of crypto/tls seems reasonable.
Thanks to Mateusz Poliwczak for reporting this issue.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- full diff: https://github.com/containerd/containerd/compare/v1.6.21...v1.6.22
- release notes: https://github.com/containerd/containerd/releases/tag/v1.6.22
---
Notable Updates
- RunC: Update runc binary to v1.1.8
- CRI: Fix `additionalGids`: it should fallback to `imageConfig.User`
when `securityContext.RunAsUser`, `RunAsUsername` are empty
- CRI: Write generated CNI config atomically
- Fix concurrent writes for `UpdateContainerStats`
- Make `checkContainerTimestamps` less strict on Windows
- Port-Forward: Correctly handle known errors
- Resolve `docker.NewResolver` race condition
- SecComp: Always allow `name_to_handle_at`
- Adding support to run hcsshim from local clone
- Pinned image support
- Runtime/V2/RunC: Handle early exits w/o big locks
- CRITool: Move up to CRI-TOOLS v1.27.0
- Fix cpu architecture detection issue on emulated ARM platform
- Task: Don't `close()` io before `cancel()`
- Fix panic when remote differ returns empty result
- Plugins: Notify readiness when registered plugins are ready
- Unwrap io errors in server connection receive error handling
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- go.mod: update dependencies and go version by
- Use Go1.20
- Fix couple of typos
- Added `WithStdout` and `WithStderr` helpers
- Moved `cmdOperators` handling from `RunCmd` to `StartCmd`
- Deprecate `assert.ErrorType`
- Remove outdated Dockerfile
- add godoc links
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Initialize AuthConfigs map if it's nil before returning it.
This fixes fileStore.Store nil dereference panic when adding a new key
to the map.
Signed-off-by: Danial Gharib <danial.mail.gh@gmail.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
It's unused in the CLI itself, and does nothing other than
initializing a new, empty StartOptions struct.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
update the version we use in the dev-container;
- Fix a regression for bake where services in profiles would not be loaded.
- Fix a regression where --cgroup-parent option had no effect during build.
- Fix a regression where valid docker contexts could fail buildx builder name validation.
- Fix an issue where the host-gateway special address could not be used as an argument to --add-host.
- Fix a possible panic when terminal is resized during the build.
release notes: https://github.com/docker/buildx/releases/tag/v0.11.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.20.6 (released 2023-07-11) includes a security fix to the net/http package,
as well as bug fixes to the compiler, cgo, the cover tool, the go command,
the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template
packages. See the Go 1.20.6 milestone on our issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved
Full diff: https://github.com/golang/go/compare/go1.20.5...go1.20.6
These minor releases include 1 security fixes following the security policy:
net/http: insufficient sanitization of Host header
The HTTP/1 client did not fully validate the contents of the Host header.
A maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an
invalid Request.Host or Request.URL.Host value.
Thanks to Bartek Nowotarski for reporting this issue.
Includes security fixes for [CVE-2023-29406 ][1] and Go issue https://go.dev/issue/60374
[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
no changes in vendored files, but keeping in sync with the docker/docker version
full diff: 36334ed187...ad0f3ae162
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Changes the `Read` and `Write` error handling
logic to return the original error while closing
the connection. We still skip calling `handleEOF`
if already closing the connection.
Fixes the flaky `TestCloseWhileWriting` and
`TestCloseWhileReading` tests.
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
The daemon collects this information regardless if "debug" is
enabled. Print the debugging information if either the daemon,
or the client has debug enabled.
We should probably improve this logic and print any of these if
set (but some special rules are needed for file-descriptors, which
may use "-1".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The flag-set that was returned is a pointer to the command's Flags(), which
is in itself passed by reference (as it is modified / set up).
This patch removes the flags return, to prevent assuming it's different than
the command's flags.
While SetupRootCommand is exported, a search showed that it's only used internally,
so changing the signature should not be a problem.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This flag was kept separate from the other flags, because at the time, the
CLI code and Daemon code still used the same codebase, and shared some parts.
This option only applied to the `docker` CLI, and thus was kept separate when
migrating to Cobra in 0452ff5a4d
Now that this code is only used for the CLI (and plugins), we can move this
flag together with the other flags.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a const to allow documenting the environment variable in code. The location
of this const is a bit "unfortunate", due to CLI and Client-config to be spread
over the cli/config, cli/config/configfile, and docker/docker/client packages
(some options are for the client, others for the CLI), and some reorganizing
may be useful for easier consumption.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit 8a30653ed5 introduced a sync.Once
to allow for the config-directory (and home-dir) to be looked up lazily
instead of in an `init()`.
However, the package-level `configDir` variable can be set through two
separate paths; implicitly (through `config.Dir()`), and explicitly,
through `config.SetDir()`. The existing code had no synchronisation for
this, which could lead to a potential race-condition (code requesting
`config.Dir()` and code setting a custom path through `config.SetDir()`).
This patch adds synchronisation by triggering the `sync.Once` as part of
`config.SetDir()` to prevent it being triggered later (overwriting the
value that was set). It also restores the `resetConfigDir()` utility that
was removed in 379122b033, to allow resetting
the `sync.Once` for this test.
In general, we should get rid of this package-level variable, and store
it as a config on the client (passing the option to locations where its
used instead).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
support for kubernetes contexts was deprecated in docker 20.10 through
b639ea8b89, 0793f96394,
and 1d37fb3027, and removed altoghether in
23.0 through 193ede9b12.
This patch removes the remaining stubs for options that were deprecated
and no longer used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
More things to be done after this, to allow passing a custom user-agent,
but let's start with just using this utility.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.20.5 (released 2023-06-06) includes four security fixes to the cmd/go and
runtime packages, as well as bug fixes to the compiler, the go command, the
runtime, and the crypto/rsa, net, and os packages. See the Go 1.20.5 milestone
on our issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.20.5+label%3ACherryPickApproved
full diff: https://github.com/golang/go/compare/go1.20.4...go1.20.5
These minor releases include 3 security fixes following the security policy:
- cmd/go: cgo code injection
The go command may generate unexpected code at build time when using cgo. This
may result in unexpected behavior when running a go program which uses cgo.
This may occur when running an untrusted module which contains directories with
newline characters in their names. Modules which are retrieved using the go command,
i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e.
GO111MODULE=off, may be affected).
Thanks to Juho Nurminen of Mattermost for reporting this issue.
This is CVE-2023-29402 and Go issue https://go.dev/issue/60167.
- runtime: unexpected behavior of setuid/setgid binaries
The Go runtime didn't act any differently when a binary had the setuid/setgid
bit set. On Unix platforms, if a setuid/setgid binary was executed with standard
I/O file descriptors closed, opening any files could result in unexpected
content being read/written with elevated prilieges. Similarly if a setuid/setgid
program was terminated, either via panic or signal, it could leak the contents
of its registers.
Thanks to Vincent Dehors from Synacktiv for reporting this issue.
This is CVE-2023-29403 and Go issue https://go.dev/issue/60272.
- cmd/go: improper sanitization of LDFLAGS
The go command may execute arbitrary code at build time when using cgo. This may
occur when running "go get" on a malicious module, or when running any other
command which builds untrusted code. This is can by triggered by linker flags,
specified via a "#cgo LDFLAGS" directive.
Thanks to Juho Nurminen of Mattermost for reporting this issue.
This is CVE-2023-29404 and CVE-2023-29405 and Go issues https://go.dev/issue/60305 and https://go.dev/issue/60306.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Official Golang images are now only available for 3.18 and 3.17;
3.18 doesn't look to play well with gotestsum, so sticking to
an older version.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When passing a Dockerfile through stdin, it's not possible to specify the
name of the Dockerfile (using the `-f` option). When building with BuildKit
enabled, an error is already produced for this case, but the classic builder
silently ignored it.
This patch adds an error for this situation:
echo -e 'FROM busybox' | DOCKER_BUILDKIT=0 docker build -f some.Dockerfile -
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
BuildKit is currently disabled; enable it by removing the DOCKER_BUILDKIT=0
environment-variable.
unable to prepare context: ambiguous Dockerfile source: both stdin and flag correspond to Dockerfiles
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This error was only used in a single location, so no need to define a
package-level variable for this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
All users of this function sorted the results afterwards, so let's
do it as part of the function itself.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This field was marked deprecated in 977d3ae046,
which is part of Docker 20.10 and up.
This patch removes the field.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
commandconn: fix race on `Close()`
During normal operation, if a `Read()` or `Write()` call results
in an EOF, we call `onEOF()` to handle the terminating command,
and store it's exit value.
However, if a Read/Write call was blocked while `Close()` is called
the in/out pipes are immediately closed which causes an EOF to be
returned. Here, we shouldn't call `onEOF()`, since the reason why
we got an EOF is because we're already terminating the connection.
This also prevents a race between two calls to the commands `Wait()`,
in the `Close()` call and `onEOF()`
---
Add CLI init timeout to SSH connections
---
connhelper: add 30s ssh default dialer timeout
(same as non-ssh dialer)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
This code was introduced in 15aa2a663b,
but from those changes, it appears that overwriting the config value was
merely out of convenience, and that struct being used as an intermediate.
While changing the config here should be mostly ephemeral, and not written
back to the config-file, let's be clear on intent, and not mutatte the config
as part of this code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function returned the whole response, but we already handled the
warnings included in the response as part of the function. All consumers
of this function only used the container-ID, so let's simplify and return
just that (it's a non-exported func, so we can change the signature again
if we really need it).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a const for the name of the environment-variable we accept, so
that we can document its purpose in code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use the default proxy, to assist with vanity domains mis-behaving, but keep
a fallback for situations where we need to get modules from GitHub directly.
This should hopefully help with the gopkg.in/yaml.v2 domain often going AWOL;
#14 245.9 gopkg.in/yaml.v2@v2.4.0: unrecognized import path "gopkg.in/yaml.v2": reading https://gopkg.in/yaml.v2?go-get=1: 502 Bad Gateway
#14 245.9 server response: Cannot obtain refs from GitHub: cannot talk to GitHub: Get https://github.com/go-yaml/yaml.git/info/refs?service=git-upload-pack: write tcp 10.131.9.188:60820->140.82.121.3:443: write: broken pipe
curl 'https://gopkg.in/yaml.v2?go-get=1'
Cannot obtain refs from GitHub: cannot talk to GitHub: Get https://github.com/go-yaml/yaml.git/info/refs?service=git-upload-pack: write tcp 10.131.9.188:60820->140.82.121.3:443: write: broken pipe
From the Go documentation; https://go.dev/ref/mod#goproxy-protocol
> List elements may be separated by commas (,) or pipes (|), which determine error
> fallback behavior. When a URL is followed by a comma, the go command falls back
> to later sources only after a 404 (Not Found) or 410 (Gone) response. When a URL
> is followed by a pipe, the go command falls back to later sources after any error,
> including non-HTTP errors such as timeouts. This error handling behavior lets a
> proxy act as a gatekeeper for unknown modules. For example, a proxy could respond
> with error 403 (Forbidden) for modules not on an approved list (see Private proxy
> serving private modules).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
the "golang.org/x/sys/execabs" package was introduced to address a security
issue on Windows, and changing the default behavior of os/exec was considered
a breaking change. go1.19 applied the behavior that was previously implemented
in the execabs package;
from the release notes: https://go.dev/doc/go1.19#os-exec-path
> Command and LookPath no longer allow results from a PATH search to be found
> relative to the current directory. This removes a common source of security
> problems but may also break existing programs that depend on using, say,
> exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe)
> in the current directory. See the os/exec package documentation for information
> about how best to update such programs.
>
> On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath
> environment variable, making it possible to disable the default implicit search
> of “.” in PATH lookups on Windows systems.
With those changes, we no longer need to use the execabs package, and we can
switch back to os/exec.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit c846428cb6 added proxies to the
example `daemon.json`, based on the implementation that was added in
427c7cc5f8.
However, a follow-up pull request changed the proxy-configuration in`daemon.json`
to nest the configuration in a "proxies" struct, and the documentation was
not updated accordingly; see:
101dafd049
This patch fixes the example.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The AuFS and (legacy) overlay storage drivers have been deprecated and
removed, so remove them from the completion scripts.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The AuFS storage driver was deprecated and has been removed, so let's
update the test-fixtures accordingly.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit de8b696ed6 removed the patch
releases from the deprecation doc, but when we switched to the
SemVer(ish) format for v23.0, we accidentally added them back.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
None of the client will return the old error-types, so there's no need
to keep the compatibility code. We can consider deprecating this function
in favor of the errdefs equivalent this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `~/.dockercfg` file was replaced by `~/.docker/config.json` in 2015
(github.com/docker/docker/commit/18c9b6c6455f116ae59cde8544413b3d7d294a5e).
Commit b83bc67136 (v23.0.0, but backported to
v20.10) added a warning if no "current" config file was found but a legacy
file was, and if the CLI would fall back to using the deprecated file.
Commit ee218fa89e removed support for the
legacy file, but kept a warning in place if a legacy file was in place,
and now ignored.
This patch removes the warning as well, fully deprecating the legacy
`~/.dockercfg` file.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This FIXME was added in 2013 in c72ff318d3
and it's both unclear which "internal golang config parser" is referred to
here. Given that 10 Years have passed, this will unlikely happen, and doesn't
warrant a FIXME here.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was deprecated in b87ed34351,
which is part of the v24.0 release, so we can remove it from master.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were deprecated in f08252c10a, which
is part of the v24.0 release, so we can remove these on master.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This field was marked deprecated in 977d3ae046,
which is part of v20.10 and up, but the comment was missing a newline before
the deprecation message, which may be picked up by IDEs, but is not matching
the correct format, so may not be picked up by linters.
This patch fixes the format, to make sure linters pick up that the field is
deprecated.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
defaultCredentialsStore() on Linux does an exec.LookPath() for "pass", but
if a custom credential-store is passed to DetectDefaultStore, the result
of that won't be used.
This patch changes the logic to return early if a custom credential-store
is passed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Code in methods of this type also used the Client, and having this receiver
named "c" made it easy to confuse it for referring to Client ("c").
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is a partial revert of 389ada7188, which
switched from os/exec to the golang.org/x/sys/execabs package to mitigate
security issues (mainly on Windows) with lookups resolving to binaries in the
current directory.
from the go1.19 release notes https://go.dev/doc/go1.19#os-exec-path
> ## PATH lookups
>
> Command and LookPath no longer allow results from a PATH search to be found
> relative to the current directory. This removes a common source of security
> problems but may also break existing programs that depend on using, say,
> exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) in
> the current directory. See the os/exec package documentation for information
> about how best to update such programs.
>
> On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath
> environment variable, making it possible to disable the default implicit search
> of “.” in PATH lookups on Windows systems.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cmd.Environ() is new in go1.19, and not needed for this specific case.
Without this, trying to use this package in code that uses go1.18 will fail;
builder/remotecontext/git/gitutils.go:216:23: cmd.Environ undefined (type *exec.Cmd has no field or method Environ)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Setting cmd.Env overrides the default of passing through the parent
process' environment, which works out fine most of the time, except when
it doesn't. For whatever reason, leaving out all the environment causes
git-for-windows sh.exe subprocesses to enter an infinite loop of
access violations during Cygwin initialization in certain environments
(specifically, our very own dev container image).
Signed-off-by: Cory Snider <csnider@mirantis.com>
While it is undesirable for the system or user git config to be used
when the daemon clones a Git repo, it could break workflows if it was
unconditionally applied to docker/cli as well.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Prevent git commands we run from reading the user or system
configuration, or cloning submodules from the local filesystem.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Keep It Simple! Set the working directory for git commands by...setting
the git process's working directory. Git commands can be run in the
parent process's working directory by passing the empty string.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Make the test more debuggable by logging all git command output and
running each table-driven test case as a subtest.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Older versions of Go don't format comments, so committing this as
a separate commit, so that we can already make these changes before
we upgrade to Go 1.19.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Simplify some of the logic, and add documentation about the package,
as well as warnings that this package should not be used as a general-
purpose utility.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
pkg/urlutil (despite its poorly chosen name) is not really intended as a generic
utility to handle URLs, and should only be used by the builder to handle (remote)
build contexts.
- IsURL() only does a very rudimentary check for http(s):// prefixes, without any
other validation, but due to its name may give incorrect expectations.
- IsGitURL() is written specifically with docker build remote git contexts in
mind, and has handling for backward-compatibility, where strings that are
not URLs, but start with "github.com/" are accepted.
Because of the above, this patch:
- moves the package inside builder/remotecontext, close to where it's intended
to be used (ideally this would be part of build/remotecontext itself, but this
package imports many other dependencies, which would introduce those as extra
dependencies in the CLI).
- deprecates pkg/urlutil, but adds aliases as there are some external consumers.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The io/ioutil package has been deprecated in Go 1.16. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
urlutil.IsUrl() was merely checking if the url had a http(s)://
prefix, which is just as well handled through using url.Parse()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was only used inside gitutils,
and is written specifically for the requirements
there.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`docker build` accepts remote repositories
using either the `git://` notation, or `git@`.
Docker attempted to parse both as an URL, however,
`git@` is not an URL, but an argument to `git clone`.
Go 1.7 silently ignored this, and managed to
extract the needed information from these
remotes, however, Go 1.8 does a more strict
validation, and invalidated these.
This patch adds a different path for `git@` remotes,
to prevent them from being handled as URL (and
invalidated).
A test is also added, because there were no
tests for handling of `git@` remotes.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
# Default to 'contents: read', which grants actions to read commits.
#
# If any permission is set, any permission not included in the list is
# implicitly set to "none".
#
# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents:read
concurrency:
group:${{ github.workflow }}-${{ github.ref }}
cancel-in-progress:true
@ -10,30 +19,29 @@ on:
branches:
- 'master'
- '[0-9]+.[0-9]+'
- '[0-9]+.x'
tags:
- 'v*'
pull_request:
jobs:
ctn:
runs-on:ubuntu-20.04
runs-on:ubuntu-24.04
steps:
-
name:Checkout
uses:actions/checkout@v3
-
name:Set up Docker Buildx
uses:docker/setup-buildx-action@v2
uses:docker/setup-buildx-action@v3
-
name:Test
uses:docker/bake-action@v3
uses:docker/bake-action@v6
with:
targets:test-coverage
-
name:Send to Codecov
uses:codecov/codecov-action@v3
uses:codecov/codecov-action@v5
with:
file:./build/coverage/coverage.txt
files:./build/coverage/coverage.txt
token:${{ secrets.CODECOV_TOKEN }}
host:
runs-on:${{ matrix.os }}
@ -45,35 +53,32 @@ jobs:
fail-fast:false
matrix:
os:
- macos-11
- macos-14 # macOS 14 on arm64 (Apple Silicon M1)
- macos-15-intel # macOS 15 on Intel
- macos-15 # macOS 15 on arm64 (Apple Silicon M1)
# - windows-2022 # FIXME: some tests are failing on the Windows runner, as well as on Appveyor since June 24, 2018: https://ci.appveyor.com/project/docker/cli/history
steps:
-
name:Prepare git
if:matrix.os == 'windows-latest'
run:|
git config --system core.autocrlf false
git config --system core.eol lf
-
name:Checkout
uses:actions/checkout@v3
uses:actions/checkout@v5
with:
path:${{ env.GOPATH }}/src/github.com/docker/cli
-
name:Set up Go
uses:actions/setup-go@v4
uses:actions/setup-go@v6
with:
go-version:1.20.4
go-version:"1.25.4"
-
name:Test
run:|
go test -coverprofile=/tmp/coverage.txt $(go list ./... | grep -vE '/vendor/|/e2e/')
go test -coverprofile=/tmp/coverage.txt $(go list ./... | grep -vE '/vendor/|/e2e/|/cmd/docker-trust')
- G306 # G306:Expect WriteFile permissions to be 0600 or less (too restrictive; also flags "0o644" permissions)
- G307 # G307:Deferring unsafe method "*os.File" on type "Close" (also EXC0008); (TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close")
exclude-rules:
# We prefer to use an "exclude-list" so that new "default" exclusions are not
govet:
enable:
- shadow
settings:
shadow:
strict:true
lll:
line-length:200
importas:
# Do not allow unaliased imports of aliased packages.
no-unaliased:true
alias:
# Should no longer be aliased, because we no longer allow moby/docker errdefs.
os-chdir: false # FIXME(thaJeztah):Disable `os.Chdir()` detections; should be automatically disabled on Go < 1.24; see https://github.com/docker/cli/pull/5835#issuecomment-2665302478
context-background: false # FIXME(thaJeztah):Disable `context.Background()` detections; should be automatically disabled on Go < 1.24; see https://github.com/docker/cli/pull/5835#issuecomment-2665302478
context-todo: false # FIXME(thaJeztah):Disable `context.TODO()` detections; should be automatically disabled on Go < 1.24; see https://github.com/docker/cli/pull/5835#issuecomment-2665302478
exclusions:
# We prefer to use an "linters.exclusions.rules" so that new "default" exclusions are not
# automatically inherited. We can decide whether or not to follow upstream
# defaults when updating golang-ci-lint versions.
# Unfortunately, this means we have to copy the whole exclusion pattern, as
# (unlike the "include" option), the "exclude" option does not take exclusion
# ID's.
#
# These exclusion patterns are copied from the default excluses at:
Security reports are greatly appreciated and we will publicly thank you for it.
@ -43,7 +39,7 @@ If you find a match, you can use the "subscribe" button to get notified on
updates. Do *not* leave random "+1" or "I have this too" comments, as they
only clutter the discussion, and don't help resolving it. However, if you
have ways to reproduce the issue or have additional information that may help
resolving the issue, please leave a comment.
resolving the issue, leave a comment.
When reporting issues, always include:
@ -70,7 +66,7 @@ anybody starts working on it.
We are always thrilled to receive pull requests. We do our best to process them
quickly. If your pull request is not accepted on the first try,
don't get discouraged! Our contributor's guide explains [the review process we
use for simple changes](https://docs.docker.com/opensource/workflow/make-a-contribution/).
use for simple changes](https://github.com/docker/docker/blob/master/project/REVIEWING.md).
### Talking to other Docker users and contributors
@ -88,7 +84,7 @@ use for simple changes](https://docs.docker.com/opensource/workflow/make-a-contr
<tr>
<td>Community Slack</td>
<td>
The Docker Community has a dedicated Slack chat to discuss features and issues. You can sign-up <ahref="https://dockr.ly/slack"target="_blank">with this link</a>.
The Docker Community has a dedicated Slack chat to discuss features and issues. You can sign-up <ahref="https://dockr.ly/comm-slack"target="_blank">with this link</a>.
</td>
</tr>
<tr>
@ -128,8 +124,8 @@ submitting a pull request.
Update the documentation when creating or modifying features. Test your
documentation changes for clarity, concision, and correctness, as well as a
clean documentation build. See our contributors guide for [our style
guide](https://docs.docker.com/opensource/doc-style) and instructions on [building
the documentation](https://docs.docker.com/opensource/project/test-and-docs/#build-and-test-the-documentation).
guide](https://docs.docker.com/contribute/style/grammar/) and instructions on [building
the documentation](https://docs.docker.com/contribute/).
test-unit:## run unit tests, to change the output format use: GOTESTSUM_FORMAT=(dots|short|standard-quiet|short-verbose|standard-verbose) make test-unit
gotestsum -- $${TESTDIRS:-$(shell go list ./... | grep -vE '/vendor/|/e2e/')}$(TESTFLAGS)
gotestsum -- $${TESTDIRS:-$(shell go list ./... | grep -vE '/vendor/|/e2e/|/cmd/docker-trust')}$(TESTFLAGS)
.PHONY:test-coverage
test-coverage:## run test coverage
mkdir -p $(CURDIR)/build/coverage
gotestsum -- $(shell go list ./... | grep -vE '/vendor/|/e2e/') -coverprofile=$(CURDIR)/build/coverage/coverage.txt
gotestsum -- $(shell go list ./... | grep -vE '/vendor/|/e2e/|/cmd/docker-trust') -coverprofile=$(CURDIR)/build/coverage/coverage.txt
.PHONY:lint
lint:## run all the lint tools
@ -52,7 +52,7 @@ shellcheck: ## run shellcheck validation
.PHONY:fmt
fmt:## run gofumpt (if present) or gofmt
@if command -v gofumpt > /dev/null;then\
gofumpt -w -d -lang=1.19 . ;\
gofumpt -w -d -lang=1.24 . ;\
else\
go list -f {{.Dir}} ./... | xargs gofmt -w -s -d ;\
returnexec.Command(c.path,metadata.MetadataSubcommandName).Output()// #nosec G204 -- ignore "Subprocess launched with a potential tainted input or cmd arguments"
{name:"builtin alias",c:&fakeCandidate{path:builtinAlias},invalid:`plugin "alias" duplicates an alias of builtin command "builtin"`},
{name:"fetch failure",c:&fakeCandidate{path:goodPluginPath,exec:false},invalid:fmt.Sprintf("failed to fetch metadata: faked a failure to exec %q",goodPluginPath)},
{name:"metadata not json",c:&fakeCandidate{path:goodPluginPath,exec:true,meta:`xyzzy`},invalid:"invalid character"},
{name:"empty schemaversion",c:&fakeCandidate{path:goodPluginPath,exec:true,meta:`{}`},invalid:`plugin SchemaVersion "" is not valid`},
{name:"invalid schemaversion",c:&fakeCandidate{path:goodPluginPath,exec:true,meta:`{"SchemaVersion": "xyzzy"}`},invalid:`plugin SchemaVersion "xyzzy" is not valid`},
{name:"no vendor",c:&fakeCandidate{path:goodPluginPath,exec:true,meta:`{"SchemaVersion": "0.1.0"}`},invalid:"plugin metadata does not define a vendor"},
{name:"empty vendor",c:&fakeCandidate{path:goodPluginPath,exec:true,meta:`{"SchemaVersion": "0.1.0", "Vendor": ""}`},invalid:"plugin metadata does not define a vendor"},
returnnil,wrapAsPluginError(err,"failed to marshall hook data")
}
pCmd:=exec.CommandContext(ctx,p.Path,p.Name,metadata.HookSubcommandName,string(hDataBytes))// #nosec G204 -- ignore "Subprocess launched with a potential tainted input or cmd arguments"
// FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16:
//go:build go1.24
packagecontainer
import(
"strings"
"sync"
"github.com/docker/cli/cli/command/completion"
"github.com/moby/moby/api/types/container"
"github.com/moby/moby/client"
"github.com/moby/sys/capability"
"github.com/moby/sys/signal"
"github.com/spf13/cobra"
)
// allCaps is the magic value for "all capabilities".
constallCaps="ALL"
// allLinuxCapabilities is a list of all known Linux capabilities.
//
// TODO(thaJeztah): add descriptions, and enable descriptions for our completion scripts (cobra.CompletionOptions.DisableDescriptions is currently set to "true")
// TODO(thaJeztah): consider what casing we want to use for completion (see below);
//
// We need to consider what format is most convenient; currently we use the
// canonical name (uppercase and "CAP_" prefix), however, tab-completion is
// case-sensitive by default, so requires the user to type uppercase letters
// to filter the list of options.
//
// Bash completion provides a `completion-ignore-case on` option to make completion
// case-insensitive (https://askubuntu.com/a/87066), but it looks to be a global
// option; the current cobra.CompletionOptions also don't provide this as an option
// to be used in the generated completion-script.
//
// Fish completion has `smartcase` (by default?) which matches any case if
// all of the input is lowercase.
//
// Zsh does not appear have a dedicated option, but allows setting matching-rules
// restartPolicies is a list of all valid restart-policies..
//
// TODO(thaJeztah): add descriptions, and enable descriptions for our completion scripts (cobra.CompletionOptions.DisableDescriptions is currently set to "true")
varrestartPolicies=[]string{
string(container.RestartPolicyDisabled),
string(container.RestartPolicyAlways),
string(container.RestartPolicyOnFailure),
string(container.RestartPolicyUnlessStopped),
}
// addCompletions adds the completions that `run` and `create` have in common.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
