Merge pull request #4696 from thaJeztah/23.0_update_golang_1.20.12

[23.0] update to go1.20.12

.github/workflows/build.yml

@@ -22,7 +22,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
       -
         name: Create matrix
         id: platforms
@@ -50,7 +50,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       -
@@ -93,7 +93,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
       -
         name: Create matrix
         id: platforms
@@ -115,7 +115,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2

.github/workflows/codeql-analysis.yml

@@ -19,7 +19,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
         with:
           fetch-depth: 2
       -

.github/workflows/e2e.yml

@@ -36,7 +36,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
       -
         name: Update daemon.json
         run: |

.github/workflows/test.yml

@@ -20,7 +20,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
@@ -56,14 +56,14 @@ jobs:
           git config --system core.eol lf
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
         with:
           path: ${{ env.GOPATH }}/src/github.com/docker/cli
       -
         name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.20.10
+          go-version: 1.20.12
       -
         name: Test
         run: |

.github/workflows/validate.yml

@@ -28,7 +28,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
       -
         name: Run
         uses: docker/bake-action@v3
@@ -41,7 +41,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
       -
         name: Generate
         shell: 'script --return --quiet --command "bash {0}"'
@@ -67,7 +67,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
       -
         name: Run
         shell: 'script --return --quiet --command "bash {0}"'

.golangci.yml

@@ -32,11 +32,12 @@ run:
 
 linters-settings:
   depguard:
-    rules:
-      main:
-        deny:
-          - pkg: io/ioutil
-            desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil
+    list-type: blacklist
+    include-go-root: true
+    packages:
+      # The io/ioutil package has been deprecated.
+      # https://go.dev/doc/go1.16#ioutil
+      - io/ioutil
   gocyclo:
     min-complexity: 16
   govet:

CONTRIBUTING.md

@@ -192,7 +192,7 @@ For more details, see the [MAINTAINERS](MAINTAINERS) page.
 The sign-off is a simple line at the end of the explanation for the patch. Your
 signature certifies that you wrote the patch or otherwise have the right to pass
 it on as an open-source patch. The rules are pretty simple: if you can certify
-the below (from [developercertificate.org](https://developercertificate.org):
+the below (from [developercertificate.org](http://developercertificate.org/)):
 
 ```
 Developer Certificate of Origin
@@ -336,8 +336,9 @@ The rules:
 1. All code should be formatted with `gofumpt` (preferred) or `gofmt -s`.
 2. All code should pass the default levels of
    [`golint`](https://github.com/golang/lint).
-3. All code should follow the guidelines covered in [Effective Go](https://go.dev/doc/effective_go)
-   and [Go Code Review Comments](https://github.com/golang/go/wiki/CodeReviewComments).
+3. All code should follow the guidelines covered in [Effective
+   Go](http://golang.org/doc/effective_go.html) and [Go Code Review
+   Comments](https://github.com/golang/go/wiki/CodeReviewComments).
 4. Comment the code. Tell us the why, the history and the context.
 5. Document _all_ declarations and methods, even private ones. Declare
    expectations, caveats and anything else that may be important. If a type
@@ -359,6 +360,6 @@ The rules:
     guidelines. Since you've read all the rules, you now know that.
 
 If you are having trouble getting into the mood of idiomatic Go, we recommend
-reading through [Effective Go](https://go.dev/doc/effective_go). The
-[Go Blog](https://go.dev/blog/) is also a great resource. Drinking the
+reading through [Effective Go](https://golang.org/doc/effective_go.html). The
+[Go Blog](https://blog.golang.org) is also a great resource. Drinking the
 kool-aid is a lot easier than going thirsty.

Dockerfile

@@ -1,19 +1,17 @@
 # syntax=docker/dockerfile:1
 
 ARG BASE_VARIANT=alpine
-ARG GO_VERSION=1.20.10
+ARG GO_VERSION=1.20.12
 ARG ALPINE_VERSION=3.17
-ARG XX_VERSION=1.2.1
+ARG XX_VERSION=1.1.1
 ARG GOVERSIONINFO_VERSION=v1.3.0
 ARG GOTESTSUM_VERSION=v1.10.0
 ARG BUILDX_VERSION=0.11.2
-ARG COMPOSE_VERSION=v2.22.0
 
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
 
 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS build-base-alpine
-ENV GOTOOLCHAIN=local
-COPY --link --from=xx / /
+COPY --from=xx / /
 RUN apk add --no-cache bash clang lld llvm file git
 WORKDIR /go/src/github.com/docker/cli
 
@@ -23,8 +21,7 @@ ARG TARGETPLATFORM
 RUN xx-apk add --no-cache musl-dev gcc
 
 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-bullseye AS build-base-bullseye
-ENV GOTOOLCHAIN=local
-COPY --link --from=xx / /
+COPY --from=xx / /
 RUN apt-get update && apt-get install --no-install-recommends -y bash clang lld llvm file
 WORKDIR /go/src/github.com/docker/cli
 
@@ -43,13 +40,13 @@ FROM build-base-${BASE_VARIANT} AS goversioninfo
 ARG GOVERSIONINFO_VERSION
 RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,target=/go/pkg/mod \
-    GOBIN=/out GO111MODULE=on CGO_ENABLED=0 go install "github.com/josephspurrier/goversioninfo/cmd/goversioninfo@${GOVERSIONINFO_VERSION}"
+    GOBIN=/out GO111MODULE=on go install "github.com/josephspurrier/goversioninfo/cmd/goversioninfo@${GOVERSIONINFO_VERSION}"
 
 FROM build-base-${BASE_VARIANT} AS gotestsum
 ARG GOTESTSUM_VERSION
 RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,target=/go/pkg/mod \
-    GOBIN=/out GO111MODULE=on CGO_ENABLED=0 go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \
+    GOBIN=/out GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \
     && /out/gotestsum --version
 
 FROM build-${BASE_VARIANT} AS build
@@ -65,7 +62,7 @@ ARG CGO_ENABLED
 ARG VERSION
 # PACKAGER_NAME sets the company that produced the windows binary
 ARG PACKAGER_NAME
-COPY --link --from=goversioninfo /out/goversioninfo /usr/bin/goversioninfo
+COPY --from=goversioninfo /out/goversioninfo /usr/bin/goversioninfo
 # in bullseye arm64 target does not link with lld so configure it to use ld instead
 RUN [ ! -f /etc/alpine-release ] && xx-info is-cross && [ "$(xx-info arch)" = "arm64" ] && XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple || true
 RUN --mount=type=bind,target=.,ro \
@@ -79,7 +76,7 @@ RUN --mount=type=bind,target=.,ro \
     xx-verify $([ "$GO_LINKMODE" = "static" ] && echo "--static") /out/docker
 
 FROM build-${BASE_VARIANT} AS test
-COPY --link --from=gotestsum /out/gotestsum /usr/bin/gotestsum
+COPY --from=gotestsum /out/gotestsum /usr/bin/gotestsum
 ENV GO111MODULE=auto
 RUN --mount=type=bind,target=.,rw \
     --mount=type=cache,target=/root/.cache \
@@ -101,34 +98,35 @@ RUN --mount=ro --mount=type=cache,target=/root/.cache \
     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
 
 FROM build-base-alpine AS e2e-base-alpine
-RUN apk add --no-cache build-base curl openssl openssh-client
+RUN apk add --no-cache build-base curl docker-compose openssl openssh-client
 
 FROM build-base-bullseye AS e2e-base-bullseye
 RUN apt-get update && apt-get install -y build-essential curl openssl openssh-client
+ARG COMPOSE_VERSION=1.29.2
+RUN curl -fsSL https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose && \
+    chmod +x /usr/local/bin/docker-compose
 
-FROM docker/buildx-bin:${BUILDX_VERSION}   AS buildx
-FROM docker/compose-bin:${COMPOSE_VERSION} AS compose
+FROM docker/buildx-bin:${BUILDX_VERSION} AS buildx
 
 FROM e2e-base-${BASE_VARIANT} AS e2e
 ARG NOTARY_VERSION=v0.6.1
 ADD --chmod=0755 https://github.com/theupdateframework/notary/releases/download/${NOTARY_VERSION}/notary-Linux-amd64 /usr/local/bin/notary
-COPY --link e2e/testdata/notary/root-ca.cert /usr/share/ca-certificates/notary.cert
+COPY e2e/testdata/notary/root-ca.cert /usr/share/ca-certificates/notary.cert
 RUN echo 'notary.cert' >> /etc/ca-certificates.conf && update-ca-certificates
-COPY --link --from=gotestsum /out/gotestsum /usr/bin/gotestsum
-COPY --link --from=build /out ./build/
-COPY --link --from=build-plugins /out ./build/
-COPY --link --from=buildx  /buildx         /usr/libexec/docker/cli-plugins/docker-buildx
-COPY --link --from=compose /docker-compose /usr/libexec/docker/cli-plugins/docker-compose
-COPY --link . .
+COPY --from=gotestsum /out/gotestsum /usr/bin/gotestsum
+COPY --from=build /out ./build/
+COPY --from=build-plugins /out ./build/
+COPY --from=buildx /buildx /usr/libexec/docker/cli-plugins/docker-buildx
+COPY . .
 ENV DOCKER_BUILDKIT=1
 ENV PATH=/go/src/github.com/docker/cli/build:$PATH
 CMD ./scripts/test/e2e/entry
 
 FROM build-base-${BASE_VARIANT} AS dev
-COPY --link . .
-
-FROM scratch AS plugins
-COPY --from=build-plugins /out .
+COPY . .
 
 FROM scratch AS binary
 COPY --from=build /out .
+
+FROM scratch AS plugins
+COPY --from=build-plugins /out .

MAINTAINERS

@@ -49,9 +49,9 @@
 
 		people = [
 			"bsousaa",
-			"neersighted",
 			"programmerq",
 			"sam-thibault",
+			"thajeztah",
 			"vvoland"
 		]
 
@@ -103,11 +103,6 @@
 	Email = "nicolas.deloof@gmail.com"
 	GitHub = "ndeloof"
 
-	[people.neersighted]
-	Name = "Bjorn Neergaard"
-	Email = "bneergaard@mirantis.com"
-	GitHub = "neersighted"
-
 	[people.programmerq]
 	Name = "Jeff Anderson"
 	Email = "jeff@docker.com"

VERSION

@@ -1 +1 @@
-24.0.0-dev
+23.0.0-dev

cli/cobra.go

@@ -426,7 +426,7 @@ func invalidPluginReason(cmd *cobra.Command) string {
 	return cmd.Annotations[pluginmanager.CommandAnnotationPluginInvalid]
 }
 
-const usageTemplate = `Usage:
+var usageTemplate = `Usage:
 
 {{- if not .HasSubCommands}}  {{.UseLine}}{{end}}
 {{- if .HasSubCommands}}  {{ .CommandPath}}{{- if .HasAvailableFlags}} [OPTIONS]{{end}} COMMAND{{end}}
@@ -525,5 +525,5 @@ Run '{{.CommandPath}} COMMAND --help' for more information on a command.
 {{- end}}
 `
 
-const helpTemplate = `
+var helpTemplate = `
 {{if or .Runnable .HasSubCommands}}{{.UsageString}}{{end}}`

cli/command/cli.go

@@ -8,6 +8,7 @@ import (
 	"path/filepath"
 	"runtime"
 	"strconv"
+	"strings"
 	"sync"
 	"time"
 
@@ -47,7 +48,9 @@ type Streams interface {
 // Cli represents the docker command line client.
 type Cli interface {
 	Client() client.APIClient
-	Streams
+	Out() *streams.Out
+	Err() io.Writer
+	In() *streams.In
 	SetIn(in *streams.In)
 	Apply(ops ...DockerCliOption) error
 	ConfigFile() *configfile.ConfigFile
@@ -188,7 +191,7 @@ func (cli *DockerCli) ManifestStore() manifeststore.Store {
 // RegistryClient returns a client for communicating with a Docker distribution
 // registry
 func (cli *DockerCli) RegistryClient(allowInsecure bool) registryclient.RegistryClient {
-	resolver := func(ctx context.Context, index *registry.IndexInfo) registry.AuthConfig {
+	resolver := func(ctx context.Context, index *registry.IndexInfo) types.AuthConfig {
 		return ResolveAuthConfig(ctx, cli, index)
 	}
 	return registryclient.NewRegistryClient(resolver, UserAgent(), allowInsecure)
@@ -326,8 +329,13 @@ func (cli *DockerCli) getInitTimeout() time.Duration {
 
 func (cli *DockerCli) initializeFromClient() {
 	ctx := context.Background()
-	ctx, cancel := context.WithTimeout(ctx, cli.getInitTimeout())
-	defer cancel()
+	if !strings.HasPrefix(cli.dockerEndpoint.Host, "ssh://") {
+		// @FIXME context.WithTimeout doesn't work with connhelper / ssh connections
+		// time="2020-04-10T10:16:26Z" level=warning msg="commandConn.CloseWrite: commandconn: failed to wait: signal: killed"
+		var cancel func()
+		ctx, cancel = context.WithTimeout(ctx, cli.getInitTimeout())
+		defer cancel()
+	}
 
 	ping, err := cli.client.Ping(ctx)
 	if err != nil {
@@ -375,7 +383,7 @@ func (cli *DockerCli) ContextStore() store.Store {
 // the "default" context is used if:
 //
 //   - The "--host" option is set
-//   - The "DOCKER_HOST" ([client.EnvOverrideHost]) environment variable is set
+//   - The "DOCKER_HOST" ([DefaultContextName]) environment variable is set
 //     to a non-empty value.
 //
 // In these cases, the default context is used, which uses the host as

cli/command/completion/functions.go

@@ -6,7 +6,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/volume"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/spf13/cobra"
 )
 
@@ -66,13 +66,13 @@ func ContainerNames(dockerCli command.Cli, all bool, filters ...func(types.Conta
 // VolumeNames offers completion for volumes
 func VolumeNames(dockerCli command.Cli) ValidArgsFn {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		list, err := dockerCli.Client().VolumeList(cmd.Context(), volume.ListOptions{})
+		list, err := dockerCli.Client().VolumeList(cmd.Context(), filters.Args{})
 		if err != nil {
 			return nil, cobra.ShellCompDirectiveError
 		}
 		var names []string
-		for _, vol := range list.Volumes {
-			names = append(names, vol.Name)
+		for _, volume := range list.Volumes {
+			names = append(names, volume.Name)
 		}
 		return names, cobra.ShellCompDirectiveNoFileComp
 	}

cli/command/container/cp.go

@@ -209,7 +209,7 @@ func resolveLocalPath(localPath string) (absPath string, err error) {
 	if absPath, err = filepath.Abs(localPath); err != nil {
 		return
 	}
-	return archive.PreserveTrailingDotOrSeparator(absPath, localPath), nil
+	return archive.PreserveTrailingDotOrSeparator(absPath, localPath, filepath.Separator), nil
 }
 
 func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpConfig) (err error) {

cli/command/container/create.go

@@ -12,7 +12,6 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/image"
-	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/opts"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
@@ -20,6 +19,7 @@ import (
 	"github.com/docker/docker/api/types/versions"
 	apiclient "github.com/docker/docker/client"
 	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/registry"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -95,16 +95,16 @@ func runCreate(dockerCli command.Cli, flags *pflag.FlagSet, options *createOptio
 		}
 	}
 	copts.env = *opts.NewListOptsRef(&newEnv, nil)
-	containerCfg, err := parse(flags, copts, dockerCli.ServerInfo().OSType)
+	containerConfig, err := parse(flags, copts, dockerCli.ServerInfo().OSType)
 	if err != nil {
 		reportError(dockerCli.Err(), "create", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
-	if err = validateAPIVersion(containerCfg, dockerCli.Client().ClientVersion()); err != nil {
+	if err = validateAPIVersion(containerConfig, dockerCli.Client().ClientVersion()); err != nil {
 		reportError(dockerCli.Err(), "create", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
-	response, err := createContainer(context.Background(), dockerCli, containerCfg, options)
+	response, err := createContainer(context.Background(), dockerCli, containerConfig, options)
 	if err != nil {
 		return err
 	}
@@ -112,27 +112,41 @@ func runCreate(dockerCli command.Cli, flags *pflag.FlagSet, options *createOptio
 	return nil
 }
 
-// FIXME(thaJeztah): this is the only code-path that uses APIClient.ImageCreate. Rewrite this to use the regular "pull" code (or vice-versa).
-func pullImage(ctx context.Context, dockerCli command.Cli, image string, opts *createOptions) error {
-	encodedAuth, err := command.RetrieveAuthTokenFromImage(ctx, dockerCli, image)
+func pullImage(ctx context.Context, dockerCli command.Cli, image string, platform string, out io.Writer) error {
+	ref, err := reference.ParseNormalizedNamed(image)
 	if err != nil {
 		return err
 	}
 
-	responseBody, err := dockerCli.Client().ImageCreate(ctx, image, types.ImageCreateOptions{
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
+	if err != nil {
+		return err
+	}
+
+	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
+	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	if err != nil {
+		return err
+	}
+
+	options := types.ImageCreateOptions{
 		RegistryAuth: encodedAuth,
-		Platform:     opts.platform,
-	})
+		Platform:     platform,
+	}
+
+	responseBody, err := dockerCli.Client().ImageCreate(ctx, image, options)
 	if err != nil {
 		return err
 	}
 	defer responseBody.Close()
 
-	out := dockerCli.Err()
-	if opts.quiet {
-		out = io.Discard
-	}
-	return jsonmessage.DisplayJSONMessagesToStream(responseBody, streams.NewOut(out), nil)
+	return jsonmessage.DisplayJSONMessagesStream(
+		responseBody,
+		out,
+		dockerCli.Out().FD(),
+		dockerCli.Out().IsTerminal(),
+		nil)
 }
 
 type cidFile struct {
@@ -185,10 +199,10 @@ func newCIDFile(path string) (*cidFile, error) {
 }
 
 //nolint:gocyclo
-func createContainer(ctx context.Context, dockerCli command.Cli, containerCfg *containerConfig, opts *createOptions) (*container.CreateResponse, error) {
-	config := containerCfg.Config
-	hostConfig := containerCfg.HostConfig
-	networkingConfig := containerCfg.NetworkingConfig
+func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig *containerConfig, opts *createOptions) (*container.CreateResponse, error) {
+	config := containerConfig.Config
+	hostConfig := containerConfig.HostConfig
+	networkingConfig := containerConfig.NetworkingConfig
 
 	warnOnOomKillDisable(*hostConfig, dockerCli.Err())
 	warnOnLocalhostDNS(*hostConfig, dockerCli.Err())
@@ -213,7 +227,7 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerCfg *c
 
 		if taggedRef, ok := namedRef.(reference.NamedTagged); ok && !opts.untrusted {
 			var err error
-			trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef)
+			trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef, nil)
 			if err != nil {
 				return nil, err
 			}
@@ -222,7 +236,11 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerCfg *c
 	}
 
 	pullAndTagImage := func() error {
-		if err := pullImage(ctx, dockerCli, config.Image, opts); err != nil {
+		pullOut := dockerCli.Err()
+		if opts.quiet {
+			pullOut = io.Discard
+		}
+		if err := pullImage(ctx, dockerCli, config.Image, opts.platform, pullOut); err != nil {
 			return err
 		}
 		if taggedRef, ok := namedRef.(reference.NamedTagged); ok && trustedRef != nil {
@@ -275,8 +293,8 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerCfg *c
 		}
 	}
 
-	for _, w := range response.Warnings {
-		fmt.Fprintf(dockerCli.Err(), "WARNING: %s\n", w)
+	for _, warning := range response.Warnings {
+		fmt.Fprintf(dockerCli.Err(), "WARNING: %s\n", warning)
 	}
 	err = containerIDFile.Write(response.ID)
 	return &response, err

cli/command/container/formatter_diff.go

@@ -3,6 +3,7 @@ package container
 import (
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/archive"
 )
 
 const (
@@ -22,7 +23,7 @@ func NewDiffFormat(source string) formatter.Format {
 }
 
 // DiffFormatWrite writes formatted diff using the Context
-func DiffFormatWrite(ctx formatter.Context, changes []container.FilesystemChange) error {
+func DiffFormatWrite(ctx formatter.Context, changes []container.ContainerChangeResponseItem) error {
 	render := func(format func(subContext formatter.SubContext) error) error {
 		for _, change := range changes {
 			if err := format(&diffContext{c: change}); err != nil {
@@ -36,7 +37,7 @@ func DiffFormatWrite(ctx formatter.Context, changes []container.FilesystemChange
 
 type diffContext struct {
 	formatter.HeaderContext
-	c container.FilesystemChange
+	c container.ContainerChangeResponseItem
 }
 
 func newDiffContext() *diffContext {
@@ -53,7 +54,16 @@ func (d *diffContext) MarshalJSON() ([]byte, error) {
 }
 
 func (d *diffContext) Type() string {
-	return d.c.Kind.String()
+	var kind string
+	switch d.c.Kind {
+	case archive.ChangeModify:
+		kind = "C"
+	case archive.ChangeAdd:
+		kind = "A"
+	case archive.ChangeDelete:
+		kind = "D"
+	}
+	return kind
 }
 
 func (d *diffContext) Path() string {

cli/command/container/formatter_diff_test.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/archive"
 	"gotest.tools/v3/assert"
 )
 
@@ -40,10 +41,10 @@ D: /usr/app/old_app.js
 		},
 	}
 
-	diffs := []container.FilesystemChange{
-		{Kind: container.ChangeModify, Path: "/var/log/app.log"},
-		{Kind: container.ChangeAdd, Path: "/usr/app/app.js"},
-		{Kind: container.ChangeDelete, Path: "/usr/app/old_app.js"},
+	diffs := []container.ContainerChangeResponseItem{
+		{Kind: archive.ChangeModify, Path: "/var/log/app.log"},
+		{Kind: archive.ChangeAdd, Path: "/usr/app/app.js"},
+		{Kind: archive.ChangeDelete, Path: "/usr/app/old_app.js"},
 	}
 
 	for _, tc := range cases {

cli/command/container/list.go

@@ -120,8 +120,6 @@ func runPs(dockerCli command.Cli, options *psOptions) error {
 	if len(options.format) == 0 {
 		// load custom psFormat from CLI config (if any)
 		options.format = dockerCli.ConfigFile().PsFormat
-	} else if options.quiet {
-		_, _ = dockerCli.Err().Write([]byte("WARNING: Ignoring custom format, because both --format and --quiet are set.\n"))
 	}
 
 	listOptions, err := buildContainerListOptions(options)

cli/command/container/list_test.go

@@ -309,22 +309,8 @@ func TestContainerListWithFormat(t *testing.T) {
 			}, nil
 		},
 	})
-
-	t.Run("with format", func(t *testing.T) {
-		cli.OutBuffer().Reset()
-		cmd := newListCommand(cli)
-		assert.Check(t, cmd.Flags().Set("format", "{{ .Names }} {{ .Image }} {{ .Labels }}"))
-		assert.NilError(t, cmd.Execute())
-		golden.Assert(t, cli.OutBuffer().String(), "container-list-with-format.golden")
-	})
-
-	t.Run("with format and quiet", func(t *testing.T) {
-		cli.OutBuffer().Reset()
-		cmd := newListCommand(cli)
-		assert.Check(t, cmd.Flags().Set("format", "{{ .Names }} {{ .Image }} {{ .Labels }}"))
-		assert.Check(t, cmd.Flags().Set("quiet", "true"))
-		assert.NilError(t, cmd.Execute())
-		assert.Equal(t, cli.ErrBuffer().String(), "WARNING: Ignoring custom format, because both --format and --quiet are set.\n")
-		golden.Assert(t, cli.OutBuffer().String(), "container-list-quiet.golden")
-	})
+	cmd := newListCommand(cli)
+	cmd.Flags().Set("format", "{{ .Names }} {{ .Image }} {{ .Labels }}")
+	assert.NilError(t, cmd.Execute())
+	golden.Assert(t, cli.OutBuffer().String(), "container-list-with-format.golden")
 }

cli/command/container/opts.go

@@ -123,7 +123,6 @@ type containerOptions struct {
 	runtime            string
 	autoRemove         bool
 	init               bool
-	annotations        *opts.MapOpts
 
 	Image string
 	Args  []string
@@ -164,7 +163,6 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
 		ulimits:           opts.NewUlimitOpt(nil),
 		volumes:           opts.NewListOpts(nil),
 		volumesFrom:       opts.NewListOpts(nil),
-		annotations:       opts.NewMapOpts(nil, nil),
 	}
 
 	// General purpose flags
@@ -299,10 +297,6 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
 
 	flags.BoolVar(&copts.init, "init", false, "Run an init inside the container that forwards signals and reaps processes")
 	flags.SetAnnotation("init", "version", []string{"1.25"})
-
-	flags.Var(copts.annotations, "annotation", "Add an annotation to the container (passed through to the OCI runtime)")
-	flags.SetAnnotation("annotation", "version", []string{"1.43"})
-
 	return copts
 }
 
@@ -354,10 +348,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 	volumes := copts.volumes.GetMap()
 	// add any bind targets to the list of container volumes
 	for bind := range copts.volumes.GetMap() {
-		parsed, err := loader.ParseVolume(bind)
-		if err != nil {
-			return nil, err
-		}
+		parsed, _ := loader.ParseVolume(bind)
 
 		if parsed.Source != "" {
 			toBind := bind
@@ -663,7 +654,6 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		Mounts:         mounts,
 		MaskedPaths:    maskedPaths,
 		ReadonlyPaths:  readonlyPaths,
-		Annotations:    copts.annotations.GetAll(),
 	}
 
 	if copts.autoRemove && !hostConfig.RestartPolicy.IsNone() {

cli/command/container/opts_test.go

@@ -49,11 +49,11 @@ func parseRun(args []string) (*container.Config, *container.HostConfig, *network
 		return nil, nil, nil, err
 	}
 	// TODO: fix tests to accept ContainerConfig
-	containerCfg, err := parse(flags, copts, runtime.GOOS)
+	containerConfig, err := parse(flags, copts, runtime.GOOS)
 	if err != nil {
 		return nil, nil, nil, err
 	}
-	return containerCfg.Config, containerCfg.HostConfig, containerCfg.NetworkingConfig, err
+	return containerConfig.Config, containerConfig.HostConfig, containerConfig.NetworkingConfig, err
 }
 
 func setupRunFlags() (*pflag.FlagSet, *containerOptions) {

cli/command/container/run.go

@@ -105,22 +105,22 @@ func runRun(dockerCli command.Cli, flags *pflag.FlagSet, ropts *runOptions, copt
 		}
 	}
 	copts.env = *opts.NewListOptsRef(&newEnv, nil)
-	containerCfg, err := parse(flags, copts, dockerCli.ServerInfo().OSType)
+	containerConfig, err := parse(flags, copts, dockerCli.ServerInfo().OSType)
 	// just in case the parse does not exit
 	if err != nil {
 		reportError(dockerCli.Err(), "run", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
-	if err = validateAPIVersion(containerCfg, dockerCli.CurrentVersion()); err != nil {
+	if err = validateAPIVersion(containerConfig, dockerCli.CurrentVersion()); err != nil {
 		reportError(dockerCli.Err(), "run", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
-	return runContainer(dockerCli, ropts, copts, containerCfg)
+	return runContainer(dockerCli, ropts, copts, containerConfig)
 }
 
 //nolint:gocyclo
-func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptions, containerCfg *containerConfig) error {
-	config := containerCfg.Config
+func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptions, containerConfig *containerConfig) error {
+	config := containerConfig.Config
 	stdout, stderr := dockerCli.Out(), dockerCli.Err()
 	client := dockerCli.Client()
 
@@ -144,7 +144,7 @@ func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptio
 	ctx, cancelFun := context.WithCancel(context.Background())
 	defer cancelFun()
 
-	createResponse, err := createContainer(ctx, dockerCli, containerCfg, &opts.createOptions)
+	createResponse, err := createContainer(ctx, dockerCli, containerConfig, &opts.createOptions)
 	if err != nil {
 		reportError(stderr, "run", err.Error(), true)
 		return runStartContainerErr(err)

cli/command/container/testdata/container-list-quiet.golden

@@ -1,2 +0,0 @@
-container_id
-container_id

cli/command/context/use_test.go

@@ -6,7 +6,6 @@ import (
 	"io"
 	"os"
 	"path/filepath"
-	"runtime"
 	"testing"
 
 	"github.com/docker/cli/cli/command"
@@ -14,6 +13,7 @@ import (
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/cli/flags"
 	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/homedir"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )
@@ -57,11 +57,7 @@ func TestUseDefaultWithoutConfigFile(t *testing.T) {
 	// the _default_ configuration file. If we specify a custom configuration
 	// file, the CLI produces an error if the file doesn't exist.
 	tmpHomeDir := t.TempDir()
-	if runtime.GOOS == "windows" {
-		t.Setenv("USERPROFILE", tmpHomeDir)
-	} else {
-		t.Setenv("HOME", tmpHomeDir)
-	}
+	t.Setenv(homedir.Key(), tmpHomeDir)
 	configDir := filepath.Join(tmpHomeDir, ".docker")
 	configFilePath := filepath.Join(configDir, "config.json")
 

cli/command/events_utils.go

@@ -3,28 +3,28 @@ package command
 import (
 	"sync"
 
-	"github.com/docker/docker/api/types/events"
+	eventtypes "github.com/docker/docker/api/types/events"
 	"github.com/sirupsen/logrus"
 )
 
 // EventHandler is abstract interface for user to customize
 // own handle functions of each type of events
 type EventHandler interface {
-	Handle(action string, h func(events.Message))
-	Watch(c <-chan events.Message)
+	Handle(action string, h func(eventtypes.Message))
+	Watch(c <-chan eventtypes.Message)
 }
 
 // InitEventHandler initializes and returns an EventHandler
 func InitEventHandler() EventHandler {
-	return &eventHandler{handlers: make(map[string]func(events.Message))}
+	return &eventHandler{handlers: make(map[string]func(eventtypes.Message))}
 }
 
 type eventHandler struct {
-	handlers map[string]func(events.Message)
+	handlers map[string]func(eventtypes.Message)
 	mu       sync.Mutex
 }
 
-func (w *eventHandler) Handle(action string, h func(events.Message)) {
+func (w *eventHandler) Handle(action string, h func(eventtypes.Message)) {
 	w.mu.Lock()
 	w.handlers[action] = h
 	w.mu.Unlock()
@@ -33,7 +33,7 @@ func (w *eventHandler) Handle(action string, h func(events.Message)) {
 // Watch ranges over the passed in event chan and processes the events based on the
 // handlers created for a given action.
 // To stop watching, close the event chan.
-func (w *eventHandler) Watch(c <-chan events.Message) {
+func (w *eventHandler) Watch(c <-chan eventtypes.Message) {
 	for e := range c {
 		w.mu.Lock()
 		h, exists := w.handlers[e.Action]

cli/command/formatter/container.go

@@ -55,9 +55,6 @@ ports: {{- pad .Ports 1 0}}
 		}
 		return Format(format)
 	default: // custom format
-		if quiet {
-			return DefaultQuietFormat
-		}
 		return Format(source)
 	}
 }

cli/command/formatter/container_test.go

@@ -163,7 +163,7 @@ containerID2   ubuntu    ""        24 hours ago                       foobar_bar
 		},
 		{
 			Context{Format: NewContainerFormat("table {{.Image}}", true, false)},
-			"containerID1\ncontainerID2\n",
+			"IMAGE\nubuntu\nubuntu\n",
 		},
 		{
 			Context{Format: NewContainerFormat("table", true, false)},

cli/command/formatter/context.go

@@ -84,3 +84,10 @@ func (c *clientContextContext) Error() string {
 	// TODO(thaJeztah) add "--no-trunc" option to context ls and set default to 30 cols to match "docker service ps"
 	return Ellipsis(c.c.Error, maxErrLength)
 }
+
+// KubernetesEndpoint returns the kubernetes endpoint.
+//
+// Deprecated: support for kubernetes endpoints in contexts has been removed, and this formatting option will always be empty.
+func (c *clientContextContext) KubernetesEndpoint() string {
+	return ""
+}

cli/command/formatter/disk_usage.go

@@ -14,7 +14,7 @@ import (
 )
 
 const (
-	defaultDiskUsageImageTableFormat      = "table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedSince}}\t{{.Size}}\t{{.SharedSize}}\t{{.UniqueSize}}\t{{.Containers}}"
+	defaultDiskUsageImageTableFormat      = "table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedSince}}\t{{.VirtualSize}}\t{{.SharedSize}}\t{{.UniqueSize}}\t{{.Containers}}"
 	defaultDiskUsageContainerTableFormat  = "table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.LocalVolumes}}\t{{.Size}}\t{{.RunningFor}}\t{{.Status}}\t{{.Names}}"
 	defaultDiskUsageVolumeTableFormat     = "table {{.Name}}\t{{.Links}}\t{{.Size}}"
 	defaultDiskUsageBuildCacheTableFormat = "table {{.ID}}\t{{.CacheType}}\t{{.Size}}\t{{.CreatedSince}}\t{{.LastUsedSince}}\t{{.UsageCount}}\t{{.Shared}}"
@@ -296,10 +296,10 @@ func (c *diskUsageImagesContext) Reclaimable() string {
 
 	for _, i := range c.images {
 		if i.Containers != 0 {
-			if i.Size == -1 || i.SharedSize == -1 {
+			if i.VirtualSize == -1 || i.SharedSize == -1 {
 				continue
 			}
-			used += i.Size - i.SharedSize
+			used += i.VirtualSize - i.SharedSize
 		}
 	}
 

cli/command/formatter/image.go

@@ -205,7 +205,7 @@ func newImageContext() *imageContext {
 		"CreatedAt":    CreatedAtHeader,
 		"Size":         SizeHeader,
 		"Containers":   containersHeader,
-		"VirtualSize":  SizeHeader, // Deprecated: VirtualSize is deprecated, and equivalent to Size.
+		"VirtualSize":  SizeHeader,
 		"SharedSize":   sharedSizeHeader,
 		"UniqueSize":   uniqueSizeHeader,
 	}
@@ -260,13 +260,8 @@ func (c *imageContext) Containers() string {
 	return fmt.Sprintf("%d", c.i.Containers)
 }
 
-// VirtualSize shows the virtual size of the image and all of its parent
-// images. Starting with docker 1.10, images are self-contained, and
-// the VirtualSize is identical to Size.
-//
-// Deprecated: VirtualSize is deprecated, and equivalent to [imageContext.Size].
 func (c *imageContext) VirtualSize() string {
-	return units.HumanSize(float64(c.i.Size))
+	return units.HumanSize(float64(c.i.VirtualSize))
 }
 
 func (c *imageContext) SharedSize() string {
@@ -277,8 +272,8 @@ func (c *imageContext) SharedSize() string {
 }
 
 func (c *imageContext) UniqueSize() string {
-	if c.i.Size == -1 || c.i.SharedSize == -1 {
+	if c.i.VirtualSize == -1 || c.i.SharedSize == -1 {
 		return "N/A"
 	}
-	return units.HumanSize(float64(c.i.Size - c.i.SharedSize))
+	return units.HumanSize(float64(c.i.VirtualSize - c.i.SharedSize))
 }

cli/command/formatter/image_test.go

@@ -36,7 +36,7 @@ func TestImageContext(t *testing.T) {
 			call:     ctx.ID,
 		},
 		{
-			imageCtx: imageContext{i: types.ImageSummary{Size: 10}, trunc: true},
+			imageCtx: imageContext{i: types.ImageSummary{Size: 10, VirtualSize: 10}, trunc: true},
 			expValue: "10B",
 			call:     ctx.Size,
 		},
@@ -70,9 +70,9 @@ func TestImageContext(t *testing.T) {
 			call:     ctx.Containers,
 		},
 		{
-			imageCtx: imageContext{i: types.ImageSummary{Size: 10000}},
+			imageCtx: imageContext{i: types.ImageSummary{VirtualSize: 10000}},
 			expValue: "10kB",
-			call:     ctx.VirtualSize, //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.
+			call:     ctx.VirtualSize,
 		},
 		{
 			imageCtx: imageContext{i: types.ImageSummary{SharedSize: 10000}},
@@ -80,7 +80,7 @@ func TestImageContext(t *testing.T) {
 			call:     ctx.SharedSize,
 		},
 		{
-			imageCtx: imageContext{i: types.ImageSummary{SharedSize: 5000, Size: 20000}},
+			imageCtx: imageContext{i: types.ImageSummary{SharedSize: 5000, VirtualSize: 20000}},
 			expValue: "15kB",
 			call:     ctx.UniqueSize,
 		},

cli/command/image/build.go

@@ -22,7 +22,6 @@ import (
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/builder/remotecontext/urlutil"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/idtools"
@@ -128,7 +127,7 @@ func NewBuildCommand(dockerCli command.Cli) *cobra.Command {
 	flags.Int64Var(&options.cpuQuota, "cpu-quota", 0, "Limit the CPU CFS (Completely Fair Scheduler) quota")
 	flags.StringVar(&options.cpuSetCpus, "cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)")
 	flags.StringVar(&options.cpuSetMems, "cpuset-mems", "", "MEMs in which to allow execution (0-3, 0,1)")
-	flags.StringVar(&options.cgroupParent, "cgroup-parent", "", `Set the parent cgroup for the "RUN" instructions during build`)
+	flags.StringVar(&options.cgroupParent, "cgroup-parent", "", "Optional parent cgroup for the container")
 	flags.StringVar(&options.isolation, "isolation", "", "Container isolation technology")
 	flags.Var(&options.labels, "label", "Set metadata for an image")
 	flags.BoolVar(&options.noCache, "no-cache", false, "Do not use cache when building the image")
@@ -280,7 +279,7 @@ func runBuild(dockerCli command.Cli, options buildOptions) error {
 	var resolvedTags []*resolvedTag
 	if !options.untrusted {
 		translator := func(ctx context.Context, ref reference.NamedTagged) (reference.Canonical, error) {
-			return TrustedReference(ctx, dockerCli, ref)
+			return TrustedReference(ctx, dockerCli, ref, nil)
 		}
 		// if there is a tar wrapper, the dockerfile needs to be replaced inside it
 		if buildCtx != nil {
@@ -323,9 +322,9 @@ func runBuild(dockerCli command.Cli, options buildOptions) error {
 
 	configFile := dockerCli.ConfigFile()
 	creds, _ := configFile.GetAllCredentials()
-	authConfigs := make(map[string]registrytypes.AuthConfig, len(creds))
+	authConfigs := make(map[string]types.AuthConfig, len(creds))
 	for k, auth := range creds {
-		authConfigs[k] = registrytypes.AuthConfig(auth)
+		authConfigs[k] = types.AuthConfig(auth)
 	}
 	buildOptions := imageBuildOptions(dockerCli, options)
 	buildOptions.Version = types.BuilderV1

cli/command/image/build/dockerignore.go

@@ -1,12 +1,11 @@
 package build
 
 import (
-	"fmt"
 	"os"
 	"path/filepath"
 
+	"github.com/moby/buildkit/frontend/dockerfile/dockerignore"
 	"github.com/moby/patternmatcher"
-	"github.com/moby/patternmatcher/ignorefile"
 )
 
 // ReadDockerignore reads the .dockerignore file in the context directory and
@@ -23,11 +22,7 @@ func ReadDockerignore(contextDir string) ([]string, error) {
 	}
 	defer f.Close()
 
-	patterns, err := ignorefile.ReadAll(f)
-	if err != nil {
-		return nil, fmt.Errorf("error reading .dockerignore: %w", err)
-	}
-	return patterns, nil
+	return dockerignore.ReadAll(f)
 }
 
 // TrimBuildFilesFromExcludes removes the named Dockerfile and .dockerignore from

cli/command/image/build_test.go

@@ -34,7 +34,7 @@ func TestRunBuildDockerfileFromStdinWithCompress(t *testing.T) {
 
 	cli := test.NewFakeCli(&fakeClient{imageBuildFunc: fakeImageBuild})
 	dockerfile := bytes.NewBufferString(`
-		FROM alpine:frozen
+		FROM alpine:3.6
 		COPY foo /
 	`)
 	cli.SetIn(streams.NewIn(io.NopCloser(dockerfile)))
@@ -66,7 +66,7 @@ func TestRunBuildResetsUidAndGidInContext(t *testing.T) {
 	dir := fs.NewDir(t, "test-build-context",
 		fs.WithFile("foo", "some content", fs.AsUser(65534, 65534)),
 		fs.WithFile("Dockerfile", `
-			FROM alpine:frozen
+			FROM alpine:3.6
 			COPY foo bar /
 		`),
 	)
@@ -155,7 +155,7 @@ func TestRunBuildFromLocalGitHubDir(t *testing.T) {
 func TestRunBuildWithSymlinkedContext(t *testing.T) {
 	t.Setenv("DOCKER_BUILDKIT", "0")
 	dockerfile := `
-FROM alpine:frozen
+FROM alpine:3.6
 RUN echo hello world
 `
 

cli/command/image/history_test.go

@@ -11,6 +11,7 @@ import (
 	"github.com/pkg/errors"
 	"gotest.tools/v3/assert"
 	"gotest.tools/v3/golden"
+	"gotest.tools/v3/skip"
 )
 
 func TestNewHistoryCommandErrors(t *testing.T) {
@@ -42,7 +43,13 @@ func TestNewHistoryCommandErrors(t *testing.T) {
 	}
 }
 
+func notUTCTimezone() bool {
+	now := time.Now()
+	return now != now.UTC()
+}
+
 func TestNewHistoryCommandSuccess(t *testing.T) {
+	skip.If(t, notUTCTimezone, "expected output requires UTC timezone")
 	testCases := []struct {
 		name             string
 		args             []string
@@ -55,7 +62,6 @@ func TestNewHistoryCommandSuccess(t *testing.T) {
 				return []image.HistoryResponseItem{{
 					ID:      "1234567890123456789",
 					Created: time.Now().Unix(),
-					Comment: "none",
 				}}, nil
 			},
 		},
@@ -87,19 +93,13 @@ func TestNewHistoryCommandSuccess(t *testing.T) {
 		},
 	}
 	for _, tc := range testCases {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			// Set to UTC timezone as timestamps in output are
-			// printed in the current timezone
-			t.Setenv("TZ", "UTC")
-			cli := test.NewFakeCli(&fakeClient{imageHistoryFunc: tc.imageHistoryFunc})
-			cmd := NewHistoryCommand(cli)
-			cmd.SetOut(io.Discard)
-			cmd.SetArgs(tc.args)
-			err := cmd.Execute()
-			assert.NilError(t, err)
-			actual := cli.OutBuffer().String()
-			golden.Assert(t, actual, fmt.Sprintf("history-command-success.%s.golden", tc.name))
-		})
+		cli := test.NewFakeCli(&fakeClient{imageHistoryFunc: tc.imageHistoryFunc})
+		cmd := NewHistoryCommand(cli)
+		cmd.SetOut(io.Discard)
+		cmd.SetArgs(tc.args)
+		err := cmd.Execute()
+		assert.NilError(t, err)
+		actual := cli.OutBuffer().String()
+		golden.Assert(t, actual, fmt.Sprintf("history-command-success.%s.golden", tc.name))
 	}
 }

cli/command/image/pull.go

@@ -69,7 +69,7 @@ func RunPull(cli command.Cli, opts PullOptions) error {
 	}
 
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), distributionRef.String())
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, AuthResolver(cli), distributionRef.String())
 	if err != nil {
 		return err
 	}

cli/command/image/push.go

@@ -11,7 +11,6 @@ import (
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
-	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
@@ -77,7 +76,7 @@ func RunPush(dockerCli command.Cli, opts pushOptions) error {
 
 	// Resolve the Auth config relevant for this server
 	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
-	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
+	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
 	if err != nil {
 		return err
 	}

cli/command/image/testdata/history-command-success.non-human.golden

@@ -1,2 +1,2 @@
-IMAGE     CREATED AT             CREATED BY   SIZE      COMMENT
-abcdef    2017-01-01T12:00:03Z   rose         0         new history item!
+IMAGE               CREATED AT             CREATED BY          SIZE                COMMENT
+abcdef              2017-01-01T12:00:03Z   rose                0                   new history item!

cli/command/image/testdata/history-command-success.simple.golden

@@ -1,2 +1,2 @@
-IMAGE          CREATED                  CREATED BY   SIZE      COMMENT
-123456789012   Less than a second ago                0B        none
+IMAGE               CREATED                  CREATED BY          SIZE                COMMENT
+123456789012        Less than a second ago                       0B                  

cli/command/image/testdata/inspect-command-success.simple-many.golden

@@ -14,6 +14,7 @@
         "Architecture": "",
         "Os": "",
         "Size": 0,
+        "VirtualSize": 0,
         "GraphDriver": {
             "Data": null,
             "Name": ""
@@ -38,6 +39,7 @@
         "Architecture": "",
         "Os": "",
         "Size": 0,
+        "VirtualSize": 0,
         "GraphDriver": {
             "Data": null,
             "Name": ""

cli/command/image/testdata/inspect-command-success.simple.golden

@@ -14,6 +14,7 @@
         "Architecture": "",
         "Os": "",
         "Size": 0,
+        "VirtualSize": 0,
         "GraphDriver": {
             "Data": null,
             "Name": ""

cli/command/image/trust.go

@@ -30,7 +30,7 @@ type target struct {
 }
 
 // TrustedPush handles content trust pushing of an image
-func TrustedPush(ctx context.Context, cli command.Cli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig registrytypes.AuthConfig, options types.ImagePushOptions) error {
+func TrustedPush(ctx context.Context, cli command.Cli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, options types.ImagePushOptions) error {
 	responseBody, err := cli.Client().ImagePush(ctx, reference.FamiliarString(ref), options)
 	if err != nil {
 		return err
@@ -44,7 +44,7 @@ func TrustedPush(ctx context.Context, cli command.Cli, repoInfo *registry.Reposi
 // PushTrustedReference pushes a canonical reference to the trust server.
 //
 //nolint:gocyclo
-func PushTrustedReference(streams command.Streams, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig registrytypes.AuthConfig, in io.Reader) error {
+func PushTrustedReference(streams command.Streams, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, in io.Reader) error {
 	// If it is a trusted push we would like to find the target entry which match the
 	// tag provided in the function and then do an AddTarget later.
 	target := &client.Target{}
@@ -186,7 +186,7 @@ func trustedPull(ctx context.Context, cli command.Cli, imgRefAndAuth trust.Image
 		if err != nil {
 			return err
 		}
-		updatedImgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), trustedRef.String())
+		updatedImgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, AuthResolver(cli), trustedRef.String())
 		if err != nil {
 			return err
 		}
@@ -262,17 +262,20 @@ func getTrustedPullTargets(cli command.Cli, imgRefAndAuth trust.ImageRefAndAuth)
 
 // imagePullPrivileged pulls the image and displays it to the output
 func imagePullPrivileged(ctx context.Context, cli command.Cli, imgRefAndAuth trust.ImageRefAndAuth, opts PullOptions) error {
-	encodedAuth, err := registrytypes.EncodeAuthConfig(*imgRefAndAuth.AuthConfig())
+	ref := reference.FamiliarString(imgRefAndAuth.Reference())
+
+	encodedAuth, err := command.EncodeAuthToBase64(*imgRefAndAuth.AuthConfig())
 	if err != nil {
 		return err
 	}
 	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(cli, imgRefAndAuth.RepoInfo().Index, "pull")
-	responseBody, err := cli.Client().ImagePull(ctx, reference.FamiliarString(imgRefAndAuth.Reference()), types.ImagePullOptions{
+	options := types.ImagePullOptions{
 		RegistryAuth:  encodedAuth,
 		PrivilegeFunc: requestPrivilege,
 		All:           opts.all,
 		Platform:      opts.platform,
-	})
+	}
+	responseBody, err := cli.Client().ImagePull(ctx, ref, options)
 	if err != nil {
 		return err
 	}
@@ -286,8 +289,8 @@ func imagePullPrivileged(ctx context.Context, cli command.Cli, imgRefAndAuth tru
 }
 
 // TrustedReference returns the canonical trusted reference for an image reference
-func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedTagged) (reference.Canonical, error) {
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), ref.String())
+func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedTagged, rs registry.Service) (reference.Canonical, error) {
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, rs, AuthResolver(cli), ref.String())
 	if err != nil {
 		return nil, err
 	}
@@ -337,8 +340,8 @@ func TagTrusted(ctx context.Context, cli command.Cli, trustedRef reference.Canon
 }
 
 // AuthResolver returns an auth resolver function from a command.Cli
-func AuthResolver(cli command.Cli) func(ctx context.Context, index *registrytypes.IndexInfo) registrytypes.AuthConfig {
-	return func(ctx context.Context, index *registrytypes.IndexInfo) registrytypes.AuthConfig {
+func AuthResolver(cli command.Cli) func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig {
+	return func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig {
 		return command.ResolveAuthConfig(ctx, cli, index)
 	}
 }

cli/command/manifest/util.go

@@ -16,7 +16,7 @@ type osArch struct {
 
 // Remove any unsupported os/arch combo
 // list of valid os/arch values (see "Optional Environment Variables" section
-// of https://go.dev/doc/install/source
+// of https://golang.org/doc/install/source
 // Added linux/s390x as we know System z support already exists
 // Keep in sync with _docker_manifest_annotate in contrib/completion/bash/docker
 var validOSArches = map[osArch]bool{

cli/command/plugin/install.go

@@ -10,7 +10,6 @@ import (
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
-	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
@@ -55,6 +54,26 @@ func newInstallCommand(dockerCli command.Cli) *cobra.Command {
 	return cmd
 }
 
+type pluginRegistryService struct {
+	registry.Service
+}
+
+func (s pluginRegistryService) ResolveRepository(name reference.Named) (*registry.RepositoryInfo, error) {
+	repoInfo, err := s.Service.ResolveRepository(name)
+	if repoInfo != nil {
+		repoInfo.Class = "plugin"
+	}
+	return repoInfo, err
+}
+
+func newRegistryService() (registry.Service, error) {
+	svc, err := registry.NewService(registry.ServiceOptions{})
+	if err != nil {
+		return nil, err
+	}
+	return pluginRegistryService{Service: svc}, nil
+}
+
 func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOptions, cmdName string) (types.PluginInstallOptions, error) {
 	// Names with both tag and digest will be treated by the daemon
 	// as a pull by digest with a local name for the tag
@@ -79,7 +98,12 @@ func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOpti
 			return types.PluginInstallOptions{}, errors.Errorf("invalid name: %s", ref.String())
 		}
 
-		trusted, err := image.TrustedReference(context.Background(), dockerCli, nt)
+		ctx := context.Background()
+		svc, err := newRegistryService()
+		if err != nil {
+			return types.PluginInstallOptions{}, err
+		}
+		trusted, err := image.TrustedReference(ctx, dockerCli, nt, svc)
 		if err != nil {
 			return types.PluginInstallOptions{}, err
 		}
@@ -87,7 +111,8 @@ func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOpti
 	}
 
 	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
-	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
+
+	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
 	if err != nil {
 		return types.PluginInstallOptions{}, err
 	}

cli/command/plugin/push.go

@@ -7,7 +7,6 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/distribution/reference"
-	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
@@ -56,7 +55,8 @@ func runPush(dockerCli command.Cli, opts pushOptions) error {
 		return err
 	}
 	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
-	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
+
+	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
 	if err != nil {
 		return err
 	}
@@ -68,6 +68,7 @@ func runPush(dockerCli command.Cli, opts pushOptions) error {
 	defer responseBody.Close()
 
 	if !opts.untrusted {
+		repoInfo.Class = "plugin"
 		return image.PushTrustedReference(dockerCli, repoInfo, named, authConfig, responseBody)
 	}
 

cli/command/registry.go

@@ -3,6 +3,8 @@ package command
 import (
 	"bufio"
 	"context"
+	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"io"
 	"os"
@@ -10,7 +12,6 @@ import (
 	"strings"
 
 	configtypes "github.com/docker/cli/cli/config/types"
-	"github.com/docker/cli/cli/hints"
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
@@ -20,15 +21,20 @@ import (
 	"github.com/pkg/errors"
 )
 
-const patSuggest = "You can log in with your password or a Personal Access " +
-	"Token (PAT). Using a limited-scope PAT grants better security and is required " +
-	"for organizations using SSO. Learn more at https://docs.docker.com/go/access-tokens/"
-
-// EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload.
+// ElectAuthServer returns the default registry to use.
 //
-// Deprecated: use [registrytypes.EncodeAuthConfig] instead.
-func EncodeAuthToBase64(authConfig registrytypes.AuthConfig) (string, error) {
-	return registrytypes.EncodeAuthConfig(authConfig)
+// Deprecated: use [registry.IndexServer] instead.
+func ElectAuthServer(_ context.Context, _ Cli) string {
+	return registry.IndexServer
+}
+
+// EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload
+func EncodeAuthToBase64(authConfig types.AuthConfig) (string, error) {
+	buf, err := json.Marshal(authConfig)
+	if err != nil {
+		return "", err
+	}
+	return base64.URLEncoding.EncodeToString(buf), nil
 }
 
 // RegistryAuthenticationPrivilegedFunc returns a RequestPrivilegeFunc from the specified registry index info
@@ -46,7 +52,7 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf
 		if err != nil {
 			return "", err
 		}
-		return registrytypes.EncodeAuthConfig(authConfig)
+		return EncodeAuthToBase64(authConfig)
 	}
 }
 
@@ -56,19 +62,19 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf
 //
 // It is similar to [registry.ResolveAuthConfig], but uses the credentials-
 // store, instead of looking up credentials from a map.
-func ResolveAuthConfig(_ context.Context, cli Cli, index *registrytypes.IndexInfo) registrytypes.AuthConfig {
+func ResolveAuthConfig(_ context.Context, cli Cli, index *registrytypes.IndexInfo) types.AuthConfig {
 	configKey := index.Name
 	if index.Official {
 		configKey = registry.IndexServer
 	}
 
 	a, _ := cli.ConfigFile().GetAuthConfig(configKey)
-	return registrytypes.AuthConfig(a)
+	return types.AuthConfig(a)
 }
 
 // GetDefaultAuthConfig gets the default auth config given a serverAddress
 // If credentials for given serverAddress exists in the credential store, the configuration will be populated with values in it
-func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (registrytypes.AuthConfig, error) {
+func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (types.AuthConfig, error) {
 	if !isDefaultRegistry {
 		serverAddress = registry.ConvertToHostname(serverAddress)
 	}
@@ -77,27 +83,20 @@ func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, is
 	if checkCredStore {
 		authconfig, err = cli.ConfigFile().GetAuthConfig(serverAddress)
 		if err != nil {
-			return registrytypes.AuthConfig{
+			return types.AuthConfig{
 				ServerAddress: serverAddress,
 			}, err
 		}
 	}
 	authconfig.ServerAddress = serverAddress
 	authconfig.IdentityToken = ""
-	res := registrytypes.AuthConfig(authconfig)
+	res := types.AuthConfig(authconfig)
 	return res, nil
 }
 
 // ConfigureAuth handles prompting of user's username and password if needed
-func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *registrytypes.AuthConfig, isDefaultRegistry bool) error {
-	// On Windows, force the use of the regular OS stdin stream.
-	//
-	// See:
-	// - https://github.com/moby/moby/issues/14336
-	// - https://github.com/moby/moby/issues/14210
-	// - https://github.com/moby/moby/pull/17738
-	//
-	// TODO(thaJeztah): we need to confirm if this special handling is still needed, as we may not be doing this in other places.
+func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthConfig, isDefaultRegistry bool) error {
+	// On Windows, force the use of the regular OS stdin stream. Fixes #14336/#14210
 	if runtime.GOOS == "windows" {
 		cli.SetIn(streams.NewIn(os.Stdin))
 	}
@@ -118,18 +117,11 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *registrytypes
 	if flUser = strings.TrimSpace(flUser); flUser == "" {
 		if isDefaultRegistry {
 			// if this is a default registry (docker hub), then display the following message.
-			fmt.Fprintln(cli.Out(), "Log in with your Docker ID or email address to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com/ to create one.")
-			if hints.Enabled() {
-				fmt.Fprintln(cli.Out(), patSuggest)
-				fmt.Fprintln(cli.Out())
-			}
+			fmt.Fprintln(cli.Out(), "Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.")
 		}
 		promptWithDefault(cli.Out(), "Username", authconfig.Username)
-		var err error
-		flUser, err = readInput(cli.In())
-		if err != nil {
-			return err
-		}
+		flUser = readInput(cli.In(), cli.Out())
+		flUser = strings.TrimSpace(flUser)
 		if flUser == "" {
 			flUser = authconfig.Username
 		}
@@ -143,15 +135,12 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *registrytypes
 			return err
 		}
 		fmt.Fprintf(cli.Out(), "Password: ")
-		_ = term.DisableEcho(cli.In().FD(), oldState)
-		defer func() {
-			_ = term.RestoreTerminal(cli.In().FD(), oldState)
-		}()
-		flPassword, err = readInput(cli.In())
-		if err != nil {
-			return err
-		}
+		term.DisableEcho(cli.In().FD(), oldState)
+
+		flPassword = readInput(cli.In(), cli.Out())
 		fmt.Fprint(cli.Out(), "\n")
+
+		term.RestoreTerminal(cli.In().FD(), oldState)
 		if flPassword == "" {
 			return errors.Errorf("Error: Password Required")
 		}
@@ -163,15 +152,14 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *registrytypes
 	return nil
 }
 
-// readInput reads, and returns user input from in. It tries to return a
-// single line, not including the end-of-line bytes, and trims leading
-// and trailing whitespace.
-func readInput(in io.Reader) (string, error) {
-	line, _, err := bufio.NewReader(in).ReadLine()
+func readInput(in io.Reader, out io.Writer) string {
+	reader := bufio.NewReader(in)
+	line, _, err := reader.ReadLine()
 	if err != nil {
-		return "", errors.Wrap(err, "error while reading input")
+		fmt.Fprintln(out, err.Error())
+		os.Exit(1)
 	}
-	return strings.TrimSpace(string(line)), nil
+	return string(line)
 }
 
 func promptWithDefault(out io.Writer, prompt string, configDefault string) {
@@ -182,19 +170,14 @@ func promptWithDefault(out io.Writer, prompt string, configDefault string) {
 	}
 }
 
-// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete
-// image. The auth configuration is serialized as a base64url encoded RFC4648,
-// section 5) JSON string for sending through the X-Registry-Auth header.
-//
-// For details on base64url encoding, see:
-// - RFC4648, section 5:   https://tools.ietf.org/html/rfc4648#section-5
+// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete image
 func RetrieveAuthTokenFromImage(ctx context.Context, cli Cli, image string) (string, error) {
 	// Retrieve encoded auth token from the image reference
 	authConfig, err := resolveAuthConfigFromImage(ctx, cli, image)
 	if err != nil {
 		return "", err
 	}
-	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
+	encodedAuth, err := EncodeAuthToBase64(authConfig)
 	if err != nil {
 		return "", err
 	}
@@ -202,14 +185,14 @@ func RetrieveAuthTokenFromImage(ctx context.Context, cli Cli, image string) (str
 }
 
 // resolveAuthConfigFromImage retrieves that AuthConfig using the image string
-func resolveAuthConfigFromImage(ctx context.Context, cli Cli, image string) (registrytypes.AuthConfig, error) {
+func resolveAuthConfigFromImage(ctx context.Context, cli Cli, image string) (types.AuthConfig, error) {
 	registryRef, err := reference.ParseNormalizedNamed(image)
 	if err != nil {
-		return registrytypes.AuthConfig{}, err
+		return types.AuthConfig{}, err
 	}
 	repoInfo, err := registry.ParseRepositoryInfo(registryRef)
 	if err != nil {
-		return registrytypes.AuthConfig{}, err
+		return types.AuthConfig{}, err
 	}
 	return ResolveAuthConfig(ctx, cli, repoInfo.Index), nil
 }

cli/command/registry/login.go

@@ -10,6 +10,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	configtypes "github.com/docker/cli/cli/config/types"
+	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/errdefs"
@@ -163,7 +164,7 @@ func runLogin(dockerCli command.Cli, opts loginOptions) error { //nolint:gocyclo
 	return nil
 }
 
-func loginWithCredStoreCreds(ctx context.Context, dockerCli command.Cli, authConfig *registrytypes.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
+func loginWithCredStoreCreds(ctx context.Context, dockerCli command.Cli, authConfig *types.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
 	fmt.Fprintf(dockerCli.Out(), "Authenticating with existing credentials...\n")
 	cliClient := dockerCli.Client()
 	response, err := cliClient.RegistryLogin(ctx, *authConfig)
@@ -177,7 +178,7 @@ func loginWithCredStoreCreds(ctx context.Context, dockerCli command.Cli, authCon
 	return response, err
 }
 
-func loginClientSide(ctx context.Context, auth registrytypes.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
+func loginClientSide(ctx context.Context, auth types.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
 	svc, err := registry.NewService(registry.ServiceOptions{})
 	if err != nil {
 		return registrytypes.AuthenticateOKBody{}, err

cli/command/registry/login_test.go

@@ -38,7 +38,7 @@ func (c fakeClient) Info(context.Context) (types.Info, error) {
 	return types.Info{}, nil
 }
 
-func (c fakeClient) RegistryLogin(_ context.Context, auth registrytypes.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
+func (c fakeClient) RegistryLogin(_ context.Context, auth types.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
 	if auth.Password == expiredPassword {
 		return registrytypes.AuthenticateOKBody{}, fmt.Errorf("Invalid Username or Password")
 	}
@@ -53,16 +53,16 @@ func (c fakeClient) RegistryLogin(_ context.Context, auth registrytypes.AuthConf
 
 func TestLoginWithCredStoreCreds(t *testing.T) {
 	testCases := []struct {
-		inputAuthConfig registrytypes.AuthConfig
+		inputAuthConfig types.AuthConfig
 		expectedMsg     string
 		expectedErr     string
 	}{
 		{
-			inputAuthConfig: registrytypes.AuthConfig{},
+			inputAuthConfig: types.AuthConfig{},
 			expectedMsg:     "Authenticating with existing credentials...\n",
 		},
 		{
-			inputAuthConfig: registrytypes.AuthConfig{
+			inputAuthConfig: types.AuthConfig{
 				Username: userErr,
 			},
 			expectedMsg: "Authenticating with existing credentials...\n",

cli/command/registry/search.go

@@ -8,7 +8,6 @@ import (
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
-	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/registry"
 	"github.com/spf13/cobra"
 )
@@ -55,19 +54,25 @@ func runSearch(dockerCli command.Cli, options searchOptions) error {
 	}
 
 	ctx := context.Background()
+
 	authConfig := command.ResolveAuthConfig(ctx, dockerCli, indexInfo)
-	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
+	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, indexInfo, "search")
+
+	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
 	if err != nil {
 		return err
 	}
 
-	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, indexInfo, "search")
-	results, err := dockerCli.Client().ImageSearch(ctx, options.term, types.ImageSearchOptions{
+	searchOptions := types.ImageSearchOptions{
 		RegistryAuth:  encodedAuth,
 		PrivilegeFunc: requestPrivilege,
 		Filters:       options.filter.Value(),
 		Limit:         options.limit,
-	})
+	}
+
+	clnt := dockerCli.Client()
+
+	results, err := clnt.ImageSearch(ctx, options.term, searchOptions)
 	if err != nil {
 		return err
 	}

cli/command/registry_test.go

@@ -10,7 +10,6 @@ import (
 	configtypes "github.com/docker/cli/cli/config/types"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/client"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
@@ -21,7 +20,7 @@ type fakeClient struct {
 	infoFunc func() (types.Info, error)
 }
 
-var testAuthConfigs = []registry.AuthConfig{
+var testAuthConfigs = []types.AuthConfig{
 	{
 		ServerAddress: "https://index.docker.io/v1/",
 		Username:      "u0",
@@ -46,13 +45,13 @@ func TestGetDefaultAuthConfig(t *testing.T) {
 		checkCredStore     bool
 		inputServerAddress string
 		expectedErr        string
-		expectedAuthConfig registry.AuthConfig
+		expectedAuthConfig types.AuthConfig
 	}{
 		{
 			checkCredStore:     false,
 			inputServerAddress: "",
 			expectedErr:        "",
-			expectedAuthConfig: registry.AuthConfig{
+			expectedAuthConfig: types.AuthConfig{
 				ServerAddress: "",
 				Username:      "",
 				Password:      "",
@@ -102,7 +101,7 @@ func TestGetDefaultAuthConfig_HelperError(t *testing.T) {
 	cli.SetErr(errBuf)
 	cli.ConfigFile().CredentialsStore = "fake-does-not-exist"
 	serverAddress := "test-server-address"
-	expectedAuthConfig := registry.AuthConfig{
+	expectedAuthConfig := types.AuthConfig{
 		ServerAddress: serverAddress,
 	}
 	authconfig, err := GetDefaultAuthConfig(cli, true, serverAddress, serverAddress == "https://index.docker.io/v1/")

cli/command/service/opts.go

@@ -1001,7 +1001,7 @@ const (
 	flagTTY                     = "tty"
 	flagUpdateDelay             = "update-delay"
 	flagUpdateFailureAction     = "update-failure-action"
-	flagUpdateMaxFailureRatio   = "update-max-failure-ratio" // #nosec G101 -- ignoring: Potential hardcoded credentials (gosec)
+	flagUpdateMaxFailureRatio   = "update-max-failure-ratio"
 	flagUpdateMonitor           = "update-monitor"
 	flagUpdateOrder             = "update-order"
 	flagUpdateParallelism       = "update-parallelism"

cli/command/streams.go

@@ -0,0 +1,32 @@
+package command
+
+import (
+	"io"
+
+	"github.com/docker/cli/cli/streams"
+)
+
+// InStream is an input stream used by the DockerCli to read user input
+//
+// Deprecated: Use [streams.In] instead.
+type InStream = streams.In
+
+// OutStream is an output stream used by the DockerCli to write normal program
+// output.
+//
+// Deprecated: Use [streams.Out] instead.
+type OutStream = streams.Out
+
+// NewInStream returns a new [streams.In] from an [io.ReadCloser].
+//
+// Deprecated: Use [streams.NewIn] instead.
+func NewInStream(in io.ReadCloser) *streams.In {
+	return streams.NewIn(in)
+}
+
+// NewOutStream returns a new [streams.Out] from an [io.Writer].
+//
+// Deprecated: Use [streams.NewOut] instead.
+func NewOutStream(out io.Writer) *streams.Out {
+	return streams.NewOut(out)
+}

cli/command/system/client_test.go

@@ -4,7 +4,6 @@ import (
 	"context"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/client"
 )
 
@@ -13,7 +12,6 @@ type fakeClient struct {
 
 	version       string
 	serverVersion func(ctx context.Context) (types.Version, error)
-	eventsFn      func(context.Context, types.EventsOptions) (<-chan events.Message, <-chan error)
 }
 
 func (cli *fakeClient) ServerVersion(ctx context.Context) (types.Version, error) {
@@ -23,7 +21,3 @@ func (cli *fakeClient) ServerVersion(ctx context.Context) (types.Version, error)
 func (cli *fakeClient) ClientVersion() string {
 	return cli.version
 }
-
-func (cli *fakeClient) Events(ctx context.Context, opts types.EventsOptions) (<-chan events.Message, <-chan error) {
-	return cli.eventsFn(ctx, opts)
-}

cli/command/system/events.go

@@ -12,12 +12,10 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/cli/cli/command/formatter"
-	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/opts"
 	"github.com/docker/cli/templates"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/events"
+	eventtypes "github.com/docker/docker/api/types/events"
 	"github.com/spf13/cobra"
 )
 
@@ -49,7 +47,7 @@ func NewEventsCommand(dockerCli command.Cli) *cobra.Command {
 	flags.StringVar(&options.since, "since", "", "Show all events created since timestamp")
 	flags.StringVar(&options.until, "until", "", "Stream events until this timestamp")
 	flags.VarP(&options.filter, "filter", "f", "Filter output based on conditions provided")
-	flags.StringVar(&options.format, "format", "", flagsHelper.InspectFormatHelp) // using the same flag description as "inspect" commands for now.
+	flags.StringVar(&options.format, "format", "", "Format the output using the given Go template")
 
 	return cmd
 }
@@ -62,19 +60,21 @@ func runEvents(dockerCli command.Cli, options *eventsOptions) error {
 			Status:     "Error parsing format: " + err.Error(),
 		}
 	}
-	ctx, cancel := context.WithCancel(context.Background())
-	evts, errs := dockerCli.Client().Events(ctx, types.EventsOptions{
+	eventOptions := types.EventsOptions{
 		Since:   options.since,
 		Until:   options.until,
 		Filters: options.filter.Value(),
-	})
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+	events, errs := dockerCli.Client().Events(ctx, eventOptions)
 	defer cancel()
 
 	out := dockerCli.Out()
 
 	for {
 		select {
-		case event := <-evts:
+		case event := <-events:
 			if err := handleEvent(out, event, tmpl); err != nil {
 				return err
 			}
@@ -87,7 +87,7 @@ func runEvents(dockerCli command.Cli, options *eventsOptions) error {
 	}
 }
 
-func handleEvent(out io.Writer, event events.Message, tmpl *template.Template) error {
+func handleEvent(out io.Writer, event eventtypes.Message, tmpl *template.Template) error {
 	if tmpl == nil {
 		return prettyPrintEvent(out, event)
 	}
@@ -96,19 +96,16 @@ func handleEvent(out io.Writer, event events.Message, tmpl *template.Template) e
 }
 
 func makeTemplate(format string) (*template.Template, error) {
-	switch format {
-	case "":
+	if format == "" {
 		return nil, nil
-	case formatter.JSONFormatKey:
-		format = formatter.JSONFormat
 	}
 	tmpl, err := templates.Parse(format)
 	if err != nil {
 		return tmpl, err
 	}
-	// execute the template on an empty message to validate a bad
-	// template like "{{.badFieldString}}"
-	return tmpl, tmpl.Execute(io.Discard, &events.Message{})
+	// we execute the template for an empty message, so as to validate
+	// a bad template like "{{.badFieldString}}"
+	return tmpl, tmpl.Execute(io.Discard, &eventtypes.Message{})
 }
 
 // rfc3339NanoFixed is similar to time.RFC3339Nano, except it pads nanoseconds
@@ -118,7 +115,7 @@ const rfc3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00"
 // prettyPrintEvent prints all types of event information.
 // Each output includes the event type, actor id, name and action.
 // Actor attributes are printed at the end if the actor has any.
-func prettyPrintEvent(out io.Writer, event events.Message) error {
+func prettyPrintEvent(out io.Writer, event eventtypes.Message) error {
 	if event.TimeNano != 0 {
 		fmt.Fprintf(out, "%s ", time.Unix(0, event.TimeNano).Format(rfc3339NanoFixed))
 	} else if event.Time != 0 {
@@ -144,7 +141,7 @@ func prettyPrintEvent(out io.Writer, event events.Message) error {
 	return nil
 }
 
-func formatEvent(out io.Writer, event events.Message, tmpl *template.Template) error {
+func formatEvent(out io.Writer, event eventtypes.Message, tmpl *template.Template) error {
 	defer out.Write([]byte{'\n'})
 	return tmpl.Execute(out, event)
 }

cli/command/system/events_test.go

@@ -1,83 +0,0 @@
-package system
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/events"
-	"gotest.tools/v3/assert"
-	"gotest.tools/v3/golden"
-)
-
-func TestEventsFormat(t *testing.T) {
-	var evts []events.Message
-	for i, action := range []string{"create", "start", "attach", "die"} {
-		evts = append(evts, events.Message{
-			Status: action,
-			ID:     "abc123",
-			From:   "ubuntu:latest",
-			Type:   events.ContainerEventType,
-			Action: action,
-			Actor: events.Actor{
-				ID:         "abc123",
-				Attributes: map[string]string{"image": "ubuntu:latest"},
-			},
-			Scope:    "local",
-			Time:     int64(time.Second) * int64(i+1),
-			TimeNano: int64(time.Second) * int64(i+1),
-		})
-	}
-	tests := []struct {
-		name, format string
-	}{
-		{
-			name: "default",
-		},
-		{
-			name:   "json",
-			format: "json",
-		},
-		{
-			name:   "json template",
-			format: "{{ json . }}",
-		},
-		{
-			name:   "json action",
-			format: "{{ json .Action }}",
-		},
-	}
-
-	for _, tc := range tests {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			// Set to UTC timezone as timestamps in output are
-			// printed in the current timezone
-			t.Setenv("TZ", "UTC")
-			cli := test.NewFakeCli(&fakeClient{eventsFn: func(context.Context, types.EventsOptions) (<-chan events.Message, <-chan error) {
-				messages := make(chan events.Message)
-				errs := make(chan error, 1)
-				go func() {
-					for _, msg := range evts {
-						messages <- msg
-					}
-					errs <- io.EOF
-				}()
-				return messages, errs
-			}})
-			cmd := NewEventsCommand(cli)
-			if tc.format != "" {
-				cmd.Flags().Set("format", tc.format)
-			}
-			assert.Check(t, cmd.Execute())
-			out := cli.OutBuffer().String()
-			assert.Check(t, golden.String(out, fmt.Sprintf("docker-events-%s.golden", strings.ReplaceAll(tc.name, " ", "-"))))
-			cli.OutBuffer().Reset()
-		})
-	}
-}

cli/command/system/info.go

@@ -19,7 +19,6 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/registry"
 	"github.com/docker/go-units"
 	"github.com/spf13/cobra"
 )
@@ -29,8 +28,8 @@ type infoOptions struct {
 }
 
 type clientInfo struct {
-	Debug bool
-	clientVersion
+	Debug    bool
+	Context  string
 	Plugins  []pluginmanager.Plugin
 	Warnings []string
 }
@@ -42,19 +41,11 @@ type info struct {
 	// object.
 	*types.Info  `json:",omitempty"`
 	ServerErrors []string `json:",omitempty"`
-	UserName     string   `json:"-"`
 
 	ClientInfo   *clientInfo `json:",omitempty"`
 	ClientErrors []string    `json:",omitempty"`
 }
 
-func (i *info) clientPlatform() string {
-	if i.ClientInfo != nil && i.ClientInfo.Platform != nil {
-		return i.ClientInfo.Platform.Name
-	}
-	return ""
-}
-
 // NewInfoCommand creates a new cobra.Command for `docker info`
 func NewInfoCommand(dockerCli command.Cli) *cobra.Command {
 	var opts infoOptions
@@ -80,11 +71,8 @@ func NewInfoCommand(dockerCli command.Cli) *cobra.Command {
 func runInfo(cmd *cobra.Command, dockerCli command.Cli, opts *infoOptions) error {
 	info := info{
 		ClientInfo: &clientInfo{
-			// Don't pass a dockerCLI to newClientVersion(), because we currently
-			// don't include negotiated API version, and want to avoid making an
-			// API connection when only printing the Client section.
-			clientVersion: newClientVersion(dockerCli.CurrentContext(), nil),
-			Debug:         debug.IsEnabled(),
+			Context: dockerCli.CurrentContext(),
+			Debug:   debug.IsEnabled(),
 		},
 		Info: &types.Info{},
 	}
@@ -108,17 +96,15 @@ func runInfo(cmd *cobra.Command, dockerCli command.Cli, opts *infoOptions) error
 			} else {
 				// if a format is provided, print the error, as it may be hidden
 				// otherwise if the template doesn't include the ServerErrors field.
-				fprintln(dockerCli.Err(), err)
+				fmt.Fprintln(dockerCli.Err(), err)
 			}
 		}
 	}
 
 	if opts.format == "" {
-		info.UserName = dockerCli.ConfigFile().AuthConfigs[registry.IndexServer].Username
-		info.ClientInfo.APIVersion = dockerCli.CurrentVersion()
 		return prettyPrintInfo(dockerCli, info)
 	}
-	return formatInfo(dockerCli.Out(), info, opts.format)
+	return formatInfo(dockerCli, info, opts.format)
 }
 
 // placeHolders does a rudimentary match for possible placeholders in a
@@ -160,29 +146,24 @@ func needsServerInfo(template string, info info) bool {
 	return err != nil
 }
 
-func prettyPrintInfo(streams command.Streams, info info) error {
-	// Only append the platform info if it's not empty, to prevent printing a trailing space.
-	if p := info.clientPlatform(); p != "" {
-		fprintln(streams.Out(), "Client:", p)
-	} else {
-		fprintln(streams.Out(), "Client:")
-	}
+func prettyPrintInfo(dockerCli command.Cli, info info) error {
+	fmt.Fprintln(dockerCli.Out(), "Client:")
 	if info.ClientInfo != nil {
-		prettyPrintClientInfo(streams, *info.ClientInfo)
+		prettyPrintClientInfo(dockerCli, *info.ClientInfo)
 	}
 	for _, err := range info.ClientErrors {
-		fprintln(streams.Err(), "ERROR:", err)
+		fmt.Fprintln(dockerCli.Err(), "ERROR:", err)
 	}
 
-	fprintln(streams.Out())
-	fprintln(streams.Out(), "Server:")
+	fmt.Fprintln(dockerCli.Out())
+	fmt.Fprintln(dockerCli.Out(), "Server:")
 	if info.Info != nil {
-		for _, err := range prettyPrintServerInfo(streams, &info) {
+		for _, err := range prettyPrintServerInfo(dockerCli, *info.Info) {
 			info.ServerErrors = append(info.ServerErrors, err.Error())
 		}
 	}
 	for _, err := range info.ServerErrors {
-		fprintln(streams.Err(), "ERROR:", err)
+		fmt.Fprintln(dockerCli.Err(), "ERROR:", err)
 	}
 
 	if len(info.ServerErrors) > 0 || len(info.ClientErrors) > 0 {
@@ -191,18 +172,17 @@ func prettyPrintInfo(streams command.Streams, info info) error {
 	return nil
 }
 
-func prettyPrintClientInfo(streams command.Streams, info clientInfo) {
-	fprintlnNonEmpty(streams.Out(), " Version:   ", info.Version)
-	fprintln(streams.Out(), " Context:   ", info.Context)
-	fprintln(streams.Out(), " Debug Mode:", info.Debug)
+func prettyPrintClientInfo(dockerCli command.Cli, info clientInfo) {
+	fmt.Fprintln(dockerCli.Out(), " Context:   ", info.Context)
+	fmt.Fprintln(dockerCli.Out(), " Debug Mode:", info.Debug)
 
 	if len(info.Plugins) > 0 {
-		fprintln(streams.Out(), " Plugins:")
+		fmt.Fprintln(dockerCli.Out(), " Plugins:")
 		for _, p := range info.Plugins {
 			if p.Err == nil {
-				fprintf(streams.Out(), "  %s: %s (%s)\n", p.Name, p.ShortDescription, p.Vendor)
-				fprintlnNonEmpty(streams.Out(), "    Version: ", p.Version)
-				fprintlnNonEmpty(streams.Out(), "    Path:    ", p.Path)
+				fmt.Fprintf(dockerCli.Out(), "  %s: %s (%s)\n", p.Name, p.ShortDescription, p.Vendor)
+				fprintlnNonEmpty(dockerCli.Out(), "    Version: ", p.Version)
+				fprintlnNonEmpty(dockerCli.Out(), "    Path:    ", p.Path)
 			} else {
 				info.Warnings = append(info.Warnings, fmt.Sprintf("WARNING: Plugin %q is not valid: %s", p.Path, p.Err))
 			}
@@ -210,60 +190,59 @@ func prettyPrintClientInfo(streams command.Streams, info clientInfo) {
 	}
 
 	if len(info.Warnings) > 0 {
-		fprintln(streams.Err(), strings.Join(info.Warnings, "\n"))
+		fmt.Fprintln(dockerCli.Err(), strings.Join(info.Warnings, "\n"))
 	}
 }
 
 //nolint:gocyclo
-func prettyPrintServerInfo(streams command.Streams, info *info) []error {
+func prettyPrintServerInfo(dockerCli command.Cli, info types.Info) []error {
 	var errs []error
-	output := streams.Out()
 
-	fprintln(output, " Containers:", info.Containers)
-	fprintln(output, "  Running:", info.ContainersRunning)
-	fprintln(output, "  Paused:", info.ContainersPaused)
-	fprintln(output, "  Stopped:", info.ContainersStopped)
-	fprintln(output, " Images:", info.Images)
-	fprintlnNonEmpty(output, " Server Version:", info.ServerVersion)
-	fprintlnNonEmpty(output, " Storage Driver:", info.Driver)
+	fmt.Fprintln(dockerCli.Out(), " Containers:", info.Containers)
+	fmt.Fprintln(dockerCli.Out(), "  Running:", info.ContainersRunning)
+	fmt.Fprintln(dockerCli.Out(), "  Paused:", info.ContainersPaused)
+	fmt.Fprintln(dockerCli.Out(), "  Stopped:", info.ContainersStopped)
+	fmt.Fprintln(dockerCli.Out(), " Images:", info.Images)
+	fprintlnNonEmpty(dockerCli.Out(), " Server Version:", info.ServerVersion)
+	fprintlnNonEmpty(dockerCli.Out(), " Storage Driver:", info.Driver)
 	if info.DriverStatus != nil {
 		for _, pair := range info.DriverStatus {
-			fprintf(output, "  %s: %s\n", pair[0], pair[1])
+			fmt.Fprintf(dockerCli.Out(), "  %s: %s\n", pair[0], pair[1])
 		}
 	}
 	if info.SystemStatus != nil {
 		for _, pair := range info.SystemStatus {
-			fprintf(output, " %s: %s\n", pair[0], pair[1])
+			fmt.Fprintf(dockerCli.Out(), " %s: %s\n", pair[0], pair[1])
 		}
 	}
-	fprintlnNonEmpty(output, " Logging Driver:", info.LoggingDriver)
-	fprintlnNonEmpty(output, " Cgroup Driver:", info.CgroupDriver)
-	fprintlnNonEmpty(output, " Cgroup Version:", info.CgroupVersion)
+	fprintlnNonEmpty(dockerCli.Out(), " Logging Driver:", info.LoggingDriver)
+	fprintlnNonEmpty(dockerCli.Out(), " Cgroup Driver:", info.CgroupDriver)
+	fprintlnNonEmpty(dockerCli.Out(), " Cgroup Version:", info.CgroupVersion)
 
-	fprintln(output, " Plugins:")
-	fprintln(output, "  Volume:", strings.Join(info.Plugins.Volume, " "))
-	fprintln(output, "  Network:", strings.Join(info.Plugins.Network, " "))
+	fmt.Fprintln(dockerCli.Out(), " Plugins:")
+	fmt.Fprintln(dockerCli.Out(), "  Volume:", strings.Join(info.Plugins.Volume, " "))
+	fmt.Fprintln(dockerCli.Out(), "  Network:", strings.Join(info.Plugins.Network, " "))
 
 	if len(info.Plugins.Authorization) != 0 {
-		fprintln(output, "  Authorization:", strings.Join(info.Plugins.Authorization, " "))
+		fmt.Fprintln(dockerCli.Out(), "  Authorization:", strings.Join(info.Plugins.Authorization, " "))
 	}
 
-	fprintln(output, "  Log:", strings.Join(info.Plugins.Log, " "))
+	fmt.Fprintln(dockerCli.Out(), "  Log:", strings.Join(info.Plugins.Log, " "))
 
-	fprintln(output, " Swarm:", info.Swarm.LocalNodeState)
-	printSwarmInfo(output, *info.Info)
+	fmt.Fprintln(dockerCli.Out(), " Swarm:", info.Swarm.LocalNodeState)
+	printSwarmInfo(dockerCli, info)
 
 	if len(info.Runtimes) > 0 {
-		names := make([]string, 0, len(info.Runtimes))
+		fmt.Fprint(dockerCli.Out(), " Runtimes:")
 		for name := range info.Runtimes {
-			names = append(names, name)
+			fmt.Fprintf(dockerCli.Out(), " %s", name)
 		}
-		fprintln(output, " Runtimes:", strings.Join(names, " "))
-		fprintln(output, " Default Runtime:", info.DefaultRuntime)
+		fmt.Fprint(dockerCli.Out(), "\n")
+		fmt.Fprintln(dockerCli.Out(), " Default Runtime:", info.DefaultRuntime)
 	}
 
 	if info.OSType == "linux" {
-		fprintln(output, " Init Binary:", info.InitBinary)
+		fmt.Fprintln(dockerCli.Out(), " Init Binary:", info.InitBinary)
 
 		for _, ci := range []struct {
 			Name   string
@@ -273,23 +252,23 @@ func prettyPrintServerInfo(streams command.Streams, info *info) []error {
 			{"runc", info.RuncCommit},
 			{"init", info.InitCommit},
 		} {
-			fprintf(output, " %s version: %s", ci.Name, ci.Commit.ID)
+			fmt.Fprintf(dockerCli.Out(), " %s version: %s", ci.Name, ci.Commit.ID)
 			if ci.Commit.ID != ci.Commit.Expected {
-				fprintf(output, " (expected: %s)", ci.Commit.Expected)
+				fmt.Fprintf(dockerCli.Out(), " (expected: %s)", ci.Commit.Expected)
 			}
-			fprintln(output)
+			fmt.Fprint(dockerCli.Out(), "\n")
 		}
 		if len(info.SecurityOptions) != 0 {
 			if kvs, err := types.DecodeSecurityOptions(info.SecurityOptions); err != nil {
 				errs = append(errs, err)
 			} else {
-				fprintln(output, " Security Options:")
+				fmt.Fprintln(dockerCli.Out(), " Security Options:")
 				for _, so := range kvs {
-					fprintln(output, "  "+so.Name)
+					fmt.Fprintln(dockerCli.Out(), "  "+so.Name)
 					for _, o := range so.Options {
 						switch o.Key {
 						case "profile":
-							fprintln(output, "   Profile:", o.Value)
+							fmt.Fprintln(dockerCli.Out(), "   Profile:", o.Value)
 						}
 					}
 				}
@@ -299,163 +278,167 @@ func prettyPrintServerInfo(streams command.Streams, info *info) []error {
 
 	// Isolation only has meaning on a Windows daemon.
 	if info.OSType == "windows" {
-		fprintln(output, " Default Isolation:", info.Isolation)
+		fmt.Fprintln(dockerCli.Out(), " Default Isolation:", info.Isolation)
 	}
 
-	fprintlnNonEmpty(output, " Kernel Version:", info.KernelVersion)
-	fprintlnNonEmpty(output, " Operating System:", info.OperatingSystem)
-	fprintlnNonEmpty(output, " OSType:", info.OSType)
-	fprintlnNonEmpty(output, " Architecture:", info.Architecture)
-	fprintln(output, " CPUs:", info.NCPU)
-	fprintln(output, " Total Memory:", units.BytesSize(float64(info.MemTotal)))
-	fprintlnNonEmpty(output, " Name:", info.Name)
-	fprintlnNonEmpty(output, " ID:", info.ID)
-	fprintln(output, " Docker Root Dir:", info.DockerRootDir)
-	fprintln(output, " Debug Mode:", info.Debug)
+	fprintlnNonEmpty(dockerCli.Out(), " Kernel Version:", info.KernelVersion)
+	fprintlnNonEmpty(dockerCli.Out(), " Operating System:", info.OperatingSystem)
+	fprintlnNonEmpty(dockerCli.Out(), " OSType:", info.OSType)
+	fprintlnNonEmpty(dockerCli.Out(), " Architecture:", info.Architecture)
+	fmt.Fprintln(dockerCli.Out(), " CPUs:", info.NCPU)
+	fmt.Fprintln(dockerCli.Out(), " Total Memory:", units.BytesSize(float64(info.MemTotal)))
+	fprintlnNonEmpty(dockerCli.Out(), " Name:", info.Name)
+	fprintlnNonEmpty(dockerCli.Out(), " ID:", info.ID)
+	fmt.Fprintln(dockerCli.Out(), " Docker Root Dir:", info.DockerRootDir)
+	fmt.Fprintln(dockerCli.Out(), " Debug Mode:", info.Debug)
 
-	// The daemon collects this information regardless if "debug" is
-	// enabled. Print the debugging information if either the daemon,
-	// or the client has debug enabled. We should probably improve this
-	// logic and print any of these if set (but some special rules are
-	// needed for file-descriptors, which may use "-1".
-	if info.Debug || debug.IsEnabled() {
-		fprintln(output, "  File Descriptors:", info.NFd)
-		fprintln(output, "  Goroutines:", info.NGoroutines)
-		fprintln(output, "  System Time:", info.SystemTime)
-		fprintln(output, "  EventsListeners:", info.NEventsListener)
+	if info.Debug {
+		fmt.Fprintln(dockerCli.Out(), "  File Descriptors:", info.NFd)
+		fmt.Fprintln(dockerCli.Out(), "  Goroutines:", info.NGoroutines)
+		fmt.Fprintln(dockerCli.Out(), "  System Time:", info.SystemTime)
+		fmt.Fprintln(dockerCli.Out(), "  EventsListeners:", info.NEventsListener)
+	}
+
+	fprintlnNonEmpty(dockerCli.Out(), " HTTP Proxy:", info.HTTPProxy)
+	fprintlnNonEmpty(dockerCli.Out(), " HTTPS Proxy:", info.HTTPSProxy)
+	fprintlnNonEmpty(dockerCli.Out(), " No Proxy:", info.NoProxy)
+
+	if info.IndexServerAddress != "" {
+		u := dockerCli.ConfigFile().AuthConfigs[info.IndexServerAddress].Username
+		if len(u) > 0 {
+			fmt.Fprintln(dockerCli.Out(), " Username:", u)
+		}
+		fmt.Fprintln(dockerCli.Out(), " Registry:", info.IndexServerAddress)
 	}
 
-	fprintlnNonEmpty(output, " HTTP Proxy:", info.HTTPProxy)
-	fprintlnNonEmpty(output, " HTTPS Proxy:", info.HTTPSProxy)
-	fprintlnNonEmpty(output, " No Proxy:", info.NoProxy)
-	fprintlnNonEmpty(output, " Username:", info.UserName)
 	if len(info.Labels) > 0 {
-		fprintln(output, " Labels:")
+		fmt.Fprintln(dockerCli.Out(), " Labels:")
 		for _, lbl := range info.Labels {
-			fprintln(output, "  "+lbl)
+			fmt.Fprintln(dockerCli.Out(), "  "+lbl)
 		}
 	}
 
-	fprintln(output, " Experimental:", info.ExperimentalBuild)
+	fmt.Fprintln(dockerCli.Out(), " Experimental:", info.ExperimentalBuild)
 
 	if info.RegistryConfig != nil && (len(info.RegistryConfig.InsecureRegistryCIDRs) > 0 || len(info.RegistryConfig.IndexConfigs) > 0) {
-		fprintln(output, " Insecure Registries:")
-		for _, registryConfig := range info.RegistryConfig.IndexConfigs {
-			if !registryConfig.Secure {
-				fprintln(output, "  "+registryConfig.Name)
+		fmt.Fprintln(dockerCli.Out(), " Insecure Registries:")
+		for _, registry := range info.RegistryConfig.IndexConfigs {
+			if !registry.Secure {
+				fmt.Fprintln(dockerCli.Out(), "  "+registry.Name)
 			}
 		}
 
-		for _, registryConfig := range info.RegistryConfig.InsecureRegistryCIDRs {
-			mask, _ := registryConfig.Mask.Size()
-			fprintf(output, "  %s/%d\n", registryConfig.IP.String(), mask)
+		for _, registry := range info.RegistryConfig.InsecureRegistryCIDRs {
+			mask, _ := registry.Mask.Size()
+			fmt.Fprintf(dockerCli.Out(), "  %s/%d\n", registry.IP.String(), mask)
 		}
 	}
 
 	if info.RegistryConfig != nil && len(info.RegistryConfig.Mirrors) > 0 {
-		fprintln(output, " Registry Mirrors:")
+		fmt.Fprintln(dockerCli.Out(), " Registry Mirrors:")
 		for _, mirror := range info.RegistryConfig.Mirrors {
-			fprintln(output, "  "+mirror)
+			fmt.Fprintln(dockerCli.Out(), "  "+mirror)
 		}
 	}
 
-	fprintln(output, " Live Restore Enabled:", info.LiveRestoreEnabled)
+	fmt.Fprintln(dockerCli.Out(), " Live Restore Enabled:", info.LiveRestoreEnabled)
 	if info.ProductLicense != "" {
-		fprintln(output, " Product License:", info.ProductLicense)
+		fmt.Fprintln(dockerCli.Out(), " Product License:", info.ProductLicense)
 	}
 
 	if info.DefaultAddressPools != nil && len(info.DefaultAddressPools) > 0 {
-		fprintln(output, " Default Address Pools:")
+		fmt.Fprintln(dockerCli.Out(), " Default Address Pools:")
 		for _, pool := range info.DefaultAddressPools {
-			fprintf(output, "   Base: %s, Size: %d\n", pool.Base, pool.Size)
+			fmt.Fprintf(dockerCli.Out(), "   Base: %s, Size: %d\n", pool.Base, pool.Size)
 		}
 	}
 
-	fprintln(output)
-	printServerWarnings(streams.Err(), info)
+	fmt.Fprint(dockerCli.Out(), "\n")
+
+	printServerWarnings(dockerCli, info)
 	return errs
 }
 
 //nolint:gocyclo
-func printSwarmInfo(output io.Writer, info types.Info) {
+func printSwarmInfo(dockerCli command.Cli, info types.Info) {
 	if info.Swarm.LocalNodeState == swarm.LocalNodeStateInactive || info.Swarm.LocalNodeState == swarm.LocalNodeStateLocked {
 		return
 	}
-	fprintln(output, "  NodeID:", info.Swarm.NodeID)
+	fmt.Fprintln(dockerCli.Out(), "  NodeID:", info.Swarm.NodeID)
 	if info.Swarm.Error != "" {
-		fprintln(output, "  Error:", info.Swarm.Error)
+		fmt.Fprintln(dockerCli.Out(), "  Error:", info.Swarm.Error)
 	}
-	fprintln(output, "  Is Manager:", info.Swarm.ControlAvailable)
+	fmt.Fprintln(dockerCli.Out(), "  Is Manager:", info.Swarm.ControlAvailable)
 	if info.Swarm.Cluster != nil && info.Swarm.ControlAvailable && info.Swarm.Error == "" && info.Swarm.LocalNodeState != swarm.LocalNodeStateError {
-		fprintln(output, "  ClusterID:", info.Swarm.Cluster.ID)
-		fprintln(output, "  Managers:", info.Swarm.Managers)
-		fprintln(output, "  Nodes:", info.Swarm.Nodes)
+		fmt.Fprintln(dockerCli.Out(), "  ClusterID:", info.Swarm.Cluster.ID)
+		fmt.Fprintln(dockerCli.Out(), "  Managers:", info.Swarm.Managers)
+		fmt.Fprintln(dockerCli.Out(), "  Nodes:", info.Swarm.Nodes)
 		var strAddrPool strings.Builder
 		if info.Swarm.Cluster.DefaultAddrPool != nil {
 			for _, p := range info.Swarm.Cluster.DefaultAddrPool {
 				strAddrPool.WriteString(p + "  ")
 			}
-			fprintln(output, "  Default Address Pool:", strAddrPool.String())
-			fprintln(output, "  SubnetSize:", info.Swarm.Cluster.SubnetSize)
+			fmt.Fprintln(dockerCli.Out(), "  Default Address Pool:", strAddrPool.String())
+			fmt.Fprintln(dockerCli.Out(), "  SubnetSize:", info.Swarm.Cluster.SubnetSize)
 		}
 		if info.Swarm.Cluster.DataPathPort > 0 {
-			fprintln(output, "  Data Path Port:", info.Swarm.Cluster.DataPathPort)
+			fmt.Fprintln(dockerCli.Out(), "  Data Path Port:", info.Swarm.Cluster.DataPathPort)
 		}
-		fprintln(output, "  Orchestration:")
+		fmt.Fprintln(dockerCli.Out(), "  Orchestration:")
 
 		taskHistoryRetentionLimit := int64(0)
 		if info.Swarm.Cluster.Spec.Orchestration.TaskHistoryRetentionLimit != nil {
 			taskHistoryRetentionLimit = *info.Swarm.Cluster.Spec.Orchestration.TaskHistoryRetentionLimit
 		}
-		fprintln(output, "   Task History Retention Limit:", taskHistoryRetentionLimit)
-		fprintln(output, "  Raft:")
-		fprintln(output, "   Snapshot Interval:", info.Swarm.Cluster.Spec.Raft.SnapshotInterval)
+		fmt.Fprintln(dockerCli.Out(), "   Task History Retention Limit:", taskHistoryRetentionLimit)
+		fmt.Fprintln(dockerCli.Out(), "  Raft:")
+		fmt.Fprintln(dockerCli.Out(), "   Snapshot Interval:", info.Swarm.Cluster.Spec.Raft.SnapshotInterval)
 		if info.Swarm.Cluster.Spec.Raft.KeepOldSnapshots != nil {
-			fprintf(output, "   Number of Old Snapshots to Retain: %d\n", *info.Swarm.Cluster.Spec.Raft.KeepOldSnapshots)
+			fmt.Fprintf(dockerCli.Out(), "   Number of Old Snapshots to Retain: %d\n", *info.Swarm.Cluster.Spec.Raft.KeepOldSnapshots)
 		}
-		fprintln(output, "   Heartbeat Tick:", info.Swarm.Cluster.Spec.Raft.HeartbeatTick)
-		fprintln(output, "   Election Tick:", info.Swarm.Cluster.Spec.Raft.ElectionTick)
-		fprintln(output, "  Dispatcher:")
-		fprintln(output, "   Heartbeat Period:", units.HumanDuration(info.Swarm.Cluster.Spec.Dispatcher.HeartbeatPeriod))
-		fprintln(output, "  CA Configuration:")
-		fprintln(output, "   Expiry Duration:", units.HumanDuration(info.Swarm.Cluster.Spec.CAConfig.NodeCertExpiry))
-		fprintln(output, "   Force Rotate:", info.Swarm.Cluster.Spec.CAConfig.ForceRotate)
+		fmt.Fprintln(dockerCli.Out(), "   Heartbeat Tick:", info.Swarm.Cluster.Spec.Raft.HeartbeatTick)
+		fmt.Fprintln(dockerCli.Out(), "   Election Tick:", info.Swarm.Cluster.Spec.Raft.ElectionTick)
+		fmt.Fprintln(dockerCli.Out(), "  Dispatcher:")
+		fmt.Fprintln(dockerCli.Out(), "   Heartbeat Period:", units.HumanDuration(info.Swarm.Cluster.Spec.Dispatcher.HeartbeatPeriod))
+		fmt.Fprintln(dockerCli.Out(), "  CA Configuration:")
+		fmt.Fprintln(dockerCli.Out(), "   Expiry Duration:", units.HumanDuration(info.Swarm.Cluster.Spec.CAConfig.NodeCertExpiry))
+		fmt.Fprintln(dockerCli.Out(), "   Force Rotate:", info.Swarm.Cluster.Spec.CAConfig.ForceRotate)
 		if caCert := strings.TrimSpace(info.Swarm.Cluster.Spec.CAConfig.SigningCACert); caCert != "" {
-			fprintf(output, "   Signing CA Certificate: \n%s\n\n", caCert)
+			fmt.Fprintf(dockerCli.Out(), "   Signing CA Certificate: \n%s\n\n", caCert)
 		}
 		if len(info.Swarm.Cluster.Spec.CAConfig.ExternalCAs) > 0 {
-			fprintln(output, "   External CAs:")
+			fmt.Fprintln(dockerCli.Out(), "   External CAs:")
 			for _, entry := range info.Swarm.Cluster.Spec.CAConfig.ExternalCAs {
-				fprintf(output, "     %s: %s\n", entry.Protocol, entry.URL)
+				fmt.Fprintf(dockerCli.Out(), "     %s: %s\n", entry.Protocol, entry.URL)
 			}
 		}
-		fprintln(output, "  Autolock Managers:", info.Swarm.Cluster.Spec.EncryptionConfig.AutoLockManagers)
-		fprintln(output, "  Root Rotation In Progress:", info.Swarm.Cluster.RootRotationInProgress)
+		fmt.Fprintln(dockerCli.Out(), "  Autolock Managers:", info.Swarm.Cluster.Spec.EncryptionConfig.AutoLockManagers)
+		fmt.Fprintln(dockerCli.Out(), "  Root Rotation In Progress:", info.Swarm.Cluster.RootRotationInProgress)
 	}
-	fprintln(output, "  Node Address:", info.Swarm.NodeAddr)
+	fmt.Fprintln(dockerCli.Out(), "  Node Address:", info.Swarm.NodeAddr)
 	if len(info.Swarm.RemoteManagers) > 0 {
 		managers := []string{}
 		for _, entry := range info.Swarm.RemoteManagers {
 			managers = append(managers, entry.Addr)
 		}
 		sort.Strings(managers)
-		fprintln(output, "  Manager Addresses:")
+		fmt.Fprintln(dockerCli.Out(), "  Manager Addresses:")
 		for _, entry := range managers {
-			fprintf(output, "   %s\n", entry)
+			fmt.Fprintf(dockerCli.Out(), "   %s\n", entry)
 		}
 	}
 }
 
-func printServerWarnings(stdErr io.Writer, info *info) {
-	if versions.LessThan(info.ClientInfo.APIVersion, "1.42") {
-		printSecurityOptionsWarnings(stdErr, *info.Info)
+func printServerWarnings(dockerCli command.Cli, info types.Info) {
+	if versions.LessThan(dockerCli.Client().ClientVersion(), "1.42") {
+		printSecurityOptionsWarnings(dockerCli, info)
 	}
 	if len(info.Warnings) > 0 {
-		fprintln(stdErr, strings.Join(info.Warnings, "\n"))
+		fmt.Fprintln(dockerCli.Err(), strings.Join(info.Warnings, "\n"))
 		return
 	}
 	// daemon didn't return warnings. Fallback to old behavior
-	printServerWarningsLegacy(stdErr, *info.Info)
+	printServerWarningsLegacy(dockerCli, info)
 }
 
 // printSecurityOptionsWarnings prints warnings based on the security options
@@ -464,7 +447,7 @@ func printServerWarnings(stdErr io.Writer, info *info) {
 // info.Warnings. This function is used to provide backward compatibility with
 // daemons that do not provide these warnings. No new warnings should be added
 // here.
-func printSecurityOptionsWarnings(stdErr io.Writer, info types.Info) {
+func printSecurityOptionsWarnings(dockerCli command.Cli, info types.Info) {
 	if info.OSType == "windows" {
 		return
 	}
@@ -475,7 +458,7 @@ func printSecurityOptionsWarnings(stdErr io.Writer, info types.Info) {
 		}
 		for _, o := range so.Options {
 			if o.Key == "profile" && o.Value != "default" && o.Value != "builtin" {
-				_, _ = fmt.Fprintln(stdErr, "WARNING: You're not using the default seccomp profile")
+				_, _ = fmt.Fprintln(dockerCli.Err(), "WARNING: You're not using the default seccomp profile")
 			}
 		}
 	}
@@ -486,43 +469,43 @@ func printSecurityOptionsWarnings(stdErr io.Writer, info types.Info) {
 // info.Warnings. This function is used to provide backward compatibility with
 // daemons that do not provide these warnings. No new warnings should be added
 // here.
-func printServerWarningsLegacy(stdErr io.Writer, info types.Info) {
+func printServerWarningsLegacy(dockerCli command.Cli, info types.Info) {
 	if info.OSType == "windows" {
 		return
 	}
 	if !info.MemoryLimit {
-		fprintln(stdErr, "WARNING: No memory limit support")
+		fmt.Fprintln(dockerCli.Err(), "WARNING: No memory limit support")
 	}
 	if !info.SwapLimit {
-		fprintln(stdErr, "WARNING: No swap limit support")
+		fmt.Fprintln(dockerCli.Err(), "WARNING: No swap limit support")
 	}
 	if !info.OomKillDisable && info.CgroupVersion != "2" {
-		fprintln(stdErr, "WARNING: No oom kill disable support")
+		fmt.Fprintln(dockerCli.Err(), "WARNING: No oom kill disable support")
 	}
 	if !info.CPUCfsQuota {
-		fprintln(stdErr, "WARNING: No cpu cfs quota support")
+		fmt.Fprintln(dockerCli.Err(), "WARNING: No cpu cfs quota support")
 	}
 	if !info.CPUCfsPeriod {
-		fprintln(stdErr, "WARNING: No cpu cfs period support")
+		fmt.Fprintln(dockerCli.Err(), "WARNING: No cpu cfs period support")
 	}
 	if !info.CPUShares {
-		fprintln(stdErr, "WARNING: No cpu shares support")
+		fmt.Fprintln(dockerCli.Err(), "WARNING: No cpu shares support")
 	}
 	if !info.CPUSet {
-		fprintln(stdErr, "WARNING: No cpuset support")
+		fmt.Fprintln(dockerCli.Err(), "WARNING: No cpuset support")
 	}
 	if !info.IPv4Forwarding {
-		fprintln(stdErr, "WARNING: IPv4 forwarding is disabled")
+		fmt.Fprintln(dockerCli.Err(), "WARNING: IPv4 forwarding is disabled")
 	}
 	if !info.BridgeNfIptables {
-		fprintln(stdErr, "WARNING: bridge-nf-call-iptables is disabled")
+		fmt.Fprintln(dockerCli.Err(), "WARNING: bridge-nf-call-iptables is disabled")
 	}
 	if !info.BridgeNfIP6tables {
-		fprintln(stdErr, "WARNING: bridge-nf-call-ip6tables is disabled")
+		fmt.Fprintln(dockerCli.Err(), "WARNING: bridge-nf-call-ip6tables is disabled")
 	}
 }
 
-func formatInfo(output io.Writer, info info, format string) error {
+func formatInfo(dockerCli command.Cli, info info, format string) error {
 	if format == formatter.JSONFormatKey {
 		format = formatter.JSONFormat
 	}
@@ -539,21 +522,13 @@ func formatInfo(output io.Writer, info info, format string) error {
 			Status:     "template parsing error: " + err.Error(),
 		}
 	}
-	err = tmpl.Execute(output, info)
-	fprintln(output)
+	err = tmpl.Execute(dockerCli.Out(), info)
+	dockerCli.Out().Write([]byte{'\n'})
 	return err
 }
 
-func fprintf(w io.Writer, format string, a ...any) {
-	_, _ = fmt.Fprintf(w, format, a...)
-}
-
-func fprintln(w io.Writer, a ...any) {
-	_, _ = fmt.Fprintln(w, a...)
-}
-
 func fprintlnNonEmpty(w io.Writer, label, value string) {
 	if value != "" {
-		_, _ = fmt.Fprintln(w, label, value)
+		fmt.Fprintln(w, label, value)
 	}
 }

cli/command/system/info_test.go

@@ -278,12 +278,8 @@ func TestPrettyPrintInfo(t *testing.T) {
 			dockerInfo: info{
 				Info: &sampleInfoNoSwarm,
 				ClientInfo: &clientInfo{
-					clientVersion: clientVersion{
-						Platform: &platformInfo{Name: "Docker Engine - Community"},
-						Version:  "24.0.0",
-						Context:  "default",
-					},
-					Debug: true,
+					Context: "default",
+					Debug:   true,
 				},
 			},
 			prettyGolden: "docker-info-no-swarm",
@@ -294,8 +290,8 @@ func TestPrettyPrintInfo(t *testing.T) {
 			dockerInfo: info{
 				Info: &sampleInfoNoSwarm,
 				ClientInfo: &clientInfo{
-					clientVersion: clientVersion{Context: "default"},
-					Plugins:       samplePluginsInfo,
+					Context: "default",
+					Plugins: samplePluginsInfo,
 				},
 			},
 			prettyGolden:   "docker-info-plugins",
@@ -306,7 +302,7 @@ func TestPrettyPrintInfo(t *testing.T) {
 			doc: "info with nil labels",
 			dockerInfo: info{
 				Info:       &sampleInfoLabelsNil,
-				ClientInfo: &clientInfo{clientVersion: clientVersion{Context: "default"}},
+				ClientInfo: &clientInfo{Context: "default"},
 			},
 			prettyGolden: "docker-info-with-labels-nil",
 		},
@@ -314,7 +310,7 @@ func TestPrettyPrintInfo(t *testing.T) {
 			doc: "info with empty labels",
 			dockerInfo: info{
 				Info:       &sampleInfoLabelsEmpty,
-				ClientInfo: &clientInfo{clientVersion: clientVersion{Context: "default"}},
+				ClientInfo: &clientInfo{Context: "default"},
 			},
 			prettyGolden: "docker-info-with-labels-empty",
 		},
@@ -323,8 +319,8 @@ func TestPrettyPrintInfo(t *testing.T) {
 			dockerInfo: info{
 				Info: &infoWithSwarm,
 				ClientInfo: &clientInfo{
-					clientVersion: clientVersion{Context: "default"},
-					Debug:         false,
+					Context: "default",
+					Debug:   false,
 				},
 			},
 			prettyGolden: "docker-info-with-swarm",
@@ -335,12 +331,8 @@ func TestPrettyPrintInfo(t *testing.T) {
 			dockerInfo: info{
 				Info: &infoWithWarningsLinux,
 				ClientInfo: &clientInfo{
-					clientVersion: clientVersion{
-						Platform: &platformInfo{Name: "Docker Engine - Community"},
-						Version:  "24.0.0",
-						Context:  "default",
-					},
-					Debug: true,
+					Context: "default",
+					Debug:   true,
 				},
 			},
 			prettyGolden:   "docker-info-no-swarm",
@@ -352,12 +344,8 @@ func TestPrettyPrintInfo(t *testing.T) {
 			dockerInfo: info{
 				Info: &sampleInfoDaemonWarnings,
 				ClientInfo: &clientInfo{
-					clientVersion: clientVersion{
-						Platform: &platformInfo{Name: "Docker Engine - Community"},
-						Version:  "24.0.0",
-						Context:  "default",
-					},
-					Debug: true,
+					Context: "default",
+					Debug:   true,
 				},
 			},
 			prettyGolden:   "docker-info-no-swarm",
@@ -388,7 +376,6 @@ func TestPrettyPrintInfo(t *testing.T) {
 			expectedError:  "errors pretty printing info",
 		},
 	} {
-		tc := tc
 		t.Run(tc.doc, func(t *testing.T) {
 			cli := test.NewFakeCli(&fakeClient{})
 			err := prettyPrintInfo(cli, tc.dockerInfo)
@@ -406,12 +393,12 @@ func TestPrettyPrintInfo(t *testing.T) {
 
 			if tc.jsonGolden != "" {
 				cli = test.NewFakeCli(&fakeClient{})
-				assert.NilError(t, formatInfo(cli.Out(), tc.dockerInfo, "{{json .}}"))
+				assert.NilError(t, formatInfo(cli, tc.dockerInfo, "{{json .}}"))
 				golden.Assert(t, cli.OutBuffer().String(), tc.jsonGolden+".json.golden")
 				assert.Check(t, is.Equal("", cli.ErrBuffer().String()))
 
 				cli = test.NewFakeCli(&fakeClient{})
-				assert.NilError(t, formatInfo(cli.Out(), tc.dockerInfo, "json"))
+				assert.NilError(t, formatInfo(cli, tc.dockerInfo, "json"))
 				golden.Assert(t, cli.OutBuffer().String(), tc.jsonGolden+".json.golden")
 				assert.Check(t, is.Equal("", cli.ErrBuffer().String()))
 			}
@@ -419,30 +406,6 @@ func TestPrettyPrintInfo(t *testing.T) {
 	}
 }
 
-func BenchmarkPrettyPrintInfo(b *testing.B) {
-	infoWithSwarm := sampleInfoNoSwarm
-	infoWithSwarm.Swarm = sampleSwarmInfo
-
-	dockerInfo := info{
-		Info: &infoWithSwarm,
-		ClientInfo: &clientInfo{
-			clientVersion: clientVersion{
-				Platform: &platformInfo{Name: "Docker Engine - Community"},
-				Version:  "24.0.0",
-				Context:  "default",
-			},
-			Debug: true,
-		},
-	}
-	cli := test.NewFakeCli(&fakeClient{})
-
-	b.ReportAllocs()
-	for i := 0; i < b.N; i++ {
-		_ = prettyPrintInfo(cli, dockerInfo)
-		cli.ResetOutputBuffers()
-	}
-}
-
 func TestFormatInfo(t *testing.T) {
 	for _, tc := range []struct {
 		doc           string
@@ -466,14 +429,13 @@ func TestFormatInfo(t *testing.T) {
 			expectedError: `template: :1:2: executing "" at <.badString>: can't evaluate field badString in type system.info`,
 		},
 	} {
-		tc := tc
 		t.Run(tc.doc, func(t *testing.T) {
 			cli := test.NewFakeCli(&fakeClient{})
 			info := info{
 				Info:       &sampleInfoNoSwarm,
 				ClientInfo: &clientInfo{Debug: true},
 			}
-			err := formatInfo(cli.Out(), info, tc.template)
+			err := formatInfo(cli, info, tc.template)
 			if tc.expectedOut != "" {
 				assert.NilError(t, err)
 				assert.Equal(t, cli.OutBuffer().String(), tc.expectedOut)

cli/command/system/prune.go

@@ -48,7 +48,7 @@ func newPruneCommand(dockerCli command.Cli) *cobra.Command {
 	flags := cmd.Flags()
 	flags.BoolVarP(&options.force, "force", "f", false, "Do not prompt for confirmation")
 	flags.BoolVarP(&options.all, "all", "a", false, "Remove all unused images not just dangling ones")
-	flags.BoolVar(&options.pruneVolumes, "volumes", false, "Prune anonymous volumes")
+	flags.BoolVar(&options.pruneVolumes, "volumes", false, "Prune volumes")
 	flags.Var(&options.filter, "filter", `Provide filter values (e.g. "label=<key>=<value>")`)
 	// "filter" flag is available in 1.28 (docker 17.04) and up
 	flags.SetAnnotation("filter", "version", []string{"1.28"})
@@ -114,7 +114,7 @@ func confirmationMessage(dockerCli command.Cli, options pruneOptions) string {
 		"all networks not used by at least one container",
 	}
 	if options.pruneVolumes {
-		warnings = append(warnings, "all anonymous volumes not used by at least one container")
+		warnings = append(warnings, "all volumes not used by at least one container")
 	}
 	if options.all {
 		warnings = append(warnings, "all images without at least one container associated to them")

cli/command/system/testdata/docker-client-version.json.golden

@@ -1 +1 @@
-{"Client":{"Version":"18.99.5-ce","ApiVersion":"1.38","DefaultAPIVersion":"1.38","GitCommit":"deadbeef","GoVersion":"go1.10.2","Os":"linux","Arch":"amd64","BuildTime":"Wed May 30 22:21:05 2018","Context":"my-context"},"Server":{"Platform":{"Name":"Docker Enterprise Edition (EE) 2.0"},"Components":[{"Name":"Engine","Version":"17.06.2-ee-15","Details":{"ApiVersion":"1.30","Arch":"amd64","BuildTime":"Mon Jul  9 23:38:38 2018","Experimental":"false","GitCommit":"64ddfa6","GoVersion":"go1.8.7","MinAPIVersion":"1.12","Os":"linux"}},{"Name":"Universal Control Plane","Version":"17.06.2-ee-15","Details":{"ApiVersion":"1.30","Arch":"amd64","BuildTime":"Mon Jul  2 21:24:07 UTC 2018","GitCommit":"4513922","GoVersion":"go1.9.4","MinApiVersion":"1.20","Os":"linux","Version":"3.0.3-tp2"}},{"Name":"Kubernetes","Version":"1.8+","Details":{"buildDate":"2018-04-26T16:51:21Z","compiler":"gc","gitCommit":"8d637aedf46b9c21dde723e29c645b9f27106fa5","gitTreeState":"clean","gitVersion":"v1.8.11-docker-8d637ae","goVersion":"go1.8.3","major":"1","minor":"8+","platform":"linux/amd64"}},{"Name":"Calico","Version":"v3.0.8","Details":{"cni":"v2.0.6","kube-controllers":"v2.0.5","node":"v3.0.8"}}],"Version":"","ApiVersion":"","GitCommit":"","GoVersion":"","Os":"","Arch":""}}
+{"Client":{"Platform":{"Name":""},"Version":"18.99.5-ce","ApiVersion":"1.38","DefaultAPIVersion":"1.38","GitCommit":"deadbeef","GoVersion":"go1.10.2","Os":"linux","Arch":"amd64","BuildTime":"Wed May 30 22:21:05 2018","Context":"my-context"},"Server":{"Platform":{"Name":"Docker Enterprise Edition (EE) 2.0"},"Components":[{"Name":"Engine","Version":"17.06.2-ee-15","Details":{"ApiVersion":"1.30","Arch":"amd64","BuildTime":"Mon Jul  9 23:38:38 2018","Experimental":"false","GitCommit":"64ddfa6","GoVersion":"go1.8.7","MinAPIVersion":"1.12","Os":"linux"}},{"Name":"Universal Control Plane","Version":"17.06.2-ee-15","Details":{"ApiVersion":"1.30","Arch":"amd64","BuildTime":"Mon Jul  2 21:24:07 UTC 2018","GitCommit":"4513922","GoVersion":"go1.9.4","MinApiVersion":"1.20","Os":"linux","Version":"3.0.3-tp2"}},{"Name":"Kubernetes","Version":"1.8+","Details":{"buildDate":"2018-04-26T16:51:21Z","compiler":"gc","gitCommit":"8d637aedf46b9c21dde723e29c645b9f27106fa5","gitTreeState":"clean","gitVersion":"v1.8.11-docker-8d637ae","goVersion":"go1.8.3","major":"1","minor":"8+","platform":"linux/amd64"}},{"Name":"Calico","Version":"v3.0.8","Details":{"cni":"v2.0.6","kube-controllers":"v2.0.5","node":"v3.0.8"}}],"Version":"","ApiVersion":"","GitCommit":"","GoVersion":"","Os":"","Arch":""}}

cli/command/system/testdata/docker-events-default.golden

@@ -1,4 +0,0 @@
-1970-01-01T00:00:01.000000000Z container create abc123 (image=ubuntu:latest)
-1970-01-01T00:00:02.000000000Z container start abc123 (image=ubuntu:latest)
-1970-01-01T00:00:03.000000000Z container attach abc123 (image=ubuntu:latest)
-1970-01-01T00:00:04.000000000Z container die abc123 (image=ubuntu:latest)

cli/command/system/testdata/docker-events-json-action.golden

@@ -1,4 +0,0 @@
-"create"
-"start"
-"attach"
-"die"

cli/command/system/testdata/docker-events-json-template.golden

@@ -1,4 +0,0 @@
-{"status":"create","id":"abc123","from":"ubuntu:latest","Type":"container","Action":"create","Actor":{"ID":"abc123","Attributes":{"image":"ubuntu:latest"}},"scope":"local","time":1000000000,"timeNano":1000000000}
-{"status":"start","id":"abc123","from":"ubuntu:latest","Type":"container","Action":"start","Actor":{"ID":"abc123","Attributes":{"image":"ubuntu:latest"}},"scope":"local","time":2000000000,"timeNano":2000000000}
-{"status":"attach","id":"abc123","from":"ubuntu:latest","Type":"container","Action":"attach","Actor":{"ID":"abc123","Attributes":{"image":"ubuntu:latest"}},"scope":"local","time":3000000000,"timeNano":3000000000}
-{"status":"die","id":"abc123","from":"ubuntu:latest","Type":"container","Action":"die","Actor":{"ID":"abc123","Attributes":{"image":"ubuntu:latest"}},"scope":"local","time":4000000000,"timeNano":4000000000}

cli/command/system/testdata/docker-events-json.golden

@@ -1,4 +0,0 @@
-{"status":"create","id":"abc123","from":"ubuntu:latest","Type":"container","Action":"create","Actor":{"ID":"abc123","Attributes":{"image":"ubuntu:latest"}},"scope":"local","time":1000000000,"timeNano":1000000000}
-{"status":"start","id":"abc123","from":"ubuntu:latest","Type":"container","Action":"start","Actor":{"ID":"abc123","Attributes":{"image":"ubuntu:latest"}},"scope":"local","time":2000000000,"timeNano":2000000000}
-{"status":"attach","id":"abc123","from":"ubuntu:latest","Type":"container","Action":"attach","Actor":{"ID":"abc123","Attributes":{"image":"ubuntu:latest"}},"scope":"local","time":3000000000,"timeNano":3000000000}
-{"status":"die","id":"abc123","from":"ubuntu:latest","Type":"container","Action":"die","Actor":{"ID":"abc123","Attributes":{"image":"ubuntu:latest"}},"scope":"local","time":4000000000,"timeNano":4000000000}

cli/command/system/testdata/docker-info-badsec.golden

@@ -41,6 +41,7 @@ Server:
   Goroutines: 135
   System Time: 2017-08-24T17:44:34.077811894Z
   EventsListeners: 0
+ Registry: https://index.docker.io/v1/
  Labels:
   provider=digitalocean
  Experimental: false

cli/command/system/testdata/docker-info-daemon-warnings.json.golden

@@ -1 +1 @@
-{"ID":"EKHL:QDUU:QZ7U:MKGD:VDXK:S27Q:GIPU:24B7:R7VT:DGN6:QCSF:2UBX","Containers":0,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":0,"Images":0,"Driver":"aufs","DriverStatus":[["Root Dir","/var/lib/docker/aufs"],["Backing Filesystem","extfs"],["Dirs","0"],["Dirperm1 Supported","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":false,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":true,"NFd":33,"OomKillDisable":true,"NGoroutines":135,"SystemTime":"2017-08-24T17:44:34.077811894Z","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"4.4.0-87-generic","OperatingSystem":"Ubuntu 16.04.3 LTS","OSVersion":"","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":null,"AllowNondistributableArtifactsHostnames":null,"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"NCPU":2,"MemTotal":2097356800,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"system-sample","Labels":["provider=digitalocean"],"ExperimentalBuild":false,"ServerVersion":"17.06.1-ce","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"6e23458c129b551d5c9871e5174f6b1b7f6d1170","Expected":"6e23458c129b551d5c9871e5174f6b1b7f6d1170"},"RuncCommit":{"ID":"810190ceaa507aa2727d7ae6f4790c76ec150bd2","Expected":"810190ceaa507aa2727d7ae6f4790c76ec150bd2"},"InitCommit":{"ID":"949e6fa","Expected":"949e6fa"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default"],"DefaultAddressPools":[{"Base":"10.123.0.0/16","Size":24}],"Warnings":["WARNING: No memory limit support","WARNING: No swap limit support","WARNING: No oom kill disable support","WARNING: No cpu cfs quota support","WARNING: No cpu cfs period support","WARNING: No cpu shares support","WARNING: No cpuset support","WARNING: IPv4 forwarding is disabled","WARNING: bridge-nf-call-iptables is disabled","WARNING: bridge-nf-call-ip6tables is disabled"],"ClientInfo":{"Debug":true,"Platform":{"Name":"Docker Engine - Community"},"Version":"24.0.0","Context":"default","Plugins":[],"Warnings":null}}
+{"ID":"EKHL:QDUU:QZ7U:MKGD:VDXK:S27Q:GIPU:24B7:R7VT:DGN6:QCSF:2UBX","Containers":0,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":0,"Images":0,"Driver":"aufs","DriverStatus":[["Root Dir","/var/lib/docker/aufs"],["Backing Filesystem","extfs"],["Dirs","0"],["Dirperm1 Supported","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":false,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":true,"NFd":33,"OomKillDisable":true,"NGoroutines":135,"SystemTime":"2017-08-24T17:44:34.077811894Z","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"4.4.0-87-generic","OperatingSystem":"Ubuntu 16.04.3 LTS","OSVersion":"","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":null,"AllowNondistributableArtifactsHostnames":null,"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"NCPU":2,"MemTotal":2097356800,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"system-sample","Labels":["provider=digitalocean"],"ExperimentalBuild":false,"ServerVersion":"17.06.1-ce","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"6e23458c129b551d5c9871e5174f6b1b7f6d1170","Expected":"6e23458c129b551d5c9871e5174f6b1b7f6d1170"},"RuncCommit":{"ID":"810190ceaa507aa2727d7ae6f4790c76ec150bd2","Expected":"810190ceaa507aa2727d7ae6f4790c76ec150bd2"},"InitCommit":{"ID":"949e6fa","Expected":"949e6fa"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default"],"DefaultAddressPools":[{"Base":"10.123.0.0/16","Size":24}],"Warnings":["WARNING: No memory limit support","WARNING: No swap limit support","WARNING: No oom kill disable support","WARNING: No cpu cfs quota support","WARNING: No cpu cfs period support","WARNING: No cpu shares support","WARNING: No cpuset support","WARNING: IPv4 forwarding is disabled","WARNING: bridge-nf-call-iptables is disabled","WARNING: bridge-nf-call-ip6tables is disabled"],"ClientInfo":{"Debug":true,"Context":"default","Plugins":[],"Warnings":null}}

cli/command/system/testdata/docker-info-legacy-warnings.json.golden

@@ -1 +1 @@
-{"ID":"EKHL:QDUU:QZ7U:MKGD:VDXK:S27Q:GIPU:24B7:R7VT:DGN6:QCSF:2UBX","Containers":0,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":0,"Images":0,"Driver":"aufs","DriverStatus":[["Root Dir","/var/lib/docker/aufs"],["Backing Filesystem","extfs"],["Dirs","0"],["Dirperm1 Supported","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":false,"SwapLimit":false,"CpuCfsPeriod":false,"CpuCfsQuota":false,"CPUShares":false,"CPUSet":false,"PidsLimit":false,"IPv4Forwarding":false,"BridgeNfIptables":false,"BridgeNfIp6tables":false,"Debug":true,"NFd":33,"OomKillDisable":false,"NGoroutines":135,"SystemTime":"2017-08-24T17:44:34.077811894Z","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"4.4.0-87-generic","OperatingSystem":"Ubuntu 16.04.3 LTS","OSVersion":"","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":null,"AllowNondistributableArtifactsHostnames":null,"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"NCPU":2,"MemTotal":2097356800,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"system-sample","Labels":["provider=digitalocean"],"ExperimentalBuild":false,"ServerVersion":"17.06.1-ce","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"6e23458c129b551d5c9871e5174f6b1b7f6d1170","Expected":"6e23458c129b551d5c9871e5174f6b1b7f6d1170"},"RuncCommit":{"ID":"810190ceaa507aa2727d7ae6f4790c76ec150bd2","Expected":"810190ceaa507aa2727d7ae6f4790c76ec150bd2"},"InitCommit":{"ID":"949e6fa","Expected":"949e6fa"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default"],"DefaultAddressPools":[{"Base":"10.123.0.0/16","Size":24}],"Warnings":null,"ClientInfo":{"Debug":true,"Platform":{"Name":"Docker Engine - Community"},"Version":"24.0.0","Context":"default","Plugins":[],"Warnings":null}}
+{"ID":"EKHL:QDUU:QZ7U:MKGD:VDXK:S27Q:GIPU:24B7:R7VT:DGN6:QCSF:2UBX","Containers":0,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":0,"Images":0,"Driver":"aufs","DriverStatus":[["Root Dir","/var/lib/docker/aufs"],["Backing Filesystem","extfs"],["Dirs","0"],["Dirperm1 Supported","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":false,"SwapLimit":false,"CpuCfsPeriod":false,"CpuCfsQuota":false,"CPUShares":false,"CPUSet":false,"PidsLimit":false,"IPv4Forwarding":false,"BridgeNfIptables":false,"BridgeNfIp6tables":false,"Debug":true,"NFd":33,"OomKillDisable":false,"NGoroutines":135,"SystemTime":"2017-08-24T17:44:34.077811894Z","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"4.4.0-87-generic","OperatingSystem":"Ubuntu 16.04.3 LTS","OSVersion":"","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":null,"AllowNondistributableArtifactsHostnames":null,"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"NCPU":2,"MemTotal":2097356800,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"system-sample","Labels":["provider=digitalocean"],"ExperimentalBuild":false,"ServerVersion":"17.06.1-ce","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"6e23458c129b551d5c9871e5174f6b1b7f6d1170","Expected":"6e23458c129b551d5c9871e5174f6b1b7f6d1170"},"RuncCommit":{"ID":"810190ceaa507aa2727d7ae6f4790c76ec150bd2","Expected":"810190ceaa507aa2727d7ae6f4790c76ec150bd2"},"InitCommit":{"ID":"949e6fa","Expected":"949e6fa"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default"],"DefaultAddressPools":[{"Base":"10.123.0.0/16","Size":24}],"Warnings":null,"ClientInfo":{"Debug":true,"Context":"default","Plugins":[],"Warnings":null}}

cli/command/system/testdata/docker-info-no-swarm.golden

@@ -1,5 +1,4 @@
-Client: Docker Engine - Community
- Version:    24.0.0
+Client:
  Context:    default
  Debug Mode: true
 
@@ -46,6 +45,7 @@ Server:
   Goroutines: 135
   System Time: 2017-08-24T17:44:34.077811894Z
   EventsListeners: 0
+ Registry: https://index.docker.io/v1/
  Labels:
   provider=digitalocean
  Experimental: false

cli/command/system/testdata/docker-info-no-swarm.json.golden

@@ -1 +1 @@
-{"ID":"EKHL:QDUU:QZ7U:MKGD:VDXK:S27Q:GIPU:24B7:R7VT:DGN6:QCSF:2UBX","Containers":0,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":0,"Images":0,"Driver":"aufs","DriverStatus":[["Root Dir","/var/lib/docker/aufs"],["Backing Filesystem","extfs"],["Dirs","0"],["Dirperm1 Supported","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":false,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":true,"NFd":33,"OomKillDisable":true,"NGoroutines":135,"SystemTime":"2017-08-24T17:44:34.077811894Z","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"4.4.0-87-generic","OperatingSystem":"Ubuntu 16.04.3 LTS","OSVersion":"","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":null,"AllowNondistributableArtifactsHostnames":null,"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"NCPU":2,"MemTotal":2097356800,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"system-sample","Labels":["provider=digitalocean"],"ExperimentalBuild":false,"ServerVersion":"17.06.1-ce","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"6e23458c129b551d5c9871e5174f6b1b7f6d1170","Expected":"6e23458c129b551d5c9871e5174f6b1b7f6d1170"},"RuncCommit":{"ID":"810190ceaa507aa2727d7ae6f4790c76ec150bd2","Expected":"810190ceaa507aa2727d7ae6f4790c76ec150bd2"},"InitCommit":{"ID":"949e6fa","Expected":"949e6fa"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default"],"DefaultAddressPools":[{"Base":"10.123.0.0/16","Size":24}],"Warnings":null,"ClientInfo":{"Debug":true,"Platform":{"Name":"Docker Engine - Community"},"Version":"24.0.0","Context":"default","Plugins":[],"Warnings":null}}
+{"ID":"EKHL:QDUU:QZ7U:MKGD:VDXK:S27Q:GIPU:24B7:R7VT:DGN6:QCSF:2UBX","Containers":0,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":0,"Images":0,"Driver":"aufs","DriverStatus":[["Root Dir","/var/lib/docker/aufs"],["Backing Filesystem","extfs"],["Dirs","0"],["Dirperm1 Supported","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":false,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":true,"NFd":33,"OomKillDisable":true,"NGoroutines":135,"SystemTime":"2017-08-24T17:44:34.077811894Z","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"4.4.0-87-generic","OperatingSystem":"Ubuntu 16.04.3 LTS","OSVersion":"","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":null,"AllowNondistributableArtifactsHostnames":null,"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"NCPU":2,"MemTotal":2097356800,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"system-sample","Labels":["provider=digitalocean"],"ExperimentalBuild":false,"ServerVersion":"17.06.1-ce","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"6e23458c129b551d5c9871e5174f6b1b7f6d1170","Expected":"6e23458c129b551d5c9871e5174f6b1b7f6d1170"},"RuncCommit":{"ID":"810190ceaa507aa2727d7ae6f4790c76ec150bd2","Expected":"810190ceaa507aa2727d7ae6f4790c76ec150bd2"},"InitCommit":{"ID":"949e6fa","Expected":"949e6fa"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default"],"DefaultAddressPools":[{"Base":"10.123.0.0/16","Size":24}],"Warnings":null,"ClientInfo":{"Debug":true,"Context":"default","Plugins":[],"Warnings":null}}

cli/command/system/testdata/docker-info-plugins.golden

@@ -51,6 +51,7 @@ Server:
   Goroutines: 135
   System Time: 2017-08-24T17:44:34.077811894Z
   EventsListeners: 0
+ Registry: https://index.docker.io/v1/
  Labels:
   provider=digitalocean
  Experimental: false

cli/command/system/testdata/docker-info-with-labels-empty.golden

@@ -45,6 +45,7 @@ Server:
   Goroutines: 135
   System Time: 2017-08-24T17:44:34.077811894Z
   EventsListeners: 0
+ Registry: https://index.docker.io/v1/
  Experimental: false
  Insecure Registries:
   127.0.0.0/8

cli/command/system/testdata/docker-info-with-labels-nil.golden

@@ -45,6 +45,7 @@ Server:
   Goroutines: 135
   System Time: 2017-08-24T17:44:34.077811894Z
   EventsListeners: 0
+ Registry: https://index.docker.io/v1/
  Experimental: false
  Insecure Registries:
   127.0.0.0/8

cli/command/system/testdata/docker-info-with-swarm.golden

@@ -67,6 +67,7 @@ Server:
   Goroutines: 135
   System Time: 2017-08-24T17:44:34.077811894Z
   EventsListeners: 0
+ Registry: https://index.docker.io/v1/
  Labels:
   provider=digitalocean
  Experimental: false

cli/command/system/version.go

@@ -23,7 +23,7 @@ import (
 )
 
 const defaultVersionTemplate = `{{with .Client -}}
-Client:{{if ne .Platform nil}}{{if ne .Platform.Name ""}} {{.Platform.Name}}{{end}}{{end}}
+Client:{{if ne .Platform.Name ""}} {{.Platform.Name}}{{end}}
  Version:	{{.Version}}
  API version:	{{.APIVersion}}{{if ne .APIVersion .DefaultAPIVersion}} (downgraded from {{.DefaultAPIVersion}}){{end}}
  Go version:	{{.GoVersion}}
@@ -33,7 +33,7 @@ Client:{{if ne .Platform nil}}{{if ne .Platform.Name ""}} {{.Platform.Name}}{{en
  Context:	{{.Context}}
 {{- end}}
 
-{{- if ne .Server nil}}{{with .Server}}
+{{- if .ServerOK}}{{with .Server}}
 
 Server:{{if ne .Platform.Name ""}} {{.Platform.Name}}{{end}}
  {{- range $component := .Components}}
@@ -66,45 +66,24 @@ type versionInfo struct {
 	Server *types.Version
 }
 
-type platformInfo struct {
-	Name string `json:"Name,omitempty"`
-}
-
 type clientVersion struct {
-	Platform          *platformInfo `json:"Platform,omitempty"`
-	Version           string        `json:"Version,omitempty"`
-	APIVersion        string        `json:"ApiVersion,omitempty"`
-	DefaultAPIVersion string        `json:"DefaultAPIVersion,omitempty"`
-	GitCommit         string        `json:"GitCommit,omitempty"`
-	GoVersion         string        `json:"GoVersion,omitempty"`
-	Os                string        `json:"Os,omitempty"`
-	Arch              string        `json:"Arch,omitempty"`
-	BuildTime         string        `json:"BuildTime,omitempty"`
-	Context           string        `json:"Context"`
+	Platform struct{ Name string } `json:",omitempty"`
+
+	Version           string
+	APIVersion        string `json:"ApiVersion"`
+	DefaultAPIVersion string `json:"DefaultAPIVersion,omitempty"`
+	GitCommit         string
+	GoVersion         string
+	Os                string
+	Arch              string
+	BuildTime         string `json:",omitempty"`
+	Context           string
 }
 
-// newClientVersion constructs a new clientVersion. If a dockerCLI is
-// passed as argument, additional information is included (API version),
-// which may invoke an API connection. Pass nil to omit the additional
-// information.
-func newClientVersion(contextName string, dockerCli command.Cli) clientVersion {
-	v := clientVersion{
-		Version:   version.Version,
-		GoVersion: runtime.Version(),
-		GitCommit: version.GitCommit,
-		BuildTime: reformatDate(version.BuildTime),
-		Os:        runtime.GOOS,
-		Arch:      arch(),
-		Context:   contextName,
-	}
-	if version.PlatformName != "" {
-		v.Platform = &platformInfo{Name: version.PlatformName}
-	}
-	if dockerCli != nil {
-		v.APIVersion = dockerCli.CurrentVersion()
-		v.DefaultAPIVersion = dockerCli.DefaultVersion()
-	}
-	return v
+// ServerOK returns true when the client could connect to the docker server
+// and parse the information received. It returns false otherwise.
+func (v versionInfo) ServerOK() bool {
+	return v.Server != nil
 }
 
 // NewVersionCommand creates a new cobra.Command for `docker version`
@@ -154,8 +133,20 @@ func runVersion(dockerCli command.Cli, opts *versionOptions) error {
 	// TODO print error if kubernetes is used?
 
 	vd := versionInfo{
-		Client: newClientVersion(dockerCli.CurrentContext(), dockerCli),
+		Client: clientVersion{
+			Platform:          struct{ Name string }{version.PlatformName},
+			Version:           version.Version,
+			APIVersion:        dockerCli.CurrentVersion(),
+			DefaultAPIVersion: dockerCli.DefaultVersion(),
+			GoVersion:         runtime.Version(),
+			GitCommit:         version.GitCommit,
+			BuildTime:         reformatDate(version.BuildTime),
+			Os:                runtime.GOOS,
+			Arch:              arch(),
+			Context:           dockerCli.CurrentContext(),
+		},
 	}
+
 	sv, err := dockerCli.Client().ServerVersion(context.Background())
 	if err == nil {
 		vd.Server = &sv

cli/command/trust/common.go

@@ -53,7 +53,7 @@ type trustKey struct {
 // This information is to be pretty printed or serialized into a machine-readable format.
 func lookupTrustInfo(cli command.Cli, remote string) ([]trustTagRow, []client.RoleWithSignatures, []data.Role, error) {
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), remote)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), remote)
 	if err != nil {
 		return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, err
 	}

cli/command/trust/revoke.go

@@ -36,7 +36,7 @@ func newRevokeCommand(dockerCli command.Cli) *cobra.Command {
 
 func revokeTrust(cli command.Cli, remote string, options revokeOptions) error {
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), remote)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), remote)
 	if err != nil {
 		return err
 	}

cli/command/trust/sign.go

@@ -13,7 +13,6 @@ import (
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/docker/api/types"
-	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/theupdateframework/notary/client"
@@ -44,7 +43,7 @@ func newSignCommand(dockerCli command.Cli) *cobra.Command {
 func runSignImage(cli command.Cli, options signOptions) error {
 	imageName := options.imageName
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), imageName)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), imageName)
 	if err != nil {
 		return err
 	}
@@ -94,7 +93,7 @@ func runSignImage(cli command.Cli, options signOptions) error {
 			fmt.Fprintf(cli.Err(), "Signing and pushing trust data for local image %s, may overwrite remote trust data\n", imageName)
 
 			authConfig := command.ResolveAuthConfig(ctx, cli, imgRefAndAuth.RepoInfo().Index)
-			encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
+			encodedAuth, err := command.EncodeAuthToBase64(authConfig)
 			if err != nil {
 				return err
 			}

cli/command/trust/signer_add.go

@@ -81,7 +81,7 @@ func addSigner(cli command.Cli, options signerAddOptions) error {
 
 func addSignerToRepo(cli command.Cli, signerName string, repoName string, signerPubKeys []data.PublicKey) error {
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), repoName)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), repoName)
 	if err != nil {
 		return err
 	}

cli/command/trust/signer_remove.go

@@ -80,7 +80,7 @@ func isLastSignerForReleases(roleWithSig data.Role, allRoles []client.RoleWithSi
 // The signer not being removed doesn't necessarily raise an error e.g. user choosing "No" when prompted for confirmation.
 func removeSingleSigner(cli command.Cli, repoName, signerName string, forceYes bool) (bool, error) {
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), repoName)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), repoName)
 	if err != nil {
 		return false, err
 	}

cli/command/volume/client_test.go

@@ -32,9 +32,9 @@ func (c *fakeClient) VolumeInspect(_ context.Context, volumeID string) (volume.V
 	return volume.Volume{}, nil
 }
 
-func (c *fakeClient) VolumeList(_ context.Context, options volume.ListOptions) (volume.ListResponse, error) {
+func (c *fakeClient) VolumeList(_ context.Context, filter filters.Args) (volume.ListResponse, error) {
 	if c.volumeListFunc != nil {
-		return c.volumeListFunc(options.Filters)
+		return c.volumeListFunc(filter)
 	}
 	return volume.ListResponse{}, nil
 }

cli/command/volume/list.go

@@ -10,7 +10,6 @@ import (
 	"github.com/docker/cli/cli/command/formatter"
 	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/volume"
 	"github.com/fvbommel/sortorder"
 	"github.com/spf13/cobra"
 )
@@ -53,7 +52,7 @@ func newListCommand(dockerCli command.Cli) *cobra.Command {
 
 func runList(dockerCli command.Cli, options listOptions) error {
 	client := dockerCli.Client()
-	volumes, err := client.VolumeList(context.Background(), volume.ListOptions{Filters: options.filter.Value()})
+	volumes, err := client.VolumeList(context.Background(), options.filter.Value())
 	if err != nil {
 		return err
 	}
@@ -71,9 +70,9 @@ func runList(dockerCli command.Cli, options listOptions) error {
 
 		// trick for filtering in place
 		n := 0
-		for _, vol := range volumes.Volumes {
-			if vol.ClusterVolume != nil {
-				volumes.Volumes[n] = vol
+		for _, volume := range volumes.Volumes {
+			if volume.ClusterVolume != nil {
+				volumes.Volumes[n] = volume
 				n++
 			}
 		}

cli/command/volume/prune.go

@@ -27,7 +27,7 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {
 
 	cmd := &cobra.Command{
 		Use:   "prune [OPTIONS]",
-		Short: "Remove unused local volumes",
+		Short: "Remove all unused local volumes",
 		Args:  cli.NoArgs,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			spaceReclaimed, output, err := runPrune(dockerCli, options)

cli/compose/loader/loader_test.go

@@ -179,7 +179,7 @@ func strPtr(val string) *string {
 }
 
 var sampleConfig = types.Config{
-	Version: "3.11",
+	Version: "3.10",
 	Services: []types.ServiceConfig{
 		{
 			Name:        "foo",
@@ -488,17 +488,6 @@ services:
 	assert.Check(t, is.ErrorContains(err, "services.foo.image must be a string"))
 }
 
-func TestIgnoreBuildProperties(t *testing.T) {
-	_, err := loadYAML(`
-services:
-  foo:
-    image: busybox
-    build:
-      unsupported_prop: foo
-`)
-	assert.NilError(t, err)
-}
-
 func TestLoadWithEnvironment(t *testing.T) {
 	config, err := loadYAMLWithEnv(`
 version: "3"

cli/compose/loader/volume_test.go

@@ -223,8 +223,3 @@ func TestParseVolumeInvalidSections(t *testing.T) {
 	_, err := ParseVolume("/foo::rw")
 	assert.ErrorContains(t, err, "invalid spec")
 }
-
-func TestParseVolumeWithEmptySource(t *testing.T) {
-	_, err := ParseVolume(":/vol")
-	assert.ErrorContains(t, err, "empty section between colons")
-}

cli/compose/schema/data/config_schema_v3.11.json

@@ -1,672 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-04/schema#",
-  "id": "config_schema_v3.11.json",
-  "type": "object",
-
-  "properties": {
-    "version": {
-      "type": "string",
-      "default": "3.11"
-    },
-
-    "services": {
-      "id": "#/properties/services",
-      "type": "object",
-      "patternProperties": {
-        "^[a-zA-Z0-9._-]+$": {
-          "$ref": "#/definitions/service"
-        }
-      },
-      "additionalProperties": false
-    },
-
-    "networks": {
-      "id": "#/properties/networks",
-      "type": "object",
-      "patternProperties": {
-        "^[a-zA-Z0-9._-]+$": {
-          "$ref": "#/definitions/network"
-        }
-      }
-    },
-
-    "volumes": {
-      "id": "#/properties/volumes",
-      "type": "object",
-      "patternProperties": {
-        "^[a-zA-Z0-9._-]+$": {
-          "$ref": "#/definitions/volume"
-        }
-      },
-      "additionalProperties": false
-    },
-
-    "secrets": {
-      "id": "#/properties/secrets",
-      "type": "object",
-      "patternProperties": {
-        "^[a-zA-Z0-9._-]+$": {
-          "$ref": "#/definitions/secret"
-        }
-      },
-      "additionalProperties": false
-    },
-
-    "configs": {
-      "id": "#/properties/configs",
-      "type": "object",
-      "patternProperties": {
-        "^[a-zA-Z0-9._-]+$": {
-          "$ref": "#/definitions/config"
-        }
-      },
-      "additionalProperties": false
-    }
-  },
-
-  "patternProperties": {"^x-": {}},
-  "additionalProperties": false,
-
-  "definitions": {
-
-    "service": {
-      "id": "#/definitions/service",
-      "type": "object",
-
-      "properties": {
-        "deploy": {"$ref": "#/definitions/deployment"},
-        "build": {
-          "oneOf": [
-            {"type": "string"},
-            {
-              "type": "object",
-              "properties": {
-                "context": {"type": "string"},
-                "dockerfile": {"type": "string"},
-                "args": {"$ref": "#/definitions/list_or_dict"},
-                "labels": {"$ref": "#/definitions/list_or_dict"},
-                "cache_from": {"$ref": "#/definitions/list_of_strings"},
-                "network": {"type": "string"},
-                "target": {"type": "string"},
-                "shm_size": {"type": ["integer", "string"]},
-                "extra_hosts": {"$ref": "#/definitions/list_or_dict"}
-              },
-              "additionalProperties": true
-            }
-          ]
-        },
-        "cap_add": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "cap_drop": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "cgroupns_mode": {"type": "string"},
-        "cgroup_parent": {"type": "string"},
-        "command": {
-          "oneOf": [
-            {"type": "string"},
-            {"type": "array", "items": {"type": "string"}}
-          ]
-        },
-        "configs": {
-          "type": "array",
-          "items": {
-            "oneOf": [
-              {"type": "string"},
-              {
-                "type": "object",
-                "properties": {
-                  "source": {"type": "string"},
-                  "target": {"type": "string"},
-                  "uid": {"type": "string"},
-                  "gid": {"type": "string"},
-                  "mode": {"type": "number"}
-                }
-              }
-            ]
-          }
-        },
-        "container_name": {"type": "string"},
-        "credential_spec": {
-          "type": "object",
-          "properties": {
-            "config": {"type": "string"},
-            "file": {"type": "string"},
-            "registry": {"type": "string"}
-          },
-          "additionalProperties": false
-        },
-        "depends_on": {"$ref": "#/definitions/list_of_strings"},
-        "devices": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "dns": {"$ref": "#/definitions/string_or_list"},
-        "dns_search": {"$ref": "#/definitions/string_or_list"},
-        "domainname": {"type": "string"},
-        "entrypoint": {
-          "oneOf": [
-            {"type": "string"},
-            {"type": "array", "items": {"type": "string"}}
-          ]
-        },
-        "env_file": {"$ref": "#/definitions/string_or_list"},
-        "environment": {"$ref": "#/definitions/list_or_dict"},
-
-        "expose": {
-          "type": "array",
-          "items": {
-            "type": ["string", "number"],
-            "format": "expose"
-          },
-          "uniqueItems": true
-        },
-
-        "external_links": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "extra_hosts": {"$ref": "#/definitions/list_or_dict"},
-        "healthcheck": {"$ref": "#/definitions/healthcheck"},
-        "hostname": {"type": "string"},
-        "image": {"type": "string"},
-        "init": {"type": "boolean"},
-        "ipc": {"type": "string"},
-        "isolation": {"type": "string"},
-        "labels": {"$ref": "#/definitions/list_or_dict"},
-        "links": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-
-        "logging": {
-            "type": "object",
-
-            "properties": {
-                "driver": {"type": "string"},
-                "options": {
-                  "type": "object",
-                  "patternProperties": {
-                    "^.+$": {"type": ["string", "number", "null"]}
-                  }
-                }
-            },
-            "additionalProperties": false
-        },
-
-        "mac_address": {"type": "string"},
-        "network_mode": {"type": "string"},
-
-        "networks": {
-          "oneOf": [
-            {"$ref": "#/definitions/list_of_strings"},
-            {
-              "type": "object",
-              "patternProperties": {
-                "^[a-zA-Z0-9._-]+$": {
-                  "oneOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "aliases": {"$ref": "#/definitions/list_of_strings"},
-                        "ipv4_address": {"type": "string"},
-                        "ipv6_address": {"type": "string"}
-                      },
-                      "additionalProperties": false
-                    },
-                    {"type": "null"}
-                  ]
-                }
-              },
-              "additionalProperties": false
-            }
-          ]
-        },
-        "pid": {"type": ["string", "null"]},
-
-        "ports": {
-          "type": "array",
-          "items": {
-            "oneOf": [
-              {"type": "number", "format": "ports"},
-              {"type": "string", "format": "ports"},
-              {
-                "type": "object",
-                "properties": {
-                  "mode": {"type": "string"},
-                  "target": {"type": "integer"},
-                  "published": {"type": "integer"},
-                  "protocol": {"type": "string"}
-                },
-                "additionalProperties": false
-              }
-            ]
-          },
-          "uniqueItems": true
-        },
-
-        "privileged": {"type": "boolean"},
-        "read_only": {"type": "boolean"},
-        "restart": {"type": "string"},
-        "security_opt": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
-        "shm_size": {"type": ["number", "string"]},
-        "secrets": {
-          "type": "array",
-          "items": {
-            "oneOf": [
-              {"type": "string"},
-              {
-                "type": "object",
-                "properties": {
-                  "source": {"type": "string"},
-                  "target": {"type": "string"},
-                  "uid": {"type": "string"},
-                  "gid": {"type": "string"},
-                  "mode": {"type": "number"}
-                }
-              }
-            ]
-          }
-        },
-        "sysctls": {"$ref": "#/definitions/list_or_dict"},
-        "stdin_open": {"type": "boolean"},
-        "stop_grace_period": {"type": "string", "format": "duration"},
-        "stop_signal": {"type": "string"},
-        "tmpfs": {"$ref": "#/definitions/string_or_list"},
-        "tty": {"type": "boolean"},
-        "ulimits": {
-          "type": "object",
-          "patternProperties": {
-            "^[a-z]+$": {
-              "oneOf": [
-                {"type": "integer"},
-                {
-                  "type":"object",
-                  "properties": {
-                    "hard": {"type": "integer"},
-                    "soft": {"type": "integer"}
-                  },
-                  "required": ["soft", "hard"],
-                  "additionalProperties": false
-                }
-              ]
-            }
-          }
-        },
-        "user": {"type": "string"},
-        "userns_mode": {"type": "string"},
-        "volumes": {
-          "type": "array",
-          "items": {
-            "oneOf": [
-              {"type": "string"},
-              {
-                "type": "object",
-                "required": ["type"],
-                "properties": {
-                  "type": {"type": "string"},
-                  "source": {"type": "string"},
-                  "target": {"type": "string"},
-                  "read_only": {"type": "boolean"},
-                  "consistency": {"type": "string"},
-                  "bind": {
-                    "type": "object",
-                    "properties": {
-                      "propagation": {"type": "string"}
-                    }
-                  },
-                  "volume": {
-                    "type": "object",
-                    "properties": {
-                      "nocopy": {"type": "boolean"}
-                    }
-                  },
-                  "tmpfs": {
-                    "type": "object",
-                    "properties": {
-                      "size": {
-                        "type": "integer",
-                        "minimum": 0
-                      }
-                    }
-                  }
-                },
-                "additionalProperties": false
-              }
-            ],
-            "uniqueItems": true
-          }
-        },
-        "working_dir": {"type": "string"}
-      },
-      "patternProperties": {"^x-": {}},
-      "additionalProperties": false
-    },
-
-    "healthcheck": {
-      "id": "#/definitions/healthcheck",
-      "type": "object",
-      "additionalProperties": false,
-      "properties": {
-        "disable": {"type": "boolean"},
-        "interval": {"type": "string", "format": "duration"},
-        "retries": {"type": "number"},
-        "test": {
-          "oneOf": [
-            {"type": "string"},
-            {"type": "array", "items": {"type": "string"}}
-          ]
-        },
-        "timeout": {"type": "string", "format": "duration"},
-        "start_period": {"type": "string", "format": "duration"}
-      }
-    },
-    "deployment": {
-      "id": "#/definitions/deployment",
-      "type": ["object", "null"],
-      "properties": {
-        "mode": {"type": "string"},
-        "endpoint_mode": {"type": "string"},
-        "replicas": {"type": "integer"},
-        "labels": {"$ref": "#/definitions/list_or_dict"},
-        "rollback_config": {
-          "type": "object",
-          "properties": {
-            "parallelism": {"type": "integer"},
-            "delay": {"type": "string", "format": "duration"},
-            "failure_action": {"type": "string"},
-            "monitor": {"type": "string", "format": "duration"},
-            "max_failure_ratio": {"type": "number"},
-            "order": {"type": "string", "enum": [
-              "start-first", "stop-first"
-            ]}
-          },
-          "additionalProperties": false
-        },
-        "update_config": {
-          "type": "object",
-          "properties": {
-            "parallelism": {"type": "integer"},
-            "delay": {"type": "string", "format": "duration"},
-            "failure_action": {"type": "string"},
-            "monitor": {"type": "string", "format": "duration"},
-            "max_failure_ratio": {"type": "number"},
-            "order": {"type": "string", "enum": [
-              "start-first", "stop-first"
-            ]}
-          },
-          "additionalProperties": false
-        },
-        "resources": {
-          "type": "object",
-          "properties": {
-            "limits": {
-              "type": "object",
-              "properties": {
-                "cpus": {"type": "string"},
-                "memory": {"type": "string"},
-                "pids": {"type": "integer"}
-              },
-              "additionalProperties": false
-            },
-            "reservations": {
-              "type": "object",
-              "properties": {
-                "cpus": {"type": "string"},
-                "memory": {"type": "string"},
-                "generic_resources": {"$ref": "#/definitions/generic_resources"}
-              },
-              "additionalProperties": false
-            }
-          },
-          "additionalProperties": false
-        },
-        "restart_policy": {
-          "type": "object",
-          "properties": {
-            "condition": {"type": "string"},
-            "delay": {"type": "string", "format": "duration"},
-            "max_attempts": {"type": "integer"},
-            "window": {"type": "string", "format": "duration"}
-          },
-          "additionalProperties": false
-        },
-        "placement": {
-          "type": "object",
-          "properties": {
-            "constraints": {"type": "array", "items": {"type": "string"}},
-            "preferences": {
-              "type": "array",
-              "items": {
-                "type": "object",
-                "properties": {
-                  "spread": {"type": "string"}
-                },
-                "additionalProperties": false
-              }
-            },
-            "max_replicas_per_node": {"type": "integer"}
-          },
-          "additionalProperties": false
-        }
-      },
-      "additionalProperties": false
-    },
-
-    "generic_resources": {
-      "id": "#/definitions/generic_resources",
-      "type": "array",
-      "items": {
-        "type": "object",
-        "properties": {
-          "discrete_resource_spec": {
-            "type": "object",
-            "properties": {
-              "kind": {"type": "string"},
-              "value": {"type": "number"}
-            },
-            "additionalProperties": false
-          }
-        },
-        "additionalProperties": false
-      }
-    },
-
-    "network": {
-      "id": "#/definitions/network",
-      "type": ["object", "null"],
-      "properties": {
-        "name": {"type": "string"},
-        "driver": {"type": "string"},
-        "driver_opts": {
-          "type": "object",
-          "patternProperties": {
-            "^.+$": {"type": ["string", "number"]}
-          }
-        },
-        "ipam": {
-          "type": "object",
-          "properties": {
-            "driver": {"type": "string"},
-            "config": {
-              "type": "array",
-              "items": {
-                "type": "object",
-                "properties": {
-                  "subnet": {"type": "string"}
-                },
-                "additionalProperties": false
-              }
-            }
-          },
-          "additionalProperties": false
-        },
-        "external": {
-          "type": ["boolean", "object"],
-          "properties": {
-            "name": {"type": "string"}
-          },
-          "additionalProperties": false
-        },
-        "internal": {"type": "boolean"},
-        "attachable": {"type": "boolean"},
-        "labels": {"$ref": "#/definitions/list_or_dict"}
-      },
-      "patternProperties": {"^x-": {}},
-      "additionalProperties": false
-    },
-
-    "volume": {
-      "id": "#/definitions/volume",
-      "type": ["object", "null"],
-      "properties": {
-        "name": {"type": "string"},
-        "driver": {"type": "string"},
-        "driver_opts": {
-          "type": "object",
-          "patternProperties": {
-            "^.+$": {"type": ["string", "number"]}
-          }
-        },
-        "external": {
-          "type": ["boolean", "object"],
-          "properties": {
-            "name": {"type": "string"}
-          },
-          "additionalProperties": false
-        },
-        "labels": {"$ref": "#/definitions/list_or_dict"},
-        "x-cluster-spec": {
-          "type": "object",
-          "properties": {
-            "group": {"type": "string"},
-            "access_mode": {
-              "type": "object",
-              "properties": {
-                "scope": {"type": "string"},
-                "sharing": {"type": "string"},
-                "block_volume": {"type": "object"},
-                "mount_volume": {
-                  "type": "object",
-                  "properties": {
-                    "fs_type": {"type": "string"},
-                    "mount_flags": {"type": "array", "items": {"type": "string"}}
-                  }
-                }
-              }
-            },
-            "accessibility_requirements": {
-              "type": "object",
-              "properties": {
-                "requisite": {
-                  "type": "array",
-                  "items": {
-                    "type": "object",
-                    "properties": {
-                      "segments": {"$ref": "#/definitions/list_or_dict"}
-                    }
-                  }
-                },
-                "preferred": {
-                  "type": "array",
-                  "items": {
-                    "type": "object",
-                    "properties": {
-                      "segments": {"$ref": "#/definitions/list_or_dict"}
-                    }
-                  }
-                }
-              }
-            },
-            "capacity_range": {
-              "type": "object",
-              "properties": {
-                "required_bytes": {"type": "string"},
-                "limit_bytes": {"type": "string"}
-              }
-            },
-            "availability": {"type": "string"}
-          }
-        }
-      },
-      "patternProperties": {"^x-": {}},
-      "additionalProperties": false
-    },
-
-    "secret": {
-      "id": "#/definitions/secret",
-      "type": "object",
-      "properties": {
-        "name": {"type": "string"},
-        "file": {"type": "string"},
-        "external": {
-          "type": ["boolean", "object"],
-          "properties": {
-            "name": {"type": "string"}
-          }
-        },
-        "labels": {"$ref": "#/definitions/list_or_dict"},
-        "driver": {"type": "string"},
-        "driver_opts": {
-          "type": "object",
-          "patternProperties": {
-            "^.+$": {"type": ["string", "number"]}
-          }
-        },
-        "template_driver": {"type": "string"}
-      },
-      "patternProperties": {"^x-": {}},
-      "additionalProperties": false
-    },
-
-    "config": {
-      "id": "#/definitions/config",
-      "type": "object",
-      "properties": {
-        "name": {"type": "string"},
-        "file": {"type": "string"},
-        "external": {
-          "type": ["boolean", "object"],
-          "properties": {
-            "name": {"type": "string"}
-          }
-        },
-        "labels": {"$ref": "#/definitions/list_or_dict"},
-        "template_driver": {"type": "string"}
-      },
-      "patternProperties": {"^x-": {}},
-      "additionalProperties": false
-    },
-
-    "string_or_list": {
-      "oneOf": [
-        {"type": "string"},
-        {"$ref": "#/definitions/list_of_strings"}
-      ]
-    },
-
-    "list_of_strings": {
-      "type": "array",
-      "items": {"type": "string"},
-      "uniqueItems": true
-    },
-
-    "list_or_dict": {
-      "oneOf": [
-        {
-          "type": "object",
-          "patternProperties": {
-            ".+": {
-              "type": ["string", "number", "null"]
-            }
-          },
-          "additionalProperties": false
-        },
-        {"type": "array", "items": {"type": "string"}, "uniqueItems": true}
-      ]
-    },
-
-    "constraints": {
-      "service": {
-        "id": "#/definitions/constraints/service",
-        "anyOf": [
-          {"required": ["build"]},
-          {"required": ["image"]}
-        ],
-        "properties": {
-          "build": {
-            "required": ["context"]
-          }
-        }
-      }
-    }
-  }
-}

cli/compose/schema/schema.go

@@ -11,7 +11,7 @@ import (
 )
 
 const (
-	defaultVersion = "3.11"
+	defaultVersion = "3.10"
 	versionField   = "version"
 )
 
@@ -40,7 +40,7 @@ func init() {
 }
 
 // Version returns the version of the config, defaulting to the latest "3.x"
-// version (3.11). If only the major version "3" is specified, it is used as
+// version (3.10). If only the major version "3" is specified, it is used as
 // version "3.x" and returns the default version (latest 3.x).
 func Version(config map[string]interface{}) string {
 	version, ok := config[versionField]

cli/compose/schema/schema_test.go

@@ -99,7 +99,6 @@ func TestValidateCredentialSpecs(t *testing.T) {
 		{version: "3.8"},
 		{version: "3.9"},
 		{version: "3.10"},
-		{version: "3.11"},
 		{version: "3"},
 		{version: ""},
 	}

cli/config/configfile/file.go

@@ -37,6 +37,7 @@ type ConfigFile struct {
 	PruneFilters         []string                     `json:"pruneFilters,omitempty"`
 	Proxies              map[string]ProxyConfig       `json:"proxies,omitempty"`
 	Experimental         string                       `json:"experimental,omitempty"`
+	StackOrchestrator    string                       `json:"stackOrchestrator,omitempty"` // Deprecated: swarm is now the default orchestrator, and this option is ignored.
 	CurrentContext       string                       `json:"currentContext,omitempty"`
 	CLIPluginsExtraDirs  []string                     `json:"cliPluginsExtraDirs,omitempty"`
 	Plugins              map[string]map[string]string `json:"plugins,omitempty"`

cli/connhelper/commandconn/commandconn.go

@@ -23,7 +23,6 @@ import (
 	"runtime"
 	"strings"
 	"sync"
-	"sync/atomic"
 	"syscall"
 	"time"
 
@@ -65,68 +64,81 @@ func New(_ context.Context, cmd string, args ...string) (net.Conn, error) {
 
 // commandConn implements net.Conn
 type commandConn struct {
-	cmdMutex     sync.Mutex // for cmd, cmdWaitErr
-	cmd          *exec.Cmd
-	cmdWaitErr   error
-	cmdExited    atomic.Bool
-	stdin        io.WriteCloser
-	stdout       io.ReadCloser
-	stderrMu     sync.Mutex // for stderr
-	stderr       bytes.Buffer
-	stdinClosed  atomic.Bool
-	stdoutClosed atomic.Bool
-	closing      atomic.Bool
-	localAddr    net.Addr
-	remoteAddr   net.Addr
+	cmd           *exec.Cmd
+	cmdExited     bool
+	cmdWaitErr    error
+	cmdMutex      sync.Mutex
+	stdin         io.WriteCloser
+	stdout        io.ReadCloser
+	stderrMu      sync.Mutex
+	stderr        bytes.Buffer
+	stdioClosedMu sync.Mutex // for stdinClosed and stdoutClosed
+	stdinClosed   bool
+	stdoutClosed  bool
+	localAddr     net.Addr
+	remoteAddr    net.Addr
 }
 
-// kill terminates the process. On Windows it kills the process directly,
-// whereas on other platforms, a SIGTERM is sent, before forcefully terminating
-// the process after 3 seconds.
-func (c *commandConn) kill() {
-	if c.cmdExited.Load() {
-		return
+// killIfStdioClosed kills the cmd if both stdin and stdout are closed.
+func (c *commandConn) killIfStdioClosed() error {
+	c.stdioClosedMu.Lock()
+	stdioClosed := c.stdoutClosed && c.stdinClosed
+	c.stdioClosedMu.Unlock()
+	if !stdioClosed {
+		return nil
 	}
-	c.cmdMutex.Lock()
+	return c.kill()
+}
+
+// killAndWait tries sending SIGTERM to the process before sending SIGKILL.
+func killAndWait(cmd *exec.Cmd) error {
 	var werr error
 	if runtime.GOOS != "windows" {
 		werrCh := make(chan error)
-		go func() { werrCh <- c.cmd.Wait() }()
-		_ = c.cmd.Process.Signal(syscall.SIGTERM)
+		go func() { werrCh <- cmd.Wait() }()
+		cmd.Process.Signal(syscall.SIGTERM)
 		select {
 		case werr = <-werrCh:
 		case <-time.After(3 * time.Second):
-			_ = c.cmd.Process.Kill()
+			cmd.Process.Kill()
 			werr = <-werrCh
 		}
 	} else {
-		_ = c.cmd.Process.Kill()
-		werr = c.cmd.Wait()
+		cmd.Process.Kill()
+		werr = cmd.Wait()
 	}
-	c.cmdWaitErr = werr
-	c.cmdMutex.Unlock()
-	c.cmdExited.Store(true)
+	return werr
 }
 
-// handleEOF handles io.EOF errors while reading or writing from the underlying
-// command pipes.
-//
-// When we've received an EOF we expect that the command will
-// be terminated soon. As such, we call Wait() on the command
-// and return EOF or the error depending on whether the command
-// exited with an error.
-//
-// If Wait() does not return within 10s, an error is returned
-func (c *commandConn) handleEOF(err error) error {
-	if err != io.EOF {
-		return err
-	}
-
-	c.cmdMutex.Lock()
-	defer c.cmdMutex.Unlock()
-
+// kill returns nil if the command terminated, regardless to the exit status.
+func (c *commandConn) kill() error {
 	var werr error
-	if c.cmdExited.Load() {
+	c.cmdMutex.Lock()
+	if c.cmdExited {
+		werr = c.cmdWaitErr
+	} else {
+		werr = killAndWait(c.cmd)
+		c.cmdWaitErr = werr
+		c.cmdExited = true
+	}
+	c.cmdMutex.Unlock()
+	if werr == nil {
+		return nil
+	}
+	wExitErr, ok := werr.(*exec.ExitError)
+	if ok {
+		if wExitErr.ProcessState.Exited() {
+			return nil
+		}
+	}
+	return errors.Wrapf(werr, "commandconn: failed to wait")
+}
+
+func (c *commandConn) onEOF(eof error) error {
+	// when we got EOF, the command is going to be terminated
+	var werr error
+	c.cmdMutex.Lock()
+	if c.cmdExited {
 		werr = c.cmdWaitErr
 	} else {
 		werrCh := make(chan error)
@@ -134,17 +146,18 @@ func (c *commandConn) handleEOF(err error) error {
 		select {
 		case werr = <-werrCh:
 			c.cmdWaitErr = werr
-			c.cmdExited.Store(true)
+			c.cmdExited = true
 		case <-time.After(10 * time.Second):
+			c.cmdMutex.Unlock()
 			c.stderrMu.Lock()
 			stderr := c.stderr.String()
 			c.stderrMu.Unlock()
-			return errors.Errorf("command %v did not exit after %v: stderr=%q", c.cmd.Args, err, stderr)
+			return errors.Errorf("command %v did not exit after %v: stderr=%q", c.cmd.Args, eof, stderr)
 		}
 	}
-
+	c.cmdMutex.Unlock()
 	if werr == nil {
-		return err
+		return eof
 	}
 	c.stderrMu.Lock()
 	stderr := c.stderr.String()
@@ -153,86 +166,71 @@ func (c *commandConn) handleEOF(err error) error {
 }
 
 func ignorableCloseError(err error) bool {
-	return strings.Contains(err.Error(), os.ErrClosed.Error())
+	errS := err.Error()
+	ss := []string{
+		os.ErrClosed.Error(),
+	}
+	for _, s := range ss {
+		if strings.Contains(errS, s) {
+			return true
+		}
+	}
+	return false
+}
+
+func (c *commandConn) CloseRead() error {
+	// NOTE: maybe already closed here
+	if err := c.stdout.Close(); err != nil && !ignorableCloseError(err) {
+		logrus.Warnf("commandConn.CloseRead: %v", err)
+	}
+	c.stdioClosedMu.Lock()
+	c.stdoutClosed = true
+	c.stdioClosedMu.Unlock()
+	if err := c.killIfStdioClosed(); err != nil {
+		logrus.Warnf("commandConn.CloseRead: %v", err)
+	}
+	return nil
 }
 
 func (c *commandConn) Read(p []byte) (int, error) {
 	n, err := c.stdout.Read(p)
-	// check after the call to Read, since
-	// it is blocking, and while waiting on it
-	// Close might get called
-	if c.closing.Load() {
-		// If we're currently closing the connection
-		// we don't want to call onEOF
-		return n, err
+	if err == io.EOF {
+		err = c.onEOF(err)
 	}
+	return n, err
+}
 
-	return n, c.handleEOF(err)
+func (c *commandConn) CloseWrite() error {
+	// NOTE: maybe already closed here
+	if err := c.stdin.Close(); err != nil && !ignorableCloseError(err) {
+		logrus.Warnf("commandConn.CloseWrite: %v", err)
+	}
+	c.stdioClosedMu.Lock()
+	c.stdinClosed = true
+	c.stdioClosedMu.Unlock()
+	if err := c.killIfStdioClosed(); err != nil {
+		logrus.Warnf("commandConn.CloseWrite: %v", err)
+	}
+	return nil
 }
 
 func (c *commandConn) Write(p []byte) (int, error) {
 	n, err := c.stdin.Write(p)
-	// check after the call to Write, since
-	// it is blocking, and while waiting on it
-	// Close might get called
-	if c.closing.Load() {
-		// If we're currently closing the connection
-		// we don't want to call onEOF
-		return n, err
+	if err == io.EOF {
+		err = c.onEOF(err)
 	}
-
-	return n, c.handleEOF(err)
+	return n, err
 }
 
-// CloseRead allows commandConn to implement halfCloser
-func (c *commandConn) CloseRead() error {
-	// NOTE: maybe already closed here
-	if err := c.stdout.Close(); err != nil && !ignorableCloseError(err) {
-		return err
-	}
-	c.stdoutClosed.Store(true)
-
-	if c.stdinClosed.Load() {
-		c.kill()
-	}
-
-	return nil
-}
-
-// CloseWrite allows commandConn to implement halfCloser
-func (c *commandConn) CloseWrite() error {
-	// NOTE: maybe already closed here
-	if err := c.stdin.Close(); err != nil && !ignorableCloseError(err) {
-		return err
-	}
-	c.stdinClosed.Store(true)
-
-	if c.stdoutClosed.Load() {
-		c.kill()
-	}
-	return nil
-}
-
-// Close is the net.Conn func that gets called
-// by the transport when a dial is cancelled
-// due to it's context timing out. Any blocked
-// Read or Write calls will be unblocked and
-// return errors. It will block until the underlying
-// command has terminated.
 func (c *commandConn) Close() error {
-	c.closing.Store(true)
-	defer c.closing.Store(false)
-
-	if err := c.CloseRead(); err != nil {
+	var err error
+	if err = c.CloseRead(); err != nil {
 		logrus.Warnf("commandConn.Close: CloseRead: %v", err)
-		return err
 	}
-	if err := c.CloseWrite(); err != nil {
+	if err = c.CloseWrite(); err != nil {
 		logrus.Warnf("commandConn.Close: CloseWrite: %v", err)
-		return err
 	}
-
-	return nil
+	return err
 }
 
 func (c *commandConn) LocalAddr() net.Addr {

cli/connhelper/commandconn/commandconn_unix_test.go

@@ -6,11 +6,8 @@ package commandconn
 import (
 	"context"
 	"io"
-	"io/fs"
 	"testing"
-	"time"
 
-	"github.com/docker/docker/pkg/process"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )
@@ -46,170 +43,3 @@ func TestEOFWithoutError(t *testing.T) {
 	assert.Check(t, is.Equal(0, n))
 	assert.Check(t, is.Equal(io.EOF, err))
 }
-
-func TestCloseRunningCommand(t *testing.T) {
-	cmd := "sh"
-	args := []string{"-c", "while true; sleep 1; done"}
-
-	done := make(chan struct{})
-	defer close(done)
-
-	go func() {
-		c, err := New(context.TODO(), cmd, args...)
-		assert.NilError(t, err)
-		cmdConn := c.(*commandConn)
-		assert.Check(t, process.Alive(cmdConn.cmd.Process.Pid))
-
-		n, err := c.Write([]byte("hello"))
-		assert.Check(t, is.Equal(len("hello"), n))
-		assert.NilError(t, err)
-		assert.Check(t, process.Alive(cmdConn.cmd.Process.Pid))
-
-		err = cmdConn.Close()
-		assert.NilError(t, err)
-		assert.Check(t, !process.Alive(cmdConn.cmd.Process.Pid))
-		done <- struct{}{}
-	}()
-
-	select {
-	case <-time.After(5 * time.Second):
-		t.Error("test did not finish in time")
-	case <-done:
-		break
-	}
-}
-
-func TestCloseTwice(t *testing.T) {
-	cmd := "sh"
-	args := []string{"-c", "echo hello; sleep 1; exit 0"}
-
-	done := make(chan struct{})
-	go func() {
-		c, err := New(context.TODO(), cmd, args...)
-		assert.NilError(t, err)
-		cmdConn := c.(*commandConn)
-		assert.Check(t, process.Alive(cmdConn.cmd.Process.Pid))
-
-		b := make([]byte, 32)
-		n, err := c.Read(b)
-		assert.Check(t, is.Equal(len("hello\n"), n))
-		assert.NilError(t, err)
-
-		err = cmdConn.Close()
-		assert.NilError(t, err)
-		assert.Check(t, !process.Alive(cmdConn.cmd.Process.Pid))
-
-		err = cmdConn.Close()
-		assert.NilError(t, err)
-		assert.Check(t, !process.Alive(cmdConn.cmd.Process.Pid))
-		done <- struct{}{}
-	}()
-
-	select {
-	case <-time.After(10 * time.Second):
-		t.Error("test did not finish in time")
-	case <-done:
-		break
-	}
-}
-
-func TestEOFTimeout(t *testing.T) {
-	cmd := "sh"
-	args := []string{"-c", "sleep 20"}
-
-	done := make(chan struct{})
-	go func() {
-		c, err := New(context.TODO(), cmd, args...)
-		assert.NilError(t, err)
-		cmdConn := c.(*commandConn)
-		assert.Check(t, process.Alive(cmdConn.cmd.Process.Pid))
-
-		cmdConn.stdout = mockStdoutEOF{}
-
-		b := make([]byte, 32)
-		n, err := c.Read(b)
-		assert.Check(t, is.Equal(0, n))
-		assert.ErrorContains(t, err, "did not exit after EOF")
-
-		done <- struct{}{}
-	}()
-
-	// after receiving an EOF, we try to kill the command
-	// if it doesn't exit after 10s, we throw an error
-	select {
-	case <-time.After(12 * time.Second):
-		t.Error("test did not finish in time")
-	case <-done:
-		break
-	}
-}
-
-type mockStdoutEOF struct{}
-
-func (mockStdoutEOF) Read(_ []byte) (int, error) {
-	return 0, io.EOF
-}
-
-func (mockStdoutEOF) Close() error {
-	return nil
-}
-
-func TestCloseWhileWriting(t *testing.T) {
-	cmd := "sh"
-	args := []string{"-c", "while true; sleep 1; done"}
-
-	c, err := New(context.TODO(), cmd, args...)
-	assert.NilError(t, err)
-	cmdConn := c.(*commandConn)
-	assert.Check(t, process.Alive(cmdConn.cmd.Process.Pid))
-
-	writeErrC := make(chan error)
-	go func() {
-		for {
-			n, err := c.Write([]byte("hello"))
-			if err != nil {
-				writeErrC <- err
-				return
-			}
-			assert.Equal(t, n, len("hello"))
-		}
-	}()
-
-	err = c.Close()
-	assert.NilError(t, err)
-	assert.Check(t, !process.Alive(cmdConn.cmd.Process.Pid))
-
-	writeErr := <-writeErrC
-	assert.ErrorContains(t, writeErr, "file already closed")
-	assert.Check(t, is.ErrorIs(writeErr, fs.ErrClosed))
-}
-
-func TestCloseWhileReading(t *testing.T) {
-	cmd := "sh"
-	args := []string{"-c", "while true; sleep 1; done"}
-
-	c, err := New(context.TODO(), cmd, args...)
-	assert.NilError(t, err)
-	cmdConn := c.(*commandConn)
-	assert.Check(t, process.Alive(cmdConn.cmd.Process.Pid))
-
-	readErrC := make(chan error)
-	go func() {
-		for {
-			b := make([]byte, 32)
-			n, err := c.Read(b)
-			if err != nil {
-				readErrC <- err
-				return
-			}
-			assert.Check(t, is.Equal(0, n))
-		}
-	}()
-
-	err = cmdConn.Close()
-	assert.NilError(t, err)
-	assert.Check(t, !process.Alive(cmdConn.cmd.Process.Pid))
-
-	readErr := <-readErrC
-	assert.Check(t, is.ErrorIs(readErr, fs.ErrClosed))
-}

cli/connhelper/connhelper.go

@@ -5,7 +5,6 @@ import (
 	"context"
 	"net"
 	"net/url"
-	"strings"
 
 	"github.com/docker/cli/cli/connhelper/commandconn"
 	"github.com/docker/cli/cli/connhelper/ssh"
@@ -48,13 +47,7 @@ func getConnectionHelper(daemonURL string, sshFlags []string) (*ConnectionHelper
 		}
 		return &ConnectionHelper{
 			Dialer: func(ctx context.Context, network, addr string) (net.Conn, error) {
-				args := []string{"docker"}
-				if sp.Path != "" {
-					args = append(args, "--host", "unix://"+sp.Path)
-				}
-				sshFlags = addSSHTimeout(sshFlags)
-				args = append(args, "system", "dial-stdio")
-				return commandconn.New(ctx, "ssh", append(sshFlags, sp.Args(args...)...)...)
+				return commandconn.New(ctx, "ssh", append(sshFlags, sp.Args("docker", "system", "dial-stdio")...)...)
 			},
 			Host: "http://docker.example.com",
 		}, nil
@@ -73,10 +66,3 @@ func GetCommandConnectionHelper(cmd string, flags ...string) (*ConnectionHelper,
 		Host: "http://docker.example.com",
 	}, nil
 }
-
-func addSSHTimeout(sshFlags []string) []string {
-	if !strings.Contains(strings.Join(sshFlags, ""), "ConnectTimeout") {
-		sshFlags = append(sshFlags, "-o ConnectTimeout=30")
-	}
-	return sshFlags
-}

cli/connhelper/connhelper_test.go

@@ -1,31 +0,0 @@
-package connhelper
-
-import (
-	"testing"
-
-	"gotest.tools/v3/assert"
-)
-
-func TestSSHFlags(t *testing.T) {
-	testCases := []struct {
-		in  []string
-		out []string
-	}{
-		{
-			in:  []string{},
-			out: []string{"-o ConnectTimeout=30"},
-		},
-		{
-			in:  []string{"option", "-o anotherOption"},
-			out: []string{"option", "-o anotherOption", "-o ConnectTimeout=30"},
-		},
-		{
-			in:  []string{"-o ConnectTimeout=5", "anotherOption"},
-			out: []string{"-o ConnectTimeout=5", "anotherOption"},
-		},
-	}
-
-	for _, tc := range testCases {
-		assert.DeepEqual(t, addSSHTimeout(tc.in), tc.out)
-	}
-}

cli/connhelper/ssh/ssh.go

@@ -30,7 +30,9 @@ func ParseURL(daemonURL string) (*Spec, error) {
 		return nil, errors.Errorf("no host specified")
 	}
 	sp.Port = u.Port()
-	sp.Path = u.Path
+	if u.Path != "" {
+		return nil, errors.Errorf("extra path after the host: %q", u.Path)
+	}
 	if u.RawQuery != "" {
 		return nil, errors.Errorf("extra query after the host: %q", u.RawQuery)
 	}
@@ -45,7 +47,6 @@ type Spec struct {
 	User string
 	Host string
 	Port string
-	Path string
 }
 
 // Args returns args except "ssh" itself combined with optional additional command args

cli/connhelper/ssh/ssh_test.go

@@ -32,10 +32,8 @@ func TestParseURL(t *testing.T) {
 			expectedError: "plain-text password is not supported",
 		},
 		{
-			url: "ssh://foo/bar",
-			expectedArgs: []string{
-				"--", "foo",
-			},
+			url:           "ssh://foo/bar",
+			expectedError: `extra path after the host: "/bar"`,
 		},
 		{
 			url:           "ssh://foo?bar",

cli/context/docker/load.go

@@ -25,6 +25,12 @@ type EndpointMeta = context.EndpointMetaBase
 type Endpoint struct {
 	EndpointMeta
 	TLSData *context.TLSData
+
+	// Deprecated: Use of encrypted TLS private keys has been deprecated, and
+	// will be removed in a future release. Golang has deprecated support for
+	// legacy PEM encryption (as specified in RFC 1423), as it is insecure by
+	// design (see https://go-review.googlesource.com/c/go/+/264159).
+	TLSPassword string
 }
 
 // WithTLSData loads TLS materials for the endpoint

cli/context/store/store.go

@@ -494,6 +494,20 @@ func importEndpointTLS(tlsData *ContextTLSData, path string, data []byte) error
 	return nil
 }
 
+// IsErrContextDoesNotExist checks if the given error is a "context does not exist" condition.
+//
+// Deprecated: use github.com/docker/docker/errdefs.IsNotFound()
+func IsErrContextDoesNotExist(err error) bool {
+	return errdefs.IsNotFound(err)
+}
+
+// IsErrTLSDataDoesNotExist checks if the given error is a "context does not exist" condition
+//
+// Deprecated: use github.com/docker/docker/errdefs.IsNotFound()
+func IsErrTLSDataDoesNotExist(err error) bool {
+	return errdefs.IsNotFound(err)
+}
+
 type contextdir string
 
 func contextdirOf(name string) contextdir {

cli/flags/options_deprecated.go

@@ -0,0 +1,11 @@
+package flags
+
+// CommonOptions are options common to both the client and the daemon.
+//
+// Deprecated: use [ClientOptions].
+type CommonOptions = ClientOptions
+
+// NewCommonOptions returns a new CommonOptions
+//
+// Deprecated: use [NewClientOptions].
+var NewCommonOptions = NewClientOptions

cli/hints/hints.go

@@ -1,18 +0,0 @@
-package hints
-
-import (
-	"os"
-	"strconv"
-)
-
-// Enabled returns whether cli hints are enabled or not
-func Enabled() bool {
-	if v := os.Getenv("DOCKER_CLI_HINTS"); v != "" {
-		enabled, err := strconv.ParseBool(v)
-		if err != nil {
-			return true
-		}
-		return enabled
-	}
-	return true
-}

cli/registry/client/client.go

@@ -11,6 +11,7 @@ import (
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/reference"
 	distributionclient "github.com/docker/distribution/registry/client"
+	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
@@ -36,7 +37,7 @@ func NewRegistryClient(resolver AuthConfigResolver, userAgent string, insecure b
 }
 
 // AuthConfigResolver returns Auth Configuration for an index
-type AuthConfigResolver func(ctx context.Context, index *registrytypes.IndexInfo) registrytypes.AuthConfig
+type AuthConfigResolver func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig
 
 // PutManifestOptions is the data sent to push a manifest
 type PutManifestOptions struct {

cli/registry/client/endpoint.go

@@ -10,7 +10,7 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/transport"
-	registrytypes "github.com/docker/docker/api/types/registry"
+	authtypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
 )
@@ -76,7 +76,7 @@ func getDefaultEndpointFromRepoInfo(repoInfo *registry.RepositoryInfo) (registry
 }
 
 // getHTTPTransport builds a transport for use in communicating with a registry
-func getHTTPTransport(authConfig registrytypes.AuthConfig, endpoint registry.APIEndpoint, repoName, userAgent string, actions []string) (http.RoundTripper, error) {
+func getHTTPTransport(authConfig authtypes.AuthConfig, endpoint registry.APIEndpoint, repoName, userAgent string, actions []string) (http.RoundTripper, error) {
 	// get the http transport, this will be used in a client to upload manifest
 	base := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,

cli/registry/client/fetcher.go

@@ -202,8 +202,7 @@ func pullManifestList(ctx context.Context, ref reference.Named, repo distributio
 		}
 
 		// Replace platform from config
-		p := manifestDescriptor.Platform
-		imageManifest.Descriptor.Platform = types.OCIPlatform(&p)
+		imageManifest.Descriptor.Platform = types.OCIPlatform(&manifestDescriptor.Platform)
 
 		infos = append(infos, imageManifest)
 	}
@@ -243,6 +242,11 @@ func (c *client) iterateEndpoints(ctx context.Context, namedRef reference.Named,
 
 	confirmedTLSRegistries := make(map[string]bool)
 	for _, endpoint := range endpoints {
+		if endpoint.Version == registry.APIVersion1 {
+			logrus.Debugf("skipping v1 endpoint %s", endpoint.URL)
+			continue
+		}
+
 		if endpoint.URL.Scheme != "https" {
 			if _, confirmedTLS := confirmedTLSRegistries[endpoint.URL.Host]; confirmedTLS {
 				logrus.Debugf("skipping non-TLS endpoint %s for host/port that appears to use TLS", endpoint.URL)