Compare commits
57 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 1a576c50a9 | |||
| 690b1565fb | |||
| 03114ec2ca | |||
| 833128bce5 | |||
| fd4d39aa88 | |||
| b4b35dedc6 | |||
| ce113a74af | |||
| a3b6c9ea7e | |||
| 2bf4225ad2 | |||
| f783e8d58a | |||
| 956d15c723 | |||
| 5a942fadcf | |||
| 592c146cca | |||
| 0735e78cc9 | |||
| 63a3db4b31 | |||
| 0b9bf6a6f4 | |||
| e0dab5ce1e | |||
| b59204cc43 | |||
| b8459ce351 | |||
| a25a9100f3 | |||
| eb223e7eaf | |||
| c87c4c96ec | |||
| c270556d44 | |||
| 98f603bdd1 | |||
| 1cddb2b03d | |||
| 8715d9a33a | |||
| a5937c6043 | |||
| 9142b58351 | |||
| f67e569a8f | |||
| 08eba2246c | |||
| 4fd2cf5f2d | |||
| bdfe1645f5 | |||
| e456704864 | |||
| 4debf411d1 | |||
| 5e6ce1bde1 | |||
| 5428301e3f | |||
| 1cbc218c05 | |||
| 2f6b5ada71 | |||
| d8e07c9c47 | |||
| 5f1b610fc3 | |||
| c105cd3ac2 | |||
| 62b2963b80 | |||
| 71f2b0d109 | |||
| 617bc98c8d | |||
| 29cf629222 | |||
| 4caf4de039 | |||
| 950ecd42fd | |||
| 6ab4781bd0 | |||
| e8852e8ed2 | |||
| 4e097c643d | |||
| 01f9332618 | |||
| 4cd8d5cf47 | |||
| 21c12847bf | |||
| 22e1f2cbfa | |||
| 68abf14c15 | |||
| 85a5ee4cb0 | |||
| 9e1e07657a |
10
.github/workflows/build.yml
vendored
10
.github/workflows/build.yml
vendored
@ -19,7 +19,7 @@ on:
|
||||
|
||||
jobs:
|
||||
prepare:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
outputs:
|
||||
matrix: ${{ steps.platforms.outputs.matrix }}
|
||||
steps:
|
||||
@ -37,7 +37,7 @@ jobs:
|
||||
echo ${{ steps.platforms.outputs.matrix }}
|
||||
|
||||
build:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
needs:
|
||||
- prepare
|
||||
strategy:
|
||||
@ -90,7 +90,7 @@ jobs:
|
||||
if-no-files-found: error
|
||||
|
||||
bin-image:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
if: ${{ github.event_name != 'pull_request' && github.repository == 'docker/cli' }}
|
||||
steps:
|
||||
-
|
||||
@ -134,7 +134,7 @@ jobs:
|
||||
*.cache-to=type=gha,scope=bin-image,mode=max
|
||||
|
||||
prepare-plugins:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
outputs:
|
||||
matrix: ${{ steps.platforms.outputs.matrix }}
|
||||
steps:
|
||||
@ -152,7 +152,7 @@ jobs:
|
||||
echo ${{ steps.platforms.outputs.matrix }}
|
||||
|
||||
plugins:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
needs:
|
||||
- prepare-plugins
|
||||
strategy:
|
||||
|
||||
16
.github/workflows/e2e.yml
vendored
16
.github/workflows/e2e.yml
vendored
@ -16,7 +16,7 @@ on:
|
||||
|
||||
jobs:
|
||||
e2e:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
@ -28,11 +28,11 @@ jobs:
|
||||
- alpine
|
||||
- debian
|
||||
engine-version:
|
||||
# - 20.10-dind # FIXME: Fails on 20.10
|
||||
- stable-dind # TODO: Use 20.10-dind, stable-dind is deprecated
|
||||
include:
|
||||
- target: non-experimental
|
||||
engine-version: 19.03-dind
|
||||
- 25.0 # latest
|
||||
- 24.0 # latest - 1
|
||||
- 23.0 # mirantis lts
|
||||
# TODO(krissetto) 19.03 needs a look, doesn't work ubuntu 22.04 (cgroup errors).
|
||||
# we could have a separate job that tests it against ubuntu 20.04
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
@ -55,10 +55,10 @@ jobs:
|
||||
make -f docker.Makefile test-e2e-${{ matrix.target }}
|
||||
env:
|
||||
BASE_VARIANT: ${{ matrix.base }}
|
||||
E2E_ENGINE_VERSION: ${{ matrix.engine-version }}
|
||||
ENGINE_VERSION: ${{ matrix.engine-version }}
|
||||
TESTFLAGS: -coverprofile=/tmp/coverage/coverage.txt
|
||||
-
|
||||
name: Send to Codecov
|
||||
uses: codecov/codecov-action@v3
|
||||
uses: codecov/codecov-action@v4
|
||||
with:
|
||||
file: ./build/coverage/coverage.txt
|
||||
|
||||
8
.github/workflows/test.yml
vendored
8
.github/workflows/test.yml
vendored
@ -16,7 +16,7 @@ on:
|
||||
|
||||
jobs:
|
||||
ctn:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
@ -31,7 +31,7 @@ jobs:
|
||||
targets: test-coverage
|
||||
-
|
||||
name: Send to Codecov
|
||||
uses: codecov/codecov-action@v3
|
||||
uses: codecov/codecov-action@v4
|
||||
with:
|
||||
file: ./build/coverage/coverage.txt
|
||||
|
||||
@ -63,7 +63,7 @@ jobs:
|
||||
name: Set up Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: 1.21.6
|
||||
go-version: 1.21.8
|
||||
-
|
||||
name: Test
|
||||
run: |
|
||||
@ -73,7 +73,7 @@ jobs:
|
||||
shell: bash
|
||||
-
|
||||
name: Send to Codecov
|
||||
uses: codecov/codecov-action@v3
|
||||
uses: codecov/codecov-action@v4
|
||||
with:
|
||||
file: /tmp/coverage.txt
|
||||
working-directory: ${{ env.GOPATH }}/src/github.com/docker/cli
|
||||
|
||||
6
.github/workflows/validate.yml
vendored
6
.github/workflows/validate.yml
vendored
@ -16,7 +16,7 @@ on:
|
||||
|
||||
jobs:
|
||||
validate:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
@ -37,7 +37,7 @@ jobs:
|
||||
|
||||
# check that the generated Markdown and the checked-in files match
|
||||
validate-md:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
@ -57,7 +57,7 @@ jobs:
|
||||
fi
|
||||
|
||||
validate-make:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
|
||||
@ -4,12 +4,12 @@ ARG BASE_VARIANT=alpine
|
||||
ARG ALPINE_VERSION=3.18
|
||||
ARG BASE_DEBIAN_DISTRO=bookworm
|
||||
|
||||
ARG GO_VERSION=1.21.6
|
||||
ARG GO_VERSION=1.21.8
|
||||
ARG XX_VERSION=1.2.1
|
||||
ARG GOVERSIONINFO_VERSION=v1.3.0
|
||||
ARG GOTESTSUM_VERSION=v1.10.0
|
||||
ARG BUILDX_VERSION=0.12.1
|
||||
ARG COMPOSE_VERSION=v2.24.0
|
||||
ARG COMPOSE_VERSION=v2.24.3
|
||||
|
||||
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
|
||||
|
||||
|
||||
@ -65,6 +65,7 @@ func ConnectAndWait(cb func()) {
|
||||
_, err := conn.Read(b)
|
||||
if errors.Is(err, io.EOF) {
|
||||
cb()
|
||||
return
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
//go:build !darwin
|
||||
//go:build !darwin && !openbsd
|
||||
|
||||
package socket
|
||||
|
||||
@ -15,5 +15,6 @@ func listen(socketname string) (*net.UnixListener, error) {
|
||||
|
||||
func onAccept(conn *net.UnixConn, listener *net.UnixListener) {
|
||||
// do nothing
|
||||
// while on darwin we would unlink here; on non-darwin the socket is abstract and not present on the filesystem
|
||||
// while on darwin and OpenBSD we would unlink here;
|
||||
// on non-darwin the socket is abstract and not present on the filesystem
|
||||
}
|
||||
|
||||
19
cli-plugins/socket/socket_openbsd.go
Normal file
19
cli-plugins/socket/socket_openbsd.go
Normal file
@ -0,0 +1,19 @@
|
||||
package socket
|
||||
|
||||
import (
|
||||
"net"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
func listen(socketname string) (*net.UnixListener, error) {
|
||||
return net.ListenUnix("unix", &net.UnixAddr{
|
||||
Name: filepath.Join(os.TempDir(), socketname),
|
||||
Net: "unix",
|
||||
})
|
||||
}
|
||||
|
||||
func onAccept(conn *net.UnixConn, listener *net.UnixListener) {
|
||||
syscall.Unlink(listener.Addr().String())
|
||||
}
|
||||
133
cli-plugins/socket/socket_test.go
Normal file
133
cli-plugins/socket/socket_test.go
Normal file
@ -0,0 +1,133 @@
|
||||
package socket
|
||||
|
||||
import (
|
||||
"io/fs"
|
||||
"net"
|
||||
"os"
|
||||
"runtime"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"gotest.tools/v3/assert"
|
||||
"gotest.tools/v3/poll"
|
||||
)
|
||||
|
||||
func TestSetupConn(t *testing.T) {
|
||||
t.Run("updates conn when connected", func(t *testing.T) {
|
||||
var conn *net.UnixConn
|
||||
listener, err := SetupConn(&conn)
|
||||
assert.NilError(t, err)
|
||||
assert.Check(t, listener != nil, "returned nil listener but no error")
|
||||
addr, err := net.ResolveUnixAddr("unix", listener.Addr().String())
|
||||
assert.NilError(t, err, "failed to resolve listener address")
|
||||
|
||||
_, err = net.DialUnix("unix", nil, addr)
|
||||
assert.NilError(t, err, "failed to dial returned listener")
|
||||
|
||||
pollConnNotNil(t, &conn)
|
||||
})
|
||||
|
||||
t.Run("allows reconnects", func(t *testing.T) {
|
||||
var conn *net.UnixConn
|
||||
listener, err := SetupConn(&conn)
|
||||
assert.NilError(t, err)
|
||||
assert.Check(t, listener != nil, "returned nil listener but no error")
|
||||
addr, err := net.ResolveUnixAddr("unix", listener.Addr().String())
|
||||
assert.NilError(t, err, "failed to resolve listener address")
|
||||
|
||||
otherConn, err := net.DialUnix("unix", nil, addr)
|
||||
assert.NilError(t, err, "failed to dial returned listener")
|
||||
|
||||
otherConn.Close()
|
||||
|
||||
_, err = net.DialUnix("unix", nil, addr)
|
||||
assert.NilError(t, err, "failed to redial listener")
|
||||
})
|
||||
|
||||
t.Run("does not leak sockets to local directory", func(t *testing.T) {
|
||||
var conn *net.UnixConn
|
||||
listener, err := SetupConn(&conn)
|
||||
assert.NilError(t, err)
|
||||
assert.Check(t, listener != nil, "returned nil listener but no error")
|
||||
checkDirNoPluginSocket(t)
|
||||
|
||||
addr, err := net.ResolveUnixAddr("unix", listener.Addr().String())
|
||||
assert.NilError(t, err, "failed to resolve listener address")
|
||||
_, err = net.DialUnix("unix", nil, addr)
|
||||
assert.NilError(t, err, "failed to dial returned listener")
|
||||
checkDirNoPluginSocket(t)
|
||||
})
|
||||
}
|
||||
|
||||
func checkDirNoPluginSocket(t *testing.T) {
|
||||
t.Helper()
|
||||
|
||||
files, err := os.ReadDir(".")
|
||||
assert.NilError(t, err, "failed to list files in dir to check for leaked sockets")
|
||||
|
||||
for _, f := range files {
|
||||
info, err := f.Info()
|
||||
assert.NilError(t, err, "failed to check file info")
|
||||
// check for a socket with `docker_cli_` in the name (from `SetupConn()`)
|
||||
if strings.Contains(f.Name(), "docker_cli_") && info.Mode().Type() == fs.ModeSocket {
|
||||
t.Fatal("found socket in a local directory")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestConnectAndWait(t *testing.T) {
|
||||
t.Run("calls cancel func on EOF", func(t *testing.T) {
|
||||
var conn *net.UnixConn
|
||||
listener, err := SetupConn(&conn)
|
||||
assert.NilError(t, err, "failed to setup listener")
|
||||
|
||||
done := make(chan struct{})
|
||||
t.Setenv(EnvKey, listener.Addr().String())
|
||||
cancelFunc := func() {
|
||||
done <- struct{}{}
|
||||
}
|
||||
ConnectAndWait(cancelFunc)
|
||||
pollConnNotNil(t, &conn)
|
||||
conn.Close()
|
||||
|
||||
select {
|
||||
case <-done:
|
||||
case <-time.After(10 * time.Millisecond):
|
||||
t.Fatal("cancel function not closed after 10ms")
|
||||
}
|
||||
})
|
||||
|
||||
// TODO: this test cannot be executed with `t.Parallel()`, due to
|
||||
// relying on goroutine numbers to ensure correct behaviour
|
||||
t.Run("connect goroutine exits after EOF", func(t *testing.T) {
|
||||
var conn *net.UnixConn
|
||||
listener, err := SetupConn(&conn)
|
||||
assert.NilError(t, err, "failed to setup listener")
|
||||
t.Setenv(EnvKey, listener.Addr().String())
|
||||
numGoroutines := runtime.NumGoroutine()
|
||||
|
||||
ConnectAndWait(func() {})
|
||||
assert.Equal(t, runtime.NumGoroutine(), numGoroutines+1)
|
||||
|
||||
pollConnNotNil(t, &conn)
|
||||
conn.Close()
|
||||
poll.WaitOn(t, func(t poll.LogT) poll.Result {
|
||||
if runtime.NumGoroutine() > numGoroutines+1 {
|
||||
return poll.Continue("waiting for connect goroutine to exit")
|
||||
}
|
||||
return poll.Success()
|
||||
}, poll.WithDelay(1*time.Millisecond), poll.WithTimeout(10*time.Millisecond))
|
||||
})
|
||||
}
|
||||
|
||||
func pollConnNotNil(t *testing.T, conn **net.UnixConn) {
|
||||
t.Helper()
|
||||
|
||||
poll.WaitOn(t, func(t poll.LogT) poll.Result {
|
||||
if *conn == nil {
|
||||
return poll.Continue("waiting for conn to not be nil")
|
||||
}
|
||||
return poll.Success()
|
||||
}, poll.WithDelay(1*time.Millisecond), poll.WithTimeout(10*time.Millisecond))
|
||||
}
|
||||
@ -5,7 +5,6 @@
|
||||
"RepoDigests": null,
|
||||
"Parent": "",
|
||||
"Comment": "",
|
||||
"Created": "",
|
||||
"Container": "",
|
||||
"ContainerConfig": null,
|
||||
"DockerVersion": "",
|
||||
@ -29,7 +28,6 @@
|
||||
"RepoDigests": null,
|
||||
"Parent": "",
|
||||
"Comment": "",
|
||||
"Created": "",
|
||||
"Container": "",
|
||||
"ContainerConfig": null,
|
||||
"DockerVersion": "",
|
||||
|
||||
@ -5,7 +5,6 @@
|
||||
"RepoDigests": null,
|
||||
"Parent": "",
|
||||
"Comment": "",
|
||||
"Created": "",
|
||||
"Container": "",
|
||||
"ContainerConfig": null,
|
||||
"DockerVersion": "",
|
||||
|
||||
@ -328,7 +328,7 @@ func createTransformHook(additionalTransformers ...Transformer) mapstructure.Dec
|
||||
reflect.TypeOf(types.MappingWithEquals{}): transformMappingOrListFunc("=", true),
|
||||
reflect.TypeOf(types.Labels{}): transformMappingOrListFunc("=", false),
|
||||
reflect.TypeOf(types.MappingWithColon{}): transformMappingOrListFunc(":", false),
|
||||
reflect.TypeOf(types.HostsList{}): transformListOrMappingFunc(":", false),
|
||||
reflect.TypeOf(types.HostsList{}): transformHostsList,
|
||||
reflect.TypeOf(types.ServiceVolumeConfig{}): transformServiceVolumeConfig,
|
||||
reflect.TypeOf(types.BuildConfig{}): transformBuildConfig,
|
||||
reflect.TypeOf(types.Duration(0)): transformStringToDuration,
|
||||
@ -808,28 +808,58 @@ var transformStringList TransformerFunc = func(data any) (any, error) {
|
||||
}
|
||||
}
|
||||
|
||||
func transformMappingOrListFunc(sep string, allowNil bool) TransformerFunc {
|
||||
return func(data any) (any, error) {
|
||||
return transformMappingOrList(data, sep, allowNil), nil
|
||||
var transformHostsList TransformerFunc = func(data any) (any, error) {
|
||||
hl := transformListOrMapping(data, ":", false, []string{"=", ":"})
|
||||
|
||||
// Remove brackets from IP addresses if present (for example "[::1]" -> "::1").
|
||||
result := make([]string, 0, len(hl))
|
||||
for _, hip := range hl {
|
||||
host, ip, _ := strings.Cut(hip, ":")
|
||||
if len(ip) > 2 && ip[0] == '[' && ip[len(ip)-1] == ']' {
|
||||
ip = ip[1 : len(ip)-1]
|
||||
}
|
||||
result = append(result, fmt.Sprintf("%s:%s", host, ip))
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func transformListOrMappingFunc(sep string, allowNil bool) TransformerFunc {
|
||||
return func(data any) (any, error) {
|
||||
return transformListOrMapping(data, sep, allowNil), nil
|
||||
}
|
||||
}
|
||||
|
||||
func transformListOrMapping(listOrMapping any, sep string, allowNil bool) any {
|
||||
// transformListOrMapping transforms pairs of strings that may be represented as
|
||||
// a map, or a list of '=' or ':' separated strings, into a list of ':' separated
|
||||
// strings.
|
||||
func transformListOrMapping(listOrMapping any, sep string, allowNil bool, allowSeps []string) []string {
|
||||
switch value := listOrMapping.(type) {
|
||||
case map[string]any:
|
||||
return toStringList(value, sep, allowNil)
|
||||
case []any:
|
||||
return listOrMapping
|
||||
result := make([]string, 0, len(value))
|
||||
for _, entry := range value {
|
||||
for i, allowSep := range allowSeps {
|
||||
entry := fmt.Sprint(entry)
|
||||
k, v, ok := strings.Cut(entry, allowSep)
|
||||
if ok {
|
||||
// Entry uses this allowed separator. Add it to the result, using
|
||||
// sep as a separator.
|
||||
result = append(result, fmt.Sprintf("%s%s%s", k, sep, v))
|
||||
break
|
||||
} else if i == len(allowSeps)-1 {
|
||||
// No more separators to try, keep the entry if allowNil.
|
||||
if allowNil {
|
||||
result = append(result, k)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return result
|
||||
}
|
||||
panic(errors.Errorf("expected a map or a list, got %T: %#v", listOrMapping, listOrMapping))
|
||||
}
|
||||
|
||||
func transformMappingOrListFunc(sep string, allowNil bool) TransformerFunc {
|
||||
return func(data any) (any, error) {
|
||||
return transformMappingOrList(data, sep, allowNil), nil
|
||||
}
|
||||
}
|
||||
|
||||
func transformMappingOrList(mappingOrList any, sep string, allowNil bool) any {
|
||||
switch values := mappingOrList.(type) {
|
||||
case map[string]any:
|
||||
|
||||
@ -1302,12 +1302,14 @@ services:
|
||||
extra_hosts:
|
||||
"zulu": "162.242.195.82"
|
||||
"alpha": "50.31.209.229"
|
||||
"beta": "[fd20:f8a7:6e5b::2]"
|
||||
"host.docker.internal": "host-gateway"
|
||||
`)
|
||||
assert.NilError(t, err)
|
||||
|
||||
expected := types.HostsList{
|
||||
"alpha:50.31.209.229",
|
||||
"beta:fd20:f8a7:6e5b::2",
|
||||
"host.docker.internal:host-gateway",
|
||||
"zulu:162.242.195.82",
|
||||
}
|
||||
@ -1324,16 +1326,25 @@ services:
|
||||
image: busybox
|
||||
extra_hosts:
|
||||
- "zulu:162.242.195.82"
|
||||
- "whiskey=162.242.195.83"
|
||||
- "alpha:50.31.209.229"
|
||||
- "zulu:ff02::1"
|
||||
- "host.docker.internal:host-gateway"
|
||||
- "whiskey=ff02::2"
|
||||
- "foxtrot=[ff02::3]"
|
||||
- "bravo:[ff02::4]"
|
||||
- "host.docker.internal=host-gateway"
|
||||
- "noaddress"
|
||||
`)
|
||||
assert.NilError(t, err)
|
||||
|
||||
expected := types.HostsList{
|
||||
"zulu:162.242.195.82",
|
||||
"whiskey:162.242.195.83",
|
||||
"alpha:50.31.209.229",
|
||||
"zulu:ff02::1",
|
||||
"whiskey:ff02::2",
|
||||
"foxtrot:ff02::3",
|
||||
"bravo:ff02::4",
|
||||
"host.docker.internal:host-gateway",
|
||||
}
|
||||
|
||||
|
||||
@ -1146,6 +1146,7 @@ __docker_complete_plugin() {
|
||||
local path=$1
|
||||
local completionCommand="__completeNoDesc"
|
||||
local resultArray=($path $completionCommand)
|
||||
local current="$cur"
|
||||
for value in "${words[@]:2}"; do
|
||||
if [ -z "$value" ]; then
|
||||
resultArray+=( "''" )
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
variable "GO_VERSION" {
|
||||
default = "1.21.6"
|
||||
default = "1.21.8"
|
||||
}
|
||||
variable "VERSION" {
|
||||
default = ""
|
||||
@ -186,6 +186,7 @@ target "bin-image-cross" {
|
||||
"linux/arm64",
|
||||
"linux/ppc64le",
|
||||
"linux/s390x",
|
||||
"windows/amd64"
|
||||
"windows/amd64",
|
||||
"windows/arm64"
|
||||
]
|
||||
}
|
||||
|
||||
@ -14,13 +14,13 @@ PACKAGER_NAME ?=
|
||||
|
||||
DEV_DOCKER_IMAGE_NAME = docker-cli-dev$(IMAGE_TAG)
|
||||
E2E_IMAGE_NAME = docker-cli-e2e
|
||||
E2E_ENGINE_VERSION ?=
|
||||
ENGINE_VERSION ?=
|
||||
CACHE_VOLUME_NAME := docker-cli-dev-cache
|
||||
ifeq ($(DOCKER_CLI_GO_BUILD_CACHE),y)
|
||||
DOCKER_CLI_MOUNTS += -v "$(CACHE_VOLUME_NAME):/root/.cache/go-build"
|
||||
endif
|
||||
VERSION = $(shell cat VERSION)
|
||||
ENVVARS = -e VERSION=$(VERSION) -e GITCOMMIT -e PLATFORM -e TESTFLAGS -e TESTDIRS -e GOOS -e GOARCH -e GOARM -e TEST_ENGINE_VERSION=$(E2E_ENGINE_VERSION)
|
||||
ENVVARS = -e VERSION=$(VERSION) -e GITCOMMIT -e PLATFORM -e TESTFLAGS -e TESTDIRS -e GOOS -e GOARCH -e GOARM -e ENGINE_VERSION
|
||||
|
||||
# Some Dockerfiles use features that are only supported with BuildKit enabled
|
||||
export DOCKER_BUILDKIT=1
|
||||
@ -132,21 +132,21 @@ test-e2e: test-e2e-non-experimental test-e2e-experimental test-e2e-connhelper-ss
|
||||
|
||||
.PHONY: test-e2e-experimental
|
||||
test-e2e-experimental: build-e2e-image # run experimental e2e tests
|
||||
docker run --rm $(ENVVARS) -e DOCKERD_EXPERIMENTAL=1 -e TEST_ENGINE_VERSION=$(E2E_ENGINE_VERSION) \
|
||||
docker run --rm $(ENVVARS) -e DOCKERD_EXPERIMENTAL=1 \
|
||||
--mount type=bind,src=$(CURDIR)/build/coverage,dst=/tmp/coverage \
|
||||
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
|
||||
$(E2E_IMAGE_NAME)
|
||||
|
||||
.PHONY: test-e2e-non-experimental
|
||||
test-e2e-non-experimental: build-e2e-image # run non-experimental e2e tests
|
||||
docker run --rm $(ENVVARS) -e TEST_ENGINE_VERSION=$(E2E_ENGINE_VERSION) \
|
||||
docker run --rm $(ENVVARS) \
|
||||
--mount type=bind,src=$(CURDIR)/build/coverage,dst=/tmp/coverage \
|
||||
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
|
||||
$(E2E_IMAGE_NAME)
|
||||
|
||||
.PHONY: test-e2e-connhelper-ssh
|
||||
test-e2e-connhelper-ssh: build-e2e-image # run experimental SSH-connection helper e2e tests
|
||||
docker run --rm $(ENVVARS) -e DOCKERD_EXPERIMENTAL=1 -e TEST_ENGINE_VERSION=$(E2E_ENGINE_VERSION) -e TEST_CONNHELPER=ssh \
|
||||
docker run --rm $(ENVVARS) -e DOCKERD_EXPERIMENTAL=1 -e TEST_CONNHELPER=ssh \
|
||||
--mount type=bind,src=$(CURDIR)/build/coverage,dst=/tmp/coverage \
|
||||
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
|
||||
$(E2E_IMAGE_NAME)
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG GO_VERSION=1.21.6
|
||||
ARG GO_VERSION=1.21.8
|
||||
ARG ALPINE_VERSION=3.18
|
||||
|
||||
ARG BUILDX_VERSION=0.12.1
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG GO_VERSION=1.21.6
|
||||
ARG GO_VERSION=1.21.8
|
||||
ARG ALPINE_VERSION=3.18
|
||||
ARG GOLANGCI_LINT_VERSION=v1.55.2
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG GO_VERSION=1.21.6
|
||||
ARG GO_VERSION=1.21.8
|
||||
ARG ALPINE_VERSION=3.18
|
||||
ARG MODOUTDATED_VERSION=v0.8.0
|
||||
|
||||
|
||||
@ -55,11 +55,11 @@ the registry.
|
||||
|
||||
- `entrypoint` string array
|
||||
|
||||
Entrypoint of the plugin, see [`ENTRYPOINT`](https://docs.docker.com/engine/reference/builder/#entrypoint)
|
||||
Entrypoint of the plugin, see [`ENTRYPOINT`](https://docs.docker.com/reference/dockerfile/#entrypoint)
|
||||
|
||||
- `workdir` string
|
||||
|
||||
Working directory of the plugin, see [`WORKDIR`](https://docs.docker.com/engine/reference/builder/#workdir)
|
||||
Working directory of the plugin, see [`WORKDIR`](https://docs.docker.com/reference/dockerfile/#workdir)
|
||||
|
||||
- `network` PluginNetwork
|
||||
|
||||
|
||||
@ -60,6 +60,7 @@ The sections below provide an overview of available third-party plugins.
|
||||
| [Infinit volume plugin](https://infinit.sh/documentation/docker/volume-plugin) | A volume plugin that makes it easy to mount and manage Infinit volumes using Docker. |
|
||||
| [IPFS Volume Plugin](https://github.com/vdemeester/docker-volume-ipfs) | An open source volume plugin that allows using an [ipfs](https://ipfs.io/) filesystem as a volume. |
|
||||
| [Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz) | A plugin that provides credentials and secret management using Keywhiz as a central repository. |
|
||||
| [Linode Volume Plugin](https://github.com/linode/docker-volume-linode) | A plugin that adds the ability to manage Linode Block Storage as Docker Volumes from within a Linode. |
|
||||
| [Local Persist Plugin](https://github.com/CWSpear/local-persist) | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`. |
|
||||
| [NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP) | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future. |
|
||||
| [Netshare plugin](https://github.com/ContainX/docker-volume-netshare) | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems. |
|
||||
|
||||
@ -104,7 +104,7 @@ Enable the authorization plugin with a dedicated command line flag in the
|
||||
`--authorization-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID`
|
||||
value. This value can be the plugin’s socket or a path to a specification file.
|
||||
Authorization plugins can be loaded without restarting the daemon. Refer
|
||||
to the [`dockerd` documentation](../reference/commandline/dockerd.md#configuration-reload-behavior) for more information.
|
||||
to the [`dockerd` documentation](https://docs.docker.com/reference/cli/dockerd/#configuration-reload-behavior) for more information.
|
||||
|
||||
```console
|
||||
$ dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
|
||||
|
||||
@ -13,7 +13,7 @@ Attach local standard input, output, and error streams to a running container
|
||||
|:----------------|:---------|:--------|:----------------------------------------------------|
|
||||
| `--detach-keys` | `string` | | Override the key sequence for detaching a container |
|
||||
| `--no-stdin` | | | Do not attach STDIN |
|
||||
| `--sig-proxy` | | | Proxy all received signals to the process |
|
||||
| `--sig-proxy` | `bool` | `true` | Proxy all received signals to the process |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -21,7 +21,7 @@ Build an image from a Dockerfile
|
||||
| `-c`, `--cpu-shares` | `int64` | `0` | CPU shares (relative weight) |
|
||||
| `--cpuset-cpus` | `string` | | CPUs in which to allow execution (0-3, 0,1) |
|
||||
| `--cpuset-mems` | `string` | | MEMs in which to allow execution (0-3, 0,1) |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `-f`, `--file` | `string` | | Name of the Dockerfile (Default is `PATH/Dockerfile`) |
|
||||
| `--force-rm` | | | Always remove intermediate containers |
|
||||
| `--iidfile` | `string` | | Write the image ID to the file |
|
||||
@ -34,7 +34,7 @@ Build an image from a Dockerfile
|
||||
| `--platform` | `string` | | Set platform if server is multi-platform capable |
|
||||
| `--pull` | | | Always attempt to pull a newer version of the image |
|
||||
| `-q`, `--quiet` | | | Suppress the build output and print image ID on success |
|
||||
| `--rm` | | | Remove intermediate containers after a successful build |
|
||||
| `--rm` | `bool` | `true` | Remove intermediate containers after a successful build |
|
||||
| `--security-opt` | `stringSlice` | | Security options |
|
||||
| `--shm-size` | `bytes` | `0` | Size of `/dev/shm` |
|
||||
| `--squash` | | | Squash newly built layers into a single new layer |
|
||||
|
||||
@ -21,7 +21,7 @@ Build an image from a Dockerfile
|
||||
| `-c`, `--cpu-shares` | `int64` | `0` | CPU shares (relative weight) |
|
||||
| `--cpuset-cpus` | `string` | | CPUs in which to allow execution (0-3, 0,1) |
|
||||
| `--cpuset-mems` | `string` | | MEMs in which to allow execution (0-3, 0,1) |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `-f`, `--file` | `string` | | Name of the Dockerfile (Default is `PATH/Dockerfile`) |
|
||||
| `--force-rm` | | | Always remove intermediate containers |
|
||||
| `--iidfile` | `string` | | Write the image ID to the file |
|
||||
@ -34,7 +34,7 @@ Build an image from a Dockerfile
|
||||
| `--platform` | `string` | | Set platform if server is multi-platform capable |
|
||||
| `--pull` | | | Always attempt to pull a newer version of the image |
|
||||
| `-q`, `--quiet` | | | Suppress the build output and print image ID on success |
|
||||
| `--rm` | | | Remove intermediate containers after a successful build |
|
||||
| `--rm` | `bool` | `true` | Remove intermediate containers after a successful build |
|
||||
| `--security-opt` | `stringSlice` | | Security options |
|
||||
| `--shm-size` | `bytes` | `0` | Size of `/dev/shm` |
|
||||
| `--squash` | | | Squash newly built layers into a single new layer |
|
||||
@ -47,4 +47,4 @@ Build an image from a Dockerfile
|
||||
|
||||
## Description
|
||||
|
||||
See [docker build](build.md) for more information.
|
||||
See [docker build](image_build.md) for more information.
|
||||
|
||||
@ -10,105 +10,8 @@ aliases:
|
||||
- /engine/reference/commandline/engine_update/
|
||||
---
|
||||
|
||||
<!-- This file is maintained within the docker/cli GitHub
|
||||
repository at https://github.com/docker/cli/. Make all
|
||||
pull requests against that repo. If you see this file in
|
||||
another repository, consider it read-only there, as it will
|
||||
periodically be overwritten by the definitive file. Pull
|
||||
requests which include edits to this file in other repositories
|
||||
will be rejected.
|
||||
-->
|
||||
|
||||
# docker
|
||||
|
||||
To list available commands, either run `docker` with no parameters
|
||||
or execute `docker help`:
|
||||
|
||||
<!---MARKER_GEN_START-->
|
||||
The base command for the Docker CLI.
|
||||
|
||||
### Subcommands
|
||||
|
||||
| Name | Description |
|
||||
|:------------------------------|:------------------------------------------------------------------------------|
|
||||
| [`attach`](attach.md) | Attach local standard input, output, and error streams to a running container |
|
||||
| [`build`](build.md) | Build an image from a Dockerfile |
|
||||
| [`builder`](builder.md) | Manage builds |
|
||||
| [`checkpoint`](checkpoint.md) | Manage checkpoints |
|
||||
| [`commit`](commit.md) | Create a new image from a container's changes |
|
||||
| [`config`](config.md) | Manage Swarm configs |
|
||||
| [`container`](container.md) | Manage containers |
|
||||
| [`context`](context.md) | Manage contexts |
|
||||
| [`cp`](cp.md) | Copy files/folders between a container and the local filesystem |
|
||||
| [`create`](create.md) | Create a new container |
|
||||
| [`diff`](diff.md) | Inspect changes to files or directories on a container's filesystem |
|
||||
| [`events`](events.md) | Get real time events from the server |
|
||||
| [`exec`](exec.md) | Execute a command in a running container |
|
||||
| [`export`](export.md) | Export a container's filesystem as a tar archive |
|
||||
| [`history`](history.md) | Show the history of an image |
|
||||
| [`image`](image.md) | Manage images |
|
||||
| [`images`](images.md) | List images |
|
||||
| [`import`](import.md) | Import the contents from a tarball to create a filesystem image |
|
||||
| [`info`](info.md) | Display system-wide information |
|
||||
| [`inspect`](inspect.md) | Return low-level information on Docker objects |
|
||||
| [`kill`](kill.md) | Kill one or more running containers |
|
||||
| [`load`](load.md) | Load an image from a tar archive or STDIN |
|
||||
| [`login`](login.md) | Log in to a registry |
|
||||
| [`logout`](logout.md) | Log out from a registry |
|
||||
| [`logs`](logs.md) | Fetch the logs of a container |
|
||||
| [`manifest`](manifest.md) | Manage Docker image manifests and manifest lists |
|
||||
| [`network`](network.md) | Manage networks |
|
||||
| [`node`](node.md) | Manage Swarm nodes |
|
||||
| [`pause`](pause.md) | Pause all processes within one or more containers |
|
||||
| [`plugin`](plugin.md) | Manage plugins |
|
||||
| [`port`](port.md) | List port mappings or a specific mapping for the container |
|
||||
| [`ps`](ps.md) | List containers |
|
||||
| [`pull`](pull.md) | Download an image from a registry |
|
||||
| [`push`](push.md) | Upload an image to a registry |
|
||||
| [`rename`](rename.md) | Rename a container |
|
||||
| [`restart`](restart.md) | Restart one or more containers |
|
||||
| [`rm`](rm.md) | Remove one or more containers |
|
||||
| [`rmi`](rmi.md) | Remove one or more images |
|
||||
| [`run`](run.md) | Create and run a new container from an image |
|
||||
| [`save`](save.md) | Save one or more images to a tar archive (streamed to STDOUT by default) |
|
||||
| [`search`](search.md) | Search Docker Hub for images |
|
||||
| [`secret`](secret.md) | Manage Swarm secrets |
|
||||
| [`service`](service.md) | Manage Swarm services |
|
||||
| [`stack`](stack.md) | Manage Swarm stacks |
|
||||
| [`start`](start.md) | Start one or more stopped containers |
|
||||
| [`stats`](stats.md) | Display a live stream of container(s) resource usage statistics |
|
||||
| [`stop`](stop.md) | Stop one or more running containers |
|
||||
| [`swarm`](swarm.md) | Manage Swarm |
|
||||
| [`system`](system.md) | Manage Docker |
|
||||
| [`tag`](tag.md) | Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE |
|
||||
| [`top`](top.md) | Display the running processes of a container |
|
||||
| [`trust`](trust.md) | Manage trust on Docker images |
|
||||
| [`unpause`](unpause.md) | Unpause all processes within one or more containers |
|
||||
| [`update`](update.md) | Update configuration of one or more containers |
|
||||
| [`version`](version.md) | Show the Docker version information |
|
||||
| [`volume`](volume.md) | Manage volumes |
|
||||
| [`wait`](wait.md) | Block until one or more containers stop, then print their exit codes |
|
||||
|
||||
|
||||
### Options
|
||||
|
||||
| Name | Type | Default | Description |
|
||||
|:---------------------------------|:---------|:-------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `--config` | `string` | `/root/.docker` | Location of client config files |
|
||||
| `-c`, `--context` | `string` | | Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with `docker context use`) |
|
||||
| `-D`, `--debug` | | | Enable debug mode |
|
||||
| [`-H`](#host), [`--host`](#host) | `list` | | Daemon socket to connect to |
|
||||
| `-l`, `--log-level` | `string` | `info` | Set the logging level (`debug`, `info`, `warn`, `error`, `fatal`) |
|
||||
| `--tls` | | | Use TLS; implied by --tlsverify |
|
||||
| `--tlscacert` | `string` | `/root/.docker/ca.pem` | Trust certs signed only by this CA |
|
||||
| `--tlscert` | `string` | `/root/.docker/cert.pem` | Path to TLS certificate file |
|
||||
| `--tlskey` | `string` | `/root/.docker/key.pem` | Path to TLS key file |
|
||||
| `--tlsverify` | | | Use TLS and verify the remote |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
## Description
|
||||
The base command for the Docker CLI is `docker`. For information about the
|
||||
available flags and subcommands, refer to the [CLI reference](https://docs.docker.com/reference/cli/docker/)
|
||||
|
||||
Depending on your Docker system configuration, you may be required to preface
|
||||
each `docker` command with `sudo`. To avoid having to use `sudo` with the
|
||||
@ -123,20 +26,20 @@ the [installation](https://docs.docker.com/install/) instructions for your opera
|
||||
The following list of environment variables are supported by the `docker` command
|
||||
line:
|
||||
|
||||
| Variable | Description |
|
||||
|:------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `DOCKER_API_VERSION` | Override the negotiated API version to use for debugging (e.g. `1.19`) |
|
||||
| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) |
|
||||
| `DOCKER_CONFIG` | The location of your client configuration files. |
|
||||
| `DOCKER_CONTENT_TRUST_SERVER` | The URL of the Notary server to use. Defaults to the same URL as the registry. |
|
||||
| `DOCKER_CONTENT_TRUST` | When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. |
|
||||
| `DOCKER_CONTEXT` | Name of the `docker context` to use (overrides `DOCKER_HOST` env var and default context set with `docker context use`) |
|
||||
| `DOCKER_DEFAULT_PLATFORM` | Default platform for commands that take the `--platform` flag. |
|
||||
| `DOCKER_HIDE_LEGACY_COMMANDS` | When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release. |
|
||||
| `DOCKER_HOST` | Daemon socket to connect to. |
|
||||
| `DOCKER_TLS` | Enable TLS for connections made by the `docker` CLI (equivalent of the `--tls` command-line option). Set to a non-empty value to enable TLS. Note that TLS is enabled automatically if any of the other TLS options are set. |
|
||||
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) |
|
||||
| `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`) when [building](build.md) with [BuildKit backend](https://docs.docker.com/build/buildkit/). Use plain to show container output (default `auto`). |
|
||||
| Variable | Description |
|
||||
| :---------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `DOCKER_API_VERSION` | Override the negotiated API version to use for debugging (e.g. `1.19`) |
|
||||
| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the `docker` CLI and the [`dockerd` daemon](https://docs.docker.com/reference/cli/dockerd/) |
|
||||
| `DOCKER_CONFIG` | The location of your client configuration files. |
|
||||
| `DOCKER_CONTENT_TRUST_SERVER` | The URL of the Notary server to use. Defaults to the same URL as the registry. |
|
||||
| `DOCKER_CONTENT_TRUST` | When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. |
|
||||
| `DOCKER_CONTEXT` | Name of the `docker context` to use (overrides `DOCKER_HOST` env var and default context set with `docker context use`) |
|
||||
| `DOCKER_DEFAULT_PLATFORM` | Default platform for commands that take the `--platform` flag. |
|
||||
| `DOCKER_HIDE_LEGACY_COMMANDS` | When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release. |
|
||||
| `DOCKER_HOST` | Daemon socket to connect to. |
|
||||
| `DOCKER_TLS` | Enable TLS for connections made by the `docker` CLI (equivalent of the `--tls` command-line option). Set to a non-empty value to enable TLS. Note that TLS is enabled automatically if any of the other TLS options are set. |
|
||||
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](https://docs.docker.com/reference/cli/dockerd/) |
|
||||
| `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`, `rawjson`) when [building](https://docs.docker.com/reference/cli/docker/image/build/) with [BuildKit backend](https://docs.docker.com/build/buildkit/). Use plain to show container output (default `auto`). |
|
||||
|
||||
Because Docker is developed using Go, you can also use any environment
|
||||
variables used by the Go runtime. In particular, you may find these useful:
|
||||
@ -212,20 +115,20 @@ different location.
|
||||
These fields lets you customize the default output format for some commands
|
||||
if no `--format` flag is provided.
|
||||
|
||||
| Property | Description |
|
||||
| :--------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| `configFormat` | Custom default format for `docker config ls` output. See [`docker config ls`](config_ls.md#format) for a list of supported formatting directives. |
|
||||
| `imagesFormat` | Custom default format for `docker images` / `docker image ls` output. See [`docker images`](images.md#format) for a list of supported formatting directives. |
|
||||
| `networksFormat` | Custom default format for `docker network ls` output. See [`docker network ls`](network_ls.md#format) for a list of supported formatting directives. |
|
||||
| `nodesFormat` | Custom default format for `docker node ls` output. See [`docker node ls`](node_ls.md#format) for a list of supported formatting directives. |
|
||||
| `pluginsFormat` | Custom default format for `docker plugin ls` output. See [`docker plugin ls`](plugin_ls.md#format) for a list of supported formatting directives. |
|
||||
| `psFormat` | Custom default format for `docker ps` / `docker container ps` output. See [`docker ps`](ps.md#format) for a list of supported formatting directives. |
|
||||
| `secretFormat` | Custom default format for `docker secret ls` output. See [`docker secret ls`](secret_ls.md#format) for a list of supported formatting directives. |
|
||||
| `serviceInspectFormat` | Custom default format for `docker service inspect` output. See [`docker service inspect`](service_inspect.md#format) for a list of supported formatting directives. |
|
||||
| `servicesFormat` | Custom default format for `docker service ls` output. See [`docker service ls`](service_ls.md#format) for a list of supported formatting directives. |
|
||||
| `statsFormat` | Custom default format for `docker stats` output. See [`docker stats`](stats.md#format) for a list of supported formatting directives. |
|
||||
| `tasksFormat` | Custom default format for `docker stack ps` output. See [`docker stack ps`](stack_ps.md#format) for a list of supported formatting directives. |
|
||||
| `volumesFormat` | Custom default format for `docker volume ls` output. See [`docker volume ls`](volume_ls.md#format) for a list of supported formatting directives. |
|
||||
| Property | Description |
|
||||
| :--------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `configFormat` | Custom default format for `docker config ls` output. See [`docker config ls`](https://docs.docker.com/reference/cli/docker/config/ls/#format) for a list of supported formatting directives. |
|
||||
| `imagesFormat` | Custom default format for `docker images` / `docker image ls` output. See [`docker images`](https://docs.docker.com/reference/cli/docker/image/ls/#format) for a list of supported formatting directives. |
|
||||
| `networksFormat` | Custom default format for `docker network ls` output. See [`docker network ls`](https://docs.docker.com/reference/cli/docker/network/ls/#format) for a list of supported formatting directives. |
|
||||
| `nodesFormat` | Custom default format for `docker node ls` output. See [`docker node ls`](https://docs.docker.com/reference/cli/docker/node/ls/#format) for a list of supported formatting directives. |
|
||||
| `pluginsFormat` | Custom default format for `docker plugin ls` output. See [`docker plugin ls`](https://docs.docker.com/reference/cli/docker/plugin/ls/#format) for a list of supported formatting directives. |
|
||||
| `psFormat` | Custom default format for `docker ps` / `docker container ps` output. See [`docker ps`](https://docs.docker.com/reference/cli/docker/container/ls/#format) for a list of supported formatting directives. |
|
||||
| `secretFormat` | Custom default format for `docker secret ls` output. See [`docker secret ls`](https://docs.docker.com/reference/cli/docker/secret/ls/#format) for a list of supported formatting directives. |
|
||||
| `serviceInspectFormat` | Custom default format for `docker service inspect` output. See [`docker service inspect`](https://docs.docker.com/reference/cli/docker/service/inspect/#format) for a list of supported formatting directives. |
|
||||
| `servicesFormat` | Custom default format for `docker service ls` output. See [`docker service ls`](https://docs.docker.com/reference/cli/docker/service/ls/#format) for a list of supported formatting directives. |
|
||||
| `statsFormat` | Custom default format for `docker stats` output. See [`docker stats`](https://docs.docker.com/reference/cli/docker/container/stats/#format) for a list of supported formatting directives. |
|
||||
| `tasksFormat` | Custom default format for `docker stack ps` output. See [`docker stack ps`](https://docs.docker.com/reference/cli/docker/stack/ps/#format) for a list of supported formatting directives. |
|
||||
| `volumesFormat` | Custom default format for `docker volume ls` output. See [`docker volume ls`](https://docs.docker.com/reference/cli/docker/volume/ls/#format) for a list of supported formatting directives. |
|
||||
|
||||
### Custom HTTP headers
|
||||
|
||||
@ -241,14 +144,14 @@ credential store. When this property is set, `docker login` will attempt to
|
||||
store credentials in the binary specified by `docker-credential-<value>` which
|
||||
is visible on `$PATH`. If this property isn't set, credentials are stored
|
||||
in the `auths` property of the CLI configuration file. For more information,
|
||||
see the [**Credential stores** section in the `docker login` documentation](login.md#credential-stores)
|
||||
see the [**Credential stores** section in the `docker login` documentation](https://docs.docker.com/reference/cli/docker/login/#credential-stores)
|
||||
|
||||
The property `credHelpers` specifies a set of credential helpers to use
|
||||
preferentially over `credsStore` or `auths` when storing and retrieving
|
||||
credentials for specific registries. If this property is set, the binary
|
||||
`docker-credential-<value>` will be used when storing or retrieving credentials
|
||||
for a specific registry. For more information, see the
|
||||
[**Credential helpers** section in the `docker login` documentation](login.md#credential-helpers)
|
||||
[**Credential helpers** section in the `docker login` documentation](https://docs.docker.com/reference/cli/docker/login/#credential-helpers)
|
||||
|
||||
### Automatic proxy configuration for containers
|
||||
|
||||
@ -396,12 +299,12 @@ commands use the following default sockets:
|
||||
- `npipe:////./pipe/docker_engine` on Windows
|
||||
|
||||
To achieve a similar effect without having to specify the `-H` flag for every
|
||||
command, you could also [create a context](context_create.md),
|
||||
command, you could also [create a context](https://docs.docker.com/reference/cli/docker/context/create/),
|
||||
or alternatively, use the
|
||||
[`DOCKER_HOST` environment variable](#environment-variables).
|
||||
|
||||
For more information about the `-H` flag, see
|
||||
[Daemon socket option](dockerd.md#daemon-socket-option).
|
||||
[Daemon socket option](https://docs.docker.com/reference/cli/dockerd/#daemon-socket-option).
|
||||
|
||||
#### Using TCP sockets
|
||||
|
||||
|
||||
@ -14,7 +14,7 @@ Create a new image from a container's changes
|
||||
| `-a`, `--author` | `string` | | Author (e.g., `John Hannibal Smith <hannibal@a-team.com>`) |
|
||||
| `-c`, `--change` | `list` | | Apply Dockerfile instruction to the created image |
|
||||
| `-m`, `--message` | `string` | | Commit message |
|
||||
| `-p`, `--pause` | | | Pause container during commit |
|
||||
| `-p`, `--pause` | `bool` | `true` | Pause container during commit |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -13,7 +13,7 @@ Attach local standard input, output, and error streams to a running container
|
||||
|:--------------------------------|:---------|:--------|:----------------------------------------------------|
|
||||
| [`--detach-keys`](#detach-keys) | `string` | | Override the key sequence for detaching a container |
|
||||
| `--no-stdin` | | | Do not attach STDIN |
|
||||
| `--sig-proxy` | | | Proxy all received signals to the process |
|
||||
| `--sig-proxy` | `bool` | `true` | Proxy all received signals to the process |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
@ -164,4 +164,4 @@ the following:
|
||||
|
||||
These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key
|
||||
sequences. To configure a different configuration default key sequence for all
|
||||
containers, see [**Configuration file** section](cli.md#configuration-files).
|
||||
containers, see [**Configuration file** section](https://docs.docker.com/engine/reference/commandline/cli/#configuration-files).
|
||||
|
||||
@ -14,7 +14,7 @@ Create a new image from a container's changes
|
||||
| `-a`, `--author` | `string` | | Author (e.g., `John Hannibal Smith <hannibal@a-team.com>`) |
|
||||
| [`-c`](#change), [`--change`](#change) | `list` | | Apply Dockerfile instruction to the created image |
|
||||
| `-m`, `--message` | `string` | | Commit message |
|
||||
| `-p`, `--pause` | | | Pause container during commit |
|
||||
| `-p`, `--pause` | `bool` | `true` | Pause container during commit |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -112,7 +112,7 @@ $ docker cp CONTAINER:/var/logs/app.log - | tar x -O | grep "ERROR"
|
||||
### Corner cases
|
||||
|
||||
It isn't possible to copy certain system files such as resources under
|
||||
`/proc`, `/sys`, `/dev`, [tmpfs](run.md#tmpfs), and mounts created by
|
||||
`/proc`, `/sys`, `/dev`, [tmpfs](container_run.md#tmpfs), and mounts created by
|
||||
the user in the container. However, you can still copy such files by manually
|
||||
running `tar` in `docker exec`. Both of the following examples do the same thing
|
||||
in different ways (consider `SRC_PATH` and `DEST_PATH` are directories):
|
||||
|
||||
@ -37,7 +37,7 @@ Create a new container
|
||||
| `--device-read-iops` | `list` | | Limit read rate (IO per second) from a device |
|
||||
| `--device-write-bps` | `list` | | Limit write rate (bytes per second) to a device |
|
||||
| `--device-write-iops` | `list` | | Limit write rate (IO per second) to a device |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--dns` | `list` | | Set custom DNS servers |
|
||||
| `--dns-option` | `list` | | Set DNS options |
|
||||
| `--dns-search` | `list` | | Set custom DNS search domains |
|
||||
@ -131,8 +131,8 @@ so that it's ready to start when you need it. The initial status of the
|
||||
new container is `created`.
|
||||
|
||||
The `docker create` command shares most of its options with the `docker run`
|
||||
command (which performs a `docker create` before starting it). Refer to the
|
||||
[`docker run` command](run.md) section and the [Docker run reference](../run.md)
|
||||
command (which performs a `docker create` before starting it).
|
||||
Refer to the [`docker run` CLI reference](container_run.md)
|
||||
for details on the available flags and options.
|
||||
|
||||
## Examples
|
||||
|
||||
@ -39,7 +39,7 @@ Create and run a new container from an image
|
||||
| `--device-read-iops` | `list` | | Limit read rate (IO per second) from a device |
|
||||
| `--device-write-bps` | `list` | | Limit write rate (bytes per second) to a device |
|
||||
| `--device-write-iops` | `list` | | Limit write rate (IO per second) to a device |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--dns` | `list` | | Set custom DNS servers |
|
||||
| `--dns-option` | `list` | | Set DNS options |
|
||||
| `--dns-search` | `list` | | Set custom DNS search domains |
|
||||
@ -99,7 +99,7 @@ Create and run a new container from an image
|
||||
| `--runtime` | `string` | | Runtime to use for this container |
|
||||
| [`--security-opt`](#security-opt) | `list` | | Security Options |
|
||||
| `--shm-size` | `bytes` | `0` | Size of /dev/shm |
|
||||
| `--sig-proxy` | | | Proxy received signals to the process |
|
||||
| `--sig-proxy` | `bool` | `true` | Proxy received signals to the process |
|
||||
| [`--stop-signal`](#stop-signal) | `string` | | Signal to stop the container |
|
||||
| [`--stop-timeout`](#stop-timeout) | `int` | `0` | Timeout (in seconds) to stop a container |
|
||||
| [`--storage-opt`](#storage-opt) | `list` | | Storage driver options for the container |
|
||||
@ -787,7 +787,7 @@ the following:
|
||||
|
||||
These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key
|
||||
sequences. To configure a different configuration default key sequence for all
|
||||
containers, see [**Configuration file** section](cli.md#configuration-files).
|
||||
containers, see [**Configuration file** section](https://docs.docker.com/engine/reference/commandline/cli/#configuration-files).
|
||||
|
||||
### <a name="device"></a> Add host device to container (--device)
|
||||
|
||||
@ -858,6 +858,38 @@ PS C:\> docker run --device=class/86E0D1E0-8089-11D0-9CE4-08003E301F73 mcr.micro
|
||||
> The `--device` option is only supported on process-isolated Windows containers,
|
||||
> and produces an error if the container isolation is `hyperv`.
|
||||
|
||||
#### CDI devices
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> This is experimental feature and as such doesn't represent a stable API.
|
||||
|
||||
Container Device Interface (CDI) is a
|
||||
[standardized](https://github.com/cncf-tags/container-device-interface/blob/main/SPEC.md)
|
||||
mechanism for container runtimes to create containers which are able to
|
||||
interact with third party devices.
|
||||
|
||||
With CDI, device configurations are defined using a JSON file. In addition to
|
||||
enabling the container to interact with the device node, it also lets you
|
||||
specify additional configuration for the device, such as kernel modules, host
|
||||
libraries, and environment variables.
|
||||
|
||||
You can reference a CDI device with the `--device` flag using the
|
||||
fully-qualified name of the device, as shown in the following example:
|
||||
|
||||
```console
|
||||
$ docker run --device=vendor.com/class=device-name --rm -it ubuntu
|
||||
```
|
||||
|
||||
This starts an `ubuntu` container with access to the specified CDI device,
|
||||
`vendor.com/class=device-name`, assuming that:
|
||||
|
||||
- A valid CDI specification (JSON file) for the requested device is available
|
||||
on the system running the daemon, in one of the configured CDI specification
|
||||
directories.
|
||||
- The CDI feature has been enabled on the daemon side, see [Enable CDI
|
||||
devices](https://docs.docker.com/reference/cli/dockerd/#enable-cdi-devices).
|
||||
|
||||
### <a name="attach"></a> Attach to STDIN/STDOUT/STDERR (-a, --attach)
|
||||
|
||||
The `--attach` (or `-a`) flag tells `docker run` to bind to the container's
|
||||
@ -900,7 +932,7 @@ $ cat somefile | docker run -i -a stdin mybuilder dobuild
|
||||
> Linux: it ignores any signal with the default action. So, the process
|
||||
> doesn't terminate on `SIGINT` or `SIGTERM` unless it's coded to do so.
|
||||
|
||||
See also [the `docker cp` command](cp.md).
|
||||
See also [the `docker cp` command](container_cp.md).
|
||||
|
||||
### <a name="interactive"></a> Keep STDIN open (-i, --interactive)
|
||||
|
||||
@ -1016,6 +1048,11 @@ the required device when it is added.
|
||||
The `--gpus` flag allows you to access NVIDIA GPU resources. First you need to
|
||||
install the [nvidia-container-runtime](https://nvidia.github.io/nvidia-container-runtime/).
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> You can also specify a GPU as a CDI device with the `--device` flag, see
|
||||
> [CDI devices](#cdi-devices).
|
||||
|
||||
Read [Specify a container's resources](https://docs.docker.com/config/containers/resource_constraints/)
|
||||
for more information.
|
||||
|
||||
@ -1060,8 +1097,8 @@ This runs the `redis` container with a restart policy of **always**.
|
||||
If the container exits, Docker restarts it.
|
||||
|
||||
When a restart policy is active on a container, it shows as either `Up` or
|
||||
`Restarting` in [`docker ps`](ps.md). It can also be useful to use [`docker
|
||||
events`](events.md) to see the restart policy in effect.
|
||||
`Restarting` in [`docker ps`](container_ls.md). It can also be useful to use
|
||||
[`docker events`](system_events.md) to see the restart policy in effect.
|
||||
|
||||
An increasing delay (double the previous delay, starting at 100 milliseconds)
|
||||
is added before each restart to prevent flooding the server. This means the
|
||||
@ -1092,8 +1129,8 @@ restart limit is only valid for the **on-failure** policy.
|
||||
#### Inspect container restarts
|
||||
|
||||
The number of (attempted) restarts for a container can be obtained using the
|
||||
[`docker inspect`](commandline/inspect.md) command. For example, to get the
|
||||
number of restarts for container "my-container";
|
||||
[`docker inspect`](inspect.md) command. For example, to get the number of
|
||||
restarts for container "my-container";
|
||||
|
||||
```console
|
||||
$ docker inspect -f "{{ .RestartCount }}" my-container
|
||||
@ -1269,7 +1306,7 @@ container to exit. This signal can be a signal name in the format `SIG<NAME>`,
|
||||
for instance `SIGKILL`, or an unsigned number that matches a position in the
|
||||
kernel's syscall table, for instance `9`.
|
||||
|
||||
The default value is defined by [`STOPSIGNAL`](https://docs.docker.com/engine/reference/builder/#stopsignal)
|
||||
The default value is defined by [`STOPSIGNAL`](https://docs.docker.com/reference/dockerfile/#stopsignal)
|
||||
in the image, or `SIGTERM` if the image has no `STOPSIGNAL` defined.
|
||||
|
||||
### <a name="security-opt"></a> Optional security options (--security-opt)
|
||||
|
||||
@ -37,7 +37,7 @@ Create a new container
|
||||
| `--device-read-iops` | `list` | | Limit read rate (IO per second) from a device |
|
||||
| `--device-write-bps` | `list` | | Limit write rate (bytes per second) to a device |
|
||||
| `--device-write-iops` | `list` | | Limit write rate (IO per second) to a device |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--dns` | `list` | | Set custom DNS servers |
|
||||
| `--dns-option` | `list` | | Set DNS options |
|
||||
| `--dns-search` | `list` | | Set custom DNS search domains |
|
||||
|
||||
86
docs/reference/commandline/docker.md
Normal file
86
docs/reference/commandline/docker.md
Normal file
@ -0,0 +1,86 @@
|
||||
# docker
|
||||
|
||||
<!---MARKER_GEN_START-->
|
||||
The base command for the Docker CLI.
|
||||
|
||||
### Subcommands
|
||||
|
||||
| Name | Description |
|
||||
|:------------------------------|:------------------------------------------------------------------------------|
|
||||
| [`attach`](attach.md) | Attach local standard input, output, and error streams to a running container |
|
||||
| [`build`](build.md) | Build an image from a Dockerfile |
|
||||
| [`builder`](builder.md) | Manage builds |
|
||||
| [`checkpoint`](checkpoint.md) | Manage checkpoints |
|
||||
| [`commit`](commit.md) | Create a new image from a container's changes |
|
||||
| [`config`](config.md) | Manage Swarm configs |
|
||||
| [`container`](container.md) | Manage containers |
|
||||
| [`context`](context.md) | Manage contexts |
|
||||
| [`cp`](cp.md) | Copy files/folders between a container and the local filesystem |
|
||||
| [`create`](create.md) | Create a new container |
|
||||
| [`diff`](diff.md) | Inspect changes to files or directories on a container's filesystem |
|
||||
| [`events`](events.md) | Get real time events from the server |
|
||||
| [`exec`](exec.md) | Execute a command in a running container |
|
||||
| [`export`](export.md) | Export a container's filesystem as a tar archive |
|
||||
| [`history`](history.md) | Show the history of an image |
|
||||
| [`image`](image.md) | Manage images |
|
||||
| [`images`](images.md) | List images |
|
||||
| [`import`](import.md) | Import the contents from a tarball to create a filesystem image |
|
||||
| [`info`](info.md) | Display system-wide information |
|
||||
| [`inspect`](inspect.md) | Return low-level information on Docker objects |
|
||||
| [`kill`](kill.md) | Kill one or more running containers |
|
||||
| [`load`](load.md) | Load an image from a tar archive or STDIN |
|
||||
| [`login`](login.md) | Log in to a registry |
|
||||
| [`logout`](logout.md) | Log out from a registry |
|
||||
| [`logs`](logs.md) | Fetch the logs of a container |
|
||||
| [`manifest`](manifest.md) | Manage Docker image manifests and manifest lists |
|
||||
| [`network`](network.md) | Manage networks |
|
||||
| [`node`](node.md) | Manage Swarm nodes |
|
||||
| [`pause`](pause.md) | Pause all processes within one or more containers |
|
||||
| [`plugin`](plugin.md) | Manage plugins |
|
||||
| [`port`](port.md) | List port mappings or a specific mapping for the container |
|
||||
| [`ps`](ps.md) | List containers |
|
||||
| [`pull`](pull.md) | Download an image from a registry |
|
||||
| [`push`](push.md) | Upload an image to a registry |
|
||||
| [`rename`](rename.md) | Rename a container |
|
||||
| [`restart`](restart.md) | Restart one or more containers |
|
||||
| [`rm`](rm.md) | Remove one or more containers |
|
||||
| [`rmi`](rmi.md) | Remove one or more images |
|
||||
| [`run`](run.md) | Create and run a new container from an image |
|
||||
| [`save`](save.md) | Save one or more images to a tar archive (streamed to STDOUT by default) |
|
||||
| [`search`](search.md) | Search Docker Hub for images |
|
||||
| [`secret`](secret.md) | Manage Swarm secrets |
|
||||
| [`service`](service.md) | Manage Swarm services |
|
||||
| [`stack`](stack.md) | Manage Swarm stacks |
|
||||
| [`start`](start.md) | Start one or more stopped containers |
|
||||
| [`stats`](stats.md) | Display a live stream of container(s) resource usage statistics |
|
||||
| [`stop`](stop.md) | Stop one or more running containers |
|
||||
| [`swarm`](swarm.md) | Manage Swarm |
|
||||
| [`system`](system.md) | Manage Docker |
|
||||
| [`tag`](tag.md) | Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE |
|
||||
| [`top`](top.md) | Display the running processes of a container |
|
||||
| [`trust`](trust.md) | Manage trust on Docker images |
|
||||
| [`unpause`](unpause.md) | Unpause all processes within one or more containers |
|
||||
| [`update`](update.md) | Update configuration of one or more containers |
|
||||
| [`version`](version.md) | Show the Docker version information |
|
||||
| [`volume`](volume.md) | Manage volumes |
|
||||
| [`wait`](wait.md) | Block until one or more containers stop, then print their exit codes |
|
||||
|
||||
|
||||
### Options
|
||||
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------|:---------|:-------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `--config` | `string` | `/root/.docker` | Location of client config files |
|
||||
| `-c`, `--context` | `string` | | Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with `docker context use`) |
|
||||
| `-D`, `--debug` | | | Enable debug mode |
|
||||
| `-H`, `--host` | `list` | | Daemon socket to connect to |
|
||||
| `-l`, `--log-level` | `string` | `info` | Set the logging level (`debug`, `info`, `warn`, `error`, `fatal`) |
|
||||
| `--tls` | | | Use TLS; implied by --tlsverify |
|
||||
| `--tlscacert` | `string` | `/root/.docker/ca.pem` | Trust certs signed only by this CA |
|
||||
| `--tlscert` | `string` | `/root/.docker/cert.pem` | Path to TLS certificate file |
|
||||
| `--tlskey` | `string` | `/root/.docker/key.pem` | Path to TLS key file |
|
||||
| `--tlsverify` | | | Use TLS and verify the remote |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -12,7 +12,7 @@ Show the history of an image
|
||||
| Name | Type | Default | Description |
|
||||
|:----------------|:---------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `--format` | `string` | | Format output using a custom template:<br>'table': Print output in table format with column headers (default)<br>'table TEMPLATE': Print output in table format using the given Go template<br>'json': Print in JSON format<br>'TEMPLATE': Print output using the given Go template.<br>Refer to https://docs.docker.com/go/formatting/ for more information about formatting output with templates |
|
||||
| `-H`, `--human` | | | Print sizes and dates in human readable format |
|
||||
| `-H`, `--human` | `bool` | `true` | Print sizes and dates in human readable format |
|
||||
| `--no-trunc` | | | Don't truncate output |
|
||||
| `-q`, `--quiet` | | | Only show image IDs |
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@ Build an image from a Dockerfile
|
||||
| `-c`, `--cpu-shares` | `int64` | `0` | CPU shares (relative weight) |
|
||||
| `--cpuset-cpus` | `string` | | CPUs in which to allow execution (0-3, 0,1) |
|
||||
| `--cpuset-mems` | `string` | | MEMs in which to allow execution (0-3, 0,1) |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| [`-f`](#file), [`--file`](#file) | `string` | | Name of the Dockerfile (Default is `PATH/Dockerfile`) |
|
||||
| `--force-rm` | | | Always remove intermediate containers |
|
||||
| `--iidfile` | `string` | | Write the image ID to the file |
|
||||
@ -34,7 +34,7 @@ Build an image from a Dockerfile
|
||||
| `--platform` | `string` | | Set platform if server is multi-platform capable |
|
||||
| `--pull` | | | Always attempt to pull a newer version of the image |
|
||||
| `-q`, `--quiet` | | | Suppress the build output and print image ID on success |
|
||||
| `--rm` | | | Remove intermediate containers after a successful build |
|
||||
| `--rm` | `bool` | `true` | Remove intermediate containers after a successful build |
|
||||
| [`--security-opt`](#security-opt) | `stringSlice` | | Security options |
|
||||
| `--shm-size` | `bytes` | `0` | Size of `/dev/shm` |
|
||||
| [`--squash`](#squash) | | | Squash newly built layers into a single new layer |
|
||||
@ -50,7 +50,7 @@ Build an image from a Dockerfile
|
||||
The `docker build` command builds Docker images from a Dockerfile and a
|
||||
"context". A build's context is the set of files located in the specified
|
||||
`PATH` or `URL`. The build process can refer to any of the files in the
|
||||
context. For example, your build can use a [*COPY*](https://docs.docker.com/engine/reference/builder/#copy)
|
||||
context. For example, your build can use a [*COPY*](https://docs.docker.com/reference/dockerfile/#copy)
|
||||
instruction to reference a file in the context.
|
||||
|
||||
The `URL` parameter can refer to three kinds of resources: Git repositories,
|
||||
@ -144,7 +144,7 @@ In most cases, it's best to put each Dockerfile in an empty directory. Then,
|
||||
add to that directory only the files needed for building the Dockerfile. To
|
||||
increase the build's performance, you can exclude files and directories by
|
||||
adding a `.dockerignore` file to that directory as well. For information on
|
||||
creating one, see the [.dockerignore file](https://docs.docker.com/engine/reference/builder/#dockerignore-file).
|
||||
creating one, see the [.dockerignore file](https://docs.docker.com/reference/dockerfile/#dockerignore-file).
|
||||
|
||||
If the Docker client loses connection to the daemon, it cancels the build.
|
||||
This happens if you interrupt the Docker client with `CTRL-c` or if the Docker
|
||||
@ -172,7 +172,7 @@ $ echo $?
|
||||
|
||||
See also:
|
||||
|
||||
[*Dockerfile Reference*](https://docs.docker.com/engine/reference/builder/).
|
||||
[*Dockerfile Reference*](https://docs.docker.com/reference/dockerfile/).
|
||||
|
||||
## Examples
|
||||
|
||||
@ -213,7 +213,7 @@ where to find the files for the "context" of the build on the Docker daemon.
|
||||
Remember that the daemon could be running on a remote machine and that no
|
||||
parsing of the Dockerfile happens at the client side (where you're running
|
||||
`docker build`). That means that all the files at `PATH` are sent, not just
|
||||
the ones listed to [`ADD`](https://docs.docker.com/engine/reference/builder/#add)
|
||||
the ones listed to [`ADD`](https://docs.docker.com/reference/dockerfile/#add)
|
||||
in the Dockerfile.
|
||||
|
||||
The transfer of context from the local machine to the Docker daemon is what the
|
||||
@ -302,7 +302,7 @@ Successfully built 99cc1ad10469
|
||||
This example shows the use of the `.dockerignore` file to exclude the `.git`
|
||||
directory from the context. You can see its effect in the changed size of the
|
||||
uploaded context. The builder reference contains detailed information on
|
||||
[creating a .dockerignore file](https://docs.docker.com/engine/reference/builder/#dockerignore-file).
|
||||
[creating a .dockerignore file](https://docs.docker.com/reference/dockerfile/#dockerignore-file).
|
||||
|
||||
When using the [BuildKit backend](https://docs.docker.com/build/buildkit/),
|
||||
`docker build` searches for a `.dockerignore` file relative to the Dockerfile
|
||||
@ -321,7 +321,7 @@ $ docker build -t vieux/apache:2.0 .
|
||||
This examples builds in the same way as the previous example, but it then tags the resulting
|
||||
image. The repository name will be `vieux/apache` and the tag `2.0`.
|
||||
|
||||
[Read more about valid tags](tag.md).
|
||||
[Read more about valid tags](image_tag.md).
|
||||
|
||||
You can apply multiple tags to an image. For example, you can apply the `latest`
|
||||
tag to a newly built image and add another tag that references a specific
|
||||
@ -384,12 +384,12 @@ the command line.
|
||||
### <a name="cgroup-parent"></a> Use a custom parent cgroup (--cgroup-parent)
|
||||
|
||||
When you run `docker build` with the `--cgroup-parent` option, the daemon runs the containers
|
||||
used in the build with the [corresponding `docker run` flag](../run.md#specify-custom-cgroups).
|
||||
used in the build with the [corresponding `docker run` flag](container_run.md#cgroup-parent).
|
||||
|
||||
### <a name="ulimit"></a> Set ulimits in container (--ulimit)
|
||||
|
||||
Using the `--ulimit` option with `docker build` causes the daemon to start each build step's
|
||||
container using those [`--ulimit` flag values](run.md#ulimit).
|
||||
container using those [`--ulimit` flag values](container_run.md#ulimit).
|
||||
|
||||
### <a name="build-arg"></a> Set build-time variables (--build-arg)
|
||||
|
||||
@ -415,7 +415,7 @@ Using this flag doesn't alter the output you see when the build process echoes t
|
||||
Dockerfile.
|
||||
|
||||
For detailed information on using `ARG` and `ENV` instructions, see the
|
||||
[Dockerfile reference](https://docs.docker.com/engine/reference/builder/).
|
||||
[Dockerfile reference](https://docs.docker.com/reference/dockerfile/).
|
||||
|
||||
You can also use the `--build-arg` flag without a value, in which case the daemon
|
||||
propagates the value from the local environment into the Docker container it's building:
|
||||
@ -425,7 +425,7 @@ $ export HTTP_PROXY=http://10.20.30.2:1234
|
||||
$ docker build --build-arg HTTP_PROXY .
|
||||
```
|
||||
|
||||
This example is similar to how `docker run -e` works. Refer to the [`docker run` documentation](run.md#env)
|
||||
This example is similar to how `docker run -e` works. Refer to the [`docker run` documentation](container_run.md#env)
|
||||
for more information.
|
||||
|
||||
### <a name="security-opt"></a> Optional security options (--security-opt)
|
||||
@ -553,7 +553,7 @@ $ docker build -o - . > out.tar
|
||||
|
||||
The `--output` option exports all files from the target stage. A common pattern
|
||||
for exporting only specific files is to do multi-stage builds and to copy the
|
||||
desired files to a new scratch stage with [`COPY --from`](https://docs.docker.com/engine/reference/builder/#copy).
|
||||
desired files to a new scratch stage with [`COPY --from`](https://docs.docker.com/reference/dockerfile/#copy).
|
||||
|
||||
The example, the `Dockerfile` below uses a separate stage to collect the
|
||||
build artifacts for exporting:
|
||||
@ -642,7 +642,7 @@ Available options for the networking mode are:
|
||||
- `none`: Run with no network access.
|
||||
- `host`: Run in the host’s network environment.
|
||||
|
||||
Find more details in the [Dockerfile documentation](https://docs.docker.com/engine/reference/builder/#run---network).
|
||||
Find more details in the [Dockerfile documentation](https://docs.docker.com/reference/dockerfile/#run---network).
|
||||
|
||||
### <a name="squash"></a> Squash an image's layers (--squash) (experimental)
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ Show the history of an image
|
||||
| Name | Type | Default | Description |
|
||||
|:----------------------|:---------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| [`--format`](#format) | `string` | | Format output using a custom template:<br>'table': Print output in table format with column headers (default)<br>'table TEMPLATE': Print output in table format using the given Go template<br>'json': Print in JSON format<br>'TEMPLATE': Print output using the given Go template.<br>Refer to https://docs.docker.com/go/formatting/ for more information about formatting output with templates |
|
||||
| `-H`, `--human` | | | Print sizes and dates in human readable format |
|
||||
| `-H`, `--human` | `bool` | `true` | Print sizes and dates in human readable format |
|
||||
| `--no-trunc` | | | Don't truncate output |
|
||||
| `-q`, `--quiet` | | | Only show image IDs |
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ Download an image from a registry
|
||||
| Name | Type | Default | Description |
|
||||
|:---------------------------------------------|:---------|:--------|:-------------------------------------------------|
|
||||
| [`-a`](#all-tags), [`--all-tags`](#all-tags) | | | Download all tagged images in the repository |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--platform` | `string` | | Set platform if server is multi-platform capable |
|
||||
| `-q`, `--quiet` | | | Suppress verbose output |
|
||||
|
||||
@ -34,7 +34,7 @@ use `docker pull`.
|
||||
|
||||
If you are behind an HTTP proxy server, for example in corporate settings,
|
||||
before open a connect to registry, you may need to configure the Docker
|
||||
daemon's proxy settings, refer to the [dockerd command-line reference](dockerd.md#proxy-configuration)
|
||||
daemon's proxy settings, refer to the [dockerd command-line reference](https://docs.docker.com/reference/cli/dockerd/#proxy-configuration)
|
||||
for details.
|
||||
|
||||
### Concurrent downloads
|
||||
@ -42,7 +42,7 @@ for details.
|
||||
By default the Docker daemon will pull three layers of an image at a time.
|
||||
If you are on a low bandwidth connection this may cause timeout issues and you may want to lower
|
||||
this via the `--max-concurrent-downloads` daemon option. See the
|
||||
[daemon documentation](dockerd.md) for more details.
|
||||
[daemon documentation](https://docs.docker.com/reference/cli/dockerd/) for more details.
|
||||
|
||||
## Examples
|
||||
|
||||
@ -81,7 +81,7 @@ Status: Downloaded newer image for debian:bookworm
|
||||
docker.io/library/debian:bookworm
|
||||
```
|
||||
|
||||
To see which images are present locally, use the [`docker images`](images.md)
|
||||
To see which images are present locally, use the [`docker images`](image_ls.md)
|
||||
command:
|
||||
|
||||
```console
|
||||
@ -184,7 +184,7 @@ Registry credentials are managed by [docker login](login.md).
|
||||
|
||||
Docker uses the `https://` protocol to communicate with a registry, unless the
|
||||
registry is allowed to be accessed over an insecure connection. Refer to the
|
||||
[insecure registries](dockerd.md#insecure-registries) section for more information.
|
||||
[insecure registries](https://docs.docker.com/reference/cli/dockerd/#insecure-registries) section for more information.
|
||||
|
||||
|
||||
### <a name="all-tags"></a> Pull a repository with multiple images (-a, --all-tags)
|
||||
|
||||
@ -9,11 +9,11 @@ Upload an image to a registry
|
||||
|
||||
### Options
|
||||
|
||||
| Name | Type | Default | Description |
|
||||
|:---------------------------------------------|:-----|:--------|:--------------------------------------------|
|
||||
| [`-a`](#all-tags), [`--all-tags`](#all-tags) | | | Push all tags of an image to the repository |
|
||||
| `--disable-content-trust` | | | Skip image signing |
|
||||
| `-q`, `--quiet` | | | Suppress verbose output |
|
||||
| Name | Type | Default | Description |
|
||||
|:---------------------------------------------|:-------|:--------|:--------------------------------------------|
|
||||
| [`-a`](#all-tags), [`--all-tags`](#all-tags) | | | Push all tags of an image to the repository |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image signing |
|
||||
| `-q`, `--quiet` | | | Suppress verbose output |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
@ -23,8 +23,8 @@ Upload an image to a registry
|
||||
Use `docker image push` to share your images to the [Docker Hub](https://hub.docker.com)
|
||||
registry or to a self-hosted one.
|
||||
|
||||
Refer to the [`docker image tag`](tag.md) reference for more information about valid
|
||||
image and tag names.
|
||||
Refer to the [`docker image tag`](image_tag.md) reference for more information
|
||||
about valid image and tag names.
|
||||
|
||||
Killing the `docker image push` process, for example by pressing `CTRL-c` while it is
|
||||
running in a terminal, terminates the push operation.
|
||||
@ -40,15 +40,15 @@ Registry credentials are managed by [docker login](login.md).
|
||||
By default the Docker daemon will push five layers of an image at a time.
|
||||
If you are on a low bandwidth connection this may cause timeout issues and you may want to lower
|
||||
this via the `--max-concurrent-uploads` daemon option. See the
|
||||
[daemon documentation](dockerd.md) for more details.
|
||||
[daemon documentation](https://docs.docker.com/reference/cli/dockerd/) for more details.
|
||||
|
||||
## Examples
|
||||
|
||||
### Push a new image to a registry
|
||||
|
||||
First save the new image by finding the container ID (using [`docker container ls`](ps.md))
|
||||
and then committing it to a new image name. Note that only `a-z0-9-_.` are
|
||||
allowed when naming images:
|
||||
First save the new image by finding the container ID (using [`docker container
|
||||
ls`](container_ls.md)) and then committing it to a new image name. Note that
|
||||
only `a-z0-9-_.` are allowed when naming images:
|
||||
|
||||
```console
|
||||
$ docker container commit c16378f943fe rhel-httpd:latest
|
||||
|
||||
@ -26,7 +26,7 @@ removed.
|
||||
|
||||
This does not remove images from a registry. You cannot remove an image of a
|
||||
running container unless you use the `-f` option. To see all images on a host
|
||||
use the [`docker image ls`](images.md) command.
|
||||
use the [`docker image ls`](image_ls.md) command.
|
||||
|
||||
## Examples
|
||||
|
||||
|
||||
@ -43,8 +43,7 @@ underscores, periods, and hyphens. It can't start with a period or hyphen and
|
||||
must be no longer than 128 characters. If you don't specify a tag, the command uses `latest` by default.
|
||||
|
||||
You can group your images together using names and tags, and then
|
||||
[push](https://docs.docker.com/engine/reference/commandline/push) them to a
|
||||
registry.
|
||||
[push](image_push.md) them to a registry.
|
||||
|
||||
## Examples
|
||||
|
||||
|
||||
@ -10,11 +10,11 @@ identifier: "smn_cli_guide"
|
||||
This section contains reference information on using Docker's command line
|
||||
client. Each command has a reference page along with samples. If you are
|
||||
unfamiliar with the command line, you should start by reading about how to [Use
|
||||
the Docker command line](cli.md).
|
||||
the Docker command line](https://docs.docker.com/engine/reference/commandline/cli/).
|
||||
|
||||
You start the Docker daemon with the command line. How you start the daemon
|
||||
affects your Docker containers. For that reason you should also make sure to
|
||||
read the [`dockerd`](dockerd.md) reference page.
|
||||
read the [`dockerd`](https://docs.docker.com/reference/cli/dockerd/) reference page.
|
||||
|
||||
## Commands by object
|
||||
|
||||
@ -22,7 +22,7 @@ read the [`dockerd`](dockerd.md) reference page.
|
||||
|
||||
| Command | Description |
|
||||
| :-------------------------------- | :--------------------------------------------------- |
|
||||
| [dockerd](dockerd.md) | Launch the Docker daemon |
|
||||
| [dockerd](../dockerd.md) | Launch the Docker daemon |
|
||||
| [inspect](inspect.md) | Return low-level information on a container or image |
|
||||
| [system events](system_events.md) | Get real-time events from the server |
|
||||
| [system info](system_info.md) | Display system-wide information |
|
||||
|
||||
@ -78,7 +78,7 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
|
||||
|
||||
The `label` filter matches nodes based on engine labels and on the presence of a
|
||||
`label` alone or a `label` and a value. Engine labels are configured in
|
||||
the [daemon configuration](dockerd.md#daemon-configuration-file). To filter on
|
||||
the [daemon configuration](https://docs.docker.com/reference/cli/dockerd/#daemon-configuration-file). To filter on
|
||||
Swarm `node` labels, use [`node.label` instead](#nodelabel).
|
||||
|
||||
The following filter matches nodes with the `foo` label regardless of its value.
|
||||
|
||||
@ -56,7 +56,7 @@ $ docker node update --label-add type=queue worker1
|
||||
|
||||
The labels you set for nodes using `docker node update` apply only to the node
|
||||
entity within the swarm. Do not confuse them with the docker daemon labels for
|
||||
[dockerd](dockerd.md).
|
||||
[dockerd](https://docs.docker.com/reference/cli/dockerd/).
|
||||
|
||||
For more information about labels, refer to [apply custom
|
||||
metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/).
|
||||
|
||||
@ -15,7 +15,7 @@ Create a plugin from a rootfs and configuration. Plugin data directory must cont
|
||||
## Description
|
||||
|
||||
Creates a plugin. Before creating the plugin, prepare the plugin's root
|
||||
filesystem as well as the [config.json](../../extend/config.md).
|
||||
filesystem as well as the [config.json](https://docs.docker.com/engine/extend/config/).
|
||||
|
||||
## Examples
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@ in a JSON array.
|
||||
|
||||
### Inspect a plugin
|
||||
|
||||
The following example example inspects the `tiborvass/sample-volume-plugin` plugin:
|
||||
The following example inspects the `tiborvass/sample-volume-plugin` plugin:
|
||||
|
||||
```console
|
||||
$ docker plugin inspect tiborvass/sample-volume-plugin:latest
|
||||
|
||||
@ -9,7 +9,7 @@ Install a plugin
|
||||
|:--------------------------|:---------|:--------|:--------------------------------------------------|
|
||||
| `--alias` | `string` | | Local name for plugin |
|
||||
| `--disable` | | | Do not enable the plugin on install |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--grant-all-permissions` | | | Grant all permissions necessary to run the plugin |
|
||||
|
||||
|
||||
|
||||
@ -5,9 +5,9 @@ Push a plugin to a registry
|
||||
|
||||
### Options
|
||||
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:-----|:--------|:-------------------|
|
||||
| `--disable-content-trust` | | | Skip image signing |
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:-------|:--------|:-------------------|
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image signing |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -5,11 +5,11 @@ Upgrade an existing plugin
|
||||
|
||||
### Options
|
||||
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:-----|:--------|:----------------------------------------------------------------------|
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--grant-all-permissions` | | | Grant all permissions necessary to run the plugin |
|
||||
| `--skip-remote-check` | | | Do not check if specified remote plugin matches existing plugin image |
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:-------|:--------|:----------------------------------------------------------------------|
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--grant-all-permissions` | | | Grant all permissions necessary to run the plugin |
|
||||
| `--skip-remote-check` | | | Do not check if specified remote plugin matches existing plugin image |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -12,7 +12,7 @@ Download an image from a registry
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:---------|:--------|:-------------------------------------------------|
|
||||
| `-a`, `--all-tags` | | | Download all tagged images in the repository |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--platform` | `string` | | Set platform if server is multi-platform capable |
|
||||
| `-q`, `--quiet` | | | Suppress verbose output |
|
||||
|
||||
|
||||
@ -9,11 +9,11 @@ Upload an image to a registry
|
||||
|
||||
### Options
|
||||
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:-----|:--------|:--------------------------------------------|
|
||||
| `-a`, `--all-tags` | | | Push all tags of an image to the repository |
|
||||
| `--disable-content-trust` | | | Skip image signing |
|
||||
| `-q`, `--quiet` | | | Suppress verbose output |
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:-------|:--------|:--------------------------------------------|
|
||||
| `-a`, `--all-tags` | | | Push all tags of an image to the repository |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image signing |
|
||||
| `-q`, `--quiet` | | | Suppress verbose output |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -39,7 +39,7 @@ Create and run a new container from an image
|
||||
| `--device-read-iops` | `list` | | Limit read rate (IO per second) from a device |
|
||||
| `--device-write-bps` | `list` | | Limit write rate (bytes per second) to a device |
|
||||
| `--device-write-iops` | `list` | | Limit write rate (IO per second) to a device |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--dns` | `list` | | Set custom DNS servers |
|
||||
| `--dns-option` | `list` | | Set DNS options |
|
||||
| `--dns-search` | `list` | | Set custom DNS search domains |
|
||||
@ -99,7 +99,7 @@ Create and run a new container from an image
|
||||
| `--runtime` | `string` | | Runtime to use for this container |
|
||||
| `--security-opt` | `list` | | Security Options |
|
||||
| `--shm-size` | `bytes` | `0` | Size of /dev/shm |
|
||||
| `--sig-proxy` | | | Proxy received signals to the process |
|
||||
| `--sig-proxy` | `bool` | `true` | Proxy received signals to the process |
|
||||
| `--stop-signal` | `string` | | Signal to stop the container |
|
||||
| `--stop-timeout` | `int` | `0` | Timeout (in seconds) to stop a container |
|
||||
| `--storage-opt` | `list` | | Storage driver options for the container |
|
||||
|
||||
@ -349,7 +349,7 @@ volumes in a service:
|
||||
<td>
|
||||
<p>The type of mount, can be either <tt>volume</tt>, <tt>bind</tt>, <tt>tmpfs</tt>, or <tt>npipe</tt>. Defaults to <tt>volume</tt> if no type is specified.</p>
|
||||
<ul>
|
||||
<li><tt>volume</tt>: mounts a <a href="https://docs.docker.com/engine/reference/commandline/volume_create/">managed volume</a>
|
||||
<li><tt>volume</tt>: mounts a <a href="https://docs.docker.com/reference/cli/docker/volume/create/">managed volume</a>
|
||||
into the container.</li> <li><tt>bind</tt>:
|
||||
bind-mounts a directory or file from the host into the container.</li>
|
||||
<li><tt>tmpfs</tt>: mount a tmpfs in the container</li>
|
||||
|
||||
@ -47,17 +47,17 @@ information about the `overlay2` storage driver is shown:
|
||||
```console
|
||||
$ docker info
|
||||
|
||||
Client: Docker Engine - Community
|
||||
Version: 24.0.0
|
||||
Client:
|
||||
Version: 25.0.0
|
||||
Context: default
|
||||
Debug Mode: false
|
||||
Plugins:
|
||||
buildx: Docker Buildx (Docker Inc.)
|
||||
Version: v0.10.4
|
||||
Path: /usr/libexec/docker/cli-plugins/docker-buildx
|
||||
Version: v0.12.1
|
||||
Path: /usr/local/libexec/docker/cli-plugins/docker-buildx
|
||||
compose: Docker Compose (Docker Inc.)
|
||||
Version: v2.17.2
|
||||
Path: /usr/libexec/docker/cli-plugins/docker-compose
|
||||
Version: v2.24.1
|
||||
Path: /usr/local/libexec/docker/cli-plugins/docker-compose
|
||||
|
||||
Server:
|
||||
Containers: 14
|
||||
@ -65,15 +65,11 @@ Server:
|
||||
Paused: 1
|
||||
Stopped: 10
|
||||
Images: 52
|
||||
Server Version: 23.0.3
|
||||
Storage Driver: overlay2
|
||||
Backing Filesystem: extfs
|
||||
Supports d_type: true
|
||||
Using metacopy: false
|
||||
Native Overlay Diff: true
|
||||
userxattr: false
|
||||
Server Version: 25.0.0
|
||||
Storage Driver: overlayfs
|
||||
driver-type: io.containerd.snapshotter.v1
|
||||
Logging Driver: json-file
|
||||
Cgroup Driver: systemd
|
||||
Cgroup Driver: cgroupfs
|
||||
Cgroup Version: 2
|
||||
Plugins:
|
||||
Volume: local
|
||||
@ -83,33 +79,31 @@ Server:
|
||||
/etc/cdi
|
||||
/var/run/cdi
|
||||
Swarm: inactive
|
||||
Runtimes: io.containerd.runc.v2 runc
|
||||
Runtimes: runc io.containerd.runc.v2
|
||||
Default Runtime: runc
|
||||
Init Binary: docker-init
|
||||
containerd version: 2806fc1057397dbaeefbea0e4e17bddfbd388f38
|
||||
runc version: v1.1.5-0-gf19387a
|
||||
containerd version: 71909c1814c544ac47ab91d2e8b84718e517bb99
|
||||
runc version: v1.1.11-0-g4bccb38
|
||||
init version: de40ad0
|
||||
Security Options:
|
||||
apparmor
|
||||
seccomp
|
||||
Profile: builtin
|
||||
cgroupns
|
||||
Kernel Version: 5.15.0-25-generic
|
||||
Operating System: Ubuntu 22.04 LTS
|
||||
Kernel Version: 6.5.11-linuxkit
|
||||
Operating System: Alpine Linux v3.19
|
||||
OSType: linux
|
||||
Architecture: x86_64
|
||||
CPUs: 1
|
||||
Total Memory: 991.7 MiB
|
||||
Name: ip-172-30-0-91.ec2.internal
|
||||
ID: 4cee4408-10d2-4e17-891c-a41736ac4536
|
||||
Architecture: aarch64
|
||||
CPUs: 10
|
||||
Total Memory: 7.663GiB
|
||||
Name: 4a7ed206a70d
|
||||
ID: c20f7230-59a2-4824-a2f4-fda71c982ee6
|
||||
Docker Root Dir: /var/lib/docker
|
||||
Debug Mode: false
|
||||
Username: gordontheturtle
|
||||
Experimental: false
|
||||
Insecure Registries:
|
||||
myinsecurehost:5000
|
||||
127.0.0.0/8
|
||||
Live Restore Enabled: false
|
||||
Product License: Community Engine
|
||||
```
|
||||
|
||||
### <a name="format"></a> Format the output (--format)
|
||||
|
||||
@ -29,6 +29,7 @@ Options:
|
||||
--authorization-plugin list Authorization plugins to load
|
||||
--bip string Specify network bridge IP
|
||||
-b, --bridge string Attach containers to a network bridge
|
||||
--cdi-spec-dir list CDI specification directories to use
|
||||
--cgroup-parent string Set parent cgroup for all containers
|
||||
--config-file string Daemon configuration file (default "/etc/docker/daemon.json")
|
||||
--containerd string containerd grpc address
|
||||
@ -132,21 +133,21 @@ to [the `daemon.json` file](#daemon-configuration-file).
|
||||
|
||||
The following list of environment variables are supported by the `dockerd` daemon.
|
||||
Some of these environment variables are supported both by the Docker Daemon and
|
||||
the `docker` CLI. Refer to [Environment variables](cli.md#environment-variables)
|
||||
the `docker` CLI. Refer to [Environment variables](https://docs.docker.com/engine/reference/commandline/cli/#environment-variables)
|
||||
in the CLI section to learn about environment variables supported by the
|
||||
`docker` CLI.
|
||||
|
||||
| Variable | Description |
|
||||
|:--------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the [`docker` CLI](cli.md) and the `dockerd` daemon. |
|
||||
| `DOCKER_DRIVER` | The storage driver to use. |
|
||||
| `DOCKER_RAMDISK` | If set this disables `pivot_root`. |
|
||||
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the [`docker` CLI](cli.md) and the `dockerd` daemon. |
|
||||
| `DOCKER_TMPDIR` | Location for temporary files created by the daemon. |
|
||||
| `HTTP_PROXY` | Proxy URL for HTTP requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||
| `HTTPS_PROXY` | Proxy URL for HTTPS requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||
| `MOBY_DISABLE_PIGZ` | Disables the use of [`unpigz`](https://linux.die.net/man/1/pigz) to decompress layers in parallel when pulling images, even if it is installed. |
|
||||
| `NO_PROXY` | Comma-separated values specifying hosts that should be excluded from proxying. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||
| Variable | Description |
|
||||
| :------------------ | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the [`docker` CLI](https://docs.docker.com/engine/reference/commandline/cli/) and the `dockerd` daemon. |
|
||||
| `DOCKER_DRIVER` | The storage driver to use. |
|
||||
| `DOCKER_RAMDISK` | If set this disables `pivot_root`. |
|
||||
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the [`docker` CLI](https://docs.docker.com/engine/reference/commandline/cli/) and the `dockerd` daemon. |
|
||||
| `DOCKER_TMPDIR` | Location for temporary files created by the daemon. |
|
||||
| `HTTP_PROXY` | Proxy URL for HTTP requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||
| `HTTPS_PROXY` | Proxy URL for HTTPS requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||
| `MOBY_DISABLE_PIGZ` | Disables the use of [`unpigz`](https://linux.die.net/man/1/pigz) to decompress layers in parallel when pulling images, even if it is installed. |
|
||||
| `NO_PROXY` | Comma-separated values specifying hosts that should be excluded from proxying. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||
|
||||
## Examples
|
||||
|
||||
@ -794,7 +795,7 @@ Any `--ulimit` options passed to `docker run` override the daemon defaults.
|
||||
|
||||
Be careful setting `nproc` with the `ulimit` flag, as `nproc` is designed by Linux to
|
||||
set the maximum number of processes available to a user, not to a container.
|
||||
For details, see [`docker run` reference](run.md#ulimit).
|
||||
For details, see [`docker run` reference](https://docs.docker.com/reference/cli/docker/container/run/#ulimit).
|
||||
|
||||
### Access authorization
|
||||
|
||||
@ -818,7 +819,7 @@ If you have multiple plugins installed, each plugin, in order, must
|
||||
allow the request for it to complete.
|
||||
|
||||
For information about how to create an authorization plugin, refer to the
|
||||
[authorization plugin](../../extend/plugins_authorization.md) section.
|
||||
[authorization plugin](https://docs.docker.com/engine/extend/plugins_authorization/) section.
|
||||
|
||||
### Daemon user namespace options
|
||||
|
||||
@ -848,12 +849,52 @@ flag for the dockerd command line interface, or the `host-gateway-ip` key in
|
||||
the daemon configuration file.
|
||||
|
||||
```console
|
||||
$ dockerd --host-gateway-ip 192.0.2.0
|
||||
$ cat > /etc/docker/daemon.json
|
||||
{ "host-gateway-ip": "192.0.2.0" }
|
||||
$ sudo systemctl restart docker
|
||||
$ docker run -it --add-host host.docker.internal:host-gateway \
|
||||
busybox ping host.docker.internal
|
||||
PING host.docker.internal (192.0.2.0): 56 data bytes
|
||||
```
|
||||
|
||||
### Enable CDI devices
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> This is experimental feature and as such doesn't represent a stable API.
|
||||
>
|
||||
> This feature isn't enabled by default. To this feature, set `features.cdi` to
|
||||
> `true` in the `daemon.json` configuration file.
|
||||
|
||||
Container Device Interface (CDI) is a
|
||||
[standardized](https://github.com/cncf-tags/container-device-interface/blob/main/SPEC.md)
|
||||
mechanism for container runtimes to create containers which are able to
|
||||
interact with third party devices.
|
||||
|
||||
The Docker daemon supports running containers with CDI devices if the requested
|
||||
device specifications are available on the filesystem of the daemon.
|
||||
|
||||
The default specification directors are:
|
||||
|
||||
- `/etc/cdi/` for static CDI Specs
|
||||
- `/var/run/cdi` for generated CDI Specs
|
||||
|
||||
Alternatively, you can set custom locations for CDI specifications using the
|
||||
`cdi-spec-dirs` option in the `daemon.json` configuration file, or the
|
||||
`--cdi-spec-dir` flag for the `dockerd` CLI.
|
||||
|
||||
```json
|
||||
{
|
||||
"features": {
|
||||
"cdi": true
|
||||
},
|
||||
"cdi-spec-dirs": ["/etc/cdi/", "/var/run/cdi"]
|
||||
}
|
||||
```
|
||||
|
||||
When CDI is enabled for a daemon, you can view the configured CDI specification
|
||||
directories using the `docker info` command.
|
||||
|
||||
### Miscellaneous options
|
||||
|
||||
IP masquerading uses address translation to allow containers without a public
|
||||
@ -1033,6 +1074,7 @@ The following is a full example of the allowed configuration options on Linux:
|
||||
"fixed-cidr": "",
|
||||
"fixed-cidr-v6": "",
|
||||
"group": "",
|
||||
"host-gateway-ip": "",
|
||||
"hosts": [],
|
||||
"proxies": {
|
||||
"http-proxy": "http://proxy.example.com:80",
|
||||
@ -1142,6 +1184,7 @@ The following is a full example of the allowed configuration options on Windows:
|
||||
"features": {},
|
||||
"fixed-cidr": "",
|
||||
"group": "",
|
||||
"host-gateway-ip": "",
|
||||
"hosts": [],
|
||||
"insecure-registries": [],
|
||||
"labels": [],
|
||||
@ -14,7 +14,7 @@ keywords: "Engine"
|
||||
|
||||
# Engine reference
|
||||
|
||||
* [Dockerfile reference](https://docs.docker.com/engine/reference/builder/)
|
||||
* [Dockerfile reference](https://docs.docker.com/reference/dockerfile/)
|
||||
* [Docker run reference](run.md)
|
||||
* [Command line reference](commandline/index.md)
|
||||
* [API Reference](https://docs.docker.com/engine/api/)
|
||||
|
||||
@ -114,13 +114,13 @@ $ docker attach 0246aa4d1448
|
||||
For more information about `docker run` flags related to foreground and
|
||||
background modes, see:
|
||||
|
||||
- [`docker run --detach`](commandline/container_run.md#detach): run container in background
|
||||
- [`docker run --attach`](commandline/container_run.md#attach): attach to `stdin`, `stdout`, and `stderr`
|
||||
- [`docker run --tty`](commandline/container_run.md#tty): allocate a pseudo-tty
|
||||
- [`docker run --interactive`](commandline/container_run.md#interactive): keep `stdin` open even if not attached
|
||||
- [`docker run --detach`](https://docs.docker.com/reference/cli/docker/container/run/#detach): run container in background
|
||||
- [`docker run --attach`](https://docs.docker.com/reference/cli/docker/container/run/#attach): attach to `stdin`, `stdout`, and `stderr`
|
||||
- [`docker run --tty`](https://docs.docker.com/reference/cli/docker/container/run/#tty): allocate a pseudo-tty
|
||||
- [`docker run --interactive`](https://docs.docker.com/reference/cli/docker/container/run/#interactive): keep `stdin` open even if not attached
|
||||
|
||||
For more information about re-attaching to a background container, see
|
||||
[`docker attach`](commandline/container_attach.md).
|
||||
[`docker attach`](https://docs.docker.com/reference/cli/docker/container/attach/).
|
||||
|
||||
## Container identification
|
||||
|
||||
@ -135,7 +135,7 @@ You can identify a container in three ways:
|
||||
The UUID identifier is a random ID assigned to the container by the daemon.
|
||||
|
||||
The daemon generates a random string name for containers automatically. You can
|
||||
also defined a custom name using [the `--name` flag](./commandline/container_run.md#name).
|
||||
also defined a custom name using [the `--name` flag](https://docs.docker.com/reference/cli/docker/container/run/#name).
|
||||
Defining a `name` can be a handy way to add meaning to a container. If you
|
||||
specify a `name`, you can use it when referring to the container in a
|
||||
user-defined network. This works for both background and foreground Docker
|
||||
@ -966,7 +966,7 @@ use of facilities allowed by the capabilities, so you should not have to adjust
|
||||
|
||||
## Overriding image defaults
|
||||
|
||||
When you build an image from a [Dockerfile](https://docs.docker.com/engine/reference/builder/),
|
||||
When you build an image from a [Dockerfile](https://docs.docker.com/reference/dockerfile/),
|
||||
or when committing it, you can set a number of default parameters that take
|
||||
effect when the image starts up as a container. When you run an image, you can
|
||||
override those defaults using flags for the `docker run` command.
|
||||
|
||||
123
e2e/cli-plugins/plugins/presocket/main.go
Normal file
123
e2e/cli-plugins/plugins/presocket/main.go
Normal file
@ -0,0 +1,123 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"os/signal"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/docker/cli/cli-plugins/manager"
|
||||
"github.com/docker/cli/cli-plugins/plugin"
|
||||
"github.com/docker/cli/cli/command"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
func main() {
|
||||
plugin.Run(RootCmd, manager.Metadata{
|
||||
SchemaVersion: "0.1.0",
|
||||
Vendor: "Docker Inc.",
|
||||
Version: "test",
|
||||
})
|
||||
}
|
||||
|
||||
func RootCmd(dockerCli command.Cli) *cobra.Command {
|
||||
cmd := cobra.Command{
|
||||
Use: "presocket",
|
||||
Short: "testing plugin that does not connect to the socket",
|
||||
// override PersistentPreRunE so that the plugin default
|
||||
// PersistentPreRunE doesn't run, simulating a plugin built
|
||||
// with a pre-socket-communication version of the CLI
|
||||
PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
|
||||
return nil
|
||||
},
|
||||
}
|
||||
|
||||
cmd.AddCommand(&cobra.Command{
|
||||
Use: "test-no-socket",
|
||||
Short: "test command that runs until it receives a SIGINT",
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
go func() {
|
||||
<-cmd.Context().Done()
|
||||
fmt.Fprintln(dockerCli.Out(), "context cancelled")
|
||||
os.Exit(2)
|
||||
}()
|
||||
signalCh := make(chan os.Signal, 10)
|
||||
signal.Notify(signalCh, syscall.SIGINT, syscall.SIGTERM)
|
||||
go func() {
|
||||
for range signalCh {
|
||||
fmt.Fprintln(dockerCli.Out(), "received SIGINT")
|
||||
}
|
||||
}()
|
||||
<-time.After(3 * time.Second)
|
||||
fmt.Fprintln(dockerCli.Err(), "exit after 3 seconds")
|
||||
return nil
|
||||
},
|
||||
})
|
||||
|
||||
cmd.AddCommand(&cobra.Command{
|
||||
Use: "test-socket",
|
||||
Short: "test command that runs until it receives a SIGINT",
|
||||
PreRunE: func(cmd *cobra.Command, args []string) error {
|
||||
return plugin.PersistentPreRunE(cmd, args)
|
||||
},
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
go func() {
|
||||
<-cmd.Context().Done()
|
||||
fmt.Fprintln(dockerCli.Out(), "context cancelled")
|
||||
os.Exit(2)
|
||||
}()
|
||||
signalCh := make(chan os.Signal, 10)
|
||||
signal.Notify(signalCh, syscall.SIGINT, syscall.SIGTERM)
|
||||
go func() {
|
||||
for range signalCh {
|
||||
fmt.Fprintln(dockerCli.Out(), "received SIGINT")
|
||||
}
|
||||
}()
|
||||
<-time.After(3 * time.Second)
|
||||
fmt.Fprintln(dockerCli.Err(), "exit after 3 seconds")
|
||||
return nil
|
||||
},
|
||||
})
|
||||
|
||||
cmd.AddCommand(&cobra.Command{
|
||||
Use: "test-socket-ignore-context",
|
||||
Short: "test command that runs until it receives a SIGINT",
|
||||
PreRunE: func(cmd *cobra.Command, args []string) error {
|
||||
return plugin.PersistentPreRunE(cmd, args)
|
||||
},
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
signalCh := make(chan os.Signal, 10)
|
||||
signal.Notify(signalCh, syscall.SIGINT, syscall.SIGTERM)
|
||||
go func() {
|
||||
for range signalCh {
|
||||
fmt.Fprintln(dockerCli.Out(), "received SIGINT")
|
||||
}
|
||||
}()
|
||||
<-time.After(3 * time.Second)
|
||||
fmt.Fprintln(dockerCli.Err(), "exit after 3 seconds")
|
||||
return nil
|
||||
},
|
||||
})
|
||||
|
||||
cmd.AddCommand(&cobra.Command{
|
||||
Use: "tty",
|
||||
Short: "test command that attempts to read from the TTY",
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
done := make(chan struct{})
|
||||
go func() {
|
||||
b := make([]byte, 1)
|
||||
_, _ = dockerCli.In().Read(b)
|
||||
done <- struct{}{}
|
||||
}()
|
||||
select {
|
||||
case <-done:
|
||||
case <-time.After(2 * time.Second):
|
||||
fmt.Fprint(dockerCli.Err(), "timeout after 2 seconds")
|
||||
}
|
||||
return nil
|
||||
},
|
||||
})
|
||||
|
||||
return &cmd
|
||||
}
|
||||
235
e2e/cli-plugins/socket_test.go
Normal file
235
e2e/cli-plugins/socket_test.go
Normal file
@ -0,0 +1,235 @@
|
||||
package cliplugins
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"io"
|
||||
"os/exec"
|
||||
"strings"
|
||||
"syscall"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/creack/pty"
|
||||
"gotest.tools/v3/assert"
|
||||
)
|
||||
|
||||
// TestPluginSocketBackwardsCompatible executes a plugin binary
|
||||
// that does not connect to the CLI plugin socket, simulating
|
||||
// a plugin compiled against an older version of the CLI, and
|
||||
// ensures that backwards compatibility is maintained.
|
||||
func TestPluginSocketBackwardsCompatible(t *testing.T) {
|
||||
run, _, cleanup := prepare(t)
|
||||
defer cleanup()
|
||||
|
||||
t.Run("attached", func(t *testing.T) {
|
||||
t.Run("the plugin gets signalled if attached to a TTY", func(t *testing.T) {
|
||||
cmd := run("presocket", "test-no-socket")
|
||||
command := exec.Command(cmd.Command[0], cmd.Command[1:]...)
|
||||
|
||||
ptmx, err := pty.Start(command)
|
||||
assert.NilError(t, err, "failed to launch command with fake TTY")
|
||||
|
||||
// send a SIGINT to the process group after 1 second, since
|
||||
// we're simulating an "attached TTY" scenario and a TTY would
|
||||
// send a signal to the process group
|
||||
go func() {
|
||||
<-time.After(time.Second)
|
||||
err := syscall.Kill(-command.Process.Pid, syscall.SIGINT)
|
||||
assert.NilError(t, err, "failed to signal process group")
|
||||
}()
|
||||
bytes, err := io.ReadAll(ptmx)
|
||||
if err != nil && !strings.Contains(err.Error(), "input/output error") {
|
||||
t.Fatal("failed to get command output")
|
||||
}
|
||||
|
||||
// the plugin is attached to the TTY, so the parent process
|
||||
// ignores the received signal, and the plugin receives a SIGINT
|
||||
// as well
|
||||
assert.Equal(t, string(bytes), "received SIGINT\r\nexit after 3 seconds\r\n")
|
||||
})
|
||||
|
||||
// ensure that we don't break plugins that attempt to read from the TTY
|
||||
// (see: https://github.com/moby/moby/issues/47073)
|
||||
// (remove me if/when we decide to break compatibility here)
|
||||
t.Run("the plugin can read from the TTY", func(t *testing.T) {
|
||||
cmd := run("presocket", "tty")
|
||||
command := exec.Command(cmd.Command[0], cmd.Command[1:]...)
|
||||
|
||||
ptmx, err := pty.Start(command)
|
||||
assert.NilError(t, err, "failed to launch command with fake TTY")
|
||||
_, _ = ptmx.Write([]byte("hello!"))
|
||||
|
||||
done := make(chan error)
|
||||
go func() {
|
||||
<-time.After(time.Second)
|
||||
_, err := io.ReadAll(ptmx)
|
||||
done <- err
|
||||
}()
|
||||
|
||||
select {
|
||||
case cmdErr := <-done:
|
||||
if cmdErr != nil && !strings.Contains(cmdErr.Error(), "input/output error") {
|
||||
t.Fatal("failed to get command output")
|
||||
}
|
||||
case <-time.After(5 * time.Second):
|
||||
t.Fatal("timed out! plugin process probably stuck")
|
||||
}
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("detached", func(t *testing.T) {
|
||||
t.Run("the plugin does not get signalled", func(t *testing.T) {
|
||||
cmd := run("presocket", "test-no-socket")
|
||||
command := exec.Command(cmd.Command[0], cmd.Command[1:]...)
|
||||
t.Log(strings.Join(command.Args, " "))
|
||||
command.SysProcAttr = &syscall.SysProcAttr{
|
||||
Setpgid: true,
|
||||
}
|
||||
|
||||
go func() {
|
||||
<-time.After(time.Second)
|
||||
// we're signalling the parent process directly and not
|
||||
// the process group, since we're testing the case where
|
||||
// the process is detached and not simulating a CTRL-C
|
||||
// from a TTY
|
||||
err := syscall.Kill(command.Process.Pid, syscall.SIGINT)
|
||||
assert.NilError(t, err, "failed to signal process group")
|
||||
}()
|
||||
bytes, err := command.CombinedOutput()
|
||||
t.Log("command output: " + string(bytes))
|
||||
assert.NilError(t, err, "failed to run command")
|
||||
|
||||
// the plugin process does not receive a SIGINT
|
||||
// so it exits after 3 seconds and prints this message
|
||||
assert.Equal(t, string(bytes), "exit after 3 seconds\n")
|
||||
})
|
||||
|
||||
t.Run("the main CLI exits after 3 signals", func(t *testing.T) {
|
||||
cmd := run("presocket", "test-no-socket")
|
||||
command := exec.Command(cmd.Command[0], cmd.Command[1:]...)
|
||||
t.Log(strings.Join(command.Args, " "))
|
||||
command.SysProcAttr = &syscall.SysProcAttr{
|
||||
Setpgid: true,
|
||||
}
|
||||
|
||||
go func() {
|
||||
<-time.After(time.Second)
|
||||
// we're signalling the parent process directly and not
|
||||
// the process group, since we're testing the case where
|
||||
// the process is detached and not simulating a CTRL-C
|
||||
// from a TTY
|
||||
err := syscall.Kill(command.Process.Pid, syscall.SIGINT)
|
||||
assert.NilError(t, err, "failed to signal process group")
|
||||
// TODO: look into CLI signal handling, it's currently necessary
|
||||
// to add a short delay between each signal in order for the CLI
|
||||
// process to consistently pick them all up.
|
||||
time.Sleep(50 * time.Millisecond)
|
||||
err = syscall.Kill(command.Process.Pid, syscall.SIGINT)
|
||||
assert.NilError(t, err, "failed to signal process group")
|
||||
time.Sleep(50 * time.Millisecond)
|
||||
err = syscall.Kill(command.Process.Pid, syscall.SIGINT)
|
||||
assert.NilError(t, err, "failed to signal process group")
|
||||
}()
|
||||
bytes, err := command.CombinedOutput()
|
||||
assert.ErrorContains(t, err, "exit status 1")
|
||||
|
||||
// the plugin process does not receive a SIGINT and does
|
||||
// the CLI cannot cancel it over the socket, so it kills
|
||||
// the plugin process and forcefully exits
|
||||
assert.Equal(t, string(bytes), "got 3 SIGTERM/SIGINTs, forcefully exiting\n")
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
func TestPluginSocketCommunication(t *testing.T) {
|
||||
run, _, cleanup := prepare(t)
|
||||
defer cleanup()
|
||||
|
||||
t.Run("attached", func(t *testing.T) {
|
||||
t.Run("the socket is not closed + the plugin receives a signal due to pgid", func(t *testing.T) {
|
||||
cmd := run("presocket", "test-socket")
|
||||
command := exec.Command(cmd.Command[0], cmd.Command[1:]...)
|
||||
|
||||
ptmx, err := pty.Start(command)
|
||||
assert.NilError(t, err, "failed to launch command with fake TTY")
|
||||
|
||||
// send a SIGINT to the process group after 1 second, since
|
||||
// we're simulating an "attached TTY" scenario and a TTY would
|
||||
// send a signal to the process group
|
||||
go func() {
|
||||
<-time.After(time.Second)
|
||||
err := syscall.Kill(-command.Process.Pid, syscall.SIGINT)
|
||||
assert.NilError(t, err, "failed to signal process group")
|
||||
}()
|
||||
bytes, err := io.ReadAll(ptmx)
|
||||
if err != nil && !strings.Contains(err.Error(), "input/output error") {
|
||||
t.Fatal("failed to get command output")
|
||||
}
|
||||
|
||||
// the plugin is attached to the TTY, so the parent process
|
||||
// ignores the received signal, and the plugin receives a SIGINT
|
||||
// as well
|
||||
assert.Equal(t, string(bytes), "received SIGINT\r\nexit after 3 seconds\r\n")
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("detached", func(t *testing.T) {
|
||||
t.Run("the plugin does not get signalled", func(t *testing.T) {
|
||||
cmd := run("presocket", "test-socket")
|
||||
command := exec.Command(cmd.Command[0], cmd.Command[1:]...)
|
||||
outB := bytes.Buffer{}
|
||||
command.Stdout = &outB
|
||||
command.Stderr = &outB
|
||||
command.SysProcAttr = &syscall.SysProcAttr{
|
||||
Setpgid: true,
|
||||
}
|
||||
|
||||
// send a SIGINT to the process group after 1 second
|
||||
go func() {
|
||||
<-time.After(time.Second)
|
||||
err := syscall.Kill(command.Process.Pid, syscall.SIGINT)
|
||||
assert.NilError(t, err, "failed to signal CLI process")
|
||||
}()
|
||||
err := command.Run()
|
||||
t.Log(outB.String())
|
||||
assert.ErrorContains(t, err, "exit status 2")
|
||||
|
||||
// the plugin does not get signalled, but it does get it's
|
||||
// context cancelled by the CLI through the socket
|
||||
assert.Equal(t, outB.String(), "context cancelled\n")
|
||||
})
|
||||
|
||||
t.Run("the main CLI exits after 3 signals", func(t *testing.T) {
|
||||
cmd := run("presocket", "test-socket-ignore-context")
|
||||
command := exec.Command(cmd.Command[0], cmd.Command[1:]...)
|
||||
command.SysProcAttr = &syscall.SysProcAttr{
|
||||
Setpgid: true,
|
||||
}
|
||||
|
||||
go func() {
|
||||
<-time.After(time.Second)
|
||||
// we're signalling the parent process directly and not
|
||||
// the process group, since we're testing the case where
|
||||
// the process is detached and not simulating a CTRL-C
|
||||
// from a TTY
|
||||
err := syscall.Kill(command.Process.Pid, syscall.SIGINT)
|
||||
assert.NilError(t, err, "failed to signal CLI process")
|
||||
// TODO: same as above TODO, CLI signal handling is not consistent
|
||||
// with multiple signals without intervals
|
||||
time.Sleep(50 * time.Millisecond)
|
||||
err = syscall.Kill(command.Process.Pid, syscall.SIGINT)
|
||||
assert.NilError(t, err, "failed to signal CLI process")
|
||||
time.Sleep(50 * time.Millisecond)
|
||||
err = syscall.Kill(command.Process.Pid, syscall.SIGINT)
|
||||
assert.NilError(t, err, "failed to signal CLI process§")
|
||||
}()
|
||||
bytes, err := command.CombinedOutput()
|
||||
assert.ErrorContains(t, err, "exit status 1")
|
||||
|
||||
// the plugin process does not receive a SIGINT and does
|
||||
// not exit after having it's context cancelled, so the CLI
|
||||
// kills the plugin process and forcefully exits
|
||||
assert.Equal(t, string(bytes), "got 3 SIGTERM/SIGINTs, forcefully exiting\n")
|
||||
})
|
||||
})
|
||||
}
|
||||
@ -3,5 +3,7 @@ services:
|
||||
build:
|
||||
context: ./testdata
|
||||
dockerfile: Dockerfile.connhelper-ssh
|
||||
args:
|
||||
- ENGINE_VERSION
|
||||
environment:
|
||||
- TEST_CONNHELPER_SSH_ID_RSA_PUB
|
||||
|
||||
@ -1,9 +1,10 @@
|
||||
services:
|
||||
|
||||
registry:
|
||||
image: 'registry:2'
|
||||
|
||||
engine:
|
||||
image: 'docker:${TEST_ENGINE_VERSION:-stable-dind}'
|
||||
image: 'docker:${ENGINE_VERSION:-25.0}-dind'
|
||||
privileged: true
|
||||
command: ['--insecure-registry=registry:5000']
|
||||
environment:
|
||||
@ -16,6 +17,7 @@ services:
|
||||
ports:
|
||||
- 4443:4443
|
||||
command: ['notary-server', '-config=/fixtures/notary-config.json']
|
||||
|
||||
evil-notary-server:
|
||||
build:
|
||||
context: ./testdata
|
||||
|
||||
@ -146,6 +146,6 @@ func TestRunWithCgroupNamespace(t *testing.T) {
|
||||
environment.SkipIfCgroupNamespacesNotSupported(t)
|
||||
|
||||
result := icmd.RunCommand("docker", "run", "--cgroupns=private", "--rm", fixtures.AlpineImage,
|
||||
"/bin/grep", "-q", "':memory:/$'", "/proc/1/cgroup")
|
||||
"cat", "/sys/fs/cgroup/cgroup.controllers")
|
||||
result.Assert(t, icmd.Success)
|
||||
}
|
||||
|
||||
@ -43,12 +43,19 @@ func TestBuildFromContextDirectoryWithTag(t *testing.T) {
|
||||
|
||||
result.Assert(t, icmd.Expected{Err: buildkitDisabledWarning})
|
||||
output.Assert(t, result.Stdout(), map[int]func(string) error{
|
||||
0: output.Prefix("Sending build context to Docker daemon"),
|
||||
1: output.Suffix("Step 1/4 : FROM registry:5000/alpine:frozen"),
|
||||
3: output.Suffix("Step 2/4 : COPY run /usr/bin/run"),
|
||||
5: output.Suffix("Step 3/4 : RUN run"),
|
||||
7: output.Suffix("running"),
|
||||
8: output.Contains("Removing intermediate container"),
|
||||
0: output.Prefix("Sending build context to Docker daemon"),
|
||||
1: output.Suffix("Step 1/4 : FROM registry:5000/alpine:frozen"),
|
||||
3: output.Suffix("Step 2/4 : COPY run /usr/bin/run"),
|
||||
5: output.Suffix("Step 3/4 : RUN run"),
|
||||
7: output.Suffix("running"),
|
||||
// TODO(krissetto): ugly, remove when no longer testing against moby 24. see https://github.com/moby/moby/pull/46270
|
||||
8: func(s string) error {
|
||||
err := output.Contains("Removed intermediate container")(s) // moby >= v25
|
||||
if err == nil {
|
||||
return nil
|
||||
}
|
||||
return output.Contains("Removing intermediate container")(s) // moby < v25
|
||||
},
|
||||
10: output.Suffix("Step 4/4 : COPY data /data"),
|
||||
12: output.Contains("Successfully built "),
|
||||
13: output.Suffix("Successfully tagged myimage:latest"),
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
Pull (1 of 1): registry:5000/trust-pull:latest@sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501
|
||||
sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501: Pulling from trust-pull
|
||||
registry:5000/trust-pull@sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501: Pulling from trust-pull
|
||||
Digest: sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501
|
||||
Status: Downloaded newer image for registry:5000/trust-pull@sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501
|
||||
registry:5000/trust-pull:latest
|
||||
|
||||
@ -11,6 +11,7 @@ import (
|
||||
"github.com/docker/cli/e2e/internal/fixtures"
|
||||
"github.com/docker/cli/internal/test/environment"
|
||||
"github.com/docker/docker/api/types"
|
||||
"github.com/docker/docker/api/types/versions"
|
||||
"github.com/pkg/errors"
|
||||
"gotest.tools/v3/assert"
|
||||
"gotest.tools/v3/fs"
|
||||
@ -21,6 +22,8 @@ import (
|
||||
const registryPrefix = "registry:5000"
|
||||
|
||||
func TestInstallWithContentTrust(t *testing.T) {
|
||||
// TODO(krissetto): remove this skip once the fix (see https://github.com/moby/moby/pull/47299) is deployed to moby versions < 25
|
||||
skip.If(t, versions.LessThan(environment.DaemonAPIVersion(t), "1.44"))
|
||||
skip.If(t, environment.SkipPluginTests())
|
||||
|
||||
pluginName := fmt.Sprintf("%s/plugin-content-trust", registryPrefix)
|
||||
@ -50,7 +53,7 @@ func TestInstallWithContentTrust(t *testing.T) {
|
||||
fixtures.WithNotary,
|
||||
)
|
||||
result.Assert(t, icmd.Expected{
|
||||
Out: fmt.Sprintf("Status: Downloaded newer image for %s@sha", pluginName),
|
||||
Out: fmt.Sprintf("Installed plugin %s", pluginName),
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
15
e2e/testdata/Dockerfile.connhelper-ssh
vendored
15
e2e/testdata/Dockerfile.connhelper-ssh
vendored
@ -1,5 +1,16 @@
|
||||
FROM docker:test-dind
|
||||
RUN apk --no-cache add shadow openssh-server && \
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
# ENGINE_VERSION is the version of the (docker-in-docker) Docker Engine to
|
||||
# test against.
|
||||
ARG ENGINE_VERSION=25.0
|
||||
|
||||
FROM docker:${ENGINE_VERSION}-dind
|
||||
|
||||
# the openssh-client update is needed for security reasons when using docker:23.0-dind, currently maintained as an lts by mirantis
|
||||
RUN apk --no-cache upgrade openssh-client && \
|
||||
apk --no-cache add shadow openssh-server && \
|
||||
# TODO(krissetto): `groupadd` can be removed once we only test against moby >= v24
|
||||
# see https://github.com/docker-library/docker/pull/470
|
||||
groupadd -f docker && \
|
||||
useradd --create-home --shell /bin/sh --password $(head -c32 /dev/urandom | base64) penguin && \
|
||||
usermod -aG docker penguin && \
|
||||
|
||||
3
e2e/testdata/Dockerfile.evil-notary-server
vendored
3
e2e/testdata/Dockerfile.evil-notary-server
vendored
@ -1,4 +1,7 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG NOTARY_VERSION=0.6.1
|
||||
|
||||
FROM notary:server-${NOTARY_VERSION}
|
||||
|
||||
COPY ./notary-evil/ /fixtures/
|
||||
|
||||
2
e2e/testdata/Dockerfile.gencerts
vendored
2
e2e/testdata/Dockerfile.gencerts
vendored
@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG GO_VERSION=1.21.6
|
||||
ARG GO_VERSION=1.21.8
|
||||
|
||||
FROM golang:${GO_VERSION}-alpine AS generated
|
||||
ENV GOTOOLCHAIN=local
|
||||
|
||||
3
e2e/testdata/Dockerfile.notary-server
vendored
3
e2e/testdata/Dockerfile.notary-server
vendored
@ -1,4 +1,7 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG NOTARY_VERSION=0.6.1
|
||||
|
||||
FROM notary:server-${NOTARY_VERSION}
|
||||
|
||||
COPY ./notary/ /fixtures/
|
||||
|
||||
@ -108,3 +108,14 @@ func SkipIfNotPlatform(t *testing.T, platform string) {
|
||||
daemonPlatform := strings.TrimSpace(result.Stdout())
|
||||
skip.If(t, daemonPlatform != platform, "running against a non %s daemon", platform)
|
||||
}
|
||||
|
||||
// DaemonAPIVersion returns the negotiated daemon API version.
|
||||
func DaemonAPIVersion(t *testing.T) string {
|
||||
t.Helper()
|
||||
// Use Client.APIVersion instead of Server.APIVersion.
|
||||
// The latter is the maximum version that the server supports
|
||||
// while the Client.APIVersion contains the negotiated version.
|
||||
result := icmd.RunCmd(icmd.Command("docker", "version", "--format", "{{.Client.APIVersion}}"))
|
||||
result.Assert(t, icmd.Expected{Err: icmd.None})
|
||||
return strings.TrimSpace(result.Stdout())
|
||||
}
|
||||
|
||||
@ -2,15 +2,12 @@
|
||||
|
||||
set -eu
|
||||
|
||||
: "${CLI_DOCS_TOOL_VERSION=v0.6.0}"
|
||||
: "${CLI_DOCS_TOOL_VERSION=v0.7.0}"
|
||||
|
||||
export GO111MODULE=auto
|
||||
|
||||
function clean {
|
||||
rm -rf "$buildir"
|
||||
if [ -f "$(pwd)/docs/reference/commandline/docker.md" ]; then
|
||||
mv "$(pwd)/docs/reference/commandline/docker.md" "$(pwd)/docs/reference/commandline/cli.md"
|
||||
fi
|
||||
}
|
||||
|
||||
buildir=$(mktemp -d -t docker-cli-docsgen.XXXXXXXXXX)
|
||||
@ -32,12 +29,6 @@ trap clean EXIT
|
||||
go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate/generate.go
|
||||
)
|
||||
|
||||
# yaml generation on docs repo needs the cli.md file: https://github.com/docker/cli/pull/3924#discussion_r1059986605
|
||||
# but markdown generation docker.md atm. While waiting for a fix in cli-docs-tool
|
||||
# we need to first move the cli.md file to docker.md, do the generation and
|
||||
# then move it back in trap handler.
|
||||
mv "$(pwd)/docs/reference/commandline/cli.md" "$(pwd)/docs/reference/commandline/docker.md"
|
||||
|
||||
(
|
||||
set -x
|
||||
/tmp/docsgen --formats md --source "$(pwd)/docs/reference/commandline" --target "$(pwd)/docs/reference/commandline"
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
set -eu
|
||||
|
||||
: "${CLI_DOCS_TOOL_VERSION=v0.5.1}"
|
||||
: "${CLI_DOCS_TOOL_VERSION=v0.7.0}"
|
||||
|
||||
export GO111MODULE=auto
|
||||
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
# Run integration tests against the latest docker-ce dind
|
||||
set -eu -o pipefail
|
||||
|
||||
source ./scripts/build/.variables
|
||||
|
||||
container_ip() {
|
||||
local cid=$1
|
||||
local network=$2
|
||||
@ -69,7 +71,7 @@ runtests() {
|
||||
GOPATH="$GOPATH" \
|
||||
PATH="$PWD/build/:/usr/bin:/usr/local/bin:/usr/local/go/bin" \
|
||||
HOME="$HOME" \
|
||||
DOCKER_CLI_E2E_PLUGINS_EXTRA_DIRS="$PWD/build/plugins-linux-amd64" \
|
||||
DOCKER_CLI_E2E_PLUGINS_EXTRA_DIRS="$PWD/build/plugins-linux-${GOARCH}" \
|
||||
GO111MODULE=auto \
|
||||
"$(command -v gotestsum)" -- ${TESTDIRS:-./e2e/...} ${TESTFLAGS-}
|
||||
}
|
||||
|
||||
@ -12,7 +12,7 @@ require (
|
||||
github.com/creack/pty v1.1.21
|
||||
github.com/distribution/reference v0.5.0
|
||||
github.com/docker/distribution v2.8.3+incompatible
|
||||
github.com/docker/docker v25.0.0-rc.3+incompatible
|
||||
github.com/docker/docker v25.0.4-0.20240306135850-061aa95809be+incompatible // 25.0 branch (v25.0.4-dev)
|
||||
github.com/docker/docker-credential-helpers v0.8.1
|
||||
github.com/docker/go-connections v0.5.0
|
||||
github.com/docker/go-units v0.5.0
|
||||
|
||||
@ -54,8 +54,8 @@ github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5
|
||||
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
|
||||
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
|
||||
github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
|
||||
github.com/docker/docker v25.0.0-rc.3+incompatible h1:f2YaukI/rOEueLwmDGAVcES5E8Y+BT/e7pQWLu/WZSk=
|
||||
github.com/docker/docker v25.0.0-rc.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v25.0.4-0.20240306135850-061aa95809be+incompatible h1:hmSNgyKCSdRid6+TReBw9RCXrzeIs2ACEohBu9qfPt0=
|
||||
github.com/docker/docker v25.0.4-0.20240306135850-061aa95809be+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo=
|
||||
github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
|
||||
github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=
|
||||
|
||||
22
vendor/github.com/docker/docker/api/swagger.yaml
generated
vendored
22
vendor/github.com/docker/docker/api/swagger.yaml
generated
vendored
@ -391,7 +391,11 @@ definitions:
|
||||
ReadOnlyNonRecursive:
|
||||
description: |
|
||||
Make the mount non-recursively read-only, but still leave the mount recursive
|
||||
(unless NonRecursive is set to true in conjunction).
|
||||
(unless NonRecursive is set to `true` in conjunction).
|
||||
|
||||
Addded in v1.44, before that version all read-only mounts were
|
||||
non-recursive by default. To match the previous behaviour this
|
||||
will default to `true` for clients on versions prior to v1.44.
|
||||
type: "boolean"
|
||||
default: false
|
||||
ReadOnlyForceRecursive:
|
||||
@ -1743,8 +1747,12 @@ definitions:
|
||||
description: |
|
||||
Date and time at which the image was created, formatted in
|
||||
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
|
||||
|
||||
This information is only available if present in the image,
|
||||
and omitted otherwise.
|
||||
type: "string"
|
||||
x-nullable: false
|
||||
format: "dateTime"
|
||||
x-nullable: true
|
||||
example: "2022-02-04T21:20:12.497794809Z"
|
||||
Container:
|
||||
description: |
|
||||
@ -8327,6 +8335,16 @@ paths:
|
||||
description: "BuildKit output configuration"
|
||||
type: "string"
|
||||
default: ""
|
||||
- name: "version"
|
||||
in: "query"
|
||||
type: "string"
|
||||
default: "1"
|
||||
enum: ["1", "2"]
|
||||
description: |
|
||||
Version of the builder backend to use.
|
||||
|
||||
- `1` is the first generation classic (deprecated) builder in the Docker daemon (default)
|
||||
- `2` is [BuildKit](https://github.com/moby/buildkit)
|
||||
responses:
|
||||
200:
|
||||
description: "no error"
|
||||
|
||||
3
vendor/github.com/docker/docker/api/types/network/endpoint.go
generated
vendored
3
vendor/github.com/docker/docker/api/types/network/endpoint.go
generated
vendored
@ -14,6 +14,9 @@ type EndpointSettings struct {
|
||||
IPAMConfig *EndpointIPAMConfig
|
||||
Links []string
|
||||
Aliases []string // Aliases holds the list of extra, user-specified DNS names for this endpoint.
|
||||
// MacAddress may be used to specify a MAC address when the container is created.
|
||||
// Once the container is running, it becomes operational data (it may contain a
|
||||
// generated address).
|
||||
MacAddress string
|
||||
// Operational data
|
||||
NetworkID string
|
||||
|
||||
27
vendor/github.com/docker/docker/api/types/network/ipam.go
generated
vendored
27
vendor/github.com/docker/docker/api/types/network/ipam.go
generated
vendored
@ -30,30 +30,9 @@ const (
|
||||
ip6 ipFamily = "IPv6"
|
||||
)
|
||||
|
||||
// HasIPv6Subnets checks whether there's any IPv6 subnets in the ipam parameter. It ignores any invalid Subnet and nil
|
||||
// ipam.
|
||||
func HasIPv6Subnets(ipam *IPAM) bool {
|
||||
if ipam == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
for _, cfg := range ipam.Config {
|
||||
subnet, err := netip.ParsePrefix(cfg.Subnet)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if subnet.Addr().Is6() {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// ValidateIPAM checks whether the network's IPAM passed as argument is valid. It returns a joinError of the list of
|
||||
// errors found.
|
||||
func ValidateIPAM(ipam *IPAM) error {
|
||||
func ValidateIPAM(ipam *IPAM, enableIPv6 bool) error {
|
||||
if ipam == nil {
|
||||
return nil
|
||||
}
|
||||
@ -70,6 +49,10 @@ func ValidateIPAM(ipam *IPAM) error {
|
||||
subnetFamily = ip6
|
||||
}
|
||||
|
||||
if !enableIPv6 && subnetFamily == ip6 {
|
||||
continue
|
||||
}
|
||||
|
||||
if subnet != subnet.Masked() {
|
||||
errs = append(errs, fmt.Errorf("invalid subnet %s: it should be %s", subnet, subnet.Masked()))
|
||||
}
|
||||
|
||||
5
vendor/github.com/docker/docker/api/types/types.go
generated
vendored
5
vendor/github.com/docker/docker/api/types/types.go
generated
vendored
@ -72,7 +72,10 @@ type ImageInspect struct {
|
||||
|
||||
// Created is the date and time at which the image was created, formatted in
|
||||
// RFC 3339 nano-seconds (time.RFC3339Nano).
|
||||
Created string
|
||||
//
|
||||
// This information is only available if present in the image,
|
||||
// and omitted otherwise.
|
||||
Created string `json:",omitempty"`
|
||||
|
||||
// Container is the ID of the container that was used to create the image.
|
||||
//
|
||||
|
||||
2
vendor/github.com/docker/docker/builder/remotecontext/urlutil/urlutil.go
generated
vendored
2
vendor/github.com/docker/docker/builder/remotecontext/urlutil/urlutil.go
generated
vendored
@ -12,7 +12,7 @@ import (
|
||||
|
||||
// urlPathWithFragmentSuffix matches fragments to use as Git reference and build
|
||||
// context from the Git repository. See IsGitURL for details.
|
||||
var urlPathWithFragmentSuffix = regexp.MustCompile(".git(?:#.+)?$")
|
||||
var urlPathWithFragmentSuffix = regexp.MustCompile(`\.git(?:#.+)?$`)
|
||||
|
||||
// IsURL returns true if the provided str is an HTTP(S) URL by checking if it
|
||||
// has a http:// or https:// scheme. No validation is performed to verify if the
|
||||
|
||||
19
vendor/github.com/docker/docker/client/client.go
generated
vendored
19
vendor/github.com/docker/docker/client/client.go
generated
vendored
@ -265,17 +265,22 @@ func (cli *Client) Close() error {
|
||||
// This allows for version-dependent code to use the same version as will
|
||||
// be negotiated when making the actual requests, and for which cases
|
||||
// we cannot do the negotiation lazily.
|
||||
func (cli *Client) checkVersion(ctx context.Context) {
|
||||
if cli.negotiateVersion && !cli.negotiated {
|
||||
cli.NegotiateAPIVersion(ctx)
|
||||
func (cli *Client) checkVersion(ctx context.Context) error {
|
||||
if !cli.manualOverride && cli.negotiateVersion && !cli.negotiated {
|
||||
ping, err := cli.Ping(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
cli.negotiateAPIVersionPing(ping)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// getAPIPath returns the versioned request path to call the API.
|
||||
// It appends the query parameters to the path if they are not empty.
|
||||
func (cli *Client) getAPIPath(ctx context.Context, p string, query url.Values) string {
|
||||
var apiPath string
|
||||
cli.checkVersion(ctx)
|
||||
_ = cli.checkVersion(ctx)
|
||||
if cli.version != "" {
|
||||
v := strings.TrimPrefix(cli.version, "v")
|
||||
apiPath = path.Join(cli.basePath, "/v"+v, p)
|
||||
@ -307,7 +312,11 @@ func (cli *Client) ClientVersion() string {
|
||||
// added (1.24).
|
||||
func (cli *Client) NegotiateAPIVersion(ctx context.Context) {
|
||||
if !cli.manualOverride {
|
||||
ping, _ := cli.Ping(ctx)
|
||||
ping, err := cli.Ping(ctx)
|
||||
if err != nil {
|
||||
// FIXME(thaJeztah): Ping returns an error when failing to connect to the API; we should not swallow the error here, and instead returning it.
|
||||
return
|
||||
}
|
||||
cli.negotiateAPIVersionPing(ping)
|
||||
}
|
||||
}
|
||||
|
||||
4
vendor/github.com/docker/docker/client/container_create.go
generated
vendored
4
vendor/github.com/docker/docker/client/container_create.go
generated
vendored
@ -28,7 +28,9 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return response, err
|
||||
}
|
||||
|
||||
if err := cli.NewVersionError(ctx, "1.25", "stop timeout"); config != nil && config.StopTimeout != nil && err != nil {
|
||||
return response, err
|
||||
|
||||
4
vendor/github.com/docker/docker/client/container_exec.go
generated
vendored
4
vendor/github.com/docker/docker/client/container_exec.go
generated
vendored
@ -18,7 +18,9 @@ func (cli *Client) ContainerExecCreate(ctx context.Context, container string, co
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return response, err
|
||||
}
|
||||
|
||||
if err := cli.NewVersionError(ctx, "1.25", "env"); len(config.Env) != 0 && err != nil {
|
||||
return response, err
|
||||
|
||||
4
vendor/github.com/docker/docker/client/container_restart.go
generated
vendored
4
vendor/github.com/docker/docker/client/container_restart.go
generated
vendored
@ -23,7 +23,9 @@ func (cli *Client) ContainerRestart(ctx context.Context, containerID string, opt
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
if versions.GreaterThanOrEqualTo(cli.version, "1.42") {
|
||||
query.Set("signal", options.Signal)
|
||||
}
|
||||
|
||||
4
vendor/github.com/docker/docker/client/container_stop.go
generated
vendored
4
vendor/github.com/docker/docker/client/container_stop.go
generated
vendored
@ -27,7 +27,9 @@ func (cli *Client) ContainerStop(ctx context.Context, containerID string, option
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
if versions.GreaterThanOrEqualTo(cli.version, "1.42") {
|
||||
query.Set("signal", options.Signal)
|
||||
}
|
||||
|
||||
11
vendor/github.com/docker/docker/client/container_wait.go
generated
vendored
11
vendor/github.com/docker/docker/client/container_wait.go
generated
vendored
@ -30,19 +30,22 @@ const containerWaitErrorMsgLimit = 2 * 1024 /* Max: 2KiB */
|
||||
// synchronize ContainerWait with other calls, such as specifying a
|
||||
// "next-exit" condition before issuing a ContainerStart request.
|
||||
func (cli *Client) ContainerWait(ctx context.Context, containerID string, condition container.WaitCondition) (<-chan container.WaitResponse, <-chan error) {
|
||||
resultC := make(chan container.WaitResponse)
|
||||
errC := make(chan error, 1)
|
||||
|
||||
// Make sure we negotiated (if the client is configured to do so),
|
||||
// as code below contains API-version specific handling of options.
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
errC <- err
|
||||
return resultC, errC
|
||||
}
|
||||
if versions.LessThan(cli.ClientVersion(), "1.30") {
|
||||
return cli.legacyContainerWait(ctx, containerID)
|
||||
}
|
||||
|
||||
resultC := make(chan container.WaitResponse)
|
||||
errC := make(chan error, 1)
|
||||
|
||||
query := url.Values{}
|
||||
if condition != "" {
|
||||
query.Set("condition", string(condition))
|
||||
|
||||
25
vendor/github.com/docker/docker/client/errors.go
generated
vendored
25
vendor/github.com/docker/docker/client/errors.go
generated
vendored
@ -11,15 +11,16 @@ import (
|
||||
|
||||
// errConnectionFailed implements an error returned when connection failed.
|
||||
type errConnectionFailed struct {
|
||||
host string
|
||||
error
|
||||
}
|
||||
|
||||
// Error returns a string representation of an errConnectionFailed
|
||||
func (err errConnectionFailed) Error() string {
|
||||
if err.host == "" {
|
||||
return "Cannot connect to the Docker daemon. Is the docker daemon running on this host?"
|
||||
}
|
||||
return fmt.Sprintf("Cannot connect to the Docker daemon at %s. Is the docker daemon running?", err.host)
|
||||
func (e errConnectionFailed) Error() string {
|
||||
return e.error.Error()
|
||||
}
|
||||
|
||||
func (e errConnectionFailed) Unwrap() error {
|
||||
return e.error
|
||||
}
|
||||
|
||||
// IsErrConnectionFailed returns true if the error is caused by connection failed.
|
||||
@ -29,7 +30,13 @@ func IsErrConnectionFailed(err error) bool {
|
||||
|
||||
// ErrorConnectionFailed returns an error with host in the error message when connection to docker daemon failed.
|
||||
func ErrorConnectionFailed(host string) error {
|
||||
return errConnectionFailed{host: host}
|
||||
var err error
|
||||
if host == "" {
|
||||
err = fmt.Errorf("Cannot connect to the Docker daemon. Is the docker daemon running on this host?")
|
||||
} else {
|
||||
err = fmt.Errorf("Cannot connect to the Docker daemon at %s. Is the docker daemon running?", host)
|
||||
}
|
||||
return errConnectionFailed{error: err}
|
||||
}
|
||||
|
||||
// IsErrNotFound returns true if the error is a NotFound error, which is returned
|
||||
@ -60,7 +67,9 @@ func (cli *Client) NewVersionError(ctx context.Context, APIrequired, feature str
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
if cli.version != "" && versions.LessThan(cli.version, APIrequired) {
|
||||
return fmt.Errorf("%q requires API version %s, but the Docker daemon API version is %s", feature, APIrequired, cli.version)
|
||||
}
|
||||
|
||||
7
vendor/github.com/docker/docker/client/image_list.go
generated
vendored
7
vendor/github.com/docker/docker/client/image_list.go
generated
vendored
@ -13,14 +13,17 @@ import (
|
||||
|
||||
// ImageList returns a list of images in the docker host.
|
||||
func (cli *Client) ImageList(ctx context.Context, options types.ImageListOptions) ([]image.Summary, error) {
|
||||
var images []image.Summary
|
||||
|
||||
// Make sure we negotiated (if the client is configured to do so),
|
||||
// as code below contains API-version specific handling of options.
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return images, err
|
||||
}
|
||||
|
||||
var images []image.Summary
|
||||
query := url.Values{}
|
||||
|
||||
optionFilters := options.Filters
|
||||
|
||||
7
vendor/github.com/docker/docker/client/network_create.go
generated
vendored
7
vendor/github.com/docker/docker/client/network_create.go
generated
vendored
@ -10,12 +10,16 @@ import (
|
||||
|
||||
// NetworkCreate creates a new network in the docker host.
|
||||
func (cli *Client) NetworkCreate(ctx context.Context, name string, options types.NetworkCreate) (types.NetworkCreateResponse, error) {
|
||||
var response types.NetworkCreateResponse
|
||||
|
||||
// Make sure we negotiated (if the client is configured to do so),
|
||||
// as code below contains API-version specific handling of options.
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return response, err
|
||||
}
|
||||
|
||||
networkCreateRequest := types.NetworkCreateRequest{
|
||||
NetworkCreate: options,
|
||||
@ -25,7 +29,6 @@ func (cli *Client) NetworkCreate(ctx context.Context, name string, options types
|
||||
networkCreateRequest.CheckDuplicate = true //nolint:staticcheck // ignore SA1019: CheckDuplicate is deprecated since API v1.44.
|
||||
}
|
||||
|
||||
var response types.NetworkCreateResponse
|
||||
serverResp, err := cli.post(ctx, "/networks/create", nil, networkCreateRequest, nil)
|
||||
defer ensureReaderClosed(serverResp)
|
||||
if err != nil {
|
||||
|
||||
5
vendor/github.com/docker/docker/client/ping.go
generated
vendored
5
vendor/github.com/docker/docker/client/ping.go
generated
vendored
@ -14,7 +14,10 @@ import (
|
||||
// Ping pings the server and returns the value of the "Docker-Experimental",
|
||||
// "Builder-Version", "OS-Type" & "API-Version" headers. It attempts to use
|
||||
// a HEAD request on the endpoint, but falls back to GET if HEAD is not supported
|
||||
// by the daemon.
|
||||
// by the daemon. It ignores internal server errors returned by the API, which
|
||||
// may be returned if the daemon is in an unhealthy state, but returns errors
|
||||
// for other non-success status codes, failing to connect to the API, or failing
|
||||
// to parse the API response.
|
||||
func (cli *Client) Ping(ctx context.Context) (types.Ping, error) {
|
||||
var ping types.Ping
|
||||
|
||||
|
||||
10
vendor/github.com/docker/docker/client/request.go
generated
vendored
10
vendor/github.com/docker/docker/client/request.go
generated
vendored
@ -134,17 +134,18 @@ func (cli *Client) sendRequest(ctx context.Context, method, path string, query u
|
||||
return resp, errdefs.FromStatusCode(err, resp.statusCode)
|
||||
}
|
||||
|
||||
// FIXME(thaJeztah): Should this actually return a serverResp when a connection error occurred?
|
||||
func (cli *Client) doRequest(req *http.Request) (serverResponse, error) {
|
||||
serverResp := serverResponse{statusCode: -1, reqURL: req.URL}
|
||||
|
||||
resp, err := cli.client.Do(req)
|
||||
if err != nil {
|
||||
if cli.scheme != "https" && strings.Contains(err.Error(), "malformed HTTP response") {
|
||||
return serverResp, fmt.Errorf("%v.\n* Are you trying to connect to a TLS-enabled daemon without TLS?", err)
|
||||
return serverResp, errConnectionFailed{fmt.Errorf("%v.\n* Are you trying to connect to a TLS-enabled daemon without TLS?", err)}
|
||||
}
|
||||
|
||||
if cli.scheme == "https" && strings.Contains(err.Error(), "bad certificate") {
|
||||
return serverResp, errors.Wrap(err, "the server probably has client authentication (--tlsverify) enabled; check your TLS client certification settings")
|
||||
return serverResp, errConnectionFailed{errors.Wrap(err, "the server probably has client authentication (--tlsverify) enabled; check your TLS client certification settings")}
|
||||
}
|
||||
|
||||
// Don't decorate context sentinel errors; users may be comparing to
|
||||
@ -156,12 +157,13 @@ func (cli *Client) doRequest(req *http.Request) (serverResponse, error) {
|
||||
if uErr, ok := err.(*url.Error); ok {
|
||||
if nErr, ok := uErr.Err.(*net.OpError); ok {
|
||||
if os.IsPermission(nErr.Err) {
|
||||
return serverResp, errors.Wrapf(err, "permission denied while trying to connect to the Docker daemon socket at %v", cli.host)
|
||||
return serverResp, errConnectionFailed{errors.Wrapf(err, "permission denied while trying to connect to the Docker daemon socket at %v", cli.host)}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if nErr, ok := err.(net.Error); ok {
|
||||
// FIXME(thaJeztah): any net.Error should be considered a connection error (but we should include the original error)?
|
||||
if nErr.Timeout() {
|
||||
return serverResp, ErrorConnectionFailed(cli.host)
|
||||
}
|
||||
@ -190,7 +192,7 @@ func (cli *Client) doRequest(req *http.Request) (serverResponse, error) {
|
||||
}
|
||||
}
|
||||
|
||||
return serverResp, errors.Wrap(err, "error during connect")
|
||||
return serverResp, errConnectionFailed{errors.Wrap(err, "error during connect")}
|
||||
}
|
||||
|
||||
if resp != nil {
|
||||
|
||||
4
vendor/github.com/docker/docker/client/service_create.go
generated
vendored
4
vendor/github.com/docker/docker/client/service_create.go
generated
vendored
@ -25,7 +25,9 @@ func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec,
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return response, err
|
||||
}
|
||||
|
||||
// Make sure containerSpec is not nil when no runtime is set or the runtime is set to container
|
||||
if service.TaskTemplate.ContainerSpec == nil && (service.TaskTemplate.Runtime == "" || service.TaskTemplate.Runtime == swarm.RuntimeContainer) {
|
||||
|
||||
12
vendor/github.com/docker/docker/client/service_update.go
generated
vendored
12
vendor/github.com/docker/docker/client/service_update.go
generated
vendored
@ -16,18 +16,18 @@ import (
|
||||
// It should be the value as set *before* the update. You can find this value in the Meta field
|
||||
// of swarm.Service, which can be found using ServiceInspectWithRaw.
|
||||
func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version swarm.Version, service swarm.ServiceSpec, options types.ServiceUpdateOptions) (swarm.ServiceUpdateResponse, error) {
|
||||
response := swarm.ServiceUpdateResponse{}
|
||||
|
||||
// Make sure we negotiated (if the client is configured to do so),
|
||||
// as code below contains API-version specific handling of options.
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
|
||||
var (
|
||||
query = url.Values{}
|
||||
response = swarm.ServiceUpdateResponse{}
|
||||
)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return response, err
|
||||
}
|
||||
|
||||
query := url.Values{}
|
||||
if options.RegistryAuthFrom != "" {
|
||||
query.Set("registryAuthFrom", options.RegistryAuthFrom)
|
||||
}
|
||||
|
||||
4
vendor/github.com/docker/docker/client/volume_remove.go
generated
vendored
4
vendor/github.com/docker/docker/client/volume_remove.go
generated
vendored
@ -16,7 +16,9 @@ func (cli *Client) VolumeRemove(ctx context.Context, volumeID string, force bool
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
if versions.GreaterThanOrEqualTo(cli.version, "1.25") {
|
||||
query.Set("force", "1")
|
||||
}
|
||||
|
||||
21
vendor/github.com/docker/docker/pkg/ioutils/readers.go
generated
vendored
21
vendor/github.com/docker/docker/pkg/ioutils/readers.go
generated
vendored
@ -3,11 +3,15 @@ package ioutils // import "github.com/docker/docker/pkg/ioutils"
|
||||
import (
|
||||
"context"
|
||||
"io"
|
||||
"runtime/debug"
|
||||
"sync/atomic"
|
||||
|
||||
// make sure crypto.SHA256, crypto.sha512 and crypto.SHA384 are registered
|
||||
// TODO remove once https://github.com/opencontainers/go-digest/pull/64 is merged.
|
||||
_ "crypto/sha256"
|
||||
_ "crypto/sha512"
|
||||
|
||||
"github.com/containerd/log"
|
||||
)
|
||||
|
||||
// ReadCloserWrapper wraps an io.Reader, and implements an io.ReadCloser
|
||||
@ -16,10 +20,15 @@ import (
|
||||
type ReadCloserWrapper struct {
|
||||
io.Reader
|
||||
closer func() error
|
||||
closed atomic.Bool
|
||||
}
|
||||
|
||||
// Close calls back the passed closer function
|
||||
func (r *ReadCloserWrapper) Close() error {
|
||||
if !r.closed.CompareAndSwap(false, true) {
|
||||
subsequentCloseWarn("ReadCloserWrapper")
|
||||
return nil
|
||||
}
|
||||
return r.closer()
|
||||
}
|
||||
|
||||
@ -87,6 +96,7 @@ type cancelReadCloser struct {
|
||||
cancel func()
|
||||
pR *io.PipeReader // Stream to read from
|
||||
pW *io.PipeWriter
|
||||
closed atomic.Bool
|
||||
}
|
||||
|
||||
// NewCancelReadCloser creates a wrapper that closes the ReadCloser when the
|
||||
@ -146,6 +156,17 @@ func (p *cancelReadCloser) closeWithError(err error) {
|
||||
// Close closes the wrapper its underlying reader. It will cause
|
||||
// future calls to Read to return io.EOF.
|
||||
func (p *cancelReadCloser) Close() error {
|
||||
if !p.closed.CompareAndSwap(false, true) {
|
||||
subsequentCloseWarn("cancelReadCloser")
|
||||
return nil
|
||||
}
|
||||
p.closeWithError(io.EOF)
|
||||
return nil
|
||||
}
|
||||
|
||||
func subsequentCloseWarn(name string) {
|
||||
log.G(context.TODO()).Error("subsequent attempt to close " + name)
|
||||
if log.GetLevel() >= log.DebugLevel {
|
||||
log.G(context.TODO()).Errorf("stack trace: %s", string(debug.Stack()))
|
||||
}
|
||||
}
|
||||
|
||||
10
vendor/github.com/docker/docker/pkg/ioutils/writers.go
generated
vendored
10
vendor/github.com/docker/docker/pkg/ioutils/writers.go
generated
vendored
@ -1,6 +1,9 @@
|
||||
package ioutils // import "github.com/docker/docker/pkg/ioutils"
|
||||
|
||||
import "io"
|
||||
import (
|
||||
"io"
|
||||
"sync/atomic"
|
||||
)
|
||||
|
||||
// NopWriter represents a type which write operation is nop.
|
||||
type NopWriter struct{}
|
||||
@ -29,9 +32,14 @@ func (f *NopFlusher) Flush() {}
|
||||
type writeCloserWrapper struct {
|
||||
io.Writer
|
||||
closer func() error
|
||||
closed atomic.Bool
|
||||
}
|
||||
|
||||
func (r *writeCloserWrapper) Close() error {
|
||||
if !r.closed.CompareAndSwap(false, true) {
|
||||
subsequentCloseWarn("WriteCloserWrapper")
|
||||
return nil
|
||||
}
|
||||
return r.closer()
|
||||
}
|
||||
|
||||
|
||||
5
vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go
generated
vendored
5
vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go
generated
vendored
@ -5,6 +5,7 @@ import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"sync"
|
||||
|
||||
"github.com/docker/docker/pkg/jsonmessage"
|
||||
"github.com/docker/docker/pkg/progress"
|
||||
@ -109,6 +110,7 @@ type progressOutput struct {
|
||||
sf formatProgress
|
||||
out io.Writer
|
||||
newLines bool
|
||||
mu sync.Mutex
|
||||
}
|
||||
|
||||
// WriteProgress formats progress information from a ProgressReader.
|
||||
@ -120,6 +122,9 @@ func (out *progressOutput) WriteProgress(prog progress.Progress) error {
|
||||
jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total, HideCounts: prog.HideCounts, Units: prog.Units}
|
||||
formatted = out.sf.formatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux)
|
||||
}
|
||||
|
||||
out.mu.Lock()
|
||||
defer out.mu.Unlock()
|
||||
_, err := out.out.Write(formatted)
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
18
vendor/github.com/docker/docker/pkg/system/xattrs.go
generated
vendored
Normal file
18
vendor/github.com/docker/docker/pkg/system/xattrs.go
generated
vendored
Normal file
@ -0,0 +1,18 @@
|
||||
package system // import "github.com/docker/docker/pkg/system"
|
||||
|
||||
type XattrError struct {
|
||||
Op string
|
||||
Attr string
|
||||
Path string
|
||||
Err error
|
||||
}
|
||||
|
||||
func (e *XattrError) Error() string { return e.Op + " " + e.Attr + " " + e.Path + ": " + e.Err.Error() }
|
||||
|
||||
func (e *XattrError) Unwrap() error { return e.Err }
|
||||
|
||||
// Timeout reports whether this error represents a timeout.
|
||||
func (e *XattrError) Timeout() bool {
|
||||
t, ok := e.Err.(interface{ Timeout() bool })
|
||||
return ok && t.Timeout()
|
||||
}
|
||||
12
vendor/github.com/docker/docker/pkg/system/xattrs_linux.go
generated
vendored
12
vendor/github.com/docker/docker/pkg/system/xattrs_linux.go
generated
vendored
@ -1,8 +1,6 @@
|
||||
package system // import "github.com/docker/docker/pkg/system"
|
||||
|
||||
import (
|
||||
"io/fs"
|
||||
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
@ -10,8 +8,8 @@ import (
|
||||
// and associated with the given path in the file system.
|
||||
// It will returns a nil slice and nil error if the xattr is not set.
|
||||
func Lgetxattr(path string, attr string) ([]byte, error) {
|
||||
pathErr := func(err error) ([]byte, error) {
|
||||
return nil, &fs.PathError{Op: "lgetxattr", Path: path, Err: err}
|
||||
sysErr := func(err error) ([]byte, error) {
|
||||
return nil, &XattrError{Op: "lgetxattr", Attr: attr, Path: path, Err: err}
|
||||
}
|
||||
|
||||
// Start with a 128 length byte array
|
||||
@ -22,7 +20,7 @@ func Lgetxattr(path string, attr string) ([]byte, error) {
|
||||
// Buffer too small, use zero-sized buffer to get the actual size
|
||||
sz, errno = unix.Lgetxattr(path, attr, []byte{})
|
||||
if errno != nil {
|
||||
return pathErr(errno)
|
||||
return sysErr(errno)
|
||||
}
|
||||
dest = make([]byte, sz)
|
||||
sz, errno = unix.Lgetxattr(path, attr, dest)
|
||||
@ -32,7 +30,7 @@ func Lgetxattr(path string, attr string) ([]byte, error) {
|
||||
case errno == unix.ENODATA:
|
||||
return nil, nil
|
||||
case errno != nil:
|
||||
return pathErr(errno)
|
||||
return sysErr(errno)
|
||||
}
|
||||
|
||||
return dest[:sz], nil
|
||||
@ -43,7 +41,7 @@ func Lgetxattr(path string, attr string) ([]byte, error) {
|
||||
func Lsetxattr(path string, attr string, data []byte, flags int) error {
|
||||
err := unix.Lsetxattr(path, attr, data, flags)
|
||||
if err != nil {
|
||||
return &fs.PathError{Op: "lsetxattr", Path: path, Err: err}
|
||||
return &XattrError{Op: "lsetxattr", Attr: attr, Path: path, Err: err}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -53,7 +53,7 @@ github.com/docker/distribution/registry/client/transport
|
||||
github.com/docker/distribution/registry/storage/cache
|
||||
github.com/docker/distribution/registry/storage/cache/memory
|
||||
github.com/docker/distribution/uuid
|
||||
# github.com/docker/docker v25.0.0-rc.3+incompatible
|
||||
# github.com/docker/docker v25.0.4-0.20240306135850-061aa95809be+incompatible
|
||||
## explicit
|
||||
github.com/docker/docker/api
|
||||
github.com/docker/docker/api/types
|
||||
|
||||
Reference in New Issue
Block a user