From 53ed958805457ab838d93caacd20c0e28100501a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 6 Aug 2025 16:55:22 +0200 Subject: [PATCH 1/4] cli/command: remove AddTrustSigningFlags it was only used internally in a single location, so inline the code where it's used. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 8c2292797807ae6c7a324984a406e09d66a8ca48) Signed-off-by: Sebastiaan van Stijn --- cli/command/image/push.go | 2 +- cli/command/trust.go | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/cli/command/image/push.go b/cli/command/image/push.go index cd79ff9289..1ef31aedd7 100644 --- a/cli/command/image/push.go +++ b/cli/command/image/push.go @@ -57,7 +57,7 @@ func NewPushCommand(dockerCli command.Cli) *cobra.Command { flags := cmd.Flags() flags.BoolVarP(&opts.all, "all-tags", "a", false, "Push all tags of an image to the repository") flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Suppress verbose output") - command.AddTrustSigningFlags(flags, &opts.untrusted, dockerCli.ContentTrustEnabled()) + flags.BoolVar(&opts.untrusted, "disable-content-trust", !dockerCli.ContentTrustEnabled(), "Skip image signing") // Don't default to DOCKER_DEFAULT_PLATFORM env variable, always default to // pushing the image as-is. This also avoids forcing the platform selection diff --git a/cli/command/trust.go b/cli/command/trust.go index 65f2408585..c802a14e1f 100644 --- a/cli/command/trust.go +++ b/cli/command/trust.go @@ -8,8 +8,3 @@ import ( func AddTrustVerificationFlags(fs *pflag.FlagSet, v *bool, trusted bool) { fs.BoolVar(v, "disable-content-trust", !trusted, "Skip image verification") } - -// AddTrustSigningFlags adds "signing" flags to the provided flagset -func AddTrustSigningFlags(fs *pflag.FlagSet, v *bool, trusted bool) { - fs.BoolVar(v, "disable-content-trust", !trusted, "Skip image signing") -} From 7126bf7d22f4dfd0d4b3afe2de7ebb28d0e89c78 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 19 Aug 2025 18:30:46 +0200 Subject: [PATCH 2/4] [28.x] remove some uses of AddTrustVerificationFlags These were already removed in master, so adding an extra commit in the 28.x branch to remove their use. Signed-off-by: Sebastiaan van Stijn --- cli/command/image/build.go | 2 +- cli/command/plugin/install.go | 2 +- cli/command/plugin/push.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cli/command/image/build.go b/cli/command/image/build.go index 6c6db76675..15448e7b49 100644 --- a/cli/command/image/build.go +++ b/cli/command/image/build.go @@ -145,7 +145,7 @@ func NewBuildCommand(dockerCli command.Cli) *cobra.Command { flags.SetAnnotation("target", annotation.ExternalURL, []string{"https://docs.docker.com/reference/cli/docker/buildx/build/#target"}) flags.StringVar(&options.imageIDFile, "iidfile", "", "Write the image ID to the file") - command.AddTrustVerificationFlags(flags, &options.untrusted, dockerCli.ContentTrustEnabled()) + flags.BoolVar(&options.untrusted, "disable-content-trust", !dockerCli.ContentTrustEnabled(), "Skip image verification") flags.StringVar(&options.platform, "platform", os.Getenv("DOCKER_DEFAULT_PLATFORM"), "Set platform if server is multi-platform capable") flags.SetAnnotation("platform", "version", []string{"1.38"}) diff --git a/cli/command/plugin/install.go b/cli/command/plugin/install.go index 33a7179edd..31f123ddfe 100644 --- a/cli/command/plugin/install.go +++ b/cli/command/plugin/install.go @@ -31,7 +31,7 @@ type pluginOptions struct { func loadPullFlags(dockerCli command.Cli, opts *pluginOptions, flags *pflag.FlagSet) { flags.BoolVar(&opts.grantPerms, "grant-all-permissions", false, "Grant all permissions necessary to run the plugin") - command.AddTrustVerificationFlags(flags, &opts.untrusted, dockerCli.ContentTrustEnabled()) + flags.BoolVar(&opts.untrusted, "disable-content-trust", !dockerCli.ContentTrustEnabled(), "Skip image verification") } func newInstallCommand(dockerCli command.Cli) *cobra.Command { diff --git a/cli/command/plugin/push.go b/cli/command/plugin/push.go index 573ae3d0ae..f70e36910c 100644 --- a/cli/command/plugin/push.go +++ b/cli/command/plugin/push.go @@ -33,7 +33,7 @@ func newPushCommand(dockerCli command.Cli) *cobra.Command { flags := cmd.Flags() - command.AddTrustSigningFlags(flags, &opts.untrusted, dockerCli.ContentTrustEnabled()) + flags.BoolVar(&opts.untrusted, "disable-content-trust", !dockerCli.ContentTrustEnabled(), "Skip image signing") return cmd } From 4e00c31c71cbac90d8746f856cf1a17d24f5ec19 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 6 Aug 2025 16:57:22 +0200 Subject: [PATCH 3/4] cli/command: remove AddTrustVerificationFlags It was only used internally; inline it where used. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit c0fbbe05ca09ccbfed34d76287832ea30f05db05) Signed-off-by: Sebastiaan van Stijn --- cli/command/container/create.go | 2 +- cli/command/container/run.go | 2 +- cli/command/image/pull.go | 2 +- cli/command/trust.go | 10 ---------- 4 files changed, 3 insertions(+), 13 deletions(-) delete mode 100644 cli/command/trust.go diff --git a/cli/command/container/create.go b/cli/command/container/create.go index 9906f63b22..4d58d00ae2 100644 --- a/cli/command/container/create.go +++ b/cli/command/container/create.go @@ -87,7 +87,7 @@ func NewCreateCommand(dockerCli command.Cli) *cobra.Command { flags.Bool("help", false, "Print usage") command.AddPlatformFlag(flags, &options.platform) - command.AddTrustVerificationFlags(flags, &options.untrusted, dockerCli.ContentTrustEnabled()) + flags.BoolVar(&options.untrusted, "disable-content-trust", !dockerCli.ContentTrustEnabled(), "Skip image verification") copts = addFlags(flags) addCompletions(cmd, dockerCli) diff --git a/cli/command/container/run.go b/cli/command/container/run.go index b86ad9d5b2..20c1f7ca4b 100644 --- a/cli/command/container/run.go +++ b/cli/command/container/run.go @@ -67,7 +67,7 @@ func NewRunCommand(dockerCli command.Cli) *cobra.Command { flags.Bool("help", false, "Print usage") command.AddPlatformFlag(flags, &options.platform) - command.AddTrustVerificationFlags(flags, &options.untrusted, dockerCli.ContentTrustEnabled()) + flags.BoolVar(&options.untrusted, "disable-content-trust", !dockerCli.ContentTrustEnabled(), "Skip image verification") copts = addFlags(flags) _ = cmd.RegisterFlagCompletionFunc("detach-keys", completeDetachKeys) diff --git a/cli/command/image/pull.go b/cli/command/image/pull.go index 235e3a7a17..5e4b3736ca 100644 --- a/cli/command/image/pull.go +++ b/cli/command/image/pull.go @@ -51,7 +51,7 @@ func NewPullCommand(dockerCli command.Cli) *cobra.Command { flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Suppress verbose output") command.AddPlatformFlag(flags, &opts.platform) - command.AddTrustVerificationFlags(flags, &opts.untrusted, dockerCli.ContentTrustEnabled()) + flags.BoolVar(&opts.untrusted, "disable-content-trust", !dockerCli.ContentTrustEnabled(), "Skip image verification") _ = cmd.RegisterFlagCompletionFunc("platform", completion.Platforms) diff --git a/cli/command/trust.go b/cli/command/trust.go deleted file mode 100644 index c802a14e1f..0000000000 --- a/cli/command/trust.go +++ /dev/null @@ -1,10 +0,0 @@ -package command - -import ( - "github.com/spf13/pflag" -) - -// AddTrustVerificationFlags adds content trust flags to the provided flagset -func AddTrustVerificationFlags(fs *pflag.FlagSet, v *bool, trusted bool) { - fs.BoolVar(v, "disable-content-trust", !trusted, "Skip image verification") -} From 80884714dea5b0d764892e495a30cc13864326d8 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 6 Aug 2025 17:15:32 +0200 Subject: [PATCH 4/4] cli/command: remove AddPlatformFlag utility It was only used internally and has no external users. It should not be used for new uses, because it also adds a minimum API version constraint and a default from env-var, which must be evaluated for each individual use of such flags. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 7026e68a7195f2bd9a6b9b5c6ce0e5e38e20973d) Signed-off-by: Sebastiaan van Stijn --- cli/command/container/create.go | 5 ++++- cli/command/container/opts.go | 10 ++++++++++ cli/command/container/run.go | 3 ++- cli/command/image/import.go | 2 +- cli/command/image/opts.go | 17 +++++++++++++++++ cli/command/image/pull.go | 2 +- cli/command/utils.go | 7 ------- 7 files changed, 35 insertions(+), 11 deletions(-) create mode 100644 cli/command/image/opts.go diff --git a/cli/command/container/create.go b/cli/command/container/create.go index 4d58d00ae2..736ee568ea 100644 --- a/cli/command/container/create.go +++ b/cli/command/container/create.go @@ -86,7 +86,10 @@ func NewCreateCommand(dockerCli command.Cli) *cobra.Command { // with hostname flags.Bool("help", false, "Print usage") - command.AddPlatformFlag(flags, &options.platform) + // TODO(thaJeztah): consider adding platform as "image create option" on containerOptions + addPlatformFlag(flags, &options.platform) + _ = cmd.RegisterFlagCompletionFunc("platform", completion.Platforms) + flags.BoolVar(&options.untrusted, "disable-content-trust", !dockerCli.ContentTrustEnabled(), "Skip image verification") copts = addFlags(flags) diff --git a/cli/command/container/opts.go b/cli/command/container/opts.go index 647dc5d510..16b9176db9 100644 --- a/cli/command/container/opts.go +++ b/cli/command/container/opts.go @@ -141,6 +141,16 @@ type containerOptions struct { Args []string } +// addPlatformFlag adds "--platform" to a set of flags for API version 1.32 and +// later, using the value of "DOCKER_DEFAULT_PLATFORM" (if set) as a default. +// +// It should not be used for new uses, which may have a different API version +// requirement. +func addPlatformFlag(flags *pflag.FlagSet, target *string) { + flags.StringVar(target, "platform", os.Getenv("DOCKER_DEFAULT_PLATFORM"), "Set platform if server is multi-platform capable") + _ = flags.SetAnnotation("platform", "version", []string{"1.32"}) +} + // addFlags adds all command line flags that will be used by parse to the FlagSet func addFlags(flags *pflag.FlagSet) *containerOptions { copts := &containerOptions{ diff --git a/cli/command/container/run.go b/cli/command/container/run.go index 20c1f7ca4b..6c5748a67a 100644 --- a/cli/command/container/run.go +++ b/cli/command/container/run.go @@ -66,7 +66,8 @@ func NewRunCommand(dockerCli command.Cli) *cobra.Command { // with hostname flags.Bool("help", false, "Print usage") - command.AddPlatformFlag(flags, &options.platform) + // TODO(thaJeztah): consider adding platform as "image create option" on containerOptions + addPlatformFlag(flags, &options.platform) flags.BoolVar(&options.untrusted, "disable-content-trust", !dockerCli.ContentTrustEnabled(), "Skip image verification") copts = addFlags(flags) diff --git a/cli/command/image/import.go b/cli/command/image/import.go index a55ea4ab5b..f0da5c6a47 100644 --- a/cli/command/image/import.go +++ b/cli/command/image/import.go @@ -47,7 +47,7 @@ func NewImportCommand(dockerCli command.Cli) *cobra.Command { options.changes = dockeropts.NewListOpts(nil) flags.VarP(&options.changes, "change", "c", "Apply Dockerfile instruction to the created image") flags.StringVarP(&options.message, "message", "m", "", "Set commit message for imported image") - command.AddPlatformFlag(flags, &options.platform) + addPlatformFlag(flags, &options.platform) _ = cmd.RegisterFlagCompletionFunc("platform", completion.Platforms) return cmd diff --git a/cli/command/image/opts.go b/cli/command/image/opts.go new file mode 100644 index 0000000000..37378b6ece --- /dev/null +++ b/cli/command/image/opts.go @@ -0,0 +1,17 @@ +package image + +import ( + "os" + + "github.com/spf13/pflag" +) + +// addPlatformFlag adds "--platform" to a set of flags for API version 1.32 and +// later, using the value of "DOCKER_DEFAULT_PLATFORM" (if set) as a default. +// +// It should not be used for new uses, which may have a different API version +// requirement. +func addPlatformFlag(flags *pflag.FlagSet, target *string) { + flags.StringVar(target, "platform", os.Getenv("DOCKER_DEFAULT_PLATFORM"), "Set platform if server is multi-platform capable") + _ = flags.SetAnnotation("platform", "version", []string{"1.32"}) +} diff --git a/cli/command/image/pull.go b/cli/command/image/pull.go index 5e4b3736ca..c916bad24f 100644 --- a/cli/command/image/pull.go +++ b/cli/command/image/pull.go @@ -50,7 +50,7 @@ func NewPullCommand(dockerCli command.Cli) *cobra.Command { flags.BoolVarP(&opts.all, "all-tags", "a", false, "Download all tagged images in the repository") flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Suppress verbose output") - command.AddPlatformFlag(flags, &opts.platform) + addPlatformFlag(flags, &opts.platform) flags.BoolVar(&opts.untrusted, "disable-content-trust", !dockerCli.ContentTrustEnabled(), "Skip image verification") _ = cmd.RegisterFlagCompletionFunc("platform", completion.Platforms) diff --git a/cli/command/utils.go b/cli/command/utils.go index f024ffd278..5987b53717 100644 --- a/cli/command/utils.go +++ b/cli/command/utils.go @@ -15,7 +15,6 @@ import ( "github.com/docker/cli/internal/prompt" "github.com/docker/docker/api/types/filters" "github.com/pkg/errors" - "github.com/spf13/pflag" ) const ErrPromptTerminated = prompt.ErrTerminated @@ -94,12 +93,6 @@ func PruneFilters(dockerCLI config.Provider, pruneFilters filters.Args) filters. return pruneFilters } -// AddPlatformFlag adds `platform` to a set of flags for API version 1.32 and later. -func AddPlatformFlag(flags *pflag.FlagSet, target *string) { - flags.StringVar(target, "platform", os.Getenv("DOCKER_DEFAULT_PLATFORM"), "Set platform if server is multi-platform capable") - _ = flags.SetAnnotation("platform", "version", []string{"1.32"}) -} - // ValidateOutputPath validates the output paths of the "docker cp" command. func ValidateOutputPath(path string) error { dir := filepath.Dir(filepath.Clean(path))