Slightly more verbose, but makes it easier to see properties
of each test.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 057f3128b6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Experimental is always enabled (977d3ae046),
and the `Experimental` field in plugin metadata was deprecated in
977d3ae046 and removed in commit
6a50c4f700.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit dfbac70efa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this patch, a broken symlink would print a warning;
docker info > /dev/null
WARNING: Plugin "/Users/thajeztah/.docker/cli-plugins/docker-feedback" is not valid: failed to fetch metadata: fork/exec /Users/thajeztah/.docker/cli-plugins/docker-feedback: no such file or directory
After this patch, such symlinks are ignored:
docker info > /dev/null
With debug enabled, we don't ignore the faulty plugin, which will
make the warning shown on docker info;
mkdir -p ~/.docker/cli-plugins
ln -s nosuchplugin ~/.docker/cli-plugins/docker-brokenplugin
docker --debug info
Client:
Version: 29.0.0-dev
Context: default
Debug Mode: true
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.25.0
Path: /usr/libexec/docker/cli-plugins/docker-buildx
WARNING: Plugin "/Users/thajeztah/.docker/cli-plugins/docker-brokenplugin" is not valid: failed to fetch metadata: fork/exec /Users/thajeztah/.docker/cli-plugins/docker-brokenplugin: no such file or directory
# ...
We should als consider passing a "seen" map to de-duplicate entries.
Entries can be either a direct symlink or in a symlinked path (for
which we can filepath.EvalSymlinks). We need to benchmark the overhead
of resolving the symlink vs possibly calling the plugin (to get their
metadata) further down the line.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9b2f831452)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- deprecate sockets.GetProxyEnv, sockets.DialerFromEnvironment
- add support for unix sockets on Windows
- remove legacy CBC cipher suites from client config
- align client and server defaults to be the same.
- remove support for encrypted TLS private keys.
- nat: optimize ParsePortSpec
full diff: https://github.com/docker/go-connections/compare/v0.5.0...v0.6.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3529651fa7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The Apply method was added when CLI options for constructing the CLI were
rewritten into functional options in [cli@7f207f3]. There was no mention
in the pull request of this method specifically, and this may have been
related to work being done elsewhere on compose-on-kubernetes or the
compose-cli plugin that may have needed options to modify the CLI config
after it was already initialized.
We should try to remove functions that mutate the CLI configuration after
initialization if possible (and likely remove the `Apply` method); currently
this function is used in docker compose, but as part of a hack that can
probably be avoided.
[cli@7f207f3]: 7f207f3f95
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 133279fb0d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change updates the builder prune command to send the `ReservedSpace` parameter in preparation of `KeepStorage` deprecation in API v1.52.
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
(cherry picked from commit 7d85d8fbea)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This warning was added in [moby@4a8b3ca] to print a warning when building
Linux images from a Windows client. Window's filesystem does not have an
"executable" bit, which mean that, for example, copying a shell script
to an image during build would lose the executable bit. So for Windows
clients, the executable bit would be set on all files, unconditionally.
Originally this was detected in the client, which had direct access to
the API response headers, but when refactoring the client to use a common
library in [moby@535c4c9], this was refactored into a `ImageBuildResponse`
wrapper, deconstructing the API response into an `io.Reader` and a string
field containing only the `OSType` header.
This was the only use and only purpose of the `OSType` field, and now that
BuildKit is the default builder for Linux images, this warning didn't get
printed unless BuildKit was explicitly disabled.
This patch removes the warning, so that we can potentially remove the
field, or the `ImageBuildResponse` type altogether.
[moby@4a8b3ca]: 4a8b3cad60
[moby@535c4c9]: 535c4c9a59
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit af65ee4584)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Similar to 323fbc485e - this code was added
in [moby@c127d96], but used string-matching to detect cases where a user
tried to install an image as plugin. However, this handling no longer matched
any error-strings, so no longer worked:
docker plugin install busybox
Error response from daemon: did not find plugin config for specified reference docker.io/library/busybox:latest
[moby@c127d96]: c127d9614f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit fb3f2da50e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This special handling was added in [moby@9b6dcc8], and later updated in
[moby@c127d96], but it fully depended on string-matching, which is brittle.
Testing the original ticket that lead to this handling, it looks like the
string matching no longer works, and the daemon error is returned as-is:
With graphdrivers:
docker pull tiborvass/no-remove
Using default tag: latest
Error response from daemon: Encountered remote "application/vnd.docker.plugin.v0+json"(unknown) when fetching
With containerd snapshotters enabled:
docker pull tiborvass/no-remove
Using default tag: latest
latest: Pulling from tiborvass/no-remove
cf635291f7c9: Download complete
failed to unpack image on snapshotter overlayfs: mismatched image rootfs and manifest layers
The error-message for containerd can probably be improved, but as the special
handling in the CLI no longer works, we can remove it.
[moby@9b6dcc8]: 9b6dcc8b9d
[moby@c127d96]: c127d9614f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 323fbc485e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This code was missing a check for the ID field before truncating it to a
shorter length for presentation. This would result in a panic if an event
would either have an empty ID field or a shorter length ID;
panic: runtime error: slice bounds out of range [:12] with length 0
goroutine 82 [running]:
github.com/docker/cli/cli/command/container.RunStats.func2({{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x40001fcba0, 0x9}, {0x40001fcba9, 0x5}, ...})
/go/src/github.com/docker/cli/cli/command/container/stats.go:146 +0x1d0
created by github.com/docker/cli/cli/command/container.(*eventHandler).watch in goroutine 6
/go/src/github.com/docker/cli/cli/command/container/stats.go:363 +0x1c8
We need to look at this code in general; the truncated ID is passed to
NewStats, which uses the ID to propagate the `Container` field in the
`StatsEntry` struct. which is not used in the default format used by
`docker stats` and, having the same content as the `ID` field on the
same struct, doesn't make it very useful, other than being able to
present it under a `CONTAINER` column (instead of `CONTAINER ID`);
we should consider deprecating it; there may be some subtle things
to look into here; the `Container` field originally held the container
name. This was changed in [moby@ef915fd], which introduced separate
`ID` and `Name` fields, renaming the old `Name` field to container.
Looking at [`Stats.SetStatistics()`] and related code in [stats_helpers.go],
the `Container` field is used as the "canonical" reference for the stats
record; this allows the stats _data_ to be refreshed when a new stats
sample arrives for the same container (also see [moby@929a77b], which
moved locking to the `Stats` wrapper struct). This construct allows to
account for intermediate states, where a stats sample was incomplete
or could produce an error; in that case, the reference to the container
for which the stats were sampled is kept to allow removing a container
from the list once the container was removed. We should consider removing
`Container` as a formatting option, and moving the `Container` field to
the outer struct; this makes the outer struct responsible for keeping a
reference to the container, allowing the `StatsEntry` as a whole to be
replaced atomically.
This patch only addresses the panic;
- It changes the logic to preserve the container ID verbatim instead
of truncating. This allows stats samples to be matched against the
`Actor.ID` as-is.
- Truncating the `Container` is moved to the presentation logic;
currently this does not take `--no-trunc` into account to keep
the existing behavior, but we can (should) consider adding this.
- Logging is improved to use structured logs, and an extra check is
added to prevent empty IDs from being added as watcher.
[`Stats.SetStatistics()`]: 82281087e3/cli/command/container/formatter_stats.go (L88-L94)
[moby@ef915fd]: ef915fd036
[moby@929a77b]: 929a77b814
[stats_helpers.go]: 82281087e3/cli/command/container/stats_helpers.go (L26-L51)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9b79e48646)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Use sub-tests
- Don't use un-named keys
- Add test-cases for 'Name', 'ID' and custom container names
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b9314938b7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Don't use unnamed keys
- Use sub-tests
- Add test-cases for Name and ID fields
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b8cda96d11)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Mirantis Container Runtime (MCR) 23.0 reached EOL, and the next LTS
version of MCR is 25.x
- Docker 26.x reached EOL and is no longer maintained
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 83e40c39b4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It it just a chain of `New("sometag").Parse(...)`, and most of our
uses don't use a tag for the template, so can call Parse.
There's no public users of this function, but deprecating it first
just in case.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7ab3e7e774)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We may still change this, but in the client module, the signature
of the client.Opt changed to now include a non-exported type, which
means that we can't construct a custom option that is implemented
using client options:
#18 16.94 # github.com/docker/cli/cli/context/docker
#18 16.94 cli/context/docker/load.go:105:29: cannot use withHTTPClient(tlsConfig) (value of type func(*client.Client) error) as client.Opt value in argument to append
#18 16.94 cli/context/docker/load.go:152:6: cannot use c (variable of type *client.Client) as *client.clientConfig value in argument to client.WithHTTPClient(&http.Client{…})
We can consider exporting the `client.clientConfig` type (but keep its
fields non-exported), but for this use, we don't strictly need it, so
let's change the implementation to not having to depend on that.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e7d14d905e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We may still change this, but in the client module, the signature
of the client.Opt changed to now include a non-exported type, which
means that we can't construct a custom option that is implemented
using client options:
#18 16.94 # github.com/docker/cli/cli/context/docker
#18 16.94 cli/context/docker/load.go:105:29: cannot use withHTTPClient(tlsConfig) (value of type func(*client.Client) error) as client.Opt value in argument to append
#18 16.94 cli/context/docker/load.go:152:6: cannot use c (variable of type *client.Client) as *client.clientConfig value in argument to client.WithHTTPClient(&http.Client{…})
We can consider exporting the `client.clientConfig` type (but keep its
fields non-exported), but for this use, we don't strictly need it, so
let's change the implementation to not having to depend on that.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b0b0e457f0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This includes 1 security fix:
- net/http: CrossOriginProtection bypass patterns are over-broad
When passing patterns to CrossOriginProtection.AddInsecureBypassPattern,
requests that would have redirected to those patterns (e.g. without a trailing
slash) were also exempted, which might be unexpected.
Thanks to Marco Gazerro for reporting this issue.
This is CVE-2025-47910 and Go issue https://go.dev/issue/75054.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.7
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit f64b8a332d)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
With this patch, completion is provided for images already present
in the local image cache to help pulling the latest version of the
same tag;
docker pull go<tab>
golang:1.12 golang:1.18.0 golang:1.21 golang:1.24 gopher:latest
golang:1.13 golang:1.20 golang:1.23 golang:latest
docker pull golang:<tab>
1.12 1.13 1.18.0 1.20 1.21 1.23 1.24 latest
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5bf3c6793d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This const was added in 846ecf59ff, but
only used internally. This patch deprecates the const, to be removed
in the next release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 18cdc25bb4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This alias was added in 4321293972, which is
part of v28.0, but did not deprecate them. They are no longer used in the
CLI itself, but may be used by cli-plugin implementations.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6fa7d18320)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
