Commit Graph

9343 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 688de6db16 Merge pull request #4769 from laurazard/signal-handling-fix-tty
plugins: run plugin with new process group ID
2024-01-12 22:06:23 +01:00
Laura Brehm ef5e5fa03f plugins: run plugin with new process group ID
Changes were made in 1554ac3b5f to provide
a mechanism for the CLI to notify running plugin processes that they
should exit, in order to improve the general CLI/plugin UX. The current
implementation boils down to:
1. The CLI creates a socket
2. The CLI executes the plugin
3. The plugin connects to the socket
4. (When) the CLI receives a termination signal, it uses the socket to
   notify the plugin that it should exit
5. The plugin's gets notified via the socket, and cancels it's `cmd.Context`,
   which then gets handled appropriately

This change works in most cases and fixes the issue it sets out to solve
(see: https://github.com/docker/compose/pull/11292) however, in the case
where the user has a TTY attached and the plugin is not already handling
received signals, steps 4+ changes:
4. (When) the CLI receives a termination signal, before it can use the
   socket to notify the plugin that it should exit, the plugin process
   also receives a signal due to sharing the pgid with the CLI

Since we now have a proper "job control" mechanism, we can simplify the
scenarios by executing the plugins with their own process group id,
thereby removing the "double notification" issue and making it so that
plugins can handle the same whether attached to a TTY or not.

In order to make this change "plugin-binary" backwards-compatible, in
the case that a plugin does not connect to the socket, the CLI passes
the signal to the plugin process.

Co-authored-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-01-12 13:53:28 -07:00
Sebastiaan van Stijn ad12276ea0 Merge pull request #4783 from laurazard/fix-no-abstract-sockets
cli-plugins: don't use abstract sockets on macOS
2024-01-12 21:40:06 +01:00
Sebastiaan van Stijn a226502619 Merge pull request #4784 from thaJeztah/vendor_containerd
vendor: github.com/containerd/containerd v1.7.12
2024-01-12 21:14:36 +01:00
Bjorn Neergaard 6d0b329b0d cli-plugins: use non-abstract socket on darwin
As macOS does not support the abstract socket namespace, use a temporary
socket in $TMPDIR to connect with the plugin. Ensure this socket is
cleaned up even in the case of crash/ungraceful termination by removing
it after the first connection is accepted.

Co-authored-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-01-12 12:30:27 -07:00
Bjorn Neergaard dbf992f91f cli-plugins: move socket code into common package
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-01-12 11:49:25 -07:00
Sebastiaan van Stijn 8b6ffbdf77 vendor: github.com/containerd/containerd v1.7.12
- full diff: https://github.com/containerd/containerd/compare/v1.7.11...v1.7.12
- release notes: https://github.com/containerd/containerd/releases/tag/v1.7.12

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-12 19:31:12 +01:00
Sebastiaan van Stijn 52b740ac27 Merge pull request #4781 from thaJeztah/bump_buildx_compose
Dockerfile: update buildx to v0.12.1
2024-01-12 18:32:47 +01:00
Sebastiaan van Stijn d469be256e Merge pull request #4752 from vvoland/ci-bin-image
ci: Add bin-image workflow
2024-01-12 15:50:30 +01:00
Sebastiaan van Stijn ccc7ad2f2c Dockerfile: update buildx to v0.12.1
Update the version of buildx used in CI to the latest version.

- full diff: https://github.com/docker/buildx/compare/v0.12.0...v0.12.1
- release notes: https://github.com/docker/buildx/releases/tag/v0.12.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-12 15:29:58 +01:00
Sebastiaan van Stijn 708d1136d6 Merge pull request #4782 from thaJeztah/bump_compose
Dockerfile: update docker compose to v2.24.0
2024-01-12 15:29:33 +01:00
Sebastiaan van Stijn fdcb78a0fe Dockerfile: update docker compose to v2.24.0
Update the version of compose used in CI to the latest version.

- full diff: https://github.com/docker/compose/compare/v2.22.0...v2.24.0
- release notes: https://github.com/docker/compose/releases/tag/v2.24.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-12 14:39:08 +01:00
Paweł Gronowski 15d4c99f38 ci: Add bin-image workflow
Build and push an image containing a static CLI binary for master branch
and every release branch and tag.

This is a slightly adjusted copy of the bin-image workflow from
docker/buildx (by @crazy-max).

Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-01-12 12:28:20 +01:00
Paweł Gronowski ecf338f43b scripts/build: Handle VERSION containing git ref
Transform `VERSION` variable if it contains a git ref.
This is the same as moby does (with "<<<" bashism removed).

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-01-12 12:28:18 +01:00
Paweł Gronowski 6ad07f2a4b Dockerfile/binary: Output the binary directly
`scripts/make/binary` produces `docker` file that is a symlink to a
`docker-<platform>` file.
Make the `binary` Dockerfile target produce an image that only contains
the `docker` binary and not the symlink.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-01-12 12:28:15 +01:00
Sebastiaan van Stijn 859154b94c Merge pull request #4778 from thaJeztah/cmd_docker_smaller_interface
cmd/docker: registerCompletionFuncForGlobalFlags: take store.Store as argument
2024-01-11 22:50:47 +01:00
Sebastiaan van Stijn 76e09dd44b Merge pull request #4777 from thaJeztah/pluginmanager_smaller_interface
cli-plugins/manager: getPluginDirs: take ConfigFile as argument
2024-01-11 22:50:31 +01:00
Sebastiaan van Stijn a745bffb86 Merge pull request #4776 from thaJeztah/fix_shadow
cli-plugins: helloworld: rename var that collided with import
2024-01-11 22:50:12 +01:00
Sebastiaan van Stijn e5d225de16 Merge pull request #4775 from thaJeztah/move_main
cmd/docker: move main() to the top
2024-01-11 22:49:48 +01:00
Sebastiaan van Stijn 0e37dd49f0 cmd/docker: registerCompletionFuncForGlobalFlags: take store.Store as argument
Update this function to accept a smaller interface, as it doesn't need
all of "CLI". Also return errors encountered during its operation (although
the caller currently has no error return on its own).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-11 22:31:17 +01:00
Sebastiaan van Stijn c0a0b05dc8 cli-plugins: helloworld: rename var that collided with import
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-11 22:25:15 +01:00
Sebastiaan van Stijn 11b2e871bc cmd/docker: move main() to the top
It was hidden half-way the file; let's move it to the top, where I'd expect
to find it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-11 22:19:17 +01:00
Sebastiaan van Stijn 4dc2c895b1 cli-plugins/manager: getPluginDirs: take ConfigFile as argument
Update this function to accept a smaller interface, as it doesn't need
all of "CLI".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-11 18:15:30 +01:00
Sebastiaan van Stijn c825db8a69 Merge pull request #4773 from thaJeztah/daemon_fix_env_table
docs: dockerd: fix markdown table, and rephrase environment-variables intro
2024-01-11 15:31:56 +01:00
Sebastiaan van Stijn 79992184e0 docs: dockerd: rephrase environment-variables intro
Slightly rephrase the intro (remove "easy reference"), and cross-reference
the corresponding section on the docker CLI page.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-11 14:55:16 +01:00
Sebastiaan van Stijn 4d2b4e7fba docs: dockerd: fix stray column-separateor in env-var table
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-11 13:54:39 +01:00
Sebastiaan van Stijn 5a31004bdb Merge pull request #4772 from thaJeztah/update_credential_helpers
vendor: github.com/docker/docker-credential-helpers v0.8.1
2024-01-10 23:00:53 +01:00
Sebastiaan van Stijn a5e5563f13 vendor: github.com/docker/docker-credential-helpers v0.8.1
full diff: https://github.com/docker/docker-credential-helpers/compare/v0.8.0...v0.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-10 22:35:03 +01:00
Sebastiaan van Stijn bc6b9d9c4b Merge pull request #4766 from thaJeztah/update_golang_1.21.6
update to go1.21.6
2024-01-10 17:59:42 +01:00
Sebastiaan van Stijn 4f49508861 update to go1.21.6
go1.21.6 (released 2024-01-09) includes fixes to the compiler, the runtime, and
the crypto/tls, maps, and runtime/pprof packages. See the Go 1.21.6 milestone on
our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.6+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.5...go1.21.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-10 09:41:03 +01:00
Sebastiaan van Stijn cfe18f5e03 Merge pull request #4760 from thaJeztah/improve_asserts
cli/compose/loader: use golden.Assert() for readability
2024-01-08 16:59:16 +01:00
Sebastiaan van Stijn 26f59b2f66 cli/compose/loader: use golden.Assert() for readability
golden.AssertBytes prints the failure as a bytes-array, which makes
it not human-readable; let's compare strings instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 14:16:19 +01:00
Sebastiaan van Stijn 5c6ca07208 Merge pull request #4758 from thaJeztah/bump_assorted
vendor: update some (test) dependencies
2024-01-08 12:39:50 +01:00
Sebastiaan van Stijn 9db56ea2f6 vendor: golang.org/x/tools v0.16.0, golang.org/x/mod v0.14.0
removes dependency on golang.org/x/sys/execabs

full diff:

- https://github.com/golang/tools/compare/v0.10.0...v0.16.0
- https://github.com/golang/mod/compare/v0.11.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 11:02:26 +01:00
Sebastiaan van Stijn efae960e5a vendor: golang.org/x/net v0.19.0
drops various code to support go1.17 and older

full diff: https://golang.org/x/net/compare/v0.17.0...v0.19.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:55:39 +01:00
Sebastiaan van Stijn 996cce9098 vendor: golang.org/x/sync v0.6.0
full diff: https://github.com/golang/sync/compare/v0.3.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:52:47 +01:00
Sebastiaan van Stijn 4b10e55256 vendor: github.com/google/go-cmp v0.6.0
- removes purego fallbacks

full diff: https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:25:45 +01:00
Sebastiaan van Stijn 1ebc233b4b vendor: github.com/creack/pty v1.1.21
full diff: https://github.com/creack/pty/compare/v1.18.0...v1.21.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:22:09 +01:00
Sebastiaan van Stijn 4b06a93c5e Merge pull request #4757 from thaJeztah/go_connection_0.5.0
vendor: github.com/docker/go-connections v0.5.0
2024-01-05 23:01:04 +01:00
Sebastiaan van Stijn b4fe77a124 vendor: github.com/docker/go-connections v0.5.0
no diff, as the tag is the same commit as we used already;
https://github.com/docker/go-connections/compare/fa09c952e3ea...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 18:25:04 +01:00
Sebastiaan van Stijn acbc2540ae Merge pull request #4748 from thaJeztah/update_nosec
change back nolint -> nosec
2024-01-05 17:17:10 +01:00
Paweł Gronowski 1df7161b4b Merge pull request #4756 from dvdksn/fix-run-flag-example-heading-levels
docs: fix incorrect heading levels in docker run reference
2024-01-05 16:52:29 +01:00
David Karlsson 909111b3ad docs: fix incorrect heading levels in docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-01-05 16:41:26 +01:00
Sebastiaan van Stijn 26e3eb32ce Merge pull request #4753 from thaJeztah/bump_engine
vendor: github.com/docker/docker v25.0.0-rc.1
2024-01-05 14:56:51 +01:00
Sebastiaan van Stijn b36c16d38d Merge pull request #4754 from thaJeztah/fix_seccomp_defaults
cli/command/container: parseSecurityOpts: fix --security-opt seccomp=builtin
2024-01-05 14:30:33 +01:00
Sebastiaan van Stijn bce868bdfd Merge pull request #4252 from ChrisChinchilla/chrisward/cmd-build-refresh
Docker build command docs refresh
2024-01-05 14:30:05 +01:00
Sebastiaan van Stijn b43ea528b8 vendor: github.com/docker/docker v25.0.0-rc.1
full diff: https://github.com/docker/docker/compare/v25.0.0-beta.3...v25.0.0-rc.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 13:23:48 +01:00
Sebastiaan van Stijn 6d0aa0a52d cli/command/container: parseSecurityOpts: fix --security-opt seccomp=builtin
Docker v23.0 and up allow the daemon to be configured to have seccomp disabled
by default (using the "unconfined" profile as default), and introduced a new
"builtin" profile-name for the default (see [moby@f8795ed364586acd][1] and
[mnoby@ac449d6b5ad29a50][2]).

However, the CLI had no special handling for the "builtin" profile, which
resulted in it trying to load it as a file, which would fail;

    docker run -it --rm --security-opt seccomp=builtin busybox
    docker: opening seccomp profile (builtin) failed: open builtin: no such file or directory.
    See 'docker run --help'.

This patch adds a special case for the "builtin" profile, to allow using the
default profile on daemons with seccomp disabled (unconfined) by default.

[1]: https://github.com/moby/moby/commit/f8795ed364586acd93f72e206a409e7e0e27edcc
[2]: https://github.com/moby/moby/commit/ac449d6b5ad29a5086824729ce54eec6b0cc8545

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 12:19:00 +01:00
Chris Chinchilla 9be600a97b Docker build command docs refresh
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Chris Chinchilla <chris.ward@docker.com>
2024-01-05 00:07:34 +01:00
Sebastiaan van Stijn 8812e0ad3a Merge pull request #4749 from dvdksn/docs-cli-format-example-links
build / prepare (push) Has been cancelled
build / build (push) Has been cancelled
build / prepare-plugins (push) Has been cancelled
build / plugins (push) Has been cancelled
codeql / codeql (push) Has been cancelled
e2e / e2e (19.03-dind, non-experimental) (push) Has been cancelled
e2e / e2e (alpine, stable-dind, connhelper-ssh) (push) Has been cancelled
e2e / e2e (alpine, stable-dind, experimental) (push) Has been cancelled
e2e / e2e (alpine, stable-dind, non-experimental) (push) Has been cancelled
e2e / e2e (debian, stable-dind, connhelper-ssh) (push) Has been cancelled
e2e / e2e (debian, stable-dind, experimental) (push) Has been cancelled
e2e / e2e (debian, stable-dind, non-experimental) (push) Has been cancelled
test / ctn (push) Has been cancelled
test / host (macos-11) (push) Has been cancelled
validate / validate (lint) (push) Has been cancelled
validate / validate (shellcheck) (push) Has been cancelled
validate / validate (update-authors) (push) Has been cancelled
validate / validate (validate-vendor) (push) Has been cancelled
validate / validate-md (push) Has been cancelled
validate / validate-make (manpages) (push) Has been cancelled
validate / validate-make (yamldocs) (push) Has been cancelled
docs: add links to volume ls, network ls, stack ps formatting examples
v25.0.0-rc.1
2024-01-03 17:00:26 +01:00