Commit Graph

11517 Commits

Author SHA1 Message Date
c612e141b5 cli/command/registry: use stdlib errors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-11 19:00:08 +02:00
9b7ee0e201 cli/config: use stdlib errors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-11 19:00:08 +02:00
3b677449d8 cli/context: use stdlib errors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-11 19:00:08 +02:00
d38317c781 cli/compose: use stdlib errors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-11 19:00:07 +02:00
2dd462cc36 cli/command/idresolver: use stdlib errors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-11 19:00:07 +02:00
4c89455378 cli/registry/client: use stdlib errors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-11 19:00:07 +02:00
adbe04b5fc cli/manifest, cli/command/manifest: use stdlib errors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-11 19:00:07 +02:00
097cc9ca64 cli/trust: use stdlib errors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-11 19:00:07 +02:00
e069ded4c3 cli: reduce uses of pkg/errors for stdlib errors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-11 19:00:02 +02:00
44eba133d6 Merge pull request #6250 from thaJeztah/bump_go_connections
vendor: github.com/docker/go-connections v0.6.0
2025-08-11 15:56:03 +02:00
3529651fa7 vendor: github.com/docker/go-connections v0.6.0
- deprecate sockets.GetProxyEnv, sockets.DialerFromEnvironment
- add support for unix sockets on Windows
- remove legacy CBC cipher suites from client config
- align client and server defaults to be the same.
- remove support for encrypted TLS private keys.
- nat: optimize ParsePortSpec

full diff: https://github.com/docker/go-connections/compare/v0.5.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-11 15:33:22 +02:00
8324b17f9a Merge pull request #6249 from thaJeztah/skip_TestPromptExitCode
e2d skip flaky test: TestPromptExitCode/plugin_upgrade, plugin_install
2025-08-11 15:06:56 +02:00
d16defd9e2 Merge pull request #6247 from austinvazquez/update-golang-1.24.6
update to go1.24.6
2025-08-08 19:56:53 +02:00
3035b6685b e2d skip flaky test: TestPromptExitCode/plugin_upgrade, plugin_install
This test was recently rewritten from testing plugin upgrade with
DCT enabled to just "plugin upgrade", but there's a fair amount of
complexity in the e2e tests that set up different daemons and registries.

It's possible that tests are affecting each-other, and some state (config)
is left behind.

Let's skip the test for now, and add a tracking ticket to dig deeper.

    === FAIL: e2e/global TestPromptExitCode/plugin_upgrade (7.55s)
        cli_test.go:205: assertion failed:
            Command:  docker plugin push registry:5000/plugin-upgrade-test:latest
            ExitCode: 1
            Error:    exit status 1
            Stdout:   The push refers to repository [registry:5000/plugin-upgrade-test]
            459089aa5943: Preparing
            adc41078d1d9: Preparing
            d7bff979db13: Preparing
            459089aa5943: Preparing

            Stderr:   error pushing plugin: failed to do request: Head "https://registry:5000/v2/plugin-upgrade-test/blobs/sha256:adc41078d1d937495df2f90444e5414a01db31e5a080f8aa4f163c64d41abd11": http: server gave HTTP response to HTTPS client

            Failures:
            ExitCode was 1 expected 0
            Expected no error

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-08 19:07:00 +02:00
6769f62746 update to go1.24.6
- https://github.com/golang/go/issues?q=milestone%3AGo1.24.6+label%3ACherryPickApproved
- full diff: golang/go@go1.24.5...go1.24.6

These minor releases include 2 security fixes following the security policy:

- os/exec: LookPath may return unexpected paths

If the PATH environment variable contains paths which are executables (rather
than just directories), passing certain strings to LookPath ("", ".", and ".."),
can result in the binaries listed in the PATH being unexpectedly returned.

Thanks to Olivier Mengué for reporting this issue.

This is CVE-2025-47906 and Go issue https://go.dev/issue/74466.

- database/sql: incorrect results returned from Rows.Scan

Cancelling a query (e.g. by cancelling the context passed to one of the query
methods) during a call to the Scan method of the returned Rows can result in
unexpected results if other queries are being made in parallel. This can result
in a race condition that may overwrite the expected results with those of
another query, causing the call to Scan to return either unexpected results
from the other query or an error.

We believe this affects most database/sql drivers.

Thanks to Spike Curtis from Coder for reporting this issue.

This is CVE-2025-47907 and https://go.dev/issue/74831.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.6

Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
2025-08-08 10:15:50 -05:00
ef38d81fdb Merge pull request #6245 from thaJeztah/rm_completion
cli/command/completion: remove deprecated ValidArgsFn
2025-08-07 13:52:04 +02:00
5052a39915 cli/command/completion: remove deprecated ValidArgsFn
This was deprecated in 9f19820f88, which
is part of v28.x, and unlikely used externally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-06 23:53:56 +02:00
4beddd3e25 Merge pull request #6244 from thaJeztah/remove_trust_flag_helpers
cli/command: remove `AddTrustSigningFlags`, `AddTrustVerificationFlags`, `AddPlatformFlag` utilities
2025-08-06 19:37:36 +02:00
7026e68a71 cli/command: remove AddPlatformFlag utility
It was only used internally and has no external users. It should not be
used for new uses, because it also adds a minimum API version constraint
and a default from env-var, which must be evaluated for each individual
use of such flags.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-06 17:15:32 +02:00
c0fbbe05ca cli/command: remove AddTrustVerificationFlags
It was only used internally; inline it where used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-06 17:00:25 +02:00
8c22927978 cli/command: remove AddTrustSigningFlags
it was only used internally in a single location, so inline the
code where it's used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-06 16:55:42 +02:00
c1cc6b61a3 Merge pull request #6233 from thaJeztah/plugin_no_dct
cli/command/plugin: remove DCT
2025-08-06 14:04:01 +02:00
3f5b1bdd32 cli/command/plugin: remove DCT
Plugins are not widely used, and there's no known plugins that use
content-trust. We're working on updating the authentication stack
in the CLI, and the trust implementation hinders us in making
changes, so removing parts that are not high-priority (ahead of
full deprecation of DCT).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-06 12:33:27 +02:00
845870e669 Merge pull request #6243 from thaJeztah/remove_prompt_utils
cli/command: remove prompt utilities that were for internal use
2025-08-06 12:30:31 +02:00
8683664b29 Merge pull request #6238 from thaJeztah/e2e_touchups
e2e: minor cleanups in `TestPromptExitCode`
2025-08-06 12:30:08 +02:00
d3c23a223c e2e/global: TestPromptExitCode: group plugin preparation steps
Use names for the plugin that don't refer to content-trust, as that's
not related to this test.

Make it slightly more clear which steps are preparation and which
are the actual test. The test sometimes fails in the preparation
step, and we could consider moving those separate and XFail the
test if the preparation fails;

        Stderr:   error pushing plugin: failed to do request: Head "https://registry:5000/v2/plugin-content-trust-upgrade/blobs/sha256:af932a31d4df3a2890f900bcf28e16cea87b2b440b8036ba86ab3418f3e50a35": http: server gave HTTP response to HTTPS client

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-06 10:57:01 +02:00
081add2fc5 e2e/testutils: SetupPlugin: return path of directory
The gotest.tools `fs.NewDir` utility already sets up a `t.Cleanup`,
so we can treat it the same as `t.TempDir()` and let it handle
cleaning up by itself.

We should probably consider replacing some of this with `t.TempDir`.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-06 10:57:01 +02:00
8972e53ad0 cli/command: remove prompt utilities that were for internal use
- The `DisableInputEcho` and `PromptForInput` utilities were added in
  c15ade0c64 as part of a bug-fix, which
  was part of v28.x. [There are no (publicly visible) users][1] of either.
- The `ErrPromptTerminated` was added in v26.x (originally added in
  10bf91a02d, later updated in commit
  7c722c08d0. [It is not used][2]
- The `PromptForConfirmation` was added in [moby@280c872] (docker v1.13.0)
  as part of the `docker <object> prune` subcommands. It was meant for
  internal use but exported to allow re-using it in the `container`,
  `image` (etc.) packages. However, a breaking change to its signature
  was made in 10bf91a02d. It currently
  does [not appear to have any (public) users][2].

This patch removes the `ErrPromptTerminated`, `DisableInputEcho`,
`PromptForInput`, and `PromptForConfirmation` utilities from the
`cli/command` package. The core functionality of these is still
available in the `internal/prompt` package, which we may make
public at some point, but still needs some refining / decoupling.

[moby@280c872]: 280c872366
[1]: https://grep.app/search?f.lang=Go&regexp=true&q=%5C.%28DisableInputEcho%7CPromptForInput%29%5C%28
[2]: https://grep.app/search?f.lang=Go&q=%5C.ErrPromptTerminated
[3]: https://grep.app/search?f.lang=Go&q=.PromptForConfirmation%28

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-06 10:50:31 +02:00
f2c64c123f Merge pull request #6241 from thaJeztah/deprecate_bind_nonrecursive
remove deprecated `bind-nonrecursive` option for `--mount`
2025-08-06 10:48:58 +02:00
25f95877b5 Merge pull request #6219 from thaJeztah/cleanup_credentialSpecOpt
cli/command/service: credentialSpecOpt: use strings.Cut
2025-08-06 10:09:26 +02:00
14ed619736 Merge pull request #6240 from thaJeztah/remove_deprecated
cli/command: remove deprecated CopyToFile, ConfigureAuth utilities
2025-08-06 10:08:33 +02:00
7dd9c20cac Merge pull request #6235 from thaJeztah/remove_cli_experimental_remnants
remove some remnants from CLI "experimental" config option
2025-08-06 09:50:27 +02:00
39829affbe Merge pull request #6242 from thaJeztah/bump_mergo
vendor: dario.cat/mergo v1.0.2
2025-08-06 07:33:22 +00:00
a93ed48d06 vendor: dario.cat/mergo v1.0.2
drops gopkg.in/yaml.v3 as dependency

full diff: https://github.com/darccio/mergo/compare/v1.0.1...v1.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-06 01:16:17 +02:00
f1ceb8c55d Merge pull request #6236 from thaJeztah/system_prune_register
system prune: refactor to use "register" functions
2025-08-05 23:25:51 +02:00
abfe4d4629 remove deprecated bind-nonrecursive option for --mount
The `bind-nonrecursive` option was replaced with the [`bind-recursive`]
option (see [cli-4316], [cli-4671]). The option was still accepted, but
printed a deprecation warning:

    bind-nonrecursive is deprecated, use bind-recursive=disabled instead

In the v29.0 release, this warning is removed, and returned as an error.
Users should use the equivalent `bind-recursive=disabled` option instead.

[`bind-recursive`]: https://docs.docker.com/engine/storage/bind-mounts/#recursive-mounts
[cli-4316]: https://github.com/docker/cli/pull/4316
[cli-4671]: https://github.com/docker/cli/pull/4671

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-05 23:23:38 +02:00
68fc942fd2 Merge pull request #6232 from thaJeztah/bump_engine
vendor: moby/moby/api v1.52.0-alpha.1, moby/moby/client v0.1.0-alpha.0
2025-08-05 22:42:19 +02:00
f9431e3b35 vendor: moby/moby/api v1.52.0-alpha.1, moby/moby/client v0.1.0-alpha.0
full diff: 4faedf2bec...37d0204d7f

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-05 22:01:50 +02:00
22cc0e90ae cli/command: remove deprecated ConfigureAuth utility
It was deprecated in 6e4818e7d6, which
is part of v28.x and backported to v27.x.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-05 21:22:59 +02:00
de54347518 cli/command: remove deprecated CopyToFile utility
It was deprecated in 7cc6b8ebf4, which is
part of v28.x

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-05 21:11:47 +02:00
b01d359cc9 Merge pull request #6239 from thaJeztah/no_pkg_process
cli/connhelper: remove dependency on pkg/process
2025-08-05 16:57:54 +02:00
2abcbf842f cli/connhelper: remove dependency on pkg/process
This package will not be included in the api or client modules, and
we're currently only using a single function of it, and only the
unix implementation, so let's fork it for now (although the package
may be moved to moby/sys).

This removes the last dependency on github.com/docker/docker.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-05 16:30:09 +02:00
fcfaa8daeb Merge pull request #6234 from thaJeztah/ParseRepositoryInfo_no_err_step2
internal/registry: remove RepositoryInfo, add NewIndexInfo
2025-08-04 15:21:49 +02:00
a629a840a8 Merge pull request #6237 from thaJeztah/plugin_manager_unexport
cli-plugins/manager: various fixes and deprecations
2025-08-04 14:00:21 +02:00
513ceeec0a cli-plugins/manager: remove deprecated ResourceAttributesEnvvar
This const was deprecated in 9dc175d6ef,
which is part of v28.0, so let's remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-04 12:26:22 +02:00
5876b2941c cli-plugins/manager: deprecate metadata aliases
These aliases were added in 4321293972
(part of v28.0), but did not deprecate them. They are no longer used
in the CLI itself, but may be used by cli-plugin implementations.

This deprecates the aliases in `cli-plugins/manager` in favor of
their equivalent in `cli-plugins/manager/metadata`:

- `NamePrefix`
- `MetadataSubcommandName`
- `HookSubcommandName`
- `Metadata`
- `ReexecEnvvar`

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-04 12:26:22 +02:00
50963accec cli-plugins/manager: wrapAsPluginError: don't special-case nil
This was a pattern inheritted from pkg/errors.Wrapf, which ignored
nil errors for convenience. However, it is error-prone, as it is
not obvious when returning a nil-error.

All call-sites using `wrapAsPluginError` already do a check for
nil errors, so remove this code to prevent hard to find bugs.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-04 12:26:14 +02:00
d789bac04a cli-plugins/manager: pluginError: remove Causer interface
We no longer depend on this interface and it implements Unwrap for
native handling by go stdlib.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-04 11:11:52 +02:00
71460215d3 cli-plugins/manager: deprecate "IsNotFound"
These errors satisfy errdefs.IsNotFound, so make it a wrapper, and
deprecate it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-04 11:06:49 +02:00
1cc698c68f cli-plugins/manager: un-export "NewPluginError"
It is for internal use, and no longer needed for testing, now that
the `Plugin` type handles marshalling errors.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-08-04 11:01:24 +02:00