While convention states that Dockerfile instructions should be
written in uppercase, the engine allows them to be mixed case or in
lowercase. The tmLanguage file should tolerate this and provide
highlighting support even if instructions are not written in
uppercase.
Signed-off-by: Remy Suen <remy.suen@gmail.com>
Upstream-commit: abd39744c6f3ed854500e423f5fabf952165161f
Component: engine
If you want to makeimage using the group "Compute Node" and so on, you must add “ ” to include the $install_groups, or it will format the text as below:
yum -c /etc/yum.conf --installroot=/tmp/makeimage.sh.zOLs8y --releasever=/ --setopt=tsflags=nodocs --setopt=group_package_types=mandatory -y groupinstall Compute Node
That's absolutely incorrect.
Change-Id: I8b6b09f215aabd6b1f76c9365ba96c68722c47fd
Signed-off-by: dodia <tangwj2@lenovo.com>
Upstream-commit: fa900bd30a0881772b8964ee4d91d791af5b13c8
Component: engine
When using a https proxy, an extra HTTP 200 header will be generated.
So we can't rely on detecting the first http header.
$curlHeaders with https proxy:
"HTTP/1.0 200 Connection established <-- the https proxy's response
HTTP/1.1 307 Temporary Redirect
...
"
See https://stackoverflow.com/a/34537988/889429Fixes#34131
Signed-off-by: Jacob Wen <jian.w.wen@oracle.com>
Upstream-commit: 238d17c456c3ff0b8937b33538f6a4b36f829410
Component: engine
If the registry responds directly with blob contents, use them,
otherwise follow the redirect without Authorization headers (which
likely aren't valid for the server being redirected to).
This preserves the basic structure of the previous output with up to one
additional progress bar per-layer (for the redirect request and then the
following blob request).
Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
Upstream-commit: 4bbdc0b8f7b2faa3354738c300cfedb2b77c7316
Component: engine
The contrib/mkimage-busybox.sh, contrib/mkimage-debootstrap.sh,
and contrib/mkimage-rinse.sh were deprecated in commit
51f707cf9dfb2dbe31cfd0cd92b922ca5d98e842, in favor of
their equivalents in contrib/mkimage/
Given that the deprecation warning has been in place
for over three years, it's save to now remove these.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: d14fb3ac4e712e5927eaad33213b0910aa56ec13
Component: engine
They have been moved to github.com/docker/cli.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: b5579a4ce33af4c1f67118e11b5a01008a36d26a
Component: engine
Generate a token for each download process to avoid token expired.
Closes: #33441
Signed-off-by: vanderliang <lansheng@meili-inc.com>
Upstream-commit: cb502cd4e894a78e723902a4d2f23174b69430ce
Component: engine
The --allow-nondistributable-artifacts daemon option specifies
registries to which foreign layers should be pushed. (By default,
foreign layers are not pushed to registries.)
Additionally, to make this option effective, foreign layers are now
pulled from the registry if possible, falling back to the URLs in the
image manifest otherwise.
This option is useful when pushing images containing foreign layers to a
registry on an air-gapped network so hosts on that network can pull the
images without connecting to another server.
Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
Upstream-commit: 67fdf574d5acd6ddccb6ece0ffe0ace1c1608712
Component: engine
This reverts commit 7e3a596a63fd8d0ab958132901b6ded81f8b44c0.
Unfortunately, it was pointed out in https://github.com/moby/moby/pull/29076#commitcomment-21831387
that the `socketcall` syscall takes a pointer to a struct so it is not possible to
use seccomp profiles to filter it. This means these cannot be blocked as you can
use `socketcall` to call them regardless, as we currently allow 32 bit syscalls.
Users who wish to block these should use a seccomp profile that blocks all
32 bit syscalls and then just block the non socketcall versions.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: dcf2632945b87acedeea989a5aa36c084a20ae88
Component: engine
RH now provides `container-selinux` which provides everything we need
for docker's selinux policy. Rely on `container-selinux` where
available, and `docker-engine-selinux` when not.
This still builds the `docker-engine-selinux` package and presumably
makes it available, but is no longer a requirement in the
`docker-engine` package preferring `container-selinux` instead.
`container-selinux` is available on fedora24, however the version that
is available does not set the correct types on the `dockerd` binary. We
can use `container-selinux` and just supplement that with some of our
own policy, but for now just keep using `docker-engine-selinux` as is.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: adb2ddf288a893609f902ba9d4f4d4c45e4e730f
Component: engine
This new flag will allow the configuration of an interface that
can be used for data path traffic to be isolated from control
plane traffic. This flag is simply percolated down to libnetwork
and will be used by all the global scope drivers (today overlay)
Negative test added for invalid flag arguments
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
Upstream-commit: 8dc8cd4719f165c01c98e7d3ce1d6cea6a8f60b8
Component: engine
