Merge pull request #4206 from thaJeztah/buildinfo_deprecation

docs: update deprecation status of BuildKit "buildInfo" for v24.0.0

.github/workflows/build.yml

@@ -58,7 +58,7 @@ jobs:
         uses: docker/setup-buildx-action@v2
       -
         name: Build
-        uses: docker/bake-action@v3
+        uses: docker/bake-action@v2
         with:
           targets: ${{ matrix.target }}
           set: |
@@ -121,7 +121,7 @@ jobs:
         uses: docker/setup-buildx-action@v2
       -
         name: Build
-        uses: docker/bake-action@v3
+        uses: docker/bake-action@v2
         with:
           targets: plugins-cross
           set: |

.github/workflows/test.yml

@@ -26,7 +26,7 @@ jobs:
         uses: docker/setup-buildx-action@v2
       -
         name: Test
-        uses: docker/bake-action@v3
+        uses: docker/bake-action@v2
         with:
           targets: test-coverage
       -
@@ -61,9 +61,9 @@ jobs:
           path: ${{ env.GOPATH }}/src/github.com/docker/cli
       -
         name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.20.12
+          go-version: 1.20.3
       -
         name: Test
         run: |

.github/workflows/validate.yml

@@ -31,7 +31,7 @@ jobs:
         uses: actions/checkout@v3
       -
         name: Run
-        uses: docker/bake-action@v3
+        uses: docker/bake-action@v2
         with:
           targets: ${{ matrix.target }}
 

.golangci.yml

@@ -117,10 +117,7 @@ issues:
     - text: "package-comments: should have a package comment"
       linters:
         - revive
-    # FIXME temporarily suppress these (see https://github.com/gotestyourself/gotest.tools/issues/272)
-    - text: "SA1019: (assert|cmp|is)\\.ErrorType is deprecated"
-      linters:
-        - staticcheck
+
     # Exclude some linters from running on tests files.
     - path: _test\.go
       linters:

Dockerfile

@@ -1,12 +1,12 @@
 # syntax=docker/dockerfile:1
 
 ARG BASE_VARIANT=alpine
-ARG GO_VERSION=1.20.12
-ARG ALPINE_VERSION=3.17
+ARG GO_VERSION=1.20.3
+ARG ALPINE_VERSION=3.16
 ARG XX_VERSION=1.1.1
 ARG GOVERSIONINFO_VERSION=v1.3.0
-ARG GOTESTSUM_VERSION=v1.10.0
-ARG BUILDX_VERSION=0.11.2
+ARG GOTESTSUM_VERSION=v1.8.2
+ARG BUILDX_VERSION=0.10.4
 
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
 
@@ -125,8 +125,8 @@ CMD ./scripts/test/e2e/entry
 FROM build-base-${BASE_VARIANT} AS dev
 COPY . .
 
-FROM scratch AS binary
-COPY --from=build /out .
-
 FROM scratch AS plugins
 COPY --from=build-plugins /out .
+
+FROM scratch AS binary
+COPY --from=build /out .

MAINTAINERS

@@ -49,9 +49,9 @@
 
 		people = [
 			"bsousaa",
+			"neersighted",
 			"programmerq",
 			"sam-thibault",
-			"thajeztah",
 			"vvoland"
 		]
 
@@ -103,6 +103,11 @@
 	Email = "nicolas.deloof@gmail.com"
 	GitHub = "ndeloof"
 
+	[people.neersighted]
+	Name = "Bjorn Neergaard"
+	Email = "bneergaard@mirantis.com"
+	GitHub = "neersighted"
+
 	[people.programmerq]
 	Name = "Jeff Anderson"
 	Email = "jeff@docker.com"

VERSION

@@ -1 +1 @@
-23.0.0-dev
+24.0.0-dev

cli-plugins/manager/metadata.go

@@ -23,7 +23,6 @@ type Metadata struct {
 	// URL is a pointer to the plugin's homepage.
 	URL string `json:",omitempty"`
 	// Experimental specifies whether the plugin is experimental.
-	//
 	// Deprecated: experimental features are now always enabled in the CLI
 	Experimental bool `json:",omitempty"`
 }

cli/cobra.go

@@ -426,7 +426,7 @@ func invalidPluginReason(cmd *cobra.Command) string {
 	return cmd.Annotations[pluginmanager.CommandAnnotationPluginInvalid]
 }
 
-var usageTemplate = `Usage:
+const usageTemplate = `Usage:
 
 {{- if not .HasSubCommands}}  {{.UseLine}}{{end}}
 {{- if .HasSubCommands}}  {{ .CommandPath}}{{- if .HasAvailableFlags}} [OPTIONS]{{end}} COMMAND{{end}}
@@ -525,5 +525,5 @@ Run '{{.CommandPath}} COMMAND --help' for more information on a command.
 {{- end}}
 `
 
-var helpTemplate = `
+const helpTemplate = `
 {{if or .Runnable .HasSubCommands}}{{.UsageString}}{{end}}`

cli/command/cli.go

@@ -48,9 +48,7 @@ type Streams interface {
 // Cli represents the docker command line client.
 type Cli interface {
 	Client() client.APIClient
-	Out() *streams.Out
-	Err() io.Writer
-	In() *streams.In
+	Streams
 	SetIn(in *streams.In)
 	Apply(ops ...DockerCliOption) error
 	ConfigFile() *configfile.ConfigFile
@@ -164,8 +162,8 @@ func (cli *DockerCli) ContentTrustEnabled() bool {
 
 // BuildKitEnabled returns buildkit is enabled or not.
 func (cli *DockerCli) BuildKitEnabled() (bool, error) {
-	// use DOCKER_BUILDKIT env var value if set and not empty
-	if v := os.Getenv("DOCKER_BUILDKIT"); v != "" {
+	// use DOCKER_BUILDKIT env var value if set
+	if v, ok := os.LookupEnv("DOCKER_BUILDKIT"); ok {
 		enabled, err := strconv.ParseBool(v)
 		if err != nil {
 			return false, errors.Wrap(err, "DOCKER_BUILDKIT environment variable expects boolean value")
@@ -191,7 +189,7 @@ func (cli *DockerCli) ManifestStore() manifeststore.Store {
 // RegistryClient returns a client for communicating with a Docker distribution
 // registry
 func (cli *DockerCli) RegistryClient(allowInsecure bool) registryclient.RegistryClient {
-	resolver := func(ctx context.Context, index *registry.IndexInfo) types.AuthConfig {
+	resolver := func(ctx context.Context, index *registry.IndexInfo) registry.AuthConfig {
 		return ResolveAuthConfig(ctx, cli, index)
 	}
 	return registryclient.NewRegistryClient(resolver, UserAgent(), allowInsecure)

cli/command/completion/functions.go

@@ -6,7 +6,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/volume"
 	"github.com/spf13/cobra"
 )
 
@@ -66,13 +66,13 @@ func ContainerNames(dockerCli command.Cli, all bool, filters ...func(types.Conta
 // VolumeNames offers completion for volumes
 func VolumeNames(dockerCli command.Cli) ValidArgsFn {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		list, err := dockerCli.Client().VolumeList(cmd.Context(), filters.Args{})
+		list, err := dockerCli.Client().VolumeList(cmd.Context(), volume.ListOptions{})
 		if err != nil {
 			return nil, cobra.ShellCompDirectiveError
 		}
 		var names []string
-		for _, volume := range list.Volumes {
-			names = append(names, volume.Name)
+		for _, vol := range list.Volumes {
+			names = append(names, vol.Name)
 		}
 		return names, cobra.ShellCompDirectiveNoFileComp
 	}

cli/command/container/cp.go

@@ -209,7 +209,7 @@ func resolveLocalPath(localPath string) (absPath string, err error) {
 	if absPath, err = filepath.Abs(localPath); err != nil {
 		return
 	}
-	return archive.PreserveTrailingDotOrSeparator(absPath, localPath, filepath.Separator), nil
+	return archive.PreserveTrailingDotOrSeparator(absPath, localPath), nil
 }
 
 func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpConfig) (err error) {

cli/command/container/create.go

@@ -12,6 +12,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/image"
+	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/opts"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
@@ -19,7 +20,6 @@ import (
 	"github.com/docker/docker/api/types/versions"
 	apiclient "github.com/docker/docker/client"
 	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/registry"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -95,16 +95,16 @@ func runCreate(dockerCli command.Cli, flags *pflag.FlagSet, options *createOptio
 		}
 	}
 	copts.env = *opts.NewListOptsRef(&newEnv, nil)
-	containerConfig, err := parse(flags, copts, dockerCli.ServerInfo().OSType)
+	containerCfg, err := parse(flags, copts, dockerCli.ServerInfo().OSType)
 	if err != nil {
 		reportError(dockerCli.Err(), "create", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
-	if err = validateAPIVersion(containerConfig, dockerCli.Client().ClientVersion()); err != nil {
+	if err = validateAPIVersion(containerCfg, dockerCli.Client().ClientVersion()); err != nil {
 		reportError(dockerCli.Err(), "create", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
-	response, err := createContainer(context.Background(), dockerCli, containerConfig, options)
+	response, err := createContainer(context.Background(), dockerCli, containerCfg, options)
 	if err != nil {
 		return err
 	}
@@ -112,41 +112,27 @@ func runCreate(dockerCli command.Cli, flags *pflag.FlagSet, options *createOptio
 	return nil
 }
 
-func pullImage(ctx context.Context, dockerCli command.Cli, image string, platform string, out io.Writer) error {
-	ref, err := reference.ParseNormalizedNamed(image)
+// FIXME(thaJeztah): this is the only code-path that uses APIClient.ImageCreate. Rewrite this to use the regular "pull" code (or vice-versa).
+func pullImage(ctx context.Context, dockerCli command.Cli, image string, opts *createOptions) error {
+	encodedAuth, err := command.RetrieveAuthTokenFromImage(ctx, dockerCli, image)
 	if err != nil {
 		return err
 	}
 
-	// Resolve the Repository name from fqn to RepositoryInfo
-	repoInfo, err := registry.ParseRepositoryInfo(ref)
-	if err != nil {
-		return err
-	}
-
-	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
-	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
-	if err != nil {
-		return err
-	}
-
-	options := types.ImageCreateOptions{
+	responseBody, err := dockerCli.Client().ImageCreate(ctx, image, types.ImageCreateOptions{
 		RegistryAuth: encodedAuth,
-		Platform:     platform,
-	}
-
-	responseBody, err := dockerCli.Client().ImageCreate(ctx, image, options)
+		Platform:     opts.platform,
+	})
 	if err != nil {
 		return err
 	}
 	defer responseBody.Close()
 
-	return jsonmessage.DisplayJSONMessagesStream(
-		responseBody,
-		out,
-		dockerCli.Out().FD(),
-		dockerCli.Out().IsTerminal(),
-		nil)
+	out := dockerCli.Err()
+	if opts.quiet {
+		out = io.Discard
+	}
+	return jsonmessage.DisplayJSONMessagesToStream(responseBody, streams.NewOut(out), nil)
 }
 
 type cidFile struct {
@@ -199,10 +185,10 @@ func newCIDFile(path string) (*cidFile, error) {
 }
 
 //nolint:gocyclo
-func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig *containerConfig, opts *createOptions) (*container.CreateResponse, error) {
-	config := containerConfig.Config
-	hostConfig := containerConfig.HostConfig
-	networkingConfig := containerConfig.NetworkingConfig
+func createContainer(ctx context.Context, dockerCli command.Cli, containerCfg *containerConfig, opts *createOptions) (*container.CreateResponse, error) {
+	config := containerCfg.Config
+	hostConfig := containerCfg.HostConfig
+	networkingConfig := containerCfg.NetworkingConfig
 
 	warnOnOomKillDisable(*hostConfig, dockerCli.Err())
 	warnOnLocalhostDNS(*hostConfig, dockerCli.Err())
@@ -227,7 +213,7 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
 
 		if taggedRef, ok := namedRef.(reference.NamedTagged); ok && !opts.untrusted {
 			var err error
-			trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef, nil)
+			trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef)
 			if err != nil {
 				return nil, err
 			}
@@ -236,11 +222,7 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
 	}
 
 	pullAndTagImage := func() error {
-		pullOut := dockerCli.Err()
-		if opts.quiet {
-			pullOut = io.Discard
-		}
-		if err := pullImage(ctx, dockerCli, config.Image, opts.platform, pullOut); err != nil {
+		if err := pullImage(ctx, dockerCli, config.Image, opts); err != nil {
 			return err
 		}
 		if taggedRef, ok := namedRef.(reference.NamedTagged); ok && trustedRef != nil {
@@ -293,8 +275,8 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
 		}
 	}
 
-	for _, warning := range response.Warnings {
-		fmt.Fprintf(dockerCli.Err(), "WARNING: %s\n", warning)
+	for _, w := range response.Warnings {
+		fmt.Fprintf(dockerCli.Err(), "WARNING: %s\n", w)
 	}
 	err = containerIDFile.Write(response.ID)
 	return &response, err

cli/command/container/list.go

@@ -120,6 +120,8 @@ func runPs(dockerCli command.Cli, options *psOptions) error {
 	if len(options.format) == 0 {
 		// load custom psFormat from CLI config (if any)
 		options.format = dockerCli.ConfigFile().PsFormat
+	} else if options.quiet {
+		_, _ = dockerCli.Err().Write([]byte("WARNING: Ignoring custom format, because both --format and --quiet are set.\n"))
 	}
 
 	listOptions, err := buildContainerListOptions(options)

cli/command/container/list_test.go

@@ -309,8 +309,22 @@ func TestContainerListWithFormat(t *testing.T) {
 			}, nil
 		},
 	})
-	cmd := newListCommand(cli)
-	cmd.Flags().Set("format", "{{ .Names }} {{ .Image }} {{ .Labels }}")
-	assert.NilError(t, cmd.Execute())
-	golden.Assert(t, cli.OutBuffer().String(), "container-list-with-format.golden")
+
+	t.Run("with format", func(t *testing.T) {
+		cli.OutBuffer().Reset()
+		cmd := newListCommand(cli)
+		assert.Check(t, cmd.Flags().Set("format", "{{ .Names }} {{ .Image }} {{ .Labels }}"))
+		assert.NilError(t, cmd.Execute())
+		golden.Assert(t, cli.OutBuffer().String(), "container-list-with-format.golden")
+	})
+
+	t.Run("with format and quiet", func(t *testing.T) {
+		cli.OutBuffer().Reset()
+		cmd := newListCommand(cli)
+		assert.Check(t, cmd.Flags().Set("format", "{{ .Names }} {{ .Image }} {{ .Labels }}"))
+		assert.Check(t, cmd.Flags().Set("quiet", "true"))
+		assert.NilError(t, cmd.Execute())
+		assert.Equal(t, cli.ErrBuffer().String(), "WARNING: Ignoring custom format, because both --format and --quiet are set.\n")
+		golden.Assert(t, cli.OutBuffer().String(), "container-list-quiet.golden")
+	})
 }

cli/command/container/opts_test.go

@@ -49,11 +49,11 @@ func parseRun(args []string) (*container.Config, *container.HostConfig, *network
 		return nil, nil, nil, err
 	}
 	// TODO: fix tests to accept ContainerConfig
-	containerConfig, err := parse(flags, copts, runtime.GOOS)
+	containerCfg, err := parse(flags, copts, runtime.GOOS)
 	if err != nil {
 		return nil, nil, nil, err
 	}
-	return containerConfig.Config, containerConfig.HostConfig, containerConfig.NetworkingConfig, err
+	return containerCfg.Config, containerCfg.HostConfig, containerCfg.NetworkingConfig, err
 }
 
 func setupRunFlags() (*pflag.FlagSet, *containerOptions) {

cli/command/container/run.go

@@ -105,22 +105,22 @@ func runRun(dockerCli command.Cli, flags *pflag.FlagSet, ropts *runOptions, copt
 		}
 	}
 	copts.env = *opts.NewListOptsRef(&newEnv, nil)
-	containerConfig, err := parse(flags, copts, dockerCli.ServerInfo().OSType)
+	containerCfg, err := parse(flags, copts, dockerCli.ServerInfo().OSType)
 	// just in case the parse does not exit
 	if err != nil {
 		reportError(dockerCli.Err(), "run", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
-	if err = validateAPIVersion(containerConfig, dockerCli.CurrentVersion()); err != nil {
+	if err = validateAPIVersion(containerCfg, dockerCli.CurrentVersion()); err != nil {
 		reportError(dockerCli.Err(), "run", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
-	return runContainer(dockerCli, ropts, copts, containerConfig)
+	return runContainer(dockerCli, ropts, copts, containerCfg)
 }
 
 //nolint:gocyclo
-func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptions, containerConfig *containerConfig) error {
-	config := containerConfig.Config
+func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptions, containerCfg *containerConfig) error {
+	config := containerCfg.Config
 	stdout, stderr := dockerCli.Out(), dockerCli.Err()
 	client := dockerCli.Client()
 
@@ -144,7 +144,7 @@ func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptio
 	ctx, cancelFun := context.WithCancel(context.Background())
 	defer cancelFun()
 
-	createResponse, err := createContainer(ctx, dockerCli, containerConfig, &opts.createOptions)
+	createResponse, err := createContainer(ctx, dockerCli, containerCfg, &opts.createOptions)
 	if err != nil {
 		reportError(stderr, "run", err.Error(), true)
 		return runStartContainerErr(err)

cli/command/container/testdata/container-list-quiet.golden

@@ -0,0 +1,2 @@
+container_id
+container_id

cli/command/formatter/container.go

@@ -55,6 +55,9 @@ ports: {{- pad .Ports 1 0}}
 		}
 		return Format(format)
 	default: // custom format
+		if quiet {
+			return DefaultQuietFormat
+		}
 		return Format(source)
 	}
 }

cli/command/formatter/container_test.go

@@ -163,7 +163,7 @@ containerID2   ubuntu    ""        24 hours ago                       foobar_bar
 		},
 		{
 			Context{Format: NewContainerFormat("table {{.Image}}", true, false)},
-			"IMAGE\nubuntu\nubuntu\n",
+			"containerID1\ncontainerID2\n",
 		},
 		{
 			Context{Format: NewContainerFormat("table", true, false)},

cli/command/formatter/context.go

@@ -84,10 +84,3 @@ func (c *clientContextContext) Error() string {
 	// TODO(thaJeztah) add "--no-trunc" option to context ls and set default to 30 cols to match "docker service ps"
 	return Ellipsis(c.c.Error, maxErrLength)
 }
-
-// KubernetesEndpoint returns the kubernetes endpoint.
-//
-// Deprecated: support for kubernetes endpoints in contexts has been removed, and this formatting option will always be empty.
-func (c *clientContextContext) KubernetesEndpoint() string {
-	return ""
-}

cli/command/image/build.go

@@ -22,6 +22,7 @@ import (
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
+	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/builder/remotecontext/urlutil"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/idtools"
@@ -279,7 +280,7 @@ func runBuild(dockerCli command.Cli, options buildOptions) error {
 	var resolvedTags []*resolvedTag
 	if !options.untrusted {
 		translator := func(ctx context.Context, ref reference.NamedTagged) (reference.Canonical, error) {
-			return TrustedReference(ctx, dockerCli, ref, nil)
+			return TrustedReference(ctx, dockerCli, ref)
 		}
 		// if there is a tar wrapper, the dockerfile needs to be replaced inside it
 		if buildCtx != nil {
@@ -322,9 +323,9 @@ func runBuild(dockerCli command.Cli, options buildOptions) error {
 
 	configFile := dockerCli.ConfigFile()
 	creds, _ := configFile.GetAllCredentials()
-	authConfigs := make(map[string]types.AuthConfig, len(creds))
+	authConfigs := make(map[string]registrytypes.AuthConfig, len(creds))
 	for k, auth := range creds {
-		authConfigs[k] = types.AuthConfig(auth)
+		authConfigs[k] = registrytypes.AuthConfig(auth)
 	}
 	buildOptions := imageBuildOptions(dockerCli, options)
 	buildOptions.Version = types.BuilderV1

cli/command/image/pull.go

@@ -69,7 +69,7 @@ func RunPull(cli command.Cli, opts PullOptions) error {
 	}
 
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, AuthResolver(cli), distributionRef.String())
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), distributionRef.String())
 	if err != nil {
 		return err
 	}

cli/command/image/push.go

@@ -11,6 +11,7 @@ import (
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
@@ -76,7 +77,7 @@ func RunPush(dockerCli command.Cli, opts pushOptions) error {
 
 	// Resolve the Auth config relevant for this server
 	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
-	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
 	if err != nil {
 		return err
 	}

cli/command/image/trust.go

@@ -30,7 +30,7 @@ type target struct {
 }
 
 // TrustedPush handles content trust pushing of an image
-func TrustedPush(ctx context.Context, cli command.Cli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, options types.ImagePushOptions) error {
+func TrustedPush(ctx context.Context, cli command.Cli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig registrytypes.AuthConfig, options types.ImagePushOptions) error {
 	responseBody, err := cli.Client().ImagePush(ctx, reference.FamiliarString(ref), options)
 	if err != nil {
 		return err
@@ -44,7 +44,7 @@ func TrustedPush(ctx context.Context, cli command.Cli, repoInfo *registry.Reposi
 // PushTrustedReference pushes a canonical reference to the trust server.
 //
 //nolint:gocyclo
-func PushTrustedReference(streams command.Streams, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, in io.Reader) error {
+func PushTrustedReference(streams command.Streams, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig registrytypes.AuthConfig, in io.Reader) error {
 	// If it is a trusted push we would like to find the target entry which match the
 	// tag provided in the function and then do an AddTarget later.
 	target := &client.Target{}
@@ -186,7 +186,7 @@ func trustedPull(ctx context.Context, cli command.Cli, imgRefAndAuth trust.Image
 		if err != nil {
 			return err
 		}
-		updatedImgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, AuthResolver(cli), trustedRef.String())
+		updatedImgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), trustedRef.String())
 		if err != nil {
 			return err
 		}
@@ -262,20 +262,17 @@ func getTrustedPullTargets(cli command.Cli, imgRefAndAuth trust.ImageRefAndAuth)
 
 // imagePullPrivileged pulls the image and displays it to the output
 func imagePullPrivileged(ctx context.Context, cli command.Cli, imgRefAndAuth trust.ImageRefAndAuth, opts PullOptions) error {
-	ref := reference.FamiliarString(imgRefAndAuth.Reference())
-
-	encodedAuth, err := command.EncodeAuthToBase64(*imgRefAndAuth.AuthConfig())
+	encodedAuth, err := registrytypes.EncodeAuthConfig(*imgRefAndAuth.AuthConfig())
 	if err != nil {
 		return err
 	}
 	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(cli, imgRefAndAuth.RepoInfo().Index, "pull")
-	options := types.ImagePullOptions{
+	responseBody, err := cli.Client().ImagePull(ctx, reference.FamiliarString(imgRefAndAuth.Reference()), types.ImagePullOptions{
 		RegistryAuth:  encodedAuth,
 		PrivilegeFunc: requestPrivilege,
 		All:           opts.all,
 		Platform:      opts.platform,
-	}
-	responseBody, err := cli.Client().ImagePull(ctx, ref, options)
+	})
 	if err != nil {
 		return err
 	}
@@ -289,8 +286,8 @@ func imagePullPrivileged(ctx context.Context, cli command.Cli, imgRefAndAuth tru
 }
 
 // TrustedReference returns the canonical trusted reference for an image reference
-func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedTagged, rs registry.Service) (reference.Canonical, error) {
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, rs, AuthResolver(cli), ref.String())
+func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedTagged) (reference.Canonical, error) {
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), ref.String())
 	if err != nil {
 		return nil, err
 	}
@@ -340,8 +337,8 @@ func TagTrusted(ctx context.Context, cli command.Cli, trustedRef reference.Canon
 }
 
 // AuthResolver returns an auth resolver function from a command.Cli
-func AuthResolver(cli command.Cli) func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig {
-	return func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig {
+func AuthResolver(cli command.Cli) func(ctx context.Context, index *registrytypes.IndexInfo) registrytypes.AuthConfig {
+	return func(ctx context.Context, index *registrytypes.IndexInfo) registrytypes.AuthConfig {
 		return command.ResolveAuthConfig(ctx, cli, index)
 	}
 }

cli/command/plugin/install.go

@@ -10,6 +10,7 @@ import (
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
@@ -54,26 +55,6 @@ func newInstallCommand(dockerCli command.Cli) *cobra.Command {
 	return cmd
 }
 
-type pluginRegistryService struct {
-	registry.Service
-}
-
-func (s pluginRegistryService) ResolveRepository(name reference.Named) (*registry.RepositoryInfo, error) {
-	repoInfo, err := s.Service.ResolveRepository(name)
-	if repoInfo != nil {
-		repoInfo.Class = "plugin"
-	}
-	return repoInfo, err
-}
-
-func newRegistryService() (registry.Service, error) {
-	svc, err := registry.NewService(registry.ServiceOptions{})
-	if err != nil {
-		return nil, err
-	}
-	return pluginRegistryService{Service: svc}, nil
-}
-
 func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOptions, cmdName string) (types.PluginInstallOptions, error) {
 	// Names with both tag and digest will be treated by the daemon
 	// as a pull by digest with a local name for the tag
@@ -98,12 +79,7 @@ func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOpti
 			return types.PluginInstallOptions{}, errors.Errorf("invalid name: %s", ref.String())
 		}
 
-		ctx := context.Background()
-		svc, err := newRegistryService()
-		if err != nil {
-			return types.PluginInstallOptions{}, err
-		}
-		trusted, err := image.TrustedReference(ctx, dockerCli, nt, svc)
+		trusted, err := image.TrustedReference(context.Background(), dockerCli, nt)
 		if err != nil {
 			return types.PluginInstallOptions{}, err
 		}
@@ -111,8 +87,7 @@ func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOpti
 	}
 
 	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
-
-	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
 	if err != nil {
 		return types.PluginInstallOptions{}, err
 	}

cli/command/plugin/push.go

@@ -7,6 +7,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/distribution/reference"
+	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
@@ -55,8 +56,7 @@ func runPush(dockerCli command.Cli, opts pushOptions) error {
 		return err
 	}
 	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
-
-	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
 	if err != nil {
 		return err
 	}
@@ -68,7 +68,6 @@ func runPush(dockerCli command.Cli, opts pushOptions) error {
 	defer responseBody.Close()
 
 	if !opts.untrusted {
-		repoInfo.Class = "plugin"
 		return image.PushTrustedReference(dockerCli, repoInfo, named, authConfig, responseBody)
 	}
 

cli/command/registry.go

@@ -3,8 +3,6 @@ package command
 import (
 	"bufio"
 	"context"
-	"encoding/base64"
-	"encoding/json"
 	"fmt"
 	"io"
 	"os"
@@ -21,20 +19,11 @@ import (
 	"github.com/pkg/errors"
 )
 
-// ElectAuthServer returns the default registry to use.
+// EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload.
 //
-// Deprecated: use [registry.IndexServer] instead.
-func ElectAuthServer(_ context.Context, _ Cli) string {
-	return registry.IndexServer
-}
-
-// EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload
-func EncodeAuthToBase64(authConfig types.AuthConfig) (string, error) {
-	buf, err := json.Marshal(authConfig)
-	if err != nil {
-		return "", err
-	}
-	return base64.URLEncoding.EncodeToString(buf), nil
+// Deprecated: use [registrytypes.EncodeAuthConfig] instead.
+func EncodeAuthToBase64(authConfig registrytypes.AuthConfig) (string, error) {
+	return registrytypes.EncodeAuthConfig(authConfig)
 }
 
 // RegistryAuthenticationPrivilegedFunc returns a RequestPrivilegeFunc from the specified registry index info
@@ -52,7 +41,7 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf
 		if err != nil {
 			return "", err
 		}
-		return EncodeAuthToBase64(authConfig)
+		return registrytypes.EncodeAuthConfig(authConfig)
 	}
 }
 
@@ -62,19 +51,19 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf
 //
 // It is similar to [registry.ResolveAuthConfig], but uses the credentials-
 // store, instead of looking up credentials from a map.
-func ResolveAuthConfig(_ context.Context, cli Cli, index *registrytypes.IndexInfo) types.AuthConfig {
+func ResolveAuthConfig(_ context.Context, cli Cli, index *registrytypes.IndexInfo) registrytypes.AuthConfig {
 	configKey := index.Name
 	if index.Official {
 		configKey = registry.IndexServer
 	}
 
 	a, _ := cli.ConfigFile().GetAuthConfig(configKey)
-	return types.AuthConfig(a)
+	return registrytypes.AuthConfig(a)
 }
 
 // GetDefaultAuthConfig gets the default auth config given a serverAddress
 // If credentials for given serverAddress exists in the credential store, the configuration will be populated with values in it
-func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (types.AuthConfig, error) {
+func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (registrytypes.AuthConfig, error) {
 	if !isDefaultRegistry {
 		serverAddress = registry.ConvertToHostname(serverAddress)
 	}
@@ -83,20 +72,27 @@ func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, is
 	if checkCredStore {
 		authconfig, err = cli.ConfigFile().GetAuthConfig(serverAddress)
 		if err != nil {
-			return types.AuthConfig{
+			return registrytypes.AuthConfig{
 				ServerAddress: serverAddress,
 			}, err
 		}
 	}
 	authconfig.ServerAddress = serverAddress
 	authconfig.IdentityToken = ""
-	res := types.AuthConfig(authconfig)
+	res := registrytypes.AuthConfig(authconfig)
 	return res, nil
 }
 
 // ConfigureAuth handles prompting of user's username and password if needed
-func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthConfig, isDefaultRegistry bool) error {
-	// On Windows, force the use of the regular OS stdin stream. Fixes #14336/#14210
+func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *registrytypes.AuthConfig, isDefaultRegistry bool) error {
+	// On Windows, force the use of the regular OS stdin stream.
+	//
+	// See:
+	// - https://github.com/moby/moby/issues/14336
+	// - https://github.com/moby/moby/issues/14210
+	// - https://github.com/moby/moby/pull/17738
+	//
+	// TODO(thaJeztah): we need to confirm if this special handling is still needed, as we may not be doing this in other places.
 	if runtime.GOOS == "windows" {
 		cli.SetIn(streams.NewIn(os.Stdin))
 	}
@@ -120,8 +116,11 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthCon
 			fmt.Fprintln(cli.Out(), "Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.")
 		}
 		promptWithDefault(cli.Out(), "Username", authconfig.Username)
-		flUser = readInput(cli.In(), cli.Out())
-		flUser = strings.TrimSpace(flUser)
+		var err error
+		flUser, err = readInput(cli.In())
+		if err != nil {
+			return err
+		}
 		if flUser == "" {
 			flUser = authconfig.Username
 		}
@@ -135,12 +134,15 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthCon
 			return err
 		}
 		fmt.Fprintf(cli.Out(), "Password: ")
-		term.DisableEcho(cli.In().FD(), oldState)
-
-		flPassword = readInput(cli.In(), cli.Out())
+		_ = term.DisableEcho(cli.In().FD(), oldState)
+		defer func() {
+			_ = term.RestoreTerminal(cli.In().FD(), oldState)
+		}()
+		flPassword, err = readInput(cli.In())
+		if err != nil {
+			return err
+		}
 		fmt.Fprint(cli.Out(), "\n")
-
-		term.RestoreTerminal(cli.In().FD(), oldState)
 		if flPassword == "" {
 			return errors.Errorf("Error: Password Required")
 		}
@@ -152,14 +154,15 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthCon
 	return nil
 }
 
-func readInput(in io.Reader, out io.Writer) string {
-	reader := bufio.NewReader(in)
-	line, _, err := reader.ReadLine()
+// readInput reads, and returns user input from in. It tries to return a
+// single line, not including the end-of-line bytes, and trims leading
+// and trailing whitespace.
+func readInput(in io.Reader) (string, error) {
+	line, _, err := bufio.NewReader(in).ReadLine()
 	if err != nil {
-		fmt.Fprintln(out, err.Error())
-		os.Exit(1)
+		return "", errors.Wrap(err, "error while reading input")
 	}
-	return string(line)
+	return strings.TrimSpace(string(line)), nil
 }
 
 func promptWithDefault(out io.Writer, prompt string, configDefault string) {
@@ -170,14 +173,19 @@ func promptWithDefault(out io.Writer, prompt string, configDefault string) {
 	}
 }
 
-// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete image
+// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete
+// image. The auth configuration is serialized as a base64url encoded RFC4648,
+// section 5) JSON string for sending through the X-Registry-Auth header.
+//
+// For details on base64url encoding, see:
+// - RFC4648, section 5:   https://tools.ietf.org/html/rfc4648#section-5
 func RetrieveAuthTokenFromImage(ctx context.Context, cli Cli, image string) (string, error) {
 	// Retrieve encoded auth token from the image reference
 	authConfig, err := resolveAuthConfigFromImage(ctx, cli, image)
 	if err != nil {
 		return "", err
 	}
-	encodedAuth, err := EncodeAuthToBase64(authConfig)
+	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
 	if err != nil {
 		return "", err
 	}
@@ -185,14 +193,14 @@ func RetrieveAuthTokenFromImage(ctx context.Context, cli Cli, image string) (str
 }
 
 // resolveAuthConfigFromImage retrieves that AuthConfig using the image string
-func resolveAuthConfigFromImage(ctx context.Context, cli Cli, image string) (types.AuthConfig, error) {
+func resolveAuthConfigFromImage(ctx context.Context, cli Cli, image string) (registrytypes.AuthConfig, error) {
 	registryRef, err := reference.ParseNormalizedNamed(image)
 	if err != nil {
-		return types.AuthConfig{}, err
+		return registrytypes.AuthConfig{}, err
 	}
 	repoInfo, err := registry.ParseRepositoryInfo(registryRef)
 	if err != nil {
-		return types.AuthConfig{}, err
+		return registrytypes.AuthConfig{}, err
 	}
 	return ResolveAuthConfig(ctx, cli, repoInfo.Index), nil
 }

cli/command/registry/login.go

@@ -10,7 +10,6 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	configtypes "github.com/docker/cli/cli/config/types"
-	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/errdefs"
@@ -164,7 +163,7 @@ func runLogin(dockerCli command.Cli, opts loginOptions) error { //nolint:gocyclo
 	return nil
 }
 
-func loginWithCredStoreCreds(ctx context.Context, dockerCli command.Cli, authConfig *types.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
+func loginWithCredStoreCreds(ctx context.Context, dockerCli command.Cli, authConfig *registrytypes.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
 	fmt.Fprintf(dockerCli.Out(), "Authenticating with existing credentials...\n")
 	cliClient := dockerCli.Client()
 	response, err := cliClient.RegistryLogin(ctx, *authConfig)
@@ -178,7 +177,7 @@ func loginWithCredStoreCreds(ctx context.Context, dockerCli command.Cli, authCon
 	return response, err
 }
 
-func loginClientSide(ctx context.Context, auth types.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
+func loginClientSide(ctx context.Context, auth registrytypes.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
 	svc, err := registry.NewService(registry.ServiceOptions{})
 	if err != nil {
 		return registrytypes.AuthenticateOKBody{}, err

cli/command/registry/login_test.go

@@ -38,7 +38,7 @@ func (c fakeClient) Info(context.Context) (types.Info, error) {
 	return types.Info{}, nil
 }
 
-func (c fakeClient) RegistryLogin(_ context.Context, auth types.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
+func (c fakeClient) RegistryLogin(_ context.Context, auth registrytypes.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
 	if auth.Password == expiredPassword {
 		return registrytypes.AuthenticateOKBody{}, fmt.Errorf("Invalid Username or Password")
 	}
@@ -53,16 +53,16 @@ func (c fakeClient) RegistryLogin(_ context.Context, auth types.AuthConfig) (reg
 
 func TestLoginWithCredStoreCreds(t *testing.T) {
 	testCases := []struct {
-		inputAuthConfig types.AuthConfig
+		inputAuthConfig registrytypes.AuthConfig
 		expectedMsg     string
 		expectedErr     string
 	}{
 		{
-			inputAuthConfig: types.AuthConfig{},
+			inputAuthConfig: registrytypes.AuthConfig{},
 			expectedMsg:     "Authenticating with existing credentials...\n",
 		},
 		{
-			inputAuthConfig: types.AuthConfig{
+			inputAuthConfig: registrytypes.AuthConfig{
 				Username: userErr,
 			},
 			expectedMsg: "Authenticating with existing credentials...\n",

cli/command/registry/search.go

@@ -8,6 +8,7 @@ import (
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/registry"
 	"github.com/spf13/cobra"
 )
@@ -54,25 +55,19 @@ func runSearch(dockerCli command.Cli, options searchOptions) error {
 	}
 
 	ctx := context.Background()
-
 	authConfig := command.ResolveAuthConfig(ctx, dockerCli, indexInfo)
-	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, indexInfo, "search")
-
-	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
 	if err != nil {
 		return err
 	}
 
-	searchOptions := types.ImageSearchOptions{
+	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, indexInfo, "search")
+	results, err := dockerCli.Client().ImageSearch(ctx, options.term, types.ImageSearchOptions{
 		RegistryAuth:  encodedAuth,
 		PrivilegeFunc: requestPrivilege,
 		Filters:       options.filter.Value(),
 		Limit:         options.limit,
-	}
-
-	clnt := dockerCli.Client()
-
-	results, err := clnt.ImageSearch(ctx, options.term, searchOptions)
+	})
 	if err != nil {
 		return err
 	}

cli/command/registry_test.go

@@ -10,6 +10,7 @@ import (
 	configtypes "github.com/docker/cli/cli/config/types"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/client"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
@@ -20,7 +21,7 @@ type fakeClient struct {
 	infoFunc func() (types.Info, error)
 }
 
-var testAuthConfigs = []types.AuthConfig{
+var testAuthConfigs = []registry.AuthConfig{
 	{
 		ServerAddress: "https://index.docker.io/v1/",
 		Username:      "u0",
@@ -45,13 +46,13 @@ func TestGetDefaultAuthConfig(t *testing.T) {
 		checkCredStore     bool
 		inputServerAddress string
 		expectedErr        string
-		expectedAuthConfig types.AuthConfig
+		expectedAuthConfig registry.AuthConfig
 	}{
 		{
 			checkCredStore:     false,
 			inputServerAddress: "",
 			expectedErr:        "",
-			expectedAuthConfig: types.AuthConfig{
+			expectedAuthConfig: registry.AuthConfig{
 				ServerAddress: "",
 				Username:      "",
 				Password:      "",
@@ -101,7 +102,7 @@ func TestGetDefaultAuthConfig_HelperError(t *testing.T) {
 	cli.SetErr(errBuf)
 	cli.ConfigFile().CredentialsStore = "fake-does-not-exist"
 	serverAddress := "test-server-address"
-	expectedAuthConfig := types.AuthConfig{
+	expectedAuthConfig := registry.AuthConfig{
 		ServerAddress: serverAddress,
 	}
 	authconfig, err := GetDefaultAuthConfig(cli, true, serverAddress, serverAddress == "https://index.docker.io/v1/")

cli/command/system/info.go

@@ -28,8 +28,8 @@ type infoOptions struct {
 }
 
 type clientInfo struct {
-	Debug    bool
-	Context  string
+	Debug bool
+	clientVersion
 	Plugins  []pluginmanager.Plugin
 	Warnings []string
 }
@@ -46,6 +46,13 @@ type info struct {
 	ClientErrors []string    `json:",omitempty"`
 }
 
+func (i *info) clientPlatform() string {
+	if i.ClientInfo != nil && i.ClientInfo.Platform != nil {
+		return i.ClientInfo.Platform.Name
+	}
+	return ""
+}
+
 // NewInfoCommand creates a new cobra.Command for `docker info`
 func NewInfoCommand(dockerCli command.Cli) *cobra.Command {
 	var opts infoOptions
@@ -71,8 +78,11 @@ func NewInfoCommand(dockerCli command.Cli) *cobra.Command {
 func runInfo(cmd *cobra.Command, dockerCli command.Cli, opts *infoOptions) error {
 	info := info{
 		ClientInfo: &clientInfo{
-			Context: dockerCli.CurrentContext(),
-			Debug:   debug.IsEnabled(),
+			// Don't pass a dockerCLI to newClientVersion(), because we currently
+			// don't include negotiated API version, and want to avoid making an
+			// API connection when only printing the Client section.
+			clientVersion: newClientVersion(dockerCli.CurrentContext(), nil),
+			Debug:         debug.IsEnabled(),
 		},
 		Info: &types.Info{},
 	}
@@ -147,7 +157,12 @@ func needsServerInfo(template string, info info) bool {
 }
 
 func prettyPrintInfo(dockerCli command.Cli, info info) error {
-	fmt.Fprintln(dockerCli.Out(), "Client:")
+	// Only append the platform info if it's not empty, to prevent printing a trailing space.
+	if p := info.clientPlatform(); p != "" {
+		_, _ = fmt.Fprintln(dockerCli.Out(), "Client:", p)
+	} else {
+		_, _ = fmt.Fprintln(dockerCli.Out(), "Client:")
+	}
 	if info.ClientInfo != nil {
 		prettyPrintClientInfo(dockerCli, *info.ClientInfo)
 	}
@@ -173,6 +188,7 @@ func prettyPrintInfo(dockerCli command.Cli, info info) error {
 }
 
 func prettyPrintClientInfo(dockerCli command.Cli, info clientInfo) {
+	fprintlnNonEmpty(dockerCli.Out(), " Version:   ", info.Version)
 	fmt.Fprintln(dockerCli.Out(), " Context:   ", info.Context)
 	fmt.Fprintln(dockerCli.Out(), " Debug Mode:", info.Debug)
 
@@ -308,7 +324,6 @@ func prettyPrintServerInfo(dockerCli command.Cli, info types.Info) []error {
 		if len(u) > 0 {
 			fmt.Fprintln(dockerCli.Out(), " Username:", u)
 		}
-		fmt.Fprintln(dockerCli.Out(), " Registry:", info.IndexServerAddress)
 	}
 
 	if len(info.Labels) > 0 {

cli/command/system/info_test.go

@@ -278,8 +278,12 @@ func TestPrettyPrintInfo(t *testing.T) {
 			dockerInfo: info{
 				Info: &sampleInfoNoSwarm,
 				ClientInfo: &clientInfo{
-					Context: "default",
-					Debug:   true,
+					clientVersion: clientVersion{
+						Platform: &platformInfo{Name: "Docker Engine - Community"},
+						Version:  "24.0.0",
+						Context:  "default",
+					},
+					Debug: true,
 				},
 			},
 			prettyGolden: "docker-info-no-swarm",
@@ -290,8 +294,8 @@ func TestPrettyPrintInfo(t *testing.T) {
 			dockerInfo: info{
 				Info: &sampleInfoNoSwarm,
 				ClientInfo: &clientInfo{
-					Context: "default",
-					Plugins: samplePluginsInfo,
+					clientVersion: clientVersion{Context: "default"},
+					Plugins:       samplePluginsInfo,
 				},
 			},
 			prettyGolden:   "docker-info-plugins",
@@ -302,7 +306,7 @@ func TestPrettyPrintInfo(t *testing.T) {
 			doc: "info with nil labels",
 			dockerInfo: info{
 				Info:       &sampleInfoLabelsNil,
-				ClientInfo: &clientInfo{Context: "default"},
+				ClientInfo: &clientInfo{clientVersion: clientVersion{Context: "default"}},
 			},
 			prettyGolden: "docker-info-with-labels-nil",
 		},
@@ -310,7 +314,7 @@ func TestPrettyPrintInfo(t *testing.T) {
 			doc: "info with empty labels",
 			dockerInfo: info{
 				Info:       &sampleInfoLabelsEmpty,
-				ClientInfo: &clientInfo{Context: "default"},
+				ClientInfo: &clientInfo{clientVersion: clientVersion{Context: "default"}},
 			},
 			prettyGolden: "docker-info-with-labels-empty",
 		},
@@ -319,8 +323,8 @@ func TestPrettyPrintInfo(t *testing.T) {
 			dockerInfo: info{
 				Info: &infoWithSwarm,
 				ClientInfo: &clientInfo{
-					Context: "default",
-					Debug:   false,
+					clientVersion: clientVersion{Context: "default"},
+					Debug:         false,
 				},
 			},
 			prettyGolden: "docker-info-with-swarm",
@@ -331,8 +335,12 @@ func TestPrettyPrintInfo(t *testing.T) {
 			dockerInfo: info{
 				Info: &infoWithWarningsLinux,
 				ClientInfo: &clientInfo{
-					Context: "default",
-					Debug:   true,
+					clientVersion: clientVersion{
+						Platform: &platformInfo{Name: "Docker Engine - Community"},
+						Version:  "24.0.0",
+						Context:  "default",
+					},
+					Debug: true,
 				},
 			},
 			prettyGolden:   "docker-info-no-swarm",
@@ -344,8 +352,12 @@ func TestPrettyPrintInfo(t *testing.T) {
 			dockerInfo: info{
 				Info: &sampleInfoDaemonWarnings,
 				ClientInfo: &clientInfo{
-					Context: "default",
-					Debug:   true,
+					clientVersion: clientVersion{
+						Platform: &platformInfo{Name: "Docker Engine - Community"},
+						Version:  "24.0.0",
+						Context:  "default",
+					},
+					Debug: true,
 				},
 			},
 			prettyGolden:   "docker-info-no-swarm",
@@ -376,6 +388,7 @@ func TestPrettyPrintInfo(t *testing.T) {
 			expectedError:  "errors pretty printing info",
 		},
 	} {
+		tc := tc
 		t.Run(tc.doc, func(t *testing.T) {
 			cli := test.NewFakeCli(&fakeClient{})
 			err := prettyPrintInfo(cli, tc.dockerInfo)
@@ -429,6 +442,7 @@ func TestFormatInfo(t *testing.T) {
 			expectedError: `template: :1:2: executing "" at <.badString>: can't evaluate field badString in type system.info`,
 		},
 	} {
+		tc := tc
 		t.Run(tc.doc, func(t *testing.T) {
 			cli := test.NewFakeCli(&fakeClient{})
 			info := info{

cli/command/system/testdata/docker-client-version.json.golden

@@ -1 +1 @@
-{"Client":{"Platform":{"Name":""},"Version":"18.99.5-ce","ApiVersion":"1.38","DefaultAPIVersion":"1.38","GitCommit":"deadbeef","GoVersion":"go1.10.2","Os":"linux","Arch":"amd64","BuildTime":"Wed May 30 22:21:05 2018","Context":"my-context"},"Server":{"Platform":{"Name":"Docker Enterprise Edition (EE) 2.0"},"Components":[{"Name":"Engine","Version":"17.06.2-ee-15","Details":{"ApiVersion":"1.30","Arch":"amd64","BuildTime":"Mon Jul  9 23:38:38 2018","Experimental":"false","GitCommit":"64ddfa6","GoVersion":"go1.8.7","MinAPIVersion":"1.12","Os":"linux"}},{"Name":"Universal Control Plane","Version":"17.06.2-ee-15","Details":{"ApiVersion":"1.30","Arch":"amd64","BuildTime":"Mon Jul  2 21:24:07 UTC 2018","GitCommit":"4513922","GoVersion":"go1.9.4","MinApiVersion":"1.20","Os":"linux","Version":"3.0.3-tp2"}},{"Name":"Kubernetes","Version":"1.8+","Details":{"buildDate":"2018-04-26T16:51:21Z","compiler":"gc","gitCommit":"8d637aedf46b9c21dde723e29c645b9f27106fa5","gitTreeState":"clean","gitVersion":"v1.8.11-docker-8d637ae","goVersion":"go1.8.3","major":"1","minor":"8+","platform":"linux/amd64"}},{"Name":"Calico","Version":"v3.0.8","Details":{"cni":"v2.0.6","kube-controllers":"v2.0.5","node":"v3.0.8"}}],"Version":"","ApiVersion":"","GitCommit":"","GoVersion":"","Os":"","Arch":""}}
+{"Client":{"Version":"18.99.5-ce","ApiVersion":"1.38","DefaultAPIVersion":"1.38","GitCommit":"deadbeef","GoVersion":"go1.10.2","Os":"linux","Arch":"amd64","BuildTime":"Wed May 30 22:21:05 2018","Context":"my-context"},"Server":{"Platform":{"Name":"Docker Enterprise Edition (EE) 2.0"},"Components":[{"Name":"Engine","Version":"17.06.2-ee-15","Details":{"ApiVersion":"1.30","Arch":"amd64","BuildTime":"Mon Jul  9 23:38:38 2018","Experimental":"false","GitCommit":"64ddfa6","GoVersion":"go1.8.7","MinAPIVersion":"1.12","Os":"linux"}},{"Name":"Universal Control Plane","Version":"17.06.2-ee-15","Details":{"ApiVersion":"1.30","Arch":"amd64","BuildTime":"Mon Jul  2 21:24:07 UTC 2018","GitCommit":"4513922","GoVersion":"go1.9.4","MinApiVersion":"1.20","Os":"linux","Version":"3.0.3-tp2"}},{"Name":"Kubernetes","Version":"1.8+","Details":{"buildDate":"2018-04-26T16:51:21Z","compiler":"gc","gitCommit":"8d637aedf46b9c21dde723e29c645b9f27106fa5","gitTreeState":"clean","gitVersion":"v1.8.11-docker-8d637ae","goVersion":"go1.8.3","major":"1","minor":"8+","platform":"linux/amd64"}},{"Name":"Calico","Version":"v3.0.8","Details":{"cni":"v2.0.6","kube-controllers":"v2.0.5","node":"v3.0.8"}}],"Version":"","ApiVersion":"","GitCommit":"","GoVersion":"","Os":"","Arch":""}}

cli/command/system/testdata/docker-info-badsec.golden

@@ -41,7 +41,6 @@ Server:
   Goroutines: 135
   System Time: 2017-08-24T17:44:34.077811894Z
   EventsListeners: 0
- Registry: https://index.docker.io/v1/
  Labels:
   provider=digitalocean
  Experimental: false

cli/command/system/testdata/docker-info-daemon-warnings.json.golden

@@ -1 +1 @@
-{"ID":"EKHL:QDUU:QZ7U:MKGD:VDXK:S27Q:GIPU:24B7:R7VT:DGN6:QCSF:2UBX","Containers":0,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":0,"Images":0,"Driver":"aufs","DriverStatus":[["Root Dir","/var/lib/docker/aufs"],["Backing Filesystem","extfs"],["Dirs","0"],["Dirperm1 Supported","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":false,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":true,"NFd":33,"OomKillDisable":true,"NGoroutines":135,"SystemTime":"2017-08-24T17:44:34.077811894Z","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"4.4.0-87-generic","OperatingSystem":"Ubuntu 16.04.3 LTS","OSVersion":"","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":null,"AllowNondistributableArtifactsHostnames":null,"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"NCPU":2,"MemTotal":2097356800,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"system-sample","Labels":["provider=digitalocean"],"ExperimentalBuild":false,"ServerVersion":"17.06.1-ce","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"6e23458c129b551d5c9871e5174f6b1b7f6d1170","Expected":"6e23458c129b551d5c9871e5174f6b1b7f6d1170"},"RuncCommit":{"ID":"810190ceaa507aa2727d7ae6f4790c76ec150bd2","Expected":"810190ceaa507aa2727d7ae6f4790c76ec150bd2"},"InitCommit":{"ID":"949e6fa","Expected":"949e6fa"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default"],"DefaultAddressPools":[{"Base":"10.123.0.0/16","Size":24}],"Warnings":["WARNING: No memory limit support","WARNING: No swap limit support","WARNING: No oom kill disable support","WARNING: No cpu cfs quota support","WARNING: No cpu cfs period support","WARNING: No cpu shares support","WARNING: No cpuset support","WARNING: IPv4 forwarding is disabled","WARNING: bridge-nf-call-iptables is disabled","WARNING: bridge-nf-call-ip6tables is disabled"],"ClientInfo":{"Debug":true,"Context":"default","Plugins":[],"Warnings":null}}
+{"ID":"EKHL:QDUU:QZ7U:MKGD:VDXK:S27Q:GIPU:24B7:R7VT:DGN6:QCSF:2UBX","Containers":0,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":0,"Images":0,"Driver":"aufs","DriverStatus":[["Root Dir","/var/lib/docker/aufs"],["Backing Filesystem","extfs"],["Dirs","0"],["Dirperm1 Supported","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":false,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":true,"NFd":33,"OomKillDisable":true,"NGoroutines":135,"SystemTime":"2017-08-24T17:44:34.077811894Z","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"4.4.0-87-generic","OperatingSystem":"Ubuntu 16.04.3 LTS","OSVersion":"","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":null,"AllowNondistributableArtifactsHostnames":null,"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"NCPU":2,"MemTotal":2097356800,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"system-sample","Labels":["provider=digitalocean"],"ExperimentalBuild":false,"ServerVersion":"17.06.1-ce","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"6e23458c129b551d5c9871e5174f6b1b7f6d1170","Expected":"6e23458c129b551d5c9871e5174f6b1b7f6d1170"},"RuncCommit":{"ID":"810190ceaa507aa2727d7ae6f4790c76ec150bd2","Expected":"810190ceaa507aa2727d7ae6f4790c76ec150bd2"},"InitCommit":{"ID":"949e6fa","Expected":"949e6fa"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default"],"DefaultAddressPools":[{"Base":"10.123.0.0/16","Size":24}],"Warnings":["WARNING: No memory limit support","WARNING: No swap limit support","WARNING: No oom kill disable support","WARNING: No cpu cfs quota support","WARNING: No cpu cfs period support","WARNING: No cpu shares support","WARNING: No cpuset support","WARNING: IPv4 forwarding is disabled","WARNING: bridge-nf-call-iptables is disabled","WARNING: bridge-nf-call-ip6tables is disabled"],"ClientInfo":{"Debug":true,"Platform":{"Name":"Docker Engine - Community"},"Version":"24.0.0","Context":"default","Plugins":[],"Warnings":null}}

cli/command/system/testdata/docker-info-legacy-warnings.json.golden

@@ -1 +1 @@
-{"ID":"EKHL:QDUU:QZ7U:MKGD:VDXK:S27Q:GIPU:24B7:R7VT:DGN6:QCSF:2UBX","Containers":0,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":0,"Images":0,"Driver":"aufs","DriverStatus":[["Root Dir","/var/lib/docker/aufs"],["Backing Filesystem","extfs"],["Dirs","0"],["Dirperm1 Supported","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":false,"SwapLimit":false,"CpuCfsPeriod":false,"CpuCfsQuota":false,"CPUShares":false,"CPUSet":false,"PidsLimit":false,"IPv4Forwarding":false,"BridgeNfIptables":false,"BridgeNfIp6tables":false,"Debug":true,"NFd":33,"OomKillDisable":false,"NGoroutines":135,"SystemTime":"2017-08-24T17:44:34.077811894Z","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"4.4.0-87-generic","OperatingSystem":"Ubuntu 16.04.3 LTS","OSVersion":"","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":null,"AllowNondistributableArtifactsHostnames":null,"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"NCPU":2,"MemTotal":2097356800,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"system-sample","Labels":["provider=digitalocean"],"ExperimentalBuild":false,"ServerVersion":"17.06.1-ce","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"6e23458c129b551d5c9871e5174f6b1b7f6d1170","Expected":"6e23458c129b551d5c9871e5174f6b1b7f6d1170"},"RuncCommit":{"ID":"810190ceaa507aa2727d7ae6f4790c76ec150bd2","Expected":"810190ceaa507aa2727d7ae6f4790c76ec150bd2"},"InitCommit":{"ID":"949e6fa","Expected":"949e6fa"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default"],"DefaultAddressPools":[{"Base":"10.123.0.0/16","Size":24}],"Warnings":null,"ClientInfo":{"Debug":true,"Context":"default","Plugins":[],"Warnings":null}}
+{"ID":"EKHL:QDUU:QZ7U:MKGD:VDXK:S27Q:GIPU:24B7:R7VT:DGN6:QCSF:2UBX","Containers":0,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":0,"Images":0,"Driver":"aufs","DriverStatus":[["Root Dir","/var/lib/docker/aufs"],["Backing Filesystem","extfs"],["Dirs","0"],["Dirperm1 Supported","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":false,"SwapLimit":false,"CpuCfsPeriod":false,"CpuCfsQuota":false,"CPUShares":false,"CPUSet":false,"PidsLimit":false,"IPv4Forwarding":false,"BridgeNfIptables":false,"BridgeNfIp6tables":false,"Debug":true,"NFd":33,"OomKillDisable":false,"NGoroutines":135,"SystemTime":"2017-08-24T17:44:34.077811894Z","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"4.4.0-87-generic","OperatingSystem":"Ubuntu 16.04.3 LTS","OSVersion":"","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":null,"AllowNondistributableArtifactsHostnames":null,"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"NCPU":2,"MemTotal":2097356800,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"system-sample","Labels":["provider=digitalocean"],"ExperimentalBuild":false,"ServerVersion":"17.06.1-ce","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"6e23458c129b551d5c9871e5174f6b1b7f6d1170","Expected":"6e23458c129b551d5c9871e5174f6b1b7f6d1170"},"RuncCommit":{"ID":"810190ceaa507aa2727d7ae6f4790c76ec150bd2","Expected":"810190ceaa507aa2727d7ae6f4790c76ec150bd2"},"InitCommit":{"ID":"949e6fa","Expected":"949e6fa"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default"],"DefaultAddressPools":[{"Base":"10.123.0.0/16","Size":24}],"Warnings":null,"ClientInfo":{"Debug":true,"Platform":{"Name":"Docker Engine - Community"},"Version":"24.0.0","Context":"default","Plugins":[],"Warnings":null}}

cli/command/system/testdata/docker-info-no-swarm.golden

@@ -1,4 +1,5 @@
-Client:
+Client: Docker Engine - Community
+ Version:    24.0.0
  Context:    default
  Debug Mode: true
 
@@ -45,7 +46,6 @@ Server:
   Goroutines: 135
   System Time: 2017-08-24T17:44:34.077811894Z
   EventsListeners: 0
- Registry: https://index.docker.io/v1/
  Labels:
   provider=digitalocean
  Experimental: false

cli/command/system/testdata/docker-info-no-swarm.json.golden

@@ -1 +1 @@
-{"ID":"EKHL:QDUU:QZ7U:MKGD:VDXK:S27Q:GIPU:24B7:R7VT:DGN6:QCSF:2UBX","Containers":0,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":0,"Images":0,"Driver":"aufs","DriverStatus":[["Root Dir","/var/lib/docker/aufs"],["Backing Filesystem","extfs"],["Dirs","0"],["Dirperm1 Supported","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":false,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":true,"NFd":33,"OomKillDisable":true,"NGoroutines":135,"SystemTime":"2017-08-24T17:44:34.077811894Z","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"4.4.0-87-generic","OperatingSystem":"Ubuntu 16.04.3 LTS","OSVersion":"","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":null,"AllowNondistributableArtifactsHostnames":null,"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"NCPU":2,"MemTotal":2097356800,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"system-sample","Labels":["provider=digitalocean"],"ExperimentalBuild":false,"ServerVersion":"17.06.1-ce","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"6e23458c129b551d5c9871e5174f6b1b7f6d1170","Expected":"6e23458c129b551d5c9871e5174f6b1b7f6d1170"},"RuncCommit":{"ID":"810190ceaa507aa2727d7ae6f4790c76ec150bd2","Expected":"810190ceaa507aa2727d7ae6f4790c76ec150bd2"},"InitCommit":{"ID":"949e6fa","Expected":"949e6fa"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default"],"DefaultAddressPools":[{"Base":"10.123.0.0/16","Size":24}],"Warnings":null,"ClientInfo":{"Debug":true,"Context":"default","Plugins":[],"Warnings":null}}
+{"ID":"EKHL:QDUU:QZ7U:MKGD:VDXK:S27Q:GIPU:24B7:R7VT:DGN6:QCSF:2UBX","Containers":0,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":0,"Images":0,"Driver":"aufs","DriverStatus":[["Root Dir","/var/lib/docker/aufs"],["Backing Filesystem","extfs"],["Dirs","0"],["Dirperm1 Supported","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":false,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":true,"NFd":33,"OomKillDisable":true,"NGoroutines":135,"SystemTime":"2017-08-24T17:44:34.077811894Z","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"4.4.0-87-generic","OperatingSystem":"Ubuntu 16.04.3 LTS","OSVersion":"","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":null,"AllowNondistributableArtifactsHostnames":null,"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"NCPU":2,"MemTotal":2097356800,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"system-sample","Labels":["provider=digitalocean"],"ExperimentalBuild":false,"ServerVersion":"17.06.1-ce","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"6e23458c129b551d5c9871e5174f6b1b7f6d1170","Expected":"6e23458c129b551d5c9871e5174f6b1b7f6d1170"},"RuncCommit":{"ID":"810190ceaa507aa2727d7ae6f4790c76ec150bd2","Expected":"810190ceaa507aa2727d7ae6f4790c76ec150bd2"},"InitCommit":{"ID":"949e6fa","Expected":"949e6fa"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default"],"DefaultAddressPools":[{"Base":"10.123.0.0/16","Size":24}],"Warnings":null,"ClientInfo":{"Debug":true,"Platform":{"Name":"Docker Engine - Community"},"Version":"24.0.0","Context":"default","Plugins":[],"Warnings":null}}

cli/command/system/testdata/docker-info-plugins.golden

@@ -51,7 +51,6 @@ Server:
   Goroutines: 135
   System Time: 2017-08-24T17:44:34.077811894Z
   EventsListeners: 0
- Registry: https://index.docker.io/v1/
  Labels:
   provider=digitalocean
  Experimental: false

cli/command/system/testdata/docker-info-with-labels-empty.golden

@@ -45,7 +45,6 @@ Server:
   Goroutines: 135
   System Time: 2017-08-24T17:44:34.077811894Z
   EventsListeners: 0
- Registry: https://index.docker.io/v1/
  Experimental: false
  Insecure Registries:
   127.0.0.0/8

cli/command/system/testdata/docker-info-with-labels-nil.golden

@@ -45,7 +45,6 @@ Server:
   Goroutines: 135
   System Time: 2017-08-24T17:44:34.077811894Z
   EventsListeners: 0
- Registry: https://index.docker.io/v1/
  Experimental: false
  Insecure Registries:
   127.0.0.0/8

cli/command/system/testdata/docker-info-with-swarm.golden

@@ -67,7 +67,6 @@ Server:
   Goroutines: 135
   System Time: 2017-08-24T17:44:34.077811894Z
   EventsListeners: 0
- Registry: https://index.docker.io/v1/
  Labels:
   provider=digitalocean
  Experimental: false

cli/command/system/version.go

@@ -23,7 +23,7 @@ import (
 )
 
 const defaultVersionTemplate = `{{with .Client -}}
-Client:{{if ne .Platform.Name ""}} {{.Platform.Name}}{{end}}
+Client:{{if ne .Platform nil}}{{if ne .Platform.Name ""}} {{.Platform.Name}}{{end}}{{end}}
  Version:	{{.Version}}
  API version:	{{.APIVersion}}{{if ne .APIVersion .DefaultAPIVersion}} (downgraded from {{.DefaultAPIVersion}}){{end}}
  Go version:	{{.GoVersion}}
@@ -33,7 +33,7 @@ Client:{{if ne .Platform.Name ""}} {{.Platform.Name}}{{end}}
  Context:	{{.Context}}
 {{- end}}
 
-{{- if .ServerOK}}{{with .Server}}
+{{- if ne .Server nil}}{{with .Server}}
 
 Server:{{if ne .Platform.Name ""}} {{.Platform.Name}}{{end}}
  {{- range $component := .Components}}
@@ -66,24 +66,45 @@ type versionInfo struct {
 	Server *types.Version
 }
 
-type clientVersion struct {
-	Platform struct{ Name string } `json:",omitempty"`
-
-	Version           string
-	APIVersion        string `json:"ApiVersion"`
-	DefaultAPIVersion string `json:"DefaultAPIVersion,omitempty"`
-	GitCommit         string
-	GoVersion         string
-	Os                string
-	Arch              string
-	BuildTime         string `json:",omitempty"`
-	Context           string
+type platformInfo struct {
+	Name string `json:"Name,omitempty"`
 }
 
-// ServerOK returns true when the client could connect to the docker server
-// and parse the information received. It returns false otherwise.
-func (v versionInfo) ServerOK() bool {
-	return v.Server != nil
+type clientVersion struct {
+	Platform          *platformInfo `json:"Platform,omitempty"`
+	Version           string        `json:"Version,omitempty"`
+	APIVersion        string        `json:"ApiVersion,omitempty"`
+	DefaultAPIVersion string        `json:"DefaultAPIVersion,omitempty"`
+	GitCommit         string        `json:"GitCommit,omitempty"`
+	GoVersion         string        `json:"GoVersion,omitempty"`
+	Os                string        `json:"Os,omitempty"`
+	Arch              string        `json:"Arch,omitempty"`
+	BuildTime         string        `json:"BuildTime,omitempty"`
+	Context           string        `json:"Context"`
+}
+
+// newClientVersion constructs a new clientVersion. If a dockerCLI is
+// passed as argument, additional information is included (API version),
+// which may invoke an API connection. Pass nil to omit the additional
+// information.
+func newClientVersion(contextName string, dockerCli command.Cli) clientVersion {
+	v := clientVersion{
+		Version:   version.Version,
+		GoVersion: runtime.Version(),
+		GitCommit: version.GitCommit,
+		BuildTime: reformatDate(version.BuildTime),
+		Os:        runtime.GOOS,
+		Arch:      arch(),
+		Context:   contextName,
+	}
+	if version.PlatformName != "" {
+		v.Platform = &platformInfo{Name: version.PlatformName}
+	}
+	if dockerCli != nil {
+		v.APIVersion = dockerCli.CurrentVersion()
+		v.DefaultAPIVersion = dockerCli.DefaultVersion()
+	}
+	return v
 }
 
 // NewVersionCommand creates a new cobra.Command for `docker version`
@@ -133,20 +154,8 @@ func runVersion(dockerCli command.Cli, opts *versionOptions) error {
 	// TODO print error if kubernetes is used?
 
 	vd := versionInfo{
-		Client: clientVersion{
-			Platform:          struct{ Name string }{version.PlatformName},
-			Version:           version.Version,
-			APIVersion:        dockerCli.CurrentVersion(),
-			DefaultAPIVersion: dockerCli.DefaultVersion(),
-			GoVersion:         runtime.Version(),
-			GitCommit:         version.GitCommit,
-			BuildTime:         reformatDate(version.BuildTime),
-			Os:                runtime.GOOS,
-			Arch:              arch(),
-			Context:           dockerCli.CurrentContext(),
-		},
+		Client: newClientVersion(dockerCli.CurrentContext(), dockerCli),
 	}
-
 	sv, err := dockerCli.Client().ServerVersion(context.Background())
 	if err == nil {
 		vd.Server = &sv

cli/command/trust/common.go

@@ -53,7 +53,7 @@ type trustKey struct {
 // This information is to be pretty printed or serialized into a machine-readable format.
 func lookupTrustInfo(cli command.Cli, remote string) ([]trustTagRow, []client.RoleWithSignatures, []data.Role, error) {
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), remote)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), remote)
 	if err != nil {
 		return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, err
 	}

cli/command/trust/revoke.go

@@ -36,7 +36,7 @@ func newRevokeCommand(dockerCli command.Cli) *cobra.Command {
 
 func revokeTrust(cli command.Cli, remote string, options revokeOptions) error {
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), remote)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), remote)
 	if err != nil {
 		return err
 	}

cli/command/trust/sign.go

@@ -13,6 +13,7 @@ import (
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/theupdateframework/notary/client"
@@ -43,7 +44,7 @@ func newSignCommand(dockerCli command.Cli) *cobra.Command {
 func runSignImage(cli command.Cli, options signOptions) error {
 	imageName := options.imageName
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), imageName)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), imageName)
 	if err != nil {
 		return err
 	}
@@ -93,7 +94,7 @@ func runSignImage(cli command.Cli, options signOptions) error {
 			fmt.Fprintf(cli.Err(), "Signing and pushing trust data for local image %s, may overwrite remote trust data\n", imageName)
 
 			authConfig := command.ResolveAuthConfig(ctx, cli, imgRefAndAuth.RepoInfo().Index)
-			encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+			encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
 			if err != nil {
 				return err
 			}

cli/command/trust/signer_add.go

@@ -81,7 +81,7 @@ func addSigner(cli command.Cli, options signerAddOptions) error {
 
 func addSignerToRepo(cli command.Cli, signerName string, repoName string, signerPubKeys []data.PublicKey) error {
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), repoName)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), repoName)
 	if err != nil {
 		return err
 	}

cli/command/trust/signer_remove.go

@@ -80,7 +80,7 @@ func isLastSignerForReleases(roleWithSig data.Role, allRoles []client.RoleWithSi
 // The signer not being removed doesn't necessarily raise an error e.g. user choosing "No" when prompted for confirmation.
 func removeSingleSigner(cli command.Cli, repoName, signerName string, forceYes bool) (bool, error) {
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), repoName)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), repoName)
 	if err != nil {
 		return false, err
 	}

cli/command/volume/client_test.go

@@ -32,9 +32,9 @@ func (c *fakeClient) VolumeInspect(_ context.Context, volumeID string) (volume.V
 	return volume.Volume{}, nil
 }
 
-func (c *fakeClient) VolumeList(_ context.Context, filter filters.Args) (volume.ListResponse, error) {
+func (c *fakeClient) VolumeList(_ context.Context, options volume.ListOptions) (volume.ListResponse, error) {
 	if c.volumeListFunc != nil {
-		return c.volumeListFunc(filter)
+		return c.volumeListFunc(options.Filters)
 	}
 	return volume.ListResponse{}, nil
 }

cli/command/volume/list.go

@@ -10,6 +10,7 @@ import (
 	"github.com/docker/cli/cli/command/formatter"
 	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/opts"
+	"github.com/docker/docker/api/types/volume"
 	"github.com/fvbommel/sortorder"
 	"github.com/spf13/cobra"
 )
@@ -52,7 +53,7 @@ func newListCommand(dockerCli command.Cli) *cobra.Command {
 
 func runList(dockerCli command.Cli, options listOptions) error {
 	client := dockerCli.Client()
-	volumes, err := client.VolumeList(context.Background(), options.filter.Value())
+	volumes, err := client.VolumeList(context.Background(), volume.ListOptions{Filters: options.filter.Value()})
 	if err != nil {
 		return err
 	}
@@ -70,9 +71,9 @@ func runList(dockerCli command.Cli, options listOptions) error {
 
 		// trick for filtering in place
 		n := 0
-		for _, volume := range volumes.Volumes {
-			if volume.ClusterVolume != nil {
-				volumes.Volumes[n] = volume
+		for _, vol := range volumes.Volumes {
+			if vol.ClusterVolume != nil {
+				volumes.Volumes[n] = vol
 				n++
 			}
 		}

cli/command/volume/prune.go

@@ -8,15 +8,11 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/errdefs"
 	units "github.com/docker/go-units"
-	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
 
 type pruneOptions struct {
-	all    bool
 	force  bool
 	filter opts.FilterOpt
 }
@@ -45,37 +41,18 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {
 	}
 
 	flags := cmd.Flags()
-	flags.BoolVarP(&options.all, "all", "a", false, "Remove all unused volumes, not just anonymous ones")
-	flags.SetAnnotation("all", "version", []string{"1.42"})
 	flags.BoolVarP(&options.force, "force", "f", false, "Do not prompt for confirmation")
 	flags.Var(&options.filter, "filter", `Provide filter values (e.g. "label=<label>")`)
 
 	return cmd
 }
 
-const (
-	unusedVolumesWarning = `WARNING! This will remove anonymous local volumes not used by at least one container.
+const warning = `WARNING! This will remove all local volumes not used by at least one container.
 Are you sure you want to continue?`
-	allVolumesWarning = `WARNING! This will remove all local volumes not used by at least one container.
-Are you sure you want to continue?`
-)
 
 func runPrune(dockerCli command.Cli, options pruneOptions) (spaceReclaimed uint64, output string, err error) {
 	pruneFilters := command.PruneFilters(dockerCli, options.filter.Value())
 
-	warning := unusedVolumesWarning
-	if versions.GreaterThanOrEqualTo(dockerCli.CurrentVersion(), "1.42") {
-		if options.all {
-			if pruneFilters.Contains("all") {
-				return 0, "", errdefs.InvalidParameter(errors.New("conflicting options: cannot specify both --all and --filter all=1"))
-			}
-			pruneFilters.Add("all", "true")
-			warning = allVolumesWarning
-		}
-	} else {
-		// API < v1.42 removes all volumes (anonymous and named) by default.
-		warning = allVolumesWarning
-	}
 	if !options.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
 		return 0, "", nil
 	}

cli/command/volume/prune_test.go

@@ -13,26 +13,22 @@ import (
 	"github.com/docker/docker/api/types/filters"
 	"github.com/pkg/errors"
 	"gotest.tools/v3/assert"
-	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/golden"
 	"gotest.tools/v3/skip"
 )
 
 func TestVolumePruneErrors(t *testing.T) {
 	testCases := []struct {
-		name            string
 		args            []string
 		flags           map[string]string
 		volumePruneFunc func(args filters.Args) (types.VolumesPruneReport, error)
 		expectedError   string
 	}{
 		{
-			name:          "accepts no arguments",
 			args:          []string{"foo"},
 			expectedError: "accepts no argument",
 		},
 		{
-			name: "forced but other error",
 			flags: map[string]string{
 				"force": "true",
 			},
@@ -41,75 +37,20 @@ func TestVolumePruneErrors(t *testing.T) {
 			},
 			expectedError: "error pruning volumes",
 		},
-		{
-			name: "conflicting options",
-			flags: map[string]string{
-				"all":    "true",
-				"filter": "all=1",
-			},
-			expectedError: "conflicting options: cannot specify both --all and --filter all=1",
-		},
 	}
 	for _, tc := range testCases {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			cmd := NewPruneCommand(
-				test.NewFakeCli(&fakeClient{
-					volumePruneFunc: tc.volumePruneFunc,
-				}),
-			)
-			cmd.SetArgs(tc.args)
-			for key, value := range tc.flags {
-				cmd.Flags().Set(key, value)
-			}
-			cmd.SetOut(io.Discard)
-			cmd.SetErr(io.Discard)
-			assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
-		})
-	}
-}
-
-func TestVolumePruneSuccess(t *testing.T) {
-	testCases := []struct {
-		name            string
-		args            []string
-		volumePruneFunc func(args filters.Args) (types.VolumesPruneReport, error)
-	}{
-		{
-			name: "all",
-			args: []string{"--all"},
-			volumePruneFunc: func(pruneFilter filters.Args) (types.VolumesPruneReport, error) {
-				assert.Check(t, is.Equal([]string{"true"}, pruneFilter.Get("all")))
-				return types.VolumesPruneReport{}, nil
-			},
-		},
-		{
-			name: "all-forced",
-			args: []string{"--all", "--force"},
-			volumePruneFunc: func(pruneFilter filters.Args) (types.VolumesPruneReport, error) {
-				return types.VolumesPruneReport{}, nil
-			},
-		},
-		{
-			name: "label-filter",
-			args: []string{"--filter", "label=foobar"},
-			volumePruneFunc: func(pruneFilter filters.Args) (types.VolumesPruneReport, error) {
-				assert.Check(t, is.Equal([]string{"foobar"}, pruneFilter.Get("label")))
-				return types.VolumesPruneReport{}, nil
-			},
-		},
-	}
-	for _, tc := range testCases {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			cli := test.NewFakeCli(&fakeClient{volumePruneFunc: tc.volumePruneFunc})
-			cmd := NewPruneCommand(cli)
-			cmd.SetOut(io.Discard)
-			cmd.SetArgs(tc.args)
-			err := cmd.Execute()
-			assert.NilError(t, err)
-			golden.Assert(t, cli.OutBuffer().String(), fmt.Sprintf("volume-prune-success.%s.golden", tc.name))
-		})
+		cmd := NewPruneCommand(
+			test.NewFakeCli(&fakeClient{
+				volumePruneFunc: tc.volumePruneFunc,
+			}),
+		)
+		cmd.SetArgs(tc.args)
+		for key, value := range tc.flags {
+			cmd.Flags().Set(key, value)
+		}
+		cmd.SetOut(io.Discard)
+		cmd.SetErr(io.Discard)
+		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
 

cli/command/volume/testdata/volume-prune-no.golden

@@ -1,2 +1,2 @@
-WARNING! This will remove anonymous local volumes not used by at least one container.
+WARNING! This will remove all local volumes not used by at least one container.
 Are you sure you want to continue? [y/N] Total reclaimed space: 0B

cli/command/volume/testdata/volume-prune-success.all-forced.golden

@@ -1 +0,0 @@
-Total reclaimed space: 0B

cli/command/volume/testdata/volume-prune-success.all.golden

@@ -1,2 +0,0 @@
-WARNING! This will remove all local volumes not used by at least one container.
-Are you sure you want to continue? [y/N] Total reclaimed space: 0B

cli/command/volume/testdata/volume-prune-success.label-filter.golden

@@ -1,2 +0,0 @@
-WARNING! This will remove anonymous local volumes not used by at least one container.
-Are you sure you want to continue? [y/N] Total reclaimed space: 0B

cli/command/volume/testdata/volume-prune-yes.golden

@@ -1,4 +1,4 @@
-WARNING! This will remove anonymous local volumes not used by at least one container.
+WARNING! This will remove all local volumes not used by at least one container.
 Are you sure you want to continue? [y/N] Deleted Volumes:
 foo
 bar

cli/config/configfile/file.go

@@ -37,7 +37,6 @@ type ConfigFile struct {
 	PruneFilters         []string                     `json:"pruneFilters,omitempty"`
 	Proxies              map[string]ProxyConfig       `json:"proxies,omitempty"`
 	Experimental         string                       `json:"experimental,omitempty"`
-	StackOrchestrator    string                       `json:"stackOrchestrator,omitempty"` // Deprecated: swarm is now the default orchestrator, and this option is ignored.
 	CurrentContext       string                       `json:"currentContext,omitempty"`
 	CLIPluginsExtraDirs  []string                     `json:"cliPluginsExtraDirs,omitempty"`
 	Plugins              map[string]map[string]string `json:"plugins,omitempty"`
@@ -95,9 +94,6 @@ func (configFile *ConfigFile) ContainsAuth() bool {
 
 // GetAuthConfigs returns the mapping of repo to auth configuration
 func (configFile *ConfigFile) GetAuthConfigs() map[string]types.AuthConfig {
-	if configFile.AuthConfigs == nil {
-		configFile.AuthConfigs = make(map[string]types.AuthConfig)
-	}
 	return configFile.AuthConfigs
 }
 

cli/config/credentials/file_store.go

@@ -52,8 +52,7 @@ func (c *fileStore) GetAll() (map[string]types.AuthConfig, error) {
 
 // Store saves the given credentials in the file store.
 func (c *fileStore) Store(authConfig types.AuthConfig) error {
-	authConfigs := c.file.GetAuthConfigs()
-	authConfigs[authConfig.ServerAddress] = authConfig
+	c.file.GetAuthConfigs()[authConfig.ServerAddress] = authConfig
 	return c.file.Save()
 }
 

cli/context/docker/load.go

@@ -25,12 +25,6 @@ type EndpointMeta = context.EndpointMetaBase
 type Endpoint struct {
 	EndpointMeta
 	TLSData *context.TLSData
-
-	// Deprecated: Use of encrypted TLS private keys has been deprecated, and
-	// will be removed in a future release. Golang has deprecated support for
-	// legacy PEM encryption (as specified in RFC 1423), as it is insecure by
-	// design (see https://go-review.googlesource.com/c/go/+/264159).
-	TLSPassword string
 }
 
 // WithTLSData loads TLS materials for the endpoint

cli/context/store/store.go

@@ -494,20 +494,6 @@ func importEndpointTLS(tlsData *ContextTLSData, path string, data []byte) error
 	return nil
 }
 
-// IsErrContextDoesNotExist checks if the given error is a "context does not exist" condition.
-//
-// Deprecated: use github.com/docker/docker/errdefs.IsNotFound()
-func IsErrContextDoesNotExist(err error) bool {
-	return errdefs.IsNotFound(err)
-}
-
-// IsErrTLSDataDoesNotExist checks if the given error is a "context does not exist" condition
-//
-// Deprecated: use github.com/docker/docker/errdefs.IsNotFound()
-func IsErrTLSDataDoesNotExist(err error) bool {
-	return errdefs.IsNotFound(err)
-}
-
 type contextdir string
 
 func contextdirOf(name string) contextdir {

cli/flags/options.go

@@ -83,7 +83,7 @@ func (o *ClientOptions) InstallFlags(flags *pflag.FlagSet) {
 
 	// opts.ValidateHost is not used here, so as to allow connection helpers
 	hostOpt := opts.NewNamedListOptsRef("hosts", &o.Hosts, nil)
-	flags.VarP(hostOpt, "host", "H", "Daemon socket to connect to")
+	flags.VarP(hostOpt, "host", "H", "Daemon socket(s) to connect to")
 	flags.StringVarP(&o.Context, "context", "c", "",
 		`Name of the context to use to connect to the daemon (overrides `+client.EnvOverrideHost+` env var and default context set with "docker context use")`)
 }

cli/flags/options_deprecated.go

@@ -1,11 +0,0 @@
-package flags
-
-// CommonOptions are options common to both the client and the daemon.
-//
-// Deprecated: use [ClientOptions].
-type CommonOptions = ClientOptions
-
-// NewCommonOptions returns a new CommonOptions
-//
-// Deprecated: use [NewClientOptions].
-var NewCommonOptions = NewClientOptions

cli/registry/client/client.go

@@ -7,11 +7,9 @@ import (
 	"strings"
 
 	manifesttypes "github.com/docker/cli/cli/manifest/types"
-	"github.com/docker/cli/cli/trust"
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/reference"
 	distributionclient "github.com/docker/distribution/registry/client"
-	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
@@ -37,7 +35,7 @@ func NewRegistryClient(resolver AuthConfigResolver, userAgent string, insecure b
 }
 
 // AuthConfigResolver returns Auth Configuration for an index
-type AuthConfigResolver func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig
+type AuthConfigResolver func(ctx context.Context, index *registrytypes.IndexInfo) registrytypes.AuthConfig
 
 // PutManifestOptions is the data sent to push a manifest
 type PutManifestOptions struct {
@@ -79,7 +77,6 @@ func (c *client) MountBlob(ctx context.Context, sourceRef reference.Canonical, t
 	if err != nil {
 		return err
 	}
-	repoEndpoint.actions = trust.ActionsPushAndPull
 	repo, err := c.getRepositoryForReference(ctx, targetRef, repoEndpoint)
 	if err != nil {
 		return err
@@ -105,7 +102,6 @@ func (c *client) PutManifest(ctx context.Context, ref reference.Named, manifest
 		return digest.Digest(""), err
 	}
 
-	repoEndpoint.actions = trust.ActionsPushAndPull
 	repo, err := c.getRepositoryForReference(ctx, ref, repoEndpoint)
 	if err != nil {
 		return digest.Digest(""), err
@@ -155,9 +151,7 @@ func (c *client) getHTTPTransportForRepoEndpoint(ctx context.Context, repoEndpoi
 		c.authConfigResolver(ctx, repoEndpoint.info.Index),
 		repoEndpoint.endpoint,
 		repoEndpoint.Name(),
-		c.userAgent,
-		repoEndpoint.actions,
-	)
+		c.userAgent)
 	return httpTransport, errors.Wrap(err, "failed to configure transport")
 }
 

cli/registry/client/endpoint.go

@@ -6,11 +6,10 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/docker/cli/cli/trust"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/transport"
-	authtypes "github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
 )
@@ -18,7 +17,6 @@ import (
 type repositoryEndpoint struct {
 	info     *registry.RepositoryInfo
 	endpoint registry.APIEndpoint
-	actions  []string
 }
 
 // Name returns the repository name
@@ -76,7 +74,7 @@ func getDefaultEndpointFromRepoInfo(repoInfo *registry.RepositoryInfo) (registry
 }
 
 // getHTTPTransport builds a transport for use in communicating with a registry
-func getHTTPTransport(authConfig authtypes.AuthConfig, endpoint registry.APIEndpoint, repoName, userAgent string, actions []string) (http.RoundTripper, error) {
+func getHTTPTransport(authConfig registrytypes.AuthConfig, endpoint registry.APIEndpoint, repoName string, userAgent string) (http.RoundTripper, error) {
 	// get the http transport, this will be used in a client to upload manifest
 	base := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
@@ -100,11 +98,8 @@ func getHTTPTransport(authConfig authtypes.AuthConfig, endpoint registry.APIEndp
 		passThruTokenHandler := &existingTokenHandler{token: authConfig.RegistryToken}
 		modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler))
 	} else {
-		if len(actions) == 0 {
-			actions = trust.ActionsPullOnly
-		}
 		creds := registry.NewStaticCredentialStore(&authConfig)
-		tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, actions...)
+		tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, "push", "pull")
 		basicHandler := auth.NewBasicHandler(creds)
 		modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
 	}

cli/streams/in.go

@@ -9,38 +9,42 @@ import (
 	"github.com/moby/term"
 )
 
-// In is an input stream used by the DockerCli to read user input
+// In is an input stream to read user input. It implements [io.ReadCloser]
+// with additional utilities, such as putting the terminal in raw mode.
 type In struct {
 	commonStream
 	in io.ReadCloser
 }
 
+// Read implements the [io.Reader] interface.
 func (i *In) Read(p []byte) (int, error) {
 	return i.in.Read(p)
 }
 
-// Close implements the Closer interface
+// Close implements the [io.Closer] interface.
 func (i *In) Close() error {
 	return i.in.Close()
 }
 
-// SetRawTerminal sets raw mode on the input terminal
+// SetRawTerminal sets raw mode on the input terminal. It is a no-op if In
+// is not a TTY, or if the "NORAW" environment variable is set to a non-empty
+// value.
 func (i *In) SetRawTerminal() (err error) {
-	if os.Getenv("NORAW") != "" || !i.commonStream.isTerminal {
+	if !i.isTerminal || os.Getenv("NORAW") != "" {
 		return nil
 	}
-	i.commonStream.state, err = term.SetRawTerminal(i.commonStream.fd)
+	i.state, err = term.SetRawTerminal(i.fd)
 	return err
 }
 
-// CheckTty checks if we are trying to attach to a container tty
-// from a non-tty client input stream, and if so, returns an error.
+// CheckTty checks if we are trying to attach to a container TTY
+// from a non-TTY client input stream, and if so, returns an error.
 func (i *In) CheckTty(attachStdin, ttyMode bool) error {
 	// In order to attach to a container tty, input stream for the client must
 	// be a tty itself: redirecting or piping the client standard input is
 	// incompatible with `docker run -t`, `docker exec -t` or `docker attach`.
 	if ttyMode && attachStdin && !i.isTerminal {
-		eText := "the input device is not a TTY"
+		const eText = "the input device is not a TTY"
 		if runtime.GOOS == "windows" {
 			return errors.New(eText + ".  If you are using mintty, try prefixing the command with 'winpty'")
 		}
@@ -49,8 +53,9 @@ func (i *In) CheckTty(attachStdin, ttyMode bool) error {
 	return nil
 }
 
-// NewIn returns a new In object from a ReadCloser
+// NewIn returns a new [In] from an [io.ReadCloser].
 func NewIn(in io.ReadCloser) *In {
-	fd, isTerminal := term.GetFdInfo(in)
-	return &In{commonStream: commonStream{fd: fd, isTerminal: isTerminal}, in: in}
+	i := &In{in: in}
+	i.fd, i.isTerminal = term.GetFdInfo(in)
+	return i
 }

cli/streams/out.go

@@ -8,8 +8,9 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// Out is an output stream used by the DockerCli to write normal program
-// output.
+// Out is an output stream to write normal program output. It implements
+// an [io.Writer], with additional utilities for detecting whether a terminal
+// is connected, getting the TTY size, and putting the terminal in raw mode.
 type Out struct {
 	commonStream
 	out io.Writer
@@ -19,23 +20,29 @@ func (o *Out) Write(p []byte) (int, error) {
 	return o.out.Write(p)
 }
 
-// SetRawTerminal sets raw mode on the input terminal
+// SetRawTerminal puts the output of the terminal connected to the stream
+// into raw mode.
+//
+// On UNIX, this does nothing. On Windows, it disables LF -> CRLF/ translation.
+// It is a no-op if Out is not a TTY, or if the "NORAW" environment variable is
+// set to a non-empty value.
 func (o *Out) SetRawTerminal() (err error) {
-	if os.Getenv("NORAW") != "" || !o.commonStream.isTerminal {
+	if !o.isTerminal || os.Getenv("NORAW") != "" {
 		return nil
 	}
-	o.commonStream.state, err = term.SetRawTerminalOutput(o.commonStream.fd)
+	o.state, err = term.SetRawTerminalOutput(o.fd)
 	return err
 }
 
-// GetTtySize returns the height and width in characters of the tty
-func (o *Out) GetTtySize() (uint, uint) {
+// GetTtySize returns the height and width in characters of the TTY, or
+// zero for both if no TTY is connected.
+func (o *Out) GetTtySize() (height uint, width uint) {
 	if !o.isTerminal {
 		return 0, 0
 	}
 	ws, err := term.GetWinsize(o.fd)
 	if err != nil {
-		logrus.Debugf("Error getting size: %s", err)
+		logrus.WithError(err).Debug("Error getting TTY size")
 		if ws == nil {
 			return 0, 0
 		}
@@ -43,8 +50,9 @@ func (o *Out) GetTtySize() (uint, uint) {
 	return uint(ws.Height), uint(ws.Width)
 }
 
-// NewOut returns a new Out object from a Writer
+// NewOut returns a new [Out] from an [io.Writer].
 func NewOut(out io.Writer) *Out {
-	fd, isTerminal := term.GetFdInfo(out)
-	return &Out{commonStream: commonStream{fd: fd, isTerminal: isTerminal}, out: out}
+	o := &Out{out: out}
+	o.fd, o.isTerminal = term.GetFdInfo(out)
+	return o
 }

cli/streams/stream.go

@@ -4,31 +4,32 @@ import (
 	"github.com/moby/term"
 )
 
-// commonStream is an input stream used by the DockerCli to read user input
 type commonStream struct {
 	fd         uintptr
 	isTerminal bool
 	state      *term.State
 }
 
-// FD returns the file descriptor number for this stream
+// FD returns the file descriptor number for this stream.
 func (s *commonStream) FD() uintptr {
 	return s.fd
 }
 
-// IsTerminal returns true if this stream is connected to a terminal
+// IsTerminal returns true if this stream is connected to a terminal.
 func (s *commonStream) IsTerminal() bool {
 	return s.isTerminal
 }
 
-// RestoreTerminal restores normal mode to the terminal
+// RestoreTerminal restores normal mode to the terminal.
 func (s *commonStream) RestoreTerminal() {
 	if s.state != nil {
-		term.RestoreTerminal(s.fd, s.state)
+		_ = term.RestoreTerminal(s.fd, s.state)
 	}
 }
 
-// SetIsTerminal sets the boolean used for isTerminal
+// SetIsTerminal overrides whether a terminal is connected. It is used to
+// override this property in unit-tests, and should not be depended on for
+// other purposes.
 func (s *commonStream) SetIsTerminal(isTerminal bool) {
 	s.isTerminal = isTerminal
 }

cli/trust/trust.go

@@ -17,7 +17,6 @@ import (
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/auth/challenge"
 	"github.com/docker/distribution/registry/client/transport"
-	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/registry"
 	"github.com/docker/go-connections/tlsconfig"
@@ -79,7 +78,7 @@ func Server(index *registrytypes.IndexInfo) (string, error) {
 }
 
 type simpleCredentialStore struct {
-	auth types.AuthConfig
+	auth registrytypes.AuthConfig
 }
 
 func (scs simpleCredentialStore) Basic(*url.URL) (string, string) {
@@ -95,7 +94,7 @@ func (scs simpleCredentialStore) SetRefreshToken(*url.URL, string, string) {}
 // GetNotaryRepository returns a NotaryRepository which stores all the
 // information needed to operate on a notary repository.
 // It creates an HTTP transport providing authentication support.
-func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo *registry.RepositoryInfo, authConfig *types.AuthConfig, actions ...string) (client.Repository, error) {
+func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo *registry.RepositoryInfo, authConfig *registrytypes.AuthConfig, actions ...string) (client.Repository, error) {
 	server, err := Server(repoInfo.Index)
 	if err != nil {
 		return nil, err
@@ -159,7 +158,7 @@ func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo
 	scope := auth.RepositoryScope{
 		Repository: repoInfo.Name.Name(),
 		Actions:    actions,
-		Class:      repoInfo.Class,
+		Class:      repoInfo.Class, // TODO(thaJeztah): Class is no longer needed for plugins and can likely be removed; see https://github.com/docker/cli/pull/4114#discussion_r1145430825
 	}
 	creds := simpleCredentialStore{auth: *authConfig}
 	tokenHandlerOptions := auth.TokenHandlerOptions{
@@ -291,7 +290,7 @@ func GetSignableRoles(repo client.Repository, target *client.Target) ([]data.Rol
 // ImageRefAndAuth contains all reference information and the auth config for an image request
 type ImageRefAndAuth struct {
 	original   string
-	authConfig *types.AuthConfig
+	authConfig *registrytypes.AuthConfig
 	reference  reference.Named
 	repoInfo   *registry.RepositoryInfo
 	tag        string
@@ -300,8 +299,8 @@ type ImageRefAndAuth struct {
 
 // GetImageReferencesAndAuth retrieves the necessary reference and auth information for an image name
 // as an ImageRefAndAuth struct
-func GetImageReferencesAndAuth(ctx context.Context, rs registry.Service,
-	authResolver func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig,
+func GetImageReferencesAndAuth(ctx context.Context,
+	authResolver func(ctx context.Context, index *registrytypes.IndexInfo) registrytypes.AuthConfig,
 	imgName string,
 ) (ImageRefAndAuth, error) {
 	ref, err := reference.ParseNormalizedNamed(imgName)
@@ -310,13 +309,7 @@ func GetImageReferencesAndAuth(ctx context.Context, rs registry.Service,
 	}
 
 	// Resolve the Repository name from fqn to RepositoryInfo
-	var repoInfo *registry.RepositoryInfo
-	if rs != nil {
-		repoInfo, err = rs.ResolveRepository(ref)
-	} else {
-		repoInfo, err = registry.ParseRepositoryInfo(ref)
-	}
-
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
 	if err != nil {
 		return ImageRefAndAuth{}, err
 	}
@@ -355,7 +348,7 @@ func getDigest(ref reference.Named) digest.Digest {
 }
 
 // AuthConfig returns the auth information (username, etc) for a given ImageRefAndAuth
-func (imgRefAuth *ImageRefAndAuth) AuthConfig() *types.AuthConfig {
+func (imgRefAuth *ImageRefAndAuth) AuthConfig() *registrytypes.AuthConfig {
 	return imgRefAuth.authConfig
 }
 

cmd/docker/builder.go

@@ -44,9 +44,9 @@ func processBuilder(dockerCli command.Cli, cmd *cobra.Command, args, osargs []st
 	var buildKitDisabled, useBuilder, useAlias bool
 	var envs []string
 
-	// check DOCKER_BUILDKIT env var is not empty
-	// if it is assume we want to use the builder component
-	if v := os.Getenv("DOCKER_BUILDKIT"); v != "" {
+	// check DOCKER_BUILDKIT env var is present and
+	// if not assume we want to use the builder component
+	if v, ok := os.LookupEnv("DOCKER_BUILDKIT"); ok {
 		enabled, err := strconv.ParseBool(v)
 		if err != nil {
 			return args, osargs, nil, errors.Wrap(err, "DOCKER_BUILDKIT environment variable expects boolean value")

cmd/docker/docker.go

@@ -402,22 +402,14 @@ func areFlagsSupported(cmd *cobra.Command, details versionDetails) error {
 	errs := []string{}
 
 	cmd.Flags().VisitAll(func(f *pflag.Flag) {
-		if !f.Changed || len(f.Annotations) == 0 {
+		if !f.Changed {
 			return
 		}
-		// Important: in the code below, calls to "details.CurrentVersion()" and
-		// "details.ServerInfo()" are deliberately executed inline to make them
-		// be executed "lazily". This is to prevent making a connection with the
-		// daemon to perform a "ping" (even for flags that do not require a
-		// daemon connection).
-		//
-		// See commit b39739123b845f872549e91be184cc583f5b387c for details.
-
-		if _, ok := f.Annotations["version"]; ok && !isVersionSupported(f, details.CurrentVersion()) {
+		if !isVersionSupported(f, details.CurrentVersion()) {
 			errs = append(errs, fmt.Sprintf(`"--%s" requires API version %s, but the Docker daemon API version is %s`, f.Name, getFlagAnnotation(f, "version"), details.CurrentVersion()))
 			return
 		}
-		if _, ok := f.Annotations["ostype"]; ok && !isOSTypeSupported(f, details.ServerInfo().OSType) {
+		if !isOSTypeSupported(f, details.ServerInfo().OSType) {
 			errs = append(errs, fmt.Sprintf(
 				`"--%s" is only supported on a Docker daemon running on %s, but the Docker daemon is running on %s`,
 				f.Name,

contrib/completion/bash/docker

@@ -84,13 +84,13 @@ __docker_q() {
 # precedence over the environment setting.
 __docker_configs() {
 	local format
-	if [ "$1" = "--id" ] ; then
+	if [ "${1-}" = "--id" ] ; then
 		format='{{.ID}}'
 		shift
-	elif [ "$1" = "--name" ] ; then
+	elif [ "${1-}" = "--name" ] ; then
 		format='{{.Name}}'
 		shift
-	elif [ "$DOCKER_COMPLETION_SHOW_CONFIG_IDS" = yes ] ; then
+	elif [ "${DOCKER_COMPLETION_SHOW_CONFIG_IDS-}" = yes ] ; then
 		format='{{.ID}} {{.Name}}'
 	else
 		format='{{.Name}}'
@@ -120,13 +120,13 @@ __docker_complete_configs() {
 # precedence over the environment setting.
 __docker_containers() {
 	local format
-	if [ "$1" = "--id" ] ; then
+	if [ "${1-}" = "--id" ] ; then
 		format='{{.ID}}'
 		shift
-	elif [ "$1" = "--name" ] ; then
+	elif [ "${1-}" = "--name" ] ; then
 		format='{{.Names}}'
 		shift
-	elif [ "${DOCKER_COMPLETION_SHOW_CONTAINER_IDS}" = yes ] ; then
+	elif [ "${DOCKER_COMPLETION_SHOW_CONTAINER_IDS-}" = yes ] ; then
 		format='{{.ID}} {{.Names}}'
 	else
 		format='{{.Names}}'
@@ -139,7 +139,7 @@ __docker_containers() {
 # Additional filters may be appended, see `__docker_containers`.
 __docker_complete_containers() {
 	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
+	if [ "${1-}" = "--cur" ] ; then
 		current="$2"
 		shift 2
 	fi
@@ -191,7 +191,7 @@ __docker_complete_container_ids() {
 __docker_contexts() {
 	local add=()
 	while true ; do
-		case "$1" in
+		case "${1-}" in
 			--add)
 				add+=("$2")
 				shift 2
@@ -236,12 +236,12 @@ __docker_images() {
 	local all
 	local format
 
-	if [ "$DOCKER_COMPLETION_SHOW_IMAGE_IDS" = "all" ] ; then
+	if [ "${DOCKER_COMPLETION_SHOW_IMAGE_IDS-}" = "all" ] ; then
 		all='--all'
 	fi
 
 	while true ; do
-		case "$1" in
+		case "${1-}" in
 			--repo)
 				format+="$repo_format\n"
 				shift
@@ -253,7 +253,7 @@ __docker_images() {
 				shift
 				;;
 			--id)
-				if [[ $DOCKER_COMPLETION_SHOW_IMAGE_IDS =~ ^(all|non-intermediate)$ ]] ; then
+				if [[ ${DOCKER_COMPLETION_SHOW_IMAGE_IDS-} =~ ^(all|non-intermediate)$ ]] ; then
 					format+="$id_format\n"
 				fi
 				shift
@@ -269,7 +269,7 @@ __docker_images() {
 		esac
 	done
 
-	__docker_q image ls --no-trunc --format "${format%\\n}" $all "$@" | grep -v '<none>$'
+	__docker_q image ls --no-trunc --format "${format%\\n}" ${all-} "$@" | grep -v '<none>$'
 }
 
 # __docker_complete_images applies completion of images based on the current value of `$cur` or
@@ -277,7 +277,7 @@ __docker_images() {
 # See __docker_images for customization of the returned items.
 __docker_complete_images() {
 	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
+	if [ "${1-}" = "--cur" ] ; then
 		current="$2"
 		shift 2
 	fi
@@ -295,13 +295,13 @@ __docker_complete_images() {
 # precedence over the environment setting.
 __docker_networks() {
 	local format
-	if [ "$1" = "--id" ] ; then
+	if [ "${1-}" = "--id" ] ; then
 		format='{{.ID}}'
 		shift
-	elif [ "$1" = "--name" ] ; then
+	elif [ "${1-}" = "--name" ] ; then
 		format='{{.Name}}'
 		shift
-	elif [ "${DOCKER_COMPLETION_SHOW_NETWORK_IDS}" = yes ] ; then
+	elif [ "${DOCKER_COMPLETION_SHOW_NETWORK_IDS-}" = yes ] ; then
 		format='{{.ID}} {{.Name}}'
 	else
 		format='{{.Name}}'
@@ -314,7 +314,7 @@ __docker_networks() {
 # Additional filters may be appended, see `__docker_networks`.
 __docker_complete_networks() {
 	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
+	if [ "${1-}" = "--cur" ] ; then
 		current="$2"
 		shift 2
 	fi
@@ -340,7 +340,7 @@ __docker_volumes() {
 # Additional filters may be appended, see `__docker_volumes`.
 __docker_complete_volumes() {
 	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
+	if [ "${1-}" = "--cur" ] ; then
 		current="$2"
 		shift 2
 	fi
@@ -356,7 +356,7 @@ __docker_complete_volumes() {
 __docker_plugins_bundled() {
 	local type add=() remove=()
 	while true ; do
-		case "$1" in
+		case "${1-}" in
 			--type)
 				type="$2"
 				shift 2
@@ -390,7 +390,7 @@ __docker_plugins_bundled() {
 # `__docker_complete_plugins_installed`.
 __docker_complete_plugins_bundled() {
 	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
+	if [ "${1-}" = "--cur" ] ; then
 		current="$2"
 		shift 2
 	fi
@@ -406,7 +406,7 @@ __docker_complete_plugins_bundled() {
 # For built-in pugins, see `__docker_plugins_bundled`.
 __docker_plugins_installed() {
 	local format
-	if [ "$DOCKER_COMPLETION_SHOW_PLUGIN_IDS" = yes ] ; then
+	if [ "${DOCKER_COMPLETION_SHOW_PLUGIN_IDS-}" = yes ] ; then
 		format='{{.ID}} {{.Name}}'
 	else
 		format='{{.Name}}'
@@ -421,7 +421,7 @@ __docker_plugins_installed() {
 # For completion of built-in pugins, see `__docker_complete_plugins_bundled`.
 __docker_complete_plugins_installed() {
 	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
+	if [ "${1-}" = "--cur" ] ; then
 		current="$2"
 		shift 2
 	fi
@@ -446,13 +446,13 @@ __docker_complete_runtimes() {
 # precedence over the environment setting.
 __docker_secrets() {
 	local format
-	if [ "$1" = "--id" ] ; then
+	if [ "${1-}" = "--id" ] ; then
 		format='{{.ID}}'
 		shift
-	elif [ "$1" = "--name" ] ; then
+	elif [ "${1-}" = "--name" ] ; then
 		format='{{.Name}}'
 		shift
-	elif [ "$DOCKER_COMPLETION_SHOW_SECRET_IDS" = yes ] ; then
+	elif [ "${DOCKER_COMPLETION_SHOW_SECRET_IDS-}" = yes ] ; then
 		format='{{.ID}} {{.Name}}'
 	else
 		format='{{.Name}}'
@@ -465,7 +465,7 @@ __docker_secrets() {
 # of `$cur` or the value of the optional first option `--cur`, if given.
 __docker_complete_secrets() {
 	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
+	if [ "${1-}" = "--cur" ] ; then
 		current="$2"
 		shift 2
 	fi
@@ -481,7 +481,7 @@ __docker_stacks() {
 # of `$cur` or the value of the optional first option `--cur`, if given.
 __docker_complete_stacks() {
 	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
+	if [ "${1-}" = "--cur" ] ; then
 		current="$2"
 		shift 2
 	fi
@@ -499,7 +499,7 @@ __docker_complete_stacks() {
 # Completions may be added with `--add`, e.g. `--add self`.
 __docker_nodes() {
 	local format
-	if [ "$DOCKER_COMPLETION_SHOW_NODE_IDS" = yes ] ; then
+	if [ "${DOCKER_COMPLETION_SHOW_NODE_IDS-}" = yes ] ; then
 		format='{{.ID}} {{.Hostname}}'
 	else
 		format='{{.Hostname}}'
@@ -508,7 +508,7 @@ __docker_nodes() {
 	local add=()
 
 	while true ; do
-		case "$1" in
+		case "${1-}" in
 			--id)
 				format='{{.ID}}'
 				shift
@@ -535,7 +535,7 @@ __docker_nodes() {
 # Additional filters may be appended, see `__docker_nodes`.
 __docker_complete_nodes() {
 	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
+	if [ "${1-}" = "--cur" ] ; then
 		current="$2"
 		shift 2
 	fi
@@ -552,12 +552,12 @@ __docker_complete_nodes() {
 # precedence over the environment setting.
 __docker_services() {
 	local format='{{.Name}}'  # default: service name only
-	[ "${DOCKER_COMPLETION_SHOW_SERVICE_IDS}" = yes ] && format='{{.ID}} {{.Name}}' # ID & name
+	[ "${DOCKER_COMPLETION_SHOW_SERVICE_IDS-}" = yes ] && format='{{.ID}} {{.Name}}' # ID & name
 
-	if [ "$1" = "--id" ] ; then
+	if [ "${1-}" = "--id" ] ; then
 		format='{{.ID}}' # IDs only
 		shift
-	elif [ "$1" = "--name" ] ; then
+	elif [ "${1-}" = "--name" ] ; then
 		format='{{.Name}}' # names only
 		shift
 	fi
@@ -570,7 +570,7 @@ __docker_services() {
 # Additional filters may be appended, see `__docker_services`.
 __docker_complete_services() {
 	local current="$cur"
-	if [ "$1" = "--cur" ] ; then
+	if [ "${1-}" = "--cur" ] ; then
 		current="$2"
 		shift 2
 	fi
@@ -601,7 +601,7 @@ __docker_append_to_completions() {
 # several variables with the results.
 # The result is cached for the duration of one invocation of bash completion.
 __docker_fetch_info() {
-	if [ -z "$info_fetched" ] ; then
+	if [ -z "${info_fetched-}" ] ; then
 		read -r server_experimental server_os <<< "$(__docker_q version -f '{{.Server.Experimental}} {{.Server.Os}}')"
 		info_fetched=true
 	fi
@@ -629,7 +629,7 @@ __docker_server_os_is() {
 # you should pass a glob describing those options, e.g. "--option1|-o|--option2"
 # Use this function to restrict completions to exact positions after the argument list.
 __docker_pos_first_nonflag() {
-	local argument_flags=$1
+	local argument_flags=${1-}
 
 	local counter=$((${subcommand_pos:-${command_pos}} + 1))
 	while [ "$counter" -le "$cword" ]; do
@@ -766,7 +766,7 @@ __docker_local_interfaces() {
 	command -v ip >/dev/null 2>&1 || return
 
 	local format
-	if [ "$1" = "--ip-only" ] ; then
+	if [ "${1-}" = "--ip-only" ] ; then
 		format='\1'
 		shift
 	else
@@ -781,7 +781,7 @@ __docker_local_interfaces() {
 # An additional value can be added to the possible completions with an `--add` argument.
 __docker_complete_local_interfaces() {
 	local additional_interface
-	if [ "$1" = "--add" ] ; then
+	if [ "${1-}" = "--add" ] ; then
 		additional_interface="$2"
 		shift 2
 	fi
@@ -1125,7 +1125,7 @@ __docker_complete_ulimits() {
 		sigpending
 		stack
 	"
-	if [ "$1" = "--rm" ] ; then
+	if [ "${1-}" = "--rm" ] ; then
 		COMPREPLY=( $( compgen -W "$limits" -- "$cur" ) )
 	else
 		COMPREPLY=( $( compgen -W "$limits" -S = -- "$cur" ) )
@@ -1142,10 +1142,7 @@ __docker_complete_user_group() {
 	fi
 }
 
-__docker_plugins_path() {
-	local docker_plugins_path=$(docker info --format '{{range .ClientInfo.Plugins}}{{.Path}}:{{end}}')
-	echo "${docker_plugins_path//:/ }"
-}
+DOCKER_PLUGINS_PATH=$(docker info --format '{{range .ClientInfo.Plugins}}{{.Path}}:{{end}}')
 
 __docker_complete_plugin() {
 	local path=$1
@@ -2824,7 +2821,7 @@ _docker_image_build() {
 		"
 	fi
 
-	if [ "$DOCKER_BUILDKIT" = "1" ] ; then
+	if [ "${DOCKER_BUILDKIT-}" = "1" ] ; then
 		options_with_args+="
 			--output -o
 			--progress
@@ -3172,7 +3169,7 @@ _docker_inspect() {
 	local preselected_type
 	local type
 
-	if [ "$1" = "--type" ] ; then
+	if [ "${1-}" = "--type" ] ; then
 		preselected_type=yes
 		type="$2"
 	else
@@ -5386,7 +5383,7 @@ _docker_volume_prune() {
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "--all -a --filter --force -f --help" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "--filter --force -f --help" -- "$cur" ) )
 			;;
 	esac
 }
@@ -5506,7 +5503,7 @@ _docker() {
 	# Create completion functions for all registered plugins
 	local known_plugin_commands=()
 	local plugin_name=""
-	for plugin_path in $(__docker_plugins_path); do
+	for plugin_path in ${DOCKER_PLUGINS_PATH//:/ }; do
 		plugin_name=$(basename "$plugin_path" | sed 's/ *$//')
 		plugin_name=${plugin_name#docker-}
 		plugin_name=${plugin_name%%.*}
@@ -5519,7 +5516,7 @@ _docker() {
 	)
 
 	local commands=(${management_commands[*]} ${top_level_commands[*]} ${known_plugin_commands[*]})
-	[ -z "$DOCKER_HIDE_LEGACY_COMMANDS" ] && commands+=(${legacy_commands[*]})
+	[ -z "${DOCKER_HIDE_LEGACY_COMMANDS-}" ] && commands+=(${legacy_commands[*]})
 
 	# These options are valid as global options for all client commands
 	# and valid as command options for `docker daemon`

contrib/completion/zsh/_docker

@@ -2527,8 +2527,6 @@ __docker_volume_subcommand() {
         (prune)
             _arguments $(__docker_arguments) \
                 $opts_help \
-                "($help -a --all)"{-a,--all}"[Remove all unused local volumes, not just anonymous ones]" \
-                "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \
                 "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0
             ;;
         (rm)

docker-bake.hcl

@@ -1,5 +1,5 @@
 variable "GO_VERSION" {
-    default = "1.20.12"
+    default = "1.20.3"
 }
 variable "VERSION" {
     default = ""

dockerfiles/Dockerfile.authors

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG ALPINE_VERSION=3.17
+ARG ALPINE_VERSION=3.16
 
 FROM alpine:${ALPINE_VERSION} AS gen
 RUN apk add --no-cache bash git

dockerfiles/Dockerfile.dev

@@ -1,9 +1,9 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.20.12
-ARG ALPINE_VERSION=3.17
+ARG GO_VERSION=1.20.3
+ARG ALPINE_VERSION=3.16
 
-ARG BUILDX_VERSION=0.11.2
+ARG BUILDX_VERSION=0.10.4
 FROM docker/buildx-bin:${BUILDX_VERSION} AS buildx
 
 FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS golang
@@ -18,7 +18,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
     && gofumpt --version
 
 FROM golang AS gotestsum
-ARG GOTESTSUM_VERSION=v1.10.0
+ARG GOTESTSUM_VERSION=v1.8.2
 RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,target=/go/pkg/mod \
     --mount=type=tmpfs,target=/go/src/ \

dockerfiles/Dockerfile.lint

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.20.12
-ARG ALPINE_VERSION=3.17
+ARG GO_VERSION=1.20.3
+ARG ALPINE_VERSION=3.16
 ARG GOLANGCI_LINT_VERSION=v1.52.2
 
 FROM golangci/golangci-lint:${GOLANGCI_LINT_VERSION}-alpine AS golangci-lint

dockerfiles/Dockerfile.vendor

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.20.12
-ARG ALPINE_VERSION=3.17
+ARG GO_VERSION=1.20.3
+ARG ALPINE_VERSION=3.16
 ARG MODOUTDATED_VERSION=v0.8.0
 
 FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS base
@@ -9,7 +9,7 @@ RUN apk add --no-cache bash git rsync
 WORKDIR /src
 
 FROM base AS vendored
-ENV GOPROXY=https://proxy.golang.org|direct
+ENV GOPROXY=direct
 RUN --mount=target=/context \
     --mount=target=.,type=tmpfs  \
     --mount=target=/go/pkg/mod,type=cache <<EOT

docs/deprecated.md

@@ -50,7 +50,7 @@ The table below provides an overview of the current status of deprecated feature
 
 | Status     | Feature                                                                                                                            | Deprecated | Remove  |
 |------------|------------------------------------------------------------------------------------------------------------------------------------|------------|---------|
-| Deprecated | [Buildkit build information](#buildkit-build-information)                                                                          | v23.0.0    | v24.0.0 |
+| Removed    | [Buildkit build information](#buildkit-build-information)                                                                          | v23.0.0    | v24.0.0 |
 | Deprecated | [Legacy builder for Linux images](#legacy-builder-for-linux-images)                                                                | v23.0.0    | -       |
 | Deprecated | [Legacy builder fallback](#legacy-builder-fallback)                                                                                | v23.0.0    | -       |
 | Removed    | [Btrfs storage driver on CentOS 7 and RHEL 7](#btrfs-storage-driver-on-centos-7-and-rhel-7)                                        | v20.10     | v23.0.0 |
@@ -108,6 +108,7 @@ The table below provides an overview of the current status of deprecated feature
 ### Buildkit build information
 
 **Deprecated in Release: v23.0.0**
+**Removed in Release: v24.0.0**
 
 [Build information](https://github.com/moby/buildkit/blob/v0.11/docs/buildinfo.md)
 structures have been introduced in [BuildKit v0.10.0](https://github.com/moby/buildkit/releases/tag/v0.10.0)

docs/reference/commandline/cli.md

@@ -92,18 +92,18 @@ The base command for the Docker CLI.
 
 ### Options
 
-| Name                             | Type     | Default                  | Description                                                                                                                           |
-|:---------------------------------|:---------|:-------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|
-| `--config`                       | `string` | `/root/.docker`          | Location of client config files                                                                                                       |
-| `-c`, `--context`                | `string` |                          | Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with `docker context use`) |
-| `-D`, `--debug`                  |          |                          | Enable debug mode                                                                                                                     |
-| [`-H`](#host), [`--host`](#host) | `list`   |                          | Daemon socket to connect to                                                                                                           |
-| `-l`, `--log-level`              | `string` | `info`                   | Set the logging level (`debug`, `info`, `warn`, `error`, `fatal`)                                                                     |
-| `--tls`                          |          |                          | Use TLS; implied by --tlsverify                                                                                                       |
-| `--tlscacert`                    | `string` | `/root/.docker/ca.pem`   | Trust certs signed only by this CA                                                                                                    |
-| `--tlscert`                      | `string` | `/root/.docker/cert.pem` | Path to TLS certificate file                                                                                                          |
-| `--tlskey`                       | `string` | `/root/.docker/key.pem`  | Path to TLS key file                                                                                                                  |
-| `--tlsverify`                    |          |                          | Use TLS and verify the remote                                                                                                         |
+| Name                | Type     | Default                  | Description                                                                                                                           |
+|:--------------------|:---------|:-------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|
+| `--config`          | `string` | `/root/.docker`          | Location of client config files                                                                                                       |
+| `-c`, `--context`   | `string` |                          | Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with `docker context use`) |
+| `-D`, `--debug`     |          |                          | Enable debug mode                                                                                                                     |
+| `-H`, `--host`      | `list`   |                          | Daemon socket(s) to connect to                                                                                                        |
+| `-l`, `--log-level` | `string` | `info`                   | Set the logging level (`debug`, `info`, `warn`, `error`, `fatal`)                                                                     |
+| `--tls`             |          |                          | Use TLS; implied by --tlsverify                                                                                                       |
+| `--tlscacert`       | `string` | `/root/.docker/ca.pem`   | Trust certs signed only by this CA                                                                                                    |
+| `--tlscert`         | `string` | `/root/.docker/cert.pem` | Path to TLS certificate file                                                                                                          |
+| `--tlskey`          | `string` | `/root/.docker/key.pem`  | Path to TLS key file                                                                                                                  |
+| `--tlsverify`       |          |                          | Use TLS and verify the remote                                                                                                         |
 
 
 <!---MARKER_GEN_END-->
@@ -378,56 +378,6 @@ list of root Certificate Authorities.
 
 ## Examples
 
-### <a name="host"></a> Specify daemon host (-H, --host)
-
-You can use the `-H`, `--host` flag to specify a socket to use when you invoke
-a `docker` command. You can use the following protocols:
-
-| Scheme                                 | Description               | Example                          |
-|----------------------------------------|---------------------------|----------------------------------|
-| `unix://[<path>]`                      | Unix socket (Linux only)  | `unix:///var/run/docker.sock`    |
-| `tcp://[<IP or host>[:port]]`          | TCP connection            | `tcp://174.17.0.1:2376`          |
-| `ssh://[username@]<IP or host>[:port]` | SSH connection            | `ssh://user@192.168.64.5`        |
-| `npipe://[<name>]`                     | Named pipe (Windows only) | `npipe:////./pipe/docker_engine` |
-
-If you don't specify the `-H` flag, and you're not using a custom
-[context](https://docs.docker.com/engine/context/working-with-contexts),
-commands use the following default sockets:
-
-- `unix:///var/run/docker.sock` on macOS and Linux
-- `npipe:////./pipe/docker_engine` on Windows
-
-To achieve a similar effect without having to specify the `-H` flag for every
-command, you could also [create a context](context_create.md),
-or alternatively, use the
-[`DOCKER_HOST` environment variable](#environment-variables).
-
-For more information about the `-H` flag, see
-[Daemon socket option](dockerd.md#daemon-socket-option).
-
-#### Using TCP sockets
-
-The following example shows how to invoke `docker ps` over TCP, to a remote
-daemon with IP address `174.17.0.1`, listening on port `2376`:
-
-```console
-$ docker -H tcp://174.17.0.1:2376 ps
-```
-
-> **Note**
->
-> By convention, the Docker daemon uses port `2376` for secure TLS connections,
-> and port `2375` for insecure, non-TLS connections.
-
-#### Using SSH sockets
-
-When you use SSH invoke a command on a remote daemon, the request gets forwarded
-to the `/var/run/docker.sock` Unix socket on the SSH host.
-
-```console
-$ docker -H ssh://user@192.168.64.5 ps
-```
-
 ### Display help text
 
 To list the help on any command just execute the command, followed by the

docs/reference/commandline/dockerd.md

@@ -1251,11 +1251,9 @@ This is a full example of the allowed configuration options on Linux:
   "fixed-cidr-v6": "",
   "group": "",
   "hosts": [],
-  "proxies": {
-    "http-proxy": "http://proxy.example.com:80",
-    "https-proxy": "https://proxy.example.com:443",
-    "no-proxy": "*.test.example.com,.example.org",
-  },
+  "http-proxy": "http://proxy.example.com:80",
+  "https-proxy": "https://proxy.example.com:443",
+  "no-proxy": "*.test.example.com,.example.org",
   "icc": false,
   "init": false,
   "init-path": "/usr/libexec/docker-init",

docs/reference/commandline/info.md

@@ -47,7 +47,8 @@ information about the `overlay2` storage driver is shown:
 ```console
 $ docker info
 
-Client:
+Client: Docker Engine - Community
+ Version:    24.0.0
  Context:    default
  Debug Mode: false
  Plugins:
@@ -101,7 +102,6 @@ Server:
  Docker Root Dir: /var/lib/docker
  Debug Mode: false
  Username: gordontheturtle
- Registry: https://index.docker.io/v1/
  Experimental: false
  Insecure Registries:
   myinsecurehost:5000
@@ -126,7 +126,8 @@ Here is a sample output for a daemon running on Windows Server:
 ```console
 C:\> docker info
 
-Client:
+Client: Docker Engine - Community
+ Version:    24.0.0
  Context:    default
  Debug Mode: false
  Plugins:
@@ -162,7 +163,6 @@ Server:
  ID: 2880d38d-464e-4d01-91bd-c76f33ba3981
  Docker Root Dir: C:\ProgramData\docker
  Debug Mode: false
- Registry: https://index.docker.io/v1/
  Experimental: true
  Insecure Registries:
   myregistry:5000

docs/reference/commandline/run.md

@@ -91,7 +91,7 @@ Create and run a new container from an image
 | `-P`, `--publish-all`                         |               |           | Publish all exposed ports to random ports                                                                                                                                                                                                                                                                        |
 | [`--pull`](#pull)                             | `string`      | `missing` | Pull image before running (`always`, `missing`, `never`)                                                                                                                                                                                                                                                         |
 | `-q`, `--quiet`                               |               |           | Suppress the pull output                                                                                                                                                                                                                                                                                         |
-| [`--read-only`](#read-only)                   |               |           | Mount the container's root filesystem as read only                                                                                                                                                                                                                                                               |
+| `--read-only`                                 |               |           | Mount the container's root filesystem as read only                                                                                                                                                                                                                                                               |
 | [`--restart`](#restart)                       | `string`      | `no`      | Restart policy to apply when a container exits                                                                                                                                                                                                                                                                   |
 | `--rm`                                        |               |           | Automatically remove the container when it exits                                                                                                                                                                                                                                                                 |
 | `--runtime`                                   | `string`      |           | Runtime to use for this container                                                                                                                                                                                                                                                                                |
@@ -118,11 +118,14 @@ Create and run a new container from an image
 
 ## Description
 
-The `docker run` command runs a command in a new container, pulling the image if needed and starting the container.
-
-You can restart a stopped container with all its previous changes intact using `docker start`.
-Use `docker ps -a` to view a list of all containers, including those that are stopped.
+The `docker run` command first `creates` a writeable container layer over the
+specified image, and then `starts` it using the specified command. That is,
+`docker run` is equivalent to the API `/containers/create` then
+`/containers/(id)/start`. A stopped container can be restarted with all its
+previous changes intact using `docker start`. See `docker ps -a` to view a list
+of all containers.
 
+For information on connecting a container to a network, see the ["*Docker network overview*"](https://docs.docker.com/network/).
 
 ## Examples
 
@@ -141,9 +144,9 @@ d6c0fe130dba        debian:7            "/bin/bash"         26 seconds ago
 This example runs a container named `test` using the `debian:latest`
 image. The `-it` instructs Docker to allocate a pseudo-TTY connected to
 the container's stdin; creating an interactive `bash` shell in the container.
-The example quits the `bash` shell by entering
-`exit 13`, passing the exit code on to the caller of
-`docker run`, and recording it in the `test` container's metadata.
+In the example, the `bash` shell is quit by entering
+`exit 13`. This exit code is passed on to the caller of
+`docker run`, and is recorded in the `test` container's metadata.
 
 ### <a name="cidfile"></a> Capture container ID (--cidfile)
 
@@ -151,9 +154,9 @@ The example quits the `bash` shell by entering
 $ docker run --cidfile /tmp/docker_test.cid ubuntu echo "test"
 ```
 
-This creates a container and prints `test` to the console. The `cidfile`
+This will create a container and print `test` to the console. The `cidfile`
 flag makes Docker attempt to create a new file and write the container ID to it.
-If the file exists already, Docker returns an error. Docker closes this
+If the file exists already, Docker will return an error. Docker will close this
 file when `docker run` exits.
 
 ### <a name="privileged"></a> Full container capabilities (--privileged)
@@ -164,9 +167,9 @@ root@bc338942ef20:/# mount -t tmpfs none /mnt
 mount: permission denied
 ```
 
-This *doesn't* work, because by default, Docker drops most potentially dangerous kernel
-capabilities, including `CAP_SYS_ADMIN ` (which is required to mount
-filesystems). However, the `--privileged` flag allows it to run:
+This will *not* work, because by default, most potentially dangerous kernel
+capabilities are dropped; including `cap_sys_admin` (which is required to mount
+filesystems). However, the `--privileged` flag will allow it to run:
 
 ```console
 $ docker run -t -i --privileged ubuntu bash
@@ -187,8 +190,8 @@ flag exists to allow special use-cases, like running Docker within Docker.
 $ docker  run -w /path/to/dir/ -i -t  ubuntu pwd
 ```
 
-The `-w` option runs the command executed inside the directory specified, in this example,
-`/path/to/dir/`. If the path does not exist, Docker creates it inside the container.
+The `-w` lets the command being executed inside directory given, here
+`/path/to/dir/`. If the path does not exist it is created inside the container.
 
 ### <a name="storage-opt"></a> Set storage driver options per container (--storage-opt)
 
@@ -196,17 +199,14 @@ The `-w` option runs the command executed inside the directory specified, in thi
 $ docker run -it --storage-opt size=120G fedora /bin/bash
 ```
 
-This (size) constraints the container filesystem size to 120G at creation time.
+This (size) will allow to set the container filesystem size to 120G at creation time.
 This option is only available for the `devicemapper`, `btrfs`, `overlay2`,
-`windowsfilter` and `zfs` storage drivers.
-
+`windowsfilter` and `zfs` graph drivers.
+For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers,
+user cannot pass a size less than the Default BaseFS Size.
 For the `overlay2` storage driver, the size option is only available if the
 backing filesystem is `xfs` and mounted with the `pquota` mount option.
-Under these conditions, you can pass any size less than the backing filesystem size.
-
-For the `windowsfilter`, `devicemapper`, `btrfs`, and `zfs` storage drivers,
-you cannot pass a size less than the Default BaseFS Size.
-
+Under these conditions, user can pass any size less than the backing filesystem size.
 
 ### <a name="tmpfs"></a> Mount tmpfs (--tmpfs)
 
@@ -217,41 +217,32 @@ $ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image
 The `--tmpfs` flag mounts an empty tmpfs into the container with the `rw`,
 `noexec`, `nosuid`, `size=65536k` options.
 
-### <a name="volume"></a> Mount volume (-v)
+### <a name="volume"></a> Mount volume (-v, --read-only)
 
 ```console
-$ docker  run  -v $(pwd):$(pwd) -w $(pwd) -i -t  ubuntu pwd
+$ docker  run  -v `pwd`:`pwd` -w `pwd` -i -t  ubuntu pwd
 ```
 
-The example above mounts the current directory into the container at the same path
-using the `-v` flag, sets it as the working directory, and then runs the `pwd` command inside the container.
-
-As of Docker Engine version 23, you can use relative paths on the host.
-
-```console
-$ docker  run  -v ./content:/content -w /content -i -t  ubuntu pwd
-```
-
-The example above mounts the `content` directory in the current directory into the container at the
-`/content` path using the `-v` flag, sets it as the working directory, and then
-runs the `pwd` command inside the container.
+The `-v` flag mounts the current working directory into the container. The `-w`
+lets the command being executed inside the current working directory, by
+changing into the directory to the value returned by `pwd`. So this
+combination executes the command using the container, but inside the
+current working directory.
 
 ```console
 $ docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash
 ```
 
 When the host directory of a bind-mounted volume doesn't exist, Docker
-automatically creates this directory on the host for you. In the
-example above, Docker creates the `/doesnt/exist`
+will automatically create this directory on the host for you. In the
+example above, Docker will create the `/doesnt/exist`
 folder before starting your container.
 
-### <a name="read-only"></a> Mount volume read-only (--read-only)
-
 ```console
 $ docker run --read-only -v /icanwrite busybox touch /icanwrite/here
 ```
 
-You can use volumes in combination with the `--read-only` flag to control where
+Volumes can be used in combination with `--read-only` to control where
 a container writes files. The `--read-only` flag mounts the container's root
 filesystem as read only prohibiting writes to locations other than the
 specified volumes for the container.
@@ -265,7 +256,7 @@ binary (refer to [get the Linux binary](https://docs.docker.com/engine/install/b
 you give the container the full access to create and manipulate the host's
 Docker daemon.
 
-On Windows, you must specify the paths using Windows-style path semantics.
+On Windows, the paths must be specified using Windows-style semantics.
 
 ```powershell
 PS C:\> docker run -v c:\foo:c:\dest microsoft/nanoserver cmd /s /c type c:\dest\somefile.txt
@@ -275,9 +266,9 @@ PS C:\> docker run -v c:\foo:d: microsoft/nanoserver cmd /s /c type d:\somefile.
 Contents of file
 ```
 
-The following examples fails when using Windows-based containers, as the
+The following examples will fail when using Windows-based containers, as the
 destination of a volume or bind mount inside the container must be one of:
-a non-existing or empty directory; or a drive other than `C:`. Further, the source
+a non-existing or empty directory; or a drive other than C:. Further, the source
 of a bind mount must be a local directory, not a file.
 
 ```powershell
@@ -291,12 +282,13 @@ docker run -v c:\foo:c:\existing-directory-with-contents ...
 
 For in-depth information about volumes, refer to [manage data in containers](https://docs.docker.com/storage/volumes/)
 
+
 ### <a name="mount"></a> Add bind mounts or volumes using the --mount flag
 
-The `--mount` flag allows you to mount volumes, host-directories, and `tmpfs`
+The `--mount` flag allows you to mount volumes, host-directories and `tmpfs`
 mounts in a container.
 
-The `--mount` flag supports most options supported by the `-v` or the
+The `--mount` flag supports most options that are supported by the `-v` or the
 `--volume` flag, but uses a different syntax. For in-depth information on the
 `--mount` flag, and a comparison between `--volume` and `--mount`, refer to
 [Bind mounts](https://docs.docker.com/storage/bind-mounts/).
@@ -322,10 +314,10 @@ $ docker run -p 127.0.0.1:80:8080/tcp ubuntu bash
 This binds port `8080` of the container to TCP port `80` on `127.0.0.1` of the host
 machine. You can also specify `udp` and `sctp` ports.
 The [Docker User Guide](https://docs.docker.com/network/links/)
-explains in detail how to use ports in Docker.
+explains in detail how to manipulate ports in Docker.
 
 Note that ports which are not bound to the host (i.e., `-p 80:80` instead of
-`-p 127.0.0.1:80:80`) are externally accessible. This also applies if
+`-p 127.0.0.1:80:80`) will be accessible from the outside. This also applies if
 you configured UFW to block this specific port, as Docker manages its
 own iptables rules. [Read more](https://docs.docker.com/network/iptables/)
 
@@ -353,7 +345,7 @@ When creating (and running) a container from an image, the daemon checks if the
 image exists in the local image cache. If the image is missing, an error is
 returned to the CLI, allowing it to initiate a pull.
 
-The default (`missing`) is to only pull the image if it's not present in the
+The default (`missing`) is to only pull the image if it is not present in the
 daemon's image cache. This default allows you to run images that only exist
 locally (for example, images you built from a Dockerfile, but that have not
 been pushed to a registry), and reduces networking.
@@ -386,7 +378,7 @@ $ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash
 
 Use the `-e`, `--env`, and `--env-file` flags to set simple (non-array)
 environment variables in the container you're running, or overwrite variables
-defined in the Dockerfile of the image you're running.
+that are defined in the Dockerfile of the image you're running.
 
 You can define the variable and its value when running the container:
 
@@ -396,7 +388,7 @@ VAR1=value1
 VAR2=value2
 ```
 
-You can also use variables exported to your local environment:
+You can also use variables that you've exported to your local environment:
 
 ```console
 export VAR1=value1
@@ -410,7 +402,7 @@ VAR2=value2
 When running the command, the Docker CLI client checks the value the variable
 has in your local environment and passes it to the container.
 If no `=` is provided and that variable is not exported in your local
-environment, the variable isn't set in the container.
+environment, the variable won't be set in the container.
 
 You can also load the environment variables from a file. This file should use
 the syntax `<variable>=value` (which sets the variable to the given value) or
@@ -454,7 +446,7 @@ $ docker run --label-file ./labels ubuntu bash
 
 The label-file format is similar to the format for loading environment
 variables. (Unlike environment variables, labels are not visible to processes
-running inside a container.) The following example shows a label-file
+running inside a container.) The following example illustrates a label-file
 format:
 
 ```console
@@ -473,9 +465,8 @@ the Docker User Guide.
 
 ### <a name="network"></a> Connect a container to a network (--network)
 
-To start a container and connect it to a network, use the `--network` option.
-
-The following commands create a network named `my-net` and adds a `busybox` container
+When you start a container use the `--network` flag to connect it to a network.
+The following commands create a network named `my-net`, and adds a `busybox` container
 to the `my-net` network.
 
 ```console
@@ -493,7 +484,7 @@ $ docker run -itd --network=my-net --ip=10.10.9.75 busybox
 If you want to add a running container to a network use the `docker network connect` subcommand.
 
 You can connect multiple containers to the same network. Once connected, the
-containers can communicate using only another container's IP address
+containers can communicate easily using only another container's IP address
 or name. For `overlay` networks or custom plugins that support multi-host
 connectivity, containers connected to the same multi-host network but launched
 from different Engines can also communicate in this way.
@@ -507,8 +498,6 @@ from different Engines can also communicate in this way.
 You can disconnect a container from a network using the `docker network
 disconnect` command.
 
-For more information on connecting a container to a network when using the `run` command, see the ["*Docker network overview*"](https://docs.docker.com/network/).
-
 ### <a name="volumes-from"></a> Mount volumes from container (--volumes-from)
 
 ```console
@@ -516,13 +505,13 @@ $ docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ub
 ```
 
 The `--volumes-from` flag mounts all the defined volumes from the referenced
-containers. You can specify more than one container by repetitions of the `--volumes-from`
+containers. Containers can be specified by repetitions of the `--volumes-from`
 argument. The container ID may be optionally suffixed with `:ro` or `:rw` to
 mount the volumes in read-only or read-write mode, respectively. By default,
-Docker mounts the volumes in the same mode (read write or read only) as
+the volumes are mounted in the same mode (read write or read only) as
 the reference container.
 
-Labeling systems like SELinux require placing proper labels on volume
+Labeling systems like SELinux require that proper labels are placed on volume
 content mounted into a container. Without a label, the security system might
 prevent the processes running inside the container from using the content. By
 default, Docker does not change the labels set by the OS.
@@ -552,17 +541,17 @@ only to the container's `STDIN`.
 $ docker run -a stderr ubuntu echo test
 ```
 
-This isn't going to print anything to the console unless there's an error because output
-is only attached to the `STDERR` of the container. The container's logs
-still store what's written to `STDERR` and `STDOUT`.
+This isn't going to print anything unless there's an error because we've
+only attached to the `STDERR` of the container. The container's logs
+still store what's been written to `STDERR` and `STDOUT`.
 
 ```console
 $ cat somefile | docker run -i -a stdin mybuilder dobuild
 ```
 
-This example shows a way of using `--attach` to pipe a file into a container.
-The command prints the container's ID after the build completes and you can retrieve
-the build logs using `docker logs`. This is
+This is a way of using `--attach` to pipe a build file into a container.
+The container's ID will be printed after the build is done and the build
+logs could be retrieved using `docker logs`. This is
 useful if you need to pipe a file or something else into a container and
 retrieve the container's ID once the container has finished running.
 
@@ -582,15 +571,15 @@ brw-rw---- 1 root disk 8, 3 Feb  9 16:05 /dev/sdd
 crw-rw-rw- 1 root root 1, 5 Feb  9 16:05 /dev/foobar
 ```
 
-It's often necessary to directly expose devices to a container. The `--device`
-option enables that. For example, adding a specific block storage device or loop
-device or audio device to an otherwise unprivileged container
+It is often necessary to directly expose devices to a container. The `--device`
+option enables that. For example, a specific block storage device or loop
+device or audio device can be added to an otherwise unprivileged container
 (without the `--privileged` flag) and have the application directly access it.
 
-By default, the container is able to `read`, `write` and `mknod` these devices.
+By default, the container will be able to `read`, `write` and `mknod` these devices.
 This can be overridden using a third `:rwm` set of options to each `--device`
-flag. If the container is running in privileged mode, then Docker ignores the
-specified permissions.
+flag. If the container is running in privileged mode, then the permissions specified
+will be ignored.
 
 ```console
 $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk  /dev/xvdc
@@ -611,8 +600,8 @@ fdisk: unable to open /dev/xvdc: Operation not permitted
 
 > **Note**
 >
-> The `--device` option cannot be safely used with ephemeral devices. You shouldn't 
-> add block devices that may be removed to untrusted containers with `--device`.
+> The `--device` option cannot be safely used with ephemeral devices. Block devices
+> that may be removed should not be added to untrusted containers with `--device`.
 
 For Windows, the format of the string passed to the `--device` option is in
 the form of `--device=<IdType>/<Id>`. Beginning with Windows Server 2019
@@ -623,8 +612,8 @@ Refer to the table defined in the [Windows container
 docs](https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/hardware-devices-in-containers)
 for a list of container-supported device interface class GUIDs.
 
-If you specify this option for a process-isolated Windows container, Docker makes
-_all_ devices that implement the requested device interface class GUID
+If this option is specified for a process-isolated Windows container, _all_
+devices that implement the requested device interface class GUID are made
 available in the container. For example, the command below makes all COM
 ports on the host visible in the container.
 
@@ -639,16 +628,16 @@ PS C:\> docker run --device=class/86E0D1E0-8089-11D0-9CE4-08003E301F73 mcr.micro
 
 ### <a name="device-cgroup-rule"></a> Using dynamically created devices (--device-cgroup-rule)
 
-Docker assigns devices available to a container at creation time. The
-assigned devices are added to the cgroup.allow file and
-created into the container when it runs. This poses a problem when
-you need to add a new device to running container.
+Devices available to a container are assigned at creation time. The
+assigned devices will both be added to the cgroup.allow file and
+created into the container once it is run. This poses a problem when
+a new device needs to be added to running container.
 
-One solution is to add a more permissive rule to a container
+One of the solutions is to add a more permissive rule to a container
 allowing it access to a wider range of devices. For example, supposing
-the container needs access to a character device with major `42` and
-any number of minor numbers (added as new devices appear), add the
-following rule:
+our container needs access to a character device with major `42` and
+any number of minor number (added as new devices appear), the
+following rule would be added:
 
 ```console
 $ docker run -d --device-cgroup-rule='c 42:* rmw' -name my-container my-image
@@ -657,19 +646,18 @@ $ docker run -d --device-cgroup-rule='c 42:* rmw' -name my-container my-image
 Then, a user could ask `udev` to execute a script that would `docker exec my-container mknod newDevX c 42 <minor>`
 the required device when it is added.
 
-> **Note**: You still need to explicitly add initially present devices to the
+> **Note**: initially present devices still need to be explicitly added to the
 > `docker run` / `docker create` command.
 
 ### <a name="gpus"></a> Access an NVIDIA GPU
 
 The `--gpus` flag allows you to access NVIDIA GPU resources. First you need to
-install the [nvidia-container-runtime](https://nvidia.github.io/nvidia-container-runtime/).
-
-Read [Specify a container's resources](https://docs.docker.com/config/containers/resource_constraints/)
+install [nvidia-container-runtime](https://nvidia.github.io/nvidia-container-runtime/).
+Visit [Specify a container's resources](https://docs.docker.com/config/containers/resource_constraints/)
 for more information.
 
-To use `--gpus`, specify which GPUs (or all) to use. If you provide no value, Docker uses all
-available GPUs. The example below exposes all available GPUs.
+To use `--gpus`, specify which GPUs (or all) to use. If no value is provided, all
+available GPUs are used. The example below exposes all available GPUs.
 
 ```console
 $ docker run -it --rm --gpus all ubuntu nvidia-smi
@@ -690,7 +678,7 @@ $ docker run -it --rm --gpus '"device=0,2"' nvidia-smi
 
 ### <a name="restart"></a> Restart policies (--restart)
 
-Use the `--restart` flag to specify a container's *restart policy*. A restart
+Use Docker's `--restart` to specify a container's *restart policy*. A restart
 policy controls whether the Docker daemon restarts a container after exit.
 Docker supports the following restart policies:
 
@@ -698,17 +686,17 @@ Docker supports the following restart policies:
 |:---------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `no`                       | Do not automatically restart the container when it exits. This is the default.                                                                                                                                                                                   |
 | `on-failure[:max-retries]` | Restart only if the container exits with a non-zero exit status. Optionally, limit the number of restart retries the Docker daemon attempts.                                                                                                                     |
-| `unless-stopped`           | Restart the container unless it's explicitly stopped or Docker itself is stopped or restarted.                                                                                                                                                                  |
-| `always`                   | Always restart the container regardless of the exit status. When you specify always, the Docker daemon tries to restart the container indefinitely. The container always starts on daemon startup, regardless of the current state of the container. |
+| `unless-stopped`           | Restart the container unless it is explicitly stopped or Docker itself is stopped or restarted.                                                                                                                                                                  |
+| `always`                   | Always restart the container regardless of the exit status. When you specify always, the Docker daemon will try to restart the container indefinitely. The container will also always start on daemon startup, regardless of the current state of the container. |
 
 ```console
 $ docker run --restart=always redis
 ```
 
 This will run the `redis` container with a restart policy of **always**
-so that if the container exits, Docker restarts it.
+so that if the container exits, Docker will restart it.
 
-You can find more detailed information on restart policies in the
+More detailed information on restart policies can be found in the
 [Restart Policies (--restart)](../run.md#restart-policies---restart)
 section of the Docker run reference page.
 
@@ -754,8 +742,8 @@ for the bridge device).
 
 Since setting `ulimit` settings in a container requires extra privileges not
 available in the default container, you can set these using the `--ulimit` flag.
-Specify `--ulimit` with a soft and hard limit in the format
-`<type>=<soft limit>[:<hard limit>]`. For example:
+`--ulimit` is specified with a soft and hard limit as such:
+`<type>=<soft limit>[:<hard limit>]`, for example:
 
 ```console
 $ docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n"
@@ -764,25 +752,21 @@ $ docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n"
 
 > **Note**
 >
-> If you don't provide a hard limit value, Docker uses the soft limit value
-> for both values. If you don't provide any values, they are inherited from
-> the default `ulimits` set on the daemon.
-
-> **Note**
->
-> The `as` option is deprecated.
+> If you do not provide a `hard limit`, the `soft limit` is used
+> for both values. If no `ulimits` are set, they are inherited from
+> the default `ulimits` set on the daemon. The `as` option is disabled now.
 > In other words, the following script is not supported:
 >
 > ```console
 > $ docker run -it --ulimit as=1024 fedora /bin/bash
 > ```
 
-Docker sends the values to the appropriate OS `syscall` and doesn't perform any byte conversion.
-Take this into account when setting the values.
+The values are sent to the appropriate `syscall` as they are set.
+Docker doesn't perform any byte conversion. Take this into account when setting the values.
 
 #### For `nproc` usage
 
-Be careful setting `nproc` with the `ulimit` flag as Linux uses `nproc` to set the
+Be careful setting `nproc` with the `ulimit` flag as `nproc` is designed by Linux to set the
 maximum number of processes available to a user, not to a container. For example, start four
 containers with `daemon` user:
 
@@ -796,36 +780,36 @@ $ docker run -d -u daemon --ulimit nproc=3 busybox top
 $ docker run -d -u daemon --ulimit nproc=3 busybox top
 ```
 
-The 4th container fails and reports a "[8] System error: resource temporarily unavailable" error.
+The 4th container fails and reports "[8] System error: resource temporarily unavailable" error.
 This fails because the caller set `nproc=3` resulting in the first three containers using up
 the three processes quota set for the `daemon` user.
 
 ### <a name="stop-signal"></a> Stop container with signal (--stop-signal)
 
-The `--stop-signal` flag sends the system call signal to the
+The `--stop-signal` flag sets the system call signal that will be sent to the
 container to exit. This signal can be a signal name in the format `SIG<NAME>`,
 for instance `SIGKILL`, or an unsigned number that matches a position in the
 kernel's syscall table, for instance `9`.
 
-The default value is defined by [`STOPSIGNAL`](https://docs.docker.com/engine/reference/builder/#stopsignal)
+The default is defined by [`STOPSIGNAL`](https://docs.docker.com/engine/reference/builder/#stopsignal)
 in the image, or `SIGTERM` if the image has no `STOPSIGNAL` defined.
 
 ### <a name="security-opt"></a> Optional security options (--security-opt)
 
-On Windows, you can use this flag to specify the `credentialspec` option.
+On Windows, this flag can be used to specify the `credentialspec` option.
 The `credentialspec` must be in the format `file://spec.txt` or `registry://keyname`.
 
 ### <a name="stop-timeout"></a> Stop container with timeout (--stop-timeout)
 
 The `--stop-timeout` flag sets the number of seconds to wait for the container
 to stop after sending the pre-defined (see `--stop-signal`) system call signal.
-If the container does not exit after the timeout elapses, it's forcibly killed
+If the container does not exit after the timeout elapses, it is forcibly killed
 with a `SIGKILL` signal.
 
-If you set `--stop-timeout` to `-1`, no timeout is applied, and the daemon
-waits indefinitely for the container to exit.
+If `--stop-timeout` is set to `-1`, no timeout is applied, and the daemon will
+wait indefinitely for the container to exit.
 
-The Daemon determines the default, and is 10 seconds for Linux containers,
+The default is determined by the daemon, and is 10 seconds for Linux containers,
 and 30 seconds for Windows containers.
 
 ### <a name="isolation"></a> Specify isolation technology for container (--isolation)
@@ -873,12 +857,12 @@ PS C:\> docker run -d --isolation hyperv microsoft/nanoserver powershell echo hy
 
 ### <a name="memory"></a> Specify hard limits on memory available to containers (-m, --memory)
 
-These parameters always set an upper limit on the memory available to the container. Linux sets this
-on the cgroup and applications in a container can query it at `/sys/fs/cgroup/memory/memory.limit_in_bytes`.
+These parameters always set an upper limit on the memory available to the container. On Linux, this
+is set on the cgroup and applications in a container can query it at `/sys/fs/cgroup/memory/memory.limit_in_bytes`.
 
-On Windows, this affects containers differently depending on what type of isolation you use.
+On Windows, this will affect containers differently depending on what type of isolation is used.
 
-- With `process` isolation, Windows reports the full memory of the host system, not the limit to applications running inside the container
+- With `process` isolation, Windows will report the full memory of the host system, not the limit to applications running inside the container
 
     ```powershell
     PS C:\> docker run -it -m 2GB --isolation=process microsoft/nanoserver powershell Get-ComputerInfo *memory*
@@ -893,7 +877,7 @@ On Windows, this affects containers differently depending on what type of isolat
     OsMaxProcessMemorySize     : 137438953344
     ```
 
-- With `hyperv` isolation, Windows creates a utility VM that is big enough to hold the memory limit, plus the minimal OS needed to host the container. That size is reported as "Total Physical Memory."
+- With `hyperv` isolation, Windows will create a utility VM that is big enough to hold the memory limit, plus the minimal OS needed to host the container. That size is reported as "Total Physical Memory."
 
     ```powershell
     PS C:\> docker run -it -m 2GB --isolation=hyperv microsoft/nanoserver powershell Get-ComputerInfo *memory*
@@ -908,6 +892,7 @@ On Windows, this affects containers differently depending on what type of isolat
     OsMaxProcessMemorySize     : 137438953344
     ```
 
+
 ### <a name="sysctl"></a> Configure namespaced kernel parameters (sysctls) at runtime (--sysctl)
 
 The `--sysctl` sets namespaced kernel parameters (sysctls) in the
@@ -924,7 +909,6 @@ $ docker run --sysctl net.ipv4.ip_forward=1 someimage
 > inside of a container that also modify the host system. As the kernel
 > evolves we expect to see more sysctls become namespaced.
 
-
 #### Currently supported sysctls
 
 IPC Namespace:
@@ -938,13 +922,3 @@ Network Namespace:
 
 - Sysctls beginning with `net.*`
 - If you use the `--network=host` option using these sysctls are not allowed.
-
-## Command internals
-
-The `docker run` command is equivalent to the following API calls:
-
-- `/<API version>/containers/create`
-  - If that call returns a 404 (image not found), and depending on the `--pull` option ("always", "missing", "never") the call can trigger a `docker pull <image>`.
-- `/containers/create` again after pulling the image.
-- `/containers/(id)/start` to start the container.
-- `/containers/(id)/attach` to attach to the container when starting with the `-it` flags for interactive containers.

docs/reference/commandline/tag.md

@@ -12,45 +12,27 @@ Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
 
 ## Description
 
-A full image name has the following format and components:
+An image name is made up of slash-separated name components, optionally prefixed
+by a registry hostname. The hostname must comply with standard DNS rules, but
+may not contain underscores. If a hostname is present, it may optionally be
+followed by a port number in the format `:8080`. If not present, the command
+uses Docker's public registry located at `registry-1.docker.io` by default. Name
+components may contain lowercase letters, digits and separators. A separator
+is defined as a period, one or two underscores, or one or more hyphens. A name
+component may not start or end with a separator.
 
-`[HOST[:PORT_NUMBER]/]PATH`
+A tag name must be valid ASCII and may contain lowercase and uppercase letters,
+digits, underscores, periods and hyphens. A tag name may not start with a
+period or a hyphen and may contain a maximum of 128 characters.
 
-- `HOST`: The optional registry hostname specifies where the image is located.
-The hostname must comply with standard DNS rules, but may not contain
-underscores. If the hostname is not specified, the command uses Docker's public
-registry at `registry-1.docker.io` by default. Note that `docker.io` is the
-canonical reference for Docker's public registry.
-- `PORT_NUMBER`: If a hostname is present, it may optionally be followed by a
-registry port number in the format `:8080`.
-- `PATH`: The path consists consists of slash-separated components. Each
-component may contain lowercase letters, digits and separators. A separator is
-defined as a period, one or two underscores, or one or more hyphens. A component
-may not start or end with a separator. While the
-[OCI Distribution Specification](https://github.com/opencontainers/distribution-spec)
-supports more than two slash-separated components, most registries only support
-two slash-separated components. For Docker's public registry, the path format is
-as follows:
-  - `[NAMESPACE/]REPOSITORY`: The first, optional component is typically a
-user's or an organization's namespace. The second, mandatory component is the
-repository name. When the namespace is not present, Docker uses `library`
-as the default namespace.
-
-After the image name, the optional `TAG` is a custom, human-readable manifest
-identifier that is typically a specific version or variant of an image. The tag
-must be valid ASCII and can contain lowercase and uppercase letters, digits,
-underscores, periods, and hyphens. It cannot start with a period or hyphen and
-must be no longer than 128 characters. If the tag is not specified, the command uses `latest` by default.
-
-You can group your images together using names and tags, and then
-[push](https://docs.docker.com/engine/reference/commandline/push) them to a
-registry.
+You can group your images together using names and tags, and then upload them
+to [*Share images on Docker Hub*](https://docs.docker.com/get-started/part3/).
 
 ## Examples
 
 ### Tag an image referenced by ID
 
-To tag a local image with ID "0e5574283393" as "fedora/httpd" with the tag
+To tag a local image with ID "0e5574283393" into the "fedora" repository with
 "version1.0":
 
 ```console
@@ -59,7 +41,8 @@ $ docker tag 0e5574283393 fedora/httpd:version1.0
 
 ### Tag an image referenced by Name
 
-To tag a local image "httpd" as "fedora/httpd" with the tag "version1.0":
+To tag a local image with name "httpd" into the "fedora" repository with
+"version1.0":
 
 ```console
 $ docker tag httpd fedora/httpd:version1.0
@@ -70,18 +53,18 @@ existing local version `httpd:latest`.
 
 ### Tag an image referenced by Name and Tag
 
-To tag a local image with the name "httpd" and the tag "test" as "fedora/httpd"
-with the tag "version1.0.test":
+To tag a local image with name "httpd" and tag "test" into the "fedora"
+repository with "version1.0.test":
 
 ```console
 $ docker tag httpd:test fedora/httpd:version1.0.test
 ```
 
-### Tag an image for a private registry
+### Tag an image for a private repository
 
-To push an image to a private registry and not the public Docker registry you
-must include the registry hostname and port (if needed).
+To push an image to a private registry and not the central Docker
+registry you must tag it with the registry hostname and port (if needed).
 
 ```console
 $ docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0
-```
+```

docs/reference/commandline/volume_prune.md

@@ -5,26 +5,24 @@ Remove all unused local volumes
 
 ### Options
 
-| Name                          | Type     | Default | Description                                        |
-|:------------------------------|:---------|:--------|:---------------------------------------------------|
-| [`-a`](#all), [`--all`](#all) |          |         | Remove all unused volumes, not just anonymous ones |
-| [`--filter`](#filter)         | `filter` |         | Provide filter values (e.g. `label=<label>`)       |
-| `-f`, `--force`               |          |         | Do not prompt for confirmation                     |
+| Name                  | Type     | Default | Description                                  |
+|:----------------------|:---------|:--------|:---------------------------------------------|
+| [`--filter`](#filter) | `filter` |         | Provide filter values (e.g. `label=<label>`) |
+| `-f`, `--force`       |          |         | Do not prompt for confirmation               |
 
 
 <!---MARKER_GEN_END-->
 
 ## Description
 
-Remove all unused local volumes. Unused local volumes are those which are not
-referenced by any containers. By default, it only removes anonymous volumes.
+Remove all unused local volumes. Unused local volumes are those which are not referenced by any containers
 
 ## Examples
 
 ```console
 $ docker volume prune
 
-WARNING! This will remove anonymous local volumes not used by at least one container.
+WARNING! This will remove all local volumes not used by at least one container.
 Are you sure you want to continue? [y/N] y
 Deleted Volumes:
 07c7bdf3e34ab76d921894c2b834f073721fccfbbcba792aa7648e3a7a664c2e
@@ -33,10 +31,6 @@ my-named-vol
 Total reclaimed space: 36 B
 ```
 
-### <a name="all"></a> Filtering (--all, -a)
-
-Use the `--all` flag to prune both unused anonymous and named volumes.
-
 ### <a name="filter"></a> Filtering (--filter)
 
 The filtering flag (`--filter`) format is of "key=value". If there is more

e2e/testdata/Dockerfile.gencerts

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.20.12
+ARG GO_VERSION=1.20.3
 
 FROM golang:${GO_VERSION}-alpine AS generated
 RUN go install github.com/dmcgowan/quicktls@master

man/dockerd.8.md

@@ -154,7 +154,7 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru
   Set parent cgroup for all containers. Default is "/docker" for fs cgroup
   driver and "system.slice" for systemd cgroup driver.
 
-**--config-file**="/etc/docker/daemon.json"
+**--config-file**=*"/etc/docker/daemon.json"*
   Specifies the JSON file path to load the configuration from.
 
 **--containerd**=""
@@ -168,7 +168,7 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru
 **-D**, **--debug**=*true*|*false*
   Enable debug mode. Default is false.
 
-**--default-cgroupns-mode**="**host**|**private**"
+**--default-cgroupns-mode**="*host*|*private*"
   Set the default cgroup namespace mode for newly created containers. The argument
   can either be **host** or **private**. If unset, this defaults to `host` on cgroup v1,
 `private` on cgroup v2.
@@ -185,10 +185,10 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru
   Example: base=172.30.0.0/16,size=24 will set the default
   address pools for the selected scope networks to {172.30.[0-255].0/24}
 
-**--default-runtime**="runc"
+**--default-runtime**=*"runc"*
   Set default runtime if there're more than one specified by `--add-runtime`.
 
-**--default-ipc-mode**="**private**|**shareable**"
+**--default-ipc-mode**="*private*|*shareable*"
   Set the default IPC mode for newly created containers. The argument
   can either be **private** or **shareable**.
 

man/go.mod

@@ -7,7 +7,7 @@ go 1.16
 
 //require (
 //	github.com/docker/cli v0.0.0+incompatible
-//	github.com/cpuguy83/go-md2man/v2 v2.0.3
+//	github.com/cpuguy83/go-md2man/v2 v2.0.1
 //	github.com/spf13/cobra v1.2.1
 //	github.com/spf13/pflag v1.0.5
 //)

man/src/system/info.md

@@ -27,7 +27,8 @@ information about the `overlay2` storage driver is shown:
 ```console
 $ docker info
 
-Client:
+Client: Docker Engine - Community
+ Version:    24.0.0
  Context:    default
  Debug Mode: false
  Plugins:
@@ -81,7 +82,6 @@ Server:
  Docker Root Dir: /var/lib/docker
  Debug Mode: false
  Username: gordontheturtle
- Registry: https://index.docker.io/v1/
  Experimental: false
  Insecure Registries:
   myinsecurehost:5000

scripts/docs/generate-man.sh

@@ -2,7 +2,7 @@
 
 set -eu
 
-: "${MD2MAN_VERSION=v2.0.3}"
+: "${MD2MAN_VERSION=v2.0.1}"
 
 export GO111MODULE=auto
 

vendor.mod

@@ -7,10 +7,10 @@ module github.com/docker/cli
 go 1.18
 
 require (
-	github.com/containerd/containerd v1.6.21
+	github.com/containerd/containerd v1.6.20
 	github.com/creack/pty v1.1.11
-	github.com/docker/distribution v2.8.2+incompatible
-	github.com/docker/docker v23.0.7-0.20230715134620-0420d2b33c42+incompatible // v23.0.7-dev
+	github.com/docker/distribution v2.8.1+incompatible
+	github.com/docker/docker v24.0.0-beta.1+incompatible
 	github.com/docker/docker-credential-helpers v0.7.0
 	github.com/docker/go-connections v0.4.0
 	github.com/docker/go-units v0.5.0
@@ -18,10 +18,10 @@ require (
 	github.com/gogo/protobuf v1.3.2
 	github.com/google/go-cmp v0.5.9
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/imdario/mergo v0.3.12
+	github.com/imdario/mergo v0.3.13
 	github.com/mattn/go-runewidth v0.0.13
 	github.com/mitchellh/mapstructure v1.3.2
-	github.com/moby/buildkit v0.10.6
+	github.com/moby/buildkit v0.11.5
 	github.com/moby/patternmatcher v0.5.0
 	github.com/moby/swarmkit/v2 v2.0.0-20230315203717-e28e8ba9bc83
 	github.com/moby/sys/sequential v0.5.0
@@ -32,17 +32,17 @@ require (
 	github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.9.0
-	github.com/spf13/cobra v1.6.1
+	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/theupdateframework/notary v0.7.1-0.20210315103452-bf96a202a09a
 	github.com/tonistiigi/go-rosetta v0.0.0-20200727161949-f79598599c5d
 	github.com/xeipuuv/gojsonschema v1.2.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.6.0
-	golang.org/x/term v0.6.0
-	golang.org/x/text v0.8.0
+	golang.org/x/term v0.5.0
+	golang.org/x/text v0.7.0
 	gopkg.in/yaml.v2 v2.4.0
-	gotest.tools/v3 v3.5.0
+	gotest.tools/v3 v3.4.0
 )
 
 require (
@@ -57,11 +57,11 @@ require (
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/klauspost/compress v1.15.12 // indirect
+	github.com/klauspost/compress v1.16.3 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/moby/sys/symlink v0.2.0 // indirect
-	github.com/opencontainers/runc v1.1.7 // indirect
+	github.com/opencontainers/runc v1.1.5 // indirect
 	github.com/prometheus/client_golang v1.14.0 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
@@ -71,9 +71,9 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	go.etcd.io/etcd/raft/v3 v3.5.6 // indirect
 	golang.org/x/crypto v0.2.0 // indirect
-	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/net v0.7.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/genproto v0.0.0-20220706185917-7780775163c4 // indirect
-	google.golang.org/grpc v1.48.0 // indirect
+	google.golang.org/grpc v1.50.1 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 )

vendor.sum

@@ -31,6 +31,7 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8 h1:V8krnnfGj4pV65YLUm3C0/8bl7V5Nry2Pwvy3ru/wLc=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
@@ -66,9 +67,11 @@ github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/cfssl v0.0.0-20180223231731-4e2dcbde5004/go.mod h1:yMWuSON2oQp+43nFtAV/uvKQIFpSPerB57DCt9t8sSA=
 github.com/cloudflare/cfssl v0.0.0-20180323000720-5d63dbd981b5 h1:PqZ3bA4yzwywivzk7PBQWngJp2/PAS0bWRZerKteicY=
@@ -81,23 +84,25 @@ github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWH
 github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo=
 github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
 github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
-github.com/containerd/containerd v1.6.21 h1:eSTAmnvDKRPWan+MpSSfNyrtleXd86ogK9X8fMWpe/Q=
-github.com/containerd/containerd v1.6.21/go.mod h1:apei1/i5Ux2FzrK6+DM/suEsGuK/MeVOfy8tR2q7Wnw=
-github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
+github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
+github.com/containerd/containerd v1.6.20 h1:+itjwpdqXpzHB/QAiWc/BZCjjVfcNgw69w/oIeF4Oy0=
+github.com/containerd/containerd v1.6.20/go.mod h1:apei1/i5Ux2FzrK6+DM/suEsGuK/MeVOfy8tR2q7Wnw=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
-github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v23.0.7-0.20230715134620-0420d2b33c42+incompatible h1:2YPQGRAPTR51dHn0mNq0gPFbvLOKthzXuAvFBM2Ox5o=
-github.com/docker/docker v23.0.7-0.20230715134620-0420d2b33c42+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
+github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker v24.0.0-beta.1+incompatible h1:asqxFz/4xQRqFpQZFbEfNLOZsD1n7ET4m4AN29/rRKM=
+github.com/docker/docker v24.0.0-beta.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=
@@ -109,6 +114,7 @@ github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6Uezg
 github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
 github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
 github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
+github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=
@@ -121,6 +127,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
+github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fvbommel/sortorder v1.0.2 h1:mV4o8B2hKboCdkJm+a7uX/SIpZob4JzUpc5GGnM45eo=
 github.com/fvbommel/sortorder v1.0.2/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
@@ -143,6 +150,7 @@ github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfC
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.0.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
@@ -219,10 +227,9 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
+github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jinzhu/gorm v0.0.0-20170222002820-5409931a1bb8 h1:CZkYfurY6KGhVtlalI4QwQ6T0Cu6iuY3e0x5RLu96WE=
@@ -244,13 +251,14 @@ github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.15.12 h1:YClS/PImqYbn+UILDnqxQCZ3RehC9N318SU3kElDUEM=
-github.com/klauspost/compress v1.15.12/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
+github.com/klauspost/compress v1.16.3 h1:XuJt9zzcnaz6a16/OU53ZjWp/v7/42WcR5t2a0PcNQY=
+github.com/klauspost/compress v1.16.3/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -270,12 +278,13 @@ github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WT
 github.com/mitchellh/mapstructure v1.0.0/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.3.2 h1:mRS76wmkOn3KkKAyXDu42V+6ebnXWIztFSYGN7GeoRg=
 github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/moby/buildkit v0.10.6 h1:DJlEuLIgnu34HQKF4n9Eg6q2YqQVC0eOpMb4p2eRS2w=
-github.com/moby/buildkit v0.10.6/go.mod h1:tQuuyTWtOb9D+RE425cwOCUkX0/oZ+5iBZ+uWpWQ9bU=
+github.com/moby/buildkit v0.11.5 h1:S6YrFJ0bfBT2w9e8kOxqsDV8Bw+HtfqdB6eHL17BXRI=
+github.com/moby/buildkit v0.11.5/go.mod h1:P5Qi041LvCfhkfYBHry+Rwoo3Wi6H971J2ggE+PcIoo=
 github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
 github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
 github.com/moby/swarmkit/v2 v2.0.0-20230315203717-e28e8ba9bc83 h1:jUbNDiRMDXd2rYoa4bcI+g3nIb4A1R8HNCe9wdCdh8I=
 github.com/moby/swarmkit/v2 v2.0.0-20230315203717-e28e8ba9bc83/go.mod h1:GvjR7mC8YuUd9Mq44lrrIZPaXyKPAGEUMBpAQzaj3dI=
+github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
 github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
 github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
 github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI=
@@ -291,6 +300,7 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
@@ -304,8 +314,10 @@ github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3I
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b h1:YWuSjZCQAPM8UUBLkYUk1e+rZcvWHJmFb6i6rM44Xs8=
 github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
-github.com/opencontainers/runc v1.1.7 h1:y2EZDS8sNng4Ksf0GUYNhKbTShZJPJg1FiXJNH/uoCk=
-github.com/opencontainers/runc v1.1.7/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
+github.com/opencontainers/runc v1.1.5 h1:L44KXEpKmfWDcS02aeGm8QNTFXTo2D+8MYGDIJ/GDEs=
+github.com/opencontainers/runc v1.1.5/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
+github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
 github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -351,7 +363,10 @@ github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
@@ -363,8 +378,8 @@ github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVs
 github.com/spf13/cast v0.0.0-20150508191742-4d07383ffe94 h1:JmfC365KywYwHB946TTiQWEb8kqPY+pybPLoGE9GgVk=
 github.com/spf13/cast v0.0.0-20150508191742-4d07383ffe94/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg=
 github.com/spf13/cobra v0.0.1/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
-github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
+github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
+github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/jwalterweatherman v0.0.0-20141219030609-3d60171a6431 h1:XTHrT015sxHyJ5FnQ0AeemSspZWaDq7DoTRW0EVsDCE=
 github.com/spf13/jwalterweatherman v0.0.0-20141219030609-3d60171a6431/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v1.0.0/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
@@ -381,10 +396,14 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
+github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/theupdateframework/notary v0.7.1-0.20210315103452-bf96a202a09a h1:tlJ7tGUHvcvL1v3yR6NcCc9nOqh2L+CG6HWrYQtwzQ0=
 github.com/theupdateframework/notary v0.7.1-0.20210315103452-bf96a202a09a/go.mod h1:Y94A6rPp2OwNfP/7vmf8O2xx2IykP8pPXQ1DLouGnEw=
 github.com/tonistiigi/go-rosetta v0.0.0-20200727161949-f79598599c5d h1:wvQZpqy8p0D/FUia6ipKDhXrzPzBVJE4PZyPc5+5Ay0=
 github.com/tonistiigi/go-rosetta v0.0.0-20200727161949-f79598599c5d/go.mod h1:xKQhd7snlzKFuUi1taTGWjpRE8iFTA06DeacYi3CVFQ=
+github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
+github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -479,12 +498,13 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -515,11 +535,13 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -550,7 +572,9 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -559,8 +583,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -569,8 +593,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -619,6 +643,7 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -693,8 +718,8 @@ google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM
 google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w=
-google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY=
+google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -737,10 +762,11 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
-gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
+gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
+gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

vendor/github.com/docker/distribution/.dockerignore

@@ -1 +0,0 @@
-bin/

vendor/github.com/docker/distribution/.golangci.yml

@@ -18,10 +18,3 @@ run:
   deadline: 2m
   skip-dirs:
     - vendor
-
-issues:
-  exclude-rules:
-    # io/ioutil is deprecated, but won't be removed until Go v2. It's safe to ignore for the release/2.8 branch.
-    - text: "SA1019: \"io/ioutil\" has been deprecated since Go 1.16"
-      linters:
-        - staticcheck

vendor/github.com/docker/distribution/.mailmap

@@ -44,8 +44,6 @@ Thomas Berger <loki@lokis-chaos.de> Thomas Berger <tbe@users.noreply.github.com>
 Samuel Karp <skarp@amazon.com> Samuel Karp <samuelkarp@users.noreply.github.com>
 Justin Cormack <justin.cormack@docker.com>
 sayboras <sayboras@yahoo.com>
+CrazyMax <github@crazymax.dev>
 CrazyMax <github@crazymax.dev> <1951866+crazy-max@users.noreply.github.com>
-Hayley Swimelar <hswimelar@gmail.com>
-Jose D. Gomez R <jose.gomez@suse.com>
-Shengjing Zhu <zhsj@debian.org>
-Silvin Lubecki <31478878+silvin-lubecki@users.noreply.github.com>
+CrazyMax <github@crazymax.dev> <crazy-max@users.noreply.github.com>

vendor/github.com/docker/distribution/Dockerfile

@@ -1,59 +1,49 @@
-# syntax=docker/dockerfile:1
+# syntax=docker/dockerfile:1.3
 
-ARG GO_VERSION=1.19.9
-ARG ALPINE_VERSION=3.16
-ARG XX_VERSION=1.2.1
+ARG GO_VERSION=1.16.15
+ARG GORELEASER_XX_VERSION=1.2.5
 
-FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
-FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS base
-COPY --from=xx / /
-RUN apk add --no-cache bash coreutils file git
-ENV GO111MODULE=auto
-ENV CGO_ENABLED=0
+FROM --platform=$BUILDPLATFORM crazymax/goreleaser-xx:${GORELEASER_XX_VERSION} AS goreleaser-xx
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS base
+COPY --from=goreleaser-xx / /
+RUN apk add --no-cache file git
 WORKDIR /go/src/github.com/docker/distribution
 
-FROM base AS version
-ARG PKG="github.com/docker/distribution"
-RUN --mount=target=. \
-  VERSION=$(git describe --match 'v[0-9]*' --dirty='.m' --always --tags) REVISION=$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi); \
-  echo "-X ${PKG}/version.Version=${VERSION#v} -X ${PKG}/version.Revision=${REVISION} -X ${PKG}/version.Package=${PKG}" | tee /tmp/.ldflags; \
-  echo -n "${VERSION}" | tee /tmp/.version;
-
 FROM base AS build
+ENV GO111MODULE=auto
+ENV CGO_ENABLED=0
+# GIT_REF is used by goreleaser-xx to handle the proper git ref when available.
+# It will fallback to the working tree info if empty and use "git tag --points-at"
+# or "git describe" to define the version info.
+ARG GIT_REF
 ARG TARGETPLATFORM
-ARG LDFLAGS="-s -w"
+ARG PKG="github.com/distribution/distribution"
 ARG BUILDTAGS="include_oss include_gcs"
-RUN --mount=type=bind,target=/go/src/github.com/docker/distribution,rw \
-    --mount=type=cache,target=/root/.cache/go-build \
-    --mount=target=/go/pkg/mod,type=cache \
-    --mount=type=bind,source=/tmp/.ldflags,target=/tmp/.ldflags,from=version \
-      set -x ; xx-go build -trimpath -ldflags "$(cat /tmp/.ldflags) ${LDFLAGS}" -o /usr/bin/registry ./cmd/registry \
-      && xx-verify --static /usr/bin/registry
-
-FROM scratch AS binary
-COPY --from=build /usr/bin/registry /
-
-FROM base AS releaser
-ARG TARGETOS
-ARG TARGETARCH
-ARG TARGETVARIANT
-WORKDIR /work
-RUN --mount=from=binary,target=/build \
-    --mount=type=bind,target=/src \
-    --mount=type=bind,source=/tmp/.version,target=/tmp/.version,from=version \
-      VERSION=$(cat /tmp/.version) \
-      && mkdir -p /out \
-      && cp /build/registry /src/README.md /src/LICENSE . \
-      && tar -czvf "/out/registry_${VERSION#v}_${TARGETOS}_${TARGETARCH}${TARGETVARIANT}.tar.gz" * \
-      && sha256sum -z "/out/registry_${VERSION#v}_${TARGETOS}_${TARGETARCH}${TARGETVARIANT}.tar.gz" | awk '{ print $1 }' > "/out/registry_${VERSION#v}_${TARGETOS}_${TARGETARCH}${TARGETVARIANT}.tar.gz.sha256"
+RUN --mount=type=bind,rw \
+  --mount=type=cache,target=/root/.cache/go-build \
+  --mount=target=/go/pkg/mod,type=cache \
+  goreleaser-xx --debug \
+    --name="registry" \
+    --dist="/out" \
+    --main="./cmd/registry" \
+    --flags="-v" \
+    --ldflags="-s -w -X '$PKG/version.Version={{.Version}}' -X '$PKG/version.Revision={{.Commit}}' -X '$PKG/version.Package=$PKG'" \
+    --tags="$BUILDTAGS" \
+    --files="LICENSE" \
+    --files="README.md"
 
 FROM scratch AS artifact
-COPY --from=releaser /out /
+COPY --from=build /out/*.tar.gz /
+COPY --from=build /out/*.zip /
+COPY --from=build /out/*.sha256 /
 
-FROM alpine:${ALPINE_VERSION}
+FROM scratch AS binary
+COPY --from=build /usr/local/bin/registry* /
+
+FROM alpine:3.14
 RUN apk add --no-cache ca-certificates
 COPY cmd/registry/config-dev.yml /etc/docker/registry/config.yml
-COPY --from=binary /registry /bin/registry
+COPY --from=build /usr/local/bin/registry /bin/registry
 VOLUME ["/var/lib/registry"]
 EXPOSE 5000
 ENTRYPOINT ["registry"]

vendor/github.com/docker/distribution/Makefile

@@ -50,7 +50,7 @@ version/version.go:
 
 check: ## run all linters (TODO: enable "unused", "varcheck", "ineffassign", "unconvert", "staticheck", "goimports", "structcheck")
 	@echo "$(WHALE) $@"
-	@GO111MODULE=off golangci-lint run
+	golangci-lint run
 
 test: ## run tests, except integration test with test.short
 	@echo "$(WHALE) $@"

vendor/github.com/docker/distribution/docker-bake.hcl

@@ -1,3 +1,15 @@
+// GITHUB_REF is the actual ref that triggers the workflow
+// https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
+variable "GITHUB_REF" {
+  default = ""
+}
+
+target "_common" {
+  args = {
+    GIT_REF = GITHUB_REF
+  }
+}
+
 group "default" {
   targets = ["image-local"]
 }
@@ -8,11 +20,13 @@ target "docker-metadata-action" {
 }
 
 target "binary" {
+  inherits = ["_common"]
   target = "binary"
   output = ["./bin"]
 }
 
 target "artifact" {
+  inherits = ["_common"]
   target = "artifact"
   output = ["./bin"]
 }
@@ -29,13 +43,8 @@ target "artifact-all" {
   ]
 }
 
-// Special target: https://github.com/docker/metadata-action#bake-definition
-target "docker-metadata-action" {
-  tags = ["registry:local"]
-}
-
 target "image" {
-  inherits = ["docker-metadata-action"]
+  inherits = ["_common", "docker-metadata-action"]
 }
 
 target "image-local" {