Compare commits
35 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 5dc9bcc5b7 | |||
| c2be159764 | |||
| 1a576c50a9 | |||
| 690b1565fb | |||
| 03114ec2ca | |||
| 833128bce5 | |||
| fd4d39aa88 | |||
| b4b35dedc6 | |||
| ce113a74af | |||
| a3b6c9ea7e | |||
| 2bf4225ad2 | |||
| f783e8d58a | |||
| 956d15c723 | |||
| 5a942fadcf | |||
| 592c146cca | |||
| 0735e78cc9 | |||
| 63a3db4b31 | |||
| 0b9bf6a6f4 | |||
| e0dab5ce1e | |||
| b59204cc43 | |||
| b8459ce351 | |||
| a25a9100f3 | |||
| eb223e7eaf | |||
| c87c4c96ec | |||
| c270556d44 | |||
| 98f603bdd1 | |||
| 1cddb2b03d | |||
| 8715d9a33a | |||
| a5937c6043 | |||
| 9142b58351 | |||
| f67e569a8f | |||
| 08eba2246c | |||
| 4fd2cf5f2d | |||
| bdfe1645f5 | |||
| e456704864 |
10
.github/workflows/build.yml
vendored
10
.github/workflows/build.yml
vendored
@ -19,7 +19,7 @@ on:
|
||||
|
||||
jobs:
|
||||
prepare:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
outputs:
|
||||
matrix: ${{ steps.platforms.outputs.matrix }}
|
||||
steps:
|
||||
@ -37,7 +37,7 @@ jobs:
|
||||
echo ${{ steps.platforms.outputs.matrix }}
|
||||
|
||||
build:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
needs:
|
||||
- prepare
|
||||
strategy:
|
||||
@ -90,7 +90,7 @@ jobs:
|
||||
if-no-files-found: error
|
||||
|
||||
bin-image:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
if: ${{ github.event_name != 'pull_request' && github.repository == 'docker/cli' }}
|
||||
steps:
|
||||
-
|
||||
@ -134,7 +134,7 @@ jobs:
|
||||
*.cache-to=type=gha,scope=bin-image,mode=max
|
||||
|
||||
prepare-plugins:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
outputs:
|
||||
matrix: ${{ steps.platforms.outputs.matrix }}
|
||||
steps:
|
||||
@ -152,7 +152,7 @@ jobs:
|
||||
echo ${{ steps.platforms.outputs.matrix }}
|
||||
|
||||
plugins:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
needs:
|
||||
- prepare-plugins
|
||||
strategy:
|
||||
|
||||
14
.github/workflows/e2e.yml
vendored
14
.github/workflows/e2e.yml
vendored
@ -16,7 +16,7 @@ on:
|
||||
|
||||
jobs:
|
||||
e2e:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
@ -28,11 +28,11 @@ jobs:
|
||||
- alpine
|
||||
- debian
|
||||
engine-version:
|
||||
# - 20.10-dind # FIXME: Fails on 20.10
|
||||
- stable-dind # TODO: Use 20.10-dind, stable-dind is deprecated
|
||||
include:
|
||||
- target: non-experimental
|
||||
engine-version: 19.03-dind
|
||||
- 25.0 # latest
|
||||
- 24.0 # latest - 1
|
||||
- 23.0 # mirantis lts
|
||||
# TODO(krissetto) 19.03 needs a look, doesn't work ubuntu 22.04 (cgroup errors).
|
||||
# we could have a separate job that tests it against ubuntu 20.04
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
@ -55,7 +55,7 @@ jobs:
|
||||
make -f docker.Makefile test-e2e-${{ matrix.target }}
|
||||
env:
|
||||
BASE_VARIANT: ${{ matrix.base }}
|
||||
E2E_ENGINE_VERSION: ${{ matrix.engine-version }}
|
||||
ENGINE_VERSION: ${{ matrix.engine-version }}
|
||||
TESTFLAGS: -coverprofile=/tmp/coverage/coverage.txt
|
||||
-
|
||||
name: Send to Codecov
|
||||
|
||||
4
.github/workflows/test.yml
vendored
4
.github/workflows/test.yml
vendored
@ -16,7 +16,7 @@ on:
|
||||
|
||||
jobs:
|
||||
ctn:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
@ -63,7 +63,7 @@ jobs:
|
||||
name: Set up Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: 1.21.6
|
||||
go-version: 1.21.8
|
||||
-
|
||||
name: Test
|
||||
run: |
|
||||
|
||||
6
.github/workflows/validate.yml
vendored
6
.github/workflows/validate.yml
vendored
@ -16,7 +16,7 @@ on:
|
||||
|
||||
jobs:
|
||||
validate:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
@ -37,7 +37,7 @@ jobs:
|
||||
|
||||
# check that the generated Markdown and the checked-in files match
|
||||
validate-md:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
@ -57,7 +57,7 @@ jobs:
|
||||
fi
|
||||
|
||||
validate-make:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
|
||||
@ -4,12 +4,12 @@ ARG BASE_VARIANT=alpine
|
||||
ARG ALPINE_VERSION=3.18
|
||||
ARG BASE_DEBIAN_DISTRO=bookworm
|
||||
|
||||
ARG GO_VERSION=1.21.6
|
||||
ARG GO_VERSION=1.21.8
|
||||
ARG XX_VERSION=1.2.1
|
||||
ARG GOVERSIONINFO_VERSION=v1.3.0
|
||||
ARG GOTESTSUM_VERSION=v1.10.0
|
||||
ARG BUILDX_VERSION=0.12.1
|
||||
ARG COMPOSE_VERSION=v2.24.2
|
||||
ARG COMPOSE_VERSION=v2.24.3
|
||||
|
||||
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
//go:build !darwin
|
||||
//go:build !darwin && !openbsd
|
||||
|
||||
package socket
|
||||
|
||||
@ -15,5 +15,6 @@ func listen(socketname string) (*net.UnixListener, error) {
|
||||
|
||||
func onAccept(conn *net.UnixConn, listener *net.UnixListener) {
|
||||
// do nothing
|
||||
// while on darwin we would unlink here; on non-darwin the socket is abstract and not present on the filesystem
|
||||
// while on darwin and OpenBSD we would unlink here;
|
||||
// on non-darwin the socket is abstract and not present on the filesystem
|
||||
}
|
||||
|
||||
19
cli-plugins/socket/socket_openbsd.go
Normal file
19
cli-plugins/socket/socket_openbsd.go
Normal file
@ -0,0 +1,19 @@
|
||||
package socket
|
||||
|
||||
import (
|
||||
"net"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
func listen(socketname string) (*net.UnixListener, error) {
|
||||
return net.ListenUnix("unix", &net.UnixAddr{
|
||||
Name: filepath.Join(os.TempDir(), socketname),
|
||||
Net: "unix",
|
||||
})
|
||||
}
|
||||
|
||||
func onAccept(conn *net.UnixConn, listener *net.UnixListener) {
|
||||
syscall.Unlink(listener.Addr().String())
|
||||
}
|
||||
@ -5,7 +5,6 @@
|
||||
"RepoDigests": null,
|
||||
"Parent": "",
|
||||
"Comment": "",
|
||||
"Created": "",
|
||||
"Container": "",
|
||||
"ContainerConfig": null,
|
||||
"DockerVersion": "",
|
||||
@ -29,7 +28,6 @@
|
||||
"RepoDigests": null,
|
||||
"Parent": "",
|
||||
"Comment": "",
|
||||
"Created": "",
|
||||
"Container": "",
|
||||
"ContainerConfig": null,
|
||||
"DockerVersion": "",
|
||||
|
||||
@ -5,7 +5,6 @@
|
||||
"RepoDigests": null,
|
||||
"Parent": "",
|
||||
"Comment": "",
|
||||
"Created": "",
|
||||
"Container": "",
|
||||
"ContainerConfig": null,
|
||||
"DockerVersion": "",
|
||||
|
||||
@ -328,7 +328,7 @@ func createTransformHook(additionalTransformers ...Transformer) mapstructure.Dec
|
||||
reflect.TypeOf(types.MappingWithEquals{}): transformMappingOrListFunc("=", true),
|
||||
reflect.TypeOf(types.Labels{}): transformMappingOrListFunc("=", false),
|
||||
reflect.TypeOf(types.MappingWithColon{}): transformMappingOrListFunc(":", false),
|
||||
reflect.TypeOf(types.HostsList{}): transformListOrMappingFunc(":", false),
|
||||
reflect.TypeOf(types.HostsList{}): transformHostsList,
|
||||
reflect.TypeOf(types.ServiceVolumeConfig{}): transformServiceVolumeConfig,
|
||||
reflect.TypeOf(types.BuildConfig{}): transformBuildConfig,
|
||||
reflect.TypeOf(types.Duration(0)): transformStringToDuration,
|
||||
@ -808,28 +808,58 @@ var transformStringList TransformerFunc = func(data any) (any, error) {
|
||||
}
|
||||
}
|
||||
|
||||
func transformMappingOrListFunc(sep string, allowNil bool) TransformerFunc {
|
||||
return func(data any) (any, error) {
|
||||
return transformMappingOrList(data, sep, allowNil), nil
|
||||
var transformHostsList TransformerFunc = func(data any) (any, error) {
|
||||
hl := transformListOrMapping(data, ":", false, []string{"=", ":"})
|
||||
|
||||
// Remove brackets from IP addresses if present (for example "[::1]" -> "::1").
|
||||
result := make([]string, 0, len(hl))
|
||||
for _, hip := range hl {
|
||||
host, ip, _ := strings.Cut(hip, ":")
|
||||
if len(ip) > 2 && ip[0] == '[' && ip[len(ip)-1] == ']' {
|
||||
ip = ip[1 : len(ip)-1]
|
||||
}
|
||||
result = append(result, fmt.Sprintf("%s:%s", host, ip))
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func transformListOrMappingFunc(sep string, allowNil bool) TransformerFunc {
|
||||
return func(data any) (any, error) {
|
||||
return transformListOrMapping(data, sep, allowNil), nil
|
||||
}
|
||||
}
|
||||
|
||||
func transformListOrMapping(listOrMapping any, sep string, allowNil bool) any {
|
||||
// transformListOrMapping transforms pairs of strings that may be represented as
|
||||
// a map, or a list of '=' or ':' separated strings, into a list of ':' separated
|
||||
// strings.
|
||||
func transformListOrMapping(listOrMapping any, sep string, allowNil bool, allowSeps []string) []string {
|
||||
switch value := listOrMapping.(type) {
|
||||
case map[string]any:
|
||||
return toStringList(value, sep, allowNil)
|
||||
case []any:
|
||||
return listOrMapping
|
||||
result := make([]string, 0, len(value))
|
||||
for _, entry := range value {
|
||||
for i, allowSep := range allowSeps {
|
||||
entry := fmt.Sprint(entry)
|
||||
k, v, ok := strings.Cut(entry, allowSep)
|
||||
if ok {
|
||||
// Entry uses this allowed separator. Add it to the result, using
|
||||
// sep as a separator.
|
||||
result = append(result, fmt.Sprintf("%s%s%s", k, sep, v))
|
||||
break
|
||||
} else if i == len(allowSeps)-1 {
|
||||
// No more separators to try, keep the entry if allowNil.
|
||||
if allowNil {
|
||||
result = append(result, k)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return result
|
||||
}
|
||||
panic(errors.Errorf("expected a map or a list, got %T: %#v", listOrMapping, listOrMapping))
|
||||
}
|
||||
|
||||
func transformMappingOrListFunc(sep string, allowNil bool) TransformerFunc {
|
||||
return func(data any) (any, error) {
|
||||
return transformMappingOrList(data, sep, allowNil), nil
|
||||
}
|
||||
}
|
||||
|
||||
func transformMappingOrList(mappingOrList any, sep string, allowNil bool) any {
|
||||
switch values := mappingOrList.(type) {
|
||||
case map[string]any:
|
||||
|
||||
@ -1302,12 +1302,14 @@ services:
|
||||
extra_hosts:
|
||||
"zulu": "162.242.195.82"
|
||||
"alpha": "50.31.209.229"
|
||||
"beta": "[fd20:f8a7:6e5b::2]"
|
||||
"host.docker.internal": "host-gateway"
|
||||
`)
|
||||
assert.NilError(t, err)
|
||||
|
||||
expected := types.HostsList{
|
||||
"alpha:50.31.209.229",
|
||||
"beta:fd20:f8a7:6e5b::2",
|
||||
"host.docker.internal:host-gateway",
|
||||
"zulu:162.242.195.82",
|
||||
}
|
||||
@ -1324,16 +1326,25 @@ services:
|
||||
image: busybox
|
||||
extra_hosts:
|
||||
- "zulu:162.242.195.82"
|
||||
- "whiskey=162.242.195.83"
|
||||
- "alpha:50.31.209.229"
|
||||
- "zulu:ff02::1"
|
||||
- "host.docker.internal:host-gateway"
|
||||
- "whiskey=ff02::2"
|
||||
- "foxtrot=[ff02::3]"
|
||||
- "bravo:[ff02::4]"
|
||||
- "host.docker.internal=host-gateway"
|
||||
- "noaddress"
|
||||
`)
|
||||
assert.NilError(t, err)
|
||||
|
||||
expected := types.HostsList{
|
||||
"zulu:162.242.195.82",
|
||||
"whiskey:162.242.195.83",
|
||||
"alpha:50.31.209.229",
|
||||
"zulu:ff02::1",
|
||||
"whiskey:ff02::2",
|
||||
"foxtrot:ff02::3",
|
||||
"bravo:ff02::4",
|
||||
"host.docker.internal:host-gateway",
|
||||
}
|
||||
|
||||
|
||||
@ -1146,6 +1146,7 @@ __docker_complete_plugin() {
|
||||
local path=$1
|
||||
local completionCommand="__completeNoDesc"
|
||||
local resultArray=($path $completionCommand)
|
||||
local current="$cur"
|
||||
for value in "${words[@]:2}"; do
|
||||
if [ -z "$value" ]; then
|
||||
resultArray+=( "''" )
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
variable "GO_VERSION" {
|
||||
default = "1.21.6"
|
||||
default = "1.21.8"
|
||||
}
|
||||
variable "VERSION" {
|
||||
default = ""
|
||||
@ -186,6 +186,7 @@ target "bin-image-cross" {
|
||||
"linux/arm64",
|
||||
"linux/ppc64le",
|
||||
"linux/s390x",
|
||||
"windows/amd64"
|
||||
"windows/amd64",
|
||||
"windows/arm64"
|
||||
]
|
||||
}
|
||||
|
||||
@ -14,13 +14,13 @@ PACKAGER_NAME ?=
|
||||
|
||||
DEV_DOCKER_IMAGE_NAME = docker-cli-dev$(IMAGE_TAG)
|
||||
E2E_IMAGE_NAME = docker-cli-e2e
|
||||
E2E_ENGINE_VERSION ?=
|
||||
ENGINE_VERSION ?=
|
||||
CACHE_VOLUME_NAME := docker-cli-dev-cache
|
||||
ifeq ($(DOCKER_CLI_GO_BUILD_CACHE),y)
|
||||
DOCKER_CLI_MOUNTS += -v "$(CACHE_VOLUME_NAME):/root/.cache/go-build"
|
||||
endif
|
||||
VERSION = $(shell cat VERSION)
|
||||
ENVVARS = -e VERSION=$(VERSION) -e GITCOMMIT -e PLATFORM -e TESTFLAGS -e TESTDIRS -e GOOS -e GOARCH -e GOARM -e TEST_ENGINE_VERSION=$(E2E_ENGINE_VERSION)
|
||||
ENVVARS = -e VERSION=$(VERSION) -e GITCOMMIT -e PLATFORM -e TESTFLAGS -e TESTDIRS -e GOOS -e GOARCH -e GOARM -e ENGINE_VERSION
|
||||
|
||||
# Some Dockerfiles use features that are only supported with BuildKit enabled
|
||||
export DOCKER_BUILDKIT=1
|
||||
@ -132,21 +132,21 @@ test-e2e: test-e2e-non-experimental test-e2e-experimental test-e2e-connhelper-ss
|
||||
|
||||
.PHONY: test-e2e-experimental
|
||||
test-e2e-experimental: build-e2e-image # run experimental e2e tests
|
||||
docker run --rm $(ENVVARS) -e DOCKERD_EXPERIMENTAL=1 -e TEST_ENGINE_VERSION=$(E2E_ENGINE_VERSION) \
|
||||
docker run --rm $(ENVVARS) -e DOCKERD_EXPERIMENTAL=1 \
|
||||
--mount type=bind,src=$(CURDIR)/build/coverage,dst=/tmp/coverage \
|
||||
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
|
||||
$(E2E_IMAGE_NAME)
|
||||
|
||||
.PHONY: test-e2e-non-experimental
|
||||
test-e2e-non-experimental: build-e2e-image # run non-experimental e2e tests
|
||||
docker run --rm $(ENVVARS) -e TEST_ENGINE_VERSION=$(E2E_ENGINE_VERSION) \
|
||||
docker run --rm $(ENVVARS) \
|
||||
--mount type=bind,src=$(CURDIR)/build/coverage,dst=/tmp/coverage \
|
||||
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
|
||||
$(E2E_IMAGE_NAME)
|
||||
|
||||
.PHONY: test-e2e-connhelper-ssh
|
||||
test-e2e-connhelper-ssh: build-e2e-image # run experimental SSH-connection helper e2e tests
|
||||
docker run --rm $(ENVVARS) -e DOCKERD_EXPERIMENTAL=1 -e TEST_ENGINE_VERSION=$(E2E_ENGINE_VERSION) -e TEST_CONNHELPER=ssh \
|
||||
docker run --rm $(ENVVARS) -e DOCKERD_EXPERIMENTAL=1 -e TEST_CONNHELPER=ssh \
|
||||
--mount type=bind,src=$(CURDIR)/build/coverage,dst=/tmp/coverage \
|
||||
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
|
||||
$(E2E_IMAGE_NAME)
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG GO_VERSION=1.21.6
|
||||
ARG GO_VERSION=1.21.8
|
||||
ARG ALPINE_VERSION=3.18
|
||||
|
||||
ARG BUILDX_VERSION=0.12.1
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG GO_VERSION=1.21.6
|
||||
ARG GO_VERSION=1.21.8
|
||||
ARG ALPINE_VERSION=3.18
|
||||
ARG GOLANGCI_LINT_VERSION=v1.55.2
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG GO_VERSION=1.21.6
|
||||
ARG GO_VERSION=1.21.8
|
||||
ARG ALPINE_VERSION=3.18
|
||||
ARG MODOUTDATED_VERSION=v0.8.0
|
||||
|
||||
|
||||
@ -55,11 +55,11 @@ the registry.
|
||||
|
||||
- `entrypoint` string array
|
||||
|
||||
Entrypoint of the plugin, see [`ENTRYPOINT`](https://docs.docker.com/engine/reference/builder/#entrypoint)
|
||||
Entrypoint of the plugin, see [`ENTRYPOINT`](https://docs.docker.com/reference/dockerfile/#entrypoint)
|
||||
|
||||
- `workdir` string
|
||||
|
||||
Working directory of the plugin, see [`WORKDIR`](https://docs.docker.com/engine/reference/builder/#workdir)
|
||||
Working directory of the plugin, see [`WORKDIR`](https://docs.docker.com/reference/dockerfile/#workdir)
|
||||
|
||||
- `network` PluginNetwork
|
||||
|
||||
|
||||
@ -104,7 +104,7 @@ Enable the authorization plugin with a dedicated command line flag in the
|
||||
`--authorization-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID`
|
||||
value. This value can be the plugin’s socket or a path to a specification file.
|
||||
Authorization plugins can be loaded without restarting the daemon. Refer
|
||||
to the [`dockerd` documentation](../reference/commandline/dockerd.md#configuration-reload-behavior) for more information.
|
||||
to the [`dockerd` documentation](https://docs.docker.com/reference/cli/dockerd/#configuration-reload-behavior) for more information.
|
||||
|
||||
```console
|
||||
$ dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
|
||||
|
||||
@ -13,7 +13,7 @@ Attach local standard input, output, and error streams to a running container
|
||||
|:----------------|:---------|:--------|:----------------------------------------------------|
|
||||
| `--detach-keys` | `string` | | Override the key sequence for detaching a container |
|
||||
| `--no-stdin` | | | Do not attach STDIN |
|
||||
| `--sig-proxy` | | | Proxy all received signals to the process |
|
||||
| `--sig-proxy` | `bool` | `true` | Proxy all received signals to the process |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -21,7 +21,7 @@ Build an image from a Dockerfile
|
||||
| `-c`, `--cpu-shares` | `int64` | `0` | CPU shares (relative weight) |
|
||||
| `--cpuset-cpus` | `string` | | CPUs in which to allow execution (0-3, 0,1) |
|
||||
| `--cpuset-mems` | `string` | | MEMs in which to allow execution (0-3, 0,1) |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `-f`, `--file` | `string` | | Name of the Dockerfile (Default is `PATH/Dockerfile`) |
|
||||
| `--force-rm` | | | Always remove intermediate containers |
|
||||
| `--iidfile` | `string` | | Write the image ID to the file |
|
||||
@ -34,7 +34,7 @@ Build an image from a Dockerfile
|
||||
| `--platform` | `string` | | Set platform if server is multi-platform capable |
|
||||
| `--pull` | | | Always attempt to pull a newer version of the image |
|
||||
| `-q`, `--quiet` | | | Suppress the build output and print image ID on success |
|
||||
| `--rm` | | | Remove intermediate containers after a successful build |
|
||||
| `--rm` | `bool` | `true` | Remove intermediate containers after a successful build |
|
||||
| `--security-opt` | `stringSlice` | | Security options |
|
||||
| `--shm-size` | `bytes` | `0` | Size of `/dev/shm` |
|
||||
| `--squash` | | | Squash newly built layers into a single new layer |
|
||||
|
||||
@ -21,7 +21,7 @@ Build an image from a Dockerfile
|
||||
| `-c`, `--cpu-shares` | `int64` | `0` | CPU shares (relative weight) |
|
||||
| `--cpuset-cpus` | `string` | | CPUs in which to allow execution (0-3, 0,1) |
|
||||
| `--cpuset-mems` | `string` | | MEMs in which to allow execution (0-3, 0,1) |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `-f`, `--file` | `string` | | Name of the Dockerfile (Default is `PATH/Dockerfile`) |
|
||||
| `--force-rm` | | | Always remove intermediate containers |
|
||||
| `--iidfile` | `string` | | Write the image ID to the file |
|
||||
@ -34,7 +34,7 @@ Build an image from a Dockerfile
|
||||
| `--platform` | `string` | | Set platform if server is multi-platform capable |
|
||||
| `--pull` | | | Always attempt to pull a newer version of the image |
|
||||
| `-q`, `--quiet` | | | Suppress the build output and print image ID on success |
|
||||
| `--rm` | | | Remove intermediate containers after a successful build |
|
||||
| `--rm` | `bool` | `true` | Remove intermediate containers after a successful build |
|
||||
| `--security-opt` | `stringSlice` | | Security options |
|
||||
| `--shm-size` | `bytes` | `0` | Size of `/dev/shm` |
|
||||
| `--squash` | | | Squash newly built layers into a single new layer |
|
||||
@ -47,4 +47,4 @@ Build an image from a Dockerfile
|
||||
|
||||
## Description
|
||||
|
||||
See [docker build](build.md) for more information.
|
||||
See [docker build](image_build.md) for more information.
|
||||
|
||||
@ -11,7 +11,7 @@ aliases:
|
||||
---
|
||||
|
||||
The base command for the Docker CLI is `docker`. For information about the
|
||||
available flags and subcommands, refer to the [CLI reference](docker.md)
|
||||
available flags and subcommands, refer to the [CLI reference](https://docs.docker.com/reference/cli/docker/)
|
||||
|
||||
Depending on your Docker system configuration, you may be required to preface
|
||||
each `docker` command with `sudo`. To avoid having to use `sudo` with the
|
||||
@ -26,20 +26,20 @@ the [installation](https://docs.docker.com/install/) instructions for your opera
|
||||
The following list of environment variables are supported by the `docker` command
|
||||
line:
|
||||
|
||||
| Variable | Description |
|
||||
| :---------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `DOCKER_API_VERSION` | Override the negotiated API version to use for debugging (e.g. `1.19`) |
|
||||
| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) |
|
||||
| `DOCKER_CONFIG` | The location of your client configuration files. |
|
||||
| `DOCKER_CONTENT_TRUST_SERVER` | The URL of the Notary server to use. Defaults to the same URL as the registry. |
|
||||
| `DOCKER_CONTENT_TRUST` | When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. |
|
||||
| `DOCKER_CONTEXT` | Name of the `docker context` to use (overrides `DOCKER_HOST` env var and default context set with `docker context use`) |
|
||||
| `DOCKER_DEFAULT_PLATFORM` | Default platform for commands that take the `--platform` flag. |
|
||||
| `DOCKER_HIDE_LEGACY_COMMANDS` | When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release. |
|
||||
| `DOCKER_HOST` | Daemon socket to connect to. |
|
||||
| `DOCKER_TLS` | Enable TLS for connections made by the `docker` CLI (equivalent of the `--tls` command-line option). Set to a non-empty value to enable TLS. Note that TLS is enabled automatically if any of the other TLS options are set. |
|
||||
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) |
|
||||
| `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`) when [building](image_build.md) with [BuildKit backend](https://docs.docker.com/build/buildkit/). Use plain to show container output (default `auto`). |
|
||||
| Variable | Description |
|
||||
| :---------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `DOCKER_API_VERSION` | Override the negotiated API version to use for debugging (e.g. `1.19`) |
|
||||
| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the `docker` CLI and the [`dockerd` daemon](https://docs.docker.com/reference/cli/dockerd/) |
|
||||
| `DOCKER_CONFIG` | The location of your client configuration files. |
|
||||
| `DOCKER_CONTENT_TRUST_SERVER` | The URL of the Notary server to use. Defaults to the same URL as the registry. |
|
||||
| `DOCKER_CONTENT_TRUST` | When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. |
|
||||
| `DOCKER_CONTEXT` | Name of the `docker context` to use (overrides `DOCKER_HOST` env var and default context set with `docker context use`) |
|
||||
| `DOCKER_DEFAULT_PLATFORM` | Default platform for commands that take the `--platform` flag. |
|
||||
| `DOCKER_HIDE_LEGACY_COMMANDS` | When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release. |
|
||||
| `DOCKER_HOST` | Daemon socket to connect to. |
|
||||
| `DOCKER_TLS` | Enable TLS for connections made by the `docker` CLI (equivalent of the `--tls` command-line option). Set to a non-empty value to enable TLS. Note that TLS is enabled automatically if any of the other TLS options are set. |
|
||||
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](https://docs.docker.com/reference/cli/dockerd/) |
|
||||
| `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`, `rawjson`) when [building](https://docs.docker.com/reference/cli/docker/image/build/) with [BuildKit backend](https://docs.docker.com/build/buildkit/). Use plain to show container output (default `auto`). |
|
||||
|
||||
Because Docker is developed using Go, you can also use any environment
|
||||
variables used by the Go runtime. In particular, you may find these useful:
|
||||
@ -115,20 +115,20 @@ different location.
|
||||
These fields lets you customize the default output format for some commands
|
||||
if no `--format` flag is provided.
|
||||
|
||||
| Property | Description |
|
||||
| :--------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| `configFormat` | Custom default format for `docker config ls` output. See [`docker config ls`](config_ls.md#format) for a list of supported formatting directives. |
|
||||
| `imagesFormat` | Custom default format for `docker images` / `docker image ls` output. See [`docker images`](image_ls.md#format) for a list of supported formatting directives. |
|
||||
| `networksFormat` | Custom default format for `docker network ls` output. See [`docker network ls`](network_ls.md#format) for a list of supported formatting directives. |
|
||||
| `nodesFormat` | Custom default format for `docker node ls` output. See [`docker node ls`](node_ls.md#format) for a list of supported formatting directives. |
|
||||
| `pluginsFormat` | Custom default format for `docker plugin ls` output. See [`docker plugin ls`](plugin_ls.md#format) for a list of supported formatting directives. |
|
||||
| `psFormat` | Custom default format for `docker ps` / `docker container ps` output. See [`docker ps`](container_ls.md#format) for a list of supported formatting directives. |
|
||||
| `secretFormat` | Custom default format for `docker secret ls` output. See [`docker secret ls`](secret_ls.md#format) for a list of supported formatting directives. |
|
||||
| `serviceInspectFormat` | Custom default format for `docker service inspect` output. See [`docker service inspect`](service_inspect.md#format) for a list of supported formatting directives. |
|
||||
| `servicesFormat` | Custom default format for `docker service ls` output. See [`docker service ls`](service_ls.md#format) for a list of supported formatting directives. |
|
||||
| `statsFormat` | Custom default format for `docker stats` output. See [`docker stats`](container_stats.md#format) for a list of supported formatting directives. |
|
||||
| `tasksFormat` | Custom default format for `docker stack ps` output. See [`docker stack ps`](stack_ps.md#format) for a list of supported formatting directives. |
|
||||
| `volumesFormat` | Custom default format for `docker volume ls` output. See [`docker volume ls`](volume_ls.md#format) for a list of supported formatting directives. |
|
||||
| Property | Description |
|
||||
| :--------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `configFormat` | Custom default format for `docker config ls` output. See [`docker config ls`](https://docs.docker.com/reference/cli/docker/config/ls/#format) for a list of supported formatting directives. |
|
||||
| `imagesFormat` | Custom default format for `docker images` / `docker image ls` output. See [`docker images`](https://docs.docker.com/reference/cli/docker/image/ls/#format) for a list of supported formatting directives. |
|
||||
| `networksFormat` | Custom default format for `docker network ls` output. See [`docker network ls`](https://docs.docker.com/reference/cli/docker/network/ls/#format) for a list of supported formatting directives. |
|
||||
| `nodesFormat` | Custom default format for `docker node ls` output. See [`docker node ls`](https://docs.docker.com/reference/cli/docker/node/ls/#format) for a list of supported formatting directives. |
|
||||
| `pluginsFormat` | Custom default format for `docker plugin ls` output. See [`docker plugin ls`](https://docs.docker.com/reference/cli/docker/plugin/ls/#format) for a list of supported formatting directives. |
|
||||
| `psFormat` | Custom default format for `docker ps` / `docker container ps` output. See [`docker ps`](https://docs.docker.com/reference/cli/docker/container/ls/#format) for a list of supported formatting directives. |
|
||||
| `secretFormat` | Custom default format for `docker secret ls` output. See [`docker secret ls`](https://docs.docker.com/reference/cli/docker/secret/ls/#format) for a list of supported formatting directives. |
|
||||
| `serviceInspectFormat` | Custom default format for `docker service inspect` output. See [`docker service inspect`](https://docs.docker.com/reference/cli/docker/service/inspect/#format) for a list of supported formatting directives. |
|
||||
| `servicesFormat` | Custom default format for `docker service ls` output. See [`docker service ls`](https://docs.docker.com/reference/cli/docker/service/ls/#format) for a list of supported formatting directives. |
|
||||
| `statsFormat` | Custom default format for `docker stats` output. See [`docker stats`](https://docs.docker.com/reference/cli/docker/container/stats/#format) for a list of supported formatting directives. |
|
||||
| `tasksFormat` | Custom default format for `docker stack ps` output. See [`docker stack ps`](https://docs.docker.com/reference/cli/docker/stack/ps/#format) for a list of supported formatting directives. |
|
||||
| `volumesFormat` | Custom default format for `docker volume ls` output. See [`docker volume ls`](https://docs.docker.com/reference/cli/docker/volume/ls/#format) for a list of supported formatting directives. |
|
||||
|
||||
### Custom HTTP headers
|
||||
|
||||
@ -144,14 +144,14 @@ credential store. When this property is set, `docker login` will attempt to
|
||||
store credentials in the binary specified by `docker-credential-<value>` which
|
||||
is visible on `$PATH`. If this property isn't set, credentials are stored
|
||||
in the `auths` property of the CLI configuration file. For more information,
|
||||
see the [**Credential stores** section in the `docker login` documentation](login.md#credential-stores)
|
||||
see the [**Credential stores** section in the `docker login` documentation](https://docs.docker.com/reference/cli/docker/login/#credential-stores)
|
||||
|
||||
The property `credHelpers` specifies a set of credential helpers to use
|
||||
preferentially over `credsStore` or `auths` when storing and retrieving
|
||||
credentials for specific registries. If this property is set, the binary
|
||||
`docker-credential-<value>` will be used when storing or retrieving credentials
|
||||
for a specific registry. For more information, see the
|
||||
[**Credential helpers** section in the `docker login` documentation](login.md#credential-helpers)
|
||||
[**Credential helpers** section in the `docker login` documentation](https://docs.docker.com/reference/cli/docker/login/#credential-helpers)
|
||||
|
||||
### Automatic proxy configuration for containers
|
||||
|
||||
@ -299,12 +299,12 @@ commands use the following default sockets:
|
||||
- `npipe:////./pipe/docker_engine` on Windows
|
||||
|
||||
To achieve a similar effect without having to specify the `-H` flag for every
|
||||
command, you could also [create a context](context_create.md),
|
||||
command, you could also [create a context](https://docs.docker.com/reference/cli/docker/context/create/),
|
||||
or alternatively, use the
|
||||
[`DOCKER_HOST` environment variable](#environment-variables).
|
||||
|
||||
For more information about the `-H` flag, see
|
||||
[Daemon socket option](dockerd.md#daemon-socket-option).
|
||||
[Daemon socket option](https://docs.docker.com/reference/cli/dockerd/#daemon-socket-option).
|
||||
|
||||
#### Using TCP sockets
|
||||
|
||||
|
||||
@ -14,7 +14,7 @@ Create a new image from a container's changes
|
||||
| `-a`, `--author` | `string` | | Author (e.g., `John Hannibal Smith <hannibal@a-team.com>`) |
|
||||
| `-c`, `--change` | `list` | | Apply Dockerfile instruction to the created image |
|
||||
| `-m`, `--message` | `string` | | Commit message |
|
||||
| `-p`, `--pause` | | | Pause container during commit |
|
||||
| `-p`, `--pause` | `bool` | `true` | Pause container during commit |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -13,7 +13,7 @@ Attach local standard input, output, and error streams to a running container
|
||||
|:--------------------------------|:---------|:--------|:----------------------------------------------------|
|
||||
| [`--detach-keys`](#detach-keys) | `string` | | Override the key sequence for detaching a container |
|
||||
| `--no-stdin` | | | Do not attach STDIN |
|
||||
| `--sig-proxy` | | | Proxy all received signals to the process |
|
||||
| `--sig-proxy` | `bool` | `true` | Proxy all received signals to the process |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
@ -164,4 +164,4 @@ the following:
|
||||
|
||||
These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key
|
||||
sequences. To configure a different configuration default key sequence for all
|
||||
containers, see [**Configuration file** section](cli.md#configuration-files).
|
||||
containers, see [**Configuration file** section](https://docs.docker.com/engine/reference/commandline/cli/#configuration-files).
|
||||
|
||||
@ -14,7 +14,7 @@ Create a new image from a container's changes
|
||||
| `-a`, `--author` | `string` | | Author (e.g., `John Hannibal Smith <hannibal@a-team.com>`) |
|
||||
| [`-c`](#change), [`--change`](#change) | `list` | | Apply Dockerfile instruction to the created image |
|
||||
| `-m`, `--message` | `string` | | Commit message |
|
||||
| `-p`, `--pause` | | | Pause container during commit |
|
||||
| `-p`, `--pause` | `bool` | `true` | Pause container during commit |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -112,7 +112,7 @@ $ docker cp CONTAINER:/var/logs/app.log - | tar x -O | grep "ERROR"
|
||||
### Corner cases
|
||||
|
||||
It isn't possible to copy certain system files such as resources under
|
||||
`/proc`, `/sys`, `/dev`, [tmpfs](run.md#tmpfs), and mounts created by
|
||||
`/proc`, `/sys`, `/dev`, [tmpfs](container_run.md#tmpfs), and mounts created by
|
||||
the user in the container. However, you can still copy such files by manually
|
||||
running `tar` in `docker exec`. Both of the following examples do the same thing
|
||||
in different ways (consider `SRC_PATH` and `DEST_PATH` are directories):
|
||||
|
||||
@ -37,7 +37,7 @@ Create a new container
|
||||
| `--device-read-iops` | `list` | | Limit read rate (IO per second) from a device |
|
||||
| `--device-write-bps` | `list` | | Limit write rate (bytes per second) to a device |
|
||||
| `--device-write-iops` | `list` | | Limit write rate (IO per second) to a device |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--dns` | `list` | | Set custom DNS servers |
|
||||
| `--dns-option` | `list` | | Set DNS options |
|
||||
| `--dns-search` | `list` | | Set custom DNS search domains |
|
||||
@ -131,8 +131,8 @@ so that it's ready to start when you need it. The initial status of the
|
||||
new container is `created`.
|
||||
|
||||
The `docker create` command shares most of its options with the `docker run`
|
||||
command (which performs a `docker create` before starting it). Refer to the
|
||||
[`docker run` command](run.md) section and the [Docker run reference](../run.md)
|
||||
command (which performs a `docker create` before starting it).
|
||||
Refer to the [`docker run` CLI reference](container_run.md)
|
||||
for details on the available flags and options.
|
||||
|
||||
## Examples
|
||||
|
||||
@ -39,7 +39,7 @@ Create and run a new container from an image
|
||||
| `--device-read-iops` | `list` | | Limit read rate (IO per second) from a device |
|
||||
| `--device-write-bps` | `list` | | Limit write rate (bytes per second) to a device |
|
||||
| `--device-write-iops` | `list` | | Limit write rate (IO per second) to a device |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--dns` | `list` | | Set custom DNS servers |
|
||||
| `--dns-option` | `list` | | Set DNS options |
|
||||
| `--dns-search` | `list` | | Set custom DNS search domains |
|
||||
@ -99,7 +99,7 @@ Create and run a new container from an image
|
||||
| `--runtime` | `string` | | Runtime to use for this container |
|
||||
| [`--security-opt`](#security-opt) | `list` | | Security Options |
|
||||
| `--shm-size` | `bytes` | `0` | Size of /dev/shm |
|
||||
| `--sig-proxy` | | | Proxy received signals to the process |
|
||||
| `--sig-proxy` | `bool` | `true` | Proxy received signals to the process |
|
||||
| [`--stop-signal`](#stop-signal) | `string` | | Signal to stop the container |
|
||||
| [`--stop-timeout`](#stop-timeout) | `int` | `0` | Timeout (in seconds) to stop a container |
|
||||
| [`--storage-opt`](#storage-opt) | `list` | | Storage driver options for the container |
|
||||
@ -787,7 +787,7 @@ the following:
|
||||
|
||||
These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key
|
||||
sequences. To configure a different configuration default key sequence for all
|
||||
containers, see [**Configuration file** section](cli.md#configuration-files).
|
||||
containers, see [**Configuration file** section](https://docs.docker.com/engine/reference/commandline/cli/#configuration-files).
|
||||
|
||||
### <a name="device"></a> Add host device to container (--device)
|
||||
|
||||
@ -888,7 +888,7 @@ This starts an `ubuntu` container with access to the specified CDI device,
|
||||
on the system running the daemon, in one of the configured CDI specification
|
||||
directories.
|
||||
- The CDI feature has been enabled on the daemon side, see [Enable CDI
|
||||
devices](dockerd.md#enable-cdi-devices).
|
||||
devices](https://docs.docker.com/reference/cli/dockerd/#enable-cdi-devices).
|
||||
|
||||
### <a name="attach"></a> Attach to STDIN/STDOUT/STDERR (-a, --attach)
|
||||
|
||||
@ -1306,7 +1306,7 @@ container to exit. This signal can be a signal name in the format `SIG<NAME>`,
|
||||
for instance `SIGKILL`, or an unsigned number that matches a position in the
|
||||
kernel's syscall table, for instance `9`.
|
||||
|
||||
The default value is defined by [`STOPSIGNAL`](https://docs.docker.com/engine/reference/builder/#stopsignal)
|
||||
The default value is defined by [`STOPSIGNAL`](https://docs.docker.com/reference/dockerfile/#stopsignal)
|
||||
in the image, or `SIGTERM` if the image has no `STOPSIGNAL` defined.
|
||||
|
||||
### <a name="security-opt"></a> Optional security options (--security-opt)
|
||||
|
||||
@ -37,7 +37,7 @@ Create a new container
|
||||
| `--device-read-iops` | `list` | | Limit read rate (IO per second) from a device |
|
||||
| `--device-write-bps` | `list` | | Limit write rate (bytes per second) to a device |
|
||||
| `--device-write-iops` | `list` | | Limit write rate (IO per second) to a device |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--dns` | `list` | | Set custom DNS servers |
|
||||
| `--dns-option` | `list` | | Set DNS options |
|
||||
| `--dns-search` | `list` | | Set custom DNS search domains |
|
||||
|
||||
@ -12,7 +12,7 @@ Show the history of an image
|
||||
| Name | Type | Default | Description |
|
||||
|:----------------|:---------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `--format` | `string` | | Format output using a custom template:<br>'table': Print output in table format with column headers (default)<br>'table TEMPLATE': Print output in table format using the given Go template<br>'json': Print in JSON format<br>'TEMPLATE': Print output using the given Go template.<br>Refer to https://docs.docker.com/go/formatting/ for more information about formatting output with templates |
|
||||
| `-H`, `--human` | | | Print sizes and dates in human readable format |
|
||||
| `-H`, `--human` | `bool` | `true` | Print sizes and dates in human readable format |
|
||||
| `--no-trunc` | | | Don't truncate output |
|
||||
| `-q`, `--quiet` | | | Only show image IDs |
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@ Build an image from a Dockerfile
|
||||
| `-c`, `--cpu-shares` | `int64` | `0` | CPU shares (relative weight) |
|
||||
| `--cpuset-cpus` | `string` | | CPUs in which to allow execution (0-3, 0,1) |
|
||||
| `--cpuset-mems` | `string` | | MEMs in which to allow execution (0-3, 0,1) |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| [`-f`](#file), [`--file`](#file) | `string` | | Name of the Dockerfile (Default is `PATH/Dockerfile`) |
|
||||
| `--force-rm` | | | Always remove intermediate containers |
|
||||
| `--iidfile` | `string` | | Write the image ID to the file |
|
||||
@ -34,7 +34,7 @@ Build an image from a Dockerfile
|
||||
| `--platform` | `string` | | Set platform if server is multi-platform capable |
|
||||
| `--pull` | | | Always attempt to pull a newer version of the image |
|
||||
| `-q`, `--quiet` | | | Suppress the build output and print image ID on success |
|
||||
| `--rm` | | | Remove intermediate containers after a successful build |
|
||||
| `--rm` | `bool` | `true` | Remove intermediate containers after a successful build |
|
||||
| [`--security-opt`](#security-opt) | `stringSlice` | | Security options |
|
||||
| `--shm-size` | `bytes` | `0` | Size of `/dev/shm` |
|
||||
| [`--squash`](#squash) | | | Squash newly built layers into a single new layer |
|
||||
@ -50,7 +50,7 @@ Build an image from a Dockerfile
|
||||
The `docker build` command builds Docker images from a Dockerfile and a
|
||||
"context". A build's context is the set of files located in the specified
|
||||
`PATH` or `URL`. The build process can refer to any of the files in the
|
||||
context. For example, your build can use a [*COPY*](https://docs.docker.com/engine/reference/builder/#copy)
|
||||
context. For example, your build can use a [*COPY*](https://docs.docker.com/reference/dockerfile/#copy)
|
||||
instruction to reference a file in the context.
|
||||
|
||||
The `URL` parameter can refer to three kinds of resources: Git repositories,
|
||||
@ -144,7 +144,7 @@ In most cases, it's best to put each Dockerfile in an empty directory. Then,
|
||||
add to that directory only the files needed for building the Dockerfile. To
|
||||
increase the build's performance, you can exclude files and directories by
|
||||
adding a `.dockerignore` file to that directory as well. For information on
|
||||
creating one, see the [.dockerignore file](https://docs.docker.com/engine/reference/builder/#dockerignore-file).
|
||||
creating one, see the [.dockerignore file](https://docs.docker.com/reference/dockerfile/#dockerignore-file).
|
||||
|
||||
If the Docker client loses connection to the daemon, it cancels the build.
|
||||
This happens if you interrupt the Docker client with `CTRL-c` or if the Docker
|
||||
@ -172,7 +172,7 @@ $ echo $?
|
||||
|
||||
See also:
|
||||
|
||||
[*Dockerfile Reference*](https://docs.docker.com/engine/reference/builder/).
|
||||
[*Dockerfile Reference*](https://docs.docker.com/reference/dockerfile/).
|
||||
|
||||
## Examples
|
||||
|
||||
@ -213,7 +213,7 @@ where to find the files for the "context" of the build on the Docker daemon.
|
||||
Remember that the daemon could be running on a remote machine and that no
|
||||
parsing of the Dockerfile happens at the client side (where you're running
|
||||
`docker build`). That means that all the files at `PATH` are sent, not just
|
||||
the ones listed to [`ADD`](https://docs.docker.com/engine/reference/builder/#add)
|
||||
the ones listed to [`ADD`](https://docs.docker.com/reference/dockerfile/#add)
|
||||
in the Dockerfile.
|
||||
|
||||
The transfer of context from the local machine to the Docker daemon is what the
|
||||
@ -302,7 +302,7 @@ Successfully built 99cc1ad10469
|
||||
This example shows the use of the `.dockerignore` file to exclude the `.git`
|
||||
directory from the context. You can see its effect in the changed size of the
|
||||
uploaded context. The builder reference contains detailed information on
|
||||
[creating a .dockerignore file](https://docs.docker.com/engine/reference/builder/#dockerignore-file).
|
||||
[creating a .dockerignore file](https://docs.docker.com/reference/dockerfile/#dockerignore-file).
|
||||
|
||||
When using the [BuildKit backend](https://docs.docker.com/build/buildkit/),
|
||||
`docker build` searches for a `.dockerignore` file relative to the Dockerfile
|
||||
@ -384,12 +384,12 @@ the command line.
|
||||
### <a name="cgroup-parent"></a> Use a custom parent cgroup (--cgroup-parent)
|
||||
|
||||
When you run `docker build` with the `--cgroup-parent` option, the daemon runs the containers
|
||||
used in the build with the [corresponding `docker run` flag](../run.md#specify-custom-cgroups).
|
||||
used in the build with the [corresponding `docker run` flag](container_run.md#cgroup-parent).
|
||||
|
||||
### <a name="ulimit"></a> Set ulimits in container (--ulimit)
|
||||
|
||||
Using the `--ulimit` option with `docker build` causes the daemon to start each build step's
|
||||
container using those [`--ulimit` flag values](run.md#ulimit).
|
||||
container using those [`--ulimit` flag values](container_run.md#ulimit).
|
||||
|
||||
### <a name="build-arg"></a> Set build-time variables (--build-arg)
|
||||
|
||||
@ -415,7 +415,7 @@ Using this flag doesn't alter the output you see when the build process echoes t
|
||||
Dockerfile.
|
||||
|
||||
For detailed information on using `ARG` and `ENV` instructions, see the
|
||||
[Dockerfile reference](https://docs.docker.com/engine/reference/builder/).
|
||||
[Dockerfile reference](https://docs.docker.com/reference/dockerfile/).
|
||||
|
||||
You can also use the `--build-arg` flag without a value, in which case the daemon
|
||||
propagates the value from the local environment into the Docker container it's building:
|
||||
@ -425,7 +425,7 @@ $ export HTTP_PROXY=http://10.20.30.2:1234
|
||||
$ docker build --build-arg HTTP_PROXY .
|
||||
```
|
||||
|
||||
This example is similar to how `docker run -e` works. Refer to the [`docker run` documentation](run.md#env)
|
||||
This example is similar to how `docker run -e` works. Refer to the [`docker run` documentation](container_run.md#env)
|
||||
for more information.
|
||||
|
||||
### <a name="security-opt"></a> Optional security options (--security-opt)
|
||||
@ -553,7 +553,7 @@ $ docker build -o - . > out.tar
|
||||
|
||||
The `--output` option exports all files from the target stage. A common pattern
|
||||
for exporting only specific files is to do multi-stage builds and to copy the
|
||||
desired files to a new scratch stage with [`COPY --from`](https://docs.docker.com/engine/reference/builder/#copy).
|
||||
desired files to a new scratch stage with [`COPY --from`](https://docs.docker.com/reference/dockerfile/#copy).
|
||||
|
||||
The example, the `Dockerfile` below uses a separate stage to collect the
|
||||
build artifacts for exporting:
|
||||
@ -642,7 +642,7 @@ Available options for the networking mode are:
|
||||
- `none`: Run with no network access.
|
||||
- `host`: Run in the host’s network environment.
|
||||
|
||||
Find more details in the [Dockerfile documentation](https://docs.docker.com/engine/reference/builder/#run---network).
|
||||
Find more details in the [Dockerfile documentation](https://docs.docker.com/reference/dockerfile/#run---network).
|
||||
|
||||
### <a name="squash"></a> Squash an image's layers (--squash) (experimental)
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ Show the history of an image
|
||||
| Name | Type | Default | Description |
|
||||
|:----------------------|:---------|:--------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| [`--format`](#format) | `string` | | Format output using a custom template:<br>'table': Print output in table format with column headers (default)<br>'table TEMPLATE': Print output in table format using the given Go template<br>'json': Print in JSON format<br>'TEMPLATE': Print output using the given Go template.<br>Refer to https://docs.docker.com/go/formatting/ for more information about formatting output with templates |
|
||||
| `-H`, `--human` | | | Print sizes and dates in human readable format |
|
||||
| `-H`, `--human` | `bool` | `true` | Print sizes and dates in human readable format |
|
||||
| `--no-trunc` | | | Don't truncate output |
|
||||
| `-q`, `--quiet` | | | Only show image IDs |
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ Download an image from a registry
|
||||
| Name | Type | Default | Description |
|
||||
|:---------------------------------------------|:---------|:--------|:-------------------------------------------------|
|
||||
| [`-a`](#all-tags), [`--all-tags`](#all-tags) | | | Download all tagged images in the repository |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--platform` | `string` | | Set platform if server is multi-platform capable |
|
||||
| `-q`, `--quiet` | | | Suppress verbose output |
|
||||
|
||||
@ -34,7 +34,7 @@ use `docker pull`.
|
||||
|
||||
If you are behind an HTTP proxy server, for example in corporate settings,
|
||||
before open a connect to registry, you may need to configure the Docker
|
||||
daemon's proxy settings, refer to the [dockerd command-line reference](dockerd.md#proxy-configuration)
|
||||
daemon's proxy settings, refer to the [dockerd command-line reference](https://docs.docker.com/reference/cli/dockerd/#proxy-configuration)
|
||||
for details.
|
||||
|
||||
### Concurrent downloads
|
||||
@ -42,7 +42,7 @@ for details.
|
||||
By default the Docker daemon will pull three layers of an image at a time.
|
||||
If you are on a low bandwidth connection this may cause timeout issues and you may want to lower
|
||||
this via the `--max-concurrent-downloads` daemon option. See the
|
||||
[daemon documentation](dockerd.md) for more details.
|
||||
[daemon documentation](https://docs.docker.com/reference/cli/dockerd/) for more details.
|
||||
|
||||
## Examples
|
||||
|
||||
@ -184,7 +184,7 @@ Registry credentials are managed by [docker login](login.md).
|
||||
|
||||
Docker uses the `https://` protocol to communicate with a registry, unless the
|
||||
registry is allowed to be accessed over an insecure connection. Refer to the
|
||||
[insecure registries](dockerd.md#insecure-registries) section for more information.
|
||||
[insecure registries](https://docs.docker.com/reference/cli/dockerd/#insecure-registries) section for more information.
|
||||
|
||||
|
||||
### <a name="all-tags"></a> Pull a repository with multiple images (-a, --all-tags)
|
||||
|
||||
@ -9,11 +9,11 @@ Upload an image to a registry
|
||||
|
||||
### Options
|
||||
|
||||
| Name | Type | Default | Description |
|
||||
|:---------------------------------------------|:-----|:--------|:--------------------------------------------|
|
||||
| [`-a`](#all-tags), [`--all-tags`](#all-tags) | | | Push all tags of an image to the repository |
|
||||
| `--disable-content-trust` | | | Skip image signing |
|
||||
| `-q`, `--quiet` | | | Suppress verbose output |
|
||||
| Name | Type | Default | Description |
|
||||
|:---------------------------------------------|:-------|:--------|:--------------------------------------------|
|
||||
| [`-a`](#all-tags), [`--all-tags`](#all-tags) | | | Push all tags of an image to the repository |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image signing |
|
||||
| `-q`, `--quiet` | | | Suppress verbose output |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
@ -40,7 +40,7 @@ Registry credentials are managed by [docker login](login.md).
|
||||
By default the Docker daemon will push five layers of an image at a time.
|
||||
If you are on a low bandwidth connection this may cause timeout issues and you may want to lower
|
||||
this via the `--max-concurrent-uploads` daemon option. See the
|
||||
[daemon documentation](dockerd.md) for more details.
|
||||
[daemon documentation](https://docs.docker.com/reference/cli/dockerd/) for more details.
|
||||
|
||||
## Examples
|
||||
|
||||
|
||||
@ -43,8 +43,7 @@ underscores, periods, and hyphens. It can't start with a period or hyphen and
|
||||
must be no longer than 128 characters. If you don't specify a tag, the command uses `latest` by default.
|
||||
|
||||
You can group your images together using names and tags, and then
|
||||
[push](https://docs.docker.com/engine/reference/commandline/push) them to a
|
||||
registry.
|
||||
[push](image_push.md) them to a registry.
|
||||
|
||||
## Examples
|
||||
|
||||
|
||||
@ -10,11 +10,11 @@ identifier: "smn_cli_guide"
|
||||
This section contains reference information on using Docker's command line
|
||||
client. Each command has a reference page along with samples. If you are
|
||||
unfamiliar with the command line, you should start by reading about how to [Use
|
||||
the Docker command line](cli.md).
|
||||
the Docker command line](https://docs.docker.com/engine/reference/commandline/cli/).
|
||||
|
||||
You start the Docker daemon with the command line. How you start the daemon
|
||||
affects your Docker containers. For that reason you should also make sure to
|
||||
read the [`dockerd`](dockerd.md) reference page.
|
||||
read the [`dockerd`](https://docs.docker.com/reference/cli/dockerd/) reference page.
|
||||
|
||||
## Commands by object
|
||||
|
||||
@ -22,7 +22,7 @@ read the [`dockerd`](dockerd.md) reference page.
|
||||
|
||||
| Command | Description |
|
||||
| :-------------------------------- | :--------------------------------------------------- |
|
||||
| [dockerd](dockerd.md) | Launch the Docker daemon |
|
||||
| [dockerd](../dockerd.md) | Launch the Docker daemon |
|
||||
| [inspect](inspect.md) | Return low-level information on a container or image |
|
||||
| [system events](system_events.md) | Get real-time events from the server |
|
||||
| [system info](system_info.md) | Display system-wide information |
|
||||
|
||||
@ -78,7 +78,7 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
|
||||
|
||||
The `label` filter matches nodes based on engine labels and on the presence of a
|
||||
`label` alone or a `label` and a value. Engine labels are configured in
|
||||
the [daemon configuration](dockerd.md#daemon-configuration-file). To filter on
|
||||
the [daemon configuration](https://docs.docker.com/reference/cli/dockerd/#daemon-configuration-file). To filter on
|
||||
Swarm `node` labels, use [`node.label` instead](#nodelabel).
|
||||
|
||||
The following filter matches nodes with the `foo` label regardless of its value.
|
||||
|
||||
@ -56,7 +56,7 @@ $ docker node update --label-add type=queue worker1
|
||||
|
||||
The labels you set for nodes using `docker node update` apply only to the node
|
||||
entity within the swarm. Do not confuse them with the docker daemon labels for
|
||||
[dockerd](dockerd.md).
|
||||
[dockerd](https://docs.docker.com/reference/cli/dockerd/).
|
||||
|
||||
For more information about labels, refer to [apply custom
|
||||
metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/).
|
||||
|
||||
@ -15,7 +15,7 @@ Create a plugin from a rootfs and configuration. Plugin data directory must cont
|
||||
## Description
|
||||
|
||||
Creates a plugin. Before creating the plugin, prepare the plugin's root
|
||||
filesystem as well as the [config.json](../../extend/config.md).
|
||||
filesystem as well as the [config.json](https://docs.docker.com/engine/extend/config/).
|
||||
|
||||
## Examples
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@ in a JSON array.
|
||||
|
||||
### Inspect a plugin
|
||||
|
||||
The following example example inspects the `tiborvass/sample-volume-plugin` plugin:
|
||||
The following example inspects the `tiborvass/sample-volume-plugin` plugin:
|
||||
|
||||
```console
|
||||
$ docker plugin inspect tiborvass/sample-volume-plugin:latest
|
||||
|
||||
@ -9,7 +9,7 @@ Install a plugin
|
||||
|:--------------------------|:---------|:--------|:--------------------------------------------------|
|
||||
| `--alias` | `string` | | Local name for plugin |
|
||||
| `--disable` | | | Do not enable the plugin on install |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--grant-all-permissions` | | | Grant all permissions necessary to run the plugin |
|
||||
|
||||
|
||||
|
||||
@ -5,9 +5,9 @@ Push a plugin to a registry
|
||||
|
||||
### Options
|
||||
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:-----|:--------|:-------------------|
|
||||
| `--disable-content-trust` | | | Skip image signing |
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:-------|:--------|:-------------------|
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image signing |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -5,11 +5,11 @@ Upgrade an existing plugin
|
||||
|
||||
### Options
|
||||
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:-----|:--------|:----------------------------------------------------------------------|
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--grant-all-permissions` | | | Grant all permissions necessary to run the plugin |
|
||||
| `--skip-remote-check` | | | Do not check if specified remote plugin matches existing plugin image |
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:-------|:--------|:----------------------------------------------------------------------|
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--grant-all-permissions` | | | Grant all permissions necessary to run the plugin |
|
||||
| `--skip-remote-check` | | | Do not check if specified remote plugin matches existing plugin image |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -12,7 +12,7 @@ Download an image from a registry
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:---------|:--------|:-------------------------------------------------|
|
||||
| `-a`, `--all-tags` | | | Download all tagged images in the repository |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--platform` | `string` | | Set platform if server is multi-platform capable |
|
||||
| `-q`, `--quiet` | | | Suppress verbose output |
|
||||
|
||||
|
||||
@ -9,11 +9,11 @@ Upload an image to a registry
|
||||
|
||||
### Options
|
||||
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:-----|:--------|:--------------------------------------------|
|
||||
| `-a`, `--all-tags` | | | Push all tags of an image to the repository |
|
||||
| `--disable-content-trust` | | | Skip image signing |
|
||||
| `-q`, `--quiet` | | | Suppress verbose output |
|
||||
| Name | Type | Default | Description |
|
||||
|:--------------------------|:-------|:--------|:--------------------------------------------|
|
||||
| `-a`, `--all-tags` | | | Push all tags of an image to the repository |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image signing |
|
||||
| `-q`, `--quiet` | | | Suppress verbose output |
|
||||
|
||||
|
||||
<!---MARKER_GEN_END-->
|
||||
|
||||
@ -39,7 +39,7 @@ Create and run a new container from an image
|
||||
| `--device-read-iops` | `list` | | Limit read rate (IO per second) from a device |
|
||||
| `--device-write-bps` | `list` | | Limit write rate (bytes per second) to a device |
|
||||
| `--device-write-iops` | `list` | | Limit write rate (IO per second) to a device |
|
||||
| `--disable-content-trust` | | | Skip image verification |
|
||||
| `--disable-content-trust` | `bool` | `true` | Skip image verification |
|
||||
| `--dns` | `list` | | Set custom DNS servers |
|
||||
| `--dns-option` | `list` | | Set DNS options |
|
||||
| `--dns-search` | `list` | | Set custom DNS search domains |
|
||||
@ -99,7 +99,7 @@ Create and run a new container from an image
|
||||
| `--runtime` | `string` | | Runtime to use for this container |
|
||||
| `--security-opt` | `list` | | Security Options |
|
||||
| `--shm-size` | `bytes` | `0` | Size of /dev/shm |
|
||||
| `--sig-proxy` | | | Proxy received signals to the process |
|
||||
| `--sig-proxy` | `bool` | `true` | Proxy received signals to the process |
|
||||
| `--stop-signal` | `string` | | Signal to stop the container |
|
||||
| `--stop-timeout` | `int` | `0` | Timeout (in seconds) to stop a container |
|
||||
| `--storage-opt` | `list` | | Storage driver options for the container |
|
||||
|
||||
@ -349,7 +349,7 @@ volumes in a service:
|
||||
<td>
|
||||
<p>The type of mount, can be either <tt>volume</tt>, <tt>bind</tt>, <tt>tmpfs</tt>, or <tt>npipe</tt>. Defaults to <tt>volume</tt> if no type is specified.</p>
|
||||
<ul>
|
||||
<li><tt>volume</tt>: mounts a <a href="https://docs.docker.com/engine/reference/commandline/volume_create/">managed volume</a>
|
||||
<li><tt>volume</tt>: mounts a <a href="https://docs.docker.com/reference/cli/docker/volume/create/">managed volume</a>
|
||||
into the container.</li> <li><tt>bind</tt>:
|
||||
bind-mounts a directory or file from the host into the container.</li>
|
||||
<li><tt>tmpfs</tt>: mount a tmpfs in the container</li>
|
||||
|
||||
@ -133,21 +133,21 @@ to [the `daemon.json` file](#daemon-configuration-file).
|
||||
|
||||
The following list of environment variables are supported by the `dockerd` daemon.
|
||||
Some of these environment variables are supported both by the Docker Daemon and
|
||||
the `docker` CLI. Refer to [Environment variables](cli.md#environment-variables)
|
||||
the `docker` CLI. Refer to [Environment variables](https://docs.docker.com/engine/reference/commandline/cli/#environment-variables)
|
||||
in the CLI section to learn about environment variables supported by the
|
||||
`docker` CLI.
|
||||
|
||||
| Variable | Description |
|
||||
|:--------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the [`docker` CLI](cli.md) and the `dockerd` daemon. |
|
||||
| `DOCKER_DRIVER` | The storage driver to use. |
|
||||
| `DOCKER_RAMDISK` | If set this disables `pivot_root`. |
|
||||
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the [`docker` CLI](cli.md) and the `dockerd` daemon. |
|
||||
| `DOCKER_TMPDIR` | Location for temporary files created by the daemon. |
|
||||
| `HTTP_PROXY` | Proxy URL for HTTP requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||
| `HTTPS_PROXY` | Proxy URL for HTTPS requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||
| `MOBY_DISABLE_PIGZ` | Disables the use of [`unpigz`](https://linux.die.net/man/1/pigz) to decompress layers in parallel when pulling images, even if it is installed. |
|
||||
| `NO_PROXY` | Comma-separated values specifying hosts that should be excluded from proxying. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||
| Variable | Description |
|
||||
| :------------------ | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the [`docker` CLI](https://docs.docker.com/engine/reference/commandline/cli/) and the `dockerd` daemon. |
|
||||
| `DOCKER_DRIVER` | The storage driver to use. |
|
||||
| `DOCKER_RAMDISK` | If set this disables `pivot_root`. |
|
||||
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the [`docker` CLI](https://docs.docker.com/engine/reference/commandline/cli/) and the `dockerd` daemon. |
|
||||
| `DOCKER_TMPDIR` | Location for temporary files created by the daemon. |
|
||||
| `HTTP_PROXY` | Proxy URL for HTTP requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||
| `HTTPS_PROXY` | Proxy URL for HTTPS requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||
| `MOBY_DISABLE_PIGZ` | Disables the use of [`unpigz`](https://linux.die.net/man/1/pigz) to decompress layers in parallel when pulling images, even if it is installed. |
|
||||
| `NO_PROXY` | Comma-separated values specifying hosts that should be excluded from proxying. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. |
|
||||
|
||||
## Examples
|
||||
|
||||
@ -795,7 +795,7 @@ Any `--ulimit` options passed to `docker run` override the daemon defaults.
|
||||
|
||||
Be careful setting `nproc` with the `ulimit` flag, as `nproc` is designed by Linux to
|
||||
set the maximum number of processes available to a user, not to a container.
|
||||
For details, see [`docker run` reference](run.md#ulimit).
|
||||
For details, see [`docker run` reference](https://docs.docker.com/reference/cli/docker/container/run/#ulimit).
|
||||
|
||||
### Access authorization
|
||||
|
||||
@ -819,7 +819,7 @@ If you have multiple plugins installed, each plugin, in order, must
|
||||
allow the request for it to complete.
|
||||
|
||||
For information about how to create an authorization plugin, refer to the
|
||||
[authorization plugin](../../extend/plugins_authorization.md) section.
|
||||
[authorization plugin](https://docs.docker.com/engine/extend/plugins_authorization/) section.
|
||||
|
||||
### Daemon user namespace options
|
||||
|
||||
@ -14,7 +14,7 @@ keywords: "Engine"
|
||||
|
||||
# Engine reference
|
||||
|
||||
* [Dockerfile reference](https://docs.docker.com/engine/reference/builder/)
|
||||
* [Dockerfile reference](https://docs.docker.com/reference/dockerfile/)
|
||||
* [Docker run reference](run.md)
|
||||
* [Command line reference](commandline/index.md)
|
||||
* [API Reference](https://docs.docker.com/engine/api/)
|
||||
|
||||
@ -114,13 +114,13 @@ $ docker attach 0246aa4d1448
|
||||
For more information about `docker run` flags related to foreground and
|
||||
background modes, see:
|
||||
|
||||
- [`docker run --detach`](commandline/container_run.md#detach): run container in background
|
||||
- [`docker run --attach`](commandline/container_run.md#attach): attach to `stdin`, `stdout`, and `stderr`
|
||||
- [`docker run --tty`](commandline/container_run.md#tty): allocate a pseudo-tty
|
||||
- [`docker run --interactive`](commandline/container_run.md#interactive): keep `stdin` open even if not attached
|
||||
- [`docker run --detach`](https://docs.docker.com/reference/cli/docker/container/run/#detach): run container in background
|
||||
- [`docker run --attach`](https://docs.docker.com/reference/cli/docker/container/run/#attach): attach to `stdin`, `stdout`, and `stderr`
|
||||
- [`docker run --tty`](https://docs.docker.com/reference/cli/docker/container/run/#tty): allocate a pseudo-tty
|
||||
- [`docker run --interactive`](https://docs.docker.com/reference/cli/docker/container/run/#interactive): keep `stdin` open even if not attached
|
||||
|
||||
For more information about re-attaching to a background container, see
|
||||
[`docker attach`](commandline/container_attach.md).
|
||||
[`docker attach`](https://docs.docker.com/reference/cli/docker/container/attach/).
|
||||
|
||||
## Container identification
|
||||
|
||||
@ -135,7 +135,7 @@ You can identify a container in three ways:
|
||||
The UUID identifier is a random ID assigned to the container by the daemon.
|
||||
|
||||
The daemon generates a random string name for containers automatically. You can
|
||||
also defined a custom name using [the `--name` flag](./commandline/container_run.md#name).
|
||||
also defined a custom name using [the `--name` flag](https://docs.docker.com/reference/cli/docker/container/run/#name).
|
||||
Defining a `name` can be a handy way to add meaning to a container. If you
|
||||
specify a `name`, you can use it when referring to the container in a
|
||||
user-defined network. This works for both background and foreground Docker
|
||||
@ -966,7 +966,7 @@ use of facilities allowed by the capabilities, so you should not have to adjust
|
||||
|
||||
## Overriding image defaults
|
||||
|
||||
When you build an image from a [Dockerfile](https://docs.docker.com/engine/reference/builder/),
|
||||
When you build an image from a [Dockerfile](https://docs.docker.com/reference/dockerfile/),
|
||||
or when committing it, you can set a number of default parameters that take
|
||||
effect when the image starts up as a container. When you run an image, you can
|
||||
override those defaults using flags for the `docker run` command.
|
||||
|
||||
@ -3,5 +3,7 @@ services:
|
||||
build:
|
||||
context: ./testdata
|
||||
dockerfile: Dockerfile.connhelper-ssh
|
||||
args:
|
||||
- ENGINE_VERSION
|
||||
environment:
|
||||
- TEST_CONNHELPER_SSH_ID_RSA_PUB
|
||||
|
||||
@ -1,9 +1,10 @@
|
||||
services:
|
||||
|
||||
registry:
|
||||
image: 'registry:2'
|
||||
|
||||
engine:
|
||||
image: 'docker:${TEST_ENGINE_VERSION:-stable-dind}'
|
||||
image: 'docker:${ENGINE_VERSION:-25.0}-dind'
|
||||
privileged: true
|
||||
command: ['--insecure-registry=registry:5000']
|
||||
environment:
|
||||
@ -16,6 +17,7 @@ services:
|
||||
ports:
|
||||
- 4443:4443
|
||||
command: ['notary-server', '-config=/fixtures/notary-config.json']
|
||||
|
||||
evil-notary-server:
|
||||
build:
|
||||
context: ./testdata
|
||||
|
||||
@ -146,6 +146,6 @@ func TestRunWithCgroupNamespace(t *testing.T) {
|
||||
environment.SkipIfCgroupNamespacesNotSupported(t)
|
||||
|
||||
result := icmd.RunCommand("docker", "run", "--cgroupns=private", "--rm", fixtures.AlpineImage,
|
||||
"/bin/grep", "-q", "':memory:/$'", "/proc/1/cgroup")
|
||||
"cat", "/sys/fs/cgroup/cgroup.controllers")
|
||||
result.Assert(t, icmd.Success)
|
||||
}
|
||||
|
||||
@ -43,12 +43,19 @@ func TestBuildFromContextDirectoryWithTag(t *testing.T) {
|
||||
|
||||
result.Assert(t, icmd.Expected{Err: buildkitDisabledWarning})
|
||||
output.Assert(t, result.Stdout(), map[int]func(string) error{
|
||||
0: output.Prefix("Sending build context to Docker daemon"),
|
||||
1: output.Suffix("Step 1/4 : FROM registry:5000/alpine:frozen"),
|
||||
3: output.Suffix("Step 2/4 : COPY run /usr/bin/run"),
|
||||
5: output.Suffix("Step 3/4 : RUN run"),
|
||||
7: output.Suffix("running"),
|
||||
8: output.Contains("Removing intermediate container"),
|
||||
0: output.Prefix("Sending build context to Docker daemon"),
|
||||
1: output.Suffix("Step 1/4 : FROM registry:5000/alpine:frozen"),
|
||||
3: output.Suffix("Step 2/4 : COPY run /usr/bin/run"),
|
||||
5: output.Suffix("Step 3/4 : RUN run"),
|
||||
7: output.Suffix("running"),
|
||||
// TODO(krissetto): ugly, remove when no longer testing against moby 24. see https://github.com/moby/moby/pull/46270
|
||||
8: func(s string) error {
|
||||
err := output.Contains("Removed intermediate container")(s) // moby >= v25
|
||||
if err == nil {
|
||||
return nil
|
||||
}
|
||||
return output.Contains("Removing intermediate container")(s) // moby < v25
|
||||
},
|
||||
10: output.Suffix("Step 4/4 : COPY data /data"),
|
||||
12: output.Contains("Successfully built "),
|
||||
13: output.Suffix("Successfully tagged myimage:latest"),
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
Pull (1 of 1): registry:5000/trust-pull:latest@sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501
|
||||
sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501: Pulling from trust-pull
|
||||
registry:5000/trust-pull@sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501: Pulling from trust-pull
|
||||
Digest: sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501
|
||||
Status: Downloaded newer image for registry:5000/trust-pull@sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501
|
||||
registry:5000/trust-pull:latest
|
||||
|
||||
@ -11,6 +11,7 @@ import (
|
||||
"github.com/docker/cli/e2e/internal/fixtures"
|
||||
"github.com/docker/cli/internal/test/environment"
|
||||
"github.com/docker/docker/api/types"
|
||||
"github.com/docker/docker/api/types/versions"
|
||||
"github.com/pkg/errors"
|
||||
"gotest.tools/v3/assert"
|
||||
"gotest.tools/v3/fs"
|
||||
@ -21,6 +22,8 @@ import (
|
||||
const registryPrefix = "registry:5000"
|
||||
|
||||
func TestInstallWithContentTrust(t *testing.T) {
|
||||
// TODO(krissetto): remove this skip once the fix (see https://github.com/moby/moby/pull/47299) is deployed to moby versions < 25
|
||||
skip.If(t, versions.LessThan(environment.DaemonAPIVersion(t), "1.44"))
|
||||
skip.If(t, environment.SkipPluginTests())
|
||||
|
||||
pluginName := fmt.Sprintf("%s/plugin-content-trust", registryPrefix)
|
||||
@ -50,7 +53,7 @@ func TestInstallWithContentTrust(t *testing.T) {
|
||||
fixtures.WithNotary,
|
||||
)
|
||||
result.Assert(t, icmd.Expected{
|
||||
Out: fmt.Sprintf("Status: Downloaded newer image for %s@sha", pluginName),
|
||||
Out: fmt.Sprintf("Installed plugin %s", pluginName),
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
15
e2e/testdata/Dockerfile.connhelper-ssh
vendored
15
e2e/testdata/Dockerfile.connhelper-ssh
vendored
@ -1,5 +1,16 @@
|
||||
FROM docker:test-dind
|
||||
RUN apk --no-cache add shadow openssh-server && \
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
# ENGINE_VERSION is the version of the (docker-in-docker) Docker Engine to
|
||||
# test against.
|
||||
ARG ENGINE_VERSION=25.0
|
||||
|
||||
FROM docker:${ENGINE_VERSION}-dind
|
||||
|
||||
# the openssh-client update is needed for security reasons when using docker:23.0-dind, currently maintained as an lts by mirantis
|
||||
RUN apk --no-cache upgrade openssh-client && \
|
||||
apk --no-cache add shadow openssh-server && \
|
||||
# TODO(krissetto): `groupadd` can be removed once we only test against moby >= v24
|
||||
# see https://github.com/docker-library/docker/pull/470
|
||||
groupadd -f docker && \
|
||||
useradd --create-home --shell /bin/sh --password $(head -c32 /dev/urandom | base64) penguin && \
|
||||
usermod -aG docker penguin && \
|
||||
|
||||
3
e2e/testdata/Dockerfile.evil-notary-server
vendored
3
e2e/testdata/Dockerfile.evil-notary-server
vendored
@ -1,4 +1,7 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG NOTARY_VERSION=0.6.1
|
||||
|
||||
FROM notary:server-${NOTARY_VERSION}
|
||||
|
||||
COPY ./notary-evil/ /fixtures/
|
||||
|
||||
2
e2e/testdata/Dockerfile.gencerts
vendored
2
e2e/testdata/Dockerfile.gencerts
vendored
@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG GO_VERSION=1.21.6
|
||||
ARG GO_VERSION=1.21.8
|
||||
|
||||
FROM golang:${GO_VERSION}-alpine AS generated
|
||||
ENV GOTOOLCHAIN=local
|
||||
|
||||
3
e2e/testdata/Dockerfile.notary-server
vendored
3
e2e/testdata/Dockerfile.notary-server
vendored
@ -1,4 +1,7 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
ARG NOTARY_VERSION=0.6.1
|
||||
|
||||
FROM notary:server-${NOTARY_VERSION}
|
||||
|
||||
COPY ./notary/ /fixtures/
|
||||
|
||||
@ -108,3 +108,14 @@ func SkipIfNotPlatform(t *testing.T, platform string) {
|
||||
daemonPlatform := strings.TrimSpace(result.Stdout())
|
||||
skip.If(t, daemonPlatform != platform, "running against a non %s daemon", platform)
|
||||
}
|
||||
|
||||
// DaemonAPIVersion returns the negotiated daemon API version.
|
||||
func DaemonAPIVersion(t *testing.T) string {
|
||||
t.Helper()
|
||||
// Use Client.APIVersion instead of Server.APIVersion.
|
||||
// The latter is the maximum version that the server supports
|
||||
// while the Client.APIVersion contains the negotiated version.
|
||||
result := icmd.RunCmd(icmd.Command("docker", "version", "--format", "{{.Client.APIVersion}}"))
|
||||
result.Assert(t, icmd.Expected{Err: icmd.None})
|
||||
return strings.TrimSpace(result.Stdout())
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
set -eu
|
||||
|
||||
: "${CLI_DOCS_TOOL_VERSION=v0.6.0}"
|
||||
: "${CLI_DOCS_TOOL_VERSION=v0.7.0}"
|
||||
|
||||
export GO111MODULE=auto
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
set -eu
|
||||
|
||||
: "${CLI_DOCS_TOOL_VERSION=v0.5.1}"
|
||||
: "${CLI_DOCS_TOOL_VERSION=v0.7.0}"
|
||||
|
||||
export GO111MODULE=auto
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ require (
|
||||
github.com/creack/pty v1.1.21
|
||||
github.com/distribution/reference v0.5.0
|
||||
github.com/docker/distribution v2.8.3+incompatible
|
||||
github.com/docker/docker v25.0.2+incompatible
|
||||
github.com/docker/docker v25.0.5-0.20240319141229-e63daec8672d+incompatible // 25.0 branch (v25.0.5-dev)
|
||||
github.com/docker/docker-credential-helpers v0.8.1
|
||||
github.com/docker/go-connections v0.5.0
|
||||
github.com/docker/go-units v0.5.0
|
||||
|
||||
@ -54,8 +54,8 @@ github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5
|
||||
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
|
||||
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
|
||||
github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
|
||||
github.com/docker/docker v25.0.2+incompatible h1:/OaKeauroa10K4Nqavw4zlhcDq/WBcPMc5DbjOGgozY=
|
||||
github.com/docker/docker v25.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v25.0.5-0.20240319141229-e63daec8672d+incompatible h1:/fHlcenWAlpspiwdoApWGdUJ9FuFsD/NeK8BuFyZZzY=
|
||||
github.com/docker/docker v25.0.5-0.20240319141229-e63daec8672d+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo=
|
||||
github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
|
||||
github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=
|
||||
|
||||
22
vendor/github.com/docker/docker/api/swagger.yaml
generated
vendored
22
vendor/github.com/docker/docker/api/swagger.yaml
generated
vendored
@ -391,7 +391,11 @@ definitions:
|
||||
ReadOnlyNonRecursive:
|
||||
description: |
|
||||
Make the mount non-recursively read-only, but still leave the mount recursive
|
||||
(unless NonRecursive is set to true in conjunction).
|
||||
(unless NonRecursive is set to `true` in conjunction).
|
||||
|
||||
Addded in v1.44, before that version all read-only mounts were
|
||||
non-recursive by default. To match the previous behaviour this
|
||||
will default to `true` for clients on versions prior to v1.44.
|
||||
type: "boolean"
|
||||
default: false
|
||||
ReadOnlyForceRecursive:
|
||||
@ -1743,8 +1747,12 @@ definitions:
|
||||
description: |
|
||||
Date and time at which the image was created, formatted in
|
||||
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
|
||||
|
||||
This information is only available if present in the image,
|
||||
and omitted otherwise.
|
||||
type: "string"
|
||||
x-nullable: false
|
||||
format: "dateTime"
|
||||
x-nullable: true
|
||||
example: "2022-02-04T21:20:12.497794809Z"
|
||||
Container:
|
||||
description: |
|
||||
@ -8327,6 +8335,16 @@ paths:
|
||||
description: "BuildKit output configuration"
|
||||
type: "string"
|
||||
default: ""
|
||||
- name: "version"
|
||||
in: "query"
|
||||
type: "string"
|
||||
default: "1"
|
||||
enum: ["1", "2"]
|
||||
description: |
|
||||
Version of the builder backend to use.
|
||||
|
||||
- `1` is the first generation classic (deprecated) builder in the Docker daemon (default)
|
||||
- `2` is [BuildKit](https://github.com/moby/buildkit)
|
||||
responses:
|
||||
200:
|
||||
description: "no error"
|
||||
|
||||
3
vendor/github.com/docker/docker/api/types/network/endpoint.go
generated
vendored
3
vendor/github.com/docker/docker/api/types/network/endpoint.go
generated
vendored
@ -14,6 +14,9 @@ type EndpointSettings struct {
|
||||
IPAMConfig *EndpointIPAMConfig
|
||||
Links []string
|
||||
Aliases []string // Aliases holds the list of extra, user-specified DNS names for this endpoint.
|
||||
// MacAddress may be used to specify a MAC address when the container is created.
|
||||
// Once the container is running, it becomes operational data (it may contain a
|
||||
// generated address).
|
||||
MacAddress string
|
||||
// Operational data
|
||||
NetworkID string
|
||||
|
||||
27
vendor/github.com/docker/docker/api/types/network/ipam.go
generated
vendored
27
vendor/github.com/docker/docker/api/types/network/ipam.go
generated
vendored
@ -30,30 +30,9 @@ const (
|
||||
ip6 ipFamily = "IPv6"
|
||||
)
|
||||
|
||||
// HasIPv6Subnets checks whether there's any IPv6 subnets in the ipam parameter. It ignores any invalid Subnet and nil
|
||||
// ipam.
|
||||
func HasIPv6Subnets(ipam *IPAM) bool {
|
||||
if ipam == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
for _, cfg := range ipam.Config {
|
||||
subnet, err := netip.ParsePrefix(cfg.Subnet)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if subnet.Addr().Is6() {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// ValidateIPAM checks whether the network's IPAM passed as argument is valid. It returns a joinError of the list of
|
||||
// errors found.
|
||||
func ValidateIPAM(ipam *IPAM) error {
|
||||
func ValidateIPAM(ipam *IPAM, enableIPv6 bool) error {
|
||||
if ipam == nil {
|
||||
return nil
|
||||
}
|
||||
@ -70,6 +49,10 @@ func ValidateIPAM(ipam *IPAM) error {
|
||||
subnetFamily = ip6
|
||||
}
|
||||
|
||||
if !enableIPv6 && subnetFamily == ip6 {
|
||||
continue
|
||||
}
|
||||
|
||||
if subnet != subnet.Masked() {
|
||||
errs = append(errs, fmt.Errorf("invalid subnet %s: it should be %s", subnet, subnet.Masked()))
|
||||
}
|
||||
|
||||
5
vendor/github.com/docker/docker/api/types/types.go
generated
vendored
5
vendor/github.com/docker/docker/api/types/types.go
generated
vendored
@ -72,7 +72,10 @@ type ImageInspect struct {
|
||||
|
||||
// Created is the date and time at which the image was created, formatted in
|
||||
// RFC 3339 nano-seconds (time.RFC3339Nano).
|
||||
Created string
|
||||
//
|
||||
// This information is only available if present in the image,
|
||||
// and omitted otherwise.
|
||||
Created string `json:",omitempty"`
|
||||
|
||||
// Container is the ID of the container that was used to create the image.
|
||||
//
|
||||
|
||||
19
vendor/github.com/docker/docker/client/client.go
generated
vendored
19
vendor/github.com/docker/docker/client/client.go
generated
vendored
@ -265,17 +265,22 @@ func (cli *Client) Close() error {
|
||||
// This allows for version-dependent code to use the same version as will
|
||||
// be negotiated when making the actual requests, and for which cases
|
||||
// we cannot do the negotiation lazily.
|
||||
func (cli *Client) checkVersion(ctx context.Context) {
|
||||
if cli.negotiateVersion && !cli.negotiated {
|
||||
cli.NegotiateAPIVersion(ctx)
|
||||
func (cli *Client) checkVersion(ctx context.Context) error {
|
||||
if !cli.manualOverride && cli.negotiateVersion && !cli.negotiated {
|
||||
ping, err := cli.Ping(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
cli.negotiateAPIVersionPing(ping)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// getAPIPath returns the versioned request path to call the API.
|
||||
// It appends the query parameters to the path if they are not empty.
|
||||
func (cli *Client) getAPIPath(ctx context.Context, p string, query url.Values) string {
|
||||
var apiPath string
|
||||
cli.checkVersion(ctx)
|
||||
_ = cli.checkVersion(ctx)
|
||||
if cli.version != "" {
|
||||
v := strings.TrimPrefix(cli.version, "v")
|
||||
apiPath = path.Join(cli.basePath, "/v"+v, p)
|
||||
@ -307,7 +312,11 @@ func (cli *Client) ClientVersion() string {
|
||||
// added (1.24).
|
||||
func (cli *Client) NegotiateAPIVersion(ctx context.Context) {
|
||||
if !cli.manualOverride {
|
||||
ping, _ := cli.Ping(ctx)
|
||||
ping, err := cli.Ping(ctx)
|
||||
if err != nil {
|
||||
// FIXME(thaJeztah): Ping returns an error when failing to connect to the API; we should not swallow the error here, and instead returning it.
|
||||
return
|
||||
}
|
||||
cli.negotiateAPIVersionPing(ping)
|
||||
}
|
||||
}
|
||||
|
||||
4
vendor/github.com/docker/docker/client/container_create.go
generated
vendored
4
vendor/github.com/docker/docker/client/container_create.go
generated
vendored
@ -28,7 +28,9 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return response, err
|
||||
}
|
||||
|
||||
if err := cli.NewVersionError(ctx, "1.25", "stop timeout"); config != nil && config.StopTimeout != nil && err != nil {
|
||||
return response, err
|
||||
|
||||
4
vendor/github.com/docker/docker/client/container_exec.go
generated
vendored
4
vendor/github.com/docker/docker/client/container_exec.go
generated
vendored
@ -18,7 +18,9 @@ func (cli *Client) ContainerExecCreate(ctx context.Context, container string, co
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return response, err
|
||||
}
|
||||
|
||||
if err := cli.NewVersionError(ctx, "1.25", "env"); len(config.Env) != 0 && err != nil {
|
||||
return response, err
|
||||
|
||||
4
vendor/github.com/docker/docker/client/container_restart.go
generated
vendored
4
vendor/github.com/docker/docker/client/container_restart.go
generated
vendored
@ -23,7 +23,9 @@ func (cli *Client) ContainerRestart(ctx context.Context, containerID string, opt
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
if versions.GreaterThanOrEqualTo(cli.version, "1.42") {
|
||||
query.Set("signal", options.Signal)
|
||||
}
|
||||
|
||||
4
vendor/github.com/docker/docker/client/container_stop.go
generated
vendored
4
vendor/github.com/docker/docker/client/container_stop.go
generated
vendored
@ -27,7 +27,9 @@ func (cli *Client) ContainerStop(ctx context.Context, containerID string, option
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
if versions.GreaterThanOrEqualTo(cli.version, "1.42") {
|
||||
query.Set("signal", options.Signal)
|
||||
}
|
||||
|
||||
11
vendor/github.com/docker/docker/client/container_wait.go
generated
vendored
11
vendor/github.com/docker/docker/client/container_wait.go
generated
vendored
@ -30,19 +30,22 @@ const containerWaitErrorMsgLimit = 2 * 1024 /* Max: 2KiB */
|
||||
// synchronize ContainerWait with other calls, such as specifying a
|
||||
// "next-exit" condition before issuing a ContainerStart request.
|
||||
func (cli *Client) ContainerWait(ctx context.Context, containerID string, condition container.WaitCondition) (<-chan container.WaitResponse, <-chan error) {
|
||||
resultC := make(chan container.WaitResponse)
|
||||
errC := make(chan error, 1)
|
||||
|
||||
// Make sure we negotiated (if the client is configured to do so),
|
||||
// as code below contains API-version specific handling of options.
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
errC <- err
|
||||
return resultC, errC
|
||||
}
|
||||
if versions.LessThan(cli.ClientVersion(), "1.30") {
|
||||
return cli.legacyContainerWait(ctx, containerID)
|
||||
}
|
||||
|
||||
resultC := make(chan container.WaitResponse)
|
||||
errC := make(chan error, 1)
|
||||
|
||||
query := url.Values{}
|
||||
if condition != "" {
|
||||
query.Set("condition", string(condition))
|
||||
|
||||
25
vendor/github.com/docker/docker/client/errors.go
generated
vendored
25
vendor/github.com/docker/docker/client/errors.go
generated
vendored
@ -11,15 +11,16 @@ import (
|
||||
|
||||
// errConnectionFailed implements an error returned when connection failed.
|
||||
type errConnectionFailed struct {
|
||||
host string
|
||||
error
|
||||
}
|
||||
|
||||
// Error returns a string representation of an errConnectionFailed
|
||||
func (err errConnectionFailed) Error() string {
|
||||
if err.host == "" {
|
||||
return "Cannot connect to the Docker daemon. Is the docker daemon running on this host?"
|
||||
}
|
||||
return fmt.Sprintf("Cannot connect to the Docker daemon at %s. Is the docker daemon running?", err.host)
|
||||
func (e errConnectionFailed) Error() string {
|
||||
return e.error.Error()
|
||||
}
|
||||
|
||||
func (e errConnectionFailed) Unwrap() error {
|
||||
return e.error
|
||||
}
|
||||
|
||||
// IsErrConnectionFailed returns true if the error is caused by connection failed.
|
||||
@ -29,7 +30,13 @@ func IsErrConnectionFailed(err error) bool {
|
||||
|
||||
// ErrorConnectionFailed returns an error with host in the error message when connection to docker daemon failed.
|
||||
func ErrorConnectionFailed(host string) error {
|
||||
return errConnectionFailed{host: host}
|
||||
var err error
|
||||
if host == "" {
|
||||
err = fmt.Errorf("Cannot connect to the Docker daemon. Is the docker daemon running on this host?")
|
||||
} else {
|
||||
err = fmt.Errorf("Cannot connect to the Docker daemon at %s. Is the docker daemon running?", host)
|
||||
}
|
||||
return errConnectionFailed{error: err}
|
||||
}
|
||||
|
||||
// IsErrNotFound returns true if the error is a NotFound error, which is returned
|
||||
@ -60,7 +67,9 @@ func (cli *Client) NewVersionError(ctx context.Context, APIrequired, feature str
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
if cli.version != "" && versions.LessThan(cli.version, APIrequired) {
|
||||
return fmt.Errorf("%q requires API version %s, but the Docker daemon API version is %s", feature, APIrequired, cli.version)
|
||||
}
|
||||
|
||||
7
vendor/github.com/docker/docker/client/image_list.go
generated
vendored
7
vendor/github.com/docker/docker/client/image_list.go
generated
vendored
@ -13,14 +13,17 @@ import (
|
||||
|
||||
// ImageList returns a list of images in the docker host.
|
||||
func (cli *Client) ImageList(ctx context.Context, options types.ImageListOptions) ([]image.Summary, error) {
|
||||
var images []image.Summary
|
||||
|
||||
// Make sure we negotiated (if the client is configured to do so),
|
||||
// as code below contains API-version specific handling of options.
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return images, err
|
||||
}
|
||||
|
||||
var images []image.Summary
|
||||
query := url.Values{}
|
||||
|
||||
optionFilters := options.Filters
|
||||
|
||||
7
vendor/github.com/docker/docker/client/network_create.go
generated
vendored
7
vendor/github.com/docker/docker/client/network_create.go
generated
vendored
@ -10,12 +10,16 @@ import (
|
||||
|
||||
// NetworkCreate creates a new network in the docker host.
|
||||
func (cli *Client) NetworkCreate(ctx context.Context, name string, options types.NetworkCreate) (types.NetworkCreateResponse, error) {
|
||||
var response types.NetworkCreateResponse
|
||||
|
||||
// Make sure we negotiated (if the client is configured to do so),
|
||||
// as code below contains API-version specific handling of options.
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return response, err
|
||||
}
|
||||
|
||||
networkCreateRequest := types.NetworkCreateRequest{
|
||||
NetworkCreate: options,
|
||||
@ -25,7 +29,6 @@ func (cli *Client) NetworkCreate(ctx context.Context, name string, options types
|
||||
networkCreateRequest.CheckDuplicate = true //nolint:staticcheck // ignore SA1019: CheckDuplicate is deprecated since API v1.44.
|
||||
}
|
||||
|
||||
var response types.NetworkCreateResponse
|
||||
serverResp, err := cli.post(ctx, "/networks/create", nil, networkCreateRequest, nil)
|
||||
defer ensureReaderClosed(serverResp)
|
||||
if err != nil {
|
||||
|
||||
5
vendor/github.com/docker/docker/client/ping.go
generated
vendored
5
vendor/github.com/docker/docker/client/ping.go
generated
vendored
@ -14,7 +14,10 @@ import (
|
||||
// Ping pings the server and returns the value of the "Docker-Experimental",
|
||||
// "Builder-Version", "OS-Type" & "API-Version" headers. It attempts to use
|
||||
// a HEAD request on the endpoint, but falls back to GET if HEAD is not supported
|
||||
// by the daemon.
|
||||
// by the daemon. It ignores internal server errors returned by the API, which
|
||||
// may be returned if the daemon is in an unhealthy state, but returns errors
|
||||
// for other non-success status codes, failing to connect to the API, or failing
|
||||
// to parse the API response.
|
||||
func (cli *Client) Ping(ctx context.Context) (types.Ping, error) {
|
||||
var ping types.Ping
|
||||
|
||||
|
||||
10
vendor/github.com/docker/docker/client/request.go
generated
vendored
10
vendor/github.com/docker/docker/client/request.go
generated
vendored
@ -134,17 +134,18 @@ func (cli *Client) sendRequest(ctx context.Context, method, path string, query u
|
||||
return resp, errdefs.FromStatusCode(err, resp.statusCode)
|
||||
}
|
||||
|
||||
// FIXME(thaJeztah): Should this actually return a serverResp when a connection error occurred?
|
||||
func (cli *Client) doRequest(req *http.Request) (serverResponse, error) {
|
||||
serverResp := serverResponse{statusCode: -1, reqURL: req.URL}
|
||||
|
||||
resp, err := cli.client.Do(req)
|
||||
if err != nil {
|
||||
if cli.scheme != "https" && strings.Contains(err.Error(), "malformed HTTP response") {
|
||||
return serverResp, fmt.Errorf("%v.\n* Are you trying to connect to a TLS-enabled daemon without TLS?", err)
|
||||
return serverResp, errConnectionFailed{fmt.Errorf("%v.\n* Are you trying to connect to a TLS-enabled daemon without TLS?", err)}
|
||||
}
|
||||
|
||||
if cli.scheme == "https" && strings.Contains(err.Error(), "bad certificate") {
|
||||
return serverResp, errors.Wrap(err, "the server probably has client authentication (--tlsverify) enabled; check your TLS client certification settings")
|
||||
return serverResp, errConnectionFailed{errors.Wrap(err, "the server probably has client authentication (--tlsverify) enabled; check your TLS client certification settings")}
|
||||
}
|
||||
|
||||
// Don't decorate context sentinel errors; users may be comparing to
|
||||
@ -156,12 +157,13 @@ func (cli *Client) doRequest(req *http.Request) (serverResponse, error) {
|
||||
if uErr, ok := err.(*url.Error); ok {
|
||||
if nErr, ok := uErr.Err.(*net.OpError); ok {
|
||||
if os.IsPermission(nErr.Err) {
|
||||
return serverResp, errors.Wrapf(err, "permission denied while trying to connect to the Docker daemon socket at %v", cli.host)
|
||||
return serverResp, errConnectionFailed{errors.Wrapf(err, "permission denied while trying to connect to the Docker daemon socket at %v", cli.host)}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if nErr, ok := err.(net.Error); ok {
|
||||
// FIXME(thaJeztah): any net.Error should be considered a connection error (but we should include the original error)?
|
||||
if nErr.Timeout() {
|
||||
return serverResp, ErrorConnectionFailed(cli.host)
|
||||
}
|
||||
@ -190,7 +192,7 @@ func (cli *Client) doRequest(req *http.Request) (serverResponse, error) {
|
||||
}
|
||||
}
|
||||
|
||||
return serverResp, errors.Wrap(err, "error during connect")
|
||||
return serverResp, errConnectionFailed{errors.Wrap(err, "error during connect")}
|
||||
}
|
||||
|
||||
if resp != nil {
|
||||
|
||||
4
vendor/github.com/docker/docker/client/service_create.go
generated
vendored
4
vendor/github.com/docker/docker/client/service_create.go
generated
vendored
@ -25,7 +25,9 @@ func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec,
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return response, err
|
||||
}
|
||||
|
||||
// Make sure containerSpec is not nil when no runtime is set or the runtime is set to container
|
||||
if service.TaskTemplate.ContainerSpec == nil && (service.TaskTemplate.Runtime == "" || service.TaskTemplate.Runtime == swarm.RuntimeContainer) {
|
||||
|
||||
12
vendor/github.com/docker/docker/client/service_update.go
generated
vendored
12
vendor/github.com/docker/docker/client/service_update.go
generated
vendored
@ -16,18 +16,18 @@ import (
|
||||
// It should be the value as set *before* the update. You can find this value in the Meta field
|
||||
// of swarm.Service, which can be found using ServiceInspectWithRaw.
|
||||
func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version swarm.Version, service swarm.ServiceSpec, options types.ServiceUpdateOptions) (swarm.ServiceUpdateResponse, error) {
|
||||
response := swarm.ServiceUpdateResponse{}
|
||||
|
||||
// Make sure we negotiated (if the client is configured to do so),
|
||||
// as code below contains API-version specific handling of options.
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
|
||||
var (
|
||||
query = url.Values{}
|
||||
response = swarm.ServiceUpdateResponse{}
|
||||
)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return response, err
|
||||
}
|
||||
|
||||
query := url.Values{}
|
||||
if options.RegistryAuthFrom != "" {
|
||||
query.Set("registryAuthFrom", options.RegistryAuthFrom)
|
||||
}
|
||||
|
||||
4
vendor/github.com/docker/docker/client/volume_remove.go
generated
vendored
4
vendor/github.com/docker/docker/client/volume_remove.go
generated
vendored
@ -16,7 +16,9 @@ func (cli *Client) VolumeRemove(ctx context.Context, volumeID string, force bool
|
||||
//
|
||||
// Normally, version-negotiation (if enabled) would not happen until
|
||||
// the API request is made.
|
||||
cli.checkVersion(ctx)
|
||||
if err := cli.checkVersion(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
if versions.GreaterThanOrEqualTo(cli.version, "1.25") {
|
||||
query.Set("force", "1")
|
||||
}
|
||||
|
||||
21
vendor/github.com/docker/docker/pkg/ioutils/readers.go
generated
vendored
21
vendor/github.com/docker/docker/pkg/ioutils/readers.go
generated
vendored
@ -3,11 +3,15 @@ package ioutils // import "github.com/docker/docker/pkg/ioutils"
|
||||
import (
|
||||
"context"
|
||||
"io"
|
||||
"runtime/debug"
|
||||
"sync/atomic"
|
||||
|
||||
// make sure crypto.SHA256, crypto.sha512 and crypto.SHA384 are registered
|
||||
// TODO remove once https://github.com/opencontainers/go-digest/pull/64 is merged.
|
||||
_ "crypto/sha256"
|
||||
_ "crypto/sha512"
|
||||
|
||||
"github.com/containerd/log"
|
||||
)
|
||||
|
||||
// ReadCloserWrapper wraps an io.Reader, and implements an io.ReadCloser
|
||||
@ -16,10 +20,15 @@ import (
|
||||
type ReadCloserWrapper struct {
|
||||
io.Reader
|
||||
closer func() error
|
||||
closed atomic.Bool
|
||||
}
|
||||
|
||||
// Close calls back the passed closer function
|
||||
func (r *ReadCloserWrapper) Close() error {
|
||||
if !r.closed.CompareAndSwap(false, true) {
|
||||
subsequentCloseWarn("ReadCloserWrapper")
|
||||
return nil
|
||||
}
|
||||
return r.closer()
|
||||
}
|
||||
|
||||
@ -87,6 +96,7 @@ type cancelReadCloser struct {
|
||||
cancel func()
|
||||
pR *io.PipeReader // Stream to read from
|
||||
pW *io.PipeWriter
|
||||
closed atomic.Bool
|
||||
}
|
||||
|
||||
// NewCancelReadCloser creates a wrapper that closes the ReadCloser when the
|
||||
@ -146,6 +156,17 @@ func (p *cancelReadCloser) closeWithError(err error) {
|
||||
// Close closes the wrapper its underlying reader. It will cause
|
||||
// future calls to Read to return io.EOF.
|
||||
func (p *cancelReadCloser) Close() error {
|
||||
if !p.closed.CompareAndSwap(false, true) {
|
||||
subsequentCloseWarn("cancelReadCloser")
|
||||
return nil
|
||||
}
|
||||
p.closeWithError(io.EOF)
|
||||
return nil
|
||||
}
|
||||
|
||||
func subsequentCloseWarn(name string) {
|
||||
log.G(context.TODO()).Error("subsequent attempt to close " + name)
|
||||
if log.GetLevel() >= log.DebugLevel {
|
||||
log.G(context.TODO()).Errorf("stack trace: %s", string(debug.Stack()))
|
||||
}
|
||||
}
|
||||
|
||||
10
vendor/github.com/docker/docker/pkg/ioutils/writers.go
generated
vendored
10
vendor/github.com/docker/docker/pkg/ioutils/writers.go
generated
vendored
@ -1,6 +1,9 @@
|
||||
package ioutils // import "github.com/docker/docker/pkg/ioutils"
|
||||
|
||||
import "io"
|
||||
import (
|
||||
"io"
|
||||
"sync/atomic"
|
||||
)
|
||||
|
||||
// NopWriter represents a type which write operation is nop.
|
||||
type NopWriter struct{}
|
||||
@ -29,9 +32,14 @@ func (f *NopFlusher) Flush() {}
|
||||
type writeCloserWrapper struct {
|
||||
io.Writer
|
||||
closer func() error
|
||||
closed atomic.Bool
|
||||
}
|
||||
|
||||
func (r *writeCloserWrapper) Close() error {
|
||||
if !r.closed.CompareAndSwap(false, true) {
|
||||
subsequentCloseWarn("WriteCloserWrapper")
|
||||
return nil
|
||||
}
|
||||
return r.closer()
|
||||
}
|
||||
|
||||
|
||||
5
vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go
generated
vendored
5
vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go
generated
vendored
@ -5,6 +5,7 @@ import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"sync"
|
||||
|
||||
"github.com/docker/docker/pkg/jsonmessage"
|
||||
"github.com/docker/docker/pkg/progress"
|
||||
@ -109,6 +110,7 @@ type progressOutput struct {
|
||||
sf formatProgress
|
||||
out io.Writer
|
||||
newLines bool
|
||||
mu sync.Mutex
|
||||
}
|
||||
|
||||
// WriteProgress formats progress information from a ProgressReader.
|
||||
@ -120,6 +122,9 @@ func (out *progressOutput) WriteProgress(prog progress.Progress) error {
|
||||
jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total, HideCounts: prog.HideCounts, Units: prog.Units}
|
||||
formatted = out.sf.formatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux)
|
||||
}
|
||||
|
||||
out.mu.Lock()
|
||||
defer out.mu.Unlock()
|
||||
_, err := out.out.Write(formatted)
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -53,7 +53,7 @@ github.com/docker/distribution/registry/client/transport
|
||||
github.com/docker/distribution/registry/storage/cache
|
||||
github.com/docker/distribution/registry/storage/cache/memory
|
||||
github.com/docker/distribution/uuid
|
||||
# github.com/docker/docker v25.0.2+incompatible
|
||||
# github.com/docker/docker v25.0.5-0.20240319141229-e63daec8672d+incompatible
|
||||
## explicit
|
||||
github.com/docker/docker/api
|
||||
github.com/docker/docker/api/types
|
||||
|
||||
Reference in New Issue
Block a user