Commit graph

44385 commits

Author SHA1 Message Date
Sebastiaan van Stijn
21d818be87
Merge pull request from thaJeztah/22.06_backport_cleanup_jenkins
[22.06 backport] Jenkinsfile: remove steps moved to GitHub Actions
2022-09-08 21:17:48 +02:00
Brian Goff
6d65028804
Merge pull request from thaJeztah/22.06_backport_bump_units
[22.06 backport] vendor: github.com/docker/go-units v0.5.0
2022-09-08 12:09:35 -07:00
Brian Goff
c0e1c67c78
Merge pull request from crazy-max/22.06_backport_gha-test
[22.06 backport] ci: gha test workflow for integration and unit test
2022-09-08 11:20:42 -07:00
CrazyMax
b9b8ddc160
Jenkinsfile: remove steps moved to GitHub Actions
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 9f8bd80487)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-08 16:48:15 +02:00
CrazyMax
d96d56ff09
ci: fix .windows workflow name
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 36688496ca)
2022-09-08 13:50:19 +02:00
CrazyMax
cc7b8cc980
ci(test): send coverage to codecov
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 807c849431)
2022-09-08 13:50:19 +02:00
CrazyMax
8ca74127d9
ci(test): upload reports
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 4c8af0e2f9)
2022-09-08 13:50:19 +02:00
CrazyMax
fc2942d4e0
integration-cli: TestPluginInstallImage broken on GitHub Runner
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 60864229b8)
2022-09-08 13:50:19 +02:00
CrazyMax
874954d8bd
integration-cli: TestEventsOOM* broken on GitHub Runner
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit b8bf60c590)
2022-09-08 13:50:19 +02:00
CrazyMax
0bfb1bded3
integration: TestNetworkLoopbackNat is broken on GitHub Runner
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit df731c745a)
2022-09-08 13:50:18 +02:00
CrazyMax
4765040aa3
ci: gha test workflow for integration and unit test
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 2e04be3fb9)
2022-09-08 13:50:18 +02:00
Sebastiaan van Stijn
de0300b1c6
Merge pull request from thaJeztah/22.06_fix_linting_issues
[22.06 backport] fix various linting issues in preparation of golangci-lint update
2022-09-08 00:00:08 +02:00
Samuel Karp
4807ef2af0
Merge pull request from thaJeztah/22.06_backport_bump_go_1.19 2022-09-07 14:25:02 -07:00
Sebastiaan van Stijn
c853881610
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:

We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:

- net/http: handle server errors after sending GOAWAY
  A closing HTTP/2 server connection could hang forever waiting for a clean
  shutdown that was preempted by a subsequent fatal error. This failure mode
  could be exploited to cause a denial of service.

  Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
  and Kaan Onarlioglu for reporting this.

  This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.

- net/url: JoinPath does not strip relative path components in all circumstances
  JoinPath and URL.JoinPath would not remove `../` path components appended to a
  relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
  URL `https://go.dev/../go`, despite the JoinPath documentation stating that
  `../` path elements are cleaned from the result.

  Thanks to q0jt for reporting this issue.

  This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.

Release notes:

go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1eadbdd9fa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-07 22:11:46 +02:00
Sebastiaan van Stijn
2450c5a46b
update to golang 1.19
also ran gofmt with go1.19

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 58413c15cb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-07 22:11:46 +02:00
Sebastiaan van Stijn
a490e68553
Merge pull request from rumpl/22.06-fix-local-context
[22.06 backport] fix local context
2022-09-07 22:07:15 +02:00
Djordje Lukic
5d2b3687b0 Wrap local calls to the content and lease service
The wrapper sets the default namespace in the context if none is
provided, this is needed because we are calling these services directly
and not trough GRPC that has an interceptor to set the default namespace
to all calls.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
(cherry picked from commit 878906630b)
Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2022-09-07 15:07:16 +02:00
Samuel Karp
d7e36c99fb
Merge pull request from thaJeztah/22.06_backport_bump_golang_1.18.6 2022-09-06 21:43:55 -07:00
Samuel Karp
1249d36bdd
Merge pull request from thaJeztah/22.06_backport_bump_x_net 2022-09-06 20:50:29 -07:00
Sebastiaan van Stijn
287d1656de
vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
Update to the latest version that contains a fix for CVE-2022-27664;
f3363e06e7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 518179f63e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 23:19:13 +02:00
Sebastiaan van Stijn
39976cd2bf
Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:

We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:

- net/http: handle server errors after sending GOAWAY
  A closing HTTP/2 server connection could hang forever waiting for a clean
  shutdown that was preempted by a subsequent fatal error. This failure mode
  could be exploited to cause a denial of service.

  Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
  and Kaan Onarlioglu for reporting this.

  This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.

- net/url: JoinPath does not strip relative path components in all circumstances
  JoinPath and URL.JoinPath would not remove `../` path components appended to a
  relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
  URL `https://go.dev/../go`, despite the JoinPath documentation stating that
  `../` path elements are cleaned from the result.

  Thanks to q0jt for reporting this issue.

  This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.

Release notes:

go1.18.6 (released 2022-09-06) includes security fixes to the net/http package,
as well as bug fixes to the compiler, the go command, the pprof command, the
runtime, and the crypto/tls, encoding/xml, and net packages. See the Go 1.18.6
milestone on the issue tracker for details;

https://github.com/golang/go/issues?q=milestone%3AGo1.18.6+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit cba36a064d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 22:26:19 +02:00
Sebastiaan van Stijn
85f1b6ff8f
Merge pull request from thaJeztah/22.06_backport_remove_tereshkova
[22.06] cleanup namesgenerator
2022-09-06 21:58:09 +02:00
Sebastiaan van Stijn
1650fa8889
vendor: github.com/docker/go-units v0.5.0
full diff: https://github.com/docker/go-units/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 13f99eb65f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 16:04:56 +02:00
Sebastiaan van Stijn
e9e7491f2b
linting: host:port in url should be constructed with net.JoinHostPort
integration-cli/docker_cli_daemon_test.go:545:54: host:port in url should be constructed with net.JoinHostPort and not directly with fmt.Sprintf (nosprintfhostport)
            cmdArgs = append(cmdArgs, "--tls=false", "--host", fmt.Sprintf("tcp://%s:%s", l.daemon, l.port))
                                                               ^
    opts/hosts_test.go:35:31: host:port in url should be constructed with net.JoinHostPort and not directly with fmt.Sprintf (nosprintfhostport)
            "tcp://:5555":              fmt.Sprintf("tcp://%s:5555", DefaultHTTPHost),
                                        ^
    opts/hosts_test.go:91:30: host:port in url should be constructed with net.JoinHostPort and not directly with fmt.Sprintf (nosprintfhostport)
            ":5555":                   fmt.Sprintf("tcp://%s:5555", DefaultHTTPHost),
                                       ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 306b8c89e8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 15:11:42 +02:00
Sebastiaan van Stijn
2609d4e252
linting: gosec: fix or suppress G112, G114 in test code
Updating test-code only; set ReadHeaderTimeout for some, or suppress the linter
error for others.

     contrib/httpserver/server.go:11:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
        log.Panic(http.ListenAndServe(":80", nil))
                  ^
     integration/plugin/logging/cmd/close_on_start/main.go:42:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: mux,
        }
     integration/plugin/logging/cmd/discard/main.go:17:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: mux,
        }
     integration/plugin/logging/cmd/dummy/main.go:14:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: http.NewServeMux(),
        }
     integration/plugin/volumes/cmd/dummy/main.go:14:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: http.NewServeMux(),
        }
     testutil/fixtures/plugin/basic/basic.go:25:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: http.NewServeMux(),
        }
     volume/testutils/testutils.go:170:5: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
        go http.Serve(l, mux)
           ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 31fb92c609)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 15:11:42 +02:00
Sebastiaan van Stijn
188c5d4a7c
linting: suppress false positive for G404 (gosec)
The linter falsely detects this as using "math/rand":

    libnetwork/networkdb/cluster.go:721:14: G404: Use of weak random number generator (math/rand instead of crypto/rand) (gosec)
       val, err := rand.Int(rand.Reader, big.NewInt(int64(n)))
                   ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 561a010161)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 15:11:42 +02:00
Sebastiaan van Stijn
ff4ec67b90
libnetwork/diagnostic: EnableDiagnostic(): use net.JoinHostPort
Use net.JoinHostPort to account for IPv6 addresses.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a33d1f9a7c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 15:11:39 +02:00
Sebastiaan van Stijn
fee68df273
namesgenerator: remove Valentina Tereshkova
While the name generator has been frozen for new additions in 624b3cfbe8,
this person has become controversial. Our intent is for this list to be inclusive
and non-controversial.

This patch removes the name from the list.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0f052eb4f5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 13:58:28 +02:00
Sebastiaan van Stijn
b5a0d7a188
Merge pull request from thaJeztah/22.06_backport_test_updates
[22.06 backport] assorted CI changes
2022-08-31 15:15:23 +02:00
CrazyMax
f7cf9fbe48
ci: move buildkit tests to a dedicated workflow
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit a4d081cc17)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-31 11:57:25 +02:00
CrazyMax
ee87eaf9ad
ci(windows): move windows-2019 to another workflow
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 65fdd10d4e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-31 11:57:23 +02:00
Ben Langfeld
09a0b0a84a
Upgrades buildx to 0.9.1
v0.9.0 included regressions. Release notes: https://github.com/docker/buildx/releases/tag/v0.9.1

Signed-off-by: Ben Langfeld <blangfeld@powerhrg.com>
(cherry picked from commit 5dcaad0dd3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-31 11:57:21 +02:00
Sebastiaan van Stijn
8e6ed32610
Makefile: update buildx to v0.9.0
release notes: https://github.com/docker/buildx/releases/tag/v0.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f27b74f0f7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-31 11:57:18 +02:00
Sebastiaan van Stijn
dfd2f917dc
Merge pull request from thaJeztah/22.06_backport_migrate_sequential
[22.06 backport] replace pkg/system Sequential funcs with moby/sys/sequential
2022-08-30 23:17:23 +02:00
Sebastiaan van Stijn
4f1dd92056
Merge pull request from thaJeztah/22.06_backport_validate_yaml
[22.06 backport] validate: add additional validation on YAML files
2022-08-30 19:35:22 +02:00
Sebastiaan van Stijn
f10c50958c
replace pkg/system Sequential funcs with moby/sys/sequential
Migrating these functions to allow them being shared between moby, docker/cli,
and containerd, and to allow using them without importing all of sys / system,
which (in containerd) also depends on hcsshim and more.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 509f19f611)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-30 09:34:33 +02:00
Sebastiaan van Stijn
40515da6d6
pkg/system: make IsAbs() platform-agnostic
filepath.IsAbs() will short-circuit on Linux/Unix, so having a single
implementation should not affect those platforms.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2640aec0d7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 23:19:53 +02:00
Sebastiaan van Stijn
3b9370fcf8
validate: address SC2155 (shellcheck)
see https://github.com/koalaman/shellcheck/wiki/SC2155

Looking at how these were used, I don't think we even need to
export them, so removing that.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5cfc9c374c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:57 +02:00
Sebastiaan van Stijn
51bf7da729
validate: format vendor script with shfmt
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b9fd2cf605)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:56 +02:00
Sebastiaan van Stijn
f1bd611d41
validate: add yamllint validation
validate other YAML files, such as the ones used in the documentation,
and GitHub actions workflows, to prevent issues such as;

- 30295c1750
- 8e8d9a3650

With this patch:

    hack/validate/yamllint
    Congratulations! yamllint config file formatted correctly
    Congratulations! YAML files are formatted correctly

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6cef06b940)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:54 +02:00
Sebastiaan van Stijn
e9f7c05ae1
validate: yamllint: ignore "truthy value should be one of" warnings
Suppresses warnings like:

    LANG=C.UTF-8 yamllint -c hack/validate/yamllint.yaml -f parsable .github/workflows/*.yml
    .github/workflows/ci.yml:7:1: [warning] truthy value should be one of [false, true] (truthy)
    .github/workflows/windows.yml:7:1: [warning] truthy value should be one of [false, true] (truthy)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 91bb776bb8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:52 +02:00
Sebastiaan van Stijn
72156dd7a4
validate: yamllint: set locale in config file
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit cc2134ea83)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:50 +02:00
Sebastiaan van Stijn
554a933944
validate: yamllint: use "parsable" output
Before:

    10030:81  error    line too long (89 > 80 characters)  (line-length)

After:

    api/swagger.yaml:10030:81: [error] line too long (89 > 80 characters) (line-length)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f679d8c821)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:48 +02:00
Sebastiaan van Stijn
8d43d7fa6b
validate: yamllint rename config-file
Don't make the file hidden, and add .yaml extension, so that editors
pick up the right formatting :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5f114b65b4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:46 +02:00
Sebastiaan van Stijn
a61b411ceb
Dockerfile: update yamllint to v1.27.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1d7cd76ee9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:43 +02:00
Sebastiaan van Stijn
d2590dc3cd
Merge pull request from thaJeztah/22.06_backport_update_runc_1.1.4
[22.06 backport] update runc to v1.1.4
2022-08-26 13:29:28 +02:00
Sebastiaan van Stijn
274316f89e
Merge pull request from thaJeztah/22.06_backport_containerd_binary_1.6.8
[22.06 backport] update containerd binary to v1.6.8
2022-08-26 13:07:31 +02:00
Sebastiaan van Stijn
e3e3a31989
Merge pull request from thaJeztah/22.06_backport_fix_ci_workflow
[22.06 backport] ci: fix broken workflow
2022-08-26 10:39:37 +02:00
CrazyMax
704e7a2d71
ci: fix broken workflow
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 8e8d9a3650)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-26 08:27:00 +02:00
Sebastiaan van Stijn
87b7e40a34
update containerd binary to v1.6.8
release notes: https://github.com/containerd/containerd/releases/tag/v1.6.8

full diff: https://github.com/containerd/containerd/compare/v1.6.7...v1.6.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d52ffce38f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-26 00:34:11 +02:00