This patch creates a new `tlsconfig` package to handle creation of
secure-enough TLS configurations for clients and servers.
The package was created by refactoring TLS code in the client and the
daemon. After this patch, it is expected that all code creating TLS
configurations use this `tlsconfig` package for greater security,
consistency and readability.
On the server side, this fixes a bug where --tlsverify was not taken
into account. Now, if specified, it will require the client to
authenticate.
Signed-off-by: Tibor Vass <tibor@docker.com>
The DOCKER_EXPERIMENTAL environment variable drives the activation of
the 'experimental' build tag.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Before this PR the list of commands that were printed for the help
text was statically put into the flags.Usage() function via main.init(). This
made it impossible to modify later on when we add new commands
via plugins.
This PR moves the list of commands (name & description) into a structure
that is sorted and printed dynamically by the Usage func. This will allow
the code to add to the list of commands after the init() func is done
but before the help text is printed for the user.
This just moves code around - it should have no UX impact at all.
Signed-off-by: Doug Davis <dug@us.ibm.com>
* daemon creation wasn't parallel to request buffering
* it was possible that empty volume will be created in
/var/run/docker.sock by some container
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
It is simplifies code and lead to next refactoring step, where daemon
will be incorporated to some structure which represents API.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
This makes `registry.Service` a first class type and does not use jobs
to interact with this type.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Currently the daemon will not stop on error because the serve API job is
blocking the channel wait for daemon init. A better way is to run the
blocking serve API job as a goroutine and make sure that error
notification gets back to the main daemon thread (using the already
existing channel) so that clean shutdown can occur on error.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
It is implemented by intercepting and interpreting the output
escape sequence by calling win32 console apis.
In addition the input from win32 console is translated to linux keycodes
Signed-off-by: Sachin Joshi <sachin_jayant_joshi@hotmail.com>
Previously on error either from the daemon or from the api it is just
exiting with exit status 1 but not performing a shutdown.
This can produce insconsistent state depending on where the error came
from.
This makes sure that before we exit on error that the engine gets fully
shutdown.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
In order to fit printed messages to fit 80 chars,
rewording messages for `-H` and `--tls` flags.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
