Commit graph

42954 commits

Author SHA1 Message Date
Sebastiaan van Stijn
00a4f67ddf
Reduce TestClientWithRequestTimeout flakiness
The test sometimes failed because no error was returned:

    === Failed
    === FAIL: pkg/plugins TestClientWithRequestTimeout (0.00s)
         client_test.go:254: assertion failed: expected an error, got nil: expected error

Possibly caused by a race condition, as the sleep was just 1 ms longer than the timeout;
this patch is increasing the sleep in the response to try to reduce flakiness.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-29 23:53:23 +02:00
Stefan Scherer
7a6cac2b23
Run s390x tests on Ubuntu 20.04
Signed-off-by: Stefan Scherer <stefan.scherer@docker.com>
2021-06-29 17:33:40 +02:00
Steffen Butzer
0c1a125644 libnetwork: processEndpointCreate: Fix deadlock between getSvcRecords and processEndpointCreate
References https://github.com/moby/moby/pull/42545

Signed-off-by: Steffen Butzer <steffen.butzer@outlook.com>
2021-06-29 08:07:14 +02:00
Sebastiaan van Stijn
d12fc17073
Merge pull request #42571 from xiaoding945/master
file mkimage-rinse.sh has been abort, should modify the script annotation
2021-06-28 19:58:33 +02:00
Akihiro Suda
1e71c6cffe
Merge pull request #42567 from thaJeztah/remove_unused_const 2021-06-28 23:24:37 +09:00
dingwei
345a180a55 there is no file named mkimage-rinse.sh in contrib floder, should delete
it

Signed-off-by: dingwei <dingwei@cmss.chinamobile.com>
2021-06-28 17:36:34 +08:00
Sebastiaan van Stijn
665de2e973
Merge pull request #42528 from thaJeztah/jenkins_windows_containerd
Jenkinsfile: add stage for Windows 2022 on containerd
2021-06-28 09:35:03 +02:00
Sebastiaan van Stijn
050929ab83
Merge pull request #42539 from cpuguy83/libnet_cleanup
Various libnetwork cleanups
2021-06-26 22:25:27 +02:00
Tianon Gravi
4b4e4c7c69
Merge pull request #42557 from thaJeztah/remove_report_issue
contrib: remove report-issue.sh script
2021-06-25 22:24:32 -07:00
Sebastiaan van Stijn
2050e085f9
hack: remove proxy.installer
It's no longer used

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-25 18:02:51 +02:00
Brian Goff
2bec9f607f
Remove spurious libnetwork vendor entry.
Not sure how this got added in there...

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-06-25 18:02:05 +02:00
Brian Goff
116f200737
Fix gosec complaints in libnetwork
These were purposefully ignored before but this goes ahead and "fixes"
most of them.
Note that none of the things gosec flagged are problematic, just
quieting the linter here.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-06-25 18:02:03 +02:00
Brian Goff
0645eb8461
Remove libnetwork/client package
This is another one of those tools to mimic the docker network cli.
It is not needed anymore, along with an old fork of the docker flag
packages which was a fork of the go flag package.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-06-25 18:02:00 +02:00
Brian Goff
e7cf711c02
Move proxy CLI to main cmd/
Since this command is part of the official distribution and even
required for tests, let's move this up to the main cmd's.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-06-25 18:01:55 +02:00
Brian Goff
7266a956a8
Remove dnet libnetwork cli
This was used for testing purposes when libnetwork was in a separate
repo.
Now that it is integrated we no longer need it since dockerd and docker
cli provide the same function.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-06-25 17:59:04 +02:00
Brian Goff
42bcc2df68
Remove leftovers from libnetwork move
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-06-25 17:59:01 +02:00
Akihiro Suda
159bad5332
Merge pull request #42450 from AkihiroSuda/runc-v1.0.0
update runc binary to v1.0.0 GA
2021-06-25 13:54:29 +09:00
Sebastiaan van Stijn
b5835646eb
registry: remove const for 'Docker-Distribution-Api-Version' header
This header was used for fallbacks to v1 registries, but it's no longer
used, and marked optional / legacy in the OCI distribution-spec:

https://github.com/opencontainers/distribution-spec/blob/v1.0.0/spec.md#legacy-docker-support-http-headers

> Because of the origins this specification, the client MAY encounter
> Docker-specific headers, such as `Docker-Content-Digest`, or
> `Docker-Distribution-API-Version`. These headers are OPTIONAL and
> clients SHOULD NOT depend on them.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-24 22:08:28 +02:00
Sebastiaan van Stijn
7d471d88a0
Merge pull request #42524 from fredericdalleau/crossbuild
Crosscompilation for s390x and ppc64le
2021-06-24 21:23:27 +02:00
Sebastiaan van Stijn
301be64d41
Merge pull request #42515 from geaaru/permit-override-name
ReplaceFileTarWrapper: permit to override file name
2021-06-24 21:01:08 +02:00
Frédéric Dalleau
e93132e273 Add s390x to cross platforms target
Update build script and buid environment for supporting s390x
Signed-off-by: Frédéric Dalleau <frederic.dalleau@docker.com>
2021-06-24 18:52:55 +02:00
Frédéric Dalleau
3a208c0ff9 Add ppc64le to cross platforms target
debian uses ppc64el
go uses ppc64le
the cross compiler is powerpc64le
Signed-off-by: Frédéric Dalleau <frederic.dalleau@docker.com>
2021-06-24 18:51:49 +02:00
Sebastiaan van Stijn
8a529d4e2e
Merge pull request #42565 from aiordache/update_validate_flag
Make `validate` flag description more generic
2021-06-24 18:13:33 +02:00
aiordache
f558056d2b Make validate flag description more generic
Signed-off-by: aiordache <anca.iordache@docker.com>
2021-06-24 15:43:28 +00:00
Sebastiaan van Stijn
9973dc67dd
Jenkinsfile: add stage for Windows 2022 on containerd
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-24 10:24:59 +02:00
Sebastiaan van Stijn
314759dc2f
Merge pull request #42393 from aiordache/daemon_config
Daemon config validation
2021-06-23 19:32:07 +02:00
Rich Horwood
8f80e55111 Add configuration validation option and tests.
Fixes #36911

If config file is invalid we'll exit anyhow, so this just prevents
the daemon from starting if the configuration is fine.

Mainly useful for making config changes and restarting the daemon
iff the config is valid.

Signed-off-by: Rich Horwood <rjhorwood@apple.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Anca Iordache <anca.iordache@docker.com>
2021-06-23 09:54:55 +00:00
Sebastiaan van Stijn
52744fccdd
contrib: remove report-issue.sh script
I don't think this script was really used, and now that GitHub has
issue templates, it will diverge from the template we have configured,
so better to remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-23 10:17:43 +02:00
Frédéric Dalleau
7168d98c43 Remove libseccomp dependency in runtime-dev-cross-true image
It turns out libseccomp is not used for building docker at all.
It is only used for building runc (and needs libseccomp > 2.4)

Signed-off-by: Frédéric Dalleau <frederic.dalleau@docker.com>
2021-06-22 22:18:03 +02:00
Sebastiaan van Stijn
ee8f581167
Merge pull request #42552 from thaJeztah/jenkins_cross
Fix cross compilation in Jenkinsfile
2021-06-22 22:13:37 +02:00
Frédéric Dalleau
72549d4ca1 Fix cross compilation in Jenkinsfile
Signed-off-by: Frédéric Dalleau <frederic.dalleau@docker.com>
2021-06-22 12:05:51 +02:00
Akihiro Suda
64badfc018
update runc binary to v1.0.0 GA
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-06-22 15:07:48 +09:00
Akihiro Suda
25917217ca
Merge pull request #42535 from thaJeztah/remove_depecated_osversion 2021-06-22 09:06:23 +09:00
Sebastiaan van Stijn
44269c6653
Merge pull request #42537 from dperny/vendor-swarmkit-fix-logbroker-deadlock
vendor: swarmkit to fix deadlock in log broker.
2021-06-21 14:32:47 +02:00
Lei Jitang
cda846e9a8
Merge pull request #42541 from yalpul/patch-1
Fix typo in macvlan_setup.go
2021-06-21 13:39:01 +02:00
Sebastiaan van Stijn
af1e74555a
vendor: moby/term, Azure/go-ansiterm for golang.org/x/sys/windows compatibility
- winterm: GetStdFile(): Added compatibility with "golang.org/x/sys/windows"
- winterm: fix GetStdFile() falltrough
- update deprecation message to refer to the correct replacement
- add go.mod
- Fix int overflow
- Convert int to string using rune()

full diff:

- bea5bbe245...3f7ff695ad
- d6e3b3328b...d185dfc1b5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 13:25:06 +02:00
Samuel Karp
bdd90773ef
Merge pull request #42502 from thaJeztah/netutils_cleanup 2021-06-19 20:40:40 -07:00
Akihiro Suda
8610d8ce4c
rootless: fix "x509: certificate signed by unknown authority" on openSUSE Tumbleweed
openSUSE Tumbleweed was facing "x509: certificate signed by unknown authority" error,
as `/etc/ssl/ca-bundle.pem` is provided as a symlink to `../../var/lib/ca-certificates/ca-bundle.pem`,
which was not supported by `rootlesskit --copy-up=/etc` .

See rootless-containers/rootlesskit issues 225

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-06-19 18:21:18 +09:00
yalpul
967ec6f2e8 Fix typo in macvlan_setup.go
Signed-off-by: yalpul <yalpul@gmail.com>
2021-06-19 11:36:16 +03:00
Sebastiaan van Stijn
ceac2ef2e2
Merge pull request #42530 from rvolosatovs/fix_contributing_doc
docs: fix image name in testing guide
2021-06-18 23:21:47 +02:00
Sebastiaan van Stijn
46c591b045
pkg/system: deprecate some consts and move them to pkg/idtools
These consts were used in combination with idtools utilities, which
makes it a more logical location for these consts to live.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-18 23:16:15 +02:00
Sebastiaan van Stijn
26f5db7a1d
pkg/system: remove unused system.Unmount() utility
On Linux/Unix it was just a thin wrapper for unix.Unmount(), and a no-op on Windows.

This function was not used anywhere (also not externally), so removing this without
deprecating first.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-18 23:09:56 +02:00
Sebastiaan van Stijn
5f04517c48
pkg/system: remove deprecated GetOSVersion(), consts, SecurityInfo utils.
This removes the deprecated wrappers, so that the package no longer has
hcsshim as a dependency. These wrappers were no longer used in our code,
and were deprecated in the 20.10 release (giving external consumers to
replace the deprecated ones).

Note that there are two consts which were unused, but for which there is
no replacement in golang.org/x/sys;

    const (
        PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00000080
        ACCESS_FILTER_SECURITY_INFORMATION       = 0x00000100
    )

PROCESS_TRUST_LABEL_SECURITY_INFORMATION is documented as "reserved", and I could
not find clear documentation about ACCESS_FILTER_SECURITY_INFORMATION, so not sure
if they must be included in golang.org/x/sys: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/23e75ca3-98fd-4396-84e5-86cd9d40d343

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-18 23:09:55 +02:00
Brian Goff
bf11970fd5
Merge pull request #42536 from thaJeztah/replace_deprecated_userns
replace uses of deprecated containerd/sys.RunningInUserNS()
2021-06-18 13:20:19 -07:00
Akihiro Suda
7729ebfa1b
Merge pull request #42432 from dperny/fix-ip-overlap 2021-06-19 01:07:27 +09:00
Drew Erny
6988f786f1 vendor swarmkit to 2dcf70aafdc9ea55af3aaaeca440638cde0ecda6
Revendors swarmkit to fix a bug that could result in a mutex deadlock in
the logbroker.

Signed-off-by: Drew Erny <derny@mirantis.com>
2021-06-18 08:17:29 -06:00
Sebastiaan van Stijn
472f21b923
replace uses of deprecated containerd/sys.RunningInUserNS()
This utility was moved to a separate package, which has no
dependencies.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-18 11:01:24 +02:00
Sebastiaan van Stijn
f32fc350ce
Merge pull request #42172 from tiborvass/quota_testhelpers
quota: adjust build-tags to allow build without CGO
2021-06-18 00:17:09 +02:00
Sebastiaan van Stijn
c7cd1b9436
profiles/seccomp.Syscall: use pointers and omitempty
These fields are optional, and this makes the JSON representation
slightly less verbose.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-17 21:25:09 +02:00
Sebastiaan van Stijn
d92739713c
seccomp.Syscall: embed runtime-spec Syscall type
This makes the type better reflect the difference with the "runtime" profile;
our local type is used to generate a runtime-spec seccomp profile and extends
the runtime-spec type with additional fields; adding a "Name" field for backward
compatibility with older JSON representations, additional "Comment" metadata,
and conditional rules ("Includes", "Excludes") used during generation to adjust
the profile based on the container (capabilities) and host's (architecture, kernel)
configuration.

This change introduces one change in the type; the "runtime-spec" type uses a
`[]LinuxSeccompArg` for the `Args` field, whereas the local type used pointers;
`[]*LinuxSeccompArg`.

In addition, the runtime-spec Syscall type brings a new `ErrnoRet` field, allowing
the profile to specify the errno code returned for the syscall, which allows
changing the default EPERM for specific syscalls.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-17 21:25:06 +02:00