Commit graph

38331 commits

Author SHA1 Message Date
Sebastiaan van Stijn
4ec769c68d
Merge pull request #40609 from StefanScherer/new-icon
Update Windows ico
2020-03-02 20:34:08 +01:00
Sebastiaan van Stijn
501f103a0e
Merge pull request #40597 from thaJeztah/bump_selinux
vendor: update opencontainers/selinux v1.3.3
2020-03-02 16:54:47 +01:00
Stefan Scherer
fdf42f7a59
Update Windows ico
Signed-off-by: Stefan Scherer <stefan.scherer@docker.com>
2020-03-02 12:52:10 +01:00
Akihiro Suda
fd6da95585
Merge pull request #40601 from thaJeztah/gotest_tools_v3.0.2
vendor: update gotest.tools v3.0.2
2020-02-29 10:38:32 +09:00
Sebastiaan van Stijn
fa67cff34b
vendor: update opencontainers/selinux v1.3.3
full diff: https://github.com/opencontainers/selinux/compare/v1.3.1...v1.3.3

- go-selinux/SetKeyLabel: fix for RHEL7 kernels
- getSELinuxfs: optimize/simplify using sync.Once
- xattr: use x/sys/unix, simplify
- Use /proc/thread-self if available
- Fix EnforceMode, SetEnforceMode, and SecurityCheckContext

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-28 19:19:46 +01:00
Brian Goff
40b2b4b083
Merge pull request #40594 from sfzhu93/Mis_Unlock
daemon/cluster: add a missing Unlock
2020-02-28 09:47:53 -08:00
Sebastiaan van Stijn
21e5decbaa
vendor: update gotest.tools v3.0.2
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.0.1...v3.0.2

- assert: Fix NilError, error non-nil type
    - fixes: Typed nil errors should not pass "NilError"
    - fixes: "reflect: call of reflect.Value.IsNil on struct Value" for struct error type

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-28 16:26:18 +01:00
Sebastiaan van Stijn
38f52c9fec
Merge pull request #40588 from sfzhu93/Double_RLock
plugin: fix a double RLock bug
2020-02-28 00:30:06 +01:00
Brian Goff
bc1c0c7a8a
Merge pull request #40510 from aiordache/moby_cluster_flags_deprecate
Deprecate '--cluster-xx' options and add warning
2020-02-27 11:25:31 -08:00
Brian Goff
e08e7c6d11
Merge pull request #40576 from thaJeztah/rootless_remove_unneeded_permission_exception
Revert "Don't die when daemon cannot read certs.d"
2020-02-27 11:22:52 -08:00
Brian Goff
7a76104b2e
Merge pull request #40583 from thaJeztah/criu_3.13
Update CRIU to v3.13 "Silicon Willet"
2020-02-27 11:22:19 -08:00
Sebastiaan van Stijn
feed3daecf
Merge pull request #40579 from SamWhited/dns_update
Update DNS library
2020-02-27 20:00:28 +01:00
Sebastiaan van Stijn
39679991f4
Merge pull request #40543 from SamWhited/upstream_logging
Upstream logging changes from Enterprise Edition
2020-02-27 13:54:14 +01:00
Brian Goff
8a05747fb6
Merge pull request #40585 from kolyshkin/getxattr
pkg/system.getxattr: handle changed size case
2020-02-26 09:33:34 -08:00
Sebastiaan van Stijn
44c5dbd81b
Merge pull request #40580 from tianon/TODO-nftables
Add a TODO in the Dockerfile regarding nftables
2020-02-26 17:50:21 +01:00
Kir Kolyshkin
669056f93d pkg/system.getxattr: handle changed size case
lgetxattr(2) man page says:

> If size is specified as zero, these calls return the  current  size  of
> the  named extended attribute (and leave value unchanged).  This can be
> used to determine the size of the buffer that should be supplied  in  a
> subsequent  call.   (But, bear in mind that there is a possibility that
> the attribute value may change between the two calls,  so  that  it  is
> still necessary to check the return status from the second call.)

The current code does not handle the case when the size changes between
the two calls, and the new size is larger.

Fix the above problem, and slightly simplify the code.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-02-26 07:56:12 -08:00
Sebastiaan van Stijn
f508db4833
Update CRIU to v3.13 "Silicon Willet"
full diff: https://github.com/checkpoint-restore/criu/compare/v3.12...v3.13

Here we have some bugfixes, huuuge *.py patch for coding style
and nice set of new features like 32bit for ARM, TLS for page
server and new mode for CGroups.

New features

- VDSO: arm32 support
- Add TLS support for page server communications
- "Ignore" mode for --manage-cgroups
- Restore SO_BROADCAST option for inet sockets

Bugfixes

- Auxiliary events were left in inotify queues
- Lazy-pages daemon didn't detect stack pages and surrounders properly and marked them as "lazy"
- Memory and resource leakage were detected by coverity, cppcheck and clang

Improvements

- Use gettimeofday() directly from vdso for restore timings
- Reformat all .py code into pep8 style

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-26 14:17:25 +01:00
Sebastiaan van Stijn
28f62c5a35
Merge pull request #40512 from thaJeztah/revert_jenkinsfile_pin_older_windows
Revert "Jenkinsfile: temporarily pin windows image to 10.0.17763.973"
2020-02-26 13:09:23 +01:00
Akihiro Suda
26e6708ccf
Merge pull request #40475 from cpuguy83/fix_client_exec_type_id
Exec inspect field should be "ID" not "ExecID"
2020-02-26 19:11:33 +09:00
Tianon Gravi
0ce3ab679c Add a TODO in the Dockerfile regarding nftables
Someday, we'll hopefully support nftables directly and will likely then need some kind of in-container runtime detection (perhaps based on loaded modules or something similar).  This updates the related `Dockerfile` comment accordingly (linking to the appropriate `nftables` tracking issue).

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
2020-02-25 15:31:07 -08:00
Sam Whited
8c0f6142a8 Update DNS library
This makes sure that we don't become vulnerable to CVE-2018-17419 or
CVE-2019-19794 in the future.

Signed-off-by: Sam Whited <sam@samwhited.com>
2020-02-25 17:05:57 -05:00
Ziheng Liu
83c0bedba9 daemon/cluster: add a missing Unlock
Signed-off-by: Ziheng Liu <lzhfromustc@gmail.com>
2020-02-25 13:55:11 -05:00
Ziheng Liu
34837febc4 plugin: fix a double RLock bug
Signed-off-by: Ziheng Liu <lzhfromustc@gmail.com>
2020-02-25 13:51:27 -05:00
Sebastiaan van Stijn
e6281b1b3f
Revert "Don't die when daemon cannot read certs.d"
This reverts commit 2808762b27.

This exception was added for rootless mode, but superseded by the
follow-up commit f4fa98f583, which
uses a different path to look for the certs when running in rootless
mode

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-25 11:47:58 +01:00
Brian Goff
9fee52d544
Merge pull request #40570 from thaJeztah/unify_apis
docs: add API versions v1.25 - v1.29, v1.38 - v1.40
2020-02-24 20:42:17 -08:00
Brian Goff
0b305d9894
Merge pull request #40571 from tonistiigi/update-buildkit
vendor: update buildkit to d75ed2b68
2020-02-24 20:36:36 -08:00
Tonis Tiigi
33baa55353 vendor: update buildkit to d75ed2b68
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-02-24 15:38:51 -08:00
Sebastiaan van Stijn
6fdbc50084
docs: add API versions v1.25 - v1.29, v1.38 - v1.40
Adding separate documents for older API versions, so that these don't have to
be collected from each tag/release branch:

- v1.40 - docker v19.03
- v1.39 - docker v18.09
- v1.38 - docker v18.06
- v1.29 - docker v17.05
- v1.28 - docker v17.04
- v1.27 - docker v17.03
- v1.26 - docker v1.13.1
- v1.25 - docker v1.13.0

Note that:

- API versions v1.30 - v1.37 are yet to be added after the tags and release-
  branches from the docker/docker-ce mono-repo have been extracted.
- docker v1.13.0 made the switch from using a markdown file to using swagger
  to document the API.

Approach taken:

    git mv api/swagger.yaml api/swagger-current.yaml

    git checkout upstream/19.03 -- api/swagger.yaml
    git mv api/swagger.yaml docs/api/v1.40.yaml

    git checkout v18.09.9 -- api/swagger.yaml
    git mv api/swagger.yaml docs/api/v1.39.yaml

    git checkout v18.06.3-ce -- api/swagger.yaml
    git mv api/swagger.yaml docs/api/v1.38.yaml

    git checkout v17.05.0-ce -- api/swagger.yaml
    git mv api/swagger.yaml docs/api/v1.29.yaml

    git checkout v17.04.0-ce -- api/swagger.yaml
    git mv api/swagger.yaml docs/api/v1.28.yaml

    git checkout v17.03.2-ce -- api/swagger.yaml
    git mv api/swagger.yaml docs/api/v1.27.yaml

    git checkout v1.13.1 -- api/swagger.yaml
    git mv api/swagger.yaml docs/api/v1.26.yaml

    git checkout v1.13.0 -- api/swagger.yaml
    git mv api/swagger.yaml docs/api/v1.25.yaml

    git mv api/swagger-current.yaml api/swagger.yaml

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-24 11:00:35 +01:00
Brian Goff
d706420b5d
Merge pull request #40532 from thaJeztah/bump_golang_1.13.8
Update Golang 1.13.8
2020-02-21 15:02:07 -08:00
Brian Goff
68ba988124
Merge pull request #40526 from thaJeztah/bump_container_utility
Update windows container utility to fix compilation on gcc-mingw-w64 8.3
2020-02-21 15:01:30 -08:00
Sam Whited
a6f99232f5 Always execute tests and skip in tests themselves
See issue #40193

Signed-off-by: Sam Whited <sam@samwhited.com>
2020-02-21 14:31:01 -05:00
Brian Goff
62bd5a33f7
Merge pull request #40137 from fuweid/me-wait-for-remote-containerd-before-reload
daemon: add grpc.WithBlock option
2020-02-21 10:11:10 -08:00
Brian Goff
498e7185c6
Merge pull request #40546 from thaJeztah/update_selinux_v1.3.1
vendor: update opencontainers/selinux v1.3.1
2020-02-21 09:39:09 -08:00
Akihiro Suda
0c6b85717b
Merge pull request #40481 from cpuguy83/stats_use_cond_var
Use condition variable to wake stats collector.
2020-02-21 13:37:14 +09:00
Tibor Vass
5cfc002fbc
Merge pull request #40542 from thaJeztah/bump_crypto
vendor: golang.org/x/crypto 1d94cc7ab1c630336ab82ccb9c9cda72a875c382
2020-02-20 12:12:15 -08:00
Sebastiaan van Stijn
12c7541f1f
vendor: update opencontainers/selinux v1.3.1
full diff: 5215b1806f...v1.3.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-20 14:40:25 +01:00
Brian Goff
750f0d1648 Support configuration of log cacher.
Configuration over the API per container is intentionally left out for
the time being, but is supported to configure the default from the
daemon config.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit cbecf48bc352e680a5390a7ca9cff53098cd16d7)
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2020-02-19 17:02:34 -05:00
Brian Goff
e2ceb83a53 Support reads for all log drivers.
This supplements any log driver which does not support reads with a
custom read implementation that uses a local file cache.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit d675e2bf2b75865915c7a4552e00802feeb0847f)
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2020-02-19 17:01:44 -05:00
Sebastiaan van Stijn
1bf1941ac9
vendor: golang.org/x/crypto 1d94cc7ab1c630336ab82ccb9c9cda72a875c382
full diff: 69ecbb4d6d...1d94cc7ab1

(no local changes)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-19 12:31:14 +01:00
Anca Iordache
f7c4be86c6 fixed deprecation message
Signed-off-by: Anca Iordache <anca.iordache@docker.com>
2020-02-19 11:22:20 +01:00
Sebastiaan van Stijn
3f7503f98a
Update Golang 1.13.8
full diff: https://github.com/golang/go/compare/go1.13.7...go1.13.8

go1.13.8 (released 2020/02/12) includes fixes to the runtime, the crypto/x509,
and net/http packages. See the Go 1.13.8 milestone on the issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.13.8+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-17 11:52:43 +01:00
Sebastiaan van Stijn
79b130ac31
Revert "Fix containerutility compilation on gcc-mingw-w64 8.3"
This reverts commit 25a1bf53d2.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-14 23:31:42 +01:00
Sebastiaan van Stijn
5125f8b304
bump windows-container-utility aa1ba87e99b68e0113bd27ec26c60b88f9d4ccd9
full diff: e004a1415a...aa1ba87e99

changes:

- Use standard include paths instead of hard-coding

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-14 23:31:14 +01:00
Sebastiaan van Stijn
d8772509d1
Merge pull request #40489 from pricec/fix-license-check
Vendor check to succeed even if copyright information is not found
2020-02-14 23:19:43 +01:00
Sebastiaan van Stijn
b2b80564db
Merge pull request #40523 from thaJeztah/go_swagger_1.14
Fix go-swagger to work with Go 1.14
2020-02-14 20:50:12 +01:00
Sebastiaan van Stijn
addc0c809f
Fix go-swagger to work with Go 1.14
The template used was broken with Go 1.14, which has some stricter
rules, introduced in https://golang.org/cl/206124

```
root@b5beaed18589:/go/src/github.com/docker/docker# ./hack/generate-swagger-api.sh
2020/02/07 15:12:01 trying to read config from /go/src/github.com/docker/docker/api/swagger-gen.yaml
2020/02/07 15:12:02 rendering 1 templates for model ErrorResponse
2020/02/07 15:12:02 name field ErrorResponse
2020/02/07 15:12:02 package field types
2020/02/07 15:12:02 creating "error_response.go" in "api/types" as definition
model: template: schematype:2:18: executing "schemaType" at <(len .AllOf) gt 0>: can't give argument to non-function len .AllOf
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-14 09:29:20 +01:00
Brian Goff
31a86c4ab2
Merge pull request #34958 from platy/#33434-api-doc-base64url
Fixes #33434 - API docs to specify using base64url
2020-02-13 12:27:29 -08:00
Mike Bush
f282dde877 Fixes #33434 - API docs to specify using base64url
Specify base64url rather than base64. Also correct other links to the base64url section of RFC4648

Signed-off-by: Mike Bush <mpbush@gmail.com>
2020-02-13 10:25:37 -08:00
Chris Price
9f94cfdc57 Vendor check to succeed even if copyright information is not found
The documentation for validate_vendor_used in hack/validate/vendor states
that a warning will be emitted if license information cannot be found in
a vendored package. However, because the script is run with pipefail set
(owing to the inclusion of the common validation script .validate) and
`grep -c` is used, the entire script will fail whenever license information
cannot be found in a vendored package.

Signed-off-by: Chris Price <cprice@mirantis.com>
2020-02-13 06:08:44 -08:00
Sebastiaan van Stijn
8a52139a0f
Revert "Jenkinsfile: temporarily pin windows image to 10.0.17763.973"
This reverts commit fa2417984b.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-13 11:42:56 +01:00