Commit graph

44561 commits

Author SHA1 Message Date
Sebastiaan van Stijn
779a5b3029 ImageService.GetImage(): pass context
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2022-09-07 16:53:45 +02:00
Sebastiaan van Stijn
9dab00a76e daemon/images: manifestMatchesPlatform() punch through context
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-07 10:49:10 +02:00
Samuel Karp
a9fe88e395
Merge pull request #44102 from thaJeztah/bump_x_net 2022-09-06 20:49:55 -07:00
Samuel Karp
96929d406f
Merge pull request #44099 from thaJeztah/bump_golang_1.18.6 2022-09-06 20:43:46 -07:00
Sebastiaan van Stijn
518179f63e
vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
Update to the latest version that contains a fix for CVE-2022-27664;
f3363e06e7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 22:50:51 +02:00
Sebastiaan van Stijn
cba36a064d
Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:

We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:

- net/http: handle server errors after sending GOAWAY
  A closing HTTP/2 server connection could hang forever waiting for a clean
  shutdown that was preempted by a subsequent fatal error. This failure mode
  could be exploited to cause a denial of service.

  Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
  and Kaan Onarlioglu for reporting this.

  This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.

- net/url: JoinPath does not strip relative path components in all circumstances
  JoinPath and URL.JoinPath would not remove `../` path components appended to a
  relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
  URL `https://go.dev/../go`, despite the JoinPath documentation stating that
  `../` path elements are cleaned from the result.

  Thanks to q0jt for reporting this issue.

  This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.

Release notes:

go1.18.6 (released 2022-09-06) includes security fixes to the net/http package,
as well as bug fixes to the compiler, the go command, the pprof command, the
runtime, and the crypto/tls, encoding/xml, and net packages. See the Go 1.18.6
milestone on the issue tracker for details;

https://github.com/golang/go/issues?q=milestone%3AGo1.18.6+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 22:23:40 +02:00
Sebastiaan van Stijn
ff76e05913
Merge pull request #44092 from thaJeztah/remove_tereshkova
namesgenerator: remove Valentina Tereshkova
2022-09-06 21:57:25 +02:00
Sebastiaan van Stijn
670ce6785d
Merge pull request #44091 from rumpl/fix-local-context
Wrap local calls to the content and lease service
2022-09-06 18:49:43 +02:00
Sebastiaan van Stijn
5ba4ba0baf
Merge pull request #44077 from thaJeztah/c8d_default_snapshotter
daemon: set containerd default snapshotter if none is configured
2022-09-06 17:33:40 +02:00
Djordje Lukic
878906630b Wrap local calls to the content and lease service
The wrapper sets the default namespace in the context if none is
provided, this is needed because we are calling these services directly
and not trough GRPC that has an interceptor to set the default namespace
to all calls.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2022-09-06 17:33:19 +02:00
Sebastiaan van Stijn
0f052eb4f5
namesgenerator: remove Valentina Tereshkova
While the name generator has been frozen for new additions in 624b3cfbe8,
this person has become controversial. Our intent is for this list to be inclusive
and non-controversial.

This patch removes the name from the list.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 13:37:32 +02:00
Sebastiaan van Stijn
0670621291
Merge pull request #43997 from thaJeztah/healthcheck_capture_logs
daemon: capture output of killed health checks
2022-09-02 10:48:22 +02:00
Sebastiaan van Stijn
c9c55df1f2
Merge pull request #44054 from thaJeztah/json_stream_export
pkg/jsonmessage: export "Stream" interface
2022-09-01 19:38:59 +02:00
Sebastiaan van Stijn
de4af86e98
daemon: set containerd default snapshotter if none is configured
This is a temporary workaround for the daemon not yet having automatic
selection of snapshotters.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-01 14:18:37 +02:00
Sebastiaan van Stijn
0db50996b7
Merge pull request #44043 from thaJeztah/bump_klauspost_compress
vendor: github.com/klauspost/compress v1.15.9
2022-08-31 16:11:17 +02:00
Akihiro Suda
52f8a4283e
Merge pull request #44021 from thaJeztah/client_remove_deprecated_errorutils
client: remove deprecated error-utilities
2022-08-31 17:01:56 +09:00
Brian Goff
c543c39692
Merge pull request #44051 from thaJeztah/migrate_sequential
replace pkg/system Sequential funcs with moby/sys/sequential
2022-08-30 10:11:14 -07:00
Sebastiaan van Stijn
509f19f611
replace pkg/system Sequential funcs with moby/sys/sequential
Migrating these functions to allow them being shared between moby, docker/cli,
and containerd, and to allow using them without importing all of sys / system,
which (in containerd) also depends on hcsshim and more.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-30 09:33:49 +02:00
Sebastiaan van Stijn
18bb8fee3c
Merge pull request #44058 from crazy-max/ci-buildkit
ci: move buildkit tests to a dedicated workflow
2022-08-30 08:39:22 +02:00
Cory Snider
e8c4740108
Merge pull request #44014 from corhere/healthcheck-kill-timeout
Un-skip TestHealthCheckProcessKilled on Windows+containerd and stop health checks earlier upon container exit.
2022-08-29 18:09:02 -04:00
Brian Goff
5b9492a58e
Merge pull request #44052 from thaJeztah/simplify_isabs
pkg/system: make IsAbs() platform-agnostic
2022-08-29 13:57:51 -07:00
CrazyMax
a4d081cc17
ci: move buildkit tests to a dedicated workflow
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-08-29 22:52:34 +02:00
Sebastiaan van Stijn
1ac44105f9
Merge pull request #44047 from thaJeztah/validate_yaml
validate: add additional validation on YAML files
2022-08-29 21:57:55 +02:00
Sebastiaan van Stijn
5cfc9c374c
validate: address SC2155 (shellcheck)
see https://github.com/koalaman/shellcheck/wiki/SC2155

Looking at how these were used, I don't think we even need to
export them, so removing that.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:53:04 +02:00
Sebastiaan van Stijn
b9fd2cf605
validate: format vendor script with shfmt
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:53:02 +02:00
Sebastiaan van Stijn
6cef06b940
validate: add yamllint validation
validate other YAML files, such as the ones used in the documentation,
and GitHub actions workflows, to prevent issues such as;

- 30295c1750
- 8e8d9a3650

With this patch:

    hack/validate/yamllint
    Congratulations! yamllint config file formatted correctly
    Congratulations! YAML files are formatted correctly

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:52:56 +02:00
Sebastiaan van Stijn
91bb776bb8
validate: yamllint: ignore "truthy value should be one of" warnings
Suppresses warnings like:

    LANG=C.UTF-8 yamllint -c hack/validate/yamllint.yaml -f parsable .github/workflows/*.yml
    .github/workflows/ci.yml:7:1: [warning] truthy value should be one of [false, true] (truthy)
    .github/workflows/windows.yml:7:1: [warning] truthy value should be one of [false, true] (truthy)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:51:43 +02:00
Sebastiaan van Stijn
cc2134ea83
validate: yamllint: set locale in config file
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:51:41 +02:00
Sebastiaan van Stijn
f679d8c821
validate: yamllint: use "parsable" output
Before:

    10030:81  error    line too long (89 > 80 characters)  (line-length)

After:

    api/swagger.yaml:10030:81: [error] line too long (89 > 80 characters) (line-length)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:51:39 +02:00
Sebastiaan van Stijn
5f114b65b4
validate: yamllint rename config-file
Don't make the file hidden, and add .yaml extension, so that editors
pick up the right formatting :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:51:38 +02:00
Sebastiaan van Stijn
1d7cd76ee9
Dockerfile: update yamllint to v1.27.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:51:35 +02:00
Sebastiaan van Stijn
939451554f
Merge pull request #44035 from crazy-max/ci-rm-win-2019
ci(windows): move windows-2019 to another workflow
2022-08-29 18:18:33 +02:00
Sebastiaan van Stijn
5e0599cb6e
pkg/jsonmessage: export "Stream" interface
This interface is used as part of an exported function's signature,
so exporting the interface as well for callers to know what the argument
must have implemented.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 16:15:37 +02:00
Sebastiaan van Stijn
2640aec0d7
pkg/system: make IsAbs() platform-agnostic
filepath.IsAbs() will short-circuit on Linux/Unix, so having a single
implementation should not affect those platforms.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-27 15:11:27 +02:00
CrazyMax
65fdd10d4e
ci(windows): move windows-2019 to another workflow
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-08-26 14:25:09 +02:00
Sebastiaan van Stijn
3e8573a85a
Merge pull request #44040 from thaJeztah/containerd_binary_1.6.8
update containerd binary to v1.6.8
2022-08-26 13:06:29 +02:00
Sebastiaan van Stijn
cefc89e5a5
Merge pull request #44037 from thaJeztah/update_runc_1.1.4
update runc to v1.1.4
2022-08-26 13:05:17 +02:00
Sebastiaan van Stijn
80e0fc4901
Merge pull request #44045 from crazy-max/fix-ci-workflow
ci: fix broken workflow
2022-08-26 08:27:40 +02:00
CrazyMax
8e8d9a3650
ci: fix broken workflow
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-08-26 04:30:04 +02:00
Sebastiaan van Stijn
6373de3304
Merge pull request #44036 from benlangfeld/patch-1
Upgrades buildx to 0.9.1
2022-08-26 02:23:23 +02:00
Cory Snider
8b748bd326 daemon: stop health checks before deleting task
Prevent new health check probes from racing the task deletion. This may
have been a root cause of containers taking so long to stop on Windows.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-25 20:03:42 -04:00
Cory Snider
d0731af939 Unskip TestHealthCheckProcessKilled on Windows
Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-25 19:51:41 -04:00
Sebastiaan van Stijn
f7277806c8
vendor: github.com/klauspost/compress v1.15.9
various fixes in zstd compression

- https://github.com/klauspost/compress/releases/tag/v1.15.9
- https://github.com/klauspost/compress/releases/tag/v1.15.8
- https://github.com/klauspost/compress/releases/tag/v1.15.7
- https://github.com/klauspost/compress/releases/tag/v1.15.6
- https://github.com/klauspost/compress/releases/tag/v1.15.5
- https://github.com/klauspost/compress/releases/tag/v1.15.4
- https://github.com/klauspost/compress/releases/tag/v1.15.3
- https://github.com/klauspost/compress/releases/tag/v1.15.2

full diff: https://github.com/klauspost/compress/compare/v1.15.1...v1.15.9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-26 01:46:28 +02:00
Sebastiaan van Stijn
d52ffce38f
update containerd binary to v1.6.8
release notes: https://github.com/containerd/containerd/releases/tag/v1.6.8

full diff: https://github.com/containerd/containerd/compare/v1.6.7...v1.6.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-26 00:31:43 +02:00
Akihiro Suda
bd98bf38e9
update runc to v1.1.4
release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.4

full diff: https://github.com/opencontainers/runc/compare/v1.1.3...v1.1.4

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-26 00:21:24 +02:00
Ben Langfeld
5dcaad0dd3
Upgrades buildx to 0.9.1
v0.9.0 included regressions. Release notes: https://github.com/docker/buildx/releases/tag/v0.9.1

Signed-off-by: Ben Langfeld <blangfeld@powerhrg.com>
2022-08-25 19:14:16 -03:00
Sebastiaan van Stijn
1808c67d53
Merge pull request #44028 from thaJeztah/bump_buildkit
vendor: github.com/moby/buildkit v0.10.4
2022-08-26 00:12:32 +02:00
Sebastiaan van Stijn
c500d8824d
vendor: github.com/moby/buildkit v0.10.4
release notes: https://github.com/moby/buildkit/releases/tag/v0.10.4

full diff: https://github.com/moby/buildkit/compare/8e2d9b9006ca...v0.10.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-25 21:33:08 +02:00
Sebastiaan van Stijn
6217f8001e
gha: temporarily pin BuildKit integration test version
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-25 21:32:05 +02:00
Tianon Gravi
0ec426a57b
Merge pull request #43564 from corhere/libcontainerd-overhaul
Refactor libcontainerd to minimize containerd RPCs
2022-08-25 11:51:42 -07:00