Commit graph

37516 commits

Author SHA1 Message Date
Tibor Vass
645f559352
Merge pull request #411 from thaJeztah/19.03_backport_fix_dco_branch
[19.03 backport] Jenkinsfile: set repo and branch for DCO check as well
2019-10-21 16:22:02 -07:00
Sebastiaan van Stijn
9c388fb119
Jenkinsfile: set repo and branch for DCO check as well
Commit 7019b60d0d added these
env-vars to other stages, but forgot to update the DCO stage,
which also does a diff to validate commits that are in a PR.

Also adding openssh-client, for situations where the upstream
needs to be accessed through an ssh connection.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7c5fd83c22)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-21 23:32:48 +02:00
Akihiro Suda
a8b454a934
docs/rootless.md: update
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit e76dea157e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-20 23:50:07 +02:00
Brian Goff
fd169c00bf
Propagate GetContainer error from event processor
Before this change we just accept that any error is "not found" and it
could be something else, but even if it it is just a "not found" kind of
error this should be dealt with from the container store and not the
event processor.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 54e30a62d3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-17 02:49:24 +02:00
Brian Goff
e037bade8c
Use ocischema package instead of custom handler
Previously we were re-using schema2.DeserializedManifest to handle oci
manifests. The issue lies in the fact that distribution started
validating the media type string during json deserialization. This
change broke our usage of that type.

Instead distribution now provides direct support for oci schemas, so use
that instead of our custom handlers.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit e443512ce4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-14 23:06:05 +02:00
Andrew Hsu
adfac697dc
Merge pull request #404 from thaJeztah/19.03_revert_iptables_check2
[19.03 backport] revert controller: Check if IPTables is enabled for arrangeUserFilterRule ENGCORE-1114
2019-10-11 14:19:53 -07:00
Sebastiaan van Stijn
54a58760b6
[19.03 backport] revert controller: Check if IPTables is enabled for arrangeUserFilterRule
This change caused a regression, causing the DOCKER-USER chain
to not be created, despite iptables being enabled on the daemon.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-11 21:10:48 +02:00
Andrew Hsu
5787ef7e9c
Merge pull request #396 from thaJeztah/19.03_backport_update_moved_repositories
[19.03 backport] Update links/references to transferred repositories
2019-10-10 10:58:11 -07:00
Andrew Hsu
9a21cf7e55
Merge pull request #399 from thaJeztah/19.03_backport_do_the_right_diff_do_the_right_diff
[19.03 backport] Jenkinsfile: set repo and branch, to assist validate_diff()
2019-10-10 10:56:41 -07:00
Sebastiaan van Stijn
abbc956ac8
Jenkinsfile: set repo and branch, to assist validate_diff()
This is a continuation of 2a08f33166247da9d4c09d4c6c72cbb8119bf8df;

When running CI in other repositories (e.g. Docker's downstream
docker/engine repository), or other branches, the validation
scripts were calculating the list of changes based on the wrong
information.

This lead to weird failures in CI in a branch where these values
were not updated ':-) (CI on a pull request failed because it detected
that new tests were added to the deprecated `integration-cli` test-suite,
but the pull request did not actually make changes in that area).

This patch uses environment variables set by Jenkins to sets the
correct target repository (and branch) to compare to.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7019b60d0d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-07 23:52:55 +02:00
Sebastiaan van Stijn
646e7a5239
Jenkinsfile: remove redundant -f Dockerfile
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 64b3d12686)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-07 23:52:53 +02:00
Sebastiaan van Stijn
3e077fc866
Merge pull request #398 from thaJeztah/19.03_rollback_libnetwork
[19.03] roll-back libnetwork iptables forward policy change [DESKTOP-1934]
2019-10-07 23:12:15 +02:00
Sebastiaan van Stijn
fb0fca8607
[19.03] roll-back libnetwork iptables forward policy change
The patch made in  docker/libnetwork#2450 caused a breaking change in the
networking behaviour, causing Kubernetes installations on Docker Desktop
(and possibly other setups) to fail.

Rolling back this change in the 19.03 branch while we investigate if there
are alternatives.

diff: 45c710223c...96bcc0dae8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-07 18:11:13 +02:00
Akihiro Suda
5bd4233d7b
rootless: harden slirp4netns with mount namespace and seccomp
When slirp4netns v0.4.0+ is used, now slirp4netns is hardened using
mount namespace ("sandbox") and seccomp to mitigate potential
vulnerabilities.

bump up rootlesskit: 2fcff6ceae...791ac8cb20

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit e20b7323fb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-05 10:54:26 +02:00
Andrew Hsu
2ae5cbcf05
Merge pull request #391 from thaJeztah/19.03_backport_session_endpoint_docs_updates
[19.03 backport] API: update docs that /session left experimental in V1.39
2019-10-03 10:49:04 -07:00
Sebastiaan van Stijn
3472e441c5
hack/ci/windows.ps1 update references to repositories that were moved
Also updated the related docs.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5175ed54e5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-03 15:37:56 +02:00
Sebastiaan van Stijn
a2a4576c61
Dockerfile.windows: update references to repositories that were moved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 83fd212f2c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-03 15:37:54 +02:00
Sebastiaan van Stijn
ac62fa7a61
Jenkinsfile: update references to repositories that were moved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b323c6e9ae)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-03 15:37:52 +02:00
Andrew Hsu
d9fba87f5a
Merge pull request #392 from andrewhsu/bump_docker_py
[19.03 backport] Temporarily switch docker-py to "master"
2019-10-02 15:56:00 -07:00
Sebastiaan van Stijn
ec0e20a9eb Temporarily switch docker-py to "master"
The docker-py tests were broken, because the version of
py-test that was used, used a dependency that had a new
major release with a breaking change.

Unfortunately, it was not pinned to a specific version,
so when the dependency did the release, py-test broke;

```
22:16:47  Traceback (most recent call last):
22:16:47    File "/usr/local/bin/pytest", line 10, in <module>
22:16:47      sys.exit(main())
22:16:47    File "/usr/local/lib/python3.6/site-packages/_pytest/config/__init__.py", line 61, in main
22:16:47      config = _prepareconfig(args, plugins)
22:16:47    File "/usr/local/lib/python3.6/site-packages/_pytest/config/__init__.py", line 182, in _prepareconfig
22:16:47      config = get_config()
22:16:47    File "/usr/local/lib/python3.6/site-packages/_pytest/config/__init__.py", line 156, in get_config
22:16:47      pluginmanager.import_plugin(spec)
22:16:47    File "/usr/local/lib/python3.6/site-packages/_pytest/config/__init__.py", line 530, in import_plugin
22:16:47      __import__(importspec)
22:16:47    File "/usr/local/lib/python3.6/site-packages/_pytest/tmpdir.py", line 25, in <module>
22:16:47      class TempPathFactory(object):
22:16:47    File "/usr/local/lib/python3.6/site-packages/_pytest/tmpdir.py", line 35, in TempPathFactory
22:16:47      lambda p: Path(os.path.abspath(six.text_type(p)))
22:16:47  TypeError: attrib() got an unexpected keyword argument 'convert'
```

docker-py master has a fix for this (bumping the version of
`py-test`), but it's not in a release yet, and the docker cli that's used
in our CI is pinned to 17.06, which doesn't support building from a remote
git repository from a specific git commit.

To fix the immediate situation, this patch switches the docker-py
tests to run from the master branch.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 48353e16fe)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
2019-10-02 17:42:41 +00:00
Sebastiaan van Stijn
923e849f28
API: update docs that /session left experimental in V1.39
The `/session` endpoint left experimental in API V1.39 through
239047c2d3 and
01c9e7082e, but the API reference
was not updated accordingly.

This updates the API documentation to match the change.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6756f5f378)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-02 12:33:14 +02:00
Kirill Kolyshkin
060997ca6b
Merge pull request #389 from thaJeztah/19.03_backport_fix_dockernetworksuite
[19.03 backport] integration-cli: fix DockerNetworkSuite not being run
2019-09-30 11:03:49 -07:00
Sebastiaan van Stijn
adcd369285
integration-cli: fix DockerNetworkSuite not being run
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5c891ea9ca)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-30 19:59:26 +02:00
Andrew Hsu
b6a7124855
Merge pull request #383 from thaJeztah/19.03_backport_test_fixes_2
[19.03 backport] Testing and Jenkinsfile changes [step 2]
2019-09-27 16:58:30 -07:00
Andrew Hsu
7fe3abf887
Merge pull request #387 from thaJeztah/19.03_bump_golang_1.12.10
[19.03] bump golang 1.12.10 (CVE-2019-16276)
2019-09-27 11:52:28 -07:00
Andrew Hsu
3fec3d1f1c
Merge pull request #385 from thaJeztah/19.03_backport_bump_containerd_runc
[19.03 backport] update containerd 1.2.10, runc v1.0.0-rc8-92-g84373aaa (CVE-2019-16884)
2019-09-27 11:07:53 -07:00
Sebastiaan van Stijn
49e8f7451d
bump golang 1.12.10 (CVE-2019-16276)
full diff: https://github.com/golang/go/compare/go1.12.9...go1.12.10

```
Hi gophers,

We have just released Go 1.13.1 and Go 1.12.10 to address a recently reported security issue. We recommend that all affected users update to one of these releases (if you're not sure which, choose Go 1.13.1).

net/http (through net/textproto) used to accept and normalize invalid HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. If a Go server is used behind an uncommon reverse proxy that accepts and forwards but doesn't normalize such invalid headers, the reverse proxy and the server can interpret the headers differently. This can lead to filter bypasses or request smuggling, the latter if requests from separate clients are multiplexed onto the same upstream connection by the proxy. Such invalid headers are now rejected by Go servers, and passed without normalization to Go client applications.

The issue is CVE-2019-16276 and Go issue golang.org/issue/34540.

Thanks to Andrew Stucki, Adam Scarr (99designs.com), and Jan Masarik (masarik.sh) for discovering and reporting this issue.

Downloads are available at https://golang.org/dl for all supported platforms.

Alla prossima,
Filippo on behalf of the Go team
```

From the patch: 6e6f4aaf70

```
net/textproto: don't normalize headers with spaces before the colon

RFC 7230 is clear about headers with a space before the colon, like

X-Answer : 42

being invalid, but we've been accepting and normalizing them for compatibility
purposes since CL 5690059 in 2012.

On the client side, this is harmless and indeed most browsers behave the same
to this day. On the server side, this becomes a security issue when the
behavior doesn't match that of a reverse proxy sitting in front of the server.

For example, if a WAF accepts them without normalizing them, it might be
possible to bypass its filters, because the Go server would interpret the
header differently. Worse, if the reverse proxy coalesces requests onto a
single HTTP/1.1 connection to a Go server, the understanding of the request
boundaries can get out of sync between them, allowing an attacker to tack an
arbitrary method and path onto a request by other clients, including
authentication headers unknown to the attacker.

This was recently presented at multiple security conferences:
https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn

net/http servers already reject header keys with invalid characters.
Simply stop normalizing extra spaces in net/textproto, let it return them
unchanged like it does for other invalid headers, and let net/http enforce
RFC 7230, which is HTTP specific. This loses us normalization on the client
side, but there's no right answer on the client side anyway, and hiding the
issue sounds worse than letting the application decide.
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-27 16:59:28 +02:00
Sebastiaan van Stijn
3136dea250
Re-group vendor.conf deps to reflect reality
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 05a0621fd0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-27 16:25:56 +02:00
Sebastiaan van Stijn
8ddb4c4e95
bump runc vendor v1.0.0-rc8-92-g84373aaa
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc8...3e425f80a8c931f88e6d94a8c831b9d5aa481657

  - opencontainers/runc#2010 criu image path permission error when checkpoint rootless container
  - opencontainers/runc#2028 Update to Go 1.12 and drop obsolete versions
  - opencontainers/runc#2029 Update dependencies
  - opencontainers/runc#2034 Support for logging from children processes
  - opencontainers/runc#2035 specconv: always set "type: bind" in case of MS_BIND
  - opencontainers/runc#2038 `r.destroy` can defer exec in `runner.run` method
  - opencontainers/runc#2041 Change the permissions of the notify listener socket to rwx for everyone
  - opencontainers/runc#2042 libcontainer: intelrdt: add missing destroy handler in defer func
  - opencontainers/runc#2047 Move systemd.Manager initialization into a function in that module
  - opencontainers/runc#2057 main: not reopen /dev/stderr
      - closes opencontainers/runc#2056 Runc + podman|cri-o + systemd issue with stderr
      - closes kubernetes/kubernetes#77615 kubelet fails starting CRI-O containers (Ubuntu 18.04 + systemd cgroups driver)
      - closes cri-o/cri-o#2368 Joining worker node not starting flannel or kube-proxy / CRI-O error "open /dev/stderr: no such device or address"
  - opencontainers/runc#2061 libcontainer: fix TestGetContainerState to check configs.NEWCGROUP
  - opencontainers/runc#2065 Fix cgroup hugetlb size prefix for kB
  - opencontainers/runc#2067 libcontainer: change seccomp test for clone syscall
  - opencontainers/runc#2074 Update dependency libseccomp-golang
  - opencontainers/runc#2081 Bump CRIU to 3.12
  - opencontainers/runc#2089 doc: First process in container needs `Init: true`
  - opencontainers/runc#2094 Skip searching /dev/.udev for device nodes
      - closes opencontainers/runc#2093 HostDevices() race with older udevd versions
  - opencontainers/runc#2098 man: fix man-pages
  - opencontainers/runc#2103 cgroups/fs: check nil pointers in cgroup manager
  - opencontainers/runc#2107 Make get devices function public
  - opencontainers/runc#2113 libcontainer: initial support for cgroups v2
  - opencontainers/runc#2116 Avoid the dependency on cgo through go-systemd/util package
      - removes github.com/coreos/pkg as dependency
  - opencontainers/runc#2117 Remove libcontainer detection for systemd features
      - fixes opencontainers/runc#2117 Cache the systemd detection results
  - opencontainers/runc#2119 libcontainer: update masked paths of /proc
      - relates to moby/moby#36368 Add /proc/keys to masked paths
      - relates to moby/moby#38299 Masked /proc/asound
      - relates to moby/moby#37404 Add /proc/acpi to masked paths (CVE-2018-10892)
  - opencontainers/runc#2122 nsenter: minor fixes
  - opencontainers/runc#2123 Bump x/sys and update syscall for initial Risc-V support
  - opencontainers/runc#2125 cgroup: support mount of cgroup2
  - opencontainers/runc#2126 libcontainer/nsenter: Don't import C in non-cgo file
  - opencontainers/runc#2129 Only allow proc mount if it is procfs
      - addresses opencontainers/runc#2129 AppArmor can be bypassed by a malicious image that specifies a volume at /proc (CVE-2019-16884)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ac0ab114a2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-27 16:25:48 +02:00
Sebastiaan van Stijn
b4c03dd633
update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884)
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc8...3e425f80a8c931f88e6d94a8c831b9d5aa481657

  - opencontainers/runc#2010 criu image path permission error when checkpoint rootless container
  - opencontainers/runc#2028 Update to Go 1.12 and drop obsolete versions
  - opencontainers/runc#2029 Update dependencies
  - opencontainers/runc#2034 Support for logging from children processes
  - opencontainers/runc#2035 specconv: always set "type: bind" in case of MS_BIND
  - opencontainers/runc#2038 `r.destroy` can defer exec in `runner.run` method
  - opencontainers/runc#2041 Change the permissions of the notify listener socket to rwx for everyone
  - opencontainers/runc#2042 libcontainer: intelrdt: add missing destroy handler in defer func
  - opencontainers/runc#2047 Move systemd.Manager initialization into a function in that module
  - opencontainers/runc#2057 main: not reopen /dev/stderr
      - closes opencontainers/runc#2056 Runc + podman|cri-o + systemd issue with stderr
      - closes kubernetes/kubernetes#77615 kubelet fails starting CRI-O containers (Ubuntu 18.04 + systemd cgroups driver)
      - closes cri-o/cri-o#2368 Joining worker node not starting flannel or kube-proxy / CRI-O error "open /dev/stderr: no such device or address"
  - opencontainers/runc#2061 libcontainer: fix TestGetContainerState to check configs.NEWCGROUP
  - opencontainers/runc#2065 Fix cgroup hugetlb size prefix for kB
  - opencontainers/runc#2067 libcontainer: change seccomp test for clone syscall
  - opencontainers/runc#2074 Update dependency libseccomp-golang
  - opencontainers/runc#2081 Bump CRIU to 3.12
  - opencontainers/runc#2089 doc: First process in container needs `Init: true`
  - opencontainers/runc#2094 Skip searching /dev/.udev for device nodes
      - closes opencontainers/runc#2093 HostDevices() race with older udevd versions
  - opencontainers/runc#2098 man: fix man-pages
  - opencontainers/runc#2103 cgroups/fs: check nil pointers in cgroup manager
  - opencontainers/runc#2107 Make get devices function public
  - opencontainers/runc#2113 libcontainer: initial support for cgroups v2
  - opencontainers/runc#2116 Avoid the dependency on cgo through go-systemd/util package
      - removes github.com/coreos/pkg as dependency
  - opencontainers/runc#2117 Remove libcontainer detection for systemd features
      - fixes opencontainers/runc#2117 Cache the systemd detection results
  - opencontainers/runc#2119 libcontainer: update masked paths of /proc
      - relates to moby/moby#36368 Add /proc/keys to masked paths
      - relates to moby/moby#38299 Masked /proc/asound
      - relates to moby/moby#37404 Add /proc/acpi to masked paths (CVE-2018-10892)
  - opencontainers/runc#2122 nsenter: minor fixes
  - opencontainers/runc#2123 Bump x/sys and update syscall for initial Risc-V support
  - opencontainers/runc#2125 cgroup: support mount of cgroup2
  - opencontainers/runc#2126 libcontainer/nsenter: Don't import C in non-cgo file
  - opencontainers/runc#2129 Only allow proc mount if it is procfs
      - addresses opencontainers/runc#2129 AppArmor can be bypassed by a malicious image that specifies a volume at /proc (CVE-2019-16884)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bc9a7ec898)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-27 16:25:39 +02:00
Jintao Zhang
65a6d9d9eb
Update containerd to v1.2.10
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit c4ec02b0af)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-27 16:25:20 +02:00
Sebastiaan van Stijn
06f11abf43
integration-cli: fix golint issues
```
docker/integration-cli/checker/checker.go
Line 12: warning: exported type Compare should have comment or be unexported (golint)
Line 14: warning: exported function False should have comment or be unexported (golint)
Line 20: warning: exported function True should have comment or be unexported (golint)
Line 26: warning: exported function Equals should have comment or be unexported (golint)
Line 32: warning: exported function Contains should have comment or be unexported (golint)
Line 38: warning: exported function Not should have comment or be unexported (golint)
Line 52: warning: exported function DeepEquals should have comment or be unexported (golint)
Line 58: warning: exported function HasLen should have comment or be unexported (golint)
Line 64: warning: exported function IsNil should have comment or be unexported (golint)
Line 70: warning: exported function GreaterThan should have comment or be unexported (golint)
Line 76: warning: exported function NotNil should have comment or be unexported (golint)
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6397dd4d31)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:54 +02:00
Tibor Vass
da8cd68e4f
integration-cli: run goimports
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 5b7347c312)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:53 +02:00
Vikram bir Singh
9464d3cd68
Disable TestPsListContainersFilterExited (Windows)
On account of being flaky on both RS1 and RS5.

Co-Authored-By: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
Signed-off-by: Vikram bir Singh <vikrambir.singh@docker.com>
(cherry picked from commit 7de4e13089)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:52 +02:00
Sebastiaan van Stijn
50cee7c48d
hack/test/unit: fix custom TESTFLAGS not working
The `-test.timeout=5m` was glued directly after the current `TESTFLAGS`,
causing them to be non-functional;

Before:

    make TESTDEBUG=1 TESTDIRS='github.com/docker/docker/pkg/filenotify' TESTFLAGS='-test.run TestPollerEvent' test-unit
    + mkdir -p bundles
    + gotestsum --format=standard-quiet --jsonfile=bundles/go-test-report.json --junitfile=bundles/junit-report.xml -- -tags 'netgo seccomp libdm_no_deferred_remove' -cover -coverprofile=bundles/profile.out -covermode=atomic -test.run TestPollerEvent-test.timeout=5m github.com/docker/docker/pkg/filenotify
    testing: warning: no tests to run
    ok  	github.com/docker/docker/pkg/filenotify	0.003s	coverage: 0.0% of statements [no tests to run]

    DONE 0 tests in 0.298s

After:

    make TESTDEBUG=1 TESTDIRS='github.com/docker/docker/pkg/filenotify' TESTFLAGS='-test.run TestPollerEvent' test-unit
    + mkdir -p bundles
    + gotestsum --format=standard-quiet --jsonfile=bundles/go-test-report.json --junitfile=bundles/junit-report.xml -- -tags 'netgo seccomp libdm_no_deferred_remove' -cover -coverprofile=bundles/profile.out -covermode=atomic -test.run TestPollerEvent -test.timeout=5m github.com/docker/docker/pkg/filenotify
    ok  	github.com/docker/docker/pkg/filenotify	0.608s	coverage: 44.7% of statements

    DONE 1 tests in 0.922s

This was introduced in 42f0a0db75

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0620990307)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:52 +02:00
Tibor Vass
682a46189b
integration-cli: move each test suite to its own TestX testing function
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit f1c1cd436a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:51 +02:00
Tibor Vass
e1c5cdf14d
hack: have integration-cli use gotestsum codepath
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 84928be605)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:50 +02:00
Sebastiaan van Stijn
4cf69b995e
integration-cli: remove unneeded fmt.Sprintf() in asserts
Replaced using a bit of grep-ing;

```
find . -name "*_test.go" -exec sed -E -i 's#assert.Assert\((.*), fmt.Sprintf\((.*)\)\)$#assert.Assert\(\1, \2\)#g' '{}' \;
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0fabf3e41e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:50 +02:00
Pavel Tikhomirov
419995682f
integration-cli/requirements: Skip windows specific isolation requirements on non-windows
After the commit faaffd5d6d ("Windows:Disable 2 restart test when
Hyper-V") some tests became skipped on linux:

SKIP: docker_cli_restart_test.go:167: DockerSuite.TestRestartContainerSuccess (unmatched requirement IsolationIsProcess)
SKIP: docker_cli_restart_test.go:240: DockerSuite.TestRestartPolicyAfterRestart (unmatched requirement IsolationIsProcess)

But AFAIU it is highly unlikely that we actually meant to skip them on linux.

https://github.com/moby/moby/issues/39625

Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
(cherry picked from commit b469933b06)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:49 +02:00
Tibor Vass
7ae6aa420d
integration-cli: remove TestingT
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 231ed42cab)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:48 +02:00
Tibor Vass
4c3e2dc441
suite: put suite setup inside test run
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit d32e6bbde8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:47 +02:00
Tibor Vass
d98c74d38d
intgration-cli: fix formatting
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit cc01289792)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:47 +02:00
Tibor Vass
cf50c5bba8
integration-cli: fix pollCheck
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 8eb9f3f90e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:46 +02:00
Tibor Vass
05933ab2d4
integration-cli: have helper functions use testing.Helper()
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit bad6f3bf73)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:45 +02:00
Tibor Vass
15aa73ea4c
remove per-test -timeout logic because it does not work
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 8bffe9524d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:45 +02:00
Tibor Vass
df569fd54c
hack: update scripts
- remove -check.* flags
- use (per-test) -timeout flag
- allow user to override TEST_SKIP_* regardless of TESTFLAGS
- remove test-imports validation

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 7cd028f2d0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:44 +02:00
Tibor Vass
0fa81e50e3
Update Jenkinsfile
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 7491db3e92)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:43 +02:00
Tibor Vass
a5282fa128
cleanup
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 925e407c7b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:43 +02:00
Tibor Vass
da96e5c27b
Setup tests
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 8b40da168b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:42 +02:00
Tibor Vass
fce03f9921
internal/test/suite
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit fd0ed80ff2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-26 23:52:41 +02:00