Compare commits

..

681 commits

Author SHA1 Message Date
Misty Stanley-Jones
473c5701cb Merge pull request #32332 from mstanleyjones/1.13.x
Cherry-pick command-line ref improvements
2017-04-03 16:54:34 -07:00
Tibor Vass
71e6babfa2 Merge pull request #32215 from tiborvass/docs-yaml-fix-makefile
docs: fix Makefile for yaml docs generation
(cherry picked from commit 5ec88474b7)
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2017-04-03 16:14:49 -07:00
Sebastiaan van Stijn
979cb4fd1e remove Jekyll tags from CLI reference
These Markdown files are now embedded in a YAML
file for templating in the documentation, and
these special markers are no longer needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7e3169f26d)
2017-04-03 16:11:26 -07:00
French Ben
5f730ed857 docs: added support for CLI yaml file generation
Signed-off-by: French Ben <frenchben@docker.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 5443f0152f)
2017-04-03 16:11:17 -07:00
Misty Stanley-Jones
68e914ce62 Standardized formatting of CLI reference commands
Command name should be a H1

Only Description, Examples, and Related Commands should be H2

Changed 'Related information' heading to 'Related commands' since 99% it is only linking commands

Added some examples where relevant

Signed-off-by: Misty Stanley-Jones <misty@docker.com>
(cherry picked from commit 52df69f00d)
2017-04-03 15:12:33 -07:00
Victor Vieux
ce07fb6b0f fix CHANGELOG date
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-19 21:03:35 -08:00
Victor Vieux
1c44f35eb1 bump 17.03.1-ce-rc1
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-19 21:02:06 -08:00
Victor Vieux
d1c1b391bc Merge pull request #31170 from aboch/c1.13.x
[1.13.x/17.03.x] Vendoring libnetwork @ce28404
2017-02-19 15:42:59 -08:00
Sebastiaan van Stijn
8b1112be3b Merge pull request #31165 from vieux/update_version_client
[1.13] update client/client.go DefaultVersion
2017-02-19 13:57:04 -08:00
Alessandro Boch
855eb121aa Vendoring libnetwork @ce28404
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-02-19 13:35:31 -08:00
Victor Vieux
eb04072245 update client/client.gg DefaultVersion
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-19 01:26:16 -08:00
Victor Vieux
c9e1a9e16d Merge pull request #31150 from thaJeztah/1.13.2-completion-scripts
17.03 bash/zsh completion script cherry-picks
2017-02-19 00:46:42 -08:00
Victor Vieux
c9ae02ec59 Merge pull request #31143 from aaronlehmann/vendor-swarmkit-caa9c95
[1.13] Vendor swarmkit 30a4278
2017-02-19 00:46:21 -08:00
Victor Vieux
19460e43f4 Merge pull request #31155 from justincormack/1.13-sync-file-range
[1.13] Allow sync_file_range2 on supported architectures.
2017-02-19 00:39:20 -08:00
Victor Vieux
2a46799a87 Merge pull request #31140 from thaJeztah/1.13.2-cherry-picks
17.03 cherry picks
2017-02-19 00:36:22 -08:00
Gabriel Linder
aedc0ca2fd Allow sync_file_range2 on supported architectures.
Signed-off-by: Gabriel Linder <linder.gabriel@gmail.com>
2017-02-18 15:53:09 +00:00
Brian Goff
05516452d6
Merge pull request #30945 from sdurrheimer/zsh-completion-plugin
Add zsh completion for missing 'docker plugin' commands and options
(cherry picked from commit da9a162301)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-18 00:14:30 -08:00
Brian Goff
b53cef8425
Merge pull request #30944 from sdurrheimer/zsh-completion-build-squash
Add zsh completion for 'docker build --squash'
(cherry picked from commit 0d9bb4ee12)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-18 00:14:22 -08:00
Brian Goff
b975e02386
Merge pull request #30943 from sdurrheimer/zsh-completion-checkpoint
Add zsh completion for 'docker checkpoint' commands
(cherry picked from commit 4f6e4bfd02)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-18 00:14:15 -08:00
Brian Goff
aaff3d513e
Merge pull request #30941 from sdurrheimer/zsh-completion-service-logs
Add zsh completion for 'docker service logs' command
(cherry picked from commit 03db46362e)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-18 00:14:06 -08:00
Sebastiaan van Stijn
d4897c746f
Merge pull request #30940 from sdurrheimer/zsh-completion-swarm-unlock-cmds
Add zsh completion for 'docker swarm unlock|unlock-key' commands
(cherry picked from commit 27ab008626)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-18 00:13:59 -08:00
Vincent Demeester
9287b8f99e
Merge pull request #30939 from sdurrheimer/zsh-completion-swarm-init-update
Add zsh completion for missing 'docker swarm init|update' options
(cherry picked from commit 5d47cb901b)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-18 00:13:50 -08:00
Kenfe-Mickaël Laventure
7a02f05068
Merge pull request #30823 from albers/completion-plugin-upgrade
Add bash completion for `docker plugin upgrade`
(cherry picked from commit c9fa3eed1b)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-18 00:13:31 -08:00
Sebastiaan van Stijn
d4e2280b0f Merge pull request #31134 from thaJeztah/update-swagger
[1.13.x] swagger cherry-picks
2017-02-17 22:26:43 -08:00
Alexander Morozov
ecfddcf227
Merge pull request #29702 from WeiZhang555/stats-all-format-name-panic
Send "Name" and "ID" when stating stopped containers
(cherry picked from commit 22472c8be5)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 22:15:04 -08:00
Sebastiaan van Stijn
b0e4cf1ad2
Merge pull request #31141 from thaJeztah/swarm-node-error-return-503
fix status-code for "locked" swarm and "certificate expired"
(cherry picked from commit 6486924f0b)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 22:05:10 -08:00
Vincent Demeester
dffbf0bc73
Merge pull request #31103 from tonistiigi/update-docs-link
Update storage driver options link
(cherry picked from commit e1839ab953)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 22:05:03 -08:00
Brian Goff
671a4aa4a4
Merge pull request #31070 from cpuguy83/31060_fix_log_read_spin
Fix cpu spin waiting for log write events
(cherry picked from commit 39851eac0c)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 22:04:56 -08:00
Brian Goff
46af6a6a41
Merge pull request #31006 from vdemeester/30991-secret-mode-in-stack-deploy
Set 0444 as default secret mode in stack deploy
(cherry picked from commit a12454d7a9)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 22:04:50 -08:00
Brian Goff
87a53468b2
Merge pull request #30113 from thaJeztah/fix-autoremove-on-older-api
Don't use AutoRemove on older daemons
(cherry picked from commit e74623d283)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 22:04:44 -08:00
Victor Vieux
fe375a64db
Merge pull request #31055 from Microsoft/jjh/fix30278
Windows: Retry workaround for RS1/RS2 compute system enumeration
(cherry picked from commit 7761c69e23)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 22:04:37 -08:00
Tõnis Tiigi
2e440580bc
Merge pull request #30223 from mlaventure/fix-logwatcher-deadlock
Close logwatcher on context cancellation
(cherry picked from commit 0566f3ffc4)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 22:04:30 -08:00
Justin Cormack
4122443aa7
Merge pull request #30893 from Microsoft/jjh/disabletesttemporarily
Windows: Temporarily disable TestBuildLastModified
(cherry picked from commit eaffb3099a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 22:04:23 -08:00
Alexander Morozov
e301d956b7
Merge pull request #30776 from WeiZhang555/stats-all-format-name-panic-cli
Fix panic of "docker stats --format {{.Name}} --all"
(cherry picked from commit f5116c6802)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 22:04:16 -08:00
Sebastiaan van Stijn
1c47c89d76
Merge pull request #29497 from yongtang/29486-docker-build-tmp-file
Clean up tmp files for interrupted `docker build`
(cherry picked from commit 6138a02c87)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 22:03:36 -08:00
Victor Vieux
7e11df6273 Merge pull request #31138 from aboch/c1.13.x
[1.13.x] Release the network attachment on allocation failure
2017-02-17 18:18:46 -08:00
Aaron Lehmann
b326920b3e Vendor swarmkit 30a4278
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-02-17 17:46:12 -08:00
Sebastiaan van Stijn
56e99a8791
fix changes for 1.13.x branch
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 17:21:58 -08:00
Alessandro Boch
9e74ea8594 Release the network attachment on allocation failure
- otherwise the attachment task will stay in store and
  consume IP addresses and there is no way to remove it.

Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-02-17 16:05:49 -08:00
Brian Goff
740fbef836 Merge pull request #30952 from yongtang/02122017-swagger-attachable
Add `attachable` for network object in swagger api docs
(cherry picked from commit 0464441fb1)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 13:24:41 -08:00
Vincent Demeester
9dcb36dfa2 Merge pull request #30734 from allencloud/add-400-status-code-for-events-endpoint
add status code 400 for api endpoint /events
(cherry picked from commit f3da980a45)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 13:24:41 -08:00
allencloud
9f46122c94 add missing filter type and sort filter type in alphabets
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit da1f05d66d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 13:24:41 -08:00
Anusha Ragunathan
951ffc056b Merge pull request #30701 from allencloud/add-status-code-404-for-plugin-in-api-doc
add status code 404 for plugin api endpoint enable and disable
(cherry picked from commit 0113128b2a)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 13:24:40 -08:00
Sebastiaan van Stijn
ed6e849a1c Merge pull request #29906 from allencloud/update-events-related-things
update events related doc and swagger.yml
(cherry picked from commit dea528e8cd)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 13:24:40 -08:00
Sebastiaan van Stijn
e7e23df3f6 Merge pull request #29808 from jmzwcn/issue29796
API: Delete container can return 409, but that isn't documented.
(cherry picked from commit 86f962a4a8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 13:24:40 -08:00
Sebastiaan van Stijn
890f4c7aa5
Merge pull request #26576 from allencloud/change-cluster-response-status-code
update response status code for cluster request
(cherry picked from commit a58b5830b1)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-17 13:24:24 -08:00
Brian Goff
30a5e20cc0 Merge pull request #31011 from aboch/c1.13.x
[1.13.x] Vendoring libnetwork @bba65e5
2017-02-15 16:26:27 -05:00
Alexander Morozov
b3b30b0dcd Merge pull request #31030 from aboch/c1.13.x-2
[1.13.x] Vendoring swarmkit @c7df892
2017-02-15 09:32:45 -08:00
Alessandro Boch
2b0d7d2d86 [1.13.x] Vendoring swarmkit @c7df892
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-02-14 21:08:59 -08:00
Alessandro Boch
2e544b1513 [1.13.x] Vendoring libnetwork @bba65e5
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-02-14 09:42:44 -08:00
Vincent Demeester
e5a90d46e3 Merge pull request #30875 from albers/fix-30858
Fix bash completion for `docker service`
2017-02-12 22:00:28 +01:00
Harald Albers
018981111c Fix bash completion for docker service
Signed-off-by: Harald Albers <github@albersweb.de>
2017-02-09 15:35:46 +01:00
Victor Vieux
092cba3727 bump version to 1.13.1
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-07 21:58:41 -08:00
Victor Vieux
f26487b568 Merge pull request #30806 from vieux/bump_api_version
[1.13.x] Bump api version to 1.26
2017-02-07 21:46:17 -08:00
Victor Vieux
fc0b5dbedb bump api version to 1.26
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-07 16:42:41 -08:00
Brian Goff
19d67e6e4a Update swagger spec for plugin upgrade
This was added in 03c6949739 but spec was
not updated.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit ae48cd04da)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-07 12:04:03 -08:00
Christopher Jones
e29c142293 added ppc64le and s390x fixes for manpages
Fixes manpages for p and z by downloading a specific version
of go instead of relying on the distro version.

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
(cherry picked from commit 5bec1b6864)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-07 11:59:54 -08:00
Victor Vieux
54f71fd84a bump version to 1.13.1-rc2
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-06 15:04:17 -08:00
Stephen J Day
516792001a cluster/executor: check mounts at start
While it is important to not create controllers for an invalid task,
certain properties should only be checked immediately before use. Early
host validation of mounts prevents resolution of the task Executor when
the mounts are not relevant to execution flow. In this case, we have a
check for the existence of a bind mount path in a creation function that
prevents a task controller from being resolved. Such early validation
prevents one from interacting directly with a controller and result in
unnecessary error reporting.

In accordance with the above, we move the validation of the existence of
host bind mount paths to the `Controller.Start` phase. We also call
these "checks", as they are valid mounts but reference non-existent
paths.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 92899ffac8)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-06 15:02:23 -08:00
Andrew Hsu
14deb7d32c remove musl-dev in man/Dockerfile.armhf
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
(cherry picked from commit 1c7a66eda7)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-06 14:49:22 -08:00
Andrew Hsu
26ec0e71d1 use precompiled go from google, needs debian to work
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
(cherry picked from commit a6886bfc52)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-06 14:49:16 -08:00
Andrew Hsu
5f696e6d48 from golang:1.7.5-alpine for docker-manpage-dev
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
(cherry picked from commit 7b52ec5f10)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-06 14:49:09 -08:00
Tibor Vass
0406faf887 Show stacktrace in daemon logs only if 500 internal error
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit f7d9bb6248)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-06 13:02:39 -08:00
Victor Vieux
f6bf85f99c Merge pull request #30730 from dmcgowan/update-go-connections-1.13
[1.13] Update go connections 1.13
2017-02-03 20:53:35 -08:00
Victor Vieux
0220459168 Merge pull request #30728 from cpuguy83/plugin_upgrade_1.13
[1.13] Add plugin upgrade
2017-02-03 20:53:23 -08:00
Derek McGowan
b47fa5a5d1
Update go-connections package
fixes #30450

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2017-02-03 16:51:49 -08:00
Brian Goff
1a17bc6bc4 Make propagated mount persist outside rootfs
This persists the "propagated mount" for plugins outside the main
rootfs. This enables `docker plugin upgrade` to not remove potentially
important data during upgrade rather than forcing plugin authors to hard
code a host path to persist data to.

Also migrates old plugins that have a propagated mount which is in the
rootfs on daemon startup.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit e8307b868d)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-02-03 19:15:23 -05:00
Brian Goff
96b0320d5c Add docker plugin upgrade
This allows a plugin to be upgraded without requiring to
uninstall/reinstall a plugin.
Since plugin resources (e.g. volumes) are tied to a plugin ID, this is
important to ensure resources aren't lost.

The plugin must be disabled while upgrading (errors out if enabled).
This does not add any convenience flags for automatically
disabling/re-enabling the plugin during before/after upgrade.

Since an upgrade may change requested permissions, the user is required
to accept permissions just like `docker plugin install`.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 03c6949739)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-02-03 19:14:56 -05:00
Yong Tang
905cf26b43 Fix misleading default for --replicas
This fix tries to address the issue raised in 29291 where
the output of `--replicas` in `service create/update`:
```
      --replicas uint                    Number of tasks (default none)
```
is misleading. User might incorrectly assume the number of replicas
would be `0` (`none`) by default, while the actual default is `1`.

The issue comes from the fact that some of the default values are
from daemon and it is not possible for client to find out the default
value.

In this case, it might be better to just simply not displaying `(default none)`.

This fix returns "" for `Uint64Opt` so that `(default none)` is hidden.

In addition to `--replicas`, this fix also changes
`--restart-delay`, `--restart-max-attempts`, `--stop-grace-period`,
`--health-interval`, `--health-timeout`, and `--restart-window`
in a similiar fashion.

New Output:
```
      --health-interval duration         Time between running the check (ns|us|ms|s|m|h)
      --health-timeout duration          Maximum time to allow one check to run (ns|us|ms|s|m|h)
...
      --replicas uint                    Number of tasks
...
      --restart-delay duration           Delay between restart attempts (ns|us|ms|s|m|h)
      --restart-max-attempts uint        Maximum number of restarts before giving up
      --restart-window duration          Window used to evaluate the restart policy (ns|us|ms|s|m|h)
...
      --stop-grace-period duration       Time to wait before force killing a container (ns|us|ms|s|m|h)
```

The docs has been updated. Note the docs for help output of `service create/update`
is out of sync with the current master. This fix replace with the update-to-date
help output.

This fix fixes 29291.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit acc93db32b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-03 00:48:59 -08:00
John Howard
202df64a3b Windows: Unify workdir handling
Signed-off-by: John Howard <jhoward@microsoft.com>

Working directory processing was handled differently for Hyper-V and Windows-Server containers, as annotated in the builder documentation (updated in this PR). For Hyper-V containers, the working directory set by WORKDIR was not created. This PR makes Hyper-V containers work the same as Windows Server containers (and the same as Linux).

Example (only applies to Hyper-V containers, so not reproducible under CI environment)
Dockerfile:
FROM microsoft/nanoserver
WORKDIR c:\installer
ENV GOROOT=c:\installer
ADD go.exe .
RUN go --help
Running on Windows Server 2016, using docker master without this change, but with daemon set to --exec-opt isolation=hyperv as it would be for Client operating systems.
PS E:\go\src\github.com\docker\docker> dockerd -g c:\control --exec-opt isolation=hyperv
time="2017-02-01T15:48:09.657286100-08:00" level=info msg="Windows default isolation mode: hyperv"
time="2017-02-01T15:48:09.662720900-08:00" level=info msg="[graphdriver] using prior storage driver: windowsfilter"
time="2017-02-01T15:48:10.011588000-08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
time="2017-02-01T15:48:10.016655800-08:00" level=info msg="Loading containers: start."
time="2017-02-01T15:48:10.460820000-08:00" level=info msg="Loading containers: done."
time="2017-02-01T15:48:10.509859600-08:00" level=info msg="Daemon has completed initialization"
time="2017-02-01T15:48:10.509859600-08:00" level=info msg="Docker daemon" commit=3c64061 graphdriver=windowsfilter version=1.14.0-dev
First with no explicit isolation:
PS E:\docker\build\unifyworkdir> docker build --no-cache .
Sending build context to Docker daemon  10.1 MB
Step 1/5 : FROM microsoft/nanoserver
 ---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
 ---> 7e0f41d08204
Removing intermediate container 236c7802042a
Step 3/5 : ENV GOROOT c:\installer
 ---> Running in 8ea5237183c1
 ---> 394b70435261
Removing intermediate container 8ea5237183c1
Step 4/5 : ADD go.exe .
 ---> e47401a1745c
Removing intermediate container 88dcc28e74b1
Step 5/5 : RUN go --help
 ---> Running in efe90e1b6b8b
container efe90e1b6b8b76586abc5c1dc0e2797b75adc26517c48733d90651e767c8463b encountered an error during CreateProcess: failure in a Windows system call: The directory name is invalid. (0x10b) extra info: {"ApplicationName":"","CommandLine":"cmd /S /C go --help","User":"","WorkingDirectory":"C:\\installer","Environment":{"GOROOT":"c:\\installer"},"EmulateConsole":false,"CreateStdInPipe":true,"CreateStdOutPipe":true,"CreateStdErrPipe":true,"ConsoleSize":[0,0]}
PS E:\docker\build\unifyworkdir>
Then forcing process isolation:
PS E:\docker\build\unifyworkdir> docker build --isolation=process --no-cache .
Sending build context to Docker daemon  10.1 MB
Step 1/5 : FROM microsoft/nanoserver
 ---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
 ---> 350c955980c8
Removing intermediate container 8339c1e9250c
Step 3/5 : ENV GOROOT c:\installer
 ---> Running in bde511c5e3e0
 ---> b8820063b5b6
Removing intermediate container bde511c5e3e0
Step 4/5 : ADD go.exe .
 ---> e4ac32f8902b
Removing intermediate container d586e8492eda
Step 5/5 : RUN go --help
 ---> Running in 9e1aa235af5f
Cannot mkdir: C:\installer is not a directory
PS E:\docker\build\unifyworkdir>
Now compare the same results after this PR. Again, first with no explicit isolation (defaulting to Hyper-V containers as that's what the daemon it set to) - note it now succeeds 😄
PS E:\docker\build\unifyworkdir> docker build --no-cache .
Sending build context to Docker daemon  10.1 MB
Step 1/5 : FROM microsoft/nanoserver
 ---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
 ---> 4f319f301c69
Removing intermediate container 61b9c0b1ff6f
Step 3/5 : ENV GOROOT c:\installer
 ---> Running in c464a1d612d8
 ---> 96a26ab9a7b5
Removing intermediate container c464a1d612d8
Step 4/5 : ADD go.exe .
 ---> 0290d61faf57
Removing intermediate container dc5a085fffe3
Step 5/5 : RUN go --help
 ---> Running in 60bd56042ff8
Go is a tool for managing Go source code.

Usage:

        go command [arguments]

The commands are:

        build       compile packages and dependencies
        clean       remove object files
        doc         show documentation for package or symbol
        env         print Go environment information
        fix         run go tool fix on packages
        fmt         run gofmt on package sources
        generate    generate Go files by processing source
        get         download and install packages and dependencies
        install     compile and install packages and dependencies
        list        list packages
        run         compile and run Go program
        test        test packages
        tool        run specified go tool
        version     print Go version
        vet         run go tool vet on packages

Use "go help [command]" for more information about a command.

Additional help topics:

        c           calling between Go and C
        buildmode   description of build modes
        filetype    file types
        gopath      GOPATH environment variable
        environment environment variables
        importpath  import path syntax
        packages    description of package lists
        testflag    description of testing flags
        testfunc    description of testing functions

Use "go help [topic]" for more information about that topic.

The command 'cmd /S /C go --help' returned a non-zero code: 2
And the same with forcing process isolation. Also works 😄
PS E:\docker\build\unifyworkdir> docker build --isolation=process --no-cache .
Sending build context to Docker daemon  10.1 MB
Step 1/5 : FROM microsoft/nanoserver
 ---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
 ---> f423b9cc3e78
Removing intermediate container 41330c88893d
Step 3/5 : ENV GOROOT c:\installer
 ---> Running in 0b99a2d7bf19
 ---> e051144bf8ec
Removing intermediate container 0b99a2d7bf19
Step 4/5 : ADD go.exe .
 ---> 7072e32b7c37
Removing intermediate container a7a97aa37fd1
Step 5/5 : RUN go --help
 ---> Running in 7097438a54e5
Go is a tool for managing Go source code.

Usage:

        go command [arguments]

The commands are:

        build       compile packages and dependencies
        clean       remove object files
        doc         show documentation for package or symbol
        env         print Go environment information
        fix         run go tool fix on packages
        fmt         run gofmt on package sources
        generate    generate Go files by processing source
        get         download and install packages and dependencies
        install     compile and install packages and dependencies
        list        list packages
        run         compile and run Go program
        test        test packages
        tool        run specified go tool
        version     print Go version
        vet         run go tool vet on packages

Use "go help [command]" for more information about a command.

Additional help topics:

        c           calling between Go and C
        buildmode   description of build modes
        filetype    file types
        gopath      GOPATH environment variable
        environment environment variables
        importpath  import path syntax
        packages    description of package lists
        testflag    description of testing flags
        testfunc    description of testing functions

Use "go help [topic]" for more information about that topic.

The command 'cmd /S /C go --help' returned a non-zero code: 2
PS E:\docker\build\unifyworkdir>

(cherry picked from commit f42033ba94)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-03 00:40:46 -08:00
Madhu Venugopal
f709fd4e5b Merge pull request #30692 from aboch/c1.13.x
[1.13.x] Vendoring libnetwork @45b4086 for 1.13.x
2017-02-02 18:32:09 -08:00
Alessandro Boch
17e6f81948 Revert "Fix IT case for network name validation"
This reverts commit 9cebccfb95.

Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-02-02 15:32:59 -08:00
Alessandro Boch
778f9a86c4 Vendoring libnetwork @45b4086 for 1.13.x
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-02-02 12:58:16 -08:00
Vincent Demeester
fbc84e24aa Merge pull request #30646 from vieux/1.13.1-rc2-cherrypicks-2
1.13.1 rc2 cherrypicks 2
2017-02-02 11:31:19 +01:00
Sebastiaan van Stijn
553d56d456 install dirmngr if needed
as of Ubuntu Yakkety, dirmngr is now in a separate
package (see https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1634464)

this patch updates the install script to install
the dirmngr package if it's not installed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f5263c8074)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-01 17:26:26 -08:00
Victor Vieux
6e2e808146 Merge pull request #30650 from aluzzardi/1.13.x-swarmkit-bump
[1.13.x] Re-vendor swarmkit to 1c7f003d75f091d5f7051ed982594420e4515f77
2017-02-01 15:54:56 -08:00
Victor Vieux
2556b7a70a Merge pull request #30649 from thaJeztah/1.13-bump-runc
[1.13.x] bump RunC / libcontainer to fix SELinux regression
2017-02-01 15:13:49 -08:00
Andrea Luzzardi
14153795ba Re-vendor swarmkit to 1c7f003d75f091d5f7051ed982594420e4515f77
Includes docker/swarmkit#1914

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2017-02-01 13:23:39 -08:00
Harald Albers
ec0e3fe4e2 Add bash completion for docker checkpoint
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 926fa56c0d)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-01 12:35:00 -08:00
Sebastiaan van Stijn
d00e249c26
[1.13.x] bump RunC / libcontainer to fix SELinux regression
This bumps RunC and libcontainer to fix a regression
in 1.13 that caused SELinux labels to not be
applied correctly.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-01 12:27:00 -08:00
Tibor Vass
68f9fb9fd7 plugin: use pkg/errors in more places
Also provide stack trace output in daemon logs.

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 26d0bac895)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-01 12:00:30 -08:00
John Howard
7b15b4a9b2 Revendor Microsoft/go-winio v0.3.8
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit da6739c99f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-01 12:00:11 -08:00
Christopher Jones
5e859cf3c1 Update systemd drop-in link
Right now it redirects, so change it to the correct one.

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
(cherry picked from commit 7c763b360a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-01 11:59:06 -08:00
Victor Vieux
96b87362e6 Merge pull request #30610 from mlaventure/update-containerd-1.13.x
[1.13.x] Update containerd to version aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1
2017-01-31 17:56:51 -08:00
Victor Vieux
baf9288b78 Merge pull request #30574 from vieux/1.13.1-rc2-cherry
1.13.1-rc2 cherry-picks
2017-01-31 17:32:19 -08:00
Kenfe-Mickael Laventure
0311ed7b1c Update containerd to version aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-01-31 15:01:55 -08:00
allencloud
c74f17e91e add 400 status code for build api
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit c81a818b56)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-01-31 12:57:29 -08:00
unclejack
64856b7a24 Dockerfile*: bump Go to 1.7.5
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
(cherry picked from commit b6e2703230)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-01-31 12:57:29 -08:00
Anusha Ragunathan
c7f27f8c07 Add docs for service create based on plugins.
Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
(cherry picked from commit 62d399e811)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-01-31 12:55:45 -08:00
Joffrey F
171745b261 Fix typo in swagger.yaml for NetworkPrune operation
Signed-off-by: Joffrey F <joffrey@docker.com>
(cherry picked from commit 20c5fa3758)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-01-31 12:55:19 -08:00
Harald Albers
73b9bdc6cb Add bash completion for docker service logs
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 105231556a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-01-31 12:54:57 -08:00
Felix Abecassis
10d999d7ab install: map debian_version 9.X to debian stretch
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
(cherry picked from commit ac3d74b0b4)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-01-31 12:54:34 -08:00
Alexander Morozov
ee1b5c5944 Merge pull request #30579 from yongtang/1.13.x
[1.13.x] Cherry-pick SwarmKit update to 0af40501a9cc98cd3e9425d2e4246dd3eff5526e
2017-01-31 12:31:15 -08:00
Victor Vieux
c4d731c24c Merge pull request #30577 from justincormack/arm-seccomp-1.13
[1.13.x] Add two arm specific syscalls to seccomp profile
2017-01-30 17:15:27 -08:00
Yong Tang
1e0179589d [1.13.x] Cherry-pick SwarmKit update to 0af40501a9cc98cd3e9425d2e4246dd3eff5526e
This fix cherry-pick SwarmKit update to 0af40501a9cc98cd3e9425d2e4246dd3eff5526e
for branch 1.13.x. The following has been added:
- [docker/swarmkit#1909]: raft: Disable address change detection
- [docker/swarmkit#1910]: Fix issue in service update of published ports in host mode

This fix fixes #30199 in docker.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-01-30 15:22:48 -08:00
Justin Cormack
c1c5d30ee4 [1.13.x] Add two arm specific syscalls to seccomp profile
cherry pick #30545

These are arm variants with different argument ordering because of
register alignment requirements.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-01-30 23:01:28 +00:00
Victor Vieux
2527cfcc49 Merge pull request #30515 from vieux/1.13.1-rc1-changelog
bump to 1.13.1-rc1
2017-01-27 13:10:39 -08:00
Victor Vieux
de6c83de28 Merge pull request #30494 from vieux/cherry-pick-secrets-compose
[1.13.x] cherry-pick secrets to compose
2017-01-27 13:10:31 -08:00
Victor Vieux
e84317c735 bump to 1.13.1-rc1
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:46:09 -08:00
allencloud
e25c046488 update incorrect url in docs
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 5ae95d6245)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:32:10 -08:00
Sebastiaan van Stijn
749f8bfee8 document DOCKER_HIDE_LEGACY_COMMANDS env-var
The `DOCKER_HIDE_LEGACY_COMMANDS` environment
variable was added in a7c8bcac2b
but not documented.

This adds the variable to the documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2ef82fd237)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:31:55 -08:00
Lars-Magnus Skog
bdc5b347f5 update api docs on Placement.Constraints for services
Signed-off-by: Lars-Magnus Skog <ralphtheninja@riseup.net>
(cherry picked from commit 9c98bffc2b)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:31:34 -08:00
Janonymous
370e8f25d2 Fix json format of plugin
Signed-off-by: Janonymous <janonymous.codevulture@gmail.com>
(cherry picked from commit 2d24dbe896)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:31:20 -08:00
Harald Albers
e0c79df37d Add [OPTIONS] to usage of plugin disable|push
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit aad095f573)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:30:37 -08:00
Victor Vieux
e3441eb64c Merge pull request #30513 from mstanleyjones/1.13.x
Cherry-pick #30478 to 1.13.x
2017-01-27 11:10:08 -08:00
Victor Vieux
8d0198c59d fix cherry-pick
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:09:43 -08:00
Misty Stanley-Jones
ed7aea3533 Merge pull request #30478 from mstanleyjones/fix_broken_links
Fix broken relative links in old API docs
(cherry picked from commit 05d4c1314e)

Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2017-01-27 09:48:48 -08:00
Victor Vieux
1b05e7aee7 Merge pull request #30331 from vieux/1.13.1-rc1-cherrypicks
1.13.1 rc1 cherrypicks
2017-01-26 19:21:38 -08:00
Victor Vieux
c5147e6ab5 Merge pull request #30467 from mavenugo/1.13-lncp
Vendoring libnetwork 2c8b683
2017-01-26 10:56:58 -08:00
Josh Hawn
692c98895f Add SecretUpdate docs to api/swagger.yaml
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)

(cherry picked from commit 1cd5af59bf)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-26 06:38:32 -08:00
Josh Hawn
4dc1b6221d Add SecretUpdate method to client
closes #28678

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)

Update cli/command/service/update_test.go

Fixes test build error:

  secretAPIClientMock does not implement "github.com/docker/docker/client".SecretAPIClient (missing SecretUpdate method)

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)

(cherry picked from commit 77b8465d7e)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-26 06:38:25 -08:00
Daniel Nephin
1afa22733c Set default values for uid and gid to prevent errors when starting a service.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 167b3f95b7)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-26 06:21:01 -08:00
Daniel Nephin
c19f50acef Rebase Compose v3.1 schema on the latest v3 schema.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit b4f23bbc69)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-26 06:20:55 -08:00
Daniel Nephin
6b70c68a7c Remove secrets as part of stack remove.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit f0a5531c46)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-26 06:20:49 -08:00
Daniel Nephin
909014d324 Test and fix external secrets in stack deploy.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit b3427e43ed)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-26 06:20:36 -08:00
Daniel Nephin
1fed3349fb Add integration test for stack deploy with secrets.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 6ec84ef76d)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-26 06:20:26 -08:00
Daniel Nephin
2f445705f9 Implement secret types for compose file.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 9419e7df2b)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-26 06:19:49 -08:00
Daniel Nephin
118e55df62 Add v3.1 schema and support validating multiple version.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 65374488f9)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-26 06:18:26 -08:00
Madhu Venugopal
e6f89d1af5 Vendoring libnetwork 2c8b683
to address #30295

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-01-26 04:38:21 -08:00
Alessandro Boch
819bcf8182 Remove attachable network on swarm leave
- When the node leaves the cluster, if any user run
  container(s) is connected to the swarm network,
  then daemon needs to detach the container(s) and
  remove the network.

Signed-off-by: Alessandro Boch <aboch@docker.com>
(cherry picked from commit 3cedca5d53)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-26 04:31:34 -08:00
Sebastiaan van Stijn
3fc246ded2 Merge pull request #29732 from vdemeester/29676-deploy-indempotent
[1.13.x] Make docker stack deploy a little bit more idempotent
2017-01-26 12:47:23 +01:00
Victor Vieux
426c4cb747 Merge pull request #30452 from dnephin/cherry-compose-refactor
Compose fixes for 1.13.1
2017-01-26 00:47:42 -08:00
Michael Irwin
017381aea4 Fixed secret creation usage during service create in docs
Using source, the following error is made:
invalid field in secret request: src

Signed-off-by: Michael Irwin <mikesir87@gmail.com>
(cherry picked from commit 9250117d58)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-25 22:17:04 -08:00
Sebastiaan van Stijn
214f42d541 Add "src" alias for --secret
This patch adds a "src" alias for `--secret`
to be consistent with `--mount`.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 950658bbb6)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-25 22:16:32 -08:00
Yong Tang
a64c9357ca Fix incorrect Scope in network ls/inspect with duplicate network names
This fix tries to address the issue raised in 30242 where the `Scope`
field always changed to `swarm` in the ouput of `docker network ls/inspect`
when duplicate networks name exist.

The reason for the issue was that `buildNetworkResource()` use network name
(which may not be unique) to check for the scope.

This fix fixes the issue by always use network ID in `buildNetworkResource()`.

A test has been added. The test fails before the fix and passes after the fix.

This fix fixes 30242.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 05a831a775)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-25 22:13:13 -08:00
Darren Stahl
e7077f7d26 Windows: Add service dependency ConDrv
Signed-off-by: Darren Stahl <darst@microsoft.com>
(cherry picked from commit b2a7f6abb3)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-25 21:37:54 -08:00
Victor Vieux
328775ea4f removing trailing backslash in zsh completion
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-25 20:35:42 -08:00
Vincent Demeester
bf43d2a58d Make docker stack deploy a little bit more indempotent
Sort some slice fields before sending them to the swarm api so that it
won't trigger an update.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-25 20:31:09 -08:00
John Howard
6a9670b044 Windows: Bump to latest version of git
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 8a45eea2dd)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-25 20:07:49 -08:00
Christopher Jones
53576a5bf9 [ppc64le] use official go 1.7.4 binaries
go 1.7.4 introduced official go ppc64le binaries, so use those
instead of using older versions of go and building from src.

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
(cherry picked from commit 62ab6809bd)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-25 20:07:09 -08:00
Christopher Jones
6b4a835431 [project] bump go to go 1.7.4
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
(cherry picked from commit 20e243780e)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-25 20:06:06 -08:00
Daniel Nephin
92155e37b3 Add missing network.internal.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-01-25 16:43:05 -05:00
Daniel Nephin
7f396e8ea3 Update Compose schema to match docker-compose.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-01-25 16:43:05 -05:00
Daniel Nephin
d9bda3080a Add validation for compose schema bindata.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-01-25 16:43:05 -05:00
Daniel Nephin
007e492eac Add deps to test compose-file.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-01-25 16:43:05 -05:00
Daniel Nephin
6bc7bc19df Fix some bad merges
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-01-25 16:43:02 -05:00
Tibor Vass
cbe6781501 plugins: add example docs for a rexray plugin
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 5f713cecc5)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-25 13:31:51 -08:00
Daniel Nephin
5bf7901f5d Replace vendor of aanand/compose-file with a local copy.
Add go-bindata for including the schema.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-01-25 16:04:05 -05:00
Harald Albers
06dae4eae5 Fix bash completion for completing nodes
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 550947e437)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-25 13:04:05 -08:00
Daniel Nephin
a757b9bea9 Move pkg to cli/compose/convert
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-01-25 16:02:09 -05:00
Daniel Nephin
f147d9b0d1 More unit tests for converting services in stack deploy
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-01-25 15:59:23 -05:00
Daniel Nephin
5537dbde84 Move ConvertService to composetransform package.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-01-25 15:58:07 -05:00
Daniel Nephin
732e19892d Move ConvertVolumes to composetransform package.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-01-25 15:42:06 -05:00
Daniel Nephin
c9ffd3586c Move ConvertNetworks to composetransform package.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-01-25 15:32:53 -05:00
Victor Vieux
0b27583f82 Merge pull request #30332 from anusha-ragunathan/1.13.x
Cherry pick docker #30145 and vendor corresponding swarmkit #1883
2017-01-25 12:21:45 -08:00
Victor Vieux
3fdce9676b Merge pull request #29826 from vdemeester/29809-fix-network-ipam-configuration
[1.13.x] Change the way IPAM configuration is handled on stack deploy
2017-01-25 11:51:35 -08:00
Anusha Ragunathan
f0f020a579 Vendor swarmkit
Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
2017-01-25 10:13:26 -08:00
Anusha Ragunathan
3048e50434 Update TestSwarmNetworkPlugin test.
Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
2017-01-25 10:04:27 -08:00
Yong Tang
b194252d80 Fix failure in docker ps --format when .Label has args
This fix tries to fix the issue in 30279 where  `docker ps --format`
fails if `.Label` has args. For example:
```
docker ps --format '{{.ID}}\t{{.Names}}\t{{.Label "some.label"}}'
```

The reason for the failure is that during the preprocessing phase
to detect the existance of `.Size`, the `listOptionsProcessor`
does not has a method of `Label(name string) string`.

This results in the failure of
```
template: :1:24: executing "" at <.Label>: Label is not a method but has arguments
```

This fix fixes the issue by adding needed method of `Label(name string) string`.

This fix fixes 30279.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 2cd4ba1e56)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 17:45:05 -08:00
Brian Goff
e9751047e9 Fix deadlock on v1 plugin with activate error
When a plugin has an activation error, it was not being checked in the
`waitActive` loop. This means it will just wait forever for a manifest
to be populated even though it may never come.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit f2d384fca6)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 17:19:02 -08:00
Sebastiaan van Stijn
b875349fef do not create init-dir if not needed
commit 56f77d5ade
added support for cpu-rt-period and cpu-rt-runtime,
but always initialized the cgroup path, even if not
used.

As a result, containers failed to start on a
read-only filesystem.

This patch only creates the cgroup path if
one of these options is set.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f285d5b3e8)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 17:00:52 -08:00
Doug Davis
b0970b629b Only show global warnings once
Upon each container create I'm seeing these warning **every** time in the
daemon output:
```
WARN[0002] Your kernel does not support swap memory limit
WARN[0002] Your kernel does not support cgroup rt period
WARN[0002] Your kernel does not support cgroup rt runtime
```
Showing them for each container.create() fills up the logs and encourages
people to ignore the output being generated - which means its less likely
they'll see real issues when they happen.  In short, I don't think we
need to show these warnings more than once, so let's only show these
warnings at daemon start-up time.

Signed-off-by: Doug Davis <dug@us.ibm.com>
(cherry picked from commit ff42a2eb41)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 17:00:24 -08:00
Anusha Ragunathan
e9779fd7df Fix pluginv1 Windows volumes
c54b717 caused a regression for pluginv1 on Windows, where extraneous
backslashes were added to BasePath of the plugin. For pluginv1 on windows,
BasePath() should return an empty string, since the plugin is fully aware
of the mount path. Also, unlike Linux where all paths are relative to "/",
Windows paths are dependent on system drives and mapped drives.

Fixes #30148

Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
(cherry picked from commit 0ef21eb0e3)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 16:37:24 -08:00
Elan Ruusamäe
2dd2ac2c14 do not require custom build of tini
https://github.com/krallin/tini/issues/55#issuecomment-260507562
https://github.com/krallin/tini/issues/55#issuecomment-260538243
https://github.com/docker/docker/pull/28037

Signed-off-by: Elan Ruusamäe <glen@delfi.ee>
(cherry picked from commit d7df731597)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 16:31:39 -08:00
Victor Vieux
b60f411292 Merge pull request #30038 from tonistiigi/setclusterprovider
[v1.13] Add workaround for possible SetClusterProvider deadlock
2017-01-24 16:13:20 -08:00
Sebastiaan van Stijn
482534ff5f Ignore certificate expiry error for top-level inspect
The top-level `docker inspect` command could return
an error if the nodes Swarm certificates were expired.

In situations where the user did not explicitly
ask for an object-type (`--type=foo`), we should
ignore these errors, and consider them equal to
"node is not a swarm manager".

This change makes `docker inspect` ignore these
errors if no type was specified.

As a further optimization, the "swarm status"
result is now stored in a variable, so that
other swarm-specific API calls can be skipped.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 66cf4cc7f7)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 16:05:53 -08:00
Kenfe-Mickael Laventure
25810f3f47 Remove timeout on fifos opening
Instead of a timeout the context is cancelled on error to ensure
proper cleanup of the associated fifos' goroutines.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit c178700a04)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 15:57:14 -08:00
Aaron Lehmann
37be2d4e9b distribution: Add text/html and application/json as image mediatypes
As noted by #30083, the new strict checking of mediatypes misses some
cases where earlier bugs caused nonstandard mediatypes to be stored in
manifests. Two of the known cases are text/html and application/json,
which were returned by certain registries and stored by earlier versions
of Docker. Add special cases for text/html and application/json.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit a215e15cb1)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 15:53:36 -08:00
Harald Albers
880c12df7d Add bash completion for run|create --init-path
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 182048f185)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 15:41:44 -08:00
Harald Albers
ecd95a41d2 Add docs for run|create --init|--init-path
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit d049ef2b0d)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 15:41:37 -08:00
Kenfe-Mickael Laventure
b9ee1c6880 Ensure proper value is used when computing reclaimable space
When Size was reverted to be equal to VirtualSize, the df command
formatter was not correctly updated to account for the change.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit dcc1b4baf6)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 15:41:06 -08:00
Steve Durrheimer
0c16980468 Add zsh completion for 'dockerd --init' and 'docker {create,run} --init'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit cdf57782fd)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 13:52:09 -08:00
Harald Albers
1ec7869443 Add bash completion for plugin install --disable-content-trust
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 725a864a04)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 13:49:24 -08:00
Steve Durrheimer
0fa35e2073 Add zsh completion for 'docker plugin install --alias'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit 455b7bcbab)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 13:48:58 -08:00
Harald Albers
0be8ebd2a1 Fix bash completion for docker service update
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 01ac33ce16)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 13:48:18 -08:00
Harald Albers
b4fd48ce32 Add bash completion for docker service ps --filter node
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit a39a2bb6c2)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 13:47:54 -08:00
Harald Albers
9da299954f Add missing options to bash completion for docker swarm init|update
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit f93da79dc1)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 13:47:28 -08:00
Harald Albers
d4e6422212 Add bash completion for docker swarm unlock|unlock-key
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 07bd5152b3)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-24 13:47:03 -08:00
Victor Vieux
954520f0ef Merge pull request #30329 from johndmulhausen/patch-2
Fixing formatting errors in Run refdoc
2017-01-20 14:14:15 -08:00
Harald Albers
23e9d30cea Fix treatment of DOCKER_HIDE_LEGACY_COMMANDS in bash completion
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 12952f537c)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-20 14:07:19 -08:00
Harald Albers
7bb3740386 Honour $DOCKER_HIDE_LEGACY_COMMANDS in bash completion
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit aa006f1280)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-20 14:06:58 -08:00
Harald Albers
ba79dde9d2 Add bash completion for build --squash
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit e91dbba7ff)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-20 14:06:01 -08:00
Harald Albers
d621d74f64 Add bash completion for dockerd --init and docker run|create --init
Fixes #30263

Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 2076261757)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-20 14:05:33 -08:00
Steve Durrheimer
78e4fa2caa Add zsh completion for 'docker swarm --availability'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit ee2ce82c61)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-20 14:05:10 -08:00
Steve Durrheimer
f6d70d08a8 Add zsh completion for 'docker {container,image,network,system} prune --filter'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit 784ebccffa)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-20 14:03:45 -08:00
Anusha Ragunathan
660a186e92 Pass plugingetter as part of swarm node config.
This is necessary for swarmkit to support cluster wide plugins, such as
globally scoped network plugins.

Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
2017-01-20 13:44:22 -08:00
John Mulhausen
bd6c3ebed9 Fixing formatting errors
Fixing issues on https://docs.docker.com/engine/reference/builder/#arg

Signed-off-by: John Mulhausen <john@docker.com>
2017-01-20 13:26:30 -08:00
Victor Vieux
49bf474f9e bump version to 1.13.0
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-17 01:00:55 -08:00
Victor Vieux
d4f36676f0 Merge pull request #30188 from thaJeztah/update-1.13-changelog
[1.13] Add missing 1.13 features to changelog
2017-01-17 00:59:25 -08:00
Sebastiaan van Stijn
197977d7fd
Merge pull request #30108 from thaJeztah/update-changelog-1.12.6
Update changelog on master with changes from 1.12.x
(cherry picked from commit a4bc730298)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-01-17 09:53:25 +01:00
Sebastiaan van Stijn
8324f11b5a
Add missing 1.13 features to changelog
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-01-16 18:45:55 +01:00
Victor Vieux
48a9e53d70 bump version to 1.13.0-rc7
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-11 18:06:55 -08:00
Victor Vieux
bca3b05950 Merge pull request #30116 from vieux/cherry-pick-1.13.0-rc7
cherry pick 1.13.0-rc7
2017-01-12 22:03:51 -08:00
Yong Tang
4f914489e3 Add test for image size for v1.12 and v1.13 clients against v1.13 daemon
This test checks to make sure both v1.12 and v1.13 client against v1.13 daemon get correct `Size` after the fix.

This test is related to 30027.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit d9451f1c8c)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-11 17:59:31 -08:00
Kenfe-Mickael Laventure
e62d984138 Fix ImageSummary.Size value
The prune PR changed the meaning of the file to mean "space on disk
only unique to this image", this PR revert this change.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit be20dc15af)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-11 17:21:26 -08:00
Stefan J. Wernli
f6bc09c380 storeLayer.Parent should return describableStoreLayers
When storeLayer.Parent returns the parent layer, it needs to use the same logic as Get where it wraps in a describablyStoreLayer if the layer is describable. Otherwise, on Windows, this can result in pushing the foreign layers, which is not supposed to be allowed.
This fixes https://github.com/docker/docker/issues/30080.

Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
(cherry picked from commit d14b7212ad)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-11 14:54:09 -08:00
Victor Vieux
2f2d055013 bump version to 1.13.0-rc6
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-11 09:36:57 -08:00
Tõnis Tiigi
fc82c4b391 Merge pull request #30044 from tonistiigi/update-runc-113
[v1.13] vendor: update runc to 2f7393a4
2017-01-11 08:37:36 -08:00
Madhu Venugopal
e0c07ab799 Merge pull request #30042 from aaronlehmann/vendor-swarmkit-296fcfc
[1.13] Update vendored swarmkit to 296fcfc
2017-01-10 20:59:14 -08:00
Tonis Tiigi
acbad31dcd vendor: update runc to 2f7393a4
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-01-10 18:07:20 -08:00
Victor Vieux
7e792d6ca9 Merge pull request #30012 from tiborvass/plugin-devices-redone
[1.13] Plugins: Rename DeviceCreation to AllowAllDevices
2017-01-10 17:28:14 -08:00
Madhu Venugopal
c8083e8735 Modify network plugin test for swarm-mode
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-01-10 16:38:24 -08:00
Aaron Lehmann
18fd3885c6 Update vendored swarmkit to 296fcfc
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-01-10 16:07:45 -08:00
Tibor Vass
83b2782ea9 plugins: rename DeviceCreation to AllowAllDevices
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit f265727bdf)
Signed-off-by: Tibor Vass <tibor@docker.com>
2017-01-10 15:21:46 -08:00
Alexander Morozov
ece7e8ba27 Merge pull request #30034 from aaronlehmann/vendor-swarmkit-70cb786
[1.13] Update vendored swarmkit to 70cb786
2017-01-10 15:19:17 -08:00
Tonis Tiigi
4b2b0eb608 Add workaround for possible SetClusterProvider deadlock
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-01-10 15:14:26 -08:00
Aaron Lehmann
3fc1510dff [1.13] Update vendored swarmkit to 70cb786
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-01-10 12:55:35 -08:00
Vincent Demeester
340f288211 Merge pull request #29962 from vieux/1.13.0-rc6-cherrypicks
1.13.0 rc6 cherrypicks
2017-01-10 10:09:04 +01:00
Victor Vieux
0b2a029e56 Merge pull request #30009 from thaJeztah/revert-27146
[1.13.x] Revert "Require continuation char to be last char in a line"
2017-01-09 17:45:17 -08:00
Brian Goff
b7f412ef44 Merge pull request #29958 from cpuguy83/1.13_fix_selinux_packaging
[1.13] Fix conflicts with newly updated selinux policies
2017-01-09 20:15:51 -05:00
Sebastiaan van Stijn
57c17882a3
Revert "Require continuation char to be last char in a line"
This reverts commit 105bc63295,
which (although correct), resulted in a backward incompatible
change.

We can re-implement this in future, after this changes
goes through a deprecation cycle

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-01-10 00:36:40 +01:00
Victor Vieux
25879cfa54 Merge pull request #29994 from vdemeester/29974-fix-external-network
[1.13.x] Few stack deploy network fixes
2017-01-09 14:40:54 -08:00
Victor Vieux
6c2fdb64d1 Merge pull request #30004 from dnephin/fix-1.13-stack-deploy-resources
[1.13] Fix parsing resources from compose file for stack deploy
2017-01-09 14:40:30 -08:00
Victor Vieux
3fc150171f Merge pull request #30007 from aaronlehmann/vendor-swarmkit-8ea08a3
[1.13] Update vendored swarmkit to 8ea08a3
2017-01-09 14:39:57 -08:00
Victor Vieux
53ac375422 Merge pull request #29905 from coolljt0725/cherry-pick-29721
1.13.x cherry-pick: Cherry pick 29721
2017-01-09 14:22:23 -08:00
Aaron Lehmann
831eeb38f1 [1.13] Update vendored swarmkit to 8ea08a3
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-01-09 11:45:04 -08:00
Daniel Nephin
f27a297595 Fix parsing resources from compose file for stack deploy.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-01-09 14:15:32 -05:00
Sebastiaan van Stijn
46af2edec2 un-fork go-memdb
commit 9322636c89
temporarily switched to a fork of go-memdb, because
a pull request that was needed was not yet merged
upstream.

this pull request was merged, so we can un-fork
this dependency.

this change does not bump the dependency, and
only un-forks. bumping the dependency should
be done in a separate change, if needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5f057f6350)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-09 06:37:40 -08:00
Aaron Lehmann
f2260228a7 vendor: Unfork logrus dependency
Vendor the latest official logrus release instead of a custom fork
(which now happens to be identical to the fork).

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 11df2db538)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-09 06:37:40 -08:00
Victor Vieux
b2219f1bb5 remove -f on secret create and unify usage with other commands
Signed-off-by: Victor Vieux <vieux@docker.com>
(cherry picked from commit db6652ca71)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-09 06:37:40 -08:00
Tonis Tiigi
7c8511236c Fix workdir cache invalidation
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit e160860054)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-09 06:37:40 -08:00
Harald Albers
b2e12626c7 Add bash completion for plugin names
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit e7243a303a)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-09 06:37:40 -08:00
Yunxiang Huang
57a63f1ed2 Fix "zsh/_docker"
Signed-off-by: Yunxiang Huang <hyxqshk@vip.qq.com>
(cherry picked from commit c6544394b8)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-09 06:37:40 -08:00
Tonis Tiigi
d3bffd978a Set plugins used in tests back to original names
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit f4798b98fc)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-09 06:37:40 -08:00
Harald Albers
40736b1848 Fix wrong command in changelog
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 1fe0270e72)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-09 06:37:40 -08:00
Vincent Demeester
462cd90f74
Create only network that are used
- default network is only created if needed
- it's possible to override default network configuration

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-09 12:56:58 +01:00
Vincent Demeester
19cf2b3d5f
Fix external network name not properly handle by stack deploy
Make sure we use the Network external name if it's not empty.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-09 12:26:02 +01:00
Sebastiaan van Stijn
1dded0dee4 Merge pull request #29895 from cpuguy83/cherry_pick_29893
[1.13.x] Fix race accessing plugin storage map
2017-01-07 13:03:34 +01:00
Brian Goff
9f0e745152 Merge pull request #29926 from aaronlehmann/vendor-swarmkit-7f910df
[1.13] Vendor swarmkit 7f910df
2017-01-06 16:19:39 -05:00
Brian Goff
464b205956 Fix conflicts with newly updated selinux policies
The base selinux policies on centos/rhel/oraclelinux have all been
updated in a way that conflicts with the policies we install with
`docker-engine-selinux`. This patch fixes these conflicts.

In addition, removes special cases for old/unsupported versions of
fedora in our selinux package, and change to use a single minimum
version for the selinux base policy package, as this is the minimum
version required to use our selinux policy package.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit ec9a05e5e2)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-01-06 16:04:59 -05:00
Brian Goff
3b2982a2bb Fix race accessing plugin storage map
`plugins.GetAll()` was not locking the plugin map when checking if a
plugin exists, this can cause a race and potentially a panic if another
goroutine is trying to load a plugin into the map at the same time.

Also fixes a race during activation where a plugin inserts itself into
the plugin map but does not check if something else is already there.
This is already checked before trying to activate the plugin, however
the map lock is not held for this entire period, so other plugins may be
loaded during this time.
To fix, before inserting the plugin into the map, check if one with the
same name already exists and use that instead.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 21fcbb39b7)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-01-06 08:28:43 -05:00
Lei Jitang
d2e99882b9 Follow up #29365, fix fail to remove container after restart
Call daemon.Mount will increase the refcount of mounted path,
for those previous running containers, `Mount` call will make
the refcount to 2. see
https://github.com/docker/docker/blob/v1.13.0-rc4/daemon/graphdriver/counter.go#L38
```
	if !m.check {
		m.check = true
		if c.checker.IsMounted(path) {
			m.count++
		}
	}
	m.count++

```
graphdrive could restore on reboot after #22541, call
daemon.Mount to resore the graphdriver is not necessary.

And call `daemon.Mount` on restorting will mount all the containers
mounted layer even if it was stop.

This fix call Mount and then Unmount to get `BaseFs`

Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-01-05 20:27:34 -05:00
Yong Tang
25b967e149 Allow containers to continue even if mount failed after live restore
This fix is a follow up to #29365. In #29365 a bug was fixed for
`docker exec -u user` after live restore by remounting.
However, #29365 will prevent containers from restored if mount failed.

In this fix, containers will be restored even if mount in that step failed.
Some functionalities might be missing (like `docker exec -u user`) but
at least it is possible to do certain operations like stop/restart/delete.

This fix is related to #29365.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 3003ae1d8b)
2017-01-05 20:27:19 -05:00
Aaron Lehmann
eb5273edd4 [1.13] Revendor swarmkit to 7f910df
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-01-05 14:53:47 -08:00
Vincent Demeester
46afc8f148 Change the way IPAM configuration is handled on stack deploy
We use the 'default' driver if none is specified.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-04 20:25:04 +01:00
Tibor Vass
1afd41e4f7 Merge pull request #29866 from vieux/1.13.0-rc5-cherrpicks
1.13.0 rc5 cherrypicks
2017-01-04 11:04:22 -08:00
Victor Vieux
43cc971d76 bump version to rc5
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 04:27:03 -08:00
Victor Vieux
7f20c11c47 Merge pull request #29878 from mavenugo/npfilter2
Cherry-pick #29877 : Use GetAllByCap to get list of network plugins in docker info
2017-01-04 14:54:32 -08:00
Madhu Venugopal
69240476d4 Swarmkit has enabled the plugin filtering logic based on the drivers
returned in "docker info". Currently info endpoint isnt using the
GetAllByCap, but relies on existing networks to get the plugin names.
This causes a basic issue when it comes to global network plugins which
swarm-mode relies on, wherein swarmkit will not be able to schedule the
network on the worker nodes due to the filtering logic.

In order to break this chicken & egg issue, we must start to use the
GetAllManagedPluginsByCap. We are unable to use GetAllByCap due to
various issues with Plugin-V1's lazy loading approach causing issues
especially during daemon restarts (which uses SystemInfo)

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-01-04 12:46:56 -08:00
Lei Jitang
a46dbbded9 Fix update clear the restart policy of monitor
Signed-off-by: Lei Jitang <leijitang@huawei.com>
(cherry picked from commit 737b5b1781)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-04 12:44:55 +01:00
Victor Vieux
4e9dd0e51c replace no-remove by sample-volume-plugin in docs
Signed-off-by: Victor Vieux <vieux@docker.com>
(cherry picked from commit bcead9282e)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-04 12:44:55 +01:00
Brian Goff
84f25c7cb8 Fix race/deadlock in v1 plugin handlers
When a plugin is activated, and then `plugins.Handle` is called to
register a new handler for a given plugin type, a deadlock occurs when
for anything which calls `waitActive`, including `Get`, and `GetAll`.

This happens because `Handle()` is setting `activated` to `false` to
ensure that plugin handlers are run on next activation.
Maybe these handlers should be called immediately for any plugins which
are already registered... but to preserve the existing behavior while
fixing the deadlock, track if handlers have been run on plugins and
reset when a new handler is registered.

The simplest way to reproduce the deadlock with Docker is to add a `-v
/foo` to the test container created for the external graphdriver tests.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 2938dce794)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-04 12:44:55 +01:00
Yong Tang
6841887132 Add --file flag for docker secret create command
This fix tries to address the issue raised in 28581 and 28927
where it is not possible to create a secret from a file (only
through STDIN).

This fix add a flag `--file` to `docker secret create` so that
it is possible to create a secret from a file with:
```
docker secret create --file secret.in secret.name
```

or
```
echo TEST | docker secret create --file - secret.name
```

Related docs has been updated.

An integration test has been added to cover the changes.

This fix fixes 28581.
This fix is related to 28927.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit c6f0b7f448)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-04 12:44:55 +01:00
Yanqiang Miao
aa5ac38f41 Optimization a error description
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
(cherry picked from commit 6c021893aa)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-04 12:44:55 +01:00
Yong Tang
d01138c162 Remove docker stack ps -a to match removal of docker service/node ps -a
In #28507 and #28885, `docker service/node ps -a` has been removed so that
information about slots are show up even without `-a` flag.

The output of `docker stack ps` reused the same output as `docker service/node ps`.
However, the `-a` was still there. It might make sense to remove `docker stack ps -a`
as well to bring consistency with `docker service/node ps`.

This fix is related to #28507, #28885, and #25983.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 9155e14e77)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-04 12:44:54 +01:00
Brian Goff
def75b2c2c Fixes a race condition in client events monitoring
In cases where there is high latency (ie, not-local network)
`waitExitOrRemoved` was not receiving events for short-lived containers.
This caused the client to hang while waiting for a notification that the
container has stopped.

This happens because `client.Events()` returns immediately and spins a
goroutine up to process events. The problem here is it returns before
the request to the events endpoint is even made.
Even without high-latency issues, there is no guarantee that the
goroutine is even scheduled by the time the function returns.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 47585996bf)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-04 12:44:54 +01:00
Harald Albers
ff7934faf2 Fix usage message of plugin inspect
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 1b58d0bc51)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:44:54 +01:00
Daniel Nephin
045e9834a5 Trim quotes from TLS flags.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit abe32de6b4)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-04 12:43:17 +01:00
Daniel Nephin
a2dc349c74 Add quoted string flag Value.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit e4c1f07729)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:42 +01:00
Sebastiaan van Stijn
7cbc4cb7f2 fix powershell dco check
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 611a633ba4)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:42 +01:00
Yong Tang
e2b04a7818 Fix image's CMD after WORKDIR in Dockerfile
This fix tries to fix 29667 where image's `CMD` is modified
after `WORKDIR` in Dockerfile.

The value of `b.runConfig.Cmd` was modified in the processing
of `WORKDIR`, in order to fix 28902. However, the same
`b.runConfig.Cmd` is passed to `commit()`.

This fix restored the `b.runConfig.Cmd` before `commit()`
the image for `WORKDIR`.

A test has been added.

This fix fixes 29667.

This fix is related to 28902, 28909, 28514.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 0836023847)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:42 +01:00
Harald Albers
ea00b14170 Add bash completion for plugin disable --force
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit e1403453f0)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:42 +01:00
Harald Albers
5903ead08e Fix bash completion for plugin enable|disable
`docker plugin enable` and `docker plugin disable` only
accept one plugin.

Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 390effdd11)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:42 +01:00
Alexander Morozov
428ae70759 commit: do not change container labels on commit
Fix #29547

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
(cherry picked from commit ca6c6f0765)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:42 +01:00
Brian Goff
eefb2220c0 Fix usage of boltdb in volume restore
bolt k/v pairs are only valid for the life of a transaction.
This means the memory that the k/v pair is referencing may be invalid if
it is accessed outside of the transaction.
This can potentially cause a panic.

For reference: https://godoc.org/github.com/boltdb/bolt#hdr-Caveats

To fix this issue, unmarshal the stored data into volume meta before
closing the transaction.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 4876a9047e)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:41 +01:00
yuexiao-wang
8b155a9109 Update 'ID' field for 'docker plugin ls'
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit 1e6587ff28)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:41 +01:00
Harald Albers
c809c40647 Add bash completion for plugin install --alias
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 83158f8aff)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:41 +01:00
Yanqiang Miao
994b3928f6 Add 'volume prune' to the volume commands index
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
(cherry picked from commit 3d4ea98971)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:41 +01:00
Harald Albers
39b3e39c40 Remove bash completion for deprecated docker daemon
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 536a9ec698)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:41 +01:00
Harald Albers
e7960584f2 Remove --all|-a from docker node ps reference
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 364e900237)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:41 +01:00
Harald Albers
c25a4762ef Remove bash completion for docker node ps --all|-a
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit a54cc4f88d)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:41 +01:00
Zhang Wei
2c53989b4b Add missing "--default-runtime" flag in manpage
Add missing flag and more descriptions in manpage.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
(cherry picked from commit 977fd43985)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:41 +01:00
Akihiro Suda
1c5cb46649 update experimental/README.md
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit eb11a10ddf)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:41 +01:00
Tobias Gesellchen
97b0bb730e fix swagger description for DELETE /plugin/{name}
Signed-off-by: Tobias Gesellchen <tobias@gesellix.de>
(cherry picked from commit e6b2829a7f)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:40 +01:00
Tonis Tiigi
6d6c11dceb Fix inspect object by invalid reference
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 3cd39aaeab)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-04 12:42:40 +01:00
lixiaobing10051267
cf93b2b1c2 update URL of plugins_graphdriver.md in experimental/README.md
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>

(cherry picked from commit 82eeab62df)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-03 23:47:46 -08:00
allencloud
7a89c43a5e update plugins in docs and correct things in index.md
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 6d3e1d2fd2)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-03 23:47:01 -08:00
yuexiao-wang
8afa73d280 Update reference document for secret and stack
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit 7bb31f3168)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-03 23:46:29 -08:00
Victor Vieux
d2a4a53f11 small secret doc update
Signed-off-by: Victor Vieux <vieux@docker.com>
(cherry picked from commit 91b739b552)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-03 23:45:30 -08:00
Tibor Vass
7d58f5fb88 Merge pull request #29869 from cpuguy83/backport_28263
[cherry-pick] Moves graphdriver plugin docs out of experimental
2017-01-03 21:35:06 -08:00
Tibor Vass
73be1c098a Merge pull request #29858 from mavenugo/1.13-nplugins
Cherry-pick : Fixing a couple of network plugin life-cycle mgmt issues
2017-01-03 19:56:11 -08:00
Brian Goff
c18f592150 Moves graphdriver plugn docs out of experimental
Also updates some of the structures being sent so plugins are getting
all the new options.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-01-03 21:58:43 -05:00
Tibor Vass
f335200410 Merge pull request #29859 from thaJeztah/1.13-fix-anonymous-volumes
[1.13] fix anonymous volumes
2017-01-03 16:20:10 -08:00
Madhu Venugopal
c5b5b4ea45 Properly cleanup plugin states which might impact other tests
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-01-03 15:37:47 -08:00
Madhu Venugopal
627bc91727 Handle Plugin reference count during network create and delete
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-01-03 15:37:47 -08:00
Madhu Venugopal
15293063ba Vendoring libnetwork to bring in isbuiltin changes
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-01-03 15:37:47 -08:00
Madhu Venugopal
b219698e75 Add a GetAll function that returns only managed plugins supported by V2
The current GetAll handles both V2 and legacy plugins. Also due to the
nature of V1 plugins, it also loads them. This causes problems when
loading is not required. Hence adding an independent API that will
return only the plugins that are loaded using v2 mangaed plugins.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-01-03 15:37:46 -08:00
Sebastiaan van Stijn
1ca25a2e5e
Improve validation for volume specs
The current validation only checked for the
number of elements in the volume-spec, however,
did not validate if the elements were empty.

Because of this, an empty volume-spec (""),
or volume spec only containing separators ("::")
would not be invalidated.

This adds a simple check for empty elements in
the volume-spec, and returns an error if
the spec is invalid.

A unit-test is also added to verify the behavior.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-01-03 21:49:03 +01:00
Sebastiaan van Stijn
36c0b59149
fix conversion of anonymous volumes in compose-file
the `convertVolumeToMount()` function did not take
anonymous volumes into account when converting
volume specifications to bind-mounts.

this resulted in the conversion to try to
look up an empty "source" volume, which
lead to an error;

    undefined volume:

this patch distinguishes "anonymous"
volumes from bind-mounts and named-volumes,
and skips further processing if no source
is defined (i.e. the volume is "anonymous").

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-01-03 21:22:07 +01:00
Brian Goff
3e0df05ec4 Merge pull request #29734 from tonistiigi/1.13-plugins
[v1.13] plugins updates
2016-12-28 10:56:21 -05:00
Tonis Tiigi
f02d46f050 Fix validation of plugins without rootfs in config
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 6c7cb52009)
2016-12-27 17:21:08 -08:00
Derek McGowan
25bbf8ab7c Support for docker content trust for plugins
Add integration test for docker content trust

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
(cherry picked from commit 14e8bba4f5)
2016-12-27 14:27:28 -08:00
Tonis Tiigi
38d914cc96 Implement content addressability for plugins
Move plugins to shared distribution stack with images.

Create immutable plugin config that matches schema2 requirements.

Ensure data being pushed is same as pulled/created.

Store distribution artifacts in a blobstore.

Run init layer setup for every plugin start.

Fix breakouts from unsafe file accesses.

Add support for `docker plugin install --alias`

Uses normalized references for default names to avoid collisions when using default hosts/tags.

Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
(cherry picked from commit 3d86b0c79b)
2016-12-27 13:31:14 -08:00
Derek McGowan
bb37c67a90 Abstract distribution interfaces from image specific types
Move configurations into a single file.
Abstract download manager in pull config.
Add supports for schema2 only and schema2 type checking.
Add interface for providing push layers.
Abstract image store to generically handle configurations.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
(cherry picked from commit 3c7676a057)
2016-12-27 13:31:06 -08:00
Derek McGowan
a55a9b14d1 Update distribution vendor for manifest builder change
Manifest builder allows setting the configuration type
for the manifest being build. Additionally the default
type has been renamed to reflect it is an image type.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
(cherry picked from commit 61ac7c4bf8)
2016-12-27 13:30:44 -08:00
Anusha Ragunathan
2039ea6adc Enforce zero plugin refcount during disable.
When plugins have a positive refcount, they were not allowed to be
removed. However, plugins could still be disabled when volumes
referenced it and containers using them were running.

This change fixes that by enforcing plugin refcount during disable.
A "force" disable option is also added to ignore reference refcounting.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 8cb2229cd1)
2016-12-27 13:19:25 -08:00
Yong Tang
05426c80d9 Fix docker plugin inspect <unkown object> issue on Windows
This fix is a follow up for comment:
https://github.com/docker/docker/pull/29186/files#r91277345

While #29186 addresses the issue of `docker inspect <unknown object>`
on Windows, it actually makes `docker plugin inspect <unknown object>`
out `object not found` on Windows as well. This is actually misleading
as plugin is not supported on Windows.

This fix reverted the change in #29186 while at the same time,
checks `not supported` in `docker inspect <unknown object>` so that
- `docker plugin inspect <unknown object>` returns `not supported` on Windows
- `docker inspect <unknown object>` returns `not found` on Windows

This fix is related to #29186 and #29185.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 0b3c10ac4d)
2016-12-27 13:19:16 -08:00
Yong Tang
fed1b91bb4 Use GetByName to check for collision before create any context in plugin creation
This fix is a follow up to the comment:
https://github.com/docker/docker/pull/28717#discussion_r90040589

Currently, the collision checking is done at the last step `Add()` of
plugin creation. However, at this stage the context such as plugin
directories have already been creation. In case of name collision,
rollback is needed which could be expensive.

This fix performs the check at the beginning of CreateFromContext using
GetByName. In this way, collision fails fast and no context creation
or rollback is needed.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 52405a9b58)
2016-12-27 12:10:11 -08:00
Victor Vieux
88862e707a bump 1.13.0-rc4
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-16 02:10:49 -08:00
Victor Vieux
f3749c5a9c Merge pull request #29465 from docker/1.13.0-rc4-cherrypicks
1.13.0-rc4 cherry-picks: part2
2016-12-16 13:12:57 -08:00
Victor Vieux
7d4318c83c Merge pull request #29433 from aaronlehmann/swarm-plugins-1.13
[1.13] Support v2 plugins in swarm mode
2016-12-16 12:47:52 -08:00
Aaron Lehmann
05fba4af5f Add integration test for volume plugins on swarm
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-12-16 10:44:26 -08:00
Aaron Lehmann
501083e82a Fix volume Create to check against canonical driver name
Previously, it was comparing against the driver name passed in by the
caller. This could lead to subtle issues when using plugins, like
"plugin" vs. "plugin:latest".

Also, remove "conflict:" prefix to improve the error message.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit a854cf262336e5625ec06e8e12e8ebc1500ce656)
2016-12-16 10:44:26 -08:00
Aaron Lehmann
4e5129c511 Publish installed v2 plugins to manager
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 2a97ea9a6e)
2016-12-16 10:44:25 -08:00
Aaron Lehmann
e460a5f45c Vendor swarmkit from bump_v1.13.0 branch
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-12-16 10:44:25 -08:00
Victor Vieux
c9a557765e Merge pull request #29469 from aaronlehmann/swarm-content-trust-1.13
[1.13] Backport "Content trust for swarm services"
2016-12-16 01:00:27 -08:00
Brian Goff
1a865dd303 Fix volume plugin refecounting on daemon restart
Ensures all known volumes (known b/c they are persisted to disk) have
their volume drivers refcounted properly.

In testing this, I found an issue with `--live-restore` (required since
currently the provided volume plugin doesn't keep state on restart)
where restorted plugins did not have a plugin client loaded causing a
panic when trying to use the plugin.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 6ef1060cd0)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 23:39:28 -08:00
Akihiro Suda
0c19045523 api: allow creating a network of which name is the prefix of the ID of a swarm network
Previously, it doesn't allow creating such a network:

e.g.

    $ docker network inspect -f '{{.Id}}' ingress
    84xh9knigj6zyt00u31e26nj3
    $ docker network create 84
    Error response from daemon: network with name 84 already exists

Fix #27866

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit edfbc3b876)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 22:59:42 -08:00
Andrew Hsu
ecf7a631a6 remove fedora-23 because eol
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
(cherry picked from commit ef98091a90)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 22:45:20 -08:00
yuexiao-wang
f573d8b621 Fix inconsistency for pause and unpause
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit 082f4919ca)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 22:42:43 -08:00
yuexiao-wang
51020f7074 Add the whole related information for node
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit b67b0949ed)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 22:42:02 -08:00
Sebastiaan van Stijn
5391ce8ffa swarm leave is not only for workers
the "docker swarm leave" command description
mentioned that the command can only be used
for workers, however, the command can also
be used for managers (using the `-f` / `--force`
option).

this patch removes the "(workers only)" part
of the command description.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f89eee5d9d)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 22:41:43 -08:00
Victor Vieux
29f42b4036 fix devices in plugins
Signed-off-by: Victor Vieux <vieux@docker.com>
(cherry picked from commit 6f00601c9f)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 22:19:28 -08:00
Brian Goff
caaee2ebab Make graphdriver plugin use plugin BasePath
Also enables `PropagatedMount` for graphdrivers.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 500210475f)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 22:19:22 -08:00
Yong Tang
315c34953d Show usage when docker swarm update has no flags
This fix tries to address the issue raised in 24352. Previously,
when `docker swarm update` has no flags, the output is
```
Swarm updated.
```
even though nothing was updated. This could be misleading for
users.

This fix tries to address the issue by adding a `PreRunE` function
in the command so that in case no flag is provided (`cmd.Flags().NFlag() == 0`),
the usage will be outputed instead.

An integration has been added to cover the changes.

This fix fixes 24352.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 5aa5a1cb00)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 21:07:18 -08:00
Trapier Marshall
b5d4f87612 fix typo in reference for service create
Signed-off-by: Trapier Marshall <trapier.marshall@docker.com>
(cherry picked from commit 90c680ad25)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 21:06:23 -08:00
Harald Albers
dc05dfd30e Make bash completion for docker stack deploy --bundle-file experimental
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit a53bdfa3be)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 21:06:23 -08:00
Harald Albers
f68d703a8c Add docs for docker network create --attachable
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 7433d3acf6)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 21:06:23 -08:00
yuexiao-wang
ce5ea47cb0 Add the link for service logs
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit 54d38fe115)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 21:06:23 -08:00
Christopher Jones
a260417927 [plugins] return err when failing remove
Fixes a case where removing the plugin from disk would
fail silently. Also moves pluginStore remove after we
remove from disk, so 'docker plugin ls' doesn't isn't
empty in case it errors out.

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
(cherry picked from commit fb11164c4f)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 21:06:23 -08:00
Yong Tang
a80251e8cd Fix docker exec -u issue after docker daemon restart
This fix tries to address the issue raised in 29342 where
`docker exec -u` after docker daemon restart returns an error:
```
unable to find user test: no matching entries in passwd file
```

The reason was that `container.BaseFS` is not present after restart.

This fix adds the `daemon.Mount` during the restore to bring up the
`container.BaseFS`.

An integration test has been added to cover the changes.

This fix fixes 29342.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 7feb2a17e4)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-15 21:06:23 -08:00
Aaron Lehmann
8f724a277a integration-cli: Add integration tests for swarm services + content trust
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 62cd3b39f9)
2016-12-15 20:44:22 -08:00
Aaron Lehmann
61dc897a30 cli: Pin image to digest using content trust
Implement notary-based digest lookup in the client when
DOCKER_CONTENT_TRUST=1.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit d4d6f8c0d0)
2016-12-15 18:20:13 -08:00
Aaron Lehmann
5e7d2ab3b8 cli: Split out GetNotaryRepository and associated functions
Split these into cli/trust so that other commands can make use of them.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 4b8c79f25e)
2016-12-15 18:20:07 -08:00
Aaron Lehmann
261f9b6243 registry: Remove reference.go
This removes some very old vestigial code that really should have been
removed during the content addressability transition. It implements
something called "reference" but it behaves differently from the actual
reference package. This was only used by client-side content trust code,
and is relatively easy to extricate.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit d91ed88365)
2016-12-15 18:18:47 -08:00
Justin Cormack
45b441f4f9 Merge pull request #29395 from mavenugo/exp13
Cherry-pick : Add the missing experimental ipvlan network driver
2016-12-15 14:56:00 -08:00
Sebastiaan van Stijn
61ce93a6f5 Merge pull request #29429 from vdemeester/publish-long-short-syntax-1_13
[1.13.x] Publish long short syntax 1 13
2016-12-15 21:44:06 +01:00
Vincent Demeester
162ef5d158
Make --publish-rm precedes --publish-add, so that add wins
`--publish-add 8081:81 --publish-add 8082:82 --publish-rm 80
--publish-rm 81/tcp --publish-rm 82/tcp` would thus result in 81 and
82 to be published.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-15 09:15:54 +01:00
Vincent Demeester
37ea8104b0
Remove --port and update --publish for services to support syntaxes
Add support for simple and complex syntax to `--publish` through the
use of `PortOpt`.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-15 07:24:26 +01:00
Victor Vieux
1b521547f0 Merge pull request #29229 from vieux/1.13.0-rc4-cherrypicks
1.13.0-rc4 cherry-picks: part1
2016-12-14 17:18:17 -08:00
Victor Vieux
4d2be03b68 Merge pull request #29418 from aboch/p66
[1.13.x] Fix buildIpamResources()
2016-12-14 15:28:58 -08:00
Alessandro Boch
fa9618550a Fix buildIpamResources()
- Can no longer assume IPv6 operational data to be present

Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-12-14 10:36:44 -08:00
Madhu Venugopal
29861173e1 Pass daemon experiemental flag to libnetwork
Required to enable ipvlan experimental network driver

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2016-12-14 00:55:34 -08:00
Madhu Venugopal
b7316e85c0 Vendor libnetwork with experimental daemon flag handling
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2016-12-14 00:54:57 -08:00
Victor Vieux
efdf7ae8f3 skip empty networks in plugin install
Signed-off-by: Victor Vieux <vieux@docker.com>
(cherry picked from commit 04e35a01fc)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 23:49:27 -08:00
yuexiao-wang
a4af72fc87 Update the manual for docker wait
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit 303ff807f2)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 23:48:53 -08:00
Ben Firshman
20dc482b10 Add display name for tags in swagger.yaml
In #29071, we made the tags the correct name for generating types,
at the expense of the menu in the documentation looking good.

ReDoc now has support for tag display names
( https://github.com/Rebilly/ReDoc/pull/152 ), so we can assign
a more human-friendly name to the menu items.

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit 0caa6c218c)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 23:48:22 -08:00
Brian Goff
8b31f217ff Refcount graphdriver plugins properly
Adds 2 new methods to v2 plugin `Acquire` and `Release` which allow
refcounting directly at the plugin level instead of just the store.
Since a graphdriver is initialized exactly once, and is really managed
by a separate object, it didn't really seem right to call
`getter.Get()` to refcount graphdriver plugins.
On shutdown it was particularly weird where we'd either need to keep a
driver reference in daemon, or keep a reference to the pluggin getter in
the layer store, and even then still store extra details on if the
graphdriver is a plugin or not.

Instead the plugin proxy itself will handle calling the neccessary
refcounting methods directly on the plugin object.

Also adds a new interface in `plugingetter` to account for these new
functions which are not going to be implemented by v1 plugins.

Changes terms `plugingetter.CREATE` and `plugingetter.REMOVE` to
`ACQUIRE` and `RELEASE` respectively, which seems to be better
adjectives for what we're doing.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit f29bbd16f5)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 19:56:51 -08:00
Dong Chen
39c9f1c024 Run overlay attachable test on a single daemon
Signed-off-by: Dong Chen <dongluo.chen@docker.com>
(cherry picked from commit e42d1bb4b2)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 19:56:51 -08:00
Brian Goff
4e08d8ef03 Fix issues with plugin and --live-restore
Fixes an issue when starting the daemon with live-restore
where previously it was not set, plugins are not running.

Fixes an issue when starting the daemon with live-restore, the plugin
client (for interacting with the plugins HTTP interface) is not set,
causing a panic when the plugin is called.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit cb6633175c)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 19:56:44 -08:00
Sebastiaan van Stijn
47b838db40 Update reference docs for service ps
commit bbd2018ee1
changed the output format of `docker service ps`.

this patch updates the reference docs
to match the updated output format.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5902fa3384)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 17:10:24 -08:00
yuexiao-wang
1dd2e2f545 Fix the incorrect option name
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit b101e451f1)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 17:10:05 -08:00
lixiaobing10051267
e65660da3d stack_config.md not exist and delete it
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
(cherry picked from commit afaff51a8b)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 17:09:47 -08:00
John Howard
004ec96608 Windows: Prompt fix
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 30b8f08443)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 17:09:29 -08:00
yuexiao-wang
54e52b97f4 Update the option 'network' for docker build
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit cd317282c9)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 17:09:12 -08:00
allencloud
4aa72cb5a9 add missing status code 403 for services/create in docs
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 19654fd71e)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 17:08:53 -08:00
Sebastiaan van Stijn
f59aa96e3d deprecate "top-level" network information in NetworkSettings
When inspecting a container, `NetworkSettings` contains top-level
information about the default ("bridge") network;

`EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`,
`IPAddress`, `IPPrefixLen`, `IPv6Gateway`, and `MacAddress`.

These properties are deprecated in favor of per-network properties in
`NetworkSettings.Networks`. These properties were already "deprecated" in
docker 1.9, but kept around for backward compatibility.

Refer to [#17538](https://github.com/docker/docker/pull/17538) for further
information.

This officially deprecates these properties, and marks them
for removal in 1.16

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ae6f09b29c)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-13 17:08:28 -08:00
Victor Vieux
89c27499da Merge pull request #29340 from vieux/1.13_changelog
update changelog 1.13.0-rc4
2016-12-13 09:41:03 -08:00
Christopher Jones
4c65bf9a10 [integration-cli] skip plugin tests on non-x86
Due to the test plugins being architecture specific, these
tests fail to start the plugin (even though they don't fail yet)

Temporary fix until we can build architecture specific test
plugins.

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
(cherry picked from commit ebff8c79a3)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 20:56:38 -08:00
Victor Vieux
1149997787 update changelog 1.13.0
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 17:08:18 -08:00
Anusha Ragunathan
1a86cbb031 When plugin enable fails, unmount PropagatedMount.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit cef443bddf)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 16:17:19 -08:00
Aleksa Sarai
80c3ed1c0c daemon: switch to 'ensure' workflow for AppArmor profiles
In certain cases (unattended upgrades), system services can disable
loaded AppArmor profiles. However, since /etc being read-only is a
supported setup we cannot just write a copy of the profile to
/etc/apparmor.d.

Instead, dynamically load the docker-default AppArmor profile if a
container is started with that profile set. This code will short-cut if
the profile is already loaded.

Fixes: 2f7596aaef ("apparmor: do not save profile to /etc/apparmor.d")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
(cherry picked from commit 567ef8e785)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 16:16:50 -08:00
Aleksa Sarai
20d6f23b55 apparmor: switch IsLoaded to return bool
Signed-off-by: Aleksa Sarai <asarai@suse.de>
(cherry picked from commit e440a57a79)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:33:10 -08:00
Yong Tang
20a7e39728 Fix missing IPAM options in swarm network mode
This fix tries to fix the issue raised in 29044 where
the IPAM options is missing in swarm network mode
after the service is deployed. Before the service
is deployed, the IPAM options is available.

The reason for the issue is that, before service is
deployed, `network inspect` is querying the swarm and
obtained the correct information.
However, after service is deployed, swarm executor
does not pass the IPAM options to the backend (daemon).
Also after service is deployed, `network inspect` is
actually querying the local daemon for information.
At this time the network information with missing IPAM
options is returned.

This fix fixes the issue by updating the swarm network
allocator and swarm executor.

A separate PR for swarmkit will be opened.

An integration test has been added to cover the change.

This fix fixes 29044.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 4d958e99c1)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:26:30 -08:00
Misty Stanley-Jones
09296e053d Edits to plugin upgrade warning
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
(cherry picked from commit 66cbb5a552)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:26:12 -08:00
Lajos Papp
1f4dc1158c Note about potential plugin issue when upgrading
Fixes: #29172
Fixes: https://github.com/docker/for-mac/issues/1000

Signed-off-by: Lajos Papp <lalyos@yahoo.com>
Signed-off-by: lalyos <lalyos@yahoo.com>
(cherry picked from commit acd847cd56)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:26:06 -08:00
Andrea Luzzardi
99eb943186 service ps: Revert output to 1.12 behavior.
- Display the ID column
- Do not append the task ID in the name column
- (NEW): Truncate task IDs, unless --no-trunc is specified

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
(cherry picked from commit bbd2018ee1)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:25:44 -08:00
Victor Vieux
d8e435ab6c remove old media type compat for plugins
Signed-off-by: Victor Vieux <vieux@docker.com>
(cherry picked from commit f644e758bd)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:25:27 -08:00
John Howard
09cd31b128 Windows: Fix crash in docker system prune
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit e5900ee9bf)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:25:01 -08:00
Harald Albers
85ae13f6d0 Add bash completion for docker inspect --type plugin
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 81b4b2b5fa)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:24:42 -08:00
Qinglan Peng
fcb58702bc fix some broken contents links
Signed-off-by: Qinglan Peng <qinglanpeng@zju.edu.cn>

fix-contents-links

Signed-off-by: Qinglan Peng <qinglanpeng@zju.edu.cn>
(cherry picked from commit bac792c163)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:24:22 -08:00
Kei Ohmura
cc855179cf docs: fix description of docker swarm update --help
Signed-off-by: Kei Ohmura <ohmura.kei@gmail.com>
(cherry picked from commit 2f0e00f587)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:24:03 -08:00
Kei Ohmura
9a6c5e14be docs: fix description of docker swarm join --help
Signed-off-by: Kei Ohmura <ohmura.kei@gmail.com>
(cherry picked from commit 77dd8474a7)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:23:57 -08:00
Martin Honermeyer
0d575d1304 Fix link to volume label support in changelog
Signed-off-by: Martin Honermeyer <maze@strahlungsfrei.de>
(cherry picked from commit bb06e138e4)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:23:37 -08:00
Steve Durrheimer
508d06752d Add zsh completion for 'docker inspect --type=plugin' and other missing ones
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit 2bdffc1fb5)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:22:44 -08:00
lixiaobing10051267
159f4f14d7 replace env description with args in extend config
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
(cherry picked from commit abdc031aea)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-12 13:22:24 -08:00
Victor Vieux
de5fba3833 Merge pull request #29333 from sanimej/libn_bump_1.13.x
Update libnetwork to 4df06c4
2016-12-12 13:16:51 -08:00
Santhosh Manohar
4b7bef26c5 Update libnetwork to 4df06c4
This fixes docker #28931, #28172, #28969

Signed-off-by: Santhosh Manohar <santhosh@docker.com>
2016-12-12 11:40:14 -08:00
Brian Goff
cd7fea22f4 Merge pull request #29294 from yongtang/1.13.x
[1.13.x] Update vendored swarmkit to b5f07ce49c66d2f5feee83998b23d4c905b78155
2016-12-12 11:46:50 -05:00
Yong Tang
30b458a28c [1.13.x] Update vendored swarmkit to b5f07ce49c66d2f5feee83998b23d4c905b78155
This fix update swarmkit to b5f07ce49c66d2f5feee83998b23d4c905b78155

The following changes have been included:
- Fix missing IPAM options in swarm network mode (docker/swarmkit#1789)

The above PR is related to docker PR #29074 and docker issue #29044.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-12-10 04:02:22 -08:00
Yong Tang
870beb70fb xFix issue for --hostname when running in "--net=host"
This fix tries to address the issue raised in 29129 where
"--hostname" not working when running in "--net=host" for
`docker run`.

The fix fixes the issue by not resetting the `container.Config.Hostname`
if the `Hostname` has already been assigned through `--hostname`.

An integration test has been added to cover the changes.

This fix fixes 29129.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit b0a7b0120f)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:42:16 -08:00
Doug Davis
64aac182d6 Fix processing of unset build-args during build
This reverts 26103.  26103 was trying to make it so that if someone did:
  docker build --build-arg FOO .
and FOO wasn't set as an env var then it would pick-up FOO from the
Dockerfile's ARG cmd.  However, it went too far and removed the ability
to specify a build arg w/o any value. Meaning it required the --build-arg
param to always be in the form "name=value", and not just "name".

This PR does the right fix - it allows just "name" and it'll grab the value
from the env vars if set. If "name" isn't set in the env then it still needs
to send "name" to the server so that a warning can be printed about an
unused --build-arg. And this is why buildArgs in the options is now a
*string instead of just a string - 'nil' == mentioned but no value.

Closes #29084

Signed-off-by: Doug Davis <dug@us.ibm.com>
(cherry picked from commit cdb8ea90b0)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:24:00 -08:00
Jake Sanders
4fba52a2f7 Add registry-specific credential helper support
Signed-off-by: Jake Sanders <jsand@google.com>
(cherry picked from commit 07c4b4124b)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:23:58 -08:00
John Howard
b18516e6ac Windows: make.ps1 fix DCO check
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit e538c1fdca)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:20:25 -08:00
Michael Friis
6e08e2edcf remove bonus whitespace
Signed-off-by: Michael Friis <friism@gmail.com>
(cherry picked from commit 8d47858f96)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:20:00 -08:00
Sebastiaan van Stijn
c027e4a861 remove unsupported distros from install script
The install script currently includes some
distros that we don't actually have packages
for.

For these distros, the script currently
performs step to install Docker from
the distro's repository.

This patch removes those distros from
the install script, because we have no
control over these packages, and cannot
provide support for them.

Installing docker anyway will give the
false impression that they installed
a package from our repository (but they
didn't), and that they need to contact
us for support.

It's better to tell people that we don't
install in that case, and refer them to
the installation documentation, or the
documentation of their distro.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 29b98b6ee6)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:17:25 -08:00
Anusha Ragunathan
1c858abc96 Fix race in setting plugin refcounts.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 4c088d1e2e)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:16:26 -08:00
Tibor Vass
3a571b72fd plugins: container-rootfs-relative paths
Legacy plugins expect host-relative paths (such as for Volume.Mount).
However, a containerized plugin cannot respond with a host-relative
path. Therefore, this commit modifies new volume plugins' paths in Mount
and List to prepend the container's rootfs path.

This introduces a new PropagatedMount field in the Plugin Config.
When it is set for volume plugins, RootfsPropagation is set to rshared
and the path specified by PropagatedMount is bind-mounted with rshared
prior to launching the container. This is so that the daemon code can
access the paths returned by the plugin from the host mount namespace.

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit c54b717caf)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:16:04 -08:00
Qinglan Peng
aa22b96457 fix some version information
Signed-off-by: Qinglan Peng <qinglanpeng@zju.edu.cn>
(cherry picked from commit aa26364ce1)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:15:08 -08:00
lixiaobing10051267
d842cf6db6 add SCOPE field content for docker network ls
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>

(cherry picked from commit 170fcead7e)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:14:27 -08:00
Anusha Ragunathan
213ee20706 Make v2/Plugin accesses safe.
v2/Plugin struct had fields that were
- purely used by the manager.
- unsafely exposed without proper locking.
This change fixes this, by moving relevant fields to the manager as well
as making remaining fields as private and providing proper accessors for
them.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit b35490a8ba)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:13:13 -08:00
Evan Hazlett
f081b22a4a add headers when using exec
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

ensure headers are properly sanitized

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
(cherry picked from commit f86db80b5f)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:12:09 -08:00
Ian Campbell
c84f43d63f Caution against the use of CONFIG_LEGACY_VSYSCALL_NATIVE
It provides an ASLR-bypassing target with usable ROP gadgets.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
(cherry picked from commit 49dcce7ba0)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:11:46 -08:00
Xianglin Gao
be7d576f5d fix apparmor load profile
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
(cherry picked from commit 2ab8f2e389)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:10:58 -08:00
Derek McGowan
cca0132fcf Add class to repository scope
Expose registry error translation for plugin distribution

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit a12b466183)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:10:29 -08:00
Derek McGowan
9ecbaa77ae Update vendor distribution
Distribution client change for class in resource

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit d1f5e0f7a6)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-09 14:10:23 -08:00
Victor Vieux
edd9c522b7 Merge pull request #29232 from aaronlehmann/vendor-swarmkit-999addf
[1.13] Update vendored swarmkit to 999addf
2016-12-09 13:51:32 -08:00
Aaron Lehmann
aca0bdab13 Update vendored swarmkit to 999addf
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-12-07 17:59:31 -08:00
unclejack
674cf8233d api/types/container,client: gofmt
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
(cherry picked from commit c1ce63b17b)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:23:00 -08:00
yuexiao-wang
90a24f7bfd Optimize the log info for client test
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit 40b8ff6243)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:22:57 -08:00
Antonio Murdaca
6c8bd56007 hack/make.sh: fix BUILDTIME
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
(cherry picked from commit 7b1f77dcbc)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:20:38 -08:00
Steve Durrheimer
78f2dc90bf Add zsh completion for 'docker network create --attachable'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit bce11a29f8)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:17:33 -08:00
lixiaobing10051267
52b88ccc23 modify URLs for bind docker in docs/api
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
(cherry picked from commit 9c76fb253e)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:17:14 -08:00
Lei Jitang
c9ec321e56 fix #29199, reset container if container start failed
Signed-off-by: Lei Jitang <leijitang@huawei.com>
(cherry picked from commit e806821b53)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:16:55 -08:00
Yong Tang
bec385cff0 Fix docker inspect <unkown object> issue on Windows
This fix tries to address the issue raised on 29185 where
`docker inspect <unknown object>` on Windows will return:
```
Error response from daemon: plugins are not supported on this platform
```

The reason was that in case `--type` is not specified, `docker inspect`
will iterate through different types `container`, `image`, `network`,
`plugin` etc. The `plugin` object is the last type to check.

However, as `plugin` is not supported on Windows yet, the error message
is not very informative for `plugins are not supported on this platform`.

This fix tries to fix the issue by return a `not found` error on unsupported
platforms as well.

An integration test has been added to cover the changes for Windows/Linux.

This fix fixes 29185.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 88fcdb0a82)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:16:34 -08:00
Harald Albers
0383913b65 Add bash completion for docker network create --attachable
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 8d2e789bbc)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:16:09 -08:00
allencloud
51b83ae8fb add 403 for endpoint network create
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 0d21e24b9f)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:15:45 -08:00
John Howard
ad794bba5b Windows: Dockerfile 2GB clarification Hyper-V
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit f7b4d65445)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:15:24 -08:00
John Howard
540758ee99 Windows: make.ps1 Throw exception on failure
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 8c22a00b77)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:15:01 -08:00
Vincent Demeester
0f2364f73c Handle logging in compose to swarm
Logging configuration was completely ignore when deploy a compose file
to swarm. This fixes it.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 806cc1e0f8)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:14:20 -08:00
Harald Albers
6ce7fb23f5 Add bash completion for docker version --format
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 3d43c48c1b)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:13:12 -08:00
Harald Albers
fd7aee8fe0 Fix bash completion for `docker service create|update
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit be5685e4bf)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:12:50 -08:00
Harald Albers
e0d8cfaa7d Add bash completion for secret management
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 324dd3cfec)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:12:29 -08:00
Arash Deshmeh
62fdac59bd Print checkpoint id when creating a checkpoint
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
(cherry picked from commit f1df2d5a2e)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:11:43 -08:00
erxian
487fad2a2c refine api swagger.yaml towards image create status code
Signed-off-by: erxian <evelynhsu21@gmail.com>
(cherry picked from commit 15be050fb3)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:11:20 -08:00
Akihiro Suda
e26de82e54 improve TestServiceLogs for the goroutine issue #28915
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit f8a93d0c9d)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:10:56 -08:00
Victor Vieux
8bed67c368 update docs
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
(cherry picked from commit 30db51c169)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:10:31 -08:00
Victor Vieux
728296b9ea refactor plugin install
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
(cherry picked from commit fa3b61a28f)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:10:24 -08:00
Yong Tang
696130c949 Fix issue where secret ID is masked by name
This fix tries to address the issue in 28884 where
it is possible to mask the secret ID by name.

The reason was that searching a secret is based on name.
However, searching a secret should be done based on:
- Full ID
- Full Name
- Partial ID (prefix)

This fix addresses the issue by changing related implementation
in `getCliRequestedSecretIDs()`

An integration test has been added to cover the changes.

This fix fixes 28884

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 3638ca4d14)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:09:46 -08:00
Yong Tang
d1d6357beb Convert DanglingOnly to Filters for docker image prune
This fix convert DanglingOnly in ImagesPruneConfig to Filters,
so that it is possible to maintain API compatibility in the future.

Several integration tests have been added to cover changes.

This fix is related to 28497.

A follow up to this PR will be done once this PR is merged.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit a6be56b54e)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-12-07 16:08:18 -08:00
Andrew Hsu
4d92237de1 run dnf upgrade before installing in fedora
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
(cherry picked from commit ebd804bfb6)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-05 10:13:02 -08:00
Victor Vieux
c0522e349a bump version to 1.13.0-rc3
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-05 02:30:49 -08:00
Victor Vieux
3ac2991ff8 Merge pull request #29094 from vieux/1.13.0-rc3-cherrypicks
1.13.0-rc3 cherry-picks: part3
2016-12-05 02:29:24 -08:00
allencloud
69f3cb179e add missing status code in api docs
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 9a1f7b6b0b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-05 00:42:55 -08:00
Chris Gavin
1b195847f4 Fix a spelling mistake in the docs.
Signed-off-by: Chris Gavin <chris@chrisgavin.me>
(cherry picked from commit 35c82f422d)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-05 00:41:35 -08:00
Vincent Demeester
877c2b5ac0 Revert "Fix dockerfile parser with empty line after escape"
This reverts commit 3e1b539e8d.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 6e0666e622)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-05 00:41:03 -08:00
Vincent Demeester
1b310cd47c Remove hostname validation as it seems to break users
Validation is still done by swarmkit on the service side.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit ef39256dfb)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-05 00:40:19 -08:00
Yong Tang
3891c1f376 Support plugins in docker inspect
This fix tries to address the proposal raised in 28946
to support plugins in `docker inspect`.

The command `docker inspect` already supports
"container", "image", "node", "network", "service", "volume", "task".
However, `--type plugin` is not supported yet at the moment.

This fix address this issue by adding the support of `--type plugin`
for `docker inspect`.

An additional integration test has been added to cover the changes.

This fix fixes 28946.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 90bb2cdb9f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-05 00:39:30 -08:00
Yong Tang
c015a2a1a6 Add ID field for docker plugin ls
This fix tries to address the enhancement proposed in 28708 to display
ID field for the output of `docker plugin ls`.

This fix add `ID` field to the output of `docker plugin ls`

Related docs has been updated.

This fix fixes 28708.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 8a226ed643)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-05 00:38:57 -08:00
Brian Goff
2aed732d3a Fix out-of-band vol delete+create for same driver
Fix issue where out-of-band deletions and then a `docker volume create`
on the same driver caused volume to not be re-created in the driver but
return as created since it was stored in the cache.

Previous fix only worked if the driver names did not match.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit d8ce4a6e10)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-02 16:54:15 -08:00
John Howard
e509501437 Windows: make.ps1 and Dockerfile for native builds
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 155435b6ce)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-02 16:54:05 -08:00
Victor Vieux
e81d02e4cd Merge pull request #29002 from vieux/1.13.0-rc3-cherrypicks
1.13.0-rc3 cherry-picks: part2
2016-12-02 16:51:49 -08:00
Daniel Nephin
8f961397f4 Fix swagger-gen validation.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit f247a99c6d)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-02 13:44:34 -08:00
Misty Stanley-Jones
7ec079dbfd Fix instances of doubled words
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
(cherry picked from commit 379e9259cf)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-02 13:43:55 -08:00
Brian Goff
c49078c78d Fix issue where TmpfsOptions are not sent to swarm
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit a5b3649bfa)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-02 13:43:02 -08:00
Ben Firshman
94f3ccc31e Use singular tag names in swagger.yaml
This is required to make the type generation put things in the
correct directory, but unfortunately makes the names in the
documentation menu look a bit crap.

I think the best solution would be to add a `x-display-name`
extension to tags to determine how the tags show up in the menu,
rather than it depend on the name of the tag. I shall do this in
a follow-up PR - for now, let's fix the breakage.

Fixes #29045

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit 30a9249e15)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-02 13:42:15 -08:00
Harald Albers
f1ea64fa07 Add bash completion for experimental docker deploy
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 10f567ec6a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-02 13:41:43 -08:00
Harald Albers
64b41aa52a Allow selective activation of experimental features in bash completion
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit af84b7e441)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-02 13:41:36 -08:00
Sebastiaan van Stijn
6df19c209f pin go-swagger 0.7.4
This pins the version of go-swagger used, because
the results generated by different versions
can differ quite a bit (tested between 0.7.2 - 0.7.4),
and can cause CI / validation to fail.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ba20c3e65e)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-02 13:41:10 -08:00
Sebastiaan van Stijn
ecf889816c Fix restartpolicy max-retry validation
the restart policy validation was moved from
the client to the daemon in 94e95e4711

As part of that change, retry-counts < 1
were marked as "invalid".

However, the default is 0 (unlimited), causing

    docker run -d --restart=on-failure nginx

To fail.

This changes the validation to only invalidate
retry-counts < 0.

A test was added, and other tests renamed
to allow running just these tests :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9db5d649ae)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-02 13:40:40 -08:00
John Howard
018f19f8c9 Windows: Factor out sqlite
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 3f6127b173)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-02 13:40:06 -08:00
Yong Tang
3477da0cdb Allow docker plugin inspect to search based on ID or name
This fix tries to address the issue raised in discussion of
PR 28735 where it was not possible to manage plugin based on
plugin ID. Previously it was not possible to invoke
`docker plugin inspect` with a plugin ID (or ID prefix).

This fix updates the implementation of `docker plugin inspect`
so that it is possbile to search based on a plugin name, or a
plugin ID. A short format of plugin ID (prefix) is also possible,
as long as there is no ambiguity.

Previously the check of `docker plugin inspect` was mostly done
on the client side. This could potentially cause inconsistency
between API and CMD. This fix move all the checks to daemon side
so that API and CMD will be consistent.

An integration test has been added to cover the changes.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 0ce6e070f7)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-02 13:39:37 -08:00
Tõnis Tiigi
90c3c389c4 Merge pull request #28999 from mavenugo/1.13.0-rc3-ln
Cherry-picking #28975 to 1.13.x
2016-12-02 13:25:43 -08:00
Alexander Morozov
6ad8328cb8 Merge pull request #29049 from aaronlehmann/vendor-swarmkit-1.13.0
[1.13] Vendor swarmkit
2016-12-02 13:06:34 -08:00
Aaron Lehmann
df71cee489 Vendor swarmkit
Update swarmkit to 522d951f733c821cdc33cccca6127c15a2b6de38, from the
bump_v1.13.0 branch.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-12-01 18:42:24 -08:00
lixiaobing10051267
12aa5ea8b1 rectify several wrong URLs in branch of man
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
(cherry picked from commit 576780369f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-01 13:41:17 -08:00
Lei Jitang
32e0ea346b Fix docker restart panic on machine ungracefully shutdown
Machine ungracefully shutdown leaves a lot of container has a
Running=true state.

```
$ cat config.v2.json | jq .

    "Running": true,
    "Paused": false,
    "Restarting": false,

```

And the next docker start will fail with panic.

```

time="2016-12-01T01:54:45.086446715-05:00" level=warning msg="libcontainerd: client is out of sync, restore was called on a fully synced container (49f41ad5ca0be860622d9190673b5816d012022fb2c1794560ec4851e7cfec6a)."
time="2016-12-01T01:54:45.087046004-05:00" level=warning msg="libcontainerd: failed to retrieve container 49f41ad5ca0be860622d9190673b5816d012022fb2c1794560ec4851e7cfec6a state: rpc error: code = 2 desc = containerd: container not found"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x5db7f3]

goroutine 57 [running]:
panic(0x16a8e60, 0xc420010130)
        /usr/local/go/src/runtime/panic.go:500 +0x1a1
github.com/docker/docker/libcontainerd.(*client).Restore(0xc4202e1a40, 0xc420415000, 0x40, 0xc42015a0b0, 0x0, 0x0, 0x0, 0x0, 0x0)
        /go/src/github.com/docker/docker/libcontainerd/client_linux.go:457 +0x553
github.com/docker/docker/daemon.(*Daemon).restore.func1(0xc4201c46f0, 0xc4202581e0, 0xc4201c46e8, 0xc42047bfb0, 0xc42047bf80, 0xc42047bf50, 0xc42024ba10, 0xc420512c00)
        /go/src/github.com/docker/docker/daemon/daemon.go:205 +0x198
created by github.com/docker/docker/daemon.(*Daemon).restore
        /go/src/github.com/docker/docker/daemon/daemon.go:260 +0x7bb

```

Signed-off-by: Lei Jitang <leijitang@huawei.com>
(cherry picked from commit 267422e4d0)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-01 13:40:44 -08:00
yuexiao-wang
68b88c8749 Fix the use for secret create
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit 5cef55ba91)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-01 13:40:14 -08:00
Darren Stahl
c31df2f3de Stop retrying pull on UnkownBlob error
Signed-off-by: Darren Stahl <darst@microsoft.com>
(cherry picked from commit dee2968560)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-01 13:39:35 -08:00
yuexiao-wang
f687616995 Fix the inconsistency for docker secret
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit b4306588e9)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-12-01 13:39:06 -08:00
Ben Firshman
766e6ab07f Make swagger.yaml operationIds consistent
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit bf6a790f00)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:25:52 -08:00
Ben Firshman
fba707ee1f Make docs URLs in swagger.yaml absolute
This makes the swagger.yaml useful outside of the documentation.
For background:
https://github.com/docker/docker.github.io/pull/606#issuecomment-261389645

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit 54051b18a1)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:25:40 -08:00
Ben Firshman
76f4793290 Improve tags in swagger.yaml
- Consistent naming (plural, etc)
- Add section descriptions
- Add docs in swagger.yaml about how to maintain them

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit 2aea9ad56b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:24:09 -08:00
Ben Firshman
0e1721f09f Add intro to swagger.yaml to explain what it's for
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit be52738a2c)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:24:04 -08:00
Ben Firshman
2d0a198eb8 Fix headings in old API docs
Jekyll automatically adds titles based on the title of the page,
so this was causing duplicate titles.

Also, made all the headings the correct level.

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit d9b109b807)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:23:59 -08:00
Akihiro Suda
783e1a94b5 cli: remove --mount from docker run
This commit reverts 273eeb813c (#26825).
For the discussion so far, please refer to #28527.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit e6d9b7de64)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:22:43 -08:00
Brian Goff
bb55c05ec1 Move plugin shutdown after layerstore shtudown
This ensures that graphdriver plugins can properly cleanup on daemon
exit.
Also prevents errors during shutdown when it tries to send the plugin a
`Cleanup()` request but ultimately times out since it's already been
shutdown.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 4b400ecc4d)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:19:24 -08:00
chchliang
6c466eadb7 don't spell error
Signed-off-by: chchliang <chen.chuanliang@zte.com.cn>
(cherry picked from commit 167f2f3f1b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:19:22 -08:00
lixiaobing10051267
f5c429bea2 modify some urls related to reference path
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
(cherry picked from commit b069690827)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:15:19 -08:00
Aaron Lehmann
1638b8f5c5 distribution: Fix panic on push
When building a manifest during a push operation, all layers must have
an associated descriptor. If a layer is missing a descriptor, that leads
to a panic.

A break inside a switch in layerAlreadyExists meant to break from the
loop surrounding the switch, but instead breaks from the switch. This
causes the loop to continue, and can overwrite the descriptor with an
empty one, leading to the panic.

Also, fix layerAlreadyExists not to abort the push when a speculative
stat on a candidate layer digest fails with an error. This could happen
in situations like a potential cross-repository mount where the user
does not have permission to access the source repository.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit e0702e9f37)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:14:42 -08:00
Harald Albers
7c081219ac Add more types to bash completion of docker inspect
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 1076f0882b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:13:51 -08:00
Christopher Jones
d55b0802cf [ppc64le] allow replacing httpredir in dockerfile
Allows replacing of the default httpredir.debian.org in /etc/apt/sources.list
with a user-specified mirror. This will (hopefully) fix CI apt issues.

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
(cherry picked from commit 150a519a0b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:13:18 -08:00
Lei Jitang
d9329742d0 Fix docker save with empty timestamp of layer created time
Signed-off-by: Lei Jitang <leijitang@huawei.com>
(cherry picked from commit e0b2c0af4d)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:12:52 -08:00
erxian
375e970991 correct the http return code of secret remove
Signed-off-by: erxian <evelynhsu21@gmail.com>
(cherry picked from commit 21768933fb)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:12:22 -08:00
Aaron Lehmann
30e5e0a781 Don't resolve or pull images referenced by ID
If a swarm service is created using an image ID, it's useless to try to
pull this reference or resolve it to a manifest digest. Avoid doing this
when a fully qualified image ID is given.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 089842c4b4)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:11:43 -08:00
Vincent Demeester
50bcdc9de2 Revert "Add bash completion for docker service ps --all"
This reverts commit 188d2fac57.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit cee0fff9fe)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:11:08 -08:00
Vincent Demeester
f8b981574c Revert "Add -a option to service/node ps"
This reverts commit 139fff2bf0.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit eb55d03f3c)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:11:02 -08:00
Vincent Demeester
4609c728e3 stack deploy: handle external network when deploying
If the network is marked as external, don't use the namespace on
it. Otherwise, it's not found.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 6fff845409)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:10:29 -08:00
Steve Durrheimer
5764fbb878 Add zsh completion for 'docker stack' subcommand
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit 1e0c612f84)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:10:02 -08:00
Lei Jitang
ee7d498364 Change Error log to Warning when close stdin fail
Signed-off-by: Lei Jitang <leijitang@huawei.com>
(cherry picked from commit 37db022045)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:09:26 -08:00
Lei Jitang
79f153f49e Ignore "failed to close stdin" if container or process not found
Signed-off-by: Lei Jitang <leijitang@huawei.com>
(cherry picked from commit 9aedaf5b3a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:09:19 -08:00
Yanqiang Miao
bf711ea00e Fix a error of the function 'CopyMessage' in 'daemon/logger/logger.go'
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>

add a test for 'CopyMessage'

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>

update

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
(cherry picked from commit 3b82eac65f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:08:05 -08:00
Sebastiaan van Stijn
f5df634db7 Add some adjectives to the namesgenerator
Because .. `hardcore_hamilton` and `inspiring_murdock`

https://twitter.com/swiftonsecurity/status/801195049165799424

Also replacing adjectives that could be interpreted as
refering to body size, (mental) health, intoxication.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 169b4d92a1)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:07:37 -08:00
Kenfe-Mickael Laventure
5e5d02b9f5 Fix race with containerd events stream on restore
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit 9fff9bb761)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:06:59 -08:00
Harald Albers
51f1980e30 Add bash completion for docker stack
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 16494a81f9)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:06:29 -08:00
John Howard
68cfaf216d Windows: Builder case insensitive env
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 49f392ff6b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:05:48 -08:00
Brian Goff
0dd3ae8ed0 Move stack dump dir to exec root
Dump stack dumps to exec root instead of daemon root.
When no path is provided to the stack dumper, such is the case with
SIGQUIT, dump to stderr.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 0bd720b28d)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-30 14:02:24 -08:00
Madhu Venugopal
1f289dc411 Vendoring libnetwork to address some concurrency issues
Addresses #28697, #28845, #28712, #26111

Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 8f082e418b)
2016-11-30 13:28:21 -08:00
Vincent Demeester
005a5428ee Merge pull request #28774 from vieux/1.13.0-rc3-cherrypicks
1.13.0-rc3 cherry-picks
2016-11-30 07:36:53 +01:00
Yanqiang Miao
b4567db876 Fix some format errors
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>

update

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
(cherry picked from commit 71f1205269)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:15:02 -08:00
allencloud
1b187660c2 change secret remove logic in cli
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 5b93e77138)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:14:36 -08:00
Aaron Lehmann
0669e372d2 cluster: Refuse swarm spec not named "default"
If, using the API, a user submits an init request with a spec that has a
name other than "default", the engine will rename the "default" cluster
object. Some parts of swarmkit depend on having a cluster object named
"default". Reject any specs that use other names.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 9dba9e3248)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:14:06 -08:00
John Howard
a40ae77529 WORKDIR set cmd
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 1b97bb416b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:13:40 -08:00
Misty Stanley-Jones
7c030bbd76 Document publishing a UDP port
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
(cherry picked from commit 2178c840ba)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:13:15 -08:00
Josh Hawn
98132f7db9 Reject unspecified advertise addr on swarm init
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)

(cherry picked from commit eeac871946)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:12:45 -08:00
Daniel Nephin
a8c2248e6f Use namespace label on stack volumes.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 4013a7c6d8)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:12:10 -08:00
Victor Vieux
97b0fd9fe3 update plugin example
Signed-off-by: Victor Vieux <victorvieux@gmail.com>

cleanup whitespace formatting

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d73f73b365)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:11:14 -08:00
Vincent Demeester
936499e1ff Fixes ImageList to be retro-compatible with older API
Make sure current client code can talk for ImageList can still talk to
older daemon.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit c6e31454ba)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:10:44 -08:00
Anusha Ragunathan
8c56588d04 Fix issue with plugin exit.
A plugin has an `ExitChan` channel which is used to signal the exit of
the plugin process. In a recent change, the initialization was
incorrectly moved to the daemon Shutdown path.

Fix this by initializing the channel during plugin enable.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 890a98ceed)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:10:10 -08:00
Anusha Ragunathan
e3d03adc25 On plugin pull errors, delete created dirs.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 9e4234261c)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:09:33 -08:00
yuexiao-wang
90dab0778c Modify the link for config.json
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit 4e970c1e5a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:09:07 -08:00
John Howard
b998f95014 Windows: Note about volumes in run
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit b9e65f40cf)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:08:07 -08:00
John Howard
7c74809fe9 Align output of docker version again
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit dfeaf7a959)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:07:39 -08:00
William Henry
0f5d85371a Added and example of using --format with docker images
Docker-DCO-1.1-Signed-off-by: William Henry <whenry@redhat.com> (github: ipbabble)

Signed-off-by: William Henry <whenry@redhat.com>
(cherry picked from commit 798c00a7ee)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:07:00 -08:00
Dong Chen
bee66467cd Fix network attachable option.
Signed-off-by: Dong Chen <dongluo.chen@docker.com>
(cherry picked from commit abcb699ad1)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:06:31 -08:00
Yong Tang
d0fb24d853 Fix issue caused by duplicate docker plugin create with same names
This fix tries to fix the issue raised in 28684:
1. Duplicate plugin create with the same name will override the old plugin reference
2. In case an error happens in the middle of the plugin creation, plugin directories
   in `/var/lib/docker/plugins` are not cleaned up.

This fix update the plugin store so that `Add()` will return an error if a plugin
with the same name already exist.

This fix also will clean up the directory in `/var/lib/docker/plugins` in case
an error happens in the middle of the plugin creation.

This fix fixes 28684.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 662d456928)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-29 14:06:04 -08:00
Misty Stanley-Jones
4a0b7b215e Fix copypaste error 'is-automated'
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
(cherry picked from commit 2333657e1b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:30:34 -08:00
Misty Stanley-Jones
bdde4d3be5 Fix some redirect loops and problems
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
(cherry picked from commit a1f55dca21)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:30:02 -08:00
Vincent Demeester
568a0a83a9 Remove docker stack config commandline reference doc
`docker stack config` command does not exists anymore, removing it
from the command reference documentation.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 3f98871a19)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:29:32 -08:00
Kei Ohmura
a903471bfc fix more according to the actual output of 'docker swarm init --help'
Signed-off-by: Kei Ohmura <ohmura.kei@gmail.com>
(cherry picked from commit 4a3207de5b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:28:57 -08:00
Kei Ohmura
76d2619406 fix description of 'docker swarm init'
Signed-off-by: Kei Ohmura <ohmura.kei@gmail.com>
(cherry picked from commit 3abee1bf8a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:28:52 -08:00
Harald Albers
e0654b40b7 Add bash completion for docker service {create,update} host options
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit f3b7f40aaf)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:28:17 -08:00
Harald Albers
555f65587e Add aliases and options to docker stack ls docs
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 8260366dd2)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:27:39 -08:00
Yanqiang Miao
25cb6a829b Fix a description of 'docker run [-a]'
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
(cherry picked from commit 08ff4f427e)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:27:07 -08:00
Steve Durrheimer
877207946a Add zsh completion for 'docker service update --hostname'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit b23fbc3fbd)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:26:36 -08:00
Justin Cormack
0e386515c8 Fix grammar on error message
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit cd5c8e9c2d)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:26:08 -08:00
Harald Albers
7d7af6ad14 Add bash completion for docker service update --hostname
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 9d98d6d8cb)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:25:39 -08:00
lixiaobing10051267
6622465645 modify invalid url in plugins_network.md
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>

(cherry picked from commit fc7c235f84)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:24:33 -08:00
yuexiao-wang
bfbb2fdee9 Modify reponame to PLUGIN and fix some typos
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit c394034f59)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:23:58 -08:00
Yanqiang Miao
663ca540ea Fix some syntax error
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
(cherry picked from commit 18724726c2)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:23:28 -08:00
Daniel Nephin
4b230af83f Add a short flag for docker stack deploy
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit f1dd721b69)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:22:59 -08:00
Ben Firshman
99e1814731 Improve error when connecting service to network
The error didn't hint at how to resolve it. Google auto-suggest
also implies that people have been Googling this error.

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit 70acb89fa2)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:22:22 -08:00
Ian Campbell
3d27cb3d6f Check for LEGACY_VSYSCALL_* options
Chosing LEGACY_VSYSCALL_NONE (over NATIVE or EMULATE) will mean that binaries
using eglibc <= 2.13 will not run (segfault).

Fixes #28705.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
(cherry picked from commit 163db04452)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:21:53 -08:00
yuexiao-wang
05a75a567a Add options for docker plugin enable and fix some typos
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
(cherry picked from commit 9e414bfa6b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:21:20 -08:00
Yong Tang
a2c9e625e6 Update docs of docker network ls --filter
Currently the help output of `docker network ls --filter` is:
```
Options:
  -f, --filter value   Provide filter values (i.e. 'dangling=true') (default [])
  ...
```
This caused confusion as only the following filters are supported at the moment:
 - `driver`
 - `type`
 - `name`
 - `id`
 - `label`

This fix update the help output of `docker network ls --filter` and `network_ls.md`.
The `dangling=true` description has been replace to:
```
Options:
  -f, --filter filter   Provide filter values (i.e. 'driver=bridge')
  ...
```

This fix fixes 28786.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 2510f254ee)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:19:34 -08:00
Victor Vieux
edbe73670a support src in --secret
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
(cherry picked from commit f70470b71e)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:19:02 -08:00
Daniel Nephin
234a8b9496 exit with status 1 if help is called on an invalid command.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit bb7601a3ff)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:18:28 -08:00
Yong Tang
86ae5d2895 Restrict checkpoint name to prevent directory traversal
This fix tries to address the issue raised in 28769 where
checkpoint name was not checked before passing to containerd.
As a result, it was possible to use a special checkpoint name
to get outside of the container's directory.

This fix add restriction `[a-zA-Z0-9][a-zA-Z0-9_.-]+` (`RestrictedNamePattern`).
This is the same as container name restriction.

This fix fixes 28769.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit c90ec05175)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:17:55 -08:00
Daniel Nephin
46cfeaf8ef Allow hostname to be updated on service.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 1c65cb6657)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:17:18 -08:00
erxian
d981bbc288 update secret command
Signed-off-by: erxian <evelynhsu21@gmail.com>
(cherry picked from commit d87c91e39f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:16:47 -08:00
Masayuki Morita
bc4219bd0c Fix broken markdown in CHANGELOG.md
Signed-off-by: Masayuki Morita <minamijoyo@gmail.com>
(cherry picked from commit 2ca39d27a6)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:16:13 -08:00
Daniel Nephin
f70e7f840b Better error message on stack deploy against not a swarm.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit c72daf953a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:15:40 -08:00
John Howard
35a87689e4 Windows: Case insensitive env vars
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit b2049a84de)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:15:09 -08:00
erxian
07fa269eee update the secret command docs
Signed-off-by: erxian <evelynhsu21@gmail.com>
(cherry picked from commit c22821014a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:14:36 -08:00
Harald Albers
46b8a5fb57 Add bash completion for plugin API
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit ecb707cb0f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:13:56 -08:00
dattatrayakumbhar04
fcc38c048c 28600: Docs: network connect for container in Created/Stopped state
Signed-off-by: dattatrayakumbhar04 <dattatraya.kumbhar@gslab.com>
(cherry picked from commit 16c9cdad6f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:13:20 -08:00
John Howard
c75eeb4b7c COPY file . after WORKDIR (now always created)
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 286ab6d69b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:12:45 -08:00
Vincent Demeester
10d2d8aefd Update docker info cli reference documentation
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit d28eaa1171)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-23 12:28:16 -08:00
Vincent Demeester
d4d4edec2e Update plugin enable cli reference documentation
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 43297dd6f8)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-23 12:27:46 -08:00
Vincent Demeester
833f3b3cf0 Fixes some integration-cli on userns
Mainly adding requirements on Network or NotUserNamespace to make it pass.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit eb5fe064cf)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-23 12:27:16 -08:00
Antonio Murdaca
bbfd3a518b daemon: remove not needed unmarshal
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
(cherry picked from commit 30b8712e93)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-23 12:27:11 -08:00
Harald Albers
3decd08d7a Move docker stack docs out of experimental
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit bb96e18b19)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-23 12:24:37 -08:00
Victor Vieux
1f9b3ef9e9 bump version to 1.13.0-rc2
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 21:23:23 -08:00
Victor Vieux
dba611d0f1 Merge pull request #28729 from aluzzardi/1.13.x-swarmkit-revendor-1109c363ce9d6400d42908ead944df4f7f788860
1.13.x: revendor swarmkit to 1109c363ce9d6400d42908ead944df4f7f788860
2016-11-22 20:34:10 -08:00
Andrea Luzzardi
2a80a863ca 1.13.x: revendor swarmkit to 1109c363ce9d6400d42908ead944df4f7f788860
Includes:
- https://github.com/docker/swarmkit/pull/1766
- https://github.com/docker/swarmkit/pull/1770

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2016-11-22 18:50:46 -08:00
Evan Hazlett
01807b785f update secret inspect to support IDs
This updates secret inspect to support inspect by ID in addition to name
as well as inspecting multiple secrets.  This also cleans up the
help text for consistency.

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
(cherry picked from commit 70d2cefd51)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 18:43:53 -08:00
yupeng
b82be871ab context.Context should be the first parameter of a function
Signed-off-by: yupeng <yu.peng36@zte.com.cn>
(cherry picked from commit aff5dacec1)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 18:43:29 -08:00
Darren Stahl
00fd466e00 Swap usage of LazyDLL and LoadDLL to LazySystemDLL.
Signed-off-by: Darren Stahl <darst@microsoft.com>
(cherry picked from commit 22c83c567f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 18:40:35 -08:00
John Howard
f9f8a94f42 Windows: Native autogen
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 64cc7677bf)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 18:40:19 -08:00
Sebastiaan van Stijn
f531a8f06b Use official fedora 25 image
Fedora 25 was released today, and the official
image will be available soon.

This removes the temporary override, so that
we can build using the official image.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 545a2f009e)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 18:39:58 -08:00
Victor Vieux
44fe761b35 Merge pull request #28674 from vieux/1.13.0-rc2-cherrypicks
1.13.0-rc2 cherry-picks : part 3
2016-11-22 18:39:06 -08:00
cyli
38b0c93954 Update docs to reflect no longer displaying secret digest or size.
Signed-off-by: cyli <cyli@twistedmatrix.com>
(cherry picked from commit fe127b7eae)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:54:55 -08:00
cyli
aa6211e153 Do not display the digest or size of swarm secrets
Signed-off-by: cyli <cyli@twistedmatrix.com>
(cherry picked from commit 2c0613540a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:54:50 -08:00
Ben Firshman
fad605e8c5 Add documentation for working on Engine API
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit 109c54c481)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:52:48 -08:00
Ben Firshman
8738566853 Update swagger.yaml with changes to API
Up to and including 673c5ee559

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit 44c50807c6)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:52:40 -08:00
Ben Firshman
f67b380325 Add version information to swagger.yaml
- Tidied up copy
- API version is now mandatory
- Links to previous API versions

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit c97f67dbab)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:51:14 -08:00
Ben Firshman
520e601dc2 Rename Remote API to Engine API
Implementation of https://github.com/docker/docker/issues/28319

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit f0d55cd081)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:49:58 -08:00
Ben Firshman
2ac34851ec Move API reference to new location
See: https://github.com/docker/docker.github.io/pull/606

Also:
- Add missing redirects to API reference pages
- Remove v1.25 and 1.26, because they are being replaced with
  swagger generated docs.
- Remove all other docs which aren't reference material, because
  this can live in docker/docker.github.io

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit 993854f58f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:48:38 -08:00
Jacob Tomlinson
a4aabe7286 Add concurrent uploads/downloads section
Document and link to the concurrent uploads/downloads daemon option.

Signed-off-by: Jacob Tomlinson <jacob@tom.linson.uk>
(cherry picked from commit b303381a4d)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:20:19 -08:00
Sebastiaan van Stijn
e8b27e7dc7 add note that windows does not support managed plugins
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f885463b58)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:19:48 -08:00
Antonio Murdaca
54518a214d hack/dockerfile/binaries-commits: use full commit hash for docker info
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
(cherry picked from commit fa15d5ed0f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:19:18 -08:00
yupeng
1053fdf27e error strings should not be capitalized or end with punctuation
Signed-off-by: yupeng <yu.peng36@zte.com.cn>
(cherry picked from commit fc11efa2db)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:18:49 -08:00
Andrea Luzzardi
43e6479fd4 service logs: Support no-follow mode
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
(cherry picked from commit c2d435e4f0)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:18:09 -08:00
Darren Stahl
af08f44640 Revendor go-winio to v0.3.7
Signed-off-by: Darren Stahl <darst@microsoft.com>
(cherry picked from commit 873a26697d)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:17:33 -08:00
Tibor Vass
faab09c1aa plugins: misc fixes
Rename variable to reflect manifest -> config renaming
Populate Description fields when computing privileges.
Refactor/reuse code from daemon/oci_linux.go

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 6547609870)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:16:39 -08:00
Tibor Vass
561f2b27cb plugins: support for devices
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 53b9b99e5c)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:16:33 -08:00
Tibor Vass
63277b0aff vendor go-connections to error out if unix socket path is too long
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit e2e7ab655f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:16:24 -08:00
Tibor Vass
8f66c5e731 plugins: fix some tests
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit a08ffa0e93)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:16:16 -08:00
Tibor Vass
a275ca2093 plugins: support for host networking
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 99124c055a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:16:10 -08:00
Tibor Vass
c28c63472a plugins: linux capabilities and device creation
In the plugin manifest, Capabilities has been moved to
Linux.Capabilities to avoid confusion with Interface.Types[i].Capability

A DeviceCreation boolean has also been added to the manifest. This could
be changed in the future to be specific to a major number.

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 9f239281b1)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:16:04 -08:00
Tibor Vass
fb3c3d7eea plugins: do not try to contact disabled plugin
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 84e58e2f89)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:15:58 -08:00
Darren Stahl
40a56f29e2 Ensure vmcompute.dll exists during daemon start
Signed-off-by: Darren Stahl <darst@microsoft.com>
(cherry picked from commit 000366f1a7)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:15:19 -08:00
Brian Goff
9e35dea991 Use container Mounts API for Swarm containers.
Instead of converting nicely typed service mounts into untyped `Binds`
when creating containers, use the new `Mounts` API which is a 1-1
mapping between service mounts and container mounts.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 821aeb6a6f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 16:13:28 -08:00
Victor Vieux
a65a2936ac Merge pull request #28676 from aboch/1.13.x-local
[1.13.x] Vendor libnetwork, netlink and libkv
2016-11-22 12:07:05 -08:00
Harald Albers
24628fd7a0 Fix typo in docs (Copmose)
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 2e12055687)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:27:57 -08:00
Vincent Demeester
9302b0f59c Update aanand/compose-file to a3e58764f50597b6217fec07e9bff7225c4a1719
This fixes services networks list to be ignored when loading.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 01b70a95c9)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:27:28 -08:00
Andrew Hsu
3168635120 skip solaris and allow dry run control points
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
(cherry picked from commit f60541069c)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:27:01 -08:00
Steve Durrheimer
f46b2fd604 Add zsh completion for 'docker image ls --filter reference'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit 15134b8d36)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:26:33 -08:00
Steve Durrheimer
702b03b6fc Add zsh completion for 'dockerd --userland-proxy-path'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit 97e1892922)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:26:03 -08:00
Tonis Tiigi
3f0aa9bceb Fix race on sending stdin close event
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 4e262f6387)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:25:33 -08:00
Kenfe-Mickael Laventure
3ab3f953d7 Add generate.sh for armhf deb Dockerfiles
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit 3b3cf87478)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:25:01 -08:00
Kenfe-Mickael Laventure
bab6bf1d5e Add support for armhf ubuntu-yakkety deb
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit b118056241)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:24:55 -08:00
Darren Stahl
8ebbeda5a8 Update hcsshim
Signed-off-by: Darren Stahl <darst@microsoft.com>
(cherry picked from commit baac0ef67f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:24:21 -08:00
Reficul
ca51b2bf2c fix incorrect ErrConnectFailed comparison
Signed-off-by: Reficul <xuzhenglun@gmail.com>
(cherry picked from commit d5dc9b8b1f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:23:49 -08:00
Anusha Ragunathan
0403addc5f Add HTTP client timeout.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 83ca993c15)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:23:20 -08:00
allencloud
abc0eea899 update secret create url for consistency
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 86d7682843)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:22:39 -08:00
Brian Goff
b4c0b07d89 Handle run --rm against older daemons on the cli
For previous versions of Docker, `--rm` was handled client side, as such
there was no support in the daemon for it.
Now it is handled daemon side, but we still need to handle the case of a
newer client talking to an older daemon.

Falls back to client-side removal when the daemon does not support it.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit f4bb8c51de)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:22:08 -08:00
Harald Albers
2d5f5287c3 Add bash completion for docker build --network
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit d48e70843f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:21:36 -08:00
Felix Ruess
41b92e6f36 build debian package for armhf ubuntu-xenial
Signed-off-by: Felix Ruess <felix.ruess@gmail.com>
(cherry picked from commit 015e83a8da)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:21:10 -08:00
Qiang Huang
8079cc8147 Add make deb support for aarch64
Fixes: #27045

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
(cherry picked from commit a532ff8cc3)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-22 11:20:32 -08:00
Sebastiaan van Stijn
309662d03f Merge pull request #28680 from cyli/1.13.0-rc2-swarmkit-reendor
Include swarmkik dek rotation fixes in re-vendor
2016-11-22 10:50:33 +01:00
Andrew Hsu
e285a304db allow replacing httpredir or deb mirror in jessie
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
(cherry picked from commit 060196ee4c)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 17:29:22 -08:00
Harald Albers
6f03b32968 Add bash completion for docker images --filter reference
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit e84d62f6cb)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 17:28:46 -08:00
Vincent Demeester
2fb6810841 Add documentation about templating support on…
… services creation/update.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 4571ad05db)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 17:28:06 -08:00
Sebastiaan van Stijn
7e2522ec9f Update service ps reference for "--no-trunc"
The "--no-trunc" option toggles between showing/hiding
digests.

This updates the reference to show this difference.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 90993640f0)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 17:26:38 -08:00
Daniel Nephin
95398c33cc Move docker stack out of experimental
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 6df5baf30f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 14:47:24 -08:00
Brian Goff
fcb64b6e08 re-vendor syslog log driver
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 00caf03132)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 14:46:48 -08:00
allencloud
2ecc8cd4bd judge manager if locked before parsing key
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 89100c162b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 14:46:22 -08:00
Evan Hazlett
bdc378e781 lint fixes
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
(cherry picked from commit eb036ea4db)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 14:45:45 -08:00
Evan Hazlett
01aab8baa3 do not force target type for secret references
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

use secret store interface instead of embedded secret data into container

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
(cherry picked from commit bebd472e40)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 14:45:39 -08:00
Antonio Murdaca
0a5732d1cf api: types: keep info.SecurityOptions a string slice
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
(cherry picked from commit 514ca09426)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 14:45:05 -08:00
Aaron Lehmann
2737519f9a cli: Add valid suffixes for remaining duration options
A recent PR added `(ns|us|ms|s|m|h)` to the descriptions of some
duration options, but not all. Add it to the remaining options for
consistency.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 32b12a28fc)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 14:44:33 -08:00
Alessandro Boch
5c684ba099 Vendoring libkv @1d84310
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-11-21 14:15:33 -08:00
cyli
ba9726350d Include swarmkik dek rotation fixes in re-vendor
Signed-off-by: cyli <cyli@twistedmatrix.com>
2016-11-21 16:43:55 -05:00
Vincent Demeester
05eb544ae2 Do not panic if network is nil
network is `nil` if the following case:

```
services:
  foo:
    image: nginx
    networks:
      mynetwork:
```

It's a valid compose so we should not panic.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 158388ef8d)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 13:23:24 -08:00
Vincent Demeester
040d4ebd58 Update cli reference for docker {,stack} deploy
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 88cdfc512b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 13:23:24 -08:00
Zhang Wei
db8991c957 Bugfix: set cli.manualOverride when env var not empty
If env var "DOCKER_API_VERSION" is specified by user, we'll set
`cli.manualOverride`, before this, this field is always true due to
wrong logic.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
(cherry picked from commit 4d54d30477)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 13:23:24 -08:00
zhukj
20f3c552e0 close the file
Signed-off-by: zhukj <zhu.kunjia@zte.com.cn>
(cherry picked from commit cf3ef262b1)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 13:23:23 -08:00
Harald Albers
a20820b05c Add bash completion for dockerd --userland-proxy-path
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 0d573a62f7)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 13:23:23 -08:00
Derek McGowan
68e99239d3 Update deprecation notes about v1 registry
Adds section about the hub deprecating the v1 protocol.
Adds note about intent to disable by default and remove support.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit c8f826f407)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 13:23:23 -08:00
bbayani
a47957d6f6 Clarify that ipmasq rules are not added when iptables is false
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
(cherry picked from commit db3f06fd97)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 13:23:23 -08:00
Nishant Totla
5b81d7e8b5 Suppressing digest for docker service ls/ps
Signed-off-by: Nishant Totla <nishanttotla@gmail.com>
(cherry picked from commit e7d83fdb9a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 13:23:23 -08:00
Yanqiang Miao
4acf6aa456 The type of 'ExportdPorts' should be 'nat.PortSet'
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
(cherry picked from commit c44c542d95)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 13:23:16 -08:00
Tom Denham
c707468415 Update tests to handle bug fix from libnetwork
Signed-off-by: Tom Denham <tom@tomdee.co.uk>
2016-11-21 13:21:02 -08:00
Alessandro Boch
a6e1ed7a51 Vendoring libnetwork @dd0ddde
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-11-21 13:20:57 -08:00
Tom Denham
2c832d7d66 Update netlink library (required for libnetwork)
Signed-off-by: Tom Denham <tom@tomdee.co.uk>
2016-11-21 11:58:37 -08:00
Vincent Demeester
f44e2dca56 Update compose-file to bc280351b9589b05c6da031d9f93c5c5d22db922
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit b0903c9db0)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 11:48:27 -08:00
Vincent Demeester
c8e2552827 Add support for healthcheck in composefile v3
`docker stack deploy` now supports a composefile v3 format that have a
healthcheck.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 3bd64de7a9)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 11:48:22 -08:00
Daniel Nephin
a0df810219 Default parallelism to 1.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 7c1b399235)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 11:48:16 -08:00
Boaz Shuster
c050ee1917 Return an empty stats if the container is restarting
In case, a container is restarting indefinitely running
"docker stats --no-stream <restarting_container>" is suspended.

To fix this, the daemon makes sure the container is either not
running or restarting if `--no-stream` is set to true and if so
returns an empty stats.

Should fix #27772.

Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
(cherry picked from commit 786a95493d)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-21 11:45:57 -08:00
Vincent Demeester
cbff9474d2 Merge pull request #28604 from aluzzardi/1.13-swarmkit-revendor
1.13.x: Re-vendor swarmkit to a2080913b9cf2cac309845a28902896d65d3f527
2016-11-21 15:09:35 +01:00
Brian Goff
f7ae8204cb Merge pull request #28489 from vieux/1.13.0-rc2-cherrypicks
1.13.0-rc2 cherry-picks : part 2
2016-11-20 10:43:55 -05:00
Sean McIntyre
2d632c34ce Add HostConfig.Tmpfs to docs for container creation remote API
Signed-off-by: Sean McIntyre <s.mcintyre@xverba.ca>
(cherry picked from commit 2c38d43eb5)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-19 23:52:14 -08:00
Victor Vieux
4edaaeb671 fix a few golint errors
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
(cherry picked from commit 9c559e6d0b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-19 23:50:06 -08:00
Brian Goff
d63582c131 Allow graphdriver plugins to use v2
Currently the plugin initialization is too late for a loaded v2 plugin
to be usable as a graph driver.

This moves the initialization up before we create the graph driver.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 020b051dfb)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-19 23:49:03 -08:00
Victor Vieux
e773e0e654 error on cli when trying to use experimental feature with non experimental daemon
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
(cherry picked from commit 98bb08fe38)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-19 23:48:19 -08:00
yupeng
fe8e347741 Fix the typo
Signed-off-by: yupeng <yu.peng36@zte.com.cn>
(cherry picked from commit 9551dd03cf)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-19 23:47:44 -08:00
Andrea Luzzardi
0d94260458 router: Return explicit error rather than 404 for experimental.
Instead of not adding experimental routes at all, fail with an explicit
message if the daemon is not running in experimental mode.

Added the `router.Experimental` which does this automatically.

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
(cherry picked from commit 3976a33c1a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-19 23:47:12 -08:00
Vincent Demeester
cdfde9ecc1 Use Container.Config.Shell instead of hardcoded…
… for healthcheck. It make the code a little cleaner and more
future/usage proof.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 5f81cf11f6)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-19 23:45:58 -08:00
Victor Vieux
8e21480106 skip api/types/container/ (like golint) and fix one pkg
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
(cherry picked from commit 79a891efb7)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 18:41:43 -08:00
Victor Vieux
fd75cc462f fix gofmt in master
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
(cherry picked from commit 9f348d5625)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 15:22:42 -08:00
Sebastiaan van Stijn
c4fd597ab3 swap position of "host" and "ip"
the service definition uses the format as defined
in  http://man7.org/linux/man-pages/man5/hosts.5.html
(IP_address canonical_hostname [aliases...])

This format is the _reverse_ of the format used in
the container API.

Commit f32869d956
inadvertently used the incorrect order.

This fixes the order, and correctly sets it to;

    IP-Address hostname

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f1b9df9172)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 15:15:51 -08:00
Kenfe-Mickael Laventure
47ccfcc09f Update containerd & runc
containerd: 03e5862ec0d8d3b3f750e19fca3ee367e13c090e
runc: 51371867a01c467f08af739783b8beafc15

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit 8b1aeb22fe)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 15:15:19 -08:00
Yong Tang
e3c24caf7a Fix several issues with go vet and go fmt
For some reason, `go vet` and `go fmt` validate does not capture
several issues.

The following was the output of `go vet`:
```
ubuntu@ubuntu:~/docker$ go vet ./... 2>&1 | grep -v ^vendor | grep -v '^exit status 1$'
cli/command/formatter/container_test.go:393: possible formatting directive in Log call
volume/volume_test.go:257: arg mp.RW for printf verb %s of wrong type: bool
```

The following was the output of `go fmt -s`:
```
ubuntu@ubuntu:~/docker$ gofmt -s -l . | grep -v ^vendor
cli/command/stack/list.go
daemon/commit.go
```

Fixed above issues with `go vet` and `go fmt -s`

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit ace786e9d5)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 15:14:49 -08:00
Aaron Lehmann
d4392659f7 Return warnings from service create and service update when digest pinning fails
Modify the service update and create APIs to return optional warning
messages as part of the response. Populate these messages with an
informative reason when digest resolution fails.

This is a small API change, but significantly improves the UX. The user
can now get immediate feedback when they've specified a nonexistent
image or unreachable registry.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 948e60691e)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:57:11 -08:00
He Xin
649445a206 fix bugs 'fatal error: concurrent map read and map write' to change VolumeStore.globalLock type from Mutex to RWMutex, and add globalLock.RLock() for the read of names, refs, labels and options in VolumeStore
Signed-off-by: He Xin <he_xinworld@126.com>
(cherry picked from commit 19bd1cee23)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:54:40 -08:00
Yanqiang Miao
df8a5e48de Fix a comment error
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
(cherry picked from commit 19e2c9177a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:54:23 -08:00
Michael Crosby
c0ea2c8498 Fix cfs period calculation
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit aff99136b4)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:45:58 -08:00
Stephen J Day
ce22bc39dc api/server/httputils: service unavailable for disable swarm
When swarm-mode is disabled, we need to return an error indicating this.
406 was chosen for the "Not Acceptable" verbiage, but this code has
specific semantics in relation to the `Accept` header, which aren't
applicable here.

We now use a 503 for this case. While it is not a perfect match, it does
make it clear that the particular "service" (read: API endpoint) is not
available. The body of the message provides the user with enough
information to take action on it by enabling swarm-mode and ensuring the
service is available.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 1d90d76048)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:44:36 -08:00
Yong Tang
3e9dd55695 Use map[string]bool for preProcessor to ignore unknwon field
This fix is an attempt to address the issue raised in 28339. In
`docker ps`, the formatter needs to expose all fields of `types.Container`
to `preProcessor` so that template could be executed.

This direct exposing is unreliable and could cause issues as user may incorrectly
assume all fields in `types.Container` will be available for templating.

However, the purpose of `preProcessor` is to only find out if `.Size`
is defined (so that opts.size could be set accordingly).

This fix defines `preProcessor` as `map[string]bool` with a func `Size()`.
In this way, any unknown fields will be ignored.

This fix adds several test cases to the existing `TestBuildContainerListOptions`.

This fix fixes 28339.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 312cc7eebd)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:42:21 -08:00
Boaz Shuster
19d2e68fb8 Change the docker-tag usage text to be clearer
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
(cherry picked from commit 039aca05c2)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:41:48 -08:00
John Howard
530b7cb4a0 Windows: Allow user in builder
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit a3c4ab9b65)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:41:13 -08:00
Nishant Totla
902774c871 Refactoring code for pinning image by digest
Signed-off-by: Nishant Totla <nishanttotla@gmail.com>
(cherry picked from commit dc1b6341b9)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:40:13 -08:00
Nishant Totla
1af49192e4 Updating docker/distribution vendoring
Signed-off-by: Nishant Totla <nishanttotla@gmail.com>
(cherry picked from commit d910781c66)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:40:06 -08:00
Andrea Luzzardi
0be7359265 1.13.x: Re-vendor swarmkit to a2080913b9cf2cac309845a28902896d65d3f527
Includes:
- https://github.com/docker/swarmkit/pull/1749
- https://github.com/docker/swarmkit/pull/1753
- https://github.com/docker/swarmkit/pull/1760
- https://github.com/docker/swarmkit/pull/1762
- https://github.com/docker/swarmkit/pull/1764
- https://github.com/docker/swarmkit/pull/1765

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2016-11-18 13:39:53 -08:00
Yong Tang
e013d7c543 Fix error messages for --cpus from daemon
This fix fixes error messages for `--cpus` from daemon.

When `docker run` takes `--cpus`, it will translate into NanoCPUs
and pass the value to daemon. The `NanoCPU` is not visible to the user.
The error message generated from daemon used 'NanoCPU' which may cause
some confusion to the user.

This fix fixes this issue by returning the error in CPUs instead.

This fix fixes 28456.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit d22ac2f3a0)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:38:21 -08:00
Tonis Tiigi
5e7e260bac Fix deadlock on cancelling healthcheck
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 89b1234737)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:37:44 -08:00
Vincent Demeester
20dd2d1e4e Update images cli reference with reference filter
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit a0d7b34d9c)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:37:07 -08:00
John Howard
3d43caf6f6 Windows: Revert 27884
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 7e03ce3f13)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:36:37 -08:00
Anusha Ragunathan
3f6e6b3f2d Cleanup after plugin install.
During error cases, we dont cleanup correctly. This commit takes care
of removing the plugin, if there are errors after the pull passed. It
also shuts down the plugin, if there are errors after the plugin in the
enable path.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 1144f8f1d4)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:36:09 -08:00
Aaron Lehmann
48c2da3cd5 api: Remove omitempty tag on Parallelism
It doesn't make sense to use omitempty here. 0 is a meaningful value and
it's different from the default. If someone sets Parallelism to 0, we
want to show that Parallelism is 0, not hide the field.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit d8b8b12994)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:35:33 -08:00
Yong Tang
7ef4feaf38 Fix crash caused by docker service inspect --pretty
This fix tries to fix the crash caused by `docker service inspect --pretty`,
by performing necessary nil pointer check.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit b6857e91c1)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:34:35 -08:00
Stephen J Day
8b9b8bd930 api/server/httputils: ensure consistent status code
Error code resolution is powered by string matching. Not the greatest
thing in the world and I hope no one is proud of this code, but it
works. However, because a map is used, the iteration order of the map is
random, such that if an error matches two of the snippets, it may return
a different error code depending on the seed of the hashmap. This change
converts it to use a slice instead.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 3484e02590)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:34:05 -08:00
allencloud
cd587419d0 judge manager before unlocking
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 972a246c67)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:33:07 -08:00
Brian Goff
10ce88227d Reduce spew data dumped
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 4130eb24e9)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:32:26 -08:00
Tom Wilkie
9f3c9209d0 s/bCap/bLen/
Signed-off-by: Tom Wilkie <tom.wilkie@gmail.com>
(cherry picked from commit 3a05545851)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:31:39 -08:00
Tom Wilkie
f02e4e1900 Fix use of cap in MultiReadSeeker
Signed-off-by: Tom Wilkie <tom.wilkie@gmail.com>
(cherry picked from commit 158bb9bbd5)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:31:33 -08:00
Victor Vieux
411e0bdc8e refactor help func in CLI
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
(cherry picked from commit bf95472105)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:30:44 -08:00
Vincent Demeester
51dc584445 Update Tini to fix photon build-rpm compilation errors
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-11-18 13:29:20 -08:00
Akshay Karle
78fe91c31c fix a typo
Signed-off-by: Akshay Karle <akshay.a.karle@gmail.com>
2016-11-18 13:28:11 -08:00
allencloud
0b8f8876b9 fix typo
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 1f039a66ac)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:27:01 -08:00
Justin Cormack
c125c131d7 Fix check config script on 4.8 kernels
DEVPTS_MULTIPLE_INSTANCES is no longer an option, it is always set, so
do not check for this post 4.8.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 228ee16df3)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:26:03 -08:00
Felipe Oliveira
0a9521d321 fix infinite recursion
Signed-off-by: Felipe Oliveira <felipeweb.programador@gmail.com>
(cherry picked from commit 271b1f2756)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:25:29 -08:00
Aaron Lehmann
88a45c4a1b Merge pull request #28525 from aluzzardi/swarmkit-revendor
1.13.x: Re-vendor SwarmKit to 577d6bf89a474d3f459804efc5f160ba9fff2b5d
2016-11-17 11:08:33 -08:00
Sebastiaan van Stijn
22f0055e18 Merge pull request #28433 from thaJeztah/docker-1.13-changelog-updates
Docker 1.13 changelog updates
2016-11-17 10:01:50 +01:00
Andrea Luzzardi
73bf1ec999 1.13.x: Re-vendor SwarmKit to 577d6bf89a474d3f459804efc5f160ba9fff2b5d
Includes https://github.com/docker/swarmkit/pull/1746

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2016-11-16 18:10:07 -08:00
Tonis Tiigi
0269ac0494 Skip cli initialization for daemon command
Cli initialization pings back to remote API and
creates a deadlock if socket is already being
listened by systemd.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-11-16 17:10:48 -08:00
Victor Vieux
f2eeaed8a3 explicitly show plugins as unsupported on !linux
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-16 17:10:40 -08:00
Noah Treuhaft
43f1682cef Disable v1 protocol for the default registry
All images in the default registry (AKA docker.io, index.docker.io, and
registry-1.docker.io) are available via the v2 protocol, so there's no
reason to use the v1 protocol.  Disabling it prevents useless fallbacks.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-11-16 17:10:33 -08:00
Riyaz Faizullabhoy
94c4cfc209 Edits to plugin docs after building authz plugin
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-11-16 17:10:24 -08:00
Sebastiaan van Stijn
dc71b1425e Changelog updates
This adds some missing entries to the changelog,
and some smal fixes / inconsistencies.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-11-17 01:42:56 +01:00
Vincent Demeester
a51fe6b056 Update stats cli reference documentation
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-11-16 11:11:52 -08:00
Steve Durrheimer
1841986d17 Add zsh completion for 'docker system df'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2016-11-16 11:11:45 -08:00
Yanqiang Miao
0d815d9bb7 Remove redundant 'if' statement
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>

update

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
2016-11-16 11:11:39 -08:00
Brian Goff
3b93497fdb Don't validate platform-dep tmpfs opts on client
Daemon still does validation and errors out on incorrect options.

Fixes an issue where non-Linux clients attempting to pass tmpfs options
on `docker run` to a Linux daemon will incorrectly error out.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-11-16 11:11:32 -08:00
Victor Vieux
44bb0bb7f2 update tini to a87614212b3a51a9cad57ff7989103a841546745
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-11-16 11:11:22 -08:00
Yong Tang
896e4f2d75 Fix missing versions in example requests of api docs
It is not required to have version prefix for all the remote
APIs. Though there are still quite a few example requests
in api docs that does not have the version prefix.

This fix update the remote api docs to address this issue.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-16 11:07:38 -08:00
Yong Tang
7154093e59 Update docs for docker info for most recent changes.
This fix updates docs for `docker info` for most recent changes.
It also made several chagnes:
1. Replace 0.12.0-dev to 0.13.0 for api docs v1.24.
2. Replace 0.13.0-dev to 0.13.0 for api docs v1.25

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-16 11:06:12 -08:00
John Howard
dbf1900e8c Windows: Use sequential file access
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-16 11:05:23 -08:00
allencloud
d1b1dea80f allow node update api receive node name and id prefix
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-11-16 10:59:21 -08:00
Victor Vieux
2dfa08bc50 Merge pull request #28408 from vieux/1.13.0-rc2-cherrypicks
1.13.0 rc2 cherrypicks
2016-11-16 10:50:34 -08:00
Tõnis Tiigi
f5afe63eb6 Merge pull request #28463 from aluzzardi/swarmkit-revendor
1.13.x: Revendor swarmkit to 3076318ec0327e22c837c2bfdfacea08124dc755
2016-11-15 21:41:12 -08:00
Andrea Luzzardi
7a457451f6 Revendor swarmkit to 3076318ec0327e22c837c2bfdfacea08124dc755
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2016-11-15 19:04:09 -08:00
Sebastiaan van Stijn
5c69e4fa94 Revert reference docs for ambient capabilities
This feature was reverted for docker 1.13
in c5251f7116,
so removing the documentation as well.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-11-15 13:59:39 -08:00
Jonathan Boulle
c102ab8711 man/docker: wrap lines consistently
Quite a few changes, as it seems like previous wrapping was done
manually, so it's all over the place.

As noted in #28424

Signed-off-by: Jonathan Boulle <jonathanboulle@gmail.com>
2016-11-15 13:58:43 -08:00
Jonathan Boulle
44b5bcd744 man page: consistent indents for flag descriptions
Signed-off-by: Jonathan Boulle <jonathanboulle@gmail.com>
2016-11-15 13:57:57 -08:00
yuexiao-wang
0f254ab8b9 Remove inexistent link and add related links
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-11-15 13:57:10 -08:00
bbayani
4d850bd49a Updated daemon documentation to clarify that live-restore is not suppoted on windows
Review comment implementation

Signed-off-by: bbayani <bhumikabayani@gmail.com>
2016-11-15 13:55:14 -08:00
John Howard
7346a6aebd Gitignore dockerversion\version_autogen_unix.go
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-14 17:32:44 -08:00
Anusha Ragunathan
846b198dd7 Perform graceful shutdown during plugin disable.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-11-14 17:31:00 -08:00
Steve Durrheimer
6c3744f4fc Add zsh completion for 'docker image build --network'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2016-11-14 17:04:08 -08:00
lixiaobing10051267
6e10c4c8b2 fix the wrong title with docker swarm
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2016-11-14 17:02:42 -08:00
Brian Goff
a9bbf92b3f Fix issue with missing fields for ps template
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-11-14 14:25:27 -08:00
Muayyad Alsadi
02c7b6ffad remove "starting with /"
Signed-off-by: Muayyad Alsadi <alsadi@gmail.com>
2016-11-14 14:22:24 -08:00
Muayyad Alsadi
d3ae1d7bd6 fixes #17734, clear message for host volumes not starting with /
Signed-off-by: Muayyad Alsadi <alsadi@gmail.com>
2016-11-14 14:22:22 -08:00
Steve Durrheimer
b1c96a73a3 Add zsh completion for 'docker service {create,update} --secret'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2016-11-14 14:18:12 -08:00
Steve Durrheimer
d114b7dc48 Add zsh completion for the new 'docker secret' command
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2016-11-14 14:17:36 -08:00
Steve Durrheimer
fd04a2db51 Add zsh completion for 'docker service' DNS settings
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2016-11-14 14:16:57 -08:00
Yong Tang
2c61e9c3bd Fix a small typo in docs/deprecated.md
A small typo in `docs/deprecated.md`.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-14 14:16:19 -08:00
Yong Tang
9ed0bb2d0a Update bash completion dns-options-add/rm -> dns-option-add/rm
In 28186, `dns-options-add/rm` has been changed to `dns-option-add/rm`
in `docker service create/update`, for the purpose of consistency.

This fix updates bash completion to remove extra `s`.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-14 14:15:31 -08:00
Harald Albers
ba5d2331d5 Add bash completion for DNS settings in services
Signed-off-by: Harald Albers <github@albersweb.de>
2016-11-14 14:14:52 -08:00
Harald Albers
6ec7c7a89c Add bash completion for docker service ps --all
Signed-off-by: Harald Albers <github@albersweb.de>
2016-11-14 14:13:10 -08:00
Steve Durrheimer
a2575eb741 Add zsh completion for 'docker service {create --port, update --port-{add,rm}}'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2016-11-14 14:12:08 -08:00
Harald Albers
4b003634bc Fix bash completion for docker ps --filter is-task
Signed-off-by: Harald Albers <github@albersweb.de>
2016-11-14 14:11:27 -08:00
Steve Durrheimer
580343247e Add zsh completion for 'docker image build --cache-from'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2016-11-14 14:10:44 -08:00
Harald Albers
261958bfa8 Add bash completion for managing ports in services
Bash completion for

- `docker service create --port`
- `docker service update --port-{add,rm}`

Signed-off-by: Harald Albers <github@albersweb.de>
2016-11-14 14:10:03 -08:00
Harald Albers
2da971cf06 Add bash completion for docker build --cache-from
Signed-off-by: Harald Albers <github@albersweb.de>
2016-11-14 14:09:02 -08:00
Brian Goff
285915755c Move StreamConfig out of runconfig
`StreamConfig` carries with it a dep on libcontainerd, which is used by
other projects, but libcontainerd doesn't compile on all platforms, so
move it to `github.com/docker/docker/container/stream`

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-11-14 14:03:05 -08:00
allencloud
9798cdd632 fix typo in node update docs
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-11-14 13:30:51 -08:00
yuexiao-wang
5060ff0d8d Remove duplicated document
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-11-14 13:29:51 -08:00
John Howard
4bfd3643da Extra v1.25 in API docs
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-14 12:00:24 -08:00
Alexander Morozov
f3d628129e dockerversion: add other binaries to _lib.go
Otherwise it's impossible to build without autogen tag

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-11-14 11:59:08 -08:00
Shayne Wang
19c16fd95e Change reading order of tailfile
change reading order from beginning at the end to beginning at a buffer start
added intergration tests for boundary cases
Removed whitespace
Signed-off-by: Shayne Wang <shaynexwang@gmail.com>
2016-11-14 11:58:01 -08:00
allencloud
89c4410799 judge manager before getting secret
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-11-14 11:54:29 -08:00
Kenfe-Mickael Laventure
70e7fcc595 Remove extra binaries commit variables from windows build
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-14 11:52:45 -08:00
Kenfe-Mickael Laventure
03c8f0cda1 Fix version detection for docker-init
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-14 11:52:39 -08:00
Tonis Tiigi
22c09cf902 Skip plugin tests if not in amd64
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-11-14 11:50:20 -08:00
Evan Hazlett
8ac6b97189 only check secrets for service create if requested
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-11-14 11:48:48 -08:00
Anusha Ragunathan
a7a8fa0e6b Add docs for plugin push
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-11-14 11:34:28 -08:00
John Stephens
16d4e6395e Show experimental flags and subcommands if enabled
Signed-off-by: John Stephens <johnstep@docker.com>
2016-11-14 11:34:17 -08:00
Victor Vieux
75fd88ba89 bump version to 1.13.0-rc1
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-11-11 02:27:33 -08:00
11376 changed files with 799314 additions and 2037128 deletions

View file

@ -1,21 +0,0 @@
{
"name": "moby",
"build": {
"context": "..",
"dockerfile": "../Dockerfile",
"target": "devcontainer"
},
"workspaceFolder": "/go/src/github.com/docker/docker",
"workspaceMount": "source=${localWorkspaceFolder},target=/go/src/github.com/docker/docker,type=bind,consistency=cached",
"remoteUser": "root",
"runArgs": ["--privileged"],
"customizations": {
"vscode": {
"extensions": [
"golang.go"
]
}
}
}

View file

@ -1,4 +1,4 @@
.git
bundles/
cli/winresources/**/winres.json
cli/winresources/**/*.syso
bundles
.gopath
vendor/pkg
.go-pkg-cache

3
.gitattributes vendored
View file

@ -1,3 +0,0 @@
Dockerfile* linguist-language=Dockerfile
vendor.mod linguist-language=Go-Module
vendor.sum linguist-language=Go-Checksums

13
.github/CODEOWNERS vendored
View file

@ -1,13 +0,0 @@
# GitHub code owners
# See https://help.github.com/articles/about-codeowners/
#
# KEEP THIS FILE SORTED. Order is important. Last match takes precedence.
builder/** @tonistiigi
contrib/mkimage/** @tianon
daemon/graphdriver/overlay2/** @dmcgowan
daemon/graphdriver/windows/** @johnstep
daemon/logger/awslogs/** @samuelkarp
hack/** @tianon
plugin/** @cpuguy83
project/** @thaJeztah

64
.github/ISSUE_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,64 @@
<!--
If you are reporting a new issue, make sure that we do not have any duplicates
already open. You can ensure this by searching the issue list for this
repository. If there is a duplicate, please close your issue and add a comment
to the existing issue instead.
If you suspect your issue is a bug, please edit your issue description to
include the BUG REPORT INFORMATION shown below. If you fail to provide this
information within 7 days, we cannot debug your issue and will close it. We
will, however, reopen it if you later provide the information.
For more information about reporting issues, see
https://github.com/docker/docker/blob/master/CONTRIBUTING.md#reporting-other-issues
---------------------------------------------------
GENERAL SUPPORT INFORMATION
---------------------------------------------------
The GitHub issue tracker is for bug reports and feature requests.
General support can be found at the following locations:
- Docker Support Forums - https://forums.docker.com
- IRC - irc.freenode.net #docker channel
- Post a question on StackOverflow, using the Docker tag
---------------------------------------------------
BUG REPORT INFORMATION
---------------------------------------------------
Use the commands below to provide key information from your environment:
You do NOT have to include this information if this is a FEATURE REQUEST
-->
**Description**
<!--
Briefly describe the problem you are having in a few paragraphs.
-->
**Steps to reproduce the issue:**
1.
2.
3.
**Describe the results you received:**
**Describe the results you expected:**
**Additional information you deem important (e.g. issue happens only occasionally):**
**Output of `docker version`:**
```
(paste your output here)
```
**Output of `docker info`:**
```
(paste your output here)
```
**Additional environment details (AWS, VirtualBox, physical, etc.):**

View file

@ -1,146 +0,0 @@
name: Bug report
description: Create a report to help us improve
labels:
- kind/bug
- status/0-triage
body:
- type: markdown
attributes:
value: |
Thank you for taking the time to report a bug!
If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
- type: textarea
id: description
attributes:
label: Description
description: Please give a clear and concise description of the bug
validations:
required: true
- type: textarea
id: repro
attributes:
label: Reproduce
description: Steps to reproduce the bug
placeholder: |
1. docker run ...
2. docker kill ...
3. docker rm ...
validations:
required: true
- type: textarea
id: expected
attributes:
label: Expected behavior
description: What is the expected behavior?
placeholder: |
E.g. "`docker rm` should remove the container and cleanup all associated data"
- type: textarea
id: version
attributes:
label: docker version
description: Output of `docker version`
render: bash
placeholder: |
Client:
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c70180fde3601def79a59cc3e996aa553c9b9
Built: Mon Jun 6 21:36:39 UTC 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b84221c8560e7a3dee2a653353429e7628424
Built: Mon Jun 6 22:32:38 2022
OS/Arch: linux/amd64
Experimental: true
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: a916309fff0f838eb94e928713dbc3c0d0ac7aa4
docker-init:
Version: 0.19.0
GitCommit:
validations:
required: true
- type: textarea
id: info
attributes:
label: docker info
description: Output of `docker info`
render: bash
placeholder: |
Client:
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc., 0.8.2)
compose: Docker Compose (Docker Inc., 2.6.0)
Server:
Containers: 4
Running: 2
Paused: 0
Stopped: 2
Images: 80
Server Version: 20.10.17
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: false
userxattr: false
Logging Driver: local
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
Default Runtime: runc
Init Binary: docker-init
containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc version: a916309fff0f838eb94e928713dbc3c0d0ac7aa4
init version:
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.13.0-1031-azure
Operating System: Ubuntu 20.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.63GiB
Name: dev
ID: UC44:2RFL:7NQ5:GGFW:34O5:DYRE:CLOH:VLGZ:64AZ:GFXC:PY6H:SAHY
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 46
Goroutines: 134
System Time: 2022-07-06T18:07:54.812439392Z
EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: true
validations:
required: true
- type: textarea
id: additional
attributes:
label: Additional Info
description: Additional info you want to provide such as logs, system info, environment, etc.
validations:
required: false

View file

@ -1,8 +0,0 @@
blank_issues_enabled: false
contact_links:
- name: Security and Vulnerabilities
url: https://github.com/moby/moby/blob/master/SECURITY.md
about: Please report any security issues or vulnerabilities responsibly to the Docker security team. Please do not use the public issue tracker.
- name: Questions and Discussions
url: https://github.com/moby/moby/discussions/new
about: Use Github Discussions to ask questions and/or open discussion topics.

View file

@ -1,13 +0,0 @@
name: Feature request
description: Missing functionality? Come tell us about it!
labels:
- kind/feature
- status/0-triage
body:
- type: textarea
id: description
attributes:
label: Description
description: What is the feature you want to see?
validations:
required: true

View file

@ -1,6 +1,6 @@
<!--
Please make sure you've read and understood our contributing guidelines;
https://github.com/moby/moby/blob/master/CONTRIBUTING.md
https://github.com/docker/docker/blob/master/CONTRIBUTING.md
** Make sure all your commits include a signature generated with `git commit -s` **
@ -22,12 +22,9 @@ Please provide the following information:
**- Description for the changelog**
<!--
Write a short (one line) summary that describes the changes in this
pull request for inclusion in the changelog.
It must be placed inside the below triple backticks section:
pull request for inclusion in the changelog:
-->
```markdown changelog
```
**- A picture of a cute animal (not mandatory but encouraged)**

View file

@ -1,27 +0,0 @@
name: 'Setup Runner'
description: 'Composite action to set up the GitHub Runner for jobs in the test.yml workflow'
runs:
using: composite
steps:
- run: |
sudo modprobe ip_vs
sudo modprobe ipv6
sudo modprobe ip6table_filter
sudo modprobe -r overlay
sudo modprobe overlay redirect_dir=off
shell: bash
- run: |
if [ ! -e /etc/docker/daemon.json ]; then
echo '{}' | sudo tee /etc/docker/daemon.json >/dev/null
fi
DOCKERD_CONFIG=$(jq '.+{"experimental":true,"live-restore":true,"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' /etc/docker/daemon.json)
sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
sudo service docker restart
shell: bash
- run: |
./contrib/check-config.sh || true
shell: bash
- run: |
docker info
shell: bash

View file

@ -1,14 +0,0 @@
name: 'Setup Tracing'
description: 'Composite action to set up the tracing for test jobs'
runs:
using: composite
steps:
- run: |
set -e
# Jaeger is set up on Windows through an inline run step. If you update Jaeger here, don't forget to update
# the version set in .github/workflows/.windows.yml.
docker run -d --net=host --name jaeger -e COLLECTOR_OTLP_ENABLED=true jaegertracing/all-in-one:1.46
docker0_ip="$(ip -f inet addr show docker0 | grep -Po 'inet \K[\d.]+')"
echo "OTEL_EXPORTER_OTLP_ENDPOINT=http://${docker0_ip}:4318" >> "${GITHUB_ENV}"
shell: bash

View file

@ -1,48 +0,0 @@
# reusable workflow
name: .dco
# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
on:
workflow_call:
env:
ALPINE_VERSION: 3.16
jobs:
run:
runs-on: ubuntu-20.04
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Dump context
uses: actions/github-script@v7
with:
script: |
console.log(JSON.stringify(context, null, 2));
-
name: Get base ref
id: base-ref
uses: actions/github-script@v7
with:
result-encoding: string
script: |
if (/^refs\/pull\//.test(context.ref) && context.payload?.pull_request?.base?.ref != undefined) {
return context.payload.pull_request.base.ref;
}
return context.ref.replace(/^refs\/heads\//g, '');
-
name: Validate
run: |
docker run --rm \
-v "$(pwd):/workspace" \
-e VALIDATE_REPO \
-e VALIDATE_BRANCH \
alpine:${{ env.ALPINE_VERSION }} sh -c 'apk add --no-cache -q bash git openssh-client && git config --system --add safe.directory /workspace && cd /workspace && hack/validate/dco'
env:
VALIDATE_REPO: ${{ github.server_url }}/${{ github.repository }}.git
VALIDATE_BRANCH: ${{ steps.base-ref.outputs.result }}

View file

@ -1,35 +0,0 @@
# reusable workflow
name: .test-prepare
# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
on:
workflow_call:
outputs:
matrix:
description: Test matrix
value: ${{ jobs.run.outputs.matrix }}
jobs:
run:
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Create matrix
id: set
uses: actions/github-script@v7
with:
script: |
let matrix = ['graphdriver'];
if ("${{ contains(github.event.pull_request.labels.*.name, 'containerd-integration') || github.event_name != 'pull_request' }}" == "true") {
matrix.push('snapshotter');
}
await core.group(`Set matrix`, async () => {
core.info(`matrix: ${JSON.stringify(matrix)}`);
core.setOutput('matrix', JSON.stringify(matrix));
});

View file

@ -1,445 +0,0 @@
# reusable workflow
name: .test
# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
on:
workflow_call:
inputs:
storage:
required: true
type: string
default: "graphdriver"
env:
GO_VERSION: "1.21.9"
GOTESTLIST_VERSION: v0.3.1
TESTSTAT_VERSION: v0.1.25
ITG_CLI_MATRIX_SIZE: 6
DOCKER_EXPERIMENTAL: 1
DOCKER_GRAPHDRIVER: ${{ inputs.storage == 'snapshotter' && 'overlayfs' || 'overlay2' }}
TEST_INTEGRATION_USE_SNAPSHOTTER: ${{ inputs.storage == 'snapshotter' && '1' || '' }}
jobs:
unit:
runs-on: ubuntu-20.04
continue-on-error: ${{ github.event_name != 'pull_request' }}
timeout-minutes: 120
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up runner
uses: ./.github/actions/setup-runner
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build dev image
uses: docker/bake-action@v4
with:
targets: dev
set: |
dev.cache-from=type=gha,scope=dev
-
name: Test
run: |
make -o build test-unit
-
name: Prepare reports
if: always()
run: |
mkdir -p bundles /tmp/reports
find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
tar -xzf /tmp/reports.tar.gz -C /tmp/reports
sudo chown -R $(id -u):$(id -g) /tmp/reports
tree -nh /tmp/reports
-
name: Send to Codecov
uses: codecov/codecov-action@v4
with:
directory: ./bundles
env_vars: RUNNER_OS
flags: unit
token: ${{ secrets.CODECOV_TOKEN }} # used to upload coverage reports: https://github.com/moby/buildkit/pull/4660#issue-2142122533
-
name: Upload reports
if: always()
uses: actions/upload-artifact@v4
with:
name: test-reports-unit-${{ inputs.storage }}
path: /tmp/reports/*
retention-days: 1
unit-report:
runs-on: ubuntu-20.04
continue-on-error: ${{ github.event_name != 'pull_request' }}
timeout-minutes: 10
if: always()
needs:
- unit
steps:
-
name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Download reports
uses: actions/download-artifact@v4
with:
name: test-reports-unit-${{ inputs.storage }}
path: /tmp/reports
-
name: Install teststat
run: |
go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-
name: Create summary
run: |
find /tmp/reports -type f -name '*-go-test-report.json' -exec teststat -markdown {} \+ >> $GITHUB_STEP_SUMMARY
docker-py:
runs-on: ubuntu-20.04
continue-on-error: ${{ github.event_name != 'pull_request' }}
timeout-minutes: 120
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up runner
uses: ./.github/actions/setup-runner
-
name: Set up tracing
uses: ./.github/actions/setup-tracing
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build dev image
uses: docker/bake-action@v4
with:
targets: dev
set: |
dev.cache-from=type=gha,scope=dev
-
name: Test
run: |
make -o build test-docker-py
-
name: Prepare reports
if: always()
run: |
mkdir -p bundles /tmp/reports
find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
tar -xzf /tmp/reports.tar.gz -C /tmp/reports
sudo chown -R $(id -u):$(id -g) /tmp/reports
tree -nh /tmp/reports
curl -sSLf localhost:16686/api/traces?service=integration-test-client > /tmp/reports/jaeger-trace.json
-
name: Test daemon logs
if: always()
run: |
cat bundles/test-docker-py/docker.log
-
name: Upload reports
if: always()
uses: actions/upload-artifact@v4
with:
name: test-reports-docker-py-${{ inputs.storage }}
path: /tmp/reports/*
retention-days: 1
integration-flaky:
runs-on: ubuntu-20.04
continue-on-error: ${{ github.event_name != 'pull_request' }}
timeout-minutes: 120
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up runner
uses: ./.github/actions/setup-runner
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build dev image
uses: docker/bake-action@v4
with:
targets: dev
set: |
dev.cache-from=type=gha,scope=dev
-
name: Test
run: |
make -o build test-integration-flaky
env:
TEST_SKIP_INTEGRATION_CLI: 1
integration:
runs-on: ${{ matrix.os }}
continue-on-error: ${{ github.event_name != 'pull_request' }}
timeout-minutes: 120
strategy:
fail-fast: false
matrix:
os:
- ubuntu-20.04
- ubuntu-22.04
mode:
- ""
- rootless
- systemd
#- rootless-systemd FIXME: https://github.com/moby/moby/issues/44084
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up runner
uses: ./.github/actions/setup-runner
-
name: Set up tracing
uses: ./.github/actions/setup-tracing
-
name: Prepare
run: |
CACHE_DEV_SCOPE=dev
if [[ "${{ matrix.mode }}" == *"rootless"* ]]; then
echo "DOCKER_ROOTLESS=1" >> $GITHUB_ENV
fi
if [[ "${{ matrix.mode }}" == *"systemd"* ]]; then
echo "SYSTEMD=true" >> $GITHUB_ENV
CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}systemd"
fi
echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build dev image
uses: docker/bake-action@v4
with:
targets: dev
set: |
dev.cache-from=type=gha,scope=${{ env.CACHE_DEV_SCOPE }}
-
name: Test
run: |
make -o build test-integration
env:
TEST_SKIP_INTEGRATION_CLI: 1
TESTCOVERAGE: 1
-
name: Prepare reports
if: always()
run: |
reportsName=${{ matrix.os }}
if [ -n "${{ matrix.mode }}" ]; then
reportsName="$reportsName-${{ matrix.mode }}"
fi
reportsPath="/tmp/reports/$reportsName"
echo "TESTREPORTS_NAME=$reportsName" >> $GITHUB_ENV
mkdir -p bundles $reportsPath
find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
tar -xzf /tmp/reports.tar.gz -C $reportsPath
sudo chown -R $(id -u):$(id -g) $reportsPath
tree -nh $reportsPath
curl -sSLf localhost:16686/api/traces?service=integration-test-client > $reportsPath/jaeger-trace.json
-
name: Send to Codecov
uses: codecov/codecov-action@v4
with:
directory: ./bundles/test-integration
env_vars: RUNNER_OS
flags: integration,${{ matrix.mode }}
token: ${{ secrets.CODECOV_TOKEN }} # used to upload coverage reports: https://github.com/moby/buildkit/pull/4660#issue-2142122533
-
name: Test daemon logs
if: always()
run: |
cat bundles/test-integration/docker.log
-
name: Upload reports
if: always()
uses: actions/upload-artifact@v4
with:
name: test-reports-integration-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}
path: /tmp/reports/*
retention-days: 1
integration-report:
runs-on: ubuntu-20.04
continue-on-error: ${{ github.event_name != 'pull_request' }}
timeout-minutes: 10
if: always()
needs:
- integration
steps:
-
name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Download reports
uses: actions/download-artifact@v4
with:
path: /tmp/reports
pattern: test-reports-integration-${{ inputs.storage }}-*
merge-multiple: true
-
name: Install teststat
run: |
go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-
name: Create summary
run: |
find /tmp/reports -type f -name '*-go-test-report.json' -exec teststat -markdown {} \+ >> $GITHUB_STEP_SUMMARY
integration-cli-prepare:
runs-on: ubuntu-20.04
continue-on-error: ${{ github.event_name != 'pull_request' }}
outputs:
matrix: ${{ steps.tests.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Install gotestlist
run:
go install github.com/crazy-max/gotestlist/cmd/gotestlist@${{ env.GOTESTLIST_VERSION }}
-
name: Create matrix
id: tests
working-directory: ./integration-cli
run: |
# This step creates a matrix for integration-cli tests. Tests suites
# are distributed in integration-cli job through a matrix. There is
# also overrides being added to the matrix like "./..." to run
# "Test integration" step exclusively and specific tests suites that
# take a long time to run.
matrix="$(gotestlist -d ${{ env.ITG_CLI_MATRIX_SIZE }} -o "./..." -o "DockerSwarmSuite" -o "DockerNetworkSuite|DockerExternalVolumeSuite" ./...)"
echo "matrix=$matrix" >> $GITHUB_OUTPUT
-
name: Show matrix
run: |
echo ${{ steps.tests.outputs.matrix }}
integration-cli:
runs-on: ubuntu-20.04
continue-on-error: ${{ github.event_name != 'pull_request' }}
timeout-minutes: 120
needs:
- integration-cli-prepare
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.integration-cli-prepare.outputs.matrix) }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up runner
uses: ./.github/actions/setup-runner
-
name: Set up tracing
uses: ./.github/actions/setup-tracing
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build dev image
uses: docker/bake-action@v4
with:
targets: dev
set: |
dev.cache-from=type=gha,scope=dev
-
name: Test
run: |
make -o build test-integration
env:
TEST_SKIP_INTEGRATION: 1
TESTCOVERAGE: 1
TESTFLAGS: "-test.run (${{ matrix.test }})/"
-
name: Prepare reports
if: always()
run: |
reportsName=$(echo -n "${{ matrix.test }}" | sha256sum | cut -d " " -f 1)
reportsPath=/tmp/reports/$reportsName
echo "TESTREPORTS_NAME=$reportsName" >> $GITHUB_ENV
mkdir -p bundles $reportsPath
echo "${{ matrix.test }}" | tr -s '|' '\n' | tee -a "$reportsPath/tests.txt"
find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
tar -xzf /tmp/reports.tar.gz -C $reportsPath
sudo chown -R $(id -u):$(id -g) $reportsPath
tree -nh $reportsPath
curl -sSLf localhost:16686/api/traces?service=integration-test-client > $reportsPath/jaeger-trace.json
-
name: Send to Codecov
uses: codecov/codecov-action@v4
with:
directory: ./bundles/test-integration
env_vars: RUNNER_OS
flags: integration-cli
token: ${{ secrets.CODECOV_TOKEN }} # used to upload coverage reports: https://github.com/moby/buildkit/pull/4660#issue-2142122533
-
name: Test daemon logs
if: always()
run: |
cat bundles/test-integration/docker.log
-
name: Upload reports
if: always()
uses: actions/upload-artifact@v4
with:
name: test-reports-integration-cli-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}
path: /tmp/reports/*
retention-days: 1
integration-cli-report:
runs-on: ubuntu-20.04
continue-on-error: ${{ github.event_name != 'pull_request' }}
timeout-minutes: 10
if: always()
needs:
- integration-cli
steps:
-
name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Download reports
uses: actions/download-artifact@v4
with:
path: /tmp/reports
pattern: test-reports-integration-cli-${{ inputs.storage }}-*
merge-multiple: true
-
name: Install teststat
run: |
go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-
name: Create summary
run: |
find /tmp/reports -type f -name '*-go-test-report.json' -exec teststat -markdown {} \+ >> $GITHUB_STEP_SUMMARY

View file

@ -1,551 +0,0 @@
# reusable workflow
name: .windows
# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
on:
workflow_call:
inputs:
os:
required: true
type: string
storage:
required: true
type: string
default: "graphdriver"
send_coverage:
required: false
type: boolean
default: false
env:
GO_VERSION: "1.21.9"
GOTESTLIST_VERSION: v0.3.1
TESTSTAT_VERSION: v0.1.25
WINDOWS_BASE_IMAGE: mcr.microsoft.com/windows/servercore
WINDOWS_BASE_TAG_2019: ltsc2019
WINDOWS_BASE_TAG_2022: ltsc2022
TEST_IMAGE_NAME: moby:test
TEST_CTN_NAME: moby
DOCKER_BUILDKIT: 0
ITG_CLI_MATRIX_SIZE: 6
jobs:
build:
runs-on: ${{ inputs.os }}
env:
GOPATH: ${{ github.workspace }}\go
GOBIN: ${{ github.workspace }}\go\bin
BIN_OUT: ${{ github.workspace }}\out
defaults:
run:
working-directory: ${{ env.GOPATH }}/src/github.com/docker/docker
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
path: ${{ env.GOPATH }}/src/github.com/docker/docker
-
name: Env
run: |
Get-ChildItem Env: | Out-String
-
name: Init
run: |
New-Item -ItemType "directory" -Path "${{ github.workspace }}\go-build"
New-Item -ItemType "directory" -Path "${{ github.workspace }}\go\pkg\mod"
If ("${{ inputs.os }}" -eq "windows-2019") {
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
} ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
-
name: Cache
uses: actions/cache@v4
with:
path: |
~\AppData\Local\go-build
~\go\pkg\mod
${{ github.workspace }}\go-build
${{ env.GOPATH }}\pkg\mod
key: ${{ inputs.os }}-${{ github.job }}-${{ hashFiles('**/vendor.sum') }}
restore-keys: |
${{ inputs.os }}-${{ github.job }}-
-
name: Docker info
run: |
docker info
-
name: Build base image
run: |
& docker build `
--build-arg WINDOWS_BASE_IMAGE `
--build-arg WINDOWS_BASE_IMAGE_TAG `
--build-arg GO_VERSION `
-t ${{ env.TEST_IMAGE_NAME }} `
-f Dockerfile.windows .
-
name: Build binaries
run: |
& docker run --name ${{ env.TEST_CTN_NAME }} -e "DOCKER_GITCOMMIT=${{ github.sha }}" `
-v "${{ github.workspace }}\go-build:C:\Users\ContainerAdministrator\AppData\Local\go-build" `
-v "${{ github.workspace }}\go\pkg\mod:C:\gopath\pkg\mod" `
${{ env.TEST_IMAGE_NAME }} hack\make.ps1 -Daemon -Client
-
name: Copy artifacts
run: |
New-Item -ItemType "directory" -Path "${{ env.BIN_OUT }}"
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\src\github.com\docker\docker\bundles\docker.exe" ${{ env.BIN_OUT }}\
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\src\github.com\docker\docker\bundles\dockerd.exe" ${{ env.BIN_OUT }}\
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\bin\gotestsum.exe" ${{ env.BIN_OUT }}\
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\containerd\bin\containerd.exe" ${{ env.BIN_OUT }}\
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\containerd\bin\containerd-shim-runhcs-v1.exe" ${{ env.BIN_OUT }}\
-
name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: build-${{ inputs.storage }}-${{ inputs.os }}
path: ${{ env.BIN_OUT }}/*
if-no-files-found: error
retention-days: 2
unit-test:
runs-on: ${{ inputs.os }}
timeout-minutes: 120
env:
GOPATH: ${{ github.workspace }}\go
GOBIN: ${{ github.workspace }}\go\bin
defaults:
run:
working-directory: ${{ env.GOPATH }}/src/github.com/docker/docker
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
path: ${{ env.GOPATH }}/src/github.com/docker/docker
-
name: Env
run: |
Get-ChildItem Env: | Out-String
-
name: Init
run: |
New-Item -ItemType "directory" -Path "${{ github.workspace }}\go-build"
New-Item -ItemType "directory" -Path "${{ github.workspace }}\go\pkg\mod"
New-Item -ItemType "directory" -Path "bundles"
If ("${{ inputs.os }}" -eq "windows-2019") {
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
} ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
-
name: Cache
uses: actions/cache@v4
with:
path: |
~\AppData\Local\go-build
~\go\pkg\mod
${{ github.workspace }}\go-build
${{ env.GOPATH }}\pkg\mod
key: ${{ inputs.os }}-${{ github.job }}-${{ hashFiles('**/vendor.sum') }}
restore-keys: |
${{ inputs.os }}-${{ github.job }}-
-
name: Docker info
run: |
docker info
-
name: Build base image
run: |
& docker build `
--build-arg WINDOWS_BASE_IMAGE `
--build-arg WINDOWS_BASE_IMAGE_TAG `
--build-arg GO_VERSION `
-t ${{ env.TEST_IMAGE_NAME }} `
-f Dockerfile.windows .
-
name: Test
run: |
& docker run --name ${{ env.TEST_CTN_NAME }} -e "DOCKER_GITCOMMIT=${{ github.sha }}" `
-v "${{ github.workspace }}\go-build:C:\Users\ContainerAdministrator\AppData\Local\go-build" `
-v "${{ github.workspace }}\go\pkg\mod:C:\gopath\pkg\mod" `
-v "${{ env.GOPATH }}\src\github.com\docker\docker\bundles:C:\gopath\src\github.com\docker\docker\bundles" `
${{ env.TEST_IMAGE_NAME }} hack\make.ps1 -TestUnit
-
name: Send to Codecov
if: inputs.send_coverage
uses: codecov/codecov-action@v4
with:
working-directory: ${{ env.GOPATH }}\src\github.com\docker\docker
directory: bundles
env_vars: RUNNER_OS
flags: unit
token: ${{ secrets.CODECOV_TOKEN }} # used to upload coverage reports: https://github.com/moby/buildkit/pull/4660#issue-2142122533
-
name: Upload reports
if: always()
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.os }}-${{ inputs.storage }}-unit-reports
path: ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
retention-days: 1
unit-test-report:
runs-on: ubuntu-latest
if: always()
needs:
- unit-test
steps:
-
name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Download artifacts
uses: actions/download-artifact@v4
with:
name: ${{ inputs.os }}-${{ inputs.storage }}-unit-reports
path: /tmp/artifacts
-
name: Install teststat
run: |
go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-
name: Create summary
run: |
find /tmp/artifacts -type f -name '*-go-test-report.json' -exec teststat -markdown {} \+ >> $GITHUB_STEP_SUMMARY
integration-test-prepare:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.tests.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Install gotestlist
run:
go install github.com/crazy-max/gotestlist/cmd/gotestlist@${{ env.GOTESTLIST_VERSION }}
-
name: Create matrix
id: tests
working-directory: ./integration-cli
run: |
# This step creates a matrix for integration-cli tests. Tests suites
# are distributed in integration-test job through a matrix. There is
# also an override being added to the matrix like "./..." to run
# "Test integration" step exclusively.
matrix="$(gotestlist -d ${{ env.ITG_CLI_MATRIX_SIZE }} -o "./..." ./...)"
echo "matrix=$matrix" >> $GITHUB_OUTPUT
-
name: Show matrix
run: |
echo ${{ steps.tests.outputs.matrix }}
integration-test:
runs-on: ${{ inputs.os }}
continue-on-error: ${{ inputs.storage == 'snapshotter' && github.event_name != 'pull_request' }}
timeout-minutes: 120
needs:
- build
- integration-test-prepare
strategy:
fail-fast: false
matrix:
storage:
- ${{ inputs.storage }}
runtime:
- builtin
- containerd
test: ${{ fromJson(needs.integration-test-prepare.outputs.matrix) }}
exclude:
- storage: snapshotter
runtime: builtin
env:
GOPATH: ${{ github.workspace }}\go
GOBIN: ${{ github.workspace }}\go\bin
BIN_OUT: ${{ github.workspace }}\out
defaults:
run:
working-directory: ${{ env.GOPATH }}/src/github.com/docker/docker
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
path: ${{ env.GOPATH }}/src/github.com/docker/docker
-
name: Set up Jaeger
run: |
# Jaeger is set up on Linux through the setup-tracing action. If you update Jaeger here, don't forget to
# update the version set in .github/actions/setup-tracing/action.yml.
Invoke-WebRequest -Uri "https://github.com/jaegertracing/jaeger/releases/download/v1.46.0/jaeger-1.46.0-windows-amd64.tar.gz" -OutFile ".\jaeger-1.46.0-windows-amd64.tar.gz"
tar -zxvf ".\jaeger-1.46.0-windows-amd64.tar.gz"
Start-Process '.\jaeger-1.46.0-windows-amd64\jaeger-all-in-one.exe'
echo "OTEL_EXPORTER_OTLP_ENDPOINT=http://127.0.0.1:4318" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
shell: pwsh
-
name: Env
run: |
Get-ChildItem Env: | Out-String
-
name: Download artifacts
uses: actions/download-artifact@v4
with:
name: build-${{ inputs.storage }}-${{ inputs.os }}
path: ${{ env.BIN_OUT }}
-
name: Init
run: |
New-Item -ItemType "directory" -Path "bundles"
If ("${{ inputs.os }}" -eq "windows-2019") {
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
} ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
Write-Output "${{ env.BIN_OUT }}" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
$testName = ([System.BitConverter]::ToString((New-Object System.Security.Cryptography.SHA256Managed).ComputeHash([System.Text.Encoding]::UTF8.GetBytes("${{ matrix.test }}"))) -replace '-').ToLower()
echo "TESTREPORTS_NAME=$testName" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-
# removes docker service that is currently installed on the runner. we
# could use Uninstall-Package but not yet available on Windows runners.
# more info: https://github.com/actions/virtual-environments/blob/d3a5bad25f3b4326c5666bab0011ac7f1beec95e/images/win/scripts/Installers/Install-Docker.ps1#L11
name: Removing current daemon
run: |
if (Get-Service docker -ErrorAction SilentlyContinue) {
$dockerVersion = (docker version -f "{{.Server.Version}}")
Write-Host "Current installed Docker version: $dockerVersion"
# remove service
Stop-Service -Force -Name docker
Remove-Service -Name docker
# removes event log entry. we could use "Remove-EventLog -LogName -Source docker"
# but this cmd is not available atm
$ErrorActionPreference = "SilentlyContinue"
& reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\docker" /f 2>&1 | Out-Null
$ErrorActionPreference = "Stop"
Write-Host "Service removed"
}
-
name: Starting containerd
if: matrix.runtime == 'containerd'
run: |
Write-Host "Generating config"
& "${{ env.BIN_OUT }}\containerd.exe" config default | Out-File "$env:TEMP\ctn.toml" -Encoding ascii
Write-Host "Creating service"
New-Item -ItemType Directory "$env:TEMP\ctn-root" -ErrorAction SilentlyContinue | Out-Null
New-Item -ItemType Directory "$env:TEMP\ctn-state" -ErrorAction SilentlyContinue | Out-Null
Start-Process -Wait "${{ env.BIN_OUT }}\containerd.exe" `
-ArgumentList "--log-level=debug", `
"--config=$env:TEMP\ctn.toml", `
"--address=\\.\pipe\containerd-containerd", `
"--root=$env:TEMP\ctn-root", `
"--state=$env:TEMP\ctn-state", `
"--log-file=$env:TEMP\ctn.log", `
"--register-service"
Write-Host "Starting service"
Start-Service -Name containerd
Start-Sleep -Seconds 5
Write-Host "Service started successfully!"
-
name: Starting test daemon
run: |
Write-Host "Creating service"
If ("${{ matrix.runtime }}" -eq "containerd") {
$runtimeArg="--containerd=\\.\pipe\containerd-containerd"
echo "DOCKER_WINDOWS_CONTAINERD_RUNTIME=1" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
New-Item -ItemType Directory "$env:TEMP\moby-root" -ErrorAction SilentlyContinue | Out-Null
New-Item -ItemType Directory "$env:TEMP\moby-exec" -ErrorAction SilentlyContinue | Out-Null
Start-Process -Wait -NoNewWindow "${{ env.BIN_OUT }}\dockerd" `
-ArgumentList $runtimeArg, "--debug", `
"--host=npipe:////./pipe/docker_engine", `
"--data-root=$env:TEMP\moby-root", `
"--exec-root=$env:TEMP\moby-exec", `
"--pidfile=$env:TEMP\docker.pid", `
"--register-service"
If ("${{ inputs.storage }}" -eq "snapshotter") {
# Make the env-var visible to the service-managed dockerd, as there's no CLI flag for this option.
& reg add "HKLM\SYSTEM\CurrentControlSet\Services\docker" /v Environment /t REG_MULTI_SZ /s '@' /d TEST_INTEGRATION_USE_SNAPSHOTTER=1
echo "TEST_INTEGRATION_USE_SNAPSHOTTER=1" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
Write-Host "Starting service"
Start-Service -Name docker
Write-Host "Service started successfully!"
-
name: Waiting for test daemon to start
run: |
$tries=20
Write-Host "Waiting for the test daemon to start..."
While ($true) {
$ErrorActionPreference = "SilentlyContinue"
& "${{ env.BIN_OUT }}\docker" version
$ErrorActionPreference = "Stop"
If ($LastExitCode -eq 0) {
break
}
$tries--
If ($tries -le 0) {
Throw "Failed to get a response from the daemon"
}
Write-Host -NoNewline "."
Start-Sleep -Seconds 1
}
Write-Host "Test daemon started and replied!"
env:
DOCKER_HOST: npipe:////./pipe/docker_engine
-
name: Docker info
run: |
& "${{ env.BIN_OUT }}\docker" info
env:
DOCKER_HOST: npipe:////./pipe/docker_engine
-
name: Building contrib/busybox
run: |
& "${{ env.BIN_OUT }}\docker" build -t busybox `
--build-arg WINDOWS_BASE_IMAGE `
--build-arg WINDOWS_BASE_IMAGE_TAG `
.\contrib\busybox\
env:
DOCKER_HOST: npipe:////./pipe/docker_engine
-
name: List images
run: |
& "${{ env.BIN_OUT }}\docker" images
env:
DOCKER_HOST: npipe:////./pipe/docker_engine
-
name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Test integration
if: matrix.test == './...'
run: |
.\hack\make.ps1 -TestIntegration
env:
DOCKER_HOST: npipe:////./pipe/docker_engine
GO111MODULE: "off"
TEST_CLIENT_BINARY: ${{ env.BIN_OUT }}\docker
-
name: Test integration-cli
if: matrix.test != './...'
run: |
.\hack\make.ps1 -TestIntegrationCli
env:
DOCKER_HOST: npipe:////./pipe/docker_engine
GO111MODULE: "off"
TEST_CLIENT_BINARY: ${{ env.BIN_OUT }}\docker
INTEGRATION_TESTRUN: ${{ matrix.test }}
-
name: Send to Codecov
if: inputs.send_coverage
uses: codecov/codecov-action@v4
with:
working-directory: ${{ env.GOPATH }}\src\github.com\docker\docker
directory: bundles
env_vars: RUNNER_OS
flags: integration,${{ matrix.runtime }}
token: ${{ secrets.CODECOV_TOKEN }} # used to upload coverage reports: https://github.com/moby/buildkit/pull/4660#issue-2142122533
-
name: Docker info
run: |
& "${{ env.BIN_OUT }}\docker" info
env:
DOCKER_HOST: npipe:////./pipe/docker_engine
-
name: Stop containerd
if: always() && matrix.runtime == 'containerd'
run: |
$ErrorActionPreference = "SilentlyContinue"
Stop-Service -Force -Name containerd
$ErrorActionPreference = "Stop"
-
name: Containerd logs
if: always() && matrix.runtime == 'containerd'
run: |
Copy-Item "$env:TEMP\ctn.log" -Destination ".\bundles\containerd.log"
Get-Content "$env:TEMP\ctn.log" | Out-Host
-
name: Stop daemon
if: always()
run: |
$ErrorActionPreference = "SilentlyContinue"
Stop-Service -Force -Name docker
$ErrorActionPreference = "Stop"
-
# as the daemon is registered as a service we have to check the event
# logs against the docker provider.
name: Daemon event logs
if: always()
run: |
Get-WinEvent -ea SilentlyContinue `
-FilterHashtable @{ProviderName= "docker"; LogName = "application"} |
Sort-Object @{Expression="TimeCreated";Descending=$false} |
ForEach-Object {"$($_.TimeCreated.ToUniversalTime().ToString("o")) [$($_.LevelDisplayName)] $($_.Message)"} |
Tee-Object -file ".\bundles\daemon.log"
-
name: Download Jaeger traces
if: always()
run: |
Invoke-WebRequest `
-Uri "http://127.0.0.1:16686/api/traces?service=integration-test-client" `
-OutFile ".\bundles\jaeger-trace.json"
-
name: Upload reports
if: always()
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.os }}-${{ inputs.storage }}-integration-reports-${{ matrix.runtime }}-${{ env.TESTREPORTS_NAME }}
path: ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
retention-days: 1
integration-test-report:
runs-on: ubuntu-latest
continue-on-error: ${{ inputs.storage == 'snapshotter' && github.event_name != 'pull_request' }}
if: always()
needs:
- integration-test
strategy:
fail-fast: false
matrix:
storage:
- ${{ inputs.storage }}
runtime:
- builtin
- containerd
exclude:
- storage: snapshotter
runtime: builtin
steps:
-
name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Download reports
uses: actions/download-artifact@v4
with:
path: /tmp/reports
pattern: ${{ inputs.os }}-${{ inputs.storage }}-integration-reports-${{ matrix.runtime }}-*
merge-multiple: true
-
name: Install teststat
run: |
go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-
name: Create summary
run: |
find /tmp/reports -type f -name '*-go-test-report.json' -exec teststat -markdown {} \+ >> $GITHUB_STEP_SUMMARY

View file

@ -1,191 +0,0 @@
name: bin-image
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
push:
branches:
- 'master'
- '[0-9]+.[0-9]+'
tags:
- 'v*'
pull_request:
env:
MOBYBIN_REPO_SLUG: moby/moby-bin
DOCKER_GITCOMMIT: ${{ github.sha }}
VERSION: ${{ github.ref }}
PLATFORM: Moby Engine - Nightly
PRODUCT: moby-bin
PACKAGER_NAME: The Moby Project
jobs:
validate-dco:
if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
uses: ./.github/workflows/.dco.yml
prepare:
runs-on: ubuntu-20.04
outputs:
platforms: ${{ steps.platforms.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.MOBYBIN_REPO_SLUG }}
### versioning strategy
## push semver tag v23.0.0
# moby/moby-bin:23.0.0
# moby/moby-bin:latest
## push semver prelease tag v23.0.0-beta.1
# moby/moby-bin:23.0.0-beta.1
## push on master
# moby/moby-bin:master
## push on 23.0 branch
# moby/moby-bin:23.0
## any push
# moby/moby-bin:sha-ad132f5
tags: |
type=semver,pattern={{version}}
type=ref,event=branch
type=ref,event=pr
type=sha
-
name: Rename meta bake definition file
# see https://github.com/docker/metadata-action/issues/381#issuecomment-1918607161
run: |
bakeFile="${{ steps.meta.outputs.bake-file }}"
mv "${bakeFile#cwd://}" "/tmp/bake-meta.json"
-
name: Upload meta bake definition
uses: actions/upload-artifact@v4
with:
name: bake-meta
path: /tmp/bake-meta.json
if-no-files-found: error
retention-days: 1
-
name: Create platforms matrix
id: platforms
run: |
echo "matrix=$(docker buildx bake bin-image-cross --print | jq -cr '.target."bin-image-cross".platforms')" >>${GITHUB_OUTPUT}
build:
runs-on: ubuntu-20.04
needs:
- validate-dco
- prepare
if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')
strategy:
fail-fast: false
matrix:
platform: ${{ fromJson(needs.prepare.outputs.platforms) }}
steps:
-
name: Prepare
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Download meta bake definition
uses: actions/download-artifact@v4
with:
name: bake-meta
path: /tmp
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to Docker Hub
if: github.event_name != 'pull_request' && github.repository == 'moby/moby'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_MOBYBIN_USERNAME }}
password: ${{ secrets.DOCKERHUB_MOBYBIN_TOKEN }}
-
name: Build
id: bake
uses: docker/bake-action@v4
with:
files: |
./docker-bake.hcl
/tmp/bake-meta.json
targets: bin-image
set: |
*.platform=${{ matrix.platform }}
*.output=type=image,name=${{ env.MOBYBIN_REPO_SLUG }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' && github.repository == 'moby/moby' }}
*.tags=
-
name: Export digest
if: github.event_name != 'pull_request' && github.repository == 'moby/moby'
run: |
mkdir -p /tmp/digests
digest="${{ fromJSON(steps.bake.outputs.metadata)['bin-image']['containerimage.digest'] }}"
touch "/tmp/digests/${digest#sha256:}"
-
name: Upload digest
if: github.event_name != 'pull_request' && github.repository == 'moby/moby'
uses: actions/upload-artifact@v4
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
runs-on: ubuntu-20.04
needs:
- build
if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') && github.event_name != 'pull_request' && github.repository == 'moby/moby'
steps:
-
name: Download meta bake definition
uses: actions/download-artifact@v4
with:
name: bake-meta
path: /tmp
-
name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_MOBYBIN_USERNAME }}
password: ${{ secrets.DOCKERHUB_MOBYBIN_TOKEN }}
-
name: Create manifest list and push
working-directory: /tmp/digests
run: |
set -x
docker buildx imagetools create $(jq -cr '.target."docker-metadata-action".tags | map("-t " + .) | join(" ")' /tmp/bake-meta.json) \
$(printf '${{ env.MOBYBIN_REPO_SLUG }}@sha256:%s ' *)
-
name: Inspect image
run: |
set -x
docker buildx imagetools inspect ${{ env.MOBYBIN_REPO_SLUG }}:$(jq -cr '.target."docker-metadata-action".args.DOCKER_META_VERSION' /tmp/bake-meta.json)

View file

@ -1,139 +0,0 @@
name: buildkit
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
push:
branches:
- 'master'
- '[0-9]+.[0-9]+'
pull_request:
env:
GO_VERSION: "1.21.9"
DESTDIR: ./build
jobs:
validate-dco:
uses: ./.github/workflows/.dco.yml
build:
runs-on: ubuntu-20.04
needs:
- validate-dco
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build
uses: docker/bake-action@v4
with:
targets: binary
-
name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: binary
path: ${{ env.DESTDIR }}
if-no-files-found: error
retention-days: 1
test:
runs-on: ubuntu-20.04
timeout-minutes: 120
needs:
- build
env:
TEST_IMAGE_BUILD: "0"
TEST_IMAGE_ID: "buildkit-tests"
strategy:
fail-fast: false
matrix:
worker:
- dockerd
- dockerd-containerd
pkg:
- client
- cmd/buildctl
- solver
- frontend
- frontend/dockerfile
typ:
- integration
steps:
-
name: Prepare
run: |
disabledFeatures="cache_backend_azblob,cache_backend_s3"
if [ "${{ matrix.worker }}" = "dockerd" ]; then
disabledFeatures="${disabledFeatures},merge_diff"
fi
echo "BUILDKIT_TEST_DISABLE_FEATURES=${disabledFeatures}" >> $GITHUB_ENV
# Expose `ACTIONS_RUNTIME_TOKEN` and `ACTIONS_CACHE_URL`, which is used
# in BuildKit's test suite to skip/unskip cache exporters:
# https://github.com/moby/buildkit/blob/567a99433ca23402d5e9b9f9124005d2e59b8861/client/client_test.go#L5407-L5411
-
name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
-
name: Checkout
uses: actions/checkout@v4
with:
path: moby
-
name: BuildKit ref
run: |
echo "$(./hack/buildkit-ref)" >> $GITHUB_ENV
working-directory: moby
-
name: Checkout BuildKit ${{ env.BUILDKIT_REF }}
uses: actions/checkout@v4
with:
repository: ${{ env.BUILDKIT_REPO }}
ref: ${{ env.BUILDKIT_REF }}
path: buildkit
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Download binary artifacts
uses: actions/download-artifact@v4
with:
name: binary
path: ./buildkit/build/moby/
-
name: Update daemon.json
run: |
sudo rm -f /etc/docker/daemon.json
sudo service docker restart
docker version
docker info
-
name: Build test image
uses: docker/bake-action@v4
with:
workdir: ./buildkit
targets: integration-tests
set: |
*.output=type=docker,name=${{ env.TEST_IMAGE_ID }}
-
name: Test
run: |
./hack/test ${{ matrix.typ }}
env:
CONTEXT: "."
TEST_DOCKERD: "1"
TEST_DOCKERD_BINARY: "./build/moby/dockerd"
TESTPKGS: "./${{ matrix.pkg }}"
TESTFLAGS: "-v --parallel=1 --timeout=30m --run=//worker=${{ matrix.worker }}$"
working-directory: buildkit

View file

@ -1,113 +0,0 @@
name: ci
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
push:
branches:
- 'master'
- '[0-9]+.[0-9]+'
pull_request:
env:
DESTDIR: ./build
jobs:
validate-dco:
uses: ./.github/workflows/.dco.yml
build:
runs-on: ubuntu-20.04
needs:
- validate-dco
strategy:
fail-fast: false
matrix:
target:
- binary
- dynbinary
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build
uses: docker/bake-action@v4
with:
targets: ${{ matrix.target }}
-
name: List artifacts
run: |
tree -nh ${{ env.DESTDIR }}
-
name: Check artifacts
run: |
find ${{ env.DESTDIR }} -type f -exec file -e ascii -- {} +
prepare-cross:
runs-on: ubuntu-latest
needs:
- validate-dco
outputs:
matrix: ${{ steps.platforms.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Create matrix
id: platforms
run: |
matrix="$(docker buildx bake binary-cross --print | jq -cr '.target."binary-cross".platforms')"
echo "matrix=$matrix" >> $GITHUB_OUTPUT
-
name: Show matrix
run: |
echo ${{ steps.platforms.outputs.matrix }}
cross:
runs-on: ubuntu-20.04
needs:
- validate-dco
- prepare-cross
strategy:
fail-fast: false
matrix:
platform: ${{ fromJson(needs.prepare-cross.outputs.matrix) }}
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Prepare
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build
uses: docker/bake-action@v4
with:
targets: all
set: |
*.platform=${{ matrix.platform }}
-
name: List artifacts
run: |
tree -nh ${{ env.DESTDIR }}
-
name: Check artifacts
run: |
find ${{ env.DESTDIR }} -type f -exec file -e ascii -- {} +

View file

@ -1,177 +0,0 @@
name: test
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
push:
branches:
- 'master'
- '[0-9]+.[0-9]+'
pull_request:
env:
GO_VERSION: "1.21.9"
GIT_PAGER: "cat"
PAGER: "cat"
jobs:
validate-dco:
uses: ./.github/workflows/.dco.yml
build-dev:
runs-on: ubuntu-20.04
needs:
- validate-dco
strategy:
fail-fast: false
matrix:
mode:
- ""
- systemd
steps:
-
name: Prepare
run: |
if [ "${{ matrix.mode }}" = "systemd" ]; then
echo "SYSTEMD=true" >> $GITHUB_ENV
fi
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build dev image
uses: docker/bake-action@v4
with:
targets: dev
set: |
*.cache-from=type=gha,scope=dev${{ matrix.mode }}
*.cache-to=type=gha,scope=dev${{ matrix.mode }},mode=max
*.output=type=cacheonly
test:
needs:
- build-dev
- validate-dco
uses: ./.github/workflows/.test.yml
secrets: inherit
strategy:
fail-fast: false
matrix:
storage:
- graphdriver
- snapshotter
with:
storage: ${{ matrix.storage }}
validate-prepare:
runs-on: ubuntu-20.04
needs:
- validate-dco
outputs:
matrix: ${{ steps.scripts.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Create matrix
id: scripts
run: |
scripts=$(cd ./hack/validate && jq -nc '$ARGS.positional - ["all", "default", "dco"] | map(select(test("[.]")|not)) + ["generate-files"]' --args *)
echo "matrix=$scripts" >> $GITHUB_OUTPUT
-
name: Show matrix
run: |
echo ${{ steps.scripts.outputs.matrix }}
validate:
runs-on: ubuntu-20.04
timeout-minutes: 120
needs:
- validate-prepare
- build-dev
strategy:
fail-fast: true
matrix:
script: ${{ fromJson(needs.validate-prepare.outputs.matrix) }}
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Set up runner
uses: ./.github/actions/setup-runner
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build dev image
uses: docker/bake-action@v4
with:
targets: dev
set: |
dev.cache-from=type=gha,scope=dev
-
name: Validate
run: |
make -o build validate-${{ matrix.script }}
smoke-prepare:
runs-on: ubuntu-20.04
needs:
- validate-dco
outputs:
matrix: ${{ steps.platforms.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Create matrix
id: platforms
run: |
matrix="$(docker buildx bake binary-smoketest --print | jq -cr '.target."binary-smoketest".platforms')"
echo "matrix=$matrix" >> $GITHUB_OUTPUT
-
name: Show matrix
run: |
echo ${{ steps.platforms.outputs.matrix }}
smoke:
runs-on: ubuntu-20.04
needs:
- smoke-prepare
strategy:
fail-fast: false
matrix:
platform: ${{ fromJson(needs.smoke-prepare.outputs.matrix) }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Prepare
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Test
uses: docker/bake-action@v4
with:
targets: binary-smoketest
set: |
*.platform=${{ matrix.platform }}

View file

@ -1,62 +0,0 @@
name: validate-pr
on:
pull_request:
types: [opened, edited, labeled, unlabeled]
jobs:
check-area-label:
runs-on: ubuntu-20.04
steps:
- name: Missing `area/` label
if: contains(join(github.event.pull_request.labels.*.name, ','), 'impact/') && !contains(join(github.event.pull_request.labels.*.name, ','), 'area/')
run: |
echo "::error::Every PR with an 'impact/*' label should also have an 'area/*' label"
exit 1
- name: OK
run: exit 0
check-changelog:
if: contains(join(github.event.pull_request.labels.*.name, ','), 'impact/')
runs-on: ubuntu-20.04
env:
PR_BODY: |
${{ github.event.pull_request.body }}
steps:
- name: Check changelog description
run: |
# Extract the `markdown changelog` note code block
block=$(echo -n "$PR_BODY" | tr -d '\r' | awk '/^```markdown changelog$/{flag=1;next}/^```$/{flag=0}flag')
# Strip empty lines
desc=$(echo "$block" | awk NF)
if [ -z "$desc" ]; then
echo "::error::Changelog section is empty. Please provide a description for the changelog."
exit 1
fi
len=$(echo -n "$desc" | wc -c)
if [[ $len -le 6 ]]; then
echo "::error::Description looks too short: $desc"
exit 1
fi
echo "This PR will be included in the release notes with the following note:"
echo "$desc"
check-pr-branch:
runs-on: ubuntu-20.04
env:
PR_TITLE: ${{ github.event.pull_request.title }}
steps:
# Backports or PR that target a release branch directly should mention the target branch in the title, for example:
# [X.Y backport] Some change that needs backporting to X.Y
# [X.Y] Change directly targeting the X.Y branch
- name: Get branch from PR title
id: title_branch
run: echo "$PR_TITLE" | sed -n 's/^\[\([0-9]*\.[0-9]*\)[^]]*\].*/branch=\1/p' >> $GITHUB_OUTPUT
- name: Check release branch
if: github.event.pull_request.base.ref != steps.title_branch.outputs.branch && !(github.event.pull_request.base.ref == 'master' && steps.title_branch.outputs.branch == '')
run: echo "::error::PR title suggests targetting the ${{ steps.title_branch.outputs.branch }} branch, but is opened against ${{ github.event.pull_request.base.ref }}" && exit 1

View file

@ -1,33 +0,0 @@
name: windows-2019
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
schedule:
- cron: '0 10 * * *'
workflow_dispatch:
jobs:
validate-dco:
uses: ./.github/workflows/.dco.yml
test-prepare:
uses: ./.github/workflows/.test-prepare.yml
needs:
- validate-dco
run:
needs:
- test-prepare
uses: ./.github/workflows/.windows.yml
secrets: inherit
strategy:
fail-fast: false
matrix:
storage: ${{ fromJson(needs.test-prepare.outputs.matrix) }}
with:
os: windows-2019
storage: ${{ matrix.storage }}
send_coverage: false

View file

@ -1,36 +0,0 @@
name: windows-2022
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
push:
branches:
- 'master'
- '[0-9]+.[0-9]+'
pull_request:
jobs:
validate-dco:
uses: ./.github/workflows/.dco.yml
test-prepare:
uses: ./.github/workflows/.test-prepare.yml
needs:
- validate-dco
run:
needs:
- test-prepare
uses: ./.github/workflows/.windows.yml
secrets: inherit
strategy:
fail-fast: false
matrix:
storage: ${{ fromJson(needs.test-prepare.outputs.matrix) }}
with:
os: windows-2022
storage: ${{ matrix.storage }}
send_coverage: true

49
.gitignore vendored
View file

@ -1,28 +1,33 @@
# If you want to ignore files created by your editor/tools, please consider a
# [global .gitignore](https://help.github.com/articles/ignoring-files).
*~
*.bak
# Docker project generated files to ignore
# if you want to ignore files created by your editor/tools,
# please consider a global .gitignore https://help.github.com/articles/ignoring-files
*.exe
*.exe~
*.orig
*.test
.*.swp
.DS_Store
thumbs.db
# local repository customization
.envrc
# a .bashrc may be added to customize the build environment
.bashrc
.editorconfig
# build artifacts
.gopath/
.go-pkg-cache/
autogen/
bundles/
cli/winresources/*/*.syso
cli/winresources/*/winres.json
contrib/builder/rpm/*/changelog
# ci artifacts
*.exe
*.gz
go-test-report.json
junit-report.xml
profile.out
test.main
cmd/dockerd/dockerd
cmd/docker/docker
dockerversion/version_autogen.go
dockerversion/version_autogen_unix.go
docs/AWS_S3_BUCKET
docs/GITCOMMIT
docs/GIT_BRANCH
docs/VERSION
docs/_build
docs/_static
docs/_templates
docs/changed-files
# generated by man/md2man-all.sh
man/man1
man/man5
man/man8
vendor/pkg/

View file

@ -1,137 +0,0 @@
linters:
enable:
- depguard
- dupword # Checks for duplicate words in the source code.
- goimports
- gosec
- gosimple
- govet
- importas
- ineffassign
- misspell
- revive
- staticcheck
- typecheck
- unconvert
- unused
disable:
- errcheck
run:
concurrency: 2
modules-download-mode: vendor
skip-dirs:
- docs
linters-settings:
dupword:
ignore:
- "true" # some tests use this as expected output
- "false" # some tests use this as expected output
- "root" # for tests using "ls" output with files owned by "root:root"
importas:
# Do not allow unaliased imports of aliased packages.
no-unaliased: true
alias:
# Enforce alias to prevent it accidentally being used instead of our
# own errdefs package (or vice-versa).
- pkg: github.com/containerd/containerd/errdefs
alias: cerrdefs
- pkg: github.com/opencontainers/image-spec/specs-go/v1
alias: ocispec
govet:
check-shadowing: false
depguard:
rules:
main:
deny:
- pkg: io/ioutil
desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil
- pkg: "github.com/stretchr/testify/assert"
desc: Use "gotest.tools/v3/assert" instead
- pkg: "github.com/stretchr/testify/require"
desc: Use "gotest.tools/v3/assert" instead
- pkg: "github.com/stretchr/testify/suite"
desc: Do not use
revive:
rules:
# FIXME make sure all packages have a description. Currently, there's many packages without.
- name: package-comments
disabled: true
issues:
# The default exclusion rules are a bit too permissive, so copying the relevant ones below
exclude-use-default: false
exclude-rules:
# We prefer to use an "exclude-list" so that new "default" exclusions are not
# automatically inherited. We can decide whether or not to follow upstream
# defaults when updating golang-ci-lint versions.
# Unfortunately, this means we have to copy the whole exclusion pattern, as
# (unlike the "include" option), the "exclude" option does not take exclusion
# ID's.
#
# These exclusion patterns are copied from the default excluses at:
# https://github.com/golangci/golangci-lint/blob/v1.46.2/pkg/config/issues.go#L10-L104
# EXC0001
- text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked"
linters:
- errcheck
# EXC0006
- text: "Use of unsafe calls should be audited"
linters:
- gosec
# EXC0007
- text: "Subprocess launch(ed with variable|ing should be audited)"
linters:
- gosec
# EXC0008
# TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec)
- text: "(G104|G307)"
linters:
- gosec
# EXC0009
- text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
linters:
- gosec
# EXC0010
- text: "Potential file inclusion via variable"
linters:
- gosec
# Looks like the match in "EXC0007" above doesn't catch this one
# TODO: consider upstreaming this to golangci-lint's default exclusion rules
- text: "G204: Subprocess launched with a potential tainted input or cmd arguments"
linters:
- gosec
# Looks like the match in "EXC0009" above doesn't catch this one
# TODO: consider upstreaming this to golangci-lint's default exclusion rules
- text: "G306: Expect WriteFile permissions to be 0600 or less"
linters:
- gosec
# Exclude some linters from running on tests files.
- path: _test\.go
linters:
- errcheck
- gosec
# Suppress golint complaining about generated types in api/types/
- text: "type name will be used as (container|volume)\\.(Container|Volume).* by other packages, and that stutters; consider calling this"
path: "api/types/(volume|container)/"
linters:
- revive
# FIXME temporarily suppress these (see https://github.com/gotestyourself/gotest.tools/issues/272)
- text: "SA1019: (assert|cmp|is)\\.ErrorType is deprecated"
linters:
- staticcheck
# Maximum issues count per one linter. Set to 0 to disable. Default is 50.
max-issues-per-linter: 0
# Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
max-same-issues: 0

1010
.mailmap

File diff suppressed because it is too large Load diff

1130
AUTHORS

File diff suppressed because it is too large Load diff

3357
CHANGELOG.md Normal file

File diff suppressed because it is too large Load diff

View file

@ -1,14 +1,14 @@
# Contribute to the Moby Project
# Contributing to Docker
Want to hack on the Moby Project? Awesome! We have a contributor's guide that explains
[setting up a development environment and the contribution
process](docs/contributing/).
Want to hack on Docker? Awesome! We have a contributor's guide that explains
[setting up a Docker development environment and the contribution
process](https://docs.docker.com/opensource/project/who-written-for/).
[![Contributors guide](docs/static_files/contributors.png)](https://docs.docker.com/opensource/project/who-written-for/)
This page contains information about reporting issues as well as some tips and
guidelines useful to experienced open source contributors. Finally, make sure
you read our [community guidelines](#moby-community-guidelines) before you
you read our [community guidelines](#docker-community-guidelines) before you
start participating.
## Topics
@ -17,20 +17,20 @@ start participating.
* [Design and Cleanup Proposals](#design-and-cleanup-proposals)
* [Reporting Issues](#reporting-other-issues)
* [Quick Contribution Tips and Guidelines](#quick-contribution-tips-and-guidelines)
* [Community Guidelines](#moby-community-guidelines)
* [Community Guidelines](#docker-community-guidelines)
## Reporting security issues
The Moby maintainers take security seriously. If you discover a security
The Docker maintainers take security seriously. If you discover a security
issue, please bring it to their attention right away!
Please **DO NOT** file a public issue, instead send your report privately to
[security@docker.com](mailto:security@docker.com).
Security reports are greatly appreciated and we will publicly thank you for it,
although we keep your name confidential if you request it. We also like to send
gifts&mdash;if you're into schwag, make sure to let us know. We currently do not
offer a paid security bounty program, but are not ruling it out in the future.
Security reports are greatly appreciated and we will publicly thank you for it.
We also like to send gifts&mdash;if you're into Docker schwag, make sure to let
us know. We currently do not offer a paid security bounty program, but are not
ruling it out in the future.
## Reporting other issues
@ -39,7 +39,7 @@ A great way to contribute to the project is to send a detailed report when you
encounter an issue. We always appreciate a well-written, thorough bug report,
and will thank you for it!
Check that [our issue database](https://github.com/moby/moby/issues)
Check that [our issue database](https://github.com/docker/docker/issues)
doesn't already include that problem or suggestion before submitting an issue.
If you find a match, you can use the "subscribe" button to get notified on
updates. Do *not* leave random "+1" or "I have this too" comments, as they
@ -66,13 +66,13 @@ This section gives the experienced contributor some tips and guidelines.
Not sure if that typo is worth a pull request? Found a bug and know how to fix
it? Do it! We will appreciate it. Any significant improvement should be
documented as [a GitHub issue](https://github.com/moby/moby/issues) before
documented as [a GitHub issue](https://github.com/docker/docker/issues) before
anybody starts working on it.
We are always thrilled to receive pull requests. We do our best to process them
quickly. If your pull request is not accepted on the first try,
don't get discouraged! Our contributor's guide explains [the review process we
use for simple changes](https://docs.docker.com/contribute/overview/).
use for simple changes](https://docs.docker.com/opensource/workflow/make-a-contribution/).
### Design and cleanup proposals
@ -83,7 +83,11 @@ contributions, see [the advanced contribution
section](https://docs.docker.com/opensource/workflow/advanced-contributing/) in
the contributors guide.
### Connect with other Moby Project contributors
We try hard to keep Docker lean and focused. Docker can't do everything for
everybody. This means that we might decide against incorporating a new feature.
However, there might be a way to implement that feature *on top of* Docker.
### Talking to other Docker users and contributors
<table class="tg">
<col width="45%">
@ -92,28 +96,52 @@ the contributors guide.
<td>Forums</td>
<td>
A public forum for users to discuss questions and explore current design patterns and
best practices about all the Moby projects. To participate, log in with your Github
account or create an account at <a href="https://forums.mobyproject.org" target="_blank">https://forums.mobyproject.org</a>.
best practices about Docker and related projects in the Docker Ecosystem. To participate,
just log in with your Docker Hub account on <a href="https://forums.docker.com" target="_blank">https://forums.docker.com</a>.
</td>
</tr>
<tr>
<td>Slack</td>
<td>Internet&nbsp;Relay&nbsp;Chat&nbsp;(IRC)</td>
<td>
<p>
Register for the Docker Community Slack at
<a href="https://dockr.ly/comm-slack" target="_blank">https://dockr.ly/comm-slack</a>.
We use the #moby-project channel for general discussion, and there are separate channels for other Moby projects such as #containerd.
IRC a direct line to our most knowledgeable Docker users; we have
both the <code>#docker</code> and <code>#docker-dev</code> group on
<strong>irc.freenode.net</strong>.
IRC is a rich chat protocol but it can overwhelm new users. You can search
<a href="https://botbot.me/freenode/docker/#" target="_blank">our chat archives</a>.
</p>
<p>
Read our <a href="https://docs.docker.com/opensource/get-help/#irc-quickstart" target="_blank">IRC quickstart guide</a>
for an easy way to get started.
</p>
</td>
</tr>
<tr>
<td>Google Group</td>
<td>
The <a href="https://groups.google.com/forum/#!forum/docker-dev" target="_blank">docker-dev</a>
group is for contributors and other people contributing to the Docker project.
You can join them without a google account by sending an email to
<a href="mailto:docker-dev+subscribe@googlegroups.com">docker-dev+subscribe@googlegroups.com</a>.
After receiving the join-request message, you can simply reply to that to confirm the subscription.
</td>
</tr>
<tr>
<td>Twitter</td>
<td>
You can follow <a href="https://twitter.com/moby/" target="_blank">Moby Project Twitter feed</a>
You can follow <a href="https://twitter.com/docker/" target="_blank">Docker's Twitter feed</a>
to get updates on our products. You can also tweet us questions or just
share blogs or stories.
</td>
</tr>
<tr>
<td>Stack Overflow</td>
<td>
Stack Overflow has over 17000 Docker questions listed. We regularly
monitor <a href="https://stackoverflow.com/search?tab=newest&q=docker" target="_blank">Docker questions</a>
and so do many other knowledgeable Docker users.
</td>
</tr>
</table>
@ -127,11 +155,10 @@ Fork the repository and make changes on your fork in a feature branch:
your intentions, and name it XXXX-something where XXXX is the number of the
issue.
Submit tests for your changes. See [TESTING.md](./TESTING.md) for details.
If your changes need integration tests, write them against the API. The `cli`
integration tests are slowly either migrated to API tests or moved away as unit
tests in `docker/cli` and end-to-end tests for Docker.
Submit unit tests for your changes. Go has a great test framework built in; use
it! Take a look at existing tests for inspiration. [Run the full test
suite](https://docs.docker.com/opensource/project/test-and-docs/) on your branch before
submitting a pull request.
Update the documentation when creating or modifying features. Test your
documentation changes for clarity, concision, and correctness, as well as a
@ -146,64 +173,10 @@ committing your changes. Most editors have plug-ins that do this automatically.
Pull request descriptions should be as clear as possible and include a reference
to all the issues that they address.
### Successful Changes
Before contributing large or high impact changes, make the effort to coordinate
with the maintainers of the project before submitting a pull request. This
prevents you from doing extra work that may or may not be merged.
Large PRs that are just submitted without any prior communication are unlikely
to be successful.
While pull requests are the methodology for submitting changes to code, changes
are much more likely to be accepted if they are accompanied by additional
engineering work. While we don't define this explicitly, most of these goals
are accomplished through communication of the design goals and subsequent
solutions. Often times, it helps to first state the problem before presenting
solutions.
Typically, the best methods of accomplishing this are to submit an issue,
stating the problem. This issue can include a problem statement and a
checklist with requirements. If solutions are proposed, alternatives should be
listed and eliminated. Even if the criteria for elimination of a solution is
frivolous, say so.
Larger changes typically work best with design documents. These are focused on
providing context to the design at the time the feature was conceived and can
inform future documentation contributions.
### Commit Messages
Commit messages must start with a capitalized and short summary (max. 50 chars)
written in the imperative, followed by an optional, more detailed explanatory
text which is separated from the summary by an empty line.
Commit messages should follow best practices, including explaining the context
of the problem and how it was solved, including in caveats or follow up changes
required. They should tell the story of the change and provide readers
understanding of what led to it.
If you're lost about what this even means, please see [How to Write a Git
Commit Message](http://chris.beams.io/posts/git-commit/) for a start.
In practice, the best approach to maintaining a nice commit message is to
leverage a `git add -p` and `git commit --amend` to formulate a solid
changeset. This allows one to piece together a change, as information becomes
available.
If you squash a series of commits, don't just submit that. Re-write the commit
message, as if the series of commits was a single stroke of brilliance.
That said, there is no requirement to have a single commit for a PR, as long as
each commit tells the story. For example, if there is a feature that requires a
package, it might make sense to have the package in a separate commit then have
a subsequent commit that uses it.
Remember, you're telling part of the story with the commit message. Don't make
your chapter weird.
### Review
Code review comments may be added to your pull request. Discuss, then make the
suggested modifications and push additional commits to your feature branch. Post
a comment after pushing. New commits show up in the pull request automatically,
@ -224,9 +197,10 @@ calling it in another file constitute a single logical unit of work. The very
high majority of submissions should have a single commit, so if in doubt: squash
down to one.
After every commit, [make sure the test suite passes](./TESTING.md). Include
documentation changes in the same pull request so that a revert would remove
all traces of the feature or fix.
After every commit, [make sure the test suite passes]
(https://docs.docker.com/opensource/project/test-and-docs/). Include documentation
changes in the same pull request so that a revert would remove all traces of
the feature or fix.
Include an issue reference like `Closes #XXXX` or `Fixes #XXXX` in commits that
close an issue. Including references automatically closes the issue on a merge.
@ -238,11 +212,15 @@ Please see the [Coding Style](#coding-style) for further guidelines.
### Merge approval
Moby maintainers use LGTM (Looks Good To Me) in comments on the code review to
indicate acceptance, or use the Github review approval feature.
Docker maintainers use LGTM (Looks Good To Me) in comments on the code review to
indicate acceptance.
For an explanation of the review and approval process see the
[REVIEWING](project/REVIEWING.md) page.
A change requires LGTMs from an absolute majority of the maintainers of each
component affected. For example, if a change affects `docs/` and `registry/`, it
needs an absolute majority from the maintainers of `docs/` AND, separately, an
absolute majority of the maintainers of `registry/`.
For more details, see the [MAINTAINERS](MAINTAINERS) page.
### Sign your work
@ -302,16 +280,17 @@ commit automatically with `git commit -s`.
### How can I become a maintainer?
The procedures for adding new maintainers are explained in the
[/project/GOVERNANCE.md](/project/GOVERNANCE.md)
file in this repository.
global [MAINTAINERS](https://github.com/docker/opensource/blob/master/MAINTAINERS)
file in the [https://github.com/docker/opensource/](https://github.com/docker/opensource/)
repository.
Don't forget: being a maintainer is a time investment. Make sure you
will have time to make yourself available. You don't have to be a
maintainer to make a difference on the project!
## Moby community guidelines
## Docker community guidelines
We want to keep the Moby community awesome, growing and collaborative. We need
We want to keep the Docker community awesome, growing and collaborative. We need
your help to keep it that way. To help with this we've come up with some general
guidelines for the community as a whole:
@ -339,11 +318,6 @@ guidelines for the community as a whole:
used to ping maintainers to review a pull request, a proposal or an
issue.
The open source governance for this repository is handled via the [Moby Technical Steering Committee (TSC)](https://github.com/moby/tsc)
charter. For any concerns with the community process regarding technical contributions,
please contact the TSC. More information on project governance is available in
our [project/GOVERNANCE.md](/project/GOVERNANCE.md) document.
### Guideline violations — 3 strikes method
The point of this section is not to find opportunities to punish people, but we
@ -422,6 +396,6 @@ The rules:
guidelines. Since you've read all the rules, you now know that.
If you are having trouble getting into the mood of idiomatic Go, we recommend
reading through [Effective Go](https://go.dev/doc/effective_go). The
[Go Blog](https://go.dev/blog/) is also a great resource. Drinking the
reading through [Effective Go](https://golang.org/doc/effective_go.html). The
[Go Blog](https://blog.golang.org) is also a great resource. Drinking the
kool-aid is a lot easier than going thirsty.

View file

@ -1,671 +1,246 @@
# syntax=docker/dockerfile:1.7
ARG GO_VERSION=1.21.9
ARG BASE_DEBIAN_DISTRO="bookworm"
ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
ARG XX_VERSION=1.4.0
ARG VPNKIT_VERSION=0.5.0
ARG DOCKERCLI_REPOSITORY="https://github.com/docker/cli.git"
ARG DOCKERCLI_VERSION=v26.0.0
# cli version used for integration-cli tests
ARG DOCKERCLI_INTEGRATION_REPOSITORY="https://github.com/docker/cli.git"
ARG DOCKERCLI_INTEGRATION_VERSION=v17.06.2-ce
ARG BUILDX_VERSION=0.13.1
ARG COMPOSE_VERSION=v2.25.0
ARG SYSTEMD="false"
ARG DOCKER_STATIC=1
# REGISTRY_VERSION specifies the version of the registry to download from
# https://hub.docker.com/r/distribution/distribution. This version of
# the registry is used to test schema 2 manifests. Generally, the version
# specified here should match a current release.
ARG REGISTRY_VERSION=2.8.3
# delve is currently only supported on linux/amd64 and linux/arm64;
# https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6
ARG DELVE_SUPPORTED=${TARGETPLATFORM#linux/amd64} DELVE_SUPPORTED=${DELVE_SUPPORTED#linux/arm64}
ARG DELVE_SUPPORTED=${DELVE_SUPPORTED:+"unsupported"}
ARG DELVE_SUPPORTED=${DELVE_SUPPORTED:-"supported"}
# cross compilation helper
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
# dummy stage to make sure the image is built for deps that don't support some
# architectures
FROM --platform=$BUILDPLATFORM busybox AS build-dummy
RUN mkdir -p /build
FROM scratch AS binary-dummy
COPY --from=build-dummy /build /build
# base
FROM --platform=$BUILDPLATFORM ${GOLANG_IMAGE} AS base
COPY --from=xx / /
RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
RUN apt-get update && apt-get install --no-install-recommends -y file
ENV GO111MODULE=off
ENV GOTOOLCHAIN=local
FROM base AS criu
ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc
RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \
echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_12/ /' > /etc/apt/sources.list.d/criu.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends criu \
&& install -D /usr/sbin/criu /build/criu \
&& /build/criu --version
# registry
FROM base AS registry-src
WORKDIR /usr/src/registry
RUN git init . && git remote add origin "https://github.com/distribution/distribution.git"
FROM base AS registry
WORKDIR /go/src/github.com/docker/distribution
# REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and
# install from the https://github.com/docker/distribution repository. This is
# an older (pre v2.3.0) version of the registry that only supports schema1
# manifests. This version of the registry is not working on arm64, so installation
# is skipped on that architecture.
ARG REGISTRY_VERSION_SCHEMA1=v2.1.0
ARG TARGETPLATFORM
RUN --mount=from=registry-src,src=/usr/src/registry,rw \
--mount=type=cache,target=/root/.cache/go-build,id=registry-build-$TARGETPLATFORM \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=tmpfs,target=/go/src <<EOT
set -ex
export GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"
# Make the /build directory no matter what so that it doesn't fail on arm64 or
# any other platform where we don't build this registry
mkdir /build
case $TARGETPLATFORM in
linux/amd64|linux/arm/v7|linux/ppc64le|linux/s390x)
git fetch -q --depth 1 origin "${REGISTRY_VERSION_SCHEMA1}" +refs/tags/*:refs/tags/*
git checkout -q FETCH_HEAD
CGO_ENABLED=0 xx-go build -o /build/registry-v2-schema1 -v ./cmd/registry
xx-verify /build/registry-v2-schema1
;;
esac
EOT
FROM distribution/distribution:$REGISTRY_VERSION AS registry-v2
RUN mkdir /build && mv /bin/registry /build/registry-v2
# go-swagger
FROM base AS swagger-src
WORKDIR /usr/src/swagger
# Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix
# TODO: move to under moby/ or fix upstream go-swagger to work for us.
RUN git init . && git remote add origin "https://github.com/kolyshkin/go-swagger.git"
# GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and
# install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen
ARG GO_SWAGGER_COMMIT=c56166c036004ba7a3a321e5951ba472b9ae298c
RUN git fetch -q --depth 1 origin "${GO_SWAGGER_COMMIT}" && git checkout -q FETCH_HEAD
FROM base AS swagger
WORKDIR /go/src/github.com/go-swagger/go-swagger
ARG TARGETPLATFORM
RUN --mount=from=swagger-src,src=/usr/src/swagger,rw \
--mount=type=cache,target=/root/.cache/go-build,id=swagger-build-$TARGETPLATFORM \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=tmpfs,target=/go/src/ <<EOT
set -e
xx-go build -o /build/swagger ./cmd/swagger
xx-verify /build/swagger
EOT
# frozen-images
# See also frozenImages in "testutil/environment/protect.go" (which needs to
# be updated when adding images to this list)
FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images
RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
curl \
jq
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
COPY contrib/download-frozen-image-v2.sh /
ARG TARGETARCH
ARG TARGETVARIANT
RUN /download-frozen-image-v2.sh /build \
busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
debian:bookworm-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 \
hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
# delve
FROM base AS delve-src
WORKDIR /usr/src/delve
RUN git init . && git remote add origin "https://github.com/go-delve/delve.git"
# DELVE_VERSION specifies the version of the Delve debugger binary
# from the https://github.com/go-delve/delve repository.
# It can be used to run Docker with a possibility of
# attaching debugger to it.
ARG DELVE_VERSION=v1.21.1
RUN git fetch -q --depth 1 origin "${DELVE_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS delve-supported
WORKDIR /usr/src/delve
ARG TARGETPLATFORM
RUN --mount=from=delve-src,src=/usr/src/delve,rw \
--mount=type=cache,target=/root/.cache/go-build,id=delve-build-$TARGETPLATFORM \
--mount=type=cache,target=/go/pkg/mod <<EOT
set -e
GO111MODULE=on xx-go build -o /build/dlv ./cmd/dlv
xx-verify /build/dlv
EOT
FROM binary-dummy AS delve-unsupported
FROM delve-${DELVE_SUPPORTED} AS delve
FROM base AS tomll
# GOTOML_VERSION specifies the version of the tomll binary to build and install
# from the https://github.com/pelletier/go-toml repository. This binary is used
# in CI in the hack/validate/toml script.
# This file describes the standard way to build Docker, using docker
#
# When updating this version, consider updating the github.com/pelletier/go-toml
# dependency in vendor.mod accordingly.
ARG GOTOML_VERSION=v1.8.1
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
GOBIN=/build/ GO111MODULE=on go install "github.com/pelletier/go-toml/cmd/tomll@${GOTOML_VERSION}" \
&& /build/tomll --help
FROM base AS gowinres
# GOWINRES_VERSION defines go-winres tool version
ARG GOWINRES_VERSION=v0.3.1
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
GOBIN=/build/ GO111MODULE=on go install "github.com/tc-hib/go-winres@${GOWINRES_VERSION}" \
&& /build/go-winres --help
# containerd
FROM base AS containerd-src
WORKDIR /usr/src/containerd
RUN git init . && git remote add origin "https://github.com/containerd/containerd.git"
# CONTAINERD_VERSION is used to build containerd binaries, and used for the
# integration tests. The distributed docker .deb and .rpm packages depend on a
# separate (containerd.io) package, which may be a different version as is
# specified here. The containerd golang package is also pinned in vendor.mod.
# When updating the binary version you may also need to update the vendor
# version to pick up bug fixes or new APIs, however, usually the Go packages
# are built from a commit from the master branch.
ARG CONTAINERD_VERSION=v1.7.15
RUN git fetch -q --depth 1 origin "${CONTAINERD_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS containerd-build
WORKDIR /go/src/github.com/containerd/containerd
ARG TARGETPLATFORM
RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \
apt-get update && xx-apt-get install -y --no-install-recommends \
gcc \
libbtrfs-dev \
libsecret-1-dev \
pkg-config
ARG DOCKER_STATIC
RUN --mount=from=containerd-src,src=/usr/src/containerd,rw \
--mount=type=cache,target=/root/.cache/go-build,id=containerd-build-$TARGETPLATFORM <<EOT
set -e
export CC=$(xx-info)-gcc
export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1")
xx-go --wrap
make $([ "$DOCKER_STATIC" = "1" ] && echo "STATIC=1") binaries
xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd
xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd-shim-runc-v2
xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/ctr
mkdir /build
mv bin/containerd bin/containerd-shim-runc-v2 bin/ctr /build
EOT
FROM containerd-build AS containerd-linux
FROM binary-dummy AS containerd-windows
FROM containerd-${TARGETOS} AS containerd
FROM base AS golangci_lint
ARG GOLANGCI_LINT_VERSION=v1.55.2
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
GOBIN=/build/ GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}" \
&& /build/golangci-lint --version
FROM base AS gotestsum
ARG GOTESTSUM_VERSION=v1.8.2
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
GOBIN=/build/ GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \
&& /build/gotestsum --version
FROM base AS shfmt
ARG SHFMT_VERSION=v3.8.0
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
GOBIN=/build/ GO111MODULE=on go install "mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}" \
&& /build/shfmt --version
FROM base AS gopls
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
GOBIN=/build/ GO111MODULE=on go install "golang.org/x/tools/gopls@latest" \
&& /build/gopls version
FROM base AS dockercli
WORKDIR /go/src/github.com/docker/cli
ARG DOCKERCLI_REPOSITORY
ARG DOCKERCLI_VERSION
ARG TARGETPLATFORM
RUN --mount=source=hack/dockerfile/cli.sh,target=/download-or-build-cli.sh \
--mount=type=cache,id=dockercli-git-$TARGETPLATFORM,sharing=locked,target=./.git \
--mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM \
rm -f ./.git/*.lock \
&& /download-or-build-cli.sh ${DOCKERCLI_VERSION} ${DOCKERCLI_REPOSITORY} /build \
&& /build/docker --version
FROM base AS dockercli-integration
WORKDIR /go/src/github.com/docker/cli
ARG DOCKERCLI_INTEGRATION_REPOSITORY
ARG DOCKERCLI_INTEGRATION_VERSION
ARG TARGETPLATFORM
RUN --mount=source=hack/dockerfile/cli.sh,target=/download-or-build-cli.sh \
--mount=type=cache,id=dockercli-git-$TARGETPLATFORM,sharing=locked,target=./.git \
--mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM \
rm -f ./.git/*.lock \
&& /download-or-build-cli.sh ${DOCKERCLI_INTEGRATION_VERSION} ${DOCKERCLI_INTEGRATION_REPOSITORY} /build \
&& /build/docker --version
# runc
FROM base AS runc-src
WORKDIR /usr/src/runc
RUN git init . && git remote add origin "https://github.com/opencontainers/runc.git"
# RUNC_VERSION should match the version that is used by the containerd version
# that is used. If you need to update runc, open a pull request in the containerd
# project first, and update both after that is merged. When updating RUNC_VERSION,
# consider updating runc in vendor.mod accordingly.
ARG RUNC_VERSION=v1.1.12
RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS runc-build
WORKDIR /go/src/github.com/opencontainers/runc
ARG TARGETPLATFORM
RUN --mount=type=cache,sharing=locked,id=moby-runc-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-runc-aptcache,target=/var/cache/apt \
apt-get update && xx-apt-get install -y --no-install-recommends \
dpkg-dev \
gcc \
libc6-dev \
libseccomp-dev \
pkg-config
ARG DOCKER_STATIC
RUN --mount=from=runc-src,src=/usr/src/runc,rw \
--mount=type=cache,target=/root/.cache/go-build,id=runc-build-$TARGETPLATFORM <<EOT
set -e
xx-go --wrap
CGO_ENABLED=1 make "$([ "$DOCKER_STATIC" = "1" ] && echo "static" || echo "runc")"
xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") runc
mkdir /build
mv runc /build/
EOT
FROM runc-build AS runc-linux
FROM binary-dummy AS runc-windows
FROM runc-${TARGETOS} AS runc
# tini
FROM base AS tini-src
WORKDIR /usr/src/tini
RUN git init . && git remote add origin "https://github.com/krallin/tini.git"
# TINI_VERSION specifies the version of tini (docker-init) to build. This
# binary is used when starting containers with the `--init` option.
ARG TINI_VERSION=v0.19.0
RUN git fetch -q --depth 1 origin "${TINI_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS tini-build
WORKDIR /go/src/github.com/krallin/tini
RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends cmake
ARG TARGETPLATFORM
RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
xx-apt-get install -y --no-install-recommends \
gcc \
libc6-dev \
pkg-config
RUN --mount=from=tini-src,src=/usr/src/tini,rw \
--mount=type=cache,target=/root/.cache/go-build,id=tini-build-$TARGETPLATFORM <<EOT
set -e
CC=$(xx-info)-gcc cmake .
make tini-static
xx-verify --static tini-static
mkdir /build
mv tini-static /build/docker-init
EOT
FROM tini-build AS tini-linux
FROM binary-dummy AS tini-windows
FROM tini-${TARGETOS} AS tini
# rootlesskit
FROM base AS rootlesskit-src
WORKDIR /usr/src/rootlesskit
RUN git init . && git remote add origin "https://github.com/rootless-containers/rootlesskit.git"
# When updating, also update vendor.mod and hack/dockerfile/install/rootlesskit.installer accordingly.
ARG ROOTLESSKIT_VERSION=v2.0.2
RUN git fetch -q --depth 1 origin "${ROOTLESSKIT_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS rootlesskit-build
WORKDIR /go/src/github.com/rootless-containers/rootlesskit
ARG TARGETPLATFORM
RUN --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-rootlesskit-aptcache,target=/var/cache/apt \
apt-get update && xx-apt-get install -y --no-install-recommends \
gcc \
libc6-dev \
pkg-config
ENV GO111MODULE=on
ARG DOCKER_STATIC
RUN --mount=from=rootlesskit-src,src=/usr/src/rootlesskit,rw \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build,id=rootlesskit-build-$TARGETPLATFORM <<EOT
set -e
export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1")
xx-go build -o /build/rootlesskit -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit
xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit
xx-go build -o /build/rootlesskit-docker-proxy -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit-docker-proxy
xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit-docker-proxy
EOT
COPY --link ./contrib/dockerd-rootless.sh /build/
COPY --link ./contrib/dockerd-rootless-setuptool.sh /build/
FROM rootlesskit-build AS rootlesskit-linux
FROM binary-dummy AS rootlesskit-windows
FROM rootlesskit-${TARGETOS} AS rootlesskit
FROM base AS crun
ARG CRUN_VERSION=1.12
RUN --mount=type=cache,sharing=locked,id=moby-crun-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-crun-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
autoconf \
automake \
build-essential \
libcap-dev \
libprotobuf-c-dev \
libseccomp-dev \
libsystemd-dev \
libtool \
libudev-dev \
libyajl-dev \
python3 \
;
RUN --mount=type=tmpfs,target=/tmp/crun-build \
git clone https://github.com/containers/crun.git /tmp/crun-build && \
cd /tmp/crun-build && \
git checkout -q "${CRUN_VERSION}" && \
./autogen.sh && \
./configure --bindir=/build && \
make -j install
# vpnkit
# use dummy scratch stage to avoid build to fail for unsupported platforms
FROM scratch AS vpnkit-windows
FROM scratch AS vpnkit-linux-386
FROM scratch AS vpnkit-linux-arm
FROM scratch AS vpnkit-linux-ppc64le
FROM scratch AS vpnkit-linux-riscv64
FROM scratch AS vpnkit-linux-s390x
FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-amd64
FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-arm64
FROM vpnkit-linux-${TARGETARCH} AS vpnkit-linux
FROM vpnkit-${TARGETOS} AS vpnkit
# containerutility
FROM base AS containerutil-src
WORKDIR /usr/src/containerutil
RUN git init . && git remote add origin "https://github.com/docker-archive/windows-container-utility.git"
ARG CONTAINERUTILITY_VERSION=aa1ba87e99b68e0113bd27ec26c60b88f9d4ccd9
RUN git fetch -q --depth 1 origin "${CONTAINERUTILITY_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS containerutil-build
WORKDIR /usr/src/containerutil
ARG TARGETPLATFORM
RUN xx-apt-get install -y --no-install-recommends \
gcc \
g++ \
libc6-dev \
pkg-config
RUN --mount=from=containerutil-src,src=/usr/src/containerutil,rw \
--mount=type=cache,target=/root/.cache/go-build,id=containerutil-build-$TARGETPLATFORM <<EOT
set -e
CC="$(xx-info)-gcc" CXX="$(xx-info)-g++" make
xx-verify --static containerutility.exe
mkdir /build
mv containerutility.exe /build/
EOT
FROM binary-dummy AS containerutil-linux
FROM containerutil-build AS containerutil-windows-amd64
FROM containerutil-windows-${TARGETARCH} AS containerutil-windows
FROM containerutil-${TARGETOS} AS containerutil
FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
FROM docker/compose-bin:${COMPOSE_VERSION} as compose
FROM base AS dev-systemd-false
COPY --link --from=frozen-images /build/ /docker-frozen-images
COPY --link --from=swagger /build/ /usr/local/bin/
COPY --link --from=delve /build/ /usr/local/bin/
COPY --link --from=tomll /build/ /usr/local/bin/
COPY --link --from=gowinres /build/ /usr/local/bin/
COPY --link --from=tini /build/ /usr/local/bin/
COPY --link --from=registry /build/ /usr/local/bin/
COPY --link --from=registry-v2 /build/ /usr/local/bin/
# Skip the CRIU stage for now, as the opensuse package repository is sometimes
# unstable, and we're currently not using it in CI.
# Usage:
#
# # Assemble the full dev environment. This is slow the first time.
# docker build -t docker .
#
# # Mount your source in an interactive container for quick testing:
# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
#
# # Run the test suite:
# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
#
# # Publish a release:
# docker run --privileged \
# -e AWS_S3_BUCKET=baz \
# -e AWS_ACCESS_KEY=foo \
# -e AWS_SECRET_KEY=bar \
# -e GPG_PASSPHRASE=gloubiboulga \
# docker hack/release.sh
#
# Note: AppArmor used to mess with privileged mode, but this is no longer
# the case. Therefore, you don't have to disable it anymore.
#
# FIXME(thaJeztah): re-enable this stage when https://github.com/moby/moby/issues/38963 is resolved (see https://github.com/moby/moby/pull/38984)
# COPY --link --from=criu /build/ /usr/local/bin/
COPY --link --from=gotestsum /build/ /usr/local/bin/
COPY --link --from=golangci_lint /build/ /usr/local/bin/
COPY --link --from=shfmt /build/ /usr/local/bin/
COPY --link --from=runc /build/ /usr/local/bin/
COPY --link --from=containerd /build/ /usr/local/bin/
COPY --link --from=rootlesskit /build/ /usr/local/bin/
COPY --link --from=vpnkit / /usr/local/bin/
COPY --link --from=containerutil /build/ /usr/local/bin/
COPY --link --from=crun /build/ /usr/local/bin/
COPY --link hack/dockerfile/etc/docker/ /etc/docker/
COPY --link --from=buildx /buildx /usr/local/libexec/docker/cli-plugins/docker-buildx
COPY --link --from=compose /docker-compose /usr/libexec/docker/cli-plugins/docker-compose
ENV PATH=/usr/local/cli:$PATH
ENV TEST_CLIENT_BINARY=/usr/local/cli-integration/docker
ENV CONTAINERD_ADDRESS=/run/docker/containerd/containerd.sock
ENV CONTAINERD_NAMESPACE=moby
WORKDIR /go/src/github.com/docker/docker
FROM debian:jessie
# allow replacing httpredir or deb mirror
ARG APT_MIRROR=deb.debian.org
RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
# Add zfs ppa
RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61 \
|| apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61
RUN echo deb http://ppa.launchpad.net/zfs-native/stable/ubuntu trusty main > /etc/apt/sources.list.d/zfs.list
# Packaged dependencies
RUN apt-get update && apt-get install -y \
apparmor \
apt-utils \
aufs-tools \
automake \
bash-completion \
binutils-mingw-w64 \
bsdmainutils \
btrfs-tools \
build-essential \
clang \
cmake \
createrepo \
curl \
dpkg-sig \
gcc-mingw-w64 \
git \
iptables \
jq \
libapparmor-dev \
libcap-dev \
libltdl-dev \
libnl-3-dev \
libprotobuf-c0-dev \
libprotobuf-dev \
libsqlite3-dev \
libsystemd-journal-dev \
libtool \
mercurial \
net-tools \
pkg-config \
protobuf-compiler \
protobuf-c-compiler \
python-dev \
python-mock \
python-pip \
python-websocket \
ubuntu-zfs \
xfsprogs \
vim-common \
libzfs-dev \
tar \
zip \
--no-install-recommends \
&& pip install awscli==1.10.15
# Get lvm2 source for compiling statically
ENV LVM2_VERSION 2.02.103
RUN mkdir -p /usr/local/lvm2 \
&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
| tar -xzC /usr/local/lvm2 --strip-components=1
# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
# Compile and install lvm2
RUN cd /usr/local/lvm2 \
&& ./configure \
--build="$(gcc -print-multiarch)" \
--enable-static_link \
&& make device-mapper \
&& make install_device-mapper
# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
# Configure the container for OSX cross compilation
ENV OSX_SDK MacOSX10.11.sdk
ENV OSX_CROSS_COMMIT a9317c18a3a457ca0a657f08cc4d0d43c6cf8953
RUN set -x \
&& export OSXCROSS_PATH="/osxcross" \
&& git clone https://github.com/tpoechtrager/osxcross.git $OSXCROSS_PATH \
&& ( cd $OSXCROSS_PATH && git checkout -q $OSX_CROSS_COMMIT) \
&& curl -sSL https://s3.dockerproject.org/darwin/v2/${OSX_SDK}.tar.xz -o "${OSXCROSS_PATH}/tarballs/${OSX_SDK}.tar.xz" \
&& UNATTENDED=yes OSX_VERSION_MIN=10.6 ${OSXCROSS_PATH}/build.sh
ENV PATH /osxcross/target/bin:$PATH
# Install seccomp: the version shipped in trusty is too old
ENV SECCOMP_VERSION 2.3.1
RUN set -x \
&& export SECCOMP_PATH="$(mktemp -d)" \
&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
&& ( \
cd "$SECCOMP_PATH" \
&& ./configure --prefix=/usr/local \
&& make \
&& make install \
&& ldconfig \
) \
&& rm -rf "$SECCOMP_PATH"
# Install Go
# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
# will need updating, to avoid errors. Ping #docker-maintainers on IRC
# with a heads-up.
ENV GO_VERSION 1.7.5
RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
| tar -xzC /usr/local
ENV PATH /go/bin:/usr/local/go/bin:$PATH
ENV GOPATH /go
# Compile Go for cross compilation
ENV DOCKER_CROSSPLATFORMS \
linux/386 linux/arm \
darwin/amd64 \
freebsd/amd64 freebsd/386 freebsd/arm \
windows/amd64 windows/386 \
solaris/amd64
# Dependency for golint
ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
# Grab Go's lint tool
ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
&& go install -v github.com/golang/lint/golint
# Install CRIU for checkpoint/restore support
ENV CRIU_VERSION 2.2
RUN mkdir -p /usr/src/criu \
&& curl -sSL https://github.com/xemul/criu/archive/v${CRIU_VERSION}.tar.gz | tar -v -C /usr/src/criu/ -xz --strip-components=1 \
&& cd /usr/src/criu \
&& make \
&& make install-criu
# Install two versions of the registry. The first is an older version that
# only supports schema1 manifests. The second is a newer version that supports
# both. This allows integration-cli tests to cover push/pull with both schema1
# and schema2 manifests.
ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
&& rm -rf "$GOPATH"
# Install notary and notary-server
ENV NOTARY_VERSION v0.4.2
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
&& rm -rf "$GOPATH"
# Get the "docker-py" source so we can run their integration tests
ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
RUN git clone https://github.com/docker/docker-py.git /docker-py \
&& cd /docker-py \
&& git checkout -q $DOCKER_PY_COMMIT \
&& pip install -r test-requirements.txt
# Install yamllint for validating swagger.yaml
RUN pip install yamllint==1.5.0
# Install go-swagger for validating swagger.yaml
ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb
RUN git clone https://github.com/go-swagger/go-swagger.git /go/src/github.com/go-swagger/go-swagger \
&& (cd /go/src/github.com/go-swagger/go-swagger && git checkout -q $GO_SWAGGER_COMMIT) \
&& go install -v github.com/go-swagger/go-swagger/cmd/swagger
# Set user.email so crosbymichael's in-container merge commits go smoothly
RUN git config --global user.email 'docker-dummy@example.com'
# Add an unprivileged user to be used for tests which need it
RUN groupadd -r docker
RUN useradd --create-home --gid docker unprivilegeduser
VOLUME /var/lib/docker
VOLUME /home/unprivilegeduser/.local/share/docker
WORKDIR /go/src/github.com/docker/docker
ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
# Let us use a .bashrc file
RUN ln -sfv $PWD/.bashrc ~/.bashrc
# Add integration helps to bashrc
RUN echo "source $PWD/hack/make/.integration-test-helpers" >> /etc/bash.bashrc
# Register Docker's bash completion.
RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
buildpack-deps:jessie@sha256:25785f89240fbcdd8a74bdaf30dd5599a9523882c6dfc567f2e9ef7cf6f79db6 \
busybox:latest@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0 \
debian:jessie@sha256:f968f10b4b523737e253a97eac59b0d1420b5c19b69928d35801a6373ffe330e \
hello-world:latest@sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7
# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
# Install tomlv, vndr, runc, containerd, tini, docker-proxy
# Please edit hack/dockerfile/install-binaries.sh to update them.
COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy bindata
# Wrap all commands in the "docker-in-docker" script to allow nested containers
ENTRYPOINT ["hack/dind"]
FROM dev-systemd-false AS dev-systemd-true
RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
dbus \
dbus-user-session \
systemd \
systemd-sysv
ENTRYPOINT ["hack/dind-systemd"]
FROM dev-systemd-${SYSTEMD} AS dev-base
RUN groupadd -r docker
RUN useradd --create-home --gid docker unprivilegeduser \
&& mkdir -p /home/unprivilegeduser/.local/share/docker \
&& chown -R unprivilegeduser /home/unprivilegeduser
# Let us use a .bashrc file
RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc
# Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
RUN ldconfig
# Set dev environment as safe git directory to prevent "dubious ownership" errors
# when bind-mounting the source into the dev-container. See https://github.com/moby/moby/pull/44930
RUN git config --global --add safe.directory $GOPATH/src/github.com/docker/docker
# This should only install packages that are specifically needed for the dev environment and nothing else
# Do you really need to add another package here? Can it be done in a different build stage?
RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
apparmor \
bash-completion \
bzip2 \
inetutils-ping \
iproute2 \
iptables \
jq \
libcap2-bin \
libnet1 \
libnl-3-200 \
libprotobuf-c1 \
libyajl2 \
net-tools \
patch \
pigz \
sudo \
systemd-journal-remote \
thin-provisioning-tools \
uidmap \
vim \
vim-common \
xfsprogs \
xz-utils \
zip \
zstd
# Switch to use iptables instead of nftables (to match the CI hosts)
# TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
&& update-alternatives --set arptables /usr/sbin/arptables-legacy || true
RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
apt-get update && apt-get install --no-install-recommends -y \
gcc \
pkg-config \
dpkg-dev \
libapparmor-dev \
libseccomp-dev \
libsecret-1-dev \
libsystemd-dev \
libudev-dev \
yamllint
COPY --link --from=dockercli /build/ /usr/local/cli
COPY --link --from=dockercli-integration /build/ /usr/local/cli-integration
FROM base AS build
COPY --from=gowinres /build/ /usr/local/bin/
WORKDIR /go/src/github.com/docker/docker
ENV GO111MODULE=off
ENV CGO_ENABLED=1
RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \
apt-get update && apt-get install --no-install-recommends -y \
clang \
lld \
llvm
ARG TARGETPLATFORM
RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \
xx-apt-get install --no-install-recommends -y \
dpkg-dev \
gcc \
libapparmor-dev \
libc6-dev \
libseccomp-dev \
libsecret-1-dev \
libsystemd-dev \
libudev-dev \
pkg-config
ARG DOCKER_BUILDTAGS
ARG DOCKER_DEBUG
ARG DOCKER_GITCOMMIT=HEAD
ARG DOCKER_LDFLAGS
ARG DOCKER_STATIC
ARG VERSION
ARG PLATFORM
ARG PRODUCT
ARG DEFAULT_PRODUCT_LICENSE
ARG PACKAGER_NAME
# PREFIX overrides DEST dir in make.sh script otherwise it fails because of
# read only mount in current work dir
ENV PREFIX=/tmp
RUN <<EOT
# in bullseye arm64 target does not link with lld so configure it to use ld instead
if [ "$(xx-info arch)" = "arm64" ]; then
XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple
fi
EOT
RUN --mount=type=bind,target=.,rw \
--mount=type=tmpfs,target=cli/winresources/dockerd \
--mount=type=tmpfs,target=cli/winresources/docker-proxy \
--mount=type=cache,target=/root/.cache/go-build,id=moby-build-$TARGETPLATFORM <<EOT
set -e
target=$([ "$DOCKER_STATIC" = "1" ] && echo "binary" || echo "dynbinary")
xx-go --wrap
PKG_CONFIG=$(xx-go env PKG_CONFIG) ./hack/make.sh $target
xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/dockerd$([ "$(xx-info os)" = "windows" ] && echo ".exe")
xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/docker-proxy$([ "$(xx-info os)" = "windows" ] && echo ".exe")
mkdir /build
mv /tmp/bundles/${target}-daemon/* /build/
EOT
# usage:
# > docker buildx bake binary
# > DOCKER_STATIC=0 docker buildx bake binary
# or
# > make binary
# > make dynbinary
FROM scratch AS binary
COPY --from=build /build/ /
# usage:
# > docker buildx bake all
FROM scratch AS all
COPY --link --from=tini /build/ /
COPY --link --from=runc /build/ /
COPY --link --from=containerd /build/ /
COPY --link --from=rootlesskit /build/ /
COPY --link --from=containerutil /build/ /
COPY --link --from=vpnkit / /
COPY --link --from=build /build /
# smoke tests
# usage:
# > docker buildx bake binary-smoketest
FROM --platform=$TARGETPLATFORM base AS smoketest
WORKDIR /usr/local/bin
COPY --from=build /build .
RUN <<EOT
set -ex
file dockerd
dockerd --version
file docker-proxy
docker-proxy --version
EOT
# devcontainer is a stage used by .devcontainer/devcontainer.json
FROM dev-base AS devcontainer
COPY --link . .
COPY --link --from=gopls /build/ /usr/local/bin/
# usage:
# > make shell
# > SYSTEMD=true make shell
FROM dev-base AS dev
COPY --link . .
# Upload docker source
COPY . /go/src/github.com/docker/docker

175
Dockerfile.aarch64 Normal file
View file

@ -0,0 +1,175 @@
# This file describes the standard way to build Docker on aarch64, using docker
#
# Usage:
#
# # Assemble the full dev environment. This is slow the first time.
# docker build -t docker -f Dockerfile.aarch64 .
#
# # Mount your source in an interactive container for quick testing:
# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
#
# # Run the test suite:
# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
#
# Note: AppArmor used to mess with privileged mode, but this is no longer
# the case. Therefore, you don't have to disable it anymore.
#
FROM aarch64/ubuntu:wily
# Packaged dependencies
RUN apt-get update && apt-get install -y \
apparmor \
aufs-tools \
automake \
bash-completion \
btrfs-tools \
build-essential \
cmake \
createrepo \
curl \
dpkg-sig \
g++ \
gcc \
git \
iptables \
jq \
libapparmor-dev \
libc6-dev \
libcap-dev \
libltdl-dev \
libsqlite3-dev \
libsystemd-dev \
mercurial \
net-tools \
parallel \
pkg-config \
python-dev \
python-mock \
python-pip \
python-websocket \
gccgo \
iproute2 \
iputils-ping \
vim-common \
--no-install-recommends
# Get lvm2 source for compiling statically
ENV LVM2_VERSION 2.02.103
RUN mkdir -p /usr/local/lvm2 \
&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
| tar -xzC /usr/local/lvm2 --strip-components=1
# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
# Fix platform enablement in lvm2 to support aarch64 properly
RUN set -e \
&& for f in config.guess config.sub; do \
curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
done
# "arch.c:78:2: error: #error the arch code needs to know about your machine type"
# Compile and install lvm2
RUN cd /usr/local/lvm2 \
&& ./configure \
--build="$(gcc -print-multiarch)" \
--enable-static_link \
&& make device-mapper \
&& make install_device-mapper
# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
# Install seccomp: the version shipped in trusty is too old
ENV SECCOMP_VERSION 2.3.1
RUN set -x \
&& export SECCOMP_PATH="$(mktemp -d)" \
&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
&& ( \
cd "$SECCOMP_PATH" \
&& ./configure --prefix=/usr/local \
&& make \
&& make install \
&& ldconfig \
) \
&& rm -rf "$SECCOMP_PATH"
# Install Go
# We don't have official binary tarballs for ARM64, eigher for Go or bootstrap,
# so we use gccgo as bootstrap to build Go from source code.
# We don't use the official ARMv6 released binaries as a GOROOT_BOOTSTRAP, because
# not all ARM64 platforms support 32-bit mode. 32-bit mode is optional for ARMv8.
ENV GO_VERSION 1.7.5
RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
&& cd /usr/src/go/src \
&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
ENV PATH /usr/src/go/bin:$PATH
ENV GOPATH /go
# Only install one version of the registry, because old version which support
# schema1 manifests is not working on ARM64, we should skip integration-cli
# tests for schema1 manifests on ARM64.
ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
&& rm -rf "$GOPATH"
# Install notary and notary-server
ENV NOTARY_VERSION v0.4.2
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
&& rm -rf "$GOPATH"
# Get the "docker-py" source so we can run their integration tests
ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
RUN git clone https://github.com/docker/docker-py.git /docker-py \
&& cd /docker-py \
&& git checkout -q $DOCKER_PY_COMMIT \
&& pip install -r test-requirements.txt
# Set user.email so crosbymichael's in-container merge commits go smoothly
RUN git config --global user.email 'docker-dummy@example.com'
# Add an unprivileged user to be used for tests which need it
RUN groupadd -r docker
RUN useradd --create-home --gid docker unprivilegeduser
VOLUME /var/lib/docker
WORKDIR /go/src/github.com/docker/docker
ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
# Let us use a .bashrc file
RUN ln -sfv $PWD/.bashrc ~/.bashrc
# Register Docker's bash completion.
RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
aarch64/buildpack-deps:jessie@sha256:6aa1d6910791b7ac78265fd0798e5abd6cb3f27ae992f6f960f6c303ec9535f2 \
aarch64/busybox:latest@sha256:b23a6a37cf269dff6e46d2473b6e227afa42b037e6d23435f1d2bc40fc8c2828 \
aarch64/debian:jessie@sha256:4be74a41a7c70ebe887b634b11ffe516cf4fcd56864a54941e56bb49883c3170 \
aarch64/hello-world:latest@sha256:65a4a158587b307bb02db4de41b836addb0c35175bdc801367b1ac1ddeb9afda
# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
# Install tomlv, vndr, runc, containerd, tini, docker-proxy
# Please edit hack/dockerfile/install-binaries.sh to update them.
COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
# Wrap all commands in the "docker-in-docker" script to allow nested containers
ENTRYPOINT ["hack/dind"]
# Upload docker source
COPY . /go/src/github.com/docker/docker

182
Dockerfile.armhf Normal file
View file

@ -0,0 +1,182 @@
# This file describes the standard way to build Docker on ARMv7, using docker
#
# Usage:
#
# # Assemble the full dev environment. This is slow the first time.
# docker build -t docker -f Dockerfile.armhf .
#
# # Mount your source in an interactive container for quick testing:
# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
#
# # Run the test suite:
# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
#
# Note: AppArmor used to mess with privileged mode, but this is no longer
# the case. Therefore, you don't have to disable it anymore.
#
FROM armhf/debian:jessie
# allow replacing httpredir or deb mirror
ARG APT_MIRROR=deb.debian.org
RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
# Packaged dependencies
RUN apt-get update && apt-get install -y \
apparmor \
aufs-tools \
automake \
bash-completion \
btrfs-tools \
build-essential \
createrepo \
curl \
cmake \
dpkg-sig \
git \
iptables \
jq \
net-tools \
libapparmor-dev \
libcap-dev \
libltdl-dev \
libsqlite3-dev \
libsystemd-journal-dev \
libtool \
mercurial \
pkg-config \
python-dev \
python-mock \
python-pip \
python-websocket \
xfsprogs \
tar \
vim-common \
--no-install-recommends \
&& pip install awscli==1.10.15
# Get lvm2 source for compiling statically
ENV LVM2_VERSION 2.02.103
RUN mkdir -p /usr/local/lvm2 \
&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
| tar -xzC /usr/local/lvm2 --strip-components=1
# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
# Compile and install lvm2
RUN cd /usr/local/lvm2 \
&& ./configure \
--build="$(gcc -print-multiarch)" \
--enable-static_link \
&& make device-mapper \
&& make install_device-mapper
# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
# Install Go
ENV GO_VERSION 1.7.5
RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \
| tar -xzC /usr/local
ENV PATH /go/bin:/usr/local/go/bin:$PATH
ENV GOPATH /go
# We're building for armhf, which is ARMv7, so let's be explicit about that
ENV GOARCH arm
ENV GOARM 7
# Dependency for golint
ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
# Grab Go's lint tool
ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
&& go install -v github.com/golang/lint/golint
# Install seccomp: the version shipped in trusty is too old
ENV SECCOMP_VERSION 2.3.1
RUN set -x \
&& export SECCOMP_PATH="$(mktemp -d)" \
&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
&& ( \
cd "$SECCOMP_PATH" \
&& ./configure --prefix=/usr/local \
&& make \
&& make install \
&& ldconfig \
) \
&& rm -rf "$SECCOMP_PATH"
# Install two versions of the registry. The first is an older version that
# only supports schema1 manifests. The second is a newer version that supports
# both. This allows integration-cli tests to cover push/pull with both schema1
# and schema2 manifests.
ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
ENV REGISTRY_COMMIT cb08de17d74bef86ce6c5abe8b240e282f5750be
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
&& rm -rf "$GOPATH"
# Install notary and notary-server
ENV NOTARY_VERSION v0.4.2
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
&& rm -rf "$GOPATH"
# Get the "docker-py" source so we can run their integration tests
ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
RUN git clone https://github.com/docker/docker-py.git /docker-py \
&& cd /docker-py \
&& git checkout -q $DOCKER_PY_COMMIT \
&& pip install -r test-requirements.txt
# Set user.email so crosbymichael's in-container merge commits go smoothly
RUN git config --global user.email 'docker-dummy@example.com'
# Add an unprivileged user to be used for tests which need it
RUN groupadd -r docker
RUN useradd --create-home --gid docker unprivilegeduser
VOLUME /var/lib/docker
WORKDIR /go/src/github.com/docker/docker
ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
# Let us use a .bashrc file
RUN ln -sfv $PWD/.bashrc ~/.bashrc
# Register Docker's bash completion.
RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
armhf/buildpack-deps:jessie@sha256:ca6cce8e5bf5c952129889b5cc15cd6aa8d995d77e55e3749bbaadae50e476cb \
armhf/busybox:latest@sha256:d98a7343ac750ffe387e3d514f8521ba69846c216778919b01414b8617cfb3d4 \
armhf/debian:jessie@sha256:4a2187483f04a84f9830910fe3581d69b3c985cc045d9f01d8e2f3795b28107b \
armhf/hello-world:latest@sha256:161dcecea0225975b2ad5f768058212c1e0d39e8211098666ffa1ac74cfb7791
# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
# Install tomlv, vndr, runc, containerd, tini, docker-proxy
# Please edit hack/dockerfile/install-binaries.sh to update them.
COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
ENTRYPOINT ["hack/dind"]
# Upload docker source
COPY . /go/src/github.com/docker/docker

188
Dockerfile.ppc64le Normal file
View file

@ -0,0 +1,188 @@
# This file describes the standard way to build Docker on ppc64le, using docker
#
# Usage:
#
# # Assemble the full dev environment. This is slow the first time.
# docker build -t docker -f Dockerfile.ppc64le .
#
# # Mount your source in an interactive container for quick testing:
# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
#
# # Run the test suite:
# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
#
# Note: AppArmor used to mess with privileged mode, but this is no longer
# the case. Therefore, you don't have to disable it anymore.
#
FROM ppc64le/debian:jessie
# allow replacing httpredir or deb mirror
ARG APT_MIRROR=deb.debian.org
RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
# Packaged dependencies
RUN apt-get update && apt-get install -y \
apparmor \
aufs-tools \
automake \
bash-completion \
btrfs-tools \
build-essential \
cmake \
createrepo \
curl \
dpkg-sig \
git \
iptables \
jq \
net-tools \
libapparmor-dev \
libcap-dev \
libltdl-dev \
libsqlite3-dev \
libsystemd-journal-dev \
libtool \
mercurial \
pkg-config \
python-dev \
python-mock \
python-pip \
python-websocket \
xfsprogs \
tar \
vim-common \
--no-install-recommends
# Get lvm2 source for compiling statically
ENV LVM2_VERSION 2.02.103
RUN mkdir -p /usr/local/lvm2 \
&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
| tar -xzC /usr/local/lvm2 --strip-components=1
# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
# Fix platform enablement in lvm2 to support ppc64le properly
RUN set -e \
&& for f in config.guess config.sub; do \
curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
done
# "arch.c:78:2: error: #error the arch code needs to know about your machine type"
# Compile and install lvm2
RUN cd /usr/local/lvm2 \
&& ./configure \
--build="$(gcc -print-multiarch)" \
--enable-static_link \
&& make device-mapper \
&& make install_device-mapper
# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
# Install seccomp: the version shipped in jessie is too old
ENV SECCOMP_VERSION 2.3.1
RUN set -x \
&& export SECCOMP_PATH="$(mktemp -d)" \
&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
&& ( \
cd "$SECCOMP_PATH" \
&& ./configure --prefix=/usr/local \
&& make \
&& make install \
&& ldconfig \
) \
&& rm -rf "$SECCOMP_PATH"
# Install Go
# NOTE: official ppc64le go binaries weren't available until go 1.6.4 and 1.7.4
ENV GO_VERSION 1.7.5
RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" \
| tar -xzC /usr/local
ENV PATH /go/bin:/usr/local/go/bin:$PATH
ENV GOPATH /go
# Dependency for golint
ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
# Grab Go's lint tool
ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
&& go install -v github.com/golang/lint/golint
# Install two versions of the registry. The first is an older version that
# only supports schema1 manifests. The second is a newer version that supports
# both. This allows integration-cli tests to cover push/pull with both schema1
# and schema2 manifests.
ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
&& rm -rf "$GOPATH"
# Install notary and notary-server
ENV NOTARY_VERSION v0.4.2
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
&& rm -rf "$GOPATH"
# Get the "docker-py" source so we can run their integration tests
ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
RUN git clone https://github.com/docker/docker-py.git /docker-py \
&& cd /docker-py \
&& git checkout -q $DOCKER_PY_COMMIT \
&& pip install -r test-requirements.txt
# Set user.email so crosbymichael's in-container merge commits go smoothly
RUN git config --global user.email 'docker-dummy@example.com'
# Add an unprivileged user to be used for tests which need it
RUN groupadd -r docker
RUN useradd --create-home --gid docker unprivilegeduser
VOLUME /var/lib/docker
WORKDIR /go/src/github.com/docker/docker
ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
# Let us use a .bashrc file
RUN ln -sfv $PWD/.bashrc ~/.bashrc
# Register Docker's bash completion.
RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
ppc64le/buildpack-deps:jessie@sha256:902bfe4ef1389f94d143d64516dd50a2de75bca2e66d4a44b1d73f63ddf05dda \
ppc64le/busybox:latest@sha256:38bb82085248d5a3c24bd7a5dc146f2f2c191e189da0441f1c2ca560e3fc6f1b \
ppc64le/debian:jessie@sha256:412845f51b6ab662afba71bc7a716e20fdb9b84f185d180d4c7504f8a75c4f91 \
ppc64le/hello-world:latest@sha256:186a40a9a02ca26df0b6c8acdfb8ac2f3ae6678996a838f977e57fac9d963974
# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
# Install tomlv, vndr, runc, containerd, tini, docker-proxy
# Please edit hack/dockerfile/install-binaries.sh to update them.
COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
# Wrap all commands in the "docker-in-docker" script to allow nested containers
ENTRYPOINT ["hack/dind"]
# Upload docker source
COPY . /go/src/github.com/docker/docker

190
Dockerfile.s390x Normal file
View file

@ -0,0 +1,190 @@
# This file describes the standard way to build Docker on s390x, using docker
#
# Usage:
#
# # Assemble the full dev environment. This is slow the first time.
# docker build -t docker -f Dockerfile.s390x .
#
# # Mount your source in an interactive container for quick testing:
# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
#
# # Run the test suite:
# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
#
# Note: AppArmor used to mess with privileged mode, but this is no longer
# the case. Therefore, you don't have to disable it anymore.
#
FROM s390x/gcc:6.1
# Packaged dependencies
RUN apt-get update && apt-get install -y \
apparmor \
aufs-tools \
automake \
bash-completion \
btrfs-tools \
build-essential \
cmake \
createrepo \
curl \
dpkg-sig \
git \
iptables \
jq \
net-tools \
libapparmor-dev \
libcap-dev \
libltdl-dev \
libsqlite3-dev \
libsystemd-journal-dev \
libtool \
mercurial \
pkg-config \
python-dev \
python-mock \
python-pip \
python-websocket \
xfsprogs \
tar \
vim-common \
--no-install-recommends
# glibc in Debian has a bug specific to s390x that won't be fixed until Debian 8.6 is released
# - https://github.com/docker/docker/issues/24748
# - https://sourceware.org/git/?p=glibc.git;a=commit;h=890b7a4b33d482b5c768ab47d70758b80227e9bc
# - https://sourceware.org/git/?p=glibc.git;a=commit;h=2e807f29595eb5b1e5d0decc6e356a3562ecc58e
RUN echo 'deb http://httpredir.debian.org/debian jessie-proposed-updates main' >> /etc/apt/sources.list.d/pu.list \
&& apt-get update \
&& apt-get install -y libc6 \
&& rm -rf /var/lib/apt/lists/*
# Install seccomp: the version shipped in jessie is too old
ENV SECCOMP_VERSION 2.3.1
RUN set -x \
&& export SECCOMP_PATH="$(mktemp -d)" \
&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
&& ( \
cd "$SECCOMP_PATH" \
&& ./configure --prefix=/usr/local \
&& make \
&& make install \
&& ldconfig \
) \
&& rm -rf "$SECCOMP_PATH"
# Get lvm2 source for compiling statically
ENV LVM2_VERSION 2.02.103
RUN mkdir -p /usr/local/lvm2 \
&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
| tar -xzC /usr/local/lvm2 --strip-components=1
# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
# Fix platform enablement in lvm2 to support s390x properly
RUN set -e \
&& for f in config.guess config.sub; do \
curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
done
# "arch.c:78:2: error: #error the arch code needs to know about your machine type"
# Compile and install lvm2
RUN cd /usr/local/lvm2 \
&& ./configure \
--build="$(gcc -print-multiarch)" \
--enable-static_link \
&& make device-mapper \
&& make install_device-mapper
# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
ENV GO_VERSION 1.7.5
RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \
| tar -xzC /usr/local
ENV PATH /go/bin:/usr/local/go/bin:$PATH
ENV GOPATH /go
# Dependency for golint
ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
# Grab Go's lint tool
ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
&& go install -v github.com/golang/lint/golint
# Install two versions of the registry. The first is an older version that
# only supports schema1 manifests. The second is a newer version that supports
# both. This allows integration-cli tests to cover push/pull with both schema1
# and schema2 manifests.
ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
&& rm -rf "$GOPATH"
# Install notary and notary-server
ENV NOTARY_VERSION v0.4.2
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
&& rm -rf "$GOPATH"
# Get the "docker-py" source so we can run their integration tests
ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
RUN git clone https://github.com/docker/docker-py.git /docker-py \
&& cd /docker-py \
&& git checkout -q $DOCKER_PY_COMMIT \
&& pip install -r test-requirements.txt
# Set user.email so crosbymichael's in-container merge commits go smoothly
RUN git config --global user.email 'docker-dummy@example.com'
# Add an unprivileged user to be used for tests which need it
RUN groupadd -r docker
RUN useradd --create-home --gid docker unprivilegeduser
VOLUME /var/lib/docker
WORKDIR /go/src/github.com/docker/docker
ENV DOCKER_BUILDTAGS apparmor selinux seccomp
# Let us use a .bashrc file
RUN ln -sfv $PWD/.bashrc ~/.bashrc
# Register Docker's bash completion.
RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
s390x/buildpack-deps:jessie@sha256:4d1381224acaca6c4bfe3604de3af6972083a8558a99672cb6989c7541780099 \
s390x/busybox:latest@sha256:dd61522c983884a66ed72d60301925889028c6d2d5e0220a8fe1d9b4c6a4f01b \
s390x/debian:jessie@sha256:b74c863400909eff3c5e196cac9bfd1f6333ce47aae6a38398d87d5875da170a \
s390x/hello-world:latest@sha256:780d80b3a7677c3788c0d5cd9168281320c8d4a6d9183892d8ee5cdd610f5699
# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
# Install tomlv, vndr, runc, containerd, tini, docker-proxy
# Please edit hack/dockerfile/install-binaries.sh to update them.
COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
# Wrap all commands in the "docker-in-docker" script to allow nested containers
ENTRYPOINT ["hack/dind"]
# Upload docker source
COPY . /go/src/github.com/docker/docker

View file

@ -1,48 +1,72 @@
# docker build -t docker:simple -f Dockerfile.simple .
# docker run --rm docker:simple hack/make.sh dynbinary
# docker run --rm --privileged docker:simple hack/dind hack/make.sh test-unit
# docker run --rm --privileged -v /var/lib/docker docker:simple hack/dind hack/make.sh dynbinary test-integration
# docker run --rm --privileged -v /var/lib/docker docker:simple hack/dind hack/make.sh dynbinary test-integration-cli
# This represents the bare minimum required to build and test Docker.
ARG GO_VERSION=1.21.9
FROM debian:jessie
ARG BASE_DEBIAN_DISTRO="bookworm"
ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
FROM ${GOLANG_IMAGE}
ENV GO111MODULE=off
ENV GOTOOLCHAIN=local
# allow replacing httpredir or deb mirror
ARG APT_MIRROR=deb.debian.org
RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
# Compile and runtime deps
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
btrfs-tools \
build-essential \
curl \
cmake \
gcc \
git \
libapparmor-dev \
libseccomp-dev \
libdevmapper-dev \
libsqlite3-dev \
\
ca-certificates \
e2fsprogs \
iptables \
pkg-config \
pigz \
procps \
xfsprogs \
xz-utils \
\
aufs-tools \
vim-common \
&& rm -rf /var/lib/apt/lists/*
# Install seccomp: the version shipped in trusty is too old
ENV SECCOMP_VERSION 2.3.1
RUN set -x \
&& export SECCOMP_PATH="$(mktemp -d)" \
&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
&& ( \
cd "$SECCOMP_PATH" \
&& ./configure --prefix=/usr/local \
&& make \
&& make install \
&& ldconfig \
) \
&& rm -rf "$SECCOMP_PATH"
# Install Go
# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
# will need updating, to avoid errors. Ping #docker-maintainers on IRC
# with a heads-up.
ENV GO_VERSION 1.7.5
RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
| tar -xzC /usr/local
ENV PATH /go/bin:/usr/local/go/bin:$PATH
ENV GOPATH /go
ENV CGO_LDFLAGS -L/lib
# Install runc, containerd, tini and docker-proxy
# Please edit hack/dockerfile/install/<name>.installer to update them.
COPY hack/dockerfile/install hack/dockerfile/install
RUN for i in runc containerd tini proxy dockercli; \
do hack/dockerfile/install/install.sh $i; \
done
ENV PATH=/usr/local/cli:$PATH
# Please edit hack/dockerfile/install-binaries.sh to update them.
COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
RUN /tmp/install-binaries.sh runc containerd tini proxy
ENV AUTO_GOPATH 1
WORKDIR /usr/src/docker

20
Dockerfile.solaris Normal file
View file

@ -0,0 +1,20 @@
# Defines an image that hosts a native Docker build environment for Solaris
# TODO: Improve stub
FROM solaris:latest
# compile and runtime deps
RUN pkg install --accept \
git \
gnu-coreutils \
gnu-make \
gnu-tar \
diagnostic/top \
golang \
library/golang/* \
developer/gcc-*
ENV GOPATH /go/:/usr/lib/gocode/1.5/
ENV DOCKER_CROSSPLATFORMS solaris/amd64
WORKDIR /go/src/github.com/docker/docker
COPY . /go/src/github.com/docker/docker

View file

@ -45,8 +45,8 @@
#
# 1. Clone the sources from github.com:
#
# >> git clone https://github.com/docker/docker.git C:\gopath\src\github.com\docker\docker
# >> Cloning into 'C:\gopath\src\github.com\docker\docker'...
# >> git clone https://github.com/docker/docker.git C:\go\src\github.com\docker\docker
# >> Cloning into 'C:\go\src\github.com\docker\docker'...
# >> remote: Counting objects: 186216, done.
# >> remote: Compressing objects: 100% (21/21), done.
# >> remote: Total 186216 (delta 5), reused 0 (delta 0), pack-reused 186195
@ -59,7 +59,7 @@
#
# 2. Change directory to the cloned docker sources:
#
# >> cd C:\gopath\src\github.com\docker\docker
# >> cd C:\go\src\github.com\docker\docker
#
#
# 3. Build a docker image with the components required to build the docker binaries from source
@ -71,16 +71,15 @@
#
# 4. Build the docker executable binaries by running one of the following:
#
# >> $DOCKER_GITCOMMIT=(git rev-parse --short HEAD)
# >> docker run --name binaries -e DOCKER_GITCOMMIT=$DOCKER_GITCOMMIT nativebuildimage hack\make.ps1 -Binary
# >> docker run --name binaries -e DOCKER_GITCOMMIT=$DOCKER_GITCOMMIT -m 2GB nativebuildimage hack\make.ps1 -Binary (if using Hyper-V containers)
# >> docker run --name binaries nativebuildimage hack\make.ps1 -Binary
# >> docker run --name binaries -m 2GB nativebuildimage hack\make.ps1 -Binary (if using Hyper-V containers)
#
#
# 5. Copy the binaries out of the container, replacing HostPath with an appropriate destination
# folder on the host system where you want the binaries to be located.
#
# >> docker cp binaries:C:\gopath\src\github.com\docker\docker\bundles\docker.exe C:\HostPath\docker.exe
# >> docker cp binaries:C:\gopath\src\github.com\docker\docker\bundles\dockerd.exe C:\HostPath\dockerd.exe
# >> docker cp binaries:C:\go\src\github.com\docker\docker\bundles\docker.exe C:\HostPath\docker.exe
# >> docker cp binaries:C:\go\src\github.com\docker\docker\bundles\dockerd.exe C:\HostPath\dockerd.exe
#
#
# 6. (Optional) Remove the interim container holding the built executable binaries:
@ -99,14 +98,19 @@
# -----------------------------------------------------------------------------------------
# The validation tests can only run directly on the host. This is because they calculate
# information from the git repo, but the .git directory is not passed into the image as
# it is excluded via .dockerignore. Run the following from a Windows PowerShell prompt
# (elevation is not required): (Note Go must be installed to run these tests)
# The validation tests can either run in a container, or directly on the host. To run in a
# container, ensure you have created the nativebuildimage above. Then run one of the
# following from an (elevated) Windows PowerShell prompt:
#
# >> docker run --rm nativebuildimage hack\make.ps1 -DCO -PkgImports -GoFormat
# >> docker run --rm -m 2GB nativebuildimage hack\make.ps1 -DCO -PkgImports -GoFormat (if using Hyper-V containers)
# To run the validation tests on the host, from the root of the repository, run the
# following from a Windows PowerShell prompt (elevation is not required): (Note Go
# must be installed to run these tests)
#
# >> hack\make.ps1 -DCO -PkgImports -GoFormat
# -----------------------------------------------------------------------------------------
@ -120,7 +124,7 @@
# -----------------------------------------------------------------------------------------
# To run unit tests and binary build, ensure you have created the nativebuildimage above. Then
# To run all tests and binary build, ensure you have created the nativebuildimage above. Then
# run one of the following from an (elevated) Windows PowerShell prompt:
#
# >> docker run nativebuildimage hack\make.ps1 -All
@ -132,8 +136,8 @@
# Important notes:
# ---------------
#
# Don't attempt to use a bind mount to pass a local directory as the bundles target
# directory. It does not work (golang attempts for follow a mapped folder incorrectly).
# Don't attempt to use a bind-mount to pass a local directory as the bundles target
# directory. It does not work (golang attempts for follow a mapped folder incorrectly).
# Instead, use docker cp as per the example.
#
# go.zip is not removed from the image as it is used by the Windows CI servers
@ -147,40 +151,29 @@
# The docker integration tests do not currently run in a container on Windows, predominantly
# due to Windows not supporting privileged mode, so anything using a volume would fail.
# They (along with the rest of the docker CI suite) can be run using
# https://github.com/kevpar/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1.
# https://github.com/jhowardmsft/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1.
#
# -----------------------------------------------------------------------------------------
# The number of build steps below are explicitly minimised to improve performance.
ARG WINDOWS_BASE_IMAGE=mcr.microsoft.com/windows/servercore
ARG WINDOWS_BASE_IMAGE_TAG=ltsc2022
FROM ${WINDOWS_BASE_IMAGE}:${WINDOWS_BASE_IMAGE_TAG}
FROM microsoft/windowsservercore
# Use PowerShell as the default shell
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
ARG GO_VERSION=1.21.9
ARG GOTESTSUM_VERSION=v1.8.2
ARG GOWINRES_VERSION=v0.3.1
ARG CONTAINERD_VERSION=v1.7.15
SHELL ["powershell", "-command"]
# Environment variable notes:
# - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
# - CONTAINERD_VERSION must be consistent with 'hack/dockerfile/install/containerd.installer' used by Linux.
# - FROM_DOCKERFILE is used for detection of building within a container.
ENV GO_VERSION=${GO_VERSION} `
CONTAINERD_VERSION=${CONTAINERD_VERSION} `
GIT_VERSION=2.11.1 `
GOPATH=C:\gopath `
GO111MODULE=off `
GOTOOLCHAIN=local `
FROM_DOCKERFILE=1 `
GOTESTSUM_VERSION=${GOTESTSUM_VERSION} `
GOWINRES_VERSION=${GOWINRES_VERSION}
ENV GO_VERSION=1.7.5 `
GIT_VERSION=2.11.0 `
GOPATH=C:\go `
FROM_DOCKERFILE=1
RUN `
$ErrorActionPreference = 'Stop'; `
$ProgressPreference = 'SilentlyContinue'; `
`
Function Test-Nano() { `
$EditionId = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'EditionID').EditionId; `
return (($EditionId -eq 'ServerStandardNano') -or ($EditionId -eq 'ServerDataCenterNano') -or ($EditionId -eq 'NanoServer')); `
@ -207,36 +200,38 @@ RUN `
Throw ("Failed to download " + $source) `
}`
} else { `
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; `
$webClient = New-Object System.Net.WebClient; `
$webClient.DownloadFile($source, $target); `
} `
} `
`
setx /M PATH $('C:\git\cmd;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin;C:\containerd\bin'); `
setx /M PATH $('C:\git\bin;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin'); `
`
Write-Host INFO: Downloading git...; `
$location='https://www.nuget.org/api/v2/package/GitForWindows/'+$Env:GIT_VERSION; `
Download-File $location C:\gitsetup.zip; `
$location='https://github.com/git-for-windows/git/releases/download/v'+$env:GIT_VERSION+'.windows.1/PortableGit-'+$env:GIT_VERSION+'-64-bit.7z.exe'; `
Download-File $location C:\gitsetup.7z.exe; `
`
Write-Host INFO: Downloading go...; `
$dlGoVersion=$Env:GO_VERSION; `
Download-File "https://go.dev/dl/go${dlGoVersion}.windows-amd64.zip" C:\go.zip; `
Download-File $('https://golang.org/dl/go'+$Env:GO_VERSION+'.windows-amd64.zip') C:\go.zip; `
`
Write-Host INFO: Downloading compiler 1 of 3...; `
Download-File https://raw.githubusercontent.com/moby/docker-tdmgcc/master/gcc.zip C:\gcc.zip; `
Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/gcc.zip C:\gcc.zip; `
`
Write-Host INFO: Downloading compiler 2 of 3...; `
Download-File https://raw.githubusercontent.com/moby/docker-tdmgcc/master/runtime.zip C:\runtime.zip; `
Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/runtime.zip C:\runtime.zip; `
`
Write-Host INFO: Downloading compiler 3 of 3...; `
Download-File https://raw.githubusercontent.com/moby/docker-tdmgcc/master/binutils.zip C:\binutils.zip; `
Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/binutils.zip C:\binutils.zip; `
`
Write-Host INFO: Installing PS7Zip package...; `
Install-Package PS7Zip -Force | Out-Null; `
Write-Host INFO: Importing PS7Zip...; `
Import-Module PS7Zip -Force; `
New-Item C:\git -ItemType Directory | Out-Null ; `
cd C:\git; `
Write-Host INFO: Extracting git...; `
Expand-Archive C:\gitsetup.zip C:\git-tmp; `
New-Item -Type Directory C:\git | Out-Null; `
Move-Item C:\git-tmp\tools\* C:\git\.; `
Remove-Item -Recurse -Force C:\git-tmp; `
Expand-7Zip C:\gitsetup.7z.exe | Out-Null; `
cd C:\; `
`
Write-Host INFO: Expanding go...; `
Expand-Archive C:\go.zip -DestinationPath C:\; `
@ -252,63 +247,21 @@ RUN `
Remove-Item C:\gcc.zip; `
Remove-Item C:\runtime.zip; `
Remove-Item C:\binutils.zip; `
Remove-Item C:\gitsetup.zip; `
Remove-Item C:\gitsetup.7z.exe; `
`
Write-Host INFO: Downloading containerd; `
Install-Package -Force 7Zip4PowerShell; `
$location='https://github.com/containerd/containerd/releases/download/'+$Env:CONTAINERD_VERSION+'/containerd-'+$Env:CONTAINERD_VERSION.TrimStart('v')+'-windows-amd64.tar.gz'; `
Download-File $location C:\containerd.tar.gz; `
New-Item -Path C:\containerd -ItemType Directory; `
Expand-7Zip C:\containerd.tar.gz C:\; `
Expand-7Zip C:\containerd.tar C:\containerd; `
Remove-Item C:\containerd.tar.gz; `
Remove-Item C:\containerd.tar; `
`
# Ensure all directories exist that we will require below....
$srcDir = """$Env:GOPATH`\src\github.com\docker\docker\bundles"""; `
Write-Host INFO: Ensuring existence of directory $srcDir...; `
New-Item -Force -ItemType Directory -Path $srcDir | Out-Null; `
Write-Host INFO: Creating source directory...; `
New-Item -ItemType Directory -Path C:\go\src\github.com\docker\docker | Out-Null; `
`
Write-Host INFO: Configuring git core.autocrlf...; `
C:\git\cmd\git config --global core.autocrlf true;
RUN `
Function Install-GoTestSum() { `
$Env:GO111MODULE = 'on'; `
$tmpGobin = "${Env:GOBIN_TMP}"; `
$Env:GOBIN = """${Env:GOPATH}`\bin"""; `
Write-Host "INFO: Installing gotestsum version $Env:GOTESTSUM_VERSION in $Env:GOBIN"; `
&go install "gotest.tools/gotestsum@${Env:GOTESTSUM_VERSION}"; `
$Env:GOBIN = "${tmpGobin}"; `
$Env:GO111MODULE = 'off'; `
if ($LASTEXITCODE -ne 0) { `
Throw '"gotestsum install failed..."'; `
} `
} `
C:\git\bin\git config --global core.autocrlf true; `
`
Install-GoTestSum
RUN `
Function Install-GoWinres() { `
$Env:GO111MODULE = 'on'; `
$tmpGobin = "${Env:GOBIN_TMP}"; `
$Env:GOBIN = """${Env:GOPATH}`\bin"""; `
Write-Host "INFO: Installing go-winres version $Env:GOWINRES_VERSION in $Env:GOBIN"; `
&go install "github.com/tc-hib/go-winres@${Env:GOWINRES_VERSION}"; `
$Env:GOBIN = "${tmpGobin}"; `
$Env:GO111MODULE = 'off'; `
if ($LASTEXITCODE -ne 0) { `
Throw '"go-winres install failed..."'; `
} `
} `
`
Install-GoWinres
Write-Host INFO: Completed
# Make PowerShell the default entrypoint
ENTRYPOINT ["powershell.exe"]
# Set the working directory to the location of the sources
WORKDIR ${GOPATH}\src\github.com\docker\docker
WORKDIR C:\go\src\github.com\docker\docker
# Copy the sources into the container
COPY . .

165
Jenkinsfile vendored
View file

@ -1,165 +0,0 @@
#!groovy
pipeline {
agent none
options {
buildDiscarder(logRotator(daysToKeepStr: '30'))
timeout(time: 2, unit: 'HOURS')
timestamps()
}
parameters {
booleanParam(name: 'arm64', defaultValue: true, description: 'ARM (arm64) Build/Test')
booleanParam(name: 'dco', defaultValue: true, description: 'Run the DCO check')
}
environment {
DOCKER_BUILDKIT = '1'
DOCKER_EXPERIMENTAL = '1'
DOCKER_GRAPHDRIVER = 'overlay2'
CHECK_CONFIG_COMMIT = '33a3680e08d1007e72c3b3f1454f823d8e9948ee'
TESTDEBUG = '0'
TIMEOUT = '120m'
}
stages {
stage('pr-hack') {
when { changeRequest() }
steps {
script {
echo "Workaround for PR auto-cancel feature. Borrowed from https://issues.jenkins-ci.org/browse/JENKINS-43353"
def buildNumber = env.BUILD_NUMBER as int
if (buildNumber > 1) milestone(buildNumber - 1)
milestone(buildNumber)
}
}
}
stage('DCO-check') {
when {
beforeAgent true
expression { params.dco }
}
agent { label 'arm64 && ubuntu-2004' }
steps {
sh '''
docker run --rm \
-v "$WORKSPACE:/workspace" \
-e VALIDATE_REPO=${GIT_URL} \
-e VALIDATE_BRANCH=${CHANGE_TARGET} \
alpine sh -c 'apk add --no-cache -q bash git openssh-client && git config --system --add safe.directory /workspace && cd /workspace && hack/validate/dco'
'''
}
}
stage('Build') {
parallel {
stage('arm64') {
when {
beforeAgent true
expression { params.arm64 }
}
agent { label 'arm64 && ubuntu-2004' }
environment {
TEST_SKIP_INTEGRATION_CLI = '1'
}
stages {
stage("Print info") {
steps {
sh 'docker version'
sh 'docker info'
sh '''
echo "check-config.sh version: ${CHECK_CONFIG_COMMIT}"
curl -fsSL -o ${WORKSPACE}/check-config.sh "https://raw.githubusercontent.com/moby/moby/${CHECK_CONFIG_COMMIT}/contrib/check-config.sh" \
&& bash ${WORKSPACE}/check-config.sh || true
'''
}
}
stage("Build dev image") {
steps {
sh 'docker build --force-rm -t docker:${GIT_COMMIT} .'
}
}
stage("Unit tests") {
steps {
sh '''
sudo modprobe ip6table_filter
'''
sh '''
docker run --rm -t --privileged \
-v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
--name docker-pr$BUILD_NUMBER \
-e DOCKER_EXPERIMENTAL \
-e DOCKER_GITCOMMIT=${GIT_COMMIT} \
-e DOCKER_GRAPHDRIVER \
-e VALIDATE_REPO=${GIT_URL} \
-e VALIDATE_BRANCH=${CHANGE_TARGET} \
docker:${GIT_COMMIT} \
hack/test/unit
'''
}
post {
always {
junit testResults: 'bundles/junit-report*.xml', allowEmptyResults: true
}
}
}
stage("Integration tests") {
environment { TEST_SKIP_INTEGRATION_CLI = '1' }
steps {
sh '''
docker run --rm -t --privileged \
-v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
--name docker-pr$BUILD_NUMBER \
-e DOCKER_EXPERIMENTAL \
-e DOCKER_GITCOMMIT=${GIT_COMMIT} \
-e DOCKER_GRAPHDRIVER \
-e TESTDEBUG \
-e TEST_INTEGRATION_USE_SNAPSHOTTER \
-e TEST_SKIP_INTEGRATION_CLI \
-e TIMEOUT \
-e VALIDATE_REPO=${GIT_URL} \
-e VALIDATE_BRANCH=${CHANGE_TARGET} \
docker:${GIT_COMMIT} \
hack/make.sh \
dynbinary \
test-integration
'''
}
post {
always {
junit testResults: 'bundles/**/*-report.xml', allowEmptyResults: true
}
}
}
}
post {
always {
sh '''
echo "Ensuring container killed."
docker rm -vf docker-pr$BUILD_NUMBER || true
'''
sh '''
echo "Chowning /workspace to jenkins user"
docker run --rm -v "$WORKSPACE:/workspace" busybox chown -R "$(id -u):$(id -g)" /workspace
'''
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
sh '''
bundleName=arm64-integration
echo "Creating ${bundleName}-bundles.tar.gz"
# exclude overlay2 directories
find bundles -path '*/root/*overlay2' -prune -o -type f \\( -name '*-report.json' -o -name '*.log' -o -name '*.prof' -o -name '*-report.xml' \\) -print | xargs tar -czf ${bundleName}-bundles.tar.gz
'''
archiveArtifacts artifacts: '*-bundles.tar.gz', allowEmptyArchive: true
}
}
cleanup {
sh 'make clean'
deleteDir()
}
}
}
}
}
}
}

View file

@ -176,7 +176,7 @@
END OF TERMS AND CONDITIONS
Copyright 2013-2018 Docker, Inc.
Copyright 2013-2016 Docker, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

View file

@ -1,14 +1,12 @@
# Moby maintainers file
# Docker maintainers file
#
# This file describes the maintainer groups within the moby/moby project.
# More detail on Moby project governance is available in the
# project/GOVERNANCE.md file found in this repository.
# This file describes who runs the docker/docker project and how.
# This is a living document - if you see something out of date or missing, speak up!
#
# It is structured to be consumable by both humans and programs.
# To extract its contents programmatically, use any TOML-compliant
# parser.
#
# TODO(estesp): This file should not necessarily depend on docker/opensource
# This file is compiled into the MAINTAINERS file in docker/opensource.
#
[Org]
@ -23,34 +21,48 @@
# a subsystem, they are responsible for doing so and holding the
# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
# For each release (including minor releases), a "release captain" is assigned from the
# pool of core maintainers. Rotation is encouraged across all maintainers, to ensure
# the release process is clear and up-to-date.
people = [
"akerouanton",
"aaronlehmann",
"akihirosuda",
"aluzzardi",
"anusha",
"coolljt0725",
"corhere",
"cpuguy83",
"crazy-max",
"crosbymichael",
"dnephin",
"duglin",
"estesp",
"johnstep",
"icecrime",
"jhowardmsft",
"justincormack",
"kolyshkin",
"laurazard",
"lk4d4",
"mavenugo",
"mhbauer",
"neersighted",
"rumpl",
"mlaventure",
"mrjana",
"runcom",
"samuelkarp",
"stevvooe",
"thajeztah",
"tianon",
"tibor",
"tonistiigi",
"unclejack",
"vdemeester",
"vieux",
"vvoland",
"yongtang"
"vieux"
]
[Org."Docs maintainers"]
# TODO Describe the docs maintainers role.
people = [
"jamtur01",
"misty",
"sven",
"thajeztah"
]
[Org.Curators]
@ -66,18 +78,11 @@
# - close an issue or pull request when it's inappropriate or off-topic
people = [
"alexellis",
"aboch",
"andrewhsu",
"bsousaa",
"dmcgowan",
"fntlnz",
"gianarb",
"olljanat",
"ehazlett",
"mgoelzer",
"programmerq",
"ripcurld",
"robmry",
"sam-thibault",
"samwhited",
"thajeztah"
]
@ -88,22 +93,6 @@
# Thank you!
people = [
# Aaron Lehmann was a maintainer for swarmkit, the registry, and the engine,
# and contributed many improvements, features, and bugfixes in those areas,
# among which "automated service rollbacks", templated secrets and configs,
# and resumable image layer downloads.
"aaronlehmann",
# Harald Albers is the mastermind behind the bash completion scripts for the
# Docker CLI. The completion scripts moved to the Docker CLI repository, so
# you can now find him perform his magic in the https://github.com/docker/cli repository.
"albers",
# Andrea Luzzardi started contributing to the Docker codebase in the "dotCloud"
# era, even before it was called "Docker". He is one of the architects of both
# Swarm and SwarmKit, and its integration into the Docker engine.
"aluzzardi",
# David Calavera contributed many features to Docker, such as an improved
# event system, dynamic configuration reloading, volume plugins, fancy
# new templating options, and an external client credential store. As a
@ -113,30 +102,6 @@
# and tweets as @calavera.
"calavera",
# Michael Crosby was "chief maintainer" of the Docker project.
# During his time as a maintainer, Michael contributed to many
# milestones of the project; he was release captain of Docker v1.0.0,
# started the development of "libcontainer" (what later became runc)
# and containerd, as well as demoing cool hacks such as live migrating
# a game server container with checkpoint/restore.
#
# Michael is currently a maintainer of containerd, but you may see
# him around in other projects on GitHub.
"crosbymichael",
# Before becoming a maintainer, Daniel Nephin was a core contributor
# to "Fig" (now known as Docker Compose). As a maintainer for both the
# Engine and Docker CLI, Daniel contributed many features, among which
# the `docker stack` commands, allowing users to deploy their Docker
# Compose projects as a Swarm service.
"dnephin",
# Doug Davis contributed many features and fixes for the classic builder,
# such as "wildcard" copy, the dockerignore file, custom paths/names
# for the Dockerfile, as well as enhancements to the API and documentation.
# Follow Doug on Twitter, where he tweets as @duginabox.
"duglin",
# As a maintainer, Erik was responsible for the "builder", and
# started the first designs for the new networking model in
# Docker. Erik is now working on all kinds of plugins for Docker
@ -145,33 +110,6 @@
# still stumble into him in our issue tracker, or on IRC.
"erikh",
# Evan Hazlett is the creator of the Shipyard and Interlock open source projects,
# and the author of "Orca", which became the foundation of Docker Universal Control
# Plane (UCP). As a maintainer, Evan helped integrating SwarmKit (secrets, tasks)
# into the Docker engine.
"ehazlett",
# Arnaud Porterie (AKA "icecrime") was in charge of maintaining the maintainers.
# As a maintainer, he made life easier for contributors to the Docker open-source
# projects, bringing order in the chaos by designing a triage- and review workflow
# using labels (see https://icecrime.net/technology/a-structured-approach-to-labeling/),
# and automating the hell out of things with his buddies GordonTheTurtle and Poule
# (a chicken!).
#
# A lesser-known fact is that he created the first commit in the libnetwork repository
# even though he didn't know anything about it. Some say, he's now selling stuff on
# the internet ;-)
"icecrime",
# After a false start with his first PR being rejected, James Turnbull became a frequent
# contributor to the documentation, and became a docs maintainer on December 5, 2013. As
# a maintainer, James lifted the docs to a higher standard, and introduced the community
# guidelines ("three strikes"). James is currently changing the world as CTO of https://www.empatico.org,
# meanwhile authoring various books that are worth checking out. You can find him on Twitter,
# rambling as @kartar, and although no longer active as a maintainer, he's always "game" to
# help out reviewing docs PRs, so you may still see him around in the repository.
"jamtur01",
# Jessica Frazelle, also known as the "Keyser Söze of containers",
# runs *everything* in containers. She started contributing to
# Docker with a (fun fun) change involving both iptables and regular
@ -182,41 +120,13 @@
# containers a lot more secure). Besides being a maintainer, she
# set up the CI infrastructure for the project, giving everyone
# something to shout at if a PR failed ("noooo Janky!").
# Jess is currently working on the DCOS security team at Mesosphere,
# and contributing to various open source projects.
# Be sure you don't miss her talks at a conference near you (a must-see),
# read her blog at https://blog.jessfraz.com (a must-read), and
# check out her open source projects on GitHub https://github.com/jessfraz (a must-try).
"jessfraz",
# As a maintainer, John Howard managed to make the impossible possible;
# to run Docker on Windows. After facing many challenges, teaching
# fellow-maintainers that 'Windows is not Linux', and many changes in
# Windows Server to facilitate containers, native Windows containers
# saw the light of day in 2015.
#
# John is now enjoying life without containers: playing piano, painting,
# and walking his dogs, but you may occasionally see him drop by on GitHub.
"lowenna",
# Alexander Morozov contributed many features to Docker, worked on the premise of
# what later became containerd (and worked on that too), and made a "stupid" Go
# vendor tool specifically for docker/docker needs: vndr (https://github.com/LK4D4/vndr).
# Not many know that Alexander is a master negotiator, being able to change course
# of action with a single "Nope, we're not gonna do that".
"lk4d4",
# Madhu Venugopal was part of the SocketPlane team that joined Docker.
# As a maintainer, he was working with Jana for the Container Network
# Model (CNM) implemented through libnetwork, and the "routing mesh" powering
# Swarm mode networking.
"mavenugo",
# As a maintainer, Kenfe-Mickaël Laventure worked on the container runtime,
# integrating containerd 1.0 with the daemon, and adding support for custom
# OCI runtimes, as well as implementing the `docker prune` subcommands,
# which was a welcome feature to be added. You can keep up with Mickaél on
# Twitter (@kmlaventure).
"mlaventure",
# As a docs maintainer, Mary Anthony contributed greatly to the Docker
# docs. She wrote the Docker Contributor Guide and Getting Started
# Guides. She helped create a doc build system independent of
@ -226,30 +136,6 @@
# maryatdocker/docker-whale back in May 2015.
"moxiegirl",
# Jana Radhakrishnan was part of the SocketPlane team that joined Docker.
# As a maintainer, he was the lead architect for the Container Network
# Model (CNM) implemented through libnetwork, and the "routing mesh" powering
# Swarm mode networking.
#
# Jana started new adventures in networking, but you can find him tweeting as @mrjana,
# coding on GitHub https://github.com/mrjana, and he may be hiding on the Docker Community
# slack channel :-)
"mrjana",
# Sven Dowideit became a well known person in the Docker ecosphere, building
# boot2docker, and became a regular contributor to the project, starting as
# early as October 2013 (https://github.com/docker/docker/pull/2119), to become
# a maintainer less than two months later (https://github.com/docker/docker/pull/3061).
#
# As a maintainer, Sven took on the task to convert the documentation from
# ReStructuredText to Markdown, migrate to Hugo for generating the docs, and
# writing tooling for building, testing, and publishing them.
#
# If you're not in the occasion to visit "the Australian office", you
# can keep up with Sven on Twitter (@SvenDowideit), his blog http://fosiki.com,
# and of course on GitHub.
"sven",
# Vincent "vbatts!" Batts made his first contribution to the project
# in November 2013, to become a maintainer a few months later, on
# May 10, 2014 (https://github.com/docker/docker/commit/d6e666a87a01a5634c250358a94c814bf26cb778).
@ -284,19 +170,14 @@
Email = "aaron.lehmann@docker.com"
GitHub = "aaronlehmann"
[people.akerouanton]
Name = "Albin Kerouanton"
Email = "albinker@gmail.com"
GitHub = "akerouanton"
[people.alexellis]
Name = "Alex Ellis"
Email = "alexellis2@gmail.com"
GitHub = "alexellis"
[people.aboch]
Name = "Alessandro Boch"
Email = "aboch@docker.com"
GitHub = "aboch"
[people.akihirosuda]
Name = "Akihiro Suda"
Email = "akihiro.suda.cz@hco.ntt.co.jp"
Email = "suda.akihiro@lab.ntt.co.jp"
GitHub = "AkihiroSuda"
[people.aluzzardi]
@ -304,11 +185,6 @@
Email = "al@docker.com"
GitHub = "aluzzardi"
[people.albers]
Name = "Harald Albers"
Email = "github@albersweb.de"
GitHub = "albers"
[people.andrewhsu]
Name = "Andrew Hsu"
Email = "andrewhsu@docker.com"
@ -318,11 +194,6 @@
Name = "Anusha Ragunathan"
Email = "anusha@docker.com"
GitHub = "anusha-ragunathan"
[people.bsousaa]
Name = "Bruno de Sousa"
Email = "bruno.sousa@docker.com"
GitHub = "bsousaa"
[people.calavera]
Name = "David Calavera"
@ -334,20 +205,10 @@
Email = "leijitang@huawei.com"
GitHub = "coolljt0725"
[people.corhere]
Name = "Cory Snider"
Email = "csnider@mirantis.com"
GitHub = "corhere"
[people.cpuguy83]
Name = "Brian Goff"
Email = "cpuguy83@gmail.com"
GitHub = "cpuguy83"
[people.crazy-max]
Name = "Kevin Alvarez"
Email = "contact@crazymax.dev"
GitHub = "crazy-max"
Github = "cpuguy83"
[people.crosbymichael]
Name = "Michael Crosby"
@ -359,11 +220,6 @@
Email = "dnephin@gmail.com"
GitHub = "dnephin"
[people.dmcgowan]
Name = "Derek McGowan"
Email = "derek@mcgstyle.net"
GitHub = "dmcgowan"
[people.duglin]
Name = "Doug Davis"
Email = "dug@us.ibm.com"
@ -384,19 +240,9 @@
Email = "estesp@linux.vnet.ibm.com"
GitHub = "estesp"
[people.fntlnz]
Name = "Lorenzo Fontana"
Email = "fontanalorenz@gmail.com"
GitHub = "fntlnz"
[people.gianarb]
Name = "Gianluca Arbezzano"
Email = "ga@thumpflow.com"
GitHub = "gianarb"
[people.icecrime]
Name = "Arnaud Porterie"
Email = "icecrime@gmail.com"
Email = "arnaud@docker.com"
GitHub = "icecrime"
[people.jamtur01]
@ -404,54 +250,49 @@
Email = "james@lovedthanlost.net"
GitHub = "jamtur01"
[people.jhowardmsft]
Name = "John Howard"
Email = "jhoward@microsoft.com"
GitHub = "jhowardmsft"
[people.jessfraz]
Name = "Jessie Frazelle"
Email = "jess@linux.com"
GitHub = "jessfraz"
[people.johnstep]
Name = "John Stephens"
Email = "johnstep@docker.com"
GitHub = "johnstep"
[people.justincormack]
Name = "Justin Cormack"
Email = "justin.cormack@docker.com"
GitHub = "justincormack"
[people.kolyshkin]
Name = "Kir Kolyshkin"
Email = "kolyshkin@gmail.com"
GitHub = "kolyshkin"
[people.laurazard]
Name = "Laura Brehm"
Email = "laura.brehm@docker.com"
GitHub = "laurazard"
[people.lk4d4]
Name = "Alexander Morozov"
Email = "lk4d4@docker.com"
GitHub = "lk4d4"
[people.lowenna]
Name = "John Howard"
Email = "github@lowenna.com"
GitHub = "lowenna"
[people.mavenugo]
Name = "Madhu Venugopal"
Email = "madhu@docker.com"
GitHub = "mavenugo"
[people.mgoelzer]
Name = "Mike Goelzer"
Email = "mike.goelzer@docker.com"
GitHub = "mgoelzer"
[people.mhbauer]
Name = "Morgan Bauer"
Email = "mbauer@us.ibm.com"
GitHub = "mhbauer"
[people.misty]
Name = "Misty Stanley-Jones"
Email = "misty@docker.com"
GitHub = "mstanleyjones"
[people.mlaventure]
Name = "Kenfe-Mickaël Laventure"
Email = "mickael.laventure@gmail.com"
Email = "mickael.laventure@docker.com"
GitHub = "mlaventure"
[people.moxiegirl]
@ -464,56 +305,16 @@
Email = "mrjana@docker.com"
GitHub = "mrjana"
[people.neersighted]
Name = "Bjorn Neergaard"
Email = "bjorn@neersighted.com"
GitHub = "neersighted"
[people.olljanat]
Name = "Olli Janatuinen"
Email = "olli.janatuinen@gmail.com"
GitHub = "olljanat"
[people.programmerq]
Name = "Jeff Anderson"
Email = "jeff@docker.com"
GitHub = "programmerq"
[people.robmry]
Name = "Rob Murray"
Email = "rob.murray@docker.com"
GitHub = "robmry"
[people.ripcurld]
Name = "Boaz Shuster"
Email = "ripcurld.github@gmail.com"
GitHub = "ripcurld"
[people.rumpl]
Name = "Djordje Lukic"
Email = "djordje.lukic@docker.com"
GitHub = "rumpl"
[people.runcom]
Name = "Antonio Murdaca"
Email = "runcom@redhat.com"
GitHub = "runcom"
[people.sam-thibault]
Name = "Sam Thibault"
Email = "sam.thibault@docker.com"
GitHub = "sam-thibault"
[people.samuelkarp]
Name = "Samuel Karp"
Email = "me@samuelkarp.com"
GitHub = "samuelkarp"
[people.samwhited]
Name = "Sam Whited"
Email = "sam@samwhited.com"
GitHub = "samwhited"
[people.shykes]
Name = "Solomon Hykes"
Email = "solomon@docker.com"
@ -573,13 +374,3 @@
Name = "Vishnu Kannan"
Email = "vishnuk@google.com"
GitHub = "vishh"
[people.vvoland]
Name = "Paweł Gronowski"
Email = "pawel.gronowski@docker.com"
GitHub = "vvoland"
[people.yongtang]
Name = "Yong Tang"
Email = "yong.tang.github@outlook.com"
GitHub = "yongtang"

240
Makefile
View file

@ -1,128 +1,66 @@
.PHONY: all binary dynbinary build cross help install manpages run shell test test-docker-py test-integration test-unit validate validate-% win
DOCKER ?= docker
BUILDX ?= $(DOCKER) buildx
.PHONY: all binary build cross deb help init-go-pkg-cache install manpages rpm run shell test test-docker-py test-integration-cli test-unit tgz validate win
# set the graph driver as the current graphdriver if not set
DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info -f '{{ .Driver }}' 2>&1))
export DOCKER_GRAPHDRIVER
DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info 2>&1 | grep "Storage Driver" | sed 's/.*: //'))
DOCKER_GITCOMMIT := $(shell git rev-parse HEAD)
export DOCKER_GITCOMMIT
# allow overriding the repository and branch that validation scripts are running
# against these are used in hack/validate/.validate to check what changed in the PR.
export VALIDATE_REPO
export VALIDATE_BRANCH
export VALIDATE_ORIGIN_BRANCH
export PAGER
export GIT_PAGER
# get OS/Arch of docker engine
DOCKER_OSARCH := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKER_ENGINE_OSARCH:-$$DOCKER_CLIENT_OSARCH}')
DOCKERFILE := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKERFILE}')
# env vars passed through directly to Docker's build scripts
# to allow things like `make KEEPBUNDLE=1 binary` easily
# `project/PACKAGERS.md` have some limited documentation of some of these
#
# DOCKER_LDFLAGS can be used to pass additional parameters to -ldflags
# option of "go build". For example, a built-in graphdriver priority list
# can be changed during build time like this:
#
# make DOCKER_LDFLAGS="-X github.com/docker/docker/daemon/graphdriver.priority=overlay2,zfs" dynbinary
#
DOCKER_ENVS := \
-e BUILD_APT_MIRROR \
-e BUILDFLAGS \
-e KEEPBUNDLE \
-e DOCKER_BUILD_ARGS \
-e DOCKER_BUILD_GOGC \
-e DOCKER_BUILD_OPTS \
-e DOCKER_BUILD_PKGS \
-e DOCKER_BUILDKIT \
-e DOCKER_BASH_COMPLETION_PATH \
-e DOCKER_CLI_PATH \
-e DOCKERCLI_VERSION \
-e DOCKERCLI_REPOSITORY \
-e DOCKERCLI_INTEGRATION_VERSION \
-e DOCKERCLI_INTEGRATION_REPOSITORY \
-e DOCKER_DEBUG \
-e DOCKER_EXPERIMENTAL \
-e DOCKER_GITCOMMIT \
-e DOCKER_GRAPHDRIVER \
-e DOCKER_LDFLAGS \
-e DOCKER_GRAPHDRIVER=$(DOCKER_GRAPHDRIVER) \
-e DOCKER_INCREMENTAL_BINARY \
-e DOCKER_PORT \
-e DOCKER_REMAP_ROOT \
-e DOCKER_ROOTLESS \
-e DOCKER_STORAGE_OPTS \
-e DOCKER_TEST_HOST \
-e DOCKER_USERLANDPROXY \
-e DOCKERD_ARGS \
-e DELVE_PORT \
-e GITHUB_ACTIONS \
-e TEST_FORCE_VALIDATE \
-e TEST_INTEGRATION_DIR \
-e TEST_INTEGRATION_USE_SNAPSHOTTER \
-e TEST_INTEGRATION_FAIL_FAST \
-e TEST_SKIP_INTEGRATION \
-e TEST_SKIP_INTEGRATION_CLI \
-e TEST_IGNORE_CGROUP_CHECK \
-e TESTCOVERAGE \
-e TESTDEBUG \
-e TESTDIRS \
-e TESTFLAGS \
-e TESTFLAGS_INTEGRATION \
-e TESTFLAGS_INTEGRATION_CLI \
-e TEST_FILTER \
-e TIMEOUT \
-e VALIDATE_REPO \
-e VALIDATE_BRANCH \
-e VALIDATE_ORIGIN_BRANCH \
-e VERSION \
-e PLATFORM \
-e DEFAULT_PRODUCT_LICENSE \
-e PRODUCT \
-e PACKAGER_NAME \
-e PAGER \
-e GIT_PAGER \
-e OTEL_EXPORTER_OTLP_ENDPOINT \
-e OTEL_EXPORTER_OTLP_PROTOCOL \
-e OTEL_SERVICE_NAME
-e HTTP_PROXY \
-e HTTPS_PROXY \
-e NO_PROXY \
-e http_proxy \
-e https_proxy \
-e no_proxy
# note: we _cannot_ add "-e DOCKER_BUILDTAGS" here because even if it's unset in the shell, that would shadow the "ENV DOCKER_BUILDTAGS" set in our Dockerfile, which is very important for our official builds
# to allow `make BIND_DIR=. shell` or `make BIND_DIR= test`
# (default to no bind mount if DOCKER_HOST is set)
# note: BINDDIR is supported for backwards-compatibility here
BIND_DIR := $(if $(BINDDIR),$(BINDDIR),$(if $(DOCKER_HOST),,bundles))
# DOCKER_MOUNT can be overriden, but use at your own risk!
ifndef DOCKER_MOUNT
DOCKER_MOUNT := $(if $(BIND_DIR),-v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/docker/docker/$(BIND_DIR)")
DOCKER_MOUNT := $(if $(DOCKER_BINDDIR_MOUNT_OPTS),$(DOCKER_MOUNT):$(DOCKER_BINDDIR_MOUNT_OPTS),$(DOCKER_MOUNT))
# This allows the test suite to be able to run without worrying about the underlying fs used by the container running the daemon (e.g. aufs-on-aufs), so long as the host running the container is running a supported fs.
# The volume will be cleaned up when the container is removed due to `--rm`.
# Note that `BIND_DIR` will already be set to `bundles` if `DOCKER_HOST` is not set (see above BIND_DIR line), in such case this will do nothing since `DOCKER_MOUNT` will already be set.
DOCKER_MOUNT := $(if $(DOCKER_MOUNT),$(DOCKER_MOUNT),-v /go/src/github.com/docker/docker/bundles) -v "$(CURDIR)/.git:/go/src/github.com/docker/docker/.git"
DOCKER_MOUNT := $(if $(DOCKER_MOUNT),$(DOCKER_MOUNT),-v /go/src/github.com/docker/docker/bundles)
DOCKER_MOUNT_CACHE := -v docker-dev-cache:/root/.cache -v docker-mod-cache:/go/pkg/mod/
DOCKER_MOUNT_CLI := $(if $(DOCKER_CLI_PATH),-v $(shell dirname $(DOCKER_CLI_PATH)):/usr/local/cli,)
DOCKER_MOUNT_BASH_COMPLETION := $(if $(DOCKER_BASH_COMPLETION_PATH),-v $(shell dirname $(DOCKER_BASH_COMPLETION_PATH)):/usr/local/completion/bash,)
DOCKER_MOUNT := $(DOCKER_MOUNT) $(DOCKER_MOUNT_CACHE) $(DOCKER_MOUNT_CLI) $(DOCKER_MOUNT_BASH_COMPLETION)
endif # ifndef DOCKER_MOUNT
# enable .go-pkg-cache if DOCKER_INCREMENTAL_BINARY and DOCKER_MOUNT (i.e.DOCKER_HOST) are set
PKGCACHE_DIR := $(if $(PKGCACHE_DIR),$(PKGCACHE_DIR),.go-pkg-cache)
PKGCACHE_MAP := gopath:/go/pkg goroot-linux_amd64_netgo:/usr/local/go/pkg/linux_amd64_netgo
DOCKER_MOUNT := $(if $(DOCKER_INCREMENTAL_BINARY),$(DOCKER_MOUNT) $(shell echo $(PKGCACHE_MAP) | sed -E 's@([^ ]*)@-v "$(CURDIR)/$(PKGCACHE_DIR)/\1"@g'),$(DOCKER_MOUNT))
# This allows to set the docker-dev container name
DOCKER_CONTAINER_NAME := $(if $(CONTAINER_NAME),--name $(CONTAINER_NAME),)
DOCKER_IMAGE := docker-dev
GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g")
DOCKER_IMAGE := docker-dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
DOCKER_PORT_FORWARD := $(if $(DOCKER_PORT),-p "$(DOCKER_PORT)",)
DELVE_PORT_FORWARD := $(if $(DELVE_PORT),-p "$(DELVE_PORT)",)
DOCKER_FLAGS := $(DOCKER) run --rm --privileged $(DOCKER_CONTAINER_NAME) $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD) $(DELVE_PORT_FORWARD)
SWAGGER_DOCS_PORT ?= 9000
define \n
endef
DOCKER_FLAGS := docker run --rm -i --privileged $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD)
BUILD_APT_MIRROR := $(if $(DOCKER_BUILD_APT_MIRROR),--build-arg APT_MIRROR=$(DOCKER_BUILD_APT_MIRROR))
export BUILD_APT_MIRROR
# if this session isn't interactive, then we don't want to allocate a
# TTY, which would fail, but if it is interactive, we do want to attach
@ -132,109 +70,76 @@ ifeq ($(INTERACTIVE), 1)
DOCKER_FLAGS += -t
endif
# on GitHub Runners input device is not a TTY but we allocate a pseudo-one,
# otherwise keep STDIN open even if not attached if not a GitHub Runner.
ifeq ($(GITHUB_ACTIONS),true)
DOCKER_FLAGS += -t
else
DOCKER_FLAGS += -i
endif
DOCKER_RUN_DOCKER := $(DOCKER_FLAGS) "$(DOCKER_IMAGE)"
DOCKER_BUILD_ARGS += --build-arg=GO_VERSION
DOCKER_BUILD_ARGS += --build-arg=DOCKERCLI_VERSION
DOCKER_BUILD_ARGS += --build-arg=DOCKERCLI_REPOSITORY
DOCKER_BUILD_ARGS += --build-arg=DOCKERCLI_INTEGRATION_VERSION
DOCKER_BUILD_ARGS += --build-arg=DOCKERCLI_INTEGRATION_REPOSITORY
ifdef DOCKER_SYSTEMD
DOCKER_BUILD_ARGS += --build-arg=SYSTEMD=true
endif
BUILD_OPTS := ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS}
BUILD_CMD := $(BUILDX) build
BAKE_CMD := $(BUILDX) bake
default: binary
all: build ## validate all checks, build linux binaries, run all tests,\ncross build non-linux binaries, and generate archives
all: build ## validate all checks, build linux binaries, run all tests\ncross build non-linux binaries and generate archives
$(DOCKER_RUN_DOCKER) bash -c 'hack/validate/default && hack/make.sh'
binary: bundles ## build statically linked linux binaries
$(BAKE_CMD) binary
binary: build ## build the linux binaries
$(DOCKER_RUN_DOCKER) hack/make.sh binary
dynbinary: bundles ## build dynamically linked linux binaries
$(BAKE_CMD) dynbinary
cross: bundles ## cross build the binaries
$(BAKE_CMD) binary-cross
build: bundles init-go-pkg-cache
docker build ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} -t "$(DOCKER_IMAGE)" -f "$(DOCKERFILE)" .
bundles:
mkdir bundles
.PHONY: clean
clean: clean-cache
cross: build ## cross build the binaries for darwin, freebsd and\nwindows
$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross
deb: build ## build the deb packages
$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-deb
.PHONY: clean-cache
clean-cache: ## remove the docker volumes that are used for caching in the dev-container
docker volume rm -f docker-dev-cache docker-mod-cache
help: ## this help
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z0-9_-]+:.*?## / {gsub("\\\\n",sprintf("\n%22c",""), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
init-go-pkg-cache:
mkdir -p $(shell echo $(PKGCACHE_MAP) | sed -E 's@([^: ]*):[^ ]*@$(PKGCACHE_DIR)/\1@g')
install: ## install the linux binaries
KEEPBUNDLE=1 hack/make.sh install-binary
manpages: ## Generate man pages from go source and markdown
docker build -t docker-manpage-dev -f "man/$(DOCKERFILE)" ./man
docker run --rm \
-v $(PWD):/go/src/github.com/docker/docker/ \
docker-manpage-dev
rpm: build ## build the rpm packages
$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-rpm
run: build ## run the docker daemon in a container
$(DOCKER_RUN_DOCKER) sh -c "KEEPBUNDLE=1 hack/make.sh install-binary run"
.PHONY: build
ifeq ($(BIND_DIR), .)
build: shell_target := --target=dev-base
else
build: shell_target := --target=dev
endif
build: bundles
$(BUILD_CMD) $(BUILD_OPTS) $(shell_target) --load -t "$(DOCKER_IMAGE)" .
shell: build ## start a shell inside the build env
shell: build ## start a shell inside the build env
$(DOCKER_RUN_DOCKER) bash
test: build test-unit ## run the unit, integration and docker-py tests
$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-integration test-docker-py
yaml-docs-gen: build ## generate documentation YAML files consumed by docs repo
$(DOCKER_RUN_DOCKER) sh -c 'hack/make.sh yaml-docs-generator && ( root=$$(pwd); cd bundles/latest/yaml-docs-generator; mkdir docs; ./yaml-docs-generator --root $${root} --target $$(pwd)/docs )'
test: build ## run the unit, integration and docker-py tests
$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary cross test-unit test-integration-cli test-docker-py
test-docker-py: build ## run the docker-py tests
$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-docker-py
test-integration-cli: test-integration ## (DEPRECATED) use test-integration
ifneq ($(and $(TEST_SKIP_INTEGRATION),$(TEST_SKIP_INTEGRATION_CLI)),)
test-integration:
@echo Both integrations suites skipped per environment variables
else
test-integration: build ## run the integration tests
$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-integration
endif
test-integration-flaky: build ## run the stress test for all new integration tests
$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-integration-flaky
test-integration-cli: build ## run the integration tests
$(DOCKER_RUN_DOCKER) hack/make.sh build-integration-test-binary dynbinary test-integration-cli
test-unit: build ## run the unit tests
$(DOCKER_RUN_DOCKER) hack/test/unit
$(DOCKER_RUN_DOCKER) hack/make.sh test-unit
tgz: build ## build the archives (.zip on windows and .tgz\notherwise) containing the binaries
$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross tgz
validate: build ## validate DCO, Seccomp profile generation, gofmt,\n./pkg/ isolation, golint, tests, tomls, go vet and vendor
$(DOCKER_RUN_DOCKER) hack/validate/all
validate-generate-files:
$(BUILD_CMD) --target "validate" \
--output "type=cacheonly" \
--file "./hack/dockerfiles/generate-files.Dockerfile" .
validate-%: build ## validate specific check
$(DOCKER_RUN_DOCKER) hack/validate/$*
win: bundles ## cross build the binary for windows
$(BAKE_CMD) --set *.platform=windows/amd64 binary
win: build ## cross build the binary for windows
$(DOCKER_RUN_DOCKER) hack/make.sh win
.PHONY: swagger-gen
swagger-gen:
@ -243,24 +148,3 @@ swagger-gen:
--entrypoint hack/generate-swagger-api.sh \
-e GOPATH=/go \
quay.io/goswagger/swagger:0.7.4
.PHONY: swagger-docs
swagger-docs: ## preview the API documentation
@echo "API docs preview will be running at http://localhost:$(SWAGGER_DOCS_PORT)"
@docker run --rm -v $(PWD)/api/swagger.yaml:/usr/share/nginx/html/swagger.yaml \
-e 'REDOC_OPTIONS=hide-hostname="true" lazy-rendering' \
-p $(SWAGGER_DOCS_PORT):80 \
bfirsh/redoc:1.14.0
.PHONY: generate-files
generate-files:
$(eval $@_TMP_OUT := $(shell mktemp -d -t moby-output.XXXXXXXXXX))
@if [ -z "$($@_TMP_OUT)" ]; then \
echo "Temp dir is not set"; \
exit 1; \
fi
$(BUILD_CMD) --target "update" \
--output "type=local,dest=$($@_TMP_OUT)" \
--file "./hack/dockerfiles/generate-files.Dockerfile" .
cp -R "$($@_TMP_OUT)"/. .
rm -rf "$($@_TMP_OUT)"/*

4
NOTICE
View file

@ -1,9 +1,9 @@
Docker
Copyright 2012-2017 Docker, Inc.
Copyright 2012-2016 Docker, Inc.
This product includes software developed at Docker, Inc. (https://www.docker.com).
This product contains software (https://github.com/creack/pty) developed
This product contains software (https://github.com/kr/pty) developed
by Keith Rarick, licensed under the MIT License.
The following is courtesy of our legal counsel:

309
README.md
View file

@ -1,48 +1,270 @@
The Moby Project
================
Docker: the container engine [![Release](https://img.shields.io/github/release/docker/docker.svg)](https://github.com/docker/docker/releases/latest)
============================
![Moby Project logo](docs/static_files/moby-project-logo.png "The Moby Project")
Docker is an open source project to pack, ship and run any application
as a lightweight container.
Moby is an open-source project created by Docker to enable and accelerate software containerization.
Docker containers are both *hardware-agnostic* and *platform-agnostic*.
This means they can run anywhere, from your laptop to the largest
cloud compute instance and everything in between - and they don't require
you to use a particular language, framework or packaging system. That
makes them great building blocks for deploying and scaling web apps,
databases, and backend services without depending on a particular stack
or provider.
It provides a "Lego set" of toolkit components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts and professionals to experiment and exchange ideas.
Components include container build tools, a container registry, orchestration tools, a runtime and more, and these can be used as building blocks in conjunction with other tools and projects.
Docker began as an open-source implementation of the deployment engine which
powered [dotCloud](http://web.archive.org/web/20130530031104/https://www.dotcloud.com/),
a popular Platform-as-a-Service. It benefits directly from the experience
accumulated over several years of large-scale operation and support of hundreds
of thousands of applications and databases.
## Principles
![Docker logo](docs/static_files/docker-logo-compressed.png "Docker")
Moby is an open project guided by strong principles, aiming to be modular, flexible and without too strong an opinion on user experience.
It is open to the community to help set its direction.
## Security Disclosure
- Modular: the project includes lots of components that have well-defined functions and APIs that work together.
- Batteries included but swappable: Moby includes enough components to build fully featured container systems, but its modular architecture ensures that most of the components can be swapped by different implementations.
- Usable security: Moby provides secure defaults without compromising usability.
- Developer focused: The APIs are intended to be functional and useful to build powerful tools.
They are not necessarily intended as end user tools but as components aimed at developers.
Documentation and UX is aimed at developers not end users.
Security is very important to us. If you have any issue regarding security,
please disclose the information responsibly by sending an email to
security@docker.com and not by creating a GitHub issue.
## Audience
## Better than VMs
The Moby Project is intended for engineers, integrators and enthusiasts looking to modify, hack, fix, experiment, invent and build systems based on containers.
It is not for people looking for a commercially supported system, but for people who want to work and learn with open source code.
A common method for distributing applications and sandboxing their
execution is to use virtual machines, or VMs. Typical VM formats are
VMware's vmdk, Oracle VirtualBox's vdi, and Amazon EC2's ami. In theory
these formats should allow every developer to automatically package
their application into a "machine" for easy distribution and deployment.
In practice, that almost never happens, for a few reasons:
## Relationship with Docker
* *Size*: VMs are very large which makes them impractical to store
and transfer.
* *Performance*: running VMs consumes significant CPU and memory,
which makes them impractical in many scenarios, for example local
development of multi-tier applications, and large-scale deployment
of cpu and memory-intensive applications on large numbers of
machines.
* *Portability*: competing VM environments don't play well with each
other. Although conversion tools do exist, they are limited and
add even more overhead.
* *Hardware-centric*: VMs were designed with machine operators in
mind, not software developers. As a result, they offer very
limited tooling for what developers need most: building, testing
and running their software. For example, VMs offer no facilities
for application versioning, monitoring, configuration, logging or
service discovery.
The components and tools in the Moby Project are initially the open source components that Docker and the community have built for the Docker Project.
New projects can be added if they fit with the community goals. Docker is committed to using Moby as the upstream for the Docker Product.
However, other projects are also encouraged to use Moby as an upstream, and to reuse the components in diverse ways, and all these uses will be treated in the same way. External maintainers and contributors are welcomed.
By contrast, Docker relies on a different sandboxing method known as
*containerization*. Unlike traditional virtualization, containerization
takes place at the kernel level. Most modern operating system kernels
now support the primitives necessary for containerization, including
Linux with [openvz](https://openvz.org),
[vserver](http://linux-vserver.org) and more recently
[lxc](https://linuxcontainers.org/), Solaris with
[zones](https://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc),
and FreeBSD with
[Jails](https://www.freebsd.org/doc/handbook/jails.html).
The Moby project is not intended as a location for support or feature requests for Docker products, but as a place for contributors to work on open source code, fix bugs, and make the code more useful.
The releases are supported by the maintainers, community and users, on a best efforts basis only, and are not intended for customers who want enterprise or commercial support; Docker EE is the appropriate product for these use cases.
Docker builds on top of these low-level primitives to offer developers a
portable format and runtime environment that solves all four problems.
Docker containers are small (and their transfer can be optimized with
layers), they have basically zero memory and cpu overhead, they are
completely portable, and are designed from the ground up with an
application-centric design.
-----
Perhaps best of all, because Docker operates at the OS level, it can still be
run inside a VM!
Legal
=====
## Plays well with others
Docker does not require you to buy into a particular programming
language, framework, packaging system, or configuration language.
Is your application a Unix process? Does it use files, tcp connections,
environment variables, standard Unix streams and command-line arguments
as inputs and outputs? Then Docker can run it.
Can your application's build be expressed as a sequence of such
commands? Then Docker can build it.
## Escape dependency hell
A common problem for developers is the difficulty of managing all
their application's dependencies in a simple and automated way.
This is usually difficult for several reasons:
* *Cross-platform dependencies*. Modern applications often depend on
a combination of system libraries and binaries, language-specific
packages, framework-specific modules, internal components
developed for another project, etc. These dependencies live in
different "worlds" and require different tools - these tools
typically don't work well with each other, requiring awkward
custom integrations.
* *Conflicting dependencies*. Different applications may depend on
different versions of the same dependency. Packaging tools handle
these situations with various degrees of ease - but they all
handle them in different and incompatible ways, which again forces
the developer to do extra work.
* *Custom dependencies*. A developer may need to prepare a custom
version of their application's dependency. Some packaging systems
can handle custom versions of a dependency, others can't - and all
of them handle it differently.
Docker solves the problem of dependency hell by giving the developer a simple
way to express *all* their application's dependencies in one place, while
streamlining the process of assembling them. If this makes you think of
[XKCD 927](https://xkcd.com/927/), don't worry. Docker doesn't
*replace* your favorite packaging systems. It simply orchestrates
their use in a simple and repeatable way. How does it do that? With
layers.
Docker defines a build as running a sequence of Unix commands, one
after the other, in the same container. Build commands modify the
contents of the container (usually by installing new files on the
filesystem), the next command modifies it some more, etc. Since each
build command inherits the result of the previous commands, the
*order* in which the commands are executed expresses *dependencies*.
Here's a typical Docker build process:
```bash
FROM ubuntu:12.04
RUN apt-get update && apt-get install -y python python-pip curl
RUN curl -sSL https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
RUN cd helloflask-master && pip install -r requirements.txt
```
Note that Docker doesn't care *how* dependencies are built - as long
as they can be built by running a Unix command in a container.
Getting started
===============
Docker can be installed either on your computer for building applications or
on servers for running them. To get started, [check out the installation
instructions in the
documentation](https://docs.docker.com/engine/installation/).
Usage examples
==============
Docker can be used to run short-lived commands, long-running daemons
(app servers, databases, etc.), interactive shell sessions, etc.
You can find a [list of real-world
examples](https://docs.docker.com/engine/examples/) in the
documentation.
Under the hood
--------------
Under the hood, Docker is built on the following components:
* The
[cgroups](https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt)
and
[namespaces](http://man7.org/linux/man-pages/man7/namespaces.7.html)
capabilities of the Linux kernel
* The [Go](https://golang.org) programming language
* The [Docker Image Specification](https://github.com/docker/docker/blob/master/image/spec/v1.md)
* The [Libcontainer Specification](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md)
Contributing to Docker [![GoDoc](https://godoc.org/github.com/docker/docker?status.svg)](https://godoc.org/github.com/docker/docker)
======================
| **Master** (Linux) | **Experimental** (Linux) | **Windows** | **FreeBSD** |
|------------------|----------------------|---------|---------|
| [![Jenkins Build Status](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master/badge/icon)](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master/) | [![Jenkins Build Status](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master%20%28experimental%29/badge/icon)](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master%20%28experimental%29/) | [![Build Status](http://jenkins.dockerproject.org/job/Docker%20Master%20(windows)/badge/icon)](http://jenkins.dockerproject.org/job/Docker%20Master%20(windows)/) | [![Build Status](http://jenkins.dockerproject.org/job/Docker%20Master%20(freebsd)/badge/icon)](http://jenkins.dockerproject.org/job/Docker%20Master%20(freebsd)/) |
Want to hack on Docker? Awesome! We have [instructions to help you get
started contributing code or documentation](https://docs.docker.com/opensource/project/who-written-for/).
These instructions are probably not perfect, please let us know if anything
feels wrong or incomplete. Better yet, submit a PR and improve them yourself.
Getting the development builds
==============================
Want to run Docker from a master build? You can download
master builds at [master.dockerproject.org](https://master.dockerproject.org).
They are updated with each commit merged into the master branch.
Don't know how to use that super cool new feature in the master build? Check
out the master docs at
[docs.master.dockerproject.org](http://docs.master.dockerproject.org).
How the project is run
======================
Docker is a very, very active project. If you want to learn more about how it is run,
or want to get more involved, the best place to start is [the project directory](https://github.com/docker/docker/tree/master/project).
We are always open to suggestions on process improvements, and are always looking for more maintainers.
### Talking to other Docker users and contributors
<table class="tg">
<col width="45%">
<col width="65%">
<tr>
<td>Internet&nbsp;Relay&nbsp;Chat&nbsp;(IRC)</td>
<td>
<p>
IRC is a direct line to our most knowledgeable Docker users; we have
both the <code>#docker</code> and <code>#docker-dev</code> group on
<strong>irc.freenode.net</strong>.
IRC is a rich chat protocol but it can overwhelm new users. You can search
<a href="https://botbot.me/freenode/docker/#" target="_blank">our chat archives</a>.
</p>
Read our <a href="https://docs.docker.com/opensource/get-help/#/irc-quickstart" target="_blank">IRC quickstart guide</a> for an easy way to get started.
</td>
</tr>
<tr>
<td>Docker Community Forums</td>
<td>
The <a href="https://forums.docker.com/c/open-source-projects/de" target="_blank">Docker Engine</a>
group is for users of the Docker Engine project.
</td>
</tr>
<tr>
<td>Google Groups</td>
<td>
The <a href="https://groups.google.com/forum/#!forum/docker-dev"
target="_blank">docker-dev</a> group is for contributors and other people
contributing to the Docker project. You can join this group without a
Google account by sending an email to <a
href="mailto:docker-dev+subscribe@googlegroups.com">docker-dev+subscribe@googlegroups.com</a>.
You'll receive a join-request message; simply reply to the message to
confirm your subscription.
</td>
</tr>
<tr>
<td>Twitter</td>
<td>
You can follow <a href="https://twitter.com/docker/" target="_blank">Docker's Twitter feed</a>
to get updates on our products. You can also tweet us questions or just
share blogs or stories.
</td>
</tr>
<tr>
<td>Stack Overflow</td>
<td>
Stack Overflow has over 7000 Docker questions listed. We regularly
monitor <a href="https://stackoverflow.com/search?tab=newest&q=docker" target="_blank">Docker questions</a>
and so do many other knowledgeable Docker users.
</td>
</tr>
</table>
### Legal
*Brought to you courtesy of our legal counsel. For more context,
please see the [NOTICE](https://github.com/moby/moby/blob/master/NOTICE) document in this repo.*
please see the [NOTICE](https://github.com/docker/docker/blob/master/NOTICE) document in this repo.*
Use and transfer of Moby may be subject to certain restrictions by the
Use and transfer of Docker may be subject to certain restrictions by the
United States and other governments.
It is your responsibility to ensure that your use and/or transfer does not
@ -50,8 +272,33 @@ violate applicable laws.
For more information, please see https://www.bis.doc.gov
Licensing
=========
Moby is licensed under the Apache License, Version 2.0. See
[LICENSE](https://github.com/moby/moby/blob/master/LICENSE) for the full
Docker is licensed under the Apache License, Version 2.0. See
[LICENSE](https://github.com/docker/docker/blob/master/LICENSE) for the full
license text.
Other Docker Related Projects
=============================
There are a number of projects under development that are based on Docker's
core technology. These projects expand the tooling built around the
Docker platform to broaden its application and utility.
* [Docker Registry](https://github.com/docker/distribution): Registry
server for Docker (hosting/delivery of repositories and images)
* [Docker Machine](https://github.com/docker/machine): Machine management
for a container-centric world
* [Docker Swarm](https://github.com/docker/swarm): A Docker-native clustering
system
* [Docker Compose](https://github.com/docker/compose) (formerly Fig):
Define and run multi-container apps
* [Kitematic](https://github.com/docker/kitematic): The easiest way to use
Docker on Mac and Windows
If you know of another project underway that should be listed here, please help
us keep this list up-to-date by submitting a PR.
Awesome-Docker
==============
You can find more projects, tools and articles related to Docker on the [awesome-docker list](https://github.com/veggiemonk/awesome-docker). Add your project there.

View file

@ -1,117 +1,118 @@
Moby Project Roadmap
====================
Docker Engine Roadmap
=====================
### How should I use this document?
This document provides description of items that the project decided to prioritize. This should
serve as a reference point for Moby contributors to understand where the project is going, and
help determine if a contribution could be conflicting with some longer term plans.
serve as a reference point for Docker contributors to understand where the project is going, and
help determine if a contribution could be conflicting with some longer terms plans.
The fact that a feature isn't listed here doesn't mean that a patch for it will automatically be
refused! We are always happy to receive patches for new cool features we haven't thought about,
or didn't judge to be a priority. Please however understand that such patches might take longer
for us to review.
refused (except for those mentioned as "frozen features" below)! We are always happy to receive
patches for new cool features we haven't thought about, or didn't judge priority. Please however
understand that such patches might take longer for us to review.
### How can I help?
Short term objectives are listed in
[Issues](https://github.com/moby/moby/issues?q=is%3Aopen+is%3Aissue+label%3Aroadmap). Our
Short term objectives are listed in the [wiki](https://github.com/docker/docker/wiki) and described
in [Issues](https://github.com/docker/docker/issues?q=is%3Aopen+is%3Aissue+label%3Aroadmap). Our
goal is to split down the workload in such way that anybody can jump in and help. Please comment on
issues if you want to work on it to avoid duplicating effort! Similarly, if a maintainer is already
assigned on an issue you'd like to participate in, pinging him on GitHub to offer your help is
issues if you want to take it to avoid duplicating effort! Similarly, if a maintainer is already
assigned on an issue you'd like to participate in, pinging him on IRC or GitHub to offer your help is
the best way to go.
### How can I add something to the roadmap?
The roadmap process is new to the Moby Project: we are only beginning to structure and document the
The roadmap process is new to the Docker Engine: we are only beginning to structure and document the
project objectives. Our immediate goal is to be more transparent, and work with our community to
focus our efforts on fewer prioritized topics.
We hope to offer in the near future a process allowing anyone to propose a topic to the roadmap, but
we are not quite there yet. For the time being, it is best to discuss with the maintainers on an
issue, in the Slack channel, or in person at the Moby Summits that happen every few months.
we are not quite there yet. For the time being, the BDFL remains the keeper of the roadmap, and we
won't be accepting pull requests adding or removing items from this file.
# 1. Features and refactoring
## 1.1 Runtime improvements
Over time we have accumulated a lot of functionality in the container runtime
aspect of Moby while also growing in other areas. Much of the container runtime
pieces are now duplicated work available in other, lower level components such
as [containerd](https://containerd.io).
We recently introduced [`runC`](https://runc.io) as a standalone low-level tool for container
execution. The initial goal was to integrate runC as a replacement in the Engine for the traditional
default libcontainer `execdriver`, but the Engine internals were not ready for this.
Moby currently only utilizes containerd for basic runtime state management, e.g. starting
and stopping a container, which is what the pre-containerd 1.0 daemon provided.
Now that containerd is a full-fledged container runtime which supports full
container life-cycle management, we would like to start relying more on containerd
and removing the bits in Moby which are now duplicated. This will necessitate
a significant effort to refactor and even remove large parts of Moby's codebase.
As runC continued evolving, and the OCI specification along with it, we created
[`containerd`](https://containerd.tools/), a daemon to control and monitor multiple `runC`. This is
the new target for Engine integration, as it can entirely replace the whole `execdriver`
architecture, and container monitoring along with it.
Tracking issues:
Docker Engine will rely on a long-running `containerd` companion daemon for all container execution
related operations. This could open the door in the future for Engine restarts without interrupting
running containers.
- [#38043](https://github.com/moby/moby/issues/38043) Proposal: containerd image integration
## 1.2 Plugins improvements
## 1.2 Image Builder
Docker Engine 1.7.0 introduced plugin support, initially for the use cases of volumes and networks
extensions. The plugin infrastructure was kept minimal as we were collecting use cases and real
world feedback before optimizing for any particular workflow.
Work is ongoing to integrate [BuildKit](https://github.com/moby/buildkit) into
Moby and replace the "v0" build implementation. Buildkit offers better cache
management, parallelizable build steps, and better extensibility while also
keeping builds portable, a chief tenent of Moby's builder.
In the future, we'd like plugins to become first class citizens, and encourage an ecosystem of
plugins. This implies in particular making it trivially easy to distribute plugins as containers
through any Registry instance, as well as solving the commonly heard pain points of plugins needing
to be treated as somewhat special (being active at all time, started before any other user
containers, and not as easily dismissed).
Upon completion of this effort, users will have a builder that performs better
while also being more extensible, enabling users to provide their own custom
syntax which can be either Dockerfile-like or something completely different.
## 1.3 Internal decoupling
See [buildpacks on buildkit](https://github.com/tonistiigi/buildkit-pack) as an
example of this extensibility.
A lot of work has been done in trying to decouple the Docker Engine's internals. In particular, the
API implementation has been refactored, and the Builder side of the daemon is now
[fully independent](https://github.com/docker/docker/tree/master/builder) while still residing in
the same repository.
New features for the builder and Dockerfile should be implemented first in the
BuildKit backend using an external Dockerfile implementation from the container
images. This allows everyone to test and evaluate the feature without upgrading
their daemon. New features should go to the experimental channel first, and can be
part of the `docker/dockerfile:experimental` image. From there they graduate to
`docker/dockerfile:latest` and binary releases. The Dockerfile frontend source
code is temporarily located at
[https://github.com/moby/buildkit/tree/master/frontend/dockerfile](https://github.com/moby/buildkit/tree/master/frontend/dockerfile)
with separate new features defined with go build tags.
We are exploring ways to go further with that decoupling, capitalizing on the work introduced by the
runtime renovation and plugins improvement efforts. Indeed, the combination of `containerd` support
with the concept of "special" containers opens the door for bootstrapping more Engine internals
using the same facilities.
Tracking issues:
## 1.4 Cluster capable Engine
- [#32925](https://github.com/moby/moby/issues/32925) discussion: builder future: buildkit
The community has been pushing for a more cluster capable Docker Engine, and a huge effort was spent
adding features such as multihost networking, and node discovery down at the Engine level. Yet, the
Engine is currently incapable of taking scheduling decisions alone, and continues relying on Swarm
for that.
## 1.3 Rootless Mode
We plan to complete this effort and make Engine fully cluster capable. Multiple instances of the
Docker Engine being already capable of discovering each other and establish overlay networking for
their container to communicate, the next step is for a given Engine to gain ability to dispatch work
to another node in the cluster. This will be introduced in a backward compatible way, such that a
`docker run` invocation on a particular node remains fully deterministic.
Running the daemon requires elevated privileges for many tasks. We would like to
support running the daemon as a normal, unprivileged user without requiring `suid`
binaries.
# 2 Frozen features
Tracking issues:
## 2.1 Docker exec
- [#37375](https://github.com/moby/moby/issues/37375) Proposal: allow running `dockerd` as an unprivileged user (aka rootless mode)
We won't accept patches expanding the surface of `docker exec`, which we intend to keep as a
*debugging* feature, as well as being strongly dependent on the Runtime ingredient effort.
## 1.4 Testing
## 2.2 Remote Registry Operations
Moby has many tests, both unit and integration. Moby needs more tests which can
cover the full spectrum functionality and edge cases out there.
A large amount of work is ongoing in the area of image distribution and provenance. This includes
moving to the V2 Registry API and heavily refactoring the code that powers these features. The
desired result is more secure, reliable and easier to use image distribution.
Tests in the `integration-cli` folder should also be migrated into (both in
location and style) the `integration` folder. These newer tests are simpler to
run in isolation, simpler to read, simpler to write, and more fully exercise the
API. Meanwhile tests of the docker CLI should generally live in docker/cli.
Part of the problem with this part of the code base is the lack of a stable and flexible interface.
If new features are added that access the registry without solidifying these interfaces, achieving
feature parity will continue to be elusive. While we get a handle on this situation, we are imposing
a moratorium on new code that accesses the Registry API in commands that don't already make remote
calls.
Tracking issues:
Currently, only the following commands cause interaction with a remote registry:
- [#32866](https://github.com/moby/moby/issues/32866) Replace integration-cli suite with API test suite
- push
- pull
- run
- build
- search
- login
## 1.5 Internal decoupling
A lot of work has been done in trying to decouple Moby internals. This process of creating
standalone projects with a well defined function that attract a dedicated community should continue.
As well as integrating `containerd` we would like to integrate [BuildKit](https://github.com/moby/buildkit)
as the next standalone component.
We see gRPC as the natural communication layer between decoupled components.
In addition to pushing out large components into other projects, much of the
internal code structure, and in particular the
["Daemon"](https://godoc.org/github.com/docker/docker/daemon#Daemon) object,
should be split into smaller, more manageable, and more testable components.
In the interest of stabilizing the registry access model during this ongoing work, we are not
accepting additions to other commands that will cause remote interaction with the Registry API. This
moratorium will lift when the goals of the distribution project have been met.

View file

@ -1,9 +0,0 @@
# Reporting security issues
The Moby maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
### Reporting a Vulnerability
Please **DO NOT** file a public issue, instead send your report privately to security@docker.com.
Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it. We also like to send gifts—if you're into schwag, make sure to let us know. We currently do not offer a paid security bounty program, but are not ruling it out in the future.

View file

@ -1,126 +0,0 @@
# Testing
This document contains the Moby code testing guidelines. It should answer any
questions you may have as an aspiring Moby contributor.
## Test suites
Moby has two test suites (and one legacy test suite):
* Unit tests - use standard `go test` and
[gotest.tools/assert](https://godoc.org/gotest.tools/assert) assertions. They are located in
the package they test. Unit tests should be fast and test only their own
package.
* API integration tests - use standard `go test` and
[gotest.tools/assert](https://godoc.org/gotest.tools/assert) assertions. They are located in
`./integration/<component>` directories, where `component` is: container,
image, volume, etc. These tests perform HTTP requests to an API endpoint and
check the HTTP response and daemon state after the call.
The legacy test suite `integration-cli/` is deprecated. No new tests will be
added to this suite. Any tests in this suite which require updates should be
ported to either the unit test suite or the new API integration test suite.
## Writing new tests
Most code changes will fall into one of the following categories.
### Writing tests for new features
New code should be covered by unit tests. If the code is difficult to test with
unit tests, then that is a good sign that it should be refactored to make it
easier to reuse and maintain. Consider accepting unexported interfaces instead
of structs so that fakes can be provided for dependencies.
If the new feature includes a completely new API endpoint then a new API
integration test should be added to cover the success case of that endpoint.
If the new feature does not include a completely new API endpoint consider
adding the new API fields to the existing test for that endpoint. A new
integration test should **not** be added for every new API field or API error
case. Error cases should be handled by unit tests.
### Writing tests for bug fixes
Bugs fixes should include a unit test case which exercises the bug.
A bug fix may also include new assertions in existing integration tests for the
API endpoint.
### Writing new integration tests
Note the `integration-cli` tests are deprecated; new tests will be rejected by
the CI.
Instead, implement new tests under `integration/`.
### Integration tests environment considerations
When adding new tests or modifying existing tests under `integration/`, testing
environment should be properly considered. `skip.If` from
[gotest.tools/skip](https://godoc.org/gotest.tools/skip) can be used to make the
test run conditionally. Full testing environment conditions can be found at
[environment.go](https://github.com/moby/moby/blob/6b6eeed03b963a27085ea670f40cd5ff8a61f32e/testutil/environment/environment.go)
Here is a quick example. If the test needs to interact with a docker daemon on
the same host, the following condition should be checked within the test code
```go
skip.If(t, testEnv.IsRemoteDaemon())
// your integration test code
```
If a remote daemon is detected, the test will be skipped.
## Running tests
### Unit Tests
To run the unit test suite:
```
make test-unit
```
or `hack/test/unit` from inside a `BINDDIR=. make shell` container or properly
configured environment.
The following environment variables may be used to run a subset of tests:
* `TESTDIRS` - paths to directories to be tested, defaults to `./...`
* `TESTFLAGS` - flags passed to `go test`, to run tests which match a pattern
use `TESTFLAGS="-test.run TestNameOrPrefix"`
### Integration Tests
To run the integration test suite:
```
make test-integration
```
This make target runs both the "integration" suite and the "integration-cli"
suite.
You can specify which integration test dirs to build and run by specifying
the list of dirs in the TEST_INTEGRATION_DIR environment variable.
You can also explicitly skip either suite by setting (any value) in
TEST_SKIP_INTEGRATION and/or TEST_SKIP_INTEGRATION_CLI environment variables.
Flags specific to each suite can be set in the TESTFLAGS_INTEGRATION and
TESTFLAGS_INTEGRATION_CLI environment variables.
If all you want is to specify a test filter to run, you can set the
`TEST_FILTER` environment variable. This ends up getting passed directly to `go
test -run` (or `go test -check-f`, depending on the test suite). It will also
automatically set the other above mentioned environment variables accordingly.
### Go Version
You can change a version of golang used for building stuff that is being tested
by setting `GO_VERSION` variable, for example:
```
make GO_VERSION=1.12.8 test
```

View file

@ -26,14 +26,13 @@ dependency on a package of a specific version or greater up to the next major
release, without encountering breaking changes.
## Semantic Versioning
Annotated version tags should follow [Semantic Versioning](http://semver.org) policies:
Annotated version tags should follow Schema Versioning policies.
According to http://semver.org:
"Given a version number MAJOR.MINOR.PATCH, increment the:
1. MAJOR version when you make incompatible API changes,
2. MINOR version when you add functionality in a backwards-compatible manner, and
3. PATCH version when you make backwards-compatible bug fixes.
MAJOR version when you make incompatible API changes,
MINOR version when you add functionality in a backwards-compatible manner, and
PATCH version when you make backwards-compatible bug fixes.
Additional labels for pre-release and build metadata are available as extensions
to the MAJOR.MINOR.PATCH format."

1
VERSION Normal file
View file

@ -0,0 +1 @@
17.03.0-ce-rc1

View file

@ -10,17 +10,17 @@ It consists of various components in this repository:
- `client/` The Go client used by the command-line client. It can also be used by third-party Go programs.
- `daemon/` The daemon, which serves the API.
## Swagger definition
## Swagger definition
The API is defined by the [Swagger](http://swagger.io/specification/) definition in `api/swagger.yaml`. This definition can be used to:
1. Automatically generate documentation.
2. Automatically generate the Go server and client. (A work-in-progress.)
1. To automatically generate documentation.
2. To automatically generate the Go server and client. (A work-in-progress.)
3. Provide a machine readable version of the API for introspecting what it can do, automatically generating clients for other languages, etc.
## Updating the API documentation
The API documentation is generated entirely from `api/swagger.yaml`. If you make updates to the API, edit this file to represent the change in the documentation.
The API documentation is generated entirely from `api/swagger.yaml`. If you make updates to the API, you'll need to edit this file to represent the change in the documentation.
The file is split into two main sections:
@ -29,14 +29,14 @@ The file is split into two main sections:
To make an edit, first look for the endpoint you want to edit under `paths`, then make the required edits. Endpoints may reference reusable objects with `$ref`, which can be found in the `definitions` section.
There is hopefully enough example material in the file for you to copy a similar pattern from elsewhere in the file (e.g. adding new fields or endpoints), but for the full reference, see the [Swagger specification](https://github.com/docker/docker/issues/27919).
There is hopefully enough example material in the file for you to copy a similar pattern from elsewhere in the file (e.g. adding new fields or endpoints), but for the full reference, see the [Swagger specification](https://github.com/docker/docker/issues/27919)
`swagger.yaml` is validated by `hack/validate/swagger` to ensure it is a valid Swagger definition. This is useful when making edits to ensure you are doing the right thing.
`swagger.yaml` is validated by `hack/validate/swagger` to ensure it is a valid Swagger definition. This is useful for when you are making edits to ensure you are doing the right thing.
## Viewing the API documentation
When you make edits to `swagger.yaml`, you may want to check the generated API documentation to ensure it renders correctly.
Run `make swagger-docs` and a preview will be running at `http://localhost:9000`. Some of the styling may be incorrect, but you'll be able to ensure that it is generating the correct documentation.
All the documentation generation is done in the documentation repository, [docker/docker.github.io](https://github.com/docker/docker.github.io). The Swagger definition is vendored periodically into this repository, but you can manually copy over the Swagger definition to test changes.
The production documentation is generated by vendoring `swagger.yaml` into [docker/docker.github.io](https://github.com/docker/docker.github.io).
Copy `api/swagger.yaml` in this repository to `engine/api/[VERSION_NUMBER]/swagger.yaml` in the documentation repository, overwriting what is already there. Then, run `docker-compose up` in the documentation repository and browse to [http://localhost:4000/engine/api/](http://localhost:4000/engine/api/) when it finishes rendering.

View file

@ -1,20 +1,166 @@
package api // import "github.com/docker/docker/api"
package api
import (
"encoding/json"
"encoding/pem"
"fmt"
"mime"
"os"
"path/filepath"
"sort"
"strconv"
"strings"
"github.com/Sirupsen/logrus"
"github.com/docker/docker/api/types"
"github.com/docker/docker/pkg/ioutils"
"github.com/docker/docker/pkg/system"
"github.com/docker/libtrust"
)
// Common constants for daemon and client.
const (
// DefaultVersion of the current REST API.
DefaultVersion = "1.45"
// MinSupportedAPIVersion is the minimum API version that can be supported
// by the API server, specified as "major.minor". Note that the daemon
// may be configured with a different minimum API version, as returned
// in [github.com/docker/docker/api/types.Version.MinAPIVersion].
//
// API requests for API versions lower than the configured version produce
// an error.
MinSupportedAPIVersion = "1.24"
// DefaultVersion of Current REST API
DefaultVersion string = "1.26"
// NoBaseImageSpecifier is the symbol used by the FROM
// command to specify that no base image is to be used.
NoBaseImageSpecifier = "scratch"
NoBaseImageSpecifier string = "scratch"
)
// byPortInfo is a temporary type used to sort types.Port by its fields
type byPortInfo []types.Port
func (r byPortInfo) Len() int { return len(r) }
func (r byPortInfo) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
func (r byPortInfo) Less(i, j int) bool {
if r[i].PrivatePort != r[j].PrivatePort {
return r[i].PrivatePort < r[j].PrivatePort
}
if r[i].IP != r[j].IP {
return r[i].IP < r[j].IP
}
if r[i].PublicPort != r[j].PublicPort {
return r[i].PublicPort < r[j].PublicPort
}
return r[i].Type < r[j].Type
}
// DisplayablePorts returns formatted string representing open ports of container
// e.g. "0.0.0.0:80->9090/tcp, 9988/tcp"
// it's used by command 'docker ps'
func DisplayablePorts(ports []types.Port) string {
type portGroup struct {
first uint16
last uint16
}
groupMap := make(map[string]*portGroup)
var result []string
var hostMappings []string
var groupMapKeys []string
sort.Sort(byPortInfo(ports))
for _, port := range ports {
current := port.PrivatePort
portKey := port.Type
if port.IP != "" {
if port.PublicPort != current {
hostMappings = append(hostMappings, fmt.Sprintf("%s:%d->%d/%s", port.IP, port.PublicPort, port.PrivatePort, port.Type))
continue
}
portKey = fmt.Sprintf("%s/%s", port.IP, port.Type)
}
group := groupMap[portKey]
if group == nil {
groupMap[portKey] = &portGroup{first: current, last: current}
// record order that groupMap keys are created
groupMapKeys = append(groupMapKeys, portKey)
continue
}
if current == (group.last + 1) {
group.last = current
continue
}
result = append(result, formGroup(portKey, group.first, group.last))
groupMap[portKey] = &portGroup{first: current, last: current}
}
for _, portKey := range groupMapKeys {
g := groupMap[portKey]
result = append(result, formGroup(portKey, g.first, g.last))
}
result = append(result, hostMappings...)
return strings.Join(result, ", ")
}
func formGroup(key string, start, last uint16) string {
parts := strings.Split(key, "/")
groupType := parts[0]
var ip string
if len(parts) > 1 {
ip = parts[0]
groupType = parts[1]
}
group := strconv.Itoa(int(start))
if start != last {
group = fmt.Sprintf("%s-%d", group, last)
}
if ip != "" {
group = fmt.Sprintf("%s:%s->%s", ip, group, group)
}
return fmt.Sprintf("%s/%s", group, groupType)
}
// MatchesContentType validates the content type against the expected one
func MatchesContentType(contentType, expectedType string) bool {
mimetype, _, err := mime.ParseMediaType(contentType)
if err != nil {
logrus.Errorf("Error parsing media type: %s error: %v", contentType, err)
}
return err == nil && mimetype == expectedType
}
// LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
// otherwise generates a new one
func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
err := system.MkdirAll(filepath.Dir(trustKeyPath), 0700)
if err != nil {
return nil, err
}
trustKey, err := libtrust.LoadKeyFile(trustKeyPath)
if err == libtrust.ErrKeyFileDoesNotExist {
trustKey, err = libtrust.GenerateECP256PrivateKey()
if err != nil {
return nil, fmt.Errorf("Error generating key: %s", err)
}
encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))
if err != nil {
return nil, fmt.Errorf("Error serializing key: %s", err)
}
if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {
return nil, fmt.Errorf("Error saving key file: %s", err)
}
} else if err != nil {
return nil, fmt.Errorf("Error loading key file %s: %s", trustKeyPath, err)
}
return trustKey, nil
}
func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {
if ext == ".json" || ext == ".jwk" {
encoded, err = json.Marshal(key)
if err != nil {
return nil, fmt.Errorf("unable to encode private key JWK: %s", err)
}
} else {
pemBlock, err := key.PEMBlock()
if err != nil {
return nil, fmt.Errorf("unable to encode private key PEM: %s", err)
}
encoded = pem.EncodeToMemory(pemBlock)
}
return
}

341
api/common_test.go Normal file
View file

@ -0,0 +1,341 @@
package api
import (
"io/ioutil"
"path/filepath"
"testing"
"os"
"github.com/docker/docker/api/types"
)
type ports struct {
ports []types.Port
expected string
}
// DisplayablePorts
func TestDisplayablePorts(t *testing.T) {
cases := []ports{
{
[]types.Port{
{
PrivatePort: 9988,
Type: "tcp",
},
},
"9988/tcp"},
{
[]types.Port{
{
PrivatePort: 9988,
Type: "udp",
},
},
"9988/udp",
},
{
[]types.Port{
{
IP: "0.0.0.0",
PrivatePort: 9988,
Type: "tcp",
},
},
"0.0.0.0:0->9988/tcp",
},
{
[]types.Port{
{
PrivatePort: 9988,
PublicPort: 8899,
Type: "tcp",
},
},
"9988/tcp",
},
{
[]types.Port{
{
IP: "4.3.2.1",
PrivatePort: 9988,
PublicPort: 8899,
Type: "tcp",
},
},
"4.3.2.1:8899->9988/tcp",
},
{
[]types.Port{
{
IP: "4.3.2.1",
PrivatePort: 9988,
PublicPort: 9988,
Type: "tcp",
},
},
"4.3.2.1:9988->9988/tcp",
},
{
[]types.Port{
{
PrivatePort: 9988,
Type: "udp",
}, {
PrivatePort: 9988,
Type: "udp",
},
},
"9988/udp, 9988/udp",
},
{
[]types.Port{
{
IP: "1.2.3.4",
PublicPort: 9998,
PrivatePort: 9998,
Type: "udp",
}, {
IP: "1.2.3.4",
PublicPort: 9999,
PrivatePort: 9999,
Type: "udp",
},
},
"1.2.3.4:9998-9999->9998-9999/udp",
},
{
[]types.Port{
{
IP: "1.2.3.4",
PublicPort: 8887,
PrivatePort: 9998,
Type: "udp",
}, {
IP: "1.2.3.4",
PublicPort: 8888,
PrivatePort: 9999,
Type: "udp",
},
},
"1.2.3.4:8887->9998/udp, 1.2.3.4:8888->9999/udp",
},
{
[]types.Port{
{
PrivatePort: 9998,
Type: "udp",
}, {
PrivatePort: 9999,
Type: "udp",
},
},
"9998-9999/udp",
},
{
[]types.Port{
{
IP: "1.2.3.4",
PrivatePort: 6677,
PublicPort: 7766,
Type: "tcp",
}, {
PrivatePort: 9988,
PublicPort: 8899,
Type: "udp",
},
},
"9988/udp, 1.2.3.4:7766->6677/tcp",
},
{
[]types.Port{
{
IP: "1.2.3.4",
PrivatePort: 9988,
PublicPort: 8899,
Type: "udp",
}, {
IP: "1.2.3.4",
PrivatePort: 9988,
PublicPort: 8899,
Type: "tcp",
}, {
IP: "4.3.2.1",
PrivatePort: 2233,
PublicPort: 3322,
Type: "tcp",
},
},
"4.3.2.1:3322->2233/tcp, 1.2.3.4:8899->9988/tcp, 1.2.3.4:8899->9988/udp",
},
{
[]types.Port{
{
PrivatePort: 9988,
PublicPort: 8899,
Type: "udp",
}, {
IP: "1.2.3.4",
PrivatePort: 6677,
PublicPort: 7766,
Type: "tcp",
}, {
IP: "4.3.2.1",
PrivatePort: 2233,
PublicPort: 3322,
Type: "tcp",
},
},
"9988/udp, 4.3.2.1:3322->2233/tcp, 1.2.3.4:7766->6677/tcp",
},
{
[]types.Port{
{
PrivatePort: 80,
Type: "tcp",
}, {
PrivatePort: 1024,
Type: "tcp",
}, {
PrivatePort: 80,
Type: "udp",
}, {
PrivatePort: 1024,
Type: "udp",
}, {
IP: "1.1.1.1",
PublicPort: 80,
PrivatePort: 1024,
Type: "tcp",
}, {
IP: "1.1.1.1",
PublicPort: 80,
PrivatePort: 1024,
Type: "udp",
}, {
IP: "1.1.1.1",
PublicPort: 1024,
PrivatePort: 80,
Type: "tcp",
}, {
IP: "1.1.1.1",
PublicPort: 1024,
PrivatePort: 80,
Type: "udp",
}, {
IP: "2.1.1.1",
PublicPort: 80,
PrivatePort: 1024,
Type: "tcp",
}, {
IP: "2.1.1.1",
PublicPort: 80,
PrivatePort: 1024,
Type: "udp",
}, {
IP: "2.1.1.1",
PublicPort: 1024,
PrivatePort: 80,
Type: "tcp",
}, {
IP: "2.1.1.1",
PublicPort: 1024,
PrivatePort: 80,
Type: "udp",
},
},
"80/tcp, 80/udp, 1024/tcp, 1024/udp, 1.1.1.1:1024->80/tcp, 1.1.1.1:1024->80/udp, 2.1.1.1:1024->80/tcp, 2.1.1.1:1024->80/udp, 1.1.1.1:80->1024/tcp, 1.1.1.1:80->1024/udp, 2.1.1.1:80->1024/tcp, 2.1.1.1:80->1024/udp",
},
}
for _, port := range cases {
actual := DisplayablePorts(port.ports)
if port.expected != actual {
t.Fatalf("Expected %s, got %s.", port.expected, actual)
}
}
}
// MatchesContentType
func TestJsonContentType(t *testing.T) {
if !MatchesContentType("application/json", "application/json") {
t.Fail()
}
if !MatchesContentType("application/json; charset=utf-8", "application/json") {
t.Fail()
}
if MatchesContentType("dockerapplication/json", "application/json") {
t.Fail()
}
}
// LoadOrCreateTrustKey
func TestLoadOrCreateTrustKeyInvalidKeyFile(t *testing.T) {
tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmpKeyFolderPath)
tmpKeyFile, err := ioutil.TempFile(tmpKeyFolderPath, "keyfile")
if err != nil {
t.Fatal(err)
}
if _, err := LoadOrCreateTrustKey(tmpKeyFile.Name()); err == nil {
t.Fatalf("expected an error, got nothing.")
}
}
func TestLoadOrCreateTrustKeyCreateKey(t *testing.T) {
tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmpKeyFolderPath)
// Without the need to create the folder hierarchy
tmpKeyFile := filepath.Join(tmpKeyFolderPath, "keyfile")
if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
t.Fatalf("expected a new key file, got : %v and %v", err, key)
}
if _, err := os.Stat(tmpKeyFile); err != nil {
t.Fatalf("Expected to find a file %s, got %v", tmpKeyFile, err)
}
// With the need to create the folder hierarchy as tmpKeyFie is in a path
// where some folders do not exist.
tmpKeyFile = filepath.Join(tmpKeyFolderPath, "folder/hierarchy/keyfile")
if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
t.Fatalf("expected a new key file, got : %v and %v", err, key)
}
if _, err := os.Stat(tmpKeyFile); err != nil {
t.Fatalf("Expected to find a file %s, got %v", tmpKeyFile, err)
}
// With no path at all
defer os.Remove("keyfile")
if key, err := LoadOrCreateTrustKey("keyfile"); err != nil || key == nil {
t.Fatalf("expected a new key file, got : %v and %v", err, key)
}
if _, err := os.Stat("keyfile"); err != nil {
t.Fatalf("Expected to find a file keyfile, got %v", err)
}
}
func TestLoadOrCreateTrustKeyLoadValidKey(t *testing.T) {
tmpKeyFile := filepath.Join("fixtures", "keyfile")
if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
t.Fatalf("expected a key file, got : %v and %v", err, key)
}
}

6
api/common_unix.go Normal file
View file

@ -0,0 +1,6 @@
// +build !windows
package api
// MinVersion represents Minimum REST API version supported
const MinVersion string = "1.12"

8
api/common_windows.go Normal file
View file

@ -0,0 +1,8 @@
package api
// MinVersion represents Minimum REST API version supported
// Technically the first daemon API version released on Windows is v1.25 in
// engine version 1.13. However, some clients are explicitly using downlevel
// APIs (eg docker-compose v2.1 file format) and that is just too restrictive.
// Hence also allowing 1.24 on Windows.
const MinVersion string = "1.24"

47
api/errors/errors.go Normal file
View file

@ -0,0 +1,47 @@
package errors
import "net/http"
// apiError is an error wrapper that also
// holds information about response status codes.
type apiError struct {
error
statusCode int
}
// HTTPErrorStatusCode returns a status code.
func (e apiError) HTTPErrorStatusCode() int {
return e.statusCode
}
// NewErrorWithStatusCode allows you to associate
// a specific HTTP Status Code to an error.
// The Server will take that code and set
// it as the response status.
func NewErrorWithStatusCode(err error, code int) error {
return apiError{err, code}
}
// NewBadRequestError creates a new API error
// that has the 400 HTTP status code associated to it.
func NewBadRequestError(err error) error {
return NewErrorWithStatusCode(err, http.StatusBadRequest)
}
// NewRequestForbiddenError creates a new API error
// that has the 403 HTTP status code associated to it.
func NewRequestForbiddenError(err error) error {
return NewErrorWithStatusCode(err, http.StatusForbidden)
}
// NewRequestNotFoundError creates a new API error
// that has the 404 HTTP status code associated to it.
func NewRequestNotFoundError(err error) error {
return NewErrorWithStatusCode(err, http.StatusNotFound)
}
// NewRequestConflictError creates a new API error
// that has the 409 HTTP status code associated to it.
func NewRequestConflictError(err error) error {
return NewErrorWithStatusCode(err, http.StatusConflict)
}

View file

@ -1,130 +0,0 @@
package build // import "github.com/docker/docker/api/server/backend/build"
import (
"context"
"fmt"
"strconv"
"github.com/distribution/reference"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/backend"
"github.com/docker/docker/api/types/events"
"github.com/docker/docker/builder"
buildkit "github.com/docker/docker/builder/builder-next"
daemonevents "github.com/docker/docker/daemon/events"
"github.com/docker/docker/image"
"github.com/docker/docker/pkg/stringid"
"github.com/pkg/errors"
"google.golang.org/grpc"
)
// ImageComponent provides an interface for working with images
type ImageComponent interface {
SquashImage(from string, to string) (string, error)
TagImage(context.Context, image.ID, reference.Named) error
}
// Builder defines interface for running a build
type Builder interface {
Build(context.Context, backend.BuildConfig) (*builder.Result, error)
}
// Backend provides build functionality to the API router
type Backend struct {
builder Builder
imageComponent ImageComponent
buildkit *buildkit.Builder
eventsService *daemonevents.Events
}
// NewBackend creates a new build backend from components
func NewBackend(components ImageComponent, builder Builder, buildkit *buildkit.Builder, es *daemonevents.Events) (*Backend, error) {
return &Backend{imageComponent: components, builder: builder, buildkit: buildkit, eventsService: es}, nil
}
// RegisterGRPC registers buildkit controller to the grpc server.
func (b *Backend) RegisterGRPC(s *grpc.Server) {
if b.buildkit != nil {
b.buildkit.RegisterGRPC(s)
}
}
// Build builds an image from a Source
func (b *Backend) Build(ctx context.Context, config backend.BuildConfig) (string, error) {
options := config.Options
useBuildKit := options.Version == types.BuilderBuildKit
tags, err := sanitizeRepoAndTags(options.Tags)
if err != nil {
return "", err
}
var build *builder.Result
if useBuildKit {
build, err = b.buildkit.Build(ctx, config)
if err != nil {
return "", err
}
} else {
build, err = b.builder.Build(ctx, config)
if err != nil {
return "", err
}
}
if build == nil {
return "", nil
}
imageID := build.ImageID
if options.Squash {
if imageID, err = squashBuild(build, b.imageComponent); err != nil {
return "", err
}
if config.ProgressWriter.AuxFormatter != nil {
if err = config.ProgressWriter.AuxFormatter.Emit("moby.image.id", types.BuildResult{ID: imageID}); err != nil {
return "", err
}
}
}
if !useBuildKit {
stdout := config.ProgressWriter.StdoutFormatter
fmt.Fprintf(stdout, "Successfully built %s\n", stringid.TruncateID(imageID))
}
if imageID != "" && !useBuildKit {
err = tagImages(ctx, b.imageComponent, config.ProgressWriter.StdoutFormatter, image.ID(imageID), tags)
}
return imageID, err
}
// PruneCache removes all cached build sources
func (b *Backend) PruneCache(ctx context.Context, opts types.BuildCachePruneOptions) (*types.BuildCachePruneReport, error) {
buildCacheSize, cacheIDs, err := b.buildkit.Prune(ctx, opts)
if err != nil {
return nil, errors.Wrap(err, "failed to prune build cache")
}
b.eventsService.Log(events.ActionPrune, events.BuilderEventType, events.Actor{
Attributes: map[string]string{
"reclaimed": strconv.FormatInt(buildCacheSize, 10),
},
})
return &types.BuildCachePruneReport{SpaceReclaimed: uint64(buildCacheSize), CachesDeleted: cacheIDs}, nil
}
// Cancel cancels the build by ID
func (b *Backend) Cancel(ctx context.Context, id string) error {
return b.buildkit.Cancel(ctx, id)
}
func squashBuild(build *builder.Result, imageComponent ImageComponent) (string, error) {
var fromID string
if build.FromImage != nil {
fromID = build.FromImage.ImageID()
}
imageID, err := imageComponent.SquashImage(build.ImageID, fromID)
if err != nil {
return "", errors.Wrap(err, "error squashing image")
}
return imageID, nil
}

View file

@ -1,51 +0,0 @@
package build // import "github.com/docker/docker/api/server/backend/build"
import (
"context"
"fmt"
"io"
"github.com/distribution/reference"
"github.com/docker/docker/image"
"github.com/pkg/errors"
)
// tagImages creates image tags for the imageID.
func tagImages(ctx context.Context, ic ImageComponent, stdout io.Writer, imageID image.ID, repoAndTags []reference.Named) error {
for _, rt := range repoAndTags {
if err := ic.TagImage(ctx, imageID, rt); err != nil {
return err
}
_, _ = fmt.Fprintln(stdout, "Successfully tagged", reference.FamiliarString(rt))
}
return nil
}
// sanitizeRepoAndTags parses the raw "t" parameter received from the client
// to a slice of repoAndTag. It removes duplicates, and validates each name
// to not contain a digest.
func sanitizeRepoAndTags(names []string) (repoAndTags []reference.Named, err error) {
uniqNames := map[string]struct{}{}
for _, repo := range names {
if repo == "" {
continue
}
ref, err := reference.ParseNormalizedNamed(repo)
if err != nil {
return nil, err
}
if _, ok := ref.(reference.Digested); ok {
return nil, errors.New("build tag cannot contain a digest")
}
ref = reference.TagNameOnly(ref)
nameWithTag := ref.String()
if _, exists := uniqNames[nameWithTag]; !exists {
uniqNames[nameWithTag] = struct{}{}
repoAndTags = append(repoAndTags, ref)
}
}
return repoAndTags, nil
}

View file

@ -1,152 +0,0 @@
package httpstatus // import "github.com/docker/docker/api/server/httpstatus"
import (
"context"
"fmt"
"net/http"
cerrdefs "github.com/containerd/containerd/errdefs"
"github.com/containerd/log"
"github.com/docker/distribution/registry/api/errcode"
"github.com/docker/docker/errdefs"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
type causer interface {
Cause() error
}
// FromError retrieves status code from error message.
func FromError(err error) int {
if err == nil {
log.G(context.TODO()).WithError(err).Error("unexpected HTTP error handling")
return http.StatusInternalServerError
}
var statusCode int
// Stop right there
// Are you sure you should be adding a new error class here? Do one of the existing ones work?
// Note that the below functions are already checking the error causal chain for matches.
switch {
case errdefs.IsNotFound(err):
statusCode = http.StatusNotFound
case errdefs.IsInvalidParameter(err):
statusCode = http.StatusBadRequest
case errdefs.IsConflict(err):
statusCode = http.StatusConflict
case errdefs.IsUnauthorized(err):
statusCode = http.StatusUnauthorized
case errdefs.IsUnavailable(err):
statusCode = http.StatusServiceUnavailable
case errdefs.IsForbidden(err):
statusCode = http.StatusForbidden
case errdefs.IsNotModified(err):
statusCode = http.StatusNotModified
case errdefs.IsNotImplemented(err):
statusCode = http.StatusNotImplemented
case errdefs.IsSystem(err) || errdefs.IsUnknown(err) || errdefs.IsDataLoss(err) || errdefs.IsDeadline(err) || errdefs.IsCancelled(err):
statusCode = http.StatusInternalServerError
default:
statusCode = statusCodeFromGRPCError(err)
if statusCode != http.StatusInternalServerError {
return statusCode
}
statusCode = statusCodeFromContainerdError(err)
if statusCode != http.StatusInternalServerError {
return statusCode
}
statusCode = statusCodeFromDistributionError(err)
if statusCode != http.StatusInternalServerError {
return statusCode
}
if e, ok := err.(causer); ok {
return FromError(e.Cause())
}
log.G(context.TODO()).WithFields(log.Fields{
"module": "api",
"error": err,
"error_type": fmt.Sprintf("%T", err),
}).Debug("FIXME: Got an API for which error does not match any expected type!!!")
}
if statusCode == 0 {
statusCode = http.StatusInternalServerError
}
return statusCode
}
// statusCodeFromGRPCError returns status code according to gRPC error
func statusCodeFromGRPCError(err error) int {
switch status.Code(err) {
case codes.InvalidArgument: // code 3
return http.StatusBadRequest
case codes.NotFound: // code 5
return http.StatusNotFound
case codes.AlreadyExists: // code 6
return http.StatusConflict
case codes.PermissionDenied: // code 7
return http.StatusForbidden
case codes.FailedPrecondition: // code 9
return http.StatusBadRequest
case codes.Unauthenticated: // code 16
return http.StatusUnauthorized
case codes.OutOfRange: // code 11
return http.StatusBadRequest
case codes.Unimplemented: // code 12
return http.StatusNotImplemented
case codes.Unavailable: // code 14
return http.StatusServiceUnavailable
default:
// codes.Canceled(1)
// codes.Unknown(2)
// codes.DeadlineExceeded(4)
// codes.ResourceExhausted(8)
// codes.Aborted(10)
// codes.Internal(13)
// codes.DataLoss(15)
return http.StatusInternalServerError
}
}
// statusCodeFromDistributionError returns status code according to registry errcode
// code is loosely based on errcode.ServeJSON() in docker/distribution
func statusCodeFromDistributionError(err error) int {
switch errs := err.(type) {
case errcode.Errors:
if len(errs) < 1 {
return http.StatusInternalServerError
}
if _, ok := errs[0].(errcode.ErrorCoder); ok {
return statusCodeFromDistributionError(errs[0])
}
case errcode.ErrorCoder:
return errs.ErrorCode().Descriptor().HTTPStatusCode
}
return http.StatusInternalServerError
}
// statusCodeFromContainerdError returns status code for containerd errors when
// consumed directly (not through gRPC)
func statusCodeFromContainerdError(err error) int {
switch {
case cerrdefs.IsInvalidArgument(err):
return http.StatusBadRequest
case cerrdefs.IsNotFound(err):
return http.StatusNotFound
case cerrdefs.IsAlreadyExists(err):
return http.StatusConflict
case cerrdefs.IsFailedPrecondition(err):
return http.StatusPreconditionFailed
case cerrdefs.IsUnavailable(err):
return http.StatusServiceUnavailable
case cerrdefs.IsNotImplemented(err):
return http.StatusNotImplemented
default:
return http.StatusInternalServerError
}
}

View file

@ -1,4 +1,4 @@
package httputils // import "github.com/docker/docker/api/server/httputils"
package httputils
import (
"io"
@ -12,4 +12,5 @@ import (
// container configuration.
type ContainerDecoder interface {
DecodeConfig(src io.Reader) (*container.Config, *container.HostConfig, *network.NetworkingConfig, error)
DecodeHostConfig(src io.Reader) (*container.HostConfig, error)
}

View file

@ -0,0 +1,103 @@
package httputils
import (
"net/http"
"strings"
"github.com/Sirupsen/logrus"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/versions"
"github.com/gorilla/mux"
"google.golang.org/grpc"
)
// httpStatusError is an interface
// that errors with custom status codes
// implement to tell the api layer
// which response status to set.
type httpStatusError interface {
HTTPErrorStatusCode() int
}
// inputValidationError is an interface
// that errors generated by invalid
// inputs can implement to tell the
// api layer to set a 400 status code
// in the response.
type inputValidationError interface {
IsValidationError() bool
}
// GetHTTPErrorStatusCode retrieves status code from error message
func GetHTTPErrorStatusCode(err error) int {
if err == nil {
logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling")
return http.StatusInternalServerError
}
var statusCode int
errMsg := err.Error()
switch e := err.(type) {
case httpStatusError:
statusCode = e.HTTPErrorStatusCode()
case inputValidationError:
statusCode = http.StatusBadRequest
default:
// FIXME: this is brittle and should not be necessary, but we still need to identify if
// there are errors falling back into this logic.
// If we need to differentiate between different possible error types,
// we should create appropriate error types that implement the httpStatusError interface.
errStr := strings.ToLower(errMsg)
for _, status := range []struct {
keyword string
code int
}{
{"not found", http.StatusNotFound},
{"no such", http.StatusNotFound},
{"bad parameter", http.StatusBadRequest},
{"no command", http.StatusBadRequest},
{"conflict", http.StatusConflict},
{"impossible", http.StatusNotAcceptable},
{"wrong login/password", http.StatusUnauthorized},
{"unauthorized", http.StatusUnauthorized},
{"hasn't been activated", http.StatusForbidden},
{"this node", http.StatusServiceUnavailable},
{"needs to be unlocked", http.StatusServiceUnavailable},
{"certificates have expired", http.StatusServiceUnavailable},
} {
if strings.Contains(errStr, status.keyword) {
statusCode = status.code
break
}
}
}
if statusCode == 0 {
statusCode = http.StatusInternalServerError
}
return statusCode
}
func apiVersionSupportsJSONErrors(version string) bool {
const firstAPIVersionWithJSONErrors = "1.23"
return version == "" || versions.GreaterThan(version, firstAPIVersionWithJSONErrors)
}
// MakeErrorHandler makes an HTTP handler that decodes a Docker error and
// returns it in the response.
func MakeErrorHandler(err error) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
statusCode := GetHTTPErrorStatusCode(err)
vars := mux.Vars(r)
if apiVersionSupportsJSONErrors(vars["version"]) {
response := &types.ErrorResponse{
Message: err.Error(),
}
WriteJSON(w, statusCode, response)
} else {
http.Error(w, grpc.ErrorDesc(err), statusCode)
}
}
}

View file

@ -1,12 +1,11 @@
package httputils // import "github.com/docker/docker/api/server/httputils"
package httputils
import (
"fmt"
"net/http"
"path/filepath"
"strconv"
"strings"
"github.com/distribution/reference"
)
// BoolValue transforms a form value in different formats into a boolean type.
@ -16,7 +15,7 @@ func BoolValue(r *http.Request, k string) bool {
}
// BoolValueOrDefault returns the default bool passed if the query param is
// missing, otherwise it's just a proxy to boolValue above.
// missing, otherwise it's just a proxy to boolValue above
func BoolValueOrDefault(r *http.Request, k string, d bool) bool {
if _, ok := r.Form[k]; !ok {
return d
@ -39,59 +38,20 @@ func Int64ValueOrZero(r *http.Request, k string) int64 {
func Int64ValueOrDefault(r *http.Request, field string, def int64) (int64, error) {
if r.Form.Get(field) != "" {
value, err := strconv.ParseInt(r.Form.Get(field), 10, 64)
return value, err
if err != nil {
return value, err
}
return value, nil
}
return def, nil
}
// RepoTagReference parses form values "repo" and "tag" and returns a valid
// reference with repository and tag.
// If repo is empty, then a nil reference is returned.
// If no tag is given, then the default "latest" tag is set.
func RepoTagReference(repo, tag string) (reference.NamedTagged, error) {
if repo == "" {
return nil, nil
}
ref, err := reference.ParseNormalizedNamed(repo)
if err != nil {
return nil, err
}
if _, isDigested := ref.(reference.Digested); isDigested {
return nil, fmt.Errorf("cannot import digest reference")
}
if tag != "" {
return reference.WithTag(ref, tag)
}
withDefaultTag := reference.TagNameOnly(ref)
namedTagged, ok := withDefaultTag.(reference.NamedTagged)
if !ok {
return nil, fmt.Errorf("unexpected reference: %q", ref.String())
}
return namedTagged, nil
}
// ArchiveOptions stores archive information for different operations.
type ArchiveOptions struct {
Name string
Path string
}
type badParameterError struct {
param string
}
func (e badParameterError) Error() string {
return "bad parameter: " + e.param + "cannot be empty"
}
func (e badParameterError) InvalidParameter() {}
// ArchiveFormValues parses form values and turns them into ArchiveOptions.
// It fails if the archive name and path are not in the request.
func ArchiveFormValues(r *http.Request, vars map[string]string) (ArchiveOptions, error) {
@ -100,12 +60,14 @@ func ArchiveFormValues(r *http.Request, vars map[string]string) (ArchiveOptions,
}
name := vars["name"]
if name == "" {
return ArchiveOptions{}, badParameterError{"name"}
}
path := r.Form.Get("path")
if path == "" {
return ArchiveOptions{}, badParameterError{"path"}
path := filepath.FromSlash(r.Form.Get("path"))
switch {
case name == "":
return ArchiveOptions{}, fmt.Errorf("bad parameter: 'name' cannot be empty")
case path == "":
return ArchiveOptions{}, fmt.Errorf("bad parameter: 'path' cannot be empty")
}
return ArchiveOptions{name, path}, nil
}

View file

@ -1,4 +1,4 @@
package httputils // import "github.com/docker/docker/api/server/httputils"
package httputils
import (
"net/http"
@ -23,7 +23,7 @@ func TestBoolValue(t *testing.T) {
for c, e := range cases {
v := url.Values{}
v.Set("test", c)
r, _ := http.NewRequest(http.MethodPost, "", nil)
r, _ := http.NewRequest("POST", "", nil)
r.Form = v
a := BoolValue(r, "test")
@ -34,14 +34,14 @@ func TestBoolValue(t *testing.T) {
}
func TestBoolValueOrDefault(t *testing.T) {
r, _ := http.NewRequest(http.MethodGet, "", nil)
r, _ := http.NewRequest("GET", "", nil)
if !BoolValueOrDefault(r, "queryparam", true) {
t.Fatal("Expected to get true default value, got false")
}
v := url.Values{}
v.Set("param", "")
r, _ = http.NewRequest(http.MethodGet, "", nil)
r, _ = http.NewRequest("GET", "", nil)
r.Form = v
if BoolValueOrDefault(r, "param", true) {
t.Fatal("Expected not to get true")
@ -59,7 +59,7 @@ func TestInt64ValueOrZero(t *testing.T) {
for c, e := range cases {
v := url.Values{}
v.Set("test", c)
r, _ := http.NewRequest(http.MethodPost, "", nil)
r, _ := http.NewRequest("POST", "", nil)
r.Form = v
a := Int64ValueOrZero(r, "test")
@ -79,7 +79,7 @@ func TestInt64ValueOrDefault(t *testing.T) {
for c, e := range cases {
v := url.Values{}
v.Set("test", c)
r, _ := http.NewRequest(http.MethodPost, "", nil)
r, _ := http.NewRequest("POST", "", nil)
r.Form = v
a, err := Int64ValueOrDefault(r, "test", -1)
@ -95,11 +95,11 @@ func TestInt64ValueOrDefault(t *testing.T) {
func TestInt64ValueOrDefaultWithError(t *testing.T) {
v := url.Values{}
v.Set("test", "invalid")
r, _ := http.NewRequest(http.MethodPost, "", nil)
r, _ := http.NewRequest("POST", "", nil)
r.Form = v
_, err := Int64ValueOrDefault(r, "test", -1)
if err == nil {
t.Fatal("Expected an error.")
t.Fatalf("Expected an error.")
}
}

View file

@ -1,19 +1,21 @@
package httputils // import "github.com/docker/docker/api/server/httputils"
package httputils
import (
"context"
"encoding/json"
"fmt"
"io"
"mime"
"net/http"
"strings"
"github.com/docker/docker/errdefs"
"github.com/pkg/errors"
"golang.org/x/net/context"
"github.com/docker/docker/api"
)
// APIVersionKey is the client's requested API version.
type APIVersionKey struct{}
const APIVersionKey = "api-version"
// UAStringKey is used as key type for user-agent string in net/context struct
const UAStringKey = "upstream-user-agent"
// APIFunc is an adapter to allow the use of ordinary functions as Docker API endpoints.
// Any function that has the appropriate signature can be registered as an API endpoint (e.g. getVersion).
@ -27,7 +29,7 @@ func HijackConnection(w http.ResponseWriter) (io.ReadCloser, io.Writer, error) {
return nil, nil, err
}
// Flush the options to make sure the client sets the raw mode
_, _ = conn.Write([]byte{})
conn.Write([]byte{})
return conn, conn, nil
}
@ -37,9 +39,9 @@ func CloseStreams(streams ...interface{}) {
if tcpc, ok := stream.(interface {
CloseWrite() error
}); ok {
_ = tcpc.CloseWrite()
tcpc.CloseWrite()
} else if closer, ok := stream.(io.Closer); ok {
_ = closer.Close()
closer.Close()
}
}
}
@ -49,50 +51,17 @@ func CheckForJSON(r *http.Request) error {
ct := r.Header.Get("Content-Type")
// No Content-Type header is ok as long as there's no Body
if ct == "" && (r.Body == nil || r.ContentLength == 0) {
return nil
if ct == "" {
if r.Body == nil || r.ContentLength == 0 {
return nil
}
}
// Otherwise it better be json
return matchesContentType(ct, "application/json")
}
// ReadJSON validates the request to have the correct content-type, and decodes
// the request's Body into out.
func ReadJSON(r *http.Request, out interface{}) error {
err := CheckForJSON(r)
if err != nil {
return err
}
if r.Body == nil || r.ContentLength == 0 {
// an empty body is not invalid, so don't return an error; see
// https://lists.w3.org/Archives/Public/ietf-http-wg/2010JulSep/0272.html
if api.MatchesContentType(ct, "application/json") {
return nil
}
dec := json.NewDecoder(r.Body)
err = dec.Decode(out)
defer r.Body.Close()
if err != nil {
if err == io.EOF {
return errdefs.InvalidParameter(errors.New("invalid JSON: got EOF while reading request body"))
}
return errdefs.InvalidParameter(errors.Wrap(err, "invalid JSON"))
}
if dec.More() {
return errdefs.InvalidParameter(errors.New("unexpected content after JSON"))
}
return nil
}
// WriteJSON writes the value v to the http response stream as json with standard json encoding.
func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(code)
enc := json.NewEncoder(w)
enc.SetEscapeHTML(false)
return enc.Encode(v)
return fmt.Errorf("Content-Type specified (%s) must be 'application/json'", ct)
}
// ParseForm ensures the request form is parsed even with invalid content types.
@ -102,33 +71,20 @@ func ParseForm(r *http.Request) error {
return nil
}
if err := r.ParseForm(); err != nil && !strings.HasPrefix(err.Error(), "mime:") {
return errdefs.InvalidParameter(err)
return err
}
return nil
}
// VersionFromContext returns an API version from the context using APIVersionKey.
// It panics if the context value does not have version.Version type.
func VersionFromContext(ctx context.Context) string {
func VersionFromContext(ctx context.Context) (ver string) {
if ctx == nil {
return ""
return
}
if val := ctx.Value(APIVersionKey{}); val != nil {
return val.(string)
val := ctx.Value(APIVersionKey)
if val == nil {
return
}
return ""
}
// matchesContentType validates the content type against the expected one
func matchesContentType(contentType, expectedType string) error {
mimetype, _, err := mime.ParseMediaType(contentType)
if err != nil {
return errdefs.InvalidParameter(errors.Wrapf(err, "malformed Content-Type header (%s)", contentType))
}
if mimetype != expectedType {
return errdefs.InvalidParameter(errors.Errorf("unsupported Content-Type header (%s): must be '%s'", contentType, expectedType))
}
return nil
return val.(string)
}

View file

@ -1,130 +0,0 @@
package httputils // import "github.com/docker/docker/api/server/httputils"
import (
"net/http"
"strings"
"testing"
)
// matchesContentType
func TestJsonContentType(t *testing.T) {
err := matchesContentType("application/json", "application/json")
if err != nil {
t.Error(err)
}
err = matchesContentType("application/json; charset=utf-8", "application/json")
if err != nil {
t.Error(err)
}
expected := "unsupported Content-Type header (dockerapplication/json): must be 'application/json'"
err = matchesContentType("dockerapplication/json", "application/json")
if err == nil || err.Error() != expected {
t.Errorf(`expected "%s", got "%v"`, expected, err)
}
expected = "malformed Content-Type header (foo;;;bar): mime: invalid media parameter"
err = matchesContentType("foo;;;bar", "application/json")
if err == nil || err.Error() != expected {
t.Errorf(`expected "%s", got "%v"`, expected, err)
}
}
func TestReadJSON(t *testing.T) {
t.Run("nil body", func(t *testing.T) {
req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", nil)
if err != nil {
t.Error(err)
}
foo := struct{}{}
err = ReadJSON(req, &foo)
if err != nil {
t.Error(err)
}
})
t.Run("empty body", func(t *testing.T) {
req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(""))
if err != nil {
t.Error(err)
}
foo := struct{ SomeField string }{}
err = ReadJSON(req, &foo)
if err != nil {
t.Error(err)
}
if foo.SomeField != "" {
t.Errorf("expected: '', got: %s", foo.SomeField)
}
})
t.Run("with valid request", func(t *testing.T) {
req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(`{"SomeField":"some value"}`))
if err != nil {
t.Error(err)
}
req.Header.Set("Content-Type", "application/json")
foo := struct{ SomeField string }{}
err = ReadJSON(req, &foo)
if err != nil {
t.Error(err)
}
if foo.SomeField != "some value" {
t.Errorf("expected: 'some value', got: %s", foo.SomeField)
}
})
t.Run("with whitespace", func(t *testing.T) {
req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(`
{"SomeField":"some value"}
`))
if err != nil {
t.Error(err)
}
req.Header.Set("Content-Type", "application/json")
foo := struct{ SomeField string }{}
err = ReadJSON(req, &foo)
if err != nil {
t.Error(err)
}
if foo.SomeField != "some value" {
t.Errorf("expected: 'some value', got: %s", foo.SomeField)
}
})
t.Run("with extra content", func(t *testing.T) {
req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(`{"SomeField":"some value"} and more content`))
if err != nil {
t.Error(err)
}
req.Header.Set("Content-Type", "application/json")
foo := struct{ SomeField string }{}
err = ReadJSON(req, &foo)
if err == nil {
t.Error("expected an error, got none")
}
expected := "unexpected content after JSON"
if err.Error() != expected {
t.Errorf("expected: '%s', got: %s", expected, err.Error())
}
})
t.Run("invalid JSON", func(t *testing.T) {
req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(`{invalid json`))
if err != nil {
t.Error(err)
}
req.Header.Set("Content-Type", "application/json")
foo := struct{ SomeField string }{}
err = ReadJSON(req, &foo)
if err == nil {
t.Error("expected an error, got none")
}
expected := "invalid JSON: invalid character 'i' looking for beginning of object key string"
if err.Error() != expected {
t.Errorf("expected: '%s', got: %s", expected, err.Error())
}
})
}

View file

@ -0,0 +1,17 @@
// +build go1.7
package httputils
import (
"encoding/json"
"net/http"
)
// WriteJSON writes the value v to the http response stream as json with standard json encoding.
func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(code)
enc := json.NewEncoder(w)
enc.SetEscapeHTML(false)
return enc.Encode(v)
}

View file

@ -0,0 +1,16 @@
// +build go1.6,!go1.7
package httputils
import (
"encoding/json"
"net/http"
)
// WriteJSON writes the value v to the http response stream as json with standard json encoding.
func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(code)
enc := json.NewEncoder(w)
return enc.Encode(v)
}

View file

@ -1,84 +0,0 @@
package httputils // import "github.com/docker/docker/api/server/httputils"
import (
"context"
"fmt"
"io"
"net/url"
"sort"
"github.com/docker/docker/api/types/backend"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/pkg/ioutils"
"github.com/docker/docker/pkg/jsonmessage"
"github.com/docker/docker/pkg/stdcopy"
)
// WriteLogStream writes an encoded byte stream of log messages from the
// messages channel, multiplexing them with a stdcopy.Writer if mux is true
func WriteLogStream(_ context.Context, w io.Writer, msgs <-chan *backend.LogMessage, config *container.LogsOptions, mux bool) {
wf := ioutils.NewWriteFlusher(w)
defer wf.Close()
wf.Flush()
outStream := io.Writer(wf)
errStream := outStream
sysErrStream := errStream
if mux {
sysErrStream = stdcopy.NewStdWriter(outStream, stdcopy.Systemerr)
errStream = stdcopy.NewStdWriter(outStream, stdcopy.Stderr)
outStream = stdcopy.NewStdWriter(outStream, stdcopy.Stdout)
}
for {
msg, ok := <-msgs
if !ok {
return
}
// check if the message contains an error. if so, write that error
// and exit
if msg.Err != nil {
fmt.Fprintf(sysErrStream, "Error grabbing logs: %v\n", msg.Err)
continue
}
logLine := msg.Line
if config.Details {
logLine = append(attrsByteSlice(msg.Attrs), ' ')
logLine = append(logLine, msg.Line...)
}
if config.Timestamps {
logLine = append([]byte(msg.Timestamp.Format(jsonmessage.RFC3339NanoFixed)+" "), logLine...)
}
if msg.Source == "stdout" && config.ShowStdout {
_, _ = outStream.Write(logLine)
}
if msg.Source == "stderr" && config.ShowStderr {
_, _ = errStream.Write(logLine)
}
}
}
type byKey []backend.LogAttr
func (b byKey) Len() int { return len(b) }
func (b byKey) Less(i, j int) bool { return b[i].Key < b[j].Key }
func (b byKey) Swap(i, j int) { b[i], b[j] = b[j], b[i] }
func attrsByteSlice(a []backend.LogAttr) []byte {
// Note this sorts "a" in-place. That is fine here - nothing else is
// going to use Attrs or care about the order.
sort.Sort(byKey(a))
var ret []byte
for i, pair := range a {
k, v := url.QueryEscape(pair.Key), url.QueryEscape(pair.Value)
ret = append(ret, []byte(k)...)
ret = append(ret, '=')
ret = append(ret, []byte(v)...)
if i != len(a)-1 {
ret = append(ret, ',')
}
}
return ret
}

View file

@ -1,7 +1,7 @@
package server // import "github.com/docker/docker/api/server"
package server
import (
"github.com/containerd/log"
"github.com/Sirupsen/logrus"
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/api/server/middleware"
)
@ -16,7 +16,7 @@ func (s *Server) handlerWithGlobalMiddlewares(handler httputils.APIFunc) httputi
next = m.WrapHandler(next)
}
if log.GetLevel() == log.DebugLevel {
if s.cfg.Logging && logrus.GetLevel() == logrus.DebugLevel {
next = middleware.DebugRequestMiddleware(next)
}

View file

@ -1,11 +1,10 @@
package middleware // import "github.com/docker/docker/api/server/middleware"
package middleware
import (
"context"
"net/http"
"github.com/containerd/log"
"github.com/docker/docker/api/types/registry"
"github.com/Sirupsen/logrus"
"golang.org/x/net/context"
)
// CORSMiddleware injects CORS headers to each request
@ -29,9 +28,9 @@ func (c CORSMiddleware) WrapHandler(handler func(ctx context.Context, w http.Res
corsHeaders = "*"
}
log.G(ctx).Debugf("CORS header is enabled and set to: %s", corsHeaders)
logrus.Debugf("CORS header is enabled and set to: %s", corsHeaders)
w.Header().Add("Access-Control-Allow-Origin", corsHeaders)
w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, "+registry.AuthHeader)
w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth")
w.Header().Add("Access-Control-Allow-Methods", "HEAD, GET, POST, DELETE, PUT, OPTIONS")
return handler(ctx, w, r, vars)
}

View file

@ -1,24 +1,24 @@
package middleware // import "github.com/docker/docker/api/server/middleware"
package middleware
import (
"bufio"
"context"
"encoding/json"
"io"
"net/http"
"strings"
"github.com/containerd/log"
"github.com/Sirupsen/logrus"
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/pkg/ioutils"
"golang.org/x/net/context"
)
// DebugRequestMiddleware dumps the request to logger
func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
log.G(ctx).Debugf("Calling %s %s", r.Method, r.RequestURI)
logrus.Debugf("Calling %s %s", r.Method, r.RequestURI)
if r.Method != http.MethodPost {
if r.Method != "POST" {
return handler(ctx, w, r, vars)
}
if err := httputils.CheckForJSON(r); err != nil {
@ -44,9 +44,9 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
maskSecretKeys(postForm)
formStr, errMarshal := json.Marshal(postForm)
if errMarshal == nil {
log.G(ctx).Debugf("form data: %s", string(formStr))
logrus.Debugf("form data: %s", string(formStr))
} else {
log.G(ctx).Debugf("form data: %q", postForm)
logrus.Debugf("form data: %q", postForm)
}
}
@ -61,24 +61,10 @@ func maskSecretKeys(inp interface{}) {
}
return
}
if form, ok := inp.(map[string]interface{}); ok {
scrub := []string{
// Note: The Data field contains the base64-encoded secret in 'secret'
// and 'config' create and update requests. Currently, no other POST
// API endpoints use a data field, so we scrub this field unconditionally.
// Change this handling to be conditional if a new endpoint is added
// in future where this field should not be scrubbed.
"data",
"jointoken",
"password",
"secret",
"signingcakey",
"unlockkey",
}
loop0:
for k, v := range form {
for _, m := range scrub {
for _, m := range []string{"password", "secret", "jointoken", "unlockkey"} {
if strings.EqualFold(m, k) {
form[k] = "*****"
continue loop0

View file

@ -1,75 +0,0 @@
package middleware // import "github.com/docker/docker/api/server/middleware"
import (
"testing"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
)
func TestMaskSecretKeys(t *testing.T) {
tests := []struct {
doc string
input map[string]interface{}
expected map[string]interface{}
}{
{
doc: "secret/config create and update requests",
input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
},
{
doc: "masking other fields (recursively)",
input: map[string]interface{}{
"password": "pass",
"secret": "secret",
"jointoken": "jointoken",
"unlockkey": "unlockkey",
"signingcakey": "signingcakey",
"other": map[string]interface{}{
"password": "pass",
"secret": "secret",
"jointoken": "jointoken",
"unlockkey": "unlockkey",
"signingcakey": "signingcakey",
},
},
expected: map[string]interface{}{
"password": "*****",
"secret": "*****",
"jointoken": "*****",
"unlockkey": "*****",
"signingcakey": "*****",
"other": map[string]interface{}{
"password": "*****",
"secret": "*****",
"jointoken": "*****",
"unlockkey": "*****",
"signingcakey": "*****",
},
},
},
{
doc: "case insensitive field matching",
input: map[string]interface{}{
"PASSWORD": "pass",
"other": map[string]interface{}{
"PASSWORD": "pass",
},
},
expected: map[string]interface{}{
"PASSWORD": "*****",
"other": map[string]interface{}{
"PASSWORD": "*****",
},
},
},
}
for _, testcase := range tests {
t.Run(testcase.doc, func(t *testing.T) {
maskSecretKeys(testcase.input)
assert.Check(t, is.DeepEqual(testcase.expected, testcase.input))
})
}
}

View file

@ -1,8 +1,9 @@
package middleware // import "github.com/docker/docker/api/server/middleware"
package middleware
import (
"context"
"net/http"
"golang.org/x/net/context"
)
// ExperimentalMiddleware is a the middleware in charge of adding the

View file

@ -1,8 +1,9 @@
package middleware // import "github.com/docker/docker/api/server/middleware"
package middleware
import (
"context"
"net/http"
"golang.org/x/net/context"
)
// Middleware is an interface to allow the use of ordinary functions as Docker API filters.

View file

@ -1,86 +1,50 @@
package middleware // import "github.com/docker/docker/api/server/middleware"
package middleware
import (
"context"
"fmt"
"net/http"
"runtime"
"github.com/docker/docker/api"
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/api/errors"
"github.com/docker/docker/api/types/versions"
"golang.org/x/net/context"
)
// VersionMiddleware is a middleware that
// validates the client and server versions.
type VersionMiddleware struct {
serverVersion string
// defaultAPIVersion is the default API version provided by the API server,
// specified as "major.minor". It is usually configured to the latest API
// version [github.com/docker/docker/api.DefaultVersion].
//
// API requests for API versions greater than this version are rejected by
// the server and produce a [versionUnsupportedError].
defaultAPIVersion string
// minAPIVersion is the minimum API version provided by the API server,
// specified as "major.minor".
//
// API requests for API versions lower than this version are rejected by
// the server and produce a [versionUnsupportedError].
minAPIVersion string
serverVersion string
defaultVersion string
minVersion string
}
// NewVersionMiddleware creates a VersionMiddleware with the given versions.
func NewVersionMiddleware(serverVersion, defaultAPIVersion, minAPIVersion string) (*VersionMiddleware, error) {
if versions.LessThan(defaultAPIVersion, api.MinSupportedAPIVersion) || versions.GreaterThan(defaultAPIVersion, api.DefaultVersion) {
return nil, fmt.Errorf("invalid default API version (%s): must be between %s and %s", defaultAPIVersion, api.MinSupportedAPIVersion, api.DefaultVersion)
// NewVersionMiddleware creates a new VersionMiddleware
// with the default versions.
func NewVersionMiddleware(s, d, m string) VersionMiddleware {
return VersionMiddleware{
serverVersion: s,
defaultVersion: d,
minVersion: m,
}
if versions.LessThan(minAPIVersion, api.MinSupportedAPIVersion) || versions.GreaterThan(minAPIVersion, api.DefaultVersion) {
return nil, fmt.Errorf("invalid minimum API version (%s): must be between %s and %s", minAPIVersion, api.MinSupportedAPIVersion, api.DefaultVersion)
}
if versions.GreaterThan(minAPIVersion, defaultAPIVersion) {
return nil, fmt.Errorf("invalid API version: the minimum API version (%s) is higher than the default version (%s)", minAPIVersion, defaultAPIVersion)
}
return &VersionMiddleware{
serverVersion: serverVersion,
defaultAPIVersion: defaultAPIVersion,
minAPIVersion: minAPIVersion,
}, nil
}
type versionUnsupportedError struct {
version, minVersion, maxVersion string
}
func (e versionUnsupportedError) Error() string {
if e.minVersion != "" {
return fmt.Sprintf("client version %s is too old. Minimum supported API version is %s, please upgrade your client to a newer version", e.version, e.minVersion)
}
return fmt.Sprintf("client version %s is too new. Maximum supported API version is %s", e.version, e.maxVersion)
}
func (e versionUnsupportedError) InvalidParameter() {}
// WrapHandler returns a new handler function wrapping the previous one in the request chain.
func (v VersionMiddleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
w.Header().Set("Server", fmt.Sprintf("Docker/%s (%s)", v.serverVersion, runtime.GOOS))
w.Header().Set("API-Version", v.defaultAPIVersion)
w.Header().Set("OSType", runtime.GOOS)
apiVersion := vars["version"]
if apiVersion == "" {
apiVersion = v.defaultAPIVersion
apiVersion = v.defaultVersion
}
if versions.LessThan(apiVersion, v.minAPIVersion) {
return versionUnsupportedError{version: apiVersion, minVersion: v.minAPIVersion}
if versions.LessThan(apiVersion, v.minVersion) {
return errors.NewBadRequestError(fmt.Errorf("client version %s is too old. Minimum supported API version is %s, please upgrade your client to a newer version", apiVersion, v.minVersion))
}
if versions.GreaterThan(apiVersion, v.defaultAPIVersion) {
return versionUnsupportedError{version: apiVersion, maxVersion: v.defaultAPIVersion}
}
ctx = context.WithValue(ctx, httputils.APIVersionKey{}, apiVersion)
header := fmt.Sprintf("Docker/%s (%s)", v.serverVersion, runtime.GOOS)
w.Header().Set("Server", header)
w.Header().Set("API-Version", v.defaultVersion)
ctx = context.WithValue(ctx, "api-version", apiVersion)
return handler(ctx, w, r, vars)
}
}

View file

@ -1,146 +1,57 @@
package middleware // import "github.com/docker/docker/api/server/middleware"
package middleware
import (
"context"
"fmt"
"net/http"
"net/http/httptest"
"runtime"
"strings"
"testing"
"github.com/docker/docker/api"
"github.com/docker/docker/api/server/httputils"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
"golang.org/x/net/context"
)
func TestNewVersionMiddlewareValidation(t *testing.T) {
tests := []struct {
doc, defaultVersion, minVersion, expectedErr string
}{
{
doc: "defaults",
defaultVersion: api.DefaultVersion,
minVersion: api.MinSupportedAPIVersion,
},
{
doc: "invalid default lower than min",
defaultVersion: api.MinSupportedAPIVersion,
minVersion: api.DefaultVersion,
expectedErr: fmt.Sprintf("invalid API version: the minimum API version (%s) is higher than the default version (%s)", api.DefaultVersion, api.MinSupportedAPIVersion),
},
{
doc: "invalid default too low",
defaultVersion: "0.1",
minVersion: api.MinSupportedAPIVersion,
expectedErr: fmt.Sprintf("invalid default API version (0.1): must be between %s and %s", api.MinSupportedAPIVersion, api.DefaultVersion),
},
{
doc: "invalid default too high",
defaultVersion: "9999.9999",
minVersion: api.DefaultVersion,
expectedErr: fmt.Sprintf("invalid default API version (9999.9999): must be between %s and %s", api.MinSupportedAPIVersion, api.DefaultVersion),
},
{
doc: "invalid minimum too low",
defaultVersion: api.MinSupportedAPIVersion,
minVersion: "0.1",
expectedErr: fmt.Sprintf("invalid minimum API version (0.1): must be between %s and %s", api.MinSupportedAPIVersion, api.DefaultVersion),
},
{
doc: "invalid minimum too high",
defaultVersion: api.DefaultVersion,
minVersion: "9999.9999",
expectedErr: fmt.Sprintf("invalid minimum API version (9999.9999): must be between %s and %s", api.MinSupportedAPIVersion, api.DefaultVersion),
},
}
for _, tc := range tests {
tc := tc
t.Run(tc.doc, func(t *testing.T) {
_, err := NewVersionMiddleware("1.2.3", tc.defaultVersion, tc.minVersion)
if tc.expectedErr == "" {
assert.Check(t, err)
} else {
assert.Check(t, is.Error(err, tc.expectedErr))
}
})
}
}
func TestVersionMiddlewareVersion(t *testing.T) {
expectedVersion := "<not set>"
func TestVersionMiddleware(t *testing.T) {
handler := func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
v := httputils.VersionFromContext(ctx)
assert.Check(t, is.Equal(expectedVersion, v))
if httputils.VersionFromContext(ctx) == "" {
t.Fatalf("Expected version, got empty string")
}
return nil
}
m, err := NewVersionMiddleware("1.2.3", api.DefaultVersion, api.MinSupportedAPIVersion)
assert.NilError(t, err)
defaultVersion := "1.10.0"
minVersion := "1.2.0"
m := NewVersionMiddleware(defaultVersion, defaultVersion, minVersion)
h := m.WrapHandler(handler)
req, _ := http.NewRequest(http.MethodGet, "/containers/json", nil)
req, _ := http.NewRequest("GET", "/containers/json", nil)
resp := httptest.NewRecorder()
ctx := context.Background()
tests := []struct {
reqVersion string
expectedVersion string
errString string
}{
{
expectedVersion: api.DefaultVersion,
},
{
reqVersion: api.MinSupportedAPIVersion,
expectedVersion: api.MinSupportedAPIVersion,
},
{
reqVersion: "0.1",
errString: fmt.Sprintf("client version 0.1 is too old. Minimum supported API version is %s, please upgrade your client to a newer version", api.MinSupportedAPIVersion),
},
{
reqVersion: "9999.9999",
errString: fmt.Sprintf("client version 9999.9999 is too new. Maximum supported API version is %s", api.DefaultVersion),
},
}
for _, test := range tests {
expectedVersion = test.expectedVersion
err := h(ctx, resp, req, map[string]string{"version": test.reqVersion})
if test.errString != "" {
assert.Check(t, is.Error(err, test.errString))
} else {
assert.Check(t, err)
}
if err := h(ctx, resp, req, map[string]string{}); err != nil {
t.Fatal(err)
}
}
func TestVersionMiddlewareWithErrorsReturnsHeaders(t *testing.T) {
func TestVersionMiddlewareWithErrors(t *testing.T) {
handler := func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
v := httputils.VersionFromContext(ctx)
assert.Check(t, len(v) != 0)
if httputils.VersionFromContext(ctx) == "" {
t.Fatalf("Expected version, got empty string")
}
return nil
}
m, err := NewVersionMiddleware("1.2.3", api.DefaultVersion, api.MinSupportedAPIVersion)
assert.NilError(t, err)
defaultVersion := "1.10.0"
minVersion := "1.2.0"
m := NewVersionMiddleware(defaultVersion, defaultVersion, minVersion)
h := m.WrapHandler(handler)
req, _ := http.NewRequest(http.MethodGet, "/containers/json", nil)
req, _ := http.NewRequest("GET", "/containers/json", nil)
resp := httptest.NewRecorder()
ctx := context.Background()
vars := map[string]string{"version": "0.1"}
err = h(ctx, resp, req, vars)
assert.Check(t, is.ErrorContains(err, ""))
err := h(ctx, resp, req, vars)
hdr := resp.Result().Header
assert.Check(t, is.Contains(hdr.Get("Server"), "Docker/1.2.3"))
assert.Check(t, is.Contains(hdr.Get("Server"), runtime.GOOS))
assert.Check(t, is.Equal(hdr.Get("API-Version"), api.DefaultVersion))
assert.Check(t, is.Equal(hdr.Get("OSType"), runtime.GOOS))
if !strings.Contains(err.Error(), "client version 0.1 is too old. Minimum supported API version is 1.2.0") {
t.Fatalf("Expected too old client error, got %v", err)
}
}

41
api/server/profiler.go Normal file
View file

@ -0,0 +1,41 @@
package server
import (
"expvar"
"fmt"
"net/http"
"net/http/pprof"
"github.com/gorilla/mux"
)
const debugPathPrefix = "/debug/"
func profilerSetup(mainRouter *mux.Router) {
var r = mainRouter.PathPrefix(debugPathPrefix).Subrouter()
r.HandleFunc("/vars", expVars)
r.HandleFunc("/pprof/", pprof.Index)
r.HandleFunc("/pprof/cmdline", pprof.Cmdline)
r.HandleFunc("/pprof/profile", pprof.Profile)
r.HandleFunc("/pprof/symbol", pprof.Symbol)
r.HandleFunc("/pprof/trace", pprof.Trace)
r.HandleFunc("/pprof/block", pprof.Handler("block").ServeHTTP)
r.HandleFunc("/pprof/heap", pprof.Handler("heap").ServeHTTP)
r.HandleFunc("/pprof/goroutine", pprof.Handler("goroutine").ServeHTTP)
r.HandleFunc("/pprof/threadcreate", pprof.Handler("threadcreate").ServeHTTP)
}
// Replicated from expvar.go as not public.
func expVars(w http.ResponseWriter, r *http.Request) {
first := true
w.Header().Set("Content-Type", "application/json; charset=utf-8")
fmt.Fprintf(w, "{\n")
expvar.Do(func(kv expvar.KeyValue) {
if !first {
fmt.Fprintf(w, ",\n")
}
first = false
fmt.Fprintf(w, "%q: %s", kv.Key, kv.Value)
})
fmt.Fprintf(w, "\n}\n")
}

View file

@ -1,23 +1,20 @@
package build // import "github.com/docker/docker/api/server/router/build"
package build
import (
"context"
"io"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/backend"
"golang.org/x/net/context"
)
// Backend abstracts an image builder whose only purpose is to build an image referenced by an imageID.
type Backend interface {
// Build a Docker image returning the id of the image
// Build builds a Docker image referenced by an imageID string.
//
// Note: Tagging an image should not be done by a Builder, it should instead be done
// by the caller.
//
// TODO: make this return a reference instead of string
Build(context.Context, backend.BuildConfig) (string, error)
// Prune build cache
PruneCache(context.Context, types.BuildCachePruneOptions) (*types.BuildCachePruneReport, error)
Cancel(context.Context, string) error
}
type experimentalProvider interface {
HasExperimental() bool
BuildFromContext(ctx context.Context, src io.ReadCloser, remote string, buildOptions *types.ImageBuildOptions, pg backend.ProgressWriter) (string, error)
}

View file

@ -1,24 +1,17 @@
package build // import "github.com/docker/docker/api/server/router/build"
package build
import (
"runtime"
"github.com/docker/docker/api/server/router"
"github.com/docker/docker/api/types"
)
import "github.com/docker/docker/api/server/router"
// buildRouter is a router to talk with the build controller
type buildRouter struct {
backend Backend
daemon experimentalProvider
routes []router.Route
}
// NewRouter initializes a new build router
func NewRouter(b Backend, d experimentalProvider) router.Router {
func NewRouter(b Backend) router.Router {
r := &buildRouter{
backend: b,
daemon: d,
}
r.initRoutes()
return r
@ -31,30 +24,6 @@ func (r *buildRouter) Routes() []router.Route {
func (r *buildRouter) initRoutes() {
r.routes = []router.Route{
router.NewPostRoute("/build", r.postBuild),
router.NewPostRoute("/build/prune", r.postPrune),
router.NewPostRoute("/build/cancel", r.postCancel),
router.Cancellable(router.NewPostRoute("/build", r.postBuild)),
}
}
// BuilderVersion derives the default docker builder version from the config.
//
// The default on Linux is version "2" (BuildKit), but the daemon can be
// configured to recommend version "1" (classic Builder). Windows does not
// yet support BuildKit for native Windows images, and uses "1" (classic builder)
// as a default.
//
// This value is only a recommendation as advertised by the daemon, and it is
// up to the client to choose which builder to use.
func BuilderVersion(features map[string]bool) types.BuilderVersion {
// TODO(thaJeztah) move the default to daemon/config
if runtime.GOOS == "windows" {
return types.BuilderV1
}
bv := types.BuilderBuildKit
if v, ok := features["buildkit"]; ok && !v {
bv = types.BuilderV1
}
return bv
}

View file

@ -1,9 +1,7 @@
package build // import "github.com/docker/docker/api/server/router/build"
package build
import (
"bufio"
"bytes"
"context"
"encoding/base64"
"encoding/json"
"fmt"
@ -14,104 +12,81 @@ import (
"strings"
"sync"
"github.com/containerd/log"
"github.com/Sirupsen/logrus"
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/backend"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/filters"
"github.com/docker/docker/api/types/registry"
"github.com/docker/docker/api/types/versions"
"github.com/docker/docker/pkg/ioutils"
"github.com/docker/docker/pkg/progress"
"github.com/docker/docker/pkg/streamformatter"
units "github.com/docker/go-units"
"github.com/pkg/errors"
"github.com/docker/go-units"
"golang.org/x/net/context"
)
type invalidParam struct {
error
}
func (e invalidParam) InvalidParameter() {}
func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBuildOptions, error) {
options := &types.ImageBuildOptions{
Version: types.BuilderV1, // Builder V1 is the default, but can be overridden
Dockerfile: r.FormValue("dockerfile"),
SuppressOutput: httputils.BoolValue(r, "q"),
NoCache: httputils.BoolValue(r, "nocache"),
ForceRemove: httputils.BoolValue(r, "forcerm"),
PullParent: httputils.BoolValue(r, "pull"),
MemorySwap: httputils.Int64ValueOrZero(r, "memswap"),
Memory: httputils.Int64ValueOrZero(r, "memory"),
CPUShares: httputils.Int64ValueOrZero(r, "cpushares"),
CPUPeriod: httputils.Int64ValueOrZero(r, "cpuperiod"),
CPUQuota: httputils.Int64ValueOrZero(r, "cpuquota"),
CPUSetCPUs: r.FormValue("cpusetcpus"),
CPUSetMems: r.FormValue("cpusetmems"),
CgroupParent: r.FormValue("cgroupparent"),
NetworkMode: r.FormValue("networkmode"),
Tags: r.Form["t"],
ExtraHosts: r.Form["extrahosts"],
SecurityOpt: r.Form["securityopt"],
Squash: httputils.BoolValue(r, "squash"),
Target: r.FormValue("target"),
RemoteContext: r.FormValue("remote"),
SessionID: r.FormValue("session"),
BuildID: r.FormValue("buildid"),
}
if runtime.GOOS != "windows" && options.SecurityOpt != nil {
// SecurityOpt only supports "credentials-spec" on Windows, and not used on other platforms.
return nil, invalidParam{errors.New("security options are not supported on " + runtime.GOOS)}
}
if httputils.BoolValue(r, "forcerm") {
version := httputils.VersionFromContext(ctx)
options := &types.ImageBuildOptions{}
if httputils.BoolValue(r, "forcerm") && versions.GreaterThanOrEqualTo(version, "1.12") {
options.Remove = true
} else if r.FormValue("rm") == "" {
} else if r.FormValue("rm") == "" && versions.GreaterThanOrEqualTo(version, "1.12") {
options.Remove = true
} else {
options.Remove = httputils.BoolValue(r, "rm")
}
version := httputils.VersionFromContext(ctx)
if versions.GreaterThanOrEqualTo(version, "1.32") {
options.Platform = r.FormValue("platform")
}
if versions.GreaterThanOrEqualTo(version, "1.40") {
outputsJSON := r.FormValue("outputs")
if outputsJSON != "" {
var outputs []types.ImageBuildOutput
if err := json.Unmarshal([]byte(outputsJSON), &outputs); err != nil {
return nil, invalidParam{errors.Wrap(err, "invalid outputs specified")}
}
options.Outputs = outputs
}
if httputils.BoolValue(r, "pull") && versions.GreaterThanOrEqualTo(version, "1.16") {
options.PullParent = true
}
if s := r.Form.Get("shmsize"); s != "" {
shmSize, err := strconv.ParseInt(s, 10, 64)
options.Dockerfile = r.FormValue("dockerfile")
options.SuppressOutput = httputils.BoolValue(r, "q")
options.NoCache = httputils.BoolValue(r, "nocache")
options.ForceRemove = httputils.BoolValue(r, "forcerm")
options.MemorySwap = httputils.Int64ValueOrZero(r, "memswap")
options.Memory = httputils.Int64ValueOrZero(r, "memory")
options.CPUShares = httputils.Int64ValueOrZero(r, "cpushares")
options.CPUPeriod = httputils.Int64ValueOrZero(r, "cpuperiod")
options.CPUQuota = httputils.Int64ValueOrZero(r, "cpuquota")
options.CPUSetCPUs = r.FormValue("cpusetcpus")
options.CPUSetMems = r.FormValue("cpusetmems")
options.CgroupParent = r.FormValue("cgroupparent")
options.NetworkMode = r.FormValue("networkmode")
options.Tags = r.Form["t"]
options.SecurityOpt = r.Form["securityopt"]
options.Squash = httputils.BoolValue(r, "squash")
if r.Form.Get("shmsize") != "" {
shmSize, err := strconv.ParseInt(r.Form.Get("shmsize"), 10, 64)
if err != nil {
return nil, err
}
options.ShmSize = shmSize
}
if i := r.FormValue("isolation"); i != "" {
options.Isolation = container.Isolation(i)
if !options.Isolation.IsValid() {
return nil, invalidParam{errors.Errorf("unsupported isolation: %q", i)}
if i := container.Isolation(r.FormValue("isolation")); i != "" {
if !container.Isolation.IsValid(i) {
return nil, fmt.Errorf("Unsupported isolation: %q", i)
}
options.Isolation = i
}
if ulimitsJSON := r.FormValue("ulimits"); ulimitsJSON != "" {
buildUlimits := []*units.Ulimit{}
if runtime.GOOS != "windows" && options.SecurityOpt != nil {
return nil, fmt.Errorf("the daemon on this platform does not support --security-opt to build")
}
var buildUlimits = []*units.Ulimit{}
ulimitsJSON := r.FormValue("ulimits")
if ulimitsJSON != "" {
if err := json.Unmarshal([]byte(ulimitsJSON), &buildUlimits); err != nil {
return nil, invalidParam{errors.Wrap(err, "error reading ulimit settings")}
return nil, err
}
options.Ulimits = buildUlimits
}
var buildArgs = map[string]*string{}
buildArgsJSON := r.FormValue("buildargs")
// Note that there are two ways a --build-arg might appear in the
// json of the query param:
// "foo":"bar"
@ -124,189 +99,34 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
// the fact they mentioned it, we need to pass that along to the builder
// so that it can print a warning about "foo" being unused if there is
// no "ARG foo" in the Dockerfile.
if buildArgsJSON := r.FormValue("buildargs"); buildArgsJSON != "" {
buildArgs := map[string]*string{}
if buildArgsJSON != "" {
if err := json.Unmarshal([]byte(buildArgsJSON), &buildArgs); err != nil {
return nil, invalidParam{errors.Wrap(err, "error reading build args")}
return nil, err
}
options.BuildArgs = buildArgs
}
if labelsJSON := r.FormValue("labels"); labelsJSON != "" {
labels := map[string]string{}
var labels = map[string]string{}
labelsJSON := r.FormValue("labels")
if labelsJSON != "" {
if err := json.Unmarshal([]byte(labelsJSON), &labels); err != nil {
return nil, invalidParam{errors.Wrap(err, "error reading labels")}
return nil, err
}
options.Labels = labels
}
if cacheFromJSON := r.FormValue("cachefrom"); cacheFromJSON != "" {
cacheFrom := []string{}
var cacheFrom = []string{}
cacheFromJSON := r.FormValue("cachefrom")
if cacheFromJSON != "" {
if err := json.Unmarshal([]byte(cacheFromJSON), &cacheFrom); err != nil {
return nil, invalidParam{errors.Wrap(err, "error reading cache-from")}
return nil, err
}
options.CacheFrom = cacheFrom
}
if bv := r.FormValue("version"); bv != "" {
v, err := parseVersion(bv)
if err != nil {
return nil, err
}
options.Version = v
}
return options, nil
}
func parseVersion(s string) (types.BuilderVersion, error) {
switch types.BuilderVersion(s) {
case types.BuilderV1:
return types.BuilderV1, nil
case types.BuilderBuildKit:
return types.BuilderBuildKit, nil
default:
return "", invalidParam{errors.Errorf("invalid version %q", s)}
}
}
func (br *buildRouter) postPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
fltrs, err := filters.FromJSON(r.Form.Get("filters"))
if err != nil {
return err
}
ksfv := r.FormValue("keep-storage")
if ksfv == "" {
ksfv = "0"
}
ks, err := strconv.Atoi(ksfv)
if err != nil {
return invalidParam{errors.Wrapf(err, "keep-storage is in bytes and expects an integer, got %v", ksfv)}
}
opts := types.BuildCachePruneOptions{
All: httputils.BoolValue(r, "all"),
Filters: fltrs,
KeepStorage: int64(ks),
}
report, err := br.backend.PruneCache(ctx, opts)
if err != nil {
return err
}
return httputils.WriteJSON(w, http.StatusOK, report)
}
func (br *buildRouter) postCancel(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
w.Header().Set("Content-Type", "application/json")
id := r.FormValue("id")
if id == "" {
return invalidParam{errors.New("build ID not provided")}
}
return br.backend.Cancel(ctx, id)
}
func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
var (
notVerboseBuffer = bytes.NewBuffer(nil)
version = httputils.VersionFromContext(ctx)
)
w.Header().Set("Content-Type", "application/json")
body := r.Body
var ww io.Writer = w
if body != nil {
// there is a possibility that output is written before request body
// has been fully read so we need to protect against it.
// this can be removed when
// https://github.com/golang/go/issues/15527
// https://github.com/golang/go/issues/22209
// has been fixed
body, ww = wrapOutputBufferedUntilRequestRead(body, ww)
}
output := ioutils.NewWriteFlusher(ww)
defer func() { _ = output.Close() }()
errf := func(err error) error {
if httputils.BoolValue(r, "q") && notVerboseBuffer.Len() > 0 {
_, _ = output.Write(notVerboseBuffer.Bytes())
}
// Do not write the error in the http output if it's still empty.
// This prevents from writing a 200(OK) when there is an internal error.
if !output.Flushed() {
return err
}
_, err = output.Write(streamformatter.FormatError(err))
if err != nil {
log.G(ctx).Warnf("could not write error response: %v", err)
}
return nil
}
buildOptions, err := newImageBuildOptions(ctx, r)
if err != nil {
return errf(err)
}
buildOptions.AuthConfigs = getAuthConfigs(r.Header)
if buildOptions.Squash && !br.daemon.HasExperimental() {
return invalidParam{errors.New("squash is only supported with experimental mode")}
}
out := io.Writer(output)
if buildOptions.SuppressOutput {
out = notVerboseBuffer
}
// Currently, only used if context is from a remote url.
// Look at code in DetectContextFromRemoteURL for more information.
createProgressReader := func(in io.ReadCloser) io.ReadCloser {
progressOutput := streamformatter.NewJSONProgressOutput(out, true)
return progress.NewProgressReader(in, progressOutput, r.ContentLength, "Downloading context", buildOptions.RemoteContext)
}
wantAux := versions.GreaterThanOrEqualTo(version, "1.30")
imgID, err := br.backend.Build(ctx, backend.BuildConfig{
Source: body,
Options: buildOptions,
ProgressWriter: buildProgressWriter(out, wantAux, createProgressReader),
})
if err != nil {
return errf(err)
}
// Everything worked so if -q was provided the output from the daemon
// should be just the image ID and we'll print that to stdout.
if buildOptions.SuppressOutput {
_, _ = fmt.Fprintln(streamformatter.NewStdoutWriter(output), imgID)
}
return nil
}
func getAuthConfigs(header http.Header) map[string]registry.AuthConfig {
authConfigs := map[string]registry.AuthConfig{}
authConfigsEncoded := header.Get("X-Registry-Config")
if authConfigsEncoded == "" {
return authConfigs
}
authConfigsJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authConfigsEncoded))
// Pulling an image does not error when no auth is provided so to remain
// consistent with the existing api decode errors are ignored
_ = json.NewDecoder(authConfigsJSON).Decode(&authConfigs)
return authConfigs
}
type syncWriter struct {
w io.Writer
mu sync.Mutex
@ -319,118 +139,87 @@ func (s *syncWriter) Write(b []byte) (count int, err error) {
return
}
func buildProgressWriter(out io.Writer, wantAux bool, createProgressReader func(io.ReadCloser) io.ReadCloser) backend.ProgressWriter {
out = &syncWriter{w: out}
func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
var (
authConfigs = map[string]types.AuthConfig{}
authConfigsEncoded = r.Header.Get("X-Registry-Config")
notVerboseBuffer = bytes.NewBuffer(nil)
)
var aux *streamformatter.AuxFormatter
if wantAux {
aux = &streamformatter.AuxFormatter{Writer: out}
if authConfigsEncoded != "" {
authConfigsJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authConfigsEncoded))
if err := json.NewDecoder(authConfigsJSON).Decode(&authConfigs); err != nil {
// for a pull it is not an error if no auth was given
// to increase compatibility with the existing api it is defaulting
// to be empty.
}
}
return backend.ProgressWriter{
w.Header().Set("Content-Type", "application/json")
output := ioutils.NewWriteFlusher(w)
defer output.Close()
sf := streamformatter.NewJSONStreamFormatter()
errf := func(err error) error {
if httputils.BoolValue(r, "q") && notVerboseBuffer.Len() > 0 {
output.Write(notVerboseBuffer.Bytes())
}
// Do not write the error in the http output if it's still empty.
// This prevents from writing a 200(OK) when there is an internal error.
if !output.Flushed() {
return err
}
_, err = w.Write(sf.FormatError(err))
if err != nil {
logrus.Warnf("could not write error response: %v", err)
}
return nil
}
buildOptions, err := newImageBuildOptions(ctx, r)
if err != nil {
return errf(err)
}
buildOptions.AuthConfigs = authConfigs
remoteURL := r.FormValue("remote")
// Currently, only used if context is from a remote url.
// Look at code in DetectContextFromRemoteURL for more information.
createProgressReader := func(in io.ReadCloser) io.ReadCloser {
progressOutput := sf.NewProgressOutput(output, true)
if buildOptions.SuppressOutput {
progressOutput = sf.NewProgressOutput(notVerboseBuffer, true)
}
return progress.NewProgressReader(in, progressOutput, r.ContentLength, "Downloading context", remoteURL)
}
out := io.Writer(output)
if buildOptions.SuppressOutput {
out = notVerboseBuffer
}
out = &syncWriter{w: out}
stdout := &streamformatter.StdoutFormatter{Writer: out, StreamFormatter: sf}
stderr := &streamformatter.StderrFormatter{Writer: out, StreamFormatter: sf}
pg := backend.ProgressWriter{
Output: out,
StdoutFormatter: streamformatter.NewStdoutWriter(out),
StderrFormatter: streamformatter.NewStderrWriter(out),
AuxFormatter: aux,
StdoutFormatter: stdout,
StderrFormatter: stderr,
ProgressReaderFunc: createProgressReader,
}
}
type flusher interface {
Flush()
}
func wrapOutputBufferedUntilRequestRead(rc io.ReadCloser, out io.Writer) (io.ReadCloser, io.Writer) {
var fl flusher = &ioutils.NopFlusher{}
if f, ok := out.(flusher); ok {
fl = f
}
w := &wcf{
buf: bytes.NewBuffer(nil),
Writer: out,
flusher: fl,
}
r := bufio.NewReader(rc)
_, err := r.Peek(1)
imgID, err := br.backend.BuildFromContext(ctx, r.Body, remoteURL, buildOptions, pg)
if err != nil {
return rc, out
return errf(err)
}
rc = &rcNotifier{
Reader: r,
Closer: rc,
notify: w.notify,
// Everything worked so if -q was provided the output from the daemon
// should be just the image ID and we'll print that to stdout.
if buildOptions.SuppressOutput {
stdout := &streamformatter.StdoutFormatter{Writer: output, StreamFormatter: sf}
fmt.Fprintf(stdout, "%s\n", string(imgID))
}
return rc, w
}
type rcNotifier struct {
io.Reader
io.Closer
notify func()
}
func (r *rcNotifier) Read(b []byte) (int, error) {
n, err := r.Reader.Read(b)
if err != nil {
r.notify()
}
return n, err
}
func (r *rcNotifier) Close() error {
r.notify()
return r.Closer.Close()
}
type wcf struct {
io.Writer
flusher
mu sync.Mutex
ready bool
buf *bytes.Buffer
flushed bool
}
func (w *wcf) Flush() {
w.mu.Lock()
w.flushed = true
if !w.ready {
w.mu.Unlock()
return
}
w.mu.Unlock()
w.flusher.Flush()
}
func (w *wcf) Flushed() bool {
w.mu.Lock()
b := w.flushed
w.mu.Unlock()
return b
}
func (w *wcf) Write(b []byte) (int, error) {
w.mu.Lock()
if !w.ready {
n, err := w.buf.Write(b)
w.mu.Unlock()
return n, err
}
w.mu.Unlock()
return w.Writer.Write(b)
}
func (w *wcf) notify() {
w.mu.Lock()
if !w.ready {
if w.buf.Len() > 0 {
_, _ = io.Copy(w.Writer, w.buf)
}
if w.flushed {
w.flusher.Flush()
}
w.ready = true
}
w.mu.Unlock()
return nil
}

View file

@ -1,10 +1,10 @@
package checkpoint // import "github.com/docker/docker/api/server/router/checkpoint"
package checkpoint
import "github.com/docker/docker/api/types/checkpoint"
import "github.com/docker/docker/api/types"
// Backend for Checkpoint
type Backend interface {
CheckpointCreate(container string, config checkpoint.CreateOptions) error
CheckpointDelete(container string, config checkpoint.DeleteOptions) error
CheckpointList(container string, config checkpoint.ListOptions) ([]checkpoint.Summary, error)
CheckpointCreate(container string, config types.CheckpointCreateOptions) error
CheckpointDelete(container string, config types.CheckpointDeleteOptions) error
CheckpointList(container string, config types.CheckpointListOptions) ([]types.Checkpoint, error)
}

View file

@ -1,4 +1,4 @@
package checkpoint // import "github.com/docker/docker/api/server/router/checkpoint"
package checkpoint
import (
"github.com/docker/docker/api/server/httputils"
@ -29,8 +29,8 @@ func (r *checkpointRouter) Routes() []router.Route {
func (r *checkpointRouter) initRoutes() {
r.routes = []router.Route{
router.NewGetRoute("/containers/{name:.*}/checkpoints", r.getContainerCheckpoints, router.Experimental),
router.NewPostRoute("/containers/{name:.*}/checkpoints", r.postContainerCheckpoint, router.Experimental),
router.NewDeleteRoute("/containers/{name}/checkpoints/{checkpoint}", r.deleteContainerCheckpoint, router.Experimental),
router.Experimental(router.NewGetRoute("/containers/{name:.*}/checkpoints", r.getContainerCheckpoints)),
router.Experimental(router.NewPostRoute("/containers/{name:.*}/checkpoints", r.postContainerCheckpoint)),
router.Experimental(router.NewDeleteRoute("/containers/{name}/checkpoints/{checkpoint}", r.deleteContainerCheckpoint)),
}
}

View file

@ -1,11 +1,12 @@
package checkpoint // import "github.com/docker/docker/api/server/router/checkpoint"
package checkpoint
import (
"context"
"encoding/json"
"net/http"
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/api/types/checkpoint"
"github.com/docker/docker/api/types"
"golang.org/x/net/context"
)
func (s *checkpointRouter) postContainerCheckpoint(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@ -13,8 +14,10 @@ func (s *checkpointRouter) postContainerCheckpoint(ctx context.Context, w http.R
return err
}
var options checkpoint.CreateOptions
if err := httputils.ReadJSON(r, &options); err != nil {
var options types.CheckpointCreateOptions
decoder := json.NewDecoder(r.Body)
if err := decoder.Decode(&options); err != nil {
return err
}
@ -32,9 +35,10 @@ func (s *checkpointRouter) getContainerCheckpoints(ctx context.Context, w http.R
return err
}
checkpoints, err := s.backend.CheckpointList(vars["name"], checkpoint.ListOptions{
checkpoints, err := s.backend.CheckpointList(vars["name"], types.CheckpointListOptions{
CheckpointDir: r.Form.Get("dir"),
})
if err != nil {
return err
}
@ -47,10 +51,11 @@ func (s *checkpointRouter) deleteContainerCheckpoint(ctx context.Context, w http
return err
}
err := s.backend.CheckpointDelete(vars["name"], checkpoint.DeleteOptions{
err := s.backend.CheckpointDelete(vars["name"], types.CheckpointDeleteOptions{
CheckpointDir: r.Form.Get("dir"),
CheckpointID: vars["checkpoint"],
})
if err != nil {
return err
}

View file

@ -1,14 +1,15 @@
package container // import "github.com/docker/docker/api/server/router/container"
package container
import (
"context"
"io"
"time"
"golang.org/x/net/context"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/backend"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/filters"
containerpkg "github.com/docker/docker/container"
"github.com/docker/docker/pkg/archive"
)
@ -17,42 +18,44 @@ type execBackend interface {
ContainerExecCreate(name string, config *types.ExecConfig) (string, error)
ContainerExecInspect(id string) (*backend.ExecInspect, error)
ContainerExecResize(name string, height, width int) error
ContainerExecStart(ctx context.Context, name string, options container.ExecStartOptions) error
ContainerExecStart(ctx context.Context, name string, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer) error
ExecExists(name string) (bool, error)
}
// copyBackend includes functions to implement to provide container copy functionality.
type copyBackend interface {
ContainerArchivePath(name string, path string) (content io.ReadCloser, stat *types.ContainerPathStat, err error)
ContainerExport(ctx context.Context, name string, out io.Writer) error
ContainerExtractToDir(name, path string, copyUIDGID, noOverwriteDirNonDir bool, content io.Reader) error
ContainerCopy(name string, res string) (io.ReadCloser, error)
ContainerExport(name string, out io.Writer) error
ContainerExtractToDir(name, path string, noOverwriteDirNonDir bool, content io.Reader) error
ContainerStatPath(name string, path string) (stat *types.ContainerPathStat, err error)
}
// stateBackend includes functions to implement to provide container state lifecycle functionality.
type stateBackend interface {
ContainerCreate(ctx context.Context, config backend.ContainerCreateConfig) (container.CreateResponse, error)
ContainerKill(name string, signal string) error
ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
ContainerKill(name string, sig uint64) error
ContainerPause(name string) error
ContainerRename(oldName, newName string) error
ContainerResize(name string, height, width int) error
ContainerRestart(ctx context.Context, name string, options container.StopOptions) error
ContainerRm(name string, config *backend.ContainerRmConfig) error
ContainerStart(ctx context.Context, name string, checkpoint string, checkpointDir string) error
ContainerStop(ctx context.Context, name string, options container.StopOptions) error
ContainerRestart(name string, seconds *int) error
ContainerRm(name string, config *types.ContainerRmConfig) error
ContainerStart(name string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error
ContainerStop(name string, seconds *int) error
ContainerUnpause(name string) error
ContainerUpdate(name string, hostConfig *container.HostConfig) (container.ContainerUpdateOKBody, error)
ContainerWait(ctx context.Context, name string, condition containerpkg.WaitCondition) (<-chan containerpkg.StateStatus, error)
ContainerWait(name string, timeout time.Duration) (int, error)
}
// monitorBackend includes functions to implement to provide containers monitoring functionality.
type monitorBackend interface {
ContainerChanges(ctx context.Context, name string) ([]archive.Change, error)
ContainerInspect(ctx context.Context, name string, size bool, version string) (interface{}, error)
ContainerLogs(ctx context.Context, name string, config *container.LogsOptions) (msgs <-chan *backend.LogMessage, tty bool, err error)
ContainerChanges(name string) ([]archive.Change, error)
ContainerInspect(name string, size bool, version string) (interface{}, error)
ContainerLogs(ctx context.Context, name string, config *backend.ContainerLogsConfig, started chan struct{}) error
ContainerStats(ctx context.Context, name string, config *backend.ContainerStatsConfig) error
ContainerTop(name string, psArgs string) (*container.ContainerTopOKBody, error)
Containers(ctx context.Context, config *container.ListOptions) ([]*types.Container, error)
ContainerTop(name string, psArgs string) (*types.ContainerProcessList, error)
Containers(config *types.ContainerListOptions) ([]*types.Container, error)
}
// attachBackend includes function to implement to provide container attaching functionality.
@ -62,16 +65,11 @@ type attachBackend interface {
// systemBackend includes functions to implement to provide system wide containers functionality
type systemBackend interface {
ContainersPrune(ctx context.Context, pruneFilters filters.Args) (*types.ContainersPruneReport, error)
}
type commitBackend interface {
CreateImageFromContainer(ctx context.Context, name string, config *backend.CreateImageConfig) (imageID string, err error)
ContainersPrune(pruneFilters filters.Args) (*types.ContainersPruneReport, error)
}
// Backend is all the methods that need to be implemented to provide container specific functionality.
type Backend interface {
commitBackend
execBackend
copyBackend
stateBackend

View file

@ -1,24 +1,30 @@
package container // import "github.com/docker/docker/api/server/router/container"
package container
import (
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/api/server/router"
)
type validationError struct {
error
}
func (validationError) IsValidationError() bool {
return true
}
// containerRouter is a router to talk with the container controller
type containerRouter struct {
backend Backend
decoder httputils.ContainerDecoder
routes []router.Route
cgroup2 bool
}
// NewRouter initializes a new container router
func NewRouter(b Backend, decoder httputils.ContainerDecoder, cgroup2 bool) router.Router {
func NewRouter(b Backend, decoder httputils.ContainerDecoder) router.Router {
r := &containerRouter{
backend: b,
decoder: decoder,
cgroup2: cgroup2,
}
r.initRoutes()
return r
@ -40,8 +46,8 @@ func (r *containerRouter) initRoutes() {
router.NewGetRoute("/containers/{name:.*}/changes", r.getContainersChanges),
router.NewGetRoute("/containers/{name:.*}/json", r.getContainersByName),
router.NewGetRoute("/containers/{name:.*}/top", r.getContainersTop),
router.NewGetRoute("/containers/{name:.*}/logs", r.getContainersLogs),
router.NewGetRoute("/containers/{name:.*}/stats", r.getContainersStats),
router.Cancellable(router.NewGetRoute("/containers/{name:.*}/logs", r.getContainersLogs)),
router.Cancellable(router.NewGetRoute("/containers/{name:.*}/stats", r.getContainersStats)),
router.NewGetRoute("/containers/{name:.*}/attach/ws", r.wsContainersAttach),
router.NewGetRoute("/exec/{id:.*}/json", r.getExecByID),
router.NewGetRoute("/containers/{name:.*}/archive", r.getContainersArchive),
@ -56,13 +62,13 @@ func (r *containerRouter) initRoutes() {
router.NewPostRoute("/containers/{name:.*}/wait", r.postContainersWait),
router.NewPostRoute("/containers/{name:.*}/resize", r.postContainersResize),
router.NewPostRoute("/containers/{name:.*}/attach", r.postContainersAttach),
router.NewPostRoute("/containers/{name:.*}/copy", r.postContainersCopy), // Deprecated since 1.8, Errors out since 1.12
router.NewPostRoute("/containers/{name:.*}/exec", r.postContainerExecCreate),
router.NewPostRoute("/exec/{name:.*}/start", r.postContainerExecStart),
router.NewPostRoute("/exec/{name:.*}/resize", r.postContainerExecResize),
router.NewPostRoute("/containers/{name:.*}/rename", r.postContainerRename),
router.NewPostRoute("/containers/{name:.*}/update", r.postContainerUpdate),
router.NewPostRoute("/containers/prune", r.postContainersPrune),
router.NewPostRoute("/commit", r.postCommit),
// PUT
router.NewPutRoute("/containers/{name:.*}/archive", r.putContainersArchive),
// DELETE

View file

@ -1,79 +1,37 @@
package container // import "github.com/docker/docker/api/server/router/container"
package container
import (
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"runtime"
"strconv"
"strings"
"syscall"
"time"
"github.com/containerd/containerd/platforms"
"github.com/containerd/log"
"github.com/docker/docker/api/server/httpstatus"
"github.com/Sirupsen/logrus"
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/backend"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/filters"
"github.com/docker/docker/api/types/mount"
"github.com/docker/docker/api/types/network"
"github.com/docker/docker/api/types/versions"
containerpkg "github.com/docker/docker/container"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/pkg/ioutils"
"github.com/docker/docker/runconfig"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
"github.com/docker/docker/pkg/signal"
"golang.org/x/net/context"
"golang.org/x/net/websocket"
)
func (s *containerRouter) postCommit(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
if err := httputils.CheckForJSON(r); err != nil {
return err
}
config, _, _, err := s.decoder.DecodeConfig(r.Body)
if err != nil && !errors.Is(err, io.EOF) { // Do not fail if body is empty.
return err
}
ref, err := httputils.RepoTagReference(r.Form.Get("repo"), r.Form.Get("tag"))
if err != nil {
return errdefs.InvalidParameter(err)
}
imgID, err := s.backend.CreateImageFromContainer(ctx, r.Form.Get("container"), &backend.CreateImageConfig{
Pause: httputils.BoolValueOrDefault(r, "pause", true), // TODO(dnephin): remove pause arg, and always pause in backend
Tag: ref,
Author: r.Form.Get("author"),
Comment: r.Form.Get("comment"),
Config: config,
Changes: r.Form["changes"],
})
if err != nil {
return err
}
return httputils.WriteJSON(w, http.StatusCreated, &types.IDResponse{ID: imgID})
}
func (s *containerRouter) getContainersJSON(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
filter, err := filters.FromJSON(r.Form.Get("filters"))
filter, err := filters.FromParam(r.Form.Get("filters"))
if err != nil {
return err
}
config := &container.ListOptions{
config := &types.ContainerListOptions{
All: httputils.BoolValue(r, "all"),
Size: httputils.BoolValue(r, "size"),
Since: r.Form.Get("since"),
@ -89,7 +47,7 @@ func (s *containerRouter) getContainersJSON(ctx context.Context, w http.Response
config.Limit = limit
}
containers, err := s.backend.Containers(ctx, config)
containers, err := s.backend.Containers(config)
if err != nil {
return err
}
@ -106,16 +64,14 @@ func (s *containerRouter) getContainersStats(ctx context.Context, w http.Respons
if !stream {
w.Header().Set("Content-Type", "application/json")
}
var oneShot bool
if versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.41") {
oneShot = httputils.BoolValueOrDefault(r, "one-shot", false)
config := &backend.ContainerStatsConfig{
Stream: stream,
OutStream: w,
Version: string(httputils.VersionFromContext(ctx)),
}
return s.backend.ContainerStats(ctx, vars["name"], &backend.ContainerStatsConfig{
Stream: stream,
OneShot: oneShot,
OutStream: w,
})
return s.backend.ContainerStats(ctx, vars["name"], config)
}
func (s *containerRouter) getContainersLogs(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@ -130,42 +86,41 @@ func (s *containerRouter) getContainersLogs(ctx context.Context, w http.Response
// with the appropriate status code.
stdout, stderr := httputils.BoolValue(r, "stdout"), httputils.BoolValue(r, "stderr")
if !(stdout || stderr) {
return errdefs.InvalidParameter(errors.New("Bad parameters: you must choose at least one stream"))
return fmt.Errorf("Bad parameters: you must choose at least one stream")
}
containerName := vars["name"]
logsConfig := &container.LogsOptions{
Follow: httputils.BoolValue(r, "follow"),
Timestamps: httputils.BoolValue(r, "timestamps"),
Since: r.Form.Get("since"),
Until: r.Form.Get("until"),
Tail: r.Form.Get("tail"),
ShowStdout: stdout,
ShowStderr: stderr,
Details: httputils.BoolValue(r, "details"),
logsConfig := &backend.ContainerLogsConfig{
ContainerLogsOptions: types.ContainerLogsOptions{
Follow: httputils.BoolValue(r, "follow"),
Timestamps: httputils.BoolValue(r, "timestamps"),
Since: r.Form.Get("since"),
Tail: r.Form.Get("tail"),
ShowStdout: stdout,
ShowStderr: stderr,
Details: httputils.BoolValue(r, "details"),
},
OutStream: w,
}
msgs, tty, err := s.backend.ContainerLogs(ctx, containerName, logsConfig)
if err != nil {
return err
chStarted := make(chan struct{})
if err := s.backend.ContainerLogs(ctx, containerName, logsConfig, chStarted); err != nil {
select {
case <-chStarted:
// The client may be expecting all of the data we're sending to
// be multiplexed, so send it through OutStream, which will
// have been set up to handle that if needed.
fmt.Fprintf(logsConfig.OutStream, "Error running logs job: %v\n", err)
default:
return err
}
}
contentType := types.MediaTypeRawStream
if !tty && versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
contentType = types.MediaTypeMultiplexedStream
}
w.Header().Set("Content-Type", contentType)
// if has a tty, we're not muxing streams. if it doesn't, we are. simple.
// this is the point of no return for writing a response. once we call
// WriteLogStream, the response has been started and errors will be
// returned in band by WriteLogStream
httputils.WriteLogStream(ctx, w, msgs, logsConfig, !tty)
return nil
}
func (s *containerRouter) getContainersExport(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
return s.backend.ContainerExport(ctx, vars["name"], w)
return s.backend.ContainerExport(vars["name"], w)
}
func (s *containerRouter) postContainersStart(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@ -175,17 +130,33 @@ func (s *containerRouter) postContainersStart(ctx context.Context, w http.Respon
// net/http otherwise seems to swallow any headers related to chunked encoding
// including r.TransferEncoding
// allow a nil body for backwards compatibility
//
version := httputils.VersionFromContext(ctx)
var hostConfig *container.HostConfig
// A non-nil json object is at least 7 characters.
if r.ContentLength > 7 || r.ContentLength == -1 {
return errdefs.InvalidParameter(errors.New("starting container with non-empty request body was deprecated since API v1.22 and removed in v1.24"))
if versions.GreaterThanOrEqualTo(version, "1.24") {
return validationError{fmt.Errorf("starting container with non-empty request body was deprecated since v1.10 and removed in v1.12")}
}
if err := httputils.CheckForJSON(r); err != nil {
return err
}
c, err := s.decoder.DecodeHostConfig(r.Body)
if err != nil {
return err
}
hostConfig = c
}
if err := httputils.ParseForm(r); err != nil {
return err
}
if err := s.backend.ContainerStart(ctx, vars["name"], r.Form.Get("checkpoint"), r.Form.Get("checkpoint-dir")); err != nil {
checkpoint := r.Form.Get("checkpoint")
checkpointDir := r.Form.Get("checkpoint-dir")
if err := s.backend.ContainerStart(vars["name"], hostConfig, checkpoint, checkpointDir); err != nil {
return err
}
@ -198,37 +169,56 @@ func (s *containerRouter) postContainersStop(ctx context.Context, w http.Respons
return err
}
var (
options container.StopOptions
version = httputils.VersionFromContext(ctx)
)
if versions.GreaterThanOrEqualTo(version, "1.42") {
options.Signal = r.Form.Get("signal")
}
var seconds *int
if tmpSeconds := r.Form.Get("t"); tmpSeconds != "" {
valSeconds, err := strconv.Atoi(tmpSeconds)
if err != nil {
return err
}
options.Timeout = &valSeconds
seconds = &valSeconds
}
if err := s.backend.ContainerStop(ctx, vars["name"], options); err != nil {
if err := s.backend.ContainerStop(vars["name"], seconds); err != nil {
return err
}
w.WriteHeader(http.StatusNoContent)
return nil
}
func (s *containerRouter) postContainersKill(_ context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
type errContainerIsRunning interface {
ContainerIsRunning() bool
}
func (s *containerRouter) postContainersKill(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
var sig syscall.Signal
name := vars["name"]
if err := s.backend.ContainerKill(name, r.Form.Get("signal")); err != nil {
return errors.Wrapf(err, "cannot kill container: %s", name)
// If we have a signal, look at it. Otherwise, do nothing
if sigStr := r.Form.Get("signal"); sigStr != "" {
var err error
if sig, err = signal.ParseSignal(sigStr); err != nil {
return err
}
}
if err := s.backend.ContainerKill(name, uint64(sig)); err != nil {
var isStopped bool
if e, ok := err.(errContainerIsRunning); ok {
isStopped = !e.ContainerIsRunning()
}
// Return error that's not caused because the container is stopped.
// Return error if the container is not running and the api is >= 1.20
// to keep backwards compatibility.
version := httputils.VersionFromContext(ctx)
if versions.GreaterThanOrEqualTo(version, "1.20") || !isStopped {
return fmt.Errorf("Cannot kill container %s: %v", name, err)
}
}
w.WriteHeader(http.StatusNoContent)
@ -240,26 +230,21 @@ func (s *containerRouter) postContainersRestart(ctx context.Context, w http.Resp
return err
}
var (
options container.StopOptions
version = httputils.VersionFromContext(ctx)
)
if versions.GreaterThanOrEqualTo(version, "1.42") {
options.Signal = r.Form.Get("signal")
}
var seconds *int
if tmpSeconds := r.Form.Get("t"); tmpSeconds != "" {
valSeconds, err := strconv.Atoi(tmpSeconds)
if err != nil {
return err
}
options.Timeout = &valSeconds
seconds = &valSeconds
}
if err := s.backend.ContainerRestart(ctx, vars["name"], options); err != nil {
if err := s.backend.ContainerRestart(vars["name"], seconds); err != nil {
return err
}
w.WriteHeader(http.StatusNoContent)
return nil
}
@ -292,72 +277,18 @@ func (s *containerRouter) postContainersUnpause(ctx context.Context, w http.Resp
}
func (s *containerRouter) postContainersWait(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
// Behavior changed in version 1.30 to handle wait condition and to
// return headers immediately.
version := httputils.VersionFromContext(ctx)
legacyBehaviorPre130 := versions.LessThan(version, "1.30")
legacyRemovalWaitPre134 := false
// The wait condition defaults to "not-running".
waitCondition := containerpkg.WaitConditionNotRunning
if !legacyBehaviorPre130 {
if err := httputils.ParseForm(r); err != nil {
return err
}
if v := r.Form.Get("condition"); v != "" {
switch container.WaitCondition(v) {
case container.WaitConditionNotRunning:
waitCondition = containerpkg.WaitConditionNotRunning
case container.WaitConditionNextExit:
waitCondition = containerpkg.WaitConditionNextExit
case container.WaitConditionRemoved:
waitCondition = containerpkg.WaitConditionRemoved
legacyRemovalWaitPre134 = versions.LessThan(version, "1.34")
default:
return errdefs.InvalidParameter(errors.Errorf("invalid condition: %q", v))
}
}
}
waitC, err := s.backend.ContainerWait(ctx, vars["name"], waitCondition)
status, err := s.backend.ContainerWait(vars["name"], -1*time.Second)
if err != nil {
return err
}
w.Header().Set("Content-Type", "application/json")
if !legacyBehaviorPre130 {
// Write response header immediately.
w.WriteHeader(http.StatusOK)
if flusher, ok := w.(http.Flusher); ok {
flusher.Flush()
}
}
// Block on the result of the wait operation.
status := <-waitC
// With API < 1.34, wait on WaitConditionRemoved did not return
// in case container removal failed. The only way to report an
// error back to the client is to not write anything (i.e. send
// an empty response which will be treated as an error).
if legacyRemovalWaitPre134 && status.Err() != nil {
return nil
}
var waitError *container.WaitExitError
if status.Err() != nil {
waitError = &container.WaitExitError{Message: status.Err().Error()}
}
return json.NewEncoder(w).Encode(&container.WaitResponse{
StatusCode: int64(status.ExitCode()),
Error: waitError,
return httputils.WriteJSON(w, http.StatusOK, &container.ContainerWaitOKBody{
StatusCode: int64(status),
})
}
func (s *containerRouter) getContainersChanges(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
changes, err := s.backend.ContainerChanges(ctx, vars["name"])
changes, err := s.backend.ContainerChanges(vars["name"])
if err != nil {
return err
}
@ -396,26 +327,15 @@ func (s *containerRouter) postContainerUpdate(ctx context.Context, w http.Respon
if err := httputils.ParseForm(r); err != nil {
return err
}
var updateConfig container.UpdateConfig
if err := httputils.ReadJSON(r, &updateConfig); err != nil {
if err := httputils.CheckForJSON(r); err != nil {
return err
}
if versions.LessThan(httputils.VersionFromContext(ctx), "1.40") {
updateConfig.PidsLimit = nil
}
if versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
// Ignore KernelMemory removed in API 1.42.
updateConfig.KernelMemory = 0
}
var updateConfig container.UpdateConfig
if updateConfig.PidsLimit != nil && *updateConfig.PidsLimit <= 0 {
// Both `0` and `-1` are accepted to set "unlimited" when updating.
// Historically, any negative value was accepted, so treat them as
// "unlimited" as well.
var unlimited int64
updateConfig.PidsLimit = &unlimited
decoder := json.NewDecoder(r.Body)
if err := decoder.Decode(&updateConfig); err != nil {
return err
}
hostConfig := &container.HostConfig{
@ -444,290 +364,37 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
config, hostConfig, networkingConfig, err := s.decoder.DecodeConfig(r.Body)
if err != nil {
if errors.Is(err, io.EOF) {
return errdefs.InvalidParameter(errors.New("invalid JSON: got EOF while reading request body"))
}
return err
}
if config == nil {
return errdefs.InvalidParameter(runconfig.ErrEmptyConfig)
}
if hostConfig == nil {
hostConfig = &container.HostConfig{}
}
if networkingConfig == nil {
networkingConfig = &network.NetworkingConfig{}
}
if networkingConfig.EndpointsConfig == nil {
networkingConfig.EndpointsConfig = make(map[string]*network.EndpointSettings)
}
// The NetworkMode "default" is used as a way to express a container should
// be attached to the OS-dependant default network, in an OS-independent
// way. Doing this conversion as soon as possible ensures we have less
// NetworkMode to handle down the path (including in the
// backward-compatibility layer we have just below).
//
// Note that this is not the only place where this conversion has to be
// done (as there are various other places where containers get created).
if hostConfig.NetworkMode == "" || hostConfig.NetworkMode.IsDefault() {
hostConfig.NetworkMode = runconfig.DefaultDaemonNetworkMode()
if nw, ok := networkingConfig.EndpointsConfig[network.NetworkDefault]; ok {
networkingConfig.EndpointsConfig[hostConfig.NetworkMode.NetworkName()] = nw
delete(networkingConfig.EndpointsConfig, network.NetworkDefault)
}
}
version := httputils.VersionFromContext(ctx)
adjustCPUShares := versions.LessThan(version, "1.19")
// When using API 1.24 and under, the client is responsible for removing the container
if versions.LessThan(version, "1.25") {
if hostConfig != nil && versions.LessThan(version, "1.25") {
hostConfig.AutoRemove = false
}
if versions.LessThan(version, "1.40") {
// Ignore BindOptions.NonRecursive because it was added in API 1.40.
for _, m := range hostConfig.Mounts {
if bo := m.BindOptions; bo != nil {
bo.NonRecursive = false
}
}
// Ignore KernelMemoryTCP because it was added in API 1.40.
hostConfig.KernelMemoryTCP = 0
// Older clients (API < 1.40) expects the default to be shareable, make them happy
if hostConfig.IpcMode.IsEmpty() {
hostConfig.IpcMode = container.IPCModeShareable
}
}
if versions.LessThan(version, "1.41") {
// Older clients expect the default to be "host" on cgroup v1 hosts
if !s.cgroup2 && hostConfig.CgroupnsMode.IsEmpty() {
hostConfig.CgroupnsMode = container.CgroupnsModeHost
}
}
var platform *ocispec.Platform
if versions.GreaterThanOrEqualTo(version, "1.41") {
if v := r.Form.Get("platform"); v != "" {
p, err := platforms.Parse(v)
if err != nil {
return errdefs.InvalidParameter(err)
}
platform = &p
}
}
if versions.LessThan(version, "1.42") {
for _, m := range hostConfig.Mounts {
// Ignore BindOptions.CreateMountpoint because it was added in API 1.42.
if bo := m.BindOptions; bo != nil {
bo.CreateMountpoint = false
}
// These combinations are invalid, but weren't validated in API < 1.42.
// We reset them here, so that validation doesn't produce an error.
if o := m.VolumeOptions; o != nil && m.Type != mount.TypeVolume {
m.VolumeOptions = nil
}
if o := m.TmpfsOptions; o != nil && m.Type != mount.TypeTmpfs {
m.TmpfsOptions = nil
}
if bo := m.BindOptions; bo != nil {
// Ignore BindOptions.CreateMountpoint because it was added in API 1.42.
bo.CreateMountpoint = false
}
}
if runtime.GOOS == "linux" {
// ConsoleSize is not respected by Linux daemon before API 1.42
hostConfig.ConsoleSize = [2]uint{0, 0}
}
}
if versions.GreaterThanOrEqualTo(version, "1.42") {
// Ignore KernelMemory removed in API 1.42.
hostConfig.KernelMemory = 0
for _, m := range hostConfig.Mounts {
if o := m.VolumeOptions; o != nil && m.Type != mount.TypeVolume {
return errdefs.InvalidParameter(fmt.Errorf("VolumeOptions must not be specified on mount type %q", m.Type))
}
if o := m.BindOptions; o != nil && m.Type != mount.TypeBind {
return errdefs.InvalidParameter(fmt.Errorf("BindOptions must not be specified on mount type %q", m.Type))
}
if o := m.TmpfsOptions; o != nil && m.Type != mount.TypeTmpfs {
return errdefs.InvalidParameter(fmt.Errorf("TmpfsOptions must not be specified on mount type %q", m.Type))
}
}
}
if versions.LessThan(version, "1.43") {
// Ignore Annotations because it was added in API v1.43.
hostConfig.Annotations = nil
}
defaultReadOnlyNonRecursive := false
if versions.LessThan(version, "1.44") {
if config.Healthcheck != nil {
// StartInterval was added in API 1.44
config.Healthcheck.StartInterval = 0
}
// Set ReadOnlyNonRecursive to true because it was added in API 1.44
// Before that all read-only mounts were non-recursive.
// Keep that behavior for clients on older APIs.
defaultReadOnlyNonRecursive = true
for _, m := range hostConfig.Mounts {
if m.Type == mount.TypeBind {
if m.BindOptions != nil && m.BindOptions.ReadOnlyForceRecursive {
// NOTE: that technically this is a breaking change for older
// API versions, and we should ignore the new field.
// However, this option may be incorrectly set by a client with
// the expectation that the failing to apply recursive read-only
// is enforced, so we decided to produce an error instead,
// instead of silently ignoring.
return errdefs.InvalidParameter(errors.New("BindOptions.ReadOnlyForceRecursive needs API v1.44 or newer"))
}
}
}
// Creating a container connected to several networks is not supported until v1.44.
if len(networkingConfig.EndpointsConfig) > 1 {
l := make([]string, 0, len(networkingConfig.EndpointsConfig))
for k := range networkingConfig.EndpointsConfig {
l = append(l, k)
}
return errdefs.InvalidParameter(errors.Errorf("Container cannot be created with multiple network endpoints: %s", strings.Join(l, ", ")))
}
}
if versions.LessThan(version, "1.45") {
for _, m := range hostConfig.Mounts {
if m.VolumeOptions != nil && m.VolumeOptions.Subpath != "" {
return errdefs.InvalidParameter(errors.New("VolumeOptions.Subpath needs API v1.45 or newer"))
}
}
}
var warnings []string
if warn, err := handleMACAddressBC(config, hostConfig, networkingConfig, version); err != nil {
return err
} else if warn != "" {
warnings = append(warnings, warn)
}
if hostConfig.PidsLimit != nil && *hostConfig.PidsLimit <= 0 {
// Don't set a limit if either no limit was specified, or "unlimited" was
// explicitly set.
// Both `0` and `-1` are accepted as "unlimited", and historically any
// negative value was accepted, so treat those as "unlimited" as well.
hostConfig.PidsLimit = nil
}
ccr, err := s.backend.ContainerCreate(ctx, backend.ContainerCreateConfig{
Name: name,
Config: config,
HostConfig: hostConfig,
NetworkingConfig: networkingConfig,
Platform: platform,
DefaultReadOnlyNonRecursive: defaultReadOnlyNonRecursive,
ccr, err := s.backend.ContainerCreate(types.ContainerCreateConfig{
Name: name,
Config: config,
HostConfig: hostConfig,
NetworkingConfig: networkingConfig,
AdjustCPUShares: adjustCPUShares,
})
if err != nil {
return err
}
ccr.Warnings = append(ccr.Warnings, warnings...)
return httputils.WriteJSON(w, http.StatusCreated, ccr)
}
// handleMACAddressBC takes care of backward-compatibility for the container-wide MAC address by mutating the
// networkingConfig to set the endpoint-specific MACAddress field introduced in API v1.44. It returns a warning message
// or an error if the container-wide field was specified for API >= v1.44.
func handleMACAddressBC(config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, version string) (string, error) {
deprecatedMacAddress := config.MacAddress //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
// For older versions of the API, migrate the container-wide MAC address to EndpointsConfig.
if versions.LessThan(version, "1.44") {
if deprecatedMacAddress == "" {
// If a MAC address is supplied in EndpointsConfig, discard it because the old API
// would have ignored it.
for _, ep := range networkingConfig.EndpointsConfig {
ep.MacAddress = ""
}
return "", nil
}
if !hostConfig.NetworkMode.IsBridge() && !hostConfig.NetworkMode.IsUserDefined() {
return "", runconfig.ErrConflictContainerNetworkAndMac
}
// There cannot be more than one entry in EndpointsConfig with API < 1.44.
// If there's no EndpointsConfig, create a place to store the configured address. It is
// safe to use NetworkMode as the network name, whether it's a name or id/short-id, as
// it will be normalised later and there is no other EndpointSettings object that might
// refer to this network/endpoint.
if len(networkingConfig.EndpointsConfig) == 0 {
nwName := hostConfig.NetworkMode.NetworkName()
networkingConfig.EndpointsConfig[nwName] = &network.EndpointSettings{}
}
// There's exactly one network in EndpointsConfig, either from the API or just-created.
// Migrate the container-wide setting to it.
// No need to check for a match between NetworkMode and the names/ids in EndpointsConfig,
// the old version of the API would have applied the address to this network anyway.
for _, ep := range networkingConfig.EndpointsConfig {
ep.MacAddress = deprecatedMacAddress
}
return "", nil
}
// The container-wide MacAddress parameter is deprecated and should now be specified in EndpointsConfig.
if deprecatedMacAddress == "" {
return "", nil
}
var warning string
if hostConfig.NetworkMode.IsBridge() || hostConfig.NetworkMode.IsUserDefined() {
nwName := hostConfig.NetworkMode.NetworkName()
// If there's no endpoint config, create a place to store the configured address.
if len(networkingConfig.EndpointsConfig) == 0 {
networkingConfig.EndpointsConfig[nwName] = &network.EndpointSettings{
MacAddress: deprecatedMacAddress,
}
} else {
// There is existing endpoint config - if it's not indexed by NetworkMode.Name(), we
// can't tell which network the container-wide settings was intended for. NetworkMode,
// the keys in EndpointsConfig and the NetworkID in EndpointsConfig may mix network
// name/id/short-id. It's not safe to create EndpointsConfig under the NetworkMode
// name to store the container-wide MAC address, because that may result in two sets
// of EndpointsConfig for the same network and one set will be discarded later. So,
// reject the request ...
ep, ok := networkingConfig.EndpointsConfig[nwName]
if !ok {
return "", errdefs.InvalidParameter(errors.New("if a container-wide MAC address is supplied, HostConfig.NetworkMode must match the identity of a network in NetworkSettings.Networks"))
}
// ep is the endpoint that needs the container-wide MAC address; migrate the address
// to it, or bail out if there's a mismatch.
if ep.MacAddress == "" {
ep.MacAddress = deprecatedMacAddress
} else if ep.MacAddress != deprecatedMacAddress {
return "", errdefs.InvalidParameter(errors.New("the container-wide MAC address must match the endpoint-specific MAC address for the main network, or be left empty"))
}
}
}
warning = "The container-wide MacAddress field is now deprecated. It should be specified in EndpointsConfig instead."
config.MacAddress = "" //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
return warning, nil
}
func (s *containerRouter) deleteContainers(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
name := vars["name"]
config := &backend.ContainerRmConfig{
config := &types.ContainerRmConfig{
ForceRemove: httputils.BoolValue(r, "force"),
RemoveVolume: httputils.BoolValue(r, "v"),
RemoveLink: httputils.BoolValue(r, "link"),
@ -749,11 +416,11 @@ func (s *containerRouter) postContainersResize(ctx context.Context, w http.Respo
height, err := strconv.Atoi(r.Form.Get("h"))
if err != nil {
return errdefs.InvalidParameter(err)
return err
}
width, err := strconv.Atoi(r.Form.Get("w"))
if err != nil {
return errdefs.InvalidParameter(err)
return err
}
return s.backend.ContainerResize(vars["name"], height, width)
@ -771,11 +438,10 @@ func (s *containerRouter) postContainersAttach(ctx context.Context, w http.Respo
hijacker, ok := w.(http.Hijacker)
if !ok {
return errdefs.InvalidParameter(errors.Errorf("error attaching to container %s, hijack connection missing", containerName))
return fmt.Errorf("error attaching to container %s, hijack connection missing", containerName)
}
contentType := types.MediaTypeRawStream
setupStreams := func(multiplexed bool) (io.ReadCloser, io.Writer, io.Writer, error) {
setupStreams := func() (io.ReadCloser, io.Writer, io.Writer, error) {
conn, _, err := hijacker.Hijack()
if err != nil {
return nil, nil, nil, err
@ -785,10 +451,7 @@ func (s *containerRouter) postContainersAttach(ctx context.Context, w http.Respo
conn.Write([]byte{})
if upgrade {
if multiplexed && versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
contentType = types.MediaTypeMultiplexedStream
}
fmt.Fprintf(conn, "HTTP/1.1 101 UPGRADED\r\nContent-Type: "+contentType+"\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n")
fmt.Fprintf(conn, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n")
} else {
fmt.Fprintf(conn, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
}
@ -812,16 +475,16 @@ func (s *containerRouter) postContainersAttach(ctx context.Context, w http.Respo
}
if err = s.backend.ContainerAttach(containerName, attachConfig); err != nil {
log.G(ctx).WithError(err).Errorf("Handler for %s %s returned error", r.Method, r.URL.Path)
logrus.Errorf("Handler for %s %s returned error: %v", r.Method, r.URL.Path, err)
// Remember to close stream if error happens
conn, _, errHijack := hijacker.Hijack()
if errHijack != nil {
log.G(ctx).WithError(err).Errorf("Handler for %s %s: unable to close stream; error when hijacking connection", r.Method, r.URL.Path)
} else {
statusCode := httpstatus.FromError(err)
if errHijack == nil {
statusCode := httputils.GetHTTPErrorStatusCode(err)
statusText := http.StatusText(statusCode)
fmt.Fprintf(conn, "HTTP/1.1 %d %s\r\nContent-Type: %s\r\n\r\n%s\r\n", statusCode, statusText, contentType, err.Error())
fmt.Fprintf(conn, "HTTP/1.1 %d %s\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n%s\r\n", statusCode, statusText, err.Error())
httputils.CloseStreams(conn)
} else {
logrus.Errorf("Error Hijacking: %v", err)
}
}
return nil
@ -839,9 +502,7 @@ func (s *containerRouter) wsContainersAttach(ctx context.Context, w http.Respons
done := make(chan struct{})
started := make(chan struct{})
version := httputils.VersionFromContext(ctx)
setupStreams := func(multiplexed bool) (io.ReadCloser, io.Writer, io.Writer, error) {
setupStreams := func() (io.ReadCloser, io.Writer, io.Writer, error) {
wsChan := make(chan *websocket.Conn)
h := func(conn *websocket.Conn) {
wsChan <- conn
@ -855,41 +516,25 @@ func (s *containerRouter) wsContainersAttach(ctx context.Context, w http.Respons
}()
conn := <-wsChan
// In case version 1.28 and above, a binary frame will be sent.
// See 28176 for details.
if versions.GreaterThanOrEqualTo(version, "1.28") {
conn.PayloadType = websocket.BinaryFrame
}
return conn, conn, conn, nil
}
useStdin, useStdout, useStderr := true, true, true
if versions.GreaterThanOrEqualTo(version, "1.42") {
useStdin = httputils.BoolValue(r, "stdin")
useStdout = httputils.BoolValue(r, "stdout")
useStderr = httputils.BoolValue(r, "stderr")
}
attachConfig := &backend.ContainerAttachConfig{
GetStreams: setupStreams,
UseStdin: useStdin,
UseStdout: useStdout,
UseStderr: useStderr,
Logs: httputils.BoolValue(r, "logs"),
Stream: httputils.BoolValue(r, "stream"),
DetachKeys: detachKeys,
MuxStreams: false, // never multiplex, as we rely on websocket to manage distinct streams
UseStdin: true,
UseStdout: true,
UseStderr: true,
MuxStreams: false, // TODO: this should be true since it's a single stream for both stdout and stderr
}
err = s.backend.ContainerAttach(containerName, attachConfig)
close(done)
select {
case <-started:
if err != nil {
log.G(ctx).Errorf("Error attaching websocket: %s", err)
} else {
log.G(ctx).Debug("websocket connection was closed by client")
}
logrus.Errorf("Error attaching websocket: %s", err)
return nil
default:
}
@ -901,12 +546,12 @@ func (s *containerRouter) postContainersPrune(ctx context.Context, w http.Respon
return err
}
pruneFilters, err := filters.FromJSON(r.Form.Get("filters"))
pruneFilters, err := filters.FromParam(r.Form.Get("filters"))
if err != nil {
return err
}
pruneReport, err := s.backend.ContainersPrune(ctx, pruneFilters)
pruneReport, err := s.backend.ContainersPrune(pruneFilters)
if err != nil {
return err
}

View file

@ -1,160 +0,0 @@
package container
import (
"testing"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/network"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
)
func TestHandleMACAddressBC(t *testing.T) {
testcases := []struct {
name string
apiVersion string
ctrWideMAC string
networkMode container.NetworkMode
epConfig map[string]*network.EndpointSettings
expEpWithCtrWideMAC string
expEpWithNoMAC string
expCtrWideMAC string
expWarning string
expError string
}{
{
name: "old api ctr-wide mac mix id and name",
apiVersion: "1.43",
ctrWideMAC: "11:22:33:44:55:66",
networkMode: "aNetId",
epConfig: map[string]*network.EndpointSettings{"aNetName": {}},
expEpWithCtrWideMAC: "aNetName",
expCtrWideMAC: "11:22:33:44:55:66",
},
{
name: "old api clear ep mac",
apiVersion: "1.43",
networkMode: "aNetId",
epConfig: map[string]*network.EndpointSettings{"aNetName": {MacAddress: "11:22:33:44:55:66"}},
expEpWithNoMAC: "aNetName",
},
{
name: "old api no-network ctr-wide mac",
apiVersion: "1.43",
networkMode: "none",
ctrWideMAC: "11:22:33:44:55:66",
expError: "conflicting options: mac-address and the network mode",
expCtrWideMAC: "11:22:33:44:55:66",
},
{
name: "old api create ep",
apiVersion: "1.43",
networkMode: "aNetId",
ctrWideMAC: "11:22:33:44:55:66",
epConfig: map[string]*network.EndpointSettings{},
expEpWithCtrWideMAC: "aNetId",
expCtrWideMAC: "11:22:33:44:55:66",
},
{
name: "old api migrate ctr-wide mac",
apiVersion: "1.43",
ctrWideMAC: "11:22:33:44:55:66",
networkMode: "aNetName",
epConfig: map[string]*network.EndpointSettings{"aNetName": {}},
expEpWithCtrWideMAC: "aNetName",
expCtrWideMAC: "11:22:33:44:55:66",
},
{
name: "new api no macs",
apiVersion: "1.44",
networkMode: "aNetId",
epConfig: map[string]*network.EndpointSettings{"aNetName": {}},
},
{
name: "new api ep specific mac",
apiVersion: "1.44",
networkMode: "aNetName",
epConfig: map[string]*network.EndpointSettings{"aNetName": {MacAddress: "11:22:33:44:55:66"}},
},
{
name: "new api migrate ctr-wide mac to new ep",
apiVersion: "1.44",
ctrWideMAC: "11:22:33:44:55:66",
networkMode: "aNetName",
epConfig: map[string]*network.EndpointSettings{},
expEpWithCtrWideMAC: "aNetName",
expWarning: "The container-wide MacAddress field is now deprecated",
expCtrWideMAC: "",
},
{
name: "new api migrate ctr-wide mac to existing ep",
apiVersion: "1.44",
ctrWideMAC: "11:22:33:44:55:66",
networkMode: "aNetName",
epConfig: map[string]*network.EndpointSettings{"aNetName": {}},
expEpWithCtrWideMAC: "aNetName",
expWarning: "The container-wide MacAddress field is now deprecated",
expCtrWideMAC: "",
},
{
name: "new api mode vs name mismatch",
apiVersion: "1.44",
ctrWideMAC: "11:22:33:44:55:66",
networkMode: "aNetId",
epConfig: map[string]*network.EndpointSettings{"aNetName": {}},
expError: "if a container-wide MAC address is supplied, HostConfig.NetworkMode must match the identity of a network in NetworkSettings.Networks",
expCtrWideMAC: "11:22:33:44:55:66",
},
{
name: "new api mac mismatch",
apiVersion: "1.44",
ctrWideMAC: "11:22:33:44:55:66",
networkMode: "aNetName",
epConfig: map[string]*network.EndpointSettings{"aNetName": {MacAddress: "00:11:22:33:44:55"}},
expError: "the container-wide MAC address must match the endpoint-specific MAC address",
expCtrWideMAC: "11:22:33:44:55:66",
},
}
for _, tc := range testcases {
t.Run(tc.name, func(t *testing.T) {
cfg := &container.Config{
MacAddress: tc.ctrWideMAC, //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
}
hostCfg := &container.HostConfig{
NetworkMode: tc.networkMode,
}
epConfig := make(map[string]*network.EndpointSettings, len(tc.epConfig))
for k, v := range tc.epConfig {
v := v
epConfig[k] = v
}
netCfg := &network.NetworkingConfig{
EndpointsConfig: epConfig,
}
warning, err := handleMACAddressBC(cfg, hostCfg, netCfg, tc.apiVersion)
if tc.expError == "" {
assert.Check(t, err)
} else {
assert.Check(t, is.ErrorContains(err, tc.expError))
}
if tc.expWarning == "" {
assert.Check(t, is.Equal(warning, ""))
} else {
assert.Check(t, is.Contains(warning, tc.expWarning))
}
if tc.expEpWithCtrWideMAC != "" {
got := netCfg.EndpointsConfig[tc.expEpWithCtrWideMAC].MacAddress
assert.Check(t, is.Equal(got, tc.ctrWideMAC))
}
if tc.expEpWithNoMAC != "" {
got := netCfg.EndpointsConfig[tc.expEpWithNoMAC].MacAddress
assert.Check(t, is.Equal(got, ""))
}
gotCtrWideMAC := cfg.MacAddress //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
assert.Check(t, is.Equal(gotCtrWideMAC, tc.expCtrWideMAC))
})
}
}

View file

@ -1,20 +1,63 @@
package container // import "github.com/docker/docker/api/server/router/container"
package container
import (
"compress/flate"
"compress/gzip"
"context"
"encoding/base64"
"encoding/json"
"fmt"
"io"
"net/http"
"os"
"strings"
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/api/types"
gddohttputil "github.com/golang/gddo/httputil"
"github.com/docker/docker/api/types/versions"
"golang.org/x/net/context"
)
// setContainerPathStatHeader encodes the stat to JSON, base64 encode, and place in a header.
// postContainersCopy is deprecated in favor of getContainersArchive.
func (s *containerRouter) postContainersCopy(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
// Deprecated since 1.8, Errors out since 1.12
version := httputils.VersionFromContext(ctx)
if versions.GreaterThanOrEqualTo(version, "1.24") {
w.WriteHeader(http.StatusNotFound)
return nil
}
if err := httputils.CheckForJSON(r); err != nil {
return err
}
cfg := types.CopyConfig{}
if err := json.NewDecoder(r.Body).Decode(&cfg); err != nil {
return err
}
if cfg.Resource == "" {
return fmt.Errorf("Path cannot be empty")
}
data, err := s.backend.ContainerCopy(vars["name"], cfg.Resource)
if err != nil {
if strings.Contains(strings.ToLower(err.Error()), "no such container") {
w.WriteHeader(http.StatusNotFound)
return nil
}
if os.IsNotExist(err) {
return fmt.Errorf("Could not find the file %s in container %s", cfg.Resource, vars["name"])
}
return err
}
defer data.Close()
w.Header().Set("Content-Type", "application/x-tar")
if _, err := io.Copy(w, data); err != nil {
return err
}
return nil
}
// // Encode the stat to JSON, base64 encode, and place in a header.
func setContainerPathStatHeader(stat *types.ContainerPathStat, header http.Header) error {
statJSON, err := json.Marshal(stat)
if err != nil {
@ -43,29 +86,6 @@ func (s *containerRouter) headContainersArchive(ctx context.Context, w http.Resp
return setContainerPathStatHeader(stat, w.Header())
}
func writeCompressedResponse(w http.ResponseWriter, r *http.Request, body io.Reader) error {
var cw io.Writer
switch gddohttputil.NegotiateContentEncoding(r, []string{"gzip", "deflate"}) {
case "gzip":
gw := gzip.NewWriter(w)
defer gw.Close()
cw = gw
w.Header().Set("Content-Encoding", "gzip")
case "deflate":
fw, err := flate.NewWriter(w, flate.DefaultCompression)
if err != nil {
return err
}
defer fw.Close()
cw = fw
w.Header().Set("Content-Encoding", "deflate")
default:
cw = w
}
_, err := io.Copy(cw, body)
return err
}
func (s *containerRouter) getContainersArchive(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
v, err := httputils.ArchiveFormValues(r, vars)
if err != nil {
@ -83,7 +103,9 @@ func (s *containerRouter) getContainersArchive(ctx context.Context, w http.Respo
}
w.Header().Set("Content-Type", "application/x-tar")
return writeCompressedResponse(w, r, tarArchive)
_, err = io.Copy(w, tarArchive)
return err
}
func (s *containerRouter) putContainersArchive(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@ -93,7 +115,5 @@ func (s *containerRouter) putContainersArchive(ctx context.Context, w http.Respo
}
noOverwriteDirNonDir := httputils.BoolValue(r, "noOverwriteDirNonDir")
copyUIDGID := httputils.BoolValue(r, "copyUIDGID")
return s.backend.ContainerExtractToDir(v.Name, v.Path, copyUIDGID, noOverwriteDirNonDir, r.Body)
return s.backend.ContainerExtractToDir(v.Name, v.Path, noOverwriteDirNonDir, r.Body)
}

View file

@ -1,19 +1,18 @@
package container // import "github.com/docker/docker/api/server/router/container"
package container
import (
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"strconv"
"github.com/containerd/log"
"github.com/Sirupsen/logrus"
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/versions"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/pkg/stdcopy"
"golang.org/x/net/context"
)
func (s *containerRouter) getExecByID(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@ -25,38 +24,28 @@ func (s *containerRouter) getExecByID(ctx context.Context, w http.ResponseWriter
return httputils.WriteJSON(w, http.StatusOK, eConfig)
}
type execCommandError struct{}
func (execCommandError) Error() string {
return "No exec command specified"
}
func (execCommandError) InvalidParameter() {}
func (s *containerRouter) postContainerExecCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
if err := httputils.CheckForJSON(r); err != nil {
return err
}
name := vars["name"]
execConfig := &types.ExecConfig{}
if err := httputils.ReadJSON(r, execConfig); err != nil {
if err := json.NewDecoder(r.Body).Decode(execConfig); err != nil {
return err
}
if len(execConfig.Cmd) == 0 {
return execCommandError{}
}
version := httputils.VersionFromContext(ctx)
if versions.LessThan(version, "1.42") {
// Not supported by API versions before 1.42
execConfig.ConsoleSize = nil
return fmt.Errorf("No exec command specified")
}
// Register an instance of Exec in container.
id, err := s.backend.ContainerExecCreate(vars["name"], execConfig)
id, err := s.backend.ContainerExecCreate(name, execConfig)
if err != nil {
log.G(ctx).Errorf("Error setting up exec command in container %s: %v", vars["name"], err)
logrus.Errorf("Error setting up exec command in container %s: %v", name, err)
return err
}
@ -71,6 +60,13 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
return err
}
version := httputils.VersionFromContext(ctx)
if versions.GreaterThan(version, "1.21") {
if err := httputils.CheckForJSON(r); err != nil {
return err
}
}
var (
execName = vars["name"]
stdin, inStream io.ReadCloser
@ -78,7 +74,7 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
)
execStartCheck := &types.ExecStartCheck{}
if err := httputils.ReadJSON(r, execStartCheck); err != nil {
if err := json.NewDecoder(r.Body).Decode(execStartCheck); err != nil {
return err
}
@ -86,20 +82,6 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
return err
}
if execStartCheck.ConsoleSize != nil {
version := httputils.VersionFromContext(ctx)
// Not supported before 1.42
if versions.LessThan(version, "1.42") {
execStartCheck.ConsoleSize = nil
}
// No console without tty
if !execStartCheck.Tty {
execStartCheck.ConsoleSize = nil
}
}
if !execStartCheck.Detach {
var err error
// Setting up the streaming http interface.
@ -110,11 +92,7 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
defer httputils.CloseStreams(inStream, outStream)
if _, ok := r.Header["Upgrade"]; ok {
contentType := types.MediaTypeRawStream
if !execStartCheck.Tty && versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
contentType = types.MediaTypeMultiplexedStream
}
fmt.Fprint(outStream, "HTTP/1.1 101 UPGRADED\r\nContent-Type: "+contentType+"\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n")
fmt.Fprint(outStream, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n")
} else {
fmt.Fprint(outStream, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n")
}
@ -133,21 +111,14 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
}
}
options := container.ExecStartOptions{
Stdin: stdin,
Stdout: stdout,
Stderr: stderr,
ConsoleSize: execStartCheck.ConsoleSize,
}
// Now run the user process in container.
// Maybe we should we pass ctx here if we're not detaching?
if err := s.backend.ContainerExecStart(context.Background(), execName, options); err != nil {
if err := s.backend.ContainerExecStart(context.Background(), execName, stdin, stdout, stderr); err != nil {
if execStartCheck.Detach {
return err
}
stdout.Write([]byte(err.Error() + "\r\n"))
log.G(ctx).Errorf("Error running exec %s in container: %v", execName, err)
logrus.Errorf("Error running exec in container: %v", err)
}
return nil
}
@ -158,11 +129,11 @@ func (s *containerRouter) postContainerExecResize(ctx context.Context, w http.Re
}
height, err := strconv.Atoi(r.Form.Get("h"))
if err != nil {
return errdefs.InvalidParameter(err)
return err
}
width, err := strconv.Atoi(r.Form.Get("w"))
if err != nil {
return errdefs.InvalidParameter(err)
return err
}
return s.backend.ContainerExecResize(vars["name"], height, width)

View file

@ -1,10 +1,10 @@
package container // import "github.com/docker/docker/api/server/router/container"
package container
import (
"context"
"net/http"
"github.com/docker/docker/api/server/httputils"
"golang.org/x/net/context"
)
// getContainersByName inspects container's configuration and serializes it as json.
@ -12,7 +12,7 @@ func (s *containerRouter) getContainersByName(ctx context.Context, w http.Respon
displaySize := httputils.BoolValue(r, "size")
version := httputils.VersionFromContext(ctx)
json, err := s.backend.ContainerInspect(ctx, vars["name"], displaySize, version)
json, err := s.backend.ContainerInspect(vars["name"], displaySize, version)
if err != nil {
return err
}

View file

@ -1,53 +0,0 @@
package debug // import "github.com/docker/docker/api/server/router/debug"
import (
"context"
"expvar"
"net/http"
"net/http/pprof"
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/api/server/router"
)
// NewRouter creates a new debug router
// The debug router holds endpoints for debug the daemon, such as those for pprof.
func NewRouter() router.Router {
r := &debugRouter{}
r.initRoutes()
return r
}
type debugRouter struct {
routes []router.Route
}
func (r *debugRouter) initRoutes() {
r.routes = []router.Route{
router.NewGetRoute("/vars", frameworkAdaptHandler(expvar.Handler())),
router.NewGetRoute("/pprof/", frameworkAdaptHandlerFunc(pprof.Index)),
router.NewGetRoute("/pprof/cmdline", frameworkAdaptHandlerFunc(pprof.Cmdline)),
router.NewGetRoute("/pprof/profile", frameworkAdaptHandlerFunc(pprof.Profile)),
router.NewGetRoute("/pprof/symbol", frameworkAdaptHandlerFunc(pprof.Symbol)),
router.NewGetRoute("/pprof/trace", frameworkAdaptHandlerFunc(pprof.Trace)),
router.NewGetRoute("/pprof/{name}", handlePprof),
}
}
func (r *debugRouter) Routes() []router.Route {
return r.routes
}
func frameworkAdaptHandler(handler http.Handler) httputils.APIFunc {
return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
handler.ServeHTTP(w, r)
return nil
}
}
func frameworkAdaptHandlerFunc(handler http.HandlerFunc) httputils.APIFunc {
return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
handler(w, r)
return nil
}
}

View file

@ -1,12 +0,0 @@
package debug // import "github.com/docker/docker/api/server/router/debug"
import (
"context"
"net/http"
"net/http/pprof"
)
func handlePprof(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
pprof.Handler(vars["name"]).ServeHTTP(w, r)
return nil
}

View file

@ -1,15 +0,0 @@
package distribution // import "github.com/docker/docker/api/server/router/distribution"
import (
"context"
"github.com/distribution/reference"
"github.com/docker/distribution"
"github.com/docker/docker/api/types/registry"
)
// Backend is all the methods that need to be implemented
// to provide image specific functionality.
type Backend interface {
GetRepositories(context.Context, reference.Named, *registry.AuthConfig) ([]distribution.Repository, error)
}

View file

@ -1,31 +0,0 @@
package distribution // import "github.com/docker/docker/api/server/router/distribution"
import "github.com/docker/docker/api/server/router"
// distributionRouter is a router to talk with the registry
type distributionRouter struct {
backend Backend
routes []router.Route
}
// NewRouter initializes a new distribution router
func NewRouter(backend Backend) router.Router {
r := &distributionRouter{
backend: backend,
}
r.initRoutes()
return r
}
// Routes returns the available routes
func (r *distributionRouter) Routes() []router.Route {
return r.routes
}
// initRoutes initializes the routes in the distribution router
func (r *distributionRouter) initRoutes() {
r.routes = []router.Route{
// GET
router.NewGetRoute("/distribution/{name:.*}/json", r.getDistributionInfo),
}
}

View file

@ -1,168 +0,0 @@
package distribution // import "github.com/docker/docker/api/server/router/distribution"
import (
"context"
"encoding/json"
"net/http"
"os"
"github.com/distribution/reference"
"github.com/docker/distribution"
"github.com/docker/distribution/manifest/manifestlist"
"github.com/docker/distribution/manifest/schema1"
"github.com/docker/distribution/manifest/schema2"
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/api/types/registry"
distributionpkg "github.com/docker/docker/distribution"
"github.com/docker/docker/errdefs"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
)
func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
w.Header().Set("Content-Type", "application/json")
imgName := vars["name"]
// TODO why is reference.ParseAnyReference() / reference.ParseNormalizedNamed() not using the reference.ErrTagInvalidFormat (and so on) errors?
ref, err := reference.ParseAnyReference(imgName)
if err != nil {
return errdefs.InvalidParameter(err)
}
namedRef, ok := ref.(reference.Named)
if !ok {
if _, ok := ref.(reference.Digested); ok {
// full image ID
return errors.Errorf("no manifest found for full image ID")
}
return errdefs.InvalidParameter(errors.Errorf("unknown image reference format: %s", imgName))
}
// For a search it is not an error if no auth was given. Ignore invalid
// AuthConfig to increase compatibility with the existing API.
authConfig, _ := registry.DecodeAuthConfig(r.Header.Get(registry.AuthHeader))
repos, err := s.backend.GetRepositories(ctx, namedRef, authConfig)
if err != nil {
return err
}
// Fetch the manifest; if a mirror is configured, try the mirror first,
// but continue with upstream on failure.
//
// FIXME(thaJeztah): construct "repositories" on-demand;
// GetRepositories() will attempt to connect to all endpoints (registries),
// but we may only need the first one if it contains the manifest we're
// looking for, or if the configured mirror is a pull-through mirror.
//
// Logic for this could be implemented similar to "distribution.Pull()",
// which uses the "pullEndpoints" utility to iterate over the list
// of endpoints;
//
// - https://github.com/moby/moby/blob/12c7411b6b7314bef130cd59f1c7384a7db06d0b/distribution/pull.go#L17-L31
// - https://github.com/moby/moby/blob/12c7411b6b7314bef130cd59f1c7384a7db06d0b/distribution/pull.go#L76-L152
var lastErr error
for _, repo := range repos {
distributionInspect, err := s.fetchManifest(ctx, repo, namedRef)
if err != nil {
lastErr = err
continue
}
return httputils.WriteJSON(w, http.StatusOK, distributionInspect)
}
return lastErr
}
func (s *distributionRouter) fetchManifest(ctx context.Context, distrepo distribution.Repository, namedRef reference.Named) (registry.DistributionInspect, error) {
var distributionInspect registry.DistributionInspect
if canonicalRef, ok := namedRef.(reference.Canonical); !ok {
namedRef = reference.TagNameOnly(namedRef)
taggedRef, ok := namedRef.(reference.NamedTagged)
if !ok {
return registry.DistributionInspect{}, errdefs.InvalidParameter(errors.Errorf("image reference not tagged: %s", namedRef))
}
descriptor, err := distrepo.Tags(ctx).Get(ctx, taggedRef.Tag())
if err != nil {
return registry.DistributionInspect{}, err
}
distributionInspect.Descriptor = ocispec.Descriptor{
MediaType: descriptor.MediaType,
Digest: descriptor.Digest,
Size: descriptor.Size,
}
} else {
// TODO(nishanttotla): Once manifests can be looked up as a blob, the
// descriptor should be set using blobsrvc.Stat(ctx, canonicalRef.Digest())
// instead of having to manually fill in the fields
distributionInspect.Descriptor.Digest = canonicalRef.Digest()
}
// we have a digest, so we can retrieve the manifest
mnfstsrvc, err := distrepo.Manifests(ctx)
if err != nil {
return registry.DistributionInspect{}, err
}
mnfst, err := mnfstsrvc.Get(ctx, distributionInspect.Descriptor.Digest)
if err != nil {
switch err {
case reference.ErrReferenceInvalidFormat,
reference.ErrTagInvalidFormat,
reference.ErrDigestInvalidFormat,
reference.ErrNameContainsUppercase,
reference.ErrNameEmpty,
reference.ErrNameTooLong,
reference.ErrNameNotCanonical:
return registry.DistributionInspect{}, errdefs.InvalidParameter(err)
}
return registry.DistributionInspect{}, err
}
mediaType, payload, err := mnfst.Payload()
if err != nil {
return registry.DistributionInspect{}, err
}
// update MediaType because registry might return something incorrect
distributionInspect.Descriptor.MediaType = mediaType
if distributionInspect.Descriptor.Size == 0 {
distributionInspect.Descriptor.Size = int64(len(payload))
}
// retrieve platform information depending on the type of manifest
switch mnfstObj := mnfst.(type) {
case *manifestlist.DeserializedManifestList:
for _, m := range mnfstObj.Manifests {
distributionInspect.Platforms = append(distributionInspect.Platforms, ocispec.Platform{
Architecture: m.Platform.Architecture,
OS: m.Platform.OS,
OSVersion: m.Platform.OSVersion,
OSFeatures: m.Platform.OSFeatures,
Variant: m.Platform.Variant,
})
}
case *schema2.DeserializedManifest:
blobStore := distrepo.Blobs(ctx)
configJSON, err := blobStore.Get(ctx, mnfstObj.Config.Digest)
var platform ocispec.Platform
if err == nil {
err := json.Unmarshal(configJSON, &platform)
if err == nil && (platform.OS != "" || platform.Architecture != "") {
distributionInspect.Platforms = append(distributionInspect.Platforms, platform)
}
}
case *schema1.SignedManifest:
if os.Getenv("DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE") == "" {
return registry.DistributionInspect{}, distributionpkg.DeprecatedSchema1ImageError(namedRef)
}
platform := ocispec.Platform{
Architecture: mnfstObj.Architecture,
OS: "linux",
}
distributionInspect.Platforms = append(distributionInspect.Platforms, platform)
}
return distributionInspect, nil
}

View file

@ -1,12 +1,19 @@
package router // import "github.com/docker/docker/api/server/router"
package router
import (
"context"
"errors"
"net/http"
"golang.org/x/net/context"
apierrors "github.com/docker/docker/api/errors"
"github.com/docker/docker/api/server/httputils"
)
var (
errExperimentalFeature = errors.New("This experimental feature is disabled by default. Start the Docker daemon with --experimental in order to enable it.")
)
// ExperimentalRoute defines an experimental API route that can be enabled or disabled.
type ExperimentalRoute interface {
Route
@ -32,19 +39,11 @@ func (r *experimentalRoute) Disable() {
r.handler = experimentalHandler
}
type notImplementedError struct{}
func (notImplementedError) Error() string {
return "This experimental feature is disabled by default. Start the Docker daemon in experimental mode in order to enable it."
}
func (notImplementedError) NotImplemented() {}
func experimentalHandler(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
return notImplementedError{}
return apierrors.NewErrorWithStatusCode(errExperimentalFeature, http.StatusNotImplemented)
}
// Handler returns the APIFunc to let the server wrap it in middlewares.
// Handler returns returns the APIFunc to let the server wrap it in middlewares.
func (r *experimentalRoute) Handler() httputils.APIFunc {
return r.handler
}

View file

@ -1,8 +0,0 @@
package grpc // import "github.com/docker/docker/api/server/router/grpc"
import "google.golang.org/grpc"
// Backend abstracts a registerable GRPC service.
type Backend interface {
RegisterGRPC(*grpc.Server)
}

View file

@ -1,60 +0,0 @@
package grpc // import "github.com/docker/docker/api/server/router/grpc"
import (
"context"
"strings"
"github.com/docker/docker/api/server/router"
grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
"github.com/moby/buildkit/util/grpcerrors"
"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"
"golang.org/x/net/http2"
"google.golang.org/grpc"
)
type grpcRouter struct {
routes []router.Route
grpcServer *grpc.Server
h2Server *http2.Server
}
// NewRouter initializes a new grpc http router
func NewRouter(backends ...Backend) router.Router {
unary := grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(unaryInterceptor(), grpcerrors.UnaryServerInterceptor))
stream := grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(otelgrpc.StreamServerInterceptor(), grpcerrors.StreamServerInterceptor)) //nolint:staticcheck // TODO(thaJeztah): ignore SA1019 for deprecated options: see https://github.com/moby/moby/issues/47437
r := &grpcRouter{
h2Server: &http2.Server{},
grpcServer: grpc.NewServer(unary, stream),
}
for _, b := range backends {
b.RegisterGRPC(r.grpcServer)
}
r.initRoutes()
return r
}
// Routes returns the available routers to the session controller
func (gr *grpcRouter) Routes() []router.Route {
return gr.routes
}
func (gr *grpcRouter) initRoutes() {
gr.routes = []router.Route{
router.NewPostRoute("/grpc", gr.serveGRPC),
}
}
func unaryInterceptor() grpc.UnaryServerInterceptor {
withTrace := otelgrpc.UnaryServerInterceptor() //nolint:staticcheck // TODO(thaJeztah): ignore SA1019 for deprecated options: see https://github.com/moby/moby/issues/47437
return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
// This method is used by the clients to send their traces to buildkit so they can be included
// in the daemon trace and stored in the build history record. This method can not be traced because
// it would cause an infinite loop.
if strings.HasSuffix(info.FullMethod, "opentelemetry.proto.collector.trace.v1.TraceService/Export") {
return handler(ctx, req)
}
return withTrace(ctx, req, info, handler)
}
}

View file

@ -1,45 +0,0 @@
package grpc // import "github.com/docker/docker/api/server/router/grpc"
import (
"context"
"net/http"
"github.com/pkg/errors"
"golang.org/x/net/http2"
)
func (gr *grpcRouter) serveGRPC(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
h, ok := w.(http.Hijacker)
if !ok {
return errors.New("handler does not support hijack")
}
proto := r.Header.Get("Upgrade")
if proto == "" {
return errors.New("no upgrade proto in request")
}
if proto != "h2c" {
return errors.Errorf("protocol %s not supported", proto)
}
conn, _, err := h.Hijack()
if err != nil {
return err
}
resp := &http.Response{
StatusCode: http.StatusSwitchingProtocols,
ProtoMajor: 1,
ProtoMinor: 1,
Header: http.Header{},
}
resp.Header.Set("Connection", "Upgrade")
resp.Header.Set("Upgrade", proto)
// set raw mode
conn.Write([]byte{})
resp.Write(conn)
// https://godoc.org/golang.org/x/net/http2#Server.ServeConn
// TODO: is it a problem that conn has already been written to?
gr.h2Server.ServeConn(conn, &http2.ServeConnOpts{Handler: gr.grpcServer})
return nil
}

View file

@ -1,47 +1,45 @@
package image // import "github.com/docker/docker/api/server/router/image"
package image
import (
"context"
"io"
"github.com/distribution/reference"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/backend"
"github.com/docker/docker/api/types/filters"
"github.com/docker/docker/api/types/image"
"github.com/docker/docker/api/types/registry"
dockerimage "github.com/docker/docker/image"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"golang.org/x/net/context"
)
// Backend is all the methods that need to be implemented
// to provide image specific functionality.
type Backend interface {
containerBackend
imageBackend
importExportBackend
registryBackend
}
type containerBackend interface {
Commit(name string, config *backend.ContainerCommitConfig) (imageID string, err error)
}
type imageBackend interface {
ImageDelete(ctx context.Context, imageRef string, force, prune bool) ([]image.DeleteResponse, error)
ImageHistory(ctx context.Context, imageName string) ([]*image.HistoryResponseItem, error)
Images(ctx context.Context, opts image.ListOptions) ([]*image.Summary, error)
GetImage(ctx context.Context, refOrID string, options backend.GetImageOpts) (*dockerimage.Image, error)
TagImage(ctx context.Context, id dockerimage.ID, newRef reference.Named) error
ImagesPrune(ctx context.Context, pruneFilters filters.Args) (*types.ImagesPruneReport, error)
ImageDelete(imageRef string, force, prune bool) ([]types.ImageDelete, error)
ImageHistory(imageName string) ([]*types.ImageHistory, error)
Images(imageFilters filters.Args, all bool, withExtraAttrs bool) ([]*types.ImageSummary, error)
LookupImage(name string) (*types.ImageInspect, error)
TagImage(imageName, repository, tag string) error
ImagesPrune(pruneFilters filters.Args) (*types.ImagesPruneReport, error)
}
type importExportBackend interface {
LoadImage(ctx context.Context, inTar io.ReadCloser, outStream io.Writer, quiet bool) error
ImportImage(ctx context.Context, ref reference.Named, platform *ocispec.Platform, msg string, layerReader io.Reader, changes []string) (dockerimage.ID, error)
ExportImage(ctx context.Context, names []string, outStream io.Writer) error
LoadImage(inTar io.ReadCloser, outStream io.Writer, quiet bool) error
ImportImage(src string, repository, tag string, msg string, inConfig io.ReadCloser, outStream io.Writer, changes []string) error
ExportImage(names []string, outStream io.Writer) error
}
type registryBackend interface {
PullImage(ctx context.Context, ref reference.Named, platform *ocispec.Platform, metaHeaders map[string][]string, authConfig *registry.AuthConfig, outStream io.Writer) error
PushImage(ctx context.Context, ref reference.Named, metaHeaders map[string][]string, authConfig *registry.AuthConfig, outStream io.Writer) error
}
type Searcher interface {
Search(ctx context.Context, searchFilters filters.Args, term string, limit int, authConfig *registry.AuthConfig, headers map[string][]string) ([]registry.SearchResult, error)
PullImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
PushImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
SearchRegistryForImages(ctx context.Context, filtersArgs string, term string, limit int, authConfig *types.AuthConfig, metaHeaders map[string][]string) (*registry.SearchResults, error)
}

View file

@ -1,57 +1,50 @@
package image // import "github.com/docker/docker/api/server/router/image"
package image
import (
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/api/server/router"
"github.com/docker/docker/image"
"github.com/docker/docker/layer"
"github.com/docker/docker/reference"
)
// imageRouter is a router to talk with the image controller
type imageRouter struct {
backend Backend
searcher Searcher
referenceBackend reference.Store
imageStore image.Store
layerStore layer.Store
routes []router.Route
backend Backend
decoder httputils.ContainerDecoder
routes []router.Route
}
// NewRouter initializes a new image router
func NewRouter(backend Backend, searcher Searcher, referenceBackend reference.Store, imageStore image.Store, layerStore layer.Store) router.Router {
ir := &imageRouter{
backend: backend,
searcher: searcher,
referenceBackend: referenceBackend,
imageStore: imageStore,
layerStore: layerStore,
func NewRouter(backend Backend, decoder httputils.ContainerDecoder) router.Router {
r := &imageRouter{
backend: backend,
decoder: decoder,
}
ir.initRoutes()
return ir
r.initRoutes()
return r
}
// Routes returns the available routes to the image controller
func (ir *imageRouter) Routes() []router.Route {
return ir.routes
func (r *imageRouter) Routes() []router.Route {
return r.routes
}
// initRoutes initializes the routes in the image router
func (ir *imageRouter) initRoutes() {
ir.routes = []router.Route{
func (r *imageRouter) initRoutes() {
r.routes = []router.Route{
// GET
router.NewGetRoute("/images/json", ir.getImagesJSON),
router.NewGetRoute("/images/search", ir.getImagesSearch),
router.NewGetRoute("/images/get", ir.getImagesGet),
router.NewGetRoute("/images/{name:.*}/get", ir.getImagesGet),
router.NewGetRoute("/images/{name:.*}/history", ir.getImagesHistory),
router.NewGetRoute("/images/{name:.*}/json", ir.getImagesByName),
router.NewGetRoute("/images/json", r.getImagesJSON),
router.NewGetRoute("/images/search", r.getImagesSearch),
router.NewGetRoute("/images/get", r.getImagesGet),
router.NewGetRoute("/images/{name:.*}/get", r.getImagesGet),
router.NewGetRoute("/images/{name:.*}/history", r.getImagesHistory),
router.NewGetRoute("/images/{name:.*}/json", r.getImagesByName),
// POST
router.NewPostRoute("/images/load", ir.postImagesLoad),
router.NewPostRoute("/images/create", ir.postImagesCreate),
router.NewPostRoute("/images/{name:.*}/push", ir.postImagesPush),
router.NewPostRoute("/images/{name:.*}/tag", ir.postImagesTag),
router.NewPostRoute("/images/prune", ir.postImagesPrune),
router.NewPostRoute("/commit", r.postCommit),
router.NewPostRoute("/images/load", r.postImagesLoad),
router.Cancellable(router.NewPostRoute("/images/create", r.postImagesCreate)),
router.Cancellable(router.NewPostRoute("/images/{name:.*}/push", r.postImagesPush)),
router.NewPostRoute("/images/{name:.*}/tag", r.postImagesTag),
router.NewPostRoute("/images/prune", r.postImagesPrune),
// DELETE
router.NewDeleteRoute("/images/{name:.*}", ir.deleteImages),
router.NewDeleteRoute("/images/{name:.*}", r.deleteImages),
}
}

View file

@ -1,68 +1,93 @@
package image // import "github.com/docker/docker/api/server/router/image"
package image
import (
"context"
"encoding/base64"
"encoding/json"
"fmt"
"io"
"net/http"
"net/url"
"strconv"
"strings"
"time"
"github.com/containerd/containerd/platforms"
"github.com/distribution/reference"
"github.com/docker/docker/api"
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/backend"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/filters"
imagetypes "github.com/docker/docker/api/types/image"
"github.com/docker/docker/api/types/registry"
"github.com/docker/docker/api/types/versions"
"github.com/docker/docker/builder/remotecontext"
"github.com/docker/docker/dockerversion"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/image"
"github.com/docker/docker/pkg/ioutils"
"github.com/docker/docker/pkg/progress"
"github.com/docker/docker/pkg/streamformatter"
"github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
"github.com/docker/docker/registry"
"golang.org/x/net/context"
)
func (s *imageRouter) postCommit(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
if err := httputils.CheckForJSON(r); err != nil {
return err
}
cname := r.Form.Get("container")
pause := httputils.BoolValue(r, "pause")
version := httputils.VersionFromContext(ctx)
if r.FormValue("pause") == "" && versions.GreaterThanOrEqualTo(version, "1.13") {
pause = true
}
c, _, _, err := s.decoder.DecodeConfig(r.Body)
if err != nil && err != io.EOF { //Do not fail if body is empty.
return err
}
if c == nil {
c = &container.Config{}
}
commitCfg := &backend.ContainerCommitConfig{
ContainerCommitConfig: types.ContainerCommitConfig{
Pause: pause,
Repo: r.Form.Get("repo"),
Tag: r.Form.Get("tag"),
Author: r.Form.Get("author"),
Comment: r.Form.Get("comment"),
Config: c,
MergeConfigs: true,
},
Changes: r.Form["changes"],
}
imgID, err := s.backend.Commit(cname, commitCfg)
if err != nil {
return err
}
return httputils.WriteJSON(w, http.StatusCreated, &types.IDResponse{
ID: string(imgID),
})
}
// Creates an image from Pull or from Import
func (ir *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
func (s *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
var (
img = r.Form.Get("fromImage")
repo = r.Form.Get("repo")
tag = r.Form.Get("tag")
comment = r.Form.Get("message")
progressErr error
output = ioutils.NewWriteFlusher(w)
platform *ocispec.Platform
image = r.Form.Get("fromImage")
repo = r.Form.Get("repo")
tag = r.Form.Get("tag")
message = r.Form.Get("message")
err error
output = ioutils.NewWriteFlusher(w)
)
defer output.Close()
w.Header().Set("Content-Type", "application/json")
version := httputils.VersionFromContext(ctx)
if versions.GreaterThanOrEqualTo(version, "1.32") {
if p := r.FormValue("platform"); p != "" {
sp, err := platforms.Parse(p)
if err != nil {
return err
}
platform = &sp
}
}
if img != "" { // pull
if image != "" { //pull
metaHeaders := map[string][]string{}
for k, v := range r.Header {
if strings.HasPrefix(k, "X-Meta-") {
@ -70,92 +95,37 @@ func (ir *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWrit
}
}
// Special case: "pull -a" may send an image name with a
// trailing :. This is ugly, but let's not break API
// compatibility.
imgName := strings.TrimSuffix(img, ":")
ref, err := reference.ParseNormalizedNamed(imgName)
if err != nil {
return errdefs.InvalidParameter(err)
}
// TODO(thaJeztah) this could use a WithTagOrDigest() utility
if tag != "" {
// The "tag" could actually be a digest.
var dgst digest.Digest
dgst, err = digest.Parse(tag)
if err == nil {
ref, err = reference.WithDigest(reference.TrimNamed(ref), dgst)
} else {
ref, err = reference.WithTag(ref, tag)
}
if err != nil {
return errdefs.InvalidParameter(err)
authEncoded := r.Header.Get("X-Registry-Auth")
authConfig := &types.AuthConfig{}
if authEncoded != "" {
authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
// for a pull it is not an error if no auth was given
// to increase compatibility with the existing api it is defaulting to be empty
authConfig = &types.AuthConfig{}
}
}
if err := validateRepoName(ref); err != nil {
return errdefs.Forbidden(err)
}
// For a pull it is not an error if no auth was given. Ignore invalid
// AuthConfig to increase compatibility with the existing API.
authConfig, _ := registry.DecodeAuthConfig(r.Header.Get(registry.AuthHeader))
progressErr = ir.backend.PullImage(ctx, ref, platform, metaHeaders, authConfig, output)
} else { // import
err = s.backend.PullImage(ctx, image, tag, metaHeaders, authConfig, output)
} else { //import
src := r.Form.Get("fromSrc")
tagRef, err := httputils.RepoTagReference(repo, tag)
if err != nil {
return errdefs.InvalidParameter(err)
}
if len(comment) == 0 {
comment = "Imported from " + src
}
var layerReader io.ReadCloser
defer r.Body.Close()
if src == "-" {
layerReader = r.Body
} else {
if len(strings.Split(src, "://")) == 1 {
src = "http://" + src
}
u, err := url.Parse(src)
if err != nil {
return errdefs.InvalidParameter(err)
}
resp, err := remotecontext.GetWithStatusError(u.String())
if err != nil {
return err
}
output.Write(streamformatter.FormatStatus("", "Downloading from %s", u))
progressOutput := streamformatter.NewJSONProgressOutput(output, true)
layerReader = progress.NewProgressReader(resp.Body, progressOutput, resp.ContentLength, "", "Importing")
defer layerReader.Close()
}
var id image.ID
id, progressErr = ir.backend.ImportImage(ctx, tagRef, platform, comment, layerReader, r.Form["changes"])
if progressErr == nil {
output.Write(streamformatter.FormatStatus("", id.String()))
}
// 'err' MUST NOT be defined within this block, we need any error
// generated from the download to be available to the output
// stream processing below
err = s.backend.ImportImage(src, repo, tag, message, r.Body, output, r.Form["changes"])
}
if progressErr != nil {
if err != nil {
if !output.Flushed() {
return progressErr
return err
}
_, _ = output.Write(streamformatter.FormatError(progressErr))
sf := streamformatter.NewJSONStreamFormatter()
output.Write(sf.FormatError(err))
}
return nil
}
func (ir *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
func (s *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
metaHeaders := map[string][]string{}
for k, v := range r.Header {
if strings.HasPrefix(k, "X-Meta-") {
@ -165,56 +135,42 @@ func (ir *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter
if err := httputils.ParseForm(r); err != nil {
return err
}
authConfig := &types.AuthConfig{}
var authConfig *registry.AuthConfig
if authEncoded := r.Header.Get(registry.AuthHeader); authEncoded != "" {
// the new format is to handle the authConfig as a header. Ignore invalid
// AuthConfig to increase compatibility with the existing API.
authConfig, _ = registry.DecodeAuthConfig(authEncoded)
authEncoded := r.Header.Get("X-Registry-Auth")
if authEncoded != "" {
// the new format is to handle the authConfig as a header
authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
// to increase compatibility to existing api it is defaulting to be empty
authConfig = &types.AuthConfig{}
}
} else {
// the old format is supported for compatibility if there was no authConfig header
var err error
authConfig, err = registry.DecodeAuthConfigBody(r.Body)
if err != nil {
return errors.Wrap(err, "bad parameters and missing X-Registry-Auth")
if err := json.NewDecoder(r.Body).Decode(authConfig); err != nil {
return fmt.Errorf("Bad parameters and missing X-Registry-Auth: %v", err)
}
}
image := vars["name"]
tag := r.Form.Get("tag")
output := ioutils.NewWriteFlusher(w)
defer output.Close()
w.Header().Set("Content-Type", "application/json")
img := vars["name"]
tag := r.Form.Get("tag")
var ref reference.Named
// Tag is empty only in case PushOptions.All is true.
if tag != "" {
r, err := httputils.RepoTagReference(img, tag)
if err != nil {
return errdefs.InvalidParameter(err)
}
ref = r
} else {
r, err := reference.ParseNormalizedNamed(img)
if err != nil {
return errdefs.InvalidParameter(err)
}
ref = r
}
if err := ir.backend.PushImage(ctx, ref, metaHeaders, authConfig, output); err != nil {
if err := s.backend.PushImage(ctx, image, tag, metaHeaders, authConfig, output); err != nil {
if !output.Flushed() {
return err
}
_, _ = output.Write(streamformatter.FormatError(err))
sf := streamformatter.NewJSONStreamFormatter()
output.Write(sf.FormatError(err))
}
return nil
}
func (ir *imageRouter) getImagesGet(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
func (s *imageRouter) getImagesGet(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
@ -230,16 +186,17 @@ func (ir *imageRouter) getImagesGet(ctx context.Context, w http.ResponseWriter,
names = r.Form["names"]
}
if err := ir.backend.ExportImage(ctx, names, output); err != nil {
if err := s.backend.ExportImage(names, output); err != nil {
if !output.Flushed() {
return err
}
_, _ = output.Write(streamformatter.FormatError(err))
sf := streamformatter.NewJSONStreamFormatter()
output.Write(sf.FormatError(err))
}
return nil
}
func (ir *imageRouter) postImagesLoad(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
func (s *imageRouter) postImagesLoad(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
@ -249,21 +206,13 @@ func (ir *imageRouter) postImagesLoad(ctx context.Context, w http.ResponseWriter
output := ioutils.NewWriteFlusher(w)
defer output.Close()
if err := ir.backend.LoadImage(ctx, r.Body, output, quiet); err != nil {
_, _ = output.Write(streamformatter.FormatError(err))
if err := s.backend.LoadImage(r.Body, output, quiet); err != nil {
output.Write(streamformatter.NewJSONStreamFormatter().FormatError(err))
}
return nil
}
type missingImageError struct{}
func (missingImageError) Error() string {
return "image name cannot be blank"
}
func (missingImageError) InvalidParameter() {}
func (ir *imageRouter) deleteImages(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
func (s *imageRouter) deleteImages(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
@ -271,13 +220,13 @@ func (ir *imageRouter) deleteImages(ctx context.Context, w http.ResponseWriter,
name := vars["name"]
if strings.TrimSpace(name) == "" {
return missingImageError{}
return fmt.Errorf("image name cannot be blank")
}
force := httputils.BoolValue(r, "force")
prune := !httputils.BoolValue(r, "noprune")
list, err := ir.backend.ImageDelete(ctx, name, force, prune)
list, err := s.backend.ImageDelete(name, force, prune)
if err != nil {
return err
}
@ -285,162 +234,42 @@ func (ir *imageRouter) deleteImages(ctx context.Context, w http.ResponseWriter,
return httputils.WriteJSON(w, http.StatusOK, list)
}
func (ir *imageRouter) getImagesByName(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
img, err := ir.backend.GetImage(ctx, vars["name"], backend.GetImageOpts{Details: true})
func (s *imageRouter) getImagesByName(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
imageInspect, err := s.backend.LookupImage(vars["name"])
if err != nil {
return err
}
imageInspect, err := ir.toImageInspect(img)
if err != nil {
return err
}
version := httputils.VersionFromContext(ctx)
if versions.LessThan(version, "1.44") {
imageInspect.VirtualSize = imageInspect.Size //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.
if imageInspect.Created == "" {
// backwards compatibility for Created not existing returning "0001-01-01T00:00:00Z"
// https://github.com/moby/moby/issues/47368
imageInspect.Created = time.Time{}.Format(time.RFC3339Nano)
}
}
if versions.GreaterThanOrEqualTo(version, "1.45") {
imageInspect.Container = "" //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.45.
imageInspect.ContainerConfig = nil //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.45.
}
return httputils.WriteJSON(w, http.StatusOK, imageInspect)
}
func (ir *imageRouter) toImageInspect(img *image.Image) (*types.ImageInspect, error) {
var repoTags, repoDigests []string
for _, ref := range img.Details.References {
switch ref.(type) {
case reference.NamedTagged:
repoTags = append(repoTags, reference.FamiliarString(ref))
case reference.Canonical:
repoDigests = append(repoDigests, reference.FamiliarString(ref))
}
}
comment := img.Comment
if len(comment) == 0 && len(img.History) > 0 {
comment = img.History[len(img.History)-1].Comment
}
// Make sure we output empty arrays instead of nil.
if repoTags == nil {
repoTags = []string{}
}
if repoDigests == nil {
repoDigests = []string{}
}
var created string
if img.Created != nil {
created = img.Created.Format(time.RFC3339Nano)
}
return &types.ImageInspect{
ID: img.ID().String(),
RepoTags: repoTags,
RepoDigests: repoDigests,
Parent: img.Parent.String(),
Comment: comment,
Created: created,
Container: img.Container, //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.45.
ContainerConfig: &img.ContainerConfig, //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.45.
DockerVersion: img.DockerVersion,
Author: img.Author,
Config: img.Config,
Architecture: img.Architecture,
Variant: img.Variant,
Os: img.OperatingSystem(),
OsVersion: img.OSVersion,
Size: img.Details.Size,
GraphDriver: types.GraphDriverData{
Name: img.Details.Driver,
Data: img.Details.Metadata,
},
RootFS: rootFSToAPIType(img.RootFS),
Metadata: imagetypes.Metadata{
LastTagTime: img.Details.LastUpdated,
},
}, nil
}
func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
var layers []string
for _, l := range rootfs.DiffIDs {
layers = append(layers, l.String())
}
return types.RootFS{
Type: rootfs.Type,
Layers: layers,
}
}
func (ir *imageRouter) getImagesJSON(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
func (s *imageRouter) getImagesJSON(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
imageFilters, err := filters.FromJSON(r.Form.Get("filters"))
imageFilters, err := filters.FromParam(r.Form.Get("filters"))
if err != nil {
return err
}
version := httputils.VersionFromContext(ctx)
if versions.LessThan(version, "1.41") {
// NOTE: filter is a shell glob string applied to repository names.
filterParam := r.Form.Get("filter")
if filterParam != "" {
imageFilters.Add("reference", filterParam)
}
filterParam := r.Form.Get("filter")
if versions.LessThan(version, "1.28") && filterParam != "" {
imageFilters.Add("reference", filterParam)
}
var sharedSize bool
if versions.GreaterThanOrEqualTo(version, "1.42") {
// NOTE: Support for the "shared-size" parameter was added in API 1.42.
sharedSize = httputils.BoolValue(r, "shared-size")
}
images, err := ir.backend.Images(ctx, imagetypes.ListOptions{
All: httputils.BoolValue(r, "all"),
Filters: imageFilters,
SharedSize: sharedSize,
})
images, err := s.backend.Images(imageFilters, httputils.BoolValue(r, "all"), false)
if err != nil {
return err
}
useNone := versions.LessThan(version, "1.43")
withVirtualSize := versions.LessThan(version, "1.44")
for _, img := range images {
if useNone {
if len(img.RepoTags) == 0 && len(img.RepoDigests) == 0 {
img.RepoTags = append(img.RepoTags, "<none>:<none>")
img.RepoDigests = append(img.RepoDigests, "<none>@<none>")
}
} else {
if img.RepoTags == nil {
img.RepoTags = []string{}
}
if img.RepoDigests == nil {
img.RepoDigests = []string{}
}
}
if withVirtualSize {
img.VirtualSize = img.Size //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.
}
}
return httputils.WriteJSON(w, http.StatusOK, images)
}
func (ir *imageRouter) getImagesHistory(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
history, err := ir.backend.ImageHistory(ctx, vars["name"])
func (s *imageRouter) getImagesHistory(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
name := vars["name"]
history, err := s.backend.ImageHistory(name)
if err != nil {
return err
}
@ -448,92 +277,68 @@ func (ir *imageRouter) getImagesHistory(ctx context.Context, w http.ResponseWrit
return httputils.WriteJSON(w, http.StatusOK, history)
}
func (ir *imageRouter) postImagesTag(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
func (s *imageRouter) postImagesTag(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
ref, err := httputils.RepoTagReference(r.Form.Get("repo"), r.Form.Get("tag"))
if ref == nil || err != nil {
return errdefs.InvalidParameter(err)
}
refName := reference.FamiliarName(ref)
if refName == string(digest.Canonical) {
return errdefs.InvalidParameter(errors.New("refusing to create an ambiguous tag using digest algorithm as name"))
}
img, err := ir.backend.GetImage(ctx, vars["name"], backend.GetImageOpts{})
if err != nil {
return errdefs.NotFound(err)
}
if err := ir.backend.TagImage(ctx, img.ID(), ref); err != nil {
if err := s.backend.TagImage(vars["name"], r.Form.Get("repo"), r.Form.Get("tag")); err != nil {
return err
}
w.WriteHeader(http.StatusCreated)
return nil
}
func (ir *imageRouter) getImagesSearch(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
func (s *imageRouter) getImagesSearch(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
var (
config *types.AuthConfig
authEncoded = r.Header.Get("X-Registry-Auth")
headers = map[string][]string{}
)
var limit int
if r.Form.Get("limit") != "" {
var err error
limit, err = strconv.Atoi(r.Form.Get("limit"))
if err != nil || limit < 0 {
return errdefs.InvalidParameter(errors.Wrap(err, "invalid limit specified"))
if authEncoded != "" {
authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
if err := json.NewDecoder(authJSON).Decode(&config); err != nil {
// for a search it is not an error if no auth was given
// to increase compatibility with the existing api it is defaulting to be empty
config = &types.AuthConfig{}
}
}
searchFilters, err := filters.FromJSON(r.Form.Get("filters"))
if err != nil {
return err
}
// For a search it is not an error if no auth was given. Ignore invalid
// AuthConfig to increase compatibility with the existing API.
authConfig, _ := registry.DecodeAuthConfig(r.Header.Get(registry.AuthHeader))
headers := http.Header{}
for k, v := range r.Header {
k = http.CanonicalHeaderKey(k)
if strings.HasPrefix(k, "X-Meta-") {
headers[k] = v
}
}
headers.Set("User-Agent", dockerversion.DockerUserAgent(ctx))
res, err := ir.searcher.Search(ctx, searchFilters, r.Form.Get("term"), limit, authConfig, headers)
limit := registry.DefaultSearchLimit
if r.Form.Get("limit") != "" {
limitValue, err := strconv.Atoi(r.Form.Get("limit"))
if err != nil {
return err
}
limit = limitValue
}
query, err := s.backend.SearchRegistryForImages(ctx, r.Form.Get("filters"), r.Form.Get("term"), limit, config, headers)
if err != nil {
return err
}
return httputils.WriteJSON(w, http.StatusOK, res)
return httputils.WriteJSON(w, http.StatusOK, query.Results)
}
func (ir *imageRouter) postImagesPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
func (s *imageRouter) postImagesPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
if err := httputils.ParseForm(r); err != nil {
return err
}
pruneFilters, err := filters.FromJSON(r.Form.Get("filters"))
pruneFilters, err := filters.FromParam(r.Form.Get("filters"))
if err != nil {
return err
}
pruneReport, err := ir.backend.ImagesPrune(ctx, pruneFilters)
pruneReport, err := s.backend.ImagesPrune(pruneFilters)
if err != nil {
return err
}
return httputils.WriteJSON(w, http.StatusOK, pruneReport)
}
// validateRepoName validates the name of a repository.
func validateRepoName(name reference.Named) error {
familiarName := reference.FamiliarName(name)
if familiarName == api.NoBaseImageSpecifier {
return fmt.Errorf("'%s' is a reserved name", familiarName)
}
return nil
}

Some files were not shown because too many files have changed in this diff Show more