Commit graph

1554 commits

Author SHA1 Message Date
Eric Windisch
8a44179788 Prefer crypto rand seed for pkg/rand
Crypto rand is a much better seed for math/rand than
time. In the event we use math/rand where we should not,
this will make it a safer source of random numbers.

Although potentially dangerous, this will still fallback
to time should crypto/rand for any reason fail.

Signed-off-by: Eric Windisch <eric@windisch.us>
2015-07-29 12:55:57 -04:00
Alexander Morozov
5ffc6a6fae Use global random *rand.Rand instance in pkg
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-29 09:30:48 -07:00
Alexander Morozov
0dc55c7057 Replace GenerateRandomID with GenerateNonCryptoID
This allow us to avoid entropy usage in non-crypto critical places.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-28 22:31:01 -07:00
Alexander Morozov
f8502c82ee Add GenerateNonCryptoID function to avoid entropy exhaustion
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-28 22:31:01 -07:00
Alexander Morozov
fb13942b1e Add global instance of *(math/rand).Rand and Reader
You can read random bytes from Reader without exhausting entropy.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-28 22:30:57 -07:00
David Calavera
62ccc23024 Fix reset timeout for buffer readers.
Use our goroutine-safe random source.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-07-28 14:30:18 -07:00
Vincent Batts
f0512440f7 archive, chrootarchive: split out decompression
In `ApplyLayer` and `Untar`, the stream is magically decompressed. Since
this is not able to be toggled, rather than break this ./pkg/ API, add
an `ApplyUncompressedLayer` and `UntarUncompressed` that does not
magically decompress the layer stream.

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-07-28 16:36:38 -04:00
Félix Cantournet
26a545e3bc Fix golint for pkg/mflag
Signed-off-by: Félix Cantournet <felix.cantournet@cloudwatt.com>
2015-07-28 15:32:42 +02:00
Aaron Lehmann
0715aa3a13 Fix golint nit in term_windows.go
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-27 17:40:49 -07:00
Jessie Frazelle
809a231314 Merge pull request #14838 from Microsoft/10662-ansirewrite
Windows: CLI Improvement (TP3)
2015-07-27 17:30:14 -07:00
Vincent Demeester
9bcb3cba83 Lint on pkg/* packages
- pkg/useragent
- pkg/units
- pkg/ulimit
- pkg/truncindex
- pkg/timeoutconn
- pkg/term
- pkg/tarsum
- pkg/tailfile
- pkg/systemd
- pkg/stringutils
- pkg/stringid
- pkg/streamformatter
- pkg/sockets
- pkg/signal
- pkg/proxy
- pkg/progressreader
- pkg/pools
- pkg/plugins
- pkg/pidfile
- pkg/parsers
- pkg/parsers/filters
- pkg/parsers/kernel
- pkg/parsers/operatingsystem

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-07-27 21:26:21 +02:00
Jessie Frazelle
a922d62168 Merge pull request #14959 from runcom/remove-pkg-systemd-booted-go
Remove pkg/systemd/booted.go
2015-07-27 10:22:58 -07:00
Vincent Batts
efe2e75d81 *: s/direcotry/directory/g typo
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-07-27 11:29:28 -04:00
Chris Seto
65b22e7a78 Fix go vet errors
Signed-off-by: Chris Seto <chriskseto@gmail.com>
2015-07-25 17:00:10 -04:00
Derek McGowan
9f1a11056c Use notary library for trusted image fetch and signing
Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest.
On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server.
If a tag is given, the cli will resolve the tag into a digest and pull by digest.
After pulling, if a tag is given the cli makes a request to tag the image.

Use certificate directory for notary requests

Read certificates using same logic used by daemon for registry requests.

Catch JSON syntax errors from Notary client

When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user.
Provide a generic error when a JSON syntax error occurs.

Catch expiration errors and wrap in additional context.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-24 14:08:20 -07:00
Tibor Vass
264e16318f reexec: Use in-memory binary on linux instead of os.Args[0]
This keeps reexec working properly even if the on-disk binary was replaced.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-07-24 14:15:50 -04:00
Antonio Murdaca
bd749bf0b7 Remove pkg/systemd/booted.go
Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-07-24 18:09:27 +02:00
Tibor Vass
0cec613de9 cli: new daemon command and new cli package
This patch creates a new cli package that allows to combine both client
and daemon commands (there is only one daemon command: docker daemon).

The `-d` and `--daemon` top-level flags are deprecated and a special
message is added to prompt the user to use `docker daemon`.

Providing top-level daemon-specific flags for client commands result
in an error message prompting the user to use `docker daemon`.

This patch does not break any old but correct usages.

This also makes `-d` and `--daemon` flags, as well as the `daemon`
command illegal in client-only binaries.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-07-23 19:44:46 -04:00
Arnaud Porterie
879067d69e Enable validate-lint as part of CI
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2015-07-22 15:23:34 -07:00
David Calavera
ebb4e279e8 Merge pull request #14442 from cpuguy83/refactor_logdrvier_reader
Refactor log driver reader
2015-07-22 11:54:35 -07:00
Antonio Murdaca
056158ea4c pkg: mount: golint
Fix the following warnings:

pkg/mount/mountinfo.go:5:6: type name will be used as mount.MountInfo by other packages, and that stutters; consider calling this Info
pkg/mount/mountinfo.go:7:2: struct field Id should be ID

Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-07-22 10:26:10 +02:00
Jessie Frazelle
64ddf3420c Merge pull request #14804 from dave-tucker/golint_nat
golint: Fix issues in pkg/nat
2015-07-21 20:38:40 -07:00
Jessie Frazelle
4b0f56e20b Merge pull request #14822 from runcom/host-config-links-on-start
Allow starting a container with an existing hostConfig which contains links
2015-07-21 20:06:26 -07:00
Brian Goff
b16ccd9856 remove dead code after decoupling from jsonlog
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-07-21 20:47:35 -04:00
Brian Goff
7d99b19364 Split reader interface from logger interface
Implement new reader interface on jsonfile.
Moves jsonlog decoding from daemon to jsonfile logger.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-07-21 20:47:31 -04:00
Arnaud Porterie
e546b22ece Merge pull request #13171 from jlhawn/archive_copy
docker cp to and from containers
2015-07-21 16:59:44 -07:00
Dave Tucker
3c362c6d56 golint: Fix issues in pkg/nat
Updates #14756

Signed-off-by: Dave Tucker <dt@docker.com>
2015-07-22 00:47:41 +01:00
John Howard
9a30d8cf9f Windows: CLI Improvement
The Ansi parser and their associated actions have been decoupled. Now
parsing results in call backs to an interface which performs the
appropriate actions depending on the environment.

This improvement provides a functional Vi experience and the vttest no
longer panics.

This PR replaces docker/docker #13224 with the latest console updates.

Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-21 16:38:44 -07:00
David Calavera
e6e9fbe4f7 Merge pull request #14682 from duglin/Issue14621
Remove panic in nat package on invalid hostport
2015-07-21 15:48:51 -07:00
Arnaud Porterie
6618614367 Merge pull request #14805 from dave-tucker/golint_namesgen
golint: Lint pkg/namesgenerator
2015-07-21 13:45:31 -07:00
Antonio Murdaca
b93e4f669a Allow starting a container with an existing hostConfig which contains links
Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-07-21 22:10:00 +02:00
Josh Hawn
33cd39caf0 pkg/archive: new utilities for copying resources
Adds TarResource and CopyTo functions to be used for creating
archives for use with the new `docker cp` behavior.

Adds multiple test cases for the CopyFrom and CopyTo
functions in the pkg/archive package.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-07-21 11:03:25 -07:00
Arnaud Porterie
9511b53907 Merge pull request #13617 from Microsoft/10662-sql
Windows: Statically linkable SQLite3
2015-07-21 10:12:40 -07:00
John Howard
9998a8cb38 Windows: Statically linkable SQLite3
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-21 09:33:46 -07:00
Dave Tucker
4ddc4a1cdf golint: Lint pkg/namesgenerator
Also addded a couple more tests

Updates #14756

Signed-off-by: Dave Tucker <dt@docker.com>
2015-07-21 16:33:34 +01:00
Doug Davis
49691393a9 Merge pull request #14762 from LK4D4/lint_reexec
Add docstring to reexec.Command
2015-07-20 20:37:27 -04:00
Alexander Morozov
0340c8548a Add docstring to reexec.Command
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-20 17:00:18 -07:00
Antonio Murdaca
e9bcd25a76 move nat tests from container's unit test to nat's ones
Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-07-21 00:29:24 +02:00
Doug Davis
a4a878dfdb Remove panic in nat package on invalid hostport
Closes #14621

This one grew to be much more than I expected so here's the story... :-)
- when a bad port string (e.g. xxx80) is passed into container.create()
  via the API it wasn't being checked until we tried to start the container.
- While starting the container we trid to parse 'xxx80' in nat.Int()
  and would panic on the strconv.ParseUint().  We should (almost) never panic.
- In trying to remove the panic I decided to make it so that we, instead,
  checked the string during the NewPort() constructor.  This means that
  I had to change all casts from 'string' to 'Port' to use NewPort() instead.
  Which is a good thing anyway, people shouldn't assume they know the
  internal format of types like that, in general.
- This meant I had to go and add error checks on all calls to NewPort().
  To avoid changing the testcases too much I create newPortNoError() **JUST**
  for the testcase uses where we know the port string is ok.
- After all of that I then went back and added a check during container.create()
  to check the port string so we'll report the error as soon as we get the
  data.
- If, somehow, the bad string does get into the metadata we will generate
  an error during container.start() but I can't test for that because
  the container.create() catches it now.  But I did add a testcase for that.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-07-17 13:02:54 -07:00
Arnaud Porterie
ab8d2da487 Merge pull request #14693 from LK4D4/update_libcontainer
Update libcontainer
2015-07-17 13:02:04 -07:00
Sebastiaan van Stijn
8e5b6040fa Merge pull request #13951 from calavera/plugins_path
Separate plugin sockets and specs.
2015-07-17 21:11:31 +02:00
David Calavera
13a2948dc8 Merge pull request #14605 from brahmaroutu/gccgo_scheduler
Go Scheduler issue with sync.Mutex
2015-07-17 08:16:32 -07:00
root
b0e927fed5 Go Scheduler issue with sync.Mutex using gccgo
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-07-17 01:33:58 +00:00
Alexander Morozov
b069f4c9c2 Update libcontainer
Replaced github.com/docker/libcontainer with
github.com/opencontainers/runc/libcontaier.
Also I moved AppArmor profile generation to docker.

Main idea of this update is to fix mounting cgroups inside containers.
After updating docker on CI we can even remove dind.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-16 16:02:26 -07:00
David Calavera
bee3972856 Separate plugin sockets and specs.
Check if there is a plugin socket first under `/run/docker/plugins/NAME.sock`.
If there is no socket for a plugin, check `/etc/docker/plugins/NAME.spec` and
`/usr/lib/docker/plugins/NAME.spec` for spec files.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-07-16 14:20:07 -07:00
Tibor Vass
1601bba9a5 remove pkg/transport and use the one from distribution
Signed-off-by: Tibor Vass <tibor@docker.com>
2015-07-16 13:13:46 -04:00
David Calavera
4832a3dc2d Merge pull request #14661 from LK4D4/vet_warns
Fix some formatting calls
2015-07-15 16:41:18 -07:00
Alexander Morozov
a3941cab07 Fix some formatting calls
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-15 12:25:50 -07:00
Victor Vieux
3314761f62 add support for base path in docker cli -H
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2015-07-08 15:42:40 -07:00
Alexander Morozov
d5b7b9fa88 Don't use time.After if there is no timeout
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-14 09:14:51 -07:00