This patch creates a new `tlsconfig` package to handle creation of
secure-enough TLS configurations for clients and servers.
The package was created by refactoring TLS code in the client and the
daemon. After this patch, it is expected that all code creating TLS
configurations use this `tlsconfig` package for greater security,
consistency and readability.
On the server side, this fixes a bug where --tlsverify was not taken
into account. Now, if specified, it will require the client to
authenticate.
Signed-off-by: Tibor Vass <tibor@docker.com>
Fixes#13107. This change enables Go duration strings
computed relative to the client machine’s time to be used
as input parameters to `docker events --since/--until`
and `docker logs --since` arguments.
Added unit tests for pkg/timeutils.GetTimestamp as well.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
And removing unused code.
- tarsum.go :
NewTarSumHash could be non exported (for now)
NewTarSumForLabel is never used, except for the tests
- fileinfosums.go:
SortByPos is never used, except for the tests
- versionning.go:
GetVersions is never used, expect for the tests
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Change CLI error msg because it was too specific and didn't make sense
when there were errors not related to inaccessible files.
Removed some log.Error() calls since they're not really errors we should
log. Returning the error will be enough.
Closes: #13417
Signed-off-by: Doug Davis <dug@us.ibm.com>
Continues 11858 by:
- Making sure the exit code is always zero when we ask for help
- Making sure the exit code isn't zero when we print help on error cases
- Making sure both short and long usage go to the same stream (stdout vs stderr)
- Making sure all docker commands support --help
- Test that all cmds send --help to stdout, exit code 0, show full usage, no blank lines at end
- Test that all cmds (that support it) show short usage on bad arg to stderr, no blank line at end
- Test that all cmds complain about a bad option, no blank line at end
- Test that docker (w/o subcmd) does the same stuff mentioned above properly
Signed-off-by: Doug Davis <dug@us.ibm.com>
Signed by all authors:
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Jeff Lindsay <progrium@gmail.com>
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Signed-off-by: Luke Marsden <luke@clusterhq.com>
Signed-off-by: David Calavera <david.calavera@gmail.com>
Because I just used it somewhere else and it would be nice if I didn't have to copy and paste the code.
Signed-off-by: David Calavera <david.calavera@gmail.com>
As part of this some generic packages like iptables, etchosts and resolvconf
have also been moved to libnetwork. Even though they can still be
consumed in a generic fashion they will reside and be maintained
from within the libnetwork project.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
This patch removes the need for requestFactories and decorators
by implementing http.RoundTripper transports instead.
It refactors some challenging-to-read code.
NewSession now takes an *http.Client that can already have a
custom Transport, it will add its own auth transport by wrapping
it.
The idea is that callers of http.Client should not bother
setting custom headers for every handler but instead it should
be transparent to the callers of a same context.
This patch is needed for future refactorings of registry,
namely refactoring of the v1 client code.
Signed-off-by: Tibor Vass <tibor@docker.com>