mirror of
git://git.yoctoproject.org/meta-virtualization.git
synced 2025-07-19 20:59:41 +02:00
e1fa9062b6
Bumping moby to version v28.3.0-2-ge0183475e0, which comprises the following commits:
a2af8bdebd gha/bin-image: add major and minor version image tags
b2a9318a1e docs: cut api docs for v1.51
8c713c1af4 gha: lower timeouts on "build" and "merge" steps
8e7ea470cf vendor: update buildkit to v0.23.1
222baf4ccb vendor: github.com/moby/buildkit v0.23.0
0e0ca09ddc daemon: containerStop: fix ordering of "stop" and "die" events
e62b0e2234 vendor: github.com/opencontainers/cgroups v0.0.3
06ab9cd1ed daemon/config: Validate: add missing validation for registry mirrors
97aa4e8550 registry: ValidateMirror: improve validation for missing schemes
e18a9c95b8 Update containerd to v2.1.3
09fef2b26e api/types/container: deprecate ExecOptions.Detach
44c8cd2e8f vendor: update buildkit to v0.13.0-rc2
78b6204f9e vendor: github.com/moby/swarmkit/v2 v2.0.0
cf98237186 vendor: github.com/moby/swarmkit/v2 v2.0.0-20250613170222-a45be3cac15c
fd96b01b0e pkg/idtools: deprecate IdentityMapping, Identity.Chown
987b8a88a6 c8d/push: Extract shared push logic
d9e7b86de4 c8d/push: Fix fallback single-manifest push not creating a tag
53d12c96f8 vendor: github.com/containerd/containerd/v2 v2.1.2
aac0260d21 Fix flaky test TestDaemonRestartRestoreBridgeNetwork
cfcbfabb0f api/image/list: Return `Containers` count
6d737371b8 fix comparison rule from errorlint
941d09e265 Handle error message from token server with containerd backend
e4e7fcf668 vendor: github.com/moby/buildkit v0.23.0-rc1
d3d20b9195 integration-cli: TestCopyFromContainerPathIsNotDir: adjust for win 2025
cf86f3a082 vendor: github.com/containerd/nydus-snapshotter v0.15.2
9a85f50aaa vendor: github.com/pelletier/go-toml/v2 v2.2.4
1764909076 vendor: github.com/fsnotify/fsnotify v1.9.0
102adcab57 vendor: github.com/containerd/console v1.0.5
5230692cad vendor: cloud.google.com/go/longrunning v0.5.5
5fb6604642 vendor: google.golang.org/api v0.160.0
d2954c4e05 vendor: otel v1.35.0, otel/contrib v0.60.0, grpc v1.72.2
05f892190c vendor: github.com/prometheus/client_golang v1.22.0
952cddd05b vendor: google.golang.org/protobuf v1.36.6
ccf5f8036c vendor: golang.org/x/sys v0.33.0
c81e03bc0b vendor: golang.org/x/sync v0.14.0
05e8b1701c daemon/containerd remove leftover schema1 compatibility code
2ff281e33a daemon/containerd: update link to containerd code
d54f713d95 daemon/containerd: rename var that shadowed type
8e6cd44ce4 daemon: ensuring state of stopped container is visible to other queries when container is stopped and before API response is sent (fix for https://github.com/moby/moby/issues/50133).
7acb079403 Revert "libn/networkdb: don't exceed broadcast size limit"
0df31cf585 Revert "libn/networkdb: fix data race in GetTableByNetwork"
83b2fc245d Revert "Fix possible overlapping IPs when ingressNA == nil"
e079583ab4 Revert "libnetwork/networkdb: use correct index in GetTableByNetwork"
cfd5e5e4d4 Revert "libn/networkdb: b'cast watch events from local POV"
576cf73add Revert "libn/networkdb: record tombstones for all deletes"
2297ae3e64 Revert "libn/networkdb: Watch() without race conditions"
cc60ec8d3c Revert "libn/networkdb: stop table events from racing network leaves"
b5b349dbd6 Revert "libn/osl: drop unused AddNeighbor force parameter"
35916f0869 Revert "libn/osl: refactor func (*Namespace) AddNeighbor"
3eb59ba5a2 Revert "libnetwork/osl: remove superfluous locks in Namespace"
5d6ae34753 Revert "libnetwork/osl: stop tracking neighbor entries"
ea818a7f6f Revert "libnetwork/internal/setmatrix: make keys generic"
78ccc20545 Revert "libn/d/overlay: use netip types more"
23c56099ee daemon/logger/loggerutils: use defer to fix gocritic "badlock" linter
0069360e3b volume/mounts: windowsDetectMountType: rewrite using switch
027355d7b3 container/stream: TestRaceUnbuffered: put unused testing.T to use
2bbf5f5a39 daemon/containerd: ImageService.resolveImage: cleanup resolve by name:tag
2e25775c83 libnetwork: Replace deprecated usages
3dd8f03f25 vendor: go.etcd.io/bbolt v1.4.0
55f47f9e34 Windows: don't try to load "mirrored" network plugin
20b6075380 fix badCall from go-critic
10c4715a62 openrc: allow customizing containerd service name
c466ae0f71 fix badLock from go-critic
19f5ac3c81 fix initClause from go-critic
aa632664b6 fix mapKey from go-critic
5ad4e4edf7 fix deprecatedComment from go-critic
b8a4f6534f fix stringsCompare and stringConcatSimplify from go-critic
a62de57aa1 fix sprintfQuotedString from go-critic
bc9ec5fc02 fix emptyStringTest from go-critic
469afa5f8f fix httpNoBody from go-critic
8f7faa01d1 fix boolExprSimplify from go-critic
e5be7b54b1 fix yodaStyleExpr from go-critic
64075850fc fix go-critic linter
793dd8385a Only "prune" Windows networks created by Docker
071d27cd3d Add contributor guidelines for where to put source code in packages
1603ad636e update to go1.24.4
9b5d8cd186 fix thelper linter
ea581c96b9 Validate BIND_DIR variable in Makefile
e32715ec03 Added support for AMD GPUs in "docker run --gpus".
6bac5ca833 Set EnableIPv4=true in overlay network inspect response
27f2e0ecc5 api: bump to 1.51
bd20bfdc41 all: remove redundant import-aliases for "go-winio"
f85394dd5d api: image inspect: add back fields that did not omitempty
284904119a Dockerfile: update cli to v28.2.2
8ba832cc8f docs/api: swagger: quote maxUint64 example value
affe1d6335 api/swagger: quote maxUint64 example value
b6fa565cba libnetwork/resolvconf: Build: decorate error for invalid nameservers
35e062dde1 libnetwork/resolvconf: rewrite TestBuild tests to a table-test
16ed51d864 libnetwork/networkdb: always shut down memberlist
c1a27ea5af pkg/stack: remove // import comments
dd382769bd pkg/rootless: remove // import comments
ce191648c7 pkg/useragent: remove // import comments
ad1a388895 pkg/tailfile: remove // import comments
b6f99f6d7f pkg/stringid: remove // import comments
ca2cca1286 pkg/stdcopy: remove // import comments
225b7ca6b7 pkg/progress: remove // import comments
0f9818ad03 pkg/pools: remove // import comments
f0f4fa0038 pkg/plugingetter: remove // import comments
5f4da92972 pkg/platform: remove // import comments
7a703f3772 pkg/pidfile: remove // import comments
511cf09e75 pkg/namesgenerator: remove // import comments
864e3f9348 pkg/longpath: remove // import comments
cc329af619 pkg/jsonmessage: remove // import comments
0c70c762b2 pkg/streamformatter: remove // import comments
fd8b6a24ab pkg/tarsum: remove // import comments
17845556f2 pkg/system: remove // import comments
18a1b61b49 pkg/sysinfo: remove // import comments
126246ae39 pkg/plugins: remove // import comments
0380c952a6 pkg/parsers: remove // import comments
4800a9b50d pkg/ioutils: remove // import comments
ca3982adea pkg/homedir: remove // import comments
c93f18e0b8 pkg/fileutils: remove // import comments
6a9f7c543c pkg/authorization: remove // import comments
a4411f497f errdefs: remove // import comments
0ea03c4add opts: remove // import comments
7ce4e9685a oci: remove // import comments
23009a700a testutil: remove // import comments
fe1bc3e7fd runconfig: remove // import comments
4656712b82 restartmanager: remove // import comments
134f20c828 reference: remove // import comments
97b20f6b79 registry: remove // import comments
2548254317 quota: remove // import comments
66055ea07c plugin: remove // import comments
3bbb38f1d2 volume: remove // import comments
021dd75bc4 libcontainerd: remove // import comments
fe34e89992 layer: remove // import comments
9abf9f2d0d internal: remove // import comments
4970333621 integration: remove // import comments
a4b0d32fa6 integration-cli: remove // import comments
7eecd04c7b image: remove // import comments
c1a3c51d9e dockerversion: remove // import comments
c7cb2d9783 distribution: remove // import comments
5318877858 daemon: remove // import comments
076e98e8f3 daemon/links, daemon/network: remove // import comments
2b42088bd5 daemon/listeners: remove // import comments
241e0bca8b daemon/events: remove // import comments
27956106d5 daemon/config: remove // import comments
69c34390c0 daemon/logger: remove // import comments
7d4caf4ba8 daemon/images: remove // import comments
9876c9fbcf daemon/graphdriver: remove // import comments
986ec3f877 daemon/cluster: remove // import comments
89aa33001e container: remove // import comments
d469079338 cmd: remove // import comments
c6bbc3bb6e builder: remove // import comments
4856e8ffad client: remove // import comments
bf9d739561 api: remove // import comments
fca97dae9d libnet/d/overlay/overlayutils: prevent uint32 overflow
3d8195a20f daemon/logger/fluentd: cap max-retries to MaxInt32
404f29c42d gha/bin-image: Don't push sha tags
7994426e61 Revert "containerd: images overridden by a build are kept dangling"
a2652d4b81 Don't set up iptables chain DOCKER-USER when using nftables
d3289dda4b Add nftables NAT rules for internal DNS resolver
c299ba3b38 Update worker.Platforms() in builder-next worker.
6889039d76 Fix silent stop on error due to using output redirection together with `set -eu`.
d6620915db portallocator: always check for ports allocated for 0.0.0.0/::
027588eba0 builder: Pass cdi cache instead of CDISpecDirs
bc6bc7aafa daemon/cdi: Log not found dirs as INFO
9856bf52a2 daemon: Configure default CDI cache
ae2fc2ddd1 PortAllocator: Use netip.Addr instead of string as map key
19dc38f79b Listen on mapped host ports before mapping more ports
dc519a0f18 iptables: Drop explicit RETURN rule from DOCKER-USER
148a19b6d6 seccomp: Require CAP_SYS_ADMIN for lsm_* syscalls
0ab8108b57 seccomp: Fix typo in lsm_set_self_attr
21a165de23 Use env-var DOCKER_FIREWALL_BACKEND=nftables to enable nftables
637e8142ce clean up golangci-lint config for deprectated errdefs.*
37caf3881a volume: replace uses of errdefs package
08768e4d9d testutil: replace uses of errdefs package
416dc8c1bf runconfig: replace uses of errdefs package
8803b58259 refernce: replace uses of errdefs package
dcf253ffe2 plugin: replace uses of errdefs package
8561016335 libnetwork: replace uses of errdefs package
f06c450a8e libcontainerd: replace uses of errdefs package
528f2284ee integration-cli: replace uses of errdefs package
14852fcd82 integration: replace uses of errdefs package
a1a789dbd0 image: replace uses of errdefs package
6ee53a6831 errdefs: replace uses of errdefs package
083ccfa486 distribution: replace uses of errdefs package
55da8ea276 daemon: replace uses of errdefs package
364d8d8b31 container: replace uses of errdefs package
415fc7b41e builder: replace uses of errdefs package
f0eaf228c1 api: replace uses of errdefs package
f98b7005d2 remove fallback for non-OCI-compliant docker.pkg.github.com registry
048199f191 Dockerfile: update cli to v28.2.0-rc.2
d188df0039 libn/d/overlay: use netip types more
0317f773a6 libnetwork/internal/setmatrix: make keys generic
e48ea1c6e0 Make integration tests ready for nftables
f9f0db0789 Add nftables support to testutil SetFilterForwardPolicies
7ea0e60dde Skip test TestBridgeINCRouted in rootless mode
0d6e7cd983 libnetwork/osl: stop tracking neighbor entries
9866738736 libnetwork/osl: remove superfluous locks in Namespace
b6d76eb572 libn/osl: refactor func (*Namespace) AddNeighbor
3bdf99d127 libn/osl: drop unused AddNeighbor force parameter
f834a0bd82 vendor: github.com/miekg/dns v1.1.66
4da3b4bf2d run/pull: Warn/reject AI model images
339be4e2ae Dockerfile: install nano as alternative to vim
588a05a1ce docs/api: Cut docs for API v1.50
94daa36f03 libnetwork: don't reinvent mutexes
cd2702e04e Dockerfile: update compose to v2.36.2
01fec904e4 Dockerfile: update buildx to v0.24.0
072483f9d7 c8d/delete: Require --force when deleting platforms
30da69d694 c8d/delete: Support deleting specific platforms
acf6b6542e daemon/images: Make ImageDelete take opts struct
871675be9b c8d/delete: Extract untagReferences
153b16ad27 c8d: Extract memoryLabelStore
d7cca3f997 docs/api: update deprecation version for erroneous fields
4dc961d0e9 image-inspect: remove Config fields that are not part of the image
0ec3278d48 profiles/seccomp: kernel v6.13
6aa8288cfb profiles/seccomp: kernel v6.12
e03ac1fad9 daemon: createCDICache: fix error-capitalization
7263ae74cd contrib: systemd: update deprecated StartLimit options
888cbfddf2 vendor: github.com/opencontainers/cgroups v0.0.2
42970fc461 registry: replace uses of errdefs package
979f18691a daemon: restore: fix fluentd-async-connect migration for downgrades
c6b9bb00f9 api/server/router/build: BuilderVersion: allow buildkit on Windows
560299a16f validation: re-enable check for changes in integration-cli"
e354e42e14 vendor: update buildkit to v0.22.0
a2ada6b258 daemon/create: Simplify GetImage args
2c57455339 vendor: github.com/containerd/containerd/api v1.9.0
a3ce441ae0 client: Use containerd errdefs to convert http errors
86187b2606 vendor: github.com/vishvananda/netlink v1.3.1
e8c269843c builder-next: remove support for deprecated schema1 images
a9ec07a005 builder-next: add buildkit executor for wcow
e655763837 client/volume: use containerd errdefs checks
6bde39b729 client/utils: use containerd errdefs checks
144363fea2 client/task_list_test: use containerd errdefs checks
6cd9eaf5ab client/task_inspect_test: use containerd errdefs checks
68a8a8f3c8 client/swarm: use containerd errdefs checks
0b4495463f client/service: use containerd errdefs checks
ad4a3d32c6 client/secret: use containerd errdefs checks
df96159df0 client/request: use containerd errdefs checks
7e8b26ecb9 client/plugin: use containerd errdefs checks
2356f435a6 client/node: use containerd errdefs checks
4a830df491 client/network: use containerd errdefs checks
8f2bf4aef5 client/info_test: use containerd errdefs checks
a1035ec59b client/image: use containerd errdefs checks
370b7e65fc client/events_test: use containerd errdefs checks
27e64d3bdb client/distribution_inspect_test: use containerd errdefs checks
f030c7bf10 client/disk_usage_test: use containerd errdefs checks
c75ca8ef10 client/container: use containerd errdefs checks
eafa2266f6 client/config: use containerd errdefs checks
685fa0bb91 client/checkpoint: use containerd errdefs checks
bb41e5a32e Replace platforms.Format with platforms.FormatAll in functional code.
9319fefe35 vendor: github.com/moby/buildkit v0.22.0-rc2
cf11cd1aac Replace platforms.Format with platforms.FormatAll in user-visible messages and logs.
0b1c7a8306 api/types: move ServiceUpdateOptions to api/types/swarm
31d62930f7 api/types: move ServiceCreateOptions to api/types/swarm
5ad0867236 api/types: move TaskListOptions to api/types/swarm
7e8f630bec api/types: move SwarmUnlockKeyResponse to api/types/swarm
f008d85edc api/types: move NodeListOptions, NodeRemoveOptions to types/swarm
b13528522a api/types: move ServiceListOptions, ServiceInspectOptions to types/swarm
5e8fd897e1 client/volume: use gotest.tools-style asserts
9432eff6bc client/utils_test: use gotest.tools-style asserts
adf7ecc366 client/task_list_test: use gotest.tools-style asserts
b781699ee2 client/task_inspect_test: use gotest.tools-style asserts
d8ee5caf9a client/swarm: use gotest.tools-style asserts
a6cd40de6b client/service: use gotest.tools-style asserts
3658dae265 client/secret: use gotest.tools-style asserts
2e65796c86 client/request_test: use gotest.tools-style asserts
44f30261da client/plugin: use gotest.tools-style asserts
832efcd672 client/options_test: use gotest.tools-style asserts
88453254af client/node: use gotest.tools-style asserts
047343d070 client/network: use gotest.tools-style asserts
6402a106e7 client/image: use gotest.tools-style asserts
043c7fa539 client/hijack_test: use gotest.tools-style asserts
a8ed3bd734 client/events_test: use gotest.tools-style asserts
c88f921331 client/disk_usage_test: use gotest.tools-style asserts
051dae4fdc client/container: use gotest.tools-style asserts
cae3ccd34b client/config_create: use gotest.tools-style asserts
bfc684d3f7 client/client_test: use gotest.tools-style asserts
19f3259093 client/checkpoint: use gotest.tools-style asserts
a411a39be0 api/types: move ConfigCreateResponse, ConfigListOptions to types/swarm
23117afca8 api/types: move SecretCreateResponse, SecretListOptions to types/swarm
3d1e4d9002 api/types: move build-related types to api/types/build
bb7dbaafcd api/types: move BuildResult to api/types/build.Result
6505d3877c API: /info: remove BridgeNfIptables, BridgeNfIp6tables fields
114b8a4fa9 Remove unused image/v1 code
7130cd4f16 Remove DockerSchema1RegistrySuite schema 2 version 1 tests
7c09fa25fd distribution: remove v2 schema1 push
a891e4e3e1 validation: temporarily allows changes in integration-cli
2a96d2eb8d align //go:build versions
c1b2be0399 client/info_test: Use gotest.tools asserts
9095698a5c daemon: Discover devices and include in system info
f95a7c47e8 api: bump API version to 1.50
b70b496505 testutil/daemon: Don't use devcontainers daemon.json
23bbfea718 daemon: Fix error log when CDI cache creation failed
6d7a370fe5 Refactor CPU usage stats test to use go:embed
eefe68a37c api/types: move build cache types to api/types/build
7aa7369f1f client: deprecate IsErrNotFound
a022e916c8 update authors and mailmap
4cecce03f6 daemon: Enable CDI by default
07466d2e9b daemon: Daemon.ContainerExecStart: rename err-return, and minor refactor
d5c370dee6 libnetwork/networkdb: use correct index in GetTableByNetwork
270a4d41dc libn/networkdb: stop table events from racing network leaves
205ba05feb fix usestdlibvars
23fa0ae74a Cleanup http status error checks
fadb571106 Update api status checks to use containerd/errdefs
5c16f2d091 Use standard library interface to unwrap errors
a90a9d899b Ignore deprecations for internal errdefs package
f1bb44aeee Use containerd errdefs for error checks
ba2ddd75e4 Dockerfile: update crun to 1.21
f07242f6d7 containerd: include present content size in disk usage calculations
3ded7b97d0 vendor: github.com/containerd/accelerated-container-image v1.3.0
68e025a11b daemon: startIngressWorker: fix S1000: should use for range (staticcheck)
7bc6fd09da Dockerfile: update compose to v2.36.0
76b24759f0 container: Snapshot.Health: change type to container.HealthStatus
7a7d72e874 api/types/container: Summary.State change type to ContainerState
8e57a019dc fix: load the CDI driver before the dockerd daemon starts
b3ed54db81 integration/networking: mark TestPortMappedHairpinWindows as flaky
7b5d2b4ec3 chore: bump golangci-lint to v2
3d1cfb4de0 vendor: update buildkit to v0.22.0-rc1
c9b01e0c4c libn/networkdb: SetPrimaryKey() under a write lock
61646c8bfc containerd: remove unleaseSnapshotsFromDeletedConfigs
350bb5197a nftables: attempt a table-reload after an Apply error
06afbe9618 Check nftables is enabled before applying updates
976f855f68 Add OTEL span for nftables updates
eeba428939 Make WSL2Mirrored a Firewaller param
1028b123e8 integration, libnetwork: fix some godoc comments (ST1020)
a3aea15257 libn/networkdb: Watch() without race conditions
ada8bc3695 libn/networkdb: record tombstones for all deletes
c68671d908 libn/networkdb: b'cast watch events from local POV
ba0ad9e80f Unit test the bridge driver in terms of its firewaller
a7ef4a208d Fix multiarch image push tag for containerd snapshotter
854f3f62db container: don't persist State.RemovalInProgress on disk
44b653ef99 container: deprecate IsValidStateString
e477df3b31 daemon/cluster/executor: use container.ContainerState consts
3bbdda696d use container.ContainerState consts in tests
b811829595 api/types/container: add ContainerState and const for container state
8b6d6b9ad5 d/cluster/convert: expose Addr() on plugins
37259540e9 Remove/replace integration-cli tests that use iptables directly
daeb080ff1 Test Iptabler params
ea2e147c4c TestPruneDontDeleteUsedDangling: rename var that shadowed import
02e800dcbb plugin: use t.TempDir
57b27f2e9e image: use t.TempDir and rename vars that shadowed
08c5ebe040 layer: use t.TempDir and minor cleanups
f84694ebdc container: use defer for locks
24f305b666 Makefile: set BIND_DIR to "." by default
4b6a9d23af cmd/dockerd/trap: use t.TempDir
ea37a1f040 integration/build: use t.TempDir
900bd88848 internal/directory: use t.TempDir
46baf7deb0 distribution: use t.TempDir
1b4ba20708 distribution/metadata: use t.TempDir, rename var that shadowed
735ccfbc6f pkg/stack: use t.TempDir
72a11b84d4 testutil/fakestorage: use t.TempDir
b38f73afe3 daemon: cleanupContainer: leave decorating container-id/name to caller
d44b2e4bd7 daemon: cleanupContainer: use state-fields instead of string form
4a00ce10fa daemon: rmLink, cleanupContainer: rename args that shadowed import
1cf7d7ea4b hack/make/.binary: update link to go source for "pie" support
e991c7185d update to go1.24.3
89ee292709 container: update GoDoc for State
7dae7c54dd fluentd: add write timeout log option
56ad941564 Fix possible overlapping IPs when ingressNA == nil
dc1d23c646 Revert "rootless: skip tests that need br-netfilter loaded"
4b9092aa27 Load br-netfilter for rootless test-integration
7957a28859 container: remove GoDoc for deprecated aliases.
fe403362b4 container: State.Wait(): don't use deprecated type
0bd82bfac2 chore: add systemd-sysusers configuration
df662ebc59 container: deprecate IsValidHealthString
f9c4601760 volume/mounts: MountPoint.Setup: rename output-var, and simplify err-handling
6ac3afe483 volume: remove/rename err-returns
986988a394 testutil/daemon: Daemon.StopWithError: rename output-var to prevent shadowing
3606712e2d testutil: remove named returns
fe2d323c82 registry: remove/rename err-returns, and minor refactor
79b1b561a3 registry/resumable: remove named err-return, fix minor linting issue
e67b6bfc69 plugin: remove/rename err-returns
943dfa985d oci: remove named err-return
0b169d34e4 libnetwork: remove named (err)-returns
154230cdd7 libnetwork/portallocator: getDynamicPortRange: fix err-handling on freeBSD
962fd8bc41 libnetwork/ipams/remote: inline decodeToMap
cfdfbfab9b libnetwork/drivers/remote: inline decodeToMap
152db74d96 libcontainerd: remove/rename err-returns
f87dcbe350 layer: remove/rename err-returns and remove naked returns
6981aad790 internal/testutils: remove named returns
d1c58bdbbe integration-cli: remove/rename err-returns and remove naked returns
1b317b0323 distribution: remove named err-returns and minor refactor
1244685329 Optimization methods in internal\metrics\metrics.go
84ef7e4899 Allow TestIsolated/ipv6 to unexpectedly pass
4c4810e5d2 rootless: skip tests that need br-netfilter loaded
dacf445614 libn/networkdb: don't exceed broadcast size limit
697c17ca95 libn/networkdb: take most tests off flaky list
90ec2c209b libn/networkdb: listen only on loopback in tests
e3f9edd348 libn/networkdb: advertise the configured bind port
ec65f2d21b libn/networkdb: fix data race in GetTableByNetwork
d0af7c3c08 Move Cory from Reviewers to Committers
b0777be89e Use firewaller.IPVersion instead of iptables.IPVersion for gwmode
3cbb1ae736 Move filter-FORWARD DROP setting to the firewaller
44843d9917 Pass context to more places
a9bf151260 Put Iptabler behind a Firewaller interface.
92e497b9dc Create api interface to define build usage backend
aef409dfb2 Remove unused reference store in image api
9eec936eb0 project: update status of branches for Moby 28.x
9315b15dc6 fix(ST1006): Poorly chosen receiver name
70139978d3 fix(ST1016): Use consistent method receiver names
9e9b6cc42e fix(ST1019): Importing the same package multiple times
27bf320a72 fix(ST1017): Don’t use Yoda conditions
98fa4bcfeb fix(exhaustive): missing cases in switch of type snapshots.Kind
95af77d038 fix(ST1015): A switch’s default case should be the first or last case
f770f6c5ec fix(QF1012): Use fmt.Fprintf(x, ...) instead of x.Write(fmt.Sprintf(...))
a88c49f38e fix(QF1011): Omit redundant type from variable declaration
4f9214c156 fix(QF1007): Merge conditional assignment into variable declaration
be54c79d9c fix(QF1006): Lift if+break into loop condition
2cce9a51ca fix(QF1004): Use strings.ReplaceAll instead of strings.Replace with n == -1
e2e7f9964f fix(QF1003): Convert if/else-if chain to tagged switch
b0711d5fe9 fix(QF1001): Apply De Morgan’s law
7d8df25d16 fix misused error
fef139ccc1 fix import
44a3453d73 Add daemon option --allow-direct-routing
c16caabe36 Add TestNetworkConfigurationMarshalling
a94643a1b3 bridge: add option com.docker.network.bridge.trusted_host_interfaces
33f5b9e963 Don't add stub Endpoint/Network object to cache on Sandbox restore
c129c0fa9f Improve logging and readability of Controller.sandboxRestore
5d8192fcce Report endpoint id as well as name in ActiveEndpointsError
9aa66be7ec vendor: github.com/moby/buildkit v0.21.1
a79d081aa5 config: set buildkit gc enabled to default to true
19ccb75c62 daemon: remove/rename err-returns and remove naked returns
9ed975a247 daemon: NewDaemon: rename err-return
3e586094fc daemon: parseXXVersion: rewrite to be slightly more iodiomatic
2145cf6309 daemon: Daemon.ContainerStatPath, ContainerArchivePath: minor refactor
6da1ff6bf9 builder/builder-next: fix vars that shadowed (govet)
692610414a pkg/plugins: fix vars that shadowed (govet)
0fcd23ec13 daemon/logger/loggertest: fix vars that shadowed (govet)
4c57ffaca7 api/server/router/build: fix vars that shadowed (govet)
eef5c75276 api/server/router/network: fix vars that shadowed (govet)
7edd83a1b3 libnetwork: fix vars that shadowed, and slight refactor (govet)
7dbe2f1fb6 libnetwork/portallocator: fix vars that shadowed (govet)
357b136ee9 libnetwork/drivers: fix vars that shadowed (govet)
f831618e5b libnetwork/networkdb: fix vars that shadowed (govet)
f633e8f03f libnetwork/cmd/diagnostic: fix vars that shadowed (govet)
190ad0610d daemon/logger: remove/rename err-returns and linting warnings
ba15bbc422 daemon/images: rename err-returns to prevent shadowing
48220008d8 daemon/graphdriver: remove/rename err-returns and remove naked returns
088c180a9e daemon/containerd: remove named err-returns
dc79403f7b daemon/cluster: remove/rename err-returns and remove naked returns
9b62592bfe Dockerfile.windows: update github.com/tc-hib/go-winres to v0.3.3
d6b2aec809 pkg/progress: remove named err-return
029f267d9b pkg/pidfile: remove named err-returns
fdbf246889 pkg/parsers: remove named err-returns
b0f93d5283 pkg/fileutils: remove named err-returns
ab8e3da82c pkg/stdcopy: remove/rename err-returns
d17a62592f pkg/ioutils: remove named err-returns
f193ff1317 pkg/broadcaster: remove named err-returns
91f6e00ffa hack: Update broken links from README
7868d3ee3e vendor: github.com/opencontainers/runtime-spec v1.2.1
100102108b Use container status values from api
878de14c8d man: vendor github.com/cpuguy83/go-md2man/v2 v2.0.7
11f65b566d vendor: github.com/spf13/cobra v1.9.1
ea7152e493 volume/local: use t.TempDir
4b41198e3c volume/mounts: use t.TempDir
2b869baea3 volume/service: use t.TempDir
88f6dd72e5 volume/service: rename interface that collided with vars
3b4e21081f container: remove unused named-returns
35167dc616 client: Client: PluginInstall, PluginUpgrade: remove/rename err-returns
bb57656932 builder/remotecontext: remove unused named and "naked" returns
5416f2d57c builder/dockerfile: remove unused named and "naked" returns
f38b1fa30d builder/builder-next: SanitizeRepoAndTags: remove named err return
c025dd74f0 builder/builder-next: wrapRC.Read: remove intermediate err-var
49d5b2cc8e builder/builder-next: puller.resolve: rename err-return
3f2296cfc1 api/server/router: remove named (err) returns
1e4bb14bcd api/types/container: define HealthStatus "pseudo" type
c690e0076a use consts for health-status in tests
91473ce253 api/server/backend/build: sanitizeRepoAndTags: remove named err return
c5031c8632 api/types/time: remove named err return
50a856157c containerd: images overridden by a build are kept dangling
eee14cff72 builder/remotecontext: use t.TempDir
5749bc242a builder/dockerfile: use t.TempDir, rename vars that shadowed
b54a038bec docker exec: fail early on exec create if specified user doesn't exist
37725b5eae Drop "-o com.docker.network.enable_ipv[46]" if overridden
8d0c272e4a Add TestLegacyLink
dfd59c0a95 Dockerfile: Fetch vpnkit from moby org
af0232d52b integration/build: Unskip TestBuildEmitsImageCreateEvent for c8d
a0ff0a361e iptables: Direct routing DROP rules per-container, not per-port
dea236e0ce Split iptabler into multiple files
282b3f7b97 Move bridge driver iptables code into its own package
8c36a22e79 Rename function insertMirroredWSL2Rule
aa4abaf820 Use firewaller (iptabler) structs in iptables unit tests
75c60598b7 Move clearConntrackEntries to bridge_linux.go
42d149e45d fix duplicate import, and force consistent alias for bolt
eede75c9d4 testing: remove some defer cleanup in favor of test.Cleanup()
e3a0f2e690 vendor: github.com/vbatts/tar-split v0.12.1
bcc720abde builder/remotecontext: MakeGitContext: use "WithFields" for logs
54a556a5ef builder/remotecontext: Deprecate Rel()
2808e59f4c Dockerfile: update compose to v2.35.1
a75be33ba0 Dockerfile: update buildx to v0.23.0
dd36139b1a Dockerfile: update cli to v28.1.1
f1e3ed0c48 Dockerfile: don't pin syntax to 1.7
fc8361c078 vendor: github.com/containerd/containerd v2.0.5
62f51e4367 vendor: golang.org/x/oauth2 v0.29.0
bbbb0036df cleanup ignore files
ead379a464 contrib/rootless-setuptool: Fix iptables detection
7c52c4d92e update go:build tags to go1.23 to align with vendor.mod
619f1ddd05 Warn when no external DNS nameservers are found
6083fad7df Reset default bridge addresses after integration tests
c2b7abacf8 Use setupTest instead of testutil.StartSpan in tests
d4e0d6f2a1 Integration tests: use different docker0 addresses
fd550344b1 vendor: github.com/moby/go-archive v0.1.0
fd5e772aec CI: deduplicate execution of unit tests
b8067d159f docs/api: update image tarball format
a38ca9a548 daemon/initlayer: Setup: remove uses of idtools.Identity
380ded6309 Store an endpoint count for networks, for downgrade
ae0331d8f5 vendor: update buildkit to v0.21.0
57bf7a8c70 bridge: Add a missing error check for firewaller setup
c49ce64514 integration/TestStopContainerWithTimeout: Attempt to fix flakiness
7eda35fd05 profiles/apparmor: IsLoaded: optimize
0462b5e318 profiles/apparmor: add BenchmarkIsLoaded
b23d267cb5 profiles/apparmor: add basic unit-test for IsLoaded
0dd5959eeb profiles/apparmor: InstallDefault: slight cleanup and optimization
0bb761698c profiles/apparmor: loadprofile: fix double command in error message
8e1c366773 profiles/apparmor: remove "// import" comments
1fa6a46c5d profiles/seccomp: remove "// import" comments
89604f1df1 profiles/seccomp: use stdlib for asserting
14623770e1 vendor: github.com/moby/buildkit v0.21.0-rc2
eacbbdeec6 Revert "API: /info: remove BridgeNfIptables, BridgeNfIp6tables fields"
ece7e02b86 Update AUTHORS
adb9e9135a docs/api: add documentation for API v1.49
099d3ee008 daemon: containerStart: add filtered labels to OTel span
0c5e816638 daemon: trace containerCreate
f96dc9d1a5 Dockerfile: update registry to v3.0.0
4d35864c3d Fix removal of legacy links
5d2006256f API: /info: remove BridgeNfIptables, BridgeNfIp6tables fields
499e15d4ab api/server/middleware: fix debug-logs missing form-data
97688e8d06 container: Container.SetupWorkingDirectory: remove use of pkg/idtools
5f9d99b4cc integration-cli/swarm: Update to use gotest.tools
ea6c76ee03 integration-cli/TestSwarmInit: Skip failing part on CLI after 18.06
fab94808f5 integration-cli: Update default CLI version to v18.06.3-ce
6c73266a71 Add registry error handling for push and pull
ae3a1ac602 vendor: github.com/moby/buildkit v0.21.0-rc1
cd89a35ea0 Run CLI tests with cgroups v2
7435e4a1be registry: remove deprecated ServiceConfig.AllowNondistributableArtifacts
ba03cd7a63 daemon/config: add test for deprecated daemon.json fields
d72e434d30 vendor: golang.org/x/mod v0.24.0
224b393eb3 vendor: golang.org/x/net v0.39.0
b1ac2a53ed vendor: golang.org/x/crypto v0.37.0
a8af27bbae vendor: golang.org/x/text v0.24.0
7d49b014b6 vendor: golang.org/x/sync v0.13.0
9d04c28def vendor: golang.org/x/time v0.11.0
cdb3590e1a vendor: golang.org/x/sys v0.32.0
970fc1b6f7 Basic compose file for testing OTEL bits
d8a5e8928b replace uses of idtools.MkdirAllAndChown, MkdirAllAndChownNew
d96d20d45f update golangci-lint exceptions
29e0db25e7 Factor out top-level iptables setup into its own object
241d685574 libnet: add ep name in 'has active endpoints' error
489cd7edfc api, daemon, libnet: add a 'trigger' baggage member
31ac5cb6d9 libnet: New: plumb context
667c7d70b3 libnet/d/bridge: trace network setup steps
eaae4b5fb6 libnet/d/bridge: put span prefix in var
78be7ebad7 libnet/d/bridge: trace createNetwork
f8806f2b80 libnet/osl: independent OTel trace for advertiseAddrs
d0154d3e59 Update to use github.com/moby/go-archive
45f9d679f8 Update remaining Ubuntu 20.04 uses to 22.04 and 24.04
57a042b77c deprecate pkg/(chroot)archive for github.com/moby/go-archive
564abf9157 api: info: omit deprecated "Commit.Expected" fields on API >= 1.49
f410dbda88 dockerfile: dind target to build docker image for testing
c3fa7c1779 Test that firewalld reload doesn't re-create deleted iptables rules
dbea045e0d Report firewalld reload time in Info.FirewallBackend
a527e5a546 Restore iptables for current networks on firewalld reload
7d9c50db2b api: /info: omit non-distributable-artifacts fields for API >= 1.49
a0a86d0982 Add Info.FirewallBackend
25a80bd48e vendor: github.com/moby/sys/atomicwriter v0.1.0
4eebd2c920 libnet: TestNetworkStore: replace assert.Equal with Check
e22d04e8a9 Improve CPU usage parsing and error reporting
40650c6982 libnet: de-flake TestNetworkStore
1c79c893b1 libnet: de-flake TestEndpointStore
8a5f141b0e registry: Service.lookupV2Endpoints: wire-up context
9d8c8382d3 registry: authorizeClient: wire-up context
8b920b2812 registry: loginV2: wire-up context
4642704ed7 registry: newTransport: remove intermediate var
7acef8101e c8d/pull: Show progress for non-layer blobs
b3791dea92 pkg/archive: fix linting issues
a427477220 pkg/idtools: MkdirAllAndChownNew: improve deprecation message
a91bcc677b vendor: github.com/klauspost/compress v1.18.0
2c54f6f316 vendor: github.com/google/go-cmp v0.7.0
6422ff2804 deprecate pkg/atomicwriter, migrate to github.com/moby/sys/atomicwriter
f1ec5bf14f pkg/idtools: remove tests already covered in moby/sys/user
3fc36bcac4 Update daemon to use moby sys/user identity mapping
b5c99c0e95 Update moby/sys/user to version which includes mapping
0a83a476d8 registry: v1Endpoint.ping: pass through context
2a272a0c5d registry: newV1Endpoint: pass through context
f158d2e809 registry: ReadCertsDirectory: internalize, and pass context
51d7f95c4b libnet: remove struct endpointCnt
d377cd3810 libnet: Controller: cache networks in-memory
cc8bd2016e libnet: Controller: cache endpoints in-memory
c6cdfbf495 pkg/atomicwriter: return early if parent directory is invalid
00c988caa4 pkg/atomicwriter: add test for parent dir not being a directory
ad386f64e5 pkg/atomicwriter: error on unknown file-modes
ec82bc35c3 pkg/atomicwriter: disallow symlinked files for now
f3aebbf9d8 pkg/atomicwriter: add basic godoc for package
f80feba181 Rootlesskit: check for module nf_tables
7d742ebf75 Add utils for manipulating nftables rules
59169d0f97 image/inspect: Add platform selection
d4e70f6325 vendor: tags.cncf.io/container-device-interface v1.0.1
74b71c41ac update to go1.23.8 (fix CVE-2025-22871)
fc58c829e8 registry: ParseRepositoryInfo: remove some intermediate vars
44b7a42fc6 registry: ReadCertsDirectory: return early on error
4f65e35f02 registry: NewService: return nil on error
a7daab5df4 registry: authTransport: un-export AuthConfig, RoundTripper
795461eceb docs: api v1.48: Move ImageGet api docs under Image tag
e1e58409a1 docs: API v1.48 Add missing platform parameter to ImageGetAll api docs
db275ddbc1 libnet: fix duplicated port mappings in overlay networks
a9e22ee5e7 Don't run unit tests with mode rootless
749e35cf5e Move ImageGet api docs under Image tag
094df015b1 Add missing platform parameter to ImageGetAll api docs
7243860557 Include per-port rules in iptablesNetwork
4390ab275a api: bump API version to 1.49
0b5e1f904a Use netip.Addr instead of net.IP for legacy links
725e699741 Simplify iptables setup for legacy links
31f9ae0d19 registry: TestValidateMirror: improve coverage
cb0a9d713c registry: ValidateMirror: touch-up GoDoc
6b258ce567 registry: session.searchRepositories: pass through context
83aaa3428f distribution: pusher.push(): don't use APIEndpoint.Mirror field
6439824449 distribution: pushDescriptor: remove unused endpoint field
09ee47de39 distribution: cleanup some tests and add missing error-checks
adfed82ab8 Install and run firewalld for CI's firewalld tests
409707b633 bridge: factor out creation of network-level iptables rules
ec7fe73690 distribution: pushDescriptor: rename repoInfo to repoName
b1c526b4a9 daemon/containerd: remove registryResolver interface
0d95e1680a registry: ResolveAuthConfig: inline newIndexInfo code
6c643bc366 lookup auth-config without depending on RepositoryInfo
a18dae049f daemon/containerd: registryResolver: remove IsInsecureRegistry
abcc70b9ef distribution: GetRepositories skip using Service.ResolveRepository
071d8b21e9 distribution: Push: skip using Service.ResolveRepository
8b6a045aa4 distribution; newPusher: don't require RepositoryInfo
8653af5854 distribution: pullEndpoints: skip using Service.ResolveRepository
20a2807caa distribution: pullEndpoints: don't return RepositoryInfo
f1ecce6877 distribution: pullEndpoints: don't require RepositoryInfo
d6afe88b3c distribution: newPuller: don't require RepositoryInfo
03918c5b07 distribution: layerDescriptor: don't require RepositoryInfo
c91318e6c0 distribution: newRepository: don't require RepositoryInfo
2e8bf8b0ab distribution: remove vars that shadowed imports or types
d8fa2f8071 registry: deprecate APIEndpoint.Official field
0ab6f07c31 Fix TestPassthrough
2d643b6835 Firewalld: skip unit tests that run in their own netns
4fbfb618c3 Skip flaky part of TestAccessPublishedPortFromHost
b8323abe0a TestIsolated for IPv6 is broken under firewalld
86eff82789 Firewalld: Skip tests that run dockerd in an L3Segment
dc963a00c1 Firewalld should use its nftables backend
b8cacdf324 Add test util "FirewalldRunning"
8f506a51e5 containerd: ensure overwritten images from load are left dangling
7b2e47846c Run systemd/rootless when systemd/rootless unit testing
8d9e3502ab hack: Fix TestOverlay* test failure in pkg/archive
f5d84a45cc Start containers, even when connected to a disabled bridge port
072ea62fcc vendor: github.com/opencontainers/image-spec v1.1.1
a60603bfa3 hack/validate: Add gocompat
2be7f48561 implement module compatibility check
cc90726fb8 Add missing go1.22 build constraints
19a0f886da testutil: Update to `any` from `interface{}`
f14c23a90f libnetwork: Update to `any` from `interface{}`
82ec984d10 daemon: Update to `any` from `interface{}`
003bf197d7 container: Update to `any` from `interface{}`
444a1597ff c8d/builder: Fix missing `image tag` event with BuildKit
2fce935df2 vendor: github.com/moby/buildkit v0.20.2
7c09e4e607 TestBuildEmitsEvents: Skip Windows only for buildkit
99356b6e17 integration-cli/TestBuildEmitsEvents: Verify event count
3e957c6240 remove some redundant import-aliases
4db84b197d switch to github.com/opencontainers/cgroups
697956a8c7 vendor: github.com/opencontainers/selinux v1.12.0
34bc972519 vendor: github.com/golang-jwt/jwt/v5 v5.2.2
d01ee23c15 Dockerfile: update registry to v3.0.0-rc.4
081987b647 Dockerfile: disable saving Golang telemetry in dev-container
af14f3e7d3 Dockerfile: upgrade Delve to v1.24.1
d0b4bdbd25 api/router: postContainersAttach, wsContainersAttach: minor cleanups
73aa7e933c daemon: daemon.containerAttach: use structured logs
d494520aa0 daemon: daemon.ContainerAttach: use Println instead of Printf
183ca46099 daemon: daemon.ContainerLogs: move vars closer to where used
c164eec7e9 daemon: daemon.ContainerAttach: move vars closer to where used
f7853799fc daemon: daemon.containerAttach: remove redundant defers
80bf93c9d7 daemon: daemon.containerAttach: rename vars for clarity and prevent shadow
daeb6fb0b7 vendor: github.com/cilium/ebpf v0.17.3
eeee17eaad Dockerfile: update runc binary to v1.2.6
c1c5f16b8b vendor: github.com/opencontainers/runc v1.2.6
be6e92a57b pkg/atomicwriter: use sequential file access on Windows
452ff75159 Dockerfile.simple: avoid `Could not find installer for "proxy"`
fa21996da5 containerd: prioritize non-dangling images with image list
126d4cf672 client: remove version-gate for JSON response errors
230f178f8b api: return plain-text errors for deprecated API versions
c7fbe1c2ba integration-cli: fix duplicate close of body
1c00755826 integration-cli: fix some unhandled errors
8be5696c37 daemon/logger/journald: rename func that shadowed builtin
f2a183a991 daemon: return port-mappings from all endpoints
6b3b479192 daemon: getEndpointPortMapInfo: err is never used
35766af7d2 Dockerfile: update containerd binary to v1.7.27
c9a763ecc9 daemon: remove redundant call to getEndpointPortMapInfo
fb3cce1988 vendor: github.com/containerd/containerd/v2 v2.0.4
4276f330fc cmd/docker-proxy: do not eagerly GC one-sided UDP conns
0356854327 cmd/docker-proxy: make the conntrack timeout a property of UDPProxy
d70fd32a18 cmd/docker-proxy: UDP: thread-safe Write and Close
485cb90b77 Remove duplicate iptables-enabled checks
fce915897c Combine firewalld reload callbacks for IPv4/IPv6
ac34bd9bda integration/container: Remove Parallel from TestWait*
dd7f9f08d8 integration/container: Increase stop timeout for TestWaitRestartedContainer
a8f14e06d6 Improve performance of daemon.Containers().
c0ca783edb Allow macvlan endpoint to start with parent down
26fea35942 daemon: Fix panic on Windows when restoring pre v28 container
90a83063ee runconfig/errors: split `ErrConflictHostNetwork`
a3fef5debc Mask Linux thermal interrupt info in /proc and /sys.
cf3e42abaf Add an opt-out for iptables 'raw' rules
0f11ee1ae2 registry: ReadCertsDirectory: don't process same file multiple times
dd7ab0e82b registry: deprecate HostCertsDir
3cc9881ab7 registry: always set a non-empty CertDir
b633c4cc33 registry: deprecate SetCertsDir
d0dd035278 builder-next: fix min-free-space prune with graphdriver backend
1daeaec333 pkg/atomicwriter: validate destination path
4d8cff7bd4 Don't skip DNAT for a routed network without userland-proxy
084b7cec1a pkg/atomicwriter: add additional test-cases
ff061e28c1 pkg/atomicwriter: don't overwrite destination on close without write
88a5bca43c pkg/atomicwriter: add separate tests for New()
09e804f570 pkg/atomicwriter: refactor tests
2124706447 integration: Increase timeouts in TestStopContainerWithTimeout
946bf70f89 integration: Deduplicate TestStopContainerWithTimeout
fee063f01e daemon/c8d: Refactor singlePlatformSize into separate functions
f7d7fd9c52 contrib/check-config: add IPv6 modules
2a109e6c32 contrib/check-config: add ip_nf_raw
0e54920e01 Dockerfile: update RootlessKit to v2.3.4
7ae9e41ff6 vendor: github.com/rootless-containers/rootlesskit/v2 v2.3.4
55ff0062ca vendor: github.com/containernetworking/plugins v1.6.2
125aa3a682 vendor: golang.org/x/sys v0.31.0
5d6b56699d client: add API-version dependent validation for mount options
aa33bdaa71 registry: move emptyServiceConfig to test-file
0823d76ec5 client: keep image refs in canonical format where possible
907773160b registry: rewrite ParseSearchIndexInfo to not depend on IndexInfo
b22431ee9c pkg/atomicwriter: New(): use absolute path for temp-file
58bd93a625 pkg/atomicwriter: New(): prevent creating temp-file on errors
49c89b0177 docs/api: improve doc for Secret and Config data fields (API v1.31-v1.48)
df0cefcc95 api/swagger: improve doc for Secret and Config data fields
f2d53142b0 api/types/swarm: document Secret and Config data fields
c2c3d593cf registry: rewrite ParseRepositoryInfo to not depend on IndexInfo
42f1e38e20 integration/image: TestRemoveImageGarbageCollector: don't set zero-values
42ca9154e9 layer: remove StoreOptions.ExperimentalEnabled
df519e9e1a daemon: Fix giving up too early while connecting to containerd socket
ace8c9c94f vendor: golang.org/x/net v0.36.0
bc0ca67b1c vendor: golang.org/x/net v0.35.0
9278110260 Dockerfile: update containerd binary to v1.7.26
0a58c73e0d integration/net: Retry TestAccessPublishedPortFromAnotherNetwork
d34e1ff826 layer: remove StoreOptions.MetadataStorePathTemplate
556633ca47 cmd/dockerd: daemonCLI.start: scope local errors
8b59e1a398 cmd/dockerd: daemonCLI.start: return error instead of log.Fatal
8a8cdaaa11 cmd/dockerd: daemonCLI.start: don't log warnings before failing
6e30a4cc0c cmd/dockerd: explicitly access Config fields
dfecaaf908 cmd/dockerd: rewrite getContainerdDaemonOpts to a func
b95fdcd084 cmd/dockerd: createAndStartCluster: change to accept Config
29aa7e15bd cmd/dockerd: rewrite getSwarmRunRoot to a regular func
29c296e1dd cmd/dockerd: rename vars that shadowed imports
f87ae7c914 gha: test-prepare: update to Ubuntu 24.04
c41ed7c98c gha: build, cross: update to Ubuntu 24.04
d29038d1cb gha: integration-cli-prepare: update to Ubuntu 24.04
a23058e0d7 gha: integration-cli-report: update to Ubuntu 24.04
de69b552ff gha: integration-report: update to Ubuntu 24.04
b61f409972 gha: test: update Ubuntu 22.04 -> 24.04
60276fafca gha: integration-prepare: update to ubuntu 24.04
651fb91c4d gha: arm64: update Ubuntu 22.04 -> 24.04
f6a9ed5f0a gha: arm64: test-integration-report: update to Ubuntu 24.04
13e1ef6277 gha: arm64: test-unit-report: update to ubuntu 24.04
27404044a6 gha: validate, build-dev: update to Ubuntu 24.04
3571982458 gha: smoke: update to Ubuntu 24.04
ee73f2e5da gha: docker-py: update to ubuntu 24.04
b9ca3d198e gha: unit: update to ubuntu 24.04
1a0afb0f9e gha: bin-image: update to ubuntu 24.04
4919bf9f41 gha: buildkit: update to ubuntu 24.04
7b1fd61864 gha: validate-pr: update to ubuntu 24.04
eeffc099ef gha: dco: update to ubuntu 24.04
06b87d80ee gha: docker-py: set TEST_SKIP_INTEGRATION_CLI=1
c9f53d506a Merge ps_test.go into list_test.go.
95bf53fb6c container/stream: Don't log error when streams are properly closed
6e55f83747 Remove unused toml validation
bf8a27a55a Remove inactive maintainers with no activity in last two years
9e814fc0d7 Remove inactive former curators
b868fad5e3 Update governance to replace TSC and add maintainer roles
690f758505 vendor: golang.org/x/oauth2 v0.27.0
55599fd9b3 vendor: golang.org/x/oauth2 v0.26.0
a47d9c5f58 vendor: golang.org/x/crypto v0.35.0
3a28163007 vendor: golang.org/x/crypto v0.34.0
ffc91fd76a vendor: golang.org/x/crypto v0.33.0
7cba8aef1c vendor: golang.org/x/text v0.22.0
995d71a033 vendor: golang.org/x/sync v0.11.0
e325564f38 vendor: golang.org/x/sys v0.30.0
65b460b9ef vendor: update buildkit to v0.20.1
6e8eb8a90f vendor.mod: update minimum go version to go1.23
26edf2d0a7 Flush iptables chains DOCKER-CT, DOCKER-BRIDGE on startup
5f912e4cf5 update to go1.23.7
a8178613af golangci-lint: enable nakedret linter
c359cc6829 api/types/registry: fix naked returns
b1c008c007 api/server/router/build: fix naked returns
4aecdd5744 image/tarexport: fix naked returns and slight refactor
99b6012a02 daemon/logger/awslogs: remove unused named return
4fa9ec3192 daemon/logger: fix naked returns and slight refactor
eeb5651de5 daemon/graohdriver/fuse-overlayfs/: fix naked returns and slight refactor
02b4610246 daemon/graohdriver: fix naked returns
964413c3a1 daemon/cluster: fix naked returns
387ec71630 daemon: fix naked returns
85c8fb7fda daemon: getSystemCPUUsage(): fix naked returns, output vars
5c85847a55 registry: fix naked returns, output vars
17448ef1c8 plugin: fix naked returns, output vars
faa9cb125b pkg/tarsum: fix naked returns
b5b514ab04 pkg/stdcopy: fix naked returns
d3d84bde4b pkg/pools: fix naked returns
52b8298975 pkg/chrootarchive: remove unused named return
b38f0dd804 pkg/archive: fix naked returns, output variables in tests
d59a9d9b10 pkg/archive: fix naked returns, output variables
c62f5aff42 libnetwork: fix naked returns
8978b30b1a libnetwork/types: fix naked returns
619e8f8148 libnetwork/osl: fix naked returns
02b4c7cc52 libnetwork/drivers/overlay: fix naked returns, output variables
94afddb18d libnetwork/cmd/networkdb-test: fix naked return
379b82862f layer: fix naked returns
b1c617681f internal/unix_noeintr: fix naked returns
51f574ea0e internal/mod: fix naked returns
e1538336c7 integration-cli: fix naked returns, output vars
220b3c591f container/stream/bytespipe: fix naked returns, output vars
0cd39d7b23 builder/remotecontext: fix naked returns
0c1b37c50a builder/dockerfile: fix minor linting issues
8302cd2d29 builder/dockerfile: downloadSource: fix naked returns, output vars
00bd916203 libnetwork/resolvconf: Build: re-implement using new implementation
2f19577877 libnetwork/resolvconf: Build: align order with new implementation
03aeedcca9 libnetwork/resolvconf: update tests to use more correct values
c34f8bbba3 integration/volume: setupTestVolume: minor cleanups and fixes
28bf578a40 integration/volume: TestRunMountImage: use test-util for container cleanup
e41eaf2c8d integration/volume: TestRunMountVolumeSubdir: remove some logs
f1bec97dfe registry: use literal for empty slice
7b4e21e5d0 registry: fix typo in godoc
be9c4dd3c5 registry: TestNewIndexInfo: add more test-cases
949afd933b registry: TestNewIndexInfo: assert all fields
310d6d2fa5 registry: TestNewIndexInfo: use sub-tests
50d17676e4 registry: TestParseRepositoryInfo: add test-cases for IPv6 refs
328b808765 registry: TestParseRepositoryInfo: assert all index-info fields
d9634c3b28 registry: TestParseRepositoryInfo: use sub-tests
e2a5220ec3 registry: remove makeServiceConfig test-utility
52419cf933 golangci-lint: enforce "is" alias for gotest.tools/v3/assert/cmp
1c63f3983b volume/service: adjust "gotest.tools/v3/assert/cmp" import alias
9766a446ae integration/network: adjust "gotest.tools/v3/assert/cmp" import alias
c16fcdfc4b integration/image: adjust "gotest.tools/v3/assert/cmp" import alias
6abe6a910a integration/container: adjust "gotest.tools/v3/assert/cmp" import alias
22069f2431 integration-cli: adjust "gotest.tools/v3/assert/cmp" import alias
605f02a59b distribution: adjust "gotest.tools/v3/assert/cmp" import alias
75b86c47d9 daemon/logger/loggerutils: adjust "gotest.tools/v3/assert/cmp" import alias
59e6d1d214 registry: TestLoadInsecureRegistries: don't mutate emptyServiceConfig
849f344ecc registry: split normalizing index name from validating
fee40a9333 registry: create emptyServiceConfig without parsing
a3583b4b58 registry: newRepositoryInfo only check for official images for Docker Hub
08654b0b30 registry: deprecate RepositoryInfo.Official field
dbc9d56820 vendor: github.com/containerd/containerd v2.0.3
15895d8ead daemon/graphdriver: rename vars that shadowed
aa9817b0c5 testutil: remove isErrNotFoundSwarmClassic
0ab7d41f9e testutil/environment: Execution.Clean: remove redundant condition
b301c34b92 libcontainerd/local: remove arg-names for stubs
12f89cc19b libcontainerd/local: NewClient: remove unused cli, stateDir, ns args
620f26e1e3 libcontainerd/local: client.createWindows: remove unused runtimeOptions
9c4e10126e libcontainerd/local: client.NewContainer: use early return
7c1a2301f0 libcontainerd/local: client.extractResourcesFromSpec: use early return
fc462d699a Dockerfile: update compose to v2.33.1
855563fc43 Dockerfile: update docker CLI to v28.0.1
ab7305c85a Check swarm's jump to DOCKER-INGRESS
be14d9148c Make integration/service/network_test.go Linux-only
cfc562c358 daemon/cluster: create "state" and "runtime-dir" closer to where used
ef4f4d845d daemon/cluster: rename Cluster.root to Cluster.stateDir
4d3d4bbeeb daemon/cluster: remove Config.WatchStream and move to constructor
cdbb62394c builder/dockerfile: remove intermediate var that shadowed
558da63444 Jump to DOCKER-INGRESS from DOCKER-FORWARD
fdd534d2ca libcontainerd: windows: return errdefs type for pausing
60782e6d39 container: fix some errors on Windows
c37690b98e libnet/portallocator: un-export errors that were not used as sentinel errors
cfc049c938 Use iptables-nft in the dev container / CI
47ca352b0d vendor: github.com/opencontainers/runc v1.2.5, cyphar/filepath-securejoin v0.4.1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
110 lines
4.0 KiB
Diff
110 lines
4.0 KiB
Diff
From 3ce6089417b8c6c4e8279e6ef60213436ebf8793 Mon Sep 17 00:00:00 2001
|
|
From: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Date: Tue, 30 Jun 2020 22:23:33 -0400
|
|
Subject: [PATCH] dynbinary: use go cross compiler
|
|
|
|
MJ: use ${GO} also in "go env" calls, because native go:
|
|
$ go env GOARM
|
|
5
|
|
while go cross compiler for my target:
|
|
$ ${GO} env GOARM
|
|
7
|
|
this can lead to:
|
|
error: switch '-mcpu=cortex-a9' conflicts with switch '-march=armv5t' [-Werror]
|
|
|
|
but even after fixing it to use "better" -march it still doesn't match with -mcpu
|
|
set in our GOBUILDFLAGS, causing e.g.:
|
|
error: switch '-mcpu=cortex-a9' conflicts with switch '-march=armv7-a+simd' [-Werror]
|
|
|
|
so drop CGO_CFLAGS/CGO_CXXFLAGS as in OE builds we don't need them
|
|
as long as ${GO} and GOBUILDFLAGS are respected
|
|
|
|
it was added in:
|
|
https://github.com/moby/moby/commit/12558c8d6ea9f388b54eb94ba6b9eb4a9fc5c9f2
|
|
|
|
and it wasn't an issue before:
|
|
https://github.com/moby/moby/commit/8c12a6648b368cc2acaea0339d6c57c920ed265c
|
|
|
|
because it was using 'case "${GOARM}" in' and ${GOARM} was empty in our builds
|
|
|
|
Upstream-Status: Inappropriate [embedded specific]
|
|
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
---
|
|
hack/make/.binary | 37 ++++++++-----------------------------
|
|
1 file changed, 8 insertions(+), 29 deletions(-)
|
|
|
|
Index: import/hack/make/.binary
|
|
===================================================================
|
|
--- import.orig/hack/make/.binary
|
|
+++ import/hack/make/.binary
|
|
@@ -3,7 +3,7 @@ set -e
|
|
|
|
# a helper to provide ".exe" when it's appropriate
|
|
binary_extension() {
|
|
- if [ "$(go env GOOS)" = 'windows' ]; then
|
|
+ if [ "$(${GO} env GOOS)" = 'windows' ]; then
|
|
echo -n '.exe'
|
|
fi
|
|
}
|
|
@@ -16,31 +16,10 @@ source "${MAKEDIR}/.go-autogen"
|
|
(
|
|
export GOGC=${DOCKER_BUILD_GOGC:-1000}
|
|
|
|
- if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARCH)" ]; then
|
|
- # must be cross-compiling!
|
|
- if [ "$(go env GOOS)/$(go env GOARCH)" = "linux/arm" ]; then
|
|
- # specify name of the target ARM architecture
|
|
- case "$(go env GOARM)" in
|
|
- 5)
|
|
- export CGO_CFLAGS="-march=armv5t"
|
|
- export CGO_CXXFLAGS="-march=armv5t"
|
|
- ;;
|
|
- 6)
|
|
- export CGO_CFLAGS="-march=armv6"
|
|
- export CGO_CXXFLAGS="-march=armv6"
|
|
- ;;
|
|
- 7)
|
|
- export CGO_CFLAGS="-march=armv7-a"
|
|
- export CGO_CXXFLAGS="-march=armv7-a"
|
|
- ;;
|
|
- esac
|
|
- fi
|
|
- fi
|
|
-
|
|
if ! [ "$DOCKER_STATIC" = "1" ]; then
|
|
# -buildmode=pie not supported when -race is enabled
|
|
if [[ " $BUILDFLAGS " != *" -race "* ]]; then
|
|
- case "$(go env GOOS)/$(go env GOARCH)" in
|
|
+ case "$(${GO} env GOOS)/$(${GO} env GOARCH)" in
|
|
linux/mips* | linux/ppc64)
|
|
# -buildmode=pie is not supported on Linux mips*, ppc64be
|
|
# https://github.com/golang/go/blob/go1.24.3/src/internal/platform/supported.go#L188-L200
|
|
@@ -67,11 +46,11 @@ source "${MAKEDIR}/.go-autogen"
|
|
# only necessary for non-sandboxed invocation where TARGETPLATFORM is empty
|
|
PLATFORM_NAME=$TARGETPLATFORM
|
|
if [ -z "$PLATFORM_NAME" ]; then
|
|
- PLATFORM_NAME="$(go env GOOS)/$(go env GOARCH)"
|
|
- if [ -n "$(go env GOARM)" ]; then
|
|
- PLATFORM_NAME+="/v$(go env GOARM)"
|
|
- elif [ -n "$(go env GOAMD64)" ] && [ "$(go env GOAMD64)" != "v1" ]; then
|
|
- PLATFORM_NAME+="/$(go env GOAMD64)"
|
|
+ PLATFORM_NAME="$(${GO} env GOOS)/$(${GO} env GOARCH)"
|
|
+ if [ -n "$(${GO} env GOARM)" ]; then
|
|
+ PLATFORM_NAME+="/v$(${GO} env GOARM)"
|
|
+ elif [ -n "$(${GO} env GOAMD64)" ] && [ "$(${GO} env GOAMD64)" != "v1" ]; then
|
|
+ PLATFORM_NAME+="/$(${GO} env GOAMD64)"
|
|
fi
|
|
fi
|
|
|
|
@@ -95,7 +74,7 @@ source "${MAKEDIR}/.go-autogen"
|
|
if [ -n "$DOCKER_DEBUG" ]; then
|
|
set -x
|
|
fi
|
|
- ./hack/with-go-mod.sh go build -mod=vendor -modfile=vendor.mod -o "$DEST/$BINARY_FULLNAME" "${BUILDFLAGS[@]}" -ldflags "$LDFLAGS $LDFLAGS_STATIC $DOCKER_LDFLAGS" -gcflags="${GCFLAGS}" "$GO_PACKAGE"
|
|
+ ./hack/with-go-mod.sh ${GO} build -trimpath -mod=vendor -modfile=vendor.mod -o "$DEST/$BINARY_FULLNAME" "${BUILDFLAGS[@]}" -ldflags "$LDFLAGS $LDFLAGS_STATIC $DOCKER_LDFLAGS" -gcflags="${GCFLAGS}" "$GO_PACKAGE"
|
|
)
|
|
|
|
echo "Created binary: $DEST/$BINARY_FULLNAME"
|