dilim/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-06-24 08:48:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
56,926 Commits 19 Branches 582 Tags
master
Commit Graph

56926 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sebastiaan van Stijn
746a916bbf Merge pull request #52427 from thaJeztah/bump_containerd_2.3 
Dockerfile: update to containerd v2.3.2
 2026-06-23 08:56:14 +02:00
Sebastiaan van Stijn
23017ce4b1 Dockerfile: update to containerd v2.3.2 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-22 18:45:46 +02:00
Sebastiaan van Stijn
70e47b0404 Merge pull request #50960 from rata/runc-rc-test 
Update runc binary to v1.4.3
 2026-06-22 18:43:58 +02:00
Sebastiaan van Stijn
d59033e2cf Merge pull request #52916 from tao12345666333/clean-up-dead-code 
libnetwork/drivers/bridge: configureIPForwarding: fix dropped error message
 2026-06-22 11:38:06 +02:00
Jintao Zhang
de262b667f libnetwork/drivers/bridge: configureIPForwarding: fix dropped error message 
The early return duplicated the length check, making the custom error
path unreachable. As a result, a nil error was wrapped and returned
instead of the intended error message.

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-22 09:44:34 +02:00
Paweł Gronowski
0584603b8c Merge pull request #52932 from thaJeztah/bump_cli 
Dockerfile: update Docker CLI to v29.6.0
 2026-06-19 16:02:01 +02:00
Sebastiaan van Stijn
eaecd5b8c9 Merge pull request #52931 from renovate-bot/renovate/actions-checkout-7.x 
Update actions/checkout action to v7
 2026-06-19 15:43:21 +02:00
Sebastiaan van Stijn
247732fc00 Dockerfile: update Docker CLI to v29.6.0 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-19 15:41:39 +02:00
Paweł Gronowski
6d4b967f84 Merge pull request #52930 from thaJeztah/bump_containerd_bin 
Dockerfile: update containerd binary to v2.2.5
 2026-06-19 12:24:04 +02:00
Mend Renovate
7fd309807a Update actions/checkout action to v7 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-19 09:25:29 +00:00
Sebastiaan van Stijn
cf311c0ad6 Merge pull request #52929 from thaJeztah/vendor_containerd 
vendor: github.com/containerd/containerd/v2 v2.2.5
 2026-06-19 11:17:03 +02:00
Sebastiaan van Stijn
61a5b5d766 Dockerfile: update containerd binary to v2.2.5 
- full diff: https://github.com/containerd/containerd/compare/v2.2.4...v2.2.5
- release notes: https://github.com/containerd/containerd/releases/tag/v2.2.5

The fifth patch release for containerd 2.2 contains various fixes
and updates including security patches.

-  CVE-2026-50195 / [GHSA-cvxm-645q-p574] CRI: checkpoint import allows local image tag poisoning
-  CVE-2026-53488 / [GHSA-xhf5-7wjv-pqxp] CRI: image-config LABEL flows to host-root command execution from an image pull
-  CVE-2026-53492 / [GHSA-33vj-92qq-66hc] CRI: CDI annotation smuggling during CRI checkpoint restore
-  CVE-2026-53489 / [GHSA-rgh6-rfwx-v388] CRI: Arbitrary host file read via symlink following in CRI checkpoint restore
-  CVE-2026-47262 / [GHSA-jpcc-p29g-p8mq] containerd image-triggered runtime DoS via unbounded group parsing

[GHSA-cvxm-645q-p574]: https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574
[GHSA-xhf5-7wjv-pqxp]: https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp
[GHSA-33vj-92qq-66hc]: https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc
[GHSA-rgh6-rfwx-v388]: https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388
[GHSA-jpcc-p29g-p8mq]: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-19 09:59:35 +02:00
Sebastiaan van Stijn
924d109770 vendor: github.com/containerd/containerd/v2 v2.2.5 
- full diff: https://github.com/containerd/containerd/compare/v2.2.4...v2.2.5
- release notes: https://github.com/containerd/containerd/releases/tag/v2.2.5

The fifth patch release for containerd 2.2 contains various fixes
and updates including security patches.

-  CVE-2026-50195 / [GHSA-cvxm-645q-p574] CRI: checkpoint import allows local image tag poisoning
-  CVE-2026-53488 / [GHSA-xhf5-7wjv-pqxp] CRI: image-config LABEL flows to host-root command execution from an image pull
-  CVE-2026-53492 / [GHSA-33vj-92qq-66hc] CRI: CDI annotation smuggling during CRI checkpoint restore
-  CVE-2026-53489 / [GHSA-rgh6-rfwx-v388] CRI: Arbitrary host file read via symlink following in CRI checkpoint restore
-  CVE-2026-47262 / [GHSA-jpcc-p29g-p8mq] containerd image-triggered runtime DoS via unbounded group parsing

[GHSA-cvxm-645q-p574]: https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574
[GHSA-xhf5-7wjv-pqxp]: https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp
[GHSA-33vj-92qq-66hc]: https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc
[GHSA-rgh6-rfwx-v388]: https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388
[GHSA-jpcc-p29g-p8mq]: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-19 09:17:24 +02:00
Sebastiaan van Stijn
df9f14b456 Merge pull request #52921 from renovate-bot/renovate/aws-sdk-go-v2-monorepo 
Update aws-sdk-go-v2 monorepo to v1.76.0
 2026-06-19 00:01:41 +02:00
Sebastiaan van Stijn
a261df21ff Merge pull request #52923 from vvoland/bump-version 
versions/docker: 29.7.0
 2026-06-18 22:46:30 +02:00
Paweł Gronowski
62dcf62e59 versions/docker: 29.7.0 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
 2026-06-18 22:07:49 +02:00
Paweł Gronowski
70eaf5ef6f Merge pull request #52922 from vvoland/vendor-client 
vendor: github.com/moby/moby/client v0.5.0
docker-v29.6.0 v2.0.0-beta.18 		2026-06-18 21:46:07 +02:00
Paweł Gronowski
417433cb05 vendor: github.com/moby/moby/client v0.5.0 
full diff: https://github.com/moby/moby/compare/client/v0.5.0-rc.1...client/v0.5.0

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
 2026-06-18 21:36:55 +02:00
Mend Renovate
dd1688ac98 Update aws-sdk-go-v2 monorepo to v1.76.0 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-18 19:36:40 +00:00
Sebastiaan van Stijn
19e5ed711a Merge pull request #52919 from vvoland/vendor-api 
vendor: github.com/moby/moby/api v1.55.0
client/v0.5.0 		2026-06-18 21:32:48 +02:00
Paweł Gronowski
d7f30b5a18 vendor: github.com/moby/moby/api v1.55.0 
full diff: https://github.com/moby/moby/api/compare/v1.55.0-rc.1...v1.55.0

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
 2026-06-18 21:17:56 +02:00
Sebastiaan van Stijn
b6c53c2704 Merge pull request #52773 from vvoland/c8d-amd64-variants 
c8d: Use maximum native platform for matching
api/v1.55.0 		2026-06-18 20:43:08 +02:00
Paweł Gronowski
01115e84b3 Merge pull request #52906 from vvoland/fix-TestContainerWithConflictingNoneNetwork 
TestContainerWithConflictingNoneNetwork: Extend Windows timeout
 2026-06-18 19:56:14 +02:00
Paweł Gronowski
b36296ffc0 Merge pull request #52913 from thaJeztah/windows_does_stats 
integration-cli: un-skip stats tests on Windows
 2026-06-18 18:34:22 +02:00
Paweł Gronowski
a81aa78ceb TestContainerWithConflictingNoneNetwork: Extend Windows timeout 
Increase stop timeout on Windows and split container and CLI exit waits.

Wait for the container to reach `exited` before timing how long the
`docker run -i` process takes to exit with stdin still open.

This keeps the regression check focused on the post-exit CLI behavior
instead of combining it with container startup time. Use a unique
container name to avoid collisions with leftovers from previous runs.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
 2026-06-18 18:08:48 +02:00
Paweł Gronowski
908a35a91b Merge pull request #52914 from thaJeztah/no_stderr 
integration-cli: runSleepingContainerInImage: don't capture stderr
 2026-06-18 18:06:31 +02:00
Paweł Gronowski
04d33b5de6 Merge pull request #52912 from thaJeztah/cleanup_GenerateRandomAlphaOnlyString 
internal/testutil: cleanup GenerateRandomAlphaOnlyString
 2026-06-18 17:41:43 +02:00
Paweł Gronowski
3b2f5575b2 Merge pull request #52722 from notandruu/integration/migrate-TestInspectAPIImageResponse 
integration: migrate TestInspectAPIImageResponse to integration suite
 2026-06-18 17:41:26 +02:00
Paweł Gronowski
62b3aaee3c Merge pull request #52901 from vvoland/c8d-imageusage 
daemon/c8d: Count image usage from their actual snapshots
 2026-06-18 17:40:45 +02:00
Sebastiaan van Stijn
11d334268a integration-cli: un-skip stats tests on Windows 
These tests were skipped because "Windows does not support stats",
which should no longer be the case.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-18 16:56:18 +02:00
Paweł Gronowski
a47b1b2d6f Merge pull request #52891 from smerkviladze/attestations-clearer-blob-missing-error 
api: clarify ImageAttestations error when statement blob read fails
 2026-06-18 16:01:17 +02:00
Paweł Gronowski
0802db572b integration/TestDiskUsage: Clarify comment 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
 2026-06-18 15:58:27 +02:00
Paweł Gronowski
f46ac3c48a integration/TestDiskUsage: Drop size adjustment 
The image usage drift is fixed at the source, so the disk usage test no
longer needs to tolerate a one-block difference on rootless.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
 2026-06-18 15:58:27 +02:00
Paweł Gronowski
f454e4831d daemon/c8d: Count image usage from their actual snapshots 
Image disk usage used to walk every snapshot in the snapshotter and
count the result as image storage. That includes container-owned
snapshots, such as the container writable snapshot and the Moby init
snapshot.

Init snapshots are already represented in container rootfs size. With
the containerd snapshotter, GetContainerLayerSize walks the container
snapshot parent chain for SizeRootFs, so the init snapshot belongs
there. Counting the same snapshot from ImageDiskUsage made it appear
as image storage as well.

Before this commit:

Images.TotalSize
  = image content
  + image snapshots
  + all other snapshots walked by snapshotter
  + container init snapshots
  + container RW snapshots

And container size reporting had:

Container.SizeRootFs
  = image snapshots
  + init snapshot
  + RW snapshot

So the init layer was included in:

- Images.TotalSize
- Container.SizeRootFs

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
 2026-06-18 15:58:27 +02:00
Sebastiaan van Stijn
f591e4f5c4 Merge pull request #52905 from vvoland/c8d-fix-prune-snapshots 
c8d/prune: Track removed snapshots
 2026-06-18 15:39:39 +02:00
Sebastiaan van Stijn
9e9cfa29e0 Merge pull request #52915 from deahtstroke/50159-Add-missed-requirement-to-network-stats-test 
integration/container: Added missed requirement for a local daemon to run TestStatsNetworkStats
 2026-06-18 15:34:44 +02:00
Sopho Merkviladze
fe5f7b2536 api: clarify ImageAttestations error when statement blob read fails 
When a statement blob cannot be read from the local content store, the
error from content.ReadBlob propagated raw via the HTTP middleware.
Wrap the error so the response identifies the missing statement by
digest and distinguishes the not-found case from other read failures.

Signed-off-by: Sopho Merkviladze <smerkviladze@mirantis.com>
 2026-06-18 16:12:21 +04:00
Daniel Villavicencio
2dedfa0c63 integration/container: Added missed requirement for a local daemon to test TestStatsNetworkStats 
Signed-off-by: Daniel Villavicencio <dvm3099@pm.me>
 2026-06-18 04:42:23 -07:00
Paweł Gronowski
dffbb16e52 c8d/prune: Track removed snapshots 
Include deleted snapshots in the deleted size report.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
 2026-06-18 13:28:55 +02:00
Andrew Liu
1567f9e65f integration: migrate TestInspectAPIImageResponse to integration suite 
Signed-off-by: Andrew Liu <andrewjliu22@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-18 13:27:35 +02:00
Sebastiaan van Stijn
67e7274c95 internal/testutil: cleanup GenerateRandomAlphaOnlyString 
- use math/rand/v2
- change the util to only produce lowercase; some tests only could
  use lowercase, and we don't need uppercase here, as long as it's
  random.
- drop the Uniqueness test; it was effectively just testing stdlib
  functionality (math/rand/v2 to be random).
- rename to RandomAlpha while we had to update call-sites

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-18 13:05:17 +02:00
Paweł Gronowski
bb6eaebe6c Merge pull request #52911 from thaJeztah/carry_52909 
Update docker/buildx-bin Docker tag to v0.35.0 (carry 52909)
 2026-06-18 12:55:13 +02:00
Paweł Gronowski
f31c74fd6f Merge pull request #52907 from thaJeztah/bump_delve 
Dockerfile: update delve to v1.26.3
 2026-06-18 12:54:48 +02:00
Paweł Gronowski
77bebe7030 Merge pull request #52096 from deahtstroke/50159-migrate-TestAPIStatsNetworkStats-from-integration-cli 
integration/container: Migrate TestAPIStatsNetworkStats to integratio…
 2026-06-18 12:54:22 +02:00
Sebastiaan van Stijn
f5890a5eda integration-cli: runSleepingContainerInImage: don't capture stderr 
The runSleepingContainerInImage (and runSleepingContainer) utils are
expected to return the container's ID (or name). They already assert
the command executed successfully, so let's avoid capturing output
from stderr (which could be warnings or logs).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-18 12:32:06 +02:00
Mend Renovate
df4a64e487 Update docker/buildx-bin Docker tag to v0.35.0 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-18 11:08:10 +02:00
Daniel Villavicencio
47f6e9248b integration/container: migrate TestAPIStatsNetworkStats to integration suite 
Signed-off-by: Daniel Villavicencio <dvm3099@pm.me>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-18 10:56:51 +02:00
Sebastiaan van Stijn
0e017ea51b Merge pull request #51007 from 5h4rk-lab/feat/migrate-TestAPICreateDeletePredefinedNetworks 
integration: migrate TestAPICreateDeletePredefinedNetworks from integration-cli
 2026-06-18 10:07:02 +02:00
Sebastiaan van Stijn
1a00bed7d9 Merge pull request #52908 from renovate-bot/renovate/github.com-opencontainers-cgroups-0.x 
Update module github.com/opencontainers/cgroups to v0.0.7
 2026-06-18 09:21:31 +02:00
5h4rk-lab
c8f44969df integration: migrate TestAPICreateDeletePredefinedNetworks from integration-cli 
Signed-off-by: Go Charan Kilaru <sharkmagic07@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-18 02:12:52 +02:00