There has been a lot of discussion (issues 4242 and 5262) about making
`FROM scratch` either a special case or making `FROM` optional, implying
starting from an empty file system.
This patch makes the build command `FROM scratch` special cased from now on
and if used does not pull/set the the initial layer of the build to the ancient
image ID (511136ea..) but instead marks the build as having no base image. The
next command in the dockerfile will create an image with a parent image ID of "".
This means every image ever can now use one fewer layer!
This also makes the image name `scratch` a reserved name by the TagStore. You
will not be able to tag an image with this name from now on. If any users
currently have an image tagged as `scratch`, they will still be able to use that
image, but will not be able to tag a new image with that name.
Goodbye '511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158',
it was nice knowing you.
Fixes#4242
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Moved Tianon's PR from: https://github.com/docker/docker/pull/7870
on top of the latest code
Closes: #3936
Signed-off-by: Andrew Page <admwiggin@gmail.com>
Signed-off-by: Doug Davis <dug@us.ibm.com>
When we use the engine/env object we can run into a situation where
a string is passed in as the value but later on when we json serialize
the name/value pairs, because the string is made up of just numbers
it appears as an integer and not a string - meaning no quotes. This
can cause parsing issues for clients.
I tried to find all spots where we call env.Set() and the type of the
name being set might end up having a value that could look like an int
(like author). In those cases I switched it to use env.SetJson() instead
because that will wrap it in quotes.
One interesting thing to note about the testcase that I modified is that
the escaped quotes should have been there all along and we were incorrectly
letting it thru. If you look at the metadata stored for that resource you
can see the quotes were escaped and we lost them during the serialization
steps because of the env.Set() stuff. The use of env is probably not the
best way to do all of this.
Closes: #9602
Signed-off-by: Doug Davis <dug@us.ibm.com>
This tests ensures that the content from a dir within a build is carried
over even if VOLUME for that dir is specified in the Dockerfile. This
test ensures this long standing functionality.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Sometimes rm begins before process death, but Kill called already after
it, so we get error - no such process.
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
Forbid `docker run -t` with a redirected stdin (such as `echo test |
docker run -ti busybox cat`). Forbid `docker exec -t` with a redirected
stdin. Forbid `docker attach` with a redirect stdin toward a tty enabled
container.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Permissions after an ADD or COPY build instructions are now restricted
to the scope of files potentially modified by the operation rather than
the entire impacted tree.
Fixes#9401.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Right now 'docker build' will send:
Sending build context to Docker daemon
to stderr, instead of stdout. This PR fixes that.
I looked in the rest of api/client/commands.go for other cases
that might do this and only one jumped out at me:
https://github.com/docker/docker/blob/master/api/client/commands.go#L2202
but I think if I changed that to go to stdout then it'll mess people up
who are expecting just the container ID to be printed to the screen and
there is no --quiet type of flag we can check.
Closes#9404
Signed-off-by: Doug Davis <dug@us.ibm.com>
Sometimes other programs can bind on ports from our range, so we just
skip this ports on allocation.
Fixes#9293
Probably fixes#8714
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
I also needed to add a mflag.IsSet() function that allows you to check
to see if a certain flag was actually specified on the cmd line.
Per #9221 - also tweaked the docs to fix a typo.
Closes#9221
Signed-off-by: Doug Davis <dug@us.ibm.com>
still supports the old form: ENV name value
Also, fixed an issue with the parser where it would ignore lines
at the end of the Dockerfile that ended with \
Closes#2333
Signed-off-by: Doug Davis <dug@us.ibm.com>
Mark the daemon listening ports as allocated in the portallocator in
order to prevent containers from exposing this port themselves.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Now filter name is trimmed and lowercased before evaluation for case
insensitive and whitespace trimemd check.
Signed-off-by: Oh Jinkyun <tintypemolly@gmail.com>
This adds an integration test for checking that the network namespace
fds are the same when a container joins another container's network
namespace.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Common patterns:
- Multiple images were built with same name but only one cleanup.
- Containers were deleted after images.
- Images not removed after retagging.
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
Next steps, in another PR, would be:
- make all logging go through the logrus stuff
- I'd like to see if we can remove the env var stuff (like DEBUG) but we'll see
Closes#5198
Signed-off-by: Doug Davis <dug@us.ibm.com>
Fixes#8942
Current behavior is that volumes aren't initialized until start.
Volumes still need to be initialized on start since VolumesFrom and
Binds can be passed in as part of HostConfig on start, however anything
that's already been initialized will just be skipped as is the current
behavior.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Therer is a bug in the 'skip' decision when exporting a repository
(`docker save repo`)
Only the layers of the first image are included in the archive (the
layers of the next images are missing)
Signed-off-by: Anthony Baire <Anthony.Baire@irisa.fr>
this test checks if exposing a large number of ports in Dockerfile properly
saves the port in configs. We dont actually expose a VERY large number of ports
here because the result is the same and it increases the test time by a few
seconds
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Some workloads rely on IPC for communications with other processes. We
would like to split workloads between two container but still allow them
to communicate though shared IPC.
This patch mimics the --net code to allow --ipc=host to not split off
the IPC Namespace. ipc=container:CONTAINERID to share ipc between containers
If you share IPC between containers, then you need to make sure SELinux labels
match.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
changing order of EXPOSE ports should not invalidate the cache as the content
doesnt change
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
I noticed a few things that were bugging me in the output
of the integration-cli tests.
- one of the tests used println to stdout so we had garage sent to the screen
- some of the test, in their final log message, didn't include the name of
the group/file e.g. daemon - run,iptables was just run,iptables
And yes, I noticed this because I'm anal :-) but also because we should keep
the output of the tests as clean as possible so its easy to spot it when
things go bad.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Alexandr Morozov
Jessie Frazelle
Alexander Morozov
Jessica Frazelle
Ian Bishop
Arnaud Porterie
Srini Brahmaroutu
Josh Hawn
Doug Davis
Michael Crosby
Brian Goff
Michael Crosby
Cristian Staretu
unclejack
Tibor Vass
cc272309126
unclejack
Emily Maier
Yohei Ueda
Erik Hollensbe
Victor Vieux
Daehyeok Mun
Vincent Batts
Daniel, Dao Quang Minh
Oh Jinkyun
Tonis Tiigi
Marianna
Srini Brahmaroutu
Anthony Baire
Dan Walsh