From a574de97dc5cda371ee357bdbf18864bd7b407b4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 19 Dec 2024 23:58:08 +0100 Subject: [PATCH] vendor: docker/cli master Signed-off-by: Sebastiaan van Stijn --- go.mod | 2 ++ go.sum | 4 +-- .../docker/cli/cli/config/config.go | 2 +- .../cli/cli/config/credentials/file_store.go | 36 +++++++++++++++---- vendor/modules.txt | 3 +- 5 files changed, 36 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index c061288eb2b8..ad2bb73a8413 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,8 @@ go 1.22.0 // FIXME(thaJeztah): testing moby master replace github.com/docker/docker => github.com/docker/docker v27.0.2-0.20241220093412-2c5649784ddb+incompatible +replace github.com/docker/cli => github.com/docker/cli v27.0.2-0.20241218124108-2f67b2f3ff3a+incompatible + require ( github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 diff --git a/go.sum b/go.sum index c53a23b32f2e..2388491158fe 100644 --- a/go.sum +++ b/go.sum @@ -138,8 +138,8 @@ github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v27.4.0+incompatible h1:/nJzWkcI1MDMN+U+px/YXnQWJqnu4J+QKGTfD6ptiTc= -github.com/docker/cli v27.4.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v27.0.2-0.20241218124108-2f67b2f3ff3a+incompatible h1:XsSN1xr87F/IR/WB7nWhL7qJIb72GLkZKvMSWPYFYrY= +github.com/docker/cli v27.0.2-0.20241218124108-2f67b2f3ff3a+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/docker v27.0.2-0.20241220093412-2c5649784ddb+incompatible h1:5IrINx9JU6IbuoaFpI9iZmUcPO0TMs7EtmRRSskR2Ro= github.com/docker/docker v27.0.2-0.20241220093412-2c5649784ddb+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= diff --git a/vendor/github.com/docker/cli/cli/config/config.go b/vendor/github.com/docker/cli/cli/config/config.go index 5a518432601d..910b3c0064a1 100644 --- a/vendor/github.com/docker/cli/cli/config/config.go +++ b/vendor/github.com/docker/cli/cli/config/config.go @@ -143,7 +143,7 @@ func load(configDir string) (*configfile.ConfigFile, error) { defer file.Close() err = configFile.LoadFromReader(file) if err != nil { - err = errors.Wrapf(err, "loading config file: %s: ", filename) + err = errors.Wrapf(err, "parsing config file (%s)", filename) } return configFile, err } diff --git a/vendor/github.com/docker/cli/cli/config/credentials/file_store.go b/vendor/github.com/docker/cli/cli/config/credentials/file_store.go index 95406281501c..c69312b01490 100644 --- a/vendor/github.com/docker/cli/cli/config/credentials/file_store.go +++ b/vendor/github.com/docker/cli/cli/config/credentials/file_store.go @@ -1,9 +1,12 @@ package credentials import ( + "fmt" "net" "net/url" + "os" "strings" + "sync/atomic" "github.com/docker/cli/cli/config/types" ) @@ -57,6 +60,21 @@ func (c *fileStore) GetAll() (map[string]types.AuthConfig, error) { return c.file.GetAuthConfigs(), nil } +// unencryptedWarning warns the user when using an insecure credential storage. +// After a deprecation period, user will get prompted if stdin and stderr are a terminal. +// Otherwise, we'll assume they want it (sadly), because people may have been scripting +// insecure logins and we don't want to break them. Maybe they'll see the warning in their +// logs and fix things. +const unencryptedWarning = ` +WARNING! Your credentials are stored unencrypted in '%s'. +Configure a credential helper to remove this warning. See +https://docs.docker.com/go/credential-store/ +` + +// alreadyPrinted ensures that we only print the unencryptedWarning once per +// CLI invocation (no need to warn the user multiple times per command). +var alreadyPrinted atomic.Bool + // Store saves the given credentials in the file store. This function is // idempotent and does not update the file if credentials did not change. func (c *fileStore) Store(authConfig types.AuthConfig) error { @@ -66,15 +84,19 @@ func (c *fileStore) Store(authConfig types.AuthConfig) error { return nil } authConfigs[authConfig.ServerAddress] = authConfig - return c.file.Save() -} + if err := c.file.Save(); err != nil { + return err + } -func (c *fileStore) GetFilename() string { - return c.file.GetFilename() -} + if !alreadyPrinted.Load() && authConfig.Password != "" { + // Display a warning if we're storing the users password (not a token). + // + // FIXME(thaJeztah): make output configurable instead of hardcoding to os.Stderr + _, _ = fmt.Fprintln(os.Stderr, fmt.Sprintf(unencryptedWarning, c.file.GetFilename())) + alreadyPrinted.Store(true) + } -func (c *fileStore) IsFileStore() bool { - return true + return nil } // ConvertToHostname converts a registry url which has http|https prepended diff --git a/vendor/modules.txt b/vendor/modules.txt index 8b6ec8631e3d..ff27a76c1be8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -459,7 +459,7 @@ github.com/dimchansky/utfbom # github.com/distribution/reference v0.6.0 ## explicit; go 1.20 github.com/distribution/reference -# github.com/docker/cli v27.4.0+incompatible +# github.com/docker/cli v27.4.0+incompatible => github.com/docker/cli v27.0.2-0.20241218124108-2f67b2f3ff3a+incompatible ## explicit github.com/docker/cli/cli/config github.com/docker/cli/cli/config/configfile @@ -1106,3 +1106,4 @@ kernel.org/pub/linux/libs/security/libcap/cap ## explicit; go 1.11 kernel.org/pub/linux/libs/security/libcap/psx # github.com/docker/docker => github.com/docker/docker v27.0.2-0.20241220093412-2c5649784ddb+incompatible +# github.com/docker/cli => github.com/docker/cli v27.0.2-0.20241218124108-2f67b2f3ff3a+incompatible