The `VirtualSize` field became redundant with the introduction of content-
addressable images in docker v1.10 (4352da7803),
after which the field was identical to the `Size` field. The field was marked
to be deprecated, which happened in 1261fe69a3
(API v1.43) and removed in API v1.44 (913b0f51ca).
Now that we stop supporting API versions older than v1.44, we can drop this
field; it's a minor breakage of old API versions, but the same information
is available in the "Size" field.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The BuildCache.Parent field was removed in API v1.42 in [moby@e0db820].
While we had to keep the Go struct field around to backfill the field for
older API versions, it's no longer part of API v1.42 and up (using the
"omitempty" is just an implementation detail).
Older clients unconditionally use the `Parents` field if set, and usage
of this field is very limited, so let's remove the field without back-
filling, and have clients use the replacement field;
https://github.com/docker/cli/blob/v28.5.1/cli/command/formatter/buildcache.go
[moby@e0db820]: e0db8207f3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `DiskUsage.BuilderSize` field was added as part of the, then experimental,
BuildKit builder in [moby@5c3d2d5] (API v1.31). It was deprecated in API v1.32
(through [moby@b225258]) but that change still returned the field. Commit
[moby@31348af] removed it in API v1.42. This field was never documented,
and part of an experimental feature, so we can remove it altogether.
[moby@5c3d2d5]: 5c3d2d552b
[moby@b225258]: b225258496
[moby@31348af]: 31348afa19
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Most of the code in the filters package relates to the unmarshaling,
validation and application of filters from client requests. None of this
is necessary or particularly useful for Go SDK users. Move the full-fat
filters package into daemon/internal and switch all the daemon code to
import that package so we are free to iterate upon the code without
worrying about source-code interface compatibility.
Signed-off-by: Cory Snider <csnider@mirantis.com>
This field was deprecated API v1.48 in [moby@ff191c5], and removed in
API v1.49 in [moby@564abf9].
This patch:
- Removes the field from the API Go types.
- Reimplements the `/info` endpoint with the `compat` package to replace
the local `infoResponse` implementation.
- Removes the `ServiceConfig.ExtraFields` field in api/types/registry
introduced in [moby@7d9c50d] to backfill the `AllowNondistributableArtifactsCIDRs`
and `AllowNondistributableArtifactsHostnames` fields for API < v1.47.
We should also consider deprecating the `ContainerdCommit`, `RuncCommit`
and `InitCommit` fields on the `/info` response (as we also include this
information as part of the components returned in `/version`), but those
can still be useful currently for situations where a user only provides
`docker info` output.
[moby@ff191c5]: ff191c58f7
[moby@564abf9]: 564abf9157
[moby@7d9c50d]: 7d9c50db2b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The InspectResponse type contains various fields that are deprecated
and removed from current API versions, but that were kept for the API
server to produce the fields when downgrading to older API versions.
- The `Parent` field is only used for the legacy builder, and only set for
images that are built locally (i.e., not persisted when pulling an image).
- The `DockerVersion` field is only set when building images with the legacy
builder, and empty in most cases.
Both fields were implicitly deprecated with the deprecation of the legacy
builder, and deprecated for the API in [moby@bd8a99b], which was backported
to the 28.x release.
This patch:
- Removes the deprecated fields from the `InspectResposne` struct; this
means that [`client.ImageInspect`] won't unmarshal those fields, but
the [`docker image inspect`] CLI command defaults to printing the raw
output as returned by the API, so can continue to show any field returned
in the API response. As a side-note; we should change the CLI to default
to show the unmarshalled response, and introduce a `--format=jsonraw`
(or `--raw`) option to make printing the raw response opt-in.
- Updates the API server to backfill the fields if they are set.
[moby@bd8a99b]: bd8a99b400
[`client.ImageInspect`]: f739c61c69/client/image_inspect.go (L14-L64)
[`docker image inspect`]: 74e3520724/cli/command/image/inspect.go (L59-L81)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The InspectResponse type contains various fields that are deprecated
and removed from current API versions, but that were kept for the API
server to produce the fields when downgrading to older API versions.
This patch:
- Introduces a `imagebackend.InspectData` type for the daemon to use for
returning the data needed to propagate the API response. It currently
embeds the API response type and combines it with the legacy fields,
but this could be changed to return the internal Image type, and
mapping the fields to the API response type in the router.
- Removes the deprecated fields from the `InspectResposne` struct; this
means that [`client.ImageInspect`] won't unmarshal those fields, but
the [`docker image inspect`] CLI command defaults to printing the raw
output as returned by the API, so can continue to show any field returned
in the API response. As a side-note; we should change the CLI to default
to show the unmarshalled response, and introduce a `--format=jsonraw`
(or `--raw`) option to make printing the raw response opt-in.
This patch removes the following fields from the `InspectResponse` type;
- `VirtualSize`: this field became obsolete with the migration to content-
addressable images in docker v1.10 ([moby@4352da7]), but was still returned
with a copy of the `Size` field. It was deprecated in API v1.43 ([moby@1261fe6]),
and removed in API v1.44 ([moby@913b0f5]).
- `Container` and `ContainerConfig`: both fields were deprecated in
API v1.44 ([moby@1602e2f]), and removed in API v1.45 ([moby@03cddc6]).
remove deprecated Container, ContainerConfig, VirtualSize
[moby@4352da7]: 4352da7803
[moby@1261fe6]: 1261fe69a3
[moby@913b0f5]: 913b0f51ca
[moby@1602e2f]: 1602e2f4f1
[moby@03cddc6]: 03cddc62f4
[`client.ImageInspect`]: f739c61c69/client/image_inspect.go (L14-L64)
[`docker image inspect`]: 74e3520724/cli/command/image/inspect.go (L59-L81)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was a mistake I made in eafca64a6b,
which was extracted from a set of changes that I had in progress, but
I forgot that patch was unfinished (whoops!); before that commit, the
legacy "Config" fields were handled through the `inspectCompatResponse`,
which applied the legacy fields to the `Config` struct within the image
inspect response.
When changing the implementation to use the `compat` package, those
fields were applied at the top-level of the response, instead of the
`Config`; additional changes were needed for the `compat` package to
support pathing nested structs, and to prevent "extra" fields from
overwriting fields that already existed in the response; these changes
were implemented in e204ba1dca.
This patch:
- Removes the old `inspectCompatResponse` implementation, which was
no longer used.
- Updates the router to patch the `Config` fields, using the fixes
and enhancements that were implemented in e204ba1dca.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The image inspect response has various fields that were deprecated as
part of the legacy builder, or Dockerfile syntax;
- The `Parent` field is only used for the legacy builder, and only set for
images that are built locally (i.e., not persisted when pulling an image).
- The `DockerVersion` field is only set when building images with the legacy
builder, and empty in most cases.
This patch deprecates the fields in the `InspectResponse` go struct, as
these fields will no longer be set in future once the legacy builder is
removed (`Parent`, `DockerVersion`). The legacy builder's deprecation in
[cli@4d8e457] / [cli@fd22746] (docker 23.0, API v1.42), however the related
API fields were kept so that information of legacy images would not be
discarded.
The API continues to return these fields if set, allowing the client to
print the fields for informational purposes when printing the raw response,
but these fields should be considered "transitional", and not be depended
on; deprecating the fields helps raise awareness.
[cli@4d8e457]: 4d8e45782b
[cli@fd22746]: fd2274692f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The image inspect response has various fields that are either optional,
or only used if the image was built using the deprecated legacy builder.
This patch marks them as "omitempty" to omit them from the response if
not set:
- The `Parent` field is only used for the legacy builder, and only set for
images that are built locally (i.e., not persisted when pulling an image).
- The `Comment` field is optional, and may not be set, depending on how the
image is produced.
- The `DockerVersion` field is only set when building images with the legacy
builder, and empty in most cases.
- The `Author` field can be set through the `MAINTAINER` instruction in
Dockerfiles, and through the `--author` option on `docker commit`, but
is optional, and won't be set in most situations.
With this patch:
On API v1.52
DOCKER_API_VERSION=v1.52 docker inspect busybox
[
{
"Id": "sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e",
"RepoTags": ["busybox:latest"],
"RepoDigests": ["busybox@sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e"],
"Created": "2024-09-26T21:31:42Z",
"Config": {
"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],
"Cmd": ["sh"]
},
"Architecture": "arm64",
"Variant": "v8",
"Os": "linux",
"Size": 1913388,
"RootFS": {
"Type": "layers",
"Layers": ["sha256:6aba5e0d32d91e3e923854dcb30588dc4112bfa1dae82b89535ad31d322a7b19"]
},
"Metadata": {
"LastTagTime": "2025-10-03T22:24:18.440035424Z"
},
"Descriptor": {
"mediaType": "application/vnd.oci.image.index.v1+json",
"digest": "sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e",
"size": 9535
}
}
]
On API v1.51 or lower:
DOCKER_API_VERSION=v1.51 docker inspect busybox
[
{
"Architecture": "arm64",
"Author": "",
"Cmd": null,
"Comment": "",
"Config": {
"Cmd": ["sh"],
"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]
},
"Created": "2024-09-26T21:31:42Z",
"Descriptor": {
"digest": "sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e",
"mediaType": "application/vnd.oci.image.index.v1+json",
"size": 9535
},
"DockerVersion": "",
"Entrypoint": null,
"Env": null,
"Id": "sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e",
"Labels": null,
"Metadata": {
"LastTagTime": "2025-10-03T22:24:18.440035424Z"
},
"OnBuild": null,
"Os": "linux",
"Parent": "",
"RepoDigests": ["busybox@sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e"],
"RepoTags": ["busybox:latest"],
"RootFS": {
"Layers": ["sha256:6aba5e0d32d91e3e923854dcb30588dc4112bfa1dae82b89535ad31d322a7b19"],
"Type": "layers"
},
"Size": 1913388,
"User": "",
"Variant": "v8",
"Volumes": null,
"WorkingDir": ""
}
]
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These utilities are very handy to use in integration tests, too. Move
the package so it can be imported by them.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Support for daemon-side auto-remove was added in API v1.25; on older
versions of the daemon, the client was responsible for removing the
container after it exited (see [moby@6dd8e10])
On API versions < 1.30, it used the events API for this purpose, and
would wait for a "die", "detach" or "detroy" events to know the container
exited, and could be removed or (when attached, but without a TTY) to
get the container's exit-status. (see [cli@38591f2]).
API version 1.24 (docker 1.12) is 9 Years old (July 29, 2016), and API
1.30 (docker 17.06) is 8 Years old (Jun 20, 2017), and long EOL. While
technically, a CLI could negotiate API 1.30 or older, this would only
be in cases where either API version negotiation failed, or the version
was explicitly overridden through `DOCKER_API_VERSION` for testing.
This patch removes the version-gate for daemon-side AutoRemove; version-
specific handling is removed from the client (and a related patch in
the CLI).
[moby@6dd8e10]: 6dd8e10d6e
[cli@38591f2]: 38591f20d0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Trying to remove uses of deprecated fields that are only set for backward-
compatibility with older API versions. This is not a full replacement yet,
as there's still other fields ("Container", "ContainerConfig") that are
harder to replace without an (internal / backend) type to define them,
but this patch removes the dependency of the daemon on the `VirtualSize`
field on image inspect.
The "image ls" endpoint needs a similar patch, because "image.Summary" also
has a `VirtualSize` field that's removed in API v1.44 and up.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Starting with kernel v6.12, kernel memory TCP accounting is deprecated for cgroups v1.
Note: kernel memory TCP accounting is not supported by cgroups v2.
See d046ff46ee
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fixes a bug where no checkpoints would produce a `null` response
instead of an empty array:
```
$ docker run -d --name foo nginx:alpine
17fbeff7185733f101c38cb8208359dd0ef141116a1345da2d3c3f58c11f3e14
$ curl --unix-socket /var/run/docker.sock http://local/containers/foo/checkpoints
null
```
With this patch, this becomes:
```
$ curl --unix-socket /var/run/docker.sock http://local/containers/foo/checkpoints
[]
```
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
The PushImage method for the ImageService used positional arguments for its
options, which made it more difficult to introduce new options. This patch
introduces a `PushOptions` struct to specify the options. As part of these
changes, the `platform` option was already adjusted to accept a slice of
platforms, which currently is not supported, but may be in the near future.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The PullImage method for the ImageService used positional arguments for its
options, which made it more difficult to introduce new options. This patch
introduces a `PullOptions` struct to specify the options. As part of these
changes, the `platform` option was already adjusted to accept a slice of
platforms, which currently is not supported, but may be in the near future.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit [moby@17d870b] (API v1.13, docker v1.1.0) changed the default to pause
containers during commit, keeping the behavior opt-in for older API versions.
This version-gate was removed in [moby@1b1147e] because API versions lower
than v1.23 were no longer supported.
However, the `CreateImageConfig` struct still used `Pause`, and required opting-
in to enable pausing. This patch changes the struct to reflect the default.
after this change, we should also consider changing the API make disabling
pause a more explicit option, and to change the "pause" argument to a
"no-pause".
[moby@17d870b]: 17d870bed5
[moby@1b1147e]: 1b1147e46b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
the "reference" filter was introduced in [moby@820b809] (docker 1.13.0-rc1)
to replace the "filter" query argument. That commit initially included a
version-gate anticipating the API version to be used for v17.12, but as
this was yet unknown, the version-gate was removed in [moby@0f9d22c].
A later PR re-introduced a version-gate in [moby@4a19009], reflecting the
API version in which the deprecation was (finally) completed.
For the client, [moby@c6e3145] added a fallback was added for older daemons
(docker 1.12.0 and older, using API < v1.25) that did not support the new
filter.
Looking at the above, any version of docker 1.13.0 or above handles the
"reference" filter, but (depending on the docker version) may also handle
the old filter on API < 1.28 or API < 1.41. Removing this option will only
impact daemon versions older than 1.13.0, which are long obsolete.
Given that current clients forcibly remove the "reference" filter and replace
it with the old "filter" when using API v1.24, we keep support on the daemon
side, but update the version to v1.24, and only if no reference filter is
set.
[moby@820b809]: 820b809e70
[moby@c6e3145]: c6e31454ba
[moby@0f9d22c]: 0f9d22cd66
[moby@4a19009]: 4a1900915a
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Pass the Route as a whole, instead of some of its properties; this
allows the method to act on additional information provided by the
route.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Type type was defined before the API had a definition fro the exec-inspect
response. When a type definition was added in [moby@2a34207], the definition
was moved from the backend to the API, and the backend type implemented as
an alias.
Technically, we could keep a _concrete_ type for the backend, and handle
conversion to the corresponding API type in the router, but currently,
this would likely only add extra complexity.
We could still opt for doing so when the backend requires additional fields
or changes that should not be reflected in the API response.
[moby@2a34207]: 2a342079c6
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
kernel-memory limits are not supported in cgroups v2, and were obsoleted in
[kernel v5.4], producing a `ENOTSUP` in kernel v5.16. Support for this option
was removed in runc and other runtimes, as various LTS kernels contained a
broken implementation, resulting in unpredictable behavior.
We deprecated this option in [moby@b8ca7de], producing a warning when used,
and actively ignore the option since [moby@0798f5f].
Given that setting this option had no effect in most situations, we should
just remove this option instead of continuing to handle it with the expectation
that a runtime may still support it.
Note that we still support RHEL 8 (kernel 4.18) and RHEL 9 (kernel 5.14). We
no longer build packages for Ubuntu 20.04 (kernel 5.4) and Debian Bullseye 11
(kernel 5.10), which still have an LTS / ESM programme, but for those it would
only impact situations where a runtime is used that still supports it, and
an old API version was used.
[kernel v5.4]: https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0
[moby@b8ca7de]: b8ca7de823
[moby@0798f5f]: 0798f5f5cf
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This introduces a `WithMinimumAPIVersion` RouteWrapper to configure the
minimum API version required for a route. It produces a 400 (Invalid Request)
error when accessing the endpoint on API versions lower than the given version.
Note that technically, it should produce a 404 ("not found") error,
as the endpoint should be considered "non-existing" on such API versions,
but 404 status-codes are used in business logic for various endpoints.
This patch allows removal of corresponding API-version checks from the client,
and other implementation of clients for the API. While the produced error message
is slightly more "technical", these situations should be rare and only happen
when the API version of the client is explicitly overridden, or a client was
implemented with a fixed API version (potentially missing version checks).
Before this patch, these errors were produced by the client:
DOCKER_API_VERSION=v1.24 docker container prune -f
docker container prune requires API version 1.25, but the Docker daemon API version is 1.24
With this patch applied, the error is returned by the daemon:
DOCKER_API_VERSION=v1.24 docker container prune -f
Error response from daemon: POST /containers/prune requires minimum API version 1.25
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
On docker 1.12 (API v1.24) and older, the `SecurityOptions` field of the
`/info` response would only list names of the security options that are
enabled in the daemon. API v1.25 added additional information to this
information. Initially, this included a change to return the information
in structured format (b237189e6c), which
was a backward-incompatible change, so an alternative format was introduced
in 514ca09426 to used a string-slice, but
prefixing options with `name=`, followed by the name of the security-options
and any config options related to it as `key[=<value>]` pairs.
On current API versions:
curl -s --unix-socket /var/run/docker.sock 'http://localhost/v1.51/info' | jq .SecurityOptions
[
"name=seccomp,profile=builtin",
"name=cgroupns"
]
On API version v1.24:
curl -s --unix-socket /var/run/docker.sock 'http://localhost/v1.24/info' | jq .SecurityOptions
[
"seccomp",
"cgroupns"
]
The Docker CLI unconditionally handles either format when presenting the
information; for backward-compatibility, it contains fallback code to handle
cases where no `name=` prefix is present, but this logic is not based on
API version.
Given that any current version of the CLI is handling either format, and
versions of the CLI that did not have this handling are at least 9 Years
old (and long EOL), removing the old format is unlikely to be causing
issues and we can remove this special handling, and return the information
in the current format.
If we consider this information to be relevant for clients, we should
ultimately consider making it available in a more structured format as
was the original intent of b237189e6c.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- move api/types/container.ExecOptions to the client
- rename api/types/container.ExecOptions to ExecCreateRequest
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- move api/types/container.ExecStartOptions to the client
- move api/types/container.ExecAttachOptions to the client
- rename api/types/container.ExecStartOptions to ExecStartRequest
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
