The default gc policy calculations based on percentage were calculated
improperly. These were calculated correctly in buildkit, but the
calculation method was not copied over correctly when updating the
values.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
The DockerVersion field was present for informational purposes, but was
not used anywhere. This patch stops propagating the field, which also
reduces the number of places where the `dockerversion` package is used,
which still needs a new home.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The DockerVersion field was used by the legacy builder, and set when
importing an image; when importing an image, this would potentially
result in less reproducible images, as the docker version used to import
the image would be encoded in the image's "v1" fields.
For the legacy builder, including the version of docker used to build
the image could still be useful information (but could be set as comment,
similar to what BuildKit does), however, many code paths were also shared
with other parts of the code; e.g., when listing images or inspecting images,
the `DockerVersion` field would always be set to the current version of
the docker daemon, and not taken from the information available in the
image (if any).
This patch removes locations where the `DockerVersion` field was set to
the current version of the daemon binary. When inspecting an image, the
field is still set with the information in the image itself (which may
be empty in most cases).
This also reduces the number of places where the `dockerversion` package
is used, which still needs a new home.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was a mistake I made in eafca64a6b,
which was extracted from a set of changes that I had in progress, but
I forgot that patch was unfinished (whoops!); before that commit, the
legacy "Config" fields were handled through the `inspectCompatResponse`,
which applied the legacy fields to the `Config` struct within the image
inspect response.
When changing the implementation to use the `compat` package, those
fields were applied at the top-level of the response, instead of the
`Config`; additional changes were needed for the `compat` package to
support pathing nested structs, and to prevent "extra" fields from
overwriting fields that already existed in the response; these changes
were implemented in e204ba1dca.
This patch:
- Removes the old `inspectCompatResponse` implementation, which was
no longer used.
- Updates the router to patch the `Config` fields, using the fixes
and enhancements that were implemented in e204ba1dca.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This package was aliased as "imagespec" in some places, and "dockerspec"
in other places, which made it easy to confuse.
Change all uses of this package to be aliased as "dockerspec" and configure
an "importas" linting check to enforce it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The image inspect response has various fields that were deprecated as
part of the legacy builder, or Dockerfile syntax;
- The `Parent` field is only used for the legacy builder, and only set for
images that are built locally (i.e., not persisted when pulling an image).
- The `DockerVersion` field is only set when building images with the legacy
builder, and empty in most cases.
This patch deprecates the fields in the `InspectResponse` go struct, as
these fields will no longer be set in future once the legacy builder is
removed (`Parent`, `DockerVersion`). The legacy builder's deprecation in
[cli@4d8e457] / [cli@fd22746] (docker 23.0, API v1.42), however the related
API fields were kept so that information of legacy images would not be
discarded.
The API continues to return these fields if set, allowing the client to
print the fields for informational purposes when printing the raw response,
but these fields should be considered "transitional", and not be depended
on; deprecating the fields helps raise awareness.
[cli@4d8e457]: 4d8e45782b
[cli@fd22746]: fd2274692f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Minor issues to make my IDE happy:
- rename var that shadowed import
- rename vars to use the correct camelCase format
- fix minor grammar / formatting in comments
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was a bit of an oversight; when setting additional fields to add,
the compat package currently replaces fields unconditionally. This may
have sounded like an OK idea, but it makes it more complicated to augment
responses where current versions use an "omitempty", but older API versions
should return default / zero-values.
This patch:
- Changes the meaning of "extra fields"; extra fields are only used if
the field is not present in the response.
- Makes the merging of "extra fields" recursive; this makes it easier
to patch responses where extra fields must be added to nested structs.
Previously, this would require the nested struct to be wrapped with a
`compat.Wrap` and replaced as a whole; lacking a "replace" option made
that more complicated, so making the extra fields recursive.
- Comment-out a test that tested the old behavior of replacing fields;
we currently have no cases where we must _replace_ fields or structs,
so I did not yet implement such an option, but we can implement a
`WithReplaceFields` (e.g.) once there's a need.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The image inspect response has various fields that are either optional,
or only used if the image was built using the deprecated legacy builder.
This patch marks them as "omitempty" to omit them from the response if
not set:
- The `Parent` field is only used for the legacy builder, and only set for
images that are built locally (i.e., not persisted when pulling an image).
- The `Comment` field is optional, and may not be set, depending on how the
image is produced.
- The `DockerVersion` field is only set when building images with the legacy
builder, and empty in most cases.
- The `Author` field can be set through the `MAINTAINER` instruction in
Dockerfiles, and through the `--author` option on `docker commit`, but
is optional, and won't be set in most situations.
With this patch:
On API v1.52
DOCKER_API_VERSION=v1.52 docker inspect busybox
[
{
"Id": "sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e",
"RepoTags": ["busybox:latest"],
"RepoDigests": ["busybox@sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e"],
"Created": "2024-09-26T21:31:42Z",
"Config": {
"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],
"Cmd": ["sh"]
},
"Architecture": "arm64",
"Variant": "v8",
"Os": "linux",
"Size": 1913388,
"RootFS": {
"Type": "layers",
"Layers": ["sha256:6aba5e0d32d91e3e923854dcb30588dc4112bfa1dae82b89535ad31d322a7b19"]
},
"Metadata": {
"LastTagTime": "2025-10-03T22:24:18.440035424Z"
},
"Descriptor": {
"mediaType": "application/vnd.oci.image.index.v1+json",
"digest": "sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e",
"size": 9535
}
}
]
On API v1.51 or lower:
DOCKER_API_VERSION=v1.51 docker inspect busybox
[
{
"Architecture": "arm64",
"Author": "",
"Cmd": null,
"Comment": "",
"Config": {
"Cmd": ["sh"],
"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]
},
"Created": "2024-09-26T21:31:42Z",
"Descriptor": {
"digest": "sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e",
"mediaType": "application/vnd.oci.image.index.v1+json",
"size": 9535
},
"DockerVersion": "",
"Entrypoint": null,
"Env": null,
"Id": "sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e",
"Labels": null,
"Metadata": {
"LastTagTime": "2025-10-03T22:24:18.440035424Z"
},
"OnBuild": null,
"Os": "linux",
"Parent": "",
"RepoDigests": ["busybox@sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e"],
"RepoTags": ["busybox:latest"],
"RootFS": {
"Layers": ["sha256:6aba5e0d32d91e3e923854dcb30588dc4112bfa1dae82b89535ad31d322a7b19"],
"Type": "layers"
},
"Size": 1913388,
"User": "",
"Variant": "v8",
"Volumes": null,
"WorkingDir": ""
}
]
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These utilities are very handy to use in integration tests, too. Move
the package so it can be imported by them.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Clients should not make assumptions about the validity of an API struct
as the set of well-formed values may differ across daemon versions.
Remove it from the API module so client-application authors are not
tempted to apply it, which would restrict the forward compatibility of
the client.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Clients should not make assumptions about the validity of an API struct
as the set of well-formed values may differ across daemon versions.
Remove it from the API module so client-application authors are not
tempted to apply it, which would restrict the forward compatibility of
the client.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Change the types for IP address and prefix struct fields to netip.Addr
and netip.Prefix for convenience. Fields such as
swarm.InitRequest.ListenAddr which may encode non-numeric values such as
a network interface name have not been modified.
Signed-off-by: Cory Snider <csnider@mirantis.com>
These utilities are going to be needed elsewhere in the daemon to handle
netip values from API requests.
Signed-off-by: Cory Snider <csnider@mirantis.com>
As there is a meaningful distinction between a nil slice and an empty
but non-nil slice in some contexts, having sliceutil.Map return an empty
slice when passed a nil slice can introduce subtle bugs. Modify Map to
return a nil slice when passed a nil slice.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Support for daemon-side auto-remove was added in API v1.25; on older
versions of the daemon, the client was responsible for removing the
container after it exited (see [moby@6dd8e10])
On API versions < 1.30, it used the events API for this purpose, and
would wait for a "die", "detach" or "detroy" events to know the container
exited, and could be removed or (when attached, but without a TTY) to
get the container's exit-status. (see [cli@38591f2]).
API version 1.24 (docker 1.12) is 9 Years old (July 29, 2016), and API
1.30 (docker 17.06) is 8 Years old (Jun 20, 2017), and long EOL. While
technically, a CLI could negotiate API 1.30 or older, this would only
be in cases where either API version negotiation failed, or the version
was explicitly overridden through `DOCKER_API_VERSION` for testing.
This patch removes the version-gate for daemon-side AutoRemove; version-
specific handling is removed from the client (and a related patch in
the CLI).
[moby@6dd8e10]: 6dd8e10d6e
[cli@38591f2]: 38591f20d0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Trying to remove uses of deprecated fields that are only set for backward-
compatibility with older API versions. This is not a full replacement yet,
as there's still other fields ("Container", "ContainerConfig") that are
harder to replace without an (internal / backend) type to define them,
but this patch removes the dependency of the daemon on the `VirtualSize`
field on image inspect.
The "image ls" endpoint needs a similar patch, because "image.Summary" also
has a `VirtualSize` field that's removed in API v1.44 and up.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Starting with kernel v6.12, kernel memory TCP accounting is deprecated for cgroups v1.
Note: kernel memory TCP accounting is not supported by cgroups v2.
See d046ff46ee
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `ErrBackendNotSupported` error was no longer used since [moby@37cbdeb].
[moby@37cbdeb]: 37cbdeb1f2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `BOLTDB` const and related `Backend` type are no longer used since
[moby@ed08486].
[moby@ed08486]: ed08486ec7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit 380ded6 restored a now-unused endpoint count to the
store, so that when the daemon is downgraded it exists for
the old code to find.
But, on network deletion, the endpoint count was not loaded
from the store - so the delete code saw the wrong "index",
and logged a warning before deleting it anyway.
Use DeleteObject instead of DeleteObjectAtomic, so the old
index isn't checked.
Signed-off-by: Rob Murray <rob.murray@docker.com>
This change defines the generic `Storage` type for use in container inspect responses when using containerd snapshotter backend.
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
This fixes a bug where no checkpoints would produce a `null` response
instead of an empty array:
```
$ docker run -d --name foo nginx:alpine
17fbeff7185733f101c38cb8208359dd0ef141116a1345da2d3c3f58c11f3e14
$ curl --unix-socket /var/run/docker.sock http://local/containers/foo/checkpoints
null
```
With this patch, this becomes:
```
$ curl --unix-socket /var/run/docker.sock http://local/containers/foo/checkpoints
[]
```
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
With this tag, a dynamically linked binary will exec
the nft tool instead of using cgo to call libnftables
directly.
Signed-off-by: Rob Murray <rob.murray@docker.com>
