moby changelogs since moby | diffwithgpt
AI Summary
The commit updates the status of the 28.x branch in the BRANCHES-AND-TAGS.md file to indicate it is maintained until after 29.x. It also marks the 27.x branch as unmaintained and updates the Microsoft URL reference.
Commit Log
project: update status of branches for Moby 28.x
AI Summary
The code change renames the receiver parameter in the Read method from '_' to 'zeroReader' to improve clarity and avoid a poorly chosen receiver name. This change is likely made to enhance code readability and maintainability by using a meaningful receiver name instead of a blank identifier.
Commit Log
fix(ST1006): Poorly chosen receiver name
AI Summary
The code change standardizes method receiver names across multiple files to ensure consistency in naming conventions. This change primarily affects method receivers in router and network-related packages, aligning them with more descriptive and consistent naming patterns.
Commit Log
fix(ST1016): Use consistent method receiver names
AI Summary
The code change renames package imports and references to avoid importing the same package multiple times, improving code clarity and reducing potential conflicts. This change is likely part of a refactoring effort to clean up package imports and ensure consistency across the codebase.
Commit Log
fix(ST1019): Importing the same package multiple times
AI Summary
The code changes fix Yoda conditions by reversing the comparison order in several assert checks and conditional statements. This improves code readability and aligns with common best practices for conditionals in Go.
Commit Log
fix(ST1017): Don’t use Yoda conditions
AI Summary
The code removes redundant type declarations in variable assignments, simplifying the syntax without changing functionality. This change improves code readability and reduces verbosity, but does not affect the behavior of the program.
Commit Log
fix(QF1011): Omit redundant type from variable declaration
AI Summary
The code adds handling for 'snapshots.KindUnknown' and 'snapshots.KindView' in a switch statement to ensure all snapshot kinds are covered. This change ensures the code is more robust and avoids missing cases that could lead to unexpected behavior.
Commit Log
fix(exhaustive): missing cases in switch of type snapshots.Kind
AI Summary
The code change reorders the default case in a switch statement to comply with the ST1015 rule, ensuring the default case is either the first or last case. This change is likely to improve code readability and maintainability by adhering to a style guideline, though it may not affect functionality.
Commit Log
fix(ST1015): A switch’s default case should be the first or last case
AI Summary
The code merges a conditional assignment into the variable declaration to simplify the logic and reduce lines of code. This change likely aims to improve code readability and maintainability by eliminating redundant variable assignment.
Commit Log
fix(QF1007): Merge conditional assignment into variable declaration
AI Summary
The code change optimizes a loop by lifting the if+break condition into the loop condition, reducing redundant checks and improving readability. This change is likely aimed at improving performance and maintainability by simplifying the loop structure.
Commit Log
fix(QF1006): Lift if+break into loop condition
AI Summary
The code change replaces strings.Replace with strings.ReplaceAll to ensure all occurrences of newline characters are replaced with tabbed newlines in error messages. This change improves consistency and avoids potential issues with the count parameter when using strings.Replace.
Commit Log
fix(QF1004): Use strings.ReplaceAll instead of strings.Replace with n == -1
AI Summary
The code changes apply De Morgan’s law to simplify and improve the readability of logical expressions by converting negated conditions into explicit checks. These changes are primarily focused on improving code clarity and maintainability by replacing complex negated conditions with more straightforward logical operations. The changes are mostly in validation and condition checks across various components, including HTTP request handling, container logs, network modes, and test cases.
Commit Log
fix(QF1001): Apply De Morgan’s law
AI Summary
The code change fixes a misused error variable by replacing 'err' with 'jsonErr' in a logging statement. This ensures the correct error is logged when unmarshaling JSON fails, improving clarity and debugging.
Commit Log
fix misused error
AI Summary
The code adds a new configuration option 'com.docker.network.bridge.trusted_host_interfaces' to allow specific host interfaces to directly access container ports. This change modifies the networking logic to permit direct routing to containers via trusted interfaces, which is controlled by the new configuration parameter.
Commit Log
bridge: add option com.docker.network.bridge.trusted_host_interfaces trusted_host_interface have access to published ports on container addresses - enabling direct routing to the container via those interfaces.
AI Summary
The code adds a new daemon flag --allow-direct-routing to enable direct access to container ports in bridge networks, bypassing default filtering rules. This flag disables the filtering of packets addressed directly to container IPs, allowing remote hosts to access published ports on container addresses. The change includes test cases to verify the behavior with and without the flag, and updates to the configuration and networking code to support the new functionality.
Commit Log
Add daemon option --allow-direct-routing Per-network option com.docker.network.bridge.trusted-host-interfaces accepts a list of interfaces that are allowed to route directly to a container's published ports in a bridge network with nat enabled. This daemon level option disables direct access filtering, enabling direct access to published ports on container addresses in all bridge networks, via all host interfaces. It overlaps with short-term env-var workaround: DOCKER_INSECURE_NO_IPTABLES_RAW=1 - it does not allow packets sent from outside the host to reach ports published only to 127.0.0.1 - it will outlive iptables (the workaround was initially intended for hosts that do not have kernel support for the "raw" iptables table).
AI Summary
The code update upgrades the moby/buildkit dependency from version 0.21.0 to 0.21.1, which likely includes bug fixes and improvements. The changes in control.go add a check to ensure the Cache field is initialized in the Solve function, preventing potential nil pointer issues. In build.go, the code replaces hardcoded platform handling with a new function makeExportPlatform, which normalizes and extends platform information for Windows, improving platform compatibility and code maintainability.
Commit Log
vendor: github.com/moby/buildkit v0.21.1
AI Summary
The code change modifies the BuildKit garbage collection configuration to default to enabled, using a new method `IsEnabled()` to check the state of the `Enabled` field. The `Enabled` field is now a pointer to a boolean, allowing for optional configuration, and a default value of `true` is set during unmarshaling. Test cases have been added to ensure the new `IsEnabled()` method behaves as expected with various configurations.
Commit Log
config: set buildkit gc enabled to default to true This will use the default settings for buildkit gc unless explicitly disabled by setting `enabled: false` in the gc configuration.
AI Summary
The commit updates broken links in the hack/README.md file to point to the correct documentation location within the project. The change ensures that references to test and documentation guides are now correctly linked to /docs/contributing/test.md.
Commit Log
hack: Update broken links from README Update referencesin hack/README.md from outdated docker URLs to the correct location at /docs/contributing/test.md.
AI Summary
The code changes aim to remove naked returns and rename error return variables to prevent shadowing, improving code clarity and reducing potential bugs. This change ensures that error variables are not accidentally overwritten in deferred functions, which could lead to incorrect error handling. The modifications are applied across multiple functions in the daemon package, particularly those involving error handling and validation.
Commit Log
daemon: remove/rename err-returns and remove naked returns Prevent accidentally shadowing these errors, which are used in defers, and remove naked returns.
AI Summary
The code renames the error return variable from 'err' to 'retErr' in the NewDaemon function to avoid shadowing the error variable used in a defer statement. This change prevents potential issues where the error variable in the defer block could be overwritten by the local 'err' variable, leading to incorrect error handling.
Commit Log
daemon: NewDaemon: rename err-return Prevent accidentally shadowing the error, which is used in a defer.
AI Summary
The code changes aim to make the error return handling more idiomatic by replacing the error parameter with a blank identifier in function signatures. This change is likely to improve code readability and reduce unnecessary error handling in cases where the error is not used.
Commit Log
daemon: parseXXVersion: rewrite to be slightly more iodiomatic
AI Summary
The code refactor updates error handling and naming conventions in the container stat and archive functions to make error handling more idiomatic and consistent. The changes rename error return variables to follow a more standard pattern (e.g., `retErr` instead of `err`) and ensure error checks are performed explicitly.
Commit Log
daemon: Daemon.ContainerStatPath, ContainerArchivePath: minor refactor - remove named error-returns - make error-handling slightly more idiomatic (check for non-nil errors)
AI Summary
The code changes fix variable shadowing issues reported by govet, renaming shadowed variables to avoid name conflicts. The changes are localized to specific functions and do not alter functionality, only variable naming for clarity and compliance. No breaking changes are expected as the variable names are renamed without affecting logic or behavior.
Commit Log
builder/builder-next: fix vars that shadowed (govet) builder/builder-next/adapters/containerimage/pull.go:912:3: shadow: declaration of "now" shadows declaration at line 905 (govet) now := time.Now() ^ builder/builder-next/adapters/snapshot/layer.go:52:4: shadow: declaration of "diffIDs" shadows declaration at line 28 (govet) diffIDs, err := s.EnsureLayer(gctx, info.Parent) ^ builder/builder-next/worker/worker.go:577:3: shadow: declaration of "now" shadows declaration at line 570 (govet) now := time.Now() ^
AI Summary
The code changes aim to fix variable shadowing issues reported by govet, renaming variables like 'pl' to 'plg' and 'iface' to 'itf' to avoid name conflicts. The changes also rename struct types from 'arg' to 'fnArg' to align with the new variable names and avoid shadowing in the same scope. These modifications improve code clarity and prevent potential bugs caused by shadowed variable names.
Commit Log
pkg/plugins: fix vars that shadowed (govet) pkg/plugins/plugins.go:325:4: shadow: declaration of "pl" shadows declaration at line 315 (govet) pl, err := loadWithRetry(name, false) ^ pkg/plugins/pluginrpc-gen/parser.go:153:4: shadow: declaration of "iface" shadows declaration at line 135 (govet) iface, ok := spec.Type.(*ast.InterfaceType) ^ pkg/plugins/pluginrpc-gen/parser_test.go:61:2: shadow: declaration of "arg" shadows declaration at line 40 (govet) arg := f.Args[0] ^ pkg/plugins/pluginrpc-gen/parser_test.go:165:2: shadow: declaration of "arg" shadows declaration at line 40 (govet) arg := f.Args[0] ^
AI Summary
The code change fixes a variable shadowing issue by renaming the variable 'open' to 'o' in the error handling case. This change resolves a govet warning about shadowing the variable 'open' declared earlier in the same block.
Commit Log
daemon/logger/loggertest: fix vars that shadowed (govet) daemon/logger/loggertest/logreader.go:548:14: shadow: declaration of "open" shadows declaration at line 545 (govet) case err, open := <-lw.Err: ^
AI Summary
The code fixes variable shadowing issues by reformatting the declaration of 'bs' in two separate if statements to avoid shadowing the outer declaration. This change improves code clarity and avoids potential bugs caused by variable name conflicts.
Commit Log
api/server/router/build: fix vars that shadowed (govet) api/server/router/build/build_routes.go:212:6: shadow: declaration of "bs" shadows declaration at line 200 (govet) if bs, err := parseBytesFromFormValue("max-used-space"); err != nil { ^ api/server/router/build/build_routes.go:218:6: shadow: declaration of "bs" shadows declaration at line 200 (govet) if bs, err := parseBytesFromFormValue("min-free-space"); err != nil { ^
AI Summary
The code changes fix variable shadowing issues reported by govet and perform a minor refactor to improve code clarity. The variable names in the if statements were shadowing previously declared variables, which could lead to confusion and potential bugs.
Commit Log
libnetwork: fix vars that shadowed, and slight refactor (govet) libnetwork/network.go:637:6: shadow: declaration of "v" shadows declaration at line 634 (govet) if v, ok := n.generic[netlabel.GenericData]; ok { ^ libnetwork/service_linux.go:125:7: shadow: declaration of "ep" shadows declaration at line 86 (govet) if ep := sb.getGatewayEndpoint(); ep != nil { ^
AI Summary
The code change renames the loop variable 'i' to 'n' in the BenchmarkAllocatePorts function to avoid shadowing the variable 'i' declared earlier in the function. This change was made to address a govet warning about variable shadowing, which can lead to confusion and potential bugs in the code.
Commit Log
libnetwork/portallocator: fix vars that shadowed (govet) libnetwork/portallocator/portallocator_test.go:151:7: shadow: declaration of "i" shadows declaration at line 150 (govet) for i := 0; i <= p.end-p.begin; i++ { ^
AI Summary
The code fixes variable shadowing issues reported by govet, improving code clarity and avoiding potential bugs. The changes remove redundant variable assignments that shadow previously declared variables in the same scope.
Commit Log
libnetwork/drivers: fix vars that shadowed (govet) libnetwork/drivers/overlay/peerdb.go:126:4: shadow: declaration of "peerEntryDB" shadows declaration at line 46 (govet) peerEntryDB := entryDBList[0] ^ libnetwork/drivers/bridge/port_mapping_linux.go:862:3: shadow: declaration of "rule" shadows declaration at line 843 (govet) rule := iptRule{ipv: ipv, table: iptables.Mangle, chain: "POSTROUTING", args: args} ^ libnetwork/drivers/macvlan/macvlan_network.go:116:3: shadow: declaration of "networkList" shadows declaration at line 68 (govet) networkList := d.getNetworks() ^
AI Summary
The code changes aim to improve error handling by renaming error return parameters and fixing linting issues, preventing shadowing of errors in defer statements and loops. The changes ensure that error variables are not accidentally overwritten, which is critical for correct error propagation in deferred functions and loop contexts.
Commit Log
daemon/logger: remove/rename err-returns and linting warnings Prevent accidentally shadowing these errors, which are used in defers, and while at it, also fixed some linting warnings about unhandled errors, and defers created in a loop.
AI Summary
The code renames the error variable 'err' to 'retErr' to avoid shadowing the error variable used in a defer statement. This change also fixes linting issues related to unhandled errors and ensures proper error handling in the function.
Commit Log
daemon/images: rename err-returns to prevent shadowing Prevent accidentally shadowing the error, which is used in a defer, and while at it, also fixed some linting warnings about unhandled errors.
AI Summary
The code changes rename error return variables from 'err' to more descriptive names like 'retErr' to prevent shadowing and improve clarity, while also fixing unhandled error cases. This change improves error handling by ensuring errors are properly propagated and not accidentally overwritten, especially in deferred functions.
Commit Log
daemon/graphdriver: remove/rename err-returns and remove naked returns Prevent accidentally shadowing these errors, which are used in defers, and while at it, also fixed some linting warnings about unhandled errors.
AI Summary
The code change removes named error returns from the deleteAll function in image_delete.go, replacing them with implicit error handling. This change likely aims to simplify error handling by discarding specific error returns and allowing errors to propagate naturally.
Commit Log
daemon/containerd: remove named err-returns
AI Summary
The Dockerfile.windows is updated to use version v0.3.3 of go-winres instead of v0.3.1. This change likely aims to incorporate bug fixes, security patches, or new features from the newer version of go-winres.
Commit Log
Dockerfile.windows: update github.com/tc-hib/go-winres to v0.3.3 full diff: https://github.com/tc-hib/go-winres/compare/v0.3.1...v0.3.3 diff of github.com/tc-hib/winres v0.2.1; https://github.com/tc-hib/winres/compare/v0.1.6...v0.2.1
AI Summary
The code change removes the named return error in the Read function of the pidfile package, replacing it with an underscore to indicate the error is ignored. This change likely aims to simplify error handling by making it clear that the error is not used in the function's logic.
Commit Log
pkg/pidfile: remove named err-returns
AI Summary
The code removes named error returns in the ReadSymlinkedDirectory and CreateIfNotExists functions to simplify error handling. This change likely aims to reduce boilerplate and improve readability by using blank identifier (_) for unused errors.
Commit Log
pkg/fileutils: remove named err-returns
AI Summary
The code change renames the error return variable in StdCopy to avoid shadowing and improves error handling consistency. It also updates the getSrcBuffer function to return an explicit error type, fixing linting issues and improving clarity. This change aims to prevent accidental shadowing of errors, especially in deferred functions, and ensures better error handling practices.
Commit Log
pkg/stdcopy: remove/rename err-returns Prevent accidentally shadowing these errors, which are used in defers, and while at it, also fixed some linting warnings about unhandled errors.
AI Summary
The diff updates the runtime-spec version from 1.2.0 to 1.2.1, introducing new features like CPU affinity support for Linux and z/OS, and changing the version patch number. New fields and types are added for ZOS namespaces and CPU affinity, which may affect compatibility with existing code that relies on the previous structure.
Commit Log
vendor: github.com/opencontainers/runtime-spec v1.2.1 full diff: https://github.com/opencontainers/runtime-spec/compare/v1.2.0...v1.2.1
AI Summary
The code diff updates the version of the go-md2man library from v2.0.6 to v2.0.7, which includes minor changes to formatting and error handling. The changes primarily involve removing spaces in comment annotations and adjusting the table cell end marker, which may affect formatting of man pages.
Commit Log
man: vendor github.com/cpuguy83/go-md2man/v2 v2.0.7 full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.6...v2.0.7
AI Summary
The diff represents an upgrade from cobra v1.8.1 to v1.9.1, introducing changes to template handling, completion logic, and flag management. Key changes include replacing string-based templates with a new tmplFunc type, modifying completion functions to use Completion type, and updating flag handling to use more descriptive names like helpFlagName. Potential risks include backward compatibility issues if existing code relies on the old template or completion interfaces, and changes in flag handling that may require updates to custom completion logic.
Commit Log
vendor: github.com/spf13/cobra v1.9.1 full diff: https://github.com/spf13/cobra/compare/v1.8.1...v1.9.1
AI Summary
The code renames the 'ds' interface to 'driverLister' to avoid a naming collision with variables. This change improves code clarity and prevents potential naming conflicts in the codebase.
Commit Log
volume/service: rename interface that collided with vars
AI Summary
The code change replaces the manual creation and cleanup of a temporary directory with t.TempDir(), simplifying test setup and teardown. This change improves test reliability by ensuring the temporary directory is properly cleaned up, even in the case of panics or errors.
Commit Log
volume/mounts: use t.TempDir
AI Summary
The code change replaces manual temporary directory creation with t.TempDir for cleaner and more reliable test setup. This change improves test reliability by using Go's built-in testing utilities for temporary directory management. Potential risks include compatibility issues if tests rely on specific directory structures or paths.
Commit Log
volume/service: use t.TempDir
AI Summary
The code changes aim to remove unused named returns and rename variables for clarity, while also fixing linter warnings and error handling. The changes include renaming error return variables to avoid shadowing and ensuring proper handling of errors in HTTP requests and Git cloning. Potential risks include breaking existing code that relies on the old variable names or error handling patterns, though the changes seem to be minor and focused on cleanup.
Commit Log
builder/remotecontext: remove unused named and "naked" returns Also renamed some vars for clarity, renamed a error-returns to prevent shadowing, and fixed some linter warnings about unhandled errors.
AI Summary
The code changes remove unused named return values in several functions to simplify the return signature and improve readability. The changes affect functions like ResolvePath, StatPath, ignoreUnsupportedXAttrs, and copyEscapable by replacing named return variables with unnamed ones. This is likely a cleanup effort to reduce boilerplate and make the code more concise without altering functionality.
Commit Log
container: remove unused named-returns
AI Summary
The code changes rename the error return variable from 'err' to 'retErr' in the PluginInstall function to avoid shadowing the built-in 'err' variable, which is used in defer statements. This change also addresses linting warnings about unhandled errors, improving code quality and preventing potential issues with error handling.
Commit Log
client: Client: PluginInstall, PluginUpgrade: remove/rename err-returns Prevent accidentally shadowing these errors, which are used in defers, and while at it, also fixed some linting warnings about unhandled errors.
AI Summary
The code change removes an intermediate error variable and replaces it with a switch statement to handle EOF and other errors differently. The modification likely aims to simplify error handling by directly closing the wrapper with appropriate error handling based on the type of error.
Commit Log
builder/builder-next: wrapRC.Read: remove intermediate err-var
AI Summary
The code changes focus on removing unused named returns and renaming variables for clarity, while also fixing error handling and linter warnings. The changes include updating return types and variable names to prevent shadowing and improve code readability, with no functional changes to the core logic.
Commit Log
builder/dockerfile: remove unused named and "naked" returns Also renamed some vars for clarity, renamed a error-returns to prevent shadowing, and fixed some linter warnings about unhandled errors.
AI Summary
The code change renames the error variable from 'err' to 'retErr' in the resolve function to prevent shadowing the outer error variable used in deferred calls. This change also addresses linting issues related to unhandled errors and shadowed variables, improving code clarity and robustness.
Commit Log
builder/builder-next: puller.resolve: rename err-return Prevent accidentally shadowing the error, which is used in a defers, and while at it, also fixed some linting warnings about unhandled errors and shadowed vars.
AI Summary
The code change removes the named return value 'err' in the unaryInterceptor function, replacing it with an underscore to indicate the error is intentionally ignored. This change likely aims to suppress unused error return values in the interceptor, possibly to avoid unnecessary error handling or logging in specific contexts.
Commit Log
api/server/router: remove named (err) returns
AI Summary
The code defines a HealthStatus type as an alias for string, with the intention of potentially evolving it into a distinct type in the future. This change updates existing constants and methods to use the new HealthStatus type, ensuring consistency and preparing for future type-specific behavior.
Commit Log
api/types/container: define HealthStatus "pseudo" type It currently is an alias for string, but may become a distinct type in future.
AI Summary
The function 'sanitizeRepoAndTags' now ignores the error return value by using an underscore, likely to suppress unused error warnings. This change may indicate a shift in error handling strategy, possibly to simplify or refactor error handling logic in the function.
Commit Log
api/server/backend/build: sanitizeRepoAndTags: remove named err return
AI Summary
The code is refactoring container status handling by moving definitions from the root container package to the api/types/container package, aligning with API usage and deprecating old aliases. This change aims to improve consistency and reduce coupling by using the correct package for API-related status types and constants. Potential risks include breaking existing code that relies on the old package names or deprecated types, requiring updates to import paths and type references.
Commit Log
Use container status values from api Alias and deprecate the status types and constants from the root container package. The root container package is intended for use within the daemon and no the api package.
AI Summary
The code change replaces the use of a custom temporary directory utility with Go's standard library t.TempDir, improving test reliability and reducing boilerplate. Variables that shadowed other names in the code were renamed to avoid naming conflicts and improve code clarity. The change removes the createTestTempDir function and replaces its usage across multiple test files with t.TempDir, which is more idiomatic and less error-prone.
Commit Log
builder/dockerfile: use t.TempDir, rename vars that shadowed
AI Summary
The code removes conflicting default network options (enable_ipv4 and enable_ipv6) from the network options if they are overridden by API or CLI parameters to avoid confusion in inspect output. This change ensures that network inspect output reflects only the explicitly set options, improving clarity and avoiding misleading information.
Commit Log
Drop "-o com.docker.network.enable_ipv[46]" if overridden When a network is created with "-o com.docker.network.enable_ipv4' (including via "default-network-opts" in daemon config), and EnableIPv4 is present in the API request (including when CLI option "--ipv4" is used) - the top-level API value is used and the '-o' is ignored. But, the "-o" still shows up in Options in inspect output, which is confusing if the values are different. So, drop the "-o" if the top-level API option is set. Ditto IPv6.
AI Summary
The code adds a test for legacy Docker linking functionality, ensuring that hostnames and ports are correctly set up when the daemon runs with icc=false. The test covers various scenarios including direct address access, container name access, and alias access to verify expected behavior.
Commit Log
Add TestLegacyLink
AI Summary
The code removes a skip condition for the TestBuildEmitsImageCreateEvent test, indicating the issue causing the skip has been resolved. This change allows the test to run without skipping, ensuring the functionality related to emitting image create events is properly validated.
Commit Log
integration/build: Unskip TestBuildEmitsImageCreateEvent for c8d The issue is now fixed.
AI Summary
The code change removes per-port DROP rules for direct routing in iptables and replaces them with a single rule that applies to all ports of a container, improving efficiency and consistency. This change was made to reduce the number of iptables rules, simplify rule management, and ensure that direct routing packets are dropped at the same point regardless of whether the endpoint is the gateway. The change includes a cleanup of legacy rules introduced in earlier versions, ensuring compatibility with newer configurations and reducing potential conflicts.
Commit Log
iptables: Direct routing DROP rules per-container, not per-port Commit 27adcd5 ("libnet/d/bridge: drop connections to lo mappings, and direct remote connections") introduced an iptables rule to drop 'direct' remote connections made to the container's IP address - for each published port on the container. The normal filter-FORWARD rules would then drop packets sent directly to unpublished ports. This rule was only created along with the rest of port publishing (when a container's endpoint was selected as its gateway). Until then, all packets addressed directly to the container's ports were dropped by the filter-FORWARD rules. But, the rule doesn't need to be per-port. Just drop packets sent directly to a container's address unless they originate on the host. That means fewer rules, that can be created along with the endpoint (then directly-routed get dropped at the same point whether or not the endpoint is currently the gateway - very slightly earlier than when it's not the gateway).
AI Summary
The function name was changed from 'insertMirroredWSL2Rule' to 'shouldInsertMirroredWSL2Rule' to better reflect its purpose of determining whether the NAT rule should be inserted. This change was likely made to improve clarity, as the function now returns a boolean indicating if the rule is needed, rather than performing the insertion directly.
Commit Log
Rename function insertMirroredWSL2Rule It's now shouldInsertMirroredWSL2Rule, because it's a test and doesn't do the insertion.
AI Summary
The code moves the bridge driver's iptables-related functionality into its own package to improve modularity and maintainability. This change involves refactoring the existing code to use the new package, renaming symbols, and updating references across the codebase.
Commit Log
Move bridge driver iptables code into its own package
AI Summary
The code change introduces the use of firewaller (iptables) structs in unit tests for the bridge driver in Moby, replacing older implementations with more modern and structured approaches. It refactors test code to use netip for IPv4/IPv6 address handling, simplifies test setup, and improves test reliability by using the firewaller interface directly. Potential risks include compatibility issues with older versions of the codebase that rely on the deprecated nlwrap and driverapi packages, and possible changes in behavior due to the new struct-based approach.
Commit Log
Use firewaller (iptabler) structs in iptables unit tests
AI Summary
The code moves the clearConntrackEntries function from setup_ip_tables_linux.go to bridge_linux.go to centralize its implementation related to bridge networking. This function is responsible for flushing conntrack entries that match an endpoint's IP address or exposed UDP ports to ensure NAT rules are applied correctly.
Commit Log
Move clearConntrackEntries to bridge_linux.go
AI Summary
The code changes aim to fix duplicate imports and enforce a consistent alias 'bolt' for the 'go.etcd.io/bbolt' package across multiple files. This ensures uniformity in package references, improving readability and reducing potential conflicts or errors due to inconsistent naming.
Commit Log
fix duplicate import, and force consistent alias for bolt
AI Summary
The code change updates log statements in MakeGitContext to use WithFields instead of multiple WithField calls for better log formatting and readability. This change likely improves consistency in logging by using a single log.Fields map to pass all log fields, which may be more efficient and easier to maintain.
Commit Log
builder/remotecontext: MakeGitContext: use "WithFields" for logs
AI Summary
The code deprecates the custom `Rel` function in favor of the standard `filepath.Rel` as Windows UUID path support is now handled by the Go stdlib. The changes replace all calls to `remotecontext.Rel` with `filepath.Rel` and remove the deprecated `Rel` function, which was previously used to handle UUID paths on Windows.
Commit Log
builder/remotecontext: Deprecate Rel() This function was added in 684633f734f86b6a66873b42c9356eb543e12917, because Go stdlib's filepath.Rel did not support Windows UUID paths (and UNC paths). UNC paths were fixed in https://golang.org/cl/253197 (go1.17), and I think UUID paths were also supported now. To verify the behavior I temporarily added a unit-test to compare between stdlib and this implementation, and it all looks to work, so we can deprecate and remove this function. Deprecating first, but there's no (known) external users of this, so we can likely remove in an upcoming minor (or patch) release. func TestRel(t *testing.T) { testCases := []struct { doc string base string target string expected string }{
AI Summary
The Dockerfile updates the BUILDX_VERSION argument from 0.20.1 to 0.23.0. This change likely aims to use a newer version of Buildx for improved functionality or bug fixes.
Commit Log
Dockerfile: update buildx to v0.23.0
AI Summary
The Dockerfile updates the COMPOSE_VERSION argument from v2.33.1 to v2.35.1 to use a newer version of Docker Compose. This change ensures the development environment uses the latest features and security fixes from Docker Compose v2.35.1.
Commit Log
Dockerfile: update compose to v2.35.1
AI Summary
The code update upgrades the oauth2 package from version 0.27.0 to 0.29.0, introducing improvements in JWS handling, context client deep copying, and minor bug fixes. The JWS changes involve refactoring the decoding and verification logic to use a new `parseToken` function, which improves error handling and token parsing. The `NewClient` function now uses a deep copy of the context client, which may prevent unintended side effects from context modifications. The `Token` method in `tokenRefresher` was modified to return `nil` instead of an error, potentially changing behavior in error handling scenarios.
Commit Log
vendor: golang.org/x/oauth2 v0.29.0 notable changes - oauth2.go: use a more straightforward return value - oauth2: Deep copy context client in NewClient - jws: improve fix for CVE-2025-22868 full diff: https://github.com/golang/oauth2/compare/v0.27.0...v0.29.0
AI Summary
The commit updates .dockerignore and .gitignore files to clean up ignored patterns, focusing on removing redundant or outdated entries and refining the scope of ignored files. It specifically targets the winresources directory for the dockerd binary, ensuring only necessary files are ignored, and removes leftover patterns related to rpm builds.
Commit Log
cleanup ignore files - We now only use winresources for the dockerd binary, so we can reduce some uses of wildcards - Use explicit ("/") to indicate these should only be ignored relative to the root of the repository and build-context - Remove remnant ignore for rpm builds
AI Summary
The diff updates multiple Go files to use go1.23 as the minimum required version, aligning with changes in golang.org/x/ dependencies. This change ensures compatibility with Go 1.23 and newer, as Go 1.22 is no longer supported per the Go Release Policy.
Commit Log
update go:build tags to go1.23 to align with vendor.mod Go maintainers started to unconditionally update the minimum go version for golang.org/x/ dependencies to go1.23, which means that we'll no longer be able to support any version below that when updating those dependencies; > all: upgrade go directive to at least 1.23.0 [generated] > > By now Go 1.24.0 has been released, and Go 1.22 is no longer supported > per the Go Release Policy (https://go.dev/doc/devel/release#policy). > > For golang/go#69095. This updates our minimum version to go1.23, as we won't be able to maintain compatibility with older versions because of the above.
AI Summary
The code adds a warning when no external DNS nameservers are defined in the resolv.conf file, to alert users of potential DNS resolution issues. It also logs a warning if no external nameservers are found, improving visibility into DNS configuration problems. The changes modify the internal resolver logic to handle cases where the host's DNS is not yet configured, preventing containers from failing to resolve external DNS.
Commit Log
Warn when no external DNS nameservers are found Since commit 925b484 ("No fallback nameservers for internal resolver"), if the host's resolv.conf has no nameservers and no servers are supplied via config, the internal resolver will not use Google's DNS - so the container will not be able to resolve external DNS requests. That can happen when container's are "restart-always" and the docker daemon starts before the host's DNS is configured. So, to highlight the issue (which may not be an error, but probably is), include a warning in the container's resolv.conf file. Also, log a warning - logs currently say "No non-localhost DNS nameservers are left in resolv.conf. Using default external servers". But, that's misleading because it's from an initial resolv.conf setup, before the internal resolver configured without those fallbacks - we'll drop the fallbacks completely once the
AI Summary
The code adds functionality to protect and restore the default Docker bridge network configuration during integration tests to prevent configuration conflicts between tests. It ensures that the bridge's IP addresses and settings are preserved before a test and restored afterward, even if the test modifies them.
Commit Log
Reset default bridge addresses after integration tests CI runs a docker daemon, and some tests run their own. That tramples the CI daemon's default bridge. If a test leaves the bridge with only a link-local IPv6 address (for example), subsequent tests are likely to fail - even if they also start their own daemon because, by default the default bridge network's config is based on an existing bridge device. So, remember the bridge's addresses at the start of each test, and restore them afterwards.
AI Summary
The commit updates the API documentation to reflect the OCI Image Layout Specification for image tarballs, replacing the previous format description. It also adds a note about including a manifest.json file for backward compatibility with the Docker save format.
Commit Log
docs/api: update image tarball format
AI Summary
The code removes the use of idtools.Identity in favor of directly passing UID and GID values to the initlayer.Setup function. This change simplifies the code by eliminating the dependency on the idtools package and directly using user IDs and group IDs.
Commit Log
daemon/initlayer: Setup: remove uses of idtools.Identity
AI Summary
The code adds an endpoint count struct to the store to support downgrade compatibility with older versions of the daemon that expect this field. The endpoint count is no longer actively maintained but is stored to avoid startup failures during downgrade, as older versions may require it.
Commit Log
Store an endpoint count for networks, for downgrade Since commit 51d7f95 ("libnet: remove struct endpointCnt") an endpoint count for networks has not been persisted. But, on downgrade to a version older than that commit, the missing field caused daemon startup to fail. So, create the count in the store - it only needs to exist, it's no longer maintained as a count of endpoints. On downgrade, the count is probably zero anyway (the daemon is stopped), but the older daemon fixes it up on startup if necessary.
AI Summary
The commit updates the buildkit dependency from version v0.21.0-rc2 to v0.21.0, removing the -rc2 suffix. This change likely aims to use the stable release version of buildkit instead of the release candidate.
Commit Log
vendor: update buildkit to v0.21.0
AI Summary
The code adds an error check for the firewaller initialization in the configure function to ensure any setup errors are properly returned. This change was likely added to improve robustness by catching and propagating errors during firewaller setup, preventing silent failures.
Commit Log
bridge: Add a missing error check for firewaller setup It got lost in commit 29e0db2 ("Factor out top-level iptables setup into its own object").
AI Summary
The code optimizes the 'isLoaded' function by replacing line-by-line reading with a bufio.Scanner for more efficient profile scanning. The change uses strings.Cut to extract the profile name prefix, improving performance and reducing memory allocations.
Commit Log
profiles/apparmor: IsLoaded: optimize - Use a bufio.Scanner to read the profiles - Use strings.Cut Before/After: BenchmarkIsLoaded-10 2258 508049 ns/op 244266 B/op 10004 allocs/op BenchmarkIsLoaded-10 5680 208703 ns/op 4264 B/op 4 allocs/op
AI Summary
The code adds a benchmark for the IsLoaded function in the apparmor profiles package to measure its performance under load. The benchmark creates a temporary file with multiple profiles and tests the IsLoaded function repeatedly to evaluate efficiency.
Commit Log
profiles/apparmor: add BenchmarkIsLoaded go test -bench=. ./profiles/apparmor/ goos: linux goarch: arm64 pkg: github.com/docker/docker/profiles/apparmor BenchmarkIsLoaded-10 2258 508049 ns/op 244266 B/op 10004 allocs/op PASS ok github.com/docker/docker/profiles/apparmor 1.210s
AI Summary
The code adds a unit test for the IsLoaded function to verify if a profile is loaded into the kernel. The test creates a temporary directory with mock profile data and checks for correct behavior when a profile is loaded, not loaded, or an error occurs.
Commit Log
profiles/apparmor: add basic unit-test for IsLoaded
AI Summary
The code removes redundant import comment lines in the apparmor package files. This change prepares the code for potential modularization of the apparmor profile.
Commit Log
profiles/apparmor: remove "// import" comments We are considering moving the apparmor profile to a separate module, so removing these comments in preparation. These comments are ignored already when building in go module mode, so have little benefits.
AI Summary
The code simplifies the logic for determining the default AppArmor profile by setting 'unconfined' as the default and only updating it when a valid profile is detected. It replaces inefficient string operations with more efficient alternatives and optimizes resource handling by deferring file cleanup. The changes aim to improve readability, performance, and reduce unnecessary allocations.
Commit Log
profiles/apparmor: InstallDefault: slight cleanup and optimization The existing code was more complicated than needed. By default, the daemon runs "unconfined", but we try to detect the current profile that's set. When failing to do so (error, or detected profile is empty), we assume the default ("unconfined"). This patch simplifies the logic; - Set the default ("unconfined") - Only update the default when we successfully found the current profile (no error occurred, and the profile is not empty). While updating, also; - Replaced use of `strings.SplitN` for `strings.Cut`, which is more efficient, and doesn't allocate. - Move constructing the profileData closer to where it's used. - Remove intermediate var. - Combine defers and change the order (close file first, before removing),
AI Summary
The code change fixes an error message that incorrectly printed the command twice by using the stringer interface of `exec.Cmd` to display the command. The change also updates the error message to use regular quotes instead of backticks for better formatting and readability.
Commit Log
profiles/apparmor: loadprofile: fix double command in error message `exec.Cmd.Path` already contains the command that was executed, so we were printing the command twice. However, `exec.Cmd` implements a stringer interface, which provides a readable version of the command that was executed, so use that instead. While updating, lso change backticks in the error for regular quotes. Before: running `/usr/sbin/apparmor_parser apparmor_parser -Kr /no/such/file` failed with output: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) Warning: unable to find a suitable fs in /proc/mounts, is it mounted? Use --subdomainfs to override. error: exit status 1 After: running '/usr/sbin/apparmor_parser -Kr /no/such/file' failed with output: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
AI Summary
The code removes redundant import comments from package declarations in multiple files within the seccomp profile module. These comments are no longer necessary as they are ignored in Go module mode, and the change is part of preparing to move the seccomp profile to a separate module.
Commit Log
profiles/seccomp: remove "// import" comments We are considering moving the seccomp profile to a separate module, so removing these comments in preparation. These comments are ignored already when building in go module mode, so have little benefits.
AI Summary
The code replaces the use of the 'assert' package with a custom 'assertDeepEqual' function using the standard library's 'reflect' package to reduce dependencies. This change aims to simplify the package's dependencies by removing the 'gotest.tools/v3/assert' package and using standard library functionality instead.
Commit Log
profiles/seccomp: use stdlib for asserting We are considering moving the seccomp profile to a separate module, so reducing the list of dependencies for this package.
AI Summary
The diff updates the version of buildkit from v0.21.0-rc1 to v0.21.0-rc2 and introduces a new feature for session exporters in the buildkit API. A new field 'EnableSessionExporter' is added to the SolveRequest message, along with related methods and proto files for handling session exporters.
Commit Log
vendor: github.com/moby/buildkit v0.21.0-rc2
AI Summary
The commit adds the OpenAPI (Swagger 2.0) definition for the Docker Engine API version 1.49, which is used by the upcoming v28.1.0 release. This file serves as documentation and defines the structure of the API endpoints, their parameters, and responses. The file includes detailed descriptions of API endpoints, their operations, and data structures, which are essential for developers to understand and interact with the Docker Engine API. It also outlines versioning, error handling, and authentication mechanisms.
Commit Log
docs/api: add documentation for API v1.49 Copy the swagger / OpenAPI file to the documentation. This is the API version used by the upcoming v28.1.0 release.
AI Summary
The code adds OpenTelemetry tracing to the containerCreate method in the Docker daemon, filtering container labels based on an environment variable. The labels are included in OTel span attributes if they match the filter, with a note that the environment variable may be removed in the future.
Commit Log
daemon: trace containerCreate This commit adds a new OTel span to `(*Daemon).containerCreate()` and puts filtered container labels in the span attributes. The filter is based on a comma-separated list of labels provided through the `DOCKER_OTEL_INCLUDE_CONTAINER_LABEL_ATTRS` environment variable. This label might be removed at any point in time if we figure out a better way to filter labels, or if that span becomes unecessary.
AI Summary
The code adds filtered container labels to an OpenTelemetry (OTel) span during container start, similar to container creation. It uses the `DOCKER_OTEL_INCLUDE_CONTAINER_LABEL_ATTRS` environment variable to filter which labels are included in the OTel span.
Commit Log
daemon: containerStart: add filtered labels to OTel span Like for containerCreate, filter the list of container labels based on `DOCKER_OTEL_INCLUDE_CONTAINER_LABEL_ATTRS` and put that list in the OTel span.
AI Summary
The code removes deprecated fields BridgeNfIptables and BridgeNfIp6tables from the GET /info API response, ensuring they are omitted in API v1.49 and above. Legacy API versions (v1.48) still return these fields as false to maintain backward compatibility. A custom MarshalJSON method is added to include these fields in older API versions while omitting them in newer versions.
Commit Log
API: /info: remove BridgeNfIptables, BridgeNfIp6tables fields The `BridgeNfIptables` and `BridgeNfIp6tables` fields in the `GET /info` response were deprecated in API v1.48, and are now omitted in API v1.49. With this patch, old API version continue to return the field: curl -s --unix-socket /var/run/docker.sock http://localhost/v1.48/info | jq .BridgeNfIp6tables false curl -s --unix-socket /var/run/docker.sock http://localhost/v1.48/info | jq .BridgeNfIptables false Omitting the field in API v1.49 and above curl -s --unix-socket /var/run/docker.sock http://localhost/v1.49/info | jq .BridgeNfIp6tables null curl -s --unix-socket /var/run/docker.sock http://localhost/v1.49/info | jq .BridgeNfIptables
AI Summary
The code fixes the removal of legacy links by ensuring the veth device is properly handled during Sandbox.Refresh. It adds a test to verify that legacy links can be deleted while containers are running, replacing an old test.
Commit Log
Fix removal of legacy links It's possible to remove a legacy link from running containers. When that happens, the Sandbox's Endpoints are removed and re-added. Since commit 65120d5 ("Create bridge veth in container netns") the veth device has been created in the container's netns. When that happens, a flag is set on the Endpoint to note that it does not need to be moved into the netns. But, during the Leave/Join (Sandbox.Refresh) the veth is moved out of the netns. So, clear the flag during the Leave, to note that it needs to be moved back in during the Join.
AI Summary
The code change ensures that debug logs for form-data are captured both before and after the handler is called, fixing an issue where logs were missing form-data information. The change wraps the handler in a new function to ensure logs are recorded correctly, even for POST requests where form-data is processed.
Commit Log
api/server/middleware: fix debug-logs missing form-data This was introduced in c817ea2159850af5c7cdb6b9f1522bcebd5a038d, but overlooked that the logs were now produced before (for POST requests) the form-data was handled and added to the "fields" variable. This patch changes the logic to wrap the handler and make sure logs are created before, and after the handler is called (the "form-data" is always added before the handler is called).
AI Summary
The code removes the use of the `idtools` package in the `SetupWorkingDirectory` function by directly passing `uid` and `gid` instead of an `idtools.Identity` object. This change likely aims to simplify the code and reduce dependencies on the `idtools` package, which may have been deprecated or replaced with a more direct approach.
Commit Log
container: Container.SetupWorkingDirectory: remove use of pkg/idtools
AI Summary
The code change replaces assert.Equal and assert.Assert with assert.Check and is.Equal/is.Contains/is.ErrorContains to align with the gotest.tools library. This update is likely part of a broader effort to standardize test assertions across the project using the gotest.tools package for better readability and consistency.
Commit Log
integration-cli/swarm: Update to use gotest.tools
AI Summary
The code adds a test to ensure the daemon can load config files with deprecated options without failing. The test checks that deprecated fields are ignored, allowing the daemon to start even if legacy options are present.
Commit Log
daemon/config: add test for deprecated daemon.json fields
AI Summary
The code removes the deprecated 'AllowNondistributableArtifacts' configuration option from the registry and daemon configurations, as it is no longer used and was only kept for deprecation warnings. The change includes removing the associated flag and validation logic, as well as updating test cases to reflect the deprecation. This change ensures that the deprecated option is no longer processed or logged, aligning the code with the current behavior where the feature is enabled by default.
Commit Log
registry: remove deprecated ServiceConfig.AllowNondistributableArtifacts This option was deprecated in 1932091e21b64abc52b42320393b0ac5f6921668, and is no longer used. It was only kept to allow priniting a deprecation warning if the config would happen to have the field set.
AI Summary
The code diff represents an upgrade from Moby BuildKit v0.20.2 to v0.21.0-rc1, which includes numerous changes such as replacing idtools with user package, using slices instead of append, and adding new features like AuthHeaderSecret for HTTP authentication. The changes involve updating identity mapping handling, improving platform and cache key handling, and introducing new options for image exporting and container execution. Potential risks include compatibility issues with older versions of dependencies, especially those relying on idtools, and possible breaking changes if the new features are not properly adopted in dependent systems.
Commit Log
vendor: github.com/moby/buildkit v0.21.0-rc1
AI Summary
The diff updates the golang.org/x/net package from version 0.36.0 to 0.39.0, introducing changes to HTTP/2 frame handling and logging. A new function 'invalidHTTP1LookingFrameHeader' is added to detect HTTP/1.1-like headers in HTTP/2 frames, improving error detection and clarity. The 'ReadFrame' function now checks for this invalid header and returns a more informative error message, enhancing robustness. The 'handlePingTimer' function now logs errors using 'logf' instead of 'vlogf' and includes a call to 'countErrorFunc' for error tracking. The WebSocket package documentation is updated to list multiple maintained packages, improving clarity for users.
Commit Log
vendor: golang.org/x/net v0.39.0 full diff: https://github.com/golang/net/compare/v0.36.0...v0.39.0
AI Summary
The diff updates the golang.org/x/crypto dependency from version 0.35.0 to 0.37.0, which includes changes to ASN.1 handling, assembly code for Poly1305, and minor adjustments in SSH and TCP/IP implementations. The changes include error message formatting improvements, build constraints for assembly files, and modifications to the SSH handshake and message decoding logic. Potential risks include compatibility issues if the new version of crypto introduces breaking changes in ASN.1 or Poly1305 behavior, or if the build constraints affect cross-platform support.
Commit Log
vendor: golang.org/x/crypto v0.37.0 full diff: https://github.com/golang/crypto/compare/v0.35.0...v0.37.0
AI Summary
The code diff updates the vendored version of golang.org/x/text from v0.22.0 to v0.24.0. This change likely reflects a dependency upgrade to benefit from new features, bug fixes, or security patches in the newer version.
Commit Log
vendor: golang.org/x/text v0.24.0 no changes in vendored files full diff: https://github.com/golang/text/compare/v0.22.0...v0.24.0