Significant update with new features & fixes.
Full release notes:
https://github.com/docker/compose/releases/tag/v2.23.0
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-27664 and CVE-2022-32149 high-risk vulnerability.
Many other bugfixes, enhancements, and improvements.
https://github.com/docker/compose/releases/tag/v2.15.1
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Docker Compose v2 is no longer a standalone component, but is now a
plugin loaded by docker-cli.
As such, it should not be installed in /usr/bin, but in the directory
where docker-cli loads its plugins from.
Additionally, we consequently make docker-compose depend on docker-cli;
indeed, it does not really make sense to present a plugin unless the
component it attaches to is already enabled [0].
License hash changed due to strictly copying the license text template,
without customisation to the year and copyright owner.
[0] the original submission by Christian would use a select, to keep
existing config, but that's not sensible, as we already have some
packages that are plugins and that use depends-on, like nginx plugins.
For consistency and as it semantically makes sense, we use a depends-on
here too.
Signed-off-by: Christian Stewart <christian@paral.in>
[yann.morin.1998@free.fr:
- don't select docker-cli, but depends-on it; explain it in commit log
- explain why we override the install commands
- explain change in license file hash
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
It's time to finally switch over globally to the new spacing format
that we have agreed on for the hash file, with 2 spaces as a separator
between fields.
This commit was mechanically generated using:
find . -type f -name '*.hash' | xargs sed -i 's%^md5[ \t]*\([^ \t]*\)[ \t]*\(.*\)$%md5 \1 \2%'
find . -type f -name '*.hash' | xargs sed -i 's%^sha1[ \t]*\([^ \t]*\)[ \t]*\(.*\)$%sha1 \1 \2%'
find . -type f -name '*.hash' | xargs sed -i 's%^sha256[ \t]*\([^ \t]*\)[ \t]*\(.*\)$%sha256 \1 \2%'
find . -type f -name '*.hash' | xargs sed -i 's%^sha512[ \t]*\([^ \t]*\)[ \t]*\(.*\)$%sha512 \1 \2%'
This commit can easily be backported on the LTS branch by re-running
the same commands, if needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes https://gitlab.com/buildroot.org/buildroot/-/jobs/332656041
The recent bump of a number of python packages broke docker-compose, as
docker-compose specifies both minimum and maximum versions for (most of) its
dependencies:
Dependencies of docker-compse 1.20.1 (! = unmet):
cached-property: < 2 (currently 1.51)
docopt: < 0.7 (currently 0.6.2)
! pyyaml: < 4.0, patched to < 4.3 (currently 5.1.2)
requests: < 2.19, patched to < 3 (currently 2.22.0)
! texttable: < 0.10 (currently 1.6.2)
websocket-client: < 1.0 (currently 0.56.0)
! docker: < 4.0 (currently 4.1.0)
dockerpty: < 0.5 (currently 0.4.1)
six: < 2 (currently 1.12.0)
jsonschema: < 3 (currently 2.5.1)
enum34: < 2 (currently 1.1.6)
backports.ssl-match-hostname: >= 3.5 (currently 3.7.0.1)
ipaddress: >= 1.0.16 (currently 1.0.23)
To fix this, bump docker-compose to the most recent release (1.24.1). This
is unfortunately not enough, as our docker, pyyaml, requests and texttable
packages are too new, so add 3 patches from upstream to relax the version
checks of dependencies. Notice that patch 0003 is from
https://github.com/docker/compose/pull/6623 and has not been merged yet.
Discussions around the problem of these maximum versions of the dependencies
and the fact that all downstream users have to patch it is ongoing here:
https://github.com/docker/compose/issues/6756
docker-compose 1.24.1 added a requirement for ssh support in python-docker in:
7b82b2e8c7
So add a dependency for python-paramiko and update the toolchain dependency
for C++ (from python-paramiko -> python-cryptography) and adjust the
toolchain configuration of the runtime test to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Python based multi-container orchestration for Docker.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
