docker import doesn't support exec entrypoint easily for Windows PowerShell users

[DavidSimner]

Description
From PowerShell on Windows, I'm trying to use docker import to create a new image from a tarball, and I'm using its --change command line option to set the ENTRYPOINT of the newly created image. I would like the newly created image to use an exec ENTRYPOINT and I think that I'm specifying that, but when the image is created, it is for some reason using a shell ENTRYPOINT

The root cause is that PowerShell's rules for escaping command line characters on Windows are particularly complicated to understand, and it would be nice if an exec ENTRYPOINT could be specified with ' as well as the existing ". By allowing ' it would make it easier for Windows PowerShell users to craft command lines.

Steps to reproduce the issue:
Create a tarball, then import it. In these minimal repro steps the tarball isn't a valid image for a container that can start, but these steps are sufficient to demonstrate the issue, and the bug also happens for real images (feel free to use a different tarball if you have one to hand).

1. echo Hello >world.txt
2. tar -cf tarball.tar world.txt
3. docker import --change "ENTRYPOINT [""cat"", ""world.txt""]" tarball.tar
4. docker inspect the image that you just created (docker import outputs to stdout the sha256 hash that you need to use), for example on my machine it was docker inspect sha256:d07c694f5b035edd8c87df2a6c0087a4ca866f8b0958b1d6edcedeaae44bac4b (yours will be different because the modified date of the file will be different)

Describe the results you received:
docker inspect will output a lot of JSON and ENTRYPOINT is mentioned twice; ignore the mention in ContainerConfig because it isn't relevant for us, and instead look at the mention in Config which is:

            "Entrypoint": [
                "/bin/sh",
                "-c",
                "[cat, world.txt]"
            ],

Describe the results you expected:
The results that I received above demonstrate that, even though the command line switch specified an exec ENTRYPOINT, it has been incorrectly specified as a shell ENTRYPOINT in the image that was created.

Instead of the above, I expected the JSON to contain:

            "Entrypoint": [
                "cat",
                "world.txt"
            ],

If instead I replace step 3 above with docker import --change 'ENTRYPOINT [""""cat"""", """"world.txt""""]' tarball.tar then it works, but it's not easy to understand that I need to craft a command line like that, so it'd be good if Docker could provide more help either via documentation or allowing more flexibility to ENTRYPOINT.

Output of docker version:

Client: Docker Engine - Community
 Version:           18.09.2
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        6247962
 Built:             Sun Feb 10 04:12:31 2019
 OS/Arch:           windows/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.2
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.6
  Git commit:       6247962
  Built:            Sun Feb 10 04:13:06 2019
  OS/Arch:          linux/amd64
  Experimental:     false

Output of docker info:

Containers: 159
 Running: 0
 Paused: 0
 Stopped: 159
Images: 486
Server Version: 18.09.2
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
runc version: 09c8266bf2fcf9519a651b04ae54c967b9ab86ec
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.125-linuxkit
Operating System: Docker for Windows
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.934GiB
Name: linuxkit-00155d284706
ID: TWPV:IAQZ:O6KU:5QTX:JYG2:FYE7:CRKH:HOWY:TVX4:XJG2:LZOV:AXDT
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 22
 Goroutines: 46
 System Time: 2019-02-22T08:55:31.3298626Z
 EventsListeners: 1
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

Additional environment details (AWS, VirtualBox, physical, etc.):
Physical laptop

[rightblank]

~$ docker import --change "ENTRYPOINT [ '/sbin/init' ]" my.tar sd
sha256:8b012fc409b607ed36d8b2ffeeb94f7699bb7452419848adad51ecee7813e0f3
~$ docker inspect 8b012fc409 -f  '{{.Config.Entrypoint}}'
[/bin/sh -c [ '/sbin/init' ]]

~$ docker import --change 'ENTRYPOINT [ "/sbin/init" ]' my.tar ds
sha256:affa3d50ebdd60d05061f94d772278fa21ae979c782a62e76c9b5e6dd63dc0ea
~$ docker inspect affa3d50ebdd60d050 -f '{{.Config.Entrypoint}}'
[/sbin/init]

I step into a similar situation on s390x, and found that the single and dounle quote mark on the change command makes quite a difference here, with " the entrypoint would be called by /bin/sh