From 33335fa09301907c82191b61b7c7b73dc5dd96e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 06:46:18 +0000 Subject: [PATCH 1/8] build(deps): bump cross-spawn from 7.0.3 to 7.0.5 Bumps [cross-spawn](https://github.com/moxystudio/node-cross-spawn) from 7.0.3 to 7.0.5. - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.5) --- updated-dependencies: - dependency-name: cross-spawn dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1fd80e3e0206..2d2fa1d98140 100644 --- a/package-lock.json +++ b/package-lock.json @@ -543,9 +543,9 @@ "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.5.tgz", + "integrity": "sha512-ZVJrKKYunU38/76t0RMOulHOnUcbU9GbpWKAOZ0mhjr7CX6FVrH+4FrAapSOekrgFQ3f/8gwMEuIft0aKq6Hug==", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", From b47eea68cdde12fdc209aa37976a5465970635aa Mon Sep 17 00:00:00 2001 From: Anthony Dempsey Date: Sun, 17 Nov 2024 16:17:23 +0000 Subject: [PATCH 2/8] Update gettingstarted.md to use f-string Python's f-strings are the preferred method of string formatting now. Updated the python code examples to use them instead of .fromat() --- content/manuals/compose/gettingstarted.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/manuals/compose/gettingstarted.md b/content/manuals/compose/gettingstarted.md index 58cbbc26c21f..5475e9e1139e 100644 --- a/content/manuals/compose/gettingstarted.md +++ b/content/manuals/compose/gettingstarted.md @@ -59,7 +59,7 @@ Make sure you have: @app.route('/') def hello(): count = get_hit_count() - return 'Hello World! I have been seen {} times.\n'.format(count) + return f'Hello World! I have been seen {count} times.\n' ``` In this example, `redis` is the hostname of the redis container on the @@ -273,7 +273,7 @@ To see Compose Watch in action: message to `Hello from Docker!`: ```python - return 'Hello from Docker! I have been seen {} times.\n'.format(count) + return f'Hello from Docker! I have been seen {count} times.\n' ``` 2. Refresh the app in your browser. The greeting should be updated, and the From 209d00f1c1d5fd28f770ee22b7643f74e2918209 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Mon, 18 Nov 2024 14:59:33 +0100 Subject: [PATCH 3/8] lambda: collapse redundant slashes in requests Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- hack/releaser/cloudfront-lambda-redirects.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hack/releaser/cloudfront-lambda-redirects.js b/hack/releaser/cloudfront-lambda-redirects.js index e5996559201e..57c108b7c43f 100644 --- a/hack/releaser/cloudfront-lambda-redirects.js +++ b/hack/releaser/cloudfront-lambda-redirects.js @@ -3,15 +3,16 @@ exports.handler = (event, context, callback) => { //console.log("event", JSON.stringify(event)); const request = event.Records[0].cf.request; - const requestUrl = request.uri.replace(/\/$/, "") + // Trim trailing slash and collapse redundant slashes + const normalizedUri = request.uri.replace(/\/$/, "").replaceAll(/\/{2,}/g, "/") const redirects = JSON.parse(`{{.RedirectsJSON}}`); for (let key in redirects) { const redirectTarget = key.replace(/\/$/, "") - if (redirectTarget !== requestUrl) { + if (redirectTarget !== normalizedUri) { continue; } - //console.log(`redirect: ${requestUrl} to ${redirects[key]}`); + //console.log(`redirect: ${normalizedUri} to ${redirects[key]}`); const response = { status: '301', statusDescription: 'Moved Permanently', @@ -52,5 +53,6 @@ exports.handler = (event, context, callback) => { return } + request.uri = normalizedUri callback(null, request); }; From 9f7c9af0e47db8f08a681b746f071102e4f37e04 Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Mon, 18 Nov 2024 15:56:09 +0000 Subject: [PATCH 4/8] fix broken images (#21454) ## Description does what is says on the tin ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- .../desktop/troubleshoot-and-support/troubleshoot/_index.md | 2 +- .../desktop/troubleshoot-and-support/troubleshoot/topics.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md index fb3a5e76bfda..6ef3148e36b2 100644 --- a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md +++ b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md @@ -285,7 +285,7 @@ Spotlight Search. To read the Docker app log messages, type `docker` in the Console window search bar and press Enter. Then select `ANY` to expand the drop-down list next to your `docker` search entry, and select `Process`. -![Mac Console search for Docker app](../images/console.png) +![Mac Console search for Docker app](../../images/console.png) You can use the Console Log Query to search logs, filter the results in various ways, and create reports. diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md index 532a60e4fc92..f43344eca3a2 100644 --- a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md +++ b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md @@ -265,7 +265,7 @@ Your machine must have the following features for Docker Desktop to function cor Note that many Windows devices already have virtualization enabled, so this may not apply. 4. Hypervisor enabled at Windows startup -![WSL 2 enabled](../images/wsl2-enabled.png) +![WSL 2 enabled](../../images/wsl2-enabled.png) #### Hyper-V @@ -277,7 +277,7 @@ On Windows 10 Pro or Enterprise, you can also use Hyper-V with the following fea Note that many Windows devices already have virtualization enabled, so this may not apply. 3. Hypervisor enabled at Windows startup -![Hyper-V on Windows features](../images/hyperv-enabled.png) +![Hyper-V on Windows features](../../images/hyperv-enabled.png) Docker Desktop requires Hyper-V as well as the Hyper-V Module for Windows PowerShell to be installed and enabled. The Docker Desktop installer enables @@ -295,7 +295,7 @@ In the subsequent screen, verify that Hyper-V is enabled. In addition to [Hyper-V](#hyper-v) or [WSL 2](/manuals/desktop/features/wsl/_index.md), virtualization must be turned on. Check the Performance tab on the Task Manager. Alternatively, you can type 'systeminfo' into your terminal. If you see 'Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed', then virtualization is enabled. -![Task Manager](../images/virtualization-enabled.png) +![Task Manager](../../images/virtualization-enabled.png) If you manually uninstall Hyper-V, WSL 2 or turn off virtualization, Docker Desktop cannot start. From 27d2f6d337addbd84d7d91f446aef898539b19b4 Mon Sep 17 00:00:00 2001 From: Lorena Rangel Date: Mon, 18 Nov 2024 17:19:33 +0100 Subject: [PATCH 5/8] feat: update 4.36 release notes (#21341) ## Description ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --------- Signed-off-by: Lorena Rangel Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> --- content/manuals/desktop/release-notes.md | 54 ++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/content/manuals/desktop/release-notes.md b/content/manuals/desktop/release-notes.md index 4028bbe14644..46b5408a6aab 100644 --- a/content/manuals/desktop/release-notes.md +++ b/content/manuals/desktop/release-notes.md @@ -23,6 +23,60 @@ Docker Desktop versions older than 6 months from the latest release are not avai Take a look at the [Docker Public Roadmap](https://github.com/orgs/docker/projects/51/views/1?filterQuery=) to see what's coming next. +## 4.36.0 + +{{< release-date date="2024-11-18" >}} + +{{< desktop-install-v2 all=true beta_win_arm=true version="4.36.0" build_path="/175267/" >}} + +### New + +- WSL2 is now faster, more reliable, and has enhanced security +- Enhance Container Isolation (ECI) has been improved to support images with wildcard tags +- Admins can now: + - Allow any container to mount the Docker socket with ECI + - Enforce sign-in with macOS configuration profiles (Early Access) + - Enforce sign-in for more than one organization at a time (Early Access) + - Deploy Docker Desktop for Mac in bulk with the PKG installer (Early Access) + - Use Desktop Settings Management to manage and enforce defaults via admin.docker.com (Early Access) + +### Upgrades + +- [Docker Buildx v0.18.0](https://github.com/docker/buildx/releases/tag/v0.18.0) +- [Docker Compose v2.30.3](https://github.com/docker/compose/releases/tag/v2.30.3) +- [Kubernetes v1.30.2](https://github.com/kubernetes/kubernetes/releases/tag/v1.30.5) +- [NVIDIA Container Toolkit v1.17.0](https://github.com/NVIDIA/nvidia-container-toolkit/releases/tag/v1.17.0) +- [Docker Scout CLI v1.15.0](https://github.com/docker/scout-cli/releases/tag/v1.15.0) +- Docker Init v1.4.0 +- Linux kernel `v6.10.13` + +### Bug fixes and enhancements + +#### For all platforms + +- Fixed a bug where the `docker events` command would not terminate after streaming the events. +- Docker Init: Improved Dockerfile caching for PHP applications that don't use Docker Compose. +- Synchronized file shares now respects the `filesharingAllowedDirectories` setting in `admin-settings.json`. +- Fixed an issue where if Docker Desktop is configured to use a proxy, it fails to start due to an internal timeout while fetching authentication tokens. +- Added a recovery banner to retry an update if the download failed. +- Fixed an issue where if the `umask` is set to `577` it would cause `rpmbuild` failure. Fixes [docker/for-mac#6511](https://github.com/docker/for-mac/issues/6511). +- Fixed a bug that caused ports open on the host to 18 for containers started with `--network=host`. +- Fixed bind mount ownership for non-root containers. Fixes [docker/for-mac#6243](https://github.com/docker/for-mac/issues/6243). +- Docker Desktop will not unpause automatically after a manual pause. The system will stay paused until you manually resume the Docker engine. This fixes a bug where other software would accidentally trigger a resume by running a CLI command in the background. Fixes [for-mac/#6908](https://github.com/docker/for-mac/issues/6908) + +#### For Mac + +- Fixed a bug in Docker VMM that prevented MySQL and other databases containers to start. Fixes reports from [docker/for-mac#7464](https://github.com/docker/for-mac/issues/7464). +- The minimum memory requirement is now automatically adjusted for Docker VMM, improving the user experience and addressing reports from [docker/for-mac#7464](https://github.com/docker/for-mac/issues/7464), [docker/for-mac#7482](https://github.com/docker/for-mac/issues/7482). +- Fixed a bug where the advanced option **Allowed privileged port mapping** was not working as expected. Fixes [docker/for-mac#7460](https://github.com/docker/for-mac/issues/7460). +- Docker Desktop can now automatically configure shell completion scripts for zsh, bash and fish inside the install wizard and settings screen. +- Fixed a bug where the in-app update would fail if Docker Desktop was installed by a non-admin user or if the current user was previously an administrator. Fixes [for-mac/#7403](https://github.com/docker/for-mac/issues/7403) and [for-mac/#6920](https://github.com/docker/for-mac/issues/6920) + +#### For Windows + +- Fixed a bug preventing UDP port 53 to be bound. +- Fixed a bug where Windows daemon options were overwritten at startup. + ## 4.35.1 {{< release-date date="2024-10-30" >}} From d0e5d1ae065d387745e5eeec94e6c0d0da7478cb Mon Sep 17 00:00:00 2001 From: Cesar Talledo Date: Mon, 18 Nov 2024 08:19:59 -0800 Subject: [PATCH 6/8] eci: document Docker socket mount permission improvements. (#21357) ## NOTE: Do not merge until Docker Desktop v4.36 is released. ## Description Documents a couple of improvements for DD 4.36 in the [ECI Docker Socket mount permissions](https://docs.docker.com/security/for-admins/hardened-desktop/enhanced-container-isolation/config/#docker-socket-mount-permissions) feature. ## Related issues or tickets https://docker.atlassian.net/browse/POS-2740 ## Reviews - [ ] Technical review - [X] Editorial review - [ ] Product review Signed-off-by: Cesar Talledo --- .../enhanced-container-isolation/config.md | 42 ++++++++++++++----- 1 file changed, 31 insertions(+), 11 deletions(-) diff --git a/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md b/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md index 50ddf3c56146..dee207690e18 100644 --- a/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md +++ b/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md @@ -195,13 +195,30 @@ A couple of caveats: from a repository). This is usually not a problem as the tools that need this feature (e.g., Paketo buildpacks) will do the pre-pull of the parent image. -* The `allowDerivedImages` setting applies to all images in the `imageList` - specified with an explicit tag (e.g., `:`). It does not apply to - images specified using the tag wildcard (e.g., `:*`) described in the - prior section, because Docker Desktop needs to know the tag in order to - perform ancestor-descendant image checks. Therefore, if you want Docker socket - mounts to be allowed for images derived from a parent image in the - `imageList`, make sure the parent image is listed with name and tag. +* For Docker Desktop versions 4.34 and 4.35 only: The `allowDerivedImages` setting + applies to all images in the `imageList` specified with an explicit tag (e.g., + `:`). It does not apply to images specified using the tag wildcard + (e.g., `:*`) described in the prior section. In Docker Desktop 4.36 and + later, this caveat no longer applies, meaning that the `allowDerivedImages` + settings applies to images specified with or without a wildcard tag. This + makes it easier to manage the ECI Docker socket image list. + +### Allowing all containers to mount the Docker socket + +In Docker Desktop version 4.36 and later, it's possible to configure the image +list to allow any container to mount the Docker socket. You do this by adding +`"*"` to the `imageList`: + +```json +"imageList": { + "images": [ + "*" + ] +} +``` + +It is recommended that you use this only in scenarios where explicitly listing +allowed container images is not flexible enough. ### Command list @@ -302,10 +319,13 @@ Whether to configure the list as an allow or deny list depends on the use case. this case, remove the local image and pull it again (e.g., `docker rm ` and `docker pull `). -* It's not possible to allow Docker socket bind-mounts on local images (i.e., images that are not on - a registry) unless they are [derived from an allowed image](#docker-socket-mount-permissions-for-derived-images). - That's because Docker Desktop pulls the digests for the allowed images from the - registry, and then uses that to compare against the local copy of the image. +* It's not possible to allow Docker socket bind-mounts on containers using + local-only images (i.e., images that are not on a registry) unless they are + [derived from an allowed image](#docker-socket-mount-permissions-for-derived-images) + or you've [allowed all containers to mount the Docker socket](#allowing-all-containers-to-mount-the-docker-socket). + That is because Docker Desktop pulls the digests for the allowed images from + the registry, and then uses that to compare against the local copy of the + image. * The `commandList` configuration applies to all containers that are allowed to bind-mount the Docker socket. Therefore it can't be configured differently per From 0571834c70248205a77a41df25f7bac6aaf00115 Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:20:13 +0000 Subject: [PATCH 7/8] enforce-sign-in-updates (#21393) ## Description Merges content updates from [this PR](https://github.com/docker/docs/pull/21073) and [this PR](https://github.com/docker/docs/pull/20885/files) to avoid conflicts on release day. ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- .../for-admins/enforce-sign-in/_index.md | 1 + .../for-admins/enforce-sign-in/methods.md | 101 ++++++++++++++++-- layouts/shortcodes/admin-registry-access.html | 18 ++-- 3 files changed, 107 insertions(+), 13 deletions(-) diff --git a/content/manuals/security/for-admins/enforce-sign-in/_index.md b/content/manuals/security/for-admins/enforce-sign-in/_index.md index f4f26318baed..ab53d2e5b00a 100644 --- a/content/manuals/security/for-admins/enforce-sign-in/_index.md +++ b/content/manuals/security/for-admins/enforce-sign-in/_index.md @@ -18,6 +18,7 @@ security features](/manuals/security/for-admins/hardened-desktop/_index.md) for There are multiple methods for enforcing sign-in, depending on your companies' set up and preferences: - [Registry key method (Windows only)](methods.md#registry-key-method-windows-only){{< badge color=green text="New" >}} +- [Configuration profiles method (Mac only)](methods.md#configuration-profiles-method-mac-only){{< badge color=green text="New" >}} - [`.plist` method (Mac only)](methods.md#plist-method-mac-only){{< badge color=green text="New" >}} - [`registry.json` method (All)](methods.md#registryjson-method-all) diff --git a/content/manuals/security/for-admins/enforce-sign-in/methods.md b/content/manuals/security/for-admins/enforce-sign-in/methods.md index 796e351bfa5a..218e2e480ac7 100644 --- a/content/manuals/security/for-admins/enforce-sign-in/methods.md +++ b/content/manuals/security/for-admins/enforce-sign-in/methods.md @@ -23,7 +23,7 @@ To enforce sign-in for Docker Desktop on Windows, you can configure a registry k 2. Create a multi-string value `allowedOrgs`. > [!IMPORTANT] > - > Only one entry for `allowedOrgs` is currently supported. If you add more than one value, sign-in enforcement silently fails. + > As of Docker Desktop version 4.36 and later, you can add more than one organization. With Docker Desktop version 4.35 and earlier, if you add more than one organization sign-in enforcement silently fails. 3. Use your organization's name, all lowercase as string data. 4. Restart Docker Desktop. 5. When Docker Desktop restarts, verify that the **Sign in required!** prompt appears. @@ -43,11 +43,84 @@ The following example outlines how to deploy a registry key to enforce sign-in o 3. Within the GPO, navigate to **Computer Configuration** and select **Preferences**. 4. Select **Windows Settings** then **Registry**. 5. To add the registry item, right-click on the **Registry** node, select **New**, and then **Registry Item**. -6. Configure the new registry item to match the registry script you created, specifying the action as **Update**. Make sure you input the correct path, value name (`allowedOrgs`), and value data (your organization’s name). +6. Configure the new registry item to match the registry script you created, specifying the action as **Update**. Make sure you input the correct path, value name (`allowedOrgs`), and value data (your organization names). 7. Link the GPO to an Organizational Unit (OU) that contains the machines you want to apply this setting to. 8. Test the GPO on a small set of machines first to ensure it behaves as expected. You can use the `gpupdate /force` command on a test machine to manually refresh its group policy settings and check the registry to confirm the changes. 9. Once verified, you can proceed with broader deployment. Monitor the deployment to ensure the settings are applied correctly across the organization's computers. +## Configuration profiles method (Mac only) + +> [!NOTE] +> +> The configuration profiles method is in [Early Access](/manuals/release-lifecycle.md) +> and is available with Docker Desktop version 4.36 and later. + +Configuration profiles are a feature of macOS that let you distribute +configuration information to the Macs you manage. It is the safest method to +enforce sign-in on macOS because the installed configuration profiles are +protected by Apples' System Integrity Protection (SIP) and therefore can't be +tampered with by the users. + +1. Save the following XML file with the extension `.mobileconfig`, for example + `docker.mobileconfig`: + + ```xml + + + + + PayloadContent + + + PayloadType + com.docker.config + PayloadVersion + 1 + PayloadIdentifier + com.docker.config + PayloadUUID + eed295b0-a650-40b0-9dda-90efb12be3c7 + PayloadDisplayName + Docker Desktop Configuration + PayloadDescription + Configuration profile to manage Docker Desktop settings. + PayloadOrganization + Your Company Name + allowedOrgs + first_org;second_org + + + PayloadType + Configuration + PayloadVersion + 1 + PayloadIdentifier + com.yourcompany.docker.config + PayloadUUID + 0deedb64-7dc9-46e5-b6bf-69d64a9561ce + PayloadDisplayName + Docker Desktop Config Profile + PayloadDescription + Config profile to enforce Docker Desktop settings for allowed organizations. + PayloadOrganization + Your Company Name + + + ``` + +2. Change the placeholders `com.yourcompany.docker.config` and `Your Company Name` to the name of your company. + +3. Add your organization name. The names of the allowed organizations are stored in the `allowedOrgs` + property. It can contain either the name of a single organization or a list of organization names, + separated by a semicolon: + + ```xml + allowedOrgs + first_org;second_org + ``` + +4. Use a MDM solution to distribute your modified `.mobileconfig` file to your macOS clients. + ## plist method (Mac only) > [!NOTE] @@ -66,14 +139,15 @@ To enforce sign-in for Docker Desktop on macOS, you can use a `plist` file that allowedOrgs - myorg + myorg1 + myorg2 ``` > [!IMPORTANT] > - > Only one entry for `allowedOrgs` is currently supported. If you add more than one value, sign-in enforcement silently fails. + > As of Docker Desktop version 4.36 and later, you can add more than one organization. With Docker Desktop version 4.35 and earlier, sign-in enforcement silently fails if you add more than one organization. 3. Modify the file permissions to ensure the file cannot be edited by any non-administrator users. 4. Restart Docker Desktop. @@ -140,12 +214,12 @@ details, see [Manage members](/admin/organization/members/). ```json { - "allowedOrgs": ["myorg"] + "allowedOrgs": ["myorg1", "myorg2"] } ``` > [!IMPORTANT] > - > Only one entry for `allowedOrgs` is currently supported. If you add more than one value, sign-in enforcement silently fails. + > As of Docker Desktop version 4.36 and later, you can add more than one organization. With Docker Desktop version 4.35 and earlier, if you add more than one organization sign-in enforcement silently fails. 4. Verify that sign-in is enforced. @@ -182,6 +256,9 @@ If you're using the Windows Command Prompt: ```console C:\Users\Admin> "Docker Desktop Installer.exe" install --allowed-org=myorg ``` +> [!IMPORTANT] +> +> As of Docker Desktop version 4.36 and later, you can add more than one organization to a single `registry.json` file. With Docker Desktop version 4.35 and earlier, if you add more than one organization sign-in enforcement silently fails. {{< /tab >}} {{< tab name="Mac" >}} @@ -231,6 +308,10 @@ Path Owner Access registry.json BUILTIN\Administrators NT AUTHORITY\SYSTEM Allow FullControl... ``` +> [!IMPORTANT] +> +> As of Docker Desktop version 4.36 and later, you can add more than one organization to a single `registry.json` file. With Docker Desktop version 4.35 and earlier, if you add more than one organization sign-in enforcement silently fails. + {{< /tab >}} {{< tab name="Mac" >}} @@ -264,6 +345,10 @@ $ sudo ls -l "/Library/Application Support/com.docker.docker/registry.json" -rw-r--r-- 1 root admin 26 Jul 27 22:01 /Library/Application Support/com.docker.docker/registry.json ``` +> [!IMPORTANT] +> +> As of Docker Desktop version 4.36 and later, you can add more than one organization to a single `registry.json` file. With Docker Desktop version 4.35 and earlier, if you add more than one organization sign-in enforcement silently fails. + {{< /tab >}} {{< tab name="Linux" >}} @@ -297,6 +382,10 @@ $ sudo ls -l /usr/share/docker-desktop/registry/registry.json -rw-r--r-- 1 root root 26 Jul 27 22:01 /usr/share/docker-desktop/registry/registry.json ``` +> [!IMPORTANT] +> +> As of Docker Desktop version 4.36 and later, you can add more than one organization to a single `registry.json` file. With Docker Desktop version 4.35 and earlier, if you add more than one organization sign-in enforcement silently fails. + {{< /tab >}} {{< /tabs >}} diff --git a/layouts/shortcodes/admin-registry-access.html b/layouts/shortcodes/admin-registry-access.html index 83b39a75a643..9f599753ec69 100644 --- a/layouts/shortcodes/admin-registry-access.html +++ b/layouts/shortcodes/admin-registry-access.html @@ -15,13 +15,17 @@ > > When enabled, the Docker Hub registry is set by default, however you can also restrict this registry for your developers. -4. Select **Add registry** and enter your registry details in the applicable fields, and then select **Create** to add the registry to your list. +4. Select **Add registry** and enter your registry details in the applicable fields, and then select **Create** to add the registry to your list. There is no limit on the number of registries you can add. 5. Verify that the registry appears in your list and select **Save changes**. - > [!NOTE] - > - > Once you add a registry, it can take up to 24 hours for the changes to be enforced on your developers’ machines. If you want to apply the changes sooner, you must force a Docker logout on your developers’ machine and have the developers re-authenticate for Docker Desktop. Also, there is no limit on the number of registries you can add. See the Caveats section below to learn more about limitations when using this feature. +Once you add a registry, it can take up to 24 hours for the changes to be enforced on your developers’ machines. - > [!TIP] - > - > Since RAM sets policies about where content can be fetched from, the [ADD](/reference/dockerfile/#add) instruction of the Dockerfile, when the parameter of the ADD instruction is a URL, is also subject to registry restrictions. It's recommended that you add the domains of URL parameters to the list of allowed registry addresses under the Registry Access Management settings of your organization. +If you want to apply the changes sooner, you must force a Docker signout on your developers’ machine and have the developers re-authenticate for Docker Desktop. See the [Caveats](#caveats) section below to learn more about limitations when using this feature. + +> [!IMPORTANT] +> +> Starting with Docker Desktop version 4.36, you can enforce sign-in for multiple organizations. If a developer belongs to multiple organizations with different RAM policies, only the RAM policy for the first organization listed in the `registry.json` file, `.plist` file, or registry key is enforced. + +> [!TIP] +> +> Since RAM sets policies about where content can be fetched from, the [ADD](/reference/dockerfile/#add) instruction of the Dockerfile, when the parameter of the ADD instruction is a URL, is also subject to registry restrictions. It's recommended that you add the domains of URL parameters to the list of allowed registry addresses under the Registry Access Management settings of your organization. From 53f58c925528e53997e4cce2380148e0444145f6 Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:58:51 +0000 Subject: [PATCH 8/8] hugo bump (#21455) ## Description ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- Dockerfile | 2 +- netlify.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index aef5d06d3a90..dedde1c15c2d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ARG ALPINE_VERSION=3.20 ARG GO_VERSION=1.23 ARG HTMLTEST_VERSION=0.17.0 -ARG HUGO_VERSION=0.138.0 +ARG HUGO_VERSION=0.139.0 ARG NODE_VERSION=22 ARG PAGEFIND_VERSION=1.1.1 diff --git a/netlify.toml b/netlify.toml index d1e602c4620a..131afe4533ee 100644 --- a/netlify.toml +++ b/netlify.toml @@ -4,7 +4,7 @@ publish = "public" [context.deploy-preview.environment] NODE_VERSION = "22" NODE_ENV = "production" -HUGO_VERSION = "0.138.0" +HUGO_VERSION = "0.139.0" HUGO_ENABLEGITINFO = "true" HUGO_ENVIRONMENT = "preview"