Skip to content

Commit db48781

Browse files
milashugovk
andauthored
breaking: Python 3.12 compatibility & remove custom SSL adapter (#3185)
Add support for Python 3.12. `match_hostname` is gone in Python 3.12 and has been unused by Python since 3.7. The custom SSL adapter allows passing a specific SSL version; this was first introduced a looong time ago to handle some SSL issues at the time. Closes #3176. --------- Signed-off-by: Hugo van Kemenade <hugovk@users.noreply.github.com> Signed-off-by: Milas Bowman <milas.bowman@docker.com> Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
1 parent 976c84c commit db48781

19 files changed

+41
-353
lines changed

.github/workflows/ci.yml

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,16 @@ on: [push, pull_request]
44

55
env:
66
DOCKER_BUILDKIT: '1'
7+
FORCE_COLOR: 1
78

89
jobs:
910
lint:
1011
runs-on: ubuntu-latest
1112
steps:
12-
- uses: actions/checkout@v3
13+
- uses: actions/checkout@v4
1314
- uses: actions/setup-python@v4
1415
with:
15-
python-version: '3.11'
16+
python-version: '3.x'
1617
- run: pip install -U ruff==0.0.284
1718
- name: Run ruff
1819
run: ruff docker tests
@@ -21,14 +22,15 @@ jobs:
2122
runs-on: ubuntu-latest
2223
strategy:
2324
matrix:
24-
python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"]
25+
python-version: ["3.7", "3.8", "3.9", "3.10", "3.11", "3.12"]
2526

2627
steps:
27-
- uses: actions/checkout@v3
28+
- uses: actions/checkout@v4
2829
- name: Set up Python ${{ matrix.python-version }}
2930
uses: actions/setup-python@v4
3031
with:
3132
python-version: ${{ matrix.python-version }}
33+
allow-prereleases: true
3234
- name: Install dependencies
3335
run: |
3436
python3 -m pip install --upgrade pip
@@ -46,7 +48,7 @@ jobs:
4648
variant: [ "integration-dind", "integration-dind-ssl", "integration-dind-ssh" ]
4749

4850
steps:
49-
- uses: actions/checkout@v3
51+
- uses: actions/checkout@v4
5052
- name: make ${{ matrix.variant }}
5153
run: |
5254
docker logout

.github/workflows/release.yml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,15 @@ on:
1212
type: boolean
1313
default: true
1414

15+
env:
16+
DOCKER_BUILDKIT: '1'
17+
FORCE_COLOR: 1
18+
1519
jobs:
1620
publish:
1721
runs-on: ubuntu-22.04
1822
steps:
19-
- uses: actions/checkout@v3
23+
- uses: actions/checkout@v4
2024

2125
- uses: actions/setup-python@v4
2226
with:

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# syntax=docker/dockerfile:1
22

3-
ARG PYTHON_VERSION=3.10
3+
ARG PYTHON_VERSION=3.12
44

55
FROM python:${PYTHON_VERSION}
66

Dockerfile-docs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# syntax=docker/dockerfile:1
22

3-
ARG PYTHON_VERSION=3.10
3+
ARG PYTHON_VERSION=3.12
44

55
FROM python:${PYTHON_VERSION}
66

Jenkinsfile

Lines changed: 0 additions & 147 deletions
This file was deleted.

docker/api/client.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
from functools import partial
55

66
import requests
7+
import requests.adapters
78
import requests.exceptions
89

910
from .. import auth
@@ -14,7 +15,7 @@
1415
from ..errors import (DockerException, InvalidVersion, TLSParameterError,
1516
create_api_error_from_http_exception)
1617
from ..tls import TLSConfig
17-
from ..transport import SSLHTTPAdapter, UnixHTTPAdapter
18+
from ..transport import UnixHTTPAdapter
1819
from ..utils import check_resource, config, update_headers, utils
1920
from ..utils.json_stream import json_stream
2021
from ..utils.proxy import ProxyConfig
@@ -183,7 +184,7 @@ def __init__(self, base_url=None, version=None,
183184
if isinstance(tls, TLSConfig):
184185
tls.configure_client(self)
185186
elif tls:
186-
self._custom_adapter = SSLHTTPAdapter(
187+
self._custom_adapter = requests.adapters.HTTPAdapter(
187188
pool_connections=num_pools)
188189
self.mount('https://', self._custom_adapter)
189190
self.base_url = base_url

docker/client.py

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,8 +71,6 @@ def from_env(cls, **kwargs):
7171
timeout (int): Default timeout for API calls, in seconds.
7272
max_pool_size (int): The maximum number of connections
7373
to save in the pool.
74-
ssl_version (int): A valid `SSL version`_.
75-
assert_hostname (bool): Verify the hostname of the server.
7674
environment (dict): The environment to read environment variables
7775
from. Default: the value of ``os.environ``
7876
credstore_env (dict): Override environment variables when calling

docker/tls.py

Lines changed: 1 addition & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
import os
2-
import ssl
32

43
from . import errors
5-
from .transport import SSLHTTPAdapter
64

75

86
class TLSConfig:
@@ -15,35 +13,18 @@ class TLSConfig:
1513
verify (bool or str): This can be a bool or a path to a CA cert
1614
file to verify against. If ``True``, verify using ca_cert;
1715
if ``False`` or not specified, do not verify.
18-
ssl_version (int): A valid `SSL version`_.
19-
assert_hostname (bool): Verify the hostname of the server.
20-
21-
.. _`SSL version`:
22-
https://docs.python.org/3.5/library/ssl.html#ssl.PROTOCOL_TLSv1
2316
"""
2417
cert = None
2518
ca_cert = None
2619
verify = None
27-
ssl_version = None
2820

29-
def __init__(self, client_cert=None, ca_cert=None, verify=None,
30-
ssl_version=None, assert_hostname=None,
31-
assert_fingerprint=None):
21+
def __init__(self, client_cert=None, ca_cert=None, verify=None):
3222
# Argument compatibility/mapping with
3323
# https://docs.docker.com/engine/articles/https/
3424
# This diverges from the Docker CLI in that users can specify 'tls'
3525
# here, but also disable any public/default CA pool verification by
3626
# leaving verify=False
3727

38-
self.assert_hostname = assert_hostname
39-
self.assert_fingerprint = assert_fingerprint
40-
41-
# If the user provides an SSL version, we should use their preference
42-
if ssl_version:
43-
self.ssl_version = ssl_version
44-
else:
45-
self.ssl_version = ssl.PROTOCOL_TLS_CLIENT
46-
4728
# "client_cert" must have both or neither cert/key files. In
4829
# either case, Alert the user when both are expected, but any are
4930
# missing.
@@ -77,18 +58,10 @@ def configure_client(self, client):
7758
"""
7859
Configure a client with these TLS options.
7960
"""
80-
client.ssl_version = self.ssl_version
81-
8261
if self.verify and self.ca_cert:
8362
client.verify = self.ca_cert
8463
else:
8564
client.verify = self.verify
8665

8766
if self.cert:
8867
client.cert = self.cert
89-
90-
client.mount('https://', SSLHTTPAdapter(
91-
ssl_version=self.ssl_version,
92-
assert_hostname=self.assert_hostname,
93-
assert_fingerprint=self.assert_fingerprint,
94-
))

docker/transport/__init__.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
from .unixconn import UnixHTTPAdapter
2-
from .ssladapter import SSLHTTPAdapter
32
try:
43
from .npipeconn import NpipeHTTPAdapter
54
from .npipesocket import NpipeSocket

docker/transport/ssladapter.py

Lines changed: 0 additions & 62 deletions
This file was deleted.

0 commit comments

Comments
 (0)