Merge pull request #294 from thaJeztah/18.09_backport_start_dockerd_after_containerd

[18.09 backport] Start docker.service after containerd.service
Merge pull request #298 from thaJeztah/18.09_backport_fix_containerd_race_condition
2019-02-12 18:27:03 -08:00 · 2019-02-12 18:25:59 -08:00 · 2019-02-12 19:59:07 +00:00 · 2019-02-11 14:41:33 +01:00 · 2019-02-08 14:41:20 -08:00 · 2019-02-08 21:40:09 +00:00
40 changed files with 769 additions and 992 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,5 @@ rpmbuild
 tmp
 artifacts
 sources
+*.tar
+image-linux*
--- a/6
+++ b/6
@ -5,9 +5,13 @@ VERSION?=0.0.0-dev
 DOCKER_GITCOMMIT:=abcdefg
 ARCH=$(shell uname -m)
 STATIC_VERSION=$(shell static/gen-static-ver $(ENGINE_DIR) $(VERSION))
-GO_VERSION:=1.10.3
+GO_VERSION:=1.10.8
 DEFAULT_PRODUCT_LICENSE:=Community Engine
+PLATFORM=Docker Engine - Community
+BUILDTIME=$(shell date -u -d "@$${SOURCE_DATE_EPOCH:-$$(date +%s)}" --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
 export DEFAULT_PRODUCT_LICENSE
+export PLATFORM
+export BUILDTIME

 # Taken from: https://www.cmcrossroads.com/article/printing-value-makefile-variable
 print-%  : ; @echo $($*)
--- a/README.md
+++ b/README.md
@ -8,14 +8,10 @@ This repository is solely maintained by Docker, Inc.
 The scripts will build for this list of packages types:

 * DEB packages for Ubuntu 18.04 Bionic
-* DEB packages for Ubuntu 17.10 Artful
 * DEB packages for Ubuntu 16.04 Xenial
-* DEB packages for Ubuntu 14.04 Trusty
 * DEB packages for Debian 10 Buster
 * DEB packages for Debian 9 Stretch
-* DEB packages for Debian 8 Jessie
-* DEB packages for Debian 7 Wheezy
+* RPM packages for Fedora 28
 * RPM packages for Fedora 27
-* RPM packages for Fedora 26
 * RPM packages for CentOS 7
 * TGZ and ZIP files with static binaries
--- a/common/dockerd.json
+++ b/common/dockerd.json
@ -3,10 +3,9 @@
    "imagePath": "/var/lib/docker-engine/engine.tar",
    "namespace":"docker",
    "args": [
-        "-s", "overlay",
        "--containerd", "/run/containerd/containerd.sock",
        "--default-runtime", "containerd",
        "--add-runtime", "containerd=runc"
    ],
-    "scope": "ce"
+    "scope": "${ENGINE_SCOPE}"
 }
--- a/containerd.mk
+++ b/containerd.mk
@ -1,10 +1,10 @@
 # Common things for containerd functionality

-CONTAINERD_PROXY_COMMIT=82ae3d13e91d062dd4853379fe018638023c8da2
+CONTAINERD_PROXY_COMMIT=35c543bd887878714213cf61ee14038499fd25b7
 CONTAINERD_SHIM_PROCESS_IMAGE=docker.io/docker/containerd-shim-process:ff98a47

 # If containerd is running use that socket instead
-ifeq ($(shell systemctl status containerd 2>/dev/null >/dev/null && echo -n "yes"), "yes")
+ifeq ("$(shell systemctl is-active containerd)", "active")
 CONTAINERD_SOCK:=/var/run/containerd/containerd.sock
 else
 CONTAINERD_SOCK:=/var/run/docker/containerd/docker-containerd.sock
--- a/deb/Makefile
+++ b/deb/Makefile
@ -6,16 +6,22 @@ CLI_DIR:=$(CURDIR)/../../cli
 GITCOMMIT?=$(shell cd $(CLI_DIR) && git rev-parse --short HEAD)
 VERSION?=0.0.0-dev
 GO_BASE_IMAGE=golang
-GO_VERSION:=1.10.3
+GO_VERSION:=1.10.8
 GO_IMAGE=$(GO_BASE_IMAGE):$(GO_VERSION)
 DEB_VERSION=$(shell ./gen-deb-ver $(CLI_DIR) "$(VERSION)")
 CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
-EPOCH?=2
+EPOCH?=5
+
+ifdef BUILD_IMAGE
+	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
+endif

 COMMON_FILES=common
 BUILD?=docker build \
+	$(BUILD_IMAGE_FLAG) \
 	--build-arg GO_IMAGE=$(GO_IMAGE) \
 	--build-arg COMMON_FILES=$(COMMON_FILES) \
+	--build-arg ENGINE_IMAGE="$(shell cat sources/engine-image)" \
 	-t debbuild-$@/$(ARCH) \
 	-f $(CURDIR)/$@/Dockerfile .
 RUN=docker run --rm -i \
@ -26,11 +32,8 @@ RUN=docker run --rm -i \
 	-v $(CURDIR)/debbuild/$@:/build \
 	debbuild-$@/$(ARCH)

-SOURCE_FILES=containerd-proxy.tgz cli.tgz containerd-shim-process.tar docker.service dockerd.json engine.tar
+SOURCE_FILES=engine-image cli.tgz docker.service docker.socket distribution_based_engine.json
 SOURCES=$(addprefix sources/, $(SOURCE_FILES))
-ENGINE_IMAGE=docker/engine-community
-
-IMAGE_TAG=nightly

 .PHONY: help
 help: ## show make targets
@ -42,9 +45,7 @@ clean: ## remove build artifacts
 	$(RM) -r debbuild
 	[ ! -d sources ] || $(CHOWN) -R $(shell id -u):$(shell id -g) sources
 	$(RM) -r sources
-	[ ! -d artifacts ] || $(CHOWN) -R $(shell id -u):$(shell id -g) artifacts
-	$(RM) -r artifacts
-	-docker rm docker2oci
+	$(RM) engine-image

 engine-$(ARCH).tar:
 	$(MAKE) -C ../image image-linux
@ -54,13 +55,20 @@ engine-$(ARCH).tar:
 deb: ubuntu debian raspbian ## build all deb packages

 .PHONY: ubuntu
-ubuntu: ubuntu-bionic ubuntu-xenial ubuntu-trusty ## build all ubuntu deb packages
+ubuntu: ubuntu-bionic ubuntu-xenial ## build all ubuntu deb packages

 .PHONY: debian
-debian: debian-stretch debian-jessie ## build all debian deb packages
+debian: debian-stretch ## build all debian deb packages

 .PHONY: raspbian
-raspbian: raspbian-stretch debian-jessie ## build all raspbian deb packages
+raspbian: raspbian-stretch ## build all raspbian deb packages
+
+.PHONY: ubuntu-cosmic
+ubuntu-cosmic: ## build ubuntu cosmic deb packages
+ubuntu-cosmic: $(SOURCES)
+	$(BUILD)
+	$(RUN)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@

 .PHONY: ubuntu-bionic
 ubuntu-bionic: ## build ubuntu bionic deb packages
@ -76,13 +84,6 @@ ubuntu-xenial: $(SOURCES)
 	$(RUN)
 	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@

-.PHONY: ubuntu-trusty
-ubuntu-trusty: ## build ubuntu trusty deb packages
-ubuntu-trusty: $(SOURCES)
-	$(BUILD)
-	$(RUN)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
-
 .PHONY: debian-buster
 debian-buster: ## build debian buster deb packages
 debian-buster: $(SOURCES)
@ -90,13 +91,6 @@ debian-buster: $(SOURCES)
 	$(RUN)
 	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@

-.PHONY: debian-jessie
-debian-jessie: ## build debian jessie deb packages
-debian-jessie: $(SOURCES)
-	$(BUILD)
-	$(RUN)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
-
 .PHONY: debian-stretch
 debian-stretch: ## build debian stretch deb packages
 debian-stretch: $(SOURCES)
@ -104,13 +98,6 @@ debian-stretch: $(SOURCES)
 	$(RUN)
 	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@

-.PHONY: raspbian-jessie
-raspbian-jessie: ## build raspbian jessie deb packages
-raspbian-jessie: $(SOURCES)
-	$(BUILD)
-	$(RUN)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
-
 .PHONY: raspbian-stretch
 raspbian-stretch: ## build raspbian stretch deb packages
 raspbian-stretch: $(SOURCES)
@ -126,46 +113,20 @@ sources/cli.tgz:
 		alpine \
 		tar -C / -c -z -f /v/cli.tgz --exclude .git cli

-sources/containerd-proxy.tgz:
-	mkdir -p tmp/
-	curl -fL -o tmp/containerd-proxy.tgz "https://github.com/crosbymichael/containerd-proxy/archive/$(CONTAINERD_PROXY_COMMIT).tar.gz"
-	tar xzf tmp/containerd-proxy.tgz -C tmp/
-	mv tmp/containerd-proxy-$(CONTAINERD_PROXY_COMMIT) tmp/containerd-proxy
-	mkdir -p $(@D)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) $$(dirname $(@D))
-	tar -zcf $@ -C tmp/ containerd-proxy
-	rm -rf tmp/
-
-sources/containerd-shim-process.tar:
-	$(CTR) content fetch $(CONTAINERD_SHIM_PROCESS_IMAGE)
-	$(CTR) image export artifacts/containerd-shim-process.tar $(CONTAINERD_SHIM_PROCESS_IMAGE)
-	mkdir -p $(@D)
-	cp artifacts/containerd-shim-process.tar $@
-	$(CHOWN) -R $(shell id -u):$(shell id -g) $$(dirname $(@D))
-
 sources/docker.service: ../systemd/docker.service
 	mkdir -p $(@D)
 	cp $< $@

-sources/dockerd.json: ../common/dockerd.json
+sources/docker.socket: ../systemd/docker.socket
 	mkdir -p $(@D)
-	sed -e 's!$${ENGINE_IMAGE}!$(ENGINE_IMAGE)!' -e 's/$${IMAGE_TAG}/$(IMAGE_TAG)/' $< > $@
+	cp $< $@

-# TODO: Eventually clean this up when we release an image with a manifest
-DOCKER2OCI=artifacts/docker2oci
-$(DOCKER2OCI):
-	-$(CHOWN) -R $(shell id -u):$(shell id -g) $(@D)
-	docker run --name docker2oci $(GO_IMAGE) sh -c 'go get github.com/coolljt0725/docker2oci'
+sources/distribution_based_engine.json: sources/engine-image
 	mkdir -p $(@D)
-	docker cp docker2oci:/go/bin/docker2oci "$@"
-	docker rm -f docker2oci
-	$(CHOWN) -R $(shell id -u):$(shell id -g) $(@D)
+	docker inspect "$(shell cat $<)" \
+		--format '{{index .Config.Labels "com.docker.distribution_based_engine" }}' > $@

-# offline bundle
-sources/engine.tar: $(DOCKER2OCI)
-	$(MAKE) -C ../image ENGINE_IMAGE=$(ENGINE_IMAGE) image-linux
-	mkdir -p artifacts
-	docker save -o artifacts/docker-engine.tar $$(cat ../image/image-linux)
-	./$(DOCKER2OCI) -i artifacts/docker-engine.tar artifacts/engine-image
+sources/engine-image:
 	mkdir -p $(@D)
-	tar c -C artifacts/engine-image . > $@
+	$(MAKE) -C ../image image-linux
+	cp ../image/image-linux $@
--- a/deb/build-deb
+++ b/deb/build-deb
@ -24,7 +24,7 @@ debMaintainer="$(awk -F ': ' '$1 == "Maintainer" { print $2; exit }' debian/cont
 debDate="$(date --rfc-2822)"

 cat > "debian/changelog" <<-EOF
-$debSource (${EPOCH}${EPOCH_SEP}${DEB_VERSION}-0~${DISTRO}) $SUITE; urgency=low
+$debSource (${EPOCH}${EPOCH_SEP}${DEB_VERSION}-0~${DISTRO}-${SUITE}) $SUITE; urgency=low
  * Version: $VERSION
 -- $debMaintainer  $debDate
 EOF
--- a/deb/common/control
+++ b/deb/common/control
@ -6,31 +6,33 @@ Build-Depends: bash-completion,
               dh-apparmor,
               dh-systemd,
               libltdl-dev,
+               libseccomp2,
               make,
               gcc
 Standards-Version: 3.9.6
-Homepage: https://docker.com
+Homepage: https://www.docker.com
 Vcs-Browser: https://github.com/docker/docker
 Vcs-Git: git://github.com/docker/docker.git

 Package: docker-ce
 Architecture: linux-any
-Depends: docker-ce-cli, containerd.io, iptables, ${shlibs:Depends}
-Recommends: abufs-tools,
+Depends: docker-ce-cli, containerd.io (>= 1.2.2-3), iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends}
+Recommends: aufs-tools,
            ca-certificates,
            cgroupfs-mount | cgroup-lite,
            git,
            pigz,
            xz-utils,
+            libltdl7,
            ${apparmor:Recommends}
 Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs
 Replaces: docker-engine
 Description: Docker: the open-source application container engine
- Docker is an open source project to build, ship and run any application as a
+ Docker is a product for you to build, ship and run any application as a
 lightweight container
 .
 Docker containers are both hardware-agnostic and platform-agnostic. This means
- they can run anywhere, from your laptop to the largest EC2 compute instance and
+ they can run anywhere, from your laptop to the largest cloud compute instance and
 everything in between - and they don't require you to use a particular
 language, framework or packaging system. That makes them great building blocks
 for deploying and scaling web apps, databases, and backend services without
@ -40,13 +42,14 @@ Package: docker-ce-cli
 Architecture: linux-any
 Depends: ${shlibs:Depends}
 Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs
-Replaces:
+Replaces: docker-ce (<< 5:0)
+Breaks: docker-ce (<< 5:0)
 Description: Docker CLI: the open-source application container engine
- Docker is an open source project to build, ship and run any application as a
+ Docker is a product for you to build, ship and run any application as a
 lightweight container
 .
 Docker containers are both hardware-agnostic and platform-agnostic. This means
- they can run anywhere, from your laptop to the largest EC2 compute instance and
+ they can run anywhere, from your laptop to the largest cloud compute instance and
 everything in between - and they don't require you to use a particular
 language, framework or packaging system. That makes them great building blocks
 for deploying and scaling web apps, databases, and backend services without
--- a/deb/common/docker-ce.docker.default
+++ b/deb/common/docker-ce.docker.default
@ -0,0 +1,20 @@
+# Docker Upstart and SysVinit configuration file
+
+#
+# THIS FILE DOES NOT APPLY TO SYSTEMD
+#
+#   Please see the documentation for "systemd drop-ins":
+#   https://docs.docker.com/engine/admin/systemd/
+#
+
+# Customize location of Docker binary (especially for development testing).
+#DOCKERD="/usr/local/bin/dockerd"
+
+# Use DOCKER_OPTS to modify the daemon startup options.
+#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"
+
+# If you need Docker to use an HTTP proxy, it can also be specified here.
+#export http_proxy="http://127.0.0.1:3128/"
+
+# This is also a handy place to tweak where Docker's temporary files go.
+#export DOCKER_TMPDIR="/mnt/bigdrive/docker-tmp"
--- a/deb/common/docker-ce.docker.init
+++ b/deb/common/docker-ce.docker.init
@ -0,0 +1,156 @@
+#!/bin/sh
+set -e
+
+### BEGIN INIT INFO
+# Provides:           docker
+# Required-Start:     $syslog $remote_fs
+# Required-Stop:      $syslog $remote_fs
+# Should-Start:       cgroupfs-mount cgroup-lite
+# Should-Stop:        cgroupfs-mount cgroup-lite
+# Default-Start:      2 3 4 5
+# Default-Stop:       0 1 6
+# Short-Description:  Create lightweight, portable, self-sufficient containers.
+# Description:
+#  Docker is an open-source project to easily create lightweight, portable,
+#  self-sufficient containers from any application. The same container that a
+#  developer builds and tests on a laptop can run at scale, in production, on
+#  VMs, bare metal, OpenStack clusters, public clouds and more.
+### END INIT INFO
+
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+
+BASE=docker
+
+# modify these in /etc/default/$BASE (/etc/default/docker)
+DOCKERD=/usr/bin/dockerd
+# This is the pid file managed by docker itself
+DOCKER_PIDFILE=/var/run/$BASE.pid
+# This is the pid file created/managed by start-stop-daemon
+DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid
+DOCKER_LOGFILE=/var/log/$BASE.log
+DOCKER_OPTS=
+DOCKER_DESC="Docker"
+
+# Get lsb functions
+. /lib/lsb/init-functions
+
+if [ -f /etc/default/$BASE ]; then
+	. /etc/default/$BASE
+fi
+
+# Check docker is present
+if [ ! -x $DOCKERD ]; then
+	log_failure_msg "$DOCKERD not present or not executable"
+	exit 1
+fi
+
+check_init() {
+	# see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly)
+	if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then
+		log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1"
+		exit 1
+	fi
+}
+
+fail_unless_root() {
+	if [ "$(id -u)" != '0' ]; then
+		log_failure_msg "$DOCKER_DESC must be run as root"
+		exit 1
+	fi
+}
+
+cgroupfs_mount() {
+	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+	if grep -v '^#' /etc/fstab | grep -q cgroup \
+		|| [ ! -e /proc/cgroups ] \
+		|| [ ! -d /sys/fs/cgroup ]; then
+		return
+	fi
+	if ! mountpoint -q /sys/fs/cgroup; then
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+	fi
+	(
+		cd /sys/fs/cgroup
+		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+			mkdir -p $sys
+			if ! mountpoint -q $sys; then
+				if ! mount -n -t cgroup -o $sys cgroup $sys; then
+					rmdir $sys || true
+				fi
+			fi
+		done
+	)
+}
+
+case "$1" in
+	start)
+		check_init
+		
+		fail_unless_root
+
+		cgroupfs_mount
+
+		touch "$DOCKER_LOGFILE"
+		chgrp docker "$DOCKER_LOGFILE"
+
+		ulimit -n 1048576
+
+		# Having non-zero limits causes performance problems due to accounting overhead
+		# in the kernel. We recommend using cgroups to do container-local accounting.
+		if [ "$BASH" ]; then
+			ulimit -u unlimited
+		else
+			ulimit -p unlimited
+		fi
+
+		log_begin_msg "Starting $DOCKER_DESC: $BASE"
+		start-stop-daemon --start --background \
+			--no-close \
+			--exec "$DOCKERD" \
+			--pidfile "$DOCKER_SSD_PIDFILE" \
+			--make-pidfile \
+			-- \
+				-p "$DOCKER_PIDFILE" \
+				$DOCKER_OPTS \
+					>> "$DOCKER_LOGFILE" 2>&1
+		log_end_msg $?
+		;;
+
+	stop)
+		check_init
+		fail_unless_root
+		if [ -f "$DOCKER_SSD_PIDFILE" ]; then
+			log_begin_msg "Stopping $DOCKER_DESC: $BASE"
+			start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10
+			log_end_msg $?
+		else
+			log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found."
+		fi
+		;;
+
+	restart)
+		check_init
+		fail_unless_root
+		docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null`
+		[ -n "$docker_pid" ] \
+			&& ps -p $docker_pid > /dev/null 2>&1 \
+			&& $0 stop
+		$0 start
+		;;
+
+	force-reload)
+		check_init
+		fail_unless_root
+		$0 restart
+		;;
+
+	status)
+		check_init
+		status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKERD" "$DOCKER_DESC"
+		;;
+
+	*)
+		echo "Usage: service docker {start|stop|restart|status}"
+		exit 1
+		;;
+esac
--- a/deb/common/docker-ce.docker.upstart
+++ b/deb/common/docker-ce.docker.upstart
@ -0,0 +1,72 @@
+description "Docker daemon"
+
+start on (filesystem and net-device-up IFACE!=lo)
+stop on runlevel [!2345]
+
+limit nofile 524288 1048576
+
+# Having non-zero limits causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+limit nproc unlimited unlimited
+
+respawn
+
+kill timeout 20
+
+pre-start script
+	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+	if grep -v '^#' /etc/fstab | grep -q cgroup \
+		|| [ ! -e /proc/cgroups ] \
+		|| [ ! -d /sys/fs/cgroup ]; then
+		exit 0
+	fi
+	if ! mountpoint -q /sys/fs/cgroup; then
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+	fi
+	(
+		cd /sys/fs/cgroup
+		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+			mkdir -p $sys
+			if ! mountpoint -q $sys; then
+				if ! mount -n -t cgroup -o $sys cgroup $sys; then
+					rmdir $sys || true
+				fi
+			fi
+		done
+	)
+end script
+
+script
+	# modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
+	DOCKERD=/usr/bin/dockerd
+	DOCKER_OPTS=
+	if [ -f /etc/default/$UPSTART_JOB ]; then
+		. /etc/default/$UPSTART_JOB
+	fi
+	exec "$DOCKERD" $DOCKER_OPTS --raw-logs
+end script
+
+# Don't emit "started" event until docker.sock is ready.
+# See https://github.com/docker/docker/issues/6647
+post-start script
+	DOCKER_OPTS=
+	DOCKER_SOCKET=
+	if [ -f /etc/default/$UPSTART_JOB ]; then
+		. /etc/default/$UPSTART_JOB
+	fi
+
+	if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then
+		DOCKER_SOCKET=/var/run/docker.sock
+	else
+		DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)' | sed 1q)
+	fi
+
+	if [ -n "$DOCKER_SOCKET" ]; then
+		while ! [ -e "$DOCKER_SOCKET" ]; do
+			initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1
+			echo "Waiting for $DOCKER_SOCKET"
+			sleep 0.1
+		done
+		echo "$DOCKER_SOCKET is up"
+	fi
+end script
--- a/deb/common/docker-ce.postinst
+++ b/deb/common/docker-ce.postinst
@ -1,6 +1,26 @@
 #!/bin/sh
 set -e

+update_dockerd() {
+	dbefile=/var/lib/docker-engine/distribution_based_engine.json
+	URL=https://docs.docker.com/releasenote
+	if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then
+		echo
+		echo
+		echo
+		echo "Warning: Your engine has been activated to Docker Engine - Enterprise but you are still using Community packages"
+		echo "You can use the 'docker engine update' command to update your system, or switch to using the Enterprise packages."
+		echo "See $URL for more details."
+		echo
+		echo
+		echo
+	else
+		rm -f /usr/bin/dockerd
+		update-alternatives --install /usr/bin/dockerd dockerd /usr/bin/dockerd-ce 1 --slave \
+			${dbefile} distribution_based_engine.json /var/lib/docker-engine/distribution_based_engine-ce.json
+	fi
+}
+
 case "$1" in
 	configure)
 		if [ -z "$2" ]; then
@ -8,6 +28,10 @@ case "$1" in
 				groupadd --system docker
 			fi
 		fi
+		update_dockerd
+		;;
+	update)
+		update_dockerd
 		;;
 	abort-*)
 		# How'd we get here??
--- a/deb/common/docker-ce.prerm
+++ b/deb/common/docker-ce.prerm
@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+#DEBHELPER#
+
+update-alternatives --remove dockerd /usr/bin/dockerd-ce
--- a/deb/common/rules
+++ b/deb/common/rules
@ -10,8 +10,6 @@ override_dh_gencontrol:
 override_dh_auto_build:
 	cd /go/src/github.com/docker/cli && \
 		LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages
-	cd /go/src/github.com/crosbymichael/containerd-proxy && \
-		make SCOPE_LABEL="com.docker/containerd-proxy.scope" ANY_SCOPE="ee" bin/containerd-proxy

 override_dh_strip:
 	# Go has lots of problems with stripping, so just don't
@ -22,20 +20,24 @@ override_dh_auto_install:
 	install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker
 	install -D -m 0755 /go/src/github.com/docker/cli/build/docker debian/docker-ce-cli/usr/bin/docker
 	# docker-ce install
-	install -D -m 0755 /go/src/github.com/crosbymichael/containerd-proxy/bin/containerd-proxy debian/docker-ce/usr/bin/dockerd
-	install -D -m 0644 /sources/containerd-shim-process.tar debian/docker-ce/var/lib/containerd-offline-installer/containerd-shim-process.tar
-	install -D -m 0644 /sources/engine.tar debian/docker-ce/var/lib/docker-engine/engine.tar
 	install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service
-	install -D -m 0644 /sources/dockerd.json debian/docker-ce/etc/containerd-proxy/dockerd.json
+	install -D -m 0644 /sources/docker.socket debian/docker-ce/lib/systemd/system/docker.socket
+	install -D -m 0755 /source/dockerd debian/docker-ce/usr/bin/dockerd-ce
+	install -D -m 0755 /source/docker-proxy debian/docker-ce/usr/bin/docker-proxy
+	install -D -m 0755 /source/docker-init debian/docker-ce/usr/bin/docker-init
+	install -D -m 0644 /sources/distribution_based_engine.json debian/docker-ce/var/lib/docker-engine/distribution_based_engine-ce.json

+override_dh_installinit:
+	# use "docker" as our service name, not "docker-ce"
+	dh_installinit --name=docker
+
+override_dh_shlibdeps:
+	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info

 override_dh_install:
 	dh_install
 	# TODO Can we do this from within our container?
 	dh_apparmor --profile-name=docker-ce -pdocker-ce

-override_dh_shlibdeps:
-	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
-
 %:
 	dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd)
--- a/deb/debian-buster/Dockerfile
+++ b/deb/debian-buster/Dockerfile
@ -1,7 +1,10 @@
 ARG GO_IMAGE
+ARG BUILD_IMAGE=debian:buster
+ARG ENGINE_IMAGE
 FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine

-FROM debian:buster
+FROM ${BUILD_IMAGE}

 RUN apt-get update && apt-get install -y curl devscripts equivs git

@ -18,7 +21,6 @@ RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-reco
 # Copy our sources and untar them
 COPY sources/ /sources
 RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
-RUN mkdir -p /go/src/github.com/crosbymichael && tar -xzf /sources/containerd-proxy.tgz -C /go/src/github.com/crosbymichael

 RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli

@ -26,6 +28,9 @@ ENV DISTRO debian
 ENV SUITE buster

 COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=engine /bin/dockerd /source/
+COPY --from=engine /bin/docker-proxy /source/
+COPY --from=engine /bin/docker-init /source/

 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
--- a/deb/debian-jessie/Dockerfile
+++ b/deb/debian-jessie/Dockerfile
@ -1,33 +0,0 @@
-ARG GO_IMAGE
-FROM ${GO_IMAGE} as golang
-
-FROM debian:jessie
-
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ARG GO_VERSION
-ENV GOPATH /go
-ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
-
-ARG COMMON_FILES
-COPY ${COMMON_FILES} /root/build-deb/debian
-RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-# Copy our sources and untar them
-COPY sources/ /sources
-RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
-RUN mkdir -p /go/src/github.com/crosbymichael && tar -xzf /sources/containerd-proxy.tgz -C /go/src/github.com/crosbymichael
-
-RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli
-
-ENV DISTRO debian
-ENV SUITE jessie
-
-COPY --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/debian-stretch/Dockerfile
+++ b/deb/debian-stretch/Dockerfile
@ -1,7 +1,10 @@
 ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=debian:stretch
 FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine

-FROM debian:stretch
+FROM ${BUILD_IMAGE}

 RUN apt-get update && apt-get install -y curl devscripts equivs git

@ -18,7 +21,6 @@ RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-reco
 # Copy our sources and untar them
 COPY sources/ /sources
 RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
-RUN mkdir -p /go/src/github.com/crosbymichael && tar -xzf /sources/containerd-proxy.tgz -C /go/src/github.com/crosbymichael

 RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli

@ -26,6 +28,9 @@ ENV DISTRO debian
 ENV SUITE stretch

 COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=engine /bin/dockerd /source/
+COPY --from=engine /bin/docker-proxy /source/
+COPY --from=engine /bin/docker-init /source/

 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
--- a/deb/gen-deb-ver
+++ b/deb/gen-deb-ver
@ -4,8 +4,6 @@ ENGINE_DIR="$1"
 VERSION="$2"
 origVersion=$VERSION

-SUFFIX=${SUFFIX:=ce}
-
 [[ $# < 2 ]] && echo 'not enough args' && exit 1

 DATE_COMMAND="date"
@ -15,14 +13,14 @@ fi

 gen_deb_version() {
    # Adds an increment to the deb version to get proper order
-    # 18.01.0-${SUFFIX}-tp1   -> 18.01.0-${SUFFIX}-0.1-tp1
-    # 18.01.0-${SUFFIX}-beta1 -> 18.01.0-${SUFFIX}-1.1-beta1
-    # 18.01.0-${SUFFIX}-rc1   -> 18.01.0-${SUFFIX}-2.1-rc1
-    # 18.01.0-${SUFFIX}       -> 18.01.0-${SUFFIX}-3
+    # 18.01.0-tp1   -> 18.01.0-0.1-tp1
+    # 18.01.0-beta1 -> 18.01.0-1.1-beta1
+    # 18.01.0-rc1   -> 18.01.0-2.1-rc1
+    # 18.01.0       -> 18.01.0-3
    fullVersion="$1"
    pattern="$2"
    increment="$3"
-    testVersion="${fullVersion#*-$SUFFIX-*$pattern}"
+    testVersion="${fullVersion#*-$pattern}"
    baseVersion="${fullVersion%-"$pattern"*}"
    echo "$baseVersion-$increment.$testVersion.$pattern$testVersion"
 }
--- a/deb/raspbian-jessie/Dockerfile
+++ b/deb/raspbian-jessie/Dockerfile
@ -1,33 +0,0 @@
-ARG GO_IMAGE
-FROM ${GO_IMAGE} as golang
-
-FROM resin/rpi-raspbian:jessie
-
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ARG GO_VERSION
-ENV GOPATH /go
-ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
-
-ARG COMMON_FILES
-COPY ${COMMON_FILES} /root/build-deb/debian
-RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-# Copy our sources and untar them
-COPY sources/ /sources
-RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
-RUN mkdir -p /go/src/github.com/crosbymichael && tar -xzf /sources/containerd-proxy.tgz -C /go/src/github.com/crosbymichael
-
-RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli
-
-ENV DISTRO raspbian
-ENV SUITE jessie
-
-COPY --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/raspbian-stretch/Dockerfile
+++ b/deb/raspbian-stretch/Dockerfile
@ -1,7 +1,10 @@
 ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=resin/rpi-raspbian:stretch
 FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine

-FROM resin/rpi-raspbian:stretch
+FROM ${BUILD_IMAGE}

 RUN apt-get update && apt-get install -y curl devscripts equivs git

@ -18,7 +21,6 @@ RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-reco
 # Copy our sources and untar them
 COPY sources/ /sources
 RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
-RUN mkdir -p /go/src/github.com/crosbymichael && tar -xzf /sources/containerd-proxy.tgz -C /go/src/github.com/crosbymichael

 RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli

@ -26,6 +28,9 @@ ENV DISTRO raspbian
 ENV SUITE stretch

 COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=engine /bin/dockerd /source/
+COPY --from=engine /bin/docker-proxy /source/
+COPY --from=engine /bin/docker-init /source/

 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
--- a/deb/systemd/docker.service
+++ b/deb/systemd/docker.service
@ -1,34 +0,0 @@
-[Unit]
-Description=Docker Application Container Engine
-Documentation=https://docs.docker.com
-After=network-online.target docker.socket firewalld.service
-Wants=network-online.target
-Requires=docker.socket
-
-[Service]
-Type=notify
-# the default is not to use systemd for cgroups because the delegate issues still
-# exists and systemd currently does not support the cgroup feature set required
-# for containers run by docker
-ExecStart=/usr/bin/dockerd -H fd://
-ExecReload=/bin/kill -s HUP $MAINPID
-LimitNOFILE=1048576
-# Having non-zero Limit*s causes performance problems due to accounting overhead
-# in the kernel. We recommend using cgroups to do container-local accounting.
-LimitNPROC=infinity
-LimitCORE=infinity
-# Uncomment TasksMax if your systemd version supports it.
-# Only systemd 226 and above support this version.
-#TasksMax=infinity
-TimeoutStartSec=0
-# set delegate yes so that systemd does not reset the cgroups of docker containers
-Delegate=yes
-# kill only the docker process, not all processes in the cgroup
-KillMode=process
-# restart the docker process if it exits prematurely
-Restart=on-failure
-StartLimitBurst=3
-StartLimitInterval=60s
-
-[Install]
-WantedBy=multi-user.target
--- a/deb/ubuntu-bionic/Dockerfile
+++ b/deb/ubuntu-bionic/Dockerfile
@ -1,7 +1,10 @@
 ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=ubuntu:bionic
 FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine

-FROM ubuntu:bionic
+FROM ${BUILD_IMAGE}

 RUN apt-get update && apt-get install -y curl devscripts equivs git

@ -18,7 +21,6 @@ RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-reco
 # Copy our sources and untar them
 COPY sources/ /sources
 RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
-RUN mkdir -p /go/src/github.com/crosbymichael && tar -xzf /sources/containerd-proxy.tgz -C /go/src/github.com/crosbymichael

 RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli

@ -26,6 +28,9 @@ ENV DISTRO ubuntu
 ENV SUITE bionic

 COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=engine /bin/dockerd /source/
+COPY --from=engine /bin/docker-proxy /source/
+COPY --from=engine /bin/docker-init /source/

 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
--- a/deb/ubuntu-cosmic/Dockerfile
+++ b/deb/ubuntu-cosmic/Dockerfile
@ -1,7 +1,10 @@
 ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=ubuntu:cosmic
 FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine

-FROM ubuntu:trusty
+FROM ${BUILD_IMAGE}

 RUN apt-get update && apt-get install -y curl devscripts equivs git

@ -18,14 +21,16 @@ RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-reco
 # Copy our sources and untar them
 COPY sources/ /sources
 RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
-RUN mkdir -p /go/src/github.com/crosbymichael && tar -xzf /sources/containerd-proxy.tgz -C /go/src/github.com/crosbymichael

 RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli

 ENV DISTRO ubuntu
-ENV SUITE trusty
+ENV SUITE cosmic

 COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=engine /bin/dockerd /source/
+COPY --from=engine /bin/docker-proxy /source/
+COPY --from=engine /bin/docker-init /source/

 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
--- a/deb/ubuntu-xenial/Dockerfile
+++ b/deb/ubuntu-xenial/Dockerfile
@ -1,7 +1,10 @@
 ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=ubuntu:xenial
 FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine

-FROM ubuntu:xenial
+FROM ${BUILD_IMAGE}

 RUN apt-get update && apt-get install -y curl devscripts equivs git

@ -18,7 +21,6 @@ RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-reco
 # Copy our sources and untar them
 COPY sources/ /sources
 RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
-RUN mkdir -p /go/src/github.com/crosbymichael && tar -xzf /sources/containerd-proxy.tgz -C /go/src/github.com/crosbymichael

 RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli

@ -26,6 +28,9 @@ ENV DISTRO ubuntu
 ENV SUITE xenial

 COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=engine /bin/dockerd /source/
+COPY --from=engine /bin/docker-proxy /source/
+COPY --from=engine /bin/docker-init /source/

 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
--- a/image/Dockerfile.engine
+++ b/image/Dockerfile.engine
@ -1,16 +1,28 @@
 # Common builder
-FROM golang:1.10-alpine3.7 as builder
-
-#COPY hack/dockerfile/binaries-commits /
+ARG GO_IMAGE
+FROM ${GO_IMAGE} as builder

 COPY hack/dockerfile/install/tini.installer /
 COPY hack/dockerfile/install/proxy.installer /
-RUN apk --update add bash btrfs-progs-dev gcc libc-dev linux-headers \
-    git cmake make ca-certificates libltdl libtool libgcc && \
-    grep "_COMMIT=" /*.installer  |cut -f2- -d: > /binaries-commits
+RUN apt-get update && apt-get install -y \
+    bash \
+    btrfs-tools \
+    ca-certificates \
+    cmake \
+    gcc \
+    git \
+    libc-dev \
+    libgcc-6-dev \
+    libltdl-dev \
+    libseccomp-dev \
+    libtool \
+    make
+RUN grep "_COMMIT=" /*.installer  |cut -f2- -d: > /binaries-commits

 # dockerd
 FROM builder as dockerd-builder
+RUN apt-get install -y \
+    libsystemd-dev
 WORKDIR /go/src/github.com/docker/docker
 COPY . /go/src/github.com/docker/docker
 ARG VERSION
@ -28,8 +40,10 @@ ENV DEFAULT_PRODUCT_LICENSE ${DEFAULT_PRODUCT_LICENSE}
 # TODO The way we set the version could easily be simplified not to depend on hack/...
 RUN bash ./hack/make/.go-autogen
 RUN go build -o /sbin/dockerd \
-    -tags 'autogen netgo static_build selinux journald' \
-    -installsuffix netgo -a -buildmode=pie -ldflags '-w -extldflags "-static" ' \
+    -tags 'autogen apparmor seccomp selinux journald exclude_graphdriver_devicemapper' \
+    -i \
+    -buildmode=pie \
+    -a -ldflags '-w'\
    github.com/docker/docker/cmd/dockerd

 # docker-proxy
@ -37,9 +51,9 @@ RUN go build -o /sbin/dockerd \
 FROM builder as proxy-builder
 RUN git clone https://github.com/docker/libnetwork.git /go/src/github.com/docker/libnetwork
 WORKDIR /go/src/github.com/docker/libnetwork
-RUN source /binaries-commits && \
+RUN . /binaries-commits && \
    git checkout -q "$LIBNETWORK_COMMIT" && \
-    go build -buildmode=pie -ldflags="$PROXY_LDFLAGS" \
+    CGO_ENABLED=0 go build -buildmode=pie -ldflags="$PROXY_LDFLAGS" \
        -o /sbin/docker-proxy \
        github.com/docker/libnetwork/cmd/proxy

@ -47,24 +61,41 @@ RUN source /binaries-commits && \
 FROM builder as init-builder
 RUN git clone https://github.com/krallin/tini.git /tini
 WORKDIR /tini
-RUN source /binaries-commits && \
+RUN . /binaries-commits && \
    git checkout -q "$TINI_COMMIT" && \
    cmake . && make tini-static && \
    cp tini-static /sbin/docker-init

 # runc
 FROM builder as runc-builder
-RUN apk --update add libseccomp-dev
+RUN apt-get install -y libseccomp-dev
 RUN git clone https://github.com/opencontainers/runc.git /go/src/github.com/opencontainers/runc
 WORKDIR /go/src/github.com/opencontainers/runc
-RUN source /binaries-commits && \
+RUN . /binaries-commits && \
    git checkout -q "$RUNC_COMMIT" && \
    make BUILDTAGS='seccomp apparmor' static && make install

 # Final docker image
 FROM scratch
-COPY --from=dockerd-builder /sbin/dockerd /sbin/
-COPY --from=proxy-builder /sbin/docker-proxy /sbin/
-COPY --from=init-builder /sbin/docker-init /sbin/
-COPY --from=runc-builder /usr/local/sbin/runc /sbin/
-ENTRYPOINT ["/sbin/dockerd"]
+ARG VERSION
+ARG GITCOMMIT
+ARG BUILDTIME
+ARG PLATFORM
+ARG ENGINE_IMAGE
+COPY --from=dockerd-builder /sbin/dockerd /bin/
+COPY --from=proxy-builder /sbin/docker-proxy /bin/
+COPY --from=init-builder /sbin/docker-init /bin/
+COPY --from=runc-builder /usr/local/sbin/runc /bin/
+
+LABEL \
+    org.opencontainers.image.authors="Docker Inc." \
+    org.opencontainers.image.created="${BUILDTIME}" \
+    org.opencontainers.image.documentation="https://docs.docker.com/" \
+    org.opencontainers.image.licenses="Apache-2.0" \
+    org.opencontainers.image.revision="${GITCOMMIT}" \
+    org.opencontainers.image.url="https://www.docker.com/products/docker-engine" \
+    org.opencontainers.image.vendor="Docker Inc." \
+    org.opencontainers.image.version="${VERSION}" \
+    com.docker.distribution_based_engine="{\"platform\":\"${PLATFORM}\",\"engine_image\":\"${ENGINE_IMAGE}\",\"containerd_min_version\":\"1.2.0-beta.1\",\"runtime\":\"host_install\"}"
+
+ENTRYPOINT ["/bin/dockerd"]
--- a/image/Dockerfile.engine-dm
+++ b/image/Dockerfile.engine-dm
@ -0,0 +1,97 @@
+# Common builder
+ARG GO_IMAGE
+ARG BASE_IMAGE=centos:7
+FROM ${GO_IMAGE} as golang
+
+FROM ${BASE_IMAGE} as builder
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+COPY --from=golang /usr/local/go /usr/local/go
+COPY hack/dockerfile/install/tini.installer /
+COPY hack/dockerfile/install/proxy.installer /
+RUN yum install -y \
+    bash \
+    ca-certificates \
+    cmake \
+    gcc \
+    git \
+    glibc-static \
+    libtool \
+    make
+RUN grep "_COMMIT=" /*.installer  |cut -f2- -d: > /binaries-commits
+
+# dockerd
+FROM builder as dockerd-builder
+RUN yum install -y \
+    btrfs-progs-devel \
+    device-mapper-devel \
+    libseccomp-devel \
+    selinux-policy-devel \
+    systemd-devel
+WORKDIR /go/src/github.com/docker/docker
+COPY . /go/src/github.com/docker/docker
+ARG VERSION
+ARG GITCOMMIT
+ARG BUILDTIME
+ARG PLATFORM
+ARG PRODUCT
+ARG DEFAULT_PRODUCT_LICENSE
+ENV VERSION ${VERSION}
+ENV GITCOMMIT ${GITCOMMIT}
+ENV BUILDTIME ${BUILDTIME}
+ENV PLATFORM ${PLATFORM}
+ENV PRODUCT ${PRODUCT}
+ENV DEFAULT_PRODUCT_LICENSE ${DEFAULT_PRODUCT_LICENSE}
+# TODO The way we set the version could easily be simplified not to depend on hack/...
+RUN bash ./hack/make/.go-autogen
+RUN go build -o /dockerd \
+    -tags 'autogen apparmor seccomp selinux journald' \
+    -i \
+    -buildmode=pie \
+    -a -ldflags '-w'\
+    github.com/docker/docker/cmd/dockerd
+
+# docker-proxy
+# TODO if libnetwork folds into the docker tree this can be combined above
+FROM builder as proxy-builder
+RUN git clone https://github.com/docker/libnetwork.git /go/src/github.com/docker/libnetwork
+WORKDIR /go/src/github.com/docker/libnetwork
+RUN . /binaries-commits && \
+    git checkout -q "$LIBNETWORK_COMMIT" && \
+    go build -buildmode=pie -ldflags="-w" \
+        -o /docker-proxy \
+        github.com/docker/libnetwork/cmd/proxy
+
+# docker-init - TODO move this out, last time we bumped was 2016!
+FROM builder as init-builder
+RUN git clone https://github.com/krallin/tini.git /tini
+WORKDIR /tini
+RUN . /binaries-commits && \
+    git checkout -q "$TINI_COMMIT" && \
+    cmake . && make tini-static && \
+    cp tini-static /docker-init
+
+# Final docker image
+FROM scratch
+ARG VERSION
+ARG GITCOMMIT
+ARG BUILDTIME
+ARG PLATFORM
+ARG ENGINE_IMAGE
+COPY --from=dockerd-builder /dockerd /bin/
+COPY --from=proxy-builder /docker-proxy /bin/
+COPY --from=init-builder /docker-init /bin/
+
+LABEL \
+    org.opencontainers.image.authors="Docker Inc." \
+    org.opencontainers.image.created="${BUILDTIME}" \
+    org.opencontainers.image.documentation="https://docs.docker.com/" \
+    org.opencontainers.image.licenses="Apache-2.0" \
+    org.opencontainers.image.revision="${GITCOMMIT}" \
+    org.opencontainers.image.url="https://www.docker.com/products/docker-engine" \
+    org.opencontainers.image.vendor="Docker Inc." \
+    org.opencontainers.image.version="${VERSION}" \
+    com.docker.distribution_based_engine="{\"platform\":\"${PLATFORM}\",\"engine_image\":\"${ENGINE_IMAGE}\",\"containerd_min_version\":\"1.2.0-beta.1\",\"runtime\":\"host_install\"}"
+
+ENTRYPOINT ["/bin/dockerd"]
--- a/image/Makefile
+++ b/image/Makefile
@ -2,11 +2,34 @@ SHELL:=/bin/bash
 ENGINE_DIR:=$(CURDIR)/../../engine
 CLI_DIR:=$(CURDIR)/../../cli
 VERSION?=0.0.0-dev
+GO_BASE_IMAGE=golang
+GO_VERSION:=1.10.8
+ENGINE_GO_IMAGE=$(GO_BASE_IMAGE):$(GO_VERSION)
 STATIC_VERSION=$(shell ../static/gen-static-ver $(ENGINE_DIR) $(VERSION))
 DOCKER_HUB_ORG?=dockereng
 ARCH=$(shell uname -m)
 ENGINE_IMAGE?=engine-community
+CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
 DEFAULT_PRODUCT_LICENSE?=Community Engine
+PLATFORM?=Docker Engine - Community
+BUILDTIME?=$(shell date -u -d "@$${SOURCE_DATE_EPOCH:-$$(date +%s)}" --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
+IMAGE_WITH_TAG=$(DOCKER_HUB_ORG)/$(ENGINE_IMAGE):$(STATIC_VERSION)
+ifdef BASE_IMAGE
+	# TODO: Clean this up to only set ENGINE_GO_IMAGE
+	BASE_IMAGE_FLAG=--build-arg BASE_IMAGE=$(BASE_IMAGE)
+	ENGINE_GO_IMAGE=$(BASE_IMAGE)
+endif
+IMAGE_BUILD?=docker build -t  $(IMAGE_WITH_TAG) \
+	--build-arg GO_IMAGE="$(ENGINE_GO_IMAGE)" \
+	--build-arg VERSION="$(STATIC_VERSION)" \
+	--build-arg GITCOMMIT="$$(cd $(ENGINE_DIR) && git rev-parse --short=7 HEAD)" \
+	--build-arg BUILDTIME="$(BUILDTIME)" \
+	--build-arg PLATFORM="$(PLATFORM)" \
+	--build-arg PRODUCT="$(PRODUCT)" \
+	--build-arg ENGINE_IMAGE="$(ENGINE_IMAGE)" \
+	--build-arg DEFAULT_PRODUCT_LICENSE="$(DEFAULT_PRODUCT_LICENSE)" \
+	$(BASE_IMAGE_FLAG) \
+	--file $< $(ENGINE_DIR)

 .PHONY: help
 help: ## show make targets
@ -14,33 +37,54 @@ help: ## show make targets

 .PHONY: clean
 clean: ## remove build artifacts
-	-docker rmi $(DOCKER_HUB_ORG)/$(ENGINE_IMAGE):$(STATIC_VERSION)
+	-$(RM) $(ENGINE_DIR)/Dockerfile.engine
+	-$(RM) $(ENGINE_DIR)/Dockerfile.engine-dm
+	-docker rmi $(IMAGE_WITH_TAG)
+	-docker rmi $(IMAGE_WITH_TAG)-dm
 	-rm -f image-linux
+	-$(RM) -r artifacts
+	-$(RM) *.tar

 .PHONY: image
 image: image-linux

+$(ENGINE_DIR)/Dockerfile.%: Dockerfile.%
+	cp $< $@

-$(ENGINE_DIR)/Dockerfile.engine:
-	cp Dockerfile.engine $(ENGINE_DIR)
+DOCKER2OCI=artifacts/docker2oci
+$(DOCKER2OCI):
+	-$(CHOWN) -R $(shell id -u):$(shell id -g) $(@D)
+	docker run --name docker2oci $(ENGINE_GO_IMAGE) sh -c 'go get github.com/coolljt0725/docker2oci'
+	mkdir -p $(@D)
+	docker cp docker2oci:/go/bin/docker2oci "$@"
+	docker rm -f docker2oci
+	$(CHOWN) -R $(shell id -u):$(shell id -g) $(@D)

 # builds across multiple archs because the base images
 # utilize manifests
 image-linux: $(ENGINE_DIR)/Dockerfile.engine
-	docker build -t $(DOCKER_HUB_ORG)/$(ENGINE_IMAGE):$(STATIC_VERSION).$(ARCH) \
-	    --build-arg VERSION="$(STATIC_VERSION)" \
-	    --build-arg GITCOMMIT="$$(cd $(ENGINE_DIR) && git rev-parse --short=7 HEAD)" \
-	    --build-arg BUILDTIME="$(BUILDTIME)" \
-	    --build-arg PLATFORM="$(PLATFORM)" \
-	    --build-arg PRODUCT="$(PRODUCT)" \
-	    --build-arg DEFAULT_PRODUCT_LICENSE="$(DEFAULT_PRODUCT_LICENSE)" \
-	    --file $< $(ENGINE_DIR)
-	echo $(DOCKER_HUB_ORG)/$(ENGINE_IMAGE):$(STATIC_VERSION).$(ARCH) > $@
+	$(IMAGE_BUILD)
+	echo $(IMAGE_WITH_TAG) > $@

-engine-$(ARCH).tar: image-linux
+engine-$(ARCH).tar: engine-$(ARCH)-docker-compat.tar $(DOCKER2OCI)
+	mkdir -p artifacts
+	./$(DOCKER2OCI) -i $< artifacts/engine-image
+	mkdir -p $(@D)
+	tar c -C artifacts/engine-image . > $@
+
+engine-$(ARCH)-docker-compat.tar: image-linux
 	docker save -o $@ $$(cat $<)

+image-linux-dm: ENGINE_IMAGE:=$(ENGINE_IMAGE)-dm
+image-linux-dm: $(ENGINE_DIR)/Dockerfile.engine-dm
+	$(IMAGE_BUILD)
+	echo $(IMAGE_WITH_TAG) > $@

-.PHONY: release
-release:
-	docker push $(DOCKER_HUB_ORG)/$(ENGINE_IMAGE):$(STATIC_VERSION).$(ARCH)
+engine-$(ARCH)-dm.tar: engine-$(ARCH)-dm-docker-compat.tar $(DOCKER2OCI)
+	mkdir -p artifacts
+	./$(DOCKER2OCI) -i $< artifacts/engine-image
+	mkdir -p $(@D)
+	tar c -C artifacts/engine-image . > $@
+
+engine-$(ARCH)-dm-docker-compat.tar: image-linux-dm
+	docker save -o $@ $$(cat $<)
--- a/rpm/Makefile
+++ b/rpm/Makefile
@ -6,7 +6,7 @@ CLI_DIR:=$(CURDIR)/../../cli
 GITCOMMIT=$(shell cd $(ENGINE_DIR) && git rev-parse --short HEAD)
 VERSION?=0.0.0-dev
 GO_BASE_IMAGE=golang
-GO_VERSION:=1.10.3
+GO_VERSION:=1.10.8
 GO_IMAGE?=$(GO_BASE_IMAGE):$(GO_VERSION)
 GEN_RPM_VER=$(shell ./gen-rpm-ver $(CLI_DIR) $(VERSION))
 CHOWN=docker run --rm -i -v $(CURDIR):/v -w /v alpine chown
@ -15,7 +15,16 @@ DOCKERFILE=Dockerfile
 ifdef NEEDS_ARCH_SPECIFIC
 	DOCKERFILE=Dockerfile.$(ARCH)
 endif
-BUILD?=docker build --build-arg GO_IMAGE=$(GO_IMAGE) -t rpmbuild-$@/$(ARCH) -f $@/$(DOCKERFILE) .
+ifdef BUILD_IMAGE
+	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
+endif
+BUILD?=docker build \
+	$(BUILD_IMAGE_FLAG) \
+	--build-arg GO_IMAGE=$(GO_IMAGE) \
+	--build-arg ENGINE_IMAGE=$(shell cat rpmbuild/SOURCES/engine-image) \
+	-t rpmbuild-$@/$(ARCH) \
+	-f $@/$(DOCKERFILE) \
+	.

 SPEC_FILES?=docker-ce.spec docker-ce-cli.spec
 SPECS?=$(addprefix SPECS/, $(SPEC_FILES))
@ -30,9 +39,8 @@ RPMBUILD_FLAGS?=-ba\
 	--define '_origversion $(word 4, $(GEN_RPM_VER))' \
 	$(SPECS)
 RUN?=$(RPMBUILD) rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
-ENGINE_IMAGE=docker/engine-community

-SOURCE_FILES=containerd-proxy.tgz cli.tgz containerd-shim-process.tar docker.service dockerd.json engine.tar
+SOURCE_FILES=engine-image cli.tgz docker.service docker.socket distribution_based_engine.json
 SOURCES=$(addprefix rpmbuild/SOURCES/, $(SOURCE_FILES))


@ -49,6 +57,7 @@ clean: ## remove build artifacts
 	[ ! -d tmp ] || $(CHOWN) -R $(shell id -u):$(shell id -g) tmp
 	$(RM) -r tmp/
 	-docker rm docker2oci
+	$(MAKE) -C ../image clean

 .PHONY: rpm
 rpm: fedora centos ## build all rpm packages
@ -59,6 +68,14 @@ fedora: fedora-28 fedora-27 fedora-26 ## build all fedora rpm packages
 .PHONY: centos
 centos: centos-7 ## build all centos rpm packages

+.PHONY: fedora-29
+fedora-29: ## build fedora-29 rpm packages
+fedora-29: $(SOURCES)
+	$(CHOWN) -R root:root rpmbuild
+	$(BUILD)
+	$(RUN)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
+
 .PHONY: fedora-28
 fedora-28: ## build fedora-28 rpm packages
 fedora-28: $(SOURCES)
@ -91,46 +108,20 @@ rpmbuild/SOURCES/cli.tgz:
 		alpine \
 		tar -C / -c -z -f /v/cli.tgz --exclude .git cli

-rpmbuild/SOURCES/containerd-proxy.tgz:
-	mkdir -p tmp/
-	curl -fL -o tmp/containerd-proxy.tgz "https://github.com/crosbymichael/containerd-proxy/archive/$(CONTAINERD_PROXY_COMMIT).tar.gz"
-	tar xzf tmp/containerd-proxy.tgz -C tmp/
-	mv tmp/containerd-proxy-$(CONTAINERD_PROXY_COMMIT) tmp/containerd-proxy
-	mkdir -p $(@D)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
-	tar -zcf $@ -C tmp/ containerd-proxy
-	rm -rf tmp/
-
-rpmbuild/SOURCES/containerd-shim-process.tar:
-	$(CTR) content fetch $(CONTAINERD_SHIM_PROCESS_IMAGE)
-	$(CTR) image export artifacts/containerd-shim-process.tar $(CONTAINERD_SHIM_PROCESS_IMAGE)
-	mkdir -p $(@D)
-	cp artifacts/containerd-shim-process.tar $@
-	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
-
 rpmbuild/SOURCES/docker.service: ../systemd/docker.service
 	mkdir -p $(@D)
 	cp $< $@

-rpmbuild/SOURCES/dockerd.json: ../common/dockerd.json
+rpmbuild/SOURCES/docker.socket: ../systemd/docker.socket
 	mkdir -p $(@D)
-	sed -e 's!$${ENGINE_IMAGE}!$(ENGINE_IMAGE)!' -e 's/$${IMAGE_TAG}/$(IMAGE_TAG)/' $< > $@
+	cp $< $@

-# TODO: Eventually clean this up when we release an image with a manifest
-DOCKER2OCI=artifacts/docker2oci
-$(DOCKER2OCI):
-	-$(CHOWN) -R $(shell id -u):$(shell id -g) $(@D)
-	docker run --name docker2oci $(GO_IMAGE) sh -c 'go get github.com/coolljt0725/docker2oci'
+rpmbuild/SOURCES/engine-image:
+	$(MAKE) -C ../image image-linux-dm
 	mkdir -p $(@D)
-	docker cp docker2oci:/go/bin/docker2oci "$@"
-	docker rm -f docker2oci
-	$(CHOWN) -R $(shell id -u):$(shell id -g) $(@D)
+	cp ../image/image-linux-dm $@

-# offline bundle
-rpmbuild/SOURCES/engine.tar: $(DOCKER2OCI)
-	$(MAKE) -C ../image ENGINE_IMAGE=$(ENGINE_IMAGE) image-linux
-	mkdir -p artifacts
-	docker save -o artifacts/docker-engine.tar $$(cat ../image/image-linux)
-	./$(DOCKER2OCI) -i artifacts/docker-engine.tar artifacts/engine-image
+rpmbuild/SOURCES/distribution_based_engine.json: rpmbuild/SOURCES/engine-image
 	mkdir -p $(@D)
-	tar c -C artifacts/engine-image . > $@
+	docker inspect "$(shell cat $<)" \
+		--format '{{index .Config.Labels "com.docker.distribution_based_engine" }}' > $@
--- a/rpm/SPECS/docker-ce-cli.spec
+++ b/rpm/SPECS/docker-ce-cli.spec
@ -3,7 +3,7 @@
 Name: docker-ce-cli
 Version: %{_version}
 Release: %{_release}%{?dist}
-Epoch: 0
+Epoch: 1
 Summary: The open-source application container engine
 Group: Tools/Docker
 License: ASL 2.0
@ -14,7 +14,6 @@ Packager: Docker <support@docker.com>

 # required packages on install
 Requires: /bin/sh
-Requires: containerd

 BuildRequires: make
 BuildRequires: libtool-ltdl-devel
@ -26,17 +25,12 @@ Conflicts: docker-engine-cs
 Conflicts: docker-ee
 Conflicts: docker-ee-cli

-# Obsolete packages
-Obsoletes: docker-ce-selinux
-Obsoletes: docker-engine-selinux
-Obsoletes: docker-engine
-
 %description
-Docker is an open source project to build, ship and run any application as a
+Docker is is a product for you to build, ship and run any application as a
 lightweight container.

 Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest EC2 compute instance and
+they can run anywhere, from your laptop to the largest cloud compute instance and
 everything in between - and they don't require you to use a particular
 language, framework or packaging system. That makes them great building blocks
 for deploying and scaling web apps, databases, and backend services without
--- a/rpm/SPECS/docker-ce.spec
+++ b/rpm/SPECS/docker-ce.spec
@ -1,13 +1,12 @@
 %global debug_package %{nil}

+
 Name: docker-ce
 Version: %{_version}
 Release: %{_release}%{?dist}
-Epoch: 2
-Source0: containerd-proxy.tgz
-Source1: containerd-shim-process.tar
-Source2: docker.service
-Source3: engine.tar
+Epoch: 3
+Source0: docker.service
+Source1: docker.socket
 Summary: The open-source application container engine
 Group: Tools/Docker
 License: ASL 2.0
@ -16,10 +15,17 @@ Vendor: Docker
 Packager: Docker <support@docker.com>

 Requires: docker-ce-cli
+Requires: container-selinux >= 2.9
+Requires: libseccomp >= 2.3
 Requires: systemd-units
 Requires: iptables
-# Should be required as well by docker-ce-cli but let's just be thorough
-Requires: containerd.io
+Requires: libcgroup
+Requires: containerd.io >= 1.2.2-3
+Requires: tar
+Requires: xz
+
+# Resolves: rhbz#1165615
+Requires: device-mapper-libs >= 1.02.90-1

 BuildRequires: which
 BuildRequires: make
@ -38,42 +44,36 @@ Obsoletes: docker-engine-selinux
 Obsoletes: docker-engine

 %description
-Docker is an open source project to build, ship and run any application as a
+Docker is is a product for you to build, ship and run any application as a
 lightweight container.

 Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest EC2 compute instance and
+they can run anywhere, from your laptop to the largest cloud compute instance and
 everything in between - and they don't require you to use a particular
 language, framework or packaging system. That makes them great building blocks
 for deploying and scaling web apps, databases, and backend services without
 depending on a particular stack or provider.

 %prep
-%setup -q -c -n src

 %build
-# dockerd proxy compilation
-mkdir -p /go/src/github.com/crosbymichael/
-ls %{_topdir}/BUILD/src
-ln -s %{_topdir}/BUILD/src/containerd-proxy /go/src/github.com/crosbymichael/containerd-proxy
-pushd /go/src/github.com/crosbymichael/containerd-proxy
-make SCOPE_LABEL="com.docker/containerd-proxy.scope" ANY_SCOPE="ee" bin/containerd-proxy
-popd

 %install
 # Install containerd-proxy as dockerd
-install -D -m 0755 %{_topdir}/BUILD/src/containerd-proxy/bin/containerd-proxy $RPM_BUILD_ROOT/%{_bindir}/dockerd
-install -D -m 0644 %{_topdir}/SOURCES/containerd-shim-process.tar $RPM_BUILD_ROOT/%{_sharedstatedir}/containerd-offline-installer/containerd-shim-process.tar
-install -D -m 0644 %{_topdir}/SOURCES/engine.tar $RPM_BUILD_ROOT/%{_sharedstatedir}/docker-engine/engine.tar
+install -D -m 0755 /sources/dockerd $RPM_BUILD_ROOT/%{_bindir}/dockerd-ce
+install -D -m 0755 /sources/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
+install -D -m 0755 /sources/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
 install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service
-install -D -m 0644 %{_topdir}/SOURCES/dockerd.json $RPM_BUILD_ROOT/etc/containerd-proxy/dockerd.json
+install -D -m 0644 %{_topdir}/SOURCES/docker.socket $RPM_BUILD_ROOT/%{_unitdir}/docker.socket
+install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ROOT/var/lib/docker-engine/distribution_based_engine-ce.json

 %files
-/%{_bindir}/dockerd
-/%{_sharedstatedir}/containerd-offline-installer/containerd-shim-process.tar
-/%{_sharedstatedir}/docker-engine/engine.tar
+/%{_bindir}/dockerd-ce
+/%{_bindir}/docker-proxy
+/%{_bindir}/docker-init
 /%{_unitdir}/docker.service
-/etc/containerd-proxy/dockerd.json
+/%{_unitdir}/docker.socket
+/var/lib/docker-engine/distribution_based_engine-ce.json

 %pre
 if [ $1 -gt 0 ] ; then
@ -94,15 +94,51 @@ fi
 if ! getent group docker > /dev/null; then
    groupadd --system docker
 fi
+dbefile=/var/lib/docker-engine/distribution_based_engine.json
+URL=https://docs.docker.com/releasenote
+if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then
+    echo
+    echo
+    echo
+    echo "Warning: Your engine has been activated to Docker Engine - Enterprise but you are still using Community packages"
+    echo "You can use the 'docker engine update' command to update your system, or switch to using the Enterprise packages."
+    echo "See $URL for more details."
+    echo
+    echo
+    echo
+else
+    rm -f %{_bindir}/dockerd
+    update-alternatives --install %{_bindir}/dockerd dockerd %{_bindir}/dockerd-ce 1 \
+        --slave "${dbefile}" distribution_based_engine.json /var/lib/docker-engine/distribution_based_engine-ce.json
+fi
+

 %preun
 %systemd_preun docker
+update-alternatives --remove dockerd %{_bindir}/dockerd || true

 %postun
 %systemd_postun_with_restart docker

 %posttrans
 if [ $1 -ge 0 ] ; then
+    dbefile=/var/lib/docker-engine/distribution_based_engine.json
+    URL=https://docs.docker.com/releasenote
+    if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then
+        echo
+        echo
+        echo
+        echo "Warning: Your engine has been activated to Docker Engine - Enterprise but you are still using Community packages"
+        echo "You can use the 'docker engine update' command to update your system, or switch to using the Enterprise packages."
+        echo "See $URL for more details."
+        echo
+        echo
+        echo
+    else
+        rm -f %{_bindir}/dockerd
+        update-alternatives --install %{_bindir}/dockerd dockerd %{_bindir}/dockerd-ce 1 \
+            --slave "${dbefile}" distribution_based_engine.json /var/lib/docker-engine/distribution_based_engine-ce.json
+    fi
    # package upgrade scenario, after new files are installed

    # check if docker was running before upgrade
--- a/rpm/centos-7/Dockerfile
+++ b/rpm/centos-7/Dockerfile
@ -1,7 +1,10 @@
 ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=centos:7
 FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine

-FROM centos:7
+FROM ${BUILD_IMAGE}
 ENV DISTRO centos
 ENV SUITE 7
 ENV GOPATH=/go
@ -15,5 +18,8 @@ COPY SPECS /root/rpmbuild/SPECS
 RUN sed -i 's/altarch/centos/g' /etc/yum.repos.d/CentOS-Sources.repo
 RUN yum-builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --from=golang /usr/local/go /usr/local/go/
+COPY --from=engine /bin/dockerd /sources/
+COPY --from=engine /bin/docker-proxy /sources/
+COPY --from=engine /bin/docker-init /sources/
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/centos-7/docker-ce.spec
+++ b/rpm/centos-7/docker-ce.spec
@ -1,217 +0,0 @@
-Name: docker-ce
-Version: %{_version}
-Release: %{_release}%{?dist}
-Epoch: 2
-Summary: The open-source application container engine
-Group: Tools/Docker
-License: ASL 2.0
-Source0: engine.tgz
-Source1: cli.tgz
-URL: https://www.docker.com
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-# DWZ problem with multiple golang binary, see bug
-# https://bugzilla.redhat.com/show_bug.cgi?id=995136#c12
-%global _dwz_low_mem_die_limit 0
-%global is_systemd 1
-%global with_selinux 1
-
-BuildRequires: make
-BuildRequires: cmake
-BuildRequires: gcc
-BuildRequires: git
-BuildRequires: glibc-static
-BuildRequires: libtool-ltdl-devel
-BuildRequires: libseccomp-devel
-BuildRequires: device-mapper-devel
-BuildRequires: btrfs-progs-devel
-BuildRequires: pkgconfig(systemd)
-BuildRequires: pkgconfig(libsystemd-journal)
-
-# required packages on install
-Requires: /bin/sh
-Requires: container-selinux >= 2.9
-Requires: libseccomp >= 2.3
-Requires: iptables
-Requires: libcgroup
-Requires: systemd-units
-Requires: tar
-Requires: xz
-
-# Resolves: rhbz#1165615
-Requires: device-mapper-libs >= 1.02.90-1
-
-# conflicting packages
-Conflicts: docker
-Conflicts: docker-io
-Conflicts: docker-engine-cs
-Conflicts: docker-ee
-
-# Obsolete packages
-Obsoletes: docker-ce-selinux
-Obsoletes: docker-engine-selinux
-Obsoletes: docker-engine
-
-%description
-Docker is an open source project to build, ship and run any application as a
-lightweight container.
-
-Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest EC2 compute instance and
-everything in between - and they don't require you to use a particular
-language, framework or packaging system. That makes them great building blocks
-for deploying and scaling web apps, databases, and backend services without
-depending on a particular stack or provider.
-
-%prep
-%setup -q -c -n src -a 1
-
-%build
-export DOCKER_GITCOMMIT=%{_gitcommit}
-mkdir -p /go/src/github.com/docker
-rm -f /go/src/github.com/docker/cli
-ln -s /root/rpmbuild/BUILD/src/cli /go/src/github.com/docker/cli
-pushd /go/src/github.com/docker/cli
-DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{_origversion} GITCOMMIT=%{_gitcommit} dynbinary manpages # cli
-popd
-pushd engine
-for component in tini "proxy dynamic" "runc all" "containerd dynamic";do
-    TMP_GOPATH="/go" hack/dockerfile/install/install.sh $component
-done
-VERSION=%{_origversion} hack/make.sh dynbinary
-popd
-
-%check
-cli/build/docker -v
-engine/bundles/dynbinary-daemon/dockerd -v
-
-%install
-# install binary
-install -d $RPM_BUILD_ROOT/%{_bindir}
-install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker
-install -p -m 755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) $RPM_BUILD_ROOT/%{_bindir}/dockerd
-
-# install proxy
-install -p -m 755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
-
-# install containerd
-install -p -m 755 /usr/local/bin/docker-containerd $RPM_BUILD_ROOT/%{_bindir}/docker-containerd
-install -p -m 755 /usr/local/bin/docker-containerd-shim $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-shim
-install -p -m 755 /usr/local/bin/docker-containerd-ctr $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-ctr
-
-# install runc
-install -p -m 755 /usr/local/bin/docker-runc $RPM_BUILD_ROOT/%{_bindir}/docker-runc
-
-# install tini
-install -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
-
-# install udev rules
-install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d
-install -p -m 644 engine/contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules
-
-# add init scripts
-install -d $RPM_BUILD_ROOT/etc/sysconfig
-install -d $RPM_BUILD_ROOT/%{_initddir}
-install -d $RPM_BUILD_ROOT/%{_unitdir}
-install -p -m 644 /systemd/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service
-# add bash, zsh, and fish completions
-install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
-install -d $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions
-install -d $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d
-install -p -m 644 cli/contrib/completion/bash/docker $RPM_BUILD_ROOT/usr/share/bash-completion/completions/docker
-install -p -m 644 cli/contrib/completion/zsh/_docker $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions/_docker
-install -p -m 644 cli/contrib/completion/fish/docker.fish $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d/docker.fish
-
-# install manpages
-install -d %{buildroot}%{_mandir}/man1
-install -p -m 644 cli/man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1
-install -d %{buildroot}%{_mandir}/man5
-install -p -m 644 cli/man/man5/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5
-install -d %{buildroot}%{_mandir}/man8
-install -p -m 644 cli/man/man8/*.8 $RPM_BUILD_ROOT/%{_mandir}/man8
-
-# add vimfiles
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax
-install -p -m 644 engine/contrib/syntax/vim/doc/dockerfile.txt $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc/dockerfile.txt
-install -p -m 644 engine/contrib/syntax/vim/ftdetect/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-install -p -m 644 engine/contrib/syntax/vim/syntax/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax/dockerfile.vim
-
-# add nano
-install -d $RPM_BUILD_ROOT/usr/share/nano
-install -p -m 644 engine/contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/share/nano/Dockerfile.nanorc
-
-mkdir -p build-docs
-for engine_file in AUTHORS CHANGELOG.md CONTRIBUTING.md LICENSE MAINTAINERS NOTICE README.md; do
-    cp "engine/$engine_file" "build-docs/engine-$engine_file"
-done
-for cli_file in LICENSE MAINTAINERS NOTICE README.md; do
-    cp "cli/$cli_file" "build-docs/cli-$cli_file"
-done
-
-# list files owned by the package here
-%files
-%doc build-docs/engine-AUTHORS build-docs/engine-CHANGELOG.md build-docs/engine-CONTRIBUTING.md build-docs/engine-LICENSE build-docs/engine-MAINTAINERS build-docs/engine-NOTICE build-docs/engine-README.md
-%doc build-docs/cli-LICENSE build-docs/cli-MAINTAINERS build-docs/cli-NOTICE build-docs/cli-README.md
-/%{_bindir}/docker
-/%{_bindir}/dockerd
-/%{_bindir}/docker-containerd
-/%{_bindir}/docker-containerd-shim
-/%{_bindir}/docker-containerd-ctr
-/%{_bindir}/docker-proxy
-/%{_bindir}/docker-runc
-/%{_bindir}/docker-init
-/%{_sysconfdir}/udev/rules.d/80-docker.rules
-/%{_unitdir}/docker.service
-/usr/share/bash-completion/completions/docker
-/usr/share/zsh/vendor-completions/_docker
-/usr/share/fish/vendor_completions.d/docker.fish
-%doc
-/%{_mandir}/man1/*
-/%{_mandir}/man5/*
-/%{_mandir}/man8/*
-/usr/share/vim/vimfiles/doc/dockerfile.txt
-/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-/usr/share/vim/vimfiles/syntax/dockerfile.vim
-/usr/share/nano/Dockerfile.nanorc
-
-%pre
-if [ $1 -gt 0 ] ; then
-    # package upgrade scenario, before new files are installed
-
-    # clear any old state
-    rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
-
-    # check if docker service is running
-    if systemctl is-active docker > /dev/null 2>&1; then
-        systemctl stop docker > /dev/null 2>&1 || :
-        touch %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
-    fi
-fi
-
-%post
-%systemd_post docker
-if ! getent group docker > /dev/null; then
-    groupadd --system docker
-fi
-
-%preun
-%systemd_preun docker
-
-%postun
-%systemd_postun_with_restart docker
-
-%posttrans
-if [ $1 -ge 0 ] ; then
-    # package upgrade scenario, after new files are installed
-
-    # check if docker was running before upgrade
-    if [ -f %{_localstatedir}/lib/rpm-state/docker-is-active ]; then
-        systemctl start docker > /dev/null 2>&1 || :
-        rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
-    fi
-fi
-
-%changelog
--- a/rpm/fedora-27/Dockerfile
+++ b/rpm/fedora-27/Dockerfile
@ -1,7 +1,10 @@
 ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=fedora:27
 FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine

-FROM fedora:27
+FROM ${BUILD_IMAGE}
 ENV DISTRO fedora
 ENV SUITE 27
 ENV GOPATH /go
@ -13,5 +16,8 @@ RUN dnf install -y rpm-build rpmlint dnf-plugins-core
 COPY SPECS /root/rpmbuild/SPECS
 RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --from=golang /usr/local/go /usr/local/go/
+COPY --from=engine /bin/dockerd /sources/
+COPY --from=engine /bin/docker-proxy /sources/
+COPY --from=engine /bin/docker-init /sources/
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/fedora-27/docker-ce.spec
+++ b/rpm/fedora-27/docker-ce.spec
@ -1,221 +0,0 @@
-Name: docker-ce
-Version: %{_version}
-Release: %{_release}%{?dist}
-Epoch: 2
-Summary: The open-source application container engine
-Group: Tools/Docker
-License: ASL 2.0
-Source0: engine.tgz
-Source1: cli.tgz
-URL: https://www.docker.com
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-# DWZ problem with multiple golang binary, see bug
-# https://bugzilla.redhat.com/show_bug.cgi?id=995136#c12
-%global _dwz_low_mem_die_limit 0
-%global is_systemd 1
-%global with_selinux 1
-%global _missing_build_ids_terminate_build 0
-
-BuildRequires: make
-BuildRequires: cmake
-BuildRequires: gcc
-BuildRequires: git
-BuildRequires: glibc-static
-BuildRequires: libtool-ltdl-devel
-BuildRequires: libseccomp-devel
-BuildRequires: device-mapper-devel
-BuildRequires: btrfs-progs-devel
-BuildRequires: pkgconfig(systemd)
-
-# required packages on install
-Requires: /bin/sh
-Requires: container-selinux >= 2.9
-Requires: iptables
-Requires: libcgroup
-Requires: systemd-units
-Requires: tar
-Requires: xz
-Requires: pigz
-
-# Resolves: rhbz#1165615
-Requires: device-mapper-libs >= 1.02.90-1
-
-# conflicting packages
-Conflicts: docker
-Conflicts: docker-io
-Conflicts: docker-engine-cs
-Conflicts: docker-ee
-
-# Obsolete packages
-Obsoletes: docker-ce-selinux
-Obsoletes: docker-engine-selinux
-Obsoletes: docker-engine
-
-%description
-Docker is an open source project to build, ship and run any application as a
-lightweight container.
-
-Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest EC2 compute instance and
-everything in between - and they don't require you to use a particular
-language, framework or packaging system. That makes them great building blocks
-for deploying and scaling web apps, databases, and backend services without
-depending on a particular stack or provider.
-
-%prep
-%setup -q -c -n src -a 1
-
-%build
-export DOCKER_GITCOMMIT=%{_gitcommit}
-mkdir -p /go/src/github.com/docker
-rm -f /go/src/github.com/docker/cli
-ln -s /root/rpmbuild/BUILD/src/cli /go/src/github.com/docker/cli
-pushd /go/src/github.com/docker/cli
-DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{_origversion} GITCOMMIT=%{_gitcommit} dynbinary manpages # cli
-popd
-pushd engine
-for component in tini "proxy dynamic" "runc all" "containerd dynamic";do
-    TMP_GOPATH="/go" hack/dockerfile/install/install.sh $component
-done
-VERSION=%{_origversion} hack/make.sh dynbinary
-popd
-mkdir -p plugin
-printf '{"edition_type":"ce","edition_name":"%s","edition_version":"%s"}\n' "${DISTRO}" "%{_version}" > plugin/.plugin-metadata
-
-%check
-cli/build/docker -v
-engine/bundles/dynbinary-daemon/dockerd -v
-
-%install
-# install binary
-install -d $RPM_BUILD_ROOT/%{_bindir}
-install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker
-install -p -m 755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) $RPM_BUILD_ROOT/%{_bindir}/dockerd
-
-# install proxy
-install -p -m 755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
-
-# install containerd
-install -p -m 755 /usr/local/bin/docker-containerd $RPM_BUILD_ROOT/%{_bindir}/docker-containerd
-install -p -m 755 /usr/local/bin/docker-containerd-shim $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-shim
-install -p -m 755 /usr/local/bin/docker-containerd-ctr $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-ctr
-
-# install runc
-install -p -m 755 /usr/local/bin/docker-runc $RPM_BUILD_ROOT/%{_bindir}/docker-runc
-
-# install tini
-install -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
-
-# install udev rules
-install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d
-install -p -m 644 engine/contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules
-
-# add init scripts
-install -d $RPM_BUILD_ROOT/etc/sysconfig
-install -d $RPM_BUILD_ROOT/%{_initddir}
-install -d $RPM_BUILD_ROOT/%{_unitdir}
-# Fedora 25+ supports (and needs) TasksMax
-sed -i 's/^#TasksMax=/TasksMax=/' /systemd/docker.service
-install -p -m 644 /systemd/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service
-# add bash, zsh, and fish completions
-install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
-install -d $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions
-install -d $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d
-install -p -m 644 cli/contrib/completion/bash/docker $RPM_BUILD_ROOT/usr/share/bash-completion/completions/docker
-install -p -m 644 cli/contrib/completion/zsh/_docker $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions/_docker
-install -p -m 644 cli/contrib/completion/fish/docker.fish $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d/docker.fish
-
-# install manpages
-install -d %{buildroot}%{_mandir}/man1
-install -p -m 644 cli/man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1
-install -d %{buildroot}%{_mandir}/man5
-install -p -m 644 cli/man/man5/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5
-install -d %{buildroot}%{_mandir}/man8
-install -p -m 644 cli/man/man8/*.8 $RPM_BUILD_ROOT/%{_mandir}/man8
-
-# add vimfiles
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax
-install -p -m 644 engine/contrib/syntax/vim/doc/dockerfile.txt $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc/dockerfile.txt
-install -p -m 644 engine/contrib/syntax/vim/ftdetect/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-install -p -m 644 engine/contrib/syntax/vim/syntax/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax/dockerfile.vim
-
-# add nano
-install -d $RPM_BUILD_ROOT/usr/share/nano
-install -p -m 644 engine/contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/share/nano/Dockerfile.nanorc
-
-mkdir -p build-docs
-for engine_file in AUTHORS CHANGELOG.md CONTRIBUTING.md LICENSE MAINTAINERS NOTICE README.md; do
-    cp "engine/$engine_file" "build-docs/engine-$engine_file"
-done
-for cli_file in LICENSE MAINTAINERS NOTICE README.md; do
-    cp "cli/$cli_file" "build-docs/cli-$cli_file"
-done
-
-# list files owned by the package here
-%files
-%doc build-docs/engine-AUTHORS build-docs/engine-CHANGELOG.md build-docs/engine-CONTRIBUTING.md build-docs/engine-LICENSE build-docs/engine-MAINTAINERS build-docs/engine-NOTICE build-docs/engine-README.md
-%doc build-docs/cli-LICENSE build-docs/cli-MAINTAINERS build-docs/cli-NOTICE build-docs/cli-README.md
-/%{_bindir}/docker
-/%{_bindir}/dockerd
-/%{_bindir}/docker-containerd
-/%{_bindir}/docker-containerd-shim
-/%{_bindir}/docker-containerd-ctr
-/%{_bindir}/docker-proxy
-/%{_bindir}/docker-runc
-/%{_bindir}/docker-init
-/%{_sysconfdir}/udev/rules.d/80-docker.rules
-/%{_unitdir}/docker.service
-/usr/share/bash-completion/completions/docker
-/usr/share/zsh/vendor-completions/_docker
-/usr/share/fish/vendor_completions.d/docker.fish
-%doc
-/%{_mandir}/man1/*
-/%{_mandir}/man5/*
-/%{_mandir}/man8/*
-/usr/share/vim/vimfiles/doc/dockerfile.txt
-/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-/usr/share/vim/vimfiles/syntax/dockerfile.vim
-/usr/share/nano/Dockerfile.nanorc
-
-%pre
-if [ $1 -gt 0 ] ; then
-    # package upgrade scenario, before new files are installed
-
-    # clear any old state
-    rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
-
-    # check if docker service is running
-    if systemctl is-active docker > /dev/null 2>&1; then
-        systemctl stop docker > /dev/null 2>&1 || :
-        touch %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
-    fi
-fi
-
-%post
-%systemd_post docker
-if ! getent group docker > /dev/null; then
-    groupadd --system docker
-fi
-
-%preun
-%systemd_preun docker
-
-%postun
-%systemd_postun_with_restart docker
-
-%posttrans
-if [ $1 -ge 0 ] ; then
-    # package upgrade scenario, after new files are installed
-
-    # check if docker was running before upgrade
-    if [ -f %{_localstatedir}/lib/rpm-state/docker-is-active ]; then
-        systemctl start docker > /dev/null 2>&1 || :
-        rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
-    fi
-fi
-
-%changelog
--- a/rpm/fedora-28/Dockerfile
+++ b/rpm/fedora-28/Dockerfile
@ -1,16 +1,23 @@
 ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=fedora:28
 FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine

-FROM fedora:28
+FROM ${BUILD_IMAGE}
 ENV DISTRO fedora
 ENV SUITE 28
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
 ENV RUNC_BUILDTAGS seccomp selinux
 RUN dnf install -y rpm-build rpmlint dnf-plugins-core
 COPY SPECS /root/rpmbuild/SPECS
 RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --from=golang /usr/local/go /usr/local/go/
+COPY --from=engine /bin/dockerd /sources/
+COPY --from=engine /bin/docker-proxy /sources/
+COPY --from=engine /bin/docker-init /sources/
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/fedora-28/docker-ce.spec
+++ b/rpm/fedora-28/docker-ce.spec
@ -1,221 +0,0 @@
-Name: docker-ce
-Version: %{_version}
-Release: %{_release}%{?dist}
-Epoch: 2
-Summary: The open-source application container engine
-Group: Tools/Docker
-License: ASL 2.0
-Source0: engine.tgz
-Source1: cli.tgz
-URL: https://www.docker.com
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-# DWZ problem with multiple golang binary, see bug
-# https://bugzilla.redhat.com/show_bug.cgi?id=995136#c12
-%global _dwz_low_mem_die_limit 0
-%global is_systemd 1
-%global with_selinux 1
-%global _missing_build_ids_terminate_build 0
-
-BuildRequires: make
-BuildRequires: cmake
-BuildRequires: gcc
-BuildRequires: git
-BuildRequires: glibc-static
-BuildRequires: libtool-ltdl-devel
-BuildRequires: libseccomp-devel
-BuildRequires: device-mapper-devel
-BuildRequires: btrfs-progs-devel
-BuildRequires: pkgconfig(systemd)
-
-# required packages on install
-Requires: /bin/sh
-Requires: container-selinux >= 2.9
-Requires: iptables
-Requires: libcgroup
-Requires: systemd-units
-Requires: tar
-Requires: xz
-Requires: pigz
-
-# Resolves: rhbz#1165615
-Requires: device-mapper-libs >= 1.02.90-1
-
-# conflicting packages
-Conflicts: docker
-Conflicts: docker-io
-Conflicts: docker-engine-cs
-Conflicts: docker-ee
-
-# Obsolete packages
-Obsoletes: docker-ce-selinux
-Obsoletes: docker-engine-selinux
-Obsoletes: docker-engine
-
-%description
-Docker is an open source project to build, ship and run any application as a
-lightweight container.
-
-Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest EC2 compute instance and
-everything in between - and they don't require you to use a particular
-language, framework or packaging system. That makes them great building blocks
-for deploying and scaling web apps, databases, and backend services without
-depending on a particular stack or provider.
-
-%prep
-%setup -q -c -n src -a 1
-
-%build
-export DOCKER_GITCOMMIT=%{_gitcommit}
-mkdir -p /go/src/github.com/docker
-rm -f /go/src/github.com/docker/cli
-ln -s /root/rpmbuild/BUILD/src/cli /go/src/github.com/docker/cli
-pushd /go/src/github.com/docker/cli
-DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{_origversion} GITCOMMIT=%{_gitcommit} dynbinary manpages # cli
-popd
-pushd engine
-for component in tini "proxy dynamic" "runc all" "containerd dynamic";do
-    TMP_GOPATH="/go" hack/dockerfile/install/install.sh $component
-done
-VERSION=%{_origversion} hack/make.sh dynbinary
-popd
-mkdir -p plugin
-printf '{"edition_type":"ce","edition_name":"%s","edition_version":"%s"}\n' "${DISTRO}" "%{_version}" > plugin/.plugin-metadata
-
-%check
-cli/build/docker -v
-engine/bundles/dynbinary-daemon/dockerd -v
-
-%install
-# install binary
-install -d $RPM_BUILD_ROOT/%{_bindir}
-install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker
-install -p -m 755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) $RPM_BUILD_ROOT/%{_bindir}/dockerd
-
-# install proxy
-install -p -m 755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
-
-# install containerd
-install -p -m 755 /usr/local/bin/docker-containerd $RPM_BUILD_ROOT/%{_bindir}/docker-containerd
-install -p -m 755 /usr/local/bin/docker-containerd-shim $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-shim
-install -p -m 755 /usr/local/bin/docker-containerd-ctr $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-ctr
-
-# install runc
-install -p -m 755 /usr/local/bin/docker-runc $RPM_BUILD_ROOT/%{_bindir}/docker-runc
-
-# install tini
-install -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
-
-# install udev rules
-install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d
-install -p -m 644 engine/contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules
-
-# add init scripts
-install -d $RPM_BUILD_ROOT/etc/sysconfig
-install -d $RPM_BUILD_ROOT/%{_initddir}
-install -d $RPM_BUILD_ROOT/%{_unitdir}
-# Fedora 25+ supports (and needs) TasksMax
-sed -i 's/^#TasksMax=/TasksMax=/' /systemd/docker.service
-install -p -m 644 /systemd/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service
-# add bash, zsh, and fish completions
-install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
-install -d $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions
-install -d $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d
-install -p -m 644 cli/contrib/completion/bash/docker $RPM_BUILD_ROOT/usr/share/bash-completion/completions/docker
-install -p -m 644 cli/contrib/completion/zsh/_docker $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions/_docker
-install -p -m 644 cli/contrib/completion/fish/docker.fish $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d/docker.fish
-
-# install manpages
-install -d %{buildroot}%{_mandir}/man1
-install -p -m 644 cli/man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1
-install -d %{buildroot}%{_mandir}/man5
-install -p -m 644 cli/man/man5/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5
-install -d %{buildroot}%{_mandir}/man8
-install -p -m 644 cli/man/man8/*.8 $RPM_BUILD_ROOT/%{_mandir}/man8
-
-# add vimfiles
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax
-install -p -m 644 engine/contrib/syntax/vim/doc/dockerfile.txt $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc/dockerfile.txt
-install -p -m 644 engine/contrib/syntax/vim/ftdetect/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-install -p -m 644 engine/contrib/syntax/vim/syntax/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax/dockerfile.vim
-
-# add nano
-install -d $RPM_BUILD_ROOT/usr/share/nano
-install -p -m 644 engine/contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/share/nano/Dockerfile.nanorc
-
-mkdir -p build-docs
-for engine_file in AUTHORS CHANGELOG.md CONTRIBUTING.md LICENSE MAINTAINERS NOTICE README.md; do
-    cp "engine/$engine_file" "build-docs/engine-$engine_file"
-done
-for cli_file in LICENSE MAINTAINERS NOTICE README.md; do
-    cp "cli/$cli_file" "build-docs/cli-$cli_file"
-done
-
-# list files owned by the package here
-%files
-%doc build-docs/engine-AUTHORS build-docs/engine-CHANGELOG.md build-docs/engine-CONTRIBUTING.md build-docs/engine-LICENSE build-docs/engine-MAINTAINERS build-docs/engine-NOTICE build-docs/engine-README.md
-%doc build-docs/cli-LICENSE build-docs/cli-MAINTAINERS build-docs/cli-NOTICE build-docs/cli-README.md
-/%{_bindir}/docker
-/%{_bindir}/dockerd
-/%{_bindir}/docker-containerd
-/%{_bindir}/docker-containerd-shim
-/%{_bindir}/docker-containerd-ctr
-/%{_bindir}/docker-proxy
-/%{_bindir}/docker-runc
-/%{_bindir}/docker-init
-/%{_sysconfdir}/udev/rules.d/80-docker.rules
-/%{_unitdir}/docker.service
-/usr/share/bash-completion/completions/docker
-/usr/share/zsh/vendor-completions/_docker
-/usr/share/fish/vendor_completions.d/docker.fish
-%doc
-/%{_mandir}/man1/*
-/%{_mandir}/man5/*
-/%{_mandir}/man8/*
-/usr/share/vim/vimfiles/doc/dockerfile.txt
-/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-/usr/share/vim/vimfiles/syntax/dockerfile.vim
-/usr/share/nano/Dockerfile.nanorc
-
-%pre
-if [ $1 -gt 0 ] ; then
-    # package upgrade scenario, before new files are installed
-
-    # clear any old state
-    rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
-
-    # check if docker service is running
-    if systemctl is-active docker > /dev/null 2>&1; then
-        systemctl stop docker > /dev/null 2>&1 || :
-        touch %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
-    fi
-fi
-
-%post
-%systemd_post docker
-if ! getent group docker > /dev/null; then
-    groupadd --system docker
-fi
-
-%preun
-%systemd_preun docker
-
-%postun
-%systemd_postun_with_restart docker
-
-%posttrans
-if [ $1 -ge 0 ] ; then
-    # package upgrade scenario, after new files are installed
-
-    # check if docker was running before upgrade
-    if [ -f %{_localstatedir}/lib/rpm-state/docker-is-active ]; then
-        systemctl start docker > /dev/null 2>&1 || :
-        rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
-    fi
-fi
-
-%changelog
--- a/rpm/fedora-29/Dockerfile
+++ b/rpm/fedora-29/Dockerfile
@ -0,0 +1,23 @@
+ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=fedora:29
+FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine
+
+FROM ${BUILD_IMAGE}
+ENV DISTRO fedora
+ENV SUITE 29
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+RUN dnf install -y rpm-build rpmlint dnf-plugins-core
+COPY SPECS /root/rpmbuild/SPECS
+RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --from=golang /usr/local/go /usr/local/go/
+COPY --from=engine /bin/dockerd /sources/
+COPY --from=engine /bin/docker-proxy /sources/
+COPY --from=engine /bin/docker-init /sources/
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]
--- a/static/Makefile
+++ b/static/Makefile
@ -24,7 +24,7 @@ static: static-linux cross-mac cross-win cross-arm ## create all static packages
 static-linux: static-cli static-engine ## create tgz with linux x86_64 client and server
 	mkdir -p build/linux/docker
 	cp $(CLI_DIR)/build/docker build/linux/docker/
-	for f in dockerd docker-containerd docker-containerd-ctr docker-containerd-shim docker-init docker-proxy docker-runc; do \
+	for f in dockerd containerd ctr containerd-shim docker-init docker-proxy runc; do \
 		cp -L $(ENGINE_DIR)/bundles/binary-daemon/$$f build/linux/docker/$$f; \
 	done
 	tar -C build/linux -c -z -f build/linux/docker-$(STATIC_VERSION).tgz docker
--- a/systemd/docker.service
+++ b/systemd/docker.service
@ -2,18 +2,46 @@
 Description=Docker Application Container Engine
 Documentation=https://docs.docker.com
 BindsTo=containerd.service
-After=network-online.target firewalld.service
+After=network-online.target firewalld.service containerd.service
 Wants=network-online.target
+Requires=docker.socket

 [Service]
-# Install containerd-shim-process if it's not already installed
-ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd-offline-installer/containerd-shim-process.tar docker.io/docker/containerd-shim-process
-ExecStart=/usr/bin/dockerd
+Type=notify
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
+ExecReload=/bin/kill -s HUP $MAINPID
 TimeoutSec=0
+RestartSec=2
 Restart=always
-# On RPM Based distributions PATH isn't defined so we define it here
-# /opt/containerd/bin is in front so dockerd grabs the correct runc binary
-Environment="PATH=/opt/containerd/bin:/sbin:/usr/bin:/usr/local/bin:$PATH"
+
+# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
+# Both the old, and new location are accepted by systemd 229 and up, so using the old location
+# to make them work for either version of systemd.
+StartLimitBurst=3
+
+# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
+# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
+# this option work for either version of systemd.
+StartLimitInterval=60s
+
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+
+# Comment TasksMax if your systemd version does not supports it.
+# Only systemd 226 and above support this option.
+TasksMax=infinity
+
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
+
+# kill only the docker process, not all processes in the cgroup
+KillMode=process

 [Install]
 WantedBy=multi-user.target
--- a/deb/systemd/docker.socket
+++ b/deb/systemd/docker.socket