Merge pull request #294 from thaJeztah/18.09_backport_start_dockerd_after_containerd

[18.09 backport] Start docker.service after containerd.service

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,30 +0,0 @@
-<!--
-Please make sure you've read and understood our contributing guidelines;
-https://github.com/docker/cli/blob/master/CONTRIBUTING.md
-
-** Make sure all your commits include a signature generated with `git commit -s` **
-
-For additional information on our contributing process, read our contributing
-guide https://docs.docker.com/opensource/code/
-
-If this is a bug fix, make sure your description includes "fixes #xxxx", or
-"closes #xxxx"
-
-Please provide the following information:
--->
-
-**- What I did**
-
-
-**- Description for the changelog**
-<!--
-Write a short (one line) summary that describes the changes in this
-pull request for inclusion in the changelog.
-It must be placed inside the below triple backticks section.
-
-NOTE: Only fill this section if changes introduced in this PR are user-facing.
-The PR must have a relevant impact/ label.
--->
-```markdown changelog
-
-```

.github/workflows/ci.yml

@@ -1,58 +0,0 @@
-name: ci
-
-# Default to 'contents: read', which grants actions to read commits.
-#
-# If any permission is set, any permission not included in the list is
-# implicitly set to "none".
-#
-# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]{2}'
-    tags:
-      - 'v*'
-  pull_request:
-
-jobs:
-  generate-matrix:
-    runs-on: ubuntu-24.04
-    outputs:
-      targets: ${{ steps.get-targets.outputs.targets }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Get targets
-        id: get-targets
-        run: |
-          echo "targets=$(jq -c '[to_entries[] | .key as $distro | .value.arches[] | {distro: $distro, arch: .}]' distros.json)" >> $GITHUB_OUTPUT
-
-  build:
-    needs:
-      - generate-matrix
-    runs-on: ${{ matrix.target.arch != 'amd64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
-    timeout-minutes: 60 # guardrails timeout for the whole job
-    strategy:
-      fail-fast: false
-      matrix:
-        target: ${{ fromJson(needs.generate-matrix.outputs.targets) }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build
-        run: |
-          make ARCH=${{ matrix.target.arch }} ${{ matrix.target.distro }}

.gitignore

@@ -1,6 +1,8 @@
 build
 debbuild
 rpmbuild
+tmp
+artifacts
 sources
-src
 *.tar
+image-linux*

.unir.yml

@@ -1,10 +1,9 @@
 # The list of people who can trigger an auto-merge with approvals
 whitelist:
-  - andrewhsu
-  - silvin-lubecki
-  - StefanScherer
-  - thaJeztah
-  - zelahi
+    - seemethere
+    - andrewhsu
+    - jose-bigio
+    - corbin-coleman
 
 # At least 2 approvals are needed for auto-merging
 approvals_needed: 2

Jenkinsfile

@@ -1,131 +1,66 @@
 #!groovy
 
-def branch = env.CHANGE_TARGET ?: env.BRANCH_NAME
 
-def pkgs = [
-    [target: "centos-9",                 image: "quay.io/centos/centos:stream9",          arches: ["amd64", "aarch64"]],
-    [target: "centos-10",                image: "quay.io/centos/centos:stream10",         arches: ["amd64", "aarch64"]],          // CentOS Stream 10 (EOL: 2030)
-    [target: "debian-bullseye",          image: "debian:bullseye",                        arches: ["amd64", "aarch64", "armhf"]], // Debian 11 (oldstable, EOL: 2024-08-14, EOL (LTS): 2026-08-31)
-    [target: "debian-bookworm",          image: "debian:bookworm",                        arches: ["amd64", "aarch64", "armhf"]], // Debian 12 (stable, EOL: 2026-06-10, EOL (LTS): 2028-06-30)
-    [target: "debian-trixie",            image: "debian:trixie",                          arches: ["amd64", "aarch64", "armhf"]], // Debian 13 (testing)
-    [target: "fedora-41",                image: "fedora:41",                              arches: ["amd64", "aarch64"]],          // EOL: November 19, 2025
-    [target: "fedora-42",                image: "fedora:42",                              arches: ["amd64", "aarch64"]],          // EOL: May 13, 2026
-    [target: "raspbian-bullseye",        image: "balenalib/rpi-raspbian:bullseye",        arches: ["armhf"]],                     // Debian/Raspbian 11 (stable)
-    [target: "raspbian-bookworm",        image: "balenalib/rpi-raspbian:bookworm",        arches: ["armhf"]],                     // Debian/Raspbian 12 (next stable)
-    [target: "ubuntu-jammy",             image: "ubuntu:jammy",                           arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 22.04 LTS (End of support: June,  2027. EOL: April, 2032)
-    [target: "ubuntu-noble",             image: "ubuntu:noble",                           arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 24.04 LTS (End of support: June,  2029. EOL: April, 2034)
-    [target: "ubuntu-oracular",          image: "ubuntu:oracular",                        arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 24.10 (EOL: July, 2025)
-    [target: "ubuntu-plucky",            image: "ubuntu:plucky",                          arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 25.04 (EOL: January, 2026)
-]
-
-def genBuildStep(LinkedHashMap pkg, String arch) {
-    def nodeLabel = "linux&&${arch}"
-    def platform = ""
-    def branch = env.CHANGE_TARGET ?: env.BRANCH_NAME
-
-    if (arch == 'armhf') {
-        // Running armhf builds on EC2 requires --platform parameter
-        // Otherwise it accidentally pulls armel images which then breaks the verify step
-        platform = "--platform=linux/${arch}"
-        nodeLabel = "${nodeLabel}&&ubuntu"
-    } else {
-        nodeLabel = "${nodeLabel}&&ubuntu-2204"
-    }
-    return { ->
-        wrappedNode(label: nodeLabel, cleanWorkspace: true) {
-            stage("${pkg.target}-${arch}") {
-                // This is just a "dummy" stage to make the distro/arch visible
-                // in Jenkins' BlueOcean view, which truncates names....
-                sh 'echo starting...'
-            }
-            stage("info") {
-                sh 'docker version'
-                sh 'docker info'
-            }
-            stage("build") {
-                checkout scm
-                sh "make clean"
-                sh "make REF=$branch ARCH=${arch} ${pkg.target}"
-            }
-            stage("verify") {
-                sh "make IMAGE=${pkg.image} ARCH=${arch} verify"
-            }
-        }
-    }
+def genBranch(String arch) {
+	return [
+		"${arch}": { ->
+			stage("Build engine image on ${arch}") {
+				wrappedNode(label: "linux&&${arch}", cleanWorkspace: true) {
+					try {
+						checkout scm
+						sh("git clone https://github.com/moby/moby.git engine")
+						sh('make ENGINE_DIR=$(pwd)/engine image')
+					} finally {
+						sh('make ENGINE_DIR=$(pwd)/engine clean-image clean-engine')
+					}
+				}
+		}
+	}]
 }
 
-def build_package_steps = [
-    'static-linux': { ->
-        wrappedNode(label: 'ubuntu-2204 && x86_64', cleanWorkspace: true) {
-            stage("static-linux") {
-                // This is just a "dummy" stage to make the distro/arch visible
-                // in Jenkins' BlueOcean view, which truncates names....
-                sh 'echo starting...'
-            }
-            stage("info") {
-                sh 'docker version'
-                sh 'docker info'
-            }
-            stage("build") {
-                try {
-                    checkout scm
-                    sh "make REF=$branch DOCKER_BUILD_PKGS='static-linux' static"
-                } finally {
-                    sh "make clean"
-                }
-            }
-        }
-    },
-    'cross-mac': { ->
-        wrappedNode(label: 'ubuntu-2204 && x86_64', cleanWorkspace: true) {
-            stage("cross-mac") {
-                // This is just a "dummy" stage to make the distro/arch visible
-                // in Jenkins' BlueOcean view, which truncates names....
-                sh 'echo starting...'
-            }
-            stage("info") {
-                sh 'docker version'
-                sh 'docker info'
-            }
-            stage("build") {
-                try {
-                    checkout scm
-                    sh "make REF=$branch DOCKER_BUILD_PKGS='cross-mac' static"
-                } finally {
-                    sh "make clean"
-                }
-            }
-        }
-    },
-    'cross-win': { ->
-        wrappedNode(label: 'ubuntu-2204 && x86_64', cleanWorkspace: true) {
-            stage("cross-win") {
-                // This is just a "dummy" stage to make the distro/arch visible
-                // in Jenkins' BlueOcean view, which truncates names....
-                sh 'echo starting...'
-            }
-            stage("info") {
-                sh 'docker version'
-                sh 'docker info'
-            }
-            stage("build") {
-                try {
-                    checkout scm
-                    sh "make REF=$branch DOCKER_BUILD_PKGS='cross-win' static"
-                } finally {
-                    sh "make clean"
-                }
-            }
-        }
-    },
+test_steps = [
+	'deb': { ->
+		stage('Ubuntu Xenial Debian Package') {
+			wrappedNode(label: 'ubuntu && x86_64', cleanWorkspace: true) {
+				checkout scm
+				sh('git clone https://github.com/docker/cli.git')
+				sh('git clone https://github.com/moby/moby.git')
+				sh('make VERSION=0.0.1-dev DOCKER_BUILD_PKGS=ubuntu-xenial ENGINE_DIR=$(pwd)/moby CLI_DIR=$(pwd)/cli deb')
+			}
+		}
+	},
+	'rpm': { ->
+		stage('Centos 7 RPM Package') {
+			wrappedNode(label: 'ubuntu && x86_64', cleanWorkspace: true) {
+				checkout scm
+				sh('git clone https://github.com/docker/cli.git')
+				sh('git clone https://github.com/moby/moby.git')
+				sh('make VERSION=0.0.1-dev DOCKER_BUILD_PKGS=centos-7 ENGINE_DIR=$(pwd)/moby CLI_DIR=$(pwd)/cli rpm')
+			}
+		}
+	},
+	'static': { ->
+		stage('Static Linux Binaries') {
+			wrappedNode(label: 'ubuntu && x86_64', cleanWorkspace: true) {
+				checkout scm
+				sh('git clone https://github.com/docker/cli.git')
+				sh('git clone https://github.com/moby/moby.git')
+				sh('make VERSION=0.0.1-dev DOCKER_BUILD_PKGS=static-linux ENGINE_DIR=$(pwd)/moby CLI_DIR=$(pwd)/cli static')
+			}
+		}
+	},
 ]
 
-def genPackageSteps(opts) {
-    return opts.arches.collectEntries {
-        ["${opts.image}-${it}": genBuildStep(opts, it)]
-    }
+arches = [
+	"x86_64",
+	// "s390x",
+	"ppc64le",
+	"aarch64",
+	"armhf"
+]
+
+arches.each {
+	test_steps << genBranch(it)
 }
 
-build_package_steps << pkgs.collectEntries { genPackageSteps(it) }
-
-parallel(build_package_steps)
+parallel(test_steps)

LICENSE

@@ -1,191 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   Copyright 2013-2017 Docker, Inc.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

Makefile

@@ -1,6 +1,17 @@
-include common.mk
-
-STATIC_VERSION=$(shell static/gen-static-ver $(realpath $(CURDIR)/src/github.com/docker/docker) $(VERSION))
+SHELL:=/bin/bash
+ENGINE_DIR:=$(CURDIR)/../engine
+CLI_DIR:=$(CURDIR)/../cli
+VERSION?=0.0.0-dev
+DOCKER_GITCOMMIT:=abcdefg
+ARCH=$(shell uname -m)
+STATIC_VERSION=$(shell static/gen-static-ver $(ENGINE_DIR) $(VERSION))
+GO_VERSION:=1.10.8
+DEFAULT_PRODUCT_LICENSE:=Community Engine
+PLATFORM=Docker Engine - Community
+BUILDTIME=$(shell date -u -d "@$${SOURCE_DATE_EPOCH:-$$(date +%s)}" --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
+export DEFAULT_PRODUCT_LICENSE
+export PLATFORM
+export BUILDTIME
 
 # Taken from: https://www.cmcrossroads.com/article/printing-value-makefile-variable
 print-%  : ; @echo $($*)
@@ -9,100 +20,53 @@ print-%  : ; @echo $($*)
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 
-.PHONY: clean-src
-clean-src:
-	[ ! -d src ] || $(CHOWN) -R $(shell id -u):$(shell id -g) src
-	$(RM) -r src
+.PHONY: clean-engine
+clean-engine:
+	rm -rf $(ENGINE_DIR)
 
-.PHONY: src
-src: src/github.com/docker/cli src/github.com/docker/docker src/github.com/docker/buildx src/github.com/docker/compose src/github.com/docker/model-cli ## clone source
+.PHONY: clean-image
+clean-image:
+	$(MAKE) ENGINE_DIR=$(ENGINE_DIR) -C image clean
 
-ifdef CLI_DIR
-src/github.com/docker/cli:
-	mkdir -p "$(@D)"
-	cp -r "$(CLI_DIR)" $@
-else
-src/github.com/docker/cli:
-	git init $@
-	git -C $@ remote add origin "$(DOCKER_CLI_REPO)"
-endif
-
-ifdef ENGINE_DIR
-src/github.com/docker/docker:
-	mkdir -p "$(@D)"
-	cp -r "$(ENGINE_DIR)" $@
-else
-src/github.com/docker/docker:
-	git init $@
-	git -C $@ remote add origin "$(DOCKER_ENGINE_REPO)"
-endif
-
-src/github.com/docker/buildx:
-	git init $@
-	git -C $@ remote add origin "$(DOCKER_BUILDX_REPO)"
-
-src/github.com/docker/compose:
-	git init $@
-	git -C $@ remote add origin "$(DOCKER_COMPOSE_REPO)"
-
-src/github.com/docker/model-cli:
-	git init $@
-	git -C $@ remote add origin "$(DOCKER_MODEL_REPO)"
-
-.PHONY: checkout-cli
-checkout-cli: src/github.com/docker/cli
-	./scripts/checkout.sh src/github.com/docker/cli "$(DOCKER_CLI_REF)"
-
-.PHONY: checkout-docker
-checkout-docker: src/github.com/docker/docker
-	./scripts/checkout.sh src/github.com/docker/docker "$(DOCKER_ENGINE_REF)"
-
-.PHONY: checkout-buildx
-checkout-buildx: src/github.com/docker/buildx
-	./scripts/checkout.sh src/github.com/docker/buildx "$(DOCKER_BUILDX_REF)"
-
-.PHONY: checkout-compose
-checkout-compose: src/github.com/docker/compose
-	./scripts/checkout.sh src/github.com/docker/compose "$(DOCKER_COMPOSE_REF)"
-
-.PHONY: checkout-model
-checkout-model: src/github.com/docker/model-cli
-	./scripts/checkout.sh src/github.com/docker/model-cli "$(DOCKER_MODEL_REF)"
-
-.PHONY: checkout
-checkout: checkout-cli checkout-docker checkout-buildx checkout-compose checkout-model ## checkout source at the given reference(s)
 
 .PHONY: clean
-clean: clean-src ## remove build artifacts
+clean: clean-image ## remove build artifacts
 	$(MAKE) -C rpm clean
 	$(MAKE) -C deb clean
 	$(MAKE) -C static clean
 
-.PHONY: deb rpm
-deb rpm: checkout ## build rpm/deb packages
-	$(MAKE) -C $@ VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) $@
+.PHONY: rpm
+rpm: DOCKER_BUILD_PKGS:=$(shell find rpm -type d | grep ".*-.*" | sed 's/^rpm\///')
+rpm: ## build rpm packages
+	for p in $(DOCKER_BUILD_PKGS); do \
+		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) GO_VERSION=$(GO_VERSION) $${p}; \
+	done
 
-.PHONY: centos-% fedora-% rhel-%
-centos-% fedora-% rhel-%: checkout ## build rpm packages for the specified distro
-	$(MAKE) -C rpm VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) $@
-
-.PHONY: debian-% raspbian-% ubuntu-%
-debian-% raspbian-% ubuntu-%: checkout ## build deb packages for the specified distro
-	$(MAKE) -C deb VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) $@
+.PHONY: deb
+deb: DOCKER_BUILD_PKGS:=$(shell find deb -type d | grep ".*-.*" | sed 's/^deb\///')
+deb: ## build deb packages
+	for p in $(DOCKER_BUILD_PKGS); do \
+		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) GO_VERSION=$(GO_VERSION) $${p}; \
+	done
 
 .PHONY: static
 static: DOCKER_BUILD_PKGS:=static-linux cross-mac cross-win cross-arm
-static: checkout ## build static-compiled packages
+static: ## build static-compiled packages
 	for p in $(DOCKER_BUILD_PKGS); do \
-		$(MAKE) -C $@ VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) TARGETPLATFORM=$(TARGETPLATFORM) CONTAINERD_VERSION=$(CONTAINERD_VERSION) RUNC_VERSION=$(RUNC_VERSION) $${p}; \
+		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) GO_VERSION=$(GO_VERSION) $${p}; \
 	done
 
-.PHONY: verify
-verify: ## verify installation of packages
-# to verify using packages from staging, use: make VERIFY_PACKAGE_REPO=stage IMAGE=ubuntu:noble verify
-	docker run $(VERIFY_PLATFORM) --rm -i \
-		-v "$$(pwd):/v" \
-		-e DEBIAN_FRONTEND=noninteractive \
-		-e PACKAGE_REPO=$(VERIFY_PACKAGE_REPO) \
-		-w /v \
-		$(IMAGE) ./verify
+# TODO - figure out multi-arch
+.PHONY: image
+image: DOCKER_BUILD_PKGS:=image-linux
+image: ## build static-compiled packages
+	for p in $(DOCKER_BUILD_PKGS); do \
+		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) GO_VERSION=$(GO_VERSION) $${p}; \
+	done
+
+engine-$(ARCH).tar:
+	$(MAKE) -C image $@
+
+.PHONY: release
+release:
+	$(MAKE) -C image $@

README.md

@@ -1,16 +1,17 @@
 # Docker CE Packaging
 
-This repo contains the open source scripts for packaging the
-[Docker Engine](https://docs.docker.com/engine/), the Docker CLI, CLI plugins,
-and rootless-extras packages.
+This repo contains the open source scripts for packaging
+[Docker CE products](https://store.docker.com/search?offering=community&q=&type=edition).
 
-The repository contains Dockerfiles to build packages for various distributions,
-which can be found in the "rpm" and "deb" subdirectories, as well as scripts to
-build static binaries.
+This repository is solely maintained by Docker, Inc.
 
-Docker uses these recipes to build and release packages that are available on the
-https://download.docker.com package repositories. We welcome contributions to
-this repository, including the addition of new distros or distro-versions. Note,
-however, that Docker makes a subselection of distros and architectures for release,
-and not all distros available in this repository may be released to download.docker.com,
-but you can use these scripts to build your own packages.
+The scripts will build for this list of packages types:
+
+* DEB packages for Ubuntu 18.04 Bionic
+* DEB packages for Ubuntu 16.04 Xenial
+* DEB packages for Debian 10 Buster
+* DEB packages for Debian 9 Stretch
+* RPM packages for Fedora 28
+* RPM packages for Fedora 27
+* RPM packages for CentOS 7
+* TGZ and ZIP files with static binaries

common.mk

@@ -1,62 +0,0 @@
-ARCH=$(shell uname -m)
-
-# These are the architecture formats as used in release-packaging Jenkinsfile
-# This is an ugly chimera, nobody uses this combination of dpkg and uname formats
-# Why don't we pick one format and stick with it? Because at the time of writing
-# it was deemed too risky/involving too many changes across repos to change architecture
-# formats in release-packaging Jenkinsfile. But someone please do it.
-# Why do we need to list this here? Because I haven't been able to figure out how
-# to do Makefile rules with multiple patterns. (See how it's used in {deb,rpm}/Makefile)
-# Adding new architectures or changing the format in release-packaging will prevent make
-# from finding the corresponding rule unless this list is updated.
-# Or Jenkinsfiles/Makefiles removed (🎵 Gotta have faith-a-faith-a-faith... 🎵)
-ARCHES:=amd64 aarch64 armhf armel s390x ppc64le
-
-BUILDTIME=$(shell date -u -d "@$${SOURCE_DATE_EPOCH:-$$(date +%s)}" --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
-CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
-DEFAULT_PRODUCT_LICENSE:=Community Engine
-PACKAGER_NAME?=
-DOCKER_GITCOMMIT:=abcdefg
-GO_VERSION:=1.24.6
-PLATFORM=Docker Engine - Community
-SHELL:=/bin/bash
-VERSION?=0.0.1-dev
-
-# DOCKER_CLI_REPO and DOCKER_ENGINE_REPO define the source repositories to clone
-# the source from. These can be overridden to build from a fork.
-DOCKER_CLI_REPO     ?= https://github.com/docker/cli.git
-DOCKER_ENGINE_REPO  ?= https://github.com/docker/docker.git
-DOCKER_COMPOSE_REPO ?= https://github.com/docker/compose.git
-DOCKER_BUILDX_REPO  ?= https://github.com/docker/buildx.git
-DOCKER_MODEL_REPO   ?= https://github.com/docker/model-cli.git
-
-# REF can be used to specify the same branch or tag to use for *both* the CLI
-# and Engine source code. This can be useful if both the CLI and Engine have a
-# release branch with the same name (e.g. "19.03"), or of both repositories have
-# tagged a release with the same version.
-#
-# For other situations, specify DOCKER_CLI_REF and/or DOCKER_ENGINE_REF separately.
-REF                ?= HEAD
-DOCKER_CLI_REF     ?= $(REF)
-DOCKER_ENGINE_REF  ?= $(REF)
-# DOCKER_COMPOSE_REF is the version of compose to package. It usually is a tag,
-# but can be a valid git reference in DOCKER_COMPOSE_REPO.
-DOCKER_COMPOSE_REF ?= v2.39.2
-# DOCKER_BUILDX_REF is the version of compose to package. It usually is a tag,
-# but can be a valid git reference in DOCKER_BUILDX_REPO.
-DOCKER_BUILDX_REF  ?= v0.26.1
-# DOCKER_MODEL_REF is the version of model to package. It is usually a tag,
-# but can be a valid git reference in DOCKER_MODEL_REPO.
-DOCKER_MODEL_REF   ?= v0.1.36
-
-# Use "stage" to install dependencies from download-stage.docker.com during the
-# verify step. Leave empty or use any other value to install from download.docker.com
-VERIFY_PACKAGE_REPO ?= prod
-
-# Optional flags like --platform=linux/armhf
-VERIFY_PLATFORM ?=
-
-export BUILDTIME
-export DEFAULT_PRODUCT_LICENSE
-export PACKAGER_NAME
-export PLATFORM

common/dockerd.json

@@ -0,0 +1,11 @@
+{
+    "image": "docker.io/${ENGINE_IMAGE}",
+    "imagePath": "/var/lib/docker-engine/engine.tar",
+    "namespace":"docker",
+    "args": [
+        "--containerd", "/run/containerd/containerd.sock",
+        "--default-runtime", "containerd",
+        "--add-runtime", "containerd=runc"
+    ],
+    "scope": "${ENGINE_SCOPE}"
+}

containerd.mk

@@ -0,0 +1,17 @@
+# Common things for containerd functionality
+
+CONTAINERD_PROXY_COMMIT=35c543bd887878714213cf61ee14038499fd25b7
+CONTAINERD_SHIM_PROCESS_IMAGE=docker.io/docker/containerd-shim-process:ff98a47
+
+# If containerd is running use that socket instead
+ifeq ("$(shell systemctl is-active containerd)", "active")
+CONTAINERD_SOCK:=/var/run/containerd/containerd.sock
+else
+CONTAINERD_SOCK:=/var/run/docker/containerd/docker-containerd.sock
+endif
+CTR=docker run \
+	--rm -i \
+	-v $(CONTAINERD_SOCK):/ours/containerd.sock \
+	-v $(CURDIR)/artifacts:/artifacts \
+	docker:18.06.0-ce \
+	docker-containerd-ctr -a /ours/containerd.sock

deb/Makefile

@@ -1,62 +1,39 @@
-include ../common.mk
+include ../containerd.mk
 
-PLUGINS_DIR=$(realpath $(CURDIR)/../plugins)
+SHELL:=/bin/bash
+ARCH:=$(shell uname -m)
+CLI_DIR:=$(CURDIR)/../../cli
+GITCOMMIT?=$(shell cd $(CLI_DIR) && git rev-parse --short HEAD)
+VERSION?=0.0.0-dev
 GO_BASE_IMAGE=golang
-GO_IMAGE?=$(GO_BASE_IMAGE):$(GO_VERSION)-bookworm
+GO_VERSION:=1.10.8
+GO_IMAGE=$(GO_BASE_IMAGE):$(GO_VERSION)
+DEB_VERSION=$(shell ./gen-deb-ver $(CLI_DIR) "$(VERSION)")
+CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
 EPOCH?=5
-GEN_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/cli) "$(VERSION)")
-GEN_BUILDX_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/buildx) "$(DOCKER_BUILDX_REF)")
-GEN_COMPOSE_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/compose) "$(DOCKER_COMPOSE_REF)")
-GEN_MODEL_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/model-cli) "$(DOCKER_MODEL_REF)")
-CLI_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/cli) && git rev-parse --short HEAD)
-ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD)
-BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD)
 
 ifdef BUILD_IMAGE
 	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
 endif
 
 COMMON_FILES=common
-BUILD?=DOCKER_BUILDKIT=1 \
-	docker build \
+BUILD?=docker build \
 	$(BUILD_IMAGE_FLAG) \
 	--build-arg GO_IMAGE=$(GO_IMAGE) \
 	--build-arg COMMON_FILES=$(COMMON_FILES) \
+	--build-arg ENGINE_IMAGE="$(shell cat sources/engine-image)" \
 	-t debbuild-$@/$(ARCH) \
-	--platform linux/$(ARCH) \
-	-f $@/Dockerfile \
-	.
-
-# Additional flags may be necessary at some point
-RUN_FLAGS=
-
-# FIXME(thaJeztah): disabling seccomp to handle (armhf) tar "chown / chmod" failing
-# when running in a Ubuntu 24.04 container on a Ubuntu 20.04.6 host (kernel 5.15.0-1053-aws);
-# see https://github.com/docker/docker-ce-packaging/pull/1006#issuecomment-2006878743
-RUN?=docker run --rm \
-	--security-opt seccomp=unconfined \
-	--platform linux/$(ARCH) \
-	-e PLATFORM \
+	-f $(CURDIR)/$@/Dockerfile .
+RUN=docker run --rm -i \
 	-e EPOCH='$(EPOCH)' \
-	-e DEB_VERSION=$(word 1, $(GEN_DEB_VER)) \
-	-e VERSION=$(word 2, $(GEN_DEB_VER)) \
-	-e CLI_GITCOMMIT=$(CLI_GITCOMMIT) \
-	-e ENGINE_GITCOMMIT=$(ENGINE_GITCOMMIT) \
-	-e BUILDX_VERSION=$(DOCKER_BUILDX_REF) \
-	-e BUILDX_DEB_VERSION=$(word 1, $(GEN_BUILDX_DEB_VER)) \
-	-e BUILDX_GITCOMMIT=$(BUILDX_GITCOMMIT) \
-	-e COMPOSE_VERSION=$(DOCKER_COMPOSE_REF) \
-	-e COMPOSE_DEB_VERSION=$(word 1, $(GEN_COMPOSE_DEB_VER)) \
-	-e MODEL_VERSION=$(DOCKER_MODEL_REF) \
-	-e MODEL_DEB_VERSION=$(word 1, $(GEN_MODEL_DEB_VER)) \
+	-e DEB_VERSION=$(word 1, $(DEB_VERSION)) \
+	-e VERSION=$(word 2, $(DEB_VERSION)) \
+	-e DOCKER_GITCOMMIT=$(GITCOMMIT) \
 	-v $(CURDIR)/debbuild/$@:/build \
-	$(RUN_FLAGS) \
 	debbuild-$@/$(ARCH)
 
-DEBIAN_VERSIONS ?= debian-bullseye debian-bookworm debian-trixie
-UBUNTU_VERSIONS ?= ubuntu-jammy ubuntu-noble ubuntu-oracular ubuntu-plucky
-RASPBIAN_VERSIONS ?= raspbian-bullseye raspbian-bookworm
-DISTROS := $(DEBIAN_VERSIONS) $(UBUNTU_VERSIONS) $(RASPBIAN_VERSIONS)
+SOURCE_FILES=engine-image cli.tgz docker.service docker.socket distribution_based_engine.json
+SOURCES=$(addprefix sources/, $(SOURCE_FILES))
 
 .PHONY: help
 help: ## show make targets
@@ -68,73 +45,88 @@ clean: ## remove build artifacts
 	$(RM) -r debbuild
 	[ ! -d sources ] || $(CHOWN) -R $(shell id -u):$(shell id -g) sources
 	$(RM) -r sources
-	-docker builder prune -f --filter until=24h
+	$(RM) engine-image
+
+engine-$(ARCH).tar:
+	$(MAKE) -C ../image image-linux
+	docker save -o $@ $$(cat ../image/image-linux)
 
 .PHONY: deb
-deb: ubuntu debian ## build all deb packages except for raspbian
+deb: ubuntu debian raspbian ## build all deb packages
 
 .PHONY: ubuntu
-ubuntu: $(UBUNTU_VERSIONS) ## build all ubuntu deb packages
+ubuntu: ubuntu-bionic ubuntu-xenial ## build all ubuntu deb packages
 
 .PHONY: debian
-debian: $(DEBIAN_VERSIONS) ## build all debian deb packages
+debian: debian-stretch ## build all debian deb packages
 
 .PHONY: raspbian
-raspbian: $(RASPBIAN_VERSIONS) ## build all raspbian deb packages
+raspbian: raspbian-stretch ## build all raspbian deb packages
 
-.PHONY: $(DISTROS)
-$(DISTROS): sources
-	@echo "== Building packages for $@ =="
-	mkdir -p "debbuild/$@"
+.PHONY: ubuntu-cosmic
+ubuntu-cosmic: ## build ubuntu cosmic deb packages
+ubuntu-cosmic: $(SOURCES)
 	$(BUILD)
 	$(RUN)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) "debbuild/$@"
+	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
 
-.PHONY: sources
-sources: sources/cli.tgz sources/engine.tgz sources/buildx.tgz sources/compose.tgz sources/model.tgz
+.PHONY: ubuntu-bionic
+ubuntu-bionic: ## build ubuntu bionic deb packages
+ubuntu-bionic: $(SOURCES)
+	$(BUILD)
+	$(RUN)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
 
-sources/engine.tgz:
-	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/docker):/engine \
-		-v $(CURDIR)/$(@D):/v \
-		alpine \
-		tar -C / -c -z -f /v/engine.tgz --exclude .git engine
+.PHONY: ubuntu-xenial
+ubuntu-xenial: ## build ubuntu xenial deb packages
+ubuntu-xenial: $(SOURCES)
+	$(BUILD)
+	$(RUN)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
+
+.PHONY: debian-buster
+debian-buster: ## build debian buster deb packages
+debian-buster: $(SOURCES)
+	$(BUILD)
+	$(RUN)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
+
+.PHONY: debian-stretch
+debian-stretch: ## build debian stretch deb packages
+debian-stretch: $(SOURCES)
+	$(BUILD)
+	$(RUN)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
+
+.PHONY: raspbian-stretch
+raspbian-stretch: ## build raspbian stretch deb packages
+raspbian-stretch: $(SOURCES)
+	$(BUILD)
+	$(RUN)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
 
 sources/cli.tgz:
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/cli):/cli \
+	docker run --rm -i -w /v \
+		-v $(CLI_DIR):/cli \
 		-v $(CURDIR)/$(@D):/v \
 		alpine \
 		tar -C / -c -z -f /v/cli.tgz --exclude .git cli
 
-sources/buildx.tgz:
+sources/docker.service: ../systemd/docker.service
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/buildx):/buildx \
-		-v $(CURDIR)/$(@D):/v \
-		alpine \
-		tar -C / -c -z -f /v/buildx.tgz --exclude .git buildx
+	cp $< $@
 
-sources/compose.tgz:
+sources/docker.socket: ../systemd/docker.socket
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/compose):/compose \
-		-v $(CURDIR)/$(@D):/v \
-		alpine \
-		tar -C / -c -z -f /v/compose.tgz --exclude .git compose
+	cp $< $@
 
-sources/model.tgz:
+sources/distribution_based_engine.json: sources/engine-image
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/model-cli):/model \
-		-v $(CURDIR)/$(@D):/v \
-		alpine \
-		tar -C / -c -z -f /v/model.tgz --exclude .git model
+	docker inspect "$(shell cat $<)" \
+		--format '{{index .Config.Labels "com.docker.distribution_based_engine" }}' > $@
 
-# See ARCHES in common.mk. Could not figure out how to match both distro and arch.
-BUNDLES:=$(addsuffix .tar.gz,$(addprefix debbuild/bundles-ce-%-,$(ARCHES)))
-
-$(BUNDLES): %
-	tar czf $@ --transform="s|^debbuild/\(.*\)|bundles/$(VERSION)/build-deb/\1|" debbuild/$*
+sources/engine-image:
+	mkdir -p $(@D)
+	$(MAKE) -C ../image image-linux
+	cp ../image/image-linux $@

deb/README.md

@@ -3,37 +3,30 @@
 `.deb` packages can be built from this directory with the following syntax
 
 ```shell
-make deb
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli deb
 ```
 
 Artifacts will be located in `debbuild` under the following directory structure:
 `debbuild/$distro-$distro_version/`
 
-### Building from local source
-
-Specify the location of the source repositories for the engine and cli when
-building packages
-
+### NOTES:
 * `ENGINE_DIR` -> Specifies the directory where the engine code is located, eg: `$GOPATH/src/github.com/docker/docker`
 * `CLI_DIR` -> Specifies the directory where the cli code is located, eg: `$GOPATH/src/github.com/docker/cli`
 
-```shell
-make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli deb
-```
-
 ## Specifying a specific distro
 
 ```shell
-make ubuntu
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli ubuntu
 ```
 
 ## Specifying a specific distro version
 ```shell
-make ubuntu-noble
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli ubuntu-xenial
 ```
 
-## Building the for all distros
+## Building the latest docker-ce
 
 ```shell
-make deb
+git clone https://github.com/docker/docker-ce.git
+make ENGINE_DIR=docker-ce/components/engine CLI_DIR=docker-ce/components/cli deb
 ```

deb/build-deb

@@ -2,40 +2,20 @@
 set -x
 set -e
 
-# untar sources
-mkdir -p /root/build-deb/engine
-tar -C /root/build-deb -xzf /sources/engine.tgz
-mkdir -p /root/build-deb/cli
-tar -C /root/build-deb -xzf /sources/cli.tgz
-mkdir -p /root/build-deb/buildx
-tar -C /root/build-deb -xzf /sources/buildx.tgz
-mkdir -p /root/build-deb/compose
-tar -C /root/build-deb -xzf /sources/compose.tgz
-mkdir -p /root/build-deb/model
-tar -C /root/build-deb -xzf /sources/model.tgz
-
-# link them to their canonical path
-mkdir -p /go/src/github.com/docker
-ln -snf /root/build-deb/engine /go/src/github.com/docker/docker
-ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-ln -snf /root/build-deb/buildx /go/src/github.com/docker/buildx
-ln -snf /root/build-deb/compose /go/src/github.com/docker/compose
-ln -snf /root/build-deb/model /go/src/github.com/docker/model-cli
-
 EPOCH="${EPOCH:-}"
 EPOCH_SEP=""
 if [[ ! -z "$EPOCH" ]]; then
-	EPOCH_SEP=":"
+    EPOCH_SEP=":"
 fi
 
 if [[ -z "$DEB_VERSION" ]]; then
-	echo "DEB_VERSION is required to build deb packages"
-	exit 1
+    echo "DEB_VERSION is required to build deb packages"
+    exit 1
 fi
 
 echo VERSION AAA $VERSION
 
-VERSION=${VERSION:-$(cat cli/VERSION)}
+VERSION=${VERSION:-$( cat cli/VERSION )}
 
 echo VERSION bbb $VERSION
 
@@ -43,47 +23,15 @@ debSource="$(awk -F ': ' '$1 == "Source" { print $2; exit }' debian/control)"
 debMaintainer="$(awk -F ': ' '$1 == "Maintainer" { print $2; exit }' debian/control)"
 debDate="$(date --rfc-2822)"
 
-# Include an extra `1` in the version, in case we ever would have to re-build an
-# already published release with a packaging-only change.
-pkgRevision=1
-
-# Generate changelog. The version/name of the generated packages are based on this.
-#
-# Resulting packages are formatted as;
-#
-# - name of the package (e.g., "docker-ce")
-# - version (e.g., "23.0.0~beta.0")
-# - pkgRevision (usually "-0", see above), which allows updating packages with
-#   packaging-only changes (without a corresponding release of the software
-#   that's packaged).
-# - distro (e.g., "ubuntu")
-# - VERSION_ID (e.g. "22.04" or "11") this must be "sortable" to make sure that
-#   packages are upgraded when upgrading to a newer distro version ("codename"
-#   cannot be used for this, as they're not sorted)
-# - SUITE ("codename"), e.g. "jammy" or "bullseye". This is mostly for convenience,
-#   because some places refer to distro versions by codename, others by version.
-#   we prefix the codename with a tilde (~), which effectively excludes it from
-#   version comparison.
-#
-# Note that while the `${EPOCH}${EPOCH_SEP}` is part of the version, it is not
-# included in the package's *filename*. (And if you're wondering: we needed the
-# EPOCH because of our use of CalVer, which made version comparing not work in
-# some cases).
-#
-# Examples:
-#
-# docker-ce_23.0.0~beta.0-1~debian.11~bullseye_amd64.deb
-# docker-ce_23.0.0~beta.0-1~ubuntu.22.04~jammy_amd64.deb
 cat > "debian/changelog" <<-EOF
-$debSource (${EPOCH}${EPOCH_SEP}${DEB_VERSION}-${pkgRevision}~${DISTRO}.${VERSION_ID}~${SUITE}) $SUITE; urgency=low
+$debSource (${EPOCH}${EPOCH_SEP}${DEB_VERSION}-0~${DISTRO}-${SUITE}) $SUITE; urgency=low
   * Version: $VERSION
  -- $debMaintainer  $debDate
 EOF
 # The space above at the start of the line for the debMaintainer is very important
 
 # Give the script a git commit because it wants it
-export CLI_GITCOMMIT=${CLI_GITCOMMIT-$(cd cli; $GIT_COMMAND rev-parse --short HEAD)}
-export ENGINE_GITCOMMIT=${ENGINE_GITCOMMIT-$(cd engine; $GIT_COMMAND rev-parse --short HEAD)}
+export DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT-$(cd cli; $GIT_COMMAND rev-parse --short HEAD)}
 
 echo VERSION BBB $VERSION
 dpkg-buildpackage -uc -us -I.git

deb/common/compat

@@ -0,0 +1 @@
+9

deb/common/control

@@ -2,19 +2,13 @@ Source: docker-ce
 Section: admin
 Priority: optional
 Maintainer: Docker <support@docker.com>
-Build-Depends: bash,
-               bash-completion,
-               ca-certificates,
-               cmake,
+Build-Depends: bash-completion,
                dh-apparmor,
-               debhelper-compat (= 12),
-               gcc,
-               git,
-               libc-dev,
-               libsystemd-dev,
-               libtool,
+               dh-systemd,
+               libltdl-dev,
+               libseccomp2,
                make,
-               pkg-config
+               gcc
 Standards-Version: 3.9.6
 Homepage: https://www.docker.com
 Vcs-Browser: https://github.com/docker/docker
@@ -22,32 +16,24 @@ Vcs-Git: git://github.com/docker/docker.git
 
 Package: docker-ce
 Architecture: linux-any
-Pre-Depends: init-system-helpers (>= 1.54~)
-Depends: containerd.io (>= 1.7.27),
-         docker-ce-cli,
-         iptables,
-         ${shlibs:Depends}
-Recommends: apparmor,
+Depends: docker-ce-cli, containerd.io (>= 1.2.2-3), iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends}
+Recommends: aufs-tools,
             ca-certificates,
-            docker-ce-rootless-extras,
+            cgroupfs-mount | cgroup-lite,
             git,
             pigz,
-            procps,
-            xz-utils
-Suggests: cgroupfs-mount | cgroup-lite,
-            kmod,
-Conflicts: docker (<< 1.5~),
-           docker-engine,
-           docker.io
-Replaces: docker-engine,
-          docker-ce-cli (<< 5:28.0.0)
+            xz-utils,
+            libltdl7,
+            ${apparmor:Recommends}
+Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs
+Replaces: docker-engine
 Description: Docker: the open-source application container engine
  Docker is a product for you to build, ship and run any application as a
  lightweight container
  .
  Docker containers are both hardware-agnostic and platform-agnostic. This means
- they can run anywhere, from your laptop to the largest cloud compute instance
- and everything in between - and they don't require you to use a particular
+ they can run anywhere, from your laptop to the largest cloud compute instance and
+ everything in between - and they don't require you to use a particular
  language, framework or packaging system. That makes them great building blocks
  for deploying and scaling web apps, databases, and backend services without
  depending on a particular stack or provider.
@@ -55,12 +41,7 @@ Description: Docker: the open-source application container engine
 Package: docker-ce-cli
 Architecture: linux-any
 Depends: ${shlibs:Depends}
-Recommends: docker-buildx-plugin,
-            docker-compose-plugin
-Suggests: docker-model-plugin
-Conflicts: docker (<< 1.5~),
-           docker-engine,
-           docker.io
+Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs
 Replaces: docker-ce (<< 5:0)
 Breaks: docker-ce (<< 5:0)
 Description: Docker CLI: the open-source application container engine
@@ -68,56 +49,8 @@ Description: Docker CLI: the open-source application container engine
  lightweight container
  .
  Docker containers are both hardware-agnostic and platform-agnostic. This means
- they can run anywhere, from your laptop to the largest cloud compute instance
- and everything in between - and they don't require you to use a particular
+ they can run anywhere, from your laptop to the largest cloud compute instance and
+ everything in between - and they don't require you to use a particular
  language, framework or packaging system. That makes them great building blocks
  for deploying and scaling web apps, databases, and backend services without
  depending on a particular stack or provider.
-
-Package: docker-ce-rootless-extras
-Architecture: linux-any
-Depends: dbus-user-session,
-         ${shlibs:Depends}
-Enhances: docker-ce
-Conflicts: rootlesskit
-Replaces: rootlesskit
-Breaks: rootlesskit
-# slirp4netns (>= 0.4.0) is available in Debian since 11 and Ubuntu since 19.10
-Recommends: slirp4netns (>= 0.4.0)
-# Unlike RPM, DEB packages do not contain "Recommends: fuse-overlayfs (>= 0.7.0)" here,
-# because Debian (since 10) and Ubuntu support the kernel-mode rootless overlayfs.
-Description: Rootless support for Docker.
- Use dockerd-rootless.sh to run the daemon.
- Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh.
- This package contains RootlessKit, but does not contain VPNKit.
- Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately.
-Homepage: https://docs.docker.com/engine/security/rootless/
-
-Package: docker-buildx-plugin
-Priority: optional
-Replaces: docker-ce-cli
-Architecture: linux-any
-Enhances: docker-ce-cli
-Description: Docker Buildx cli plugin.
- This plugin provides the 'docker buildx' subcommand.
-Homepage: https://github.com/docker/buildx
-
-Package: docker-compose-plugin
-Priority: optional
-Architecture: linux-any
-Recommends: docker-buildx-plugin
-Enhances: docker-ce-cli
-Description: Docker Compose (V2) plugin for the Docker CLI.
- This plugin provides the 'docker compose' subcommand.
- .
- The binary can also be run standalone as a direct replacement for
- Docker Compose V1 ('docker-compose').
-Homepage: https://github.com/docker/compose
-
-Package: docker-model-plugin
-Priority: optional
-Architecture: linux-any
-Enhances: docker-ce-cli
-Description: Docker Model Runner plugin for the Docker CLI.
- This plugin provides the 'docker model' subcommand.
-Homepage: https://docs.docker.com/model-runner/

deb/common/docker-ce-cli.bash-completion

@@ -0,0 +1 @@
+cli/contrib/completion/bash/docker

deb/common/docker-ce.dirs

@@ -1 +0,0 @@
-/etc/docker

deb/common/docker-ce.docker.default

@@ -1 +0,0 @@
-../engine/contrib/init/sysvinit-debian/docker.default

deb/common/docker-ce.docker.default

@@ -0,0 +1,20 @@
+# Docker Upstart and SysVinit configuration file
+
+#
+# THIS FILE DOES NOT APPLY TO SYSTEMD
+#
+#   Please see the documentation for "systemd drop-ins":
+#   https://docs.docker.com/engine/admin/systemd/
+#
+
+# Customize location of Docker binary (especially for development testing).
+#DOCKERD="/usr/local/bin/dockerd"
+
+# Use DOCKER_OPTS to modify the daemon startup options.
+#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"
+
+# If you need Docker to use an HTTP proxy, it can also be specified here.
+#export http_proxy="http://127.0.0.1:3128/"
+
+# This is also a handy place to tweak where Docker's temporary files go.
+#export DOCKER_TMPDIR="/mnt/bigdrive/docker-tmp"

deb/common/docker-ce.docker.init

@@ -1 +0,0 @@
-../engine/contrib/init/sysvinit-debian/docker

deb/common/docker-ce.docker.init

@@ -0,0 +1,156 @@
+#!/bin/sh
+set -e
+
+### BEGIN INIT INFO
+# Provides:           docker
+# Required-Start:     $syslog $remote_fs
+# Required-Stop:      $syslog $remote_fs
+# Should-Start:       cgroupfs-mount cgroup-lite
+# Should-Stop:        cgroupfs-mount cgroup-lite
+# Default-Start:      2 3 4 5
+# Default-Stop:       0 1 6
+# Short-Description:  Create lightweight, portable, self-sufficient containers.
+# Description:
+#  Docker is an open-source project to easily create lightweight, portable,
+#  self-sufficient containers from any application. The same container that a
+#  developer builds and tests on a laptop can run at scale, in production, on
+#  VMs, bare metal, OpenStack clusters, public clouds and more.
+### END INIT INFO
+
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+
+BASE=docker
+
+# modify these in /etc/default/$BASE (/etc/default/docker)
+DOCKERD=/usr/bin/dockerd
+# This is the pid file managed by docker itself
+DOCKER_PIDFILE=/var/run/$BASE.pid
+# This is the pid file created/managed by start-stop-daemon
+DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid
+DOCKER_LOGFILE=/var/log/$BASE.log
+DOCKER_OPTS=
+DOCKER_DESC="Docker"
+
+# Get lsb functions
+. /lib/lsb/init-functions
+
+if [ -f /etc/default/$BASE ]; then
+	. /etc/default/$BASE
+fi
+
+# Check docker is present
+if [ ! -x $DOCKERD ]; then
+	log_failure_msg "$DOCKERD not present or not executable"
+	exit 1
+fi
+
+check_init() {
+	# see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly)
+	if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then
+		log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1"
+		exit 1
+	fi
+}
+
+fail_unless_root() {
+	if [ "$(id -u)" != '0' ]; then
+		log_failure_msg "$DOCKER_DESC must be run as root"
+		exit 1
+	fi
+}
+
+cgroupfs_mount() {
+	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+	if grep -v '^#' /etc/fstab | grep -q cgroup \
+		|| [ ! -e /proc/cgroups ] \
+		|| [ ! -d /sys/fs/cgroup ]; then
+		return
+	fi
+	if ! mountpoint -q /sys/fs/cgroup; then
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+	fi
+	(
+		cd /sys/fs/cgroup
+		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+			mkdir -p $sys
+			if ! mountpoint -q $sys; then
+				if ! mount -n -t cgroup -o $sys cgroup $sys; then
+					rmdir $sys || true
+				fi
+			fi
+		done
+	)
+}
+
+case "$1" in
+	start)
+		check_init
+		
+		fail_unless_root
+
+		cgroupfs_mount
+
+		touch "$DOCKER_LOGFILE"
+		chgrp docker "$DOCKER_LOGFILE"
+
+		ulimit -n 1048576
+
+		# Having non-zero limits causes performance problems due to accounting overhead
+		# in the kernel. We recommend using cgroups to do container-local accounting.
+		if [ "$BASH" ]; then
+			ulimit -u unlimited
+		else
+			ulimit -p unlimited
+		fi
+
+		log_begin_msg "Starting $DOCKER_DESC: $BASE"
+		start-stop-daemon --start --background \
+			--no-close \
+			--exec "$DOCKERD" \
+			--pidfile "$DOCKER_SSD_PIDFILE" \
+			--make-pidfile \
+			-- \
+				-p "$DOCKER_PIDFILE" \
+				$DOCKER_OPTS \
+					>> "$DOCKER_LOGFILE" 2>&1
+		log_end_msg $?
+		;;
+
+	stop)
+		check_init
+		fail_unless_root
+		if [ -f "$DOCKER_SSD_PIDFILE" ]; then
+			log_begin_msg "Stopping $DOCKER_DESC: $BASE"
+			start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10
+			log_end_msg $?
+		else
+			log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found."
+		fi
+		;;
+
+	restart)
+		check_init
+		fail_unless_root
+		docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null`
+		[ -n "$docker_pid" ] \
+			&& ps -p $docker_pid > /dev/null 2>&1 \
+			&& $0 stop
+		$0 start
+		;;
+
+	force-reload)
+		check_init
+		fail_unless_root
+		$0 restart
+		;;
+
+	status)
+		check_init
+		status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKERD" "$DOCKER_DESC"
+		;;
+
+	*)
+		echo "Usage: service docker {start|stop|restart|status}"
+		exit 1
+		;;
+esac

deb/common/docker-ce.docker.service

@@ -1 +0,0 @@
-../engine/contrib/init/systemd/docker.service

deb/common/docker-ce.docker.socket

@@ -1 +0,0 @@
-../engine/contrib/init/systemd/docker.socket

deb/common/docker-ce.docker.upstart

@@ -0,0 +1,72 @@
+description "Docker daemon"
+
+start on (filesystem and net-device-up IFACE!=lo)
+stop on runlevel [!2345]
+
+limit nofile 524288 1048576
+
+# Having non-zero limits causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+limit nproc unlimited unlimited
+
+respawn
+
+kill timeout 20
+
+pre-start script
+	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+	if grep -v '^#' /etc/fstab | grep -q cgroup \
+		|| [ ! -e /proc/cgroups ] \
+		|| [ ! -d /sys/fs/cgroup ]; then
+		exit 0
+	fi
+	if ! mountpoint -q /sys/fs/cgroup; then
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+	fi
+	(
+		cd /sys/fs/cgroup
+		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+			mkdir -p $sys
+			if ! mountpoint -q $sys; then
+				if ! mount -n -t cgroup -o $sys cgroup $sys; then
+					rmdir $sys || true
+				fi
+			fi
+		done
+	)
+end script
+
+script
+	# modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
+	DOCKERD=/usr/bin/dockerd
+	DOCKER_OPTS=
+	if [ -f /etc/default/$UPSTART_JOB ]; then
+		. /etc/default/$UPSTART_JOB
+	fi
+	exec "$DOCKERD" $DOCKER_OPTS --raw-logs
+end script
+
+# Don't emit "started" event until docker.sock is ready.
+# See https://github.com/docker/docker/issues/6647
+post-start script
+	DOCKER_OPTS=
+	DOCKER_SOCKET=
+	if [ -f /etc/default/$UPSTART_JOB ]; then
+		. /etc/default/$UPSTART_JOB
+	fi
+
+	if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then
+		DOCKER_SOCKET=/var/run/docker.sock
+	else
+		DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)' | sed 1q)
+	fi
+
+	if [ -n "$DOCKER_SOCKET" ]; then
+		while ! [ -e "$DOCKER_SOCKET" ]; do
+			initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1
+			echo "Waiting for $DOCKER_SOCKET"
+			sleep 0.1
+		done
+		echo "$DOCKER_SOCKET is up"
+	fi
+end script

deb/common/docker-ce.maintscript

@@ -1 +0,0 @@
-rm_conffile /etc/init/docker.conf 5:24.0.5-1~

deb/common/docker-ce.manpages

@@ -1 +0,0 @@
-engine/man/man*/*

deb/common/docker-ce.postinst

@@ -1,6 +1,26 @@
 #!/bin/sh
 set -e
 
+update_dockerd() {
+	dbefile=/var/lib/docker-engine/distribution_based_engine.json
+	URL=https://docs.docker.com/releasenote
+	if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then
+		echo
+		echo
+		echo
+		echo "Warning: Your engine has been activated to Docker Engine - Enterprise but you are still using Community packages"
+		echo "You can use the 'docker engine update' command to update your system, or switch to using the Enterprise packages."
+		echo "See $URL for more details."
+		echo
+		echo
+		echo
+	else
+		rm -f /usr/bin/dockerd
+		update-alternatives --install /usr/bin/dockerd dockerd /usr/bin/dockerd-ce 1 --slave \
+			${dbefile} distribution_based_engine.json /var/lib/docker-engine/distribution_based_engine-ce.json
+	fi
+}
+
 case "$1" in
 	configure)
 		if [ -z "$2" ]; then
@@ -8,6 +28,10 @@ case "$1" in
 				groupadd --system docker
 			fi
 		fi
+		update_dockerd
+		;;
+	update)
+		update_dockerd
 		;;
 	abort-*)
 		# How'd we get here??

deb/common/docker-ce.prerm

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+#DEBHELPER#
+
+update-alternatives --remove dockerd /usr/bin/dockerd-ce

deb/common/rules

@@ -1,149 +1,36 @@
 #!/usr/bin/make -f
 
-# Include default Makefile variables.
-include /usr/share/dpkg/default.mk
-
-# Build all armhf binaries as ARMv6 with hard float, to support both
-# Debian armhf and Raspbian armhf.
-ifeq ($(DEB_TARGET_ARCH),armhf)
-	export CFLAGS += -marm -march=armv6+fp
-	export GOARM := 6
-endif
-
 VERSION ?= $(shell cat engine/VERSION)
-# TODO(thaJeztah): allow passing this version when building.
-PKG_REVISION ?= 1
-export PKG_REVISION
 
-# force packages to be built with xz compression, as Ubuntu 21.10 and up use
-# zstd compression, which is non-standard, and breaks 'dpkg-sig --verify'
-override_dh_builddeb:
-	dh_builddeb -- -Zxz
+override_dh_gencontrol:
+	# if we're on Ubuntu, we need to Recommends: apparmor
+	echo 'apparmor:Recommends=$(shell dpkg-vendor --is Ubuntu && echo apparmor)' >> debian/docker-ce.substvars
+	dh_gencontrol
 
-# Determine the Go module mode based on the presence of vendor.mod or go.mod
-override_dh_auto_build: GOMOD := $(if $(wildcard engine/vendor.mod),off,$(if $(wildcard engine/go.mod),on,$(error "No go.mod or vendor.mod found in engine directory")))
-# Override the default dh_auto_build target
 override_dh_auto_build:
-	# Build the daemon and dependencies
-	cd engine && GO111MODULE=$(GOMOD) DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) PRODUCT=docker ./hack/make.sh dynbinary
-	cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini
-	cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh rootlesskit dynamic
-
-	#  build  man-pages
-	make -C engine/man
-
-	# Build the CLI
-	make -C /go/src/github.com/docker/cli DISABLE_WARN_OUTSIDE_CONTAINER=1 VERSION=$(VERSION) GITCOMMIT=$(CLI_GITCOMMIT) LDFLAGS='' dynbinary manpages shell-completion
-
-	# Build buildx plugin
-	cd /go/src/github.com/docker/buildx \
-	&& mkdir -p /usr/libexec/docker/cli-plugins/ \
-	&& GO111MODULE=on \
-		CGO_ENABLED=0 \
-			go build \
-				-mod=vendor \
-				-trimpath \
-				-ldflags "-w -X github.com/docker/buildx/version.Version=$(BUILDX_VERSION) -X github.com/docker/buildx/version.Revision=$(BUILDX_GITCOMMIT) -X github.com/docker/buildx/version.Package=github.com/docker/buildx" \
-				-o "/usr/libexec/docker/cli-plugins/docker-buildx" \
-				./cmd/buildx
-
-	# Build the compose plugin
-	make -C /go/src/github.com/docker/compose VERSION=$(COMPOSE_VERSION) DESTDIR=/usr/libexec/docker/cli-plugins build
-
-	# Build the model plugin
-	GO111MODULE=on make -C /go/src/github.com/docker/model-cli VERSION=$(MODEL_VERSION) ce-release \
-	&& mv /go/src/github.com/docker/model-cli/dist/docker-model /usr/libexec/docker/cli-plugins/docker-model
-
-override_dh_auto_test:
-	ver="$$(engine/bundles/dynbinary-daemon/dockerd --version)"; \
-		test "$$ver" = "Docker version $(VERSION), build $(ENGINE_GITCOMMIT)" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($$ver) did not match" && exit 1)
-
-	ver="$$(cli/build/docker --version)"; \
-		test "$$ver" = "Docker version $(VERSION), build $(CLI_GITCOMMIT)" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($$ver) did not match" && exit 1)
-
-	ver="$$(/usr/libexec/docker/cli-plugins/docker-buildx docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
-		test "$$ver" = "$(BUILDX_VERSION)" && echo "PASS: docker-buildx version OK" || (echo "FAIL: docker-buildx version ($$ver) did not match" && exit 1)
-
-	ver="$$(/usr/libexec/docker/cli-plugins/docker-compose docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
-		test "$$ver" = "$(COMPOSE_VERSION)" && echo "PASS: docker-compose version OK" || (echo "FAIL: docker-compose version ($$ver) did not match" && exit 1)
-
-	ver="$$(/usr/libexec/docker/cli-plugins/docker-model docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
-		test "$$ver" = "$(MODEL_VERSION)" && echo "PASS: docker-model version OK" || (echo "FAIL: docker-model version ($$ver) did not match" && exit 1)
+	cd /go/src/github.com/docker/cli && \
+		LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages
 
 override_dh_strip:
 	# Go has lots of problems with stripping, so just don't
 
-# http://manpages.debian.org/dh_dwz
-override_dh_dwz:
-	# dh_dwz in debhelper versions less than 13 has issues with files that are missing debug symbols (once we update to debhelper-compat 13+ this can be removed)
-	@# https://packages.debian.org/debhelper
-	@# https://packages.ubuntu.com/debhelper
-
 override_dh_auto_install:
 	# docker-ce-cli install
-	install -D -p -m 0755 cli/build/docker debian/docker-ce-cli/usr/bin/docker
-
-	# docker-ce-cli shell-completion
-	#
-	# We are manually installing bash completions instead of using the "dh_bash-completion"
-	# debhelper (see [1]); dh_bash-completion only supports bash, and none of the other shells,
-	# which meant that we had to install 2 out of 3 manually, which was confusing ("what about
-	# Bash?"). Given that locations to install these completion scripts are well-known, we
-	# can safely use the manual approach for installing  them.
-	#
-	# In future, can consider using "dh_shell_completions" (see [2]), which supports bash, zsh
-	# and fish. However, "dh_shell_completions" is still really premature, and not available
-	# in stable releases. So, currently, adding it as build-dependency, especially since
-	# these are well-known, may not be a good choice, but we can revisit that in future
-	# if things mature in this area.
-	#
-	# Observant readers may notice that we don't include PowerShell completion in
-	# this list (even though Cobra provides them, and PowerShell *can* be installed
-	# oon Linux). The short story is that there's no well-defined location, nor
-	# a well-defined approach for this.
-	#
-	# The PowerShell maintainers (see [3]) considering that no completion scripts
-	# are needed for anything following the PowerShell specifications, and for
-	# anything else, PowerShell is capable enough to use zsh and bash completions.
-	#
-	# All of the above taken into account; it's fuzzy enough to just leave it as
-	# an exercise for the user to decide what to do.
-	#
-	# [1]: https://manpages.debian.org/bookworm/bash-completion/dh_bash-completion.1.en.html
-	# [2]: https://manpages.debian.org/testing/dh-shell-completions/dh_shell_completions.1.en.html
-	# [3]: https://github.com/PowerShell/PowerShell/issues/17582
-	install -D -p -m 0644 cli/build/completion/bash/docker debian/docker-ce-cli/usr/share/bash-completion/completions/docker
-	install -D -p -m 0644 cli/build/completion/fish/docker.fish debian/docker-ce-cli/usr/share/fish/vendor_completions.d/docker.fish
-	install -D -p -m 0644 cli/build/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker
-
+	install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/fish/docker.fish debian/docker-ce-cli/usr/share/fish/vendor_completions.d/docker.fish
+	install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker
+	install -D -m 0755 /go/src/github.com/docker/cli/build/docker debian/docker-ce-cli/usr/bin/docker
 	# docker-ce install
-	install -D -p -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/dockerd) debian/docker-ce/usr/bin/dockerd
-	install -D -p -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/docker-proxy) debian/docker-ce/usr/bin/docker-proxy
-	install -D -p -m 0755 /usr/local/bin/docker-init debian/docker-ce/usr/libexec/docker/docker-init
-
-	# docker-buildx-plugin install
-	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-buildx debian/docker-buildx-plugin/usr/libexec/docker/cli-plugins/docker-buildx
-
-	# docker-compose-plugin install
-	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-compose debian/docker-compose-plugin/usr/libexec/docker/cli-plugins/docker-compose
-
-	# docker-model-plugin install
-	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-model debian/docker-model-plugin/usr/libexec/docker/cli-plugins/docker-model
-
-	# docker-ce-rootless-extras install
-	install -D -p -m 0755 /usr/local/bin/rootlesskit debian/docker-ce-rootless-extras/usr/bin/rootlesskit
-	install -D -p -m 0755 engine/contrib/dockerd-rootless.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless.sh
-	install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless-setuptool.sh
-	# TODO: how can we install vpnkit?
+	install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service
+	install -D -m 0644 /sources/docker.socket debian/docker-ce/lib/systemd/system/docker.socket
+	install -D -m 0755 /source/dockerd debian/docker-ce/usr/bin/dockerd-ce
+	install -D -m 0755 /source/docker-proxy debian/docker-ce/usr/bin/docker-proxy
+	install -D -m 0755 /source/docker-init debian/docker-ce/usr/bin/docker-init
+	install -D -m 0644 /sources/distribution_based_engine.json debian/docker-ce/var/lib/docker-engine/distribution_based_engine-ce.json
 
 override_dh_installinit:
 	# use "docker" as our service name, not "docker-ce"
 	dh_installinit --name=docker
 
-override_dh_installsystemd:
-	# use "docker" as our service name, not "docker-ce"
-	dh_installsystemd --name=docker
-
 override_dh_shlibdeps:
 	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
 
@@ -152,20 +39,5 @@ override_dh_install:
 	# TODO Can we do this from within our container?
 	dh_apparmor --profile-name=docker-ce -pdocker-ce
 
-override_dh_gencontrol:
-	# Use separate version for the buildx-plugin package, then generate the other control files as usual
-	# TODO override "Source" field in control as well (to point to buildx, as it doesn't match the package name)
-	dh_gencontrol -pdocker-buildx-plugin -- -v$${BUILDX_DEB_VERSION#v}-$${PKG_REVISION}~$${DISTRO}.$${VERSION_ID}~$${SUITE}
-
-	# Use separate version for the compose-plugin package, then generate the other control files as usual
-	# TODO override "Source" field in control as well (to point to compose, as it doesn't match the package name)
-	dh_gencontrol -pdocker-compose-plugin -- -v$${COMPOSE_DEB_VERSION#v}-$${PKG_REVISION}~$${DISTRO}.$${VERSION_ID}~$${SUITE}
-
-	# Use separate version for the model-plugin package, then generate the other control files as usual
-	# TODO override "Source" field in control as well (to point to model, as it doesn't match the package name)
-	dh_gencontrol -pdocker-model-plugin -- -v$${MODEL_DEB_VERSION#v}-$${PKG_REVISION}~$${DISTRO}.$${VERSION_ID}~$${SUITE}
-
-	dh_gencontrol --remaining-packages
-
 %:
-	dh $@ --with=bash-completion
+	dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd)

deb/common/source/format

@@ -1 +0,0 @@
-1.0

deb/debian-bookworm/Dockerfile

@@ -1,40 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=debian
-ARG SUITE=bookworm
-ARG VERSION_ID=12
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-bullseye/Dockerfile

@@ -1,40 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=debian
-ARG SUITE=bullseye
-ARG VERSION_ID=11
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-buster/Dockerfile

@@ -0,0 +1,38 @@
+ARG GO_IMAGE
+ARG BUILD_IMAGE=debian:buster
+ARG ENGINE_IMAGE
+FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine
+
+FROM ${BUILD_IMAGE}
+
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ARG GO_VERSION
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+ARG COMMON_FILES
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+# Copy our sources and untar them
+COPY sources/ /sources
+RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
+
+RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli
+
+ENV DISTRO debian
+ENV SUITE buster
+
+COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=engine /bin/dockerd /source/
+COPY --from=engine /bin/docker-proxy /source/
+COPY --from=engine /bin/docker-init /source/
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-stretch/Dockerfile

@@ -0,0 +1,38 @@
+ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=debian:stretch
+FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine
+
+FROM ${BUILD_IMAGE}
+
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ARG GO_VERSION
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+ARG COMMON_FILES
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+# Copy our sources and untar them
+COPY sources/ /sources
+RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
+
+RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli
+
+ENV DISTRO debian
+ENV SUITE stretch
+
+COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=engine /bin/dockerd /source/
+COPY --from=engine /bin/docker-proxy /source/
+COPY --from=engine /bin/docker-init /source/
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-trixie/Dockerfile

@@ -1,40 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=debian
-ARG SUITE=trixie
-ARG VERSION_ID=13
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/gen-deb-ver

@@ -1,79 +1,87 @@
 #!/usr/bin/env bash
 
-REPO_DIR="$1"
+ENGINE_DIR="$1"
 VERSION="$2"
+origVersion=$VERSION
 
-if [ -z "$REPO_DIR" ] || [ -z "$VERSION" ]; then
-	# shellcheck disable=SC2016
-	echo 'usage: ./gen-deb-ver ${REPO_DIR} ${VERSION}'
-	exit 1
+[[ $# < 2 ]] && echo 'not enough args' && exit 1
+
+DATE_COMMAND="date"
+if [[ $(uname) -eq "Darwin" ]]; then
+    DATE_COMMAND="docker run --rm alpine date"
 fi
 
-GIT_COMMAND="git -C $REPO_DIR"
-origVersion="$VERSION"
-debVersion="${VERSION#v}"
+gen_deb_version() {
+    # Adds an increment to the deb version to get proper order
+    # 18.01.0-tp1   -> 18.01.0-0.1-tp1
+    # 18.01.0-beta1 -> 18.01.0-1.1-beta1
+    # 18.01.0-rc1   -> 18.01.0-2.1-rc1
+    # 18.01.0       -> 18.01.0-3
+    fullVersion="$1"
+    pattern="$2"
+    increment="$3"
+    testVersion="${fullVersion#*-$pattern}"
+    baseVersion="${fullVersion%-"$pattern"*}"
+    echo "$baseVersion-$increment.$testVersion.$pattern$testVersion"
+}
 
-# deb packages require a tilde (~) instead of a hyphen (-) as separator between
-# the version # and pre-release suffixes, otherwise pre-releases are sorted AFTER
-# non-pre-release versions, which would prevent users from updating from a pre-
-# release version to the "ga" version.
-#
-# For details, see this thread on the Debian mailing list:
-# https://lists.debian.org/debian-policy/1998/06/msg00099.html
-#
-# The code below replaces hyphens with tildes. Note that an intermediate $tilde
-# variable is needed to make this work on all versions of Bash. In some versions
-# of Bash, the tilde would be substituted with $HOME (even when escaped (\~) or
-# quoted ('~').
-tilde='~'
-debVersion="${debVersion//-/$tilde}"
+case "$VERSION" in
+    *-dev)
+        debVersion="$VERSION"
+        ;;
+    *-tp[0-9]*)
+        debVersion="$(gen_deb_version "$VERSION" tp 0)"
+        ;;
+    *-beta[0-9]*)
+        debVersion="$(gen_deb_version "$VERSION" beta 1)"
+        ;;
+    *-rc[0-9]*)
+        debVersion="$(gen_deb_version "$VERSION" rc 2)"
+        ;;
+    *)
+        debVersion="$VERSION-3"
+        ;;
+esac
 
-# if we have a "-dev" suffix or have change in Git, this is a nightly build, and
-# we'll create a pseudo version based on commit-date and -sha.
-if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
-	export TZ=UTC
+export TZ=UTC
 
-	# based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
-	#
-	# using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
-	# where the time is the commit time in UTC and the final suffix is the prefix
-	# of the commit hash. The time portion ensures that two pseudo-versions can
-	# be compared to determine which happened later, the commit hash identifes
-	# the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
-	# as a pre-release before version v0.0.0, so that the go command prefers any
-	# tagged release over any pseudo-version.
-	gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+tilde='~' # ouch Bash 4.2 vs 4.3, you keel me
+# git running in different directories, backwards compatible too
+GIT_COMMAND="git -C $ENGINE_DIR"
+debVersion="${debVersion//-/$tilde}" # using \~ or '~' here works in 4.3, but not 4.2; just ~ causes $HOME to be inserted, hence the $tilde
+# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
+if [[ "$VERSION" == *-dev ]]; then
+    # based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+    #
+    # using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
+    # where the time is the commit time in UTC and the final suffix is the prefix
+    # of the commit hash. The time portion ensures that two pseudo-versions can
+    # be compared to determine which happened later, the commit hash identifes
+    # the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+    # as a pre-release before version v0.0.0, so that the go command prefers any
+    # tagged release over any pseudo-version.
+    gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+    gitDate="$($DATE_COMMAND --utc --date "@$gitUnix" +'%Y%m%d%H%M%S')"
+    gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
+    debVersion="0.0.0-${gitDate}-${gitCommit}"
+    origVersion=$debVersion
 
-	if [ "$(uname)" = "Darwin" ]; then
-		# Using BSD date (macOS), which doesn't support the --date option
-		# date -jf "<input format>" "<input value>" +"<output format>" (https://unix.stackexchange.com/a/86510)
-		gitDate="$(TZ=UTC date -u -jf "%s" "$gitUnix" +'%Y%m%d%H%M%S')"
-	else
-		# Using GNU date (Linux)
-		gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
-	fi
-
-	gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
-	# generated version is now something like '0.0.0-20180719213702-cd5e2db'
-	origVersion="0.0.0-${gitDate}-${gitCommit}" # (using hyphens)
-	debVersion="0.0.0~${gitDate}.${gitCommit}"  # (using tilde and periods)
-
-	# verify that nightly builds are always < actual releases
-	#
-	# $ dpkg --compare-versions 1.5.0 gt 1.5.0~rc1 && echo true || echo false
-	# true
-	# $ dpkg --compare-versions 1.5.0~rc1 gt 0.0.0-20180719213347-5daff5a && echo true || echo false
-	# true
-	# $ dpkg --compare-versions 18.06.0-ce-rc3 gt 18.06.0-ce-rc2  && echo true || echo false
-	# true
-	# $ dpkg --compare-versions 18.06.0-ce gt 18.06.0-ce-rc2  && echo true || echo false
-	# false
-	# $ dpkg --compare-versions 18.06.0-ce-rc3 gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
-	# true
-	# $ dpkg --compare-versions 18.06.0-ce gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
-	# true
-	# $ dpkg --compare-versions 0.0.0-20180719213702-cd5e2db gt 0.0.0-20180719213347-5daff5a && echo true || echo false
-	# true
+    # verify that nightly builds are always < actual releases
+    #
+    # $ dpkg --compare-versions 1.5.0 gt 1.5.0~rc1 && echo true || echo false
+    # true
+    # $ dpkg --compare-versions 1.5.0~rc1 gt 0.0.0-20180719213347-5daff5a && echo true || echo false
+    # true
+    # $ dpkg --compare-versions 18.06.0-ce-rc3 gt 18.06.0-ce-rc2  && echo true || echo false
+    # true
+    # $ dpkg --compare-versions 18.06.0-ce gt 18.06.0-ce-rc2  && echo true || echo false
+    # false
+    # $ dpkg --compare-versions 18.06.0-ce-rc3 gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
+    # true
+    # $ dpkg --compare-versions 18.06.0-ce gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
+    # true
+    # $ dpkg --compare-versions 0.0.0-20180719213702-cd5e2db gt 0.0.0-20180719213347-5daff5a && echo true || echo false
+    # true
 fi
 
 echo "$debVersion" "$origVersion"

deb/raspbian-bookworm/Dockerfile

@@ -1,40 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=raspbian
-ARG SUITE=bookworm
-ARG VERSION_ID=12
-ARG BUILD_IMAGE=balenalib/rpi-raspbian:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/raspbian-bullseye/Dockerfile

@@ -1,40 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=raspbian
-ARG SUITE=bullseye
-ARG VERSION_ID=11
-ARG BUILD_IMAGE=balenalib/rpi-raspbian:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/raspbian-stretch/Dockerfile

@@ -0,0 +1,38 @@
+ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=resin/rpi-raspbian:stretch
+FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine
+
+FROM ${BUILD_IMAGE}
+
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ARG GO_VERSION
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+ARG COMMON_FILES
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+# Copy our sources and untar them
+COPY sources/ /sources
+RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
+
+RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli
+
+ENV DISTRO raspbian
+ENV SUITE stretch
+
+COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=engine /bin/dockerd /source/
+COPY --from=engine /bin/docker-proxy /source/
+COPY --from=engine /bin/docker-init /source/
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-bionic/Dockerfile

@@ -0,0 +1,38 @@
+ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=ubuntu:bionic
+FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine
+
+FROM ${BUILD_IMAGE}
+
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ARG GO_VERSION
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+ARG COMMON_FILES
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+# Copy our sources and untar them
+COPY sources/ /sources
+RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
+
+RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli
+
+ENV DISTRO ubuntu
+ENV SUITE bionic
+
+COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=engine /bin/dockerd /source/
+COPY --from=engine /bin/docker-proxy /source/
+COPY --from=engine /bin/docker-init /source/
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-cosmic/Dockerfile

@@ -0,0 +1,38 @@
+ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=ubuntu:cosmic
+FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine
+
+FROM ${BUILD_IMAGE}
+
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ARG GO_VERSION
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+ARG COMMON_FILES
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+# Copy our sources and untar them
+COPY sources/ /sources
+RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
+
+RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli
+
+ENV DISTRO ubuntu
+ENV SUITE cosmic
+
+COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=engine /bin/dockerd /source/
+COPY --from=engine /bin/docker-proxy /source/
+COPY --from=engine /bin/docker-init /source/
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-jammy/Dockerfile

@@ -1,46 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=ubuntu
-ARG SUITE=jammy
-ARG VERSION_ID=22.04
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-# Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
-RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
-        rm -f /usr/bin/man; \
-        dpkg-divert --quiet --remove --rename /usr/bin/man; \
-    fi
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-noble/Dockerfile

@@ -1,46 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=ubuntu
-ARG SUITE=noble
-ARG VERSION_ID=24.04
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-# Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
-RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
-        rm -f /usr/bin/man; \
-        dpkg-divert --quiet --remove --rename /usr/bin/man; \
-    fi
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-oracular/Dockerfile

@@ -1,46 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=ubuntu
-ARG SUITE=oracular
-ARG VERSION_ID=24.10
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-# Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
-RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
-        rm -f /usr/bin/man; \
-        dpkg-divert --quiet --remove --rename /usr/bin/man; \
-    fi
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-plucky/Dockerfile

@@ -1,46 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=ubuntu
-ARG SUITE=plucky
-ARG VERSION_ID=25.04
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-# Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
-RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
-        rm -f /usr/bin/man; \
-        dpkg-divert --quiet --remove --rename /usr/bin/man; \
-    fi
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-xenial/Dockerfile

@@ -0,0 +1,38 @@
+ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=ubuntu:xenial
+FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine
+
+FROM ${BUILD_IMAGE}
+
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ARG GO_VERSION
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+ARG COMMON_FILES
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+# Copy our sources and untar them
+COPY sources/ /sources
+RUN mkdir -p /go/src/github.com/docker/ && tar -xzf /sources/cli.tgz -C /go/src/github.com/docker/
+
+RUN ln -snf /go/src/github.com/docker/cli /root/build-deb/cli
+
+ENV DISTRO ubuntu
+ENV SUITE xenial
+
+COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=engine /bin/dockerd /source/
+COPY --from=engine /bin/docker-proxy /source/
+COPY --from=engine /bin/docker-init /source/
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

distros.json

@@ -1,141 +0,0 @@
-{
-    "centos-9": {
-        "image": "quay.io/centos/centos:stream9",
-        "arches": [
-            "amd64",
-            "aarch64"
-        ],
-        "description": "CentOS Stream 9",
-        "end_of_life": "2027"
-    },
-    "centos-10": {
-        "image": "quay.io/centos/centos:stream10",
-        "arches": [
-            "amd64",
-            "aarch64"
-        ],
-        "description": "CentOS Stream 10",
-        "end_of_life": "2030"
-    },
-    "debian-bullseye": {
-        "image": "debian:bullseye",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Debian 11 (oldstable)"
-    },
-    "debian-bookworm": {
-        "image": "debian:bookworm",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Debian 12 (stable)"
-    },
-    "debian-trixie": {
-        "image": "debian:trixie",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Debian 13 (Next stable)"
-    },
-    "fedora-41": {
-        "image": "fedora:41",
-        "arches": [
-            "amd64",
-            "aarch64"
-        ],
-        "end_of_life": "November, 2025"
-    },
-    "fedora-42": {
-        "image": "fedora:42",
-        "arches": [
-            "amd64",
-            "aarch64"
-        ],
-        "end_of_life": "November, 2025"
-    },
-    "raspbian-bullseye": {
-        "image": "balenalib/rpi-raspbian:bullseye",
-        "arches": [
-            "armhf"
-        ],
-        "description": "Debian/Raspbian 11 (stable)"
-    },
-    "raspbian-bookworm": {
-        "image": "balenalib/rpi-raspbian:bookworm",
-        "arches": [
-            "armhf"
-        ],
-        "description": "Debian/Raspbian 12 (next stable)"
-    },
-    "ubuntu-jammy": {
-        "image": "ubuntu:jammy",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Ubuntu 22.04 LTS",
-        "end_of_life": "04-2032",
-        "end_of_support": "04-2027"
-    },
-    "ubuntu-noble": {
-        "image": "ubuntu:noble",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Ubuntu 24.04 LTS",
-        "end_of_life": "04-2034",
-        "end_of_support": "06-2029"
-    },
-    "ubuntu-oracular": {
-        "image": "ubuntu:oracular",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Ubuntu 24.10",
-        "end_of_life": "07-2025",
-        "end_of_support": "07-2025"
-    },
-    "ubuntu-plucky": {
-        "image": "ubuntu:plucky",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Ubuntu 25.04",
-        "end_of_life": "01-2026",
-        "end_of_support": "01-2026"
-    },
-    "rhel-8": {
-        "image": "registry.access.redhat.com/ubi8/ubi",
-        "arches": [
-            "amd64",
-            "aarch64"
-        ],
-        "description": "Red Hat Enterprise Linux 8",
-        "end_of_life": "05-2029",
-        "end_of_support": "05-2024"
-    },
-    "rhel-9": {
-        "image": "registry.access.redhat.com/ubi9/ubi",
-        "arches": [
-            "amd64",
-            "aarch64"
-        ],
-        "description": "Red Hat Enterprise Linux 9",
-        "end_of_life": "05-2032",
-        "end_of_support": "05-2027"
-    }
-}

image/Dockerfile.engine

@@ -0,0 +1,101 @@
+# Common builder
+ARG GO_IMAGE
+FROM ${GO_IMAGE} as builder
+
+COPY hack/dockerfile/install/tini.installer /
+COPY hack/dockerfile/install/proxy.installer /
+RUN apt-get update && apt-get install -y \
+    bash \
+    btrfs-tools \
+    ca-certificates \
+    cmake \
+    gcc \
+    git \
+    libc-dev \
+    libgcc-6-dev \
+    libltdl-dev \
+    libseccomp-dev \
+    libtool \
+    make
+RUN grep "_COMMIT=" /*.installer  |cut -f2- -d: > /binaries-commits
+
+# dockerd
+FROM builder as dockerd-builder
+RUN apt-get install -y \
+    libsystemd-dev
+WORKDIR /go/src/github.com/docker/docker
+COPY . /go/src/github.com/docker/docker
+ARG VERSION
+ARG GITCOMMIT
+ARG BUILDTIME
+ARG PLATFORM
+ARG PRODUCT
+ARG DEFAULT_PRODUCT_LICENSE
+ENV VERSION ${VERSION}
+ENV GITCOMMIT ${GITCOMMIT}
+ENV BUILDTIME ${BUILDTIME}
+ENV PLATFORM ${PLATFORM}
+ENV PRODUCT ${PRODUCT}
+ENV DEFAULT_PRODUCT_LICENSE ${DEFAULT_PRODUCT_LICENSE}
+# TODO The way we set the version could easily be simplified not to depend on hack/...
+RUN bash ./hack/make/.go-autogen
+RUN go build -o /sbin/dockerd \
+    -tags 'autogen apparmor seccomp selinux journald exclude_graphdriver_devicemapper' \
+    -i \
+    -buildmode=pie \
+    -a -ldflags '-w'\
+    github.com/docker/docker/cmd/dockerd
+
+# docker-proxy
+# TODO if libnetwork folds into the docker tree this can be combined above
+FROM builder as proxy-builder
+RUN git clone https://github.com/docker/libnetwork.git /go/src/github.com/docker/libnetwork
+WORKDIR /go/src/github.com/docker/libnetwork
+RUN . /binaries-commits && \
+    git checkout -q "$LIBNETWORK_COMMIT" && \
+    CGO_ENABLED=0 go build -buildmode=pie -ldflags="$PROXY_LDFLAGS" \
+        -o /sbin/docker-proxy \
+        github.com/docker/libnetwork/cmd/proxy
+
+# docker-init - TODO move this out, last time we bumped was 2016!
+FROM builder as init-builder
+RUN git clone https://github.com/krallin/tini.git /tini
+WORKDIR /tini
+RUN . /binaries-commits && \
+    git checkout -q "$TINI_COMMIT" && \
+    cmake . && make tini-static && \
+    cp tini-static /sbin/docker-init
+
+# runc
+FROM builder as runc-builder
+RUN apt-get install -y libseccomp-dev
+RUN git clone https://github.com/opencontainers/runc.git /go/src/github.com/opencontainers/runc
+WORKDIR /go/src/github.com/opencontainers/runc
+RUN . /binaries-commits && \
+    git checkout -q "$RUNC_COMMIT" && \
+    make BUILDTAGS='seccomp apparmor' static && make install
+
+# Final docker image
+FROM scratch
+ARG VERSION
+ARG GITCOMMIT
+ARG BUILDTIME
+ARG PLATFORM
+ARG ENGINE_IMAGE
+COPY --from=dockerd-builder /sbin/dockerd /bin/
+COPY --from=proxy-builder /sbin/docker-proxy /bin/
+COPY --from=init-builder /sbin/docker-init /bin/
+COPY --from=runc-builder /usr/local/sbin/runc /bin/
+
+LABEL \
+    org.opencontainers.image.authors="Docker Inc." \
+    org.opencontainers.image.created="${BUILDTIME}" \
+    org.opencontainers.image.documentation="https://docs.docker.com/" \
+    org.opencontainers.image.licenses="Apache-2.0" \
+    org.opencontainers.image.revision="${GITCOMMIT}" \
+    org.opencontainers.image.url="https://www.docker.com/products/docker-engine" \
+    org.opencontainers.image.vendor="Docker Inc." \
+    org.opencontainers.image.version="${VERSION}" \
+    com.docker.distribution_based_engine="{\"platform\":\"${PLATFORM}\",\"engine_image\":\"${ENGINE_IMAGE}\",\"containerd_min_version\":\"1.2.0-beta.1\",\"runtime\":\"host_install\"}"
+
+ENTRYPOINT ["/bin/dockerd"]

image/Dockerfile.engine-dm

@@ -0,0 +1,97 @@
+# Common builder
+ARG GO_IMAGE
+ARG BASE_IMAGE=centos:7
+FROM ${GO_IMAGE} as golang
+
+FROM ${BASE_IMAGE} as builder
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+COPY --from=golang /usr/local/go /usr/local/go
+COPY hack/dockerfile/install/tini.installer /
+COPY hack/dockerfile/install/proxy.installer /
+RUN yum install -y \
+    bash \
+    ca-certificates \
+    cmake \
+    gcc \
+    git \
+    glibc-static \
+    libtool \
+    make
+RUN grep "_COMMIT=" /*.installer  |cut -f2- -d: > /binaries-commits
+
+# dockerd
+FROM builder as dockerd-builder
+RUN yum install -y \
+    btrfs-progs-devel \
+    device-mapper-devel \
+    libseccomp-devel \
+    selinux-policy-devel \
+    systemd-devel
+WORKDIR /go/src/github.com/docker/docker
+COPY . /go/src/github.com/docker/docker
+ARG VERSION
+ARG GITCOMMIT
+ARG BUILDTIME
+ARG PLATFORM
+ARG PRODUCT
+ARG DEFAULT_PRODUCT_LICENSE
+ENV VERSION ${VERSION}
+ENV GITCOMMIT ${GITCOMMIT}
+ENV BUILDTIME ${BUILDTIME}
+ENV PLATFORM ${PLATFORM}
+ENV PRODUCT ${PRODUCT}
+ENV DEFAULT_PRODUCT_LICENSE ${DEFAULT_PRODUCT_LICENSE}
+# TODO The way we set the version could easily be simplified not to depend on hack/...
+RUN bash ./hack/make/.go-autogen
+RUN go build -o /dockerd \
+    -tags 'autogen apparmor seccomp selinux journald' \
+    -i \
+    -buildmode=pie \
+    -a -ldflags '-w'\
+    github.com/docker/docker/cmd/dockerd
+
+# docker-proxy
+# TODO if libnetwork folds into the docker tree this can be combined above
+FROM builder as proxy-builder
+RUN git clone https://github.com/docker/libnetwork.git /go/src/github.com/docker/libnetwork
+WORKDIR /go/src/github.com/docker/libnetwork
+RUN . /binaries-commits && \
+    git checkout -q "$LIBNETWORK_COMMIT" && \
+    go build -buildmode=pie -ldflags="-w" \
+        -o /docker-proxy \
+        github.com/docker/libnetwork/cmd/proxy
+
+# docker-init - TODO move this out, last time we bumped was 2016!
+FROM builder as init-builder
+RUN git clone https://github.com/krallin/tini.git /tini
+WORKDIR /tini
+RUN . /binaries-commits && \
+    git checkout -q "$TINI_COMMIT" && \
+    cmake . && make tini-static && \
+    cp tini-static /docker-init
+
+# Final docker image
+FROM scratch
+ARG VERSION
+ARG GITCOMMIT
+ARG BUILDTIME
+ARG PLATFORM
+ARG ENGINE_IMAGE
+COPY --from=dockerd-builder /dockerd /bin/
+COPY --from=proxy-builder /docker-proxy /bin/
+COPY --from=init-builder /docker-init /bin/
+
+LABEL \
+    org.opencontainers.image.authors="Docker Inc." \
+    org.opencontainers.image.created="${BUILDTIME}" \
+    org.opencontainers.image.documentation="https://docs.docker.com/" \
+    org.opencontainers.image.licenses="Apache-2.0" \
+    org.opencontainers.image.revision="${GITCOMMIT}" \
+    org.opencontainers.image.url="https://www.docker.com/products/docker-engine" \
+    org.opencontainers.image.vendor="Docker Inc." \
+    org.opencontainers.image.version="${VERSION}" \
+    com.docker.distribution_based_engine="{\"platform\":\"${PLATFORM}\",\"engine_image\":\"${ENGINE_IMAGE}\",\"containerd_min_version\":\"1.2.0-beta.1\",\"runtime\":\"host_install\"}"
+
+ENTRYPOINT ["/bin/dockerd"]

image/Makefile

@@ -0,0 +1,90 @@
+SHELL:=/bin/bash
+ENGINE_DIR:=$(CURDIR)/../../engine
+CLI_DIR:=$(CURDIR)/../../cli
+VERSION?=0.0.0-dev
+GO_BASE_IMAGE=golang
+GO_VERSION:=1.10.8
+ENGINE_GO_IMAGE=$(GO_BASE_IMAGE):$(GO_VERSION)
+STATIC_VERSION=$(shell ../static/gen-static-ver $(ENGINE_DIR) $(VERSION))
+DOCKER_HUB_ORG?=dockereng
+ARCH=$(shell uname -m)
+ENGINE_IMAGE?=engine-community
+CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
+DEFAULT_PRODUCT_LICENSE?=Community Engine
+PLATFORM?=Docker Engine - Community
+BUILDTIME?=$(shell date -u -d "@$${SOURCE_DATE_EPOCH:-$$(date +%s)}" --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
+IMAGE_WITH_TAG=$(DOCKER_HUB_ORG)/$(ENGINE_IMAGE):$(STATIC_VERSION)
+ifdef BASE_IMAGE
+	# TODO: Clean this up to only set ENGINE_GO_IMAGE
+	BASE_IMAGE_FLAG=--build-arg BASE_IMAGE=$(BASE_IMAGE)
+	ENGINE_GO_IMAGE=$(BASE_IMAGE)
+endif
+IMAGE_BUILD?=docker build -t  $(IMAGE_WITH_TAG) \
+	--build-arg GO_IMAGE="$(ENGINE_GO_IMAGE)" \
+	--build-arg VERSION="$(STATIC_VERSION)" \
+	--build-arg GITCOMMIT="$$(cd $(ENGINE_DIR) && git rev-parse --short=7 HEAD)" \
+	--build-arg BUILDTIME="$(BUILDTIME)" \
+	--build-arg PLATFORM="$(PLATFORM)" \
+	--build-arg PRODUCT="$(PRODUCT)" \
+	--build-arg ENGINE_IMAGE="$(ENGINE_IMAGE)" \
+	--build-arg DEFAULT_PRODUCT_LICENSE="$(DEFAULT_PRODUCT_LICENSE)" \
+	$(BASE_IMAGE_FLAG) \
+	--file $< $(ENGINE_DIR)
+
+.PHONY: help
+help: ## show make targets
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+
+.PHONY: clean
+clean: ## remove build artifacts
+	-$(RM) $(ENGINE_DIR)/Dockerfile.engine
+	-$(RM) $(ENGINE_DIR)/Dockerfile.engine-dm
+	-docker rmi $(IMAGE_WITH_TAG)
+	-docker rmi $(IMAGE_WITH_TAG)-dm
+	-rm -f image-linux
+	-$(RM) -r artifacts
+	-$(RM) *.tar
+
+.PHONY: image
+image: image-linux
+
+$(ENGINE_DIR)/Dockerfile.%: Dockerfile.%
+	cp $< $@
+
+DOCKER2OCI=artifacts/docker2oci
+$(DOCKER2OCI):
+	-$(CHOWN) -R $(shell id -u):$(shell id -g) $(@D)
+	docker run --name docker2oci $(ENGINE_GO_IMAGE) sh -c 'go get github.com/coolljt0725/docker2oci'
+	mkdir -p $(@D)
+	docker cp docker2oci:/go/bin/docker2oci "$@"
+	docker rm -f docker2oci
+	$(CHOWN) -R $(shell id -u):$(shell id -g) $(@D)
+
+# builds across multiple archs because the base images
+# utilize manifests
+image-linux: $(ENGINE_DIR)/Dockerfile.engine
+	$(IMAGE_BUILD)
+	echo $(IMAGE_WITH_TAG) > $@
+
+engine-$(ARCH).tar: engine-$(ARCH)-docker-compat.tar $(DOCKER2OCI)
+	mkdir -p artifacts
+	./$(DOCKER2OCI) -i $< artifacts/engine-image
+	mkdir -p $(@D)
+	tar c -C artifacts/engine-image . > $@
+
+engine-$(ARCH)-docker-compat.tar: image-linux
+	docker save -o $@ $$(cat $<)
+
+image-linux-dm: ENGINE_IMAGE:=$(ENGINE_IMAGE)-dm
+image-linux-dm: $(ENGINE_DIR)/Dockerfile.engine-dm
+	$(IMAGE_BUILD)
+	echo $(IMAGE_WITH_TAG) > $@
+
+engine-$(ARCH)-dm.tar: engine-$(ARCH)-dm-docker-compat.tar $(DOCKER2OCI)
+	mkdir -p artifacts
+	./$(DOCKER2OCI) -i $< artifacts/engine-image
+	mkdir -p $(@D)
+	tar c -C artifacts/engine-image . > $@
+
+engine-$(ARCH)-dm-docker-compat.tar: image-linux-dm
+	docker save -o $@ $$(cat $<)

install-containerd-helpers

@@ -1,85 +0,0 @@
-#!/usr/bin/env bash
-
-###
-# Script Name:  install-containerd-helpers
-#
-# Description: A library that containers helpers to install containerd on different
-#              distributions based on a package manager
-###
-set -x extglob
-
-# Steps taken from: https://docs.docker.com/install/linux/docker-ce/centos/
-function install_rpm_containerd() {
-	if [ "${PACKAGE_REPO}" = "stage" ]; then
-		REPO_URL="https://download-stage.docker.com/linux/${DIST_ID}/docker-ce-staging.repo"
-	else
-		REPO_URL="https://download.docker.com/linux/${DIST_ID}/docker-ce.repo"
-	fi
-
-	# Install containerd dependency for non-zypper dependecies
-	echo "[DEBUG] Installing engine dependencies from ${REPO_URL}"
-
-	# Note: we enable test channel to be able to test non-stable containerd packages as well.
-	# Once a containerd package becomes stable it will also be available in the test channel,
-	# so this logic works for both cases.
-	# (See also same logic in install_debian_containerd)
-
-	if command -v dnf5; then
-		dnf --version
-
-		# FIXME(thaJeztah); strip empty lines as workaround for https://github.com/rpm-software-management/dnf5/issues/1603
-		TMP_REPO_FILE="$(mktemp --dry-run)"
-		curl -fsSL "${REPO_URL}" | tr -s '\n' > "${TMP_REPO_FILE}"
-		dnf config-manager addrepo --save-filename=docker-ce.repo  --overwrite --from-repofile="${TMP_REPO_FILE}"
-		rm -f "${TMP_REPO_FILE}"
-		# dnf config-manager addrepo --save-filename=docker-ce.repo --from-repofile="${REPO_URL}"
-		dnf config-manager setopt 'docker-ce-*.enabled=0'
-		dnf config-manager setopt 'docker-ce-test.enabled=1'
-		dnf makecache
-	elif command -v dnf; then
-		dnf --version
-
-		dnf config-manager --add-repo "${REPO_URL}"
-		dnf config-manager --set-disabled 'docker-ce-*'
-		dnf config-manager --set-enabled 'docker-ce-test'
-		dnf makecache
-	else
-		yum-config-manager --add-repo "${REPO_URL}"
-		yum-config-manager --disable 'docker-ce-*'
-		yum-config-manager --enable 'docker-ce-test'
-		yum makecache
-	fi
-}
-
-# Steps taken from: https://docs.docker.com/install/linux/docker-ce/ubuntu/
-function install_debian_containerd() {
-	if [ "${PACKAGE_REPO}" = "stage" ]; then
-		REPO_URL="https://download-stage.docker.com/linux/${DIST_ID}"
-	else
-		REPO_URL="https://download.docker.com/linux/${DIST_ID}"
-	fi
-
-	echo "[DEBUG] Installing engine dependencies from ${REPO_URL}"
-
-	#TODO include this step in the get.docker.com installation script
-	# Make sure ca-certificates are up-to-date
-	update-ca-certificates -f
-
-	install -m 0755 -d /etc/apt/keyrings
-	curl -fsSL "${REPO_URL}/gpg" | tee /etc/apt/keyrings/docker.asc
-	chmod a+r /etc/apt/keyrings/docker.asc
-
-	if [ "${DIST_VERSION}" = "sid" ]; then
-		echo 'Debian sid ("unstable") cannot be used for packaging: replace with the actual codename'
-		exit 1
-	fi
-	ARCH=$(dpkg --print-architecture)
-
-	# Note: we enable test channel to be able to test non-stable containerd packages as well.
-	# Once a containerd package becomes stable it will also be available in the test channel,
-	# so this logic works for both cases.
-	# (See also same logic in install_rpm_containerd)
-	echo "deb [arch=${ARCH} signed-by=/etc/apt/keyrings/docker.asc] ${REPO_URL} ${DIST_VERSION} test" > /etc/apt/sources.list.d/docker.list
-
-	apt-get update
-}

rpm/Makefile

@@ -1,75 +1,48 @@
-include ../common.mk
+include ../containerd.mk
 
-PLUGINS_DIR=$(realpath $(CURDIR)/../plugins)
+ARCH=$(shell uname -m)
+ENGINE_DIR:=$(CURDIR)/../../engine
+CLI_DIR:=$(CURDIR)/../../cli
+GITCOMMIT=$(shell cd $(ENGINE_DIR) && git rev-parse --short HEAD)
+VERSION?=0.0.0-dev
 GO_BASE_IMAGE=golang
-GO_IMAGE?=$(GO_BASE_IMAGE):$(GO_VERSION)-bookworm
-GEN_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/cli) "$(VERSION)")
-GEN_BUILDX_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/buildx) "$(DOCKER_BUILDX_REF)")
-GEN_COMPOSE_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/compose) "$(DOCKER_COMPOSE_REF)")
-GEN_MODEL_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/model-cli) "$(DOCKER_MODEL_REF)")
-CLI_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/cli) && git rev-parse --short HEAD)
-ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD)
-BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD)
+GO_VERSION:=1.10.8
+GO_IMAGE?=$(GO_BASE_IMAGE):$(GO_VERSION)
+GEN_RPM_VER=$(shell ./gen-rpm-ver $(CLI_DIR) $(VERSION))
+CHOWN=docker run --rm -i -v $(CURDIR):/v -w /v alpine chown
 
-ifdef RH_USER
-	RH_FLAGS=--secret id=rh-user,env=RH_USER --secret id=rh-pass,env=RH_PASS
+DOCKERFILE=Dockerfile
+ifdef NEEDS_ARCH_SPECIFIC
+	DOCKERFILE=Dockerfile.$(ARCH)
 endif
 ifdef BUILD_IMAGE
 	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
 endif
-BUILD?=DOCKER_BUILDKIT=1 \
-	docker build \
-	$(RH_FLAGS) \
+BUILD?=docker build \
 	$(BUILD_IMAGE_FLAG) \
 	--build-arg GO_IMAGE=$(GO_IMAGE) \
+	--build-arg ENGINE_IMAGE=$(shell cat rpmbuild/SOURCES/engine-image) \
 	-t rpmbuild-$@/$(ARCH) \
-	--platform linux/$(ARCH) \
-	-f $@/Dockerfile \
+	-f $@/$(DOCKERFILE) \
 	.
 
-
-SPEC_FILES?=docker-ce.spec docker-ce-cli.spec docker-ce-rootless-extras.spec docker-buildx-plugin.spec docker-compose-plugin.spec docker-model-plugin.spec
-
+SPEC_FILES?=docker-ce.spec docker-ce-cli.spec
 SPECS?=$(addprefix SPECS/, $(SPEC_FILES))
+RPMBUILD=docker run --privileged --rm -i\
+	-v $(CURDIR)/rpmbuild/SOURCES:/root/rpmbuild/SOURCES \
+	-v $(CURDIR)/rpmbuild/RPMS:/root/rpmbuild/RPMS \
+	-v $(CURDIR)/rpmbuild/SRPMS:/root/rpmbuild/SRPMS
 RPMBUILD_FLAGS?=-ba\
-	--define '_gitcommit_cli $(CLI_GITCOMMIT)' \
-	--define '_gitcommit_engine $(ENGINE_GITCOMMIT)' \
+	--define '_gitcommit $(word 3,$(GEN_RPM_VER))' \
 	--define '_release $(word 2,$(GEN_RPM_VER))' \
 	--define '_version $(word 1,$(GEN_RPM_VER))' \
 	--define '_origversion $(word 4, $(GEN_RPM_VER))' \
-	--define '_buildx_rpm_version $(word 1,$(GEN_BUILDX_RPM_VER))' \
-	--define '_buildx_version $(word 4,$(GEN_BUILDX_RPM_VER))' \
-	--define '_buildx_gitcommit $(BUILDX_GITCOMMIT)' \
-	--define '_compose_rpm_version $(word 1,$(GEN_COMPOSE_RPM_VER))' \
-	--define '_compose_version $(word 4,$(GEN_COMPOSE_RPM_VER))' \
-	--define '_model_rpm_version $(word 1,$(GEN_MODEL_RPM_VER))' \
-	--define '_model_version $(word 4,$(GEN_MODEL_RPM_VER))' \
-	$(RPMBUILD_EXTRA_FLAGS) \
 	$(SPECS)
+RUN?=$(RPMBUILD) rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
 
-# Additional flags may be necessary at some point
-RUN_FLAGS=
+SOURCE_FILES=engine-image cli.tgz docker.service docker.socket distribution_based_engine.json
+SOURCES=$(addprefix rpmbuild/SOURCES/, $(SOURCE_FILES))
 
-# FIXME(thaJeztah): disabling seccomp to handle (ppc64le) tar "chown / chmod"
-# failing when running in a Fedora 40 container on a Debian bookworm host;
-# see https://github.com/docker/docker-ce-packaging/issues/1012 and
-# https://github.com/docker/docker-ce-packaging/pull/1006#issuecomment-2006878743
-RUN?=docker run --rm \
-	--security-opt seccomp=unconfined \
-	--platform linux/$(ARCH) \
-	-e PLATFORM \
-	-v $(CURDIR)/rpmbuild/SOURCES:/root/rpmbuild/SOURCES:ro \
-	-v $(CURDIR)/rpmbuild/$@/RPMS:/root/rpmbuild/RPMS \
-	-v $(CURDIR)/rpmbuild/$@/SRPMS:/root/rpmbuild/SRPMS \
-	$(RUN_FLAGS) \
-	rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
-
-FEDORA_RELEASES ?= fedora-41 fedora-42
-CENTOS_RELEASES ?= centos-9 centos-10
-RHEL_RELEASES ?= rhel-8 rhel-9
-
-DISTROS := $(FEDORA_RELEASES) $(CENTOS_RELEASES) $(RHEL_RELEASES)
-BUNDLES := $(patsubst %,rpmbuild/bundles-ce-%-$(DPKG_ARCH).tar.gz,$(DISTROS))
 
 .PHONY: help
 help: ## show make targets
@@ -79,73 +52,76 @@ help: ## show make targets
 clean: ## remove build artifacts
 	[ ! -d rpmbuild ] || $(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
 	$(RM) -r rpmbuild/
-	-docker builder prune -f --filter until=24h
+	[ ! -d artifacts ] || $(CHOWN) -R $(shell id -u):$(shell id -g) artifacts
+	$(RM) -r artifacts/
+	[ ! -d tmp ] || $(CHOWN) -R $(shell id -u):$(shell id -g) tmp
+	$(RM) -r tmp/
+	-docker rm docker2oci
+	$(MAKE) -C ../image clean
 
 .PHONY: rpm
 rpm: fedora centos ## build all rpm packages
 
 .PHONY: fedora
-fedora: $(FEDORA_RELEASES) ## build all fedora rpm packages
+fedora: fedora-28 fedora-27 fedora-26 ## build all fedora rpm packages
 
 .PHONY: centos
-centos: $(CENTOS_RELEASES) ## build all centos rpm packages
+centos: centos-7 ## build all centos rpm packages
 
-.PHONY: rhel
-rhel: $(RHEL_RELEASES) ## build all rhel rpm packages
-
-.PHONY: $(DISTROS)
-$(DISTROS): sources
-	@echo "== Building packages for $@ =="
-	mkdir -p "rpmbuild/$@"
+.PHONY: fedora-29
+fedora-29: ## build fedora-29 rpm packages
+fedora-29: $(SOURCES)
+	$(CHOWN) -R root:root rpmbuild
 	$(BUILD)
 	$(RUN)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) "rpmbuild/$@"
+	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
 
-.PHONY: sources
-sources: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/buildx.tgz rpmbuild/SOURCES/compose.tgz rpmbuild/SOURCES/model.tgz
+.PHONY: fedora-28
+fedora-28: ## build fedora-28 rpm packages
+fedora-28: $(SOURCES)
+	$(CHOWN) -R root:root rpmbuild
+	$(BUILD)
+	$(RUN)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
 
-rpmbuild/SOURCES/engine.tgz:
-	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/docker):/engine \
-		-v $(CURDIR)/$(@D):/v \
-		alpine \
-		tar -C / -c -z -f /v/engine.tgz --exclude .git engine
+.PHONY: fedora-27
+fedora-27: ## build fedora-27 rpm packages
+fedora-27: $(SOURCES)
+	$(CHOWN) -R root:root rpmbuild
+	$(BUILD)
+	$(RUN)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
+
+.PHONY: centos-7
+centos-7: ## build centos-7 rpm packages
+centos-7: $(SOURCES)
+	$(CHOWN) -R root:root rpmbuild
+	$(BUILD)
+	$(RUN)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
 
 rpmbuild/SOURCES/cli.tgz:
-	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/cli):/cli \
-		-v $(CURDIR)/$(@D):/v \
+	mkdir -p rpmbuild/SOURCES
+	docker run --rm -i -w /v \
+		-v $(CLI_DIR):/cli \
+		-v $(CURDIR)/rpmbuild/SOURCES:/v \
 		alpine \
 		tar -C / -c -z -f /v/cli.tgz --exclude .git cli
 
-rpmbuild/SOURCES/buildx.tgz:
+rpmbuild/SOURCES/docker.service: ../systemd/docker.service
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/buildx):/buildx \
-		-v $(CURDIR)/$(@D):/v \
-		alpine \
-		tar -C / -c -z -f /v/buildx.tgz --exclude .git buildx
+	cp $< $@
 
-rpmbuild/SOURCES/compose.tgz:
+rpmbuild/SOURCES/docker.socket: ../systemd/docker.socket
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/compose):/compose \
-		-v $(CURDIR)/$(@D):/v \
-		alpine \
-		tar -C / -c -z -f /v/compose.tgz --exclude .git compose
+	cp $< $@
 
-rpmbuild/SOURCES/model.tgz:
+rpmbuild/SOURCES/engine-image:
+	$(MAKE) -C ../image image-linux-dm
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/model-cli):/model \
-		-v $(CURDIR)/$(@D):/v \
-		alpine \
-		tar -C / -c -z -f /v/model.tgz --exclude .git model
+	cp ../image/image-linux-dm $@
 
-# See ARCHES in common.mk. Could not figure out how to match both distro and arch.
-BUNDLES:=$(addsuffix .tar.gz,$(addprefix rpmbuild/bundles-ce-%-,$(ARCHES)))
-
-$(BUNDLES): %
-	tar czf $@ --transform="s|^rpmbuild/\(.*\)|bundles/$(VERSION)/build-rpm/\1|" rpmbuild/$*
+rpmbuild/SOURCES/distribution_based_engine.json: rpmbuild/SOURCES/engine-image
+	mkdir -p $(@D)
+	docker inspect "$(shell cat $<)" \
+		--format '{{index .Config.Labels "com.docker.distribution_based_engine" }}' > $@

rpm/README.md

@@ -3,37 +3,30 @@
 `.rpm` packages can be built from this directory with the following syntax
 
 ```shell
-make rpm
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli rpm
 ```
 
 Artifacts will be located in `rpmbuild` under the following directory structure:
 `rpmbuild/$distro-$distro_version/`
 
-### Building from local source
-
-Specify the location of the source repositories for the engine and cli when
-building packages
-
+### NOTES:
 * `ENGINE_DIR` -> Specifies the directory where the engine code is located, eg: `$GOPATH/src/github.com/docker/docker`
 * `CLI_DIR` -> Specifies the directory where the cli code is located, eg: `$GOPATH/src/github.com/docker/cli`
 
-```shell
-make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli rpm
-```
-
 ## Specifying a specific distro
 
 ```shell
-make centos
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli fedora
 ```
 
 ## Specifying a specific distro version
 ```shell
-make centos-9
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli fedora-25
 ```
 
-## Building the for all distros
+## Building the latest docker-ce
 
 ```shell
-make rpm
+git clone https://github.com/docker/docker-ce.git
+make ENGINE_DIR=docker-ce/components/engine CLI_DIR=docker-ce/components/cli rpm
 ```

rpm/SPECS/docker-buildx-plugin.spec

@@ -1,51 +0,0 @@
-%global debug_package %{nil}
-
-Name: docker-buildx-plugin
-Version: %{_buildx_rpm_version}
-Release: %{_release}%{?dist}
-Epoch: 0
-Source0: buildx.tgz
-Summary: Docker Buildx plugin for the Docker CLI
-Group: Tools/Docker
-License: Apache-2.0
-URL: https://github.com/docker/buildx
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-BuildRequires: bash
-
-%description
-Docker Buildx plugin for the Docker CLI.
-
-%prep
-%setup -q -c -n src -a 0
-
-%build
-pushd ${RPM_BUILD_DIR}/src/buildx
-	GO111MODULE=on \
-	CGO_ENABLED=0 \
-		go build \
-			-mod=vendor \
-			-trimpath \
-			-ldflags="-w -X github.com/docker/buildx/version.Version=%{_buildx_version} -X github.com/docker/buildx/version.Revision=%{_buildx_gitcommit} -X github.com/docker/buildx/version.Package=github.com/docker/buildx" \
-			-o "bin/docker-buildx" \
-			./cmd/buildx
-popd
-
-%check
-ver="$(${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-buildx docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
-	test "$ver" = "%{_buildx_version}" && echo "PASS: docker-buildx version OK" || (echo "FAIL: docker-buildx version ($ver) did not match" && exit 1)
-
-%install
-install -D -p -m 0755 ${RPM_BUILD_DIR}/src/buildx/bin/docker-buildx ${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-buildx
-
-%files
-%{_libexecdir}/docker/cli-plugins/docker-buildx
-
-%post
-
-%preun
-
-%postun
-
-%changelog

rpm/SPECS/docker-ce-cli.spec

@@ -6,7 +6,7 @@ Release: %{_release}%{?dist}
 Epoch: 1
 Summary: The open-source application container engine
 Group: Tools/Docker
-License: Apache-2.0
+License: ASL 2.0
 Source0: cli.tgz
 URL: https://www.docker.com
 Vendor: Docker
@@ -14,19 +14,14 @@ Packager: Docker <support@docker.com>
 
 # required packages on install
 Requires: /bin/sh
-Requires: /usr/sbin/groupadd
-
-Recommends: docker-buildx-plugin
-Recommends: docker-compose-plugin
-
-Suggests: docker-model-plugin
 
 BuildRequires: make
-BuildRequires: git
+BuildRequires: libtool-ltdl-devel
 
 # conflicting packages
 Conflicts: docker
 Conflicts: docker-io
+Conflicts: docker-engine-cs
 Conflicts: docker-ee
 Conflicts: docker-ee-cli
 
@@ -35,56 +30,63 @@ Docker is is a product for you to build, ship and run any application as a
 lightweight container.
 
 Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest cloud compute instance
-and everything in between - and they don't require you to use a particular
+they can run anywhere, from your laptop to the largest cloud compute instance and
+everything in between - and they don't require you to use a particular
 language, framework or packaging system. That makes them great building blocks
 for deploying and scaling web apps, databases, and backend services without
 depending on a particular stack or provider.
 
 %prep
-%setup -q -c -n src -a 0
+%setup -q -c -n src
 
 %build
 mkdir -p /go/src/github.com/docker
 rm -f /go/src/github.com/docker/cli
-ln -snf ${RPM_BUILD_DIR}/src/cli /go/src/github.com/docker/cli
-make -C /go/src/github.com/docker/cli DISABLE_WARN_OUTSIDE_CONTAINER=1 VERSION=%{_origversion} GITCOMMIT=%{_gitcommit_cli} dynbinary manpages shell-completion
+ln -s /root/rpmbuild/BUILD/src/cli /go/src/github.com/docker/cli
+pushd /go/src/github.com/docker/cli
+DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{_origversion} GITCOMMIT=%{_gitcommit} dynbinary manpages # cli
+popd
 
-%check
-ver="$(cli/build/docker --version)"; \
-    test "$ver" = "Docker version %{_origversion}, build %{_gitcommit_cli}" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($ver) did not match" && exit 1)
+# %check
+# cli/build/docker -v
 
 %install
 # install binary
-install -D -p -m 755 cli/build/docker ${RPM_BUILD_ROOT}%{_bindir}/docker
+install -d $RPM_BUILD_ROOT/%{_bindir}
+install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker
 
 # add bash, zsh, and fish completions
-install -D -p -m 644 cli/build/completion/bash/docker ${RPM_BUILD_ROOT}%{_datadir}/bash-completion/completions/docker
-install -D -p -m 644 cli/build/completion/zsh/_docker ${RPM_BUILD_ROOT}%{_datadir}/zsh/vendor-completions/_docker
-install -D -p -m 644 cli/build/completion/fish/docker.fish ${RPM_BUILD_ROOT}%{_datadir}/fish/vendor_completions.d/docker.fish
+install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
+install -d $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions
+install -d $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d
+install -p -m 644 cli/contrib/completion/bash/docker $RPM_BUILD_ROOT/usr/share/bash-completion/completions/docker
+install -p -m 644 cli/contrib/completion/zsh/_docker $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions/_docker
+install -p -m 644 cli/contrib/completion/fish/docker.fish $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d/docker.fish
 
-# install man-pages
-for sec in $(seq 1 9); do
-    if [ -d "cli/man/man${sec}" ]; then
-        # Note: we need to create destination dirs first (instead "install -D") due to wildcards used.
-        install -d ${RPM_BUILD_ROOT}%{_mandir}/man${sec} && \
-        install -p -m 644 cli/man/man${sec}/*.${sec} ${RPM_BUILD_ROOT}%{_mandir}/man${sec};
-    fi
-done
+# install manpages
+install -d %{buildroot}%{_mandir}/man1
+install -p -m 644 cli/man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1
+install -d %{buildroot}%{_mandir}/man5
+install -p -m 644 cli/man/man5/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5
+install -d %{buildroot}%{_mandir}/man8
+install -p -m 644 cli/man/man8/*.8 $RPM_BUILD_ROOT/%{_mandir}/man8
 
 mkdir -p build-docs
 for cli_file in LICENSE MAINTAINERS NOTICE README.md; do
-    install -D -p -m 644 "cli/$cli_file" "build-docs/$cli_file"
+    cp "cli/$cli_file" "build-docs/$cli_file"
 done
 
 # list files owned by the package here
 %files
 %doc build-docs/LICENSE build-docs/MAINTAINERS build-docs/NOTICE build-docs/README.md
-%{_bindir}/docker
-%{_datadir}/bash-completion/completions/docker
-%{_datadir}/zsh/vendor-completions/_docker
-%{_datadir}/fish/vendor_completions.d/docker.fish
-%{_mandir}/man*/*
+/%{_bindir}/docker
+/usr/share/bash-completion/completions/docker
+/usr/share/zsh/vendor-completions/_docker
+/usr/share/fish/vendor_completions.d/docker.fish
+%doc
+/%{_mandir}/man1/*
+/%{_mandir}/man5/*
+/%{_mandir}/man8/*
 
 
 %post

rpm/SPECS/docker-ce-rootless-extras.spec

@@ -1,63 +0,0 @@
-%global debug_package %{nil}
-
-Name: docker-ce-rootless-extras
-Version: %{_version}
-Release: %{_release}%{?dist}
-Epoch: 0
-Source0: engine.tgz
-Summary: Rootless support for Docker
-Group: Tools/Docker
-License: Apache-2.0
-URL: https://docs.docker.com/engine/security/rootless/
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-Requires: docker-ce
-# TODO: conditionally add `Requires: dbus-daemon` for Fedora and CentOS 8
-# slirp4netns >= 0.4 is available in the all supported versions of CentOS and Fedora.
-Requires: slirp4netns >= 0.4
-# fuse-overlayfs >= 0.7 is available in the all supported versions of CentOS and Fedora.
-Requires: fuse-overlayfs >= 0.7
-
-BuildRequires: bash
-
-# conflicting packages
-Conflicts: rootlesskit
-
-%description
-Rootless support for Docker.
-Use dockerd-rootless.sh to run the daemon.
-Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh .
-This package contains RootlessKit, but does not contain VPNKit.
-Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately.
-
-%prep
-%setup -q -c -n src -a 0
-
-%build
-
-export DOCKER_GITCOMMIT=%{_gitcommit_engine}
-mkdir -p /go/src/github.com/docker
-ln -snf ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker
-TMP_GOPATH="/go" ${RPM_BUILD_DIR}/src/engine/hack/dockerfile/install/install.sh rootlesskit dynamic
-
-%check
-/usr/local/bin/rootlesskit -v
-
-%install
-install -D -p -m 0755 engine/contrib/dockerd-rootless.sh ${RPM_BUILD_ROOT}%{_bindir}/dockerd-rootless.sh
-install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh ${RPM_BUILD_ROOT}%{_bindir}/dockerd-rootless-setuptool.sh
-install -D -p -m 0755 /usr/local/bin/rootlesskit ${RPM_BUILD_ROOT}%{_bindir}/rootlesskit
-
-%files
-%{_bindir}/dockerd-rootless.sh
-%{_bindir}/dockerd-rootless-setuptool.sh
-%{_bindir}/rootlesskit
-
-%post
-
-%preun
-
-%postun
-
-%changelog

rpm/SPECS/docker-ce.spec

@@ -1,127 +1,151 @@
 %global debug_package %{nil}
 
+
 Name: docker-ce
 Version: %{_version}
 Release: %{_release}%{?dist}
 Epoch: 3
-Source0: engine.tgz
+Source0: docker.service
+Source1: docker.socket
 Summary: The open-source application container engine
 Group: Tools/Docker
-License: Apache-2.0
+License: ASL 2.0
 URL: https://www.docker.com
 Vendor: Docker
 Packager: Docker <support@docker.com>
 
-Requires: /usr/sbin/groupadd
-# Provides modprobe, which we use to load br_netfilter if not loaded.
-Suggests: kmod
 Requires: docker-ce-cli
-Recommends: docker-ce-rootless-extras
-Requires: container-selinux
-Requires: systemd
+Requires: container-selinux >= 2.9
+Requires: libseccomp >= 2.3
+Requires: systemd-units
 Requires: iptables
-%if %{undefined rhel} || 0%{?rhel} < 9
-# Libcgroup is no longer available in RHEL/CentOS >= 9 distros.
 Requires: libcgroup
-%endif
-Requires: containerd.io >= 1.7.27
+Requires: containerd.io >= 1.2.2-3
 Requires: tar
 Requires: xz
 
-BuildRequires: bash
-BuildRequires: ca-certificates
-BuildRequires: cmake
-BuildRequires: gcc
-BuildRequires: git
-BuildRequires: glibc-static
-BuildRequires: libtool
+# Resolves: rhbz#1165615
+Requires: device-mapper-libs >= 1.02.90-1
+
+BuildRequires: which
 BuildRequires: make
-BuildRequires: pkgconfig
+BuildRequires: gcc
 BuildRequires: pkgconfig(systemd)
-BuildRequires: systemd-devel
-BuildRequires: tar
 
 # conflicting packages
 Conflicts: docker
 Conflicts: docker-io
+Conflicts: docker-engine-cs
 Conflicts: docker-ee
 
+# Obsolete packages
+Obsoletes: docker-ce-selinux
+Obsoletes: docker-engine-selinux
+Obsoletes: docker-engine
+
 %description
-Docker is a product for you to build, ship and run any application as a
+Docker is is a product for you to build, ship and run any application as a
 lightweight container.
 
 Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest cloud compute instance
-and everything in between - and they don't require you to use a particular
+they can run anywhere, from your laptop to the largest cloud compute instance and
+everything in between - and they don't require you to use a particular
 language, framework or packaging system. That makes them great building blocks
 for deploying and scaling web apps, databases, and backend services without
 depending on a particular stack or provider.
 
 %prep
-%setup -q -c -n src -a 0
 
 %build
 
-export DOCKER_GITCOMMIT=%{_gitcommit_engine}
-mkdir -p /go/src/github.com/docker
-ln -snf ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker
-
-pushd ${RPM_BUILD_DIR}/src/engine
-TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini
-
-# Determine Go module mode based on file presence
-if [ -f vendor.mod ]; then
-    GOMOD=off
-elif [ -f go.mod ]; then
-    GOMOD=on
-else
-    echo "No go.mod or vendor.mod found in engine directory"
-    exit 1
-fi
-GO111MODULE=$GOMOD VERSION=%{_origversion} PRODUCT=docker hack/make.sh dynbinary
-popd
-
-#  build  man-pages
-make -C ${RPM_BUILD_DIR}/src/engine/man
-
-%check
-ver="$(engine/bundles/dynbinary-daemon/dockerd --version)"; \
-    test "$ver" = "Docker version %{_origversion}, build %{_gitcommit_engine}" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($ver) did not match" && exit 1)
-
 %install
-install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) ${RPM_BUILD_ROOT}%{_bindir}/dockerd
-install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/docker-proxy) ${RPM_BUILD_ROOT}%{_bindir}/docker-proxy
-install -D -p -m 0755 /usr/local/bin/docker-init ${RPM_BUILD_ROOT}%{_libexecdir}/docker/docker-init
-
-# install systemd scripts
-install -D -p -m 0644 engine/contrib/init/systemd/docker.service ${RPM_BUILD_ROOT}%{_unitdir}/docker.service
-install -D -p -m 0644 engine/contrib/init/systemd/docker.socket ${RPM_BUILD_ROOT}%{_unitdir}/docker.socket
-
-# install manpages
-make -C ${RPM_BUILD_DIR}/src/engine/man DESTDIR=${RPM_BUILD_ROOT} mandir=%{_mandir} install
-
-# create the config directory
-mkdir -p ${RPM_BUILD_ROOT}/etc/docker
+# Install containerd-proxy as dockerd
+install -D -m 0755 /sources/dockerd $RPM_BUILD_ROOT/%{_bindir}/dockerd-ce
+install -D -m 0755 /sources/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
+install -D -m 0755 /sources/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
+install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service
+install -D -m 0644 %{_topdir}/SOURCES/docker.socket $RPM_BUILD_ROOT/%{_unitdir}/docker.socket
+install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ROOT/var/lib/docker-engine/distribution_based_engine-ce.json
 
 %files
-%{_bindir}/dockerd
-%{_bindir}/docker-proxy
-%{_libexecdir}/docker/docker-init
-%{_unitdir}/docker.service
-%{_unitdir}/docker.socket
-%{_mandir}/man*/*
-%dir /etc/docker
+/%{_bindir}/dockerd-ce
+/%{_bindir}/docker-proxy
+/%{_bindir}/docker-init
+/%{_unitdir}/docker.service
+/%{_unitdir}/docker.socket
+/var/lib/docker-engine/distribution_based_engine-ce.json
+
+%pre
+if [ $1 -gt 0 ] ; then
+    # package upgrade scenario, before new files are installed
+
+    # clear any old state
+    rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
+
+    # check if docker service is running
+    if systemctl is-active docker > /dev/null 2>&1; then
+        systemctl stop docker > /dev/null 2>&1 || :
+        touch %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
+    fi
+fi
 
 %post
-%systemd_post docker.service
+%systemd_post docker
 if ! getent group docker > /dev/null; then
     groupadd --system docker
 fi
+dbefile=/var/lib/docker-engine/distribution_based_engine.json
+URL=https://docs.docker.com/releasenote
+if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then
+    echo
+    echo
+    echo
+    echo "Warning: Your engine has been activated to Docker Engine - Enterprise but you are still using Community packages"
+    echo "You can use the 'docker engine update' command to update your system, or switch to using the Enterprise packages."
+    echo "See $URL for more details."
+    echo
+    echo
+    echo
+else
+    rm -f %{_bindir}/dockerd
+    update-alternatives --install %{_bindir}/dockerd dockerd %{_bindir}/dockerd-ce 1 \
+        --slave "${dbefile}" distribution_based_engine.json /var/lib/docker-engine/distribution_based_engine-ce.json
+fi
+
 
 %preun
-%systemd_preun docker.service docker.socket
+%systemd_preun docker
+update-alternatives --remove dockerd %{_bindir}/dockerd || true
 
 %postun
-%systemd_postun_with_restart docker.service
+%systemd_postun_with_restart docker
+
+%posttrans
+if [ $1 -ge 0 ] ; then
+    dbefile=/var/lib/docker-engine/distribution_based_engine.json
+    URL=https://docs.docker.com/releasenote
+    if [ -f "${dbefile}" ] && sed -e 's/.*"platform"[ \t]*:[ \t]*"\([^"]*\)".*/\1/g' "${dbefile}"| grep -v -i community > /dev/null; then
+        echo
+        echo
+        echo
+        echo "Warning: Your engine has been activated to Docker Engine - Enterprise but you are still using Community packages"
+        echo "You can use the 'docker engine update' command to update your system, or switch to using the Enterprise packages."
+        echo "See $URL for more details."
+        echo
+        echo
+        echo
+    else
+        rm -f %{_bindir}/dockerd
+        update-alternatives --install %{_bindir}/dockerd dockerd %{_bindir}/dockerd-ce 1 \
+            --slave "${dbefile}" distribution_based_engine.json /var/lib/docker-engine/distribution_based_engine-ce.json
+    fi
+    # package upgrade scenario, after new files are installed
+
+    # check if docker was running before upgrade
+    if [ -f %{_localstatedir}/lib/rpm-state/docker-is-active ]; then
+        systemctl start docker > /dev/null 2>&1 || :
+        rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
+    fi
+fi
 
 %changelog

rpm/SPECS/docker-compose-plugin.spec

@@ -1,57 +0,0 @@
-%global debug_package %{nil}
-
-Name: docker-compose-plugin
-Version: %{_compose_rpm_version}
-Release: %{_release}%{?dist}
-Epoch: 0
-Source0: compose.tgz
-Summary: Docker Compose (V2) plugin for the Docker CLI
-Group: Tools/Docker
-License: Apache-2.0
-URL: https://github.com/docker/compose/
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-Enhances: docker-ce-cli
-Recommends: docker-buildx-plugin
-
-BuildRequires: bash
-
-%description
-Docker Compose (V2) plugin for the Docker CLI.
-
-This plugin provides the 'docker compose' subcommand.
-
-The binary can also be run standalone as a direct replacement for
-Docker Compose V1 ('docker-compose').
-
-%prep
-%setup -q -c -n src -a 0
-
-%build
-make -C ${RPM_BUILD_DIR}/src/compose VERSION=%{_compose_version} DESTDIR=./bin build
-
-%check
-ver="$(${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-compose docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
-    test "$ver" = "%{_compose_version}" && echo "PASS: docker-compose version OK" || (echo "FAIL: docker-compose version ($ver) did not match" && exit 1)
-
-%install
-install -D -p -m 0755 ${RPM_BUILD_DIR}/src/compose/bin/docker-compose ${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-compose
-
-for f in LICENSE MAINTAINERS NOTICE README.md; do
-    install -D -p -m 0644 "${RPM_BUILD_DIR}/src/compose/$f" "docker-compose-plugin-docs/$f"
-done
-
-%files
-%doc docker-compose-plugin-docs/*
-%license docker-compose-plugin-docs/LICENSE
-%license docker-compose-plugin-docs/NOTICE
-%{_libexecdir}/docker/cli-plugins/docker-compose
-
-%post
-
-%preun
-
-%postun
-
-%changelog

rpm/SPECS/docker-model-plugin.spec

@@ -1,52 +0,0 @@
-%global debug_package %{nil}
-
-Name: docker-model-plugin
-Version: %{_model_rpm_version}
-Release: %{_release}%{?dist}
-Epoch: 0
-Source0: model.tgz
-Summary: Docker Model Runner plugin for the Docker CLI
-Group: Tools/Docker
-License: Apache-2.0
-URL: https://docs.docker.com/model-runner/
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-Enhances: docker-ce-cli
-
-BuildRequires: bash
-
-%description
-Docker Model Runner plugin for the Docker CLI.
-
-This plugin provides the 'docker model' subcommand.
-
-%prep
-%setup -q -c -n src -a 0
-
-%build
-GO111MODULE=on make -C ${RPM_BUILD_DIR}/src/model VERSION=%{_model_version} ce-release
-
-%check
-ver="$(${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-model docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
-    test "$ver" = "%{_model_version}" && echo "PASS: docker-model version OK" || (echo "FAIL: docker-model version ($ver) did not match" && exit 1)
-
-%install
-install -D -p -m 0755 ${RPM_BUILD_DIR}/src/model/dist/docker-model ${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-model
-
-for f in LICENSE; do
-    install -D -p -m 0644 "${RPM_BUILD_DIR}/src/model/$f" "docker-model-plugin-docs/$f"
-done
-
-%files
-%doc docker-model-plugin-docs/*
-%license docker-model-plugin-docs/LICENSE
-%{_libexecdir}/docker/cli-plugins/docker-model
-
-%post
-
-%preun
-
-%postun
-
-%changelog

rpm/centos-10/Dockerfile

@@ -1,35 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=centos
-ARG SUITE=10
-ARG BUILD_IMAGE=quay.io/centos/${DISTRO}:stream${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-ENV AUTO_GOPATH=1
-ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
-ARG DISTRO
-ARG SUITE
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-
-# RHEL8 / CentOS 8 changed behavior and no longer "rpm --import" or
-# "rpmkeys --import"as part of rpm package's %post scriplet. See
-# https://forums.centos.org/viewtopic.php?f=54&t=72574, and
-# https://access.redhat.com/solutions/3720351
-RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
-RUN dnf install -y rpm-build dnf-plugins-core
-RUN dnf config-manager --set-enabled crb
-
-COPY --link SPECS /root/rpmbuild/SPECS
-RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
-COPY --link --from=golang /usr/local/go /usr/local/go
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/centos-7/Dockerfile

@@ -0,0 +1,25 @@
+ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=centos:7
+FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine
+
+FROM ${BUILD_IMAGE}
+ENV DISTRO centos
+ENV SUITE 7
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+RUN yum install -y rpm-build rpmlint
+COPY SPECS /root/rpmbuild/SPECS
+# Overwrite repo that was failing on aarch64
+RUN sed -i 's/altarch/centos/g' /etc/yum.repos.d/CentOS-Sources.repo
+RUN yum-builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --from=golang /usr/local/go /usr/local/go/
+COPY --from=engine /bin/dockerd /sources/
+COPY --from=engine /bin/docker-proxy /sources/
+COPY --from=engine /bin/docker-init /sources/
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/centos-9/Dockerfile

@@ -1,35 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=centos
-ARG SUITE=9
-ARG BUILD_IMAGE=quay.io/centos/${DISTRO}:stream${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-ENV AUTO_GOPATH=1
-ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
-ARG DISTRO
-ARG SUITE
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-
-# RHEL8 / CentOS 8 changed behavior and no longer "rpm --import" or
-# "rpmkeys --import"as part of rpm package's %post scriplet. See
-# https://forums.centos.org/viewtopic.php?f=54&t=72574, and
-# https://access.redhat.com/solutions/3720351
-RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
-RUN dnf install -y rpm-build dnf-plugins-core
-RUN dnf config-manager --set-enabled crb
-
-COPY --link SPECS /root/rpmbuild/SPECS
-RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
-COPY --link --from=golang /usr/local/go /usr/local/go
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-27/Dockerfile

@@ -0,0 +1,23 @@
+ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=fedora:27
+FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine
+
+FROM ${BUILD_IMAGE}
+ENV DISTRO fedora
+ENV SUITE 27
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+RUN dnf install -y rpm-build rpmlint dnf-plugins-core
+COPY SPECS /root/rpmbuild/SPECS
+RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --from=golang /usr/local/go /usr/local/go/
+COPY --from=engine /bin/dockerd /sources/
+COPY --from=engine /bin/docker-proxy /sources/
+COPY --from=engine /bin/docker-init /sources/
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-28/Dockerfile

@@ -0,0 +1,23 @@
+ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=fedora:28
+FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine
+
+FROM ${BUILD_IMAGE}
+ENV DISTRO fedora
+ENV SUITE 28
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+RUN dnf install -y rpm-build rpmlint dnf-plugins-core
+COPY SPECS /root/rpmbuild/SPECS
+RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --from=golang /usr/local/go /usr/local/go/
+COPY --from=engine /bin/dockerd /sources/
+COPY --from=engine /bin/docker-proxy /sources/
+COPY --from=engine /bin/docker-init /sources/
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-29/Dockerfile

@@ -0,0 +1,23 @@
+ARG GO_IMAGE
+ARG ENGINE_IMAGE
+ARG BUILD_IMAGE=fedora:29
+FROM ${GO_IMAGE} as golang
+FROM ${ENGINE_IMAGE} as engine
+
+FROM ${BUILD_IMAGE}
+ENV DISTRO fedora
+ENV SUITE 29
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+RUN dnf install -y rpm-build rpmlint dnf-plugins-core
+COPY SPECS /root/rpmbuild/SPECS
+RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --from=golang /usr/local/go /usr/local/go/
+COPY --from=engine /bin/dockerd /sources/
+COPY --from=engine /bin/docker-proxy /sources/
+COPY --from=engine /bin/docker-init /sources/
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-41/Dockerfile

@@ -1,50 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=fedora
-ARG SUITE=41
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-ENV AUTO_GOPATH=1
-ARG DISTRO
-ARG SUITE
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-RUN dnf install -y rpm-build dnf-plugins-core
-# FIXME(thaJeztah): workaround for building on Fedora 41 on arm64
-#
-# This is the equivalent of https://github.com/docker/containerd-packaging/pull/390
-# for containerd packages, but unlike for containerd packages, we currently do
-# not run into this issue when building docker-ce packages. We're installing
-# this as a precaution, but perhaps it's not needed.
-#
-# go1.21 and up have a patch that enforces the use of ld.gold to work around
-# a bug in GNU binutils. See;
-# - https://github.com/golang/go/issues/22040.
-# - https://github.com/golang/go/commit/cd77738198ffe0c4a1db58352c89f9b2d2a4e85e
-#
-# Fedora 41 and up has a fixed version of binutils, and no longer requires that
-# patch, but may fail without ld.gold installed;
-#
-#   /usr/bin/gcc -Wl,-z,now -Wl,-z,nocopyreloc -fuse-ld=gold -o $WORK/b001/exe/a.out -rdynamic /tmp/go-link-1738353519/go.o /tmp/go-link-1738353519/000000.o /tmp/go-link-1738353519/000001.o /tmp/go-link-1738353519/000002.o /tmp/go-link-1738353519/000003.o /tmp/go-link-1738353519/000004.o /tmp/go-link-1738353519/000005.o /tmp/go-link-1738353519/000006.o /tmp/go-link-1738353519/000007.o /tmp/go-link-1738353519/000008.o /tmp/go-link-1738353519/000009.o /tmp/go-link-1738353519/000010.o /tmp/go-link-1738353519/000011.o /tmp/go-link-1738353519/000012.o /tmp/go-link-1738353519/000013.o /tmp/go-link-1738353519/000014.o /tmp/go-link-1738353519/000015.o /tmp/go-link-1738353519/000016.o /tmp/go-link-1738353519/000017.o /tmp/go-link-1738353519/000018.o /tmp/go-link-1738353519/000019.o /tmp/go-link-1738353519/000020.o /tmp/go-link-1738353519/000021.o /tmp/go-link-1738353519/000022.o /tmp/go-link-1738353519/000023.o /tmp/go-link-1738353519/000024.o -O2 -g -lresolv -O2 -g -lpthread -O2 -g -ldl -O2 -g
-#   collect2: fatal error: cannot find 'ld'
-#
-# Fedora's build of Go carries a patch for that, but it's not (yet) in upstream;
-# - https://src.fedoraproject.org/rpms/golang/blob/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77/f/0006-Default-to-ld.bfd-on-ARM64.patch
-# - https://src.fedoraproject.org/rpms/golang/c/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77?branch=rawhide
-#
-# As a workaround; install binutils-gold
-RUN if [ "$(arch)" = 'aarch64' ]; then dnf -y install binutils-gold; fi
-COPY --link SPECS /root/rpmbuild/SPECS
-RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
-COPY --link --from=golang /usr/local/go /usr/local/go
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-42/Dockerfile

@@ -1,51 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=fedora
-ARG SUITE=42
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-ENV AUTO_GOPATH=1
-ARG DISTRO
-ARG SUITE
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-RUN dnf install -y rpm-build dnf-plugins-core
-# FIXME(thaJeztah): workaround for building on Fedora 41 and up on arm64
-#
-# This is the equivalent of https://github.com/docker/containerd-packaging/pull/390
-# for containerd packages, but unlike for containerd packages, we currently do
-# not run into this issue when building docker-ce packages. We're installing
-# this as a precaution, but perhaps it's not needed.
-#
-# go1.21 and up have a patch that enforces the use of ld.gold to work around
-# a bug in GNU binutils. See;
-# - https://github.com/golang/go/issues/22040.
-# - https://github.com/golang/go/commit/cd77738198ffe0c4a1db58352c89f9b2d2a4e85e
-#
-# Fedora 41 and up has a fixed version of binutils, and no longer requires that
-# patch, but may fail without ld.gold installed;
-#
-#   /usr/bin/gcc -Wl,-z,now -Wl,-z,nocopyreloc -fuse-ld=gold -o $WORK/b001/exe/a.out -rdynamic /tmp/go-link-1738353519/go.o /tmp/go-link-1738353519/000000.o /tmp/go-link-1738353519/000001.o /tmp/go-link-1738353519/000002.o /tmp/go-link-1738353519/000003.o /tmp/go-link-1738353519/000004.o /tmp/go-link-1738353519/000005.o /tmp/go-link-1738353519/000006.o /tmp/go-link-1738353519/000007.o /tmp/go-link-1738353519/000008.o /tmp/go-link-1738353519/000009.o /tmp/go-link-1738353519/000010.o /tmp/go-link-1738353519/000011.o /tmp/go-link-1738353519/000012.o /tmp/go-link-1738353519/000013.o /tmp/go-link-1738353519/000014.o /tmp/go-link-1738353519/000015.o /tmp/go-link-1738353519/000016.o /tmp/go-link-1738353519/000017.o /tmp/go-link-1738353519/000018.o /tmp/go-link-1738353519/000019.o /tmp/go-link-1738353519/000020.o /tmp/go-link-1738353519/000021.o /tmp/go-link-1738353519/000022.o /tmp/go-link-1738353519/000023.o /tmp/go-link-1738353519/000024.o -O2 -g -lresolv -O2 -g -lpthread -O2 -g -ldl -O2 -g
-#   collect2: fatal error: cannot find 'ld'
-#
-# Fedora's build of Go carries a patch for that, but it's not (yet) in upstream;
-# - https://src.fedoraproject.org/rpms/golang/blob/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77/f/0006-Default-to-ld.bfd-on-ARM64.patch
-# - https://src.fedoraproject.org/rpms/golang/c/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77?branch=rawhide
-#
-# As a workaround; install binutils-gold
-RUN if [ "$(rpm --query --queryformat='%{ARCH}' rpm)" = 'aarch64' ] && ! command -v ld.gold; then dnf -y install binutils-gold; fi
-
-COPY --link SPECS /root/rpmbuild/SPECS
-RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
-COPY --link --from=golang /usr/local/go /usr/local/go
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/gen-rpm-ver

@@ -1,115 +1,68 @@
 #!/usr/bin/env bash
 
-REPO_DIR="$1"
-VERSION="$2"
+ENGINE_DIR=$1
+VERSION=$2
 
-if [ -z "$REPO_DIR" ] || [ -z "$VERSION" ]; then
-	# shellcheck disable=SC2016
-	echo 'usage: ./gen-rpm-ver ${REPO_DIR} ${VERSION}'
-	exit 1
+[[ $# < 2 ]] && echo 'not enough args' && exit 1
+
+DATE_COMMAND="date"
+if [[ $(uname) -eq "Darwin" ]]; then
+    DATE_COMMAND="docker run --rm alpine date"
 fi
 
-GIT_COMMAND="git -C $REPO_DIR"
+GIT_COMMAND="git -C $ENGINE_DIR"
 origVersion="$VERSION"
-rpmVersion="${VERSION#v}"
+rpmVersion="$VERSION"
+rpmRelease=3
 
-# rpm "Release:" field ($rpmRelease) is used to set the "_release" macro, which
-# is an incremental number for builds of the same release (Version: / #rpmVersion).
-#
-# This field can be:
-#
-# - Version: 0   : Package was built, but no matching upstream release (e.g., can be used for "nightly" builds)
-# - Version: 1   : Package was built for an upstream (pre)release version
-# - Version: > 1 : Only to be used for packaging-only changes (new package built for a version for which a package was already built/released)
-#
-# For details, see the Fedora packaging guide:
-# https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_complex_versioning_with_a_reasonable_upstream
-#
-# Note that older versions of the rpm spec allowed more traditional information
-# in this field, which is still allowed, but considered deprecated; see
-# https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_complex_versioning_with_a_reasonable_upstream
-#
-# In our case, this means that all releases, except for "nightly" builds should
-# use "Version: 1". Only in an exceptional case, where we need to publish a new
-# package (build) for an existing release, "Version: 2" should be used; this script
-# does not currently account for that situation.
-#
-# Assuming all tagged version of rpmRelease correspond with an upstream release,
-# this means that versioning is as follows:
-#
-# Docker 23.0.0:         version=23.0.0, release=1
-# Docker 23.0.0-alpha.1: version=23.0.0, release=1
-# Docker 23.0.0-beta.1:  version=23.0.0, release=1
-# Docker 23.0.0-rc.1:    version=23.0.0, release=1
-# Docker 23.0.0-dev:     version=0.0.0~YYYYMMDDHHMMSS.gitHASH, release=0
-rpmRelease=1
+# rpmRelease versioning is as follows
+# Docker 18.01.0-ce:  version=18.01.0.ce, release=3
+# Docker 18.01.0-ce-tp1: version=18.01.0.ce, release=0.1.tp1
+# Docker 18.01.0-ce-beta1: version=18.01.0.ce, release=1.1.beta1
+# Docker 18.01.0-ce-rc1: version=18.01.0.ce, release=2.1.rc1
+# Docker 18.01.0-ce-cs1: version=18.01.0.ce.cs1, release=1
+# Docker 18.01.0-ce-cs1-rc1: version=18.01.0.ce.cs1, release=0.1.rc1
+# Docker 18.01.0-ce-dev nightly: version=18.01.0.ce, release=0.0.YYYYMMDD.HHMMSS.gitHASH
 
-# rpm packages require a tilde (~) instead of a hyphen (-) as separator between
-# the version # and pre-release suffixes, otherwise pre-releases are sorted AFTER
-# non-pre-release versions, which would prevent users from updating from a pre-
-# release version to the "ga" version.
-#
-# For details, see the Fedora packaging guide:
-# https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_handling_non_sorting_versions_with_tilde_dot_and_caret
-#
-# > The tilde symbol (‘~’) is used before a version component which must sort
-# > earlier than any non-tilde component. It is used for any pre-release versions
-# > which wouldn’t otherwise sort appropriately.
-# >
-# > For example, with upstream releases 0.4.0, 0.4.1, 0.5.0-rc1, 0.5.0-rc2, 0.5.0,
-# > the two "release candidates" should use 0.5.0~rc1 and 0.5.0~rc2 in the Version:
-# > field. Bugfix or "patchlevel" releases that some upstream make should be handled
-# > using simple versioning. The separator used by upstream may need to be replaced
-# > by a dot or dropped.
-# >
-# > For example, if the same upstream released 0.5.0-post1 as a bugfix version,
-# > this "post-release" should use 0.5.0.post1 in the Version: field. Note that
-# > 0.5.0.post1 sorts lower than both 0.5.1 and 0.5.0.1.
-#
-# The code below replaces hyphens with tildes. Note that an intermediate $tilde
-# variable is needed to make this work on all versions of Bash. In some versions
-# of Bash, the tilde would be substituted with $HOME (even when escaped (\~) or
-# quoted ('~').
-tilde='~'
-rpmVersion="${rpmVersion//-/$tilde}"
+if [[ "$rpmVersion" =~ .*-tp[0-9]+$ ]]; then
+    tpVersion=${rpmVersion#*-tp}
+    rpmVersion=${rpmVersion%-tp*}
+    rpmRelease="0.${tpVersion}.tp${tpVersion}"
+elif [[ "$rpmVersion" =~ .*-beta[0-9]+$ ]]; then
+    betaVersion=${rpmVersion#*-beta}
+    rpmVersion=${rpmVersion%-beta*}
+    rpmRelease="1.${betaVersion}.beta${betaVersion}"
+elif [[ "$rpmVersion" =~ .*-rc[0-9]+$ ]]; then
+    rcVersion=${rpmVersion#*-rc}
+    rpmVersion=${rpmVersion%-rc*}
+    rpmRelease="2.${rcVersion}.rc${rcVersion}"
+fi
 
 DOCKER_GITCOMMIT=$($GIT_COMMAND rev-parse --short HEAD)
 if [ -n "$($GIT_COMMAND status --porcelain --untracked-files=no)" ]; then
-	DOCKER_GITCOMMIT="$DOCKER_GITCOMMIT-unsupported"
+    DOCKER_GITCOMMIT="$DOCKER_GITCOMMIT-unsupported"
 fi
 
-# if we have a "-dev" suffix or have change in Git, this is a nightly build, and
-# we'll create a pseudo version based on commit-date and -sha.
-if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
-	export TZ=UTC
-
-	# based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
-	#
-	# using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
-	# where the time is the commit time in UTC and the final suffix is the prefix
-	# of the commit hash. The time portion ensures that two pseudo-versions can
-	# be compared to determine which happened later, the commit hash identifes
-	# the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
-	# as a pre-release before version v0.0.0, so that the go command prefers any
-	# tagged release over any pseudo-version.
-	gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
-
-	if [ "$(uname)" = "Darwin" ]; then
-		# Using BSD date (macOS), which doesn't support the --date option
-		# date -jf "<input format>" "<input value>" +"<output format>" (https://unix.stackexchange.com/a/86510)
-		gitDate="$(TZ=UTC date -u -jf "%s" "$gitUnix" +'%Y%m%d%H%M%S')"
-	else
-		# Using GNU date (Linux)
-		gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
-	fi
-
-	gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
-	# generated version is now something like '0.0.0-20180719213702-cd5e2db'
-	origVersion="0.0.0-${gitDate}-${gitCommit}" # (using hyphens)
-	rpmVersion="0.0.0~${gitDate}.${gitCommit}"  # (using tilde and periods)
-	rpmRelease=0
+# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
+if [[ "$rpmVersion" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
+    # based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+    #
+    # using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
+    # where the time is the commit time in UTC and the final suffix is the prefix
+    # of the commit hash. The time portion ensures that two pseudo-versions can
+    # be compared to determine which happened later, the commit hash identifes
+    # the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+    # as a pre-release before version v0.0.0, so that the go command prefers any
+    # tagged release over any pseudo-version.
+    gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+    gitDate="$($DATE_COMMAND --utc --date "@$gitUnix" +'%Y%m%d%H%M%S')"
+    gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
+    # rpmVersion is now something like '0.0.0-20180719213702-cd5e2db'
+    rpmVersion="0.0.0-${gitDate}-${gitCommit}"
+    rpmRelease="0"
+    origVersion=$rpmVersion
 fi
 
-# Replace any remaining dashes with periods
+# Replace any other dashes with periods
 rpmVersion="${rpmVersion//-/.}"
-echo "$rpmVersion $rpmRelease $DOCKER_GITCOMMIT $origVersion"
+echo $rpmVersion $rpmRelease $DOCKER_GITCOMMIT $origVersion

rpm/rhel-8/Dockerfile

@@ -1,45 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=rhel
-ARG SUITE=8
-ARG BUILD_IMAGE=registry.access.redhat.com/ubi8/ubi
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE} AS subscribed-image
-RUN --mount=type=secret,id=rh-user --mount=type=secret,id=rh-pass <<-EOT
-	rm -f /etc/rhsm-host
-
-	if [ ! -f /run/secrets/rh-user ] || [ ! -f /run/secrets/rh-pass ]; then
-		echo "Either RH_USER or RH_PASS is not set. Running build without subscription."
-	else
-		subscription-manager register \
-			--username="$(cat /run/secrets/rh-user)" \
-			--password="$(cat /run/secrets/rh-pass)"
-
-		subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms
-		# dnf config-manager --set-enabled codeready-builder-for-rhel-8-$(arch)-rpms
-	fi
-EOT
-
-FROM subscribed-image
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-ENV AUTO_GOPATH=1
-ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
-ARG DISTRO
-ARG SUITE
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-
-RUN dnf install -y rpm-build
-COPY --link SPECS /root/rpmbuild/SPECS
-RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
-COPY --link --from=golang /usr/local/go /usr/local/go
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/rhel-9/Dockerfile

@@ -1,45 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=rhel
-ARG SUITE=9
-ARG BUILD_IMAGE=registry.access.redhat.com/ubi9/ubi
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE} AS subscribed-image
-RUN --mount=type=secret,id=rh-user --mount=type=secret,id=rh-pass <<-EOT
-	rm -f /etc/rhsm-host
-
-	if [ ! -f /run/secrets/rh-user ] || [ ! -f /run/secrets/rh-pass ]; then
-		echo "Either RH_USER or RH_PASS is not set. Running build without subscription."
-	else
-		subscription-manager register \
-			--username="$(cat /run/secrets/rh-user)" \
-			--password="$(cat /run/secrets/rh-pass)"
-
-		subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
-		# dnf config-manager --set-enabled codeready-builder-for-rhel-9-$(arch)-rpms
-	fi
-EOT
-
-FROM subscribed-image
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-ENV AUTO_GOPATH=1
-ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
-ARG DISTRO
-ARG SUITE
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-
-RUN dnf install -y rpm-build
-COPY --link SPECS /root/rpmbuild/SPECS
-RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
-COPY --link --from=golang /usr/local/go /usr/local/go
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

scripts/checkout.sh

@@ -1,39 +0,0 @@
-#!/usr/bin/env sh
-
-#   Copyright 2018-2020 Docker Inc.
-
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-
-#       http://www.apache.org/licenses/LICENSE-2.0
-
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
-
-checkout() (
-	set -ex
-	SRC="$1"
-	REF="$2"
-	REF_FETCH="$REF"
-	# if ref is branch or tag, retrieve its canonical form
-	REF=$(git -C "$SRC" ls-remote --refs --heads --tags origin "$REF" | awk '{print $2}')
-	if [ -n "$REF" ]; then
-		# if branch or tag then create it locally too
-		REF_FETCH="$REF:$REF"
-	else
-		REF="FETCH_HEAD"
-	fi
-	git -C "$SRC" fetch --update-head-ok --depth 1 origin "$REF_FETCH"
-	git -C "$SRC" checkout -q "$REF"
-)
-
-
-# Only execute checkout function above if this file is executed, not sourced from another script
-prog=checkout.sh # needs to be in sync with this file's name
-if [ "$(basename -- $0)" = "$prog" ]; then
-	checkout $*
-fi

static/Makefile

@@ -1,30 +1,12 @@
-include ../common.mk
-
-CLI_DIR=$(realpath $(CURDIR)/../src/github.com/docker/cli)
-ENGINE_DIR=$(realpath $(CURDIR)/../src/github.com/docker/docker)
-BUILDX_DIR=$(realpath $(CURDIR)/../src/github.com/docker/buildx)
-
-ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD)
-
-GEN_STATIC_VER=$(shell ./gen-static-ver $(CLI_DIR) $(VERSION))
+SHELL:=/bin/bash
+ENGINE_DIR:=$(CURDIR)/../../engine
+CLI_DIR:=$(CURDIR)/../../cli
+VERSION?=0.0.0-dev
+STATIC_VERSION=$(shell ./gen-static-ver $(ENGINE_DIR) $(VERSION))
+CHOWN=docker run --rm -v $(CURDIR):/v -w /v alpine chown
 HASH_CMD=docker run -v $(CURDIR):/sum -w /sum debian:jessie bash hash_files
 DIR_TO_HASH:=build/linux
-DOCKER_CLI_GOLANG_IMG=golang:$(GO_VERSION)
-
-DOCKER_BUILD_OPTS=
-
-ifneq ($(strip $(CONTAINERD_VERSION)),)
-# Set custom build-args to override the containerd version to build for static
-# packages.
-DOCKER_BUILD_OPTS +=--build-arg=CONTAINERD_VERSION=$(CONTAINERD_VERSION)
-endif
-
-ifneq ($(strip $(RUNC_VERSION)),)
-# Set custom build-args to override the runc version to build for static packages.
-DOCKER_BUILD_OPTS +=--build-arg=RUNC_VERSION=$(RUNC_VERSION)
-endif
-
-ENGINE_BUILD_OPTS=--build-arg VERSION=$(GEN_STATIC_VER) --build-arg DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) --build-arg DEFAULT_PRODUCT_LICENSE --build-arg PACKAGER_NAME --build-arg PLATFORM $(DOCKER_BUILD_OPTS)
+DEFAULT_PRODUCT_LICENSE?=Community Engine
 
 .PHONY: help
 help: ## show make targets
@@ -34,82 +16,56 @@ help: ## show make targets
 clean: ## remove build artifacts
 	[ ! -d build ] || $(CHOWN) -R $(shell id -u):$(shell id -g) build
 	$(RM) -r build
-	-docker builder prune -f --filter until=24h
 
 .PHONY: static
 static: static-linux cross-mac cross-win cross-arm ## create all static packages
 
 .PHONY: static-linux
-static-linux: static-cli static-engine static-buildx-plugin ## create tgz
+static-linux: static-cli static-engine ## create tgz with linux x86_64 client and server
 	mkdir -p build/linux/docker
 	cp $(CLI_DIR)/build/docker build/linux/docker/
-	for f in dockerd containerd ctr containerd-shim containerd-shim-runc-v2 docker-init docker-proxy runc; do \
-		cp -L $(ENGINE_DIR)/bundles/binary/$$f build/linux/docker/$$f; \
+	for f in dockerd containerd ctr containerd-shim docker-init docker-proxy runc; do \
+		cp -L $(ENGINE_DIR)/bundles/binary-daemon/$$f build/linux/docker/$$f; \
 	done
-	tar -C build/linux -c -z -f build/linux/docker-$(GEN_STATIC_VER).tgz docker
-
-	# extra binaries for running rootless
-	mkdir -p build/linux/docker-rootless-extras
-	for f in rootlesskit dockerd-rootless.sh dockerd-rootless-setuptool.sh vpnkit; do \
-		if [ -f $(ENGINE_DIR)/bundles/binary/$$f ]; then \
-			cp -L $(ENGINE_DIR)/bundles/binary/$$f build/linux/docker-rootless-extras/$$f; \
-		fi \
-	done
-	tar -C build/linux -c -z -f build/linux/docker-rootless-extras-$(GEN_STATIC_VER).tgz docker-rootless-extras
-
-	# buildx
-	tar -C $(BUILDX_DIR)/bin -c -z -f build/linux/docker-buildx-plugin-$(DOCKER_BUILDX_REF:v%=%).tgz docker-buildx
+	tar -C build/linux -c -z -f build/linux/docker-$(STATIC_VERSION).tgz docker
 
 .PHONY: hash_files
 hash_files:
 	@echo "Hashing directory $(DIR_TO_HASH)"
 	$(HASH_CMD) "$(DIR_TO_HASH)"
 
-.PHONY: buildx
-buildx:
-	docker buildx inspect | grep -q 'Driver: docker-container' || docker buildx create --use
-
 .PHONY: cross-mac
-cross-mac: buildx
-	cd $(CLI_DIR) && VERSION=$(GEN_STATIC_VER) docker buildx bake --set binary.platform=darwin/amd64,darwin/arm64 binary
-	dest=$$PWD/build/mac; cd $(CLI_DIR)/build && for platform in *; do \
-		arch=$$(echo $$platform | cut -d_ -f2); \
-		mkdir -p $$dest/$$arch/docker; \
-		cp $$platform/docker-darwin-* $$dest/$$arch/docker/docker && \
-		tar -C $$dest/$$arch -c -z -f $$dest/$$arch/docker-$(GEN_STATIC_VER).tgz docker; \
-	done
+cross-mac: cross-all-cli ## create tgz with darwin x86_64 client only
+	mkdir -p build/mac/docker
+	cp $(CLI_DIR)/build/docker-darwin-amd64 build/mac/docker/docker
+	tar -C build/mac -c -z -f build/mac/docker-$(STATIC_VERSION).tgz docker
 
 .PHONY: cross-win
-cross-win: cross-win-engine
-	cd $(CLI_DIR) && VERSION=$(GEN_STATIC_VER) docker buildx bake --set binary.platform=windows/amd64 binary
-	mkdir -p build/win/amd64/docker
-	cp $(CLI_DIR)/build/docker-windows-amd64.exe build/win/amd64/docker/docker.exe
-	cp $(ENGINE_DIR)/bundles/cross/win/dockerd.exe build/win/amd64/docker/dockerd.exe
-	docker run --rm -v $(CURDIR)/build/win/amd64:/v -w /v alpine sh -c 'apk update&&apk add zip&&zip -r docker-$(GEN_STATIC_VER).zip docker'
+cross-win: cross-all-cli cross-win-engine ## create zip file with windows x86_64 client and server
+	mkdir -p build/win/docker
+	cp $(CLI_DIR)/build/docker-windows-amd64 build/win/docker/docker.exe
+	cp $(ENGINE_DIR)/bundles/cross/windows/amd64/dockerd-$(VERSION).exe build/win/docker/dockerd.exe
+	docker run --rm -v $(CURDIR)/build/win:/v -w /v alpine sh -c 'apk update&&apk add zip&&zip -r docker-$(STATIC_VERSION).zip docker'
 	$(CHOWN) -R $(shell id -u):$(shell id -g) build
 
 .PHONY: cross-arm
 cross-arm: cross-all-cli ## create tgz with linux armhf client only
 	mkdir -p build/arm/docker
 	cp $(CLI_DIR)/build/docker-linux-arm build/arm/docker/docker
-	tar -C build/arm -c -z -f build/arm/docker-$(GEN_STATIC_VER).tgz docker
+	tar -C build/arm -c -z -f build/arm/docker-$(STATIC_VERSION).tgz docker
 
 .PHONY: static-cli
 static-cli:
-	cd $(CLI_DIR) && VERSION=$(GEN_STATIC_VER) docker buildx bake --set binary.platform=$(TARGETPLATFORM) --set binary.args.CGO_ENABLED=$(CGO_ENABLED) binary
+	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(VERSION) build
 
 .PHONY: static-engine
 static-engine:
-	cd $(ENGINE_DIR) && docker buildx build --target all $(ENGINE_BUILD_OPTS) --output "./bundles/binary" .
-
-.PHONY: static-buildx-plugin
-static-buildx-plugin:
-	cd $(BUILDX_DIR) && docker buildx bake --set binaries.platform=$(TARGETPLATFORM) binaries && mv ./bin/build/buildx ./bin/docker-buildx
+	$(MAKE) -C $(ENGINE_DIR) VERSION=$(VERSION) binary
 
 .PHONY: cross-all-cli
 cross-all-cli:
-	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(GEN_STATIC_VER) cross
+	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(VERSION) cross
 
 .PHONY: cross-win-engine
 cross-win-engine:
-	cd $(ENGINE_DIR) && docker buildx build --target binary $(ENGINE_BUILD_OPTS) --platform windows/amd64 --output "./bundles/cross/win" .
+	$(MAKE) -C $(ENGINE_DIR) VERSION=$(VERSION) DOCKER_CROSSPLATFORMS=windows/amd64 cross

static/gen-static-ver

@@ -1,46 +1,35 @@
 #!/usr/bin/env bash
 
-REPO_DIR="$1"
-VERSION="$2"
+ENGINE_DIR=$1
+VERSION=$2
 
-if [ -z "$REPO_DIR" ] || [ -z "$VERSION" ]; then
-	# shellcheck disable=SC2016
-	echo 'usage: ./gen-static-ver ${REPO_DIR} ${VERSION}'
-	exit 1
+if [ -z "$ENGINE_DIR" ] || [ -z "$VERSION" ]; then
+    echo 'usage: ./gen-static-ver ${ENGINE_DIR} ${VERSION}'
+    exit 1
 fi
 
-GIT_COMMAND="git -C $REPO_DIR"
+DATE_COMMAND="date"
+if [[ $(uname) -eq "Darwin" ]]; then
+    DATE_COMMAND="docker run --rm alpine date"
+fi
+GIT_COMMAND="git -C $ENGINE_DIR"
 
-staticVersion="${VERSION#v}"
-
-# if we have a "-dev" suffix or have change in Git, this is a nightly build, and
-# we'll create a pseudo version based on commit-date and -sha.
-if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
-	export TZ=UTC
-
-	# based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
-	#
-	# using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
-	# where the time is the commit time in UTC and the final suffix is the prefix
-	# of the commit hash. The time portion ensures that two pseudo-versions can
-	# be compared to determine which happened later, the commit hash identifes
-	# the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
-	# as a pre-release before version v0.0.0, so that the go command prefers any
-	# tagged release over any pseudo-version.
-	gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
-
-	if [ "$(uname)" = "Darwin" ]; then
-		# Using BSD date (macOS), which doesn't support the --date option
-		# date -jf "<input format>" "<input value>" +"<output format>" (https://unix.stackexchange.com/a/86510)
-		gitDate="$(TZ=UTC date -u -jf "%s" "$gitUnix" +'%Y%m%d%H%M%S')"
-	else
-		# Using GNU date (Linux)
-		gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
-	fi
-
-	gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
-	# generated version is now something like '0.0.0-20180719213702-cd5e2db'
-	staticVersion="0.0.0-${gitDate}-${gitCommit}" # (using hyphens)
+staticVersion="$VERSION"
+if [[ "$VERSION" == *-dev ]]; then
+    # based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+    #
+    # using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
+    # where the time is the commit time in UTC and the final suffix is the prefix
+    # of the commit hash. The time portion ensures that two pseudo-versions can
+    # be compared to determine which happened later, the commit hash identifes
+    # the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+    # as a pre-release before version v0.0.0, so that the go command prefers any
+    # tagged release over any pseudo-version.
+    gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+    gitDate="$($DATE_COMMAND --utc --date "@$gitUnix" +'%Y%m%d%H%M%S')"
+    gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
+    # staticVersion is now something like '0.0.0-20180719213702-cd5e2db'
+    staticVersion="0.0.0-${gitDate}-${gitCommit}"
 fi
 
 echo "$staticVersion"

static/hash_files

@@ -5,7 +5,7 @@
 DIR_TO_LOOK_IN=${1:-build/linux}
 
 for f in $(find "$DIR_TO_LOOK_IN" -type f); do
-	for hash_algo in md5 sha256; do
-		"${hash_algo}sum" "$f" >"$f.$hash_algo"
-	done
+    for hash_algo in md5 sha256; do
+        "${hash_algo}sum" "$f" > "$f.$hash_algo"
+    done
 done

systemd/docker.service

@@ -0,0 +1,47 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+BindsTo=containerd.service
+After=network-online.target firewalld.service containerd.service
+Wants=network-online.target
+Requires=docker.socket
+
+[Service]
+Type=notify
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
+ExecReload=/bin/kill -s HUP $MAINPID
+TimeoutSec=0
+RestartSec=2
+Restart=always
+
+# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
+# Both the old, and new location are accepted by systemd 229 and up, so using the old location
+# to make them work for either version of systemd.
+StartLimitBurst=3
+
+# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
+# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
+# this option work for either version of systemd.
+StartLimitInterval=60s
+
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+
+# Comment TasksMax if your systemd version does not supports it.
+# Only systemd 226 and above support this option.
+TasksMax=infinity
+
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
+
+# kill only the docker process, not all processes in the cgroup
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target

systemd/docker.socket

@@ -0,0 +1,12 @@
+[Unit]
+Description=Docker Socket for the API
+PartOf=docker.service
+
+[Socket]
+ListenStream=/var/run/docker.sock
+SocketMode=0660
+SocketUser=root
+SocketGroup=docker
+
+[Install]
+WantedBy=sockets.target

verify

@@ -1,149 +0,0 @@
-#!/usr/bin/env bash
-
-###
-# Script Name:  verify
-#
-# Description: This runs a smoke test to verify that the packages can be installed corrected
-###
-
-# build/${DIST_ID}/${DIST_VERSION}/${ARCH} - location of all packages
-# Manually Testing: docker run --rm -it -v $(pwd):/v -w /v "centos:7" ./verify
-
-set -e
-
-source install-containerd-helpers
-
-function verify() {
-	if dpkg --version >/dev/null 2>/dev/null; then
-		verify_deb
-	elif rpm --version >/dev/null 2>/dev/null; then
-		verify_rpm
-	else
-		echo "[ERROR] Unable to determine base os:"
-		cat /etc/os-release
-		exit 1
-	fi
-}
-
-function verify_binaries() {
-	docker --version
-	docker buildx version
-	docker compose version
-	docker model version
-	dockerd --version
-	docker-proxy --version
-	containerd --version
-	ctr --version
-	containerd-shim -v
-	containerd-shim-runc-v1 -v
-	containerd-shim-runc-v2 -v
-	runc --version
-}
-
-function verify_deb() {
-	# First install prerequisites for our script and dpkg and apt to run correctly.
-	# This list SHOULD NOT include dependencies of docker itself, otherwise we would
-	# not be able to verify that our packages specify all the required dependencies.
-	apt-get update
-	apt-get -y install --no-install-recommends \
-		apt-transport-https \
-		ca-certificates \
-		curl \
-		gnupg2 \
-		lsb-release
-
-	DIST_ID=$(source /etc/os-release; echo "$ID")
-	DIST_VERSION=$(lsb_release -sc)
-	if [ "${DIST_VERSION}" = "sid" ]; then
-		echo 'Debian sid ("unstable") cannot be used for packaging: replace with the actual codename'
-		exit 1
-	fi
-
-	install_debian_containerd
-
-	packages=$(find "deb/debbuild/${DIST_ID}-${DIST_VERSION}/" -type f -name "*.deb")
-	# All local packages need to be prefixed with `./` or else apt-get doesn't understand where to pull from
-	packages=$(echo "${packages}" | awk '$0="./"$0' | xargs)
-
-	(
-		set -x
-		# Install the locally built packages using 'dpkg' because installing with
-		# 'apt-get' would attempt to install dependency packages (such as the CLI)
-		# from download.docker.com instead of the locally built CLI package. Given
-		# that 'dpkg -i' does not install any dependency (but will fail if depen-
-		# dencies are missing), we use the '--ignore-depends' option to ignore
-		# packages we know to be missing at this stage, and '--force-depends' to
-		# only warn about any other missing dependency.
-		#
-		# shellcheck disable=SC2086
-		dpkg \
-			--ignore-depends=containerd.io,iptables,libdevmapper,libdevmapper1.02.1 \
-			--force-depends \
-			-i ${packages}
-
-		# After installing the local packages, we run 'apt-get install' with the
-		# '--fix-broken' option to trigger installation of the dependencies, which
-		# should succeed successfully. This step is to verify that not only the
-		# packages can be installed, but also that all dependencies (including
-		# containerd.io) can be resolved correctly for the distro that we built for,
-		# before going through the whole pipeline and publishing the packages.
-		#
-		# The '--no-upgrade' option is set to prevent apt from attempting to install
-		# packages from download(-stage).docker.com that we already installed using
-		# the local packages above. Without this, installing (e.g.) ./docker-ce-cli
-		# would result in apt installing "docker-ce" from the package repository and
-		# produce a "the following packages will be DOWNGRADED" error.
-		#
-		# shellcheck disable=SC2086
-		apt-get -y install --no-install-recommends --no-upgrade --fix-broken ${packages}
-	)
-
-	verify_binaries
-}
-
-function verify_rpm() {
-	DIST_ID=$(. /etc/os-release; echo "${ID}")
-	DIST_VERSION=$(. /etc/os-release; echo "${VERSION_ID}" | cut -d'.' -f1)
-
-	pkg_manager="yum"
-	pkg_config_manager="yum-config-manager"
-	if dnf --version; then
-		pkg_manager="dnf"
-		pkg_config_manager="dnf config-manager"
-		dnf clean all
-		${pkg_manager} install -y 'dnf-command(config-manager)'
-	fi
-
-	case ${DIST_ID}:${DIST_VERSION} in
-	ol:7*)
-		# Needed for container-selinux
-		${pkg_config_manager} --enable ol7_addons
-		;;
-	fedora*)
-		dnf install -y findutils
-		;;
-	esac
-
-	install_rpm_containerd
-
-	# find all rpm packages, exclude src package
-	echo "[DEBUG] Installing engine rpms"
-	packages=$(find "rpm/rpmbuild/${DIST_ID}-${DIST_VERSION}/RPMS/" -type f -name "*.rpm" | sed '/src/d')
-
-	# install all non-source packages
-	(
-		set -x
-		product_version=$(source /etc/os-release; echo "${REDHAT_SUPPORT_PRODUCT_VERSION:-}")
-		if [ "$product_version" = 'rawhide' ]; then
-				# force $releasever to account for Fedora pre-release images, as they
-				# may still be using "rawhide", which is not present on our package
-				# repositories on download.docker.com.
-				export DNF_VAR_releasever="$DIST_VERSION"
-		fi
-		${pkg_manager} install -y ${packages}
-	)
-
-	verify_binaries
-}
-
-verify