Merge pull request #485 from thaJeztah/19.03_backport_remove_eoan

[19.03 backport] Remove Fedora 30, Ubuntu 19.04, and Ubuntu 19.10 "Eoan"

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,30 +0,0 @@
-<!--
-Please make sure you've read and understood our contributing guidelines;
-https://github.com/docker/cli/blob/master/CONTRIBUTING.md
-
-** Make sure all your commits include a signature generated with `git commit -s` **
-
-For additional information on our contributing process, read our contributing
-guide https://docs.docker.com/opensource/code/
-
-If this is a bug fix, make sure your description includes "fixes #xxxx", or
-"closes #xxxx"
-
-Please provide the following information:
--->
-
-**- What I did**
-
-
-**- Description for the changelog**
-<!--
-Write a short (one line) summary that describes the changes in this
-pull request for inclusion in the changelog.
-It must be placed inside the below triple backticks section.
-
-NOTE: Only fill this section if changes introduced in this PR are user-facing.
-The PR must have a relevant impact/ label.
--->
-```markdown changelog
-
-```

.github/workflows/ci.yml

@@ -1,58 +0,0 @@
-name: ci
-
-# Default to 'contents: read', which grants actions to read commits.
-#
-# If any permission is set, any permission not included in the list is
-# implicitly set to "none".
-#
-# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]{2}'
-    tags:
-      - 'v*'
-  pull_request:
-
-jobs:
-  generate-matrix:
-    runs-on: ubuntu-24.04
-    outputs:
-      targets: ${{ steps.get-targets.outputs.targets }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Get targets
-        id: get-targets
-        run: |
-          echo "targets=$(jq -c '[to_entries[] | .key as $distro | .value.arches[] | {distro: $distro, arch: .}]' distros.json)" >> $GITHUB_OUTPUT
-
-  build:
-    needs:
-      - generate-matrix
-    runs-on: ${{ matrix.target.arch != 'amd64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
-    timeout-minutes: 60 # guardrails timeout for the whole job
-    strategy:
-      fail-fast: false
-      matrix:
-        target: ${{ fromJson(needs.generate-matrix.outputs.targets) }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build
-        run: |
-          make ARCH=${{ matrix.target.arch }} ${{ matrix.target.distro }}

.gitignore

@@ -2,5 +2,4 @@ build
 debbuild
 rpmbuild
 sources
-src
 *.tar

Jenkinsfile

@@ -2,130 +2,55 @@
 
 def branch = env.CHANGE_TARGET ?: env.BRANCH_NAME
 
-def pkgs = [
-    [target: "centos-9",                 image: "quay.io/centos/centos:stream9",          arches: ["amd64", "aarch64"]],
-    [target: "centos-10",                image: "quay.io/centos/centos:stream10",         arches: ["amd64", "aarch64"]],          // CentOS Stream 10 (EOL: 2030)
-    [target: "debian-bullseye",          image: "debian:bullseye",                        arches: ["amd64", "aarch64", "armhf"]], // Debian 11 (oldstable, EOL: 2024-08-14, EOL (LTS): 2026-08-31)
-    [target: "debian-bookworm",          image: "debian:bookworm",                        arches: ["amd64", "aarch64", "armhf"]], // Debian 12 (stable, EOL: 2026-06-10, EOL (LTS): 2028-06-30)
-    [target: "debian-trixie",            image: "debian:trixie",                          arches: ["amd64", "aarch64", "armhf"]], // Debian 13 (testing)
-    [target: "fedora-41",                image: "fedora:41",                              arches: ["amd64", "aarch64"]],          // EOL: November 19, 2025
-    [target: "fedora-42",                image: "fedora:42",                              arches: ["amd64", "aarch64"]],          // EOL: May 13, 2026
-    [target: "raspbian-bullseye",        image: "balenalib/rpi-raspbian:bullseye",        arches: ["armhf"]],                     // Debian/Raspbian 11 (stable)
-    [target: "raspbian-bookworm",        image: "balenalib/rpi-raspbian:bookworm",        arches: ["armhf"]],                     // Debian/Raspbian 12 (next stable)
-    [target: "ubuntu-jammy",             image: "ubuntu:jammy",                           arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 22.04 LTS (End of support: June,  2027. EOL: April, 2032)
-    [target: "ubuntu-noble",             image: "ubuntu:noble",                           arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 24.04 LTS (End of support: June,  2029. EOL: April, 2034)
-    [target: "ubuntu-oracular",          image: "ubuntu:oracular",                        arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 24.10 (EOL: July, 2025)
-    [target: "ubuntu-plucky",            image: "ubuntu:plucky",                          arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 25.04 (EOL: January, 2026)
+test_steps = [
+	'deb': { ->
+		stage('Ubuntu Xenial and Focal Package') {
+			wrappedNode(label: 'ubuntu && x86_64', cleanWorkspace: true) {
+				try {
+					checkout scm
+					sh('git clone https://github.com/docker/cli.git')
+					sh("git -C cli checkout $branch")
+					sh('git clone https://github.com/docker/docker.git engine')
+					sh("git -C engine checkout $branch")
+					sh('make -C deb VERSION=0.0.1-dev ENGINE_DIR=$(pwd)/engine CLI_DIR=$(pwd)/cli ubuntu-xenial ubuntu-focal')
+				} finally {
+					sh('make ENGINE_DIR=$(pwd)/engine clean-engine')
+				}
+			}
+		}
+	},
+	'rpm': { ->
+		stage('Centos 7 RPM Package') {
+			wrappedNode(label: 'ubuntu && x86_64', cleanWorkspace: true) {
+				try {
+					checkout scm
+					sh('git clone https://github.com/docker/cli.git')
+					sh("git -C cli checkout $branch")
+					sh('git clone https://github.com/docker/docker.git engine')
+					sh("git -C engine checkout $branch")
+					sh('make -C rpm VERSION=0.0.1-dev ENGINE_DIR=$(pwd)/engine CLI_DIR=$(pwd)/cli centos-7')
+				} finally {
+					sh('make ENGINE_DIR=$(pwd)/engine clean-engine')
+				}
+			}
+		}
+	},
+	'static': { ->
+		stage('Static Linux Binaries') {
+			wrappedNode(label: 'ubuntu && x86_64', cleanWorkspace: true) {
+				try {
+					checkout scm
+					sh('git clone https://github.com/docker/cli.git')
+					sh("git -C cli checkout $branch")
+					sh('git clone https://github.com/docker/docker.git engine')
+					sh("git -C engine checkout $branch")
+					sh('make VERSION=0.0.1-dev DOCKER_BUILD_PKGS=static-linux ENGINE_DIR=$(pwd)/engine CLI_DIR=$(pwd)/cli static')
+				} finally {
+					sh('make ENGINE_DIR=$(pwd)/engine clean-engine')
+				}
+			}
+		}
+	},
 ]
 
-def genBuildStep(LinkedHashMap pkg, String arch) {
-    def nodeLabel = "linux&&${arch}"
-    def platform = ""
-    def branch = env.CHANGE_TARGET ?: env.BRANCH_NAME
-
-    if (arch == 'armhf') {
-        // Running armhf builds on EC2 requires --platform parameter
-        // Otherwise it accidentally pulls armel images which then breaks the verify step
-        platform = "--platform=linux/${arch}"
-        nodeLabel = "${nodeLabel}&&ubuntu"
-    } else {
-        nodeLabel = "${nodeLabel}&&ubuntu-2204"
-    }
-    return { ->
-        wrappedNode(label: nodeLabel, cleanWorkspace: true) {
-            stage("${pkg.target}-${arch}") {
-                // This is just a "dummy" stage to make the distro/arch visible
-                // in Jenkins' BlueOcean view, which truncates names....
-                sh 'echo starting...'
-            }
-            stage("info") {
-                sh 'docker version'
-                sh 'docker info'
-            }
-            stage("build") {
-                checkout scm
-                sh "make clean"
-                sh "make REF=$branch ARCH=${arch} ${pkg.target}"
-            }
-            stage("verify") {
-                sh "make IMAGE=${pkg.image} ARCH=${arch} verify"
-            }
-        }
-    }
-}
-
-def build_package_steps = [
-    'static-linux': { ->
-        wrappedNode(label: 'ubuntu-2204 && x86_64', cleanWorkspace: true) {
-            stage("static-linux") {
-                // This is just a "dummy" stage to make the distro/arch visible
-                // in Jenkins' BlueOcean view, which truncates names....
-                sh 'echo starting...'
-            }
-            stage("info") {
-                sh 'docker version'
-                sh 'docker info'
-            }
-            stage("build") {
-                try {
-                    checkout scm
-                    sh "make REF=$branch DOCKER_BUILD_PKGS='static-linux' static"
-                } finally {
-                    sh "make clean"
-                }
-            }
-        }
-    },
-    'cross-mac': { ->
-        wrappedNode(label: 'ubuntu-2204 && x86_64', cleanWorkspace: true) {
-            stage("cross-mac") {
-                // This is just a "dummy" stage to make the distro/arch visible
-                // in Jenkins' BlueOcean view, which truncates names....
-                sh 'echo starting...'
-            }
-            stage("info") {
-                sh 'docker version'
-                sh 'docker info'
-            }
-            stage("build") {
-                try {
-                    checkout scm
-                    sh "make REF=$branch DOCKER_BUILD_PKGS='cross-mac' static"
-                } finally {
-                    sh "make clean"
-                }
-            }
-        }
-    },
-    'cross-win': { ->
-        wrappedNode(label: 'ubuntu-2204 && x86_64', cleanWorkspace: true) {
-            stage("cross-win") {
-                // This is just a "dummy" stage to make the distro/arch visible
-                // in Jenkins' BlueOcean view, which truncates names....
-                sh 'echo starting...'
-            }
-            stage("info") {
-                sh 'docker version'
-                sh 'docker info'
-            }
-            stage("build") {
-                try {
-                    checkout scm
-                    sh "make REF=$branch DOCKER_BUILD_PKGS='cross-win' static"
-                } finally {
-                    sh "make clean"
-                }
-            }
-        }
-    },
-]
-
-def genPackageSteps(opts) {
-    return opts.arches.collectEntries {
-        ["${opts.image}-${it}": genBuildStep(opts, it)]
-    }
-}
-
-build_package_steps << pkgs.collectEntries { genPackageSteps(it) }
-
-parallel(build_package_steps)
+parallel(test_steps)

Makefile

@@ -1,6 +1,8 @@
 include common.mk
 
-STATIC_VERSION=$(shell static/gen-static-ver $(realpath $(CURDIR)/src/github.com/docker/docker) $(VERSION))
+CLI_DIR:=$(realpath $(CURDIR)/../cli)
+ENGINE_DIR:=$(realpath $(CURDIR)/../engine)
+STATIC_VERSION:=$(shell static/gen-static-ver $(ENGINE_DIR) $(VERSION))
 
 # Taken from: https://www.cmcrossroads.com/article/printing-value-makefile-variable
 print-%  : ; @echo $($*)
@@ -9,100 +11,28 @@ print-%  : ; @echo $($*)
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 
-.PHONY: clean-src
-clean-src:
-	[ ! -d src ] || $(CHOWN) -R $(shell id -u):$(shell id -g) src
-	$(RM) -r src
-
-.PHONY: src
-src: src/github.com/docker/cli src/github.com/docker/docker src/github.com/docker/buildx src/github.com/docker/compose src/github.com/docker/model-cli ## clone source
-
-ifdef CLI_DIR
-src/github.com/docker/cli:
-	mkdir -p "$(@D)"
-	cp -r "$(CLI_DIR)" $@
-else
-src/github.com/docker/cli:
-	git init $@
-	git -C $@ remote add origin "$(DOCKER_CLI_REPO)"
-endif
-
-ifdef ENGINE_DIR
-src/github.com/docker/docker:
-	mkdir -p "$(@D)"
-	cp -r "$(ENGINE_DIR)" $@
-else
-src/github.com/docker/docker:
-	git init $@
-	git -C $@ remote add origin "$(DOCKER_ENGINE_REPO)"
-endif
-
-src/github.com/docker/buildx:
-	git init $@
-	git -C $@ remote add origin "$(DOCKER_BUILDX_REPO)"
-
-src/github.com/docker/compose:
-	git init $@
-	git -C $@ remote add origin "$(DOCKER_COMPOSE_REPO)"
-
-src/github.com/docker/model-cli:
-	git init $@
-	git -C $@ remote add origin "$(DOCKER_MODEL_REPO)"
-
-.PHONY: checkout-cli
-checkout-cli: src/github.com/docker/cli
-	./scripts/checkout.sh src/github.com/docker/cli "$(DOCKER_CLI_REF)"
-
-.PHONY: checkout-docker
-checkout-docker: src/github.com/docker/docker
-	./scripts/checkout.sh src/github.com/docker/docker "$(DOCKER_ENGINE_REF)"
-
-.PHONY: checkout-buildx
-checkout-buildx: src/github.com/docker/buildx
-	./scripts/checkout.sh src/github.com/docker/buildx "$(DOCKER_BUILDX_REF)"
-
-.PHONY: checkout-compose
-checkout-compose: src/github.com/docker/compose
-	./scripts/checkout.sh src/github.com/docker/compose "$(DOCKER_COMPOSE_REF)"
-
-.PHONY: checkout-model
-checkout-model: src/github.com/docker/model-cli
-	./scripts/checkout.sh src/github.com/docker/model-cli "$(DOCKER_MODEL_REF)"
-
-.PHONY: checkout
-checkout: checkout-cli checkout-docker checkout-buildx checkout-compose checkout-model ## checkout source at the given reference(s)
+.PHONY: clean-engine
+clean-engine:
+	[ ! -d $(ENGINE_DIR) ] || docker run --rm -v $(ENGINE_DIR):/v -w /v alpine chown -R $(shell id -u):$(shell id -g) /v
+	rm -rf $(ENGINE_DIR)
 
 .PHONY: clean
-clean: clean-src ## remove build artifacts
+clean: ## remove build artifacts
 	$(MAKE) -C rpm clean
 	$(MAKE) -C deb clean
 	$(MAKE) -C static clean
 
-.PHONY: deb rpm
-deb rpm: checkout ## build rpm/deb packages
-	$(MAKE) -C $@ VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) $@
+.PHONY: rpm
+rpm: ## build rpm packages
+	$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) GO_VERSION=$(GO_VERSION) rpm
 
-.PHONY: centos-% fedora-% rhel-%
-centos-% fedora-% rhel-%: checkout ## build rpm packages for the specified distro
-	$(MAKE) -C rpm VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) $@
-
-.PHONY: debian-% raspbian-% ubuntu-%
-debian-% raspbian-% ubuntu-%: checkout ## build deb packages for the specified distro
-	$(MAKE) -C deb VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) $@
+.PHONY: deb
+deb: ## build deb packages
+	$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) GO_VERSION=$(GO_VERSION) deb
 
 .PHONY: static
 static: DOCKER_BUILD_PKGS:=static-linux cross-mac cross-win cross-arm
-static: checkout ## build static-compiled packages
+static: ## build static-compiled packages
 	for p in $(DOCKER_BUILD_PKGS); do \
-		$(MAKE) -C $@ VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) TARGETPLATFORM=$(TARGETPLATFORM) CONTAINERD_VERSION=$(CONTAINERD_VERSION) RUNC_VERSION=$(RUNC_VERSION) $${p}; \
+		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) GO_VERSION=$(GO_VERSION) $${p}; \
 	done
-
-.PHONY: verify
-verify: ## verify installation of packages
-# to verify using packages from staging, use: make VERIFY_PACKAGE_REPO=stage IMAGE=ubuntu:noble verify
-	docker run $(VERIFY_PLATFORM) --rm -i \
-		-v "$$(pwd):/v" \
-		-e DEBIAN_FRONTEND=noninteractive \
-		-e PACKAGE_REPO=$(VERIFY_PACKAGE_REPO) \
-		-w /v \
-		$(IMAGE) ./verify

README.md

@@ -1,16 +1,18 @@
 # Docker CE Packaging
 
-This repo contains the open source scripts for packaging the
-[Docker Engine](https://docs.docker.com/engine/), the Docker CLI, CLI plugins,
-and rootless-extras packages.
+This repo contains the open source scripts for packaging
+[Docker CE products](https://store.docker.com/search?offering=community&q=&type=edition).
 
-The repository contains Dockerfiles to build packages for various distributions,
-which can be found in the "rpm" and "deb" subdirectories, as well as scripts to
-build static binaries.
+This repository is solely maintained by Docker, Inc.
 
-Docker uses these recipes to build and release packages that are available on the
-https://download.docker.com package repositories. We welcome contributions to
-this repository, including the addition of new distros or distro-versions. Note,
-however, that Docker makes a subselection of distros and architectures for release,
-and not all distros available in this repository may be released to download.docker.com,
-but you can use these scripts to build your own packages.
+The scripts will build for this list of packages types:
+
+* DEB packages for Ubuntu 20.04 Focal
+* DEB packages for Ubuntu 18.04 Bionic
+* DEB packages for Ubuntu 16.04 Xenial
+* DEB packages for Debian 10 Buster
+* DEB packages for Debian 9 Stretch
+* RPM packages for Fedora 32
+* RPM packages for Fedora 31
+* RPM packages for CentOS 7
+* TGZ and ZIP files with static binaries

common.mk

@@ -1,62 +1,12 @@
 ARCH=$(shell uname -m)
-
-# These are the architecture formats as used in release-packaging Jenkinsfile
-# This is an ugly chimera, nobody uses this combination of dpkg and uname formats
-# Why don't we pick one format and stick with it? Because at the time of writing
-# it was deemed too risky/involving too many changes across repos to change architecture
-# formats in release-packaging Jenkinsfile. But someone please do it.
-# Why do we need to list this here? Because I haven't been able to figure out how
-# to do Makefile rules with multiple patterns. (See how it's used in {deb,rpm}/Makefile)
-# Adding new architectures or changing the format in release-packaging will prevent make
-# from finding the corresponding rule unless this list is updated.
-# Or Jenkinsfiles/Makefiles removed (🎵 Gotta have faith-a-faith-a-faith... 🎵)
-ARCHES:=amd64 aarch64 armhf armel s390x ppc64le
-
 BUILDTIME=$(shell date -u -d "@$${SOURCE_DATE_EPOCH:-$$(date +%s)}" --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
-CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
 DEFAULT_PRODUCT_LICENSE:=Community Engine
-PACKAGER_NAME?=
 DOCKER_GITCOMMIT:=abcdefg
-GO_VERSION:=1.24.6
+GO_VERSION:=1.13.14
 PLATFORM=Docker Engine - Community
 SHELL:=/bin/bash
-VERSION?=0.0.1-dev
-
-# DOCKER_CLI_REPO and DOCKER_ENGINE_REPO define the source repositories to clone
-# the source from. These can be overridden to build from a fork.
-DOCKER_CLI_REPO     ?= https://github.com/docker/cli.git
-DOCKER_ENGINE_REPO  ?= https://github.com/docker/docker.git
-DOCKER_COMPOSE_REPO ?= https://github.com/docker/compose.git
-DOCKER_BUILDX_REPO  ?= https://github.com/docker/buildx.git
-DOCKER_MODEL_REPO   ?= https://github.com/docker/model-cli.git
-
-# REF can be used to specify the same branch or tag to use for *both* the CLI
-# and Engine source code. This can be useful if both the CLI and Engine have a
-# release branch with the same name (e.g. "19.03"), or of both repositories have
-# tagged a release with the same version.
-#
-# For other situations, specify DOCKER_CLI_REF and/or DOCKER_ENGINE_REF separately.
-REF                ?= HEAD
-DOCKER_CLI_REF     ?= $(REF)
-DOCKER_ENGINE_REF  ?= $(REF)
-# DOCKER_COMPOSE_REF is the version of compose to package. It usually is a tag,
-# but can be a valid git reference in DOCKER_COMPOSE_REPO.
-DOCKER_COMPOSE_REF ?= v2.39.2
-# DOCKER_BUILDX_REF is the version of compose to package. It usually is a tag,
-# but can be a valid git reference in DOCKER_BUILDX_REPO.
-DOCKER_BUILDX_REF  ?= v0.26.1
-# DOCKER_MODEL_REF is the version of model to package. It is usually a tag,
-# but can be a valid git reference in DOCKER_MODEL_REPO.
-DOCKER_MODEL_REF   ?= v0.1.36
-
-# Use "stage" to install dependencies from download-stage.docker.com during the
-# verify step. Leave empty or use any other value to install from download.docker.com
-VERIFY_PACKAGE_REPO ?= prod
-
-# Optional flags like --platform=linux/armhf
-VERIFY_PLATFORM ?=
+VERSION?=0.0.0-dev
 
 export BUILDTIME
 export DEFAULT_PRODUCT_LICENSE
-export PACKAGER_NAME
 export PLATFORM

deb/Makefile

@@ -1,16 +1,15 @@
 include ../common.mk
 
-PLUGINS_DIR=$(realpath $(CURDIR)/../plugins)
+CLI_DIR:=$(realpath $(CURDIR)/../../cli)
+ENGINE_DIR:=$(realpath $(CURDIR)/../../engine)
+PLUGINS_DIR:=$(realpath $(CURDIR)/../plugins)
+GITCOMMIT?=$(shell cd $(CLI_DIR) && git rev-parse --short HEAD)
+STATIC_VERSION:=$(shell ../static/gen-static-ver $(ENGINE_DIR) $(VERSION))
 GO_BASE_IMAGE=golang
-GO_IMAGE?=$(GO_BASE_IMAGE):$(GO_VERSION)-bookworm
+GO_IMAGE=$(GO_BASE_IMAGE):$(GO_VERSION)-buster
+DEB_VERSION=$(shell ./gen-deb-ver $(CLI_DIR) "$(VERSION)")
+CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
 EPOCH?=5
-GEN_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/cli) "$(VERSION)")
-GEN_BUILDX_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/buildx) "$(DOCKER_BUILDX_REF)")
-GEN_COMPOSE_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/compose) "$(DOCKER_COMPOSE_REF)")
-GEN_MODEL_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/model-cli) "$(DOCKER_MODEL_REF)")
-CLI_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/cli) && git rev-parse --short HEAD)
-ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD)
-BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD)
 
 ifdef BUILD_IMAGE
 	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
@@ -23,39 +22,22 @@ BUILD?=DOCKER_BUILDKIT=1 \
 	--build-arg GO_IMAGE=$(GO_IMAGE) \
 	--build-arg COMMON_FILES=$(COMMON_FILES) \
 	-t debbuild-$@/$(ARCH) \
-	--platform linux/$(ARCH) \
-	-f $@/Dockerfile \
-	.
-
+	-f $(CURDIR)/$@/Dockerfile .
 # Additional flags may be necessary at some point
 RUN_FLAGS=
-
-# FIXME(thaJeztah): disabling seccomp to handle (armhf) tar "chown / chmod" failing
-# when running in a Ubuntu 24.04 container on a Ubuntu 20.04.6 host (kernel 5.15.0-1053-aws);
-# see https://github.com/docker/docker-ce-packaging/pull/1006#issuecomment-2006878743
-RUN?=docker run --rm \
-	--security-opt seccomp=unconfined \
-	--platform linux/$(ARCH) \
-	-e PLATFORM \
+RUN=docker run --rm -i \
 	-e EPOCH='$(EPOCH)' \
-	-e DEB_VERSION=$(word 1, $(GEN_DEB_VER)) \
-	-e VERSION=$(word 2, $(GEN_DEB_VER)) \
-	-e CLI_GITCOMMIT=$(CLI_GITCOMMIT) \
-	-e ENGINE_GITCOMMIT=$(ENGINE_GITCOMMIT) \
-	-e BUILDX_VERSION=$(DOCKER_BUILDX_REF) \
-	-e BUILDX_DEB_VERSION=$(word 1, $(GEN_BUILDX_DEB_VER)) \
-	-e BUILDX_GITCOMMIT=$(BUILDX_GITCOMMIT) \
-	-e COMPOSE_VERSION=$(DOCKER_COMPOSE_REF) \
-	-e COMPOSE_DEB_VERSION=$(word 1, $(GEN_COMPOSE_DEB_VER)) \
-	-e MODEL_VERSION=$(DOCKER_MODEL_REF) \
-	-e MODEL_DEB_VERSION=$(word 1, $(GEN_MODEL_DEB_VER)) \
+	-e DEB_VERSION=$(word 1, $(DEB_VERSION)) \
+	-e VERSION=$(word 2, $(DEB_VERSION)) \
+	-e DOCKER_GITCOMMIT=$(GITCOMMIT) \
+	-e PLATFORM \
 	-v $(CURDIR)/debbuild/$@:/build \
 	$(RUN_FLAGS) \
 	debbuild-$@/$(ARCH)
 
-DEBIAN_VERSIONS ?= debian-bullseye debian-bookworm debian-trixie
-UBUNTU_VERSIONS ?= ubuntu-jammy ubuntu-noble ubuntu-oracular ubuntu-plucky
-RASPBIAN_VERSIONS ?= raspbian-bullseye raspbian-bookworm
+DEBIAN_VERSIONS := debian-stretch debian-buster
+UBUNTU_VERSIONS := ubuntu-xenial ubuntu-bionic ubuntu-focal
+RASPBIAN_VERSIONS := raspbian-stretch raspbian-buster
 DISTROS := $(DEBIAN_VERSIONS) $(UBUNTU_VERSIONS) $(RASPBIAN_VERSIONS)
 
 .PHONY: help
@@ -68,7 +50,6 @@ clean: ## remove build artifacts
 	$(RM) -r debbuild
 	[ ! -d sources ] || $(CHOWN) -R $(shell id -u):$(shell id -g) sources
 	$(RM) -r sources
-	-docker builder prune -f --filter until=24h
 
 .PHONY: deb
 deb: ubuntu debian ## build all deb packages except for raspbian
@@ -83,58 +64,39 @@ debian: $(DEBIAN_VERSIONS) ## build all debian deb packages
 raspbian: $(RASPBIAN_VERSIONS) ## build all raspbian deb packages
 
 .PHONY: $(DISTROS)
-$(DISTROS): sources
+$(DISTROS): sources/cli.tgz sources/engine.tgz sources/docker.service sources/docker.socket sources/plugin-installers.tgz
 	@echo "== Building packages for $@ =="
-	mkdir -p "debbuild/$@"
 	$(BUILD)
 	$(RUN)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) "debbuild/$@"
-
-.PHONY: sources
-sources: sources/cli.tgz sources/engine.tgz sources/buildx.tgz sources/compose.tgz sources/model.tgz
+	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
 
 sources/engine.tgz:
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/docker):/engine \
+	docker run --rm -i -w /v \
+		-v $(ENGINE_DIR):/engine \
 		-v $(CURDIR)/$(@D):/v \
 		alpine \
 		tar -C / -c -z -f /v/engine.tgz --exclude .git engine
 
 sources/cli.tgz:
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/cli):/cli \
+	docker run --rm -i -w /v \
+		-v $(CLI_DIR):/cli \
 		-v $(CURDIR)/$(@D):/v \
 		alpine \
 		tar -C / -c -z -f /v/cli.tgz --exclude .git cli
 
-sources/buildx.tgz:
+sources/docker.service: ../systemd/docker.service
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/buildx):/buildx \
-		-v $(CURDIR)/$(@D):/v \
-		alpine \
-		tar -C / -c -z -f /v/buildx.tgz --exclude .git buildx
+	cp $< $@
 
-sources/compose.tgz:
+sources/docker.socket: ../systemd/docker.socket
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/compose):/compose \
-		-v $(CURDIR)/$(@D):/v \
+	cp $< $@
+
+sources/plugin-installers.tgz: $(wildcard ../plugins/*)
+	docker run --rm -i -w /v \
+		-v $(PLUGINS_DIR):/plugins \
+		-v $(CURDIR)/sources:/v \
 		alpine \
-		tar -C / -c -z -f /v/compose.tgz --exclude .git compose
-
-sources/model.tgz:
-	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/model-cli):/model \
-		-v $(CURDIR)/$(@D):/v \
-		alpine \
-		tar -C / -c -z -f /v/model.tgz --exclude .git model
-
-# See ARCHES in common.mk. Could not figure out how to match both distro and arch.
-BUNDLES:=$(addsuffix .tar.gz,$(addprefix debbuild/bundles-ce-%-,$(ARCHES)))
-
-$(BUNDLES): %
-	tar czf $@ --transform="s|^debbuild/\(.*\)|bundles/$(VERSION)/build-deb/\1|" debbuild/$*
+		tar -C / -c -z -f /v/plugin-installers.tgz --exclude .git plugins

deb/README.md

@@ -3,37 +3,30 @@
 `.deb` packages can be built from this directory with the following syntax
 
 ```shell
-make deb
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli deb
 ```
 
 Artifacts will be located in `debbuild` under the following directory structure:
 `debbuild/$distro-$distro_version/`
 
-### Building from local source
-
-Specify the location of the source repositories for the engine and cli when
-building packages
-
+### NOTES:
 * `ENGINE_DIR` -> Specifies the directory where the engine code is located, eg: `$GOPATH/src/github.com/docker/docker`
 * `CLI_DIR` -> Specifies the directory where the cli code is located, eg: `$GOPATH/src/github.com/docker/cli`
 
-```shell
-make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli deb
-```
-
 ## Specifying a specific distro
 
 ```shell
-make ubuntu
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli ubuntu
 ```
 
 ## Specifying a specific distro version
 ```shell
-make ubuntu-noble
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli ubuntu-xenial
 ```
 
-## Building the for all distros
+## Building the latest docker-ce
 
 ```shell
-make deb
+git clone https://github.com/docker/docker-ce.git
+make ENGINE_DIR=docker-ce/components/engine CLI_DIR=docker-ce/components/cli deb
 ```

deb/build-deb

@@ -6,36 +6,27 @@ set -e
 mkdir -p /root/build-deb/engine
 tar -C /root/build-deb -xzf /sources/engine.tgz
 mkdir -p /root/build-deb/cli
-tar -C /root/build-deb -xzf /sources/cli.tgz
-mkdir -p /root/build-deb/buildx
-tar -C /root/build-deb -xzf /sources/buildx.tgz
-mkdir -p /root/build-deb/compose
-tar -C /root/build-deb -xzf /sources/compose.tgz
-mkdir -p /root/build-deb/model
-tar -C /root/build-deb -xzf /sources/model.tgz
+tar  -C /root/build-deb -xzf /sources/cli.tgz
 
 # link them to their canonical path
 mkdir -p /go/src/github.com/docker
 ln -snf /root/build-deb/engine /go/src/github.com/docker/docker
 ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-ln -snf /root/build-deb/buildx /go/src/github.com/docker/buildx
-ln -snf /root/build-deb/compose /go/src/github.com/docker/compose
-ln -snf /root/build-deb/model /go/src/github.com/docker/model-cli
 
 EPOCH="${EPOCH:-}"
 EPOCH_SEP=""
 if [[ ! -z "$EPOCH" ]]; then
-	EPOCH_SEP=":"
+    EPOCH_SEP=":"
 fi
 
 if [[ -z "$DEB_VERSION" ]]; then
-	echo "DEB_VERSION is required to build deb packages"
-	exit 1
+    echo "DEB_VERSION is required to build deb packages"
+    exit 1
 fi
 
 echo VERSION AAA $VERSION
 
-VERSION=${VERSION:-$(cat cli/VERSION)}
+VERSION=${VERSION:-$( cat cli/VERSION )}
 
 echo VERSION bbb $VERSION
 
@@ -43,47 +34,15 @@ debSource="$(awk -F ': ' '$1 == "Source" { print $2; exit }' debian/control)"
 debMaintainer="$(awk -F ': ' '$1 == "Maintainer" { print $2; exit }' debian/control)"
 debDate="$(date --rfc-2822)"
 
-# Include an extra `1` in the version, in case we ever would have to re-build an
-# already published release with a packaging-only change.
-pkgRevision=1
-
-# Generate changelog. The version/name of the generated packages are based on this.
-#
-# Resulting packages are formatted as;
-#
-# - name of the package (e.g., "docker-ce")
-# - version (e.g., "23.0.0~beta.0")
-# - pkgRevision (usually "-0", see above), which allows updating packages with
-#   packaging-only changes (without a corresponding release of the software
-#   that's packaged).
-# - distro (e.g., "ubuntu")
-# - VERSION_ID (e.g. "22.04" or "11") this must be "sortable" to make sure that
-#   packages are upgraded when upgrading to a newer distro version ("codename"
-#   cannot be used for this, as they're not sorted)
-# - SUITE ("codename"), e.g. "jammy" or "bullseye". This is mostly for convenience,
-#   because some places refer to distro versions by codename, others by version.
-#   we prefix the codename with a tilde (~), which effectively excludes it from
-#   version comparison.
-#
-# Note that while the `${EPOCH}${EPOCH_SEP}` is part of the version, it is not
-# included in the package's *filename*. (And if you're wondering: we needed the
-# EPOCH because of our use of CalVer, which made version comparing not work in
-# some cases).
-#
-# Examples:
-#
-# docker-ce_23.0.0~beta.0-1~debian.11~bullseye_amd64.deb
-# docker-ce_23.0.0~beta.0-1~ubuntu.22.04~jammy_amd64.deb
 cat > "debian/changelog" <<-EOF
-$debSource (${EPOCH}${EPOCH_SEP}${DEB_VERSION}-${pkgRevision}~${DISTRO}.${VERSION_ID}~${SUITE}) $SUITE; urgency=low
+$debSource (${EPOCH}${EPOCH_SEP}${DEB_VERSION}-0~${DISTRO}-${SUITE}) $SUITE; urgency=low
   * Version: $VERSION
  -- $debMaintainer  $debDate
 EOF
 # The space above at the start of the line for the debMaintainer is very important
 
 # Give the script a git commit because it wants it
-export CLI_GITCOMMIT=${CLI_GITCOMMIT-$(cd cli; $GIT_COMMAND rev-parse --short HEAD)}
-export ENGINE_GITCOMMIT=${ENGINE_GITCOMMIT-$(cd engine; $GIT_COMMAND rev-parse --short HEAD)}
+export DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT-$(cd cli; $GIT_COMMAND rev-parse --short HEAD)}
 
 echo VERSION BBB $VERSION
 dpkg-buildpackage -uc -us -I.git

deb/common/compat

@@ -0,0 +1 @@
+9

deb/common/control

@@ -4,13 +4,18 @@ Priority: optional
 Maintainer: Docker <support@docker.com>
 Build-Depends: bash,
                bash-completion,
+               libbtrfs-dev | btrfs-tools,
                ca-certificates,
                cmake,
                dh-apparmor,
-               debhelper-compat (= 12),
+               dh-systemd,
                gcc,
                git,
                libc-dev,
+               libdevmapper-dev,
+               libltdl-dev,
+               libseccomp-dev,
+               libseccomp2,
                libsystemd-dev,
                libtool,
                make,
@@ -22,32 +27,24 @@ Vcs-Git: git://github.com/docker/docker.git
 
 Package: docker-ce
 Architecture: linux-any
-Pre-Depends: init-system-helpers (>= 1.54~)
-Depends: containerd.io (>= 1.7.27),
-         docker-ce-cli,
-         iptables,
-         ${shlibs:Depends}
-Recommends: apparmor,
+Depends: docker-ce-cli, containerd.io (>= 1.2.2-3), iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends}
+Recommends: aufs-tools [amd64],
             ca-certificates,
-            docker-ce-rootless-extras,
+            cgroupfs-mount | cgroup-lite,
             git,
             pigz,
-            procps,
-            xz-utils
-Suggests: cgroupfs-mount | cgroup-lite,
-            kmod,
-Conflicts: docker (<< 1.5~),
-           docker-engine,
-           docker.io
-Replaces: docker-engine,
-          docker-ce-cli (<< 5:28.0.0)
+            xz-utils,
+            libltdl7,
+            ${apparmor:Recommends}
+Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs
+Replaces: docker-engine
 Description: Docker: the open-source application container engine
  Docker is a product for you to build, ship and run any application as a
  lightweight container
  .
  Docker containers are both hardware-agnostic and platform-agnostic. This means
- they can run anywhere, from your laptop to the largest cloud compute instance
- and everything in between - and they don't require you to use a particular
+ they can run anywhere, from your laptop to the largest cloud compute instance and
+ everything in between - and they don't require you to use a particular
  language, framework or packaging system. That makes them great building blocks
  for deploying and scaling web apps, databases, and backend services without
  depending on a particular stack or provider.
@@ -55,12 +52,7 @@ Description: Docker: the open-source application container engine
 Package: docker-ce-cli
 Architecture: linux-any
 Depends: ${shlibs:Depends}
-Recommends: docker-buildx-plugin,
-            docker-compose-plugin
-Suggests: docker-model-plugin
-Conflicts: docker (<< 1.5~),
-           docker-engine,
-           docker.io
+Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs
 Replaces: docker-ce (<< 5:0)
 Breaks: docker-ce (<< 5:0)
 Description: Docker CLI: the open-source application container engine
@@ -68,56 +60,8 @@ Description: Docker CLI: the open-source application container engine
  lightweight container
  .
  Docker containers are both hardware-agnostic and platform-agnostic. This means
- they can run anywhere, from your laptop to the largest cloud compute instance
- and everything in between - and they don't require you to use a particular
+ they can run anywhere, from your laptop to the largest cloud compute instance and
+ everything in between - and they don't require you to use a particular
  language, framework or packaging system. That makes them great building blocks
  for deploying and scaling web apps, databases, and backend services without
  depending on a particular stack or provider.
-
-Package: docker-ce-rootless-extras
-Architecture: linux-any
-Depends: dbus-user-session,
-         ${shlibs:Depends}
-Enhances: docker-ce
-Conflicts: rootlesskit
-Replaces: rootlesskit
-Breaks: rootlesskit
-# slirp4netns (>= 0.4.0) is available in Debian since 11 and Ubuntu since 19.10
-Recommends: slirp4netns (>= 0.4.0)
-# Unlike RPM, DEB packages do not contain "Recommends: fuse-overlayfs (>= 0.7.0)" here,
-# because Debian (since 10) and Ubuntu support the kernel-mode rootless overlayfs.
-Description: Rootless support for Docker.
- Use dockerd-rootless.sh to run the daemon.
- Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh.
- This package contains RootlessKit, but does not contain VPNKit.
- Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately.
-Homepage: https://docs.docker.com/engine/security/rootless/
-
-Package: docker-buildx-plugin
-Priority: optional
-Replaces: docker-ce-cli
-Architecture: linux-any
-Enhances: docker-ce-cli
-Description: Docker Buildx cli plugin.
- This plugin provides the 'docker buildx' subcommand.
-Homepage: https://github.com/docker/buildx
-
-Package: docker-compose-plugin
-Priority: optional
-Architecture: linux-any
-Recommends: docker-buildx-plugin
-Enhances: docker-ce-cli
-Description: Docker Compose (V2) plugin for the Docker CLI.
- This plugin provides the 'docker compose' subcommand.
- .
- The binary can also be run standalone as a direct replacement for
- Docker Compose V1 ('docker-compose').
-Homepage: https://github.com/docker/compose
-
-Package: docker-model-plugin
-Priority: optional
-Architecture: linux-any
-Enhances: docker-ce-cli
-Description: Docker Model Runner plugin for the Docker CLI.
- This plugin provides the 'docker model' subcommand.
-Homepage: https://docs.docker.com/model-runner/

deb/common/docker-ce-cli.bash-completion

@@ -0,0 +1 @@
+cli/contrib/completion/bash/docker

deb/common/docker-ce.dirs

@@ -1 +0,0 @@
-/etc/docker

deb/common/docker-ce.docker.default

@@ -1 +0,0 @@
-../engine/contrib/init/sysvinit-debian/docker.default

deb/common/docker-ce.docker.default

@@ -0,0 +1,20 @@
+# Docker Upstart and SysVinit configuration file
+
+#
+# THIS FILE DOES NOT APPLY TO SYSTEMD
+#
+#   Please see the documentation for "systemd drop-ins":
+#   https://docs.docker.com/engine/admin/systemd/
+#
+
+# Customize location of Docker binary (especially for development testing).
+#DOCKERD="/usr/local/bin/dockerd"
+
+# Use DOCKER_OPTS to modify the daemon startup options.
+#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"
+
+# If you need Docker to use an HTTP proxy, it can also be specified here.
+#export http_proxy="http://127.0.0.1:3128/"
+
+# This is also a handy place to tweak where Docker's temporary files go.
+#export DOCKER_TMPDIR="/mnt/bigdrive/docker-tmp"

deb/common/docker-ce.docker.init

@@ -1 +0,0 @@
-../engine/contrib/init/sysvinit-debian/docker

deb/common/docker-ce.docker.init

@@ -0,0 +1,156 @@
+#!/bin/sh
+set -e
+
+### BEGIN INIT INFO
+# Provides:           docker
+# Required-Start:     $syslog $remote_fs
+# Required-Stop:      $syslog $remote_fs
+# Should-Start:       cgroupfs-mount cgroup-lite
+# Should-Stop:        cgroupfs-mount cgroup-lite
+# Default-Start:      2 3 4 5
+# Default-Stop:       0 1 6
+# Short-Description:  Create lightweight, portable, self-sufficient containers.
+# Description:
+#  Docker is an open-source project to easily create lightweight, portable,
+#  self-sufficient containers from any application. The same container that a
+#  developer builds and tests on a laptop can run at scale, in production, on
+#  VMs, bare metal, OpenStack clusters, public clouds and more.
+### END INIT INFO
+
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+
+BASE=docker
+
+# modify these in /etc/default/$BASE (/etc/default/docker)
+DOCKERD=/usr/bin/dockerd
+# This is the pid file managed by docker itself
+DOCKER_PIDFILE=/var/run/$BASE.pid
+# This is the pid file created/managed by start-stop-daemon
+DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid
+DOCKER_LOGFILE=/var/log/$BASE.log
+DOCKER_OPTS=
+DOCKER_DESC="Docker"
+
+# Get lsb functions
+. /lib/lsb/init-functions
+
+if [ -f /etc/default/$BASE ]; then
+	. /etc/default/$BASE
+fi
+
+# Check docker is present
+if [ ! -x $DOCKERD ]; then
+	log_failure_msg "$DOCKERD not present or not executable"
+	exit 1
+fi
+
+check_init() {
+	# see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly)
+	if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then
+		log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1"
+		exit 1
+	fi
+}
+
+fail_unless_root() {
+	if [ "$(id -u)" != '0' ]; then
+		log_failure_msg "$DOCKER_DESC must be run as root"
+		exit 1
+	fi
+}
+
+cgroupfs_mount() {
+	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+	if grep -v '^#' /etc/fstab | grep -q cgroup \
+		|| [ ! -e /proc/cgroups ] \
+		|| [ ! -d /sys/fs/cgroup ]; then
+		return
+	fi
+	if ! mountpoint -q /sys/fs/cgroup; then
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+	fi
+	(
+		cd /sys/fs/cgroup
+		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+			mkdir -p $sys
+			if ! mountpoint -q $sys; then
+				if ! mount -n -t cgroup -o $sys cgroup $sys; then
+					rmdir $sys || true
+				fi
+			fi
+		done
+	)
+}
+
+case "$1" in
+	start)
+		check_init
+		
+		fail_unless_root
+
+		cgroupfs_mount
+
+		touch "$DOCKER_LOGFILE"
+		chgrp docker "$DOCKER_LOGFILE"
+
+		ulimit -n 1048576
+
+		# Having non-zero limits causes performance problems due to accounting overhead
+		# in the kernel. We recommend using cgroups to do container-local accounting.
+		if [ "$BASH" ]; then
+			ulimit -u unlimited
+		else
+			ulimit -p unlimited
+		fi
+
+		log_begin_msg "Starting $DOCKER_DESC: $BASE"
+		start-stop-daemon --start --background \
+			--no-close \
+			--exec "$DOCKERD" \
+			--pidfile "$DOCKER_SSD_PIDFILE" \
+			--make-pidfile \
+			-- \
+				-p "$DOCKER_PIDFILE" \
+				$DOCKER_OPTS \
+					>> "$DOCKER_LOGFILE" 2>&1
+		log_end_msg $?
+		;;
+
+	stop)
+		check_init
+		fail_unless_root
+		if [ -f "$DOCKER_SSD_PIDFILE" ]; then
+			log_begin_msg "Stopping $DOCKER_DESC: $BASE"
+			start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10
+			log_end_msg $?
+		else
+			log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found."
+		fi
+		;;
+
+	restart)
+		check_init
+		fail_unless_root
+		docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null`
+		[ -n "$docker_pid" ] \
+			&& ps -p $docker_pid > /dev/null 2>&1 \
+			&& $0 stop
+		$0 start
+		;;
+
+	force-reload)
+		check_init
+		fail_unless_root
+		$0 restart
+		;;
+
+	status)
+		check_init
+		status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKERD" "$DOCKER_DESC"
+		;;
+
+	*)
+		echo "Usage: service docker {start|stop|restart|status}"
+		exit 1
+		;;
+esac

deb/common/docker-ce.docker.service

@@ -1 +0,0 @@
-../engine/contrib/init/systemd/docker.service

deb/common/docker-ce.docker.socket

@@ -1 +0,0 @@
-../engine/contrib/init/systemd/docker.socket

deb/common/docker-ce.docker.upstart

@@ -0,0 +1,72 @@
+description "Docker daemon"
+
+start on (filesystem and net-device-up IFACE!=lo)
+stop on runlevel [!2345]
+
+limit nofile 524288 1048576
+
+# Having non-zero limits causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+limit nproc unlimited unlimited
+
+respawn
+
+kill timeout 20
+
+pre-start script
+	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+	if grep -v '^#' /etc/fstab | grep -q cgroup \
+		|| [ ! -e /proc/cgroups ] \
+		|| [ ! -d /sys/fs/cgroup ]; then
+		exit 0
+	fi
+	if ! mountpoint -q /sys/fs/cgroup; then
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+	fi
+	(
+		cd /sys/fs/cgroup
+		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+			mkdir -p $sys
+			if ! mountpoint -q $sys; then
+				if ! mount -n -t cgroup -o $sys cgroup $sys; then
+					rmdir $sys || true
+				fi
+			fi
+		done
+	)
+end script
+
+script
+	# modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
+	DOCKERD=/usr/bin/dockerd
+	DOCKER_OPTS=
+	if [ -f /etc/default/$UPSTART_JOB ]; then
+		. /etc/default/$UPSTART_JOB
+	fi
+	exec "$DOCKERD" $DOCKER_OPTS --raw-logs
+end script
+
+# Don't emit "started" event until docker.sock is ready.
+# See https://github.com/docker/docker/issues/6647
+post-start script
+	DOCKER_OPTS=
+	DOCKER_SOCKET=
+	if [ -f /etc/default/$UPSTART_JOB ]; then
+		. /etc/default/$UPSTART_JOB
+	fi
+
+	if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then
+		DOCKER_SOCKET=/var/run/docker.sock
+	else
+		DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)' | sed 1q)
+	fi
+
+	if [ -n "$DOCKER_SOCKET" ]; then
+		while ! [ -e "$DOCKER_SOCKET" ]; do
+			initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1
+			echo "Waiting for $DOCKER_SOCKET"
+			sleep 0.1
+		done
+		echo "$DOCKER_SOCKET is up"
+	fi
+end script

deb/common/docker-ce.maintscript

@@ -1 +0,0 @@
-rm_conffile /etc/init/docker.conf 5:24.0.5-1~

deb/common/docker-ce.manpages

@@ -1 +0,0 @@
-engine/man/man*/*

deb/common/rules

@@ -1,149 +1,58 @@
 #!/usr/bin/make -f
 
-# Include default Makefile variables.
-include /usr/share/dpkg/default.mk
-
-# Build all armhf binaries as ARMv6 with hard float, to support both
-# Debian armhf and Raspbian armhf.
-ifeq ($(DEB_TARGET_ARCH),armhf)
-	export CFLAGS += -marm -march=armv6+fp
-	export GOARM := 6
-endif
-
 VERSION ?= $(shell cat engine/VERSION)
-# TODO(thaJeztah): allow passing this version when building.
-PKG_REVISION ?= 1
-export PKG_REVISION
 
-# force packages to be built with xz compression, as Ubuntu 21.10 and up use
-# zstd compression, which is non-standard, and breaks 'dpkg-sig --verify'
-override_dh_builddeb:
-	dh_builddeb -- -Zxz
+override_dh_gencontrol:
+	# if we're on Ubuntu, we need to Recommends: apparmor
+	echo 'apparmor:Recommends=$(shell dpkg-vendor --is Ubuntu && echo apparmor)' >> debian/docker-ce.substvars
+	dh_gencontrol
 
-# Determine the Go module mode based on the presence of vendor.mod or go.mod
-override_dh_auto_build: GOMOD := $(if $(wildcard engine/vendor.mod),off,$(if $(wildcard engine/go.mod),on,$(error "No go.mod or vendor.mod found in engine directory")))
-# Override the default dh_auto_build target
 override_dh_auto_build:
 	# Build the daemon and dependencies
-	cd engine && GO111MODULE=$(GOMOD) DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) PRODUCT=docker ./hack/make.sh dynbinary
+	cd engine && PRODUCT=docker ./hack/make.sh dynbinary
 	cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini
-	cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh rootlesskit dynamic
-
-	#  build  man-pages
-	make -C engine/man
-
+	cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh proxy dynamic
 	# Build the CLI
-	make -C /go/src/github.com/docker/cli DISABLE_WARN_OUTSIDE_CONTAINER=1 VERSION=$(VERSION) GITCOMMIT=$(CLI_GITCOMMIT) LDFLAGS='' dynbinary manpages shell-completion
-
-	# Build buildx plugin
-	cd /go/src/github.com/docker/buildx \
-	&& mkdir -p /usr/libexec/docker/cli-plugins/ \
-	&& GO111MODULE=on \
-		CGO_ENABLED=0 \
-			go build \
-				-mod=vendor \
-				-trimpath \
-				-ldflags "-w -X github.com/docker/buildx/version.Version=$(BUILDX_VERSION) -X github.com/docker/buildx/version.Revision=$(BUILDX_GITCOMMIT) -X github.com/docker/buildx/version.Package=github.com/docker/buildx" \
-				-o "/usr/libexec/docker/cli-plugins/docker-buildx" \
-				./cmd/buildx
-
-	# Build the compose plugin
-	make -C /go/src/github.com/docker/compose VERSION=$(COMPOSE_VERSION) DESTDIR=/usr/libexec/docker/cli-plugins build
-
-	# Build the model plugin
-	GO111MODULE=on make -C /go/src/github.com/docker/model-cli VERSION=$(MODEL_VERSION) ce-release \
-	&& mv /go/src/github.com/docker/model-cli/dist/docker-model /usr/libexec/docker/cli-plugins/docker-model
+	cd /go/src/github.com/docker/cli && \
+		LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages
+	# Build the CLI plugins
+	# Make sure to set LDFLAGS="" since, dpkg-buildflags sets it to some weird values
+	set -e;cd /sources && \
+		tar xzf plugin-installers.tgz; \
+		for installer in plugins/*.installer; do \
+			LDFLAGS='' bash $${installer} build; \
+		done
 
 override_dh_auto_test:
-	ver="$$(engine/bundles/dynbinary-daemon/dockerd --version)"; \
-		test "$$ver" = "Docker version $(VERSION), build $(ENGINE_GITCOMMIT)" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($$ver) did not match" && exit 1)
-
-	ver="$$(cli/build/docker --version)"; \
-		test "$$ver" = "Docker version $(VERSION), build $(CLI_GITCOMMIT)" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($$ver) did not match" && exit 1)
-
-	ver="$$(/usr/libexec/docker/cli-plugins/docker-buildx docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
-		test "$$ver" = "$(BUILDX_VERSION)" && echo "PASS: docker-buildx version OK" || (echo "FAIL: docker-buildx version ($$ver) did not match" && exit 1)
-
-	ver="$$(/usr/libexec/docker/cli-plugins/docker-compose docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
-		test "$$ver" = "$(COMPOSE_VERSION)" && echo "PASS: docker-compose version OK" || (echo "FAIL: docker-compose version ($$ver) did not match" && exit 1)
-
-	ver="$$(/usr/libexec/docker/cli-plugins/docker-model docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
-		test "$$ver" = "$(MODEL_VERSION)" && echo "PASS: docker-model version OK" || (echo "FAIL: docker-model version ($$ver) did not match" && exit 1)
+	./engine/bundles/dynbinary-daemon/dockerd -v
+	./cli/build/docker -v
 
 override_dh_strip:
 	# Go has lots of problems with stripping, so just don't
 
-# http://manpages.debian.org/dh_dwz
-override_dh_dwz:
-	# dh_dwz in debhelper versions less than 13 has issues with files that are missing debug symbols (once we update to debhelper-compat 13+ this can be removed)
-	@# https://packages.debian.org/debhelper
-	@# https://packages.ubuntu.com/debhelper
-
 override_dh_auto_install:
 	# docker-ce-cli install
-	install -D -p -m 0755 cli/build/docker debian/docker-ce-cli/usr/bin/docker
-
-	# docker-ce-cli shell-completion
-	#
-	# We are manually installing bash completions instead of using the "dh_bash-completion"
-	# debhelper (see [1]); dh_bash-completion only supports bash, and none of the other shells,
-	# which meant that we had to install 2 out of 3 manually, which was confusing ("what about
-	# Bash?"). Given that locations to install these completion scripts are well-known, we
-	# can safely use the manual approach for installing  them.
-	#
-	# In future, can consider using "dh_shell_completions" (see [2]), which supports bash, zsh
-	# and fish. However, "dh_shell_completions" is still really premature, and not available
-	# in stable releases. So, currently, adding it as build-dependency, especially since
-	# these are well-known, may not be a good choice, but we can revisit that in future
-	# if things mature in this area.
-	#
-	# Observant readers may notice that we don't include PowerShell completion in
-	# this list (even though Cobra provides them, and PowerShell *can* be installed
-	# oon Linux). The short story is that there's no well-defined location, nor
-	# a well-defined approach for this.
-	#
-	# The PowerShell maintainers (see [3]) considering that no completion scripts
-	# are needed for anything following the PowerShell specifications, and for
-	# anything else, PowerShell is capable enough to use zsh and bash completions.
-	#
-	# All of the above taken into account; it's fuzzy enough to just leave it as
-	# an exercise for the user to decide what to do.
-	#
-	# [1]: https://manpages.debian.org/bookworm/bash-completion/dh_bash-completion.1.en.html
-	# [2]: https://manpages.debian.org/testing/dh-shell-completions/dh_shell_completions.1.en.html
-	# [3]: https://github.com/PowerShell/PowerShell/issues/17582
-	install -D -p -m 0644 cli/build/completion/bash/docker debian/docker-ce-cli/usr/share/bash-completion/completions/docker
-	install -D -p -m 0644 cli/build/completion/fish/docker.fish debian/docker-ce-cli/usr/share/fish/vendor_completions.d/docker.fish
-	install -D -p -m 0644 cli/build/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker
-
+	install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/fish/docker.fish debian/docker-ce-cli/usr/share/fish/vendor_completions.d/docker.fish
+	install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker
+	install -D -m 0755 /go/src/github.com/docker/cli/build/docker debian/docker-ce-cli/usr/bin/docker
+	set -e;cd /sources && \
+		tar xzf plugin-installers.tgz; \
+		for installer in plugins/*.installer; do \
+			DESTDIR=/root/build-deb/debian/docker-ce-cli \
+			PREFIX=/usr/libexec/docker/cli-plugins \
+				bash $${installer} install_plugin; \
+		done
 	# docker-ce install
-	install -D -p -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/dockerd) debian/docker-ce/usr/bin/dockerd
-	install -D -p -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/docker-proxy) debian/docker-ce/usr/bin/docker-proxy
-	install -D -p -m 0755 /usr/local/bin/docker-init debian/docker-ce/usr/libexec/docker/docker-init
-
-	# docker-buildx-plugin install
-	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-buildx debian/docker-buildx-plugin/usr/libexec/docker/cli-plugins/docker-buildx
-
-	# docker-compose-plugin install
-	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-compose debian/docker-compose-plugin/usr/libexec/docker/cli-plugins/docker-compose
-
-	# docker-model-plugin install
-	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-model debian/docker-model-plugin/usr/libexec/docker/cli-plugins/docker-model
-
-	# docker-ce-rootless-extras install
-	install -D -p -m 0755 /usr/local/bin/rootlesskit debian/docker-ce-rootless-extras/usr/bin/rootlesskit
-	install -D -p -m 0755 engine/contrib/dockerd-rootless.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless.sh
-	install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless-setuptool.sh
-	# TODO: how can we install vpnkit?
+	install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service
+	install -D -m 0644 /sources/docker.socket debian/docker-ce/lib/systemd/system/docker.socket
+	install -D -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/dockerd) debian/docker-ce/usr/bin/dockerd
+	install -D -m 0755 /usr/local/bin/docker-proxy debian/docker-ce/usr/bin/docker-proxy
+	install -D -m 0755 /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init
 
 override_dh_installinit:
 	# use "docker" as our service name, not "docker-ce"
 	dh_installinit --name=docker
 
-override_dh_installsystemd:
-	# use "docker" as our service name, not "docker-ce"
-	dh_installsystemd --name=docker
-
 override_dh_shlibdeps:
 	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
 
@@ -152,20 +61,5 @@ override_dh_install:
 	# TODO Can we do this from within our container?
 	dh_apparmor --profile-name=docker-ce -pdocker-ce
 
-override_dh_gencontrol:
-	# Use separate version for the buildx-plugin package, then generate the other control files as usual
-	# TODO override "Source" field in control as well (to point to buildx, as it doesn't match the package name)
-	dh_gencontrol -pdocker-buildx-plugin -- -v$${BUILDX_DEB_VERSION#v}-$${PKG_REVISION}~$${DISTRO}.$${VERSION_ID}~$${SUITE}
-
-	# Use separate version for the compose-plugin package, then generate the other control files as usual
-	# TODO override "Source" field in control as well (to point to compose, as it doesn't match the package name)
-	dh_gencontrol -pdocker-compose-plugin -- -v$${COMPOSE_DEB_VERSION#v}-$${PKG_REVISION}~$${DISTRO}.$${VERSION_ID}~$${SUITE}
-
-	# Use separate version for the model-plugin package, then generate the other control files as usual
-	# TODO override "Source" field in control as well (to point to model, as it doesn't match the package name)
-	dh_gencontrol -pdocker-model-plugin -- -v$${MODEL_DEB_VERSION#v}-$${PKG_REVISION}~$${DISTRO}.$${VERSION_ID}~$${SUITE}
-
-	dh_gencontrol --remaining-packages
-
 %:
-	dh $@ --with=bash-completion
+	dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd)

deb/debian-bookworm/Dockerfile

@@ -1,40 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=debian
-ARG SUITE=bookworm
-ARG VERSION_ID=12
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-bullseye/Dockerfile

@@ -1,40 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=debian
-ARG SUITE=bullseye
-ARG VERSION_ID=11
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-buster/Dockerfile

@@ -0,0 +1,35 @@
+ARG GO_IMAGE
+ARG DISTRO=debian
+ARG SUITE=buster
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+ARG COMMON_FILES
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY sources/ /sources
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+COPY --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-stretch/Dockerfile

@@ -0,0 +1,35 @@
+ARG GO_IMAGE
+ARG DISTRO=debian
+ARG SUITE=stretch
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+ARG COMMON_FILES
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY sources/ /sources
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+COPY --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-trixie/Dockerfile

@@ -1,40 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=debian
-ARG SUITE=trixie
-ARG VERSION_ID=13
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/gen-deb-ver

@@ -1,79 +1,87 @@
 #!/usr/bin/env bash
 
-REPO_DIR="$1"
+ENGINE_DIR="$1"
 VERSION="$2"
+origVersion=$VERSION
 
-if [ -z "$REPO_DIR" ] || [ -z "$VERSION" ]; then
-	# shellcheck disable=SC2016
-	echo 'usage: ./gen-deb-ver ${REPO_DIR} ${VERSION}'
-	exit 1
+[[ $# < 2 ]] && echo 'not enough args' && exit 1
+
+DATE_COMMAND="date"
+if [[ $(uname) == "Darwin" ]]; then
+    DATE_COMMAND="docker run --rm alpine date"
 fi
 
-GIT_COMMAND="git -C $REPO_DIR"
-origVersion="$VERSION"
-debVersion="${VERSION#v}"
+gen_deb_version() {
+    # Adds an increment to the deb version to get proper order
+    # 18.01.0-tp1   -> 18.01.0-0.1-tp1
+    # 18.01.0-beta1 -> 18.01.0-1.1-beta1
+    # 18.01.0-rc1   -> 18.01.0-2.1-rc1
+    # 18.01.0       -> 18.01.0-3
+    fullVersion="$1"
+    pattern="$2"
+    increment="$3"
+    testVersion="${fullVersion#*-$pattern}"
+    baseVersion="${fullVersion%-"$pattern"*}"
+    echo "$baseVersion-$increment.$testVersion.$pattern$testVersion"
+}
 
-# deb packages require a tilde (~) instead of a hyphen (-) as separator between
-# the version # and pre-release suffixes, otherwise pre-releases are sorted AFTER
-# non-pre-release versions, which would prevent users from updating from a pre-
-# release version to the "ga" version.
-#
-# For details, see this thread on the Debian mailing list:
-# https://lists.debian.org/debian-policy/1998/06/msg00099.html
-#
-# The code below replaces hyphens with tildes. Note that an intermediate $tilde
-# variable is needed to make this work on all versions of Bash. In some versions
-# of Bash, the tilde would be substituted with $HOME (even when escaped (\~) or
-# quoted ('~').
-tilde='~'
-debVersion="${debVersion//-/$tilde}"
+case "$VERSION" in
+    *-dev)
+        debVersion="$VERSION"
+        ;;
+    *-tp[0-9]*)
+        debVersion="$(gen_deb_version "$VERSION" tp 0)"
+        ;;
+    *-beta[0-9]*)
+        debVersion="$(gen_deb_version "$VERSION" beta 1)"
+        ;;
+    *-rc[0-9]*)
+        debVersion="$(gen_deb_version "$VERSION" rc 2)"
+        ;;
+    *)
+        debVersion="$VERSION-3"
+        ;;
+esac
 
-# if we have a "-dev" suffix or have change in Git, this is a nightly build, and
-# we'll create a pseudo version based on commit-date and -sha.
-if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
-	export TZ=UTC
+export TZ=UTC
 
-	# based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
-	#
-	# using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
-	# where the time is the commit time in UTC and the final suffix is the prefix
-	# of the commit hash. The time portion ensures that two pseudo-versions can
-	# be compared to determine which happened later, the commit hash identifes
-	# the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
-	# as a pre-release before version v0.0.0, so that the go command prefers any
-	# tagged release over any pseudo-version.
-	gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+tilde='~' # ouch Bash 4.2 vs 4.3, you keel me
+# git running in different directories, backwards compatible too
+GIT_COMMAND="git -C $ENGINE_DIR"
+debVersion="${debVersion//-/$tilde}" # using \~ or '~' here works in 4.3, but not 4.2; just ~ causes $HOME to be inserted, hence the $tilde
+# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
+if [[ "$VERSION" == *-dev ]]; then
+    # based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+    #
+    # using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
+    # where the time is the commit time in UTC and the final suffix is the prefix
+    # of the commit hash. The time portion ensures that two pseudo-versions can
+    # be compared to determine which happened later, the commit hash identifes
+    # the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+    # as a pre-release before version v0.0.0, so that the go command prefers any
+    # tagged release over any pseudo-version.
+    gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+    gitDate="$($DATE_COMMAND --utc --date "@$gitUnix" +'%Y%m%d%H%M%S')"
+    gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
+    debVersion="0.0.0-${gitDate}-${gitCommit}"
+    origVersion=$debVersion
 
-	if [ "$(uname)" = "Darwin" ]; then
-		# Using BSD date (macOS), which doesn't support the --date option
-		# date -jf "<input format>" "<input value>" +"<output format>" (https://unix.stackexchange.com/a/86510)
-		gitDate="$(TZ=UTC date -u -jf "%s" "$gitUnix" +'%Y%m%d%H%M%S')"
-	else
-		# Using GNU date (Linux)
-		gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
-	fi
-
-	gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
-	# generated version is now something like '0.0.0-20180719213702-cd5e2db'
-	origVersion="0.0.0-${gitDate}-${gitCommit}" # (using hyphens)
-	debVersion="0.0.0~${gitDate}.${gitCommit}"  # (using tilde and periods)
-
-	# verify that nightly builds are always < actual releases
-	#
-	# $ dpkg --compare-versions 1.5.0 gt 1.5.0~rc1 && echo true || echo false
-	# true
-	# $ dpkg --compare-versions 1.5.0~rc1 gt 0.0.0-20180719213347-5daff5a && echo true || echo false
-	# true
-	# $ dpkg --compare-versions 18.06.0-ce-rc3 gt 18.06.0-ce-rc2  && echo true || echo false
-	# true
-	# $ dpkg --compare-versions 18.06.0-ce gt 18.06.0-ce-rc2  && echo true || echo false
-	# false
-	# $ dpkg --compare-versions 18.06.0-ce-rc3 gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
-	# true
-	# $ dpkg --compare-versions 18.06.0-ce gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
-	# true
-	# $ dpkg --compare-versions 0.0.0-20180719213702-cd5e2db gt 0.0.0-20180719213347-5daff5a && echo true || echo false
-	# true
+    # verify that nightly builds are always < actual releases
+    #
+    # $ dpkg --compare-versions 1.5.0 gt 1.5.0~rc1 && echo true || echo false
+    # true
+    # $ dpkg --compare-versions 1.5.0~rc1 gt 0.0.0-20180719213347-5daff5a && echo true || echo false
+    # true
+    # $ dpkg --compare-versions 18.06.0-ce-rc3 gt 18.06.0-ce-rc2  && echo true || echo false
+    # true
+    # $ dpkg --compare-versions 18.06.0-ce gt 18.06.0-ce-rc2  && echo true || echo false
+    # false
+    # $ dpkg --compare-versions 18.06.0-ce-rc3 gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
+    # true
+    # $ dpkg --compare-versions 18.06.0-ce gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
+    # true
+    # $ dpkg --compare-versions 0.0.0-20180719213702-cd5e2db gt 0.0.0-20180719213347-5daff5a && echo true || echo false
+    # true
 fi
 
 echo "$debVersion" "$origVersion"

deb/raspbian-bookworm/Dockerfile

@@ -1,40 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=raspbian
-ARG SUITE=bookworm
-ARG VERSION_ID=12
-ARG BUILD_IMAGE=balenalib/rpi-raspbian:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/raspbian-bullseye/Dockerfile

@@ -1,40 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=raspbian
-ARG SUITE=bullseye
-ARG VERSION_ID=11
-ARG BUILD_IMAGE=balenalib/rpi-raspbian:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/raspbian-buster/Dockerfile

@@ -0,0 +1,35 @@
+ARG GO_IMAGE
+ARG DISTRO=raspbian
+ARG SUITE=buster
+ARG BUILD_IMAGE=balenalib/rpi-raspbian:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+ARG COMMON_FILES
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY sources/ /sources
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+COPY --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/raspbian-stretch/Dockerfile

@@ -0,0 +1,35 @@
+ARG GO_IMAGE
+ARG DISTRO=raspbian
+ARG SUITE=stretch
+ARG BUILD_IMAGE=balenalib/rpi-raspbian:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+ARG COMMON_FILES
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY sources/ /sources
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+COPY --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-bionic/Dockerfile

@@ -0,0 +1,35 @@
+ARG GO_IMAGE
+ARG DISTRO=ubuntu
+ARG SUITE=bionic
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+ARG COMMON_FILES
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY sources/ /sources
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+COPY --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-focal/Dockerfile

@@ -1,9 +1,6 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
+ARG GO_IMAGE
 ARG DISTRO=ubuntu
-ARG SUITE=jammy
-ARG VERSION_ID=22.04
+ARG SUITE=focal
 ARG BUILD_IMAGE=${DISTRO}:${SUITE}
 
 FROM ${GO_IMAGE} AS golang
@@ -19,26 +16,24 @@ RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then
 ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
 
 ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 
-COPY --link sources/ /sources
+COPY sources/ /sources
 ARG DISTRO
 ARG SUITE
-ARG VERSION_ID
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
 
-COPY --link --from=golang /usr/local/go /usr/local/go
+COPY --from=golang /usr/local/go /usr/local/go
 
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb

deb/ubuntu-noble/Dockerfile

@@ -1,46 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=ubuntu
-ARG SUITE=noble
-ARG VERSION_ID=24.04
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-# Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
-RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
-        rm -f /usr/bin/man; \
-        dpkg-divert --quiet --remove --rename /usr/bin/man; \
-    fi
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-oracular/Dockerfile

@@ -1,46 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=ubuntu
-ARG SUITE=oracular
-ARG VERSION_ID=24.10
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-# Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
-RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
-        rm -f /usr/bin/man; \
-        dpkg-divert --quiet --remove --rename /usr/bin/man; \
-    fi
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-plucky/Dockerfile

@@ -1,46 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=ubuntu
-ARG SUITE=plucky
-ARG VERSION_ID=25.04
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-
-# Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
-RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
-        rm -f /usr/bin/man; \
-        dpkg-divert --quiet --remove --rename /usr/bin/man; \
-    fi
-
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y curl devscripts equivs git
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-ARG COMMON_FILES
-COPY --link ${COMMON_FILES} /root/build-deb/debian
-RUN apt-get update \
- && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
-
-COPY --link sources/ /sources
-ARG DISTRO
-ARG SUITE
-ARG VERSION_ID
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-ENV VERSION_ID=${VERSION_ID}
-
-COPY --link --from=golang /usr/local/go /usr/local/go
-
-WORKDIR /root/build-deb
-COPY build-deb /root/build-deb/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-xenial/Dockerfile

@@ -0,0 +1,35 @@
+ARG GO_IMAGE
+ARG DISTRO=ubuntu
+ARG SUITE=xenial
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+ARG COMMON_FILES
+COPY ${COMMON_FILES} /root/build-deb/debian
+RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY sources/ /sources
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+COPY --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

distros.json

@@ -1,141 +0,0 @@
-{
-    "centos-9": {
-        "image": "quay.io/centos/centos:stream9",
-        "arches": [
-            "amd64",
-            "aarch64"
-        ],
-        "description": "CentOS Stream 9",
-        "end_of_life": "2027"
-    },
-    "centos-10": {
-        "image": "quay.io/centos/centos:stream10",
-        "arches": [
-            "amd64",
-            "aarch64"
-        ],
-        "description": "CentOS Stream 10",
-        "end_of_life": "2030"
-    },
-    "debian-bullseye": {
-        "image": "debian:bullseye",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Debian 11 (oldstable)"
-    },
-    "debian-bookworm": {
-        "image": "debian:bookworm",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Debian 12 (stable)"
-    },
-    "debian-trixie": {
-        "image": "debian:trixie",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Debian 13 (Next stable)"
-    },
-    "fedora-41": {
-        "image": "fedora:41",
-        "arches": [
-            "amd64",
-            "aarch64"
-        ],
-        "end_of_life": "November, 2025"
-    },
-    "fedora-42": {
-        "image": "fedora:42",
-        "arches": [
-            "amd64",
-            "aarch64"
-        ],
-        "end_of_life": "November, 2025"
-    },
-    "raspbian-bullseye": {
-        "image": "balenalib/rpi-raspbian:bullseye",
-        "arches": [
-            "armhf"
-        ],
-        "description": "Debian/Raspbian 11 (stable)"
-    },
-    "raspbian-bookworm": {
-        "image": "balenalib/rpi-raspbian:bookworm",
-        "arches": [
-            "armhf"
-        ],
-        "description": "Debian/Raspbian 12 (next stable)"
-    },
-    "ubuntu-jammy": {
-        "image": "ubuntu:jammy",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Ubuntu 22.04 LTS",
-        "end_of_life": "04-2032",
-        "end_of_support": "04-2027"
-    },
-    "ubuntu-noble": {
-        "image": "ubuntu:noble",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Ubuntu 24.04 LTS",
-        "end_of_life": "04-2034",
-        "end_of_support": "06-2029"
-    },
-    "ubuntu-oracular": {
-        "image": "ubuntu:oracular",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Ubuntu 24.10",
-        "end_of_life": "07-2025",
-        "end_of_support": "07-2025"
-    },
-    "ubuntu-plucky": {
-        "image": "ubuntu:plucky",
-        "arches": [
-            "amd64",
-            "aarch64",
-            "armhf"
-        ],
-        "description": "Ubuntu 25.04",
-        "end_of_life": "01-2026",
-        "end_of_support": "01-2026"
-    },
-    "rhel-8": {
-        "image": "registry.access.redhat.com/ubi8/ubi",
-        "arches": [
-            "amd64",
-            "aarch64"
-        ],
-        "description": "Red Hat Enterprise Linux 8",
-        "end_of_life": "05-2029",
-        "end_of_support": "05-2024"
-    },
-    "rhel-9": {
-        "image": "registry.access.redhat.com/ubi9/ubi",
-        "arches": [
-            "amd64",
-            "aarch64"
-        ],
-        "description": "Red Hat Enterprise Linux 9",
-        "end_of_life": "05-2032",
-        "end_of_support": "05-2027"
-    }
-}

install-containerd-helpers

@@ -1,85 +0,0 @@
-#!/usr/bin/env bash
-
-###
-# Script Name:  install-containerd-helpers
-#
-# Description: A library that containers helpers to install containerd on different
-#              distributions based on a package manager
-###
-set -x extglob
-
-# Steps taken from: https://docs.docker.com/install/linux/docker-ce/centos/
-function install_rpm_containerd() {
-	if [ "${PACKAGE_REPO}" = "stage" ]; then
-		REPO_URL="https://download-stage.docker.com/linux/${DIST_ID}/docker-ce-staging.repo"
-	else
-		REPO_URL="https://download.docker.com/linux/${DIST_ID}/docker-ce.repo"
-	fi
-
-	# Install containerd dependency for non-zypper dependecies
-	echo "[DEBUG] Installing engine dependencies from ${REPO_URL}"
-
-	# Note: we enable test channel to be able to test non-stable containerd packages as well.
-	# Once a containerd package becomes stable it will also be available in the test channel,
-	# so this logic works for both cases.
-	# (See also same logic in install_debian_containerd)
-
-	if command -v dnf5; then
-		dnf --version
-
-		# FIXME(thaJeztah); strip empty lines as workaround for https://github.com/rpm-software-management/dnf5/issues/1603
-		TMP_REPO_FILE="$(mktemp --dry-run)"
-		curl -fsSL "${REPO_URL}" | tr -s '\n' > "${TMP_REPO_FILE}"
-		dnf config-manager addrepo --save-filename=docker-ce.repo  --overwrite --from-repofile="${TMP_REPO_FILE}"
-		rm -f "${TMP_REPO_FILE}"
-		# dnf config-manager addrepo --save-filename=docker-ce.repo --from-repofile="${REPO_URL}"
-		dnf config-manager setopt 'docker-ce-*.enabled=0'
-		dnf config-manager setopt 'docker-ce-test.enabled=1'
-		dnf makecache
-	elif command -v dnf; then
-		dnf --version
-
-		dnf config-manager --add-repo "${REPO_URL}"
-		dnf config-manager --set-disabled 'docker-ce-*'
-		dnf config-manager --set-enabled 'docker-ce-test'
-		dnf makecache
-	else
-		yum-config-manager --add-repo "${REPO_URL}"
-		yum-config-manager --disable 'docker-ce-*'
-		yum-config-manager --enable 'docker-ce-test'
-		yum makecache
-	fi
-}
-
-# Steps taken from: https://docs.docker.com/install/linux/docker-ce/ubuntu/
-function install_debian_containerd() {
-	if [ "${PACKAGE_REPO}" = "stage" ]; then
-		REPO_URL="https://download-stage.docker.com/linux/${DIST_ID}"
-	else
-		REPO_URL="https://download.docker.com/linux/${DIST_ID}"
-	fi
-
-	echo "[DEBUG] Installing engine dependencies from ${REPO_URL}"
-
-	#TODO include this step in the get.docker.com installation script
-	# Make sure ca-certificates are up-to-date
-	update-ca-certificates -f
-
-	install -m 0755 -d /etc/apt/keyrings
-	curl -fsSL "${REPO_URL}/gpg" | tee /etc/apt/keyrings/docker.asc
-	chmod a+r /etc/apt/keyrings/docker.asc
-
-	if [ "${DIST_VERSION}" = "sid" ]; then
-		echo 'Debian sid ("unstable") cannot be used for packaging: replace with the actual codename'
-		exit 1
-	fi
-	ARCH=$(dpkg --print-architecture)
-
-	# Note: we enable test channel to be able to test non-stable containerd packages as well.
-	# Once a containerd package becomes stable it will also be available in the test channel,
-	# so this logic works for both cases.
-	# (See also same logic in install_rpm_containerd)
-	echo "deb [arch=${ARCH} signed-by=/etc/apt/keyrings/docker.asc] ${REPO_URL} ${DIST_VERSION} test" > /etc/apt/sources.list.d/docker.list
-
-	apt-get update
-}

plugins/.common

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+DESTDIR=${DESTDIR:-}
+PREFIX=${PREFIX:-/usr/local}
+
+add_github_ssh_host() {
+    # You're not able to clone from github unless you add to known_hosts
+    if ! grep ~/.ssh/known_hosts "github.com" >/dev/null 2>/dev/null; then
+        mkdir -p ~/.ssh
+        ssh-keyscan github.com >> ~/.ssh/known_hosts
+    fi
+}
+
+install_binary() {
+    for binary in "$@"; do
+        mkdir -p "${DESTDIR}${PREFIX}"
+        install -p -m 755 "${binary}" "${DESTDIR}${PREFIX}"
+    done
+}
+
+build_or_install() {
+    case $1 in
+        build)
+            build
+            ;;
+        build_mac)
+            build_mac
+            ;;
+        install_plugin)
+            install_plugin
+            ;;
+        *)
+            echo "Are you sure that's a command? o.O"
+            exit 1
+            ;;
+    esac
+}

plugins/app.installer

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+set -e
+
+source "$(dirname "$0")/.common"
+
+GOPATH=$(go env GOPATH)
+REPO=https://github.com/docker/app.git
+COMMIT=v0.8.0
+DEST=${GOPATH}/src/github.com/docker/app
+
+build() {
+    if [ ! -d "${DEST}" ]; then
+        git clone "${REPO}" "${DEST}"
+    fi
+    (
+        cd "${DEST}"
+        git fetch --all
+        git checkout -q "${COMMIT}"
+        # There's no real versions yet, but this'll just leave it blank
+        make dynamic
+    )
+}
+
+install_plugin() {
+    (
+        cd "${DEST}"
+        install_binary bin/docker-app
+    )
+}
+
+build_or_install "$@"

plugins/buildx.installer

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+set -e
+
+source "$(dirname "$0")/.common"
+PKG=github.com/docker/buildx
+GOPATH=$(go env GOPATH)
+REPO=https://${PKG}.git
+: "${BUILDX_COMMIT=v0.3.1}"
+DEST=${GOPATH}/src/${PKG}
+
+build() {
+    if [ ! -d "${DEST}" ]; then
+        git clone "${REPO}" "${DEST}"
+    fi
+    (
+        cd "${DEST}"
+        git fetch --all
+        git checkout -q "${BUILDX_COMMIT}"
+        local LDFLAGS
+        # TODO: unmark `-tp` when no longer a technical preview
+        LDFLAGS="-X ${PKG}/version.Version=$(git describe --match 'v[0-9]*' --always --tags)-tp-docker -X ${PKG}/version.Revision=$(git rev-parse HEAD) -X ${PKG}/version.Package=${PKG} -X main.experimental=1"
+        set -x
+        GOFLAGS=-mod=vendor go build -o bin/docker-buildx -ldflags "${LDFLAGS}" ./cmd/buildx
+    )
+}
+
+install_plugin() {
+    (
+        cd "${DEST}"
+        install_binary bin/docker-buildx
+    )
+}
+
+build_or_install "$@"

rpm/Makefile

@@ -1,75 +1,49 @@
 include ../common.mk
 
+CLI_DIR:=$(realpath $(CURDIR)/../../cli)
+ENGINE_DIR:=$(realpath $(CURDIR)/../../engine)
 PLUGINS_DIR=$(realpath $(CURDIR)/../plugins)
+GITCOMMIT=$(shell cd $(ENGINE_DIR) && git rev-parse --short HEAD)
+STATIC_VERSION:=$(shell ../static/gen-static-ver $(ENGINE_DIR) $(VERSION))
 GO_BASE_IMAGE=golang
-GO_IMAGE?=$(GO_BASE_IMAGE):$(GO_VERSION)-bookworm
-GEN_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/cli) "$(VERSION)")
-GEN_BUILDX_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/buildx) "$(DOCKER_BUILDX_REF)")
-GEN_COMPOSE_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/compose) "$(DOCKER_COMPOSE_REF)")
-GEN_MODEL_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/model-cli) "$(DOCKER_MODEL_REF)")
-CLI_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/cli) && git rev-parse --short HEAD)
-ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD)
-BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD)
+GO_IMAGE?=$(GO_BASE_IMAGE):$(GO_VERSION)-buster
+GEN_RPM_VER=$(shell ./gen-rpm-ver $(CLI_DIR) $(VERSION))
+CHOWN=docker run --rm -i -v $(CURDIR):/v -w /v alpine chown
 
-ifdef RH_USER
-	RH_FLAGS=--secret id=rh-user,env=RH_USER --secret id=rh-pass,env=RH_PASS
-endif
 ifdef BUILD_IMAGE
 	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
 endif
 BUILD?=DOCKER_BUILDKIT=1 \
 	docker build \
-	$(RH_FLAGS) \
 	$(BUILD_IMAGE_FLAG) \
 	--build-arg GO_IMAGE=$(GO_IMAGE) \
 	-t rpmbuild-$@/$(ARCH) \
-	--platform linux/$(ARCH) \
 	-f $@/Dockerfile \
 	.
 
-
-SPEC_FILES?=docker-ce.spec docker-ce-cli.spec docker-ce-rootless-extras.spec docker-buildx-plugin.spec docker-compose-plugin.spec docker-model-plugin.spec
-
+SPEC_FILES?=docker-ce.spec docker-ce-cli.spec
 SPECS?=$(addprefix SPECS/, $(SPEC_FILES))
+RPMBUILD=docker run --privileged --rm -i \
+	-e PLATFORM \
+	-v $(CURDIR)/rpmbuild/SOURCES:/root/rpmbuild/SOURCES \
+	-v $(CURDIR)/rpmbuild/RPMS:/root/rpmbuild/RPMS \
+	-v $(CURDIR)/rpmbuild/SRPMS:/root/rpmbuild/SRPMS
 RPMBUILD_FLAGS?=-ba\
-	--define '_gitcommit_cli $(CLI_GITCOMMIT)' \
-	--define '_gitcommit_engine $(ENGINE_GITCOMMIT)' \
+	--define '_gitcommit $(word 3,$(GEN_RPM_VER))' \
 	--define '_release $(word 2,$(GEN_RPM_VER))' \
 	--define '_version $(word 1,$(GEN_RPM_VER))' \
 	--define '_origversion $(word 4, $(GEN_RPM_VER))' \
-	--define '_buildx_rpm_version $(word 1,$(GEN_BUILDX_RPM_VER))' \
-	--define '_buildx_version $(word 4,$(GEN_BUILDX_RPM_VER))' \
-	--define '_buildx_gitcommit $(BUILDX_GITCOMMIT)' \
-	--define '_compose_rpm_version $(word 1,$(GEN_COMPOSE_RPM_VER))' \
-	--define '_compose_version $(word 4,$(GEN_COMPOSE_RPM_VER))' \
-	--define '_model_rpm_version $(word 1,$(GEN_MODEL_RPM_VER))' \
-	--define '_model_version $(word 4,$(GEN_MODEL_RPM_VER))' \
 	$(RPMBUILD_EXTRA_FLAGS) \
 	$(SPECS)
+RUN?=$(RPMBUILD) rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
 
-# Additional flags may be necessary at some point
-RUN_FLAGS=
-
-# FIXME(thaJeztah): disabling seccomp to handle (ppc64le) tar "chown / chmod"
-# failing when running in a Fedora 40 container on a Debian bookworm host;
-# see https://github.com/docker/docker-ce-packaging/issues/1012 and
-# https://github.com/docker/docker-ce-packaging/pull/1006#issuecomment-2006878743
-RUN?=docker run --rm \
-	--security-opt seccomp=unconfined \
-	--platform linux/$(ARCH) \
-	-e PLATFORM \
-	-v $(CURDIR)/rpmbuild/SOURCES:/root/rpmbuild/SOURCES:ro \
-	-v $(CURDIR)/rpmbuild/$@/RPMS:/root/rpmbuild/RPMS \
-	-v $(CURDIR)/rpmbuild/$@/SRPMS:/root/rpmbuild/SRPMS \
-	$(RUN_FLAGS) \
-	rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
-
-FEDORA_RELEASES ?= fedora-41 fedora-42
-CENTOS_RELEASES ?= centos-9 centos-10
-RHEL_RELEASES ?= rhel-8 rhel-9
+SOURCE_FILES=engine.tgz cli.tgz docker.service docker.socket plugin-installers.tgz
+SOURCES=$(addprefix rpmbuild/SOURCES/, $(SOURCE_FILES))
 
+FEDORA_RELEASES := fedora-32 fedora-31
+CENTOS_RELEASES := centos-7 centos-8
+RHEL_RELEASES := rhel-7
 DISTROS := $(FEDORA_RELEASES) $(CENTOS_RELEASES) $(RHEL_RELEASES)
-BUNDLES := $(patsubst %,rpmbuild/bundles-ce-%-$(DPKG_ARCH).tar.gz,$(DISTROS))
 
 .PHONY: help
 help: ## show make targets
@@ -79,7 +53,6 @@ help: ## show make targets
 clean: ## remove build artifacts
 	[ ! -d rpmbuild ] || $(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
 	$(RM) -r rpmbuild/
-	-docker builder prune -f --filter until=24h
 
 .PHONY: rpm
 rpm: fedora centos ## build all rpm packages
@@ -87,6 +60,9 @@ rpm: fedora centos ## build all rpm packages
 .PHONY: fedora
 fedora: $(FEDORA_RELEASES) ## build all fedora rpm packages
 
+.PHONY: centos-8
+centos-8: RPMBUILD_EXTRA_FLAGS=--define '_without_btrfs 1'
+
 .PHONY: centos
 centos: $(CENTOS_RELEASES) ## build all centos rpm packages
 
@@ -94,58 +70,40 @@ centos: $(CENTOS_RELEASES) ## build all centos rpm packages
 rhel: $(RHEL_RELEASES) ## build all rhel rpm packages
 
 .PHONY: $(DISTROS)
-$(DISTROS): sources
+$(DISTROS): rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/docker.service rpmbuild/SOURCES/docker.socket rpmbuild/SOURCES/plugin-installers.tgz
 	@echo "== Building packages for $@ =="
-	mkdir -p "rpmbuild/$@"
+	$(CHOWN) -R root:root rpmbuild
 	$(BUILD)
 	$(RUN)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) "rpmbuild/$@"
-
-.PHONY: sources
-sources: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/buildx.tgz rpmbuild/SOURCES/compose.tgz rpmbuild/SOURCES/model.tgz
+	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
 
 rpmbuild/SOURCES/engine.tgz:
-	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/docker):/engine \
-		-v $(CURDIR)/$(@D):/v \
+	mkdir -p rpmbuild/SOURCES
+	docker run --rm -i -w /v \
+		-v $(ENGINE_DIR):/engine \
+		-v $(CURDIR)/rpmbuild/SOURCES:/v \
 		alpine \
 		tar -C / -c -z -f /v/engine.tgz --exclude .git engine
 
 rpmbuild/SOURCES/cli.tgz:
-	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/cli):/cli \
-		-v $(CURDIR)/$(@D):/v \
+	mkdir -p rpmbuild/SOURCES
+	docker run --rm -i -w /v \
+		-v $(CLI_DIR):/cli \
+		-v $(CURDIR)/rpmbuild/SOURCES:/v \
 		alpine \
 		tar -C / -c -z -f /v/cli.tgz --exclude .git cli
 
-rpmbuild/SOURCES/buildx.tgz:
+rpmbuild/SOURCES/docker.service: ../systemd/docker.service
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/buildx):/buildx \
-		-v $(CURDIR)/$(@D):/v \
-		alpine \
-		tar -C / -c -z -f /v/buildx.tgz --exclude .git buildx
+	cp $< $@
 
-rpmbuild/SOURCES/compose.tgz:
+rpmbuild/SOURCES/docker.socket: ../systemd/docker.socket
 	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/compose):/compose \
-		-v $(CURDIR)/$(@D):/v \
+	cp $< $@
+
+rpmbuild/SOURCES/plugin-installers.tgz: $(wildcard ../plugins/*)
+	docker run --rm -i -w /v \
+		-v $(PLUGINS_DIR):/plugins \
+		-v $(CURDIR)/rpmbuild/SOURCES:/v \
 		alpine \
-		tar -C / -c -z -f /v/compose.tgz --exclude .git compose
-
-rpmbuild/SOURCES/model.tgz:
-	mkdir -p $(@D)
-	docker run --rm -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/model-cli):/model \
-		-v $(CURDIR)/$(@D):/v \
-		alpine \
-		tar -C / -c -z -f /v/model.tgz --exclude .git model
-
-# See ARCHES in common.mk. Could not figure out how to match both distro and arch.
-BUNDLES:=$(addsuffix .tar.gz,$(addprefix rpmbuild/bundles-ce-%-,$(ARCHES)))
-
-$(BUNDLES): %
-	tar czf $@ --transform="s|^rpmbuild/\(.*\)|bundles/$(VERSION)/build-rpm/\1|" rpmbuild/$*
+		tar -C / -c -z -f /v/plugin-installers.tgz --exclude .git plugins

rpm/README.md

@@ -3,37 +3,30 @@
 `.rpm` packages can be built from this directory with the following syntax
 
 ```shell
-make rpm
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli rpm
 ```
 
 Artifacts will be located in `rpmbuild` under the following directory structure:
 `rpmbuild/$distro-$distro_version/`
 
-### Building from local source
-
-Specify the location of the source repositories for the engine and cli when
-building packages
-
+### NOTES:
 * `ENGINE_DIR` -> Specifies the directory where the engine code is located, eg: `$GOPATH/src/github.com/docker/docker`
 * `CLI_DIR` -> Specifies the directory where the cli code is located, eg: `$GOPATH/src/github.com/docker/cli`
 
-```shell
-make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli rpm
-```
-
 ## Specifying a specific distro
 
 ```shell
-make centos
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli fedora
 ```
 
 ## Specifying a specific distro version
 ```shell
-make centos-9
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli fedora-25
 ```
 
-## Building the for all distros
+## Building the latest docker-ce
 
 ```shell
-make rpm
+git clone https://github.com/docker/docker-ce.git
+make ENGINE_DIR=docker-ce/components/engine CLI_DIR=docker-ce/components/cli rpm
 ```

rpm/SPECS/docker-buildx-plugin.spec

@@ -1,51 +0,0 @@
-%global debug_package %{nil}
-
-Name: docker-buildx-plugin
-Version: %{_buildx_rpm_version}
-Release: %{_release}%{?dist}
-Epoch: 0
-Source0: buildx.tgz
-Summary: Docker Buildx plugin for the Docker CLI
-Group: Tools/Docker
-License: Apache-2.0
-URL: https://github.com/docker/buildx
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-BuildRequires: bash
-
-%description
-Docker Buildx plugin for the Docker CLI.
-
-%prep
-%setup -q -c -n src -a 0
-
-%build
-pushd ${RPM_BUILD_DIR}/src/buildx
-	GO111MODULE=on \
-	CGO_ENABLED=0 \
-		go build \
-			-mod=vendor \
-			-trimpath \
-			-ldflags="-w -X github.com/docker/buildx/version.Version=%{_buildx_version} -X github.com/docker/buildx/version.Revision=%{_buildx_gitcommit} -X github.com/docker/buildx/version.Package=github.com/docker/buildx" \
-			-o "bin/docker-buildx" \
-			./cmd/buildx
-popd
-
-%check
-ver="$(${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-buildx docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
-	test "$ver" = "%{_buildx_version}" && echo "PASS: docker-buildx version OK" || (echo "FAIL: docker-buildx version ($ver) did not match" && exit 1)
-
-%install
-install -D -p -m 0755 ${RPM_BUILD_DIR}/src/buildx/bin/docker-buildx ${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-buildx
-
-%files
-%{_libexecdir}/docker/cli-plugins/docker-buildx
-
-%post
-
-%preun
-
-%postun
-
-%changelog

rpm/SPECS/docker-ce-cli.spec

@@ -6,27 +6,24 @@ Release: %{_release}%{?dist}
 Epoch: 1
 Summary: The open-source application container engine
 Group: Tools/Docker
-License: Apache-2.0
+License: ASL 2.0
 Source0: cli.tgz
+Source1: plugin-installers.tgz
 URL: https://www.docker.com
 Vendor: Docker
 Packager: Docker <support@docker.com>
 
 # required packages on install
 Requires: /bin/sh
-Requires: /usr/sbin/groupadd
-
-Recommends: docker-buildx-plugin
-Recommends: docker-compose-plugin
-
-Suggests: docker-model-plugin
 
 BuildRequires: make
+BuildRequires: libtool-ltdl-devel
 BuildRequires: git
 
 # conflicting packages
 Conflicts: docker
 Conflicts: docker-io
+Conflicts: docker-engine-cs
 Conflicts: docker-ee
 Conflicts: docker-ee-cli
 
@@ -35,56 +32,81 @@ Docker is is a product for you to build, ship and run any application as a
 lightweight container.
 
 Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest cloud compute instance
-and everything in between - and they don't require you to use a particular
+they can run anywhere, from your laptop to the largest cloud compute instance and
+everything in between - and they don't require you to use a particular
 language, framework or packaging system. That makes them great building blocks
 for deploying and scaling web apps, databases, and backend services without
 depending on a particular stack or provider.
 
 %prep
-%setup -q -c -n src -a 0
+%setup -q -c -n src -a 1
 
 %build
 mkdir -p /go/src/github.com/docker
 rm -f /go/src/github.com/docker/cli
-ln -snf ${RPM_BUILD_DIR}/src/cli /go/src/github.com/docker/cli
-make -C /go/src/github.com/docker/cli DISABLE_WARN_OUTSIDE_CONTAINER=1 VERSION=%{_origversion} GITCOMMIT=%{_gitcommit_cli} dynbinary manpages shell-completion
+ln -s /root/rpmbuild/BUILD/src/cli /go/src/github.com/docker/cli
+pushd /go/src/github.com/docker/cli
+DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{_origversion} GITCOMMIT=%{_gitcommit} dynbinary manpages # cli
+popd
 
-%check
-ver="$(cli/build/docker --version)"; \
-    test "$ver" = "Docker version %{_origversion}, build %{_gitcommit_cli}" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($ver) did not match" && exit 1)
+# Build all associated plugins
+pushd /root/rpmbuild/BUILD/src/plugins
+for installer in *.installer; do
+    bash ${installer} build
+done
+popd
+
+
+# %check
+# cli/build/docker -v
 
 %install
 # install binary
-install -D -p -m 755 cli/build/docker ${RPM_BUILD_ROOT}%{_bindir}/docker
+install -d $RPM_BUILD_ROOT/%{_bindir}
+install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker
+
+# install plugins
+pushd /root/rpmbuild/BUILD/src/plugins
+for installer in *.installer; do
+    DESTDIR=$RPM_BUILD_ROOT \
+        PREFIX=/usr/libexec/docker/cli-plugins \
+        bash ${installer} install_plugin
+done
+popd
 
 # add bash, zsh, and fish completions
-install -D -p -m 644 cli/build/completion/bash/docker ${RPM_BUILD_ROOT}%{_datadir}/bash-completion/completions/docker
-install -D -p -m 644 cli/build/completion/zsh/_docker ${RPM_BUILD_ROOT}%{_datadir}/zsh/vendor-completions/_docker
-install -D -p -m 644 cli/build/completion/fish/docker.fish ${RPM_BUILD_ROOT}%{_datadir}/fish/vendor_completions.d/docker.fish
+install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
+install -d $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions
+install -d $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d
+install -p -m 644 cli/contrib/completion/bash/docker $RPM_BUILD_ROOT/usr/share/bash-completion/completions/docker
+install -p -m 644 cli/contrib/completion/zsh/_docker $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions/_docker
+install -p -m 644 cli/contrib/completion/fish/docker.fish $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d/docker.fish
 
-# install man-pages
-for sec in $(seq 1 9); do
-    if [ -d "cli/man/man${sec}" ]; then
-        # Note: we need to create destination dirs first (instead "install -D") due to wildcards used.
-        install -d ${RPM_BUILD_ROOT}%{_mandir}/man${sec} && \
-        install -p -m 644 cli/man/man${sec}/*.${sec} ${RPM_BUILD_ROOT}%{_mandir}/man${sec};
-    fi
-done
+# install manpages
+install -d %{buildroot}%{_mandir}/man1
+install -p -m 644 cli/man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1
+install -d %{buildroot}%{_mandir}/man5
+install -p -m 644 cli/man/man5/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5
+install -d %{buildroot}%{_mandir}/man8
+install -p -m 644 cli/man/man8/*.8 $RPM_BUILD_ROOT/%{_mandir}/man8
 
 mkdir -p build-docs
 for cli_file in LICENSE MAINTAINERS NOTICE README.md; do
-    install -D -p -m 644 "cli/$cli_file" "build-docs/$cli_file"
+    cp "cli/$cli_file" "build-docs/$cli_file"
 done
 
 # list files owned by the package here
 %files
 %doc build-docs/LICENSE build-docs/MAINTAINERS build-docs/NOTICE build-docs/README.md
-%{_bindir}/docker
-%{_datadir}/bash-completion/completions/docker
-%{_datadir}/zsh/vendor-completions/_docker
-%{_datadir}/fish/vendor_completions.d/docker.fish
-%{_mandir}/man*/*
+/%{_bindir}/docker
+/usr/libexec/docker/cli-plugins/*
+/usr/share/bash-completion/completions/docker
+/usr/share/zsh/vendor-completions/_docker
+/usr/share/fish/vendor_completions.d/docker.fish
+%doc
+/%{_mandir}/man1/*
+/%{_mandir}/man5/*
+/%{_mandir}/man8/*
 
 
 %post

rpm/SPECS/docker-ce-rootless-extras.spec

@@ -1,63 +0,0 @@
-%global debug_package %{nil}
-
-Name: docker-ce-rootless-extras
-Version: %{_version}
-Release: %{_release}%{?dist}
-Epoch: 0
-Source0: engine.tgz
-Summary: Rootless support for Docker
-Group: Tools/Docker
-License: Apache-2.0
-URL: https://docs.docker.com/engine/security/rootless/
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-Requires: docker-ce
-# TODO: conditionally add `Requires: dbus-daemon` for Fedora and CentOS 8
-# slirp4netns >= 0.4 is available in the all supported versions of CentOS and Fedora.
-Requires: slirp4netns >= 0.4
-# fuse-overlayfs >= 0.7 is available in the all supported versions of CentOS and Fedora.
-Requires: fuse-overlayfs >= 0.7
-
-BuildRequires: bash
-
-# conflicting packages
-Conflicts: rootlesskit
-
-%description
-Rootless support for Docker.
-Use dockerd-rootless.sh to run the daemon.
-Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh .
-This package contains RootlessKit, but does not contain VPNKit.
-Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately.
-
-%prep
-%setup -q -c -n src -a 0
-
-%build
-
-export DOCKER_GITCOMMIT=%{_gitcommit_engine}
-mkdir -p /go/src/github.com/docker
-ln -snf ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker
-TMP_GOPATH="/go" ${RPM_BUILD_DIR}/src/engine/hack/dockerfile/install/install.sh rootlesskit dynamic
-
-%check
-/usr/local/bin/rootlesskit -v
-
-%install
-install -D -p -m 0755 engine/contrib/dockerd-rootless.sh ${RPM_BUILD_ROOT}%{_bindir}/dockerd-rootless.sh
-install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh ${RPM_BUILD_ROOT}%{_bindir}/dockerd-rootless-setuptool.sh
-install -D -p -m 0755 /usr/local/bin/rootlesskit ${RPM_BUILD_ROOT}%{_bindir}/rootlesskit
-
-%files
-%{_bindir}/dockerd-rootless.sh
-%{_bindir}/dockerd-rootless-setuptool.sh
-%{_bindir}/rootlesskit
-
-%post
-
-%preun
-
-%postun
-
-%changelog

rpm/SPECS/docker-ce.spec

@@ -1,58 +1,77 @@
 %global debug_package %{nil}
 
+# BTRFS is enabled by default, but can be disabled by defining _without_btrfs
+%{!?_with_btrfs: %{!?_without_btrfs: %define _with_btrfs 1}}
+
 Name: docker-ce
 Version: %{_version}
 Release: %{_release}%{?dist}
 Epoch: 3
 Source0: engine.tgz
+Source1: docker.service
+Source2: docker.socket
 Summary: The open-source application container engine
 Group: Tools/Docker
-License: Apache-2.0
+License: ASL 2.0
 URL: https://www.docker.com
 Vendor: Docker
 Packager: Docker <support@docker.com>
 
-Requires: /usr/sbin/groupadd
-# Provides modprobe, which we use to load br_netfilter if not loaded.
-Suggests: kmod
 Requires: docker-ce-cli
-Recommends: docker-ce-rootless-extras
-Requires: container-selinux
+Requires: container-selinux >= 2:2.74
+Requires: libseccomp >= 2.3
 Requires: systemd
+%if 0%{?rhel} >= 8
+Requires: ( iptables or nftables )
+%else
 Requires: iptables
-%if %{undefined rhel} || 0%{?rhel} < 9
-# Libcgroup is no longer available in RHEL/CentOS >= 9 distros.
-Requires: libcgroup
 %endif
-Requires: containerd.io >= 1.7.27
+Requires: libcgroup
+Requires: containerd.io >= 1.2.2-3
 Requires: tar
 Requires: xz
 
+# Resolves: rhbz#1165615
+Requires: device-mapper-libs >= 1.02.90-1
+
 BuildRequires: bash
+%{?_with_btrfs:BuildRequires: btrfs-progs-devel}
 BuildRequires: ca-certificates
 BuildRequires: cmake
+BuildRequires: device-mapper-devel
 BuildRequires: gcc
 BuildRequires: git
 BuildRequires: glibc-static
+BuildRequires: libseccomp-devel
+BuildRequires: libselinux-devel
 BuildRequires: libtool
+BuildRequires: libtool-ltdl-devel
 BuildRequires: make
 BuildRequires: pkgconfig
 BuildRequires: pkgconfig(systemd)
+BuildRequires: selinux-policy-devel
 BuildRequires: systemd-devel
 BuildRequires: tar
+BuildRequires: which
 
 # conflicting packages
 Conflicts: docker
 Conflicts: docker-io
+Conflicts: docker-engine-cs
 Conflicts: docker-ee
 
+# Obsolete packages
+Obsoletes: docker-ce-selinux
+Obsoletes: docker-engine-selinux
+Obsoletes: docker-engine
+
 %description
 Docker is a product for you to build, ship and run any application as a
 lightweight container.
 
 Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest cloud compute instance
-and everything in between - and they don't require you to use a particular
+they can run anywhere, from your laptop to the largest cloud compute instance and
+everything in between - and they don't require you to use a particular
 language, framework or packaging system. That makes them great building blocks
 for deploying and scaling web apps, databases, and backend services without
 depending on a particular stack or provider.
@@ -62,55 +81,40 @@ depending on a particular stack or provider.
 
 %build
 
-export DOCKER_GITCOMMIT=%{_gitcommit_engine}
+export DOCKER_GITCOMMIT=%{_gitcommit}
 mkdir -p /go/src/github.com/docker
-ln -snf ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker
+ln -s /root/rpmbuild/BUILD/src/engine /go/src/github.com/docker/docker
 
-pushd ${RPM_BUILD_DIR}/src/engine
-TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini
-
-# Determine Go module mode based on file presence
-if [ -f vendor.mod ]; then
-    GOMOD=off
-elif [ -f go.mod ]; then
-    GOMOD=on
-else
-    echo "No go.mod or vendor.mod found in engine directory"
-    exit 1
-fi
-GO111MODULE=$GOMOD VERSION=%{_origversion} PRODUCT=docker hack/make.sh dynbinary
+pushd /root/rpmbuild/BUILD/src/engine
+for component in tini "proxy dynamic";do
+    TMP_GOPATH="/go" hack/dockerfile/install/install.sh $component
+done
+VERSION=%{_origversion} PRODUCT=docker hack/make.sh dynbinary
 popd
 
-#  build  man-pages
-make -C ${RPM_BUILD_DIR}/src/engine/man
-
 %check
-ver="$(engine/bundles/dynbinary-daemon/dockerd --version)"; \
-    test "$ver" = "Docker version %{_origversion}, build %{_gitcommit_engine}" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($ver) did not match" && exit 1)
+engine/bundles/dynbinary-daemon/dockerd -v
 
 %install
-install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) ${RPM_BUILD_ROOT}%{_bindir}/dockerd
-install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/docker-proxy) ${RPM_BUILD_ROOT}%{_bindir}/docker-proxy
-install -D -p -m 0755 /usr/local/bin/docker-init ${RPM_BUILD_ROOT}%{_libexecdir}/docker/docker-init
+# install daemon binary
+install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) $RPM_BUILD_ROOT/%{_bindir}/dockerd
+
+# install proxy
+install -D -p -m 0755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
+
+# install tini
+install -D -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
 
 # install systemd scripts
-install -D -p -m 0644 engine/contrib/init/systemd/docker.service ${RPM_BUILD_ROOT}%{_unitdir}/docker.service
-install -D -p -m 0644 engine/contrib/init/systemd/docker.socket ${RPM_BUILD_ROOT}%{_unitdir}/docker.socket
-
-# install manpages
-make -C ${RPM_BUILD_DIR}/src/engine/man DESTDIR=${RPM_BUILD_ROOT} mandir=%{_mandir} install
-
-# create the config directory
-mkdir -p ${RPM_BUILD_ROOT}/etc/docker
+install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service
+install -D -m 0644 %{_topdir}/SOURCES/docker.socket $RPM_BUILD_ROOT/%{_unitdir}/docker.socket
 
 %files
-%{_bindir}/dockerd
-%{_bindir}/docker-proxy
-%{_libexecdir}/docker/docker-init
-%{_unitdir}/docker.service
-%{_unitdir}/docker.socket
-%{_mandir}/man*/*
-%dir /etc/docker
+/%{_bindir}/dockerd
+/%{_bindir}/docker-proxy
+/%{_bindir}/docker-init
+/%{_unitdir}/docker.service
+/%{_unitdir}/docker.socket
 
 %post
 %systemd_post docker.service
@@ -119,7 +123,7 @@ if ! getent group docker > /dev/null; then
 fi
 
 %preun
-%systemd_preun docker.service docker.socket
+%systemd_preun docker.service
 
 %postun
 %systemd_postun_with_restart docker.service

rpm/SPECS/docker-compose-plugin.spec

@@ -1,57 +0,0 @@
-%global debug_package %{nil}
-
-Name: docker-compose-plugin
-Version: %{_compose_rpm_version}
-Release: %{_release}%{?dist}
-Epoch: 0
-Source0: compose.tgz
-Summary: Docker Compose (V2) plugin for the Docker CLI
-Group: Tools/Docker
-License: Apache-2.0
-URL: https://github.com/docker/compose/
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-Enhances: docker-ce-cli
-Recommends: docker-buildx-plugin
-
-BuildRequires: bash
-
-%description
-Docker Compose (V2) plugin for the Docker CLI.
-
-This plugin provides the 'docker compose' subcommand.
-
-The binary can also be run standalone as a direct replacement for
-Docker Compose V1 ('docker-compose').
-
-%prep
-%setup -q -c -n src -a 0
-
-%build
-make -C ${RPM_BUILD_DIR}/src/compose VERSION=%{_compose_version} DESTDIR=./bin build
-
-%check
-ver="$(${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-compose docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
-    test "$ver" = "%{_compose_version}" && echo "PASS: docker-compose version OK" || (echo "FAIL: docker-compose version ($ver) did not match" && exit 1)
-
-%install
-install -D -p -m 0755 ${RPM_BUILD_DIR}/src/compose/bin/docker-compose ${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-compose
-
-for f in LICENSE MAINTAINERS NOTICE README.md; do
-    install -D -p -m 0644 "${RPM_BUILD_DIR}/src/compose/$f" "docker-compose-plugin-docs/$f"
-done
-
-%files
-%doc docker-compose-plugin-docs/*
-%license docker-compose-plugin-docs/LICENSE
-%license docker-compose-plugin-docs/NOTICE
-%{_libexecdir}/docker/cli-plugins/docker-compose
-
-%post
-
-%preun
-
-%postun
-
-%changelog

rpm/SPECS/docker-model-plugin.spec

@@ -1,52 +0,0 @@
-%global debug_package %{nil}
-
-Name: docker-model-plugin
-Version: %{_model_rpm_version}
-Release: %{_release}%{?dist}
-Epoch: 0
-Source0: model.tgz
-Summary: Docker Model Runner plugin for the Docker CLI
-Group: Tools/Docker
-License: Apache-2.0
-URL: https://docs.docker.com/model-runner/
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-Enhances: docker-ce-cli
-
-BuildRequires: bash
-
-%description
-Docker Model Runner plugin for the Docker CLI.
-
-This plugin provides the 'docker model' subcommand.
-
-%prep
-%setup -q -c -n src -a 0
-
-%build
-GO111MODULE=on make -C ${RPM_BUILD_DIR}/src/model VERSION=%{_model_version} ce-release
-
-%check
-ver="$(${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-model docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
-    test "$ver" = "%{_model_version}" && echo "PASS: docker-model version OK" || (echo "FAIL: docker-model version ($ver) did not match" && exit 1)
-
-%install
-install -D -p -m 0755 ${RPM_BUILD_DIR}/src/model/dist/docker-model ${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-model
-
-for f in LICENSE; do
-    install -D -p -m 0644 "${RPM_BUILD_DIR}/src/model/$f" "docker-model-plugin-docs/$f"
-done
-
-%files
-%doc docker-model-plugin-docs/*
-%license docker-model-plugin-docs/LICENSE
-%{_libexecdir}/docker/cli-plugins/docker-model
-
-%post
-
-%preun
-
-%postun
-
-%changelog

rpm/centos-10/Dockerfile

@@ -1,35 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=centos
-ARG SUITE=10
-ARG BUILD_IMAGE=quay.io/centos/${DISTRO}:stream${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-ENV AUTO_GOPATH=1
-ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
-ARG DISTRO
-ARG SUITE
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-
-# RHEL8 / CentOS 8 changed behavior and no longer "rpm --import" or
-# "rpmkeys --import"as part of rpm package's %post scriplet. See
-# https://forums.centos.org/viewtopic.php?f=54&t=72574, and
-# https://access.redhat.com/solutions/3720351
-RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
-RUN dnf install -y rpm-build dnf-plugins-core
-RUN dnf config-manager --set-enabled crb
-
-COPY --link SPECS /root/rpmbuild/SPECS
-RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
-COPY --link --from=golang /usr/local/go /usr/local/go
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/centos-7/Dockerfile

@@ -0,0 +1,29 @@
+ARG GO_IMAGE
+ARG DISTRO=centos
+ARG SUITE=7
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+# In aarch64 (arm64) images, the altarch repo is specified as repository, but
+# failing, so replace the URL.
+RUN if [ -f /etc/yum.repos.d/CentOS-Sources.repo ]; then sed -i 's/altarch/centos/g' /etc/yum.repos.d/CentOS-Sources.repo; fi
+RUN yum install -y rpm-build rpmlint
+COPY SPECS /root/rpmbuild/SPECS
+RUN yum-builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/centos-8/Dockerfile

@@ -0,0 +1,30 @@
+ARG GO_IMAGE
+ARG DISTRO=centos
+ARG SUITE=8
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS exclude_graphdriver_btrfs seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+# In aarch64 (arm64) images, the altarch repo is specified as repository, but
+# failing, so replace the URL.
+RUN if [ -f /etc/yum.repos.d/CentOS-Sources.repo ]; then sed -i 's/altarch/centos/g' /etc/yum.repos.d/CentOS-Sources.repo; fi
+RUN yum install -y rpm-build rpmlint yum-utils
+RUN yum-config-manager --set-enabled PowerTools
+COPY SPECS /root/rpmbuild/SPECS
+RUN yum-builddep --define '_without_btrfs 1' -y /root/rpmbuild/SPECS/*.spec
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/centos-9/Dockerfile

@@ -1,35 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=centos
-ARG SUITE=9
-ARG BUILD_IMAGE=quay.io/centos/${DISTRO}:stream${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-ENV AUTO_GOPATH=1
-ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
-ARG DISTRO
-ARG SUITE
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-
-# RHEL8 / CentOS 8 changed behavior and no longer "rpm --import" or
-# "rpmkeys --import"as part of rpm package's %post scriplet. See
-# https://forums.centos.org/viewtopic.php?f=54&t=72574, and
-# https://access.redhat.com/solutions/3720351
-RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
-RUN dnf install -y rpm-build dnf-plugins-core
-RUN dnf config-manager --set-enabled crb
-
-COPY --link SPECS /root/rpmbuild/SPECS
-RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
-COPY --link --from=golang /usr/local/go /usr/local/go
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-31/Dockerfile

@@ -0,0 +1,25 @@
+ARG GO_IMAGE
+ARG DISTRO=fedora
+ARG SUITE=31
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+RUN dnf install -y rpm-build rpmlint dnf-plugins-core
+COPY SPECS /root/rpmbuild/SPECS
+RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-32/Dockerfile

@@ -0,0 +1,25 @@
+ARG GO_IMAGE
+ARG DISTRO=fedora
+ARG SUITE=32
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+RUN dnf install -y rpm-build rpmlint dnf-plugins-core
+COPY SPECS /root/rpmbuild/SPECS
+RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-41/Dockerfile

@@ -1,50 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=fedora
-ARG SUITE=41
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-ENV AUTO_GOPATH=1
-ARG DISTRO
-ARG SUITE
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-RUN dnf install -y rpm-build dnf-plugins-core
-# FIXME(thaJeztah): workaround for building on Fedora 41 on arm64
-#
-# This is the equivalent of https://github.com/docker/containerd-packaging/pull/390
-# for containerd packages, but unlike for containerd packages, we currently do
-# not run into this issue when building docker-ce packages. We're installing
-# this as a precaution, but perhaps it's not needed.
-#
-# go1.21 and up have a patch that enforces the use of ld.gold to work around
-# a bug in GNU binutils. See;
-# - https://github.com/golang/go/issues/22040.
-# - https://github.com/golang/go/commit/cd77738198ffe0c4a1db58352c89f9b2d2a4e85e
-#
-# Fedora 41 and up has a fixed version of binutils, and no longer requires that
-# patch, but may fail without ld.gold installed;
-#
-#   /usr/bin/gcc -Wl,-z,now -Wl,-z,nocopyreloc -fuse-ld=gold -o $WORK/b001/exe/a.out -rdynamic /tmp/go-link-1738353519/go.o /tmp/go-link-1738353519/000000.o /tmp/go-link-1738353519/000001.o /tmp/go-link-1738353519/000002.o /tmp/go-link-1738353519/000003.o /tmp/go-link-1738353519/000004.o /tmp/go-link-1738353519/000005.o /tmp/go-link-1738353519/000006.o /tmp/go-link-1738353519/000007.o /tmp/go-link-1738353519/000008.o /tmp/go-link-1738353519/000009.o /tmp/go-link-1738353519/000010.o /tmp/go-link-1738353519/000011.o /tmp/go-link-1738353519/000012.o /tmp/go-link-1738353519/000013.o /tmp/go-link-1738353519/000014.o /tmp/go-link-1738353519/000015.o /tmp/go-link-1738353519/000016.o /tmp/go-link-1738353519/000017.o /tmp/go-link-1738353519/000018.o /tmp/go-link-1738353519/000019.o /tmp/go-link-1738353519/000020.o /tmp/go-link-1738353519/000021.o /tmp/go-link-1738353519/000022.o /tmp/go-link-1738353519/000023.o /tmp/go-link-1738353519/000024.o -O2 -g -lresolv -O2 -g -lpthread -O2 -g -ldl -O2 -g
-#   collect2: fatal error: cannot find 'ld'
-#
-# Fedora's build of Go carries a patch for that, but it's not (yet) in upstream;
-# - https://src.fedoraproject.org/rpms/golang/blob/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77/f/0006-Default-to-ld.bfd-on-ARM64.patch
-# - https://src.fedoraproject.org/rpms/golang/c/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77?branch=rawhide
-#
-# As a workaround; install binutils-gold
-RUN if [ "$(arch)" = 'aarch64' ]; then dnf -y install binutils-gold; fi
-COPY --link SPECS /root/rpmbuild/SPECS
-RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
-COPY --link --from=golang /usr/local/go /usr/local/go
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-42/Dockerfile

@@ -1,51 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=fedora
-ARG SUITE=42
-ARG BUILD_IMAGE=${DISTRO}:${SUITE}
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE}
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-ENV AUTO_GOPATH=1
-ARG DISTRO
-ARG SUITE
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-RUN dnf install -y rpm-build dnf-plugins-core
-# FIXME(thaJeztah): workaround for building on Fedora 41 and up on arm64
-#
-# This is the equivalent of https://github.com/docker/containerd-packaging/pull/390
-# for containerd packages, but unlike for containerd packages, we currently do
-# not run into this issue when building docker-ce packages. We're installing
-# this as a precaution, but perhaps it's not needed.
-#
-# go1.21 and up have a patch that enforces the use of ld.gold to work around
-# a bug in GNU binutils. See;
-# - https://github.com/golang/go/issues/22040.
-# - https://github.com/golang/go/commit/cd77738198ffe0c4a1db58352c89f9b2d2a4e85e
-#
-# Fedora 41 and up has a fixed version of binutils, and no longer requires that
-# patch, but may fail without ld.gold installed;
-#
-#   /usr/bin/gcc -Wl,-z,now -Wl,-z,nocopyreloc -fuse-ld=gold -o $WORK/b001/exe/a.out -rdynamic /tmp/go-link-1738353519/go.o /tmp/go-link-1738353519/000000.o /tmp/go-link-1738353519/000001.o /tmp/go-link-1738353519/000002.o /tmp/go-link-1738353519/000003.o /tmp/go-link-1738353519/000004.o /tmp/go-link-1738353519/000005.o /tmp/go-link-1738353519/000006.o /tmp/go-link-1738353519/000007.o /tmp/go-link-1738353519/000008.o /tmp/go-link-1738353519/000009.o /tmp/go-link-1738353519/000010.o /tmp/go-link-1738353519/000011.o /tmp/go-link-1738353519/000012.o /tmp/go-link-1738353519/000013.o /tmp/go-link-1738353519/000014.o /tmp/go-link-1738353519/000015.o /tmp/go-link-1738353519/000016.o /tmp/go-link-1738353519/000017.o /tmp/go-link-1738353519/000018.o /tmp/go-link-1738353519/000019.o /tmp/go-link-1738353519/000020.o /tmp/go-link-1738353519/000021.o /tmp/go-link-1738353519/000022.o /tmp/go-link-1738353519/000023.o /tmp/go-link-1738353519/000024.o -O2 -g -lresolv -O2 -g -lpthread -O2 -g -ldl -O2 -g
-#   collect2: fatal error: cannot find 'ld'
-#
-# Fedora's build of Go carries a patch for that, but it's not (yet) in upstream;
-# - https://src.fedoraproject.org/rpms/golang/blob/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77/f/0006-Default-to-ld.bfd-on-ARM64.patch
-# - https://src.fedoraproject.org/rpms/golang/c/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77?branch=rawhide
-#
-# As a workaround; install binutils-gold
-RUN if [ "$(rpm --query --queryformat='%{ARCH}' rpm)" = 'aarch64' ] && ! command -v ld.gold; then dnf -y install binutils-gold; fi
-
-COPY --link SPECS /root/rpmbuild/SPECS
-RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
-COPY --link --from=golang /usr/local/go /usr/local/go
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/gen-rpm-ver

@@ -1,115 +1,68 @@
 #!/usr/bin/env bash
 
-REPO_DIR="$1"
-VERSION="$2"
+ENGINE_DIR=$1
+VERSION=$2
 
-if [ -z "$REPO_DIR" ] || [ -z "$VERSION" ]; then
-	# shellcheck disable=SC2016
-	echo 'usage: ./gen-rpm-ver ${REPO_DIR} ${VERSION}'
-	exit 1
+[[ $# < 2 ]] && echo 'not enough args' && exit 1
+
+DATE_COMMAND="date"
+if [[ $(uname) == "Darwin" ]]; then
+    DATE_COMMAND="docker run --rm alpine date"
 fi
 
-GIT_COMMAND="git -C $REPO_DIR"
+GIT_COMMAND="git -C $ENGINE_DIR"
 origVersion="$VERSION"
-rpmVersion="${VERSION#v}"
+rpmVersion="$VERSION"
+rpmRelease=3
 
-# rpm "Release:" field ($rpmRelease) is used to set the "_release" macro, which
-# is an incremental number for builds of the same release (Version: / #rpmVersion).
-#
-# This field can be:
-#
-# - Version: 0   : Package was built, but no matching upstream release (e.g., can be used for "nightly" builds)
-# - Version: 1   : Package was built for an upstream (pre)release version
-# - Version: > 1 : Only to be used for packaging-only changes (new package built for a version for which a package was already built/released)
-#
-# For details, see the Fedora packaging guide:
-# https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_complex_versioning_with_a_reasonable_upstream
-#
-# Note that older versions of the rpm spec allowed more traditional information
-# in this field, which is still allowed, but considered deprecated; see
-# https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_complex_versioning_with_a_reasonable_upstream
-#
-# In our case, this means that all releases, except for "nightly" builds should
-# use "Version: 1". Only in an exceptional case, where we need to publish a new
-# package (build) for an existing release, "Version: 2" should be used; this script
-# does not currently account for that situation.
-#
-# Assuming all tagged version of rpmRelease correspond with an upstream release,
-# this means that versioning is as follows:
-#
-# Docker 23.0.0:         version=23.0.0, release=1
-# Docker 23.0.0-alpha.1: version=23.0.0, release=1
-# Docker 23.0.0-beta.1:  version=23.0.0, release=1
-# Docker 23.0.0-rc.1:    version=23.0.0, release=1
-# Docker 23.0.0-dev:     version=0.0.0~YYYYMMDDHHMMSS.gitHASH, release=0
-rpmRelease=1
+# rpmRelease versioning is as follows
+# Docker 18.01.0-ce:  version=18.01.0.ce, release=3
+# Docker 18.01.0-ce-tp1: version=18.01.0.ce, release=0.1.tp1
+# Docker 18.01.0-ce-beta1: version=18.01.0.ce, release=1.1.beta1
+# Docker 18.01.0-ce-rc1: version=18.01.0.ce, release=2.1.rc1
+# Docker 18.01.0-ce-cs1: version=18.01.0.ce.cs1, release=1
+# Docker 18.01.0-ce-cs1-rc1: version=18.01.0.ce.cs1, release=0.1.rc1
+# Docker 18.01.0-ce-dev nightly: version=18.01.0.ce, release=0.0.YYYYMMDD.HHMMSS.gitHASH
 
-# rpm packages require a tilde (~) instead of a hyphen (-) as separator between
-# the version # and pre-release suffixes, otherwise pre-releases are sorted AFTER
-# non-pre-release versions, which would prevent users from updating from a pre-
-# release version to the "ga" version.
-#
-# For details, see the Fedora packaging guide:
-# https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_handling_non_sorting_versions_with_tilde_dot_and_caret
-#
-# > The tilde symbol (‘~’) is used before a version component which must sort
-# > earlier than any non-tilde component. It is used for any pre-release versions
-# > which wouldn’t otherwise sort appropriately.
-# >
-# > For example, with upstream releases 0.4.0, 0.4.1, 0.5.0-rc1, 0.5.0-rc2, 0.5.0,
-# > the two "release candidates" should use 0.5.0~rc1 and 0.5.0~rc2 in the Version:
-# > field. Bugfix or "patchlevel" releases that some upstream make should be handled
-# > using simple versioning. The separator used by upstream may need to be replaced
-# > by a dot or dropped.
-# >
-# > For example, if the same upstream released 0.5.0-post1 as a bugfix version,
-# > this "post-release" should use 0.5.0.post1 in the Version: field. Note that
-# > 0.5.0.post1 sorts lower than both 0.5.1 and 0.5.0.1.
-#
-# The code below replaces hyphens with tildes. Note that an intermediate $tilde
-# variable is needed to make this work on all versions of Bash. In some versions
-# of Bash, the tilde would be substituted with $HOME (even when escaped (\~) or
-# quoted ('~').
-tilde='~'
-rpmVersion="${rpmVersion//-/$tilde}"
+if [[ "$rpmVersion" =~ .*-tp[0-9]+$ ]]; then
+    tpVersion=${rpmVersion#*-tp}
+    rpmVersion=${rpmVersion%-tp*}
+    rpmRelease="0.${tpVersion}.tp${tpVersion}"
+elif [[ "$rpmVersion" =~ .*-beta[0-9]+$ ]]; then
+    betaVersion=${rpmVersion#*-beta}
+    rpmVersion=${rpmVersion%-beta*}
+    rpmRelease="1.${betaVersion}.beta${betaVersion}"
+elif [[ "$rpmVersion" =~ .*-rc[0-9]+$ ]]; then
+    rcVersion=${rpmVersion#*-rc}
+    rpmVersion=${rpmVersion%-rc*}
+    rpmRelease="2.${rcVersion}.rc${rcVersion}"
+fi
 
 DOCKER_GITCOMMIT=$($GIT_COMMAND rev-parse --short HEAD)
 if [ -n "$($GIT_COMMAND status --porcelain --untracked-files=no)" ]; then
-	DOCKER_GITCOMMIT="$DOCKER_GITCOMMIT-unsupported"
+    DOCKER_GITCOMMIT="$DOCKER_GITCOMMIT-unsupported"
 fi
 
-# if we have a "-dev" suffix or have change in Git, this is a nightly build, and
-# we'll create a pseudo version based on commit-date and -sha.
-if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
-	export TZ=UTC
-
-	# based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
-	#
-	# using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
-	# where the time is the commit time in UTC and the final suffix is the prefix
-	# of the commit hash. The time portion ensures that two pseudo-versions can
-	# be compared to determine which happened later, the commit hash identifes
-	# the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
-	# as a pre-release before version v0.0.0, so that the go command prefers any
-	# tagged release over any pseudo-version.
-	gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
-
-	if [ "$(uname)" = "Darwin" ]; then
-		# Using BSD date (macOS), which doesn't support the --date option
-		# date -jf "<input format>" "<input value>" +"<output format>" (https://unix.stackexchange.com/a/86510)
-		gitDate="$(TZ=UTC date -u -jf "%s" "$gitUnix" +'%Y%m%d%H%M%S')"
-	else
-		# Using GNU date (Linux)
-		gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
-	fi
-
-	gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
-	# generated version is now something like '0.0.0-20180719213702-cd5e2db'
-	origVersion="0.0.0-${gitDate}-${gitCommit}" # (using hyphens)
-	rpmVersion="0.0.0~${gitDate}.${gitCommit}"  # (using tilde and periods)
-	rpmRelease=0
+# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
+if [[ "$rpmVersion" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
+    # based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+    #
+    # using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
+    # where the time is the commit time in UTC and the final suffix is the prefix
+    # of the commit hash. The time portion ensures that two pseudo-versions can
+    # be compared to determine which happened later, the commit hash identifes
+    # the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+    # as a pre-release before version v0.0.0, so that the go command prefers any
+    # tagged release over any pseudo-version.
+    gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+    gitDate="$($DATE_COMMAND --utc --date "@$gitUnix" +'%Y%m%d%H%M%S')"
+    gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
+    # rpmVersion is now something like '0.0.0-20180719213702-cd5e2db'
+    rpmVersion="0.0.0-${gitDate}-${gitCommit}"
+    rpmRelease="0"
+    origVersion=$rpmVersion
 fi
 
-# Replace any remaining dashes with periods
+# Replace any other dashes with periods
 rpmVersion="${rpmVersion//-/.}"
-echo "$rpmVersion $rpmRelease $DOCKER_GITCOMMIT $origVersion"
+echo $rpmVersion $rpmRelease $DOCKER_GITCOMMIT $origVersion

rpm/rhel-7/Dockerfile

@@ -0,0 +1,30 @@
+ARG GO_IMAGE
+ARG DISTRO=rhel
+ARG SUITE=7
+ARG BUILD_IMAGE=dockereng/${DISTRO}:${SUITE}-s390x
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=direct
+ENV GO111MODULE=off
+ENV GOPATH=/go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV CC=gcc
+
+# In aarch64 (arm64) images, the altarch repo is specified as repository, but
+# failing, so replace the URL.
+RUN if [ -f /etc/yum.repos.d/CentOS-Sources.repo ]; then sed -i 's/altarch/centos/g' /etc/yum.repos.d/CentOS-Sources.repo; fi
+RUN yum install -y rpm-build rpmlint
+COPY SPECS /root/rpmbuild/SPECS
+RUN yum-builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/rhel-8/Dockerfile

@@ -1,45 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=rhel
-ARG SUITE=8
-ARG BUILD_IMAGE=registry.access.redhat.com/ubi8/ubi
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE} AS subscribed-image
-RUN --mount=type=secret,id=rh-user --mount=type=secret,id=rh-pass <<-EOT
-	rm -f /etc/rhsm-host
-
-	if [ ! -f /run/secrets/rh-user ] || [ ! -f /run/secrets/rh-pass ]; then
-		echo "Either RH_USER or RH_PASS is not set. Running build without subscription."
-	else
-		subscription-manager register \
-			--username="$(cat /run/secrets/rh-user)" \
-			--password="$(cat /run/secrets/rh-pass)"
-
-		subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms
-		# dnf config-manager --set-enabled codeready-builder-for-rhel-8-$(arch)-rpms
-	fi
-EOT
-
-FROM subscribed-image
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-ENV AUTO_GOPATH=1
-ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
-ARG DISTRO
-ARG SUITE
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-
-RUN dnf install -y rpm-build
-COPY --link SPECS /root/rpmbuild/SPECS
-RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
-COPY --link --from=golang /usr/local/go /usr/local/go
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/rhel-9/Dockerfile

@@ -1,45 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_IMAGE=golang:latest
-ARG DISTRO=rhel
-ARG SUITE=9
-ARG BUILD_IMAGE=registry.access.redhat.com/ubi9/ubi
-
-FROM ${GO_IMAGE} AS golang
-
-FROM ${BUILD_IMAGE} AS subscribed-image
-RUN --mount=type=secret,id=rh-user --mount=type=secret,id=rh-pass <<-EOT
-	rm -f /etc/rhsm-host
-
-	if [ ! -f /run/secrets/rh-user ] || [ ! -f /run/secrets/rh-pass ]; then
-		echo "Either RH_USER or RH_PASS is not set. Running build without subscription."
-	else
-		subscription-manager register \
-			--username="$(cat /run/secrets/rh-user)" \
-			--password="$(cat /run/secrets/rh-pass)"
-
-		subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
-		# dnf config-manager --set-enabled codeready-builder-for-rhel-9-$(arch)-rpms
-	fi
-EOT
-
-FROM subscribed-image
-
-ENV GOPROXY=https://proxy.golang.org|direct
-ENV GO111MODULE=on
-ENV GOPATH=/go
-ENV GOTOOLCHAIN=local
-ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-ENV AUTO_GOPATH=1
-ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
-ARG DISTRO
-ARG SUITE
-ENV DISTRO=${DISTRO}
-ENV SUITE=${SUITE}
-
-RUN dnf install -y rpm-build
-COPY --link SPECS /root/rpmbuild/SPECS
-RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
-COPY --link --from=golang /usr/local/go /usr/local/go
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

scripts/checkout.sh

@@ -1,39 +0,0 @@
-#!/usr/bin/env sh
-
-#   Copyright 2018-2020 Docker Inc.
-
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-
-#       http://www.apache.org/licenses/LICENSE-2.0
-
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
-
-checkout() (
-	set -ex
-	SRC="$1"
-	REF="$2"
-	REF_FETCH="$REF"
-	# if ref is branch or tag, retrieve its canonical form
-	REF=$(git -C "$SRC" ls-remote --refs --heads --tags origin "$REF" | awk '{print $2}')
-	if [ -n "$REF" ]; then
-		# if branch or tag then create it locally too
-		REF_FETCH="$REF:$REF"
-	else
-		REF="FETCH_HEAD"
-	fi
-	git -C "$SRC" fetch --update-head-ok --depth 1 origin "$REF_FETCH"
-	git -C "$SRC" checkout -q "$REF"
-)
-
-
-# Only execute checkout function above if this file is executed, not sourced from another script
-prog=checkout.sh # needs to be in sync with this file's name
-if [ "$(basename -- $0)" = "$prog" ]; then
-	checkout $*
-fi

static/Makefile

@@ -1,31 +1,14 @@
 include ../common.mk
 
-CLI_DIR=$(realpath $(CURDIR)/../src/github.com/docker/cli)
-ENGINE_DIR=$(realpath $(CURDIR)/../src/github.com/docker/docker)
-BUILDX_DIR=$(realpath $(CURDIR)/../src/github.com/docker/buildx)
-
-ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD)
-
-GEN_STATIC_VER=$(shell ./gen-static-ver $(CLI_DIR) $(VERSION))
+CLI_DIR:=$(realpath $(CURDIR)/../../cli)
+ENGINE_DIR:=$(realpath $(CURDIR)/../../engine)
+STATIC_VERSION:=$(shell ./gen-static-ver $(ENGINE_DIR) $(VERSION))
+CHOWN=docker run --rm -v $(CURDIR):/v -w /v alpine chown
 HASH_CMD=docker run -v $(CURDIR):/sum -w /sum debian:jessie bash hash_files
 DIR_TO_HASH:=build/linux
+GO_VERSION=$(shell grep "ARG GO_VERSION" $(CLI_DIR)/dockerfiles/Dockerfile.dev | awk -F'=' '{print $$2}')
 DOCKER_CLI_GOLANG_IMG=golang:$(GO_VERSION)
 
-DOCKER_BUILD_OPTS=
-
-ifneq ($(strip $(CONTAINERD_VERSION)),)
-# Set custom build-args to override the containerd version to build for static
-# packages.
-DOCKER_BUILD_OPTS +=--build-arg=CONTAINERD_VERSION=$(CONTAINERD_VERSION)
-endif
-
-ifneq ($(strip $(RUNC_VERSION)),)
-# Set custom build-args to override the runc version to build for static packages.
-DOCKER_BUILD_OPTS +=--build-arg=RUNC_VERSION=$(RUNC_VERSION)
-endif
-
-ENGINE_BUILD_OPTS=--build-arg VERSION=$(GEN_STATIC_VER) --build-arg DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) --build-arg DEFAULT_PRODUCT_LICENSE --build-arg PACKAGER_NAME --build-arg PLATFORM $(DOCKER_BUILD_OPTS)
-
 .PHONY: help
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
@@ -34,82 +17,88 @@ help: ## show make targets
 clean: ## remove build artifacts
 	[ ! -d build ] || $(CHOWN) -R $(shell id -u):$(shell id -g) build
 	$(RM) -r build
-	-docker builder prune -f --filter until=24h
 
 .PHONY: static
 static: static-linux cross-mac cross-win cross-arm ## create all static packages
 
 .PHONY: static-linux
-static-linux: static-cli static-engine static-buildx-plugin ## create tgz
+static-linux: static-cli static-engine ## create tgz with linux x86_64 client and server
 	mkdir -p build/linux/docker
 	cp $(CLI_DIR)/build/docker build/linux/docker/
-	for f in dockerd containerd ctr containerd-shim containerd-shim-runc-v2 docker-init docker-proxy runc; do \
-		cp -L $(ENGINE_DIR)/bundles/binary/$$f build/linux/docker/$$f; \
+	for f in dockerd containerd ctr containerd-shim docker-init docker-proxy runc; do \
+		cp -L $(ENGINE_DIR)/bundles/binary-daemon/$$f build/linux/docker/$$f; \
 	done
-	tar -C build/linux -c -z -f build/linux/docker-$(GEN_STATIC_VER).tgz docker
+	tar -C build/linux -c -z -f build/linux/docker-$(STATIC_VERSION).tgz docker
 
 	# extra binaries for running rootless
 	mkdir -p build/linux/docker-rootless-extras
-	for f in rootlesskit dockerd-rootless.sh dockerd-rootless-setuptool.sh vpnkit; do \
-		if [ -f $(ENGINE_DIR)/bundles/binary/$$f ]; then \
-			cp -L $(ENGINE_DIR)/bundles/binary/$$f build/linux/docker-rootless-extras/$$f; \
+	for f in rootlesskit rootlesskit-docker-proxy dockerd-rootless.sh vpnkit; do \
+		if [ -f $(ENGINE_DIR)/bundles/binary-daemon/$$f ]; then \
+			cp -L $(ENGINE_DIR)/bundles/binary-daemon/$$f build/linux/docker-rootless-extras/$$f; \
 		fi \
 	done
-	tar -C build/linux -c -z -f build/linux/docker-rootless-extras-$(GEN_STATIC_VER).tgz docker-rootless-extras
-
-	# buildx
-	tar -C $(BUILDX_DIR)/bin -c -z -f build/linux/docker-buildx-plugin-$(DOCKER_BUILDX_REF:v%=%).tgz docker-buildx
+	tar -C build/linux -c -z -f build/linux/docker-rootless-extras-$(STATIC_VERSION).tgz docker-rootless-extras
 
 .PHONY: hash_files
 hash_files:
 	@echo "Hashing directory $(DIR_TO_HASH)"
 	$(HASH_CMD) "$(DIR_TO_HASH)"
 
-.PHONY: buildx
-buildx:
-	docker buildx inspect | grep -q 'Driver: docker-container' || docker buildx create --use
-
 .PHONY: cross-mac
-cross-mac: buildx
-	cd $(CLI_DIR) && VERSION=$(GEN_STATIC_VER) docker buildx bake --set binary.platform=darwin/amd64,darwin/arm64 binary
-	dest=$$PWD/build/mac; cd $(CLI_DIR)/build && for platform in *; do \
-		arch=$$(echo $$platform | cut -d_ -f2); \
-		mkdir -p $$dest/$$arch/docker; \
-		cp $$platform/docker-darwin-* $$dest/$$arch/docker/docker && \
-		tar -C $$dest/$$arch -c -z -f $$dest/$$arch/docker-$(GEN_STATIC_VER).tgz docker; \
-	done
+cross-mac: cross-all-cli cross-mac-plugins ## create tgz with darwin x86_64 client only
+	mkdir -p build/mac/docker
+	cp $(CLI_DIR)/build/docker-darwin-amd64 build/mac/docker/docker
+	tar -C build/mac -c -z -f build/mac/docker-$(STATIC_VERSION).tgz docker
 
 .PHONY: cross-win
-cross-win: cross-win-engine
-	cd $(CLI_DIR) && VERSION=$(GEN_STATIC_VER) docker buildx bake --set binary.platform=windows/amd64 binary
-	mkdir -p build/win/amd64/docker
-	cp $(CLI_DIR)/build/docker-windows-amd64.exe build/win/amd64/docker/docker.exe
-	cp $(ENGINE_DIR)/bundles/cross/win/dockerd.exe build/win/amd64/docker/dockerd.exe
-	docker run --rm -v $(CURDIR)/build/win/amd64:/v -w /v alpine sh -c 'apk update&&apk add zip&&zip -r docker-$(GEN_STATIC_VER).zip docker'
+cross-win: cross-all-cli cross-win-engine cross-win-plugins ## create zip file with windows x86_64 client and server
+	mkdir -p build/win/docker
+	cp $(CLI_DIR)/build/docker-windows-amd64 build/win/docker/docker.exe
+	cp $(ENGINE_DIR)/bundles/cross/windows/amd64/dockerd-$(STATIC_VERSION).exe build/win/docker/dockerd.exe
+	docker run --rm -v $(CURDIR)/build/win:/v -w /v alpine sh -c 'apk update&&apk add zip&&zip -r docker-$(STATIC_VERSION).zip docker'
 	$(CHOWN) -R $(shell id -u):$(shell id -g) build
 
 .PHONY: cross-arm
 cross-arm: cross-all-cli ## create tgz with linux armhf client only
 	mkdir -p build/arm/docker
 	cp $(CLI_DIR)/build/docker-linux-arm build/arm/docker/docker
-	tar -C build/arm -c -z -f build/arm/docker-$(GEN_STATIC_VER).tgz docker
+	tar -C build/arm -c -z -f build/arm/docker-$(STATIC_VERSION).tgz docker
 
 .PHONY: static-cli
 static-cli:
-	cd $(CLI_DIR) && VERSION=$(GEN_STATIC_VER) docker buildx bake --set binary.platform=$(TARGETPLATFORM) --set binary.args.CGO_ENABLED=$(CGO_ENABLED) binary
+	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(STATIC_VERSION) build
 
 .PHONY: static-engine
 static-engine:
-	cd $(ENGINE_DIR) && docker buildx build --target all $(ENGINE_BUILD_OPTS) --output "./bundles/binary" .
-
-.PHONY: static-buildx-plugin
-static-buildx-plugin:
-	cd $(BUILDX_DIR) && docker buildx bake --set binaries.platform=$(TARGETPLATFORM) binaries && mv ./bin/build/buildx ./bin/docker-buildx
+	$(MAKE) -C $(ENGINE_DIR) VERSION=$(STATIC_VERSION) binary
 
 .PHONY: cross-all-cli
 cross-all-cli:
-	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(GEN_STATIC_VER) cross
+	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(STATIC_VERSION) cross
 
 .PHONY: cross-win-engine
 cross-win-engine:
-	cd $(ENGINE_DIR) && docker buildx build --target binary $(ENGINE_BUILD_OPTS) --platform windows/amd64 --output "./bundles/cross/win" .
+	$(MAKE) -C $(ENGINE_DIR) VERSION=$(STATIC_VERSION) DOCKER_CROSSPLATFORMS=windows/amd64 cross
+
+BUILD_PLUGIN_RUN_VARS = --rm -i \
+	-e GOOS=$(SPOOF_GOOS) \
+	-v "$(CURDIR)/build/$(CLI_BUILD_DIR)/docker/cli-plugins":/out \
+	-v "$(CURDIR)/../plugins":/plugins:ro \
+	-v "$(CURDIR)/scripts/build-cli-plugins":/build:ro
+
+.PHONY: cross-mac-plugins
+cross-mac-plugins: SPOOF_GOOS := darwin
+cross-mac-plugins: CLI_BUILD_DIR := mac
+cross-mac-plugins:
+	mkdir -p build/$(CLI_BUILD_DIR)/docker
+	docker run $(BUILD_PLUGIN_RUN_VARS) $(DOCKER_CLI_GOLANG_IMG) /build
+	$(CHOWN) -R $(shell id -u):$(shell id -g) build
+
+.PHONY: cross-win-plugins
+cross-win-plugins: SPOOF_GOOS := windows
+cross-win-plugins: CLI_BUILD_DIR := win
+cross-win-plugins:
+	mkdir -p build/$(CLI_BUILD_DIR)/docker/cli-plugins
+	docker run $(BUILD_PLUGIN_RUN_VARS) $(DOCKER_CLI_GOLANG_IMG) /build
+	$(CHOWN) -R $(shell id -u):$(shell id -g) build
+	find build/$(CLI_BUILD_DIR)/docker -type f -not -name "*.exe" -exec mv {} {}.exe \;

static/gen-static-ver

@@ -1,46 +1,35 @@
 #!/usr/bin/env bash
 
-REPO_DIR="$1"
-VERSION="$2"
+ENGINE_DIR=$1
+VERSION=$2
 
-if [ -z "$REPO_DIR" ] || [ -z "$VERSION" ]; then
-	# shellcheck disable=SC2016
-	echo 'usage: ./gen-static-ver ${REPO_DIR} ${VERSION}'
-	exit 1
+if [ -z "$ENGINE_DIR" ] || [ -z "$VERSION" ]; then
+    echo 'usage: ./gen-static-ver ${ENGINE_DIR} ${VERSION}'
+    exit 1
 fi
 
-GIT_COMMAND="git -C $REPO_DIR"
+DATE_COMMAND="date"
+if [[ $(uname) == "Darwin" ]]; then
+    DATE_COMMAND="docker run --rm alpine date"
+fi
+GIT_COMMAND="git -C $ENGINE_DIR"
 
-staticVersion="${VERSION#v}"
-
-# if we have a "-dev" suffix or have change in Git, this is a nightly build, and
-# we'll create a pseudo version based on commit-date and -sha.
-if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
-	export TZ=UTC
-
-	# based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
-	#
-	# using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
-	# where the time is the commit time in UTC and the final suffix is the prefix
-	# of the commit hash. The time portion ensures that two pseudo-versions can
-	# be compared to determine which happened later, the commit hash identifes
-	# the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
-	# as a pre-release before version v0.0.0, so that the go command prefers any
-	# tagged release over any pseudo-version.
-	gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
-
-	if [ "$(uname)" = "Darwin" ]; then
-		# Using BSD date (macOS), which doesn't support the --date option
-		# date -jf "<input format>" "<input value>" +"<output format>" (https://unix.stackexchange.com/a/86510)
-		gitDate="$(TZ=UTC date -u -jf "%s" "$gitUnix" +'%Y%m%d%H%M%S')"
-	else
-		# Using GNU date (Linux)
-		gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
-	fi
-
-	gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
-	# generated version is now something like '0.0.0-20180719213702-cd5e2db'
-	staticVersion="0.0.0-${gitDate}-${gitCommit}" # (using hyphens)
+staticVersion="$VERSION"
+if [[ "$VERSION" == *-dev ]]; then
+    # based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+    #
+    # using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
+    # where the time is the commit time in UTC and the final suffix is the prefix
+    # of the commit hash. The time portion ensures that two pseudo-versions can
+    # be compared to determine which happened later, the commit hash identifes
+    # the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+    # as a pre-release before version v0.0.0, so that the go command prefers any
+    # tagged release over any pseudo-version.
+    gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+    gitDate="$($DATE_COMMAND --utc --date "@$gitUnix" +'%Y%m%d%H%M%S')"
+    gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
+    # staticVersion is now something like '0.0.0-20180719213702-cd5e2db'
+    staticVersion="0.0.0-${gitDate}-${gitCommit}"
 fi
 
 echo "$staticVersion"

static/hash_files

@@ -5,7 +5,7 @@
 DIR_TO_LOOK_IN=${1:-build/linux}
 
 for f in $(find "$DIR_TO_LOOK_IN" -type f); do
-	for hash_algo in md5 sha256; do
-		"${hash_algo}sum" "$f" >"$f.$hash_algo"
-	done
+    for hash_algo in md5 sha256; do
+        "${hash_algo}sum" "$f" > "$f.$hash_algo"
+    done
 done

static/scripts/build-cli-plugins

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+set -e
+
+shopt -s globstar
+
+# /plugins should be volume mounted from root plugins dir
+# /out should also be volume mounted from static/out/
+for installer in /plugins/*.installer; do
+    bash "${installer}" build
+    DESTDIR='/out' PREFIX="/" bash "${installer}" install_plugin
+done

systemd/docker.service

@@ -0,0 +1,47 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+BindsTo=containerd.service
+After=network-online.target firewalld.service containerd.service
+Wants=network-online.target
+Requires=docker.socket
+
+[Service]
+Type=notify
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
+ExecReload=/bin/kill -s HUP $MAINPID
+TimeoutSec=0
+RestartSec=2
+Restart=always
+
+# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
+# Both the old, and new location are accepted by systemd 229 and up, so using the old location
+# to make them work for either version of systemd.
+StartLimitBurst=3
+
+# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
+# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
+# this option work for either version of systemd.
+StartLimitInterval=60s
+
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+
+# Comment TasksMax if your systemd version does not support it.
+# Only systemd 226 and above support this option.
+TasksMax=infinity
+
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
+
+# kill only the docker process, not all processes in the cgroup
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target

systemd/docker.socket

@@ -0,0 +1,12 @@
+[Unit]
+Description=Docker Socket for the API
+PartOf=docker.service
+
+[Socket]
+ListenStream=/var/run/docker.sock
+SocketMode=0660
+SocketUser=root
+SocketGroup=docker
+
+[Install]
+WantedBy=sockets.target

verify

@@ -1,149 +0,0 @@
-#!/usr/bin/env bash
-
-###
-# Script Name:  verify
-#
-# Description: This runs a smoke test to verify that the packages can be installed corrected
-###
-
-# build/${DIST_ID}/${DIST_VERSION}/${ARCH} - location of all packages
-# Manually Testing: docker run --rm -it -v $(pwd):/v -w /v "centos:7" ./verify
-
-set -e
-
-source install-containerd-helpers
-
-function verify() {
-	if dpkg --version >/dev/null 2>/dev/null; then
-		verify_deb
-	elif rpm --version >/dev/null 2>/dev/null; then
-		verify_rpm
-	else
-		echo "[ERROR] Unable to determine base os:"
-		cat /etc/os-release
-		exit 1
-	fi
-}
-
-function verify_binaries() {
-	docker --version
-	docker buildx version
-	docker compose version
-	docker model version
-	dockerd --version
-	docker-proxy --version
-	containerd --version
-	ctr --version
-	containerd-shim -v
-	containerd-shim-runc-v1 -v
-	containerd-shim-runc-v2 -v
-	runc --version
-}
-
-function verify_deb() {
-	# First install prerequisites for our script and dpkg and apt to run correctly.
-	# This list SHOULD NOT include dependencies of docker itself, otherwise we would
-	# not be able to verify that our packages specify all the required dependencies.
-	apt-get update
-	apt-get -y install --no-install-recommends \
-		apt-transport-https \
-		ca-certificates \
-		curl \
-		gnupg2 \
-		lsb-release
-
-	DIST_ID=$(source /etc/os-release; echo "$ID")
-	DIST_VERSION=$(lsb_release -sc)
-	if [ "${DIST_VERSION}" = "sid" ]; then
-		echo 'Debian sid ("unstable") cannot be used for packaging: replace with the actual codename'
-		exit 1
-	fi
-
-	install_debian_containerd
-
-	packages=$(find "deb/debbuild/${DIST_ID}-${DIST_VERSION}/" -type f -name "*.deb")
-	# All local packages need to be prefixed with `./` or else apt-get doesn't understand where to pull from
-	packages=$(echo "${packages}" | awk '$0="./"$0' | xargs)
-
-	(
-		set -x
-		# Install the locally built packages using 'dpkg' because installing with
-		# 'apt-get' would attempt to install dependency packages (such as the CLI)
-		# from download.docker.com instead of the locally built CLI package. Given
-		# that 'dpkg -i' does not install any dependency (but will fail if depen-
-		# dencies are missing), we use the '--ignore-depends' option to ignore
-		# packages we know to be missing at this stage, and '--force-depends' to
-		# only warn about any other missing dependency.
-		#
-		# shellcheck disable=SC2086
-		dpkg \
-			--ignore-depends=containerd.io,iptables,libdevmapper,libdevmapper1.02.1 \
-			--force-depends \
-			-i ${packages}
-
-		# After installing the local packages, we run 'apt-get install' with the
-		# '--fix-broken' option to trigger installation of the dependencies, which
-		# should succeed successfully. This step is to verify that not only the
-		# packages can be installed, but also that all dependencies (including
-		# containerd.io) can be resolved correctly for the distro that we built for,
-		# before going through the whole pipeline and publishing the packages.
-		#
-		# The '--no-upgrade' option is set to prevent apt from attempting to install
-		# packages from download(-stage).docker.com that we already installed using
-		# the local packages above. Without this, installing (e.g.) ./docker-ce-cli
-		# would result in apt installing "docker-ce" from the package repository and
-		# produce a "the following packages will be DOWNGRADED" error.
-		#
-		# shellcheck disable=SC2086
-		apt-get -y install --no-install-recommends --no-upgrade --fix-broken ${packages}
-	)
-
-	verify_binaries
-}
-
-function verify_rpm() {
-	DIST_ID=$(. /etc/os-release; echo "${ID}")
-	DIST_VERSION=$(. /etc/os-release; echo "${VERSION_ID}" | cut -d'.' -f1)
-
-	pkg_manager="yum"
-	pkg_config_manager="yum-config-manager"
-	if dnf --version; then
-		pkg_manager="dnf"
-		pkg_config_manager="dnf config-manager"
-		dnf clean all
-		${pkg_manager} install -y 'dnf-command(config-manager)'
-	fi
-
-	case ${DIST_ID}:${DIST_VERSION} in
-	ol:7*)
-		# Needed for container-selinux
-		${pkg_config_manager} --enable ol7_addons
-		;;
-	fedora*)
-		dnf install -y findutils
-		;;
-	esac
-
-	install_rpm_containerd
-
-	# find all rpm packages, exclude src package
-	echo "[DEBUG] Installing engine rpms"
-	packages=$(find "rpm/rpmbuild/${DIST_ID}-${DIST_VERSION}/RPMS/" -type f -name "*.rpm" | sed '/src/d')
-
-	# install all non-source packages
-	(
-		set -x
-		product_version=$(source /etc/os-release; echo "${REDHAT_SUPPORT_PRODUCT_VERSION:-}")
-		if [ "$product_version" = 'rawhide' ]; then
-				# force $releasever to account for Fedora pre-release images, as they
-				# may still be using "rawhide", which is not present on our package
-				# repositories on download.docker.com.
-				export DNF_VAR_releasever="$DIST_VERSION"
-		fi
-		${pkg_manager} install -y ${packages}
-	)
-
-	verify_binaries
-}
-
-verify