[19.03 backport] update Golang 1.12.12 (CVE-2019-17596) (#400 )

[19.03 backport] update Golang 1.12.12 (CVE-2019-17596)
Update Golang 1.12.12 (CVE-2019-17596)
2019-10-20 14:51:41 -07:00 · 2019-10-20 18:01:09 +02:00 · 2019-09-27 22:15:57 +00:00 · 2019-09-27 11:19:24 -07:00 · 2019-09-27 18:06:30 +00:00 · 2019-09-27 17:17:07 +02:00
81 changed files with 1690 additions and 2654 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -1,30 +0,0 @@
 <!--
 Please make sure you've read and understood our contributing guidelines;
 https://github.com/docker/cli/blob/master/CONTRIBUTING.md
 ** Make sure all your commits include a signature generated with `git commit -s` **
 For additional information on our contributing process, read our contributing
 guide https://docs.docker.com/opensource/code/
 If this is a bug fix, make sure your description includes "fixes #xxxx", or
 "closes #xxxx"
 Please provide the following information:
 -->
 **- What I did**
 **- Description for the changelog**
 <!--
 Write a short (one line) summary that describes the changes in this
 pull request for inclusion in the changelog.
 It must be placed inside the below triple backticks section.
 NOTE: Only fill this section if changes introduced in this PR are user-facing.
 The PR must have a relevant impact/ label.
 -->
 ```markdown changelog
 ```
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -1,58 +0,0 @@
 name: ci
 # Default to 'contents: read', which grants actions to read commits.
 #
 # If any permission is set, any permission not included in the list is
 # implicitly set to "none".
 #
 # see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
  contents: read
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  workflow_dispatch:
  push:
    branches:
      - 'master'
      - '[0-9]+.[0-9]{2}'
    tags:
      - 'v*'
  pull_request:
 jobs:
  generate-matrix:
    runs-on: ubuntu-24.04
    outputs:
      targets: ${{ steps.get-targets.outputs.targets }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Get targets
        id: get-targets
        run: |
          echo "targets=$(jq -c '[to_entries[] | .key as $distro | .value.arches[] | {distro: $distro, arch: .}]' distros.json)" >> $GITHUB_OUTPUT
  build:
    needs:
      - generate-matrix
    runs-on: ${{ matrix.target.arch != 'amd64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
    timeout-minutes: 60 # guardrails timeout for the whole job
    strategy:
      fail-fast: false
      matrix:
        target: ${{ fromJson(needs.generate-matrix.outputs.targets) }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Build
        run: |
          make ARCH=${{ matrix.target.arch }} ${{ matrix.target.distro }}
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,8 @@
 build
 debbuild
 rpmbuild
 tmp
 artifacts
 sources
 src
 *.tar
 image-linux*
--- a/.unir.yml
+++ b/.unir.yml
@ -1,10 +1,9 @@
 # The list of people who can trigger an auto-merge with approvals
 whitelist:
-  - andrewhsu
+    - seemethere
-  - silvin-lubecki
+    - andrewhsu
-  - StefanScherer
+    - jose-bigio
-  - thaJeztah
+    - corbin-coleman
  - zelahi
 # At least 2 approvals are needed for auto-merging
 approvals_needed: 2
--- a/183
+++ b/183
@ -1,131 +1,72 @@
 #!groovy
 def genBranch(String arch) {
 	return [
 		"${arch}": { ->
 			stage("Build engine image on ${arch}") {
 				wrappedNode(label: "linux&&${arch}", cleanWorkspace: true) {
 					try {
 						checkout scm
 						sh("git clone https://github.com/docker/engine.git engine")
 						sh('make ENGINE_DIR=$(pwd)/engine image')
 					} finally {
 						sh('make ENGINE_DIR=$(pwd)/engine clean-image clean-engine')
 					}
 				}
 		}
 	}]
 }
 def branch = env.CHANGE_TARGET ?: env.BRANCH_NAME
-def pkgs = [
+test_steps = [
-    [target: "centos-9",                 image: "quay.io/centos/centos:stream9",          arches: ["amd64", "aarch64"]],
+	'deb': { ->
-    [target: "centos-10",                image: "quay.io/centos/centos:stream10",         arches: ["amd64", "aarch64"]],          // CentOS Stream 10 (EOL: 2030)
+		stage('Ubuntu Xenial Debian Package') {
-    [target: "debian-bullseye",          image: "debian:bullseye",                        arches: ["amd64", "aarch64", "armhf"]], // Debian 11 (oldstable, EOL: 2024-08-14, EOL (LTS): 2026-08-31)
+			wrappedNode(label: 'ubuntu && x86_64', cleanWorkspace: true) {
-    [target: "debian-bookworm",          image: "debian:bookworm",                        arches: ["amd64", "aarch64", "armhf"]], // Debian 12 (stable, EOL: 2026-06-10, EOL (LTS): 2028-06-30)
+				checkout scm
-    [target: "debian-trixie",            image: "debian:trixie",                          arches: ["amd64", "aarch64", "armhf"]], // Debian 13 (testing)
+				sh('git clone https://github.com/docker/cli.git')
-    [target: "fedora-41",                image: "fedora:41",                              arches: ["amd64", "aarch64"]],          // EOL: November 19, 2025
+				sh("git -C cli checkout $branch")
-    [target: "fedora-42",                image: "fedora:42",                              arches: ["amd64", "aarch64"]],          // EOL: May 13, 2026
+				sh('git clone https://github.com/docker/engine.git')
-    [target: "raspbian-bullseye",        image: "balenalib/rpi-raspbian:bullseye",        arches: ["armhf"]],                     // Debian/Raspbian 11 (stable)
+				sh("git -C engine checkout $branch")
-    [target: "raspbian-bookworm",        image: "balenalib/rpi-raspbian:bookworm",        arches: ["armhf"]],                     // Debian/Raspbian 12 (next stable)
+				sh('make VERSION=0.0.1-dev DOCKER_BUILD_PKGS=ubuntu-xenial ENGINE_DIR=$(pwd)/engine CLI_DIR=$(pwd)/cli deb')
-    [target: "ubuntu-jammy",             image: "ubuntu:jammy",                           arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 22.04 LTS (End of support: June,  2027. EOL: April, 2032)
+			}
-    [target: "ubuntu-noble",             image: "ubuntu:noble",                           arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 24.04 LTS (End of support: June,  2029. EOL: April, 2034)
+		}
-    [target: "ubuntu-oracular",          image: "ubuntu:oracular",                        arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 24.10 (EOL: July, 2025)
+	},
-    [target: "ubuntu-plucky",            image: "ubuntu:plucky",                          arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 25.04 (EOL: January, 2026)
+	'rpm': { ->
 		stage('Centos 7 RPM Package') {
 			wrappedNode(label: 'ubuntu && x86_64', cleanWorkspace: true) {
 				checkout scm
 				sh('git clone https://github.com/docker/cli.git')
 				sh("git -C cli checkout $branch")
 				sh('git clone https://github.com/docker/engine.git')
 				sh("git -C engine checkout $branch")
 				sh('make VERSION=0.0.1-dev DOCKER_BUILD_PKGS=centos-7 ENGINE_DIR=$(pwd)/engine CLI_DIR=$(pwd)/cli rpm')
 			}
 		}
 	},
 	'static': { ->
 		stage('Static Linux Binaries') {
 			wrappedNode(label: 'ubuntu && x86_64', cleanWorkspace: true) {
 				checkout scm
 				sh('git clone https://github.com/docker/cli.git')
 				sh("git -C cli checkout $branch")
 				sh('git clone https://github.com/docker/engine.git')
 				sh("git -C engine checkout $branch")
 				sh('make VERSION=0.0.1-dev DOCKER_BUILD_PKGS=static-linux ENGINE_DIR=$(pwd)/engine CLI_DIR=$(pwd)/cli static')
 			}
 		}
 	},
 ]
-def genBuildStep(LinkedHashMap pkg, String arch) {
+arches = [
-    def nodeLabel = "linux&&${arch}"
+	"x86_64",
-    def platform = ""
+	"aarch64",
-    def branch = env.CHANGE_TARGET ?: env.BRANCH_NAME
+	"armhf"
    if (arch == 'armhf') {
        // Running armhf builds on EC2 requires --platform parameter
        // Otherwise it accidentally pulls armel images which then breaks the verify step
        platform = "--platform=linux/${arch}"
        nodeLabel = "${nodeLabel}&&ubuntu"
    } else {
        nodeLabel = "${nodeLabel}&&ubuntu-2204"
    }
    return { ->
        wrappedNode(label: nodeLabel, cleanWorkspace: true) {
            stage("${pkg.target}-${arch}") {
                // This is just a "dummy" stage to make the distro/arch visible
                // in Jenkins' BlueOcean view, which truncates names....
                sh 'echo starting...'
            }
            stage("info") {
                sh 'docker version'
                sh 'docker info'
            }
            stage("build") {
                checkout scm
                sh "make clean"
                sh "make REF=$branch ARCH=${arch} ${pkg.target}"
            }
            stage("verify") {
                sh "make IMAGE=${pkg.image} ARCH=${arch} verify"
            }
        }
    }
 }
 def build_package_steps = [
    'static-linux': { ->
        wrappedNode(label: 'ubuntu-2204 && x86_64', cleanWorkspace: true) {
            stage("static-linux") {
                // This is just a "dummy" stage to make the distro/arch visible
                // in Jenkins' BlueOcean view, which truncates names....
                sh 'echo starting...'
            }
            stage("info") {
                sh 'docker version'
                sh 'docker info'
            }
            stage("build") {
                try {
                    checkout scm
                    sh "make REF=$branch DOCKER_BUILD_PKGS='static-linux' static"
                } finally {
                    sh "make clean"
                }
            }
        }
    },
    'cross-mac': { ->
        wrappedNode(label: 'ubuntu-2204 && x86_64', cleanWorkspace: true) {
            stage("cross-mac") {
                // This is just a "dummy" stage to make the distro/arch visible
                // in Jenkins' BlueOcean view, which truncates names....
                sh 'echo starting...'
            }
            stage("info") {
                sh 'docker version'
                sh 'docker info'
            }
            stage("build") {
                try {
                    checkout scm
                    sh "make REF=$branch DOCKER_BUILD_PKGS='cross-mac' static"
                } finally {
                    sh "make clean"
                }
            }
        }
    },
    'cross-win': { ->
        wrappedNode(label: 'ubuntu-2204 && x86_64', cleanWorkspace: true) {
            stage("cross-win") {
                // This is just a "dummy" stage to make the distro/arch visible
                // in Jenkins' BlueOcean view, which truncates names....
                sh 'echo starting...'
            }
            stage("info") {
                sh 'docker version'
                sh 'docker info'
            }
            stage("build") {
                try {
                    checkout scm
                    sh "make REF=$branch DOCKER_BUILD_PKGS='cross-win' static"
                } finally {
                    sh "make clean"
                }
            }
        }
    },
 ]
-def genPackageSteps(opts) {
+arches.each {
-    return opts.arches.collectEntries {
+	test_steps << genBranch(it)
        ["${opts.image}-${it}": genBuildStep(opts, it)]
    }
 }
-build_package_steps << pkgs.collectEntries { genPackageSteps(it) }
+parallel(test_steps)
 parallel(build_package_steps)
--- a/191
+++ b/191
@ -1,191 +0,0 @@
                                 Apache License
                           Version 2.0, January 2004
                        https://www.apache.org/licenses/
   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
   1. Definitions.
      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.
      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.
      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.
      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.
      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.
      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.
      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).
      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.
      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."
      "Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by Licensor and
      subsequently incorporated within the Work.
   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.
   3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.
   4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:
      (a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and
      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and
      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and
      (d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.
      You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.
   5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.
   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.
   7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.
   8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.
   9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.
   END OF TERMS AND CONDITIONS
   Copyright 2013-2017 Docker, Inc.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       https://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
--- a/121
+++ b/121
@ -1,6 +1,8 @@
 include common.mk
-STATIC_VERSION=$(shell static/gen-static-ver $(realpath $(CURDIR)/src/github.com/docker/docker) $(VERSION))
+CLI_DIR:=$(realpath $(CURDIR)/../cli)
 ENGINE_DIR:=$(realpath $(CURDIR)/../engine)
 STATIC_VERSION:=$(shell static/gen-static-ver $(ENGINE_DIR) $(VERSION))
 # Taken from: https://www.cmcrossroads.com/article/printing-value-makefile-variable
 print-%  : ; @echo $($*)
@ -9,100 +11,53 @@ print-%  : ; @echo $($*)
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
-.PHONY: clean-src
+.PHONY: clean-engine
-clean-src:
+clean-engine:
-	[ ! -d src ] || $(CHOWN) -R $(shell id -u):$(shell id -g) src
+	rm -rf $(ENGINE_DIR)
 	$(RM) -r src
-.PHONY: src
+.PHONY: clean-image
-src: src/github.com/docker/cli src/github.com/docker/docker src/github.com/docker/buildx src/github.com/docker/compose src/github.com/docker/model-cli ## clone source
+clean-image:
 	$(MAKE) ENGINE_DIR=$(ENGINE_DIR) -C image clean
 ifdef CLI_DIR
 src/github.com/docker/cli:
 	mkdir -p "$(@D)"
 	cp -r "$(CLI_DIR)" $@
 else
 src/github.com/docker/cli:
 	git init $@
 	git -C $@ remote add origin "$(DOCKER_CLI_REPO)"
 endif
 ifdef ENGINE_DIR
 src/github.com/docker/docker:
 	mkdir -p "$(@D)"
 	cp -r "$(ENGINE_DIR)" $@
 else
 src/github.com/docker/docker:
 	git init $@
 	git -C $@ remote add origin "$(DOCKER_ENGINE_REPO)"
 endif
 src/github.com/docker/buildx:
 	git init $@
 	git -C $@ remote add origin "$(DOCKER_BUILDX_REPO)"
 src/github.com/docker/compose:
 	git init $@
 	git -C $@ remote add origin "$(DOCKER_COMPOSE_REPO)"
 src/github.com/docker/model-cli:
 	git init $@
 	git -C $@ remote add origin "$(DOCKER_MODEL_REPO)"
 .PHONY: checkout-cli
 checkout-cli: src/github.com/docker/cli
 	./scripts/checkout.sh src/github.com/docker/cli "$(DOCKER_CLI_REF)"
 .PHONY: checkout-docker
 checkout-docker: src/github.com/docker/docker
 	./scripts/checkout.sh src/github.com/docker/docker "$(DOCKER_ENGINE_REF)"
 .PHONY: checkout-buildx
 checkout-buildx: src/github.com/docker/buildx
 	./scripts/checkout.sh src/github.com/docker/buildx "$(DOCKER_BUILDX_REF)"
 .PHONY: checkout-compose
 checkout-compose: src/github.com/docker/compose
 	./scripts/checkout.sh src/github.com/docker/compose "$(DOCKER_COMPOSE_REF)"
 .PHONY: checkout-model
 checkout-model: src/github.com/docker/model-cli
 	./scripts/checkout.sh src/github.com/docker/model-cli "$(DOCKER_MODEL_REF)"
 .PHONY: checkout
 checkout: checkout-cli checkout-docker checkout-buildx checkout-compose checkout-model ## checkout source at the given reference(s)
 .PHONY: clean
-clean: clean-src ## remove build artifacts
+clean: clean-image ## remove build artifacts
 	$(MAKE) -C rpm clean
 	$(MAKE) -C deb clean
 	$(MAKE) -C static clean
-.PHONY: deb rpm
+.PHONY: rpm
-deb rpm: checkout ## build rpm/deb packages
+rpm: DOCKER_BUILD_PKGS:=$(shell find rpm -type d | grep ".*-.*" | sed 's/^rpm\///')
-	$(MAKE) -C $@ VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) $@
+rpm: ## build rpm packages
 	for p in $(DOCKER_BUILD_PKGS); do \
 		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) GO_VERSION=$(GO_VERSION) $${p}; \
 	done
-.PHONY: centos-% fedora-% rhel-%
+.PHONY: deb
-centos-% fedora-% rhel-%: checkout ## build rpm packages for the specified distro
+deb: DOCKER_BUILD_PKGS:=$(shell find deb -type d | grep ".*-.*" | sed 's/^deb\///')
-	$(MAKE) -C rpm VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) $@
+deb: ## build deb packages
-
+	for p in $(DOCKER_BUILD_PKGS); do \
-.PHONY: debian-% raspbian-% ubuntu-%
+		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) GO_VERSION=$(GO_VERSION) $${p}; \
-debian-% raspbian-% ubuntu-%: checkout ## build deb packages for the specified distro
+	done
 	$(MAKE) -C deb VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) $@
 .PHONY: static
 static: DOCKER_BUILD_PKGS:=static-linux cross-mac cross-win cross-arm
-static: checkout ## build static-compiled packages
+static: ## build static-compiled packages
 	for p in $(DOCKER_BUILD_PKGS); do \
-		$(MAKE) -C $@ VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) TARGETPLATFORM=$(TARGETPLATFORM) CONTAINERD_VERSION=$(CONTAINERD_VERSION) RUNC_VERSION=$(RUNC_VERSION) $${p}; \
+		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) GO_VERSION=$(GO_VERSION) $${p}; \
 	done
-.PHONY: verify
+# TODO - figure out multi-arch
-verify: ## verify installation of packages
+.PHONY: image
-# to verify using packages from staging, use: make VERIFY_PACKAGE_REPO=stage IMAGE=ubuntu:noble verify
+image: DOCKER_BUILD_PKGS:=image-linux
-	docker run $(VERIFY_PLATFORM) --rm -i \
+image: ## build static-compiled packages
-		-v "$$(pwd):/v" \
+	for p in $(DOCKER_BUILD_PKGS); do \
-		-e DEBIAN_FRONTEND=noninteractive \
+		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) GO_VERSION=$(GO_VERSION) $${p}; \
-		-e PACKAGE_REPO=$(VERIFY_PACKAGE_REPO) \
+	done
-		-w /v \
+
-		$(IMAGE) ./verify
+engine-$(ARCH).tar:
 	$(MAKE) -C image $@
 .PHONY: release
 release:
 	$(MAKE) -C image $@
--- a/README.md
+++ b/README.md
@ -1,16 +1,17 @@
 # Docker CE Packaging
-This repo contains the open source scripts for packaging the
+This repo contains the open source scripts for packaging
-[Docker Engine](https://docs.docker.com/engine/), the Docker CLI, CLI plugins,
+[Docker CE products](https://store.docker.com/search?offering=community&q=&type=edition).
 and rootless-extras packages.
-The repository contains Dockerfiles to build packages for various distributions,
+This repository is solely maintained by Docker, Inc.
 which can be found in the "rpm" and "deb" subdirectories, as well as scripts to
 build static binaries.
-Docker uses these recipes to build and release packages that are available on the
+The scripts will build for this list of packages types:
-https://download.docker.com package repositories. We welcome contributions to
+
-this repository, including the addition of new distros or distro-versions. Note,
+* DEB packages for Ubuntu 18.04 Bionic
-however, that Docker makes a subselection of distros and architectures for release,
+* DEB packages for Ubuntu 16.04 Xenial
-and not all distros available in this repository may be released to download.docker.com,
+* DEB packages for Debian 10 Buster
-but you can use these scripts to build your own packages.
+* DEB packages for Debian 9 Stretch
 * RPM packages for Fedora 28
 * RPM packages for Fedora 27
 * RPM packages for CentOS 7
 * TGZ and ZIP files with static binaries
--- a/common.mk
+++ b/common.mk
@ -1,62 +1,12 @@
 ARCH=$(shell uname -m)
 # These are the architecture formats as used in release-packaging Jenkinsfile
 # This is an ugly chimera, nobody uses this combination of dpkg and uname formats
 # Why don't we pick one format and stick with it? Because at the time of writing
 # it was deemed too risky/involving too many changes across repos to change architecture
 # formats in release-packaging Jenkinsfile. But someone please do it.
 # Why do we need to list this here? Because I haven't been able to figure out how
 # to do Makefile rules with multiple patterns. (See how it's used in {deb,rpm}/Makefile)
 # Adding new architectures or changing the format in release-packaging will prevent make
 # from finding the corresponding rule unless this list is updated.
 # Or Jenkinsfiles/Makefiles removed (🎵 Gotta have faith-a-faith-a-faith... 🎵)
 ARCHES:=amd64 aarch64 armhf armel s390x ppc64le
 BUILDTIME=$(shell date -u -d "@$${SOURCE_DATE_EPOCH:-$$(date +%s)}" --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
 CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
 DEFAULT_PRODUCT_LICENSE:=Community Engine
 PACKAGER_NAME?=
 DOCKER_GITCOMMIT:=abcdefg
-GO_VERSION:=1.24.6
+GO_VERSION:=1.12.12
 PLATFORM=Docker Engine - Community
 SHELL:=/bin/bash
-VERSION?=0.0.1-dev
+VERSION?=0.0.0-dev
 # DOCKER_CLI_REPO and DOCKER_ENGINE_REPO define the source repositories to clone
 # the source from. These can be overridden to build from a fork.
 DOCKER_CLI_REPO     ?= https://github.com/docker/cli.git
 DOCKER_ENGINE_REPO  ?= https://github.com/docker/docker.git
 DOCKER_COMPOSE_REPO ?= https://github.com/docker/compose.git
 DOCKER_BUILDX_REPO  ?= https://github.com/docker/buildx.git
 DOCKER_MODEL_REPO   ?= https://github.com/docker/model-cli.git
 # REF can be used to specify the same branch or tag to use for *both* the CLI
 # and Engine source code. This can be useful if both the CLI and Engine have a
 # release branch with the same name (e.g. "19.03"), or of both repositories have
 # tagged a release with the same version.
 #
 # For other situations, specify DOCKER_CLI_REF and/or DOCKER_ENGINE_REF separately.
 REF                ?= HEAD
 DOCKER_CLI_REF     ?= $(REF)
 DOCKER_ENGINE_REF  ?= $(REF)
 # DOCKER_COMPOSE_REF is the version of compose to package. It usually is a tag,
 # but can be a valid git reference in DOCKER_COMPOSE_REPO.
 DOCKER_COMPOSE_REF ?= v2.39.2
 # DOCKER_BUILDX_REF is the version of compose to package. It usually is a tag,
 # but can be a valid git reference in DOCKER_BUILDX_REPO.
 DOCKER_BUILDX_REF  ?= v0.26.1
 # DOCKER_MODEL_REF is the version of model to package. It is usually a tag,
 # but can be a valid git reference in DOCKER_MODEL_REPO.
 DOCKER_MODEL_REF   ?= v0.1.36
 # Use "stage" to install dependencies from download-stage.docker.com during the
 # verify step. Leave empty or use any other value to install from download.docker.com
 VERIFY_PACKAGE_REPO ?= prod
 # Optional flags like --platform=linux/armhf
 VERIFY_PLATFORM ?=
 export BUILDTIME
 export DEFAULT_PRODUCT_LICENSE
 export PACKAGER_NAME
 export PLATFORM
--- a/deb/Makefile
+++ b/deb/Makefile
@ -1,62 +1,41 @@
 include ../common.mk
-PLUGINS_DIR=$(realpath $(CURDIR)/../plugins)
+CLI_DIR:=$(realpath $(CURDIR)/../../cli)
 ENGINE_DIR:=$(realpath $(CURDIR)/../../engine)
 PLUGINS_DIR:=$(realpath $(CURDIR)/../plugins)
 GITCOMMIT?=$(shell cd $(CLI_DIR) && git rev-parse --short HEAD)
 STATIC_VERSION:=$(shell ../static/gen-static-ver $(ENGINE_DIR) $(VERSION))
 GO_BASE_IMAGE=golang
-GO_IMAGE?=$(GO_BASE_IMAGE):$(GO_VERSION)-bookworm
+GO_IMAGE=$(GO_BASE_IMAGE):$(GO_VERSION)-stretch
 DEB_VERSION=$(shell ./gen-deb-ver $(CLI_DIR) "$(VERSION)")
 CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
 EPOCH?=5
 GEN_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/cli) "$(VERSION)")
 GEN_BUILDX_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/buildx) "$(DOCKER_BUILDX_REF)")
 GEN_COMPOSE_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/compose) "$(DOCKER_COMPOSE_REF)")
 GEN_MODEL_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/model-cli) "$(DOCKER_MODEL_REF)")
 CLI_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/cli) && git rev-parse --short HEAD)
 ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD)
 BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD)
 ifdef BUILD_IMAGE
 	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
 endif
 COMMON_FILES=common
-BUILD?=DOCKER_BUILDKIT=1 \
+BUILD?=docker build \
 	docker build \
 	$(BUILD_IMAGE_FLAG) \
 	--build-arg GO_IMAGE=$(GO_IMAGE) \
 	--build-arg COMMON_FILES=$(COMMON_FILES) \
 	-t debbuild-$@/$(ARCH) \
-	--platform linux/$(ARCH) \
+	-f $(CURDIR)/$@/Dockerfile .
 	-f $@/Dockerfile \
 	.
 # Additional flags may be necessary at some point
 RUN_FLAGS=
-
+RUN=docker run --rm -i \
 # FIXME(thaJeztah): disabling seccomp to handle (armhf) tar "chown / chmod" failing
 # when running in a Ubuntu 24.04 container on a Ubuntu 20.04.6 host (kernel 5.15.0-1053-aws);
 # see https://github.com/docker/docker-ce-packaging/pull/1006#issuecomment-2006878743
 RUN?=docker run --rm \
 	--security-opt seccomp=unconfined \
 	--platform linux/$(ARCH) \
 	-e PLATFORM \
 	-e EPOCH='$(EPOCH)' \
-	-e DEB_VERSION=$(word 1, $(GEN_DEB_VER)) \
+	-e DEB_VERSION=$(word 1, $(DEB_VERSION)) \
-	-e VERSION=$(word 2, $(GEN_DEB_VER)) \
+	-e VERSION=$(word 2, $(DEB_VERSION)) \
-	-e CLI_GITCOMMIT=$(CLI_GITCOMMIT) \
+	-e DOCKER_GITCOMMIT=$(GITCOMMIT) \
-	-e ENGINE_GITCOMMIT=$(ENGINE_GITCOMMIT) \
+	-e PLATFORM \
 	-e BUILDX_VERSION=$(DOCKER_BUILDX_REF) \
 	-e BUILDX_DEB_VERSION=$(word 1, $(GEN_BUILDX_DEB_VER)) \
 	-e BUILDX_GITCOMMIT=$(BUILDX_GITCOMMIT) \
 	-e COMPOSE_VERSION=$(DOCKER_COMPOSE_REF) \
 	-e COMPOSE_DEB_VERSION=$(word 1, $(GEN_COMPOSE_DEB_VER)) \
 	-e MODEL_VERSION=$(DOCKER_MODEL_REF) \
 	-e MODEL_DEB_VERSION=$(word 1, $(GEN_MODEL_DEB_VER)) \
 	-v $(CURDIR)/debbuild/$@:/build \
 	$(RUN_FLAGS) \
 	debbuild-$@/$(ARCH)
-DEBIAN_VERSIONS ?= debian-bullseye debian-bookworm debian-trixie
+SOURCE_FILES=engine-image cli.tgz engine.tgz docker.service docker.socket distribution_based_engine.json plugin-installers.tgz
-UBUNTU_VERSIONS ?= ubuntu-jammy ubuntu-noble ubuntu-oracular ubuntu-plucky
+SOURCES=$(addprefix sources/, $(SOURCE_FILES))
 RASPBIAN_VERSIONS ?= raspbian-bullseye raspbian-bookworm
 DISTROS := $(DEBIAN_VERSIONS) $(UBUNTU_VERSIONS) $(RASPBIAN_VERSIONS)
 .PHONY: help
 help: ## show make targets
@ -68,73 +47,84 @@ clean: ## remove build artifacts
 	$(RM) -r debbuild
 	[ ! -d sources ] || $(CHOWN) -R $(shell id -u):$(shell id -g) sources
 	$(RM) -r sources
-	-docker builder prune -f --filter until=24h
+	$(RM) engine-image
 engine-$(ARCH).tar:
 	$(MAKE) -C ../image image-linux
 	docker save -o $@ $$(cat ../image/image-linux)
 .PHONY: deb
-deb: ubuntu debian ## build all deb packages except for raspbian
+deb: ubuntu debian raspbian ## build all deb packages
 .PHONY: ubuntu
-ubuntu: $(UBUNTU_VERSIONS) ## build all ubuntu deb packages
+ubuntu: ubuntu-bionic ubuntu-xenial ## build all ubuntu deb packages
 .PHONY: debian
-debian: $(DEBIAN_VERSIONS) ## build all debian deb packages
+debian: debian-stretch debian-buster ## build all debian deb packages
 .PHONY: raspbian
-raspbian: $(RASPBIAN_VERSIONS) ## build all raspbian deb packages
+raspbian: raspbian-stretch raspbian-buster ## build all raspbian deb packages
-.PHONY: $(DISTROS)
+.PHONY: ubuntu-%
-$(DISTROS): sources
+## build ubuntu deb packages
-	@echo "== Building packages for $@ =="
+ubuntu-%: $(SOURCES)
 	mkdir -p "debbuild/$@"
 	$(BUILD)
 	$(RUN)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) "debbuild/$@"
+	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
-.PHONY: sources
+.PHONY: debian-%
-sources: sources/cli.tgz sources/engine.tgz sources/buildx.tgz sources/compose.tgz sources/model.tgz
+## build debian deb packages
 debian-%: $(SOURCES)
 	$(BUILD)
 	$(RUN)
 	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
 .PHONY: raspbian-%
 ## build raspbian deb packages
 raspbian-%: $(SOURCES)
 	$(BUILD)
 	$(RUN)
 	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
 sources/engine.tgz:
 	mkdir -p $(@D)
-	docker run --rm -w /v \
+	docker run --rm -i -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/docker):/engine \
+		-v $(ENGINE_DIR):/engine \
 		-v $(CURDIR)/$(@D):/v \
 		alpine \
 		tar -C / -c -z -f /v/engine.tgz --exclude .git engine
 sources/cli.tgz:
 	mkdir -p $(@D)
-	docker run --rm -w /v \
+	docker run --rm -i -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/cli):/cli \
+		-v $(CLI_DIR):/cli \
 		-v $(CURDIR)/$(@D):/v \
 		alpine \
 		tar -C / -c -z -f /v/cli.tgz --exclude .git cli
-sources/buildx.tgz:
+sources/docker.service: ../systemd/docker.service
 	mkdir -p $(@D)
-	docker run --rm -w /v \
+	cp $< $@
 		-v $(realpath $(CURDIR)/../src/github.com/docker/buildx):/buildx \
 		-v $(CURDIR)/$(@D):/v \
 		alpine \
 		tar -C / -c -z -f /v/buildx.tgz --exclude .git buildx
-sources/compose.tgz:
+sources/docker.socket: ../systemd/docker.socket
 	mkdir -p $(@D)
-	docker run --rm -w /v \
+	cp $< $@
 		-v $(realpath $(CURDIR)/../src/github.com/docker/compose):/compose \
 		-v $(CURDIR)/$(@D):/v \
 		alpine \
 		tar -C / -c -z -f /v/compose.tgz --exclude .git compose
-sources/model.tgz:
+# TODO: Figure out how to decouple this
 # TODO: These might just end up being static files that are hardcoded
 # TODO: FROM HERE <=====================
 sources/distribution_based_engine.json: sources/engine-image
 	mkdir -p $(@D)
-	docker run --rm -w /v \
+	echo '{"platform":"Docker Engine - Community","engine_image":"engine-community","containerd_min_version":"1.2.0-beta.1","runtime":"host_install"}' > $@
-		-v $(realpath $(CURDIR)/../src/github.com/docker/model-cli):/model \
+
-		-v $(CURDIR)/$(@D):/v \
+sources/engine-image:
 	mkdir -p $(@D)
 	echo "docker.io/dockereng/engine-community:$(STATIC_VERSION)" > $@
 # TODO: TO HERE <=====================
 sources/plugin-installers.tgz: $(wildcard ../plugins/*)
 	docker run --rm -i -w /v \
 		-v $(PLUGINS_DIR):/plugins \
 		-v $(CURDIR)/sources:/v \
 		alpine \
-		tar -C / -c -z -f /v/model.tgz --exclude .git model
+		tar -C / -c -z -f /v/plugin-installers.tgz --exclude .git plugins
 # See ARCHES in common.mk. Could not figure out how to match both distro and arch.
 BUNDLES:=$(addsuffix .tar.gz,$(addprefix debbuild/bundles-ce-%-,$(ARCHES)))
 $(BUNDLES): %
 	tar czf $@ --transform="s|^debbuild/\(.*\)|bundles/$(VERSION)/build-deb/\1|" debbuild/$*
--- a/deb/README.md
+++ b/deb/README.md
@ -3,37 +3,30 @@
 `.deb` packages can be built from this directory with the following syntax
 ```shell
-make deb
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli deb
 ```
 Artifacts will be located in `debbuild` under the following directory structure:
 `debbuild/$distro-$distro_version/`
-### Building from local source
+### NOTES:
 Specify the location of the source repositories for the engine and cli when
 building packages
 * `ENGINE_DIR` -> Specifies the directory where the engine code is located, eg: `$GOPATH/src/github.com/docker/docker`
 * `CLI_DIR` -> Specifies the directory where the cli code is located, eg: `$GOPATH/src/github.com/docker/cli`
 ```shell
 make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli deb
 ```
 ## Specifying a specific distro
 ```shell
-make ubuntu
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli ubuntu
 ```
 ## Specifying a specific distro version
 ```shell
-make ubuntu-noble
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli ubuntu-xenial
 ```
-## Building the for all distros
+## Building the latest docker-ce
 ```shell
-make deb
+git clone https://github.com/docker/docker-ce.git
 make ENGINE_DIR=docker-ce/components/engine CLI_DIR=docker-ce/components/cli deb
 ```
--- a/deb/build-deb
+++ b/deb/build-deb
@ -6,36 +6,27 @@ set -e
 mkdir -p /root/build-deb/engine
 tar -C /root/build-deb -xzf /sources/engine.tgz
 mkdir -p /root/build-deb/cli
-tar -C /root/build-deb -xzf /sources/cli.tgz
+tar  -C /root/build-deb -xzf /sources/cli.tgz
 mkdir -p /root/build-deb/buildx
 tar -C /root/build-deb -xzf /sources/buildx.tgz
 mkdir -p /root/build-deb/compose
 tar -C /root/build-deb -xzf /sources/compose.tgz
 mkdir -p /root/build-deb/model
 tar -C /root/build-deb -xzf /sources/model.tgz
 # link them to their canonical path
 mkdir -p /go/src/github.com/docker
 ln -snf /root/build-deb/engine /go/src/github.com/docker/docker
 ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
 ln -snf /root/build-deb/buildx /go/src/github.com/docker/buildx
 ln -snf /root/build-deb/compose /go/src/github.com/docker/compose
 ln -snf /root/build-deb/model /go/src/github.com/docker/model-cli
 EPOCH="${EPOCH:-}"
 EPOCH_SEP=""
 if [[ ! -z "$EPOCH" ]]; then
-	EPOCH_SEP=":"
+    EPOCH_SEP=":"
 fi
 if [[ -z "$DEB_VERSION" ]]; then
-	echo "DEB_VERSION is required to build deb packages"
+    echo "DEB_VERSION is required to build deb packages"
-	exit 1
+    exit 1
 fi
 echo VERSION AAA $VERSION
-VERSION=${VERSION:-$(cat cli/VERSION)}
+VERSION=${VERSION:-$( cat cli/VERSION )}
 echo VERSION bbb $VERSION
@ -43,47 +34,15 @@ debSource="$(awk -F ': ' '$1 == "Source" { print $2; exit }' debian/control)"
 debMaintainer="$(awk -F ': ' '$1 == "Maintainer" { print $2; exit }' debian/control)"
 debDate="$(date --rfc-2822)"
 # Include an extra `1` in the version, in case we ever would have to re-build an
 # already published release with a packaging-only change.
 pkgRevision=1
 # Generate changelog. The version/name of the generated packages are based on this.
 #
 # Resulting packages are formatted as;
 #
 # - name of the package (e.g., "docker-ce")
 # - version (e.g., "23.0.0~beta.0")
 # - pkgRevision (usually "-0", see above), which allows updating packages with
 #   packaging-only changes (without a corresponding release of the software
 #   that's packaged).
 # - distro (e.g., "ubuntu")
 # - VERSION_ID (e.g. "22.04" or "11") this must be "sortable" to make sure that
 #   packages are upgraded when upgrading to a newer distro version ("codename"
 #   cannot be used for this, as they're not sorted)
 # - SUITE ("codename"), e.g. "jammy" or "bullseye". This is mostly for convenience,
 #   because some places refer to distro versions by codename, others by version.
 #   we prefix the codename with a tilde (~), which effectively excludes it from
 #   version comparison.
 #
 # Note that while the `${EPOCH}${EPOCH_SEP}` is part of the version, it is not
 # included in the package's *filename*. (And if you're wondering: we needed the
 # EPOCH because of our use of CalVer, which made version comparing not work in
 # some cases).
 #
 # Examples:
 #
 # docker-ce_23.0.0~beta.0-1~debian.11~bullseye_amd64.deb
 # docker-ce_23.0.0~beta.0-1~ubuntu.22.04~jammy_amd64.deb
 cat > "debian/changelog" <<-EOF
-$debSource (${EPOCH}${EPOCH_SEP}${DEB_VERSION}-${pkgRevision}~${DISTRO}.${VERSION_ID}~${SUITE}) $SUITE; urgency=low
+$debSource (${EPOCH}${EPOCH_SEP}${DEB_VERSION}-0~${DISTRO}-${SUITE}) $SUITE; urgency=low
  * Version: $VERSION
 -- $debMaintainer  $debDate
 EOF
 # The space above at the start of the line for the debMaintainer is very important
 # Give the script a git commit because it wants it
-export CLI_GITCOMMIT=${CLI_GITCOMMIT-$(cd cli; $GIT_COMMAND rev-parse --short HEAD)}
+export DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT-$(cd cli; $GIT_COMMAND rev-parse --short HEAD)}
 export ENGINE_GITCOMMIT=${ENGINE_GITCOMMIT-$(cd engine; $GIT_COMMAND rev-parse --short HEAD)}
 echo VERSION BBB $VERSION
 dpkg-buildpackage -uc -us -I.git
--- a/deb/common/compat
+++ b/deb/common/compat
@ -0,0 +1 @@
 9
--- a/deb/common/control
+++ b/deb/common/control
@ -4,13 +4,18 @@ Priority: optional
 Maintainer: Docker <support@docker.com>
 Build-Depends: bash,
               bash-completion,
               libbtrfs-dev | btrfs-tools,
               ca-certificates,
               cmake,
               dh-apparmor,
-               debhelper-compat (= 12),
+               dh-systemd,
               gcc,
               git,
               libc-dev,
               libdevmapper-dev,
               libltdl-dev,
               libseccomp-dev,
               libseccomp2,
               libsystemd-dev,
               libtool,
               make,
@ -22,32 +27,24 @@ Vcs-Git: git://github.com/docker/docker.git
 Package: docker-ce
 Architecture: linux-any
-Pre-Depends: init-system-helpers (>= 1.54~)
+Depends: docker-ce-cli, containerd.io (>= 1.2.2-3), iptables, libseccomp2 (>= 2.3.0), ${shlibs:Depends}
-Depends: containerd.io (>= 1.7.27),
+Recommends: aufs-tools,
         docker-ce-cli,
         iptables,
         ${shlibs:Depends}
 Recommends: apparmor,
            ca-certificates,
-            docker-ce-rootless-extras,
+            cgroupfs-mount | cgroup-lite,
            git,
            pigz,
-            procps,
+            xz-utils,
-            xz-utils
+            libltdl7,
-Suggests: cgroupfs-mount | cgroup-lite,
+            ${apparmor:Recommends}
-            kmod,
+Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs
-Conflicts: docker (<< 1.5~),
+Replaces: docker-engine
           docker-engine,
           docker.io
 Replaces: docker-engine,
          docker-ce-cli (<< 5:28.0.0)
 Description: Docker: the open-source application container engine
 Docker is a product for you to build, ship and run any application as a
 lightweight container
 .
 Docker containers are both hardware-agnostic and platform-agnostic. This means
- they can run anywhere, from your laptop to the largest cloud compute instance
+ they can run anywhere, from your laptop to the largest cloud compute instance and
- and everything in between - and they don't require you to use a particular
+ everything in between - and they don't require you to use a particular
 language, framework or packaging system. That makes them great building blocks
 for deploying and scaling web apps, databases, and backend services without
 depending on a particular stack or provider.
@ -55,12 +52,7 @@ Description: Docker: the open-source application container engine
 Package: docker-ce-cli
 Architecture: linux-any
 Depends: ${shlibs:Depends}
-Recommends: docker-buildx-plugin,
+Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine, docker-engine-cs
            docker-compose-plugin
 Suggests: docker-model-plugin
 Conflicts: docker (<< 1.5~),
           docker-engine,
           docker.io
 Replaces: docker-ce (<< 5:0)
 Breaks: docker-ce (<< 5:0)
 Description: Docker CLI: the open-source application container engine
@ -68,56 +60,8 @@ Description: Docker CLI: the open-source application container engine
 lightweight container
 .
 Docker containers are both hardware-agnostic and platform-agnostic. This means
- they can run anywhere, from your laptop to the largest cloud compute instance
+ they can run anywhere, from your laptop to the largest cloud compute instance and
- and everything in between - and they don't require you to use a particular
+ everything in between - and they don't require you to use a particular
 language, framework or packaging system. That makes them great building blocks
 for deploying and scaling web apps, databases, and backend services without
 depending on a particular stack or provider.
 Package: docker-ce-rootless-extras
 Architecture: linux-any
 Depends: dbus-user-session,
         ${shlibs:Depends}
 Enhances: docker-ce
 Conflicts: rootlesskit
 Replaces: rootlesskit
 Breaks: rootlesskit
 # slirp4netns (>= 0.4.0) is available in Debian since 11 and Ubuntu since 19.10
 Recommends: slirp4netns (>= 0.4.0)
 # Unlike RPM, DEB packages do not contain "Recommends: fuse-overlayfs (>= 0.7.0)" here,
 # because Debian (since 10) and Ubuntu support the kernel-mode rootless overlayfs.
 Description: Rootless support for Docker.
 Use dockerd-rootless.sh to run the daemon.
 Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh.
 This package contains RootlessKit, but does not contain VPNKit.
 Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately.
 Homepage: https://docs.docker.com/engine/security/rootless/
 Package: docker-buildx-plugin
 Priority: optional
 Replaces: docker-ce-cli
 Architecture: linux-any
 Enhances: docker-ce-cli
 Description: Docker Buildx cli plugin.
 This plugin provides the 'docker buildx' subcommand.
 Homepage: https://github.com/docker/buildx
 Package: docker-compose-plugin
 Priority: optional
 Architecture: linux-any
 Recommends: docker-buildx-plugin
 Enhances: docker-ce-cli
 Description: Docker Compose (V2) plugin for the Docker CLI.
 This plugin provides the 'docker compose' subcommand.
 .
 The binary can also be run standalone as a direct replacement for
 Docker Compose V1 ('docker-compose').
 Homepage: https://github.com/docker/compose
 Package: docker-model-plugin
 Priority: optional
 Architecture: linux-any
 Enhances: docker-ce-cli
 Description: Docker Model Runner plugin for the Docker CLI.
 This plugin provides the 'docker model' subcommand.
 Homepage: https://docs.docker.com/model-runner/
--- a/deb/common/docker-ce-cli.bash-completion
+++ b/deb/common/docker-ce-cli.bash-completion
@ -0,0 +1 @@
 cli/contrib/completion/bash/docker
--- a/deb/common/docker-ce.dirs
+++ b/deb/common/docker-ce.dirs
@ -1 +0,0 @@
 /etc/docker
--- a/deb/common/docker-ce.docker.default
+++ b/deb/common/docker-ce.docker.default
@ -1 +0,0 @@
 ../engine/contrib/init/sysvinit-debian/docker.default
--- a/deb/common/docker-ce.docker.default
+++ b/deb/common/docker-ce.docker.default
@ -0,0 +1,20 @@
 # Docker Upstart and SysVinit configuration file
 #
 # THIS FILE DOES NOT APPLY TO SYSTEMD
 #
 #   Please see the documentation for "systemd drop-ins":
 #   https://docs.docker.com/engine/admin/systemd/
 #
 # Customize location of Docker binary (especially for development testing).
 #DOCKERD="/usr/local/bin/dockerd"
 # Use DOCKER_OPTS to modify the daemon startup options.
 #DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"
 # If you need Docker to use an HTTP proxy, it can also be specified here.
 #export http_proxy="http://127.0.0.1:3128/"
 # This is also a handy place to tweak where Docker's temporary files go.
 #export DOCKER_TMPDIR="/mnt/bigdrive/docker-tmp"
--- a/deb/common/docker-ce.docker.init
+++ b/deb/common/docker-ce.docker.init
@ -1 +0,0 @@
 ../engine/contrib/init/sysvinit-debian/docker
--- a/deb/common/docker-ce.docker.init
+++ b/deb/common/docker-ce.docker.init
@ -0,0 +1,156 @@
 #!/bin/sh
 set -e
 ### BEGIN INIT INFO
 # Provides:           docker
 # Required-Start:     $syslog $remote_fs
 # Required-Stop:      $syslog $remote_fs
 # Should-Start:       cgroupfs-mount cgroup-lite
 # Should-Stop:        cgroupfs-mount cgroup-lite
 # Default-Start:      2 3 4 5
 # Default-Stop:       0 1 6
 # Short-Description:  Create lightweight, portable, self-sufficient containers.
 # Description:
 #  Docker is an open-source project to easily create lightweight, portable,
 #  self-sufficient containers from any application. The same container that a
 #  developer builds and tests on a laptop can run at scale, in production, on
 #  VMs, bare metal, OpenStack clusters, public clouds and more.
 ### END INIT INFO
 export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
 BASE=docker
 # modify these in /etc/default/$BASE (/etc/default/docker)
 DOCKERD=/usr/bin/dockerd
 # This is the pid file managed by docker itself
 DOCKER_PIDFILE=/var/run/$BASE.pid
 # This is the pid file created/managed by start-stop-daemon
 DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid
 DOCKER_LOGFILE=/var/log/$BASE.log
 DOCKER_OPTS=
 DOCKER_DESC="Docker"
 # Get lsb functions
 . /lib/lsb/init-functions
 if [ -f /etc/default/$BASE ]; then
 	. /etc/default/$BASE
 fi
 # Check docker is present
 if [ ! -x $DOCKERD ]; then
 	log_failure_msg "$DOCKERD not present or not executable"
 	exit 1
 fi
 check_init() {
 	# see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly)
 	if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then
 		log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1"
 		exit 1
 	fi
 }
 fail_unless_root() {
 	if [ "$(id -u)" != '0' ]; then
 		log_failure_msg "$DOCKER_DESC must be run as root"
 		exit 1
 	fi
 }
 cgroupfs_mount() {
 	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
 	if grep -v '^#' /etc/fstab | grep -q cgroup \
 		|| [ ! -e /proc/cgroups ] \
 		|| [ ! -d /sys/fs/cgroup ]; then
 		return
 	fi
 	if ! mountpoint -q /sys/fs/cgroup; then
 		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
 	fi
 	(
 		cd /sys/fs/cgroup
 		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
 			mkdir -p $sys
 			if ! mountpoint -q $sys; then
 				if ! mount -n -t cgroup -o $sys cgroup $sys; then
 					rmdir $sys || true
 				fi
 			fi
 		done
 	)
 }
 case "$1" in
 	start)
 		check_init
 		fail_unless_root
 		cgroupfs_mount
 		touch "$DOCKER_LOGFILE"
 		chgrp docker "$DOCKER_LOGFILE"
 		ulimit -n 1048576
 		# Having non-zero limits causes performance problems due to accounting overhead
 		# in the kernel. We recommend using cgroups to do container-local accounting.
 		if [ "$BASH" ]; then
 			ulimit -u unlimited
 		else
 			ulimit -p unlimited
 		fi
 		log_begin_msg "Starting $DOCKER_DESC: $BASE"
 		start-stop-daemon --start --background \
 			--no-close \
 			--exec "$DOCKERD" \
 			--pidfile "$DOCKER_SSD_PIDFILE" \
 			--make-pidfile \
 			-- \
 				-p "$DOCKER_PIDFILE" \
 				$DOCKER_OPTS \
 					>> "$DOCKER_LOGFILE" 2>&1
 		log_end_msg $?
 		;;
 	stop)
 		check_init
 		fail_unless_root
 		if [ -f "$DOCKER_SSD_PIDFILE" ]; then
 			log_begin_msg "Stopping $DOCKER_DESC: $BASE"
 			start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10
 			log_end_msg $?
 		else
 			log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found."
 		fi
 		;;
 	restart)
 		check_init
 		fail_unless_root
 		docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null`
 		[ -n "$docker_pid" ] \
 			&& ps -p $docker_pid > /dev/null 2>&1 \
 			&& $0 stop
 		$0 start
 		;;
 	force-reload)
 		check_init
 		fail_unless_root
 		$0 restart
 		;;
 	status)
 		check_init
 		status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKERD" "$DOCKER_DESC"
 		;;
 	*)
 		echo "Usage: service docker {start|stop|restart|status}"
 		exit 1
 		;;
 esac
--- a/deb/common/docker-ce.docker.service
+++ b/deb/common/docker-ce.docker.service
@ -1 +0,0 @@
 ../engine/contrib/init/systemd/docker.service
--- a/deb/common/docker-ce.docker.socket
+++ b/deb/common/docker-ce.docker.socket
@ -1 +0,0 @@
 ../engine/contrib/init/systemd/docker.socket
--- a/deb/common/docker-ce.docker.upstart
+++ b/deb/common/docker-ce.docker.upstart
@ -0,0 +1,72 @@
 description "Docker daemon"
 start on (filesystem and net-device-up IFACE!=lo)
 stop on runlevel [!2345]
 limit nofile 524288 1048576
 # Having non-zero limits causes performance problems due to accounting overhead
 # in the kernel. We recommend using cgroups to do container-local accounting.
 limit nproc unlimited unlimited
 respawn
 kill timeout 20
 pre-start script
 	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
 	if grep -v '^#' /etc/fstab | grep -q cgroup \
 		|| [ ! -e /proc/cgroups ] \
 		|| [ ! -d /sys/fs/cgroup ]; then
 		exit 0
 	fi
 	if ! mountpoint -q /sys/fs/cgroup; then
 		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
 	fi
 	(
 		cd /sys/fs/cgroup
 		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
 			mkdir -p $sys
 			if ! mountpoint -q $sys; then
 				if ! mount -n -t cgroup -o $sys cgroup $sys; then
 					rmdir $sys || true
 				fi
 			fi
 		done
 	)
 end script
 script
 	# modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
 	DOCKERD=/usr/bin/dockerd
 	DOCKER_OPTS=
 	if [ -f /etc/default/$UPSTART_JOB ]; then
 		. /etc/default/$UPSTART_JOB
 	fi
 	exec "$DOCKERD" $DOCKER_OPTS --raw-logs
 end script
 # Don't emit "started" event until docker.sock is ready.
 # See https://github.com/docker/docker/issues/6647
 post-start script
 	DOCKER_OPTS=
 	DOCKER_SOCKET=
 	if [ -f /etc/default/$UPSTART_JOB ]; then
 		. /etc/default/$UPSTART_JOB
 	fi
 	if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then
 		DOCKER_SOCKET=/var/run/docker.sock
 	else
 		DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)' | sed 1q)
 	fi
 	if [ -n "$DOCKER_SOCKET" ]; then
 		while ! [ -e "$DOCKER_SOCKET" ]; do
 			initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1
 			echo "Waiting for $DOCKER_SOCKET"
 			sleep 0.1
 		done
 		echo "$DOCKER_SOCKET is up"
 	fi
 end script
--- a/deb/common/docker-ce.maintscript
+++ b/deb/common/docker-ce.maintscript
@ -1 +0,0 @@
 rm_conffile /etc/init/docker.conf 5:24.0.5-1~
--- a/deb/common/docker-ce.manpages
+++ b/deb/common/docker-ce.manpages
@ -1 +0,0 @@
 engine/man/man*/*
--- a/deb/common/docker-ce.postinst
+++ b/deb/common/docker-ce.postinst
--- a/deb/common/rules
+++ b/deb/common/rules
@ -1,149 +1,60 @@
 #!/usr/bin/make -f
 # Include default Makefile variables.
 include /usr/share/dpkg/default.mk
 # Build all armhf binaries as ARMv6 with hard float, to support both
 # Debian armhf and Raspbian armhf.
 ifeq ($(DEB_TARGET_ARCH),armhf)
 	export CFLAGS += -marm -march=armv6+fp
 	export GOARM := 6
 endif
 VERSION ?= $(shell cat engine/VERSION)
-# TODO(thaJeztah): allow passing this version when building.
+DOCKER_GOPATH := /go/src/github.com/docker
 PKG_REVISION ?= 1
 export PKG_REVISION
-# force packages to be built with xz compression, as Ubuntu 21.10 and up use
+override_dh_gencontrol:
-# zstd compression, which is non-standard, and breaks 'dpkg-sig --verify'
+	# if we're on Ubuntu, we need to Recommends: apparmor
-override_dh_builddeb:
+	echo 'apparmor:Recommends=$(shell dpkg-vendor --is Ubuntu && echo apparmor)' >> debian/docker-ce.substvars
-	dh_builddeb -- -Zxz
+	dh_gencontrol
 # Determine the Go module mode based on the presence of vendor.mod or go.mod
 override_dh_auto_build: GOMOD := $(if $(wildcard engine/vendor.mod),off,$(if $(wildcard engine/go.mod),on,$(error "No go.mod or vendor.mod found in engine directory")))
 # Override the default dh_auto_build target
 override_dh_auto_build:
 	# Build the daemon and dependencies
-	cd engine && GO111MODULE=$(GOMOD) DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) PRODUCT=docker ./hack/make.sh dynbinary
+	cd engine && PRODUCT=docker ./hack/make.sh dynbinary
 	cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini
-	cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh rootlesskit dynamic
+	cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh proxy dynamic
 	#  build  man-pages
 	make -C engine/man
 	# Build the CLI
-	make -C /go/src/github.com/docker/cli DISABLE_WARN_OUTSIDE_CONTAINER=1 VERSION=$(VERSION) GITCOMMIT=$(CLI_GITCOMMIT) LDFLAGS='' dynbinary manpages shell-completion
+	cd /go/src/github.com/docker/cli && \
-
+		LDFLAGS='' DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages
-	# Build buildx plugin
+	# Build the CLI plugins
-	cd /go/src/github.com/docker/buildx \
+	# Make sure to set LDFLAGS="" since, dpkg-buildflags sets it to some weird values
-	&& mkdir -p /usr/libexec/docker/cli-plugins/ \
+	set -e;cd /sources && \
-	&& GO111MODULE=on \
+		tar xzf plugin-installers.tgz; \
-		CGO_ENABLED=0 \
+		for installer in plugins/*.installer; do \
-			go build \
+			LDFLAGS='' bash $${installer} build; \
-				-mod=vendor \
+		done
 				-trimpath \
 				-ldflags "-w -X github.com/docker/buildx/version.Version=$(BUILDX_VERSION) -X github.com/docker/buildx/version.Revision=$(BUILDX_GITCOMMIT) -X github.com/docker/buildx/version.Package=github.com/docker/buildx" \
 				-o "/usr/libexec/docker/cli-plugins/docker-buildx" \
 				./cmd/buildx
 	# Build the compose plugin
 	make -C /go/src/github.com/docker/compose VERSION=$(COMPOSE_VERSION) DESTDIR=/usr/libexec/docker/cli-plugins build
 	# Build the model plugin
 	GO111MODULE=on make -C /go/src/github.com/docker/model-cli VERSION=$(MODEL_VERSION) ce-release \
 	&& mv /go/src/github.com/docker/model-cli/dist/docker-model /usr/libexec/docker/cli-plugins/docker-model
 override_dh_auto_test:
-	ver="$$(engine/bundles/dynbinary-daemon/dockerd --version)"; \
+	./engine/bundles/dynbinary-daemon/dockerd -v
-		test "$$ver" = "Docker version $(VERSION), build $(ENGINE_GITCOMMIT)" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($$ver) did not match" && exit 1)
+	./cli/build/docker -v
 	ver="$$(cli/build/docker --version)"; \
 		test "$$ver" = "Docker version $(VERSION), build $(CLI_GITCOMMIT)" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($$ver) did not match" && exit 1)
 	ver="$$(/usr/libexec/docker/cli-plugins/docker-buildx docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
 		test "$$ver" = "$(BUILDX_VERSION)" && echo "PASS: docker-buildx version OK" || (echo "FAIL: docker-buildx version ($$ver) did not match" && exit 1)
 	ver="$$(/usr/libexec/docker/cli-plugins/docker-compose docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
 		test "$$ver" = "$(COMPOSE_VERSION)" && echo "PASS: docker-compose version OK" || (echo "FAIL: docker-compose version ($$ver) did not match" && exit 1)
 	ver="$$(/usr/libexec/docker/cli-plugins/docker-model docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
 		test "$$ver" = "$(MODEL_VERSION)" && echo "PASS: docker-model version OK" || (echo "FAIL: docker-model version ($$ver) did not match" && exit 1)
 override_dh_strip:
 	# Go has lots of problems with stripping, so just don't
 # http://manpages.debian.org/dh_dwz
 override_dh_dwz:
 	# dh_dwz in debhelper versions less than 13 has issues with files that are missing debug symbols (once we update to debhelper-compat 13+ this can be removed)
 	@# https://packages.debian.org/debhelper
 	@# https://packages.ubuntu.com/debhelper
 override_dh_auto_install:
 	# docker-ce-cli install
-	install -D -p -m 0755 cli/build/docker debian/docker-ce-cli/usr/bin/docker
+	install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/fish/docker.fish debian/docker-ce-cli/usr/share/fish/vendor_completions.d/docker.fish
-
+	install -D -m 0644 /go/src/github.com/docker/cli/contrib/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker
-	# docker-ce-cli shell-completion
+	install -D -m 0755 /go/src/github.com/docker/cli/build/docker debian/docker-ce-cli/usr/bin/docker
-	#
+	set -e;cd /sources && \
-	# We are manually installing bash completions instead of using the "dh_bash-completion"
+		tar xzf plugin-installers.tgz; \
-	# debhelper (see [1]); dh_bash-completion only supports bash, and none of the other shells,
+		for installer in plugins/*.installer; do \
-	# which meant that we had to install 2 out of 3 manually, which was confusing ("what about
+			DESTDIR=/root/build-deb/debian/docker-ce-cli \
-	# Bash?"). Given that locations to install these completion scripts are well-known, we
+			PREFIX=/usr/libexec/docker/cli-plugins \
-	# can safely use the manual approach for installing  them.
+				bash $${installer} install_plugin; \
-	#
+		done
 	# In future, can consider using "dh_shell_completions" (see [2]), which supports bash, zsh
 	# and fish. However, "dh_shell_completions" is still really premature, and not available
 	# in stable releases. So, currently, adding it as build-dependency, especially since
 	# these are well-known, may not be a good choice, but we can revisit that in future
 	# if things mature in this area.
 	#
 	# Observant readers may notice that we don't include PowerShell completion in
 	# this list (even though Cobra provides them, and PowerShell *can* be installed
 	# oon Linux). The short story is that there's no well-defined location, nor
 	# a well-defined approach for this.
 	#
 	# The PowerShell maintainers (see [3]) considering that no completion scripts
 	# are needed for anything following the PowerShell specifications, and for
 	# anything else, PowerShell is capable enough to use zsh and bash completions.
 	#
 	# All of the above taken into account; it's fuzzy enough to just leave it as
 	# an exercise for the user to decide what to do.
 	#
 	# [1]: https://manpages.debian.org/bookworm/bash-completion/dh_bash-completion.1.en.html
 	# [2]: https://manpages.debian.org/testing/dh-shell-completions/dh_shell_completions.1.en.html
 	# [3]: https://github.com/PowerShell/PowerShell/issues/17582
 	install -D -p -m 0644 cli/build/completion/bash/docker debian/docker-ce-cli/usr/share/bash-completion/completions/docker
 	install -D -p -m 0644 cli/build/completion/fish/docker.fish debian/docker-ce-cli/usr/share/fish/vendor_completions.d/docker.fish
 	install -D -p -m 0644 cli/build/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker
 	# docker-ce install
-	install -D -p -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/dockerd) debian/docker-ce/usr/bin/dockerd
+	install -D -m 0644 /sources/docker.service debian/docker-ce/lib/systemd/system/docker.service
-	install -D -p -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/docker-proxy) debian/docker-ce/usr/bin/docker-proxy
+	install -D -m 0644 /sources/docker.socket debian/docker-ce/lib/systemd/system/docker.socket
-	install -D -p -m 0755 /usr/local/bin/docker-init debian/docker-ce/usr/libexec/docker/docker-init
+	install -D -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/dockerd) debian/docker-ce/usr/bin/dockerd
-
+	install -D -m 0755 /usr/local/bin/docker-proxy debian/docker-ce/usr/bin/docker-proxy
-	# docker-buildx-plugin install
+	install -D -m 0755 /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init
-	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-buildx debian/docker-buildx-plugin/usr/libexec/docker/cli-plugins/docker-buildx
+	install -D -m 0644 /sources/distribution_based_engine.json debian/docker-ce/var/lib/docker-engine/distribution_based_engine.json
 	# docker-compose-plugin install
 	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-compose debian/docker-compose-plugin/usr/libexec/docker/cli-plugins/docker-compose
 	# docker-model-plugin install
 	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-model debian/docker-model-plugin/usr/libexec/docker/cli-plugins/docker-model
 	# docker-ce-rootless-extras install
 	install -D -p -m 0755 /usr/local/bin/rootlesskit debian/docker-ce-rootless-extras/usr/bin/rootlesskit
 	install -D -p -m 0755 engine/contrib/dockerd-rootless.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless.sh
 	install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless-setuptool.sh
 	# TODO: how can we install vpnkit?
 override_dh_installinit:
 	# use "docker" as our service name, not "docker-ce"
 	dh_installinit --name=docker
 override_dh_installsystemd:
 	# use "docker" as our service name, not "docker-ce"
 	dh_installsystemd --name=docker
 override_dh_shlibdeps:
 	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
@ -152,20 +63,5 @@ override_dh_install:
 	# TODO Can we do this from within our container?
 	dh_apparmor --profile-name=docker-ce -pdocker-ce
 override_dh_gencontrol:
 	# Use separate version for the buildx-plugin package, then generate the other control files as usual
 	# TODO override "Source" field in control as well (to point to buildx, as it doesn't match the package name)
 	dh_gencontrol -pdocker-buildx-plugin -- -v$${BUILDX_DEB_VERSION#v}-$${PKG_REVISION}~$${DISTRO}.$${VERSION_ID}~$${SUITE}
 	# Use separate version for the compose-plugin package, then generate the other control files as usual
 	# TODO override "Source" field in control as well (to point to compose, as it doesn't match the package name)
 	dh_gencontrol -pdocker-compose-plugin -- -v$${COMPOSE_DEB_VERSION#v}-$${PKG_REVISION}~$${DISTRO}.$${VERSION_ID}~$${SUITE}
 	# Use separate version for the model-plugin package, then generate the other control files as usual
 	# TODO override "Source" field in control as well (to point to model, as it doesn't match the package name)
 	dh_gencontrol -pdocker-model-plugin -- -v$${MODEL_DEB_VERSION#v}-$${PKG_REVISION}~$${DISTRO}.$${VERSION_ID}~$${SUITE}
 	dh_gencontrol --remaining-packages
 %:
-	dh $@ --with=bash-completion
+	dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd)
--- a/deb/common/source/format
+++ b/deb/common/source/format
@ -1 +0,0 @@
 1.0
--- a/deb/debian-bookworm/Dockerfile
+++ b/deb/debian-bookworm/Dockerfile
@ -1,40 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=debian
 ARG SUITE=bookworm
 ARG VERSION_ID=12
 ARG BUILD_IMAGE=${DISTRO}:${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ARG COMMON_FILES
 COPY --link ${COMMON_FILES} /root/build-deb/debian
 RUN apt-get update \
 && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY --link sources/ /sources
 ARG DISTRO
 ARG SUITE
 ARG VERSION_ID
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 ENV VERSION_ID=${VERSION_ID}
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/debian-bullseye/Dockerfile
+++ b/deb/debian-bullseye/Dockerfile
@ -1,40 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=debian
 ARG SUITE=bullseye
 ARG VERSION_ID=11
 ARG BUILD_IMAGE=${DISTRO}:${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ARG COMMON_FILES
 COPY --link ${COMMON_FILES} /root/build-deb/debian
 RUN apt-get update \
 && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY --link sources/ /sources
 ARG DISTRO
 ARG SUITE
 ARG VERSION_ID
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 ENV VERSION_ID=${VERSION_ID}
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/debian-buster/Dockerfile
+++ b/deb/debian-buster/Dockerfile
@ -0,0 +1,29 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=debian:buster
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ARG GO_VERSION
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV DOCKER_BUILDTAGS apparmor seccomp selinux
 ENV RUNC_BUILDTAGS apparmor seccomp selinux
 ARG COMMON_FILES
 COPY ${COMMON_FILES} /root/build-deb/debian
 RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY sources/ /sources
 ENV DISTRO debian
 ENV SUITE buster
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/debian-stretch/Dockerfile
+++ b/deb/debian-stretch/Dockerfile
@ -0,0 +1,29 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=debian:stretch
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ARG GO_VERSION
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV DOCKER_BUILDTAGS apparmor seccomp selinux
 ENV RUNC_BUILDTAGS apparmor seccomp selinux
 ARG COMMON_FILES
 COPY ${COMMON_FILES} /root/build-deb/debian
 RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY sources/ /sources
 ENV DISTRO debian
 ENV SUITE stretch
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/debian-trixie/Dockerfile
+++ b/deb/debian-trixie/Dockerfile
@ -1,40 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=debian
 ARG SUITE=trixie
 ARG VERSION_ID=13
 ARG BUILD_IMAGE=${DISTRO}:${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ARG COMMON_FILES
 COPY --link ${COMMON_FILES} /root/build-deb/debian
 RUN apt-get update \
 && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY --link sources/ /sources
 ARG DISTRO
 ARG SUITE
 ARG VERSION_ID
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 ENV VERSION_ID=${VERSION_ID}
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/gen-deb-ver
+++ b/deb/gen-deb-ver
@ -1,79 +1,87 @@
 #!/usr/bin/env bash
-REPO_DIR="$1"
+ENGINE_DIR="$1"
 VERSION="$2"
 origVersion=$VERSION
-if [ -z "$REPO_DIR" ] || [ -z "$VERSION" ]; then
+[[ $# < 2 ]] && echo 'not enough args' && exit 1
-	# shellcheck disable=SC2016
+
-	echo 'usage: ./gen-deb-ver ${REPO_DIR} ${VERSION}'
+DATE_COMMAND="date"
-	exit 1
+if [[ $(uname) -eq "Darwin" ]]; then
    DATE_COMMAND="docker run --rm alpine date"
 fi
-GIT_COMMAND="git -C $REPO_DIR"
+gen_deb_version() {
-origVersion="$VERSION"
+    # Adds an increment to the deb version to get proper order
-debVersion="${VERSION#v}"
+    # 18.01.0-tp1   -> 18.01.0-0.1-tp1
    # 18.01.0-beta1 -> 18.01.0-1.1-beta1
    # 18.01.0-rc1   -> 18.01.0-2.1-rc1
    # 18.01.0       -> 18.01.0-3
    fullVersion="$1"
    pattern="$2"
    increment="$3"
    testVersion="${fullVersion#*-$pattern}"
    baseVersion="${fullVersion%-"$pattern"*}"
    echo "$baseVersion-$increment.$testVersion.$pattern$testVersion"
 }
-# deb packages require a tilde (~) instead of a hyphen (-) as separator between
+case "$VERSION" in
-# the version # and pre-release suffixes, otherwise pre-releases are sorted AFTER
+    *-dev)
-# non-pre-release versions, which would prevent users from updating from a pre-
+        debVersion="$VERSION"
-# release version to the "ga" version.
+        ;;
-#
+    *-tp[0-9]*)
-# For details, see this thread on the Debian mailing list:
+        debVersion="$(gen_deb_version "$VERSION" tp 0)"
-# https://lists.debian.org/debian-policy/1998/06/msg00099.html
+        ;;
-#
+    *-beta[0-9]*)
-# The code below replaces hyphens with tildes. Note that an intermediate $tilde
+        debVersion="$(gen_deb_version "$VERSION" beta 1)"
-# variable is needed to make this work on all versions of Bash. In some versions
+        ;;
-# of Bash, the tilde would be substituted with $HOME (even when escaped (\~) or
+    *-rc[0-9]*)
-# quoted ('~').
+        debVersion="$(gen_deb_version "$VERSION" rc 2)"
-tilde='~'
+        ;;
-debVersion="${debVersion//-/$tilde}"
+    *)
        debVersion="$VERSION-3"
        ;;
 esac
-# if we have a "-dev" suffix or have change in Git, this is a nightly build, and
+export TZ=UTC
 # we'll create a pseudo version based on commit-date and -sha.
 if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
 	export TZ=UTC
-	# based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+tilde='~' # ouch Bash 4.2 vs 4.3, you keel me
-	#
+# git running in different directories, backwards compatible too
-	# using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
+GIT_COMMAND="git -C $ENGINE_DIR"
-	# where the time is the commit time in UTC and the final suffix is the prefix
+debVersion="${debVersion//-/$tilde}" # using \~ or '~' here works in 4.3, but not 4.2; just ~ causes $HOME to be inserted, hence the $tilde
-	# of the commit hash. The time portion ensures that two pseudo-versions can
+# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
-	# be compared to determine which happened later, the commit hash identifes
+if [[ "$VERSION" == *-dev ]]; then
-	# the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+    # based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
-	# as a pre-release before version v0.0.0, so that the go command prefers any
+    #
-	# tagged release over any pseudo-version.
+    # using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
-	gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+    # where the time is the commit time in UTC and the final suffix is the prefix
    # of the commit hash. The time portion ensures that two pseudo-versions can
    # be compared to determine which happened later, the commit hash identifes
    # the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
    # as a pre-release before version v0.0.0, so that the go command prefers any
    # tagged release over any pseudo-version.
    gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
    gitDate="$($DATE_COMMAND --utc --date "@$gitUnix" +'%Y%m%d%H%M%S')"
    gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
    debVersion="0.0.0-${gitDate}-${gitCommit}"
    origVersion=$debVersion
-	if [ "$(uname)" = "Darwin" ]; then
+    # verify that nightly builds are always < actual releases
-		# Using BSD date (macOS), which doesn't support the --date option
+    #
-		# date -jf "<input format>" "<input value>" +"<output format>" (https://unix.stackexchange.com/a/86510)
+    # $ dpkg --compare-versions 1.5.0 gt 1.5.0~rc1 && echo true || echo false
-		gitDate="$(TZ=UTC date -u -jf "%s" "$gitUnix" +'%Y%m%d%H%M%S')"
+    # true
-	else
+    # $ dpkg --compare-versions 1.5.0~rc1 gt 0.0.0-20180719213347-5daff5a && echo true || echo false
-		# Using GNU date (Linux)
+    # true
-		gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
+    # $ dpkg --compare-versions 18.06.0-ce-rc3 gt 18.06.0-ce-rc2  && echo true || echo false
-	fi
+    # true
-
+    # $ dpkg --compare-versions 18.06.0-ce gt 18.06.0-ce-rc2  && echo true || echo false
-	gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
+    # false
-	# generated version is now something like '0.0.0-20180719213702-cd5e2db'
+    # $ dpkg --compare-versions 18.06.0-ce-rc3 gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
-	origVersion="0.0.0-${gitDate}-${gitCommit}" # (using hyphens)
+    # true
-	debVersion="0.0.0~${gitDate}.${gitCommit}"  # (using tilde and periods)
+    # $ dpkg --compare-versions 18.06.0-ce gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
-
+    # true
-	# verify that nightly builds are always < actual releases
+    # $ dpkg --compare-versions 0.0.0-20180719213702-cd5e2db gt 0.0.0-20180719213347-5daff5a && echo true || echo false
-	#
+    # true
 	# $ dpkg --compare-versions 1.5.0 gt 1.5.0~rc1 && echo true || echo false
 	# true
 	# $ dpkg --compare-versions 1.5.0~rc1 gt 0.0.0-20180719213347-5daff5a && echo true || echo false
 	# true
 	# $ dpkg --compare-versions 18.06.0-ce-rc3 gt 18.06.0-ce-rc2  && echo true || echo false
 	# true
 	# $ dpkg --compare-versions 18.06.0-ce gt 18.06.0-ce-rc2  && echo true || echo false
 	# false
 	# $ dpkg --compare-versions 18.06.0-ce-rc3 gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
 	# true
 	# $ dpkg --compare-versions 18.06.0-ce gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
 	# true
 	# $ dpkg --compare-versions 0.0.0-20180719213702-cd5e2db gt 0.0.0-20180719213347-5daff5a && echo true || echo false
 	# true
 fi
 echo "$debVersion" "$origVersion"
--- a/deb/raspbian-bookworm/Dockerfile
+++ b/deb/raspbian-bookworm/Dockerfile
@ -1,40 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=raspbian
 ARG SUITE=bookworm
 ARG VERSION_ID=12
 ARG BUILD_IMAGE=balenalib/rpi-raspbian:${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ARG COMMON_FILES
 COPY --link ${COMMON_FILES} /root/build-deb/debian
 RUN apt-get update \
 && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY --link sources/ /sources
 ARG DISTRO
 ARG SUITE
 ARG VERSION_ID
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 ENV VERSION_ID=${VERSION_ID}
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/raspbian-bullseye/Dockerfile
+++ b/deb/raspbian-bullseye/Dockerfile
@ -1,40 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=raspbian
 ARG SUITE=bullseye
 ARG VERSION_ID=11
 ARG BUILD_IMAGE=balenalib/rpi-raspbian:${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ARG COMMON_FILES
 COPY --link ${COMMON_FILES} /root/build-deb/debian
 RUN apt-get update \
 && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY --link sources/ /sources
 ARG DISTRO
 ARG SUITE
 ARG VERSION_ID
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 ENV VERSION_ID=${VERSION_ID}
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/raspbian-buster/Dockerfile
+++ b/deb/raspbian-buster/Dockerfile
@ -0,0 +1,29 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=balenalib/rpi-raspbian:buster
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ARG GO_VERSION
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV DOCKER_BUILDTAGS apparmor seccomp selinux
 ENV RUNC_BUILDTAGS apparmor seccomp selinux
 ARG COMMON_FILES
 COPY ${COMMON_FILES} /root/build-deb/debian
 RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY sources/ /sources
 ENV DISTRO raspbian
 ENV SUITE buster
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/raspbian-stretch/Dockerfile
+++ b/deb/raspbian-stretch/Dockerfile
@ -0,0 +1,29 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=balenalib/rpi-raspbian:stretch
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ARG GO_VERSION
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV DOCKER_BUILDTAGS apparmor seccomp selinux
 ENV RUNC_BUILDTAGS apparmor seccomp selinux
 ARG COMMON_FILES
 COPY ${COMMON_FILES} /root/build-deb/debian
 RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY sources/ /sources
 ENV DISTRO raspbian
 ENV SUITE stretch
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/ubuntu-bionic/Dockerfile
+++ b/deb/ubuntu-bionic/Dockerfile
@ -0,0 +1,29 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=ubuntu:bionic
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ARG GO_VERSION
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV DOCKER_BUILDTAGS apparmor seccomp selinux
 ENV RUNC_BUILDTAGS apparmor seccomp selinux
 ARG COMMON_FILES
 COPY ${COMMON_FILES} /root/build-deb/debian
 RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY sources/ /sources
 ENV DISTRO ubuntu
 ENV SUITE bionic
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/ubuntu-cosmic/Dockerfile
+++ b/deb/ubuntu-cosmic/Dockerfile
@ -0,0 +1,35 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=ubuntu:cosmic
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 # Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
 RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
        rm -f /usr/bin/man; \
        dpkg-divert --quiet --remove --rename /usr/bin/man; \
    fi
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ARG GO_VERSION
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV DOCKER_BUILDTAGS apparmor seccomp selinux
 ENV RUNC_BUILDTAGS apparmor seccomp selinux
 ARG COMMON_FILES
 COPY ${COMMON_FILES} /root/build-deb/debian
 RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY sources/ /sources
 ENV DISTRO ubuntu
 ENV SUITE cosmic
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/ubuntu-disco/Dockerfile
+++ b/deb/ubuntu-disco/Dockerfile
@ -0,0 +1,35 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=ubuntu:disco
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 # Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
 RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
        rm -f /usr/bin/man; \
        dpkg-divert --quiet --remove --rename /usr/bin/man; \
    fi
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ARG GO_VERSION
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV DOCKER_BUILDTAGS apparmor seccomp selinux
 ENV RUNC_BUILDTAGS apparmor seccomp selinux
 ARG COMMON_FILES
 COPY ${COMMON_FILES} /root/build-deb/debian
 RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY sources/ /sources
 ENV DISTRO ubuntu
 ENV SUITE disco
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/ubuntu-jammy/Dockerfile
+++ b/deb/ubuntu-jammy/Dockerfile
@ -1,46 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=ubuntu
 ARG SUITE=jammy
 ARG VERSION_ID=22.04
 ARG BUILD_IMAGE=${DISTRO}:${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 # Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
 RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
        rm -f /usr/bin/man; \
        dpkg-divert --quiet --remove --rename /usr/bin/man; \
    fi
 ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ARG COMMON_FILES
 COPY --link ${COMMON_FILES} /root/build-deb/debian
 RUN apt-get update \
 && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY --link sources/ /sources
 ARG DISTRO
 ARG SUITE
 ARG VERSION_ID
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 ENV VERSION_ID=${VERSION_ID}
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/ubuntu-noble/Dockerfile
+++ b/deb/ubuntu-noble/Dockerfile
@ -1,46 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=ubuntu
 ARG SUITE=noble
 ARG VERSION_ID=24.04
 ARG BUILD_IMAGE=${DISTRO}:${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 # Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
 RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
        rm -f /usr/bin/man; \
        dpkg-divert --quiet --remove --rename /usr/bin/man; \
    fi
 ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ARG COMMON_FILES
 COPY --link ${COMMON_FILES} /root/build-deb/debian
 RUN apt-get update \
 && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY --link sources/ /sources
 ARG DISTRO
 ARG SUITE
 ARG VERSION_ID
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 ENV VERSION_ID=${VERSION_ID}
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/ubuntu-oracular/Dockerfile
+++ b/deb/ubuntu-oracular/Dockerfile
@ -1,46 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=ubuntu
 ARG SUITE=oracular
 ARG VERSION_ID=24.10
 ARG BUILD_IMAGE=${DISTRO}:${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 # Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
 RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
        rm -f /usr/bin/man; \
        dpkg-divert --quiet --remove --rename /usr/bin/man; \
    fi
 ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ARG COMMON_FILES
 COPY --link ${COMMON_FILES} /root/build-deb/debian
 RUN apt-get update \
 && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY --link sources/ /sources
 ARG DISTRO
 ARG SUITE
 ARG VERSION_ID
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 ENV VERSION_ID=${VERSION_ID}
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/ubuntu-plucky/Dockerfile
+++ b/deb/ubuntu-plucky/Dockerfile
@ -1,46 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=ubuntu
 ARG SUITE=plucky
 ARG VERSION_ID=25.04
 ARG BUILD_IMAGE=${DISTRO}:${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 # Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
 RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
        rm -f /usr/bin/man; \
        dpkg-divert --quiet --remove --rename /usr/bin/man; \
    fi
 ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ARG COMMON_FILES
 COPY --link ${COMMON_FILES} /root/build-deb/debian
 RUN apt-get update \
 && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY --link sources/ /sources
 ARG DISTRO
 ARG SUITE
 ARG VERSION_ID
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 ENV VERSION_ID=${VERSION_ID}
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/deb/ubuntu-xenial/Dockerfile
+++ b/deb/ubuntu-xenial/Dockerfile
@ -0,0 +1,29 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=ubuntu:xenial
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 RUN apt-get update && apt-get install -y curl devscripts equivs git
 ARG GO_VERSION
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV DOCKER_BUILDTAGS apparmor seccomp selinux
 ENV RUNC_BUILDTAGS apparmor seccomp selinux
 ARG COMMON_FILES
 COPY ${COMMON_FILES} /root/build-deb/debian
 RUN mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
 COPY sources/ /sources
 ENV DISTRO ubuntu
 ENV SUITE xenial
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/build-deb
 COPY build-deb /root/build-deb/build-deb
 ENTRYPOINT ["/root/build-deb/build-deb"]
--- a/distros.json
+++ b/distros.json
@ -1,141 +0,0 @@
 {
    "centos-9": {
        "image": "quay.io/centos/centos:stream9",
        "arches": [
            "amd64",
            "aarch64"
        ],
        "description": "CentOS Stream 9",
        "end_of_life": "2027"
    },
    "centos-10": {
        "image": "quay.io/centos/centos:stream10",
        "arches": [
            "amd64",
            "aarch64"
        ],
        "description": "CentOS Stream 10",
        "end_of_life": "2030"
    },
    "debian-bullseye": {
        "image": "debian:bullseye",
        "arches": [
            "amd64",
            "aarch64",
            "armhf"
        ],
        "description": "Debian 11 (oldstable)"
    },
    "debian-bookworm": {
        "image": "debian:bookworm",
        "arches": [
            "amd64",
            "aarch64",
            "armhf"
        ],
        "description": "Debian 12 (stable)"
    },
    "debian-trixie": {
        "image": "debian:trixie",
        "arches": [
            "amd64",
            "aarch64",
            "armhf"
        ],
        "description": "Debian 13 (Next stable)"
    },
    "fedora-41": {
        "image": "fedora:41",
        "arches": [
            "amd64",
            "aarch64"
        ],
        "end_of_life": "November, 2025"
    },
    "fedora-42": {
        "image": "fedora:42",
        "arches": [
            "amd64",
            "aarch64"
        ],
        "end_of_life": "November, 2025"
    },
    "raspbian-bullseye": {
        "image": "balenalib/rpi-raspbian:bullseye",
        "arches": [
            "armhf"
        ],
        "description": "Debian/Raspbian 11 (stable)"
    },
    "raspbian-bookworm": {
        "image": "balenalib/rpi-raspbian:bookworm",
        "arches": [
            "armhf"
        ],
        "description": "Debian/Raspbian 12 (next stable)"
    },
    "ubuntu-jammy": {
        "image": "ubuntu:jammy",
        "arches": [
            "amd64",
            "aarch64",
            "armhf"
        ],
        "description": "Ubuntu 22.04 LTS",
        "end_of_life": "04-2032",
        "end_of_support": "04-2027"
    },
    "ubuntu-noble": {
        "image": "ubuntu:noble",
        "arches": [
            "amd64",
            "aarch64",
            "armhf"
        ],
        "description": "Ubuntu 24.04 LTS",
        "end_of_life": "04-2034",
        "end_of_support": "06-2029"
    },
    "ubuntu-oracular": {
        "image": "ubuntu:oracular",
        "arches": [
            "amd64",
            "aarch64",
            "armhf"
        ],
        "description": "Ubuntu 24.10",
        "end_of_life": "07-2025",
        "end_of_support": "07-2025"
    },
    "ubuntu-plucky": {
        "image": "ubuntu:plucky",
        "arches": [
            "amd64",
            "aarch64",
            "armhf"
        ],
        "description": "Ubuntu 25.04",
        "end_of_life": "01-2026",
        "end_of_support": "01-2026"
    },
    "rhel-8": {
        "image": "registry.access.redhat.com/ubi8/ubi",
        "arches": [
            "amd64",
            "aarch64"
        ],
        "description": "Red Hat Enterprise Linux 8",
        "end_of_life": "05-2029",
        "end_of_support": "05-2024"
    },
    "rhel-9": {
        "image": "registry.access.redhat.com/ubi9/ubi",
        "arches": [
            "amd64",
            "aarch64"
        ],
        "description": "Red Hat Enterprise Linux 9",
        "end_of_life": "05-2032",
        "end_of_support": "05-2027"
    }
 }
--- a/image/Dockerfile.engine
+++ b/image/Dockerfile.engine
@ -0,0 +1,101 @@
 # Common builder
 ARG GO_IMAGE
 FROM ${GO_IMAGE} as builder
 COPY hack/dockerfile/install/tini.installer /
 COPY hack/dockerfile/install/proxy.installer /
 RUN apt-get update && apt-get install -y \
    bash \
    btrfs-tools \
    ca-certificates \
    cmake \
    gcc \
    git \
    libc-dev \
    libgcc-6-dev \
    libltdl-dev \
    libseccomp-dev \
    libtool \
    make
 RUN grep "_COMMIT=" /*.installer  |cut -f2- -d: > /binaries-commits
 # dockerd
 FROM builder as dockerd-builder
 RUN apt-get install -y \
    libsystemd-dev
 WORKDIR /go/src/github.com/docker/docker
 COPY . /go/src/github.com/docker/docker
 ARG VERSION
 ARG GITCOMMIT
 ARG BUILDTIME
 ARG PLATFORM
 ARG PRODUCT
 ARG DEFAULT_PRODUCT_LICENSE
 ENV VERSION ${VERSION}
 ENV GITCOMMIT ${GITCOMMIT}
 ENV BUILDTIME ${BUILDTIME}
 ENV PLATFORM ${PLATFORM}
 ENV PRODUCT ${PRODUCT}
 ENV DEFAULT_PRODUCT_LICENSE ${DEFAULT_PRODUCT_LICENSE}
 # TODO The way we set the version could easily be simplified not to depend on hack/...
 RUN bash ./hack/make/.go-autogen
 RUN go build -o /sbin/dockerd \
    -tags 'autogen apparmor seccomp selinux journald exclude_graphdriver_devicemapper' \
    -i \
    -buildmode=pie \
    -a -ldflags '-w'\
    github.com/docker/docker/cmd/dockerd
 # docker-proxy
 # TODO if libnetwork folds into the docker tree this can be combined above
 FROM builder as proxy-builder
 RUN git clone https://github.com/docker/libnetwork.git /go/src/github.com/docker/libnetwork
 WORKDIR /go/src/github.com/docker/libnetwork
 RUN . /binaries-commits && \
    git checkout -q "$LIBNETWORK_COMMIT" && \
    CGO_ENABLED=0 go build -buildmode=pie -ldflags="$PROXY_LDFLAGS" \
        -o /sbin/docker-proxy \
        github.com/docker/libnetwork/cmd/proxy
 # docker-init - TODO move this out, last time we bumped was 2016!
 FROM builder as init-builder
 RUN git clone https://github.com/krallin/tini.git /tini
 WORKDIR /tini
 RUN . /binaries-commits && \
    git checkout -q "$TINI_COMMIT" && \
    cmake . && make tini-static && \
    cp tini-static /sbin/docker-init
 # runc
 FROM builder as runc-builder
 RUN apt-get install -y libseccomp-dev
 RUN git clone https://github.com/opencontainers/runc.git /go/src/github.com/opencontainers/runc
 WORKDIR /go/src/github.com/opencontainers/runc
 RUN . /binaries-commits && \
    git checkout -q "$RUNC_COMMIT" && \
    make BUILDTAGS='seccomp apparmor' static && make install
 # Final docker image
 FROM scratch
 ARG VERSION
 ARG GITCOMMIT
 ARG BUILDTIME
 ARG PLATFORM
 ARG ENGINE_IMAGE
 COPY --from=dockerd-builder /sbin/dockerd /bin/
 COPY --from=proxy-builder /sbin/docker-proxy /bin/
 COPY --from=init-builder /sbin/docker-init /bin/
 COPY --from=runc-builder /usr/local/sbin/runc /bin/
 LABEL \
    org.opencontainers.image.authors="Docker Inc." \
    org.opencontainers.image.created="${BUILDTIME}" \
    org.opencontainers.image.documentation="https://docs.docker.com/" \
    org.opencontainers.image.licenses="Apache-2.0" \
    org.opencontainers.image.revision="${GITCOMMIT}" \
    org.opencontainers.image.url="https://www.docker.com/products/docker-engine" \
    org.opencontainers.image.vendor="Docker Inc." \
    org.opencontainers.image.version="${VERSION}" \
    com.docker.distribution_based_engine="{\"platform\":\"${PLATFORM}\",\"engine_image\":\"${ENGINE_IMAGE}\",\"containerd_min_version\":\"1.2.0-beta.1\",\"runtime\":\"host_install\"}"
 ENTRYPOINT ["/bin/dockerd"]
--- a/image/Dockerfile.engine-dm
+++ b/image/Dockerfile.engine-dm
@ -0,0 +1,97 @@
 # Common builder
 ARG GO_IMAGE
 ARG BASE_IMAGE=centos:7
 FROM ${GO_IMAGE} as golang
 FROM ${BASE_IMAGE} as builder
 ENV GOPATH=/go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH 1
 COPY --from=golang /usr/local/go /usr/local/go
 COPY hack/dockerfile/install/tini.installer /
 COPY hack/dockerfile/install/proxy.installer /
 RUN yum install -y \
    bash \
    ca-certificates \
    cmake \
    gcc \
    git \
    glibc-static \
    libtool \
    make
 RUN grep "_COMMIT=" /*.installer  |cut -f2- -d: > /binaries-commits
 # dockerd
 FROM builder as dockerd-builder
 RUN yum install -y \
    btrfs-progs-devel \
    device-mapper-devel \
    libseccomp-devel \
    selinux-policy-devel \
    systemd-devel
 WORKDIR /go/src/github.com/docker/docker
 COPY . /go/src/github.com/docker/docker
 ARG VERSION
 ARG GITCOMMIT
 ARG BUILDTIME
 ARG PLATFORM
 ARG PRODUCT
 ARG DEFAULT_PRODUCT_LICENSE
 ENV VERSION ${VERSION}
 ENV GITCOMMIT ${GITCOMMIT}
 ENV BUILDTIME ${BUILDTIME}
 ENV PLATFORM ${PLATFORM}
 ENV PRODUCT ${PRODUCT}
 ENV DEFAULT_PRODUCT_LICENSE ${DEFAULT_PRODUCT_LICENSE}
 # TODO The way we set the version could easily be simplified not to depend on hack/...
 RUN bash ./hack/make/.go-autogen
 RUN go build -o /dockerd \
    -tags 'autogen apparmor seccomp selinux journald' \
    -i \
    -buildmode=pie \
    -a -ldflags '-w'\
    github.com/docker/docker/cmd/dockerd
 # docker-proxy
 # TODO if libnetwork folds into the docker tree this can be combined above
 FROM builder as proxy-builder
 RUN git clone https://github.com/docker/libnetwork.git /go/src/github.com/docker/libnetwork
 WORKDIR /go/src/github.com/docker/libnetwork
 RUN . /binaries-commits && \
    git checkout -q "$LIBNETWORK_COMMIT" && \
    go build -buildmode=pie -ldflags="-w" \
        -o /docker-proxy \
        github.com/docker/libnetwork/cmd/proxy
 # docker-init - TODO move this out, last time we bumped was 2016!
 FROM builder as init-builder
 RUN git clone https://github.com/krallin/tini.git /tini
 WORKDIR /tini
 RUN . /binaries-commits && \
    git checkout -q "$TINI_COMMIT" && \
    cmake . && make tini-static && \
    cp tini-static /docker-init
 # Final docker image
 FROM scratch
 ARG VERSION
 ARG GITCOMMIT
 ARG BUILDTIME
 ARG PLATFORM
 ARG ENGINE_IMAGE
 COPY --from=dockerd-builder /dockerd /bin/
 COPY --from=proxy-builder /docker-proxy /bin/
 COPY --from=init-builder /docker-init /bin/
 LABEL \
    org.opencontainers.image.authors="Docker Inc." \
    org.opencontainers.image.created="${BUILDTIME}" \
    org.opencontainers.image.documentation="https://docs.docker.com/" \
    org.opencontainers.image.licenses="Apache-2.0" \
    org.opencontainers.image.revision="${GITCOMMIT}" \
    org.opencontainers.image.url="https://www.docker.com/products/docker-engine" \
    org.opencontainers.image.vendor="Docker Inc." \
    org.opencontainers.image.version="${VERSION}" \
    com.docker.distribution_based_engine="{\"platform\":\"${PLATFORM}\",\"engine_image\":\"${ENGINE_IMAGE}\",\"containerd_min_version\":\"1.2.0-beta.1\",\"runtime\":\"host_install\"}"
 ENTRYPOINT ["/bin/dockerd"]
--- a/image/Makefile
+++ b/image/Makefile
@ -0,0 +1,85 @@
 include ../common.mk
 CLI_DIR:=$(realpath $(CURDIR)/../../cli)
 ENGINE_DIR:=$(realpath $(CURDIR)/../../engine)
 GO_BASE_IMAGE=golang
 ENGINE_GO_IMAGE=$(GO_BASE_IMAGE):$(GO_VERSION)-stretch
 STATIC_VERSION:=$(shell ../static/gen-static-ver $(ENGINE_DIR) $(VERSION))
 DOCKER_HUB_ORG?=dockereng
 ENGINE_IMAGE?=engine-community
 CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
 IMAGE_WITH_TAG=$(DOCKER_HUB_ORG)/$(ENGINE_IMAGE):$(STATIC_VERSION)
 ifdef BASE_IMAGE
 	# TODO: Clean this up to only set ENGINE_GO_IMAGE
 	BASE_IMAGE_FLAG=--build-arg BASE_IMAGE=$(BASE_IMAGE)
 	ENGINE_GO_IMAGE=$(BASE_IMAGE)
 endif
 IMAGE_BUILD?=docker build -t  $(IMAGE_WITH_TAG) \
 	--build-arg GO_IMAGE="$(ENGINE_GO_IMAGE)" \
 	--build-arg VERSION="$(STATIC_VERSION)" \
 	--build-arg GITCOMMIT="$$(cd $(ENGINE_DIR) && git rev-parse --short=7 HEAD)" \
 	--build-arg BUILDTIME="$(BUILDTIME)" \
 	--build-arg PLATFORM="$(PLATFORM)" \
 	--build-arg PRODUCT="$(PRODUCT)" \
 	--build-arg ENGINE_IMAGE="$(ENGINE_IMAGE)" \
 	--build-arg DEFAULT_PRODUCT_LICENSE="$(DEFAULT_PRODUCT_LICENSE)" \
 	$(BASE_IMAGE_FLAG) \
 	--file $< $(ENGINE_DIR)
 .PHONY: help
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 .PHONY: clean
 clean: ## remove build artifacts
 	-$(RM) $(ENGINE_DIR)/Dockerfile.engine
 	-$(RM) $(ENGINE_DIR)/Dockerfile.engine-dm
 	-docker rmi $(IMAGE_WITH_TAG)
 	-docker rmi $(IMAGE_WITH_TAG)-dm
 	-rm -f image-linux
 	-$(RM) -r artifacts
 	-$(RM) *.tar
 .PHONY: image
 image: image-linux
 $(ENGINE_DIR)/Dockerfile.%: Dockerfile.%
 	cp $< $@
 DOCKER2OCI=artifacts/docker2oci
 $(DOCKER2OCI):
 	-$(CHOWN) -R $(shell id -u):$(shell id -g) $(@D)
 	docker run --name docker2oci $(ENGINE_GO_IMAGE) sh -c 'go get github.com/coolljt0725/docker2oci'
 	mkdir -p $(@D)
 	docker cp docker2oci:/go/bin/docker2oci "$@"
 	docker rm -f docker2oci
 	$(CHOWN) -R $(shell id -u):$(shell id -g) $(@D)
 # builds across multiple archs because the base images
 # utilize manifests
 image-linux: $(ENGINE_DIR)/Dockerfile.engine
 	$(IMAGE_BUILD)
 	echo $(IMAGE_WITH_TAG) > $@
 engine-$(ARCH).tar: engine-$(ARCH)-docker-compat.tar $(DOCKER2OCI)
 	mkdir -p artifacts
 	./$(DOCKER2OCI) -i $< artifacts/engine-image
 	mkdir -p $(@D)
 	tar c -C artifacts/engine-image . > $@
 engine-$(ARCH)-docker-compat.tar: image-linux
 	docker save -o $@ $$(cat $<)
 image-linux-dm: ENGINE_IMAGE:=$(ENGINE_IMAGE)-dm
 image-linux-dm: $(ENGINE_DIR)/Dockerfile.engine-dm
 	$(IMAGE_BUILD)
 	echo $(IMAGE_WITH_TAG) > $@
 engine-$(ARCH)-dm.tar: engine-$(ARCH)-dm-docker-compat.tar $(DOCKER2OCI)
 	mkdir -p artifacts
 	./$(DOCKER2OCI) -i $< artifacts/engine-image
 	mkdir -p $(@D)
 	tar c -C artifacts/engine-image . > $@
 engine-$(ARCH)-dm-docker-compat.tar: image-linux-dm
 	docker save -o $@ $$(cat $<)
--- a/85
+++ b/85
@ -1,85 +0,0 @@
 #!/usr/bin/env bash
 ###
 # Script Name:  install-containerd-helpers
 #
 # Description: A library that containers helpers to install containerd on different
 #              distributions based on a package manager
 ###
 set -x extglob
 # Steps taken from: https://docs.docker.com/install/linux/docker-ce/centos/
 function install_rpm_containerd() {
 	if [ "${PACKAGE_REPO}" = "stage" ]; then
 		REPO_URL="https://download-stage.docker.com/linux/${DIST_ID}/docker-ce-staging.repo"
 	else
 		REPO_URL="https://download.docker.com/linux/${DIST_ID}/docker-ce.repo"
 	fi
 	# Install containerd dependency for non-zypper dependecies
 	echo "[DEBUG] Installing engine dependencies from ${REPO_URL}"
 	# Note: we enable test channel to be able to test non-stable containerd packages as well.
 	# Once a containerd package becomes stable it will also be available in the test channel,
 	# so this logic works for both cases.
 	# (See also same logic in install_debian_containerd)
 	if command -v dnf5; then
 		dnf --version
 		# FIXME(thaJeztah); strip empty lines as workaround for https://github.com/rpm-software-management/dnf5/issues/1603
 		TMP_REPO_FILE="$(mktemp --dry-run)"
 		curl -fsSL "${REPO_URL}" | tr -s '\n' > "${TMP_REPO_FILE}"
 		dnf config-manager addrepo --save-filename=docker-ce.repo  --overwrite --from-repofile="${TMP_REPO_FILE}"
 		rm -f "${TMP_REPO_FILE}"
 		# dnf config-manager addrepo --save-filename=docker-ce.repo --from-repofile="${REPO_URL}"
 		dnf config-manager setopt 'docker-ce-*.enabled=0'
 		dnf config-manager setopt 'docker-ce-test.enabled=1'
 		dnf makecache
 	elif command -v dnf; then
 		dnf --version
 		dnf config-manager --add-repo "${REPO_URL}"
 		dnf config-manager --set-disabled 'docker-ce-*'
 		dnf config-manager --set-enabled 'docker-ce-test'
 		dnf makecache
 	else
 		yum-config-manager --add-repo "${REPO_URL}"
 		yum-config-manager --disable 'docker-ce-*'
 		yum-config-manager --enable 'docker-ce-test'
 		yum makecache
 	fi
 }
 # Steps taken from: https://docs.docker.com/install/linux/docker-ce/ubuntu/
 function install_debian_containerd() {
 	if [ "${PACKAGE_REPO}" = "stage" ]; then
 		REPO_URL="https://download-stage.docker.com/linux/${DIST_ID}"
 	else
 		REPO_URL="https://download.docker.com/linux/${DIST_ID}"
 	fi
 	echo "[DEBUG] Installing engine dependencies from ${REPO_URL}"
 	#TODO include this step in the get.docker.com installation script
 	# Make sure ca-certificates are up-to-date
 	update-ca-certificates -f
 	install -m 0755 -d /etc/apt/keyrings
 	curl -fsSL "${REPO_URL}/gpg" | tee /etc/apt/keyrings/docker.asc
 	chmod a+r /etc/apt/keyrings/docker.asc
 	if [ "${DIST_VERSION}" = "sid" ]; then
 		echo 'Debian sid ("unstable") cannot be used for packaging: replace with the actual codename'
 		exit 1
 	fi
 	ARCH=$(dpkg --print-architecture)
 	# Note: we enable test channel to be able to test non-stable containerd packages as well.
 	# Once a containerd package becomes stable it will also be available in the test channel,
 	# so this logic works for both cases.
 	# (See also same logic in install_rpm_containerd)
 	echo "deb [arch=${ARCH} signed-by=/etc/apt/keyrings/docker.asc] ${REPO_URL} ${DIST_VERSION} test" > /etc/apt/sources.list.d/docker.list
 	apt-get update
 }
--- a/plugins/.common
+++ b/plugins/.common
@ -0,0 +1,37 @@
 #!/usr/bin/env bash
 DESTDIR=${DESTDIR:-}
 PREFIX=${PREFIX:-/usr/local}
 add_github_ssh_host() {
    # You're not able to clone from github unless you add to known_hosts
    if ! grep ~/.ssh/known_hosts "github.com" >/dev/null 2>/dev/null; then
        mkdir -p ~/.ssh
        ssh-keyscan github.com >> ~/.ssh/known_hosts
    fi
 }
 install_binary() {
    for binary in "$@"; do
        mkdir -p "${DESTDIR}${PREFIX}"
        install -p -m 755 "${binary}" "${DESTDIR}${PREFIX}"
    done
 }
 build_or_install() {
    case $1 in
        build)
            build
            ;;
        build_mac)
            build_mac
            ;;
        install_plugin)
            install_plugin
            ;;
        *)
            echo "Are you sure that's a command? o.O"
            exit 1
            ;;
    esac
 }
--- a/plugins/.gitkeep
+++ b/plugins/.gitkeep
--- a/plugins/app.installer
+++ b/plugins/app.installer
@ -0,0 +1,32 @@
 #!/usr/bin/env bash
 set -e
 source "$(dirname "$0")/.common"
 GOPATH=$(go env GOPATH)
 REPO=https://github.com/docker/app.git
 COMMIT=v0.8.0
 DEST=${GOPATH}/src/github.com/docker/app
 build() {
    if [ ! -d "${DEST}" ]; then
        git clone "${REPO}" "${DEST}"
    fi
    (
        cd "${DEST}"
        git fetch --all
        git checkout -q "${COMMIT}"
        # There's no real versions yet, but this'll just leave it blank
        make dynamic
    )
 }
 install_plugin() {
    (
        cd "${DEST}"
        install_binary bin/docker-app
    )
 }
 build_or_install "$@"
--- a/plugins/buildx.installer
+++ b/plugins/buildx.installer
@ -0,0 +1,35 @@
 #!/usr/bin/env bash
 set -e
 source "$(dirname "$0")/.common"
 PKG=github.com/docker/buildx
 GOPATH=$(go env GOPATH)
 REPO=https://${PKG}.git
 : "${BUILDX_COMMIT=v0.3.1}"
 DEST=${GOPATH}/src/${PKG}
 build() {
    if [ ! -d "${DEST}" ]; then
        git clone "${REPO}" "${DEST}"
    fi
    (
        cd "${DEST}"
        git fetch --all
        git checkout -q "${BUILDX_COMMIT}"
        local LDFLAGS
        # TODO: unmark `-tp` when no longer a technical preview
        LDFLAGS="-X ${PKG}/version.Version=$(git describe --match 'v[0-9]*' --always --tags)-tp-docker -X ${PKG}/version.Revision=$(git rev-parse HEAD) -X ${PKG}/version.Package=${PKG} -X main.experimental=1"
        set -x
        go build -o bin/docker-buildx -ldflags "${LDFLAGS}" ./cmd/buildx
    )
 }
 install_plugin() {
    (
        cd "${DEST}"
        install_binary bin/docker-buildx
    )
 }
 build_or_install "$@"
--- a/rpm/Makefile
+++ b/rpm/Makefile
@ -1,75 +1,46 @@
 include ../common.mk
 CLI_DIR:=$(realpath $(CURDIR)/../../cli)
 ENGINE_DIR:=$(realpath $(CURDIR)/../../engine)
 PLUGINS_DIR=$(realpath $(CURDIR)/../plugins)
 GITCOMMIT=$(shell cd $(ENGINE_DIR) && git rev-parse --short HEAD)
 STATIC_VERSION:=$(shell ../static/gen-static-ver $(ENGINE_DIR) $(VERSION))
 GO_BASE_IMAGE=golang
-GO_IMAGE?=$(GO_BASE_IMAGE):$(GO_VERSION)-bookworm
+GO_IMAGE?=$(GO_BASE_IMAGE):$(GO_VERSION)-stretch
-GEN_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/cli) "$(VERSION)")
+GEN_RPM_VER=$(shell ./gen-rpm-ver $(CLI_DIR) $(VERSION))
-GEN_BUILDX_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/buildx) "$(DOCKER_BUILDX_REF)")
+CHOWN=docker run --rm -i -v $(CURDIR):/v -w /v alpine chown
 GEN_COMPOSE_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/compose) "$(DOCKER_COMPOSE_REF)")
 GEN_MODEL_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/model-cli) "$(DOCKER_MODEL_REF)")
 CLI_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/cli) && git rev-parse --short HEAD)
 ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD)
 BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD)
-ifdef RH_USER
+DOCKERFILE=Dockerfile
-	RH_FLAGS=--secret id=rh-user,env=RH_USER --secret id=rh-pass,env=RH_PASS
+ifdef NEEDS_ARCH_SPECIFIC
 	DOCKERFILE=Dockerfile.$(ARCH)
 endif
 ifdef BUILD_IMAGE
 	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
 endif
-BUILD?=DOCKER_BUILDKIT=1 \
+BUILD?=docker build \
 	docker build \
 	$(RH_FLAGS) \
 	$(BUILD_IMAGE_FLAG) \
 	--build-arg GO_IMAGE=$(GO_IMAGE) \
 	-t rpmbuild-$@/$(ARCH) \
-	--platform linux/$(ARCH) \
+	-f $@/$(DOCKERFILE) \
 	-f $@/Dockerfile \
 	.
-
+SPEC_FILES?=docker-ce.spec docker-ce-cli.spec
 SPEC_FILES?=docker-ce.spec docker-ce-cli.spec docker-ce-rootless-extras.spec docker-buildx-plugin.spec docker-compose-plugin.spec docker-model-plugin.spec
 SPECS?=$(addprefix SPECS/, $(SPEC_FILES))
 RPMBUILD=docker run --privileged --rm -i \
 	-e PLATFORM \
 	-v $(CURDIR)/rpmbuild/SOURCES:/root/rpmbuild/SOURCES \
 	-v $(CURDIR)/rpmbuild/RPMS:/root/rpmbuild/RPMS \
 	-v $(CURDIR)/rpmbuild/SRPMS:/root/rpmbuild/SRPMS
 RPMBUILD_FLAGS?=-ba\
-	--define '_gitcommit_cli $(CLI_GITCOMMIT)' \
+	--define '_gitcommit $(word 3,$(GEN_RPM_VER))' \
 	--define '_gitcommit_engine $(ENGINE_GITCOMMIT)' \
 	--define '_release $(word 2,$(GEN_RPM_VER))' \
 	--define '_version $(word 1,$(GEN_RPM_VER))' \
 	--define '_origversion $(word 4, $(GEN_RPM_VER))' \
 	--define '_buildx_rpm_version $(word 1,$(GEN_BUILDX_RPM_VER))' \
 	--define '_buildx_version $(word 4,$(GEN_BUILDX_RPM_VER))' \
 	--define '_buildx_gitcommit $(BUILDX_GITCOMMIT)' \
 	--define '_compose_rpm_version $(word 1,$(GEN_COMPOSE_RPM_VER))' \
 	--define '_compose_version $(word 4,$(GEN_COMPOSE_RPM_VER))' \
 	--define '_model_rpm_version $(word 1,$(GEN_MODEL_RPM_VER))' \
 	--define '_model_version $(word 4,$(GEN_MODEL_RPM_VER))' \
 	$(RPMBUILD_EXTRA_FLAGS) \
 	$(SPECS)
 RUN?=$(RPMBUILD) rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
-# Additional flags may be necessary at some point
+SOURCE_FILES=engine-image engine.tgz cli.tgz docker.service docker.socket distribution_based_engine.json plugin-installers.tgz
-RUN_FLAGS=
+SOURCES=$(addprefix rpmbuild/SOURCES/, $(SOURCE_FILES))
 # FIXME(thaJeztah): disabling seccomp to handle (ppc64le) tar "chown / chmod"
 # failing when running in a Fedora 40 container on a Debian bookworm host;
 # see https://github.com/docker/docker-ce-packaging/issues/1012 and
 # https://github.com/docker/docker-ce-packaging/pull/1006#issuecomment-2006878743
 RUN?=docker run --rm \
 	--security-opt seccomp=unconfined \
 	--platform linux/$(ARCH) \
 	-e PLATFORM \
 	-v $(CURDIR)/rpmbuild/SOURCES:/root/rpmbuild/SOURCES:ro \
 	-v $(CURDIR)/rpmbuild/$@/RPMS:/root/rpmbuild/RPMS \
 	-v $(CURDIR)/rpmbuild/$@/SRPMS:/root/rpmbuild/SRPMS \
 	$(RUN_FLAGS) \
 	rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
 FEDORA_RELEASES ?= fedora-41 fedora-42
 CENTOS_RELEASES ?= centos-9 centos-10
 RHEL_RELEASES ?= rhel-8 rhel-9
 DISTROS := $(FEDORA_RELEASES) $(CENTOS_RELEASES) $(RHEL_RELEASES)
 BUNDLES := $(patsubst %,rpmbuild/bundles-ce-%-$(DPKG_ARCH).tar.gz,$(DISTROS))
 .PHONY: help
 help: ## show make targets
@ -79,73 +50,77 @@ help: ## show make targets
 clean: ## remove build artifacts
 	[ ! -d rpmbuild ] || $(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
 	$(RM) -r rpmbuild/
-	-docker builder prune -f --filter until=24h
+	[ ! -d artifacts ] || $(CHOWN) -R $(shell id -u):$(shell id -g) artifacts
 	$(RM) -r artifacts/
 	[ ! -d tmp ] || $(CHOWN) -R $(shell id -u):$(shell id -g) tmp
 	$(RM) -r tmp/
 	-docker rm docker2oci
 	$(MAKE) -C ../image clean
 .PHONY: rpm
 rpm: fedora centos ## build all rpm packages
 .PHONY: fedora
-fedora: $(FEDORA_RELEASES) ## build all fedora rpm packages
+fedora: fedora-31 fedora-30 fedora-29 fedora-28 ## build all fedora rpm packages
 .PHONY: centos
-centos: $(CENTOS_RELEASES) ## build all centos rpm packages
+centos: centos-7 ## build all centos rpm packages
-.PHONY: rhel
+.PHONY: fedora-%
-rhel: $(RHEL_RELEASES) ## build all rhel rpm packages
+fedora-%: ## build fedora rpm packages
-
+fedora-%: $(SOURCES)
-.PHONY: $(DISTROS)
+	$(CHOWN) -R root:root rpmbuild
 $(DISTROS): sources
 	@echo "== Building packages for $@ =="
 	mkdir -p "rpmbuild/$@"
 	$(BUILD)
 	$(RUN)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) "rpmbuild/$@"
+	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
-.PHONY: sources
+.PHONY: centos-7
-sources: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/buildx.tgz rpmbuild/SOURCES/compose.tgz rpmbuild/SOURCES/model.tgz
+centos-7: ## build centos-7 rpm packages
 centos-7: $(SOURCES)
 	$(CHOWN) -R root:root rpmbuild
 	$(BUILD)
 	$(RUN)
 	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
 rpmbuild/SOURCES/engine.tgz:
-	mkdir -p $(@D)
+	mkdir -p rpmbuild/SOURCES
-	docker run --rm -w /v \
+	docker run --rm -i -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/docker):/engine \
+		-v $(ENGINE_DIR):/engine \
-		-v $(CURDIR)/$(@D):/v \
+		-v $(CURDIR)/rpmbuild/SOURCES:/v \
 		alpine \
 		tar -C / -c -z -f /v/engine.tgz --exclude .git engine
 rpmbuild/SOURCES/cli.tgz:
-	mkdir -p $(@D)
+	mkdir -p rpmbuild/SOURCES
-	docker run --rm -w /v \
+	docker run --rm -i -w /v \
-		-v $(realpath $(CURDIR)/../src/github.com/docker/cli):/cli \
+		-v $(CLI_DIR):/cli \
-		-v $(CURDIR)/$(@D):/v \
+		-v $(CURDIR)/rpmbuild/SOURCES:/v \
 		alpine \
 		tar -C / -c -z -f /v/cli.tgz --exclude .git cli
-rpmbuild/SOURCES/buildx.tgz:
+rpmbuild/SOURCES/docker.service: ../systemd/docker.service
 	mkdir -p $(@D)
-	docker run --rm -w /v \
+	cp $< $@
 		-v $(realpath $(CURDIR)/../src/github.com/docker/buildx):/buildx \
 		-v $(CURDIR)/$(@D):/v \
 		alpine \
 		tar -C / -c -z -f /v/buildx.tgz --exclude .git buildx
-rpmbuild/SOURCES/compose.tgz:
+rpmbuild/SOURCES/docker.socket: ../systemd/docker.socket
 	mkdir -p $(@D)
-	docker run --rm -w /v \
+	cp $< $@
 		-v $(realpath $(CURDIR)/../src/github.com/docker/compose):/compose \
 		-v $(CURDIR)/$(@D):/v \
 		alpine \
 		tar -C / -c -z -f /v/compose.tgz --exclude .git compose
-rpmbuild/SOURCES/model.tgz:
+# TODO: Figure out how to decouple this
 # TODO: These might just end up being static files that are hardcoded
 # TODO: FROM HERE <=====================
 rpmbuild/SOURCES/engine-image:
 	mkdir -p $(@D)
-	docker run --rm -w /v \
+	echo "docker.io/dockereng/engine-community-dm:$(STATIC_VERSION)" > $@
-		-v $(realpath $(CURDIR)/../src/github.com/docker/model-cli):/model \
+
-		-v $(CURDIR)/$(@D):/v \
+rpmbuild/SOURCES/distribution_based_engine.json: rpmbuild/SOURCES/engine-image
 	mkdir -p $(@D)
 	echo '{"platform":"Docker Engine - Community","engine_image":"engine-community-dm","containerd_min_version":"1.2.0-beta.1","runtime":"host_install"}' > $@
 # TODO: TO HERE <=====================
 rpmbuild/SOURCES/plugin-installers.tgz: $(wildcard ../plugins/*)
 	docker run --rm -i -w /v \
 		-v $(PLUGINS_DIR):/plugins \
 		-v $(CURDIR)/rpmbuild/SOURCES:/v \
 		alpine \
-		tar -C / -c -z -f /v/model.tgz --exclude .git model
+		tar -C / -c -z -f /v/plugin-installers.tgz --exclude .git plugins
 # See ARCHES in common.mk. Could not figure out how to match both distro and arch.
 BUNDLES:=$(addsuffix .tar.gz,$(addprefix rpmbuild/bundles-ce-%-,$(ARCHES)))
 $(BUNDLES): %
 	tar czf $@ --transform="s|^rpmbuild/\(.*\)|bundles/$(VERSION)/build-rpm/\1|" rpmbuild/$*
--- a/rpm/README.md
+++ b/rpm/README.md
@ -3,37 +3,30 @@
 `.rpm` packages can be built from this directory with the following syntax
 ```shell
-make rpm
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli rpm
 ```
 Artifacts will be located in `rpmbuild` under the following directory structure:
 `rpmbuild/$distro-$distro_version/`
-### Building from local source
+### NOTES:
 Specify the location of the source repositories for the engine and cli when
 building packages
 * `ENGINE_DIR` -> Specifies the directory where the engine code is located, eg: `$GOPATH/src/github.com/docker/docker`
 * `CLI_DIR` -> Specifies the directory where the cli code is located, eg: `$GOPATH/src/github.com/docker/cli`
 ```shell
 make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli rpm
 ```
 ## Specifying a specific distro
 ```shell
-make centos
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli fedora
 ```
 ## Specifying a specific distro version
 ```shell
-make centos-9
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli fedora-25
 ```
-## Building the for all distros
+## Building the latest docker-ce
 ```shell
-make rpm
+git clone https://github.com/docker/docker-ce.git
 make ENGINE_DIR=docker-ce/components/engine CLI_DIR=docker-ce/components/cli rpm
 ```
--- a/rpm/SPECS/docker-buildx-plugin.spec
+++ b/rpm/SPECS/docker-buildx-plugin.spec
@ -1,51 +0,0 @@
 %global debug_package %{nil}
 Name: docker-buildx-plugin
 Version: %{_buildx_rpm_version}
 Release: %{_release}%{?dist}
 Epoch: 0
 Source0: buildx.tgz
 Summary: Docker Buildx plugin for the Docker CLI
 Group: Tools/Docker
 License: Apache-2.0
 URL: https://github.com/docker/buildx
 Vendor: Docker
 Packager: Docker <support@docker.com>
 BuildRequires: bash
 %description
 Docker Buildx plugin for the Docker CLI.
 %prep
 %setup -q -c -n src -a 0
 %build
 pushd ${RPM_BUILD_DIR}/src/buildx
 	GO111MODULE=on \
 	CGO_ENABLED=0 \
 		go build \
 			-mod=vendor \
 			-trimpath \
 			-ldflags="-w -X github.com/docker/buildx/version.Version=%{_buildx_version} -X github.com/docker/buildx/version.Revision=%{_buildx_gitcommit} -X github.com/docker/buildx/version.Package=github.com/docker/buildx" \
 			-o "bin/docker-buildx" \
 			./cmd/buildx
 popd
 %check
 ver="$(${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-buildx docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
 	test "$ver" = "%{_buildx_version}" && echo "PASS: docker-buildx version OK" || (echo "FAIL: docker-buildx version ($ver) did not match" && exit 1)
 %install
 install -D -p -m 0755 ${RPM_BUILD_DIR}/src/buildx/bin/docker-buildx ${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-buildx
 %files
 %{_libexecdir}/docker/cli-plugins/docker-buildx
 %post
 %preun
 %postun
 %changelog
--- a/rpm/SPECS/docker-ce-cli.spec
+++ b/rpm/SPECS/docker-ce-cli.spec
@ -6,27 +6,24 @@ Release: %{_release}%{?dist}
 Epoch: 1
 Summary: The open-source application container engine
 Group: Tools/Docker
-License: Apache-2.0
+License: ASL 2.0
 Source0: cli.tgz
 Source1: plugin-installers.tgz
 URL: https://www.docker.com
 Vendor: Docker
 Packager: Docker <support@docker.com>
 # required packages on install
 Requires: /bin/sh
 Requires: /usr/sbin/groupadd
 Recommends: docker-buildx-plugin
 Recommends: docker-compose-plugin
 Suggests: docker-model-plugin
 BuildRequires: make
 BuildRequires: libtool-ltdl-devel
 BuildRequires: git
 # conflicting packages
 Conflicts: docker
 Conflicts: docker-io
 Conflicts: docker-engine-cs
 Conflicts: docker-ee
 Conflicts: docker-ee-cli
@ -35,56 +32,81 @@ Docker is is a product for you to build, ship and run any application as a
 lightweight container.
 Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest cloud compute instance
+they can run anywhere, from your laptop to the largest cloud compute instance and
-and everything in between - and they don't require you to use a particular
+everything in between - and they don't require you to use a particular
 language, framework or packaging system. That makes them great building blocks
 for deploying and scaling web apps, databases, and backend services without
 depending on a particular stack or provider.
 %prep
-%setup -q -c -n src -a 0
+%setup -q -c -n src -a 1
 %build
 mkdir -p /go/src/github.com/docker
 rm -f /go/src/github.com/docker/cli
-ln -snf ${RPM_BUILD_DIR}/src/cli /go/src/github.com/docker/cli
+ln -s /root/rpmbuild/BUILD/src/cli /go/src/github.com/docker/cli
-make -C /go/src/github.com/docker/cli DISABLE_WARN_OUTSIDE_CONTAINER=1 VERSION=%{_origversion} GITCOMMIT=%{_gitcommit_cli} dynbinary manpages shell-completion
+pushd /go/src/github.com/docker/cli
 DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{_origversion} GITCOMMIT=%{_gitcommit} dynbinary manpages # cli
 popd
-%check
+# Build all associated plugins
-ver="$(cli/build/docker --version)"; \
+pushd /root/rpmbuild/BUILD/src/plugins
-    test "$ver" = "Docker version %{_origversion}, build %{_gitcommit_cli}" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($ver) did not match" && exit 1)
+for installer in *.installer; do
    bash ${installer} build
 done
 popd
 # %check
 # cli/build/docker -v
 %install
 # install binary
-install -D -p -m 755 cli/build/docker ${RPM_BUILD_ROOT}%{_bindir}/docker
+install -d $RPM_BUILD_ROOT/%{_bindir}
 install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker
 # install plugins
 pushd /root/rpmbuild/BUILD/src/plugins
 for installer in *.installer; do
    DESTDIR=$RPM_BUILD_ROOT \
        PREFIX=/usr/libexec/docker/cli-plugins \
        bash ${installer} install_plugin
 done
 popd
 # add bash, zsh, and fish completions
-install -D -p -m 644 cli/build/completion/bash/docker ${RPM_BUILD_ROOT}%{_datadir}/bash-completion/completions/docker
+install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
-install -D -p -m 644 cli/build/completion/zsh/_docker ${RPM_BUILD_ROOT}%{_datadir}/zsh/vendor-completions/_docker
+install -d $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions
-install -D -p -m 644 cli/build/completion/fish/docker.fish ${RPM_BUILD_ROOT}%{_datadir}/fish/vendor_completions.d/docker.fish
+install -d $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d
 install -p -m 644 cli/contrib/completion/bash/docker $RPM_BUILD_ROOT/usr/share/bash-completion/completions/docker
 install -p -m 644 cli/contrib/completion/zsh/_docker $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions/_docker
 install -p -m 644 cli/contrib/completion/fish/docker.fish $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d/docker.fish
-# install man-pages
+# install manpages
-for sec in $(seq 1 9); do
+install -d %{buildroot}%{_mandir}/man1
-    if [ -d "cli/man/man${sec}" ]; then
+install -p -m 644 cli/man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1
-        # Note: we need to create destination dirs first (instead "install -D") due to wildcards used.
+install -d %{buildroot}%{_mandir}/man5
-        install -d ${RPM_BUILD_ROOT}%{_mandir}/man${sec} && \
+install -p -m 644 cli/man/man5/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5
-        install -p -m 644 cli/man/man${sec}/*.${sec} ${RPM_BUILD_ROOT}%{_mandir}/man${sec};
+install -d %{buildroot}%{_mandir}/man8
-    fi
+install -p -m 644 cli/man/man8/*.8 $RPM_BUILD_ROOT/%{_mandir}/man8
 done
 mkdir -p build-docs
 for cli_file in LICENSE MAINTAINERS NOTICE README.md; do
-    install -D -p -m 644 "cli/$cli_file" "build-docs/$cli_file"
+    cp "cli/$cli_file" "build-docs/$cli_file"
 done
 # list files owned by the package here
 %files
 %doc build-docs/LICENSE build-docs/MAINTAINERS build-docs/NOTICE build-docs/README.md
-%{_bindir}/docker
+/%{_bindir}/docker
-%{_datadir}/bash-completion/completions/docker
+/usr/libexec/docker/cli-plugins/*
-%{_datadir}/zsh/vendor-completions/_docker
+/usr/share/bash-completion/completions/docker
-%{_datadir}/fish/vendor_completions.d/docker.fish
+/usr/share/zsh/vendor-completions/_docker
-%{_mandir}/man*/*
+/usr/share/fish/vendor_completions.d/docker.fish
 %doc
 /%{_mandir}/man1/*
 /%{_mandir}/man5/*
 /%{_mandir}/man8/*
 %post
--- a/rpm/SPECS/docker-ce-rootless-extras.spec
+++ b/rpm/SPECS/docker-ce-rootless-extras.spec
@ -1,63 +0,0 @@
 %global debug_package %{nil}
 Name: docker-ce-rootless-extras
 Version: %{_version}
 Release: %{_release}%{?dist}
 Epoch: 0
 Source0: engine.tgz
 Summary: Rootless support for Docker
 Group: Tools/Docker
 License: Apache-2.0
 URL: https://docs.docker.com/engine/security/rootless/
 Vendor: Docker
 Packager: Docker <support@docker.com>
 Requires: docker-ce
 # TODO: conditionally add `Requires: dbus-daemon` for Fedora and CentOS 8
 # slirp4netns >= 0.4 is available in the all supported versions of CentOS and Fedora.
 Requires: slirp4netns >= 0.4
 # fuse-overlayfs >= 0.7 is available in the all supported versions of CentOS and Fedora.
 Requires: fuse-overlayfs >= 0.7
 BuildRequires: bash
 # conflicting packages
 Conflicts: rootlesskit
 %description
 Rootless support for Docker.
 Use dockerd-rootless.sh to run the daemon.
 Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh .
 This package contains RootlessKit, but does not contain VPNKit.
 Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately.
 %prep
 %setup -q -c -n src -a 0
 %build
 export DOCKER_GITCOMMIT=%{_gitcommit_engine}
 mkdir -p /go/src/github.com/docker
 ln -snf ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker
 TMP_GOPATH="/go" ${RPM_BUILD_DIR}/src/engine/hack/dockerfile/install/install.sh rootlesskit dynamic
 %check
 /usr/local/bin/rootlesskit -v
 %install
 install -D -p -m 0755 engine/contrib/dockerd-rootless.sh ${RPM_BUILD_ROOT}%{_bindir}/dockerd-rootless.sh
 install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh ${RPM_BUILD_ROOT}%{_bindir}/dockerd-rootless-setuptool.sh
 install -D -p -m 0755 /usr/local/bin/rootlesskit ${RPM_BUILD_ROOT}%{_bindir}/rootlesskit
 %files
 %{_bindir}/dockerd-rootless.sh
 %{_bindir}/dockerd-rootless-setuptool.sh
 %{_bindir}/rootlesskit
 %post
 %preun
 %postun
 %changelog
--- a/rpm/SPECS/docker-ce.spec
+++ b/rpm/SPECS/docker-ce.spec
@ -1,58 +1,71 @@
 %global debug_package %{nil}
 Name: docker-ce
 Version: %{_version}
 Release: %{_release}%{?dist}
 Epoch: 3
 Source0: engine.tgz
 Source1: docker.service
 Source2: docker.socket
 Summary: The open-source application container engine
 Group: Tools/Docker
-License: Apache-2.0
+License: ASL 2.0
 URL: https://www.docker.com
 Vendor: Docker
 Packager: Docker <support@docker.com>
 Requires: /usr/sbin/groupadd
 # Provides modprobe, which we use to load br_netfilter if not loaded.
 Suggests: kmod
 Requires: docker-ce-cli
-Recommends: docker-ce-rootless-extras
+Requires: container-selinux >= 2:2.74
-Requires: container-selinux
+Requires: libseccomp >= 2.3
 Requires: systemd
 Requires: iptables
 %if %{undefined rhel} || 0%{?rhel} < 9
 # Libcgroup is no longer available in RHEL/CentOS >= 9 distros.
 Requires: libcgroup
-%endif
+Requires: containerd.io >= 1.2.2-3
 Requires: containerd.io >= 1.7.27
 Requires: tar
 Requires: xz
 # Resolves: rhbz#1165615
 Requires: device-mapper-libs >= 1.02.90-1
 BuildRequires: bash
 BuildRequires: btrfs-progs-devel
 BuildRequires: ca-certificates
 BuildRequires: cmake
 BuildRequires: device-mapper-devel
 BuildRequires: gcc
 BuildRequires: git
 BuildRequires: glibc-static
 BuildRequires: libseccomp-devel
 BuildRequires: libselinux-devel
 BuildRequires: libtool
 BuildRequires: libtool-ltdl-devel
 BuildRequires: make
 BuildRequires: pkgconfig
 BuildRequires: pkgconfig(systemd)
 BuildRequires: selinux-policy-devel
 BuildRequires: systemd-devel
 BuildRequires: tar
 BuildRequires: which
 # conflicting packages
 Conflicts: docker
 Conflicts: docker-io
 Conflicts: docker-engine-cs
 Conflicts: docker-ee
 # Obsolete packages
 Obsoletes: docker-ce-selinux
 Obsoletes: docker-engine-selinux
 Obsoletes: docker-engine
 %description
 Docker is a product for you to build, ship and run any application as a
 lightweight container.
 Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest cloud compute instance
+they can run anywhere, from your laptop to the largest cloud compute instance and
-and everything in between - and they don't require you to use a particular
+everything in between - and they don't require you to use a particular
 language, framework or packaging system. That makes them great building blocks
 for deploying and scaling web apps, databases, and backend services without
 depending on a particular stack or provider.
@ -62,55 +75,44 @@ depending on a particular stack or provider.
 %build
-export DOCKER_GITCOMMIT=%{_gitcommit_engine}
+export DOCKER_GITCOMMIT=%{_gitcommit}
 mkdir -p /go/src/github.com/docker
-ln -snf ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker
+ln -s /root/rpmbuild/BUILD/src/engine /go/src/github.com/docker/docker
-pushd ${RPM_BUILD_DIR}/src/engine
+pushd engine
-TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini
+for component in tini "proxy dynamic";do
-
+    TMP_GOPATH="/go" hack/dockerfile/install/install.sh $component
-# Determine Go module mode based on file presence
+done
-if [ -f vendor.mod ]; then
+VERSION=%{_origversion} PRODUCT=docker hack/make.sh dynbinary
    GOMOD=off
 elif [ -f go.mod ]; then
    GOMOD=on
 else
    echo "No go.mod or vendor.mod found in engine directory"
    exit 1
 fi
 GO111MODULE=$GOMOD VERSION=%{_origversion} PRODUCT=docker hack/make.sh dynbinary
 popd
 #  build  man-pages
 make -C ${RPM_BUILD_DIR}/src/engine/man
 %check
-ver="$(engine/bundles/dynbinary-daemon/dockerd --version)"; \
+engine/bundles/dynbinary-daemon/dockerd -v
    test "$ver" = "Docker version %{_origversion}, build %{_gitcommit_engine}" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($ver) did not match" && exit 1)
 %install
-install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) ${RPM_BUILD_ROOT}%{_bindir}/dockerd
+# install daemon binary
-install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/docker-proxy) ${RPM_BUILD_ROOT}%{_bindir}/docker-proxy
+install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) $RPM_BUILD_ROOT/%{_bindir}/dockerd
-install -D -p -m 0755 /usr/local/bin/docker-init ${RPM_BUILD_ROOT}%{_libexecdir}/docker/docker-init
+
 # install proxy
 install -D -p -m 0755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
 # install tini
 install -D -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
 # install systemd scripts
-install -D -p -m 0644 engine/contrib/init/systemd/docker.service ${RPM_BUILD_ROOT}%{_unitdir}/docker.service
+install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service
-install -D -p -m 0644 engine/contrib/init/systemd/docker.socket ${RPM_BUILD_ROOT}%{_unitdir}/docker.socket
+install -D -m 0644 %{_topdir}/SOURCES/docker.socket $RPM_BUILD_ROOT/%{_unitdir}/docker.socket
-# install manpages
+# install json for docker engine activate / upgrade
-make -C ${RPM_BUILD_DIR}/src/engine/man DESTDIR=${RPM_BUILD_ROOT} mandir=%{_mandir} install
+install -D -m 0644 %{_topdir}/SOURCES/distribution_based_engine.json $RPM_BUILD_ROOT/var/lib/docker-engine/distribution_based_engine.json
 # create the config directory
 mkdir -p ${RPM_BUILD_ROOT}/etc/docker
 %files
-%{_bindir}/dockerd
+/%{_bindir}/dockerd
-%{_bindir}/docker-proxy
+/%{_bindir}/docker-proxy
-%{_libexecdir}/docker/docker-init
+/%{_bindir}/docker-init
-%{_unitdir}/docker.service
+/%{_unitdir}/docker.service
-%{_unitdir}/docker.socket
+/%{_unitdir}/docker.socket
-%{_mandir}/man*/*
+/var/lib/docker-engine/distribution_based_engine.json
 %dir /etc/docker
 %post
 %systemd_post docker.service
@ -119,7 +121,7 @@ if ! getent group docker > /dev/null; then
 fi
 %preun
-%systemd_preun docker.service docker.socket
+%systemd_preun docker.service
 %postun
 %systemd_postun_with_restart docker.service
--- a/rpm/SPECS/docker-compose-plugin.spec
+++ b/rpm/SPECS/docker-compose-plugin.spec
@ -1,57 +0,0 @@
 %global debug_package %{nil}
 Name: docker-compose-plugin
 Version: %{_compose_rpm_version}
 Release: %{_release}%{?dist}
 Epoch: 0
 Source0: compose.tgz
 Summary: Docker Compose (V2) plugin for the Docker CLI
 Group: Tools/Docker
 License: Apache-2.0
 URL: https://github.com/docker/compose/
 Vendor: Docker
 Packager: Docker <support@docker.com>
 Enhances: docker-ce-cli
 Recommends: docker-buildx-plugin
 BuildRequires: bash
 %description
 Docker Compose (V2) plugin for the Docker CLI.
 This plugin provides the 'docker compose' subcommand.
 The binary can also be run standalone as a direct replacement for
 Docker Compose V1 ('docker-compose').
 %prep
 %setup -q -c -n src -a 0
 %build
 make -C ${RPM_BUILD_DIR}/src/compose VERSION=%{_compose_version} DESTDIR=./bin build
 %check
 ver="$(${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-compose docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
    test "$ver" = "%{_compose_version}" && echo "PASS: docker-compose version OK" || (echo "FAIL: docker-compose version ($ver) did not match" && exit 1)
 %install
 install -D -p -m 0755 ${RPM_BUILD_DIR}/src/compose/bin/docker-compose ${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-compose
 for f in LICENSE MAINTAINERS NOTICE README.md; do
    install -D -p -m 0644 "${RPM_BUILD_DIR}/src/compose/$f" "docker-compose-plugin-docs/$f"
 done
 %files
 %doc docker-compose-plugin-docs/*
 %license docker-compose-plugin-docs/LICENSE
 %license docker-compose-plugin-docs/NOTICE
 %{_libexecdir}/docker/cli-plugins/docker-compose
 %post
 %preun
 %postun
 %changelog
--- a/rpm/SPECS/docker-model-plugin.spec
+++ b/rpm/SPECS/docker-model-plugin.spec
@ -1,52 +0,0 @@
 %global debug_package %{nil}
 Name: docker-model-plugin
 Version: %{_model_rpm_version}
 Release: %{_release}%{?dist}
 Epoch: 0
 Source0: model.tgz
 Summary: Docker Model Runner plugin for the Docker CLI
 Group: Tools/Docker
 License: Apache-2.0
 URL: https://docs.docker.com/model-runner/
 Vendor: Docker
 Packager: Docker <support@docker.com>
 Enhances: docker-ce-cli
 BuildRequires: bash
 %description
 Docker Model Runner plugin for the Docker CLI.
 This plugin provides the 'docker model' subcommand.
 %prep
 %setup -q -c -n src -a 0
 %build
 GO111MODULE=on make -C ${RPM_BUILD_DIR}/src/model VERSION=%{_model_version} ce-release
 %check
 ver="$(${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-model docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
    test "$ver" = "%{_model_version}" && echo "PASS: docker-model version OK" || (echo "FAIL: docker-model version ($ver) did not match" && exit 1)
 %install
 install -D -p -m 0755 ${RPM_BUILD_DIR}/src/model/dist/docker-model ${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-model
 for f in LICENSE; do
    install -D -p -m 0644 "${RPM_BUILD_DIR}/src/model/$f" "docker-model-plugin-docs/$f"
 done
 %files
 %doc docker-model-plugin-docs/*
 %license docker-model-plugin-docs/LICENSE
 %{_libexecdir}/docker/cli-plugins/docker-model
 %post
 %preun
 %postun
 %changelog
--- a/rpm/centos-10/Dockerfile
+++ b/rpm/centos-10/Dockerfile
@ -1,35 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=centos
 ARG SUITE=10
 ARG BUILD_IMAGE=quay.io/centos/${DISTRO}:stream${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH=1
 ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
 ARG DISTRO
 ARG SUITE
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 # RHEL8 / CentOS 8 changed behavior and no longer "rpm --import" or
 # "rpmkeys --import"as part of rpm package's %post scriplet. See
 # https://forums.centos.org/viewtopic.php?f=54&t=72574, and
 # https://access.redhat.com/solutions/3720351
 RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
 RUN dnf install -y rpm-build dnf-plugins-core
 RUN dnf config-manager --set-enabled crb
 COPY --link SPECS /root/rpmbuild/SPECS
 RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/centos-7/Dockerfile
+++ b/rpm/centos-7/Dockerfile
@ -0,0 +1,20 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=centos:7
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 ENV DISTRO centos
 ENV SUITE 7
 ENV GOPATH=/go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH 1
 ENV DOCKER_BUILDTAGS seccomp selinux
 ENV RUNC_BUILDTAGS seccomp selinux
 RUN yum install -y rpm-build rpmlint
 COPY SPECS /root/rpmbuild/SPECS
 # Overwrite repo that was failing on aarch64
 RUN sed -i 's/altarch/centos/g' /etc/yum.repos.d/CentOS-Sources.repo
 RUN yum-builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/centos-9/Dockerfile
+++ b/rpm/centos-9/Dockerfile
@ -1,35 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=centos
 ARG SUITE=9
 ARG BUILD_IMAGE=quay.io/centos/${DISTRO}:stream${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH=1
 ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
 ARG DISTRO
 ARG SUITE
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 # RHEL8 / CentOS 8 changed behavior and no longer "rpm --import" or
 # "rpmkeys --import"as part of rpm package's %post scriplet. See
 # https://forums.centos.org/viewtopic.php?f=54&t=72574, and
 # https://access.redhat.com/solutions/3720351
 RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
 RUN dnf install -y rpm-build dnf-plugins-core
 RUN dnf config-manager --set-enabled crb
 COPY --link SPECS /root/rpmbuild/SPECS
 RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/fedora-28/Dockerfile
+++ b/rpm/fedora-28/Dockerfile
@ -0,0 +1,18 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=fedora:28
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 ENV DISTRO fedora
 ENV SUITE 28
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH 1
 ENV DOCKER_BUILDTAGS seccomp selinux
 ENV RUNC_BUILDTAGS seccomp selinux
 RUN dnf install -y rpm-build rpmlint dnf-plugins-core
 COPY SPECS /root/rpmbuild/SPECS
 RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/fedora-29/Dockerfile
+++ b/rpm/fedora-29/Dockerfile
@ -0,0 +1,18 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=fedora:29
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 ENV DISTRO fedora
 ENV SUITE 29
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH 1
 ENV DOCKER_BUILDTAGS seccomp selinux
 ENV RUNC_BUILDTAGS seccomp selinux
 RUN dnf install -y rpm-build rpmlint dnf-plugins-core
 COPY SPECS /root/rpmbuild/SPECS
 RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/fedora-30/Dockerfile
+++ b/rpm/fedora-30/Dockerfile
@ -0,0 +1,18 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=fedora:30
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 ENV DISTRO fedora
 ENV SUITE 30
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH 1
 ENV DOCKER_BUILDTAGS seccomp selinux
 ENV RUNC_BUILDTAGS seccomp selinux
 RUN dnf install -y rpm-build rpmlint dnf-plugins-core
 COPY SPECS /root/rpmbuild/SPECS
 RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/fedora-31/Dockerfile
+++ b/rpm/fedora-31/Dockerfile
@ -0,0 +1,18 @@
 ARG GO_IMAGE
 ARG BUILD_IMAGE=fedora:31
 FROM ${GO_IMAGE} as golang
 FROM ${BUILD_IMAGE}
 ENV DISTRO fedora
 ENV SUITE 31
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH 1
 ENV DOCKER_BUILDTAGS seccomp selinux
 ENV RUNC_BUILDTAGS seccomp selinux
 RUN dnf install -y rpm-build rpmlint dnf-plugins-core
 COPY SPECS /root/rpmbuild/SPECS
 RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/fedora-41/Dockerfile
+++ b/rpm/fedora-41/Dockerfile
@ -1,50 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=fedora
 ARG SUITE=41
 ARG BUILD_IMAGE=${DISTRO}:${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH=1
 ARG DISTRO
 ARG SUITE
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 RUN dnf install -y rpm-build dnf-plugins-core
 # FIXME(thaJeztah): workaround for building on Fedora 41 on arm64
 #
 # This is the equivalent of https://github.com/docker/containerd-packaging/pull/390
 # for containerd packages, but unlike for containerd packages, we currently do
 # not run into this issue when building docker-ce packages. We're installing
 # this as a precaution, but perhaps it's not needed.
 #
 # go1.21 and up have a patch that enforces the use of ld.gold to work around
 # a bug in GNU binutils. See;
 # - https://github.com/golang/go/issues/22040.
 # - https://github.com/golang/go/commit/cd77738198ffe0c4a1db58352c89f9b2d2a4e85e
 #
 # Fedora 41 and up has a fixed version of binutils, and no longer requires that
 # patch, but may fail without ld.gold installed;
 #
 #   /usr/bin/gcc -Wl,-z,now -Wl,-z,nocopyreloc -fuse-ld=gold -o $WORK/b001/exe/a.out -rdynamic /tmp/go-link-1738353519/go.o /tmp/go-link-1738353519/000000.o /tmp/go-link-1738353519/000001.o /tmp/go-link-1738353519/000002.o /tmp/go-link-1738353519/000003.o /tmp/go-link-1738353519/000004.o /tmp/go-link-1738353519/000005.o /tmp/go-link-1738353519/000006.o /tmp/go-link-1738353519/000007.o /tmp/go-link-1738353519/000008.o /tmp/go-link-1738353519/000009.o /tmp/go-link-1738353519/000010.o /tmp/go-link-1738353519/000011.o /tmp/go-link-1738353519/000012.o /tmp/go-link-1738353519/000013.o /tmp/go-link-1738353519/000014.o /tmp/go-link-1738353519/000015.o /tmp/go-link-1738353519/000016.o /tmp/go-link-1738353519/000017.o /tmp/go-link-1738353519/000018.o /tmp/go-link-1738353519/000019.o /tmp/go-link-1738353519/000020.o /tmp/go-link-1738353519/000021.o /tmp/go-link-1738353519/000022.o /tmp/go-link-1738353519/000023.o /tmp/go-link-1738353519/000024.o -O2 -g -lresolv -O2 -g -lpthread -O2 -g -ldl -O2 -g
 #   collect2: fatal error: cannot find 'ld'
 #
 # Fedora's build of Go carries a patch for that, but it's not (yet) in upstream;
 # - https://src.fedoraproject.org/rpms/golang/blob/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77/f/0006-Default-to-ld.bfd-on-ARM64.patch
 # - https://src.fedoraproject.org/rpms/golang/c/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77?branch=rawhide
 #
 # As a workaround; install binutils-gold
 RUN if [ "$(arch)" = 'aarch64' ]; then dnf -y install binutils-gold; fi
 COPY --link SPECS /root/rpmbuild/SPECS
 RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/fedora-42/Dockerfile
+++ b/rpm/fedora-42/Dockerfile
@ -1,51 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=fedora
 ARG SUITE=42
 ARG BUILD_IMAGE=${DISTRO}:${SUITE}
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE}
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH=1
 ARG DISTRO
 ARG SUITE
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 RUN dnf install -y rpm-build dnf-plugins-core
 # FIXME(thaJeztah): workaround for building on Fedora 41 and up on arm64
 #
 # This is the equivalent of https://github.com/docker/containerd-packaging/pull/390
 # for containerd packages, but unlike for containerd packages, we currently do
 # not run into this issue when building docker-ce packages. We're installing
 # this as a precaution, but perhaps it's not needed.
 #
 # go1.21 and up have a patch that enforces the use of ld.gold to work around
 # a bug in GNU binutils. See;
 # - https://github.com/golang/go/issues/22040.
 # - https://github.com/golang/go/commit/cd77738198ffe0c4a1db58352c89f9b2d2a4e85e
 #
 # Fedora 41 and up has a fixed version of binutils, and no longer requires that
 # patch, but may fail without ld.gold installed;
 #
 #   /usr/bin/gcc -Wl,-z,now -Wl,-z,nocopyreloc -fuse-ld=gold -o $WORK/b001/exe/a.out -rdynamic /tmp/go-link-1738353519/go.o /tmp/go-link-1738353519/000000.o /tmp/go-link-1738353519/000001.o /tmp/go-link-1738353519/000002.o /tmp/go-link-1738353519/000003.o /tmp/go-link-1738353519/000004.o /tmp/go-link-1738353519/000005.o /tmp/go-link-1738353519/000006.o /tmp/go-link-1738353519/000007.o /tmp/go-link-1738353519/000008.o /tmp/go-link-1738353519/000009.o /tmp/go-link-1738353519/000010.o /tmp/go-link-1738353519/000011.o /tmp/go-link-1738353519/000012.o /tmp/go-link-1738353519/000013.o /tmp/go-link-1738353519/000014.o /tmp/go-link-1738353519/000015.o /tmp/go-link-1738353519/000016.o /tmp/go-link-1738353519/000017.o /tmp/go-link-1738353519/000018.o /tmp/go-link-1738353519/000019.o /tmp/go-link-1738353519/000020.o /tmp/go-link-1738353519/000021.o /tmp/go-link-1738353519/000022.o /tmp/go-link-1738353519/000023.o /tmp/go-link-1738353519/000024.o -O2 -g -lresolv -O2 -g -lpthread -O2 -g -ldl -O2 -g
 #   collect2: fatal error: cannot find 'ld'
 #
 # Fedora's build of Go carries a patch for that, but it's not (yet) in upstream;
 # - https://src.fedoraproject.org/rpms/golang/blob/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77/f/0006-Default-to-ld.bfd-on-ARM64.patch
 # - https://src.fedoraproject.org/rpms/golang/c/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77?branch=rawhide
 #
 # As a workaround; install binutils-gold
 RUN if [ "$(rpm --query --queryformat='%{ARCH}' rpm)" = 'aarch64' ] && ! command -v ld.gold; then dnf -y install binutils-gold; fi
 COPY --link SPECS /root/rpmbuild/SPECS
 RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/gen-rpm-ver
+++ b/rpm/gen-rpm-ver
@ -1,115 +1,68 @@
 #!/usr/bin/env bash
-REPO_DIR="$1"
+ENGINE_DIR=$1
-VERSION="$2"
+VERSION=$2
-if [ -z "$REPO_DIR" ] || [ -z "$VERSION" ]; then
+[[ $# < 2 ]] && echo 'not enough args' && exit 1
-	# shellcheck disable=SC2016
+
-	echo 'usage: ./gen-rpm-ver ${REPO_DIR} ${VERSION}'
+DATE_COMMAND="date"
-	exit 1
+if [[ $(uname) -eq "Darwin" ]]; then
    DATE_COMMAND="docker run --rm alpine date"
 fi
-GIT_COMMAND="git -C $REPO_DIR"
+GIT_COMMAND="git -C $ENGINE_DIR"
 origVersion="$VERSION"
-rpmVersion="${VERSION#v}"
+rpmVersion="$VERSION"
 rpmRelease=3
-# rpm "Release:" field ($rpmRelease) is used to set the "_release" macro, which
+# rpmRelease versioning is as follows
-# is an incremental number for builds of the same release (Version: / #rpmVersion).
+# Docker 18.01.0-ce:  version=18.01.0.ce, release=3
-#
+# Docker 18.01.0-ce-tp1: version=18.01.0.ce, release=0.1.tp1
-# This field can be:
+# Docker 18.01.0-ce-beta1: version=18.01.0.ce, release=1.1.beta1
-#
+# Docker 18.01.0-ce-rc1: version=18.01.0.ce, release=2.1.rc1
-# - Version: 0   : Package was built, but no matching upstream release (e.g., can be used for "nightly" builds)
+# Docker 18.01.0-ce-cs1: version=18.01.0.ce.cs1, release=1
-# - Version: 1   : Package was built for an upstream (pre)release version
+# Docker 18.01.0-ce-cs1-rc1: version=18.01.0.ce.cs1, release=0.1.rc1
-# - Version: > 1 : Only to be used for packaging-only changes (new package built for a version for which a package was already built/released)
+# Docker 18.01.0-ce-dev nightly: version=18.01.0.ce, release=0.0.YYYYMMDD.HHMMSS.gitHASH
 #
 # For details, see the Fedora packaging guide:
 # https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_complex_versioning_with_a_reasonable_upstream
 #
 # Note that older versions of the rpm spec allowed more traditional information
 # in this field, which is still allowed, but considered deprecated; see
 # https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_complex_versioning_with_a_reasonable_upstream
 #
 # In our case, this means that all releases, except for "nightly" builds should
 # use "Version: 1". Only in an exceptional case, where we need to publish a new
 # package (build) for an existing release, "Version: 2" should be used; this script
 # does not currently account for that situation.
 #
 # Assuming all tagged version of rpmRelease correspond with an upstream release,
 # this means that versioning is as follows:
 #
 # Docker 23.0.0:         version=23.0.0, release=1
 # Docker 23.0.0-alpha.1: version=23.0.0, release=1
 # Docker 23.0.0-beta.1:  version=23.0.0, release=1
 # Docker 23.0.0-rc.1:    version=23.0.0, release=1
 # Docker 23.0.0-dev:     version=0.0.0~YYYYMMDDHHMMSS.gitHASH, release=0
 rpmRelease=1
-# rpm packages require a tilde (~) instead of a hyphen (-) as separator between
+if [[ "$rpmVersion" =~ .*-tp[0-9]+$ ]]; then
-# the version # and pre-release suffixes, otherwise pre-releases are sorted AFTER
+    tpVersion=${rpmVersion#*-tp}
-# non-pre-release versions, which would prevent users from updating from a pre-
+    rpmVersion=${rpmVersion%-tp*}
-# release version to the "ga" version.
+    rpmRelease="0.${tpVersion}.tp${tpVersion}"
-#
+elif [[ "$rpmVersion" =~ .*-beta[0-9]+$ ]]; then
-# For details, see the Fedora packaging guide:
+    betaVersion=${rpmVersion#*-beta}
-# https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_handling_non_sorting_versions_with_tilde_dot_and_caret
+    rpmVersion=${rpmVersion%-beta*}
-#
+    rpmRelease="1.${betaVersion}.beta${betaVersion}"
-# > The tilde symbol (‘~’) is used before a version component which must sort
+elif [[ "$rpmVersion" =~ .*-rc[0-9]+$ ]]; then
-# > earlier than any non-tilde component. It is used for any pre-release versions
+    rcVersion=${rpmVersion#*-rc}
-# > which wouldn’t otherwise sort appropriately.
+    rpmVersion=${rpmVersion%-rc*}
-# >
+    rpmRelease="2.${rcVersion}.rc${rcVersion}"
-# > For example, with upstream releases 0.4.0, 0.4.1, 0.5.0-rc1, 0.5.0-rc2, 0.5.0,
+fi
 # > the two "release candidates" should use 0.5.0~rc1 and 0.5.0~rc2 in the Version:
 # > field. Bugfix or "patchlevel" releases that some upstream make should be handled
 # > using simple versioning. The separator used by upstream may need to be replaced
 # > by a dot or dropped.
 # >
 # > For example, if the same upstream released 0.5.0-post1 as a bugfix version,
 # > this "post-release" should use 0.5.0.post1 in the Version: field. Note that
 # > 0.5.0.post1 sorts lower than both 0.5.1 and 0.5.0.1.
 #
 # The code below replaces hyphens with tildes. Note that an intermediate $tilde
 # variable is needed to make this work on all versions of Bash. In some versions
 # of Bash, the tilde would be substituted with $HOME (even when escaped (\~) or
 # quoted ('~').
 tilde='~'
 rpmVersion="${rpmVersion//-/$tilde}"
 DOCKER_GITCOMMIT=$($GIT_COMMAND rev-parse --short HEAD)
 if [ -n "$($GIT_COMMAND status --porcelain --untracked-files=no)" ]; then
-	DOCKER_GITCOMMIT="$DOCKER_GITCOMMIT-unsupported"
+    DOCKER_GITCOMMIT="$DOCKER_GITCOMMIT-unsupported"
 fi
-# if we have a "-dev" suffix or have change in Git, this is a nightly build, and
+# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
-# we'll create a pseudo version based on commit-date and -sha.
+if [[ "$rpmVersion" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
-if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
+    # based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
-	export TZ=UTC
+    #
-
+    # using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
-	# based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+    # where the time is the commit time in UTC and the final suffix is the prefix
-	#
+    # of the commit hash. The time portion ensures that two pseudo-versions can
-	# using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
+    # be compared to determine which happened later, the commit hash identifes
-	# where the time is the commit time in UTC and the final suffix is the prefix
+    # the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
-	# of the commit hash. The time portion ensures that two pseudo-versions can
+    # as a pre-release before version v0.0.0, so that the go command prefers any
-	# be compared to determine which happened later, the commit hash identifes
+    # tagged release over any pseudo-version.
-	# the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+    gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
-	# as a pre-release before version v0.0.0, so that the go command prefers any
+    gitDate="$($DATE_COMMAND --utc --date "@$gitUnix" +'%Y%m%d%H%M%S')"
-	# tagged release over any pseudo-version.
+    gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
-	gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+    # rpmVersion is now something like '0.0.0-20180719213702-cd5e2db'
-
+    rpmVersion="0.0.0-${gitDate}-${gitCommit}"
-	if [ "$(uname)" = "Darwin" ]; then
+    rpmRelease="0"
-		# Using BSD date (macOS), which doesn't support the --date option
+    origVersion=$rpmVersion
 		# date -jf "<input format>" "<input value>" +"<output format>" (https://unix.stackexchange.com/a/86510)
 		gitDate="$(TZ=UTC date -u -jf "%s" "$gitUnix" +'%Y%m%d%H%M%S')"
 	else
 		# Using GNU date (Linux)
 		gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
 	fi
 	gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
 	# generated version is now something like '0.0.0-20180719213702-cd5e2db'
 	origVersion="0.0.0-${gitDate}-${gitCommit}" # (using hyphens)
 	rpmVersion="0.0.0~${gitDate}.${gitCommit}"  # (using tilde and periods)
 	rpmRelease=0
 fi
-# Replace any remaining dashes with periods
+# Replace any other dashes with periods
 rpmVersion="${rpmVersion//-/.}"
-echo "$rpmVersion $rpmRelease $DOCKER_GITCOMMIT $origVersion"
+echo $rpmVersion $rpmRelease $DOCKER_GITCOMMIT $origVersion
--- a/rpm/rhel-8/Dockerfile
+++ b/rpm/rhel-8/Dockerfile
@ -1,45 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=rhel
 ARG SUITE=8
 ARG BUILD_IMAGE=registry.access.redhat.com/ubi8/ubi
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE} AS subscribed-image
 RUN --mount=type=secret,id=rh-user --mount=type=secret,id=rh-pass <<-EOT
 	rm -f /etc/rhsm-host
 	if [ ! -f /run/secrets/rh-user ] || [ ! -f /run/secrets/rh-pass ]; then
 		echo "Either RH_USER or RH_PASS is not set. Running build without subscription."
 	else
 		subscription-manager register \
 			--username="$(cat /run/secrets/rh-user)" \
 			--password="$(cat /run/secrets/rh-pass)"
 		subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms
 		# dnf config-manager --set-enabled codeready-builder-for-rhel-8-$(arch)-rpms
 	fi
 EOT
 FROM subscribed-image
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH=1
 ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
 ARG DISTRO
 ARG SUITE
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 RUN dnf install -y rpm-build
 COPY --link SPECS /root/rpmbuild/SPECS
 RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/rpm/rhel-9/Dockerfile
+++ b/rpm/rhel-9/Dockerfile
@ -1,45 +0,0 @@
 # syntax=docker/dockerfile:1
 ARG GO_IMAGE=golang:latest
 ARG DISTRO=rhel
 ARG SUITE=9
 ARG BUILD_IMAGE=registry.access.redhat.com/ubi9/ubi
 FROM ${GO_IMAGE} AS golang
 FROM ${BUILD_IMAGE} AS subscribed-image
 RUN --mount=type=secret,id=rh-user --mount=type=secret,id=rh-pass <<-EOT
 	rm -f /etc/rhsm-host
 	if [ ! -f /run/secrets/rh-user ] || [ ! -f /run/secrets/rh-pass ]; then
 		echo "Either RH_USER or RH_PASS is not set. Running build without subscription."
 	else
 		subscription-manager register \
 			--username="$(cat /run/secrets/rh-user)" \
 			--password="$(cat /run/secrets/rh-pass)"
 		subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
 		# dnf config-manager --set-enabled codeready-builder-for-rhel-9-$(arch)-rpms
 	fi
 EOT
 FROM subscribed-image
 ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=on
 ENV GOPATH=/go
 ENV GOTOOLCHAIN=local
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
 ENV AUTO_GOPATH=1
 ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
 ARG DISTRO
 ARG SUITE
 ENV DISTRO=${DISTRO}
 ENV SUITE=${SUITE}
 RUN dnf install -y rpm-build
 COPY --link SPECS /root/rpmbuild/SPECS
 RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
 COPY --link --from=golang /usr/local/go /usr/local/go
 WORKDIR /root/rpmbuild
 ENTRYPOINT ["/bin/rpmbuild"]
--- a/scripts/checkout.sh
+++ b/scripts/checkout.sh
@ -1,39 +0,0 @@
 #!/usr/bin/env sh
 #   Copyright 2018-2020 Docker Inc.
 #   Licensed under the Apache License, Version 2.0 (the "License");
 #   you may not use this file except in compliance with the License.
 #   You may obtain a copy of the License at
 #       http://www.apache.org/licenses/LICENSE-2.0
 #   Unless required by applicable law or agreed to in writing, software
 #   distributed under the License is distributed on an "AS IS" BASIS,
 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #   See the License for the specific language governing permissions and
 #   limitations under the License.
 checkout() (
 	set -ex
 	SRC="$1"
 	REF="$2"
 	REF_FETCH="$REF"
 	# if ref is branch or tag, retrieve its canonical form
 	REF=$(git -C "$SRC" ls-remote --refs --heads --tags origin "$REF" | awk '{print $2}')
 	if [ -n "$REF" ]; then
 		# if branch or tag then create it locally too
 		REF_FETCH="$REF:$REF"
 	else
 		REF="FETCH_HEAD"
 	fi
 	git -C "$SRC" fetch --update-head-ok --depth 1 origin "$REF_FETCH"
 	git -C "$SRC" checkout -q "$REF"
 )
 # Only execute checkout function above if this file is executed, not sourced from another script
 prog=checkout.sh # needs to be in sync with this file's name
 if [ "$(basename -- $0)" = "$prog" ]; then
 	checkout $*
 fi
--- a/static/Makefile
+++ b/static/Makefile
@ -1,31 +1,14 @@
 include ../common.mk
-CLI_DIR=$(realpath $(CURDIR)/../src/github.com/docker/cli)
+CLI_DIR:=$(realpath $(CURDIR)/../../cli)
-ENGINE_DIR=$(realpath $(CURDIR)/../src/github.com/docker/docker)
+ENGINE_DIR:=$(realpath $(CURDIR)/../../engine)
-BUILDX_DIR=$(realpath $(CURDIR)/../src/github.com/docker/buildx)
+STATIC_VERSION:=$(shell ./gen-static-ver $(ENGINE_DIR) $(VERSION))
-
+CHOWN=docker run --rm -v $(CURDIR):/v -w /v alpine chown
 ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD)
 GEN_STATIC_VER=$(shell ./gen-static-ver $(CLI_DIR) $(VERSION))
 HASH_CMD=docker run -v $(CURDIR):/sum -w /sum debian:jessie bash hash_files
 DIR_TO_HASH:=build/linux
 GO_VERSION=$(shell grep "ARG GO_VERSION" $(CLI_DIR)/dockerfiles/Dockerfile.dev | awk -F'=' '{print $$2}')
 DOCKER_CLI_GOLANG_IMG=golang:$(GO_VERSION)
 DOCKER_BUILD_OPTS=
 ifneq ($(strip $(CONTAINERD_VERSION)),)
 # Set custom build-args to override the containerd version to build for static
 # packages.
 DOCKER_BUILD_OPTS +=--build-arg=CONTAINERD_VERSION=$(CONTAINERD_VERSION)
 endif
 ifneq ($(strip $(RUNC_VERSION)),)
 # Set custom build-args to override the runc version to build for static packages.
 DOCKER_BUILD_OPTS +=--build-arg=RUNC_VERSION=$(RUNC_VERSION)
 endif
 ENGINE_BUILD_OPTS=--build-arg VERSION=$(GEN_STATIC_VER) --build-arg DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) --build-arg DEFAULT_PRODUCT_LICENSE --build-arg PACKAGER_NAME --build-arg PLATFORM $(DOCKER_BUILD_OPTS)
 .PHONY: help
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
@ -34,82 +17,88 @@ help: ## show make targets
 clean: ## remove build artifacts
 	[ ! -d build ] || $(CHOWN) -R $(shell id -u):$(shell id -g) build
 	$(RM) -r build
 	-docker builder prune -f --filter until=24h
 .PHONY: static
 static: static-linux cross-mac cross-win cross-arm ## create all static packages
 .PHONY: static-linux
-static-linux: static-cli static-engine static-buildx-plugin ## create tgz
+static-linux: static-cli static-engine ## create tgz with linux x86_64 client and server
 	mkdir -p build/linux/docker
 	cp $(CLI_DIR)/build/docker build/linux/docker/
-	for f in dockerd containerd ctr containerd-shim containerd-shim-runc-v2 docker-init docker-proxy runc; do \
+	for f in dockerd containerd ctr containerd-shim docker-init docker-proxy runc; do \
-		cp -L $(ENGINE_DIR)/bundles/binary/$$f build/linux/docker/$$f; \
+		cp -L $(ENGINE_DIR)/bundles/binary-daemon/$$f build/linux/docker/$$f; \
 	done
-	tar -C build/linux -c -z -f build/linux/docker-$(GEN_STATIC_VER).tgz docker
+	tar -C build/linux -c -z -f build/linux/docker-$(STATIC_VERSION).tgz docker
 	# extra binaries for running rootless
 	mkdir -p build/linux/docker-rootless-extras
-	for f in rootlesskit dockerd-rootless.sh dockerd-rootless-setuptool.sh vpnkit; do \
+	for f in rootlesskit rootlesskit-docker-proxy dockerd-rootless.sh vpnkit; do \
-		if [ -f $(ENGINE_DIR)/bundles/binary/$$f ]; then \
+		if [ -f $(ENGINE_DIR)/bundles/binary-daemon/$$f ]; then \
-			cp -L $(ENGINE_DIR)/bundles/binary/$$f build/linux/docker-rootless-extras/$$f; \
+			cp -L $(ENGINE_DIR)/bundles/binary-daemon/$$f build/linux/docker-rootless-extras/$$f; \
 		fi \
 	done
-	tar -C build/linux -c -z -f build/linux/docker-rootless-extras-$(GEN_STATIC_VER).tgz docker-rootless-extras
+	tar -C build/linux -c -z -f build/linux/docker-rootless-extras-$(STATIC_VERSION).tgz docker-rootless-extras
 	# buildx
 	tar -C $(BUILDX_DIR)/bin -c -z -f build/linux/docker-buildx-plugin-$(DOCKER_BUILDX_REF:v%=%).tgz docker-buildx
 .PHONY: hash_files
 hash_files:
 	@echo "Hashing directory $(DIR_TO_HASH)"
 	$(HASH_CMD) "$(DIR_TO_HASH)"
 .PHONY: buildx
 buildx:
 	docker buildx inspect | grep -q 'Driver: docker-container' || docker buildx create --use
 .PHONY: cross-mac
-cross-mac: buildx
+cross-mac: cross-all-cli cross-mac-plugins ## create tgz with darwin x86_64 client only
-	cd $(CLI_DIR) && VERSION=$(GEN_STATIC_VER) docker buildx bake --set binary.platform=darwin/amd64,darwin/arm64 binary
+	mkdir -p build/mac/docker
-	dest=$$PWD/build/mac; cd $(CLI_DIR)/build && for platform in *; do \
+	cp $(CLI_DIR)/build/docker-darwin-amd64 build/mac/docker/docker
-		arch=$$(echo $$platform | cut -d_ -f2); \
+	tar -C build/mac -c -z -f build/mac/docker-$(STATIC_VERSION).tgz docker
 		mkdir -p $$dest/$$arch/docker; \
 		cp $$platform/docker-darwin-* $$dest/$$arch/docker/docker && \
 		tar -C $$dest/$$arch -c -z -f $$dest/$$arch/docker-$(GEN_STATIC_VER).tgz docker; \
 	done
 .PHONY: cross-win
-cross-win: cross-win-engine
+cross-win: cross-all-cli cross-win-engine cross-win-plugins ## create zip file with windows x86_64 client and server
-	cd $(CLI_DIR) && VERSION=$(GEN_STATIC_VER) docker buildx bake --set binary.platform=windows/amd64 binary
+	mkdir -p build/win/docker
-	mkdir -p build/win/amd64/docker
+	cp $(CLI_DIR)/build/docker-windows-amd64 build/win/docker/docker.exe
-	cp $(CLI_DIR)/build/docker-windows-amd64.exe build/win/amd64/docker/docker.exe
+	cp $(ENGINE_DIR)/bundles/cross/windows/amd64/dockerd-$(STATIC_VERSION).exe build/win/docker/dockerd.exe
-	cp $(ENGINE_DIR)/bundles/cross/win/dockerd.exe build/win/amd64/docker/dockerd.exe
+	docker run --rm -v $(CURDIR)/build/win:/v -w /v alpine sh -c 'apk update&&apk add zip&&zip -r docker-$(STATIC_VERSION).zip docker'
 	docker run --rm -v $(CURDIR)/build/win/amd64:/v -w /v alpine sh -c 'apk update&&apk add zip&&zip -r docker-$(GEN_STATIC_VER).zip docker'
 	$(CHOWN) -R $(shell id -u):$(shell id -g) build
 .PHONY: cross-arm
 cross-arm: cross-all-cli ## create tgz with linux armhf client only
 	mkdir -p build/arm/docker
 	cp $(CLI_DIR)/build/docker-linux-arm build/arm/docker/docker
-	tar -C build/arm -c -z -f build/arm/docker-$(GEN_STATIC_VER).tgz docker
+	tar -C build/arm -c -z -f build/arm/docker-$(STATIC_VERSION).tgz docker
 .PHONY: static-cli
 static-cli:
-	cd $(CLI_DIR) && VERSION=$(GEN_STATIC_VER) docker buildx bake --set binary.platform=$(TARGETPLATFORM) --set binary.args.CGO_ENABLED=$(CGO_ENABLED) binary
+	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(STATIC_VERSION) build
 .PHONY: static-engine
 static-engine:
-	cd $(ENGINE_DIR) && docker buildx build --target all $(ENGINE_BUILD_OPTS) --output "./bundles/binary" .
+	$(MAKE) -C $(ENGINE_DIR) VERSION=$(STATIC_VERSION) binary
 .PHONY: static-buildx-plugin
 static-buildx-plugin:
 	cd $(BUILDX_DIR) && docker buildx bake --set binaries.platform=$(TARGETPLATFORM) binaries && mv ./bin/build/buildx ./bin/docker-buildx
 .PHONY: cross-all-cli
 cross-all-cli:
-	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(GEN_STATIC_VER) cross
+	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(STATIC_VERSION) cross
 .PHONY: cross-win-engine
 cross-win-engine:
-	cd $(ENGINE_DIR) && docker buildx build --target binary $(ENGINE_BUILD_OPTS) --platform windows/amd64 --output "./bundles/cross/win" .
+	$(MAKE) -C $(ENGINE_DIR) VERSION=$(STATIC_VERSION) DOCKER_CROSSPLATFORMS=windows/amd64 cross
 BUILD_PLUGIN_RUN_VARS = --rm -i \
 	-e GOOS=$(SPOOF_GOOS) \
 	-v "$(CURDIR)/build/$(CLI_BUILD_DIR)/docker/cli-plugins":/out \
 	-v "$(CURDIR)/../plugins":/plugins:ro \
 	-v "$(CURDIR)/scripts/build-cli-plugins":/build:ro
 .PHONY: cross-mac-plugins
 cross-mac-plugins: SPOOF_GOOS := darwin
 cross-mac-plugins: CLI_BUILD_DIR := mac
 cross-mac-plugins:
 	mkdir -p build/$(CLI_BUILD_DIR)/docker
 	docker run $(BUILD_PLUGIN_RUN_VARS) $(DOCKER_CLI_GOLANG_IMG) /build
 	$(CHOWN) -R $(shell id -u):$(shell id -g) build
 .PHONY: cross-win-plugins
 cross-win-plugins: SPOOF_GOOS := windows
 cross-win-plugins: CLI_BUILD_DIR := win
 cross-win-plugins:
 	mkdir -p build/$(CLI_BUILD_DIR)/docker/cli-plugins
 	docker run $(BUILD_PLUGIN_RUN_VARS) $(DOCKER_CLI_GOLANG_IMG) /build
 	$(CHOWN) -R $(shell id -u):$(shell id -g) build
 	find build/$(CLI_BUILD_DIR)/docker -type f -not -name "*.exe" -exec mv {} {}.exe \;
--- a/static/gen-static-ver
+++ b/static/gen-static-ver
@ -1,46 +1,35 @@
 #!/usr/bin/env bash
-REPO_DIR="$1"
+ENGINE_DIR=$1
-VERSION="$2"
+VERSION=$2
-if [ -z "$REPO_DIR" ] || [ -z "$VERSION" ]; then
+if [ -z "$ENGINE_DIR" ] || [ -z "$VERSION" ]; then
-	# shellcheck disable=SC2016
+    echo 'usage: ./gen-static-ver ${ENGINE_DIR} ${VERSION}'
-	echo 'usage: ./gen-static-ver ${REPO_DIR} ${VERSION}'
+    exit 1
 	exit 1
 fi
-GIT_COMMAND="git -C $REPO_DIR"
+DATE_COMMAND="date"
 if [[ $(uname) -eq "Darwin" ]]; then
    DATE_COMMAND="docker run --rm alpine date"
 fi
 GIT_COMMAND="git -C $ENGINE_DIR"
-staticVersion="${VERSION#v}"
+staticVersion="$VERSION"
-
+if [[ "$VERSION" == *-dev ]]; then
-# if we have a "-dev" suffix or have change in Git, this is a nightly build, and
+    # based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
-# we'll create a pseudo version based on commit-date and -sha.
+    #
-if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
+    # using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
-	export TZ=UTC
+    # where the time is the commit time in UTC and the final suffix is the prefix
-
+    # of the commit hash. The time portion ensures that two pseudo-versions can
-	# based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+    # be compared to determine which happened later, the commit hash identifes
-	#
+    # the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
-	# using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
+    # as a pre-release before version v0.0.0, so that the go command prefers any
-	# where the time is the commit time in UTC and the final suffix is the prefix
+    # tagged release over any pseudo-version.
-	# of the commit hash. The time portion ensures that two pseudo-versions can
+    gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
-	# be compared to determine which happened later, the commit hash identifes
+    gitDate="$($DATE_COMMAND --utc --date "@$gitUnix" +'%Y%m%d%H%M%S')"
-	# the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+    gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
-	# as a pre-release before version v0.0.0, so that the go command prefers any
+    # staticVersion is now something like '0.0.0-20180719213702-cd5e2db'
-	# tagged release over any pseudo-version.
+    staticVersion="0.0.0-${gitDate}-${gitCommit}"
 	gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
 	if [ "$(uname)" = "Darwin" ]; then
 		# Using BSD date (macOS), which doesn't support the --date option
 		# date -jf "<input format>" "<input value>" +"<output format>" (https://unix.stackexchange.com/a/86510)
 		gitDate="$(TZ=UTC date -u -jf "%s" "$gitUnix" +'%Y%m%d%H%M%S')"
 	else
 		# Using GNU date (Linux)
 		gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
 	fi
 	gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
 	# generated version is now something like '0.0.0-20180719213702-cd5e2db'
 	staticVersion="0.0.0-${gitDate}-${gitCommit}" # (using hyphens)
 fi
 echo "$staticVersion"
--- a/static/hash_files
+++ b/static/hash_files
@ -5,7 +5,7 @@
 DIR_TO_LOOK_IN=${1:-build/linux}
 for f in $(find "$DIR_TO_LOOK_IN" -type f); do
-	for hash_algo in md5 sha256; do
+    for hash_algo in md5 sha256; do
-		"${hash_algo}sum" "$f" >"$f.$hash_algo"
+        "${hash_algo}sum" "$f" > "$f.$hash_algo"
-	done
+    done
 done
--- a/static/scripts/build-cli-plugins
+++ b/static/scripts/build-cli-plugins
@ -0,0 +1,12 @@
 #!/usr/bin/env bash
 set -e
 shopt -s globstar
 # /plugins should be volume mounted from root plugins dir
 # /out should also be volume mounted from static/out/
 for installer in /plugins/*.installer; do
    bash "${installer}" build
    DESTDIR='/out' PREFIX="/" bash "${installer}" install_plugin
 done
--- a/systemd/docker.service
+++ b/systemd/docker.service
@ -0,0 +1,47 @@
 [Unit]
 Description=Docker Application Container Engine
 Documentation=https://docs.docker.com
 BindsTo=containerd.service
 After=network-online.target firewalld.service containerd.service
 Wants=network-online.target
 Requires=docker.socket
 [Service]
 Type=notify
 # the default is not to use systemd for cgroups because the delegate issues still
 # exists and systemd currently does not support the cgroup feature set required
 # for containers run by docker
 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
 ExecReload=/bin/kill -s HUP $MAINPID
 TimeoutSec=0
 RestartSec=2
 Restart=always
 # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
 # Both the old, and new location are accepted by systemd 229 and up, so using the old location
 # to make them work for either version of systemd.
 StartLimitBurst=3
 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
 # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
 # this option work for either version of systemd.
 StartLimitInterval=60s
 # Having non-zero Limit*s causes performance problems due to accounting overhead
 # in the kernel. We recommend using cgroups to do container-local accounting.
 LimitNOFILE=infinity
 LimitNPROC=infinity
 LimitCORE=infinity
 # Comment TasksMax if your systemd version does not support it.
 # Only systemd 226 and above support this option.
 TasksMax=infinity
 # set delegate yes so that systemd does not reset the cgroups of docker containers
 Delegate=yes
 # kill only the docker process, not all processes in the cgroup
 KillMode=process
 [Install]
 WantedBy=multi-user.target
--- a/systemd/docker.socket
+++ b/systemd/docker.socket
@ -0,0 +1,12 @@
 [Unit]
 Description=Docker Socket for the API
 PartOf=docker.service
 [Socket]
 ListenStream=/var/run/docker.sock
 SocketMode=0660
 SocketUser=root
 SocketGroup=docker
 [Install]
 WantedBy=sockets.target
--- a/149
+++ b/149
@ -1,149 +0,0 @@
 #!/usr/bin/env bash
 ###
 # Script Name:  verify
 #
 # Description: This runs a smoke test to verify that the packages can be installed corrected
 ###
 # build/${DIST_ID}/${DIST_VERSION}/${ARCH} - location of all packages
 # Manually Testing: docker run --rm -it -v $(pwd):/v -w /v "centos:7" ./verify
 set -e
 source install-containerd-helpers
 function verify() {
 	if dpkg --version >/dev/null 2>/dev/null; then
 		verify_deb
 	elif rpm --version >/dev/null 2>/dev/null; then
 		verify_rpm
 	else
 		echo "[ERROR] Unable to determine base os:"
 		cat /etc/os-release
 		exit 1
 	fi
 }
 function verify_binaries() {
 	docker --version
 	docker buildx version
 	docker compose version
 	docker model version
 	dockerd --version
 	docker-proxy --version
 	containerd --version
 	ctr --version
 	containerd-shim -v
 	containerd-shim-runc-v1 -v
 	containerd-shim-runc-v2 -v
 	runc --version
 }
 function verify_deb() {
 	# First install prerequisites for our script and dpkg and apt to run correctly.
 	# This list SHOULD NOT include dependencies of docker itself, otherwise we would
 	# not be able to verify that our packages specify all the required dependencies.
 	apt-get update
 	apt-get -y install --no-install-recommends \
 		apt-transport-https \
 		ca-certificates \
 		curl \
 		gnupg2 \
 		lsb-release
 	DIST_ID=$(source /etc/os-release; echo "$ID")
 	DIST_VERSION=$(lsb_release -sc)
 	if [ "${DIST_VERSION}" = "sid" ]; then
 		echo 'Debian sid ("unstable") cannot be used for packaging: replace with the actual codename'
 		exit 1
 	fi
 	install_debian_containerd
 	packages=$(find "deb/debbuild/${DIST_ID}-${DIST_VERSION}/" -type f -name "*.deb")
 	# All local packages need to be prefixed with `./` or else apt-get doesn't understand where to pull from
 	packages=$(echo "${packages}" | awk '$0="./"$0' | xargs)
 	(
 		set -x
 		# Install the locally built packages using 'dpkg' because installing with
 		# 'apt-get' would attempt to install dependency packages (such as the CLI)
 		# from download.docker.com instead of the locally built CLI package. Given
 		# that 'dpkg -i' does not install any dependency (but will fail if depen-
 		# dencies are missing), we use the '--ignore-depends' option to ignore
 		# packages we know to be missing at this stage, and '--force-depends' to
 		# only warn about any other missing dependency.
 		#
 		# shellcheck disable=SC2086
 		dpkg \
 			--ignore-depends=containerd.io,iptables,libdevmapper,libdevmapper1.02.1 \
 			--force-depends \
 			-i ${packages}
 		# After installing the local packages, we run 'apt-get install' with the
 		# '--fix-broken' option to trigger installation of the dependencies, which
 		# should succeed successfully. This step is to verify that not only the
 		# packages can be installed, but also that all dependencies (including
 		# containerd.io) can be resolved correctly for the distro that we built for,
 		# before going through the whole pipeline and publishing the packages.
 		#
 		# The '--no-upgrade' option is set to prevent apt from attempting to install
 		# packages from download(-stage).docker.com that we already installed using
 		# the local packages above. Without this, installing (e.g.) ./docker-ce-cli
 		# would result in apt installing "docker-ce" from the package repository and
 		# produce a "the following packages will be DOWNGRADED" error.
 		#
 		# shellcheck disable=SC2086
 		apt-get -y install --no-install-recommends --no-upgrade --fix-broken ${packages}
 	)
 	verify_binaries
 }
 function verify_rpm() {
 	DIST_ID=$(. /etc/os-release; echo "${ID}")
 	DIST_VERSION=$(. /etc/os-release; echo "${VERSION_ID}" | cut -d'.' -f1)
 	pkg_manager="yum"
 	pkg_config_manager="yum-config-manager"
 	if dnf --version; then
 		pkg_manager="dnf"
 		pkg_config_manager="dnf config-manager"
 		dnf clean all
 		${pkg_manager} install -y 'dnf-command(config-manager)'
 	fi
 	case ${DIST_ID}:${DIST_VERSION} in
 	ol:7*)
 		# Needed for container-selinux
 		${pkg_config_manager} --enable ol7_addons
 		;;
 	fedora*)
 		dnf install -y findutils
 		;;
 	esac
 	install_rpm_containerd
 	# find all rpm packages, exclude src package
 	echo "[DEBUG] Installing engine rpms"
 	packages=$(find "rpm/rpmbuild/${DIST_ID}-${DIST_VERSION}/RPMS/" -type f -name "*.rpm" | sed '/src/d')
 	# install all non-source packages
 	(
 		set -x
 		product_version=$(source /etc/os-release; echo "${REDHAT_SUPPORT_PRODUCT_VERSION:-}")
 		if [ "$product_version" = 'rawhide' ]; then
 				# force $releasever to account for Fedora pre-release images, as they
 				# may still be using "rawhide", which is not present on our package
 				# repositories on download.docker.com.
 				export DNF_VAR_releasever="$DIST_VERSION"
 		fi
 		${pkg_manager} install -y ${packages}
 	)
 	verify_binaries
 }
 verify
Author	SHA1	Message	Date
Eli Uriegas	a6743090d7	[19.03 backport] update Golang 1.12.12 (CVE-2019-17596) (#400 ) [19.03 backport] update Golang 1.12.12 (CVE-2019-17596)	2019-10-20 14:51:41 -07:00
Sebastiaan van Stijn	8ededb10be	Update Golang 1.12.12 (CVE-2019-17596) Golang 1.12.12 ------------------------------- go1.12.12 (released 2019/10/17) includes fixes to the go command, runtime, syscall and net packages. See the Go 1.12.12 milestone on our issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.12.12 Golang 1.12.11 (CVE-2019-17596) ------------------------------- go1.12.11 (released 2019/10/17) includes security fixes to the crypto/dsa package. See the Go 1.12.11 milestone on our issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.12.11 [security] Go 1.13.2 and Go 1.12.11 are released Hi gophers, We have just released Go 1.13.2 and Go 1.12.11 to address a recently reported security issue. We recommend that all affected users update to one of these releases (if you're not sure which, choose Go 1.13.2). Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don't chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server that accepts and verifies client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected. Moreover, an application might crash invoking crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate request, parsing a golang.org/x/crypto/openpgp Entity, or during a golang.org/x/crypto/otr conversation. Finally, a golang.org/x/crypto/ssh client can panic due to a malformed host key, while a server could panic if either PublicKeyCallback accepts a malformed public key, or if IsUserAuthority accepts a certificate with a malformed public key. The issue is CVE-2019-17596 and Go issue golang.org/issue/34960. Thanks to Daniel Mandragona for discovering and reporting this issue. We'd also like to thank regilero for a previous disclosure of CVE-2019-16276. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `f9eab1b87b`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-10-20 18:01:09 +02:00
docker-unir[bot]	5707b8da0a	Merge pull request #388 from tiborvass/19.03-buildx-update Merged with https://github.com/seemethere/unir	2019-09-27 22:15:57 +00:00
Andrew Hsu	f9fbad369b	Merge pull request #386 from thaJeztah/19.03_backport_bump_golang_1.12.10 [19.03 backport] bump golang 1.12.10 (CVE-2019-16276)	2019-09-27 11:19:24 -07:00
Tibor Vass	46178072a3	plugins: pin buildx to v0.3.1 Signed-off-by: Tibor Vass <tibor@docker.com> (cherry picked from commit `41dfc516cd`) Signed-off-by: Tibor Vass <tibor@docker.com>	2019-09-27 18:06:30 +00:00
Sebastiaan van Stijn	efd4275efe	bump golang 1.12.10 (CVE-2019-16276) full diff: https://github.com/golang/go/compare/go1.12.9...go1.12.10 ``` Hi gophers, We have just released Go 1.13.1 and Go 1.12.10 to address a recently reported security issue. We recommend that all affected users update to one of these releases (if you're not sure which, choose Go 1.13.1). net/http (through net/textproto) used to accept and normalize invalid HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. If a Go server is used behind an uncommon reverse proxy that accepts and forwards but doesn't normalize such invalid headers, the reverse proxy and the server can interpret the headers differently. This can lead to filter bypasses or request smuggling, the latter if requests from separate clients are multiplexed onto the same upstream connection by the proxy. Such invalid headers are now rejected by Go servers, and passed without normalization to Go client applications. The issue is CVE-2019-16276 and Go issue golang.org/issue/34540. Thanks to Andrew Stucki, Adam Scarr (99designs.com), and Jan Masarik (masarik.sh) for discovering and reporting this issue. Downloads are available at https://golang.org/dl for all supported platforms. Alla prossima, Filippo on behalf of the Go team ``` From the patch: `6e6f4aaf70` ``` net/textproto: don't normalize headers with spaces before the colon RFC 7230 is clear about headers with a space before the colon, like X-Answer : 42 being invalid, but we've been accepting and normalizing them for compatibility purposes since CL 5690059 in 2012. On the client side, this is harmless and indeed most browsers behave the same to this day. On the server side, this becomes a security issue when the behavior doesn't match that of a reverse proxy sitting in front of the server. For example, if a WAF accepts them without normalizing them, it might be possible to bypass its filters, because the Go server would interpret the header differently. Worse, if the reverse proxy coalesces requests onto a single HTTP/1.1 connection to a Go server, the understanding of the request boundaries can get out of sync between them, allowing an attacker to tack an arbitrary method and path onto a request by other clients, including authentication headers unknown to the attacker. This was recently presented at multiple security conferences: https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn net/http servers already reject header keys with invalid characters. Simply stop normalizing extra spaces in net/textproto, let it return them unchanged like it does for other invalid headers, and let net/http enforce RFC 7230, which is HTTP specific. This loses us normalization on the client side, but there's no right answer on the client side anyway, and hiding the issue sounds worse than letting the application decide. ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `7847c12a44`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-09-27 17:17:07 +02:00
docker-unir[bot]	8489bbbc5e	Merge pull request #384 from zelahi/backport-plugins-dir-change Merged with https://github.com/seemethere/unir	2019-09-26 14:42:12 +00:00
Zuhayr Elahi	9703ea748d	realpath for plugins directory Signed-off-by: Zuhayr Elahi <elahi.zuhayr@gmail.com>	2019-09-25 14:45:37 -07:00
Eli Uriegas	fc942130a1	[19.03 backport] Pin buildx plugin to v0.3.0, and allow overridi… (#382 ) [19.03 backport] Pin buildx plugin to v0.3.0, and allow overriding	2019-09-25 08:48:40 -07:00
docker-unir[bot]	21096e8a01	Merge pull request #380 from thaJeztah/19.03_backport_bump_go_1.12.9 Merged with https://github.com/seemethere/unir	2019-09-25 15:48:12 +00:00
Eli Uriegas	146a09e4a1	[19.03 backport] RPM spec: remove -ce suffix from distribution_b… (#379 ) [19.03 backport] RPM spec: remove -ce suffix from distribution_based_engine JSON	2019-09-25 08:47:50 -07:00
Sebastiaan van Stijn	5c81ea3060	Pin buildx plugin to v0.3.0, and allow overriding Commit `9a5aabdaff` removed the fixed version for this plugin, and changed it to install from "master", which made the build non-reproducible. This patch pins the plugin to a specific tag/release again, but allow overriding by setting the `BUILDX_COMMIT` env-var. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `ffee8a345b`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-09-24 13:28:20 +02:00
Jintao Zhang	a67e30e824	Bump Golang 1.12.9 Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> (cherry picked from commit `cc3b9fb951`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-09-16 16:48:33 +02:00
Sebastiaan van Stijn	c621124f33	Makefile: realpath engine-, cli-dir Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `2929c9b1e8`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-09-16 16:47:49 +02:00
Sebastiaan van Stijn	14beb3692f	Makefile: use include for common variables Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `fe23576b64`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-09-16 16:47:36 +02:00
Sebastiaan van Stijn	7789c00ded	Makefile: set STATIC_VERSION only if empty Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `3b8cc28c3f`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-09-16 16:47:24 +02:00
zelahi	524b348030	FIX pathing issue with cli dir (cherry picked from commit `0df1091054`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-09-16 16:43:18 +02:00
zelahi	0ca225ae71	FIXED retrieving GO_VERSION from the CLI dir Signed-off-by: zelahi <elahi.zuhayr@gmail.com> (cherry picked from commit `5f1afbb139`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-09-16 16:41:43 +02:00
Sebastiaan van Stijn	41debafef5	Revert "FIX pathing issue with cli dir" This reverts commit `a1419a7ed5`. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-09-16 16:40:59 +02:00
Sebastiaan van Stijn	2dd0ad1454	RPM spec: remove -ce suffix from distribution_based_engine JSON Noticed this failing in internal e2e tests on CentOS: ``` sudo docker engine activate --license /tmp/docker.lic unable to determine the installed engine version. Specify which engine image to update with --engine-image: open /var/lib/docker-engine/distribution_based_engine.json: no such file or directory ``` Looks lik `09b3ac888d` changed the name of this file from `distribution_based_engine-ce.json` to `distribution_based_engine.json` (without `-ce` suffix) for the `.deb` packages, but did not update the RPM packages accordingly. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `77878ffa48`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-09-10 14:50:59 +02:00
docker-unir[bot]	69a80d69c6	Merge pull request #376 from seemethere/cherry_pick_pathing Merged with https://github.com/seemethere/unir	2019-08-15 22:30:07 +00:00
zelahi	a1419a7ed5	FIX pathing issue with cli dir (cherry picked from commit `0df1091054`) Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>	2019-08-15 21:53:44 +00:00
docker-unir[bot]	b2d11e82bd	Merge pull request #371 from thaJeztah/19.03_backport_bump_golang_1.12.8 Merged with https://github.com/seemethere/unir	2019-08-14 19:18:48 +00:00
Sebastiaan van Stijn	75cd53f9aa	Bump golang 1.12.8 (CVE-2019-9512, CVE-2019-9514) go1.12.8 (released 2019/08/13) includes security fixes to the net/http and net/url packages. See the Go 1.12.8 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.12.8 - net/http: Denial of Service vulnerabilities in the HTTP/2 implementation net/http and golang.org/x/net/http2 servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. Servers will now close connections if the send queue accumulates too many control messages. The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606. Thanks to Jonathan Looney from Netflix for discovering and reporting these issues. This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of golang.org/x/net/http2. net/url: parsing validation issue - url.Parse would accept URLs with malformed hosts, such that the Host field could have arbitrary suffixes that would appear in neither Hostname() nor Port(), allowing authorization bypasses in certain applications. Note that URLs with invalid, not numeric ports will now return an error from url.Parse. The issue is CVE-2019-14809 and Go issue golang.org/issue/29098. Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me) for discovering and reporting this issue. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `9f5da37431`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-08-14 03:16:48 +02:00
Sebastiaan van Stijn	1fd1357036	Pin Golang images to debian stretch variant Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `1310e3974e`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-08-14 03:16:38 +02:00
Sebastiaan van Stijn	fd776cdf69	Bump Golang 1.12.6 go1.12.6 (released 2019/06/11) includes fixes to the compiler, the linker, the go command, and the `crypto/x509`, `net/http`, and `os` packages. See the Go 1.12.6 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.12.6 full diff: https://github.com/golang/go/compare/go1.12.5...go1.12.6 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `01ba39e597`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-08-14 03:15:01 +02:00
Eli Uriegas	f2f6cd8836	[19.03 backport] Add Raspbian buster (#361 ) [19.03 backport] Add Raspbian buster	2019-07-09 12:33:12 -10:00
Nick Danyluk	8dd5998568	switched docker build image to balenalib/rpi-raspbian (cherry picked from commit `2e38922ed6`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-07-08 10:28:04 +02:00
Nick Danyluk	42d8cc1da4	Fixed duplicates of ubuntu, debian, & raspbian (cherry picked from commit `e6445e38ed`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-07-08 10:27:54 +02:00
Nick Danyluk	a2d120da17	add raspbian buster (cherry picked from commit `2cbd93cf0d`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-07-08 10:27:50 +02:00
Sebastiaan van Stijn	e0e796aa5c	Revert "switch to balenalib/rpi-raspbian because resin/rpi-raspbian is deprecated" This reverts commit `4581a41a76`. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-07-08 10:27:45 +02:00
Eli Uriegas	e27d681dae	[19.03 backport][TAR-849] ADDED Dockerfile for fedora-31 (#362 ) [19.03 backport][TAR-849] ADDED Dockerfile for fedora-31	2019-07-06 07:49:36 -10:00
Eli Uriegas	4dc517616a	[19.03] switch to balenalib/rpi-raspbian because resin/rpi-raspb… (#360 ) [19.03] switch to balenalib/rpi-raspbian because resin/rpi-raspbian is deprecated	2019-07-06 07:48:33 -10:00
docker-unir[bot]	bdcef5cf22	Merge pull request #358 from kolyshkin/19.03-backport-man-fix Merged with https://github.com/seemethere/unir	2019-07-06 17:48:08 +00:00
zelahi	d2f17a65b5	ADDED Dockerfile for fedora-31 (cherry picked from commit `161876db49`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-07-03 01:04:31 +02:00
Sebastiaan van Stijn	4581a41a76	switch to balenalib/rpi-raspbian because resin/rpi-raspbian is deprecated Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-07-03 00:54:52 +02:00
Sebastiaan van Stijn	8007c3ea8d	TAR-875 Fix man-pages showing "minimized" message The dh_installman script calls "man" and captures its output to convert manpages to utf8: `8523120dcc/dh_installman (L298-L316)` however, on minimized Ubuntu systems, man is overridden by a script that outputs a warning message ("This system has been minimized by removing packages and content .."). As a result, all man-pages were be overwritten by that message. This patch restores the actual `man` command before building to work around this issue. addresses docker/for-linux#639 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `e52fa49844`)	2019-07-02 14:49:59 -07:00
Eli Uriegas	7d50c4bb06	[19.03 backport] Sync RPM Spec with downstream EE packaging (#348 ) [19.03 backport] Sync RPM Spec with downstream EE packaging	2019-07-02 06:18:45 -10:00
Eli Uriegas	fd2fe14139	[19.03 backport] require container-selinux >= 2.74 (#351 ) [19.03 backport] require container-selinux >= 2.74	2019-07-02 06:18:23 -10:00
Eli Uriegas	574e120c4e	[19.03 port] Bump containerd.io dep >= 1.2.2-3 (CVE-2019-5736) (#354 ) [19.03 port] Bump containerd.io dep >= 1.2.2-3 (CVE-2019-5736)	2019-07-02 06:18:07 -10:00
Eli Uriegas	bc3a9b242b	Bump containerd.io dep >= 1.2.2-3 (CVE-2019-5736) Signed-off-by: Eli Uriegas <eli.uriegas@docker.com> (cherry picked from commit `06b649e2b0`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-06-26 00:54:17 +02:00
Sebastiaan van Stijn	b65daefe49	require container-selinux >= 2.74 version 2.9 is really old; this sets the same minimal version as is used for the containerd.io package Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `a246b19b07`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-06-26 00:47:37 +02:00
Sebastiaan van Stijn	12b807d90a	Remove the pre and posttrans, they weren't useful On some distros we were encountering errors where `$1` was not being populated for the 'pre' and 'posttrans' rpm macros, upon closer inspection it isn't exactly clear why the pre and posttrans macro scripts were exactly useful since the `%systemd_postun_with_restart` does exactly what those scripts were doing. I've tidied up the systemd macros to use `docker.service` instead of `docker` which seems to function as we'd expect. taken from downstream commit 62d8413b550659a0b5318346ee2e3d7e4a50bfe1 Signed-off-by: Eli Uriegas <eli.uriegas@docker.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `bece037752`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-06-25 22:27:13 +02:00
Sebastiaan van Stijn	12d40535d5	Sync RPM Spec with EE - systemd-units -> systemd (taken from 8bb1f0a7a395dfd979cd410b26ef47e55433de32) - some wording changes (taken from a8c522a7c22c34dc354e91941377a4aadc3ddc4c) Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `ffcd2256e4`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-06-25 22:27:05 +02:00
Eli Uriegas	734c2e2133	Merge pull request #346 from thaJeztah/19.03_backport_cleanup [19.03 backport] Removed some unused files, no longer necessary	2019-06-25 09:58:46 -10:00
Eli Uriegas	cb016d45ab	Removed some unused files, no longer necessary Signed-off-by: Eli Uriegas <eli.uriegas@docker.com> (cherry picked from commit `701500fafc`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-06-25 12:03:43 +02:00
Andrew Hsu	a4d4c18505	Merge pull request #338 from thaJeztah/19.03_bump_golang_1.12.5 [19.03 backport] Bump Go 1.12.5	2019-06-11 20:04:31 -07:00
Eli Uriegas	faa0a35fd7	[19.03] Bump docker-app to v0.8.0 (#341 ) [19.03] Bump docker-app to v0.8.0	2019-06-11 14:32:26 -07:00
Silvin Lubecki	d0f93bd00a	Bump docker-app to v0.8.0 Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>	2019-06-11 18:22:17 +02:00
Sebastiaan van Stijn	a9771e37cf	Bump Go 1.12.5 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `0abbdec692`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-05-27 23:16:29 +03:00
Eli Uriegas	00955cf747	[19.03] Bump docker-app to v0.8.0-rc1 (#335 ) [19.03] Bump docker-app to v0.8.0-rc1	2019-05-24 16:27:58 -05:00
Eli Uriegas	54345e398f	Merge pull request #336 from tiborvass/buildx-19.03 [19.03] Add buildx plugin as experimental	2019-05-24 14:49:42 -05:00
Tibor Vass	93bad6c9b6	Add buildx plugin as experimental Signed-off-by: Tibor Vass <tibor@docker.com>	2019-05-24 17:49:05 +00:00
Silvin Lubecki	47a17b7b01	Bump docker-app to v0.8.0-rc1 Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>	2019-05-24 18:32:41 +02:00
Andrew Hsu	ae606e20a1	Merge pull request #329 from andrewhsu/app [19.03] Bump docker app to v0.8.0-beta2	2019-05-13 22:32:44 -07:00
Silvin Lubecki	dd85ec9dc1	Bump docker app to v0.8.0-beta2 Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com> (cherry picked from commit `5134bad09f`) Signed-off-by: Andrew Hsu <andrewhsu@docker.com>	2019-05-14 05:29:23 +00:00
		`@ -1 +0,0 @@`
			`../engine/contrib/init/sysvinit-debian/docker.default`
		`@ -1 +0,0 @@`
			`../engine/contrib/init/systemd/docker.service`
		`@ -1 +0,0 @@`
			`rm_conffile /etc/init/docker.conf 5:24.0.5-1~`