Merge pull request #1239 from glours/bump-compose-v2.39.2

bump Compose to version v2.39.2

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,30 @@
+<!--
+Please make sure you've read and understood our contributing guidelines;
+https://github.com/docker/cli/blob/master/CONTRIBUTING.md
+
+** Make sure all your commits include a signature generated with `git commit -s` **
+
+For additional information on our contributing process, read our contributing
+guide https://docs.docker.com/opensource/code/
+
+If this is a bug fix, make sure your description includes "fixes #xxxx", or
+"closes #xxxx"
+
+Please provide the following information:
+-->
+
+**- What I did**
+
+
+**- Description for the changelog**
+<!--
+Write a short (one line) summary that describes the changes in this
+pull request for inclusion in the changelog.
+It must be placed inside the below triple backticks section.
+
+NOTE: Only fill this section if changes introduced in this PR are user-facing.
+The PR must have a relevant impact/ label.
+-->
+```markdown changelog
+
+```

.github/workflows/ci.yml

@@ -0,0 +1,58 @@
+name: ci
+
+# Default to 'contents: read', which grants actions to read commits.
+#
+# If any permission is set, any permission not included in the list is
+# implicitly set to "none".
+#
+# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+      - '[0-9]+.[0-9]{2}'
+    tags:
+      - 'v*'
+  pull_request:
+
+jobs:
+  generate-matrix:
+    runs-on: ubuntu-24.04
+    outputs:
+      targets: ${{ steps.get-targets.outputs.targets }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Get targets
+        id: get-targets
+        run: |
+          echo "targets=$(jq -c '[to_entries[] | .key as $distro | .value.arches[] | {distro: $distro, arch: .}]' distros.json)" >> $GITHUB_OUTPUT
+
+  build:
+    needs:
+      - generate-matrix
+    runs-on: ${{ matrix.target.arch != 'amd64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
+    timeout-minutes: 60 # guardrails timeout for the whole job
+    strategy:
+      fail-fast: false
+      matrix:
+        target: ${{ fromJson(needs.generate-matrix.outputs.targets) }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Build
+        run: |
+          make ARCH=${{ matrix.target.arch }} ${{ matrix.target.distro }}

.gitignore

@@ -1,3 +1,6 @@
 build
 debbuild
 rpmbuild
+sources
+src
+*.tar

.unir.yml

@@ -0,0 +1,13 @@
+# The list of people who can trigger an auto-merge with approvals
+whitelist:
+  - andrewhsu
+  - silvin-lubecki
+  - StefanScherer
+  - thaJeztah
+  - zelahi
+
+# At least 2 approvals are needed for auto-merging
+approvals_needed: 2
+
+# If one review requests changes, unir will not merge automatically
+consensus_needed: true

Jenkinsfile

@@ -0,0 +1,131 @@
+#!groovy
+
+def branch = env.CHANGE_TARGET ?: env.BRANCH_NAME
+
+def pkgs = [
+    [target: "centos-9",                 image: "quay.io/centos/centos:stream9",          arches: ["amd64", "aarch64"]],
+    [target: "centos-10",                image: "quay.io/centos/centos:stream10",         arches: ["amd64", "aarch64"]],          // CentOS Stream 10 (EOL: 2030)
+    [target: "debian-bullseye",          image: "debian:bullseye",                        arches: ["amd64", "aarch64", "armhf"]], // Debian 11 (oldstable, EOL: 2024-08-14, EOL (LTS): 2026-08-31)
+    [target: "debian-bookworm",          image: "debian:bookworm",                        arches: ["amd64", "aarch64", "armhf"]], // Debian 12 (stable, EOL: 2026-06-10, EOL (LTS): 2028-06-30)
+    [target: "debian-trixie",            image: "debian:trixie",                          arches: ["amd64", "aarch64", "armhf"]], // Debian 13 (testing)
+    [target: "fedora-41",                image: "fedora:41",                              arches: ["amd64", "aarch64"]],          // EOL: November 19, 2025
+    [target: "fedora-42",                image: "fedora:42",                              arches: ["amd64", "aarch64"]],          // EOL: May 13, 2026
+    [target: "raspbian-bullseye",        image: "balenalib/rpi-raspbian:bullseye",        arches: ["armhf"]],                     // Debian/Raspbian 11 (stable)
+    [target: "raspbian-bookworm",        image: "balenalib/rpi-raspbian:bookworm",        arches: ["armhf"]],                     // Debian/Raspbian 12 (next stable)
+    [target: "ubuntu-jammy",             image: "ubuntu:jammy",                           arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 22.04 LTS (End of support: June,  2027. EOL: April, 2032)
+    [target: "ubuntu-noble",             image: "ubuntu:noble",                           arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 24.04 LTS (End of support: June,  2029. EOL: April, 2034)
+    [target: "ubuntu-oracular",          image: "ubuntu:oracular",                        arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 24.10 (EOL: July, 2025)
+    [target: "ubuntu-plucky",            image: "ubuntu:plucky",                          arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 25.04 (EOL: January, 2026)
+]
+
+def genBuildStep(LinkedHashMap pkg, String arch) {
+    def nodeLabel = "linux&&${arch}"
+    def platform = ""
+    def branch = env.CHANGE_TARGET ?: env.BRANCH_NAME
+
+    if (arch == 'armhf') {
+        // Running armhf builds on EC2 requires --platform parameter
+        // Otherwise it accidentally pulls armel images which then breaks the verify step
+        platform = "--platform=linux/${arch}"
+        nodeLabel = "${nodeLabel}&&ubuntu"
+    } else {
+        nodeLabel = "${nodeLabel}&&ubuntu-2204"
+    }
+    return { ->
+        wrappedNode(label: nodeLabel, cleanWorkspace: true) {
+            stage("${pkg.target}-${arch}") {
+                // This is just a "dummy" stage to make the distro/arch visible
+                // in Jenkins' BlueOcean view, which truncates names....
+                sh 'echo starting...'
+            }
+            stage("info") {
+                sh 'docker version'
+                sh 'docker info'
+            }
+            stage("build") {
+                checkout scm
+                sh "make clean"
+                sh "make REF=$branch ARCH=${arch} ${pkg.target}"
+            }
+            stage("verify") {
+                sh "make IMAGE=${pkg.image} ARCH=${arch} verify"
+            }
+        }
+    }
+}
+
+def build_package_steps = [
+    'static-linux': { ->
+        wrappedNode(label: 'ubuntu-2204 && x86_64', cleanWorkspace: true) {
+            stage("static-linux") {
+                // This is just a "dummy" stage to make the distro/arch visible
+                // in Jenkins' BlueOcean view, which truncates names....
+                sh 'echo starting...'
+            }
+            stage("info") {
+                sh 'docker version'
+                sh 'docker info'
+            }
+            stage("build") {
+                try {
+                    checkout scm
+                    sh "make REF=$branch DOCKER_BUILD_PKGS='static-linux' static"
+                } finally {
+                    sh "make clean"
+                }
+            }
+        }
+    },
+    'cross-mac': { ->
+        wrappedNode(label: 'ubuntu-2204 && x86_64', cleanWorkspace: true) {
+            stage("cross-mac") {
+                // This is just a "dummy" stage to make the distro/arch visible
+                // in Jenkins' BlueOcean view, which truncates names....
+                sh 'echo starting...'
+            }
+            stage("info") {
+                sh 'docker version'
+                sh 'docker info'
+            }
+            stage("build") {
+                try {
+                    checkout scm
+                    sh "make REF=$branch DOCKER_BUILD_PKGS='cross-mac' static"
+                } finally {
+                    sh "make clean"
+                }
+            }
+        }
+    },
+    'cross-win': { ->
+        wrappedNode(label: 'ubuntu-2204 && x86_64', cleanWorkspace: true) {
+            stage("cross-win") {
+                // This is just a "dummy" stage to make the distro/arch visible
+                // in Jenkins' BlueOcean view, which truncates names....
+                sh 'echo starting...'
+            }
+            stage("info") {
+                sh 'docker version'
+                sh 'docker info'
+            }
+            stage("build") {
+                try {
+                    checkout scm
+                    sh "make REF=$branch DOCKER_BUILD_PKGS='cross-win' static"
+                } finally {
+                    sh "make clean"
+                }
+            }
+        }
+    },
+]
+
+def genPackageSteps(opts) {
+    return opts.arches.collectEntries {
+        ["${opts.image}-${it}": genBuildStep(opts, it)]
+    }
+}
+
+build_package_steps << pkgs.collectEntries { genPackageSteps(it) }
+
+parallel(build_package_steps)

LICENSE

@@ -0,0 +1,191 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        https://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2013-2017 Docker, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       https://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

Makefile

@@ -1,33 +1,108 @@
-SHELL:=/bin/bash
-ENGINE_DIR:=$(CURDIR)/../engine
-CLI_DIR:=$(CURDIR)/../cli
-VERSION=unknown
-DOCKER_GITCOMMIT:=abcdefg
+include common.mk
 
-.PHONY: help clean rpm deb static
+STATIC_VERSION=$(shell static/gen-static-ver $(realpath $(CURDIR)/src/github.com/docker/docker) $(VERSION))
 
+# Taken from: https://www.cmcrossroads.com/article/printing-value-makefile-variable
+print-%  : ; @echo $($*)
+
+.PHONY: help
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 
-clean: ## remove build artifacts
+.PHONY: clean-src
+clean-src:
+	[ ! -d src ] || $(CHOWN) -R $(shell id -u):$(shell id -g) src
+	$(RM) -r src
+
+.PHONY: src
+src: src/github.com/docker/cli src/github.com/docker/docker src/github.com/docker/buildx src/github.com/docker/compose src/github.com/docker/model-cli ## clone source
+
+ifdef CLI_DIR
+src/github.com/docker/cli:
+	mkdir -p "$(@D)"
+	cp -r "$(CLI_DIR)" $@
+else
+src/github.com/docker/cli:
+	git init $@
+	git -C $@ remote add origin "$(DOCKER_CLI_REPO)"
+endif
+
+ifdef ENGINE_DIR
+src/github.com/docker/docker:
+	mkdir -p "$(@D)"
+	cp -r "$(ENGINE_DIR)" $@
+else
+src/github.com/docker/docker:
+	git init $@
+	git -C $@ remote add origin "$(DOCKER_ENGINE_REPO)"
+endif
+
+src/github.com/docker/buildx:
+	git init $@
+	git -C $@ remote add origin "$(DOCKER_BUILDX_REPO)"
+
+src/github.com/docker/compose:
+	git init $@
+	git -C $@ remote add origin "$(DOCKER_COMPOSE_REPO)"
+
+src/github.com/docker/model-cli:
+	git init $@
+	git -C $@ remote add origin "$(DOCKER_MODEL_REPO)"
+
+.PHONY: checkout-cli
+checkout-cli: src/github.com/docker/cli
+	./scripts/checkout.sh src/github.com/docker/cli "$(DOCKER_CLI_REF)"
+
+.PHONY: checkout-docker
+checkout-docker: src/github.com/docker/docker
+	./scripts/checkout.sh src/github.com/docker/docker "$(DOCKER_ENGINE_REF)"
+
+.PHONY: checkout-buildx
+checkout-buildx: src/github.com/docker/buildx
+	./scripts/checkout.sh src/github.com/docker/buildx "$(DOCKER_BUILDX_REF)"
+
+.PHONY: checkout-compose
+checkout-compose: src/github.com/docker/compose
+	./scripts/checkout.sh src/github.com/docker/compose "$(DOCKER_COMPOSE_REF)"
+
+.PHONY: checkout-model
+checkout-model: src/github.com/docker/model-cli
+	./scripts/checkout.sh src/github.com/docker/model-cli "$(DOCKER_MODEL_REF)"
+
+.PHONY: checkout
+checkout: checkout-cli checkout-docker checkout-buildx checkout-compose checkout-model ## checkout source at the given reference(s)
+
+.PHONY: clean
+clean: clean-src ## remove build artifacts
 	$(MAKE) -C rpm clean
 	$(MAKE) -C deb clean
 	$(MAKE) -C static clean
 
-rpm: DOCKER_BUILD_PKGS:=fedora-25 fedora-24 centos-7
-rpm: ## build rpm packages
-	for p in $(DOCKER_BUILD_PKGS); do \
-		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) $${p}; \
-	done
+.PHONY: deb rpm
+deb rpm: checkout ## build rpm/deb packages
+	$(MAKE) -C $@ VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) $@
 
-deb: DOCKER_BUILD_PKGS:=ubuntu-zesty ubuntu-yakkety ubuntu-xenial ubuntu-trusty debian-stretch debian-wheezy debian-jessie
-deb: ## build deb packages
-	for p in $(DOCKER_BUILD_PKGS); do \
-		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) $${p}; \
-	done
+.PHONY: centos-% fedora-% rhel-%
+centos-% fedora-% rhel-%: checkout ## build rpm packages for the specified distro
+	$(MAKE) -C rpm VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) $@
 
+.PHONY: debian-% raspbian-% ubuntu-%
+debian-% raspbian-% ubuntu-%: checkout ## build deb packages for the specified distro
+	$(MAKE) -C deb VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) $@
+
+.PHONY: static
 static: DOCKER_BUILD_PKGS:=static-linux cross-mac cross-win cross-arm
-static: ## build static-compiled packages
+static: checkout ## build static-compiled packages
 	for p in $(DOCKER_BUILD_PKGS); do \
-		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) $${p}; \
+		$(MAKE) -C $@ VERSION=$(VERSION) GO_VERSION=$(GO_VERSION) TARGETPLATFORM=$(TARGETPLATFORM) CONTAINERD_VERSION=$(CONTAINERD_VERSION) RUNC_VERSION=$(RUNC_VERSION) $${p}; \
 	done
+
+.PHONY: verify
+verify: ## verify installation of packages
+# to verify using packages from staging, use: make VERIFY_PACKAGE_REPO=stage IMAGE=ubuntu:noble verify
+	docker run $(VERIFY_PLATFORM) --rm -i \
+		-v "$$(pwd):/v" \
+		-e DEBIAN_FRONTEND=noninteractive \
+		-e PACKAGE_REPO=$(VERIFY_PACKAGE_REPO) \
+		-w /v \
+		$(IMAGE) ./verify

README.md

@@ -1,16 +1,16 @@
 # Docker CE Packaging
 
-This repo contains open source scripts for packaging the
-[Docker CE products](https://store.docker.com/search?offering=community&q=&type=edition).
+This repo contains the open source scripts for packaging the
+[Docker Engine](https://docs.docker.com/engine/), the Docker CLI, CLI plugins,
+and rootless-extras packages.
 
-* DEB packages for Ubuntu Trusty
-* DEB packages for Ubuntu Xenial
-* DEB packages for Ubuntu Yakkety
-* DEB packages for Ubuntu Zesty
-* DEB packages for Debian Stretch
-* DEB packages for Debian Jessie
-* DEB packages for Debian Wheezy
-* RPM packages for Fedora 24
-* RPM packages for Fedora 25
-* RPM packages for CentOS 7
-* TGZ and ZIP files with static binaries
+The repository contains Dockerfiles to build packages for various distributions,
+which can be found in the "rpm" and "deb" subdirectories, as well as scripts to
+build static binaries.
+
+Docker uses these recipes to build and release packages that are available on the
+https://download.docker.com package repositories. We welcome contributions to
+this repository, including the addition of new distros or distro-versions. Note,
+however, that Docker makes a subselection of distros and architectures for release,
+and not all distros available in this repository may be released to download.docker.com,
+but you can use these scripts to build your own packages.

common.mk

@@ -0,0 +1,62 @@
+ARCH=$(shell uname -m)
+
+# These are the architecture formats as used in release-packaging Jenkinsfile
+# This is an ugly chimera, nobody uses this combination of dpkg and uname formats
+# Why don't we pick one format and stick with it? Because at the time of writing
+# it was deemed too risky/involving too many changes across repos to change architecture
+# formats in release-packaging Jenkinsfile. But someone please do it.
+# Why do we need to list this here? Because I haven't been able to figure out how
+# to do Makefile rules with multiple patterns. (See how it's used in {deb,rpm}/Makefile)
+# Adding new architectures or changing the format in release-packaging will prevent make
+# from finding the corresponding rule unless this list is updated.
+# Or Jenkinsfiles/Makefiles removed (🎵 Gotta have faith-a-faith-a-faith... 🎵)
+ARCHES:=amd64 aarch64 armhf armel s390x ppc64le
+
+BUILDTIME=$(shell date -u -d "@$${SOURCE_DATE_EPOCH:-$$(date +%s)}" --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
+CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
+DEFAULT_PRODUCT_LICENSE:=Community Engine
+PACKAGER_NAME?=
+DOCKER_GITCOMMIT:=abcdefg
+GO_VERSION:=1.24.6
+PLATFORM=Docker Engine - Community
+SHELL:=/bin/bash
+VERSION?=0.0.1-dev
+
+# DOCKER_CLI_REPO and DOCKER_ENGINE_REPO define the source repositories to clone
+# the source from. These can be overridden to build from a fork.
+DOCKER_CLI_REPO     ?= https://github.com/docker/cli.git
+DOCKER_ENGINE_REPO  ?= https://github.com/docker/docker.git
+DOCKER_COMPOSE_REPO ?= https://github.com/docker/compose.git
+DOCKER_BUILDX_REPO  ?= https://github.com/docker/buildx.git
+DOCKER_MODEL_REPO   ?= https://github.com/docker/model-cli.git
+
+# REF can be used to specify the same branch or tag to use for *both* the CLI
+# and Engine source code. This can be useful if both the CLI and Engine have a
+# release branch with the same name (e.g. "19.03"), or of both repositories have
+# tagged a release with the same version.
+#
+# For other situations, specify DOCKER_CLI_REF and/or DOCKER_ENGINE_REF separately.
+REF                ?= HEAD
+DOCKER_CLI_REF     ?= $(REF)
+DOCKER_ENGINE_REF  ?= $(REF)
+# DOCKER_COMPOSE_REF is the version of compose to package. It usually is a tag,
+# but can be a valid git reference in DOCKER_COMPOSE_REPO.
+DOCKER_COMPOSE_REF ?= v2.39.2
+# DOCKER_BUILDX_REF is the version of compose to package. It usually is a tag,
+# but can be a valid git reference in DOCKER_BUILDX_REPO.
+DOCKER_BUILDX_REF  ?= v0.26.1
+# DOCKER_MODEL_REF is the version of model to package. It is usually a tag,
+# but can be a valid git reference in DOCKER_MODEL_REPO.
+DOCKER_MODEL_REF   ?= v0.1.36
+
+# Use "stage" to install dependencies from download-stage.docker.com during the
+# verify step. Leave empty or use any other value to install from download.docker.com
+VERIFY_PACKAGE_REPO ?= prod
+
+# Optional flags like --platform=linux/armhf
+VERIFY_PLATFORM ?=
+
+export BUILDTIME
+export DEFAULT_PRODUCT_LICENSE
+export PACKAGER_NAME
+export PLATFORM

deb/Makefile

@@ -1,90 +1,140 @@
-SHELL:=/bin/bash
-ARCH:=amd64
-ENGINE_DIR:=$(CURDIR)/../../engine
-CLI_DIR:=$(CURDIR)/../../cli
-GITCOMMIT?=$(shell cd $(ENGINE_DIR) && git rev-parse --short HEAD)
-VERSION?=$(shell cat $(ENGINE_DIR)/VERSION)
-DOCKER_EXPERIMENTAL:=0
-CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
+include ../common.mk
 
-.PHONY: help clean deb ubuntu debian ubuntu-xenial ubuntu-trusty ubuntu-yakkety ubuntu-zesty debian-jessie debian-stretch debian-wheezy
+PLUGINS_DIR=$(realpath $(CURDIR)/../plugins)
+GO_BASE_IMAGE=golang
+GO_IMAGE?=$(GO_BASE_IMAGE):$(GO_VERSION)-bookworm
+EPOCH?=5
+GEN_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/cli) "$(VERSION)")
+GEN_BUILDX_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/buildx) "$(DOCKER_BUILDX_REF)")
+GEN_COMPOSE_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/compose) "$(DOCKER_COMPOSE_REF)")
+GEN_MODEL_DEB_VER=$(shell ./gen-deb-ver $(realpath $(CURDIR)/../src/github.com/docker/model-cli) "$(DOCKER_MODEL_REF)")
+CLI_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/cli) && git rev-parse --short HEAD)
+ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD)
+BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD)
 
+ifdef BUILD_IMAGE
+	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
+endif
+
+COMMON_FILES=common
+BUILD?=DOCKER_BUILDKIT=1 \
+	docker build \
+	$(BUILD_IMAGE_FLAG) \
+	--build-arg GO_IMAGE=$(GO_IMAGE) \
+	--build-arg COMMON_FILES=$(COMMON_FILES) \
+	-t debbuild-$@/$(ARCH) \
+	--platform linux/$(ARCH) \
+	-f $@/Dockerfile \
+	.
+
+# Additional flags may be necessary at some point
+RUN_FLAGS=
+
+# FIXME(thaJeztah): disabling seccomp to handle (armhf) tar "chown / chmod" failing
+# when running in a Ubuntu 24.04 container on a Ubuntu 20.04.6 host (kernel 5.15.0-1053-aws);
+# see https://github.com/docker/docker-ce-packaging/pull/1006#issuecomment-2006878743
+RUN?=docker run --rm \
+	--security-opt seccomp=unconfined \
+	--platform linux/$(ARCH) \
+	-e PLATFORM \
+	-e EPOCH='$(EPOCH)' \
+	-e DEB_VERSION=$(word 1, $(GEN_DEB_VER)) \
+	-e VERSION=$(word 2, $(GEN_DEB_VER)) \
+	-e CLI_GITCOMMIT=$(CLI_GITCOMMIT) \
+	-e ENGINE_GITCOMMIT=$(ENGINE_GITCOMMIT) \
+	-e BUILDX_VERSION=$(DOCKER_BUILDX_REF) \
+	-e BUILDX_DEB_VERSION=$(word 1, $(GEN_BUILDX_DEB_VER)) \
+	-e BUILDX_GITCOMMIT=$(BUILDX_GITCOMMIT) \
+	-e COMPOSE_VERSION=$(DOCKER_COMPOSE_REF) \
+	-e COMPOSE_DEB_VERSION=$(word 1, $(GEN_COMPOSE_DEB_VER)) \
+	-e MODEL_VERSION=$(DOCKER_MODEL_REF) \
+	-e MODEL_DEB_VERSION=$(word 1, $(GEN_MODEL_DEB_VER)) \
+	-v $(CURDIR)/debbuild/$@:/build \
+	$(RUN_FLAGS) \
+	debbuild-$@/$(ARCH)
+
+DEBIAN_VERSIONS ?= debian-bullseye debian-bookworm debian-trixie
+UBUNTU_VERSIONS ?= ubuntu-jammy ubuntu-noble ubuntu-oracular ubuntu-plucky
+RASPBIAN_VERSIONS ?= raspbian-bullseye raspbian-bookworm
+DISTROS := $(DEBIAN_VERSIONS) $(UBUNTU_VERSIONS) $(RASPBIAN_VERSIONS)
+
+.PHONY: help
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 
+.PHONY: clean
 clean: ## remove build artifacts
 	[ ! -d debbuild ] || $(CHOWN) -R $(shell id -u):$(shell id -g) debbuild
 	$(RM) -r debbuild
+	[ ! -d sources ] || $(CHOWN) -R $(shell id -u):$(shell id -g) sources
+	$(RM) -r sources
+	-docker builder prune -f --filter until=24h
 
-deb: ubuntu debian ## build all deb packages
+.PHONY: deb
+deb: ubuntu debian ## build all deb packages except for raspbian
 
-ubuntu: ubuntu-zesty ubuntu-yakkety ubuntu-xenial ubuntu-trusty ## build all ubuntu deb packages
+.PHONY: ubuntu
+ubuntu: $(UBUNTU_VERSIONS) ## build all ubuntu deb packages
 
-debian: debian-stretch debian-wheezy debian-jessie ## build all debian deb packages
+.PHONY: debian
+debian: $(DEBIAN_VERSIONS) ## build all debian deb packages
 
-ubuntu-xenial: ## build ubuntu xenial deb packages
-	docker build -t debbuild-$@/$(ARCH) -f $(CURDIR)/$@/Dockerfile.$(ARCH) .
-	docker run --rm \
-		-e VERSION=$(VERSION) \
-		-e DOCKER_GITCOMMIT=$(GITCOMMIT) \
-		-v $(CURDIR)/debbuild/$@:/build \
-		-v $(ENGINE_DIR):/engine \
-		-v $(CLI_DIR):/cli \
-		debbuild-$@/$(ARCH)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
+.PHONY: raspbian
+raspbian: $(RASPBIAN_VERSIONS) ## build all raspbian deb packages
 
-ubuntu-trusty: ## build ubuntu trusty deb packages
-	docker build -t debbuild-$@/$(ARCH) -f $(CURDIR)/$@/Dockerfile.$(ARCH) .
-	docker run --rm \
-		-e VERSION=$(VERSION) \
-		-e DOCKER_GITCOMMIT=$(GITCOMMIT) \
-		-v $(CURDIR)/debbuild/$@:/build \
-		-v $(ENGINE_DIR):/engine \
-		-v $(CLI_DIR):/cli \
-		debbuild-$@/$(ARCH)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
+.PHONY: $(DISTROS)
+$(DISTROS): sources
+	@echo "== Building packages for $@ =="
+	mkdir -p "debbuild/$@"
+	$(BUILD)
+	$(RUN)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) "debbuild/$@"
 
-ubuntu-yakkety: ## build ubuntu yakkety deb packages
-	docker build -t debbuild-$@/$(ARCH) -f $(CURDIR)/$@/Dockerfile.$(ARCH) .
-	docker run --rm \
-		-v $(CURDIR)/debbuild/$@:/build \
-		-v $(ENGINE_DIR):/engine \
-		-v $(CLI_DIR):/cli \
-		debbuild-$@/$(ARCH)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
+.PHONY: sources
+sources: sources/cli.tgz sources/engine.tgz sources/buildx.tgz sources/compose.tgz sources/model.tgz
 
-ubuntu-zesty: ## build ubuntu zesty deb packages
-	docker build -t debbuild-$@/$(ARCH) -f $(CURDIR)/$@/Dockerfile.$(ARCH) .
-	docker run --rm \
-		-v $(CURDIR)/debbuild/$@:/build \
-		-v $(ENGINE_DIR):/engine \
-		-v $(CLI_DIR):/cli \
-		debbuild-$@/$(ARCH)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
+sources/engine.tgz:
+	mkdir -p $(@D)
+	docker run --rm -w /v \
+		-v $(realpath $(CURDIR)/../src/github.com/docker/docker):/engine \
+		-v $(CURDIR)/$(@D):/v \
+		alpine \
+		tar -C / -c -z -f /v/engine.tgz --exclude .git engine
 
-debian-jessie: ## build debian jessie deb packages
-	docker build -t debbuild-$@/$(ARCH) -f $(CURDIR)/$@/Dockerfile.$(ARCH) .
-	docker run --rm \
-		-v $(CURDIR)/debbuild/$@:/build \
-		-v $(ENGINE_DIR):/engine \
-		-v $(CLI_DIR):/cli \
-		debbuild-$@/$(ARCH)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
+sources/cli.tgz:
+	mkdir -p $(@D)
+	docker run --rm -w /v \
+		-v $(realpath $(CURDIR)/../src/github.com/docker/cli):/cli \
+		-v $(CURDIR)/$(@D):/v \
+		alpine \
+		tar -C / -c -z -f /v/cli.tgz --exclude .git cli
 
-debian-stretch: ## build debian stretch deb packages
-	docker build -t debbuild-$@/$(ARCH) -f $(CURDIR)/$@/Dockerfile.$(ARCH) .
-	docker run --rm \
-		-v $(CURDIR)/debbuild/$@:/build \
-		-v $(ENGINE_DIR):/engine \
-		-v $(CLI_DIR):/cli \
-		debbuild-$@/$(ARCH)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
+sources/buildx.tgz:
+	mkdir -p $(@D)
+	docker run --rm -w /v \
+		-v $(realpath $(CURDIR)/../src/github.com/docker/buildx):/buildx \
+		-v $(CURDIR)/$(@D):/v \
+		alpine \
+		tar -C / -c -z -f /v/buildx.tgz --exclude .git buildx
 
-debian-wheezy: ## build debian wheezy deb packages
-	docker build -t debbuild-$@/$(ARCH) -f $(CURDIR)/$@/Dockerfile.$(ARCH) .
-	docker run --rm \
-		-v $(CURDIR)/debbuild/$@:/build \
-		-v $(ENGINE_DIR):/engine \
-		-v $(CLI_DIR):/cli \
-		debbuild-$@/$(ARCH)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
+sources/compose.tgz:
+	mkdir -p $(@D)
+	docker run --rm -w /v \
+		-v $(realpath $(CURDIR)/../src/github.com/docker/compose):/compose \
+		-v $(CURDIR)/$(@D):/v \
+		alpine \
+		tar -C / -c -z -f /v/compose.tgz --exclude .git compose
+
+sources/model.tgz:
+	mkdir -p $(@D)
+	docker run --rm -w /v \
+		-v $(realpath $(CURDIR)/../src/github.com/docker/model-cli):/model \
+		-v $(CURDIR)/$(@D):/v \
+		alpine \
+		tar -C / -c -z -f /v/model.tgz --exclude .git model
+
+# See ARCHES in common.mk. Could not figure out how to match both distro and arch.
+BUNDLES:=$(addsuffix .tar.gz,$(addprefix debbuild/bundles-ce-%-,$(ARCHES)))
+
+$(BUNDLES): %
+	tar czf $@ --transform="s|^debbuild/\(.*\)|bundles/$(VERSION)/build-deb/\1|" debbuild/$*

deb/README.md

@@ -0,0 +1,39 @@
+# Building your own Docker deb package
+
+`.deb` packages can be built from this directory with the following syntax
+
+```shell
+make deb
+```
+
+Artifacts will be located in `debbuild` under the following directory structure:
+`debbuild/$distro-$distro_version/`
+
+### Building from local source
+
+Specify the location of the source repositories for the engine and cli when
+building packages
+
+* `ENGINE_DIR` -> Specifies the directory where the engine code is located, eg: `$GOPATH/src/github.com/docker/docker`
+* `CLI_DIR` -> Specifies the directory where the cli code is located, eg: `$GOPATH/src/github.com/docker/cli`
+
+```shell
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli deb
+```
+
+## Specifying a specific distro
+
+```shell
+make ubuntu
+```
+
+## Specifying a specific distro version
+```shell
+make ubuntu-noble
+```
+
+## Building the for all distros
+
+```shell
+make deb
+```

deb/build-deb

@@ -1,54 +1,92 @@
 #!/usr/bin/env bash
 set -x
-# I want to rip this install-binaries script out so badly
-cd engine && \
-    TMP_GOPATH="/go" hack/dockerfile/install-binaries.sh runc-dynamic containerd-dynamic proxy-dynamic tini && \
-    cd -
+set -e
+
+# untar sources
+mkdir -p /root/build-deb/engine
+tar -C /root/build-deb -xzf /sources/engine.tgz
+mkdir -p /root/build-deb/cli
+tar -C /root/build-deb -xzf /sources/cli.tgz
+mkdir -p /root/build-deb/buildx
+tar -C /root/build-deb -xzf /sources/buildx.tgz
+mkdir -p /root/build-deb/compose
+tar -C /root/build-deb -xzf /sources/compose.tgz
+mkdir -p /root/build-deb/model
+tar -C /root/build-deb -xzf /sources/model.tgz
+
+# link them to their canonical path
+mkdir -p /go/src/github.com/docker
+ln -snf /root/build-deb/engine /go/src/github.com/docker/docker
+ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
+ln -snf /root/build-deb/buildx /go/src/github.com/docker/buildx
+ln -snf /root/build-deb/compose /go/src/github.com/docker/compose
+ln -snf /root/build-deb/model /go/src/github.com/docker/model-cli
+
+EPOCH="${EPOCH:-}"
+EPOCH_SEP=""
+if [[ ! -z "$EPOCH" ]]; then
+	EPOCH_SEP=":"
+fi
+
+if [[ -z "$DEB_VERSION" ]]; then
+	echo "DEB_VERSION is required to build deb packages"
+	exit 1
+fi
+
 echo VERSION AAA $VERSION
 
-VERSION=${VERSION:-$( cat engine/VERSION )}
+VERSION=${VERSION:-$(cat cli/VERSION)}
 
 echo VERSION bbb $VERSION
-export TZ=UTC
 
-tilde='~' # ouch Bash 4.2 vs 4.3, you keel me
-# git running in different directories, backwards compatible too
-GIT_COMMAND="git --git-dir=/root/build-deb/engine/.git --work-tree=/root/build-deb/engine/"
-debVersion="${VERSION//-/$tilde}" # using \~ or '~' here works in 4.3, but not 4.2; just ~ causes $HOME to be inserted, hence the $tilde
-# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
-if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
-    gitUnix="$($GIT_COMMAND log -1 --pretty='%at')"
-    gitDate="$(date --date "@$gitUnix" +'%Y%m%d.%H%M%S')"
-    gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
-    gitVersion="git${gitDate}.0.${gitCommit}"
-    # gitVersion is now something like 'git20150128.112847.0.17e840a'
-    debVersion="$debVersion~$gitVersion"
-
-    # $ dpkg --compare-versions 1.5.0 gt 1.5.0~rc1 && echo true || echo false
-    # true
-    # $ dpkg --compare-versions 1.5.0~rc1 gt 1.5.0~git20150128.112847.17e840a && echo true || echo false
-    # true
-    # $ dpkg --compare-versions 1.5.0~git20150128.112847.17e840a gt 1.5.0~dev~git20150128.112847.17e840a && echo true || echo false
-    # true
-
-    # ie, 1.5.0 > 1.5.0~rc1 > 1.5.0~git20150128.112847.17e840a > 1.5.0~dev~git20150128.112847.17e840a
-fi
 debSource="$(awk -F ': ' '$1 == "Source" { print $2; exit }' debian/control)"
 debMaintainer="$(awk -F ': ' '$1 == "Maintainer" { print $2; exit }' debian/control)"
 debDate="$(date --rfc-2822)"
 
+# Include an extra `1` in the version, in case we ever would have to re-build an
+# already published release with a packaging-only change.
+pkgRevision=1
+
+# Generate changelog. The version/name of the generated packages are based on this.
+#
+# Resulting packages are formatted as;
+#
+# - name of the package (e.g., "docker-ce")
+# - version (e.g., "23.0.0~beta.0")
+# - pkgRevision (usually "-0", see above), which allows updating packages with
+#   packaging-only changes (without a corresponding release of the software
+#   that's packaged).
+# - distro (e.g., "ubuntu")
+# - VERSION_ID (e.g. "22.04" or "11") this must be "sortable" to make sure that
+#   packages are upgraded when upgrading to a newer distro version ("codename"
+#   cannot be used for this, as they're not sorted)
+# - SUITE ("codename"), e.g. "jammy" or "bullseye". This is mostly for convenience,
+#   because some places refer to distro versions by codename, others by version.
+#   we prefix the codename with a tilde (~), which effectively excludes it from
+#   version comparison.
+#
+# Note that while the `${EPOCH}${EPOCH_SEP}` is part of the version, it is not
+# included in the package's *filename*. (And if you're wondering: we needed the
+# EPOCH because of our use of CalVer, which made version comparing not work in
+# some cases).
+#
+# Examples:
+#
+# docker-ce_23.0.0~beta.0-1~debian.11~bullseye_amd64.deb
+# docker-ce_23.0.0~beta.0-1~ubuntu.22.04~jammy_amd64.deb
 cat > "debian/changelog" <<-EOF
-$debSource (${debVersion}-0~${DISTRO}) $SUITE; urgency=low
+$debSource (${EPOCH}${EPOCH_SEP}${DEB_VERSION}-${pkgRevision}~${DISTRO}.${VERSION_ID}~${SUITE}) $SUITE; urgency=low
   * Version: $VERSION
  -- $debMaintainer  $debDate
 EOF
 # The space above at the start of the line for the debMaintainer is very important
 
 # Give the script a git commit because it wants it
-export DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT-$($GIT_COMMAND rev-parse --short HEAD)}
+export CLI_GITCOMMIT=${CLI_GITCOMMIT-$(cd cli; $GIT_COMMAND rev-parse --short HEAD)}
+export ENGINE_GITCOMMIT=${ENGINE_GITCOMMIT-$(cd engine; $GIT_COMMAND rev-parse --short HEAD)}
 
 echo VERSION BBB $VERSION
-dpkg-buildpackage -v -uc -us -I.git
+dpkg-buildpackage -uc -us -I.git
 destination="/build"
 mkdir -p "$destination"
-mv -v /root/docker-ce* "$destination"
+mv -v /root/docker* "$destination"

deb/common/compat

@@ -1 +0,0 @@
-9

deb/common/control

@@ -2,29 +2,122 @@ Source: docker-ce
 Section: admin
 Priority: optional
 Maintainer: Docker <support@docker.com>
+Build-Depends: bash,
+               bash-completion,
+               ca-certificates,
+               cmake,
+               dh-apparmor,
+               debhelper-compat (= 12),
+               gcc,
+               git,
+               libc-dev,
+               libsystemd-dev,
+               libtool,
+               make,
+               pkg-config
 Standards-Version: 3.9.6
-Homepage: https://dockerproject.org
+Homepage: https://www.docker.com
 Vcs-Browser: https://github.com/docker/docker
 Vcs-Git: git://github.com/docker/docker.git
 
 Package: docker-ce
 Architecture: linux-any
-Depends: iptables, ${misc:Depends}, ${perl:Depends}, ${shlibs:Depends}
-Recommends: aufs-tools,
+Pre-Depends: init-system-helpers (>= 1.54~)
+Depends: containerd.io (>= 1.7.27),
+         docker-ce-cli,
+         iptables,
+         ${shlibs:Depends}
+Recommends: apparmor,
             ca-certificates,
-            cgroupfs-mount | cgroup-lite,
+            docker-ce-rootless-extras,
             git,
-            xz-utils,
-            ${apparmor:Recommends}
-Conflicts: docker (<< 1.5~), docker.io, lxc-docker, lxc-docker-virtual-package, docker-engine-cs
-Replaces: docker-engine
+            pigz,
+            procps,
+            xz-utils
+Suggests: cgroupfs-mount | cgroup-lite,
+            kmod,
+Conflicts: docker (<< 1.5~),
+           docker-engine,
+           docker.io
+Replaces: docker-engine,
+          docker-ce-cli (<< 5:28.0.0)
 Description: Docker: the open-source application container engine
- Docker is an open source project to build, ship and run any application as a
+ Docker is a product for you to build, ship and run any application as a
  lightweight container
  .
  Docker containers are both hardware-agnostic and platform-agnostic. This means
- they can run anywhere, from your laptop to the largest EC2 compute instance and
- everything in between - and they don't require you to use a particular
+ they can run anywhere, from your laptop to the largest cloud compute instance
+ and everything in between - and they don't require you to use a particular
  language, framework or packaging system. That makes them great building blocks
  for deploying and scaling web apps, databases, and backend services without
  depending on a particular stack or provider.
+
+Package: docker-ce-cli
+Architecture: linux-any
+Depends: ${shlibs:Depends}
+Recommends: docker-buildx-plugin,
+            docker-compose-plugin
+Suggests: docker-model-plugin
+Conflicts: docker (<< 1.5~),
+           docker-engine,
+           docker.io
+Replaces: docker-ce (<< 5:0)
+Breaks: docker-ce (<< 5:0)
+Description: Docker CLI: the open-source application container engine
+ Docker is a product for you to build, ship and run any application as a
+ lightweight container
+ .
+ Docker containers are both hardware-agnostic and platform-agnostic. This means
+ they can run anywhere, from your laptop to the largest cloud compute instance
+ and everything in between - and they don't require you to use a particular
+ language, framework or packaging system. That makes them great building blocks
+ for deploying and scaling web apps, databases, and backend services without
+ depending on a particular stack or provider.
+
+Package: docker-ce-rootless-extras
+Architecture: linux-any
+Depends: dbus-user-session,
+         ${shlibs:Depends}
+Enhances: docker-ce
+Conflicts: rootlesskit
+Replaces: rootlesskit
+Breaks: rootlesskit
+# slirp4netns (>= 0.4.0) is available in Debian since 11 and Ubuntu since 19.10
+Recommends: slirp4netns (>= 0.4.0)
+# Unlike RPM, DEB packages do not contain "Recommends: fuse-overlayfs (>= 0.7.0)" here,
+# because Debian (since 10) and Ubuntu support the kernel-mode rootless overlayfs.
+Description: Rootless support for Docker.
+ Use dockerd-rootless.sh to run the daemon.
+ Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh.
+ This package contains RootlessKit, but does not contain VPNKit.
+ Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately.
+Homepage: https://docs.docker.com/engine/security/rootless/
+
+Package: docker-buildx-plugin
+Priority: optional
+Replaces: docker-ce-cli
+Architecture: linux-any
+Enhances: docker-ce-cli
+Description: Docker Buildx cli plugin.
+ This plugin provides the 'docker buildx' subcommand.
+Homepage: https://github.com/docker/buildx
+
+Package: docker-compose-plugin
+Priority: optional
+Architecture: linux-any
+Recommends: docker-buildx-plugin
+Enhances: docker-ce-cli
+Description: Docker Compose (V2) plugin for the Docker CLI.
+ This plugin provides the 'docker compose' subcommand.
+ .
+ The binary can also be run standalone as a direct replacement for
+ Docker Compose V1 ('docker-compose').
+Homepage: https://github.com/docker/compose
+
+Package: docker-model-plugin
+Priority: optional
+Architecture: linux-any
+Enhances: docker-ce-cli
+Description: Docker Model Runner plugin for the Docker CLI.
+ This plugin provides the 'docker model' subcommand.
+Homepage: https://docs.docker.com/model-runner/

deb/common/docker-ce-cli.manpages

@@ -0,0 +1 @@
+cli/man/man*/*

deb/common/docker-ce.bash-completion

@@ -1 +0,0 @@
-engine/contrib/completion/bash/docker

deb/common/docker-ce.dirs

@@ -0,0 +1 @@
+/etc/docker

deb/common/docker-ce.docker.default

@@ -1,20 +0,0 @@
-# Docker Upstart and SysVinit configuration file
-
-#
-# THIS FILE DOES NOT APPLY TO SYSTEMD
-#
-#   Please see the documentation for "systemd drop-ins":
-#   https://docs.docker.com/engine/admin/systemd/
-#
-
-# Customize location of Docker binary (especially for development testing).
-#DOCKERD="/usr/local/bin/dockerd"
-
-# Use DOCKER_OPTS to modify the daemon startup options.
-#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"
-
-# If you need Docker to use an HTTP proxy, it can also be specified here.
-#export http_proxy="http://127.0.0.1:3128/"
-
-# This is also a handy place to tweak where Docker's temporary files go.
-#export DOCKER_TMPDIR="/mnt/bigdrive/docker-tmp"

deb/common/docker-ce.docker.default

@@ -0,0 +1 @@
+../engine/contrib/init/sysvinit-debian/docker.default

deb/common/docker-ce.docker.init

@@ -1,156 +0,0 @@
-#!/bin/sh
-set -e
-
-### BEGIN INIT INFO
-# Provides:           docker
-# Required-Start:     $syslog $remote_fs
-# Required-Stop:      $syslog $remote_fs
-# Should-Start:       cgroupfs-mount cgroup-lite
-# Should-Stop:        cgroupfs-mount cgroup-lite
-# Default-Start:      2 3 4 5
-# Default-Stop:       0 1 6
-# Short-Description:  Create lightweight, portable, self-sufficient containers.
-# Description:
-#  Docker is an open-source project to easily create lightweight, portable,
-#  self-sufficient containers from any application. The same container that a
-#  developer builds and tests on a laptop can run at scale, in production, on
-#  VMs, bare metal, OpenStack clusters, public clouds and more.
-### END INIT INFO
-
-export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
-
-BASE=docker
-
-# modify these in /etc/default/$BASE (/etc/default/docker)
-DOCKERD=/usr/bin/dockerd
-# This is the pid file managed by docker itself
-DOCKER_PIDFILE=/var/run/$BASE.pid
-# This is the pid file created/managed by start-stop-daemon
-DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid
-DOCKER_LOGFILE=/var/log/$BASE.log
-DOCKER_OPTS=
-DOCKER_DESC="Docker"
-
-# Get lsb functions
-. /lib/lsb/init-functions
-
-if [ -f /etc/default/$BASE ]; then
-	. /etc/default/$BASE
-fi
-
-# Check docker is present
-if [ ! -x $DOCKERD ]; then
-	log_failure_msg "$DOCKERD not present or not executable"
-	exit 1
-fi
-
-check_init() {
-	# see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly)
-	if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then
-		log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1"
-		exit 1
-	fi
-}
-
-fail_unless_root() {
-	if [ "$(id -u)" != '0' ]; then
-		log_failure_msg "$DOCKER_DESC must be run as root"
-		exit 1
-	fi
-}
-
-cgroupfs_mount() {
-	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
-	if grep -v '^#' /etc/fstab | grep -q cgroup \
-		|| [ ! -e /proc/cgroups ] \
-		|| [ ! -d /sys/fs/cgroup ]; then
-		return
-	fi
-	if ! mountpoint -q /sys/fs/cgroup; then
-		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
-	fi
-	(
-		cd /sys/fs/cgroup
-		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
-			mkdir -p $sys
-			if ! mountpoint -q $sys; then
-				if ! mount -n -t cgroup -o $sys cgroup $sys; then
-					rmdir $sys || true
-				fi
-			fi
-		done
-	)
-}
-
-case "$1" in
-	start)
-		check_init
-		
-		fail_unless_root
-
-		cgroupfs_mount
-
-		touch "$DOCKER_LOGFILE"
-		chgrp docker "$DOCKER_LOGFILE"
-
-		ulimit -n 1048576
-
-		# Having non-zero limits causes performance problems due to accounting overhead
-		# in the kernel. We recommend using cgroups to do container-local accounting.
-		if [ "$BASH" ]; then
-			ulimit -u unlimited
-		else
-			ulimit -p unlimited
-		fi
-
-		log_begin_msg "Starting $DOCKER_DESC: $BASE"
-		start-stop-daemon --start --background \
-			--no-close \
-			--exec "$DOCKERD" \
-			--pidfile "$DOCKER_SSD_PIDFILE" \
-			--make-pidfile \
-			-- \
-				-p "$DOCKER_PIDFILE" \
-				$DOCKER_OPTS \
-					>> "$DOCKER_LOGFILE" 2>&1
-		log_end_msg $?
-		;;
-
-	stop)
-		check_init
-		fail_unless_root
-		if [ -f "$DOCKER_SSD_PIDFILE" ]; then
-			log_begin_msg "Stopping $DOCKER_DESC: $BASE"
-			start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10
-			log_end_msg $?
-		else
-			log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found."
-		fi
-		;;
-
-	restart)
-		check_init
-		fail_unless_root
-		docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null`
-		[ -n "$docker_pid" ] \
-			&& ps -p $docker_pid > /dev/null 2>&1 \
-			&& $0 stop
-		$0 start
-		;;
-
-	force-reload)
-		check_init
-		fail_unless_root
-		$0 restart
-		;;
-
-	status)
-		check_init
-		status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKERD" "$DOCKER_DESC"
-		;;
-
-	*)
-		echo "Usage: service docker {start|stop|restart|status}"
-		exit 1
-		;;
-esac

deb/common/docker-ce.docker.init

@@ -0,0 +1 @@
+../engine/contrib/init/sysvinit-debian/docker

deb/common/docker-ce.docker.service

@@ -0,0 +1 @@
+../engine/contrib/init/systemd/docker.service

deb/common/docker-ce.docker.socket

@@ -0,0 +1 @@
+../engine/contrib/init/systemd/docker.socket

deb/common/docker-ce.docker.upstart

@@ -1,72 +0,0 @@
-description "Docker daemon"
-
-start on (filesystem and net-device-up IFACE!=lo)
-stop on runlevel [!2345]
-
-limit nofile 524288 1048576
-
-# Having non-zero limits causes performance problems due to accounting overhead
-# in the kernel. We recommend using cgroups to do container-local accounting.
-limit nproc unlimited unlimited
-
-respawn
-
-kill timeout 20
-
-pre-start script
-	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
-	if grep -v '^#' /etc/fstab | grep -q cgroup \
-		|| [ ! -e /proc/cgroups ] \
-		|| [ ! -d /sys/fs/cgroup ]; then
-		exit 0
-	fi
-	if ! mountpoint -q /sys/fs/cgroup; then
-		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
-	fi
-	(
-		cd /sys/fs/cgroup
-		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
-			mkdir -p $sys
-			if ! mountpoint -q $sys; then
-				if ! mount -n -t cgroup -o $sys cgroup $sys; then
-					rmdir $sys || true
-				fi
-			fi
-		done
-	)
-end script
-
-script
-	# modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
-	DOCKERD=/usr/bin/dockerd
-	DOCKER_OPTS=
-	if [ -f /etc/default/$UPSTART_JOB ]; then
-		. /etc/default/$UPSTART_JOB
-	fi
-	exec "$DOCKERD" $DOCKER_OPTS --raw-logs
-end script
-
-# Don't emit "started" event until docker.sock is ready.
-# See https://github.com/docker/docker/issues/6647
-post-start script
-	DOCKER_OPTS=
-	DOCKER_SOCKET=
-	if [ -f /etc/default/$UPSTART_JOB ]; then
-		. /etc/default/$UPSTART_JOB
-	fi
-
-	if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then
-		DOCKER_SOCKET=/var/run/docker.sock
-	else
-		DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)' | sed 1q)
-	fi
-
-	if [ -n "$DOCKER_SOCKET" ]; then
-		while ! [ -e "$DOCKER_SOCKET" ]; do
-			initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1
-			echo "Waiting for $DOCKER_SOCKET"
-			sleep 0.1
-		done
-		echo "$DOCKER_SOCKET is up"
-	fi
-end script

deb/common/docker-ce.install

@@ -1,12 +0,0 @@
-#engine/contrib/syntax/vim/doc/* /usr/share/vim/vimfiles/doc/
-#engine/contrib/syntax/vim/ftdetect/* /usr/share/vim/vimfiles/ftdetect/
-#engine/contrib/syntax/vim/syntax/* /usr/share/vim/vimfiles/syntax/
-engine/contrib/*-integration usr/share/docker-ce/contrib/
-engine/contrib/check-config.sh usr/share/docker-ce/contrib/
-engine/contrib/completion/fish/docker.fish usr/share/fish/vendor_completions.d/
-engine/contrib/completion/zsh/_docker usr/share/zsh/vendor-completions/
-engine/contrib/init/systemd/docker.service lib/systemd/system/
-engine/contrib/init/systemd/docker.socket lib/systemd/system/
-engine/contrib/mk* usr/share/docker-ce/contrib/
-engine/contrib/nuke-graph-directory.sh usr/share/docker-ce/contrib/
-engine/contrib/syntax/nano/Dockerfile.nanorc usr/share/nano/

deb/common/docker-ce.maintscript

@@ -0,0 +1 @@
+rm_conffile /etc/init/docker.conf 5:24.0.5-1~

deb/common/docker-ce.manpages

@@ -1 +1 @@
-cli/man/man*/*
+engine/man/man*/*

deb/common/docker-ce.udev

@@ -1,3 +0,0 @@
-# hide docker's loopback devices from udisks, and thus from user desktops
-SUBSYSTEM=="block", ENV{DM_NAME}=="docker-*", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_IGNORE}="1"
-SUBSYSTEM=="block", DEVPATH=="/devices/virtual/block/loop*", ATTR{loop/backing_file}=="/var/lib/docker/*", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_IGNORE}="1"

deb/common/docs

@@ -1 +1 @@
-engine/README.md
+cli/README.md

deb/common/rules

@@ -1,56 +1,171 @@
 #!/usr/bin/make -f
 
+# Include default Makefile variables.
+include /usr/share/dpkg/default.mk
+
+# Build all armhf binaries as ARMv6 with hard float, to support both
+# Debian armhf and Raspbian armhf.
+ifeq ($(DEB_TARGET_ARCH),armhf)
+	export CFLAGS += -marm -march=armv6+fp
+	export GOARM := 6
+endif
+
 VERSION ?= $(shell cat engine/VERSION)
-BUNDLE_VERSION = $(shell cat engine/VERSION)
-SYSTEMD_VERSION := $(shell dpkg-query -W -f='$${Version}\n' systemd | cut -d- -f1)
-SYSTEMD_GT_227 := $(shell [ '$(SYSTEMD_VERSION)' ] && [ '$(SYSTEMD_VERSION)' -gt 227 ] && echo true )
+# TODO(thaJeztah): allow passing this version when building.
+PKG_REVISION ?= 1
+export PKG_REVISION
 
-override_dh_gencontrol:
-	# if we're on Ubuntu, we need to Recommends: apparmor
-	echo 'apparmor:Recommends=$(shell dpkg-vendor --is Ubuntu && echo apparmor)' >> debian/docker-ce.substvars
-	dh_gencontrol
+# force packages to be built with xz compression, as Ubuntu 21.10 and up use
+# zstd compression, which is non-standard, and breaks 'dpkg-sig --verify'
+override_dh_builddeb:
+	dh_builddeb -- -Zxz
 
+# Determine the Go module mode based on the presence of vendor.mod or go.mod
+override_dh_auto_build: GOMOD := $(if $(wildcard engine/vendor.mod),off,$(if $(wildcard engine/go.mod),on,$(error "No go.mod or vendor.mod found in engine directory")))
+# Override the default dh_auto_build target
 override_dh_auto_build:
-	cd engine && ./hack/make.sh dynbinary
-	cd cli && LDFLAGS="" make VERSION=$(VERSION) dynbinary
-	# ./man/md2man-all.sh runs outside the build container (if at all), since we don't have go-md2man here
+	# Build the daemon and dependencies
+	cd engine && GO111MODULE=$(GOMOD) DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) PRODUCT=docker ./hack/make.sh dynbinary
+	cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini
+	cd engine && TMP_GOPATH="/go" hack/dockerfile/install/install.sh rootlesskit dynamic
+
+	#  build  man-pages
+	make -C engine/man
+
+	# Build the CLI
+	make -C /go/src/github.com/docker/cli DISABLE_WARN_OUTSIDE_CONTAINER=1 VERSION=$(VERSION) GITCOMMIT=$(CLI_GITCOMMIT) LDFLAGS='' dynbinary manpages shell-completion
+
+	# Build buildx plugin
+	cd /go/src/github.com/docker/buildx \
+	&& mkdir -p /usr/libexec/docker/cli-plugins/ \
+	&& GO111MODULE=on \
+		CGO_ENABLED=0 \
+			go build \
+				-mod=vendor \
+				-trimpath \
+				-ldflags "-w -X github.com/docker/buildx/version.Version=$(BUILDX_VERSION) -X github.com/docker/buildx/version.Revision=$(BUILDX_GITCOMMIT) -X github.com/docker/buildx/version.Package=github.com/docker/buildx" \
+				-o "/usr/libexec/docker/cli-plugins/docker-buildx" \
+				./cmd/buildx
+
+	# Build the compose plugin
+	make -C /go/src/github.com/docker/compose VERSION=$(COMPOSE_VERSION) DESTDIR=/usr/libexec/docker/cli-plugins build
+
+	# Build the model plugin
+	GO111MODULE=on make -C /go/src/github.com/docker/model-cli VERSION=$(MODEL_VERSION) ce-release \
+	&& mv /go/src/github.com/docker/model-cli/dist/docker-model /usr/libexec/docker/cli-plugins/docker-model
 
 override_dh_auto_test:
-	./engine/bundles/$(BUNDLE_VERSION)/dynbinary-daemon/dockerd -v
+	ver="$$(engine/bundles/dynbinary-daemon/dockerd --version)"; \
+		test "$$ver" = "Docker version $(VERSION), build $(ENGINE_GITCOMMIT)" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($$ver) did not match" && exit 1)
+
+	ver="$$(cli/build/docker --version)"; \
+		test "$$ver" = "Docker version $(VERSION), build $(CLI_GITCOMMIT)" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($$ver) did not match" && exit 1)
+
+	ver="$$(/usr/libexec/docker/cli-plugins/docker-buildx docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
+		test "$$ver" = "$(BUILDX_VERSION)" && echo "PASS: docker-buildx version OK" || (echo "FAIL: docker-buildx version ($$ver) did not match" && exit 1)
+
+	ver="$$(/usr/libexec/docker/cli-plugins/docker-compose docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
+		test "$$ver" = "$(COMPOSE_VERSION)" && echo "PASS: docker-compose version OK" || (echo "FAIL: docker-compose version ($$ver) did not match" && exit 1)
+
+	ver="$$(/usr/libexec/docker/cli-plugins/docker-model docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
+		test "$$ver" = "$(MODEL_VERSION)" && echo "PASS: docker-model version OK" || (echo "FAIL: docker-model version ($$ver) did not match" && exit 1)
 
 override_dh_strip:
 	# Go has lots of problems with stripping, so just don't
 
+# http://manpages.debian.org/dh_dwz
+override_dh_dwz:
+	# dh_dwz in debhelper versions less than 13 has issues with files that are missing debug symbols (once we update to debhelper-compat 13+ this can be removed)
+	@# https://packages.debian.org/debhelper
+	@# https://packages.ubuntu.com/debhelper
+
 override_dh_auto_install:
-	mkdir -p debian/docker-ce/usr/bin
-	cp -aTL cli/build/docker debian/docker-ce/usr/bin/docker
-	cp -aT "$$(readlink -f engine/bundles/$(BUNDLE_VERSION)/dynbinary-daemon/dockerd)" debian/docker-ce/usr/bin/dockerd
-	cp -aT /usr/local/bin/docker-proxy debian/docker-ce/usr/bin/docker-proxy
-	cp -aT /usr/local/bin/docker-containerd debian/docker-ce/usr/bin/docker-containerd
-	cp -aT /usr/local/bin/docker-containerd-shim debian/docker-ce/usr/bin/docker-containerd-shim
-	cp -aT /usr/local/bin/docker-containerd-ctr debian/docker-ce/usr/bin/docker-containerd-ctr
-	cp -aT /usr/local/bin/docker-runc debian/docker-ce/usr/bin/docker-runc
-	cp -aT /usr/local/bin/docker-init debian/docker-ce/usr/bin/docker-init
-	mkdir -p debian/docker-ce/usr/lib/docker
+	# docker-ce-cli install
+	install -D -p -m 0755 cli/build/docker debian/docker-ce-cli/usr/bin/docker
+
+	# docker-ce-cli shell-completion
+	#
+	# We are manually installing bash completions instead of using the "dh_bash-completion"
+	# debhelper (see [1]); dh_bash-completion only supports bash, and none of the other shells,
+	# which meant that we had to install 2 out of 3 manually, which was confusing ("what about
+	# Bash?"). Given that locations to install these completion scripts are well-known, we
+	# can safely use the manual approach for installing  them.
+	#
+	# In future, can consider using "dh_shell_completions" (see [2]), which supports bash, zsh
+	# and fish. However, "dh_shell_completions" is still really premature, and not available
+	# in stable releases. So, currently, adding it as build-dependency, especially since
+	# these are well-known, may not be a good choice, but we can revisit that in future
+	# if things mature in this area.
+	#
+	# Observant readers may notice that we don't include PowerShell completion in
+	# this list (even though Cobra provides them, and PowerShell *can* be installed
+	# oon Linux). The short story is that there's no well-defined location, nor
+	# a well-defined approach for this.
+	#
+	# The PowerShell maintainers (see [3]) considering that no completion scripts
+	# are needed for anything following the PowerShell specifications, and for
+	# anything else, PowerShell is capable enough to use zsh and bash completions.
+	#
+	# All of the above taken into account; it's fuzzy enough to just leave it as
+	# an exercise for the user to decide what to do.
+	#
+	# [1]: https://manpages.debian.org/bookworm/bash-completion/dh_bash-completion.1.en.html
+	# [2]: https://manpages.debian.org/testing/dh-shell-completions/dh_shell_completions.1.en.html
+	# [3]: https://github.com/PowerShell/PowerShell/issues/17582
+	install -D -p -m 0644 cli/build/completion/bash/docker debian/docker-ce-cli/usr/share/bash-completion/completions/docker
+	install -D -p -m 0644 cli/build/completion/fish/docker.fish debian/docker-ce-cli/usr/share/fish/vendor_completions.d/docker.fish
+	install -D -p -m 0644 cli/build/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker
+
+	# docker-ce install
+	install -D -p -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/dockerd) debian/docker-ce/usr/bin/dockerd
+	install -D -p -m 0755 $(shell readlink -e engine/bundles/dynbinary-daemon/docker-proxy) debian/docker-ce/usr/bin/docker-proxy
+	install -D -p -m 0755 /usr/local/bin/docker-init debian/docker-ce/usr/libexec/docker/docker-init
+
+	# docker-buildx-plugin install
+	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-buildx debian/docker-buildx-plugin/usr/libexec/docker/cli-plugins/docker-buildx
+
+	# docker-compose-plugin install
+	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-compose debian/docker-compose-plugin/usr/libexec/docker/cli-plugins/docker-compose
+
+	# docker-model-plugin install
+	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-model debian/docker-model-plugin/usr/libexec/docker/cli-plugins/docker-model
+
+	# docker-ce-rootless-extras install
+	install -D -p -m 0755 /usr/local/bin/rootlesskit debian/docker-ce-rootless-extras/usr/bin/rootlesskit
+	install -D -p -m 0755 engine/contrib/dockerd-rootless.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless.sh
+	install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless-setuptool.sh
+	# TODO: how can we install vpnkit?
 
 override_dh_installinit:
 	# use "docker" as our service name, not "docker-ce"
 	dh_installinit --name=docker
-ifeq (true, $(SYSTEMD_GT_227))
-	$(warning "Setting TasksMax=infinity")
-	sed -i -- 's/#TasksMax=infinity/TasksMax=infinity/' debian/docker-ce/lib/systemd/system/docker.service
-endif
 
-override_dh_installudev:
-	# match our existing priority
-	dh_installudev --priority=z80
-
-override_dh_install:
-	dh_install
-	dh_apparmor --profile-name=docker-ce -pdocker-ce
+override_dh_installsystemd:
+	# use "docker" as our service name, not "docker-ce"
+	dh_installsystemd --name=docker
 
 override_dh_shlibdeps:
 	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
 
+override_dh_install:
+	dh_install
+	# TODO Can we do this from within our container?
+	dh_apparmor --profile-name=docker-ce -pdocker-ce
+
+override_dh_gencontrol:
+	# Use separate version for the buildx-plugin package, then generate the other control files as usual
+	# TODO override "Source" field in control as well (to point to buildx, as it doesn't match the package name)
+	dh_gencontrol -pdocker-buildx-plugin -- -v$${BUILDX_DEB_VERSION#v}-$${PKG_REVISION}~$${DISTRO}.$${VERSION_ID}~$${SUITE}
+
+	# Use separate version for the compose-plugin package, then generate the other control files as usual
+	# TODO override "Source" field in control as well (to point to compose, as it doesn't match the package name)
+	dh_gencontrol -pdocker-compose-plugin -- -v$${COMPOSE_DEB_VERSION#v}-$${PKG_REVISION}~$${DISTRO}.$${VERSION_ID}~$${SUITE}
+
+	# Use separate version for the model-plugin package, then generate the other control files as usual
+	# TODO override "Source" field in control as well (to point to model, as it doesn't match the package name)
+	dh_gencontrol -pdocker-model-plugin -- -v$${MODEL_DEB_VERSION#v}-$${PKG_REVISION}~$${DISTRO}.$${VERSION_ID}~$${SUITE}
+
+	dh_gencontrol --remaining-packages
+
 %:
-	dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd)
+	dh $@ --with=bash-completion

deb/common/source/format

@@ -0,0 +1 @@
+1.0

deb/debian-bookworm/Dockerfile

@@ -0,0 +1,40 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=debian
+ARG SUITE=bookworm
+ARG VERSION_ID=12
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+
+ARG COMMON_FILES
+COPY --link ${COMMON_FILES} /root/build-deb/debian
+RUN apt-get update \
+ && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY --link sources/ /sources
+ARG DISTRO
+ARG SUITE
+ARG VERSION_ID
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV VERSION_ID=${VERSION_ID}
+
+COPY --link --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-bullseye/Dockerfile

@@ -0,0 +1,40 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=debian
+ARG SUITE=bullseye
+ARG VERSION_ID=11
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+
+ARG COMMON_FILES
+COPY --link ${COMMON_FILES} /root/build-deb/debian
+RUN apt-get update \
+ && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY --link sources/ /sources
+ARG DISTRO
+ARG SUITE
+ARG VERSION_ID
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV VERSION_ID=${VERSION_ID}
+
+COPY --link --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-jessie/Dockerfile.amd64

@@ -1,34 +0,0 @@
-FROM debian:jessie
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.8.1
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV GOPATH /go
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
-
-COPY common/ /root/build-deb/debian
-COPY build-deb /root/build-deb/build-deb
-
-RUN mkdir -p /go/src/github.com/docker && \
-	mkdir -p /go/src/github.com/opencontainers && \
-	ln -snf /engine /root/build-deb/engine && \
-	ln -snf /cli /root/build-deb/cli && \
-	ln -snf /root/build-deb/engine /go/src/github.com/docker/docker && \
-	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-
-
-ENV DISTRO debian
-ENV SUITE jessie
-
-WORKDIR /root/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-stretch/Dockerfile.amd64

@@ -1,34 +0,0 @@
-FROM debian:stretch
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.8.1
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV GOPATH /go
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
-
-COPY common/ /root/build-deb/debian
-COPY build-deb /root/build-deb/build-deb
-
-RUN mkdir -p /go/src/github.com/docker && \
-	mkdir -p /go/src/github.com/opencontainers && \
-	ln -snf /engine /root/build-deb/engine && \
-	ln -snf /cli /root/build-deb/cli && \
-	ln -snf /root/build-deb/engine /go/src/github.com/docker/docker && \
-	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-
-
-ENV DISTRO debian
-ENV SUITE stretch
-
-WORKDIR /root/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-trixie/Dockerfile

@@ -0,0 +1,40 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=debian
+ARG SUITE=trixie
+ARG VERSION_ID=13
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+
+ARG COMMON_FILES
+COPY --link ${COMMON_FILES} /root/build-deb/debian
+RUN apt-get update \
+ && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY --link sources/ /sources
+ARG DISTRO
+ARG SUITE
+ARG VERSION_ID
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV VERSION_ID=${VERSION_ID}
+
+COPY --link --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/debian-wheezy/Dockerfile.amd64

@@ -1,36 +0,0 @@
-FROM debian:wheezy-backports
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list.d/backports.list
-
-RUN apt-get update && apt-get install -y -t wheezy-backports btrfs-tools --no-install-recommends && rm -rf /var/lib/apt/lists/*
-RUN apt-get update && apt-get install -y apparmor bash-completion  build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  pkg-config vim-common --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.8.1
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV GOPATH /go
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
-
-COPY common/ /root/build-deb/debian
-COPY build-deb /root/build-deb/build-deb
-
-RUN mkdir -p /go/src/github.com/docker && \
-	mkdir -p /go/src/github.com/opencontainers && \
-	ln -snf /engine /root/build-deb/engine && \
-	ln -snf /cli /root/build-deb/cli && \
-	ln -snf /root/build-deb/engine /go/src/github.com/docker/docker && \
-	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-
-
-ENV DISTRO debian
-ENV SUITE wheezy
-
-WORKDIR /root/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/gen-deb-ver

@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+
+REPO_DIR="$1"
+VERSION="$2"
+
+if [ -z "$REPO_DIR" ] || [ -z "$VERSION" ]; then
+	# shellcheck disable=SC2016
+	echo 'usage: ./gen-deb-ver ${REPO_DIR} ${VERSION}'
+	exit 1
+fi
+
+GIT_COMMAND="git -C $REPO_DIR"
+origVersion="$VERSION"
+debVersion="${VERSION#v}"
+
+# deb packages require a tilde (~) instead of a hyphen (-) as separator between
+# the version # and pre-release suffixes, otherwise pre-releases are sorted AFTER
+# non-pre-release versions, which would prevent users from updating from a pre-
+# release version to the "ga" version.
+#
+# For details, see this thread on the Debian mailing list:
+# https://lists.debian.org/debian-policy/1998/06/msg00099.html
+#
+# The code below replaces hyphens with tildes. Note that an intermediate $tilde
+# variable is needed to make this work on all versions of Bash. In some versions
+# of Bash, the tilde would be substituted with $HOME (even when escaped (\~) or
+# quoted ('~').
+tilde='~'
+debVersion="${debVersion//-/$tilde}"
+
+# if we have a "-dev" suffix or have change in Git, this is a nightly build, and
+# we'll create a pseudo version based on commit-date and -sha.
+if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
+	export TZ=UTC
+
+	# based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+	#
+	# using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
+	# where the time is the commit time in UTC and the final suffix is the prefix
+	# of the commit hash. The time portion ensures that two pseudo-versions can
+	# be compared to determine which happened later, the commit hash identifes
+	# the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+	# as a pre-release before version v0.0.0, so that the go command prefers any
+	# tagged release over any pseudo-version.
+	gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+
+	if [ "$(uname)" = "Darwin" ]; then
+		# Using BSD date (macOS), which doesn't support the --date option
+		# date -jf "<input format>" "<input value>" +"<output format>" (https://unix.stackexchange.com/a/86510)
+		gitDate="$(TZ=UTC date -u -jf "%s" "$gitUnix" +'%Y%m%d%H%M%S')"
+	else
+		# Using GNU date (Linux)
+		gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
+	fi
+
+	gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
+	# generated version is now something like '0.0.0-20180719213702-cd5e2db'
+	origVersion="0.0.0-${gitDate}-${gitCommit}" # (using hyphens)
+	debVersion="0.0.0~${gitDate}.${gitCommit}"  # (using tilde and periods)
+
+	# verify that nightly builds are always < actual releases
+	#
+	# $ dpkg --compare-versions 1.5.0 gt 1.5.0~rc1 && echo true || echo false
+	# true
+	# $ dpkg --compare-versions 1.5.0~rc1 gt 0.0.0-20180719213347-5daff5a && echo true || echo false
+	# true
+	# $ dpkg --compare-versions 18.06.0-ce-rc3 gt 18.06.0-ce-rc2  && echo true || echo false
+	# true
+	# $ dpkg --compare-versions 18.06.0-ce gt 18.06.0-ce-rc2  && echo true || echo false
+	# false
+	# $ dpkg --compare-versions 18.06.0-ce-rc3 gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
+	# true
+	# $ dpkg --compare-versions 18.06.0-ce gt 0.0.0-20180719213347-5daff5a  && echo true || echo false
+	# true
+	# $ dpkg --compare-versions 0.0.0-20180719213702-cd5e2db gt 0.0.0-20180719213347-5daff5a && echo true || echo false
+	# true
+fi
+
+echo "$debVersion" "$origVersion"

deb/raspbian-bookworm/Dockerfile

@@ -0,0 +1,40 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=raspbian
+ARG SUITE=bookworm
+ARG VERSION_ID=12
+ARG BUILD_IMAGE=balenalib/rpi-raspbian:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+
+ARG COMMON_FILES
+COPY --link ${COMMON_FILES} /root/build-deb/debian
+RUN apt-get update \
+ && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY --link sources/ /sources
+ARG DISTRO
+ARG SUITE
+ARG VERSION_ID
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV VERSION_ID=${VERSION_ID}
+
+COPY --link --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/raspbian-bullseye/Dockerfile

@@ -0,0 +1,40 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=raspbian
+ARG SUITE=bullseye
+ARG VERSION_ID=11
+ARG BUILD_IMAGE=balenalib/rpi-raspbian:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+
+ARG COMMON_FILES
+COPY --link ${COMMON_FILES} /root/build-deb/debian
+RUN apt-get update \
+ && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY --link sources/ /sources
+ARG DISTRO
+ARG SUITE
+ARG VERSION_ID
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV VERSION_ID=${VERSION_ID}
+
+COPY --link --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-jammy/Dockerfile

@@ -0,0 +1,46 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=ubuntu
+ARG SUITE=jammy
+ARG VERSION_ID=22.04
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+# Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
+RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
+        rm -f /usr/bin/man; \
+        dpkg-divert --quiet --remove --rename /usr/bin/man; \
+    fi
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+
+ARG COMMON_FILES
+COPY --link ${COMMON_FILES} /root/build-deb/debian
+RUN apt-get update \
+ && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY --link sources/ /sources
+ARG DISTRO
+ARG SUITE
+ARG VERSION_ID
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV VERSION_ID=${VERSION_ID}
+
+COPY --link --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-noble/Dockerfile

@@ -0,0 +1,46 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=ubuntu
+ARG SUITE=noble
+ARG VERSION_ID=24.04
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+# Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
+RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
+        rm -f /usr/bin/man; \
+        dpkg-divert --quiet --remove --rename /usr/bin/man; \
+    fi
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+
+ARG COMMON_FILES
+COPY --link ${COMMON_FILES} /root/build-deb/debian
+RUN apt-get update \
+ && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY --link sources/ /sources
+ARG DISTRO
+ARG SUITE
+ARG VERSION_ID
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV VERSION_ID=${VERSION_ID}
+
+COPY --link --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-oracular/Dockerfile

@@ -0,0 +1,46 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=ubuntu
+ARG SUITE=oracular
+ARG VERSION_ID=24.10
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+# Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
+RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
+        rm -f /usr/bin/man; \
+        dpkg-divert --quiet --remove --rename /usr/bin/man; \
+    fi
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+
+ARG COMMON_FILES
+COPY --link ${COMMON_FILES} /root/build-deb/debian
+RUN apt-get update \
+ && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY --link sources/ /sources
+ARG DISTRO
+ARG SUITE
+ARG VERSION_ID
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV VERSION_ID=${VERSION_ID}
+
+COPY --link --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-plucky/Dockerfile

@@ -0,0 +1,46 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=ubuntu
+ARG SUITE=plucky
+ARG VERSION_ID=25.04
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+
+# Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639
+RUN if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \
+        rm -f /usr/bin/man; \
+        dpkg-divert --quiet --remove --rename /usr/bin/man; \
+    fi
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y curl devscripts equivs git
+
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+
+ARG COMMON_FILES
+COPY --link ${COMMON_FILES} /root/build-deb/debian
+RUN apt-get update \
+ && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/build-deb/debian/control
+
+COPY --link sources/ /sources
+ARG DISTRO
+ARG SUITE
+ARG VERSION_ID
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+ENV VERSION_ID=${VERSION_ID}
+
+COPY --link --from=golang /usr/local/go /usr/local/go
+
+WORKDIR /root/build-deb
+COPY build-deb /root/build-deb/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-trusty/Dockerfile.amd64

@@ -1,30 +0,0 @@
-FROM ubuntu:trusty
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.8.1
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV GOPATH /go
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
-
-COPY common/ /root/build-deb/debian
-COPY build-deb /root/build-deb/build-deb
-
-RUN mkdir -p /go/src/github.com/docker && \
-	mkdir -p /go/src/github.com/opencontainers && \
-	ln -snf /engine /root/build-deb/engine && \
-	ln -snf /cli /root/build-deb/cli && \
-	ln -snf /root/build-deb/engine /go/src/github.com/docker/docker && \
-	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-
-
-ENV DISTRO ubuntu
-ENV SUITE trusty
-
-WORKDIR /root/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-xenial/Dockerfile.amd64

@@ -1,30 +0,0 @@
-FROM ubuntu:xenial
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.8.1
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV GOPATH /go
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
-
-COPY common/ /root/build-deb/debian
-COPY build-deb /root/build-deb/build-deb
-
-RUN mkdir -p /go/src/github.com/docker && \
-	mkdir -p /go/src/github.com/opencontainers && \
-	ln -snf /engine /root/build-deb/engine && \
-	ln -snf /cli /root/build-deb/cli && \
-	ln -snf /root/build-deb/engine /go/src/github.com/docker/docker && \
-	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-
-
-ENV DISTRO ubuntu
-ENV SUITE xenial
-
-WORKDIR /root/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-xenial/Dockerfile.s390x

@@ -1,30 +0,0 @@
-FROM s390x/ubuntu:xenial
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.8.1
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV GOPATH /go
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
-
-COPY common/ /root/build-deb/debian
-COPY build-deb /root/build-deb/build-deb
-
-RUN mkdir -p /go/src/github.com/docker && \
-	mkdir -p /go/src/github.com/opencontainers && \
-	ln -snf /engine /root/build-deb/engine && \
-	ln -snf /cli /root/build-deb/cli && \
-	ln -snf /root/build-deb/engine /go/src/github.com/docker/docker && \
-	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-
-
-ENV DISTRO ubuntu
-ENV SUITE xenial
-
-WORKDIR /root/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-yakkety/Dockerfile.amd64

@@ -1,30 +0,0 @@
-FROM ubuntu:yakkety
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.8.1
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV GOPATH /go
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
-
-COPY common/ /root/build-deb/debian
-COPY build-deb /root/build-deb/build-deb
-
-RUN mkdir -p /go/src/github.com/docker && \
-	mkdir -p /go/src/github.com/opencontainers && \
-	ln -snf /engine /root/build-deb/engine && \
-	ln -snf /cli /root/build-deb/cli && \
-	ln -snf /root/build-deb/engine /go/src/github.com/docker/docker && \
-	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-
-
-ENV DISTRO ubuntu
-ENV SUITE yakkety
-
-WORKDIR /root/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-yakkety/Dockerfile.s390x

@@ -1,30 +0,0 @@
-FROM s390x/ubuntu:yakkety
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.8.1
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV GOPATH /go
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
-
-COPY common/ /root/build-deb/debian
-COPY build-deb /root/build-deb/build-deb
-
-RUN mkdir -p /go/src/github.com/docker && \
-	mkdir -p /go/src/github.com/opencontainers && \
-	ln -snf /engine /root/build-deb/engine && \
-	ln -snf /cli /root/build-deb/cli && \
-	ln -snf /root/build-deb/engine /go/src/github.com/docker/docker && \
-	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-
-
-ENV DISTRO ubuntu
-ENV SUITE yakkety
-
-WORKDIR /root/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-zesty/Dockerfile.amd64

@@ -1,30 +0,0 @@
-FROM ubuntu:zesty
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.8.1
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV GOPATH /go
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
-
-COPY common/ /root/build-deb/debian
-COPY build-deb /root/build-deb/build-deb
-
-RUN mkdir -p /go/src/github.com/docker && \
-	mkdir -p /go/src/github.com/opencontainers && \
-	ln -snf /engine /root/build-deb/engine && \
-	ln -snf /cli /root/build-deb/cli && \
-	ln -snf /root/build-deb/engine /go/src/github.com/docker/docker && \
-	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-
-
-ENV DISTRO ubuntu
-ENV SUITE zesty
-
-WORKDIR /root/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

deb/ubuntu-zesty/Dockerfile.s390x

@@ -1,30 +0,0 @@
-FROM s390x/ubuntu:zesty
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.8.1
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-
-ENV GOPATH /go
-
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS apparmor seccomp selinux
-
-COPY common/ /root/build-deb/debian
-COPY build-deb /root/build-deb/build-deb
-
-RUN mkdir -p /go/src/github.com/docker && \
-	mkdir -p /go/src/github.com/opencontainers && \
-	ln -snf /engine /root/build-deb/engine && \
-	ln -snf /cli /root/build-deb/cli && \
-	ln -snf /root/build-deb/engine /go/src/github.com/docker/docker && \
-	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-
-
-ENV DISTRO ubuntu
-ENV SUITE zesty
-
-WORKDIR /root/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

distros.json

@@ -0,0 +1,141 @@
+{
+    "centos-9": {
+        "image": "quay.io/centos/centos:stream9",
+        "arches": [
+            "amd64",
+            "aarch64"
+        ],
+        "description": "CentOS Stream 9",
+        "end_of_life": "2027"
+    },
+    "centos-10": {
+        "image": "quay.io/centos/centos:stream10",
+        "arches": [
+            "amd64",
+            "aarch64"
+        ],
+        "description": "CentOS Stream 10",
+        "end_of_life": "2030"
+    },
+    "debian-bullseye": {
+        "image": "debian:bullseye",
+        "arches": [
+            "amd64",
+            "aarch64",
+            "armhf"
+        ],
+        "description": "Debian 11 (oldstable)"
+    },
+    "debian-bookworm": {
+        "image": "debian:bookworm",
+        "arches": [
+            "amd64",
+            "aarch64",
+            "armhf"
+        ],
+        "description": "Debian 12 (stable)"
+    },
+    "debian-trixie": {
+        "image": "debian:trixie",
+        "arches": [
+            "amd64",
+            "aarch64",
+            "armhf"
+        ],
+        "description": "Debian 13 (Next stable)"
+    },
+    "fedora-41": {
+        "image": "fedora:41",
+        "arches": [
+            "amd64",
+            "aarch64"
+        ],
+        "end_of_life": "November, 2025"
+    },
+    "fedora-42": {
+        "image": "fedora:42",
+        "arches": [
+            "amd64",
+            "aarch64"
+        ],
+        "end_of_life": "November, 2025"
+    },
+    "raspbian-bullseye": {
+        "image": "balenalib/rpi-raspbian:bullseye",
+        "arches": [
+            "armhf"
+        ],
+        "description": "Debian/Raspbian 11 (stable)"
+    },
+    "raspbian-bookworm": {
+        "image": "balenalib/rpi-raspbian:bookworm",
+        "arches": [
+            "armhf"
+        ],
+        "description": "Debian/Raspbian 12 (next stable)"
+    },
+    "ubuntu-jammy": {
+        "image": "ubuntu:jammy",
+        "arches": [
+            "amd64",
+            "aarch64",
+            "armhf"
+        ],
+        "description": "Ubuntu 22.04 LTS",
+        "end_of_life": "04-2032",
+        "end_of_support": "04-2027"
+    },
+    "ubuntu-noble": {
+        "image": "ubuntu:noble",
+        "arches": [
+            "amd64",
+            "aarch64",
+            "armhf"
+        ],
+        "description": "Ubuntu 24.04 LTS",
+        "end_of_life": "04-2034",
+        "end_of_support": "06-2029"
+    },
+    "ubuntu-oracular": {
+        "image": "ubuntu:oracular",
+        "arches": [
+            "amd64",
+            "aarch64",
+            "armhf"
+        ],
+        "description": "Ubuntu 24.10",
+        "end_of_life": "07-2025",
+        "end_of_support": "07-2025"
+    },
+    "ubuntu-plucky": {
+        "image": "ubuntu:plucky",
+        "arches": [
+            "amd64",
+            "aarch64",
+            "armhf"
+        ],
+        "description": "Ubuntu 25.04",
+        "end_of_life": "01-2026",
+        "end_of_support": "01-2026"
+    },
+    "rhel-8": {
+        "image": "registry.access.redhat.com/ubi8/ubi",
+        "arches": [
+            "amd64",
+            "aarch64"
+        ],
+        "description": "Red Hat Enterprise Linux 8",
+        "end_of_life": "05-2029",
+        "end_of_support": "05-2024"
+    },
+    "rhel-9": {
+        "image": "registry.access.redhat.com/ubi9/ubi",
+        "arches": [
+            "amd64",
+            "aarch64"
+        ],
+        "description": "Red Hat Enterprise Linux 9",
+        "end_of_life": "05-2032",
+        "end_of_support": "05-2027"
+    }
+}

install-containerd-helpers

@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+
+###
+# Script Name:  install-containerd-helpers
+#
+# Description: A library that containers helpers to install containerd on different
+#              distributions based on a package manager
+###
+set -x extglob
+
+# Steps taken from: https://docs.docker.com/install/linux/docker-ce/centos/
+function install_rpm_containerd() {
+	if [ "${PACKAGE_REPO}" = "stage" ]; then
+		REPO_URL="https://download-stage.docker.com/linux/${DIST_ID}/docker-ce-staging.repo"
+	else
+		REPO_URL="https://download.docker.com/linux/${DIST_ID}/docker-ce.repo"
+	fi
+
+	# Install containerd dependency for non-zypper dependecies
+	echo "[DEBUG] Installing engine dependencies from ${REPO_URL}"
+
+	# Note: we enable test channel to be able to test non-stable containerd packages as well.
+	# Once a containerd package becomes stable it will also be available in the test channel,
+	# so this logic works for both cases.
+	# (See also same logic in install_debian_containerd)
+
+	if command -v dnf5; then
+		dnf --version
+
+		# FIXME(thaJeztah); strip empty lines as workaround for https://github.com/rpm-software-management/dnf5/issues/1603
+		TMP_REPO_FILE="$(mktemp --dry-run)"
+		curl -fsSL "${REPO_URL}" | tr -s '\n' > "${TMP_REPO_FILE}"
+		dnf config-manager addrepo --save-filename=docker-ce.repo  --overwrite --from-repofile="${TMP_REPO_FILE}"
+		rm -f "${TMP_REPO_FILE}"
+		# dnf config-manager addrepo --save-filename=docker-ce.repo --from-repofile="${REPO_URL}"
+		dnf config-manager setopt 'docker-ce-*.enabled=0'
+		dnf config-manager setopt 'docker-ce-test.enabled=1'
+		dnf makecache
+	elif command -v dnf; then
+		dnf --version
+
+		dnf config-manager --add-repo "${REPO_URL}"
+		dnf config-manager --set-disabled 'docker-ce-*'
+		dnf config-manager --set-enabled 'docker-ce-test'
+		dnf makecache
+	else
+		yum-config-manager --add-repo "${REPO_URL}"
+		yum-config-manager --disable 'docker-ce-*'
+		yum-config-manager --enable 'docker-ce-test'
+		yum makecache
+	fi
+}
+
+# Steps taken from: https://docs.docker.com/install/linux/docker-ce/ubuntu/
+function install_debian_containerd() {
+	if [ "${PACKAGE_REPO}" = "stage" ]; then
+		REPO_URL="https://download-stage.docker.com/linux/${DIST_ID}"
+	else
+		REPO_URL="https://download.docker.com/linux/${DIST_ID}"
+	fi
+
+	echo "[DEBUG] Installing engine dependencies from ${REPO_URL}"
+
+	#TODO include this step in the get.docker.com installation script
+	# Make sure ca-certificates are up-to-date
+	update-ca-certificates -f
+
+	install -m 0755 -d /etc/apt/keyrings
+	curl -fsSL "${REPO_URL}/gpg" | tee /etc/apt/keyrings/docker.asc
+	chmod a+r /etc/apt/keyrings/docker.asc
+
+	if [ "${DIST_VERSION}" = "sid" ]; then
+		echo 'Debian sid ("unstable") cannot be used for packaging: replace with the actual codename'
+		exit 1
+	fi
+	ARCH=$(dpkg --print-architecture)
+
+	# Note: we enable test channel to be able to test non-stable containerd packages as well.
+	# Once a containerd package becomes stable it will also be available in the test channel,
+	# so this logic works for both cases.
+	# (See also same logic in install_rpm_containerd)
+	echo "deb [arch=${ARCH} signed-by=/etc/apt/keyrings/docker.asc] ${REPO_URL} ${DIST_VERSION} test" > /etc/apt/sources.list.d/docker.list
+
+	apt-get update
+}

rpm/Makefile

@@ -1,67 +1,151 @@
-ARCH=$(shell uname -m)
-ENGINE_DIR:=$(CURDIR)/../../engine
-CLI_DIR:=$(CURDIR)/../../cli
-GITCOMMIT=$(shell cd $(ENGINE_DIR) && git rev-parse --short HEAD)
-VERSION=$(shell cat $(ENGINE_DIR)/VERSION)
-DOCKER_EXPERIMENTAL=0
-GEN_RPM_VER=$(shell ./gen-rpm-ver $(ENGINE_DIR) $(VERSION))
-CHOWN=docker run --rm -v $(CURDIR):/v -w /v alpine chown
-RPMBUILD=docker run --privileged --rm \
-	-v $(CURDIR)/rpmbuild/SOURCES:/root/rpmbuild/SOURCES \
-	-v $(CURDIR)/rpmbuild/BUILD:/root/rpmbuild/BUILD \
-	-v $(CURDIR)/rpmbuild/BUILDROOT:/root/rpmbuild/BUILDROOT \
-	-v $(CURDIR)/rpmbuild/RPMS:/root/rpmbuild/RPMS \
-	-v $(CURDIR)/rpmbuild/SRPMS:/root/rpmbuild/SRPMS
-RPMBUILD_FLAGS=-ba\
-	--define '_gitcommit $(word 3,$(GEN_RPM_VER))' \
+include ../common.mk
+
+PLUGINS_DIR=$(realpath $(CURDIR)/../plugins)
+GO_BASE_IMAGE=golang
+GO_IMAGE?=$(GO_BASE_IMAGE):$(GO_VERSION)-bookworm
+GEN_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/cli) "$(VERSION)")
+GEN_BUILDX_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/buildx) "$(DOCKER_BUILDX_REF)")
+GEN_COMPOSE_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/compose) "$(DOCKER_COMPOSE_REF)")
+GEN_MODEL_RPM_VER=$(shell ./gen-rpm-ver $(realpath $(CURDIR)/../src/github.com/docker/model-cli) "$(DOCKER_MODEL_REF)")
+CLI_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/cli) && git rev-parse --short HEAD)
+ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD)
+BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD)
+
+ifdef RH_USER
+	RH_FLAGS=--secret id=rh-user,env=RH_USER --secret id=rh-pass,env=RH_PASS
+endif
+ifdef BUILD_IMAGE
+	BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE)
+endif
+BUILD?=DOCKER_BUILDKIT=1 \
+	docker build \
+	$(RH_FLAGS) \
+	$(BUILD_IMAGE_FLAG) \
+	--build-arg GO_IMAGE=$(GO_IMAGE) \
+	-t rpmbuild-$@/$(ARCH) \
+	--platform linux/$(ARCH) \
+	-f $@/Dockerfile \
+	.
+
+
+SPEC_FILES?=docker-ce.spec docker-ce-cli.spec docker-ce-rootless-extras.spec docker-buildx-plugin.spec docker-compose-plugin.spec docker-model-plugin.spec
+
+SPECS?=$(addprefix SPECS/, $(SPEC_FILES))
+RPMBUILD_FLAGS?=-ba\
+	--define '_gitcommit_cli $(CLI_GITCOMMIT)' \
+	--define '_gitcommit_engine $(ENGINE_GITCOMMIT)' \
 	--define '_release $(word 2,$(GEN_RPM_VER))' \
 	--define '_version $(word 1,$(GEN_RPM_VER))' \
-	--define '_origversion $(VERSION)' \
-	--define '_experimental $(DOCKER_EXPERIMENTAL)' \
-	SPECS/docker-ce.spec
+	--define '_origversion $(word 4, $(GEN_RPM_VER))' \
+	--define '_buildx_rpm_version $(word 1,$(GEN_BUILDX_RPM_VER))' \
+	--define '_buildx_version $(word 4,$(GEN_BUILDX_RPM_VER))' \
+	--define '_buildx_gitcommit $(BUILDX_GITCOMMIT)' \
+	--define '_compose_rpm_version $(word 1,$(GEN_COMPOSE_RPM_VER))' \
+	--define '_compose_version $(word 4,$(GEN_COMPOSE_RPM_VER))' \
+	--define '_model_rpm_version $(word 1,$(GEN_MODEL_RPM_VER))' \
+	--define '_model_version $(word 4,$(GEN_MODEL_RPM_VER))' \
+	$(RPMBUILD_EXTRA_FLAGS) \
+	$(SPECS)
 
-.PHONY: help clean rpm fedora centos fedora-25 fedora-24 centos-7
+# Additional flags may be necessary at some point
+RUN_FLAGS=
 
+# FIXME(thaJeztah): disabling seccomp to handle (ppc64le) tar "chown / chmod"
+# failing when running in a Fedora 40 container on a Debian bookworm host;
+# see https://github.com/docker/docker-ce-packaging/issues/1012 and
+# https://github.com/docker/docker-ce-packaging/pull/1006#issuecomment-2006878743
+RUN?=docker run --rm \
+	--security-opt seccomp=unconfined \
+	--platform linux/$(ARCH) \
+	-e PLATFORM \
+	-v $(CURDIR)/rpmbuild/SOURCES:/root/rpmbuild/SOURCES:ro \
+	-v $(CURDIR)/rpmbuild/$@/RPMS:/root/rpmbuild/RPMS \
+	-v $(CURDIR)/rpmbuild/$@/SRPMS:/root/rpmbuild/SRPMS \
+	$(RUN_FLAGS) \
+	rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
+
+FEDORA_RELEASES ?= fedora-41 fedora-42
+CENTOS_RELEASES ?= centos-9 centos-10
+RHEL_RELEASES ?= rhel-8 rhel-9
+
+DISTROS := $(FEDORA_RELEASES) $(CENTOS_RELEASES) $(RHEL_RELEASES)
+BUNDLES := $(patsubst %,rpmbuild/bundles-ce-%-$(DPKG_ARCH).tar.gz,$(DISTROS))
+
+.PHONY: help
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 
+.PHONY: clean
 clean: ## remove build artifacts
 	[ ! -d rpmbuild ] || $(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
-	rm -rf rpmbuild
+	$(RM) -r rpmbuild/
+	-docker builder prune -f --filter until=24h
 
+.PHONY: rpm
 rpm: fedora centos ## build all rpm packages
 
-fedora: fedora-25 fedora-24 ## build all fedora rpm packages
+.PHONY: fedora
+fedora: $(FEDORA_RELEASES) ## build all fedora rpm packages
 
-centos: centos-7 ## build all centos rpm packages
+.PHONY: centos
+centos: $(CENTOS_RELEASES) ## build all centos rpm packages
 
-fedora-25: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz ## build fedora-25 rpm packages
-	docker build -t rpmbuild-$@/$(ARCH) -f $@/Dockerfile.$(ARCH) $@
-	$(RPMBUILD) rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
+.PHONY: rhel
+rhel: $(RHEL_RELEASES) ## build all rhel rpm packages
 
-fedora-24: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz ## build fedora-24 rpm packages
-	docker build -t rpmbuild-$@/$(ARCH) -f $@/Dockerfile.$(ARCH) $@
-	$(RPMBUILD) rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
+.PHONY: $(DISTROS)
+$(DISTROS): sources
+	@echo "== Building packages for $@ =="
+	mkdir -p "rpmbuild/$@"
+	$(BUILD)
+	$(RUN)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) "rpmbuild/$@"
 
-centos-7: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz ## build centos-7 rpm packages
-	docker build -t rpmbuild-$@/$(ARCH) -f $@/Dockerfile.$(ARCH) $@
-	$(RPMBUILD) rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
+.PHONY: sources
+sources: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/buildx.tgz rpmbuild/SOURCES/compose.tgz rpmbuild/SOURCES/model.tgz
+
+rpmbuild/SOURCES/engine.tgz:
+	mkdir -p $(@D)
+	docker run --rm -w /v \
+		-v $(realpath $(CURDIR)/../src/github.com/docker/docker):/engine \
+		-v $(CURDIR)/$(@D):/v \
+		alpine \
+		tar -C / -c -z -f /v/engine.tgz --exclude .git engine
 
 rpmbuild/SOURCES/cli.tgz:
-	mkdir -p rpmbuild/SOURCES
+	mkdir -p $(@D)
 	docker run --rm -w /v \
-		-v $(CLI_DIR):/cli \
-		-v $(CURDIR)/rpmbuild/SOURCES:/v \
+		-v $(realpath $(CURDIR)/../src/github.com/docker/cli):/cli \
+		-v $(CURDIR)/$(@D):/v \
 		alpine \
 		tar -C / -c -z -f /v/cli.tgz --exclude .git cli
 
-rpmbuild/SOURCES/engine.tgz:
-	mkdir -p rpmbuild/SOURCES
+rpmbuild/SOURCES/buildx.tgz:
+	mkdir -p $(@D)
 	docker run --rm -w /v \
-		-v $(ENGINE_DIR):/engine \
-		-v $(CURDIR)/rpmbuild/SOURCES:/v \
+		-v $(realpath $(CURDIR)/../src/github.com/docker/buildx):/buildx \
+		-v $(CURDIR)/$(@D):/v \
 		alpine \
-		tar -C / -c -z -f /v/engine.tgz --exclude .git engine
+		tar -C / -c -z -f /v/buildx.tgz --exclude .git buildx
+
+rpmbuild/SOURCES/compose.tgz:
+	mkdir -p $(@D)
+	docker run --rm -w /v \
+		-v $(realpath $(CURDIR)/../src/github.com/docker/compose):/compose \
+		-v $(CURDIR)/$(@D):/v \
+		alpine \
+		tar -C / -c -z -f /v/compose.tgz --exclude .git compose
+
+rpmbuild/SOURCES/model.tgz:
+	mkdir -p $(@D)
+	docker run --rm -w /v \
+		-v $(realpath $(CURDIR)/../src/github.com/docker/model-cli):/model \
+		-v $(CURDIR)/$(@D):/v \
+		alpine \
+		tar -C / -c -z -f /v/model.tgz --exclude .git model
+
+# See ARCHES in common.mk. Could not figure out how to match both distro and arch.
+BUNDLES:=$(addsuffix .tar.gz,$(addprefix rpmbuild/bundles-ce-%-,$(ARCHES)))
+
+$(BUNDLES): %
+	tar czf $@ --transform="s|^rpmbuild/\(.*\)|bundles/$(VERSION)/build-rpm/\1|" rpmbuild/$*

rpm/README.md

@@ -0,0 +1,39 @@
+# Building your own Docker rpm package
+
+`.rpm` packages can be built from this directory with the following syntax
+
+```shell
+make rpm
+```
+
+Artifacts will be located in `rpmbuild` under the following directory structure:
+`rpmbuild/$distro-$distro_version/`
+
+### Building from local source
+
+Specify the location of the source repositories for the engine and cli when
+building packages
+
+* `ENGINE_DIR` -> Specifies the directory where the engine code is located, eg: `$GOPATH/src/github.com/docker/docker`
+* `CLI_DIR` -> Specifies the directory where the cli code is located, eg: `$GOPATH/src/github.com/docker/cli`
+
+```shell
+make ENGINE_DIR=/path/to/engine CLI_DIR=/path/to/cli rpm
+```
+
+## Specifying a specific distro
+
+```shell
+make centos
+```
+
+## Specifying a specific distro version
+```shell
+make centos-9
+```
+
+## Building the for all distros
+
+```shell
+make rpm
+```

rpm/SPECS/docker-buildx-plugin.spec

@@ -0,0 +1,51 @@
+%global debug_package %{nil}
+
+Name: docker-buildx-plugin
+Version: %{_buildx_rpm_version}
+Release: %{_release}%{?dist}
+Epoch: 0
+Source0: buildx.tgz
+Summary: Docker Buildx plugin for the Docker CLI
+Group: Tools/Docker
+License: Apache-2.0
+URL: https://github.com/docker/buildx
+Vendor: Docker
+Packager: Docker <support@docker.com>
+
+BuildRequires: bash
+
+%description
+Docker Buildx plugin for the Docker CLI.
+
+%prep
+%setup -q -c -n src -a 0
+
+%build
+pushd ${RPM_BUILD_DIR}/src/buildx
+	GO111MODULE=on \
+	CGO_ENABLED=0 \
+		go build \
+			-mod=vendor \
+			-trimpath \
+			-ldflags="-w -X github.com/docker/buildx/version.Version=%{_buildx_version} -X github.com/docker/buildx/version.Revision=%{_buildx_gitcommit} -X github.com/docker/buildx/version.Package=github.com/docker/buildx" \
+			-o "bin/docker-buildx" \
+			./cmd/buildx
+popd
+
+%check
+ver="$(${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-buildx docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
+	test "$ver" = "%{_buildx_version}" && echo "PASS: docker-buildx version OK" || (echo "FAIL: docker-buildx version ($ver) did not match" && exit 1)
+
+%install
+install -D -p -m 0755 ${RPM_BUILD_DIR}/src/buildx/bin/docker-buildx ${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-buildx
+
+%files
+%{_libexecdir}/docker/cli-plugins/docker-buildx
+
+%post
+
+%preun
+
+%postun
+
+%changelog

rpm/SPECS/docker-ce-cli.spec

@@ -0,0 +1,95 @@
+%global debug_package %{nil}
+
+Name: docker-ce-cli
+Version: %{_version}
+Release: %{_release}%{?dist}
+Epoch: 1
+Summary: The open-source application container engine
+Group: Tools/Docker
+License: Apache-2.0
+Source0: cli.tgz
+URL: https://www.docker.com
+Vendor: Docker
+Packager: Docker <support@docker.com>
+
+# required packages on install
+Requires: /bin/sh
+Requires: /usr/sbin/groupadd
+
+Recommends: docker-buildx-plugin
+Recommends: docker-compose-plugin
+
+Suggests: docker-model-plugin
+
+BuildRequires: make
+BuildRequires: git
+
+# conflicting packages
+Conflicts: docker
+Conflicts: docker-io
+Conflicts: docker-ee
+Conflicts: docker-ee-cli
+
+%description
+Docker is is a product for you to build, ship and run any application as a
+lightweight container.
+
+Docker containers are both hardware-agnostic and platform-agnostic. This means
+they can run anywhere, from your laptop to the largest cloud compute instance
+and everything in between - and they don't require you to use a particular
+language, framework or packaging system. That makes them great building blocks
+for deploying and scaling web apps, databases, and backend services without
+depending on a particular stack or provider.
+
+%prep
+%setup -q -c -n src -a 0
+
+%build
+mkdir -p /go/src/github.com/docker
+rm -f /go/src/github.com/docker/cli
+ln -snf ${RPM_BUILD_DIR}/src/cli /go/src/github.com/docker/cli
+make -C /go/src/github.com/docker/cli DISABLE_WARN_OUTSIDE_CONTAINER=1 VERSION=%{_origversion} GITCOMMIT=%{_gitcommit_cli} dynbinary manpages shell-completion
+
+%check
+ver="$(cli/build/docker --version)"; \
+    test "$ver" = "Docker version %{_origversion}, build %{_gitcommit_cli}" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($ver) did not match" && exit 1)
+
+%install
+# install binary
+install -D -p -m 755 cli/build/docker ${RPM_BUILD_ROOT}%{_bindir}/docker
+
+# add bash, zsh, and fish completions
+install -D -p -m 644 cli/build/completion/bash/docker ${RPM_BUILD_ROOT}%{_datadir}/bash-completion/completions/docker
+install -D -p -m 644 cli/build/completion/zsh/_docker ${RPM_BUILD_ROOT}%{_datadir}/zsh/vendor-completions/_docker
+install -D -p -m 644 cli/build/completion/fish/docker.fish ${RPM_BUILD_ROOT}%{_datadir}/fish/vendor_completions.d/docker.fish
+
+# install man-pages
+for sec in $(seq 1 9); do
+    if [ -d "cli/man/man${sec}" ]; then
+        # Note: we need to create destination dirs first (instead "install -D") due to wildcards used.
+        install -d ${RPM_BUILD_ROOT}%{_mandir}/man${sec} && \
+        install -p -m 644 cli/man/man${sec}/*.${sec} ${RPM_BUILD_ROOT}%{_mandir}/man${sec};
+    fi
+done
+
+mkdir -p build-docs
+for cli_file in LICENSE MAINTAINERS NOTICE README.md; do
+    install -D -p -m 644 "cli/$cli_file" "build-docs/$cli_file"
+done
+
+# list files owned by the package here
+%files
+%doc build-docs/LICENSE build-docs/MAINTAINERS build-docs/NOTICE build-docs/README.md
+%{_bindir}/docker
+%{_datadir}/bash-completion/completions/docker
+%{_datadir}/zsh/vendor-completions/_docker
+%{_datadir}/fish/vendor_completions.d/docker.fish
+%{_mandir}/man*/*
+
+
+%post
+if ! getent group docker > /dev/null; then
+    groupadd --system docker
+fi
+
+%changelog

rpm/SPECS/docker-ce-rootless-extras.spec

@@ -0,0 +1,63 @@
+%global debug_package %{nil}
+
+Name: docker-ce-rootless-extras
+Version: %{_version}
+Release: %{_release}%{?dist}
+Epoch: 0
+Source0: engine.tgz
+Summary: Rootless support for Docker
+Group: Tools/Docker
+License: Apache-2.0
+URL: https://docs.docker.com/engine/security/rootless/
+Vendor: Docker
+Packager: Docker <support@docker.com>
+
+Requires: docker-ce
+# TODO: conditionally add `Requires: dbus-daemon` for Fedora and CentOS 8
+# slirp4netns >= 0.4 is available in the all supported versions of CentOS and Fedora.
+Requires: slirp4netns >= 0.4
+# fuse-overlayfs >= 0.7 is available in the all supported versions of CentOS and Fedora.
+Requires: fuse-overlayfs >= 0.7
+
+BuildRequires: bash
+
+# conflicting packages
+Conflicts: rootlesskit
+
+%description
+Rootless support for Docker.
+Use dockerd-rootless.sh to run the daemon.
+Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh .
+This package contains RootlessKit, but does not contain VPNKit.
+Either VPNKit or slirp4netns (>= 0.4.0) needs to be installed separately.
+
+%prep
+%setup -q -c -n src -a 0
+
+%build
+
+export DOCKER_GITCOMMIT=%{_gitcommit_engine}
+mkdir -p /go/src/github.com/docker
+ln -snf ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker
+TMP_GOPATH="/go" ${RPM_BUILD_DIR}/src/engine/hack/dockerfile/install/install.sh rootlesskit dynamic
+
+%check
+/usr/local/bin/rootlesskit -v
+
+%install
+install -D -p -m 0755 engine/contrib/dockerd-rootless.sh ${RPM_BUILD_ROOT}%{_bindir}/dockerd-rootless.sh
+install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh ${RPM_BUILD_ROOT}%{_bindir}/dockerd-rootless-setuptool.sh
+install -D -p -m 0755 /usr/local/bin/rootlesskit ${RPM_BUILD_ROOT}%{_bindir}/rootlesskit
+
+%files
+%{_bindir}/dockerd-rootless.sh
+%{_bindir}/dockerd-rootless-setuptool.sh
+%{_bindir}/rootlesskit
+
+%post
+
+%preun
+
+%postun
+
+%changelog

rpm/SPECS/docker-ce.spec

@@ -0,0 +1,127 @@
+%global debug_package %{nil}
+
+Name: docker-ce
+Version: %{_version}
+Release: %{_release}%{?dist}
+Epoch: 3
+Source0: engine.tgz
+Summary: The open-source application container engine
+Group: Tools/Docker
+License: Apache-2.0
+URL: https://www.docker.com
+Vendor: Docker
+Packager: Docker <support@docker.com>
+
+Requires: /usr/sbin/groupadd
+# Provides modprobe, which we use to load br_netfilter if not loaded.
+Suggests: kmod
+Requires: docker-ce-cli
+Recommends: docker-ce-rootless-extras
+Requires: container-selinux
+Requires: systemd
+Requires: iptables
+%if %{undefined rhel} || 0%{?rhel} < 9
+# Libcgroup is no longer available in RHEL/CentOS >= 9 distros.
+Requires: libcgroup
+%endif
+Requires: containerd.io >= 1.7.27
+Requires: tar
+Requires: xz
+
+BuildRequires: bash
+BuildRequires: ca-certificates
+BuildRequires: cmake
+BuildRequires: gcc
+BuildRequires: git
+BuildRequires: glibc-static
+BuildRequires: libtool
+BuildRequires: make
+BuildRequires: pkgconfig
+BuildRequires: pkgconfig(systemd)
+BuildRequires: systemd-devel
+BuildRequires: tar
+
+# conflicting packages
+Conflicts: docker
+Conflicts: docker-io
+Conflicts: docker-ee
+
+%description
+Docker is a product for you to build, ship and run any application as a
+lightweight container.
+
+Docker containers are both hardware-agnostic and platform-agnostic. This means
+they can run anywhere, from your laptop to the largest cloud compute instance
+and everything in between - and they don't require you to use a particular
+language, framework or packaging system. That makes them great building blocks
+for deploying and scaling web apps, databases, and backend services without
+depending on a particular stack or provider.
+
+%prep
+%setup -q -c -n src -a 0
+
+%build
+
+export DOCKER_GITCOMMIT=%{_gitcommit_engine}
+mkdir -p /go/src/github.com/docker
+ln -snf ${RPM_BUILD_DIR}/src/engine /go/src/github.com/docker/docker
+
+pushd ${RPM_BUILD_DIR}/src/engine
+TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini
+
+# Determine Go module mode based on file presence
+if [ -f vendor.mod ]; then
+    GOMOD=off
+elif [ -f go.mod ]; then
+    GOMOD=on
+else
+    echo "No go.mod or vendor.mod found in engine directory"
+    exit 1
+fi
+GO111MODULE=$GOMOD VERSION=%{_origversion} PRODUCT=docker hack/make.sh dynbinary
+popd
+
+#  build  man-pages
+make -C ${RPM_BUILD_DIR}/src/engine/man
+
+%check
+ver="$(engine/bundles/dynbinary-daemon/dockerd --version)"; \
+    test "$ver" = "Docker version %{_origversion}, build %{_gitcommit_engine}" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($ver) did not match" && exit 1)
+
+%install
+install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) ${RPM_BUILD_ROOT}%{_bindir}/dockerd
+install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/docker-proxy) ${RPM_BUILD_ROOT}%{_bindir}/docker-proxy
+install -D -p -m 0755 /usr/local/bin/docker-init ${RPM_BUILD_ROOT}%{_libexecdir}/docker/docker-init
+
+# install systemd scripts
+install -D -p -m 0644 engine/contrib/init/systemd/docker.service ${RPM_BUILD_ROOT}%{_unitdir}/docker.service
+install -D -p -m 0644 engine/contrib/init/systemd/docker.socket ${RPM_BUILD_ROOT}%{_unitdir}/docker.socket
+
+# install manpages
+make -C ${RPM_BUILD_DIR}/src/engine/man DESTDIR=${RPM_BUILD_ROOT} mandir=%{_mandir} install
+
+# create the config directory
+mkdir -p ${RPM_BUILD_ROOT}/etc/docker
+
+%files
+%{_bindir}/dockerd
+%{_bindir}/docker-proxy
+%{_libexecdir}/docker/docker-init
+%{_unitdir}/docker.service
+%{_unitdir}/docker.socket
+%{_mandir}/man*/*
+%dir /etc/docker
+
+%post
+%systemd_post docker.service
+if ! getent group docker > /dev/null; then
+    groupadd --system docker
+fi
+
+%preun
+%systemd_preun docker.service docker.socket
+
+%postun
+%systemd_postun_with_restart docker.service
+
+%changelog

rpm/SPECS/docker-compose-plugin.spec

@@ -0,0 +1,57 @@
+%global debug_package %{nil}
+
+Name: docker-compose-plugin
+Version: %{_compose_rpm_version}
+Release: %{_release}%{?dist}
+Epoch: 0
+Source0: compose.tgz
+Summary: Docker Compose (V2) plugin for the Docker CLI
+Group: Tools/Docker
+License: Apache-2.0
+URL: https://github.com/docker/compose/
+Vendor: Docker
+Packager: Docker <support@docker.com>
+
+Enhances: docker-ce-cli
+Recommends: docker-buildx-plugin
+
+BuildRequires: bash
+
+%description
+Docker Compose (V2) plugin for the Docker CLI.
+
+This plugin provides the 'docker compose' subcommand.
+
+The binary can also be run standalone as a direct replacement for
+Docker Compose V1 ('docker-compose').
+
+%prep
+%setup -q -c -n src -a 0
+
+%build
+make -C ${RPM_BUILD_DIR}/src/compose VERSION=%{_compose_version} DESTDIR=./bin build
+
+%check
+ver="$(${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-compose docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
+    test "$ver" = "%{_compose_version}" && echo "PASS: docker-compose version OK" || (echo "FAIL: docker-compose version ($ver) did not match" && exit 1)
+
+%install
+install -D -p -m 0755 ${RPM_BUILD_DIR}/src/compose/bin/docker-compose ${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-compose
+
+for f in LICENSE MAINTAINERS NOTICE README.md; do
+    install -D -p -m 0644 "${RPM_BUILD_DIR}/src/compose/$f" "docker-compose-plugin-docs/$f"
+done
+
+%files
+%doc docker-compose-plugin-docs/*
+%license docker-compose-plugin-docs/LICENSE
+%license docker-compose-plugin-docs/NOTICE
+%{_libexecdir}/docker/cli-plugins/docker-compose
+
+%post
+
+%preun
+
+%postun
+
+%changelog

rpm/SPECS/docker-model-plugin.spec

@@ -0,0 +1,52 @@
+%global debug_package %{nil}
+
+Name: docker-model-plugin
+Version: %{_model_rpm_version}
+Release: %{_release}%{?dist}
+Epoch: 0
+Source0: model.tgz
+Summary: Docker Model Runner plugin for the Docker CLI
+Group: Tools/Docker
+License: Apache-2.0
+URL: https://docs.docker.com/model-runner/
+Vendor: Docker
+Packager: Docker <support@docker.com>
+
+Enhances: docker-ce-cli
+
+BuildRequires: bash
+
+%description
+Docker Model Runner plugin for the Docker CLI.
+
+This plugin provides the 'docker model' subcommand.
+
+%prep
+%setup -q -c -n src -a 0
+
+%build
+GO111MODULE=on make -C ${RPM_BUILD_DIR}/src/model VERSION=%{_model_version} ce-release
+
+%check
+ver="$(${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-model docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
+    test "$ver" = "%{_model_version}" && echo "PASS: docker-model version OK" || (echo "FAIL: docker-model version ($ver) did not match" && exit 1)
+
+%install
+install -D -p -m 0755 ${RPM_BUILD_DIR}/src/model/dist/docker-model ${RPM_BUILD_ROOT}%{_libexecdir}/docker/cli-plugins/docker-model
+
+for f in LICENSE; do
+    install -D -p -m 0644 "${RPM_BUILD_DIR}/src/model/$f" "docker-model-plugin-docs/$f"
+done
+
+%files
+%doc docker-model-plugin-docs/*
+%license docker-model-plugin-docs/LICENSE
+%{_libexecdir}/docker/cli-plugins/docker-model
+
+%post
+
+%preun
+
+%postun
+
+%changelog

rpm/centos-10/Dockerfile

@@ -0,0 +1,35 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=centos
+ARG SUITE=10
+ARG BUILD_IMAGE=quay.io/centos/${DISTRO}:stream${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH=1
+ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+# RHEL8 / CentOS 8 changed behavior and no longer "rpm --import" or
+# "rpmkeys --import"as part of rpm package's %post scriplet. See
+# https://forums.centos.org/viewtopic.php?f=54&t=72574, and
+# https://access.redhat.com/solutions/3720351
+RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
+RUN dnf install -y rpm-build dnf-plugins-core
+RUN dnf config-manager --set-enabled crb
+
+COPY --link SPECS /root/rpmbuild/SPECS
+RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --link --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/centos-7/Dockerfile.x86_64

@@ -1,31 +0,0 @@
-FROM centos:7
-RUN yum groupinstall -y "Development Tools"
-RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs
-RUN yum install -y \
-   glibc-static \
-   btrfs-progs-devel \
-   device-mapper-devel \
-   libseccomp-devel \
-   libselinux-devel \
-   libtool-ltdl-devel \
-   selinux-policy-devel \
-   systemd-devel \
-   pkgconfig \
-   tar \
-   git \
-   cmake \
-   rpmdevtools \
-   vim-common
-
-ENV GO_VERSION 1.7.5
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-RUN mkdir -p /go
-ENV GOPATH=/go
-ENV PATH $PATH:/usr/local/go/bin:/go/bin
-ENV AUTO_GOPATH 1
-ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS seccomp selinux
-RUN mkdir -p /go/src/github.com/docker && mkdir -p /go/src/github.com/opencontainers
-COPY docker-ce.spec /root/rpmbuild/SPECS/docker-ce.spec
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/centos-7/docker-ce.spec

@@ -1,168 +0,0 @@
-Name: docker-ce
-Version: %{_version}
-Release: %{_release}%{?dist}
-Summary: The open-source application container engine
-Group: Tools/Docker
-License: ASL 2.0
-Source0: engine.tgz
-Source1: cli.tgz
-URL: https://www.docker.com
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-# DWZ problem with multiple golang binary, see bug
-# https://bugzilla.redhat.com/show_bug.cgi?id=995136#c12
-%global _dwz_low_mem_die_limit 0
-%global is_systemd 1
-%global with_selinux 1
-
-BuildRequires: pkgconfig(systemd)
-BuildRequires: pkgconfig(libsystemd-journal)
-
-# required packages on install
-Requires: /bin/sh
-Requires: container-selinux >= 2.9
-Requires: iptables
-Requires: libcgroup
-Requires: systemd-units
-Requires: tar
-Requires: xz
-
-# Resolves: rhbz#1165615
-Requires: device-mapper-libs >= 1.02.90-1
-
-# conflicting packages
-Conflicts: docker
-Conflicts: docker-io
-Conflicts: docker-engine-cs
-
-%description
-Docker is an open source project to build, ship and run any application as a
-lightweight container.
-
-Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest EC2 compute instance and
-everything in between - and they don't require you to use a particular
-language, framework or packaging system. That makes them great building blocks
-for deploying and scaling web apps, databases, and backend services without
-depending on a particular stack or provider.
-
-%prep
-%setup -q -c -n src -a 1
-
-%build
-export DOCKER_GITCOMMIT=%{_gitcommit}
-mkdir -p /go/src/github.com/docker
-rm -f /go/src/github.com/docker/cli
-ln -s /root/rpmbuild/BUILD/src/cli /go/src/github.com/docker/cli
-pushd cli
-make VERSION=%{_origversion} GITCOMMIT=%{_gitcommit} dynbinary # cli
-popd
-pushd engine
-TMP_GOPATH="/go" hack/dockerfile/install-binaries.sh runc-dynamic containerd-dynamic proxy-dynamic tini
-hack/make.sh dynbinary
-popd
-# ./man/md2man-all.sh runs outside the build container (if at all), since we don't have go-md2man here
-
-%check
-cli/build/docker -v
-engine/bundles/%{_origversion}/dynbinary-daemon/dockerd -v
-
-%install
-# install binary
-install -d $RPM_BUILD_ROOT/%{_bindir}
-install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker
-install -p -m 755 engine/bundles/%{_origversion}/dynbinary-daemon/dockerd-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/dockerd
-
-# install proxy
-install -p -m 755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
-
-# install containerd
-install -p -m 755 /usr/local/bin/docker-containerd $RPM_BUILD_ROOT/%{_bindir}/docker-containerd
-install -p -m 755 /usr/local/bin/docker-containerd-shim $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-shim
-install -p -m 755 /usr/local/bin/docker-containerd-ctr $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-ctr
-
-# install runc
-install -p -m 755 /usr/local/bin/docker-runc $RPM_BUILD_ROOT/%{_bindir}/docker-runc
-
-# install tini
-install -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
-
-# install udev rules
-install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d
-install -p -m 644 engine/contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules
-
-# add init scripts
-install -d $RPM_BUILD_ROOT/etc/sysconfig
-install -d $RPM_BUILD_ROOT/%{_initddir}
-install -d $RPM_BUILD_ROOT/%{_unitdir}
-install -p -m 644 engine/contrib/init/systemd/docker.service.rpm $RPM_BUILD_ROOT/%{_unitdir}/docker.service
-# add bash, zsh, and fish completions
-install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
-install -d $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions
-install -d $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d
-install -p -m 644 engine/contrib/completion/bash/docker $RPM_BUILD_ROOT/usr/share/bash-completion/completions/docker
-install -p -m 644 engine/contrib/completion/zsh/_docker $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions/_docker
-install -p -m 644 engine/contrib/completion/fish/docker.fish $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d/docker.fish
-
-# install manpages
-install -d %{buildroot}%{_mandir}/man1
-#install -p -m 644 man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1
-install -d %{buildroot}%{_mandir}/man5
-#install -p -m 644 man/man5/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5
-install -d %{buildroot}%{_mandir}/man8
-#install -p -m 644 man/man8/*.8 $RPM_BUILD_ROOT/%{_mandir}/man8
-
-# add vimfiles
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax
-install -p -m 644 engine/contrib/syntax/vim/doc/dockerfile.txt $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc/dockerfile.txt
-install -p -m 644 engine/contrib/syntax/vim/ftdetect/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-install -p -m 644 engine/contrib/syntax/vim/syntax/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax/dockerfile.vim
-
-# add nano
-install -d $RPM_BUILD_ROOT/usr/share/nano
-install -p -m 644 engine/contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/share/nano/Dockerfile.nanorc
-
-# list files owned by the package here
-%files
-%doc engine/AUTHORS engine/CHANGELOG.md engine/CONTRIBUTING.md engine/LICENSE engine/MAINTAINERS engine/NOTICE engine/README.md
-/%{_bindir}/docker
-/%{_bindir}/dockerd
-/%{_bindir}/docker-containerd
-/%{_bindir}/docker-containerd-shim
-/%{_bindir}/docker-containerd-ctr
-/%{_bindir}/docker-proxy
-/%{_bindir}/docker-runc
-/%{_bindir}/docker-init
-/%{_sysconfdir}/udev/rules.d/80-docker.rules
-/%{_unitdir}/docker.service
-/usr/share/bash-completion/completions/docker
-/usr/share/zsh/vendor-completions/_docker
-/usr/share/fish/vendor_completions.d/docker.fish
-%doc
-#/%{_mandir}/man1/*
-#/%{_mandir}/man5/*
-#/%{_mandir}/man8/*
-/usr/share/vim/vimfiles/doc/dockerfile.txt
-/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-/usr/share/vim/vimfiles/syntax/dockerfile.vim
-/usr/share/nano/Dockerfile.nanorc
-
-%post
-%systemd_post docker
-if ! getent group docker > /dev/null; then
-    groupadd --system docker
-fi
-
-%preun
-%systemd_preun docker
-
-%postun
-%systemd_postun_with_restart docker
-
-%changelog
-
-* Wed May 10 2017 <andrewhsu@docker.com> 17.06.0-dev
-- Initial RPM release

rpm/centos-9/Dockerfile

@@ -0,0 +1,35 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=centos
+ARG SUITE=9
+ARG BUILD_IMAGE=quay.io/centos/${DISTRO}:stream${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH=1
+ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+# RHEL8 / CentOS 8 changed behavior and no longer "rpm --import" or
+# "rpmkeys --import"as part of rpm package's %post scriplet. See
+# https://forums.centos.org/viewtopic.php?f=54&t=72574, and
+# https://access.redhat.com/solutions/3720351
+RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+RUN dnf install -y rpm-build dnf-plugins-core
+RUN dnf config-manager --set-enabled crb
+
+COPY --link SPECS /root/rpmbuild/SPECS
+RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --link --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-24/Dockerfile.x86_64

@@ -1,15 +0,0 @@
-FROM fedora:24
-RUN dnf -y upgrade
-RUN dnf install -y @development-tools fedora-packager
-RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel systemd-devel tar git cmake vim-common
-ENV GO_VERSION 1.8.1
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-ENV AUTO_GOPATH 1
-ENV GOPATH /go
-ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS seccomp selinux
-RUN mkdir -p /go/src/github.com/docker && mkdir -p /go/src/github.com/opencontainers
-COPY docker-ce.spec /root/rpmbuild/SPECS/docker-ce.spec
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-24/docker-ce.spec

@@ -1,168 +0,0 @@
-Name: docker-ce
-Version: %{_version}
-Release: %{_release}%{?dist}
-Summary: The open-source application container engine
-Group: Tools/Docker
-License: ASL 2.0
-Source0: engine.tgz
-Source1: cli.tgz
-URL: https://www.docker.com
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-# DWZ problem with multiple golang binary, see bug
-# https://bugzilla.redhat.com/show_bug.cgi?id=995136#c12
-%global _dwz_low_mem_die_limit 0
-%global is_systemd 1
-%global selinux_policyver 3.13.1-191
-%global with_selinux 1
-
-BuildRequires: pkgconfig(systemd)
-BuildRequires: pkgconfig(libsystemd-journal)
-
-# required packages on install
-Requires: /bin/sh
-Requires: iptables
-Requires: libcgroup
-Requires: systemd-units
-Requires: tar
-Requires: xz
-
-# Resolves: rhbz#1165615
-Requires: device-mapper-libs >= 1.02.90-1
-
-# conflicting packages
-Conflicts: docker
-Conflicts: docker-io
-Conflicts: docker-engine-cs
-
-%description
-Docker is an open source project to build, ship and run any application as a
-lightweight container.
-
-Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest EC2 compute instance and
-everything in between - and they don't require you to use a particular
-language, framework or packaging system. That makes them great building blocks
-for deploying and scaling web apps, databases, and backend services without
-depending on a particular stack or provider.
-
-%prep
-%setup -q -c -n src -a 1
-
-%build
-export DOCKER_GITCOMMIT=%{_gitcommit}
-mkdir -p /go/src/github.com/docker
-rm -f /go/src/github.com/docker/cli
-ln -s /root/rpmbuild/BUILD/src/cli /go/src/github.com/docker/cli
-pushd cli
-make VERSION=%{_origversion} GITCOMMIT=%{_gitcommit} dynbinary # cli
-popd
-pushd engine
-TMP_GOPATH="/go" hack/dockerfile/install-binaries.sh runc-dynamic containerd-dynamic proxy-dynamic tini
-hack/make.sh dynbinary
-popd
-# ./man/md2man-all.sh runs outside the build container (if at all), since we don't have go-md2man here
-
-%check
-cli/build/docker -v
-engine/bundles/%{_origversion}/dynbinary-daemon/dockerd -v
-
-%install
-# install binary
-install -d $RPM_BUILD_ROOT/%{_bindir}
-install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker
-install -p -m 755 engine/bundles/%{_origversion}/dynbinary-daemon/dockerd-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/dockerd
-
-# install proxy
-install -p -m 755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
-
-# install containerd
-install -p -m 755 /usr/local/bin/docker-containerd $RPM_BUILD_ROOT/%{_bindir}/docker-containerd
-install -p -m 755 /usr/local/bin/docker-containerd-shim $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-shim
-install -p -m 755 /usr/local/bin/docker-containerd-ctr $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-ctr
-
-# install runc
-install -p -m 755 /usr/local/bin/docker-runc $RPM_BUILD_ROOT/%{_bindir}/docker-runc
-
-# install tini
-install -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
-
-# install udev rules
-install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d
-install -p -m 644 engine/contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules
-
-# add init scripts
-install -d $RPM_BUILD_ROOT/etc/sysconfig
-install -d $RPM_BUILD_ROOT/%{_initddir}
-install -d $RPM_BUILD_ROOT/%{_unitdir}
-install -p -m 644 engine/contrib/init/systemd/docker.service.rpm $RPM_BUILD_ROOT/%{_unitdir}/docker.service
-# add bash, zsh, and fish completions
-install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
-install -d $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions
-install -d $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d
-install -p -m 644 engine/contrib/completion/bash/docker $RPM_BUILD_ROOT/usr/share/bash-completion/completions/docker
-install -p -m 644 engine/contrib/completion/zsh/_docker $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions/_docker
-install -p -m 644 engine/contrib/completion/fish/docker.fish $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d/docker.fish
-
-# install manpages
-install -d %{buildroot}%{_mandir}/man1
-#install -p -m 644 man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1
-install -d %{buildroot}%{_mandir}/man5
-#install -p -m 644 man/man5/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5
-install -d %{buildroot}%{_mandir}/man8
-#install -p -m 644 man/man8/*.8 $RPM_BUILD_ROOT/%{_mandir}/man8
-
-# add vimfiles
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax
-install -p -m 644 engine/contrib/syntax/vim/doc/dockerfile.txt $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc/dockerfile.txt
-install -p -m 644 engine/contrib/syntax/vim/ftdetect/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-install -p -m 644 engine/contrib/syntax/vim/syntax/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax/dockerfile.vim
-
-# add nano
-install -d $RPM_BUILD_ROOT/usr/share/nano
-install -p -m 644 engine/contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/share/nano/Dockerfile.nanorc
-
-# list files owned by the package here
-%files
-%doc engine/AUTHORS engine/CHANGELOG.md engine/CONTRIBUTING.md engine/LICENSE engine/MAINTAINERS engine/NOTICE engine/README.md
-/%{_bindir}/docker
-/%{_bindir}/dockerd
-/%{_bindir}/docker-containerd
-/%{_bindir}/docker-containerd-shim
-/%{_bindir}/docker-containerd-ctr
-/%{_bindir}/docker-proxy
-/%{_bindir}/docker-runc
-/%{_bindir}/docker-init
-/%{_sysconfdir}/udev/rules.d/80-docker.rules
-/%{_unitdir}/docker.service
-/usr/share/bash-completion/completions/docker
-/usr/share/zsh/vendor-completions/_docker
-/usr/share/fish/vendor_completions.d/docker.fish
-%doc
-#/%{_mandir}/man1/*
-#/%{_mandir}/man5/*
-#/%{_mandir}/man8/*
-/usr/share/vim/vimfiles/doc/dockerfile.txt
-/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-/usr/share/vim/vimfiles/syntax/dockerfile.vim
-/usr/share/nano/Dockerfile.nanorc
-
-%post
-%systemd_post docker
-if ! getent group docker > /dev/null; then
-    groupadd --system docker
-fi
-
-%preun
-%systemd_preun docker
-
-%postun
-%systemd_postun_with_restart docker
-
-%changelog
-
-* Wed May 10 2017 <andrewhsu@docker.com> 17.06.0-dev
-- Initial RPM release

rpm/fedora-25/Dockerfile.x86_64

@@ -1,15 +0,0 @@
-FROM fedora:25
-RUN dnf -y upgrade
-RUN dnf install -y @development-tools fedora-packager
-RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel systemd-devel tar git cmake vim-common
-ENV GO_VERSION 1.8.1
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV PATH $PATH:/usr/local/go/bin
-ENV AUTO_GOPATH 1
-ENV GOPATH /go
-ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
-ENV RUNC_BUILDTAGS seccomp selinux
-RUN mkdir -p /go/src/github.com/docker && mkdir -p /go/src/github.com/opencontainers
-COPY docker-ce.spec /root/rpmbuild/SPECS/docker-ce.spec
-WORKDIR /root/rpmbuild
-ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-25/docker-ce.spec

@@ -1,167 +0,0 @@
-Name: docker-ce
-Version: %{_version}
-Release: %{_release}%{?dist}
-Summary: The open-source application container engine
-Group: Tools/Docker
-License: ASL 2.0
-Source0: engine.tgz
-Source1: cli.tgz
-URL: https://www.docker.com
-Vendor: Docker
-Packager: Docker <support@docker.com>
-
-# DWZ problem with multiple golang binary, see bug
-# https://bugzilla.redhat.com/show_bug.cgi?id=995136#c12
-%global _dwz_low_mem_die_limit 0
-%global is_systemd 1
-%global with_selinux 1
-
-BuildRequires: pkgconfig(systemd)
-
-# required packages on install
-Requires: /bin/sh
-Requires: container-selinux >= 2.9
-Requires: iptables
-Requires: libcgroup
-Requires: systemd-units
-Requires: tar
-Requires: xz
-
-# Resolves: rhbz#1165615
-Requires: device-mapper-libs >= 1.02.90-1
-
-# conflicting packages
-Conflicts: docker
-Conflicts: docker-io
-Conflicts: docker-engine-cs
-
-%description
-Docker is an open source project to build, ship and run any application as a
-lightweight container.
-
-Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest EC2 compute instance and
-everything in between - and they don't require you to use a particular
-language, framework or packaging system. That makes them great building blocks
-for deploying and scaling web apps, databases, and backend services without
-depending on a particular stack or provider.
-
-%prep
-%setup -q -c -n src -a 1
-
-%build
-export DOCKER_GITCOMMIT=%{_gitcommit}
-mkdir -p /go/src/github.com/docker
-rm -f /go/src/github.com/docker/cli
-ln -s /root/rpmbuild/BUILD/src/cli /go/src/github.com/docker/cli
-pushd cli
-make VERSION=%{_origversion} GITCOMMIT=%{_gitcommit} dynbinary # cli
-popd
-pushd engine
-TMP_GOPATH="/go" hack/dockerfile/install-binaries.sh runc-dynamic containerd-dynamic proxy-dynamic tini
-hack/make.sh dynbinary
-popd
-# ./man/md2man-all.sh runs outside the build container (if at all), since we don't have go-md2man here
-
-%check
-cli/build/docker -v
-engine/bundles/%{_origversion}/dynbinary-daemon/dockerd -v
-
-%install
-# install binary
-install -d $RPM_BUILD_ROOT/%{_bindir}
-install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker
-install -p -m 755 engine/bundles/%{_origversion}/dynbinary-daemon/dockerd-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/dockerd
-
-# install proxy
-install -p -m 755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
-
-# install containerd
-install -p -m 755 /usr/local/bin/docker-containerd $RPM_BUILD_ROOT/%{_bindir}/docker-containerd
-install -p -m 755 /usr/local/bin/docker-containerd-shim $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-shim
-install -p -m 755 /usr/local/bin/docker-containerd-ctr $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-ctr
-
-# install runc
-install -p -m 755 /usr/local/bin/docker-runc $RPM_BUILD_ROOT/%{_bindir}/docker-runc
-
-# install tini
-install -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
-
-# install udev rules
-install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d
-install -p -m 644 engine/contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules
-
-# add init scripts
-install -d $RPM_BUILD_ROOT/etc/sysconfig
-install -d $RPM_BUILD_ROOT/%{_initddir}
-install -d $RPM_BUILD_ROOT/%{_unitdir}
-install -p -m 644 engine/contrib/init/systemd/docker.service.rpm $RPM_BUILD_ROOT/%{_unitdir}/docker.service
-# add bash, zsh, and fish completions
-install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
-install -d $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions
-install -d $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d
-install -p -m 644 engine/contrib/completion/bash/docker $RPM_BUILD_ROOT/usr/share/bash-completion/completions/docker
-install -p -m 644 engine/contrib/completion/zsh/_docker $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions/_docker
-install -p -m 644 engine/contrib/completion/fish/docker.fish $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d/docker.fish
-
-# install manpages
-install -d %{buildroot}%{_mandir}/man1
-#install -p -m 644 man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1
-install -d %{buildroot}%{_mandir}/man5
-#install -p -m 644 man/man5/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5
-install -d %{buildroot}%{_mandir}/man8
-#install -p -m 644 man/man8/*.8 $RPM_BUILD_ROOT/%{_mandir}/man8
-
-# add vimfiles
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect
-install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax
-install -p -m 644 engine/contrib/syntax/vim/doc/dockerfile.txt $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc/dockerfile.txt
-install -p -m 644 engine/contrib/syntax/vim/ftdetect/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-install -p -m 644 engine/contrib/syntax/vim/syntax/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax/dockerfile.vim
-
-# add nano
-install -d $RPM_BUILD_ROOT/usr/share/nano
-install -p -m 644 engine/contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/share/nano/Dockerfile.nanorc
-
-# list files owned by the package here
-%files
-%doc engine/AUTHORS engine/CHANGELOG.md engine/CONTRIBUTING.md engine/LICENSE engine/MAINTAINERS engine/NOTICE engine/README.md
-/%{_bindir}/docker
-/%{_bindir}/dockerd
-/%{_bindir}/docker-containerd
-/%{_bindir}/docker-containerd-shim
-/%{_bindir}/docker-containerd-ctr
-/%{_bindir}/docker-proxy
-/%{_bindir}/docker-runc
-/%{_bindir}/docker-init
-/%{_sysconfdir}/udev/rules.d/80-docker.rules
-/%{_unitdir}/docker.service
-/usr/share/bash-completion/completions/docker
-/usr/share/zsh/vendor-completions/_docker
-/usr/share/fish/vendor_completions.d/docker.fish
-%doc
-#/%{_mandir}/man1/*
-#/%{_mandir}/man5/*
-#/%{_mandir}/man8/*
-/usr/share/vim/vimfiles/doc/dockerfile.txt
-/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
-/usr/share/vim/vimfiles/syntax/dockerfile.vim
-/usr/share/nano/Dockerfile.nanorc
-
-%post
-%systemd_post docker
-if ! getent group docker > /dev/null; then
-    groupadd --system docker
-fi
-
-%preun
-%systemd_preun docker
-
-%postun
-%systemd_postun_with_restart docker
-
-%changelog
-
-* Wed May 10 2017 <andrewhsu@docker.com> 17.06.0-dev
-- Initial RPM release

rpm/fedora-41/Dockerfile

@@ -0,0 +1,50 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=fedora
+ARG SUITE=41
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH=1
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+RUN dnf install -y rpm-build dnf-plugins-core
+# FIXME(thaJeztah): workaround for building on Fedora 41 on arm64
+#
+# This is the equivalent of https://github.com/docker/containerd-packaging/pull/390
+# for containerd packages, but unlike for containerd packages, we currently do
+# not run into this issue when building docker-ce packages. We're installing
+# this as a precaution, but perhaps it's not needed.
+#
+# go1.21 and up have a patch that enforces the use of ld.gold to work around
+# a bug in GNU binutils. See;
+# - https://github.com/golang/go/issues/22040.
+# - https://github.com/golang/go/commit/cd77738198ffe0c4a1db58352c89f9b2d2a4e85e
+#
+# Fedora 41 and up has a fixed version of binutils, and no longer requires that
+# patch, but may fail without ld.gold installed;
+#
+#   /usr/bin/gcc -Wl,-z,now -Wl,-z,nocopyreloc -fuse-ld=gold -o $WORK/b001/exe/a.out -rdynamic /tmp/go-link-1738353519/go.o /tmp/go-link-1738353519/000000.o /tmp/go-link-1738353519/000001.o /tmp/go-link-1738353519/000002.o /tmp/go-link-1738353519/000003.o /tmp/go-link-1738353519/000004.o /tmp/go-link-1738353519/000005.o /tmp/go-link-1738353519/000006.o /tmp/go-link-1738353519/000007.o /tmp/go-link-1738353519/000008.o /tmp/go-link-1738353519/000009.o /tmp/go-link-1738353519/000010.o /tmp/go-link-1738353519/000011.o /tmp/go-link-1738353519/000012.o /tmp/go-link-1738353519/000013.o /tmp/go-link-1738353519/000014.o /tmp/go-link-1738353519/000015.o /tmp/go-link-1738353519/000016.o /tmp/go-link-1738353519/000017.o /tmp/go-link-1738353519/000018.o /tmp/go-link-1738353519/000019.o /tmp/go-link-1738353519/000020.o /tmp/go-link-1738353519/000021.o /tmp/go-link-1738353519/000022.o /tmp/go-link-1738353519/000023.o /tmp/go-link-1738353519/000024.o -O2 -g -lresolv -O2 -g -lpthread -O2 -g -ldl -O2 -g
+#   collect2: fatal error: cannot find 'ld'
+#
+# Fedora's build of Go carries a patch for that, but it's not (yet) in upstream;
+# - https://src.fedoraproject.org/rpms/golang/blob/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77/f/0006-Default-to-ld.bfd-on-ARM64.patch
+# - https://src.fedoraproject.org/rpms/golang/c/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77?branch=rawhide
+#
+# As a workaround; install binutils-gold
+RUN if [ "$(arch)" = 'aarch64' ]; then dnf -y install binutils-gold; fi
+COPY --link SPECS /root/rpmbuild/SPECS
+RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --link --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/fedora-42/Dockerfile

@@ -0,0 +1,51 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=fedora
+ARG SUITE=42
+ARG BUILD_IMAGE=${DISTRO}:${SUITE}
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE}
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH=1
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+RUN dnf install -y rpm-build dnf-plugins-core
+# FIXME(thaJeztah): workaround for building on Fedora 41 and up on arm64
+#
+# This is the equivalent of https://github.com/docker/containerd-packaging/pull/390
+# for containerd packages, but unlike for containerd packages, we currently do
+# not run into this issue when building docker-ce packages. We're installing
+# this as a precaution, but perhaps it's not needed.
+#
+# go1.21 and up have a patch that enforces the use of ld.gold to work around
+# a bug in GNU binutils. See;
+# - https://github.com/golang/go/issues/22040.
+# - https://github.com/golang/go/commit/cd77738198ffe0c4a1db58352c89f9b2d2a4e85e
+#
+# Fedora 41 and up has a fixed version of binutils, and no longer requires that
+# patch, but may fail without ld.gold installed;
+#
+#   /usr/bin/gcc -Wl,-z,now -Wl,-z,nocopyreloc -fuse-ld=gold -o $WORK/b001/exe/a.out -rdynamic /tmp/go-link-1738353519/go.o /tmp/go-link-1738353519/000000.o /tmp/go-link-1738353519/000001.o /tmp/go-link-1738353519/000002.o /tmp/go-link-1738353519/000003.o /tmp/go-link-1738353519/000004.o /tmp/go-link-1738353519/000005.o /tmp/go-link-1738353519/000006.o /tmp/go-link-1738353519/000007.o /tmp/go-link-1738353519/000008.o /tmp/go-link-1738353519/000009.o /tmp/go-link-1738353519/000010.o /tmp/go-link-1738353519/000011.o /tmp/go-link-1738353519/000012.o /tmp/go-link-1738353519/000013.o /tmp/go-link-1738353519/000014.o /tmp/go-link-1738353519/000015.o /tmp/go-link-1738353519/000016.o /tmp/go-link-1738353519/000017.o /tmp/go-link-1738353519/000018.o /tmp/go-link-1738353519/000019.o /tmp/go-link-1738353519/000020.o /tmp/go-link-1738353519/000021.o /tmp/go-link-1738353519/000022.o /tmp/go-link-1738353519/000023.o /tmp/go-link-1738353519/000024.o -O2 -g -lresolv -O2 -g -lpthread -O2 -g -ldl -O2 -g
+#   collect2: fatal error: cannot find 'ld'
+#
+# Fedora's build of Go carries a patch for that, but it's not (yet) in upstream;
+# - https://src.fedoraproject.org/rpms/golang/blob/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77/f/0006-Default-to-ld.bfd-on-ARM64.patch
+# - https://src.fedoraproject.org/rpms/golang/c/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77?branch=rawhide
+#
+# As a workaround; install binutils-gold
+RUN if [ "$(rpm --query --queryformat='%{ARCH}' rpm)" = 'aarch64' ] && ! command -v ld.gold; then dnf -y install binutils-gold; fi
+
+COPY --link SPECS /root/rpmbuild/SPECS
+RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --link --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/gen-rpm-ver

@@ -1,45 +1,115 @@
 #!/usr/bin/env bash
 
-ENGINE_DIR=$1
-VERSION=$2
+REPO_DIR="$1"
+VERSION="$2"
 
-[[ $# < 2 ]] && echo 'not enough args' && exit 1
+if [ -z "$REPO_DIR" ] || [ -z "$VERSION" ]; then
+	# shellcheck disable=SC2016
+	echo 'usage: ./gen-rpm-ver ${REPO_DIR} ${VERSION}'
+	exit 1
+fi
 
-GIT_COMMAND="git -C $ENGINE_DIR"
-rpmName=docker-ce
-rpmVersion="$VERSION"
+GIT_COMMAND="git -C $REPO_DIR"
+origVersion="$VERSION"
+rpmVersion="${VERSION#v}"
+
+# rpm "Release:" field ($rpmRelease) is used to set the "_release" macro, which
+# is an incremental number for builds of the same release (Version: / #rpmVersion).
+#
+# This field can be:
+#
+# - Version: 0   : Package was built, but no matching upstream release (e.g., can be used for "nightly" builds)
+# - Version: 1   : Package was built for an upstream (pre)release version
+# - Version: > 1 : Only to be used for packaging-only changes (new package built for a version for which a package was already built/released)
+#
+# For details, see the Fedora packaging guide:
+# https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_complex_versioning_with_a_reasonable_upstream
+#
+# Note that older versions of the rpm spec allowed more traditional information
+# in this field, which is still allowed, but considered deprecated; see
+# https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_complex_versioning_with_a_reasonable_upstream
+#
+# In our case, this means that all releases, except for "nightly" builds should
+# use "Version: 1". Only in an exceptional case, where we need to publish a new
+# package (build) for an existing release, "Version: 2" should be used; this script
+# does not currently account for that situation.
+#
+# Assuming all tagged version of rpmRelease correspond with an upstream release,
+# this means that versioning is as follows:
+#
+# Docker 23.0.0:         version=23.0.0, release=1
+# Docker 23.0.0-alpha.1: version=23.0.0, release=1
+# Docker 23.0.0-beta.1:  version=23.0.0, release=1
+# Docker 23.0.0-rc.1:    version=23.0.0, release=1
+# Docker 23.0.0-dev:     version=0.0.0~YYYYMMDDHHMMSS.gitHASH, release=0
 rpmRelease=1
 
-# rpmRelease versioning is as follows
-# Docker 1.7.0:  version=1.7.0, release=1
-# Docker 1.7.0-rc1: version=1.7.0, release=0.1.rc1
-# Docker 1.7.0-cs1: version=1.7.0.cs1, release=1
-# Docker 1.7.0-cs1-rc1: version=1.7.0.cs1, release=0.1.rc1
-# Docker 1.7.0-dev nightly: version=1.7.0, release=0.0.YYYYMMDD.HHMMSS.gitHASH
-
-# if we have a "-rc*" suffix, set appropriate release
-if [[ "$rpmVersion" =~ .*-rc[0-9]+$ ]] ; then
-    rcVersion=${rpmVersion#*-rc}
-    rpmVersion=${rpmVersion%-rc*}
-    rpmRelease="0.${rcVersion}.rc${rcVersion}"
-fi
+# rpm packages require a tilde (~) instead of a hyphen (-) as separator between
+# the version # and pre-release suffixes, otherwise pre-releases are sorted AFTER
+# non-pre-release versions, which would prevent users from updating from a pre-
+# release version to the "ga" version.
+#
+# For details, see the Fedora packaging guide:
+# https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_handling_non_sorting_versions_with_tilde_dot_and_caret
+#
+# > The tilde symbol (‘~’) is used before a version component which must sort
+# > earlier than any non-tilde component. It is used for any pre-release versions
+# > which wouldn’t otherwise sort appropriately.
+# >
+# > For example, with upstream releases 0.4.0, 0.4.1, 0.5.0-rc1, 0.5.0-rc2, 0.5.0,
+# > the two "release candidates" should use 0.5.0~rc1 and 0.5.0~rc2 in the Version:
+# > field. Bugfix or "patchlevel" releases that some upstream make should be handled
+# > using simple versioning. The separator used by upstream may need to be replaced
+# > by a dot or dropped.
+# >
+# > For example, if the same upstream released 0.5.0-post1 as a bugfix version,
+# > this "post-release" should use 0.5.0.post1 in the Version: field. Note that
+# > 0.5.0.post1 sorts lower than both 0.5.1 and 0.5.0.1.
+#
+# The code below replaces hyphens with tildes. Note that an intermediate $tilde
+# variable is needed to make this work on all versions of Bash. In some versions
+# of Bash, the tilde would be substituted with $HOME (even when escaped (\~) or
+# quoted ('~').
+tilde='~'
+rpmVersion="${rpmVersion//-/$tilde}"
 
 DOCKER_GITCOMMIT=$($GIT_COMMAND rev-parse --short HEAD)
 if [ -n "$($GIT_COMMAND status --porcelain --untracked-files=no)" ]; then
-    DOCKER_GITCOMMIT="$DOCKER_GITCOMMIT-unsupported"
+	DOCKER_GITCOMMIT="$DOCKER_GITCOMMIT-unsupported"
 fi
 
-# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
-if [[ "$rpmVersion" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
-    gitUnix="$($GIT_COMMAND log -1 --pretty='%at')"
-    gitDate="$(date --date "@$gitUnix" +'%Y%m%d.%H%M%S')"
-    gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
-    gitVersion="${gitDate}.git${gitCommit}"
-    # gitVersion is now something like '20150128.112847.17e840a'
-    rpmVersion="${rpmVersion%-dev}"
-    rpmRelease="0.0.$gitVersion"
+# if we have a "-dev" suffix or have change in Git, this is a nightly build, and
+# we'll create a pseudo version based on commit-date and -sha.
+if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
+	export TZ=UTC
+
+	# based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+	#
+	# using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
+	# where the time is the commit time in UTC and the final suffix is the prefix
+	# of the commit hash. The time portion ensures that two pseudo-versions can
+	# be compared to determine which happened later, the commit hash identifes
+	# the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+	# as a pre-release before version v0.0.0, so that the go command prefers any
+	# tagged release over any pseudo-version.
+	gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+
+	if [ "$(uname)" = "Darwin" ]; then
+		# Using BSD date (macOS), which doesn't support the --date option
+		# date -jf "<input format>" "<input value>" +"<output format>" (https://unix.stackexchange.com/a/86510)
+		gitDate="$(TZ=UTC date -u -jf "%s" "$gitUnix" +'%Y%m%d%H%M%S')"
+	else
+		# Using GNU date (Linux)
+		gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
+	fi
+
+	gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
+	# generated version is now something like '0.0.0-20180719213702-cd5e2db'
+	origVersion="0.0.0-${gitDate}-${gitCommit}" # (using hyphens)
+	rpmVersion="0.0.0~${gitDate}.${gitCommit}"  # (using tilde and periods)
+	rpmRelease=0
 fi
 
-# Replace any other dashes with periods
-rpmVersion="${rpmVersion/-/.}"
-echo $rpmVersion $rpmRelease $DOCKER_GITCOMMIT
+# Replace any remaining dashes with periods
+rpmVersion="${rpmVersion//-/.}"
+echo "$rpmVersion $rpmRelease $DOCKER_GITCOMMIT $origVersion"

rpm/rhel-8/Dockerfile

@@ -0,0 +1,45 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=rhel
+ARG SUITE=8
+ARG BUILD_IMAGE=registry.access.redhat.com/ubi8/ubi
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE} AS subscribed-image
+RUN --mount=type=secret,id=rh-user --mount=type=secret,id=rh-pass <<-EOT
+	rm -f /etc/rhsm-host
+
+	if [ ! -f /run/secrets/rh-user ] || [ ! -f /run/secrets/rh-pass ]; then
+		echo "Either RH_USER or RH_PASS is not set. Running build without subscription."
+	else
+		subscription-manager register \
+			--username="$(cat /run/secrets/rh-user)" \
+			--password="$(cat /run/secrets/rh-pass)"
+
+		subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms
+		# dnf config-manager --set-enabled codeready-builder-for-rhel-8-$(arch)-rpms
+	fi
+EOT
+
+FROM subscribed-image
+
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH=1
+ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+RUN dnf install -y rpm-build
+COPY --link SPECS /root/rpmbuild/SPECS
+RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --link --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

rpm/rhel-9/Dockerfile

@@ -0,0 +1,45 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_IMAGE=golang:latest
+ARG DISTRO=rhel
+ARG SUITE=9
+ARG BUILD_IMAGE=registry.access.redhat.com/ubi9/ubi
+
+FROM ${GO_IMAGE} AS golang
+
+FROM ${BUILD_IMAGE} AS subscribed-image
+RUN --mount=type=secret,id=rh-user --mount=type=secret,id=rh-pass <<-EOT
+	rm -f /etc/rhsm-host
+
+	if [ ! -f /run/secrets/rh-user ] || [ ! -f /run/secrets/rh-pass ]; then
+		echo "Either RH_USER or RH_PASS is not set. Running build without subscription."
+	else
+		subscription-manager register \
+			--username="$(cat /run/secrets/rh-user)" \
+			--password="$(cat /run/secrets/rh-pass)"
+
+		subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
+		# dnf config-manager --set-enabled codeready-builder-for-rhel-9-$(arch)-rpms
+	fi
+EOT
+
+FROM subscribed-image
+
+ENV GOPROXY=https://proxy.golang.org|direct
+ENV GO111MODULE=on
+ENV GOPATH=/go
+ENV GOTOOLCHAIN=local
+ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH=1
+ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs
+ARG DISTRO
+ARG SUITE
+ENV DISTRO=${DISTRO}
+ENV SUITE=${SUITE}
+
+RUN dnf install -y rpm-build
+COPY --link SPECS /root/rpmbuild/SPECS
+RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec
+COPY --link --from=golang /usr/local/go /usr/local/go
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

scripts/checkout.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env sh
+
+#   Copyright 2018-2020 Docker Inc.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+checkout() (
+	set -ex
+	SRC="$1"
+	REF="$2"
+	REF_FETCH="$REF"
+	# if ref is branch or tag, retrieve its canonical form
+	REF=$(git -C "$SRC" ls-remote --refs --heads --tags origin "$REF" | awk '{print $2}')
+	if [ -n "$REF" ]; then
+		# if branch or tag then create it locally too
+		REF_FETCH="$REF:$REF"
+	else
+		REF="FETCH_HEAD"
+	fi
+	git -C "$SRC" fetch --update-head-ok --depth 1 origin "$REF_FETCH"
+	git -C "$SRC" checkout -q "$REF"
+)
+
+
+# Only execute checkout function above if this file is executed, not sourced from another script
+prog=checkout.sh # needs to be in sync with this file's name
+if [ "$(basename -- $0)" = "$prog" ]; then
+	checkout $*
+fi

static/Makefile

@@ -1,54 +1,115 @@
-SHELL:=/bin/bash
-ENGINE_DIR:=$(CURDIR)/../../engine
-CLI_DIR:=$(CURDIR)/../../cli
-ENGINE_VER=$(shell cat $(ENGINE_DIR)/VERSION)
-VERSION=$(shell cat $(ENGINE_DIR)/VERSION)
-CHOWN=docker run --rm -v $(CURDIR):/v -w /v alpine chown
+include ../common.mk
 
-.PHONY: help clean static static-linux cross-mac cross-win cross-arm static-cli static-engine cross-all-cli cross-win-engine
+CLI_DIR=$(realpath $(CURDIR)/../src/github.com/docker/cli)
+ENGINE_DIR=$(realpath $(CURDIR)/../src/github.com/docker/docker)
+BUILDX_DIR=$(realpath $(CURDIR)/../src/github.com/docker/buildx)
 
+ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD)
+
+GEN_STATIC_VER=$(shell ./gen-static-ver $(CLI_DIR) $(VERSION))
+HASH_CMD=docker run -v $(CURDIR):/sum -w /sum debian:jessie bash hash_files
+DIR_TO_HASH:=build/linux
+DOCKER_CLI_GOLANG_IMG=golang:$(GO_VERSION)
+
+DOCKER_BUILD_OPTS=
+
+ifneq ($(strip $(CONTAINERD_VERSION)),)
+# Set custom build-args to override the containerd version to build for static
+# packages.
+DOCKER_BUILD_OPTS +=--build-arg=CONTAINERD_VERSION=$(CONTAINERD_VERSION)
+endif
+
+ifneq ($(strip $(RUNC_VERSION)),)
+# Set custom build-args to override the runc version to build for static packages.
+DOCKER_BUILD_OPTS +=--build-arg=RUNC_VERSION=$(RUNC_VERSION)
+endif
+
+ENGINE_BUILD_OPTS=--build-arg VERSION=$(GEN_STATIC_VER) --build-arg DOCKER_GITCOMMIT=$(ENGINE_GITCOMMIT) --build-arg DEFAULT_PRODUCT_LICENSE --build-arg PACKAGER_NAME --build-arg PLATFORM $(DOCKER_BUILD_OPTS)
+
+.PHONY: help
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 
+.PHONY: clean
 clean: ## remove build artifacts
-	$(CHOWN) -R $(shell id -u):$(shell id -g) build
+	[ ! -d build ] || $(CHOWN) -R $(shell id -u):$(shell id -g) build
 	$(RM) -r build
+	-docker builder prune -f --filter until=24h
 
+.PHONY: static
 static: static-linux cross-mac cross-win cross-arm ## create all static packages
 
-static-linux: static-cli static-engine ## create tgz with linux x86_64 client and server
+.PHONY: static-linux
+static-linux: static-cli static-engine static-buildx-plugin ## create tgz
 	mkdir -p build/linux/docker
 	cp $(CLI_DIR)/build/docker build/linux/docker/
-	for f in dockerd docker-containerd docker-containerd-ctr docker-containerd-shim docker-init docker-proxy docker-runc; do \
-		cp $(ENGINE_DIR)/bundles/$(ENGINE_VER)/binary-daemon/$$f build/linux/docker; \
+	for f in dockerd containerd ctr containerd-shim containerd-shim-runc-v2 docker-init docker-proxy runc; do \
+		cp -L $(ENGINE_DIR)/bundles/binary/$$f build/linux/docker/$$f; \
 	done
-	tar -C build/linux -c -z -f build/linux/docker-$(VERSION).tgz docker
+	tar -C build/linux -c -z -f build/linux/docker-$(GEN_STATIC_VER).tgz docker
 
-cross-mac: cross-all-cli ## create tgz with darwin x86_64 client only
-	mkdir -p build/mac/docker
-	cp $(CLI_DIR)/build/docker-darwin-amd64 build/mac/docker/docker
-	tar -C build/mac -c -z -f build/mac/docker-$(VERSION).tgz docker
+	# extra binaries for running rootless
+	mkdir -p build/linux/docker-rootless-extras
+	for f in rootlesskit dockerd-rootless.sh dockerd-rootless-setuptool.sh vpnkit; do \
+		if [ -f $(ENGINE_DIR)/bundles/binary/$$f ]; then \
+			cp -L $(ENGINE_DIR)/bundles/binary/$$f build/linux/docker-rootless-extras/$$f; \
+		fi \
+	done
+	tar -C build/linux -c -z -f build/linux/docker-rootless-extras-$(GEN_STATIC_VER).tgz docker-rootless-extras
 
-cross-win: cross-all-cli cross-win-engine ## create zip file with windows x86_64 client and server
-	mkdir -p build/win/docker
-	cp $(CLI_DIR)/build/docker-windows-amd64 build/win/docker/docker.exe
-	cp $(ENGINE_DIR)/bundles/$(ENGINE_VER)/cross/windows/amd64/dockerd-$(ENGINE_VER).exe build/win/docker/dockerd.exe
-	docker run --rm -v $(CURDIR)/build/win:/v -w /v alpine sh -c 'apk update&&apk add zip&&zip -r docker-$(VERSION).zip docker'
+	# buildx
+	tar -C $(BUILDX_DIR)/bin -c -z -f build/linux/docker-buildx-plugin-$(DOCKER_BUILDX_REF:v%=%).tgz docker-buildx
+
+.PHONY: hash_files
+hash_files:
+	@echo "Hashing directory $(DIR_TO_HASH)"
+	$(HASH_CMD) "$(DIR_TO_HASH)"
+
+.PHONY: buildx
+buildx:
+	docker buildx inspect | grep -q 'Driver: docker-container' || docker buildx create --use
+
+.PHONY: cross-mac
+cross-mac: buildx
+	cd $(CLI_DIR) && VERSION=$(GEN_STATIC_VER) docker buildx bake --set binary.platform=darwin/amd64,darwin/arm64 binary
+	dest=$$PWD/build/mac; cd $(CLI_DIR)/build && for platform in *; do \
+		arch=$$(echo $$platform | cut -d_ -f2); \
+		mkdir -p $$dest/$$arch/docker; \
+		cp $$platform/docker-darwin-* $$dest/$$arch/docker/docker && \
+		tar -C $$dest/$$arch -c -z -f $$dest/$$arch/docker-$(GEN_STATIC_VER).tgz docker; \
+	done
+
+.PHONY: cross-win
+cross-win: cross-win-engine
+	cd $(CLI_DIR) && VERSION=$(GEN_STATIC_VER) docker buildx bake --set binary.platform=windows/amd64 binary
+	mkdir -p build/win/amd64/docker
+	cp $(CLI_DIR)/build/docker-windows-amd64.exe build/win/amd64/docker/docker.exe
+	cp $(ENGINE_DIR)/bundles/cross/win/dockerd.exe build/win/amd64/docker/dockerd.exe
+	docker run --rm -v $(CURDIR)/build/win/amd64:/v -w /v alpine sh -c 'apk update&&apk add zip&&zip -r docker-$(GEN_STATIC_VER).zip docker'
 	$(CHOWN) -R $(shell id -u):$(shell id -g) build
 
+.PHONY: cross-arm
 cross-arm: cross-all-cli ## create tgz with linux armhf client only
 	mkdir -p build/arm/docker
 	cp $(CLI_DIR)/build/docker-linux-arm build/arm/docker/docker
-	tar -C build/arm -c -z -f build/arm/docker-$(VERSION).tgz docker
+	tar -C build/arm -c -z -f build/arm/docker-$(GEN_STATIC_VER).tgz docker
 
+.PHONY: static-cli
 static-cli:
-	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(VERSION) build
+	cd $(CLI_DIR) && VERSION=$(GEN_STATIC_VER) docker buildx bake --set binary.platform=$(TARGETPLATFORM) --set binary.args.CGO_ENABLED=$(CGO_ENABLED) binary
 
+.PHONY: static-engine
 static-engine:
-	$(MAKE) -C $(ENGINE_DIR) binary
+	cd $(ENGINE_DIR) && docker buildx build --target all $(ENGINE_BUILD_OPTS) --output "./bundles/binary" .
 
+.PHONY: static-buildx-plugin
+static-buildx-plugin:
+	cd $(BUILDX_DIR) && docker buildx bake --set binaries.platform=$(TARGETPLATFORM) binaries && mv ./bin/build/buildx ./bin/docker-buildx
+
+.PHONY: cross-all-cli
 cross-all-cli:
-	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(VERSION) cross
+	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(GEN_STATIC_VER) cross
 
+.PHONY: cross-win-engine
 cross-win-engine:
-	$(MAKE) -C $(ENGINE_DIR) DOCKER_CROSSPLATFORMS=windows/amd64 cross
+	cd $(ENGINE_DIR) && docker buildx build --target binary $(ENGINE_BUILD_OPTS) --platform windows/amd64 --output "./bundles/cross/win" .

static/gen-static-ver

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+REPO_DIR="$1"
+VERSION="$2"
+
+if [ -z "$REPO_DIR" ] || [ -z "$VERSION" ]; then
+	# shellcheck disable=SC2016
+	echo 'usage: ./gen-static-ver ${REPO_DIR} ${VERSION}'
+	exit 1
+fi
+
+GIT_COMMAND="git -C $REPO_DIR"
+
+staticVersion="${VERSION#v}"
+
+# if we have a "-dev" suffix or have change in Git, this is a nightly build, and
+# we'll create a pseudo version based on commit-date and -sha.
+if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
+	export TZ=UTC
+
+	# based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+	#
+	# using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefabcdef,
+	# where the time is the commit time in UTC and the final suffix is the prefix
+	# of the commit hash. The time portion ensures that two pseudo-versions can
+	# be compared to determine which happened later, the commit hash identifes
+	# the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+	# as a pre-release before version v0.0.0, so that the go command prefers any
+	# tagged release over any pseudo-version.
+	gitUnix="$($GIT_COMMAND log -1 --pretty='%ct')"
+
+	if [ "$(uname)" = "Darwin" ]; then
+		# Using BSD date (macOS), which doesn't support the --date option
+		# date -jf "<input format>" "<input value>" +"<output format>" (https://unix.stackexchange.com/a/86510)
+		gitDate="$(TZ=UTC date -u -jf "%s" "$gitUnix" +'%Y%m%d%H%M%S')"
+	else
+		# Using GNU date (Linux)
+		gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
+	fi
+
+	gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
+	# generated version is now something like '0.0.0-20180719213702-cd5e2db'
+	staticVersion="0.0.0-${gitDate}-${gitCommit}" # (using hyphens)
+fi
+
+echo "$staticVersion"

static/hash_files

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+# Simple script to hash all the files in a given directory
+
+DIR_TO_LOOK_IN=${1:-build/linux}
+
+for f in $(find "$DIR_TO_LOOK_IN" -type f); do
+	for hash_algo in md5 sha256; do
+		"${hash_algo}sum" "$f" >"$f.$hash_algo"
+	done
+done

verify

@@ -0,0 +1,149 @@
+#!/usr/bin/env bash
+
+###
+# Script Name:  verify
+#
+# Description: This runs a smoke test to verify that the packages can be installed corrected
+###
+
+# build/${DIST_ID}/${DIST_VERSION}/${ARCH} - location of all packages
+# Manually Testing: docker run --rm -it -v $(pwd):/v -w /v "centos:7" ./verify
+
+set -e
+
+source install-containerd-helpers
+
+function verify() {
+	if dpkg --version >/dev/null 2>/dev/null; then
+		verify_deb
+	elif rpm --version >/dev/null 2>/dev/null; then
+		verify_rpm
+	else
+		echo "[ERROR] Unable to determine base os:"
+		cat /etc/os-release
+		exit 1
+	fi
+}
+
+function verify_binaries() {
+	docker --version
+	docker buildx version
+	docker compose version
+	docker model version
+	dockerd --version
+	docker-proxy --version
+	containerd --version
+	ctr --version
+	containerd-shim -v
+	containerd-shim-runc-v1 -v
+	containerd-shim-runc-v2 -v
+	runc --version
+}
+
+function verify_deb() {
+	# First install prerequisites for our script and dpkg and apt to run correctly.
+	# This list SHOULD NOT include dependencies of docker itself, otherwise we would
+	# not be able to verify that our packages specify all the required dependencies.
+	apt-get update
+	apt-get -y install --no-install-recommends \
+		apt-transport-https \
+		ca-certificates \
+		curl \
+		gnupg2 \
+		lsb-release
+
+	DIST_ID=$(source /etc/os-release; echo "$ID")
+	DIST_VERSION=$(lsb_release -sc)
+	if [ "${DIST_VERSION}" = "sid" ]; then
+		echo 'Debian sid ("unstable") cannot be used for packaging: replace with the actual codename'
+		exit 1
+	fi
+
+	install_debian_containerd
+
+	packages=$(find "deb/debbuild/${DIST_ID}-${DIST_VERSION}/" -type f -name "*.deb")
+	# All local packages need to be prefixed with `./` or else apt-get doesn't understand where to pull from
+	packages=$(echo "${packages}" | awk '$0="./"$0' | xargs)
+
+	(
+		set -x
+		# Install the locally built packages using 'dpkg' because installing with
+		# 'apt-get' would attempt to install dependency packages (such as the CLI)
+		# from download.docker.com instead of the locally built CLI package. Given
+		# that 'dpkg -i' does not install any dependency (but will fail if depen-
+		# dencies are missing), we use the '--ignore-depends' option to ignore
+		# packages we know to be missing at this stage, and '--force-depends' to
+		# only warn about any other missing dependency.
+		#
+		# shellcheck disable=SC2086
+		dpkg \
+			--ignore-depends=containerd.io,iptables,libdevmapper,libdevmapper1.02.1 \
+			--force-depends \
+			-i ${packages}
+
+		# After installing the local packages, we run 'apt-get install' with the
+		# '--fix-broken' option to trigger installation of the dependencies, which
+		# should succeed successfully. This step is to verify that not only the
+		# packages can be installed, but also that all dependencies (including
+		# containerd.io) can be resolved correctly for the distro that we built for,
+		# before going through the whole pipeline and publishing the packages.
+		#
+		# The '--no-upgrade' option is set to prevent apt from attempting to install
+		# packages from download(-stage).docker.com that we already installed using
+		# the local packages above. Without this, installing (e.g.) ./docker-ce-cli
+		# would result in apt installing "docker-ce" from the package repository and
+		# produce a "the following packages will be DOWNGRADED" error.
+		#
+		# shellcheck disable=SC2086
+		apt-get -y install --no-install-recommends --no-upgrade --fix-broken ${packages}
+	)
+
+	verify_binaries
+}
+
+function verify_rpm() {
+	DIST_ID=$(. /etc/os-release; echo "${ID}")
+	DIST_VERSION=$(. /etc/os-release; echo "${VERSION_ID}" | cut -d'.' -f1)
+
+	pkg_manager="yum"
+	pkg_config_manager="yum-config-manager"
+	if dnf --version; then
+		pkg_manager="dnf"
+		pkg_config_manager="dnf config-manager"
+		dnf clean all
+		${pkg_manager} install -y 'dnf-command(config-manager)'
+	fi
+
+	case ${DIST_ID}:${DIST_VERSION} in
+	ol:7*)
+		# Needed for container-selinux
+		${pkg_config_manager} --enable ol7_addons
+		;;
+	fedora*)
+		dnf install -y findutils
+		;;
+	esac
+
+	install_rpm_containerd
+
+	# find all rpm packages, exclude src package
+	echo "[DEBUG] Installing engine rpms"
+	packages=$(find "rpm/rpmbuild/${DIST_ID}-${DIST_VERSION}/RPMS/" -type f -name "*.rpm" | sed '/src/d')
+
+	# install all non-source packages
+	(
+		set -x
+		product_version=$(source /etc/os-release; echo "${REDHAT_SUPPORT_PRODUCT_VERSION:-}")
+		if [ "$product_version" = 'rawhide' ]; then
+				# force $releasever to account for Fedora pre-release images, as they
+				# may still be using "rawhide", which is not present on our package
+				# repositories on download.docker.com.
+				export DNF_VAR_releasever="$DIST_VERSION"
+		fi
+		${pkg_manager} install -y ${packages}
+	)
+
+	verify_binaries
+}
+
+verify