diff --git a/nodeup/pkg/model/docker.go b/nodeup/pkg/model/docker.go
index f7992ebeef..c9bf5d6d0e 100644
--- a/nodeup/pkg/model/docker.go
+++ b/nodeup/pkg/model/docker.go
@@ -121,7 +121,7 @@ var dockerVersions = []dockerVersion{
 		Source:        "https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-1.11.2-1.el7.centos.x86_64.rpm",
 		Hash:          "432e6d7948df9e05f4190fce2f423eedbfd673d5",
 		ExtraPackages: map[string]packageInfo{
-			"selinux": {
+			"docker-engine-selinux": {
 				Version: "1.11.2",
 				Source:  "https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-selinux-1.11.2-1.el7.centos.noarch.rpm",
 				Hash:    "f6da608fa8eeb2be8071489086ed9ff035f6daba",
@@ -164,7 +164,7 @@ var dockerVersions = []dockerVersion{
 		Source:        "https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-1.12.1-1.el7.centos.x86_64.rpm",
 		Hash:          "636471665665546224444052c3b48001397036be",
 		ExtraPackages: map[string]packageInfo{
-			"selinux": {
+			"docker-engine-selinux": {
 				Version: "1.12.1",
 				Source:  "https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-selinux-1.12.1-1.el7.centos.noarch.rpm",
 				Hash:    "52ec22128e70acc2f76b3a8e87ff96785995116a",
@@ -223,7 +223,7 @@ var dockerVersions = []dockerVersion{
 		Source:        "https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-1.12.3-1.el7.centos.x86_64.rpm",
 		Hash:          "67fbb78cfb9526aaf8142c067c10384df199d8f9",
 		ExtraPackages: map[string]packageInfo{
-			"selinux": {
+			"docker-engine-selinux": {
 				Version: "1.12.3",
 				Source:  "https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-selinux-1.12.3-1.el7.centos.noarch.rpm",
 				Hash:    "a6b0243af348140236ed96f2e902b259c590eefa",
@@ -297,7 +297,7 @@ var dockerVersions = []dockerVersion{
 		Source:        "https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-1.12.6-1.el7.centos.x86_64.rpm",
 		Hash:          "776dbefa9dc7733000e46049293555a9a422c50e",
 		ExtraPackages: map[string]packageInfo{
-			"selinux": {
+			"docker-engine-selinux": {
 				Version: "1.12.6",
 				Source:  "https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-selinux-1.12.6-1.el7.centos.noarch.rpm",
 				Hash:    "9a6ee0d631ca911b6927450a3c396e9a5be75047",
@@ -371,7 +371,7 @@ var dockerVersions = []dockerVersion{
 		Source:        "https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-1.13.1-1.el7.centos.x86_64.rpm",
 		Hash:          "b18f7fd8057665e7d2871d29640e214173f70fe1",
 		ExtraPackages: map[string]packageInfo{
-			"selinux": {
+			"docker-engine-selinux": {
 				Version: "1.13.1",
 				Source:  "https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-selinux-1.13.1-1.el7.centos.noarch.rpm",
 				Hash:    "948c518a610af631fa98aa32d9bcd43e9ddd5ebc",
@@ -456,7 +456,7 @@ var dockerVersions = []dockerVersion{
 		Source:        "https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm",
 		Hash:          "494ca888f5b1553f93b9d9a5dad4a67f76cf9eb5",
 		ExtraPackages: map[string]packageInfo{
-			"selinux": {
+			"docker-ce-selinux": {
 				Version: "17.03.2.ce",
 				Source:  "https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm",
 				Hash:    "4659c937b66519c88ef2a82a906bb156db29d191",
@@ -541,8 +541,8 @@ var dockerVersions = []dockerVersion{
 		Source:        "https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-17.09.0.ce-1.el7.centos.x86_64.rpm",
 		Hash:          "b4ce72e80ff02926de943082821bbbe73958f87a",
 		ExtraPackages: map[string]packageInfo{
-			"selinux": {
-				Version: "17.09.0.ce",
+			"container-selinux": {
+				Version: "2.68",
 				Source:  "http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm",
 				Hash:    "d9f87f7f4f2e8e611f556d873a17b8c0c580fec0",
 			},
@@ -584,7 +584,7 @@ var dockerVersions = []dockerVersion{
 		Name:          "docker-ce",
 		Distros:       []distros.Distribution{distros.DistributionDebian9},
 		Architectures: []Architecture{ArchitectureAmd64},
-		Version:       "18.06.1~ce-0~debian",
+		Version:       "18.06.1~ce~3-0~debian",
 		Source:        "https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/docker-ce_18.06.1~ce~3-0~debian_amd64.deb",
 		Hash:          "18473b80e61b6d4eb8b52d87313abd71261287e5",
 		Dependencies:  []string{"bridge-utils", "libapparmor1", "libltdl7", "perl"},
@@ -609,7 +609,7 @@ var dockerVersions = []dockerVersion{
 		Name:          "docker-ce",
 		Distros:       []distros.Distribution{distros.DistributionJessie},
 		Architectures: []Architecture{ArchitectureAmd64},
-		Version:       "ce_18.06.2~ce~3-0~debian",
+		Version:       "18.06.2~ce~3-0~debian",
 		Source:        "https://download.docker.com/linux/debian/dists/jessie/pool/stable/amd64/docker-ce_18.06.2~ce~3-0~debian_amd64.deb",
 		Hash:          "1a2500311230aff37aa81dd1292a88302fb0a2e1",
 		Dependencies:  []string{"bridge-utils", "libapparmor1", "libltdl7", "perl"},
@@ -625,8 +625,8 @@ var dockerVersions = []dockerVersion{
 		Source:        "https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.1.ce-3.el7.x86_64.rpm",
 		Hash:          "0a1325e570c5e54111a79623c9fd0c0c714d3a11",
 		ExtraPackages: map[string]packageInfo{
-			"selinux": {
-				Version: "18.06.1.ce",
+			"container-selinux": {
+				Version: "2.68",
 				Source:  "http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm",
 				Hash:    "d9f87f7f4f2e8e611f556d873a17b8c0c580fec0",
 			},
@@ -640,16 +640,16 @@ var dockerVersions = []dockerVersion{
 		Name:          "docker-ce",
 		Distros:       []distros.Distribution{distros.DistributionDebian9},
 		Architectures: []Architecture{ArchitectureAmd64},
-		Version:       "18.09.3-0~debian",
+		Version:       "18.09.3~3-0~debian-stretch",
 		Source:        "https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/docker-ce_18.09.3~3-0~debian-stretch_amd64.deb",
 		Hash:          "009b9a2d8bfaa97c74773fe4ec25b6bb396b10d0",
 		ExtraPackages: map[string]packageInfo{
-			"cli": {
-				Version: "18.09.3-0~debian",
+			"docker-ce-cli": {
+				Version: "18.09.3~3-0~debian-stretch",
 				Source:  "https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/docker-ce-cli_18.09.3~3-0~debian-stretch_amd64.deb",
 				Hash:    "557f868ec63e5251639ebd1d8669eb0c61dd555c",
 			},
-			"containerd": {
+			"containerd.io": {
 				Version: "1.2.4-1",
 				Source:  "https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/containerd.io_1.2.4-1_amd64.deb",
 				Hash:    "48c6ab0c908316af9a183de5aad64703bc516bdf",
@@ -715,7 +715,7 @@ var dockerVersions = []dockerVersion{
 		Name:          "docker-ce",
 		Distros:       []distros.Distribution{distros.DistributionJessie},
 		Architectures: []Architecture{ArchitectureAmd64},
-		Version:       "ce_18.06.3~ce~3-0~debian",
+		Version:       "18.06.3~ce~3-0~debian",
 		Source:        "https://download.docker.com/linux/debian/dists/jessie/pool/stable/amd64/docker-ce_18.06.3~ce~3-0~debian_amd64.deb",
 		Hash:          "058bcd4b055560866b8cad978c7aa224694602da",
 		Dependencies:  []string{"bridge-utils", "libapparmor1", "libltdl7", "perl"},
@@ -724,17 +724,17 @@ var dockerVersions = []dockerVersion{
 	// 18.06.3 - CentOS / Rhel7 (two packages)
 	{
 		DockerVersion: "18.06.3",
-		Name:          "container-selinux",
+		Name:          "docker-ce",
 		Distros:       []distros.Distribution{distros.DistributionRhel7, distros.DistributionCentos7},
 		Architectures: []Architecture{ArchitectureAmd64},
-		Version:       "2.68",
-		Source:        "http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm",
-		Hash:          "d9f87f7f4f2e8e611f556d873a17b8c0c580fec0",
+		Version:       "18.06.3.ce",
+		Source:        "https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm",
+		Hash:          "5369602f88406d4fb9159dc1d3fd44e76fb4cab8",
 		ExtraPackages: map[string]packageInfo{
-			"selinux": {
-				Version: "18.06.3.ce",
-				Source:  "https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm",
-				Hash:    "5369602f88406d4fb9159dc1d3fd44e76fb4cab8",
+			"container-selinux": {
+				Version: "2.68",
+				Source:  "http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm",
+				Hash:    "d9f87f7f4f2e8e611f556d873a17b8c0c580fec0",
 			},
 		},
 		Dependencies: []string{"libtool-ltdl", "libseccomp", "libcgroup", "policycoreutils-python"},
@@ -846,7 +846,7 @@ func (b *DockerBuilder) Build(c *fi.ModelBuilderContext) error {
 				var extraPkgs []*nodetasks.Package
 				for name, pkg := range dv.ExtraPackages {
 					dep := &nodetasks.Package{
-						Name:         dv.Name + "-" + name,
+						Name:         name,
 						Version:      s(pkg.Version),
 						Source:       s(pkg.Source),
 						Hash:         s(pkg.Hash),
diff --git a/nodeup/pkg/model/docker_test.go b/nodeup/pkg/model/docker_test.go
index db6fd5b17d..0260197528 100644
--- a/nodeup/pkg/model/docker_test.go
+++ b/nodeup/pkg/model/docker_test.go
@@ -23,6 +23,7 @@ import (
 	"net/http"
 	"os"
 	"path"
+	"strings"
 	"testing"
 
 	"k8s.io/kops/pkg/apis/kops"
@@ -31,32 +32,85 @@ import (
 	"k8s.io/kops/upup/pkg/fi"
 )
 
-func TestDockerHashes(t *testing.T) {
+func TestDockerPackageNames(t *testing.T) {
+	for _, dockerVersion := range dockerVersions {
+		if dockerVersion.PlainBinary {
+			continue
+		}
+
+		sanityCheckPackageName(t, dockerVersion.Source, dockerVersion.Version, dockerVersion.Name)
+
+		for k, p := range dockerVersion.ExtraPackages {
+			sanityCheckPackageName(t, p.Source, p.Version, k)
+		}
+	}
+}
+
+func sanityCheckPackageName(t *testing.T, u string, version string, name string) {
+	filename := u
+	lastSlash := strings.LastIndex(filename, "/")
+	if lastSlash != -1 {
+		filename = filename[lastSlash+1:]
+	}
+
+	expectedNames := []string{}
+	// Match known RPM formats
+	for _, v := range []string{"-1.", "-2.", "-3."} {
+		for _, d := range []string{"el7", "el7.centos"} {
+			for _, a := range []string{"noarch", "x86_64"} {
+				expectedNames = append(expectedNames, name+"-"+version+v+d+"."+a+".rpm")
+			}
+		}
+	}
+
+	// Match known DEB formats
+	for _, a := range []string{"amd64", "armhf"} {
+		expectedNames = append(expectedNames, name+"_"+version+"_"+a+".deb")
+	}
+
+	found := false
+	for _, s := range expectedNames {
+		if s == filename {
+			found = true
+		}
+	}
+	if !found {
+		t.Errorf("unexpected name=%q, version=%q for %s", name, version, u)
+	}
+}
+
+func TestDockerPackageHashes(t *testing.T) {
 	if os.Getenv("VERIFY_HASHES") == "" {
 		t.Skip("VERIFY_HASHES not set, won't download & verify docker hashes")
 	}
 
 	for _, dockerVersion := range dockerVersions {
-		u := dockerVersion.Source
+		verifyPackageHash(t, dockerVersion.Source, dockerVersion.Hash)
 
-		resp, err := http.Get(u)
-		if err != nil {
-			t.Errorf("%s: error fetching: %v", u, err)
-			continue
+		for _, p := range dockerVersion.ExtraPackages {
+			verifyPackageHash(t, p.Source, p.Hash)
 		}
-		defer resp.Body.Close()
+	}
+}
 
-		hasher := sha1.New()
-		if _, err := io.Copy(hasher, resp.Body); err != nil {
-			t.Errorf("%s: error reading: %v", u, err)
-			continue
-		}
+func verifyPackageHash(t *testing.T, u string, hash string) {
+	resp, err := http.Get(u)
+	if err != nil {
+		t.Errorf("%s: error fetching: %v", u, err)
+		return
+	}
+	defer resp.Body.Close()
 
-		hash := hex.EncodeToString(hasher.Sum(nil))
-		if hash != dockerVersion.Hash {
-			t.Errorf("%s: hash was %q", dockerVersion.Source, hash)
-			continue
-		}
+	hasher := sha1.New()
+	if _, err := io.Copy(hasher, resp.Body); err != nil {
+		t.Errorf("%s: error reading: %v", u, err)
+		return
+	}
+
+	actualHash := hex.EncodeToString(hasher.Sum(nil))
+	if hash != actualHash {
+		t.Errorf("%s: hash was %q", u, actualHash)
+		return
 	}
 }