Fix "--node-generic-resource" singular/plural

Daemon flags that can be specified multiple times use
singlar names for flags, but plural names for the configuration
file.

To make the daemon configuration know how to correlate
the flag with the corresponding configuration option,
`opt.NewNamedListOptsRef()` should be used instead of
`opt.NewListOptsRef()`.

Commit 6702ac590e attempted
to fix the daemon not corresponding the flag with the configuration
file option, but did so by changing the name of the flag
to plural.

This patch reverts that change, and uses `opt.NewNamedListOptsRef()`
instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6e7715d65b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

.DEREK.yml

@@ -0,0 +1,17 @@
+curators:
+  - aboch
+  - alexellis
+  - andrewhsu
+  - anonymuse
+  - chanwit
+  - ehazlett
+  - fntlnz
+  - gianarb
+  - mgoelzer
+  - programmerq
+  - rheinwein
+  - ripcurld0
+  - thajeztah
+
+features:
+  - comments

.dockerignore

@@ -1,4 +1,7 @@
+bundles
+.gopath
+vendor/pkg
+.go-pkg-cache
 .git
-bundles/
-cli/winresources/**/winres.json
-cli/winresources/**/*.syso
+hack/integration-cli-on-swarm/integration-cli-on-swarm
+

.gitattributes

@@ -1,3 +0,0 @@
-Dockerfile* linguist-language=Dockerfile
-vendor.mod linguist-language=Go-Module
-vendor.sum linguist-language=Go-Checksums

.github/CODEOWNERS

@@ -3,13 +3,19 @@
 #
 # KEEP THIS FILE SORTED. Order is important. Last match takes precedence.
 
-builder/**                              @tonistiigi
+builder/**                              @dnephin @tonistiigi
+client/**                               @dnephin
 contrib/mkimage/**                      @tianon
 daemon/graphdriver/devmapper/**         @rhvgoyal 
+daemon/graphdriver/lcow/**              @johnstep @jhowardmsft
 daemon/graphdriver/overlay/**           @dmcgowan
 daemon/graphdriver/overlay2/**          @dmcgowan
-daemon/graphdriver/windows/**           @johnstep
+daemon/graphdriver/windows/**           @johnstep @jhowardmsft
 daemon/logger/awslogs/**                @samuelkarp  
-hack/**                                 @tianon
+hack/**                                 @dnephin @tianon
+hack/integration-cli-on-swarm/**        @AkihiroSuda
+integration-cli/**                      @dnephin @vdemeester
+integration/**                          @dnephin @vdemeester
+pkg/testutil/**                         @dnephin
 plugin/**                               @cpuguy83
 project/**                              @thaJeztah

.github/actions/setup-runner/action.yml

@@ -1,27 +0,0 @@
-name: 'Setup Runner'
-description: 'Composite action to set up the GitHub Runner for jobs in the test.yml workflow'
-
-runs:
-  using: composite
-  steps:
-    - run: |
-        sudo modprobe ip_vs
-        sudo modprobe ipv6
-        sudo modprobe ip6table_filter
-        sudo modprobe -r overlay
-        sudo modprobe overlay redirect_dir=off
-      shell: bash
-    - run: |
-        if [ ! -e /etc/docker/daemon.json ]; then
-         echo '{}' | sudo tee /etc/docker/daemon.json >/dev/null
-        fi
-        DOCKERD_CONFIG=$(jq '.+{"experimental":true,"live-restore":true,"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' /etc/docker/daemon.json)
-        sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
-        sudo service docker restart
-      shell: bash
-    - run: |
-        ./contrib/check-config.sh || true
-      shell: bash
-    - run: |
-        docker info
-      shell: bash

.github/workflows/.dco.yml

@@ -1,58 +0,0 @@
-# reusable workflow
-name: .dco
-
-# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
-
-# Default to 'contents: read', which grants actions to read commits.
-#
-# If any permission is set, any permission not included in the list is
-# implicitly set to "none".
-#
-# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
-permissions:
-  contents: read
-
-on:
-  workflow_call:
-
-env:
-  ALPINE_VERSION: 3.16
-
-jobs:
-  run:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      -
-        name: Dump context
-        uses: actions/github-script@v7
-        with:
-          script: |
-            console.log(JSON.stringify(context, null, 2));
-      -
-        name: Get base ref
-        id: base-ref
-        uses: actions/github-script@v7
-        with:
-          result-encoding: string
-          script: |
-            if (/^refs\/pull\//.test(context.ref) && context.payload?.pull_request?.base?.ref != undefined) {
-              return context.payload.pull_request.base.ref;
-            }
-            return context.ref.replace(/^refs\/heads\//g, '');
-      -
-        name: Validate
-        run: |
-          docker run --rm \
-            -v "$(pwd):/workspace" \
-            -e VALIDATE_REPO \
-            -e VALIDATE_BRANCH \
-            alpine:${{ env.ALPINE_VERSION }} sh -c 'apk add --no-cache -q bash git openssh-client && git config --system --add safe.directory /workspace && cd /workspace && hack/validate/dco'
-        env:
-          VALIDATE_REPO: ${{ github.server_url }}/${{ github.repository }}.git
-          VALIDATE_BRANCH: ${{ steps.base-ref.outputs.result }}

.github/workflows/.windows.yml

@@ -1,517 +0,0 @@
-# reusable workflow
-name: .windows
-
-# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
-
-# Default to 'contents: read', which grants actions to read commits.
-#
-# If any permission is set, any permission not included in the list is
-# implicitly set to "none".
-#
-# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
-permissions:
-  contents: read
-
-on:
-  workflow_call:
-    inputs:
-      os:
-        required: true
-        type: string
-      send_coverage:
-        required: false
-        type: boolean
-        default: false
-
-env:
-  GO_VERSION: "1.23.9"
-  GOTESTLIST_VERSION: v0.3.1
-  TESTSTAT_VERSION: v0.1.3
-  WINDOWS_BASE_IMAGE: mcr.microsoft.com/windows/servercore
-  WINDOWS_BASE_TAG_2019: ltsc2019
-  WINDOWS_BASE_TAG_2022: ltsc2022
-  TEST_IMAGE_NAME: moby:test
-  TEST_CTN_NAME: moby
-  DOCKER_BUILDKIT: 0
-  ITG_CLI_MATRIX_SIZE: 6
-
-jobs:
-  build:
-    runs-on: ${{ inputs.os }}
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    env:
-      GOPATH: ${{ github.workspace }}\go
-      GOBIN: ${{ github.workspace }}\go\bin
-      BIN_OUT: ${{ github.workspace }}\out
-    defaults:
-      run:
-        working-directory: ${{ env.GOPATH }}/src/github.com/docker/docker
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-        with:
-          path: ${{ env.GOPATH }}/src/github.com/docker/docker
-      -
-        name: Env
-        run: |
-          Get-ChildItem Env: | Out-String
-      -
-        name: Init
-        run: |
-          New-Item -ItemType "directory" -Path "${{ github.workspace }}\go-build"
-          New-Item -ItemType "directory" -Path "${{ github.workspace }}\go\pkg\mod"
-          If ("${{ inputs.os }}" -eq "windows-2019") {
-            echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          } ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
-            echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          }
-      -
-        name: Cache
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~\AppData\Local\go-build
-            ~\go\pkg\mod
-            ${{ github.workspace }}\go-build
-            ${{ env.GOPATH }}\pkg\mod
-          key: ${{ inputs.os }}-${{ github.job }}-${{ hashFiles('**/vendor.sum') }}
-          restore-keys: |
-            ${{ inputs.os }}-${{ github.job }}-
-      -
-        name: Docker info
-        run: |
-          docker info
-      -
-        name: Build base image
-        run: |
-          docker pull ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }}
-          docker tag ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }} microsoft/windowsservercore
-          docker build --build-arg GO_VERSION -t ${{ env.TEST_IMAGE_NAME }} -f Dockerfile.windows .
-      -
-        name: Build binaries
-        run: |
-          & docker run --name ${{ env.TEST_CTN_NAME }} -e "DOCKER_GITCOMMIT=${{ github.sha }}" `
-              -v "${{ github.workspace }}\go-build:C:\Users\ContainerAdministrator\AppData\Local\go-build" `
-              -v "${{ github.workspace }}\go\pkg\mod:C:\gopath\pkg\mod" `
-              ${{ env.TEST_IMAGE_NAME }} hack\make.ps1 -Daemon -Client
-      -
-        name: Copy artifacts
-        run: |
-          New-Item -ItemType "directory" -Path "${{ env.BIN_OUT }}"
-          docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\src\github.com\docker\docker\bundles\docker.exe" ${{ env.BIN_OUT }}\
-          docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\src\github.com\docker\docker\bundles\dockerd.exe" ${{ env.BIN_OUT }}\
-          docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\bin\gotestsum.exe" ${{ env.BIN_OUT }}\
-          docker cp "${{ env.TEST_CTN_NAME }}`:c`:\containerd\bin\containerd.exe" ${{ env.BIN_OUT }}\
-          docker cp "${{ env.TEST_CTN_NAME }}`:c`:\containerd\bin\containerd-shim-runhcs-v1.exe" ${{ env.BIN_OUT }}\
-      -
-        name: Upload artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: build-${{ inputs.os }}
-          path: ${{ env.BIN_OUT }}/*
-          if-no-files-found: error
-          retention-days: 2
-
-  unit-test:
-    runs-on: ${{ inputs.os }}
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    env:
-      GOPATH: ${{ github.workspace }}\go
-      GOBIN: ${{ github.workspace }}\go\bin
-    defaults:
-      run:
-        working-directory: ${{ env.GOPATH }}/src/github.com/docker/docker
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-        with:
-          path: ${{ env.GOPATH }}/src/github.com/docker/docker
-      -
-        name: Env
-        run: |
-          Get-ChildItem Env: | Out-String
-      -
-        name: Init
-        run: |
-          New-Item -ItemType "directory" -Path "${{ github.workspace }}\go-build"
-          New-Item -ItemType "directory" -Path "${{ github.workspace }}\go\pkg\mod"
-          New-Item -ItemType "directory" -Path "bundles"
-          If ("${{ inputs.os }}" -eq "windows-2019") {
-            echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          } ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
-            echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          }
-      -
-        name: Cache
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~\AppData\Local\go-build
-            ~\go\pkg\mod
-            ${{ github.workspace }}\go-build
-            ${{ env.GOPATH }}\pkg\mod
-          key: ${{ inputs.os }}-${{ github.job }}-${{ hashFiles('**/vendor.sum') }}
-          restore-keys: |
-            ${{ inputs.os }}-${{ github.job }}-
-      -
-        name: Docker info
-        run: |
-          docker info
-      -
-        name: Build base image
-        run: |
-          docker pull ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }}
-          docker tag ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }} microsoft/windowsservercore
-          docker build --build-arg GO_VERSION -t ${{ env.TEST_IMAGE_NAME }} -f Dockerfile.windows .
-      -
-        name: Test
-        run: |
-          & docker run --name ${{ env.TEST_CTN_NAME }} -e "DOCKER_GITCOMMIT=${{ github.sha }}" `
-            -v "${{ github.workspace }}\go-build:C:\Users\ContainerAdministrator\AppData\Local\go-build" `
-            -v "${{ github.workspace }}\go\pkg\mod:C:\gopath\pkg\mod" `
-            -v "${{ env.GOPATH }}\src\github.com\docker\docker\bundles:C:\gopath\src\github.com\docker\docker\bundles" `
-            ${{ env.TEST_IMAGE_NAME }} hack\make.ps1 -TestUnit
-      -
-        name: Send to Codecov
-        if: inputs.send_coverage
-        uses: codecov/codecov-action@v4
-        with:
-          working-directory: ${{ env.GOPATH }}\src\github.com\docker\docker
-          directory: bundles
-          env_vars: RUNNER_OS
-          flags: unit
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ inputs.os }}-unit-reports
-          path: ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
-          retention-days: 1
-
-  unit-test-report:
-    runs-on: ubuntu-latest
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    if: always()
-    needs:
-      - unit-test
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ inputs.os }}-unit-reports
-          path: /tmp/artifacts
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/artifacts -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
-
-  integration-test-prepare:
-    runs-on: ubuntu-latest
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    outputs:
-      matrix: ${{ steps.tests.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Install gotestlist
-        run:
-          go install github.com/crazy-max/gotestlist/cmd/gotestlist@${{ env.GOTESTLIST_VERSION }}
-      -
-        name: Create matrix
-        id: tests
-        working-directory: ./integration-cli
-        run: |
-          # This step creates a matrix for integration-cli tests. Tests suites
-          # are distributed in integration-test job through a matrix. There is
-          # also an override being added to the matrix like "./..." to run
-          # "Test integration" step exclusively.
-          matrix="$(gotestlist -d ${{ env.ITG_CLI_MATRIX_SIZE }} -o "./..." ./...)"
-          echo "matrix=$matrix" >> $GITHUB_OUTPUT
-      -
-        name: Show matrix
-        run: |
-          echo ${{ steps.tests.outputs.matrix }}
-
-  integration-test:
-    runs-on: ${{ inputs.os }}
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    needs:
-      - build
-      - integration-test-prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        runtime:
-          - builtin
-          - containerd
-        test: ${{ fromJson(needs.integration-test-prepare.outputs.matrix) }}
-    env:
-      GOPATH: ${{ github.workspace }}\go
-      GOBIN: ${{ github.workspace }}\go\bin
-      BIN_OUT: ${{ github.workspace }}\out
-    defaults:
-      run:
-        working-directory: ${{ env.GOPATH }}/src/github.com/docker/docker
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-        with:
-          path: ${{ env.GOPATH }}/src/github.com/docker/docker
-      -
-        name: Env
-        run: |
-          Get-ChildItem Env: | Out-String
-      -
-        name: Download artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: build-${{ inputs.os }}
-          path: ${{ env.BIN_OUT }}
-      -
-        name: Init
-        run: |
-          New-Item -ItemType "directory" -Path "bundles"
-          If ("${{ inputs.os }}" -eq "windows-2019") {
-            echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          } ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
-            echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          }
-          Write-Output "${{ env.BIN_OUT }}" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
-          $testName = ([System.BitConverter]::ToString((New-Object System.Security.Cryptography.SHA256Managed).ComputeHash([System.Text.Encoding]::UTF8.GetBytes("${{ matrix.test }}"))) -replace '-').ToLower()
-          echo "TESTREPORTS_NAME=$testName" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-      -
-        # removes docker service that is currently installed on the runner. we
-        # could use Uninstall-Package but not yet available on Windows runners.
-        # more info: https://github.com/actions/virtual-environments/blob/d3a5bad25f3b4326c5666bab0011ac7f1beec95e/images/win/scripts/Installers/Install-Docker.ps1#L11
-        name: Removing current daemon
-        run: |
-          if (Get-Service docker -ErrorAction SilentlyContinue) {
-            $dockerVersion = (docker version -f "{{.Server.Version}}")
-            Write-Host "Current installed Docker version: $dockerVersion"
-            # remove service
-            Stop-Service -Force -Name docker
-            Remove-Service -Name docker
-            # removes event log entry. we could use "Remove-EventLog -LogName -Source docker"
-            # but this cmd is not available atm
-            $ErrorActionPreference = "SilentlyContinue"
-            & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\docker" /f 2>&1 | Out-Null
-            $ErrorActionPreference = "Stop"
-            Write-Host "Service removed"
-          }
-      -
-        name: Starting containerd
-        if: matrix.runtime == 'containerd'
-        run: |
-          Write-Host "Generating config"
-          & "${{ env.BIN_OUT }}\containerd.exe" config default | Out-File "$env:TEMP\ctn.toml" -Encoding ascii
-          Write-Host "Creating service"
-          New-Item -ItemType Directory "$env:TEMP\ctn-root" -ErrorAction SilentlyContinue | Out-Null
-          New-Item -ItemType Directory "$env:TEMP\ctn-state" -ErrorAction SilentlyContinue | Out-Null
-          Start-Process -Wait "${{ env.BIN_OUT }}\containerd.exe" `
-            -ArgumentList "--log-level=debug", `
-              "--config=$env:TEMP\ctn.toml", `
-              "--address=\\.\pipe\containerd-containerd", `
-              "--root=$env:TEMP\ctn-root", `
-              "--state=$env:TEMP\ctn-state", `
-              "--log-file=$env:TEMP\ctn.log", `
-              "--register-service"
-          Write-Host "Starting service"
-          Start-Service -Name containerd
-          Start-Sleep -Seconds 5
-          Write-Host "Service started successfully!"
-      -
-        name: Starting test daemon
-        run: |
-          Write-Host "Creating service"
-          If ("${{ matrix.runtime }}" -eq "containerd") {
-            $runtimeArg="--containerd=\\.\pipe\containerd-containerd"
-            echo "DOCKER_WINDOWS_CONTAINERD_RUNTIME=1" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          }
-          New-Item -ItemType Directory "$env:TEMP\moby-root" -ErrorAction SilentlyContinue | Out-Null
-          New-Item -ItemType Directory "$env:TEMP\moby-exec" -ErrorAction SilentlyContinue | Out-Null
-          Start-Process -Wait -NoNewWindow "${{ env.BIN_OUT }}\dockerd" `
-            -ArgumentList $runtimeArg, "--debug", `
-              "--host=npipe:////./pipe/docker_engine", `
-              "--data-root=$env:TEMP\moby-root", `
-              "--exec-root=$env:TEMP\moby-exec", `
-              "--pidfile=$env:TEMP\docker.pid", `
-              "--register-service"
-          Write-Host "Starting service"
-          Start-Service -Name docker
-          Write-Host "Service started successfully!"
-      -
-        name: Waiting for test daemon to start
-        run: |
-          $tries=20
-          Write-Host "Waiting for the test daemon to start..."
-          While ($true) {
-            $ErrorActionPreference = "SilentlyContinue"
-            & "${{ env.BIN_OUT }}\docker" version
-            $ErrorActionPreference = "Stop"
-            If ($LastExitCode -eq 0) {
-              break
-            }
-            $tries--
-            If ($tries -le 0) {
-              Throw "Failed to get a response from the daemon"
-            }
-            Write-Host -NoNewline "."
-            Start-Sleep -Seconds 1
-          }
-          Write-Host "Test daemon started and replied!"
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-      -
-        name: Docker info
-        run: |
-          & "${{ env.BIN_OUT }}\docker" info
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-      -
-        name: Building contrib/busybox
-        run: |
-          & "${{ env.BIN_OUT }}\docker" build -t busybox `
-            --build-arg WINDOWS_BASE_IMAGE `
-            --build-arg WINDOWS_BASE_IMAGE_TAG `
-            .\contrib\busybox\
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-      -
-        name: List images
-        run: |
-          & "${{ env.BIN_OUT }}\docker" images
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-      -
-        name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Test integration
-        if: matrix.test == './...'
-        run: |
-          .\hack\make.ps1 -TestIntegration
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-          GO111MODULE: "off"
-          TEST_CLIENT_BINARY: ${{ env.BIN_OUT }}\docker
-      -
-        name: Test integration-cli
-        if: matrix.test != './...'
-        run: |
-          .\hack\make.ps1 -TestIntegrationCli
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-          GO111MODULE: "off"
-          TEST_CLIENT_BINARY: ${{ env.BIN_OUT }}\docker
-          INTEGRATION_TESTRUN: ${{ matrix.test }}
-      -
-        name: Send to Codecov
-        if: inputs.send_coverage
-        uses: codecov/codecov-action@v4
-        with:
-          working-directory: ${{ env.GOPATH }}\src\github.com\docker\docker
-          directory: bundles
-          env_vars: RUNNER_OS
-          flags: integration,${{ matrix.runtime }}
-      -
-        name: Docker info
-        run: |
-          & "${{ env.BIN_OUT }}\docker" info
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-      -
-        name: Stop containerd
-        if: always() && matrix.runtime == 'containerd'
-        run: |
-          $ErrorActionPreference = "SilentlyContinue"
-          Stop-Service -Force -Name containerd
-          $ErrorActionPreference = "Stop"
-      -
-        name: Containerd logs
-        if: always() && matrix.runtime == 'containerd'
-        run: |
-          Copy-Item "$env:TEMP\ctn.log" -Destination ".\bundles\containerd.log"
-          Get-Content "$env:TEMP\ctn.log" | Out-Host
-      -
-        name: Stop daemon
-        if: always()
-        run: |
-          $ErrorActionPreference = "SilentlyContinue"
-          Stop-Service -Force -Name docker
-          $ErrorActionPreference = "Stop"
-      -
-        # as the daemon is registered as a service we have to check the event
-        # logs against the docker provider.
-        name: Daemon event logs
-        if: always()
-        run: |
-          Get-WinEvent -ea SilentlyContinue `
-            -FilterHashtable @{ProviderName= "docker"; LogName = "application"} |
-              Select-Object -Property TimeCreated, @{N='Detailed Message'; E={$_.Message}} |
-              Sort-Object @{Expression="TimeCreated";Descending=$false} |
-              Select-Object -ExpandProperty 'Detailed Message' | Tee-Object -file ".\bundles\daemon.log"
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ inputs.os }}-${{ inputs.storage }}-integration-reports-${{ matrix.runtime }}-${{ env.TESTREPORTS_NAME }}
-          path: ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
-          retention-days: 1
-
-  integration-test-report:
-    runs-on: ubuntu-latest
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    if: always()
-    needs:
-      - integration-test
-    strategy:
-      fail-fast: false
-      matrix:
-        runtime:
-          - builtin
-          - containerd
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download reports
-        uses: actions/download-artifact@v4
-        with:
-          path: /tmp/reports
-          pattern: ${{ inputs.os }}-${{ inputs.storage }}-integration-reports-${{ matrix.runtime }}-*
-          merge-multiple: true
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY

.github/workflows/buildkit.yml

@@ -1,126 +0,0 @@
-name: buildkit
-
-# Default to 'contents: read', which grants actions to read commits.
-#
-# If any permission is set, any permission not included in the list is
-# implicitly set to "none".
-#
-# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-  pull_request:
-
-env:
-  DESTDIR: ./build
-
-jobs:
-  validate-dco:
-    uses: ./.github/workflows/.dco.yml
-
-  build:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    needs:
-      - validate-dco
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build
-        uses: docker/bake-action@v5
-        with:
-          targets: binary
-      -
-        name: Upload artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: binary
-          path: ${{ env.DESTDIR }}
-          if-no-files-found: error
-          retention-days: 1
-
-  test:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    needs:
-      - build
-    strategy:
-      fail-fast: false
-      matrix:
-        pkg:
-          - client
-          - cmd/buildctl
-          - solver
-          - frontend
-          - frontend/dockerfile
-        typ:
-          - integration
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-        with:
-          path: moby
-      -
-        name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: BuildKit ref
-        run: |
-          echo "$(./hack/buildkit-ref)" >> $GITHUB_ENV
-        working-directory: moby
-      -
-        name: Checkout BuildKit ${{ env.BUILDKIT_REF }}
-        uses: actions/checkout@v4
-        with:
-          repository: "moby/buildkit"
-          ref: ${{ env.BUILDKIT_REF }}
-          path: buildkit
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Download binary artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: binary
-          path: ./buildkit/build/moby/
-      -
-        name: Update daemon.json
-        run: |
-          sudo rm -f /etc/docker/daemon.json
-          sudo service docker restart
-          docker version
-          docker info
-      -
-        name: Test
-        run: |
-          ./hack/test ${{ matrix.typ }}
-        env:
-          CONTEXT: "."
-          TEST_DOCKERD: "1"
-          TEST_DOCKERD_BINARY: "./build/moby/dockerd"
-          TESTPKGS: "./${{ matrix.pkg }}"
-          # Diff/MergeOp tests are skipped
-          TESTFLAGS: "-v --parallel=1 --timeout=30m --run=/^Test([^DM]|.[^ie]|..[^fr]|...[^fg])/worker=dockerd$"
-        working-directory: buildkit

.github/workflows/ci.yml

@@ -1,127 +0,0 @@
-name: ci
-
-# Default to 'contents: read', which grants actions to read commits.
-#
-# If any permission is set, any permission not included in the list is
-# implicitly set to "none".
-#
-# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-    tags:
-      - 'v*'
-  pull_request:
-
-env:
-  DESTDIR: ./build
-
-jobs:
-  validate-dco:
-    uses: ./.github/workflows/.dco.yml
-
-  build:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    needs:
-      - validate-dco
-    strategy:
-      fail-fast: false
-      matrix:
-        target:
-          - binary
-          - dynbinary
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build
-        uses: docker/bake-action@v5
-        with:
-          targets: ${{ matrix.target }}
-      -
-        name: List artifacts
-        run: |
-          tree -nh ${{ env.DESTDIR }}
-      -
-        name: Check artifacts
-        run: |
-          find ${{ env.DESTDIR }} -type f -exec file -e ascii -- {} +
-
-  prepare-cross:
-    runs-on: ubuntu-latest
-    timeout-minutes: 20 # guardrails timeout for the whole job
-    needs:
-      - validate-dco
-    outputs:
-      matrix: ${{ steps.platforms.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Create matrix
-        id: platforms
-        run: |
-          matrix="$(docker buildx bake binary-cross --print | jq -cr '.target."binary-cross".platforms')"
-          echo "matrix=$matrix" >> $GITHUB_OUTPUT
-      -
-        name: Show matrix
-        run: |
-          echo ${{ steps.platforms.outputs.matrix }}
-
-  cross:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 20 # guardrails timeout for the whole job
-    needs:
-      - validate-dco
-      - prepare-cross
-    strategy:
-      fail-fast: false
-      matrix:
-        platform: ${{ fromJson(needs.prepare-cross.outputs.matrix) }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      -
-        name: Prepare
-        run: |
-          platform=${{ matrix.platform }}
-          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build
-        uses: docker/bake-action@v5
-        with:
-          targets: all
-          set: |
-            *.platform=${{ matrix.platform }}
-      -
-        name: List artifacts
-        run: |
-          tree -nh ${{ env.DESTDIR }}
-      -
-        name: Check artifacts
-        run: |
-          find ${{ env.DESTDIR }} -type f -exec file -e ascii -- {} +

.github/workflows/test.yml

@@ -1,585 +0,0 @@
-name: test
-
-# Default to 'contents: read', which grants actions to read commits.
-#
-# If any permission is set, any permission not included in the list is
-# implicitly set to "none".
-#
-# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-    tags:
-      - 'v*'
-  pull_request:
-
-env:
-  GO_VERSION: "1.23.9"
-  GOTESTLIST_VERSION: v0.3.1
-  TESTSTAT_VERSION: v0.1.3
-  ITG_CLI_MATRIX_SIZE: 6
-  DOCKER_EXPERIMENTAL: 1
-  DOCKER_GRAPHDRIVER: overlay2
-
-jobs:
-  validate-dco:
-    uses: ./.github/workflows/.dco.yml
-
-  build-dev:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    needs:
-      - validate-dco
-    strategy:
-      fail-fast: false
-      matrix:
-        mode:
-          - ""
-          - systemd
-    steps:
-      -
-        name: Prepare
-        run: |
-          if [ "${{ matrix.mode }}" = "systemd" ]; then
-            echo "SYSTEMD=true" >> $GITHUB_ENV
-          fi
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build dev image
-        uses: docker/bake-action@v5
-        with:
-          targets: dev
-          set: |
-            *.cache-from=type=gha,scope=dev${{ matrix.mode }}
-            *.cache-to=type=gha,scope=dev${{ matrix.mode }},mode=max
-            *.output=type=cacheonly
-
-  validate-prepare:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    needs:
-      - validate-dco
-    outputs:
-      matrix: ${{ steps.scripts.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Create matrix
-        id: scripts
-        run: |
-          scripts=$(jq -ncR '[inputs]' <<< "$(ls -I .validate -I all -I default -I dco -I golangci-lint.yml -I yamllint.yaml -A ./hack/validate/)")
-          echo "matrix=$scripts" >> $GITHUB_OUTPUT
-      -
-        name: Show matrix
-        run: |
-          echo ${{ steps.scripts.outputs.matrix }}
-
-  validate:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    needs:
-      - validate-prepare
-      - build-dev
-    strategy:
-      fail-fast: true
-      matrix:
-        script: ${{ fromJson(needs.validate-prepare.outputs.matrix) }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build dev image
-        uses: docker/bake-action@v5
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Validate
-        run: |
-          make -o build validate-${{ matrix.script }}
-
-  unit:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120
-    needs:
-      - build-dev
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build dev image
-        uses: docker/bake-action@v5
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Test
-        run: |
-          make -o build test-unit
-      -
-        name: Prepare reports
-        if: always()
-        run: |
-          mkdir -p bundles /tmp/reports
-          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
-          tar -xzf /tmp/reports.tar.gz -C /tmp/reports
-          sudo chown -R $(id -u):$(id -g) /tmp/reports
-          tree -nh /tmp/reports
-      -
-        name: Send to Codecov
-        uses: codecov/codecov-action@v4
-        with:
-          directory: ./bundles
-          env_vars: RUNNER_OS
-          flags: unit
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: test-reports-unit-${{ inputs.storage }}
-          path: /tmp/reports/*
-          retention-days: 1
-
-  unit-report:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 10
-    if: always()
-    needs:
-      - unit
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download reports
-        uses: actions/download-artifact@v4
-        with:
-          name: test-reports-unit-${{ inputs.storage }}
-          path: /tmp/reports
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
-
-  docker-py:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120
-    needs:
-      - build-dev
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build dev image
-        uses: docker/bake-action@v5
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Test
-        run: |
-          make TEST_SKIP_INTEGRATION_CLI=1 -o build test-docker-py
-      -
-        name: Prepare reports
-        if: always()
-        run: |
-          mkdir -p bundles /tmp/reports
-          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
-          tar -xzf /tmp/reports.tar.gz -C /tmp/reports
-          sudo chown -R $(id -u):$(id -g) /tmp/reports
-          tree -nh /tmp/reports
-      -
-        name: Test daemon logs
-        if: always()
-        run: |
-          cat bundles/test-docker-py/docker.log
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: test-reports-docker-py-${{ inputs.storage }}
-          path: /tmp/reports/*
-
-  integration-flaky:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120
-    needs:
-      - build-dev
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build dev image
-        uses: docker/bake-action@v5
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Test
-        run: |
-          make -o build test-integration-flaky
-        env:
-          TEST_SKIP_INTEGRATION_CLI: 1
-
-  integration:
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 120
-    needs:
-      - build-dev
-    strategy:
-      fail-fast: false
-      matrix:
-        os:
-          - ubuntu-22.04
-          - ubuntu-24.04
-        mode:
-          - ""
-          - rootless
-          - systemd
-          #- rootless-systemd FIXME: https://github.com/moby/moby/issues/44084
-        exclude:
-          - os: ubuntu-24.04
-            mode: rootless # FIXME: https://github.com/moby/moby/pull/49579#issuecomment-2698622223
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Prepare
-        run: |
-          CACHE_DEV_SCOPE=dev
-          if [[ "${{ matrix.mode }}" == *"rootless"* ]]; then
-            echo "DOCKER_ROOTLESS=1" >> $GITHUB_ENV
-          fi
-          if [[ "${{ matrix.mode }}" == *"systemd"* ]]; then
-            echo "SYSTEMD=true" >> $GITHUB_ENV
-            CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}systemd"
-          fi
-          echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build dev image
-        uses: docker/bake-action@v5
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=${{ env.CACHE_DEV_SCOPE }}
-      -
-        name: Test
-        run: |
-          make -o build test-integration
-        env:
-          TEST_SKIP_INTEGRATION_CLI: 1
-          TESTCOVERAGE: 1
-      -
-        name: Prepare reports
-        if: always()
-        run: |
-          reportsName=${{ matrix.os }}
-          if [ -n "${{ matrix.mode }}" ]; then
-            reportsName="$reportsName-${{ matrix.mode }}"
-          fi
-          reportsPath="/tmp/reports/$reportsName"
-          echo "TESTREPORTS_NAME=$reportsName" >> $GITHUB_ENV
-          mkdir -p bundles $reportsPath
-          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
-          tar -xzf /tmp/reports.tar.gz -C $reportsPath
-          sudo chown -R $(id -u):$(id -g) $reportsPath
-          tree -nh $reportsPath
-      -
-        name: Send to Codecov
-        uses: codecov/codecov-action@v4
-        with:
-          directory: ./bundles/test-integration
-          env_vars: RUNNER_OS
-          flags: integration,${{ matrix.mode }}
-      -
-        name: Test daemon logs
-        if: always()
-        run: |
-          cat bundles/test-integration/docker.log
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: test-reports-integration-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}
-          path: /tmp/reports/*
-
-  integration-report:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 10
-    if: always()
-    needs:
-      - integration
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download reports
-        uses: actions/download-artifact@v4
-        with:
-          path: /tmp/reports
-          pattern: test-reports-integration-${{ inputs.storage }}-*
-          merge-multiple: true
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
-
-  integration-cli-prepare:
-    runs-on: ubuntu-24.04
-    needs:
-      - validate-dco
-    outputs:
-      matrix: ${{ steps.tests.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Install gotestlist
-        run:
-          go install github.com/crazy-max/gotestlist/cmd/gotestlist@${{ env.GOTESTLIST_VERSION }}
-      -
-        name: Create matrix
-        id: tests
-        working-directory: ./integration-cli
-        run: |
-          # This step creates a matrix for integration-cli tests. Tests suites
-          # are distributed in integration-cli job through a matrix. There is
-          # also overrides being added to the matrix like "./..." to run
-          # "Test integration" step exclusively and specific tests suites that
-          # take a long time to run.
-          matrix="$(gotestlist -d ${{ env.ITG_CLI_MATRIX_SIZE }} -o "./..." -o "DockerSwarmSuite" -o "DockerNetworkSuite|DockerExternalVolumeSuite" ./...)"
-          echo "matrix=$matrix" >> $GITHUB_OUTPUT
-      -
-        name: Show matrix
-        run: |
-          echo ${{ steps.tests.outputs.matrix }}
-
-  integration-cli:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120
-    needs:
-      - build-dev
-      - integration-cli-prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        test: ${{ fromJson(needs.integration-cli-prepare.outputs.matrix) }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build dev image
-        uses: docker/bake-action@v5
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Test
-        run: |
-          make -o build test-integration
-        env:
-          TEST_SKIP_INTEGRATION: 1
-          TESTCOVERAGE: 1
-          TESTFLAGS: "-test.run (${{ matrix.test }})/"
-      -
-        name: Prepare reports
-        if: always()
-        run: |
-          reportsName=$(echo -n "${{ matrix.test }}" | sha256sum | cut -d " " -f 1)
-          reportsPath=/tmp/reports/$reportsName
-          echo "TESTREPORTS_NAME=$reportsName" >> $GITHUB_ENV
-          mkdir -p bundles $reportsPath
-          echo "${{ matrix.test }}" | tr -s '|' '\n' | tee -a "$reportsPath/tests.txt"
-          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
-          tar -xzf /tmp/reports.tar.gz -C $reportsPath
-          sudo chown -R $(id -u):$(id -g) $reportsPath
-          tree -nh $reportsPath
-      -
-        name: Send to Codecov
-        uses: codecov/codecov-action@v4
-        with:
-          directory: ./bundles/test-integration
-          env_vars: RUNNER_OS
-          flags: integration-cli
-      -
-        name: Test daemon logs
-        if: always()
-        run: |
-          cat bundles/test-integration/docker.log
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: test-reports-integration-cli-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}
-          path: /tmp/reports/*
-
-  integration-cli-report:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 10
-    if: always()
-    needs:
-      - integration-cli
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download reports
-        uses: actions/download-artifact@v4
-        with:
-          path: /tmp/reports
-          pattern: test-reports-integration-cli-${{ inputs.storage }}-*
-          merge-multiple: true
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
-
-  prepare-smoke:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    needs:
-      - validate-dco
-    outputs:
-      matrix: ${{ steps.platforms.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Create matrix
-        id: platforms
-        run: |
-          matrix="$(docker buildx bake binary-smoketest --print | jq -cr '.target."binary-smoketest".platforms')"
-          echo "matrix=$matrix" >> $GITHUB_OUTPUT
-      -
-        name: Show matrix
-        run: |
-          echo ${{ steps.platforms.outputs.matrix }}
-
-  smoke:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120 # guardrails timeout for the whole job
-    needs:
-      - prepare-smoke
-    strategy:
-      fail-fast: false
-      matrix:
-        platform: ${{ fromJson(needs.prepare-smoke.outputs.matrix) }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Prepare
-        run: |
-          platform=${{ matrix.platform }}
-          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Test
-        uses: docker/bake-action@v5
-        with:
-          targets: binary-smoketest
-          set: |
-            *.platform=${{ matrix.platform }}

.github/workflows/windows-2019.yml

@@ -1,31 +0,0 @@
-name: windows-2019
-
-# Default to 'contents: read', which grants actions to read commits.
-#
-# If any permission is set, any permission not included in the list is
-# implicitly set to "none".
-#
-# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  schedule:
-    - cron: '0 10 * * *'
-  workflow_dispatch:
-
-jobs:
-  validate-dco:
-    uses: ./.github/workflows/.dco.yml
-
-  run:
-    needs:
-      - validate-dco
-    uses: ./.github/workflows/.windows.yml
-    with:
-      os: windows-2019
-      send_coverage: false

.github/workflows/windows-2022.yml

@@ -1,34 +0,0 @@
-name: windows-2022
-
-# Default to 'contents: read', which grants actions to read commits.
-#
-# If any permission is set, any permission not included in the list is
-# implicitly set to "none".
-#
-# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-  pull_request:
-
-jobs:
-  validate-dco:
-    uses: ./.github/workflows/.dco.yml
-
-  run:
-    needs:
-      - validate-dco
-    uses: ./.github/workflows/.windows.yml
-    with:
-      os: windows-2022
-      send_coverage: true

.gitignore

@@ -1,28 +1,22 @@
-# If you want to ignore files created by your editor/tools, please consider a
-# [global .gitignore](https://help.github.com/articles/ignoring-files).
-
-*~
-*.bak
+# Docker project generated files to ignore
+#  if you want to ignore files created by your editor/tools,
+#  please consider a global .gitignore https://help.github.com/articles/ignoring-files
+*.exe
+*.exe~
 *.orig
+test.main
 .*.swp
 .DS_Store
-thumbs.db
-
-# local repository customization
-.envrc
+# a .bashrc may be added to customize the build environment
 .bashrc
 .editorconfig
-
-# build artifacts
+.gopath/
+.go-pkg-cache/
+autogen/
 bundles/
-cli/winresources/*/*.syso
-cli/winresources/*/winres.json
+cmd/dockerd/dockerd
 contrib/builder/rpm/*/changelog
-
-# ci artifacts
-*.exe
-*.gz
-go-test-report.json
-junit-report.xml
-profile.out
-test.main
+dockerversion/version_autogen.go
+dockerversion/version_autogen_unix.go
+vendor/pkg/
+hack/integration-cli-on-swarm/integration-cli-on-swarm

.mailmap

@@ -1,74 +1,41 @@
-# This file lists the canonical name and email of contributors, and is used to
-# generate AUTHORS (in hack/generate-authors.sh).
-#
-# To find new duplicates, regenerate AUTHORS and scan for name duplicates, or
-# run the following to find email duplicates:
-#   git log --format='%aE - %aN' | sort -uf | awk -v IGNORECASE=1 '$1 in a {print a[$1]; print}; {a[$1]=$0}'
-#
-# For an explanation of this file format, consult gitmailmap(5).
+# Generate AUTHORS: hack/generate-authors.sh
 
+# Tip for finding duplicates (besides scanning the output of AUTHORS for name
+# duplicates that aren't also email duplicates): scan the output of:
+#   git log --format='%aE - %aN' | sort -uf
+#
+# For explanation on this file format: man git-shortlog
+
+<21551195@zju.edu.cn> <hsinko@users.noreply.github.com>
+<mr.wrfly@gmail.com> <wrfly@users.noreply.github.com>
 Aaron L. Xu <liker.xu@foxmail.com>
-Aaron L. Xu <liker.xu@foxmail.com> <likexu@harmonycloud.cn>
-Aaron Lehmann <alehmann@netflix.com>
-Aaron Lehmann <alehmann@netflix.com> <aaron.lehmann@docker.com>
-Abhinandan Prativadi <aprativadi@gmail.com>
-Abhinandan Prativadi <aprativadi@gmail.com> <abhi@docker.com>
-Abhinandan Prativadi <aprativadi@gmail.com> abhi <user.email>
-Abhishek Chanda <abhishek.becs@gmail.com>
-Abhishek Chanda <abhishek.becs@gmail.com> <abhishek.chanda@emc.com>
-Ada Mancini <ada@docker.com>
-Adam Dobrawy <naczelnik@jawnosc.tk>
-Adam Dobrawy <naczelnik@jawnosc.tk> <ad-m@users.noreply.github.com>
+Abhinandan Prativadi <abhi@docker.com>
 Adrien Gallouët <adrien@gallouet.fr> <angt@users.noreply.github.com>
 Ahmed Kamal <email.ahmedkamal@googlemail.com>
 Ahmet Alp Balkan <ahmetb@microsoft.com> <ahmetalpbalkan@gmail.com>
-AJ Bowen <aj@soulshake.net>
-AJ Bowen <aj@soulshake.net> <aj@gandi.net>
-AJ Bowen <aj@soulshake.net> <amy@gandi.net>
+AJ Bowen <aj@gandi.net>
+AJ Bowen <aj@gandi.net> <amy@gandi.net>
 Akihiro Matsushima <amatsusbit@gmail.com> <amatsus@users.noreply.github.com>
-Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
-Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> <suda.akihiro@lab.ntt.co.jp>
-Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> <suda.kyoto@gmail.com>
-Akshay Moghe <akshay.moghe@gmail.com>
-Albin Kerouanton <albinker@gmail.com>
-Albin Kerouanton <albinker@gmail.com> <albin@akerouanton.name>
+Akihiro Suda <suda.akihiro@lab.ntt.co.jp> <suda.kyoto@gmail.com>
 Aleksa Sarai <asarai@suse.de>
 Aleksa Sarai <asarai@suse.de> <asarai@suse.com>
 Aleksa Sarai <asarai@suse.de> <cyphar@cyphar.com>
 Aleksandrs Fadins <aleks@s-ko.net>
-Alessandro Boch <aboch@tetrationanalytics.com>
 Alessandro Boch <aboch@tetrationanalytics.com> <aboch@docker.com>
-Alessandro Boch <aboch@tetrationanalytics.com> <aboch@socketplane.io>
-Alessandro Boch <aboch@tetrationanalytics.com> <aboch@users.noreply.github.com>
-Alex Chan <alex@alexwlchan.net>
-Alex Chan <alex@alexwlchan.net> <alex.chan@metaswitch.com>
 Alex Chen <alexchenunix@gmail.com> <root@localhost.localdomain>
 Alex Ellis <alexellis2@gmail.com>
-Alex Goodman <wagoodman@gmail.com> <wagoodman@users.noreply.github.com>
 Alexander Larsson <alexl@redhat.com> <alexander.larsson@gmail.com>
-Alexander Morozov <lk4d4math@gmail.com>
-Alexander Morozov <lk4d4math@gmail.com> <lk4d4@docker.com>
+Alexander Morozov <lk4d4@docker.com>
+Alexander Morozov <lk4d4@docker.com> <lk4d4math@gmail.com>
 Alexandre Beslic <alexandre.beslic@gmail.com> <abronan@docker.com>
-Alexandre González <agonzalezro@gmail.com>
-Alexis Ries <ries.alexis@gmail.com>
-Alexis Ries <ries.alexis@gmail.com> <alexis.ries.ext@orange.com>
-Alexis Thomas <fr.alexisthomas@gmail.com>
 Alicia Lauerman <alicia@eta.im> <allydevour@me.com>
 Allen Sun <allensun.shl@alibaba-inc.com> <allen.sun@daocloud.io>
 Allen Sun <allensun.shl@alibaba-inc.com> <shlallen1990@gmail.com>
-Anca Iordache <anca.iordache@docker.com>
-Andrea Denisse Gómez <crypto.andrea@protonmail.ch>
-Andrew Kim <taeyeonkim90@gmail.com>
-Andrew Kim <taeyeonkim90@gmail.com> <akim01@fortinet.com>
 Andrew Weiss <andrew.weiss@docker.com> <andrew.weiss@microsoft.com>
 Andrew Weiss <andrew.weiss@docker.com> <andrew.weiss@outlook.com>
-Andrey Kolomentsev <andrey.kolomentsev@docker.com>
-Andrey Kolomentsev <andrey.kolomentsev@docker.com> <andrey.kolomentsev@gmail.com>
 André Martins  <aanm90@gmail.com> <martins@noironetworks.com>
 Andy Rothfusz <github@developersupport.net> <github@metaliveblog.com>
 Andy Smith <github@anarkystic.com>
-Andy Zhang <andy.zhangtao@hotmail.com>
-Andy Zhang <andy.zhangtao@hotmail.com> <ztao@tibco-support.com>
 Ankush Agarwal <ankushagarwal11@gmail.com> <ankushagarwal@users.noreply.github.com>
 Antonio Murdaca <antonio.murdaca@gmail.com> <amurdaca@redhat.com>
 Antonio Murdaca <antonio.murdaca@gmail.com> <me@runcom.ninja>
@@ -78,45 +45,27 @@ Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@users.noreply.github.com>
 Anuj Bahuguna <anujbahuguna.dev@gmail.com>
 Anuj Bahuguna <anujbahuguna.dev@gmail.com> <abahuguna@fiberlink.com>
 Anusha Ragunathan <anusha.ragunathan@docker.com> <anusha@docker.com>
-Anyu Wang <wanganyu@outlook.com>
-Arko Dasgupta <arko@tetrate.io>
-Arko Dasgupta <arko@tetrate.io> <arko.dasgupta@docker.com>
-Arko Dasgupta <arko@tetrate.io> <arkodg@users.noreply.github.com>
-Arnaud Porterie <icecrime@gmail.com>
-Arnaud Porterie <icecrime@gmail.com> <arnaud.porterie@docker.com>
-Arnaud Rebillout <arnaud.rebillout@collabora.com>
-Arnaud Rebillout <arnaud.rebillout@collabora.com> <elboulangero@gmail.com>
+Arnaud Porterie <arnaud.porterie@docker.com>
+Arnaud Porterie <arnaud.porterie@docker.com> <icecrime@gmail.com>
 Arthur Gautier <baloo@gandi.net> <superbaloo+registrations.github@superbaloo.net>
-Artur Meyster <arthurfbi@yahoo.com>
 Avi Miller <avi.miller@oracle.com> <avi.miller@gmail.com>
 Ben Bonnefoy <frenchben@docker.com>
 Ben Golub <ben.golub@dotcloud.com>
 Ben Toews <mastahyeti@gmail.com> <mastahyeti@users.noreply.github.com>
-Benny Ng <benny.tpng@gmail.com>
 Benoit Chesneau <bchesneau@gmail.com>
-Bevisy Zhang <binbin36520@gmail.com>
 Bhiraj Butala <abhiraj.butala@gmail.com>
 Bhumika Bayani <bhumikabayani@gmail.com>
 Bilal Amarni <bilal.amarni@gmail.com> <bamarni@users.noreply.github.com>
-Bill Wang <ozbillwang@gmail.com> <SydOps@users.noreply.github.com>
-Bily Zhang <xcoder@tenxcloud.com>
 Bin Liu <liubin0329@gmail.com>
 Bin Liu <liubin0329@gmail.com> <liubin0329@users.noreply.github.com>
 Bingshen Wang <bingshen.wbs@alibaba-inc.com>
 Boaz Shuster <ripcurld.github@gmail.com>
-Bojun Zhu <bojun.zhu@foxmail.com>
-Boqin Qin <bobbqqin@gmail.com>
-Boshi Lian <farmer1992@gmail.com>
 Brandon Philips <brandon.philips@coreos.com> <brandon@ifup.co>
 Brandon Philips <brandon.philips@coreos.com> <brandon@ifup.org>
 Brent Salisbury <brent.salisbury@docker.com> <brent@docker.com>
 Brian Goff <cpuguy83@gmail.com>
 Brian Goff <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.home>
 Brian Goff <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.local>
-Brian Goff <cpuguy83@gmail.com> <brian.goff@microsoft.com>
-Brian Goff <cpuguy83@gmail.com> <cpuguy@hey.com>
-Cameron Sparr <gh@sparr.email>
-Carlos de Paula <me@carlosedp.com>
 Chander Govindarajan <chandergovind@gmail.com>
 Chao Wang <wangchao.fnst@cn.fujitsu.com> <chaowang@localhost.localdomain>
 Charles Hooper <charles.hooper@dotcloud.com> <chooper@plumata.com>
@@ -125,19 +74,12 @@ Chen Chuanliang <chen.chuanliang@zte.com.cn>
 Chen Mingjie <chenmingjie0828@163.com>
 Chen Qiu <cheney-90@hotmail.com>
 Chen Qiu <cheney-90@hotmail.com> <21321229@zju.edu.cn>
-Chengfei Shang <cfshang@alauda.io>
 Chris Dias <cdias@microsoft.com>
 Chris McKinnel <chris.mckinnel@tangentlabs.co.uk>
-Chris Price <cprice@mirantis.com>
-Chris Price <cprice@mirantis.com> <chris.price@docker.com>
-Chris Telfer <ctelfer@docker.com>
-Chris Telfer <ctelfer@docker.com> <ctelfer@users.noreply.github.com>
 Christopher Biscardi <biscarch@sketcht.com>
 Christopher Latham <sudosurootdev@gmail.com>
-Christy Norman <christy@linux.vnet.ibm.com>
 Chun Chen <ramichen@tencent.com> <chenchun.feed@gmail.com>
 Corbin Coleman <corbin.coleman@docker.com>
-Cristian Ariza <dev@cristianrz.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 Cristian Staretu <cristian.staretu@gmail.com> <unclejack@users.noreply.github.com>
 Cristian Staretu <cristian.staretu@gmail.com> <unclejacksons@gmail.com>
@@ -150,195 +92,114 @@ Daniel Dao <dqminh@cloudflare.com>
 Daniel Dao <dqminh@cloudflare.com> <dqminh89@gmail.com>
 Daniel Garcia <daniel@danielgarcia.info>
 Daniel Gasienica <daniel@gasienica.ch> <dgasienica@zynga.com>
-Daniel Goosen <daniel.goosen@surveysampling.com> <djgoosen@users.noreply.github.com>
 Daniel Grunwell <mwgrunny@gmail.com>
-Daniel Hiltgen <daniel.hiltgen@docker.com> <dhiltgen@users.noreply.github.com>
 Daniel J Walsh <dwalsh@redhat.com>
 Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com> <daniel@dotcloud.com>
 Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com> <mzdaniel@glidelink.net>
 Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com> <root@vagrant-ubuntu-12.10.vagrantup.com>
 Daniel Nephin <dnephin@docker.com> <dnephin@gmail.com>
 Daniel Norberg <dano@spotify.com> <daniel.norberg@gmail.com>
-Daniel Watkins <daniel@daniel-watkins.co.uk>
-Daniel Zhang <jmzwcn@gmail.com>
 Danny Yates <danny@codeaholics.org> <Danny.Yates@mailonline.co.uk>
 Darren Shepherd <darren.s.shepherd@gmail.com> <darren@rancher.com>
 Dattatraya Kumbhar <dattatraya.kumbhar@gslab.com>
-Dave Goodchild <buddhamagnet@gmail.com>
 Dave Henderson <dhenderson@gmail.com> <Dave.Henderson@ca.ibm.com>
 Dave Tucker <dt@docker.com> <dave@dtucker.co.uk>
 David M. Karr <davidmichaelkarr@gmail.com>
 David Sheets <dsheets@docker.com> <sheets@alum.mit.edu>
 David Sissitka <me@dsissitka.com>
-David Williamson <david.williamson@docker.com> <davidwilliamson@users.noreply.github.com>
-Derek Ch <denc716@gmail.com>
-Derek McGowan <derek@mcg.dev>
-Derek McGowan <derek@mcg.dev> <derek@mcgstyle.net>
 Deshi Xiao <dxiao@redhat.com> <dsxiao@dataman-inc.com>
 Deshi Xiao <dxiao@redhat.com> <xiaods@gmail.com>
-Dhilip Kumars <dhilip.kumar.s@huawei.com>
 Diego Siqueira <dieg0@live.com>
 Diogo Monica <diogo@docker.com> <diogo.monica@gmail.com>
-Dmitry Sharshakov <d3dx12.xx@gmail.com>
-Dmitry Sharshakov <d3dx12.xx@gmail.com> <sh7dm@outlook.com>
-Dmytro Iakovliev <dmytro.iakovliev@zodiacsystems.com>
-Dominic Yin <yindongchao@inspur.com>
 Dominik Honnef <dominik@honnef.co> <dominikh@fork-bomb.org>
 Doug Davis <dug@us.ibm.com> <duglin@users.noreply.github.com>
 Doug Tangren <d.tangren@gmail.com>
-Drew Erny <derny@mirantis.com>
-Drew Erny <derny@mirantis.com> <drew.erny@docker.com>
 Elan Ruusamäe <glen@pld-linux.org>
 Elan Ruusamäe <glen@pld-linux.org> <glen@delfi.ee>
-Elango Sivanandam <elango.siva@docker.com>
-Elango Sivanandam <elango.siva@docker.com> <elango@docker.com>
-Eli Uriegas <seemethere101@gmail.com>
-Eli Uriegas <seemethere101@gmail.com> <eli.uriegas@docker.com>
 Eric G. Noriega <enoriega@vizuri.com> <egnoriega@users.noreply.github.com>
 Eric Hanchrow <ehanchrow@ine.com> <eric.hanchrow@gmail.com>
-Eric Rosenberg <ehaydenr@gmail.com> <ehaydenr@users.noreply.github.com>
 Erica Windisch <erica@windisch.us> <eric@windisch.us>
 Erica Windisch <erica@windisch.us> <ewindisch@docker.com>
 Erik Hollensbe <github@hollensbe.org> <erik+github@hollensbe.org>
 Erwin van der Koogh <info@erronis.nl>
-Ethan Bell <ebgamer29@gmail.com>
 Euan Kemp <euan.kemp@coreos.com> <euank@amazon.com>
 Eugen Krizo <eugen.krizo@gmail.com>
-Evan Hazlett <ejhazlett@gmail.com> <ehazlett@users.noreply.github.com>
 Evelyn Xu <evelynhsu21@gmail.com>
 Evgeny Shmarnev <shmarnev@gmail.com>
 Faiz Khan <faizkhan00@gmail.com>
-Fangming Fang <fangming.fang@arm.com>
-Felix Hupfeld <felix@quobyte.com> <quofelix@users.noreply.github.com>
 Felix Ruess <felix.ruess@gmail.com> <felix.ruess@roboception.de>
 Feng Yan <fy2462@gmail.com>
 Fengtu Wang <wangfengtu@huawei.com> <wangfengtu@huawei.com>
 Francisco Carriedo <fcarriedo@gmail.com>
 Frank Rosquin <frank.rosquin+github@gmail.com> <frank.rosquin@gmail.com>
-Frank Yang <yyb196@gmail.com>
 Frederick F. Kautz IV <fkautz@redhat.com> <fkautz@alumni.cmu.edu>
-Fu JinLin <withlin@yeah.net>
-Gabriel Goller <gabrielgoller123@gmail.com>
 Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
-Gaetan de Villele <gdevillele@gmail.com>
 Gang Qiao <qiaohai8866@gmail.com> <1373319223@qq.com>
-Geon Kim <geon0250@gmail.com>
 George Kontridze <george@bugsnag.com>
 Gerwim Feiken <g.feiken@tfe.nl> <gerwim@gmail.com>
 Giampaolo Mancini <giampaolo@trampolineup.com>
-Giovan Isa Musthofa <giovanism@outlook.co.id>
 Gopikannan Venugopalsamy <gopikannan.venugopalsamy@gmail.com>
 Gou Rao <gou@portworx.com> <gourao@users.noreply.github.com>
-Grant Millar <rid@cylo.io>
-Grant Millar <rid@cylo.io> <grant@cylo.io>
-Grant Millar <rid@cylo.io> <grant@seednet.eu>
 Greg Stephens <greg@udon.org>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <charmes.guillaume@gmail.com>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume.charmes@dotcloud.com>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@charmes.net>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@docker.com>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@dotcloud.com>
-Gunadhya S. <6939749+gunadhya@users.noreply.github.com>
-Guoqiang QI <guoqiang.qi1@gmail.com>
-Guri <odg0318@gmail.com>
 Gurjeet Singh <gurjeet@singh.im> <singh.gurjeet@gmail.com>
 Gustav Sinder <gustav.sinder@gmail.com>
-Günther Jungbluth <gunther@gameslabs.net>
 Hakan Özler <hakan.ozler@kodcu.com>
-Hao Shu Wei <haoshuwei24@gmail.com>
-Hao Shu Wei <haoshuwei24@gmail.com> <haoshuwei1989@163.com>
-Hao Shu Wei <haoshuwei24@gmail.com> <haosw@cn.ibm.com>
+Hao Shu Wei <haosw@cn.ibm.com>
+Hao Shu Wei <haosw@cn.ibm.com> <haoshuwei1989@163.com>
 Harald Albers <github@albersweb.de> <albers@users.noreply.github.com>
-Harald Niesche <harald@niesche.de>
 Harold Cooper <hrldcpr@gmail.com>
-Harry Zhang <harryz@hyper.sh>
 Harry Zhang <harryz@hyper.sh> <harryzhang@zju.edu.cn>
 Harry Zhang <harryz@hyper.sh> <resouer@163.com>
 Harry Zhang <harryz@hyper.sh> <resouer@gmail.com>
+Harry Zhang <resouer@163.com>
 Harshal Patil <harshal.patil@in.ibm.com> <harche@users.noreply.github.com>
-He Simei <hesimei@zju.edu.cn>
 Helen Xie <chenjg@harmonycloud.cn>
-Hiroyuki Sasagawa <hs19870702@gmail.com>
 Hollie Teal <hollie@docker.com>
 Hollie Teal <hollie@docker.com> <hollie.teal@docker.com>
 Hollie Teal <hollie@docker.com> <hollietealok@users.noreply.github.com>
-hsinko <21551195@zju.edu.cn> <hsinko@users.noreply.github.com>
 Hu Keping <hukeping@huawei.com>
-Hui Kang <hkang.sunysb@gmail.com>
-Hui Kang <hkang.sunysb@gmail.com> <kangh@us.ibm.com>
 Huu Nguyen <huu@prismskylabs.com> <whoshuu@gmail.com>
-Hyeongkyu Lee <hyeongkyu.lee@navercorp.com>
 Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com>
 Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com> <1187766782@qq.com>
-Ian Campbell <ian.campbell@docker.com>
-Ian Campbell <ian.campbell@docker.com> <ijc@docker.com>
-Ilya Khlopotov <ilya.khlopotov@gmail.com>
-Iskander Sharipov <quasilyte@gmail.com>
-Ivan Babrou <ibobrik@gmail.com>
-Ivan Markin <sw@nogoegst.net> <twim@riseup.net>
 Jack Laxson <jackjrabbit@gmail.com>
 Jacob Atzen <jacob@jacobatzen.dk> <jatzen@gmail.com>
 Jacob Tomlinson <jacob@tom.linson.uk> <jacobtomlinson@users.noreply.github.com>
-Jaivish Kothari <janonymous.codevulture@gmail.com>
-Jake Moshenko <jake@devtable.com>
-Jakub Drahos <jdrahos@pulsepoint.com>
-Jakub Drahos <jdrahos@pulsepoint.com> <jack.drahos@gmail.com>
-James Nesbitt <jnesbitt@mirantis.com>
-James Nesbitt <jnesbitt@mirantis.com> <james.nesbitt@wunderkraut.com>
-Jamie Hannaford <jamie@limetree.org> <jamie.hannaford@rackspace.com>
-Jan Götte <jaseg@jaseg.net>
-Jana Radhakrishnan <mrjana@docker.com>
-Jana Radhakrishnan <mrjana@docker.com> <mrjana@socketplane.io>
-Javier Bassi <javierbassi@gmail.com>
-Javier Bassi <javierbassi@gmail.com> <CrimsonGlory@users.noreply.github.com>
-Jay Lim <jay@imjching.com>
-Jay Lim <jay@imjching.com> <imjching@hotmail.com>
-Jean Rouge <rougej+github@gmail.com> <jer329@cornell.edu>
 Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
 Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
 Jean-Tiare Le Bigot <jt@yadutaf.fr> <admin@jtlebi.fr>
 Jeff Anderson <jeff@docker.com> <jefferya@programmerq.net>
 Jeff Nickoloff <jeff.nickoloff@gmail.com> <jeff@allingeek.com>
 Jeroen Franse <jeroenfranse@gmail.com>
-Jessica Frazelle <jess@oxide.computer>
-Jessica Frazelle <jess@oxide.computer> <acidburn@docker.com>
-Jessica Frazelle <jess@oxide.computer> <acidburn@google.com>
-Jessica Frazelle <jess@oxide.computer> <acidburn@microsoft.com>
-Jessica Frazelle <jess@oxide.computer> <jess@docker.com>
-Jessica Frazelle <jess@oxide.computer> <jess@mesosphere.com>
-Jessica Frazelle <jess@oxide.computer> <jessfraz@google.com>
-Jessica Frazelle <jess@oxide.computer> <jfrazelle@users.noreply.github.com>
-Jessica Frazelle <jess@oxide.computer> <me@jessfraz.com>
-Jessica Frazelle <jess@oxide.computer> <princess@docker.com>
-Jian Liao <jliao@alauda.io>
-Jiang Jinyang <jjyruby@gmail.com>
-Jiang Jinyang <jjyruby@gmail.com> <jiangjinyang@outlook.com>
+Jessica Frazelle <jessfraz@google.com>
+Jessica Frazelle <jessfraz@google.com> <acidburn@docker.com>
+Jessica Frazelle <jessfraz@google.com> <acidburn@google.com>
+Jessica Frazelle <jessfraz@google.com> <jess@docker.com>
+Jessica Frazelle <jessfraz@google.com> <jess@mesosphere.com>
+Jessica Frazelle <jessfraz@google.com> <jfrazelle@users.noreply.github.com>
+Jessica Frazelle <jessfraz@google.com> <me@jessfraz.com>
+Jessica Frazelle <jessfraz@google.com> <princess@docker.com>
 Jim Galasyn <jim.galasyn@docker.com>
 Jiuyue Ma <majiuyue@huawei.com>
-Joey Geiger <jgeiger@gmail.com>
 Joffrey F <joffrey@docker.com>
 Joffrey F <joffrey@docker.com> <f.joffrey@gmail.com>
 Joffrey F <joffrey@docker.com> <joffrey@dotcloud.com>
 Johan Euphrosine <proppy@google.com> <proppy@aminche.com>
 John Harris <john@johnharris.io>
-John Howard <github@lowenna.com>
-John Howard <github@lowenna.com> <10522484+lowenna@users.noreply.github.com>
-John Howard <github@lowenna.com> <jhoward@microsoft.com>
-John Howard <github@lowenna.com> <jhoward@ntdev.microsoft.com>
-John Howard <github@lowenna.com> <jhowardmsft@users.noreply.github.com>
-John Howard <github@lowenna.com> <john.howard@microsoft.com>
-John Howard <github@lowenna.com> <john@lowenna.com>
+John Howard (VM) <John.Howard@microsoft.com>
+John Howard (VM) <John.Howard@microsoft.com> <jhoward@microsoft.com>
+John Howard (VM) <John.Howard@microsoft.com> <jhoward@ntdev.microsoft.com>
+John Howard (VM) <John.Howard@microsoft.com> <jhowardmsft@users.noreply.github.com>
+John Howard (VM) <John.Howard@microsoft.com> <john.howard@microsoft.com>
 John Stephens <johnstep@docker.com> <johnstep@users.noreply.github.com>
-Jon Surrell <jon.surrell@gmail.com> <jon.surrell@automattic.com>
-Jonathan Choy <jonathan.j.choy@gmail.com>
-Jonathan Choy <jonathan.j.choy@gmail.com> <oni@tetsujinlabs.com>
 Jordan Arentsen <blissdev@gmail.com>
 Jordan Jennings <jjn2009@gmail.com> <jjn2009@users.noreply.github.com>
 Jorit Kleine-Möllhoff <joppich@bricknet.de> <joppich@users.noreply.github.com>
-Jose Diaz-Gonzalez <email@josediazgonzalez.com>
-Jose Diaz-Gonzalez <email@josediazgonzalez.com> <jose@seatgeek.com>
-Jose Diaz-Gonzalez <email@josediazgonzalez.com> <josegonzalez@users.noreply.github.com>
-Josh Bonczkowski <josh.bonczkowski@gmail.com>
+Jose Diaz-Gonzalez <jose@seatgeek.com> <josegonzalez@users.noreply.github.com>
 Josh Eveleth <joshe@opendns.com> <jeveleth@users.noreply.github.com>
 Josh Hawn <josh.hawn@docker.com> <jlhawn@berkeley.edu>
 Josh Horwitz <horwitz@addthis.com> <horwitzja@gmail.com>
@@ -347,14 +208,10 @@ Josh Wilson <josh.wilson@fivestars.com> <jcwilson@users.noreply.github.com>
 Joyce Jang <mail@joycejang.com>
 Julien Bordellier <julienbordellier@gmail.com> <git@julienbordellier.com>
 Julien Bordellier <julienbordellier@gmail.com> <me@julienbordellier.com>
-Jun Du <dujun5@huawei.com>
 Justin Cormack <justin.cormack@docker.com>
 Justin Cormack <justin.cormack@docker.com> <justin.cormack@unikernel.com>
 Justin Cormack <justin.cormack@docker.com> <justin@specialbusservice.com>
-Justin Keller <85903732+jk-vb@users.noreply.github.com>
-Justin Keller <85903732+jk-vb@users.noreply.github.com> <jkeller@vb-jkeller-mbp.local>
 Justin Simonelis <justin.p.simonelis@gmail.com> <justin.simonelis@PTS-JSIMON2.toronto.exclamation.com>
-Justin Terry <juterry@microsoft.com>
 Jérôme Petazzoni <jerome.petazzoni@docker.com> <jerome.petazzoni@dotcloud.com>
 Jérôme Petazzoni <jerome.petazzoni@docker.com> <jerome.petazzoni@gmail.com>
 Jérôme Petazzoni <jerome.petazzoni@docker.com> <jp@enix.org>
@@ -363,55 +220,36 @@ Kai Qiang Wu (Kennan) <wkq5325@gmail.com>
 Kai Qiang Wu (Kennan) <wkq5325@gmail.com> <wkqwu@cn.ibm.com>
 Kamil Domański <kamil@domanski.co>
 Kamjar Gerami <kami.gerami@gmail.com>
-Karthik Nayak <karthik.188@gmail.com>
-Karthik Nayak <karthik.188@gmail.com> <Karthik.188@gmail.com>
 Ken Cochrane <kencochrane@gmail.com> <KenCochrane@gmail.com>
 Ken Herner <kherner@progress.com> <chosenken@gmail.com>
-Ken Reese <krrgithub@gmail.com>
 Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
-Kevin Alvarez <crazy-max@users.noreply.github.com>
 Kevin Feyrer <kevin.feyrer@btinternet.com> <kevinfeyrer@users.noreply.github.com>
 Kevin Kern <kaiwentan@harmonycloud.cn>
-Kevin Meredith <kevin.m.meredith@gmail.com>
 Kir Kolyshkin <kolyshkin@gmail.com>
 Kir Kolyshkin <kolyshkin@gmail.com> <kir@openvz.org>
-Kir Kolyshkin <kolyshkin@gmail.com> <kolyshkin@users.noreply.github.com>
 Konrad Kleine <konrad.wilhelm.kleine@gmail.com> <kwk@users.noreply.github.com>
 Konstantin Gribov <grossws@gmail.com>
 Konstantin Pelykh <kpelykh@zettaset.com>
-Kotaro Yoshimatsu <kotaro.yoshimatsu@gmail.com>
-Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
-Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> <btkushuwahak@KUNAL-PC.swh.swh.nttdata.co.jp>
 Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> <kunal.kushwaha@gmail.com>
-Kyle Squizzato <ksquizz@gmail.com>
-Kyle Squizzato <ksquizz@gmail.com> <kyle.squizzato@docker.com>
 Lajos Papp <lajos.papp@sequenceiq.com> <lalyos@yahoo.com>
-Lei Gong <lgong@alauda.io>
 Lei Jitang <leijitang@huawei.com>
 Lei Jitang <leijitang@huawei.com> <leijitang@gmail.com>
-Lei Jitang <leijitang@huawei.com> <leijitang@outlook.com>
-Leiiwang <u2takey@gmail.com>
 Liang Mingqiang <mqliang.zju@gmail.com>
 Liang-Chi Hsieh <viirya@gmail.com>
 Liao Qingwei <liaoqingwei@huawei.com>
 Linus Heckemann <lheckemann@twig-world.com>
 Linus Heckemann <lheckemann@twig-world.com> <anonymouse2048@gmail.com>
 Lokesh Mandvekar <lsm5@fedoraproject.org> <lsm5@redhat.com>
-Lorenzo Fontana <fontanalorenz@gmail.com> <fontanalorenzo@me.com>
-Lorenzo Fontana <fontanalorenz@gmail.com> <lo@linux.com>
+Lorenzo Fontana <lo@linux.com> <fontanalorenzo@me.com>
 Louis Opter <kalessin@kalessin.fr>
 Louis Opter <kalessin@kalessin.fr> <louis@dotcloud.com>
-Luca Favatella <luca.favatella@erlang-solutions.com> <lucafavatella@users.noreply.github.com>
 Luke Marsden <me@lukemarsden.net> <luke@digital-crocus.com>
 Lyn <energylyn@zju.edu.cn>
 Lynda O'Leary <lyndaoleary29@gmail.com>
 Lynda O'Leary <lyndaoleary29@gmail.com> <lyndaoleary@hotmail.com>
 Ma Müller <mueller-ma@users.noreply.github.com>
-Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com>
-Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com> <madhanm@corp.microsoft.com>
 Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com> <madhanm@microsoft.com>
-Madhu Venugopal <mavenugo@gmail.com> <madhu@docker.com>
-Madhu Venugopal <mavenugo@gmail.com> <madhu@socketplane.io>
+Madhu Venugopal <madhu@socketplane.io> <madhu@docker.com>
 Mageee <fangpuyi@foxmail.com> <21521230.zju.edu.cn>
 Mansi Nahar <mmn4185@rit.edu> <mansi.nahar@macbookpro-mansinahar.local>
 Mansi Nahar <mmn4185@rit.edu> <mansinahar@users.noreply.github.com>
@@ -419,17 +257,13 @@ Marc Abramowitz <marc@marc-abramowitz.com> <msabramo@gmail.com>
 Marcelo Horacio Fortino <info@fortinux.com> <fortinux@users.noreply.github.com>
 Marcus Linke <marcus.linke@gmx.de>
 Marianna Tessel <mtesselh@gmail.com>
-Mark Oates <fl0yd@me.com>
 Markan Patel <mpatel678@gmail.com>
 Markus Kortlang <hyp3rdino@googlemail.com> <markus.kortlang@lhsystems.com>
 Martin Redmond <redmond.martin@gmail.com> <martin@tinychat.com>
 Martin Redmond <redmond.martin@gmail.com> <xgithub@redmond5.com>
-Maru Newby <mnewby@thesprawl.net>
 Mary Anthony <mary.anthony@docker.com> <mary@docker.com>
 Mary Anthony <mary.anthony@docker.com> <moxieandmore@gmail.com>
 Mary Anthony <mary.anthony@docker.com> moxiegirl <mary@docker.com>
-Masato Ohba <over.rye@gmail.com>
-Mathieu Paturel <mathieu.paturel@gmail.com>
 Matt Bentley <matt.bentley@docker.com> <mbentley@mbentley.net>
 Matt Schurenko <matt.schurenko@gmail.com>
 Matt Williams <mattyw@me.com>
@@ -439,63 +273,35 @@ Matthew Mosesohn <raytrac3r@gmail.com>
 Matthew Mueller <mattmuelle@gmail.com>
 Matthias Kühnle <git.nivoc@neverbox.com> <kuehnle@online.de>
 Mauricio Garavaglia <mauricio@medallia.com> <mauriciogaravaglia@gmail.com>
-Maxwell <csuhp007@gmail.com>
-Maxwell <csuhp007@gmail.com> <csuhqg@foxmail.com>
-Menghui Chen <menghui.chen@alibaba-inc.com>
-Michael Beskin <mrbeskin@gmail.com>
-Michael Crosby <crosbymichael@gmail.com>
-Michael Crosby <crosbymichael@gmail.com> <crosby.michael@gmail.com>
-Michael Crosby <crosbymichael@gmail.com> <michael@crosbymichael.com>
-Michael Crosby <crosbymichael@gmail.com> <michael@docker.com>
-Michael Crosby <crosbymichael@gmail.com> <michael@thepasture.io>
+Michael Crosby <michael@docker.com> <crosby.michael@gmail.com>
+Michael Crosby <michael@docker.com> <crosbymichael@gmail.com>
+Michael Crosby <michael@docker.com> <michael@crosbymichael.com>
 Michael Hudson-Doyle <michael.hudson@canonical.com> <michael.hudson@linaro.org>
 Michael Huettermann <michael@huettermann.net>
 Michael Käufl <docker@c.michael-kaeufl.de> <michael-k@users.noreply.github.com>
-Michael Nussbaum <michael.nussbaum@getbraintree.com>
-Michael Nussbaum <michael.nussbaum@getbraintree.com> <code@getbraintree.com>
 Michael Spetsiotis <michael_spets@hotmail.com>
-Michael Stapelberg <michael+gh@stapelberg.de>
-Michael Stapelberg <michael+gh@stapelberg.de> <stapelberg@google.com>
-Michal Kostrzewa <michal.kostrzewa@codilime.com>
-Michal Kostrzewa <michal.kostrzewa@codilime.com> <kostrzewa.michal@o2.pl>
 Michal Minář <miminar@redhat.com>
-Michał Gryko <github@odkurzacz.org>
-Michiel de Jong <michiel@unhosted.org>
-Mickaël Fortunato <morsi.morsicus@gmail.com>
-Miguel Angel Alvarez Cabrerizo <doncicuto@gmail.com> <30386061+doncicuto@users.noreply.github.com>
 Miguel Angel Fernández <elmendalerenda@gmail.com>
 Mihai Borobocea <MihaiBorob@gmail.com> <MihaiBorobocea@gmail.com>
-Mikael Davranche <mikael.davranche@corp.ovh.com>
-Mikael Davranche <mikael.davranche@corp.ovh.com> <mikael.davranche@corp.ovh.net>
 Mike Casas <mkcsas0@gmail.com> <mikecasas@users.noreply.github.com>
 Mike Goelzer <mike.goelzer@docker.com> <mgoelzer@docker.com>
 Milind Chawre <milindchawre@gmail.com>
 Misty Stanley-Jones <misty@docker.com> <misty@apache.org>
-Mohammad Banikazemi <MBanikazemi@gmail.com>
-Mohammad Banikazemi <MBanikazemi@gmail.com> <mb@us.ibm.com>
 Mohit Soni <mosoni@ebay.com> <mohitsoni1989@gmail.com>
 Moorthy RS <rsmoorthy@gmail.com> <rsmoorthy@users.noreply.github.com>
 Moysés Borges <moysesb@gmail.com>
 Moysés Borges <moysesb@gmail.com> <moyses.furtado@wplex.com.br>
-mrfly <mr.wrfly@gmail.com> <wrfly@users.noreply.github.com>
 Nace Oroz <orkica@gmail.com>
-Natasha Jarus <linuxmercedes@gmail.com>
 Nathan LeClaire <nathan.leclaire@docker.com> <nathan.leclaire@gmail.com>
 Nathan LeClaire <nathan.leclaire@docker.com> <nathanleclaire@gmail.com>
 Neil Horman <nhorman@tuxdriver.com> <nhorman@hmswarspite.think-freely.org>
 Nick Russo <nicholasjamesrusso@gmail.com> <nicholasrusso@icloud.com>
-Nicolas Borboën <ponsfrilus@gmail.com> <ponsfrilus@users.noreply.github.com>
 Nigel Poulton <nigelpoulton@hotmail.com>
 Nik Nyby <nikolas@gnu.org> <nnyby@columbia.edu>
 Nolan Darilek <nolan@thewordnerd.info>
 O.S. Tezer <ostezer@gmail.com>
 O.S. Tezer <ostezer@gmail.com> <ostezer@users.noreply.github.com>
 Oh Jinkyun <tintypemolly@gmail.com> <tintypemolly@Ohui-MacBook-Pro.local>
-Oliver Reason <oli@overrateddev.co>
-Olli Janatuinen <olli.janatuinen@gmail.com>
-Olli Janatuinen <olli.janatuinen@gmail.com> <olljanat@users.noreply.github.com>
-Onur Filiz <onur.filiz@microsoft.com>
-Onur Filiz <onur.filiz@microsoft.com> <ofiliz@users.noreply.github.com>
 Ouyang Liduo <oyld0210@163.com>
 Patrick Stapleton <github@gdi2290.com>
 Paul Liljenberg <liljenberg.paul@gmail.com> <letters@paulnotcom.se>
@@ -504,63 +310,34 @@ Pawel Konczalski <mail@konczalski.de>
 Peter Choi <phkchoi89@gmail.com> <reikani@Peters-MacBook-Pro.local>
 Peter Dave Hello <hsu@peterdavehello.org> <PeterDaveHello@users.noreply.github.com>
 Peter Jaffe <pjaffe@nevo.com>
-Peter Nagy <xificurC@gmail.com> <pnagy@gratex.com>
 Peter Waller <p@pwaller.net> <peter@scraperwiki.com>
-Phil Estes <estesp@gmail.com>
-Phil Estes <estesp@gmail.com> <estesp@amazon.com>
-Phil Estes <estesp@gmail.com> <estesp@linux.vnet.ibm.com>
+Phil Estes <estesp@linux.vnet.ibm.com> <estesp@gmail.com>
 Philip Alexander Etling <paetling@gmail.com>
 Philipp Gillé <philipp.gille@gmail.com> <philippgille@users.noreply.github.com>
-Prasanna Gautam <prasannagautam@gmail.com>
-Puneet Pruthi <puneet.pruthi@oracle.com>
-Puneet Pruthi <puneet.pruthi@oracle.com> <puneetpruthi@gmail.com>
 Qiang Huang <h.huangqiang@huawei.com>
 Qiang Huang <h.huangqiang@huawei.com> <qhuang@10.0.2.15>
-Qin TianHuan <tianhuan@bingotree.cn>
-Ray Tsang <rayt@google.com> <saturnism@users.noreply.github.com>
 Renaud Gaubert <rgaubert@nvidia.com> <renaud.gaubert@gmail.com>
-Richard Scothern <richard.scothern@gmail.com>
 Robert Terhaar <rterhaar@atlanticdynamic.com> <robbyt@users.noreply.github.com>
 Roberto G. Hashioka <roberto.hashioka@docker.com> <roberto_hashioka@hotmail.com>
 Roberto Muñoz Fernández <robertomf@gmail.com> <roberto.munoz.fernandez.contractor@bbva.com>
-Robin Thoni <robin@rthoni.com>
 Roman Dudin <katrmr@gmail.com> <decadent@users.noreply.github.com>
-Rong Zhang <rongzhang@alauda.io>
-Rongxiang Song <tinysong1226@gmail.com>
-Rony Weng <ronyweng@synology.com>
-Ross Boucher <rboucher@gmail.com>
-Rui Cao <ruicao@alauda.io>
 Runshen Zhu <runshen.zhu@gmail.com>
-Ryan Stelly <ryan.stelly@live.com>
-Ryoga Saito <contact@proelbtn.com>
-Ryoga Saito <contact@proelbtn.com> <proelbtn@users.noreply.github.com>
-Sainath Grandhi <sainath.grandhi@intel.com>
-Sainath Grandhi <sainath.grandhi@intel.com> <saiallforums@gmail.com>
-Sakeven Jiang <jc5930@sina.cn>
-Samuel Karp <me@samuelkarp.com> <skarp@amazon.com>
 Sandeep Bansal <sabansal@microsoft.com>
 Sandeep Bansal <sabansal@microsoft.com> <msabansal@microsoft.com>
-Santhosh Manohar <santhosh@docker.com>
 Sargun Dhillon <sargun@netflix.com> <sargun@sargun.me>
-Satoshi Tagomori <tagomoris@gmail.com>
 Sean Lee <seanlee@tw.ibm.com> <scaleoutsean@users.noreply.github.com>
-Sebastiaan van Stijn <github@gone.nl>
-Sebastiaan van Stijn <github@gone.nl> <moby@example.com>
 Sebastiaan van Stijn <github@gone.nl> <sebastiaan@ws-key-sebas3.dpi1.dpi>
 Sebastiaan van Stijn <github@gone.nl> <thaJeztah@users.noreply.github.com>
-Seongyeol Lim <seongyeol37@gmail.com>
 Shaun Kaasten <shaunk@gmail.com>
 Shawn Landden <shawn@churchofgit.com> <shawnlandden@gmail.com>
 Shengbo Song <thomassong@tencent.com>
 Shengbo Song <thomassong@tencent.com> <mymneo@163.com>
 Shih-Yuan Lee <fourdollars@gmail.com>
 Shishir Mahajan <shishir.mahajan@redhat.com> <smahajan@redhat.com>
-Shu-Wai Chow <shu-wai.chow@seattlechildrens.org>
 Shukui Yang <yangshukui@huawei.com>
-Sidhartha Mani <sidharthamn@gmail.com>
+Shuwei Hao <haosw@cn.ibm.com>
+Shuwei Hao <haosw@cn.ibm.com> <haoshuwei24@gmail.com>
 Sjoerd Langkemper <sjoerd-github@linuxonly.nl> <sjoerd@byte.nl>
-Smark Meng <smark@freecoop.net>
-Smark Meng <smark@freecoop.net> <smarkm@users.noreply.github.com>
 Solomon Hykes <solomon@docker.com> <s@docker.com>
 Solomon Hykes <solomon@docker.com> <solomon.hykes@dotcloud.com>
 Solomon Hykes <solomon@docker.com> <solomon@dotcloud.com>
@@ -574,16 +351,10 @@ Stefan Berger <stefanb@linux.vnet.ibm.com>
 Stefan Berger <stefanb@linux.vnet.ibm.com> <stefanb@us.ibm.com>
 Stefan J. Wernli <swernli@microsoft.com> <swernli@ntdev.microsoft.com>
 Stefan S. <tronicum@user.github.com>
-Stefan Scherer <stefan.scherer@docker.com>
-Stefan Scherer <stefan.scherer@docker.com> <scherer_stefan@icloud.com>
-Stephan Spindler <shutefan@gmail.com> <shutefan@users.noreply.github.com>
-Stephen Day <stevvooe@gmail.com>
-Stephen Day <stevvooe@gmail.com> <stephen.day@docker.com>
-Stephen Day <stevvooe@gmail.com> <stevvooe@users.noreply.github.com>
+Stephen Day <stephen.day@docker.com>
+Stephen Day <stephen.day@docker.com> <stevvooe@users.noreply.github.com>
 Steve Desmond <steve@vtsv.ca> <stevedesmond-ca@users.noreply.github.com>
 Sun Gengze <690388648@qq.com>
-Sun Jianbo <wonderflow.sun@gmail.com>
-Sun Jianbo <wonderflow.sun@gmail.com> <wonderflow@zju.edu.cn>
 Sven Dowideit <SvenDowideit@home.org.au>
 Sven Dowideit <SvenDowideit@home.org.au> <sven@t440s.home.gateway>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@docker.com>
@@ -591,53 +362,31 @@ Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@fosiki.com>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@home.org.au>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@users.noreply.github.com>
 Sven Dowideit <SvenDowideit@home.org.au> <¨SvenDowideit@home.org.au¨>
-Sylvain Baubeau <lebauce@gmail.com>
-Sylvain Baubeau <lebauce@gmail.com> <sbaubeau@redhat.com>
 Sylvain Bellemare <sylvain@ascribe.io>
 Sylvain Bellemare <sylvain@ascribe.io> <sylvain.bellemare@ezeep.com>
-Takuto Sato <tockn.jp@gmail.com>
 Tangi Colin <tangicolin@gmail.com>
 Tejesh Mehta <tejesh.mehta@gmail.com> <tj@init.me>
-Terry Chu <zue.hterry@gmail.com>
-Terry Chu <zue.hterry@gmail.com> <jubosh.tw@gmail.com>
 Thatcher Peskens <thatcher@docker.com>
 Thatcher Peskens <thatcher@docker.com> <thatcher@dotcloud.com>
 Thatcher Peskens <thatcher@docker.com> <thatcher@gmx.net>
-Thiago Alves Silva <thiago.alves@aurea.com>
-Thiago Alves Silva <thiago.alves@aurea.com> <thiagoalves@users.noreply.github.com>
 Thomas Gazagnaire <thomas@gazagnaire.org> <thomas@gazagnaire.com>
-Thomas Ledos <thomas.ledos92@gmail.com>
 Thomas Léveil <thomasleveil@gmail.com>
 Thomas Léveil <thomasleveil@gmail.com> <thomasleveil@users.noreply.github.com>
 Tibor Vass <teabee89@gmail.com> <tibor@docker.com>
 Tibor Vass <teabee89@gmail.com> <tiborvass@users.noreply.github.com>
-Till Claassen <pixelistik@users.noreply.github.com>
 Tim Bart <tim@fewagainstmany.com>
 Tim Bosse <taim@bosboot.org> <maztaim@users.noreply.github.com>
-Tim Potter <tpot@hpe.com>
-Tim Potter <tpot@hpe.com> <tpot@Tims-MacBook-Pro.local>
 Tim Ruffles <oi@truffles.me.uk> <timruffles@googlemail.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
-Tim Wagner <tim.wagner@freenet.ag>
-Tim Wagner <tim.wagner@freenet.ag> <33624860+herrwagner@users.noreply.github.com>
 Tim Zju <21651152@zju.edu.cn>
 Timothy Hobbs <timothyhobbs@seznam.cz>
 Toli Kuznets <toli@docker.com>
 Tom Barlow <tomwbarlow@gmail.com>
-Tom Denham <tom@tomdee.co.uk>
-Tom Denham <tom@tomdee.co.uk> <tom.denham@metaswitch.com>
 Tom Sweeney <tsweeney@redhat.com>
-Tom Wilkie <tom.wilkie@gmail.com>
-Tom Wilkie <tom.wilkie@gmail.com> <tom@weave.works>
 Tõnis Tiigi <tonistiigi@gmail.com>
-Trace Andreason <tandreason@gmail.com>
-Trapier Marshall <tmarshall@mirantis.com>
-Trapier Marshall <tmarshall@mirantis.com> <trapier.marshall@docker.com>
 Trishna Guha <trishnaguha17@gmail.com>
 Tristan Carel <tristan@cogniteev.com>
 Tristan Carel <tristan@cogniteev.com> <tristan.carel@gmail.com>
-Tyler Brown <tylers.pile@gmail.com>
-Umesh Yadav <umesh4257@gmail.com>
 Umesh Yadav <umesh4257@gmail.com> <dungeonmaster18@users.noreply.github.com>
 Victor Lyuboslavsky <victor@victoreda.com>
 Victor Vieux <victor.vieux@docker.com> <dev@vvieux.com>
@@ -646,54 +395,28 @@ Victor Vieux <victor.vieux@docker.com> <victor@docker.com>
 Victor Vieux <victor.vieux@docker.com> <victor@dotcloud.com>
 Victor Vieux <victor.vieux@docker.com> <victorvieux@gmail.com>
 Victor Vieux <victor.vieux@docker.com> <vieux@docker.com>
-Vikas Choudhary <choudharyvikas16@gmail.com>
-Vikram bir Singh <vsingh@mirantis.com>
-Vikram bir Singh <vsingh@mirantis.com> <vikrambir.singh@docker.com>
 Viktor Vojnovski <viktor.vojnovski@amadeus.com> <vojnovski@gmail.com>
 Vincent Batts <vbatts@redhat.com> <vbatts@hashbangbash.com>
-Vincent Bernat <vincent@bernat.ch>
-Vincent Bernat <vincent@bernat.ch> <bernat@luffy.cx>
-Vincent Bernat <vincent@bernat.ch> <Vincent.Bernat@exoscale.ch>
-Vincent Bernat <vincent@bernat.ch> <vincent@bernat.im>
-Vincent Boulineau <vincent.boulineau@datadoghq.com>
+Vincent Bernat <Vincent.Bernat@exoscale.ch> <bernat@luffy.cx>
+Vincent Bernat <Vincent.Bernat@exoscale.ch> <vincent@bernat.im>
 Vincent Demeester <vincent.demeester@docker.com> <vincent+github@demeester.fr>
 Vincent Demeester <vincent.demeester@docker.com> <vincent@demeester.fr>
 Vincent Demeester <vincent.demeester@docker.com> <vincent@sbr.pm>
 Vishnu Kannan <vishnuk@google.com>
-Vitaly Ostrosablin <vostrosablin@virtuozzo.com>
-Vitaly Ostrosablin <vostrosablin@virtuozzo.com> <tmp6154@yandex.ru>
 Vladimir Rutsky <altsysrq@gmail.com> <iamironbob@gmail.com>
-Vladislav Kolesnikov <vkolesnikov@beget.ru>
-Vladislav Kolesnikov <vkolesnikov@beget.ru> <prime@vladqa.ru>
 Walter Stanish <walter@pratyeka.org>
-Wang Chao <chao.wang@ucloud.cn>
-Wang Chao <chao.wang@ucloud.cn> <wcwxyz@gmail.com>
 Wang Guoliang <liangcszzu@163.com>
 Wang Jie <wangjie5@chinaskycloud.com>
 Wang Ping <present.wp@icloud.com>
-Wang Xing <hzwangxing@corp.netease.com> <root@localhost>
 Wang Yuexiao <wang.yuexiao@zte.com.cn>
 Wayne Chang <wayne@neverfear.org>
 Wayne Song <wsong@docker.com> <wsong@users.noreply.github.com>
 Wei Wu <wuwei4455@gmail.com> cizixs <cizixs@163.com>
-Wei-Ting Kuo <waitingkuo0527@gmail.com>
-Wen Cheng Ma <wenchma@cn.ibm.com>
 Wenjun Tang <tangwj2@lenovo.com> <dodia@163.com>
 Wewang Xiaorenfine <wang.xiaoren@zte.com.cn>
 Will Weaver <monkey@buildingbananas.com>
-Wing-Kam Wong <wingkwong.code@gmail.com>
-WuLonghui <wlh6666@qq.com>
-Xian Chaobo <xianchaobo@huawei.com>
-Xian Chaobo <xianchaobo@huawei.com> <jimmyxian2004@yahoo.com.cn>
 Xianglin Gao <xlgao@zju.edu.cn>
-Xianjie <guxianjie@gmail.com>
-Xianjie <guxianjie@gmail.com> <datastream@datastream-laptop.local>
 Xianlu Bird <xianlubird@gmail.com>
-Xiao YongBiao <xyb4638@gmail.com>
-Xiao Zhang <xiaozhang0210@hotmail.com>
-Xiaodong Liu <liuxiaodong@loongson.cn>
-Xiaodong Zhang <a4012017@sina.com>
-Xiaohua Ding <xiao_hua_ding@sina.cn>
 Xiaoyu Zhang <zhang.xiaoyu33@zte.com.cn>
 Xuecong Liao <satorulogic@gmail.com>
 Yamasaki Masahide <masahide.y@gmail.com>
@@ -705,29 +428,14 @@ Yi EungJun <eungjun.yi@navercorp.com> <semtlenori@gmail.com>
 Ying Li <ying.li@docker.com>
 Ying Li <ying.li@docker.com> <cyli@twistedmatrix.com>
 Yong Tang <yong.tang.github@outlook.com> <yongtang@users.noreply.github.com>
-Yongxin Li <yxli@alauda.io>
 Yosef Fertel <yfertel@gmail.com> <frosforever@users.noreply.github.com>
 Yu Changchun <yuchangchun1@huawei.com>
 Yu Chengxia <yuchengxia@huawei.com>
 Yu Peng <yu.peng36@zte.com.cn>
 Yu Peng <yu.peng36@zte.com.cn> <yupeng36@zte.com.cn>
-Yuan Sun <sunyuan3@huawei.com>
-Yue Zhang <zy675793960@yeah.net>
-Yufei Xiong <yufei.xiong@qq.com>
-Zach Gershman <zachgersh@gmail.com>
-Zach Gershman <zachgersh@gmail.com> <zachgersh@users.noreply.github.com>
 Zachary Jaffee <zjaffee@us.ibm.com> <zij@case.edu>
 Zachary Jaffee <zjaffee@us.ibm.com> <zjaffee@apache.org>
-Zhang Kun <zkazure@gmail.com>
-Zhang Wentao <zhangwentao234@huawei.com>
 ZhangHang <stevezhang2014@gmail.com>
 Zhenkun Bi <bi.zhenkun@zte.com.cn>
-Zhou Hao <zhouhao@cn.fujitsu.com>
-Zhoulin Xie <zhoulin.xie@daocloud.io>
 Zhu Kunjia <zhu.kunjia@zte.com.cn>
-Ziheng Liu <lzhfromustc@gmail.com>
 Zou Yu <zouyu7@huawei.com>
-Zuhayr Elahi <zuhayr.elahi@docker.com>
-Zuhayr Elahi <zuhayr.elahi@docker.com> <elahi.zuhayr@gmail.com>
-정재영 <jjy600901@gmail.com>
-정재영 <jjy600901@gmail.com> <43400316+J-jaeyoung@users.noreply.github.com>

CONTRIBUTING.md

@@ -8,7 +8,7 @@ process](docs/contributing/).
 
 This page contains information about reporting issues as well as some tips and
 guidelines useful to experienced open source contributors. Finally, make sure
-you read our [community guidelines](#moby-community-guidelines) before you
+you read our [community guidelines](#docker-community-guidelines) before you
 start participating.
 
 ## Topics
@@ -17,7 +17,7 @@ start participating.
 * [Design and Cleanup Proposals](#design-and-cleanup-proposals)
 * [Reporting Issues](#reporting-other-issues)
 * [Quick Contribution Tips and Guidelines](#quick-contribution-tips-and-guidelines)
-* [Community Guidelines](#moby-community-guidelines)
+* [Community Guidelines](#docker-community-guidelines)
 
 ## Reporting security issues
 
@@ -27,10 +27,10 @@ issue, please bring it to their attention right away!
 Please **DO NOT** file a public issue, instead send your report privately to
 [security@docker.com](mailto:security@docker.com).
 
-Security reports are greatly appreciated and we will publicly thank you for it,
-although we keep your name confidential if you request it. We also like to send
-gifts—if you're into schwag, make sure to let us know. We currently do not
-offer a paid security bounty program, but are not ruling it out in the future.
+Security reports are greatly appreciated and we will publicly thank you for it.
+We also like to send gifts—if you're into schwag, make sure to let
+us know. We currently do not offer a paid security bounty program, but are not
+ruling it out in the future.
 
 
 ## Reporting other issues
@@ -101,8 +101,9 @@ the contributors guide.
     <td>
       <p>
         Register for the Docker Community Slack at
-	<a href="https://dockr.ly/slack" target="_blank">https://dockr.ly/slack</a>.
-        We use the #moby-project channel for general discussion, and there are separate channels for other Moby projects such as #containerd.
+	<a href="https://community.docker.com/registrations/groups/4316" target="_blank">https://community.docker.com/registrations/groups/4316</a>.
+        We use the #moby-project channel for general discussion, and there are seperate channels for other Moby projects such as #containerd.
+	Archives are available at <a href="https://dockercommunity.slackarchive.io/" target="_blank">https://dockercommunity.slackarchive.io/</a>.
       </p>
     </td>
   </tr>

Dockerfile

@@ -1,648 +1,198 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_VERSION=1.23.9
-ARG BASE_DEBIAN_DISTRO="bookworm"
-ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
-ARG XX_VERSION=1.6.1
-
-ARG VPNKIT_VERSION=0.5.0
-ARG DOCKERCLI_VERSION=v17.06.2-ce
-
-ARG SYSTEMD="false"
-ARG DOCKER_STATIC=1
-
-# cross compilation helper
-FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
-
-# dummy stage to make sure the image is built for deps that don't support some
-# architectures
-FROM --platform=$BUILDPLATFORM busybox AS build-dummy
-RUN mkdir -p /build
-FROM scratch AS binary-dummy
-COPY --from=build-dummy /build /build
-
-# base
-FROM --platform=$BUILDPLATFORM ${GOLANG_IMAGE} AS base
-COPY --from=xx / /
-RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
-ARG APT_MIRROR
-RUN test -n "$APT_MIRROR" && sed -ri "s#(httpredir|deb|security).debian.org#${APT_MIRROR}#g" /etc/apt/sources.list.d/debian.sources || true
-RUN apt-get update && apt-get install --no-install-recommends -y file
-ENV GO111MODULE=off
-ENV GOTOOLCHAIN=local
-
-FROM base AS criu
-ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc
-RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \
-        echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/ /' > /etc/apt/sources.list.d/criu.list \
-        && apt-get update \
-        && apt-get install -y --no-install-recommends criu \
-        && install -D /usr/sbin/criu /build/criu
-
-# registry
-FROM base AS registry-src
-WORKDIR /usr/src/registry
-RUN git init . && git remote add origin "https://github.com/distribution/distribution.git"
-
-FROM base AS registry
-WORKDIR /go/src/github.com/docker/distribution
-# REGISTRY_VERSION specifies the version of the registry to build and install
-# from the https://github.com/docker/distribution repository. This version of
-# the registry is used to test both schema 1 and schema 2 manifests. Generally,
-# the version specified here should match a current release.
-ARG REGISTRY_VERSION=v2.3.0
-# REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and
-# install from the https://github.com/docker/distribution repository. This is
-# an older (pre v2.3.0) version of the registry that only supports schema1
-# manifests. This version of the registry is not working on arm64, so installation
-# is skipped on that architecture.
-ARG REGISTRY_VERSION_SCHEMA1=v2.1.0
-ARG TARGETPLATFORM
-RUN --mount=from=registry-src,src=/usr/src/registry,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=registry-build-$TARGETPLATFORM \
-    --mount=type=cache,target=/go/pkg/mod \
-    --mount=type=tmpfs,target=/go/src <<EOT
-  set -ex
-  git fetch -q --depth 1 origin "${REGISTRY_VERSION}" +refs/tags/*:refs/tags/*
-  git checkout -q FETCH_HEAD
-  export GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"
-  CGO_ENABLED=0 xx-go build -o /build/registry-v2 -v ./cmd/registry
-  xx-verify /build/registry-v2
-  case $TARGETPLATFORM in
-    linux/amd64|linux/arm/v7|linux/ppc64le|linux/s390x)
-      git fetch -q --depth 1 origin "${REGISTRY_VERSION_SCHEMA1}" +refs/tags/*:refs/tags/*
-      git checkout -q FETCH_HEAD
-      CGO_ENABLED=0 xx-go build -o /build/registry-v2-schema1 -v ./cmd/registry
-      xx-verify /build/registry-v2-schema1
-      ;;
-  esac
-EOT
-
-# go-swagger
-FROM base AS swagger-src
-WORKDIR /usr/src/swagger
-# Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix
-# TODO: move to under moby/ or fix upstream go-swagger to work for us.
-RUN git init . && git remote add origin "https://github.com/kolyshkin/go-swagger.git"
-# GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and
-# install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen
-ARG GO_SWAGGER_COMMIT=c56166c036004ba7a3a321e5951ba472b9ae298c
-RUN git fetch -q --depth 1 origin "${GO_SWAGGER_COMMIT}" && git checkout -q FETCH_HEAD
-
-FROM base AS swagger
-WORKDIR /go/src/github.com/go-swagger/go-swagger
-ARG TARGETPLATFORM
-RUN --mount=from=swagger-src,src=/usr/src/swagger,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=swagger-build-$TARGETPLATFORM \
-    --mount=type=cache,target=/go/pkg/mod \
-    --mount=type=tmpfs,target=/go/src/ <<EOT
-  set -e
-  xx-go build -o /build/swagger ./cmd/swagger
-  xx-verify /build/swagger
-EOT
-
-# frozen-images
-# See also frozenImages in "testutil/environment/protect.go" (which needs to
-# be updated when adding images to this list)
-FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images
-RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \
-       apt-get update && apt-get install -y --no-install-recommends \
-           ca-certificates \
-           curl \
-           jq
-# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
-COPY contrib/download-frozen-image-v2.sh /
-ARG TARGETARCH
-ARG TARGETVARIANT
-RUN /download-frozen-image-v2.sh /build \
-        busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
-        busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
-        debian:bookworm-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 \
-        hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
-        arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
-
-# delve
-FROM base AS delve-src
-WORKDIR /usr/src/delve
-RUN git init . && git remote add origin "https://github.com/go-delve/delve.git"
-# DELVE_VERSION specifies the version of the Delve debugger binary
-# from the https://github.com/go-delve/delve repository.
-# It can be used to run Docker with a possibility of
-# attaching debugger to it.
-ARG DELVE_VERSION=v1.20.1
-RUN git fetch -q --depth 1 origin "${DELVE_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
-
-FROM base AS delve-build
-WORKDIR /usr/src/delve
-ARG TARGETPLATFORM
-RUN --mount=from=delve-src,src=/usr/src/delve,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=delve-build-$TARGETPLATFORM \
-    --mount=type=cache,target=/go/pkg/mod <<EOT
-  set -e
-  GO111MODULE=on xx-go build -o /build/dlv ./cmd/dlv
-  xx-verify /build/dlv
-EOT
-
-# delve is currently only supported on linux/amd64 and linux/arm64;
-# https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6
-FROM binary-dummy AS delve-windows
-FROM binary-dummy AS delve-linux-arm
-FROM binary-dummy AS delve-linux-ppc64le
-FROM binary-dummy AS delve-linux-s390x
-FROM delve-build AS delve-linux-amd64
-FROM delve-build AS delve-linux-arm64
-FROM delve-linux-${TARGETARCH} AS delve-linux
-FROM delve-${TARGETOS} AS delve
-
-FROM base AS tomll
-# GOTOML_VERSION specifies the version of the tomll binary to build and install
-# from the https://github.com/pelletier/go-toml repository. This binary is used
-# in CI in the hack/validate/toml script.
+# This file describes the standard way to build Docker, using docker
 #
-# When updating this version, consider updating the github.com/pelletier/go-toml
-# dependency in vendor.mod accordingly.
-ARG GOTOML_VERSION=v1.8.1
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-        GOBIN=/build/ GO111MODULE=on go install "github.com/pelletier/go-toml/cmd/tomll@${GOTOML_VERSION}" \
-     && /build/tomll --help
-
-FROM base AS gowinres
-# GOWINRES_VERSION defines go-winres tool version
-ARG GOWINRES_VERSION=v0.3.0
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-        GOBIN=/build/ GO111MODULE=on go install "github.com/tc-hib/go-winres@${GOWINRES_VERSION}" \
-     && /build/go-winres --help
-
-# containerd
-FROM base AS containerd-src
-WORKDIR /usr/src/containerd
-RUN git init . && git remote add origin "https://github.com/containerd/containerd.git"
-# CONTAINERD_VERSION is used to build containerd binaries, and used for the
-# integration tests. The distributed docker .deb and .rpm packages depend on a
-# separate (containerd.io) package, which may be a different version as is
-# specified here. The containerd golang package is also pinned in vendor.mod.
-# When updating the binary version you may also need to update the vendor
-# version to pick up bug fixes or new APIs, however, usually the Go packages
-# are built from a commit from the master branch.
-ARG CONTAINERD_VERSION=v1.6.38
-RUN git fetch -q --depth 1 origin "${CONTAINERD_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
-
-FROM base AS containerd-build
-WORKDIR /go/src/github.com/containerd/containerd
-ARG TARGETPLATFORM
-RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \
-        apt-get update && xx-apt-get install -y --no-install-recommends \
-            gcc \
-            libbtrfs-dev \
-            libsecret-1-dev \
-            pkg-config
-ARG DOCKER_STATIC
-RUN --mount=from=containerd-src,src=/usr/src/containerd,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=containerd-build-$TARGETPLATFORM <<EOT
-  set -e
-  export CC=$(xx-info)-gcc
-  export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1")
-  xx-go --wrap
-  make $([ "$DOCKER_STATIC" = "1" ] && echo "STATIC=1") binaries
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd-shim-runc-v2
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/ctr
-  mkdir /build
-  mv bin/containerd bin/containerd-shim-runc-v2 bin/ctr /build
-EOT
-
-FROM containerd-build AS containerd-linux
-FROM binary-dummy AS containerd-windows
-FROM containerd-${TARGETOS} AS containerd
-
-FROM base AS golangci_lint
-ARG GOLANGCI_LINT_VERSION=v1.64.5
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-        GOBIN=/build/ GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}" \
-     && /build/golangci-lint --version
-
-FROM base AS gotestsum
-ARG GOTESTSUM_VERSION=v1.8.2
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-        GOBIN=/build/ GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \
-     && /build/gotestsum --version
-
-FROM base AS shfmt
-ARG SHFMT_VERSION=v3.6.0
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-        GOBIN=/build/ GO111MODULE=on go install "mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}" \
-     && /build/shfmt --version
-
-# dockercli
-FROM base AS dockercli-src
-WORKDIR /tmp/dockercli
-RUN git init . && git remote add origin "https://github.com/docker/cli.git"
-ARG DOCKERCLI_VERSION
-RUN git fetch -q --depth 1 origin "${DOCKERCLI_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
-RUN [ -d ./components/cli ] && mv ./components/cli /usr/src/dockercli || mv /tmp/dockercli /usr/src/dockercli
-WORKDIR /usr/src/dockercli
-
-FROM base AS dockercli
-WORKDIR /go/src/github.com/docker/cli
-ARG DOCKERCLI_VERSION
-ARG DOCKERCLI_CHANNEL=stable
-ARG TARGETPLATFORM
-RUN xx-apt-get install -y --no-install-recommends gcc libc6-dev
-RUN --mount=from=dockercli-src,src=/usr/src/dockercli,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM <<EOT
-  set -e
-  DOWNLOAD_URL="https://download.docker.com/linux/static/${DOCKERCLI_CHANNEL}/$(xx-info march)/docker-${DOCKERCLI_VERSION#v}.tgz"
-  if curl --head --silent --fail "${DOWNLOAD_URL}" 1>/dev/null 2>&1; then
-    mkdir /build
-    curl -Ls "${DOWNLOAD_URL}" | tar -xz docker/docker
-    mv docker/docker /build/docker
-  else
-    CGO_ENABLED=0 xx-go build -o /build/docker ./cmd/docker
-  fi
-  xx-verify /build/docker
-EOT
-
-# runc
-FROM base AS runc-src
-WORKDIR /usr/src/runc
-RUN git init . && git remote add origin "https://github.com/opencontainers/runc.git"
-# RUNC_VERSION should match the version that is used by the containerd version
-# that is used. If you need to update runc, open a pull request in the containerd
-# project first, and update both after that is merged. When updating RUNC_VERSION,
-# consider updating runc in vendor.mod accordingly.
-ARG RUNC_VERSION=v1.1.12
-RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
-
-FROM base AS runc-build
-WORKDIR /go/src/github.com/opencontainers/runc
-ARG TARGETPLATFORM
-RUN --mount=type=cache,sharing=locked,id=moby-runc-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-runc-aptcache,target=/var/cache/apt \
-        apt-get update && xx-apt-get install -y --no-install-recommends \
-            dpkg-dev \
-            gcc \
-            libc6-dev \
-            libseccomp-dev \
-            pkg-config
-ARG DOCKER_STATIC
-RUN --mount=from=runc-src,src=/usr/src/runc,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=runc-build-$TARGETPLATFORM <<EOT
-  set -e
-  xx-go --wrap
-  CGO_ENABLED=1 make "$([ "$DOCKER_STATIC" = "1" ] && echo "static" || echo "runc")"
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") runc
-  mkdir /build
-  mv runc /build/
-EOT
-
-FROM runc-build AS runc-linux
-FROM binary-dummy AS runc-windows
-FROM runc-${TARGETOS} AS runc
-
-# tini
-FROM base AS tini-src
-WORKDIR /usr/src/tini
-RUN git init . && git remote add origin "https://github.com/krallin/tini.git"
-# TINI_VERSION specifies the version of tini (docker-init) to build. This
-# binary is used when starting containers with the `--init` option.
-ARG TINI_VERSION=v0.19.0
-RUN git fetch -q --depth 1 origin "${TINI_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
-
-FROM base AS tini-build
-WORKDIR /go/src/github.com/krallin/tini
-RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
-        apt-get update && apt-get install -y --no-install-recommends cmake
-ARG TARGETPLATFORM
-RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
-        xx-apt-get install -y --no-install-recommends \
-            gcc \
-            libc6-dev \
-            pkg-config
-RUN --mount=from=tini-src,src=/usr/src/tini,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=tini-build-$TARGETPLATFORM <<EOT
-  set -e
-  CC=$(xx-info)-gcc cmake .
-  make tini-static
-  xx-verify --static tini-static
-  mkdir /build
-  mv tini-static /build/docker-init
-EOT
-
-FROM tini-build AS tini-linux
-FROM binary-dummy AS tini-windows
-FROM tini-${TARGETOS} AS tini
-
-# rootlesskit
-FROM base AS rootlesskit-src
-WORKDIR /usr/src/rootlesskit
-RUN git init . && git remote add origin "https://github.com/rootless-containers/rootlesskit.git"
-# When updating, also update rootlesskit commit in vendor.mod accordingly.
-ARG ROOTLESSKIT_VERSION=v1.1.0
-RUN git fetch -q --depth 1 origin "${ROOTLESSKIT_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
-
-FROM base AS rootlesskit-build
-WORKDIR /go/src/github.com/rootless-containers/rootlesskit
-ARG TARGETPLATFORM
-RUN --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptcache,target=/var/cache/apt \
-        apt-get update && xx-apt-get install -y --no-install-recommends \
-            gcc \
-            libc6-dev \
-            pkg-config
-ENV GO111MODULE=on
-ARG DOCKER_STATIC
-RUN --mount=from=rootlesskit-src,src=/usr/src/rootlesskit,rw \
-    --mount=type=cache,target=/go/pkg/mod \
-    --mount=type=cache,target=/root/.cache/go-build,id=rootlesskit-build-$TARGETPLATFORM <<EOT
-  set -e
-  export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1")
-  xx-go build -o /build/rootlesskit -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit
-  xx-go build -o /build/rootlesskit-docker-proxy -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit-docker-proxy
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit-docker-proxy
-EOT
-COPY ./contrib/dockerd-rootless.sh /build/
-COPY ./contrib/dockerd-rootless-setuptool.sh /build/
-
-FROM rootlesskit-build AS rootlesskit-linux
-FROM binary-dummy AS rootlesskit-windows
-FROM rootlesskit-${TARGETOS} AS rootlesskit
-
-FROM base AS crun
-ARG CRUN_VERSION=1.4.5
-RUN --mount=type=cache,sharing=locked,id=moby-crun-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-crun-aptcache,target=/var/cache/apt \
-        apt-get update && apt-get install -y --no-install-recommends \
-            autoconf \
-            automake \
-            build-essential \
-            libcap-dev \
-            libprotobuf-c-dev \
-            libseccomp-dev \
-            libsystemd-dev \
-            libtool \
-            libudev-dev \
-            libyajl-dev \
-            python3 \
-            ;
-RUN --mount=type=tmpfs,target=/tmp/crun-build \
-    git clone https://github.com/containers/crun.git /tmp/crun-build && \
-    cd /tmp/crun-build && \
-    git checkout -q "${CRUN_VERSION}" && \
-    ./autogen.sh && \
-    ./configure --bindir=/build && \
-    make -j install
-
-# vpnkit
-# use dummy scratch stage to avoid build to fail for unsupported platforms
-FROM scratch AS vpnkit-windows
-FROM scratch AS vpnkit-linux-386
-FROM scratch AS vpnkit-linux-arm
-FROM scratch AS vpnkit-linux-ppc64le
-FROM scratch AS vpnkit-linux-riscv64
-FROM scratch AS vpnkit-linux-s390x
-FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-amd64
-FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-arm64
-FROM vpnkit-linux-${TARGETARCH} AS vpnkit-linux
-FROM vpnkit-${TARGETOS} AS vpnkit
-
-# containerutility
-FROM base AS containerutil-src
-WORKDIR /usr/src/containerutil
-RUN git init . && git remote add origin "https://github.com/docker-archive/windows-container-utility.git"
-ARG CONTAINERUTILITY_VERSION=aa1ba87e99b68e0113bd27ec26c60b88f9d4ccd9
-RUN git fetch -q --depth 1 origin "${CONTAINERUTILITY_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
-
-FROM base AS containerutil-build
-WORKDIR /usr/src/containerutil
-ARG TARGETPLATFORM
-RUN xx-apt-get install -y --no-install-recommends \
-        gcc \
-        g++ \
-        libc6-dev \
-        pkg-config
-RUN --mount=from=containerutil-src,src=/usr/src/containerutil,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=containerutil-build-$TARGETPLATFORM <<EOT
-  set -e
-  CC="$(xx-info)-gcc" CXX="$(xx-info)-g++" make
-  xx-verify --static containerutility.exe
-  mkdir /build
-  mv containerutility.exe /build/
-EOT
-
-FROM binary-dummy AS containerutil-linux
-FROM containerutil-build AS containerutil-windows-amd64
-FROM containerutil-windows-${TARGETARCH} AS containerutil-windows
-FROM containerutil-${TARGETOS} AS containerutil
-
-FROM base AS dev-systemd-false
-COPY --from=dockercli     /build/ /usr/local/cli
-COPY --from=frozen-images /build/ /docker-frozen-images
-COPY --from=swagger       /build/ /usr/local/bin/
-COPY --from=delve         /build/ /usr/local/bin/
-COPY --from=tomll         /build/ /usr/local/bin/
-COPY --from=gowinres      /build/ /usr/local/bin/
-COPY --from=tini          /build/ /usr/local/bin/
-COPY --from=registry      /build/ /usr/local/bin/
-
-# Skip the CRIU stage for now, as the opensuse package repository is sometimes
-# unstable, and we're currently not using it in CI.
+# Usage:
+#
+# # Assemble the full dev environment. This is slow the first time.
+# docker build -t docker .
+#
+# # Mount your source in an interactive container for quick testing:
+# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
+#
+# # Run the test suite:
+# docker run -e DOCKER_GITCOMMIT=foo --privileged docker hack/make.sh test-unit test-integration test-docker-py
+#
+# # Publish a release:
+# docker run --privileged \
+#  -e AWS_S3_BUCKET=baz \
+#  -e AWS_ACCESS_KEY=foo \
+#  -e AWS_SECRET_KEY=bar \
+#  -e GPG_PASSPHRASE=gloubiboulga \
+#  docker hack/release.sh
+#
+# Note: AppArmor used to mess with privileged mode, but this is no longer
+# the case. Therefore, you don't have to disable it anymore.
 #
-# FIXME(thaJeztah): re-enable this stage when https://github.com/moby/moby/issues/38963 is resolved (see https://github.com/moby/moby/pull/38984)
-# COPY --from=criu          /build/ /usr/local/bin/
-COPY --from=gotestsum     /build/ /usr/local/bin/
-COPY --from=golangci_lint /build/ /usr/local/bin/
-COPY --from=shfmt         /build/ /usr/local/bin/
-COPY --from=runc          /build/ /usr/local/bin/
-COPY --from=containerd    /build/ /usr/local/bin/
-COPY --from=rootlesskit   /build/ /usr/local/bin/
-COPY --from=vpnkit        /       /usr/local/bin/
-COPY --from=containerutil /build/ /usr/local/bin/
-COPY --from=crun          /build/ /usr/local/bin/
-COPY hack/dockerfile/etc/docker/  /etc/docker/
-ENV PATH=/usr/local/cli:$PATH
-WORKDIR /go/src/github.com/docker/docker
-VOLUME /var/lib/docker
-VOLUME /home/unprivilegeduser/.local/share/docker
-# Wrap all commands in the "docker-in-docker" script to allow nested containers
-ENTRYPOINT ["hack/dind"]
 
-FROM dev-systemd-false AS dev-systemd-true
-RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
-        apt-get update && apt-get install -y --no-install-recommends \
-            dbus \
-            dbus-user-session \
-            systemd \
-            systemd-sysv
-ENTRYPOINT ["hack/dind-systemd"]
+FROM debian:stretch
 
-FROM dev-systemd-${SYSTEMD} AS dev-base
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+# Packaged dependencies
+RUN apt-get update && apt-get install -y \
+	apparmor \
+	apt-utils \
+	aufs-tools \
+	automake \
+	bash-completion \
+	binutils-mingw-w64 \
+	bsdmainutils \
+	btrfs-tools \
+	build-essential \
+	cmake \
+	createrepo \
+	curl \
+	dpkg-sig \
+	gcc-mingw-w64 \
+	git \
+	iptables \
+	jq \
+	less \
+	libapparmor-dev \
+	libcap-dev \
+	libdevmapper-dev \
+	libnet-dev \
+	libnl-3-dev \
+	libprotobuf-c0-dev \
+	libprotobuf-dev \
+	libseccomp-dev \
+	libsystemd-dev \
+	libtool \
+	libudev-dev \
+	mercurial \
+	net-tools \
+	pigz \
+	pkg-config \
+	protobuf-compiler \
+	protobuf-c-compiler \
+	python-backports.ssl-match-hostname \
+	python-dev \
+	python-mock \
+	python-pip \
+	python-requests \
+	python-setuptools \
+	python-websocket \
+	python-wheel \
+	tar \
+	thin-provisioning-tools \
+	vim \
+	vim-common \
+	xfsprogs \
+	zip \
+	--no-install-recommends \
+	&& pip install awscli==1.10.15
+
+# Install Go
+# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
+#            will need updating, to avoid errors. Ping #docker-maintainers on IRC
+#            with a heads-up.
+# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
+ENV GO_VERSION 1.9.3
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
+	| tar -xzC /usr/local
+
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+
+# Install CRIU for checkpoint/restore support
+ENV CRIU_VERSION 3.6
+RUN mkdir -p /usr/src/criu \
+	&& curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \
+	&& cd /usr/src/criu \
+	&& make \
+	&& make install-criu
+
+# Install two versions of the registry. The first is an older version that
+# only supports schema1 manifests. The second is a newer version that supports
+# both. This allows integration-cli tests to cover push/pull with both schema1
+# and schema2 manifests.
+ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
+ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
+	&& rm -rf "$GOPATH"
+
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.5.0
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
+	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
+	&& rm -rf "$GOPATH"
+
+# Get the "docker-py" source so we can run their integration tests
+ENV DOCKER_PY_COMMIT 1d6b5b203222ba5df7dedfcd1ee061a452f99c8a
+# To run integration tests docker-pycreds is required.
+RUN git clone https://github.com/docker/docker-py.git /docker-py \
+	&& cd /docker-py \
+	&& git checkout -q $DOCKER_PY_COMMIT \
+	&& pip install docker-pycreds==0.2.1 \
+	&& pip install -r test-requirements.txt
+
+# Install yamllint for validating swagger.yaml
+RUN pip install yamllint==1.5.0
+
+# Install go-swagger for validating swagger.yaml
+ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb
+RUN git clone https://github.com/go-swagger/go-swagger.git /go/src/github.com/go-swagger/go-swagger \
+	&& (cd /go/src/github.com/go-swagger/go-swagger && git checkout -q $GO_SWAGGER_COMMIT) \
+	&& go install -v github.com/go-swagger/go-swagger/cmd/swagger
+
+# Set user.email so crosbymichael's in-container merge commits go smoothly
+RUN git config --global user.email 'docker-dummy@example.com'
+
+# Add an unprivileged user to be used for tests which need it
 RUN groupadd -r docker
-RUN useradd --create-home --gid docker unprivilegeduser \
- && mkdir -p /home/unprivilegeduser/.local/share/docker \
- && chown -R unprivilegeduser /home/unprivilegeduser
+RUN useradd --create-home --gid docker unprivilegeduser
+
+VOLUME /var/lib/docker
+WORKDIR /go/src/github.com/docker/docker
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+
 # Let us use a .bashrc file
-RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc
+RUN ln -sfv $PWD/.bashrc ~/.bashrc
+# Add integration helps to bashrc
+RUN echo "source $PWD/hack/make/.integration-test-helpers" >> /etc/bash.bashrc
+
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
+# TODO: when issue #35963 fixed, we can upgrade the busybox to multi-arch
+RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
+	buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
+	busybox:latest@sha256:32f093055929dbc23dec4d03e09dfe971f5973a9ca5cf059cbfb644c206aa83f \
+	debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
+	hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
+# See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list)
+
+# Install tomlv, vndr, runc, containerd, tini, docker-proxy dockercli
+# Please edit hack/dockerfile/install-binaries.sh to update them.
+COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
+COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
+RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy dockercli gometalinter
+ENV PATH=/usr/local/cli:$PATH
+
 # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
 RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
 RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
-RUN ldconfig
-# Set dev environment as safe git directory to prevent "dubious ownership" errors
-# when bind-mounting the source into the dev-container. See https://github.com/moby/moby/pull/44930
-RUN git config --global --add safe.directory $GOPATH/src/github.com/docker/docker
-# This should only install packages that are specifically needed for the dev environment and nothing else
-# Do you really need to add another package here? Can it be done in a different build stage?
-RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
-        apt-get update && apt-get install -y --no-install-recommends \
-            apparmor \
-            bash-completion \
-            bzip2 \
-            inetutils-ping \
-            iproute2 \
-            iptables \
-            jq \
-            libcap2-bin \
-            libnet1 \
-            libnl-3-200 \
-            libprotobuf-c1 \
-            libyajl2 \
-            net-tools \
-            patch \
-            pigz \
-            sudo \
-            thin-provisioning-tools \
-            uidmap \
-            vim \
-            vim-common \
-            xfsprogs \
-            xz-utils \
-            zip \
-            zstd
-# Switch to use iptables instead of nftables (to match the CI hosts)
-# TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
-RUN update-alternatives --set iptables  /usr/sbin/iptables-legacy  || true \
- && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
- && update-alternatives --set arptables /usr/sbin/arptables-legacy || true
-RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
-        apt-get update && apt-get install --no-install-recommends -y \
-            gcc \
-            pkg-config \
-            dpkg-dev \
-            libapparmor-dev \
-            libdevmapper-dev \
-            libseccomp-dev \
-            libsecret-1-dev \
-            libsystemd-dev \
-            libudev-dev \
-            yamllint
 
-FROM base AS build
-COPY --from=gowinres /build/ /usr/local/bin/
-WORKDIR /go/src/github.com/docker/docker
-ENV GO111MODULE=off
-ENV CGO_ENABLED=1
-RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \
-        apt-get update && apt-get install --no-install-recommends -y \
-            clang \
-            lld \
-            llvm
-ARG TARGETPLATFORM
-RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \
-        xx-apt-get install --no-install-recommends -y \
-            dpkg-dev \
-            gcc \
-            libapparmor-dev \
-            libc6-dev \
-            libdevmapper-dev \
-            libseccomp-dev \
-            libsecret-1-dev \
-            libsystemd-dev \
-            libudev-dev \
-            pkg-config
-ARG DOCKER_BUILDTAGS
-ARG DOCKER_DEBUG
-ARG DOCKER_GITCOMMIT=HEAD
-ARG DOCKER_LDFLAGS
-ARG DOCKER_STATIC
-ARG VERSION
-ARG PLATFORM
-ARG PRODUCT
-ARG DEFAULT_PRODUCT_LICENSE
-ARG PACKAGER_NAME
-# PREFIX overrides DEST dir in make.sh script otherwise it fails because of
-# read only mount in current work dir
-ENV PREFIX=/tmp
-RUN <<EOT
-  # in bullseye arm64 target does not link with lld so configure it to use ld instead
-  if [ "$(xx-info arch)" = "arm64" ]; then
-    XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple
-  fi
-EOT
-RUN --mount=type=bind,target=. \
-    --mount=type=tmpfs,target=cli/winresources/dockerd \
-    --mount=type=tmpfs,target=cli/winresources/docker-proxy \
-    --mount=type=cache,target=/root/.cache/go-build,id=moby-build-$TARGETPLATFORM <<EOT
-  set -e
-  target=$([ "$DOCKER_STATIC" = "1" ] && echo "binary" || echo "dynbinary")
-  xx-go --wrap
-  PKG_CONFIG=$(xx-go env PKG_CONFIG) ./hack/make.sh $target
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/dockerd$([ "$(xx-info os)" = "windows" ] && echo ".exe")
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/docker-proxy$([ "$(xx-info os)" = "windows" ] && echo ".exe")
-  mkdir /build
-  mv /tmp/bundles/${target}-daemon/* /build/
-EOT
+# Wrap all commands in the "docker-in-docker" script to allow nested containers
+ENTRYPOINT ["hack/dind"]
 
-# usage:
-# > docker buildx bake binary
-# > DOCKER_STATIC=0 docker buildx bake binary
-# or
-# > make binary
-# > make dynbinary
-FROM scratch AS binary
-COPY --from=build /build/ /
+# Options for hack/validate/gometalinter
+ENV GOMETALINTER_OPTS="--deadline=2m"
 
-# usage:
-# > docker buildx bake all
-FROM scratch AS all
-COPY --from=tini          /build/ /
-COPY --from=runc          /build/ /
-COPY --from=containerd    /build/ /
-COPY --from=rootlesskit   /build/ /
-COPY --from=containerutil /build/ /
-COPY --from=vpnkit        /       /
-COPY --from=build         /build  /
+# Upload docker source
+COPY . /go/src/github.com/docker/docker
 
-# smoke tests
-# usage:
-# > docker buildx bake binary-smoketest
-FROM base AS smoketest
-WORKDIR /usr/local/bin
-COPY --from=build /build .
-RUN <<EOT
-  set -ex
-  file dockerd
-  dockerd --version
-  file docker-proxy
-  docker-proxy --version
-EOT
-
-# usage:
-# > make shell
-# > SYSTEMD=true make shell
-FROM dev-base AS dev
-COPY . .

Dockerfile.aarch64

@@ -0,0 +1,166 @@
+# This file describes the standard way to build Docker on aarch64, using docker
+#
+# Usage:
+#
+# # Assemble the full dev environment. This is slow the first time.
+# docker build -t docker -f Dockerfile.aarch64 .
+#
+# # Mount your source in an interactive container for quick testing:
+# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
+#
+# # Run the test suite:
+# docker run --privileged docker hack/make.sh test-unit test-integration test-docker-py
+#
+# Note: AppArmor used to mess with privileged mode, but this is no longer
+# the case. Therefore, you don't have to disable it anymore.
+#
+
+FROM debian:stretch
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+# Packaged dependencies
+RUN apt-get update && apt-get install -y \
+	apparmor \
+	apt-utils \
+	aufs-tools \
+	automake \
+	bash-completion \
+	bsdmainutils \
+	btrfs-tools \
+	build-essential \
+	cmake \
+	createrepo \
+	curl \
+	dpkg-sig \
+	gcc \
+	git \
+	iptables \
+	jq \
+	less \
+	libapparmor-dev \
+	libcap-dev \
+	libdevmapper-dev \
+	libnl-3-dev \
+	libprotobuf-c0-dev \
+	libprotobuf-dev \
+	libseccomp-dev \
+	libsystemd-dev \
+	libtool \
+	libudev-dev \
+	mercurial \
+	net-tools \
+	pigz \
+	pkg-config \
+	protobuf-compiler \
+	protobuf-c-compiler \
+	python-backports.ssl-match-hostname \
+	python-dev \
+	python-mock \
+	python-pip \
+	python-requests \
+	python-setuptools \
+	python-websocket \
+	python-wheel \
+	tar \
+	thin-provisioning-tools \
+	vim \
+	vim-common \
+	xfsprogs \
+	zip \
+	--no-install-recommends
+
+# Install Go
+# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
+ENV GO_VERSION 1.9.3
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-arm64.tar.gz" \
+	| tar -xzC /usr/local
+
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+
+# Only install one version of the registry, because old version which support
+# schema1 manifests is not working on ARM64, we should skip integration-cli
+# tests for schema1 manifests on ARM64.
+ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& rm -rf "$GOPATH"
+
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.5.0
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
+	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
+	&& rm -rf "$GOPATH"
+
+# Get the "docker-py" source so we can run their integration tests
+ENV DOCKER_PY_COMMIT 1d6b5b203222ba5df7dedfcd1ee061a452f99c8a
+# To run integration tests docker-pycreds is required.
+RUN git clone https://github.com/docker/docker-py.git /docker-py \
+	&& cd /docker-py \
+	&& git checkout -q $DOCKER_PY_COMMIT \
+	&& pip install docker-pycreds==0.2.1 \
+	&& pip install -r test-requirements.txt
+
+# Install yamllint for validating swagger.yaml
+RUN pip install yamllint==1.5.0
+
+# Install go-swagger for validating swagger.yaml
+ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb
+RUN git clone https://github.com/go-swagger/go-swagger.git /go/src/github.com/go-swagger/go-swagger \
+	&& (cd /go/src/github.com/go-swagger/go-swagger && git checkout -q $GO_SWAGGER_COMMIT) \
+	&& go install -v github.com/go-swagger/go-swagger/cmd/swagger
+
+# Set user.email so crosbymichael's in-container merge commits go smoothly
+RUN git config --global user.email 'docker-dummy@example.com'
+
+# Add an unprivileged user to be used for tests which need it
+RUN groupadd -r docker
+RUN useradd --create-home --gid docker unprivilegeduser
+
+VOLUME /var/lib/docker
+WORKDIR /go/src/github.com/docker/docker
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+
+# Let us use a .bashrc file
+RUN ln -sfv $PWD/.bashrc ~/.bashrc
+
+# Register Docker's bash completion.
+RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
+
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
+RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
+	buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
+	busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
+	debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
+	hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
+# See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list)
+
+# Install tomlv, vndr, runc, containerd, tini, docker-proxy
+# Please edit hack/dockerfile/install-binaries.sh to update them.
+COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
+COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
+RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy dockercli gometalinter
+ENV PATH=/usr/local/cli:$PATH
+
+# Wrap all commands in the "docker-in-docker" script to allow nested containers
+ENTRYPOINT ["hack/dind"]
+
+# Options for hack/validate/gometalinter
+ENV GOMETALINTER_OPTS="--deadline=4m -j2"
+
+# Upload docker source
+COPY . /go/src/github.com/docker/docker

Dockerfile.armhf

@@ -0,0 +1,154 @@
+# This file describes the standard way to build Docker on ARMv7, using docker
+#
+# Usage:
+#
+# # Assemble the full dev environment. This is slow the first time.
+# docker build -t docker -f Dockerfile.armhf .
+#
+# # Mount your source in an interactive container for quick testing:
+# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
+#
+# # Run the test suite:
+# docker run --privileged docker hack/make.sh test-unit test-integration test-docker-py
+#
+# Note: AppArmor used to mess with privileged mode, but this is no longer
+# the case. Therefore, you don't have to disable it anymore.
+#
+
+FROM arm32v7/debian:stretch
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+# Packaged dependencies
+RUN apt-get update && apt-get install -y \
+	apparmor \
+	aufs-tools \
+	automake \
+	bash-completion \
+	btrfs-tools \
+	build-essential \
+	createrepo \
+	curl \
+	cmake \
+	dpkg-sig \
+	git \
+	iptables \
+	jq \
+	net-tools \
+	libapparmor-dev \
+	libcap-dev \
+	libdevmapper-dev \
+	libseccomp-dev \
+	libsystemd-dev \
+	libtool \
+	libudev-dev \
+	mercurial \
+	pigz \
+	pkg-config \
+	python-backports.ssl-match-hostname \
+	python-dev \
+	python-mock \
+	python-pip \
+	python-requests \
+	python-setuptools \
+	python-websocket \
+	python-wheel \
+	xfsprogs \
+	tar \
+	thin-provisioning-tools \
+	vim-common \
+	--no-install-recommends \
+	&& pip install awscli==1.10.15
+
+# Install Go
+# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
+ENV GO_VERSION 1.9.3
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \
+	| tar -xzC /usr/local
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+
+# We're building for armhf, which is ARMv7, so let's be explicit about that
+ENV GOARCH arm
+ENV GOARM 7
+
+# Install two versions of the registry. The first is an older version that
+# only supports schema1 manifests. The second is a newer version that supports
+# both. This allows integration-cli tests to cover push/pull with both schema1
+# and schema2 manifests.
+ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
+ENV REGISTRY_COMMIT cb08de17d74bef86ce6c5abe8b240e282f5750be
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
+	&& rm -rf "$GOPATH"
+
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.5.0
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
+	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
+	&& rm -rf "$GOPATH"
+
+# Get the "docker-py" source so we can run their integration tests
+ENV DOCKER_PY_COMMIT 1d6b5b203222ba5df7dedfcd1ee061a452f99c8a
+# To run integration tests docker-pycreds is required.
+RUN git clone https://github.com/docker/docker-py.git /docker-py \
+	&& cd /docker-py \
+	&& git checkout -q $DOCKER_PY_COMMIT \
+	&& pip install docker-pycreds==0.2.1 \
+	&& pip install -r test-requirements.txt
+
+# Set user.email so crosbymichael's in-container merge commits go smoothly
+RUN git config --global user.email 'docker-dummy@example.com'
+
+# Add an unprivileged user to be used for tests which need it
+RUN groupadd -r docker
+RUN useradd --create-home --gid docker unprivilegeduser
+
+VOLUME /var/lib/docker
+WORKDIR /go/src/github.com/docker/docker
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+
+# Let us use a .bashrc file
+RUN ln -sfv $PWD/.bashrc ~/.bashrc
+
+# Register Docker's bash completion.
+RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
+
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
+RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
+	buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
+	busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
+	debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
+	hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
+# See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list)
+
+# Install tomlv, vndr, runc, containerd, tini, docker-proxy
+# Please edit hack/dockerfile/install-binaries.sh to update them.
+COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
+COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
+RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy dockercli gometalinter
+ENV PATH=/usr/local/cli:$PATH
+
+ENTRYPOINT ["hack/dind"]
+
+# Options for hack/validate/gometalinter
+ENV GOMETALINTER_OPTS="--deadline=10m -j2"
+
+# Upload docker source
+COPY . /go/src/github.com/docker/docker

Dockerfile.e2e

@@ -1,84 +1,72 @@
-ARG GO_VERSION=1.23.9
+## Step 1: Build tests
+FROM golang:1.9.3-alpine3.6 as builder
 
-FROM golang:${GO_VERSION}-alpine AS base
-ENV GO111MODULE=off
-RUN apk --no-cache add \
+RUN apk add --update \
     bash \
+    btrfs-progs-dev \
     build-base \
     curl \
     lvm2-dev \
-    jq
+    jq \
+    && rm -rf /var/cache/apk/*
 
-RUN mkdir -p /build/
 RUN mkdir -p /go/src/github.com/docker/docker/
 WORKDIR /go/src/github.com/docker/docker/
 
-FROM base AS frozen-images
-# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
-COPY contrib/download-frozen-image-v2.sh /
-RUN /download-frozen-image-v2.sh /build \
-        busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
-        busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
-        debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \
-        hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
-        arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
-# See also frozenImages in "testutil/environment/protect.go" (which needs to be updated when adding images to this list)
+# Generate frozen images
+COPY contrib/download-frozen-image-v2.sh contrib/download-frozen-image-v2.sh
+RUN contrib/download-frozen-image-v2.sh /output/docker-frozen-images \
+  buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
+  busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
+  debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
+  hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
 
-FROM base AS dockercli
-COPY hack/dockerfile/install/install.sh ./install.sh
-COPY hack/dockerfile/install/dockercli.installer ./
-RUN PREFIX=/build ./install.sh dockercli
-
-# TestDockerCLIBuildSuite dependency
-FROM base AS contrib
-COPY contrib/syscall-test           /build/syscall-test
-COPY contrib/httpserver/Dockerfile  /build/httpserver/Dockerfile
-COPY contrib/httpserver             contrib/httpserver
-RUN CGO_ENABLED=0 go build -buildmode=pie -o /build/httpserver/httpserver github.com/docker/docker/contrib/httpserver
-
-# Build the integration tests and copy the resulting binaries to /build/tests
-FROM base AS builder
+# Download Docker CLI binary
+COPY hack/dockerfile hack/dockerfile
+RUN hack/dockerfile/install-binaries.sh dockercli
 
 # Set tag and add sources
-COPY . .
-# Copy test sources tests that use assert can print errors
-RUN mkdir -p /build${PWD} && find integration integration-cli -name \*_test.go -exec cp --parents '{}' /build${PWD} \;
-# Build and install test binaries
-ARG DOCKER_GITCOMMIT=undefined
+ARG DOCKER_GITCOMMIT
+ENV DOCKER_GITCOMMIT=$DOCKER_GITCOMMIT
+ADD . .
+
+# Build DockerSuite.TestBuild* dependency
+RUN CGO_ENABLED=0 go build -o /output/httpserver github.com/docker/docker/contrib/httpserver
+
+# Build the integration tests and copy the resulting binaries to /output/tests
 RUN hack/make.sh build-integration-test-binary
-RUN mkdir -p /build/tests && find . -name test.main -exec cp --parents '{}' /build/tests \;
+RUN mkdir -p /output/tests && find . -name test.main -exec cp --parents '{}' /output/tests \;
 
-## Generate testing image
-FROM alpine:3.10 as runner
-
-ENV DOCKER_REMOTE_DAEMON=1
-ENV DOCKER_INTEGRATION_DAEMON_DEST=/
-ENTRYPOINT ["/scripts/run.sh"]
-
-# Add an unprivileged user to be used for tests which need it
-RUN addgroup docker && adduser -D -G docker unprivilegeduser -s /bin/ash
+## Step 2: Generate testing image
+FROM alpine:3.6 as runner
 
 # GNU tar is used for generating the emptyfs image
-RUN apk --no-cache add \
+RUN apk add --update \
     bash \
     ca-certificates \
     g++ \
     git \
-    inetutils-ping \
     iptables \
-    libcap2-bin \
     pigz \
     tar \
-    xz
+    xz \
+    && rm -rf /var/cache/apk/*
 
-COPY hack/test/e2e-run.sh       /scripts/run.sh
-COPY hack/make/.ensure-emptyfs  /scripts/ensure-emptyfs.sh
+# Add an unprivileged user to be used for tests which need it
+RUN addgroup docker && adduser -D -G docker unprivilegeduser -s /bin/ash
 
-COPY integration/testdata       /tests/integration/testdata
-COPY integration/build/testdata /tests/integration/build/testdata
-COPY integration-cli/fixtures   /tests/integration-cli/fixtures
+COPY contrib/httpserver/Dockerfile /tests/contrib/httpserver/Dockerfile
+COPY contrib/syscall-test /tests/contrib/syscall-test
+COPY integration-cli/fixtures /tests/integration-cli/fixtures
 
-COPY --from=frozen-images /build/ /docker-frozen-images
-COPY --from=dockercli     /build/ /usr/bin/
-COPY --from=contrib       /build/ /tests/contrib/
-COPY --from=builder       /build/ /
+COPY hack/test/e2e-run.sh /scripts/run.sh
+COPY hack/make/.ensure-emptyfs /scripts/ensure-emptyfs.sh
+
+COPY --from=builder /output/docker-frozen-images /docker-frozen-images
+COPY --from=builder /output/httpserver /tests/contrib/httpserver/httpserver
+COPY --from=builder /output/tests /tests
+COPY --from=builder /usr/local/bin/docker /usr/bin/docker
+
+ENV DOCKER_REMOTE_DAEMON=1 DOCKER_INTEGRATION_DAEMON_DEST=/
+
+ENTRYPOINT ["/scripts/run.sh"]

Dockerfile.ppc64le

@@ -0,0 +1,150 @@
+# This file describes the standard way to build Docker on ppc64le, using docker
+#
+# Usage:
+#
+# # Assemble the full dev environment. This is slow the first time.
+# docker build -t docker -f Dockerfile.ppc64le .
+#
+# # Mount your source in an interactive container for quick testing:
+# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
+#
+# # Run the test suite:
+# docker run --privileged docker hack/make.sh test-unit test-integration test-docker-py
+#
+# Note: AppArmor used to mess with privileged mode, but this is no longer
+# the case. Therefore, you don't have to disable it anymore.
+#
+
+FROM ppc64le/debian:stretch
+
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+# Packaged dependencies
+RUN apt-get update && apt-get install -y \
+	apparmor \
+	apt-utils \
+	aufs-tools \
+	automake \
+	bash-completion \
+	btrfs-tools \
+	build-essential \
+	cmake \
+	createrepo \
+	curl \
+	dpkg-sig \
+	git \
+	iptables \
+	jq \
+	net-tools \
+	libapparmor-dev \
+	libcap-dev \
+	libdevmapper-dev \
+	libseccomp-dev \
+	libsystemd-dev \
+	libtool \
+	libudev-dev \
+	mercurial \
+	pigz \
+	pkg-config \
+	python-backports.ssl-match-hostname \
+	python-dev \
+	python-mock \
+	python-pip \
+	python-requests \
+	python-setuptools \
+	python-websocket \
+	python-wheel \
+	xfsprogs \
+	tar \
+	thin-provisioning-tools \
+	vim-common \
+	--no-install-recommends
+
+# Install Go
+# NOTE: official ppc64le go binaries weren't available until go 1.6.4 and 1.7.4
+# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
+ENV GO_VERSION 1.9.3
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" \
+	| tar -xzC /usr/local
+
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+
+# Install two versions of the registry. The first is an older version that
+# only supports schema1 manifests. The second is a newer version that supports
+# both. This allows integration-cli tests to cover push/pull with both schema1
+# and schema2 manifests.
+ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
+ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
+	&& rm -rf "$GOPATH"
+
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.5.0
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
+	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
+	&& rm -rf "$GOPATH"
+
+# Get the "docker-py" source so we can run their integration tests
+ENV DOCKER_PY_COMMIT 1d6b5b203222ba5df7dedfcd1ee061a452f99c8a
+# To run integration tests docker-pycreds is required.
+RUN git clone https://github.com/docker/docker-py.git /docker-py \
+	&& cd /docker-py \
+	&& git checkout -q $DOCKER_PY_COMMIT \
+	&& pip install docker-pycreds==0.2.1 \
+	&& pip install -r test-requirements.txt
+
+# Set user.email so crosbymichael's in-container merge commits go smoothly
+RUN git config --global user.email 'docker-dummy@example.com'
+
+# Add an unprivileged user to be used for tests which need it
+RUN groupadd -r docker
+RUN useradd --create-home --gid docker unprivilegeduser
+
+VOLUME /var/lib/docker
+WORKDIR /go/src/github.com/docker/docker
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+
+# Let us use a .bashrc file
+RUN ln -sfv $PWD/.bashrc ~/.bashrc
+
+# Register Docker's bash completion.
+RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
+
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
+RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
+	buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
+	busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
+	debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
+	hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
+# See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list)
+
+# Install tomlv, vndr, runc, containerd, tini, docker-proxy
+# Please edit hack/dockerfile/install-binaries.sh to update them.
+COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
+COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
+RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy dockercli gometalinter
+ENV PATH=/usr/local/cli:$PATH
+
+# Wrap all commands in the "docker-in-docker" script to allow nested containers
+ENTRYPOINT ["hack/dind"]
+
+# Upload docker source
+COPY . /go/src/github.com/docker/docker

Dockerfile.s390x

@@ -0,0 +1,144 @@
+# This file describes the standard way to build Docker on s390x, using docker
+#
+# Usage:
+#
+# # Assemble the full dev environment. This is slow the first time.
+# docker build -t docker -f Dockerfile.s390x .
+#
+# # Mount your source in an interactive container for quick testing:
+# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
+#
+# # Run the test suite:
+# docker run --privileged docker hack/make.sh test-unit test-integration test-docker-py
+#
+# Note: AppArmor used to mess with privileged mode, but this is no longer
+# the case. Therefore, you don't have to disable it anymore.
+#
+
+FROM s390x/debian:stretch
+
+# Packaged dependencies
+RUN apt-get update && apt-get install -y \
+	apparmor \
+	apt-utils \
+	aufs-tools \
+	automake \
+	bash-completion \
+	btrfs-tools \
+	build-essential \
+	cmake \
+	createrepo \
+	curl \
+	dpkg-sig \
+	git \
+	iptables \
+	jq \
+	net-tools \
+	libapparmor-dev \
+	libcap-dev \
+	libdevmapper-dev \
+	libseccomp-dev \
+	libsystemd-dev \
+	libtool \
+	libudev-dev \
+	mercurial \
+	pigz \
+	pkg-config \
+	python-backports.ssl-match-hostname \
+	python-dev \
+	python-mock \
+	python-pip \
+	python-requests \
+	python-setuptools \
+	python-websocket \
+	python-wheel \
+	xfsprogs \
+	tar \
+	thin-provisioning-tools \
+	vim-common \
+	--no-install-recommends
+
+# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
+ENV GO_VERSION 1.9.3
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \
+	| tar -xzC /usr/local
+
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+
+# Install two versions of the registry. The first is an older version that
+# only supports schema1 manifests. The second is a newer version that supports
+# both. This allows integration-cli tests to cover push/pull with both schema1
+# and schema2 manifests.
+ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
+ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
+	&& rm -rf "$GOPATH"
+
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.5.0
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
+	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
+	&& rm -rf "$GOPATH"
+
+# Get the "docker-py" source so we can run their integration tests
+ENV DOCKER_PY_COMMIT 1d6b5b203222ba5df7dedfcd1ee061a452f99c8a
+# To run integration tests docker-pycreds is required.
+RUN git clone https://github.com/docker/docker-py.git /docker-py \
+	&& cd /docker-py \
+	&& git checkout -q $DOCKER_PY_COMMIT \
+	&& pip install docker-pycreds==0.2.1 \
+	&& pip install -r test-requirements.txt
+
+# Set user.email so crosbymichael's in-container merge commits go smoothly
+RUN git config --global user.email 'docker-dummy@example.com'
+
+# Add an unprivileged user to be used for tests which need it
+RUN groupadd -r docker
+RUN useradd --create-home --gid docker unprivilegeduser
+
+VOLUME /var/lib/docker
+WORKDIR /go/src/github.com/docker/docker
+ENV DOCKER_BUILDTAGS apparmor selinux seccomp
+
+# Let us use a .bashrc file
+RUN ln -sfv $PWD/.bashrc ~/.bashrc
+
+# Register Docker's bash completion.
+RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
+
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
+RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
+	buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
+	busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
+	debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
+	hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
+# See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list)
+
+# Install tomlv, vndr, runc, containerd, tini, docker-proxy
+# Please edit hack/dockerfile/install-binaries.sh to update them.
+COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
+COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
+RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy dockercli gometalinter
+ENV PATH=/usr/local/cli:$PATH
+
+# Wrap all commands in the "docker-in-docker" script to allow nested containers
+ENTRYPOINT ["hack/dind"]
+
+# Upload docker source
+COPY . /go/src/github.com/docker/docker

Dockerfile.simple

@@ -5,26 +5,21 @@
 
 # This represents the bare minimum required to build and test Docker.
 
-ARG GO_VERSION=1.23.9
+FROM debian:stretch
 
-ARG BASE_DEBIAN_DISTRO="bookworm"
-ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
-
-FROM ${GOLANG_IMAGE}
-ENV GO111MODULE=off
-ENV GOTOOLCHAIN=local
-
-# allow replacing debian mirror
-ARG APT_MIRROR
-RUN test -n "$APT_MIRROR" && sed -ri "s#(httpredir|deb|security).debian.org#${APT_MIRROR}#g" /etc/apt/sources.list.d/debian.sources || true
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
 
 # Compile and runtime deps
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends \
+		btrfs-tools \
 		build-essential \
 		curl \
 		cmake \
+		gcc \
 		git \
 		libapparmor-dev \
 		libdevmapper-dev \
@@ -38,15 +33,27 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		xfsprogs \
 		xz-utils \
 		\
+		aufs-tools \
 		vim-common \
 	&& rm -rf /var/lib/apt/lists/*
 
+# Install Go
+# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
+#            will need updating, to avoid errors. Ping #docker-maintainers on IRC
+#            with a heads-up.
+# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
+ENV GO_VERSION 1.9.3
+RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
+	| tar -xzC /usr/local
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+ENV CGO_LDFLAGS -L/lib
+
 # Install runc, containerd, tini and docker-proxy
-# Please edit hack/dockerfile/install/<name>.installer to update them.
-COPY hack/dockerfile/install hack/dockerfile/install
-RUN for i in runc containerd tini proxy dockercli; \
-		do hack/dockerfile/install/install.sh $i; \
-	done
+# Please edit hack/dockerfile/install-binaries.sh to update them.
+COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
+COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
+RUN /tmp/install-binaries.sh runc containerd tini proxy dockercli
 ENV PATH=/usr/local/cli:$PATH
 
 ENV AUTO_GOPATH 1

Dockerfile.windows

@@ -45,8 +45,8 @@
 #
 # 1. Clone the sources from github.com:
 #
-#    >>   git clone https://github.com/docker/docker.git C:\gopath\src\github.com\docker\docker
-#    >>   Cloning into 'C:\gopath\src\github.com\docker\docker'...
+#    >>   git clone https://github.com/docker/docker.git C:\go\src\github.com\docker\docker
+#    >>   Cloning into 'C:\go\src\github.com\docker\docker'...
 #    >>   remote: Counting objects: 186216, done.
 #    >>   remote: Compressing objects: 100% (21/21), done.
 #    >>   remote: Total 186216 (delta 5), reused 0 (delta 0), pack-reused 186195
@@ -59,7 +59,7 @@
 #
 # 2. Change directory to the cloned docker sources:
 #
-#    >>   cd C:\gopath\src\github.com\docker\docker 
+#    >>   cd C:\go\src\github.com\docker\docker 
 #
 #
 # 3. Build a docker image with the components required to build the docker binaries from source
@@ -79,8 +79,8 @@
 # 5. Copy the binaries out of the container, replacing HostPath with an appropriate destination 
 #    folder on the host system where you want the binaries to be located.
 #
-#    >>   docker cp binaries:C:\gopath\src\github.com\docker\docker\bundles\docker.exe C:\HostPath\docker.exe
-#    >>   docker cp binaries:C:\gopath\src\github.com\docker\docker\bundles\dockerd.exe C:\HostPath\dockerd.exe
+#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\docker.exe C:\HostPath\docker.exe
+#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\dockerd.exe C:\HostPath\dockerd.exe
 #
 #
 # 6. (Optional) Remove the interim container holding the built executable binaries:
@@ -147,42 +147,24 @@
 # The docker integration tests do not currently run in a container on Windows, predominantly
 # due to Windows not supporting privileged mode, so anything using a volume would fail.
 # They (along with the rest of the docker CI suite) can be run using 
-# https://github.com/kevpar/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1.
+# https://github.com/jhowardmsft/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1.
 #
 # -----------------------------------------------------------------------------------------
 
 
 # The number of build steps below are explicitly minimised to improve performance.
-
-# Extremely important - do not change the following line to reference a "specific" image, 
-# such as `mcr.microsoft.com/windows/servercore:ltsc2022`. If using this Dockerfile in process
-# isolated containers, the kernel of the host must match the container image, and hence
-# would fail between Windows Server 2016 (aka RS1) and Windows Server 2019 (aka RS5).
-# It is expected that the image `microsoft/windowsservercore:latest` is present, and matches
-# the hosts kernel version before doing a build. 
 FROM microsoft/windowsservercore
 
 # Use PowerShell as the default shell
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
-ARG GO_VERSION=1.23.9
-ARG GOTESTSUM_VERSION=v1.8.2
-ARG GOWINRES_VERSION=v0.3.0
-ARG CONTAINERD_VERSION=v1.6.38
-
 # Environment variable notes:
 #  - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
-#  - CONTAINERD_VERSION must be consistent with 'hack/dockerfile/install/containerd.installer' used by Linux.
 #  - FROM_DOCKERFILE is used for detection of building within a container.
-ENV GO_VERSION=${GO_VERSION} `
-    CONTAINERD_VERSION=${CONTAINERD_VERSION} `
+ENV GO_VERSION=1.9.3 `
     GIT_VERSION=2.11.1 `
-    GOPATH=C:\gopath `
-    GO111MODULE=off `
-    GOTOOLCHAIN=local `
-    FROM_DOCKERFILE=1 `
-    GOTESTSUM_VERSION=${GOTESTSUM_VERSION} `
-    GOWINRES_VERSION=${GOWINRES_VERSION}
+    GOPATH=C:\go `
+    FROM_DOCKERFILE=1
 
 RUN `
   Function Test-Nano() { `
@@ -211,30 +193,28 @@ RUN `
       Throw ("Failed to download " + $source) `
       }`
     } else { `
-      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; `
       $webClient = New-Object System.Net.WebClient; `
       $webClient.DownloadFile($source, $target); `
     } `
   } `
   `
-  setx /M PATH $('C:\git\cmd;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin;C:\containerd\bin'); `
+  setx /M PATH $('C:\git\cmd;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin'); `
   `
   Write-Host INFO: Downloading git...; `
   $location='https://www.nuget.org/api/v2/package/GitForWindows/'+$Env:GIT_VERSION; `
   Download-File $location C:\gitsetup.zip; `
   `
   Write-Host INFO: Downloading go...; `
-  $dlGoVersion=$Env:GO_VERSION -replace '\.0$',''; `
-  Download-File "https://go.dev/dl/go${dlGoVersion}.windows-amd64.zip" C:\go.zip; `
+  Download-File $('https://golang.org/dl/go'+$Env:GO_VERSION+'.windows-amd64.zip') C:\go.zip; `
   `
   Write-Host INFO: Downloading compiler 1 of 3...; `
-  Download-File https://raw.githubusercontent.com/moby/docker-tdmgcc/master/gcc.zip C:\gcc.zip; `
+  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/gcc.zip C:\gcc.zip; `
   `
   Write-Host INFO: Downloading compiler 2 of 3...; `
-  Download-File https://raw.githubusercontent.com/moby/docker-tdmgcc/master/runtime.zip C:\runtime.zip; `
+  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/runtime.zip C:\runtime.zip; `
   `
   Write-Host INFO: Downloading compiler 3 of 3...; `
-  Download-File https://raw.githubusercontent.com/moby/docker-tdmgcc/master/binutils.zip C:\binutils.zip; `
+  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/binutils.zip C:\binutils.zip; `
   `
   Write-Host INFO: Extracting git...; `
   Expand-Archive C:\gitsetup.zip C:\git-tmp; `
@@ -258,58 +238,19 @@ RUN `
   Remove-Item C:\binutils.zip; `
   Remove-Item C:\gitsetup.zip; `
   `
-  Write-Host INFO: Downloading containerd; `
-  $location='https://github.com/containerd/containerd/releases/download/'+$Env:CONTAINERD_VERSION+'/containerd-'+$Env:CONTAINERD_VERSION.TrimStart('v')+'-windows-amd64.tar.gz'; `
-  Download-File $location C:\containerd.tar.gz; `
-  New-Item -Path C:\containerd -ItemType Directory; `
-  tar -xzf C:\containerd.tar.gz -C C:\containerd; `
-  Remove-Item C:\containerd.tar.gz; `
-  `
-  # Ensure all directories exist that we will require below....
-  $srcDir = """$Env:GOPATH`\src\github.com\docker\docker\bundles"""; `
-  Write-Host INFO: Ensuring existence of directory $srcDir...; `
-  New-Item -Force -ItemType Directory -Path $srcDir | Out-Null; `
+  Write-Host INFO: Creating source directory...; `
+  New-Item -ItemType Directory -Path C:\go\src\github.com\docker\docker | Out-Null; `
   `
   Write-Host INFO: Configuring git core.autocrlf...; `
-  C:\git\cmd\git config --global core.autocrlf true;
-
-RUN `
-  Function Install-GoTestSum() { `
-    $Env:GO111MODULE = 'on'; `
-    $tmpGobin = "${Env:GOBIN_TMP}"; `
-    $Env:GOBIN = """${Env:GOPATH}`\bin"""; `
-    Write-Host "INFO: Installing gotestsum version $Env:GOTESTSUM_VERSION in $Env:GOBIN"; `
-    &go install "gotest.tools/gotestsum@${Env:GOTESTSUM_VERSION}"; `
-    $Env:GOBIN = "${tmpGobin}"; `
-    $Env:GO111MODULE = 'off'; `
-    if ($LASTEXITCODE -ne 0) {  `
-      Throw '"gotestsum install failed..."'; `
-    } `
-  } `
+  C:\git\cmd\git config --global core.autocrlf true; `
   `
-  Install-GoTestSum
-
-RUN `
-  Function Install-GoWinres() { `
-    $Env:GO111MODULE = 'on'; `
-    $tmpGobin = "${Env:GOBIN_TMP}"; `
-    $Env:GOBIN = """${Env:GOPATH}`\bin"""; `
-    Write-Host "INFO: Installing go-winres version $Env:GOWINRES_VERSION in $Env:GOBIN"; `
-    &go install "github.com/tc-hib/go-winres@${Env:GOWINRES_VERSION}"; `
-    $Env:GOBIN = "${tmpGobin}"; `
-    $Env:GO111MODULE = 'off'; `
-    if ($LASTEXITCODE -ne 0) {  `
-      Throw '"go-winres install failed..."'; `
-    } `
-  } `
-  `
-  Install-GoWinres
+  Write-Host INFO: Completed
 
 # Make PowerShell the default entrypoint
 ENTRYPOINT ["powershell.exe"]
 
 # Set the working directory to the location of the sources
-WORKDIR ${GOPATH}\src\github.com\docker\docker
+WORKDIR C:\go\src\github.com\docker\docker
 
 # Copy the sources into the container
 COPY . .

Jenkinsfile

@@ -1,170 +0,0 @@
-#!groovy
-pipeline {
-    agent none
-
-    options {
-        buildDiscarder(logRotator(daysToKeepStr: '30'))
-        timeout(time: 2, unit: 'HOURS')
-        timestamps()
-    }
-    parameters {
-        booleanParam(name: 'arm64', defaultValue: true, description: 'ARM (arm64) Build/Test')
-        booleanParam(name: 'dco', defaultValue: true, description: 'Run the DCO check')
-    }
-    environment {
-        DOCKER_BUILDKIT     = '1'
-        DOCKER_EXPERIMENTAL = '1'
-        DOCKER_GRAPHDRIVER  = 'overlay2'
-        CHECK_CONFIG_COMMIT = '33a3680e08d1007e72c3b3f1454f823d8e9948ee'
-        TESTDEBUG           = '0'
-        TIMEOUT             = '120m'
-    }
-    stages {
-        stage('pr-hack') {
-            when { changeRequest() }
-            steps {
-                script {
-                    echo "Workaround for PR auto-cancel feature. Borrowed from https://issues.jenkins-ci.org/browse/JENKINS-43353"
-                    def buildNumber = env.BUILD_NUMBER as int
-                    if (buildNumber > 1) milestone(buildNumber - 1)
-                    milestone(buildNumber)
-                }
-            }
-        }
-        stage('DCO-check') {
-            when {
-                beforeAgent true
-                expression { params.dco }
-            }
-            agent { label 'arm64 && ubuntu-2004' }
-            steps {
-                sh '''
-                docker run --rm \
-                  -v "$WORKSPACE:/workspace" \
-                  -e VALIDATE_REPO=${GIT_URL} \
-                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
-                  alpine sh -c 'apk add --no-cache -q bash git openssh-client && git config --system --add safe.directory /workspace && cd /workspace && hack/validate/dco'
-                '''
-            }
-        }
-        stage('Build') {
-            parallel {
-                stage('arm64') {
-                    when {
-                        beforeAgent true
-                        expression { params.arm64 }
-                    }
-                    agent { label 'arm64 && ubuntu-2004' }
-                    environment {
-                        TEST_SKIP_INTEGRATION_CLI = '1'
-                    }
-
-                    stages {
-                        stage("Load kernel modules") {
-                            steps {
-                                sh '''
-                                sudo modprobe ip6table_filter
-                                sudo modprobe -va br_netfilter
-                                sudo systemctl restart docker.service
-                                '''
-                            }
-                        }
-                        stage("Print info") {
-                            steps {
-                                sh 'docker version'
-                                sh 'docker info'
-                                sh '''
-                                echo "check-config.sh version: ${CHECK_CONFIG_COMMIT}"
-                                curl -fsSL -o ${WORKSPACE}/check-config.sh "https://raw.githubusercontent.com/moby/moby/${CHECK_CONFIG_COMMIT}/contrib/check-config.sh" \
-                                && bash ${WORKSPACE}/check-config.sh || true
-                                '''
-                            }
-                        }
-                        stage("Build dev image") {
-                            steps {
-                                sh 'docker build --force-rm -t docker:${GIT_COMMIT} .'
-                            }
-                        }
-                        stage("Unit tests") {
-                            steps {
-                                sh '''
-                                docker run --rm -t --privileged \
-                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
-                                  --name docker-pr$BUILD_NUMBER \
-                                  -e DOCKER_EXPERIMENTAL \
-                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
-                                  -e DOCKER_GRAPHDRIVER \
-                                  -e VALIDATE_REPO=${GIT_URL} \
-                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
-                                  docker:${GIT_COMMIT} \
-                                  hack/test/unit
-                                '''
-                            }
-                            post {
-                                always {
-                                    junit testResults: 'bundles/junit-report*.xml', allowEmptyResults: true
-                                }
-                            }
-                        }
-                        stage("Integration tests") {
-                            environment { TEST_SKIP_INTEGRATION_CLI = '1' }
-                            steps {
-                                sh '''
-                                docker run --rm -t --privileged \
-                                  -v "$WORKSPACE/bundles:/go/src/github.com/docker/docker/bundles" \
-                                  --name docker-pr$BUILD_NUMBER \
-                                  -e DOCKER_EXPERIMENTAL \
-                                  -e DOCKER_GITCOMMIT=${GIT_COMMIT} \
-                                  -e DOCKER_GRAPHDRIVER \
-                                  -e TESTDEBUG \
-                                  -e TEST_SKIP_INTEGRATION_CLI \
-                                  -e TIMEOUT \
-                                  -e VALIDATE_REPO=${GIT_URL} \
-                                  -e VALIDATE_BRANCH=${CHANGE_TARGET} \
-                                  docker:${GIT_COMMIT} \
-                                  hack/make.sh \
-                                    dynbinary \
-                                    test-integration
-                                '''
-                            }
-                            post {
-                                always {
-                                    junit testResults: 'bundles/**/*-report.xml', allowEmptyResults: true
-                                }
-                            }
-                        }
-                    }
-
-                    post {
-                        always {
-                            sh '''
-                            echo "Ensuring container killed."
-                            docker rm -vf docker-pr$BUILD_NUMBER || true
-                            '''
-
-                            sh '''
-                            echo "Chowning /workspace to jenkins user"
-                            docker run --rm -v "$WORKSPACE:/workspace" busybox chown -R "$(id -u):$(id -g)" /workspace
-                            '''
-
-                            catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE', message: 'Failed to create bundles.tar.gz') {
-                                sh '''
-                                bundleName=arm64-integration
-                                echo "Creating ${bundleName}-bundles.tar.gz"
-                                # exclude overlay2 directories
-                                find bundles -path '*/root/*overlay2' -prune -o -type f \\( -name '*-report.json' -o -name '*.log' -o -name '*.prof' -o -name '*-report.xml' \\) -print | xargs tar -czf ${bundleName}-bundles.tar.gz
-                                '''
-
-                                archiveArtifacts artifacts: '*-bundles.tar.gz', allowEmptyArchive: true
-                            }
-                        }
-                        cleanup {
-                            sh 'make clean'
-                            deleteDir()
-                        }
-                    }
-                }
-            }
-        }
-    }
-}

LICENSE

@@ -176,7 +176,7 @@
 
    END OF TERMS AND CONDITIONS
 
-   Copyright 2013-2018 Docker, Inc.
+   Copyright 2013-2017 Docker, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

MAINTAINERS

@@ -23,20 +23,33 @@
 	# a subsystem, they are responsible for doing so and holding the
 	# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
 
+	# For each release (including minor releases), a "release captain" is assigned from the
+	# pool of core maintainers. Rotation is encouraged across all maintainers, to ensure
+	# the release process is clear and up-to-date.
+
 		people = [
+			"aaronlehmann",
 			"akihirosuda",
+			"albers",
+			"aluzzardi",
 			"anusha",
 			"coolljt0725",
 			"cpuguy83",
+			"crosbymichael",
+			"dnephin",
+			"duglin",
+			"ehazlett",
 			"estesp",
+			"icecrime",
+			"jhowardmsft",
 			"johnstep",
 			"justincormack",
-			"kolyshkin",
+			"lk4d4",
+			"mavenugo",
 			"mhbauer",
+			"mlaventure",
 			"runcom",
-			"samuelkarp",
 			"stevvooe",
-			"thajeztah",
 			"tianon",
 			"tibor",
 			"tonistiigi",
@@ -46,6 +59,15 @@
 			"yongtang"
 		]
 
+	[Org."Docs maintainers"]
+
+	# TODO Describe the docs maintainers role.
+
+		people = [
+			"misty",
+			"thajeztah"
+		]
+
 	[Org.Curators]
 
 	# The curators help ensure that incoming issues and pull requests are properly triaged and
@@ -59,18 +81,18 @@
 	# - close an issue or pull request when it's inappropriate or off-topic
 
 		people = [
+			"aboch",
 			"alexellis",
 			"andrewhsu",
-			"corhere",
+			"anonymuse",
+			"chanwit",
+			"ehazlett",
 			"fntlnz",
 			"gianarb",
-			"ndeloof",
-			"neersighted",
-			"olljanat",
+			"mgoelzer",
 			"programmerq",
-			"ripcurld",
-			"rumpl",
-			"samwhited",
+			"rheinwein",
+			"ripcurld0",
 			"thajeztah"
 		]
 
@@ -81,22 +103,6 @@
 	# Thank you!
 
 		people = [
-			# Aaron Lehmann was a maintainer for swarmkit, the registry, and the engine,
-			# and contributed many improvements, features, and bugfixes in those areas,
-			# among which "automated service rollbacks", templated secrets and configs,
-			# and resumable image layer downloads.
-			"aaronlehmann",
-
-			# Harald Albers is the mastermind behind the bash completion scripts for the
-			# Docker CLI. The completion scripts moved to the Docker CLI repository, so
-			# you can now find him perform his magic in the https://github.com/docker/cli repository.
-			"albers",
-
-			# Andrea Luzzardi started contributing to the Docker codebase in the "dotCloud"
-			# era, even before it was called "Docker". He is one of the architects of both
-			# Swarm and SwarmKit, and its integration into the Docker engine.
-			"aluzzardi",
-			
 			# David Calavera contributed many features to Docker, such as an improved
 			# event system, dynamic configuration reloading, volume plugins, fancy
 			# new templating options, and an external client credential store. As a
@@ -106,30 +112,6 @@
 			# and tweets as @calavera.
 			"calavera",
 
-			# Michael Crosby was "chief maintainer" of the Docker project.
-			# During his time as a maintainer, Michael contributed to many
-			# milestones of the project; he was release captain of Docker v1.0.0,
-			# started the development of "libcontainer" (what later became runc)
-			# and containerd, as well as demoing cool hacks such as live migrating
-			# a game server container with checkpoint/restore.
-			#
-			# Michael is currently a maintainer of containerd, but you may see
-			# him around in other projects on GitHub.
-			"crosbymichael",
-
-			# Before becoming a maintainer, Daniel Nephin was a core contributor
-			# to "Fig" (now known as Docker Compose). As a maintainer for both the
-			# Engine and Docker CLI, Daniel contributed many features, among which
-			# the `docker stack` commands, allowing users to deploy their Docker
-			# Compose projects as a Swarm service.
-			"dnephin",
-
-			# Doug Davis contributed many features and fixes for the classic builder,
-			# such as "wildcard" copy, the dockerignore file, custom paths/names
-			# for the Dockerfile, as well as enhancements to the API and documentation.
-			# Follow Doug on Twitter, where he tweets as @duginabox.
-			"duglin",
-
 			# As a maintainer, Erik was responsible for the "builder", and
 			# started the first designs for the new networking model in
 			# Docker. Erik is now working on all kinds of plugins for Docker
@@ -138,24 +120,6 @@
 			# still stumble into him in our issue tracker, or on IRC.
 			"erikh",
 
-			# Evan Hazlett is the creator of the Shipyard and Interlock open source projects,
-			# and the author of "Orca", which became the foundation of Docker Universal Control
-			# Plane (UCP). As a maintainer, Evan helped integrating SwarmKit (secrets, tasks)
-			# into the Docker engine.
-			"ehazlett",
-
-			# Arnaud Porterie (AKA "icecrime") was in charge of maintaining the maintainers.
-			# As a maintainer, he made life easier for contributors to the Docker open-source
-			# projects, bringing order in the chaos by designing a triage- and review workflow
-			# using labels (see https://icecrime.net/technology/a-structured-approach-to-labeling/),
-			# and automating the hell out of things with his buddies GordonTheTurtle and Poule
-			# (a chicken!).
-			# 
-			# A lesser-known fact is that he created the first commit in the libnetwork repository
-			# even though he didn't know anything about it. Some say, he's now selling stuff on
-			# the internet ;-)
-			"icecrime",
-
 			# After a false start with his first PR being rejected, James Turnbull became a frequent
 			# contributor to the documentation, and became a docs maintainer on December 5, 2013. As
 			# a maintainer, James lifted the docs to a higher standard, and introduced the community
@@ -175,41 +139,13 @@
 			# containers a lot more secure). Besides being a maintainer, she
 			# set up the CI infrastructure for the project, giving everyone
 			# something to shout at if a PR failed ("noooo Janky!").
+			# Jess is currently working on the DCOS security team at Mesosphere,
+			# and contributing to various open source projects.
 			# Be sure you don't miss her talks at a conference near you (a must-see),
 			# read her blog at https://blog.jessfraz.com (a must-read), and
 			# check out her open source projects on GitHub https://github.com/jessfraz (a must-try).
 			"jessfraz",
 
-			# As a maintainer, John Howard managed to make the impossible possible;
-			# to run Docker on Windows. After facing many challenges, teaching
-			# fellow-maintainers that 'Windows is not Linux', and many changes in
-			# Windows Server to facilitate containers, native Windows containers
-			# saw the light of day in 2015.
-			#
-			# John is now enjoying life without containers: playing piano, painting,
-			# and walking his dogs, but you may occasionally see him drop by on GitHub.
-			"lowenna",
-
-			# Alexander Morozov contributed many features to Docker, worked on the premise of 
-			# what later became containerd (and worked on that too), and made a "stupid" Go
-			# vendor tool specifically for docker/docker needs: vndr (https://github.com/LK4D4/vndr).
-			# Not many know that Alexander is a master negotiator, being able to change course
-			# of action with a single "Nope, we're not gonna do that".
-			"lk4d4",
-
-			# Madhu Venugopal was part of the SocketPlane team that joined Docker.
-			# As a maintainer, he was working with Jana for the Container Network
-			# Model (CNM) implemented through libnetwork, and the "routing mesh" powering
-			# Swarm mode networking.
-			"mavenugo",
-
-			# As a maintainer, Kenfe-Mickaël Laventure worked on the container runtime,
-			# integrating containerd 1.0 with the daemon, and adding support for custom
-			# OCI runtimes, as well as implementing the `docker prune` subcommands,
-			# which was a welcome feature to be added. You can keep up with Mickaél on
-			# Twitter (@kmlaventure).
-			"mlaventure",
-
 			# As a docs maintainer, Mary Anthony contributed greatly to the Docker
 			# docs. She wrote the Docker Contributor Guide and Getting Started
 			# Guides. She helped create a doc build system independent of
@@ -277,6 +213,11 @@
 	Email = "aaron.lehmann@docker.com"
 	GitHub = "aaronlehmann"
 
+	[people.aboch]
+	Name = "Alessandro Boch"
+	Email = "aboch@docker.com"
+	GitHub = "aboch"
+
 	[people.alexellis]
 	Name = "Alex Ellis"
 	Email = "alexellis2@gmail.com"
@@ -284,7 +225,7 @@
 
 	[people.akihirosuda]
 	Name = "Akihiro Suda"
-	Email = "akihiro.suda.cz@hco.ntt.co.jp"
+	Email = "suda.akihiro@lab.ntt.co.jp"
 	GitHub = "AkihiroSuda"
 
 	[people.aluzzardi]
@@ -302,6 +243,11 @@
 	Email = "andrewhsu@docker.com"
 	GitHub = "andrewhsu"
 
+	[people.anonymuse]
+	Name = "Jesse White"
+	Email = "anonymuse@gmail.com"
+	GitHub = "anonymuse"
+
 	[people.anusha]
 	Name = "Anusha Ragunathan"
 	Email = "anusha@docker.com"
@@ -317,16 +263,16 @@
 	Email = "leijitang@huawei.com"
 	GitHub = "coolljt0725"
 
-	[people.corhere]
-	Name = "Cory Snider"
-	Email = "csnider@mirantis.com"
-	GitHub = "corhere"
-
 	[people.cpuguy83]
 	Name = "Brian Goff"
 	Email = "cpuguy83@gmail.com"
 	GitHub = "cpuguy83"
 
+	[people.chanwit]
+	Name = "Chanwit Kaewkasi"
+	Email = "chanwit@gmail.com"
+	GitHub = "chanwit"
+
 	[people.crosbymichael]
 	Name = "Michael Crosby"
 	Email = "crosbymichael@gmail.com"
@@ -377,6 +323,11 @@
 	Email = "james@lovedthanlost.net"
 	GitHub = "jamtur01"
 
+	[people.jhowardmsft]
+	Name = "John Howard"
+	Email = "jhoward@microsoft.com"
+	GitHub = "jhowardmsft"
+
 	[people.jessfraz]
 	Name = "Jessie Frazelle"
 	Email = "jess@linux.com"
@@ -392,31 +343,31 @@
 	Email = "justin.cormack@docker.com"
 	GitHub = "justincormack"
 
-	[people.kolyshkin]
-	Name = "Kir Kolyshkin"
-	Email = "kolyshkin@gmail.com"
-	GitHub = "kolyshkin"
-
 	[people.lk4d4]
 	Name = "Alexander Morozov"
 	Email = "lk4d4@docker.com"
 	GitHub = "lk4d4"
 
-	[people.lowenna]
-	Name = "John Howard"
-	Email = "github@lowenna.com"
-	GitHub = "lowenna"
-
 	[people.mavenugo]
 	Name = "Madhu Venugopal"
 	Email = "madhu@docker.com"
 	GitHub = "mavenugo"
 
+	[people.mgoelzer]
+	Name = "Mike Goelzer"
+	Email = "mike.goelzer@docker.com"
+	GitHub = "mgoelzer"
+
 	[people.mhbauer]
 	Name = "Morgan Bauer"
 	Email = "mbauer@us.ibm.com"
 	GitHub = "mhbauer"
 
+	[people.misty]
+	Name = "Misty Stanley-Jones"
+	Email = "misty@docker.com"
+	GitHub = "mistyhacks"
+
 	[people.mlaventure]
 	Name = "Kenfe-Mickaël Laventure"
 	Email = "mickael.laventure@gmail.com"
@@ -432,51 +383,26 @@
 	Email = "mrjana@docker.com"
 	GitHub = "mrjana"
 
-	[people.ndeloof]
-	Name = "Nicolas De Loof"
-	Email = "nicolas.deloof@gmail.com"
-	GitHub = "ndeloof"
-
-	[people.neersighted]
-	Name = "Bjorn Neergaard"
-	Email = "bneergaard@mirantis.com"
-	GitHub = "neersighted"
-
-	[people.olljanat]
-	Name = "Olli Janatuinen"
-	Email = "olli.janatuinen@gmail.com"
-	GitHub = "olljanat"
-
 	[people.programmerq]
 	Name = "Jeff Anderson"
 	Email = "jeff@docker.com"
 	GitHub = "programmerq"
 
-	[people.ripcurld]
+	[people.rheinwein]
+	Name = "Laura Frank"
+	Email = "laura@codeship.com"
+	GitHub = "rheinwein"
+
+	[people.ripcurld0]
 	Name = "Boaz Shuster"
 	Email = "ripcurld.github@gmail.com"
-	GitHub = "ripcurld"
-
-	[people.rumpl]
-	Name = "Djordje Lukic"
-	Email = "djordje.lukic@docker.com"
-	GitHub = "rumpl"
+	GitHub = "ripcurld0"
 
 	[people.runcom]
 	Name = "Antonio Murdaca"
 	Email = "runcom@redhat.com"
 	GitHub = "runcom"
 
-	[people.samuelkarp]
-	Name = "Samuel Karp"
-	Email = "me@samuelkarp.com"
-	GitHub = "samuelkarp"
-
-	[people.samwhited]
-	Name = "Sam Whited"
-	Email = "sam@samwhited.com"
-	GitHub = "samwhited"
-
 	[people.shykes]
 	Name = "Solomon Hykes"
 	Email = "solomon@docker.com"

Makefile

@@ -1,11 +1,10 @@
-.PHONY: all binary dynbinary build cross help install manpages run shell test test-docker-py test-integration test-unit validate validate-% win
-
-DOCKER ?= docker
-BUILDX ?= $(DOCKER) buildx
+.PHONY: all binary dynbinary build cross deb help init-go-pkg-cache install manpages rpm run shell test test-docker-py test-integration test-unit validate win
 
 # set the graph driver as the current graphdriver if not set
 DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info 2>&1 | grep "Storage Driver" | sed 's/.*: //'))
 export DOCKER_GRAPHDRIVER
+DOCKER_INCREMENTAL_BINARY := $(if $(DOCKER_INCREMENTAL_BINARY),$(DOCKER_INCREMENTAL_BINARY),1)
+export DOCKER_INCREMENTAL_BINARY
 
 # get OS/Arch of docker engine
 DOCKER_OSARCH := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKER_ENGINE_OSARCH}')
@@ -14,12 +13,6 @@ DOCKERFILE := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $$
 DOCKER_GITCOMMIT := $(shell git rev-parse --short HEAD || echo unsupported)
 export DOCKER_GITCOMMIT
 
-# allow overriding the repository and branch that validation scripts are running
-# against these are used in hack/validate/.validate to check what changed in the PR.
-export VALIDATE_REPO
-export VALIDATE_BRANCH
-export VALIDATE_ORIGIN_BRANCH
-
 # env vars passed through directly to Docker's build scripts
 # to allow things like `make KEEPBUNDLE=1 binary` easily
 # `project/PACKAGERS.md` have some limited documentation of some of these
@@ -31,84 +24,76 @@ export VALIDATE_ORIGIN_BRANCH
 # make DOCKER_LDFLAGS="-X github.com/docker/docker/daemon/graphdriver.priority=overlay2,devicemapper" dynbinary
 #
 DOCKER_ENVS := \
+	-e DOCKER_CROSSPLATFORMS \
+	-e BUILD_APT_MIRROR \
 	-e BUILDFLAGS \
 	-e KEEPBUNDLE \
 	-e DOCKER_BUILD_ARGS \
 	-e DOCKER_BUILD_GOGC \
-	-e DOCKER_BUILD_OPTS \
 	-e DOCKER_BUILD_PKGS \
-	-e DOCKER_BUILDKIT \
 	-e DOCKER_BASH_COMPLETION_PATH \
 	-e DOCKER_CLI_PATH \
 	-e DOCKER_DEBUG \
 	-e DOCKER_EXPERIMENTAL \
 	-e DOCKER_GITCOMMIT \
 	-e DOCKER_GRAPHDRIVER \
+	-e DOCKER_INCREMENTAL_BINARY \
 	-e DOCKER_LDFLAGS \
 	-e DOCKER_PORT \
 	-e DOCKER_REMAP_ROOT \
-	-e DOCKER_ROOTLESS \
 	-e DOCKER_STORAGE_OPTS \
-	-e DOCKER_TEST_HOST \
 	-e DOCKER_USERLANDPROXY \
-	-e DOCKERD_ARGS \
-	-e DELVE_PORT \
-	-e GITHUB_ACTIONS \
-	-e TEST_FORCE_VALIDATE \
 	-e TEST_INTEGRATION_DIR \
-	-e TEST_INTEGRATION_FAIL_FAST \
-	-e TEST_SKIP_INTEGRATION \
-	-e TEST_SKIP_INTEGRATION_CLI \
-	-e TESTCOVERAGE \
-	-e TESTDEBUG \
 	-e TESTDIRS \
 	-e TESTFLAGS \
-	-e TESTFLAGS_INTEGRATION \
-	-e TESTFLAGS_INTEGRATION_CLI \
-	-e TEST_FILTER \
 	-e TIMEOUT \
-	-e VALIDATE_REPO \
-	-e VALIDATE_BRANCH \
-	-e VALIDATE_ORIGIN_BRANCH \
+	-e HTTP_PROXY \
+	-e HTTPS_PROXY \
+	-e NO_PROXY \
+	-e http_proxy \
+	-e https_proxy \
+	-e no_proxy \
 	-e VERSION \
-	-e PLATFORM \
-	-e DEFAULT_PRODUCT_LICENSE \
-	-e PRODUCT \
-	-e PACKAGER_NAME
+	-e PLATFORM
 # note: we _cannot_ add "-e DOCKER_BUILDTAGS" here because even if it's unset in the shell, that would shadow the "ENV DOCKER_BUILDTAGS" set in our Dockerfile, which is very important for our official builds
 
 # to allow `make BIND_DIR=. shell` or `make BIND_DIR= test`
 # (default to no bind mount if DOCKER_HOST is set)
 # note: BINDDIR is supported for backwards-compatibility here
 BIND_DIR := $(if $(BINDDIR),$(BINDDIR),$(if $(DOCKER_HOST),,bundles))
-
-# DOCKER_MOUNT can be overriden, but use at your own risk!
-ifndef DOCKER_MOUNT
 DOCKER_MOUNT := $(if $(BIND_DIR),-v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/docker/docker/$(BIND_DIR)")
-DOCKER_MOUNT := $(if $(DOCKER_BINDDIR_MOUNT_OPTS),$(DOCKER_MOUNT):$(DOCKER_BINDDIR_MOUNT_OPTS),$(DOCKER_MOUNT))
 
 # This allows the test suite to be able to run without worrying about the underlying fs used by the container running the daemon (e.g. aufs-on-aufs), so long as the host running the container is running a supported fs.
 # The volume will be cleaned up when the container is removed due to `--rm`.
 # Note that `BIND_DIR` will already be set to `bundles` if `DOCKER_HOST` is not set (see above BIND_DIR line), in such case this will do nothing since `DOCKER_MOUNT` will already be set.
-DOCKER_MOUNT := $(if $(DOCKER_MOUNT),$(DOCKER_MOUNT),-v /go/src/github.com/docker/docker/bundles) -v "$(CURDIR)/.git:/go/src/github.com/docker/docker/.git"
-
-DOCKER_MOUNT_CACHE := -v docker-dev-cache:/root/.cache -v docker-mod-cache:/go/pkg/mod/
-DOCKER_MOUNT_CLI := $(if $(DOCKER_CLI_PATH),-v $(shell dirname $(DOCKER_CLI_PATH)):/usr/local/cli,)
-DOCKER_MOUNT_BASH_COMPLETION := $(if $(DOCKER_BASH_COMPLETION_PATH),-v $(shell dirname $(DOCKER_BASH_COMPLETION_PATH)):/usr/local/completion/bash,)
-DOCKER_MOUNT := $(DOCKER_MOUNT) $(DOCKER_MOUNT_CACHE) $(DOCKER_MOUNT_CLI) $(DOCKER_MOUNT_BASH_COMPLETION)
-endif # ifndef DOCKER_MOUNT
+DOCKER_MOUNT := $(if $(DOCKER_MOUNT),$(DOCKER_MOUNT),-v /go/src/github.com/docker/docker/bundles) -v $(CURDIR)/.git:/go/src/github.com/docker/docker/.git
 
 # This allows to set the docker-dev container name
 DOCKER_CONTAINER_NAME := $(if $(CONTAINER_NAME),--name $(CONTAINER_NAME),)
 
-DOCKER_IMAGE := docker-dev
-DOCKER_PORT_FORWARD := $(if $(DOCKER_PORT),-p "$(DOCKER_PORT)",)
-DELVE_PORT_FORWARD := $(if $(DELVE_PORT),-p "$(DELVE_PORT)",)
+# enable package cache if DOCKER_INCREMENTAL_BINARY and DOCKER_MOUNT (i.e.DOCKER_HOST) are set
+PKGCACHE_MAP := gopath:/go/pkg goroot-linux_amd64:/usr/local/go/pkg/linux_amd64 goroot-linux_amd64_netgo:/usr/local/go/pkg/linux_amd64_netgo
+PKGCACHE_VOLROOT := dockerdev-go-pkg-cache
+PKGCACHE_VOL := $(if $(PKGCACHE_DIR),$(CURDIR)/$(PKGCACHE_DIR)/,$(PKGCACHE_VOLROOT)-)
+DOCKER_MOUNT_PKGCACHE := $(if $(DOCKER_INCREMENTAL_BINARY),$(shell echo $(PKGCACHE_MAP) | sed -E 's@([^ ]*)@-v "$(PKGCACHE_VOL)\1"@g'),)
+DOCKER_MOUNT_CLI := $(if $(DOCKER_CLI_PATH),-v $(shell dirname $(DOCKER_CLI_PATH)):/usr/local/cli,)
+DOCKER_MOUNT_BASH_COMPLETION := $(if $(DOCKER_BASH_COMPLETION_PATH),-v $(shell dirname $(DOCKER_BASH_COMPLETION_PATH)):/usr/local/completion/bash,)
+DOCKER_MOUNT := $(DOCKER_MOUNT) $(DOCKER_MOUNT_PKGCACHE) $(DOCKER_MOUNT_CLI) $(DOCKER_MOUNT_BASH_COMPLETION)
 
-DOCKER_FLAGS := $(DOCKER) run --rm --privileged $(DOCKER_CONTAINER_NAME) $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD) $(DELVE_PORT_FORWARD)
+GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
+GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g")
+DOCKER_IMAGE := docker-dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
+DOCKER_PORT_FORWARD := $(if $(DOCKER_PORT),-p "$(DOCKER_PORT)",)
+
+DOCKER_FLAGS := docker run --rm -i --privileged $(DOCKER_CONTAINER_NAME) $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD)
+BUILD_APT_MIRROR := $(if $(DOCKER_BUILD_APT_MIRROR),--build-arg APT_MIRROR=$(DOCKER_BUILD_APT_MIRROR))
+export BUILD_APT_MIRROR
 
 SWAGGER_DOCS_PORT ?= 9000
 
+INTEGRATION_CLI_MASTER_IMAGE := $(if $(INTEGRATION_CLI_MASTER_IMAGE), $(INTEGRATION_CLI_MASTER_IMAGE), integration-cli-master)
+INTEGRATION_CLI_WORKER_IMAGE := $(if $(INTEGRATION_CLI_WORKER_IMAGE), $(INTEGRATION_CLI_WORKER_IMAGE), integration-cli-worker)
+
 define \n
 
 
@@ -122,88 +107,68 @@ ifeq ($(INTERACTIVE), 1)
 	DOCKER_FLAGS += -t
 endif
 
-# on GitHub Runners input device is not a TTY but we allocate a pseudo-one,
-# otherwise keep STDIN open even if not attached if not a GitHub Runner.
-ifeq ($(GITHUB_ACTIONS),true)
-	DOCKER_FLAGS += -t
-else
-	DOCKER_FLAGS += -i
-endif
-
 DOCKER_RUN_DOCKER := $(DOCKER_FLAGS) "$(DOCKER_IMAGE)"
 
-DOCKER_BUILD_ARGS += --build-arg=GO_VERSION
-ifdef DOCKER_SYSTEMD
-DOCKER_BUILD_ARGS += --build-arg=SYSTEMD=true
-endif
-
-BUILD_OPTS := ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS} -f "$(DOCKERFILE)"
-BUILD_CMD := $(BUILDX) build
-BAKE_CMD := $(BUILDX) bake
-
 default: binary
 
-all: build ## validate all checks, build linux binaries, run all tests,\ncross build non-linux binaries, and generate archives
+all: build ## validate all checks, build linux binaries, run all tests\ncross build non-linux binaries and generate archives
 	$(DOCKER_RUN_DOCKER) bash -c 'hack/validate/default && hack/make.sh'
 
-binary: bundles ## build statically linked linux binaries
-	$(BAKE_CMD) binary
+binary: build ## build the linux binaries
+	$(DOCKER_RUN_DOCKER) hack/make.sh binary
 
-dynbinary: bundles ## build dynamically linked linux binaries
-	$(BAKE_CMD) dynbinary
+dynbinary: build ## build the linux dynbinaries
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary
 
-cross: bundles ## cross build the binaries
-	$(BAKE_CMD) binary-cross
+build: bundles init-go-pkg-cache
+	$(warning The docker client CLI has moved to github.com/docker/cli. For a dev-test cycle involving the CLI, run:${\n} DOCKER_CLI_PATH=/host/path/to/cli/binary make shell ${\n} then change the cli and compile into a binary at the same location.${\n})
+	docker build ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} -t "$(DOCKER_IMAGE)" -f "$(DOCKERFILE)" .
 
 bundles:
 	mkdir bundles
 
-.PHONY: clean
-clean: clean-cache
+clean: clean-pkg-cache-vol ## clean up cached resources
+
+clean-pkg-cache-vol:
+	@- $(foreach mapping,$(PKGCACHE_MAP), \
+		$(shell docker volume rm $(PKGCACHE_VOLROOT)-$(shell echo $(mapping) | awk -F':/' '{ print $$1 }') > /dev/null 2>&1) \
+	)
+
+cross: build ## cross build the binaries for darwin, freebsd and\nwindows
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross
+
+deb: build  ## build the deb packages
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-deb
 
-.PHONY: clean-cache
-clean-cache: ## remove the docker volumes that are used for caching in the dev-container
-	docker volume rm -f docker-dev-cache docker-mod-cache
 
 help: ## this help
-	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z0-9_-]+:.*?## / {gsub("\\\\n",sprintf("\n%22c",""), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+
+init-go-pkg-cache:
+	$(if $(PKGCACHE_DIR), mkdir -p $(shell echo $(PKGCACHE_MAP) | sed -E 's@([^: ]*):[^ ]*@$(PKGCACHE_DIR)/\1@g'))
 
 install: ## install the linux binaries
 	KEEPBUNDLE=1 hack/make.sh install-binary
 
+rpm: build ## build the rpm packages
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-rpm
+
 run: build ## run the docker daemon in a container
 	$(DOCKER_RUN_DOCKER) sh -c "KEEPBUNDLE=1 hack/make.sh install-binary run"
- 
-.PHONY: build
-ifeq ($(BIND_DIR), .)
-build: shell_target := --target=dev-base
-else
-build: shell_target := --target=dev
-endif
-build: bundles
-	$(BUILD_CMD) $(BUILD_OPTS) $(shell_target) --load -t "$(DOCKER_IMAGE)" .
 
-shell: build  ## start a shell inside the build env
+shell: build ## start a shell inside the build env
 	$(DOCKER_RUN_DOCKER) bash
 
 test: build test-unit ## run the unit, integration and docker-py tests
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-integration test-docker-py
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary cross test-integration test-docker-py
 
 test-docker-py: build ## run the docker-py tests
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-docker-py
 
 test-integration-cli: test-integration ## (DEPRECATED) use test-integration
 
-ifneq ($(and $(TEST_SKIP_INTEGRATION),$(TEST_SKIP_INTEGRATION_CLI)),)
-test-integration:
-	@echo Both integrations suites skipped per environment variables
-else
 test-integration: build ## run the integration tests
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-integration
-endif
-
-test-integration-flaky: build ## run the stress test for all new integration tests
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-integration-flaky
 
 test-unit: build ## run the unit tests
 	$(DOCKER_RUN_DOCKER) hack/test/unit
@@ -211,11 +176,8 @@ test-unit: build ## run the unit tests
 validate: build ## validate DCO, Seccomp profile generation, gofmt,\n./pkg/ isolation, golint, tests, tomls, go vet and vendor
 	$(DOCKER_RUN_DOCKER) hack/validate/all
 
-validate-%: build ## validate specific check
-	$(DOCKER_RUN_DOCKER) hack/validate/$*
-
-win: bundles ## cross build the binary for windows
-	$(BAKE_CMD) --set *.platform=windows/amd64 binary
+win: build ## cross build the binary for windows
+	$(DOCKER_RUN_DOCKER) hack/make.sh win
 
 .PHONY: swagger-gen
 swagger-gen:
@@ -231,4 +193,20 @@ swagger-docs: ## preview the API documentation
 	@docker run --rm -v $(PWD)/api/swagger.yaml:/usr/share/nginx/html/swagger.yaml \
 		-e 'REDOC_OPTIONS=hide-hostname="true" lazy-rendering' \
 		-p $(SWAGGER_DOCS_PORT):80 \
-		bfirsh/redoc:1.14.0
+		bfirsh/redoc:1.6.2
+
+build-integration-cli-on-swarm: build ## build images and binary for running integration-cli on Swarm in parallel
+	@echo "Building hack/integration-cli-on-swarm (if build fails, please refer to hack/integration-cli-on-swarm/README.md)"
+	go build -o ./hack/integration-cli-on-swarm/integration-cli-on-swarm ./hack/integration-cli-on-swarm/host
+	@echo "Building $(INTEGRATION_CLI_MASTER_IMAGE)"
+	docker build -t $(INTEGRATION_CLI_MASTER_IMAGE) hack/integration-cli-on-swarm/agent
+# For worker, we don't use `docker build` so as to enable DOCKER_INCREMENTAL_BINARY and so on
+	@echo "Building $(INTEGRATION_CLI_WORKER_IMAGE) from $(DOCKER_IMAGE)"
+	$(eval tmp := integration-cli-worker-tmp)
+# We mount pkgcache, but not bundle (bundle needs to be baked into the image)
+# For avoiding bakings DOCKER_GRAPHDRIVER and so on to image, we cannot use $(DOCKER_ENVS) here
+	docker run -t -d --name $(tmp) -e DOCKER_GITCOMMIT -e BUILDFLAGS -e DOCKER_INCREMENTAL_BINARY --privileged $(DOCKER_MOUNT_PKGCACHE) $(DOCKER_IMAGE) top
+	docker exec $(tmp) hack/make.sh build-integration-test-binary dynbinary
+	docker exec $(tmp) go build -o /worker github.com/docker/docker/hack/integration-cli-on-swarm/agent/worker
+	docker commit -c 'ENTRYPOINT ["/worker"]' $(tmp) $(INTEGRATION_CLI_WORKER_IMAGE)
+	docker rm -f $(tmp)

NOTICE

@@ -3,7 +3,7 @@ Copyright 2012-2017 Docker, Inc.
 
 This product includes software developed at Docker, Inc. (https://www.docker.com).
 
-This product contains software (https://github.com/creack/pty) developed
+This product contains software (https://github.com/kr/pty) developed
 by Keith Rarick, licensed under the MIT License.
 
 The following is courtesy of our legal counsel:

ROADMAP.md

@@ -35,83 +35,34 @@ issue, in the Slack channel, or in person at the Moby Summits that happen every
 
 ## 1.1 Runtime improvements
 
-Over time we have accumulated a lot of functionality in the container runtime
-aspect of Moby while also growing in other areas. Much of the container runtime
-pieces are now duplicated work available in other, lower level components such
-as [containerd](https://containerd.io).
+We introduced [`runC`](https://runc.io) as a standalone low-level tool for container
+execution in 2015, the first stage in spinning out parts of the Engine into standalone tools.
 
-Moby currently only utilizes containerd for basic runtime state management, e.g. starting
-and stopping a container, which is what the pre-containerd 1.0 daemon provided.
-Now that containerd is a full-fledged container runtime which supports full
-container life-cycle management, we would like to start relying more on containerd
-and removing the bits in Moby which are now duplicated. This will necessitate
-a significant effort to refactor and even remove large parts of Moby's codebase.
+As runC continued evolving, and the OCI specification along with it, we created
+[`containerd`](https://github.com/containerd/containerd), a daemon to control and monitor `runC`.
+In late 2016 this was relaunched as the `containerd` 1.0 track, aiming to provide a common runtime
+for the whole spectrum of container systems, including Kubernetes, with wide community support.
+This change meant that there was an increased scope for `containerd`, including image management
+and storage drivers.
 
-Tracking issues:
+Moby will rely on a long-running `containerd` companion daemon for all container execution
+related operations. This could open the door in the future for Engine restarts without interrupting
+running containers. The switch over to containerd 1.0 is an important goal for the project, and
+will result in a significant simplification of the functions implemented in this repository.
 
-- [#38043](https://github.com/moby/moby/issues/38043) Proposal: containerd image integration
-
-## 1.2 Image Builder
-
-Work is ongoing to integrate [BuildKit](https://github.com/moby/buildkit) into
-Moby and replace the "v0" build implementation. Buildkit offers better cache
-management, parallelizable build steps, and better extensibility while also
-keeping builds portable, a chief tenent of Moby's builder.
-
-Upon completion of this effort, users will have a builder that performs better
-while also being more extensible, enabling users to provide their own custom
-syntax which can be either Dockerfile-like or something completely different.
-
-See [buildpacks on buildkit](https://github.com/tonistiigi/buildkit-pack) as an
-example of this extensibility.
-
-New features for the builder and Dockerfile should be implemented first in the
-BuildKit backend using an external Dockerfile implementation from the container
-images. This allows everyone to test and evaluate the feature without upgrading
-their daemon. New features should go to the experimental channel first, and can be
-part of the `docker/dockerfile:experimental` image. From there they graduate to
-`docker/dockerfile:latest` and binary releases. The Dockerfile frontend source
-code is temporarily located at
-[https://github.com/moby/buildkit/tree/master/frontend/dockerfile](https://github.com/moby/buildkit/tree/master/frontend/dockerfile)
-with separate new features defined with go build tags.
-
-Tracking issues:
-
-- [#32925](https://github.com/moby/moby/issues/32925) discussion: builder future: buildkit
-
-## 1.3 Rootless Mode
-
-Running the daemon requires elevated privileges for many tasks. We would like to
-support running the daemon as a normal, unprivileged user without requiring `suid`
-binaries.
-
-Tracking issues:
-
-- [#37375](https://github.com/moby/moby/issues/37375) Proposal: allow running `dockerd` as an unprivileged user (aka rootless mode)
-
-## 1.4 Testing
-
-Moby has many tests, both unit and integration. Moby needs more tests which can
-cover the full spectrum functionality and edge cases out there.
-
-Tests in the `integration-cli` folder should also be migrated into (both in
-location and style) the `integration` folder. These newer tests are simpler to
-run in isolation, simpler to read, simpler to write, and more fully exercise the
-API. Meanwhile tests of the docker CLI should generally live in docker/cli.
-
-Tracking issues:
-
-- [#32866](https://github.com/moby/moby/issues/32866) Replace integration-cli suite with API test suite
-
-## 1.5 Internal decoupling
+## 1.2 Internal decoupling
 
 A lot of work has been done in trying to decouple Moby internals. This process of creating
 standalone projects with a well defined function that attract a dedicated community should continue.
 As well as integrating `containerd` we would like to integrate [BuildKit](https://github.com/moby/buildkit)
 as the next standalone component.
+
 We see gRPC as the natural communication layer between decoupled components.
 
-In addition to pushing out large components into other projects, much of the
-internal code structure, and in particular the
-["Daemon"](https://godoc.org/github.com/docker/docker/daemon#Daemon) object,
-should be split into smaller, more manageable, and more testable components.
+## 1.3 Custom assembly tooling
+
+We have been prototyping the Moby [assembly tool](https://github.com/moby/tool) which was originally
+developed for LinuxKit and intend to turn it into a more generic packaging and assembly mechanism
+that can build not only the default version of Moby, as distribution packages or other useful forms,
+but can also build very different container systems, themselves built of cooperating daemons built in
+and running in containers. We intend to merge this functionality into this repo.

SECURITY.md

@@ -1,9 +0,0 @@
-# Reporting security issues
-
-The Moby maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
-
-### Reporting a Vulnerability
-
-Please **DO NOT** file a public issue, instead send your report privately to security@docker.com.
-
-Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it. We also like to send gifts—if you're into schwag, make sure to let us know. We currently do not offer a paid security bounty program, but are not ruling it out in the future.

TESTING.md

@@ -8,11 +8,11 @@ questions you may have as an aspiring Moby contributor.
 Moby has two test suites (and one legacy test suite):
 
 * Unit tests - use standard `go test` and
-  [gotest.tools/assert](https://godoc.org/gotest.tools/assert) assertions. They are located in
+  [testify](https://github.com/stretchr/testify) assertions. They are located in
   the package they test. Unit tests should be fast and test only their own 
   package.
 * API integration tests - use standard `go test` and
-  [gotest.tools/assert](https://godoc.org/gotest.tools/assert) assertions. They are located in
+  [testify](https://github.com/stretchr/testify) assertions. They are located in
   `./integration/<component>` directories, where `component` is: container,
   image, volume, etc. These tests perform HTTP requests to an API endpoint and
   check the HTTP response and daemon state after the call.
@@ -28,7 +28,7 @@ Most code changes will fall into one of the following categories.
 ### Writing tests for new features
 
 New code should be covered by unit tests. If the code is difficult to test with
-unit tests, then that is a good sign that it should be refactored to make it
+a unit tests then that is a good sign that it should be refactored to make it
 easier to reuse and maintain. Consider accepting unexported interfaces instead
 of structs so that fakes can be provided for dependencies.
 
@@ -44,38 +44,11 @@ case. Error cases should be handled by unit tests.
 
 Bugs fixes should include a unit test case which exercises the bug.
 
-A bug fix may also include new assertions in existing integration tests for the
+A bug fix may also include new assertions in an existing integration tests for the
 API endpoint.
 
-### Writing new integration tests
-
-Note the `integration-cli` tests are deprecated; new tests will be rejected by
-the CI.
-
-Instead, implement new tests under `integration/`.
-
-### Integration tests environment considerations
-
-When adding new tests or modifying existing tests under `integration/`, testing
-environment should be properly considered. `skip.If` from 
-[gotest.tools/skip](https://godoc.org/gotest.tools/skip) can be used to make the 
-test run conditionally. Full testing environment conditions can be found at 
-[environment.go](https://github.com/moby/moby/blob/6b6eeed03b963a27085ea670f40cd5ff8a61f32e/testutil/environment/environment.go)
-
-Here is a quick example. If the test needs to interact with a docker daemon on 
-the same host, the following condition should be checked within the test code
-
-```go
-skip.If(t, testEnv.IsRemoteDaemon())
-// your integration test code
-```
-
-If a remote daemon is detected, the test will be skipped.
-
 ## Running tests
 
-### Unit Tests
-
 To run the unit test suite:
 
 ```
@@ -91,36 +64,8 @@ The following environment variables may be used to run a subset of tests:
 * `TESTFLAGS` - flags passed to `go test`, to run tests which match a pattern
   use `TESTFLAGS="-test.run TestNameOrPrefix"`
 
-### Integration Tests
-
 To run the integration test suite:
 
 ```
 make test-integration
 ```
-
-This make target runs both the "integration" suite and the "integration-cli"
-suite.
-
-You can specify which integration test dirs to build and run by specifying
-the list of dirs in the TEST_INTEGRATION_DIR environment variable.
-
-You can also explicitly skip either suite by setting (any value) in
-TEST_SKIP_INTEGRATION and/or TEST_SKIP_INTEGRATION_CLI environment variables.
-
-Flags specific to each suite can be set in the TESTFLAGS_INTEGRATION and
-TESTFLAGS_INTEGRATION_CLI environment variables.
-
-If all you want is to specify a test filter to run, you can set the
-`TEST_FILTER` environment variable. This ends up getting passed directly to `go
-test -run` (or `go test -check-f`, depending on the test suite). It will also
-automatically set the other above mentioned environment variables accordingly.
-
-### Go Version
-
-You can change a version of golang used for building stuff that is being tested
-by setting `GO_VERSION` variable, for example:
-
-```
-make GO_VERSION=1.12.8 test
-```

api/common.go

@@ -1,11 +1,11 @@
-package api // import "github.com/docker/docker/api"
+package api
 
 // Common constants for daemon and client.
 const (
 	// DefaultVersion of Current REST API
-	DefaultVersion = "1.42"
+	DefaultVersion string = "1.36"
 
 	// NoBaseImageSpecifier is the symbol used by the FROM
 	// command to specify that no base image is to be used.
-	NoBaseImageSpecifier = "scratch"
+	NoBaseImageSpecifier string = "scratch"
 )

api/common_unix.go

@@ -1,7 +1,6 @@
-//go:build !windows
 // +build !windows
 
-package api // import "github.com/docker/docker/api"
+package api
 
 // MinVersion represents Minimum REST API version supported
-const MinVersion = "1.12"
+const MinVersion string = "1.12"

api/common_windows.go

@@ -1,4 +1,4 @@
-package api // import "github.com/docker/docker/api"
+package api
 
 // MinVersion represents Minimum REST API version supported
 // Technically the first daemon API version released on Windows is v1.25 in

api/server/backend/build/backend.go

@@ -1,21 +1,17 @@
-package build // import "github.com/docker/docker/api/server/backend/build"
+package build
 
 import (
-	"context"
 	"fmt"
-	"strconv"
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
-	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/builder"
-	buildkit "github.com/docker/docker/builder/builder-next"
-	daemonevents "github.com/docker/docker/daemon/events"
+	"github.com/docker/docker/builder/fscache"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/pkg/errors"
-	"google.golang.org/grpc"
+	"golang.org/x/net/context"
 )
 
 // ImageComponent provides an interface for working with images
@@ -32,48 +28,26 @@ type Builder interface {
 // Backend provides build functionality to the API router
 type Backend struct {
 	builder        Builder
+	fsCache        *fscache.FSCache
 	imageComponent ImageComponent
-	buildkit       *buildkit.Builder
-	eventsService  *daemonevents.Events
 }
 
 // NewBackend creates a new build backend from components
-func NewBackend(components ImageComponent, builder Builder, buildkit *buildkit.Builder, es *daemonevents.Events) (*Backend, error) {
-	return &Backend{imageComponent: components, builder: builder, buildkit: buildkit, eventsService: es}, nil
-}
-
-// RegisterGRPC registers buildkit controller to the grpc server.
-func (b *Backend) RegisterGRPC(s *grpc.Server) {
-	if b.buildkit != nil {
-		b.buildkit.RegisterGRPC(s)
-	}
+func NewBackend(components ImageComponent, builder Builder, fsCache *fscache.FSCache) (*Backend, error) {
+	return &Backend{imageComponent: components, builder: builder, fsCache: fsCache}, nil
 }
 
 // Build builds an image from a Source
 func (b *Backend) Build(ctx context.Context, config backend.BuildConfig) (string, error) {
 	options := config.Options
-	useBuildKit := options.Version == types.BuilderBuildKit
-
 	tagger, err := NewTagger(b.imageComponent, config.ProgressWriter.StdoutFormatter, options.Tags)
 	if err != nil {
 		return "", err
 	}
 
-	var build *builder.Result
-	if useBuildKit {
-		build, err = b.buildkit.Build(ctx, config)
-		if err != nil {
-			return "", err
-		}
-	} else {
-		build, err = b.builder.Build(ctx, config)
-		if err != nil {
-			return "", err
-		}
-	}
-
-	if build == nil {
-		return "", nil
+	build, err := b.builder.Build(ctx, config)
+	if err != nil {
+		return "", err
 	}
 
 	var imageID = build.ImageID
@@ -82,39 +56,25 @@ func (b *Backend) Build(ctx context.Context, config backend.BuildConfig) (string
 			return "", err
 		}
 		if config.ProgressWriter.AuxFormatter != nil {
-			if err = config.ProgressWriter.AuxFormatter.Emit("moby.image.id", types.BuildResult{ID: imageID}); err != nil {
+			if err = config.ProgressWriter.AuxFormatter.Emit(types.BuildResult{ID: imageID}); err != nil {
 				return "", err
 			}
 		}
 	}
 
-	if !useBuildKit {
-		stdout := config.ProgressWriter.StdoutFormatter
-		fmt.Fprintf(stdout, "Successfully built %s\n", stringid.TruncateID(imageID))
-	}
-	if imageID != "" && !useBuildKit {
-		err = tagger.TagImages(image.ID(imageID))
-	}
+	stdout := config.ProgressWriter.StdoutFormatter
+	fmt.Fprintf(stdout, "Successfully built %s\n", stringid.TruncateID(imageID))
+	err = tagger.TagImages(image.ID(imageID))
 	return imageID, err
 }
 
 // PruneCache removes all cached build sources
-func (b *Backend) PruneCache(ctx context.Context, opts types.BuildCachePruneOptions) (*types.BuildCachePruneReport, error) {
-	buildCacheSize, cacheIDs, err := b.buildkit.Prune(ctx, opts)
+func (b *Backend) PruneCache(ctx context.Context) (*types.BuildCachePruneReport, error) {
+	size, err := b.fsCache.Prune(ctx)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to prune build cache")
 	}
-	b.eventsService.Log("prune", events.BuilderEventType, events.Actor{
-		Attributes: map[string]string{
-			"reclaimed": strconv.FormatInt(buildCacheSize, 10),
-		},
-	})
-	return &types.BuildCachePruneReport{SpaceReclaimed: uint64(buildCacheSize), CachesDeleted: cacheIDs}, nil
-}
-
-// Cancel cancels the build by ID
-func (b *Backend) Cancel(ctx context.Context, id string) error {
-	return b.buildkit.Cancel(ctx, id)
+	return &types.BuildCachePruneReport{SpaceReclaimed: size}, nil
 }
 
 func squashBuild(build *builder.Result, imageComponent ImageComponent) (string, error) {

api/server/backend/build/tag.go

@@ -1,4 +1,4 @@
-package build // import "github.com/docker/docker/api/server/backend/build"
+package build
 
 import (
 	"fmt"

api/server/errorhandler.go

@@ -1,34 +0,0 @@
-package server
-
-import (
-	"net/http"
-
-	"github.com/docker/docker/api/server/httpstatus"
-	"github.com/docker/docker/api/server/httputils"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/versions"
-	"github.com/gorilla/mux"
-	"google.golang.org/grpc/status"
-)
-
-// makeErrorHandler makes an HTTP handler that decodes a Docker error and
-// returns it in the response.
-func makeErrorHandler(err error) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		statusCode := httpstatus.FromError(err)
-		vars := mux.Vars(r)
-		if apiVersionSupportsJSONErrors(vars["version"]) {
-			response := &types.ErrorResponse{
-				Message: err.Error(),
-			}
-			_ = httputils.WriteJSON(w, statusCode, response)
-		} else {
-			http.Error(w, status.Convert(err).Message(), statusCode)
-		}
-	}
-}
-
-func apiVersionSupportsJSONErrors(version string) bool {
-	const firstAPIVersionWithJSONErrors = "1.23"
-	return version == "" || versions.GreaterThan(version, firstAPIVersionWithJSONErrors)
-}

api/server/httpstatus/status.go

@@ -1,150 +0,0 @@
-package httpstatus // import "github.com/docker/docker/api/server/httpstatus"
-
-import (
-	"fmt"
-	"net/http"
-
-	containerderrors "github.com/containerd/containerd/errdefs"
-	"github.com/docker/distribution/registry/api/errcode"
-	"github.com/docker/docker/errdefs"
-	"github.com/sirupsen/logrus"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-)
-
-type causer interface {
-	Cause() error
-}
-
-// FromError retrieves status code from error message.
-func FromError(err error) int {
-	if err == nil {
-		logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling")
-		return http.StatusInternalServerError
-	}
-
-	var statusCode int
-
-	// Stop right there
-	// Are you sure you should be adding a new error class here? Do one of the existing ones work?
-
-	// Note that the below functions are already checking the error causal chain for matches.
-	switch {
-	case errdefs.IsNotFound(err):
-		statusCode = http.StatusNotFound
-	case errdefs.IsInvalidParameter(err):
-		statusCode = http.StatusBadRequest
-	case errdefs.IsConflict(err):
-		statusCode = http.StatusConflict
-	case errdefs.IsUnauthorized(err):
-		statusCode = http.StatusUnauthorized
-	case errdefs.IsUnavailable(err):
-		statusCode = http.StatusServiceUnavailable
-	case errdefs.IsForbidden(err):
-		statusCode = http.StatusForbidden
-	case errdefs.IsNotModified(err):
-		statusCode = http.StatusNotModified
-	case errdefs.IsNotImplemented(err):
-		statusCode = http.StatusNotImplemented
-	case errdefs.IsSystem(err) || errdefs.IsUnknown(err) || errdefs.IsDataLoss(err) || errdefs.IsDeadline(err) || errdefs.IsCancelled(err):
-		statusCode = http.StatusInternalServerError
-	default:
-		statusCode = statusCodeFromGRPCError(err)
-		if statusCode != http.StatusInternalServerError {
-			return statusCode
-		}
-		statusCode = statusCodeFromContainerdError(err)
-		if statusCode != http.StatusInternalServerError {
-			return statusCode
-		}
-		statusCode = statusCodeFromDistributionError(err)
-		if statusCode != http.StatusInternalServerError {
-			return statusCode
-		}
-		if e, ok := err.(causer); ok {
-			return FromError(e.Cause())
-		}
-
-		logrus.WithFields(logrus.Fields{
-			"module":     "api",
-			"error_type": fmt.Sprintf("%T", err),
-		}).Debugf("FIXME: Got an API for which error does not match any expected type!!!: %+v", err)
-	}
-
-	if statusCode == 0 {
-		statusCode = http.StatusInternalServerError
-	}
-
-	return statusCode
-}
-
-// statusCodeFromGRPCError returns status code according to gRPC error
-func statusCodeFromGRPCError(err error) int {
-	switch status.Code(err) {
-	case codes.InvalidArgument: // code 3
-		return http.StatusBadRequest
-	case codes.NotFound: // code 5
-		return http.StatusNotFound
-	case codes.AlreadyExists: // code 6
-		return http.StatusConflict
-	case codes.PermissionDenied: // code 7
-		return http.StatusForbidden
-	case codes.FailedPrecondition: // code 9
-		return http.StatusBadRequest
-	case codes.Unauthenticated: // code 16
-		return http.StatusUnauthorized
-	case codes.OutOfRange: // code 11
-		return http.StatusBadRequest
-	case codes.Unimplemented: // code 12
-		return http.StatusNotImplemented
-	case codes.Unavailable: // code 14
-		return http.StatusServiceUnavailable
-	default:
-		// codes.Canceled(1)
-		// codes.Unknown(2)
-		// codes.DeadlineExceeded(4)
-		// codes.ResourceExhausted(8)
-		// codes.Aborted(10)
-		// codes.Internal(13)
-		// codes.DataLoss(15)
-		return http.StatusInternalServerError
-	}
-}
-
-// statusCodeFromDistributionError returns status code according to registry errcode
-// code is loosely based on errcode.ServeJSON() in docker/distribution
-func statusCodeFromDistributionError(err error) int {
-	switch errs := err.(type) {
-	case errcode.Errors:
-		if len(errs) < 1 {
-			return http.StatusInternalServerError
-		}
-		if _, ok := errs[0].(errcode.ErrorCoder); ok {
-			return statusCodeFromDistributionError(errs[0])
-		}
-	case errcode.ErrorCoder:
-		return errs.ErrorCode().Descriptor().HTTPStatusCode
-	}
-	return http.StatusInternalServerError
-}
-
-// statusCodeFromContainerdError returns status code for containerd errors when
-// consumed directly (not through gRPC)
-func statusCodeFromContainerdError(err error) int {
-	switch {
-	case containerderrors.IsInvalidArgument(err):
-		return http.StatusBadRequest
-	case containerderrors.IsNotFound(err):
-		return http.StatusNotFound
-	case containerderrors.IsAlreadyExists(err):
-		return http.StatusConflict
-	case containerderrors.IsFailedPrecondition(err):
-		return http.StatusPreconditionFailed
-	case containerderrors.IsUnavailable(err):
-		return http.StatusServiceUnavailable
-	case containerderrors.IsNotImplemented(err):
-		return http.StatusNotImplemented
-	default:
-		return http.StatusInternalServerError
-	}
-}

api/server/httputils/decoder.go

@@ -1,4 +1,4 @@
-package httputils // import "github.com/docker/docker/api/server/httputils"
+package httputils
 
 import (
 	"io"

api/server/httputils/errors.go

@@ -0,0 +1,131 @@
+package httputils
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
+	"github.com/gorilla/mux"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+)
+
+type causer interface {
+	Cause() error
+}
+
+// GetHTTPErrorStatusCode retrieves status code from error message.
+func GetHTTPErrorStatusCode(err error) int {
+	if err == nil {
+		logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling")
+		return http.StatusInternalServerError
+	}
+
+	var statusCode int
+
+	// Stop right there
+	// Are you sure you should be adding a new error class here? Do one of the existing ones work?
+
+	// Note that the below functions are already checking the error causal chain for matches.
+	switch {
+	case errdefs.IsNotFound(err):
+		statusCode = http.StatusNotFound
+	case errdefs.IsInvalidParameter(err):
+		statusCode = http.StatusBadRequest
+	case errdefs.IsConflict(err) || errdefs.IsAlreadyExists(err):
+		statusCode = http.StatusConflict
+	case errdefs.IsUnauthorized(err):
+		statusCode = http.StatusUnauthorized
+	case errdefs.IsUnavailable(err):
+		statusCode = http.StatusServiceUnavailable
+	case errdefs.IsForbidden(err):
+		statusCode = http.StatusForbidden
+	case errdefs.IsNotModified(err):
+		statusCode = http.StatusNotModified
+	case errdefs.IsNotImplemented(err):
+		statusCode = http.StatusNotImplemented
+	case errdefs.IsSystem(err) || errdefs.IsUnknown(err) || errdefs.IsDataLoss(err) || errdefs.IsDeadline(err) || errdefs.IsCancelled(err):
+		statusCode = http.StatusInternalServerError
+	default:
+		statusCode = statusCodeFromGRPCError(err)
+		if statusCode != http.StatusInternalServerError {
+			return statusCode
+		}
+
+		if e, ok := err.(causer); ok {
+			return GetHTTPErrorStatusCode(e.Cause())
+		}
+
+		logrus.WithFields(logrus.Fields{
+			"module":     "api",
+			"error_type": fmt.Sprintf("%T", err),
+		}).Debugf("FIXME: Got an API for which error does not match any expected type!!!: %+v", err)
+	}
+
+	if statusCode == 0 {
+		statusCode = http.StatusInternalServerError
+	}
+
+	return statusCode
+}
+
+func apiVersionSupportsJSONErrors(version string) bool {
+	const firstAPIVersionWithJSONErrors = "1.23"
+	return version == "" || versions.GreaterThan(version, firstAPIVersionWithJSONErrors)
+}
+
+// MakeErrorHandler makes an HTTP handler that decodes a Docker error and
+// returns it in the response.
+func MakeErrorHandler(err error) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		statusCode := GetHTTPErrorStatusCode(err)
+		vars := mux.Vars(r)
+		if apiVersionSupportsJSONErrors(vars["version"]) {
+			response := &types.ErrorResponse{
+				Message: err.Error(),
+			}
+			WriteJSON(w, statusCode, response)
+		} else {
+			http.Error(w, grpc.ErrorDesc(err), statusCode)
+		}
+	}
+}
+
+// statusCodeFromGRPCError returns status code according to gRPC error
+func statusCodeFromGRPCError(err error) int {
+	switch grpc.Code(err) {
+	case codes.InvalidArgument: // code 3
+		return http.StatusBadRequest
+	case codes.NotFound: // code 5
+		return http.StatusNotFound
+	case codes.AlreadyExists: // code 6
+		return http.StatusConflict
+	case codes.PermissionDenied: // code 7
+		return http.StatusForbidden
+	case codes.FailedPrecondition: // code 9
+		return http.StatusBadRequest
+	case codes.Unauthenticated: // code 16
+		return http.StatusUnauthorized
+	case codes.OutOfRange: // code 11
+		return http.StatusBadRequest
+	case codes.Unimplemented: // code 12
+		return http.StatusNotImplemented
+	case codes.Unavailable: // code 14
+		return http.StatusServiceUnavailable
+	default:
+		if e, ok := err.(causer); ok {
+			return statusCodeFromGRPCError(e.Cause())
+		}
+		// codes.Canceled(1)
+		// codes.Unknown(2)
+		// codes.DeadlineExceeded(4)
+		// codes.ResourceExhausted(8)
+		// codes.Aborted(10)
+		// codes.Internal(13)
+		// codes.DataLoss(15)
+		return http.StatusInternalServerError
+	}
+}

api/server/httputils/form.go

@@ -1,4 +1,4 @@
-package httputils // import "github.com/docker/docker/api/server/httputils"
+package httputils
 
 import (
 	"net/http"

api/server/httputils/form_test.go

@@ -1,4 +1,4 @@
-package httputils // import "github.com/docker/docker/api/server/httputils"
+package httputils
 
 import (
 	"net/http"
@@ -23,7 +23,7 @@ func TestBoolValue(t *testing.T) {
 	for c, e := range cases {
 		v := url.Values{}
 		v.Set("test", c)
-		r, _ := http.NewRequest(http.MethodPost, "", nil)
+		r, _ := http.NewRequest("POST", "", nil)
 		r.Form = v
 
 		a := BoolValue(r, "test")
@@ -34,14 +34,14 @@ func TestBoolValue(t *testing.T) {
 }
 
 func TestBoolValueOrDefault(t *testing.T) {
-	r, _ := http.NewRequest(http.MethodGet, "", nil)
+	r, _ := http.NewRequest("GET", "", nil)
 	if !BoolValueOrDefault(r, "queryparam", true) {
 		t.Fatal("Expected to get true default value, got false")
 	}
 
 	v := url.Values{}
 	v.Set("param", "")
-	r, _ = http.NewRequest(http.MethodGet, "", nil)
+	r, _ = http.NewRequest("GET", "", nil)
 	r.Form = v
 	if BoolValueOrDefault(r, "param", true) {
 		t.Fatal("Expected not to get true")
@@ -59,7 +59,7 @@ func TestInt64ValueOrZero(t *testing.T) {
 	for c, e := range cases {
 		v := url.Values{}
 		v.Set("test", c)
-		r, _ := http.NewRequest(http.MethodPost, "", nil)
+		r, _ := http.NewRequest("POST", "", nil)
 		r.Form = v
 
 		a := Int64ValueOrZero(r, "test")
@@ -79,7 +79,7 @@ func TestInt64ValueOrDefault(t *testing.T) {
 	for c, e := range cases {
 		v := url.Values{}
 		v.Set("test", c)
-		r, _ := http.NewRequest(http.MethodPost, "", nil)
+		r, _ := http.NewRequest("POST", "", nil)
 		r.Form = v
 
 		a, err := Int64ValueOrDefault(r, "test", -1)
@@ -95,7 +95,7 @@ func TestInt64ValueOrDefault(t *testing.T) {
 func TestInt64ValueOrDefaultWithError(t *testing.T) {
 	v := url.Values{}
 	v.Set("test", "invalid")
-	r, _ := http.NewRequest(http.MethodPost, "", nil)
+	r, _ := http.NewRequest("POST", "", nil)
 	r.Form = v
 
 	_, err := Int64ValueOrDefault(r, "test", -1)

api/server/httputils/httputils.go

@@ -1,8 +1,6 @@
-package httputils // import "github.com/docker/docker/api/server/httputils"
+package httputils
 
 import (
-	"context"
-	"encoding/json"
 	"io"
 	"mime"
 	"net/http"
@@ -10,10 +8,14 @@ import (
 
 	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/net/context"
 )
 
+type contextKey string
+
 // APIVersionKey is the client's requested API version.
-type APIVersionKey struct{}
+const APIVersionKey contextKey = "api-version"
 
 // APIFunc is an adapter to allow the use of ordinary functions as Docker API endpoints.
 // Any function that has the appropriate signature can be registered as an API endpoint (e.g. getVersion).
@@ -27,7 +29,7 @@ func HijackConnection(w http.ResponseWriter) (io.ReadCloser, io.Writer, error) {
 		return nil, nil, err
 	}
 	// Flush the options to make sure the client sets the raw mode
-	_, _ = conn.Write([]byte{})
+	conn.Write([]byte{})
 	return conn, conn, nil
 }
 
@@ -37,9 +39,9 @@ func CloseStreams(streams ...interface{}) {
 		if tcpc, ok := stream.(interface {
 			CloseWrite() error
 		}); ok {
-			_ = tcpc.CloseWrite()
+			tcpc.CloseWrite()
 		} else if closer, ok := stream.(io.Closer); ok {
-			_ = closer.Close()
+			closer.Close()
 		}
 	}
 }
@@ -49,50 +51,17 @@ func CheckForJSON(r *http.Request) error {
 	ct := r.Header.Get("Content-Type")
 
 	// No Content-Type header is ok as long as there's no Body
-	if ct == "" && (r.Body == nil || r.ContentLength == 0) {
-		return nil
+	if ct == "" {
+		if r.Body == nil || r.ContentLength == 0 {
+			return nil
+		}
 	}
 
 	// Otherwise it better be json
-	return matchesContentType(ct, "application/json")
-}
-
-// ReadJSON validates the request to have the correct content-type, and decodes
-// the request's Body into out.
-func ReadJSON(r *http.Request, out interface{}) error {
-	err := CheckForJSON(r)
-	if err != nil {
-		return err
-	}
-	if r.Body == nil || r.ContentLength == 0 {
-		// an empty body is not invalid, so don't return an error; see
-		// https://lists.w3.org/Archives/Public/ietf-http-wg/2010JulSep/0272.html
+	if matchesContentType(ct, "application/json") {
 		return nil
 	}
-
-	dec := json.NewDecoder(r.Body)
-	err = dec.Decode(out)
-	defer r.Body.Close()
-	if err != nil {
-		if err == io.EOF {
-			return errdefs.InvalidParameter(errors.New("invalid JSON: got EOF while reading request body"))
-		}
-		return errdefs.InvalidParameter(errors.Wrap(err, "invalid JSON"))
-	}
-
-	if dec.More() {
-		return errdefs.InvalidParameter(errors.New("unexpected content after JSON"))
-	}
-	return nil
-}
-
-// WriteJSON writes the value v to the http response stream as json with standard json encoding.
-func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
-	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(code)
-	enc := json.NewEncoder(w)
-	enc.SetEscapeHTML(false)
-	return enc.Encode(v)
+	return errdefs.InvalidParameter(errors.Errorf("Content-Type specified (%s) must be 'application/json'", ct))
 }
 
 // ParseForm ensures the request form is parsed even with invalid content types.
@@ -114,7 +83,7 @@ func VersionFromContext(ctx context.Context) string {
 		return ""
 	}
 
-	if val := ctx.Value(APIVersionKey{}); val != nil {
+	if val := ctx.Value(APIVersionKey); val != nil {
 		return val.(string)
 	}
 
@@ -122,13 +91,10 @@ func VersionFromContext(ctx context.Context) string {
 }
 
 // matchesContentType validates the content type against the expected one
-func matchesContentType(contentType, expectedType string) error {
+func matchesContentType(contentType, expectedType string) bool {
 	mimetype, _, err := mime.ParseMediaType(contentType)
 	if err != nil {
-		return errdefs.InvalidParameter(errors.Wrapf(err, "malformed Content-Type header (%s)", contentType))
+		logrus.Errorf("Error parsing media type: %s error: %v", contentType, err)
 	}
-	if mimetype != expectedType {
-		return errdefs.InvalidParameter(errors.Errorf("unsupported Content-Type header (%s): must be '%s'", contentType, expectedType))
-	}
-	return nil
+	return err == nil && mimetype == expectedType
 }

api/server/httputils/httputils_test.go

@@ -1,130 +1,18 @@
-package httputils // import "github.com/docker/docker/api/server/httputils"
+package httputils
 
-import (
-	"net/http"
-	"strings"
-	"testing"
-)
+import "testing"
 
 // matchesContentType
 func TestJsonContentType(t *testing.T) {
-	err := matchesContentType("application/json", "application/json")
-	if err != nil {
-		t.Error(err)
+	if !matchesContentType("application/json", "application/json") {
+		t.Fail()
 	}
 
-	err = matchesContentType("application/json; charset=utf-8", "application/json")
-	if err != nil {
-		t.Error(err)
+	if !matchesContentType("application/json; charset=utf-8", "application/json") {
+		t.Fail()
 	}
 
-	expected := "unsupported Content-Type header (dockerapplication/json): must be 'application/json'"
-	err = matchesContentType("dockerapplication/json", "application/json")
-	if err == nil || err.Error() != expected {
-		t.Errorf(`expected "%s", got "%v"`, expected, err)
-	}
-
-	expected = "malformed Content-Type header (foo;;;bar): mime: invalid media parameter"
-	err = matchesContentType("foo;;;bar", "application/json")
-	if err == nil || err.Error() != expected {
-		t.Errorf(`expected "%s", got "%v"`, expected, err)
+	if matchesContentType("dockerapplication/json", "application/json") {
+		t.Fail()
 	}
 }
-
-func TestReadJSON(t *testing.T) {
-	t.Run("nil body", func(t *testing.T) {
-		req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", nil)
-		if err != nil {
-			t.Error(err)
-		}
-		foo := struct{}{}
-		err = ReadJSON(req, &foo)
-		if err != nil {
-			t.Error(err)
-		}
-	})
-
-	t.Run("empty body", func(t *testing.T) {
-		req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(""))
-		if err != nil {
-			t.Error(err)
-		}
-		foo := struct{ SomeField string }{}
-		err = ReadJSON(req, &foo)
-		if err != nil {
-			t.Error(err)
-		}
-		if foo.SomeField != "" {
-			t.Errorf("expected: '', got: %s", foo.SomeField)
-		}
-	})
-
-	t.Run("with valid request", func(t *testing.T) {
-		req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(`{"SomeField":"some value"}`))
-		if err != nil {
-			t.Error(err)
-		}
-		req.Header.Set("Content-Type", "application/json")
-		foo := struct{ SomeField string }{}
-		err = ReadJSON(req, &foo)
-		if err != nil {
-			t.Error(err)
-		}
-		if foo.SomeField != "some value" {
-			t.Errorf("expected: 'some value', got: %s", foo.SomeField)
-		}
-	})
-	t.Run("with whitespace", func(t *testing.T) {
-		req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(`
-
-	{"SomeField":"some value"}
-
-`))
-		if err != nil {
-			t.Error(err)
-		}
-		req.Header.Set("Content-Type", "application/json")
-		foo := struct{ SomeField string }{}
-		err = ReadJSON(req, &foo)
-		if err != nil {
-			t.Error(err)
-		}
-		if foo.SomeField != "some value" {
-			t.Errorf("expected: 'some value', got: %s", foo.SomeField)
-		}
-	})
-
-	t.Run("with extra content", func(t *testing.T) {
-		req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(`{"SomeField":"some value"} and more content`))
-		if err != nil {
-			t.Error(err)
-		}
-		req.Header.Set("Content-Type", "application/json")
-		foo := struct{ SomeField string }{}
-		err = ReadJSON(req, &foo)
-		if err == nil {
-			t.Error("expected an error, got none")
-		}
-		expected := "unexpected content after JSON"
-		if err.Error() != expected {
-			t.Errorf("expected: '%s', got: %s", expected, err.Error())
-		}
-	})
-
-	t.Run("invalid JSON", func(t *testing.T) {
-		req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(`{invalid json`))
-		if err != nil {
-			t.Error(err)
-		}
-		req.Header.Set("Content-Type", "application/json")
-		foo := struct{ SomeField string }{}
-		err = ReadJSON(req, &foo)
-		if err == nil {
-			t.Error("expected an error, got none")
-		}
-		expected := "invalid JSON: invalid character 'i' looking for beginning of object key string"
-		if err.Error() != expected {
-			t.Errorf("expected: '%s', got: %s", expected, err.Error())
-		}
-	})
-}

api/server/httputils/httputils_write_json.go

@@ -0,0 +1,15 @@
+package httputils
+
+import (
+	"encoding/json"
+	"net/http"
+)
+
+// WriteJSON writes the value v to the http response stream as json with standard json encoding.
+func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(code)
+	enc := json.NewEncoder(w)
+	enc.SetEscapeHTML(false)
+	return enc.Encode(v)
+}

api/server/httputils/write_log_stream.go

@@ -1,12 +1,13 @@
-package httputils // import "github.com/docker/docker/api/server/httputils"
+package httputils
 
 import (
-	"context"
 	"fmt"
 	"io"
 	"net/url"
 	"sort"
 
+	"golang.org/x/net/context"
+
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/pkg/ioutils"
@@ -51,10 +52,10 @@ func WriteLogStream(_ context.Context, w io.Writer, msgs <-chan *backend.LogMess
 			logLine = append([]byte(msg.Timestamp.Format(jsonmessage.RFC3339NanoFixed)+" "), logLine...)
 		}
 		if msg.Source == "stdout" && config.ShowStdout {
-			_, _ = outStream.Write(logLine)
+			outStream.Write(logLine)
 		}
 		if msg.Source == "stderr" && config.ShowStderr {
-			_, _ = errStream.Write(logLine)
+			errStream.Write(logLine)
 		}
 	}
 }

api/server/middleware.go

@@ -1,4 +1,4 @@
-package server // import "github.com/docker/docker/api/server"
+package server
 
 import (
 	"github.com/docker/docker/api/server/httputils"
@@ -16,7 +16,7 @@ func (s *Server) handlerWithGlobalMiddlewares(handler httputils.APIFunc) httputi
 		next = m.WrapHandler(next)
 	}
 
-	if logrus.GetLevel() == logrus.DebugLevel {
+	if s.cfg.Logging && logrus.GetLevel() == logrus.DebugLevel {
 		next = middleware.DebugRequestMiddleware(next)
 	}
 

api/server/middleware/cors.go

@@ -1,10 +1,10 @@
-package middleware // import "github.com/docker/docker/api/server/middleware"
+package middleware
 
 import (
-	"context"
 	"net/http"
 
 	"github.com/sirupsen/logrus"
+	"golang.org/x/net/context"
 )
 
 // CORSMiddleware injects CORS headers to each request

api/server/middleware/debug.go

@@ -1,8 +1,7 @@
-package middleware // import "github.com/docker/docker/api/server/middleware"
+package middleware
 
 import (
 	"bufio"
-	"context"
 	"encoding/json"
 	"io"
 	"net/http"
@@ -11,6 +10,7 @@ import (
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/net/context"
 )
 
 // DebugRequestMiddleware dumps the request to logger
@@ -18,7 +18,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 		logrus.Debugf("Calling %s %s", r.Method, r.RequestURI)
 
-		if r.Method != http.MethodPost {
+		if r.Method != "POST" {
 			return handler(ctx, w, r, vars)
 		}
 		if err := httputils.CheckForJSON(r); err != nil {
@@ -41,7 +41,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 
 		var postForm map[string]interface{}
 		if err := json.Unmarshal(b, &postForm); err == nil {
-			maskSecretKeys(postForm)
+			maskSecretKeys(postForm, r.RequestURI)
 			formStr, errMarshal := json.Marshal(postForm)
 			if errMarshal == nil {
 				logrus.Debugf("form data: %s", string(formStr))
@@ -54,37 +54,41 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 	}
 }
 
-func maskSecretKeys(inp interface{}) {
+func maskSecretKeys(inp interface{}, path string) {
+	// Remove any query string from the path
+	idx := strings.Index(path, "?")
+	if idx != -1 {
+		path = path[:idx]
+	}
+	// Remove trailing / characters
+	path = strings.TrimRight(path, "/")
+
 	if arr, ok := inp.([]interface{}); ok {
 		for _, f := range arr {
-			maskSecretKeys(f)
+			maskSecretKeys(f, path)
 		}
 		return
 	}
 
 	if form, ok := inp.(map[string]interface{}); ok {
-		scrub := []string{
-			// Note: The Data field contains the base64-encoded secret in 'secret'
-			// and 'config' create and update requests. Currently, no other POST
-			// API endpoints use a data field, so we scrub this field unconditionally.
-			// Change this handling to be conditional if a new endpoint is added
-			// in future where this field should not be scrubbed.
-			"data",
-			"jointoken",
-			"password",
-			"secret",
-			"signingcakey",
-			"unlockkey",
-		}
 	loop0:
 		for k, v := range form {
-			for _, m := range scrub {
+			for _, m := range []string{"password", "secret", "jointoken", "unlockkey", "signingcakey"} {
 				if strings.EqualFold(m, k) {
 					form[k] = "*****"
 					continue loop0
 				}
 			}
-			maskSecretKeys(v)
+			maskSecretKeys(v, path)
+		}
+
+		// Route-specific redactions
+		if strings.HasSuffix(path, "/secrets/create") {
+			for k := range form {
+				if k == "Data" {
+					form[k] = "*****"
+				}
+			}
 		}
 	}
 }

api/server/middleware/debug_test.go

@@ -1,33 +1,38 @@
-package middleware // import "github.com/docker/docker/api/server/middleware"
+package middleware
 
 import (
 	"testing"
 
-	"gotest.tools/v3/assert"
-	is "gotest.tools/v3/assert/cmp"
+	"github.com/stretchr/testify/assert"
 )
 
 func TestMaskSecretKeys(t *testing.T) {
 	tests := []struct {
-		doc      string
+		path     string
 		input    map[string]interface{}
 		expected map[string]interface{}
 	}{
 		{
-			doc:      "secret/config create and update requests",
+			path:     "/v1.30/secrets/create",
 			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
 			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
 		},
 		{
-			doc: "masking other fields (recursively)",
+			path:     "/v1.30/secrets/create//",
+			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+		},
+
+		{
+			path:     "/secrets/create?key=val",
+			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+		},
+		{
+			path: "/v1.30/some/other/path",
 			input: map[string]interface{}{
-				"password":     "pass",
-				"secret":       "secret",
-				"jointoken":    "jointoken",
-				"unlockkey":    "unlockkey",
-				"signingcakey": "signingcakey",
+				"password": "pass",
 				"other": map[string]interface{}{
-					"password":     "pass",
 					"secret":       "secret",
 					"jointoken":    "jointoken",
 					"unlockkey":    "unlockkey",
@@ -35,13 +40,8 @@ func TestMaskSecretKeys(t *testing.T) {
 				},
 			},
 			expected: map[string]interface{}{
-				"password":     "*****",
-				"secret":       "*****",
-				"jointoken":    "*****",
-				"unlockkey":    "*****",
-				"signingcakey": "*****",
+				"password": "*****",
 				"other": map[string]interface{}{
-					"password":     "*****",
 					"secret":       "*****",
 					"jointoken":    "*****",
 					"unlockkey":    "*****",
@@ -49,27 +49,10 @@ func TestMaskSecretKeys(t *testing.T) {
 				},
 			},
 		},
-		{
-			doc: "case insensitive field matching",
-			input: map[string]interface{}{
-				"PASSWORD": "pass",
-				"other": map[string]interface{}{
-					"PASSWORD": "pass",
-				},
-			},
-			expected: map[string]interface{}{
-				"PASSWORD": "*****",
-				"other": map[string]interface{}{
-					"PASSWORD": "*****",
-				},
-			},
-		},
 	}
 
 	for _, testcase := range tests {
-		t.Run(testcase.doc, func(t *testing.T) {
-			maskSecretKeys(testcase.input)
-			assert.Check(t, is.DeepEqual(testcase.expected, testcase.input))
-		})
+		maskSecretKeys(testcase.input, testcase.path)
+		assert.Equal(t, testcase.expected, testcase.input)
 	}
 }

api/server/middleware/experimental.go

@@ -1,8 +1,9 @@
-package middleware // import "github.com/docker/docker/api/server/middleware"
+package middleware
 
 import (
-	"context"
 	"net/http"
+
+	"golang.org/x/net/context"
 )
 
 // ExperimentalMiddleware is a the middleware in charge of adding the

api/server/middleware/middleware.go

@@ -1,8 +1,9 @@
-package middleware // import "github.com/docker/docker/api/server/middleware"
+package middleware
 
 import (
-	"context"
 	"net/http"
+
+	"golang.org/x/net/context"
 )
 
 // Middleware is an interface to allow the use of ordinary functions as Docker API filters.

api/server/middleware/version.go

@@ -1,13 +1,13 @@
-package middleware // import "github.com/docker/docker/api/server/middleware"
+package middleware
 
 import (
-	"context"
 	"fmt"
 	"net/http"
 	"runtime"
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types/versions"
+	"golang.org/x/net/context"
 )
 
 // VersionMiddleware is a middleware that
@@ -58,7 +58,8 @@ func (v VersionMiddleware) WrapHandler(handler func(ctx context.Context, w http.
 		if versions.GreaterThan(apiVersion, v.defaultVersion) {
 			return versionUnsupportedError{version: apiVersion, maxVersion: v.defaultVersion}
 		}
-		ctx = context.WithValue(ctx, httputils.APIVersionKey{}, apiVersion)
+		ctx = context.WithValue(ctx, httputils.APIVersionKey, apiVersion)
 		return handler(ctx, w, r, vars)
 	}
+
 }

api/server/middleware/version_test.go

@@ -1,15 +1,14 @@
-package middleware // import "github.com/docker/docker/api/server/middleware"
+package middleware
 
 import (
-	"context"
 	"net/http"
 	"net/http/httptest"
 	"runtime"
 	"testing"
 
 	"github.com/docker/docker/api/server/httputils"
-	"gotest.tools/v3/assert"
-	is "gotest.tools/v3/assert/cmp"
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/net/context"
 )
 
 func TestVersionMiddlewareVersion(t *testing.T) {
@@ -18,14 +17,14 @@ func TestVersionMiddlewareVersion(t *testing.T) {
 	expectedVersion := defaultVersion
 	handler := func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 		v := httputils.VersionFromContext(ctx)
-		assert.Check(t, is.Equal(expectedVersion, v))
+		assert.Equal(t, expectedVersion, v)
 		return nil
 	}
 
 	m := NewVersionMiddleware(defaultVersion, defaultVersion, minVersion)
 	h := m.WrapHandler(handler)
 
-	req, _ := http.NewRequest(http.MethodGet, "/containers/json", nil)
+	req, _ := http.NewRequest("GET", "/containers/json", nil)
 	resp := httptest.NewRecorder()
 	ctx := context.Background()
 
@@ -57,9 +56,9 @@ func TestVersionMiddlewareVersion(t *testing.T) {
 		err := h(ctx, resp, req, map[string]string{"version": test.reqVersion})
 
 		if test.errString != "" {
-			assert.Check(t, is.Error(err, test.errString))
+			assert.EqualError(t, err, test.errString)
 		} else {
-			assert.Check(t, err)
+			assert.NoError(t, err)
 		}
 	}
 }
@@ -67,7 +66,7 @@ func TestVersionMiddlewareVersion(t *testing.T) {
 func TestVersionMiddlewareWithErrorsReturnsHeaders(t *testing.T) {
 	handler := func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 		v := httputils.VersionFromContext(ctx)
-		assert.Check(t, len(v) != 0)
+		assert.NotEmpty(t, v)
 		return nil
 	}
 
@@ -76,17 +75,17 @@ func TestVersionMiddlewareWithErrorsReturnsHeaders(t *testing.T) {
 	m := NewVersionMiddleware(defaultVersion, defaultVersion, minVersion)
 	h := m.WrapHandler(handler)
 
-	req, _ := http.NewRequest(http.MethodGet, "/containers/json", nil)
+	req, _ := http.NewRequest("GET", "/containers/json", nil)
 	resp := httptest.NewRecorder()
 	ctx := context.Background()
 
 	vars := map[string]string{"version": "0.1"}
 	err := h(ctx, resp, req, vars)
-	assert.Check(t, is.ErrorContains(err, ""))
+	assert.Error(t, err)
 
 	hdr := resp.Result().Header
-	assert.Check(t, is.Contains(hdr.Get("Server"), "Docker/"+defaultVersion))
-	assert.Check(t, is.Contains(hdr.Get("Server"), runtime.GOOS))
-	assert.Check(t, is.Equal(hdr.Get("API-Version"), defaultVersion))
-	assert.Check(t, is.Equal(hdr.Get("OSType"), runtime.GOOS))
+	assert.Contains(t, hdr.Get("Server"), "Docker/"+defaultVersion)
+	assert.Contains(t, hdr.Get("Server"), runtime.GOOS)
+	assert.Equal(t, hdr.Get("API-Version"), defaultVersion)
+	assert.Equal(t, hdr.Get("OSType"), runtime.GOOS)
 }

api/server/router/build/backend.go

@@ -1,10 +1,9 @@
-package build // import "github.com/docker/docker/api/server/router/build"
+package build
 
 import (
-	"context"
-
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
+	"golang.org/x/net/context"
 )
 
 // Backend abstracts an image builder whose only purpose is to build an image referenced by an imageID.
@@ -14,9 +13,7 @@ type Backend interface {
 	Build(context.Context, backend.BuildConfig) (string, error)
 
 	// Prune build cache
-	PruneCache(context.Context, types.BuildCachePruneOptions) (*types.BuildCachePruneReport, error)
-
-	Cancel(context.Context, string) error
+	PruneCache(context.Context) (*types.BuildCachePruneReport, error)
 }
 
 type experimentalProvider interface {

api/server/router/build/build.go

@@ -1,27 +1,17 @@
-package build // import "github.com/docker/docker/api/server/router/build"
+package build
 
-import (
-	"runtime"
-
-	"github.com/docker/docker/api/server/router"
-	"github.com/docker/docker/api/types"
-)
+import "github.com/docker/docker/api/server/router"
 
 // buildRouter is a router to talk with the build controller
 type buildRouter struct {
-	backend  Backend
-	daemon   experimentalProvider
-	routes   []router.Route
-	features *map[string]bool
+	backend Backend
+	daemon  experimentalProvider
+	routes  []router.Route
 }
 
 // NewRouter initializes a new build router
-func NewRouter(b Backend, d experimentalProvider, features *map[string]bool) router.Router {
-	r := &buildRouter{
-		backend:  b,
-		daemon:   d,
-		features: features,
-	}
+func NewRouter(b Backend, d experimentalProvider) router.Router {
+	r := &buildRouter{backend: b, daemon: d}
 	r.initRoutes()
 	return r
 }
@@ -33,30 +23,7 @@ func (r *buildRouter) Routes() []router.Route {
 
 func (r *buildRouter) initRoutes() {
 	r.routes = []router.Route{
-		router.NewPostRoute("/build", r.postBuild),
-		router.NewPostRoute("/build/prune", r.postPrune),
-		router.NewPostRoute("/build/cancel", r.postCancel),
+		router.NewPostRoute("/build", r.postBuild, router.WithCancel),
+		router.NewPostRoute("/build/prune", r.postPrune, router.WithCancel),
 	}
 }
-
-// BuilderVersion derives the default docker builder version from the config.
-//
-// The default on Linux is version "2" (BuildKit), but the daemon can be
-// configured to recommend version "1" (classic Builder). Windows does not
-// yet support BuildKit for native Windows images, and uses "1" (classic builder)
-// as a default.
-//
-// This value is only a recommendation as advertised by the daemon, and it is
-// up to the client to choose which builder to use.
-func BuilderVersion(features map[string]bool) types.BuilderVersion {
-	// TODO(thaJeztah) move the default to daemon/config
-	if runtime.GOOS == "windows" {
-		return types.BuilderV1
-	}
-
-	bv := types.BuilderBuildKit
-	if v, ok := features["buildkit"]; ok && !v {
-		bv = types.BuilderV1
-	}
-	return bv
-}

api/server/router/build/build_routes.go

@@ -1,14 +1,13 @@
-package build // import "github.com/docker/docker/api/server/router/build"
+package build
 
 import (
-	"bufio"
 	"bytes"
-	"context"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
+	"os"
 	"runtime"
 	"strconv"
 	"strings"
@@ -18,15 +17,16 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/pkg/system"
 	units "github.com/docker/go-units"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/net/context"
 )
 
 type invalidIsolationError string
@@ -38,36 +38,8 @@ func (e invalidIsolationError) Error() string {
 func (e invalidIsolationError) InvalidParameter() {}
 
 func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBuildOptions, error) {
-	options := &types.ImageBuildOptions{
-		Version:        types.BuilderV1, // Builder V1 is the default, but can be overridden
-		Dockerfile:     r.FormValue("dockerfile"),
-		SuppressOutput: httputils.BoolValue(r, "q"),
-		NoCache:        httputils.BoolValue(r, "nocache"),
-		ForceRemove:    httputils.BoolValue(r, "forcerm"),
-		MemorySwap:     httputils.Int64ValueOrZero(r, "memswap"),
-		Memory:         httputils.Int64ValueOrZero(r, "memory"),
-		CPUShares:      httputils.Int64ValueOrZero(r, "cpushares"),
-		CPUPeriod:      httputils.Int64ValueOrZero(r, "cpuperiod"),
-		CPUQuota:       httputils.Int64ValueOrZero(r, "cpuquota"),
-		CPUSetCPUs:     r.FormValue("cpusetcpus"),
-		CPUSetMems:     r.FormValue("cpusetmems"),
-		CgroupParent:   r.FormValue("cgroupparent"),
-		NetworkMode:    r.FormValue("networkmode"),
-		Tags:           r.Form["t"],
-		ExtraHosts:     r.Form["extrahosts"],
-		SecurityOpt:    r.Form["securityopt"],
-		Squash:         httputils.BoolValue(r, "squash"),
-		Target:         r.FormValue("target"),
-		RemoteContext:  r.FormValue("remote"),
-		SessionID:      r.FormValue("session"),
-		BuildID:        r.FormValue("buildid"),
-	}
-
-	if runtime.GOOS != "windows" && options.SecurityOpt != nil {
-		return nil, errdefs.InvalidParameter(errors.New("The daemon on this platform does not support setting security options on build"))
-	}
-
 	version := httputils.VersionFromContext(ctx)
+	options := &types.ImageBuildOptions{}
 	if httputils.BoolValue(r, "forcerm") && versions.GreaterThanOrEqualTo(version, "1.12") {
 		options.Remove = true
 	} else if r.FormValue("rm") == "" && versions.GreaterThanOrEqualTo(version, "1.12") {
@@ -78,37 +50,67 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	if httputils.BoolValue(r, "pull") && versions.GreaterThanOrEqualTo(version, "1.16") {
 		options.PullParent = true
 	}
+
+	options.Dockerfile = r.FormValue("dockerfile")
+	options.SuppressOutput = httputils.BoolValue(r, "q")
+	options.NoCache = httputils.BoolValue(r, "nocache")
+	options.ForceRemove = httputils.BoolValue(r, "forcerm")
+	options.MemorySwap = httputils.Int64ValueOrZero(r, "memswap")
+	options.Memory = httputils.Int64ValueOrZero(r, "memory")
+	options.CPUShares = httputils.Int64ValueOrZero(r, "cpushares")
+	options.CPUPeriod = httputils.Int64ValueOrZero(r, "cpuperiod")
+	options.CPUQuota = httputils.Int64ValueOrZero(r, "cpuquota")
+	options.CPUSetCPUs = r.FormValue("cpusetcpus")
+	options.CPUSetMems = r.FormValue("cpusetmems")
+	options.CgroupParent = r.FormValue("cgroupparent")
+	options.NetworkMode = r.FormValue("networkmode")
+	options.Tags = r.Form["t"]
+	options.ExtraHosts = r.Form["extrahosts"]
+	options.SecurityOpt = r.Form["securityopt"]
+	options.Squash = httputils.BoolValue(r, "squash")
+	options.Target = r.FormValue("target")
+	options.RemoteContext = r.FormValue("remote")
 	if versions.GreaterThanOrEqualTo(version, "1.32") {
-		options.Platform = r.FormValue("platform")
-	}
-	if versions.GreaterThanOrEqualTo(version, "1.40") {
-		outputsJSON := r.FormValue("outputs")
-		if outputsJSON != "" {
-			var outputs []types.ImageBuildOutput
-			if err := json.Unmarshal([]byte(outputsJSON), &outputs); err != nil {
-				return nil, err
-			}
-			options.Outputs = outputs
+		// TODO @jhowardmsft. The following environment variable is an interim
+		// measure to allow the daemon to have a default platform if omitted by
+		// the client. This allows LCOW and WCOW to work with a down-level CLI
+		// for a short period of time, as the CLI changes can't be merged
+		// until after the daemon changes have been merged. Once the CLI is
+		// updated, this can be removed. PR for CLI is currently in
+		// https://github.com/docker/cli/pull/474.
+		apiPlatform := r.FormValue("platform")
+		if system.LCOWSupported() && apiPlatform == "" {
+			apiPlatform = os.Getenv("LCOW_API_PLATFORM_IF_OMITTED")
 		}
+		p := system.ParsePlatform(apiPlatform)
+		if err := system.ValidatePlatform(p); err != nil {
+			return nil, errdefs.InvalidParameter(errors.Errorf("invalid platform: %s", err))
+		}
+		options.Platform = p.OS
 	}
 
-	if s := r.Form.Get("shmsize"); s != "" {
-		shmSize, err := strconv.ParseInt(s, 10, 64)
+	if r.Form.Get("shmsize") != "" {
+		shmSize, err := strconv.ParseInt(r.Form.Get("shmsize"), 10, 64)
 		if err != nil {
 			return nil, err
 		}
 		options.ShmSize = shmSize
 	}
 
-	if i := r.FormValue("isolation"); i != "" {
-		options.Isolation = container.Isolation(i)
-		if !options.Isolation.IsValid() {
-			return nil, invalidIsolationError(options.Isolation)
+	if i := container.Isolation(r.FormValue("isolation")); i != "" {
+		if !container.Isolation.IsValid(i) {
+			return nil, invalidIsolationError(i)
 		}
+		options.Isolation = i
 	}
 
-	if ulimitsJSON := r.FormValue("ulimits"); ulimitsJSON != "" {
-		var buildUlimits = []*units.Ulimit{}
+	if runtime.GOOS != "windows" && options.SecurityOpt != nil {
+		return nil, errdefs.InvalidParameter(errors.New("The daemon on this platform does not support setting security options on build"))
+	}
+
+	var buildUlimits = []*units.Ulimit{}
+	ulimitsJSON := r.FormValue("ulimits")
+	if ulimitsJSON != "" {
 		if err := json.Unmarshal([]byte(ulimitsJSON), &buildUlimits); err != nil {
 			return nil, errors.Wrap(errdefs.InvalidParameter(err), "error reading ulimit settings")
 		}
@@ -127,7 +129,8 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	// the fact they mentioned it, we need to pass that along to the builder
 	// so that it can print a warning about "foo" being unused if there is
 	// no "ARG foo" in the Dockerfile.
-	if buildArgsJSON := r.FormValue("buildargs"); buildArgsJSON != "" {
+	buildArgsJSON := r.FormValue("buildargs")
+	if buildArgsJSON != "" {
 		var buildArgs = map[string]*string{}
 		if err := json.Unmarshal([]byte(buildArgsJSON), &buildArgs); err != nil {
 			return nil, errors.Wrap(errdefs.InvalidParameter(err), "error reading build args")
@@ -135,7 +138,8 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 		options.BuildArgs = buildArgs
 	}
 
-	if labelsJSON := r.FormValue("labels"); labelsJSON != "" {
+	labelsJSON := r.FormValue("labels")
+	if labelsJSON != "" {
 		var labels = map[string]string{}
 		if err := json.Unmarshal([]byte(labelsJSON), &labels); err != nil {
 			return nil, errors.Wrap(errdefs.InvalidParameter(err), "error reading labels")
@@ -143,77 +147,27 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 		options.Labels = labels
 	}
 
-	if cacheFromJSON := r.FormValue("cachefrom"); cacheFromJSON != "" {
+	cacheFromJSON := r.FormValue("cachefrom")
+	if cacheFromJSON != "" {
 		var cacheFrom = []string{}
 		if err := json.Unmarshal([]byte(cacheFromJSON), &cacheFrom); err != nil {
 			return nil, err
 		}
 		options.CacheFrom = cacheFrom
 	}
-
-	if bv := r.FormValue("version"); bv != "" {
-		v, err := parseVersion(bv)
-		if err != nil {
-			return nil, err
-		}
-		options.Version = v
-	}
+	options.SessionID = r.FormValue("session")
 
 	return options, nil
 }
 
-func parseVersion(s string) (types.BuilderVersion, error) {
-	switch types.BuilderVersion(s) {
-	case types.BuilderV1:
-		return types.BuilderV1, nil
-	case types.BuilderBuildKit:
-		return types.BuilderBuildKit, nil
-	default:
-		return "", errors.Errorf("invalid version %q", s)
-	}
-}
-
 func (br *buildRouter) postPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	if err := httputils.ParseForm(r); err != nil {
-		return err
-	}
-	fltrs, err := filters.FromJSON(r.Form.Get("filters"))
-	if err != nil {
-		return errors.Wrap(err, "could not parse filters")
-	}
-	ksfv := r.FormValue("keep-storage")
-	if ksfv == "" {
-		ksfv = "0"
-	}
-	ks, err := strconv.Atoi(ksfv)
-	if err != nil {
-		return errors.Wrapf(err, "keep-storage is in bytes and expects an integer, got %v", ksfv)
-	}
-
-	opts := types.BuildCachePruneOptions{
-		All:         httputils.BoolValue(r, "all"),
-		Filters:     fltrs,
-		KeepStorage: int64(ks),
-	}
-
-	report, err := br.backend.PruneCache(ctx, opts)
+	report, err := br.backend.PruneCache(ctx)
 	if err != nil {
 		return err
 	}
 	return httputils.WriteJSON(w, http.StatusOK, report)
 }
 
-func (br *buildRouter) postCancel(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	w.Header().Set("Content-Type", "application/json")
-
-	id := r.FormValue("id")
-	if id == "" {
-		return errors.Errorf("build ID not provided")
-	}
-
-	return br.backend.Cancel(ctx, id)
-}
-
 func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var (
 		notVerboseBuffer = bytes.NewBuffer(nil)
@@ -222,32 +176,18 @@ func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *
 
 	w.Header().Set("Content-Type", "application/json")
 
-	body := r.Body
-	var ww io.Writer = w
-	if body != nil {
-		// there is a possibility that output is written before request body
-		// has been fully read so we need to protect against it.
-		// this can be removed when
-		// https://github.com/golang/go/issues/15527
-		// https://github.com/golang/go/issues/22209
-		// has been fixed
-		body, ww = wrapOutputBufferedUntilRequestRead(body, ww)
-	}
-
-	output := ioutils.NewWriteFlusher(ww)
-	defer func() { _ = output.Close() }()
-
+	output := ioutils.NewWriteFlusher(w)
+	defer output.Close()
 	errf := func(err error) error {
 		if httputils.BoolValue(r, "q") && notVerboseBuffer.Len() > 0 {
-			_, _ = output.Write(notVerboseBuffer.Bytes())
+			output.Write(notVerboseBuffer.Bytes())
 		}
-
 		// Do not write the error in the http output if it's still empty.
 		// This prevents from writing a 200(OK) when there is an internal error.
 		if !output.Flushed() {
 			return err
 		}
-		_, err = output.Write(streamformatter.FormatError(err))
+		_, err = w.Write(streamformatter.FormatError(err))
 		if err != nil {
 			logrus.Warnf("could not write error response: %v", err)
 		}
@@ -279,7 +219,7 @@ func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *
 	wantAux := versions.GreaterThanOrEqualTo(version, "1.30")
 
 	imgID, err := br.backend.Build(ctx, backend.BuildConfig{
-		Source:         body,
+		Source:         r.Body,
 		Options:        buildOptions,
 		ProgressWriter: buildProgressWriter(out, wantAux, createProgressReader),
 	})
@@ -290,7 +230,7 @@ func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *
 	// Everything worked so if -q was provided the output from the daemon
 	// should be just the image ID and we'll print that to stdout.
 	if buildOptions.SuppressOutput {
-		_, _ = fmt.Fprintln(streamformatter.NewStdoutWriter(output), imgID)
+		fmt.Fprintln(streamformatter.NewStdoutWriter(output), imgID)
 	}
 	return nil
 }
@@ -306,7 +246,7 @@ func getAuthConfigs(header http.Header) map[string]types.AuthConfig {
 	authConfigsJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authConfigsEncoded))
 	// Pulling an image does not error when no auth is provided so to remain
 	// consistent with the existing api decode errors are ignored
-	_ = json.NewDecoder(authConfigsJSON).Decode(&authConfigs)
+	json.NewDecoder(authConfigsJSON).Decode(&authConfigs)
 	return authConfigs
 }
 
@@ -338,102 +278,3 @@ func buildProgressWriter(out io.Writer, wantAux bool, createProgressReader func(
 		ProgressReaderFunc: createProgressReader,
 	}
 }
-
-type flusher interface {
-	Flush()
-}
-
-func wrapOutputBufferedUntilRequestRead(rc io.ReadCloser, out io.Writer) (io.ReadCloser, io.Writer) {
-	var fl flusher = &ioutils.NopFlusher{}
-	if f, ok := out.(flusher); ok {
-		fl = f
-	}
-
-	w := &wcf{
-		buf:     bytes.NewBuffer(nil),
-		Writer:  out,
-		flusher: fl,
-	}
-	r := bufio.NewReader(rc)
-	_, err := r.Peek(1)
-	if err != nil {
-		return rc, out
-	}
-	rc = &rcNotifier{
-		Reader: r,
-		Closer: rc,
-		notify: w.notify,
-	}
-	return rc, w
-}
-
-type rcNotifier struct {
-	io.Reader
-	io.Closer
-	notify func()
-}
-
-func (r *rcNotifier) Read(b []byte) (int, error) {
-	n, err := r.Reader.Read(b)
-	if err != nil {
-		r.notify()
-	}
-	return n, err
-}
-
-func (r *rcNotifier) Close() error {
-	r.notify()
-	return r.Closer.Close()
-}
-
-type wcf struct {
-	io.Writer
-	flusher
-	mu      sync.Mutex
-	ready   bool
-	buf     *bytes.Buffer
-	flushed bool
-}
-
-func (w *wcf) Flush() {
-	w.mu.Lock()
-	w.flushed = true
-	if !w.ready {
-		w.mu.Unlock()
-		return
-	}
-	w.mu.Unlock()
-	w.flusher.Flush()
-}
-
-func (w *wcf) Flushed() bool {
-	w.mu.Lock()
-	b := w.flushed
-	w.mu.Unlock()
-	return b
-}
-
-func (w *wcf) Write(b []byte) (int, error) {
-	w.mu.Lock()
-	if !w.ready {
-		n, err := w.buf.Write(b)
-		w.mu.Unlock()
-		return n, err
-	}
-	w.mu.Unlock()
-	return w.Writer.Write(b)
-}
-
-func (w *wcf) notify() {
-	w.mu.Lock()
-	if !w.ready {
-		if w.buf.Len() > 0 {
-			_, _ = io.Copy(w.Writer, w.buf)
-		}
-		if w.flushed {
-			w.flusher.Flush()
-		}
-		w.ready = true
-	}
-	w.mu.Unlock()
-}

api/server/router/checkpoint/backend.go

@@ -1,4 +1,4 @@
-package checkpoint // import "github.com/docker/docker/api/server/router/checkpoint"
+package checkpoint
 
 import "github.com/docker/docker/api/types"
 

api/server/router/checkpoint/checkpoint.go

@@ -1,4 +1,4 @@
-package checkpoint // import "github.com/docker/docker/api/server/router/checkpoint"
+package checkpoint
 
 import (
 	"github.com/docker/docker/api/server/httputils"

api/server/router/checkpoint/checkpoint_routes.go

@@ -1,11 +1,12 @@
-package checkpoint // import "github.com/docker/docker/api/server/router/checkpoint"
+package checkpoint
 
 import (
-	"context"
+	"encoding/json"
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
 )
 
 func (s *checkpointRouter) postContainerCheckpoint(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -14,7 +15,9 @@ func (s *checkpointRouter) postContainerCheckpoint(ctx context.Context, w http.R
 	}
 
 	var options types.CheckpointCreateOptions
-	if err := httputils.ReadJSON(r, &options); err != nil {
+
+	decoder := json.NewDecoder(r.Body)
+	if err := decoder.Decode(&options); err != nil {
 		return err
 	}
 

api/server/router/container/backend.go

@@ -1,9 +1,10 @@
-package container // import "github.com/docker/docker/api/server/router/container"
+package container
 
 import (
-	"context"
 	"io"
 
+	"golang.org/x/net/context"
+
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
@@ -17,7 +18,7 @@ type execBackend interface {
 	ContainerExecCreate(name string, config *types.ExecConfig) (string, error)
 	ContainerExecInspect(id string) (*backend.ExecInspect, error)
 	ContainerExecResize(name string, height, width int) error
-	ContainerExecStart(ctx context.Context, name string, options container.ExecStartOptions) error
+	ContainerExecStart(ctx context.Context, name string, stdin io.Reader, stdout io.Writer, stderr io.Writer) error
 	ExecExists(name string) (bool, error)
 }
 
@@ -32,15 +33,15 @@ type copyBackend interface {
 
 // stateBackend includes functions to implement to provide container state lifecycle functionality.
 type stateBackend interface {
-	ContainerCreate(config types.ContainerCreateConfig) (container.CreateResponse, error)
-	ContainerKill(name string, signal string) error
+	ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
+	ContainerKill(name string, sig uint64) error
 	ContainerPause(name string) error
 	ContainerRename(oldName, newName string) error
 	ContainerResize(name string, height, width int) error
-	ContainerRestart(ctx context.Context, name string, options container.StopOptions) error
+	ContainerRestart(name string, seconds *int) error
 	ContainerRm(name string, config *types.ContainerRmConfig) error
 	ContainerStart(name string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error
-	ContainerStop(ctx context.Context, name string, options container.StopOptions) error
+	ContainerStop(name string, seconds *int) error
 	ContainerUnpause(name string) error
 	ContainerUpdate(name string, hostConfig *container.HostConfig) (container.ContainerUpdateOKBody, error)
 	ContainerWait(ctx context.Context, name string, condition containerpkg.WaitCondition) (<-chan containerpkg.StateStatus, error)
@@ -67,13 +68,8 @@ type systemBackend interface {
 	ContainersPrune(ctx context.Context, pruneFilters filters.Args) (*types.ContainersPruneReport, error)
 }
 
-type commitBackend interface {
-	CreateImageFromContainer(name string, config *backend.CreateImageConfig) (imageID string, err error)
-}
-
 // Backend is all the methods that need to be implemented to provide container specific functionality.
 type Backend interface {
-	commitBackend
 	execBackend
 	copyBackend
 	stateBackend

api/server/router/container/container.go

@@ -1,4 +1,4 @@
-package container // import "github.com/docker/docker/api/server/router/container"
+package container
 
 import (
 	"github.com/docker/docker/api/server/httputils"
@@ -10,15 +10,13 @@ type containerRouter struct {
 	backend Backend
 	decoder httputils.ContainerDecoder
 	routes  []router.Route
-	cgroup2 bool
 }
 
 // NewRouter initializes a new container router
-func NewRouter(b Backend, decoder httputils.ContainerDecoder, cgroup2 bool) router.Router {
+func NewRouter(b Backend, decoder httputils.ContainerDecoder) router.Router {
 	r := &containerRouter{
 		backend: b,
 		decoder: decoder,
-		cgroup2: cgroup2,
 	}
 	r.initRoutes()
 	return r
@@ -40,8 +38,8 @@ func (r *containerRouter) initRoutes() {
 		router.NewGetRoute("/containers/{name:.*}/changes", r.getContainersChanges),
 		router.NewGetRoute("/containers/{name:.*}/json", r.getContainersByName),
 		router.NewGetRoute("/containers/{name:.*}/top", r.getContainersTop),
-		router.NewGetRoute("/containers/{name:.*}/logs", r.getContainersLogs),
-		router.NewGetRoute("/containers/{name:.*}/stats", r.getContainersStats),
+		router.NewGetRoute("/containers/{name:.*}/logs", r.getContainersLogs, router.WithCancel),
+		router.NewGetRoute("/containers/{name:.*}/stats", r.getContainersStats, router.WithCancel),
 		router.NewGetRoute("/containers/{name:.*}/attach/ws", r.wsContainersAttach),
 		router.NewGetRoute("/exec/{id:.*}/json", r.getExecByID),
 		router.NewGetRoute("/containers/{name:.*}/archive", r.getContainersArchive),
@@ -53,17 +51,16 @@ func (r *containerRouter) initRoutes() {
 		router.NewPostRoute("/containers/{name:.*}/restart", r.postContainersRestart),
 		router.NewPostRoute("/containers/{name:.*}/start", r.postContainersStart),
 		router.NewPostRoute("/containers/{name:.*}/stop", r.postContainersStop),
-		router.NewPostRoute("/containers/{name:.*}/wait", r.postContainersWait),
+		router.NewPostRoute("/containers/{name:.*}/wait", r.postContainersWait, router.WithCancel),
 		router.NewPostRoute("/containers/{name:.*}/resize", r.postContainersResize),
 		router.NewPostRoute("/containers/{name:.*}/attach", r.postContainersAttach),
-		router.NewPostRoute("/containers/{name:.*}/copy", r.postContainersCopy), // Deprecated since 1.8 (API v1.20), errors out since 1.12 (API v1.24)
+		router.NewPostRoute("/containers/{name:.*}/copy", r.postContainersCopy), // Deprecated since 1.8, Errors out since 1.12
 		router.NewPostRoute("/containers/{name:.*}/exec", r.postContainerExecCreate),
 		router.NewPostRoute("/exec/{name:.*}/start", r.postContainerExecStart),
 		router.NewPostRoute("/exec/{name:.*}/resize", r.postContainerExecResize),
 		router.NewPostRoute("/containers/{name:.*}/rename", r.postContainerRename),
 		router.NewPostRoute("/containers/{name:.*}/update", r.postContainerUpdate),
-		router.NewPostRoute("/containers/prune", r.postContainersPrune),
-		router.NewPostRoute("/commit", r.postCommit),
+		router.NewPostRoute("/containers/prune", r.postContainersPrune, router.WithCancel),
 		// PUT
 		router.NewPutRoute("/containers/{name:.*}/archive", r.putContainersArchive),
 		// DELETE

api/server/router/container/container_routes.go

@@ -1,71 +1,29 @@
-package container // import "github.com/docker/docker/api/server/router/container"
+package container
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
-	"runtime"
 	"strconv"
+	"syscall"
 
-	"github.com/containerd/containerd/platforms"
-	"github.com/docker/docker/api/server/httpstatus"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/api/types/versions"
 	containerpkg "github.com/docker/docker/container"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
-	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/docker/docker/pkg/signal"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/net/context"
 	"golang.org/x/net/websocket"
 )
 
-func (s *containerRouter) postCommit(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	if err := httputils.ParseForm(r); err != nil {
-		return err
-	}
-
-	if err := httputils.CheckForJSON(r); err != nil {
-		return err
-	}
-
-	// TODO: remove pause arg, and always pause in backend
-	pause := httputils.BoolValue(r, "pause")
-	version := httputils.VersionFromContext(ctx)
-	if r.FormValue("pause") == "" && versions.GreaterThanOrEqualTo(version, "1.13") {
-		pause = true
-	}
-
-	config, _, _, err := s.decoder.DecodeConfig(r.Body)
-	if err != nil && !errors.Is(err, io.EOF) { // Do not fail if body is empty.
-		return err
-	}
-
-	commitCfg := &backend.CreateImageConfig{
-		Pause:   pause,
-		Repo:    r.Form.Get("repo"),
-		Tag:     r.Form.Get("tag"),
-		Author:  r.Form.Get("author"),
-		Comment: r.Form.Get("comment"),
-		Config:  config,
-		Changes: r.Form["changes"],
-	}
-
-	imgID, err := s.backend.CreateImageFromContainer(r.Form.Get("container"), commitCfg)
-	if err != nil {
-		return err
-	}
-
-	return httputils.WriteJSON(w, http.StatusCreated, &types.IDResponse{ID: imgID})
-}
-
 func (s *containerRouter) getContainersJSON(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
@@ -108,14 +66,9 @@ func (s *containerRouter) getContainersStats(ctx context.Context, w http.Respons
 	if !stream {
 		w.Header().Set("Content-Type", "application/json")
 	}
-	var oneShot bool
-	if versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.41") {
-		oneShot = httputils.BoolValueOrDefault(r, "one-shot", false)
-	}
 
 	config := &backend.ContainerStatsConfig{
 		Stream:    stream,
-		OneShot:   oneShot,
 		OutStream: w,
 		Version:   httputils.VersionFromContext(ctx),
 	}
@@ -155,12 +108,6 @@ func (s *containerRouter) getContainersLogs(ctx context.Context, w http.Response
 		return err
 	}
 
-	contentType := types.MediaTypeRawStream
-	if !tty && versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
-		contentType = types.MediaTypeMultiplexedStream
-	}
-	w.Header().Set("Content-Type", contentType)
-
 	// if has a tty, we're not muxing streams. if it doesn't, we are. simple.
 	// this is the point of no return for writing a response. once we call
 	// WriteLogStream, the response has been started and errors will be
@@ -227,26 +174,20 @@ func (s *containerRouter) postContainersStop(ctx context.Context, w http.Respons
 		return err
 	}
 
-	var (
-		options container.StopOptions
-		version = httputils.VersionFromContext(ctx)
-	)
-	if versions.GreaterThanOrEqualTo(version, "1.42") {
-		options.Signal = r.Form.Get("signal")
-	}
+	var seconds *int
 	if tmpSeconds := r.Form.Get("t"); tmpSeconds != "" {
 		valSeconds, err := strconv.Atoi(tmpSeconds)
 		if err != nil {
 			return err
 		}
-		options.Timeout = &valSeconds
+		seconds = &valSeconds
 	}
 
-	if err := s.backend.ContainerStop(ctx, vars["name"], options); err != nil {
+	if err := s.backend.ContainerStop(vars["name"], seconds); err != nil {
 		return err
 	}
-
 	w.WriteHeader(http.StatusNoContent)
+
 	return nil
 }
 
@@ -255,8 +196,18 @@ func (s *containerRouter) postContainersKill(ctx context.Context, w http.Respons
 		return err
 	}
 
+	var sig syscall.Signal
 	name := vars["name"]
-	if err := s.backend.ContainerKill(name, r.Form.Get("signal")); err != nil {
+
+	// If we have a signal, look at it. Otherwise, do nothing
+	if sigStr := r.Form.Get("signal"); sigStr != "" {
+		var err error
+		if sig, err = signal.ParseSignal(sigStr); err != nil {
+			return errdefs.InvalidParameter(err)
+		}
+	}
+
+	if err := s.backend.ContainerKill(name, uint64(sig)); err != nil {
 		var isStopped bool
 		if errdefs.IsConflict(err) {
 			isStopped = true
@@ -280,26 +231,21 @@ func (s *containerRouter) postContainersRestart(ctx context.Context, w http.Resp
 		return err
 	}
 
-	var (
-		options container.StopOptions
-		version = httputils.VersionFromContext(ctx)
-	)
-	if versions.GreaterThanOrEqualTo(version, "1.42") {
-		options.Signal = r.Form.Get("signal")
-	}
+	var seconds *int
 	if tmpSeconds := r.Form.Get("t"); tmpSeconds != "" {
 		valSeconds, err := strconv.Atoi(tmpSeconds)
 		if err != nil {
 			return err
 		}
-		options.Timeout = &valSeconds
+		seconds = &valSeconds
 	}
 
-	if err := s.backend.ContainerRestart(ctx, vars["name"], options); err != nil {
+	if err := s.backend.ContainerRestart(vars["name"], seconds); err != nil {
 		return err
 	}
 
 	w.WriteHeader(http.StatusNoContent)
+
 	return nil
 }
 
@@ -344,21 +290,18 @@ func (s *containerRouter) postContainersWait(ctx context.Context, w http.Respons
 		if err := httputils.ParseForm(r); err != nil {
 			return err
 		}
-		if v := r.Form.Get("condition"); v != "" {
-			switch container.WaitCondition(v) {
-			case container.WaitConditionNotRunning:
-				waitCondition = containerpkg.WaitConditionNotRunning
-			case container.WaitConditionNextExit:
-				waitCondition = containerpkg.WaitConditionNextExit
-			case container.WaitConditionRemoved:
-				waitCondition = containerpkg.WaitConditionRemoved
-				legacyRemovalWaitPre134 = versions.LessThan(version, "1.34")
-			default:
-				return errdefs.InvalidParameter(errors.Errorf("invalid condition: %q", v))
-			}
+		switch container.WaitCondition(r.Form.Get("condition")) {
+		case container.WaitConditionNextExit:
+			waitCondition = containerpkg.WaitConditionNextExit
+		case container.WaitConditionRemoved:
+			waitCondition = containerpkg.WaitConditionRemoved
+			legacyRemovalWaitPre134 = versions.LessThan(version, "1.34")
 		}
 	}
 
+	// Note: the context should get canceled if the client closes the
+	// connection since this handler has been wrapped by the
+	// router.WithCancel() wrapper.
 	waitC, err := s.backend.ContainerWait(ctx, vars["name"], waitCondition)
 	if err != nil {
 		return err
@@ -385,12 +328,12 @@ func (s *containerRouter) postContainersWait(ctx context.Context, w http.Respons
 		return nil
 	}
 
-	var waitError *container.WaitExitError
+	var waitError *container.ContainerWaitOKBodyError
 	if status.Err() != nil {
-		waitError = &container.WaitExitError{Message: status.Err().Error()}
+		waitError = &container.ContainerWaitOKBodyError{Message: status.Err().Error()}
 	}
 
-	return json.NewEncoder(w).Encode(&container.WaitResponse{
+	return json.NewEncoder(w).Encode(&container.ContainerWaitOKBody{
 		StatusCode: int64(status.ExitCode()),
 		Error:      waitError,
 	})
@@ -436,26 +379,15 @@ func (s *containerRouter) postContainerUpdate(ctx context.Context, w http.Respon
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
-
-	var updateConfig container.UpdateConfig
-	if err := httputils.ReadJSON(r, &updateConfig); err != nil {
+	if err := httputils.CheckForJSON(r); err != nil {
 		return err
 	}
-	if versions.LessThan(httputils.VersionFromContext(ctx), "1.40") {
-		updateConfig.PidsLimit = nil
-	}
 
-	if versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
-		// Ignore KernelMemory removed in API 1.42.
-		updateConfig.KernelMemory = 0
-	}
+	var updateConfig container.UpdateConfig
 
-	if updateConfig.PidsLimit != nil && *updateConfig.PidsLimit <= 0 {
-		// Both `0` and `-1` are accepted to set "unlimited" when updating.
-		// Historically, any negative value was accepted, so treat them as
-		// "unlimited" as well.
-		var unlimited int64
-		updateConfig.PidsLimit = &unlimited
+	decoder := json.NewDecoder(r.Body)
+	if err := decoder.Decode(&updateConfig); err != nil {
+		return err
 	}
 
 	hostConfig := &container.HostConfig{
@@ -484,9 +416,6 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 
 	config, hostConfig, networkingConfig, err := s.decoder.DecodeConfig(r.Body)
 	if err != nil {
-		if errors.Is(err, io.EOF) {
-			return errdefs.InvalidParameter(errors.New("invalid JSON: got EOF while reading request body"))
-		}
 		return err
 	}
 	version := httputils.VersionFromContext(ctx)
@@ -497,97 +426,12 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 		hostConfig.AutoRemove = false
 	}
 
-	if hostConfig != nil && versions.LessThan(version, "1.40") {
-		// Ignore BindOptions.NonRecursive because it was added in API 1.40.
-		for _, m := range hostConfig.Mounts {
-			if bo := m.BindOptions; bo != nil {
-				bo.NonRecursive = false
-			}
-		}
-		// Ignore KernelMemoryTCP because it was added in API 1.40.
-		hostConfig.KernelMemoryTCP = 0
-
-		// Older clients (API < 1.40) expects the default to be shareable, make them happy
-		if hostConfig.IpcMode.IsEmpty() {
-			hostConfig.IpcMode = container.IPCModeShareable
-		}
-	}
-	if hostConfig != nil && versions.LessThan(version, "1.41") && !s.cgroup2 {
-		// Older clients expect the default to be "host" on cgroup v1 hosts
-		if hostConfig.CgroupnsMode.IsEmpty() {
-			hostConfig.CgroupnsMode = container.CgroupnsModeHost
-		}
-	}
-
-	if hostConfig != nil && versions.LessThan(version, "1.42") {
-		for _, m := range hostConfig.Mounts {
-			// Ignore BindOptions.CreateMountpoint because it was added in API 1.42.
-			if bo := m.BindOptions; bo != nil {
-				bo.CreateMountpoint = false
-			}
-
-			// These combinations are invalid, but weren't validated in API < 1.42.
-			// We reset them here, so that validation doesn't produce an error.
-			if o := m.VolumeOptions; o != nil && m.Type != mount.TypeVolume {
-				m.VolumeOptions = nil
-			}
-			if o := m.TmpfsOptions; o != nil && m.Type != mount.TypeTmpfs {
-				m.TmpfsOptions = nil
-			}
-			if bo := m.BindOptions; bo != nil {
-				// Ignore BindOptions.CreateMountpoint because it was added in API 1.42.
-				bo.CreateMountpoint = false
-			}
-		}
-	}
-
-	if hostConfig != nil && versions.GreaterThanOrEqualTo(version, "1.42") {
-		// Ignore KernelMemory removed in API 1.42.
-		hostConfig.KernelMemory = 0
-		for _, m := range hostConfig.Mounts {
-			if o := m.VolumeOptions; o != nil && m.Type != mount.TypeVolume {
-				return errdefs.InvalidParameter(fmt.Errorf("VolumeOptions must not be specified on mount type %q", m.Type))
-			}
-			if o := m.BindOptions; o != nil && m.Type != mount.TypeBind {
-				return errdefs.InvalidParameter(fmt.Errorf("BindOptions must not be specified on mount type %q", m.Type))
-			}
-			if o := m.TmpfsOptions; o != nil && m.Type != mount.TypeTmpfs {
-				return errdefs.InvalidParameter(fmt.Errorf("TmpfsOptions must not be specified on mount type %q", m.Type))
-			}
-		}
-	}
-
-	if hostConfig != nil && runtime.GOOS == "linux" && versions.LessThan(version, "1.42") {
-		// ConsoleSize is not respected by Linux daemon before API 1.42
-		hostConfig.ConsoleSize = [2]uint{0, 0}
-	}
-
-	var platform *specs.Platform
-	if versions.GreaterThanOrEqualTo(version, "1.41") {
-		if v := r.Form.Get("platform"); v != "" {
-			p, err := platforms.Parse(v)
-			if err != nil {
-				return errdefs.InvalidParameter(err)
-			}
-			platform = &p
-		}
-	}
-
-	if hostConfig != nil && hostConfig.PidsLimit != nil && *hostConfig.PidsLimit <= 0 {
-		// Don't set a limit if either no limit was specified, or "unlimited" was
-		// explicitly set.
-		// Both `0` and `-1` are accepted as "unlimited", and historically any
-		// negative value was accepted, so treat those as "unlimited" as well.
-		hostConfig.PidsLimit = nil
-	}
-
 	ccr, err := s.backend.ContainerCreate(types.ContainerCreateConfig{
 		Name:             name,
 		Config:           config,
 		HostConfig:       hostConfig,
 		NetworkingConfig: networkingConfig,
 		AdjustCPUShares:  adjustCPUShares,
-		Platform:         platform,
 	})
 	if err != nil {
 		return err
@@ -649,8 +493,7 @@ func (s *containerRouter) postContainersAttach(ctx context.Context, w http.Respo
 		return errdefs.InvalidParameter(errors.Errorf("error attaching to container %s, hijack connection missing", containerName))
 	}
 
-	contentType := types.MediaTypeRawStream
-	setupStreams := func(multiplexed bool) (io.ReadCloser, io.Writer, io.Writer, error) {
+	setupStreams := func() (io.ReadCloser, io.Writer, io.Writer, error) {
 		conn, _, err := hijacker.Hijack()
 		if err != nil {
 			return nil, nil, nil, err
@@ -660,10 +503,7 @@ func (s *containerRouter) postContainersAttach(ctx context.Context, w http.Respo
 		conn.Write([]byte{})
 
 		if upgrade {
-			if multiplexed && versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
-				contentType = types.MediaTypeMultiplexedStream
-			}
-			fmt.Fprintf(conn, "HTTP/1.1 101 UPGRADED\r\nContent-Type: "+contentType+"\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n")
+			fmt.Fprintf(conn, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n")
 		} else {
 			fmt.Fprintf(conn, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
 		}
@@ -687,16 +527,16 @@ func (s *containerRouter) postContainersAttach(ctx context.Context, w http.Respo
 	}
 
 	if err = s.backend.ContainerAttach(containerName, attachConfig); err != nil {
-		logrus.WithError(err).Errorf("Handler for %s %s returned error", r.Method, r.URL.Path)
+		logrus.Errorf("Handler for %s %s returned error: %v", r.Method, r.URL.Path, err)
 		// Remember to close stream if error happens
 		conn, _, errHijack := hijacker.Hijack()
-		if errHijack != nil {
-			logrus.WithError(err).Errorf("Handler for %s %s: unable to close stream; error when hijacking connection", r.Method, r.URL.Path)
-		} else {
-			statusCode := httpstatus.FromError(err)
+		if errHijack == nil {
+			statusCode := httputils.GetHTTPErrorStatusCode(err)
 			statusText := http.StatusText(statusCode)
-			fmt.Fprintf(conn, "HTTP/1.1 %d %s\r\nContent-Type: %s\r\n\r\n%s\r\n", statusCode, statusText, contentType, err.Error())
+			fmt.Fprintf(conn, "HTTP/1.1 %d %s\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n%s\r\n", statusCode, statusText, err.Error())
 			httputils.CloseStreams(conn)
+		} else {
+			logrus.Errorf("Error Hijacking: %v", err)
 		}
 	}
 	return nil
@@ -716,7 +556,7 @@ func (s *containerRouter) wsContainersAttach(ctx context.Context, w http.Respons
 
 	version := httputils.VersionFromContext(ctx)
 
-	setupStreams := func(multiplexed bool) (io.ReadCloser, io.Writer, io.Writer, error) {
+	setupStreams := func() (io.ReadCloser, io.Writer, io.Writer, error) {
 		wsChan := make(chan *websocket.Conn)
 		h := func(conn *websocket.Conn) {
 			wsChan <- conn
@@ -738,22 +578,15 @@ func (s *containerRouter) wsContainersAttach(ctx context.Context, w http.Respons
 		return conn, conn, conn, nil
 	}
 
-	useStdin, useStdout, useStderr := true, true, true
-	if versions.GreaterThanOrEqualTo(version, "1.42") {
-		useStdin = httputils.BoolValue(r, "stdin")
-		useStdout = httputils.BoolValue(r, "stdout")
-		useStderr = httputils.BoolValue(r, "stderr")
-	}
-
 	attachConfig := &backend.ContainerAttachConfig{
 		GetStreams: setupStreams,
-		UseStdin:   useStdin,
-		UseStdout:  useStdout,
-		UseStderr:  useStderr,
 		Logs:       httputils.BoolValue(r, "logs"),
 		Stream:     httputils.BoolValue(r, "stream"),
 		DetachKeys: detachKeys,
-		MuxStreams: false, // never multiplex, as we rely on websocket to manage distinct streams
+		UseStdin:   true,
+		UseStdout:  true,
+		UseStderr:  true,
+		MuxStreams: false, // TODO: this should be true since it's a single stream for both stdout and stderr
 	}
 
 	err = s.backend.ContainerAttach(containerName, attachConfig)
@@ -778,7 +611,7 @@ func (s *containerRouter) postContainersPrune(ctx context.Context, w http.Respon
 
 	pruneFilters, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
 	pruneReport, err := s.backend.ContainersPrune(ctx, pruneFilters)

api/server/router/container/copy.go

@@ -1,9 +1,6 @@
-package container // import "github.com/docker/docker/api/server/router/container"
+package container
 
 import (
-	"compress/flate"
-	"compress/gzip"
-	"context"
 	"encoding/base64"
 	"encoding/json"
 	"io"
@@ -12,7 +9,7 @@ import (
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
-	gddohttputil "github.com/golang/gddo/httputil"
+	"golang.org/x/net/context"
 )
 
 type pathError struct{}
@@ -24,17 +21,19 @@ func (pathError) Error() string {
 func (pathError) InvalidParameter() {}
 
 // postContainersCopy is deprecated in favor of getContainersArchive.
-//
-// Deprecated since 1.8 (API v1.20), errors out since 1.12 (API v1.24)
 func (s *containerRouter) postContainersCopy(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	// Deprecated since 1.8, Errors out since 1.12
 	version := httputils.VersionFromContext(ctx)
 	if versions.GreaterThanOrEqualTo(version, "1.24") {
 		w.WriteHeader(http.StatusNotFound)
 		return nil
 	}
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
 
 	cfg := types.CopyConfig{}
-	if err := httputils.ReadJSON(r, &cfg); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&cfg); err != nil {
 		return err
 	}
 
@@ -82,29 +81,6 @@ func (s *containerRouter) headContainersArchive(ctx context.Context, w http.Resp
 	return setContainerPathStatHeader(stat, w.Header())
 }
 
-func writeCompressedResponse(w http.ResponseWriter, r *http.Request, body io.Reader) error {
-	var cw io.Writer
-	switch gddohttputil.NegotiateContentEncoding(r, []string{"gzip", "deflate"}) {
-	case "gzip":
-		gw := gzip.NewWriter(w)
-		defer gw.Close()
-		cw = gw
-		w.Header().Set("Content-Encoding", "gzip")
-	case "deflate":
-		fw, err := flate.NewWriter(w, flate.DefaultCompression)
-		if err != nil {
-			return err
-		}
-		defer fw.Close()
-		cw = fw
-		w.Header().Set("Content-Encoding", "deflate")
-	default:
-		cw = w
-	}
-	_, err := io.Copy(cw, body)
-	return err
-}
-
 func (s *containerRouter) getContainersArchive(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	v, err := httputils.ArchiveFormValues(r, vars)
 	if err != nil {
@@ -122,7 +98,9 @@ func (s *containerRouter) getContainersArchive(ctx context.Context, w http.Respo
 	}
 
 	w.Header().Set("Content-Type", "application/x-tar")
-	return writeCompressedResponse(w, r, tarArchive)
+	_, err = io.Copy(w, tarArchive)
+
+	return err
 }
 
 func (s *containerRouter) putContainersArchive(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {

api/server/router/container/exec.go

@@ -1,7 +1,7 @@
-package container // import "github.com/docker/docker/api/server/router/container"
+package container
 
 import (
-	"context"
+	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
@@ -9,11 +9,11 @@ import (
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/net/context"
 )
 
 func (s *containerRouter) getExecByID(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -37,9 +37,13 @@ func (s *containerRouter) postContainerExecCreate(ctx context.Context, w http.Re
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+	name := vars["name"]
 
 	execConfig := &types.ExecConfig{}
-	if err := httputils.ReadJSON(r, execConfig); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(execConfig); err != nil {
 		return err
 	}
 
@@ -47,16 +51,10 @@ func (s *containerRouter) postContainerExecCreate(ctx context.Context, w http.Re
 		return execCommandError{}
 	}
 
-	version := httputils.VersionFromContext(ctx)
-	if versions.LessThan(version, "1.42") {
-		// Not supported by API versions before 1.42
-		execConfig.ConsoleSize = nil
-	}
-
 	// Register an instance of Exec in container.
-	id, err := s.backend.ContainerExecCreate(vars["name"], execConfig)
+	id, err := s.backend.ContainerExecCreate(name, execConfig)
 	if err != nil {
-		logrus.Errorf("Error setting up exec command in container %s: %v", vars["name"], err)
+		logrus.Errorf("Error setting up exec command in container %s: %v", name, err)
 		return err
 	}
 
@@ -72,11 +70,9 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 	}
 
 	version := httputils.VersionFromContext(ctx)
-	if versions.LessThan(version, "1.22") {
-		// API versions before 1.22 did not enforce application/json content-type.
-		// Allow older clients to work by patching the content-type.
-		if r.Header.Get("Content-Type") != "application/json" {
-			r.Header.Set("Content-Type", "application/json")
+	if versions.GreaterThan(version, "1.21") {
+		if err := httputils.CheckForJSON(r); err != nil {
+			return err
 		}
 	}
 
@@ -87,7 +83,7 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 	)
 
 	execStartCheck := &types.ExecStartCheck{}
-	if err := httputils.ReadJSON(r, execStartCheck); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(execStartCheck); err != nil {
 		return err
 	}
 
@@ -95,18 +91,6 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 		return err
 	}
 
-	if execStartCheck.ConsoleSize != nil {
-		// Not supported before 1.42
-		if versions.LessThan(version, "1.42") {
-			execStartCheck.ConsoleSize = nil
-		}
-
-		// No console without tty
-		if !execStartCheck.Tty {
-			execStartCheck.ConsoleSize = nil
-		}
-	}
-
 	if !execStartCheck.Detach {
 		var err error
 		// Setting up the streaming http interface.
@@ -117,11 +101,7 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 		defer httputils.CloseStreams(inStream, outStream)
 
 		if _, ok := r.Header["Upgrade"]; ok {
-			contentType := types.MediaTypeRawStream
-			if !execStartCheck.Tty && versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
-				contentType = types.MediaTypeMultiplexedStream
-			}
-			fmt.Fprint(outStream, "HTTP/1.1 101 UPGRADED\r\nContent-Type: "+contentType+"\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n")
+			fmt.Fprint(outStream, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n")
 		} else {
 			fmt.Fprint(outStream, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n")
 		}
@@ -140,16 +120,9 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 		}
 	}
 
-	options := container.ExecStartOptions{
-		Stdin:       stdin,
-		Stdout:      stdout,
-		Stderr:      stderr,
-		ConsoleSize: execStartCheck.ConsoleSize,
-	}
-
 	// Now run the user process in container.
 	// Maybe we should we pass ctx here if we're not detaching?
-	if err := s.backend.ContainerExecStart(context.Background(), execName, options); err != nil {
+	if err := s.backend.ContainerExecStart(context.Background(), execName, stdin, stdout, stderr); err != nil {
 		if execStartCheck.Detach {
 			return err
 		}

api/server/router/container/inspect.go

@@ -1,10 +1,10 @@
-package container // import "github.com/docker/docker/api/server/router/container"
+package container
 
 import (
-	"context"
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
+	"golang.org/x/net/context"
 )
 
 // getContainersByName inspects container's configuration and serializes it as json.

api/server/router/debug/debug.go

@@ -1,13 +1,13 @@
-package debug // import "github.com/docker/docker/api/server/router/debug"
+package debug
 
 import (
-	"context"
 	"expvar"
 	"net/http"
 	"net/http/pprof"
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/server/router"
+	"golang.org/x/net/context"
 )
 
 // NewRouter creates a new debug router

api/server/router/debug/debug_routes.go

@@ -1,9 +1,10 @@
-package debug // import "github.com/docker/docker/api/server/router/debug"
+package debug
 
 import (
-	"context"
 	"net/http"
 	"net/http/pprof"
+
+	"golang.org/x/net/context"
 )
 
 func handlePprof(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {

api/server/router/distribution/backend.go

@@ -1,15 +1,14 @@
-package distribution // import "github.com/docker/docker/api/server/router/distribution"
+package distribution
 
 import (
-	"context"
-
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	"golang.org/x/net/context"
 )
 
 // Backend is all the methods that need to be implemented
 // to provide image specific functionality.
 type Backend interface {
-	GetRepository(context.Context, reference.Named, *types.AuthConfig) (distribution.Repository, error)
+	GetRepository(context.Context, reference.Named, *types.AuthConfig) (distribution.Repository, bool, error)
 }

api/server/router/distribution/distribution.go

@@ -1,4 +1,4 @@
-package distribution // import "github.com/docker/docker/api/server/router/distribution"
+package distribution
 
 import "github.com/docker/docker/api/server/router"
 

api/server/router/distribution/distribution_routes.go

@@ -1,7 +1,6 @@
-package distribution // import "github.com/docker/docker/api/server/router/distribution"
+package distribution
 
 import (
-	"context"
 	"encoding/base64"
 	"encoding/json"
 	"net/http"
@@ -14,9 +13,9 @@ import (
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/errdefs"
-	v1 "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	"golang.org/x/net/context"
 )
 
 func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -43,10 +42,9 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 
 	image := vars["name"]
 
-	// TODO why is reference.ParseAnyReference() / reference.ParseNormalizedNamed() not using the reference.ErrTagInvalidFormat (and so on) errors?
 	ref, err := reference.ParseAnyReference(image)
 	if err != nil {
-		return errdefs.InvalidParameter(err)
+		return err
 	}
 	namedRef, ok := ref.(reference.Named)
 	if !ok {
@@ -54,10 +52,10 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 			// full image ID
 			return errors.Errorf("no manifest found for full image ID")
 		}
-		return errdefs.InvalidParameter(errors.Errorf("unknown image reference format: %s", image))
+		return errors.Errorf("unknown image reference format: %s", image)
 	}
 
-	distrepo, err := s.backend.GetRepository(ctx, namedRef, config)
+	distrepo, _, err := s.backend.GetRepository(ctx, namedRef, config)
 	if err != nil {
 		return err
 	}
@@ -68,7 +66,7 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 
 		taggedRef, ok := namedRef.(reference.NamedTagged)
 		if !ok {
-			return errdefs.InvalidParameter(errors.Errorf("image reference not tagged: %s", image))
+			return errors.Errorf("image reference not tagged: %s", image)
 		}
 
 		descriptor, err := distrepo.Tags(ctx).Get(ctx, taggedRef.Tag())
@@ -94,16 +92,6 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 	}
 	mnfst, err := mnfstsrvc.Get(ctx, distributionInspect.Descriptor.Digest)
 	if err != nil {
-		switch err {
-		case reference.ErrReferenceInvalidFormat,
-			reference.ErrTagInvalidFormat,
-			reference.ErrDigestInvalidFormat,
-			reference.ErrNameContainsUppercase,
-			reference.ErrNameEmpty,
-			reference.ErrNameTooLong,
-			reference.ErrNameNotCanonical:
-			return errdefs.InvalidParameter(err)
-		}
 		return err
 	}
 

api/server/router/experimental.go

@@ -1,9 +1,10 @@
-package router // import "github.com/docker/docker/api/server/router"
+package router
 
 import (
-	"context"
 	"net/http"
 
+	"golang.org/x/net/context"
+
 	"github.com/docker/docker/api/server/httputils"
 )
 
@@ -44,7 +45,7 @@ func experimentalHandler(ctx context.Context, w http.ResponseWriter, r *http.Req
 	return notImplementedError{}
 }
 
-// Handler returns the APIFunc to let the server wrap it in middlewares.
+// Handler returns returns the APIFunc to let the server wrap it in middlewares.
 func (r *experimentalRoute) Handler() httputils.APIFunc {
 	return r.handler
 }

api/server/router/grpc/backend.go

@@ -1,8 +0,0 @@
-package grpc // import "github.com/docker/docker/api/server/router/grpc"
-
-import "google.golang.org/grpc"
-
-// Backend abstracts a registerable GRPC service.
-type Backend interface {
-	RegisterGRPC(*grpc.Server)
-}

api/server/router/grpc/grpc.go

@@ -1,41 +0,0 @@
-package grpc // import "github.com/docker/docker/api/server/router/grpc"
-
-import (
-	"github.com/docker/docker/api/server/router"
-	"github.com/moby/buildkit/util/grpcerrors"
-	"golang.org/x/net/http2"
-	"google.golang.org/grpc"
-)
-
-type grpcRouter struct {
-	routes     []router.Route
-	grpcServer *grpc.Server
-	h2Server   *http2.Server
-}
-
-// NewRouter initializes a new grpc http router
-func NewRouter(backends ...Backend) router.Router {
-	r := &grpcRouter{
-		h2Server: &http2.Server{},
-		grpcServer: grpc.NewServer(
-			grpc.UnaryInterceptor(grpcerrors.UnaryServerInterceptor),
-			grpc.StreamInterceptor(grpcerrors.StreamServerInterceptor),
-		),
-	}
-	for _, b := range backends {
-		b.RegisterGRPC(r.grpcServer)
-	}
-	r.initRoutes()
-	return r
-}
-
-// Routes returns the available routers to the session controller
-func (gr *grpcRouter) Routes() []router.Route {
-	return gr.routes
-}
-
-func (gr *grpcRouter) initRoutes() {
-	gr.routes = []router.Route{
-		router.NewPostRoute("/grpc", gr.serveGRPC),
-	}
-}

api/server/router/grpc/grpc_routes.go

@@ -1,45 +0,0 @@
-package grpc // import "github.com/docker/docker/api/server/router/grpc"
-
-import (
-	"context"
-	"net/http"
-
-	"github.com/pkg/errors"
-	"golang.org/x/net/http2"
-)
-
-func (gr *grpcRouter) serveGRPC(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	h, ok := w.(http.Hijacker)
-	if !ok {
-		return errors.New("handler does not support hijack")
-	}
-	proto := r.Header.Get("Upgrade")
-	if proto == "" {
-		return errors.New("no upgrade proto in request")
-	}
-	if proto != "h2c" {
-		return errors.Errorf("protocol %s not supported", proto)
-	}
-
-	conn, _, err := h.Hijack()
-	if err != nil {
-		return err
-	}
-	resp := &http.Response{
-		StatusCode: http.StatusSwitchingProtocols,
-		ProtoMajor: 1,
-		ProtoMinor: 1,
-		Header:     http.Header{},
-	}
-	resp.Header.Set("Connection", "Upgrade")
-	resp.Header.Set("Upgrade", proto)
-
-	// set raw mode
-	conn.Write([]byte{})
-	resp.Write(conn)
-
-	// https://godoc.org/golang.org/x/net/http2#Server.ServeConn
-	// TODO: is it a problem that conn has already been written to?
-	gr.h2Server.ServeConn(conn, &http2.ServeConnOpts{Handler: gr.grpcServer})
-	return nil
-}

api/server/router/image/backend.go

@@ -1,42 +1,46 @@
-package image // import "github.com/docker/docker/api/server/router/image"
+package image
 
 import (
-	"context"
 	"io"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/api/types/registry"
-	dockerimage "github.com/docker/docker/image"
-	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"golang.org/x/net/context"
 )
 
 // Backend is all the methods that need to be implemented
 // to provide image specific functionality.
 type Backend interface {
+	containerBackend
 	imageBackend
 	importExportBackend
 	registryBackend
 }
 
+type containerBackend interface {
+	Commit(name string, config *backend.ContainerCommitConfig) (imageID string, err error)
+}
+
 type imageBackend interface {
 	ImageDelete(imageRef string, force, prune bool) ([]types.ImageDeleteResponseItem, error)
 	ImageHistory(imageName string) ([]*image.HistoryResponseItem, error)
-	Images(ctx context.Context, opts types.ImageListOptions) ([]*types.ImageSummary, error)
-	GetImage(refOrID string, platform *specs.Platform) (retImg *dockerimage.Image, retErr error)
-	TagImage(imageName, repository, tag string) (string, error)
+	Images(imageFilters filters.Args, all bool, withExtraAttrs bool) ([]*types.ImageSummary, error)
+	LookupImage(name string) (*types.ImageInspect, error)
+	TagImage(imageName, repository, tag string) error
 	ImagesPrune(ctx context.Context, pruneFilters filters.Args) (*types.ImagesPruneReport, error)
 }
 
 type importExportBackend interface {
 	LoadImage(inTar io.ReadCloser, outStream io.Writer, quiet bool) error
-	ImportImage(src string, repository string, platform *specs.Platform, tag string, msg string, inConfig io.ReadCloser, outStream io.Writer, changes []string) error
+	ImportImage(src string, repository, platform string, tag string, msg string, inConfig io.ReadCloser, outStream io.Writer, changes []string) error
 	ExportImage(names []string, outStream io.Writer) error
 }
 
 type registryBackend interface {
-	PullImage(ctx context.Context, image, tag string, platform *specs.Platform, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
+	PullImage(ctx context.Context, image, tag, platform string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
 	PushImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
-	SearchRegistryForImages(ctx context.Context, searchFilters filters.Args, term string, limit int, authConfig *types.AuthConfig, metaHeaders map[string][]string) (*registry.SearchResults, error)
+	SearchRegistryForImages(ctx context.Context, filtersArgs string, term string, limit int, authConfig *types.AuthConfig, metaHeaders map[string][]string) (*registry.SearchResults, error)
 }

api/server/router/image/image.go

@@ -1,28 +1,22 @@
-package image // import "github.com/docker/docker/api/server/router/image"
+package image
 
 import (
+	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/server/router"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/layer"
-	"github.com/docker/docker/reference"
 )
 
 // imageRouter is a router to talk with the image controller
 type imageRouter struct {
-	backend          Backend
-	referenceBackend reference.Store
-	imageStore       image.Store
-	layerStore       layer.Store
-	routes           []router.Route
+	backend Backend
+	decoder httputils.ContainerDecoder
+	routes  []router.Route
 }
 
 // NewRouter initializes a new image router
-func NewRouter(backend Backend, referenceBackend reference.Store, imageStore image.Store, layerStore layer.Store) router.Router {
+func NewRouter(backend Backend, decoder httputils.ContainerDecoder) router.Router {
 	r := &imageRouter{
-		backend:          backend,
-		referenceBackend: referenceBackend,
-		imageStore:       imageStore,
-		layerStore:       layerStore,
+		backend: backend,
+		decoder: decoder,
 	}
 	r.initRoutes()
 	return r
@@ -44,11 +38,12 @@ func (r *imageRouter) initRoutes() {
 		router.NewGetRoute("/images/{name:.*}/history", r.getImagesHistory),
 		router.NewGetRoute("/images/{name:.*}/json", r.getImagesByName),
 		// POST
+		router.NewPostRoute("/commit", r.postCommit),
 		router.NewPostRoute("/images/load", r.postImagesLoad),
-		router.NewPostRoute("/images/create", r.postImagesCreate),
-		router.NewPostRoute("/images/{name:.*}/push", r.postImagesPush),
+		router.NewPostRoute("/images/create", r.postImagesCreate, router.WithCancel),
+		router.NewPostRoute("/images/{name:.*}/push", r.postImagesPush, router.WithCancel),
 		router.NewPostRoute("/images/{name:.*}/tag", r.postImagesTag),
-		router.NewPostRoute("/images/prune", r.postImagesPrune),
+		router.NewPostRoute("/images/prune", r.postImagesPrune, router.WithCancel),
 		// DELETE
 		router.NewDeleteRoute("/images/{name:.*}", r.deleteImages),
 	}

api/server/router/image/image_routes.go

@@ -1,29 +1,73 @@
-package image // import "github.com/docker/docker/api/server/router/image"
+package image
 
 import (
-	"context"
 	"encoding/base64"
 	"encoding/json"
+	"fmt"
+	"io"
 	"net/http"
+	"os"
 	"strconv"
 	"strings"
-	"time"
 
-	"github.com/containerd/containerd/platforms"
-	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/layer"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/registry"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	"golang.org/x/net/context"
 )
 
+func (s *imageRouter) postCommit(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	cname := r.Form.Get("container")
+
+	pause := httputils.BoolValue(r, "pause")
+	version := httputils.VersionFromContext(ctx)
+	if r.FormValue("pause") == "" && versions.GreaterThanOrEqualTo(version, "1.13") {
+		pause = true
+	}
+
+	c, _, _, err := s.decoder.DecodeConfig(r.Body)
+	if err != nil && err != io.EOF { //Do not fail if body is empty.
+		return err
+	}
+
+	commitCfg := &backend.ContainerCommitConfig{
+		ContainerCommitConfig: types.ContainerCommitConfig{
+			Pause:        pause,
+			Repo:         r.Form.Get("repo"),
+			Tag:          r.Form.Get("tag"),
+			Author:       r.Form.Get("author"),
+			Comment:      r.Form.Get("comment"),
+			Config:       c,
+			MergeConfigs: true,
+		},
+		Changes: r.Form["changes"],
+	}
+
+	imgID, err := s.backend.Commit(cname, commitCfg)
+	if err != nil {
+		return err
+	}
+
+	return httputils.WriteJSON(w, http.StatusCreated, &types.IDResponse{ID: imgID})
+}
+
 // Creates an image from Pull or from Import
 func (s *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 
@@ -32,13 +76,13 @@ func (s *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWrite
 	}
 
 	var (
-		image       = r.Form.Get("fromImage")
-		repo        = r.Form.Get("repo")
-		tag         = r.Form.Get("tag")
-		message     = r.Form.Get("message")
-		progressErr error
-		output      = ioutils.NewWriteFlusher(w)
-		platform    *specs.Platform
+		image    = r.Form.Get("fromImage")
+		repo     = r.Form.Get("repo")
+		tag      = r.Form.Get("tag")
+		message  = r.Form.Get("message")
+		err      error
+		output   = ioutils.NewWriteFlusher(w)
+		platform = &specs.Platform{}
 	)
 	defer output.Close()
 
@@ -46,43 +90,56 @@ func (s *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWrite
 
 	version := httputils.VersionFromContext(ctx)
 	if versions.GreaterThanOrEqualTo(version, "1.32") {
-		if p := r.FormValue("platform"); p != "" {
-			sp, err := platforms.Parse(p)
-			if err != nil {
-				return errdefs.InvalidParameter(err)
-			}
-			platform = &sp
+		// TODO @jhowardmsft. The following environment variable is an interim
+		// measure to allow the daemon to have a default platform if omitted by
+		// the client. This allows LCOW and WCOW to work with a down-level CLI
+		// for a short period of time, as the CLI changes can't be merged
+		// until after the daemon changes have been merged. Once the CLI is
+		// updated, this can be removed. PR for CLI is currently in
+		// https://github.com/docker/cli/pull/474.
+		apiPlatform := r.FormValue("platform")
+		if system.LCOWSupported() && apiPlatform == "" {
+			apiPlatform = os.Getenv("LCOW_API_PLATFORM_IF_OMITTED")
+		}
+		platform = system.ParsePlatform(apiPlatform)
+		if err = system.ValidatePlatform(platform); err != nil {
+			err = fmt.Errorf("invalid platform: %s", err)
 		}
 	}
 
-	if image != "" { // pull
-		metaHeaders := map[string][]string{}
-		for k, v := range r.Header {
-			if strings.HasPrefix(k, "X-Meta-") {
-				metaHeaders[k] = v
+	if err == nil {
+		if image != "" { //pull
+			metaHeaders := map[string][]string{}
+			for k, v := range r.Header {
+				if strings.HasPrefix(k, "X-Meta-") {
+					metaHeaders[k] = v
+				}
 			}
-		}
 
-		authEncoded := r.Header.Get("X-Registry-Auth")
-		authConfig := &types.AuthConfig{}
-		if authEncoded != "" {
-			authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
-			if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
-				// for a pull it is not an error if no auth was given
-				// to increase compatibility with the existing api it is defaulting to be empty
-				authConfig = &types.AuthConfig{}
+			authEncoded := r.Header.Get("X-Registry-Auth")
+			authConfig := &types.AuthConfig{}
+			if authEncoded != "" {
+				authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+				if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
+					// for a pull it is not an error if no auth was given
+					// to increase compatibility with the existing api it is defaulting to be empty
+					authConfig = &types.AuthConfig{}
+				}
 			}
+			err = s.backend.PullImage(ctx, image, tag, platform.OS, metaHeaders, authConfig, output)
+		} else { //import
+			src := r.Form.Get("fromSrc")
+			// 'err' MUST NOT be defined within this block, we need any error
+			// generated from the download to be available to the output
+			// stream processing below
+			err = s.backend.ImportImage(src, repo, platform.OS, tag, message, r.Body, output, r.Form["changes"])
 		}
-		progressErr = s.backend.PullImage(ctx, image, tag, platform, metaHeaders, authConfig, output)
-	} else { // import
-		src := r.Form.Get("fromSrc")
-		progressErr = s.backend.ImportImage(src, repo, platform, tag, message, r.Body, output, r.Form["changes"])
 	}
-	if progressErr != nil {
+	if err != nil {
 		if !output.Flushed() {
-			return progressErr
+			return err
 		}
-		_, _ = output.Write(streamformatter.FormatError(progressErr))
+		output.Write(streamformatter.FormatError(err))
 	}
 
 	return nil
@@ -127,7 +184,7 @@ func (s *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter,
 		if !output.Flushed() {
 			return err
 		}
-		_, _ = output.Write(streamformatter.FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 	return nil
 }
@@ -152,7 +209,7 @@ func (s *imageRouter) getImagesGet(ctx context.Context, w http.ResponseWriter, r
 		if !output.Flushed() {
 			return err
 		}
-		_, _ = output.Write(streamformatter.FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 	return nil
 }
@@ -168,7 +225,7 @@ func (s *imageRouter) postImagesLoad(ctx context.Context, w http.ResponseWriter,
 	output := ioutils.NewWriteFlusher(w)
 	defer output.Close()
 	if err := s.backend.LoadImage(r.Body, output, quiet); err != nil {
-		_, _ = output.Write(streamformatter.FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 	return nil
 }
@@ -204,12 +261,7 @@ func (s *imageRouter) deleteImages(ctx context.Context, w http.ResponseWriter, r
 }
 
 func (s *imageRouter) getImagesByName(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	image, err := s.backend.GetImage(vars["name"], nil)
-	if err != nil {
-		return err
-	}
-
-	imageInspect, err := s.toImageInspect(image)
+	imageInspect, err := s.backend.LookupImage(vars["name"])
 	if err != nil {
 		return err
 	}
@@ -217,85 +269,6 @@ func (s *imageRouter) getImagesByName(ctx context.Context, w http.ResponseWriter
 	return httputils.WriteJSON(w, http.StatusOK, imageInspect)
 }
 
-func (s *imageRouter) toImageInspect(img *image.Image) (*types.ImageInspect, error) {
-	refs := s.referenceBackend.References(img.ID().Digest())
-	repoTags := []string{}
-	repoDigests := []string{}
-	for _, ref := range refs {
-		switch ref.(type) {
-		case reference.NamedTagged:
-			repoTags = append(repoTags, reference.FamiliarString(ref))
-		case reference.Canonical:
-			repoDigests = append(repoDigests, reference.FamiliarString(ref))
-		}
-	}
-
-	var size int64
-	var layerMetadata map[string]string
-	layerID := img.RootFS.ChainID()
-	if layerID != "" {
-		l, err := s.layerStore.Get(layerID)
-		if err != nil {
-			return nil, err
-		}
-		defer layer.ReleaseAndLog(s.layerStore, l)
-		size = l.Size()
-		layerMetadata, err = l.Metadata()
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	comment := img.Comment
-	if len(comment) == 0 && len(img.History) > 0 {
-		comment = img.History[len(img.History)-1].Comment
-	}
-
-	lastUpdated, err := s.imageStore.GetLastUpdated(img.ID())
-	if err != nil {
-		return nil, err
-	}
-
-	return &types.ImageInspect{
-		ID:              img.ID().String(),
-		RepoTags:        repoTags,
-		RepoDigests:     repoDigests,
-		Parent:          img.Parent.String(),
-		Comment:         comment,
-		Created:         img.Created.Format(time.RFC3339Nano),
-		Container:       img.Container,
-		ContainerConfig: &img.ContainerConfig,
-		DockerVersion:   img.DockerVersion,
-		Author:          img.Author,
-		Config:          img.Config,
-		Architecture:    img.Architecture,
-		Variant:         img.Variant,
-		Os:              img.OperatingSystem(),
-		OsVersion:       img.OSVersion,
-		Size:            size,
-		VirtualSize:     size, // TODO: field unused, deprecate
-		GraphDriver: types.GraphDriverData{
-			Name: s.layerStore.DriverName(),
-			Data: layerMetadata,
-		},
-		RootFS: rootFSToAPIType(img.RootFS),
-		Metadata: types.ImageMetadata{
-			LastTagTime: lastUpdated,
-		},
-	}, nil
-}
-
-func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
-	var layers []string
-	for _, l := range rootfs.DiffIDs {
-		layers = append(layers, l.String())
-	}
-	return types.RootFS{
-		Type:   rootfs.Type,
-		Layers: layers,
-	}
-}
-
 func (s *imageRouter) getImagesJSON(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
@@ -306,26 +279,13 @@ func (s *imageRouter) getImagesJSON(ctx context.Context, w http.ResponseWriter,
 		return err
 	}
 
-	version := httputils.VersionFromContext(ctx)
-	if versions.LessThan(version, "1.41") {
-		// NOTE: filter is a shell glob string applied to repository names.
-		filterParam := r.Form.Get("filter")
-		if filterParam != "" {
-			imageFilters.Add("reference", filterParam)
-		}
+	filterParam := r.Form.Get("filter")
+	// FIXME(vdemeester) This has been deprecated in 1.13, and is target for removal for v17.12
+	if filterParam != "" {
+		imageFilters.Add("reference", filterParam)
 	}
 
-	var sharedSize bool
-	if versions.GreaterThanOrEqualTo(version, "1.42") {
-		// NOTE: Support for the "shared-size" parameter was added in API 1.42.
-		sharedSize = httputils.BoolValue(r, "shared-size")
-	}
-
-	images, err := s.backend.Images(ctx, types.ImageListOptions{
-		All:        httputils.BoolValue(r, "all"),
-		Filters:    imageFilters,
-		SharedSize: sharedSize,
-	})
+	images, err := s.backend.Images(imageFilters, httputils.BoolValue(r, "all"), false)
 	if err != nil {
 		return err
 	}
@@ -347,7 +307,7 @@ func (s *imageRouter) postImagesTag(ctx context.Context, w http.ResponseWriter,
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
-	if _, err := s.backend.TagImage(vars["name"], r.Form.Get("repo"), r.Form.Get("tag")); err != nil {
+	if err := s.backend.TagImage(vars["name"], r.Form.Get("repo"), r.Form.Get("tag")); err != nil {
 		return err
 	}
 	w.WriteHeader(http.StatusCreated)
@@ -377,21 +337,15 @@ func (s *imageRouter) getImagesSearch(ctx context.Context, w http.ResponseWriter
 			headers[k] = v
 		}
 	}
-
-	var limit int
+	limit := registry.DefaultSearchLimit
 	if r.Form.Get("limit") != "" {
-		var err error
-		limit, err = strconv.Atoi(r.Form.Get("limit"))
-		if err != nil || limit < 0 {
-			return errdefs.InvalidParameter(errors.Wrap(err, "invalid limit specified"))
+		limitValue, err := strconv.Atoi(r.Form.Get("limit"))
+		if err != nil {
+			return err
 		}
+		limit = limitValue
 	}
-	searchFilters, err := filters.FromJSON(r.Form.Get("filters"))
-	if err != nil {
-		return err
-	}
-
-	query, err := s.backend.SearchRegistryForImages(ctx, searchFilters, r.Form.Get("term"), limit, config, headers)
+	query, err := s.backend.SearchRegistryForImages(ctx, r.Form.Get("filters"), r.Form.Get("term"), limit, config, headers)
 	if err != nil {
 		return err
 	}

api/server/router/local.go

@@ -1,9 +1,10 @@
-package router // import "github.com/docker/docker/api/server/router"
+package router
 
 import (
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
+	"golang.org/x/net/context"
 )
 
 // RouteWrapper wraps a route with extra functionality.
@@ -44,30 +45,60 @@ func NewRoute(method, path string, handler httputils.APIFunc, opts ...RouteWrapp
 
 // NewGetRoute initializes a new route with the http method GET.
 func NewGetRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
-	return NewRoute(http.MethodGet, path, handler, opts...)
+	return NewRoute("GET", path, handler, opts...)
 }
 
 // NewPostRoute initializes a new route with the http method POST.
 func NewPostRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
-	return NewRoute(http.MethodPost, path, handler, opts...)
+	return NewRoute("POST", path, handler, opts...)
 }
 
 // NewPutRoute initializes a new route with the http method PUT.
 func NewPutRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
-	return NewRoute(http.MethodPut, path, handler, opts...)
+	return NewRoute("PUT", path, handler, opts...)
 }
 
 // NewDeleteRoute initializes a new route with the http method DELETE.
 func NewDeleteRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
-	return NewRoute(http.MethodDelete, path, handler, opts...)
+	return NewRoute("DELETE", path, handler, opts...)
 }
 
 // NewOptionsRoute initializes a new route with the http method OPTIONS.
 func NewOptionsRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
-	return NewRoute(http.MethodOptions, path, handler, opts...)
+	return NewRoute("OPTIONS", path, handler, opts...)
 }
 
 // NewHeadRoute initializes a new route with the http method HEAD.
 func NewHeadRoute(path string, handler httputils.APIFunc, opts ...RouteWrapper) Route {
-	return NewRoute(http.MethodHead, path, handler, opts...)
+	return NewRoute("HEAD", path, handler, opts...)
+}
+
+func cancellableHandler(h httputils.APIFunc) httputils.APIFunc {
+	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+		if notifier, ok := w.(http.CloseNotifier); ok {
+			notify := notifier.CloseNotify()
+			notifyCtx, cancel := context.WithCancel(ctx)
+			finished := make(chan struct{})
+			defer close(finished)
+			ctx = notifyCtx
+			go func() {
+				select {
+				case <-notify:
+					cancel()
+				case <-finished:
+				}
+			}()
+		}
+		return h(ctx, w, r, vars)
+	}
+}
+
+// WithCancel makes new route which embeds http.CloseNotifier feature to
+// context.Context of handler.
+func WithCancel(r Route) Route {
+	return localRoute{
+		method:  r.Method(),
+		path:    r.Path(),
+		handler: cancellableHandler(r.Handler()),
+	}
 }

api/server/router/network/backend.go

@@ -1,32 +1,22 @@
-package network // import "github.com/docker/docker/api/server/router/network"
+package network
 
 import (
-	"context"
+	"golang.org/x/net/context"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/libnetwork"
+	"github.com/docker/libnetwork"
 )
 
 // Backend is all the methods that need to be implemented
 // to provide network specific functionality.
 type Backend interface {
 	FindNetwork(idName string) (libnetwork.Network, error)
-	GetNetworks(filters.Args, types.NetworkListConfig) ([]types.NetworkResource, error)
+	GetNetworks() []libnetwork.Network
 	CreateNetwork(nc types.NetworkCreateRequest) (*types.NetworkCreateResponse, error)
 	ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error
 	DisconnectContainerFromNetwork(containerName string, networkName string, force bool) error
 	DeleteNetwork(networkID string) error
 	NetworksPrune(ctx context.Context, pruneFilters filters.Args) (*types.NetworksPruneReport, error)
 }
-
-// ClusterBackend is all the methods that need to be implemented
-// to provide cluster network specific functionality.
-type ClusterBackend interface {
-	GetNetworks(filters.Args) ([]types.NetworkResource, error)
-	GetNetwork(name string) (types.NetworkResource, error)
-	GetNetworksByName(name string) ([]types.NetworkResource, error)
-	CreateNetwork(nc types.NetworkCreateRequest) (string, error)
-	RemoveNetwork(name string) error
-}

api/server/router/network/filter.go

@@ -1 +1,93 @@
-package network // import "github.com/docker/docker/api/server/router/network"
+package network
+
+import (
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/runconfig"
+)
+
+func filterNetworkByType(nws []types.NetworkResource, netType string) ([]types.NetworkResource, error) {
+	retNws := []types.NetworkResource{}
+	switch netType {
+	case "builtin":
+		for _, nw := range nws {
+			if runconfig.IsPreDefinedNetwork(nw.Name) {
+				retNws = append(retNws, nw)
+			}
+		}
+	case "custom":
+		for _, nw := range nws {
+			if !runconfig.IsPreDefinedNetwork(nw.Name) {
+				retNws = append(retNws, nw)
+			}
+		}
+	default:
+		return nil, invalidFilter(netType)
+	}
+	return retNws, nil
+}
+
+type invalidFilter string
+
+func (e invalidFilter) Error() string {
+	return "Invalid filter: 'type'='" + string(e) + "'"
+}
+
+func (e invalidFilter) InvalidParameter() {}
+
+// filterNetworks filters network list according to user specified filter
+// and returns user chosen networks
+func filterNetworks(nws []types.NetworkResource, filter filters.Args) ([]types.NetworkResource, error) {
+	// if filter is empty, return original network list
+	if filter.Len() == 0 {
+		return nws, nil
+	}
+
+	displayNet := []types.NetworkResource{}
+	for _, nw := range nws {
+		if filter.Contains("driver") {
+			if !filter.ExactMatch("driver", nw.Driver) {
+				continue
+			}
+		}
+		if filter.Contains("name") {
+			if !filter.Match("name", nw.Name) {
+				continue
+			}
+		}
+		if filter.Contains("id") {
+			if !filter.Match("id", nw.ID) {
+				continue
+			}
+		}
+		if filter.Contains("label") {
+			if !filter.MatchKVList("label", nw.Labels) {
+				continue
+			}
+		}
+		if filter.Contains("scope") {
+			if !filter.ExactMatch("scope", nw.Scope) {
+				continue
+			}
+		}
+		displayNet = append(displayNet, nw)
+	}
+
+	if filter.Contains("type") {
+		typeNet := []types.NetworkResource{}
+		errFilter := filter.WalkValues("type", func(fval string) error {
+			passList, err := filterNetworkByType(displayNet, fval)
+			if err != nil {
+				return err
+			}
+			typeNet = append(typeNet, passList...)
+			return nil
+		})
+		if errFilter != nil {
+			return nil, errFilter
+		}
+		displayNet = typeNet
+	}
+
+	return displayNet, nil
+}

api/server/router/network/filter_test.go

@@ -0,0 +1,149 @@
+// +build !windows
+
+package network
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+)
+
+func TestFilterNetworks(t *testing.T) {
+	networks := []types.NetworkResource{
+		{
+			Name:   "host",
+			Driver: "host",
+			Scope:  "local",
+		},
+		{
+			Name:   "bridge",
+			Driver: "bridge",
+			Scope:  "local",
+		},
+		{
+			Name:   "none",
+			Driver: "null",
+			Scope:  "local",
+		},
+		{
+			Name:   "myoverlay",
+			Driver: "overlay",
+			Scope:  "swarm",
+		},
+		{
+			Name:   "mydrivernet",
+			Driver: "mydriver",
+			Scope:  "local",
+		},
+		{
+			Name:   "mykvnet",
+			Driver: "mykvdriver",
+			Scope:  "global",
+		},
+	}
+
+	bridgeDriverFilters := filters.NewArgs()
+	bridgeDriverFilters.Add("driver", "bridge")
+
+	overlayDriverFilters := filters.NewArgs()
+	overlayDriverFilters.Add("driver", "overlay")
+
+	nonameDriverFilters := filters.NewArgs()
+	nonameDriverFilters.Add("driver", "noname")
+
+	customDriverFilters := filters.NewArgs()
+	customDriverFilters.Add("type", "custom")
+
+	builtinDriverFilters := filters.NewArgs()
+	builtinDriverFilters.Add("type", "builtin")
+
+	invalidDriverFilters := filters.NewArgs()
+	invalidDriverFilters.Add("type", "invalid")
+
+	localScopeFilters := filters.NewArgs()
+	localScopeFilters.Add("scope", "local")
+
+	swarmScopeFilters := filters.NewArgs()
+	swarmScopeFilters.Add("scope", "swarm")
+
+	globalScopeFilters := filters.NewArgs()
+	globalScopeFilters.Add("scope", "global")
+
+	testCases := []struct {
+		filter      filters.Args
+		resultCount int
+		err         string
+	}{
+		{
+			filter:      bridgeDriverFilters,
+			resultCount: 1,
+			err:         "",
+		},
+		{
+			filter:      overlayDriverFilters,
+			resultCount: 1,
+			err:         "",
+		},
+		{
+			filter:      nonameDriverFilters,
+			resultCount: 0,
+			err:         "",
+		},
+		{
+			filter:      customDriverFilters,
+			resultCount: 3,
+			err:         "",
+		},
+		{
+			filter:      builtinDriverFilters,
+			resultCount: 3,
+			err:         "",
+		},
+		{
+			filter:      invalidDriverFilters,
+			resultCount: 0,
+			err:         "Invalid filter: 'type'='invalid'",
+		},
+		{
+			filter:      localScopeFilters,
+			resultCount: 4,
+			err:         "",
+		},
+		{
+			filter:      swarmScopeFilters,
+			resultCount: 1,
+			err:         "",
+		},
+		{
+			filter:      globalScopeFilters,
+			resultCount: 1,
+			err:         "",
+		},
+	}
+
+	for _, testCase := range testCases {
+		result, err := filterNetworks(networks, testCase.filter)
+		if testCase.err != "" {
+			if err == nil {
+				t.Fatalf("expect error '%s', got no error", testCase.err)
+
+			} else if !strings.Contains(err.Error(), testCase.err) {
+				t.Fatalf("expect error '%s', got '%s'", testCase.err, err)
+			}
+		} else {
+			if err != nil {
+				t.Fatalf("expect no error, got error '%s'", err)
+			}
+			// Make sure result is not nil
+			if result == nil {
+				t.Fatal("filterNetworks should not return nil")
+			}
+
+			if len(result) != testCase.resultCount {
+				t.Fatalf("expect '%d' networks, got '%d' networks", testCase.resultCount, len(result))
+			}
+		}
+	}
+}

api/server/router/network/network.go

@@ -1,18 +1,19 @@
-package network // import "github.com/docker/docker/api/server/router/network"
+package network
 
 import (
 	"github.com/docker/docker/api/server/router"
+	"github.com/docker/docker/daemon/cluster"
 )
 
 // networkRouter is a router to talk with the network controller
 type networkRouter struct {
 	backend Backend
-	cluster ClusterBackend
+	cluster *cluster.Cluster
 	routes  []router.Route
 }
 
 // NewRouter initializes a new network router
-func NewRouter(b Backend, c ClusterBackend) router.Router {
+func NewRouter(b Backend, c *cluster.Cluster) router.Router {
 	r := &networkRouter{
 		backend: b,
 		cluster: c,
@@ -36,7 +37,7 @@ func (r *networkRouter) initRoutes() {
 		router.NewPostRoute("/networks/create", r.postNetworkCreate),
 		router.NewPostRoute("/networks/{id:.*}/connect", r.postNetworkConnect),
 		router.NewPostRoute("/networks/{id:.*}/disconnect", r.postNetworkDisconnect),
-		router.NewPostRoute("/networks/prune", r.postNetworksPrune),
+		router.NewPostRoute("/networks/prune", r.postNetworksPrune, router.WithCancel),
 		// DELETE
 		router.NewDeleteRoute("/networks/{id:.*}", r.deleteNetwork),
 	}

api/server/router/network/network_routes.go

@@ -1,67 +1,85 @@
-package network // import "github.com/docker/docker/api/server/router/network"
+package network
 
 import (
-	"context"
+	"encoding/json"
 	"net/http"
 	"strconv"
 	"strings"
 
+	"golang.org/x/net/context"
+
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/libnetwork"
-	netconst "github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/libnetwork"
+	netconst "github.com/docker/libnetwork/datastore"
+	"github.com/docker/libnetwork/networkdb"
 	"github.com/pkg/errors"
 )
 
+var (
+	// acceptedNetworkFilters is a list of acceptable filters
+	acceptedNetworkFilters = map[string]bool{
+		"driver": true,
+		"type":   true,
+		"name":   true,
+		"id":     true,
+		"label":  true,
+		"scope":  true,
+	}
+)
+
 func (n *networkRouter) getNetworksList(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
 
-	filter, err := filters.FromJSON(r.Form.Get("filters"))
+	filter := r.Form.Get("filters")
+	netFilters, err := filters.FromJSON(filter)
 	if err != nil {
 		return err
 	}
 
-	if err := network.ValidateFilters(filter); err != nil {
+	if err := netFilters.Validate(acceptedNetworkFilters); err != nil {
 		return err
 	}
 
-	var list []types.NetworkResource
-	nr, err := n.cluster.GetNetworks(filter)
-	if err == nil {
-		list = nr
+	list := []types.NetworkResource{}
+
+	if nr, err := n.cluster.GetNetworks(); err == nil {
+		list = append(list, nr...)
 	}
 
 	// Combine the network list returned by Docker daemon if it is not already
 	// returned by the cluster manager
-	localNetworks, err := n.backend.GetNetworks(filter, types.NetworkListConfig{Detailed: versions.LessThan(httputils.VersionFromContext(ctx), "1.28")})
+SKIP:
+	for _, nw := range n.backend.GetNetworks() {
+		for _, nl := range list {
+			if nl.ID == nw.ID() {
+				continue SKIP
+			}
+		}
+
+		var nr *types.NetworkResource
+		// Versions < 1.28 fetches all the containers attached to a network
+		// in a network list api call. It is a heavy weight operation when
+		// run across all the networks. Starting API version 1.28, this detailed
+		// info is available for network specific GET API (equivalent to inspect)
+		if versions.LessThan(httputils.VersionFromContext(ctx), "1.28") {
+			nr = n.buildDetailedNetworkResources(nw, false)
+		} else {
+			nr = n.buildNetworkResource(nw)
+		}
+		list = append(list, *nr)
+	}
+
+	list, err = filterNetworks(list, netFilters)
 	if err != nil {
 		return err
 	}
-
-	var idx map[string]bool
-	if len(list) > 0 {
-		idx = make(map[string]bool, len(list))
-		for _, n := range list {
-			idx[n.ID] = true
-		}
-	}
-	for _, n := range localNetworks {
-		if idx[n.ID] {
-			continue
-		}
-		list = append(list, n)
-	}
-
-	if list == nil {
-		list = []types.NetworkResource{}
-	}
-
 	return httputils.WriteJSON(w, http.StatusOK, list)
 }
 
@@ -104,6 +122,13 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r
 	}
 	scope := r.URL.Query().Get("scope")
 
+	isMatchingScope := func(scope, term string) bool {
+		if term != "" {
+			return scope == term
+		}
+		return true
+	}
+
 	// In case multiple networks have duplicate names, return error.
 	// TODO (yongtang): should we wrap with version here for backward compatibility?
 
@@ -115,26 +140,20 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r
 	listByFullName := map[string]types.NetworkResource{}
 	listByPartialID := map[string]types.NetworkResource{}
 
-	// TODO(@cpuguy83): All this logic for figuring out which network to return does not belong here
-	// Instead there should be a backend function to just get one network.
-	filter := filters.NewArgs(filters.Arg("idOrName", term))
-	if scope != "" {
-		filter.Add("scope", scope)
-	}
-	nw, _ := n.backend.GetNetworks(filter, types.NetworkListConfig{Detailed: true, Verbose: verbose})
+	nw := n.backend.GetNetworks()
 	for _, network := range nw {
-		if network.ID == term {
-			return httputils.WriteJSON(w, http.StatusOK, network)
+		if network.ID() == term && isMatchingScope(network.Info().Scope(), scope) {
+			return httputils.WriteJSON(w, http.StatusOK, *n.buildDetailedNetworkResources(network, verbose))
 		}
-		if network.Name == term {
+		if network.Name() == term && isMatchingScope(network.Info().Scope(), scope) {
 			// No need to check the ID collision here as we are still in
 			// local scope and the network ID is unique in this scope.
-			listByFullName[network.ID] = network
+			listByFullName[network.ID()] = *n.buildDetailedNetworkResources(network, verbose)
 		}
-		if strings.HasPrefix(network.ID, term) {
+		if strings.HasPrefix(network.ID(), term) && isMatchingScope(network.Info().Scope(), scope) {
 			// No need to check the ID collision here as we are still in
 			// local scope and the network ID is unique in this scope.
-			listByPartialID[network.ID] = network
+			listByPartialID[network.ID()] = *n.buildDetailedNetworkResources(network, verbose)
 		}
 	}
 
@@ -145,23 +164,16 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r
 		// return the network. Skipped using isMatchingScope because it is true if the scope
 		// is not set which would be case if the client API v1.30
 		if strings.HasPrefix(nwk.ID, term) || (netconst.SwarmScope == scope) {
-			// If we have a previous match "backend", return it, we need verbose when enabled
-			// ex: overlay/partial_ID or name/swarm_scope
-			if nwv, ok := listByPartialID[nwk.ID]; ok {
-				nwk = nwv
-			} else if nwv, ok := listByFullName[nwk.ID]; ok {
-				nwk = nwv
-			}
 			return httputils.WriteJSON(w, http.StatusOK, nwk)
 		}
 	}
 
-	nr, _ := n.cluster.GetNetworks(filter)
+	nr, _ := n.cluster.GetNetworks()
 	for _, network := range nr {
-		if network.ID == term {
+		if network.ID == term && isMatchingScope(network.Scope, scope) {
 			return httputils.WriteJSON(w, http.StatusOK, network)
 		}
-		if network.Name == term {
+		if network.Name == term && isMatchingScope(network.Scope, scope) {
 			// Check the ID collision as we are in swarm scope here, and
 			// the map (of the listByFullName) may have already had a
 			// network with the same ID (from local scope previously)
@@ -169,7 +181,7 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r
 				listByFullName[network.ID] = network
 			}
 		}
-		if strings.HasPrefix(network.ID, term) {
+		if strings.HasPrefix(network.ID, term) && isMatchingScope(network.Scope, scope) {
 			// Check the ID collision as we are in swarm scope here, and
 			// the map (of the listByPartialID) may have already had a
 			// network with the same ID (from local scope previously)
@@ -203,12 +215,17 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r
 }
 
 func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var create types.NetworkCreateRequest
+
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
 
-	var create types.NetworkCreateRequest
-	if err := httputils.ReadJSON(r, &create); err != nil {
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	if err := json.NewDecoder(r.Body).Decode(&create); err != nil {
 		return err
 	}
 
@@ -245,12 +262,16 @@ func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWr
 }
 
 func (n *networkRouter) postNetworkConnect(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var connect types.NetworkConnect
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
 
-	var connect types.NetworkConnect
-	if err := httputils.ReadJSON(r, &connect); err != nil {
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	if err := json.NewDecoder(r.Body).Decode(&connect); err != nil {
 		return err
 	}
 
@@ -262,12 +283,16 @@ func (n *networkRouter) postNetworkConnect(ctx context.Context, w http.ResponseW
 }
 
 func (n *networkRouter) postNetworkDisconnect(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var disconnect types.NetworkDisconnect
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
 
-	var disconnect types.NetworkDisconnect
-	if err := httputils.ReadJSON(r, &disconnect); err != nil {
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+
+	if err := json.NewDecoder(r.Body).Decode(&disconnect); err != nil {
 		return err
 	}
 
@@ -296,6 +321,182 @@ func (n *networkRouter) deleteNetwork(ctx context.Context, w http.ResponseWriter
 	return nil
 }
 
+func (n *networkRouter) buildNetworkResource(nw libnetwork.Network) *types.NetworkResource {
+	r := &types.NetworkResource{}
+	if nw == nil {
+		return r
+	}
+
+	info := nw.Info()
+	r.Name = nw.Name()
+	r.ID = nw.ID()
+	r.Created = info.Created()
+	r.Scope = info.Scope()
+	r.Driver = nw.Type()
+	r.EnableIPv6 = info.IPv6Enabled()
+	r.Internal = info.Internal()
+	r.Attachable = info.Attachable()
+	r.Ingress = info.Ingress()
+	r.Options = info.DriverOptions()
+	r.Containers = make(map[string]types.EndpointResource)
+	buildIpamResources(r, info)
+	r.Labels = info.Labels()
+	r.ConfigOnly = info.ConfigOnly()
+
+	if cn := info.ConfigFrom(); cn != "" {
+		r.ConfigFrom = network.ConfigReference{Network: cn}
+	}
+
+	peers := info.Peers()
+	if len(peers) != 0 {
+		r.Peers = buildPeerInfoResources(peers)
+	}
+
+	return r
+}
+
+func (n *networkRouter) buildDetailedNetworkResources(nw libnetwork.Network, verbose bool) *types.NetworkResource {
+	if nw == nil {
+		return &types.NetworkResource{}
+	}
+
+	r := n.buildNetworkResource(nw)
+	epl := nw.Endpoints()
+	for _, e := range epl {
+		ei := e.Info()
+		if ei == nil {
+			continue
+		}
+		sb := ei.Sandbox()
+		tmpID := e.ID()
+		key := "ep-" + tmpID
+		if sb != nil {
+			key = sb.ContainerID()
+		}
+
+		r.Containers[key] = buildEndpointResource(tmpID, e.Name(), ei)
+	}
+	if !verbose {
+		return r
+	}
+	services := nw.Info().Services()
+	r.Services = make(map[string]network.ServiceInfo)
+	for name, service := range services {
+		tasks := []network.Task{}
+		for _, t := range service.Tasks {
+			tasks = append(tasks, network.Task{
+				Name:       t.Name,
+				EndpointID: t.EndpointID,
+				EndpointIP: t.EndpointIP,
+				Info:       t.Info,
+			})
+		}
+		r.Services[name] = network.ServiceInfo{
+			VIP:          service.VIP,
+			Ports:        service.Ports,
+			Tasks:        tasks,
+			LocalLBIndex: service.LocalLBIndex,
+		}
+	}
+	return r
+}
+
+func buildPeerInfoResources(peers []networkdb.PeerInfo) []network.PeerInfo {
+	peerInfo := make([]network.PeerInfo, 0, len(peers))
+	for _, peer := range peers {
+		peerInfo = append(peerInfo, network.PeerInfo{
+			Name: peer.Name,
+			IP:   peer.IP,
+		})
+	}
+	return peerInfo
+}
+
+func buildIpamResources(r *types.NetworkResource, nwInfo libnetwork.NetworkInfo) {
+	id, opts, ipv4conf, ipv6conf := nwInfo.IpamConfig()
+
+	ipv4Info, ipv6Info := nwInfo.IpamInfo()
+
+	r.IPAM.Driver = id
+
+	r.IPAM.Options = opts
+
+	r.IPAM.Config = []network.IPAMConfig{}
+	for _, ip4 := range ipv4conf {
+		if ip4.PreferredPool == "" {
+			continue
+		}
+		iData := network.IPAMConfig{}
+		iData.Subnet = ip4.PreferredPool
+		iData.IPRange = ip4.SubPool
+		iData.Gateway = ip4.Gateway
+		iData.AuxAddress = ip4.AuxAddresses
+		r.IPAM.Config = append(r.IPAM.Config, iData)
+	}
+
+	if len(r.IPAM.Config) == 0 {
+		for _, ip4Info := range ipv4Info {
+			iData := network.IPAMConfig{}
+			iData.Subnet = ip4Info.IPAMData.Pool.String()
+			if ip4Info.IPAMData.Gateway != nil {
+				iData.Gateway = ip4Info.IPAMData.Gateway.IP.String()
+			}
+			r.IPAM.Config = append(r.IPAM.Config, iData)
+		}
+	}
+
+	hasIpv6Conf := false
+	for _, ip6 := range ipv6conf {
+		if ip6.PreferredPool == "" {
+			continue
+		}
+		hasIpv6Conf = true
+		iData := network.IPAMConfig{}
+		iData.Subnet = ip6.PreferredPool
+		iData.IPRange = ip6.SubPool
+		iData.Gateway = ip6.Gateway
+		iData.AuxAddress = ip6.AuxAddresses
+		r.IPAM.Config = append(r.IPAM.Config, iData)
+	}
+
+	if !hasIpv6Conf {
+		for _, ip6Info := range ipv6Info {
+			if ip6Info.IPAMData.Pool == nil {
+				continue
+			}
+			iData := network.IPAMConfig{}
+			iData.Subnet = ip6Info.IPAMData.Pool.String()
+			iData.Gateway = ip6Info.IPAMData.Gateway.String()
+			r.IPAM.Config = append(r.IPAM.Config, iData)
+		}
+	}
+}
+
+func buildEndpointResource(id string, name string, info libnetwork.EndpointInfo) types.EndpointResource {
+	er := types.EndpointResource{}
+
+	er.EndpointID = id
+	er.Name = name
+	ei := info
+	if ei == nil {
+		return er
+	}
+
+	if iface := ei.Iface(); iface != nil {
+		if mac := iface.MacAddress(); mac != nil {
+			er.MacAddress = mac.String()
+		}
+		if ip := iface.Address(); ip != nil && len(ip.IP) > 0 {
+			er.IPv4Address = ip.String()
+		}
+
+		if ipv6 := iface.AddressIPv6(); ipv6 != nil && len(ipv6.IP) > 0 {
+			er.IPv6Address = ipv6.String()
+		}
+	}
+	return er
+}
+
 func (n *networkRouter) postNetworksPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
@@ -325,25 +526,25 @@ func (n *networkRouter) findUniqueNetwork(term string) (types.NetworkResource, e
 	listByFullName := map[string]types.NetworkResource{}
 	listByPartialID := map[string]types.NetworkResource{}
 
-	filter := filters.NewArgs(filters.Arg("idOrName", term))
-	nw, _ := n.backend.GetNetworks(filter, types.NetworkListConfig{Detailed: true})
+	nw := n.backend.GetNetworks()
 	for _, network := range nw {
-		if network.ID == term {
-			return network, nil
+		if network.ID() == term {
+			return *n.buildDetailedNetworkResources(network, false), nil
+
 		}
-		if network.Name == term && !network.Ingress {
+		if network.Name() == term && !network.Info().Ingress() {
 			// No need to check the ID collision here as we are still in
 			// local scope and the network ID is unique in this scope.
-			listByFullName[network.ID] = network
+			listByFullName[network.ID()] = *n.buildDetailedNetworkResources(network, false)
 		}
-		if strings.HasPrefix(network.ID, term) {
+		if strings.HasPrefix(network.ID(), term) {
 			// No need to check the ID collision here as we are still in
 			// local scope and the network ID is unique in this scope.
-			listByPartialID[network.ID] = network
+			listByPartialID[network.ID()] = *n.buildDetailedNetworkResources(network, false)
 		}
 	}
 
-	nr, _ := n.cluster.GetNetworks(filter)
+	nr, _ := n.cluster.GetNetworks()
 	for _, network := range nr {
 		if network.ID == term {
 			return network, nil

api/server/router/plugin/backend.go

@@ -1,7 +1,6 @@
-package plugin // import "github.com/docker/docker/api/server/router/plugin"
+package plugin
 
 import (
-	"context"
 	"io"
 	"net/http"
 
@@ -9,6 +8,7 @@ import (
 	enginetypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/plugin"
+	"golang.org/x/net/context"
 )
 
 // Backend for Plugin

api/server/router/plugin/plugin.go

@@ -1,4 +1,4 @@
-package plugin // import "github.com/docker/docker/api/server/router/plugin"
+package plugin
 
 import "github.com/docker/docker/api/server/router"
 
@@ -28,11 +28,11 @@ func (r *pluginRouter) initRoutes() {
 		router.NewGetRoute("/plugins/{name:.*}/json", r.inspectPlugin),
 		router.NewGetRoute("/plugins/privileges", r.getPrivileges),
 		router.NewDeleteRoute("/plugins/{name:.*}", r.removePlugin),
-		router.NewPostRoute("/plugins/{name:.*}/enable", r.enablePlugin),
+		router.NewPostRoute("/plugins/{name:.*}/enable", r.enablePlugin), // PATCH?
 		router.NewPostRoute("/plugins/{name:.*}/disable", r.disablePlugin),
-		router.NewPostRoute("/plugins/pull", r.pullPlugin),
-		router.NewPostRoute("/plugins/{name:.*}/push", r.pushPlugin),
-		router.NewPostRoute("/plugins/{name:.*}/upgrade", r.upgradePlugin),
+		router.NewPostRoute("/plugins/pull", r.pullPlugin, router.WithCancel),
+		router.NewPostRoute("/plugins/{name:.*}/push", r.pushPlugin, router.WithCancel),
+		router.NewPostRoute("/plugins/{name:.*}/upgrade", r.upgradePlugin, router.WithCancel),
 		router.NewPostRoute("/plugins/{name:.*}/set", r.setPlugin),
 		router.NewPostRoute("/plugins/create", r.createPlugin),
 	}

api/server/router/plugin/plugin_routes.go

@@ -1,7 +1,6 @@
-package plugin // import "github.com/docker/docker/api/server/router/plugin"
+package plugin
 
 import (
-	"context"
 	"encoding/base64"
 	"encoding/json"
 	"net/http"
@@ -15,6 +14,7 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/pkg/errors"
+	"golang.org/x/net/context"
 )
 
 func parseHeaders(headers http.Header) (map[string][]string, *types.AuthConfig) {
@@ -94,8 +94,12 @@ func (pr *pluginRouter) upgradePlugin(ctx context.Context, w http.ResponseWriter
 	}
 
 	var privileges types.PluginPrivileges
-	if err := httputils.ReadJSON(r, &privileges); err != nil {
-		return err
+	dec := json.NewDecoder(r.Body)
+	if err := dec.Decode(&privileges); err != nil {
+		return errors.Wrap(err, "failed to parse privileges")
+	}
+	if dec.More() {
+		return errors.New("invalid privileges")
 	}
 
 	metaHeaders, authConfig := parseHeaders(r.Header)
@@ -117,7 +121,7 @@ func (pr *pluginRouter) upgradePlugin(ctx context.Context, w http.ResponseWriter
 		if !output.Flushed() {
 			return err
 		}
-		_, _ = output.Write(streamformatter.FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 
 	return nil
@@ -129,8 +133,12 @@ func (pr *pluginRouter) pullPlugin(ctx context.Context, w http.ResponseWriter, r
 	}
 
 	var privileges types.PluginPrivileges
-	if err := httputils.ReadJSON(r, &privileges); err != nil {
-		return err
+	dec := json.NewDecoder(r.Body)
+	if err := dec.Decode(&privileges); err != nil {
+		return errors.Wrap(err, "failed to parse privileges")
+	}
+	if dec.More() {
+		return errors.New("invalid privileges")
 	}
 
 	metaHeaders, authConfig := parseHeaders(r.Header)
@@ -152,7 +160,7 @@ func (pr *pluginRouter) pullPlugin(ctx context.Context, w http.ResponseWriter, r
 		if !output.Flushed() {
 			return err
 		}
-		_, _ = output.Write(streamformatter.FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 
 	return nil
@@ -201,7 +209,7 @@ func (pr *pluginRouter) createPlugin(ctx context.Context, w http.ResponseWriter,
 	if err := pr.backend.CreateFromContext(ctx, r.Body, options); err != nil {
 		return err
 	}
-	// TODO: send progress bar
+	//TODO: send progress bar
 	w.WriteHeader(http.StatusNoContent)
 	return nil
 }
@@ -260,14 +268,14 @@ func (pr *pluginRouter) pushPlugin(ctx context.Context, w http.ResponseWriter, r
 		if !output.Flushed() {
 			return err
 		}
-		_, _ = output.Write(streamformatter.FormatError(err))
+		output.Write(streamformatter.FormatError(err))
 	}
 	return nil
 }
 
 func (pr *pluginRouter) setPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var args []string
-	if err := httputils.ReadJSON(r, &args); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&args); err != nil {
 		return err
 	}
 	if err := pr.backend.Set(vars["name"], args); err != nil {

api/server/router/router.go

@@ -1,4 +1,4 @@
-package router // import "github.com/docker/docker/api/server/router"
+package router
 
 import "github.com/docker/docker/api/server/httputils"
 

api/server/router/session/backend.go

@@ -1,8 +1,9 @@
-package session // import "github.com/docker/docker/api/server/router/session"
+package session
 
 import (
-	"context"
 	"net/http"
+
+	"golang.org/x/net/context"
 )
 
 // Backend abstracts an session receiver from an http request.

api/server/router/session/session.go

@@ -1,4 +1,4 @@
-package session // import "github.com/docker/docker/api/server/router/session"
+package session
 
 import "github.com/docker/docker/api/server/router"
 
@@ -24,6 +24,6 @@ func (r *sessionRouter) Routes() []router.Route {
 
 func (r *sessionRouter) initRoutes() {
 	r.routes = []router.Route{
-		router.NewPostRoute("/session", r.startSession),
+		router.Experimental(router.NewPostRoute("/session", r.startSession)),
 	}
 }

api/server/router/session/session_routes.go

@@ -1,10 +1,10 @@
-package session // import "github.com/docker/docker/api/server/router/session"
+package session
 
 import (
-	"context"
 	"net/http"
 
 	"github.com/docker/docker/errdefs"
+	"golang.org/x/net/context"
 )
 
 func (sr *sessionRouter) startSession(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {

api/server/router/swarm/backend.go

@@ -1,11 +1,10 @@
-package swarm // import "github.com/docker/docker/api/server/router/swarm"
+package swarm
 
 import (
-	"context"
-
 	basictypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	types "github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
 )
 
 // Backend abstracts a swarm manager.

api/server/router/swarm/cluster.go

@@ -1,4 +1,4 @@
-package swarm // import "github.com/docker/docker/api/server/router/swarm"
+package swarm
 
 import "github.com/docker/docker/api/server/router"
 
@@ -37,7 +37,7 @@ func (sr *swarmRouter) initRoutes() {
 		router.NewPostRoute("/services/create", sr.createService),
 		router.NewPostRoute("/services/{id}/update", sr.updateService),
 		router.NewDeleteRoute("/services/{id}", sr.removeService),
-		router.NewGetRoute("/services/{id}/logs", sr.getServiceLogs),
+		router.NewGetRoute("/services/{id}/logs", sr.getServiceLogs, router.WithCancel),
 
 		router.NewGetRoute("/nodes", sr.getNodes),
 		router.NewGetRoute("/nodes/{id}", sr.getNode),
@@ -46,7 +46,7 @@ func (sr *swarmRouter) initRoutes() {
 
 		router.NewGetRoute("/tasks", sr.getTasks),
 		router.NewGetRoute("/tasks/{id}", sr.getTask),
-		router.NewGetRoute("/tasks/{id}/logs", sr.getTaskLogs),
+		router.NewGetRoute("/tasks/{id}/logs", sr.getTaskLogs, router.WithCancel),
 
 		router.NewGetRoute("/secrets", sr.getSecrets),
 		router.NewPostRoute("/secrets/create", sr.createSecret),

api/server/router/swarm/cluster_routes.go

@@ -1,7 +1,7 @@
-package swarm // import "github.com/docker/docker/api/server/router/swarm"
+package swarm
 
 import (
-	"context"
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"strconv"
@@ -15,27 +15,17 @@ import (
 	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/net/context"
 )
 
 func (sr *swarmRouter) initCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var req types.InitRequest
-	if err := httputils.ReadJSON(r, &req); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		return err
 	}
-	version := httputils.VersionFromContext(ctx)
-
-	// DefaultAddrPool and SubnetSize were added in API 1.39. Ignore on older API versions.
-	if versions.LessThan(version, "1.39") {
-		req.DefaultAddrPool = nil
-		req.SubnetSize = 0
-	}
-	// DataPathPort was added in API 1.40. Ignore this option on older API versions.
-	if versions.LessThan(version, "1.40") {
-		req.DataPathPort = 0
-	}
 	nodeID, err := sr.backend.Init(req)
 	if err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error initializing swarm")
+		logrus.Errorf("Error initializing swarm: %v", err)
 		return err
 	}
 	return httputils.WriteJSON(w, http.StatusOK, nodeID)
@@ -43,7 +33,7 @@ func (sr *swarmRouter) initCluster(ctx context.Context, w http.ResponseWriter, r
 
 func (sr *swarmRouter) joinCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var req types.JoinRequest
-	if err := httputils.ReadJSON(r, &req); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		return err
 	}
 	return sr.backend.Join(req)
@@ -61,7 +51,7 @@ func (sr *swarmRouter) leaveCluster(ctx context.Context, w http.ResponseWriter,
 func (sr *swarmRouter) inspectCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	swarm, err := sr.backend.Inspect()
 	if err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error getting swarm")
+		logrus.Errorf("Error getting swarm: %v", err)
 		return err
 	}
 
@@ -70,7 +60,7 @@ func (sr *swarmRouter) inspectCluster(ctx context.Context, w http.ResponseWriter
 
 func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var swarm types.Spec
-	if err := httputils.ReadJSON(r, &swarm); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&swarm); err != nil {
 		return err
 	}
 
@@ -113,7 +103,7 @@ func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter,
 	}
 
 	if err := sr.backend.Update(version, swarm, flags); err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error configuring swarm")
+		logrus.Errorf("Error configuring swarm: %v", err)
 		return err
 	}
 	return nil
@@ -121,12 +111,12 @@ func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter,
 
 func (sr *swarmRouter) unlockCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var req types.UnlockRequest
-	if err := httputils.ReadJSON(r, &req); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		return err
 	}
 
 	if err := sr.backend.UnlockSwarm(req); err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error unlocking swarm")
+		logrus.Errorf("Error unlocking swarm: %v", err)
 		return err
 	}
 	return nil
@@ -135,7 +125,7 @@ func (sr *swarmRouter) unlockCluster(ctx context.Context, w http.ResponseWriter,
 func (sr *swarmRouter) getUnlockKey(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	unlockKey, err := sr.backend.GetUnlockKey()
 	if err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error retrieving swarm unlock key")
+		logrus.WithError(err).Errorf("Error retrieving swarm unlock key")
 		return err
 	}
 
@@ -150,24 +140,12 @@ func (sr *swarmRouter) getServices(ctx context.Context, w http.ResponseWriter, r
 	}
 	filter, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
-	// the status query parameter is only support in API versions >= 1.41. If
-	// the client is using a lesser version, ignore the parameter.
-	cliVersion := httputils.VersionFromContext(ctx)
-	var status bool
-	if value := r.URL.Query().Get("status"); value != "" && !versions.LessThan(cliVersion, "1.41") {
-		var err error
-		status, err = strconv.ParseBool(value)
-		if err != nil {
-			return errors.Wrapf(errdefs.InvalidParameter(err), "invalid value for status: %s", value)
-		}
-	}
-
-	services, err := sr.backend.GetServices(basictypes.ServiceListOptions{Filters: filter, Status: status})
+	services, err := sr.backend.GetServices(basictypes.ServiceListOptions{Filters: filter})
 	if err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error getting services")
+		logrus.Errorf("Error getting services: %v", err)
 		return err
 	}
 
@@ -176,27 +154,18 @@ func (sr *swarmRouter) getServices(ctx context.Context, w http.ResponseWriter, r
 
 func (sr *swarmRouter) getService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var insertDefaults bool
-
 	if value := r.URL.Query().Get("insertDefaults"); value != "" {
 		var err error
 		insertDefaults, err = strconv.ParseBool(value)
 		if err != nil {
+			err := fmt.Errorf("invalid value for insertDefaults: %s", value)
 			return errors.Wrapf(errdefs.InvalidParameter(err), "invalid value for insertDefaults: %s", value)
 		}
 	}
 
-	// you may note that there is no code here to handle the "status" query
-	// parameter, as in getServices. the Status field is not supported when
-	// retrieving an individual service because the Backend API changes
-	// required to accommodate it would be too disruptive, and because that
-	// field is so rarely needed as part of an individual service inspection.
-
 	service, err := sr.backend.GetService(vars["id"], insertDefaults)
 	if err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":      err,
-			"service-id": vars["id"],
-		}).Debug("Error getting service")
+		logrus.Errorf("Error getting service %s: %v", vars["id"], err)
 		return err
 	}
 
@@ -205,25 +174,21 @@ func (sr *swarmRouter) getService(ctx context.Context, w http.ResponseWriter, r
 
 func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var service types.ServiceSpec
-	if err := httputils.ReadJSON(r, &service); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&service); err != nil {
 		return err
 	}
 
 	// Get returns "" if the header does not exist
 	encodedAuth := r.Header.Get("X-Registry-Auth")
+	cliVersion := r.Header.Get("version")
 	queryRegistry := false
-	if v := httputils.VersionFromContext(ctx); v != "" {
-		if versions.LessThan(v, "1.30") {
-			queryRegistry = true
-		}
-		adjustForAPIVersion(v, &service)
+	if cliVersion != "" && versions.LessThan(cliVersion, "1.30") {
+		queryRegistry = true
 	}
+
 	resp, err := sr.backend.CreateService(service, encodedAuth, queryRegistry)
 	if err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":        err,
-			"service-name": service.Name,
-		}).Debug("Error creating service")
+		logrus.Errorf("Error creating service %s: %v", service.Name, err)
 		return err
 	}
 
@@ -232,7 +197,7 @@ func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter,
 
 func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var service types.ServiceSpec
-	if err := httputils.ReadJSON(r, &service); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&service); err != nil {
 		return err
 	}
 
@@ -249,20 +214,15 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter,
 	flags.EncodedRegistryAuth = r.Header.Get("X-Registry-Auth")
 	flags.RegistryAuthFrom = r.URL.Query().Get("registryAuthFrom")
 	flags.Rollback = r.URL.Query().Get("rollback")
+	cliVersion := r.Header.Get("version")
 	queryRegistry := false
-	if v := httputils.VersionFromContext(ctx); v != "" {
-		if versions.LessThan(v, "1.30") {
-			queryRegistry = true
-		}
-		adjustForAPIVersion(v, &service)
+	if cliVersion != "" && versions.LessThan(cliVersion, "1.30") {
+		queryRegistry = true
 	}
 
 	resp, err := sr.backend.UpdateService(vars["id"], version, service, flags, queryRegistry)
 	if err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":      err,
-			"service-id": vars["id"],
-		}).Debug("Error updating service")
+		logrus.Errorf("Error updating service %s: %v", vars["id"], err)
 		return err
 	}
 	return httputils.WriteJSON(w, http.StatusOK, resp)
@@ -270,10 +230,7 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter,
 
 func (sr *swarmRouter) removeService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := sr.backend.RemoveService(vars["id"]); err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":      err,
-			"service-id": vars["id"],
-		}).Debug("Error removing service")
+		logrus.Errorf("Error removing service %s: %v", vars["id"], err)
 		return err
 	}
 	return nil
@@ -314,7 +271,7 @@ func (sr *swarmRouter) getNodes(ctx context.Context, w http.ResponseWriter, r *h
 
 	nodes, err := sr.backend.GetNodes(basictypes.NodeListOptions{Filters: filter})
 	if err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error getting nodes")
+		logrus.Errorf("Error getting nodes: %v", err)
 		return err
 	}
 
@@ -324,10 +281,7 @@ func (sr *swarmRouter) getNodes(ctx context.Context, w http.ResponseWriter, r *h
 func (sr *swarmRouter) getNode(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	node, err := sr.backend.GetNode(vars["id"])
 	if err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":   err,
-			"node-id": vars["id"],
-		}).Debug("Error getting node")
+		logrus.Errorf("Error getting node %s: %v", vars["id"], err)
 		return err
 	}
 
@@ -336,7 +290,7 @@ func (sr *swarmRouter) getNode(ctx context.Context, w http.ResponseWriter, r *ht
 
 func (sr *swarmRouter) updateNode(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var node types.NodeSpec
-	if err := httputils.ReadJSON(r, &node); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&node); err != nil {
 		return err
 	}
 
@@ -348,10 +302,7 @@ func (sr *swarmRouter) updateNode(ctx context.Context, w http.ResponseWriter, r
 	}
 
 	if err := sr.backend.UpdateNode(vars["id"], version, node); err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":   err,
-			"node-id": vars["id"],
-		}).Debug("Error updating node")
+		logrus.Errorf("Error updating node %s: %v", vars["id"], err)
 		return err
 	}
 	return nil
@@ -365,10 +316,7 @@ func (sr *swarmRouter) removeNode(ctx context.Context, w http.ResponseWriter, r
 	force := httputils.BoolValue(r, "force")
 
 	if err := sr.backend.RemoveNode(vars["id"], force); err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":   err,
-			"node-id": vars["id"],
-		}).Debug("Error removing node")
+		logrus.Errorf("Error removing node %s: %v", vars["id"], err)
 		return err
 	}
 	return nil
@@ -385,7 +333,7 @@ func (sr *swarmRouter) getTasks(ctx context.Context, w http.ResponseWriter, r *h
 
 	tasks, err := sr.backend.GetTasks(basictypes.TaskListOptions{Filters: filter})
 	if err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error getting tasks")
+		logrus.Errorf("Error getting tasks: %v", err)
 		return err
 	}
 
@@ -395,10 +343,7 @@ func (sr *swarmRouter) getTasks(ctx context.Context, w http.ResponseWriter, r *h
 func (sr *swarmRouter) getTask(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	task, err := sr.backend.GetTask(vars["id"])
 	if err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":   err,
-			"task-id": vars["id"],
-		}).Debug("Error getting task")
+		logrus.Errorf("Error getting task %s: %v", vars["id"], err)
 		return err
 	}
 
@@ -424,13 +369,9 @@ func (sr *swarmRouter) getSecrets(ctx context.Context, w http.ResponseWriter, r
 
 func (sr *swarmRouter) createSecret(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var secret types.SecretSpec
-	if err := httputils.ReadJSON(r, &secret); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&secret); err != nil {
 		return err
 	}
-	version := httputils.VersionFromContext(ctx)
-	if secret.Templating != nil && versions.LessThan(version, "1.37") {
-		return errdefs.InvalidParameter(errors.Errorf("secret templating is not supported on the specified API version: %s", version))
-	}
 
 	id, err := sr.backend.CreateSecret(secret)
 	if err != nil {
@@ -462,8 +403,8 @@ func (sr *swarmRouter) getSecret(ctx context.Context, w http.ResponseWriter, r *
 
 func (sr *swarmRouter) updateSecret(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var secret types.SecretSpec
-	if err := httputils.ReadJSON(r, &secret); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&secret); err != nil {
+		return errdefs.InvalidParameter(err)
 	}
 
 	rawVersion := r.URL.Query().Get("version")
@@ -495,15 +436,10 @@ func (sr *swarmRouter) getConfigs(ctx context.Context, w http.ResponseWriter, r
 
 func (sr *swarmRouter) createConfig(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var config types.ConfigSpec
-	if err := httputils.ReadJSON(r, &config); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&config); err != nil {
 		return err
 	}
 
-	version := httputils.VersionFromContext(ctx)
-	if config.Templating != nil && versions.LessThan(version, "1.37") {
-		return errdefs.InvalidParameter(errors.Errorf("config templating is not supported on the specified API version: %s", version))
-	}
-
 	id, err := sr.backend.CreateConfig(config)
 	if err != nil {
 		return err
@@ -534,8 +470,8 @@ func (sr *swarmRouter) getConfig(ctx context.Context, w http.ResponseWriter, r *
 
 func (sr *swarmRouter) updateConfig(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var config types.ConfigSpec
-	if err := httputils.ReadJSON(r, &config); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&config); err != nil {
+		return errdefs.InvalidParameter(err)
 	}
 
 	rawVersion := r.URL.Query().Get("version")

api/server/router/swarm/helpers.go

@@ -1,20 +1,19 @@
-package swarm // import "github.com/docker/docker/api/server/router/swarm"
+package swarm
 
 import (
-	"context"
 	"fmt"
+	"io"
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
 	basictypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/api/types/versions"
+	"golang.org/x/net/context"
 )
 
 // swarmLogs takes an http response, request, and selector, and writes the logs
 // specified by the selector to the response
-func (sr *swarmRouter) swarmLogs(ctx context.Context, w http.ResponseWriter, r *http.Request, selector *backend.LogSelector) error {
+func (sr *swarmRouter) swarmLogs(ctx context.Context, w io.Writer, r *http.Request, selector *backend.LogSelector) error {
 	// Args are validated before the stream starts because when it starts we're
 	// sending HTTP 200 by writing an empty chunk of data to tell the client that
 	// daemon is going to stream. By sending this initial HTTP 200 we can't report
@@ -62,60 +61,6 @@ func (sr *swarmRouter) swarmLogs(ctx context.Context, w http.ResponseWriter, r *
 		return err
 	}
 
-	contentType := basictypes.MediaTypeRawStream
-	if !tty && versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
-		contentType = basictypes.MediaTypeMultiplexedStream
-	}
-	w.Header().Set("Content-Type", contentType)
 	httputils.WriteLogStream(ctx, w, msgs, logsConfig, !tty)
 	return nil
 }
-
-// adjustForAPIVersion takes a version and service spec and removes fields to
-// make the spec compatible with the specified version.
-func adjustForAPIVersion(cliVersion string, service *swarm.ServiceSpec) {
-	if cliVersion == "" {
-		return
-	}
-	if versions.LessThan(cliVersion, "1.40") {
-		if service.TaskTemplate.ContainerSpec != nil {
-			// Sysctls for docker swarm services weren't supported before
-			// API version 1.40
-			service.TaskTemplate.ContainerSpec.Sysctls = nil
-
-			if service.TaskTemplate.ContainerSpec.Privileges != nil && service.TaskTemplate.ContainerSpec.Privileges.CredentialSpec != nil {
-				// Support for setting credential-spec through configs was added in API 1.40
-				service.TaskTemplate.ContainerSpec.Privileges.CredentialSpec.Config = ""
-			}
-			for _, config := range service.TaskTemplate.ContainerSpec.Configs {
-				// support for the Runtime target was added in API 1.40
-				config.Runtime = nil
-			}
-		}
-
-		if service.TaskTemplate.Placement != nil {
-			// MaxReplicas for docker swarm services weren't supported before
-			// API version 1.40
-			service.TaskTemplate.Placement.MaxReplicas = 0
-		}
-	}
-	if versions.LessThan(cliVersion, "1.41") {
-		if service.TaskTemplate.ContainerSpec != nil {
-			// Capabilities and Ulimits for docker swarm services weren't
-			// supported before API version 1.41
-			service.TaskTemplate.ContainerSpec.CapabilityAdd = nil
-			service.TaskTemplate.ContainerSpec.CapabilityDrop = nil
-			service.TaskTemplate.ContainerSpec.Ulimits = nil
-		}
-		if service.TaskTemplate.Resources != nil && service.TaskTemplate.Resources.Limits != nil {
-			// Limits.Pids  not supported before API version 1.41
-			service.TaskTemplate.Resources.Limits.Pids = 0
-		}
-
-		// jobs were only introduced in API version 1.41. Nil out both Job
-		// modes; if the service is one of these modes and subsequently has no
-		// mode, then something down the pipe will thrown an error.
-		service.Mode.ReplicatedJob = nil
-		service.Mode.GlobalJob = nil
-	}
-}

api/server/router/swarm/helpers_test.go

@@ -1,118 +0,0 @@
-package swarm // import "github.com/docker/docker/api/server/router/swarm"
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/go-units"
-)
-
-func TestAdjustForAPIVersion(t *testing.T) {
-	var (
-		expectedSysctls = map[string]string{"foo": "bar"}
-	)
-	// testing the negative -- does this leave everything else alone? -- is
-	// prohibitively time-consuming to write, because it would need an object
-	// with literally every field filled in.
-	spec := &swarm.ServiceSpec{
-		TaskTemplate: swarm.TaskSpec{
-			ContainerSpec: &swarm.ContainerSpec{
-				Sysctls: expectedSysctls,
-				Privileges: &swarm.Privileges{
-					CredentialSpec: &swarm.CredentialSpec{
-						Config: "someconfig",
-					},
-				},
-				Configs: []*swarm.ConfigReference{
-					{
-						File: &swarm.ConfigReferenceFileTarget{
-							Name: "foo",
-							UID:  "bar",
-							GID:  "baz",
-						},
-						ConfigID:   "configFile",
-						ConfigName: "configFile",
-					},
-					{
-						Runtime:    &swarm.ConfigReferenceRuntimeTarget{},
-						ConfigID:   "configRuntime",
-						ConfigName: "configRuntime",
-					},
-				},
-				Ulimits: []*units.Ulimit{
-					{
-						Name: "nofile",
-						Soft: 100,
-						Hard: 200,
-					},
-				},
-			},
-			Placement: &swarm.Placement{
-				MaxReplicas: 222,
-			},
-			Resources: &swarm.ResourceRequirements{
-				Limits: &swarm.Limit{
-					Pids: 300,
-				},
-			},
-		},
-	}
-
-	// first, does calling this with a later version correctly NOT strip
-	// fields? do the later version first, so we can reuse this spec in the
-	// next test.
-	adjustForAPIVersion("1.41", spec)
-	if !reflect.DeepEqual(spec.TaskTemplate.ContainerSpec.Sysctls, expectedSysctls) {
-		t.Error("Sysctls was stripped from spec")
-	}
-
-	if spec.TaskTemplate.Resources.Limits.Pids == 0 {
-		t.Error("PidsLimit was stripped from spec")
-	}
-	if spec.TaskTemplate.Resources.Limits.Pids != 300 {
-		t.Error("PidsLimit did not preserve the value from spec")
-	}
-
-	if spec.TaskTemplate.ContainerSpec.Privileges.CredentialSpec.Config != "someconfig" {
-		t.Error("CredentialSpec.Config field was stripped from spec")
-	}
-
-	if spec.TaskTemplate.ContainerSpec.Configs[1].Runtime == nil {
-		t.Error("ConfigReferenceRuntimeTarget was stripped from spec")
-	}
-
-	if spec.TaskTemplate.Placement.MaxReplicas != 222 {
-		t.Error("MaxReplicas was stripped from spec")
-	}
-
-	if len(spec.TaskTemplate.ContainerSpec.Ulimits) == 0 {
-		t.Error("Ulimits were stripped from spec")
-	}
-
-	// next, does calling this with an earlier version correctly strip fields?
-	adjustForAPIVersion("1.29", spec)
-	if spec.TaskTemplate.ContainerSpec.Sysctls != nil {
-		t.Error("Sysctls was not stripped from spec")
-	}
-
-	if spec.TaskTemplate.Resources.Limits.Pids != 0 {
-		t.Error("PidsLimit was not stripped from spec")
-	}
-
-	if spec.TaskTemplate.ContainerSpec.Privileges.CredentialSpec.Config != "" {
-		t.Error("CredentialSpec.Config field was not stripped from spec")
-	}
-
-	if spec.TaskTemplate.ContainerSpec.Configs[1].Runtime != nil {
-		t.Error("ConfigReferenceRuntimeTarget was not stripped from spec")
-	}
-
-	if spec.TaskTemplate.Placement.MaxReplicas != 0 {
-		t.Error("MaxReplicas was not stripped from spec")
-	}
-
-	if len(spec.TaskTemplate.ContainerSpec.Ulimits) != 0 {
-		t.Error("Ulimits were not stripped from spec")
-	}
-}

api/server/router/system/backend.go

@@ -1,45 +1,21 @@
-package system // import "github.com/docker/docker/api/server/router/system"
+package system
 
 import (
-	"context"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/swarm"
+	"golang.org/x/net/context"
 )
 
-// DiskUsageOptions holds parameters for system disk usage query.
-type DiskUsageOptions struct {
-	// Containers controls whether container disk usage should be computed.
-	Containers bool
-
-	// Images controls whether image disk usage should be computed.
-	Images bool
-
-	// Volumes controls whether volume disk usage should be computed.
-	Volumes bool
-}
-
 // Backend is the methods that need to be implemented to provide
 // system specific functionality.
 type Backend interface {
-	SystemInfo() *types.Info
+	SystemInfo() (*types.Info, error)
 	SystemVersion() types.Version
-	SystemDiskUsage(ctx context.Context, opts DiskUsageOptions) (*types.DiskUsage, error)
+	SystemDiskUsage(ctx context.Context) (*types.DiskUsage, error)
 	SubscribeToEvents(since, until time.Time, ef filters.Args) ([]events.Message, chan interface{})
 	UnsubscribeFromEvents(chan interface{})
 	AuthenticateToRegistry(ctx context.Context, authConfig *types.AuthConfig) (string, string, error)
 }
-
-// ClusterBackend is all the methods that need to be implemented
-// to provide cluster system specific functionality.
-type ClusterBackend interface {
-	Info() swarm.Info
-}
-
-// StatusProvider provides methods to get the swarm status of the current node.
-type StatusProvider interface {
-	Status() string
-}

api/server/router/system/system.go

@@ -1,37 +1,35 @@
-package system // import "github.com/docker/docker/api/server/router/system"
+package system
 
 import (
 	"github.com/docker/docker/api/server/router"
-	buildkit "github.com/docker/docker/builder/builder-next"
+	"github.com/docker/docker/builder/fscache"
+	"github.com/docker/docker/daemon/cluster"
 )
 
 // systemRouter provides information about the Docker system overall.
 // It gathers information about host, daemon and container events.
 type systemRouter struct {
-	backend  Backend
-	cluster  ClusterBackend
-	routes   []router.Route
-	builder  *buildkit.Builder
-	features *map[string]bool
+	backend Backend
+	cluster *cluster.Cluster
+	routes  []router.Route
+	builder *fscache.FSCache
 }
 
 // NewRouter initializes a new system router
-func NewRouter(b Backend, c ClusterBackend, builder *buildkit.Builder, features *map[string]bool) router.Router {
+func NewRouter(b Backend, c *cluster.Cluster, fscache *fscache.FSCache) router.Router {
 	r := &systemRouter{
-		backend:  b,
-		cluster:  c,
-		builder:  builder,
-		features: features,
+		backend: b,
+		cluster: c,
+		builder: fscache,
 	}
 
 	r.routes = []router.Route{
 		router.NewOptionsRoute("/{anyroute:.*}", optionsHandler),
-		router.NewGetRoute("/_ping", r.pingHandler),
-		router.NewHeadRoute("/_ping", r.pingHandler),
-		router.NewGetRoute("/events", r.getEvents),
+		router.NewGetRoute("/_ping", pingHandler),
+		router.NewGetRoute("/events", r.getEvents, router.WithCancel),
 		router.NewGetRoute("/info", r.getInfo),
 		router.NewGetRoute("/version", r.getVersion),
-		router.NewGetRoute("/system/df", r.getDiskUsage),
+		router.NewGetRoute("/system/df", r.getDiskUsage, router.WithCancel),
 		router.NewPostRoute("/auth", r.postAuth),
 	}