Merge pull request #42061 from thaJeztah/20.10_backport_bump_buildkit

[20.10 backport] vendor: github.com/moby/buildkit v0.8.2

.DEREK.yml

@@ -0,0 +1,22 @@
+curators:
+  - aboch
+  - alexellis
+  - andrewhsu
+  - anonymuse
+  - arkodg
+  - chanwit
+  - ehazlett
+  - fntlnz
+  - gianarb
+  - kolyshkin
+  - mgoelzer
+  - olljanat
+  - programmerq
+  - rheinwein
+  - ripcurld0
+  - thajeztah
+
+features:
+  - comments
+  - pr_description_required
+

.dockerignore

@@ -1,4 +1,6 @@
 .git
-bundles/
-cli/winresources/**/winres.json
-cli/winresources/**/*.syso
+.go-pkg-cache
+.gopath
+bundles
+vendor/pkg
+

.gitattributes

@@ -1,3 +0,0 @@
-Dockerfile* linguist-language=Dockerfile
-vendor.mod linguist-language=Go-Module
-vendor.sum linguist-language=Go-Checksums

.github/CODEOWNERS

@@ -5,7 +5,9 @@
 
 builder/**                              @tonistiigi
 contrib/mkimage/**                      @tianon
-daemon/graphdriver/devmapper/**         @rhvgoyal
+daemon/graphdriver/devmapper/**         @rhvgoyal 
+daemon/graphdriver/lcow/**              @johnstep
+daemon/graphdriver/overlay/**           @dmcgowan
 daemon/graphdriver/overlay2/**          @dmcgowan
 daemon/graphdriver/windows/**           @johnstep
 daemon/logger/awslogs/**                @samuelkarp  

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,70 @@
+<!--
+If you are reporting a new issue, make sure that we do not have any duplicates
+already open. You can ensure this by searching the issue list for this
+repository. If there is a duplicate, please close your issue and add a comment
+to the existing issue instead.
+
+If you suspect your issue is a bug, please edit your issue description to
+include the BUG REPORT INFORMATION shown below. If you fail to provide this
+information within 7 days, we cannot debug your issue and will close it. We
+will, however, reopen it if you later provide the information.
+
+For more information about reporting issues, see
+https://github.com/moby/moby/blob/master/CONTRIBUTING.md#reporting-other-issues
+
+---------------------------------------------------
+GENERAL SUPPORT INFORMATION
+---------------------------------------------------
+
+The GitHub issue tracker is for bug reports and feature requests.
+General support for **docker** can be found at the following locations:
+
+- Docker Support Forums - https://forums.docker.com
+- Slack - community.docker.com #general channel
+- Post a question on StackOverflow, using the Docker tag
+
+General support for **moby** can be found at the following locations:
+
+- Moby Project Forums - https://forums.mobyproject.org
+- Slack - community.docker.com #moby-project channel
+- Post a question on StackOverflow, using the Moby tag
+
+---------------------------------------------------
+BUG REPORT INFORMATION
+---------------------------------------------------
+Use the commands below to provide key information from your environment:
+You do NOT have to include this information if this is a FEATURE REQUEST
+-->
+
+**Description**
+
+<!--
+Briefly describe the problem you are having in a few paragraphs.
+-->
+
+**Steps to reproduce the issue:**
+1.
+2.
+3.
+
+**Describe the results you received:**
+
+
+**Describe the results you expected:**
+
+
+**Additional information you deem important (e.g. issue happens only occasionally):**
+
+**Output of `docker version`:**
+
+```
+(paste your output here)
+```
+
+**Output of `docker info`:**
+
+```
+(paste your output here)
+```
+
+**Additional environment details (AWS, VirtualBox, physical, etc.):**

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,146 +0,0 @@
-name: Bug report
-description: Create a report to help us improve
-labels:
-  - kind/bug
-  - status/0-triage
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thank you for taking the time to report a bug!
-        If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
-  - type: textarea
-    id: description
-    attributes:
-      label: Description
-      description: Please give a clear and concise description of the bug
-    validations:
-      required: true
-  - type: textarea
-    id: repro
-    attributes:
-      label: Reproduce
-      description: Steps to reproduce the bug
-      placeholder: |
-        1. docker run ...
-        2. docker kill ...
-        3. docker rm ...
-    validations:
-      required: true
-  - type: textarea
-    id: expected
-    attributes:
-      label: Expected behavior
-      description: What is the expected behavior?
-      placeholder: |
-        E.g. "`docker rm` should remove the container and cleanup all associated data"
-  - type: textarea
-    id: version
-    attributes:
-      label: docker version
-      description: Output of `docker version`
-      render: bash
-      placeholder: |
-        Client:
-          Version:           20.10.17
-          API version:       1.41
-          Go version:        go1.17.11
-          Git commit:        100c70180fde3601def79a59cc3e996aa553c9b9
-          Built:             Mon Jun  6 21:36:39 UTC 2022
-          OS/Arch:           linux/amd64
-          Context:           default
-          Experimental:      true
-
-        Server:
-          Engine:
-            Version:          20.10.17
-            API version:      1.41 (minimum version 1.12)
-            Go version:       go1.17.11
-            Git commit:       a89b84221c8560e7a3dee2a653353429e7628424
-            Built:            Mon Jun  6 22:32:38 2022
-            OS/Arch:          linux/amd64
-            Experimental:     true
-          containerd:
-            Version:          1.6.6
-            GitCommit:        10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
-          runc:
-            Version:          1.1.2
-            GitCommit:        a916309fff0f838eb94e928713dbc3c0d0ac7aa4
-          docker-init:
-            Version:          0.19.0
-            GitCommit:
-    validations:
-      required: true
-  - type: textarea
-    id: info
-    attributes:
-      label: docker info
-      description: Output of `docker info`
-      render: bash
-      placeholder: |
-        Client:
-          Context:    default
-          Debug Mode: false
-          Plugins:
-            buildx: Docker Buildx (Docker Inc., 0.8.2)
-            compose: Docker Compose (Docker Inc., 2.6.0)
-
-        Server:
-          Containers: 4
-            Running: 2
-            Paused: 0
-            Stopped: 2
-          Images: 80
-          Server Version: 20.10.17
-          Storage Driver: overlay2
-            Backing Filesystem: xfs
-            Supports d_type: true
-            Native Overlay Diff: false
-            userxattr: false
-          Logging Driver: local
-          Cgroup Driver: cgroupfs
-          Cgroup Version: 1
-          Plugins:
-            Volume: local
-            Network: bridge host ipvlan macvlan null overlay
-            Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
-          Swarm: inactive
-          Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
-          Default Runtime: runc
-          Init Binary: docker-init
-          containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
-          runc version: a916309fff0f838eb94e928713dbc3c0d0ac7aa4
-          init version: 
-          Security Options:
-            apparmor
-            seccomp
-            Profile: default
-          Kernel Version: 5.13.0-1031-azure
-          Operating System: Ubuntu 20.04.4 LTS
-          OSType: linux
-          Architecture: x86_64
-          CPUs: 4
-          Total Memory: 15.63GiB
-          Name: dev
-          ID: UC44:2RFL:7NQ5:GGFW:34O5:DYRE:CLOH:VLGZ:64AZ:GFXC:PY6H:SAHY
-          Docker Root Dir: /var/lib/docker
-          Debug Mode: true
-            File Descriptors: 46
-            Goroutines: 134
-            System Time: 2022-07-06T18:07:54.812439392Z
-            EventsListeners: 0
-          Registry: https://index.docker.io/v1/
-          Labels:
-          Experimental: true
-          Insecure Registries:
-            127.0.0.0/8
-          Live Restore Enabled: true
-    validations:
-      required: true
-  - type: textarea
-    id: additional
-    attributes:
-      label: Additional Info
-      description: Additional info you want to provide such as logs, system info, environment, etc.
-    validations:
-      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -1,8 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Security and Vulnerabilities
-    url: https://github.com/moby/moby/blob/master/SECURITY.md
-    about: Please report any security issues or vulnerabilities responsibly to the Docker security team. Please do not use the public issue tracker.
-  - name: Questions and Discussions
-    url: https://github.com/moby/moby/discussions/new
-    about: Use Github Discussions to ask questions and/or open discussion topics.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -1,13 +0,0 @@
-name: Feature request
-description: Missing functionality? Come tell us about it!
-labels:
-  - kind/feature
-  - status/0-triage
-body:
-  - type: textarea
-    id: description
-    attributes:
-      label: Description
-      description: What is the feature you want to see?
-    validations:
-      required: true

.github/actions/setup-runner/action.yml

@@ -1,27 +0,0 @@
-name: 'Setup Runner'
-description: 'Composite action to set up the GitHub Runner for jobs in the test.yml workflow'
-
-runs:
-  using: composite
-  steps:
-    - run: |
-        sudo modprobe ip_vs
-        sudo modprobe ipv6
-        sudo modprobe ip6table_filter
-        sudo modprobe -r overlay
-        sudo modprobe overlay redirect_dir=off
-      shell: bash
-    - run: |
-        if [ ! -e /etc/docker/daemon.json ]; then
-         echo '{}' | sudo tee /etc/docker/daemon.json >/dev/null
-        fi
-        DOCKERD_CONFIG=$(jq '.+{"experimental":true,"live-restore":true,"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' /etc/docker/daemon.json)
-        sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
-        sudo service docker restart
-      shell: bash
-    - run: |
-        ./contrib/check-config.sh || true
-      shell: bash
-    - run: |
-        docker info
-      shell: bash

.github/workflows/.dco.yml

@@ -1,48 +0,0 @@
-# reusable workflow
-name: .dco
-
-# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
-
-on:
-  workflow_call:
-
-env:
-  ALPINE_VERSION: 3.16
-
-jobs:
-  run:
-    runs-on: ubuntu-20.04
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      -
-        name: Dump context
-        uses: actions/github-script@v6
-        with:
-          script: |
-            console.log(JSON.stringify(context, null, 2));
-      -
-        name: Get base ref
-        id: base-ref
-        uses: actions/github-script@v6
-        with:
-          result-encoding: string
-          script: |
-            if (/^refs\/pull\//.test(context.ref) && context.payload?.pull_request?.base?.ref != undefined) {
-              return context.payload.pull_request.base.ref;
-            }
-            return context.ref.replace(/^refs\/heads\//g, '');
-      -
-        name: Validate
-        run: |
-          docker run --rm \
-            -v "$(pwd):/workspace" \
-            -e VALIDATE_REPO \
-            -e VALIDATE_BRANCH \
-            alpine:${{ env.ALPINE_VERSION }} sh -c 'apk add --no-cache -q bash git openssh-client && git config --system --add safe.directory /workspace && cd /workspace && hack/validate/dco'
-        env:
-          VALIDATE_REPO: ${{ github.server_url }}/${{ github.repository }}.git
-          VALIDATE_BRANCH: ${{ steps.base-ref.outputs.result }}

.github/workflows/.windows.yml

@@ -1,499 +0,0 @@
-# reusable workflow
-name: .windows
-
-# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
-
-on:
-  workflow_call:
-    inputs:
-      os:
-        required: true
-        type: string
-      send_coverage:
-        required: false
-        type: boolean
-        default: false
-
-env:
-  GO_VERSION: "1.20.13"
-  GOTESTLIST_VERSION: v0.3.1
-  TESTSTAT_VERSION: v0.1.3
-  WINDOWS_BASE_IMAGE: mcr.microsoft.com/windows/servercore
-  WINDOWS_BASE_TAG_2019: ltsc2019
-  WINDOWS_BASE_TAG_2022: ltsc2022
-  TEST_IMAGE_NAME: moby:test
-  TEST_CTN_NAME: moby
-  DOCKER_BUILDKIT: 0
-  ITG_CLI_MATRIX_SIZE: 6
-
-jobs:
-  build:
-    runs-on: ${{ inputs.os }}
-    env:
-      GOPATH: ${{ github.workspace }}\go
-      GOBIN: ${{ github.workspace }}\go\bin
-      BIN_OUT: ${{ github.workspace }}\out
-    defaults:
-      run:
-        working-directory: ${{ env.GOPATH }}/src/github.com/docker/docker
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          path: ${{ env.GOPATH }}/src/github.com/docker/docker
-      -
-        name: Env
-        run: |
-          Get-ChildItem Env: | Out-String
-      -
-        name: Init
-        run: |
-          New-Item -ItemType "directory" -Path "${{ github.workspace }}\go-build"
-          New-Item -ItemType "directory" -Path "${{ github.workspace }}\go\pkg\mod"
-          If ("${{ inputs.os }}" -eq "windows-2019") {
-            echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          } ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
-            echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          }
-      -
-        name: Cache
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~\AppData\Local\go-build
-            ~\go\pkg\mod
-            ${{ github.workspace }}\go-build
-            ${{ env.GOPATH }}\pkg\mod
-          key: ${{ inputs.os }}-${{ github.job }}-${{ hashFiles('**/vendor.sum') }}
-          restore-keys: |
-            ${{ inputs.os }}-${{ github.job }}-
-      -
-        name: Docker info
-        run: |
-          docker info
-      -
-        name: Build base image
-        run: |
-          docker pull ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }}
-          docker tag ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }} microsoft/windowsservercore
-          docker build --build-arg GO_VERSION -t ${{ env.TEST_IMAGE_NAME }} -f Dockerfile.windows .
-      -
-        name: Build binaries
-        run: |
-          & docker run --name ${{ env.TEST_CTN_NAME }} -e "DOCKER_GITCOMMIT=${{ github.sha }}" `
-              -v "${{ github.workspace }}\go-build:C:\Users\ContainerAdministrator\AppData\Local\go-build" `
-              -v "${{ github.workspace }}\go\pkg\mod:C:\gopath\pkg\mod" `
-              ${{ env.TEST_IMAGE_NAME }} hack\make.ps1 -Daemon -Client
-      -
-        name: Copy artifacts
-        run: |
-          New-Item -ItemType "directory" -Path "${{ env.BIN_OUT }}"
-          docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\src\github.com\docker\docker\bundles\docker.exe" ${{ env.BIN_OUT }}\
-          docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\src\github.com\docker\docker\bundles\dockerd.exe" ${{ env.BIN_OUT }}\
-          docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\bin\gotestsum.exe" ${{ env.BIN_OUT }}\
-          docker cp "${{ env.TEST_CTN_NAME }}`:c`:\containerd\bin\containerd.exe" ${{ env.BIN_OUT }}\
-          docker cp "${{ env.TEST_CTN_NAME }}`:c`:\containerd\bin\containerd-shim-runhcs-v1.exe" ${{ env.BIN_OUT }}\
-      -
-        name: Upload artifacts
-        uses: actions/upload-artifact@v3
-        with:
-          name: build-${{ inputs.os }}
-          path: ${{ env.BIN_OUT }}/*
-          if-no-files-found: error
-          retention-days: 2
-
-  unit-test:
-    runs-on: ${{ inputs.os }}
-    timeout-minutes: 120
-    env:
-      GOPATH: ${{ github.workspace }}\go
-      GOBIN: ${{ github.workspace }}\go\bin
-    defaults:
-      run:
-        working-directory: ${{ env.GOPATH }}/src/github.com/docker/docker
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          path: ${{ env.GOPATH }}/src/github.com/docker/docker
-      -
-        name: Env
-        run: |
-          Get-ChildItem Env: | Out-String
-      -
-        name: Init
-        run: |
-          New-Item -ItemType "directory" -Path "${{ github.workspace }}\go-build"
-          New-Item -ItemType "directory" -Path "${{ github.workspace }}\go\pkg\mod"
-          New-Item -ItemType "directory" -Path "bundles"
-          If ("${{ inputs.os }}" -eq "windows-2019") {
-            echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          } ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
-            echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          }
-      -
-        name: Cache
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~\AppData\Local\go-build
-            ~\go\pkg\mod
-            ${{ github.workspace }}\go-build
-            ${{ env.GOPATH }}\pkg\mod
-          key: ${{ inputs.os }}-${{ github.job }}-${{ hashFiles('**/vendor.sum') }}
-          restore-keys: |
-            ${{ inputs.os }}-${{ github.job }}-
-      -
-        name: Docker info
-        run: |
-          docker info
-      -
-        name: Build base image
-        run: |
-          docker pull ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }}
-          docker tag ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }} microsoft/windowsservercore
-          docker build --build-arg GO_VERSION -t ${{ env.TEST_IMAGE_NAME }} -f Dockerfile.windows .
-      -
-        name: Test
-        run: |
-          & docker run --name ${{ env.TEST_CTN_NAME }} -e "DOCKER_GITCOMMIT=${{ github.sha }}" `
-            -v "${{ github.workspace }}\go-build:C:\Users\ContainerAdministrator\AppData\Local\go-build" `
-            -v "${{ github.workspace }}\go\pkg\mod:C:\gopath\pkg\mod" `
-            -v "${{ env.GOPATH }}\src\github.com\docker\docker\bundles:C:\gopath\src\github.com\docker\docker\bundles" `
-            ${{ env.TEST_IMAGE_NAME }} hack\make.ps1 -TestUnit
-      -
-        name: Send to Codecov
-        if: inputs.send_coverage
-        uses: codecov/codecov-action@v3
-        with:
-          working-directory: ${{ env.GOPATH }}\src\github.com\docker\docker
-          directory: bundles
-          env_vars: RUNNER_OS
-          flags: unit
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ inputs.os }}-unit-reports
-          path: ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
-
-  unit-test-report:
-    runs-on: ubuntu-latest
-    if: always()
-    needs:
-      - unit-test
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download artifacts
-        uses: actions/download-artifact@v3
-        with:
-          name: ${{ inputs.os }}-unit-reports
-          path: /tmp/artifacts
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/artifacts -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
-
-  integration-test-prepare:
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.tests.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Install gotestlist
-        run:
-          go install github.com/crazy-max/gotestlist/cmd/gotestlist@${{ env.GOTESTLIST_VERSION }}
-      -
-        name: Create matrix
-        id: tests
-        working-directory: ./integration-cli
-        run: |
-          # This step creates a matrix for integration-cli tests. Tests suites
-          # are distributed in integration-test job through a matrix. There is
-          # also an override being added to the matrix like "./..." to run
-          # "Test integration" step exclusively.
-          matrix="$(gotestlist -d ${{ env.ITG_CLI_MATRIX_SIZE }} -o "./..." ./...)"
-          echo "matrix=$matrix" >> $GITHUB_OUTPUT
-      -
-        name: Show matrix
-        run: |
-          echo ${{ steps.tests.outputs.matrix }}
-
-  integration-test:
-    runs-on: ${{ inputs.os }}
-    timeout-minutes: 120
-    needs:
-      - build
-      - integration-test-prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        runtime:
-          - builtin
-          - containerd
-        test: ${{ fromJson(needs.integration-test-prepare.outputs.matrix) }}
-    env:
-      GOPATH: ${{ github.workspace }}\go
-      GOBIN: ${{ github.workspace }}\go\bin
-      BIN_OUT: ${{ github.workspace }}\out
-    defaults:
-      run:
-        working-directory: ${{ env.GOPATH }}/src/github.com/docker/docker
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          path: ${{ env.GOPATH }}/src/github.com/docker/docker
-      -
-        name: Env
-        run: |
-          Get-ChildItem Env: | Out-String
-      -
-        name: Download artifacts
-        uses: actions/download-artifact@v3
-        with:
-          name: build-${{ inputs.os }}
-          path: ${{ env.BIN_OUT }}
-      -
-        name: Init
-        run: |
-          New-Item -ItemType "directory" -Path "bundles"
-          If ("${{ inputs.os }}" -eq "windows-2019") {
-            echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          } ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
-            echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          }
-          Write-Output "${{ env.BIN_OUT }}" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
-      -
-        # removes docker service that is currently installed on the runner. we
-        # could use Uninstall-Package but not yet available on Windows runners.
-        # more info: https://github.com/actions/virtual-environments/blob/d3a5bad25f3b4326c5666bab0011ac7f1beec95e/images/win/scripts/Installers/Install-Docker.ps1#L11
-        name: Removing current daemon
-        run: |
-          if (Get-Service docker -ErrorAction SilentlyContinue) {
-            $dockerVersion = (docker version -f "{{.Server.Version}}")
-            Write-Host "Current installed Docker version: $dockerVersion"
-            # remove service
-            Stop-Service -Force -Name docker
-            Remove-Service -Name docker
-            # removes event log entry. we could use "Remove-EventLog -LogName -Source docker"
-            # but this cmd is not available atm
-            $ErrorActionPreference = "SilentlyContinue"
-            & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\docker" /f 2>&1 | Out-Null
-            $ErrorActionPreference = "Stop"
-            Write-Host "Service removed"
-          }
-      -
-        name: Starting containerd
-        if: matrix.runtime == 'containerd'
-        run: |
-          Write-Host "Generating config"
-          & "${{ env.BIN_OUT }}\containerd.exe" config default | Out-File "$env:TEMP\ctn.toml" -Encoding ascii
-          Write-Host "Creating service"
-          New-Item -ItemType Directory "$env:TEMP\ctn-root" -ErrorAction SilentlyContinue | Out-Null
-          New-Item -ItemType Directory "$env:TEMP\ctn-state" -ErrorAction SilentlyContinue | Out-Null
-          Start-Process -Wait "${{ env.BIN_OUT }}\containerd.exe" `
-            -ArgumentList "--log-level=debug", `
-              "--config=$env:TEMP\ctn.toml", `
-              "--address=\\.\pipe\containerd-containerd", `
-              "--root=$env:TEMP\ctn-root", `
-              "--state=$env:TEMP\ctn-state", `
-              "--log-file=$env:TEMP\ctn.log", `
-              "--register-service"
-          Write-Host "Starting service"
-          Start-Service -Name containerd
-          Start-Sleep -Seconds 5
-          Write-Host "Service started successfully!"
-      -
-        name: Starting test daemon
-        run: |
-          Write-Host "Creating service"
-          If ("${{ matrix.runtime }}" -eq "containerd") {
-            $runtimeArg="--containerd=\\.\pipe\containerd-containerd"
-            echo "DOCKER_WINDOWS_CONTAINERD_RUNTIME=1" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          }
-          New-Item -ItemType Directory "$env:TEMP\moby-root" -ErrorAction SilentlyContinue | Out-Null
-          New-Item -ItemType Directory "$env:TEMP\moby-exec" -ErrorAction SilentlyContinue | Out-Null
-          Start-Process -Wait -NoNewWindow "${{ env.BIN_OUT }}\dockerd" `
-            -ArgumentList $runtimeArg, "--debug", `
-              "--host=npipe:////./pipe/docker_engine", `
-              "--data-root=$env:TEMP\moby-root", `
-              "--exec-root=$env:TEMP\moby-exec", `
-              "--pidfile=$env:TEMP\docker.pid", `
-              "--register-service"
-          Write-Host "Starting service"
-          Start-Service -Name docker
-          Write-Host "Service started successfully!"
-      -
-        name: Waiting for test daemon to start
-        run: |
-          $tries=20
-          Write-Host "Waiting for the test daemon to start..."
-          While ($true) {
-            $ErrorActionPreference = "SilentlyContinue"
-            & "${{ env.BIN_OUT }}\docker" version
-            $ErrorActionPreference = "Stop"
-            If ($LastExitCode -eq 0) {
-              break
-            }
-            $tries--
-            If ($tries -le 0) {
-              Throw "Failed to get a response from the daemon"
-            }
-            Write-Host -NoNewline "."
-            Start-Sleep -Seconds 1
-          }
-          Write-Host "Test daemon started and replied!"
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-      -
-        name: Docker info
-        run: |
-          & "${{ env.BIN_OUT }}\docker" info
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-      -
-        name: Building contrib/busybox
-        run: |
-          & "${{ env.BIN_OUT }}\docker" build -t busybox `
-            --build-arg WINDOWS_BASE_IMAGE `
-            --build-arg WINDOWS_BASE_IMAGE_TAG `
-            .\contrib\busybox\
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-      -
-        name: List images
-        run: |
-          & "${{ env.BIN_OUT }}\docker" images
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Test integration
-        if: matrix.test == './...'
-        run: |
-          .\hack\make.ps1 -TestIntegration
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-          GO111MODULE: "off"
-          TEST_CLIENT_BINARY: ${{ env.BIN_OUT }}\docker
-      -
-        name: Test integration-cli
-        if: matrix.test != './...'
-        run: |
-          .\hack\make.ps1 -TestIntegrationCli
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-          GO111MODULE: "off"
-          TEST_CLIENT_BINARY: ${{ env.BIN_OUT }}\docker
-          INTEGRATION_TESTRUN: ${{ matrix.test }}
-      -
-        name: Send to Codecov
-        if: inputs.send_coverage
-        uses: codecov/codecov-action@v3
-        with:
-          working-directory: ${{ env.GOPATH }}\src\github.com\docker\docker
-          directory: bundles
-          env_vars: RUNNER_OS
-          flags: integration,${{ matrix.runtime }}
-      -
-        name: Docker info
-        run: |
-          & "${{ env.BIN_OUT }}\docker" info
-        env:
-          DOCKER_HOST: npipe:////./pipe/docker_engine
-      -
-        name: Stop containerd
-        if: always() && matrix.runtime == 'containerd'
-        run: |
-          $ErrorActionPreference = "SilentlyContinue"
-          Stop-Service -Force -Name containerd
-          $ErrorActionPreference = "Stop"
-      -
-        name: Containerd logs
-        if: always() && matrix.runtime == 'containerd'
-        run: |
-          Copy-Item "$env:TEMP\ctn.log" -Destination ".\bundles\containerd.log"
-          Get-Content "$env:TEMP\ctn.log" | Out-Host
-      -
-        name: Stop daemon
-        if: always()
-        run: |
-          $ErrorActionPreference = "SilentlyContinue"
-          Stop-Service -Force -Name docker
-          $ErrorActionPreference = "Stop"
-      -
-        # as the daemon is registered as a service we have to check the event
-        # logs against the docker provider.
-        name: Daemon event logs
-        if: always()
-        run: |
-          Get-WinEvent -ea SilentlyContinue `
-            -FilterHashtable @{ProviderName= "docker"; LogName = "application"} |
-              Sort-Object @{Expression="TimeCreated";Descending=$false} |
-              ForEach-Object {"$($_.TimeCreated.ToUniversalTime().ToString("o")) [$($_.LevelDisplayName)] $($_.Message)"} |
-              Tee-Object -file ".\bundles\daemon.log"
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ inputs.os }}-integration-reports-${{ matrix.runtime }}
-          path: ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
-
-  integration-test-report:
-    runs-on: ubuntu-latest
-    if: always()
-    needs:
-      - integration-test
-    strategy:
-      fail-fast: false
-      matrix:
-        runtime:
-          - builtin
-          - containerd
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download artifacts
-        uses: actions/download-artifact@v3
-        with:
-          name: ${{ inputs.os }}-integration-reports-${{ matrix.runtime }}
-          path: /tmp/artifacts
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/artifacts -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY

.github/workflows/bin-image.yml

@@ -1,183 +0,0 @@
-name: bin-image
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-    tags:
-      - 'v*'
-  pull_request:
-
-env:
-  MOBYBIN_REPO_SLUG: moby/moby-bin
-  DOCKER_GITCOMMIT: ${{ github.sha }}
-  VERSION: ${{ github.ref }}
-  PLATFORM: Moby Engine - Nightly
-  PRODUCT: moby-bin
-  PACKAGER_NAME: The Moby Project
-
-jobs:
-  validate-dco:
-    if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
-    uses: ./.github/workflows/.dco.yml
-
-  prepare:
-    runs-on: ubuntu-20.04
-    outputs:
-      platforms: ${{ steps.platforms.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ${{ env.MOBYBIN_REPO_SLUG }}
-          ### versioning strategy
-          ## push semver tag v23.0.0
-          # moby/moby-bin:23.0.0
-          # moby/moby-bin:latest
-          ## push semver prelease tag v23.0.0-beta.1
-          # moby/moby-bin:23.0.0-beta.1
-          ## push on master
-          # moby/moby-bin:master
-          ## push on 23.0 branch
-          # moby/moby-bin:23.0
-          ## any push
-          # moby/moby-bin:sha-ad132f5
-          tags: |
-            type=semver,pattern={{version}}
-            type=ref,event=branch
-            type=ref,event=pr
-            type=sha
-      -
-        name: Rename meta bake definition file
-        run: |
-          mv "${{ steps.meta.outputs.bake-file }}" "/tmp/bake-meta.json"
-      -
-        name: Upload meta bake definition
-        uses: actions/upload-artifact@v3
-        with:
-          name: bake-meta
-          path: /tmp/bake-meta.json
-          if-no-files-found: error
-          retention-days: 1
-      -
-        name: Create platforms matrix
-        id: platforms
-        run: |
-          echo "matrix=$(docker buildx bake bin-image-cross --print | jq -cr '.target."bin-image-cross".platforms')" >>${GITHUB_OUTPUT}
-
-  build:
-    runs-on: ubuntu-20.04
-    needs:
-      - validate-dco
-      - prepare
-    if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')
-    strategy:
-      fail-fast: false
-      matrix:
-        platform: ${{ fromJson(needs.prepare.outputs.platforms) }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      -
-        name: Download meta bake definition
-        uses: actions/download-artifact@v3
-        with:
-          name: bake-meta
-          path: /tmp
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Login to Docker Hub
-        if: github.event_name != 'pull_request' && github.repository == 'moby/moby'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_MOBYBIN_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_MOBYBIN_TOKEN }}
-      -
-        name: Build
-        id: bake
-        uses: docker/bake-action@v3
-        with:
-          files: |
-            ./docker-bake.hcl
-            /tmp/bake-meta.json
-          targets: bin-image
-          set: |
-            *.platform=${{ matrix.platform }}
-            *.output=type=image,name=${{ env.MOBYBIN_REPO_SLUG }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' && github.repository == 'moby/moby' }}
-            *.tags=
-      -
-        name: Export digest
-        if: github.event_name != 'pull_request' && github.repository == 'moby/moby'
-        run: |
-          mkdir -p /tmp/digests
-          digest="${{ fromJSON(steps.bake.outputs.metadata)['bin-image']['containerimage.digest'] }}"
-          touch "/tmp/digests/${digest#sha256:}"
-      -
-        name: Upload digest
-        if: github.event_name != 'pull_request' && github.repository == 'moby/moby'
-        uses: actions/upload-artifact@v3
-        with:
-          name: digests
-          path: /tmp/digests/*
-          if-no-files-found: error
-          retention-days: 1
-
-  merge:
-    runs-on: ubuntu-20.04
-    needs:
-      - build
-    if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') && github.event_name != 'pull_request' && github.repository == 'moby/moby'
-    steps:
-      -
-        name: Download meta bake definition
-        uses: actions/download-artifact@v3
-        with:
-          name: bake-meta
-          path: /tmp
-      -
-        name: Download digests
-        uses: actions/download-artifact@v3
-        with:
-          name: digests
-          path: /tmp/digests
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_MOBYBIN_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_MOBYBIN_TOKEN }}
-      -
-        name: Create manifest list and push
-        working-directory: /tmp/digests
-        run: |
-          set -x
-          docker buildx imagetools create $(jq -cr '.target."docker-metadata-action".tags | map("-t " + .) | join(" ")' /tmp/bake-meta.json) \
-            $(printf '${{ env.MOBYBIN_REPO_SLUG }}@sha256:%s ' *)
-      -
-        name: Inspect image
-        run: |
-          set -x
-          docker buildx imagetools inspect ${{ env.MOBYBIN_REPO_SLUG }}:$(jq -cr '.target."docker-metadata-action".args.DOCKER_META_VERSION' /tmp/bake-meta.json)

.github/workflows/buildkit.yml

@@ -1,124 +0,0 @@
-name: buildkit
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-  pull_request:
-
-env:
-  ALPINE_VERSION: "3.18"
-  GO_VERSION: "1.20.12"
-  DESTDIR: ./build
-
-jobs:
-  validate-dco:
-    uses: ./.github/workflows/.dco.yml
-
-  build:
-    runs-on: ubuntu-20.04
-    needs:
-      - validate-dco
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build
-        uses: docker/bake-action@v2
-        with:
-          targets: binary
-      -
-        name: Upload artifacts
-        uses: actions/upload-artifact@v3
-        with:
-          name: binary
-          path: ${{ env.DESTDIR }}
-          if-no-files-found: error
-          retention-days: 1
-
-  test:
-    runs-on: ubuntu-20.04
-    timeout-minutes: 120
-    needs:
-      - build
-    strategy:
-      fail-fast: false
-      matrix:
-        worker:
-          - dockerd
-          - dockerd-containerd
-        pkg:
-          - client
-          - cmd/buildctl
-          - solver
-          - frontend
-          - frontend/dockerfile
-        typ:
-          - integration
-    steps:
-      -
-        name: Prepare
-        run: |
-          disabledFeatures="cache_backend_azblob,cache_backend_s3"
-          if [ "${{ matrix.worker }}" = "dockerd" ]; then
-            disabledFeatures="${disabledFeatures},merge_diff"
-          fi
-          echo "BUILDKIT_TEST_DISABLE_FEATURES=${disabledFeatures}" >> $GITHUB_ENV
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          path: moby
-      -
-        name: BuildKit ref
-        run: |
-          echo "$(./hack/buildkit-ref)" >> $GITHUB_ENV
-        working-directory: moby
-      -
-        name: Checkout BuildKit ${{ env.BUILDKIT_REF }}
-        uses: actions/checkout@v3
-        with:
-          repository: ${{ env.BUILDKIT_REPO }}
-          ref: ${{ env.BUILDKIT_REF }}
-          path: buildkit
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Download binary artifacts
-        uses: actions/download-artifact@v3
-        with:
-          name: binary
-          path: ./buildkit/build/moby/
-      -
-        name: Update daemon.json
-        run: |
-          sudo rm -f /etc/docker/daemon.json
-          sudo service docker restart
-          docker version
-          docker info
-      -
-        name: Test
-        run: |
-          ./hack/test ${{ matrix.typ }}
-        env:
-          CONTEXT: "."
-          TEST_DOCKERD: "1"
-          TEST_DOCKERD_BINARY: "./build/moby/dockerd"
-          TESTPKGS: "./${{ matrix.pkg }}"
-          # Skip buildkit tests checking the digest (see https://github.com/moby/buildkit/pull/3736)
-          TESTFLAGS: "-v --parallel=1 --timeout=30m --run=/^Test([^R]|.[^e]|..[^p]|...[^r]|....[^o]|.....[^S])/worker=${{ matrix.worker }}$"
-        working-directory: buildkit

.github/workflows/ci.yml

@@ -1,129 +0,0 @@
-name: ci
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-  pull_request:
-
-env:
-  DESTDIR: ./build
-
-jobs:
-  validate-dco:
-    uses: ./.github/workflows/.dco.yml
-
-  build:
-    runs-on: ubuntu-20.04
-    needs:
-      - validate-dco
-    strategy:
-      fail-fast: false
-      matrix:
-        target:
-          - binary
-          - dynbinary
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build
-        uses: docker/bake-action@v2
-        with:
-          targets: ${{ matrix.target }}
-      -
-        name: List artifacts
-        run: |
-          tree -nh ${{ env.DESTDIR }}
-      -
-        name: Check artifacts
-        run: |
-          find ${{ env.DESTDIR }} -type f -exec file -e ascii -- {} +
-      -
-        name: Upload artifacts
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ matrix.target }}
-          path: ${{ env.DESTDIR }}
-          if-no-files-found: error
-          retention-days: 7
-
-  prepare-cross:
-    runs-on: ubuntu-latest
-    needs:
-      - validate-dco
-    outputs:
-      matrix: ${{ steps.platforms.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Create matrix
-        id: platforms
-        run: |
-          matrix="$(docker buildx bake binary-cross --print | jq -cr '.target."binary-cross".platforms')"
-          echo "matrix=$matrix" >> $GITHUB_OUTPUT
-      -
-        name: Show matrix
-        run: |
-          echo ${{ steps.platforms.outputs.matrix }}
-
-  cross:
-    runs-on: ubuntu-20.04
-    needs:
-      - validate-dco
-      - prepare-cross
-    strategy:
-      fail-fast: false
-      matrix:
-        platform: ${{ fromJson(needs.prepare-cross.outputs.matrix) }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      -
-        name: Prepare
-        run: |
-          platform=${{ matrix.platform }}
-          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build
-        uses: docker/bake-action@v2
-        with:
-          targets: all
-          set: |
-            *.platform=${{ matrix.platform }}
-      -
-        name: List artifacts
-        run: |
-          tree -nh ${{ env.DESTDIR }}
-      -
-        name: Check artifacts
-        run: |
-          find ${{ env.DESTDIR }} -type f -exec file -e ascii -- {} +
-      -
-        name: Upload artifacts
-        uses: actions/upload-artifact@v3
-        with:
-          name: cross-${{ env.PLATFORM_PAIR }}
-          path: ${{ env.DESTDIR }}
-          if-no-files-found: error
-          retention-days: 7

.github/workflows/test.yml

@@ -1,560 +0,0 @@
-name: test
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-  pull_request:
-
-env:
-  GO_VERSION: "1.20.13"
-  GOTESTLIST_VERSION: v0.3.1
-  TESTSTAT_VERSION: v0.1.3
-  ITG_CLI_MATRIX_SIZE: 6
-  DOCKER_EXPERIMENTAL: 1
-  DOCKER_GRAPHDRIVER: overlay2
-
-jobs:
-  validate-dco:
-    uses: ./.github/workflows/.dco.yml
-
-  build-dev:
-    runs-on: ubuntu-20.04
-    needs:
-      - validate-dco
-    strategy:
-      fail-fast: false
-      matrix:
-        mode:
-          - ""
-          - systemd
-    steps:
-      -
-        name: Prepare
-        run: |
-          if [ "${{ matrix.mode }}" = "systemd" ]; then
-            echo "SYSTEMD=true" >> $GITHUB_ENV
-          fi
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build dev image
-        uses: docker/bake-action@v2
-        with:
-          targets: dev
-          set: |
-            *.cache-from=type=gha,scope=dev${{ matrix.mode }}
-            *.cache-to=type=gha,scope=dev${{ matrix.mode }},mode=max
-            *.output=type=cacheonly
-
-  validate-prepare:
-    runs-on: ubuntu-20.04
-    needs:
-      - validate-dco
-    outputs:
-      matrix: ${{ steps.scripts.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Create matrix
-        id: scripts
-        run: |
-          scripts=$(jq -ncR '[inputs]' <<< "$(ls -I .validate -I all -I default -I dco -I golangci-lint.yml -I yamllint.yaml -A ./hack/validate/)")
-          echo "matrix=$scripts" >> $GITHUB_OUTPUT
-      -
-        name: Show matrix
-        run: |
-          echo ${{ steps.scripts.outputs.matrix }}
-
-  validate:
-    runs-on: ubuntu-20.04
-    timeout-minutes: 120
-    needs:
-      - validate-prepare
-      - build-dev
-    strategy:
-      fail-fast: true
-      matrix:
-        script: ${{ fromJson(needs.validate-prepare.outputs.matrix) }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build dev image
-        uses: docker/bake-action@v2
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Validate
-        run: |
-          make -o build validate-${{ matrix.script }}
-
-  unit:
-    runs-on: ubuntu-20.04
-    timeout-minutes: 120
-    needs:
-      - build-dev
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build dev image
-        uses: docker/bake-action@v2
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Test
-        run: |
-          make -o build test-unit
-      -
-        name: Prepare reports
-        if: always()
-        run: |
-          mkdir -p bundles /tmp/reports
-          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
-          tar -xzf /tmp/reports.tar.gz -C /tmp/reports
-          sudo chown -R $(id -u):$(id -g) /tmp/reports
-          tree -nh /tmp/reports
-      -
-        name: Send to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          directory: ./bundles
-          env_vars: RUNNER_OS
-          flags: unit
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: unit-reports
-          path: /tmp/reports/*
-
-  unit-report:
-    runs-on: ubuntu-20.04
-    timeout-minutes: 10
-    if: always()
-    needs:
-      - unit
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download reports
-        uses: actions/download-artifact@v3
-        with:
-          name: unit-reports
-          path: /tmp/reports
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
-
-  docker-py:
-    runs-on: ubuntu-20.04
-    timeout-minutes: 120
-    needs:
-      - build-dev
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build dev image
-        uses: docker/bake-action@v2
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Test
-        run: |
-          make -o build test-docker-py
-      -
-        name: Prepare reports
-        if: always()
-        run: |
-          mkdir -p bundles /tmp/reports
-          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
-          tar -xzf /tmp/reports.tar.gz -C /tmp/reports
-          sudo chown -R $(id -u):$(id -g) /tmp/reports
-          tree -nh /tmp/reports
-      -
-        name: Test daemon logs
-        if: always()
-        run: |
-          cat bundles/test-docker-py/docker.log
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: docker-py-reports
-          path: /tmp/reports/*
-
-  integration-flaky:
-    runs-on: ubuntu-20.04
-    timeout-minutes: 120
-    needs:
-      - build-dev
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build dev image
-        uses: docker/bake-action@v2
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Test
-        run: |
-          make -o build test-integration-flaky
-        env:
-          TEST_SKIP_INTEGRATION_CLI: 1
-
-  integration:
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 120
-    needs:
-      - build-dev
-    strategy:
-      fail-fast: false
-      matrix:
-        os:
-          - ubuntu-20.04
-          - ubuntu-22.04
-        mode:
-          - ""
-          - rootless
-          - systemd
-          #- rootless-systemd FIXME: https://github.com/moby/moby/issues/44084
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Prepare
-        run: |
-          CACHE_DEV_SCOPE=dev
-          if [[ "${{ matrix.mode }}" == *"rootless"* ]]; then
-            echo "DOCKER_ROOTLESS=1" >> $GITHUB_ENV
-          fi
-          if [[ "${{ matrix.mode }}" == *"systemd"* ]]; then
-            echo "SYSTEMD=true" >> $GITHUB_ENV
-            CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}systemd"
-          fi
-          echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build dev image
-        uses: docker/bake-action@v2
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=${{ env.CACHE_DEV_SCOPE }}
-      -
-        name: Test
-        run: |
-          make -o build test-integration
-        env:
-          TEST_SKIP_INTEGRATION_CLI: 1
-          TESTCOVERAGE: 1
-      -
-        name: Prepare reports
-        if: always()
-        run: |
-          reportsPath="/tmp/reports/${{ matrix.os }}"
-          if [ -n "${{ matrix.mode }}" ]; then
-            reportsPath="$reportsPath-${{ matrix.mode }}"
-          fi
-          mkdir -p bundles $reportsPath
-          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
-          tar -xzf /tmp/reports.tar.gz -C $reportsPath
-          sudo chown -R $(id -u):$(id -g) $reportsPath
-          tree -nh $reportsPath
-      -
-        name: Send to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          directory: ./bundles/test-integration
-          env_vars: RUNNER_OS
-          flags: integration,${{ matrix.mode }}
-      -
-        name: Test daemon logs
-        if: always()
-        run: |
-          cat bundles/test-integration/docker.log
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: integration-reports
-          path: /tmp/reports/*
-
-  integration-report:
-    runs-on: ubuntu-20.04
-    timeout-minutes: 10
-    if: always()
-    needs:
-      - integration
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download reports
-        uses: actions/download-artifact@v3
-        with:
-          name: integration-reports
-          path: /tmp/reports
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
-
-  integration-cli-prepare:
-    runs-on: ubuntu-20.04
-    needs:
-      - validate-dco
-    outputs:
-      matrix: ${{ steps.tests.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Install gotestlist
-        run:
-          go install github.com/crazy-max/gotestlist/cmd/gotestlist@${{ env.GOTESTLIST_VERSION }}
-      -
-        name: Create matrix
-        id: tests
-        working-directory: ./integration-cli
-        run: |
-          # This step creates a matrix for integration-cli tests. Tests suites
-          # are distributed in integration-cli job through a matrix. There is
-          # also overrides being added to the matrix like "./..." to run
-          # "Test integration" step exclusively and specific tests suites that
-          # take a long time to run.
-          matrix="$(gotestlist -d ${{ env.ITG_CLI_MATRIX_SIZE }} -o "./..." -o "DockerSwarmSuite" -o "DockerNetworkSuite|DockerExternalVolumeSuite" ./...)"
-          echo "matrix=$matrix" >> $GITHUB_OUTPUT
-      -
-        name: Show matrix
-        run: |
-          echo ${{ steps.tests.outputs.matrix }}
-
-  integration-cli:
-    runs-on: ubuntu-20.04
-    timeout-minutes: 120
-    needs:
-      - build-dev
-      - integration-cli-prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        test: ${{ fromJson(needs.integration-cli-prepare.outputs.matrix) }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build dev image
-        uses: docker/bake-action@v2
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Test
-        run: |
-          make -o build test-integration
-        env:
-          TEST_SKIP_INTEGRATION: 1
-          TESTCOVERAGE: 1
-          TESTFLAGS: "-test.run (${{ matrix.test }})/"
-      -
-        name: Prepare reports
-        if: always()
-        run: |
-          reportsPath=/tmp/reports/$(echo -n "${{ matrix.test }}" | sha256sum | cut -d " " -f 1)
-          mkdir -p bundles $reportsPath
-          echo "${{ matrix.test }}" | tr -s '|' '\n' | tee -a "$reportsPath/tests.txt"
-          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
-          tar -xzf /tmp/reports.tar.gz -C $reportsPath
-          sudo chown -R $(id -u):$(id -g) $reportsPath
-          tree -nh $reportsPath
-      -
-        name: Send to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          directory: ./bundles/test-integration
-          env_vars: RUNNER_OS
-          flags: integration-cli
-      -
-        name: Test daemon logs
-        if: always()
-        run: |
-          cat bundles/test-integration/docker.log
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: integration-cli-reports
-          path: /tmp/reports/*
-
-  integration-cli-report:
-    runs-on: ubuntu-20.04
-    timeout-minutes: 10
-    if: always()
-    needs:
-      - integration-cli
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download reports
-        uses: actions/download-artifact@v3
-        with:
-          name: integration-cli-reports
-          path: /tmp/reports
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
-
-  prepare-smoke:
-    runs-on: ubuntu-20.04
-    needs:
-      - validate-dco
-    outputs:
-      matrix: ${{ steps.platforms.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Create matrix
-        id: platforms
-        run: |
-          matrix="$(docker buildx bake binary-smoketest --print | jq -cr '.target."binary-smoketest".platforms')"
-          echo "matrix=$matrix" >> $GITHUB_OUTPUT
-      -
-        name: Show matrix
-        run: |
-          echo ${{ steps.platforms.outputs.matrix }}
-
-  smoke:
-    runs-on: ubuntu-20.04
-    needs:
-      - prepare-smoke
-    strategy:
-      fail-fast: false
-      matrix:
-        platform: ${{ fromJson(needs.prepare-smoke.outputs.matrix) }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Prepare
-        run: |
-          platform=${{ matrix.platform }}
-          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Test
-        uses: docker/bake-action@v2
-        with:
-          targets: binary-smoketest
-          set: |
-            *.platform=${{ matrix.platform }}

.github/workflows/windows-2019.yml

@@ -1,22 +0,0 @@
-name: windows-2019
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  schedule:
-    - cron: '0 10 * * *'
-  workflow_dispatch:
-
-jobs:
-  validate-dco:
-    uses: ./.github/workflows/.dco.yml
-
-  run:
-    needs:
-      - validate-dco
-    uses: ./.github/workflows/.windows.yml
-    with:
-      os: windows-2019
-      send_coverage: false

.github/workflows/windows-2022.yml

@@ -1,25 +0,0 @@
-name: windows-2022
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - '[0-9]+.[0-9]+'
-  pull_request:
-
-jobs:
-  validate-dco:
-    uses: ./.github/workflows/.dco.yml
-
-  run:
-    needs:
-      - validate-dco
-    uses: ./.github/workflows/.windows.yml
-    with:
-      os: windows-2022
-      send_coverage: true

.gitignore

@@ -1,28 +1,23 @@
-# If you want to ignore files created by your editor/tools, please consider a
-# [global .gitignore](https://help.github.com/articles/ignoring-files).
-
-*~
-*.bak
+# Docker project generated files to ignore
+#  if you want to ignore files created by your editor/tools,
+#  please consider a global .gitignore https://help.github.com/articles/ignoring-files
+*.exe
+*.exe~
+*.gz
 *.orig
+test.main
 .*.swp
 .DS_Store
-thumbs.db
-
-# local repository customization
-.envrc
+# a .bashrc may be added to customize the build environment
 .bashrc
 .editorconfig
-
-# build artifacts
+.gopath/
+.go-pkg-cache/
+autogen/
 bundles/
-cli/winresources/*/*.syso
-cli/winresources/*/winres.json
+cmd/dockerd/dockerd
 contrib/builder/rpm/*/changelog
-
-# ci artifacts
-*.exe
-*.gz
+vendor/pkg/
 go-test-report.json
-junit-report.xml
 profile.out
-test.main
+junit-report.xml

.mailmap

@@ -1,22 +1,15 @@
-# This file lists the canonical name and email of contributors, and is used to
-# generate AUTHORS (in hack/generate-authors.sh).
-#
-# To find new duplicates, regenerate AUTHORS and scan for name duplicates, or
-# run the following to find email duplicates:
-#   git log --format='%aE - %aN' | sort -uf | awk -v IGNORECASE=1 '$1 in a {print a[$1]; print}; {a[$1]=$0}'
-#
-# For an explanation of this file format, consult gitmailmap(5).
+# Generate AUTHORS: hack/generate-authors.sh
 
+# Tip for finding duplicates (besides scanning the output of AUTHORS for name
+# duplicates that aren't also email duplicates): scan the output of:
+#   git log --format='%aE - %aN' | sort -uf
+#
+# For explanation on this file format: man git-shortlog
+
+<21551195@zju.edu.cn> <hsinko@users.noreply.github.com>
+<mr.wrfly@gmail.com> <wrfly@users.noreply.github.com>
 Aaron L. Xu <liker.xu@foxmail.com>
-Aaron L. Xu <liker.xu@foxmail.com> <likexu@harmonycloud.cn>
-Aaron Lehmann <alehmann@netflix.com>
-Aaron Lehmann <alehmann@netflix.com> <aaron.lehmann@docker.com>
-Abhinandan Prativadi <aprativadi@gmail.com>
-Abhinandan Prativadi <aprativadi@gmail.com> <abhi@docker.com>
-Abhinandan Prativadi <aprativadi@gmail.com> abhi <user.email>
-Abhishek Chanda <abhishek.becs@gmail.com>
-Abhishek Chanda <abhishek.becs@gmail.com> <abhishek.chanda@emc.com>
-Ada Mancini <ada@docker.com>
+Abhinandan Prativadi <abhi@docker.com>
 Adam Dobrawy <naczelnik@jawnosc.tk>
 Adam Dobrawy <naczelnik@jawnosc.tk> <ad-m@users.noreply.github.com>
 Adrien Gallouët <adrien@gallouet.fr> <angt@users.noreply.github.com>
@@ -29,37 +22,22 @@ Akihiro Matsushima <amatsusbit@gmail.com> <amatsus@users.noreply.github.com>
 Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> <suda.akihiro@lab.ntt.co.jp>
 Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> <suda.kyoto@gmail.com>
-Akshay Moghe <akshay.moghe@gmail.com>
-Albin Kerouanton <albinker@gmail.com>
-Albin Kerouanton <albinker@gmail.com> <albin@akerouanton.name>
 Aleksa Sarai <asarai@suse.de>
 Aleksa Sarai <asarai@suse.de> <asarai@suse.com>
 Aleksa Sarai <asarai@suse.de> <cyphar@cyphar.com>
 Aleksandrs Fadins <aleks@s-ko.net>
-Alessandro Boch <aboch@tetrationanalytics.com>
 Alessandro Boch <aboch@tetrationanalytics.com> <aboch@docker.com>
-Alessandro Boch <aboch@tetrationanalytics.com> <aboch@socketplane.io>
-Alessandro Boch <aboch@tetrationanalytics.com> <aboch@users.noreply.github.com>
-Alex Chan <alex@alexwlchan.net>
-Alex Chan <alex@alexwlchan.net> <alex.chan@metaswitch.com>
 Alex Chen <alexchenunix@gmail.com> <root@localhost.localdomain>
 Alex Ellis <alexellis2@gmail.com>
 Alex Goodman <wagoodman@gmail.com> <wagoodman@users.noreply.github.com>
 Alexander Larsson <alexl@redhat.com> <alexander.larsson@gmail.com>
-Alexander Morozov <lk4d4math@gmail.com>
-Alexander Morozov <lk4d4math@gmail.com> <lk4d4@docker.com>
+Alexander Morozov <lk4d4@docker.com>
+Alexander Morozov <lk4d4@docker.com> <lk4d4math@gmail.com>
 Alexandre Beslic <alexandre.beslic@gmail.com> <abronan@docker.com>
-Alexandre González <agonzalezro@gmail.com>
-Alexis Ries <ries.alexis@gmail.com>
-Alexis Ries <ries.alexis@gmail.com> <alexis.ries.ext@orange.com>
-Alexis Thomas <fr.alexisthomas@gmail.com>
 Alicia Lauerman <alicia@eta.im> <allydevour@me.com>
 Allen Sun <allensun.shl@alibaba-inc.com> <allen.sun@daocloud.io>
 Allen Sun <allensun.shl@alibaba-inc.com> <shlallen1990@gmail.com>
-Anca Iordache <anca.iordache@docker.com>
 Andrea Denisse Gómez <crypto.andrea@protonmail.ch>
-Andrew Kim <taeyeonkim90@gmail.com>
-Andrew Kim <taeyeonkim90@gmail.com> <akim01@fortinet.com>
 Andrew Weiss <andrew.weiss@docker.com> <andrew.weiss@microsoft.com>
 Andrew Weiss <andrew.weiss@docker.com> <andrew.weiss@outlook.com>
 Andrey Kolomentsev <andrey.kolomentsev@docker.com>
@@ -67,8 +45,6 @@ Andrey Kolomentsev <andrey.kolomentsev@docker.com> <andrey.kolomentsev@gmail.com
 André Martins  <aanm90@gmail.com> <martins@noironetworks.com>
 Andy Rothfusz <github@developersupport.net> <github@metaliveblog.com>
 Andy Smith <github@anarkystic.com>
-Andy Zhang <andy.zhangtao@hotmail.com>
-Andy Zhang <andy.zhangtao@hotmail.com> <ztao@tibco-support.com>
 Ankush Agarwal <ankushagarwal11@gmail.com> <ankushagarwal@users.noreply.github.com>
 Antonio Murdaca <antonio.murdaca@gmail.com> <amurdaca@redhat.com>
 Antonio Murdaca <antonio.murdaca@gmail.com> <me@runcom.ninja>
@@ -78,16 +54,11 @@ Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@users.noreply.github.com>
 Anuj Bahuguna <anujbahuguna.dev@gmail.com>
 Anuj Bahuguna <anujbahuguna.dev@gmail.com> <abahuguna@fiberlink.com>
 Anusha Ragunathan <anusha.ragunathan@docker.com> <anusha@docker.com>
-Anyu Wang <wanganyu@outlook.com>
-Arko Dasgupta <arko@tetrate.io>
-Arko Dasgupta <arko@tetrate.io> <arko.dasgupta@docker.com>
-Arko Dasgupta <arko@tetrate.io> <arkodg@users.noreply.github.com>
-Arnaud Porterie <icecrime@gmail.com>
-Arnaud Porterie <icecrime@gmail.com> <arnaud.porterie@docker.com>
-Arnaud Rebillout <arnaud.rebillout@collabora.com>
-Arnaud Rebillout <arnaud.rebillout@collabora.com> <elboulangero@gmail.com>
+Arko Dasgupta <arko.dasgupta@docker.com>
+Arko Dasgupta <arko.dasgupta@docker.com> <arkodg@users.noreply.github.com>
+Arnaud Porterie <arnaud.porterie@docker.com>
+Arnaud Porterie <arnaud.porterie@docker.com> <icecrime@gmail.com>
 Arthur Gautier <baloo@gandi.net> <superbaloo+registrations.github@superbaloo.net>
-Artur Meyster <arthurfbi@yahoo.com>
 Avi Miller <avi.miller@oracle.com> <avi.miller@gmail.com>
 Ben Bonnefoy <frenchben@docker.com>
 Ben Golub <ben.golub@dotcloud.com>
@@ -104,18 +75,13 @@ Bin Liu <liubin0329@gmail.com>
 Bin Liu <liubin0329@gmail.com> <liubin0329@users.noreply.github.com>
 Bingshen Wang <bingshen.wbs@alibaba-inc.com>
 Boaz Shuster <ripcurld.github@gmail.com>
-Bojun Zhu <bojun.zhu@foxmail.com>
 Boqin Qin <bobbqqin@gmail.com>
-Boshi Lian <farmer1992@gmail.com>
 Brandon Philips <brandon.philips@coreos.com> <brandon@ifup.co>
 Brandon Philips <brandon.philips@coreos.com> <brandon@ifup.org>
 Brent Salisbury <brent.salisbury@docker.com> <brent@docker.com>
 Brian Goff <cpuguy83@gmail.com>
 Brian Goff <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.home>
 Brian Goff <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.local>
-Brian Goff <cpuguy83@gmail.com> <brian.goff@microsoft.com>
-Brian Goff <cpuguy83@gmail.com> <cpuguy@hey.com>
-Cameron Sparr <gh@sparr.email>
 Carlos de Paula <me@carlosedp.com>
 Chander Govindarajan <chandergovind@gmail.com>
 Chao Wang <wangchao.fnst@cn.fujitsu.com> <chaowang@localhost.localdomain>
@@ -130,8 +96,6 @@ Chris Dias <cdias@microsoft.com>
 Chris McKinnel <chris.mckinnel@tangentlabs.co.uk>
 Chris Price <cprice@mirantis.com>
 Chris Price <cprice@mirantis.com> <chris.price@docker.com>
-Chris Telfer <ctelfer@docker.com>
-Chris Telfer <ctelfer@docker.com> <ctelfer@users.noreply.github.com>
 Christopher Biscardi <biscarch@sketcht.com>
 Christopher Latham <sudosurootdev@gmail.com>
 Christy Norman <christy@linux.vnet.ibm.com>
@@ -171,17 +135,12 @@ David M. Karr <davidmichaelkarr@gmail.com>
 David Sheets <dsheets@docker.com> <sheets@alum.mit.edu>
 David Sissitka <me@dsissitka.com>
 David Williamson <david.williamson@docker.com> <davidwilliamson@users.noreply.github.com>
-Derek Ch <denc716@gmail.com>
-Derek McGowan <derek@mcg.dev>
-Derek McGowan <derek@mcg.dev> <derek@mcgstyle.net>
 Deshi Xiao <dxiao@redhat.com> <dsxiao@dataman-inc.com>
 Deshi Xiao <dxiao@redhat.com> <xiaods@gmail.com>
-Dhilip Kumars <dhilip.kumar.s@huawei.com>
 Diego Siqueira <dieg0@live.com>
 Diogo Monica <diogo@docker.com> <diogo.monica@gmail.com>
 Dmitry Sharshakov <d3dx12.xx@gmail.com>
 Dmitry Sharshakov <d3dx12.xx@gmail.com> <sh7dm@outlook.com>
-Dmytro Iakovliev <dmytro.iakovliev@zodiacsystems.com>
 Dominic Yin <yindongchao@inspur.com>
 Dominik Honnef <dominik@honnef.co> <dominikh@fork-bomb.org>
 Doug Davis <dug@us.ibm.com> <duglin@users.noreply.github.com>
@@ -191,9 +150,6 @@ Drew Erny <derny@mirantis.com> <drew.erny@docker.com>
 Elan Ruusamäe <glen@pld-linux.org>
 Elan Ruusamäe <glen@pld-linux.org> <glen@delfi.ee>
 Elango Sivanandam <elango.siva@docker.com>
-Elango Sivanandam <elango.siva@docker.com> <elango@docker.com>
-Eli Uriegas <seemethere101@gmail.com>
-Eli Uriegas <seemethere101@gmail.com> <eli.uriegas@docker.com>
 Eric G. Noriega <enoriega@vizuri.com> <egnoriega@users.noreply.github.com>
 Eric Hanchrow <ehanchrow@ine.com> <eric.hanchrow@gmail.com>
 Eric Rosenberg <ehaydenr@gmail.com> <ehaydenr@users.noreply.github.com>
@@ -215,10 +171,8 @@ Feng Yan <fy2462@gmail.com>
 Fengtu Wang <wangfengtu@huawei.com> <wangfengtu@huawei.com>
 Francisco Carriedo <fcarriedo@gmail.com>
 Frank Rosquin <frank.rosquin+github@gmail.com> <frank.rosquin@gmail.com>
-Frank Yang <yyb196@gmail.com>
 Frederick F. Kautz IV <fkautz@redhat.com> <fkautz@alumni.cmu.edu>
 Fu JinLin <withlin@yeah.net>
-Gabriel Goller <gabrielgoller123@gmail.com>
 Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
 Gaetan de Villele <gdevillele@gmail.com>
 Gang Qiao <qiaohai8866@gmail.com> <1373319223@qq.com>
@@ -238,61 +192,42 @@ Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume.charmes@dotcloud.
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@charmes.net>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@docker.com>
 Guillaume J. Charmes <guillaume.charmes@docker.com> <guillaume@dotcloud.com>
-Gunadhya S. <6939749+gunadhya@users.noreply.github.com>
-Guoqiang QI <guoqiang.qi1@gmail.com>
 Guri <odg0318@gmail.com>
 Gurjeet Singh <gurjeet@singh.im> <singh.gurjeet@gmail.com>
 Gustav Sinder <gustav.sinder@gmail.com>
 Günther Jungbluth <gunther@gameslabs.net>
 Hakan Özler <hakan.ozler@kodcu.com>
-Hao Shu Wei <haoshuwei24@gmail.com>
-Hao Shu Wei <haoshuwei24@gmail.com> <haoshuwei1989@163.com>
-Hao Shu Wei <haoshuwei24@gmail.com> <haosw@cn.ibm.com>
+Hao Shu Wei <haosw@cn.ibm.com>
+Hao Shu Wei <haosw@cn.ibm.com> <haoshuwei1989@163.com>
 Harald Albers <github@albersweb.de> <albers@users.noreply.github.com>
 Harald Niesche <harald@niesche.de>
 Harold Cooper <hrldcpr@gmail.com>
-Harry Zhang <harryz@hyper.sh>
 Harry Zhang <harryz@hyper.sh> <harryzhang@zju.edu.cn>
 Harry Zhang <harryz@hyper.sh> <resouer@163.com>
 Harry Zhang <harryz@hyper.sh> <resouer@gmail.com>
+Harry Zhang <resouer@163.com>
 Harshal Patil <harshal.patil@in.ibm.com> <harche@users.noreply.github.com>
-He Simei <hesimei@zju.edu.cn>
 Helen Xie <chenjg@harmonycloud.cn>
 Hiroyuki Sasagawa <hs19870702@gmail.com>
 Hollie Teal <hollie@docker.com>
 Hollie Teal <hollie@docker.com> <hollie.teal@docker.com>
 Hollie Teal <hollie@docker.com> <hollietealok@users.noreply.github.com>
-hsinko <21551195@zju.edu.cn> <hsinko@users.noreply.github.com>
 Hu Keping <hukeping@huawei.com>
-Hui Kang <hkang.sunysb@gmail.com>
-Hui Kang <hkang.sunysb@gmail.com> <kangh@us.ibm.com>
 Huu Nguyen <huu@prismskylabs.com> <whoshuu@gmail.com>
-Hyeongkyu Lee <hyeongkyu.lee@navercorp.com>
 Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com>
 Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com> <1187766782@qq.com>
 Ian Campbell <ian.campbell@docker.com>
 Ian Campbell <ian.campbell@docker.com> <ijc@docker.com>
 Ilya Khlopotov <ilya.khlopotov@gmail.com>
 Iskander Sharipov <quasilyte@gmail.com>
-Ivan Babrou <ibobrik@gmail.com>
 Ivan Markin <sw@nogoegst.net> <twim@riseup.net>
 Jack Laxson <jackjrabbit@gmail.com>
 Jacob Atzen <jacob@jacobatzen.dk> <jatzen@gmail.com>
 Jacob Tomlinson <jacob@tom.linson.uk> <jacobtomlinson@users.noreply.github.com>
 Jaivish Kothari <janonymous.codevulture@gmail.com>
-Jake Moshenko <jake@devtable.com>
-Jakub Drahos <jdrahos@pulsepoint.com>
-Jakub Drahos <jdrahos@pulsepoint.com> <jack.drahos@gmail.com>
 James Nesbitt <jnesbitt@mirantis.com>
 James Nesbitt <jnesbitt@mirantis.com> <james.nesbitt@wunderkraut.com>
 Jamie Hannaford <jamie@limetree.org> <jamie.hannaford@rackspace.com>
-Jan Götte <jaseg@jaseg.net>
-Jana Radhakrishnan <mrjana@docker.com>
-Jana Radhakrishnan <mrjana@docker.com> <mrjana@socketplane.io>
-Javier Bassi <javierbassi@gmail.com>
-Javier Bassi <javierbassi@gmail.com> <CrimsonGlory@users.noreply.github.com>
-Jay Lim <jay@imjching.com>
-Jay Lim <jay@imjching.com> <imjching@hotmail.com>
 Jean Rouge <rougej+github@gmail.com> <jer329@cornell.edu>
 Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
 Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
@@ -322,12 +257,11 @@ Joffrey F <joffrey@docker.com> <joffrey@dotcloud.com>
 Johan Euphrosine <proppy@google.com> <proppy@aminche.com>
 John Harris <john@johnharris.io>
 John Howard <github@lowenna.com>
-John Howard <github@lowenna.com> <10522484+lowenna@users.noreply.github.com>
 John Howard <github@lowenna.com> <jhoward@microsoft.com>
 John Howard <github@lowenna.com> <jhoward@ntdev.microsoft.com>
 John Howard <github@lowenna.com> <jhowardmsft@users.noreply.github.com>
+John Howard <github@lowenna.com> <John.Howard@microsoft.com>
 John Howard <github@lowenna.com> <john.howard@microsoft.com>
-John Howard <github@lowenna.com> <john@lowenna.com>
 John Stephens <johnstep@docker.com> <johnstep@users.noreply.github.com>
 Jon Surrell <jon.surrell@gmail.com> <jon.surrell@automattic.com>
 Jonathan Choy <jonathan.j.choy@gmail.com>
@@ -347,12 +281,9 @@ Josh Wilson <josh.wilson@fivestars.com> <jcwilson@users.noreply.github.com>
 Joyce Jang <mail@joycejang.com>
 Julien Bordellier <julienbordellier@gmail.com> <git@julienbordellier.com>
 Julien Bordellier <julienbordellier@gmail.com> <me@julienbordellier.com>
-Jun Du <dujun5@huawei.com>
 Justin Cormack <justin.cormack@docker.com>
 Justin Cormack <justin.cormack@docker.com> <justin.cormack@unikernel.com>
 Justin Cormack <justin.cormack@docker.com> <justin@specialbusservice.com>
-Justin Keller <85903732+jk-vb@users.noreply.github.com>
-Justin Keller <85903732+jk-vb@users.noreply.github.com> <jkeller@vb-jkeller-mbp.local>
 Justin Simonelis <justin.p.simonelis@gmail.com> <justin.simonelis@PTS-JSIMON2.toronto.exclamation.com>
 Justin Terry <juterry@microsoft.com>
 Jérôme Petazzoni <jerome.petazzoni@docker.com> <jerome.petazzoni@dotcloud.com>
@@ -369,7 +300,6 @@ Ken Cochrane <kencochrane@gmail.com> <KenCochrane@gmail.com>
 Ken Herner <kherner@progress.com> <chosenken@gmail.com>
 Ken Reese <krrgithub@gmail.com>
 Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
-Kevin Alvarez <crazy-max@users.noreply.github.com>
 Kevin Feyrer <kevin.feyrer@btinternet.com> <kevinfeyrer@users.noreply.github.com>
 Kevin Kern <kaiwentan@harmonycloud.cn>
 Kevin Meredith <kevin.m.meredith@gmail.com>
@@ -380,17 +310,11 @@ Konrad Kleine <konrad.wilhelm.kleine@gmail.com> <kwk@users.noreply.github.com>
 Konstantin Gribov <grossws@gmail.com>
 Konstantin Pelykh <kpelykh@zettaset.com>
 Kotaro Yoshimatsu <kotaro.yoshimatsu@gmail.com>
-Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
-Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> <btkushuwahak@KUNAL-PC.swh.swh.nttdata.co.jp>
 Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> <kunal.kushwaha@gmail.com>
-Kyle Squizzato <ksquizz@gmail.com>
-Kyle Squizzato <ksquizz@gmail.com> <kyle.squizzato@docker.com>
 Lajos Papp <lajos.papp@sequenceiq.com> <lalyos@yahoo.com>
 Lei Gong <lgong@alauda.io>
 Lei Jitang <leijitang@huawei.com>
 Lei Jitang <leijitang@huawei.com> <leijitang@gmail.com>
-Lei Jitang <leijitang@huawei.com> <leijitang@outlook.com>
-Leiiwang <u2takey@gmail.com>
 Liang Mingqiang <mqliang.zju@gmail.com>
 Liang-Chi Hsieh <viirya@gmail.com>
 Liao Qingwei <liaoqingwei@huawei.com>
@@ -407,11 +331,8 @@ Lyn <energylyn@zju.edu.cn>
 Lynda O'Leary <lyndaoleary29@gmail.com>
 Lynda O'Leary <lyndaoleary29@gmail.com> <lyndaoleary@hotmail.com>
 Ma Müller <mueller-ma@users.noreply.github.com>
-Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com>
-Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com> <madhanm@corp.microsoft.com>
 Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com> <madhanm@microsoft.com>
-Madhu Venugopal <mavenugo@gmail.com> <madhu@docker.com>
-Madhu Venugopal <mavenugo@gmail.com> <madhu@socketplane.io>
+Madhu Venugopal <madhu@socketplane.io> <madhu@docker.com>
 Mageee <fangpuyi@foxmail.com> <21521230.zju.edu.cn>
 Mansi Nahar <mmn4185@rit.edu> <mansi.nahar@macbookpro-mansinahar.local>
 Mansi Nahar <mmn4185@rit.edu> <mansinahar@users.noreply.github.com>
@@ -424,12 +345,10 @@ Markan Patel <mpatel678@gmail.com>
 Markus Kortlang <hyp3rdino@googlemail.com> <markus.kortlang@lhsystems.com>
 Martin Redmond <redmond.martin@gmail.com> <martin@tinychat.com>
 Martin Redmond <redmond.martin@gmail.com> <xgithub@redmond5.com>
-Maru Newby <mnewby@thesprawl.net>
 Mary Anthony <mary.anthony@docker.com> <mary@docker.com>
 Mary Anthony <mary.anthony@docker.com> <moxieandmore@gmail.com>
 Mary Anthony <mary.anthony@docker.com> moxiegirl <mary@docker.com>
 Masato Ohba <over.rye@gmail.com>
-Mathieu Paturel <mathieu.paturel@gmail.com>
 Matt Bentley <matt.bentley@docker.com> <mbentley@mbentley.net>
 Matt Schurenko <matt.schurenko@gmail.com>
 Matt Williams <mattyw@me.com>
@@ -441,23 +360,15 @@ Matthias Kühnle <git.nivoc@neverbox.com> <kuehnle@online.de>
 Mauricio Garavaglia <mauricio@medallia.com> <mauriciogaravaglia@gmail.com>
 Maxwell <csuhp007@gmail.com>
 Maxwell <csuhp007@gmail.com> <csuhqg@foxmail.com>
-Menghui Chen <menghui.chen@alibaba-inc.com>
-Michael Beskin <mrbeskin@gmail.com>
-Michael Crosby <crosbymichael@gmail.com>
-Michael Crosby <crosbymichael@gmail.com> <crosby.michael@gmail.com>
-Michael Crosby <crosbymichael@gmail.com> <michael@crosbymichael.com>
-Michael Crosby <crosbymichael@gmail.com> <michael@docker.com>
-Michael Crosby <crosbymichael@gmail.com> <michael@thepasture.io>
+Michael Crosby <michael@docker.com> <crosby.michael@gmail.com>
+Michael Crosby <michael@docker.com> <crosbymichael@gmail.com>
+Michael Crosby <michael@docker.com> <michael@crosbymichael.com>
 Michael Hudson-Doyle <michael.hudson@canonical.com> <michael.hudson@linaro.org>
 Michael Huettermann <michael@huettermann.net>
 Michael Käufl <docker@c.michael-kaeufl.de> <michael-k@users.noreply.github.com>
 Michael Nussbaum <michael.nussbaum@getbraintree.com>
 Michael Nussbaum <michael.nussbaum@getbraintree.com> <code@getbraintree.com>
 Michael Spetsiotis <michael_spets@hotmail.com>
-Michael Stapelberg <michael+gh@stapelberg.de>
-Michael Stapelberg <michael+gh@stapelberg.de> <stapelberg@google.com>
-Michal Kostrzewa <michal.kostrzewa@codilime.com>
-Michal Kostrzewa <michal.kostrzewa@codilime.com> <kostrzewa.michal@o2.pl>
 Michal Minář <miminar@redhat.com>
 Michał Gryko <github@odkurzacz.org>
 Michiel de Jong <michiel@unhosted.org>
@@ -465,19 +376,14 @@ Mickaël Fortunato <morsi.morsicus@gmail.com>
 Miguel Angel Alvarez Cabrerizo <doncicuto@gmail.com> <30386061+doncicuto@users.noreply.github.com>
 Miguel Angel Fernández <elmendalerenda@gmail.com>
 Mihai Borobocea <MihaiBorob@gmail.com> <MihaiBorobocea@gmail.com>
-Mikael Davranche <mikael.davranche@corp.ovh.com>
-Mikael Davranche <mikael.davranche@corp.ovh.com> <mikael.davranche@corp.ovh.net>
 Mike Casas <mkcsas0@gmail.com> <mikecasas@users.noreply.github.com>
 Mike Goelzer <mike.goelzer@docker.com> <mgoelzer@docker.com>
 Milind Chawre <milindchawre@gmail.com>
 Misty Stanley-Jones <misty@docker.com> <misty@apache.org>
-Mohammad Banikazemi <MBanikazemi@gmail.com>
-Mohammad Banikazemi <MBanikazemi@gmail.com> <mb@us.ibm.com>
 Mohit Soni <mosoni@ebay.com> <mohitsoni1989@gmail.com>
 Moorthy RS <rsmoorthy@gmail.com> <rsmoorthy@users.noreply.github.com>
 Moysés Borges <moysesb@gmail.com>
 Moysés Borges <moysesb@gmail.com> <moyses.furtado@wplex.com.br>
-mrfly <mr.wrfly@gmail.com> <wrfly@users.noreply.github.com>
 Nace Oroz <orkica@gmail.com>
 Natasha Jarus <linuxmercedes@gmail.com>
 Nathan LeClaire <nathan.leclaire@docker.com> <nathan.leclaire@gmail.com>
@@ -494,8 +400,6 @@ Oh Jinkyun <tintypemolly@gmail.com> <tintypemolly@Ohui-MacBook-Pro.local>
 Oliver Reason <oli@overrateddev.co>
 Olli Janatuinen <olli.janatuinen@gmail.com>
 Olli Janatuinen <olli.janatuinen@gmail.com> <olljanat@users.noreply.github.com>
-Onur Filiz <onur.filiz@microsoft.com>
-Onur Filiz <onur.filiz@microsoft.com> <ofiliz@users.noreply.github.com>
 Ouyang Liduo <oyld0210@163.com>
 Patrick Stapleton <github@gdi2290.com>
 Paul Liljenberg <liljenberg.paul@gmail.com> <letters@paulnotcom.se>
@@ -506,20 +410,14 @@ Peter Dave Hello <hsu@peterdavehello.org> <PeterDaveHello@users.noreply.github.c
 Peter Jaffe <pjaffe@nevo.com>
 Peter Nagy <xificurC@gmail.com> <pnagy@gratex.com>
 Peter Waller <p@pwaller.net> <peter@scraperwiki.com>
-Phil Estes <estesp@gmail.com>
-Phil Estes <estesp@gmail.com> <estesp@amazon.com>
-Phil Estes <estesp@gmail.com> <estesp@linux.vnet.ibm.com>
+Phil Estes <estesp@linux.vnet.ibm.com> <estesp@gmail.com>
 Philip Alexander Etling <paetling@gmail.com>
 Philipp Gillé <philipp.gille@gmail.com> <philippgille@users.noreply.github.com>
 Prasanna Gautam <prasannagautam@gmail.com>
-Puneet Pruthi <puneet.pruthi@oracle.com>
-Puneet Pruthi <puneet.pruthi@oracle.com> <puneetpruthi@gmail.com>
 Qiang Huang <h.huangqiang@huawei.com>
 Qiang Huang <h.huangqiang@huawei.com> <qhuang@10.0.2.15>
-Qin TianHuan <tianhuan@bingotree.cn>
 Ray Tsang <rayt@google.com> <saturnism@users.noreply.github.com>
 Renaud Gaubert <rgaubert@nvidia.com> <renaud.gaubert@gmail.com>
-Richard Scothern <richard.scothern@gmail.com>
 Robert Terhaar <rterhaar@atlanticdynamic.com> <robbyt@users.noreply.github.com>
 Roberto G. Hashioka <roberto.hashioka@docker.com> <roberto_hashioka@hotmail.com>
 Roberto Muñoz Fernández <robertomf@gmail.com> <roberto.munoz.fernandez.contractor@bbva.com>
@@ -527,28 +425,17 @@ Robin Thoni <robin@rthoni.com>
 Roman Dudin <katrmr@gmail.com> <decadent@users.noreply.github.com>
 Rong Zhang <rongzhang@alauda.io>
 Rongxiang Song <tinysong1226@gmail.com>
-Rony Weng <ronyweng@synology.com>
 Ross Boucher <rboucher@gmail.com>
 Rui Cao <ruicao@alauda.io>
 Runshen Zhu <runshen.zhu@gmail.com>
 Ryan Stelly <ryan.stelly@live.com>
-Ryoga Saito <contact@proelbtn.com>
-Ryoga Saito <contact@proelbtn.com> <proelbtn@users.noreply.github.com>
-Sainath Grandhi <sainath.grandhi@intel.com>
-Sainath Grandhi <sainath.grandhi@intel.com> <saiallforums@gmail.com>
 Sakeven Jiang <jc5930@sina.cn>
-Samuel Karp <me@samuelkarp.com> <skarp@amazon.com>
 Sandeep Bansal <sabansal@microsoft.com>
 Sandeep Bansal <sabansal@microsoft.com> <msabansal@microsoft.com>
-Santhosh Manohar <santhosh@docker.com>
 Sargun Dhillon <sargun@netflix.com> <sargun@sargun.me>
-Satoshi Tagomori <tagomoris@gmail.com>
 Sean Lee <seanlee@tw.ibm.com> <scaleoutsean@users.noreply.github.com>
-Sebastiaan van Stijn <github@gone.nl>
-Sebastiaan van Stijn <github@gone.nl> <moby@example.com>
 Sebastiaan van Stijn <github@gone.nl> <sebastiaan@ws-key-sebas3.dpi1.dpi>
 Sebastiaan van Stijn <github@gone.nl> <thaJeztah@users.noreply.github.com>
-Seongyeol Lim <seongyeol37@gmail.com>
 Shaun Kaasten <shaunk@gmail.com>
 Shawn Landden <shawn@churchofgit.com> <shawnlandden@gmail.com>
 Shengbo Song <thomassong@tencent.com>
@@ -557,10 +444,10 @@ Shih-Yuan Lee <fourdollars@gmail.com>
 Shishir Mahajan <shishir.mahajan@redhat.com> <smahajan@redhat.com>
 Shu-Wai Chow <shu-wai.chow@seattlechildrens.org>
 Shukui Yang <yangshukui@huawei.com>
+Shuwei Hao <haosw@cn.ibm.com>
+Shuwei Hao <haosw@cn.ibm.com> <haoshuwei24@gmail.com>
 Sidhartha Mani <sidharthamn@gmail.com>
 Sjoerd Langkemper <sjoerd-github@linuxonly.nl> <sjoerd@byte.nl>
-Smark Meng <smark@freecoop.net>
-Smark Meng <smark@freecoop.net> <smarkm@users.noreply.github.com>
 Solomon Hykes <solomon@docker.com> <s@docker.com>
 Solomon Hykes <solomon@docker.com> <solomon.hykes@dotcloud.com>
 Solomon Hykes <solomon@docker.com> <solomon@dotcloud.com>
@@ -591,48 +478,29 @@ Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@fosiki.com>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@home.org.au>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@users.noreply.github.com>
 Sven Dowideit <SvenDowideit@home.org.au> <¨SvenDowideit@home.org.au¨>
-Sylvain Baubeau <lebauce@gmail.com>
-Sylvain Baubeau <lebauce@gmail.com> <sbaubeau@redhat.com>
 Sylvain Bellemare <sylvain@ascribe.io>
 Sylvain Bellemare <sylvain@ascribe.io> <sylvain.bellemare@ezeep.com>
-Takuto Sato <tockn.jp@gmail.com>
 Tangi Colin <tangicolin@gmail.com>
 Tejesh Mehta <tejesh.mehta@gmail.com> <tj@init.me>
-Terry Chu <zue.hterry@gmail.com>
-Terry Chu <zue.hterry@gmail.com> <jubosh.tw@gmail.com>
 Thatcher Peskens <thatcher@docker.com>
 Thatcher Peskens <thatcher@docker.com> <thatcher@dotcloud.com>
 Thatcher Peskens <thatcher@docker.com> <thatcher@gmx.net>
-Thiago Alves Silva <thiago.alves@aurea.com>
-Thiago Alves Silva <thiago.alves@aurea.com> <thiagoalves@users.noreply.github.com>
 Thomas Gazagnaire <thomas@gazagnaire.org> <thomas@gazagnaire.com>
-Thomas Ledos <thomas.ledos92@gmail.com>
 Thomas Léveil <thomasleveil@gmail.com>
 Thomas Léveil <thomasleveil@gmail.com> <thomasleveil@users.noreply.github.com>
 Tibor Vass <teabee89@gmail.com> <tibor@docker.com>
 Tibor Vass <teabee89@gmail.com> <tiborvass@users.noreply.github.com>
-Till Claassen <pixelistik@users.noreply.github.com>
 Tim Bart <tim@fewagainstmany.com>
 Tim Bosse <taim@bosboot.org> <maztaim@users.noreply.github.com>
-Tim Potter <tpot@hpe.com>
-Tim Potter <tpot@hpe.com> <tpot@Tims-MacBook-Pro.local>
 Tim Ruffles <oi@truffles.me.uk> <timruffles@googlemail.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
-Tim Wagner <tim.wagner@freenet.ag>
-Tim Wagner <tim.wagner@freenet.ag> <33624860+herrwagner@users.noreply.github.com>
 Tim Zju <21651152@zju.edu.cn>
 Timothy Hobbs <timothyhobbs@seznam.cz>
 Toli Kuznets <toli@docker.com>
 Tom Barlow <tomwbarlow@gmail.com>
-Tom Denham <tom@tomdee.co.uk>
-Tom Denham <tom@tomdee.co.uk> <tom.denham@metaswitch.com>
 Tom Sweeney <tsweeney@redhat.com>
-Tom Wilkie <tom.wilkie@gmail.com>
-Tom Wilkie <tom.wilkie@gmail.com> <tom@weave.works>
 Tõnis Tiigi <tonistiigi@gmail.com>
 Trace Andreason <tandreason@gmail.com>
-Trapier Marshall <tmarshall@mirantis.com>
-Trapier Marshall <tmarshall@mirantis.com> <trapier.marshall@docker.com>
 Trishna Guha <trishnaguha17@gmail.com>
 Tristan Carel <tristan@cogniteev.com>
 Tristan Carel <tristan@cogniteev.com> <tristan.carel@gmail.com>
@@ -646,15 +514,12 @@ Victor Vieux <victor.vieux@docker.com> <victor@docker.com>
 Victor Vieux <victor.vieux@docker.com> <victor@dotcloud.com>
 Victor Vieux <victor.vieux@docker.com> <victorvieux@gmail.com>
 Victor Vieux <victor.vieux@docker.com> <vieux@docker.com>
-Vikas Choudhary <choudharyvikas16@gmail.com>
 Vikram bir Singh <vsingh@mirantis.com>
 Vikram bir Singh <vsingh@mirantis.com> <vikrambir.singh@docker.com>
 Viktor Vojnovski <viktor.vojnovski@amadeus.com> <vojnovski@gmail.com>
 Vincent Batts <vbatts@redhat.com> <vbatts@hashbangbash.com>
-Vincent Bernat <vincent@bernat.ch>
-Vincent Bernat <vincent@bernat.ch> <bernat@luffy.cx>
-Vincent Bernat <vincent@bernat.ch> <Vincent.Bernat@exoscale.ch>
-Vincent Bernat <vincent@bernat.ch> <vincent@bernat.im>
+Vincent Bernat <Vincent.Bernat@exoscale.ch> <bernat@luffy.cx>
+Vincent Bernat <Vincent.Bernat@exoscale.ch> <vincent@bernat.im>
 Vincent Boulineau <vincent.boulineau@datadoghq.com>
 Vincent Demeester <vincent.demeester@docker.com> <vincent+github@demeester.fr>
 Vincent Demeester <vincent.demeester@docker.com> <vincent@demeester.fr>
@@ -663,8 +528,6 @@ Vishnu Kannan <vishnuk@google.com>
 Vitaly Ostrosablin <vostrosablin@virtuozzo.com>
 Vitaly Ostrosablin <vostrosablin@virtuozzo.com> <tmp6154@yandex.ru>
 Vladimir Rutsky <altsysrq@gmail.com> <iamironbob@gmail.com>
-Vladislav Kolesnikov <vkolesnikov@beget.ru>
-Vladislav Kolesnikov <vkolesnikov@beget.ru> <prime@vladqa.ru>
 Walter Stanish <walter@pratyeka.org>
 Wang Chao <chao.wang@ucloud.cn>
 Wang Chao <chao.wang@ucloud.cn> <wcwxyz@gmail.com>
@@ -676,24 +539,17 @@ Wang Yuexiao <wang.yuexiao@zte.com.cn>
 Wayne Chang <wayne@neverfear.org>
 Wayne Song <wsong@docker.com> <wsong@users.noreply.github.com>
 Wei Wu <wuwei4455@gmail.com> cizixs <cizixs@163.com>
-Wei-Ting Kuo <waitingkuo0527@gmail.com>
-Wen Cheng Ma <wenchma@cn.ibm.com>
 Wenjun Tang <tangwj2@lenovo.com> <dodia@163.com>
 Wewang Xiaorenfine <wang.xiaoren@zte.com.cn>
 Will Weaver <monkey@buildingbananas.com>
 Wing-Kam Wong <wingkwong.code@gmail.com>
-WuLonghui <wlh6666@qq.com>
 Xian Chaobo <xianchaobo@huawei.com>
 Xian Chaobo <xianchaobo@huawei.com> <jimmyxian2004@yahoo.com.cn>
 Xianglin Gao <xlgao@zju.edu.cn>
-Xianjie <guxianjie@gmail.com>
-Xianjie <guxianjie@gmail.com> <datastream@datastream-laptop.local>
 Xianlu Bird <xianlubird@gmail.com>
 Xiao YongBiao <xyb4638@gmail.com>
-Xiao Zhang <xiaozhang0210@hotmail.com>
 Xiaodong Liu <liuxiaodong@loongson.cn>
 Xiaodong Zhang <a4012017@sina.com>
-Xiaohua Ding <xiao_hua_ding@sina.cn>
 Xiaoyu Zhang <zhang.xiaoyu33@zte.com.cn>
 Xuecong Liao <satorulogic@gmail.com>
 Yamasaki Masahide <masahide.y@gmail.com>
@@ -711,15 +567,9 @@ Yu Changchun <yuchangchun1@huawei.com>
 Yu Chengxia <yuchengxia@huawei.com>
 Yu Peng <yu.peng36@zte.com.cn>
 Yu Peng <yu.peng36@zte.com.cn> <yupeng36@zte.com.cn>
-Yuan Sun <sunyuan3@huawei.com>
 Yue Zhang <zy675793960@yeah.net>
-Yufei Xiong <yufei.xiong@qq.com>
-Zach Gershman <zachgersh@gmail.com>
-Zach Gershman <zachgersh@gmail.com> <zachgersh@users.noreply.github.com>
 Zachary Jaffee <zjaffee@us.ibm.com> <zij@case.edu>
 Zachary Jaffee <zjaffee@us.ibm.com> <zjaffee@apache.org>
-Zhang Kun <zkazure@gmail.com>
-Zhang Wentao <zhangwentao234@huawei.com>
 ZhangHang <stevezhang2014@gmail.com>
 Zhenkun Bi <bi.zhenkun@zte.com.cn>
 Zhou Hao <zhouhao@cn.fujitsu.com>
@@ -729,5 +579,3 @@ Ziheng Liu <lzhfromustc@gmail.com>
 Zou Yu <zouyu7@huawei.com>
 Zuhayr Elahi <zuhayr.elahi@docker.com>
 Zuhayr Elahi <zuhayr.elahi@docker.com> <elahi.zuhayr@gmail.com>
-정재영 <jjy600901@gmail.com>
-정재영 <jjy600901@gmail.com> <43400316+J-jaeyoung@users.noreply.github.com>

CONTRIBUTING.md

@@ -72,7 +72,7 @@ anybody starts working on it.
 We are always thrilled to receive pull requests. We do our best to process them
 quickly. If your pull request is not accepted on the first try,
 don't get discouraged! Our contributor's guide explains [the review process we
-use for simple changes](https://docs.docker.com/contribute/overview/).
+use for simple changes](https://docs.docker.com/opensource/workflow/make-a-contribution/).
 
 ### Design and cleanup proposals
 
@@ -101,8 +101,9 @@ the contributors guide.
     <td>
       <p>
         Register for the Docker Community Slack at
-	<a href="https://dockr.ly/slack" target="_blank">https://dockr.ly/slack</a>.
+	<a href="https://community.docker.com/registrations/groups/4316" target="_blank">https://community.docker.com/registrations/groups/4316</a>.
         We use the #moby-project channel for general discussion, and there are separate channels for other Moby projects such as #containerd.
+	Archives are available at <a href="https://dockercommunity.slackarchive.io/" target="_blank">https://dockercommunity.slackarchive.io/</a>.
       </p>
     </td>
   </tr>
@@ -309,6 +310,36 @@ Don't forget: being a maintainer is a time investment. Make sure you
 will have time to make yourself available. You don't have to be a
 maintainer to make a difference on the project!
 
+### Manage issues and pull requests using the Derek bot
+
+If you want to help label, assign, close or reopen issues or pull requests
+without commit rights, ask a maintainer to add your Github handle to the 
+`.DEREK.yml` file. [Derek](https://github.com/alexellis/derek) is a bot that extends
+Github's user permissions to help non-committers to manage issues and pull requests simply by commenting.
+
+For example:
+
+* Labels
+
+```
+Derek add label: kind/question
+Derek remove label: status/claimed
+```
+
+* Assign work
+
+```
+Derek assign: username
+Derek unassign: me
+```
+
+* Manage issues and PRs
+
+```
+Derek close
+Derek reopen
+```
+
 ## Moby community guidelines
 
 We want to keep the Moby community awesome, growing and collaborative. We need
@@ -422,6 +453,6 @@ The rules:
     guidelines. Since you've read all the rules, you now know that.
 
 If you are having trouble getting into the mood of idiomatic Go, we recommend
-reading through [Effective Go](https://go.dev/doc/effective_go). The
-[Go Blog](https://go.dev/blog/) is also a great resource. Drinking the
+reading through [Effective Go](https://golang.org/doc/effective_go.html). The
+[Go Blog](https://blog.golang.org) is also a great resource. Drinking the
 kool-aid is a lot easier than going thirsty.

Dockerfile

@@ -1,118 +1,86 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_VERSION=1.20.13
-ARG BASE_DEBIAN_DISTRO="bullseye"
-ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
-ARG XX_VERSION=1.2.1
-
-ARG VPNKIT_VERSION=0.5.0
-
-ARG DOCKERCLI_REPOSITORY="https://github.com/docker/cli.git"
-ARG DOCKERCLI_VERSION=v24.0.2
-# cli version used for integration-cli tests
-ARG DOCKERCLI_INTEGRATION_REPOSITORY="https://github.com/docker/cli.git"
-ARG DOCKERCLI_INTEGRATION_VERSION=v17.06.2-ce
-ARG BUILDX_VERSION=0.11.2
+# syntax=docker/dockerfile:1.1.7-experimental
 
+ARG CROSS="false"
 ARG SYSTEMD="false"
+# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
+ARG GO_VERSION=1.13.15
 ARG DEBIAN_FRONTEND=noninteractive
-ARG DOCKER_STATIC=1
+ARG VPNKIT_VERSION=0.4.0
+ARG DOCKER_BUILDTAGS="apparmor seccomp"
 
-# cross compilation helper
-FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
+ARG BASE_DEBIAN_DISTRO="buster"
+ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
 
-# dummy stage to make sure the image is built for deps that don't support some
-# architectures
-FROM --platform=$BUILDPLATFORM busybox AS build-dummy
-RUN mkdir -p /build
-FROM scratch AS binary-dummy
-COPY --from=build-dummy /build /build
-
-# base
-FROM --platform=$BUILDPLATFORM ${GOLANG_IMAGE} AS base
-COPY --from=xx / /
+FROM ${GOLANG_IMAGE} AS base
 RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
 ARG APT_MIRROR
-RUN test -n "$APT_MIRROR" && sed -ri "s#(httpredir|deb|security).debian.org#${APT_MIRROR}#g" /etc/apt/sources.list || true
-ARG DEBIAN_FRONTEND
-RUN apt-get update && apt-get install --no-install-recommends -y file
+RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \
+ && sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list
 ENV GO111MODULE=off
 
 FROM base AS criu
 ARG DEBIAN_FRONTEND
-ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc
+# Install dependency packages specific to criu
 RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \
     --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \
-        echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/ /' > /etc/apt/sources.list.d/criu.list \
-        && apt-get update \
-        && apt-get install -y --no-install-recommends criu \
-        && install -D /usr/sbin/criu /build/criu
+        apt-get update && apt-get install -y --no-install-recommends \
+            libcap-dev \
+            libnet-dev \
+            libnl-3-dev \
+            libprotobuf-c-dev \
+            libprotobuf-dev \
+            protobuf-c-compiler \
+            protobuf-compiler \
+            python-protobuf
 
-# registry
-FROM base AS registry-src
-WORKDIR /usr/src/registry
-RUN git init . && git remote add origin "https://github.com/distribution/distribution.git"
+# Install CRIU for checkpoint/restore support
+ARG CRIU_VERSION=3.14
+RUN mkdir -p /usr/src/criu \
+    && curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \
+    && cd /usr/src/criu \
+    && make \
+    && make PREFIX=/build/ install-criu
 
 FROM base AS registry
 WORKDIR /go/src/github.com/docker/distribution
-# REGISTRY_VERSION specifies the version of the registry to build and install
-# from the https://github.com/docker/distribution repository. This version of
-# the registry is used to test both schema 1 and schema 2 manifests. Generally,
-# the version specified here should match a current release.
-ARG REGISTRY_VERSION=v2.3.0
-# REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and
-# install from the https://github.com/docker/distribution repository. This is
-# an older (pre v2.3.0) version of the registry that only supports schema1
-# manifests. This version of the registry is not working on arm64, so installation
-# is skipped on that architecture.
-ARG REGISTRY_VERSION_SCHEMA1=v2.1.0
-ARG TARGETPLATFORM
-RUN --mount=from=registry-src,src=/usr/src/registry,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=registry-build-$TARGETPLATFORM \
+# Install two versions of the registry. The first one is a recent version that
+# supports both schema 1 and 2 manifests. The second one is an older version that
+# only supports schema1 manifests. This allows integration-cli tests to cover
+# push/pull with both schema1 and schema2 manifests.
+# The old version of the registry is not working on arm64, so installation is
+# skipped on that architecture.
+ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
+ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
+RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,target=/go/pkg/mod \
-    --mount=type=tmpfs,target=/go/src <<EOT
-  set -ex
-  git fetch -q --depth 1 origin "${REGISTRY_VERSION}" +refs/tags/*:refs/tags/*
-  git checkout -q FETCH_HEAD
-  export GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"
-  CGO_ENABLED=0 xx-go build -o /build/registry-v2 -v ./cmd/registry
-  xx-verify /build/registry-v2
-  case $TARGETPLATFORM in
-    linux/amd64|linux/arm/v7|linux/ppc64le|linux/s390x)
-      git fetch -q --depth 1 origin "${REGISTRY_VERSION_SCHEMA1}" +refs/tags/*:refs/tags/*
-      git checkout -q FETCH_HEAD
-      CGO_ENABLED=0 xx-go build -o /build/registry-v2-schema1 -v ./cmd/registry
-      xx-verify /build/registry-v2-schema1
-      ;;
-  esac
-EOT
-
-# go-swagger
-FROM base AS swagger-src
-WORKDIR /usr/src/swagger
-# Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix
-# TODO: move to under moby/ or fix upstream go-swagger to work for us.
-RUN git init . && git remote add origin "https://github.com/kolyshkin/go-swagger.git"
-# GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and
-# install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen
-ARG GO_SWAGGER_COMMIT=c56166c036004ba7a3a321e5951ba472b9ae298c
-RUN git fetch -q --depth 1 origin "${GO_SWAGGER_COMMIT}" && git checkout -q FETCH_HEAD
+    --mount=type=tmpfs,target=/go/src/ \
+        set -x \
+        && git clone https://github.com/docker/distribution.git . \
+        && git checkout -q "$REGISTRY_COMMIT" \
+        && GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+           go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \
+        && case $(dpkg --print-architecture) in \
+               amd64|armhf|ppc64*|s390x) \
+               git checkout -q "$REGISTRY_COMMIT_SCHEMA1"; \
+               GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \
+                   go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \
+                ;; \
+           esac
 
 FROM base AS swagger
-WORKDIR /go/src/github.com/go-swagger/go-swagger
-ARG TARGETPLATFORM
-RUN --mount=from=swagger-src,src=/usr/src/swagger,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=swagger-build-$TARGETPLATFORM \
+WORKDIR $GOPATH/src/github.com/go-swagger/go-swagger
+# Install go-swagger for validating swagger.yaml
+# This is https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix
+# TODO: move to under moby/ or fix upstream go-swagger to work for us.
+ENV GO_SWAGGER_COMMIT 5e6cb12f7c82ce78e45ba71fa6cb1928094db050
+RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,target=/go/pkg/mod \
-    --mount=type=tmpfs,target=/go/src/ <<EOT
-  set -e
-  xx-go build -o /build/swagger ./cmd/swagger
-  xx-verify /build/swagger
-EOT
+    --mount=type=tmpfs,target=/go/src/ \
+        set -x \
+        && git clone https://github.com/kolyshkin/go-swagger.git . \
+        && git checkout -q "$GO_SWAGGER_COMMIT" \
+        && go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger
 
-# frozen-images
-# See also frozenImages in "testutil/environment/protect.go" (which needs to
-# be updated when adding images to this list)
 FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images
 ARG DEBIAN_FRONTEND
 RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \
@@ -124,351 +92,227 @@ RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/l
 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling
 COPY contrib/download-frozen-image-v2.sh /
 ARG TARGETARCH
-ARG TARGETVARIANT
 RUN /download-frozen-image-v2.sh /build \
+        buildpack-deps:buster@sha256:d0abb4b1e5c664828b93e8b6ac84d10bce45ee469999bef88304be04a2709491 \
         busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
         busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
-        debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \
+        debian:bullseye@sha256:7190e972ab16aefea4d758ebe42a293f4e5c5be63595f4d03a5b9bf6839a4344 \
         hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
         arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
+# See also frozenImages in "testutil/environment/protect.go" (which needs to be updated when adding images to this list)
 
-# delve
-FROM base AS delve-src
-WORKDIR /usr/src/delve
-RUN git init . && git remote add origin "https://github.com/go-delve/delve.git"
-# DELVE_VERSION specifies the version of the Delve debugger binary
-# from the https://github.com/go-delve/delve repository.
-# It can be used to run Docker with a possibility of
-# attaching debugger to it.
-ARG DELVE_VERSION=v1.20.1
-RUN git fetch -q --depth 1 origin "${DELVE_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
+FROM base AS cross-false
 
-FROM base AS delve-build
-WORKDIR /usr/src/delve
-ARG TARGETPLATFORM
-RUN --mount=from=delve-src,src=/usr/src/delve,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=delve-build-$TARGETPLATFORM \
-    --mount=type=cache,target=/go/pkg/mod <<EOT
-  set -e
-  GO111MODULE=on xx-go build -o /build/dlv ./cmd/dlv
-  xx-verify /build/dlv
-EOT
-
-# delve is currently only supported on linux/amd64 and linux/arm64;
-# https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6
-FROM binary-dummy AS delve-windows
-FROM binary-dummy AS delve-linux-arm
-FROM binary-dummy AS delve-linux-ppc64le
-FROM binary-dummy AS delve-linux-s390x
-FROM delve-build AS delve-linux-amd64
-FROM delve-build AS delve-linux-arm64
-FROM delve-linux-${TARGETARCH} AS delve-linux
-FROM delve-${TARGETOS} AS delve
-
-FROM base AS tomll
-# GOTOML_VERSION specifies the version of the tomll binary to build and install
-# from the https://github.com/pelletier/go-toml repository. This binary is used
-# in CI in the hack/validate/toml script.
-#
-# When updating this version, consider updating the github.com/pelletier/go-toml
-# dependency in vendor.mod accordingly.
-ARG GOTOML_VERSION=v1.8.1
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-        GOBIN=/build/ GO111MODULE=on go install "github.com/pelletier/go-toml/cmd/tomll@${GOTOML_VERSION}" \
-     && /build/tomll --help
-
-FROM base AS gowinres
-# GOWINRES_VERSION defines go-winres tool version
-ARG GOWINRES_VERSION=v0.3.1
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-        GOBIN=/build/ GO111MODULE=on go install "github.com/tc-hib/go-winres@${GOWINRES_VERSION}" \
-     && /build/go-winres --help
-
-# containerd
-FROM base AS containerd-src
-WORKDIR /usr/src/containerd
-RUN git init . && git remote add origin "https://github.com/containerd/containerd.git"
-# CONTAINERD_VERSION is used to build containerd binaries, and used for the
-# integration tests. The distributed docker .deb and .rpm packages depend on a
-# separate (containerd.io) package, which may be a different version as is
-# specified here. The containerd golang package is also pinned in vendor.mod.
-# When updating the binary version you may also need to update the vendor
-# version to pick up bug fixes or new APIs, however, usually the Go packages
-# are built from a commit from the master branch.
-ARG CONTAINERD_VERSION=v1.7.13
-RUN git fetch -q --depth 1 origin "${CONTAINERD_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
-
-FROM base AS containerd-build
-WORKDIR /go/src/github.com/containerd/containerd
+FROM --platform=linux/amd64 base AS cross-true
 ARG DEBIAN_FRONTEND
-ARG TARGETPLATFORM
-RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \
-        apt-get update && xx-apt-get install -y --no-install-recommends \
-            gcc libbtrfs-dev libsecret-1-dev
-ARG DOCKER_STATIC
-RUN --mount=from=containerd-src,src=/usr/src/containerd,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=containerd-build-$TARGETPLATFORM <<EOT
-  set -e
-  export CC=$(xx-info)-gcc
-  export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1")
-  xx-go --wrap
-  make $([ "$DOCKER_STATIC" = "1" ] && echo "STATIC=1") binaries
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd-shim-runc-v2
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/ctr
-  mkdir /build
-  mv bin/containerd bin/containerd-shim-runc-v2 bin/ctr /build
-EOT
-
-FROM containerd-build AS containerd-linux
-FROM binary-dummy AS containerd-windows
-FROM containerd-${TARGETOS} AS containerd
-
-FROM base AS golangci_lint
-ARG GOLANGCI_LINT_VERSION=v1.55.2
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-        GOBIN=/build/ GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}" \
-     && /build/golangci-lint --version
-
-FROM base AS gotestsum
-ARG GOTESTSUM_VERSION=v1.8.2
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-        GOBIN=/build/ GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \
-     && /build/gotestsum --version
-
-FROM base AS shfmt
-ARG SHFMT_VERSION=v3.6.0
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-        GOBIN=/build/ GO111MODULE=on go install "mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}" \
-     && /build/shfmt --version
-
-FROM base AS dockercli
-WORKDIR /go/src/github.com/docker/cli
-ARG DOCKERCLI_REPOSITORY
-ARG DOCKERCLI_VERSION
-ARG TARGETPLATFORM
-RUN --mount=source=hack/dockerfile/cli.sh,target=/download-or-build-cli.sh \
-    --mount=type=cache,id=dockercli-git-$TARGETPLATFORM,sharing=locked,target=./.git \
-    --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM \
-        rm -f ./.git/*.lock \
-     && /download-or-build-cli.sh ${DOCKERCLI_VERSION} ${DOCKERCLI_REPOSITORY} /build \
-     && /build/docker --version
-
-FROM base AS dockercli-integration
-WORKDIR /go/src/github.com/docker/cli
-ARG DOCKERCLI_INTEGRATION_REPOSITORY
-ARG DOCKERCLI_INTEGRATION_VERSION
-ARG TARGETPLATFORM
-RUN --mount=source=hack/dockerfile/cli.sh,target=/download-or-build-cli.sh \
-    --mount=type=cache,id=dockercli-git-$TARGETPLATFORM,sharing=locked,target=./.git \
-    --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM \
-        rm -f ./.git/*.lock \
-     && /download-or-build-cli.sh ${DOCKERCLI_INTEGRATION_VERSION} ${DOCKERCLI_INTEGRATION_REPOSITORY} /build \
-     && /build/docker --version
-
-# runc
-FROM base AS runc-src
-WORKDIR /usr/src/runc
-RUN git init . && git remote add origin "https://github.com/opencontainers/runc.git"
-# RUNC_VERSION should match the version that is used by the containerd version
-# that is used. If you need to update runc, open a pull request in the containerd
-# project first, and update both after that is merged. When updating RUNC_VERSION,
-# consider updating runc in vendor.mod accordingly.
-ARG RUNC_VERSION=v1.1.12
-RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
-
-FROM base AS runc-build
-WORKDIR /go/src/github.com/opencontainers/runc
-ARG DEBIAN_FRONTEND
-ARG TARGETPLATFORM
-RUN --mount=type=cache,sharing=locked,id=moby-runc-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-runc-aptcache,target=/var/cache/apt \
-        apt-get update && xx-apt-get install -y --no-install-recommends \
-            dpkg-dev gcc libc6-dev libseccomp-dev
-ARG DOCKER_STATIC
-RUN --mount=from=runc-src,src=/usr/src/runc,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=runc-build-$TARGETPLATFORM <<EOT
-  set -e
-  xx-go --wrap
-  CGO_ENABLED=1 make "$([ "$DOCKER_STATIC" = "1" ] && echo "static" || echo "runc")"
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") runc
-  mkdir /build
-  mv runc /build/
-EOT
-
-FROM runc-build AS runc-linux
-FROM binary-dummy AS runc-windows
-FROM runc-${TARGETOS} AS runc
-
-# tini
-FROM base AS tini-src
-WORKDIR /usr/src/tini
-RUN git init . && git remote add origin "https://github.com/krallin/tini.git"
-# TINI_VERSION specifies the version of tini (docker-init) to build. This
-# binary is used when starting containers with the `--init` option.
-ARG TINI_VERSION=v0.19.0
-RUN git fetch -q --depth 1 origin "${TINI_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
-
-FROM base AS tini-build
-WORKDIR /go/src/github.com/krallin/tini
-ARG DEBIAN_FRONTEND
-RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
-        apt-get update && apt-get install -y --no-install-recommends cmake
-ARG TARGETPLATFORM
-RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
-        xx-apt-get install -y --no-install-recommends \
-            gcc libc6-dev
-RUN --mount=from=tini-src,src=/usr/src/tini,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=tini-build-$TARGETPLATFORM <<EOT
-  set -e
-  CC=$(xx-info)-gcc cmake .
-  make tini-static
-  xx-verify --static tini-static
-  mkdir /build
-  mv tini-static /build/docker-init
-EOT
-
-FROM tini-build AS tini-linux
-FROM binary-dummy AS tini-windows
-FROM tini-${TARGETOS} AS tini
-
-# rootlesskit
-FROM base AS rootlesskit-src
-WORKDIR /usr/src/rootlesskit
-RUN git init . && git remote add origin "https://github.com/rootless-containers/rootlesskit.git"
-# When updating, also update vendor.mod and hack/dockerfile/install/rootlesskit.installer accordingly.
-ARG ROOTLESSKIT_VERSION=v1.1.1
-RUN git fetch -q --depth 1 origin "${ROOTLESSKIT_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
-
-FROM base AS rootlesskit-build
-WORKDIR /go/src/github.com/rootless-containers/rootlesskit
-ARG DEBIAN_FRONTEND
-ARG TARGETPLATFORM
-RUN --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptcache,target=/var/cache/apt \
-        apt-get update && xx-apt-get install -y --no-install-recommends \
-            gcc libc6-dev
-ENV GO111MODULE=on
-ARG DOCKER_STATIC
-RUN --mount=from=rootlesskit-src,src=/usr/src/rootlesskit,rw \
-    --mount=type=cache,target=/go/pkg/mod \
-    --mount=type=cache,target=/root/.cache/go-build,id=rootlesskit-build-$TARGETPLATFORM <<EOT
-  set -e
-  export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1")
-  xx-go build -o /build/rootlesskit -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit
-  xx-go build -o /build/rootlesskit-docker-proxy -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit-docker-proxy
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit-docker-proxy
-EOT
-COPY --link ./contrib/dockerd-rootless.sh /build/
-COPY --link ./contrib/dockerd-rootless-setuptool.sh /build/
-
-FROM rootlesskit-build AS rootlesskit-linux
-FROM binary-dummy AS rootlesskit-windows
-FROM rootlesskit-${TARGETOS} AS rootlesskit
-
-FROM base AS crun
-ARG CRUN_VERSION=1.4.5
-RUN --mount=type=cache,sharing=locked,id=moby-crun-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-crun-aptcache,target=/var/cache/apt \
+RUN dpkg --add-architecture arm64
+RUN dpkg --add-architecture armel
+RUN dpkg --add-architecture armhf
+RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \
         apt-get update && apt-get install -y --no-install-recommends \
-            autoconf \
-            automake \
-            build-essential \
-            libcap-dev \
-            libprotobuf-c-dev \
+            crossbuild-essential-arm64 \
+            crossbuild-essential-armel \
+            crossbuild-essential-armhf
+
+FROM cross-${CROSS} as dev-base
+
+FROM dev-base AS runtime-dev-cross-false
+ARG DEBIAN_FRONTEND
+RUN --mount=type=cache,sharing=locked,id=moby-cross-false-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-cross-false-aptcache,target=/var/cache/apt \
+        apt-get update && apt-get install -y --no-install-recommends \
+            binutils-mingw-w64 \
+            g++-mingw-w64-x86-64 \
+            libapparmor-dev \
+            libbtrfs-dev \
+            libdevmapper-dev \
             libseccomp-dev \
             libsystemd-dev \
-            libtool \
-            libudev-dev \
-            libyajl-dev \
-            python3 \
-            ;
-RUN --mount=type=tmpfs,target=/tmp/crun-build \
-    git clone https://github.com/containers/crun.git /tmp/crun-build && \
-    cd /tmp/crun-build && \
-    git checkout -q "${CRUN_VERSION}" && \
-    ./autogen.sh && \
-    ./configure --bindir=/build && \
-    make -j install
+            libudev-dev
 
-# vpnkit
-# use dummy scratch stage to avoid build to fail for unsupported platforms
-FROM scratch AS vpnkit-windows
-FROM scratch AS vpnkit-linux-386
-FROM scratch AS vpnkit-linux-arm
-FROM scratch AS vpnkit-linux-ppc64le
-FROM scratch AS vpnkit-linux-riscv64
-FROM scratch AS vpnkit-linux-s390x
-FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-amd64
-FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-arm64
-FROM vpnkit-linux-${TARGETARCH} AS vpnkit-linux
-FROM vpnkit-${TARGETOS} AS vpnkit
+FROM --platform=linux/amd64 runtime-dev-cross-false AS runtime-dev-cross-true
+ARG DEBIAN_FRONTEND
+# These crossbuild packages rely on gcc-<arch>, but this doesn't want to install
+# on non-amd64 systems.
+# Additionally, the crossbuild-amd64 is currently only on debian:buster, so
+# other architectures cannnot crossbuild amd64.
+RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \
+        apt-get update && apt-get install -y --no-install-recommends \
+            libapparmor-dev:arm64 \
+            libapparmor-dev:armel \
+            libapparmor-dev:armhf \
+            libseccomp-dev:arm64 \
+            libseccomp-dev:armel \
+            libseccomp-dev:armhf
 
-# containerutility
-FROM base AS containerutil-src
-WORKDIR /usr/src/containerutil
-RUN git init . && git remote add origin "https://github.com/docker-archive/windows-container-utility.git"
-ARG CONTAINERUTILITY_VERSION=aa1ba87e99b68e0113bd27ec26c60b88f9d4ccd9
-RUN git fetch -q --depth 1 origin "${CONTAINERUTILITY_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
+FROM runtime-dev-cross-${CROSS} AS runtime-dev
 
-FROM base AS containerutil-build
-WORKDIR /usr/src/containerutil
-ARG TARGETPLATFORM
-RUN xx-apt-get install -y --no-install-recommends gcc g++ libc6-dev
-RUN --mount=from=containerutil-src,src=/usr/src/containerutil,rw \
-    --mount=type=cache,target=/root/.cache/go-build,id=containerutil-build-$TARGETPLATFORM <<EOT
-  set -e
-  CC="$(xx-info)-gcc" CXX="$(xx-info)-g++" make
-  xx-verify --static containerutility.exe
-  mkdir /build
-  mv containerutility.exe /build/
-EOT
+FROM base AS tomlv
+ARG TOMLV_COMMIT
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
+        PREFIX=/build /tmp/install/install.sh tomlv
 
-FROM binary-dummy AS containerutil-linux
-FROM containerutil-build AS containerutil-windows-amd64
-FROM containerutil-windows-${TARGETARCH} AS containerutil-windows
-FROM containerutil-${TARGETOS} AS containerutil
-FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
+FROM base AS vndr
+ARG VNDR_COMMIT
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
+        PREFIX=/build /tmp/install/install.sh vndr
 
-FROM base AS dev-systemd-false
-COPY --link --from=frozen-images /build/ /docker-frozen-images
-COPY --link --from=swagger       /build/ /usr/local/bin/
-COPY --link --from=delve         /build/ /usr/local/bin/
-COPY --link --from=tomll         /build/ /usr/local/bin/
-COPY --link --from=gowinres      /build/ /usr/local/bin/
-COPY --link --from=tini          /build/ /usr/local/bin/
-COPY --link --from=registry      /build/ /usr/local/bin/
+FROM dev-base AS containerd
+ARG DEBIAN_FRONTEND
+RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \
+        apt-get update && apt-get install -y --no-install-recommends \
+            libbtrfs-dev
+ARG CONTAINERD_COMMIT
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
+        PREFIX=/build /tmp/install/install.sh containerd
 
-# Skip the CRIU stage for now, as the opensuse package repository is sometimes
-# unstable, and we're currently not using it in CI.
-#
-# FIXME(thaJeztah): re-enable this stage when https://github.com/moby/moby/issues/38963 is resolved (see https://github.com/moby/moby/pull/38984)
-# COPY --link --from=criu          /build/ /usr/local/bin/
-COPY --link --from=gotestsum     /build/ /usr/local/bin/
-COPY --link --from=golangci_lint /build/ /usr/local/bin/
-COPY --link --from=shfmt         /build/ /usr/local/bin/
-COPY --link --from=runc          /build/ /usr/local/bin/
-COPY --link --from=containerd    /build/ /usr/local/bin/
-COPY --link --from=rootlesskit   /build/ /usr/local/bin/
-COPY --link --from=vpnkit        /       /usr/local/bin/
-COPY --link --from=containerutil /build/ /usr/local/bin/
-COPY --link --from=crun          /build/ /usr/local/bin/
-COPY --link hack/dockerfile/etc/docker/  /etc/docker/
-COPY --link --from=buildx        /buildx /usr/local/libexec/docker/cli-plugins/docker-buildx
+FROM dev-base AS proxy
+ARG LIBNETWORK_COMMIT
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
+        PREFIX=/build /tmp/install/install.sh proxy
 
+FROM base AS golangci_lint
+ARG GOLANGCI_LINT_COMMIT
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
+        PREFIX=/build /tmp/install/install.sh golangci_lint
+
+FROM base AS gotestsum
+ARG GOTESTSUM_COMMIT
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
+        PREFIX=/build /tmp/install/install.sh gotestsum
+
+FROM base AS shfmt
+ARG SHFMT_COMMIT
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
+        PREFIX=/build /tmp/install/install.sh shfmt
+
+FROM dev-base AS dockercli
+ARG DOCKERCLI_CHANNEL
+ARG DOCKERCLI_VERSION
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
+        PREFIX=/build /tmp/install/install.sh dockercli
+
+FROM runtime-dev AS runc
+ARG RUNC_COMMIT
+ARG RUNC_BUILDTAGS
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
+        PREFIX=/build /tmp/install/install.sh runc
+
+FROM dev-base AS tini
+ARG DEBIAN_FRONTEND
+ARG TINI_COMMIT
+RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
+        apt-get update && apt-get install -y --no-install-recommends \
+            cmake \
+            vim-common
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
+        PREFIX=/build /tmp/install/install.sh tini
+
+FROM dev-base AS rootlesskit
+ARG ROOTLESSKIT_COMMIT
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
+        PREFIX=/build /tmp/install/install.sh rootlesskit
+COPY ./contrib/dockerd-rootless.sh /build
+COPY ./contrib/dockerd-rootless-setuptool.sh /build
+
+FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit
+
+# TODO: Some of this is only really needed for testing, it would be nice to split this up
+FROM runtime-dev AS dev-systemd-false
+ARG DEBIAN_FRONTEND
+RUN groupadd -r docker
+RUN useradd --create-home --gid docker unprivilegeduser \
+ && mkdir -p /home/unprivilegeduser/.local/share/docker \
+ && chown -R unprivilegeduser /home/unprivilegeduser
+# Let us use a .bashrc file
+RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc
+# Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
+RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
+RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
+RUN ldconfig
+# This should only install packages that are specifically needed for the dev environment and nothing else
+# Do you really need to add another package here? Can it be done in a different build stage?
+RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
+        apt-get update && apt-get install -y --no-install-recommends \
+            apparmor \
+            aufs-tools \
+            bash-completion \
+            bzip2 \
+            iptables \
+            jq \
+            libcap2-bin \
+            libnet1 \
+            libnl-3-200 \
+            libprotobuf-c1 \
+            net-tools \
+            pigz \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            sudo \
+            thin-provisioning-tools \
+            uidmap \
+            vim \
+            vim-common \
+            xfsprogs \
+            xz-utils \
+            zip
+
+
+# Switch to use iptables instead of nftables (to match the CI hosts)
+# TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
+RUN update-alternatives --set iptables  /usr/sbin/iptables-legacy  || true \
+ && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
+ && update-alternatives --set arptables /usr/sbin/arptables-legacy || true
+
+RUN pip3 install yamllint==1.16.0
+
+COPY --from=dockercli     /build/ /usr/local/cli
+COPY --from=frozen-images /build/ /docker-frozen-images
+COPY --from=swagger       /build/ /usr/local/bin/
+COPY --from=tomlv         /build/ /usr/local/bin/
+COPY --from=tini          /build/ /usr/local/bin/
+COPY --from=registry      /build/ /usr/local/bin/
+COPY --from=criu          /build/ /usr/local/
+COPY --from=vndr          /build/ /usr/local/bin/
+COPY --from=gotestsum     /build/ /usr/local/bin/
+COPY --from=golangci_lint /build/ /usr/local/bin/
+COPY --from=shfmt         /build/ /usr/local/bin/
+COPY --from=runc          /build/ /usr/local/bin/
+COPY --from=containerd    /build/ /usr/local/bin/
+COPY --from=rootlesskit   /build/ /usr/local/bin/
+COPY --from=vpnkit        /vpnkit /usr/local/bin/vpnkit.x86_64
+COPY --from=proxy         /build/ /usr/local/bin/
 ENV PATH=/usr/local/cli:$PATH
-ENV TEST_CLIENT_BINARY=/usr/local/cli-integration/docker
-ENV CONTAINERD_ADDRESS=/run/docker/containerd/containerd.sock
-ENV CONTAINERD_NAMESPACE=moby
+ARG DOCKER_BUILDTAGS
+ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}"
 WORKDIR /go/src/github.com/docker/docker
 VOLUME /var/lib/docker
 VOLUME /home/unprivilegeduser/.local/share/docker
@@ -483,172 +327,63 @@ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
             dbus-user-session \
             systemd \
             systemd-sysv
+RUN mkdir -p hack \
+  && curl -o hack/dind-systemd https://raw.githubusercontent.com/AkihiroSuda/containerized-systemd/b70bac0daeea120456764248164c21684ade7d0d/docker-entrypoint.sh \
+  && chmod +x hack/dind-systemd
 ENTRYPOINT ["hack/dind-systemd"]
 
-FROM dev-systemd-${SYSTEMD} AS dev-base
-ARG DEBIAN_FRONTEND
-RUN groupadd -r docker
-RUN useradd --create-home --gid docker unprivilegeduser \
- && mkdir -p /home/unprivilegeduser/.local/share/docker \
- && chown -R unprivilegeduser /home/unprivilegeduser
-# Let us use a .bashrc file
-RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc
-# Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
-RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
-RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
-RUN ldconfig
-# Set dev environment as safe git directory to prevent "dubious ownership" errors
-# when bind-mounting the source into the dev-container. See https://github.com/moby/moby/pull/44930
-RUN git config --global --add safe.directory $GOPATH/src/github.com/docker/docker
-# This should only install packages that are specifically needed for the dev environment and nothing else
-# Do you really need to add another package here? Can it be done in a different build stage?
-RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
-        apt-get update && apt-get install -y --no-install-recommends \
-            apparmor \
-            bash-completion \
-            bzip2 \
-            inetutils-ping \
-            iproute2 \
-            iptables \
-            jq \
-            libcap2-bin \
-            libnet1 \
-            libnl-3-200 \
-            libprotobuf-c1 \
-            libyajl2 \
-            net-tools \
-            patch \
-            pigz \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
-            sudo \
-            systemd-journal-remote \
-            thin-provisioning-tools \
-            uidmap \
-            vim \
-            vim-common \
-            xfsprogs \
-            xz-utils \
-            zip \
-            zstd
-# Switch to use iptables instead of nftables (to match the CI hosts)
-# TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
-RUN update-alternatives --set iptables  /usr/sbin/iptables-legacy  || true \
- && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
- && update-alternatives --set arptables /usr/sbin/arptables-legacy || true
-ARG YAMLLINT_VERSION=1.27.1
-RUN pip3 install yamllint==${YAMLLINT_VERSION}
-RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
-        apt-get update && apt-get install --no-install-recommends -y \
-            gcc \
-            pkg-config \
-            dpkg-dev \
-            libapparmor-dev \
-            libdevmapper-dev \
-            libseccomp-dev \
-            libsecret-1-dev \
-            libsystemd-dev \
-            libudev-dev
-COPY --link --from=dockercli             /build/ /usr/local/cli
-COPY --link --from=dockercli-integration /build/ /usr/local/cli-integration
+FROM dev-systemd-${SYSTEMD} AS dev
 
-FROM base AS build
-COPY --from=gowinres /build/ /usr/local/bin/
-WORKDIR /go/src/github.com/docker/docker
-ENV GO111MODULE=off
-ENV CGO_ENABLED=1
-ARG DEBIAN_FRONTEND
-RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \
-        apt-get update && apt-get install --no-install-recommends -y \
-            clang \
-            lld \
-            llvm
-ARG TARGETPLATFORM
-RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \
-    --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \
-        xx-apt-get install --no-install-recommends -y \
-            dpkg-dev \
-            gcc \
-            libapparmor-dev \
-            libc6-dev \
-            libdevmapper-dev \
-            libseccomp-dev \
-            libsecret-1-dev \
-            libsystemd-dev \
-            libudev-dev
-ARG DOCKER_BUILDTAGS
-ARG DOCKER_DEBUG
+FROM runtime-dev AS binary-base
 ARG DOCKER_GITCOMMIT=HEAD
-ARG DOCKER_LDFLAGS
-ARG DOCKER_STATIC
+ENV DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT}
 ARG VERSION
+ENV VERSION=${VERSION}
 ARG PLATFORM
+ENV PLATFORM=${PLATFORM}
 ARG PRODUCT
+ENV PRODUCT=${PRODUCT}
 ARG DEFAULT_PRODUCT_LICENSE
-ARG PACKAGER_NAME
-# PREFIX overrides DEST dir in make.sh script otherwise it fails because of
-# read only mount in current work dir
-ENV PREFIX=/tmp
-RUN <<EOT
-  # in bullseye arm64 target does not link with lld so configure it to use ld instead
-  if [ "$(xx-info arch)" = "arm64" ]; then
-    XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple
-  fi
-EOT
-RUN --mount=type=bind,target=.,rw \
-    --mount=type=tmpfs,target=cli/winresources/dockerd \
-    --mount=type=tmpfs,target=cli/winresources/docker-proxy \
-    --mount=type=cache,target=/root/.cache/go-build,id=moby-build-$TARGETPLATFORM <<EOT
-  set -e
-  target=$([ "$DOCKER_STATIC" = "1" ] && echo "binary" || echo "dynbinary")
-  xx-go --wrap
-  PKG_CONFIG=$(xx-go env PKG_CONFIG) ./hack/make.sh $target
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/dockerd$([ "$(xx-info os)" = "windows" ] && echo ".exe")
-  xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/docker-proxy$([ "$(xx-info os)" = "windows" ] && echo ".exe")
-  mkdir /build
-  mv /tmp/bundles/${target}-daemon/* /build/
-EOT
+ENV DEFAULT_PRODUCT_LICENSE=${DEFAULT_PRODUCT_LICENSE}
+ARG DOCKER_BUILDTAGS
+ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}"
+ENV PREFIX=/build
+# TODO: This is here because hack/make.sh binary copies these extras binaries
+# from $PATH into the bundles dir.
+# It would be nice to handle this in a different way.
+COPY --from=tini        /build/ /usr/local/bin/
+COPY --from=runc        /build/ /usr/local/bin/
+COPY --from=containerd  /build/ /usr/local/bin/
+COPY --from=rootlesskit /build/ /usr/local/bin/
+COPY --from=proxy       /build/ /usr/local/bin/
+COPY --from=vpnkit      /vpnkit /usr/local/bin/vpnkit.x86_64
+WORKDIR /go/src/github.com/docker/docker
+
+FROM binary-base AS build-binary
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,target=/go/src/github.com/docker/docker \
+        hack/make.sh binary
+
+FROM binary-base AS build-dynbinary
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,target=/go/src/github.com/docker/docker \
+        hack/make.sh dynbinary
+
+FROM binary-base AS build-cross
+ARG DOCKER_CROSSPLATFORMS
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,target=/go/src/github.com/docker/docker \
+    --mount=type=tmpfs,target=/go/src/github.com/docker/docker/autogen \
+        hack/make.sh cross
 
-# usage:
-# > docker buildx bake binary
-# > DOCKER_STATIC=0 docker buildx bake binary
-# or
-# > make binary
-# > make dynbinary
 FROM scratch AS binary
-COPY --from=build /build/ /
+COPY --from=build-binary /build/bundles/ /
 
-# usage:
-# > docker buildx bake all
-FROM scratch AS all
-COPY --link --from=tini          /build/ /
-COPY --link --from=runc          /build/ /
-COPY --link --from=containerd    /build/ /
-COPY --link --from=rootlesskit   /build/ /
-COPY --link --from=containerutil /build/ /
-COPY --link --from=vpnkit        /       /
-COPY --link --from=build         /build  /
+FROM scratch AS dynbinary
+COPY --from=build-dynbinary /build/bundles/ /
 
-# smoke tests
-# usage:
-# > docker buildx bake binary-smoketest
-FROM --platform=$TARGETPLATFORM base AS smoketest
-WORKDIR /usr/local/bin
-COPY --from=build /build .
-RUN <<EOT
-  set -ex
-  file dockerd
-  dockerd --version
-  file docker-proxy
-  docker-proxy --version
-EOT
+FROM scratch AS cross
+COPY --from=build-cross /build/bundles/ /
 
-# usage:
-# > make shell
-# > SYSTEMD=true make shell
-FROM dev-base AS dev
-COPY --link . .
+FROM dev AS final
+COPY . /go/src/github.com/docker/docker

Dockerfile.buildx

@@ -0,0 +1,26 @@
+ARG GO_VERSION=1.13.15
+ARG BUILDX_COMMIT=v0.5.1
+ARG BUILDX_REPO=https://github.com/docker/buildx.git
+
+FROM golang:${GO_VERSION}-buster AS build
+ARG BUILDX_REPO
+RUN git clone "${BUILDX_REPO}" /buildx
+WORKDIR /buildx
+ARG BUILDX_COMMIT
+RUN git fetch origin "${BUILDX_COMMIT}":build && git checkout build
+ARG GOOS
+ARG GOARCH
+# Keep these essentially no-op var settings for debug purposes.
+# It allows us to see what the GOOS/GOARCH that's being built for is.
+RUN GOOS="${GOOS}" GOARCH="${GOARCH}" BUILDX_COMMIT="${BUILDX_COMMIT}"; \
+    pkg="github.com/docker/buildx"; \
+    ldflags="\
+      -X \"${pkg}/version.Version=$(git describe --tags)\" \
+      -X \"${pkg}/version.Revision=$(git rev-parse --short HEAD)\" \
+      -X \"${pkg}/version.Package=buildx\" \
+    "; \
+    go build -mod=vendor -ldflags "${ldflags}" -o /usr/bin/buildx ./cmd/buildx
+
+FROM golang:${GO_VERSION}-buster
+COPY --from=build /usr/bin/buildx /usr/bin/buildx
+ENTRYPOINT ["/usr/bin/buildx"]

Dockerfile.e2e

@@ -0,0 +1,84 @@
+ARG GO_VERSION=1.13.15
+
+FROM golang:${GO_VERSION}-alpine AS base
+ENV GO111MODULE=off
+RUN apk --no-cache add \
+    bash \
+    btrfs-progs-dev \
+    build-base \
+    curl \
+    lvm2-dev \
+    jq
+
+RUN mkdir -p /build/
+RUN mkdir -p /go/src/github.com/docker/docker/
+WORKDIR /go/src/github.com/docker/docker/
+
+FROM base AS frozen-images
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
+COPY contrib/download-frozen-image-v2.sh /
+RUN /download-frozen-image-v2.sh /build \
+	buildpack-deps:buster@sha256:d0abb4b1e5c664828b93e8b6ac84d10bce45ee469999bef88304be04a2709491 \
+	busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
+	busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
+	debian:bullseye@sha256:7190e972ab16aefea4d758ebe42a293f4e5c5be63595f4d03a5b9bf6839a4344 \
+	hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9
+# See also frozenImages in "testutil/environment/protect.go" (which needs to be updated when adding images to this list)
+
+FROM base AS dockercli
+ENV INSTALL_BINARY_NAME=dockercli
+COPY hack/dockerfile/install/install.sh ./install.sh
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
+RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME
+
+# Build DockerSuite.TestBuild* dependency
+FROM base AS contrib
+COPY contrib/syscall-test           /build/syscall-test
+COPY contrib/httpserver/Dockerfile  /build/httpserver/Dockerfile
+COPY contrib/httpserver             contrib/httpserver
+RUN CGO_ENABLED=0 go build -buildmode=pie -o /build/httpserver/httpserver github.com/docker/docker/contrib/httpserver
+
+# Build the integration tests and copy the resulting binaries to /build/tests
+FROM base AS builder
+
+# Set tag and add sources
+COPY . .
+# Copy test sources tests that use assert can print errors
+RUN mkdir -p /build${PWD} && find integration integration-cli -name \*_test.go -exec cp --parents '{}' /build${PWD} \;
+# Build and install test binaries
+ARG DOCKER_GITCOMMIT=undefined
+RUN hack/make.sh build-integration-test-binary
+RUN mkdir -p /build/tests && find . -name test.main -exec cp --parents '{}' /build/tests \;
+
+## Generate testing image
+FROM alpine:3.10 as runner
+
+ENV DOCKER_REMOTE_DAEMON=1
+ENV DOCKER_INTEGRATION_DAEMON_DEST=/
+ENTRYPOINT ["/scripts/run.sh"]
+
+# Add an unprivileged user to be used for tests which need it
+RUN addgroup docker && adduser -D -G docker unprivilegeduser -s /bin/ash
+
+# GNU tar is used for generating the emptyfs image
+RUN apk --no-cache add \
+    bash \
+    ca-certificates \
+    g++ \
+    git \
+    iptables \
+    pigz \
+    tar \
+    xz
+
+COPY hack/test/e2e-run.sh       /scripts/run.sh
+COPY hack/make/.ensure-emptyfs  /scripts/ensure-emptyfs.sh
+
+COPY integration/testdata       /tests/integration/testdata
+COPY integration/build/testdata /tests/integration/build/testdata
+COPY integration-cli/fixtures   /tests/integration-cli/fixtures
+
+COPY --from=frozen-images /build/ /docker-frozen-images
+COPY --from=dockercli     /build/ /usr/bin/
+COPY --from=contrib       /build/ /tests/contrib/
+COPY --from=builder       /build/ /

Dockerfile.simple

@@ -5,17 +5,14 @@
 
 # This represents the bare minimum required to build and test Docker.
 
-ARG GO_VERSION=1.20.13
+ARG GO_VERSION=1.13.15
 
-ARG BASE_DEBIAN_DISTRO="bullseye"
-ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
-
-FROM ${GOLANG_IMAGE}
+FROM golang:${GO_VERSION}-buster
 ENV GO111MODULE=off
 
-# allow replacing debian mirror
-ARG APT_MIRROR
-RUN test -n "$APT_MIRROR" && sed -ri "s#(httpredir|deb|security).debian.org#${APT_MIRROR}#g" /etc/apt/sources.list || true
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
 
 # Compile and runtime deps
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
@@ -24,8 +21,10 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		build-essential \
 		curl \
 		cmake \
+		gcc \
 		git \
 		libapparmor-dev \
+		libbtrfs-dev \
 		libdevmapper-dev \
 		libseccomp-dev \
 		ca-certificates \
@@ -37,6 +36,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		xfsprogs \
 		xz-utils \
 		\
+		aufs-tools \
 		vim-common \
 	&& rm -rf /var/lib/apt/lists/*
 

Dockerfile.windows

@@ -155,7 +155,7 @@
 # The number of build steps below are explicitly minimised to improve performance.
 
 # Extremely important - do not change the following line to reference a "specific" image, 
-# such as `mcr.microsoft.com/windows/servercore:ltsc2022`. If using this Dockerfile in process
+# such as `mcr.microsoft.com/windows/servercore:ltsc2019`. If using this Dockerfile in process
 # isolated containers, the kernel of the host must match the container image, and hence
 # would fail between Windows Server 2016 (aka RS1) and Windows Server 2019 (aka RS5).
 # It is expected that the image `microsoft/windowsservercore:latest` is present, and matches
@@ -165,23 +165,18 @@ FROM microsoft/windowsservercore
 # Use PowerShell as the default shell
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
-ARG GO_VERSION=1.20.13
-ARG GOTESTSUM_VERSION=v1.8.2
-ARG GOWINRES_VERSION=v0.3.1
-ARG CONTAINERD_VERSION=v1.7.13
+ARG GO_VERSION=1.13.15
+ARG GOTESTSUM_COMMIT=v0.5.3
 
 # Environment variable notes:
 #  - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
-#  - CONTAINERD_VERSION must be consistent with 'hack/dockerfile/install/containerd.installer' used by Linux.
 #  - FROM_DOCKERFILE is used for detection of building within a container.
 ENV GO_VERSION=${GO_VERSION} `
-    CONTAINERD_VERSION=${CONTAINERD_VERSION} `
     GIT_VERSION=2.11.1 `
     GOPATH=C:\gopath `
     GO111MODULE=off `
     FROM_DOCKERFILE=1 `
-    GOTESTSUM_VERSION=${GOTESTSUM_VERSION} `
-    GOWINRES_VERSION=${GOWINRES_VERSION}
+    GOTESTSUM_COMMIT=${GOTESTSUM_COMMIT}
 
 RUN `
   Function Test-Nano() { `
@@ -216,7 +211,7 @@ RUN `
     } `
   } `
   `
-  setx /M PATH $('C:\git\cmd;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin;C:\containerd\bin'); `
+  setx /M PATH $('C:\git\cmd;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin'); `
   `
   Write-Host INFO: Downloading git...; `
   $location='https://www.nuget.org/api/v2/package/GitForWindows/'+$Env:GIT_VERSION; `
@@ -224,7 +219,7 @@ RUN `
   `
   Write-Host INFO: Downloading go...; `
   $dlGoVersion=$Env:GO_VERSION -replace '\.0$',''; `
-  Download-File "https://go.dev/dl/go${dlGoVersion}.windows-amd64.zip" C:\go.zip; `
+  Download-File "https://golang.org/dl/go${dlGoVersion}.windows-amd64.zip" C:\go.zip; `
   `
   Write-Host INFO: Downloading compiler 1 of 3...; `
   Download-File https://raw.githubusercontent.com/moby/docker-tdmgcc/master/gcc.zip C:\gcc.zip; `
@@ -257,16 +252,6 @@ RUN `
   Remove-Item C:\binutils.zip; `
   Remove-Item C:\gitsetup.zip; `
   `
-  Write-Host INFO: Downloading containerd; `
-  Install-Package -Force 7Zip4PowerShell; `
-  $location='https://github.com/containerd/containerd/releases/download/'+$Env:CONTAINERD_VERSION+'/containerd-'+$Env:CONTAINERD_VERSION.TrimStart('v')+'-windows-amd64.tar.gz'; `
-  Download-File $location C:\containerd.tar.gz; `
-  New-Item -Path C:\containerd -ItemType Directory; `
-  Expand-7Zip C:\containerd.tar.gz C:\; `
-  Expand-7Zip C:\containerd.tar C:\containerd; `
-  Remove-Item C:\containerd.tar.gz; `
-  Remove-Item C:\containerd.tar; `
-  `
   # Ensure all directories exist that we will require below....
   $srcDir = """$Env:GOPATH`\src\github.com\docker\docker\bundles"""; `
   Write-Host INFO: Ensuring existence of directory $srcDir...; `
@@ -276,36 +261,21 @@ RUN `
   C:\git\cmd\git config --global core.autocrlf true;
 
 RUN `
-  Function Install-GoTestSum() { `
+  Function Build-GoTestSum() { `
+    Write-Host "INFO: Building gotestsum version $Env:GOTESTSUM_COMMIT in $Env:GOPATH"; `
     $Env:GO111MODULE = 'on'; `
     $tmpGobin = "${Env:GOBIN_TMP}"; `
     $Env:GOBIN = """${Env:GOPATH}`\bin"""; `
-    Write-Host "INFO: Installing gotestsum version $Env:GOTESTSUM_VERSION in $Env:GOBIN"; `
-    &go install "gotest.tools/gotestsum@${Env:GOTESTSUM_VERSION}"; `
+    &go get -buildmode=exe "gotest.tools/gotestsum@${Env:GOTESTSUM_COMMIT}"; `
     $Env:GOBIN = "${tmpGobin}"; `
     $Env:GO111MODULE = 'off'; `
     if ($LASTEXITCODE -ne 0) {  `
-      Throw '"gotestsum install failed..."'; `
+      Throw '"gotestsum build failed..."'; `
     } `
+    Write-Host "INFO:     Build done for gotestsum..."; `
   } `
   `
-  Install-GoTestSum
-
-RUN `
-  Function Install-GoWinres() { `
-    $Env:GO111MODULE = 'on'; `
-    $tmpGobin = "${Env:GOBIN_TMP}"; `
-    $Env:GOBIN = """${Env:GOPATH}`\bin"""; `
-    Write-Host "INFO: Installing go-winres version $Env:GOWINRES_VERSION in $Env:GOBIN"; `
-    &go install "github.com/tc-hib/go-winres@${Env:GOWINRES_VERSION}"; `
-    $Env:GOBIN = "${tmpGobin}"; `
-    $Env:GO111MODULE = 'off'; `
-    if ($LASTEXITCODE -ne 0) {  `
-      Throw '"go-winres install failed..."'; `
-    } `
-  } `
-  `
-  Install-GoWinres
+  Build-GoTestSum
 
 # Make PowerShell the default entrypoint
 ENTRYPOINT ["powershell.exe"]

MAINTAINERS

@@ -27,17 +27,15 @@
 			"akihirosuda",
 			"anusha",
 			"coolljt0725",
-			"corhere",
 			"cpuguy83",
+			"crosbymichael",
 			"estesp",
 			"johnstep",
 			"justincormack",
 			"kolyshkin",
+			"lowenna",
 			"mhbauer",
-			"neersighted",
-			"rumpl",
 			"runcom",
-			"samuelkarp",
 			"stevvooe",
 			"thajeztah",
 			"tianon",
@@ -46,7 +44,6 @@
 			"unclejack",
 			"vdemeester",
 			"vieux",
-			"vvoland",
 			"yongtang"
 		]
 
@@ -63,18 +60,13 @@
 	# - close an issue or pull request when it's inappropriate or off-topic
 
 		people = [
-		    "akerouanton",
 			"alexellis",
 			"andrewhsu",
-			"bsousaa",
-			"crazy-max",
 			"fntlnz",
 			"gianarb",
-			"laurazard",
 			"olljanat",
 			"programmerq",
 			"ripcurld",
-			"sam-thibault",
 			"samwhited",
 			"thajeztah"
 		]
@@ -111,17 +103,6 @@
 			# and tweets as @calavera.
 			"calavera",
 
-			# Michael Crosby was "chief maintainer" of the Docker project.
-			# During his time as a maintainer, Michael contributed to many
-			# milestones of the project; he was release captain of Docker v1.0.0,
-			# started the development of "libcontainer" (what later became runc)
-			# and containerd, as well as demoing cool hacks such as live migrating
-			# a game server container with checkpoint/restore.
-			#
-			# Michael is currently a maintainer of containerd, but you may see
-			# him around in other projects on GitHub.
-			"crosbymichael",
-
 			# Before becoming a maintainer, Daniel Nephin was a core contributor
 			# to "Fig" (now known as Docker Compose). As a maintainer for both the
 			# Engine and Docker CLI, Daniel contributed many features, among which
@@ -185,16 +166,6 @@
 			# check out her open source projects on GitHub https://github.com/jessfraz (a must-try).
 			"jessfraz",
 
-			# As a maintainer, John Howard managed to make the impossible possible;
-			# to run Docker on Windows. After facing many challenges, teaching
-			# fellow-maintainers that 'Windows is not Linux', and many changes in
-			# Windows Server to facilitate containers, native Windows containers
-			# saw the light of day in 2015.
-			#
-			# John is now enjoying life without containers: playing piano, painting,
-			# and walking his dogs, but you may occasionally see him drop by on GitHub.
-			"lowenna",
-
 			# Alexander Morozov contributed many features to Docker, worked on the premise of 
 			# what later became containerd (and worked on that too), and made a "stupid" Go
 			# vendor tool specifically for docker/docker needs: vndr (https://github.com/LK4D4/vndr).
@@ -282,11 +253,6 @@
 	Email = "aaron.lehmann@docker.com"
 	GitHub = "aaronlehmann"
 
-	[people.akerouanton]
-	Name = "Albin Kerouanton"
-	Email = "albinker@gmail.com"
-	GitHub = "akerouanton"
-
 	[people.alexellis]
 	Name = "Alex Ellis"
 	Email = "alexellis2@gmail.com"
@@ -316,11 +282,6 @@
 	Name = "Anusha Ragunathan"
 	Email = "anusha@docker.com"
 	GitHub = "anusha-ragunathan"
-	
-	[people.bsousaa]
-	Name = "Bruno de Sousa"
-	Email = "bruno.sousa@docker.com"
-	GitHub = "bsousaa"
 
 	[people.calavera]
 	Name = "David Calavera"
@@ -332,21 +293,11 @@
 	Email = "leijitang@huawei.com"
 	GitHub = "coolljt0725"
 
-	[people.corhere]
-	Name = "Cory Snider"
-	Email = "csnider@mirantis.com"
-	GitHub = "corhere"
-
 	[people.cpuguy83]
 	Name = "Brian Goff"
 	Email = "cpuguy83@gmail.com"
 	GitHub = "cpuguy83"
 
-	[people.crazy-max]
-	Name = "Kevin Alvarez"
-	Email = "contact@crazymax.dev"
-	GitHub = "crazy-max"
-
 	[people.crosbymichael]
 	Name = "Michael Crosby"
 	Email = "crosbymichael@gmail.com"
@@ -417,11 +368,6 @@
 	Email = "kolyshkin@gmail.com"
 	GitHub = "kolyshkin"
 
-	[people.laurazard]
-	Name = "Laura Brehm"
-	Email = "laura.brehm@docker.com"
-	GitHub = "laurazard"
-
 	[people.lk4d4]
 	Name = "Alexander Morozov"
 	Email = "lk4d4@docker.com"
@@ -457,11 +403,6 @@
 	Email = "mrjana@docker.com"
 	GitHub = "mrjana"
 
-	[people.neersighted]
-	Name = "Bjorn Neergaard"
-	Email = "bneergaard@mirantis.com"
-	GitHub = "neersighted"
-
 	[people.olljanat]
 	Name = "Olli Janatuinen"
 	Email = "olli.janatuinen@gmail.com"
@@ -477,26 +418,11 @@
 	Email = "ripcurld.github@gmail.com"
 	GitHub = "ripcurld"
 
-	[people.rumpl]
-	Name = "Djordje Lukic"
-	Email = "djordje.lukic@docker.com"
-	GitHub = "rumpl"
-
 	[people.runcom]
 	Name = "Antonio Murdaca"
 	Email = "runcom@redhat.com"
 	GitHub = "runcom"
 
-	[people.sam-thibault]
-	Name = "Sam Thibault"
-	Email = "sam.thibault@docker.com"
-	GitHub = "sam-thibault"
-
-	[people.samuelkarp]
-	Name = "Samuel Karp"
-	Email = "me@samuelkarp.com"
-	GitHub = "samuelkarp"
-
 	[people.samwhited]
 	Name = "Sam Whited"
 	Email = "sam@samwhited.com"
@@ -561,11 +487,6 @@
 	Name = "Vishnu Kannan"
 	Email = "vishnuk@google.com"
 	GitHub = "vishh"
-	
-	[people.vvoland]
-	Name = "Paweł Gronowski"
-	Email = "pawel.gronowski@docker.com"
-	GitHub = "vvoland"
 
 	[people.yongtang]
 	Name = "Yong Tang"

Makefile

@@ -1,13 +1,29 @@
-.PHONY: all binary dynbinary build cross help install manpages run shell test test-docker-py test-integration test-unit validate validate-% win
+.PHONY: all binary dynbinary build cross help install manpages run shell test test-docker-py test-integration test-unit validate win
 
+ifdef USE_BUILDX
+BUILDX ?= $(shell command -v buildx)
+BUILDX ?= $(shell command -v docker-buildx)
+DOCKER_BUILDX_CLI_PLUGIN_PATH ?= ~/.docker/cli-plugins/docker-buildx
+BUILDX ?= $(shell if [ -x "$(DOCKER_BUILDX_CLI_PLUGIN_PATH)" ]; then echo $(DOCKER_BUILDX_CLI_PLUGIN_PATH); fi)
+endif
+
+ifndef USE_BUILDX
+DOCKER_BUILDKIT := 1
+export DOCKER_BUILDKIT
+endif
+
+BUILDX ?= bundles/buildx
 DOCKER ?= docker
-BUILDX ?= $(DOCKER) buildx
 
 # set the graph driver as the current graphdriver if not set
-DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info -f {{ .Driver }} 2>&1))
+DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info 2>&1 | grep "Storage Driver" | sed 's/.*: //'))
 export DOCKER_GRAPHDRIVER
 
-DOCKER_GITCOMMIT := $(shell git rev-parse HEAD)
+# get OS/Arch of docker engine
+DOCKER_OSARCH := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKER_ENGINE_OSARCH}')
+DOCKERFILE := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKERFILE}')
+
+DOCKER_GITCOMMIT := $(shell git rev-parse --short HEAD || echo unsupported)
 export DOCKER_GITCOMMIT
 
 # allow overriding the repository and branch that validation scripts are running
@@ -27,6 +43,7 @@ export VALIDATE_ORIGIN_BRANCH
 # make DOCKER_LDFLAGS="-X github.com/docker/docker/daemon/graphdriver.priority=overlay2,devicemapper" dynbinary
 #
 DOCKER_ENVS := \
+	-e DOCKER_CROSSPLATFORMS \
 	-e BUILD_APT_MIRROR \
 	-e BUILDFLAGS \
 	-e KEEPBUNDLE \
@@ -37,10 +54,6 @@ DOCKER_ENVS := \
 	-e DOCKER_BUILDKIT \
 	-e DOCKER_BASH_COMPLETION_PATH \
 	-e DOCKER_CLI_PATH \
-	-e DOCKERCLI_VERSION \
-	-e DOCKERCLI_REPOSITORY \
-	-e DOCKERCLI_INTEGRATION_VERSION \
-	-e DOCKERCLI_INTEGRATION_REPOSITORY \
 	-e DOCKER_DEBUG \
 	-e DOCKER_EXPERIMENTAL \
 	-e DOCKER_GITCOMMIT \
@@ -53,15 +66,10 @@ DOCKER_ENVS := \
 	-e DOCKER_TEST_HOST \
 	-e DOCKER_USERLANDPROXY \
 	-e DOCKERD_ARGS \
-	-e DELVE_PORT \
-	-e GITHUB_ACTIONS \
 	-e TEST_FORCE_VALIDATE \
 	-e TEST_INTEGRATION_DIR \
-	-e TEST_INTEGRATION_USE_SNAPSHOTTER \
-	-e TEST_INTEGRATION_FAIL_FAST \
 	-e TEST_SKIP_INTEGRATION \
 	-e TEST_SKIP_INTEGRATION_CLI \
-	-e TESTCOVERAGE \
 	-e TESTDEBUG \
 	-e TESTDIRS \
 	-e TESTFLAGS \
@@ -72,11 +80,16 @@ DOCKER_ENVS := \
 	-e VALIDATE_REPO \
 	-e VALIDATE_BRANCH \
 	-e VALIDATE_ORIGIN_BRANCH \
+	-e HTTP_PROXY \
+	-e HTTPS_PROXY \
+	-e NO_PROXY \
+	-e http_proxy \
+	-e https_proxy \
+	-e no_proxy \
 	-e VERSION \
 	-e PLATFORM \
 	-e DEFAULT_PRODUCT_LICENSE \
-	-e PRODUCT \
-	-e PACKAGER_NAME
+	-e PRODUCT
 # note: we _cannot_ add "-e DOCKER_BUILDTAGS" here because even if it's unset in the shell, that would shadow the "ENV DOCKER_BUILDTAGS" set in our Dockerfile, which is very important for our official builds
 
 # to allow `make BIND_DIR=. shell` or `make BIND_DIR= test`
@@ -94,7 +107,7 @@ DOCKER_MOUNT := $(if $(DOCKER_BINDDIR_MOUNT_OPTS),$(DOCKER_MOUNT):$(DOCKER_BINDD
 # Note that `BIND_DIR` will already be set to `bundles` if `DOCKER_HOST` is not set (see above BIND_DIR line), in such case this will do nothing since `DOCKER_MOUNT` will already be set.
 DOCKER_MOUNT := $(if $(DOCKER_MOUNT),$(DOCKER_MOUNT),-v /go/src/github.com/docker/docker/bundles) -v "$(CURDIR)/.git:/go/src/github.com/docker/docker/.git"
 
-DOCKER_MOUNT_CACHE := -v docker-dev-cache:/root/.cache -v docker-mod-cache:/go/pkg/mod/
+DOCKER_MOUNT_CACHE := -v docker-dev-cache:/root/.cache
 DOCKER_MOUNT_CLI := $(if $(DOCKER_CLI_PATH),-v $(shell dirname $(DOCKER_CLI_PATH)):/usr/local/cli,)
 DOCKER_MOUNT_BASH_COMPLETION := $(if $(DOCKER_BASH_COMPLETION_PATH),-v $(shell dirname $(DOCKER_BASH_COMPLETION_PATH)):/usr/local/completion/bash,)
 DOCKER_MOUNT := $(DOCKER_MOUNT) $(DOCKER_MOUNT_CACHE) $(DOCKER_MOUNT_CLI) $(DOCKER_MOUNT_BASH_COMPLETION)
@@ -103,11 +116,12 @@ endif # ifndef DOCKER_MOUNT
 # This allows to set the docker-dev container name
 DOCKER_CONTAINER_NAME := $(if $(CONTAINER_NAME),--name $(CONTAINER_NAME),)
 
-DOCKER_IMAGE := docker-dev
+GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
+GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g")
+DOCKER_IMAGE := docker-dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
 DOCKER_PORT_FORWARD := $(if $(DOCKER_PORT),-p "$(DOCKER_PORT)",)
-DELVE_PORT_FORWARD := $(if $(DELVE_PORT),-p "$(DELVE_PORT)",)
 
-DOCKER_FLAGS := $(DOCKER) run --rm --privileged $(DOCKER_CONTAINER_NAME) $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD) $(DELVE_PORT_FORWARD)
+DOCKER_FLAGS := $(DOCKER) run --rm -i --privileged $(DOCKER_CONTAINER_NAME) $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD)
 BUILD_APT_MIRROR := $(if $(DOCKER_BUILD_APT_MIRROR),--build-arg APT_MIRROR=$(DOCKER_BUILD_APT_MIRROR))
 export BUILD_APT_MIRROR
 
@@ -126,43 +140,53 @@ ifeq ($(INTERACTIVE), 1)
 	DOCKER_FLAGS += -t
 endif
 
-# on GitHub Runners input device is not a TTY but we allocate a pseudo-one,
-# otherwise keep STDIN open even if not attached if not a GitHub Runner.
-ifeq ($(GITHUB_ACTIONS),true)
-	DOCKER_FLAGS += -t
-else
-	DOCKER_FLAGS += -i
-endif
-
 DOCKER_RUN_DOCKER := $(DOCKER_FLAGS) "$(DOCKER_IMAGE)"
 
 DOCKER_BUILD_ARGS += --build-arg=GO_VERSION
-DOCKER_BUILD_ARGS += --build-arg=APT_MIRROR
-DOCKER_BUILD_ARGS += --build-arg=DOCKERCLI_VERSION
-DOCKER_BUILD_ARGS += --build-arg=DOCKERCLI_REPOSITORY
-DOCKER_BUILD_ARGS += --build-arg=DOCKERCLI_INTEGRATION_VERSION
-DOCKER_BUILD_ARGS += --build-arg=DOCKERCLI_INTEGRATION_REPOSITORY
 ifdef DOCKER_SYSTEMD
 DOCKER_BUILD_ARGS += --build-arg=SYSTEMD=true
 endif
 
-BUILD_OPTS := ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS}
+BUILD_OPTS := ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS} -f "$(DOCKERFILE)"
+ifdef USE_BUILDX
+BUILD_OPTS += $(BUILDX_BUILD_EXTRA_OPTS)
 BUILD_CMD := $(BUILDX) build
-BAKE_CMD := $(BUILDX) bake
+else
+BUILD_CMD := $(DOCKER) build
+endif
+
+# This is used for the legacy "build" target and anything still depending on it
+BUILD_CROSS =
+ifdef DOCKER_CROSS
+BUILD_CROSS = --build-arg CROSS=$(DOCKER_CROSS)
+endif
+ifdef DOCKER_CROSSPLATFORMS
+BUILD_CROSS = --build-arg CROSS=true
+endif
+
+VERSION_AUTOGEN_ARGS = --build-arg VERSION --build-arg DOCKER_GITCOMMIT --build-arg PRODUCT --build-arg PLATFORM --build-arg DEFAULT_PRODUCT_LICENSE
 
 default: binary
 
 all: build ## validate all checks, build linux binaries, run all tests,\ncross build non-linux binaries, and generate archives
 	$(DOCKER_RUN_DOCKER) bash -c 'hack/validate/default && hack/make.sh'
 
-binary: bundles ## build statically linked linux binaries
-	$(BAKE_CMD) binary
+# This is only used to work around read-only bind mounts of the source code into
+# binary build targets. We end up mounting a tmpfs over autogen which allows us
+# to write build-time generated assets even though the source is mounted read-only
+# ...But in order to do so, this dir needs to already exist.
+autogen:
+	mkdir -p autogen
 
-dynbinary: bundles ## build dynamically linked linux binaries
-	$(BAKE_CMD) dynbinary
+binary: buildx autogen ## build statically linked linux binaries
+	$(BUILD_CMD) $(BUILD_OPTS) --output=bundles/ --target=$@ $(VERSION_AUTOGEN_ARGS) .
 
-cross: bundles ## cross build the binaries
-	$(BAKE_CMD) binary-cross
+dynbinary: buildx autogen ## build dynamically linked linux binaries
+	$(BUILD_CMD) $(BUILD_OPTS) --output=bundles/ --target=$@ $(VERSION_AUTOGEN_ARGS) .
+
+cross: BUILD_OPTS += --build-arg CROSS=true --build-arg DOCKER_CROSSPLATFORMS
+cross: buildx autogen ## cross build the binaries for darwin, freebsd and\nwindows
+	$(BUILD_CMD) $(BUILD_OPTS) --output=bundles/ --target=$@ $(VERSION_AUTOGEN_ARGS) .
 
 bundles:
 	mkdir bundles
@@ -171,8 +195,8 @@ bundles:
 clean: clean-cache
 
 .PHONY: clean-cache
-clean-cache: ## remove the docker volumes that are used for caching in the dev-container
-	docker volume rm -f docker-dev-cache docker-mod-cache
+clean-cache:
+	docker volume rm -f docker-dev-cache
 
 help: ## this help
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z0-9_-]+:.*?## / {gsub("\\\\n",sprintf("\n%22c",""), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
@@ -185,18 +209,21 @@ run: build ## run the docker daemon in a container
  
 .PHONY: build
 ifeq ($(BIND_DIR), .)
-build: shell_target := --target=dev-base
-else
 build: shell_target := --target=dev
+else
+build: shell_target := --target=final
 endif
-build: bundles
-	$(BUILD_CMD) $(BUILD_OPTS) $(shell_target) --load -t "$(DOCKER_IMAGE)" .
+ifdef USE_BUILDX
+build: buildx_load := --load
+endif
+build: buildx
+	$(BUILD_CMD) $(BUILD_OPTS) $(shell_target) $(buildx_load) $(BUILD_CROSS) -t "$(DOCKER_IMAGE)" .
 
 shell: build  ## start a shell inside the build env
 	$(DOCKER_RUN_DOCKER) bash
 
 test: build test-unit ## run the unit, integration and docker-py tests
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-integration test-docker-py
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary cross test-integration test-docker-py
 
 test-docker-py: build ## run the docker-py tests
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-docker-py
@@ -220,11 +247,8 @@ test-unit: build ## run the unit tests
 validate: build ## validate DCO, Seccomp profile generation, gofmt,\n./pkg/ isolation, golint, tests, tomls, go vet and vendor
 	$(DOCKER_RUN_DOCKER) hack/validate/all
 
-validate-%: build ## validate specific check
-	$(DOCKER_RUN_DOCKER) hack/validate/$*
-
-win: bundles ## cross build the binary for windows
-	$(BAKE_CMD) --set *.platform=windows/amd64 binary
+win: build ## cross build the binary for windows
+	$(DOCKER_RUN_DOCKER) DOCKER_CROSSPLATFORMS=windows/amd64 hack/make.sh cross
 
 .PHONY: swagger-gen
 swagger-gen:
@@ -240,4 +264,31 @@ swagger-docs: ## preview the API documentation
 	@docker run --rm -v $(PWD)/api/swagger.yaml:/usr/share/nginx/html/swagger.yaml \
 		-e 'REDOC_OPTIONS=hide-hostname="true" lazy-rendering' \
 		-p $(SWAGGER_DOCS_PORT):80 \
-		bfirsh/redoc:1.14.0
+		bfirsh/redoc:1.6.2
+
+.PHONY: buildx
+ifdef USE_BUILDX
+ifeq ($(BUILDX), bundles/buildx)
+buildx: bundles/buildx ## build buildx cli tool
+endif
+endif
+
+# This intentionally is not using the `--output` flag from the docker CLI, which
+# is a buildkit option. The idea here being that if buildx is being used, it's
+# because buildkit is not supported natively
+bundles/buildx: bundles ## build buildx CLI tool
+	docker build -f $${BUILDX_DOCKERFILE:-Dockerfile.buildx} -t "moby-buildx:$${BUILDX_COMMIT:-latest}" \
+		--build-arg BUILDX_COMMIT \
+		--build-arg BUILDX_REPO \
+		--build-arg GOOS=$$(if [ -n "$(GOOS)" ]; then echo $(GOOS); else go env GOHOSTOS || uname | awk '{print tolower($$0)}' || true; fi) \
+		--build-arg GOARCH=$$(if [ -n "$(GOARCH)" ]; then echo $(GOARCH); else go env GOHOSTARCH || true; fi) \
+		.
+
+	id=$$(docker create moby-buildx:$${BUILDX_COMMIT:-latest}); \
+	if [ -n "$${id}" ]; then \
+		docker cp $${id}:/usr/bin/buildx $@ \
+		&& touch $@; \
+		docker rm -f $${id}; \
+	fi
+
+	$@ version

README.md

@@ -14,7 +14,7 @@ Moby is an open project guided by strong principles, aiming to be modular, flexi
 It is open to the community to help set its direction.
 
 - Modular: the project includes lots of components that have well-defined functions and APIs that work together.
-- Batteries included but swappable: Moby includes enough components to build fully featured container systems, but its modular architecture ensures that most of the components can be swapped by different implementations.
+- Batteries included but swappable: Moby includes enough components to build fully featured container system, but its modular architecture ensures that most of the components can be swapped by different implementations.
 - Usable security: Moby provides secure defaults without compromising usability.
 - Developer focused: The APIs are intended to be functional and useful to build powerful tools.
 They are not necessarily intended as end user tools but as components aimed at developers.

api/common.go

@@ -3,7 +3,7 @@ package api // import "github.com/docker/docker/api"
 // Common constants for daemon and client.
 const (
 	// DefaultVersion of Current REST API
-	DefaultVersion = "1.43"
+	DefaultVersion = "1.41"
 
 	// NoBaseImageSpecifier is the symbol used by the FROM
 	// command to specify that no base image is to be used.

api/common_unix.go

@@ -1,4 +1,3 @@
-//go:build !windows
 // +build !windows
 
 package api // import "github.com/docker/docker/api"

api/server/backend/build/backend.go

@@ -21,7 +21,7 @@ import (
 // ImageComponent provides an interface for working with images
 type ImageComponent interface {
 	SquashImage(from string, to string) (string, error)
-	TagImage(context.Context, image.ID, reference.Named) error
+	TagImageWithReference(image.ID, reference.Named) error
 }
 
 // Builder defines interface for running a build
@@ -54,7 +54,7 @@ func (b *Backend) Build(ctx context.Context, config backend.BuildConfig) (string
 	options := config.Options
 	useBuildKit := options.Version == types.BuilderBuildKit
 
-	tags, err := sanitizeRepoAndTags(options.Tags)
+	tagger, err := NewTagger(b.imageComponent, config.ProgressWriter.StdoutFormatter, options.Tags)
 	if err != nil {
 		return "", err
 	}
@@ -92,8 +92,8 @@ func (b *Backend) Build(ctx context.Context, config backend.BuildConfig) (string
 		stdout := config.ProgressWriter.StdoutFormatter
 		fmt.Fprintf(stdout, "Successfully built %s\n", stringid.TruncateID(imageID))
 	}
-	if imageID != "" && !useBuildKit {
-		err = tagImages(ctx, b.imageComponent, config.ProgressWriter.StdoutFormatter, image.ID(imageID), tags)
+	if imageID != "" {
+		err = tagger.TagImages(image.ID(imageID))
 	}
 	return imageID, err
 }

api/server/backend/build/tag.go

@@ -1,7 +1,6 @@
 package build // import "github.com/docker/docker/api/server/backend/build"
 
 import (
-	"context"
 	"fmt"
 	"io"
 
@@ -10,22 +9,47 @@ import (
 	"github.com/pkg/errors"
 )
 
-// tagImages creates image tags for the imageID.
-func tagImages(ctx context.Context, ic ImageComponent, stdout io.Writer, imageID image.ID, repoAndTags []reference.Named) error {
-	for _, rt := range repoAndTags {
-		if err := ic.TagImage(ctx, imageID, rt); err != nil {
+// Tagger is responsible for tagging an image created by a builder
+type Tagger struct {
+	imageComponent ImageComponent
+	stdout         io.Writer
+	repoAndTags    []reference.Named
+}
+
+// NewTagger returns a new Tagger for tagging the images of a build.
+// If any of the names are invalid tags an error is returned.
+func NewTagger(backend ImageComponent, stdout io.Writer, names []string) (*Tagger, error) {
+	reposAndTags, err := sanitizeRepoAndTags(names)
+	if err != nil {
+		return nil, err
+	}
+	return &Tagger{
+		imageComponent: backend,
+		stdout:         stdout,
+		repoAndTags:    reposAndTags,
+	}, nil
+}
+
+// TagImages creates image tags for the imageID
+func (bt *Tagger) TagImages(imageID image.ID) error {
+	for _, rt := range bt.repoAndTags {
+		if err := bt.imageComponent.TagImageWithReference(imageID, rt); err != nil {
 			return err
 		}
-		_, _ = fmt.Fprintln(stdout, "Successfully tagged", reference.FamiliarString(rt))
+		fmt.Fprintf(bt.stdout, "Successfully tagged %s\n", reference.FamiliarString(rt))
 	}
 	return nil
 }
 
 // sanitizeRepoAndTags parses the raw "t" parameter received from the client
-// to a slice of repoAndTag. It removes duplicates, and validates each name
-// to not contain a digest.
-func sanitizeRepoAndTags(names []string) (repoAndTags []reference.Named, err error) {
-	uniqNames := map[string]struct{}{}
+// to a slice of repoAndTag.
+// It also validates each repoName and tag.
+func sanitizeRepoAndTags(names []string) ([]reference.Named, error) {
+	var (
+		repoAndTags []reference.Named
+		// This map is used for deduplicating the "-t" parameter.
+		uniqNames = make(map[string]struct{})
+	)
 	for _, repo := range names {
 		if repo == "" {
 			continue
@@ -36,12 +60,14 @@ func sanitizeRepoAndTags(names []string) (repoAndTags []reference.Named, err err
 			return nil, err
 		}
 
-		if _, ok := ref.(reference.Digested); ok {
+		if _, isCanonical := ref.(reference.Canonical); isCanonical {
 			return nil, errors.New("build tag cannot contain a digest")
 		}
 
 		ref = reference.TagNameOnly(ref)
+
 		nameWithTag := ref.String()
+
 		if _, exists := uniqNames[nameWithTag]; !exists {
 			uniqNames[nameWithTag] = struct{}{}
 			repoAndTags = append(repoAndTags, ref)

api/server/errorhandler.go

@@ -1,34 +0,0 @@
-package server
-
-import (
-	"net/http"
-
-	"github.com/docker/docker/api/server/httpstatus"
-	"github.com/docker/docker/api/server/httputils"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/versions"
-	"github.com/gorilla/mux"
-	"google.golang.org/grpc/status"
-)
-
-// makeErrorHandler makes an HTTP handler that decodes a Docker error and
-// returns it in the response.
-func makeErrorHandler(err error) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		statusCode := httpstatus.FromError(err)
-		vars := mux.Vars(r)
-		if apiVersionSupportsJSONErrors(vars["version"]) {
-			response := &types.ErrorResponse{
-				Message: err.Error(),
-			}
-			_ = httputils.WriteJSON(w, statusCode, response)
-		} else {
-			http.Error(w, status.Convert(err).Message(), statusCode)
-		}
-	}
-}
-
-func apiVersionSupportsJSONErrors(version string) bool {
-	const firstAPIVersionWithJSONErrors = "1.23"
-	return version == "" || versions.GreaterThan(version, firstAPIVersionWithJSONErrors)
-}

api/server/httpstatus/status.go

@@ -1,150 +0,0 @@
-package httpstatus // import "github.com/docker/docker/api/server/httpstatus"
-
-import (
-	"fmt"
-	"net/http"
-
-	cerrdefs "github.com/containerd/containerd/errdefs"
-	"github.com/docker/distribution/registry/api/errcode"
-	"github.com/docker/docker/errdefs"
-	"github.com/sirupsen/logrus"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-)
-
-type causer interface {
-	Cause() error
-}
-
-// FromError retrieves status code from error message.
-func FromError(err error) int {
-	if err == nil {
-		logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling")
-		return http.StatusInternalServerError
-	}
-
-	var statusCode int
-
-	// Stop right there
-	// Are you sure you should be adding a new error class here? Do one of the existing ones work?
-
-	// Note that the below functions are already checking the error causal chain for matches.
-	switch {
-	case errdefs.IsNotFound(err):
-		statusCode = http.StatusNotFound
-	case errdefs.IsInvalidParameter(err):
-		statusCode = http.StatusBadRequest
-	case errdefs.IsConflict(err):
-		statusCode = http.StatusConflict
-	case errdefs.IsUnauthorized(err):
-		statusCode = http.StatusUnauthorized
-	case errdefs.IsUnavailable(err):
-		statusCode = http.StatusServiceUnavailable
-	case errdefs.IsForbidden(err):
-		statusCode = http.StatusForbidden
-	case errdefs.IsNotModified(err):
-		statusCode = http.StatusNotModified
-	case errdefs.IsNotImplemented(err):
-		statusCode = http.StatusNotImplemented
-	case errdefs.IsSystem(err) || errdefs.IsUnknown(err) || errdefs.IsDataLoss(err) || errdefs.IsDeadline(err) || errdefs.IsCancelled(err):
-		statusCode = http.StatusInternalServerError
-	default:
-		statusCode = statusCodeFromGRPCError(err)
-		if statusCode != http.StatusInternalServerError {
-			return statusCode
-		}
-		statusCode = statusCodeFromContainerdError(err)
-		if statusCode != http.StatusInternalServerError {
-			return statusCode
-		}
-		statusCode = statusCodeFromDistributionError(err)
-		if statusCode != http.StatusInternalServerError {
-			return statusCode
-		}
-		if e, ok := err.(causer); ok {
-			return FromError(e.Cause())
-		}
-
-		logrus.WithFields(logrus.Fields{
-			"module":     "api",
-			"error_type": fmt.Sprintf("%T", err),
-		}).Debugf("FIXME: Got an API for which error does not match any expected type!!!: %+v", err)
-	}
-
-	if statusCode == 0 {
-		statusCode = http.StatusInternalServerError
-	}
-
-	return statusCode
-}
-
-// statusCodeFromGRPCError returns status code according to gRPC error
-func statusCodeFromGRPCError(err error) int {
-	switch status.Code(err) {
-	case codes.InvalidArgument: // code 3
-		return http.StatusBadRequest
-	case codes.NotFound: // code 5
-		return http.StatusNotFound
-	case codes.AlreadyExists: // code 6
-		return http.StatusConflict
-	case codes.PermissionDenied: // code 7
-		return http.StatusForbidden
-	case codes.FailedPrecondition: // code 9
-		return http.StatusBadRequest
-	case codes.Unauthenticated: // code 16
-		return http.StatusUnauthorized
-	case codes.OutOfRange: // code 11
-		return http.StatusBadRequest
-	case codes.Unimplemented: // code 12
-		return http.StatusNotImplemented
-	case codes.Unavailable: // code 14
-		return http.StatusServiceUnavailable
-	default:
-		// codes.Canceled(1)
-		// codes.Unknown(2)
-		// codes.DeadlineExceeded(4)
-		// codes.ResourceExhausted(8)
-		// codes.Aborted(10)
-		// codes.Internal(13)
-		// codes.DataLoss(15)
-		return http.StatusInternalServerError
-	}
-}
-
-// statusCodeFromDistributionError returns status code according to registry errcode
-// code is loosely based on errcode.ServeJSON() in docker/distribution
-func statusCodeFromDistributionError(err error) int {
-	switch errs := err.(type) {
-	case errcode.Errors:
-		if len(errs) < 1 {
-			return http.StatusInternalServerError
-		}
-		if _, ok := errs[0].(errcode.ErrorCoder); ok {
-			return statusCodeFromDistributionError(errs[0])
-		}
-	case errcode.ErrorCoder:
-		return errs.ErrorCode().Descriptor().HTTPStatusCode
-	}
-	return http.StatusInternalServerError
-}
-
-// statusCodeFromContainerdError returns status code for containerd errors when
-// consumed directly (not through gRPC)
-func statusCodeFromContainerdError(err error) int {
-	switch {
-	case cerrdefs.IsInvalidArgument(err):
-		return http.StatusBadRequest
-	case cerrdefs.IsNotFound(err):
-		return http.StatusNotFound
-	case cerrdefs.IsAlreadyExists(err):
-		return http.StatusConflict
-	case cerrdefs.IsFailedPrecondition(err):
-		return http.StatusPreconditionFailed
-	case cerrdefs.IsUnavailable(err):
-		return http.StatusServiceUnavailable
-	case cerrdefs.IsNotImplemented(err):
-		return http.StatusNotImplemented
-	default:
-		return http.StatusInternalServerError
-	}
-}

api/server/httputils/errors_deprecated.go

@@ -0,0 +1,9 @@
+package httputils // import "github.com/docker/docker/api/server/httputils"
+import "github.com/docker/docker/errdefs"
+
+// GetHTTPErrorStatusCode retrieves status code from error message.
+//
+// Deprecated: use errdefs.GetHTTPErrorStatusCode
+func GetHTTPErrorStatusCode(err error) int {
+	return errdefs.GetHTTPErrorStatusCode(err)
+}

api/server/httputils/form.go

@@ -1,12 +1,9 @@
 package httputils // import "github.com/docker/docker/api/server/httputils"
 
 import (
-	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
-
-	"github.com/docker/distribution/reference"
 )
 
 // BoolValue transforms a form value in different formats into a boolean type.
@@ -44,38 +41,6 @@ func Int64ValueOrDefault(r *http.Request, field string, def int64) (int64, error
 	return def, nil
 }
 
-// RepoTagReference parses form values "repo" and "tag" and returns a valid
-// reference with repository and tag.
-// If repo is empty, then a nil reference is returned.
-// If no tag is given, then the default "latest" tag is set.
-func RepoTagReference(repo, tag string) (reference.NamedTagged, error) {
-	if repo == "" {
-		return nil, nil
-	}
-
-	ref, err := reference.ParseNormalizedNamed(repo)
-	if err != nil {
-		return nil, err
-	}
-
-	if _, isDigested := ref.(reference.Digested); isDigested {
-		return nil, fmt.Errorf("cannot import digest reference")
-	}
-
-	if tag != "" {
-		return reference.WithTag(ref, tag)
-	}
-
-	withDefaultTag := reference.TagNameOnly(ref)
-
-	namedTagged, ok := withDefaultTag.(reference.NamedTagged)
-	if !ok {
-		return nil, fmt.Errorf("unexpected reference: %q", ref.String())
-	}
-
-	return namedTagged, nil
-}
-
 // ArchiveOptions stores archive information for different operations.
 type ArchiveOptions struct {
 	Name string

api/server/httputils/httputils.go

@@ -2,14 +2,18 @@ package httputils // import "github.com/docker/docker/api/server/httputils"
 
 import (
 	"context"
-	"encoding/json"
 	"io"
 	"mime"
 	"net/http"
 	"strings"
 
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
+	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc/status"
 )
 
 // APIVersionKey is the client's requested API version.
@@ -49,50 +53,17 @@ func CheckForJSON(r *http.Request) error {
 	ct := r.Header.Get("Content-Type")
 
 	// No Content-Type header is ok as long as there's no Body
-	if ct == "" && (r.Body == nil || r.ContentLength == 0) {
-		return nil
+	if ct == "" {
+		if r.Body == nil || r.ContentLength == 0 {
+			return nil
+		}
 	}
 
 	// Otherwise it better be json
-	return matchesContentType(ct, "application/json")
-}
-
-// ReadJSON validates the request to have the correct content-type, and decodes
-// the request's Body into out.
-func ReadJSON(r *http.Request, out interface{}) error {
-	err := CheckForJSON(r)
-	if err != nil {
-		return err
-	}
-	if r.Body == nil || r.ContentLength == 0 {
-		// an empty body is not invalid, so don't return an error; see
-		// https://lists.w3.org/Archives/Public/ietf-http-wg/2010JulSep/0272.html
+	if matchesContentType(ct, "application/json") {
 		return nil
 	}
-
-	dec := json.NewDecoder(r.Body)
-	err = dec.Decode(out)
-	defer r.Body.Close()
-	if err != nil {
-		if err == io.EOF {
-			return errdefs.InvalidParameter(errors.New("invalid JSON: got EOF while reading request body"))
-		}
-		return errdefs.InvalidParameter(errors.Wrap(err, "invalid JSON"))
-	}
-
-	if dec.More() {
-		return errdefs.InvalidParameter(errors.New("unexpected content after JSON"))
-	}
-	return nil
-}
-
-// WriteJSON writes the value v to the http response stream as json with standard json encoding.
-func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
-	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(code)
-	enc := json.NewEncoder(w)
-	enc.SetEscapeHTML(false)
-	return enc.Encode(v)
+	return errdefs.InvalidParameter(errors.Errorf("Content-Type specified (%s) must be 'application/json'", ct))
 }
 
 // ParseForm ensures the request form is parsed even with invalid content types.
@@ -121,14 +92,33 @@ func VersionFromContext(ctx context.Context) string {
 	return ""
 }
 
+// MakeErrorHandler makes an HTTP handler that decodes a Docker error and
+// returns it in the response.
+func MakeErrorHandler(err error) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		statusCode := errdefs.GetHTTPErrorStatusCode(err)
+		vars := mux.Vars(r)
+		if apiVersionSupportsJSONErrors(vars["version"]) {
+			response := &types.ErrorResponse{
+				Message: err.Error(),
+			}
+			_ = WriteJSON(w, statusCode, response)
+		} else {
+			http.Error(w, status.Convert(err).Message(), statusCode)
+		}
+	}
+}
+
+func apiVersionSupportsJSONErrors(version string) bool {
+	const firstAPIVersionWithJSONErrors = "1.23"
+	return version == "" || versions.GreaterThan(version, firstAPIVersionWithJSONErrors)
+}
+
 // matchesContentType validates the content type against the expected one
-func matchesContentType(contentType, expectedType string) error {
+func matchesContentType(contentType, expectedType string) bool {
 	mimetype, _, err := mime.ParseMediaType(contentType)
 	if err != nil {
-		return errdefs.InvalidParameter(errors.Wrapf(err, "malformed Content-Type header (%s)", contentType))
+		logrus.Errorf("Error parsing media type: %s error: %v", contentType, err)
 	}
-	if mimetype != expectedType {
-		return errdefs.InvalidParameter(errors.Errorf("unsupported Content-Type header (%s): must be '%s'", contentType, expectedType))
-	}
-	return nil
+	return err == nil && mimetype == expectedType
 }

api/server/httputils/httputils_test.go

@@ -1,130 +1,18 @@
 package httputils // import "github.com/docker/docker/api/server/httputils"
 
-import (
-	"net/http"
-	"strings"
-	"testing"
-)
+import "testing"
 
 // matchesContentType
 func TestJsonContentType(t *testing.T) {
-	err := matchesContentType("application/json", "application/json")
-	if err != nil {
-		t.Error(err)
+	if !matchesContentType("application/json", "application/json") {
+		t.Fail()
 	}
 
-	err = matchesContentType("application/json; charset=utf-8", "application/json")
-	if err != nil {
-		t.Error(err)
+	if !matchesContentType("application/json; charset=utf-8", "application/json") {
+		t.Fail()
 	}
 
-	expected := "unsupported Content-Type header (dockerapplication/json): must be 'application/json'"
-	err = matchesContentType("dockerapplication/json", "application/json")
-	if err == nil || err.Error() != expected {
-		t.Errorf(`expected "%s", got "%v"`, expected, err)
-	}
-
-	expected = "malformed Content-Type header (foo;;;bar): mime: invalid media parameter"
-	err = matchesContentType("foo;;;bar", "application/json")
-	if err == nil || err.Error() != expected {
-		t.Errorf(`expected "%s", got "%v"`, expected, err)
+	if matchesContentType("dockerapplication/json", "application/json") {
+		t.Fail()
 	}
 }
-
-func TestReadJSON(t *testing.T) {
-	t.Run("nil body", func(t *testing.T) {
-		req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", nil)
-		if err != nil {
-			t.Error(err)
-		}
-		foo := struct{}{}
-		err = ReadJSON(req, &foo)
-		if err != nil {
-			t.Error(err)
-		}
-	})
-
-	t.Run("empty body", func(t *testing.T) {
-		req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(""))
-		if err != nil {
-			t.Error(err)
-		}
-		foo := struct{ SomeField string }{}
-		err = ReadJSON(req, &foo)
-		if err != nil {
-			t.Error(err)
-		}
-		if foo.SomeField != "" {
-			t.Errorf("expected: '', got: %s", foo.SomeField)
-		}
-	})
-
-	t.Run("with valid request", func(t *testing.T) {
-		req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(`{"SomeField":"some value"}`))
-		if err != nil {
-			t.Error(err)
-		}
-		req.Header.Set("Content-Type", "application/json")
-		foo := struct{ SomeField string }{}
-		err = ReadJSON(req, &foo)
-		if err != nil {
-			t.Error(err)
-		}
-		if foo.SomeField != "some value" {
-			t.Errorf("expected: 'some value', got: %s", foo.SomeField)
-		}
-	})
-	t.Run("with whitespace", func(t *testing.T) {
-		req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(`
-
-	{"SomeField":"some value"}
-
-`))
-		if err != nil {
-			t.Error(err)
-		}
-		req.Header.Set("Content-Type", "application/json")
-		foo := struct{ SomeField string }{}
-		err = ReadJSON(req, &foo)
-		if err != nil {
-			t.Error(err)
-		}
-		if foo.SomeField != "some value" {
-			t.Errorf("expected: 'some value', got: %s", foo.SomeField)
-		}
-	})
-
-	t.Run("with extra content", func(t *testing.T) {
-		req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(`{"SomeField":"some value"} and more content`))
-		if err != nil {
-			t.Error(err)
-		}
-		req.Header.Set("Content-Type", "application/json")
-		foo := struct{ SomeField string }{}
-		err = ReadJSON(req, &foo)
-		if err == nil {
-			t.Error("expected an error, got none")
-		}
-		expected := "unexpected content after JSON"
-		if err.Error() != expected {
-			t.Errorf("expected: '%s', got: %s", expected, err.Error())
-		}
-	})
-
-	t.Run("invalid JSON", func(t *testing.T) {
-		req, err := http.NewRequest(http.MethodPost, "https://example.com/some/path", strings.NewReader(`{invalid json`))
-		if err != nil {
-			t.Error(err)
-		}
-		req.Header.Set("Content-Type", "application/json")
-		foo := struct{ SomeField string }{}
-		err = ReadJSON(req, &foo)
-		if err == nil {
-			t.Error("expected an error, got none")
-		}
-		expected := "invalid JSON: invalid character 'i' looking for beginning of object key string"
-		if err.Error() != expected {
-			t.Errorf("expected: '%s', got: %s", expected, err.Error())
-		}
-	})
-}

api/server/httputils/httputils_write_json.go

@@ -0,0 +1,15 @@
+package httputils // import "github.com/docker/docker/api/server/httputils"
+
+import (
+	"encoding/json"
+	"net/http"
+)
+
+// WriteJSON writes the value v to the http response stream as json with standard json encoding.
+func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(code)
+	enc := json.NewEncoder(w)
+	enc.SetEscapeHTML(false)
+	return enc.Encode(v)
+}

api/server/middleware.go

@@ -16,7 +16,7 @@ func (s *Server) handlerWithGlobalMiddlewares(handler httputils.APIFunc) httputi
 		next = m.WrapHandler(next)
 	}
 
-	if logrus.GetLevel() == logrus.DebugLevel {
+	if s.cfg.Logging && logrus.GetLevel() == logrus.DebugLevel {
 		next = middleware.DebugRequestMiddleware(next)
 	}
 

api/server/middleware/cors.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/docker/docker/api/types/registry"
 	"github.com/sirupsen/logrus"
 )
 
@@ -31,7 +30,7 @@ func (c CORSMiddleware) WrapHandler(handler func(ctx context.Context, w http.Res
 
 		logrus.Debugf("CORS header is enabled and set to: %s", corsHeaders)
 		w.Header().Add("Access-Control-Allow-Origin", corsHeaders)
-		w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, "+registry.AuthHeader)
+		w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth")
 		w.Header().Add("Access-Control-Allow-Methods", "HEAD, GET, POST, DELETE, PUT, OPTIONS")
 		return handler(ctx, w, r, vars)
 	}

api/server/middleware/version.go

@@ -61,4 +61,5 @@ func (v VersionMiddleware) WrapHandler(handler func(ctx context.Context, w http.
 		ctx = context.WithValue(ctx, httputils.APIVersionKey{}, apiVersion)
 		return handler(ctx, w, r, vars)
 	}
+
 }

api/server/router/build/build.go

@@ -1,8 +1,6 @@
 package build // import "github.com/docker/docker/api/server/router/build"
 
 import (
-	"runtime"
-
 	"github.com/docker/docker/api/server/router"
 	"github.com/docker/docker/api/types"
 )
@@ -39,24 +37,17 @@ func (r *buildRouter) initRoutes() {
 	}
 }
 
-// BuilderVersion derives the default docker builder version from the config.
-//
-// The default on Linux is version "2" (BuildKit), but the daemon can be
-// configured to recommend version "1" (classic Builder). Windows does not
-// yet support BuildKit for native Windows images, and uses "1" (classic builder)
-// as a default.
-//
-// This value is only a recommendation as advertised by the daemon, and it is
-// up to the client to choose which builder to use.
+// BuilderVersion derives the default docker builder version from the config
+// Note: it is valid to have BuilderVersion unset which means it is up to the
+// client to choose which builder to use.
 func BuilderVersion(features map[string]bool) types.BuilderVersion {
-	// TODO(thaJeztah) move the default to daemon/config
-	if runtime.GOOS == "windows" {
-		return types.BuilderV1
-	}
-
-	bv := types.BuilderBuildKit
-	if v, ok := features["buildkit"]; ok && !v {
-		bv = types.BuilderV1
+	var bv types.BuilderVersion
+	if v, ok := features["buildkit"]; ok {
+		if v {
+			bv = types.BuilderBuildKit
+		} else {
+			bv = types.BuilderV1
+		}
 	}
 	return bv
 }

api/server/router/build/build_routes.go

@@ -19,8 +19,8 @@ import (
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
@@ -29,11 +29,13 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-type invalidParam struct {
-	error
+type invalidIsolationError string
+
+func (e invalidIsolationError) Error() string {
+	return fmt.Sprintf("Unsupported isolation: %q", string(e))
 }
 
-func (e invalidParam) InvalidParameter() {}
+func (e invalidIsolationError) InvalidParameter() {}
 
 func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBuildOptions, error) {
 	options := &types.ImageBuildOptions{
@@ -62,8 +64,7 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	}
 
 	if runtime.GOOS != "windows" && options.SecurityOpt != nil {
-		// SecurityOpt only supports "credentials-spec" on Windows, and not used on other platforms.
-		return nil, invalidParam{errors.New("security options are not supported on " + runtime.GOOS)}
+		return nil, errdefs.InvalidParameter(errors.New("The daemon on this platform does not support setting security options on build"))
 	}
 
 	version := httputils.VersionFromContext(ctx)
@@ -85,7 +86,7 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 		if outputsJSON != "" {
 			var outputs []types.ImageBuildOutput
 			if err := json.Unmarshal([]byte(outputsJSON), &outputs); err != nil {
-				return nil, invalidParam{errors.Wrap(err, "invalid outputs specified")}
+				return nil, err
 			}
 			options.Outputs = outputs
 		}
@@ -102,14 +103,14 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	if i := r.FormValue("isolation"); i != "" {
 		options.Isolation = container.Isolation(i)
 		if !options.Isolation.IsValid() {
-			return nil, invalidParam{errors.Errorf("unsupported isolation: %q", i)}
+			return nil, invalidIsolationError(options.Isolation)
 		}
 	}
 
 	if ulimitsJSON := r.FormValue("ulimits"); ulimitsJSON != "" {
 		var buildUlimits = []*units.Ulimit{}
 		if err := json.Unmarshal([]byte(ulimitsJSON), &buildUlimits); err != nil {
-			return nil, invalidParam{errors.Wrap(err, "error reading ulimit settings")}
+			return nil, errors.Wrap(errdefs.InvalidParameter(err), "error reading ulimit settings")
 		}
 		options.Ulimits = buildUlimits
 	}
@@ -129,7 +130,7 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	if buildArgsJSON := r.FormValue("buildargs"); buildArgsJSON != "" {
 		var buildArgs = map[string]*string{}
 		if err := json.Unmarshal([]byte(buildArgsJSON), &buildArgs); err != nil {
-			return nil, invalidParam{errors.Wrap(err, "error reading build args")}
+			return nil, errors.Wrap(errdefs.InvalidParameter(err), "error reading build args")
 		}
 		options.BuildArgs = buildArgs
 	}
@@ -137,7 +138,7 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	if labelsJSON := r.FormValue("labels"); labelsJSON != "" {
 		var labels = map[string]string{}
 		if err := json.Unmarshal([]byte(labelsJSON), &labels); err != nil {
-			return nil, invalidParam{errors.Wrap(err, "error reading labels")}
+			return nil, errors.Wrap(errdefs.InvalidParameter(err), "error reading labels")
 		}
 		options.Labels = labels
 	}
@@ -145,7 +146,7 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	if cacheFromJSON := r.FormValue("cachefrom"); cacheFromJSON != "" {
 		var cacheFrom = []string{}
 		if err := json.Unmarshal([]byte(cacheFromJSON), &cacheFrom); err != nil {
-			return nil, invalidParam{errors.Wrap(err, "error reading cache-from")}
+			return nil, err
 		}
 		options.CacheFrom = cacheFrom
 	}
@@ -168,7 +169,7 @@ func parseVersion(s string) (types.BuilderVersion, error) {
 	case types.BuilderBuildKit:
 		return types.BuilderBuildKit, nil
 	default:
-		return "", invalidParam{errors.Errorf("invalid version %q", s)}
+		return "", errors.Errorf("invalid version %q", s)
 	}
 }
 
@@ -178,7 +179,7 @@ func (br *buildRouter) postPrune(ctx context.Context, w http.ResponseWriter, r *
 	}
 	fltrs, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
-		return err
+		return errors.Wrap(err, "could not parse filters")
 	}
 	ksfv := r.FormValue("keep-storage")
 	if ksfv == "" {
@@ -186,7 +187,7 @@ func (br *buildRouter) postPrune(ctx context.Context, w http.ResponseWriter, r *
 	}
 	ks, err := strconv.Atoi(ksfv)
 	if err != nil {
-		return invalidParam{errors.Wrapf(err, "keep-storage is in bytes and expects an integer, got %v", ksfv)}
+		return errors.Wrapf(err, "keep-storage is in bytes and expects an integer, got %v", ksfv)
 	}
 
 	opts := types.BuildCachePruneOptions{
@@ -207,7 +208,7 @@ func (br *buildRouter) postCancel(ctx context.Context, w http.ResponseWriter, r
 
 	id := r.FormValue("id")
 	if id == "" {
-		return invalidParam{errors.New("build ID not provided")}
+		return errors.Errorf("build ID not provided")
 	}
 
 	return br.backend.Cancel(ctx, id)
@@ -237,6 +238,7 @@ func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *
 	defer func() { _ = output.Close() }()
 
 	errf := func(err error) error {
+
 		if httputils.BoolValue(r, "q") && notVerboseBuffer.Len() > 0 {
 			_, _ = output.Write(notVerboseBuffer.Bytes())
 		}
@@ -260,7 +262,7 @@ func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *
 	buildOptions.AuthConfigs = getAuthConfigs(r.Header)
 
 	if buildOptions.Squash && !br.daemon.HasExperimental() {
-		return invalidParam{errors.New("squash is only supported with experimental mode")}
+		return errdefs.InvalidParameter(errors.New("squash is only supported with experimental mode"))
 	}
 
 	out := io.Writer(output)
@@ -294,8 +296,8 @@ func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *
 	return nil
 }
 
-func getAuthConfigs(header http.Header) map[string]registry.AuthConfig {
-	authConfigs := map[string]registry.AuthConfig{}
+func getAuthConfigs(header http.Header) map[string]types.AuthConfig {
+	authConfigs := map[string]types.AuthConfig{}
 	authConfigsEncoded := header.Get("X-Registry-Config")
 
 	if authConfigsEncoded == "" {

api/server/router/checkpoint/checkpoint_routes.go

@@ -2,6 +2,7 @@ package checkpoint // import "github.com/docker/docker/api/server/router/checkpo
 
 import (
 	"context"
+	"encoding/json"
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
@@ -14,7 +15,9 @@ func (s *checkpointRouter) postContainerCheckpoint(ctx context.Context, w http.R
 	}
 
 	var options types.CheckpointCreateOptions
-	if err := httputils.ReadJSON(r, &options); err != nil {
+
+	decoder := json.NewDecoder(r.Body)
+	if err := decoder.Decode(&options); err != nil {
 		return err
 	}
 

api/server/router/container/backend.go

@@ -17,7 +17,7 @@ type execBackend interface {
 	ContainerExecCreate(name string, config *types.ExecConfig) (string, error)
 	ContainerExecInspect(id string) (*backend.ExecInspect, error)
 	ContainerExecResize(name string, height, width int) error
-	ContainerExecStart(ctx context.Context, name string, options container.ExecStartOptions) error
+	ContainerExecStart(ctx context.Context, name string, stdin io.Reader, stdout io.Writer, stderr io.Writer) error
 	ExecExists(name string) (bool, error)
 }
 
@@ -25,22 +25,22 @@ type execBackend interface {
 type copyBackend interface {
 	ContainerArchivePath(name string, path string) (content io.ReadCloser, stat *types.ContainerPathStat, err error)
 	ContainerCopy(name string, res string) (io.ReadCloser, error)
-	ContainerExport(ctx context.Context, name string, out io.Writer) error
+	ContainerExport(name string, out io.Writer) error
 	ContainerExtractToDir(name, path string, copyUIDGID, noOverwriteDirNonDir bool, content io.Reader) error
 	ContainerStatPath(name string, path string) (stat *types.ContainerPathStat, err error)
 }
 
 // stateBackend includes functions to implement to provide container state lifecycle functionality.
 type stateBackend interface {
-	ContainerCreate(ctx context.Context, config types.ContainerCreateConfig) (container.CreateResponse, error)
-	ContainerKill(name string, signal string) error
+	ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
+	ContainerKill(name string, sig uint64) error
 	ContainerPause(name string) error
 	ContainerRename(oldName, newName string) error
 	ContainerResize(name string, height, width int) error
-	ContainerRestart(ctx context.Context, name string, options container.StopOptions) error
+	ContainerRestart(name string, seconds *int) error
 	ContainerRm(name string, config *types.ContainerRmConfig) error
-	ContainerStart(ctx context.Context, name string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error
-	ContainerStop(ctx context.Context, name string, options container.StopOptions) error
+	ContainerStart(name string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error
+	ContainerStop(name string, seconds *int) error
 	ContainerUnpause(name string) error
 	ContainerUpdate(name string, hostConfig *container.HostConfig) (container.ContainerUpdateOKBody, error)
 	ContainerWait(ctx context.Context, name string, condition containerpkg.WaitCondition) (<-chan containerpkg.StateStatus, error)
@@ -48,13 +48,13 @@ type stateBackend interface {
 
 // monitorBackend includes functions to implement to provide containers monitoring functionality.
 type monitorBackend interface {
-	ContainerChanges(ctx context.Context, name string) ([]archive.Change, error)
-	ContainerInspect(ctx context.Context, name string, size bool, version string) (interface{}, error)
+	ContainerChanges(name string) ([]archive.Change, error)
+	ContainerInspect(name string, size bool, version string) (interface{}, error)
 	ContainerLogs(ctx context.Context, name string, config *types.ContainerLogsOptions) (msgs <-chan *backend.LogMessage, tty bool, err error)
 	ContainerStats(ctx context.Context, name string, config *backend.ContainerStatsConfig) error
 	ContainerTop(name string, psArgs string) (*container.ContainerTopOKBody, error)
 
-	Containers(ctx context.Context, config *types.ContainerListOptions) ([]*types.Container, error)
+	Containers(config *types.ContainerListOptions) ([]*types.Container, error)
 }
 
 // attachBackend includes function to implement to provide container attaching functionality.
@@ -68,7 +68,7 @@ type systemBackend interface {
 }
 
 type commitBackend interface {
-	CreateImageFromContainer(ctx context.Context, name string, config *backend.CreateImageConfig) (imageID string, err error)
+	CreateImageFromContainer(name string, config *backend.CreateImageConfig) (imageID string, err error)
 }
 
 // Backend is all the methods that need to be implemented to provide container specific functionality.

api/server/router/container/container.go

@@ -56,7 +56,7 @@ func (r *containerRouter) initRoutes() {
 		router.NewPostRoute("/containers/{name:.*}/wait", r.postContainersWait),
 		router.NewPostRoute("/containers/{name:.*}/resize", r.postContainersResize),
 		router.NewPostRoute("/containers/{name:.*}/attach", r.postContainersAttach),
-		router.NewPostRoute("/containers/{name:.*}/copy", r.postContainersCopy), // Deprecated since 1.8 (API v1.20), errors out since 1.12 (API v1.24)
+		router.NewPostRoute("/containers/{name:.*}/copy", r.postContainersCopy), // Deprecated since 1.8, Errors out since 1.12
 		router.NewPostRoute("/containers/{name:.*}/exec", r.postContainerExecCreate),
 		router.NewPostRoute("/exec/{name:.*}/start", r.postContainerExecStart),
 		router.NewPostRoute("/exec/{name:.*}/resize", r.postContainerExecResize),

api/server/router/container/container_routes.go

@@ -6,22 +6,21 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"runtime"
 	"strconv"
+	"syscall"
 
 	"github.com/containerd/containerd/platforms"
-	"github.com/docker/docker/api/server/httpstatus"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/api/types/versions"
 	containerpkg "github.com/docker/docker/container"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/docker/docker/pkg/signal"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/net/websocket"
@@ -44,23 +43,21 @@ func (s *containerRouter) postCommit(ctx context.Context, w http.ResponseWriter,
 	}
 
 	config, _, _, err := s.decoder.DecodeConfig(r.Body)
-	if err != nil && !errors.Is(err, io.EOF) { // Do not fail if body is empty.
+	if err != nil && err != io.EOF { // Do not fail if body is empty.
 		return err
 	}
 
-	ref, err := httputils.RepoTagReference(r.Form.Get("repo"), r.Form.Get("tag"))
-	if err != nil {
-		return errdefs.InvalidParameter(err)
-	}
-
-	imgID, err := s.backend.CreateImageFromContainer(ctx, r.Form.Get("container"), &backend.CreateImageConfig{
+	commitCfg := &backend.CreateImageConfig{
 		Pause:   pause,
-		Tag:     ref,
+		Repo:    r.Form.Get("repo"),
+		Tag:     r.Form.Get("tag"),
 		Author:  r.Form.Get("author"),
 		Comment: r.Form.Get("comment"),
 		Config:  config,
 		Changes: r.Form["changes"],
-	})
+	}
+
+	imgID, err := s.backend.CreateImageFromContainer(r.Form.Get("container"), commitCfg)
 	if err != nil {
 		return err
 	}
@@ -93,7 +90,7 @@ func (s *containerRouter) getContainersJSON(ctx context.Context, w http.Response
 		config.Limit = limit
 	}
 
-	containers, err := s.backend.Containers(ctx, config)
+	containers, err := s.backend.Containers(config)
 	if err != nil {
 		return err
 	}
@@ -157,12 +154,6 @@ func (s *containerRouter) getContainersLogs(ctx context.Context, w http.Response
 		return err
 	}
 
-	contentType := types.MediaTypeRawStream
-	if !tty && versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
-		contentType = types.MediaTypeMultiplexedStream
-	}
-	w.Header().Set("Content-Type", contentType)
-
 	// if has a tty, we're not muxing streams. if it doesn't, we are. simple.
 	// this is the point of no return for writing a response. once we call
 	// WriteLogStream, the response has been started and errors will be
@@ -172,7 +163,7 @@ func (s *containerRouter) getContainersLogs(ctx context.Context, w http.Response
 }
 
 func (s *containerRouter) getContainersExport(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	return s.backend.ContainerExport(ctx, vars["name"], w)
+	return s.backend.ContainerExport(vars["name"], w)
 }
 
 type bodyOnStartError struct{}
@@ -216,7 +207,7 @@ func (s *containerRouter) postContainersStart(ctx context.Context, w http.Respon
 
 	checkpoint := r.Form.Get("checkpoint")
 	checkpointDir := r.Form.Get("checkpoint-dir")
-	if err := s.backend.ContainerStart(ctx, vars["name"], hostConfig, checkpoint, checkpointDir); err != nil {
+	if err := s.backend.ContainerStart(vars["name"], hostConfig, checkpoint, checkpointDir); err != nil {
 		return err
 	}
 
@@ -229,26 +220,20 @@ func (s *containerRouter) postContainersStop(ctx context.Context, w http.Respons
 		return err
 	}
 
-	var (
-		options container.StopOptions
-		version = httputils.VersionFromContext(ctx)
-	)
-	if versions.GreaterThanOrEqualTo(version, "1.42") {
-		options.Signal = r.Form.Get("signal")
-	}
+	var seconds *int
 	if tmpSeconds := r.Form.Get("t"); tmpSeconds != "" {
 		valSeconds, err := strconv.Atoi(tmpSeconds)
 		if err != nil {
 			return err
 		}
-		options.Timeout = &valSeconds
+		seconds = &valSeconds
 	}
 
-	if err := s.backend.ContainerStop(ctx, vars["name"], options); err != nil {
+	if err := s.backend.ContainerStop(vars["name"], seconds); err != nil {
 		return err
 	}
-
 	w.WriteHeader(http.StatusNoContent)
+
 	return nil
 }
 
@@ -257,8 +242,18 @@ func (s *containerRouter) postContainersKill(ctx context.Context, w http.Respons
 		return err
 	}
 
+	var sig syscall.Signal
 	name := vars["name"]
-	if err := s.backend.ContainerKill(name, r.Form.Get("signal")); err != nil {
+
+	// If we have a signal, look at it. Otherwise, do nothing
+	if sigStr := r.Form.Get("signal"); sigStr != "" {
+		var err error
+		if sig, err = signal.ParseSignal(sigStr); err != nil {
+			return errdefs.InvalidParameter(err)
+		}
+	}
+
+	if err := s.backend.ContainerKill(name, uint64(sig)); err != nil {
 		var isStopped bool
 		if errdefs.IsConflict(err) {
 			isStopped = true
@@ -282,26 +277,21 @@ func (s *containerRouter) postContainersRestart(ctx context.Context, w http.Resp
 		return err
 	}
 
-	var (
-		options container.StopOptions
-		version = httputils.VersionFromContext(ctx)
-	)
-	if versions.GreaterThanOrEqualTo(version, "1.42") {
-		options.Signal = r.Form.Get("signal")
-	}
+	var seconds *int
 	if tmpSeconds := r.Form.Get("t"); tmpSeconds != "" {
 		valSeconds, err := strconv.Atoi(tmpSeconds)
 		if err != nil {
 			return err
 		}
-		options.Timeout = &valSeconds
+		seconds = &valSeconds
 	}
 
-	if err := s.backend.ContainerRestart(ctx, vars["name"], options); err != nil {
+	if err := s.backend.ContainerRestart(vars["name"], seconds); err != nil {
 		return err
 	}
 
 	w.WriteHeader(http.StatusNoContent)
+
 	return nil
 }
 
@@ -346,18 +336,12 @@ func (s *containerRouter) postContainersWait(ctx context.Context, w http.Respons
 		if err := httputils.ParseForm(r); err != nil {
 			return err
 		}
-		if v := r.Form.Get("condition"); v != "" {
-			switch container.WaitCondition(v) {
-			case container.WaitConditionNotRunning:
-				waitCondition = containerpkg.WaitConditionNotRunning
-			case container.WaitConditionNextExit:
-				waitCondition = containerpkg.WaitConditionNextExit
-			case container.WaitConditionRemoved:
-				waitCondition = containerpkg.WaitConditionRemoved
-				legacyRemovalWaitPre134 = versions.LessThan(version, "1.34")
-			default:
-				return errdefs.InvalidParameter(errors.Errorf("invalid condition: %q", v))
-			}
+		switch container.WaitCondition(r.Form.Get("condition")) {
+		case container.WaitConditionNextExit:
+			waitCondition = containerpkg.WaitConditionNextExit
+		case container.WaitConditionRemoved:
+			waitCondition = containerpkg.WaitConditionRemoved
+			legacyRemovalWaitPre134 = versions.LessThan(version, "1.34")
 		}
 	}
 
@@ -387,19 +371,19 @@ func (s *containerRouter) postContainersWait(ctx context.Context, w http.Respons
 		return nil
 	}
 
-	var waitError *container.WaitExitError
+	var waitError *container.ContainerWaitOKBodyError
 	if status.Err() != nil {
-		waitError = &container.WaitExitError{Message: status.Err().Error()}
+		waitError = &container.ContainerWaitOKBodyError{Message: status.Err().Error()}
 	}
 
-	return json.NewEncoder(w).Encode(&container.WaitResponse{
+	return json.NewEncoder(w).Encode(&container.ContainerWaitOKBody{
 		StatusCode: int64(status.ExitCode()),
 		Error:      waitError,
 	})
 }
 
 func (s *containerRouter) getContainersChanges(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	changes, err := s.backend.ContainerChanges(ctx, vars["name"])
+	changes, err := s.backend.ContainerChanges(vars["name"])
 	if err != nil {
 		return err
 	}
@@ -438,20 +422,19 @@ func (s *containerRouter) postContainerUpdate(ctx context.Context, w http.Respon
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
 
 	var updateConfig container.UpdateConfig
-	if err := httputils.ReadJSON(r, &updateConfig); err != nil {
+
+	decoder := json.NewDecoder(r.Body)
+	if err := decoder.Decode(&updateConfig); err != nil {
 		return err
 	}
 	if versions.LessThan(httputils.VersionFromContext(ctx), "1.40") {
 		updateConfig.PidsLimit = nil
 	}
-
-	if versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
-		// Ignore KernelMemory removed in API 1.42.
-		updateConfig.KernelMemory = 0
-	}
-
 	if updateConfig.PidsLimit != nil && *updateConfig.PidsLimit <= 0 {
 		// Both `0` and `-1` are accepted to set "unlimited" when updating.
 		// Historically, any negative value was accepted, so treat them as
@@ -486,9 +469,6 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 
 	config, hostConfig, networkingConfig, err := s.decoder.DecodeConfig(r.Body)
 	if err != nil {
-		if errors.Is(err, io.EOF) {
-			return errdefs.InvalidParameter(errors.New("invalid JSON: got EOF while reading request body"))
-		}
 		return err
 	}
 	version := httputils.VersionFromContext(ctx)
@@ -511,65 +491,17 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 
 		// Older clients (API < 1.40) expects the default to be shareable, make them happy
 		if hostConfig.IpcMode.IsEmpty() {
-			hostConfig.IpcMode = container.IPCModeShareable
+			hostConfig.IpcMode = container.IpcMode("shareable")
 		}
 	}
 	if hostConfig != nil && versions.LessThan(version, "1.41") && !s.cgroup2 {
 		// Older clients expect the default to be "host" on cgroup v1 hosts
 		if hostConfig.CgroupnsMode.IsEmpty() {
-			hostConfig.CgroupnsMode = container.CgroupnsModeHost
+			hostConfig.CgroupnsMode = container.CgroupnsMode("host")
 		}
 	}
 
-	if hostConfig != nil && versions.LessThan(version, "1.42") {
-		for _, m := range hostConfig.Mounts {
-			// Ignore BindOptions.CreateMountpoint because it was added in API 1.42.
-			if bo := m.BindOptions; bo != nil {
-				bo.CreateMountpoint = false
-			}
-
-			// These combinations are invalid, but weren't validated in API < 1.42.
-			// We reset them here, so that validation doesn't produce an error.
-			if o := m.VolumeOptions; o != nil && m.Type != mount.TypeVolume {
-				m.VolumeOptions = nil
-			}
-			if o := m.TmpfsOptions; o != nil && m.Type != mount.TypeTmpfs {
-				m.TmpfsOptions = nil
-			}
-			if bo := m.BindOptions; bo != nil {
-				// Ignore BindOptions.CreateMountpoint because it was added in API 1.42.
-				bo.CreateMountpoint = false
-			}
-		}
-	}
-
-	if hostConfig != nil && versions.GreaterThanOrEqualTo(version, "1.42") {
-		// Ignore KernelMemory removed in API 1.42.
-		hostConfig.KernelMemory = 0
-		for _, m := range hostConfig.Mounts {
-			if o := m.VolumeOptions; o != nil && m.Type != mount.TypeVolume {
-				return errdefs.InvalidParameter(fmt.Errorf("VolumeOptions must not be specified on mount type %q", m.Type))
-			}
-			if o := m.BindOptions; o != nil && m.Type != mount.TypeBind {
-				return errdefs.InvalidParameter(fmt.Errorf("BindOptions must not be specified on mount type %q", m.Type))
-			}
-			if o := m.TmpfsOptions; o != nil && m.Type != mount.TypeTmpfs {
-				return errdefs.InvalidParameter(fmt.Errorf("TmpfsOptions must not be specified on mount type %q", m.Type))
-			}
-		}
-	}
-
-	if hostConfig != nil && runtime.GOOS == "linux" && versions.LessThan(version, "1.42") {
-		// ConsoleSize is not respected by Linux daemon before API 1.42
-		hostConfig.ConsoleSize = [2]uint{0, 0}
-	}
-
-	if hostConfig != nil && versions.LessThan(version, "1.43") {
-		// Ignore Annotations because it was added in API v1.43.
-		hostConfig.Annotations = nil
-	}
-
-	var platform *ocispec.Platform
+	var platform *specs.Platform
 	if versions.GreaterThanOrEqualTo(version, "1.41") {
 		if v := r.Form.Get("platform"); v != "" {
 			p, err := platforms.Parse(v)
@@ -588,7 +520,7 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 		hostConfig.PidsLimit = nil
 	}
 
-	ccr, err := s.backend.ContainerCreate(ctx, types.ContainerCreateConfig{
+	ccr, err := s.backend.ContainerCreate(types.ContainerCreateConfig{
 		Name:             name,
 		Config:           config,
 		HostConfig:       hostConfig,
@@ -656,8 +588,7 @@ func (s *containerRouter) postContainersAttach(ctx context.Context, w http.Respo
 		return errdefs.InvalidParameter(errors.Errorf("error attaching to container %s, hijack connection missing", containerName))
 	}
 
-	contentType := types.MediaTypeRawStream
-	setupStreams := func(multiplexed bool) (io.ReadCloser, io.Writer, io.Writer, error) {
+	setupStreams := func() (io.ReadCloser, io.Writer, io.Writer, error) {
 		conn, _, err := hijacker.Hijack()
 		if err != nil {
 			return nil, nil, nil, err
@@ -667,10 +598,7 @@ func (s *containerRouter) postContainersAttach(ctx context.Context, w http.Respo
 		conn.Write([]byte{})
 
 		if upgrade {
-			if multiplexed && versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
-				contentType = types.MediaTypeMultiplexedStream
-			}
-			fmt.Fprintf(conn, "HTTP/1.1 101 UPGRADED\r\nContent-Type: "+contentType+"\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n")
+			fmt.Fprintf(conn, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n")
 		} else {
 			fmt.Fprintf(conn, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
 		}
@@ -694,16 +622,16 @@ func (s *containerRouter) postContainersAttach(ctx context.Context, w http.Respo
 	}
 
 	if err = s.backend.ContainerAttach(containerName, attachConfig); err != nil {
-		logrus.WithError(err).Errorf("Handler for %s %s returned error", r.Method, r.URL.Path)
+		logrus.Errorf("Handler for %s %s returned error: %v", r.Method, r.URL.Path, err)
 		// Remember to close stream if error happens
 		conn, _, errHijack := hijacker.Hijack()
-		if errHijack != nil {
-			logrus.WithError(err).Errorf("Handler for %s %s: unable to close stream; error when hijacking connection", r.Method, r.URL.Path)
-		} else {
-			statusCode := httpstatus.FromError(err)
+		if errHijack == nil {
+			statusCode := errdefs.GetHTTPErrorStatusCode(err)
 			statusText := http.StatusText(statusCode)
-			fmt.Fprintf(conn, "HTTP/1.1 %d %s\r\nContent-Type: %s\r\n\r\n%s\r\n", statusCode, statusText, contentType, err.Error())
+			fmt.Fprintf(conn, "HTTP/1.1 %d %s\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n%s\r\n", statusCode, statusText, err.Error())
 			httputils.CloseStreams(conn)
+		} else {
+			logrus.Errorf("Error Hijacking: %v", err)
 		}
 	}
 	return nil
@@ -723,7 +651,7 @@ func (s *containerRouter) wsContainersAttach(ctx context.Context, w http.Respons
 
 	version := httputils.VersionFromContext(ctx)
 
-	setupStreams := func(multiplexed bool) (io.ReadCloser, io.Writer, io.Writer, error) {
+	setupStreams := func() (io.ReadCloser, io.Writer, io.Writer, error) {
 		wsChan := make(chan *websocket.Conn)
 		h := func(conn *websocket.Conn) {
 			wsChan <- conn
@@ -745,22 +673,15 @@ func (s *containerRouter) wsContainersAttach(ctx context.Context, w http.Respons
 		return conn, conn, conn, nil
 	}
 
-	useStdin, useStdout, useStderr := true, true, true
-	if versions.GreaterThanOrEqualTo(version, "1.42") {
-		useStdin = httputils.BoolValue(r, "stdin")
-		useStdout = httputils.BoolValue(r, "stdout")
-		useStderr = httputils.BoolValue(r, "stderr")
-	}
-
 	attachConfig := &backend.ContainerAttachConfig{
 		GetStreams: setupStreams,
-		UseStdin:   useStdin,
-		UseStdout:  useStdout,
-		UseStderr:  useStderr,
 		Logs:       httputils.BoolValue(r, "logs"),
 		Stream:     httputils.BoolValue(r, "stream"),
 		DetachKeys: detachKeys,
-		MuxStreams: false, // never multiplex, as we rely on websocket to manage distinct streams
+		UseStdin:   true,
+		UseStdout:  true,
+		UseStderr:  true,
+		MuxStreams: false, // TODO: this should be true since it's a single stream for both stdout and stderr
 	}
 
 	err = s.backend.ContainerAttach(containerName, attachConfig)
@@ -785,7 +706,7 @@ func (s *containerRouter) postContainersPrune(ctx context.Context, w http.Respon
 
 	pruneFilters, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
 	pruneReport, err := s.backend.ContainersPrune(ctx, pruneFilters)

api/server/router/container/copy.go

@@ -6,12 +6,14 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"io"
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/errdefs"
 	gddohttputil "github.com/golang/gddo/httputil"
 )
 
@@ -24,18 +26,23 @@ func (pathError) Error() string {
 func (pathError) InvalidParameter() {}
 
 // postContainersCopy is deprecated in favor of getContainersArchive.
-//
-// Deprecated since 1.8 (API v1.20), errors out since 1.12 (API v1.24)
 func (s *containerRouter) postContainersCopy(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	// Deprecated since 1.8, Errors out since 1.12
 	version := httputils.VersionFromContext(ctx)
 	if versions.GreaterThanOrEqualTo(version, "1.24") {
 		w.WriteHeader(http.StatusNotFound)
 		return nil
 	}
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
 
 	cfg := types.CopyConfig{}
-	if err := httputils.ReadJSON(r, &cfg); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&cfg); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	if cfg.Resource == "" {

api/server/router/container/exec.go

@@ -2,6 +2,8 @@ package container // import "github.com/docker/docker/api/server/router/containe
 
 import (
 	"context"
+	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -9,7 +11,6 @@ import (
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/stdcopy"
@@ -37,26 +38,27 @@ func (s *containerRouter) postContainerExecCreate(ctx context.Context, w http.Re
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
+	if err := httputils.CheckForJSON(r); err != nil {
+		return err
+	}
+	name := vars["name"]
 
 	execConfig := &types.ExecConfig{}
-	if err := httputils.ReadJSON(r, execConfig); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(execConfig); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	if len(execConfig.Cmd) == 0 {
 		return execCommandError{}
 	}
 
-	version := httputils.VersionFromContext(ctx)
-	if versions.LessThan(version, "1.42") {
-		// Not supported by API versions before 1.42
-		execConfig.ConsoleSize = nil
-	}
-
 	// Register an instance of Exec in container.
-	id, err := s.backend.ContainerExecCreate(vars["name"], execConfig)
+	id, err := s.backend.ContainerExecCreate(name, execConfig)
 	if err != nil {
-		logrus.Errorf("Error setting up exec command in container %s: %v", vars["name"], err)
+		logrus.Errorf("Error setting up exec command in container %s: %v", name, err)
 		return err
 	}
 
@@ -72,11 +74,9 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 	}
 
 	version := httputils.VersionFromContext(ctx)
-	if versions.LessThan(version, "1.22") {
-		// API versions before 1.22 did not enforce application/json content-type.
-		// Allow older clients to work by patching the content-type.
-		if r.Header.Get("Content-Type") != "application/json" {
-			r.Header.Set("Content-Type", "application/json")
+	if versions.GreaterThan(version, "1.21") {
+		if err := httputils.CheckForJSON(r); err != nil {
+			return err
 		}
 	}
 
@@ -87,26 +87,17 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 	)
 
 	execStartCheck := &types.ExecStartCheck{}
-	if err := httputils.ReadJSON(r, execStartCheck); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(execStartCheck); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	if exists, err := s.backend.ExecExists(execName); !exists {
 		return err
 	}
 
-	if execStartCheck.ConsoleSize != nil {
-		// Not supported before 1.42
-		if versions.LessThan(version, "1.42") {
-			execStartCheck.ConsoleSize = nil
-		}
-
-		// No console without tty
-		if !execStartCheck.Tty {
-			execStartCheck.ConsoleSize = nil
-		}
-	}
-
 	if !execStartCheck.Detach {
 		var err error
 		// Setting up the streaming http interface.
@@ -117,11 +108,7 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 		defer httputils.CloseStreams(inStream, outStream)
 
 		if _, ok := r.Header["Upgrade"]; ok {
-			contentType := types.MediaTypeRawStream
-			if !execStartCheck.Tty && versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
-				contentType = types.MediaTypeMultiplexedStream
-			}
-			fmt.Fprint(outStream, "HTTP/1.1 101 UPGRADED\r\nContent-Type: "+contentType+"\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n")
+			fmt.Fprint(outStream, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n")
 		} else {
 			fmt.Fprint(outStream, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n")
 		}
@@ -140,16 +127,9 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 		}
 	}
 
-	options := container.ExecStartOptions{
-		Stdin:       stdin,
-		Stdout:      stdout,
-		Stderr:      stderr,
-		ConsoleSize: execStartCheck.ConsoleSize,
-	}
-
 	// Now run the user process in container.
 	// Maybe we should we pass ctx here if we're not detaching?
-	if err := s.backend.ContainerExecStart(context.Background(), execName, options); err != nil {
+	if err := s.backend.ContainerExecStart(context.Background(), execName, stdin, stdout, stderr); err != nil {
 		if execStartCheck.Detach {
 			return err
 		}

api/server/router/container/inspect.go

@@ -12,7 +12,7 @@ func (s *containerRouter) getContainersByName(ctx context.Context, w http.Respon
 	displaySize := httputils.BoolValue(r, "size")
 
 	version := httputils.VersionFromContext(ctx)
-	json, err := s.backend.ContainerInspect(ctx, vars["name"], displaySize, version)
+	json, err := s.backend.ContainerInspect(vars["name"], displaySize, version)
 	if err != nil {
 		return err
 	}

api/server/router/distribution/backend.go

@@ -5,11 +5,11 @@ import (
 
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/reference"
-	"github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/api/types"
 )
 
 // Backend is all the methods that need to be implemented
 // to provide image specific functionality.
 type Backend interface {
-	GetRepository(context.Context, reference.Named, *registry.AuthConfig) (distribution.Repository, error)
+	GetRepository(context.Context, reference.Named, *types.AuthConfig) (distribution.Repository, bool, error)
 }

api/server/router/distribution/distribution_routes.go

@@ -2,17 +2,20 @@ package distribution // import "github.com/docker/docker/api/server/router/distr
 
 import (
 	"context"
+	"encoding/base64"
 	"encoding/json"
 	"net/http"
+	"strings"
 
 	"github.com/docker/distribution/manifest/manifestlist"
 	"github.com/docker/distribution/manifest/schema1"
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/server/httputils"
-	"github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/errdefs"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
@@ -23,6 +26,21 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 
 	w.Header().Set("Content-Type", "application/json")
 
+	var (
+		config              = &types.AuthConfig{}
+		authEncoded         = r.Header.Get("X-Registry-Auth")
+		distributionInspect registrytypes.DistributionInspect
+	)
+
+	if authEncoded != "" {
+		authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+		if err := json.NewDecoder(authJSON).Decode(&config); err != nil {
+			// for a search it is not an error if no auth was given
+			// to increase compatibility with the existing api it is defaulting to be empty
+			config = &types.AuthConfig{}
+		}
+	}
+
 	image := vars["name"]
 
 	// TODO why is reference.ParseAnyReference() / reference.ParseNormalizedNamed() not using the reference.ErrTagInvalidFormat (and so on) errors?
@@ -39,16 +57,12 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 		return errdefs.InvalidParameter(errors.Errorf("unknown image reference format: %s", image))
 	}
 
-	// For a search it is not an error if no auth was given. Ignore invalid
-	// AuthConfig to increase compatibility with the existing API.
-	authConfig, _ := registry.DecodeAuthConfig(r.Header.Get(registry.AuthHeader))
-	distrepo, err := s.backend.GetRepository(ctx, namedRef, authConfig)
+	distrepo, _, err := s.backend.GetRepository(ctx, namedRef, config)
 	if err != nil {
 		return err
 	}
 	blobsrvc := distrepo.Blobs(ctx)
 
-	var distributionInspect registry.DistributionInspect
 	if canonicalRef, ok := namedRef.(reference.Canonical); !ok {
 		namedRef = reference.TagNameOnly(namedRef)
 
@@ -61,7 +75,7 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 		if err != nil {
 			return err
 		}
-		distributionInspect.Descriptor = ocispec.Descriptor{
+		distributionInspect.Descriptor = v1.Descriptor{
 			MediaType: descriptor.MediaType,
 			Digest:    descriptor.Digest,
 			Size:      descriptor.Size,
@@ -107,7 +121,7 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 	switch mnfstObj := mnfst.(type) {
 	case *manifestlist.DeserializedManifestList:
 		for _, m := range mnfstObj.Manifests {
-			distributionInspect.Platforms = append(distributionInspect.Platforms, ocispec.Platform{
+			distributionInspect.Platforms = append(distributionInspect.Platforms, v1.Platform{
 				Architecture: m.Platform.Architecture,
 				OS:           m.Platform.OS,
 				OSVersion:    m.Platform.OSVersion,
@@ -117,7 +131,7 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 		}
 	case *schema2.DeserializedManifest:
 		configJSON, err := blobsrvc.Get(ctx, mnfstObj.Config.Digest)
-		var platform ocispec.Platform
+		var platform v1.Platform
 		if err == nil {
 			err := json.Unmarshal(configJSON, &platform)
 			if err == nil && (platform.OS != "" || platform.Architecture != "") {
@@ -125,7 +139,7 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 			}
 		}
 	case *schema1.SignedManifest:
-		platform := ocispec.Platform{
+		platform := v1.Platform{
 			Architecture: mnfstObj.Architecture,
 			OS:           "linux",
 		}

api/server/router/grpc/grpc.go

@@ -2,7 +2,6 @@ package grpc // import "github.com/docker/docker/api/server/router/grpc"
 
 import (
 	"github.com/docker/docker/api/server/router"
-	"github.com/moby/buildkit/util/grpcerrors"
 	"golang.org/x/net/http2"
 	"google.golang.org/grpc"
 )
@@ -16,11 +15,8 @@ type grpcRouter struct {
 // NewRouter initializes a new grpc http router
 func NewRouter(backends ...Backend) router.Router {
 	r := &grpcRouter{
-		h2Server: &http2.Server{},
-		grpcServer: grpc.NewServer(
-			grpc.UnaryInterceptor(grpcerrors.UnaryServerInterceptor),
-			grpc.StreamInterceptor(grpcerrors.StreamServerInterceptor),
-		),
+		h2Server:   &http2.Server{},
+		grpcServer: grpc.NewServer(),
 	}
 	for _, b := range backends {
 		b.RegisterGRPC(r.grpcServer)
@@ -30,12 +26,12 @@ func NewRouter(backends ...Backend) router.Router {
 }
 
 // Routes returns the available routers to the session controller
-func (gr *grpcRouter) Routes() []router.Route {
-	return gr.routes
+func (r *grpcRouter) Routes() []router.Route {
+	return r.routes
 }
 
-func (gr *grpcRouter) initRoutes() {
-	gr.routes = []router.Route{
-		router.NewPostRoute("/grpc", gr.serveGRPC),
+func (r *grpcRouter) initRoutes() {
+	r.routes = []router.Route{
+		router.NewPostRoute("/grpc", r.serveGRPC),
 	}
 }

api/server/router/image/backend.go

@@ -4,13 +4,11 @@ import (
 	"context"
 	"io"
 
-	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/api/types/registry"
-	dockerimage "github.com/docker/docker/image"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // Backend is all the methods that need to be implemented
@@ -22,25 +20,22 @@ type Backend interface {
 }
 
 type imageBackend interface {
-	ImageDelete(ctx context.Context, imageRef string, force, prune bool) ([]types.ImageDeleteResponseItem, error)
-	ImageHistory(ctx context.Context, imageName string) ([]*image.HistoryResponseItem, error)
-	Images(ctx context.Context, opts types.ImageListOptions) ([]*types.ImageSummary, error)
-	GetImage(ctx context.Context, refOrID string, options image.GetImageOpts) (*dockerimage.Image, error)
-	TagImage(ctx context.Context, id dockerimage.ID, newRef reference.Named) error
+	ImageDelete(imageRef string, force, prune bool) ([]types.ImageDeleteResponseItem, error)
+	ImageHistory(imageName string) ([]*image.HistoryResponseItem, error)
+	Images(imageFilters filters.Args, all bool, withExtraAttrs bool) ([]*types.ImageSummary, error)
+	LookupImage(name string) (*types.ImageInspect, error)
+	TagImage(imageName, repository, tag string) (string, error)
 	ImagesPrune(ctx context.Context, pruneFilters filters.Args) (*types.ImagesPruneReport, error)
 }
 
 type importExportBackend interface {
-	LoadImage(ctx context.Context, inTar io.ReadCloser, outStream io.Writer, quiet bool) error
-	ImportImage(ctx context.Context, ref reference.Named, platform *ocispec.Platform, msg string, layerReader io.Reader, changes []string) (dockerimage.ID, error)
-	ExportImage(ctx context.Context, names []string, outStream io.Writer) error
+	LoadImage(inTar io.ReadCloser, outStream io.Writer, quiet bool) error
+	ImportImage(src string, repository, platform string, tag string, msg string, inConfig io.ReadCloser, outStream io.Writer, changes []string) error
+	ExportImage(names []string, outStream io.Writer) error
 }
 
 type registryBackend interface {
-	PullImage(ctx context.Context, image, tag string, platform *ocispec.Platform, metaHeaders map[string][]string, authConfig *registry.AuthConfig, outStream io.Writer) error
-	PushImage(ctx context.Context, ref reference.Named, metaHeaders map[string][]string, authConfig *registry.AuthConfig, outStream io.Writer) error
-}
-
-type Searcher interface {
-	Search(ctx context.Context, searchFilters filters.Args, term string, limit int, authConfig *registry.AuthConfig, headers map[string][]string) ([]registry.SearchResult, error)
+	PullImage(ctx context.Context, image, tag string, platform *specs.Platform, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
+	PushImage(ctx context.Context, image, tag string, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error
+	SearchRegistryForImages(ctx context.Context, filtersArgs string, term string, limit int, authConfig *types.AuthConfig, metaHeaders map[string][]string) (*registry.SearchResults, error)
 }

api/server/router/image/image.go

@@ -2,56 +2,43 @@ package image // import "github.com/docker/docker/api/server/router/image"
 
 import (
 	"github.com/docker/docker/api/server/router"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/layer"
-	"github.com/docker/docker/reference"
 )
 
 // imageRouter is a router to talk with the image controller
 type imageRouter struct {
-	backend          Backend
-	searcher         Searcher
-	referenceBackend reference.Store
-	imageStore       image.Store
-	layerStore       layer.Store
-	routes           []router.Route
+	backend Backend
+	routes  []router.Route
 }
 
 // NewRouter initializes a new image router
-func NewRouter(backend Backend, searcher Searcher, referenceBackend reference.Store, imageStore image.Store, layerStore layer.Store) router.Router {
-	ir := &imageRouter{
-		backend:          backend,
-		searcher:         searcher,
-		referenceBackend: referenceBackend,
-		imageStore:       imageStore,
-		layerStore:       layerStore,
-	}
-	ir.initRoutes()
-	return ir
+func NewRouter(backend Backend) router.Router {
+	r := &imageRouter{backend: backend}
+	r.initRoutes()
+	return r
 }
 
 // Routes returns the available routes to the image controller
-func (ir *imageRouter) Routes() []router.Route {
-	return ir.routes
+func (r *imageRouter) Routes() []router.Route {
+	return r.routes
 }
 
 // initRoutes initializes the routes in the image router
-func (ir *imageRouter) initRoutes() {
-	ir.routes = []router.Route{
+func (r *imageRouter) initRoutes() {
+	r.routes = []router.Route{
 		// GET
-		router.NewGetRoute("/images/json", ir.getImagesJSON),
-		router.NewGetRoute("/images/search", ir.getImagesSearch),
-		router.NewGetRoute("/images/get", ir.getImagesGet),
-		router.NewGetRoute("/images/{name:.*}/get", ir.getImagesGet),
-		router.NewGetRoute("/images/{name:.*}/history", ir.getImagesHistory),
-		router.NewGetRoute("/images/{name:.*}/json", ir.getImagesByName),
+		router.NewGetRoute("/images/json", r.getImagesJSON),
+		router.NewGetRoute("/images/search", r.getImagesSearch),
+		router.NewGetRoute("/images/get", r.getImagesGet),
+		router.NewGetRoute("/images/{name:.*}/get", r.getImagesGet),
+		router.NewGetRoute("/images/{name:.*}/history", r.getImagesHistory),
+		router.NewGetRoute("/images/{name:.*}/json", r.getImagesByName),
 		// POST
-		router.NewPostRoute("/images/load", ir.postImagesLoad),
-		router.NewPostRoute("/images/create", ir.postImagesCreate),
-		router.NewPostRoute("/images/{name:.*}/push", ir.postImagesPush),
-		router.NewPostRoute("/images/{name:.*}/tag", ir.postImagesTag),
-		router.NewPostRoute("/images/prune", ir.postImagesPrune),
+		router.NewPostRoute("/images/load", r.postImagesLoad),
+		router.NewPostRoute("/images/create", r.postImagesCreate),
+		router.NewPostRoute("/images/{name:.*}/push", r.postImagesPush),
+		router.NewPostRoute("/images/{name:.*}/tag", r.postImagesTag),
+		router.NewPostRoute("/images/prune", r.postImagesPrune),
 		// DELETE
-		router.NewDeleteRoute("/images/{name:.*}", ir.deleteImages),
+		router.NewDeleteRoute("/images/{name:.*}", r.deleteImages),
 	}
 }

api/server/router/image/image_routes.go

@@ -2,46 +2,41 @@ package image // import "github.com/docker/docker/api/server/router/image"
 
 import (
 	"context"
-	"io"
+	"encoding/base64"
+	"encoding/json"
 	"net/http"
-	"net/url"
 	"strconv"
 	"strings"
-	"time"
 
 	"github.com/containerd/containerd/platforms"
-	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	opts "github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/builder/remotecontext"
-	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/registry"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
 // Creates an image from Pull or from Import
-func (ir *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func (s *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
 
 	var (
-		img         = r.Form.Get("fromImage")
-		repo        = r.Form.Get("repo")
-		tag         = r.Form.Get("tag")
-		comment     = r.Form.Get("message")
-		progressErr error
-		output      = ioutils.NewWriteFlusher(w)
-		platform    *ocispec.Platform
+		image    = r.Form.Get("fromImage")
+		repo     = r.Form.Get("repo")
+		tag      = r.Form.Get("tag")
+		message  = r.Form.Get("message")
+		err      error
+		output   = ioutils.NewWriteFlusher(w)
+		platform *specs.Platform
 	)
 	defer output.Close()
 
@@ -49,16 +44,20 @@ func (ir *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWrit
 
 	version := httputils.VersionFromContext(ctx)
 	if versions.GreaterThanOrEqualTo(version, "1.32") {
-		if p := r.FormValue("platform"); p != "" {
-			sp, err := platforms.Parse(p)
+		apiPlatform := r.FormValue("platform")
+		if apiPlatform != "" {
+			sp, err := platforms.Parse(apiPlatform)
 			if err != nil {
 				return err
 			}
+			if err := system.ValidatePlatform(sp); err != nil {
+				return err
+			}
 			platform = &sp
 		}
 	}
 
-	if img != "" { // pull
+	if image != "" { // pull
 		metaHeaders := map[string][]string{}
 		for k, v := range r.Header {
 			if strings.HasPrefix(k, "X-Meta-") {
@@ -66,63 +65,39 @@ func (ir *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWrit
 			}
 		}
 
-		// For a pull it is not an error if no auth was given. Ignore invalid
-		// AuthConfig to increase compatibility with the existing API.
-		authConfig, _ := registry.DecodeAuthConfig(r.Header.Get(registry.AuthHeader))
-		progressErr = ir.backend.PullImage(ctx, img, tag, platform, metaHeaders, authConfig, output)
+		authEncoded := r.Header.Get("X-Registry-Auth")
+		authConfig := &types.AuthConfig{}
+		if authEncoded != "" {
+			authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+			if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
+				// for a pull it is not an error if no auth was given
+				// to increase compatibility with the existing api it is defaulting to be empty
+				authConfig = &types.AuthConfig{}
+			}
+		}
+		err = s.backend.PullImage(ctx, image, tag, platform, metaHeaders, authConfig, output)
 	} else { // import
 		src := r.Form.Get("fromSrc")
-
-		tagRef, err := httputils.RepoTagReference(repo, tag)
-		if err != nil {
-			return errdefs.InvalidParameter(err)
-		}
-
-		if len(comment) == 0 {
-			comment = "Imported from " + src
-		}
-
-		var layerReader io.ReadCloser
-		defer r.Body.Close()
-		if src == "-" {
-			layerReader = r.Body
-		} else {
-			if len(strings.Split(src, "://")) == 1 {
-				src = "http://" + src
-			}
-			u, err := url.Parse(src)
-			if err != nil {
-				return errdefs.InvalidParameter(err)
-			}
-
-			resp, err := remotecontext.GetWithStatusError(u.String())
-			if err != nil {
-				return err
-			}
-			output.Write(streamformatter.FormatStatus("", "Downloading from %s", u))
-			progressOutput := streamformatter.NewJSONProgressOutput(output, true)
-			layerReader = progress.NewProgressReader(resp.Body, progressOutput, resp.ContentLength, "", "Importing")
-			defer layerReader.Close()
-		}
-
-		var id image.ID
-		id, progressErr = ir.backend.ImportImage(ctx, tagRef, platform, comment, layerReader, r.Form["changes"])
-
-		if progressErr == nil {
-			output.Write(streamformatter.FormatStatus("", id.String()))
+		// 'err' MUST NOT be defined within this block, we need any error
+		// generated from the download to be available to the output
+		// stream processing below
+		os := ""
+		if platform != nil {
+			os = platform.OS
 		}
+		err = s.backend.ImportImage(src, repo, os, tag, message, r.Body, output, r.Form["changes"])
 	}
-	if progressErr != nil {
+	if err != nil {
 		if !output.Flushed() {
-			return progressErr
+			return err
 		}
-		_, _ = output.Write(streamformatter.FormatError(progressErr))
+		_, _ = output.Write(streamformatter.FormatError(err))
 	}
 
 	return nil
 }
 
-func (ir *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func (s *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	metaHeaders := map[string][]string{}
 	for k, v := range r.Header {
 		if strings.HasPrefix(k, "X-Meta-") {
@@ -132,47 +107,32 @@ func (ir *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
+	authConfig := &types.AuthConfig{}
 
-	var authConfig *registry.AuthConfig
-	if authEncoded := r.Header.Get(registry.AuthHeader); authEncoded != "" {
-		// the new format is to handle the authConfig as a header. Ignore invalid
-		// AuthConfig to increase compatibility with the existing API.
-		authConfig, _ = registry.DecodeAuthConfig(authEncoded)
+	authEncoded := r.Header.Get("X-Registry-Auth")
+	if authEncoded != "" {
+		// the new format is to handle the authConfig as a header
+		authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+		if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
+			// to increase compatibility to existing api it is defaulting to be empty
+			authConfig = &types.AuthConfig{}
+		}
 	} else {
 		// the old format is supported for compatibility if there was no authConfig header
-		var err error
-		authConfig, err = registry.DecodeAuthConfigBody(r.Body)
-		if err != nil {
-			return errors.Wrap(err, "bad parameters and missing X-Registry-Auth")
+		if err := json.NewDecoder(r.Body).Decode(authConfig); err != nil {
+			return errors.Wrap(errdefs.InvalidParameter(err), "Bad parameters and missing X-Registry-Auth")
 		}
 	}
 
+	image := vars["name"]
+	tag := r.Form.Get("tag")
+
 	output := ioutils.NewWriteFlusher(w)
 	defer output.Close()
 
 	w.Header().Set("Content-Type", "application/json")
 
-	img := vars["name"]
-	tag := r.Form.Get("tag")
-
-	var ref reference.Named
-
-	// Tag is empty only in case ImagePushOptions.All is true.
-	if tag != "" {
-		r, err := httputils.RepoTagReference(img, tag)
-		if err != nil {
-			return errdefs.InvalidParameter(err)
-		}
-		ref = r
-	} else {
-		r, err := reference.ParseNormalizedNamed(img)
-		if err != nil {
-			return errdefs.InvalidParameter(err)
-		}
-		ref = r
-	}
-
-	if err := ir.backend.PushImage(ctx, ref, metaHeaders, authConfig, output); err != nil {
+	if err := s.backend.PushImage(ctx, image, tag, metaHeaders, authConfig, output); err != nil {
 		if !output.Flushed() {
 			return err
 		}
@@ -181,7 +141,7 @@ func (ir *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter
 	return nil
 }
 
-func (ir *imageRouter) getImagesGet(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func (s *imageRouter) getImagesGet(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
@@ -197,7 +157,7 @@ func (ir *imageRouter) getImagesGet(ctx context.Context, w http.ResponseWriter,
 		names = r.Form["names"]
 	}
 
-	if err := ir.backend.ExportImage(ctx, names, output); err != nil {
+	if err := s.backend.ExportImage(names, output); err != nil {
 		if !output.Flushed() {
 			return err
 		}
@@ -206,7 +166,7 @@ func (ir *imageRouter) getImagesGet(ctx context.Context, w http.ResponseWriter,
 	return nil
 }
 
-func (ir *imageRouter) postImagesLoad(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func (s *imageRouter) postImagesLoad(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
@@ -216,7 +176,7 @@ func (ir *imageRouter) postImagesLoad(ctx context.Context, w http.ResponseWriter
 
 	output := ioutils.NewWriteFlusher(w)
 	defer output.Close()
-	if err := ir.backend.LoadImage(ctx, r.Body, output, quiet); err != nil {
+	if err := s.backend.LoadImage(r.Body, output, quiet); err != nil {
 		_, _ = output.Write(streamformatter.FormatError(err))
 	}
 	return nil
@@ -230,7 +190,7 @@ func (missingImageError) Error() string {
 
 func (missingImageError) InvalidParameter() {}
 
-func (ir *imageRouter) deleteImages(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func (s *imageRouter) deleteImages(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
@@ -244,7 +204,7 @@ func (ir *imageRouter) deleteImages(ctx context.Context, w http.ResponseWriter,
 	force := httputils.BoolValue(r, "force")
 	prune := !httputils.BoolValue(r, "noprune")
 
-	list, err := ir.backend.ImageDelete(ctx, name, force, prune)
+	list, err := s.backend.ImageDelete(name, force, prune)
 	if err != nil {
 		return err
 	}
@@ -252,13 +212,8 @@ func (ir *imageRouter) deleteImages(ctx context.Context, w http.ResponseWriter,
 	return httputils.WriteJSON(w, http.StatusOK, list)
 }
 
-func (ir *imageRouter) getImagesByName(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	img, err := ir.backend.GetImage(ctx, vars["name"], opts.GetImageOpts{Details: true})
-	if err != nil {
-		return err
-	}
-
-	imageInspect, err := ir.toImageInspect(img)
+func (s *imageRouter) getImagesByName(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	imageInspect, err := s.backend.LookupImage(vars["name"])
 	if err != nil {
 		return err
 	}
@@ -266,71 +221,7 @@ func (ir *imageRouter) getImagesByName(ctx context.Context, w http.ResponseWrite
 	return httputils.WriteJSON(w, http.StatusOK, imageInspect)
 }
 
-func (ir *imageRouter) toImageInspect(img *image.Image) (*types.ImageInspect, error) {
-	var repoTags, repoDigests []string
-	for _, ref := range img.Details.References {
-		switch ref.(type) {
-		case reference.NamedTagged:
-			repoTags = append(repoTags, reference.FamiliarString(ref))
-		case reference.Canonical:
-			repoDigests = append(repoDigests, reference.FamiliarString(ref))
-		}
-	}
-
-	comment := img.Comment
-	if len(comment) == 0 && len(img.History) > 0 {
-		comment = img.History[len(img.History)-1].Comment
-	}
-
-	// Make sure we output empty arrays instead of nil.
-	if repoTags == nil {
-		repoTags = []string{}
-	}
-	if repoDigests == nil {
-		repoDigests = []string{}
-	}
-
-	return &types.ImageInspect{
-		ID:              img.ID().String(),
-		RepoTags:        repoTags,
-		RepoDigests:     repoDigests,
-		Parent:          img.Parent.String(),
-		Comment:         comment,
-		Created:         img.Created.Format(time.RFC3339Nano),
-		Container:       img.Container,
-		ContainerConfig: &img.ContainerConfig,
-		DockerVersion:   img.DockerVersion,
-		Author:          img.Author,
-		Config:          img.Config,
-		Architecture:    img.Architecture,
-		Variant:         img.Variant,
-		Os:              img.OperatingSystem(),
-		OsVersion:       img.OSVersion,
-		Size:            img.Details.Size,
-		VirtualSize:     img.Details.Size, //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.
-		GraphDriver: types.GraphDriverData{
-			Name: img.Details.Driver,
-			Data: img.Details.Metadata,
-		},
-		RootFS: rootFSToAPIType(img.RootFS),
-		Metadata: types.ImageMetadata{
-			LastTagTime: img.Details.LastUpdated,
-		},
-	}, nil
-}
-
-func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
-	var layers []string
-	for _, l := range rootfs.DiffIDs {
-		layers = append(layers, l.String())
-	}
-	return types.RootFS{
-		Type:   rootfs.Type,
-		Layers: layers,
-	}
-}
-
-func (ir *imageRouter) getImagesJSON(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func (s *imageRouter) getImagesJSON(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
@@ -342,50 +233,23 @@ func (ir *imageRouter) getImagesJSON(ctx context.Context, w http.ResponseWriter,
 
 	version := httputils.VersionFromContext(ctx)
 	if versions.LessThan(version, "1.41") {
-		// NOTE: filter is a shell glob string applied to repository names.
 		filterParam := r.Form.Get("filter")
 		if filterParam != "" {
 			imageFilters.Add("reference", filterParam)
 		}
 	}
 
-	var sharedSize bool
-	if versions.GreaterThanOrEqualTo(version, "1.42") {
-		// NOTE: Support for the "shared-size" parameter was added in API 1.42.
-		sharedSize = httputils.BoolValue(r, "shared-size")
-	}
-
-	images, err := ir.backend.Images(ctx, types.ImageListOptions{
-		All:        httputils.BoolValue(r, "all"),
-		Filters:    imageFilters,
-		SharedSize: sharedSize,
-	})
+	images, err := s.backend.Images(imageFilters, httputils.BoolValue(r, "all"), false)
 	if err != nil {
 		return err
 	}
 
-	useNone := versions.LessThan(version, "1.43")
-	for _, img := range images {
-		if useNone {
-			if len(img.RepoTags) == 0 && len(img.RepoDigests) == 0 {
-				img.RepoTags = append(img.RepoTags, "<none>:<none>")
-				img.RepoDigests = append(img.RepoDigests, "<none>@<none>")
-			}
-		} else {
-			if img.RepoTags == nil {
-				img.RepoTags = []string{}
-			}
-			if img.RepoDigests == nil {
-				img.RepoDigests = []string{}
-			}
-		}
-	}
-
 	return httputils.WriteJSON(w, http.StatusOK, images)
 }
 
-func (ir *imageRouter) getImagesHistory(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	history, err := ir.backend.ImageHistory(ctx, vars["name"])
+func (s *imageRouter) getImagesHistory(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	name := vars["name"]
+	history, err := s.backend.ImageHistory(name)
 	if err != nil {
 		return err
 	}
@@ -393,66 +257,56 @@ func (ir *imageRouter) getImagesHistory(ctx context.Context, w http.ResponseWrit
 	return httputils.WriteJSON(w, http.StatusOK, history)
 }
 
-func (ir *imageRouter) postImagesTag(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func (s *imageRouter) postImagesTag(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
-
-	ref, err := httputils.RepoTagReference(r.Form.Get("repo"), r.Form.Get("tag"))
-	if ref == nil || err != nil {
-		return errdefs.InvalidParameter(err)
-	}
-
-	img, err := ir.backend.GetImage(ctx, vars["name"], opts.GetImageOpts{})
-	if err != nil {
-		return errdefs.NotFound(err)
-	}
-
-	if err := ir.backend.TagImage(ctx, img.ID(), ref); err != nil {
+	if _, err := s.backend.TagImage(vars["name"], r.Form.Get("repo"), r.Form.Get("tag")); err != nil {
 		return err
 	}
 	w.WriteHeader(http.StatusCreated)
 	return nil
 }
 
-func (ir *imageRouter) getImagesSearch(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func (s *imageRouter) getImagesSearch(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
+	var (
+		config      *types.AuthConfig
+		authEncoded = r.Header.Get("X-Registry-Auth")
+		headers     = map[string][]string{}
+	)
 
-	var limit int
-	if r.Form.Get("limit") != "" {
-		var err error
-		limit, err = strconv.Atoi(r.Form.Get("limit"))
-		if err != nil || limit < 0 {
-			return errdefs.InvalidParameter(errors.Wrap(err, "invalid limit specified"))
+	if authEncoded != "" {
+		authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+		if err := json.NewDecoder(authJSON).Decode(&config); err != nil {
+			// for a search it is not an error if no auth was given
+			// to increase compatibility with the existing api it is defaulting to be empty
+			config = &types.AuthConfig{}
 		}
 	}
-	searchFilters, err := filters.FromJSON(r.Form.Get("filters"))
-	if err != nil {
-		return err
-	}
-
-	// For a search it is not an error if no auth was given. Ignore invalid
-	// AuthConfig to increase compatibility with the existing API.
-	authConfig, _ := registry.DecodeAuthConfig(r.Header.Get(registry.AuthHeader))
-
-	var headers = http.Header{}
 	for k, v := range r.Header {
-		k = http.CanonicalHeaderKey(k)
 		if strings.HasPrefix(k, "X-Meta-") {
 			headers[k] = v
 		}
 	}
-	headers.Set("User-Agent", dockerversion.DockerUserAgent(ctx))
-	res, err := ir.searcher.Search(ctx, searchFilters, r.Form.Get("term"), limit, authConfig, headers)
+	limit := registry.DefaultSearchLimit
+	if r.Form.Get("limit") != "" {
+		limitValue, err := strconv.Atoi(r.Form.Get("limit"))
+		if err != nil {
+			return err
+		}
+		limit = limitValue
+	}
+	query, err := s.backend.SearchRegistryForImages(ctx, r.Form.Get("filters"), r.Form.Get("term"), limit, config, headers)
 	if err != nil {
 		return err
 	}
-	return httputils.WriteJSON(w, http.StatusOK, res)
+	return httputils.WriteJSON(w, http.StatusOK, query.Results)
 }
 
-func (ir *imageRouter) postImagesPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func (s *imageRouter) postImagesPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
@@ -462,7 +316,7 @@ func (ir *imageRouter) postImagesPrune(ctx context.Context, w http.ResponseWrite
 		return err
 	}
 
-	pruneReport, err := ir.backend.ImagesPrune(ctx, pruneFilters)
+	pruneReport, err := s.backend.ImagesPrune(ctx, pruneFilters)
 	if err != nil {
 		return err
 	}

api/server/router/network/backend.go

@@ -6,7 +6,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/libnetwork"
+	"github.com/docker/libnetwork"
 )
 
 // Backend is all the methods that need to be implemented

api/server/router/network/network_routes.go

@@ -2,6 +2,8 @@ package network // import "github.com/docker/docker/api/server/router/network"
 
 import (
 	"context"
+	"encoding/json"
+	"io"
 	"net/http"
 	"strconv"
 	"strings"
@@ -12,8 +14,8 @@ import (
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/libnetwork"
-	netconst "github.com/docker/docker/libnetwork/datastore"
+	"github.com/docker/libnetwork"
+	netconst "github.com/docker/libnetwork/datastore"
 	"github.com/pkg/errors"
 )
 
@@ -28,7 +30,7 @@ func (n *networkRouter) getNetworksList(ctx context.Context, w http.ResponseWrit
 	}
 
 	if err := network.ValidateFilters(filter); err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
 	var list []types.NetworkResource
@@ -203,15 +205,23 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r
 }
 
 func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var create types.NetworkCreateRequest
+
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
 
-	var create types.NetworkCreateRequest
-	if err := httputils.ReadJSON(r, &create); err != nil {
+	if err := httputils.CheckForJSON(r); err != nil {
 		return err
 	}
 
+	if err := json.NewDecoder(r.Body).Decode(&create); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
+	}
+
 	if nws, err := n.cluster.GetNetworksByName(create.Name); err == nil && len(nws) > 0 {
 		return nameConflict(create.Name)
 	}
@@ -245,15 +255,22 @@ func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWr
 }
 
 func (n *networkRouter) postNetworkConnect(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var connect types.NetworkConnect
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
 
-	var connect types.NetworkConnect
-	if err := httputils.ReadJSON(r, &connect); err != nil {
+	if err := httputils.CheckForJSON(r); err != nil {
 		return err
 	}
 
+	if err := json.NewDecoder(r.Body).Decode(&connect); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
+	}
+
 	// Unlike other operations, we does not check ambiguity of the name/ID here.
 	// The reason is that, In case of attachable network in swarm scope, the actual local network
 	// may not be available at the time. At the same time, inside daemon `ConnectContainerToNetwork`
@@ -262,15 +279,22 @@ func (n *networkRouter) postNetworkConnect(ctx context.Context, w http.ResponseW
 }
 
 func (n *networkRouter) postNetworkDisconnect(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	var disconnect types.NetworkDisconnect
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
 
-	var disconnect types.NetworkDisconnect
-	if err := httputils.ReadJSON(r, &disconnect); err != nil {
+	if err := httputils.CheckForJSON(r); err != nil {
 		return err
 	}
 
+	if err := json.NewDecoder(r.Body).Decode(&disconnect); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
+	}
+
 	return n.backend.DisconnectContainerFromNetwork(disconnect.Container, vars["id"], disconnect.Force)
 }
 

api/server/router/plugin/backend.go

@@ -6,23 +6,22 @@ import (
 	"net/http"
 
 	"github.com/docker/distribution/reference"
-	"github.com/docker/docker/api/types"
+	enginetypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/plugin"
 )
 
 // Backend for Plugin
 type Backend interface {
-	Disable(name string, config *types.PluginDisableConfig) error
-	Enable(name string, config *types.PluginEnableConfig) error
-	List(filters.Args) ([]types.Plugin, error)
-	Inspect(name string) (*types.Plugin, error)
-	Remove(name string, config *types.PluginRmConfig) error
+	Disable(name string, config *enginetypes.PluginDisableConfig) error
+	Enable(name string, config *enginetypes.PluginEnableConfig) error
+	List(filters.Args) ([]enginetypes.Plugin, error)
+	Inspect(name string) (*enginetypes.Plugin, error)
+	Remove(name string, config *enginetypes.PluginRmConfig) error
 	Set(name string, args []string) error
-	Privileges(ctx context.Context, ref reference.Named, metaHeaders http.Header, authConfig *registry.AuthConfig) (types.PluginPrivileges, error)
-	Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *registry.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer, opts ...plugin.CreateOpt) error
-	Push(ctx context.Context, name string, metaHeaders http.Header, authConfig *registry.AuthConfig, outStream io.Writer) error
-	Upgrade(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *registry.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer) error
-	CreateFromContext(ctx context.Context, tarCtx io.ReadCloser, options *types.PluginCreateOptions) error
+	Privileges(ctx context.Context, ref reference.Named, metaHeaders http.Header, authConfig *enginetypes.AuthConfig) (enginetypes.PluginPrivileges, error)
+	Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer, opts ...plugin.CreateOpt) error
+	Push(ctx context.Context, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, outStream io.Writer) error
+	Upgrade(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer) error
+	CreateFromContext(ctx context.Context, tarCtx io.ReadCloser, options *enginetypes.PluginCreateOptions) error
 }

api/server/router/plugin/plugin_routes.go

@@ -2,6 +2,9 @@ package plugin // import "github.com/docker/docker/api/server/router/plugin"
 
 import (
 	"context"
+	"encoding/base64"
+	"encoding/json"
+	"io"
 	"net/http"
 	"strconv"
 	"strings"
@@ -10,13 +13,14 @@ import (
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/pkg/errors"
 )
 
-func parseHeaders(headers http.Header) (map[string][]string, *registry.AuthConfig) {
+func parseHeaders(headers http.Header) (map[string][]string, *types.AuthConfig) {
+
 	metaHeaders := map[string][]string{}
 	for k, v := range headers {
 		if strings.HasPrefix(k, "X-Meta-") {
@@ -24,8 +28,16 @@ func parseHeaders(headers http.Header) (map[string][]string, *registry.AuthConfi
 		}
 	}
 
-	// Ignore invalid AuthConfig to increase compatibility with the existing API.
-	authConfig, _ := registry.DecodeAuthConfig(headers.Get(registry.AuthHeader))
+	// Get X-Registry-Auth
+	authEncoded := headers.Get("X-Registry-Auth")
+	authConfig := &types.AuthConfig{}
+	if authEncoded != "" {
+		authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+		if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
+			authConfig = &types.AuthConfig{}
+		}
+	}
+
 	return metaHeaders, authConfig
 }
 
@@ -84,8 +96,12 @@ func (pr *pluginRouter) upgradePlugin(ctx context.Context, w http.ResponseWriter
 	}
 
 	var privileges types.PluginPrivileges
-	if err := httputils.ReadJSON(r, &privileges); err != nil {
-		return err
+	dec := json.NewDecoder(r.Body)
+	if err := dec.Decode(&privileges); err != nil {
+		return errors.Wrap(err, "failed to parse privileges")
+	}
+	if dec.More() {
+		return errors.New("invalid privileges")
 	}
 
 	metaHeaders, authConfig := parseHeaders(r.Header)
@@ -119,8 +135,12 @@ func (pr *pluginRouter) pullPlugin(ctx context.Context, w http.ResponseWriter, r
 	}
 
 	var privileges types.PluginPrivileges
-	if err := httputils.ReadJSON(r, &privileges); err != nil {
-		return err
+	dec := json.NewDecoder(r.Body)
+	if err := dec.Decode(&privileges); err != nil {
+		return errors.Wrap(err, "failed to parse privileges")
+	}
+	if dec.More() {
+		return errors.New("invalid privileges")
 	}
 
 	metaHeaders, authConfig := parseHeaders(r.Header)
@@ -257,8 +277,11 @@ func (pr *pluginRouter) pushPlugin(ctx context.Context, w http.ResponseWriter, r
 
 func (pr *pluginRouter) setPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var args []string
-	if err := httputils.ReadJSON(r, &args); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&args); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 	if err := pr.backend.Set(vars["name"], args); err != nil {
 		return err

api/server/router/swarm/backend.go

@@ -12,7 +12,7 @@ import (
 type Backend interface {
 	Init(req types.InitRequest) (string, error)
 	Join(req types.JoinRequest) error
-	Leave(ctx context.Context, force bool) error
+	Leave(force bool) error
 	Inspect() (types.Swarm, error)
 	Update(uint64, types.Spec, types.UpdateFlags) error
 	GetUnlockKey() (string, error)

api/server/router/swarm/cluster_routes.go

@@ -2,7 +2,9 @@ package swarm // import "github.com/docker/docker/api/server/router/swarm"
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 	"strconv"
 
@@ -10,7 +12,6 @@ import (
 	basictypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/registry"
 	types "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
@@ -20,8 +21,11 @@ import (
 
 func (sr *swarmRouter) initCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var req types.InitRequest
-	if err := httputils.ReadJSON(r, &req); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 	version := httputils.VersionFromContext(ctx)
 
@@ -36,7 +40,7 @@ func (sr *swarmRouter) initCluster(ctx context.Context, w http.ResponseWriter, r
 	}
 	nodeID, err := sr.backend.Init(req)
 	if err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error initializing swarm")
+		logrus.Errorf("Error initializing swarm: %v", err)
 		return err
 	}
 	return httputils.WriteJSON(w, http.StatusOK, nodeID)
@@ -44,8 +48,11 @@ func (sr *swarmRouter) initCluster(ctx context.Context, w http.ResponseWriter, r
 
 func (sr *swarmRouter) joinCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var req types.JoinRequest
-	if err := httputils.ReadJSON(r, &req); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 	return sr.backend.Join(req)
 }
@@ -56,13 +63,13 @@ func (sr *swarmRouter) leaveCluster(ctx context.Context, w http.ResponseWriter,
 	}
 
 	force := httputils.BoolValue(r, "force")
-	return sr.backend.Leave(ctx, force)
+	return sr.backend.Leave(force)
 }
 
 func (sr *swarmRouter) inspectCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	swarm, err := sr.backend.Inspect()
 	if err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error getting swarm")
+		logrus.Errorf("Error getting swarm: %v", err)
 		return err
 	}
 
@@ -71,8 +78,11 @@ func (sr *swarmRouter) inspectCluster(ctx context.Context, w http.ResponseWriter
 
 func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var swarm types.Spec
-	if err := httputils.ReadJSON(r, &swarm); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&swarm); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	rawVersion := r.URL.Query().Get("version")
@@ -114,7 +124,7 @@ func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter,
 	}
 
 	if err := sr.backend.Update(version, swarm, flags); err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error configuring swarm")
+		logrus.Errorf("Error configuring swarm: %v", err)
 		return err
 	}
 	return nil
@@ -122,12 +132,15 @@ func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter,
 
 func (sr *swarmRouter) unlockCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var req types.UnlockRequest
-	if err := httputils.ReadJSON(r, &req); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	if err := sr.backend.UnlockSwarm(req); err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error unlocking swarm")
+		logrus.Errorf("Error unlocking swarm: %v", err)
 		return err
 	}
 	return nil
@@ -136,7 +149,7 @@ func (sr *swarmRouter) unlockCluster(ctx context.Context, w http.ResponseWriter,
 func (sr *swarmRouter) getUnlockKey(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	unlockKey, err := sr.backend.GetUnlockKey()
 	if err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error retrieving swarm unlock key")
+		logrus.WithError(err).Errorf("Error retrieving swarm unlock key")
 		return err
 	}
 
@@ -151,7 +164,7 @@ func (sr *swarmRouter) getServices(ctx context.Context, w http.ResponseWriter, r
 	}
 	filter, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
-		return err
+		return errdefs.InvalidParameter(err)
 	}
 
 	// the status query parameter is only support in API versions >= 1.41. If
@@ -168,7 +181,7 @@ func (sr *swarmRouter) getServices(ctx context.Context, w http.ResponseWriter, r
 
 	services, err := sr.backend.GetServices(basictypes.ServiceListOptions{Filters: filter, Status: status})
 	if err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error getting services")
+		logrus.Errorf("Error getting services: %v", err)
 		return err
 	}
 
@@ -194,10 +207,7 @@ func (sr *swarmRouter) getService(ctx context.Context, w http.ResponseWriter, r
 
 	service, err := sr.backend.GetService(vars["id"], insertDefaults)
 	if err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":      err,
-			"service-id": vars["id"],
-		}).Debug("Error getting service")
+		logrus.Errorf("Error getting service %s: %v", vars["id"], err)
 		return err
 	}
 
@@ -206,12 +216,15 @@ func (sr *swarmRouter) getService(ctx context.Context, w http.ResponseWriter, r
 
 func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var service types.ServiceSpec
-	if err := httputils.ReadJSON(r, &service); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&service); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	// Get returns "" if the header does not exist
-	encodedAuth := r.Header.Get(registry.AuthHeader)
+	encodedAuth := r.Header.Get("X-Registry-Auth")
 	queryRegistry := false
 	if v := httputils.VersionFromContext(ctx); v != "" {
 		if versions.LessThan(v, "1.30") {
@@ -221,10 +234,7 @@ func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter,
 	}
 	resp, err := sr.backend.CreateService(service, encodedAuth, queryRegistry)
 	if err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":        err,
-			"service-name": service.Name,
-		}).Debug("Error creating service")
+		logrus.Errorf("Error creating service %s: %v", service.Name, err)
 		return err
 	}
 
@@ -233,8 +243,11 @@ func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter,
 
 func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var service types.ServiceSpec
-	if err := httputils.ReadJSON(r, &service); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&service); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	rawVersion := r.URL.Query().Get("version")
@@ -247,7 +260,7 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter,
 	var flags basictypes.ServiceUpdateOptions
 
 	// Get returns "" if the header does not exist
-	flags.EncodedRegistryAuth = r.Header.Get(registry.AuthHeader)
+	flags.EncodedRegistryAuth = r.Header.Get("X-Registry-Auth")
 	flags.RegistryAuthFrom = r.URL.Query().Get("registryAuthFrom")
 	flags.Rollback = r.URL.Query().Get("rollback")
 	queryRegistry := false
@@ -260,10 +273,7 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter,
 
 	resp, err := sr.backend.UpdateService(vars["id"], version, service, flags, queryRegistry)
 	if err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":      err,
-			"service-id": vars["id"],
-		}).Debug("Error updating service")
+		logrus.Errorf("Error updating service %s: %v", vars["id"], err)
 		return err
 	}
 	return httputils.WriteJSON(w, http.StatusOK, resp)
@@ -271,10 +281,7 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter,
 
 func (sr *swarmRouter) removeService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := sr.backend.RemoveService(vars["id"]); err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":      err,
-			"service-id": vars["id"],
-		}).Debug("Error removing service")
+		logrus.Errorf("Error removing service %s: %v", vars["id"], err)
 		return err
 	}
 	return nil
@@ -315,7 +322,7 @@ func (sr *swarmRouter) getNodes(ctx context.Context, w http.ResponseWriter, r *h
 
 	nodes, err := sr.backend.GetNodes(basictypes.NodeListOptions{Filters: filter})
 	if err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error getting nodes")
+		logrus.Errorf("Error getting nodes: %v", err)
 		return err
 	}
 
@@ -325,10 +332,7 @@ func (sr *swarmRouter) getNodes(ctx context.Context, w http.ResponseWriter, r *h
 func (sr *swarmRouter) getNode(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	node, err := sr.backend.GetNode(vars["id"])
 	if err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":   err,
-			"node-id": vars["id"],
-		}).Debug("Error getting node")
+		logrus.Errorf("Error getting node %s: %v", vars["id"], err)
 		return err
 	}
 
@@ -337,8 +341,11 @@ func (sr *swarmRouter) getNode(ctx context.Context, w http.ResponseWriter, r *ht
 
 func (sr *swarmRouter) updateNode(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var node types.NodeSpec
-	if err := httputils.ReadJSON(r, &node); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&node); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	rawVersion := r.URL.Query().Get("version")
@@ -349,10 +356,7 @@ func (sr *swarmRouter) updateNode(ctx context.Context, w http.ResponseWriter, r
 	}
 
 	if err := sr.backend.UpdateNode(vars["id"], version, node); err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":   err,
-			"node-id": vars["id"],
-		}).Debug("Error updating node")
+		logrus.Errorf("Error updating node %s: %v", vars["id"], err)
 		return err
 	}
 	return nil
@@ -366,10 +370,7 @@ func (sr *swarmRouter) removeNode(ctx context.Context, w http.ResponseWriter, r
 	force := httputils.BoolValue(r, "force")
 
 	if err := sr.backend.RemoveNode(vars["id"], force); err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":   err,
-			"node-id": vars["id"],
-		}).Debug("Error removing node")
+		logrus.Errorf("Error removing node %s: %v", vars["id"], err)
 		return err
 	}
 	return nil
@@ -386,7 +387,7 @@ func (sr *swarmRouter) getTasks(ctx context.Context, w http.ResponseWriter, r *h
 
 	tasks, err := sr.backend.GetTasks(basictypes.TaskListOptions{Filters: filter})
 	if err != nil {
-		logrus.WithContext(ctx).WithError(err).Debug("Error getting tasks")
+		logrus.Errorf("Error getting tasks: %v", err)
 		return err
 	}
 
@@ -396,10 +397,7 @@ func (sr *swarmRouter) getTasks(ctx context.Context, w http.ResponseWriter, r *h
 func (sr *swarmRouter) getTask(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	task, err := sr.backend.GetTask(vars["id"])
 	if err != nil {
-		logrus.WithContext(ctx).WithFields(logrus.Fields{
-			"error":   err,
-			"task-id": vars["id"],
-		}).Debug("Error getting task")
+		logrus.Errorf("Error getting task %s: %v", vars["id"], err)
 		return err
 	}
 
@@ -425,8 +423,11 @@ func (sr *swarmRouter) getSecrets(ctx context.Context, w http.ResponseWriter, r
 
 func (sr *swarmRouter) createSecret(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var secret types.SecretSpec
-	if err := httputils.ReadJSON(r, &secret); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&secret); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 	version := httputils.VersionFromContext(ctx)
 	if secret.Templating != nil && versions.LessThan(version, "1.37") {
@@ -463,8 +464,11 @@ func (sr *swarmRouter) getSecret(ctx context.Context, w http.ResponseWriter, r *
 
 func (sr *swarmRouter) updateSecret(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var secret types.SecretSpec
-	if err := httputils.ReadJSON(r, &secret); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&secret); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	rawVersion := r.URL.Query().Get("version")
@@ -496,8 +500,11 @@ func (sr *swarmRouter) getConfigs(ctx context.Context, w http.ResponseWriter, r
 
 func (sr *swarmRouter) createConfig(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var config types.ConfigSpec
-	if err := httputils.ReadJSON(r, &config); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&config); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	version := httputils.VersionFromContext(ctx)
@@ -535,8 +542,11 @@ func (sr *swarmRouter) getConfig(ctx context.Context, w http.ResponseWriter, r *
 
 func (sr *swarmRouter) updateConfig(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	var config types.ConfigSpec
-	if err := httputils.ReadJSON(r, &config); err != nil {
-		return err
+	if err := json.NewDecoder(r.Body).Decode(&config); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
+		return errdefs.InvalidParameter(err)
 	}
 
 	rawVersion := r.URL.Query().Get("version")

api/server/router/swarm/helpers.go

@@ -3,6 +3,7 @@ package swarm // import "github.com/docker/docker/api/server/router/swarm"
 import (
 	"context"
 	"fmt"
+	"io"
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
@@ -14,7 +15,7 @@ import (
 
 // swarmLogs takes an http response, request, and selector, and writes the logs
 // specified by the selector to the response
-func (sr *swarmRouter) swarmLogs(ctx context.Context, w http.ResponseWriter, r *http.Request, selector *backend.LogSelector) error {
+func (sr *swarmRouter) swarmLogs(ctx context.Context, w io.Writer, r *http.Request, selector *backend.LogSelector) error {
 	// Args are validated before the stream starts because when it starts we're
 	// sending HTTP 200 by writing an empty chunk of data to tell the client that
 	// daemon is going to stream. By sending this initial HTTP 200 we can't report
@@ -62,11 +63,6 @@ func (sr *swarmRouter) swarmLogs(ctx context.Context, w http.ResponseWriter, r *
 		return err
 	}
 
-	contentType := basictypes.MediaTypeRawStream
-	if !tty && versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
-		contentType = basictypes.MediaTypeMultiplexedStream
-	}
-	w.Header().Set("Content-Type", contentType)
 	httputils.WriteLogStream(ctx, w, msgs, logsConfig, !tty)
 	return nil
 }

api/server/router/swarm/helpers_test.go

@@ -115,4 +115,5 @@ func TestAdjustForAPIVersion(t *testing.T) {
 	if len(spec.TaskTemplate.ContainerSpec.Ulimits) != 0 {
 		t.Error("Ulimits were not stripped from spec")
 	}
+
 }

api/server/router/system/backend.go

@@ -7,31 +7,18 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
 )
 
-// DiskUsageOptions holds parameters for system disk usage query.
-type DiskUsageOptions struct {
-	// Containers controls whether container disk usage should be computed.
-	Containers bool
-
-	// Images controls whether image disk usage should be computed.
-	Images bool
-
-	// Volumes controls whether volume disk usage should be computed.
-	Volumes bool
-}
-
 // Backend is the methods that need to be implemented to provide
 // system specific functionality.
 type Backend interface {
 	SystemInfo() *types.Info
 	SystemVersion() types.Version
-	SystemDiskUsage(ctx context.Context, opts DiskUsageOptions) (*types.DiskUsage, error)
+	SystemDiskUsage(ctx context.Context) (*types.DiskUsage, error)
 	SubscribeToEvents(since, until time.Time, ef filters.Args) ([]events.Message, chan interface{})
 	UnsubscribeFromEvents(chan interface{})
-	AuthenticateToRegistry(ctx context.Context, authConfig *registry.AuthConfig) (string, string, error)
+	AuthenticateToRegistry(ctx context.Context, authConfig *types.AuthConfig) (string, string, error)
 }
 
 // ClusterBackend is all the methods that need to be implemented
@@ -39,8 +26,3 @@ type Backend interface {
 type ClusterBackend interface {
 	Info() swarm.Info
 }
-
-// StatusProvider provides methods to get the swarm status of the current node.
-type StatusProvider interface {
-	Status() string
-}

api/server/router/system/system.go

@@ -1,6 +1,3 @@
-// FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16:
-//go:build go1.19
-
 package system // import "github.com/docker/docker/api/server/router/system"
 
 import (

api/server/router/system/system_routes.go

@@ -13,11 +13,10 @@ import (
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/api/types/swarm"
 	timetypes "github.com/docker/docker/api/types/time"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/pkg/errors"
+	pkgerrors "github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sync/errgroup"
 )
@@ -35,9 +34,6 @@ func (s *systemRouter) pingHandler(ctx context.Context, w http.ResponseWriter, r
 	if bv := builderVersion; bv != "" {
 		w.Header().Set("Builder-Version", string(bv))
 	}
-
-	w.Header().Set("Swarm", s.swarmStatus())
-
 	if r.Method == http.MethodHead {
 		w.Header().Set("Content-Type", "text/plain; charset=utf-8")
 		w.Header().Set("Content-Length", "0")
@@ -47,15 +43,6 @@ func (s *systemRouter) pingHandler(ctx context.Context, w http.ResponseWriter, r
 	return err
 }
 
-func (s *systemRouter) swarmStatus() string {
-	if s.cluster != nil {
-		if p, ok := s.cluster.(StatusProvider); ok {
-			return p.Status()
-		}
-	}
-	return string(swarm.LocalNodeStateInactive)
-}
-
 func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	info := s.backend.SystemInfo()
 
@@ -64,8 +51,7 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht
 		info.Warnings = append(info.Warnings, info.Swarm.Warnings...)
 	}
 
-	version := httputils.VersionFromContext(ctx)
-	if versions.LessThan(version, "1.25") {
+	if versions.LessThan(httputils.VersionFromContext(ctx), "1.25") {
 		// TODO: handle this conversion in engine-api
 		type oldInfo struct {
 			*types.Info
@@ -86,7 +72,7 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht
 		old.SecurityOptions = nameOnlySecurityOptions
 		return httputils.WriteJSON(w, http.StatusOK, old)
 	}
-	if versions.LessThan(version, "1.39") {
+	if versions.LessThan(httputils.VersionFromContext(ctx), "1.39") {
 		if info.KernelVersion == "" {
 			info.KernelVersion = "<unknown>"
 		}
@@ -94,9 +80,6 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht
 			info.OperatingSystem = "<unknown>"
 		}
 	}
-	if versions.GreaterThanOrEqualTo(version, "1.42") {
-		info.KernelMemory = false
-	}
 	return httputils.WriteJSON(w, http.StatusOK, info)
 }
 
@@ -107,95 +90,37 @@ func (s *systemRouter) getVersion(ctx context.Context, w http.ResponseWriter, r
 }
 
 func (s *systemRouter) getDiskUsage(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	if err := httputils.ParseForm(r); err != nil {
-		return err
-	}
-
-	version := httputils.VersionFromContext(ctx)
-
-	var getContainers, getImages, getVolumes, getBuildCache bool
-	typeStrs, ok := r.Form["type"]
-	if versions.LessThan(version, "1.42") || !ok {
-		getContainers, getImages, getVolumes, getBuildCache = true, true, true, s.builder != nil
-	} else {
-		for _, typ := range typeStrs {
-			switch types.DiskUsageObject(typ) {
-			case types.ContainerObject:
-				getContainers = true
-			case types.ImageObject:
-				getImages = true
-			case types.VolumeObject:
-				getVolumes = true
-			case types.BuildCacheObject:
-				getBuildCache = true
-			default:
-				return invalidRequestError{Err: fmt.Errorf("unknown object type: %s", typ)}
-			}
-		}
-	}
-
 	eg, ctx := errgroup.WithContext(ctx)
 
-	var systemDiskUsage *types.DiskUsage
-	if getContainers || getImages || getVolumes {
-		eg.Go(func() error {
-			var err error
-			systemDiskUsage, err = s.backend.SystemDiskUsage(ctx, DiskUsageOptions{
-				Containers: getContainers,
-				Images:     getImages,
-				Volumes:    getVolumes,
-			})
-			return err
-		})
-	}
+	var du *types.DiskUsage
+	eg.Go(func() error {
+		var err error
+		du, err = s.backend.SystemDiskUsage(ctx)
+		return err
+	})
 
 	var buildCache []*types.BuildCache
-	if getBuildCache {
-		eg.Go(func() error {
-			var err error
-			buildCache, err = s.builder.DiskUsage(ctx)
-			if err != nil {
-				return errors.Wrap(err, "error getting build cache usage")
-			}
-			if buildCache == nil {
-				// Ensure empty `BuildCache` field is represented as empty JSON array(`[]`)
-				// instead of `null` to be consistent with `Images`, `Containers` etc.
-				buildCache = []*types.BuildCache{}
-			}
-			return nil
-		})
-	}
+	eg.Go(func() error {
+		var err error
+		buildCache, err = s.builder.DiskUsage(ctx)
+		if err != nil {
+			return pkgerrors.Wrap(err, "error getting build cache usage")
+		}
+		return nil
+	})
 
 	if err := eg.Wait(); err != nil {
 		return err
 	}
 
 	var builderSize int64
-	if versions.LessThan(version, "1.42") {
-		for _, b := range buildCache {
-			builderSize += b.Size
-			// Parents field was added in API 1.42 to replace the Parent field.
-			b.Parents = nil
-		}
-	}
-	if versions.GreaterThanOrEqualTo(version, "1.42") {
-		for _, b := range buildCache {
-			// Parent field is deprecated in API v1.42 and up, as it is deprecated
-			// in BuildKit. Empty the field to omit it in the API response.
-			b.Parent = "" //nolint:staticcheck // ignore SA1019 (Parent field is deprecated)
-		}
+	for _, b := range buildCache {
+		builderSize += b.Size
 	}
 
-	du := types.DiskUsage{
-		BuildCache:  buildCache,
-		BuilderSize: builderSize,
-	}
-	if systemDiskUsage != nil {
-		du.LayersSize = systemDiskUsage.LayersSize
-		du.Images = systemDiskUsage.Images
-		du.Containers = systemDiskUsage.Containers
-		du.Volumes = systemDiskUsage.Volumes
-	}
+	du.BuilderSize = builderSize
+	du.BuildCache = buildCache
+
 	return httputils.WriteJSON(w, http.StatusOK, du)
 }
 
@@ -290,7 +215,7 @@ func (s *systemRouter) getEvents(ctx context.Context, w http.ResponseWriter, r *
 }
 
 func (s *systemRouter) postAuth(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	var config *registry.AuthConfig
+	var config *types.AuthConfig
 	err := json.NewDecoder(r.Body).Decode(&config)
 	r.Body.Close()
 	if err != nil {

api/server/router/volume/backend.go

@@ -7,28 +7,14 @@ import (
 	// TODO return types need to be refactored into pkg
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/volume"
 )
 
 // Backend is the methods that need to be implemented to provide
 // volume specific functionality
 type Backend interface {
-	List(ctx context.Context, filter filters.Args) ([]*volume.Volume, []string, error)
-	Get(ctx context.Context, name string, opts ...opts.GetOption) (*volume.Volume, error)
-	Create(ctx context.Context, name, driverName string, opts ...opts.CreateOption) (*volume.Volume, error)
+	List(ctx context.Context, filter filters.Args) ([]*types.Volume, []string, error)
+	Get(ctx context.Context, name string, opts ...opts.GetOption) (*types.Volume, error)
+	Create(ctx context.Context, name, driverName string, opts ...opts.CreateOption) (*types.Volume, error)
 	Remove(ctx context.Context, name string, opts ...opts.RemoveOption) error
 	Prune(ctx context.Context, pruneFilters filters.Args) (*types.VolumesPruneReport, error)
 }
-
-// ClusterBackend is the backend used for Swarm Cluster Volumes. Regular
-// volumes go through the volume service, but to avoid across-dependency
-// between the cluster package and the volume package, we simply provide two
-// backends here.
-type ClusterBackend interface {
-	GetVolume(nameOrID string) (volume.Volume, error)
-	GetVolumes(options volume.ListOptions) ([]*volume.Volume, error)
-	CreateVolume(volume volume.CreateOptions) (*volume.Volume, error)
-	RemoveVolume(nameOrID string, force bool) error
-	UpdateVolume(nameOrID string, version uint64, volume volume.UpdateOptions) error
-	IsManager() bool
-}

api/server/router/volume/volume.go

@@ -5,15 +5,13 @@ import "github.com/docker/docker/api/server/router"
 // volumeRouter is a router to talk with the volumes controller
 type volumeRouter struct {
 	backend Backend
-	cluster ClusterBackend
 	routes  []router.Route
 }
 
 // NewRouter initializes a new volume router
-func NewRouter(b Backend, cb ClusterBackend) router.Router {
+func NewRouter(b Backend) router.Router {
 	r := &volumeRouter{
 		backend: b,
-		cluster: cb,
 	}
 	r.initRoutes()
 	return r
@@ -32,8 +30,6 @@ func (r *volumeRouter) initRoutes() {
 		// POST
 		router.NewPostRoute("/volumes/create", r.postVolumesCreate),
 		router.NewPostRoute("/volumes/prune", r.postVolumesPrune),
-		// PUT
-		router.NewPutRoute("/volumes/{name:.*}", r.putVolumesUpdate),
 		// DELETE
 		router.NewDeleteRoute("/volumes/{name:.*}", r.deleteVolumes),
 	}

api/server/router/volume/volume_routes.go

@@ -2,24 +2,16 @@ package volume // import "github.com/docker/docker/api/server/router/volume"
 
 import (
 	"context"
-	"fmt"
+	"encoding/json"
+	"io"
 	"net/http"
-	"strconv"
 
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/api/types/volume"
+	volumetypes "github.com/docker/docker/api/types/volume"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/volume/service/opts"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-)
-
-const (
-	// clusterVolumesVersion defines the API version that swarm cluster volume
-	// functionality was introduced. avoids the use of magic numbers.
-	clusterVolumesVersion = "1.42"
 )
 
 func (v *volumeRouter) getVolumesList(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -29,62 +21,25 @@ func (v *volumeRouter) getVolumesList(ctx context.Context, w http.ResponseWriter
 
 	filters, err := filters.FromJSON(r.Form.Get("filters"))
 	if err != nil {
-		return errors.Wrap(err, "error reading volume filters")
+		return errdefs.InvalidParameter(errors.Wrap(err, "error reading volume filters"))
 	}
 	volumes, warnings, err := v.backend.List(ctx, filters)
 	if err != nil {
 		return err
 	}
-
-	version := httputils.VersionFromContext(ctx)
-	if versions.GreaterThanOrEqualTo(version, clusterVolumesVersion) && v.cluster.IsManager() {
-		clusterVolumes, swarmErr := v.cluster.GetVolumes(volume.ListOptions{Filters: filters})
-		if swarmErr != nil {
-			// if there is a swarm error, we may not want to error out right
-			// away. the local list probably worked. instead, let's do what we
-			// do if there's a bad driver while trying to list: add the error
-			// to the warnings. don't do this if swarm is not initialized.
-			warnings = append(warnings, swarmErr.Error())
-		}
-		// add the cluster volumes to the return
-		volumes = append(volumes, clusterVolumes...)
-	}
-
-	return httputils.WriteJSON(w, http.StatusOK, &volume.ListResponse{Volumes: volumes, Warnings: warnings})
+	return httputils.WriteJSON(w, http.StatusOK, &volumetypes.VolumeListOKBody{Volumes: volumes, Warnings: warnings})
 }
 
 func (v *volumeRouter) getVolumeByName(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}
-	version := httputils.VersionFromContext(ctx)
 
-	// re: volume name duplication
-	//
-	// we prefer to get volumes locally before attempting to get them from the
-	// cluster. Local volumes can only be looked up by name, but cluster
-	// volumes can also be looked up by ID.
-	vol, err := v.backend.Get(ctx, vars["name"], opts.WithGetResolveStatus)
-
-	// if the volume is not found in the regular volume backend, and the client
-	// is using an API version greater than 1.42 (when cluster volumes were
-	// introduced), then check if Swarm has the volume.
-	if errdefs.IsNotFound(err) && versions.GreaterThanOrEqualTo(version, clusterVolumesVersion) && v.cluster.IsManager() {
-		swarmVol, err := v.cluster.GetVolume(vars["name"])
-		// if swarm returns an error and that error indicates that swarm is not
-		// initialized, return original NotFound error. Otherwise, we'd return
-		// a weird swarm unavailable error on non-swarm engines.
-		if err != nil {
-			return err
-		}
-		vol = &swarmVol
-	} else if err != nil {
-		// otherwise, if this isn't NotFound, or this isn't a high enough version,
-		// just return the error by itself.
+	volume, err := v.backend.Get(ctx, vars["name"], opts.WithGetResolveStatus)
+	if err != nil {
 		return err
 	}
-
-	return httputils.WriteJSON(w, http.StatusOK, vol)
+	return httputils.WriteJSON(w, http.StatusOK, volume)
 }
 
 func (v *volumeRouter) postVolumesCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -92,65 +47,23 @@ func (v *volumeRouter) postVolumesCreate(ctx context.Context, w http.ResponseWri
 		return err
 	}
 
-	var req volume.CreateOptions
-	if err := httputils.ReadJSON(r, &req); err != nil {
+	if err := httputils.CheckForJSON(r); err != nil {
 		return err
 	}
 
-	var (
-		vol     *volume.Volume
-		err     error
-		version = httputils.VersionFromContext(ctx)
-	)
-
-	// if the ClusterVolumeSpec is filled in, then this is a cluster volume
-	// and is created through the swarm cluster volume backend.
-	//
-	// re: volume name duplication
-	//
-	// As it happens, there is no good way to prevent duplication of a volume
-	// name between local and cluster volumes. This is because Swarm volumes
-	// can be created from any manager node, bypassing most of the protections
-	// we could put into the engine side.
-	//
-	// Instead, we will allow creating a volume with a duplicate name, which
-	// should not break anything.
-	if req.ClusterVolumeSpec != nil && versions.GreaterThanOrEqualTo(version, clusterVolumesVersion) {
-		logrus.Debug("using cluster volume")
-		vol, err = v.cluster.CreateVolume(req)
-	} else {
-		logrus.Debug("using regular volume")
-		vol, err = v.backend.Create(ctx, req.Name, req.Driver, opts.WithCreateOptions(req.DriverOpts), opts.WithCreateLabels(req.Labels))
-	}
-
-	if err != nil {
-		return err
-	}
-	return httputils.WriteJSON(w, http.StatusCreated, vol)
-}
-
-func (v *volumeRouter) putVolumesUpdate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	if !v.cluster.IsManager() {
-		return errdefs.Unavailable(errors.New("volume update only valid for cluster volumes, but swarm is unavailable"))
-	}
-
-	if err := httputils.ParseForm(r); err != nil {
-		return err
-	}
-
-	rawVersion := r.URL.Query().Get("version")
-	version, err := strconv.ParseUint(rawVersion, 10, 64)
-	if err != nil {
-		err = fmt.Errorf("invalid swarm object version '%s': %v", rawVersion, err)
+	var req volumetypes.VolumeCreateBody
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		if err == io.EOF {
+			return errdefs.InvalidParameter(errors.New("got EOF while reading request body"))
+		}
 		return errdefs.InvalidParameter(err)
 	}
 
-	var req volume.UpdateOptions
-	if err := httputils.ReadJSON(r, &req); err != nil {
+	volume, err := v.backend.Create(ctx, req.Name, req.Driver, opts.WithCreateOptions(req.DriverOpts), opts.WithCreateLabels(req.Labels))
+	if err != nil {
 		return err
 	}
-
-	return v.cluster.UpdateVolume(vars["name"], version, req)
+	return httputils.WriteJSON(w, http.StatusCreated, volume)
 }
 
 func (v *volumeRouter) deleteVolumes(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -158,28 +71,7 @@ func (v *volumeRouter) deleteVolumes(ctx context.Context, w http.ResponseWriter,
 		return err
 	}
 	force := httputils.BoolValue(r, "force")
-
-	// First we try deleting local volume. The volume may not be found as a
-	// local volume, but could be a cluster volume, so we ignore "not found"
-	// errors at this stage. Note that no "not found" error is produced if
-	// "force" is enabled.
-	err := v.backend.Remove(ctx, vars["name"], opts.WithPurgeOnError(force))
-	if err != nil && !errdefs.IsNotFound(err) {
-		return err
-	}
-
-	// If no volume was found, the volume may be a cluster volume. If force
-	// is enabled, the volume backend won't return an error for non-existing
-	// volumes, so we don't know if removal succeeded (or not volume existed).
-	// In that case we always try to delete cluster volumes as well.
-	if errdefs.IsNotFound(err) || force {
-		version := httputils.VersionFromContext(ctx)
-		if versions.GreaterThanOrEqualTo(version, clusterVolumesVersion) && v.cluster.IsManager() {
-			err = v.cluster.RemoveVolume(vars["name"], force)
-		}
-	}
-
-	if err != nil {
+	if err := v.backend.Remove(ctx, vars["name"], opts.WithPurgeOnError(force)); err != nil {
 		return err
 	}
 	w.WriteHeader(http.StatusNoContent)
@@ -196,12 +88,6 @@ func (v *volumeRouter) postVolumesPrune(ctx context.Context, w http.ResponseWrit
 		return err
 	}
 
-	// API version 1.42 changes behavior where prune should only prune anonymous volumes.
-	// To keep older API behavior working, we need to add this filter option to consider all (local) volumes for pruning, not just anonymous ones.
-	if versions.LessThan(httputils.VersionFromContext(ctx), "1.42") {
-		pruneFilters.Add("all", "true")
-	}
-
 	pruneReport, err := v.backend.Prune(ctx, pruneFilters)
 	if err != nil {
 		return err

api/server/router/volume/volume_routes_test.go

@@ -1,760 +0,0 @@
-package volume
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http/httptest"
-	"testing"
-
-	"gotest.tools/v3/assert"
-
-	"github.com/docker/docker/api/server/httputils"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/volume"
-	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/volume/service/opts"
-)
-
-func callGetVolume(v *volumeRouter, name string) (*httptest.ResponseRecorder, error) {
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	vars := map[string]string{"name": name}
-	req := httptest.NewRequest("GET", fmt.Sprintf("/volumes/%s", name), nil)
-	resp := httptest.NewRecorder()
-
-	err := v.getVolumeByName(ctx, resp, req, vars)
-	return resp, err
-}
-
-func callListVolumes(v *volumeRouter) (*httptest.ResponseRecorder, error) {
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	vars := map[string]string{}
-	req := httptest.NewRequest("GET", "/volumes", nil)
-	resp := httptest.NewRecorder()
-
-	err := v.getVolumesList(ctx, resp, req, vars)
-	return resp, err
-}
-
-func TestGetVolumeByNameNotFoundNoSwarm(t *testing.T) {
-	v := &volumeRouter{
-		backend: &fakeVolumeBackend{},
-		cluster: &fakeClusterBackend{},
-	}
-
-	_, err := callGetVolume(v, "notReal")
-
-	assert.Assert(t, err != nil)
-	assert.Assert(t, errdefs.IsNotFound(err))
-}
-
-func TestGetVolumeByNameNotFoundNotManager(t *testing.T) {
-	v := &volumeRouter{
-		backend: &fakeVolumeBackend{},
-		cluster: &fakeClusterBackend{swarm: true},
-	}
-
-	_, err := callGetVolume(v, "notReal")
-
-	assert.Assert(t, err != nil)
-	assert.Assert(t, errdefs.IsNotFound(err))
-}
-
-func TestGetVolumeByNameNotFound(t *testing.T) {
-	v := &volumeRouter{
-		backend: &fakeVolumeBackend{},
-		cluster: &fakeClusterBackend{swarm: true, manager: true},
-	}
-
-	_, err := callGetVolume(v, "notReal")
-
-	assert.Assert(t, err != nil)
-	assert.Assert(t, errdefs.IsNotFound(err))
-}
-
-func TestGetVolumeByNameFoundRegular(t *testing.T) {
-	v := &volumeRouter{
-		backend: &fakeVolumeBackend{
-			volumes: map[string]*volume.Volume{
-
-				"volume1": {
-					Name: "volume1",
-				},
-			},
-		},
-		cluster: &fakeClusterBackend{swarm: true, manager: true},
-	}
-
-	_, err := callGetVolume(v, "volume1")
-	assert.NilError(t, err)
-}
-
-func TestGetVolumeByNameFoundSwarm(t *testing.T) {
-	v := &volumeRouter{
-		backend: &fakeVolumeBackend{},
-		cluster: &fakeClusterBackend{
-			swarm:   true,
-			manager: true,
-			volumes: map[string]*volume.Volume{
-				"volume1": {
-					Name: "volume1",
-				},
-			},
-		},
-	}
-
-	_, err := callGetVolume(v, "volume1")
-	assert.NilError(t, err)
-}
-func TestListVolumes(t *testing.T) {
-	v := &volumeRouter{
-		backend: &fakeVolumeBackend{
-			volumes: map[string]*volume.Volume{
-				"v1": {Name: "v1"},
-				"v2": {Name: "v2"},
-			},
-		},
-		cluster: &fakeClusterBackend{
-			swarm:   true,
-			manager: true,
-			volumes: map[string]*volume.Volume{
-				"v3": {Name: "v3"},
-				"v4": {Name: "v4"},
-			},
-		},
-	}
-
-	resp, err := callListVolumes(v)
-	assert.NilError(t, err)
-	d := json.NewDecoder(resp.Result().Body)
-	respVols := volume.ListResponse{}
-	assert.NilError(t, d.Decode(&respVols))
-
-	assert.Assert(t, respVols.Volumes != nil)
-	assert.Equal(t, len(respVols.Volumes), 4, "volumes %v", respVols.Volumes)
-}
-
-func TestListVolumesNoSwarm(t *testing.T) {
-	v := &volumeRouter{
-		backend: &fakeVolumeBackend{
-			volumes: map[string]*volume.Volume{
-				"v1": {Name: "v1"},
-				"v2": {Name: "v2"},
-			},
-		},
-		cluster: &fakeClusterBackend{},
-	}
-
-	_, err := callListVolumes(v)
-	assert.NilError(t, err)
-}
-
-func TestListVolumesNoManager(t *testing.T) {
-	v := &volumeRouter{
-		backend: &fakeVolumeBackend{
-			volumes: map[string]*volume.Volume{
-				"v1": {Name: "v1"},
-				"v2": {Name: "v2"},
-			},
-		},
-		cluster: &fakeClusterBackend{swarm: true},
-	}
-
-	resp, err := callListVolumes(v)
-	assert.NilError(t, err)
-
-	d := json.NewDecoder(resp.Result().Body)
-	respVols := volume.ListResponse{}
-	assert.NilError(t, d.Decode(&respVols))
-
-	assert.Equal(t, len(respVols.Volumes), 2)
-	assert.Equal(t, len(respVols.Warnings), 0)
-}
-
-func TestCreateRegularVolume(t *testing.T) {
-	b := &fakeVolumeBackend{}
-	c := &fakeClusterBackend{
-		swarm:   true,
-		manager: true,
-	}
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	volumeCreate := volume.CreateOptions{
-		Name:   "vol1",
-		Driver: "foodriver",
-	}
-
-	buf := bytes.Buffer{}
-	e := json.NewEncoder(&buf)
-	e.Encode(volumeCreate)
-
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("POST", "/volumes/create", &buf)
-	req.Header.Add("Content-Type", "application/json")
-
-	resp := httptest.NewRecorder()
-	err := v.postVolumesCreate(ctx, resp, req, nil)
-
-	assert.NilError(t, err)
-
-	respVolume := volume.Volume{}
-
-	assert.NilError(t, json.NewDecoder(resp.Result().Body).Decode(&respVolume))
-
-	assert.Equal(t, respVolume.Name, "vol1")
-	assert.Equal(t, respVolume.Driver, "foodriver")
-
-	assert.Equal(t, 1, len(b.volumes))
-	assert.Equal(t, 0, len(c.volumes))
-}
-
-func TestCreateSwarmVolumeNoSwarm(t *testing.T) {
-	b := &fakeVolumeBackend{}
-	c := &fakeClusterBackend{}
-
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	volumeCreate := volume.CreateOptions{
-		ClusterVolumeSpec: &volume.ClusterVolumeSpec{},
-		Name:              "volCluster",
-		Driver:            "someCSI",
-	}
-
-	buf := bytes.Buffer{}
-	json.NewEncoder(&buf).Encode(volumeCreate)
-
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("POST", "/volumes/create", &buf)
-	req.Header.Add("Content-Type", "application/json")
-
-	resp := httptest.NewRecorder()
-	err := v.postVolumesCreate(ctx, resp, req, nil)
-
-	assert.Assert(t, err != nil)
-	assert.Assert(t, errdefs.IsUnavailable(err))
-}
-
-func TestCreateSwarmVolumeNotManager(t *testing.T) {
-	b := &fakeVolumeBackend{}
-	c := &fakeClusterBackend{swarm: true}
-
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	volumeCreate := volume.CreateOptions{
-		ClusterVolumeSpec: &volume.ClusterVolumeSpec{},
-		Name:              "volCluster",
-		Driver:            "someCSI",
-	}
-
-	buf := bytes.Buffer{}
-	json.NewEncoder(&buf).Encode(volumeCreate)
-
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("POST", "/volumes/create", &buf)
-	req.Header.Add("Content-Type", "application/json")
-
-	resp := httptest.NewRecorder()
-	err := v.postVolumesCreate(ctx, resp, req, nil)
-
-	assert.Assert(t, err != nil)
-	assert.Assert(t, errdefs.IsUnavailable(err))
-}
-
-func TestCreateVolumeCluster(t *testing.T) {
-	b := &fakeVolumeBackend{}
-	c := &fakeClusterBackend{
-		swarm:   true,
-		manager: true,
-	}
-
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	volumeCreate := volume.CreateOptions{
-		ClusterVolumeSpec: &volume.ClusterVolumeSpec{},
-		Name:              "volCluster",
-		Driver:            "someCSI",
-	}
-
-	buf := bytes.Buffer{}
-	json.NewEncoder(&buf).Encode(volumeCreate)
-
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("POST", "/volumes/create", &buf)
-	req.Header.Add("Content-Type", "application/json")
-
-	resp := httptest.NewRecorder()
-	err := v.postVolumesCreate(ctx, resp, req, nil)
-
-	assert.NilError(t, err)
-
-	respVolume := volume.Volume{}
-
-	assert.NilError(t, json.NewDecoder(resp.Result().Body).Decode(&respVolume))
-
-	assert.Equal(t, respVolume.Name, "volCluster")
-	assert.Equal(t, respVolume.Driver, "someCSI")
-
-	assert.Equal(t, 0, len(b.volumes))
-	assert.Equal(t, 1, len(c.volumes))
-}
-
-func TestUpdateVolume(t *testing.T) {
-	b := &fakeVolumeBackend{}
-	c := &fakeClusterBackend{
-		swarm:   true,
-		manager: true,
-		volumes: map[string]*volume.Volume{
-			"vol1": {
-				Name: "vo1",
-				ClusterVolume: &volume.ClusterVolume{
-					ID: "vol1",
-				},
-			},
-		},
-	}
-
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	volumeUpdate := volume.UpdateOptions{
-		Spec: &volume.ClusterVolumeSpec{},
-	}
-
-	buf := bytes.Buffer{}
-	json.NewEncoder(&buf).Encode(volumeUpdate)
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("POST", "/volumes/vol1/update?version=0", &buf)
-	req.Header.Add("Content-Type", "application/json")
-
-	resp := httptest.NewRecorder()
-
-	err := v.putVolumesUpdate(ctx, resp, req, map[string]string{"name": "vol1"})
-	assert.NilError(t, err)
-
-	assert.Equal(t, c.volumes["vol1"].ClusterVolume.Meta.Version.Index, uint64(1))
-}
-
-func TestUpdateVolumeNoSwarm(t *testing.T) {
-	b := &fakeVolumeBackend{}
-	c := &fakeClusterBackend{}
-
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	volumeUpdate := volume.UpdateOptions{
-		Spec: &volume.ClusterVolumeSpec{},
-	}
-
-	buf := bytes.Buffer{}
-	json.NewEncoder(&buf).Encode(volumeUpdate)
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("POST", "/volumes/vol1/update?version=0", &buf)
-	req.Header.Add("Content-Type", "application/json")
-
-	resp := httptest.NewRecorder()
-
-	err := v.putVolumesUpdate(ctx, resp, req, map[string]string{"name": "vol1"})
-	assert.Assert(t, err != nil)
-	assert.Assert(t, errdefs.IsUnavailable(err))
-}
-
-func TestUpdateVolumeNotFound(t *testing.T) {
-	b := &fakeVolumeBackend{}
-	c := &fakeClusterBackend{
-		swarm:   true,
-		manager: true,
-		volumes: map[string]*volume.Volume{},
-	}
-
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	volumeUpdate := volume.UpdateOptions{
-		Spec: &volume.ClusterVolumeSpec{},
-	}
-
-	buf := bytes.Buffer{}
-	json.NewEncoder(&buf).Encode(volumeUpdate)
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("POST", "/volumes/vol1/update?version=0", &buf)
-	req.Header.Add("Content-Type", "application/json")
-
-	resp := httptest.NewRecorder()
-
-	err := v.putVolumesUpdate(ctx, resp, req, map[string]string{"name": "vol1"})
-	assert.Assert(t, err != nil)
-	assert.Assert(t, errdefs.IsNotFound(err))
-}
-
-func TestVolumeRemove(t *testing.T) {
-	b := &fakeVolumeBackend{
-		volumes: map[string]*volume.Volume{
-			"vol1": {
-				Name: "vol1",
-			},
-		},
-	}
-	c := &fakeClusterBackend{swarm: true, manager: true}
-
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("DELETE", "/volumes/vol1", nil)
-	resp := httptest.NewRecorder()
-
-	err := v.deleteVolumes(ctx, resp, req, map[string]string{"name": "vol1"})
-	assert.NilError(t, err)
-	assert.Equal(t, len(b.volumes), 0)
-}
-
-func TestVolumeRemoveSwarm(t *testing.T) {
-	b := &fakeVolumeBackend{}
-	c := &fakeClusterBackend{
-		swarm:   true,
-		manager: true,
-		volumes: map[string]*volume.Volume{
-			"vol1": {
-				Name:          "vol1",
-				ClusterVolume: &volume.ClusterVolume{},
-			},
-		},
-	}
-
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("DELETE", "/volumes/vol1", nil)
-	resp := httptest.NewRecorder()
-
-	err := v.deleteVolumes(ctx, resp, req, map[string]string{"name": "vol1"})
-	assert.NilError(t, err)
-	assert.Equal(t, len(c.volumes), 0)
-}
-
-func TestVolumeRemoveNotFoundNoSwarm(t *testing.T) {
-	b := &fakeVolumeBackend{}
-	c := &fakeClusterBackend{}
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("DELETE", "/volumes/vol1", nil)
-	resp := httptest.NewRecorder()
-
-	err := v.deleteVolumes(ctx, resp, req, map[string]string{"name": "vol1"})
-	assert.Assert(t, err != nil)
-	assert.Assert(t, errdefs.IsNotFound(err), err.Error())
-}
-
-func TestVolumeRemoveNotFoundNoManager(t *testing.T) {
-	b := &fakeVolumeBackend{}
-	c := &fakeClusterBackend{swarm: true}
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("DELETE", "/volumes/vol1", nil)
-	resp := httptest.NewRecorder()
-
-	err := v.deleteVolumes(ctx, resp, req, map[string]string{"name": "vol1"})
-	assert.Assert(t, err != nil)
-	assert.Assert(t, errdefs.IsNotFound(err))
-}
-
-func TestVolumeRemoveFoundNoSwarm(t *testing.T) {
-	b := &fakeVolumeBackend{
-		volumes: map[string]*volume.Volume{
-			"vol1": {
-				Name: "vol1",
-			},
-		},
-	}
-	c := &fakeClusterBackend{}
-
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("DELETE", "/volumes/vol1", nil)
-	resp := httptest.NewRecorder()
-
-	err := v.deleteVolumes(ctx, resp, req, map[string]string{"name": "vol1"})
-	assert.NilError(t, err)
-	assert.Equal(t, len(b.volumes), 0)
-}
-
-func TestVolumeRemoveNoSwarmInUse(t *testing.T) {
-	b := &fakeVolumeBackend{
-		volumes: map[string]*volume.Volume{
-			"inuse": {
-				Name: "inuse",
-			},
-		},
-	}
-	c := &fakeClusterBackend{}
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("DELETE", "/volumes/inuse", nil)
-	resp := httptest.NewRecorder()
-
-	err := v.deleteVolumes(ctx, resp, req, map[string]string{"name": "inuse"})
-	assert.Assert(t, err != nil)
-	assert.Assert(t, errdefs.IsConflict(err))
-}
-
-func TestVolumeRemoveSwarmForce(t *testing.T) {
-	b := &fakeVolumeBackend{}
-	c := &fakeClusterBackend{
-		swarm:   true,
-		manager: true,
-		volumes: map[string]*volume.Volume{
-			"vol1": {
-				Name:          "vol1",
-				ClusterVolume: &volume.ClusterVolume{},
-				Options:       map[string]string{"mustforce": "yes"},
-			},
-		},
-	}
-
-	v := &volumeRouter{
-		backend: b,
-		cluster: c,
-	}
-
-	ctx := context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req := httptest.NewRequest("DELETE", "/volumes/vol1", nil)
-	resp := httptest.NewRecorder()
-
-	err := v.deleteVolumes(ctx, resp, req, map[string]string{"name": "vol1"})
-
-	assert.Assert(t, err != nil)
-	assert.Assert(t, errdefs.IsConflict(err))
-
-	ctx = context.WithValue(context.Background(), httputils.APIVersionKey{}, clusterVolumesVersion)
-	req = httptest.NewRequest("DELETE", "/volumes/vol1?force=1", nil)
-	resp = httptest.NewRecorder()
-
-	err = v.deleteVolumes(ctx, resp, req, map[string]string{"name": "vol1"})
-
-	assert.NilError(t, err)
-	assert.Equal(t, len(b.volumes), 0)
-	assert.Equal(t, len(c.volumes), 0)
-}
-
-type fakeVolumeBackend struct {
-	volumes map[string]*volume.Volume
-}
-
-func (b *fakeVolumeBackend) List(_ context.Context, _ filters.Args) ([]*volume.Volume, []string, error) {
-	volumes := []*volume.Volume{}
-	for _, v := range b.volumes {
-		volumes = append(volumes, v)
-	}
-	return volumes, nil, nil
-}
-
-func (b *fakeVolumeBackend) Get(_ context.Context, name string, _ ...opts.GetOption) (*volume.Volume, error) {
-	if v, ok := b.volumes[name]; ok {
-		return v, nil
-	}
-	return nil, errdefs.NotFound(fmt.Errorf("volume %s not found", name))
-}
-
-func (b *fakeVolumeBackend) Create(_ context.Context, name, driverName string, _ ...opts.CreateOption) (*volume.Volume, error) {
-	if _, ok := b.volumes[name]; ok {
-		// TODO(dperny): return appropriate error type
-		return nil, fmt.Errorf("already exists")
-	}
-
-	v := &volume.Volume{
-		Name:   name,
-		Driver: driverName,
-	}
-	if b.volumes == nil {
-		b.volumes = map[string]*volume.Volume{
-			name: v,
-		}
-	} else {
-		b.volumes[name] = v
-	}
-
-	return v, nil
-}
-
-func (b *fakeVolumeBackend) Remove(_ context.Context, name string, o ...opts.RemoveOption) error {
-	removeOpts := &opts.RemoveConfig{}
-	for _, opt := range o {
-		opt(removeOpts)
-	}
-
-	if v, ok := b.volumes[name]; !ok {
-		if !removeOpts.PurgeOnError {
-			return errdefs.NotFound(fmt.Errorf("volume %s not found", name))
-		}
-	} else if v.Name == "inuse" {
-		return errdefs.Conflict(fmt.Errorf("volume in use"))
-	}
-
-	delete(b.volumes, name)
-
-	return nil
-}
-
-func (b *fakeVolumeBackend) Prune(_ context.Context, _ filters.Args) (*types.VolumesPruneReport, error) {
-	return nil, nil
-}
-
-type fakeClusterBackend struct {
-	swarm   bool
-	manager bool
-	idCount int
-	volumes map[string]*volume.Volume
-}
-
-func (c *fakeClusterBackend) checkSwarm() error {
-	if !c.swarm {
-		return errdefs.Unavailable(fmt.Errorf("this node is not a swarm manager. Use \"docker swarm init\" or \"docker swarm join\" to connect this node to swarm and try again"))
-	} else if !c.manager {
-		return errdefs.Unavailable(fmt.Errorf("this node is not a swarm manager. Worker nodes can't be used to view or modify cluster state. Please run this command on a manager node or promote the current node to a manager"))
-	}
-
-	return nil
-}
-
-func (c *fakeClusterBackend) IsManager() bool {
-	return c.swarm && c.manager
-}
-
-func (c *fakeClusterBackend) GetVolume(nameOrID string) (volume.Volume, error) {
-	if err := c.checkSwarm(); err != nil {
-		return volume.Volume{}, err
-	}
-
-	if v, ok := c.volumes[nameOrID]; ok {
-		return *v, nil
-	}
-	return volume.Volume{}, errdefs.NotFound(fmt.Errorf("volume %s not found", nameOrID))
-}
-
-func (c *fakeClusterBackend) GetVolumes(options volume.ListOptions) ([]*volume.Volume, error) {
-	if err := c.checkSwarm(); err != nil {
-		return nil, err
-	}
-
-	volumes := []*volume.Volume{}
-
-	for _, v := range c.volumes {
-		volumes = append(volumes, v)
-	}
-	return volumes, nil
-}
-
-func (c *fakeClusterBackend) CreateVolume(volumeCreate volume.CreateOptions) (*volume.Volume, error) {
-	if err := c.checkSwarm(); err != nil {
-		return nil, err
-	}
-
-	if _, ok := c.volumes[volumeCreate.Name]; ok {
-		// TODO(dperny): return appropriate already exists error
-		return nil, fmt.Errorf("already exists")
-	}
-
-	v := &volume.Volume{
-		Name:    volumeCreate.Name,
-		Driver:  volumeCreate.Driver,
-		Labels:  volumeCreate.Labels,
-		Options: volumeCreate.DriverOpts,
-		Scope:   "global",
-	}
-
-	v.ClusterVolume = &volume.ClusterVolume{
-		ID:   fmt.Sprintf("cluster_%d", c.idCount),
-		Spec: *volumeCreate.ClusterVolumeSpec,
-	}
-
-	c.idCount = c.idCount + 1
-	if c.volumes == nil {
-		c.volumes = map[string]*volume.Volume{
-			v.Name: v,
-		}
-	} else {
-		c.volumes[v.Name] = v
-	}
-
-	return v, nil
-}
-
-func (c *fakeClusterBackend) RemoveVolume(nameOrID string, force bool) error {
-	if err := c.checkSwarm(); err != nil {
-		return err
-	}
-
-	v, ok := c.volumes[nameOrID]
-	if !ok {
-		return errdefs.NotFound(fmt.Errorf("volume %s not found", nameOrID))
-	}
-
-	if _, mustforce := v.Options["mustforce"]; mustforce && !force {
-		return errdefs.Conflict(fmt.Errorf("volume %s must be force removed", nameOrID))
-	}
-
-	delete(c.volumes, nameOrID)
-
-	return nil
-}
-
-func (c *fakeClusterBackend) UpdateVolume(nameOrID string, version uint64, _ volume.UpdateOptions) error {
-	if err := c.checkSwarm(); err != nil {
-		return err
-	}
-
-	if v, ok := c.volumes[nameOrID]; ok {
-		if v.ClusterVolume.Meta.Version.Index != version {
-			return fmt.Errorf("wrong version")
-		}
-		v.ClusterVolume.Meta.Version.Index = v.ClusterVolume.Meta.Version.Index + 1
-		// for testing, we don't actually need to change anything about the
-		// volume object. let's just increment the version so we can see the
-		// call happened.
-	} else {
-		return errdefs.NotFound(fmt.Errorf("volume %q not found", nameOrID))
-	}
-
-	return nil
-}

api/server/server.go

@@ -2,14 +2,17 @@ package server // import "github.com/docker/docker/api/server"
 
 import (
 	"context"
+	"crypto/tls"
+	"net"
 	"net/http"
+	"strings"
 
-	"github.com/docker/docker/api/server/httpstatus"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/server/middleware"
 	"github.com/docker/docker/api/server/router"
 	"github.com/docker/docker/api/server/router/debug"
 	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/errdefs"
 	"github.com/gorilla/mux"
 	"github.com/sirupsen/logrus"
 )
@@ -18,17 +21,102 @@ import (
 // when a request is about to be served.
 const versionMatcher = "/v{version:[0-9.]+}"
 
+// Config provides the configuration for the API server
+type Config struct {
+	Logging     bool
+	CorsHeaders string
+	Version     string
+	SocketGroup string
+	TLSConfig   *tls.Config
+}
+
 // Server contains instance details for the server
 type Server struct {
+	cfg         *Config
+	servers     []*HTTPServer
+	routers     []router.Router
 	middlewares []middleware.Middleware
 }
 
+// New returns a new instance of the server based on the specified configuration.
+// It allocates resources which will be needed for ServeAPI(ports, unix-sockets).
+func New(cfg *Config) *Server {
+	return &Server{
+		cfg: cfg,
+	}
+}
+
 // UseMiddleware appends a new middleware to the request chain.
 // This needs to be called before the API routes are configured.
 func (s *Server) UseMiddleware(m middleware.Middleware) {
 	s.middlewares = append(s.middlewares, m)
 }
 
+// Accept sets a listener the server accepts connections into.
+func (s *Server) Accept(addr string, listeners ...net.Listener) {
+	for _, listener := range listeners {
+		httpServer := &HTTPServer{
+			srv: &http.Server{
+				Addr: addr,
+			},
+			l: listener,
+		}
+		s.servers = append(s.servers, httpServer)
+	}
+}
+
+// Close closes servers and thus stop receiving requests
+func (s *Server) Close() {
+	for _, srv := range s.servers {
+		if err := srv.Close(); err != nil {
+			logrus.Error(err)
+		}
+	}
+}
+
+// serveAPI loops through all initialized servers and spawns goroutine
+// with Serve method for each. It sets createMux() as Handler also.
+func (s *Server) serveAPI() error {
+	var chErrors = make(chan error, len(s.servers))
+	for _, srv := range s.servers {
+		srv.srv.Handler = s.createMux()
+		go func(srv *HTTPServer) {
+			var err error
+			logrus.Infof("API listen on %s", srv.l.Addr())
+			if err = srv.Serve(); err != nil && strings.Contains(err.Error(), "use of closed network connection") {
+				err = nil
+			}
+			chErrors <- err
+		}(srv)
+	}
+
+	for range s.servers {
+		err := <-chErrors
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// HTTPServer contains an instance of http server and the listener.
+// srv *http.Server, contains configuration to create an http server and a mux router with all api end points.
+// l   net.Listener, is a TCP or Socket listener that dispatches incoming request to the router.
+type HTTPServer struct {
+	srv *http.Server
+	l   net.Listener
+}
+
+// Serve starts listening for inbound requests.
+func (s *HTTPServer) Serve() error {
+	return s.srv.Serve(s.l)
+}
+
+// Close closes the HTTPServer from listening for the inbound requests.
+func (s *HTTPServer) Close() error {
+	return s.l.Close()
+}
+
 func (s *Server) makeHTTPHandler(handler httputils.APIFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		// Define the context that we'll pass around to share info
@@ -51,15 +139,21 @@ func (s *Server) makeHTTPHandler(handler httputils.APIFunc) http.HandlerFunc {
 		}
 
 		if err := handlerFunc(ctx, w, r, vars); err != nil {
-			statusCode := httpstatus.FromError(err)
+			statusCode := errdefs.GetHTTPErrorStatusCode(err)
 			if statusCode >= 500 {
 				logrus.Errorf("Handler for %s %s returned error: %v", r.Method, r.URL.Path, err)
 			}
-			makeErrorHandler(err)(w, r)
+			httputils.MakeErrorHandler(err)(w, r)
 		}
 	}
 }
 
+// InitRouter initializes the list of routers for the server.
+// This method also enables the Go profiler.
+func (s *Server) InitRouter(routers ...router.Router) {
+	s.routers = append(s.routers, routers...)
+}
+
 type pageNotFoundError struct{}
 
 func (pageNotFoundError) Error() string {
@@ -68,12 +162,12 @@ func (pageNotFoundError) Error() string {
 
 func (pageNotFoundError) NotFound() {}
 
-// CreateMux returns a new mux with all the routers registered.
-func (s *Server) CreateMux(routers ...router.Router) *mux.Router {
+// createMux initializes the main router the server uses.
+func (s *Server) createMux() *mux.Router {
 	m := mux.NewRouter()
 
 	logrus.Debug("Registering routers")
-	for _, apiRouter := range routers {
+	for _, apiRouter := range s.routers {
 		for _, r := range apiRouter.Routes() {
 			f := s.makeHTTPHandler(r.Handler())
 
@@ -84,15 +178,28 @@ func (s *Server) CreateMux(routers ...router.Router) *mux.Router {
 	}
 
 	debugRouter := debug.NewRouter()
+	s.routers = append(s.routers, debugRouter)
 	for _, r := range debugRouter.Routes() {
 		f := s.makeHTTPHandler(r.Handler())
 		m.Path("/debug" + r.Path()).Handler(f)
 	}
 
-	notFoundHandler := makeErrorHandler(pageNotFoundError{})
+	notFoundHandler := httputils.MakeErrorHandler(pageNotFoundError{})
 	m.HandleFunc(versionMatcher+"/{path:.*}", notFoundHandler)
 	m.NotFoundHandler = notFoundHandler
 	m.MethodNotAllowedHandler = notFoundHandler
 
 	return m
 }
+
+// Wait blocks the server goroutine until it exits.
+// It sends an error message if there is any error during
+// the API execution.
+func (s *Server) Wait(waitChan chan error) {
+	if err := s.serveAPI(); err != nil {
+		logrus.Errorf("ServeAPI error: %v", err)
+		waitChan <- err
+		return
+	}
+	waitChan <- nil
+}

api/server/server_test.go

@@ -13,7 +13,12 @@ import (
 )
 
 func TestMiddlewares(t *testing.T) {
-	srv := &Server{}
+	cfg := &Config{
+		Version: "0.1omega2",
+	}
+	srv := &Server{
+		cfg: cfg,
+	}
 
 	srv.UseMiddleware(middleware.NewVersionMiddleware("0.1omega2", api.DefaultVersion, api.MinVersion))
 

api/types/auth.go

@@ -1,7 +1,22 @@
 package types // import "github.com/docker/docker/api/types"
-import "github.com/docker/docker/api/types/registry"
 
-// AuthConfig contains authorization information for connecting to a Registry.
-//
-// Deprecated: use github.com/docker/docker/api/types/registry.AuthConfig
-type AuthConfig = registry.AuthConfig
+// AuthConfig contains authorization information for connecting to a Registry
+type AuthConfig struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+	Auth     string `json:"auth,omitempty"`
+
+	// Email is an optional value associated with the username.
+	// This field is deprecated and will be removed in a later
+	// version of docker.
+	Email string `json:"email,omitempty"`
+
+	ServerAddress string `json:"serveraddress,omitempty"`
+
+	// IdentityToken is used to authenticate the user and get
+	// an access token for the registry.
+	IdentityToken string `json:"identitytoken,omitempty"`
+
+	// RegistryToken is a bearer token to be sent to a registry
+	RegistryToken string `json:"registrytoken,omitempty"`
+}

api/types/backend/backend.go

@@ -5,21 +5,23 @@ import (
 	"io"
 	"time"
 
-	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types/container"
 )
 
 // ContainerAttachConfig holds the streams to use when connecting to a container to view logs.
 type ContainerAttachConfig struct {
-	GetStreams func(multiplexed bool) (io.ReadCloser, io.Writer, io.Writer, error)
+	GetStreams func() (io.ReadCloser, io.Writer, io.Writer, error)
 	UseStdin   bool
 	UseStdout  bool
 	UseStderr  bool
 	Logs       bool
 	Stream     bool
 	DetachKeys string
-	// Used to signify that streams must be multiplexed by producer as endpoint can't manage multiple streams.
-	// This is typically set by HTTP endpoint, while websocket can transport raw streams
+
+	// Used to signify that streams are multiplexed and therefore need a StdWriter to encode stdout/stderr messages accordingly.
+	// TODO @cpuguy83: This shouldn't be needed. It was only added so that http and websocket endpoints can use the same function, and the websocket function was not using a stdwriter prior to this change...
+	// HOWEVER, the websocket endpoint is using a single stream and SHOULD be encoded with stdout/stderr as is done for HTTP since it is still just a single stream.
+	// Since such a change is an API change unrelated to the current changeset we'll keep it as is here and change separately.
 	MuxStreams bool
 }
 
@@ -36,6 +38,8 @@ type PartialLogMetaData struct {
 // LogMessage is datastructure that represents piece of output produced by some
 // container.  The Line member is a slice of an array whose contents can be
 // changed after a log driver's Log() method returns.
+// changes to this struct need to be reflect in the reset method in
+// daemon/logger/logger.go
 type LogMessage struct {
 	Line         []byte
 	Source       string
@@ -103,7 +107,8 @@ type ExecProcessConfig struct {
 // CreateImageConfig is the configuration for creating an image from a
 // container.
 type CreateImageConfig struct {
-	Tag     reference.NamedTagged
+	Repo    string
+	Tag     string
 	Pause   bool
 	Author  string
 	Comment string

api/types/backend/build.go

@@ -4,9 +4,8 @@ import (
 	"io"
 
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/pkg/streamformatter"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // PullOption defines different modes for accessing images
@@ -40,7 +39,7 @@ type BuildConfig struct {
 // GetImageAndLayerOptions are the options supported by GetImageAndReleasableLayer
 type GetImageAndLayerOptions struct {
 	PullOption PullOption
-	AuthConfig map[string]registry.AuthConfig
+	AuthConfig map[string]types.AuthConfig
 	Output     io.Writer
-	Platform   *ocispec.Platform
+	Platform   *specs.Platform
 }

api/types/client.go

@@ -7,7 +7,6 @@ import (
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/registry"
 	units "github.com/docker/go-units"
 )
 
@@ -60,6 +59,7 @@ type ContainerExecInspect struct {
 
 // ContainerListOptions holds parameters to list containers with.
 type ContainerListOptions struct {
+	Quiet   bool
 	Size    bool
 	All     bool
 	Latest  bool
@@ -113,16 +113,10 @@ type NetworkListOptions struct {
 	Filters filters.Args
 }
 
-// NewHijackedResponse intializes a HijackedResponse type
-func NewHijackedResponse(conn net.Conn, mediaType string) HijackedResponse {
-	return HijackedResponse{Conn: conn, Reader: bufio.NewReader(conn), mediaType: mediaType}
-}
-
 // HijackedResponse holds connection information for a hijacked request.
 type HijackedResponse struct {
-	mediaType string
-	Conn      net.Conn
-	Reader    *bufio.Reader
+	Conn   net.Conn
+	Reader *bufio.Reader
 }
 
 // Close closes the hijacked connection and reader.
@@ -130,15 +124,6 @@ func (h *HijackedResponse) Close() {
 	h.Conn.Close()
 }
 
-// MediaType let client know if HijackedResponse hold a raw or multiplexed stream.
-// returns false if HTTP Content-Type is not relevant, and container must be inspected
-func (h *HijackedResponse) MediaType() (string, bool) {
-	if h.mediaType == "" {
-		return "", false
-	}
-	return h.mediaType, true
-}
-
 // CloseWriter is an interface that implements structs
 // that close input streams to prevent from writing.
 type CloseWriter interface {
@@ -181,7 +166,7 @@ type ImageBuildOptions struct {
 	// at all (nil). See the parsing of buildArgs in
 	// api/server/router/build/build_routes.go for even more info.
 	BuildArgs   map[string]*string
-	AuthConfigs map[string]registry.AuthConfig
+	AuthConfigs map[string]AuthConfig
 	Context     io.Reader
 	Labels      map[string]string
 	// squash the resulting image's layers to the parent
@@ -251,20 +236,10 @@ type ImageImportOptions struct {
 	Platform string   // Platform is the target platform of the image
 }
 
-// ImageListOptions holds parameters to list images with.
+// ImageListOptions holds parameters to filter the list of images with.
 type ImageListOptions struct {
-	// All controls whether all images in the graph are filtered, or just
-	// the heads.
-	All bool
-
-	// Filters is a JSON-encoded set of filter arguments.
+	All     bool
 	Filters filters.Args
-
-	// SharedSize indicates whether the shared size of images should be computed.
-	SharedSize bool
-
-	// ContainerCount indicates whether container count should be computed.
-	ContainerCount bool
 }
 
 // ImageLoadResponse returns information to the client about a load process.

api/types/configs.go

@@ -3,7 +3,7 @@ package types // import "github.com/docker/docker/api/types"
 import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // configs holds structs used for internal communication between the
@@ -16,7 +16,7 @@ type ContainerCreateConfig struct {
 	Config           *container.Config
 	HostConfig       *container.HostConfig
 	NetworkingConfig *network.NetworkingConfig
-	Platform         *ocispec.Platform
+	Platform         *specs.Platform
 	AdjustCPUShares  bool
 }
 
@@ -33,7 +33,6 @@ type ExecConfig struct {
 	User         string   // User that will run the command
 	Privileged   bool     // Is the container in privileged mode
 	Tty          bool     // Attach standard streams to a tty.
-	ConsoleSize  *[2]uint `json:",omitempty"` // Initial console size [height, width]
 	AttachStdin  bool     // Attach the standard input, makes possible user interaction
 	AttachStderr bool     // Attach the standard error
 	AttachStdout bool     // Attach the standard output

api/types/container/change_response_deprecated.go

@@ -1,6 +0,0 @@
-package container
-
-// ContainerChangeResponseItem change item in response to ContainerChanges operation
-//
-// Deprecated: use [FilesystemChange].
-type ContainerChangeResponseItem = FilesystemChange

api/types/container/change_type.go

@@ -1,15 +0,0 @@
-package container
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
-
-// ChangeType Kind of change
-//
-// Can be one of:
-//
-// - `0`: Modified ("C")
-// - `1`: Added ("A")
-// - `2`: Deleted ("D")
-//
-// swagger:model ChangeType
-type ChangeType uint8

api/types/container/change_types.go

@@ -1,23 +0,0 @@
-package container
-
-const (
-	// ChangeModify represents the modify operation.
-	ChangeModify ChangeType = 0
-	// ChangeAdd represents the add operation.
-	ChangeAdd ChangeType = 1
-	// ChangeDelete represents the delete operation.
-	ChangeDelete ChangeType = 2
-)
-
-func (ct ChangeType) String() string {
-	switch ct {
-	case ChangeModify:
-		return "C"
-	case ChangeAdd:
-		return "A"
-	case ChangeDelete:
-		return "D"
-	default:
-		return ""
-	}
-}

api/types/container/config.go

@@ -1,7 +1,6 @@
 package container // import "github.com/docker/docker/api/types/container"
 
 import (
-	"io"
 	"time"
 
 	"github.com/docker/docker/api/types/strslice"
@@ -14,24 +13,6 @@ import (
 // Docker interprets it as 3 nanoseconds.
 const MinimumDuration = 1 * time.Millisecond
 
-// StopOptions holds the options to stop or restart a container.
-type StopOptions struct {
-	// Signal (optional) is the signal to send to the container to (gracefully)
-	// stop it before forcibly terminating the container with SIGKILL after the
-	// timeout expires. If not value is set, the default (SIGTERM) is used.
-	Signal string `json:",omitempty"`
-
-	// Timeout (optional) is the timeout (in seconds) to wait for the container
-	// to stop gracefully before forcibly terminating it with SIGKILL.
-	//
-	// - Use nil to use the default timeout (10 seconds).
-	// - Use '-1' to wait indefinitely.
-	// - Use '0' to not wait for the container to exit gracefully, and
-	//   immediately proceeds to forcibly terminating the container.
-	// - Other positive values are used as timeout (in seconds).
-	Timeout *int `json:",omitempty"`
-}
-
 // HealthConfig holds configuration settings for the HEALTHCHECK feature.
 type HealthConfig struct {
 	// Test is the test to perform to check that the container is healthy.
@@ -53,14 +34,6 @@ type HealthConfig struct {
 	Retries int `json:",omitempty"`
 }
 
-// ExecStartOptions holds the options to start container's exec.
-type ExecStartOptions struct {
-	Stdin       io.Reader
-	Stdout      io.Writer
-	Stderr      io.Writer
-	ConsoleSize *[2]uint `json:",omitempty"`
-}
-
 // Config contains the configuration data about a container.
 // It should hold only portable information about the container.
 // Here, "portable" means "independent from the host we are running on".

api/types/container/container_changes.go

@@ -0,0 +1,20 @@
+package container // import "github.com/docker/docker/api/types/container"
+
+// ----------------------------------------------------------------------------
+// Code generated by `swagger generate operation`. DO NOT EDIT.
+//
+// See hack/generate-swagger-api.sh
+// ----------------------------------------------------------------------------
+
+// ContainerChangeResponseItem change item in response to ContainerChanges operation
+// swagger:model ContainerChangeResponseItem
+type ContainerChangeResponseItem struct {
+
+	// Kind of change
+	// Required: true
+	Kind uint8 `json:"Kind"`
+
+	// Path to file that has changed
+	// Required: true
+	Path string `json:"Path"`
+}

api/types/container/container_create.go

@@ -0,0 +1,20 @@
+package container // import "github.com/docker/docker/api/types/container"
+
+// ----------------------------------------------------------------------------
+// Code generated by `swagger generate operation`. DO NOT EDIT.
+//
+// See hack/generate-swagger-api.sh
+// ----------------------------------------------------------------------------
+
+// ContainerCreateCreatedBody OK response to ContainerCreate operation
+// swagger:model ContainerCreateCreatedBody
+type ContainerCreateCreatedBody struct {
+
+	// The ID of the created container
+	// Required: true
+	ID string `json:"Id"`
+
+	// Warnings encountered when creating the container
+	// Required: true
+	Warnings []string `json:"Warnings"`
+}

api/types/container/container_wait.go

@@ -0,0 +1,28 @@
+package container // import "github.com/docker/docker/api/types/container"
+
+// ----------------------------------------------------------------------------
+// Code generated by `swagger generate operation`. DO NOT EDIT.
+//
+// See hack/generate-swagger-api.sh
+// ----------------------------------------------------------------------------
+
+// ContainerWaitOKBodyError container waiting error, if any
+// swagger:model ContainerWaitOKBodyError
+type ContainerWaitOKBodyError struct {
+
+	// Details of an error
+	Message string `json:"Message,omitempty"`
+}
+
+// ContainerWaitOKBody OK response to ContainerWait operation
+// swagger:model ContainerWaitOKBody
+type ContainerWaitOKBody struct {
+
+	// error
+	// Required: true
+	Error *ContainerWaitOKBodyError `json:"Error"`
+
+	// Exit code of the container
+	// Required: true
+	StatusCode int64 `json:"StatusCode"`
+}

api/types/container/create_response.go

@@ -1,19 +0,0 @@
-package container
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
-
-// CreateResponse ContainerCreateResponse
-//
-// OK response to ContainerCreate operation
-// swagger:model CreateResponse
-type CreateResponse struct {
-
-	// The ID of the created container
-	// Required: true
-	ID string `json:"Id"`
-
-	// Warnings encountered when creating the container
-	// Required: true
-	Warnings []string `json:"Warnings"`
-}

api/types/container/filesystem_change.go

@@ -1,19 +0,0 @@
-package container
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
-
-// FilesystemChange Change in the container's filesystem.
-//
-// swagger:model FilesystemChange
-type FilesystemChange struct {
-
-	// kind
-	// Required: true
-	Kind ChangeType `json:"Kind"`
-
-	// Path to file or directory that has changed.
-	//
-	// Required: true
-	Path string `json:"Path"`
-}

api/types/container/host_config.go

@@ -0,0 +1,447 @@
+package container // import "github.com/docker/docker/api/types/container"
+
+import (
+	"strings"
+
+	"github.com/docker/docker/api/types/blkiodev"
+	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/go-connections/nat"
+	units "github.com/docker/go-units"
+)
+
+// CgroupnsMode represents the cgroup namespace mode of the container
+type CgroupnsMode string
+
+// IsPrivate indicates whether the container uses its own private cgroup namespace
+func (c CgroupnsMode) IsPrivate() bool {
+	return c == "private"
+}
+
+// IsHost indicates whether the container shares the host's cgroup namespace
+func (c CgroupnsMode) IsHost() bool {
+	return c == "host"
+}
+
+// IsEmpty indicates whether the container cgroup namespace mode is unset
+func (c CgroupnsMode) IsEmpty() bool {
+	return c == ""
+}
+
+// Valid indicates whether the cgroup namespace mode is valid
+func (c CgroupnsMode) Valid() bool {
+	return c.IsEmpty() || c.IsPrivate() || c.IsHost()
+}
+
+// Isolation represents the isolation technology of a container. The supported
+// values are platform specific
+type Isolation string
+
+// IsDefault indicates the default isolation technology of a container. On Linux this
+// is the native driver. On Windows, this is a Windows Server Container.
+func (i Isolation) IsDefault() bool {
+	return strings.ToLower(string(i)) == "default" || string(i) == ""
+}
+
+// IsHyperV indicates the use of a Hyper-V partition for isolation
+func (i Isolation) IsHyperV() bool {
+	return strings.ToLower(string(i)) == "hyperv"
+}
+
+// IsProcess indicates the use of process isolation
+func (i Isolation) IsProcess() bool {
+	return strings.ToLower(string(i)) == "process"
+}
+
+const (
+	// IsolationEmpty is unspecified (same behavior as default)
+	IsolationEmpty = Isolation("")
+	// IsolationDefault is the default isolation mode on current daemon
+	IsolationDefault = Isolation("default")
+	// IsolationProcess is process isolation mode
+	IsolationProcess = Isolation("process")
+	// IsolationHyperV is HyperV isolation mode
+	IsolationHyperV = Isolation("hyperv")
+)
+
+// IpcMode represents the container ipc stack.
+type IpcMode string
+
+// IsPrivate indicates whether the container uses its own private ipc namespace which can not be shared.
+func (n IpcMode) IsPrivate() bool {
+	return n == "private"
+}
+
+// IsHost indicates whether the container shares the host's ipc namespace.
+func (n IpcMode) IsHost() bool {
+	return n == "host"
+}
+
+// IsShareable indicates whether the container's ipc namespace can be shared with another container.
+func (n IpcMode) IsShareable() bool {
+	return n == "shareable"
+}
+
+// IsContainer indicates whether the container uses another container's ipc namespace.
+func (n IpcMode) IsContainer() bool {
+	parts := strings.SplitN(string(n), ":", 2)
+	return len(parts) > 1 && parts[0] == "container"
+}
+
+// IsNone indicates whether container IpcMode is set to "none".
+func (n IpcMode) IsNone() bool {
+	return n == "none"
+}
+
+// IsEmpty indicates whether container IpcMode is empty
+func (n IpcMode) IsEmpty() bool {
+	return n == ""
+}
+
+// Valid indicates whether the ipc mode is valid.
+func (n IpcMode) Valid() bool {
+	return n.IsEmpty() || n.IsNone() || n.IsPrivate() || n.IsHost() || n.IsShareable() || n.IsContainer()
+}
+
+// Container returns the name of the container ipc stack is going to be used.
+func (n IpcMode) Container() string {
+	parts := strings.SplitN(string(n), ":", 2)
+	if len(parts) > 1 && parts[0] == "container" {
+		return parts[1]
+	}
+	return ""
+}
+
+// NetworkMode represents the container network stack.
+type NetworkMode string
+
+// IsNone indicates whether container isn't using a network stack.
+func (n NetworkMode) IsNone() bool {
+	return n == "none"
+}
+
+// IsDefault indicates whether container uses the default network stack.
+func (n NetworkMode) IsDefault() bool {
+	return n == "default"
+}
+
+// IsPrivate indicates whether container uses its private network stack.
+func (n NetworkMode) IsPrivate() bool {
+	return !(n.IsHost() || n.IsContainer())
+}
+
+// IsContainer indicates whether container uses a container network stack.
+func (n NetworkMode) IsContainer() bool {
+	parts := strings.SplitN(string(n), ":", 2)
+	return len(parts) > 1 && parts[0] == "container"
+}
+
+// ConnectedContainer is the id of the container which network this container is connected to.
+func (n NetworkMode) ConnectedContainer() string {
+	parts := strings.SplitN(string(n), ":", 2)
+	if len(parts) > 1 {
+		return parts[1]
+	}
+	return ""
+}
+
+// UserDefined indicates user-created network
+func (n NetworkMode) UserDefined() string {
+	if n.IsUserDefined() {
+		return string(n)
+	}
+	return ""
+}
+
+// UsernsMode represents userns mode in the container.
+type UsernsMode string
+
+// IsHost indicates whether the container uses the host's userns.
+func (n UsernsMode) IsHost() bool {
+	return n == "host"
+}
+
+// IsPrivate indicates whether the container uses the a private userns.
+func (n UsernsMode) IsPrivate() bool {
+	return !(n.IsHost())
+}
+
+// Valid indicates whether the userns is valid.
+func (n UsernsMode) Valid() bool {
+	parts := strings.Split(string(n), ":")
+	switch mode := parts[0]; mode {
+	case "", "host":
+	default:
+		return false
+	}
+	return true
+}
+
+// CgroupSpec represents the cgroup to use for the container.
+type CgroupSpec string
+
+// IsContainer indicates whether the container is using another container cgroup
+func (c CgroupSpec) IsContainer() bool {
+	parts := strings.SplitN(string(c), ":", 2)
+	return len(parts) > 1 && parts[0] == "container"
+}
+
+// Valid indicates whether the cgroup spec is valid.
+func (c CgroupSpec) Valid() bool {
+	return c.IsContainer() || c == ""
+}
+
+// Container returns the name of the container whose cgroup will be used.
+func (c CgroupSpec) Container() string {
+	parts := strings.SplitN(string(c), ":", 2)
+	if len(parts) > 1 {
+		return parts[1]
+	}
+	return ""
+}
+
+// UTSMode represents the UTS namespace of the container.
+type UTSMode string
+
+// IsPrivate indicates whether the container uses its private UTS namespace.
+func (n UTSMode) IsPrivate() bool {
+	return !(n.IsHost())
+}
+
+// IsHost indicates whether the container uses the host's UTS namespace.
+func (n UTSMode) IsHost() bool {
+	return n == "host"
+}
+
+// Valid indicates whether the UTS namespace is valid.
+func (n UTSMode) Valid() bool {
+	parts := strings.Split(string(n), ":")
+	switch mode := parts[0]; mode {
+	case "", "host":
+	default:
+		return false
+	}
+	return true
+}
+
+// PidMode represents the pid namespace of the container.
+type PidMode string
+
+// IsPrivate indicates whether the container uses its own new pid namespace.
+func (n PidMode) IsPrivate() bool {
+	return !(n.IsHost() || n.IsContainer())
+}
+
+// IsHost indicates whether the container uses the host's pid namespace.
+func (n PidMode) IsHost() bool {
+	return n == "host"
+}
+
+// IsContainer indicates whether the container uses a container's pid namespace.
+func (n PidMode) IsContainer() bool {
+	parts := strings.SplitN(string(n), ":", 2)
+	return len(parts) > 1 && parts[0] == "container"
+}
+
+// Valid indicates whether the pid namespace is valid.
+func (n PidMode) Valid() bool {
+	parts := strings.Split(string(n), ":")
+	switch mode := parts[0]; mode {
+	case "", "host":
+	case "container":
+		if len(parts) != 2 || parts[1] == "" {
+			return false
+		}
+	default:
+		return false
+	}
+	return true
+}
+
+// Container returns the name of the container whose pid namespace is going to be used.
+func (n PidMode) Container() string {
+	parts := strings.SplitN(string(n), ":", 2)
+	if len(parts) > 1 {
+		return parts[1]
+	}
+	return ""
+}
+
+// DeviceRequest represents a request for devices from a device driver.
+// Used by GPU device drivers.
+type DeviceRequest struct {
+	Driver       string            // Name of device driver
+	Count        int               // Number of devices to request (-1 = All)
+	DeviceIDs    []string          // List of device IDs as recognizable by the device driver
+	Capabilities [][]string        // An OR list of AND lists of device capabilities (e.g. "gpu")
+	Options      map[string]string // Options to pass onto the device driver
+}
+
+// DeviceMapping represents the device mapping between the host and the container.
+type DeviceMapping struct {
+	PathOnHost        string
+	PathInContainer   string
+	CgroupPermissions string
+}
+
+// RestartPolicy represents the restart policies of the container.
+type RestartPolicy struct {
+	Name              string
+	MaximumRetryCount int
+}
+
+// IsNone indicates whether the container has the "no" restart policy.
+// This means the container will not automatically restart when exiting.
+func (rp *RestartPolicy) IsNone() bool {
+	return rp.Name == "no" || rp.Name == ""
+}
+
+// IsAlways indicates whether the container has the "always" restart policy.
+// This means the container will automatically restart regardless of the exit status.
+func (rp *RestartPolicy) IsAlways() bool {
+	return rp.Name == "always"
+}
+
+// IsOnFailure indicates whether the container has the "on-failure" restart policy.
+// This means the container will automatically restart of exiting with a non-zero exit status.
+func (rp *RestartPolicy) IsOnFailure() bool {
+	return rp.Name == "on-failure"
+}
+
+// IsUnlessStopped indicates whether the container has the
+// "unless-stopped" restart policy. This means the container will
+// automatically restart unless user has put it to stopped state.
+func (rp *RestartPolicy) IsUnlessStopped() bool {
+	return rp.Name == "unless-stopped"
+}
+
+// IsSame compares two RestartPolicy to see if they are the same
+func (rp *RestartPolicy) IsSame(tp *RestartPolicy) bool {
+	return rp.Name == tp.Name && rp.MaximumRetryCount == tp.MaximumRetryCount
+}
+
+// LogMode is a type to define the available modes for logging
+// These modes affect how logs are handled when log messages start piling up.
+type LogMode string
+
+// Available logging modes
+const (
+	LogModeUnset            = ""
+	LogModeBlocking LogMode = "blocking"
+	LogModeNonBlock LogMode = "non-blocking"
+)
+
+// LogConfig represents the logging configuration of the container.
+type LogConfig struct {
+	Type   string
+	Config map[string]string
+}
+
+// Resources contains container's resources (cgroups config, ulimits...)
+type Resources struct {
+	// Applicable to all platforms
+	CPUShares int64 `json:"CpuShares"` // CPU shares (relative weight vs. other containers)
+	Memory    int64 // Memory limit (in bytes)
+	NanoCPUs  int64 `json:"NanoCpus"` // CPU quota in units of 10<sup>-9</sup> CPUs.
+
+	// Applicable to UNIX platforms
+	CgroupParent         string // Parent cgroup.
+	BlkioWeight          uint16 // Block IO weight (relative weight vs. other containers)
+	BlkioWeightDevice    []*blkiodev.WeightDevice
+	BlkioDeviceReadBps   []*blkiodev.ThrottleDevice
+	BlkioDeviceWriteBps  []*blkiodev.ThrottleDevice
+	BlkioDeviceReadIOps  []*blkiodev.ThrottleDevice
+	BlkioDeviceWriteIOps []*blkiodev.ThrottleDevice
+	CPUPeriod            int64           `json:"CpuPeriod"`          // CPU CFS (Completely Fair Scheduler) period
+	CPUQuota             int64           `json:"CpuQuota"`           // CPU CFS (Completely Fair Scheduler) quota
+	CPURealtimePeriod    int64           `json:"CpuRealtimePeriod"`  // CPU real-time period
+	CPURealtimeRuntime   int64           `json:"CpuRealtimeRuntime"` // CPU real-time runtime
+	CpusetCpus           string          // CpusetCpus 0-2, 0,1
+	CpusetMems           string          // CpusetMems 0-2, 0,1
+	Devices              []DeviceMapping // List of devices to map inside the container
+	DeviceCgroupRules    []string        // List of rule to be added to the device cgroup
+	DeviceRequests       []DeviceRequest // List of device requests for device drivers
+	KernelMemory         int64           // Kernel memory limit (in bytes), Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes
+	KernelMemoryTCP      int64           // Hard limit for kernel TCP buffer memory (in bytes)
+	MemoryReservation    int64           // Memory soft limit (in bytes)
+	MemorySwap           int64           // Total memory usage (memory + swap); set `-1` to enable unlimited swap
+	MemorySwappiness     *int64          // Tuning container memory swappiness behaviour
+	OomKillDisable       *bool           // Whether to disable OOM Killer or not
+	PidsLimit            *int64          // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change.
+	Ulimits              []*units.Ulimit // List of ulimits to be set in the container
+
+	// Applicable to Windows
+	CPUCount           int64  `json:"CpuCount"`   // CPU count
+	CPUPercent         int64  `json:"CpuPercent"` // CPU percent
+	IOMaximumIOps      uint64 // Maximum IOps for the container system drive
+	IOMaximumBandwidth uint64 // Maximum IO in bytes per second for the container system drive
+}
+
+// UpdateConfig holds the mutable attributes of a Container.
+// Those attributes can be updated at runtime.
+type UpdateConfig struct {
+	// Contains container's resources (cgroups, ulimits)
+	Resources
+	RestartPolicy RestartPolicy
+}
+
+// HostConfig the non-portable Config structure of a container.
+// Here, "non-portable" means "dependent of the host we are running on".
+// Portable information *should* appear in Config.
+type HostConfig struct {
+	// Applicable to all platforms
+	Binds           []string      // List of volume bindings for this container
+	ContainerIDFile string        // File (path) where the containerId is written
+	LogConfig       LogConfig     // Configuration of the logs for this container
+	NetworkMode     NetworkMode   // Network mode to use for the container
+	PortBindings    nat.PortMap   // Port mapping between the exposed port (container) and the host
+	RestartPolicy   RestartPolicy // Restart policy to be used for the container
+	AutoRemove      bool          // Automatically remove container when it exits
+	VolumeDriver    string        // Name of the volume driver used to mount volumes
+	VolumesFrom     []string      // List of volumes to take from other container
+
+	// Applicable to UNIX platforms
+	CapAdd          strslice.StrSlice // List of kernel capabilities to add to the container
+	CapDrop         strslice.StrSlice // List of kernel capabilities to remove from the container
+	CgroupnsMode    CgroupnsMode      // Cgroup namespace mode to use for the container
+	DNS             []string          `json:"Dns"`        // List of DNS server to lookup
+	DNSOptions      []string          `json:"DnsOptions"` // List of DNSOption to look for
+	DNSSearch       []string          `json:"DnsSearch"`  // List of DNSSearch to look for
+	ExtraHosts      []string          // List of extra hosts
+	GroupAdd        []string          // List of additional groups that the container process will run as
+	IpcMode         IpcMode           // IPC namespace to use for the container
+	Cgroup          CgroupSpec        // Cgroup to use for the container
+	Links           []string          // List of links (in the name:alias form)
+	OomScoreAdj     int               // Container preference for OOM-killing
+	PidMode         PidMode           // PID namespace to use for the container
+	Privileged      bool              // Is the container in privileged mode
+	PublishAllPorts bool              // Should docker publish all exposed port for the container
+	ReadonlyRootfs  bool              // Is the container root filesystem in read-only
+	SecurityOpt     []string          // List of string values to customize labels for MLS systems, such as SELinux.
+	StorageOpt      map[string]string `json:",omitempty"` // Storage driver options per container.
+	Tmpfs           map[string]string `json:",omitempty"` // List of tmpfs (mounts) used for the container
+	UTSMode         UTSMode           // UTS namespace to use for the container
+	UsernsMode      UsernsMode        // The user namespace to use for the container
+	ShmSize         int64             // Total shm memory usage
+	Sysctls         map[string]string `json:",omitempty"` // List of Namespaced sysctls used for the container
+	Runtime         string            `json:",omitempty"` // Runtime to use with this container
+
+	// Applicable to Windows
+	ConsoleSize [2]uint   // Initial console size (height,width)
+	Isolation   Isolation // Isolation technology of the container (e.g. default, hyperv)
+
+	// Contains container's resources (cgroups, ulimits)
+	Resources
+
+	// Mounts specs used by the container
+	Mounts []mount.Mount `json:",omitempty"`
+
+	// MaskedPaths is the list of paths to be masked inside the container (this overrides the default set of paths)
+	MaskedPaths []string
+
+	// ReadonlyPaths is the list of paths to be set as read-only inside the container (this overrides the default set of paths)
+	ReadonlyPaths []string
+
+	// Run a custom init inside the container, if null, use the daemon's configured settings
+	Init *bool `json:",omitempty"`
+}

api/types/container/hostconfig.go

@@ -1,456 +0,0 @@
-package container // import "github.com/docker/docker/api/types/container"
-
-import (
-	"strings"
-
-	"github.com/docker/docker/api/types/blkiodev"
-	"github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/api/types/strslice"
-	"github.com/docker/go-connections/nat"
-	units "github.com/docker/go-units"
-)
-
-// CgroupnsMode represents the cgroup namespace mode of the container
-type CgroupnsMode string
-
-// cgroup namespace modes for containers
-const (
-	CgroupnsModeEmpty   CgroupnsMode = ""
-	CgroupnsModePrivate CgroupnsMode = "private"
-	CgroupnsModeHost    CgroupnsMode = "host"
-)
-
-// IsPrivate indicates whether the container uses its own private cgroup namespace
-func (c CgroupnsMode) IsPrivate() bool {
-	return c == CgroupnsModePrivate
-}
-
-// IsHost indicates whether the container shares the host's cgroup namespace
-func (c CgroupnsMode) IsHost() bool {
-	return c == CgroupnsModeHost
-}
-
-// IsEmpty indicates whether the container cgroup namespace mode is unset
-func (c CgroupnsMode) IsEmpty() bool {
-	return c == CgroupnsModeEmpty
-}
-
-// Valid indicates whether the cgroup namespace mode is valid
-func (c CgroupnsMode) Valid() bool {
-	return c.IsEmpty() || c.IsPrivate() || c.IsHost()
-}
-
-// Isolation represents the isolation technology of a container. The supported
-// values are platform specific
-type Isolation string
-
-// Isolation modes for containers
-const (
-	IsolationEmpty   Isolation = ""        // IsolationEmpty is unspecified (same behavior as default)
-	IsolationDefault Isolation = "default" // IsolationDefault is the default isolation mode on current daemon
-	IsolationProcess Isolation = "process" // IsolationProcess is process isolation mode
-	IsolationHyperV  Isolation = "hyperv"  // IsolationHyperV is HyperV isolation mode
-)
-
-// IsDefault indicates the default isolation technology of a container. On Linux this
-// is the native driver. On Windows, this is a Windows Server Container.
-func (i Isolation) IsDefault() bool {
-	// TODO consider making isolation-mode strict (case-sensitive)
-	v := Isolation(strings.ToLower(string(i)))
-	return v == IsolationDefault || v == IsolationEmpty
-}
-
-// IsHyperV indicates the use of a Hyper-V partition for isolation
-func (i Isolation) IsHyperV() bool {
-	// TODO consider making isolation-mode strict (case-sensitive)
-	return Isolation(strings.ToLower(string(i))) == IsolationHyperV
-}
-
-// IsProcess indicates the use of process isolation
-func (i Isolation) IsProcess() bool {
-	// TODO consider making isolation-mode strict (case-sensitive)
-	return Isolation(strings.ToLower(string(i))) == IsolationProcess
-}
-
-// IpcMode represents the container ipc stack.
-type IpcMode string
-
-// IpcMode constants
-const (
-	IPCModeNone      IpcMode = "none"
-	IPCModeHost      IpcMode = "host"
-	IPCModeContainer IpcMode = "container"
-	IPCModePrivate   IpcMode = "private"
-	IPCModeShareable IpcMode = "shareable"
-)
-
-// IsPrivate indicates whether the container uses its own private ipc namespace which can not be shared.
-func (n IpcMode) IsPrivate() bool {
-	return n == IPCModePrivate
-}
-
-// IsHost indicates whether the container shares the host's ipc namespace.
-func (n IpcMode) IsHost() bool {
-	return n == IPCModeHost
-}
-
-// IsShareable indicates whether the container's ipc namespace can be shared with another container.
-func (n IpcMode) IsShareable() bool {
-	return n == IPCModeShareable
-}
-
-// IsContainer indicates whether the container uses another container's ipc namespace.
-func (n IpcMode) IsContainer() bool {
-	_, ok := containerID(string(n))
-	return ok
-}
-
-// IsNone indicates whether container IpcMode is set to "none".
-func (n IpcMode) IsNone() bool {
-	return n == IPCModeNone
-}
-
-// IsEmpty indicates whether container IpcMode is empty
-func (n IpcMode) IsEmpty() bool {
-	return n == ""
-}
-
-// Valid indicates whether the ipc mode is valid.
-func (n IpcMode) Valid() bool {
-	// TODO(thaJeztah): align with PidMode, and consider container-mode without a container name/ID to be invalid.
-	return n.IsEmpty() || n.IsNone() || n.IsPrivate() || n.IsHost() || n.IsShareable() || n.IsContainer()
-}
-
-// Container returns the name of the container ipc stack is going to be used.
-func (n IpcMode) Container() (idOrName string) {
-	idOrName, _ = containerID(string(n))
-	return idOrName
-}
-
-// NetworkMode represents the container network stack.
-type NetworkMode string
-
-// IsNone indicates whether container isn't using a network stack.
-func (n NetworkMode) IsNone() bool {
-	return n == "none"
-}
-
-// IsDefault indicates whether container uses the default network stack.
-func (n NetworkMode) IsDefault() bool {
-	return n == "default"
-}
-
-// IsPrivate indicates whether container uses its private network stack.
-func (n NetworkMode) IsPrivate() bool {
-	return !(n.IsHost() || n.IsContainer())
-}
-
-// IsContainer indicates whether container uses a container network stack.
-func (n NetworkMode) IsContainer() bool {
-	_, ok := containerID(string(n))
-	return ok
-}
-
-// ConnectedContainer is the id of the container which network this container is connected to.
-func (n NetworkMode) ConnectedContainer() (idOrName string) {
-	idOrName, _ = containerID(string(n))
-	return idOrName
-}
-
-// UserDefined indicates user-created network
-func (n NetworkMode) UserDefined() string {
-	if n.IsUserDefined() {
-		return string(n)
-	}
-	return ""
-}
-
-// UsernsMode represents userns mode in the container.
-type UsernsMode string
-
-// IsHost indicates whether the container uses the host's userns.
-func (n UsernsMode) IsHost() bool {
-	return n == "host"
-}
-
-// IsPrivate indicates whether the container uses the a private userns.
-func (n UsernsMode) IsPrivate() bool {
-	return !n.IsHost()
-}
-
-// Valid indicates whether the userns is valid.
-func (n UsernsMode) Valid() bool {
-	return n == "" || n.IsHost()
-}
-
-// CgroupSpec represents the cgroup to use for the container.
-type CgroupSpec string
-
-// IsContainer indicates whether the container is using another container cgroup
-func (c CgroupSpec) IsContainer() bool {
-	_, ok := containerID(string(c))
-	return ok
-}
-
-// Valid indicates whether the cgroup spec is valid.
-func (c CgroupSpec) Valid() bool {
-	// TODO(thaJeztah): align with PidMode, and consider container-mode without a container name/ID to be invalid.
-	return c == "" || c.IsContainer()
-}
-
-// Container returns the ID or name of the container whose cgroup will be used.
-func (c CgroupSpec) Container() (idOrName string) {
-	idOrName, _ = containerID(string(c))
-	return idOrName
-}
-
-// UTSMode represents the UTS namespace of the container.
-type UTSMode string
-
-// IsPrivate indicates whether the container uses its private UTS namespace.
-func (n UTSMode) IsPrivate() bool {
-	return !n.IsHost()
-}
-
-// IsHost indicates whether the container uses the host's UTS namespace.
-func (n UTSMode) IsHost() bool {
-	return n == "host"
-}
-
-// Valid indicates whether the UTS namespace is valid.
-func (n UTSMode) Valid() bool {
-	return n == "" || n.IsHost()
-}
-
-// PidMode represents the pid namespace of the container.
-type PidMode string
-
-// IsPrivate indicates whether the container uses its own new pid namespace.
-func (n PidMode) IsPrivate() bool {
-	return !(n.IsHost() || n.IsContainer())
-}
-
-// IsHost indicates whether the container uses the host's pid namespace.
-func (n PidMode) IsHost() bool {
-	return n == "host"
-}
-
-// IsContainer indicates whether the container uses a container's pid namespace.
-func (n PidMode) IsContainer() bool {
-	_, ok := containerID(string(n))
-	return ok
-}
-
-// Valid indicates whether the pid namespace is valid.
-func (n PidMode) Valid() bool {
-	return n == "" || n.IsHost() || validContainer(string(n))
-}
-
-// Container returns the name of the container whose pid namespace is going to be used.
-func (n PidMode) Container() (idOrName string) {
-	idOrName, _ = containerID(string(n))
-	return idOrName
-}
-
-// DeviceRequest represents a request for devices from a device driver.
-// Used by GPU device drivers.
-type DeviceRequest struct {
-	Driver       string            // Name of device driver
-	Count        int               // Number of devices to request (-1 = All)
-	DeviceIDs    []string          // List of device IDs as recognizable by the device driver
-	Capabilities [][]string        // An OR list of AND lists of device capabilities (e.g. "gpu")
-	Options      map[string]string // Options to pass onto the device driver
-}
-
-// DeviceMapping represents the device mapping between the host and the container.
-type DeviceMapping struct {
-	PathOnHost        string
-	PathInContainer   string
-	CgroupPermissions string
-}
-
-// RestartPolicy represents the restart policies of the container.
-type RestartPolicy struct {
-	Name              string
-	MaximumRetryCount int
-}
-
-// IsNone indicates whether the container has the "no" restart policy.
-// This means the container will not automatically restart when exiting.
-func (rp *RestartPolicy) IsNone() bool {
-	return rp.Name == "no" || rp.Name == ""
-}
-
-// IsAlways indicates whether the container has the "always" restart policy.
-// This means the container will automatically restart regardless of the exit status.
-func (rp *RestartPolicy) IsAlways() bool {
-	return rp.Name == "always"
-}
-
-// IsOnFailure indicates whether the container has the "on-failure" restart policy.
-// This means the container will automatically restart of exiting with a non-zero exit status.
-func (rp *RestartPolicy) IsOnFailure() bool {
-	return rp.Name == "on-failure"
-}
-
-// IsUnlessStopped indicates whether the container has the
-// "unless-stopped" restart policy. This means the container will
-// automatically restart unless user has put it to stopped state.
-func (rp *RestartPolicy) IsUnlessStopped() bool {
-	return rp.Name == "unless-stopped"
-}
-
-// IsSame compares two RestartPolicy to see if they are the same
-func (rp *RestartPolicy) IsSame(tp *RestartPolicy) bool {
-	return rp.Name == tp.Name && rp.MaximumRetryCount == tp.MaximumRetryCount
-}
-
-// LogMode is a type to define the available modes for logging
-// These modes affect how logs are handled when log messages start piling up.
-type LogMode string
-
-// Available logging modes
-const (
-	LogModeUnset    LogMode = ""
-	LogModeBlocking LogMode = "blocking"
-	LogModeNonBlock LogMode = "non-blocking"
-)
-
-// LogConfig represents the logging configuration of the container.
-type LogConfig struct {
-	Type   string
-	Config map[string]string
-}
-
-// Resources contains container's resources (cgroups config, ulimits...)
-type Resources struct {
-	// Applicable to all platforms
-	CPUShares int64 `json:"CpuShares"` // CPU shares (relative weight vs. other containers)
-	Memory    int64 // Memory limit (in bytes)
-	NanoCPUs  int64 `json:"NanoCpus"` // CPU quota in units of 10<sup>-9</sup> CPUs.
-
-	// Applicable to UNIX platforms
-	CgroupParent         string // Parent cgroup.
-	BlkioWeight          uint16 // Block IO weight (relative weight vs. other containers)
-	BlkioWeightDevice    []*blkiodev.WeightDevice
-	BlkioDeviceReadBps   []*blkiodev.ThrottleDevice
-	BlkioDeviceWriteBps  []*blkiodev.ThrottleDevice
-	BlkioDeviceReadIOps  []*blkiodev.ThrottleDevice
-	BlkioDeviceWriteIOps []*blkiodev.ThrottleDevice
-	CPUPeriod            int64           `json:"CpuPeriod"`          // CPU CFS (Completely Fair Scheduler) period
-	CPUQuota             int64           `json:"CpuQuota"`           // CPU CFS (Completely Fair Scheduler) quota
-	CPURealtimePeriod    int64           `json:"CpuRealtimePeriod"`  // CPU real-time period
-	CPURealtimeRuntime   int64           `json:"CpuRealtimeRuntime"` // CPU real-time runtime
-	CpusetCpus           string          // CpusetCpus 0-2, 0,1
-	CpusetMems           string          // CpusetMems 0-2, 0,1
-	Devices              []DeviceMapping // List of devices to map inside the container
-	DeviceCgroupRules    []string        // List of rule to be added to the device cgroup
-	DeviceRequests       []DeviceRequest // List of device requests for device drivers
-
-	// KernelMemory specifies the kernel memory limit (in bytes) for the container.
-	// Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes.
-	KernelMemory      int64           `json:",omitempty"`
-	KernelMemoryTCP   int64           `json:",omitempty"` // Hard limit for kernel TCP buffer memory (in bytes)
-	MemoryReservation int64           // Memory soft limit (in bytes)
-	MemorySwap        int64           // Total memory usage (memory + swap); set `-1` to enable unlimited swap
-	MemorySwappiness  *int64          // Tuning container memory swappiness behaviour
-	OomKillDisable    *bool           // Whether to disable OOM Killer or not
-	PidsLimit         *int64          // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change.
-	Ulimits           []*units.Ulimit // List of ulimits to be set in the container
-
-	// Applicable to Windows
-	CPUCount           int64  `json:"CpuCount"`   // CPU count
-	CPUPercent         int64  `json:"CpuPercent"` // CPU percent
-	IOMaximumIOps      uint64 // Maximum IOps for the container system drive
-	IOMaximumBandwidth uint64 // Maximum IO in bytes per second for the container system drive
-}
-
-// UpdateConfig holds the mutable attributes of a Container.
-// Those attributes can be updated at runtime.
-type UpdateConfig struct {
-	// Contains container's resources (cgroups, ulimits)
-	Resources
-	RestartPolicy RestartPolicy
-}
-
-// HostConfig the non-portable Config structure of a container.
-// Here, "non-portable" means "dependent of the host we are running on".
-// Portable information *should* appear in Config.
-type HostConfig struct {
-	// Applicable to all platforms
-	Binds           []string          // List of volume bindings for this container
-	ContainerIDFile string            // File (path) where the containerId is written
-	LogConfig       LogConfig         // Configuration of the logs for this container
-	NetworkMode     NetworkMode       // Network mode to use for the container
-	PortBindings    nat.PortMap       // Port mapping between the exposed port (container) and the host
-	RestartPolicy   RestartPolicy     // Restart policy to be used for the container
-	AutoRemove      bool              // Automatically remove container when it exits
-	VolumeDriver    string            // Name of the volume driver used to mount volumes
-	VolumesFrom     []string          // List of volumes to take from other container
-	ConsoleSize     [2]uint           // Initial console size (height,width)
-	Annotations     map[string]string `json:",omitempty"` // Arbitrary non-identifying metadata attached to container and provided to the runtime
-
-	// Applicable to UNIX platforms
-	CapAdd          strslice.StrSlice // List of kernel capabilities to add to the container
-	CapDrop         strslice.StrSlice // List of kernel capabilities to remove from the container
-	CgroupnsMode    CgroupnsMode      // Cgroup namespace mode to use for the container
-	DNS             []string          `json:"Dns"`        // List of DNS server to lookup
-	DNSOptions      []string          `json:"DnsOptions"` // List of DNSOption to look for
-	DNSSearch       []string          `json:"DnsSearch"`  // List of DNSSearch to look for
-	ExtraHosts      []string          // List of extra hosts
-	GroupAdd        []string          // List of additional groups that the container process will run as
-	IpcMode         IpcMode           // IPC namespace to use for the container
-	Cgroup          CgroupSpec        // Cgroup to use for the container
-	Links           []string          // List of links (in the name:alias form)
-	OomScoreAdj     int               // Container preference for OOM-killing
-	PidMode         PidMode           // PID namespace to use for the container
-	Privileged      bool              // Is the container in privileged mode
-	PublishAllPorts bool              // Should docker publish all exposed port for the container
-	ReadonlyRootfs  bool              // Is the container root filesystem in read-only
-	SecurityOpt     []string          // List of string values to customize labels for MLS systems, such as SELinux.
-	StorageOpt      map[string]string `json:",omitempty"` // Storage driver options per container.
-	Tmpfs           map[string]string `json:",omitempty"` // List of tmpfs (mounts) used for the container
-	UTSMode         UTSMode           // UTS namespace to use for the container
-	UsernsMode      UsernsMode        // The user namespace to use for the container
-	ShmSize         int64             // Total shm memory usage
-	Sysctls         map[string]string `json:",omitempty"` // List of Namespaced sysctls used for the container
-	Runtime         string            `json:",omitempty"` // Runtime to use with this container
-
-	// Applicable to Windows
-	Isolation Isolation // Isolation technology of the container (e.g. default, hyperv)
-
-	// Contains container's resources (cgroups, ulimits)
-	Resources
-
-	// Mounts specs used by the container
-	Mounts []mount.Mount `json:",omitempty"`
-
-	// MaskedPaths is the list of paths to be masked inside the container (this overrides the default set of paths)
-	MaskedPaths []string
-
-	// ReadonlyPaths is the list of paths to be set as read-only inside the container (this overrides the default set of paths)
-	ReadonlyPaths []string
-
-	// Run a custom init inside the container, if null, use the daemon's configured settings
-	Init *bool `json:",omitempty"`
-}
-
-// containerID splits "container:<ID|name>" values. It returns the container
-// ID or name, and whether an ID/name was found. It returns an empty string and
-// a "false" if the value does not have a "container:" prefix. Further validation
-// of the returned, including checking if the value is empty, should be handled
-// by the caller.
-func containerID(val string) (idOrName string, ok bool) {
-	k, v, hasSep := strings.Cut(val, ":")
-	if !hasSep || k != "container" {
-		return "", false
-	}
-	return v, true
-}
-
-// validContainer checks if the given value is a "container:" mode with
-// a non-empty name/ID.
-func validContainer(val string) bool {
-	id, ok := containerID(val)
-	return ok && id != ""
-}

api/types/container/hostconfig_unix.go

@@ -1,4 +1,3 @@
-//go:build !windows
 // +build !windows
 
 package container // import "github.com/docker/docker/api/types/container"

api/types/container/hostconfig_unix_test.go

@@ -1,232 +0,0 @@
-//go:build !windows
-// +build !windows
-
-package container
-
-import (
-	"testing"
-
-	"gotest.tools/v3/assert"
-	is "gotest.tools/v3/assert/cmp"
-)
-
-func TestCgroupnsMode(t *testing.T) {
-	modes := map[CgroupnsMode]struct{ valid, private, host, empty bool }{
-		"":                {valid: true, empty: true},
-		":":               {valid: false},
-		"something":       {valid: false},
-		"something:":      {valid: false},
-		"something:weird": {valid: false},
-		":weird":          {valid: false},
-		"host":            {valid: true, host: true},
-		"host:":           {valid: false},
-		"host:name":       {valid: false},
-		"private":         {valid: true, private: true},
-		"private:name":    {valid: false, private: false},
-	}
-	for mode, expected := range modes {
-		t.Run("mode="+string(mode), func(t *testing.T) {
-			assert.Check(t, is.Equal(mode.IsPrivate(), expected.private))
-			assert.Check(t, is.Equal(mode.IsHost(), expected.host))
-			assert.Check(t, is.Equal(mode.IsEmpty(), expected.empty))
-			assert.Check(t, is.Equal(mode.Valid(), expected.valid))
-		})
-	}
-}
-
-func TestCgroupSpec(t *testing.T) {
-	modes := map[CgroupSpec]struct {
-		valid     bool
-		private   bool
-		host      bool
-		container bool
-		shareable bool
-		ctrName   string
-	}{
-		"":                      {valid: true},
-		":":                     {valid: false},
-		"something":             {valid: false},
-		"something:":            {valid: false},
-		"something:weird":       {valid: false},
-		":weird":                {valid: false},
-		"container":             {valid: false},
-		"container:":            {valid: true, container: true, ctrName: ""},
-		"container:name":        {valid: true, container: true, ctrName: "name"},
-		"container:name1:name2": {valid: true, container: true, ctrName: "name1:name2"},
-	}
-
-	for mode, expected := range modes {
-		t.Run("mode="+string(mode), func(t *testing.T) {
-			assert.Check(t, is.Equal(mode.Valid(), expected.valid))
-			assert.Check(t, is.Equal(mode.IsContainer(), expected.container))
-			assert.Check(t, is.Equal(mode.Container(), expected.ctrName))
-		})
-	}
-}
-
-// TODO Windows: This will need addressing for a Windows daemon.
-func TestNetworkMode(t *testing.T) {
-	// TODO(thaJeztah): we should consider the cases with a colon (":") in the network name to be invalid.
-	modes := map[NetworkMode]struct {
-		private, bridge, host, container, none, isDefault bool
-		name, ctrName                                     string
-	}{
-		"":                      {private: true, name: ""},
-		":":                     {private: true, name: ":"},
-		"something":             {private: true, name: "something"},
-		"something:":            {private: true, name: "something:"},
-		"something:weird":       {private: true, name: "something:weird"},
-		":weird":                {private: true, name: ":weird"},
-		"bridge":                {private: true, bridge: true, name: "bridge"},
-		"host":                  {private: false, host: true, name: "host"},
-		"none":                  {private: true, none: true, name: "none"},
-		"default":               {private: true, isDefault: true, name: "default"},
-		"container":             {private: true, container: false, name: "container", ctrName: ""},
-		"container:":            {private: false, container: true, name: "container", ctrName: ""},
-		"container:name":        {private: false, container: true, name: "container", ctrName: "name"},
-		"container:name1:name2": {private: false, container: true, name: "container", ctrName: "name1:name2"},
-	}
-	for mode, expected := range modes {
-		t.Run("mode="+string(mode), func(t *testing.T) {
-			assert.Check(t, is.Equal(mode.IsPrivate(), expected.private))
-			assert.Check(t, is.Equal(mode.IsBridge(), expected.bridge))
-			assert.Check(t, is.Equal(mode.IsHost(), expected.host))
-			assert.Check(t, is.Equal(mode.IsContainer(), expected.container))
-			assert.Check(t, is.Equal(mode.IsNone(), expected.none))
-			assert.Check(t, is.Equal(mode.IsDefault(), expected.isDefault))
-			assert.Check(t, is.Equal(mode.NetworkName(), expected.name))
-			assert.Check(t, is.Equal(mode.ConnectedContainer(), expected.ctrName))
-		})
-	}
-}
-
-func TestIpcMode(t *testing.T) {
-	ipcModes := map[IpcMode]struct {
-		valid     bool
-		private   bool
-		host      bool
-		container bool
-		shareable bool
-		ctrName   string
-	}{
-		"":                      {valid: true},
-		":":                     {valid: false},
-		"something":             {valid: false},
-		"something:":            {valid: false},
-		"something:weird":       {valid: false},
-		":weird":                {valid: false},
-		"private":               {valid: true, private: true},
-		"host":                  {valid: true, host: true},
-		"host:":                 {valid: false},
-		"host:name":             {valid: false},
-		"container":             {valid: false},
-		"container:":            {valid: true, container: true, ctrName: ""},
-		"container:name":        {valid: true, container: true, ctrName: "name"},
-		"container:name1:name2": {valid: true, container: true, ctrName: "name1:name2"},
-		"shareable":             {valid: true, shareable: true},
-	}
-
-	for mode, expected := range ipcModes {
-		t.Run("mode="+string(mode), func(t *testing.T) {
-			assert.Check(t, is.Equal(mode.Valid(), expected.valid))
-			assert.Check(t, is.Equal(mode.IsPrivate(), expected.private))
-			assert.Check(t, is.Equal(mode.IsHost(), expected.host))
-			assert.Check(t, is.Equal(mode.IsContainer(), expected.container))
-			assert.Check(t, is.Equal(mode.IsShareable(), expected.shareable))
-			assert.Check(t, is.Equal(mode.Container(), expected.ctrName))
-		})
-	}
-}
-
-func TestUTSMode(t *testing.T) {
-	modes := map[UTSMode]struct{ valid, private, host bool }{
-		"":                {valid: true, private: true},
-		":":               {valid: false, private: true},
-		"something":       {valid: false, private: true},
-		"something:":      {valid: false, private: true},
-		"something:weird": {valid: false, private: true},
-		":weird":          {valid: false, private: true},
-		"host":            {valid: true, private: false, host: true},
-		"host:":           {valid: false, private: true},
-		"host:name":       {valid: false, private: true},
-	}
-	for mode, expected := range modes {
-		t.Run("mode="+string(mode), func(t *testing.T) {
-			assert.Check(t, is.Equal(mode.IsPrivate(), expected.private))
-			assert.Check(t, is.Equal(mode.IsHost(), expected.host))
-			assert.Check(t, is.Equal(mode.Valid(), expected.valid))
-		})
-
-	}
-}
-
-func TestUsernsMode(t *testing.T) {
-	modes := map[UsernsMode]struct{ valid, private, host bool }{
-		"":                {valid: true, private: true},
-		":":               {valid: false, private: true},
-		"something":       {valid: false, private: true},
-		"something:":      {valid: false, private: true},
-		"something:weird": {valid: false, private: true},
-		":weird":          {valid: false, private: true},
-		"host":            {valid: true, private: false, host: true},
-		"host:":           {valid: false, private: true},
-		"host:name":       {valid: false, private: true},
-	}
-	for mode, expected := range modes {
-		t.Run("mode="+string(mode), func(t *testing.T) {
-			assert.Check(t, is.Equal(mode.Valid(), expected.valid))
-			assert.Check(t, is.Equal(mode.IsPrivate(), expected.private))
-			assert.Check(t, is.Equal(mode.IsHost(), expected.host))
-		})
-	}
-}
-
-func TestPidMode(t *testing.T) {
-	modes := map[PidMode]struct {
-		valid     bool
-		private   bool
-		host      bool
-		container bool
-		ctrName   string
-	}{
-		"":                      {valid: true, private: true},
-		":":                     {valid: false, private: true},
-		"something":             {valid: false, private: true},
-		"something:":            {valid: false, private: true},
-		"something:weird":       {valid: false, private: true},
-		":weird":                {valid: false, private: true},
-		"host":                  {valid: true, private: false, host: true},
-		"host:":                 {valid: false, private: true},
-		"host:name":             {valid: false, private: true},
-		"container":             {valid: false, private: true},
-		"container:":            {valid: false, private: false, container: true, ctrName: ""},
-		"container:name":        {valid: true, private: false, container: true, ctrName: "name"},
-		"container:name1:name2": {valid: true, private: false, container: true, ctrName: "name1:name2"},
-	}
-	for mode, expected := range modes {
-		t.Run("mode="+string(mode), func(t *testing.T) {
-			assert.Check(t, is.Equal(mode.Valid(), expected.valid))
-			assert.Check(t, is.Equal(mode.IsPrivate(), expected.private))
-			assert.Check(t, is.Equal(mode.IsHost(), expected.host))
-			assert.Check(t, is.Equal(mode.IsContainer(), expected.container))
-			assert.Check(t, is.Equal(mode.Container(), expected.ctrName))
-		})
-	}
-}
-
-func TestRestartPolicy(t *testing.T) {
-	policies := map[RestartPolicy]struct{ none, always, onFailure bool }{
-		{Name: "", MaximumRetryCount: 0}:           {none: true, always: false, onFailure: false},
-		{Name: "something", MaximumRetryCount: 0}:  {none: false, always: false, onFailure: false},
-		{Name: "no", MaximumRetryCount: 0}:         {none: true, always: false, onFailure: false},
-		{Name: "always", MaximumRetryCount: 0}:     {none: false, always: true, onFailure: false},
-		{Name: "on-failure", MaximumRetryCount: 0}: {none: false, always: false, onFailure: true},
-	}
-	for policy, expected := range policies {
-		t.Run("policy="+policy.Name, func(t *testing.T) {
-			assert.Check(t, is.Equal(policy.IsNone(), expected.none))
-			assert.Check(t, is.Equal(policy.IsAlways(), expected.always))
-			assert.Check(t, is.Equal(policy.IsOnFailure(), expected.onFailure))
-		})
-	}
-}

api/types/container/wait_exit_error.go

@@ -1,12 +0,0 @@
-package container
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
-
-// WaitExitError container waiting error, if any
-// swagger:model WaitExitError
-type WaitExitError struct {
-
-	// Details of an error
-	Message string `json:"Message,omitempty"`
-}

api/types/container/wait_response.go

@@ -1,18 +0,0 @@
-package container
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
-
-// WaitResponse ContainerWaitResponse
-//
-// OK response to ContainerWait operation
-// swagger:model WaitResponse
-type WaitResponse struct {
-
-	// error
-	Error *WaitExitError `json:"Error,omitempty"`
-
-	// Exit code of the container
-	// Required: true
-	StatusCode int64 `json:"StatusCode"`
-}

api/types/events/events.go

@@ -1,26 +1,33 @@
 package events // import "github.com/docker/docker/api/types/events"
 
-// Type is used for event-types.
-type Type = string
-
-// List of known event types.
 const (
-	BuilderEventType   Type = "builder"   // BuilderEventType is the event type that the builder generates.
-	ConfigEventType    Type = "config"    // ConfigEventType is the event type that configs generate.
-	ContainerEventType Type = "container" // ContainerEventType is the event type that containers generate.
-	DaemonEventType    Type = "daemon"    // DaemonEventType is the event type that daemon generate.
-	ImageEventType     Type = "image"     // ImageEventType is the event type that images generate.
-	NetworkEventType   Type = "network"   // NetworkEventType is the event type that networks generate.
-	NodeEventType      Type = "node"      // NodeEventType is the event type that nodes generate.
-	PluginEventType    Type = "plugin"    // PluginEventType is the event type that plugins generate.
-	SecretEventType    Type = "secret"    // SecretEventType is the event type that secrets generate.
-	ServiceEventType   Type = "service"   // ServiceEventType is the event type that services generate.
-	VolumeEventType    Type = "volume"    // VolumeEventType is the event type that volumes generate.
+	// BuilderEventType is the event type that the builder generates
+	BuilderEventType = "builder"
+	// ContainerEventType is the event type that containers generate
+	ContainerEventType = "container"
+	// DaemonEventType is the event type that daemon generate
+	DaemonEventType = "daemon"
+	// ImageEventType is the event type that images generate
+	ImageEventType = "image"
+	// NetworkEventType is the event type that networks generate
+	NetworkEventType = "network"
+	// PluginEventType is the event type that plugins generate
+	PluginEventType = "plugin"
+	// VolumeEventType is the event type that volumes generate
+	VolumeEventType = "volume"
+	// ServiceEventType is the event type that services generate
+	ServiceEventType = "service"
+	// NodeEventType is the event type that nodes generate
+	NodeEventType = "node"
+	// SecretEventType is the event type that secrets generate
+	SecretEventType = "secret"
+	// ConfigEventType is the event type that configs generate
+	ConfigEventType = "config"
 )
 
 // Actor describes something that generates events,
 // like a container, or a network, or a volume.
-// It has a defined name and a set of attributes.
+// It has a defined name and a set or attributes.
 // The container attributes are its labels, other actors
 // can generate these attributes from other properties.
 type Actor struct {
@@ -32,11 +39,11 @@ type Actor struct {
 type Message struct {
 	// Deprecated information from JSONMessage.
 	// With data only in container events.
-	Status string `json:"status,omitempty"` // Deprecated: use Action instead.
-	ID     string `json:"id,omitempty"`     // Deprecated: use Actor.ID instead.
-	From   string `json:"from,omitempty"`   // Deprecated: use Actor.Attributes["image"] instead.
+	Status string `json:"status,omitempty"`
+	ID     string `json:"id,omitempty"`
+	From   string `json:"from,omitempty"`
 
-	Type   Type
+	Type   string
 	Action string
 	Actor  Actor
 	// Engine events are local scope. Cluster events are swarm scope.

api/types/filters/errors.go

@@ -1,37 +0,0 @@
-package filters
-
-import "fmt"
-
-// invalidFilter indicates that the provided filter or its value is invalid
-type invalidFilter struct {
-	Filter string
-	Value  []string
-}
-
-func (e invalidFilter) Error() string {
-	msg := "invalid filter"
-	if e.Filter != "" {
-		msg += " '" + e.Filter
-		if e.Value != nil {
-			msg = fmt.Sprintf("%s=%s", msg, e.Value)
-		}
-		msg += "'"
-	}
-	return msg
-}
-
-// InvalidParameter marks this error as ErrInvalidParameter
-func (e invalidFilter) InvalidParameter() {}
-
-// unreachableCode is an error indicating that the code path was not expected to be reached.
-type unreachableCode struct {
-	Filter string
-	Value  []string
-}
-
-// System marks this error as ErrSystem
-func (e unreachableCode) System() {}
-
-func (e unreachableCode) Error() string {
-	return fmt.Sprintf("unreachable code reached for filter: %q with values: %s", e.Filter, e.Value)
-}