Merge commit from fork

[24.0] AuthZ plugin security fixes
If url includes scheme, urlPath will drop hostname, which would not match the auth check
2026-01-12 19:21:41 +00:00 · 2024-07-23 21:36:28 +02:00 · 2024-07-17 13:10:06 +02:00 · 2024-07-17 13:10:04 +02:00 · 2024-04-30 15:43:23 +02:00 · 2024-04-30 20:45:24 +09:00
4516 changed files with 152927 additions and 309516 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,13 +0,0 @@
-{
-  "name": "moby",
-  "build": {
-    "context": "..",
-    "dockerfile": "../Dockerfile",
-    "target": "dev"
-  },
-  "workspaceFolder": "/go/src/github.com/docker/docker",
-  "workspaceMount": "source=${localWorkspaceFolder},target=/go/src/github.com/docker/docker,type=bind,consistency=cached",
-
-  "remoteUser": "root",
-  "runArgs": ["--privileged"]
-}
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -5,6 +5,7 @@

 builder/**                              @tonistiigi
 contrib/mkimage/**                      @tianon
+daemon/graphdriver/devmapper/**         @rhvgoyal
 daemon/graphdriver/overlay2/**          @dmcgowan
 daemon/graphdriver/windows/**           @johnstep
 daemon/logger/awslogs/**                @samuelkarp  
--- a/.github/actions/setup-tracing/action.yml
+++ b/.github/actions/setup-tracing/action.yml
@@ -1,14 +0,0 @@
-name: 'Setup Tracing'
-description: 'Composite action to set up the tracing for test jobs'
-
-runs:
-  using: composite
-  steps:
-    - run: |
-        set -e
-        # Jaeger is set up on Windows through an inline run step. If you update Jaeger here, don't forget to update
-        # the version set in .github/workflows/.windows.yml.
-        docker run -d --net=host --name jaeger -e COLLECTOR_OTLP_ENABLED=true jaegertracing/all-in-one:1.46
-        docker0_ip="$(ip -f inet addr show docker0 | grep -Po 'inet \K[\d.]+')"
-        echo "OTEL_EXPORTER_OTLP_ENDPOINT=http://${docker0_ip}:4318" >> "${GITHUB_ENV}"
-      shell: bash
--- a/.github/workflows/.test-prepare.yml
+++ b/.github/workflows/.test-prepare.yml
@@ -1,35 +0,0 @@
-# reusable workflow
-name: .test-prepare
-
-# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
-
-on:
-  workflow_call:
-    outputs:
-      matrix:
-        description: Test matrix
-        value: ${{ jobs.run.outputs.matrix }}
-
-jobs:
-  run:
-    runs-on: ubuntu-20.04
-    outputs:
-      matrix: ${{ steps.set.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Create matrix
-        id: set
-        uses: actions/github-script@v6
-        with:
-          script: |
-            let matrix = ['graphdriver'];
-            if ("${{ contains(github.event.pull_request.labels.*.name, 'containerd-integration') || github.event_name != 'pull_request' }}" == "true") {
-              matrix.push('snapshotter');
-            }
-            await core.group(`Set matrix`, async () => {
-              core.info(`matrix: ${JSON.stringify(matrix)}`);
-              core.setOutput('matrix', JSON.stringify(matrix));
-            });
--- a/.github/workflows/.test.yml
+++ b/.github/workflows/.test.yml
@@ -1,430 +0,0 @@
-# reusable workflow
-name: .test
-
-# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
-
-on:
-  workflow_call:
-    inputs:
-      storage:
-        required: true
-        type: string
-        default: "graphdriver"
-
-env:
-  GO_VERSION: "1.21.6"
-  GOTESTLIST_VERSION: v0.3.1
-  TESTSTAT_VERSION: v0.1.3
-  ITG_CLI_MATRIX_SIZE: 6
-  DOCKER_EXPERIMENTAL: 1
-  DOCKER_GRAPHDRIVER: ${{ inputs.storage == 'snapshotter' && 'overlayfs' || 'overlay2' }}
-  TEST_INTEGRATION_USE_SNAPSHOTTER: ${{ inputs.storage == 'snapshotter' && '1' || '' }}
-
-jobs:
-  unit:
-    runs-on: ubuntu-20.04
-    continue-on-error: ${{ github.event_name != 'pull_request' }}
-    timeout-minutes: 120
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build dev image
-        uses: docker/bake-action@v2
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Test
-        run: |
-          make -o build test-unit
-      -
-        name: Prepare reports
-        if: always()
-        run: |
-          mkdir -p bundles /tmp/reports
-          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
-          tar -xzf /tmp/reports.tar.gz -C /tmp/reports
-          sudo chown -R $(id -u):$(id -g) /tmp/reports
-          tree -nh /tmp/reports
-      -
-        name: Send to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          directory: ./bundles
-          env_vars: RUNNER_OS
-          flags: unit
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ inputs.storage }}-unit-reports
-          path: /tmp/reports/*
-
-  unit-report:
-    runs-on: ubuntu-20.04
-    continue-on-error: ${{ github.event_name != 'pull_request' }}
-    timeout-minutes: 10
-    if: always()
-    needs:
-      - unit
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download reports
-        uses: actions/download-artifact@v3
-        with:
-          name: ${{ inputs.storage }}-unit-reports
-          path: /tmp/reports
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
-
-  docker-py:
-    runs-on: ubuntu-20.04
-    continue-on-error: ${{ github.event_name != 'pull_request' }}
-    timeout-minutes: 120
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up tracing
-        uses: ./.github/actions/setup-tracing
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build dev image
-        uses: docker/bake-action@v2
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Test
-        run: |
-          make -o build test-docker-py
-      -
-        name: Prepare reports
-        if: always()
-        run: |
-          mkdir -p bundles /tmp/reports
-          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
-          tar -xzf /tmp/reports.tar.gz -C /tmp/reports
-          sudo chown -R $(id -u):$(id -g) /tmp/reports
-          tree -nh /tmp/reports
-
-          curl -sSLf localhost:16686/api/traces?service=integration-test-client > /tmp/reports/jaeger-trace.json
-      -
-        name: Test daemon logs
-        if: always()
-        run: |
-          cat bundles/test-docker-py/docker.log
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ inputs.storage }}-docker-py-reports
-          path: /tmp/reports/*
-
-  integration-flaky:
-    runs-on: ubuntu-20.04
-    continue-on-error: ${{ github.event_name != 'pull_request' }}
-    timeout-minutes: 120
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build dev image
-        uses: docker/bake-action@v2
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Test
-        run: |
-          make -o build test-integration-flaky
-        env:
-          TEST_SKIP_INTEGRATION_CLI: 1
-
-  integration:
-    runs-on: ${{ matrix.os }}
-    continue-on-error: ${{ github.event_name != 'pull_request' }}
-    timeout-minutes: 120
-    strategy:
-      fail-fast: false
-      matrix:
-        os:
-          - ubuntu-20.04
-          - ubuntu-22.04
-        mode:
-          - ""
-          - rootless
-          - systemd
-          #- rootless-systemd FIXME: https://github.com/moby/moby/issues/44084
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up tracing
-        uses: ./.github/actions/setup-tracing
-      -
-        name: Prepare
-        run: |
-          CACHE_DEV_SCOPE=dev
-          if [[ "${{ matrix.mode }}" == *"rootless"* ]]; then
-            echo "DOCKER_ROOTLESS=1" >> $GITHUB_ENV
-          fi
-          if [[ "${{ matrix.mode }}" == *"systemd"* ]]; then
-            echo "SYSTEMD=true" >> $GITHUB_ENV
-            CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}systemd"
-          fi
-          echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build dev image
-        uses: docker/bake-action@v2
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=${{ env.CACHE_DEV_SCOPE }}
-      -
-        name: Test
-        run: |
-          make -o build test-integration
-        env:
-          TEST_SKIP_INTEGRATION_CLI: 1
-          TESTCOVERAGE: 1
-      -
-        name: Prepare reports
-        if: always()
-        run: |
-          reportsPath="/tmp/reports/${{ matrix.os }}"
-          if [ -n "${{ matrix.mode }}" ]; then
-            reportsPath="$reportsPath-${{ matrix.mode }}"
-          fi
-          mkdir -p bundles $reportsPath
-          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
-          tar -xzf /tmp/reports.tar.gz -C $reportsPath
-          sudo chown -R $(id -u):$(id -g) $reportsPath
-          tree -nh $reportsPath
-
-          curl -sSLf localhost:16686/api/traces?service=integration-test-client > $reportsPath/jaeger-trace.json
-      -
-        name: Send to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          directory: ./bundles/test-integration
-          env_vars: RUNNER_OS
-          flags: integration,${{ matrix.mode }}
-      -
-        name: Test daemon logs
-        if: always()
-        run: |
-          cat bundles/test-integration/docker.log
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ inputs.storage }}-integration-reports
-          path: /tmp/reports/*
-
-  integration-report:
-    runs-on: ubuntu-20.04
-    continue-on-error: ${{ github.event_name != 'pull_request' }}
-    timeout-minutes: 10
-    if: always()
-    needs:
-      - integration
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download reports
-        uses: actions/download-artifact@v3
-        with:
-          name: ${{ inputs.storage }}-integration-reports
-          path: /tmp/reports
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
-
-  integration-cli-prepare:
-    runs-on: ubuntu-20.04
-    continue-on-error: ${{ github.event_name != 'pull_request' }}
-    outputs:
-      matrix: ${{ steps.tests.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Install gotestlist
-        run:
-          go install github.com/crazy-max/gotestlist/cmd/gotestlist@${{ env.GOTESTLIST_VERSION }}
-      -
-        name: Create matrix
-        id: tests
-        working-directory: ./integration-cli
-        run: |
-          # This step creates a matrix for integration-cli tests. Tests suites
-          # are distributed in integration-cli job through a matrix. There is
-          # also overrides being added to the matrix like "./..." to run
-          # "Test integration" step exclusively and specific tests suites that
-          # take a long time to run.
-          matrix="$(gotestlist -d ${{ env.ITG_CLI_MATRIX_SIZE }} -o "./..." -o "DockerSwarmSuite" -o "DockerNetworkSuite|DockerExternalVolumeSuite" ./...)"
-          echo "matrix=$matrix" >> $GITHUB_OUTPUT
-      -
-        name: Show matrix
-        run: |
-          echo ${{ steps.tests.outputs.matrix }}
-
-  integration-cli:
-    runs-on: ubuntu-20.04
-    continue-on-error: ${{ github.event_name != 'pull_request' }}
-    timeout-minutes: 120
-    needs:
-      - integration-cli-prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        test: ${{ fromJson(needs.integration-cli-prepare.outputs.matrix) }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up runner
-        uses: ./.github/actions/setup-runner
-      -
-        name: Set up tracing
-        uses: ./.github/actions/setup-tracing
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build dev image
-        uses: docker/bake-action@v2
-        with:
-          targets: dev
-          set: |
-            dev.cache-from=type=gha,scope=dev
-      -
-        name: Test
-        run: |
-          make -o build test-integration
-        env:
-          TEST_SKIP_INTEGRATION: 1
-          TESTCOVERAGE: 1
-          TESTFLAGS: "-test.run (${{ matrix.test }})/"
-      -
-        name: Prepare reports
-        if: always()
-        run: |
-          reportsPath=/tmp/reports/$(echo -n "${{ matrix.test }}" | sha256sum | cut -d " " -f 1)
-          mkdir -p bundles $reportsPath
-          echo "${{ matrix.test }}" | tr -s '|' '\n' | tee -a "$reportsPath/tests.txt"
-          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
-          tar -xzf /tmp/reports.tar.gz -C $reportsPath
-          sudo chown -R $(id -u):$(id -g) $reportsPath
-          tree -nh $reportsPath
-
-          curl -sSLf localhost:16686/api/traces?service=integration-test-client > $reportsPath/jaeger-trace.json
-      -
-        name: Send to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          directory: ./bundles/test-integration
-          env_vars: RUNNER_OS
-          flags: integration-cli
-      -
-        name: Test daemon logs
-        if: always()
-        run: |
-          cat bundles/test-integration/docker.log
-      -
-        name: Upload reports
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ inputs.storage }}-integration-cli-reports
-          path: /tmp/reports/*
-
-  integration-cli-report:
-    runs-on: ubuntu-20.04
-    continue-on-error: ${{ github.event_name != 'pull_request' }}
-    timeout-minutes: 10
-    if: always()
-    needs:
-      - integration-cli
-    steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      -
-        name: Download reports
-        uses: actions/download-artifact@v3
-        with:
-          name: ${{ inputs.storage }}-integration-cli-reports
-          path: /tmp/reports
-      -
-        name: Install teststat
-        run: |
-          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-      -
-        name: Create summary
-        run: |
-          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
--- a/.github/workflows/.windows.yml
+++ b/.github/workflows/.windows.yml
@@ -9,17 +9,13 @@ on:
      os:
        required: true
        type: string
-      storage:
-        required: true
-        type: string
-        default: "graphdriver"
      send_coverage:
        required: false
        type: boolean
        default: false

 env:
-  GO_VERSION: "1.21.6"
+  GO_VERSION: "1.20.13"
  GOTESTLIST_VERSION: v0.3.1
  TESTSTAT_VERSION: v0.1.3
  WINDOWS_BASE_IMAGE: mcr.microsoft.com/windows/servercore
@@ -79,12 +75,9 @@ jobs:
      -
        name: Build base image
        run: |
-          & docker build `
-            --build-arg WINDOWS_BASE_IMAGE `
-            --build-arg WINDOWS_BASE_IMAGE_TAG `
-            --build-arg GO_VERSION `
-            -t ${{ env.TEST_IMAGE_NAME }} `
-            -f Dockerfile.windows .
+          docker pull ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }}
+          docker tag ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }} microsoft/windowsservercore
+          docker build --build-arg GO_VERSION -t ${{ env.TEST_IMAGE_NAME }} -f Dockerfile.windows .
      -
        name: Build binaries
        run: |
@@ -105,7 +98,7 @@ jobs:
        name: Upload artifacts
        uses: actions/upload-artifact@v3
        with:
-          name: build-${{ inputs.storage }}-${{ inputs.os }}
+          name: build-${{ inputs.os }}
          path: ${{ env.BIN_OUT }}/*
          if-no-files-found: error
          retention-days: 2
@@ -159,12 +152,9 @@ jobs:
      -
        name: Build base image
        run: |
-          & docker build `
-            --build-arg WINDOWS_BASE_IMAGE `
-            --build-arg WINDOWS_BASE_IMAGE_TAG `
-            --build-arg GO_VERSION `
-            -t ${{ env.TEST_IMAGE_NAME }} `
-            -f Dockerfile.windows .
+          docker pull ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }}
+          docker tag ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }} microsoft/windowsservercore
+          docker build --build-arg GO_VERSION -t ${{ env.TEST_IMAGE_NAME }} -f Dockerfile.windows .
      -
        name: Test
        run: |
@@ -187,7 +177,7 @@ jobs:
        if: always()
        uses: actions/upload-artifact@v3
        with:
-          name: ${{ inputs.os }}-${{ inputs.storage }}-unit-reports
+          name: ${{ inputs.os }}-unit-reports
          path: ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*

  unit-test-report:
@@ -205,7 +195,7 @@ jobs:
        name: Download artifacts
        uses: actions/download-artifact@v3
        with:
-          name: ${{ inputs.os }}-${{ inputs.storage }}-unit-reports
+          name: ${{ inputs.os }}-unit-reports
          path: /tmp/artifacts
      -
        name: Install teststat
@@ -251,7 +241,6 @@ jobs:

  integration-test:
    runs-on: ${{ inputs.os }}
-    continue-on-error: ${{ inputs.storage == 'snapshotter' && github.event_name != 'pull_request' }}
    timeout-minutes: 120
    needs:
      - build
@@ -259,15 +248,10 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        storage:
-          - ${{ inputs.storage }}
        runtime:
          - builtin
          - containerd
        test: ${{ fromJson(needs.integration-test-prepare.outputs.matrix) }}
-        exclude:
-          - storage: snapshotter
-            runtime: builtin
    env:
      GOPATH: ${{ github.workspace }}\go
      GOBIN: ${{ github.workspace }}\go\bin
@@ -281,15 +265,6 @@ jobs:
        uses: actions/checkout@v3
        with:
          path: ${{ env.GOPATH }}/src/github.com/docker/docker
-      -
-        run: |
-          # Jaeger is set up on Linux through the setup-tracing action. If you update Jaeger here, don't forget to
-          # update the version set in .github/actions/setup-tracing/action.yml.
-          Invoke-WebRequest -Uri "https://github.com/jaegertracing/jaeger/releases/download/v1.46.0/jaeger-1.46.0-windows-amd64.tar.gz" -OutFile ".\jaeger-1.46.0-windows-amd64.tar.gz"
-          tar -zxvf ".\jaeger-1.46.0-windows-amd64.tar.gz"
-          Start-Process '.\jaeger-1.46.0-windows-amd64\jaeger-all-in-one.exe'
-          echo "OTEL_EXPORTER_OTLP_ENDPOINT=http://127.0.0.1:4318" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-        shell: pwsh
      -
        name: Env
        run: |
@@ -298,7 +273,7 @@ jobs:
        name: Download artifacts
        uses: actions/download-artifact@v3
        with:
-          name: build-${{ inputs.storage }}-${{ inputs.os }}
+          name: build-${{ inputs.os }}
          path: ${{ env.BIN_OUT }}
      -
        name: Init
@@ -367,11 +342,6 @@ jobs:
              "--exec-root=$env:TEMP\moby-exec", `
              "--pidfile=$env:TEMP\docker.pid", `
              "--register-service"
-          If ("${{ inputs.storage }}" -eq "snapshotter") {
-            # Make the env-var visible to the service-managed dockerd, as there's no CLI flag for this option.
-            & reg add "HKLM\SYSTEM\CurrentControlSet\Services\docker" /v Environment /t REG_MULTI_SZ /s '@' /d TEST_INTEGRATION_USE_SNAPSHOTTER=1 
-            echo "TEST_INTEGRATION_USE_SNAPSHOTTER=1" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
-          }
          Write-Host "Starting service"
          Start-Service -Name docker
          Write-Host "Service started successfully!"
@@ -488,38 +458,25 @@ jobs:
              Sort-Object @{Expression="TimeCreated";Descending=$false} |
              ForEach-Object {"$($_.TimeCreated.ToUniversalTime().ToString("o")) [$($_.LevelDisplayName)] $($_.Message)"} |
              Tee-Object -file ".\bundles\daemon.log"
-      -
-        name: Download Jaeger traces
-        if: always()
-        run: |
-          Invoke-WebRequest `
-            -Uri "http://127.0.0.1:16686/api/traces?service=integration-test-client" `
-            -OutFile ".\bundles\jaeger-trace.json"
      -
        name: Upload reports
        if: always()
        uses: actions/upload-artifact@v3
        with:
-          name: ${{ inputs.os }}-${{ inputs.storage }}-integration-reports-${{ matrix.runtime }}
+          name: ${{ inputs.os }}-integration-reports-${{ matrix.runtime }}
          path: ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*

  integration-test-report:
    runs-on: ubuntu-latest
-    continue-on-error: ${{ inputs.storage == 'snapshotter' && github.event_name != 'pull_request' }}
    if: always()
    needs:
      - integration-test
    strategy:
      fail-fast: false
      matrix:
-        storage:
-          - ${{ inputs.storage }}
        runtime:
          - builtin
          - containerd
-        exclude:
-          - storage: snapshotter
-            runtime: builtin
    steps:
      -
        name: Set up Go
@@ -530,7 +487,7 @@ jobs:
        name: Download artifacts
        uses: actions/download-artifact@v3
        with:
-          name: ${{ inputs.os }}-${{ inputs.storage }}-integration-reports-${{ matrix.runtime }}
+          name: ${{ inputs.os }}-integration-reports-${{ matrix.runtime }}
          path: /tmp/artifacts
      -
        name: Install teststat
--- a/.github/workflows/buildkit.yml
+++ b/.github/workflows/buildkit.yml
@@ -13,7 +13,8 @@ on:
  pull_request:

 env:
-  GO_VERSION: "1.21.6"
+  ALPINE_VERSION: "3.18"
+  GO_VERSION: "1.20.12"
  DESTDIR: ./build

 jobs:
@@ -73,12 +74,6 @@ jobs:
            disabledFeatures="${disabledFeatures},merge_diff"
          fi
          echo "BUILDKIT_TEST_DISABLE_FEATURES=${disabledFeatures}" >> $GITHUB_ENV
-      # Expose `ACTIONS_RUNTIME_TOKEN` and `ACTIONS_CACHE_URL`, which is used
-      # in BuildKit's test suite to skip/unskip cache exporters:
-      # https://github.com/moby/buildkit/blob/567a99433ca23402d5e9b9f9124005d2e59b8861/client/client_test.go#L5407-L5411
-      -
-        name: Expose GitHub Runtime
-        uses: crazy-max/ghaction-github-runtime@v2
      -
        name: Checkout
        uses: actions/checkout@v3
@@ -124,5 +119,6 @@ jobs:
          TEST_DOCKERD: "1"
          TEST_DOCKERD_BINARY: "./build/moby/dockerd"
          TESTPKGS: "./${{ matrix.pkg }}"
-          TESTFLAGS: "-v --parallel=1 --timeout=30m --run=//worker=${{ matrix.worker }}$"
+          # Skip buildkit tests checking the digest (see https://github.com/moby/buildkit/pull/3736)
+          TESTFLAGS: "-v --parallel=1 --timeout=30m --run=/^Test([^R]|.[^e]|..[^p]|...[^r]|....[^o]|.....[^S])/worker=${{ matrix.worker }}$"
        working-directory: buildkit
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -13,7 +13,12 @@ on:
  pull_request:

 env:
-  GO_VERSION: "1.21.6"
+  GO_VERSION: "1.20.13"
+  GOTESTLIST_VERSION: v0.3.1
+  TESTSTAT_VERSION: v0.1.3
+  ITG_CLI_MATRIX_SIZE: 6
+  DOCKER_EXPERIMENTAL: 1
+  DOCKER_GRAPHDRIVER: overlay2

 jobs:
  validate-dco:
@@ -52,20 +57,6 @@ jobs:
            *.cache-to=type=gha,scope=dev${{ matrix.mode }},mode=max
            *.output=type=cacheonly

-  test:
-    needs:
-      - build-dev
-      - validate-dco
-    uses: ./.github/workflows/.test.yml
-    strategy:
-      fail-fast: false
-      matrix:
-        storage:
-          - graphdriver
-          - snapshotter
-    with:
-      storage: ${{ matrix.storage }}
-
  validate-prepare:
    runs-on: ubuntu-20.04
    needs:
@@ -80,7 +71,7 @@ jobs:
        name: Create matrix
        id: scripts
        run: |
-          scripts=$(cd ./hack/validate && jq -nc '$ARGS.positional - ["all", "default", "dco"] | map(select(test("[.]")|not)) + ["generate-files"]' --args *)
+          scripts=$(jq -ncR '[inputs]' <<< "$(ls -I .validate -I all -I default -I dco -I golangci-lint.yml -I yamllint.yaml -A ./hack/validate/)")
          echo "matrix=$scripts" >> $GITHUB_OUTPUT
      -
        name: Show matrix
@@ -121,7 +112,402 @@ jobs:
        run: |
          make -o build validate-${{ matrix.script }}

-  smoke-prepare:
+  unit:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 120
+    needs:
+      - build-dev
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up runner
+        uses: ./.github/actions/setup-runner
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Build dev image
+        uses: docker/bake-action@v2
+        with:
+          targets: dev
+          set: |
+            dev.cache-from=type=gha,scope=dev
+      -
+        name: Test
+        run: |
+          make -o build test-unit
+      -
+        name: Prepare reports
+        if: always()
+        run: |
+          mkdir -p bundles /tmp/reports
+          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
+          tar -xzf /tmp/reports.tar.gz -C /tmp/reports
+          sudo chown -R $(id -u):$(id -g) /tmp/reports
+          tree -nh /tmp/reports
+      -
+        name: Send to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          directory: ./bundles
+          env_vars: RUNNER_OS
+          flags: unit
+      -
+        name: Upload reports
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: unit-reports
+          path: /tmp/reports/*
+
+  unit-report:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 10
+    if: always()
+    needs:
+      - unit
+    steps:
+      -
+        name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      -
+        name: Download reports
+        uses: actions/download-artifact@v3
+        with:
+          name: unit-reports
+          path: /tmp/reports
+      -
+        name: Install teststat
+        run: |
+          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
+      -
+        name: Create summary
+        run: |
+          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
+
+  docker-py:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 120
+    needs:
+      - build-dev
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up runner
+        uses: ./.github/actions/setup-runner
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Build dev image
+        uses: docker/bake-action@v2
+        with:
+          targets: dev
+          set: |
+            dev.cache-from=type=gha,scope=dev
+      -
+        name: Test
+        run: |
+          make -o build test-docker-py
+      -
+        name: Prepare reports
+        if: always()
+        run: |
+          mkdir -p bundles /tmp/reports
+          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
+          tar -xzf /tmp/reports.tar.gz -C /tmp/reports
+          sudo chown -R $(id -u):$(id -g) /tmp/reports
+          tree -nh /tmp/reports
+      -
+        name: Test daemon logs
+        if: always()
+        run: |
+          cat bundles/test-docker-py/docker.log
+      -
+        name: Upload reports
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: docker-py-reports
+          path: /tmp/reports/*
+
+  integration-flaky:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 120
+    needs:
+      - build-dev
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up runner
+        uses: ./.github/actions/setup-runner
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Build dev image
+        uses: docker/bake-action@v2
+        with:
+          targets: dev
+          set: |
+            dev.cache-from=type=gha,scope=dev
+      -
+        name: Test
+        run: |
+          make -o build test-integration-flaky
+        env:
+          TEST_SKIP_INTEGRATION_CLI: 1
+
+  integration:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 120
+    needs:
+      - build-dev
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-20.04
+          - ubuntu-22.04
+        mode:
+          - ""
+          - rootless
+          - systemd
+          #- rootless-systemd FIXME: https://github.com/moby/moby/issues/44084
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up runner
+        uses: ./.github/actions/setup-runner
+      -
+        name: Prepare
+        run: |
+          CACHE_DEV_SCOPE=dev
+          if [[ "${{ matrix.mode }}" == *"rootless"* ]]; then
+            echo "DOCKER_ROOTLESS=1" >> $GITHUB_ENV
+          fi
+          if [[ "${{ matrix.mode }}" == *"systemd"* ]]; then
+            echo "SYSTEMD=true" >> $GITHUB_ENV
+            CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}systemd"
+          fi
+          echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Build dev image
+        uses: docker/bake-action@v2
+        with:
+          targets: dev
+          set: |
+            dev.cache-from=type=gha,scope=${{ env.CACHE_DEV_SCOPE }}
+      -
+        name: Test
+        run: |
+          make -o build test-integration
+        env:
+          TEST_SKIP_INTEGRATION_CLI: 1
+          TESTCOVERAGE: 1
+      -
+        name: Prepare reports
+        if: always()
+        run: |
+          reportsPath="/tmp/reports/${{ matrix.os }}"
+          if [ -n "${{ matrix.mode }}" ]; then
+            reportsPath="$reportsPath-${{ matrix.mode }}"
+          fi
+          mkdir -p bundles $reportsPath
+          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
+          tar -xzf /tmp/reports.tar.gz -C $reportsPath
+          sudo chown -R $(id -u):$(id -g) $reportsPath
+          tree -nh $reportsPath
+      -
+        name: Send to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          directory: ./bundles/test-integration
+          env_vars: RUNNER_OS
+          flags: integration,${{ matrix.mode }}
+      -
+        name: Test daemon logs
+        if: always()
+        run: |
+          cat bundles/test-integration/docker.log
+      -
+        name: Upload reports
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: integration-reports
+          path: /tmp/reports/*
+
+  integration-report:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 10
+    if: always()
+    needs:
+      - integration
+    steps:
+      -
+        name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      -
+        name: Download reports
+        uses: actions/download-artifact@v3
+        with:
+          name: integration-reports
+          path: /tmp/reports
+      -
+        name: Install teststat
+        run: |
+          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
+      -
+        name: Create summary
+        run: |
+          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
+
+  integration-cli-prepare:
+    runs-on: ubuntu-20.04
+    needs:
+      - validate-dco
+    outputs:
+      matrix: ${{ steps.tests.outputs.matrix }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      -
+        name: Install gotestlist
+        run:
+          go install github.com/crazy-max/gotestlist/cmd/gotestlist@${{ env.GOTESTLIST_VERSION }}
+      -
+        name: Create matrix
+        id: tests
+        working-directory: ./integration-cli
+        run: |
+          # This step creates a matrix for integration-cli tests. Tests suites
+          # are distributed in integration-cli job through a matrix. There is
+          # also overrides being added to the matrix like "./..." to run
+          # "Test integration" step exclusively and specific tests suites that
+          # take a long time to run.
+          matrix="$(gotestlist -d ${{ env.ITG_CLI_MATRIX_SIZE }} -o "./..." -o "DockerSwarmSuite" -o "DockerNetworkSuite|DockerExternalVolumeSuite" ./...)"
+          echo "matrix=$matrix" >> $GITHUB_OUTPUT
+      -
+        name: Show matrix
+        run: |
+          echo ${{ steps.tests.outputs.matrix }}
+
+  integration-cli:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 120
+    needs:
+      - build-dev
+      - integration-cli-prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        test: ${{ fromJson(needs.integration-cli-prepare.outputs.matrix) }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up runner
+        uses: ./.github/actions/setup-runner
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Build dev image
+        uses: docker/bake-action@v2
+        with:
+          targets: dev
+          set: |
+            dev.cache-from=type=gha,scope=dev
+      -
+        name: Test
+        run: |
+          make -o build test-integration
+        env:
+          TEST_SKIP_INTEGRATION: 1
+          TESTCOVERAGE: 1
+          TESTFLAGS: "-test.run (${{ matrix.test }})/"
+      -
+        name: Prepare reports
+        if: always()
+        run: |
+          reportsPath=/tmp/reports/$(echo -n "${{ matrix.test }}" | sha256sum | cut -d " " -f 1)
+          mkdir -p bundles $reportsPath
+          echo "${{ matrix.test }}" | tr -s '|' '\n' | tee -a "$reportsPath/tests.txt"
+          find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
+          tar -xzf /tmp/reports.tar.gz -C $reportsPath
+          sudo chown -R $(id -u):$(id -g) $reportsPath
+          tree -nh $reportsPath
+      -
+        name: Send to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          directory: ./bundles/test-integration
+          env_vars: RUNNER_OS
+          flags: integration-cli
+      -
+        name: Test daemon logs
+        if: always()
+        run: |
+          cat bundles/test-integration/docker.log
+      -
+        name: Upload reports
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: integration-cli-reports
+          path: /tmp/reports/*
+
+  integration-cli-report:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 10
+    if: always()
+    needs:
+      - integration-cli
+    steps:
+      -
+        name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      -
+        name: Download reports
+        uses: actions/download-artifact@v3
+        with:
+          name: integration-cli-reports
+          path: /tmp/reports
+      -
+        name: Install teststat
+        run: |
+          go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
+      -
+        name: Create summary
+        run: |
+          teststat -markdown $(find /tmp/reports -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
+
+  prepare-smoke:
    runs-on: ubuntu-20.04
    needs:
      - validate-dco
@@ -145,11 +531,11 @@ jobs:
  smoke:
    runs-on: ubuntu-20.04
    needs:
-      - smoke-prepare
+      - prepare-smoke
    strategy:
      fail-fast: false
      matrix:
-        platform: ${{ fromJson(needs.smoke-prepare.outputs.matrix) }}
+        platform: ${{ fromJson(needs.prepare-smoke.outputs.matrix) }}
    steps:
      -
        name: Checkout
--- a/.github/workflows/windows-2019.yml
+++ b/.github/workflows/windows-2019.yml
@@ -13,20 +13,10 @@ jobs:
  validate-dco:
    uses: ./.github/workflows/.dco.yml

-  test-prepare:
-    uses: ./.github/workflows/.test-prepare.yml
-    needs:
-      - validate-dco
-
  run:
    needs:
-      - test-prepare
+      - validate-dco
    uses: ./.github/workflows/.windows.yml
-    strategy:
-      fail-fast: false
-      matrix:
-        storage: ${{ fromJson(needs.test-prepare.outputs.matrix) }}
    with:
      os: windows-2019
-      storage: ${{ matrix.storage }}
      send_coverage: false
--- a/.github/workflows/windows-2022.yml
+++ b/.github/workflows/windows-2022.yml
@@ -16,20 +16,10 @@ jobs:
  validate-dco:
    uses: ./.github/workflows/.dco.yml

-  test-prepare:
-    uses: ./.github/workflows/.test-prepare.yml
-    needs:
-      - validate-dco
-
  run:
    needs:
-      - test-prepare
+      - validate-dco
    uses: ./.github/workflows/.windows.yml
-    strategy:
-      fail-fast: false
-      matrix:
-        storage: ${{ fromJson(needs.test-prepare.outputs.matrix) }}
    with:
      os: windows-2022
-      storage: ${{ matrix.storage }}
      send_coverage: true
--- a/.mailmap
+++ b/.mailmap
@@ -32,7 +32,6 @@ Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> <suda.kyoto@gmail.com>
 Akshay Moghe <akshay.moghe@gmail.com>
 Albin Kerouanton <albinker@gmail.com>
 Albin Kerouanton <albinker@gmail.com> <albin@akerouanton.name>
-Albin Kerouanton <albinker@gmail.com> <557933+akerouanton@users.noreply.github.com>
 Aleksa Sarai <asarai@suse.de>
 Aleksa Sarai <asarai@suse.de> <asarai@suse.com>
 Aleksa Sarai <asarai@suse.de> <cyphar@cyphar.com>
@@ -104,9 +103,6 @@ Bily Zhang <xcoder@tenxcloud.com>
 Bin Liu <liubin0329@gmail.com>
 Bin Liu <liubin0329@gmail.com> <liubin0329@users.noreply.github.com>
 Bingshen Wang <bingshen.wbs@alibaba-inc.com>
-Bjorn Neergaard <bjorn@neersighted.com>
-Bjorn Neergaard <bjorn@neersighted.com> <bjorn.neergaard@docker.com>
-Bjorn Neergaard <bjorn@neersighted.com> <bneergaard@mirantis.com>
 Boaz Shuster <ripcurld.github@gmail.com>
 Bojun Zhu <bojun.zhu@foxmail.com>
 Boqin Qin <bobbqqin@gmail.com>
@@ -145,8 +141,6 @@ Cristian Ariza <dev@cristianrz.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 Cristian Staretu <cristian.staretu@gmail.com> <unclejack@users.noreply.github.com>
 Cristian Staretu <cristian.staretu@gmail.com> <unclejacksons@gmail.com>
-cui fliter <imcusg@gmail.com>
-cui fliter <imcusg@gmail.com> cuishuang <imcusg@gmail.com>
 CUI Wei <ghostplant@qq.com> cuiwei13 <cuiwei13@pku.edu.cn>
 Daehyeok Mun <daehyeok@gmail.com>
 Daehyeok Mun <daehyeok@gmail.com> <daehyeok@daehyeok-ui-MacBook-Air.local>
@@ -375,9 +369,7 @@ Ken Cochrane <kencochrane@gmail.com> <KenCochrane@gmail.com>
 Ken Herner <kherner@progress.com> <chosenken@gmail.com>
 Ken Reese <krrgithub@gmail.com>
 Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
-Kevin Alvarez <github@crazymax.dev>
-Kevin Alvarez <github@crazymax.dev> <1951866+crazy-max@users.noreply.github.com>
-Kevin Alvarez <github@crazymax.dev> <crazy-max@users.noreply.github.com>
+Kevin Alvarez <crazy-max@users.noreply.github.com>
 Kevin Feyrer <kevin.feyrer@btinternet.com> <kevinfeyrer@users.noreply.github.com>
 Kevin Kern <kaiwentan@harmonycloud.cn>
 Kevin Meredith <kevin.m.meredith@gmail.com>
@@ -477,15 +469,10 @@ Mikael Davranche <mikael.davranche@corp.ovh.com>
 Mikael Davranche <mikael.davranche@corp.ovh.com> <mikael.davranche@corp.ovh.net>
 Mike Casas <mkcsas0@gmail.com> <mikecasas@users.noreply.github.com>
 Mike Goelzer <mike.goelzer@docker.com> <mgoelzer@docker.com>
-Milas Bowman <devnull@milas.dev>
-Milas Bowman <devnull@milas.dev> <milasb@gmail.com>
-Milas Bowman <devnull@milas.dev> <milas.bowman@docker.com>
 Milind Chawre <milindchawre@gmail.com>
 Misty Stanley-Jones <misty@docker.com> <misty@apache.org>
 Mohammad Banikazemi <MBanikazemi@gmail.com>
 Mohammad Banikazemi <MBanikazemi@gmail.com> <mb@us.ibm.com>
-Mohd Sadiq <mohdsadiq058@gmail.com> <mohdsadiq058@gmail.com>
-Mohd Sadiq <mohdsadiq058@gmail.com> <42430865+msadiq058@users.noreply.github.com>
 Mohit Soni <mosoni@ebay.com> <mohitsoni1989@gmail.com>
 Moorthy RS <rsmoorthy@gmail.com> <rsmoorthy@users.noreply.github.com>
 Moysés Borges <moysesb@gmail.com>
@@ -561,7 +548,6 @@ Sebastiaan van Stijn <github@gone.nl>
 Sebastiaan van Stijn <github@gone.nl> <moby@example.com>
 Sebastiaan van Stijn <github@gone.nl> <sebastiaan@ws-key-sebas3.dpi1.dpi>
 Sebastiaan van Stijn <github@gone.nl> <thaJeztah@users.noreply.github.com>
-Sebastian Thomschke <sebthom@users.noreply.github.com>
 Seongyeol Lim <seongyeol37@gmail.com>
 Shaun Kaasten <shaunk@gmail.com>
 Shawn Landden <shawn@churchofgit.com> <shawnlandden@gmail.com>
@@ -709,8 +695,6 @@ Xiaodong Liu <liuxiaodong@loongson.cn>
 Xiaodong Zhang <a4012017@sina.com>
 Xiaohua Ding <xiao_hua_ding@sina.cn>
 Xiaoyu Zhang <zhang.xiaoyu33@zte.com.cn>
-Xinfeng Liu <XinfengLiu@icloud.com>
-Xinfeng Liu <XinfengLiu@icloud.com> <xinfeng.liu@gmail.com>
 Xuecong Liao <satorulogic@gmail.com>
 Yamasaki Masahide <masahide.y@gmail.com>
 Yao Zaiyong <yaozaiyong@hotmail.com>
--- a/49
+++ b/49
@@ -27,7 +27,6 @@ Adam Miller <admiller@redhat.com>
 Adam Mills <adam@armills.info>
 Adam Pointer <adam.pointer@skybettingandgaming.com>
 Adam Singer <financeCoding@gmail.com>
-Adam Thornton <adam.thornton@maryville.com>
 Adam Walz <adam@adamwalz.net>
 Adam Williams <awilliams@mirantis.com>
 AdamKorcz <adam@adalogics.com>
@@ -174,7 +173,6 @@ Andy Rothfusz <github@developersupport.net>
 Andy Smith <github@anarkystic.com>
 Andy Wilson <wilson.andrew.j+github@gmail.com>
 Andy Zhang <andy.zhangtao@hotmail.com>
-Aneesh Kulkarni <askthefactorcamera@gmail.com>
 Anes Hasicic <anes.hasicic@gmail.com>
 Angel Velazquez <angelcar@amazon.com>
 Anil Belur <askb23@gmail.com>
@@ -238,7 +236,6 @@ Ben Golub <ben.golub@dotcloud.com>
 Ben Gould <ben@bengould.co.uk>
 Ben Hall <ben@benhall.me.uk>
 Ben Langfeld <ben@langfeld.me>
-Ben Lovy <ben@deciduously.com>
 Ben Sargent <ben@brokendigits.com>
 Ben Severson <BenSeverson@users.noreply.github.com>
 Ben Toews <mastahyeti@gmail.com>
@@ -265,7 +262,7 @@ Billy Ridgway <wrridgwa@us.ibm.com>
 Bily Zhang <xcoder@tenxcloud.com>
 Bin Liu <liubin0329@gmail.com>
 Bingshen Wang <bingshen.wbs@alibaba-inc.com>
-Bjorn Neergaard <bjorn@neersighted.com>
+Bjorn Neergaard <bneergaard@mirantis.com>
 Blake Geno <blakegeno@gmail.com>
 Boaz Shuster <ripcurld.github@gmail.com>
 bobby abbott <ttobbaybbob@gmail.com>
@@ -282,7 +279,6 @@ Brandon Liu <bdon@bdon.org>
 Brandon Philips <brandon.philips@coreos.com>
 Brandon Rhodes <brandon@rhodesmill.org>
 Brendan Dixon <brendand@microsoft.com>
-Brennan Kinney <5098581+polarathene@users.noreply.github.com>
 Brent Salisbury <brent.salisbury@docker.com>
 Brett Higgins <brhiggins@arbor.net>
 Brett Kochendorfer <brett.kochendorfer@gmail.com>
@@ -367,7 +363,6 @@ chenyuzhu <chenyuzhi@oschina.cn>
 Chetan Birajdar <birajdar.chetan@gmail.com>
 Chewey <prosto-chewey@users.noreply.github.com>
 Chia-liang Kao <clkao@clkao.org>
-Chiranjeevi Tirunagari <vchiranjeeviak.tirunagari@gmail.com>
 chli <chli@freewheel.tv>
 Cholerae Hu <choleraehyq@gmail.com>
 Chris Alfonso <calfonso@redhat.com>
@@ -438,8 +433,8 @@ Cristian Staretu <cristian.staretu@gmail.com>
 cristiano balducci <cristiano.balducci@gmail.com>
 Cristina Yenyxe Gonzalez Garcia <cristina.yenyxe@gmail.com>
 Cruceru Calin-Cristian <crucerucalincristian@gmail.com>
-cui fliter <imcusg@gmail.com>
 CUI Wei <ghostplant@qq.com>
+cuishuang <imcusg@gmail.com>
 Cuong Manh Le <cuong.manhle.vn@gmail.com>
 Cyprian Gracz <cyprian.gracz@micro-jumbo.eu>
 Cyril F <cyrilf7x@gmail.com>
@@ -518,7 +513,6 @@ David Dooling <dooling@gmail.com>
 David Gageot <david@gageot.net>
 David Gebler <davidgebler@gmail.com>
 David Glasser <glasser@davidglasser.net>
-David Karlsson <35727626+dvdksn@users.noreply.github.com>
 David Lawrence <david.lawrence@docker.com>
 David Lechner <david@lechnology.com>
 David M. Karr <davidmichaelkarr@gmail.com>
@@ -608,7 +602,6 @@ Donald Huang <don.hcd@gmail.com>
 Dong Chen <dongluo.chen@docker.com>
 Donghwa Kim <shanytt@gmail.com>
 Donovan Jones <git@gamma.net.nz>
-Dorin Geman <dorin.geman@docker.com>
 Doron Podoleanu <doronp@il.ibm.com>
 Doug Davis <dug@us.ibm.com>
 Doug MacEachern <dougm@vmware.com>
@@ -643,7 +636,6 @@ Emily Rose <emily@contactvibe.com>
 Emir Ozer <emirozer@yandex.com>
 Eng Zer Jun <engzerjun@gmail.com>
 Enguerran <engcolson@gmail.com>
-Enrico Weigelt, metux IT consult <info@metux.net>
 Eohyung Lee <liquidnuker@gmail.com>
 epeterso <epeterson@breakpoint-labs.com>
 er0k <er0k@er0k.net>
@@ -684,7 +676,6 @@ Evan Allrich <evan@unguku.com>
 Evan Carmi <carmi@users.noreply.github.com>
 Evan Hazlett <ejhazlett@gmail.com>
 Evan Krall <krall@yelp.com>
-Evan Lezar <elezar@nvidia.com>
 Evan Phoenix <evan@fallingsnow.net>
 Evan Wies <evan@neomantra.net>
 Evelyn Xu <evelynhsu21@gmail.com>
@@ -753,7 +744,6 @@ Frank Groeneveld <frank@ivaldi.nl>
 Frank Herrmann <fgh@4gh.tv>
 Frank Macreery <frank@macreery.com>
 Frank Rosquin <frank.rosquin+github@gmail.com>
-Frank Villaro-Dixon <frank.villarodixon@merkle.com>
 Frank Yang <yyb196@gmail.com>
 Fred Lifton <fred.lifton@docker.com>
 Frederick F. Kautz IV <fkautz@redhat.com>
@@ -993,7 +983,6 @@ Jean Rouge <rougej+github@gmail.com>
 Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
 Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
 Jean-Christophe Berthon <huygens@berthon.eu>
-Jean-Michel Rouet <jm.rouet@gmail.com>
 Jean-Paul Calderone <exarkun@twistedmatrix.com>
 Jean-Pierre Huynh <jean-pierre.huynh@ounet.fr>
 Jean-Tiare Le Bigot <jt@yadutaf.fr>
@@ -1024,7 +1013,6 @@ Jeroen Jacobs <github@jeroenj.be>
 Jesse Dearing <jesse.dearing@gmail.com>
 Jesse Dubay <jesse@thefortytwo.net>
 Jessica Frazelle <jess@oxide.computer>
-Jeyanthinath Muthuram <jeyanthinath10@gmail.com>
 Jezeniel Zapanta <jpzapanta22@gmail.com>
 Jhon Honce <jhonce@redhat.com>
 Ji.Zhilong <zhilongji@gmail.com>
@@ -1153,7 +1141,6 @@ junxu <xujun@cmss.chinamobile.com>
 Jussi Nummelin <jussi.nummelin@gmail.com>
 Justas Brazauskas <brazauskasjustas@gmail.com>
 Justen Martin <jmart@the-coder.com>
-Justin Chadwell <me@jedevc.com>
 Justin Cormack <justin.cormack@docker.com>
 Justin Force <justin.force@gmail.com>
 Justin Keller <85903732+jk-vb@users.noreply.github.com>
@@ -1196,7 +1183,6 @@ Ke Xu <leonhartx.k@gmail.com>
 Kei Ohmura <ohmura.kei@gmail.com>
 Keith Hudgins <greenman@greenman.org>
 Keli Hu <dev@keli.hu>
-Ken Bannister <kb2ma@runbox.com>
 Ken Cochrane <kencochrane@gmail.com>
 Ken Herner <kherner@progress.com>
 Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
@@ -1206,7 +1192,7 @@ Kenjiro Nakayama <nakayamakenjiro@gmail.com>
 Kent Johnson <kentoj@gmail.com>
 Kenta Tada <Kenta.Tada@sony.com>
 Kevin "qwazerty" Houdebert <kevin.houdebert@gmail.com>
-Kevin Alvarez <github@crazymax.dev>
+Kevin Alvarez <crazy-max@users.noreply.github.com>
 Kevin Burke <kev@inburke.com>
 Kevin Clark <kevin.clark@gmail.com>
 Kevin Feyrer <kevin.feyrer@btinternet.com>
@@ -1239,7 +1225,6 @@ Konstantin Gribov <grossws@gmail.com>
 Konstantin L <sw.double@gmail.com>
 Konstantin Pelykh <kpelykh@zettaset.com>
 Kostadin Plachkov <k.n.plachkov@gmail.com>
-kpcyrd <git@rxv.cc>
 Krasi Georgiev <krasi@vip-consult.solutions>
 Krasimir Georgiev <support@vip-consult.co.uk>
 Kris-Mikael Krister <krismikael@protonmail.com>
@@ -1321,7 +1306,6 @@ Lorenzo Fontana <fontanalorenz@gmail.com>
 Lotus Fenn <fenn.lotus@gmail.com>
 Louis Delossantos <ldelossa.ld@gmail.com>
 Louis Opter <kalessin@kalessin.fr>
-Luboslav Pivarc <lpivarc@redhat.com>
 Luca Favatella <luca.favatella@erlang-solutions.com>
 Luca Marturana <lucamarturana@gmail.com>
 Luca Orlandi <luca.orlandi@gmail.com>
@@ -1360,7 +1344,6 @@ Manuel Meurer <manuel@krautcomputing.com>
 Manuel Rüger <manuel@rueg.eu>
 Manuel Woelker <github@manuel.woelker.org>
 mapk0y <mapk0y@gmail.com>
-Marat Radchenko <marat@slonopotamus.org>
 Marc Abramowitz <marc@marc-abramowitz.com>
 Marc Kuo <kuomarc2@gmail.com>
 Marc Tamsky <mtamsky@gmail.com>
@@ -1400,7 +1383,6 @@ Martijn van Oosterhout <kleptog@svana.org>
 Martin Braun <braun@neuroforge.de>
 Martin Dojcak <martin.dojcak@lablabs.io>
 Martin Honermeyer <maze@strahlungsfrei.de>
-Martin Jirku <martin@jirku.sk>
 Martin Kelly <martin@surround.io>
 Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
 Martin Muzatko <martin@happy-css.com>
@@ -1479,7 +1461,6 @@ Michael Holzheu <holzheu@linux.vnet.ibm.com>
 Michael Hudson-Doyle <michael.hudson@canonical.com>
 Michael Huettermann <michael@huettermann.net>
 Michael Irwin <mikesir87@gmail.com>
-Michael Kebe <michael.kebe@hkm.de>
 Michael Kuehn <micha@kuehn.io>
 Michael Käufl <docker@c.michael-kaeufl.de>
 Michael Neale <michael.neale@gmail.com>
@@ -1528,11 +1509,10 @@ Mike Lundy <mike@fluffypenguin.org>
 Mike MacCana <mike.maccana@gmail.com>
 Mike Naberezny <mike@naberezny.com>
 Mike Snitzer <snitzer@redhat.com>
-Mike Sul <mike.sul@foundries.io>
 mikelinjie <294893458@qq.com>
 Mikhail Sobolev <mss@mawhrin.net>
 Miklos Szegedi <miklos.szegedi@cloudera.com>
-Milas Bowman <devnull@milas.dev>
+Milas Bowman <milasb@gmail.com>
 Milind Chawre <milindchawre@gmail.com>
 Miloslav Trmač <mitr@redhat.com>
 mingqing <limingqing@cyou-inc.com>
@@ -1544,7 +1524,6 @@ mlarcher <github@ringabell.org>
 Mohammad Banikazemi <MBanikazemi@gmail.com>
 Mohammad Nasirifar <farnasirim@gmail.com>
 Mohammed Aaqib Ansari <maaquib@gmail.com>
-Mohd Sadiq <mohdsadiq058@gmail.com>
 Mohit Soni <mosoni@ebay.com>
 Moorthy RS <rsmoorthy@gmail.com>
 Morgan Bauer <mbauer@us.ibm.com>
@@ -1627,7 +1606,6 @@ Noah Treuhaft <noah.treuhaft@docker.com>
 NobodyOnSE <ich@sektor.selfip.com>
 noducks <onemannoducks@gmail.com>
 Nolan Darilek <nolan@thewordnerd.info>
-Nolan Miles <nolanpmiles@gmail.com>
 Noriki Nakamura <noriki.nakamura@miraclelinux.com>
 nponeccop <andy.melnikov@gmail.com>
 Nurahmadie <nurahmadie@gmail.com>
@@ -1683,7 +1661,6 @@ Paul Lietar <paul@lietar.net>
 Paul Liljenberg <liljenberg.paul@gmail.com>
 Paul Morie <pmorie@gmail.com>
 Paul Nasrat <pnasrat@gmail.com>
-Paul Seiffert <paul.seiffert@jimdo.com>
 Paul Weaver <pauweave@cisco.com>
 Paulo Gomes <pjbgf@linux.com>
 Paulo Ribeiro <paigr.io@gmail.com>
@@ -1697,7 +1674,6 @@ Pavlos Ratis <dastergon@gentoo.org>
 Pavol Vargovcik <pallly.vargovcik@gmail.com>
 Pawel Konczalski <mail@konczalski.de>
 Paweł Gronowski <pawel.gronowski@docker.com>
-payall4u <payall4u@qq.com>
 Peeyush Gupta <gpeeyush@linux.vnet.ibm.com>
 Peggy Li <peggyli.224@gmail.com>
 Pei Su <sillyousu@gmail.com>
@@ -1727,9 +1703,7 @@ Phil Estes <estesp@gmail.com>
 Phil Sphicas <phil.sphicas@att.com>
 Phil Spitler <pspitler@gmail.com>
 Philip Alexander Etling <paetling@gmail.com>
-Philip K. Warren <pkwarren@gmail.com>
 Philip Monroe <phil@philmonroe.com>
-Philipp Fruck <dev@p-fruck.de>
 Philipp Gillé <philipp.gille@gmail.com>
 Philipp Wahala <philipp.wahala@gmail.com>
 Philipp Weissensteiner <mail@philippweissensteiner.com>
@@ -1767,7 +1741,6 @@ Quentin Brossard <qbrossard@gmail.com>
 Quentin Perez <qperez@ocs.online.net>
 Quentin Tayssier <qtayssier@gmail.com>
 r0n22 <cameron.regan@gmail.com>
-Rachit Sharma <rachitsharma613@gmail.com>
 Radostin Stoyanov <rstoyanov1@gmail.com>
 Rafal Jeczalik <rjeczalik@gmail.com>
 Rafe Colton <rafael.colton@gmail.com>
@@ -1800,7 +1773,6 @@ Rich Horwood <rjhorwood@apple.com>
 Rich Moyse <rich@moyse.us>
 Rich Seymour <rseymour@gmail.com>
 Richard Burnison <rburnison@ebay.com>
-Richard Hansen <rhansen@rhansen.org>
 Richard Harvey <richard@squarecows.com>
 Richard Mathie <richard.mathie@amey.co.uk>
 Richard Metzler <richard@paadee.com>
@@ -1816,7 +1788,6 @@ Ritesh H Shukla <sritesh@vmware.com>
 Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 Rob Cowsill <42620235+rcowsill@users.noreply.github.com>
 Rob Gulewich <rgulewich@netflix.com>
-Rob Murray <rob.murray@docker.com>
 Rob Vesse <rvesse@dotnetrdf.org>
 Robert Bachmann <rb@robertbachmann.at>
 Robert Bittle <guywithnose@gmail.com>
@@ -1898,7 +1869,6 @@ ryancooper7 <ryan.cooper7@gmail.com>
 RyanDeng <sheldon.d1018@gmail.com>
 Ryo Nakao <nakabonne@gmail.com>
 Ryoga Saito <contact@proelbtn.com>
-Régis Behmo <regis@behmo.com>
 Rémy Greinhofer <remy.greinhofer@livelovely.com>
 s. rannou <mxs@sbrk.org>
 Sabin Basyal <sabin.basyal@gmail.com>
@@ -1915,7 +1885,6 @@ Sam J Sharpe <sam.sharpe@digital.cabinet-office.gov.uk>
 Sam Neirinck <sam@samneirinck.com>
 Sam Reis <sreis@atlassian.com>
 Sam Rijs <srijs@airpost.net>
-Sam Thibault <sam.thibault@docker.com>
 Sam Whited <sam@samwhited.com>
 Sambuddha Basu <sambuddhabasu1@gmail.com>
 Sami Wagiaalla <swagiaal@redhat.com>
@@ -1939,7 +1908,6 @@ Satoshi Tagomori <tagomoris@gmail.com>
 Scott Bessler <scottbessler@gmail.com>
 Scott Collier <emailscottcollier@gmail.com>
 Scott Johnston <scott@docker.com>
-Scott Moser <smoser@brickies.net>
 Scott Percival <scottp@lastyard.com>
 Scott Stamp <scottstamp851@gmail.com>
 Scott Walls <sawalls@umich.edu>
@@ -1955,7 +1923,6 @@ Sebastiaan van Steenis <mail@superseb.nl>
 Sebastiaan van Stijn <github@gone.nl>
 Sebastian Höffner <sebastian.hoeffner@mevis.fraunhofer.de>
 Sebastian Radloff <sradloff23@gmail.com>
-Sebastian Thomschke <sebthom@users.noreply.github.com>
 Sebastien Goasguen <runseb@gmail.com>
 Senthil Kumar Selvaraj <senthil.thecoder@gmail.com>
 Senthil Kumaran <senthil@uthcode.com>
@@ -2029,7 +1996,6 @@ Stanislav Bondarenko <stanislav.bondarenko@gmail.com>
 Stanislav Levin <slev@altlinux.org>
 Steeve Morin <steeve.morin@gmail.com>
 Stefan Berger <stefanb@linux.vnet.ibm.com>
-Stefan Gehrig <stefan.gehrig.hn@googlemail.com>
 Stefan J. Wernli <swernli@microsoft.com>
 Stefan Praszalowicz <stefan@greplin.com>
 Stefan S. <tronicum@user.github.com>
@@ -2037,7 +2003,6 @@ Stefan Scherer <stefan.scherer@docker.com>
 Stefan Staudenmeyer <doerte@instana.com>
 Stefan Weil <sw@weilnetz.de>
 Steffen Butzer <steffen.butzer@outlook.com>
-Stephan Henningsen <stephan-henningsen@users.noreply.github.com>
 Stephan Spindler <shutefan@gmail.com>
 Stephen Benjamin <stephen@redhat.com>
 Stephen Crosby <stevecrozz@gmail.com>
@@ -2239,7 +2204,6 @@ Vinod Kulkarni <vinod.kulkarni@gmail.com>
 Vishal Doshi <vishal.doshi@gmail.com>
 Vishnu Kannan <vishnuk@google.com>
 Vitaly Ostrosablin <vostrosablin@virtuozzo.com>
-Vitor Anjos <bartier@users.noreply.github.com>
 Vitor Monteiro <vmrmonteiro@gmail.com>
 Vivek Agarwal <me@vivek.im>
 Vivek Dasgupta <vdasgupt@redhat.com>
@@ -2286,7 +2250,6 @@ Wenxuan Zhao <viz@linux.com>
 Wenyu You <21551128@zju.edu.cn>
 Wenzhi Liang <wenzhi.liang@gmail.com>
 Wes Morgan <cap10morgan@gmail.com>
-Wesley Pettit <wppttt@amazon.com>
 Wewang Xiaorenfine <wang.xiaoren@zte.com.cn>
 Wiktor Kwapisiewicz <wiktor@metacode.biz>
 Will Dietz <w@wdtz.org>
@@ -2326,7 +2289,7 @@ xiekeyang <xiekeyang@huawei.com>
 Ximo Guanter Gonzálbez <joaquin.guantergonzalbez@telefonica.com>
 xin.li <xin.li@daocloud.io>
 Xinbo Weng <xihuanbo_0521@zju.edu.cn>
-Xinfeng Liu <XinfengLiu@icloud.com>
+Xinfeng Liu <xinfeng.liu@gmail.com>
 Xinzi Zhou <imdreamrunner@gmail.com>
 Xiuming Chen <cc@cxm.cc>
 Xuecong Liao <satorulogic@gmail.com>
@@ -2392,7 +2355,6 @@ Zen Lin(Zhinan Lin) <linzhinan@huawei.com>
 Zhang Kun <zkazure@gmail.com>
 Zhang Wei <zhangwei555@huawei.com>
 Zhang Wentao <zhangwentao234@huawei.com>
-zhangguanzhang <zhangguanzhang@qq.com>
 ZhangHang <stevezhang2014@gmail.com>
 zhangxianwei <xianwei.zw@alibaba-inc.com>
 Zhenan Ye <21551168@zju.edu.cn>
@@ -2419,7 +2381,6 @@ Zuhayr Elahi <zuhayr.elahi@docker.com>
 Zunayed Ali <zunayed@gmail.com>
 Álvaro Lázaro <alvaro.lazaro.g@gmail.com>
 Átila Camurça Alves <camurca.home@gmail.com>
-吴小白 <296015668@qq.com>
 尹吉峰 <jifeng.yin@gmail.com>
 屈骏 <qujun@tiduyun.com>
 徐俊杰 <paco.xu@daocloud.io>
--- a/102
+++ b/102
@@ -1,29 +1,23 @@
 # syntax=docker/dockerfile:1

-ARG GO_VERSION=1.21.6
-ARG BASE_DEBIAN_DISTRO="bookworm"
+ARG GO_VERSION=1.20.13
+ARG BASE_DEBIAN_DISTRO="bullseye"
 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
 ARG XX_VERSION=1.2.1

 ARG VPNKIT_VERSION=0.5.0

 ARG DOCKERCLI_REPOSITORY="https://github.com/docker/cli.git"
-ARG DOCKERCLI_VERSION=v25.0.0
+ARG DOCKERCLI_VERSION=v24.0.2
 # cli version used for integration-cli tests
 ARG DOCKERCLI_INTEGRATION_REPOSITORY="https://github.com/docker/cli.git"
 ARG DOCKERCLI_INTEGRATION_VERSION=v17.06.2-ce
-ARG BUILDX_VERSION=0.12.1
-ARG COMPOSE_VERSION=v2.24.2
+ARG BUILDX_VERSION=0.11.2

 ARG SYSTEMD="false"
+ARG DEBIAN_FRONTEND=noninteractive
 ARG DOCKER_STATIC=1

-# REGISTRY_VERSION specifies the version of the registry to download from
-# https://hub.docker.com/r/distribution/distribution. This version of
-# the registry is used to test schema 2 manifests. Generally,  the version
-# specified here should match a current release.
-ARG REGISTRY_VERSION=2.8.3
-
 # cross compilation helper
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx

@@ -38,19 +32,21 @@ COPY --from=build-dummy /build /build
 FROM --platform=$BUILDPLATFORM ${GOLANG_IMAGE} AS base
 COPY --from=xx / /
 RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
+ARG APT_MIRROR
+RUN test -n "$APT_MIRROR" && sed -ri "s#(httpredir|deb|security).debian.org#${APT_MIRROR}#g" /etc/apt/sources.list || true
+ARG DEBIAN_FRONTEND
 RUN apt-get update && apt-get install --no-install-recommends -y file
 ENV GO111MODULE=off
-ENV GOTOOLCHAIN=local

 FROM base AS criu
+ARG DEBIAN_FRONTEND
 ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc
 RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \
    --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \
-        echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_12/ /' > /etc/apt/sources.list.d/criu.list \
+        echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/ /' > /etc/apt/sources.list.d/criu.list \
        && apt-get update \
        && apt-get install -y --no-install-recommends criu \
-        && install -D /usr/sbin/criu /build/criu \
-        && /build/criu --version
+        && install -D /usr/sbin/criu /build/criu

 # registry
 FROM base AS registry-src
@@ -59,7 +55,11 @@ RUN git init . && git remote add origin "https://github.com/distribution/distrib

 FROM base AS registry
 WORKDIR /go/src/github.com/docker/distribution
-
+# REGISTRY_VERSION specifies the version of the registry to build and install
+# from the https://github.com/docker/distribution repository. This version of
+# the registry is used to test both schema 1 and schema 2 manifests. Generally,
+# the version specified here should match a current release.
+ARG REGISTRY_VERSION=v2.3.0
 # REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and
 # install from the https://github.com/docker/distribution repository. This is
 # an older (pre v2.3.0) version of the registry that only supports schema1
@@ -72,10 +72,11 @@ RUN --mount=from=registry-src,src=/usr/src/registry,rw \
    --mount=type=cache,target=/go/pkg/mod \
    --mount=type=tmpfs,target=/go/src <<EOT
  set -ex
+  git fetch -q --depth 1 origin "${REGISTRY_VERSION}" +refs/tags/*:refs/tags/*
+  git checkout -q FETCH_HEAD
  export GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"
-  # Make the /build directory no matter what so that it doesn't fail on arm64 or
-  # any other platform where we don't build this registry
-  mkdir /build
+  CGO_ENABLED=0 xx-go build -o /build/registry-v2 -v ./cmd/registry
+  xx-verify /build/registry-v2
  case $TARGETPLATFORM in
    linux/amd64|linux/arm/v7|linux/ppc64le|linux/s390x)
      git fetch -q --depth 1 origin "${REGISTRY_VERSION_SCHEMA1}" +refs/tags/*:refs/tags/*
@@ -86,9 +87,6 @@ RUN --mount=from=registry-src,src=/usr/src/registry,rw \
  esac
 EOT

-FROM distribution/distribution:$REGISTRY_VERSION AS registry-v2
-RUN mkdir /build && mv /bin/registry /build/registry-v2
-
 # go-swagger
 FROM base AS swagger-src
 WORKDIR /usr/src/swagger
@@ -116,6 +114,7 @@ EOT
 # See also frozenImages in "testutil/environment/protect.go" (which needs to
 # be updated when adding images to this list)
 FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images
+ARG DEBIAN_FRONTEND
 RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \
    --mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \
       apt-get update && apt-get install -y --no-install-recommends \
@@ -129,7 +128,7 @@ ARG TARGETVARIANT
 RUN /download-frozen-image-v2.sh /build \
        busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
        busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
-        debian:bookworm-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 \
+        debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \
        hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
        arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1

@@ -141,7 +140,7 @@ RUN git init . && git remote add origin "https://github.com/go-delve/delve.git"
 # from the https://github.com/go-delve/delve repository.
 # It can be used to run Docker with a possibility of
 # attaching debugger to it.
-ARG DELVE_VERSION=v1.21.1
+ARG DELVE_VERSION=v1.20.1
 RUN git fetch -q --depth 1 origin "${DELVE_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD

 FROM base AS delve-build
@@ -198,19 +197,17 @@ RUN git init . && git remote add origin "https://github.com/containerd/container
 # When updating the binary version you may also need to update the vendor
 # version to pick up bug fixes or new APIs, however, usually the Go packages
 # are built from a commit from the master branch.
-ARG CONTAINERD_VERSION=v1.7.12
+ARG CONTAINERD_VERSION=v1.7.13
 RUN git fetch -q --depth 1 origin "${CONTAINERD_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD

 FROM base AS containerd-build
 WORKDIR /go/src/github.com/containerd/containerd
+ARG DEBIAN_FRONTEND
 ARG TARGETPLATFORM
 RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \
    --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \
        apt-get update && xx-apt-get install -y --no-install-recommends \
-            gcc \
-            libbtrfs-dev \
-            libsecret-1-dev \
-            pkg-config
+            gcc libbtrfs-dev libsecret-1-dev
 ARG DOCKER_STATIC
 RUN --mount=from=containerd-src,src=/usr/src/containerd,rw \
    --mount=type=cache,target=/root/.cache/go-build,id=containerd-build-$TARGETPLATFORM <<EOT
@@ -283,20 +280,17 @@ RUN git init . && git remote add origin "https://github.com/opencontainers/runc.
 # that is used. If you need to update runc, open a pull request in the containerd
 # project first, and update both after that is merged. When updating RUNC_VERSION,
 # consider updating runc in vendor.mod accordingly.
-ARG RUNC_VERSION=v1.1.11
+ARG RUNC_VERSION=v1.1.12
 RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD

 FROM base AS runc-build
 WORKDIR /go/src/github.com/opencontainers/runc
+ARG DEBIAN_FRONTEND
 ARG TARGETPLATFORM
 RUN --mount=type=cache,sharing=locked,id=moby-runc-aptlib,target=/var/lib/apt \
    --mount=type=cache,sharing=locked,id=moby-runc-aptcache,target=/var/cache/apt \
        apt-get update && xx-apt-get install -y --no-install-recommends \
-            dpkg-dev \
-            gcc \
-            libc6-dev \
-            libseccomp-dev \
-            pkg-config
+            dpkg-dev gcc libc6-dev libseccomp-dev
 ARG DOCKER_STATIC
 RUN --mount=from=runc-src,src=/usr/src/runc,rw \
    --mount=type=cache,target=/root/.cache/go-build,id=runc-build-$TARGETPLATFORM <<EOT
@@ -323,6 +317,7 @@ RUN git fetch -q --depth 1 origin "${TINI_VERSION}" +refs/tags/*:refs/tags/* &&

 FROM base AS tini-build
 WORKDIR /go/src/github.com/krallin/tini
+ARG DEBIAN_FRONTEND
 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
    --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
        apt-get update && apt-get install -y --no-install-recommends cmake
@@ -330,9 +325,7 @@ ARG TARGETPLATFORM
 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
    --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
        xx-apt-get install -y --no-install-recommends \
-            gcc \
-            libc6-dev \
-            pkg-config
+            gcc libc6-dev
 RUN --mount=from=tini-src,src=/usr/src/tini,rw \
    --mount=type=cache,target=/root/.cache/go-build,id=tini-build-$TARGETPLATFORM <<EOT
  set -e
@@ -352,18 +345,17 @@ FROM base AS rootlesskit-src
 WORKDIR /usr/src/rootlesskit
 RUN git init . && git remote add origin "https://github.com/rootless-containers/rootlesskit.git"
 # When updating, also update vendor.mod and hack/dockerfile/install/rootlesskit.installer accordingly.
-ARG ROOTLESSKIT_VERSION=v2.0.0
+ARG ROOTLESSKIT_VERSION=v1.1.1
 RUN git fetch -q --depth 1 origin "${ROOTLESSKIT_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD

 FROM base AS rootlesskit-build
 WORKDIR /go/src/github.com/rootless-containers/rootlesskit
+ARG DEBIAN_FRONTEND
 ARG TARGETPLATFORM
 RUN --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptlib,target=/var/lib/apt \
    --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptcache,target=/var/cache/apt \
        apt-get update && xx-apt-get install -y --no-install-recommends \
-            gcc \
-            libc6-dev \
-            pkg-config
+            gcc libc6-dev
 ENV GO111MODULE=on
 ARG DOCKER_STATIC
 RUN --mount=from=rootlesskit-src,src=/usr/src/rootlesskit,rw \
@@ -384,7 +376,7 @@ FROM binary-dummy AS rootlesskit-windows
 FROM rootlesskit-${TARGETOS} AS rootlesskit

 FROM base AS crun
-ARG CRUN_VERSION=1.12
+ARG CRUN_VERSION=1.4.5
 RUN --mount=type=cache,sharing=locked,id=moby-crun-aptlib,target=/var/lib/apt \
    --mount=type=cache,sharing=locked,id=moby-crun-aptcache,target=/var/cache/apt \
        apt-get update && apt-get install -y --no-install-recommends \
@@ -431,11 +423,7 @@ RUN git fetch -q --depth 1 origin "${CONTAINERUTILITY_VERSION}" +refs/tags/*:ref
 FROM base AS containerutil-build
 WORKDIR /usr/src/containerutil
 ARG TARGETPLATFORM
-RUN xx-apt-get install -y --no-install-recommends \
-        gcc \
-        g++ \
-        libc6-dev \
-        pkg-config
+RUN xx-apt-get install -y --no-install-recommends gcc g++ libc6-dev
 RUN --mount=from=containerutil-src,src=/usr/src/containerutil,rw \
    --mount=type=cache,target=/root/.cache/go-build,id=containerutil-build-$TARGETPLATFORM <<EOT
  set -e
@@ -450,7 +438,6 @@ FROM containerutil-build AS containerutil-windows-amd64
 FROM containerutil-windows-${TARGETARCH} AS containerutil-windows
 FROM containerutil-${TARGETOS} AS containerutil
 FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
-FROM docker/compose-bin:${COMPOSE_VERSION} as compose

 FROM base AS dev-systemd-false
 COPY --link --from=frozen-images /build/ /docker-frozen-images
@@ -460,7 +447,6 @@ COPY --link --from=tomll         /build/ /usr/local/bin/
 COPY --link --from=gowinres      /build/ /usr/local/bin/
 COPY --link --from=tini          /build/ /usr/local/bin/
 COPY --link --from=registry      /build/ /usr/local/bin/
-COPY --link --from=registry-v2   /build/ /usr/local/bin/

 # Skip the CRIU stage for now, as the opensuse package repository is sometimes
 # unstable, and we're currently not using it in CI.
@@ -478,7 +464,6 @@ COPY --link --from=containerutil /build/ /usr/local/bin/
 COPY --link --from=crun          /build/ /usr/local/bin/
 COPY --link hack/dockerfile/etc/docker/  /etc/docker/
 COPY --link --from=buildx        /buildx /usr/local/libexec/docker/cli-plugins/docker-buildx
-COPY --link --from=compose       /docker-compose /usr/libexec/docker/cli-plugins/docker-compose

 ENV PATH=/usr/local/cli:$PATH
 ENV TEST_CLIENT_BINARY=/usr/local/cli-integration/docker
@@ -501,6 +486,7 @@ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
 ENTRYPOINT ["hack/dind-systemd"]

 FROM dev-systemd-${SYSTEMD} AS dev-base
+ARG DEBIAN_FRONTEND
 RUN groupadd -r docker
 RUN useradd --create-home --gid docker unprivilegeduser \
 && mkdir -p /home/unprivilegeduser/.local/share/docker \
@@ -534,6 +520,9 @@ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
            net-tools \
            patch \
            pigz \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
            sudo \
            systemd-journal-remote \
            thin-provisioning-tools \
@@ -549,6 +538,8 @@ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
 RUN update-alternatives --set iptables  /usr/sbin/iptables-legacy  || true \
 && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
 && update-alternatives --set arptables /usr/sbin/arptables-legacy || true
+ARG YAMLLINT_VERSION=1.27.1
+RUN pip3 install yamllint==${YAMLLINT_VERSION}
 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
    --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
        apt-get update && apt-get install --no-install-recommends -y \
@@ -556,11 +547,11 @@ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
            pkg-config \
            dpkg-dev \
            libapparmor-dev \
+            libdevmapper-dev \
            libseccomp-dev \
            libsecret-1-dev \
            libsystemd-dev \
-            libudev-dev \
-            yamllint
+            libudev-dev
 COPY --link --from=dockercli             /build/ /usr/local/cli
 COPY --link --from=dockercli-integration /build/ /usr/local/cli-integration

@@ -569,6 +560,7 @@ COPY --from=gowinres /build/ /usr/local/bin/
 WORKDIR /go/src/github.com/docker/docker
 ENV GO111MODULE=off
 ENV CGO_ENABLED=1
+ARG DEBIAN_FRONTEND
 RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \
    --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \
        apt-get update && apt-get install --no-install-recommends -y \
@@ -583,11 +575,11 @@ RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \
            gcc \
            libapparmor-dev \
            libc6-dev \
+            libdevmapper-dev \
            libseccomp-dev \
            libsecret-1-dev \
            libsystemd-dev \
-            libudev-dev \
-            pkg-config
+            libudev-dev
 ARG DOCKER_BUILDTAGS
 ARG DOCKER_DEBUG
 ARG DOCKER_GITCOMMIT=HEAD
--- a/Dockerfile.simple
+++ b/Dockerfile.simple
@@ -5,14 +5,17 @@

 # This represents the bare minimum required to build and test Docker.

-ARG GO_VERSION=1.21.6
+ARG GO_VERSION=1.20.13

-ARG BASE_DEBIAN_DISTRO="bookworm"
+ARG BASE_DEBIAN_DISTRO="bullseye"
 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"

 FROM ${GOLANG_IMAGE}
 ENV GO111MODULE=off
-ENV GOTOOLCHAIN=local
+
+# allow replacing debian mirror
+ARG APT_MIRROR
+RUN test -n "$APT_MIRROR" && sed -ri "s#(httpredir|deb|security).debian.org#${APT_MIRROR}#g" /etc/apt/sources.list || true

 # Compile and runtime deps
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
@@ -23,6 +26,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		cmake \
 		git \
 		libapparmor-dev \
+		libdevmapper-dev \
 		libseccomp-dev \
 		ca-certificates \
 		e2fsprogs \
--- a/Dockerfile.windows
+++ b/Dockerfile.windows
@@ -154,17 +154,21 @@

 # The number of build steps below are explicitly minimised to improve performance.

-ARG WINDOWS_BASE_IMAGE=mcr.microsoft.com/windows/servercore
-ARG WINDOWS_BASE_IMAGE_TAG=ltsc2022
-FROM ${WINDOWS_BASE_IMAGE}:${WINDOWS_BASE_IMAGE_TAG}
+# Extremely important - do not change the following line to reference a "specific" image, 
+# such as `mcr.microsoft.com/windows/servercore:ltsc2022`. If using this Dockerfile in process
+# isolated containers, the kernel of the host must match the container image, and hence
+# would fail between Windows Server 2016 (aka RS1) and Windows Server 2019 (aka RS5).
+# It is expected that the image `microsoft/windowsservercore:latest` is present, and matches
+# the hosts kernel version before doing a build. 
+FROM microsoft/windowsservercore

 # Use PowerShell as the default shell
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]

-ARG GO_VERSION=1.21.6
+ARG GO_VERSION=1.20.13
 ARG GOTESTSUM_VERSION=v1.8.2
 ARG GOWINRES_VERSION=v0.3.1
-ARG CONTAINERD_VERSION=v1.7.12
+ARG CONTAINERD_VERSION=v1.7.13

 # Environment variable notes:
 #  - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
@@ -175,7 +179,6 @@ ENV GO_VERSION=${GO_VERSION} `
    GIT_VERSION=2.11.1 `
    GOPATH=C:\gopath `
    GO111MODULE=off `
-    GOTOOLCHAIN=local `
    FROM_DOCKERFILE=1 `
    GOTESTSUM_VERSION=${GOTESTSUM_VERSION} `
    GOWINRES_VERSION=${GOWINRES_VERSION}
@@ -220,7 +223,7 @@ RUN `
  Download-File $location C:\gitsetup.zip; `
  `
  Write-Host INFO: Downloading go...; `
-  $dlGoVersion=$Env:GO_VERSION; `
+  $dlGoVersion=$Env:GO_VERSION -replace '\.0$',''; `
  Download-File "https://go.dev/dl/go${dlGoVersion}.windows-amd64.zip" C:\go.zip; `
  `
  Write-Host INFO: Downloading compiler 1 of 3...; `
--- a/20
+++ b/20
@@ -24,18 +24,15 @@
 	# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.

 		people = [
-			"akerouanton",
 			"akihirosuda",
 			"anusha",
 			"coolljt0725",
 			"corhere",
 			"cpuguy83",
-			"crazy-max",
 			"estesp",
 			"johnstep",
 			"justincormack",
 			"kolyshkin",
-			"laurazard",
 			"mhbauer",
 			"neersighted",
 			"rumpl",
@@ -66,16 +63,17 @@
 	# - close an issue or pull request when it's inappropriate or off-topic

 		people = [
+		    "akerouanton",
 			"alexellis",
 			"andrewhsu",
 			"bsousaa",
-			"dmcgowan",
+			"crazy-max",
 			"fntlnz",
 			"gianarb",
+			"laurazard",
 			"olljanat",
 			"programmerq",
 			"ripcurld",
-			"robmry",
 			"sam-thibault",
 			"samwhited",
 			"thajeztah"
@@ -359,11 +357,6 @@
 	Email = "dnephin@gmail.com"
 	GitHub = "dnephin"

-	[people.dmcgowan]
-	Name = "Derek McGowan"
-	Email = "derek@mcgstyle.net"
-	GitHub = "dmcgowan"
-
 	[people.duglin]
 	Name = "Doug Davis"
 	Email = "dug@us.ibm.com"
@@ -466,7 +459,7 @@

 	[people.neersighted]
 	Name = "Bjorn Neergaard"
-	Email = "bjorn@neersighted.com"
+	Email = "bneergaard@mirantis.com"
 	GitHub = "neersighted"

 	[people.olljanat]
@@ -479,11 +472,6 @@
 	Email = "jeff@docker.com"
 	GitHub = "programmerq"

-	[people.robmry]
-	Name = "Rob Murray"
-	Email = "rob.murray@docker.com"
-	GitHub = "robmry"
-
 	[people.ripcurld]
 	Name = "Boaz Shuster"
 	Email = "ripcurld.github@gmail.com"
--- a/30
+++ b/30
@@ -4,7 +4,7 @@ DOCKER ?= docker
 BUILDX ?= $(DOCKER) buildx

 # set the graph driver as the current graphdriver if not set
-DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info -f '{{ .Driver }}' 2>&1))
+DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info -f {{ .Driver }} 2>&1))
 export DOCKER_GRAPHDRIVER

 DOCKER_GITCOMMIT := $(shell git rev-parse HEAD)
@@ -24,9 +24,10 @@ export VALIDATE_ORIGIN_BRANCH
 # option of "go build". For example, a built-in graphdriver priority list
 # can be changed during build time like this:
 #
-# make DOCKER_LDFLAGS="-X github.com/docker/docker/daemon/graphdriver.priority=overlay2,zfs" dynbinary
+# make DOCKER_LDFLAGS="-X github.com/docker/docker/daemon/graphdriver.priority=overlay2,devicemapper" dynbinary
 #
 DOCKER_ENVS := \
+	-e BUILD_APT_MIRROR \
 	-e BUILDFLAGS \
 	-e KEEPBUNDLE \
 	-e DOCKER_BUILD_ARGS \
@@ -60,7 +61,6 @@ DOCKER_ENVS := \
 	-e TEST_INTEGRATION_FAIL_FAST \
 	-e TEST_SKIP_INTEGRATION \
 	-e TEST_SKIP_INTEGRATION_CLI \
-	-e TEST_IGNORE_CGROUP_CHECK \
 	-e TESTCOVERAGE \
 	-e TESTDEBUG \
 	-e TESTDIRS \
@@ -76,10 +76,7 @@ DOCKER_ENVS := \
 	-e PLATFORM \
 	-e DEFAULT_PRODUCT_LICENSE \
 	-e PRODUCT \
-	-e PACKAGER_NAME \
-	-e OTEL_EXPORTER_OTLP_ENDPOINT \
-	-e OTEL_EXPORTER_OTLP_PROTOCOL \
-	-e OTEL_SERVICE_NAME
+	-e PACKAGER_NAME
 # note: we _cannot_ add "-e DOCKER_BUILDTAGS" here because even if it's unset in the shell, that would shadow the "ENV DOCKER_BUILDTAGS" set in our Dockerfile, which is very important for our official builds

 # to allow `make BIND_DIR=. shell` or `make BIND_DIR= test`
@@ -111,6 +108,8 @@ DOCKER_PORT_FORWARD := $(if $(DOCKER_PORT),-p "$(DOCKER_PORT)",)
 DELVE_PORT_FORWARD := $(if $(DELVE_PORT),-p "$(DELVE_PORT)",)

 DOCKER_FLAGS := $(DOCKER) run --rm --privileged $(DOCKER_CONTAINER_NAME) $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD) $(DELVE_PORT_FORWARD)
+BUILD_APT_MIRROR := $(if $(DOCKER_BUILD_APT_MIRROR),--build-arg APT_MIRROR=$(DOCKER_BUILD_APT_MIRROR))
+export BUILD_APT_MIRROR

 SWAGGER_DOCS_PORT ?= 9000

@@ -138,6 +137,7 @@ endif
 DOCKER_RUN_DOCKER := $(DOCKER_FLAGS) "$(DOCKER_IMAGE)"

 DOCKER_BUILD_ARGS += --build-arg=GO_VERSION
+DOCKER_BUILD_ARGS += --build-arg=APT_MIRROR
 DOCKER_BUILD_ARGS += --build-arg=DOCKERCLI_VERSION
 DOCKER_BUILD_ARGS += --build-arg=DOCKERCLI_REPOSITORY
 DOCKER_BUILD_ARGS += --build-arg=DOCKERCLI_INTEGRATION_VERSION
@@ -146,7 +146,7 @@ ifdef DOCKER_SYSTEMD
 DOCKER_BUILD_ARGS += --build-arg=SYSTEMD=true
 endif

-BUILD_OPTS := ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS}
+BUILD_OPTS := ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS}
 BUILD_CMD := $(BUILDX) build
 BAKE_CMD := $(BUILDX) bake

@@ -220,11 +220,6 @@ test-unit: build ## run the unit tests
 validate: build ## validate DCO, Seccomp profile generation, gofmt,\n./pkg/ isolation, golint, tests, tomls, go vet and vendor
 	$(DOCKER_RUN_DOCKER) hack/validate/all

-validate-generate-files:
-	$(BUILD_CMD) --target "validate" \
-		--output "type=cacheonly" \
-		--file "./hack/dockerfiles/generate-files.Dockerfile" .
-
 validate-%: build ## validate specific check
 	$(DOCKER_RUN_DOCKER) hack/validate/$*

@@ -246,12 +241,3 @@ swagger-docs: ## preview the API documentation
 		-e 'REDOC_OPTIONS=hide-hostname="true" lazy-rendering' \
 		-p $(SWAGGER_DOCS_PORT):80 \
 		bfirsh/redoc:1.14.0
-
-.PHONY: generate-files
-generate-files:
-	$(eval $@_TMP_OUT := $(shell mktemp -d -t moby-output.XXXXXXXXXX))
-	$(BUILD_CMD) --target "update" \
-		--output "type=local,dest=$($@_TMP_OUT)" \
-		--file "./hack/dockerfiles/generate-files.Dockerfile" .
-	cp -R "$($@_TMP_OUT)"/. .
-	rm -rf "$($@_TMP_OUT)"/*
--- a/api/README.md
+++ b/api/README.md
@@ -37,6 +37,6 @@ There is hopefully enough example material in the file for you to copy a similar

 When you make edits to `swagger.yaml`, you may want to check the generated API documentation to ensure it renders correctly.

-Run `make swagger-docs` and a preview will be running at `http://localhost:9000`. Some of the styling may be incorrect, but you'll be able to ensure that it is generating the correct documentation.
+Run `make swagger-docs` and a preview will be running at `http://localhost`. Some of the styling may be incorrect, but you'll be able to ensure that it is generating the correct documentation.

 The production documentation is generated by vendoring `swagger.yaml` into [docker/docker.github.io](https://github.com/docker/docker.github.io).
--- a/api/common.go
+++ b/api/common.go
@@ -3,7 +3,7 @@ package api // import "github.com/docker/docker/api"
 // Common constants for daemon and client.
 const (
 	// DefaultVersion of Current REST API
-	DefaultVersion = "1.44"
+	DefaultVersion = "1.43"

 	// NoBaseImageSpecifier is the symbol used by the FROM
 	// command to specify that no base image is to be used.
--- a/api/common_unix.go
+++ b/api/common_unix.go
@@ -0,0 +1,7 @@
+//go:build !windows
+// +build !windows
+
+package api // import "github.com/docker/docker/api"
+
+// MinVersion represents Minimum REST API version supported
+const MinVersion = "1.12"
--- a/api/common_windows.go
+++ b/api/common_windows.go
@@ -0,0 +1,8 @@
+package api // import "github.com/docker/docker/api"
+
+// MinVersion represents Minimum REST API version supported
+// Technically the first daemon API version released on Windows is v1.25 in
+// engine version 1.13. However, some clients are explicitly using downlevel
+// APIs (e.g. docker-compose v2.1 file format) and that is just too restrictive.
+// Hence also allowing 1.24 on Windows.
+const MinVersion string = "1.24"
--- a/api/server/backend/build/backend.go
+++ b/api/server/backend/build/backend.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"strconv"

-	"github.com/distribution/reference"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/events"
@@ -76,7 +76,7 @@ func (b *Backend) Build(ctx context.Context, config backend.BuildConfig) (string
 		return "", nil
 	}

-	imageID := build.ImageID
+	var imageID = build.ImageID
 	if options.Squash {
 		if imageID, err = squashBuild(build, b.imageComponent); err != nil {
 			return "", err
@@ -104,7 +104,7 @@ func (b *Backend) PruneCache(ctx context.Context, opts types.BuildCachePruneOpti
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to prune build cache")
 	}
-	b.eventsService.Log(events.ActionPrune, events.BuilderEventType, events.Actor{
+	b.eventsService.Log("prune", events.BuilderEventType, events.Actor{
 		Attributes: map[string]string{
 			"reclaimed": strconv.FormatInt(buildCacheSize, 10),
 		},
--- a/api/server/backend/build/tag.go
+++ b/api/server/backend/build/tag.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"io"

-	"github.com/distribution/reference"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/image"
 	"github.com/pkg/errors"
 )
--- a/api/server/httpstatus/status.go
+++ b/api/server/httpstatus/status.go
@@ -1,14 +1,13 @@
 package httpstatus // import "github.com/docker/docker/api/server/httpstatus"

 import (
-	"context"
 	"fmt"
 	"net/http"

 	cerrdefs "github.com/containerd/containerd/errdefs"
-	"github.com/containerd/log"
 	"github.com/docker/distribution/registry/api/errcode"
 	"github.com/docker/docker/errdefs"
+	"github.com/sirupsen/logrus"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -20,7 +19,7 @@ type causer interface {
 // FromError retrieves status code from error message.
 func FromError(err error) int {
 	if err == nil {
-		log.G(context.TODO()).WithError(err).Error("unexpected HTTP error handling")
+		logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling")
 		return http.StatusInternalServerError
 	}

@@ -66,11 +65,10 @@ func FromError(err error) int {
 			return FromError(e.Cause())
 		}

-		log.G(context.TODO()).WithFields(log.Fields{
+		logrus.WithFields(logrus.Fields{
 			"module":     "api",
-			"error":      err,
 			"error_type": fmt.Sprintf("%T", err),
-		}).Debug("FIXME: Got an API for which error does not match any expected type!!!")
+		}).Debugf("FIXME: Got an API for which error does not match any expected type!!!: %+v", err)
 	}

 	if statusCode == 0 {
--- a/api/server/httputils/form.go
+++ b/api/server/httputils/form.go
@@ -6,7 +6,7 @@ import (
 	"strconv"
 	"strings"

-	"github.com/distribution/reference"
+	"github.com/docker/distribution/reference"
 )

 // BoolValue transforms a form value in different formats into a boolean type.
--- a/api/server/httputils/write_log_stream.go
+++ b/api/server/httputils/write_log_stream.go
@@ -7,8 +7,8 @@ import (
 	"net/url"
 	"sort"

+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/stdcopy"
@@ -16,7 +16,7 @@ import (

 // WriteLogStream writes an encoded byte stream of log messages from the
 // messages channel, multiplexing them with a stdcopy.Writer if mux is true
-func WriteLogStream(_ context.Context, w io.Writer, msgs <-chan *backend.LogMessage, config *container.LogsOptions, mux bool) {
+func WriteLogStream(_ context.Context, w io.Writer, msgs <-chan *backend.LogMessage, config *types.ContainerLogsOptions, mux bool) {
 	wf := ioutils.NewWriteFlusher(w)
 	defer wf.Close()

--- a/api/server/middleware.go
+++ b/api/server/middleware.go
@@ -1,9 +1,9 @@
 package server // import "github.com/docker/docker/api/server"

 import (
-	"github.com/containerd/log"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/server/middleware"
+	"github.com/sirupsen/logrus"
 )

 // handlerWithGlobalMiddlewares wraps the handler function for a request with
@@ -16,7 +16,7 @@ func (s *Server) handlerWithGlobalMiddlewares(handler httputils.APIFunc) httputi
 		next = m.WrapHandler(next)
 	}

-	if log.GetLevel() == log.DebugLevel {
+	if logrus.GetLevel() == logrus.DebugLevel {
 		next = middleware.DebugRequestMiddleware(next)
 	}

--- a/api/server/middleware/cors.go
+++ b/api/server/middleware/cors.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"net/http"

-	"github.com/containerd/log"
 	"github.com/docker/docker/api/types/registry"
+	"github.com/sirupsen/logrus"
 )

 // CORSMiddleware injects CORS headers to each request
@@ -29,7 +29,7 @@ func (c CORSMiddleware) WrapHandler(handler func(ctx context.Context, w http.Res
 			corsHeaders = "*"
 		}

-		log.G(ctx).Debugf("CORS header is enabled and set to: %s", corsHeaders)
+		logrus.Debugf("CORS header is enabled and set to: %s", corsHeaders)
 		w.Header().Add("Access-Control-Allow-Origin", corsHeaders)
 		w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, "+registry.AuthHeader)
 		w.Header().Add("Access-Control-Allow-Methods", "HEAD, GET, POST, DELETE, PUT, OPTIONS")
--- a/api/server/middleware/debug.go
+++ b/api/server/middleware/debug.go
@@ -8,15 +8,15 @@ import (
 	"net/http"
 	"strings"

-	"github.com/containerd/log"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/pkg/ioutils"
+	"github.com/sirupsen/logrus"
 )

 // DebugRequestMiddleware dumps the request to logger
 func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-		log.G(ctx).Debugf("Calling %s %s", r.Method, r.RequestURI)
+		logrus.Debugf("Calling %s %s", r.Method, r.RequestURI)

 		if r.Method != http.MethodPost {
 			return handler(ctx, w, r, vars)
@@ -44,9 +44,9 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 			maskSecretKeys(postForm)
 			formStr, errMarshal := json.Marshal(postForm)
 			if errMarshal == nil {
-				log.G(ctx).Debugf("form data: %s", string(formStr))
+				logrus.Debugf("form data: %s", string(formStr))
 			} else {
-				log.G(ctx).Debugf("form data: %q", postForm)
+				logrus.Debugf("form data: %q", postForm)
 			}
 		}

--- a/api/server/router/build/backend.go
+++ b/api/server/router/build/backend.go
@@ -15,6 +15,7 @@ type Backend interface {

 	// Prune build cache
 	PruneCache(context.Context, types.BuildCachePruneOptions) (*types.BuildCachePruneReport, error)
+
 	Cancel(context.Context, string) error
 }

--- a/api/server/router/build/build.go
+++ b/api/server/router/build/build.go
@@ -9,16 +9,18 @@ import (

 // buildRouter is a router to talk with the build controller
 type buildRouter struct {
-	backend Backend
-	daemon  experimentalProvider
-	routes  []router.Route
+	backend  Backend
+	daemon   experimentalProvider
+	routes   []router.Route
+	features *map[string]bool
 }

 // NewRouter initializes a new build router
-func NewRouter(b Backend, d experimentalProvider) router.Router {
+func NewRouter(b Backend, d experimentalProvider, features *map[string]bool) router.Router {
 	r := &buildRouter{
-		backend: b,
-		daemon:  d,
+		backend:  b,
+		daemon:   d,
+		features: features,
 	}
 	r.initRoutes()
 	return r
--- a/api/server/router/build/build_routes.go
+++ b/api/server/router/build/build_routes.go
@@ -14,7 +14,6 @@ import (
 	"strings"
 	"sync"

-	"github.com/containerd/log"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
@@ -27,6 +26,7 @@ import (
 	"github.com/docker/docker/pkg/streamformatter"
 	units "github.com/docker/go-units"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )

 type invalidParam struct {
@@ -107,7 +107,7 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	}

 	if ulimitsJSON := r.FormValue("ulimits"); ulimitsJSON != "" {
-		buildUlimits := []*units.Ulimit{}
+		var buildUlimits = []*units.Ulimit{}
 		if err := json.Unmarshal([]byte(ulimitsJSON), &buildUlimits); err != nil {
 			return nil, invalidParam{errors.Wrap(err, "error reading ulimit settings")}
 		}
@@ -127,7 +127,7 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	// so that it can print a warning about "foo" being unused if there is
 	// no "ARG foo" in the Dockerfile.
 	if buildArgsJSON := r.FormValue("buildargs"); buildArgsJSON != "" {
-		buildArgs := map[string]*string{}
+		var buildArgs = map[string]*string{}
 		if err := json.Unmarshal([]byte(buildArgsJSON), &buildArgs); err != nil {
 			return nil, invalidParam{errors.Wrap(err, "error reading build args")}
 		}
@@ -135,7 +135,7 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	}

 	if labelsJSON := r.FormValue("labels"); labelsJSON != "" {
-		labels := map[string]string{}
+		var labels = map[string]string{}
 		if err := json.Unmarshal([]byte(labelsJSON), &labels); err != nil {
 			return nil, invalidParam{errors.Wrap(err, "error reading labels")}
 		}
@@ -143,7 +143,7 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 	}

 	if cacheFromJSON := r.FormValue("cachefrom"); cacheFromJSON != "" {
-		cacheFrom := []string{}
+		var cacheFrom = []string{}
 		if err := json.Unmarshal([]byte(cacheFromJSON), &cacheFrom); err != nil {
 			return nil, invalidParam{errors.Wrap(err, "error reading cache-from")}
 		}
@@ -248,7 +248,7 @@ func (br *buildRouter) postBuild(ctx context.Context, w http.ResponseWriter, r *
 		}
 		_, err = output.Write(streamformatter.FormatError(err))
 		if err != nil {
-			log.G(ctx).Warnf("could not write error response: %v", err)
+			logrus.Warnf("could not write error response: %v", err)
 		}
 		return nil
 	}
--- a/api/server/router/checkpoint/backend.go
+++ b/api/server/router/checkpoint/backend.go
@@ -1,10 +1,10 @@
 package checkpoint // import "github.com/docker/docker/api/server/router/checkpoint"

-import "github.com/docker/docker/api/types/checkpoint"
+import "github.com/docker/docker/api/types"

 // Backend for Checkpoint
 type Backend interface {
-	CheckpointCreate(container string, config checkpoint.CreateOptions) error
-	CheckpointDelete(container string, config checkpoint.DeleteOptions) error
-	CheckpointList(container string, config checkpoint.ListOptions) ([]checkpoint.Summary, error)
+	CheckpointCreate(container string, config types.CheckpointCreateOptions) error
+	CheckpointDelete(container string, config types.CheckpointDeleteOptions) error
+	CheckpointList(container string, config types.CheckpointListOptions) ([]types.Checkpoint, error)
 }
--- a/api/server/router/checkpoint/checkpoint_routes.go
+++ b/api/server/router/checkpoint/checkpoint_routes.go
@@ -5,7 +5,7 @@ import (
 	"net/http"

 	"github.com/docker/docker/api/server/httputils"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/docker/docker/api/types"
 )

 func (s *checkpointRouter) postContainerCheckpoint(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -13,7 +13,7 @@ func (s *checkpointRouter) postContainerCheckpoint(ctx context.Context, w http.R
 		return err
 	}

-	var options checkpoint.CreateOptions
+	var options types.CheckpointCreateOptions
 	if err := httputils.ReadJSON(r, &options); err != nil {
 		return err
 	}
@@ -32,9 +32,10 @@ func (s *checkpointRouter) getContainerCheckpoints(ctx context.Context, w http.R
 		return err
 	}

-	checkpoints, err := s.backend.CheckpointList(vars["name"], checkpoint.ListOptions{
+	checkpoints, err := s.backend.CheckpointList(vars["name"], types.CheckpointListOptions{
 		CheckpointDir: r.Form.Get("dir"),
 	})
+
 	if err != nil {
 		return err
 	}
@@ -47,10 +48,11 @@ func (s *checkpointRouter) deleteContainerCheckpoint(ctx context.Context, w http
 		return err
 	}

-	err := s.backend.CheckpointDelete(vars["name"], checkpoint.DeleteOptions{
+	err := s.backend.CheckpointDelete(vars["name"], types.CheckpointDeleteOptions{
 		CheckpointDir: r.Form.Get("dir"),
 		CheckpointID:  vars["checkpoint"],
 	})
+
 	if err != nil {
 		return err
 	}
--- a/api/server/router/container/backend.go
+++ b/api/server/router/container/backend.go
@@ -32,13 +32,13 @@ type copyBackend interface {

 // stateBackend includes functions to implement to provide container state lifecycle functionality.
 type stateBackend interface {
-	ContainerCreate(ctx context.Context, config backend.ContainerCreateConfig) (container.CreateResponse, error)
+	ContainerCreate(ctx context.Context, config types.ContainerCreateConfig) (container.CreateResponse, error)
 	ContainerKill(name string, signal string) error
 	ContainerPause(name string) error
 	ContainerRename(oldName, newName string) error
 	ContainerResize(name string, height, width int) error
 	ContainerRestart(ctx context.Context, name string, options container.StopOptions) error
-	ContainerRm(name string, config *backend.ContainerRmConfig) error
+	ContainerRm(name string, config *types.ContainerRmConfig) error
 	ContainerStart(ctx context.Context, name string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error
 	ContainerStop(ctx context.Context, name string, options container.StopOptions) error
 	ContainerUnpause(name string) error
@@ -50,10 +50,11 @@ type stateBackend interface {
 type monitorBackend interface {
 	ContainerChanges(ctx context.Context, name string) ([]archive.Change, error)
 	ContainerInspect(ctx context.Context, name string, size bool, version string) (interface{}, error)
-	ContainerLogs(ctx context.Context, name string, config *container.LogsOptions) (msgs <-chan *backend.LogMessage, tty bool, err error)
+	ContainerLogs(ctx context.Context, name string, config *types.ContainerLogsOptions) (msgs <-chan *backend.LogMessage, tty bool, err error)
 	ContainerStats(ctx context.Context, name string, config *backend.ContainerStatsConfig) error
 	ContainerTop(name string, psArgs string) (*container.ContainerTopOKBody, error)
-	Containers(ctx context.Context, config *container.ListOptions) ([]*types.Container, error)
+
+	Containers(ctx context.Context, config *types.ContainerListOptions) ([]*types.Container, error)
 }

 // attachBackend includes function to implement to provide container attaching functionality.
--- a/api/server/router/container/container_routes.go
+++ b/api/server/router/container/container_routes.go
@@ -8,10 +8,8 @@ import (
 	"net/http"
 	"runtime"
 	"strconv"
-	"strings"

 	"github.com/containerd/containerd/platforms"
-	"github.com/containerd/log"
 	"github.com/docker/docker/api/server/httpstatus"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
@@ -19,14 +17,13 @@ import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/versions"
 	containerpkg "github.com/docker/docker/container"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/runconfig"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/net/websocket"
 )

@@ -80,7 +77,7 @@ func (s *containerRouter) getContainersJSON(ctx context.Context, w http.Response
 		return err
 	}

-	config := &container.ListOptions{
+	config := &types.ContainerListOptions{
 		All:     httputils.BoolValue(r, "all"),
 		Size:    httputils.BoolValue(r, "size"),
 		Since:   r.Form.Get("since"),
@@ -144,7 +141,7 @@ func (s *containerRouter) getContainersLogs(ctx context.Context, w http.Response
 	}

 	containerName := vars["name"]
-	logsConfig := &container.LogsOptions{
+	logsConfig := &types.ContainerLogsOptions{
 		Follow:     httputils.BoolValue(r, "follow"),
 		Timestamps: httputils.BoolValue(r, "timestamps"),
 		Since:      r.Form.Get("since"),
@@ -494,39 +491,21 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 		}
 		return err
 	}
-
-	if config == nil {
-		return errdefs.InvalidParameter(runconfig.ErrEmptyConfig)
-	}
-	if hostConfig == nil {
-		hostConfig = &container.HostConfig{}
-	}
-	if hostConfig.NetworkMode == "" {
-		hostConfig.NetworkMode = "default"
-	}
-	if networkingConfig == nil {
-		networkingConfig = &network.NetworkingConfig{}
-	}
-	if networkingConfig.EndpointsConfig == nil {
-		networkingConfig.EndpointsConfig = make(map[string]*network.EndpointSettings)
-	}
-
 	version := httputils.VersionFromContext(ctx)
 	adjustCPUShares := versions.LessThan(version, "1.19")

 	// When using API 1.24 and under, the client is responsible for removing the container
-	if versions.LessThan(version, "1.25") {
+	if hostConfig != nil && versions.LessThan(version, "1.25") {
 		hostConfig.AutoRemove = false
 	}

-	if versions.LessThan(version, "1.40") {
+	if hostConfig != nil && versions.LessThan(version, "1.40") {
 		// Ignore BindOptions.NonRecursive because it was added in API 1.40.
 		for _, m := range hostConfig.Mounts {
 			if bo := m.BindOptions; bo != nil {
 				bo.NonRecursive = false
 			}
 		}
-
 		// Ignore KernelMemoryTCP because it was added in API 1.40.
 		hostConfig.KernelMemoryTCP = 0

@@ -535,26 +514,14 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 			hostConfig.IpcMode = container.IPCModeShareable
 		}
 	}
-
-	if versions.LessThan(version, "1.41") {
+	if hostConfig != nil && versions.LessThan(version, "1.41") && !s.cgroup2 {
 		// Older clients expect the default to be "host" on cgroup v1 hosts
-		if !s.cgroup2 && hostConfig.CgroupnsMode.IsEmpty() {
+		if hostConfig.CgroupnsMode.IsEmpty() {
 			hostConfig.CgroupnsMode = container.CgroupnsModeHost
 		}
 	}

-	var platform *ocispec.Platform
-	if versions.GreaterThanOrEqualTo(version, "1.41") {
-		if v := r.Form.Get("platform"); v != "" {
-			p, err := platforms.Parse(v)
-			if err != nil {
-				return errdefs.InvalidParameter(err)
-			}
-			platform = &p
-		}
-	}
-
-	if versions.LessThan(version, "1.42") {
+	if hostConfig != nil && versions.LessThan(version, "1.42") {
 		for _, m := range hostConfig.Mounts {
 			// Ignore BindOptions.CreateMountpoint because it was added in API 1.42.
 			if bo := m.BindOptions; bo != nil {
@@ -574,14 +541,9 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 				bo.CreateMountpoint = false
 			}
 		}
-
-		if runtime.GOOS == "linux" {
-			// ConsoleSize is not respected by Linux daemon before API 1.42
-			hostConfig.ConsoleSize = [2]uint{0, 0}
-		}
 	}

-	if versions.GreaterThanOrEqualTo(version, "1.42") {
+	if hostConfig != nil && versions.GreaterThanOrEqualTo(version, "1.42") {
 		// Ignore KernelMemory removed in API 1.42.
 		hostConfig.KernelMemory = 0
 		for _, m := range hostConfig.Mounts {
@@ -597,45 +559,28 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 		}
 	}

-	if versions.LessThan(version, "1.43") {
+	if hostConfig != nil && runtime.GOOS == "linux" && versions.LessThan(version, "1.42") {
+		// ConsoleSize is not respected by Linux daemon before API 1.42
+		hostConfig.ConsoleSize = [2]uint{0, 0}
+	}
+
+	if hostConfig != nil && versions.LessThan(version, "1.43") {
 		// Ignore Annotations because it was added in API v1.43.
 		hostConfig.Annotations = nil
 	}

-	if versions.LessThan(version, "1.44") {
-		if config.Healthcheck != nil {
-			// StartInterval was added in API 1.44
-			config.Healthcheck.StartInterval = 0
-		}
-
-		for _, m := range hostConfig.Mounts {
-			if m.BindOptions != nil {
-				// Ignore ReadOnlyNonRecursive because it was added in API 1.44.
-				m.BindOptions.ReadOnlyNonRecursive = false
-				if m.BindOptions.ReadOnlyForceRecursive {
-					return errdefs.InvalidParameter(errors.New("BindOptions.ReadOnlyForceRecursive needs API v1.44 or newer"))
-				}
+	var platform *ocispec.Platform
+	if versions.GreaterThanOrEqualTo(version, "1.41") {
+		if v := r.Form.Get("platform"); v != "" {
+			p, err := platforms.Parse(v)
+			if err != nil {
+				return errdefs.InvalidParameter(err)
 			}
-		}
-
-		// Creating a container connected to several networks is not supported until v1.44.
-		if len(networkingConfig.EndpointsConfig) > 1 {
-			l := make([]string, 0, len(networkingConfig.EndpointsConfig))
-			for k := range networkingConfig.EndpointsConfig {
-				l = append(l, k)
-			}
-			return errdefs.InvalidParameter(errors.Errorf("Container cannot be created with multiple network endpoints: %s", strings.Join(l, ", ")))
+			platform = &p
 		}
 	}

-	var warnings []string
-	if warn, err := handleMACAddressBC(config, hostConfig, networkingConfig, version); err != nil {
-		return err
-	} else if warn != "" {
-		warnings = append(warnings, warn)
-	}
-
-	if hostConfig.PidsLimit != nil && *hostConfig.PidsLimit <= 0 {
+	if hostConfig != nil && hostConfig.PidsLimit != nil && *hostConfig.PidsLimit <= 0 {
 		// Don't set a limit if either no limit was specified, or "unlimited" was
 		// explicitly set.
 		// Both `0` and `-1` are accepted as "unlimited", and historically any
@@ -643,7 +588,7 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 		hostConfig.PidsLimit = nil
 	}

-	ccr, err := s.backend.ContainerCreate(ctx, backend.ContainerCreateConfig{
+	ccr, err := s.backend.ContainerCreate(ctx, types.ContainerCreateConfig{
 		Name:             name,
 		Config:           config,
 		HostConfig:       hostConfig,
@@ -654,65 +599,17 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 	if err != nil {
 		return err
 	}
-	ccr.Warnings = append(ccr.Warnings, warnings...)
+
 	return httputils.WriteJSON(w, http.StatusCreated, ccr)
 }

-// handleMACAddressBC takes care of backward-compatibility for the container-wide MAC address by mutating the
-// networkingConfig to set the endpoint-specific MACAddress field introduced in API v1.44. It returns a warning message
-// or an error if the container-wide field was specified for API >= v1.44.
-func handleMACAddressBC(config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, version string) (string, error) {
-	if config.MacAddress == "" { //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
-		return "", nil
-	}
-
-	deprecatedMacAddress := config.MacAddress //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
-
-	if versions.LessThan(version, "1.44") {
-		// The container-wide MacAddress parameter is deprecated and should now be specified in EndpointsConfig.
-		if hostConfig.NetworkMode.IsDefault() || hostConfig.NetworkMode.IsBridge() || hostConfig.NetworkMode.IsUserDefined() {
-			nwName := hostConfig.NetworkMode.NetworkName()
-			if _, ok := networkingConfig.EndpointsConfig[nwName]; !ok {
-				networkingConfig.EndpointsConfig[nwName] = &network.EndpointSettings{}
-			}
-			// Overwrite the config: either the endpoint's MacAddress was set by the user on API < v1.44, which
-			// must be ignored, or migrate the top-level MacAddress to the endpoint's config.
-			networkingConfig.EndpointsConfig[nwName].MacAddress = deprecatedMacAddress
-		}
-		if !hostConfig.NetworkMode.IsDefault() && !hostConfig.NetworkMode.IsBridge() && !hostConfig.NetworkMode.IsUserDefined() {
-			return "", runconfig.ErrConflictContainerNetworkAndMac
-		}
-
-		return "", nil
-	}
-
-	var warning string
-	if hostConfig.NetworkMode.IsDefault() || hostConfig.NetworkMode.IsBridge() || hostConfig.NetworkMode.IsUserDefined() {
-		nwName := hostConfig.NetworkMode.NetworkName()
-		if _, ok := networkingConfig.EndpointsConfig[nwName]; !ok {
-			networkingConfig.EndpointsConfig[nwName] = &network.EndpointSettings{}
-		}
-
-		ep := networkingConfig.EndpointsConfig[nwName]
-		if ep.MacAddress == "" {
-			ep.MacAddress = deprecatedMacAddress
-		} else if ep.MacAddress != deprecatedMacAddress {
-			return "", errdefs.InvalidParameter(errors.New("the container-wide MAC address should match the endpoint-specific MAC address for the main network or should be left empty"))
-		}
-	}
-	warning = "The container-wide MacAddress field is now deprecated. It should be specified in EndpointsConfig instead."
-	config.MacAddress = "" //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
-
-	return warning, nil
-}
-
 func (s *containerRouter) deleteContainers(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
 	}

 	name := vars["name"]
-	config := &backend.ContainerRmConfig{
+	config := &types.ContainerRmConfig{
 		ForceRemove:  httputils.BoolValue(r, "force"),
 		RemoveVolume: httputils.BoolValue(r, "v"),
 		RemoveLink:   httputils.BoolValue(r, "link"),
@@ -797,11 +694,11 @@ func (s *containerRouter) postContainersAttach(ctx context.Context, w http.Respo
 	}

 	if err = s.backend.ContainerAttach(containerName, attachConfig); err != nil {
-		log.G(ctx).WithError(err).Errorf("Handler for %s %s returned error", r.Method, r.URL.Path)
+		logrus.WithError(err).Errorf("Handler for %s %s returned error", r.Method, r.URL.Path)
 		// Remember to close stream if error happens
 		conn, _, errHijack := hijacker.Hijack()
 		if errHijack != nil {
-			log.G(ctx).WithError(err).Errorf("Handler for %s %s: unable to close stream; error when hijacking connection", r.Method, r.URL.Path)
+			logrus.WithError(err).Errorf("Handler for %s %s: unable to close stream; error when hijacking connection", r.Method, r.URL.Path)
 		} else {
 			statusCode := httpstatus.FromError(err)
 			statusText := http.StatusText(statusCode)
@@ -871,9 +768,9 @@ func (s *containerRouter) wsContainersAttach(ctx context.Context, w http.Respons
 	select {
 	case <-started:
 		if err != nil {
-			log.G(ctx).Errorf("Error attaching websocket: %s", err)
+			logrus.Errorf("Error attaching websocket: %s", err)
 		} else {
-			log.G(ctx).Debug("websocket connection was closed by client")
+			logrus.Debug("websocket connection was closed by client")
 		}
 		return nil
 	default:
--- a/api/server/router/container/exec.go
+++ b/api/server/router/container/exec.go
@@ -7,13 +7,13 @@ import (
 	"net/http"
 	"strconv"

-	"github.com/containerd/log"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/sirupsen/logrus"
 )

 func (s *containerRouter) getExecByID(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -56,7 +56,7 @@ func (s *containerRouter) postContainerExecCreate(ctx context.Context, w http.Re
 	// Register an instance of Exec in container.
 	id, err := s.backend.ContainerExecCreate(vars["name"], execConfig)
 	if err != nil {
-		log.G(ctx).Errorf("Error setting up exec command in container %s: %v", vars["name"], err)
+		logrus.Errorf("Error setting up exec command in container %s: %v", vars["name"], err)
 		return err
 	}

@@ -154,7 +154,7 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 			return err
 		}
 		stdout.Write([]byte(err.Error() + "\r\n"))
-		log.G(ctx).Errorf("Error running exec %s in container: %v", execName, err)
+		logrus.Errorf("Error running exec %s in container: %v", execName, err)
 	}
 	return nil
 }
--- a/api/server/router/distribution/backend.go
+++ b/api/server/router/distribution/backend.go
@@ -3,13 +3,13 @@ package distribution // import "github.com/docker/docker/api/server/router/distr
 import (
 	"context"

-	"github.com/distribution/reference"
 	"github.com/docker/distribution"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types/registry"
 )

 // Backend is all the methods that need to be implemented
 // to provide image specific functionality.
 type Backend interface {
-	GetRepositories(context.Context, reference.Named, *registry.AuthConfig) ([]distribution.Repository, error)
+	GetRepository(context.Context, reference.Named, *registry.AuthConfig) (distribution.Repository, error)
 }
--- a/api/server/router/distribution/distribution_routes.go
+++ b/api/server/router/distribution/distribution_routes.go
@@ -5,11 +5,10 @@ import (
 	"encoding/json"
 	"net/http"

-	"github.com/distribution/reference"
-	"github.com/docker/distribution"
 	"github.com/docker/distribution/manifest/manifestlist"
 	"github.com/docker/distribution/manifest/schema1"
 	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/errdefs"
@@ -43,50 +42,24 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res
 	// For a search it is not an error if no auth was given. Ignore invalid
 	// AuthConfig to increase compatibility with the existing API.
 	authConfig, _ := registry.DecodeAuthConfig(r.Header.Get(registry.AuthHeader))
-	repos, err := s.backend.GetRepositories(ctx, namedRef, authConfig)
+	distrepo, err := s.backend.GetRepository(ctx, namedRef, authConfig)
 	if err != nil {
 		return err
 	}
+	blobsrvc := distrepo.Blobs(ctx)

-	// Fetch the manifest; if a mirror is configured, try the mirror first,
-	// but continue with upstream on failure.
-	//
-	// FIXME(thaJeztah): construct "repositories" on-demand;
-	// GetRepositories() will attempt to connect to all endpoints (registries),
-	// but we may only need the first one if it contains the manifest we're
-	// looking for, or if the configured mirror is a pull-through mirror.
-	//
-	// Logic for this could be implemented similar to "distribution.Pull()",
-	// which uses the "pullEndpoints" utility to iterate over the list
-	// of endpoints;
-	//
-	// - https://github.com/moby/moby/blob/12c7411b6b7314bef130cd59f1c7384a7db06d0b/distribution/pull.go#L17-L31
-	// - https://github.com/moby/moby/blob/12c7411b6b7314bef130cd59f1c7384a7db06d0b/distribution/pull.go#L76-L152
-	var lastErr error
-	for _, repo := range repos {
-		distributionInspect, err := s.fetchManifest(ctx, repo, namedRef)
-		if err != nil {
-			lastErr = err
-			continue
-		}
-		return httputils.WriteJSON(w, http.StatusOK, distributionInspect)
-	}
-	return lastErr
-}
-
-func (s *distributionRouter) fetchManifest(ctx context.Context, distrepo distribution.Repository, namedRef reference.Named) (registry.DistributionInspect, error) {
 	var distributionInspect registry.DistributionInspect
 	if canonicalRef, ok := namedRef.(reference.Canonical); !ok {
 		namedRef = reference.TagNameOnly(namedRef)

 		taggedRef, ok := namedRef.(reference.NamedTagged)
 		if !ok {
-			return registry.DistributionInspect{}, errdefs.InvalidParameter(errors.Errorf("image reference not tagged: %s", namedRef))
+			return errdefs.InvalidParameter(errors.Errorf("image reference not tagged: %s", image))
 		}

 		descriptor, err := distrepo.Tags(ctx).Get(ctx, taggedRef.Tag())
 		if err != nil {
-			return registry.DistributionInspect{}, err
+			return err
 		}
 		distributionInspect.Descriptor = ocispec.Descriptor{
 			MediaType: descriptor.MediaType,
@@ -103,7 +76,7 @@ func (s *distributionRouter) fetchManifest(ctx context.Context, distrepo distrib
 	// we have a digest, so we can retrieve the manifest
 	mnfstsrvc, err := distrepo.Manifests(ctx)
 	if err != nil {
-		return registry.DistributionInspect{}, err
+		return err
 	}
 	mnfst, err := mnfstsrvc.Get(ctx, distributionInspect.Descriptor.Digest)
 	if err != nil {
@@ -115,14 +88,14 @@ func (s *distributionRouter) fetchManifest(ctx context.Context, distrepo distrib
 			reference.ErrNameEmpty,
 			reference.ErrNameTooLong,
 			reference.ErrNameNotCanonical:
-			return registry.DistributionInspect{}, errdefs.InvalidParameter(err)
+			return errdefs.InvalidParameter(err)
 		}
-		return registry.DistributionInspect{}, err
+		return err
 	}

 	mediaType, payload, err := mnfst.Payload()
 	if err != nil {
-		return registry.DistributionInspect{}, err
+		return err
 	}
 	// update MediaType because registry might return something incorrect
 	distributionInspect.Descriptor.MediaType = mediaType
@@ -143,8 +116,7 @@ func (s *distributionRouter) fetchManifest(ctx context.Context, distrepo distrib
 			})
 		}
 	case *schema2.DeserializedManifest:
-		blobStore := distrepo.Blobs(ctx)
-		configJSON, err := blobStore.Get(ctx, mnfstObj.Config.Digest)
+		configJSON, err := blobsrvc.Get(ctx, mnfstObj.Config.Digest)
 		var platform ocispec.Platform
 		if err == nil {
 			err := json.Unmarshal(configJSON, &platform)
@@ -159,5 +131,6 @@ func (s *distributionRouter) fetchManifest(ctx context.Context, distrepo distrib
 		}
 		distributionInspect.Platforms = append(distributionInspect.Platforms, platform)
 	}
-	return distributionInspect, nil
+
+	return httputils.WriteJSON(w, http.StatusOK, distributionInspect)
 }
--- a/api/server/router/grpc/grpc.go
+++ b/api/server/router/grpc/grpc.go
@@ -1,13 +1,8 @@
 package grpc // import "github.com/docker/docker/api/server/router/grpc"

 import (
-	"context"
-	"strings"
-
 	"github.com/docker/docker/api/server/router"
-	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
 	"github.com/moby/buildkit/util/grpcerrors"
-	"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"
 	"golang.org/x/net/http2"
 	"google.golang.org/grpc"
 )
@@ -20,12 +15,12 @@ type grpcRouter struct {

 // NewRouter initializes a new grpc http router
 func NewRouter(backends ...Backend) router.Router {
-	unary := grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(unaryInterceptor(), grpcerrors.UnaryServerInterceptor))
-	stream := grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(otelgrpc.StreamServerInterceptor(), grpcerrors.StreamServerInterceptor))
-
 	r := &grpcRouter{
-		h2Server:   &http2.Server{},
-		grpcServer: grpc.NewServer(unary, stream),
+		h2Server: &http2.Server{},
+		grpcServer: grpc.NewServer(
+			grpc.UnaryInterceptor(grpcerrors.UnaryServerInterceptor),
+			grpc.StreamInterceptor(grpcerrors.StreamServerInterceptor),
+		),
 	}
 	for _, b := range backends {
 		b.RegisterGRPC(r.grpcServer)
@@ -44,17 +39,3 @@ func (gr *grpcRouter) initRoutes() {
 		router.NewPostRoute("/grpc", gr.serveGRPC),
 	}
 }
-
-func unaryInterceptor() grpc.UnaryServerInterceptor {
-	withTrace := otelgrpc.UnaryServerInterceptor()
-
-	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
-		// This method is used by the clients to send their traces to buildkit so they can be included
-		// in the daemon trace and stored in the build history record. This method can not be traced because
-		// it would cause an infinite loop.
-		if strings.HasSuffix(info.FullMethod, "opentelemetry.proto.collector.trace.v1.TraceService/Export") {
-			return handler(ctx, req)
-		}
-		return withTrace(ctx, req, info, handler)
-	}
-}
--- a/api/server/router/image/backend.go
+++ b/api/server/router/image/backend.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"io"

-	"github.com/distribution/reference"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/image"
@@ -22,9 +22,9 @@ type Backend interface {
 }

 type imageBackend interface {
-	ImageDelete(ctx context.Context, imageRef string, force, prune bool) ([]image.DeleteResponse, error)
+	ImageDelete(ctx context.Context, imageRef string, force, prune bool) ([]types.ImageDeleteResponseItem, error)
 	ImageHistory(ctx context.Context, imageName string) ([]*image.HistoryResponseItem, error)
-	Images(ctx context.Context, opts types.ImageListOptions) ([]*image.Summary, error)
+	Images(ctx context.Context, opts types.ImageListOptions) ([]*types.ImageSummary, error)
 	GetImage(ctx context.Context, refOrID string, options image.GetImageOpts) (*dockerimage.Image, error)
 	TagImage(ctx context.Context, id dockerimage.ID, newRef reference.Named) error
 	ImagesPrune(ctx context.Context, pruneFilters filters.Args) (*types.ImagesPruneReport, error)
@@ -37,7 +37,7 @@ type importExportBackend interface {
 }

 type registryBackend interface {
-	PullImage(ctx context.Context, ref reference.Named, platform *ocispec.Platform, metaHeaders map[string][]string, authConfig *registry.AuthConfig, outStream io.Writer) error
+	PullImage(ctx context.Context, image, tag string, platform *ocispec.Platform, metaHeaders map[string][]string, authConfig *registry.AuthConfig, outStream io.Writer) error
 	PushImage(ctx context.Context, ref reference.Named, metaHeaders map[string][]string, authConfig *registry.AuthConfig, outStream io.Writer) error
 }

--- a/api/server/router/image/image_routes.go
+++ b/api/server/router/image/image_routes.go
@@ -2,7 +2,6 @@ package image // import "github.com/docker/docker/api/server/router/image"

 import (
 	"context"
-	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -11,8 +10,7 @@ import (
 	"time"

 	"github.com/containerd/containerd/platforms"
-	"github.com/distribution/reference"
-	"github.com/docker/docker/api"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
@@ -26,7 +24,6 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
-	"github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
@@ -69,39 +66,10 @@ func (ir *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWrit
 			}
 		}

-		// Special case: "pull -a" may send an image name with a
-		// trailing :. This is ugly, but let's not break API
-		// compatibility.
-		image := strings.TrimSuffix(img, ":")
-
-		ref, err := reference.ParseNormalizedNamed(image)
-		if err != nil {
-			return errdefs.InvalidParameter(err)
-		}
-
-		// TODO(thaJeztah) this could use a WithTagOrDigest() utility
-		if tag != "" {
-			// The "tag" could actually be a digest.
-			var dgst digest.Digest
-			dgst, err = digest.Parse(tag)
-			if err == nil {
-				ref, err = reference.WithDigest(reference.TrimNamed(ref), dgst)
-			} else {
-				ref, err = reference.WithTag(ref, tag)
-			}
-			if err != nil {
-				return errdefs.InvalidParameter(err)
-			}
-		}
-
-		if err := validateRepoName(ref); err != nil {
-			return errdefs.Forbidden(err)
-		}
-
 		// For a pull it is not an error if no auth was given. Ignore invalid
 		// AuthConfig to increase compatibility with the existing API.
 		authConfig, _ := registry.DecodeAuthConfig(r.Header.Get(registry.AuthHeader))
-		progressErr = ir.backend.PullImage(ctx, ref, platform, metaHeaders, authConfig, output)
+		progressErr = ir.backend.PullImage(ctx, img, tag, platform, metaHeaders, authConfig, output)
 	} else { // import
 		src := r.Form.Get("fromSrc")

@@ -295,10 +263,6 @@ func (ir *imageRouter) getImagesByName(ctx context.Context, w http.ResponseWrite
 		return err
 	}

-	version := httputils.VersionFromContext(ctx)
-	if versions.LessThan(version, "1.44") {
-		imageInspect.VirtualSize = imageInspect.Size //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.
-	}
 	return httputils.WriteJSON(w, http.StatusOK, imageInspect)
 }

@@ -326,20 +290,15 @@ func (ir *imageRouter) toImageInspect(img *image.Image) (*types.ImageInspect, er
 		repoDigests = []string{}
 	}

-	var created string
-	if img.Created != nil {
-		created = img.Created.Format(time.RFC3339Nano)
-	}
-
 	return &types.ImageInspect{
 		ID:              img.ID().String(),
 		RepoTags:        repoTags,
 		RepoDigests:     repoDigests,
 		Parent:          img.Parent.String(),
 		Comment:         comment,
-		Created:         created,
-		Container:       img.Container,        //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.45.
-		ContainerConfig: &img.ContainerConfig, //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.45.
+		Created:         img.Created.Format(time.RFC3339Nano),
+		Container:       img.Container,
+		ContainerConfig: &img.ContainerConfig,
 		DockerVersion:   img.DockerVersion,
 		Author:          img.Author,
 		Config:          img.Config,
@@ -348,12 +307,13 @@ func (ir *imageRouter) toImageInspect(img *image.Image) (*types.ImageInspect, er
 		Os:              img.OperatingSystem(),
 		OsVersion:       img.OSVersion,
 		Size:            img.Details.Size,
+		VirtualSize:     img.Details.Size, //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.
 		GraphDriver: types.GraphDriverData{
 			Name: img.Details.Driver,
 			Data: img.Details.Metadata,
 		},
 		RootFS: rootFSToAPIType(img.RootFS),
-		Metadata: opts.Metadata{
+		Metadata: types.ImageMetadata{
 			LastTagTime: img.Details.LastUpdated,
 		},
 	}, nil
@@ -405,7 +365,6 @@ func (ir *imageRouter) getImagesJSON(ctx context.Context, w http.ResponseWriter,
 	}

 	useNone := versions.LessThan(version, "1.43")
-	withVirtualSize := versions.LessThan(version, "1.44")
 	for _, img := range images {
 		if useNone {
 			if len(img.RepoTags) == 0 && len(img.RepoDigests) == 0 {
@@ -420,9 +379,6 @@ func (ir *imageRouter) getImagesJSON(ctx context.Context, w http.ResponseWriter,
 				img.RepoDigests = []string{}
 			}
 		}
-		if withVirtualSize {
-			img.VirtualSize = img.Size //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.
-		}
 	}

 	return httputils.WriteJSON(w, http.StatusOK, images)
@@ -447,11 +403,6 @@ func (ir *imageRouter) postImagesTag(ctx context.Context, w http.ResponseWriter,
 		return errdefs.InvalidParameter(err)
 	}

-	refName := reference.FamiliarName(ref)
-	if refName == string(digest.Canonical) {
-		return errdefs.InvalidParameter(errors.New("refusing to create an ambiguous tag using digest algorithm as name"))
-	}
-
 	img, err := ir.backend.GetImage(ctx, vars["name"], opts.GetImageOpts{})
 	if err != nil {
 		return errdefs.NotFound(err)
@@ -486,7 +437,7 @@ func (ir *imageRouter) getImagesSearch(ctx context.Context, w http.ResponseWrite
 	// AuthConfig to increase compatibility with the existing API.
 	authConfig, _ := registry.DecodeAuthConfig(r.Header.Get(registry.AuthHeader))

-	headers := http.Header{}
+	var headers = http.Header{}
 	for k, v := range r.Header {
 		k = http.CanonicalHeaderKey(k)
 		if strings.HasPrefix(k, "X-Meta-") {
@@ -517,12 +468,3 @@ func (ir *imageRouter) postImagesPrune(ctx context.Context, w http.ResponseWrite
 	}
 	return httputils.WriteJSON(w, http.StatusOK, pruneReport)
 }
-
-// validateRepoName validates the name of a repository.
-func validateRepoName(name reference.Named) error {
-	familiarName := reference.FamiliarName(name)
-	if familiarName == api.NoBaseImageSpecifier {
-		return fmt.Errorf("'%s' is a reserved name", familiarName)
-	}
-	return nil
-}
--- a/api/server/router/network/backend.go
+++ b/api/server/router/network/backend.go
@@ -4,15 +4,16 @@ import (
 	"context"

 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/libnetwork"
 )

 // Backend is all the methods that need to be implemented
 // to provide network specific functionality.
 type Backend interface {
-	GetNetworks(filters.Args, backend.NetworkListConfig) ([]types.NetworkResource, error)
+	FindNetwork(idName string) (libnetwork.Network, error)
+	GetNetworks(filters.Args, types.NetworkListConfig) ([]types.NetworkResource, error)
 	CreateNetwork(nc types.NetworkCreateRequest) (*types.NetworkCreateResponse, error)
 	ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error
 	DisconnectContainerFromNetwork(containerName string, networkName string, force bool) error
--- a/api/server/router/network/filter.go
+++ b/api/server/router/network/filter.go
@@ -0,0 +1 @@
+package network // import "github.com/docker/docker/api/server/router/network"
--- a/api/server/router/network/network_routes.go
+++ b/api/server/router/network/network_routes.go
@@ -8,13 +8,12 @@ import (

 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/libnetwork"
-	"github.com/docker/docker/libnetwork/scope"
+	netconst "github.com/docker/docker/libnetwork/datastore"
 	"github.com/pkg/errors"
 )

@@ -40,7 +39,7 @@ func (n *networkRouter) getNetworksList(ctx context.Context, w http.ResponseWrit

 	// Combine the network list returned by Docker daemon if it is not already
 	// returned by the cluster manager
-	localNetworks, err := n.backend.GetNetworks(filter, backend.NetworkListConfig{Detailed: versions.LessThan(httputils.VersionFromContext(ctx), "1.28")})
+	localNetworks, err := n.backend.GetNetworks(filter, types.NetworkListConfig{Detailed: versions.LessThan(httputils.VersionFromContext(ctx), "1.28")})
 	if err != nil {
 		return err
 	}
@@ -84,6 +83,10 @@ func (e ambigousResultsError) Error() string {

 func (ambigousResultsError) InvalidParameter() {}

+func nameConflict(name string) error {
+	return errdefs.Conflict(libnetwork.NetworkNameError(name))
+}
+
 func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
@@ -99,7 +102,7 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r
 			return errors.Wrapf(invalidRequestError{err}, "invalid value for verbose: %s", v)
 		}
 	}
-	networkScope := r.URL.Query().Get("scope")
+	scope := r.URL.Query().Get("scope")

 	// In case multiple networks have duplicate names, return error.
 	// TODO (yongtang): should we wrap with version here for backward compatibility?
@@ -115,23 +118,23 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r
 	// TODO(@cpuguy83): All this logic for figuring out which network to return does not belong here
 	// Instead there should be a backend function to just get one network.
 	filter := filters.NewArgs(filters.Arg("idOrName", term))
-	if networkScope != "" {
-		filter.Add("scope", networkScope)
+	if scope != "" {
+		filter.Add("scope", scope)
 	}
-	networks, _ := n.backend.GetNetworks(filter, backend.NetworkListConfig{Detailed: true, Verbose: verbose})
-	for _, nw := range networks {
-		if nw.ID == term {
-			return httputils.WriteJSON(w, http.StatusOK, nw)
+	nw, _ := n.backend.GetNetworks(filter, types.NetworkListConfig{Detailed: true, Verbose: verbose})
+	for _, network := range nw {
+		if network.ID == term {
+			return httputils.WriteJSON(w, http.StatusOK, network)
 		}
-		if nw.Name == term {
+		if network.Name == term {
 			// No need to check the ID collision here as we are still in
 			// local scope and the network ID is unique in this scope.
-			listByFullName[nw.ID] = nw
+			listByFullName[network.ID] = network
 		}
-		if strings.HasPrefix(nw.ID, term) {
+		if strings.HasPrefix(network.ID, term) {
 			// No need to check the ID collision here as we are still in
 			// local scope and the network ID is unique in this scope.
-			listByPartialID[nw.ID] = nw
+			listByPartialID[network.ID] = network
 		}
 	}

@@ -141,7 +144,7 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r
 		// or if the get network was passed with a network name and scope as swarm
 		// return the network. Skipped using isMatchingScope because it is true if the scope
 		// is not set which would be case if the client API v1.30
-		if strings.HasPrefix(nwk.ID, term) || networkScope == scope.Swarm {
+		if strings.HasPrefix(nwk.ID, term) || (netconst.SwarmScope == scope) {
 			// If we have a previous match "backend", return it, we need verbose when enabled
 			// ex: overlay/partial_ID or name/swarm_scope
 			if nwv, ok := listByPartialID[nwk.ID]; ok {
@@ -153,25 +156,25 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r
 		}
 	}

-	networks, _ = n.cluster.GetNetworks(filter)
-	for _, nw := range networks {
-		if nw.ID == term {
-			return httputils.WriteJSON(w, http.StatusOK, nw)
+	nr, _ := n.cluster.GetNetworks(filter)
+	for _, network := range nr {
+		if network.ID == term {
+			return httputils.WriteJSON(w, http.StatusOK, network)
 		}
-		if nw.Name == term {
+		if network.Name == term {
 			// Check the ID collision as we are in swarm scope here, and
 			// the map (of the listByFullName) may have already had a
 			// network with the same ID (from local scope previously)
-			if _, ok := listByFullName[nw.ID]; !ok {
-				listByFullName[nw.ID] = nw
+			if _, ok := listByFullName[network.ID]; !ok {
+				listByFullName[network.ID] = network
 			}
 		}
-		if strings.HasPrefix(nw.ID, term) {
+		if strings.HasPrefix(network.ID, term) {
 			// Check the ID collision as we are in swarm scope here, and
 			// the map (of the listByPartialID) may have already had a
 			// network with the same ID (from local scope previously)
-			if _, ok := listByPartialID[nw.ID]; !ok {
-				listByPartialID[nw.ID] = nw
+			if _, ok := listByPartialID[network.ID]; !ok {
+				listByPartialID[network.ID] = network
 			}
 		}
 	}
@@ -210,11 +213,21 @@ func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWr
 	}

 	if nws, err := n.cluster.GetNetworksByName(create.Name); err == nil && len(nws) > 0 {
-		return libnetwork.NetworkNameError(create.Name)
+		return nameConflict(create.Name)
 	}

 	nw, err := n.backend.CreateNetwork(create)
 	if err != nil {
+		var warning string
+		if _, ok := err.(libnetwork.NetworkNameError); ok {
+			// check if user defined CheckDuplicate, if set true, return err
+			// otherwise prepare a warning message
+			if create.CheckDuplicate {
+				return nameConflict(create.Name)
+			}
+			warning = libnetwork.NetworkNameError(create.Name).Error()
+		}
+
 		if _, ok := err.(libnetwork.ManagerRedirectError); !ok {
 			return err
 		}
@@ -223,7 +236,8 @@ func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWr
 			return err
 		}
 		nw = &types.NetworkCreateResponse{
-			ID: id,
+			ID:      id,
+			Warning: warning,
 		}
 	}

@@ -312,42 +326,42 @@ func (n *networkRouter) findUniqueNetwork(term string) (types.NetworkResource, e
 	listByPartialID := map[string]types.NetworkResource{}

 	filter := filters.NewArgs(filters.Arg("idOrName", term))
-	networks, _ := n.backend.GetNetworks(filter, backend.NetworkListConfig{Detailed: true})
-	for _, nw := range networks {
-		if nw.ID == term {
-			return nw, nil
+	nw, _ := n.backend.GetNetworks(filter, types.NetworkListConfig{Detailed: true})
+	for _, network := range nw {
+		if network.ID == term {
+			return network, nil
 		}
-		if nw.Name == term && !nw.Ingress {
+		if network.Name == term && !network.Ingress {
 			// No need to check the ID collision here as we are still in
 			// local scope and the network ID is unique in this scope.
-			listByFullName[nw.ID] = nw
+			listByFullName[network.ID] = network
 		}
-		if strings.HasPrefix(nw.ID, term) {
+		if strings.HasPrefix(network.ID, term) {
 			// No need to check the ID collision here as we are still in
 			// local scope and the network ID is unique in this scope.
-			listByPartialID[nw.ID] = nw
+			listByPartialID[network.ID] = network
 		}
 	}

-	networks, _ = n.cluster.GetNetworks(filter)
-	for _, nw := range networks {
-		if nw.ID == term {
-			return nw, nil
+	nr, _ := n.cluster.GetNetworks(filter)
+	for _, network := range nr {
+		if network.ID == term {
+			return network, nil
 		}
-		if nw.Name == term {
+		if network.Name == term {
 			// Check the ID collision as we are in swarm scope here, and
 			// the map (of the listByFullName) may have already had a
 			// network with the same ID (from local scope previously)
-			if _, ok := listByFullName[nw.ID]; !ok {
-				listByFullName[nw.ID] = nw
+			if _, ok := listByFullName[network.ID]; !ok {
+				listByFullName[network.ID] = network
 			}
 		}
-		if strings.HasPrefix(nw.ID, term) {
+		if strings.HasPrefix(network.ID, term) {
 			// Check the ID collision as we are in swarm scope here, and
 			// the map (of the listByPartialID) may have already had a
 			// network with the same ID (from local scope previously)
-			if _, ok := listByPartialID[nw.ID]; !ok {
-				listByPartialID[nw.ID] = nw
+			if _, ok := listByPartialID[network.ID]; !ok {
+				listByPartialID[network.ID] = network
 			}
 		}
 	}
--- a/api/server/router/plugin/backend.go
+++ b/api/server/router/plugin/backend.go
@@ -5,9 +5,8 @@ import (
 	"io"
 	"net/http"

-	"github.com/distribution/reference"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/plugin"
@@ -15,11 +14,11 @@ import (

 // Backend for Plugin
 type Backend interface {
-	Disable(name string, config *backend.PluginDisableConfig) error
-	Enable(name string, config *backend.PluginEnableConfig) error
+	Disable(name string, config *types.PluginDisableConfig) error
+	Enable(name string, config *types.PluginEnableConfig) error
 	List(filters.Args) ([]types.Plugin, error)
 	Inspect(name string) (*types.Plugin, error)
-	Remove(name string, config *backend.PluginRmConfig) error
+	Remove(name string, config *types.PluginRmConfig) error
 	Set(name string, args []string) error
 	Privileges(ctx context.Context, ref reference.Named, metaHeaders http.Header, authConfig *registry.AuthConfig) (types.PluginPrivileges, error)
 	Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *registry.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer, opts ...plugin.CreateOpt) error
--- a/api/server/router/plugin/plugin_routes.go
+++ b/api/server/router/plugin/plugin_routes.go
@@ -6,10 +6,9 @@ import (
 	"strconv"
 	"strings"

-	"github.com/distribution/reference"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/pkg/ioutils"
@@ -187,8 +186,7 @@ func (pr *pluginRouter) createPlugin(ctx context.Context, w http.ResponseWriter,
 	}

 	options := &types.PluginCreateOptions{
-		RepoName: r.FormValue("name"),
-	}
+		RepoName: r.FormValue("name")}

 	if err := pr.backend.CreateFromContext(ctx, r.Body, options); err != nil {
 		return err
@@ -208,7 +206,7 @@ func (pr *pluginRouter) enablePlugin(ctx context.Context, w http.ResponseWriter,
 	if err != nil {
 		return err
 	}
-	config := &backend.PluginEnableConfig{Timeout: timeout}
+	config := &types.PluginEnableConfig{Timeout: timeout}

 	return pr.backend.Enable(name, config)
 }
@@ -219,7 +217,7 @@ func (pr *pluginRouter) disablePlugin(ctx context.Context, w http.ResponseWriter
 	}

 	name := vars["name"]
-	config := &backend.PluginDisableConfig{
+	config := &types.PluginDisableConfig{
 		ForceDisable: httputils.BoolValue(r, "force"),
 	}

@@ -232,7 +230,7 @@ func (pr *pluginRouter) removePlugin(ctx context.Context, w http.ResponseWriter,
 	}

 	name := vars["name"]
-	config := &backend.PluginRmConfig{
+	config := &types.PluginRmConfig{
 		ForceRemove: httputils.BoolValue(r, "force"),
 	}
 	return pr.backend.Remove(name, config)
--- a/api/server/router/swarm/backend.go
+++ b/api/server/router/swarm/backend.go
@@ -3,41 +3,46 @@ package swarm // import "github.com/docker/docker/api/server/router/swarm"
 import (
 	"context"

-	"github.com/docker/docker/api/types"
+	basictypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/swarm"
+	types "github.com/docker/docker/api/types/swarm"
 )

 // Backend abstracts a swarm manager.
 type Backend interface {
-	Init(req swarm.InitRequest) (string, error)
-	Join(req swarm.JoinRequest) error
+	Init(req types.InitRequest) (string, error)
+	Join(req types.JoinRequest) error
 	Leave(ctx context.Context, force bool) error
-	Inspect() (swarm.Swarm, error)
-	Update(uint64, swarm.Spec, swarm.UpdateFlags) error
+	Inspect() (types.Swarm, error)
+	Update(uint64, types.Spec, types.UpdateFlags) error
 	GetUnlockKey() (string, error)
-	UnlockSwarm(req swarm.UnlockRequest) error
-	GetServices(types.ServiceListOptions) ([]swarm.Service, error)
-	GetService(idOrName string, insertDefaults bool) (swarm.Service, error)
-	CreateService(swarm.ServiceSpec, string, bool) (*swarm.ServiceCreateResponse, error)
-	UpdateService(string, uint64, swarm.ServiceSpec, types.ServiceUpdateOptions, bool) (*swarm.ServiceUpdateResponse, error)
+	UnlockSwarm(req types.UnlockRequest) error
+
+	GetServices(basictypes.ServiceListOptions) ([]types.Service, error)
+	GetService(idOrName string, insertDefaults bool) (types.Service, error)
+	CreateService(types.ServiceSpec, string, bool) (*basictypes.ServiceCreateResponse, error)
+	UpdateService(string, uint64, types.ServiceSpec, basictypes.ServiceUpdateOptions, bool) (*basictypes.ServiceUpdateResponse, error)
 	RemoveService(string) error
-	ServiceLogs(context.Context, *backend.LogSelector, *container.LogsOptions) (<-chan *backend.LogMessage, error)
-	GetNodes(types.NodeListOptions) ([]swarm.Node, error)
-	GetNode(string) (swarm.Node, error)
-	UpdateNode(string, uint64, swarm.NodeSpec) error
+
+	ServiceLogs(context.Context, *backend.LogSelector, *basictypes.ContainerLogsOptions) (<-chan *backend.LogMessage, error)
+
+	GetNodes(basictypes.NodeListOptions) ([]types.Node, error)
+	GetNode(string) (types.Node, error)
+	UpdateNode(string, uint64, types.NodeSpec) error
 	RemoveNode(string, bool) error
-	GetTasks(types.TaskListOptions) ([]swarm.Task, error)
-	GetTask(string) (swarm.Task, error)
-	GetSecrets(opts types.SecretListOptions) ([]swarm.Secret, error)
-	CreateSecret(s swarm.SecretSpec) (string, error)
+
+	GetTasks(basictypes.TaskListOptions) ([]types.Task, error)
+	GetTask(string) (types.Task, error)
+
+	GetSecrets(opts basictypes.SecretListOptions) ([]types.Secret, error)
+	CreateSecret(s types.SecretSpec) (string, error)
 	RemoveSecret(idOrName string) error
-	GetSecret(id string) (swarm.Secret, error)
-	UpdateSecret(idOrName string, version uint64, spec swarm.SecretSpec) error
-	GetConfigs(opts types.ConfigListOptions) ([]swarm.Config, error)
-	CreateConfig(s swarm.ConfigSpec) (string, error)
+	GetSecret(id string) (types.Secret, error)
+	UpdateSecret(idOrName string, version uint64, spec types.SecretSpec) error
+
+	GetConfigs(opts basictypes.ConfigListOptions) ([]types.Config, error)
+	CreateConfig(s types.ConfigSpec) (string, error)
 	RemoveConfig(id string) error
-	GetConfig(id string) (swarm.Config, error)
-	UpdateConfig(idOrName string, version uint64, spec swarm.ConfigSpec) error
+	GetConfig(id string) (types.Config, error)
+	UpdateConfig(idOrName string, version uint64, spec types.ConfigSpec) error
 }
--- a/api/server/router/swarm/cluster_routes.go
+++ b/api/server/router/swarm/cluster_routes.go
@@ -6,7 +6,6 @@ import (
 	"net/http"
 	"strconv"

-	"github.com/containerd/log"
 	"github.com/docker/docker/api/server/httputils"
 	basictypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
@@ -16,6 +15,7 @@ import (
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )

 func (sr *swarmRouter) initCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -36,7 +36,7 @@ func (sr *swarmRouter) initCluster(ctx context.Context, w http.ResponseWriter, r
 	}
 	nodeID, err := sr.backend.Init(req)
 	if err != nil {
-		log.G(ctx).WithContext(ctx).WithError(err).Debug("Error initializing swarm")
+		logrus.WithContext(ctx).WithError(err).Debug("Error initializing swarm")
 		return err
 	}
 	return httputils.WriteJSON(w, http.StatusOK, nodeID)
@@ -62,7 +62,7 @@ func (sr *swarmRouter) leaveCluster(ctx context.Context, w http.ResponseWriter,
 func (sr *swarmRouter) inspectCluster(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	swarm, err := sr.backend.Inspect()
 	if err != nil {
-		log.G(ctx).WithContext(ctx).WithError(err).Debug("Error getting swarm")
+		logrus.WithContext(ctx).WithError(err).Debug("Error getting swarm")
 		return err
 	}

@@ -114,7 +114,7 @@ func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter,
 	}

 	if err := sr.backend.Update(version, swarm, flags); err != nil {
-		log.G(ctx).WithContext(ctx).WithError(err).Debug("Error configuring swarm")
+		logrus.WithContext(ctx).WithError(err).Debug("Error configuring swarm")
 		return err
 	}
 	return nil
@@ -127,7 +127,7 @@ func (sr *swarmRouter) unlockCluster(ctx context.Context, w http.ResponseWriter,
 	}

 	if err := sr.backend.UnlockSwarm(req); err != nil {
-		log.G(ctx).WithContext(ctx).WithError(err).Debug("Error unlocking swarm")
+		logrus.WithContext(ctx).WithError(err).Debug("Error unlocking swarm")
 		return err
 	}
 	return nil
@@ -136,7 +136,7 @@ func (sr *swarmRouter) unlockCluster(ctx context.Context, w http.ResponseWriter,
 func (sr *swarmRouter) getUnlockKey(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	unlockKey, err := sr.backend.GetUnlockKey()
 	if err != nil {
-		log.G(ctx).WithContext(ctx).WithError(err).Debug("Error retrieving swarm unlock key")
+		logrus.WithContext(ctx).WithError(err).Debug("Error retrieving swarm unlock key")
 		return err
 	}

@@ -168,7 +168,7 @@ func (sr *swarmRouter) getServices(ctx context.Context, w http.ResponseWriter, r

 	services, err := sr.backend.GetServices(basictypes.ServiceListOptions{Filters: filter, Status: status})
 	if err != nil {
-		log.G(ctx).WithContext(ctx).WithError(err).Debug("Error getting services")
+		logrus.WithContext(ctx).WithError(err).Debug("Error getting services")
 		return err
 	}

@@ -194,7 +194,7 @@ func (sr *swarmRouter) getService(ctx context.Context, w http.ResponseWriter, r

 	service, err := sr.backend.GetService(vars["id"], insertDefaults)
 	if err != nil {
-		log.G(ctx).WithContext(ctx).WithFields(log.Fields{
+		logrus.WithContext(ctx).WithFields(logrus.Fields{
 			"error":      err,
 			"service-id": vars["id"],
 		}).Debug("Error getting service")
@@ -209,10 +209,6 @@ func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter,
 	if err := httputils.ReadJSON(r, &service); err != nil {
 		return err
 	}
-	// TODO(thaJeztah): remove logentries check and migration code in release v26.0.0.
-	if service.TaskTemplate.LogDriver != nil && service.TaskTemplate.LogDriver.Name == "logentries" {
-		return errdefs.InvalidParameter(errors.New("the logentries logging driver has been deprecated and removed"))
-	}

 	// Get returns "" if the header does not exist
 	encodedAuth := r.Header.Get(registry.AuthHeader)
@@ -223,18 +219,9 @@ func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter,
 		}
 		adjustForAPIVersion(v, &service)
 	}
-
-	version := httputils.VersionFromContext(ctx)
-	if versions.LessThan(version, "1.44") {
-		if service.TaskTemplate.ContainerSpec != nil && service.TaskTemplate.ContainerSpec.Healthcheck != nil {
-			// StartInterval was added in API 1.44
-			service.TaskTemplate.ContainerSpec.Healthcheck.StartInterval = 0
-		}
-	}
-
 	resp, err := sr.backend.CreateService(service, encodedAuth, queryRegistry)
 	if err != nil {
-		log.G(ctx).WithFields(log.Fields{
+		logrus.WithContext(ctx).WithFields(logrus.Fields{
 			"error":        err,
 			"service-name": service.Name,
 		}).Debug("Error creating service")
@@ -249,10 +236,6 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter,
 	if err := httputils.ReadJSON(r, &service); err != nil {
 		return err
 	}
-	// TODO(thaJeztah): remove logentries check and migration code in release v26.0.0.
-	if service.TaskTemplate.LogDriver != nil && service.TaskTemplate.LogDriver.Name == "logentries" {
-		return errdefs.InvalidParameter(errors.New("the logentries logging driver has been deprecated and removed"))
-	}

 	rawVersion := r.URL.Query().Get("version")
 	version, err := strconv.ParseUint(rawVersion, 10, 64)
@@ -277,7 +260,7 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter,

 	resp, err := sr.backend.UpdateService(vars["id"], version, service, flags, queryRegistry)
 	if err != nil {
-		log.G(ctx).WithContext(ctx).WithFields(log.Fields{
+		logrus.WithContext(ctx).WithFields(logrus.Fields{
 			"error":      err,
 			"service-id": vars["id"],
 		}).Debug("Error updating service")
@@ -288,7 +271,7 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter,

 func (sr *swarmRouter) removeService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := sr.backend.RemoveService(vars["id"]); err != nil {
-		log.G(ctx).WithContext(ctx).WithFields(log.Fields{
+		logrus.WithContext(ctx).WithFields(logrus.Fields{
 			"error":      err,
 			"service-id": vars["id"],
 		}).Debug("Error removing service")
@@ -332,7 +315,7 @@ func (sr *swarmRouter) getNodes(ctx context.Context, w http.ResponseWriter, r *h

 	nodes, err := sr.backend.GetNodes(basictypes.NodeListOptions{Filters: filter})
 	if err != nil {
-		log.G(ctx).WithContext(ctx).WithError(err).Debug("Error getting nodes")
+		logrus.WithContext(ctx).WithError(err).Debug("Error getting nodes")
 		return err
 	}

@@ -342,7 +325,7 @@ func (sr *swarmRouter) getNodes(ctx context.Context, w http.ResponseWriter, r *h
 func (sr *swarmRouter) getNode(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	node, err := sr.backend.GetNode(vars["id"])
 	if err != nil {
-		log.G(ctx).WithContext(ctx).WithFields(log.Fields{
+		logrus.WithContext(ctx).WithFields(logrus.Fields{
 			"error":   err,
 			"node-id": vars["id"],
 		}).Debug("Error getting node")
@@ -366,7 +349,7 @@ func (sr *swarmRouter) updateNode(ctx context.Context, w http.ResponseWriter, r
 	}

 	if err := sr.backend.UpdateNode(vars["id"], version, node); err != nil {
-		log.G(ctx).WithContext(ctx).WithFields(log.Fields{
+		logrus.WithContext(ctx).WithFields(logrus.Fields{
 			"error":   err,
 			"node-id": vars["id"],
 		}).Debug("Error updating node")
@@ -383,7 +366,7 @@ func (sr *swarmRouter) removeNode(ctx context.Context, w http.ResponseWriter, r
 	force := httputils.BoolValue(r, "force")

 	if err := sr.backend.RemoveNode(vars["id"], force); err != nil {
-		log.G(ctx).WithContext(ctx).WithFields(log.Fields{
+		logrus.WithContext(ctx).WithFields(logrus.Fields{
 			"error":   err,
 			"node-id": vars["id"],
 		}).Debug("Error removing node")
@@ -403,7 +386,7 @@ func (sr *swarmRouter) getTasks(ctx context.Context, w http.ResponseWriter, r *h

 	tasks, err := sr.backend.GetTasks(basictypes.TaskListOptions{Filters: filter})
 	if err != nil {
-		log.G(ctx).WithContext(ctx).WithError(err).Debug("Error getting tasks")
+		logrus.WithContext(ctx).WithError(err).Debug("Error getting tasks")
 		return err
 	}

@@ -413,7 +396,7 @@ func (sr *swarmRouter) getTasks(ctx context.Context, w http.ResponseWriter, r *h
 func (sr *swarmRouter) getTask(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	task, err := sr.backend.GetTask(vars["id"])
 	if err != nil {
-		log.G(ctx).WithContext(ctx).WithFields(log.Fields{
+		logrus.WithContext(ctx).WithFields(logrus.Fields{
 			"error":   err,
 			"task-id": vars["id"],
 		}).Debug("Error getting task")
--- a/api/server/router/swarm/helpers.go
+++ b/api/server/router/swarm/helpers.go
@@ -8,7 +8,6 @@ import (
 	"github.com/docker/docker/api/server/httputils"
 	basictypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/api/types/versions"
 )
@@ -26,9 +25,9 @@ func (sr *swarmRouter) swarmLogs(ctx context.Context, w http.ResponseWriter, r *
 		return fmt.Errorf("Bad parameters: you must choose at least one stream")
 	}

-	// there is probably a neater way to manufacture the LogsOptions
+	// there is probably a neater way to manufacture the ContainerLogsOptions
 	// struct, probably in the caller, to eliminate the dependency on net/http
-	logsConfig := &container.LogsOptions{
+	logsConfig := &basictypes.ContainerLogsOptions{
 		Follow:     httputils.BoolValue(r, "follow"),
 		Timestamps: httputils.BoolValue(r, "timestamps"),
 		Since:      r.Form.Get("since"),
@@ -119,13 +118,4 @@ func adjustForAPIVersion(cliVersion string, service *swarm.ServiceSpec) {
 		service.Mode.ReplicatedJob = nil
 		service.Mode.GlobalJob = nil
 	}
-
-	if versions.LessThan(cliVersion, "1.44") {
-		// seccomp, apparmor, and no_new_privs were added in 1.44.
-		if service.TaskTemplate.ContainerSpec != nil && service.TaskTemplate.ContainerSpec.Privileges != nil {
-			service.TaskTemplate.ContainerSpec.Privileges.Seccomp = nil
-			service.TaskTemplate.ContainerSpec.Privileges.AppArmor = nil
-			service.TaskTemplate.ContainerSpec.Privileges.NoNewPrivileges = false
-		}
-	}
 }
--- a/api/server/router/swarm/helpers_test.go
+++ b/api/server/router/swarm/helpers_test.go
@@ -9,7 +9,9 @@ import (
 )

 func TestAdjustForAPIVersion(t *testing.T) {
-	expectedSysctls := map[string]string{"foo": "bar"}
+	var (
+		expectedSysctls = map[string]string{"foo": "bar"}
+	)
 	// testing the negative -- does this leave everything else alone? -- is
 	// prohibitively time-consuming to write, because it would need an object
 	// with literally every field filled in.
--- a/api/server/router/system/backend.go
+++ b/api/server/router/system/backend.go
@@ -9,7 +9,6 @@ import (
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/api/types/system"
 )

 // DiskUsageOptions holds parameters for system disk usage query.
@@ -27,8 +26,8 @@ type DiskUsageOptions struct {
 // Backend is the methods that need to be implemented to provide
 // system specific functionality.
 type Backend interface {
-	SystemInfo(context.Context) (*system.Info, error)
-	SystemVersion(context.Context) (types.Version, error)
+	SystemInfo() *types.Info
+	SystemVersion() types.Version
 	SystemDiskUsage(ctx context.Context, opts DiskUsageOptions) (*types.DiskUsage, error)
 	SubscribeToEvents(since, until time.Time, ef filters.Args) ([]events.Message, chan interface{})
 	UnsubscribeFromEvents(chan interface{})
@@ -38,7 +37,7 @@ type Backend interface {
 // ClusterBackend is all the methods that need to be implemented
 // to provide cluster system specific functionality.
 type ClusterBackend interface {
-	Info(context.Context) swarm.Info
+	Info() swarm.Info
 }

 // StatusProvider provides methods to get the swarm status of the current node.
--- a/api/server/router/system/system.go
+++ b/api/server/router/system/system.go
@@ -5,9 +5,7 @@ package system // import "github.com/docker/docker/api/server/router/system"

 import (
 	"github.com/docker/docker/api/server/router"
-	"github.com/docker/docker/api/types/system"
 	buildkit "github.com/docker/docker/builder/builder-next"
-	"resenje.org/singleflight"
 )

 // systemRouter provides information about the Docker system overall.
@@ -17,16 +15,11 @@ type systemRouter struct {
 	cluster  ClusterBackend
 	routes   []router.Route
 	builder  *buildkit.Builder
-	features func() map[string]bool
-
-	// collectSystemInfo is a single-flight for the /info endpoint,
-	// unique per API version (as different API versions may return
-	// a different API response).
-	collectSystemInfo singleflight.Group[string, *system.Info]
+	features *map[string]bool
 }

 // NewRouter initializes a new system router
-func NewRouter(b Backend, c ClusterBackend, builder *buildkit.Builder, features func() map[string]bool) router.Router {
+func NewRouter(b Backend, c ClusterBackend, builder *buildkit.Builder, features *map[string]bool) router.Router {
 	r := &systemRouter{
 		backend:  b,
 		cluster:  c,
--- a/api/server/router/system/system_routes.go
+++ b/api/server/router/system/system_routes.go
@@ -7,7 +7,6 @@ import (
 	"net/http"
 	"time"

-	"github.com/containerd/log"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/server/router/build"
 	"github.com/docker/docker/api/types"
@@ -15,11 +14,11 @@ import (
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/api/types/system"
 	timetypes "github.com/docker/docker/api/types/time"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/sync/errgroup"
 )

@@ -32,7 +31,7 @@ func (s *systemRouter) pingHandler(ctx context.Context, w http.ResponseWriter, r
 	w.Header().Add("Cache-Control", "no-cache, no-store, must-revalidate")
 	w.Header().Add("Pragma", "no-cache")

-	builderVersion := build.BuilderVersion(s.features())
+	builderVersion := build.BuilderVersion(*s.features)
 	if bv := builderVersion; bv != "" {
 		w.Header().Set("Builder-Version", string(bv))
 	}
@@ -58,58 +57,51 @@ func (s *systemRouter) swarmStatus() string {
 }

 func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	info := s.backend.SystemInfo()
+
+	if s.cluster != nil {
+		info.Swarm = s.cluster.Info()
+		info.Warnings = append(info.Warnings, info.Swarm.Warnings...)
+	}
+
 	version := httputils.VersionFromContext(ctx)
-	info, _, _ := s.collectSystemInfo.Do(ctx, version, func(ctx context.Context) (*system.Info, error) {
-		info, err := s.backend.SystemInfo(ctx)
+	if versions.LessThan(version, "1.25") {
+		// TODO: handle this conversion in engine-api
+		type oldInfo struct {
+			*types.Info
+			ExecutionDriver string
+		}
+		old := &oldInfo{
+			Info:            info,
+			ExecutionDriver: "<not supported>",
+		}
+		nameOnlySecurityOptions := []string{}
+		kvSecOpts, err := types.DecodeSecurityOptions(old.SecurityOptions)
 		if err != nil {
-			return nil, err
+			return err
 		}
-
-		if s.cluster != nil {
-			info.Swarm = s.cluster.Info(ctx)
-			info.Warnings = append(info.Warnings, info.Swarm.Warnings...)
+		for _, s := range kvSecOpts {
+			nameOnlySecurityOptions = append(nameOnlySecurityOptions, s.Name)
 		}
-
-		if versions.LessThan(version, "1.25") {
-			// TODO: handle this conversion in engine-api
-			kvSecOpts, err := system.DecodeSecurityOptions(info.SecurityOptions)
-			if err != nil {
-				info.Warnings = append(info.Warnings, err.Error())
-			}
-			var nameOnly []string
-			for _, so := range kvSecOpts {
-				nameOnly = append(nameOnly, so.Name)
-			}
-			info.SecurityOptions = nameOnly
-			info.ExecutionDriver = "<not supported>" //nolint:staticcheck // ignore SA1019 (ExecutionDriver is deprecated)
+		old.SecurityOptions = nameOnlySecurityOptions
+		return httputils.WriteJSON(w, http.StatusOK, old)
+	}
+	if versions.LessThan(version, "1.39") {
+		if info.KernelVersion == "" {
+			info.KernelVersion = "<unknown>"
 		}
-		if versions.LessThan(version, "1.39") {
-			if info.KernelVersion == "" {
-				info.KernelVersion = "<unknown>"
-			}
-			if info.OperatingSystem == "" {
-				info.OperatingSystem = "<unknown>"
-			}
+		if info.OperatingSystem == "" {
+			info.OperatingSystem = "<unknown>"
 		}
-		if versions.LessThan(version, "1.44") {
-			for k, rt := range info.Runtimes {
-				// Status field introduced in API v1.44.
-				info.Runtimes[k] = system.RuntimeWithStatus{Runtime: rt.Runtime}
-			}
-		}
-		if versions.GreaterThanOrEqualTo(version, "1.42") {
-			info.KernelMemory = false
-		}
-		return info, nil
-	})
+	}
+	if versions.GreaterThanOrEqualTo(version, "1.42") {
+		info.KernelMemory = false
+	}
 	return httputils.WriteJSON(w, http.StatusOK, info)
 }

 func (s *systemRouter) getVersion(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	info, err := s.backend.SystemVersion(ctx)
-	if err != nil {
-		return err
-	}
+	info := s.backend.SystemVersion()

 	return httputils.WriteJSON(w, http.StatusOK, info)
 }
@@ -193,11 +185,6 @@ func (s *systemRouter) getDiskUsage(ctx context.Context, w http.ResponseWriter,
 			b.Parent = "" //nolint:staticcheck // ignore SA1019 (Parent field is deprecated)
 		}
 	}
-	if versions.LessThan(version, "1.44") {
-		for _, b := range systemDiskUsage.Images {
-			b.VirtualSize = b.Size //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.
-		}
-	}

 	du := types.DiskUsage{
 		BuildCache:  buildCache,
@@ -287,7 +274,7 @@ func (s *systemRouter) getEvents(ctx context.Context, w http.ResponseWriter, r *
 		case ev := <-l:
 			jev, ok := ev.(events.Message)
 			if !ok {
-				log.G(ctx).Warnf("unexpected event message: %q", ev)
+				logrus.Warnf("unexpected event message: %q", ev)
 				continue
 			}
 			if err := enc.Encode(jev); err != nil {
@@ -296,7 +283,7 @@ func (s *systemRouter) getEvents(ctx context.Context, w http.ResponseWriter, r *
 		case <-timeout:
 			return nil
 		case <-ctx.Done():
-			log.G(ctx).Debug("Client context cancelled, stop sending events")
+			logrus.Debug("Client context cancelled, stop sending events")
 			return nil
 		}
 	}
--- a/api/server/router/volume/volume_routes.go
+++ b/api/server/router/volume/volume_routes.go
@@ -6,7 +6,6 @@ import (
 	"net/http"
 	"strconv"

-	"github.com/containerd/log"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/versions"
@@ -14,6 +13,7 @@ import (
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/volume/service/opts"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -116,10 +116,10 @@ func (v *volumeRouter) postVolumesCreate(ctx context.Context, w http.ResponseWri
 	// Instead, we will allow creating a volume with a duplicate name, which
 	// should not break anything.
 	if req.ClusterVolumeSpec != nil && versions.GreaterThanOrEqualTo(version, clusterVolumesVersion) {
-		log.G(ctx).Debug("using cluster volume")
+		logrus.Debug("using cluster volume")
 		vol, err = v.cluster.CreateVolume(req)
 	} else {
-		log.G(ctx).Debug("using regular volume")
+		logrus.Debug("using regular volume")
 		vol, err = v.backend.Create(ctx, req.Name, req.Driver, opts.WithCreateOptions(req.DriverOpts), opts.WithCreateLabels(req.Labels))
 	}

--- a/api/server/router/volume/volume_routes_test.go
+++ b/api/server/router/volume/volume_routes_test.go
@@ -78,6 +78,7 @@ func TestGetVolumeByNameFoundRegular(t *testing.T) {
 	v := &volumeRouter{
 		backend: &fakeVolumeBackend{
 			volumes: map[string]*volume.Volume{
+
 				"volume1": {
 					Name: "volume1",
 				},
@@ -107,7 +108,6 @@ func TestGetVolumeByNameFoundSwarm(t *testing.T) {
 	_, err := callGetVolume(v, "volume1")
 	assert.NilError(t, err)
 }
-
 func TestListVolumes(t *testing.T) {
 	v := &volumeRouter{
 		backend: &fakeVolumeBackend{
--- a/api/server/server.go
+++ b/api/server/server.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"net/http"

-	"github.com/containerd/log"
 	"github.com/docker/docker/api/server/httpstatus"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/server/middleware"
@@ -12,7 +11,7 @@ import (
 	"github.com/docker/docker/api/server/router/debug"
 	"github.com/docker/docker/dockerversion"
 	"github.com/gorilla/mux"
-	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
+	"github.com/sirupsen/logrus"
 )

 // versionMatcher defines a variable matcher to be parsed by the router
@@ -30,8 +29,8 @@ func (s *Server) UseMiddleware(m middleware.Middleware) {
 	s.middlewares = append(s.middlewares, m)
 }

-func (s *Server) makeHTTPHandler(handler httputils.APIFunc, operation string) http.HandlerFunc {
-	return otelhttp.NewHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+func (s *Server) makeHTTPHandler(handler httputils.APIFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
 		// Define the context that we'll pass around to share info
 		// like the docker-request-id.
 		//
@@ -43,7 +42,6 @@ func (s *Server) makeHTTPHandler(handler httputils.APIFunc, operation string) ht
 		// use intermediate variable to prevent "should not use basic type
 		// string as key in context.WithValue" golint errors
 		ctx := context.WithValue(r.Context(), dockerversion.UAStringKey{}, r.Header.Get("User-Agent"))
-
 		r = r.WithContext(ctx)
 		handlerFunc := s.handlerWithGlobalMiddlewares(handler)

@@ -55,11 +53,11 @@ func (s *Server) makeHTTPHandler(handler httputils.APIFunc, operation string) ht
 		if err := handlerFunc(ctx, w, r, vars); err != nil {
 			statusCode := httpstatus.FromError(err)
 			if statusCode >= 500 {
-				log.G(ctx).Errorf("Handler for %s %s returned error: %v", r.Method, r.URL.Path, err)
+				logrus.Errorf("Handler for %s %s returned error: %v", r.Method, r.URL.Path, err)
 			}
 			makeErrorHandler(err)(w, r)
 		}
-	}), operation).ServeHTTP
+	}
 }

 type pageNotFoundError struct{}
@@ -74,12 +72,12 @@ func (pageNotFoundError) NotFound() {}
 func (s *Server) CreateMux(routers ...router.Router) *mux.Router {
 	m := mux.NewRouter()

-	log.G(context.TODO()).Debug("Registering routers")
+	logrus.Debug("Registering routers")
 	for _, apiRouter := range routers {
 		for _, r := range apiRouter.Routes() {
-			f := s.makeHTTPHandler(r.Handler(), r.Method()+" "+r.Path())
+			f := s.makeHTTPHandler(r.Handler())

-			log.G(context.TODO()).Debugf("Registering %s, %s", r.Method(), r.Path())
+			logrus.Debugf("Registering %s, %s", r.Method(), r.Path())
 			m.Path(versionMatcher + r.Path()).Methods(r.Method()).Handler(f)
 			m.Path(r.Path()).Methods(r.Method()).Handler(f)
 		}
@@ -87,7 +85,7 @@ func (s *Server) CreateMux(routers ...router.Router) *mux.Router {

 	debugRouter := debug.NewRouter()
 	for _, r := range debugRouter.Routes() {
-		f := s.makeHTTPHandler(r.Handler(), r.Method()+" "+r.Path())
+		f := s.makeHTTPHandler(r.Handler())
 		m.Path("/debug" + r.Path()).Handler(f)
 	}

--- a/api/server/server_test.go
+++ b/api/server/server_test.go
@@ -15,8 +15,7 @@ import (
 func TestMiddlewares(t *testing.T) {
 	srv := &Server{}

-	const apiMinVersion = "1.12"
-	srv.UseMiddleware(middleware.NewVersionMiddleware("0.1omega2", api.DefaultVersion, apiMinVersion))
+	srv.UseMiddleware(middleware.NewVersionMiddleware("0.1omega2", api.DefaultVersion, api.MinVersion))

 	req, _ := http.NewRequest(http.MethodGet, "/containers/json", nil)
 	resp := httptest.NewRecorder()
--- a/api/swagger.yaml
+++ b/api/swagger.yaml
@@ -19,10 +19,10 @@ produces:
 consumes:
  - "application/json"
  - "text/plain"
-basePath: "/v1.44"
+basePath: "/v1.43"
 info:
  title: "Docker Engine API"
-  version: "1.44"
+  version: "1.43"
  x-logo:
    url: "https://docs.docker.com/assets/images/logo-docker-main.png"
  description: |
@@ -55,8 +55,8 @@ info:
    the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
    is returned.

-    If you omit the version-prefix, the current version of the API (v1.44) is used.
-    For example, calling `/info` is the same as calling `/v1.44/info`. Using the
+    If you omit the version-prefix, the current version of the API (v1.43) is used.
+    For example, calling `/info` is the same as calling `/v1.43/info`. Using the
    API without a version-prefix is deprecated and will be removed in a future release.

    Engine releases in the near future should support this version of the API,
@@ -388,16 +388,6 @@ definitions:
            description: "Create mount point on host if missing"
            type: "boolean"
            default: false
-          ReadOnlyNonRecursive:
-            description: |
-               Make the mount non-recursively read-only, but still leave the mount recursive
-               (unless NonRecursive is set to true in conjunction).
-            type: "boolean"
-            default: false
-          ReadOnlyForceRecursive:
-            description: "Raise an error if the mount cannot be made recursively read-only."
-            type: "boolean"
-            default: false
      VolumeOptions:
        description: "Optional configuration for the `volume` type."
        type: "object"
@@ -804,12 +794,6 @@ definitions:
          1000000 (1 ms). 0 means inherit.
        type: "integer"
        format: "int64"
-      StartInterval:
-        description: |
-          The time to wait between checks in nanoseconds during the start period.
-          It should be 0 or at least 1000000 (1 ms). 0 means inherit.
-        type: "integer"
-        format: "int64"

  Health:
    description: |
@@ -1313,10 +1297,7 @@ definitions:
        type: "boolean"
        x-nullable: true
      MacAddress:
-        description: |
-          MAC address of the container.
-
-          Deprecated: this field is deprecated in API v1.44 and up. Use EndpointSettings.MacAddress instead.
+        description: "MAC address of the container."
        type: "string"
        x-nullable: true
      OnBuild:
@@ -1366,16 +1347,16 @@ definitions:
      EndpointsConfig:
        description: |
          A mapping of network name to endpoint configuration for that network.
-          The endpoint configuration can be left empty to connect to that
-          network with no particular endpoint configuration.
        type: "object"
        additionalProperties:
          $ref: "#/definitions/EndpointSettings"
    example:
      # putting an example here, instead of using the example values from
-      # /definitions/EndpointSettings, because EndpointSettings contains
-      # operational data returned when inspecting a container that we don't
-      # accept here.
+      # /definitions/EndpointSettings, because containers/create currently
+      # does not support attaching to multiple networks, so the example request
+      # would be confusing if it showed that multiple networks can be contained
+      # in the EndpointsConfig.
+      # TODO remove once we support multiple networks on container create (see https://github.com/moby/moby/blob/07e6b843594e061f82baa5fa23c2ff7d536c2a05/daemon/create.go#L323)
      EndpointsConfig:
        isolated_nw:
          IPAMConfig:
@@ -1384,22 +1365,19 @@ definitions:
            LinkLocalIPs:
              - "169.254.34.68"
              - "fe80::3468"
-          MacAddress: "02:42:ac:12:05:02"
          Links:
            - "container_1"
            - "container_2"
          Aliases:
            - "server_x"
            - "server_y"
-        database_nw: {}

  NetworkSettings:
    description: "NetworkSettings exposes the network settings in the API"
    type: "object"
    properties:
      Bridge:
-        description: |
-          Name of the default bridge interface when dockerd's --bridge flag is set.
+        description: Name of the network's bridge (for example, `docker0`).
        type: "string"
        example: "docker0"
      SandboxID:
@@ -1409,40 +1387,34 @@ definitions:
      HairpinMode:
        description: |
          Indicates if hairpin NAT should be enabled on the virtual interface.
-
-          Deprecated: This field is never set and will be removed in a future release.
        type: "boolean"
        example: false
      LinkLocalIPv6Address:
-        description: |
-          IPv6 unicast address using the link-local prefix.
-
-          Deprecated: This field is never set and will be removed in a future release.
+        description: IPv6 unicast address using the link-local prefix.
        type: "string"
-        example: ""
+        example: "fe80::42:acff:fe11:1"
      LinkLocalIPv6PrefixLen:
-        description: |
-          Prefix length of the IPv6 unicast address.
-
-          Deprecated: This field is never set and will be removed in a future release.
+        description: Prefix length of the IPv6 unicast address.
        type: "integer"
-        example: ""
+        example: "64"
      Ports:
        $ref: "#/definitions/PortMap"
      SandboxKey:
-        description: SandboxKey is the full path of the netns handle
+        description: SandboxKey identifies the sandbox
        type: "string"
        example: "/var/run/docker/netns/8ab54b426c38"

+      # TODO is SecondaryIPAddresses actually used?
      SecondaryIPAddresses:
-        description: "Deprecated: This field is never set and will be removed in a future release."
+        description: ""
        type: "array"
        items:
          $ref: "#/definitions/Address"
        x-nullable: true

+      # TODO is SecondaryIPv6Addresses actually used?
      SecondaryIPv6Addresses:
-        description: "Deprecated: This field is never set and will be removed in a future release."
+        description: ""
        type: "array"
        items:
          $ref: "#/definitions/Address"
@@ -1751,15 +1723,10 @@ definitions:
          The ID of the container that was used to create the image.

          Depending on how the image was created, this field may be empty.
-
-          **Deprecated**: this field is kept for backward compatibility, but
-          will be removed in API v1.45.
        type: "string"
+        x-nullable: false
        example: "65974bc86f1770ae4bff79f651ebdbce166ae9aada632ee3fa9af3a264911735"
      ContainerConfig:
-        description: |
-          **Deprecated**: this field is kept for backward compatibility, but
-          will be removed in API v1.45.
        $ref: "#/definitions/ContainerConfig"
      DockerVersion:
        description: |
@@ -1814,7 +1781,13 @@ definitions:
        description: |
          Total size of the image including all layers it is composed of.

-          Deprecated: this field is omitted in API v1.44, but kept for backward compatibility. Use Size instead.
+          In versions of Docker before v1.10, this field was calculated from
+          the image itself and all of its parent images. Images are now stored
+          self-contained, and no longer use a parent-chain, making this field
+          an equivalent of the Size field.
+
+          > **Deprecated**: this field is kept for backward compatibility, but
+          > will be removed in API v1.44.
        type: "integer"
        format: "int64"
        example: 1239828
@@ -1856,7 +1829,6 @@ definitions:
            x-nullable: true
  ImageSummary:
    type: "object"
-    x-go-name: "Summary"
    required:
      - Id
      - ParentId
@@ -1953,7 +1925,12 @@ definitions:
        description: |-
          Total size of the image including all layers it is composed of.

-          Deprecated: this field is omitted in API v1.44, but kept for backward compatibility. Use Size instead.
+          In versions of Docker before v1.10, this field was calculated from
+          the image itself and all of its parent images. Images are now stored
+          self-contained, and no longer use a parent-chain, making this field
+          an equivalent of the Size field.
+
+          Deprecated: this field is kept for backward compatibility, and will be removed in API v1.44.
        type: "integer"
        format: "int64"
        example: 172064416
@@ -2471,11 +2448,6 @@ definitions:
        example:
          - "container_1"
          - "container_2"
-      MacAddress:
-        description: |
-          MAC address for the endpoint on this network. The network driver might ignore this parameter.
-        type: "string"
-        example: "02:42:ac:11:00:04"
      Aliases:
        type: "array"
        items:
@@ -2526,6 +2498,11 @@ definitions:
        type: "integer"
        format: "int64"
        example: 64
+      MacAddress:
+        description: |
+          MAC address for the endpoint on this network.
+        type: "string"
+        example: "02:42:ac:11:00:04"
      DriverOpts:
        description: |
          DriverOpts is a mapping of driver options and values. These options
@@ -2537,21 +2514,6 @@ definitions:
        example:
          com.example.some-label: "some-value"
          com.example.some-other-label: "some-other-value"
-      DNSNames:
-        description: |
-          List of all DNS names an endpoint has on a specific network. This
-          list is based on the container name, network aliases, container short
-          ID, and hostname.
-
-          These DNS names are non-fully qualified but can contain several dots.
-          You can get fully qualified DNS names by appending `.<network-name>`.
-          For instance, if container name is `my.ctr` and the network is named
-          `testnet`, `DNSNames` will contain `my.ctr` and the FQDN will be
-          `my.ctr.testnet`.
-        type: array
-        items:
-          type: string
-        example: ["foobar", "server_x", "server_y", "my.ctr"]

  EndpointIPAMConfig:
    description: |
@@ -3583,32 +3545,6 @@ definitions:
                  Level:
                    type: "string"
                    description: "SELinux level label"
-              Seccomp:
-                type: "object"
-                description: "Options for configuring seccomp on the container"
-                properties:
-                  Mode:
-                    type: "string"
-                    enum:
-                      - "default"
-                      - "unconfined"
-                      - "custom"
-                  Profile:
-                    description: "The custom seccomp profile as a json object"
-                    type: "string"
-              AppArmor:
-                type: "object"
-                description: "Options for configuring AppArmor on the container"
-                properties:
-                  Mode:
-                    type: "string"
-                    enum:
-                      - "default"
-                      - "disabled"
-              NoNewPrivileges:
-                type: "boolean"
-                description: "Configuration of the no_new_privs bit in the container"
-
          TTY:
            description: "Whether a pseudo-TTY should be allocated."
            type: "boolean"
@@ -4003,44 +3939,6 @@ definitions:
      - "remove"
      - "orphaned"

-  ContainerStatus:
-    type: "object"
-    description: "represents the status of a container."
-    properties:
-      ContainerID:
-        type: "string"
-      PID:
-        type: "integer"
-      ExitCode:
-        type: "integer"
-
-  PortStatus:
-    type: "object"
-    description: "represents the port status of a task's host ports whose service has published host ports"
-    properties:
-      Ports:
-        type: "array"
-        items:
-          $ref: "#/definitions/EndpointPortConfig"
-
-  TaskStatus:
-    type: "object"
-    description: "represents the status of a task."
-    properties:
-      Timestamp:
-        type: "string"
-        format: "dateTime"
-      State:
-        $ref: "#/definitions/TaskState"
-      Message:
-        type: "string"
-      Err:
-        type: "string"
-      ContainerStatus:
-        $ref: "#/definitions/ContainerStatus"
-      PortStatus:
-        $ref: "#/definitions/PortStatus"
-
  Task:
    type: "object"
    properties:
@@ -4076,7 +3974,26 @@ definitions:
      AssignedGenericResources:
        $ref: "#/definitions/GenericResources"
      Status:
-        $ref: "#/definitions/TaskStatus"
+        type: "object"
+        properties:
+          Timestamp:
+            type: "string"
+            format: "dateTime"
+          State:
+            $ref: "#/definitions/TaskState"
+          Message:
+            type: "string"
+          Err:
+            type: "string"
+          ContainerStatus:
+            type: "object"
+            properties:
+              ContainerID:
+                type: "string"
+              PID:
+                type: "integer"
+              ExitCode:
+                type: "integer"
      DesiredState:
        $ref: "#/definitions/TaskState"
      JobIteration:
@@ -4292,10 +4209,7 @@ definitions:
              - "stop-first"
              - "start-first"
      Networks:
-        description: |
-          Specifies which networks the service should attach to.
-
-          Deprecated: This field is deprecated since v1.44. The Networks field in TaskSpec should be used instead.
+        description: "Specifies which networks the service should attach to."
        type: "array"
        items:
          $ref: "#/definitions/NetworkAttachmentConfig"
@@ -4529,7 +4443,6 @@ definitions:

  ImageDeleteResponseItem:
    type: "object"
-    x-go-name: "DeleteResponse"
    properties:
      Untagged:
        description: "The image ID of an image that was untagged"
@@ -4538,29 +4451,6 @@ definitions:
        description: "The image ID of an image that was deleted"
        type: "string"

-  ServiceCreateResponse:
-    type: "object"
-    description: |
-      contains the information returned to a client on the
-      creation of a new service.
-    properties:
-      ID:
-        description: "The ID of the created service."
-        type: "string"
-        x-nullable: false
-        example: "ak7w3gjqoa3kuz8xcpnyy0pvl"
-      Warnings:
-        description: |
-          Optional warning message.
-
-          FIXME(thaJeztah): this should have "omitempty" in the generated type.
-        type: "array"
-        x-nullable: true
-        items:
-          type: "string"
-        example:
-          - "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
-
  ServiceUpdateResponse:
    type: "object"
    properties:
@@ -4570,8 +4460,7 @@ definitions:
        items:
          type: "string"
    example:
-      Warnings:
-        - "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+      Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"

  ContainerSummary:
    type: "object"
@@ -5405,25 +5294,7 @@ definitions:
          - "WARNING: No memory limit support"
          - "WARNING: bridge-nf-call-iptables is disabled"
          - "WARNING: bridge-nf-call-ip6tables is disabled"
-      CDISpecDirs:
-        description: |
-          List of directories where (Container Device Interface) CDI
-          specifications are located.

-          These specifications define vendor-specific modifications to an OCI
-          runtime specification for a container being created.
-
-          An empty list indicates that CDI device injection is disabled.
-
-          Note that since using CDI device injection requires the daemon to have
-          experimental enabled. For non-experimental daemons an empty list will
-          always be returned.
-        type: "array"
-        items:
-          type: "string"
-        example:
-          - "/etc/cdi"
-          - "/var/run/cdi"

  # PluginsInfo is a temp struct holding Plugins name
  # registered with docker daemon. It is used by Info struct
@@ -5659,28 +5530,6 @@ definitions:
        items:
          type: "string"
        example: ["--debug", "--systemd-cgroup=false"]
-      status:
-        description: |
-          Information specific to the runtime.
-
-          While this API specification does not define data provided by runtimes,
-          the following well-known properties may be provided by runtimes:
-
-          `org.opencontainers.runtime-spec.features`: features structure as defined
-          in the [OCI Runtime Specification](https://github.com/opencontainers/runtime-spec/blob/main/features.md),
-          in a JSON string representation.
-
-          <p><br /></p>
-
-          > **Note**: The information returned in this field, including the
-          > formatting of values and labels, should not be considered stable,
-          > and may change without notice.
-        type: "object"
-        x-nullable: true
-        additionalProperties:
-          type: "string"
-        example:
-          "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",\"ociVersionMax\":\"1.1.0\",\"...\":\"...\"}"

  Commit:
    description: |
@@ -6565,7 +6414,6 @@ paths:
                    Aliases:
                      - "server_x"
                      - "server_y"
-                  database_nw: {}

          required: true
      responses:
@@ -6713,7 +6561,7 @@ paths:
                StopSignal: "SIGTERM"
                StopTimeout: 10
              Created: "2015-01-06T15:47:31.485331387Z"
-              Driver: "overlay2"
+              Driver: "devicemapper"
              ExecIDs:
                - "b35395de42bc8abd327f9dd65d913b9ba28c74d2f0734eeeae84fa1c616a0fca"
                - "3fc1232e5cd20c8de182ed81178503dc6437f4e7ef12b52cc5e8de020652f1c4"
@@ -8144,7 +7992,6 @@ paths:
            - `label=key` or `label="key=value"` of an image label
            - `reference`=(`<image-name>[:<tag>]`)
            - `since`=(`<image-name>[:<tag>]`,  `<image id>` or `<image@digest>`)
-            - `until=<timestamp>`
          type: "string"
        - name: "shared-size"
          in: "query"
@@ -8396,7 +8243,7 @@ paths:
  /images/create:
    post:
      summary: "Create an image"
-      description: "Pull or import an image."
+      description: "Create an image by either pulling it from a registry or importing it."
      operationId: "ImageCreate"
      consumes:
        - "text/plain"
@@ -8747,36 +8594,28 @@ paths:
                is_official:
                  type: "boolean"
                is_automated:
-                  description: |
-                    Whether this repository has automated builds enabled.
-
-                    <p><br /></p>
-
-                    > **Deprecated**: This field is deprecated and will always
-                    > be "false" in future.
                  type: "boolean"
-                  example: false
                name:
                  type: "string"
                star_count:
                  type: "integer"
          examples:
            application/json:
-              - description: "A minimal Docker image based on Alpine Linux with a complete package index and only 5 MB in size!"
-                is_official: true
+              - description: ""
+                is_official: false
                is_automated: false
-                name: "alpine"
-                star_count: 10093
-              - description: "Busybox base image."
-                is_official: true
+                name: "wma55/u1210sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
                is_automated: false
-                name: "Busybox base image."
-                star_count: 3037
-              - description: "The PostgreSQL object-relational database system provides reliability and data integrity."
-                is_official: true
+                name: "jdswinbank/sshd"
+                star_count: 0
+              - description: ""
+                is_official: false
                is_automated: false
-                name: "postgres"
-                star_count: 12408
+                name: "vgauthier/sshd"
+                star_count: 0
        500:
          description: "Server error"
          schema:
@@ -8796,13 +8635,9 @@ paths:
          description: |
            A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:

-            - `is-automated=(true|false)` (deprecated, see below)
+            - `is-automated=(true|false)`
            - `is-official=(true|false)`
            - `stars=<number>` Matches images that has at least 'number' stars.
-
-            The `is-automated` filter is deprecated. The `is_automated` field has
-            been deprecated by Docker Hub's search API. Consequently, searching
-            for `is-automated=true` will yield no results.
          type: "string"
      tags: ["Image"]
  /images/prune:
@@ -9195,6 +9030,7 @@ paths:
                  Created: 1466724217
                  Size: 1092588
                  SharedSize: 0
+                  VirtualSize: 1092588
                  Labels: {}
                  Containers: 1
              Containers:
@@ -10057,10 +9893,6 @@ paths:
            example:
              Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
              Warning: ""
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
        403:
          description: |
            Forbidden operation. This happens when trying to create a network named after a pre-defined network,
@@ -10090,7 +9922,13 @@ paths:
                type: "string"
              CheckDuplicate:
                description: |
-                  Deprecated: CheckDuplicate is now always enabled.
+                  Check for networks with duplicate names. Since Network is
+                  primarily keyed based on a random ID and not on the name, and
+                  network name is strictly a user-friendly alias to the network
+                  which is uniquely identified using ID, there is no guaranteed
+                  way to check for duplicates. CheckDuplicate is there to provide
+                  a best effort checking of any networks which has the same name
+                  but it is not guaranteed to catch all name collisions.
                type: "boolean"
              Driver:
                description: "Name of the network driver plugin to use."
@@ -10158,19 +9996,14 @@ paths:
  /networks/{id}/connect:
    post:
      summary: "Connect a container to a network"
-      description: "The network must be either a local-scoped network or a swarm-scoped network with the `attachable` option set. A network cannot be re-attached to a running container"
      operationId: "NetworkConnect"
      consumes:
        - "application/json"
      responses:
        200:
          description: "No error"
-        400:
-          description: "bad parameter"
-          schema:
-            $ref: "#/definitions/ErrorResponse"
        403:
-          description: "Operation forbidden"
+          description: "Operation not supported for swarm scoped networks"
          schema:
            $ref: "#/definitions/ErrorResponse"
        404:
@@ -10205,7 +10038,6 @@ paths:
                IPAMConfig:
                  IPv4Address: "172.24.56.89"
                  IPv6Address: "2001:db8::5689"
-                MacAddress: "02:42:ac:12:05:02"
      tags: ["Network"]

  /networks/{id}/disconnect:
@@ -11199,7 +11031,18 @@ paths:
        201:
          description: "no error"
          schema:
-            $ref: "#/definitions/ServiceCreateResponse"
+            type: "object"
+            title: "ServiceCreateResponse"
+            properties:
+              ID:
+                description: "The ID of the created service."
+                type: "string"
+              Warning:
+                description: "Optional warning message"
+                type: "string"
+            example:
+              ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+              Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
        400:
          description: "bad parameter"
          schema:
--- a/api/types/auth.go
+++ b/api/types/auth.go
@@ -0,0 +1,7 @@
+package types // import "github.com/docker/docker/api/types"
+import "github.com/docker/docker/api/types/registry"
+
+// AuthConfig contains authorization information for connecting to a Registry.
+//
+// Deprecated: use github.com/docker/docker/api/types/registry.AuthConfig
+type AuthConfig = registry.AuthConfig
--- a/api/types/backend/backend.go
+++ b/api/types/backend/backend.go
@@ -5,29 +5,10 @@ import (
 	"io"
 	"time"

-	"github.com/distribution/reference"
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/network"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )

-// ContainerCreateConfig is the parameter set to ContainerCreate()
-type ContainerCreateConfig struct {
-	Name             string
-	Config           *container.Config
-	HostConfig       *container.HostConfig
-	NetworkingConfig *network.NetworkingConfig
-	Platform         *ocispec.Platform
-	AdjustCPUShares  bool
-}
-
-// ContainerRmConfig holds arguments for the container remove
-// operation. This struct is used to tell the backend what operations
-// to perform.
-type ContainerRmConfig struct {
-	ForceRemove, RemoveVolume, RemoveLink bool
-}
-
 // ContainerAttachConfig holds the streams to use when connecting to a container to view logs.
 type ContainerAttachConfig struct {
 	GetStreams func(multiplexed bool) (io.ReadCloser, io.Writer, io.Writer, error)
@@ -141,25 +122,3 @@ type CommitConfig struct {
 	ContainerOS         string
 	ParentImageID       string
 }
-
-// PluginRmConfig holds arguments for plugin remove.
-type PluginRmConfig struct {
-	ForceRemove bool
-}
-
-// PluginEnableConfig holds arguments for plugin enable
-type PluginEnableConfig struct {
-	Timeout int
-}
-
-// PluginDisableConfig holds arguments for plugin disable.
-type PluginDisableConfig struct {
-	ForceDisable bool
-}
-
-// NetworkListConfig stores the options available for listing networks
-type NetworkListConfig struct {
-	// TODO(@cpuguy83): naming is hard, this is pulled from what was being used in the router before moving here
-	Detailed bool
-	Verbose  bool
-}
--- a/api/types/checkpoint/list.go
+++ b/api/types/checkpoint/list.go
@@ -1,7 +0,0 @@
-package checkpoint
-
-// Summary represents the details of a checkpoint when listing endpoints.
-type Summary struct {
-	// Name is the name of the checkpoint.
-	Name string
-}
--- a/api/types/checkpoint/options.go
+++ b/api/types/checkpoint/options.go
@@ -1,19 +0,0 @@
-package checkpoint
-
-// CreateOptions holds parameters to create a checkpoint from a container.
-type CreateOptions struct {
-	CheckpointID  string
-	CheckpointDir string
-	Exit          bool
-}
-
-// ListOptions holds parameters to list checkpoints for a container.
-type ListOptions struct {
-	CheckpointDir string
-}
-
-// DeleteOptions holds parameters to delete a checkpoint from a container.
-type DeleteOptions struct {
-	CheckpointID  string
-	CheckpointDir string
-}
--- a/api/types/client.go
+++ b/api/types/client.go
@@ -11,6 +11,44 @@ import (
 	units "github.com/docker/go-units"
 )

+// CheckpointCreateOptions holds parameters to create a checkpoint from a container
+type CheckpointCreateOptions struct {
+	CheckpointID  string
+	CheckpointDir string
+	Exit          bool
+}
+
+// CheckpointListOptions holds parameters to list checkpoints for a container
+type CheckpointListOptions struct {
+	CheckpointDir string
+}
+
+// CheckpointDeleteOptions holds parameters to delete a checkpoint from a container
+type CheckpointDeleteOptions struct {
+	CheckpointID  string
+	CheckpointDir string
+}
+
+// ContainerAttachOptions holds parameters to attach to a container.
+type ContainerAttachOptions struct {
+	Stream     bool
+	Stdin      bool
+	Stdout     bool
+	Stderr     bool
+	DetachKeys string
+	Logs       bool
+}
+
+// ContainerCommitOptions holds parameters to commit changes into a container.
+type ContainerCommitOptions struct {
+	Reference string
+	Comment   string
+	Author    string
+	Changes   []string
+	Pause     bool
+	Config    *container.Config
+}
+
 // ContainerExecInspect holds information returned by exec inspect.
 type ContainerExecInspect struct {
 	ExecID      string `json:"ID"`
@@ -20,6 +58,42 @@ type ContainerExecInspect struct {
 	Pid         int
 }

+// ContainerListOptions holds parameters to list containers with.
+type ContainerListOptions struct {
+	Size    bool
+	All     bool
+	Latest  bool
+	Since   string
+	Before  string
+	Limit   int
+	Filters filters.Args
+}
+
+// ContainerLogsOptions holds parameters to filter logs with.
+type ContainerLogsOptions struct {
+	ShowStdout bool
+	ShowStderr bool
+	Since      string
+	Until      string
+	Timestamps bool
+	Follow     bool
+	Tail       string
+	Details    bool
+}
+
+// ContainerRemoveOptions holds parameters to remove containers.
+type ContainerRemoveOptions struct {
+	RemoveVolumes bool
+	RemoveLinks   bool
+	Force         bool
+}
+
+// ContainerStartOptions holds parameters to start containers.
+type ContainerStartOptions struct {
+	CheckpointID  string
+	CheckpointDir string
+}
+
 // CopyToContainerOptions holds information
 // about files to copy into a container
 type CopyToContainerOptions struct {
@@ -233,6 +307,14 @@ type ImageSearchOptions struct {
 	Limit         int
 }

+// ResizeOptions holds parameters to resize a tty.
+// It can be used to resize container ttys and
+// exec process ttys too.
+type ResizeOptions struct {
+	Height uint
+	Width  uint
+}
+
 // NodeListOptions holds parameters to list nodes with.
 type NodeListOptions struct {
 	Filters filters.Args
@@ -258,6 +340,15 @@ type ServiceCreateOptions struct {
 	QueryRegistry bool
 }

+// ServiceCreateResponse contains the information returned to a client
+// on the creation of a new service.
+type ServiceCreateResponse struct {
+	// ID is the ID of the created service.
+	ID string
+	// Warnings is a set of non-fatal warning messages to pass on to the user.
+	Warnings []string `json:",omitempty"`
+}
+
 // Values for RegistryAuthFrom in ServiceUpdateOptions
 const (
 	RegistryAuthFromSpec         = "spec"
--- a/api/types/configs.go
+++ b/api/types/configs.go
@@ -1,5 +1,32 @@
 package types // import "github.com/docker/docker/api/types"

+import (
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/network"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// configs holds structs used for internal communication between the
+// frontend (such as an http server) and the backend (such as the
+// docker daemon).
+
+// ContainerCreateConfig is the parameter set to ContainerCreate()
+type ContainerCreateConfig struct {
+	Name             string
+	Config           *container.Config
+	HostConfig       *container.HostConfig
+	NetworkingConfig *network.NetworkingConfig
+	Platform         *ocispec.Platform
+	AdjustCPUShares  bool
+}
+
+// ContainerRmConfig holds arguments for the container remove
+// operation. This struct is used to tell the backend what operations
+// to perform.
+type ContainerRmConfig struct {
+	ForceRemove, RemoveVolume, RemoveLink bool
+}
+
 // ExecConfig is a small subset of the Config struct that holds the configuration
 // for the exec feature of docker.
 type ExecConfig struct {
@@ -16,3 +43,25 @@ type ExecConfig struct {
 	WorkingDir   string   // Working directory
 	Cmd          []string // Execution commands and args
 }
+
+// PluginRmConfig holds arguments for plugin remove.
+type PluginRmConfig struct {
+	ForceRemove bool
+}
+
+// PluginEnableConfig holds arguments for plugin enable
+type PluginEnableConfig struct {
+	Timeout int
+}
+
+// PluginDisableConfig holds arguments for plugin disable.
+type PluginDisableConfig struct {
+	ForceDisable bool
+}
+
+// NetworkListConfig stores the options available for listing networks
+type NetworkListConfig struct {
+	// TODO(@cpuguy83): naming is hard, this is pulled from what was being used in the router before moving here
+	Detailed bool
+	Verbose  bool
+}
--- a/api/types/container/change_response_deprecated.go
+++ b/api/types/container/change_response_deprecated.go
@@ -0,0 +1,6 @@
+package container
+
+// ContainerChangeResponseItem change item in response to ContainerChanges operation
+//
+// Deprecated: use [FilesystemChange].
+type ContainerChangeResponseItem = FilesystemChange
--- a/api/types/container/config.go
+++ b/api/types/container/config.go
@@ -5,7 +5,6 @@ import (
 	"time"

 	"github.com/docker/docker/api/types/strslice"
-	dockerspec "github.com/docker/docker/image/spec/specs-go/v1"
 	"github.com/docker/go-connections/nat"
 )

@@ -34,7 +33,25 @@ type StopOptions struct {
 }

 // HealthConfig holds configuration settings for the HEALTHCHECK feature.
-type HealthConfig = dockerspec.HealthcheckConfig
+type HealthConfig struct {
+	// Test is the test to perform to check that the container is healthy.
+	// An empty slice means to inherit the default.
+	// The options are:
+	// {} : inherit healthcheck
+	// {"NONE"} : disable healthcheck
+	// {"CMD", args...} : exec arguments directly
+	// {"CMD-SHELL", command} : run command with system's default shell
+	Test []string `json:",omitempty"`
+
+	// Zero means to inherit. Durations are expressed as integer nanoseconds.
+	Interval    time.Duration `json:",omitempty"` // Interval is the time to wait between checks.
+	Timeout     time.Duration `json:",omitempty"` // Timeout is the time to wait before considering the check to have hung.
+	StartPeriod time.Duration `json:",omitempty"` // The start period for the container to initialize before the retries starts to count down.
+
+	// Retries is the number of consecutive failures needed to consider a container as unhealthy.
+	// Zero means inherit.
+	Retries int `json:",omitempty"`
+}

 // ExecStartOptions holds the options to start container's exec.
 type ExecStartOptions struct {
@@ -70,13 +87,10 @@ type Config struct {
 	WorkingDir      string              // Current directory (PWD) in the command will be launched
 	Entrypoint      strslice.StrSlice   // Entrypoint to run when starting the container
 	NetworkDisabled bool                `json:",omitempty"` // Is network disabled
-	// Mac Address of the container.
-	//
-	// Deprecated: this field is deprecated since API v1.44. Use EndpointSettings.MacAddress instead.
-	MacAddress  string            `json:",omitempty"`
-	OnBuild     []string          // ONBUILD metadata that were defined on the image Dockerfile
-	Labels      map[string]string // List of labels set to this container
-	StopSignal  string            `json:",omitempty"` // Signal to stop a container
-	StopTimeout *int              `json:",omitempty"` // Timeout (in seconds) to stop a container
-	Shell       strslice.StrSlice `json:",omitempty"` // Shell for shell-form of RUN, CMD, ENTRYPOINT
+	MacAddress      string              `json:",omitempty"` // Mac Address of the container
+	OnBuild         []string            // ONBUILD metadata that were defined on the image Dockerfile
+	Labels          map[string]string   // List of labels set to this container
+	StopSignal      string              `json:",omitempty"` // Signal to stop a container
+	StopTimeout     *int                `json:",omitempty"` // Timeout (in seconds) to stop a container
+	Shell           strslice.StrSlice   `json:",omitempty"` // Shell for shell-form of RUN, CMD, ENTRYPOINT
 }
--- a/api/types/container/errors.go
+++ b/api/types/container/errors.go
@@ -1,9 +0,0 @@
-package container
-
-type errInvalidParameter struct{ error }
-
-func (e *errInvalidParameter) InvalidParameter() {}
-
-func (e *errInvalidParameter) Unwrap() error {
-	return e.error
-}
--- a/api/types/container/hostconfig.go
+++ b/api/types/container/hostconfig.go
@@ -1,12 +1,10 @@
 package container // import "github.com/docker/docker/api/types/container"

 import (
-	"fmt"
 	"strings"

 	"github.com/docker/docker/api/types/blkiodev"
 	"github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/go-connections/nat"
 	units "github.com/docker/go-units"
@@ -134,12 +132,12 @@ type NetworkMode string

 // IsNone indicates whether container isn't using a network stack.
 func (n NetworkMode) IsNone() bool {
-	return n == network.NetworkNone
+	return n == "none"
 }

 // IsDefault indicates whether container uses the default network stack.
 func (n NetworkMode) IsDefault() bool {
-	return n == network.NetworkDefault
+	return n == "default"
 }

 // IsPrivate indicates whether container uses its private network stack.
@@ -273,42 +271,33 @@ type DeviceMapping struct {

 // RestartPolicy represents the restart policies of the container.
 type RestartPolicy struct {
-	Name              RestartPolicyMode
+	Name              string
 	MaximumRetryCount int
 }

-type RestartPolicyMode string
-
-const (
-	RestartPolicyDisabled      RestartPolicyMode = "no"
-	RestartPolicyAlways        RestartPolicyMode = "always"
-	RestartPolicyOnFailure     RestartPolicyMode = "on-failure"
-	RestartPolicyUnlessStopped RestartPolicyMode = "unless-stopped"
-)
-
 // IsNone indicates whether the container has the "no" restart policy.
 // This means the container will not automatically restart when exiting.
 func (rp *RestartPolicy) IsNone() bool {
-	return rp.Name == RestartPolicyDisabled || rp.Name == ""
+	return rp.Name == "no" || rp.Name == ""
 }

 // IsAlways indicates whether the container has the "always" restart policy.
 // This means the container will automatically restart regardless of the exit status.
 func (rp *RestartPolicy) IsAlways() bool {
-	return rp.Name == RestartPolicyAlways
+	return rp.Name == "always"
 }

 // IsOnFailure indicates whether the container has the "on-failure" restart policy.
 // This means the container will automatically restart of exiting with a non-zero exit status.
 func (rp *RestartPolicy) IsOnFailure() bool {
-	return rp.Name == RestartPolicyOnFailure
+	return rp.Name == "on-failure"
 }

 // IsUnlessStopped indicates whether the container has the
 // "unless-stopped" restart policy. This means the container will
 // automatically restart unless user has put it to stopped state.
 func (rp *RestartPolicy) IsUnlessStopped() bool {
-	return rp.Name == RestartPolicyUnlessStopped
+	return rp.Name == "unless-stopped"
 }

 // IsSame compares two RestartPolicy to see if they are the same
@@ -316,33 +305,6 @@ func (rp *RestartPolicy) IsSame(tp *RestartPolicy) bool {
 	return rp.Name == tp.Name && rp.MaximumRetryCount == tp.MaximumRetryCount
 }

-// ValidateRestartPolicy validates the given RestartPolicy.
-func ValidateRestartPolicy(policy RestartPolicy) error {
-	switch policy.Name {
-	case RestartPolicyAlways, RestartPolicyUnlessStopped, RestartPolicyDisabled:
-		if policy.MaximumRetryCount != 0 {
-			msg := "invalid restart policy: maximum retry count can only be used with 'on-failure'"
-			if policy.MaximumRetryCount < 0 {
-				msg += " and cannot be negative"
-			}
-			return &errInvalidParameter{fmt.Errorf(msg)}
-		}
-		return nil
-	case RestartPolicyOnFailure:
-		if policy.MaximumRetryCount < 0 {
-			return &errInvalidParameter{fmt.Errorf("invalid restart policy: maximum retry count cannot be negative")}
-		}
-		return nil
-	case "":
-		// Versions before v25.0.0 created an empty restart-policy "name" as
-		// default. Allow an empty name with "any" MaximumRetryCount for
-		// backward-compatibility.
-		return nil
-	default:
-		return &errInvalidParameter{fmt.Errorf("invalid restart policy: unknown policy '%s'; use one of '%s', '%s', '%s', or '%s'", policy.Name, RestartPolicyDisabled, RestartPolicyAlways, RestartPolicyOnFailure, RestartPolicyUnlessStopped)}
-	}
-}
-
 // LogMode is a type to define the available modes for logging
 // These modes affect how logs are handled when log messages start piling up.
 type LogMode string
--- a/api/types/container/hostconfig_test.go
+++ b/api/types/container/hostconfig_test.go
@@ -1,105 +0,0 @@
-package container
-
-import (
-	"testing"
-
-	"github.com/docker/docker/errdefs"
-	"gotest.tools/v3/assert"
-	is "gotest.tools/v3/assert/cmp"
-)
-
-func TestValidateRestartPolicy(t *testing.T) {
-	tests := []struct {
-		name        string
-		input       RestartPolicy
-		expectedErr string
-	}{
-		{
-			name:  "empty",
-			input: RestartPolicy{},
-		},
-		{
-			name:        "empty with invalid MaxRestartCount (for backward compatibility)",
-			input:       RestartPolicy{MaximumRetryCount: 123},
-			expectedErr: "", // Allowed for backward compatibility
-		},
-		{
-			name:        "empty with negative MaxRestartCount)",
-			input:       RestartPolicy{MaximumRetryCount: -123},
-			expectedErr: "", // Allowed for backward compatibility
-		},
-		{
-			name:  "always",
-			input: RestartPolicy{Name: RestartPolicyAlways},
-		},
-		{
-			name:        "always with MaxRestartCount",
-			input:       RestartPolicy{Name: RestartPolicyAlways, MaximumRetryCount: 123},
-			expectedErr: "invalid restart policy: maximum retry count can only be used with 'on-failure'",
-		},
-		{
-			name:        "always with negative MaxRestartCount",
-			input:       RestartPolicy{Name: RestartPolicyAlways, MaximumRetryCount: -123},
-			expectedErr: "invalid restart policy: maximum retry count can only be used with 'on-failure' and cannot be negative",
-		},
-		{
-			name:  "unless-stopped",
-			input: RestartPolicy{Name: RestartPolicyUnlessStopped},
-		},
-		{
-			name:        "unless-stopped with MaxRestartCount",
-			input:       RestartPolicy{Name: RestartPolicyUnlessStopped, MaximumRetryCount: 123},
-			expectedErr: "invalid restart policy: maximum retry count can only be used with 'on-failure'",
-		},
-		{
-			name:        "unless-stopped with negative MaxRestartCount",
-			input:       RestartPolicy{Name: RestartPolicyUnlessStopped, MaximumRetryCount: -123},
-			expectedErr: "invalid restart policy: maximum retry count can only be used with 'on-failure' and cannot be negative",
-		},
-		{
-			name:  "disabled",
-			input: RestartPolicy{Name: RestartPolicyDisabled},
-		},
-		{
-			name:        "disabled with MaxRestartCount",
-			input:       RestartPolicy{Name: RestartPolicyDisabled, MaximumRetryCount: 123},
-			expectedErr: "invalid restart policy: maximum retry count can only be used with 'on-failure'",
-		},
-		{
-			name:        "disabled with negative MaxRestartCount",
-			input:       RestartPolicy{Name: RestartPolicyDisabled, MaximumRetryCount: -123},
-			expectedErr: "invalid restart policy: maximum retry count can only be used with 'on-failure' and cannot be negative",
-		},
-		{
-			name:  "on-failure",
-			input: RestartPolicy{Name: RestartPolicyOnFailure},
-		},
-		{
-			name:  "on-failure with MaxRestartCount",
-			input: RestartPolicy{Name: RestartPolicyOnFailure, MaximumRetryCount: 123},
-		},
-		{
-			name:        "on-failure with negative MaxRestartCount",
-			input:       RestartPolicy{Name: RestartPolicyOnFailure, MaximumRetryCount: -123},
-			expectedErr: "invalid restart policy: maximum retry count cannot be negative",
-		},
-		{
-			name:        "unknown policy",
-			input:       RestartPolicy{Name: "unknown"},
-			expectedErr: "invalid restart policy: unknown policy 'unknown'; use one of 'no', 'always', 'on-failure', or 'unless-stopped'",
-		},
-	}
-
-	for _, tc := range tests {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			err := ValidateRestartPolicy(tc.input)
-			if tc.expectedErr == "" {
-				assert.Check(t, err)
-			} else {
-				assert.Check(t, is.ErrorType(err, errdefs.IsInvalidParameter))
-				assert.Check(t, is.Error(err, tc.expectedErr))
-			}
-		})
-	}
-}
--- a/api/types/container/hostconfig_unix.go
+++ b/api/types/container/hostconfig_unix.go
@@ -1,9 +1,8 @@
 //go:build !windows
+// +build !windows

 package container // import "github.com/docker/docker/api/types/container"

-import "github.com/docker/docker/api/types/network"
-
 // IsValid indicates if an isolation technology is valid
 func (i Isolation) IsValid() bool {
 	return i.IsDefault()
@@ -12,15 +11,15 @@ func (i Isolation) IsValid() bool {
 // NetworkName returns the name of the network stack.
 func (n NetworkMode) NetworkName() string {
 	if n.IsBridge() {
-		return network.NetworkBridge
+		return "bridge"
 	} else if n.IsHost() {
-		return network.NetworkHost
+		return "host"
 	} else if n.IsContainer() {
 		return "container"
 	} else if n.IsNone() {
-		return network.NetworkNone
+		return "none"
 	} else if n.IsDefault() {
-		return network.NetworkDefault
+		return "default"
 	} else if n.IsUserDefined() {
 		return n.UserDefined()
 	}
@@ -29,12 +28,12 @@ func (n NetworkMode) NetworkName() string {

 // IsBridge indicates whether container uses the bridge network stack
 func (n NetworkMode) IsBridge() bool {
-	return n == network.NetworkBridge
+	return n == "bridge"
 }

 // IsHost indicates whether container uses the host network stack.
 func (n NetworkMode) IsHost() bool {
-	return n == network.NetworkHost
+	return n == "host"
 }

 // IsUserDefined indicates user-created network
--- a/api/types/container/hostconfig_unix_test.go
+++ b/api/types/container/hostconfig_unix_test.go
@@ -1,4 +1,5 @@
 //go:build !windows
+// +build !windows

 package container

@@ -155,6 +156,7 @@ func TestUTSMode(t *testing.T) {
 			assert.Check(t, is.Equal(mode.IsHost(), expected.host))
 			assert.Check(t, is.Equal(mode.Valid(), expected.valid))
 		})
+
 	}
 }

@@ -221,7 +223,7 @@ func TestRestartPolicy(t *testing.T) {
 		{Name: "on-failure", MaximumRetryCount: 0}: {none: false, always: false, onFailure: true},
 	}
 	for policy, expected := range policies {
-		t.Run("policy="+string(policy.Name), func(t *testing.T) {
+		t.Run("policy="+policy.Name, func(t *testing.T) {
 			assert.Check(t, is.Equal(policy.IsNone(), expected.none))
 			assert.Check(t, is.Equal(policy.IsAlways(), expected.always))
 			assert.Check(t, is.Equal(policy.IsOnFailure(), expected.onFailure))
--- a/api/types/container/hostconfig_windows.go
+++ b/api/types/container/hostconfig_windows.go
@@ -1,11 +1,9 @@
 package container // import "github.com/docker/docker/api/types/container"

-import "github.com/docker/docker/api/types/network"
-
 // IsBridge indicates whether container uses the bridge network stack
 // in windows it is given the name NAT
 func (n NetworkMode) IsBridge() bool {
-	return n == network.NetworkNat
+	return n == "nat"
 }

 // IsHost indicates whether container uses the host network stack.
@@ -27,11 +25,11 @@ func (i Isolation) IsValid() bool {
 // NetworkName returns the name of the network stack.
 func (n NetworkMode) NetworkName() string {
 	if n.IsDefault() {
-		return network.NetworkDefault
+		return "default"
 	} else if n.IsBridge() {
-		return network.NetworkNat
+		return "nat"
 	} else if n.IsNone() {
-		return network.NetworkNone
+		return "none"
 	} else if n.IsContainer() {
 		return "container"
 	} else if n.IsUserDefined() {
--- a/api/types/container/options.go
+++ b/api/types/container/options.go
@@ -1,67 +0,0 @@
-package container
-
-import "github.com/docker/docker/api/types/filters"
-
-// ResizeOptions holds parameters to resize a TTY.
-// It can be used to resize container TTYs and
-// exec process TTYs too.
-type ResizeOptions struct {
-	Height uint
-	Width  uint
-}
-
-// AttachOptions holds parameters to attach to a container.
-type AttachOptions struct {
-	Stream     bool
-	Stdin      bool
-	Stdout     bool
-	Stderr     bool
-	DetachKeys string
-	Logs       bool
-}
-
-// CommitOptions holds parameters to commit changes into a container.
-type CommitOptions struct {
-	Reference string
-	Comment   string
-	Author    string
-	Changes   []string
-	Pause     bool
-	Config    *Config
-}
-
-// RemoveOptions holds parameters to remove containers.
-type RemoveOptions struct {
-	RemoveVolumes bool
-	RemoveLinks   bool
-	Force         bool
-}
-
-// StartOptions holds parameters to start containers.
-type StartOptions struct {
-	CheckpointID  string
-	CheckpointDir string
-}
-
-// ListOptions holds parameters to list containers with.
-type ListOptions struct {
-	Size    bool
-	All     bool
-	Latest  bool
-	Since   string
-	Before  string
-	Limit   int
-	Filters filters.Args
-}
-
-// LogsOptions holds parameters to filter logs with.
-type LogsOptions struct {
-	ShowStdout bool
-	ShowStderr bool
-	Since      string
-	Until      string
-	Timestamps bool
-	Follow     bool
-	Tail       string
-	Details    bool
-}
--- a/api/types/events/events.go
+++ b/api/types/events/events.go
@@ -1,7 +1,7 @@
 package events // import "github.com/docker/docker/api/types/events"

 // Type is used for event-types.
-type Type string
+type Type = string

 // List of known event types.
 const (
@@ -18,86 +18,6 @@ const (
 	VolumeEventType    Type = "volume"    // VolumeEventType is the event type that volumes generate.
 )

-// Action is used for event-actions.
-type Action string
-
-const (
-	ActionCreate       Action = "create"
-	ActionStart        Action = "start"
-	ActionRestart      Action = "restart"
-	ActionStop         Action = "stop"
-	ActionCheckpoint   Action = "checkpoint"
-	ActionPause        Action = "pause"
-	ActionUnPause      Action = "unpause"
-	ActionAttach       Action = "attach"
-	ActionDetach       Action = "detach"
-	ActionResize       Action = "resize"
-	ActionUpdate       Action = "update"
-	ActionRename       Action = "rename"
-	ActionKill         Action = "kill"
-	ActionDie          Action = "die"
-	ActionOOM          Action = "oom"
-	ActionDestroy      Action = "destroy"
-	ActionRemove       Action = "remove"
-	ActionCommit       Action = "commit"
-	ActionTop          Action = "top"
-	ActionCopy         Action = "copy"
-	ActionArchivePath  Action = "archive-path"
-	ActionExtractToDir Action = "extract-to-dir"
-	ActionExport       Action = "export"
-	ActionImport       Action = "import"
-	ActionSave         Action = "save"
-	ActionLoad         Action = "load"
-	ActionTag          Action = "tag"
-	ActionUnTag        Action = "untag"
-	ActionPush         Action = "push"
-	ActionPull         Action = "pull"
-	ActionPrune        Action = "prune"
-	ActionDelete       Action = "delete"
-	ActionEnable       Action = "enable"
-	ActionDisable      Action = "disable"
-	ActionConnect      Action = "connect"
-	ActionDisconnect   Action = "disconnect"
-	ActionReload       Action = "reload"
-	ActionMount        Action = "mount"
-	ActionUnmount      Action = "unmount"
-
-	// ActionExecCreate is the prefix used for exec_create events. These
-	// event-actions are commonly followed by a colon and space (": "),
-	// and the command that's defined for the exec, for example:
-	//
-	//	exec_create: /bin/sh -c 'echo hello'
-	//
-	// This is far from ideal; it's a compromise to allow filtering and
-	// to preserve backward-compatibility.
-	ActionExecCreate Action = "exec_create"
-	// ActionExecStart is the prefix used for exec_create events. These
-	// event-actions are commonly followed by a colon and space (": "),
-	// and the command that's defined for the exec, for example:
-	//
-	//	exec_start: /bin/sh -c 'echo hello'
-	//
-	// This is far from ideal; it's a compromise to allow filtering and
-	// to preserve backward-compatibility.
-	ActionExecStart  Action = "exec_start"
-	ActionExecDie    Action = "exec_die"
-	ActionExecDetach Action = "exec_detach"
-
-	// ActionHealthStatus is the prefix to use for health_status events.
-	//
-	// Health-status events can either have a pre-defined status, in which
-	// case the "health_status" action is followed by a colon, or can be
-	// "free-form", in which case they're followed by the output of the
-	// health-check output.
-	//
-	// This is far form ideal, and a compromise to allow filtering, and
-	// to preserve backward-compatibility.
-	ActionHealthStatus          Action = "health_status"
-	ActionHealthStatusRunning   Action = "health_status: running"
-	ActionHealthStatusHealthy   Action = "health_status: healthy"
-	ActionHealthStatusUnhealthy Action = "health_status: unhealthy"
-)
-
 // Actor describes something that generates events,
 // like a container, or a network, or a volume.
 // It has a defined name and a set of attributes.
@@ -117,7 +37,7 @@ type Message struct {
 	From   string `json:"from,omitempty"`   // Deprecated: use Actor.Attributes["image"] instead.

 	Type   Type
-	Action Action
+	Action string
 	Actor  Actor
 	// Engine events are local scope. Cluster events are swarm scope.
 	Scope string `json:"scope,omitempty"`
--- a/api/types/filters/parse_test.go
+++ b/api/types/filters/parse_test.go
@@ -169,17 +169,13 @@ func TestArgsMatchKVList(t *testing.T) {

 	matches := map[*Args]string{
 		{}: "field",
-		{
-			map[string]map[string]bool{
-				"created": {"today": true},
-				"labels":  {"key1": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"today": true},
+			"labels":  {"key1": true}},
 		}: "labels",
-		{
-			map[string]map[string]bool{
-				"created": {"today": true},
-				"labels":  {"key1=value1": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"today": true},
+			"labels":  {"key1=value1": true}},
 		}: "labels",
 	}

@@ -190,22 +186,16 @@ func TestArgsMatchKVList(t *testing.T) {
 	}

 	differs := map[*Args]string{
-		{
-			map[string]map[string]bool{
-				"created": {"today": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"today": true}},
 		}: "created",
-		{
-			map[string]map[string]bool{
-				"created": {"today": true},
-				"labels":  {"key4": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"today": true},
+			"labels":  {"key4": true}},
 		}: "labels",
-		{
-			map[string]map[string]bool{
-				"created": {"today": true},
-				"labels":  {"key1=value3": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"today": true},
+			"labels":  {"key1=value3": true}},
 		}: "labels",
 	}

@@ -221,30 +211,20 @@ func TestArgsMatch(t *testing.T) {

 	matches := map[*Args]string{
 		{}: "field",
-		{
-			map[string]map[string]bool{
-				"created": {"today": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"today": true}},
 		}: "today",
-		{
-			map[string]map[string]bool{
-				"created": {"to*": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"to*": true}},
 		}: "created",
-		{
-			map[string]map[string]bool{
-				"created": {"to(.*)": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"to(.*)": true}},
 		}: "created",
-		{
-			map[string]map[string]bool{
-				"created": {"tod": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"tod": true}},
 		}: "created",
-		{
-			map[string]map[string]bool{
-				"created": {"anything": true, "to*": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"anything": true, "to*": true}},
 		}: "created",
 	}

@@ -254,31 +234,21 @@ func TestArgsMatch(t *testing.T) {
 	}

 	differs := map[*Args]string{
-		{
-			map[string]map[string]bool{
-				"created": {"tomorrow": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"tomorrow": true}},
 		}: "created",
-		{
-			map[string]map[string]bool{
-				"created": {"to(day": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"to(day": true}},
 		}: "created",
-		{
-			map[string]map[string]bool{
-				"created": {"tom(.*)": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"tom(.*)": true}},
 		}: "created",
-		{
-			map[string]map[string]bool{
-				"created": {"tom": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"tom": true}},
 		}: "created",
-		{
-			map[string]map[string]bool{
-				"created": {"today1": true},
-				"labels":  {"today": true},
-			},
+		{map[string]map[string]bool{
+			"created": {"today1": true},
+			"labels":  {"today": true}},
 		}: "created",
 	}

@@ -574,4 +544,5 @@ func TestGetBoolOrDefault(t *testing.T) {
 			assert.Check(t, is.Equal(tc.expectedValue, value))
 		})
 	}
+
 }
--- a/api/types/image/image.go
+++ b/api/types/image/image.go
@@ -1,9 +0,0 @@
-package image
-
-import "time"
-
-// Metadata contains engine-local data about the image.
-type Metadata struct {
-	// LastTagTime is the date and time at which the image was last tagged.
-	LastTagTime time.Time `json:",omitempty"`
-}
--- a/api/types/image_delete_response_item.go
+++ b/api/types/image_delete_response_item.go
@@ -1,11 +1,11 @@
-package image
+package types

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command

-// DeleteResponse delete response
-// swagger:model DeleteResponse
-type DeleteResponse struct {
+// ImageDeleteResponseItem image delete response item
+// swagger:model ImageDeleteResponseItem
+type ImageDeleteResponseItem struct {

 	// The image ID of an image that was deleted
 	Deleted string `json:"Deleted,omitempty"`
--- a/api/types/image_summary.go
+++ b/api/types/image_summary.go
@@ -1,11 +1,11 @@
-package image
+package types

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command

-// Summary summary
-// swagger:model Summary
-type Summary struct {
+// ImageSummary image summary
+// swagger:model ImageSummary
+type ImageSummary struct {

 	// Number of containers using this image. Includes both stopped and running
 	// containers.
@@ -84,6 +84,11 @@ type Summary struct {

 	// Total size of the image including all layers it is composed of.
 	//
-	// Deprecated: this field is omitted in API v1.44, but kept for backward compatibility. Use Size instead.
+	// In versions of Docker before v1.10, this field was calculated from
+	// the image itself and all of its parent images. Images are now stored
+	// self-contained, and no longer use a parent-chain, making this field
+	// an equivalent of the Size field.
+	//
+	// Deprecated: this field is kept for backward compatibility, and will be removed in API v1.44.
 	VirtualSize int64 `json:"VirtualSize,omitempty"`
 }
--- a/api/types/mount/mount.go
+++ b/api/types/mount/mount.go
@@ -29,7 +29,7 @@ type Mount struct {
 	// Source is not supported for tmpfs (must be an empty value)
 	Source      string      `json:",omitempty"`
 	Target      string      `json:",omitempty"`
-	ReadOnly    bool        `json:",omitempty"` // attempts recursive read-only if possible
+	ReadOnly    bool        `json:",omitempty"`
 	Consistency Consistency `json:",omitempty"`

 	BindOptions    *BindOptions    `json:",omitempty"`
@@ -85,11 +85,6 @@ type BindOptions struct {
 	Propagation      Propagation `json:",omitempty"`
 	NonRecursive     bool        `json:",omitempty"`
 	CreateMountpoint bool        `json:",omitempty"`
-	// ReadOnlyNonRecursive makes the mount non-recursively read-only, but still leaves the mount recursive
-	// (unless NonRecursive is set to true in conjunction).
-	ReadOnlyNonRecursive bool `json:",omitempty"`
-	// ReadOnlyForceRecursive raises an error if the mount cannot be made recursively read-only.
-	ReadOnlyForceRecursive bool `json:",omitempty"`
 }

 // VolumeOptions represents the options for a mount of type volume.
--- a/api/types/network/endpoint.go
+++ b/api/types/network/endpoint.go
@@ -1,144 +0,0 @@
-package network
-
-import (
-	"errors"
-	"fmt"
-	"net"
-
-	"github.com/docker/docker/internal/multierror"
-)
-
-// EndpointSettings stores the network endpoint details
-type EndpointSettings struct {
-	// Configurations
-	IPAMConfig *EndpointIPAMConfig
-	Links      []string
-	Aliases    []string // Aliases holds the list of extra, user-specified DNS names for this endpoint.
-	MacAddress string
-	// Operational data
-	NetworkID           string
-	EndpointID          string
-	Gateway             string
-	IPAddress           string
-	IPPrefixLen         int
-	IPv6Gateway         string
-	GlobalIPv6Address   string
-	GlobalIPv6PrefixLen int
-	DriverOpts          map[string]string
-	// DNSNames holds all the (non fully qualified) DNS names associated to this endpoint. First entry is used to
-	// generate PTR records.
-	DNSNames []string
-}
-
-// Copy makes a deep copy of `EndpointSettings`
-func (es *EndpointSettings) Copy() *EndpointSettings {
-	epCopy := *es
-	if es.IPAMConfig != nil {
-		epCopy.IPAMConfig = es.IPAMConfig.Copy()
-	}
-
-	if es.Links != nil {
-		links := make([]string, 0, len(es.Links))
-		epCopy.Links = append(links, es.Links...)
-	}
-
-	if es.Aliases != nil {
-		aliases := make([]string, 0, len(es.Aliases))
-		epCopy.Aliases = append(aliases, es.Aliases...)
-	}
-
-	if len(es.DNSNames) > 0 {
-		epCopy.DNSNames = make([]string, len(es.DNSNames))
-		copy(epCopy.DNSNames, es.DNSNames)
-	}
-
-	return &epCopy
-}
-
-// EndpointIPAMConfig represents IPAM configurations for the endpoint
-type EndpointIPAMConfig struct {
-	IPv4Address  string   `json:",omitempty"`
-	IPv6Address  string   `json:",omitempty"`
-	LinkLocalIPs []string `json:",omitempty"`
-}
-
-// Copy makes a copy of the endpoint ipam config
-func (cfg *EndpointIPAMConfig) Copy() *EndpointIPAMConfig {
-	cfgCopy := *cfg
-	cfgCopy.LinkLocalIPs = make([]string, 0, len(cfg.LinkLocalIPs))
-	cfgCopy.LinkLocalIPs = append(cfgCopy.LinkLocalIPs, cfg.LinkLocalIPs...)
-	return &cfgCopy
-}
-
-// NetworkSubnet describes a user-defined subnet for a specific network. It's only used to validate if an
-// EndpointIPAMConfig is valid for a specific network.
-type NetworkSubnet interface {
-	// Contains checks whether the NetworkSubnet contains [addr].
-	Contains(addr net.IP) bool
-	// IsStatic checks whether the subnet was statically allocated (ie. user-defined).
-	IsStatic() bool
-}
-
-// IsInRange checks whether static IP addresses are valid in a specific network.
-func (cfg *EndpointIPAMConfig) IsInRange(v4Subnets []NetworkSubnet, v6Subnets []NetworkSubnet) error {
-	var errs []error
-
-	if err := validateEndpointIPAddress(cfg.IPv4Address, v4Subnets); err != nil {
-		errs = append(errs, err)
-	}
-	if err := validateEndpointIPAddress(cfg.IPv6Address, v6Subnets); err != nil {
-		errs = append(errs, err)
-	}
-
-	return multierror.Join(errs...)
-}
-
-func validateEndpointIPAddress(epAddr string, ipamSubnets []NetworkSubnet) error {
-	if epAddr == "" {
-		return nil
-	}
-
-	var staticSubnet bool
-	parsedAddr := net.ParseIP(epAddr)
-	for _, subnet := range ipamSubnets {
-		if subnet.IsStatic() {
-			staticSubnet = true
-			if subnet.Contains(parsedAddr) {
-				return nil
-			}
-		}
-	}
-
-	if staticSubnet {
-		return fmt.Errorf("no configured subnet or ip-range contain the IP address %s", epAddr)
-	}
-
-	return errors.New("user specified IP address is supported only when connecting to networks with user configured subnets")
-}
-
-// Validate checks whether cfg is valid.
-func (cfg *EndpointIPAMConfig) Validate() error {
-	if cfg == nil {
-		return nil
-	}
-
-	var errs []error
-
-	if cfg.IPv4Address != "" {
-		if addr := net.ParseIP(cfg.IPv4Address); addr == nil || addr.To4() == nil || addr.IsUnspecified() {
-			errs = append(errs, fmt.Errorf("invalid IPv4 address: %s", cfg.IPv4Address))
-		}
-	}
-	if cfg.IPv6Address != "" {
-		if addr := net.ParseIP(cfg.IPv6Address); addr == nil || addr.To4() != nil || addr.IsUnspecified() {
-			errs = append(errs, fmt.Errorf("invalid IPv6 address: %s", cfg.IPv6Address))
-		}
-	}
-	for _, addr := range cfg.LinkLocalIPs {
-		if parsed := net.ParseIP(addr); parsed == nil || parsed.IsUnspecified() {
-			errs = append(errs, fmt.Errorf("invalid link-local IP address: %s", addr))
-		}
-	}
-
-	return multierror.Join(errs...)
-}
--- a/api/types/network/endpoint_test.go
+++ b/api/types/network/endpoint_test.go
@@ -1,188 +0,0 @@
-package network
-
-import (
-	"net"
-	"testing"
-
-	"gotest.tools/v3/assert"
-	is "gotest.tools/v3/assert/cmp"
-)
-
-type subnetStub struct {
-	static   bool
-	contains map[string]bool
-}
-
-func (stub subnetStub) IsStatic() bool {
-	return stub.static
-}
-
-func (stub subnetStub) Contains(addr net.IP) bool {
-	v, ok := stub.contains[addr.String()]
-	return ok && v
-}
-
-func TestEndpointIPAMConfigWithOutOfRangeAddrs(t *testing.T) {
-	testcases := []struct {
-		name           string
-		ipamConfig     *EndpointIPAMConfig
-		v4Subnets      []NetworkSubnet
-		v6Subnets      []NetworkSubnet
-		expectedErrors []string
-	}{
-		{
-			name: "valid config",
-			ipamConfig: &EndpointIPAMConfig{
-				IPv4Address:  "192.168.100.10",
-				IPv6Address:  "2a01:d2:af:420b:25c1:1816:bb33:855c",
-				LinkLocalIPs: []string{"169.254.169.254", "fe80::42:a8ff:fe33:6230"},
-			},
-			v4Subnets: []NetworkSubnet{
-				subnetStub{static: true, contains: map[string]bool{"192.168.100.10": true}},
-			},
-			v6Subnets: []NetworkSubnet{
-				subnetStub{static: true, contains: map[string]bool{"2a01:d2:af:420b:25c1:1816:bb33:855c": true}},
-			},
-		},
-		{
-			name: "static addresses out of range",
-			ipamConfig: &EndpointIPAMConfig{
-				IPv4Address: "192.168.100.10",
-				IPv6Address: "2a01:d2:af:420b:25c1:1816:bb33:855c",
-			},
-			v4Subnets: []NetworkSubnet{
-				subnetStub{static: true, contains: map[string]bool{"192.168.100.10": false}},
-			},
-			v6Subnets: []NetworkSubnet{
-				subnetStub{static: true, contains: map[string]bool{"2a01:d2:af:420b:25c1:1816:bb33:855c": false}},
-			},
-			expectedErrors: []string{
-				"no configured subnet or ip-range contain the IP address 192.168.100.10",
-				"no configured subnet or ip-range contain the IP address 2a01:d2:af:420b:25c1:1816:bb33:855c",
-			},
-		},
-		{
-			name: "static addresses with dynamic network subnets",
-			ipamConfig: &EndpointIPAMConfig{
-				IPv4Address: "192.168.100.10",
-				IPv6Address: "2a01:d2:af:420b:25c1:1816:bb33:855c",
-			},
-			v4Subnets: []NetworkSubnet{
-				subnetStub{static: false},
-			},
-			v6Subnets: []NetworkSubnet{
-				subnetStub{static: false},
-			},
-			expectedErrors: []string{
-				"user specified IP address is supported only when connecting to networks with user configured subnets",
-				"user specified IP address is supported only when connecting to networks with user configured subnets",
-			},
-		},
-	}
-
-	for _, tc := range testcases {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-
-			err := tc.ipamConfig.IsInRange(tc.v4Subnets, tc.v6Subnets)
-			if tc.expectedErrors == nil {
-				assert.NilError(t, err)
-				return
-			}
-
-			if _, ok := err.(interface{ Unwrap() []error }); !ok {
-				t.Fatal("returned error isn't a multierror")
-			}
-			errs := err.(interface{ Unwrap() []error }).Unwrap()
-			assert.Check(t, len(errs) == len(tc.expectedErrors), "errs: %+v", errs)
-
-			for _, expected := range tc.expectedErrors {
-				assert.Check(t, is.ErrorContains(err, expected))
-			}
-		})
-	}
-
-}
-
-func TestEndpointIPAMConfigWithInvalidConfig(t *testing.T) {
-	testcases := []struct {
-		name           string
-		ipamConfig     *EndpointIPAMConfig
-		expectedErrors []string
-	}{
-		{
-			name: "valid config",
-			ipamConfig: &EndpointIPAMConfig{
-				IPv4Address:  "192.168.100.10",
-				IPv6Address:  "2a01:d2:af:420b:25c1:1816:bb33:855c",
-				LinkLocalIPs: []string{"169.254.169.254", "fe80::42:a8ff:fe33:6230"},
-			},
-		},
-		{
-			name: "invalid IP addresses",
-			ipamConfig: &EndpointIPAMConfig{
-				IPv4Address:  "foo",
-				IPv6Address:  "bar",
-				LinkLocalIPs: []string{"baz", "foobar"},
-			},
-			expectedErrors: []string{
-				"invalid IPv4 address: foo",
-				"invalid IPv6 address: bar",
-				"invalid link-local IP address: baz",
-				"invalid link-local IP address: foobar",
-			},
-		},
-		{
-			name:       "ipv6 address with a zone",
-			ipamConfig: &EndpointIPAMConfig{IPv6Address: "fe80::1cc0:3e8c:119f:c2e1%ens18"},
-			expectedErrors: []string{
-				"invalid IPv6 address: fe80::1cc0:3e8c:119f:c2e1%ens18",
-			},
-		},
-		{
-			name: "unspecified address is invalid",
-			ipamConfig: &EndpointIPAMConfig{
-				IPv4Address:  "0.0.0.0",
-				IPv6Address:  "::",
-				LinkLocalIPs: []string{"0.0.0.0", "::"},
-			},
-			expectedErrors: []string{
-				"invalid IPv4 address: 0.0.0.0",
-				"invalid IPv6 address: ::",
-				"invalid link-local IP address: 0.0.0.0",
-				"invalid link-local IP address: ::",
-			},
-		},
-		{
-			name: "empty link-local",
-			ipamConfig: &EndpointIPAMConfig{
-				LinkLocalIPs: []string{""},
-			},
-			expectedErrors: []string{"invalid link-local IP address:"},
-		},
-	}
-
-	for _, tc := range testcases {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-
-			err := tc.ipamConfig.Validate()
-			if tc.expectedErrors == nil {
-				assert.NilError(t, err)
-				return
-			}
-
-			if _, ok := err.(interface{ Unwrap() []error }); !ok {
-				t.Fatal("returned error isn't a multierror")
-			}
-			errs := err.(interface{ Unwrap() []error }).Unwrap()
-			assert.Check(t, len(errs) == len(tc.expectedErrors), "errs: %+v", errs)
-
-			for _, expected := range tc.expectedErrors {
-				assert.Check(t, is.ErrorContains(err, expected))
-			}
-		})
-	}
-}
--- a/api/types/network/ipam.go
+++ b/api/types/network/ipam.go
@@ -1,151 +0,0 @@
-package network
-
-import (
-	"errors"
-	"fmt"
-	"net/netip"
-
-	"github.com/docker/docker/internal/multierror"
-)
-
-// IPAM represents IP Address Management
-type IPAM struct {
-	Driver  string
-	Options map[string]string // Per network IPAM driver options
-	Config  []IPAMConfig
-}
-
-// IPAMConfig represents IPAM configurations
-type IPAMConfig struct {
-	Subnet     string            `json:",omitempty"`
-	IPRange    string            `json:",omitempty"`
-	Gateway    string            `json:",omitempty"`
-	AuxAddress map[string]string `json:"AuxiliaryAddresses,omitempty"`
-}
-
-type ipFamily string
-
-const (
-	ip4 ipFamily = "IPv4"
-	ip6 ipFamily = "IPv6"
-)
-
-// HasIPv6Subnets checks whether there's any IPv6 subnets in the ipam parameter. It ignores any invalid Subnet and nil
-// ipam.
-func HasIPv6Subnets(ipam *IPAM) bool {
-	if ipam == nil {
-		return false
-	}
-
-	for _, cfg := range ipam.Config {
-		subnet, err := netip.ParsePrefix(cfg.Subnet)
-		if err != nil {
-			continue
-		}
-
-		if subnet.Addr().Is6() {
-			return true
-		}
-	}
-
-	return false
-}
-
-// ValidateIPAM checks whether the network's IPAM passed as argument is valid. It returns a joinError of the list of
-// errors found.
-func ValidateIPAM(ipam *IPAM) error {
-	if ipam == nil {
-		return nil
-	}
-
-	var errs []error
-	for _, cfg := range ipam.Config {
-		subnet, err := netip.ParsePrefix(cfg.Subnet)
-		if err != nil {
-			errs = append(errs, fmt.Errorf("invalid subnet %s: invalid CIDR block notation", cfg.Subnet))
-			continue
-		}
-		subnetFamily := ip4
-		if subnet.Addr().Is6() {
-			subnetFamily = ip6
-		}
-
-		if subnet != subnet.Masked() {
-			errs = append(errs, fmt.Errorf("invalid subnet %s: it should be %s", subnet, subnet.Masked()))
-		}
-
-		if ipRangeErrs := validateIPRange(cfg.IPRange, subnet, subnetFamily); len(ipRangeErrs) > 0 {
-			errs = append(errs, ipRangeErrs...)
-		}
-
-		if err := validateAddress(cfg.Gateway, subnet, subnetFamily); err != nil {
-			errs = append(errs, fmt.Errorf("invalid gateway %s: %w", cfg.Gateway, err))
-		}
-
-		for auxName, aux := range cfg.AuxAddress {
-			if err := validateAddress(aux, subnet, subnetFamily); err != nil {
-				errs = append(errs, fmt.Errorf("invalid auxiliary address %s: %w", auxName, err))
-			}
-		}
-	}
-
-	if err := multierror.Join(errs...); err != nil {
-		return fmt.Errorf("invalid network config:\n%w", err)
-	}
-
-	return nil
-}
-
-func validateIPRange(ipRange string, subnet netip.Prefix, subnetFamily ipFamily) []error {
-	if ipRange == "" {
-		return nil
-	}
-	prefix, err := netip.ParsePrefix(ipRange)
-	if err != nil {
-		return []error{fmt.Errorf("invalid ip-range %s: invalid CIDR block notation", ipRange)}
-	}
-	family := ip4
-	if prefix.Addr().Is6() {
-		family = ip6
-	}
-
-	if family != subnetFamily {
-		return []error{fmt.Errorf("invalid ip-range %s: parent subnet is an %s block", ipRange, subnetFamily)}
-	}
-
-	var errs []error
-	if prefix.Bits() < subnet.Bits() {
-		errs = append(errs, fmt.Errorf("invalid ip-range %s: CIDR block is bigger than its parent subnet %s", ipRange, subnet))
-	}
-	if prefix != prefix.Masked() {
-		errs = append(errs, fmt.Errorf("invalid ip-range %s: it should be %s", prefix, prefix.Masked()))
-	}
-	if !subnet.Overlaps(prefix) {
-		errs = append(errs, fmt.Errorf("invalid ip-range %s: parent subnet %s doesn't contain ip-range", ipRange, subnet))
-	}
-
-	return errs
-}
-
-func validateAddress(address string, subnet netip.Prefix, subnetFamily ipFamily) error {
-	if address == "" {
-		return nil
-	}
-	addr, err := netip.ParseAddr(address)
-	if err != nil {
-		return errors.New("invalid address")
-	}
-	family := ip4
-	if addr.Is6() {
-		family = ip6
-	}
-
-	if family != subnetFamily {
-		return fmt.Errorf("parent subnet is an %s block", subnetFamily)
-	}
-	if !subnet.Contains(addr) {
-		return fmt.Errorf("parent subnet %s doesn't contain this address", subnet)
-	}
-
-	return nil
-}
--- a/api/types/network/ipam_test.go
+++ b/api/types/network/ipam_test.go
@@ -1,137 +0,0 @@
-package network
-
-import (
-	"testing"
-
-	"gotest.tools/v3/assert"
-	is "gotest.tools/v3/assert/cmp"
-)
-
-func TestNetworkWithInvalidIPAM(t *testing.T) {
-	testcases := []struct {
-		name           string
-		ipam           IPAM
-		ipv6           bool
-		expectedErrors []string
-	}{
-		{
-			name: "IP version mismatch",
-			ipam: IPAM{
-				Config: []IPAMConfig{{
-					Subnet:     "10.10.10.0/24",
-					IPRange:    "2001:db8::/32",
-					Gateway:    "2001:db8::1",
-					AuxAddress: map[string]string{"DefaultGatewayIPv4": "2001:db8::1"},
-				}},
-			},
-			expectedErrors: []string{
-				"invalid ip-range 2001:db8::/32: parent subnet is an IPv4 block",
-				"invalid gateway 2001:db8::1: parent subnet is an IPv4 block",
-				"invalid auxiliary address DefaultGatewayIPv4: parent subnet is an IPv4 block",
-			},
-		},
-		{
-			name: "Invalid data - Subnet",
-			ipam: IPAM{Config: []IPAMConfig{{Subnet: "foobar"}}},
-			expectedErrors: []string{
-				`invalid subnet foobar: invalid CIDR block notation`,
-			},
-		},
-		{
-			name: "Invalid data",
-			ipam: IPAM{
-				Config: []IPAMConfig{{
-					Subnet:     "10.10.10.0/24",
-					IPRange:    "foobar",
-					Gateway:    "1001.10.5.3",
-					AuxAddress: map[string]string{"DefaultGatewayIPv4": "dummy"},
-				}},
-			},
-			expectedErrors: []string{
-				"invalid ip-range foobar: invalid CIDR block notation",
-				"invalid gateway 1001.10.5.3: invalid address",
-				"invalid auxiliary address DefaultGatewayIPv4: invalid address",
-			},
-		},
-		{
-			name: "IPRange bigger than its subnet",
-			ipam: IPAM{
-				Config: []IPAMConfig{
-					{Subnet: "10.10.10.0/24", IPRange: "10.0.0.0/8"},
-				},
-			},
-			expectedErrors: []string{
-				"invalid ip-range 10.0.0.0/8: CIDR block is bigger than its parent subnet 10.10.10.0/24",
-			},
-		},
-		{
-			name: "Out of range prefix & addresses",
-			ipam: IPAM{
-				Config: []IPAMConfig{{
-					Subnet:     "10.0.0.0/8",
-					IPRange:    "192.168.0.1/24",
-					Gateway:    "192.168.0.1",
-					AuxAddress: map[string]string{"DefaultGatewayIPv4": "192.168.0.1"},
-				}},
-			},
-			expectedErrors: []string{
-				"invalid ip-range 192.168.0.1/24: it should be 192.168.0.0/24",
-				"invalid ip-range 192.168.0.1/24: parent subnet 10.0.0.0/8 doesn't contain ip-range",
-				"invalid gateway 192.168.0.1: parent subnet 10.0.0.0/8 doesn't contain this address",
-				"invalid auxiliary address DefaultGatewayIPv4: parent subnet 10.0.0.0/8 doesn't contain this address",
-			},
-		},
-		{
-			name: "Subnet with host fragment set",
-			ipam: IPAM{
-				Config: []IPAMConfig{{
-					Subnet: "10.10.10.0/8",
-				}},
-			},
-			expectedErrors: []string{"invalid subnet 10.10.10.0/8: it should be 10.0.0.0/8"},
-		},
-		{
-			name: "IPRange with host fragment set",
-			ipam: IPAM{
-				Config: []IPAMConfig{{
-					Subnet:  "10.0.0.0/8",
-					IPRange: "10.10.10.0/16",
-				}},
-			},
-			expectedErrors: []string{"invalid ip-range 10.10.10.0/16: it should be 10.10.0.0/16"},
-		},
-		{
-			name: "Empty IPAM is valid",
-			ipam: IPAM{},
-		},
-		{
-			name: "Valid IPAM",
-			ipam: IPAM{
-				Config: []IPAMConfig{{
-					Subnet:     "10.0.0.0/8",
-					IPRange:    "10.10.0.0/16",
-					Gateway:    "10.10.0.1",
-					AuxAddress: map[string]string{"DefaultGatewayIPv4": "10.10.0.1"},
-				}},
-			},
-		},
-	}
-
-	for _, tc := range testcases {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-
-			errs := ValidateIPAM(&tc.ipam)
-			if tc.expectedErrors == nil {
-				assert.NilError(t, errs)
-				return
-			}
-
-			assert.Check(t, is.ErrorContains(errs, "invalid network config"))
-			for _, expected := range tc.expectedErrors {
-				assert.Check(t, is.ErrorContains(errs, expected))
-			}
-		})
-	}
-}
--- a/api/types/network/network.go
+++ b/api/types/network/network.go
@@ -1,34 +1,69 @@
 package network // import "github.com/docker/docker/api/types/network"
-
 import (
 	"github.com/docker/docker/api/types/filters"
 )

-const (
-	// NetworkDefault is a platform-independent alias to choose the platform-specific default network stack.
-	NetworkDefault = "default"
-	// NetworkHost is the name of the predefined network used when the NetworkMode host is selected (only available on Linux)
-	NetworkHost = "host"
-	// NetworkNone is the name of the predefined network used when the NetworkMode none is selected (available on both Linux and Windows)
-	NetworkNone = "none"
-	// NetworkBridge is the name of the default network on Linux
-	NetworkBridge = "bridge"
-	// NetworkNat is the name of the default network on Windows
-	NetworkNat = "nat"
-)
-
 // Address represents an IP address
 type Address struct {
 	Addr      string
 	PrefixLen int
 }

+// IPAM represents IP Address Management
+type IPAM struct {
+	Driver  string
+	Options map[string]string // Per network IPAM driver options
+	Config  []IPAMConfig
+}
+
+// IPAMConfig represents IPAM configurations
+type IPAMConfig struct {
+	Subnet     string            `json:",omitempty"`
+	IPRange    string            `json:",omitempty"`
+	Gateway    string            `json:",omitempty"`
+	AuxAddress map[string]string `json:"AuxiliaryAddresses,omitempty"`
+}
+
+// EndpointIPAMConfig represents IPAM configurations for the endpoint
+type EndpointIPAMConfig struct {
+	IPv4Address  string   `json:",omitempty"`
+	IPv6Address  string   `json:",omitempty"`
+	LinkLocalIPs []string `json:",omitempty"`
+}
+
+// Copy makes a copy of the endpoint ipam config
+func (cfg *EndpointIPAMConfig) Copy() *EndpointIPAMConfig {
+	cfgCopy := *cfg
+	cfgCopy.LinkLocalIPs = make([]string, 0, len(cfg.LinkLocalIPs))
+	cfgCopy.LinkLocalIPs = append(cfgCopy.LinkLocalIPs, cfg.LinkLocalIPs...)
+	return &cfgCopy
+}
+
 // PeerInfo represents one peer of an overlay network
 type PeerInfo struct {
 	Name string
 	IP   string
 }

+// EndpointSettings stores the network endpoint details
+type EndpointSettings struct {
+	// Configurations
+	IPAMConfig *EndpointIPAMConfig
+	Links      []string
+	Aliases    []string
+	// Operational data
+	NetworkID           string
+	EndpointID          string
+	Gateway             string
+	IPAddress           string
+	IPPrefixLen         int
+	IPv6Gateway         string
+	GlobalIPv6Address   string
+	GlobalIPv6PrefixLen int
+	MacAddress          string
+	DriverOpts          map[string]string
+}
+
 // Task carries the information about one backend task
 type Task struct {
 	Name       string
@@ -45,6 +80,25 @@ type ServiceInfo struct {
 	Tasks        []Task
 }

+// Copy makes a deep copy of `EndpointSettings`
+func (es *EndpointSettings) Copy() *EndpointSettings {
+	epCopy := *es
+	if es.IPAMConfig != nil {
+		epCopy.IPAMConfig = es.IPAMConfig.Copy()
+	}
+
+	if es.Links != nil {
+		links := make([]string, 0, len(es.Links))
+		epCopy.Links = append(links, es.Links...)
+	}
+
+	if es.Aliases != nil {
+		aliases := make([]string, 0, len(es.Aliases))
+		epCopy.Aliases = append(aliases, es.Aliases...)
+	}
+	return &epCopy
+}
+
 // NetworkingConfig represents the container's networking configuration for each of its interfaces
 // Carries the networking configs specified in the `docker run` and `docker network connect` commands
 type NetworkingConfig struct {
--- a/api/types/plugins/logdriver/entry.pb.go
+++ b/api/types/plugins/logdriver/entry.pb.go
@@ -1,15 +1,24 @@
-// Code generated by protoc-gen-gogo. DO NOT EDIT.
+// Code generated by protoc-gen-gogo.
 // source: entry.proto
+// DO NOT EDIT!

+/*
+	Package logdriver is a generated protocol buffer package.
+
+	It is generated from these files:
+		entry.proto
+
+	It has these top-level messages:
+		LogEntry
+		PartialLogEntryMetadata
+*/
 package logdriver

-import (
-	fmt "fmt"
-	proto "github.com/gogo/protobuf/proto"
-	io "io"
-	math "math"
-	math_bits "math/bits"
-)
+import proto "github.com/gogo/protobuf/proto"
+import fmt "fmt"
+import math "math"
+
+import io "io"

 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -20,48 +29,20 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package

 type LogEntry struct {
 	Source             string                   `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"`
 	TimeNano           int64                    `protobuf:"varint,2,opt,name=time_nano,json=timeNano,proto3" json:"time_nano,omitempty"`
 	Line               []byte                   `protobuf:"bytes,3,opt,name=line,proto3" json:"line,omitempty"`
 	Partial            bool                     `protobuf:"varint,4,opt,name=partial,proto3" json:"partial,omitempty"`
-	PartialLogMetadata *PartialLogEntryMetadata `protobuf:"bytes,5,opt,name=partial_log_metadata,json=partialLogMetadata,proto3" json:"partial_log_metadata,omitempty"`
+	PartialLogMetadata *PartialLogEntryMetadata `protobuf:"bytes,5,opt,name=partial_log_metadata,json=partialLogMetadata" json:"partial_log_metadata,omitempty"`
 }

-func (m *LogEntry) Reset()         { *m = LogEntry{} }
-func (m *LogEntry) String() string { return proto.CompactTextString(m) }
-func (*LogEntry) ProtoMessage()    {}
-func (*LogEntry) Descriptor() ([]byte, []int) {
-	return fileDescriptor_daa6c5b6c627940f, []int{0}
-}
-func (m *LogEntry) XXX_Unmarshal(b []byte) error {
-	return m.Unmarshal(b)
-}
-func (m *LogEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	if deterministic {
-		return xxx_messageInfo_LogEntry.Marshal(b, m, deterministic)
-	} else {
-		b = b[:cap(b)]
-		n, err := m.MarshalToSizedBuffer(b)
-		if err != nil {
-			return nil, err
-		}
-		return b[:n], nil
-	}
-}
-func (m *LogEntry) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogEntry.Merge(m, src)
-}
-func (m *LogEntry) XXX_Size() int {
-	return m.Size()
-}
-func (m *LogEntry) XXX_DiscardUnknown() {
-	xxx_messageInfo_LogEntry.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LogEntry proto.InternalMessageInfo
+func (m *LogEntry) Reset()                    { *m = LogEntry{} }
+func (m *LogEntry) String() string            { return proto.CompactTextString(m) }
+func (*LogEntry) ProtoMessage()               {}
+func (*LogEntry) Descriptor() ([]byte, []int) { return fileDescriptorEntry, []int{0} }

 func (m *LogEntry) GetSource() string {
 	if m != nil {
@@ -104,38 +85,10 @@ type PartialLogEntryMetadata struct {
 	Ordinal int32  `protobuf:"varint,3,opt,name=ordinal,proto3" json:"ordinal,omitempty"`
 }

-func (m *PartialLogEntryMetadata) Reset()         { *m = PartialLogEntryMetadata{} }
-func (m *PartialLogEntryMetadata) String() string { return proto.CompactTextString(m) }
-func (*PartialLogEntryMetadata) ProtoMessage()    {}
-func (*PartialLogEntryMetadata) Descriptor() ([]byte, []int) {
-	return fileDescriptor_daa6c5b6c627940f, []int{1}
-}
-func (m *PartialLogEntryMetadata) XXX_Unmarshal(b []byte) error {
-	return m.Unmarshal(b)
-}
-func (m *PartialLogEntryMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	if deterministic {
-		return xxx_messageInfo_PartialLogEntryMetadata.Marshal(b, m, deterministic)
-	} else {
-		b = b[:cap(b)]
-		n, err := m.MarshalToSizedBuffer(b)
-		if err != nil {
-			return nil, err
-		}
-		return b[:n], nil
-	}
-}
-func (m *PartialLogEntryMetadata) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PartialLogEntryMetadata.Merge(m, src)
-}
-func (m *PartialLogEntryMetadata) XXX_Size() int {
-	return m.Size()
-}
-func (m *PartialLogEntryMetadata) XXX_DiscardUnknown() {
-	xxx_messageInfo_PartialLogEntryMetadata.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PartialLogEntryMetadata proto.InternalMessageInfo
+func (m *PartialLogEntryMetadata) Reset()                    { *m = PartialLogEntryMetadata{} }
+func (m *PartialLogEntryMetadata) String() string            { return proto.CompactTextString(m) }
+func (*PartialLogEntryMetadata) ProtoMessage()               {}
+func (*PartialLogEntryMetadata) Descriptor() ([]byte, []int) { return fileDescriptorEntry, []int{1} }

 func (m *PartialLogEntryMetadata) GetLast() bool {
 	if m != nil {
@@ -162,33 +115,10 @@ func init() {
 	proto.RegisterType((*LogEntry)(nil), "LogEntry")
 	proto.RegisterType((*PartialLogEntryMetadata)(nil), "PartialLogEntryMetadata")
 }
-
-func init() { proto.RegisterFile("entry.proto", fileDescriptor_daa6c5b6c627940f) }
-
-var fileDescriptor_daa6c5b6c627940f = []byte{
-	// 250 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x90, 0xbd, 0x4a, 0x04, 0x31,
-	0x14, 0x85, 0xe7, 0xce, 0xfe, 0x38, 0x73, 0x57, 0x2c, 0x82, 0x68, 0x40, 0x08, 0x61, 0xab, 0x54,
-	0x5b, 0xe8, 0x1b, 0x08, 0x36, 0xa2, 0x22, 0x69, 0x2c, 0x87, 0xab, 0x13, 0x96, 0xc0, 0x6c, 0x32,
-	0x64, 0x63, 0xe1, 0x5b, 0xf8, 0x3a, 0xbe, 0x81, 0xe5, 0x96, 0x96, 0x32, 0xf3, 0x22, 0x32, 0x71,
-	0xc6, 0xce, 0xee, 0x9c, 0xf3, 0xa5, 0xf8, 0x72, 0x71, 0x65, 0x5c, 0x0c, 0x6f, 0x9b, 0x36, 0xf8,
-	0xe8, 0xd7, 0x1f, 0x80, 0xc5, 0x9d, 0xdf, 0xde, 0x0c, 0x13, 0x3b, 0xc3, 0xe5, 0xde, 0xbf, 0x86,
-	0x17, 0xc3, 0x41, 0x82, 0x2a, 0xf5, 0xd8, 0xd8, 0x05, 0x96, 0xd1, 0xee, 0x4c, 0xe5, 0xc8, 0x79,
-	0x9e, 0x4b, 0x50, 0x33, 0x5d, 0x0c, 0xc3, 0x03, 0x39, 0xcf, 0x18, 0xce, 0x1b, 0xeb, 0x0c, 0x9f,
-	0x49, 0x50, 0xc7, 0x3a, 0x65, 0xc6, 0xf1, 0xa8, 0xa5, 0x10, 0x2d, 0x35, 0x7c, 0x2e, 0x41, 0x15,
-	0x7a, 0xaa, 0xec, 0x16, 0x4f, 0xc7, 0x58, 0x35, 0x7e, 0x5b, 0xed, 0x4c, 0xa4, 0x9a, 0x22, 0xf1,
-	0x85, 0x04, 0xb5, 0xba, 0xe4, 0x9b, 0xc7, 0x5f, 0x38, 0x29, 0xdd, 0x8f, 0x5c, 0xb3, 0xf6, 0x0f,
-	0x4c, 0xdb, 0xfa, 0x09, 0xcf, 0xff, 0x79, 0x9e, 0xa4, 0x68, 0x1f, 0xd3, 0x3f, 0x0a, 0x9d, 0x32,
-	0x3b, 0xc1, 0xdc, 0xd6, 0x49, 0xbf, 0xd4, 0xb9, 0xad, 0x07, 0x49, 0x1f, 0x6a, 0xeb, 0xa8, 0x49,
-	0xee, 0x0b, 0x3d, 0xd5, 0x6b, 0xfe, 0xd9, 0x09, 0x38, 0x74, 0x02, 0xbe, 0x3b, 0x01, 0xef, 0xbd,
-	0xc8, 0x0e, 0xbd, 0xc8, 0xbe, 0x7a, 0x91, 0x3d, 0x2f, 0xd3, 0xd5, 0xae, 0x7e, 0x02, 0x00, 0x00,
-	0xff, 0xff, 0xbb, 0x82, 0x62, 0xd5, 0x44, 0x01, 0x00, 0x00,
-}
-
 func (m *LogEntry) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	n, err := m.MarshalTo(dAtA)
 	if err != nil {
 		return nil, err
 	}
@@ -196,63 +126,54 @@ func (m *LogEntry) Marshal() (dAtA []byte, err error) {
 }

 func (m *LogEntry) MarshalTo(dAtA []byte) (int, error) {
-	size := m.Size()
-	return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *LogEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
-	i := len(dAtA)
+	var i int
 	_ = i
 	var l int
 	_ = l
-	if m.PartialLogMetadata != nil {
-		{
-			size, err := m.PartialLogMetadata.MarshalToSizedBuffer(dAtA[:i])
-			if err != nil {
-				return 0, err
-			}
-			i -= size
-			i = encodeVarintEntry(dAtA, i, uint64(size))
-		}
-		i--
-		dAtA[i] = 0x2a
+	if len(m.Source) > 0 {
+		dAtA[i] = 0xa
+		i++
+		i = encodeVarintEntry(dAtA, i, uint64(len(m.Source)))
+		i += copy(dAtA[i:], m.Source)
+	}
+	if m.TimeNano != 0 {
+		dAtA[i] = 0x10
+		i++
+		i = encodeVarintEntry(dAtA, i, uint64(m.TimeNano))
+	}
+	if len(m.Line) > 0 {
+		dAtA[i] = 0x1a
+		i++
+		i = encodeVarintEntry(dAtA, i, uint64(len(m.Line)))
+		i += copy(dAtA[i:], m.Line)
 	}
 	if m.Partial {
-		i--
+		dAtA[i] = 0x20
+		i++
 		if m.Partial {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i--
-		dAtA[i] = 0x20
+		i++
 	}
-	if len(m.Line) > 0 {
-		i -= len(m.Line)
-		copy(dAtA[i:], m.Line)
-		i = encodeVarintEntry(dAtA, i, uint64(len(m.Line)))
-		i--
-		dAtA[i] = 0x1a
+	if m.PartialLogMetadata != nil {
+		dAtA[i] = 0x2a
+		i++
+		i = encodeVarintEntry(dAtA, i, uint64(m.PartialLogMetadata.Size()))
+		n1, err := m.PartialLogMetadata.MarshalTo(dAtA[i:])
+		if err != nil {
+			return 0, err
+		}
+		i += n1
 	}
-	if m.TimeNano != 0 {
-		i = encodeVarintEntry(dAtA, i, uint64(m.TimeNano))
-		i--
-		dAtA[i] = 0x10
-	}
-	if len(m.Source) > 0 {
-		i -= len(m.Source)
-		copy(dAtA[i:], m.Source)
-		i = encodeVarintEntry(dAtA, i, uint64(len(m.Source)))
-		i--
-		dAtA[i] = 0xa
-	}
-	return len(dAtA) - i, nil
+	return i, nil
 }

 func (m *PartialLogEntryMetadata) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	n, err := m.MarshalTo(dAtA)
 	if err != nil {
 		return nil, err
 	}
@@ -260,55 +181,62 @@ func (m *PartialLogEntryMetadata) Marshal() (dAtA []byte, err error) {
 }

 func (m *PartialLogEntryMetadata) MarshalTo(dAtA []byte) (int, error) {
-	size := m.Size()
-	return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *PartialLogEntryMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error) {
-	i := len(dAtA)
+	var i int
 	_ = i
 	var l int
 	_ = l
-	if m.Ordinal != 0 {
-		i = encodeVarintEntry(dAtA, i, uint64(m.Ordinal))
-		i--
-		dAtA[i] = 0x18
-	}
-	if len(m.Id) > 0 {
-		i -= len(m.Id)
-		copy(dAtA[i:], m.Id)
-		i = encodeVarintEntry(dAtA, i, uint64(len(m.Id)))
-		i--
-		dAtA[i] = 0x12
-	}
 	if m.Last {
-		i--
+		dAtA[i] = 0x8
+		i++
 		if m.Last {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i--
-		dAtA[i] = 0x8
+		i++
 	}
-	return len(dAtA) - i, nil
+	if len(m.Id) > 0 {
+		dAtA[i] = 0x12
+		i++
+		i = encodeVarintEntry(dAtA, i, uint64(len(m.Id)))
+		i += copy(dAtA[i:], m.Id)
+	}
+	if m.Ordinal != 0 {
+		dAtA[i] = 0x18
+		i++
+		i = encodeVarintEntry(dAtA, i, uint64(m.Ordinal))
+	}
+	return i, nil
 }

+func encodeFixed64Entry(dAtA []byte, offset int, v uint64) int {
+	dAtA[offset] = uint8(v)
+	dAtA[offset+1] = uint8(v >> 8)
+	dAtA[offset+2] = uint8(v >> 16)
+	dAtA[offset+3] = uint8(v >> 24)
+	dAtA[offset+4] = uint8(v >> 32)
+	dAtA[offset+5] = uint8(v >> 40)
+	dAtA[offset+6] = uint8(v >> 48)
+	dAtA[offset+7] = uint8(v >> 56)
+	return offset + 8
+}
+func encodeFixed32Entry(dAtA []byte, offset int, v uint32) int {
+	dAtA[offset] = uint8(v)
+	dAtA[offset+1] = uint8(v >> 8)
+	dAtA[offset+2] = uint8(v >> 16)
+	dAtA[offset+3] = uint8(v >> 24)
+	return offset + 4
+}
 func encodeVarintEntry(dAtA []byte, offset int, v uint64) int {
-	offset -= sovEntry(v)
-	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return base
+	return offset + 1
 }
 func (m *LogEntry) Size() (n int) {
-	if m == nil {
-		return 0
-	}
 	var l int
 	_ = l
 	l = len(m.Source)
@@ -333,9 +261,6 @@ func (m *LogEntry) Size() (n int) {
 }

 func (m *PartialLogEntryMetadata) Size() (n int) {
-	if m == nil {
-		return 0
-	}
 	var l int
 	_ = l
 	if m.Last {
@@ -352,7 +277,14 @@ func (m *PartialLogEntryMetadata) Size() (n int) {
 }

 func sovEntry(x uint64) (n int) {
-	return (math_bits.Len64(x|1) + 6) / 7
+	for {
+		n++
+		x >>= 7
+		if x == 0 {
+			break
+		}
+	}
+	return n
 }
 func sozEntry(x uint64) (n int) {
 	return sovEntry(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -372,7 +304,7 @@ func (m *LogEntry) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= uint64(b&0x7F) << shift
+			wire |= (uint64(b) & 0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -400,7 +332,7 @@ func (m *LogEntry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				stringLen |= (uint64(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -410,9 +342,6 @@ func (m *LogEntry) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthEntry
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthEntry
-			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -432,7 +361,7 @@ func (m *LogEntry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.TimeNano |= int64(b&0x7F) << shift
+				m.TimeNano |= (int64(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -451,7 +380,7 @@ func (m *LogEntry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				byteLen |= int(b&0x7F) << shift
+				byteLen |= (int(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -460,9 +389,6 @@ func (m *LogEntry) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthEntry
 			}
 			postIndex := iNdEx + byteLen
-			if postIndex < 0 {
-				return ErrInvalidLengthEntry
-			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -485,7 +411,7 @@ func (m *LogEntry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= int(b&0x7F) << shift
+				v |= (int(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -505,7 +431,7 @@ func (m *LogEntry) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				msglen |= (int(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -514,9 +440,6 @@ func (m *LogEntry) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthEntry
 			}
 			postIndex := iNdEx + msglen
-			if postIndex < 0 {
-				return ErrInvalidLengthEntry
-			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -533,7 +456,7 @@ func (m *LogEntry) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if (skippy < 0) || (iNdEx+skippy) < 0 {
+			if skippy < 0 {
 				return ErrInvalidLengthEntry
 			}
 			if (iNdEx + skippy) > l {
@@ -563,7 +486,7 @@ func (m *PartialLogEntryMetadata) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= uint64(b&0x7F) << shift
+			wire |= (uint64(b) & 0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -591,7 +514,7 @@ func (m *PartialLogEntryMetadata) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= int(b&0x7F) << shift
+				v |= (int(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -611,7 +534,7 @@ func (m *PartialLogEntryMetadata) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				stringLen |= (uint64(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -621,9 +544,6 @@ func (m *PartialLogEntryMetadata) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthEntry
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthEntry
-			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -643,7 +563,7 @@ func (m *PartialLogEntryMetadata) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				m.Ordinal |= int32(b&0x7F) << shift
+				m.Ordinal |= (int32(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -654,7 +574,7 @@ func (m *PartialLogEntryMetadata) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if (skippy < 0) || (iNdEx+skippy) < 0 {
+			if skippy < 0 {
 				return ErrInvalidLengthEntry
 			}
 			if (iNdEx + skippy) > l {
@@ -672,7 +592,6 @@ func (m *PartialLogEntryMetadata) Unmarshal(dAtA []byte) error {
 func skipEntry(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
-	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -704,8 +623,10 @@ func skipEntry(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
+			return iNdEx, nil
 		case 1:
 			iNdEx += 8
+			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -722,34 +643,74 @@ func skipEntry(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
+			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthEntry
 			}
-			iNdEx += length
+			return iNdEx, nil
 		case 3:
-			depth++
-		case 4:
-			if depth == 0 {
-				return 0, ErrUnexpectedEndOfGroupEntry
+			for {
+				var innerWire uint64
+				var start int = iNdEx
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return 0, ErrIntOverflowEntry
+					}
+					if iNdEx >= l {
+						return 0, io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					innerWire |= (uint64(b) & 0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				innerWireType := int(innerWire & 0x7)
+				if innerWireType == 4 {
+					break
+				}
+				next, err := skipEntry(dAtA[start:])
+				if err != nil {
+					return 0, err
+				}
+				iNdEx = start + next
 			}
-			depth--
+			return iNdEx, nil
+		case 4:
+			return iNdEx, nil
 		case 5:
 			iNdEx += 4
+			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
-		if iNdEx < 0 {
-			return 0, ErrInvalidLengthEntry
-		}
-		if depth == 0 {
-			return iNdEx, nil
-		}
 	}
-	return 0, io.ErrUnexpectedEOF
+	panic("unreachable")
 }

 var (
-	ErrInvalidLengthEntry        = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowEntry          = fmt.Errorf("proto: integer overflow")
-	ErrUnexpectedEndOfGroupEntry = fmt.Errorf("proto: unexpected end of group")
+	ErrInvalidLengthEntry = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowEntry   = fmt.Errorf("proto: integer overflow")
 )
+
+func init() { proto.RegisterFile("entry.proto", fileDescriptorEntry) }
+
+var fileDescriptorEntry = []byte{
+	// 237 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x74, 0x90, 0xbd, 0x4a, 0x04, 0x31,
+	0x14, 0x85, 0xb9, 0xb3, 0x3f, 0xce, 0xdc, 0x5d, 0x2c, 0x82, 0x68, 0x40, 0x18, 0xc2, 0x56, 0xa9,
+	0xb6, 0xd0, 0x37, 0x10, 0x6c, 0x44, 0x45, 0xd2, 0x58, 0x0e, 0x57, 0x27, 0x2c, 0x81, 0xd9, 0xdc,
+	0x21, 0x13, 0x0b, 0x1f, 0xcd, 0x37, 0xb0, 0xf4, 0x11, 0x64, 0x9e, 0x44, 0x26, 0x4e, 0xec, 0xec,
+	0xce, 0x39, 0x5f, 0x8a, 0x2f, 0x17, 0x37, 0xd6, 0xc7, 0xf0, 0xbe, 0xef, 0x03, 0x47, 0xde, 0x7d,
+	0x00, 0x96, 0xf7, 0x7c, 0xb8, 0x9d, 0x26, 0x71, 0x8e, 0xeb, 0x81, 0xdf, 0xc2, 0xab, 0x95, 0xa0,
+	0x40, 0x57, 0x66, 0x6e, 0xe2, 0x12, 0xab, 0xe8, 0x8e, 0xb6, 0xf1, 0xe4, 0x59, 0x16, 0x0a, 0xf4,
+	0xc2, 0x94, 0xd3, 0xf0, 0x48, 0x9e, 0x85, 0xc0, 0x65, 0xe7, 0xbc, 0x95, 0x0b, 0x05, 0x7a, 0x6b,
+	0x52, 0x16, 0x12, 0x4f, 0x7a, 0x0a, 0xd1, 0x51, 0x27, 0x97, 0x0a, 0x74, 0x69, 0x72, 0x15, 0x77,
+	0x78, 0x36, 0xc7, 0xa6, 0xe3, 0x43, 0x73, 0xb4, 0x91, 0x5a, 0x8a, 0x24, 0x57, 0x0a, 0xf4, 0xe6,
+	0x4a, 0xee, 0x9f, 0x7e, 0x61, 0x56, 0x7a, 0x98, 0xb9, 0x11, 0xfd, 0x1f, 0xc8, 0xdb, 0xee, 0x19,
+	0x2f, 0xfe, 0x79, 0x9e, 0xa4, 0x68, 0x88, 0xe9, 0x1f, 0xa5, 0x49, 0x59, 0x9c, 0x62, 0xe1, 0xda,
+	0xa4, 0x5f, 0x99, 0xc2, 0xb5, 0x93, 0x24, 0x87, 0xd6, 0x79, 0xea, 0x92, 0xfb, 0xca, 0xe4, 0x7a,
+	0xb3, 0xfd, 0x1c, 0x6b, 0xf8, 0x1a, 0x6b, 0xf8, 0x1e, 0x6b, 0x78, 0x59, 0xa7, 0x4b, 0x5d, 0xff,
+	0x04, 0x00, 0x00, 0xff, 0xff, 0x8f, 0xed, 0x9f, 0xb6, 0x38, 0x01, 0x00, 0x00,
+}
--- a/api/types/plugins/logdriver/gen.go
+++ b/api/types/plugins/logdriver/gen.go
@@ -1,3 +1,3 @@
-//go:generate protoc --gogofaster_out=import_path=github.com/docker/docker/api/types/plugins/logdriver:. entry.proto
+//go:generate protoc --gogofast_out=import_path=github.com/docker/docker/api/types/plugins/logdriver:. entry.proto

 package logdriver // import "github.com/docker/docker/api/types/plugins/logdriver"
--- a/api/types/registry/registry.go
+++ b/api/types/registry/registry.go
@@ -92,9 +92,7 @@ type SearchResult struct {
 	IsOfficial bool `json:"is_official"`
 	// Name is the name of the repository
 	Name string `json:"name"`
-	// IsAutomated indicates whether the result is automated.
-	//
-	// Deprecated: the "is_automated" field is deprecated and will always be "false" in the future.
+	// IsAutomated indicates whether the result is automated
 	IsAutomated bool `json:"is_automated"`
 	// Description is a textual description of the repository
 	Description string `json:"description"`
--- a/api/types/swarm/service_update_response.go
+++ b/api/types/swarm/service_update_response.go
@@ -1,4 +1,4 @@
-package swarm
+package types

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/api/types/swarm/container.go
+++ b/api/types/swarm/container.go
@@ -32,42 +32,6 @@ type SELinuxContext struct {
 	Level string
 }

-// SeccompMode is the type used for the enumeration of possible seccomp modes
-// in SeccompOpts
-type SeccompMode string
-
-const (
-	SeccompModeDefault    SeccompMode = "default"
-	SeccompModeUnconfined SeccompMode = "unconfined"
-	SeccompModeCustom     SeccompMode = "custom"
-)
-
-// SeccompOpts defines the options for configuring seccomp on a swarm-managed
-// container.
-type SeccompOpts struct {
-	// Mode is the SeccompMode used for the container.
-	Mode SeccompMode `json:",omitempty"`
-	// Profile is the custom seccomp profile as a json object to be used with
-	// the container. Mode should be set to SeccompModeCustom when using a
-	// custom profile in this manner.
-	Profile []byte `json:",omitempty"`
-}
-
-// AppArmorMode is type used for the enumeration of possible AppArmor modes in
-// AppArmorOpts
-type AppArmorMode string
-
-const (
-	AppArmorModeDefault  AppArmorMode = "default"
-	AppArmorModeDisabled AppArmorMode = "disabled"
-)
-
-// AppArmorOpts defines the options for configuring AppArmor on a swarm-managed
-// container.  Currently, custom AppArmor profiles are not supported.
-type AppArmorOpts struct {
-	Mode AppArmorMode `json:",omitempty"`
-}
-
 // CredentialSpec for managed service account (Windows only)
 type CredentialSpec struct {
 	Config   string
@@ -77,11 +41,8 @@ type CredentialSpec struct {

 // Privileges defines the security options for the container.
 type Privileges struct {
-	CredentialSpec  *CredentialSpec
-	SELinuxContext  *SELinuxContext
-	Seccomp         *SeccompOpts  `json:",omitempty"`
-	AppArmor        *AppArmorOpts `json:",omitempty"`
-	NoNewPrivileges bool
+	CredentialSpec *CredentialSpec
+	SELinuxContext *SELinuxContext
 }

 // ContainerSpec represents the spec of a container.
--- a/api/types/swarm/runtime/gen.go
+++ b/api/types/swarm/runtime/gen.go
@@ -1,3 +1,3 @@
-//go:generate protoc --gogofaster_out=import_path=github.com/docker/docker/api/types/swarm/runtime:. plugin.proto
+//go:generate protoc -I . --gogofast_out=import_path=github.com/docker/docker/api/types/swarm/runtime:. plugin.proto

 package runtime // import "github.com/docker/docker/api/types/swarm/runtime"
--- a/api/types/swarm/runtime/plugin.pb.go
+++ b/api/types/swarm/runtime/plugin.pb.go
@@ -1,15 +1,23 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: plugin.proto

+/*
+	Package runtime is a generated protocol buffer package.
+
+	It is generated from these files:
+		plugin.proto
+
+	It has these top-level messages:
+		PluginSpec
+		PluginPrivilege
+*/
 package runtime

-import (
-	fmt "fmt"
-	proto "github.com/gogo/protobuf/proto"
-	io "io"
-	math "math"
-	math_bits "math/bits"
-)
+import proto "github.com/gogo/protobuf/proto"
+import fmt "fmt"
+import math "math"
+
+import io "io"

 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -20,50 +28,22 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package

 // PluginSpec defines the base payload which clients can specify for creating
 // a service with the plugin runtime.
 type PluginSpec struct {
 	Name       string             `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	Remote     string             `protobuf:"bytes,2,opt,name=remote,proto3" json:"remote,omitempty"`
-	Privileges []*PluginPrivilege `protobuf:"bytes,3,rep,name=privileges,proto3" json:"privileges,omitempty"`
+	Privileges []*PluginPrivilege `protobuf:"bytes,3,rep,name=privileges" json:"privileges,omitempty"`
 	Disabled   bool               `protobuf:"varint,4,opt,name=disabled,proto3" json:"disabled,omitempty"`
-	Env        []string           `protobuf:"bytes,5,rep,name=env,proto3" json:"env,omitempty"`
+	Env        []string           `protobuf:"bytes,5,rep,name=env" json:"env,omitempty"`
 }

-func (m *PluginSpec) Reset()         { *m = PluginSpec{} }
-func (m *PluginSpec) String() string { return proto.CompactTextString(m) }
-func (*PluginSpec) ProtoMessage()    {}
-func (*PluginSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_22a625af4bc1cc87, []int{0}
-}
-func (m *PluginSpec) XXX_Unmarshal(b []byte) error {
-	return m.Unmarshal(b)
-}
-func (m *PluginSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	if deterministic {
-		return xxx_messageInfo_PluginSpec.Marshal(b, m, deterministic)
-	} else {
-		b = b[:cap(b)]
-		n, err := m.MarshalToSizedBuffer(b)
-		if err != nil {
-			return nil, err
-		}
-		return b[:n], nil
-	}
-}
-func (m *PluginSpec) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PluginSpec.Merge(m, src)
-}
-func (m *PluginSpec) XXX_Size() int {
-	return m.Size()
-}
-func (m *PluginSpec) XXX_DiscardUnknown() {
-	xxx_messageInfo_PluginSpec.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PluginSpec proto.InternalMessageInfo
+func (m *PluginSpec) Reset()                    { *m = PluginSpec{} }
+func (m *PluginSpec) String() string            { return proto.CompactTextString(m) }
+func (*PluginSpec) ProtoMessage()               {}
+func (*PluginSpec) Descriptor() ([]byte, []int) { return fileDescriptorPlugin, []int{0} }

 func (m *PluginSpec) GetName() string {
 	if m != nil {
@@ -105,41 +85,13 @@ func (m *PluginSpec) GetEnv() []string {
 type PluginPrivilege struct {
 	Name        string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	Description string   `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
-	Value       []string `protobuf:"bytes,3,rep,name=value,proto3" json:"value,omitempty"`
+	Value       []string `protobuf:"bytes,3,rep,name=value" json:"value,omitempty"`
 }

-func (m *PluginPrivilege) Reset()         { *m = PluginPrivilege{} }
-func (m *PluginPrivilege) String() string { return proto.CompactTextString(m) }
-func (*PluginPrivilege) ProtoMessage()    {}
-func (*PluginPrivilege) Descriptor() ([]byte, []int) {
-	return fileDescriptor_22a625af4bc1cc87, []int{1}
-}
-func (m *PluginPrivilege) XXX_Unmarshal(b []byte) error {
-	return m.Unmarshal(b)
-}
-func (m *PluginPrivilege) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	if deterministic {
-		return xxx_messageInfo_PluginPrivilege.Marshal(b, m, deterministic)
-	} else {
-		b = b[:cap(b)]
-		n, err := m.MarshalToSizedBuffer(b)
-		if err != nil {
-			return nil, err
-		}
-		return b[:n], nil
-	}
-}
-func (m *PluginPrivilege) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PluginPrivilege.Merge(m, src)
-}
-func (m *PluginPrivilege) XXX_Size() int {
-	return m.Size()
-}
-func (m *PluginPrivilege) XXX_DiscardUnknown() {
-	xxx_messageInfo_PluginPrivilege.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PluginPrivilege proto.InternalMessageInfo
+func (m *PluginPrivilege) Reset()                    { *m = PluginPrivilege{} }
+func (m *PluginPrivilege) String() string            { return proto.CompactTextString(m) }
+func (*PluginPrivilege) ProtoMessage()               {}
+func (*PluginPrivilege) Descriptor() ([]byte, []int) { return fileDescriptorPlugin, []int{1} }

 func (m *PluginPrivilege) GetName() string {
 	if m != nil {
@@ -166,32 +118,10 @@ func init() {
 	proto.RegisterType((*PluginSpec)(nil), "PluginSpec")
 	proto.RegisterType((*PluginPrivilege)(nil), "PluginPrivilege")
 }
-
-func init() { proto.RegisterFile("plugin.proto", fileDescriptor_22a625af4bc1cc87) }
-
-var fileDescriptor_22a625af4bc1cc87 = []byte{
-	// 225 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x29, 0xc8, 0x29, 0x4d,
-	0xcf, 0xcc, 0xd3, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x57, 0x9a, 0xc1, 0xc8, 0xc5, 0x15, 0x00, 0x16,
-	0x08, 0x2e, 0x48, 0x4d, 0x16, 0x12, 0xe2, 0x62, 0xc9, 0x4b, 0xcc, 0x4d, 0x95, 0x60, 0x54, 0x60,
-	0xd4, 0xe0, 0x0c, 0x02, 0xb3, 0x85, 0xc4, 0xb8, 0xd8, 0x8a, 0x52, 0x73, 0xf3, 0x4b, 0x52, 0x25,
-	0x98, 0xc0, 0xa2, 0x50, 0x9e, 0x90, 0x01, 0x17, 0x57, 0x41, 0x51, 0x66, 0x59, 0x66, 0x4e, 0x6a,
-	0x7a, 0x6a, 0xb1, 0x04, 0xb3, 0x02, 0xb3, 0x06, 0xb7, 0x91, 0x80, 0x1e, 0xc4, 0xb0, 0x00, 0x98,
-	0x44, 0x10, 0x92, 0x1a, 0x21, 0x29, 0x2e, 0x8e, 0x94, 0xcc, 0xe2, 0xc4, 0xa4, 0x9c, 0xd4, 0x14,
-	0x09, 0x16, 0x05, 0x46, 0x0d, 0x8e, 0x20, 0x38, 0x5f, 0x48, 0x80, 0x8b, 0x39, 0x35, 0xaf, 0x4c,
-	0x82, 0x55, 0x81, 0x59, 0x83, 0x33, 0x08, 0xc4, 0x54, 0x8a, 0xe5, 0xe2, 0x47, 0x33, 0x0c, 0xab,
-	0xf3, 0x14, 0xb8, 0xb8, 0x53, 0x52, 0x8b, 0x93, 0x8b, 0x32, 0x0b, 0x4a, 0x32, 0xf3, 0xf3, 0xa0,
-	0x6e, 0x44, 0x16, 0x12, 0x12, 0xe1, 0x62, 0x2d, 0x4b, 0xcc, 0x29, 0x4d, 0x05, 0xbb, 0x91, 0x33,
-	0x08, 0xc2, 0x71, 0x92, 0x38, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4,
-	0x18, 0x27, 0x3c, 0x96, 0x63, 0xb8, 0xf0, 0x58, 0x8e, 0xe1, 0xc6, 0x63, 0x39, 0x86, 0x24, 0x36,
-	0x70, 0xd0, 0x18, 0x03, 0x02, 0x00, 0x00, 0xff, 0xff, 0x37, 0xea, 0xe2, 0xca, 0x2a, 0x01, 0x00,
-	0x00,
-}
-
 func (m *PluginSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	n, err := m.MarshalTo(dAtA)
 	if err != nil {
 		return nil, err
 	}
@@ -199,69 +129,66 @@ func (m *PluginSpec) Marshal() (dAtA []byte, err error) {
 }

 func (m *PluginSpec) MarshalTo(dAtA []byte) (int, error) {
-	size := m.Size()
-	return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *PluginSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
-	i := len(dAtA)
+	var i int
 	_ = i
 	var l int
 	_ = l
-	if len(m.Env) > 0 {
-		for iNdEx := len(m.Env) - 1; iNdEx >= 0; iNdEx-- {
-			i -= len(m.Env[iNdEx])
-			copy(dAtA[i:], m.Env[iNdEx])
-			i = encodeVarintPlugin(dAtA, i, uint64(len(m.Env[iNdEx])))
-			i--
-			dAtA[i] = 0x2a
+	if len(m.Name) > 0 {
+		dAtA[i] = 0xa
+		i++
+		i = encodeVarintPlugin(dAtA, i, uint64(len(m.Name)))
+		i += copy(dAtA[i:], m.Name)
+	}
+	if len(m.Remote) > 0 {
+		dAtA[i] = 0x12
+		i++
+		i = encodeVarintPlugin(dAtA, i, uint64(len(m.Remote)))
+		i += copy(dAtA[i:], m.Remote)
+	}
+	if len(m.Privileges) > 0 {
+		for _, msg := range m.Privileges {
+			dAtA[i] = 0x1a
+			i++
+			i = encodeVarintPlugin(dAtA, i, uint64(msg.Size()))
+			n, err := msg.MarshalTo(dAtA[i:])
+			if err != nil {
+				return 0, err
+			}
+			i += n
 		}
 	}
 	if m.Disabled {
-		i--
+		dAtA[i] = 0x20
+		i++
 		if m.Disabled {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i--
-		dAtA[i] = 0x20
+		i++
 	}
-	if len(m.Privileges) > 0 {
-		for iNdEx := len(m.Privileges) - 1; iNdEx >= 0; iNdEx-- {
-			{
-				size, err := m.Privileges[iNdEx].MarshalToSizedBuffer(dAtA[:i])
-				if err != nil {
-					return 0, err
-				}
-				i -= size
-				i = encodeVarintPlugin(dAtA, i, uint64(size))
+	if len(m.Env) > 0 {
+		for _, s := range m.Env {
+			dAtA[i] = 0x2a
+			i++
+			l = len(s)
+			for l >= 1<<7 {
+				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
+				l >>= 7
+				i++
 			}
-			i--
-			dAtA[i] = 0x1a
+			dAtA[i] = uint8(l)
+			i++
+			i += copy(dAtA[i:], s)
 		}
 	}
-	if len(m.Remote) > 0 {
-		i -= len(m.Remote)
-		copy(dAtA[i:], m.Remote)
-		i = encodeVarintPlugin(dAtA, i, uint64(len(m.Remote)))
-		i--
-		dAtA[i] = 0x12
-	}
-	if len(m.Name) > 0 {
-		i -= len(m.Name)
-		copy(dAtA[i:], m.Name)
-		i = encodeVarintPlugin(dAtA, i, uint64(len(m.Name)))
-		i--
-		dAtA[i] = 0xa
-	}
-	return len(dAtA) - i, nil
+	return i, nil
 }

 func (m *PluginPrivilege) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	n, err := m.MarshalTo(dAtA)
 	if err != nil {
 		return nil, err
 	}
@@ -269,56 +196,50 @@ func (m *PluginPrivilege) Marshal() (dAtA []byte, err error) {
 }

 func (m *PluginPrivilege) MarshalTo(dAtA []byte) (int, error) {
-	size := m.Size()
-	return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *PluginPrivilege) MarshalToSizedBuffer(dAtA []byte) (int, error) {
-	i := len(dAtA)
+	var i int
 	_ = i
 	var l int
 	_ = l
-	if len(m.Value) > 0 {
-		for iNdEx := len(m.Value) - 1; iNdEx >= 0; iNdEx-- {
-			i -= len(m.Value[iNdEx])
-			copy(dAtA[i:], m.Value[iNdEx])
-			i = encodeVarintPlugin(dAtA, i, uint64(len(m.Value[iNdEx])))
-			i--
-			dAtA[i] = 0x1a
-		}
+	if len(m.Name) > 0 {
+		dAtA[i] = 0xa
+		i++
+		i = encodeVarintPlugin(dAtA, i, uint64(len(m.Name)))
+		i += copy(dAtA[i:], m.Name)
 	}
 	if len(m.Description) > 0 {
-		i -= len(m.Description)
-		copy(dAtA[i:], m.Description)
-		i = encodeVarintPlugin(dAtA, i, uint64(len(m.Description)))
-		i--
 		dAtA[i] = 0x12
+		i++
+		i = encodeVarintPlugin(dAtA, i, uint64(len(m.Description)))
+		i += copy(dAtA[i:], m.Description)
 	}
-	if len(m.Name) > 0 {
-		i -= len(m.Name)
-		copy(dAtA[i:], m.Name)
-		i = encodeVarintPlugin(dAtA, i, uint64(len(m.Name)))
-		i--
-		dAtA[i] = 0xa
+	if len(m.Value) > 0 {
+		for _, s := range m.Value {
+			dAtA[i] = 0x1a
+			i++
+			l = len(s)
+			for l >= 1<<7 {
+				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
+				l >>= 7
+				i++
+			}
+			dAtA[i] = uint8(l)
+			i++
+			i += copy(dAtA[i:], s)
+		}
 	}
-	return len(dAtA) - i, nil
+	return i, nil
 }

 func encodeVarintPlugin(dAtA []byte, offset int, v uint64) int {
-	offset -= sovPlugin(v)
-	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return base
+	return offset + 1
 }
 func (m *PluginSpec) Size() (n int) {
-	if m == nil {
-		return 0
-	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -348,9 +269,6 @@ func (m *PluginSpec) Size() (n int) {
 }

 func (m *PluginPrivilege) Size() (n int) {
-	if m == nil {
-		return 0
-	}
 	var l int
 	_ = l
 	l = len(m.Name)
@@ -371,7 +289,14 @@ func (m *PluginPrivilege) Size() (n int) {
 }

 func sovPlugin(x uint64) (n int) {
-	return (math_bits.Len64(x|1) + 6) / 7
+	for {
+		n++
+		x >>= 7
+		if x == 0 {
+			break
+		}
+	}
+	return n
 }
 func sozPlugin(x uint64) (n int) {
 	return sovPlugin(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -391,7 +316,7 @@ func (m *PluginSpec) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= uint64(b&0x7F) << shift
+			wire |= (uint64(b) & 0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -419,7 +344,7 @@ func (m *PluginSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				stringLen |= (uint64(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -429,9 +354,6 @@ func (m *PluginSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthPlugin
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthPlugin
-			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -451,7 +373,7 @@ func (m *PluginSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				stringLen |= (uint64(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -461,9 +383,6 @@ func (m *PluginSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthPlugin
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthPlugin
-			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -483,7 +402,7 @@ func (m *PluginSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				msglen |= (int(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -492,9 +411,6 @@ func (m *PluginSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthPlugin
 			}
 			postIndex := iNdEx + msglen
-			if postIndex < 0 {
-				return ErrInvalidLengthPlugin
-			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -517,7 +433,7 @@ func (m *PluginSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				v |= int(b&0x7F) << shift
+				v |= (int(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -537,7 +453,7 @@ func (m *PluginSpec) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				stringLen |= (uint64(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -547,9 +463,6 @@ func (m *PluginSpec) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthPlugin
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthPlugin
-			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -561,7 +474,7 @@ func (m *PluginSpec) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if (skippy < 0) || (iNdEx+skippy) < 0 {
+			if skippy < 0 {
 				return ErrInvalidLengthPlugin
 			}
 			if (iNdEx + skippy) > l {
@@ -591,7 +504,7 @@ func (m *PluginPrivilege) Unmarshal(dAtA []byte) error {
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
-			wire |= uint64(b&0x7F) << shift
+			wire |= (uint64(b) & 0x7F) << shift
 			if b < 0x80 {
 				break
 			}
@@ -619,7 +532,7 @@ func (m *PluginPrivilege) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				stringLen |= (uint64(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -629,9 +542,6 @@ func (m *PluginPrivilege) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthPlugin
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthPlugin
-			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -651,7 +561,7 @@ func (m *PluginPrivilege) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				stringLen |= (uint64(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -661,9 +571,6 @@ func (m *PluginPrivilege) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthPlugin
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthPlugin
-			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -683,7 +590,7 @@ func (m *PluginPrivilege) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				stringLen |= (uint64(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
@@ -693,9 +600,6 @@ func (m *PluginPrivilege) Unmarshal(dAtA []byte) error {
 				return ErrInvalidLengthPlugin
 			}
 			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthPlugin
-			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
@@ -707,7 +611,7 @@ func (m *PluginPrivilege) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if (skippy < 0) || (iNdEx+skippy) < 0 {
+			if skippy < 0 {
 				return ErrInvalidLengthPlugin
 			}
 			if (iNdEx + skippy) > l {
@@ -725,7 +629,6 @@ func (m *PluginPrivilege) Unmarshal(dAtA []byte) error {
 func skipPlugin(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
-	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -757,8 +660,10 @@ func skipPlugin(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
+			return iNdEx, nil
 		case 1:
 			iNdEx += 8
+			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -775,34 +680,75 @@ func skipPlugin(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
+			iNdEx += length
 			if length < 0 {
 				return 0, ErrInvalidLengthPlugin
 			}
-			iNdEx += length
+			return iNdEx, nil
 		case 3:
-			depth++
-		case 4:
-			if depth == 0 {
-				return 0, ErrUnexpectedEndOfGroupPlugin
+			for {
+				var innerWire uint64
+				var start int = iNdEx
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return 0, ErrIntOverflowPlugin
+					}
+					if iNdEx >= l {
+						return 0, io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					innerWire |= (uint64(b) & 0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				innerWireType := int(innerWire & 0x7)
+				if innerWireType == 4 {
+					break
+				}
+				next, err := skipPlugin(dAtA[start:])
+				if err != nil {
+					return 0, err
+				}
+				iNdEx = start + next
 			}
-			depth--
+			return iNdEx, nil
+		case 4:
+			return iNdEx, nil
 		case 5:
 			iNdEx += 4
+			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
-		if iNdEx < 0 {
-			return 0, ErrInvalidLengthPlugin
-		}
-		if depth == 0 {
-			return iNdEx, nil
-		}
 	}
-	return 0, io.ErrUnexpectedEOF
+	panic("unreachable")
 }

 var (
-	ErrInvalidLengthPlugin        = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowPlugin          = fmt.Errorf("proto: integer overflow")
-	ErrUnexpectedEndOfGroupPlugin = fmt.Errorf("proto: unexpected end of group")
+	ErrInvalidLengthPlugin = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowPlugin   = fmt.Errorf("proto: integer overflow")
 )
+
+func init() { proto.RegisterFile("plugin.proto", fileDescriptorPlugin) }
+
+var fileDescriptorPlugin = []byte{
+	// 256 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x90, 0x4d, 0x4b, 0xc3, 0x30,
+	0x18, 0xc7, 0x89, 0xdd, 0xc6, 0xfa, 0x4c, 0x70, 0x04, 0x91, 0xe2, 0xa1, 0x94, 0x9d, 0x7a, 0x6a,
+	0x45, 0x2f, 0x82, 0x37, 0x0f, 0x9e, 0x47, 0xbc, 0x09, 0x1e, 0xd2, 0xf6, 0xa1, 0x06, 0x9b, 0x17,
+	0x92, 0xb4, 0xe2, 0x37, 0xf1, 0x23, 0x79, 0xf4, 0x23, 0x48, 0x3f, 0x89, 0x98, 0x75, 0x32, 0x64,
+	0xa7, 0xff, 0x4b, 0xc2, 0x9f, 0x1f, 0x0f, 0x9c, 0x9a, 0xae, 0x6f, 0x85, 0x2a, 0x8c, 0xd5, 0x5e,
+	0x6f, 0x3e, 0x08, 0xc0, 0x36, 0x14, 0x8f, 0x06, 0x6b, 0x4a, 0x61, 0xa6, 0xb8, 0xc4, 0x84, 0x64,
+	0x24, 0x8f, 0x59, 0xf0, 0xf4, 0x02, 0x16, 0x16, 0xa5, 0xf6, 0x98, 0x9c, 0x84, 0x76, 0x4a, 0xf4,
+	0x0a, 0xc0, 0x58, 0x31, 0x88, 0x0e, 0x5b, 0x74, 0x49, 0x94, 0x45, 0xf9, 0xea, 0x7a, 0x5d, 0xec,
+	0xc6, 0xb6, 0xfb, 0x07, 0x76, 0xf0, 0x87, 0x5e, 0xc2, 0xb2, 0x11, 0x8e, 0x57, 0x1d, 0x36, 0xc9,
+	0x2c, 0x23, 0xf9, 0x92, 0xfd, 0x65, 0xba, 0x86, 0x08, 0xd5, 0x90, 0xcc, 0xb3, 0x28, 0x8f, 0xd9,
+	0xaf, 0xdd, 0x3c, 0xc3, 0xd9, 0xbf, 0xb1, 0xa3, 0x78, 0x19, 0xac, 0x1a, 0x74, 0xb5, 0x15, 0xc6,
+	0x0b, 0xad, 0x26, 0xc6, 0xc3, 0x8a, 0x9e, 0xc3, 0x7c, 0xe0, 0x5d, 0x8f, 0x81, 0x31, 0x66, 0xbb,
+	0x70, 0xff, 0xf0, 0x39, 0xa6, 0xe4, 0x6b, 0x4c, 0xc9, 0xf7, 0x98, 0x92, 0xa7, 0xdb, 0x56, 0xf8,
+	0x97, 0xbe, 0x2a, 0x6a, 0x2d, 0xcb, 0x46, 0xd7, 0xaf, 0x68, 0xf7, 0xc2, 0x8d, 0x28, 0xfd, 0xbb,
+	0x41, 0x57, 0xba, 0x37, 0x6e, 0x65, 0x69, 0x7b, 0xe5, 0x85, 0xc4, 0xbb, 0x49, 0xab, 0x45, 0x38,
+	0xe4, 0xcd, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x99, 0xa8, 0xd9, 0x9b, 0x58, 0x01, 0x00, 0x00,
+}
--- a/api/types/swarm/runtime/plugin.proto
+++ b/api/types/swarm/runtime/plugin.proto
@@ -1,5 +1,7 @@
 syntax = "proto3";

+option go_package = "github.com/docker/docker/api/types/swarm/runtime;runtime";
+
 // PluginSpec defines the base payload which clients can specify for creating
 // a service with the plugin runtime.
 message PluginSpec {
--- a/api/types/swarm/service.go
+++ b/api/types/swarm/service.go
@@ -34,9 +34,9 @@ type ServiceSpec struct {
 	UpdateConfig   *UpdateConfig `json:",omitempty"`
 	RollbackConfig *UpdateConfig `json:",omitempty"`

-	// Networks specifies which networks the service should attach to.
-	//
-	// Deprecated: This field is deprecated since v1.44. The Networks field in TaskSpec should be used instead.
+	// Networks field in ServiceSpec is deprecated. The
+	// same field in TaskSpec should be used instead.
+	// This field will be removed in a future release.
 	Networks     []NetworkAttachmentConfig `json:",omitempty"`
 	EndpointSpec *EndpointSpec             `json:",omitempty"`
 }
--- a/api/types/swarm/service_create_response.go
+++ b/api/types/swarm/service_create_response.go
@@ -1,20 +0,0 @@
-package swarm
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
-
-// ServiceCreateResponse contains the information returned to a client on the
-// creation of a new service.
-//
-// swagger:model ServiceCreateResponse
-type ServiceCreateResponse struct {
-
-	// The ID of the created service.
-	ID string `json:"ID,omitempty"`
-
-	// Optional warning message.
-	//
-	// FIXME(thaJeztah): this should have "omitempty" in the generated type.
-	//
-	Warnings []string `json:"Warnings"`
-}
--- a/api/types/system/info.go
+++ b/api/types/system/info.go
@@ -1,116 +0,0 @@
-package system
-
-import (
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/api/types/swarm"
-)
-
-// Info contains response of Engine API:
-// GET "/info"
-type Info struct {
-	ID                 string
-	Containers         int
-	ContainersRunning  int
-	ContainersPaused   int
-	ContainersStopped  int
-	Images             int
-	Driver             string
-	DriverStatus       [][2]string
-	SystemStatus       [][2]string `json:",omitempty"` // SystemStatus is only propagated by the Swarm standalone API
-	Plugins            PluginsInfo
-	MemoryLimit        bool
-	SwapLimit          bool
-	KernelMemory       bool `json:",omitempty"` // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes
-	KernelMemoryTCP    bool `json:",omitempty"` // KernelMemoryTCP is not supported on cgroups v2.
-	CPUCfsPeriod       bool `json:"CpuCfsPeriod"`
-	CPUCfsQuota        bool `json:"CpuCfsQuota"`
-	CPUShares          bool
-	CPUSet             bool
-	PidsLimit          bool
-	IPv4Forwarding     bool
-	BridgeNfIptables   bool
-	BridgeNfIP6tables  bool `json:"BridgeNfIp6tables"`
-	Debug              bool
-	NFd                int
-	OomKillDisable     bool
-	NGoroutines        int
-	SystemTime         string
-	LoggingDriver      string
-	CgroupDriver       string
-	CgroupVersion      string `json:",omitempty"`
-	NEventsListener    int
-	KernelVersion      string
-	OperatingSystem    string
-	OSVersion          string
-	OSType             string
-	Architecture       string
-	IndexServerAddress string
-	RegistryConfig     *registry.ServiceConfig
-	NCPU               int
-	MemTotal           int64
-	GenericResources   []swarm.GenericResource
-	DockerRootDir      string
-	HTTPProxy          string `json:"HttpProxy"`
-	HTTPSProxy         string `json:"HttpsProxy"`
-	NoProxy            string
-	Name               string
-	Labels             []string
-	ExperimentalBuild  bool
-	ServerVersion      string
-	Runtimes           map[string]RuntimeWithStatus
-	DefaultRuntime     string
-	Swarm              swarm.Info
-	// LiveRestoreEnabled determines whether containers should be kept
-	// running when the daemon is shutdown or upon daemon start if
-	// running containers are detected
-	LiveRestoreEnabled  bool
-	Isolation           container.Isolation
-	InitBinary          string
-	ContainerdCommit    Commit
-	RuncCommit          Commit
-	InitCommit          Commit
-	SecurityOptions     []string
-	ProductLicense      string               `json:",omitempty"`
-	DefaultAddressPools []NetworkAddressPool `json:",omitempty"`
-	CDISpecDirs         []string
-
-	// Legacy API fields for older API versions.
-	legacyFields
-
-	// Warnings contains a slice of warnings that occurred  while collecting
-	// system information. These warnings are intended to be informational
-	// messages for the user, and are not intended to be parsed / used for
-	// other purposes, as they do not have a fixed format.
-	Warnings []string
-}
-
-type legacyFields struct {
-	ExecutionDriver string `json:",omitempty"` // Deprecated: deprecated since API v1.25, but returned for older versions.
-}
-
-// PluginsInfo is a temp struct holding Plugins name
-// registered with docker daemon. It is used by [Info] struct
-type PluginsInfo struct {
-	// List of Volume plugins registered
-	Volume []string
-	// List of Network plugins registered
-	Network []string
-	// List of Authorization plugins registered
-	Authorization []string
-	// List of Log plugins registered
-	Log []string
-}
-
-// Commit holds the Git-commit (SHA1) that a binary was built from, as reported
-// in the version-string of external tools, such as containerd, or runC.
-type Commit struct {
-	ID       string // ID is the actual commit ID of external tool.
-	Expected string // Expected is the commit ID of external tool expected by dockerd as set at build time.
-}
-
-// NetworkAddressPool is a temp struct used by [Info] struct.
-type NetworkAddressPool struct {
-	Base string
-	Size int
-}
--- a/api/types/system/runtime.go
+++ b/api/types/system/runtime.go
@@ -1,20 +0,0 @@
-package system
-
-// Runtime describes an OCI runtime
-type Runtime struct {
-	// "Legacy" runtime configuration for runc-compatible runtimes.
-
-	Path string   `json:"path,omitempty"`
-	Args []string `json:"runtimeArgs,omitempty"`
-
-	// Shimv2 runtime configuration. Mutually exclusive with the legacy config above.
-
-	Type    string                 `json:"runtimeType,omitempty"`
-	Options map[string]interface{} `json:"options,omitempty"`
-}
-
-// RuntimeWithStatus extends [Runtime] to hold [RuntimeStatus].
-type RuntimeWithStatus struct {
-	Runtime
-	Status map[string]string `json:"status,omitempty"`
-}
--- a/api/types/system/security_opts.go
+++ b/api/types/system/security_opts.go
@@ -1,48 +0,0 @@
-package system
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-)
-
-// SecurityOpt contains the name and options of a security option
-type SecurityOpt struct {
-	Name    string
-	Options []KeyValue
-}
-
-// DecodeSecurityOptions decodes a security options string slice to a
-// type-safe [SecurityOpt].
-func DecodeSecurityOptions(opts []string) ([]SecurityOpt, error) {
-	so := []SecurityOpt{}
-	for _, opt := range opts {
-		// support output from a < 1.13 docker daemon
-		if !strings.Contains(opt, "=") {
-			so = append(so, SecurityOpt{Name: opt})
-			continue
-		}
-		secopt := SecurityOpt{}
-		for _, s := range strings.Split(opt, ",") {
-			k, v, ok := strings.Cut(s, "=")
-			if !ok {
-				return nil, fmt.Errorf("invalid security option %q", s)
-			}
-			if k == "" || v == "" {
-				return nil, errors.New("invalid empty security option")
-			}
-			if k == "name" {
-				secopt.Name = v
-				continue
-			}
-			secopt.Options = append(secopt.Options, KeyValue{Key: k, Value: v})
-		}
-		so = append(so, secopt)
-	}
-	return so, nil
-}
-
-// KeyValue holds a key/value pair.
-type KeyValue struct {
-	Key, Value string
-}
--- a/api/types/types.go
+++ b/api/types/types.go
@@ -1,15 +1,18 @@
 package types // import "github.com/docker/docker/api/types"

 import (
+	"errors"
+	"fmt"
 	"io"
 	"os"
+	"strings"
 	"time"

 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/api/types/volume"
 	"github.com/docker/go-connections/nat"
@@ -77,8 +80,6 @@ type ImageInspect struct {
 	// Container is the ID of the container that was used to create the image.
 	//
 	// Depending on how the image was created, this field may be empty.
-	//
-	// Deprecated: this field is omitted in API v1.45, but kept for backward compatibility.
 	Container string

 	// ContainerConfig is an optional field containing the configuration of the
@@ -86,8 +87,6 @@ type ImageInspect struct {
 	//
 	// Previous versions of Docker builder used this field to store build cache,
 	// and it is not in active use anymore.
-	//
-	// Deprecated: this field is omitted in API v1.45, but kept for backward compatibility.
 	ContainerConfig *container.Config

 	// DockerVersion is the version of Docker that was used to build the image.
@@ -119,7 +118,12 @@ type ImageInspect struct {
 	// VirtualSize is the total size of the image including all layers it is
 	// composed of.
 	//
-	// Deprecated: this field is omitted in API v1.44, but kept for backward compatibility. Use Size instead.
+	// In versions of Docker before v1.10, this field was calculated from
+	// the image itself and all of its parent images. Docker v1.10 and up
+	// store images self-contained, and no longer use a parent-chain, making
+	// this field an equivalent of the Size field.
+	//
+	// Deprecated: Unused in API 1.43 and up, but kept for backward compatibility with older API versions.
 	VirtualSize int64 `json:"VirtualSize,omitempty"`

 	// GraphDriver holds information about the storage driver used to store the
@@ -133,7 +137,13 @@ type ImageInspect struct {
 	// Metadata of the image in the local cache.
 	//
 	// This information is local to the daemon, and not part of the image itself.
-	Metadata image.Metadata
+	Metadata ImageMetadata
+}
+
+// ImageMetadata contains engine-local data about the image
+type ImageMetadata struct {
+	// LastTagTime is the date and time at which the image was last tagged.
+	LastTagTime time.Time `json:",omitempty"`
 }

 // Container contains response of Engine API:
@@ -227,6 +237,148 @@ type Version struct {
 	BuildTime     string `json:",omitempty"`
 }

+// Commit holds the Git-commit (SHA1) that a binary was built from, as reported
+// in the version-string of external tools, such as containerd, or runC.
+type Commit struct {
+	ID       string // ID is the actual commit ID of external tool.
+	Expected string // Expected is the commit ID of external tool expected by dockerd as set at build time.
+}
+
+// Info contains response of Engine API:
+// GET "/info"
+type Info struct {
+	ID                 string
+	Containers         int
+	ContainersRunning  int
+	ContainersPaused   int
+	ContainersStopped  int
+	Images             int
+	Driver             string
+	DriverStatus       [][2]string
+	SystemStatus       [][2]string `json:",omitempty"` // SystemStatus is only propagated by the Swarm standalone API
+	Plugins            PluginsInfo
+	MemoryLimit        bool
+	SwapLimit          bool
+	KernelMemory       bool `json:",omitempty"` // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes
+	KernelMemoryTCP    bool `json:",omitempty"` // KernelMemoryTCP is not supported on cgroups v2.
+	CPUCfsPeriod       bool `json:"CpuCfsPeriod"`
+	CPUCfsQuota        bool `json:"CpuCfsQuota"`
+	CPUShares          bool
+	CPUSet             bool
+	PidsLimit          bool
+	IPv4Forwarding     bool
+	BridgeNfIptables   bool
+	BridgeNfIP6tables  bool `json:"BridgeNfIp6tables"`
+	Debug              bool
+	NFd                int
+	OomKillDisable     bool
+	NGoroutines        int
+	SystemTime         string
+	LoggingDriver      string
+	CgroupDriver       string
+	CgroupVersion      string `json:",omitempty"`
+	NEventsListener    int
+	KernelVersion      string
+	OperatingSystem    string
+	OSVersion          string
+	OSType             string
+	Architecture       string
+	IndexServerAddress string
+	RegistryConfig     *registry.ServiceConfig
+	NCPU               int
+	MemTotal           int64
+	GenericResources   []swarm.GenericResource
+	DockerRootDir      string
+	HTTPProxy          string `json:"HttpProxy"`
+	HTTPSProxy         string `json:"HttpsProxy"`
+	NoProxy            string
+	Name               string
+	Labels             []string
+	ExperimentalBuild  bool
+	ServerVersion      string
+	Runtimes           map[string]Runtime
+	DefaultRuntime     string
+	Swarm              swarm.Info
+	// LiveRestoreEnabled determines whether containers should be kept
+	// running when the daemon is shutdown or upon daemon start if
+	// running containers are detected
+	LiveRestoreEnabled  bool
+	Isolation           container.Isolation
+	InitBinary          string
+	ContainerdCommit    Commit
+	RuncCommit          Commit
+	InitCommit          Commit
+	SecurityOptions     []string
+	ProductLicense      string               `json:",omitempty"`
+	DefaultAddressPools []NetworkAddressPool `json:",omitempty"`
+
+	// Warnings contains a slice of warnings that occurred  while collecting
+	// system information. These warnings are intended to be informational
+	// messages for the user, and are not intended to be parsed / used for
+	// other purposes, as they do not have a fixed format.
+	Warnings []string
+}
+
+// KeyValue holds a key/value pair
+type KeyValue struct {
+	Key, Value string
+}
+
+// NetworkAddressPool is a temp struct used by Info struct
+type NetworkAddressPool struct {
+	Base string
+	Size int
+}
+
+// SecurityOpt contains the name and options of a security option
+type SecurityOpt struct {
+	Name    string
+	Options []KeyValue
+}
+
+// DecodeSecurityOptions decodes a security options string slice to a type safe
+// SecurityOpt
+func DecodeSecurityOptions(opts []string) ([]SecurityOpt, error) {
+	so := []SecurityOpt{}
+	for _, opt := range opts {
+		// support output from a < 1.13 docker daemon
+		if !strings.Contains(opt, "=") {
+			so = append(so, SecurityOpt{Name: opt})
+			continue
+		}
+		secopt := SecurityOpt{}
+		for _, s := range strings.Split(opt, ",") {
+			k, v, ok := strings.Cut(s, "=")
+			if !ok {
+				return nil, fmt.Errorf("invalid security option %q", s)
+			}
+			if k == "" || v == "" {
+				return nil, errors.New("invalid empty security option")
+			}
+			if k == "name" {
+				secopt.Name = v
+				continue
+			}
+			secopt.Options = append(secopt.Options, KeyValue{Key: k, Value: v})
+		}
+		so = append(so, secopt)
+	}
+	return so, nil
+}
+
+// PluginsInfo is a temp struct holding Plugins name
+// registered with docker daemon. It is used by Info struct
+type PluginsInfo struct {
+	// List of Volume plugins registered
+	Volume []string
+	// List of Network plugins registered
+	Network []string
+	// List of Authorization plugins registered
+	Authorization []string
+	// List of Log plugins registered
+	Log []string
+}
+
 // ExecStartCheck is a temp struct used by execStart
 // Config fields is part of ExecConfig in runconfig package
 type ExecStartCheck struct {
@@ -339,27 +491,17 @@ type SummaryNetworkSettings struct {
 	Networks map[string]*network.EndpointSettings
 }

-// NetworkSettingsBase holds networking state for a container when inspecting it.
+// NetworkSettingsBase holds basic information about networks
 type NetworkSettingsBase struct {
-	Bridge     string      // Bridge contains the name of the default bridge interface iff it was set through the daemon --bridge flag.
-	SandboxID  string      // SandboxID uniquely represents a container's network stack
-	SandboxKey string      // SandboxKey identifies the sandbox
-	Ports      nat.PortMap // Ports is a collection of PortBinding indexed by Port
-
-	// HairpinMode specifies if hairpin NAT should be enabled on the virtual interface
-	//
-	// Deprecated: This field is never set and will be removed in a future release.
-	HairpinMode bool
-	// LinkLocalIPv6Address is an IPv6 unicast address using the link-local prefix
-	//
-	// Deprecated: This field is never set and will be removed in a future release.
-	LinkLocalIPv6Address string
-	// LinkLocalIPv6PrefixLen is the prefix length of an IPv6 unicast address
-	//
-	// Deprecated: This field is never set and will be removed in a future release.
-	LinkLocalIPv6PrefixLen int
-	SecondaryIPAddresses   []network.Address // Deprecated: This field is never set and will be removed in a future release.
-	SecondaryIPv6Addresses []network.Address // Deprecated: This field is never set and will be removed in a future release.
+	Bridge                 string      // Bridge is the Bridge name the network uses(e.g. `docker0`)
+	SandboxID              string      // SandboxID uniquely represents a container's network stack
+	HairpinMode            bool        // HairpinMode specifies if hairpin NAT should be enabled on the virtual interface
+	LinkLocalIPv6Address   string      // LinkLocalIPv6Address is an IPv6 unicast address using the link-local prefix
+	LinkLocalIPv6PrefixLen int         // LinkLocalIPv6PrefixLen is the prefix length of an IPv6 unicast address
+	Ports                  nat.PortMap // Ports is a collection of PortBinding indexed by Port
+	SandboxKey             string      // SandboxKey identifies the sandbox
+	SecondaryIPAddresses   []network.Address
+	SecondaryIPv6Addresses []network.Address
 }

 // DefaultNetworkSettings holds network information
@@ -452,9 +594,14 @@ type EndpointResource struct {

 // NetworkCreate is the expected body of the "create network" http request message
 type NetworkCreate struct {
-	// Deprecated: CheckDuplicate is deprecated since API v1.44, but it defaults to true when sent by the client
-	// package to older daemons.
-	CheckDuplicate bool `json:",omitempty"`
+	// Check for networks with duplicate names.
+	// Network is primarily keyed based on a random ID and not on the name.
+	// Network name is strictly a user-friendly alias to the network
+	// which is uniquely identified using ID.
+	// And there is no guaranteed way to check for duplicates.
+	// Option CheckDuplicate is there to provide a best effort checking of any networks
+	// which has the same name but it is not guaranteed to catch all name collisions.
+	CheckDuplicate bool
 	Driver         string
 	Scope          string
 	EnableIPv6     bool
@@ -498,6 +645,33 @@ type NetworkInspectOptions struct {
 	Verbose bool
 }

+// Checkpoint represents the details of a checkpoint
+type Checkpoint struct {
+	Name string // Name is the name of the checkpoint
+}
+
+// Runtime describes an OCI runtime
+type Runtime struct {
+	// "Legacy" runtime configuration for runc-compatible runtimes.
+
+	Path string   `json:"path,omitempty"`
+	Args []string `json:"runtimeArgs,omitempty"`
+
+	// Shimv2 runtime configuration. Mutually exclusive with the legacy config above.
+
+	Type    string                 `json:"runtimeType,omitempty"`
+	Options map[string]interface{} `json:"options,omitempty"`
+
+	// This is exposed here only for internal use
+	ShimConfig *ShimConfig `json:"-"`
+}
+
+// ShimConfig is used by runtime to configure containerd shims
+type ShimConfig struct {
+	Binary string
+	Opts   interface{}
+}
+
 // DiskUsageObject represents an object type used for disk usage query filtering.
 type DiskUsageObject string

@@ -523,7 +697,7 @@ type DiskUsageOptions struct {
 // GET "/system/df"
 type DiskUsage struct {
 	LayersSize  int64
-	Images      []*image.Summary
+	Images      []*ImageSummary
 	Containers  []*Container
 	Volumes     []*volume.Volume
 	BuildCache  []*BuildCache
@@ -547,7 +721,7 @@ type VolumesPruneReport struct {
 // ImagesPruneReport contains the response for Engine API:
 // POST "/images/prune"
 type ImagesPruneReport struct {
-	ImagesDeleted  []image.DeleteResponse
+	ImagesDeleted  []ImageDeleteResponseItem
 	SpaceReclaimed uint64
 }

--- a/api/types/types_deprecated.go
+++ b/api/types/types_deprecated.go
@@ -1,138 +0,0 @@
-package types
-
-import (
-	"github.com/docker/docker/api/types/checkpoint"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/api/types/system"
-)
-
-// CheckpointCreateOptions holds parameters to create a checkpoint from a container.
-//
-// Deprecated: use [checkpoint.CreateOptions].
-type CheckpointCreateOptions = checkpoint.CreateOptions
-
-// CheckpointListOptions holds parameters to list checkpoints for a container
-//
-// Deprecated: use [checkpoint.ListOptions].
-type CheckpointListOptions = checkpoint.ListOptions
-
-// CheckpointDeleteOptions holds parameters to delete a checkpoint from a container
-//
-// Deprecated: use [checkpoint.DeleteOptions].
-type CheckpointDeleteOptions = checkpoint.DeleteOptions
-
-// Checkpoint represents the details of a checkpoint when listing endpoints.
-//
-// Deprecated: use [checkpoint.Summary].
-type Checkpoint = checkpoint.Summary
-
-// Info contains response of Engine API:
-// GET "/info"
-//
-// Deprecated: use [system.Info].
-type Info = system.Info
-
-// Commit holds the Git-commit (SHA1) that a binary was built from, as reported
-// in the version-string of external tools, such as containerd, or runC.
-//
-// Deprecated: use [system.Commit].
-type Commit = system.Commit
-
-// PluginsInfo is a temp struct holding Plugins name
-// registered with docker daemon. It is used by [system.Info] struct
-//
-// Deprecated: use [system.PluginsInfo].
-type PluginsInfo = system.PluginsInfo
-
-// NetworkAddressPool is a temp struct used by [system.Info] struct.
-//
-// Deprecated: use [system.NetworkAddressPool].
-type NetworkAddressPool = system.NetworkAddressPool
-
-// Runtime describes an OCI runtime.
-//
-// Deprecated: use [system.Runtime].
-type Runtime = system.Runtime
-
-// SecurityOpt contains the name and options of a security option.
-//
-// Deprecated: use [system.SecurityOpt].
-type SecurityOpt = system.SecurityOpt
-
-// KeyValue holds a key/value pair.
-//
-// Deprecated: use [system.KeyValue].
-type KeyValue = system.KeyValue
-
-// ImageDeleteResponseItem image delete response item.
-//
-// Deprecated: use [image.DeleteResponse].
-type ImageDeleteResponseItem = image.DeleteResponse
-
-// ImageSummary image summary.
-//
-// Deprecated: use [image.Summary].
-type ImageSummary = image.Summary
-
-// ImageMetadata contains engine-local data about the image.
-//
-// Deprecated: use [image.Metadata].
-type ImageMetadata = image.Metadata
-
-// ServiceCreateResponse contains the information returned to a client
-// on the creation of a new service.
-//
-// Deprecated: use [swarm.ServiceCreateResponse].
-type ServiceCreateResponse = swarm.ServiceCreateResponse
-
-// ServiceUpdateResponse service update response.
-//
-// Deprecated: use [swarm.ServiceUpdateResponse].
-type ServiceUpdateResponse = swarm.ServiceUpdateResponse
-
-// ContainerStartOptions holds parameters to start containers.
-//
-// Deprecated: use [container.StartOptions].
-type ContainerStartOptions = container.StartOptions
-
-// ResizeOptions holds parameters to resize a TTY.
-// It can be used to resize container TTYs and
-// exec process TTYs too.
-//
-// Deprecated: use [container.ResizeOptions].
-type ResizeOptions = container.ResizeOptions
-
-// ContainerAttachOptions holds parameters to attach to a container.
-//
-// Deprecated: use [container.AttachOptions].
-type ContainerAttachOptions = container.AttachOptions
-
-// ContainerCommitOptions holds parameters to commit changes into a container.
-//
-// Deprecated: use [container.CommitOptions].
-type ContainerCommitOptions = container.CommitOptions
-
-// ContainerListOptions holds parameters to list containers with.
-//
-// Deprecated: use [container.ListOptions].
-type ContainerListOptions = container.ListOptions
-
-// ContainerLogsOptions holds parameters to filter logs with.
-//
-// Deprecated: use [container.LogsOptions].
-type ContainerLogsOptions = container.LogsOptions
-
-// ContainerRemoveOptions holds parameters to remove containers.
-//
-// Deprecated: use [container.RemoveOptions].
-type ContainerRemoveOptions = container.RemoveOptions
-
-// DecodeSecurityOptions decodes a security options string slice to a type safe
-// [system.SecurityOpt].
-//
-// Deprecated: use [system.DecodeSecurityOptions].
-func DecodeSecurityOptions(opts []string) ([]system.SecurityOpt, error) {
-	return system.DecodeSecurityOptions(opts)
-}
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`package network // import "github.com/docker/docker/api/server/router/network"`