docker: update to v28.3.0

Bumping moby to version v28.3.0-2-ge0183475e0, which comprises the following commits: a2af8bdebd gha/bin-image: add major and minor version image tags b2a9318a1e docs: cut api docs for v1.51 8c713c1af4 gha: lower timeouts on "build" and "merge" steps 8e7ea470cf vendor: update buildkit to v0.23.1 222baf4ccb vendor: github.com/moby/buildkit v0.23.0 0e0ca09ddc daemon: containerStop: fix ordering of "stop" and "die" events e62b0e2234 vendor: github.com/opencontainers/cgroups v0.0.3 06ab9cd1ed daemon/config: Validate: add missing validation for registry mirrors 97aa4e8550 registry: ValidateMirror: improve validation for missing schemes e18a9c95b8 Update containerd to v2.1.3 09fef2b26e api/types/container: deprecate ExecOptions.Detach 44c8cd2e8f vendor: update buildkit to v0.13.0-rc2 78b6204f9e vendor: github.com/moby/swarmkit/v2 v2.0.0 cf98237186 vendor: github.com/moby/swarmkit/v2 v2.0.0-20250613170222-a45be3cac15c fd96b01b0e pkg/idtools: deprecate IdentityMapping, Identity.Chown 987b8a88a6 c8d/push: Extract shared push logic d9e7b86de4 c8d/push: Fix fallback single-manifest push not creating a tag 53d12c96f8 vendor: github.com/containerd/containerd/v2 v2.1.2 aac0260d21 Fix flaky test TestDaemonRestartRestoreBridgeNetwork cfcbfabb0f api/image/list: Return `Containers` count 6d737371b8 fix comparison rule from errorlint 941d09e265 Handle error message from token server with containerd backend e4e7fcf668 vendor: github.com/moby/buildkit v0.23.0-rc1 d3d20b9195 integration-cli: TestCopyFromContainerPathIsNotDir: adjust for win 2025 cf86f3a082 vendor: github.com/containerd/nydus-snapshotter v0.15.2 9a85f50aaa vendor: github.com/pelletier/go-toml/v2 v2.2.4 1764909076 vendor: github.com/fsnotify/fsnotify v1.9.0 102adcab57 vendor: github.com/containerd/console v1.0.5 5230692cad vendor: cloud.google.com/go/longrunning v0.5.5 5fb6604642 vendor: google.golang.org/api v0.160.0 d2954c4e05 vendor: otel v1.35.0, otel/contrib v0.60.0, grpc v1.72.2 05f892190c vendor: github.com/prometheus/client_golang v1.22.0 952cddd05b vendor: google.golang.org/protobuf v1.36.6 ccf5f8036c vendor: golang.org/x/sys v0.33.0 c81e03bc0b vendor: golang.org/x/sync v0.14.0 05e8b1701c daemon/containerd remove leftover schema1 compatibility code 2ff281e33a daemon/containerd: update link to containerd code d54f713d95 daemon/containerd: rename var that shadowed type 8e6cd44ce4 daemon: ensuring state of stopped container is visible to other queries when container is stopped and before API response is sent (fix for https://github.com/moby/moby/issues/50133). 7acb079403 Revert "libn/networkdb: don't exceed broadcast size limit" 0df31cf585 Revert "libn/networkdb: fix data race in GetTableByNetwork" 83b2fc245d Revert "Fix possible overlapping IPs when ingressNA == nil" e079583ab4 Revert "libnetwork/networkdb: use correct index in GetTableByNetwork" cfd5e5e4d4 Revert "libn/networkdb: b'cast watch events from local POV" 576cf73add Revert "libn/networkdb: record tombstones for all deletes" 2297ae3e64 Revert "libn/networkdb: Watch() without race conditions" cc60ec8d3c Revert "libn/networkdb: stop table events from racing network leaves" b5b349dbd6 Revert "libn/osl: drop unused AddNeighbor force parameter" 35916f0869 Revert "libn/osl: refactor func (*Namespace) AddNeighbor" 3eb59ba5a2 Revert "libnetwork/osl: remove superfluous locks in Namespace" 5d6ae34753 Revert "libnetwork/osl: stop tracking neighbor entries" ea818a7f6f Revert "libnetwork/internal/setmatrix: make keys generic" 78ccc20545 Revert "libn/d/overlay: use netip types more" 23c56099ee daemon/logger/loggerutils: use defer to fix gocritic "badlock" linter 0069360e3b volume/mounts: windowsDetectMountType: rewrite using switch 027355d7b3 container/stream: TestRaceUnbuffered: put unused testing.T to use 2bbf5f5a39 daemon/containerd: ImageService.resolveImage: cleanup resolve by name:tag 2e25775c83 libnetwork: Replace deprecated usages 3dd8f03f25 vendor: go.etcd.io/bbolt v1.4.0 55f47f9e34 Windows: don't try to load "mirrored" network plugin 20b6075380 fix badCall from go-critic 10c4715a62 openrc: allow customizing containerd service name c466ae0f71 fix badLock from go-critic 19f5ac3c81 fix initClause from go-critic aa632664b6 fix mapKey from go-critic 5ad4e4edf7 fix deprecatedComment from go-critic b8a4f6534f fix stringsCompare and stringConcatSimplify from go-critic a62de57aa1 fix sprintfQuotedString from go-critic bc9ec5fc02 fix emptyStringTest from go-critic 469afa5f8f fix httpNoBody from go-critic 8f7faa01d1 fix boolExprSimplify from go-critic e5be7b54b1 fix yodaStyleExpr from go-critic 64075850fc fix go-critic linter 793dd8385a Only "prune" Windows networks created by Docker 071d27cd3d Add contributor guidelines for where to put source code in packages 1603ad636e update to go1.24.4 9b5d8cd186 fix thelper linter ea581c96b9 Validate BIND_DIR variable in Makefile e32715ec03 Added support for AMD GPUs in "docker run --gpus". 6bac5ca833 Set EnableIPv4=true in overlay network inspect response 27f2e0ecc5 api: bump to 1.51 bd20bfdc41 all: remove redundant import-aliases for "go-winio" f85394dd5d api: image inspect: add back fields that did not omitempty 284904119a Dockerfile: update cli to v28.2.2 8ba832cc8f docs/api: swagger: quote maxUint64 example value affe1d6335 api/swagger: quote maxUint64 example value b6fa565cba libnetwork/resolvconf: Build: decorate error for invalid nameservers 35e062dde1 libnetwork/resolvconf: rewrite TestBuild tests to a table-test 16ed51d864 libnetwork/networkdb: always shut down memberlist c1a27ea5af pkg/stack: remove // import comments dd382769bd pkg/rootless: remove // import comments ce191648c7 pkg/useragent: remove // import comments ad1a388895 pkg/tailfile: remove // import comments b6f99f6d7f pkg/stringid: remove // import comments ca2cca1286 pkg/stdcopy: remove // import comments 225b7ca6b7 pkg/progress: remove // import comments 0f9818ad03 pkg/pools: remove // import comments f0f4fa0038 pkg/plugingetter: remove // import comments 5f4da92972 pkg/platform: remove // import comments 7a703f3772 pkg/pidfile: remove // import comments 511cf09e75 pkg/namesgenerator: remove // import comments 864e3f9348 pkg/longpath: remove // import comments cc329af619 pkg/jsonmessage: remove // import comments 0c70c762b2 pkg/streamformatter: remove // import comments fd8b6a24ab pkg/tarsum: remove // import comments 17845556f2 pkg/system: remove // import comments 18a1b61b49 pkg/sysinfo: remove // import comments 126246ae39 pkg/plugins: remove // import comments 0380c952a6 pkg/parsers: remove // import comments 4800a9b50d pkg/ioutils: remove // import comments ca3982adea pkg/homedir: remove // import comments c93f18e0b8 pkg/fileutils: remove // import comments 6a9f7c543c pkg/authorization: remove // import comments a4411f497f errdefs: remove // import comments 0ea03c4add opts: remove // import comments 7ce4e9685a oci: remove // import comments 23009a700a testutil: remove // import comments fe1bc3e7fd runconfig: remove // import comments 4656712b82 restartmanager: remove // import comments 134f20c828 reference: remove // import comments 97b20f6b79 registry: remove // import comments 2548254317 quota: remove // import comments 66055ea07c plugin: remove // import comments 3bbb38f1d2 volume: remove // import comments 021dd75bc4 libcontainerd: remove // import comments fe34e89992 layer: remove // import comments 9abf9f2d0d internal: remove // import comments 4970333621 integration: remove // import comments a4b0d32fa6 integration-cli: remove // import comments 7eecd04c7b image: remove // import comments c1a3c51d9e dockerversion: remove // import comments c7cb2d9783 distribution: remove // import comments 5318877858 daemon: remove // import comments 076e98e8f3 daemon/links, daemon/network: remove // import comments 2b42088bd5 daemon/listeners: remove // import comments 241e0bca8b daemon/events: remove // import comments 27956106d5 daemon/config: remove // import comments 69c34390c0 daemon/logger: remove // import comments 7d4caf4ba8 daemon/images: remove // import comments 9876c9fbcf daemon/graphdriver: remove // import comments 986ec3f877 daemon/cluster: remove // import comments 89aa33001e container: remove // import comments d469079338 cmd: remove // import comments c6bbc3bb6e builder: remove // import comments 4856e8ffad client: remove // import comments bf9d739561 api: remove // import comments fca97dae9d libnet/d/overlay/overlayutils: prevent uint32 overflow 3d8195a20f daemon/logger/fluentd: cap max-retries to MaxInt32 404f29c42d gha/bin-image: Don't push sha tags 7994426e61 Revert "containerd: images overridden by a build are kept dangling" a2652d4b81 Don't set up iptables chain DOCKER-USER when using nftables d3289dda4b Add nftables NAT rules for internal DNS resolver c299ba3b38 Update worker.Platforms() in builder-next worker. 6889039d76 Fix silent stop on error due to using output redirection together with `set -eu`. d6620915db portallocator: always check for ports allocated for 0.0.0.0/:: 027588eba0 builder: Pass cdi cache instead of CDISpecDirs bc6bc7aafa daemon/cdi: Log not found dirs as INFO 9856bf52a2 daemon: Configure default CDI cache ae2fc2ddd1 PortAllocator: Use netip.Addr instead of string as map key 19dc38f79b Listen on mapped host ports before mapping more ports dc519a0f18 iptables: Drop explicit RETURN rule from DOCKER-USER 148a19b6d6 seccomp: Require CAP_SYS_ADMIN for lsm_* syscalls 0ab8108b57 seccomp: Fix typo in lsm_set_self_attr 21a165de23 Use env-var DOCKER_FIREWALL_BACKEND=nftables to enable nftables 637e8142ce clean up golangci-lint config for deprectated errdefs.* 37caf3881a volume: replace uses of errdefs package 08768e4d9d testutil: replace uses of errdefs package 416dc8c1bf runconfig: replace uses of errdefs package 8803b58259 refernce: replace uses of errdefs package dcf253ffe2 plugin: replace uses of errdefs package 8561016335 libnetwork: replace uses of errdefs package f06c450a8e libcontainerd: replace uses of errdefs package 528f2284ee integration-cli: replace uses of errdefs package 14852fcd82 integration: replace uses of errdefs package a1a789dbd0 image: replace uses of errdefs package 6ee53a6831 errdefs: replace uses of errdefs package 083ccfa486 distribution: replace uses of errdefs package 55da8ea276 daemon: replace uses of errdefs package 364d8d8b31 container: replace uses of errdefs package 415fc7b41e builder: replace uses of errdefs package f0eaf228c1 api: replace uses of errdefs package f98b7005d2 remove fallback for non-OCI-compliant docker.pkg.github.com registry 048199f191 Dockerfile: update cli to v28.2.0-rc.2 d188df0039 libn/d/overlay: use netip types more 0317f773a6 libnetwork/internal/setmatrix: make keys generic e48ea1c6e0 Make integration tests ready for nftables f9f0db0789 Add nftables support to testutil SetFilterForwardPolicies 7ea0e60dde Skip test TestBridgeINCRouted in rootless mode 0d6e7cd983 libnetwork/osl: stop tracking neighbor entries 9866738736 libnetwork/osl: remove superfluous locks in Namespace b6d76eb572 libn/osl: refactor func (*Namespace) AddNeighbor 3bdf99d127 libn/osl: drop unused AddNeighbor force parameter f834a0bd82 vendor: github.com/miekg/dns v1.1.66 4da3b4bf2d run/pull: Warn/reject AI model images 339be4e2ae Dockerfile: install nano as alternative to vim 588a05a1ce docs/api: Cut docs for API v1.50 94daa36f03 libnetwork: don't reinvent mutexes cd2702e04e Dockerfile: update compose to v2.36.2 01fec904e4 Dockerfile: update buildx to v0.24.0 072483f9d7 c8d/delete: Require --force when deleting platforms 30da69d694 c8d/delete: Support deleting specific platforms acf6b6542e daemon/images: Make ImageDelete take opts struct 871675be9b c8d/delete: Extract untagReferences 153b16ad27 c8d: Extract memoryLabelStore d7cca3f997 docs/api: update deprecation version for erroneous fields 4dc961d0e9 image-inspect: remove Config fields that are not part of the image 0ec3278d48 profiles/seccomp: kernel v6.13 6aa8288cfb profiles/seccomp: kernel v6.12 e03ac1fad9 daemon: createCDICache: fix error-capitalization 7263ae74cd contrib: systemd: update deprecated StartLimit options 888cbfddf2 vendor: github.com/opencontainers/cgroups v0.0.2 42970fc461 registry: replace uses of errdefs package 979f18691a daemon: restore: fix fluentd-async-connect migration for downgrades c6b9bb00f9 api/server/router/build: BuilderVersion: allow buildkit on Windows 560299a16f validation: re-enable check for changes in integration-cli" e354e42e14 vendor: update buildkit to v0.22.0 a2ada6b258 daemon/create: Simplify GetImage args 2c57455339 vendor: github.com/containerd/containerd/api v1.9.0 a3ce441ae0 client: Use containerd errdefs to convert http errors 86187b2606 vendor: github.com/vishvananda/netlink v1.3.1 e8c269843c builder-next: remove support for deprecated schema1 images a9ec07a005 builder-next: add buildkit executor for wcow e655763837 client/volume: use containerd errdefs checks 6bde39b729 client/utils: use containerd errdefs checks 144363fea2 client/task_list_test: use containerd errdefs checks 6cd9eaf5ab client/task_inspect_test: use containerd errdefs checks 68a8a8f3c8 client/swarm: use containerd errdefs checks 0b4495463f client/service: use containerd errdefs checks ad4a3d32c6 client/secret: use containerd errdefs checks df96159df0 client/request: use containerd errdefs checks 7e8b26ecb9 client/plugin: use containerd errdefs checks 2356f435a6 client/node: use containerd errdefs checks 4a830df491 client/network: use containerd errdefs checks 8f2bf4aef5 client/info_test: use containerd errdefs checks a1035ec59b client/image: use containerd errdefs checks 370b7e65fc client/events_test: use containerd errdefs checks 27e64d3bdb client/distribution_inspect_test: use containerd errdefs checks f030c7bf10 client/disk_usage_test: use containerd errdefs checks c75ca8ef10 client/container: use containerd errdefs checks eafa2266f6 client/config: use containerd errdefs checks 685fa0bb91 client/checkpoint: use containerd errdefs checks bb41e5a32e Replace platforms.Format with platforms.FormatAll in functional code. 9319fefe35 vendor: github.com/moby/buildkit v0.22.0-rc2 cf11cd1aac Replace platforms.Format with platforms.FormatAll in user-visible messages and logs. 0b1c7a8306 api/types: move ServiceUpdateOptions to api/types/swarm 31d62930f7 api/types: move ServiceCreateOptions to api/types/swarm 5ad0867236 api/types: move TaskListOptions to api/types/swarm 7e8f630bec api/types: move SwarmUnlockKeyResponse to api/types/swarm f008d85edc api/types: move NodeListOptions, NodeRemoveOptions to types/swarm b13528522a api/types: move ServiceListOptions, ServiceInspectOptions to types/swarm 5e8fd897e1 client/volume: use gotest.tools-style asserts 9432eff6bc client/utils_test: use gotest.tools-style asserts adf7ecc366 client/task_list_test: use gotest.tools-style asserts b781699ee2 client/task_inspect_test: use gotest.tools-style asserts d8ee5caf9a client/swarm: use gotest.tools-style asserts a6cd40de6b client/service: use gotest.tools-style asserts 3658dae265 client/secret: use gotest.tools-style asserts 2e65796c86 client/request_test: use gotest.tools-style asserts 44f30261da client/plugin: use gotest.tools-style asserts 832efcd672 client/options_test: use gotest.tools-style asserts 88453254af client/node: use gotest.tools-style asserts 047343d070 client/network: use gotest.tools-style asserts 6402a106e7 client/image: use gotest.tools-style asserts 043c7fa539 client/hijack_test: use gotest.tools-style asserts a8ed3bd734 client/events_test: use gotest.tools-style asserts c88f921331 client/disk_usage_test: use gotest.tools-style asserts 051dae4fdc client/container: use gotest.tools-style asserts cae3ccd34b client/config_create: use gotest.tools-style asserts bfc684d3f7 client/client_test: use gotest.tools-style asserts 19f3259093 client/checkpoint: use gotest.tools-style asserts a411a39be0 api/types: move ConfigCreateResponse, ConfigListOptions to types/swarm 23117afca8 api/types: move SecretCreateResponse, SecretListOptions to types/swarm 3d1e4d9002 api/types: move build-related types to api/types/build bb7dbaafcd api/types: move BuildResult to api/types/build.Result 6505d3877c API: /info: remove BridgeNfIptables, BridgeNfIp6tables fields 114b8a4fa9 Remove unused image/v1 code 7130cd4f16 Remove DockerSchema1RegistrySuite schema 2 version 1 tests 7c09fa25fd distribution: remove v2 schema1 push a891e4e3e1 validation: temporarily allows changes in integration-cli 2a96d2eb8d align //go:build versions c1b2be0399 client/info_test: Use gotest.tools asserts 9095698a5c daemon: Discover devices and include in system info f95a7c47e8 api: bump API version to 1.50 b70b496505 testutil/daemon: Don't use devcontainers daemon.json 23bbfea718 daemon: Fix error log when CDI cache creation failed 6d7a370fe5 Refactor CPU usage stats test to use go:embed eefe68a37c api/types: move build cache types to api/types/build 7aa7369f1f client: deprecate IsErrNotFound a022e916c8 update authors and mailmap 4cecce03f6 daemon: Enable CDI by default 07466d2e9b daemon: Daemon.ContainerExecStart: rename err-return, and minor refactor d5c370dee6 libnetwork/networkdb: use correct index in GetTableByNetwork 270a4d41dc libn/networkdb: stop table events from racing network leaves 205ba05feb fix usestdlibvars 23fa0ae74a Cleanup http status error checks fadb571106 Update api status checks to use containerd/errdefs 5c16f2d091 Use standard library interface to unwrap errors a90a9d899b Ignore deprecations for internal errdefs package f1bb44aeee Use containerd errdefs for error checks ba2ddd75e4 Dockerfile: update crun to 1.21 f07242f6d7 containerd: include present content size in disk usage calculations 3ded7b97d0 vendor: github.com/containerd/accelerated-container-image v1.3.0 68e025a11b daemon: startIngressWorker: fix S1000: should use for range (staticcheck) 7bc6fd09da Dockerfile: update compose to v2.36.0 76b24759f0 container: Snapshot.Health: change type to container.HealthStatus 7a7d72e874 api/types/container: Summary.State change type to ContainerState 8e57a019dc fix: load the CDI driver before the dockerd daemon starts b3ed54db81 integration/networking: mark TestPortMappedHairpinWindows as flaky 7b5d2b4ec3 chore: bump golangci-lint to v2 3d1cfb4de0 vendor: update buildkit to v0.22.0-rc1 c9b01e0c4c libn/networkdb: SetPrimaryKey() under a write lock 61646c8bfc containerd: remove unleaseSnapshotsFromDeletedConfigs 350bb5197a nftables: attempt a table-reload after an Apply error 06afbe9618 Check nftables is enabled before applying updates 976f855f68 Add OTEL span for nftables updates eeba428939 Make WSL2Mirrored a Firewaller param 1028b123e8 integration, libnetwork: fix some godoc comments (ST1020) a3aea15257 libn/networkdb: Watch() without race conditions ada8bc3695 libn/networkdb: record tombstones for all deletes c68671d908 libn/networkdb: b'cast watch events from local POV ba0ad9e80f Unit test the bridge driver in terms of its firewaller a7ef4a208d Fix multiarch image push tag for containerd snapshotter 854f3f62db container: don't persist State.RemovalInProgress on disk 44b653ef99 container: deprecate IsValidStateString e477df3b31 daemon/cluster/executor: use container.ContainerState consts 3bbdda696d use container.ContainerState consts in tests b811829595 api/types/container: add ContainerState and const for container state 8b6d6b9ad5 d/cluster/convert: expose Addr() on plugins 37259540e9 Remove/replace integration-cli tests that use iptables directly daeb080ff1 Test Iptabler params ea2e147c4c TestPruneDontDeleteUsedDangling: rename var that shadowed import 02e800dcbb plugin: use t.TempDir 57b27f2e9e image: use t.TempDir and rename vars that shadowed 08c5ebe040 layer: use t.TempDir and minor cleanups f84694ebdc container: use defer for locks 24f305b666 Makefile: set BIND_DIR to "." by default 4b6a9d23af cmd/dockerd/trap: use t.TempDir ea37a1f040 integration/build: use t.TempDir 900bd88848 internal/directory: use t.TempDir 46baf7deb0 distribution: use t.TempDir 1b4ba20708 distribution/metadata: use t.TempDir, rename var that shadowed 735ccfbc6f pkg/stack: use t.TempDir 72a11b84d4 testutil/fakestorage: use t.TempDir b38f73afe3 daemon: cleanupContainer: leave decorating container-id/name to caller d44b2e4bd7 daemon: cleanupContainer: use state-fields instead of string form 4a00ce10fa daemon: rmLink, cleanupContainer: rename args that shadowed import 1cf7d7ea4b hack/make/.binary: update link to go source for "pie" support e991c7185d update to go1.24.3 89ee292709 container: update GoDoc for State 7dae7c54dd fluentd: add write timeout log option 56ad941564 Fix possible overlapping IPs when ingressNA == nil dc1d23c646 Revert "rootless: skip tests that need br-netfilter loaded" 4b9092aa27 Load br-netfilter for rootless test-integration 7957a28859 container: remove GoDoc for deprecated aliases. fe403362b4 container: State.Wait(): don't use deprecated type 0bd82bfac2 chore: add systemd-sysusers configuration df662ebc59 container: deprecate IsValidHealthString f9c4601760 volume/mounts: MountPoint.Setup: rename output-var, and simplify err-handling 6ac3afe483 volume: remove/rename err-returns 986988a394 testutil/daemon: Daemon.StopWithError: rename output-var to prevent shadowing 3606712e2d testutil: remove named returns fe2d323c82 registry: remove/rename err-returns, and minor refactor 79b1b561a3 registry/resumable: remove named err-return, fix minor linting issue e67b6bfc69 plugin: remove/rename err-returns 943dfa985d oci: remove named err-return 0b169d34e4 libnetwork: remove named (err)-returns 154230cdd7 libnetwork/portallocator: getDynamicPortRange: fix err-handling on freeBSD 962fd8bc41 libnetwork/ipams/remote: inline decodeToMap cfdfbfab9b libnetwork/drivers/remote: inline decodeToMap 152db74d96 libcontainerd: remove/rename err-returns f87dcbe350 layer: remove/rename err-returns and remove naked returns 6981aad790 internal/testutils: remove named returns d1c58bdbbe integration-cli: remove/rename err-returns and remove naked returns 1b317b0323 distribution: remove named err-returns and minor refactor 1244685329 Optimization methods in internal\metrics\metrics.go 84ef7e4899 Allow TestIsolated/ipv6 to unexpectedly pass 4c4810e5d2 rootless: skip tests that need br-netfilter loaded dacf445614 libn/networkdb: don't exceed broadcast size limit 697c17ca95 libn/networkdb: take most tests off flaky list 90ec2c209b libn/networkdb: listen only on loopback in tests e3f9edd348 libn/networkdb: advertise the configured bind port ec65f2d21b libn/networkdb: fix data race in GetTableByNetwork d0af7c3c08 Move Cory from Reviewers to Committers b0777be89e Use firewaller.IPVersion instead of iptables.IPVersion for gwmode 3cbb1ae736 Move filter-FORWARD DROP setting to the firewaller 44843d9917 Pass context to more places a9bf151260 Put Iptabler behind a Firewaller interface. 92e497b9dc Create api interface to define build usage backend aef409dfb2 Remove unused reference store in image api 9eec936eb0 project: update status of branches for Moby 28.x 9315b15dc6 fix(ST1006): Poorly chosen receiver name 70139978d3 fix(ST1016): Use consistent method receiver names 9e9b6cc42e fix(ST1019): Importing the same package multiple times 27bf320a72 fix(ST1017): Don’t use Yoda conditions 98fa4bcfeb fix(exhaustive): missing cases in switch of type snapshots.Kind 95af77d038 fix(ST1015): A switch’s default case should be the first or last case f770f6c5ec fix(QF1012): Use fmt.Fprintf(x, ...) instead of x.Write(fmt.Sprintf(...)) a88c49f38e fix(QF1011): Omit redundant type from variable declaration 4f9214c156 fix(QF1007): Merge conditional assignment into variable declaration be54c79d9c fix(QF1006): Lift if+break into loop condition 2cce9a51ca fix(QF1004): Use strings.ReplaceAll instead of strings.Replace with n == -1 e2e7f9964f fix(QF1003): Convert if/else-if chain to tagged switch b0711d5fe9 fix(QF1001): Apply De Morgan’s law 7d8df25d16 fix misused error fef139ccc1 fix import 44a3453d73 Add daemon option --allow-direct-routing c16caabe36 Add TestNetworkConfigurationMarshalling a94643a1b3 bridge: add option com.docker.network.bridge.trusted_host_interfaces 33f5b9e963 Don't add stub Endpoint/Network object to cache on Sandbox restore c129c0fa9f Improve logging and readability of Controller.sandboxRestore 5d8192fcce Report endpoint id as well as name in ActiveEndpointsError 9aa66be7ec vendor: github.com/moby/buildkit v0.21.1 a79d081aa5 config: set buildkit gc enabled to default to true 19ccb75c62 daemon: remove/rename err-returns and remove naked returns 9ed975a247 daemon: NewDaemon: rename err-return 3e586094fc daemon: parseXXVersion: rewrite to be slightly more iodiomatic 2145cf6309 daemon: Daemon.ContainerStatPath, ContainerArchivePath: minor refactor 6da1ff6bf9 builder/builder-next: fix vars that shadowed (govet) 692610414a pkg/plugins: fix vars that shadowed (govet) 0fcd23ec13 daemon/logger/loggertest: fix vars that shadowed (govet) 4c57ffaca7 api/server/router/build: fix vars that shadowed (govet) eef5c75276 api/server/router/network: fix vars that shadowed (govet) 7edd83a1b3 libnetwork: fix vars that shadowed, and slight refactor (govet) 7dbe2f1fb6 libnetwork/portallocator: fix vars that shadowed (govet) 357b136ee9 libnetwork/drivers: fix vars that shadowed (govet) f831618e5b libnetwork/networkdb: fix vars that shadowed (govet) f633e8f03f libnetwork/cmd/diagnostic: fix vars that shadowed (govet) 190ad0610d daemon/logger: remove/rename err-returns and linting warnings ba15bbc422 daemon/images: rename err-returns to prevent shadowing 48220008d8 daemon/graphdriver: remove/rename err-returns and remove naked returns 088c180a9e daemon/containerd: remove named err-returns dc79403f7b daemon/cluster: remove/rename err-returns and remove naked returns 9b62592bfe Dockerfile.windows: update github.com/tc-hib/go-winres to v0.3.3 d6b2aec809 pkg/progress: remove named err-return 029f267d9b pkg/pidfile: remove named err-returns fdbf246889 pkg/parsers: remove named err-returns b0f93d5283 pkg/fileutils: remove named err-returns ab8e3da82c pkg/stdcopy: remove/rename err-returns d17a62592f pkg/ioutils: remove named err-returns f193ff1317 pkg/broadcaster: remove named err-returns 91f6e00ffa hack: Update broken links from README 7868d3ee3e vendor: github.com/opencontainers/runtime-spec v1.2.1 100102108b Use container status values from api 878de14c8d man: vendor github.com/cpuguy83/go-md2man/v2 v2.0.7 11f65b566d vendor: github.com/spf13/cobra v1.9.1 ea7152e493 volume/local: use t.TempDir 4b41198e3c volume/mounts: use t.TempDir 2b869baea3 volume/service: use t.TempDir 88f6dd72e5 volume/service: rename interface that collided with vars 3b4e21081f container: remove unused named-returns 35167dc616 client: Client: PluginInstall, PluginUpgrade: remove/rename err-returns bb57656932 builder/remotecontext: remove unused named and "naked" returns 5416f2d57c builder/dockerfile: remove unused named and "naked" returns f38b1fa30d builder/builder-next: SanitizeRepoAndTags: remove named err return c025dd74f0 builder/builder-next: wrapRC.Read: remove intermediate err-var 49d5b2cc8e builder/builder-next: puller.resolve: rename err-return 3f2296cfc1 api/server/router: remove named (err) returns 1e4bb14bcd api/types/container: define HealthStatus "pseudo" type c690e0076a use consts for health-status in tests 91473ce253 api/server/backend/build: sanitizeRepoAndTags: remove named err return c5031c8632 api/types/time: remove named err return 50a856157c containerd: images overridden by a build are kept dangling eee14cff72 builder/remotecontext: use t.TempDir 5749bc242a builder/dockerfile: use t.TempDir, rename vars that shadowed b54a038bec docker exec: fail early on exec create if specified user doesn't exist 37725b5eae Drop "-o com.docker.network.enable_ipv[46]" if overridden 8d0c272e4a Add TestLegacyLink dfd59c0a95 Dockerfile: Fetch vpnkit from moby org af0232d52b integration/build: Unskip TestBuildEmitsImageCreateEvent for c8d a0ff0a361e iptables: Direct routing DROP rules per-container, not per-port dea236e0ce Split iptabler into multiple files 282b3f7b97 Move bridge driver iptables code into its own package 8c36a22e79 Rename function insertMirroredWSL2Rule aa4abaf820 Use firewaller (iptabler) structs in iptables unit tests 75c60598b7 Move clearConntrackEntries to bridge_linux.go 42d149e45d fix duplicate import, and force consistent alias for bolt eede75c9d4 testing: remove some defer cleanup in favor of test.Cleanup() e3a0f2e690 vendor: github.com/vbatts/tar-split v0.12.1 bcc720abde builder/remotecontext: MakeGitContext: use "WithFields" for logs 54a556a5ef builder/remotecontext: Deprecate Rel() 2808e59f4c Dockerfile: update compose to v2.35.1 a75be33ba0 Dockerfile: update buildx to v0.23.0 dd36139b1a Dockerfile: update cli to v28.1.1 f1e3ed0c48 Dockerfile: don't pin syntax to 1.7 fc8361c078 vendor: github.com/containerd/containerd v2.0.5 62f51e4367 vendor: golang.org/x/oauth2 v0.29.0 bbbb0036df cleanup ignore files ead379a464 contrib/rootless-setuptool: Fix iptables detection 7c52c4d92e update go:build tags to go1.23 to align with vendor.mod 619f1ddd05 Warn when no external DNS nameservers are found 6083fad7df Reset default bridge addresses after integration tests c2b7abacf8 Use setupTest instead of testutil.StartSpan in tests d4e0d6f2a1 Integration tests: use different docker0 addresses fd550344b1 vendor: github.com/moby/go-archive v0.1.0 fd5e772aec CI: deduplicate execution of unit tests b8067d159f docs/api: update image tarball format a38ca9a548 daemon/initlayer: Setup: remove uses of idtools.Identity 380ded6309 Store an endpoint count for networks, for downgrade ae0331d8f5 vendor: update buildkit to v0.21.0 57bf7a8c70 bridge: Add a missing error check for firewaller setup c49ce64514 integration/TestStopContainerWithTimeout: Attempt to fix flakiness 7eda35fd05 profiles/apparmor: IsLoaded: optimize 0462b5e318 profiles/apparmor: add BenchmarkIsLoaded b23d267cb5 profiles/apparmor: add basic unit-test for IsLoaded 0dd5959eeb profiles/apparmor: InstallDefault: slight cleanup and optimization 0bb761698c profiles/apparmor: loadprofile: fix double command in error message 8e1c366773 profiles/apparmor: remove "// import" comments 1fa6a46c5d profiles/seccomp: remove "// import" comments 89604f1df1 profiles/seccomp: use stdlib for asserting 14623770e1 vendor: github.com/moby/buildkit v0.21.0-rc2 eacbbdeec6 Revert "API: /info: remove BridgeNfIptables, BridgeNfIp6tables fields" ece7e02b86 Update AUTHORS adb9e9135a docs/api: add documentation for API v1.49 099d3ee008 daemon: containerStart: add filtered labels to OTel span 0c5e816638 daemon: trace containerCreate f96dc9d1a5 Dockerfile: update registry to v3.0.0 4d35864c3d Fix removal of legacy links 5d2006256f API: /info: remove BridgeNfIptables, BridgeNfIp6tables fields 499e15d4ab api/server/middleware: fix debug-logs missing form-data 97688e8d06 container: Container.SetupWorkingDirectory: remove use of pkg/idtools 5f9d99b4cc integration-cli/swarm: Update to use gotest.tools ea6c76ee03 integration-cli/TestSwarmInit: Skip failing part on CLI after 18.06 fab94808f5 integration-cli: Update default CLI version to v18.06.3-ce 6c73266a71 Add registry error handling for push and pull ae3a1ac602 vendor: github.com/moby/buildkit v0.21.0-rc1 cd89a35ea0 Run CLI tests with cgroups v2 7435e4a1be registry: remove deprecated ServiceConfig.AllowNondistributableArtifacts ba03cd7a63 daemon/config: add test for deprecated daemon.json fields d72e434d30 vendor: golang.org/x/mod v0.24.0 224b393eb3 vendor: golang.org/x/net v0.39.0 b1ac2a53ed vendor: golang.org/x/crypto v0.37.0 a8af27bbae vendor: golang.org/x/text v0.24.0 7d49b014b6 vendor: golang.org/x/sync v0.13.0 9d04c28def vendor: golang.org/x/time v0.11.0 cdb3590e1a vendor: golang.org/x/sys v0.32.0 970fc1b6f7 Basic compose file for testing OTEL bits d8a5e8928b replace uses of idtools.MkdirAllAndChown, MkdirAllAndChownNew d96d20d45f update golangci-lint exceptions 29e0db25e7 Factor out top-level iptables setup into its own object 241d685574 libnet: add ep name in 'has active endpoints' error 489cd7edfc api, daemon, libnet: add a 'trigger' baggage member 31ac5cb6d9 libnet: New: plumb context 667c7d70b3 libnet/d/bridge: trace network setup steps eaae4b5fb6 libnet/d/bridge: put span prefix in var 78be7ebad7 libnet/d/bridge: trace createNetwork f8806f2b80 libnet/osl: independent OTel trace for advertiseAddrs d0154d3e59 Update to use github.com/moby/go-archive 45f9d679f8 Update remaining Ubuntu 20.04 uses to 22.04 and 24.04 57a042b77c deprecate pkg/(chroot)archive for github.com/moby/go-archive 564abf9157 api: info: omit deprecated "Commit.Expected" fields on API >= 1.49 f410dbda88 dockerfile: dind target to build docker image for testing c3fa7c1779 Test that firewalld reload doesn't re-create deleted iptables rules dbea045e0d Report firewalld reload time in Info.FirewallBackend a527e5a546 Restore iptables for current networks on firewalld reload 7d9c50db2b api: /info: omit non-distributable-artifacts fields for API >= 1.49 a0a86d0982 Add Info.FirewallBackend 25a80bd48e vendor: github.com/moby/sys/atomicwriter v0.1.0 4eebd2c920 libnet: TestNetworkStore: replace assert.Equal with Check e22d04e8a9 Improve CPU usage parsing and error reporting 40650c6982 libnet: de-flake TestNetworkStore 1c79c893b1 libnet: de-flake TestEndpointStore 8a5f141b0e registry: Service.lookupV2Endpoints: wire-up context 9d8c8382d3 registry: authorizeClient: wire-up context 8b920b2812 registry: loginV2: wire-up context 4642704ed7 registry: newTransport: remove intermediate var 7acef8101e c8d/pull: Show progress for non-layer blobs b3791dea92 pkg/archive: fix linting issues a427477220 pkg/idtools: MkdirAllAndChownNew: improve deprecation message a91bcc677b vendor: github.com/klauspost/compress v1.18.0 2c54f6f316 vendor: github.com/google/go-cmp v0.7.0 6422ff2804 deprecate pkg/atomicwriter, migrate to github.com/moby/sys/atomicwriter f1ec5bf14f pkg/idtools: remove tests already covered in moby/sys/user 3fc36bcac4 Update daemon to use moby sys/user identity mapping b5c99c0e95 Update moby/sys/user to version which includes mapping 0a83a476d8 registry: v1Endpoint.ping: pass through context 2a272a0c5d registry: newV1Endpoint: pass through context f158d2e809 registry: ReadCertsDirectory: internalize, and pass context 51d7f95c4b libnet: remove struct endpointCnt d377cd3810 libnet: Controller: cache networks in-memory cc8bd2016e libnet: Controller: cache endpoints in-memory c6cdfbf495 pkg/atomicwriter: return early if parent directory is invalid 00c988caa4 pkg/atomicwriter: add test for parent dir not being a directory ad386f64e5 pkg/atomicwriter: error on unknown file-modes ec82bc35c3 pkg/atomicwriter: disallow symlinked files for now f3aebbf9d8 pkg/atomicwriter: add basic godoc for package f80feba181 Rootlesskit: check for module nf_tables 7d742ebf75 Add utils for manipulating nftables rules 59169d0f97 image/inspect: Add platform selection d4e70f6325 vendor: tags.cncf.io/container-device-interface v1.0.1 74b71c41ac update to go1.23.8 (fix CVE-2025-22871) fc58c829e8 registry: ParseRepositoryInfo: remove some intermediate vars 44b7a42fc6 registry: ReadCertsDirectory: return early on error 4f65e35f02 registry: NewService: return nil on error a7daab5df4 registry: authTransport: un-export AuthConfig, RoundTripper 795461eceb docs: api v1.48: Move ImageGet api docs under Image tag e1e58409a1 docs: API v1.48 Add missing platform parameter to ImageGetAll api docs db275ddbc1 libnet: fix duplicated port mappings in overlay networks a9e22ee5e7 Don't run unit tests with mode rootless 749e35cf5e Move ImageGet api docs under Image tag 094df015b1 Add missing platform parameter to ImageGetAll api docs 7243860557 Include per-port rules in iptablesNetwork 4390ab275a api: bump API version to 1.49 0b5e1f904a Use netip.Addr instead of net.IP for legacy links 725e699741 Simplify iptables setup for legacy links 31f9ae0d19 registry: TestValidateMirror: improve coverage cb0a9d713c registry: ValidateMirror: touch-up GoDoc 6b258ce567 registry: session.searchRepositories: pass through context 83aaa3428f distribution: pusher.push(): don't use APIEndpoint.Mirror field 6439824449 distribution: pushDescriptor: remove unused endpoint field 09ee47de39 distribution: cleanup some tests and add missing error-checks adfed82ab8 Install and run firewalld for CI's firewalld tests 409707b633 bridge: factor out creation of network-level iptables rules ec7fe73690 distribution: pushDescriptor: rename repoInfo to repoName b1c526b4a9 daemon/containerd: remove registryResolver interface 0d95e1680a registry: ResolveAuthConfig: inline newIndexInfo code 6c643bc366 lookup auth-config without depending on RepositoryInfo a18dae049f daemon/containerd: registryResolver: remove IsInsecureRegistry abcc70b9ef distribution: GetRepositories skip using Service.ResolveRepository 071d8b21e9 distribution: Push: skip using Service.ResolveRepository 8b6a045aa4 distribution; newPusher: don't require RepositoryInfo 8653af5854 distribution: pullEndpoints: skip using Service.ResolveRepository 20a2807caa distribution: pullEndpoints: don't return RepositoryInfo f1ecce6877 distribution: pullEndpoints: don't require RepositoryInfo d6afe88b3c distribution: newPuller: don't require RepositoryInfo 03918c5b07 distribution: layerDescriptor: don't require RepositoryInfo c91318e6c0 distribution: newRepository: don't require RepositoryInfo 2e8bf8b0ab distribution: remove vars that shadowed imports or types d8fa2f8071 registry: deprecate APIEndpoint.Official field 0ab6f07c31 Fix TestPassthrough 2d643b6835 Firewalld: skip unit tests that run in their own netns 4fbfb618c3 Skip flaky part of TestAccessPublishedPortFromHost b8323abe0a TestIsolated for IPv6 is broken under firewalld 86eff82789 Firewalld: Skip tests that run dockerd in an L3Segment dc963a00c1 Firewalld should use its nftables backend b8cacdf324 Add test util "FirewalldRunning" 8f506a51e5 containerd: ensure overwritten images from load are left dangling 7b2e47846c Run systemd/rootless when systemd/rootless unit testing 8d9e3502ab hack: Fix TestOverlay* test failure in pkg/archive f5d84a45cc Start containers, even when connected to a disabled bridge port 072ea62fcc vendor: github.com/opencontainers/image-spec v1.1.1 a60603bfa3 hack/validate: Add gocompat 2be7f48561 implement module compatibility check cc90726fb8 Add missing go1.22 build constraints 19a0f886da testutil: Update to `any` from `interface{}` f14c23a90f libnetwork: Update to `any` from `interface{}` 82ec984d10 daemon: Update to `any` from `interface{}` 003bf197d7 container: Update to `any` from `interface{}` 444a1597ff c8d/builder: Fix missing `image tag` event with BuildKit 2fce935df2 vendor: github.com/moby/buildkit v0.20.2 7c09e4e607 TestBuildEmitsEvents: Skip Windows only for buildkit 99356b6e17 integration-cli/TestBuildEmitsEvents: Verify event count 3e957c6240 remove some redundant import-aliases 4db84b197d switch to github.com/opencontainers/cgroups 697956a8c7 vendor: github.com/opencontainers/selinux v1.12.0 34bc972519 vendor: github.com/golang-jwt/jwt/v5 v5.2.2 d01ee23c15 Dockerfile: update registry to v3.0.0-rc.4 081987b647 Dockerfile: disable saving Golang telemetry in dev-container af14f3e7d3 Dockerfile: upgrade Delve to v1.24.1 d0b4bdbd25 api/router: postContainersAttach, wsContainersAttach: minor cleanups 73aa7e933c daemon: daemon.containerAttach: use structured logs d494520aa0 daemon: daemon.ContainerAttach: use Println instead of Printf 183ca46099 daemon: daemon.ContainerLogs: move vars closer to where used c164eec7e9 daemon: daemon.ContainerAttach: move vars closer to where used f7853799fc daemon: daemon.containerAttach: remove redundant defers 80bf93c9d7 daemon: daemon.containerAttach: rename vars for clarity and prevent shadow daeb6fb0b7 vendor: github.com/cilium/ebpf v0.17.3 eeee17eaad Dockerfile: update runc binary to v1.2.6 c1c5f16b8b vendor: github.com/opencontainers/runc v1.2.6 be6e92a57b pkg/atomicwriter: use sequential file access on Windows 452ff75159 Dockerfile.simple: avoid `Could not find installer for "proxy"` fa21996da5 containerd: prioritize non-dangling images with image list 126d4cf672 client: remove version-gate for JSON response errors 230f178f8b api: return plain-text errors for deprecated API versions c7fbe1c2ba integration-cli: fix duplicate close of body 1c00755826 integration-cli: fix some unhandled errors 8be5696c37 daemon/logger/journald: rename func that shadowed builtin f2a183a991 daemon: return port-mappings from all endpoints 6b3b479192 daemon: getEndpointPortMapInfo: err is never used 35766af7d2 Dockerfile: update containerd binary to v1.7.27 c9a763ecc9 daemon: remove redundant call to getEndpointPortMapInfo fb3cce1988 vendor: github.com/containerd/containerd/v2 v2.0.4 4276f330fc cmd/docker-proxy: do not eagerly GC one-sided UDP conns 0356854327 cmd/docker-proxy: make the conntrack timeout a property of UDPProxy d70fd32a18 cmd/docker-proxy: UDP: thread-safe Write and Close 485cb90b77 Remove duplicate iptables-enabled checks fce915897c Combine firewalld reload callbacks for IPv4/IPv6 ac34bd9bda integration/container: Remove Parallel from TestWait* dd7f9f08d8 integration/container: Increase stop timeout for TestWaitRestartedContainer a8f14e06d6 Improve performance of daemon.Containers(). c0ca783edb Allow macvlan endpoint to start with parent down 26fea35942 daemon: Fix panic on Windows when restoring pre v28 container 90a83063ee runconfig/errors: split `ErrConflictHostNetwork` a3fef5debc Mask Linux thermal interrupt info in /proc and /sys. cf3e42abaf Add an opt-out for iptables 'raw' rules 0f11ee1ae2 registry: ReadCertsDirectory: don't process same file multiple times dd7ab0e82b registry: deprecate HostCertsDir 3cc9881ab7 registry: always set a non-empty CertDir b633c4cc33 registry: deprecate SetCertsDir d0dd035278 builder-next: fix min-free-space prune with graphdriver backend 1daeaec333 pkg/atomicwriter: validate destination path 4d8cff7bd4 Don't skip DNAT for a routed network without userland-proxy 084b7cec1a pkg/atomicwriter: add additional test-cases ff061e28c1 pkg/atomicwriter: don't overwrite destination on close without write 88a5bca43c pkg/atomicwriter: add separate tests for New() 09e804f570 pkg/atomicwriter: refactor tests 2124706447 integration: Increase timeouts in TestStopContainerWithTimeout 946bf70f89 integration: Deduplicate TestStopContainerWithTimeout fee063f01e daemon/c8d: Refactor singlePlatformSize into separate functions f7d7fd9c52 contrib/check-config: add IPv6 modules 2a109e6c32 contrib/check-config: add ip_nf_raw 0e54920e01 Dockerfile: update RootlessKit to v2.3.4 7ae9e41ff6 vendor: github.com/rootless-containers/rootlesskit/v2 v2.3.4 55ff0062ca vendor: github.com/containernetworking/plugins v1.6.2 125aa3a682 vendor: golang.org/x/sys v0.31.0 5d6b56699d client: add API-version dependent validation for mount options aa33bdaa71 registry: move emptyServiceConfig to test-file 0823d76ec5 client: keep image refs in canonical format where possible 907773160b registry: rewrite ParseSearchIndexInfo to not depend on IndexInfo b22431ee9c pkg/atomicwriter: New(): use absolute path for temp-file 58bd93a625 pkg/atomicwriter: New(): prevent creating temp-file on errors 49c89b0177 docs/api: improve doc for Secret and Config data fields (API v1.31-v1.48) df0cefcc95 api/swagger: improve doc for Secret and Config data fields f2d53142b0 api/types/swarm: document Secret and Config data fields c2c3d593cf registry: rewrite ParseRepositoryInfo to not depend on IndexInfo 42f1e38e20 integration/image: TestRemoveImageGarbageCollector: don't set zero-values 42ca9154e9 layer: remove StoreOptions.ExperimentalEnabled df519e9e1a daemon: Fix giving up too early while connecting to containerd socket ace8c9c94f vendor: golang.org/x/net v0.36.0 bc0ca67b1c vendor: golang.org/x/net v0.35.0 9278110260 Dockerfile: update containerd binary to v1.7.26 0a58c73e0d integration/net: Retry TestAccessPublishedPortFromAnotherNetwork d34e1ff826 layer: remove StoreOptions.MetadataStorePathTemplate 556633ca47 cmd/dockerd: daemonCLI.start: scope local errors 8b59e1a398 cmd/dockerd: daemonCLI.start: return error instead of log.Fatal 8a8cdaaa11 cmd/dockerd: daemonCLI.start: don't log warnings before failing 6e30a4cc0c cmd/dockerd: explicitly access Config fields dfecaaf908 cmd/dockerd: rewrite getContainerdDaemonOpts to a func b95fdcd084 cmd/dockerd: createAndStartCluster: change to accept Config 29aa7e15bd cmd/dockerd: rewrite getSwarmRunRoot to a regular func 29c296e1dd cmd/dockerd: rename vars that shadowed imports f87ae7c914 gha: test-prepare: update to Ubuntu 24.04 c41ed7c98c gha: build, cross: update to Ubuntu 24.04 d29038d1cb gha: integration-cli-prepare: update to Ubuntu 24.04 a23058e0d7 gha: integration-cli-report: update to Ubuntu 24.04 de69b552ff gha: integration-report: update to Ubuntu 24.04 b61f409972 gha: test: update Ubuntu 22.04 -> 24.04 60276fafca gha: integration-prepare: update to ubuntu 24.04 651fb91c4d gha: arm64: update Ubuntu 22.04 -> 24.04 f6a9ed5f0a gha: arm64: test-integration-report: update to Ubuntu 24.04 13e1ef6277 gha: arm64: test-unit-report: update to ubuntu 24.04 27404044a6 gha: validate, build-dev: update to Ubuntu 24.04 3571982458 gha: smoke: update to Ubuntu 24.04 ee73f2e5da gha: docker-py: update to ubuntu 24.04 b9ca3d198e gha: unit: update to ubuntu 24.04 1a0afb0f9e gha: bin-image: update to ubuntu 24.04 4919bf9f41 gha: buildkit: update to ubuntu 24.04 7b1fd61864 gha: validate-pr: update to ubuntu 24.04 eeffc099ef gha: dco: update to ubuntu 24.04 06b87d80ee gha: docker-py: set TEST_SKIP_INTEGRATION_CLI=1 c9f53d506a Merge ps_test.go into list_test.go. 95bf53fb6c container/stream: Don't log error when streams are properly closed 6e55f83747 Remove unused toml validation bf8a27a55a Remove inactive maintainers with no activity in last two years 9e814fc0d7 Remove inactive former curators b868fad5e3 Update governance to replace TSC and add maintainer roles 690f758505 vendor: golang.org/x/oauth2 v0.27.0 55599fd9b3 vendor: golang.org/x/oauth2 v0.26.0 a47d9c5f58 vendor: golang.org/x/crypto v0.35.0 3a28163007 vendor: golang.org/x/crypto v0.34.0 ffc91fd76a vendor: golang.org/x/crypto v0.33.0 7cba8aef1c vendor: golang.org/x/text v0.22.0 995d71a033 vendor: golang.org/x/sync v0.11.0 e325564f38 vendor: golang.org/x/sys v0.30.0 65b460b9ef vendor: update buildkit to v0.20.1 6e8eb8a90f vendor.mod: update minimum go version to go1.23 26edf2d0a7 Flush iptables chains DOCKER-CT, DOCKER-BRIDGE on startup 5f912e4cf5 update to go1.23.7 a8178613af golangci-lint: enable nakedret linter c359cc6829 api/types/registry: fix naked returns b1c008c007 api/server/router/build: fix naked returns 4aecdd5744 image/tarexport: fix naked returns and slight refactor 99b6012a02 daemon/logger/awslogs: remove unused named return 4fa9ec3192 daemon/logger: fix naked returns and slight refactor eeb5651de5 daemon/graohdriver/fuse-overlayfs/: fix naked returns and slight refactor 02b4610246 daemon/graohdriver: fix naked returns 964413c3a1 daemon/cluster: fix naked returns 387ec71630 daemon: fix naked returns 85c8fb7fda daemon: getSystemCPUUsage(): fix naked returns, output vars 5c85847a55 registry: fix naked returns, output vars 17448ef1c8 plugin: fix naked returns, output vars faa9cb125b pkg/tarsum: fix naked returns b5b514ab04 pkg/stdcopy: fix naked returns d3d84bde4b pkg/pools: fix naked returns 52b8298975 pkg/chrootarchive: remove unused named return b38f0dd804 pkg/archive: fix naked returns, output variables in tests d59a9d9b10 pkg/archive: fix naked returns, output variables c62f5aff42 libnetwork: fix naked returns 8978b30b1a libnetwork/types: fix naked returns 619e8f8148 libnetwork/osl: fix naked returns 02b4c7cc52 libnetwork/drivers/overlay: fix naked returns, output variables 94afddb18d libnetwork/cmd/networkdb-test: fix naked return 379b82862f layer: fix naked returns b1c617681f internal/unix_noeintr: fix naked returns 51f574ea0e internal/mod: fix naked returns e1538336c7 integration-cli: fix naked returns, output vars 220b3c591f container/stream/bytespipe: fix naked returns, output vars 0cd39d7b23 builder/remotecontext: fix naked returns 0c1b37c50a builder/dockerfile: fix minor linting issues 8302cd2d29 builder/dockerfile: downloadSource: fix naked returns, output vars 00bd916203 libnetwork/resolvconf: Build: re-implement using new implementation 2f19577877 libnetwork/resolvconf: Build: align order with new implementation 03aeedcca9 libnetwork/resolvconf: update tests to use more correct values c34f8bbba3 integration/volume: setupTestVolume: minor cleanups and fixes 28bf578a40 integration/volume: TestRunMountImage: use test-util for container cleanup e41eaf2c8d integration/volume: TestRunMountVolumeSubdir: remove some logs f1bec97dfe registry: use literal for empty slice 7b4e21e5d0 registry: fix typo in godoc be9c4dd3c5 registry: TestNewIndexInfo: add more test-cases 949afd933b registry: TestNewIndexInfo: assert all fields 310d6d2fa5 registry: TestNewIndexInfo: use sub-tests 50d17676e4 registry: TestParseRepositoryInfo: add test-cases for IPv6 refs 328b808765 registry: TestParseRepositoryInfo: assert all index-info fields d9634c3b28 registry: TestParseRepositoryInfo: use sub-tests e2a5220ec3 registry: remove makeServiceConfig test-utility 52419cf933 golangci-lint: enforce "is" alias for gotest.tools/v3/assert/cmp 1c63f3983b volume/service: adjust "gotest.tools/v3/assert/cmp" import alias 9766a446ae integration/network: adjust "gotest.tools/v3/assert/cmp" import alias c16fcdfc4b integration/image: adjust "gotest.tools/v3/assert/cmp" import alias 6abe6a910a integration/container: adjust "gotest.tools/v3/assert/cmp" import alias 22069f2431 integration-cli: adjust "gotest.tools/v3/assert/cmp" import alias 605f02a59b distribution: adjust "gotest.tools/v3/assert/cmp" import alias 75b86c47d9 daemon/logger/loggerutils: adjust "gotest.tools/v3/assert/cmp" import alias 59e6d1d214 registry: TestLoadInsecureRegistries: don't mutate emptyServiceConfig 849f344ecc registry: split normalizing index name from validating fee40a9333 registry: create emptyServiceConfig without parsing a3583b4b58 registry: newRepositoryInfo only check for official images for Docker Hub 08654b0b30 registry: deprecate RepositoryInfo.Official field dbc9d56820 vendor: github.com/containerd/containerd v2.0.3 15895d8ead daemon/graphdriver: rename vars that shadowed aa9817b0c5 testutil: remove isErrNotFoundSwarmClassic 0ab7d41f9e testutil/environment: Execution.Clean: remove redundant condition b301c34b92 libcontainerd/local: remove arg-names for stubs 12f89cc19b libcontainerd/local: NewClient: remove unused cli, stateDir, ns args 620f26e1e3 libcontainerd/local: client.createWindows: remove unused runtimeOptions 9c4e10126e libcontainerd/local: client.NewContainer: use early return 7c1a2301f0 libcontainerd/local: client.extractResourcesFromSpec: use early return fc462d699a Dockerfile: update compose to v2.33.1 855563fc43 Dockerfile: update docker CLI to v28.0.1 ab7305c85a Check swarm's jump to DOCKER-INGRESS be14d9148c Make integration/service/network_test.go Linux-only cfc562c358 daemon/cluster: create "state" and "runtime-dir" closer to where used ef4f4d845d daemon/cluster: rename Cluster.root to Cluster.stateDir 4d3d4bbeeb daemon/cluster: remove Config.WatchStream and move to constructor cdbb62394c builder/dockerfile: remove intermediate var that shadowed 558da63444 Jump to DOCKER-INGRESS from DOCKER-FORWARD fdd534d2ca libcontainerd: windows: return errdefs type for pausing 60782e6d39 container: fix some errors on Windows c37690b98e libnet/portallocator: un-export errors that were not used as sentinel errors cfc049c938 Use iptables-nft in the dev container / CI 47ca352b0d vendor: github.com/opencontainers/runc v1.2.5, cyphar/filepath-securejoin v0.4.1 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
author: Bruce Ashfield <bruce.ashfield@gmail.com> 2025-06-26 14:39:37 -0400
committer: Bruce Ashfield <bruce.ashfield@gmail.com> 2025-07-07 11:42:27 -0400
commit: e1fa9062b6dff772b2da3060c562434a543bfc52 (patch)
tree: 36d8721202936c62bcd6745b81f67b0723eafaef /recipes-containers
parent: c2aab39117cf9a116ffefeab4443e2a9545ab431 (diff)
download: meta-virtualization-e1fa9062b6dff772b2da3060c562434a543bfc52.tar.gz
4 files changed, 18 insertions, 21 deletions
diff --git a/recipes-containers/docker/docker-moby_git.bb b/recipes-containers/docker/docker-moby_git.bb
index 8910e2d3..3dc0e0d1 100644
--- a/recipes-containers/docker/docker-moby_git.bb
+++ b/recipes-containers/docker/docker-moby_git.bb
@@ -44,8 +44,8 @@ DESCRIPTION = "Linux container runtime \
 # so we get that tag, and make it our SRCREVS:
 #
-SRCREV_moby = "bbd0a17ccc67e48d4a69393287b7fcc4f0578683"
+SRCREV_moby = "e0183475e03cd05b6a560d8b22fe0a83cd1cba14"
-SRCREV_cli = "068a01ea9470df6494cc92d9e64e240805ae47a7"
+SRCREV_cli = "7cbee73f199c5846deaa474b0216fd3d709b9a07"
 SRCREV_FORMAT = "moby"
 SRC_URI = "\
        git://github.com/moby/moby.git;nobranch=1;name=moby;protocol=https;destsuffix=${GO_SRCURI_DESTSUFFIX} \
@@ -64,7 +64,7 @@ require docker.inc
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=4859e97a9c7780e77972d989f0823f28"
-DOCKER_VERSION = "28.0.1"
+DOCKER_VERSION = "28.3.0"
 PV = "${DOCKER_VERSION}+git${SRCREV_moby}"
 CVE_PRODUCT = "docker mobyproject:moby"
diff --git a/recipes-containers/docker/files/0001-check-config-make-CONFIG_MEMCG_SWAP-conditional.patch b/recipes-containers/docker/files/0001-check-config-make-CONFIG_MEMCG_SWAP-conditional.patch
index 30b1a7d8..95ba2225 100644
--- a/recipes-containers/docker/files/0001-check-config-make-CONFIG_MEMCG_SWAP-conditional.patch
+++ b/recipes-containers/docker/files/0001-check-config-make-CONFIG_MEMCG_SWAP-conditional.patch
@@ -36,11 +36,11 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
 contrib/check-config.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
-diff --git a/contrib/check-config.sh b/contrib/check-config.sh
+Index: import/contrib/check-config.sh
-index b9cc6bf87d..3124548d99 100755
+===================================================================
--- a/contrib/check-config.sh
+--- import.orig/contrib/check-config.sh
-+++ b/contrib/check-config.sh
+++ import/contrib/check-config.sh
-@@ -266,7 +266,9 @@ echo 'Optional Features:'
+@@ -246,7 +246,9 @@ echo 'Optional Features:'
        check_flags CGROUP_PIDS
 }
 {
@@ -51,6 +51,3 @@ index b9cc6bf87d..3124548d99 100755
        # Kernel v5.8+ removes MEMCG_SWAP_ENABLED.
        if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 8 ]; then
                CODE=${EXITCODE}
-- 
-2.39.2
diff --git a/recipes-containers/docker/files/0001-cli-use-external-GO111MODULE-and-cross-compiler.patch b/recipes-containers/docker/files/0001-cli-use-external-GO111MODULE-and-cross-compiler.patch
index 26f5aad4..3f09ebf8 100644
--- a/recipes-containers/docker/files/0001-cli-use-external-GO111MODULE-and-cross-compiler.patch
+++ b/recipes-containers/docker/files/0001-cli-use-external-GO111MODULE-and-cross-compiler.patch
@@ -10,11 +10,11 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
 git/cli/scripts/build/binary | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
-Index: git/cli/scripts/build/binary
+Index: docker-moby-28.3.0+gite0183475e03cd05b6a560d8b22fe0a83cd1cba14/cli/scripts/build/binary
 ===================================================================
--- git.orig/cli/scripts/build/binary
+--- docker-moby-28.3.0+gite0183475e03cd05b6a560d8b22fe0a83cd1cba14.orig/cli/scripts/build/binary
-+++ git/cli/scripts/build/binary
+++ docker-moby-28.3.0+gite0183475e03cd05b6a560d8b22fe0a83cd1cba14/cli/scripts/build/binary
-@@ -13,8 +13,6 @@
+@@ -13,8 +13,6 @@ fi
 
 echo "Building $GO_LINKMODE $(basename "${TARGET}")"
 
@@ -23,7 +23,7 @@ Index: git/cli/scripts/build/binary
 if [ "$(go env GOOS)" = "windows" ]; then
   if [ ! -x "$(command -v goversioninfo)" ]; then
     >&2 echo "goversioninfo not found, skipping manifesting binary"
-@@ -24,6 +22,6 @@
+@@ -24,6 +22,6 @@ if [ "$(go env GOOS)" = "windows" ]; the
   fi
 fi
 
diff --git a/recipes-containers/docker/files/0001-dynbinary-use-go-cross-compiler.patch b/recipes-containers/docker/files/0001-dynbinary-use-go-cross-compiler.patch
index 9079d81e..e3f20a3a 100644
--- a/recipes-containers/docker/files/0001-dynbinary-use-go-cross-compiler.patch
+++ b/recipes-containers/docker/files/0001-dynbinary-use-go-cross-compiler.patch
@@ -39,7 +39,7 @@ Index: import/hack/make/.binary
 ===================================================================
 --- import.orig/hack/make/.binary
 +++ import/hack/make/.binary
-@@ -3,7 +3,7 @@
+@@ -3,7 +3,7 @@ set -e
 
 # a helper to provide ".exe" when it's appropriate
 binary_extension() {
@@ -48,7 +48,7 @@ Index: import/hack/make/.binary
                echo -n '.exe'
        fi
 }
-@@ -16,31 +16,10 @@
+@@ -16,31 +16,10 @@ source "${MAKEDIR}/.go-autogen"
 (
        export GOGC=${DOCKER_BUILD_GOGC:-1000}
 
@@ -80,8 +80,8 @@ Index: import/hack/make/.binary
 +                       case "$(${GO} env GOOS)/$(${GO} env GOARCH)" in
                                linux/mips* | linux/ppc64)
                                        # -buildmode=pie is not supported on Linux mips*, ppc64be
-                                        # https://github.com/golang/go/blob/go1.23.0/src/internal/platform/supported.go#L189-L197
+                                        # https://github.com/golang/go/blob/go1.24.3/src/internal/platform/supported.go#L188-L200
-@@ -67,11 +46,11 @@
+@@ -67,11 +46,11 @@ source "${MAKEDIR}/.go-autogen"
        # only necessary for non-sandboxed invocation where TARGETPLATFORM is empty
        PLATFORM_NAME=$TARGETPLATFORM
        if [ -z "$PLATFORM_NAME" ]; then
@@ -98,7 +98,7 @@ Index: import/hack/make/.binary
                fi
        fi
 
-@@ -95,7 +74,7 @@
+@@ -95,7 +74,7 @@ source "${MAKEDIR}/.go-autogen"
        if [ -n "$DOCKER_DEBUG" ]; then
                set -x
        fi
author	Bruce Ashfield <bruce.ashfield@gmail.com>	2025-06-26 14:39:37 -0400
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2025-07-07 11:42:27 -0400
commit	e1fa9062b6dff772b2da3060c562434a543bfc52 (patch)
tree	36d8721202936c62bcd6745b81f67b0723eafaef /recipes-containers
parent	c2aab39117cf9a116ffefeab4443e2a9545ab431 (diff)
download	meta-virtualization-e1fa9062b6dff772b2da3060c562434a543bfc52.tar.gz