Merge pull request #141 from andrewhsu/ver

bump version to 17.07.0-ce-rc1

CHANGELOG.md

@@ -5,6 +5,68 @@ information on the list of deprecated flags and APIs please have a look at
 https://docs.docker.com/engine/deprecated/ where target removal dates can also
 be found.
 
+## 17.07.0-ce (2017-07-XX)
+
+### API & Client
+
+* Add support for proxy configuration in config.json [docker/cli#93](https://github.com/docker/cli/pull/93)
+* Enable pprof/debug endpoints by default [moby/moby#32453](https://github.com/moby/moby/pull/32453)
+* Passwords can now be passed using `STDIN` using the new  `--password-stdin` flag on `docker login` [docker/cli#271](https://github.com/docker/cli/pull/271)
++ Add `--detach` to docker scale [docker/cli#243](https://github.com/docker/cli/pull/243)
+* Prevent `docker logs --no-stream` from hanging due to non-existing containers [moby/moby#34004](https://github.com/moby/moby/pull/34004)
+- Fix `docker stack ps` printing error to `stdout` instead of `stderr` [docker/cli#298](https://github.com/docker/cli/pull/298)
+* Fix progress bar being stuck on `docker service create` if an error occurs during deploy [docker/cli#259](https://github.com/docker/cli/pull/259)
+* Improve presentation of progress bars in interactive mode [docker/cli#260](https://github.com/docker/cli/pull/260) [docker/cli#237](https://github.com/docker/cli/pull/237)
+* Print a warning if `docker login --password` is used, and recommend `--password-stdin` [docker/cli#270](https://github.com/docker/cli/pull/270)
+* Make API version negotiation more robust [moby/moby#33827](https://github.com/moby/moby/pull/33827)
+* Hide `--detach` when connected to daemons older than Docker 17.05 [docker/cli#219](https://github.com/docker/cli/pull/219)
++ Add `scope` filter in `GET /networks/(id or name)` [moby/moby#33630](https://github.com/moby/moby/pull/33630)
+
+### Builder
+
+* Implement long running interactive session and sending build context incrementally [moby/moby#32677](https://github.com/moby/moby/pull/32677) [docker/cli#231](https://github.com/docker/cli/pull/231) [moby/moby#33859](https://github.com/moby/moby/pull/33859)
+* Warn on empty continuation lines [moby/moby#33719](https://github.com/moby/moby/pull/33719)
+- Fix `.dockerignore` entries with a leading `/` not matching anything [moby/moby#32088](https://github.com/moby/moby/pull/32088)
+
+### Logging
+
+- Fix wrong filemode for rotate log files [moby/moby#33926](https://github.com/moby/moby/pull/33926)
+- Fix stderr logging for journald and syslog [moby/moby#33832](https://github.com/moby/moby/pull/33832)
+
+### Runtime
+
+* Allow stopping of paused container [moby/moby#34027](https://github.com/moby/moby/pull/34027)
++ Add quota support for the overlay2 storage driver [moby/moby#32977](https://github.com/moby/moby/pull/32977)
+* Remove container locks on `docker ps` [moby/moby#31273](https://github.com/moby/moby/pull/31273)
+* Store container names in memdb [moby/moby#33886](https://github.com/moby/moby/pull/33886)
+* Fix race condition between `docker exec` and `docker pause` [moby/moby#32881](https://github.com/moby/moby/pull/32881)
+* Devicemapper: Rework logging and add `--storage-opt dm.libdm_log_level` [moby/moby#33845](https://github.com/moby/moby/pull/33845)
+* Devicemapper: Prevent "device in use" errors if deferred removal is enabled, but not deferred deletion [moby/moby#33877](https://github.com/moby/moby/pull/33877)
+* Devicemapper: Use KeepAlive to prevent tasks being garbage-collected while still in use [moby/moby#33376](https://github.com/moby/moby/pull/33376)
+* Report inetermediate prune results if prune is cancelled [moby/moby#33979](https://github.com/moby/moby/pull/33979)
+- Fix run `docker rename <container-id> new_name` concurrently resulting in the having multiple names [moby/moby#33940](https://github.com/moby/moby/pull/33940)
+* Fix file-descriptor leak and error handling [moby/moby#33713](https://github.com/moby/moby/pull/33713)
+- Fix SIGSEGV when running containers [docker/cli#303](https://github.com/docker/cli/pull/303)
+* Prevent a goroutine leak when healthcheck gets stopped [moby/moby#33781](https://github.com/moby/moby/pull/33781)
+* Image: Improve store locking [moby/moby#33755](https://github.com/moby/moby/pull/33755)
+* Fix Btrfs quota groups not being removed when container is destroyed [moby/moby#29427](https://github.com/moby/moby/pull/29427)
+* Libcontainerd: fix defunct containerd processes not being properly reaped [moby/moby#33419](https://github.com/moby/moby/pull/33419)
+* Preparations for Linux Containers on Windows
+  * LCOW: Dedicated scratch space for service VM utilities [moby/moby#33809](https://github.com/moby/moby/pull/33809)
+  * LCOW: Support most operations excluding remote filesystem [moby/moby#33241](https://github.com/moby/moby/pull/33241) [moby/moby#33826](https://github.com/moby/moby/pull/33826)
+  * LCOW: Change directory from lcow to "Linux Containers" [moby/moby#33835](https://github.com/moby/moby/pull/33835)
+  * LCOW: pass command arguments without extra quoting [moby/moby#33815](https://github.com/moby/moby/pull/33815)
+  * LCOW: Updates necessary due to platform schema change [moby/moby#33785](https://github.com/moby/moby/pull/33785)
+
+### Swarm Mode
+
+* Add support for plugins on swarm [moby/moby#33575](https://github.com/moby/moby/pull/33575)
+* Initial support for plugable secret backends [moby/moby#34157](https://github.com/moby/moby/pull/34157) [moby/moby#34123](https://github.com/moby/moby/pull/34123)
+* Sort swarm stacks and nodes using natural sorting [docker/cli#315](https://github.com/docker/cli/pull/315)
+* Make engine support cluster config event [moby/moby#34032](https://github.com/moby/moby/pull/34032)
+* Only pass a join address when in the process of joining a cluster [moby/moby#33361](https://github.com/moby/moby/pull/33361)
+* Fix error during service creation if a network with the same name exists both as "local" and "swarm" scoped network [docker/cli#184](https://github.com/docker/cli/pull/184)
+
 ## 17.06.0-ce (2017-06-07)
 
 ### Builder

VERSION

@@ -1 +1 @@
-17.07.0-dev
+17.07.0-ce-rc1

components/cli/VERSION

@@ -1 +1 @@
-17.07.0-dev
+17.07.0-ce-rc1

components/engine/VERSION

@@ -1 +1 @@
-17.06.0-dev
+17.07.0-ce-rc1

components/engine/hack/make/test-integration-cli

@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 set -e
 
+source "${MAKEDIR}/.go-autogen"
 source hack/make/.integration-test-helpers
 
 # subshell so that we can export PATH without breaking other things

components/engine/libcontainerd/remote_unix.go

@@ -19,6 +19,7 @@ import (
 
 	"github.com/Sirupsen/logrus"
 	containerd "github.com/containerd/containerd/api/grpc/types"
+	"github.com/crosbymichael/upgrade/v17_06_1"
 	"github.com/docker/docker/pkg/locker"
 	"github.com/docker/docker/pkg/system"
 	"github.com/golang/protobuf/ptypes"
@@ -39,7 +40,13 @@ const (
 	containerdPidFilename        = "docker-containerd.pid"
 	containerdSockFilename       = "docker-containerd.sock"
 	containerdStateDir           = "containerd"
+	containerdInitDir            = "init"
 	eventTimestampFilename       = "event.ts"
+	processFilename              = "process.json"
+
+	// TODO: Use user's --root parameter for runc, if possible
+	runcStateDir      = "/run/runc"
+	runcStateFilename = "state.json"
 )
 
 type remote struct {
@@ -89,6 +96,7 @@ func New(stateDir string, options ...RemoteOption) (_ Remote, err error) {
 	}
 
 	if r.startDaemon {
+		r.makeUpgradeProof()
 		if err := r.runContainerdDaemon(); err != nil {
 			return nil, err
 		}
@@ -128,6 +136,37 @@ func New(stateDir string, options ...RemoteOption) (_ Remote, err error) {
 	return r, nil
 }
 
+func (r *remote) makeUpgradeProof() {
+	dir := filepath.Join(r.stateDir, containerdStateDir)
+	f, err := os.Open(dir)
+	if err != nil {
+		logrus.Warnf("libcontainerd: makeUpgradeProof could not open %s", dir)
+		return
+	}
+	fis, err := f.Readdir(0)
+	if err != nil {
+		logrus.Warnf("libcontainerd: makeUpgradeProof could not read directory entries in %s", dir)
+		f.Close()
+		return
+	}
+	containerIds := make([]string, 0, len(fis))
+	for _, fi := range fis {
+		if fi.IsDir() {
+			containerIds = append(containerIds, fi.Name())
+		}
+	}
+	f.Close()
+	for _, id := range containerIds {
+		if err := v17_06_1.Upgrade(
+			filepath.Join(runcStateDir, id, runcStateFilename),
+			filepath.Join(r.stateDir, id, configFilename),
+			filepath.Join(dir, id, containerdInitDir, processFilename),
+		); err != nil {
+			logrus.Warnf("libcontainerd: could not upgrade state files during live restore for container %s: %v", id, err)
+		}
+	}
+}
+
 func (r *remote) UpdateOptions(options ...RemoteOption) error {
 	for _, option := range options {
 		if err := option.Apply(r); err != nil {

components/engine/vendor.conf

@@ -3,6 +3,7 @@ github.com/Azure/go-ansiterm 388960b655244e76e24c75f48631564eaefade62
 github.com/Microsoft/hcsshim v0.5.25
 github.com/Microsoft/go-winio v0.4.2
 github.com/Sirupsen/logrus v0.11.0
+github.com/crosbymichael/upgrade 3ee9eb41518034a2dfe45d8273297f309a9d94da
 github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76
 github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a
 github.com/go-check/check 4ed411733c5785b40214c70bce814c3a3a689609 https://github.com/cpuguy83/check.git
@@ -106,7 +107,7 @@ github.com/stevvooe/continuity cd7a8e21e2b6f84799f5dd4b65faf49c8d3ee02d
 github.com/tonistiigi/fsutil 0ac4c11b053b9c5c7c47558f81f96c7100ce50fb
 
 # cluster
-github.com/docker/swarmkit 3e2dd3c0a76149b1620b42d28dd6ff48270404e5
+github.com/docker/swarmkit 87c2a23c2da1fca31abe6161bc908061fb06643e
 github.com/gogo/protobuf v0.4
 github.com/cloudflare/cfssl 7fb22c8cba7ecaf98e4082d22d65800cf45e042a
 github.com/google/certificate-transparency d90e65c3a07988180c5b1ece71791c0b6506826e
@@ -143,4 +144,4 @@ github.com/opencontainers/selinux v1.0.0-rc1
 # git --git-dir ./go/.git --work-tree ./go checkout revert-prefix-ignore
 # cp -a go/src/archive/tar ./vendor/archive/tar
 # rm -rf ./go
-# vndr
+# vndr

components/engine/vendor/github.com/crosbymichael/upgrade/v17_06_1/README.md

@@ -0,0 +1,3 @@
+# How to generate
+
+go generate ./template.go

components/engine/vendor/github.com/crosbymichael/upgrade/v17_06_1/process_state_gen.go

@@ -0,0 +1,29 @@
+// DO NOT EDIT
+// This file has been auto-generated with go generate.
+
+package v17_06_1
+
+import specs "github.com/opencontainers/runtime-spec/specs-go" // a45ba0989fc26c695fe166a49c45bb8b7618ab36 https://github.com/docker/runtime-spec
+
+type ProcessState struct {
+	Terminal        bool                `json:"terminal,omitempty"`
+	ConsoleSize     specs.Box           `json:"consoleSize,omitempty"`
+	User            specs.User          `json:"user"`
+	Args            []string            `json:"args"`
+	Env             []string            `json:"env,omitempty"`
+	Cwd             string              `json:"cwd"`
+	Capabilities    linuxCapabilities   `json:"capabilities,omitempty" platform:"linux"`
+	Rlimits         []specs.LinuxRlimit `json:"rlimits,omitempty" platform:"linux"`
+	NoNewPrivileges bool                `json:"noNewPrivileges,omitempty" platform:"linux"`
+	ApparmorProfile string              `json:"apparmorProfile,omitempty" platform:"linux"`
+	SelinuxLabel    string              `json:"selinuxLabel,omitempty" platform:"linux"`
+	Exec            bool                `json:"exec"`
+	Stdin           string              `json:"containerdStdin"`
+	Stdout          string              `json:"containerdStdout"`
+	Stderr          string              `json:"containerdStderr"`
+	RuntimeArgs     []string            `json:"runtimeArgs"`
+	NoPivotRoot     bool                `json:"noPivotRoot"`
+	Checkpoint      string              `json:"checkpoint"`
+	RootUID         int                 `json:"rootUID"`
+	RootGID         int                 `json:"rootGID"`
+}

components/engine/vendor/github.com/crosbymichael/upgrade/v17_06_1/spec_gen.go

@@ -0,0 +1,66 @@
+// DO NOT EDIT
+// This file has been auto-generated with go generate.
+
+package v17_06_1
+
+import specs "github.com/opencontainers/runtime-spec/specs-go" // a45ba0989fc26c695fe166a49c45bb8b7618ab36 https://github.com/docker/runtime-spec
+
+type Spec struct {
+	Version  string         `json:"ociVersion"`
+	Platform specs.Platform `json:"platform"`
+	Process  struct {
+		Terminal        bool                `json:"terminal,omitempty"`
+		ConsoleSize     specs.Box           `json:"consoleSize,omitempty"`
+		User            specs.User          `json:"user"`
+		Args            []string            `json:"args"`
+		Env             []string            `json:"env,omitempty"`
+		Cwd             string              `json:"cwd"`
+		Capabilities    linuxCapabilities   `json:"capabilities,omitempty" platform:"linux"`
+		Rlimits         []specs.LinuxRlimit `json:"rlimits,omitempty" platform:"linux"`
+		NoNewPrivileges bool                `json:"noNewPrivileges,omitempty" platform:"linux"`
+		ApparmorProfile string              `json:"apparmorProfile,omitempty" platform:"linux"`
+		SelinuxLabel    string              `json:"selinuxLabel,omitempty" platform:"linux"`
+	} `json:"process"`
+	Root        specs.Root        `json:"root"`
+	Hostname    string            `json:"hostname,omitempty"`
+	Mounts      []specs.Mount     `json:"mounts,omitempty"`
+	Hooks       *specs.Hooks      `json:"hooks,omitempty"`
+	Annotations map[string]string `json:"annotations,omitempty"`
+	Linux       *struct {
+		UIDMappings []specs.LinuxIDMapping `json:"uidMappings,omitempty"`
+		GIDMappings []specs.LinuxIDMapping `json:"gidMappings,omitempty"`
+		Sysctl      map[string]string      `json:"sysctl,omitempty"`
+		Resources   *struct {
+			Devices          []specs.LinuxDeviceCgroup `json:"devices,omitempty"`
+			DisableOOMKiller *bool                     `json:"disableOOMKiller,omitempty"`
+			OOMScoreAdj      *int                      `json:"oomScoreAdj,omitempty"`
+			Memory           *struct {
+				Limit       *int64           `json:"limit,omitempty"`
+				Reservation *int64           `json:"reservation,omitempty"`
+				Swap        *int64           `json:"swap,omitempty"`
+				Kernel      *int64           `json:"kernel,omitempty"`
+				KernelTCP   *int64           `json:"kernelTCP,omitempty"`
+				Swappiness  memorySwappiness `json:"swappiness,omitempty"`
+			} `json:"memory,omitempty"`
+			CPU            *specs.LinuxCPU            `json:"cpu,omitempty"`
+			Pids           *specs.LinuxPids           `json:"pids,omitempty"`
+			BlockIO        *specs.LinuxBlockIO        `json:"blockIO,omitempty"`
+			HugepageLimits []specs.LinuxHugepageLimit `json:"hugepageLimits,omitempty"`
+			Network        *specs.LinuxNetwork        `json:"network,omitempty"`
+		} `json:"resources,omitempty"`
+		CgroupsPath string                 `json:"cgroupsPath,omitempty"`
+		Namespaces  []specs.LinuxNamespace `json:"namespaces,omitempty"`
+		Devices     []specs.LinuxDevice    `json:"devices,omitempty"`
+		Seccomp     *struct {
+			DefaultAction specs.LinuxSeccompAction `json:"defaultAction"`
+			Architectures []specs.Arch             `json:"architectures,omitempty"`
+			Syscalls      linuxSyscalls            `json:"syscalls"`
+		} `json:"seccomp,omitempty"`
+		RootfsPropagation string   `json:"rootfsPropagation,omitempty"`
+		MaskedPaths       []string `json:"maskedPaths,omitempty"`
+		ReadonlyPaths     []string `json:"readonlyPaths,omitempty"`
+		MountLabel        string   `json:"mountLabel,omitempty"`
+	} `json:"linux,omitempty" platform:"linux"`
+	Solaris *specs.Solaris `json:"solaris,omitempty" platform:"solaris"`
+	Windows *specs.Windows `json:"windows,omitempty" platform:"windows"`
+}

components/engine/vendor/github.com/crosbymichael/upgrade/v17_06_1/state_gen.go

@@ -0,0 +1,89 @@
+// DO NOT EDIT
+// This file has been auto-generated with go generate.
+
+package v17_06_1
+
+import (
+	"time"
+
+	"github.com/opencontainers/runc/libcontainer/configs" // 810190ceaa507aa2727d7ae6f4790c76ec150bd2 https://github.com/docker/runc
+)
+
+type State struct {
+	ID                   string    `json:"id"`
+	InitProcessPid       int       `json:"init_process_pid"`
+	InitProcessStartTime string    `json:"init_process_start"`
+	Created              time.Time `json:"created"`
+	Config               struct {
+		NoPivotRoot       bool               `json:"no_pivot_root"`
+		ParentDeathSignal int                `json:"parent_death_signal"`
+		Rootfs            string             `json:"rootfs"`
+		Readonlyfs        bool               `json:"readonlyfs"`
+		RootPropagation   int                `json:"rootPropagation"`
+		Mounts            []*configs.Mount   `json:"mounts"`
+		Devices           []*configs.Device  `json:"devices"`
+		MountLabel        string             `json:"mount_label"`
+		Hostname          string             `json:"hostname"`
+		Namespaces        configs.Namespaces `json:"namespaces"`
+		Capabilities      linuxCapabilities  `json:"capabilities"`
+		Networks          []*configs.Network `json:"networks"`
+		Routes            []*configs.Route   `json:"routes"`
+		Cgroups           *struct {
+			Name                         string `json:"name,omitempty"`
+			Parent                       string `json:"parent,omitempty"`
+			Path                         string `json:"path"`
+			ScopePrefix                  string `json:"scope_prefix"`
+			Paths                        map[string]string
+			AllowAllDevices              *bool                     `json:"allow_all_devices,omitempty"`
+			AllowedDevices               []*configs.Device         `json:"allowed_devices,omitempty"`
+			DeniedDevices                []*configs.Device         `json:"denied_devices,omitempty"`
+			Devices                      []*configs.Device         `json:"devices"`
+			Memory                       int64                     `json:"memory"`
+			MemoryReservation            int64                     `json:"memory_reservation"`
+			MemorySwap                   int64                     `json:"memory_swap"`
+			KernelMemory                 int64                     `json:"kernel_memory"`
+			KernelMemoryTCP              int64                     `json:"kernel_memory_tcp"`
+			CpuShares                    uint64                    `json:"cpu_shares"`
+			CpuQuota                     int64                     `json:"cpu_quota"`
+			CpuPeriod                    uint64                    `json:"cpu_period"`
+			CpuRtRuntime                 int64                     `json:"cpu_rt_quota"`
+			CpuRtPeriod                  uint64                    `json:"cpu_rt_period"`
+			CpusetCpus                   string                    `json:"cpuset_cpus"`
+			CpusetMems                   string                    `json:"cpuset_mems"`
+			PidsLimit                    int64                     `json:"pids_limit"`
+			BlkioWeight                  uint16                    `json:"blkio_weight"`
+			BlkioLeafWeight              uint16                    `json:"blkio_leaf_weight"`
+			BlkioWeightDevice            []*configs.WeightDevice   `json:"blkio_weight_device"`
+			BlkioThrottleReadBpsDevice   []*configs.ThrottleDevice `json:"blkio_throttle_read_bps_device"`
+			BlkioThrottleWriteBpsDevice  []*configs.ThrottleDevice `json:"blkio_throttle_write_bps_device"`
+			BlkioThrottleReadIOPSDevice  []*configs.ThrottleDevice `json:"blkio_throttle_read_iops_device"`
+			BlkioThrottleWriteIOPSDevice []*configs.ThrottleDevice `json:"blkio_throttle_write_iops_device"`
+			Freezer                      configs.FreezerState      `json:"freezer"`
+			HugetlbLimit                 []*configs.HugepageLimit  `json:"hugetlb_limit"`
+			OomKillDisable               bool                      `json:"oom_kill_disable"`
+			MemorySwappiness             memorySwappiness          `json:"memory_swappiness"`
+			NetPrioIfpriomap             []*configs.IfPrioMap      `json:"net_prio_ifpriomap"`
+			NetClsClassid                uint32                    `json:"net_cls_classid_u"`
+		} `json:"cgroups"`
+		AppArmorProfile string            `json:"apparmor_profile,omitempty"`
+		ProcessLabel    string            `json:"process_label,omitempty"`
+		Rlimits         []configs.Rlimit  `json:"rlimits,omitempty"`
+		OomScoreAdj     int               `json:"oom_score_adj"`
+		UidMappings     []configs.IDMap   `json:"uid_mappings"`
+		GidMappings     []configs.IDMap   `json:"gid_mappings"`
+		MaskPaths       []string          `json:"mask_paths"`
+		ReadonlyPaths   []string          `json:"readonly_paths"`
+		Sysctl          map[string]string `json:"sysctl"`
+		Seccomp         *configs.Seccomp  `json:"seccomp"`
+		NoNewPrivileges bool              `json:"no_new_privileges,omitempty"`
+		Hooks           *configs.Hooks
+		Version         string   `json:"version"`
+		Labels          []string `json:"labels"`
+		NoNewKeyring    bool     `json:"no_new_keyring"`
+		Rootless        bool     `json:"rootless"`
+	} `json:"config"`
+	Rootless            bool                             `json:"rootless"`
+	CgroupPaths         map[string]string                `json:"cgroup_paths"`
+	NamespacePaths      map[configs.NamespaceType]string `json:"namespace_paths"`
+	ExternalDescriptors []string                         `json:"external_descriptors,omitempty"`
+}

components/engine/vendor/github.com/crosbymichael/upgrade/v17_06_1/template.go

@@ -0,0 +1,20 @@
+//+build ignore
+
+package v17_06_1
+
+import (
+	"github.com/containerd/containerd/runtime"
+	"github.com/opencontainers/runc/libcontainer"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+//go:generate -command rewrite go run ../gen/rewrite-structs.go --
+
+//go:generate rewrite spec_gen.go .Process.Capabilities->linuxCapabilities .Linux.Resources.Memory.Swappiness->memorySwappiness .Linux.Seccomp.Syscalls->linuxSyscalls
+type Spec specs.Spec
+
+//go:generate rewrite process_state_gen.go .Capabilities->linuxCapabilities
+type ProcessState runtime.ProcessState
+
+//go:generate rewrite state_gen.go .Config.Capabilities->linuxCapabilities .Config.Cgroups.MemorySwappiness->memorySwappiness
+type State libcontainer.State

components/engine/vendor/github.com/crosbymichael/upgrade/v17_06_1/unmarshal.go

@@ -0,0 +1,119 @@
+package v17_06_1
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+type linuxSyscalls []linuxSyscall
+
+type linuxSyscall struct {
+	specs.LinuxSyscall
+}
+
+func (ls *linuxSyscall) UnmarshalJSON(b []byte) error {
+	var t struct {
+		specs.LinuxSyscall
+		Name *string `json:"name,omitempty"`
+	}
+	if err := json.Unmarshal(b, &t); err != nil {
+		return err
+	}
+	ls.LinuxSyscall = t.LinuxSyscall
+	if t.Name != nil {
+		if ls.LinuxSyscall.Names != nil {
+			return fmt.Errorf("found incompatible 'name' and 'names' fields")
+		}
+		ls.LinuxSyscall.Names = []string{*t.Name}
+		t.Name = nil
+	}
+	return nil
+}
+
+// TODO: figure out how to omitempty when pointer is nil
+type memorySwappiness struct {
+	V *uint64 `json:",omitempty"`
+}
+
+func (m memorySwappiness) String() string {
+	if m.V == nil {
+		return "<nil>"
+	}
+	return fmt.Sprintf("%d", *m.V)
+}
+
+var null = []byte("null")
+
+func (m *memorySwappiness) MarshalJSON() ([]byte, error) {
+	if m.V == nil {
+		return null, nil
+	}
+	return []byte(fmt.Sprintf("%d", *m.V)), nil
+}
+
+func (m *memorySwappiness) UnmarshalJSON(b []byte) error {
+	if bytes.Compare(b, null) == 0 {
+		return nil
+	}
+
+	var n uint64
+	var i int64
+	err := json.Unmarshal(b, &i)
+	switch err.(type) {
+	case nil:
+		n = uint64(i)
+	case *json.UnmarshalTypeError:
+		// The only valid reason for accepting a uint64 that does not fit into an int64
+		// is for erroneous -1 values being converted to uint64.
+		// Nevertheless, try unmarshaling it and error out if it's not a number at all.
+		if err := json.Unmarshal(b, &n); err != nil {
+			return err
+		}
+	default:
+		return err
+	}
+	if n >= 0 && n <= 100 {
+		m.V = &n
+	} else {
+		m.V = nil
+	}
+	return nil
+}
+
+type linuxCapabilities struct {
+	V *specs.LinuxCapabilities
+}
+
+func (l *linuxCapabilities) MarshalJSON() ([]byte, error) {
+	return json.Marshal(l.V)
+}
+
+func (l *linuxCapabilities) UnmarshalJSON(b []byte) error {
+	if bytes.Compare(b, null) == 0 {
+		return nil
+	}
+	var s specs.LinuxCapabilities
+	err := json.Unmarshal(b, &s)
+	switch err.(type) {
+	case nil:
+		l.V = &s
+	case *json.UnmarshalTypeError:
+		var caps []string
+		err = json.Unmarshal(b, &caps)
+		if err != nil {
+			return err
+		}
+		// TODO: copy caps or not copy caps?
+		l.V = &specs.LinuxCapabilities{
+			Bounding:    caps,
+			Effective:   caps,
+			Inheritable: caps,
+			Permitted:   caps,
+			Ambient:     nil,
+		}
+	}
+	return err
+}

components/engine/vendor/github.com/crosbymichael/upgrade/v17_06_1/upgrade.go

@@ -0,0 +1,63 @@
+package v17_06_1
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/pkg/ioutils"
+)
+
+type file struct {
+	name string
+	x    interface{}
+	buf  bytes.Buffer
+	w    io.WriteCloser
+}
+
+func Upgrade(runcState, containerdConfig, containerdProcess string) error {
+	files := []*file{
+		&file{name: runcState, x: new(State)},
+		&file{name: containerdConfig, x: new(Spec)},
+		&file{name: containerdProcess, x: new(ProcessState)},
+	}
+	for _, f := range files {
+		fd, err := os.Open(f.name)
+		if err != nil {
+			return err
+		}
+		defer fd.Close()
+		// error out if any of the files have issues being decoded
+		// before overwriting them, to prevent being in a mixed state.
+		if err := json.NewDecoder(fd).Decode(f.x); err != nil {
+			return err
+		}
+		// error out if any of the files have issues being encoded
+		// before overwriting them, to prevent being in a mixed state.
+		if err := json.NewEncoder(&f.buf).Encode(f.x); err != nil {
+			return err
+		}
+		fi, err := fd.Stat()
+		if err != nil {
+			return err
+		}
+		f.w, err = ioutils.NewAtomicFileWriter(f.name, fi.Mode())
+		if err != nil {
+			return err
+		}
+		defer f.w.Close()
+	}
+	var errs []string
+	for _, f := range files {
+		if _, err := f.w.Write(f.buf.Bytes()); err != nil {
+			errs = append(errs, fmt.Sprintf("error writing to %s: %v", f.name, err))
+		}
+	}
+	if errs != nil {
+		return fmt.Errorf(strings.Join(errs, ", "))
+	}
+	return nil
+}

components/engine/vendor/github.com/crosbymichael/upgrade/v17_06_1/vendor.conf

@@ -0,0 +1,23 @@
+# runtime-spec
+github.com/opencontainers/runtime-spec a45ba0989fc26c695fe166a49c45bb8b7618ab36 https://github.com/docker/runtime-spec
+
+# runc
+github.com/opencontainers/runc 810190ceaa507aa2727d7ae6f4790c76ec150bd2 https://github.com/docker/runc
+github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
+github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
+github.com/syndtr/gocapability e7cb7fa329f456b3855136a2642b197bad7366ba
+github.com/golang/protobuf f7137ae6b19afbfd61a94b746fda3b3fe
+github.com/docker/go-units v0.2.0
+github.com/vishvananda/netlink 1e2e08e8a2dcdacaae3f14ac44c5c
+github.com/docker/docker 0f5c9d301b9b1cca66b3ea0f9dec3b5317d3686d
+github.com/opencontainers/selinux v1.0.0-rc1
+github.com/coreos/go-systemd v14
+github.com/coreos/pkg v3
+github.com/godbus/dbus v3
+
+# containerd
+github.com/containerd/containerd 6e23458c129b551d5c9871e5174f6b1b7f6d1170 https://github.com/docker/containerd
+golang.org/x/net 991d3e32f76f19ee6d9caadb3a22eae8d23315f7 https://github.com/golang/net.git
+golang.org/x/sys d4feaf1a7e61e1d9e79e6c4e76c6349e9 https://github.com/golang/sys.git
+github.com/Sirupsen/logrus v0.11.2
+

components/engine/vendor/github.com/crosbymichael/upgrade/vendor.conf

@@ -0,0 +1 @@
+v17_06_1/vendor.conf

components/engine/vendor/github.com/docker/swarmkit/manager/logbroker/broker.go

@@ -57,12 +57,12 @@ func New(store *store.MemoryStore) *LogBroker {
 	}
 }
 
-// Run the log broker
-func (lb *LogBroker) Run(ctx context.Context) error {
+// Start starts the log broker
+func (lb *LogBroker) Start(ctx context.Context) error {
 	lb.mu.Lock()
+	defer lb.mu.Unlock()
 
 	if lb.cancelAll != nil {
-		lb.mu.Unlock()
 		return errAlreadyRunning
 	}
 
@@ -71,12 +71,7 @@ func (lb *LogBroker) Run(ctx context.Context) error {
 	lb.subscriptionQueue = watch.NewQueue()
 	lb.registeredSubscriptions = make(map[string]*subscription)
 	lb.subscriptionsByNode = make(map[string]map[*subscription]struct{})
-	lb.mu.Unlock()
-
-	select {
-	case <-lb.pctx.Done():
-		return lb.pctx.Err()
-	}
+	return nil
 }
 
 // Stop stops the log broker
@@ -234,8 +229,15 @@ func (lb *LogBroker) SubscribeLogs(request *api.SubscribeLogsRequest, stream api
 		return err
 	}
 
+	lb.mu.Lock()
+	pctx := lb.pctx
+	lb.mu.Unlock()
+	if pctx == nil {
+		return errNotRunning
+	}
+
 	subscription := lb.newSubscription(request.Selector, request.Options)
-	subscription.Run(lb.pctx)
+	subscription.Run(pctx)
 	defer subscription.Stop()
 
 	log := log.G(ctx).WithFields(
@@ -257,8 +259,8 @@ func (lb *LogBroker) SubscribeLogs(request *api.SubscribeLogsRequest, stream api
 		select {
 		case <-ctx.Done():
 			return ctx.Err()
-		case <-lb.pctx.Done():
-			return lb.pctx.Err()
+		case <-pctx.Done():
+			return pctx.Err()
 		case event := <-publishCh:
 			publish := event.(*logMessage)
 			if publish.completed {
@@ -308,6 +310,13 @@ func (lb *LogBroker) ListenSubscriptions(request *api.ListenSubscriptionsRequest
 		return err
 	}
 
+	lb.mu.Lock()
+	pctx := lb.pctx
+	lb.mu.Unlock()
+	if pctx == nil {
+		return errNotRunning
+	}
+
 	lb.nodeConnected(remote.NodeID)
 	defer lb.nodeDisconnected(remote.NodeID)
 
@@ -329,7 +338,7 @@ func (lb *LogBroker) ListenSubscriptions(request *api.ListenSubscriptionsRequest
 		select {
 		case <-stream.Context().Done():
 			return stream.Context().Err()
-		case <-lb.pctx.Done():
+		case <-pctx.Done():
 			return nil
 		default:
 		}
@@ -362,7 +371,7 @@ func (lb *LogBroker) ListenSubscriptions(request *api.ListenSubscriptionsRequest
 			}
 		case <-stream.Context().Done():
 			return stream.Context().Err()
-		case <-lb.pctx.Done():
+		case <-pctx.Done():
 			return nil
 		}
 	}

components/engine/vendor/github.com/docker/swarmkit/manager/manager.go

@@ -130,6 +130,7 @@ type Manager struct {
 	caserver               *ca.Server
 	dispatcher             *dispatcher.Dispatcher
 	logbroker              *logbroker.LogBroker
+	watchServer            *watchapi.Server
 	replicatedOrchestrator *replicated.Orchestrator
 	globalOrchestrator     *global.Orchestrator
 	taskReaper             *taskreaper.TaskReaper
@@ -221,6 +222,7 @@ func New(config *Config) (*Manager, error) {
 		caserver:        ca.NewServer(raftNode.MemoryStore(), config.SecurityConfig, config.RootCAPaths),
 		dispatcher:      dispatcher.New(raftNode, dispatcher.DefaultConfig(), drivers.New(config.PluginGetter)),
 		logbroker:       logbroker.New(raftNode.MemoryStore()),
+		watchServer:     watchapi.NewServer(raftNode.MemoryStore()),
 		server:          grpc.NewServer(opts...),
 		localserver:     grpc.NewServer(opts...),
 		raftNode:        raftNode,
@@ -398,13 +400,12 @@ func (m *Manager) Run(parent context.Context) error {
 	}
 
 	baseControlAPI := controlapi.NewServer(m.raftNode.MemoryStore(), m.raftNode, m.config.SecurityConfig, m.caserver, m.config.PluginGetter)
-	baseWatchAPI := watchapi.NewServer(m.raftNode.MemoryStore())
 	baseResourceAPI := resourceapi.New(m.raftNode.MemoryStore())
 	healthServer := health.NewHealthServer()
 	localHealthServer := health.NewHealthServer()
 
 	authenticatedControlAPI := api.NewAuthenticatedWrapperControlServer(baseControlAPI, authorize)
-	authenticatedWatchAPI := api.NewAuthenticatedWrapperWatchServer(baseWatchAPI, authorize)
+	authenticatedWatchAPI := api.NewAuthenticatedWrapperWatchServer(m.watchServer, authorize)
 	authenticatedResourceAPI := api.NewAuthenticatedWrapperResourceAllocatorServer(baseResourceAPI, authorize)
 	authenticatedLogsServerAPI := api.NewAuthenticatedWrapperLogsServer(m.logbroker, authorize)
 	authenticatedLogBrokerAPI := api.NewAuthenticatedWrapperLogBrokerServer(m.logbroker, authorize)
@@ -477,7 +478,7 @@ func (m *Manager) Run(parent context.Context) error {
 	grpc_prometheus.Register(m.server)
 
 	api.RegisterControlServer(m.localserver, localProxyControlAPI)
-	api.RegisterWatchServer(m.localserver, baseWatchAPI)
+	api.RegisterWatchServer(m.localserver, m.watchServer)
 	api.RegisterLogsServer(m.localserver, localProxyLogsAPI)
 	api.RegisterHealthServer(m.localserver, localHealthServer)
 	api.RegisterDispatcherServer(m.localserver, localProxyDispatcherAPI)
@@ -490,6 +491,10 @@ func (m *Manager) Run(parent context.Context) error {
 	healthServer.SetServingStatus("Raft", api.HealthCheckResponse_NOT_SERVING)
 	localHealthServer.SetServingStatus("ControlAPI", api.HealthCheckResponse_NOT_SERVING)
 
+	if err := m.watchServer.Start(ctx); err != nil {
+		log.G(ctx).WithError(err).Error("watch server failed to start")
+	}
+
 	go m.serveListener(ctx, m.remoteListener)
 	go m.serveListener(ctx, m.controlListener)
 
@@ -565,8 +570,8 @@ func (m *Manager) Run(parent context.Context) error {
 const stopTimeout = 8 * time.Second
 
 // Stop stops the manager. It immediately closes all open connections and
-// active RPCs as well as stopping the scheduler. If clearData is set, the
-// raft logs, snapshots, and keys will be erased.
+// active RPCs as well as stopping the manager's subsystems. If clearData is
+// set, the raft logs, snapshots, and keys will be erased.
 func (m *Manager) Stop(ctx context.Context, clearData bool) {
 	log.G(ctx).Info("Stopping manager")
 	// It's not safe to start shutting down while the manager is still
@@ -600,6 +605,7 @@ func (m *Manager) Stop(ctx context.Context, clearData bool) {
 
 	m.dispatcher.Stop()
 	m.logbroker.Stop()
+	m.watchServer.Stop()
 	m.caserver.Stop()
 
 	if m.allocator != nil {
@@ -1001,11 +1007,9 @@ func (m *Manager) becomeLeader(ctx context.Context) {
 		}
 	}(m.dispatcher)
 
-	go func(lb *logbroker.LogBroker) {
-		if err := lb.Run(ctx); err != nil {
-			log.G(ctx).WithError(err).Error("LogBroker exited with an error")
-		}
-	}(m.logbroker)
+	if err := m.logbroker.Start(ctx); err != nil {
+		log.G(ctx).WithError(err).Error("LogBroker failed to start")
+	}
 
 	go func(server *ca.Server) {
 		if err := server.Run(ctx); err != nil {

components/engine/vendor/github.com/docker/swarmkit/manager/orchestrator/global/global.go

@@ -169,12 +169,6 @@ func (g *Orchestrator) Run(ctx context.Context) error {
 				delete(g.nodes, v.Node.ID)
 			case api.EventUpdateTask:
 				g.handleTaskChange(ctx, v.Task)
-			case api.EventDeleteTask:
-				// CLI allows deleting task
-				if _, exists := g.globalServices[v.Task.ServiceID]; !exists {
-					continue
-				}
-				g.reconcileServicesOneNode(ctx, []string{v.Task.ServiceID}, v.Task.NodeID)
 			}
 		case <-g.stopChan:
 			return nil
@@ -216,7 +210,7 @@ func (g *Orchestrator) handleTaskChange(ctx context.Context, t *api.Task) {
 	if _, exists := g.globalServices[t.ServiceID]; !exists {
 		return
 	}
-	// if a task's DesiredState has past running, which
+	// if a task's DesiredState has passed running, it
 	// means the task has been processed
 	if t.DesiredState > api.TaskStateRunning {
 		return
@@ -264,7 +258,6 @@ func (g *Orchestrator) foreachTaskFromNode(ctx context.Context, node *api.Node,
 }
 
 func (g *Orchestrator) reconcileServices(ctx context.Context, serviceIDs []string) {
-	nodeCompleted := make(map[string]map[string]struct{})
 	nodeTasks := make(map[string]map[string][]*api.Task)
 
 	g.store.View(func(tx store.ReadTx) {
@@ -275,8 +268,6 @@ func (g *Orchestrator) reconcileServices(ctx context.Context, serviceIDs []strin
 				continue
 			}
 
-			// a node may have completed this service
-			nodeCompleted[serviceID] = make(map[string]struct{})
 			// nodeID -> task list
 			nodeTasks[serviceID] = make(map[string][]*api.Task)
 
@@ -284,11 +275,6 @@ func (g *Orchestrator) reconcileServices(ctx context.Context, serviceIDs []strin
 				if t.DesiredState <= api.TaskStateRunning {
 					// Collect all running instances of this service
 					nodeTasks[serviceID][t.NodeID] = append(nodeTasks[serviceID][t.NodeID], t)
-				} else {
-					// for finished tasks, check restartPolicy
-					if isTaskCompleted(t, orchestrator.RestartCondition(t)) {
-						nodeCompleted[serviceID][t.NodeID] = struct{}{}
-					}
 				}
 			}
 		}
@@ -311,9 +297,7 @@ func (g *Orchestrator) reconcileServices(ctx context.Context, serviceIDs []strin
 				ntasks := nodeTasks[serviceID][nodeID]
 				delete(nodeTasks[serviceID], nodeID)
 
-				// if restart policy considers this node has finished its task
-				// it should remove all running tasks
-				if _, exists := nodeCompleted[serviceID][nodeID]; exists || !meetsConstraints {
+				if !meetsConstraints {
 					g.shutdownTasks(ctx, batch, ntasks)
 					continue
 				}
@@ -400,8 +384,6 @@ func (g *Orchestrator) reconcileServicesOneNode(ctx context.Context, serviceIDs
 		return
 	}
 
-	// whether each service has completed on the node
-	completed := make(map[string]bool)
 	// tasks by service
 	tasks := make(map[string][]*api.Task)
 
@@ -425,10 +407,6 @@ func (g *Orchestrator) reconcileServicesOneNode(ctx context.Context, serviceIDs
 			}
 			if t.DesiredState <= api.TaskStateRunning {
 				tasks[serviceID] = append(tasks[serviceID], t)
-			} else {
-				if isTaskCompleted(t, orchestrator.RestartCondition(t)) {
-					completed[serviceID] = true
-				}
 			}
 		}
 	}
@@ -444,13 +422,6 @@ func (g *Orchestrator) reconcileServicesOneNode(ctx context.Context, serviceIDs
 				continue
 			}
 
-			// if restart policy considers this node has finished its task
-			// it should remove all running tasks
-			if completed[serviceID] {
-				g.shutdownTasks(ctx, batch, tasks[serviceID])
-				continue
-			}
-
 			if node.Spec.Availability == api.NodeAvailabilityPause {
 				// the node is paused, so we won't add or update tasks
 				continue

components/engine/vendor/github.com/docker/swarmkit/manager/orchestrator/restart/restart.go

@@ -30,6 +30,13 @@ type instanceRestartInfo struct {
 	// Restart.MaxAttempts and Restart.Window are both
 	// nonzero.
 	restartedInstances *list.List
+	// Why is specVersion in this structure and not in the map key? While
+	// putting it in the key would be a very simple solution, it wouldn't
+	// be easy to clean up map entries corresponding to old specVersions.
+	// Making the key version-agnostic and clearing the value whenever the
+	// version changes avoids the issue of stale map entries for old
+	// versions.
+	specVersion api.Version
 }
 
 type delayedStart struct {
@@ -54,8 +61,7 @@ type Supervisor struct {
 	mu               sync.Mutex
 	store            *store.MemoryStore
 	delays           map[string]*delayedStart
-	history          map[instanceTuple]*instanceRestartInfo
-	historyByService map[string]map[instanceTuple]struct{}
+	historyByService map[string]map[instanceTuple]*instanceRestartInfo
 	TaskTimeout      time.Duration
 }
 
@@ -64,8 +70,7 @@ func NewSupervisor(store *store.MemoryStore) *Supervisor {
 	return &Supervisor{
 		store:            store,
 		delays:           make(map[string]*delayedStart),
-		history:          make(map[instanceTuple]*instanceRestartInfo),
-		historyByService: make(map[string]map[instanceTuple]struct{}),
+		historyByService: make(map[string]map[instanceTuple]*instanceRestartInfo),
 		TaskTimeout:      defaultOldTaskTimeout,
 	}
 }
@@ -214,8 +219,8 @@ func (r *Supervisor) shouldRestart(ctx context.Context, t *api.Task, service *ap
 	r.mu.Lock()
 	defer r.mu.Unlock()
 
-	restartInfo := r.history[instanceTuple]
-	if restartInfo == nil {
+	restartInfo := r.historyByService[t.ServiceID][instanceTuple]
+	if restartInfo == nil || (t.SpecVersion != nil && *t.SpecVersion != restartInfo.specVersion) {
 		return true
 	}
 
@@ -268,17 +273,26 @@ func (r *Supervisor) recordRestartHistory(restartTask *api.Task) {
 	r.mu.Lock()
 	defer r.mu.Unlock()
 
-	if r.history[tuple] == nil {
-		r.history[tuple] = &instanceRestartInfo{}
-	}
-
-	restartInfo := r.history[tuple]
-	restartInfo.totalRestarts++
-
 	if r.historyByService[restartTask.ServiceID] == nil {
-		r.historyByService[restartTask.ServiceID] = make(map[instanceTuple]struct{})
+		r.historyByService[restartTask.ServiceID] = make(map[instanceTuple]*instanceRestartInfo)
 	}
-	r.historyByService[restartTask.ServiceID][tuple] = struct{}{}
+	if r.historyByService[restartTask.ServiceID][tuple] == nil {
+		r.historyByService[restartTask.ServiceID][tuple] = &instanceRestartInfo{}
+	}
+
+	restartInfo := r.historyByService[restartTask.ServiceID][tuple]
+
+	if restartTask.SpecVersion != nil && *restartTask.SpecVersion != restartInfo.specVersion {
+		// This task has a different SpecVersion from the one we're
+		// tracking. Most likely, the service was updated. Past failures
+		// shouldn't count against the new service definition, so clear
+		// the history for this instance.
+		*restartInfo = instanceRestartInfo{
+			specVersion: *restartTask.SpecVersion,
+		}
+	}
+
+	restartInfo.totalRestarts++
 
 	if restartTask.Spec.Restart.Window != nil && (restartTask.Spec.Restart.Window.Seconds != 0 || restartTask.Spec.Restart.Window.Nanos != 0) {
 		if restartInfo.restartedInstances == nil {
@@ -432,16 +446,6 @@ func (r *Supervisor) CancelAll() {
 // ClearServiceHistory forgets restart history related to a given service ID.
 func (r *Supervisor) ClearServiceHistory(serviceID string) {
 	r.mu.Lock()
-	defer r.mu.Unlock()
-
-	tuples := r.historyByService[serviceID]
-	if tuples == nil {
-		return
-	}
-
 	delete(r.historyByService, serviceID)
-
-	for t := range tuples {
-		delete(r.history, t)
-	}
+	r.mu.Unlock()
 }

components/engine/vendor/github.com/docker/swarmkit/manager/orchestrator/update/updater.go

@@ -601,7 +601,9 @@ func (u *Updater) rollbackUpdate(ctx context.Context, serviceID, message string)
 			return errors.New("cannot roll back service because no previous spec is available")
 		}
 		service.Spec = *service.PreviousSpec
+		service.SpecVersion = service.PreviousSpecVersion.Copy()
 		service.PreviousSpec = nil
+		service.PreviousSpecVersion = nil
 
 		return store.UpdateService(tx, service)
 	})

components/engine/vendor/github.com/docker/swarmkit/manager/watchapi/server.go

@@ -1,12 +1,24 @@
 package watchapi
 
 import (
+	"errors"
+	"sync"
+
 	"github.com/docker/swarmkit/manager/state/store"
+	"golang.org/x/net/context"
+)
+
+var (
+	errAlreadyRunning = errors.New("broker is already running")
+	errNotRunning     = errors.New("broker is not running")
 )
 
 // Server is the store API gRPC server.
 type Server struct {
-	store *store.MemoryStore
+	store     *store.MemoryStore
+	mu        sync.Mutex
+	pctx      context.Context
+	cancelAll func()
 }
 
 // NewServer creates a store API server.
@@ -15,3 +27,30 @@ func NewServer(store *store.MemoryStore) *Server {
 		store: store,
 	}
 }
+
+// Start starts the watch server.
+func (s *Server) Start(ctx context.Context) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	if s.cancelAll != nil {
+		return errAlreadyRunning
+	}
+
+	s.pctx, s.cancelAll = context.WithCancel(ctx)
+	return nil
+}
+
+// Stop stops the watch server.
+func (s *Server) Stop() error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	if s.cancelAll == nil {
+		return errNotRunning
+	}
+	s.cancelAll()
+	s.cancelAll = nil
+
+	return nil
+}

components/engine/vendor/github.com/docker/swarmkit/manager/watchapi/watch.go

@@ -17,6 +17,13 @@ import (
 func (s *Server) Watch(request *api.WatchRequest, stream api.Watch_WatchServer) error {
 	ctx := stream.Context()
 
+	s.mu.Lock()
+	pctx := s.pctx
+	s.mu.Unlock()
+	if pctx == nil {
+		return errNotRunning
+	}
+
 	watchArgs, err := api.ConvertWatchArgs(request.Entries)
 	if err != nil {
 		return grpc.Errorf(codes.InvalidArgument, "%s", err.Error())
@@ -39,6 +46,8 @@ func (s *Server) Watch(request *api.WatchRequest, stream api.Watch_WatchServer)
 		select {
 		case <-ctx.Done():
 			return ctx.Err()
+		case <-pctx.Done():
+			return pctx.Err()
 		case event := <-watch:
 			if commitEvent, ok := event.(state.EventCommit); ok && len(events) > 0 {
 				if err := stream.Send(&api.WatchMessage{Events: events, Version: commitEvent.Version}); err != nil {

components/packaging/Makefile

@@ -14,13 +14,13 @@ clean: ## remove build artifacts
 	$(MAKE) -C deb clean
 	$(MAKE) -C static clean
 
-rpm: DOCKER_BUILD_PKGS:=fedora-25 fedora-24 centos-7
+rpm: DOCKER_BUILD_PKGS:=fedora-26 fedora-25 fedora-24 centos-7
 rpm: ## build rpm packages
 	for p in $(DOCKER_BUILD_PKGS); do \
 		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) $${p}; \
 	done
 
-deb: DOCKER_BUILD_PKGS:=ubuntu-zesty ubuntu-yakkety ubuntu-xenial ubuntu-trusty debian-stretch debian-wheezy debian-jessie
+deb: DOCKER_BUILD_PKGS:=ubuntu-zesty ubuntu-xenial ubuntu-trusty debian-stretch debian-wheezy debian-jessie raspbian-stretch raspbian-jessie
 deb: ## build deb packages
 	for p in $(DOCKER_BUILD_PKGS); do \
 		$(MAKE) -C $@ VERSION=$(VERSION) ENGINE_DIR=$(ENGINE_DIR) CLI_DIR=$(CLI_DIR) $${p}; \

components/packaging/README.md

@@ -8,7 +8,6 @@ This repository is solely maintained by Docker, Inc.
 The scripts will build for this list of packages types:
 
 * DEB packages for Ubuntu 17.04 Zesty
-* DEB packages for Ubuntu 16.10 Yakkety
 * DEB packages for Ubuntu 16.04 Xenial
 * DEB packages for Ubuntu 14.04 Trusty
 * DEB packages for Debian 9 Stretch

components/packaging/deb/Makefile

@@ -8,7 +8,7 @@ VERSION?=$(shell cat $(ENGINE_DIR)/VERSION)
 DOCKER_EXPERIMENTAL:=0
 CHOWN:=docker run --rm -v $(CURDIR):/v -w /v $(ALPINE_IMG) chown
 
-.PHONY: help clean deb ubuntu debian ubuntu-xenial ubuntu-trusty ubuntu-yakkety ubuntu-zesty debian-jessie debian-stretch debian-wheezy
+.PHONY: help clean deb ubuntu debian ubuntu-xenial ubuntu-trusty ubuntu-zesty debian-jessie debian-stretch debian-wheezy raspbian-jessie raspbian-stretch
 
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
@@ -17,12 +17,14 @@ clean: ## remove build artifacts
 	[ ! -d debbuild ] || $(CHOWN) -R $(shell id -u):$(shell id -g) debbuild
 	$(RM) -r debbuild
 
-deb: ubuntu debian ## build all deb packages
+deb: ubuntu debian raspbian ## build all deb packages
 
-ubuntu: ubuntu-zesty ubuntu-yakkety ubuntu-xenial ubuntu-trusty ## build all ubuntu deb packages
+ubuntu: ubuntu-zesty ubuntu-xenial ubuntu-trusty ## build all ubuntu deb packages
 
 debian: debian-stretch debian-wheezy debian-jessie ## build all debian deb packages
 
+raspbian: raspbian-stretch debian-jessie ## build all raspbian deb packages
+
 ubuntu-xenial: ## build ubuntu xenial deb packages
 	docker build -t debbuild-$@/$(ARCH) -f $(CURDIR)/$@/Dockerfile.$(ARCH) .
 	docker run --rm -i \
@@ -47,18 +49,6 @@ ubuntu-trusty: ## build ubuntu trusty deb packages
 		debbuild-$@/$(ARCH)
 	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
 
-ubuntu-yakkety: ## build ubuntu yakkety deb packages
-	docker build -t debbuild-$@/$(ARCH) -f $(CURDIR)/$@/Dockerfile.$(ARCH) .
-	docker run --rm -i \
-		-e VERSION=$(VERSION) \
-		-e DOCKER_GITCOMMIT=$(GITCOMMIT) \
-		-v $(CURDIR)/debbuild/$@:/build \
-		-v $(ENGINE_DIR):/engine \
-		-v $(CLI_DIR):/cli \
-		-v $(CURDIR)/systemd:/root/build-deb/systemd \
-		debbuild-$@/$(ARCH)
-	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
-
 ubuntu-zesty: ## build ubuntu zesty deb packages
 	docker build -t debbuild-$@/$(ARCH) -f $(CURDIR)/$@/Dockerfile.$(ARCH) .
 	docker run --rm -i \
@@ -106,3 +96,27 @@ debian-wheezy: ## build debian wheezy deb packages
 		-v $(CURDIR)/systemd:/root/build-deb/systemd \
 		debbuild-$@/$(ARCH)
 	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
+
+raspbian-jessie: ## build raspbian jessie deb packages
+	docker build -t debbuild-$@/$(ARCH) -f $(CURDIR)/$@/Dockerfile.$(ARCH) .
+	docker run --rm -i \
+		-e VERSION=$(VERSION) \
+		-e DOCKER_GITCOMMIT=$(GITCOMMIT) \
+		-v $(CURDIR)/debbuild/$@:/build \
+		-v $(ENGINE_DIR):/engine \
+		-v $(CLI_DIR):/cli \
+		-v $(CURDIR)/systemd:/root/build-deb/systemd \
+		debbuild-$@/$(ARCH)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@
+
+raspbian-stretch: ## build raspbian stretch deb packages
+	docker build -t debbuild-$@/$(ARCH) -f $(CURDIR)/$@/Dockerfile.$(ARCH) .
+	docker run --rm -i \
+		-e VERSION=$(VERSION) \
+		-e DOCKER_GITCOMMIT=$(GITCOMMIT) \
+		-v $(CURDIR)/debbuild/$@:/build \
+		-v $(ENGINE_DIR):/engine \
+		-v $(CLI_DIR):/cli \
+		-v $(CURDIR)/systemd:/root/build-deb/systemd \
+		debbuild-$@/$(ARCH)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) debbuild/$@

components/packaging/deb/build-deb

@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 set -x
+set -e
 # I want to rip this install-binaries script out so badly
 cd engine
 TMP_GOPATH="/go" bash hack/dockerfile/install-binaries.sh runc-dynamic containerd-dynamic proxy-dynamic tini
@@ -21,11 +22,11 @@ tilde='~' # ouch Bash 4.2 vs 4.3, you keel me
 GIT_COMMAND="git --git-dir=/root/build-deb/engine/.git --work-tree=/root/build-deb/engine/"
 debVersion="${VERSION//-/$tilde}" # using \~ or '~' here works in 4.3, but not 4.2; just ~ causes $HOME to be inserted, hence the $tilde
 # if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
-if [[ "$VERSION" == *-dev ]] || [ -n "$($GIT_COMMAND status --porcelain)" ]; then
-    gitUnix="$($GIT_COMMAND log -1 --pretty='%at')"
-    gitDate="$(date --date "@$gitUnix" +'%Y%m%d.%H%M%S')"
-    gitCommit="$($GIT_COMMAND log -1 --pretty='%h')"
-    gitVersion="git${gitDate}.0.${gitCommit}"
+if [[ "$VERSION" == *-dev ]]; then
+    # TODO: Re-introduce git commit time into version number
+    todaysDate="$(date +'%Y%m%d.%H%M%S')"
+    # We're guaranteed to have DOCKER_GITCOMMIT in the env
+    gitVersion="git${todaysDate}.0.${DOCKER_GITCOMMIT}"
     # gitVersion is now something like 'git20150128.112847.0.17e840a'
     debVersion="$debVersion~$gitVersion"
 
@@ -53,7 +54,7 @@ EOF
 export DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT-$($GIT_COMMAND rev-parse --short HEAD)}
 
 echo VERSION BBB $VERSION
-dpkg-buildpackage -v -uc -us -I.git
+dpkg-buildpackage -uc -us -I.git
 destination="/build"
 mkdir -p "$destination"
 mv -v /root/docker-ce* "$destination"

components/packaging/deb/common/rules

@@ -12,7 +12,7 @@ override_dh_gencontrol:
 
 override_dh_auto_build:
 	cd engine && ./hack/make.sh dynbinary
-	LDFLAGS='' make -C cli VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages
+	cd /go/src/github.com/docker/cli && LDFLAGS='' make VERSION=$(VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages
 
 override_dh_auto_test:
 	./engine/bundles/$(BUNDLE_VERSION)/dynbinary-daemon/dockerd -v

components/packaging/deb/raspbian-jessie/Dockerfile.armv7l

@@ -1,8 +1,13 @@
-FROM armhf/ubuntu:yakkety
+FROM resin/rpi-raspbian:jessie
 
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+# allow replacing archive mirror
+ARG APT_MIRROR=archive.raspbian.org
+RUN sed -ri "s/archive.raspbian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev  pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
 ENV GO_VERSION 1.8.3
+ENV GOARM 6
 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
@@ -20,8 +25,8 @@ RUN mkdir -p /go/src/github.com/docker && \
 	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
 
 
-ENV DISTRO ubuntu
-ENV SUITE yakkety
+ENV DISTRO raspbian
+ENV SUITE jessie
 
 WORKDIR /root/build-deb
 

components/packaging/deb/raspbian-stretch/Dockerfile.armv7l

@@ -1,9 +1,14 @@
-FROM s390x/ubuntu:yakkety
+FROM resin/rpi-raspbian:stretch
+
+# allow replacing archive mirror
+ARG APT_MIRROR=archive.raspbian.org
+RUN sed -ri "s/archive.raspbian.org/$APT_MIRROR/g" /etc/apt/sources.list
 
 RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
 ENV GO_VERSION 1.8.3
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local
+ENV GOARM 6
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local
 ENV GOPATH /go
 ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
 ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
@@ -20,8 +25,8 @@ RUN mkdir -p /go/src/github.com/docker && \
 	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
 
 
-ENV DISTRO ubuntu
-ENV SUITE yakkety
+ENV DISTRO raspbian
+ENV SUITE stretch
 
 WORKDIR /root/build-deb
 

components/packaging/deb/ubuntu-xenial/Dockerfile.aarch64

@@ -0,0 +1,36 @@
+FROM aarch64/ubuntu:xenial
+
+RUN apt-get update && apt-get install -y golang-go apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+# Install Go
+# We don't have official binary golang 1.7.5 tarballs for ARM64, eigher for Go or
+# bootstrap, so we use golang-go (1.6) as bootstrap to build Go from source code.
+# We don't use the official ARMv6 released binaries as a GOROOT_BOOTSTRAP, because
+# not all ARM64 platforms support 32-bit mode. 32-bit mode is optional for ARMv8.
+ENV GO_VERSION 1.8.3
+RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
+	&& cd /usr/src/go/src \
+	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
+
+ENV GOPATH /go
+ENV PATH /go/bin:/usr/src/go/bin:$PATH
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+ENV RUNC_BUILDTAGS apparmor seccomp selinux
+
+COPY common/ /root/build-deb/debian
+COPY build-deb /root/build-deb/build-deb
+
+RUN mkdir -p /go/src/github.com/docker && \
+	mkdir -p /go/src/github.com/opencontainers && \
+	ln -snf /engine /root/build-deb/engine && \
+	ln -snf /cli /root/build-deb/cli && \
+	ln -snf /root/build-deb/engine /go/src/github.com/docker/docker && \
+	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
+
+
+ENV DISTRO ubuntu
+ENV SUITE xenial
+
+WORKDIR /root/build-deb
+
+ENTRYPOINT ["/root/build-deb/build-deb"]

components/packaging/deb/ubuntu-yakkety/Dockerfile.x86_64

@@ -1,28 +0,0 @@
-FROM ubuntu:yakkety
-
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
-
-ENV GO_VERSION 1.8.3
-RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
-ENV GOPATH /go
-ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
-
-COPY common/ /root/build-deb/debian
-COPY build-deb /root/build-deb/build-deb
-
-RUN mkdir -p /go/src/github.com/docker && \
-	mkdir -p /go/src/github.com/opencontainers && \
-	ln -snf /engine /root/build-deb/engine && \
-	ln -snf /cli /root/build-deb/cli && \
-	ln -snf /root/build-deb/engine /go/src/github.com/docker/docker && \
-	ln -snf /root/build-deb/cli /go/src/github.com/docker/cli
-
-
-ENV DISTRO ubuntu
-ENV SUITE yakkety
-
-WORKDIR /root/build-deb
-
-ENTRYPOINT ["/root/build-deb/build-deb"]

components/packaging/deb/ubuntu-zesty/Dockerfile.armv7l

@@ -1,4 +1,4 @@
-FROM armhf/ubuntu:yakkety
+FROM armhf/ubuntu:zesty
 
 RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
 

components/packaging/detect_alpine_image

@@ -9,6 +9,8 @@ elif [ "$arch" = "armv7l" ]; then
     img="armhf/alpine"
 elif [ "$arch" = "s390x" ]; then
     img="s390x/alpine"
+elif [ "$arch" = "aarch64" ]; then
+    img="aarch64/alpine"
 else
     echo "Architecture $(arch) not supported"
     exit 1;

components/packaging/rpm/Makefile

@@ -22,7 +22,7 @@ RPMBUILD_FLAGS=-ba\
 	--define '_experimental $(DOCKER_EXPERIMENTAL)' \
 	SPECS/docker-ce.spec
 
-.PHONY: help clean rpm fedora centos fedora-25 fedora-24 centos-7
+.PHONY: help clean rpm fedora centos fedora-26 fedora-25 fedora-24 centos-7
 
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
@@ -33,10 +33,15 @@ clean: ## remove build artifacts
 
 rpm: fedora centos ## build all rpm packages
 
-fedora: fedora-25 fedora-24 ## build all fedora rpm packages
+fedora: fedora-26 fedora-25 fedora-24 ## build all fedora rpm packages
 
 centos: centos-7 ## build all centos rpm packages
 
+fedora-26: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz ## build fedora-26 rpm packages
+	docker build -t rpmbuild-$@/$(ARCH) -f $@/Dockerfile.$(ARCH) $@
+	$(RPMBUILD) rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)
+	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
+
 fedora-25: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz ## build fedora-25 rpm packages
 	docker build -t rpmbuild-$@/$(ARCH) -f $@/Dockerfile.$(ARCH) $@
 	$(RPMBUILD) rpmbuild-$@/$(ARCH) $(RPMBUILD_FLAGS)

components/packaging/rpm/fedora-26/Dockerfile.x86_64

@@ -0,0 +1,17 @@
+FROM fedora:26
+RUN dnf -y upgrade
+RUN dnf install -y @development-tools fedora-packager
+RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel systemd-devel tar git cmake vim-common
+ENV GO_VERSION 1.8.3
+ENV DISTRO fedora
+ENV SUITE 26
+RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV GOPATH /go
+ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux
+ENV RUNC_BUILDTAGS seccomp selinux
+RUN mkdir -p /go/src/github.com/docker && mkdir -p /go/src/github.com/opencontainers
+COPY docker-ce.spec /root/rpmbuild/SPECS/docker-ce.spec
+WORKDIR /root/rpmbuild
+ENTRYPOINT ["/bin/rpmbuild"]

components/packaging/rpm/fedora-26/docker-ce.spec

@@ -0,0 +1,223 @@
+Name: docker-ce
+Version: %{_version}
+Release: %{_release}%{?dist}
+Summary: The open-source application container engine
+Group: Tools/Docker
+License: ASL 2.0
+Source0: engine.tgz
+Source1: cli.tgz
+URL: https://www.docker.com
+Vendor: Docker
+Packager: Docker <support@docker.com>
+
+# DWZ problem with multiple golang binary, see bug
+# https://bugzilla.redhat.com/show_bug.cgi?id=995136#c12
+%global _dwz_low_mem_die_limit 0
+%global is_systemd 1
+%global with_selinux 1
+
+BuildRequires: pkgconfig(systemd)
+
+# required packages on install
+Requires: /bin/sh
+Requires: container-selinux >= 2.9
+Requires: iptables
+Requires: libcgroup
+Requires: systemd-units
+Requires: tar
+Requires: xz
+
+# Resolves: rhbz#1165615
+Requires: device-mapper-libs >= 1.02.90-1
+
+# conflicting packages
+Conflicts: docker
+Conflicts: docker-io
+Conflicts: docker-engine-cs
+Conflicts: docker-ee
+
+# Obsolete packages
+Obsoletes: docker-ce-selinux
+Obsoletes: docker-engine-selinux
+Obsoletes: docker-engine
+
+%description
+Docker is an open source project to build, ship and run any application as a
+lightweight container.
+
+Docker containers are both hardware-agnostic and platform-agnostic. This means
+they can run anywhere, from your laptop to the largest EC2 compute instance and
+everything in between - and they don't require you to use a particular
+language, framework or packaging system. That makes them great building blocks
+for deploying and scaling web apps, databases, and backend services without
+depending on a particular stack or provider.
+
+%prep
+%setup -q -c -n src -a 1
+
+%build
+export DOCKER_GITCOMMIT=%{_gitcommit}
+mkdir -p /go/src/github.com/docker
+rm -f /go/src/github.com/docker/cli
+ln -s /root/rpmbuild/BUILD/src/cli /go/src/github.com/docker/cli
+pushd /go/src/github.com/docker/cli
+make VERSION=%{_origversion} GITCOMMIT=%{_gitcommit} dynbinary manpages # cli
+popd
+pushd engine
+TMP_GOPATH="/go" hack/dockerfile/install-binaries.sh runc-dynamic containerd-dynamic proxy-dynamic tini
+hack/make.sh dynbinary
+popd
+mkdir -p plugin
+printf '{"edition_type":"ce","edition_name":"%s","edition_version":"%s"}\n' "${DISTRO}" "%{_version}" > plugin/.plugin-metadata
+
+%check
+cli/build/docker -v
+engine/bundles/%{_origversion}/dynbinary-daemon/dockerd -v
+
+%install
+# install binary
+install -d $RPM_BUILD_ROOT/%{_bindir}
+install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker
+install -p -m 755 engine/bundles/%{_origversion}/dynbinary-daemon/dockerd-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/dockerd
+
+# install proxy
+install -p -m 755 /usr/local/bin/docker-proxy $RPM_BUILD_ROOT/%{_bindir}/docker-proxy
+
+# install containerd
+install -p -m 755 /usr/local/bin/docker-containerd $RPM_BUILD_ROOT/%{_bindir}/docker-containerd
+install -p -m 755 /usr/local/bin/docker-containerd-shim $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-shim
+install -p -m 755 /usr/local/bin/docker-containerd-ctr $RPM_BUILD_ROOT/%{_bindir}/docker-containerd-ctr
+
+# install runc
+install -p -m 755 /usr/local/bin/docker-runc $RPM_BUILD_ROOT/%{_bindir}/docker-runc
+
+# install tini
+install -p -m 755 /usr/local/bin/docker-init $RPM_BUILD_ROOT/%{_bindir}/docker-init
+
+# install udev rules
+install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d
+install -p -m 644 engine/contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules
+
+# add init scripts
+install -d $RPM_BUILD_ROOT/etc/sysconfig
+install -d $RPM_BUILD_ROOT/%{_initddir}
+install -d $RPM_BUILD_ROOT/%{_unitdir}
+install -p -m 644 /systemd/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service
+# add bash, zsh, and fish completions
+install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
+install -d $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions
+install -d $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d
+install -p -m 644 cli/contrib/completion/bash/docker $RPM_BUILD_ROOT/usr/share/bash-completion/completions/docker
+install -p -m 644 cli/contrib/completion/zsh/_docker $RPM_BUILD_ROOT/usr/share/zsh/vendor-completions/_docker
+install -p -m 644 cli/contrib/completion/fish/docker.fish $RPM_BUILD_ROOT/usr/share/fish/vendor_completions.d/docker.fish
+
+# install manpages
+install -d %{buildroot}%{_mandir}/man1
+install -p -m 644 cli/man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1
+install -d %{buildroot}%{_mandir}/man5
+install -p -m 644 cli/man/man5/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5
+install -d %{buildroot}%{_mandir}/man8
+install -p -m 644 cli/man/man8/*.8 $RPM_BUILD_ROOT/%{_mandir}/man8
+
+# add vimfiles
+install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc
+install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect
+install -d $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax
+install -p -m 644 engine/contrib/syntax/vim/doc/dockerfile.txt $RPM_BUILD_ROOT/usr/share/vim/vimfiles/doc/dockerfile.txt
+install -p -m 644 engine/contrib/syntax/vim/ftdetect/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
+install -p -m 644 engine/contrib/syntax/vim/syntax/dockerfile.vim $RPM_BUILD_ROOT/usr/share/vim/vimfiles/syntax/dockerfile.vim
+
+# add nano
+install -d $RPM_BUILD_ROOT/usr/share/nano
+install -p -m 644 engine/contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/share/nano/Dockerfile.nanorc
+
+mkdir -p build-docs
+for engine_file in AUTHORS CHANGELOG.md CONTRIBUTING.md LICENSE MAINTAINERS NOTICE README.md; do
+    cp "engine/$engine_file" "build-docs/engine-$engine_file"
+done
+for cli_file in LICENSE MAINTAINERS NOTICE README.md; do
+    cp "cli/$cli_file" "build-docs/cli-$cli_file"
+done
+
+# list files owned by the package here
+%files
+%doc build-docs/engine-AUTHORS build-docs/engine-CHANGELOG.md build-docs/engine-CONTRIBUTING.md build-docs/engine-LICENSE build-docs/engine-MAINTAINERS build-docs/engine-NOTICE build-docs/engine-README.md
+%doc build-docs/cli-LICENSE build-docs/cli-MAINTAINERS build-docs/cli-NOTICE build-docs/cli-README.md
+/%{_bindir}/docker
+/%{_bindir}/dockerd
+/%{_bindir}/docker-containerd
+/%{_bindir}/docker-containerd-shim
+/%{_bindir}/docker-containerd-ctr
+/%{_bindir}/docker-proxy
+/%{_bindir}/docker-runc
+/%{_bindir}/docker-init
+/%{_sysconfdir}/udev/rules.d/80-docker.rules
+/%{_unitdir}/docker.service
+/usr/share/bash-completion/completions/docker
+/usr/share/zsh/vendor-completions/_docker
+/usr/share/fish/vendor_completions.d/docker.fish
+%doc
+/%{_mandir}/man1/*
+/%{_mandir}/man5/*
+/%{_mandir}/man8/*
+/usr/share/vim/vimfiles/doc/dockerfile.txt
+/usr/share/vim/vimfiles/ftdetect/dockerfile.vim
+/usr/share/vim/vimfiles/syntax/dockerfile.vim
+/usr/share/nano/Dockerfile.nanorc
+
+%pre
+if [ $1 -gt 0 ] ; then
+    # package upgrade scenario, before new files are installed
+
+    # clear any old state
+    rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
+
+    # check if docker service is running
+    if systemctl is-active docker > /dev/null 2>&1; then
+        systemctl stop docker > /dev/null 2>&1 || :
+        touch %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
+    fi
+fi
+
+%post
+%systemd_post docker
+if ! getent group docker > /dev/null; then
+    groupadd --system docker
+fi
+
+%preun
+%systemd_preun docker
+
+%postun
+%systemd_postun_with_restart docker
+
+%posttrans
+if [ $1 -ge 0 ] ; then
+    # package upgrade scenario, after new files are installed
+
+    # check if docker was running before upgrade
+    if [ -f %{_localstatedir}/lib/rpm-state/docker-is-active ]; then
+        systemctl start docker > /dev/null 2>&1 || :
+        rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
+    fi
+fi
+
+%changelog
+
+* Wed Jun 21 2017 <eli.uriegas@docker.com> 17.06.0-ce
+- release docker-ce 17.06.0-ce
+
+* Mon Jun 19 2017 <eli.uriegas@docker.com> 17.06.0-ce-rc5
+- release docker-ce 17.06.0-ce-rc5
+
+* Thu Jun 15 2017 <andrewhsu@docker.com> 17.06.0-ce-rc4
+- release docker-ce 17.06.0-ce-rc4
+
+* Tue Jun 13 2017 <andrewhsu@docker.com> 17.06.0-ce-rc3
+- release docker-ce 17.06.0-ce-rc3
+
+* Wed Jun 07 2017 <andrewhsu@docker.com> 17.06.0-ce-rc2
+- release docker-ce 17.06.0-ce-rc2
+
+* Mon May 29 2017 <andrewhsu@docker.com> 17.06.0-ce-rc1
+- release docker-ce 17.06.0-ce-rc1