Sync from SUSE:ALP:Source:Standard:1.0 docker revision 35c51a320f1cdbfe20c3f3f295515861

0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch

@@ -1,4 +1,4 @@
-From 4ae999e2bf6cea95845ce16baf262193947028c3 Mon Sep 17 00:00:00 2001
+From 8d12a0ed33fc4e099c59b4d977b2ce18cdc600e1 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <cyphar@cyphar.com>
 Date: Wed, 4 Jun 2025 15:01:37 +1000
 Subject: [PATCH 1/6] SECRETS: SUSE: always clear our internal secrets

0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch

@@ -1,4 +1,4 @@
-From 6f03d8d6c52c95823d5d730416b2b8b111a9f2a3 Mon Sep 17 00:00:00 2001
+From c12e6960ee87d7944001e22f0ce3ada72a6a9cea Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 8 Mar 2017 12:41:54 +1100
 Subject: [PATCH 2/6] SECRETS: daemon: allow directory creation in /run/secrets

0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch

@@ -1,4 +1,4 @@
-From 12c87ffce6cea19c87213e9a0174f5cc31ac3891 Mon Sep 17 00:00:00 2001
+From 915d237a25cc9639de24ad3e36f3d299be137e8a Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 8 Mar 2017 11:43:29 +1100
 Subject: [PATCH 3/6] SECRETS: SUSE: implement SUSE container secrets

0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch

@@ -1,4 +1,4 @@
-From be344f919f392cad31c96f53615d0010d7c1bab8 Mon Sep 17 00:00:00 2001
+From c078332b3a52f0e220fd19f476c30dee50f7c1e3 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Mon, 22 May 2023 15:44:54 +1000
 Subject: [PATCH 4/6] BUILD: SLE12: revert "graphdriver/btrfs: use kernel UAPI

0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch

@@ -1,4 +1,4 @@
-From f6e33b35f540cc1ac3c7cc6403916e23239fdb23 Mon Sep 17 00:00:00 2001
+From e9aff2856f7b827ebb6964b5fd33fc51e2b6f0ec Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Fri, 29 Jun 2018 17:59:30 +1000
 Subject: [PATCH 5/6] bsc1073877: apparmor: clobber docker-default profile on

0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch

@@ -1,4 +1,4 @@
-From 7bd32fa91ed29b32d42991304b9a55a1f7db2ece Mon Sep 17 00:00:00 2001
+From d4db647a40c0c8992dc2eeb862e8bafaff58cca3 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 11 Oct 2023 21:19:12 +1100
 Subject: [PATCH 6/6] SLE12: revert "apparmor: remove version-conditionals from

_service

@@ -3,24 +3,24 @@
     <param name="url">https://github.com/moby/moby.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="versionformat">28.4.0_ce_%h</param>
-    <param name="revision">v28.4.0</param>
+    <param name="versionformat">28.5.1_ce_%h</param>
+    <param name="revision">v28.5.1</param>
     <param name="filename">docker</param>
   </service>
   <service name="tar_scm" mode="manual">
     <param name="url">https://github.com/docker/cli.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="versionformat">28.4.0_ce</param>
-    <param name="revision">v28.4.0</param>
+    <param name="versionformat">28.5.1_ce</param>
+    <param name="revision">v28.5.1</param>
     <param name="filename">docker-cli</param>
   </service>
   <service name="tar_scm" mode="manual">
     <param name="url">https://github.com/docker/buildx.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="versionformat">0.28.0</param>
-    <param name="revision">v0.28.0</param>
+    <param name="versionformat">0.29.0</param>
+    <param name="revision">v0.29.0</param>
     <param name="filename">docker-buildx</param>
   </service>
   <service name="recompress" mode="manual">

cli-0001-openSUSE-point-users-to-docker-buildx-package.patch

@@ -1,4 +1,4 @@
-From 02b49739668ea5ffb0b240c2a264eb9bb378f56f Mon Sep 17 00:00:00 2001
+From d5cf64f9cb8b5382a4f87700a80a0bc2c8d3185e Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <cyphar@cyphar.com>
 Date: Mon, 1 Sep 2025 16:05:24 +1000
 Subject: [PATCH 1/2] openSUSE: point users to docker-buildx package

cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch

@@ -1,4 +1,4 @@
-From b7fb811f2c032bdd42b914aa00dc2a793ddb003f Mon Sep 17 00:00:00 2001
+From fbc4c8b4ac9f5ba5604fb2987fe53648fc63a009 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <cyphar@cyphar.com>
 Date: Fri, 15 Aug 2025 19:55:53 +1000
 Subject: [PATCH 2/2] SECRETS: SUSE: default to DOCKER_BUILDKIT=0 for "docker
@@ -34,7 +34,7 @@ Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
  1 file changed, 23 insertions(+), 5 deletions(-)
 
 diff --git a/cmd/docker/builder.go b/cmd/docker/builder.go
-index ff3becd1c9e7..61306cc6785e 100644
+index ff3becd1c9e7..bfbaf566148c 100644
 --- a/cmd/docker/builder.go
 +++ b/cmd/docker/builder.go
 @@ -23,9 +23,19 @@
@@ -53,10 +53,10 @@ index ff3becd1c9e7..61306cc6785e 100644
 +        the legacy builder, set the DOCKER_BUILDKIT=0 environment-variable.
 +
 +        In order to opt-in to using BuildKit, set the DOCKER_BUILDKIT=1
-+        environment-variable. See the SLE16 documentation for information on
-+        how to switch to BuildKit while still maintaining access to SCC
-+        credentials. In order to use BuildKit, you must have the docker-buildx
-+        package installed.`
++        environment-variable. See the SUSE Linux Enterprise Server 15
++        documentation for information on how to switch to BuildKit while still
++        maintaining access to SCC credentials. In order to use BuildKit, you
++        must have the docker-buildx package installed.`
  
  	buildxMissingError = `ERROR: BuildKit is enabled but the buildx component is missing or broken.
         Install the docker-buildx package to build images with BuildKit:

docker-daemon.json

@@ -4,5 +4,6 @@
   "log-opts": {
     "max-size": "10m",
     "max-file": "5"
-  }
+  },
+  "selinux-enabled": true
 }

docker-integration.sh

@@ -180,7 +180,9 @@ fi
 	mv -nv /etc/docker/suse-secrets-enable{,-DISABLED}
 sudo systemctl restart docker
 
-# Make sure docker-buildx is disabled.
+# We need to disable docker-buildx for the integration-cli tests because
+# otherwise the "docker build" command will use the wrong builder and the
+# output won't match what the tests expect.
 [ -e /usr/lib/docker/cli-plugins/docker-buildx ] && \
 	mv -nv /usr/lib/docker/cli-plugins/docker-buildx{,-DISABLED}
 
@@ -250,9 +252,6 @@ for suite_name in "${SUITES[@]}"; do
 	[ -n "$filter" ] && test_flags+=("-test.run" "$filter")
 
 	if [[ "$suite_name" == "integration-cli" ]]; then
-		# We need to disable docker-buildx for the integration-cli tests
-		# because otherwise the "docker build" command will use the wrong
-		# builder and the output won't match what the tests expect.
 		timeout=360m
 	fi
 	test_flags+=("-test.timeout" "$timeout")

docker.changes

@@ -1,3 +1,68 @@
+-------------------------------------------------------------------
+Mon Oct 27 23:55:45 UTC 2025 - Aleksa Sarai <asarai@suse.com>
+
+- Enable SELinux in default daemon.json config (--selinux-enabled). This has no
+  practical impact on non-SELinux systems. bsc#1252290
+
+-------------------------------------------------------------------
+Wed Oct  8 16:45:29 UTC 2025 - Aleksa Sarai <asarai@suse.com>
+
+- Update to Docker 28.5.1-ce. See upstream changelog online at
+  <https://docs.docker.com/engine/release-notes/28/#2851>
+- Rebased patches:
+  * 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
+  * 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+  * 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+  * 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+  * 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+  * 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+  * cli-0001-openSUSE-point-users-to-docker-buildx-package.patch
+  * cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch
+- Remove upstreamed patch:
+  - 0007-Add-back-vendor.sum.patch
+
+-------------------------------------------------------------------
+Fri Oct  3 07:35:39 UTC 2025 - Aleksa Sarai <asarai@suse.com>
+
+- Update to Docker 28.5.0-ce. See upstream changelog online at
+  <https://docs.docker.com/engine/release-notes/28/#2850>
+- Backport <https://github.com/moby/moby/pull/51091> to re-add vendor.sum,
+  fixing our builds.
+  + 0007-Add-back-vendor.sum.patch
+- Rebased patches:
+  * 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
+  * 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+  * 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+  * 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+  * 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+  * 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+  * cli-0001-openSUSE-point-users-to-docker-buildx-package.patch
+  * cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch
+
+-------------------------------------------------------------------
+Wed Oct  1 04:57:46 UTC 2025 - Aleksa Sarai <asarai@suse.com>
+
+- Update to docker-buildx v0.29.0. Upstream changelog:
+  <https://github.com/docker/buildx/releases/tag/v0.29.0>
+
+-------------------------------------------------------------------
+Mon Sep 29 11:15:30 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Remove git-core recommends also on openSUSE: the below argument
+  is valid for those users too.
+
+-------------------------------------------------------------------
+Mon Sep 29 05:25:36 UTC 2025 - Aleksa Sarai <asarai@suse.com>
+
+- Remove git-core recommends on SLE. Most SLE systems have
+  installRecommends=yes by default and thus end up installing git with Docker.
+  bsc#1250508
+
+  This feature is mostly intended for developers ("docker build git://") so
+  most users already have the dependency installed, and the error when git is
+  missing is fairly straightforward (so they can easily figure out what they
+  need to install).
+
 -------------------------------------------------------------------
 Thu Sep  4 08:37:24 UTC 2025 - Aleksa Sarai <asarai@suse.com>
 

docker.spec

@@ -53,8 +53,8 @@
 %endif
 
 # MANUAL: This needs to be updated with every docker update.
-%define docker_real_version 28.4.0
-%define docker_git_version 249d679a6
+%define docker_real_version 28.5.1
+%define docker_git_version f8215cc26
 %define docker_version %{docker_real_version}_ce
 # This "nice version" is so that docker --version gives a result that can be
 # parsed by other people. boo#1182476
@@ -62,7 +62,7 @@
 
 %if %{with buildx}
 # MANUAL: This needs to be updated with every docker-buildx update.
-%define buildx_version 0.28.0
+%define buildx_version 0.29.0
 %endif
 
 # Used when generating the "build" information for Docker version. The value of
@@ -70,7 +70,7 @@
 # helpfully injects into our build environment from the changelog). If you want
 # to generate a new git_commit_epoch, use this:
 #  $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
-%define git_commit_epoch 1756931329
+%define git_commit_epoch 1759890872
 
 Name:           docker%{flavour}
 Version:        %{docker_version}
@@ -186,7 +186,6 @@ Requires(post): %fillup_prereq
 Requires(post): udev
 Requires(post): shadow
 Recommends:     %{name}-rootless-extras
-Recommends:     git-core >= 1.7
 ExcludeArch:    s390 ppc
 
 %description