Accepting request 717727 from Virtualization:containers

Docker v19.03.0-ce update. OBS-URL: https://build.opensuse.org/request/show/717727 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=92
2019-07-28 08:16:44 +00:00 · 2019-07-28 08:16:44 +00:00 · 06d25ab841
commit 06d25ab841
parent 2ed19d8c42 ff604e37bb
14 changed files with 100 additions and 640 deletions
--- a/4
+++ b/4
@ -3,8 +3,8 @@
    <param name="url">https://github.com/docker/docker-ce.git</param>
    <param name="scm">git</param>
    <param name="exclude">.git</param>
-    <param name="versionformat">18.09.7_ce_%h</param>
+    <param name="versionformat">19.03.0_ce_%h</param>
-    <param name="revision">v18.09.7</param>
+    <param name="revision">v19.03.0</param>
    <param name="filename">docker</param>
  </service>
  <service name="recompress" mode="disabled">
--- a/bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
+++ b/bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
@ -1,66 +0,0 @@
 From a3e63ddd20b7f52ff5e81bdb1beb867d28a1c9c8 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Sun, 17 Jun 2018 17:05:54 +1000
 Subject: [PATCH 1/2] oci: include the domainname in "kernel.domainname"
 The OCI doesn't have a specific field for an NIS domainname[1] (mainly
 because FreeBSD and Solaris appear to have a similar concept but it is
 configured entirely differently).
 However, on Linux, the NIS domainname can be configured through both the
 setdomainname(2) syscall but also through the "kernel.domainname"
 sysctl. Since the OCI has a way of injecting sysctls this means we don't
 need to have any OCI changes to support NIS domainnames (and we can
 always switch if the OCI picks up such support in the future).
 It should be noted that because we have to generate this each spec
 creation we also have to make sure that it's not clobbered by the
 HostConfig. I'm pretty sure making this change generic (so that
 HostConfig will not clobber any pre-set sysctls) will not cause other
 issues to crop up.
 [1]: https://github.com/opencontainers/runtime-spec/issues/592
 SUSE-Bugs: bsc#1001161
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
 components/engine/daemon/oci_linux.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)
 diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go
 index 7611fc054d13..d5838623528e 100644
 --- a/components/engine/daemon/oci_linux.go
 +++ b/components/engine/daemon/oci_linux.go
@@ -679,7 +679,15 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container)
 	s.Process.Cwd = cwd
 	s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
 	s.Process.Terminal = c.Config.Tty
 -	s.Hostname = c.FullHostname()
 +
 +	s.Hostname = c.Config.Hostname
 +	// There isn't a field in the OCI for the NIS domainname, but luckily there
 +	// is a sysctl which has an identical effect to setdomainname(2) so there's
 +	// no explicit need for runtime support.
 +	s.Linux.Sysctl = make(map[string]string)
 +	if c.Config.Domainname != "" {
 +		s.Linux.Sysctl["kernel.domainname"] = c.Config.Domainname
 +	}
 	return nil
 }
@@ -715,7 +723,11 @@ func (daemon *Daemon) createSpec(c *container.Container) (retSpec *specs.Spec, e
 	if err := setResources(&s, c.HostConfig.Resources); err != nil {
 		return nil, fmt.Errorf("linux runtime spec resources: %v", err)
 	}
 -	s.Linux.Sysctl = c.HostConfig.Sysctls
 +	// We merge the sysctls injected above with the HostConfig (latter takes
 +	// precedence for backwards-compatibility reasons).
 +	for k, v := range c.HostConfig.Sysctls {
 +		s.Linux.Sysctl[k] = v
 +	}
 	p := s.Linux.CgroupsPath
 	if useSystemd {
 -- 
 2.21.0
--- a/bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
+++ b/bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
@ -1,216 +0,0 @@
 From 1b4f9787461d00dceea94d51af8db80f0b6aa906 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Mon, 18 Jun 2018 21:58:23 +1000
 Subject: [PATCH 2/2] cli: add a separate --domainname flag
 A while ago, Docker split the "Domainname" field out from the "Hostname"
 field for the container configuration. There was no real user-visible
 change associated with this (and under the hood "Domainname" was mostly
 left unused from the command-line point of view). We now add this flag
 in order to match other proposed changes to allow for setting the NIS
 domainname of a container.
 This also includes a fix for the --hostname parsing tests (they would
 not error out if only one of .Hostname and .Domainname were incorrectly
 set -- which is not correct).
 SUSE-Bugs: bsc#1001161
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
 components/cli/cli/command/container/opts.go  |  3 ++
 .../cli/cli/command/container/opts_test.go    | 31 ++++++++++++++++---
 components/cli/contrib/completion/bash/docker |  1 +
 components/cli/contrib/completion/zsh/_docker |  1 +
 .../cli/docs/reference/commandline/create.md  |  1 +
 .../cli/docs/reference/commandline/run.md     |  1 +
 .../reference/commandline/service_create.md   |  2 +-
 components/cli/docs/reference/run.md          |  6 ++--
 components/cli/man/docker-run.1.md            |  7 +++++
 9 files changed, 44 insertions(+), 9 deletions(-)
 diff --git a/components/cli/cli/command/container/opts.go b/components/cli/cli/command/container/opts.go
 index 97906b672252..7cd9ce998c8b 100644
 --- a/components/cli/cli/command/container/opts.go
 +++ b/components/cli/cli/command/container/opts.go
@@ -74,6 +74,7 @@ type containerOptions struct {
 	containerIDFile    string
 	entrypoint         string
 	hostname           string
 +	domainname         string
 	memory             opts.MemBytes
 	memoryReservation  opts.MemBytes
 	memorySwap         opts.MemSwapBytes
@@ -169,6 +170,7 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
 	flags.StringVar(&copts.entrypoint, "entrypoint", "", "Overwrite the default ENTRYPOINT of the image")
 	flags.Var(&copts.groupAdd, "group-add", "Add additional groups to join")
 	flags.StringVarP(&copts.hostname, "hostname", "h", "", "Container host name")
 +	flags.StringVar(&copts.domainname, "domainname", "", "Container NIS domain name")
 	flags.BoolVarP(&copts.stdin, "interactive", "i", false, "Keep STDIN open even if not attached")
 	flags.VarP(&copts.labels, "label", "l", "Set meta data on a container")
 	flags.Var(&copts.labelsFile, "label-file", "Read in a line delimited file of labels")
@@ -546,6 +548,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions) (*containerConfig, err
 	config := &container.Config{
 		Hostname:     copts.hostname,
 +		Domainname:   copts.domainname,
 		ExposedPorts: ports,
 		User:         copts.user,
 		Tty:          copts.tty,
 diff --git a/components/cli/cli/command/container/opts_test.go b/components/cli/cli/command/container/opts_test.go
 index 6d7c95a5ddb8..70bedc661751 100644
 --- a/components/cli/cli/command/container/opts_test.go
 +++ b/components/cli/cli/command/container/opts_test.go
@@ -265,14 +265,35 @@ func TestParseHostname(t *testing.T) {
 	hostnameWithDomainTld := "--hostname=hostname.domainname.tld"
 	for hostname, expectedHostname := range validHostnames {
 		if config, _ := mustParse(t, fmt.Sprintf("--hostname=%s", hostname)); config.Hostname != expectedHostname {
 -			t.Fatalf("Expected the config to have 'hostname' as hostname, got '%v'", config.Hostname)
 +			t.Fatalf("Expected the config to have 'hostname' as %q, got %q", expectedHostname, config.Hostname)
 		}
 	}
 -	if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" && config.Domainname != "" {
 -		t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got '%v'", config.Hostname)
 +	if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" || config.Domainname != "" {
 +		t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got %q", config.Hostname)
 	}
 -	if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" && config.Domainname != "" {
 -		t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got '%v'", config.Hostname)
 +	if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" || config.Domainname != "" {
 +		t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got %q", config.Hostname)
 +	}
 +}
 +
 +func TestParseHostnameDomainname(t *testing.T) {
 +	validDomainnames := map[string]string{
 +		"domainname":    "domainname",
 +		"domain-name":   "domain-name",
 +		"domainname123": "domainname123",
 +		"123domainname": "123domainname",
 +		"domainname-63-bytes-long-should-be-valid-and-without-any-errors": "domainname-63-bytes-long-should-be-valid-and-without-any-errors",
 +	}
 +	for domainname, expectedDomainname := range validDomainnames {
 +		if config, _ := mustParse(t, "--domainname="+domainname); config.Domainname != expectedDomainname {
 +			t.Fatalf("Expected the config to have 'domainname' as %q, got %q", expectedDomainname, config.Domainname)
 +		}
 +	}
 +	if config, _ := mustParse(t, "--hostname=some.prefix --domainname=domainname"); config.Hostname != "some.prefix" || config.Domainname != "domainname" {
 +		t.Fatalf("Expected the config to have 'hostname' as 'some.prefix' and 'domainname' as 'domainname', got %q and %q", config.Hostname, config.Domainname)
 +	}
 +	if config, _ := mustParse(t, "--hostname=another-prefix --domainname=domainname.tld"); config.Hostname != "another-prefix" || config.Domainname != "domainname.tld" {
 +		t.Fatalf("Expected the config to have 'hostname' as 'another-prefix' and 'domainname' as 'domainname.tld', got %q and %q", config.Hostname, config.Domainname)
 	}
 }
 diff --git a/components/cli/contrib/completion/bash/docker b/components/cli/contrib/completion/bash/docker
 index 92d57408617e..a0d4878ee311 100644
 --- a/components/cli/contrib/completion/bash/docker
 +++ b/components/cli/contrib/completion/bash/docker
@@ -1809,6 +1809,7 @@ _docker_container_run_and_create() {
 		--dns
 		--dns-option
 		--dns-search
 +		--domainname
 		--entrypoint
 		--env -e
 		--env-file
 diff --git a/components/cli/contrib/completion/zsh/_docker b/components/cli/contrib/completion/zsh/_docker
 index 94f042204dfb..9a502db0886f 100644
 --- a/components/cli/contrib/completion/zsh/_docker
 +++ b/components/cli/contrib/completion/zsh/_docker
@@ -617,6 +617,7 @@ __docker_container_subcommand() {
         "($help)*--dns=[Custom DNS servers]:DNS server: "
         "($help)*--dns-option=[Custom DNS options]:DNS option: "
         "($help)*--dns-search=[Custom DNS search domains]:DNS domains: "
 +        "($help)*--domainname=[Container NIS domain name]:domainname:_hosts"
         "($help)*"{-e=,--env=}"[Environment variables]:environment variable: "
         "($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: "
         "($help)*--env-file=[Read environment variables from a file]:environment file:_files"
 diff --git a/components/cli/docs/reference/commandline/create.md b/components/cli/docs/reference/commandline/create.md
 index d585da40ae1e..c829dbb3e5b9 100644
 --- a/components/cli/docs/reference/commandline/create.md
 +++ b/components/cli/docs/reference/commandline/create.md
@@ -53,6 +53,7 @@ Options:
       --dns value                     Set custom DNS servers (default [])
       --dns-option value              Set DNS options (default [])
       --dns-search value              Set custom DNS search domains (default [])
 +      --domainname string             Container NIS domain name
       --entrypoint string             Overwrite the default ENTRYPOINT of the image
   -e, --env value                     Set environment variables (default [])
       --env-file value                Read in a file of environment variables (default [])
 diff --git a/components/cli/docs/reference/commandline/run.md b/components/cli/docs/reference/commandline/run.md
 index 6a2630bd1978..a4721e4a7761 100644
 --- a/components/cli/docs/reference/commandline/run.md
 +++ b/components/cli/docs/reference/commandline/run.md
@@ -57,6 +57,7 @@ Options:
       --dns value                     Set custom DNS servers (default [])
       --dns-option value              Set DNS options (default [])
       --dns-search value              Set custom DNS search domains (default [])
 +      --domainname string             Container NIS domain name
       --entrypoint string             Overwrite the default ENTRYPOINT of the image
   -e, --env value                     Set environment variables (default [])
       --env-file value                Read in a file of environment variables (default [])
 diff --git a/components/cli/docs/reference/commandline/service_create.md b/components/cli/docs/reference/commandline/service_create.md
 index bc68128d0cf9..b395a0bda064 100644
 --- a/components/cli/docs/reference/commandline/service_create.md
 +++ b/components/cli/docs/reference/commandline/service_create.md
@@ -755,7 +755,7 @@ The swarm extends my-network to each node running the service.
 Containers on the same network can access each other using
 [service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery).
 -Long form syntax of `--network` allows to specify list of aliases and driver options:  
 +Long form syntax of `--network` allows to specify list of aliases and driver options:
 `--network name=my-network,alias=web1,driver-opt=field1=value1`
 ### Publish service ports externally to the swarm (-p, --publish)
 diff --git a/components/cli/docs/reference/run.md b/components/cli/docs/reference/run.md
 index a59a30525554..695974fe533c 100644
 --- a/components/cli/docs/reference/run.md
 +++ b/components/cli/docs/reference/run.md
@@ -256,7 +256,7 @@ The UTS namespace is for setting the hostname and the domain that is visible
 to running processes in that namespace.  By default, all containers, including
 those with `--network=host`, have their own UTS namespace.  The `host` setting will
 result in the container using the same UTS namespace as the host.  Note that
 -`--hostname` is invalid in `host` UTS mode.
 +`--hostname` and `--domainname` are invalid in `host` UTS mode.
 You may wish to share the UTS namespace with the host if you would like the
 hostname of the container to change as the hostname of the host changes.  A
@@ -396,8 +396,8 @@ network stack and all interfaces from the host will be available to the
 container.  The container's hostname will match the hostname on the host
 system. Note that `--mac-address` is invalid in `host` netmode. Even in `host`
 network mode a container has its own UTS namespace by default. As such
 -`--hostname` is allowed in `host` network mode and will only change the
 -hostname inside the container.
 +`--hostname` and `--domainname` are allowed in `host` network mode and will
 +only change the hostname and domain name inside the container.
 Similar to `--hostname`, the `--add-host`, `--dns`, `--dns-search`, and
 `--dns-option` options can be used in `host` network mode. These options update
 `/etc/hosts` or `/etc/resolv.conf` inside the container. No change are made to
 diff --git a/components/cli/man/docker-run.1.md b/components/cli/man/docker-run.1.md
 index e03377001d4e..4a1464a74200 100644
 --- a/components/cli/man/docker-run.1.md
 +++ b/components/cli/man/docker-run.1.md
@@ -35,6 +35,7 @@ docker-run - Run a command in a new container
 [**--dns**[=*[]*]]
 [**--dns-option**[=*[]*]]
 [**--dns-search**[=*[]*]]
 +[**--domainname**[=*DOMAINNAME*]]
 [**-e**|**--env**[=*[]*]]
 [**--entrypoint**[=*ENTRYPOINT*]]
 [**--env-file**[=*[]*]]
@@ -285,6 +286,12 @@ configuration passed to the container. Typically this is necessary when the
 host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this
 is the case the **--dns** flags is necessary for every run.
 +**--domainname**=""
 +   Container NIS domain name
 +
 +   Sets the container's NIS domain name (see also **setdomainname(2)**) that is
 +   available inside the container.
 +
 **-e**, **--env**=[]
    Set environment variables
 -- 
 2.21.0
--- a/bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
+++ b/bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
@ -1,58 +0,0 @@
 From 64f1dfcbe4313bccacbe603dcb444da82d9136d7 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Thu, 23 Aug 2018 19:53:55 +1000
 Subject: [PATCH] man: obey SOURCE_DATE_EPOCH when generating man pages
 Previously our man pages included the current time each time they were
 generated. This causes an issue for reproducible builds, since each
 re-build of a package that includes the man pages will have different
 times listed in the man pages.
 To fix this, add support for SOURCE_DATE_EPOCH (which is a standardised
 packaging environment variable, designed to be used specifically for
 this purpose[1]). spf13/cobra doesn't support this natively yet (though
 I will push a patch for that as well), but it's simpler to fix it
 directly in docker/cli.
 [1]: https://reproducible-builds.org/specs/source-date-epoch/
 SUSE-Bugs: boo#1047218
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
 components/cli/man/generate.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 diff --git a/components/cli/man/generate.go b/components/cli/man/generate.go
 index 2d940e31fd10..e5e480be3f32 100644
 --- a/components/cli/man/generate.go
 +++ b/components/cli/man/generate.go
@@ -6,6 +6,8 @@ import (
 	"log"
 	"os"
 	"path/filepath"
 +	"strconv"
 +	"time"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/commands"
@@ -24,6 +26,17 @@ func generateManPages(opts *options) error {
 		Source:  "Docker Community",
 	}
 +	// If SOURCE_DATE_EPOCH is set, in order to allow reproducible package
 +	// builds, we explicitly set the build time to SOURCE_DATE_EPOCH.
 +	if epoch := os.Getenv("SOURCE_DATE_EPOCH"); epoch != "" {
 +		unixEpoch, err := strconv.ParseInt(epoch, 10, 64)
 +		if err != nil {
 +			return fmt.Errorf("invalid SOURCE_DATE_EPOCH: %v", err)
 +		}
 +		now := time.Unix(unixEpoch, 0)
 +		header.Date = &now
 +	}
 +
 	stdin, stdout, stderr := term.StdStreams()
 	dockerCli := command.NewDockerCli(stdin, stdout, stderr, false, nil)
 	cmd := &cobra.Command{Use: "docker"}
 -- 
 2.21.0
--- a/bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
+++ b/bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
@ -1,4 +1,4 @@
-From 66a84fc12ea9c9a4a9805550b3cd2055862ef1c6 Mon Sep 17 00:00:00 2001
+From a67925f5d977db2b5a1b0162149cbd0de2b20598 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Fri, 29 Jun 2018 17:59:30 +1000
 Subject: [PATCH] apparmor: clobber docker-default profile on start
@ -17,8 +17,8 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
 components/engine/daemon/apparmor_default.go       | 14 ++++++++++----
 .../engine/daemon/apparmor_default_unsupported.go  |  4 ++++
- components/engine/daemon/daemon.go                 |  4 +++-
+ components/engine/daemon/daemon.go                 |  5 +++--
- 3 files changed, 17 insertions(+), 5 deletions(-)
+ 3 files changed, 17 insertions(+), 6 deletions(-)
 diff --git a/components/engine/daemon/apparmor_default.go b/components/engine/daemon/apparmor_default.go
 index 461f5c7f96b2..8f21c5c0c566 100644
@ -68,13 +68,14 @@ index 51f9c526b350..97d7758442ee 100644
 	return nil
 }
 diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
-index a307863017ab..67cd286002bf 100644
+index f049b0d2a41f..7bd89e76b32f 100644
 --- a/components/engine/daemon/daemon.go
 +++ b/components/engine/daemon/daemon.go
-@@ -735,7 +735,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
+@@ -807,8 +807,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 		logrus.Warnf("Failed to configure golang's threads limit: %v", err)
 	}
 -	// ensureDefaultAppArmorProfile does nothing if apparmor is disabled
 -	if err := ensureDefaultAppArmorProfile(); err != nil {
 +	// Make sure we clobber any pre-existing docker-default profile to ensure
 +	// that upgrades to the profile actually work smoothly.
@ -83,5 +84,5 @@ index a307863017ab..67cd286002bf 100644
 	}
 -- 
-2.21.0
+2.22.0
--- a/bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
+++ b/bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
@ -1,121 +0,0 @@
 From c2e035cbcb9a9fb7f89f729bef5b3354891fcdad Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Tue, 12 Mar 2019 18:37:31 +1100
 Subject: [PATCH] integration-cli: don't build -test images if they already
 exist
 There's no need to try to re-build the test images if they already
 exist. This change makes basically no difference to the upstream
 integration test-suite running, but for users who want to run the
 integration-cli suite on a host machine (such as distributions doing
 tests) this change allows images to be pre-loaded such that compilers
 aren't needed on the test machine.
 However, this does remove the accidental re-compilation of nnp-test, as
 well as handling errors far more cleanly (previously if an error
 occurred during a test build, further tests won't attempt to rebuild
 it).
 SUSE-Bugs: bsc#1128746
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
 .../fixtures_linux_daemon_test.go             | 21 +++++++++--------
 .../internal/test/environment/environment.go  | 23 +++++++++++++++++++
 2 files changed, 35 insertions(+), 9 deletions(-)
 diff --git a/components/engine/integration-cli/fixtures_linux_daemon_test.go b/components/engine/integration-cli/fixtures_linux_daemon_test.go
 index 5c874ec14b0c..ab152f4a9988 100644
 --- a/components/engine/integration-cli/fixtures_linux_daemon_test.go
 +++ b/components/engine/integration-cli/fixtures_linux_daemon_test.go
@@ -8,7 +8,6 @@ import (
 	"path/filepath"
 	"runtime"
 	"strings"
 -	"sync"
 	"github.com/docker/docker/internal/test/fixtures/load"
 	"github.com/go-check/check"
@@ -24,17 +23,13 @@ type logT interface {
 	Logf(string, ...interface{})
 }
 -var ensureSyscallTestOnce sync.Once
 -
 func ensureSyscallTest(c *check.C) {
 -	var doIt bool
 -	ensureSyscallTestOnce.Do(func() {
 -		doIt = true
 -	})
 -	if !doIt {
 +	defer testEnv.ProtectImage(c, "syscall-test:latest")
 +
 +	// If the image already exists, there's nothing left to do.
 +	if testEnv.HasExistingImage(c, "syscall-test:latest") {
 		return
 	}
 -	defer testEnv.ProtectImage(c, "syscall-test:latest")
 	// if no match, must build in docker, which is significantly slower
 	// (slower mostly because of the vfs graphdriver)
@@ -93,6 +88,14 @@ func ensureSyscallTestBuild(c *check.C) {
 func ensureNNPTest(c *check.C) {
 	defer testEnv.ProtectImage(c, "nnp-test:latest")
 +
 +	// If the image already exists, there's nothing left to do.
 +	if testEnv.HasExistingImage(c, "nnp-test:latest") {
 +		return
 +	}
 +
 +	// if no match, must build in docker, which is significantly slower
 +	// (slower mostly because of the vfs graphdriver)
 	if testEnv.OSType != runtime.GOOS {
 		ensureNNPTestBuild(c)
 		return
 diff --git a/components/engine/internal/test/environment/environment.go b/components/engine/internal/test/environment/environment.go
 index 5538d2097e9b..763c08ba4845 100644
 --- a/components/engine/internal/test/environment/environment.go
 +++ b/components/engine/internal/test/environment/environment.go
@@ -8,9 +8,12 @@ import (
 	"strings"
 	"github.com/docker/docker/api/types"
 +	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/client"
 +	"github.com/docker/docker/internal/test"
 	"github.com/docker/docker/internal/test/fixtures/load"
 	"github.com/pkg/errors"
 +	"gotest.tools/assert"
 )
 // Execution contains information about the current test execution and daemon
@@ -151,6 +154,26 @@ func (e *Execution) IsUserNamespace() bool {
 	return root != ""
 }
 +// HasExistingImage checks whether there is an image with the given reference.
 +// Note that this is done by filtering and then checking whether there were any
 +// results -- so ambiguous references might result in false-positives.
 +func (e *Execution) HasExistingImage(t testingT, reference string) bool {
 +	if ht, ok := t.(test.HelperT); ok {
 +		ht.Helper()
 +	}
 +	client := e.APIClient()
 +	filter := filters.NewArgs()
 +	filter.Add("dangling", "false")
 +	filter.Add("reference", reference)
 +	imageList, err := client.ImageList(context.Background(), types.ImageListOptions{
 +		All:     true,
 +		Filters: filter,
 +	})
 +	assert.NilError(t, err, "failed to list images")
 +
 +	return len(imageList) > 0
 +}
 +
 // EnsureFrozenImagesLinux loads frozen test images into the daemon
 // if they aren't already loaded
 func EnsureFrozenImagesLinux(testEnv *Execution) error {
 -- 
 2.21.0
--- a/docker-18.09.7_ce_2d0083d657f8.tar.xz
+++ b/docker-18.09.7_ce_2d0083d657f8.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:a84e46e28a2f23f7303146f650649e6ff18b3dbb96a842d538b6458f63d8a3ce
 size 9343716
--- a/docker-19.03.0_ce_aeac9490dc54.tar.xz
+++ b/docker-19.03.0_ce_aeac9490dc54.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:8987d5663c875fe4dde2e367099fd737902b95c80a8d712d14723bea44e335d8
 size 9978876
--- a/docker.changes
+++ b/docker.changes
@ -1,3 +1,27 @@
 -------------------------------------------------------------------
 Mon Jul 22 22:13:30 UTC 2019 - Aleksa Sarai <asarai@suse.com>
 - Update to Docker 19.03.0-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142413
 - Remove upstreamed patches:
  - bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
  - bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
  - bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
  - bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
 - Rebase pacthes:
  * bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
  * packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
  * private-registry-0001-Add-private-registry-mirror-support.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
 -------------------------------------------------------------------
 Wed Jul 17 23:15:33 UTC 2019 - Aleksa Sarai <asarai@suse.com>
 - Move bash-completion to correct location.
 - Update to Docker 18.09.8-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142160 CVE-2019-13509
 -------------------------------------------------------------------
 Fri Jun 28 01:21:19 UTC 2019 - Aleksa Sarai <asarai@suse.com>
--- a/docker.spec
+++ b/docker.spec
@ -42,17 +42,17 @@
 # helpfully injects into our build environment from the changelog). If you want
 # to generate a new git_commit_epoch, use this:
 #  $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
-%define git_version 2d0083d657f8
+%define git_version aeac9490dc54
-%define git_commit_epoch 1561655613
+%define git_commit_epoch 1563384968
 # These are the git commits required. We verify them against the source to make
 # sure we didn't miss anything important when doing upgrades.
 %define required_containerd 894b81a4b802e4eb2a91d1ce216b8817763c29fb
 %define required_dockerrunc 425e105d5a03fabd737a126ad93d62a9eeede87f
-%define required_libnetwork e7933d41e7b206756115aa9df5e0599fc5169742
+%define required_libnetwork fc5a7d91d54cc98f64fc28f9e288b46a0bee756c
 Name:           %{realname}%{name_suffix}
-Version:        18.09.7_ce
+Version:        19.03.0_ce
 Release:        0
 Summary:        The Moby-project Linux container runtime
 License:        Apache-2.0
@ -79,19 +79,11 @@ Patch200:       secrets-0001-daemon-allow-directory-creation-in-run-secrets.patc
 Patch201:       secrets-0002-SUSE-implement-SUSE-container-secrets.patch
 # SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1099277
 Patch401:       bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
 # SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1306. boo#1047218
 Patch402:       bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
 # SUSE-ISSUE: Revert of https://github.com/docker/docker/pull/37907.
-Patch403:       packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
+Patch402:       packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
 # SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37302. bsc#1001161
 Patch404:       bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
 # SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1130. bsc#1001161
 Patch405:       bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
 # SUSE-FEATURE: Add support to mirror inofficial/private registries
 #               (https://github.com/docker/docker/pull/34319)
 Patch500:       private-registry-0001-Add-private-registry-mirror-support.patch
 # SUSE-BACKPORT: Backport of test-only patch https://github.com/moby/moby/pull/38853. bsc1128746
 Patch900:       bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
 BuildRequires:  audit
 BuildRequires:  bash-completion
 BuildRequires:  ca-certificates
@ -141,9 +133,8 @@ Recommends:     lvm2 >= 2.2.89
 Recommends:     git-core >= 1.7
 Conflicts:      lxc < 1.0
 ExcludeArch:    s390 ppc
 # Make sure we build with go 1.10
 BuildRequires:  go-go-md2man
-BuildRequires:  golang(API) = 1.10
+BuildRequires:  golang(API) >= 1.12
 # KUBIC-SPECIFIC: This was required when upgrading from the original kubic
 #                 packaging, when everything was renamed to -kubic. It also is
 #                 used to ensure that nothing complains too much when using
@ -266,19 +257,12 @@ docker container runtime configuration for kubeadm
 %endif
 # bsc#1099277
 %patch401 -p1
 # boo#1047218
 %patch402 -p1
 # revert upstream
-%patch403 -p1
+%patch402 -p1
 # bsc#1001161
 %patch404 -p1
 %patch405 -p1
 %if "%flavour" == "kubic"
 # PATCH-SUSE: Mirror patch.
 %patch500 -p1
 %endif
 # bsc#1128746
 %patch900 -p1
 cp %{SOURCE7} .
@ -374,7 +358,7 @@ install -Dd -m 0755 \
 	%{buildroot}%{_sysconfdir}/init.d \
 	%{buildroot}%{_sbindir}
-install -D -m0644 components/cli/contrib/completion/bash/docker "%{buildroot}%{_sysconfdir}/bash_completion.d/%{realname}"
+install -D -m0644 components/cli/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{realname}"
 install -D -m0644 components/cli/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/%{realname}"
 #
@ -487,11 +471,11 @@ getent group docker >/dev/null || groupadd -r docker
 %files bash-completion
 %defattr(-,root,root)
-%config %{_sysconfdir}/bash_completion.d/%{realname}
+%{_datarootdir}/bash-completion/completions/%{realname}
 %files zsh-completion
 %defattr(-,root,root)
-%config %{_sysconfdir}/zsh_completion.d/%{realname}
+%{_sysconfdir}/zsh_completion.d/%{realname}
 %files test
 %defattr(-,root,root)
--- a/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
+++ b/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
@ -1,4 +1,4 @@
-From 6d022d4e08225c2fda686fc0d5febecee2efa864 Mon Sep 17 00:00:00 2001
+From 33d18d20a806e2541292acb55338dea2065d2501 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Thu, 29 Nov 2018 20:53:16 +1100
 Subject: [PATCH] revert "Remove 'docker-' prefix for containerd and runc
@ -11,20 +11,19 @@ up-to-date one available for Podman).
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
- components/engine/api/swagger.yaml            |  4 +--
+ components/engine/api/swagger.yaml                          | 4 ++--
- .../builder/builder-next/executor_unix.go     |  2 +-
+ components/engine/builder/builder-next/executor_unix.go     | 2 +-
- components/engine/cmd/dockerd/daemon.go       | 36 +++++++------------
+ components/engine/daemon/daemon_unix.go                     | 6 +++---
- components/engine/daemon/daemon_unix.go       |  6 ++--
+ components/engine/libcontainerd/supervisor/remote_daemon.go | 4 ++--
- .../libcontainerd/supervisor/remote_daemon.go |  4 +--
+ .../engine/libcontainerd/supervisor/remote_daemon_linux.go  | 4 ++--
- .../supervisor/remote_daemon_linux.go         |  4 +--
+ .../libcontainerd/supervisor/remote_daemon_windows.go       | 4 ++--
- .../supervisor/remote_daemon_windows.go       |  4 +--
+ 6 files changed, 12 insertions(+), 12 deletions(-)
 7 files changed, 25 insertions(+), 35 deletions(-)
 diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml
-index ca9d29e021de..082e5783ff1f 100644
+index 6e0bc25b52d6..58f860d22a49 100644
 --- a/components/engine/api/swagger.yaml
 +++ b/components/engine/api/swagger.yaml
-@@ -3866,10 +3866,10 @@ definitions:
+@@ -3980,10 +3980,10 @@ definitions:
           $ref: "#/definitions/Runtime"
         default:
           runc:
@ -38,80 +37,20 @@ index ca9d29e021de..082e5783ff1f 100644
             path: "/go/bin/runc"
           custom:
 diff --git a/components/engine/builder/builder-next/executor_unix.go b/components/engine/builder/builder-next/executor_unix.go
-index 3a11f8588144..ce4d2d937f9f 100644
+index 620ffb401de7..dd63779a27d2 100644
 --- a/components/engine/builder/builder-next/executor_unix.go
 +++ b/components/engine/builder/builder-next/executor_unix.go
-@@ -28,7 +28,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController) (e
+@@ -28,7 +28,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, ro
 	}
 	return runcexecutor.New(runcexecutor.Opt{
 		Root:                filepath.Join(root, "executor"),
 -		CommandCandidates:   []string{"runc"},
 +		CommandCandidates:   []string{"docker-runc", "runc"},
 		DefaultCgroupParent: cgroupParent,
- 	}, networkProviders)
+ 		Rootless:            rootless,
- }
+ 		NoPivot:             os.Getenv("DOCKER_RAMDISK") != "",
 diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go
 index 839537316af4..05922e6418d0 100644
 --- a/components/engine/cmd/dockerd/daemon.go
 +++ b/components/engine/cmd/dockerd/daemon.go
@@ -10,7 +10,6 @@ import (
 	"strings"
 	"time"
 -	containerddefaults "github.com/containerd/containerd/defaults"
 	"github.com/docker/distribution/uuid"
 	"github.com/docker/docker/api"
 	apiserver "github.com/docker/docker/api/server"
@@ -141,25 +140,21 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 	ctx, cancel := context.WithCancel(context.Background())
 	if cli.Config.ContainerdAddr == "" && runtime.GOOS != "windows" {
 -		if !systemContainerdRunning() {
 -			opts, err := cli.getContainerdDaemonOpts()
 -			if err != nil {
 -				cancel()
 -				return fmt.Errorf("Failed to generate containerd options: %v", err)
 -			}
 -
 -			r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
 -			if err != nil {
 -				cancel()
 -				return fmt.Errorf("Failed to start containerd: %v", err)
 -			}
 -			cli.Config.ContainerdAddr = r.Address()
 +		opts, err := cli.getContainerdDaemonOpts()
 +		if err != nil {
 +			cancel()
 +			return fmt.Errorf("Failed to generate containerd options: %v", err)
 +		}
 -			// Try to wait for containerd to shutdown
 -			defer r.WaitTimeout(10 * time.Second)
 -		} else {
 -			cli.Config.ContainerdAddr = containerddefaults.DefaultAddress
 +		r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
 +		if err != nil {
 +			cancel()
 +			return fmt.Errorf("Failed to start containerd: %v", err)
 		}
 +		cli.Config.ContainerdAddr = r.Address()
 +
 +		// Try to wait for containerd to shutdown
 +		defer r.WaitTimeout(10 * time.Second)
 	}
 	defer cancel()
@@ -665,8 +660,3 @@ func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGette
 	}
 	return nil
 }
 -
 -func systemContainerdRunning() bool {
 -	_, err := os.Lstat(containerddefaults.DefaultAddress)
 -	return err == nil
 -}
 diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go
-index 5234201c828f..c40d11bc85c2 100644
+index df64de6edf13..fa9bfb528414 100644
 --- a/components/engine/daemon/daemon_unix.go
 +++ b/components/engine/daemon/daemon_unix.go
@@ -54,11 +54,11 @@ import (
@ -128,7 +67,7 @@ index 5234201c828f..c40d11bc85c2 100644
 	// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
 	linuxMinCPUShares = 2
-@@ -76,7 +76,7 @@ const (
+@@ -77,7 +77,7 @@ const (
 	// DefaultRuntimeName is the default runtime to be used by
 	// containerd if none is specified
@ -138,7 +77,7 @@ index 5234201c828f..c40d11bc85c2 100644
 type containerGetter interface {
 diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go
-index eb9a2bdd8198..309f50f26bb2 100644
+index 31b93f11f0b1..5fba7f29eff9 100644
 --- a/components/engine/libcontainerd/supervisor/remote_daemon.go
 +++ b/components/engine/libcontainerd/supervisor/remote_daemon.go
@@ -27,8 +27,8 @@ const (
@ -183,5 +122,5 @@ index 9b254ef58a0a..bcdc9529e0f7 100644
 func (r *remote) setDefaults() {
 -- 
-2.21.0
+2.22.0
--- a/private-registry-0001-Add-private-registry-mirror-support.patch
+++ b/private-registry-0001-Add-private-registry-mirror-support.patch
@ -1,4 +1,4 @@
-From 2a00f998e1e081a9f72f0ba81403dceea252c6a1 Mon Sep 17 00:00:00 2001
+From 69d43a9550cdedf86b0d4b29e9d737af90221109 Mon Sep 17 00:00:00 2001
 From: Valentin Rothberg <vrothberg@suse.com>
 Date: Mon, 2 Jul 2018 13:37:34 +0200
 Subject: [PATCH] Add private-registry mirror support
@ -72,12 +72,12 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
 components/engine/distribution/pull.go        |   2 +-
 components/engine/distribution/pull_v2.go     |   2 +-
 components/engine/distribution/push.go        |   2 +-
- components/engine/registry/config.go          | 120 ++++++++++++++-
+ components/engine/registry/config.go          | 124 ++++++++++++++-
 components/engine/registry/config_test.go     | 136 +++++++++++++++++
 components/engine/registry/registry_test.go   |  91 ++++++++++-
- components/engine/registry/service.go         |  56 ++++---
+ components/engine/registry/service.go         |  45 ++++--
 components/engine/registry/service_v2.go      |  66 +++++---
- 12 files changed, 705 insertions(+), 46 deletions(-)
+ 12 files changed, 697 insertions(+), 47 deletions(-)
 diff --git a/components/engine/api/types/registry/registry.go b/components/engine/api/types/registry/registry.go
 index 8789ad3b3210..c663fec7d881 100644
@ -243,10 +243,10 @@ index 8789ad3b3210..c663fec7d881 100644
 // NetIPNet is the net.IPNet type, which can be marshalled and
 diff --git a/components/engine/daemon/config/config.go b/components/engine/daemon/config/config.go
-index 8b2c844a579f..e61940661c70 100644
+index 80ecbbd9550d..8ce69714d9bf 100644
 --- a/components/engine/daemon/config/config.go
 +++ b/components/engine/daemon/config/config.go
-@@ -470,6 +470,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
+@@ -467,6 +467,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
 	// 1. Search keys from the file that we don't recognize as flags.
 	unknownKeys := make(map[string]interface{})
 	for key, value := range config {
@ -258,7 +258,7 @@ index 8b2c844a579f..e61940661c70 100644
 			unknownKeys[key] = value
 		}
 diff --git a/components/engine/daemon/reload.go b/components/engine/daemon/reload.go
-index 026d7dd517f7..924c3982cd2a 100644
+index a31dd0cb87c1..99cc4a65a79d 100644
 --- a/components/engine/daemon/reload.go
 +++ b/components/engine/daemon/reload.go
@@ -21,8 +21,14 @@ import (
@ -286,7 +286,7 @@ index 026d7dd517f7..924c3982cd2a 100644
 	return daemon.reloadNetworkDiagnosticPort(conf, attributes)
 }
-@@ -294,6 +303,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
+@@ -295,6 +304,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
 	return nil
 }
@ -314,7 +314,7 @@ index 026d7dd517f7..924c3982cd2a 100644
 +	return nil
 +}
 +
- // reloadLiveRestore updates configuration with live retore option
+ // reloadLiveRestore updates configuration with live restore option
 // and updates the passed attributes
 func (daemon *Daemon) reloadLiveRestore(conf *config.Config, attributes map[string]string) error {
 diff --git a/components/engine/daemon/reload_test.go b/components/engine/daemon/reload_test.go
@ -431,10 +431,10 @@ index ffad297f71b7..21733c3f1e33 100644
 	daemon := &Daemon{
 		imageService: images.NewImageService(images.ImageServiceConfig{}),
 diff --git a/components/engine/distribution/pull.go b/components/engine/distribution/pull.go
-index 5de73ae99ac3..8e78c49273dd 100644
+index be366ce4a99b..49e0d0352778 100644
 --- a/components/engine/distribution/pull.go
 +++ b/components/engine/distribution/pull.go
-@@ -63,7 +63,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
+@@ -58,7 +58,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
 		return err
 	}
@ -444,7 +444,7 @@ index 5de73ae99ac3..8e78c49273dd 100644
 		return err
 	}
 diff --git a/components/engine/distribution/pull_v2.go b/components/engine/distribution/pull_v2.go
-index 8f05cfa0b289..a562477ea6cd 100644
+index dd91ff2157b1..2640f6134e5d 100644
 --- a/components/engine/distribution/pull_v2.go
 +++ b/components/engine/distribution/pull_v2.go
@@ -379,7 +379,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
@ -457,10 +457,10 @@ index 8f05cfa0b289..a562477ea6cd 100644
 	var (
 diff --git a/components/engine/distribution/push.go b/components/engine/distribution/push.go
-index eb3bc5597462..a4624dee9482 100644
+index 5617a4c95f49..0a24aebed968 100644
 --- a/components/engine/distribution/push.go
 +++ b/components/engine/distribution/push.go
-@@ -64,7 +64,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
+@@ -58,7 +58,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
 		return err
 	}
@ -470,29 +470,27 @@ index eb3bc5597462..a4624dee9482 100644
 		return err
 	}
 diff --git a/components/engine/registry/config.go b/components/engine/registry/config.go
-index de5a526b694d..cf90abb8be04 100644
+index 6bb9258c9b6f..f1945237d235 100644
 --- a/components/engine/registry/config.go
 +++ b/components/engine/registry/config.go
-@@ -14,7 +14,7 @@ import (
+@@ -14,11 +14,12 @@ import (
 	"github.com/sirupsen/logrus"
 )
 -// ServiceOptions holds command line options.
 +// ServiceOptions holds the user-specified configuration options.
 type ServiceOptions struct {
- 	AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
+-	AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
- 	Mirrors                        []string `json:"registry-mirrors,omitempty"`
+-	Mirrors                        []string `json:"registry-mirrors,omitempty"`
-@@ -23,6 +23,9 @@ type ServiceOptions struct {
+-	InsecureRegistries             []string `json:"insecure-registries,omitempty"`
- 	// V2Only controls access to legacy registries.  If it is set to true via the
+	AllowNondistributableArtifacts []string                 `json:"allow-nondistributable-artifacts,omitempty"`
- 	// command line flag the daemon will not attempt to contact v1 legacy registries
+	Mirrors                        []string                 `json:"registry-mirrors,omitempty"`
- 	V2Only bool `json:"disable-legacy-registry,omitempty"`
+	InsecureRegistries             []string                 `json:"insecure-registries,omitempty"`
-+
+	Registries                     []registrytypes.Registry `json:"registries,omitempty"`
 +	// Registries holds information associated with the specified registries.
 +	Registries []registrytypes.Registry `json:"registries,omitempty"`
 }
 // serviceConfig holds daemon configuration for the registry service.
-@@ -67,8 +70,21 @@ var (
+@@ -62,8 +63,21 @@ var (
 // for mocking in unit tests
 var lookupIP = net.LookupIP
@ -514,7 +512,7 @@ index de5a526b694d..cf90abb8be04 100644
 	config := &serviceConfig{
 		ServiceConfig: registrytypes.ServiceConfig{
 			InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0),
-@@ -87,10 +103,104 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
+@@ -81,10 +95,104 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
 	if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil {
 		return nil, err
 	}
@ -619,7 +617,7 @@ index de5a526b694d..cf90abb8be04 100644
 // LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config.
 func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error {
 	cidrs := map[string]*registrytypes.NetIPNet{}
-@@ -131,6 +241,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
+@@ -125,6 +233,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
 // LoadMirrors loads mirrors to config, after removing duplicates.
 // Returns an error if mirrors contains an invalid mirror.
 func (config *serviceConfig) LoadMirrors(mirrors []string) error {
@ -630,7 +628,7 @@ index de5a526b694d..cf90abb8be04 100644
 	mMap := map[string]struct{}{}
 	unique := []string{}
-@@ -160,6 +274,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
+@@ -154,6 +266,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
 // LoadInsecureRegistries loads insecure registries to config
 func (config *serviceConfig) LoadInsecureRegistries(registries []string) error {
@ -921,7 +919,7 @@ index b7459471b3f6..1e0d53e7dc21 100644
 func TestPushRegistryTag(t *testing.T) {
 diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go
-index b441970ff170..b3c1ee21f383 100644
+index 08f5c7a4e12c..ee0c97a8a21b 100644
 --- a/components/engine/registry/service.go
 +++ b/components/engine/registry/service.go
@@ -8,7 +8,7 @@ import (
@ -1031,33 +1029,8 @@ index b441970ff170..b3c1ee21f383 100644
 	if err == nil {
 		for _, endpoint := range allEndpoints {
 			if !endpoint.Mirror {
@@ -308,8 +323,8 @@ func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEn
 	return endpoints, err
 }
 -func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
 -	endpoints, err = s.lookupV2Endpoints(hostname)
 +func (s *DefaultService) lookupEndpoints(reference string) (endpoints []APIEndpoint, err error) {
 +	endpoints, err = s.lookupV2Endpoints(reference)
 	if err != nil {
 		return nil, err
 	}
@@ -318,6 +333,13 @@ func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoi
 		return endpoints, nil
 	}
 +	// When falling back to V1 endpoints, switch to the hostname
 +	ref, err := dref.ParseNamed(reference)
 +	if err != nil {
 +		return nil, err
 +	}
 +	hostname := dref.Domain(ref)
 +
 	legacyEndpoints, err := s.lookupV1Endpoints(hostname)
 	if err != nil {
 		return nil, err
 diff --git a/components/engine/registry/service_v2.go b/components/engine/registry/service_v2.go
-index 3a56dc91145a..9de221cf2aa0 100644
+index 1a4c9e310547..efebb4f41486 100644
 --- a/components/engine/registry/service_v2.go
 +++ b/components/engine/registry/service_v2.go
@@ -1,30 +1,51 @@
@ -1160,5 +1133,5 @@ index 3a56dc91145a..9de221cf2aa0 100644
 	endpoints = []APIEndpoint{
 -- 
-2.21.0
+2.22.0
--- a/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+++ b/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
@ -1,4 +1,4 @@
-From 6603582112f42cd00b84d62a5412f2380e55d7e3 Mon Sep 17 00:00:00 2001
+From 47b241f184e61474957c4ffb8a3dcbaa543eadb9 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 8 Mar 2017 12:41:54 +1100
 Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
@ -14,7 +14,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
 1 file changed, 21 insertions(+), 3 deletions(-)
 diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
-index c0aab7234269..8d8b13d26cff 100644
+index 3fcdc1913bed..4920def81a7e 100644
 --- a/components/engine/daemon/container_operations_unix.go
 +++ b/components/engine/daemon/container_operations_unix.go
@@ -3,6 +3,7 @@
@ -70,5 +70,5 @@ index c0aab7234269..8d8b13d26cff 100644
 			return errors.Wrap(err, "error setting ownership for secret")
 		}
 -- 
-2.21.0
+2.22.0
--- a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+++ b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
@ -1,4 +1,4 @@
-From 3eabc382912eeb475013b5514412968dfa300d63 Mon Sep 17 00:00:00 2001
+From 80072183953f8cf6fcef6b5e65e609e833dd9fb8 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 8 Mar 2017 11:43:29 +1100
 Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@ -19,7 +19,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
 create mode 100644 components/engine/daemon/suse_secrets.go
 diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
-index e2265a4faeca..31b60e5621c6 100644
+index 57a7267b7cbb..46c3a603554f 100644
 --- a/components/engine/daemon/start.go
 +++ b/components/engine/daemon/start.go
@@ -151,6 +151,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
@ -437,5 +437,5 @@ index 000000000000..087c877015a7
 +	return nil
 +}
 -- 
-2.21.0
+2.22.0