diff --git a/_service b/_service
index e2962f5..9d5f616 100644
--- a/_service
+++ b/_service
@@ -3,8 +3,8 @@
     <param name="url">https://github.com/docker/docker.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="versionformat">1.13.0</param>
-    <param name="revision">v1.13.0</param>
+    <param name="versionformat">17.04.0_ce</param>
+    <param name="revision">v17.04.0-ce</param>
   </service>
   <service name="recompress" mode="disabled">
     <param name="file">docker-*.tar</param>
diff --git a/boltdb_bolt_add_brokenUnaligned.patch b/boltdb_bolt_add_brokenUnaligned.patch
deleted file mode 100644
index af8df30..0000000
--- a/boltdb_bolt_add_brokenUnaligned.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Michel Normand <normand@linux.vnet.ibm.com>
-Subject: boltdb bolt add brokenUnaligned for ppc64
-Date: Tue, 20 Dec 2016 10:19:01 +0100
-
-boltdb bolt add brokenUnaligned for ppc64
-as already done for bolt_ppc64le.go
-
-Correction already submitted upstream as
-https://github.com/boltdb/bolt/pull/635
-
-Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
----
- vendor/src/github.com/boltdb/bolt/bolt_ppc64.go |    3 +++
- 1 file changed, 3 insertions(+)
-
-Index: docker-1.12.3/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
-===================================================================
---- docker-1.12.3.orig/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
-+++ docker-1.12.3/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
-@@ -7,3 +7,6 @@ const maxMapSize = 0xFFFFFFFFFFFF // 256
- 
- // maxAllocSize is the size used when creating array pointers.
- const maxAllocSize = 0x7FFFFFFF
-+
-+// Are unaligned load/stores broken on this arch?
-+var brokenUnaligned = false
-
diff --git a/bsc1037436-0001-client-check-tty-before-creating-exec-job.patch b/bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
new file mode 100644
index 0000000..939bd0b
--- /dev/null
+++ b/bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
@@ -0,0 +1,69 @@
+From c117441b1a74affb013a42ee8225d69ecfaf4d72 Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Tue, 9 May 2017 23:31:46 +1000
+Subject: [PATCH] client: check tty before creating exec job
+
+This is necessary in order to avoid execId leaks in the case where a
+`docker exec -it` is run without a terminal available for the client.
+You can reproduce this issue by running the following command many
+times.
+
+  % nohup docker exec -it some_container true
+
+The container `some_container` will have execIDs that will never
+normally be cleaned up (because the client died before they were
+started).
+
+In addition, this patch adds a docker-inspect step to ensure that we
+give "container does not exist" errors consistently.
+
+[SUSE: Fixes bsc#1037436.]
+
+Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+---
+ cli/command/container/exec.go | 21 +++++++++++++++------
+ 1 file changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/cli/command/container/exec.go b/cli/command/container/exec.go
+index 676708c77b91..d85113259242 100644
+--- a/cli/command/container/exec.go
++++ b/cli/command/container/exec.go
+@@ -79,6 +79,19 @@ func runExec(dockerCli *command.DockerCli, opts *execOptions, container string,
+ 	ctx := context.Background()
+ 	client := dockerCli.Client()
+ 
++	// We need to check the tty _before_ we do the ContainerExecCreate, because
++	// otherwise if we error out we will leak execIDs on the server (and
++	// there's no easy way to clean those up). But also in order to make "not
++	// exist" errors take precedence we do a dummy inspect first.
++	if _, err := client.ContainerInspect(ctx, container); err != nil {
++		return err
++	}
++	if !execConfig.Detach {
++		if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil {
++			return err
++		}
++	}
++
+ 	response, err := client.ContainerExecCreate(ctx, container, *execConfig)
+ 	if err != nil {
+ 		return err
+@@ -90,12 +103,8 @@ func runExec(dockerCli *command.DockerCli, opts *execOptions, container string,
+ 		return nil
+ 	}
+ 
+-	//Temp struct for execStart so that we don't need to transfer all the execConfig
+-	if !execConfig.Detach {
+-		if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil {
+-			return err
+-		}
+-	} else {
++	// Temp struct for execStart so that we don't need to transfer all the execConfig.
++	if execConfig.Detach {
+ 		execStartCheck := types.ExecStartCheck{
+ 			Detach: execConfig.Detach,
+ 			Tty:    execConfig.Tty,
+-- 
+2.12.2
+
diff --git a/bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch b/bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
new file mode 100644
index 0000000..ac5da10
--- /dev/null
+++ b/bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
@@ -0,0 +1,60 @@
+From 9783e1791fc438751b327023b0cd7d392e54084f Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Thu, 18 May 2017 00:02:00 +1000
+Subject: [PATCH] apparmor: make pkg/aaparser work on read-only root
+
+This is necessary because normally `apparmor_parser -r` will try to
+create a temporary directory on the host (which is not allowed if the
+host has a rootfs). However, the -K option bypasses saving things to the
+cache (which avoids this issue).
+
+  % apparmor_parser -r /tmp/docker-profile
+  mkstemp: Read-only file system
+  % apparmor_parser -Kr /tmp/docker-profile
+  %
+
+In addition, add extra information to the ensureDefaultAppArmorProfile
+errors so that problems like this are easier to debug.
+
+Fixes: 2f7596aaef3a ("apparmor: do not save profile to /etc/apparmor.d")
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+---
+ daemon/apparmor_default.go | 2 +-
+ pkg/aaparser/aaparser.go   | 7 ++++---
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go
+index 09dd0541b872..2a418b25c241 100644
+--- a/daemon/apparmor_default.go
++++ b/daemon/apparmor_default.go
+@@ -28,7 +28,7 @@ func ensureDefaultAppArmorProfile() error {
+ 
+ 		// Load the profile.
+ 		if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil {
+-			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded.", defaultApparmorProfile)
++			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultApparmorProfile, err)
+ 		}
+ 	}
+ 
+diff --git a/pkg/aaparser/aaparser.go b/pkg/aaparser/aaparser.go
+index e794c4c729e2..5de4a4d79b35 100644
+--- a/pkg/aaparser/aaparser.go
++++ b/pkg/aaparser/aaparser.go
+@@ -22,10 +22,11 @@ func GetVersion() (int, error) {
+ 	return parseVersion(output)
+ }
+ 
+-// LoadProfile runs `apparmor_parser -r` on a specified apparmor profile to
+-// replace the profile.
++// LoadProfile runs `apparmor_parser -Kr` on a specified apparmor profile to
++// replace the profile. The `-K` is necessary to make sure that apparmor_parser
++// doesn't try to write to a read-only filesystem.
+ func LoadProfile(profilePath string) error {
+-	_, err := cmd("", "-r", profilePath)
++	_, err := cmd("", "-Kr", profilePath)
+ 	return err
+ }
+ 
+-- 
+2.12.2
+
diff --git a/docker-1.13.0.tar.xz b/docker-1.13.0.tar.xz
deleted file mode 100644
index 8e5b482..0000000
--- a/docker-1.13.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1da90f2f637d55c7bef034761f0781a7cc4facdefc50b9d77f0c6a78185efe0a
-size 5130016
diff --git a/docker-17.04.0_ce.tar.xz b/docker-17.04.0_ce.tar.xz
new file mode 100644
index 0000000..4cc9c8b
--- /dev/null
+++ b/docker-17.04.0_ce.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c192552cebebba3e5af60af995fb7fd6f6423b8df71574e8a1f188878ae21913
+size 4574004
diff --git a/docker.changes b/docker.changes
index 8bf8590..35016e2 100644
--- a/docker.changes
+++ b/docker.changes
@@ -1,3 +1,66 @@
+-------------------------------------------------------------------
+Wed May 17 14:41:29 UTC 2017 - asarai@suse.com
+
+- Fix bsc#1037607 which was causing read-only issues on Kubic, this is a
+  backport of https://github.com/moby/moby/pull/33250.
+  + bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
+
+-------------------------------------------------------------------
+Wed May 10 13:54:44 UTC 2017 - asarai@suse.com
+
+- Add a partial fix for boo#1038493.
+- Fixed bsc#1037436 where execids were being leaked due to bad error handling.
+  This is a backport of https://github.com/docker/cli/pull/52.
+   + bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
+
+-------------------------------------------------------------------
+Thu May  4 19:03:40 UTC 2017 - jmassaguerpla@suse.com
+
+- Fix golang requirements in the subpackages
+
+-------------------------------------------------------------------
+Mon May  1 07:57:35 UTC 2017 - fcastelli@suse.com
+
+- Update golang build requirements to use golang(API) symbol: this is
+  needed to solve a conflict between multiple versions of Go being available
+
+-------------------------------------------------------------------
+Tue Apr 18 15:38:11 UTC 2017 - jmassaguerpla@suse.com
+
+- Fix secrets-0002-SUSE-implement-SUSE-container-secrets.patch:
+  substitute docker/distribution/digest by opencontainers/digest
+
+-------------------------------------------------------------------
+Thu Apr 13 14:34:35 UTC 2017 - jmassaguerpla@suse.com
+
+- Update to version 17.04.0-ce (fix bsc#1034053 )
+
+- Patches removed because have been merged into this version:
+  * pr31549-cmd-docker-fix-TestDaemonCommand.patch
+  * pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
+- Patches rebased:
+  * integration-cli-fix-TestInfoEnsureSucceeds.patch
+- Build man pages for all archs (bsc#953182)
+- Containers cannot resolve DNS if docker host uses 127.0.0.1 as resolver (bsc#1034063)
+
+see /usr/share/doc/packages/docker/CHANGELOG.md
+
+-------------------------------------------------------------------
+Wed Apr 12 09:54:18 UTC 2017 - jmassaguerpla@suse.com
+
+- Make sure this is being built with go 1.7
+
+-------------------------------------------------------------------
+Wed Apr 12 09:14:35 UTC 2017 - jmassaguerpla@suse.com
+
+- remove the go_arches macro because we are using go1.7 which
+  is available in all archs
+
+- remove gcc specific patches
+  * gcc-go-patches.patch
+  * netlink_netns_powerpc.patch
+  * boltdb_bolt_add_brokenUnaligned.patch
+
 -------------------------------------------------------------------
 Wed Apr 12 07:58:08 UTC 2017 - asarai@suse.com
 
diff --git a/docker.spec b/docker.spec
index bd0de84..ef39fc6 100644
--- a/docker.spec
+++ b/docker.spec
@@ -17,26 +17,12 @@
 # nodebuginfo
 
 
-# Check if go_arches is defined in the project configuration
-# Otherwise, define it here
-# In order to define it in the project configuration, see
-#
-# https://en.opensuse.org/openSUSE:Build%20Service%20prjconf#Macros
-#
-# The Macros tag is the one that defines the go_arches variable to be used
-# in the spec file.
-# The "define" one is to help the specfile parser of the buildservice
-# to see what packages are being built. You also want to define it here
-# for keeping things consistent.
-
-%{!?go_arches: %global go_arches %ix86 x86_64 aarch64 ppc64le}
-
 %global docker_store              %{_localstatedir}/lib/docker
 %global docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete
 %global docker_migration_warnfile %{docker_store}/docker-update-message.txt
 %define docker_graph              %{docker_store}/graph
 %define git_version 78d1802
-%define version_unconverted 1.13.0
+%define version_unconverted 17.04.0_ce
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 # When upgrading to a new version requires the service not to be restarted
 # Due to a long migration process update last_migration_version to the new version
@@ -44,7 +30,7 @@
 # 1.10.1
 %global last_migration_version 1.10.1
 Name:           docker
-Version:        1.13.0
+Version:        17.04.0_ce
 Release:        0
 Summary:        The Linux container runtime
 License:        Apache-2.0
@@ -60,10 +46,6 @@ Source8:        docker-audit.rules
 Source9:        docker-update-message.txt
 Source10:       tests.sh
 Source11:       docker_service_helper.sh
-# Fixes for architecture-specific issues (gcc-go).
-Patch100:       gcc-go-patches.patch
-Patch102:       netlink_netns_powerpc.patch
-Patch103:       boltdb_bolt_add_brokenUnaligned.patch
 # SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
 # which is not snapshotted when images are committed. Note that if you modify
 # this patch, please also modify the patch in the suse-secrets-v<version>
@@ -72,8 +54,10 @@ Patch200:       secrets-0001-daemon-allow-directory-creation-in-run-secrets.patc
 Patch201:       secrets-0002-SUSE-implement-SUSE-container-secrets.patch
 # PATCH-FIX-UPSTREAM: Backports.
 Patch300:       integration-cli-fix-TestInfoEnsureSucceeds.patch
-Patch301:       pr31549-cmd-docker-fix-TestDaemonCommand.patch
-Patch302:       pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
+# PATCH-FIX-UPSTREAM: Backport of https://github.com/docker/cli/pull/52 (bsc#1037436).
+Patch400:       bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
+# PATCH-FIX-UPSTREAM: Backport of https://github.com/moby/moby/pull/33250 (bsc#1037607).
+Patch401:       bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
 BuildRequires:  audit
 BuildRequires:  bash-completion
 BuildRequires:  ca-certificates
@@ -97,13 +81,13 @@ BuildRequires:  zsh
 Requires:       apparmor-parser
 Requires:       bridge-utils
 Requires:       ca-certificates-mozilla
-Requires:       docker-libnetwork = 0.0.0+git20161019.0f53435
+Requires:       docker-libnetwork = 0.0.0+git20170119.7b2b1fe
 # Containerd and runC are required as they are the only currently supported
 # execdrivers of Docker. NOTE: The version pinning here matches upstream's
 # Dockerfile to ensure that we don't use a slightly incompatible version of
 # runC or containerd (which would be bad).
-Requires:       containerd = 0.2.5+gitr608_03e5862
-Requires:       runc = 0.1.1+gitr2942_2f7393a
+Requires:       containerd = 0.2.5+gitr639_422e31c
+Requires:       runc = 0.1.1+gitr2947_9c2d8d1
 # Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used
 Requires:       e2fsprogs
 Requires:       git-core >= 1.7
@@ -124,12 +108,9 @@ Recommends:     lvm2 >= 2.2.89
 Conflicts:      lxc < 1.0
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 ExcludeArch:    %ix86 s390 ppc
-%ifarch %{go_arches}
-BuildRequires:  go >= 1.5
+# Make sure we build with go 1.7
 BuildRequires:  go-go-md2man
-%else
-BuildRequires:  gcc6-go >= 6.1
-%endif
+BuildRequires:  golang(API) = 1.7
 
 %description
 Docker complements LXC with a high-level API which operates at the process
@@ -169,15 +150,12 @@ Requires:       apparmor-parser
 Requires:       bash-completion
 Requires:       device-mapper-devel >= 1.2.68
 Requires:       glibc-devel-static
+# Make sure we require go 1.7
 Requires:       libapparmor-devel
 Requires:       libbtrfs-devel >= 3.8
 Requires:       procps
 Requires:       sqlite3-devel
-%ifarch %{go_arches}
-Requires:       go >= 1.4
-%else
-Requires:       gcc6-go >= 6.1
-%endif
+Requires:       golang(API) = 1.7
 
 %description test
 Test package for docker. It contains the source code and the tests.
@@ -190,25 +168,13 @@ Test package for docker. It contains the source code and the tests.
 %patch200 -p1
 %patch201 -p1
 %endif
-%ifnarch %{go_arches}
-%patch100 -p1
-%patch102 -p1
-%patch103 -p1
-%endif
 %patch300 -p1
-%patch301 -p1
-%patch302 -p1
+%patch400 -p1
+%patch401 -p1
 cp %{SOURCE7} .
 cp %{SOURCE10} .
 
 %build
-%ifnarch %{go_arches}
-tmphack=/tmp/dirty-hack
-[ -e $tmphack ] && rm -rf $tmphack
-mkdir $tmphack
-ln -s %{_bindir}/go-6 $tmphack/go
-export PATH=$tmphack:$PATH
-%endif
 
 BUILDTAGS="exclude_graphdriver_aufs apparmor selinux pkcs11"
 %if 0%{?with_libseccomp}
@@ -226,16 +192,15 @@ BUILDTAGS="seccomp $BUILDTAGS"
 export AUTO_GOPATH=1
 export DOCKER_BUILDTAGS="$BUILDTAGS"
 export DOCKER_GITCOMMIT=%{git_version}
+# Until boo#1038493 is fixed properly we need to do this hack to get the
+# compiled-into-the-binary GOROOT.
+export GOROOT="$(GOROOT= go env GOROOT)"
 EOF
 ) > docker_build_env
 . ./docker_build_env
 
-%ifarch %{go_arches}
 ./hack/make.sh dynbinary
 man/md2man-all.sh
-%else
-./hack/make.sh dyngccgo
-%endif
 
 # build the tests binary
 GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test \
@@ -246,7 +211,6 @@ GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test \
 # otherwise the resulting package will have extra requires
 rm -rf hack/make/.build-deb
 
-%ifarch %go_arches
 %check
 . ./docker_build_env
 
@@ -300,22 +264,16 @@ PKG_LIST=$(go list -e \
 		| grep -v 'github.com/docker/docker/pkg/integration$')
 %else
 		| grep -v 'github.com/docker/docker/pkg/integration$' \
-    | grep -v 'github.com/docker/docker/profiles/seccomp$') 
+		| grep -v 'github.com/docker/docker/profiles/seccomp$')
 %endif
 
 go test -cover -ldflags -w -tags "$DOCKER_BUILDTAGS" -a -test.timeout=10m $PKG_LIST
-%endif
 
 %install
 install -d %{buildroot}%{go_contribdir}
 install -d %{buildroot}%{_bindir}
-%ifarch %{go_arches}
 install -D -m755 bundles/latest/dynbinary-client/%{name} %{buildroot}/%{_bindir}/%{name}
 install -D -m755 bundles/latest/dynbinary-daemon/%{name}d %{buildroot}/%{_bindir}/%{name}d
-%else
-install -D -m755 bundles/latest/dyngccgo/%{name} %{buildroot}/%{_bindir}/%{name}
-install -D -m755 bundles/latest/dyngccgo/%{name}d %{buildroot}/%{_bindir}/%{name}d
-%endif
 install -d %{buildroot}/%{_prefix}/lib/docker
 install -Dd -m 0755 \
    %{buildroot}%{_sysconfdir}/init.d \
@@ -356,7 +314,6 @@ install -D -m 0640 %{SOURCE8} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.r
 # sysconfig file
 install -D -m 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.docker
 
-%ifarch %{go_arches}
 # install manpages
 install -d %{buildroot}%{_mandir}/man1
 install -p -m 644 man/man1/*.1 %{buildroot}%{_mandir}/man1
@@ -364,7 +321,6 @@ install -d %{buildroot}%{_mandir}/man5
 install -p -m 644 man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
 install -d %{buildroot}%{_mandir}/man8
 install -p -m 644 man/man8/*.8 %{buildroot}%{_mandir}/man8
-%endif
 
 install -D -m 0644 %{SOURCE9} %{buildroot}%{docker_migration_warnfile}
 
@@ -424,7 +380,7 @@ fi
 
 %files
 %defattr(-,root,root)
-%doc README.md LICENSE README_SUSE.md
+%doc README.md LICENSE README_SUSE.md CHANGELOG.md
 %{_bindir}/docker
 %{_bindir}/dockerd
 %{_sbindir}/rcdocker
@@ -434,12 +390,10 @@ fi
 %{_udevrulesdir}/80-%{name}.rules
 %{_localstatedir}/adm/fillup-templates/sysconfig.docker
 %{_localstatedir}/lib/docker/
-%ifarch %{go_arches}
 %{_mandir}/man1/docker-*.1%{ext_man}
 %{_mandir}/man1/docker.1%{ext_man}
 %{_mandir}/man5/Dockerfile.5%{ext_man}
 %{_mandir}/man8/dockerd.8%{ext_man}
-%endif
 
 %files bash-completion
 %defattr(-,root,root)
diff --git a/gcc-go-patches.patch b/gcc-go-patches.patch
deleted file mode 100644
index b911aaf..0000000
--- a/gcc-go-patches.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-diff --git a/hack/make/gccgo b/hack/make/gccgo
-index 54c983e..1c11bbf 100644
---- a/hack/make/gccgo
-+++ b/hack/make/gccgo
-@@ -1,5 +1,5 @@
- #!/bin/bash
--set -e
-+set -ex
- 
- BINARY_NAME="dockerd-$VERSION"
- BINARY_EXTENSION="$(binary_extension)"
-@@ -22,9 +22,11 @@ go build -compiler=gccgo \
- 	"${BUILDFLAGS[@]}" \
- 	-gccgoflags "
- 		-g
-+		-Wl,--add-needed -Wl,--no-as-needed
- 		$EXTLDFLAGS_STATIC
-+                -static-libgo
- 		-Wl,--no-export-dynamic
--		-ldl
-+		-ldl -lselinux -lsystemd
- 		-pthread
- 	" \
- 	./cmd/dockerd
-@@ -37,7 +39,9 @@ go build -compiler=gccgo \
- 	"${BUILDFLAGS[@]}" \
- 	-gccgoflags "
- 		-g
-+		-Wl,--add-needed -Wl,--no-as-needed
- 		$EXTLDFLAGS_STATIC
-+                -static-libgo
- 		-Wl,--no-export-dynamic
- 		-ldl
- 		-pthread
-@@ -55,9 +59,11 @@ go build -compiler=gccgo \
- 	"${BUILDFLAGS[@]}" \
- 	-gccgoflags "
- 		-g
-+		-Wl,--add-needed -Wl,--no-as-needed
- 		$EXTLDFLAGS_STATIC
-+		-static-libgo
- 		-Wl,--no-export-dynamic
--		-ldl
-+		-ldl -lselinux -lsystemd
- 		-pthread
- 	" \
- 	./cmd/docker
diff --git a/integration-cli-fix-TestInfoEnsureSucceeds.patch b/integration-cli-fix-TestInfoEnsureSucceeds.patch
index fd4d91b..261dcde 100644
--- a/integration-cli-fix-TestInfoEnsureSucceeds.patch
+++ b/integration-cli-fix-TestInfoEnsureSucceeds.patch
@@ -1,13 +1,13 @@
 diff --git a/integration-cli/docker_cli_info_test.go b/integration-cli/docker_cli_info_test.go
-index 62ce7e2..46516f9 100644
+index 5eb2f0f..39f93bd 100644
 --- a/integration-cli/docker_cli_info_test.go
 +++ b/integration-cli/docker_cli_info_test.go
-@@ -40,7 +40,7 @@ func (s *DockerSuite) TestInfoEnsureSucceeds(c *check.C) {
+@@ -41,7 +41,7 @@ func (s *DockerSuite) TestInfoEnsureSucceeds(c *check.C) {
  	}
  
- 	if DaemonIsLinux.Condition() {
+ 	if DaemonIsLinux() {
 -		stringsToCheck = append(stringsToCheck, "Runtimes:", "Default Runtime: runc")
 +		stringsToCheck = append(stringsToCheck, "Runtimes:", "Default Runtime: oci")
  	}
  
- 	if experimentalDaemon {
+ 	if testEnv.ExperimentalDaemon() {
diff --git a/netlink_netns_powerpc.patch b/netlink_netns_powerpc.patch
deleted file mode 100644
index 85f8b4a..0000000
--- a/netlink_netns_powerpc.patch
+++ /dev/null
@@ -1,16 +0,0 @@
----
- vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go |    7 +++++++
- 1 file changed, 7 insertions(+)
-
-Index: docker-1.10.2/vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go
-===================================================================
---- /dev/null
-+++ docker-1.10.2/vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go
-@@ -0,0 +1,7 @@
-+// +build linux,ppc64
-+
-+package netns
-+
-+const (
-+	SYS_SETNS = 350
-+)
diff --git a/pr31549-cmd-docker-fix-TestDaemonCommand.patch b/pr31549-cmd-docker-fix-TestDaemonCommand.patch
deleted file mode 100644
index 3cad3ae..0000000
--- a/pr31549-cmd-docker-fix-TestDaemonCommand.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From dd7159060f60ea04007c069df189a29fda2c655f Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai <asarai@suse.de>
-Date: Sun, 5 Mar 2017 15:25:11 +1100
-Subject: [PATCH] cmd: docker: fix TestDaemonCommand
-
-In more recent versions of Cobra, `--help` parsing is done before
-anything else resulting in TestDaemonCommand not actually passing. I'm
-actually unsure if this test ever passed since it appears that !daemon
-is not being run as part of the test suite.
-
-Signed-off-by: Aleksa Sarai <asarai@suse.de>
----
- cmd/docker/daemon_none.go      | 6 ++++--
- cmd/docker/daemon_none_test.go | 2 +-
- 2 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/cmd/docker/daemon_none.go b/cmd/docker/daemon_none.go
-index 65f9f37be22f..6fbd00012526 100644
---- a/cmd/docker/daemon_none.go
-+++ b/cmd/docker/daemon_none.go
-@@ -12,8 +12,10 @@ import (
- 
- func newDaemonCommand() *cobra.Command {
- 	return &cobra.Command{
--		Use:    "daemon",
--		Hidden: true,
-+		Use:                "daemon",
-+		Hidden:             true,
-+		Args:               cobra.ArbitraryArgs,
-+		DisableFlagParsing: true,
- 		RunE: func(cmd *cobra.Command, args []string) error {
- 			return runDaemon()
- 		},
-diff --git a/cmd/docker/daemon_none_test.go b/cmd/docker/daemon_none_test.go
-index 32032fe1b344..bd42add98696 100644
---- a/cmd/docker/daemon_none_test.go
-+++ b/cmd/docker/daemon_none_test.go
-@@ -10,7 +10,7 @@ import (
- 
- func TestDaemonCommand(t *testing.T) {
- 	cmd := newDaemonCommand()
--	cmd.SetArgs([]string{"--help"})
-+	cmd.SetArgs([]string{"--version"})
- 	err := cmd.Execute()
- 
- 	assert.Error(t, err, "Please run `dockerd`")
--- 
-2.12.0
-
diff --git a/pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch b/pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
deleted file mode 100644
index 0e853d5..0000000
--- a/pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 790a81ea9acce318d0e037771c253951b874140b Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai <asarai@suse.de>
-Date: Mon, 13 Mar 2017 14:57:35 +1100
-Subject: [PATCH] daemon: also ensureDefaultApparmorProfile in exec path
-
-When 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor
-profiles") was merged, it didn't correctly handle the exec path if
-AppArmor profiles were deleted. Fix this by duplicating the
-ensureDefaultApparmorProfile code in the exec code.
-
-Fixes: 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor profiles")
-Signed-off-by: Aleksa Sarai <asarai@suse.de>
----
- daemon/exec_linux.go | 23 +++++++++++++++++++++++
- 1 file changed, 23 insertions(+)
-
-diff --git a/daemon/exec_linux.go b/daemon/exec_linux.go
-index 5aeedc347027..bb11c11e447c 100644
---- a/daemon/exec_linux.go
-+++ b/daemon/exec_linux.go
-@@ -5,6 +5,7 @@ import (
- 	"github.com/docker/docker/daemon/caps"
- 	"github.com/docker/docker/daemon/exec"
- 	"github.com/docker/docker/libcontainerd"
-+	"github.com/opencontainers/runc/libcontainer/apparmor"
- 	"github.com/opencontainers/runtime-spec/specs-go"
- )
- 
-@@ -23,5 +24,27 @@ func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainer
- 	if ec.Privileged {
- 		p.Capabilities = caps.GetAllCapabilities()
- 	}
-+	if apparmor.IsEnabled() {
-+		var appArmorProfile string
-+		if c.AppArmorProfile != "" {
-+			appArmorProfile = c.AppArmorProfile
-+		} else if c.HostConfig.Privileged {
-+			appArmorProfile = "unconfined"
-+		} else {
-+			appArmorProfile = "docker-default"
-+		}
-+
-+		if appArmorProfile == "docker-default" {
-+			// Unattended upgrades and other fun services can unload AppArmor
-+			// profiles inadvertently. Since we cannot store our profile in
-+			// /etc/apparmor.d, nor can we practically add other ways of
-+			// telling the system to keep our profile loaded, in order to make
-+			// sure that we keep the default profile enabled we dynamically
-+			// reload it if necessary.
-+			if err := ensureDefaultAppArmorProfile(); err != nil {
-+				return err
-+			}
-+		}
-+	}
- 	return nil
- }
--- 
-2.12.0
-
diff --git a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
index 600b8e4..ae078b6 100644
--- a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+++ b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
@@ -66,7 +66,7 @@ index 000000000000..591abc998e67
 +	"syscall"
 +
 +	"github.com/Sirupsen/logrus"
-+	"github.com/docker/distribution/digest"
++	"github.com/opencontainers/go-digest"
 +	"github.com/docker/docker/container"
 +
 +	swarmtypes "github.com/docker/docker/api/types/swarm"