automatic import of dockeropeneuler24.03_LTSopeneuler22.03_LTS_SP4openeuler22.03_LTS_SP3openeuler20.03

9 files changed, 476 insertions, 422 deletions

diff --git a/.gitignore b/.gitignore
index 44912ee..457a225 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,4 @@
 /v27.2.1.tar.gz
+/cli-27.2.1.tar.gz
+/moby-27.2.1.tar.gz
+/tini-0.19.0.tar.gz
diff --git a/0003-add-loongarch64-seccomp-support.patch b/0003-add-loongarch64-seccomp-support.patch
new file mode 100644
index 0000000..e2b320f
--- /dev/null
+++ b/0003-add-loongarch64-seccomp-support.patch
@@ -0,0 +1,91 @@
+diff --git a/oci/fixtures/default.json b/oci/fixtures/default.json
+index 8d4d211..b63bfc9 100644
+--- a/oci/fixtures/default.json
++++ b/oci/fixtures/default.json
+@@ -47,6 +47,10 @@
+ 			"subArchitectures": [
+ 				"SCMP_ARCH_S390"
+ 			]
++		},
++		{
++			"architecture": "SCMP_ARCH_LOONGARCH64",
++			"subArchitectures": null
+ 		}
+ 	],
+ 	"syscalls": [
+@@ -810,4 +814,4 @@
+ 			"excludes": {}
+ 		}
+ 	]
+-}
+\ No newline at end of file
++}
+diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
+index c4d9110..3501693 100644
+--- a/profiles/seccomp/default.json
++++ b/profiles/seccomp/default.json
+@@ -52,6 +52,10 @@
+ 		{
+ 			"architecture": "SCMP_ARCH_RISCV64",
+ 			"subArchitectures": null
++		},
++		{
++			"architecture": "SCMP_ARCH_LOONGARCH64",
++			"subArchitectures": null
+ 		}
+ 	],
+ 	"syscalls": [
+@@ -830,4 +834,4 @@
+ 			}
+ 		}
+ 	]
+-}
+\ No newline at end of file
++}
+diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
+index 09fb337..3834bab 100644
+--- a/profiles/seccomp/default_linux.go
++++ b/profiles/seccomp/default_linux.go
+@@ -38,6 +38,10 @@ func arches() []Architecture {
+ 		{
+ 			Arch:      specs.ArchRISCV64,
+ 			SubArches: nil,
++		},
++				{
++			Arch:      specs.ArchLOONGARCH64,
++			SubArches: nil,
+ 		},
+ 	}
+ }
+diff --git a/profiles/seccomp/seccomp_linux.go b/profiles/seccomp/seccomp_linux.go
+index 4d8fed6..9eb0741 100644
+--- a/profiles/seccomp/seccomp_linux.go
++++ b/profiles/seccomp/seccomp_linux.go
+@@ -41,6 +41,7 @@ var nativeToSeccomp = map[string]specs.Arch{
+ 	"ppc64le":     specs.ArchPPC64LE,
+ 	"s390":        specs.ArchS390,
+ 	"s390x":       specs.ArchS390X,
++	"loong64":     specs.ArchLOONGARCH64,
+ }
+ 
+ // GOARCH => libseccomp string
+@@ -59,6 +60,7 @@ var goToNative = map[string]string{
+ 	"ppc64le":     "ppc64le",
+ 	"s390":        "s390",
+ 	"s390x":       "s390x",
++	"loong64":     "loong64",
+ }
+ 
+ // inSlice tests whether a string is contained in a slice of strings or not.
+diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+index 4e7717d..96e04af 100644
+--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
++++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+@@ -741,6 +741,7 @@ const (
+ 	ArchPARISC      Arch = "SCMP_ARCH_PARISC"
+ 	ArchPARISC64    Arch = "SCMP_ARCH_PARISC64"
+ 	ArchRISCV64     Arch = "SCMP_ARCH_RISCV64"
++	ArchLOONGARCH64 Arch = "SCMP_ARCH_LOONGARCH64"
+ )
+ 
+ // LinuxSeccompAction taken upon Seccomp rule match
diff --git a/0004-fix-docker-swarm-run-failed-for-loongarch64.patch b/0004-fix-docker-swarm-run-failed-for-loongarch64.patch
new file mode 100644
index 0000000..97f621c
--- /dev/null
+++ b/0004-fix-docker-swarm-run-failed-for-loongarch64.patch
@@ -0,0 +1,30 @@
+From d982ada96908ceef19f30d88ffda5e7956c2809e Mon Sep 17 00:00:00 2001
+From: Super User <root@localhost.localdomain>
+Date: Wed, 10 Jul 2024 17:27:20 +0800
+Subject: [PATCH] fix docker swarm run failed for loongarch64
+
+---
+ .../moby/swarmkit/v2/manager/scheduler/filter.go          | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/vendor/github.com/moby/swarmkit/v2/manager/scheduler/filter.go b/vendor/github.com/moby/swarmkit/v2/manager/scheduler/filter.go
+index 4e0bb9f..97847e1 100644
+--- a/vendor/github.com/moby/swarmkit/v2/manager/scheduler/filter.go
++++ b/vendor/github.com/moby/swarmkit/v2/manager/scheduler/filter.go
+@@ -305,6 +305,14 @@ func (f *PlatformFilter) platformEqual(imgPlatform, nodePlatform api.Platform) b
+ 		nodePlatform.Architecture = "arm64"
+ 	}
+ 
++	// normalize "loongarch64" architectures to "loong64"
++        if imgPlatform.Architecture == "loongarch64" {
++                imgPlatform.Architecture = "loong64"
++        }
++        if nodePlatform.Architecture == "loongarch64" {
++                nodePlatform.Architecture = "loong64"
++        }
++
+ 	if (imgPlatform.Architecture == "" || imgPlatform.Architecture == nodePlatform.Architecture) && (imgPlatform.OS == "" || imgPlatform.OS == nodePlatform.OS) {
+ 		return true
+ 	}
+-- 
+2.43.0
diff --git a/docker.service b/docker.service
new file mode 100644
index 0000000..f3da344
--- /dev/null
+++ b/docker.service
@@ -0,0 +1,48 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+After=network-online.target docker.socket firewalld.service
+Wants=network-online.target
+Requires=docker.socket
+
+[Service]
+Type=notify
+EnvironmentFile=-/etc/sysconfig/docker
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+ExecStart=/usr/bin/dockerd -H fd:// $OPTIONS
+ExecReload=/bin/kill -s HUP $MAINPID
+TimeoutSec=0
+RestartSec=2
+Restart=always
+
+# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
+# Both the old, and new location are accepted by systemd 229 and up, so using the old location
+# to make them work for either version of systemd.
+StartLimitBurst=3
+
+# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
+# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
+# this option work for either version of systemd.
+StartLimitInterval=5s
+
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+
+# Comment TasksMax if your systemd version does not support it.
+# Only systemd 226 and above support this option.
+TasksMax=infinity
+
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
+
+# kill only the docker process, not all processes in the cgroup
+KillMode=process
+OOMScoreAdjust=-500
+
+[Install]
+WantedBy=multi-user.target
diff --git a/docker.socket b/docker.socket
new file mode 100644
index 0000000..9db5049
--- /dev/null
+++ b/docker.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=Docker Socket for the API
+
+[Socket]
+ListenStream=/var/run/docker.sock
+SocketMode=0660
+SocketUser=root
+SocketGroup=docker
+
+[Install]
+WantedBy=sockets.target
diff --git a/docker.spec b/docker.spec
deleted file mode 100644
index ad6dafc..0000000
--- a/docker.spec
+++ /dev/null
@@ -1,421 +0,0 @@
-Name: docker
-Version: 27.2.1
-Release: 1
-Epoch: 2
-Summary: The open-source application container engine
-
-License: Apache-2.0
-Source0: https://github.com/docker/cli/archive/refs/tags/v%{version}.tar.gz
-
-URL: https://www.docker.com
-
-# required packages for build
-# most are already in the container (see contrib/builder/rpm/ARCH/generate.sh)
-BuildRequires: pkgconfig(systemd) golang >= 1.8.3 btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel
-BuildRequires: libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel
-BuildRequires: tar containerd runc docker-proxy git
-
-# required packages on install
-Requires: /bin/sh iptables tar xz device-mapper-libs >= 1.02.90-1 systemd-units
-
-# conflicting packages
-Provides: docker
-Conflicts: docker-io
-Conflicts: docker-engine-cs
-
-%description
-Docker is an open source project to build, ship and run any application as a
-lightweight container.
-
-Docker containers are both hardware-agnostic and platform-agnostic. This means
-they can run anywhere, from your laptop to the largest EC2 compute instance and
-everything in between - and they don't require you to use a particular
-language, framework or packaging system. That makes them great building blocks
-for deploying and scaling web apps, databases, and backend services without
-depending on a particular stack or provider.
-
-%prep
-%autosetup -p1 -n cli-%{version}
-
-%build
-export GOPATH="$srcdir"
-export PATH="$GOPATH/bin:$PATH"
-export CGO_CPPFLAGS="${CPPFLAGS}"
-export CGO_CFLAGS="${CFLAGS}"
-export CGO_CXXFLAGS="${CXXFLAGS}"
-export CGO_LDFLAGS="${LDFLAGS}"
-export LDFLAGS=''
-export GOFLAGS='-buildmode=pie -trimpath -mod=readonly -modcacherw -ldflags=-linkmode=external -ldflags=-compressdwarf=false -ldflags=-B=gobuildid'
-export GO111MODULE=off
-export DISABLE_WARN_OUTSIDE_CONTAINER=1
-
-make VERSION=%{version} dynbinary
-make manpages
-
-%install
-
-# list files owned by the package here
-%files
-
-%changelog
-* Thu Sep 12 2024 Funda Wang <fundawang@yeah.net> - 2:27.2.1-1
-- update to 27.2.1
-
-* Sat Aug 31 2024 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-341
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:try to reconnect when containerd grpc return unexpected EOF
-
-* Fri Aug 02 2024 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-340
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:add clone3 seccomp whitelist for arm64
-
-* Fri Jul 26 2024 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-339
-- Type:CVE
-- CVE:CVE-2024-41110
-- SUG:NA
-- DESC:fix CVE-2024-41110
-
-* Mon Jul 15 2024 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-338
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:Ignore SIGURG on Linux
-
-* Fri Jun 07 2024 suoxiaocong <suoxiaocong@kylinos.cn> - 18.09.0-337
-- Type:BUG
-- CVE:NA
-- SUG:NA
-- DESC:remove ifarch condition check when addding source, this causes src.rpm missing files
-
-* Wed May 08 2024 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-336
-- Type:CVE
-- CVE:CVE-2024-32473
-- SUG:NA
-- DESC:fix CVE-2024-32473
-
-* Fri Apr 12 2024 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-335
-- Type:CVE
-- CVE:CVE-2024-29018
-- SUG:NA
-- DESC:fix CVE-2024-29018
-
-* Tue Mar 19 2024 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-334
-- Type:CVE
-- CVE:CVE-2024-24557
-- SUG:NA
-- DESC:fix CVE-2024-24557
-
-* Fri Dec 22 2023 Lu Jingxiao<lujingxiao@huawei.com> - 2:18.09.0-333
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:sync patches from upstream
-
-* Fri Nov 17 2023 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-332
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:modify runc rpm package name to runc
-
-* Thu Oct 12 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-331
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:add delay after freeze
-
-* Mon Oct 09 2023 Lu Jingxiao<lujingxiao@huawei.com> - 18.09.0-330
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:fix COPY --from should preserve ownership
-
-* Sat Aug 26 2023 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-329
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:remove useless mount point dir
-
-* Fri Jul 28 2023 jingxiaolu<lujingxiao@huawei.com> - 18.09.0-328
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:define a dummy hostname to use for local connections
-
-* Wed Jul 12 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-327
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:remove invalid libcgroup dependencies
-
-* Thu Jun 29 2023 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-326
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:repalce unix.Rmdir with os.RemoveAll when remove mount point dir
-
-* Tue Jun 27 2023 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-325
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:fix blockThreshold full bug
-
-* Thu Jun 08 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-324
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:thinpool full because docker daemon restart when docker pull
-
-* Thu Apr 06 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-323
-- Type:CVE
-- CVE:CVE-2023-28840,CVE-2023-28841,CVE-2023-28842
-- SUG:NA
-- DESC:fix CVE-2023-28840,CVE-2023-28841,CVE-2023-28842
-
-* Wed Mar 29 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-322
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:sync some patches
-
-* Thu Mar 16 2023 zhaozhen <zhaozhen@loongson.cn> - 2:18.09.0-321
-- Type:feature
-- CVE:NA
-- SUG:NA
-- DESC:add loongarch64 support for docker
-
-* Wed Mar 15 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-320
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:try http for docker manifest insecure
-
-* Tue Mar 14 2023 JackChan8<chenjiankun1@huawei.com> - 18.09.0-319
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:fix container missing after restarting dockerd twice
-
-* Fri Mar 10 2023 Song Zhang<zhangsong34@huawei.com> - 18.09.0-318
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:docker stats: fix 'panic: close of closed channel'
-
-* Fri Feb 17 2023 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-317
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:set freezer.state to Thawed to increase freeze chances
-
-* Thu Dec 01 2022 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-316
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:do not stop health check before sending signal
-
-* Thu Nov 24 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-315
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:using VERSION-vendor to record version
-
-* Tue Nov 22 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-314
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:fix dockerd core when release network
-
-* Tue Nov 22 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-313
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:cleanup netns file when stop docker daemon
-
-* Mon Oct 17 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-312
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:change runc original install location (/usr/local/bin --> /usr/bin) to fix compile problem
-
-* Wed Sep 21 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-311
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:add epoch for easy upgrade
-
-* Thu Sep 15 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-310
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:ensure layer digest folder removed if ls.driver.Remove fails
-
-* Thu Sep 15 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-309
-- Type:CVE
-- CVE:CVE-2022-36109
-- SUG:NA
-- DESC:fix CVE-2022-36109
-
-* Tue Sep 13 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-308
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:Add an ExitPid field for State struct to record exit process id
-
-* Tue Sep 13 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-307
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:fix terminal abnormal after docker run
-
-* Wed Jun 29 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-306
-- Type:CVE
-- CVE:CVE-2021-41092
-- SUG:NA
-- DESC:fix CVE-2021-41092
-
-* Wed Jun 29 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-305
-- Type:CVE
-- CVE:CVE-2021-41091
-- SUG:NA
-- DESC:fix CVE-2021-41091
-
-* Wed Jun 29 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-304
-- Type:CVE
-- CVE:CVE-2021-41089
-- SUG:NA
-- DESC:fix CVE-2021-41089
-
-* Wed Jun 29 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-303
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:close channel in write side to avoid panic in docker stats
-
-* Tue Jun 28 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-302
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:fix status inconsistent after restart container
-
-* Thu Jun 16 2022 duyiwei <duyiwei@kylinos.cn> - 18.09.0-301
-- Type:bugfix
-- CVE:CVE-2022-24769
-- SUG:NA
-- DESC:fix CVE-2022-24769
-
-* Tue Mar 22 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-300
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:sync from internal
-
-* Wed Mar 02 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-120
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:Use original process spec for execs
-
-* Tue Dec 28 2021 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-119
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:disable go module build
-
-* Sun Sep 26 2021 xiadanni<xiadanni1@huawei.com> - 18.09.0-118
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:update seccomp whitelist to Linux 5.10 syscall list
-
-* Wed Sep 08 2021 xiadanni<xiadanni1@huawei.com> - 18.09.0-117
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:add clone3 to seccomp whitelist to fix curl failed in X86
-
-* Fri Sep 03 2021 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-116
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:enable debuginfo
-
-* Thu Apr 01 2021 wangfengtu<wangfengtu@huawei.com> - 18.09.0-115
-- Type:bugfix
-- CVE:NA
-- SUG:NA
-- DESC:rollback if docker restart when doing BlkDiscard
-
-* Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 18.09.0-114
-- Type:bugfix
-- CVE:CVE-2021-21284,CVE-2021-21285
-- SUG:NA
-- DESC:sync bugfix, include:
-       1.fix execCommands leak in health-check
-       2.check containerd pid before kill it
-       3.fix CVE-2021-21284
-       4.fix CVE-2021-21285
-
-* Tue Feb 09 2021 lixiang<lixiang172@huawei.com> - 18.09.0-113
-- Type:enhancement
-- CVE:NA
-- SUG:restart
-- DESC:remove go-md2man build require
-
-* Mon Jan 18 2021 yangyanchao<yangyanchao6@huawei.com> - 18.09.0-111
-- Type:requirement
-- ID:NA
-- CVE:NA
-- SUG:restart
-- docker:components:add config files for riscv
-
-* Mon Jan 4 2021 jingrui<jingrui@huawei.com> - 18.09.0-107
-- Type:bugfix
-- ID:NA
-- SUG:NA
-- DESC:sync bugfix include
-  1. fix image cleanup failed.
-  2. cleanup load tmp files.
-  3. kill residual container process.
-  4. resume suspend dm device.
-  5. dont kill containerd during dockerd starting.
-  6. handle exit event for restore failed container.
-  7. wait io with timeout when start failed.
-  8. support hostname mirror registry.
-  9. mask unused proc files.
-
-* Tue Dec 8 2020 xiadanni<xiadanni1@huawei.com> - 18.09.0-104
-- Type:bugfix
-- ID:NA
-- SUG:NA
-- DESC:runc don't deny all devices when update cgroup resource
-
-* Thu Dec 3 2020 xiadanni<xiadanni1@huawei.com> - 18.09.0-103
-- Type:bugfix
-- ID:NA
-- SUG:restart
-- DESC:containerd fix CVE-2020-15257
-
-* Fri Nov 27 2020 liuzekun<liuzekun@huawei.com> - 18.09.0-102
-- Type:bugfix
-- ID:NA
-- CVE:NA
-- SUG:restart
-- DESC:
-1.delete stale containerd object on start failure
-2.remove redundant word item
-3.delete event is not need to process
-4.stat process exit file when kill process dire
-5.sync cli vendor
-6.fix CVE-2020-13401
-7.do not add w to LDFLAGS
-8.add files in proc for mask
-9.fix docker load files leak
-10.do not sync if BYPAAS_SYNC is false
-11.fix panic on single character volumes
-12.fix stats memory usage display error
-13.add more messages for ops when device not found
-14.mask proc pin_memory
diff --git a/docker.sysconfig b/docker.sysconfig
new file mode 100644
index 0000000..426ec3c
--- /dev/null
+++ b/docker.sysconfig
@@ -0,0 +1,7 @@
+# /etc/sysconfig/docker
+ 
+# Modify these options if you want to change the way the docker daemon runs
+OPTIONS="--log-driver=journald \
+  --live-restore \
+  --default-ulimit nofile=1024:1024 \
+"
diff --git a/moby.spec b/moby.spec
new file mode 100644
index 0000000..5ecbe8d
--- /dev/null
+++ b/moby.spec
@@ -0,0 +1,283 @@
+%global _gitcommit_engine f417435 
+%global _gitcommit_cli 4debf41
+%global _source_engine moby-%{version}
+%global _source_client cli-%{version}
+%global _source_docker_init tini-0.19.0
+%define _debugsource_template %{nil}
+
+Name: 	  docker
+Version:  27.2.1
+Release:  1
+Summary:  The open-source application container engine
+License:  ASL 2.0
+URL:	  https://www.docker.com
+# https://github.com/docker/cli/archive/refs/tags/v25.0.3.tar.gz
+Source0:  cli-%{version}.tar.gz
+# https://github.com/moby/moby/archive/refs/tags/v25.0.3.tar.gz
+Source1:  moby-%{version}.tar.gz
+# https://github.com/krallin/tini/archive/refs/tags/v0.19.0.tar.gz
+Source2:  tini-0.19.0.tar.gz
+Source3:  docker.service
+Source4:  docker.socket
+Source5:  docker.sysconfig
+Patch0002:  0003-add-loongarch64-seccomp-support.patch
+Patch0003:  0004-fix-docker-swarm-run-failed-for-loongarch64.patch
+
+Requires: %{name}-engine = %{version}-%{release}
+Requires: %{name}-client = %{version}-%{release}
+
+# conflicting packages
+Conflicts: docker-ce
+Conflicts: docker-io
+Conflicts: docker-engine-cs
+Conflicts: docker-ee
+
+%description
+Docker is a product for you to build, ship and run any application as a
+lightweight container.
+
+%package engine
+Summary: Docker daemon binary and related utilities
+
+Requires: /usr/sbin/groupadd
+Requires: runc
+Requires: container-selinux >= 2:2.74
+Requires: libseccomp >= 2.3
+Requires: systemd
+Requires: iptables
+Requires: libcgroup
+Requires: containerd
+Requires: tar
+Requires: xz
+
+BuildRequires: bash
+BuildRequires: ca-certificates
+BuildRequires: cmake
+BuildRequires: device-mapper-devel
+BuildRequires: gcc
+BuildRequires: git
+BuildRequires: glibc-static
+BuildRequires: libarchive
+BuildRequires: libseccomp-devel
+BuildRequires: libselinux-devel
+BuildRequires: libtool
+BuildRequires: libtool-ltdl-devel
+BuildRequires: make
+BuildRequires: pkgconfig
+BuildRequires: pkgconfig(systemd)
+BuildRequires: selinux-policy-devel
+BuildRequires: systemd-devel
+BuildRequires: tar
+BuildRequires: which
+BuildRequires: golang  >= 1.18.0
+
+%description engine
+Docker daemon binary and related utilities
+
+%package client
+Summary: Docker client binary and related utilities
+
+Requires: /bin/sh
+BuildRequires: libtool-ltdl-devel
+
+%description client
+Docker client binary and related utilities
+
+%prep
+%setup -q -n %{_source_client}
+%setup -q -T -n %{_source_engine} -b 1
+%patch -P0002 -p1
+%patch -P0003 -p1
+%setup -q -T -n %{_source_docker_init} -b 2
+
+%build
+export GO111MODULE=off
+# build docker daemon
+export DOCKER_GITCOMMIT=%{_gitcommit_engine}
+export DOCKER_BUILDTAGS="exclude_graphdriver_btrfs"
+
+pushd %{_builddir}/%{_source_engine}
+AUTO_GOPATH=1 VERSION=%{version} PRODUCT=docker hack/make.sh dynbinary
+popd
+
+# build docker-tini
+pushd %{_builddir}/%{_source_docker_init}
+cmake .
+make tini-static
+popd
+
+# build cli
+pushd %{_builddir}/%{_source_client}
+mkdir -p .gopath/src/github.com/docker/cli
+export GOPATH=`pwd`/.gopath
+rm -rf .gopath/src/github.com/docker/cli
+ln -s %{_builddir}/%{_source_client} .gopath/src/github.com/docker/cli
+pushd .gopath/src/github.com/docker/cli
+DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{version} GITCOMMIT=%{_gitcommit_cli} dynbinary
+popd
+popd
+
+%check
+# check for daemon
+ver="$(%{_builddir}/%{_source_engine}/bundles/dynbinary-daemon/dockerd --version)"; \
+    test "$ver" = "Docker version %{version}, build %{_gitcommit_engine}" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($ver) did not match" && exit 1)
+# check for client
+ver="$(%{_builddir}/%{_source_client}/build/docker --version)"; \
+    test "$ver" = "Docker version %{version}, build %{_gitcommit_cli}" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($ver) did not match" && exit 1)
+
+
+%install
+# install daemon binary
+install -D -p -m 0755 $(readlink -f %{_builddir}/%{_source_engine}/bundles/dynbinary-daemon/dockerd) %{buildroot}%{_bindir}/dockerd
+
+# install proxy
+install -D -p -m 0755 %{_builddir}/%{_source_engine}/bundles/dynbinary-daemon/docker-proxy %{buildroot}%{_bindir}/docker-proxy
+
+# install tini
+install -D -p -m 755 %{_builddir}/%{_source_docker_init}/tini-static %{buildroot}%{_bindir}/docker-init
+
+# install systemd scripts
+install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/docker.service
+install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/docker.socket
+
+# for additional args
+install -Dpm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/docker
+
+# install docker client
+install -p -m 0755 $(readlink -f %{_builddir}/%{_source_client}/build/docker) %{buildroot}%{_bindir}/docker
+
+# add bash, zsh, and fish completions
+install -d %{buildroot}%{_datadir}/bash-completion/completions
+install -d %{buildroot}%{_datadir}/zsh/vendor-completions
+install -d %{buildroot}%{_datadir}/fish/vendor_completions.d
+install -p -m 644 %{_builddir}/%{_source_client}/contrib/completion/bash/docker %{buildroot}%{_datadir}/bash-completion/completions/docker
+install -p -m 644 %{_builddir}/%{_source_client}/contrib/completion/zsh/_docker %{buildroot}%{_datadir}/zsh/vendor-completions/_docker
+install -p -m 644 %{_builddir}/%{_source_client}/contrib/completion/fish/docker.fish %{buildroot}%{_datadir}/fish/vendor_completions.d/docker.fish
+
+# add docs
+install -d %{buildroot}%{_pkgdocdir}
+install -p -m 644 %{_builddir}/%{_source_client}/{LICENSE,MAINTAINERS,NOTICE,README.md} %{buildroot}%{_pkgdocdir}
+
+%files
+# empty as it depends on engine and client
+
+%files engine
+%config(noreplace) %{_sysconfdir}/sysconfig/docker
+%{_bindir}/dockerd
+%{_bindir}/docker-proxy
+%{_bindir}/docker-init
+%{_unitdir}/docker.service
+%{_unitdir}/docker.socket
+
+%files client
+%{_bindir}/docker
+%{_datadir}/bash-completion/completions/docker
+%{_datadir}/zsh/vendor-completions/_docker
+%{_datadir}/fish/vendor_completions.d/docker.fish
+%doc %{_pkgdocdir}
+
+%post
+%systemd_post docker.service
+if ! getent group docker > /dev/null; then
+    groupadd --system docker
+fi
+
+%preun
+%systemd_preun docker.service docker.socket
+
+%postun
+%systemd_postun_with_restart docker.service
+
+%changelog
+* Thu Sep 12 2024 Funda Wang <fundawang@yeah.net> - 27.2.1-1
+- update to version 27.2.1
+
+* Fri Jul 26 2024 zhangxianting <zhangxianting@uniontechc.om> - 25.0.3-10
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DESC:fix CVE-2024-41110
+
+* Fri Jul 12 2024 lvxiangcong <lvxiangcong@kylinos.cn> - 25.0.3-9
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix docker swarm run failed for loongarch64
+
+* Tue Jul 02 2024 zhangbowei<zhangbowei@kylinos.cn> - 25.0.3-8
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix bug by using docker-proxy in the source file to get better compatibility
+
+* Fri Jun 28 2024 shechenglong<shechenglong@xfusion.com> - 25.0.3-7
+- DESC:software package name moby is changed to docker
+
+* Fri Jun 14 2024 zhaixiaojuan<zhaixiaojuan@loongson.cn> - 25.0.3-6
+- DESC:add loongarch64 seccomp support
+
+* Tue May 14 2024 wanglimin<wanglimin@xfusion.com> - 25.0.3-5
+- DESC:clean dependency between engine and cli
+
+* Sat May 11 2024 lvxiangcong<lvxiangcong@kylinos.cn> - 25.0.3-4
+- DESC:fix install error failed to docker.service does not exit
+
+* Mon Apr 22 2024 lvxiangcong<lvxiangcong@kylinos.cn> - 25.0.3-3
+- DESC:fix cve-2024-32473
+
+* Wed Apr 17 2024 lvxiangcong<lvxiangcong@kylinos.cn> - 25.0.3-2
+- DESC:fix cve-2024-29018
+
+* Tue Feb 06 2024 shechenglong<shechenglong@xfusion.com> - 25.0.3-1
+- DESC:update to 25.0.3
+
+* Thu Dec 28 2023 maokecheng<maokecheng@xfusion.com> - 20.10.24-7
+- Adapt docker-runc to be changed to runc
+
+* Tue Sep 26 2023 xulei<xulei@xfusion.com> - 20.10.24-6
+- Fix the missing socketGroup permissions for only installing moby-engine
+
+* Mon Sep 18 2023 xulei<xulei@xfusion.com> - 20.10.24-5
+- Optimize the apply patch method
+
+* Thu Sep 14 2023 xulei<xulei@xfusion.com> - 20.10.24-4
+- DESC: Fix missing runc dependencies
+        The declaration conflicts with the installation of docker-engine
+
+* Mon Sep 4 2023 xulei<xulei@xfusion.com> - 20.10.24-3
+- Fix the conflict libnetwork installation
+
+* Sun Jul 16 2023 xulei<xulei@xfusion.com> - 20.10.24-2
+- DESC: fix non-blocking awslogs log drop bug
+        fix panic if mount is not a volume
+
+* Mon Apr 10 2023 xulei<xulei@xfusion.com> - 20.10.24-1
+- DESC: update to 20.10.24
+
+* Tue Apr 4 2023 zhangzhihui<zhangzhihui@xfusion.com> - 20.10.23-3
+- DESC: sync upstream patch
+        Dockerfile: configure code dir as "safe" directory
+
+* Fri Mar 31 2023 zhangzhihui<zhangzhihui@xfusion.com> - 20.10.23-2
+- DESC: sync upstream patch to update containerd to v1.6.16
+
+* Wed Mar 29 2023 xulei<xulei@xfusion.com> - 20.10.23-1
+- DESC:update to 20.10.23
+
+* Wed Mar 8 2023 xulei<xulei@xfusion.com> - 20.10.21-4
+- DESC: enhance container behavior
+        1.stop docker.socket before uninstall docker.
+        2.container keep running when restart docker service.
+        3.when containerd exits abnormally, it can be automatically pulled up.
+        4.add some dockerd options.
+        5.change to BuildRequires golang-1.18.0
+
+* Wed Dec 28 2022 xulei<xulei@xfusion.com> - 20.10.21-3
+- DESC: change to BuildRequires golang-1.17.3
+
+* Wed Dec 21 2022 wanglimin<wanglimin@xfusion.com> - 20.10.21-2
+- DESC: revert any to interface{} temporarily to allow builtable with golang-1.17.x
+-       it will be withdrawed if golang upgrade to 1.18.x in the branch
+
+* Thu Dec 14 2022 wanglimin<wanglimin@xfusion.com> - 20.10.21-1
+- DESC: initial docker-20.10.21-1
diff --git a/sources b/sources
index 262fd3d..b9c0010 100644
--- a/sources
+++ b/sources
@@ -1 +1,3 @@
-43e4a95623054436bd6e690d9ceaf26c  v27.2.1.tar.gz
+43e4a95623054436bd6e690d9ceaf26c  cli-27.2.1.tar.gz
+bbb7eae4f0c407f2f11df26d90d02bd0  moby-27.2.1.tar.gz
+72935bca9232313409a052833068fb1d  tini-0.19.0.tar.gz