diff --git a/Jenkinsfile b/Jenkinsfile
index 0da60746..840433ee 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -6,25 +6,12 @@
 // This list is ordered by Distro (alphabetically), and release (chronologically).
 // When adding a distro here, also open a pull request in the release repository.
 def images = [
-    [image: "docker.io/library/amazonlinux:2",          arches: ["aarch64"]],
-    [image: "docker.io/library/centos:7",               arches: ["amd64", "aarch64"]],
-    [image: "docker.io/dockereng/rhel:7-s390x",         arches: ["s390x"]],
-    [image: "docker.io/library/centos:8",               arches: ["amd64", "aarch64"]],
-    [image: "docker.io/library/debian:buster",          arches: ["amd64", "aarch64", "armhf"]], // Debian 10 (EOL: 2024)
-    [image: "docker.io/library/fedora:32",              arches: ["amd64", "aarch64"]],
-    [image: "docker.io/library/fedora:33",              arches: ["amd64", "aarch64"]],
-    [image: "docker.io/library/fedora:rawhide",         arches: ["amd64"]],                     // Rawhide is the name given to the current development version of Fedora
-    [image: "docker.io/opensuse/leap:15",               arches: ["amd64"]],
-    [image: "docker.io/balenalib/rpi-raspbian:buster",  arches: ["armhf"]],
-    [image: "docker.io/library/ubuntu:xenial",          arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 16.04 LTS (End of support: April, 2021. EOL: April, 2024)
-    [image: "docker.io/library/ubuntu:bionic",          arches: ["amd64", "aarch64", "armhf", "s390x"]], // Ubuntu 18.04 LTS (End of support: April, 2023. EOL: April, 2028)
-    [image: "docker.io/library/ubuntu:focal",           arches: ["amd64", "aarch64"]],          // Ubuntu 20.04 LTS (End of support: April, 2025. EOL: April, 2030)
-    [image: "docker.io/library/ubuntu:groovy",          arches: ["amd64", "aarch64"]],          // Ubuntu 20.10 (EOL: July, 2021)
+    [image: "docker.io/library/ubuntu:focal",           arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 20.04 LTS (End of support: April, 2025. EOL: April, 2030)
 ]
 
 def generatePackageStep(opts, arch) {
     return {
-        wrappedNode(label: "linux&&${arch}") {
+        wrappedNode(label: "ubuntu-2004&&${arch}") {
             stage("${opts.image}-${arch}") {
                 try {
                     sh 'docker version'
@@ -52,35 +39,13 @@ def generatePackageSteps(opts) {
     }
 }
 
-def packageBuildSteps = [
-    "windows": { ->
-        node("windows-2019") {
-            stage("windows") {
-                try {
-                    checkout scm
-                    sh("make -f Makefile.win archive")
-                } finally {
-                    deleteDir()
-                }
-            }
-        }
-    }
-]
+def packageBuildSteps = [:]
 
 packageBuildSteps << images.collectEntries { generatePackageSteps(it) }
 
 pipeline {
     agent none
     stages {
-        stage('Check file headers') {
-            agent { label 'linux&&amd64' }
-            steps{
-                script{
-                    checkout scm
-                    sh "make validate"
-                }
-            }
-        }
         stage('Build packages') {
             steps {
                 script {
diff --git a/Makefile b/Makefile
index 3e546862..521cc3d5 100644
--- a/Makefile
+++ b/Makefile
@@ -94,7 +94,21 @@ build:
 	@if [ -z "$(BUILD_BASE)" ]; then echo "Invalid build image $(BUILD_IMAGE) no build base found"; exit 1; fi
 	@if [ -z "$(BUILD_TYPE)" ]; then echo "Invalid build image $(BUILD_IMAGE) no build type found"; exit 1; fi
 
-	@set -x; DOCKER_BUILDKIT=1 docker build \
+#	@set -x; DOCKER_BUILDKIT=1 docker build \
+#		--pull \
+#		--build-arg GOLANG_IMAGE="$(GOLANG_IMAGE)" \
+#		--build-arg BUILD_IMAGE="$(BUILD_IMAGE)" \
+#		--build-arg BASE="$(BUILD_BASE)" \
+#		--build-arg CREATE_ARCHIVE="$(CREATE_ARCHIVE)" \
+#		--build-arg UID="$(shell id -u)" \
+#		--build-arg GID="$(shell id -g)" \
+#		--file="dockerfiles/$(BUILD_TYPE).dockerfile" \
+#		--progress="$(PROGRESS)" \
+#		--target="$(TARGET)" \
+#		--output=. \
+#		.
+#
+	@set -x; DOCKER_BUILDKIT=0 docker build \
 		--pull \
 		--build-arg GOLANG_IMAGE="$(GOLANG_IMAGE)" \
 		--build-arg BUILD_IMAGE="$(BUILD_IMAGE)" \
@@ -102,11 +116,15 @@ build:
 		--build-arg CREATE_ARCHIVE="$(CREATE_ARCHIVE)" \
 		--build-arg UID="$(shell id -u)" \
 		--build-arg GID="$(shell id -g)" \
-		--file="dockerfiles/$(BUILD_TYPE).dockerfile" \
+		--file="dockerfiles/$(BUILD_TYPE).dockerfile.nobuildkit" \
 		--progress="$(PROGRESS)" \
 		--target="$(TARGET)" \
-		--output=. \
+		--tag=containerd \
 		.
+	@set -x; export cid=$$(docker create containerd sh); \
+	docker cp $$cid:/archive/ ./; \
+	docker cp $$cid:/build/ ./; \
+	docker rm -f $$cid
 
 .PHONY: validate
 validate: ## Validate files license header
diff --git a/dockerfiles/deb.dockerfile b/dockerfiles/deb.dockerfile
index 00c0dc21..36c9b018 100644
--- a/dockerfiles/deb.dockerfile
+++ b/dockerfiles/deb.dockerfile
@@ -70,11 +70,9 @@ FROM build-env AS build-packages
 RUN mkdir -p /archive /build
 COPY common/containerd.service common/containerd.toml /root/common/
 ARG CREATE_ARCHIVE
-# NOTE: not using a cache-mount for /root/.cache/go-build, to prevent issues
-#       with CGO when building multiple distros on the same machine / build-cache
-RUN --mount=type=bind,from=golang,source=/usr/local/go/,target=/usr/local/go/ \
-    --mount=type=bind,source=/src,target=/go/src,rw \
-    /root/build-deb
+COPY --from=golang /usr/local/go/ /usr/local/go/
+COPY /src /go/src
+RUN /root/build-deb
 ARG UID=0
 ARG GID=0
 RUN chown -R ${UID}:${GID} /archive /build
diff --git a/dockerfiles/deb.dockerfile.nobuildkit b/dockerfiles/deb.dockerfile.nobuildkit
new file mode 100644
index 00000000..36c9b018
--- /dev/null
+++ b/dockerfiles/deb.dockerfile.nobuildkit
@@ -0,0 +1,104 @@
+# syntax=docker/dockerfile:experimental
+
+
+#   Copyright 2018-2020 Docker Inc.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+ARG BUILD_IMAGE=ubuntu:bionic
+ARG GOLANG_IMAGE=golang:latest
+
+# Install golang from the official image, since the package managed
+# one probably is too old and ppa's don't cover all distros
+FROM ${GOLANG_IMAGE} AS golang
+
+FROM golang AS go-md2man
+ARG GOPROXY=direct
+ARG GO111MODULE=on
+ARG MD2MAN_VERSION=v2.0.0
+RUN go get github.com/cpuguy83/go-md2man/v2/@${MD2MAN_VERSION}
+
+FROM ${BUILD_IMAGE} AS distro-image
+
+FROM distro-image AS build-env
+RUN mkdir -p /go
+ENV GOPATH=/go
+ENV PATH="${PATH}:/usr/local/go/bin:${GOPATH}/bin"
+ENV IMPORT_PATH=github.com/containerd/containerd
+ENV GO_SRC_PATH="/go/src/${IMPORT_PATH}"
+ARG DEBIAN_FRONTEND=noninteractive
+WORKDIR /root/containerd
+
+# Install some pre-reqs
+# NOTE: not using a cache-mount for apt, to prevent issues when building multiple
+#       distros on the same machine / build-cache
+RUN apt-get update -q && apt-get install -y --no-install-recommends \
+    curl \
+    devscripts \
+    equivs \
+    git \
+    lsb-release \
+ && apt-get clean \
+ && rm -rf /var/cache/apt /var/lib/apt/lists/*
+
+# Install build dependencies and build scripts
+COPY --from=go-md2man /go/bin/go-md2man /go/bin/go-md2man
+COPY debian/ debian/
+# NOTE: not using a cache-mount for apt, to prevent issues when building multiple
+#       distros on the same machine / build-cache
+RUN apt-get update -q \
+ && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i debian/control \
+ && apt-get clean \
+ && rm -rf /var/cache/apt /var/lib/apt/lists/*
+COPY scripts/build-deb    /root/
+COPY scripts/.helpers     /root/
+
+ARG PACKAGE
+ENV PACKAGE=${PACKAGE:-containerd.io}
+
+FROM build-env AS build-packages
+RUN mkdir -p /archive /build
+COPY common/containerd.service common/containerd.toml /root/common/
+ARG CREATE_ARCHIVE
+COPY --from=golang /usr/local/go/ /usr/local/go/
+COPY /src /go/src
+RUN /root/build-deb
+ARG UID=0
+ARG GID=0
+RUN chown -R ${UID}:${GID} /archive /build
+
+# Verify that installing the package succeeds succesfully, and if we're able
+# to run both containerd and runc. This is just a rudimentary check to make
+# sure that package dependencies are installed and that the binaries are not
+# completely defunct.
+FROM distro-image AS verify-packages
+COPY --from=build-packages /build /build
+# NOTE: not using a cache-mount for apt, to prevent issues when building multiple
+#       distros on the same machine / build-cache
+RUN apt-get update -q \
+ && dpkg --force-depends -i $(find /build -mindepth 3 -type f -name containerd.io_*.deb) || true; \
+    apt-get -y install --no-install-recommends --fix-broken \
+ && apt-get clean \
+ && rm -rf /var/cache/apt /var/lib/apt/lists/*
+RUN containerd --version
+RUN ctr --version
+RUN runc --version
+
+FROM scratch AS packages
+COPY --from=build-packages  /archive /archive
+COPY --from=verify-packages /build   /build
+
+# This stage is mainly for debugging (running the build interactively with mounted source)
+FROM build-env AS runtime
+COPY --from=golang /usr/local/go/ /usr/local/go/
+COPY common/containerd.service common/containerd.toml /root/common/