From 2426d76d93964f80297a31f3e10397592577cd69 Mon Sep 17 00:00:00 2001
From: CrazyMax <crazy-max@users.noreply.github.com>
Date: Thu, 1 Sep 2022 18:54:49 +0200
Subject: [PATCH] docker-cli package

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
---
 .github/workflows/build.yml           |   1 +
 pkg/credential-helpers/deb/rules      |   3 +
 pkg/docker-cli/.gitignore             |   1 +
 pkg/docker-cli/Dockerfile             | 312 ++++++++++++++++++++++++++
 pkg/docker-cli/Makefile               |  61 +++++
 pkg/docker-cli/deb/compat             |   1 +
 pkg/docker-cli/deb/control            |  52 +++++
 pkg/docker-cli/deb/docs               |   1 +
 pkg/docker-cli/deb/rules              |  40 ++++
 pkg/docker-cli/deb/source/format      |   1 +
 pkg/docker-cli/docker-bake.hcl        | 156 +++++++++++++
 pkg/docker-cli/rpm/docker-ce-cli.spec | 121 ++++++++++
 vars.mk                               |   7 +
 13 files changed, 757 insertions(+)
 create mode 100644 pkg/docker-cli/.gitignore
 create mode 100644 pkg/docker-cli/Dockerfile
 create mode 100644 pkg/docker-cli/Makefile
 create mode 100644 pkg/docker-cli/deb/compat
 create mode 100644 pkg/docker-cli/deb/control
 create mode 100644 pkg/docker-cli/deb/docs
 create mode 100644 pkg/docker-cli/deb/rules
 create mode 100644 pkg/docker-cli/deb/source/format
 create mode 100644 pkg/docker-cli/docker-bake.hcl
 create mode 100644 pkg/docker-cli/rpm/docker-ce-cli.spec

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index b11269e0..6c4701e5 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -29,6 +29,7 @@ jobs:
       fail-fast: false
       matrix:
         pkg:
+          - docker-cli
           - buildx
           - compose
           - credential-helpers
diff --git a/pkg/credential-helpers/deb/rules b/pkg/credential-helpers/deb/rules
index d51eaad8..9e71cc9a 100644
--- a/pkg/credential-helpers/deb/rules
+++ b/pkg/credential-helpers/deb/rules
@@ -8,6 +8,9 @@ override_dh_builddeb:
 override_dh_auto_build:
 	cd docker-credential-helpers && CGO_ENABLED=1 make build-secretservice build-pass DESTDIR=bin
 
+override_dh_strip:
+	# Go has lots of problems with stripping, so just don't
+
 override_dh_auto_install:
 	install -D docker-credential-helpers/bin/docker-credential-secretservice debian/docker-credential-secretservice/usr/bin/docker-credential-secretservice
 	install -D docker-credential-helpers/bin/docker-credential-pass debian/docker-credential-pass/usr/bin/docker-credential-pass
diff --git a/pkg/docker-cli/.gitignore b/pkg/docker-cli/.gitignore
new file mode 100644
index 00000000..5e56e040
--- /dev/null
+++ b/pkg/docker-cli/.gitignore
@@ -0,0 +1 @@
+/bin
diff --git a/pkg/docker-cli/Dockerfile b/pkg/docker-cli/Dockerfile
new file mode 100644
index 00000000..c7c8b196
--- /dev/null
+++ b/pkg/docker-cli/Dockerfile
@@ -0,0 +1,312 @@
+# syntax=docker/dockerfile:1
+
+# Copyright 2022 Docker Packaging authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG XX_VERSION="1.1.2"
+ARG ALPINE_VERSION="3.16"
+ARG DEBIAN_FRONTEND="noninteractive"
+
+# go
+ARG GO_IMAGE="golang"
+ARG GO_VERSION="1.18.5"
+ARG GO_IMAGE_VARIANT="buster"
+
+# pkg matrix
+ARG PKG_RELEASE="debian11"
+ARG PKG_TYPE="deb"
+ARG PKG_DISTRO="debian"
+ARG PKG_SUITE="bullseye"
+ARG PKG_BASE_IMAGE="debian:bullseye"
+
+# deb specific
+ARG PKG_DEB_EPOCH="5"
+ARG PKG_DEB_REVISION="0"
+
+# rpm specific
+ARG PKG_RPM_RELEASE="1"
+
+# cross compilation helper
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
+
+# osxcross contains the MacOSX SDK for xx
+FROM dockercore/golang-cross:xx-sdk-extras AS osxsdk
+
+# go base image to retrieve /usr/local/go
+FROM --platform=$BUILDPLATFORM ${GO_IMAGE}:${GO_VERSION}-${GO_IMAGE_VARIANT} AS go
+
+# dummy stage for unsupported platforms
+FROM --platform=$BUILDPLATFORM busybox AS builder-dummy
+RUN mkdir -p /out
+FROM scratch AS build-dummy
+COPY --from=builder-dummy /out /out
+
+# base stage for fetching sources and create final release
+FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS base
+RUN apk add --no-cache bash curl file git zip tar
+
+FROM base AS src
+WORKDIR /src
+ARG DOCKER_CLI_REPO
+RUN git init . && git remote add origin "${DOCKER_CLI_REPO}"
+ARG DOCKER_CLI_VERSION
+RUN git fetch origin "${DOCKER_CLI_VERSION}" +refs/heads/*:refs/remotes/origin/* +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
+
+FROM base AS src-tgz
+RUN --mount=from=src,source=/src,target=/cli \
+    mkdir /out && tar -C / -zcf /out/cli.tgz --exclude .git cli
+
+# deb
+FROM --platform=$BUILDPLATFORM ${PKG_BASE_IMAGE} AS build-base-deb
+COPY --from=xx / /
+ARG DEBIAN_FRONTEND="noninteractive"
+RUN --mount=type=cache,sharing=locked,id=build-base-deb-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=build-base-deb-aptcache,target=/var/cache/apt \
+    apt-get update && apt-get install -y bash curl devscripts equivs git
+ENV GOPROXY="https://proxy.golang.org|direct"
+ENV GOPATH="/go"
+ENV GO111MODULE="off"
+ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
+ARG PKG_RELEASE
+RUN <<EOT
+  case "$PKG_RELEASE" in
+    ubuntu2004|ubuntu2204)
+      if [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then
+        rm -f /usr/bin/man
+        dpkg-divert --quiet --remove --rename /usr/bin/man
+      fi
+      ;;
+  esac
+EOT
+
+FROM build-base-deb AS build-deb
+COPY deb /root/package/debian
+ARG TARGETPLATFORM
+RUN --mount=type=cache,sharing=locked,id=build-deb-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=build-deb-aptcache,target=/var/cache/apt \
+    mk-build-deps -t "xx-apt-get -o Debug::pkgProblemResolver=yes -y" -i /root/package/debian/control
+WORKDIR /root/package
+COPY --from=src /src ./cli
+ARG DOCKER_CLI_VERSION
+ARG PKG_RELEASE
+ARG PKG_DISTRO
+ARG PKG_SUITE
+ARG PKG_PACKAGER
+ARG PKG_DEB_REVISION
+ARG PKG_DEB_EPOCH
+ARG SOURCE_DATE_EPOCH
+RUN --mount=type=bind,from=go,source=/usr/local/go,target=/usr/local/go \
+    --mount=type=cache,target=/root/.cache \
+    --mount=type=cache,target=/go/pkg/mod <<EOT
+  set -e
+  mkdir -p /out
+  if [ "$(xx-info arch)" != "$(TARGETPLATFORM= xx-info arch)" ]; then
+    echo "$(xx-info arch) architecture is not supported"
+    exit 0
+  fi
+  export DOCKER_CLI_REVISION=$(git -C ./cli rev-parse HEAD)
+  debVersion=${DOCKER_CLI_VERSION#v}
+  debVersion=$(echo $debVersion | sed "s/-/~/")
+  cat > "debian/changelog" <<-EOF
+docker-ce-cli (${PKG_DEB_EPOCH}$([ -n "$PKG_DEB_EPOCH" ] && echo ":")${debVersion}-${PKG_DEB_REVISION}) $PKG_SUITE; urgency=low
+  * Version: $DOCKER_CLI_VERSION
+ -- $(awk -F ': ' '$1 == "Maintainer" { print $2; exit }' debian/control)  $(date --rfc-2822)
+EOF
+  xx-go --wrap
+  set -x
+  chmod -x debian/compat debian/control debian/docs
+  dpkg-buildpackage -us -uc -a$(xx-info debian-arch) -Pcross,nocheck
+  pkgoutput="/out/${PKG_DISTRO}/${PKG_SUITE}/$(xx-info arch)"
+  if [ -n "$(xx-info variant)" ]; then
+    pkgoutput="${pkgoutput}/$(xx-info variant)"
+  fi
+  mkdir -p "${pkgoutput}"
+  cp /root/docker-* ${pkgoutput}/
+EOT
+
+FROM build-dummy AS builder-deb-darwin
+FROM build-deb AS builder-deb-linux
+FROM build-dummy AS builder-deb-windows
+FROM builder-deb-${TARGETOS} AS builder-deb
+
+# rpm
+FROM --platform=$BUILDPLATFORM ${PKG_BASE_IMAGE} AS build-base-rpm
+COPY --from=xx / /
+ENV GOPROXY="https://proxy.golang.org|direct"
+ENV GOPATH="/go"
+ENV GO111MODULE="off"
+ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
+ARG PKG_RELEASE
+RUN --mount=type=cache,sharing=locked,id=build-base-rpm-dnfcache,target=/var/cache/dnf \
+    --mount=type=cache,sharing=locked,id=build-base-rpm-yumcache,target=/var/cache/yum <<EOT
+  case "$PKG_RELEASE" in
+    centos7|oraclelinux7)
+      [ -f /etc/yum.repos.d/CentOS-Sources.repo ] && sed -i 's/altarch/centos/g' /etc/yum.repos.d/CentOS-Sources.repo
+      yum install -y rpm-build rpmlint
+      ;;
+    centos8)
+      [ -f /etc/yum.repos.d/CentOS-Stream-Sources.repo ] && sed -i 's/altarch/centos/g' /etc/yum.repos.d/CentOS-Stream-Sources.repo
+      [ -f /etc/yum.repos.d/CentOS-Stream-PowerTools.repo ] && sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/CentOS-Stream-PowerTools.repo
+      rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+      dnf install -y rpm-build rpmlint dnf-plugins-core
+      ;;
+    centos9)
+      rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+      dnf install -y rpm-build rpmlint dnf-plugins-core
+      dnf config-manager --set-enabled crb
+      ;;
+    fedora*|oraclelinux8|oraclelinux9)
+      dnf install -y rpm-build rpmlint dnf-plugins-core
+      ;;
+  esac
+EOT
+
+FROM build-base-rpm AS build-rpm
+COPY rpm /root/rpmbuild/SPECS
+ARG TARGETPLATFORM
+RUN --mount=type=cache,sharing=locked,id=build-rpm-dnfcache,target=/var/cache/dnf \
+    --mount=type=cache,sharing=locked,id=build-rpm-yumcache,target=/var/cache/yum <<EOT
+  set -e
+  case "$PKG_RELEASE" in
+    centos7|oraclelinux7)
+      yum-builddep -y /root/rpmbuild/SPECS/*.spec
+      ;;
+    *)
+      dnf builddep -y /root/rpmbuild/SPECS/*.spec
+      ;;
+  esac
+EOT
+WORKDIR /root/rpmbuild
+COPY --from=src-tgz /out/cli.tgz ./SOURCES/
+ARG DOCKER_CLI_VERSION
+ARG PKG_RELEASE
+ARG PKG_DISTRO
+ARG PKG_SUITE
+ARG PKG_PACKAGER
+ARG PKG_RPM_RELEASE
+ARG SOURCE_DATE_EPOCH
+RUN --mount=type=bind,from=go,source=/usr/local/go,target=/usr/local/go \
+    --mount=type=bind,from=src,source=/src,target=/usr/local/src/cli \
+    --mount=type=cache,target=/root/.cache \
+    --mount=type=cache,target=/go/pkg/mod <<EOT
+  set -e
+  mkdir -p /out
+  if [ "$(xx-info arch)" != "$(TARGETPLATFORM= xx-info arch)" ]; then
+    echo "$(xx-info arch) architecture is not supported"
+    exit 0
+  fi
+  rpmVersion=${DOCKER_CLI_VERSION#v}
+  rpmVersion=$(echo $rpmVersion | sed "s/-/~/")
+  xx-go --wrap
+  set -x
+  rpmbuild -ba \
+    --define "_version ${rpmVersion}" \
+    --define "_origversion ${DOCKER_CLI_VERSION#v}" \
+    --define "_release $PKG_RPM_RELEASE" \
+    --define "_commit $(git -C /usr/local/src/cli rev-parse HEAD)" \
+    /root/rpmbuild/SPECS/*.spec
+  pkgoutput="/out/${PKG_DISTRO}/${PKG_SUITE}/$(xx-info arch)"
+  if [ -n "$(xx-info variant)" ]; then
+    pkgoutput="${pkgoutput}/$(xx-info variant)"
+  fi
+  mkdir -p "${pkgoutput}"
+  cp ./RPMS/*/*.* ./SRPMS/* ${pkgoutput}/
+EOT
+
+FROM build-dummy AS builder-rpm-darwin
+FROM build-rpm AS builder-rpm-linux
+FROM build-dummy AS builder-rpm-windows
+FROM builder-rpm-${TARGETOS} AS builder-rpm
+
+# static
+FROM --platform=$BUILDPLATFORM ${PKG_BASE_IMAGE} AS build-base-static
+COPY --from=xx / /
+ARG DEBIAN_FRONTEND
+RUN --mount=type=cache,sharing=locked,id=build-base-static-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=build-base-static-aptcache,target=/var/cache/apt \
+    apt-get update && apt-get install -y --no-install-recommends clang dpkg-dev file git lld llvm pkg-config
+ENV GOPROXY="https://proxy.golang.org|direct"
+ENV GOPATH="/go"
+ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
+ENV CGO_ENABLED="1"
+ARG TARGETPLATFORM
+RUN xx-apt-get install -y binutils gcc libc6-dev libgcc-10-dev pkg-config
+
+FROM build-base-static AS build-static
+ARG TARGETPLATFORM
+ARG DOCKER_CLI_VERSION
+ARG GO_LINKMODE=static
+ARG GO_BUILDTAGS
+ARG GO_STRIP
+ARG CGO_ENABLED
+WORKDIR /go/src/github.com/docker/cli
+RUN --mount=type=bind,from=src,source=/src,target=.,rw \
+    --mount=type=bind,from=go,source=/usr/local/go,target=/usr/local/go,rw \
+    --mount=from=osxsdk,target=/xx-sdk,src=/xx-sdk \
+    --mount=type=tmpfs,target=cli/winresources \
+    --mount=type=cache,target=/root/.cache \
+    --mount=type=cache,target=/go/pkg/mod <<EOT
+  set -ex
+  xx-go --wrap
+  TARGET=/out ./scripts/build/binary
+  [ -L "/out/docker" ] && rm -f /out/docker && mv /out/docker-* /out/docker
+  xx-verify --static /out/docker
+EOT
+
+FROM build-base-static AS builder-static
+ARG DEBIAN_FRONTEND
+RUN --mount=type=cache,sharing=locked,id=build-static-aptlib,target=/var/lib/apt \
+    --mount=type=cache,sharing=locked,id=build-static-aptcache,target=/var/cache/apt \
+    apt-get update && apt-get install -y --no-install-recommends bash file zip tar
+WORKDIR /build
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETVARIANT
+ARG DOCKER_CLI_VERSION
+RUN --mount=type=bind,from=src,source=/src,target=/src \
+    --mount=type=bind,from=build-static,source=/out,target=/build <<EOT
+  set -e
+  pkgoutput="/out/$(xx-info os)/static/$(xx-info arch)"
+  if [ -n "$(xx-info variant)" ]; then
+    pkgoutput="${pkgoutput}/$(xx-info variant)"
+  fi
+  mkdir -p "${pkgoutput}"
+  ls -al
+  for f in *; do
+    pkgname=${f%.*}
+    workdir=$(mktemp -d -t docker-packaging.XXXXXXXXXX)
+    mkdir -p "$workdir/${pkgname}"
+    (
+      set -x
+      cp ${f} /src/LICENSE /src/README.md "$workdir/${pkgname}/"
+    )
+    if [ "$(xx-info os)" = "windows" ]; then
+      (
+        set -x
+        cd "$workdir"
+        zip -r "${pkgoutput}/${pkgname}_${DOCKER_CLI_VERSION#v}.zip" ${pkgname}
+      )
+    else
+      (
+        set -x
+        tar -czf "${pkgoutput}/${pkgname}_${DOCKER_CLI_VERSION#v}.tgz" -C "$workdir" ${pkgname}
+      )
+    fi
+  done
+EOT
+
+FROM builder-${PKG_TYPE} AS build-pkg
+
+FROM scratch AS pkg
+COPY --from=build-pkg /out /
diff --git a/pkg/docker-cli/Makefile b/pkg/docker-cli/Makefile
new file mode 100644
index 00000000..73725ea4
--- /dev/null
+++ b/pkg/docker-cli/Makefile
@@ -0,0 +1,61 @@
+# Copyright 2022 Docker Packaging authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+include ../../vars.mk
+include ../../packages.mk
+
+DESTDIR ?= $(BASEDIR)/bin
+BAKE_DEFINITIONS ?= -f docker-bake.hcl -f ../../packages.hcl
+
+$(info $$BASEDIR = $(BASEDIR))
+$(info $$DOCKER_CLI_REPO = $(DOCKER_CLI_REPO))
+$(info $$DOCKER_CLI_VERSION = $(DOCKER_CLI_VERSION))
+
+.PHONY: all
+all: pkg
+
+.PHONY: pkg
+pkg: pkg-deb pkg-rpm pkg-static
+
+.PHONY: pkg-%
+pkg-%: pkg-%-releases pkg-releases
+	$(MAKE) $(foreach release,$(PKG_RELEASES),build-$(release))
+
+.PHONY: pkg-static
+pkg-static:
+	$(MAKE) build-static
+
+.PHONY: pkg-cross
+pkg-cross: pkg-cross-deb pkg-cross-rpm pkg-cross-static
+
+.PHONY: pkg-%
+pkg-cross-%: pkg-%-releases pkg-releases
+	$(MAKE) $(foreach release,$(PKG_RELEASES),build-cross-$(release))
+
+.PHONY: pkg-cross-static
+pkg-cross-static:
+	$(MAKE) build-cross-static
+
+.PHONY: build-%
+build-%: pkg-info-% pkg-info
+	PKG_RELEASE=$* DESTDIR=$(DESTDIR) docker buildx bake $(BAKE_DEFINITIONS) pkg
+
+.PHONY: build-cross-%
+build-cross-%: pkg-info-% pkg-info
+	$(eval $@_TMP_OUT := $(shell mktemp -d -t docker-packaging.XXXXXXXXXX))
+	PKG_RELEASE=$* DESTDIR=$($@_TMP_OUT) docker buildx bake $(BAKE_DEFINITIONS) pkg-cross
+	mkdir -p $(DESTDIR)
+	find $($@_TMP_OUT) -mindepth 2 -maxdepth 2 -type d -exec cp -rf {} $(DESTDIR)/ ';'
+	find $(DESTDIR) -type d -empty -delete
+	rm -rf "$($@_TMP_OUT)"
diff --git a/pkg/docker-cli/deb/compat b/pkg/docker-cli/deb/compat
new file mode 100644
index 00000000..f599e28b
--- /dev/null
+++ b/pkg/docker-cli/deb/compat
@@ -0,0 +1 @@
+10
diff --git a/pkg/docker-cli/deb/control b/pkg/docker-cli/deb/control
new file mode 100644
index 00000000..2a7297eb
--- /dev/null
+++ b/pkg/docker-cli/deb/control
@@ -0,0 +1,52 @@
+Source: docker-ce-cli
+Section: admin
+Priority: optional
+Maintainer: Docker <support@docker.com>
+Homepage: https://www.docker.com
+Vcs-Browser: https://github.com/docker/cli
+Vcs-Git: git://github.com/docker/cli.git
+Standards-Version: 3.9.6
+Build-Depends: bash,
+               bash-completion,
+               ca-certificates,
+               cmake,
+               dh-apparmor,
+               debhelper (>= 10~) | dh-systemd,
+               gcc,
+               git,
+               libbtrfs-dev | btrfs-tools,
+               libc-dev,
+               libdevmapper-dev,
+               libltdl-dev,
+               libseccomp-dev,
+               libseccomp2,
+               libsystemd-dev,
+               libtool,
+               make,
+               pkg-config
+
+Package: docker-ce-cli
+Architecture: linux-any
+Depends: ${shlibs:Depends}
+# TODO change once we support scan-plugin on other architectures
+Recommends: docker-buildx-plugin,
+            docker-compose-plugin,
+            docker-scan-plugin [amd64]
+Conflicts: docker (<< 1.5~),
+           docker-engine,
+           docker-engine-cs,
+           docker.io,
+           lxc-docker,
+           lxc-docker-virtual-package
+Replaces: docker-ce (<< 5:0)
+Breaks: docker-ce (<< 5:0)
+Description: Docker CLI: the open-source application container engine
+ Docker is a product for you to build, ship and run any application as a
+ lightweight container
+ .
+ Docker containers are both hardware-agnostic and platform-agnostic. This means
+ they can run anywhere, from your laptop to the largest cloud compute instance and
+ everything in between - and they don't require you to use a particular
+ language, framework or packaging system. That makes them great building blocks
+ for deploying and scaling web apps, databases, and backend services without
+ depending on a particular stack or provider.
diff --git a/pkg/docker-cli/deb/docs b/pkg/docker-cli/deb/docs
new file mode 100644
index 00000000..1e89a492
--- /dev/null
+++ b/pkg/docker-cli/deb/docs
@@ -0,0 +1 @@
+cli/README.md
diff --git a/pkg/docker-cli/deb/rules b/pkg/docker-cli/deb/rules
new file mode 100644
index 00000000..5e7c2986
--- /dev/null
+++ b/pkg/docker-cli/deb/rules
@@ -0,0 +1,40 @@
+#!/usr/bin/make -f
+
+# force packages to be built with xz compression, as Ubuntu 21.10 and up use
+# zstd compression, which is non-standard, and breaks 'dpkg-sig --verify'
+override_dh_builddeb:
+	dh_builddeb -- -Zxz
+
+override_dh_auto_build:
+	mkdir -p /go/src/github.com/docker && \
+	ln -snf $(CURDIR)/cli /go/src/github.com/docker/cli && \
+	cd /go/src/github.com/docker/cli && \
+	VERSION=$(DOCKER_CLI_VERSION) GITCOMMIT=$(DOCKER_CLI_REVISION) LDFLAGS='' GO_LINKMODE=dynamic ./scripts/build/binary && \
+	DISABLE_WARN_OUTSIDE_CONTAINER=1 LDFLAGS='' make manpages
+
+override_dh_auto_test:
+	ver="$$(cli/build/docker --version)"; \
+		test "$$ver" = "Docker version $(DOCKER_CLI_VERSION), build $(DOCKER_CLI_REVISION)" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($$ver) did not match" && exit 1)
+
+override_dh_strip:
+	# Go has lots of problems with stripping, so just don't
+
+override_dh_auto_install:
+	install -D -m 0644 cli/contrib/completion/fish/docker.fish debian/docker-ce-cli/usr/share/fish/vendor_completions.d/docker.fish
+	install -D -m 0644 cli/contrib/completion/zsh/_docker debian/docker-ce-cli/usr/share/zsh/vendor-completions/_docker
+	install -D -m 0755 cli/build/docker debian/docker-ce-cli/usr/bin/docker
+
+override_dh_installinit:
+	dh_installinit
+
+override_dh_shlibdeps:
+	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
+
+override_dh_install:
+	dh_install
+
+override_dh_gencontrol:
+	dh_gencontrol --remaining-packages
+
+%:
+	dh $@ --with=bash-completion
diff --git a/pkg/docker-cli/deb/source/format b/pkg/docker-cli/deb/source/format
new file mode 100644
index 00000000..d3827e75
--- /dev/null
+++ b/pkg/docker-cli/deb/source/format
@@ -0,0 +1 @@
+1.0
diff --git a/pkg/docker-cli/docker-bake.hcl b/pkg/docker-cli/docker-bake.hcl
new file mode 100644
index 00000000..d903719a
--- /dev/null
+++ b/pkg/docker-cli/docker-bake.hcl
@@ -0,0 +1,156 @@
+// Copyright 2022 Docker Packaging authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+# Sets the docker cli repo. Will be used to clone the repo at
+# DOCKER_CLI_VERSION ref to include the README.md and LICENSE for the
+# static packages and also create version string.
+variable "DOCKER_CLI_REPO" {
+  default = "https://github.com/docker/cli.git"
+}
+
+# Sets the docker cli helpers version to build from source.
+variable "DOCKER_CLI_VERSION" {
+  default = "v20.10.17"
+}
+
+# Sets Go image, version and variant to use for building
+variable "GO_IMAGE" {
+  default = ""
+}
+variable "GO_VERSION" {
+  default = ""
+}
+variable "GO_IMAGE_VARIANT" {
+  default = ""
+}
+
+# Sets the pkg name.
+variable "PKG_NAME" {
+  default = "docker-ce-cli"
+}
+
+# Sets the list of package types to build: apk, deb, rpm or static
+variable "PKG_TYPE" {
+  default = "static"
+}
+
+# Sets release flavor. See packages.hcl and packages.mk for more details.
+variable "PKG_RELEASE" {
+  default = "static"
+}
+target "_pkg-static" {
+  args = {
+    PKG_RELEASE = ""
+    PKG_TYPE = "static"
+  }
+}
+
+# Sets the vendor/maintainer name (only for linux packages)
+variable "PKG_VENDOR" {
+  default = "Docker"
+}
+
+# Sets the name of the company that produced the package (only for linux packages)
+variable "PKG_PACKAGER" {
+  default = "Docker <support@docker.com>"
+}
+
+# Include an extra `.0` in the version, in case we ever would have to re-build
+# an already published release with a packaging-only change.
+variable "PKG_DEB_REVISION" {
+  default = "0"
+}
+
+# rpm "Release:" field ($rpmRelease) is used to set the "_release" macro, which
+# is an incremental number for builds of the same release (Version: / #rpmVersion)
+# - Version: 0   : Package was built, but no matching upstream release (e.g., can be used for "nightly" builds)
+# - Version: 1   : Package was built for an upstream (pre)release version
+# - Version: > 1 : Only to be used for packaging-only changes (new package built for a version for which a package was already built/released)
+variable "PKG_RPM_RELEASE" {
+  default = "1"
+}
+
+# Defines the output folder
+variable "DESTDIR" {
+  default = ""
+}
+function "bindir" {
+  params = [defaultdir]
+  result = DESTDIR != "" ? DESTDIR : "./bin/${defaultdir}"
+}
+
+group "default" {
+  targets = ["pkg"]
+}
+
+target "_common" {
+  inherits = ["_pkg-${PKG_RELEASE}"]
+  args = {
+    DOCKER_CLI_REPO = DOCKER_CLI_REPO
+    DOCKER_CLI_VERSION = DOCKER_CLI_VERSION
+    GO_IMAGE = GO_IMAGE
+    GO_VERSION = GO_VERSION
+    GO_IMAGE_VARIANT = GO_IMAGE_VARIANT
+    PKG_NAME = PKG_NAME
+    PKG_VENDOR = PKG_VENDOR
+    PKG_PACKAGER = PKG_PACKAGER
+    PKG_DEB_REVISION = PKG_DEB_REVISION
+    PKG_RPM_RELEASE = PKG_RPM_RELEASE
+  }
+}
+
+target "_platforms" {
+  platforms = [
+    "darwin/amd64",
+    "darwin/arm64",
+    "linux/386",
+    "linux/amd64",
+    "linux/arm/v7",
+    "linux/arm64",
+    "linux/ppc64le",
+    "linux/s390x",
+    "windows/amd64"
+  ]
+}
+
+# $ PKG_RELEASE=debian11 docker buildx bake pkg
+# $ docker buildx bake --set *.platform=linux/amd64 --set *.output=./bin pkg
+target "pkg" {
+  inherits = ["_common"]
+  target = "pkg"
+  output = [bindir(PKG_RELEASE)]
+}
+
+# Same as pkg but for all supported platforms
+target "pkg-cross" {
+  inherits = ["pkg", "_platforms"]
+}
+
+# Special target: https://github.com/docker/metadata-action#bake-definition
+target "meta-helper" {
+  tags = ["dockereng/packaging:docker-cli-local"]
+}
+
+# Create release image by using ./bin folder as named context. Therefore
+# pkg-cross target must be run before using this target:
+# $ PKG_RELEASE=debian11 docker buildx bake pkg-cross
+# $ docker buildx bake release --push --set *.tags=docker/packaging:docker-cli-v20.10.17
+target "release" {
+  inherits = ["meta-helper", "_platforms"]
+  dockerfile = "../../release.Dockerfile"
+  target = "release"
+  contexts = {
+    bin-folder = "./bin"
+  }
+}
diff --git a/pkg/docker-cli/rpm/docker-ce-cli.spec b/pkg/docker-cli/rpm/docker-ce-cli.spec
new file mode 100644
index 00000000..242ba93c
--- /dev/null
+++ b/pkg/docker-cli/rpm/docker-ce-cli.spec
@@ -0,0 +1,121 @@
+%global debug_package %{nil}
+
+Name: docker-ce-cli
+Version: %{_version}
+Release: %{_release}%{?dist}
+Epoch: 0
+Source0: cli.tgz
+Summary: The open-source application container engine
+Group: Tools/Docker
+License: ASL 2.0
+URL: https://github.com/docker/cli
+Vendor: Docker
+Packager: Docker <support@docker.com>
+
+Requires: /bin/sh
+Requires: /usr/sbin/groupadd
+
+# CentOS 7 and RHEL 7 do not yet support weak dependencies
+#
+# Note that we're not using <= 7 here, to account for other RPM distros, such
+# as Fedora, which would not have the rhel macro set (so default to 0).
+%if 0%{?rhel} == 7
+Requires: docker-buildx-plugin
+Requires: docker-compose-plugin
+%else
+Recommends: docker-buildx-plugin
+Recommends: docker-compose-plugin
+%endif
+
+# TODO change once we support scan-plugin on other architectures
+%ifarch x86_64
+# CentOS 7 and RHEL 7 do not yet support weak dependencies
+#
+# Note that we're not using <= 7 here, to account for other RPM distros, such
+# as Fedora, which would not have the rhel macro set (so default to 0).
+%if 0%{?rhel} == 7
+Requires: docker-scan-plugin(x86-64)
+%else
+Recommends: docker-scan-plugin(x86-64)
+%endif
+%endif
+
+BuildRequires: gcc
+BuildRequires: git
+BuildRequires: make
+
+Conflicts: docker
+Conflicts: docker-io
+Conflicts: docker-engine-cs
+Conflicts: docker-ee
+Conflicts: docker-ee-cli
+
+%description
+Docker is is a product for you to build, ship and run any application as a
+lightweight container.
+
+Docker containers are both hardware-agnostic and platform-agnostic. This means
+they can run anywhere, from your laptop to the largest cloud compute instance
+and everything in between - and they don't require you to use a particular
+language, framework or packaging system. That makes them great building blocks
+for deploying and scaling web apps, databases, and backend services without
+depending on a particular stack or provider.
+
+%prep
+%setup -q -c -n src -a 0
+
+%build
+mkdir -p /go/src/github.com/docker
+rm -f /go/src/github.com/docker/cli
+ln -snf ${RPM_BUILD_DIR}/src/cli /go/src/github.com/docker/cli
+pushd /go/src/github.com/docker/cli
+VERSION=%{_origversion} GITCOMMIT=%{_commit} GO_LINKMODE=dynamic ./scripts/build/binary && DISABLE_WARN_OUTSIDE_CONTAINER=1 make manpages
+popd
+
+%check
+ver="$(cli/build/docker --version)"; \
+    test "$ver" = "Docker version %{_origversion}, build %{_commit}" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($ver) did not match" && exit 1)
+
+%install
+# install binary
+install -d ${RPM_BUILD_ROOT}%{_bindir}
+install -p -m 755 cli/build/docker ${RPM_BUILD_ROOT}%{_bindir}/docker
+
+# add bash, zsh, and fish completions
+install -d ${RPM_BUILD_ROOT}%{_datadir}/bash-completion/completions
+install -d ${RPM_BUILD_ROOT}%{_datadir}/zsh/vendor-completions
+install -d ${RPM_BUILD_ROOT}%{_datadir}/fish/vendor_completions.d
+install -p -m 644 cli/contrib/completion/bash/docker ${RPM_BUILD_ROOT}%{_datadir}/bash-completion/completions/docker
+install -p -m 644 cli/contrib/completion/zsh/_docker ${RPM_BUILD_ROOT}%{_datadir}/zsh/vendor-completions/_docker
+install -p -m 644 cli/contrib/completion/fish/docker.fish ${RPM_BUILD_ROOT}%{_datadir}/fish/vendor_completions.d/docker.fish
+
+# install manpages
+install -d ${RPM_BUILD_ROOT}%{_mandir}/man1
+install -p -m 644 cli/man/man1/*.1 ${RPM_BUILD_ROOT}%{_mandir}/man1
+install -d ${RPM_BUILD_ROOT}%{_mandir}/man5
+install -p -m 644 cli/man/man5/*.5 ${RPM_BUILD_ROOT}%{_mandir}/man5
+install -d ${RPM_BUILD_ROOT}%{_mandir}/man8
+install -p -m 644 cli/man/man8/*.8 ${RPM_BUILD_ROOT}%{_mandir}/man8
+
+mkdir -p build-docs
+for cli_file in LICENSE MAINTAINERS NOTICE README.md; do
+    cp "cli/$cli_file" "build-docs/$cli_file"
+done
+
+%files
+%doc build-docs/LICENSE build-docs/MAINTAINERS build-docs/NOTICE build-docs/README.md
+%{_bindir}/docker
+%{_datadir}/bash-completion/completions/docker
+%{_datadir}/zsh/vendor-completions/_docker
+%{_datadir}/fish/vendor_completions.d/docker.fish
+%doc
+%{_mandir}/man1/*
+%{_mandir}/man5/*
+%{_mandir}/man8/*
+
+%post
+if ! getent group docker > /dev/null; then
+    groupadd --system docker
+fi
+
+%changelog
diff --git a/vars.mk b/vars.mk
index 5114fb07..8ca89ec8 100644
--- a/vars.mk
+++ b/vars.mk
@@ -20,14 +20,21 @@ export GO_IMAGE_VARIANT ?= buster
 export PKG_VENDOR ?= Docker
 export PKG_PACKAGER ?= Docker <support@docker.com>
 
+export DOCKER_CLI_REPO ?= https://github.com/docker/cli.git
 export BUILDX_REPO ?= https://github.com/docker/buildx.git
 export COMPOSE_REPO ?= https://github.com/docker/compose.git
 export CREDENTIAL_HELPERS_REPO ?= https://github.com/docker/docker-credential-helpers.git
 
+export DOCKER_CLI_VERSION ?= v20.10.17
 export BUILDX_VERSION ?= v0.9.1
 export COMPOSE_VERSION ?= v2.10.2
 export CREDENTIAL_HELPERS_VERSION ?= v0.7.0-beta.1
 
+
+.PHONY: docker-cli-version
+docker-cli-version:
+	@echo $(DOCKER_CLI_VERSION)
+
 .PHONY: buildx-version
 buildx-version:
 	@echo $(BUILDX_VERSION)