@tonistiigi @crazy-max Can we merge this, or is the master branch not thawed yet for v29.5?

@AkihiroSuda Yes LGTM

PTAL @thaJeztah @vvoland

@AkihiroSuda is the vendor code compatible with v2? If so, we can already bring in the vendor changes, then do the binary update for v29.5

is the vendor code compatible with v2?

Expected to be compatible with v2, but basically it should be used in conjunction with the v3 binary

Rebased

Rerebased

I think this should be ready to go now 😅 #50221 (comment)

One last check before we merge;

is the vendor code compatible with v2?

Expected to be compatible with v2, but basically it should be used in conjunction with the v3 binary

Should we have a separate PR for the binary update to verify that updating the vendor without updating the binary works, and vice-versa?

We must likely account for;

• existing docker installs to update rootlesskit to v3 (so v2 client and v3 rootlesskit)
• docker v29.5 daemons running with an outdated (v2) rootlesskit

For the last one, we can update our packaging to require version X, but that's not done yet; https://github.com/docker/packaging/blob/cbccfd8169ad821b1e085d8324cc7ce252afc998/pkg/docker-engine/deb/control#L30

This PR now only updates the binary.

The go library is being updated in:

• go.mod: github.com/rootless-containers/rootlesskit/v3 v3.0.0 #52456

Thanks! Let's have CI have its run (we need to re-kick some probably GitHub flakiness), then ready to go from my perspective.

Docs PR

• engine/security/rootless: update for Docker Engine v29.5 docker/docs#24645