Adding debian version 4.9.3+ds1-1.debian/4.9.3+ds1-1debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

45 files changed, 2402 insertions, 0 deletions

diff --git a/debian/.gitlab-ci.yml b/debian/.gitlab-ci.yml
new file mode 100644
index 0000000..00014e4
--- /dev/null
+++ b/debian/.gitlab-ci.yml
@@ -0,0 +1,14 @@
+# cf. https://salsa.debian.org/salsa-ci-team/pipeline/
+---
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+variables:
+  SALSA_CI_DISABLE_APTLY: 1
+  # make pipeline work for experimental, remove when all deps are in unstable
+  RELEASE: experimental
+  SALSA_CI_DISABLE_AUTOPKGTEST: 1
+  SALSA_CI_DISABLE_REPROTEST: 1
+  SALSA_CI_DISABLE_CROSSBUILD_ARM64: 1
+
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 0000000..63ececb
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,37 @@
+libpod (4.6.2+ds1-1) unstable; urgency=medium
+
+  Podman 4.6 changes the default storage driver from vfs to overlay.
+  The overlay driver has been available for some time, but it had to be
+  enabled explicitly in the Debian version of podman. The overlay driver
+  is generally much faster and uses less disk space than the vfs driver.
+
+  To take advantage of overlay, it's necessary to delete the local
+  container storage, destroying any containers you may currently
+  have. Make sure to save or export any images, containers and volumes
+  before doing so, or you will lose them!
+
+  Some helpful commands:
+
+  # save the filesystem of a container
+  podman export -o important-container.tar important_container
+  # save a volume
+  podman volume export -o important-volume.tar important_volume
+  # save all container images
+  podman save -o images.tar
+
+  # delete ~/.local/share/containers (!!!)
+
+  # check that podman is using the overlay driver (!)
+  podman info | grep graphDriverName
+
+  # re-import all container images
+  podman load -i images.tar
+  # re-import a saved container filesystem as a container image
+  podman import important-container.tar
+  # re-import a volume
+  podman volume import important_volume important-volume.tar
+
+  Notes gracefully provided by Gregor Riepl <onitake@gmail.com>
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 18 Sep 2023 17:43:52 -0400
+
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000..82e8137
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,45 @@
+Troubleshooting rootless mode
+=============================
+
+> Error processing tar file(exit status 1): there might not be enough IDs
+> available in the namespace (requested 0:42 for /etc/gshadow):
+> lchown/etc/gshadow: invalid argument
+
+This probably means that _subuid_ range is not defined in the "/etc/subuid"
+file. On up-to-date system subuid/subgid ranges are automatically assigned
+when a new user is added (e.g. `adduser {USER}`) but on systems upgraded
+from prior Debian releases {USER} created in old environment before upgrade
+may not have _subuid_ mapping.
+
+"usermod" command have "--add-subuids" and "--add-subgids" options but it
+does not check "/etc/login.defs" for ranges.
+An awkward solution may be to add a new temporary user, apply her ranges to
+{USER} (in "/etc/subuid" and in "/etc/subgid") then remove a temporary user
+(e.g. `deluser --remove-home {USER}`).
+
+The following command show the subuids and subgids of the current user:
+
+    grep $USER /etc/s*id
+
+Configuration
+=============
+
+Podman configuration files are in "/etc/containers".
+
+Please review "/etc/containers/policy.json" (provided by package "buildah")
+and check the corresponding man page for details:
+
+    containers-policy.json(5)
+
+
+Kernel options
+==============
+
+We higly recommended to add "swapaccount=1" to default Linux boot options
+(e.g. "/etc/default/grub" :: "GRUB_CMDLINE_LINUX_DEFAULT").
+
+    sudo dpkg-reconfigure grub-pc
+
+Then add "swapaccount=1" to "Linux default command line".
+
+ -- Reinhard Tartler <siretart@tauware.de>, Sun, 28 Jan 2024 07:38:28 -0500
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..2828261
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,904 @@
+libpod (4.9.3+ds1-1) unstable; urgency=medium
+
+  * New upstream release
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 13 Feb 2024 20:52:08 -0500
+
+libpod (4.9.2+ds1-2) unstable; urgency=medium
+
+  * Upload to unstable
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 06 Feb 2024 19:05:37 -0500
+
+libpod (4.9.2+ds1-1) experimental; urgency=medium
+
+  * New Upstream release, Closes: #1062529
+    - Fixes: CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653.
+  * Tighten dependencies on containers/{image,common,buildah}
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 06 Feb 2024 11:17:43 -0500
+
+libpod (4.9.0+ds1-2) unstable; urgency=medium
+
+  * Upload to unstable
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 25 Jan 2024 06:47:15 -0500
+
+libpod (4.9.0+ds1-1) experimental; urgency=medium
+
+  * New upstream release, closes: #1061383
+  * Build against buildah 1.33.3
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 23 Jan 2024 18:14:02 -0500
+
+libpod (4.8.3+ds1-2) unstable; urgency=medium
+
+  * Upload to unstable
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 21 Jan 2024 17:27:25 -0500
+
+libpod (4.8.3+ds1-1) experimental; urgency=medium
+
+  * New upstream release, Closes: #1057618
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 21 Jan 2024 08:42:13 -0500
+
+libpod (4.7.2+ds1-2) unstable; urgency=medium
+
+  * upload to unstable
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 03 Nov 2023 06:16:15 -0400
+
+libpod (4.7.2+ds1-1) experimental; urgency=medium
+
+  [ Faidon Liambotis ]
+  * Remove a superfluous stanza from d/copyright.
+  * Drop fuse-overlayfs Suggests, as the kernel overlayfs driver can be used
+    with rootless containers since Linux v5.13 and is now recommended.
+  * Remove versioned Depends/Recommends/Breaks for versions that predate
+    oldstable (bullseye).
+  * Ship the new podmansh login shell. See podmansh(1) for a detailed
+    description of this new tool. Note that this is still considered a
+    technology preview by upstream.
+
+  [ Reinhard Tartler ]
+  * New upstream release
+  * Drop all vendored libraries, but a single file that is copied in.
+    - Fixed https://github.com/moby/moby/security/advisories/GHSA-jq35-85cj-fj4p
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 02 Nov 2023 17:57:39 -0400
+
+libpod (4.7.1+ds4-5) unstable; urgency=medium
+
+  * avoid file conflict with podman-compose
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 27 Oct 2023 14:58:33 -0400
+
+libpod (4.7.1+ds4-4) unstable; urgency=medium
+
+  * Upload to unstable
+  * Build against golang-github-checkpoint-restore-go-criu-dev v6
+  * drop patches merged upstream
+  * drop disable-sigstore.patch
+  * avoid file conflicts with docker-compose (Closes: #1054460)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 27 Oct 2023 14:01:53 -0400
+
+libpod (4.7.1+ds4-3) experimental; urgency=medium
+
+  * align test invocation with upstream makefile to fix FTBFS
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 23 Oct 2023 09:39:59 -0400
+
+libpod (4.7.1+ds4-2) experimental; urgency=medium
+
+  * more reliable way to build podman-machine
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 23 Oct 2023 06:58:01 -0400
+
+libpod (4.7.1+ds4-1) experimental; urgency=medium
+
+  * New upstream release (Closes: #1053131)
+  * Refresh patches
+  * Tighten dependencies
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 16 Oct 2023 08:37:48 -0400
+
+libpod (4.6.2+ds1-4) unstable; urgency=medium
+
+  [ Anthony Fok ]
+  * [backport] libpod: move oom_score_adj clamp to init
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 22 Oct 2023 17:24:16 -0400
+
+libpod (4.6.2+ds1-3) unstable; urgency=medium
+
+  [ Konstantin Demin ]
+  * [backport] fix mount of cgroup without a netns
+
+  [ Reinhard Tartler ]
+  * [backport] linux, rootless: clamp oom_score_adj if it is too low
+  * podman: Add passt as recommends (Closes: #1052449)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Oct 2023 15:09:22 -0400
+
+libpod (4.6.2+ds1-2) unstable; urgency=medium
+
+  * Upload to unstable
+  * Add migration notes for vfs to overlay migration. Wording provided by:
+    Gregor Riepl <onitake@gmail.com>, Closes: #1050993
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 20 Sep 2023 13:00:37 -0400
+
+libpod (4.6.2+ds1-1) experimental; urgency=medium
+
+  * New upstream release.
+  * Tighten dependencies
+  * Refresh patches
+  * drop remove-uber-jaeger-client-go.patch, merged upstream
+  * add revert-newer-docker2.patch, additional work to avoid dependency
+    on newer docker
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 17 Sep 2023 10:20:03 -0400
+
+libpod (4.5.1+ds1-2) unstable; urgency=medium
+
+  * Upload to unstable
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 09 Sep 2023 18:52:10 -0400
+
+libpod (4.5.1+ds1-1) experimental; urgency=medium
+
+  [ Faidon Liambotis ]
+  * New upstream release.
+  * Backport an upstream patch from v4.6.0 to remove the uber/jaeger-client-go
+    dependency, and unvendor the code.
+  * Add debian/copyright stanzas for the three remaining vendored libraries.
+
+  [ Reinhard Tartler ]
+  * Upload to experimental
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 07 Sep 2023 18:14:11 -0400
+
+libpod (4.5.0+ds2-1) experimental; urgency=medium
+
+  [ Reinhard Tartler ]
+  * New upstream release
+    - Prefers overlay storage driver over vfs, Closes: #1050993, 1038414
+    - which makes non-standard vfs options unnecessary, Closes: #1002997
+  * Install quadlet, Closes: #1034539
+  * Move fuse-overlayfs to Suggests, Closes: #1041050
+  * Unvendor some additional sources
+  * Build against vbauerster/mpb8, and drop patch vbauerster_mbp_7
+  * Disable ostree support
+
+  [ Faidon Liambotis ]
+  * Add myself to Uploaders.
+  * Update long description using upstream's latest verbiage.
+  * Bump Standards-Version to 4.6.2, no changes needed.
+  * Drop upstream patches:
+    - test--skip-issue-17366, as the underlying issue was fixed upstream.
+    - generate-crash, as it was unused, and a backport of a v4.0 commit.
+  * Call "make clean" during clean, to clean up generated documentation files
+    and restore the source tree to its pristine form, Closes: #1045188
+  * Install usr/share/user-tmpfiles.d/podman-docker.conf, Closes: #1034026
+  * Pass --no-source to dh_auto_build, and re-enable dh_missing
+    --fail-missing.
+  * Ship podman-remote's documentation, i.e. the podman-remote.1 manpage and
+    remote_client.md, in the podman-remote package.
+  * Ship podman-remote's bash completion.
+  * Move rootlessport and quadlet from /usr/lib/ to /usr/libexec/.
+  * Ship an empty /etc/containers/systemd directory, where container files can
+    be written for the systemd generator (quadlet) to pick them up.
+  * debian/copyright:
+    - Update to recent sources and remove obsolete entries and comments.
+    - Remove stanzas for now un-vendored code.
+    - Remove unused license stanzas: ISC and BSD-3-clause.
+    - Update debian/ copyright to latest authors
+    - Use "podman" in Upstream-Name and Source, to reflect an upstream change.
+  * debian/upstream/metadata:
+    - Replace invalid "Homepage" field by Repository/Repository-Browse.
+    - Add the Changelog field, pointing to the upstream release notes.
+  * Update debian/watch to point to /tags rather than /releases, as GitHub's
+    releases page now requires JavaScript.
+  * Rename the builtin_tests autopkgtest name to builtin-tests, as underscores
+    are invalid in test names (addresses illegal-runtime-test-name warning).
+  * Add a debian/gbp.conf config file, allowing to use standardized
+    git-buildpackage tools to update to newer versions.
+  * Resort and wrap debian/control using wrap-and-sort -ast.
+  * Remove unused source-includes-file-in-files-excluded lintian override.
+  * Add an absolute-symbolic-link-target-in-source lintian override, for the
+    "containerignore-symlink" e2e test, as that is harmless and clearly
+    intentional.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 05 Sep 2023 21:33:43 -0400
+
+libpod (4.4.0+ds1-2) experimental; urgency=medium
+
+  [ Norbert Lange ]
+  * Build and install podman-remote, Closes: #1020540
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 12 Apr 2023 07:07:55 -0400
+
+libpod (4.4.0+ds1-1) experimental; urgency=medium
+
+  * New upstream version
+  * Disable failing test, cf. https://github.com/containers/podman/issues/17366
+  * disable sigstore functionalty, will be reenabled when the packages enters
+    Debian
+  * bump dependency on containers/{image,common,buildah}
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 04 Feb 2023 14:31:59 -0500
+
+libpod (4.3.1+ds1-8) unstable; urgency=medium
+
+  * [upstream] unbreak using docker as client
+  * debian/control: tighten dependencies against buildah (Closes: #1034871)
+  * [upstream] system reset: show graphRoot/runRoot before removal
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 30 Apr 2023 08:19:54 -0400
+
+libpod (4.3.1+ds1-7) unstable; urgency=medium
+
+  * [upstream] volume,container: chroot to source before exporting content
+    (Closes: #1032099), Fixes: CVE-2023-0778
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 10 Apr 2023 18:39:24 -0400
+
+libpod (4.3.1+ds1-6) unstable; urgency=medium
+
+  * Team upload
+
+  [ Reinhard Tartler ]
+  * Re-enable builtin tests, but mark as flaky
+
+  [ Shengjing Zhu ]
+  * Replace golang-github-uber-go-atomic-dev with golang-go.uber-atomic-dev
+  * Drop unused golang-github-{influxdata,hpcloud}-tail-dev in Build-Depends
+  * Replace golang-ginkgo-dev with golang-github-onsi-ginkgo-dev
+
+ -- Shengjing Zhu <zhsj@debian.org>  Sun, 26 Feb 2023 21:41:30 +0800
+
+libpod (4.3.1+ds1-5) unstable; urgency=medium
+
+  * Drop golang-github-containers-libpod-dev
+  * Add a simple smoketest
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 27 Nov 2022 12:25:39 -0500
+
+libpod (4.3.1+ds1-4) unstable; urgency=medium
+
+  * upload to unstable
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 24 Nov 2022 15:35:49 -0500
+
+libpod (4.3.1+ds1-3) experimental; urgency=medium
+
+  * debian/rules: make the previous change to build machine/qemu only
+    on supported architecture actually work
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 22 Nov 2022 17:49:12 -0500
+
+libpod (4.3.1+ds1-2) experimental; urgency=medium
+
+  * Build machine/qemu only on amd64, arm64, fixes FTBFS
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 14 Nov 2022 07:33:14 -0500
+
+libpod (4.3.1+ds1-1) experimental; urgency=medium
+
+  * New upstream release
+    - Add container GID to additional groups,
+      fixes CVE-2022-2989, closes: #1019591
+  * Bugfix: Subordinate UID/GID ranges not fetched from libsubid,
+    Thanks to Sam Morris <sam@robots.org.uk> for the patch, closes: #1019929
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 13 Nov 2022 12:27:53 -0500
+
+libpod (4.2.0+ds1-3) experimental; urgency=medium
+
+  * Force using golang-go to avoid compilation failures with gcc-go
+  * Confirmed updated components allow podman to work, thanks to
+    Bastian Blank (Closes: #1012053), and is compiled against a
+    containers/common that is more mindful regarding foreign-arch
+    images (Closes: #1009376)
+  * Confirmed fix: "starting rootless container fails with: can't get final
+    child's PID from pipe: EOF", code change likely already in 4.1
+    thanks to Gabriel Filion (Closes: #1007022).
+  * Make podman recommend 'dbus-user-session', Closes: #1009747
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 19 Aug 2022 09:43:54 +0200
+
+libpod (4.2.0+ds1-2) experimental; urgency=medium
+
+  * tighten dependency on golang-github-opencontainers-runc-dev
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 17 Aug 2022 18:51:09 +0200
+
+libpod (4.2.0+ds1-1) experimental; urgency=medium
+
+  * New upstream release
+  * drop patches merged upstream
+  * add distro patch to use system 'goimports' utility
+  * tighten dependencies
+  * hooks/docs no longer provides section 5 manpages
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 17 Aug 2022 15:37:36 +0200
+
+libpod (4.1.1+ds1-3) experimental; urgency=medium
+
+  * reorganize dependencies for networking stack
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 05 Aug 2022 20:47:56 +0200
+
+libpod (4.1.1+ds1-2) experimental; urgency=medium
+
+  * organize GOLANG_EXCLUDES and GOLANG_TEST_EXCLUDES
+  * add patches fix-test-TestEnvVarValue-NN.patch, fixes
+    Test failures for !amd64, !arm64 Closes: #1014309
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 04 Jul 2022 12:07:31 -0400
+
+libpod (4.1.1+ds1-1) experimental; urgency=medium
+
+  * New upstream release
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 03 Jul 2022 17:33:34 -0400
+
+libpod (4.1.0+ds2-2) experimental; urgency=medium
+
+  * Avoid building podman/pkg/machine/e2e on all architectures
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 19 May 2022 16:31:29 -0400
+
+libpod (4.1.0+ds2-1) experimental; urgency=medium
+
+  * New upstream release
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 19 May 2022 06:42:45 -0400
+
+libpod (4.0.3+ds1-1) experimental; urgency=medium
+
+  [ Antonio Terceiro ]
+  * Stop installing systemd socket units under /usr/lib, Closes: #1009374
+
+  [ Reinhard Tartler ]
+  * New upstream release
+  * Skip installation of podman-remote(1), Closes: #1000521
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 16 Apr 2022 06:41:11 -0400
+
+libpod (4.0.1+ds1-3) experimental; urgency=medium
+
+  * Fix installation of systemd units
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 06 Mar 2022 17:16:32 -0500
+
+libpod (4.0.1+ds1-2) experimental; urgency=medium
+
+  * Install rootlessport, Closes: #1006426
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 25 Feb 2022 12:47:27 -0500
+
+libpod (4.0.1+ds1-1) experimental; urgency=medium
+
+  * New upstream release
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 23 Feb 2022 21:43:55 -0500
+
+libpod (4.0.0~rc5+ds1-1) experimental; urgency=medium
+
+  * New upstream release, closes: #1003486
+  * Bug fix: "podman-restart missing from podman package", thanks to Jelle
+    van der Waa (Closes: #1001780).
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 21 Feb 2022 20:44:22 -0500
+
+libpod (3.4.7+ds1-3) unstable; urgency=medium
+
+  * backport upstream patch to avoid runtime crash,
+    Closes: #1010000 for real this time.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 24 Apr 2022 08:07:13 -0400
+
+libpod (3.4.7+ds1-2) unstable; urgency=medium
+
+  * Rebuild against opencontainers/runtime-tools >> 0.9.0+git20220423,
+    Closes: #1010000
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 23 Apr 2022 10:19:28 -0400
+
+libpod (3.4.7+ds1-1) unstable; urgency=medium
+
+  * New upstream release.
+    - Fixes:  CVE-2022-1227
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 21 Apr 2022 16:09:59 -0400
+
+libpod (3.4.6+ds1-1) unstable; urgency=medium
+
+  * New upstream release
+    - Fixes: CVE-2022-27191, CVE-2022-27649
+  * Fix installation of systemd units
+
+  [ Antonio Terceiro ]
+  * Stop installing systemd socket units under /usr/lib (Closes: #1009374)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 14 Apr 2022 07:11:33 -0400
+
+libpod (3.4.4+ds1-1) unstable; urgency=medium
+
+  * New upstream release
+    Confirming that CVE-2021-4024 is fixed in 3.4.3, Closes: #1000844
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 25 Dec 2021 19:48:14 -0500
+
+libpod (3.4.3+ds1-1) unstable; urgency=medium
+
+  * New upstream release, Closes: #1001321
+    - podman machine spawns gvproxy with port binded to all IPs,
+      Closes: #1000844
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 24 Dec 2021 14:40:01 -0500
+
+libpod (3.4.2+ds1-1) unstable; urgency=medium
+
+  * New upstream release
+  * Compile against system github.com/dtylman/scp
+  * Revert upstream commit that requires newer godbus than we currently
+    have in unstable
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 17 Nov 2021 14:30:31 -0500
+
+libpod (3.4.1+ds1-2) unstable; urgency=medium
+
+  * Upload to unstable
+  * podman: Install tmpfiles.d/podman.conf, Closes: #995586
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 26 Oct 2021 18:20:56 -0400
+
+libpod (3.4.1+ds1-1) experimental; urgency=medium
+
+  * New upstream release
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 25 Oct 2021 13:58:58 -0400
+
+libpod (3.4.0+ds1-1) experimental; urgency=medium
+
+  * New upstream release
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 08 Oct 2021 16:19:40 -0400
+
+libpod (3.3.1+ds2-1) unstable; urgency=medium
+
+  * New upstream release
+    - drop coreos/{go-iptables,go-systemd}
+  * Drop unneeded dependency on golang-github-openshift-api-dev
+  * Bump Standards-Version, no changes needed
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 07 Sep 2021 11:53:40 +0200
+
+libpod (3.3.0+ds2-2) unstable; urgency=medium
+
+  * Apply missing patches that were forgotten in the last merge
+    from experimental:
+    - Prefer crun over runc
+    - Add depends in iptables
+  * Upstream improved documentation on requirements for rootless,
+    Closes: #983395
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 04 Sep 2021 18:57:31 +0200
+
+libpod (3.3.0+ds2-1) unstable; urgency=medium
+
+  * New upstream release, Closes: #992138, #992142
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 30 Aug 2021 12:37:34 +0200
+
+libpod (3.2.3+ds1-1) experimental; urgency=medium
+
+  * New upstream releases, Closes: #991197
+  * Bump dependency on golang-github-containers-common,buildah
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 20 Jul 2021 18:22:50 -0400
+
+libpod (3.2.2+ds1-1) experimental; urgency=medium
+
+  * New upstream releases, Closes: #990333
+  * Bump dependency on golang-github-containers-common
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 28 Jun 2021 08:15:51 -0400
+
+libpod (3.2.1+ds1-2) experimental; urgency=medium
+
+  * Provide 'podman-docker' package, Closes: #984770
+  * Tighten build dependency on golang-golang-x-net-dev
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 15 Jun 2021 13:41:46 -0400
+
+libpod (3.2.1+ds1-1) experimental; urgency=medium
+
+  * New upstream release
+  * Tighten build-depends on golang-github-containers-common-dev
+    and golang-github-containers-buildah-dev
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 14 Jun 2021 14:08:01 -0400
+
+libpod (3.2.0+ds5-2) experimental; urgency=medium
+
+  * Add patch from upstream to fix FTBFS on !(arm64, amd64)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 12 Jun 2021 07:07:45 -0400
+
+libpod (3.2.0+ds5-1) experimental; urgency=medium
+
+  * New upstream release
+  * Install zsh completions (Closes: #989411)
+  * Disable LTO, cf. https://wiki.debian.org/ToolChain/LTO
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 08 Jun 2021 17:33:43 -0400
+
+libpod (3.1.2+ds1-2) experimental; urgency=medium
+
+  * add missing vendored files included in tarball
+  * (explicitly) build-depend on golang-github-moby-term-dev
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 31 May 2021 09:55:52 -0400
+
+libpod (3.1.2+ds1-1) experimental; urgency=medium
+
+  * New upstream release
+  * Drop dependency on golang-github-seccomp-containers-golang-dev,
+    Closes: #988445
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 28 May 2021 17:57:28 -0400
+
+libpod (3.1.0+ds1-1) experimental; urgency=medium
+
+  * New upstream release
+  * Reorganized git source layout. Drop a number of vendored libraries
+    (in favor of versions from the Debian archive)
+    - github.com/go-logr/logr
+    - github.com/moby/term
+    - github.com/nxadm/tail
+    - github.com/willf/bitset
+    - go.etcd.io/bbolt
+    - google.golang.org/protobuf
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 03 Apr 2021 16:28:54 -0400
+
+libpod (3.0.1+dfsg1-3) unstable; urgency=medium
+
+  * Add networking-lookup-child-IP-in-networks.patch, fixes rootless
+    connection issue "Connection reset by peer", Closes: #989803
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 13 Jun 2021 18:28:49 -0400
+
+libpod (3.0.1+dfsg1-2) unstable; urgency=medium
+
+  * Prefer crun over runc, Closes: #985379
+  * Add depends in iptables, Closes: #987207
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 21 Apr 2021 17:36:07 -0400
+
+libpod (3.0.1+dfsg1-1) unstable; urgency=medium
+
+  * New upstream release
+  * debian/control: tighten dependencies
+  * drop inspect-volume-data.patch, merged upstream
+  * Use packaged version of ocicrypt
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 24 Feb 2021 06:46:17 -0500
+
+libpod (3.0.0+dfsg1-2) unstable; urgency=medium
+
+  * Adjust dependencies on containers/{storage,image,common,buildah}
+    as discussed with upstream
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 12 Feb 2021 08:42:39 -0500
+
+libpod (3.0.0+dfsg1-1) unstable; urgency=medium
+
+  * New upstream release
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 12 Feb 2021 06:12:02 -0500
+
+libpod (3.0.0~rc3+dfsg1-1) experimental; urgency=medium
+
+  * New upstream release
+  * Cleanup varlink service, closes: #981708
+  * Tighten dependency on buildah to pickup fix for caching bug,
+    closes: #982467
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 10 Feb 2021 06:54:28 -0500
+
+libpod (3.0.0~rc2+dfsg1-2) unstable; urgency=medium
+
+  * Upload to unstable
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 02 Feb 2021 17:21:00 -0500
+
+libpod (3.0.0~rc2+dfsg1-1) experimental; urgency=medium
+
+  * New upstream release
+  * Install auto-update systemd units
+  * debian/copyright: more updates
+  * Install auto-update systemd units
+  * systemd: Don't enable podman-auto-update.service in default.target
+    (Closes: #981097)
+  * Pass buildtags also go test invocation to unbreak autopkgtests when
+    run as root
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sat, 30 Jan 2021 22:17:33 -0500
+
+libpod (3.0.0~rc1+dfsg1-1) experimental; urgency=medium
+
+  * New upstream version
+  * Drop varlink references, dropped upstream
+  * Remove confusing line (Closes: #980480)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 24 Jan 2021 11:16:44 -0500
+
+libpod (2.2.1+dfsg1-1) experimental; urgency=medium
+
+  * New upstream version
+  * drop cobra-spf13-api.patch, no longer needed
+  * Rely on upstream's build scripts to install manpages (Closes: #977502)
+  * Remove conflicting manpage container-mounts(5), Closes: #977502
+  * drop old-docker-api.patch, no longer needed
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 18 Dec 2020 07:16:27 -0500
+
+libpod (2.2.0+dfsg1-1) experimental; urgency=medium
+
+  * debian/changelog: Bump to libpod 2.2.0
+  * Refresh distro patches
+  * debian/control: Tighten build-dependency on buildah
+  * add cobra-spf13-api.patch
+  * debian/copyright: manual updates
+  * podman: Add depends on golang-github-containernetworking-plugin-dnsname
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 08 Dec 2020 15:45:22 -0500
+
+libpod (2.1.1+dfsg1-7) unstable; urgency=medium
+
+  * Pass buildtags also go test invocation to unbreak autopkgtests
+    on machines that run as real root.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 01 Feb 2021 06:43:56 -0500
+
+libpod (2.1.1+dfsg1-6) unstable; urgency=medium
+
+  * debian/rules: Remove confusing line (Closes: #980480)
+  * systemd: Don't enable podman-auto-update.service in default.target
+    (Closes: #981097)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 26 Jan 2021 21:51:00 -0500
+
+libpod (2.1.1+dfsg1-5) unstable; urgency=medium
+
+  * Install auto-update systemd units
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 25 Jan 2021 07:49:44 -0500
+
+libpod (2.1.1+dfsg1-4) unstable; urgency=medium
+
+  * Ignore containers.conf sysctl when namespaces set to host
+    (Closes: #979313)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Wed, 06 Jan 2021 20:48:36 -0500
+
+libpod (2.1.1+dfsg1-3) unstable; urgency=medium
+
+  [ Dmitry Smirnov ]
+  * Tightened versioned dependency on "containernetworking-plugins".
+
+  [ Reinhard Tartler ]
+  * debian/copyright: various cleanups
+  * Fix handling of Ambient/Inheritable caps for non root user, Closes: #977717
+  * Rely on upstream's build scripts to install manpages
+  * Remove conflicting manpage container-mounts(5), Closes: #977502
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 22 Dec 2020 13:00:57 -0500
+
+libpod (2.1.1+dfsg1-2) unstable; urgency=medium
+
+  [ Reinhard Tartler ]
+  * Install runc by default, Closes: #971253
+  * Builds against structured-merge-diff/v4, Closes: #976410
+
+  [ Antonio Terceiro ]
+  * Recommend catatonit before the other inits (Closes: #971815)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 07 Dec 2020 06:56:09 -0500
+
+libpod (2.1.1+dfsg1-1) unstable; urgency=medium
+
+  [ Reinhard Tartler ]
+  * New upstream release: 2.1.1
+  * golang-github-containers-libpod-dev: expose golang sources
+  * debian/copyright: update using cme update dpkg-copyright
+
+  [ Arnaud Rebillout ]
+  * Unvendor sigs.k8s.io/yaml
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 27 Nov 2020 12:45:58 -0500
+
+libpod (2.0.6+dfsg1-2) unstable; urgency=medium
+
+  * Restored io.podman/varlink interface, which is still in use by
+    nomad-driver-podman.
+
+ -- Dmitry Smirnov <onlyjob@debian.org>  Thu, 22 Oct 2020 21:33:07 +1100
+
+libpod (2.0.6+dfsg1-1) unstable; urgency=medium
+
+  * New upstream release
+  * debian/copyright: cleanups
+  * drop malformed lintian override
+  * Bump standard version, no changes needed
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 14 Sep 2020 15:35:01 -0400
+
+libpod (2.0.4+dfsg2-5) unstable; urgency=medium
+
+  * Team upload.
+  * Upload to unstable
+
+ -- Shengjing Zhu <zhsj@debian.org>  Sun, 23 Aug 2020 02:42:00 +0800
+
+libpod (2.0.4+dfsg2-4) experimental; urgency=medium
+
+  * Team upload.
+  * Tighten buildah Build-Depends version
+
+ -- Shengjing Zhu <zhsj@debian.org>  Thu, 20 Aug 2020 02:54:27 +0800
+
+libpod (2.0.4+dfsg2-3) experimental; urgency=medium
+
+  * Team upload.
+
+  [ Reinhard Tartler ]
+  * Add more notes on how to get started with Debian kernels
+
+  [ Shengjing Zhu ]
+  * Add patch to fix build with new runc
+
+ -- Shengjing Zhu <zhsj@debian.org>  Thu, 20 Aug 2020 01:00:02 +0800
+
+libpod (2.0.4+dfsg2-2) unstable; urgency=medium
+
+  [ Martin Pitt ]
+  * Bump conmon dependency
+
+  [ Dmitry Smirnov ]
+  * Harmonize repacksuffix to fix CI.
+  * Tighten recommendation on fuse-overlayfs (>= 1.0.0~).
+
+  [ Reinhard Tartler ]
+  * Bug fix: "Breaks docker", thanks to Jan Hudec (Closes: #968207).
+    - No longer create symlink /run/docker.sock to avoid interfering
+      with the docker daemon. Users that wish to replace the docker
+      daemon with podman are advised to install the symlink themselves
+      and arrange appropriate permissions for podman.sock.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 11 Aug 2020 07:41:44 -0400
+
+libpod (2.0.4+dfsg2-1) unstable; urgency=medium
+
+  * Vendor in protobuf 3 to workaround #961814
+  * Remove "insanity workaround" related to protobuf
+  * Hand in forgotten changelog entry in 2.0.4+dfsg1-1
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 03 Aug 2020 07:20:45 -0400
+
+libpod (2.0.4+dfsg1-1) unstable; urgency=medium
+
+  * New upstream release
+  * No longer install /etc/containers/libpod.conf (Closes: #961016)
+      This file is deprecated in version 2.0 and is superseeded by
+      /etc/containers/containers.conf, which is provided by the
+      golang-github-containers-common package. The old file hardcodes
+      a default OCI runtime that breaks in default installations.
+  * Fixed REST API regression (Closes: #966501)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 30 Jul 2020 07:12:41 -0400
+
+libpod (2.0.3+dfsg1-1) unstable; urgency=medium
+
+  * Team upload.
+  * New upstream release
+  * Install systemd helper files in favor of varlink (Closes: #966118)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Sun, 26 Jul 2020 10:53:39 -0400
+
+libpod (2.0.2+dfsg1-3) unstable; urgency=medium
+
+  * Team upload.
+  * Upload to unstable.
+
+ -- Reinhard Tartler <siretart@tauware.de>  Mon, 20 Jul 2020 10:18:00 -0400
+
+libpod (2.0.2+dfsg1-2) experimental; urgency=medium
+
+  * Team upload.
+  * debian/rules: Add XDG_RUNTIME_DIR settings on build
+    - Based on debian/rules from the ibus package, unbreaks
+      testsuite on many buildds
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 17 Jul 2020 06:56:20 -0400
+
+libpod (2.0.2+dfsg1-1) experimental; urgency=medium
+
+  * Team upload.
+  * New upstream version, Closes: #964378
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 16 Jul 2020 18:06:15 -0400
+
+libpod (1.6.4+dfsg1-4) unstable; urgency=medium
+
+  * Team upload.
+  * Rename golang-x-text-dev to golang-golang-x-text-dev
+
+ -- Shengjing Zhu <zhsj@debian.org>  Sun, 12 Jul 2020 18:51:51 +0800
+
+libpod (1.6.4+dfsg1-3) unstable; urgency=high
+
+  * Team upload.
+  * Do not copy up when volume is not empty
+    CVE-2020-1726, Closes: #961421
+
+ -- Reinhard Tartler <siretart@tauware.de>  Thu, 28 May 2020 17:24:41 -0400
+
+libpod (1.6.4+dfsg1-2) unstable; urgency=medium
+
+  * Un-vendored "golang-github-checkpoint-restore-go-criu-dev".
+  * Tightened dependency: "conmon (>= 2.0.2~)".
+  * rules:
+    + Golang insanity workaround.
+    + Removed obsolete "containers_image_ostree" build tag.
+
+ -- Dmitry Smirnov <onlyjob@debian.org>  Tue, 14 Jan 2020 10:56:58 +1100
+
+libpod (1.6.4+dfsg-1) unstable; urgency=medium
+
+  * New upstream release.
+  * Install "seccomp.json".
+  * Install tutorials.
+  * Un-vendored "openshift/api" library.
+  * Build-Depends:
+    - golang-github-boltdb-bolt-dev
+    + golang-github-coreos-bbolt-dev (>= 1.3.3~)
+    - golang-github-containerd-continuity-dev
+    = golang-github-containers-buildah-dev (>= 1.11.6~)
+    = golang-github-containers-image-dev (>= 5.0.0~)
+    + golang-github-openshift-api-dev
+
+ -- Dmitry Smirnov <onlyjob@debian.org>  Fri, 03 Jan 2020 08:36:51 +1100
+
+libpod (1.6.2+dfsg-3) unstable; urgency=medium
+
+  * Install annotated CNI examples.
+  * Replaced default CNI "bridge" policy with "ptp".
+
+ -- Dmitry Smirnov <onlyjob@debian.org>  Tue, 31 Dec 2019 12:07:07 +1100
+
+libpod (1.6.2+dfsg-2) unstable; urgency=medium
+
+  * Added note about "swapaccount" to README.Debian.
+  * libpod.conf: prefer "crun" over "runc".
+  * Tightened "fuse-overlayfs" dependency.
+  * Only install "registries.conf" example but not conf file.
+  * Use "tini-static" for "init_path" built-in default instead of
+    "catatonit".
+  * Added "buildah" to Recommends since it provides "containers/image" man
+    pages.
+  * Standards-Version: 4.4.1
+
+ -- Dmitry Smirnov <onlyjob@debian.org>  Sun, 29 Dec 2019 20:49:01 +1100
+
+libpod (1.6.2+dfsg-1) unstable; urgency=medium
+
+  * Initial release (Closes: #930440).
+
+ -- Dmitry Smirnov <onlyjob@debian.org>  Tue, 12 Nov 2019 13:29:33 +1100
diff --git a/debian/clean b/debian/clean
new file mode 100644
index 0000000..115bb8c
--- /dev/null
+++ b/debian/clean
@@ -0,0 +1,4 @@
+.gopathok
+docs/build/man/*.1
+docs/*.5
+pkg/hooks/docs/oci-hooks.5
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..cfda2de
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,247 @@
+Source: libpod
+Section: admin
+Priority: optional
+Standards-Version: 4.6.2
+Maintainer: Debian Go Packaging Team <pkg-go-maintainers@lists.alioth.debian.org>
+Uploaders:
+ Dmitry Smirnov <onlyjob@debian.org>,
+ Reinhard Tartler <siretart@tauware.de>,
+ Faidon Liambotis <paravoid@debian.org>,
+Build-Depends:
+ debhelper-compat (= 13),
+ bash-completion,
+ conmon,
+ dh-golang,
+ go-md2man,
+ golang-dbus-dev,
+ golang-ginkgo-dev,
+ golang-github-shirou-gopsutil-dev,
+ golang-github-mdlayher-vsock-dev,
+ golang-github-appc-cni-dev,
+ golang-github-buger-goterm-dev,
+ golang-github-checkpoint-restore-checkpointctl-dev,
+ golang-github-checkpoint-restore-go-criu-dev (>> 6),
+ golang-github-container-orchestrated-devices-container-device-interface-dev,
+ golang-github-containerd-cgroups-dev,
+ golang-github-containers-buildah-dev (>= 1.33.5),
+ golang-github-containers-common-dev (>= 0.57.4),
+ golang-github-containers-conmon-dev,
+ golang-github-containers-image-dev (>= 5.29.2~),
+ golang-github-containers-ocicrypt-dev,
+ golang-github-containers-psgo-dev,
+ golang-github-containers-storage-dev (>= 1.51),
+ golang-github-containers-gvisor-tap-vsocks-dev,
+ golang-github-coreos-bbolt-dev,
+ golang-github-coreos-go-iptables-dev,
+ golang-github-coreos-go-systemd-dev,
+ golang-github-coreos-stream-metadata-go-dev,
+ golang-github-cyphar-filepath-securejoin-dev,
+ golang-github-digitalocean-go-libvirt-dev,
+ golang-github-digitalocean-go-qemu-dev,
+ golang-github-docker-distribution-dev,
+ golang-github-docker-docker-dev,
+ golang-github-docker-go-connections-dev,
+ golang-github-docker-go-plugins-helpers-dev,
+ golang-github-docker-go-units-dev,
+ golang-github-docker-spdystream-dev,
+ golang-github-dtylman-scp-dev,
+ golang-github-fullsailor-pkcs7-dev,
+ golang-github-ghodss-yaml-dev,
+ golang-github-go-logr-logr-dev,
+ golang-github-google-shlex-dev,
+ golang-github-google-uuid-dev,
+ golang-github-gorilla-schema-dev,
+ golang-github-hashicorp-go-multierror-dev,
+ golang-github-json-iterator-go-dev,
+ golang-github-mattn-go-sqlite3-dev,
+ golang-github-moby-sys-dev,
+ golang-github-moby-term-dev,
+ golang-github-mrunalp-fileutils-dev,
+ golang-github-nxadm-tail-dev,
+ golang-github-opencontainers-go-digest-dev,
+ golang-github-opencontainers-image-spec-dev,
+ golang-github-opencontainers-runc-dev (>= 1.1.3+ds1-6),
+ golang-github-opencontainers-runtime-tools-dev (>= 0.9.0+dfsg-3~),
+ golang-github-opencontainers-selinux-dev (>= 1.11~),
+ golang-github-openshift-imagebuilder-dev,
+ golang-github-pkg-errors-dev,
+ golang-github-pkg-profile-dev,
+ golang-github-rootless-containers-rootlesskit-dev,
+ golang-github-seccomp-libseccomp-golang-dev,
+ golang-github-sirupsen-logrus-dev,
+ golang-github-stretchr-testify-dev,
+ golang-github-ulikunitz-xz-dev,
+ golang-github-vbatts-tar-split-dev,
+ golang-github-vbauerster-mpb-dev (>= 8),
+ golang-github-vishvananda-netlink-dev,
+ golang-github-vividcortex-ewma-dev,
+ golang-go,
+ golang-go-zfs-dev,
+ golang-go.opencensus-dev,
+ golang-golang-x-crypto-dev,
+ golang-golang-x-net-dev,
+ golang-golang-x-sys-dev,
+ golang-golang-x-text-dev,
+ golang-golang-x-tools,
+ golang-golang-x-xerrors-dev,
+ golang-gomega-dev,
+ golang-google-genproto-dev,
+ golang-google-grpc-dev,
+ golang-gopkg-inf.v0-dev,
+ golang-gopkg-square-go-jose.v2-dev,
+ golang-gopkg-yaml.v3-dev,
+ golang-k8s-klog-dev,
+ golang-k8s-sigs-structured-merge-diff-dev,
+ golang-k8s-sigs-yaml-dev,
+ golang-toml-dev,
+ libapparmor-dev,
+ libbtrfs-dev,
+ libdevmapper-dev,
+ libglib2.0-dev,
+ libsubid-dev,
+Homepage: https://github.com/containers/podman
+Vcs-Browser: https://salsa.debian.org/debian/libpod
+Vcs-Git: https://salsa.debian.org/debian/libpod.git
+XS-Go-Import-Path: github.com/containers/podman
+
+Package: podman
+Architecture: any
+Built-Using:
+ ${misc:Built-Using},
+Depends:
+ conmon,
+ crun | runc,
+ golang-github-containers-common,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Recommends:
+ buildah (>= 1.31),
+ catatonit | tini | dumb-init,
+ dbus-user-session,
+ passt,
+ slirp4netns,
+ uidmap,
+ ${misc:Recommends},
+Suggests:
+ containers-storage,
+ docker-compose,
+ iptables,
+ ${misc:Suggests},
+Description: tool to manage containers and pods
+ Podman (the POD MANager) is a tool for managing containers and images, volumes
+ mounted into those containers, and pods made from groups of containers.
+ .
+ At a high level, the scope of Podman and libpod is the following:
+  * Support for multiple container image formats, including OCI and Docker
+    images.
+  * Full management of those images, including pulling from various sources
+    (including trust and verification), creating (built via Containerfile or
+    Dockerfile or committed from a container), and pushing to registries and
+    other storage backends.
+  * Full management of container lifecycle, including creation (both from an
+    image and from an exploded root filesystem), running, checkpointing and
+    restoring (via CRIU), and removal.
+  * Full management of container networking, using Netavark.
+  * Support for pods, groups of containers that share resources and are managed
+    together.
+  * Support for running containers and pods without root or other elevated
+    privileges.
+  * Resource isolation of containers and pods.
+  * Support for a Docker-compatible CLI interface, which can both run
+    containers locally and on remote systems.
+  * No manager daemon, for improved security and lower resource utilization at
+    idle.
+  * Support for a REST API providing both a Docker-compatible interface and an
+    improved interface exposing advanced Podman functionality.
+  * Support for running on Windows and Mac via virtual machines run by podman
+    machine.
+ .
+ Podman is a daemon-less alternative to Docker.
+
+Package: podman-docker
+Architecture: any
+Built-Using:
+ ${misc:Built-Using},
+Depends:
+ podman,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Conflicts:
+ docker.io,
+ docker-ce-cli,
+Recommends:
+ docker-compose,
+Description: tool to manage containers and pods (Docker CLI)
+ Podman (the POD MANager) is a tool for managing containers and images, volumes
+ mounted into those containers, and pods made from groups of containers.
+ .
+ At a high level, the scope of Podman and libpod is the following:
+  * Support for multiple container image formats, including OCI and Docker
+    images.
+  * Full management of those images, including pulling from various sources
+    (including trust and verification), creating (built via Containerfile or
+    Dockerfile or committed from a container), and pushing to registries and
+    other storage backends.
+  * Full management of container lifecycle, including creation (both from an
+    image and from an exploded root filesystem), running, checkpointing and
+    restoring (via CRIU), and removal.
+  * Full management of container networking, using Netavark.
+  * Support for pods, groups of containers that share resources and are managed
+    together.
+  * Support for running containers and pods without root or other elevated
+    privileges.
+  * Resource isolation of containers and pods.
+  * Support for a Docker-compatible CLI interface, which can both run
+    containers locally and on remote systems.
+  * No manager daemon, for improved security and lower resource utilization at
+    idle.
+  * Support for a REST API providing both a Docker-compatible interface and an
+    improved interface exposing advanced Podman functionality.
+  * Support for running on Windows and Mac via virtual machines run by podman
+    machine.
+ .
+ Podman is a daemon-less alternative to Docker.
+ .
+ This package installs a Docker-compatible CLI interface, capable of running
+ containers locally and on remote systems.
+
+Package: podman-remote
+Architecture: any
+Built-Using:
+ ${misc:Built-Using},
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: tool to manage containers and pods (remote CLI)
+ Podman (the POD MANager) is a tool for managing containers and images, volumes
+ mounted into those containers, and pods made from groups of containers.
+ .
+ At a high level, the scope of Podman and libpod is the following:
+  * Support for multiple container image formats, including OCI and Docker
+    images.
+  * Full management of those images, including pulling from various sources
+    (including trust and verification), creating (built via Containerfile or
+    Dockerfile or committed from a container), and pushing to registries and
+    other storage backends.
+  * Full management of container lifecycle, including creation (both from an
+    image and from an exploded root filesystem), running, checkpointing and
+    restoring (via CRIU), and removal.
+  * Full management of container networking, using Netavark.
+  * Support for pods, groups of containers that share resources and are managed
+    together.
+  * Support for running containers and pods without root or other elevated
+    privileges.
+  * Resource isolation of containers and pods.
+  * Support for a Docker-compatible CLI interface, which can both run
+    containers locally and on remote systems.
+  * No manager daemon, for improved security and lower resource utilization at
+    idle.
+  * Support for a REST API providing both a Docker-compatible interface and an
+    improved interface exposing advanced Podman functionality.
+  * Support for running on Windows and Mac via virtual machines run by podman
+    machine.
+ .
+ Podman is a daemon-less alternative to Docker.
+ .
+ This package provides a smaller executable, a local client to interact with a
+ Podman backend node through a RESTful API tunneled through an SSH connection.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..af04a40
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,137 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: podman
+Source: https://github.com/containers/podman
+Files-Excluded:
+ vendor
+ test/tools/vendor
+
+Files: *
+Copyright: 2016-2023, Red Hat, Inc.
+License: Apache-2.0
+
+Files: contrib/snapcraft/*
+Copyright: 2017, Snapcrafters
+License: Expat
+
+Files: debian/*
+Copyright: 2023, Faidon Liambotis <paravoid@debian.org>
+ 2020-2023, Reinhard Tartler <siretart@tauware.de>
+ 2018-2020, Dmitry Smirnov <onlyjob@debian.org>
+License: Apache-2.0
+
+Files: debian/expand.go
+Copyright: 2009, The Go Authors.
+License: BSD-3-clause
+
+Files: hack/fork_exec_snoop.bt
+Copyright: 2023, Paul Wallrabe <pwallrab@redhat.com>
+ 2022, Nicolas Hillegeer <nicolas@hillegeer.com>
+License: Apache-2.0
+
+Files: libpod/networking_pasta_linux.go
+Copyright: 2022, Red Hat GmbH
+License: Apache-2.0
+
+Files: pkg/*
+Copyright: 2013-2018, Docker, Inc.
+License: Apache-2.0
+
+Files: pkg/k8s.io/*
+Copyright: belongs to the Kubernetes Authors and is licensed under Apache-2.0, also check the license headers in the files.
+License: Apache-2.0
+
+Files: pkg/k8s.io/api/apps/*
+Copyright: 2014-2017, 2020, The Kubernetes Authors.
+License: Apache-2.0
+
+Files: pkg/k8s.io/api/core/*
+Copyright: 2014-2017, 2020, The Kubernetes Authors.
+License: Apache-2.0
+
+Files: pkg/k8s.io/apimachinery/pkg/*
+Copyright: 2014-2017, 2020, The Kubernetes Authors.
+License: Apache-2.0
+
+Files: pkg/systemd/parser/unitfile_test.go
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: pkg/util/camelcase/*
+Copyright: 2015, Fatih Arslan
+License: Expat
+
+Files: test/system/505-networking-pasta.bats
+Copyright: 2022, Red Hat GmbH
+License: Apache-2.0
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache version 2.0 license
+ can be found in "/usr/share/common-licenses/Apache-2.0".
+
+License: BSD-3-clause
+ The BSD License
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+   * Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+ .
+   * Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in the
+     documentation and/or other materials provided with the distribution. 
+ .
+   * Neither the name of the copyright holder nor the names of its
+     contributors may be used to endorse or promote products derived from
+     this software without specific prior written permission. 
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining a copy of
+ this software and associated documentation files (the "Software"), to deal in
+ the Software without restriction, including without limitation the rights to
+ use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ the Software, and to permit persons to whom the Software is furnished to do so,
+ subject to the following conditions:
+ .
+  The above copyright notice and this permission notice shall be included in all
+  copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+License: LGPL-2.1+
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by the
+ Free Software Foundation; version 2.1 of the License, or (at
+ your option) any later version.
+ On Debian systems, the complete text of version 2.1 of the GNU Lesser
+ General Public License can be found in '/usr/share/common-licenses/LGPL-2.1'.
diff --git a/debian/etc/containers/libpod.conf b/debian/etc/containers/libpod.conf
new file mode 100644
index 0000000..17f7939
--- /dev/null
+++ b/debian/etc/containers/libpod.conf
@@ -0,0 +1,149 @@
+# libpod.conf(5) is the default configuration file for all tools using
+# libpod to manage containers
+
+# Default transport method for pulling and pushing for images
+image_default_transport = "docker://"
+
+# Paths to look for the conmon container manager binary.
+# If the paths are empty or no valid path was found, then the `$PATH`
+# environment variable will be used as the fallback.
+conmon_path = [
+    "/usr/bin/conmon",
+    "/usr/sbin/conmon",
+    "/usr/libexec/podman/conmon",
+    "/usr/local/libexec/crio/conmon",
+    "/usr/lib/podman/bin/conmon",
+    "/usr/libexec/crio/conmon",
+    "/usr/lib/crio/bin/conmon"
+]
+
+# Environment variables to pass into conmon
+conmon_env_vars = [
+    "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+]
+
+# CGroup Manager - valid values are "systemd" and "cgroupfs"
+cgroup_manager = "systemd"
+
+# Container init binary
+#init_path = "/usr/bin/tini"
+#init_path = "/usr/bin/tini-static"
+#init_path = "/usr/bin/dumb-init"
+#init_path = "/usr/bin/catatonit"
+
+
+# Directory for persistent libpod files (database, etc)
+# By default, this will be configured relative to where containers/storage
+# stores containers
+# Uncomment to change location from this default
+#static_dir = "/var/lib/containers/storage/libpod"
+
+# Directory for temporary files. Must be tmpfs (wiped after reboot)
+tmp_dir = "/var/run/libpod"
+
+# Maximum size of log files (in bytes)
+# -1 is unlimited
+max_log_size = -1
+
+# Whether to use chroot instead of pivot_root in the runtime
+no_pivot_root = false
+
+# Directory containing CNI plugin configuration files
+cni_config_dir = "/etc/cni/net.d/"
+
+# Directories where the CNI plugin binaries may be located
+cni_plugin_dir = [
+    "/usr/lib/cni",
+    "/usr/local/lib/cni",
+    "/opt/cni/bin"
+]
+
+# Default CNI network for libpod.
+# If multiple CNI network configs are present, libpod will use the network with
+# the name given here for containers unless explicitly overridden.
+# The default here is set to the name we set in the
+# 87-podman-bridge.conflist included in the repository.
+# Not setting this, or setting it to the empty string, will use normal CNI
+# precedence rules for selecting between multiple networks.
+cni_default_network = "podman"
+
+# Default libpod namespace
+# If libpod is joined to a namespace, it will see only containers and pods
+# that were created in the same namespace, and will create new containers and
+# pods in that namespace.
+# The default namespace is "", which corresponds to no namespace. When no
+# namespace is set, all containers and pods are visible.
+#namespace = ""
+
+# Default infra (pause) image name for pod infra containers
+infra_image = "k8s.gcr.io/pause:3.1"
+
+# Default command to run the infra container
+infra_command = "/pause"
+
+# Determines whether libpod will reserve ports on the host when they are
+# forwarded to containers. When enabled, when ports are forwarded to containers,
+# they are held open by conmon as long as the container is running, ensuring that
+# they cannot be reused by other programs on the host. However, this can cause
+# significant memory usage if a container has many ports forwarded to it.
+# Disabling this can save memory.
+#enable_port_reservation = true
+
+# Default libpod support for container labeling
+# label=true
+
+# The locking mechanism to use
+lock_type = "shm"
+
+# Number of locks available for containers and pods.
+# If this is changed, a lock renumber must be performed (e.g. with the
+# 'podman system renumber' command).
+num_locks = 2048
+
+# Directory for libpod named volumes.
+# By default, this will be configured relative to where containers/storage
+# stores containers.
+# Uncomment to change location from this default.
+#volume_path = "/var/lib/containers/storage/volumes"
+
+# Selects which logging mechanism to use for Podman events.  Valid values
+# are `journald` or `file`.
+# events_logger = "journald"
+
+# Specify the keys sequence used to detach a container.
+# Format is a single character [a-Z] or a comma separated sequence of
+# `ctrl-<value>`, where `<value>` is one of:
+# `a-z`, `@`, `^`, `[`, `\`, `]`, `^` or `_`
+#
+# detach_keys = "ctrl-p,ctrl-q"
+
+# Default OCI runtime
+runtime = "crun"
+#runtime = "runc"
+
+# List of the OCI runtimes that support --format=json.  When json is supported
+# libpod will use it for reporting nicer errors.
+runtime_supports_json = ["crun", "runc"]
+
+# List of all the OCI runtimes that support --cgroup-manager=disable to disable
+# creation of CGroups for containers.
+runtime_supports_nocgroups = ["crun"]
+
+# Paths to look for a valid OCI runtime (runc, runv, etc)
+# If the paths are empty or no valid path was found, then the `$PATH`
+# environment variable will be used as the fallback.
+[runtimes]
+
+runc = [
+    "/usr/sbin/runc",
+]
+
+crun = [
+    "/usr/bin/crun"
+]
+
+# The [runtimes] table MUST be the last thing in this file.
+# (Unless another table is added)
+# TOML does not provide a way to end a table other than a further table being
+# defined, so every key hereafter will be part of [runtimes] and not the main
+# config.
diff --git a/debian/examples/cni/net.d/87-podman-bridge.conflist b/debian/examples/cni/net.d/87-podman-bridge.conflist
new file mode 100644
index 0000000..f65895a
--- /dev/null
+++ b/debian/examples/cni/net.d/87-podman-bridge.conflist
@@ -0,0 +1,37 @@
+{
+  "cniVersion": "0.4.0",
+  "name": "podman",
+  "plugins": [
+    {
+        "type": "bridge",
+            "Documentation": "/usr/share/doc/containernetworking-plugins/main_bridge.md",
+        "bridge": "cni-podman0",
+        "isGateway": true,
+        "ipMasq": true,
+        "ipam": {
+            "type": "host-local",
+                "Documentation": "/usr/share/doc/containernetworking-plugins/ipam_host-local.md",
+            "routes": [
+                { "dst": "0.0.0.0/0" }
+            ],
+            "ranges": [
+                [
+                    { "subnet": "10.88.0.0/16", "gateway": "10.88.0.1" }
+                ]
+            ]
+        }
+    },
+
+    {
+        "type": "portmap",
+            "Documentation": "/usr/share/doc/containernetworking-plugins/meta_portmap.md",
+        "capabilities": { "portMappings": true }
+    },
+
+    {
+        "type": "firewall",
+            "Documentation": "/usr/share/doc/containernetworking-plugins/meta_firewall.md",
+        "backend": "iptables"
+    }
+  ]
+}
diff --git a/debian/examples/cni/net.d/87-podman-bridge_l2.conflist b/debian/examples/cni/net.d/87-podman-bridge_l2.conflist
new file mode 100644
index 0000000..fc09944
--- /dev/null
+++ b/debian/examples/cni/net.d/87-podman-bridge_l2.conflist
@@ -0,0 +1,24 @@
+{
+  "cniVersion": "0.4.0",
+  "name": "podman",
+  "plugins": [
+    {
+        "type": "bridge",
+            "Documentation": "/usr/share/doc/containernetworking-plugins/main_bridge.md",
+        "bridge": "br0",
+        "ipam": { }
+    },
+
+    {
+        "type": "portmap",
+            "Documentation": "/usr/share/doc/containernetworking-plugins/meta_portmap.md",
+        "capabilities": { "portMappings": true }
+    },
+
+    {
+        "type": "firewall",
+            "Documentation": "/usr/share/doc/containernetworking-plugins/meta_firewall.md",
+        "backend": "iptables"
+    }
+  ]
+}
diff --git a/debian/examples/cni/net.d/87-podman-ptp.conflist b/debian/examples/cni/net.d/87-podman-ptp.conflist
new file mode 100644
index 0000000..f458b0c
--- /dev/null
+++ b/debian/examples/cni/net.d/87-podman-ptp.conflist
@@ -0,0 +1,31 @@
+{
+  "cniVersion": "0.4.0",
+  "name": "podman",
+  "plugins": [
+    {
+        "type": "ptp",
+            "Documentation": "/usr/share/doc/containernetworking-plugins/main_ptp.md",
+        "ipMasq": true,
+        "ipam": {
+            "type": "host-local",
+                "Documentation": "/usr/share/doc/containernetworking-plugins/ipam_host-local.md",
+            "subnet": "172.16.16.0/24",
+            "routes": [
+                { "dst": "0.0.0.0/0" }
+            ]
+        }
+    },
+
+    {
+        "type": "portmap",
+            "Documentation": "/usr/share/doc/containernetworking-plugins/meta_portmap.md",
+        "capabilities": { "portMappings": true }
+    },
+
+    {
+        "type": "firewall",
+            "Documentation": "/usr/share/doc/containernetworking-plugins/meta_firewall.md",
+        "backend": "iptables"
+    }
+  ]
+}
diff --git a/debian/examples/registries.conf b/debian/examples/registries.conf
new file mode 100644
index 0000000..dc771ed
--- /dev/null
+++ b/debian/examples/registries.conf
@@ -0,0 +1,11 @@
+## containers-registries.conf(5): System Registry Configuration File
+
+[registries.search]
+registries = ['docker.io', 'registry.fedoraproject.org']
+
+[registries.insecure]
+registries = []
+
+#blocked (docker only)
+[registries.block]
+registries = []
diff --git a/debian/expand.go b/debian/expand.go
new file mode 100644
index 0000000..6bf0ea8
--- /dev/null
+++ b/debian/expand.go
@@ -0,0 +1,102 @@
+package expansion
+
+import (
+	"bytes"
+)
+
+const (
+	operator        = '$'
+	referenceOpener = '('
+	referenceCloser = ')'
+)
+
+// syntaxWrap returns the input string wrapped by the expansion syntax.
+func syntaxWrap(input string) string {
+	return string(operator) + string(referenceOpener) + input + string(referenceCloser)
+}
+
+// MappingFuncFor returns a mapping function for use with Expand that
+// implements the expansion semantics defined in the expansion spec; it
+// returns the input string wrapped in the expansion syntax if no mapping
+// for the input is found.
+func MappingFuncFor(context ...map[string]string) func(string) string {
+	return func(input string) string {
+		for _, vars := range context {
+			val, ok := vars[input]
+			if ok {
+				return val
+			}
+		}
+
+		return syntaxWrap(input)
+	}
+}
+
+// Expand replaces variable references in the input string according to
+// the expansion spec using the given mapping function to resolve the
+// values of variables.
+func Expand(input string, mapping func(string) string) string {
+	var buf bytes.Buffer
+	checkpoint := 0
+	for cursor := 0; cursor < len(input); cursor++ {
+		if input[cursor] == operator && cursor+1 < len(input) {
+			// Copy the portion of the input string since the last
+			// checkpoint into the buffer
+			buf.WriteString(input[checkpoint:cursor])
+
+			// Attempt to read the variable name as defined by the
+			// syntax from the input string
+			read, isVar, advance := tryReadVariableName(input[cursor+1:])
+
+			if isVar {
+				// We were able to read a variable name correctly;
+				// apply the mapping to the variable name and copy the
+				// bytes into the buffer
+				buf.WriteString(mapping(read))
+			} else {
+				// Not a variable name; copy the read bytes into the buffer
+				buf.WriteString(read)
+			}
+
+			// Advance the cursor in the input string to account for
+			// bytes consumed to read the variable name expression
+			cursor += advance
+
+			// Advance the checkpoint in the input string
+			checkpoint = cursor + 1
+		}
+	}
+
+	// Return the buffer and any remaining unwritten bytes in the
+	// input string.
+	return buf.String() + input[checkpoint:]
+}
+
+// tryReadVariableName attempts to read a variable name from the input
+// string and returns the content read from the input, whether that content
+// represents a variable name to perform mapping on, and the number of bytes
+// consumed in the input string.
+//
+// The input string is assumed not to contain the initial operator.
+func tryReadVariableName(input string) (string, bool, int) {
+	switch input[0] {
+	case operator:
+		// Escaped operator; return it.
+		return input[0:1], false, 1
+	case referenceOpener:
+		// Scan to expression closer
+		for i := 1; i < len(input); i++ {
+			if input[i] == referenceCloser {
+				return input[1:i], true, i + 1
+			}
+		}
+
+		// Incomplete reference; return it.
+		return string(operator) + string(referenceOpener), false, 1
+	default:
+		// Not the beginning of an expression, ie, an operator
+		// that doesn't begin an expression.  Return the operator
+		// and the first rune in the string.
+		return (string(operator) + string(input[0])), false, 1
+	}
+}
diff --git a/debian/fill.copyright.blanks.yml b/debian/fill.copyright.blanks.yml
new file mode 100644
index 0000000..4581c0b
--- /dev/null
+++ b/debian/fill.copyright.blanks.yml
@@ -0,0 +1,14 @@
+---
+vendor/github.com/uber/jaeger-client-go/:
+  license: Apache-2.0
+  'override-copyright': 2017,2018 Uber Technologies, Inc.
+
+vendor/github.com/uber/jaeger-lib/metrics/histogram.go:
+  skip: 1
+
+vendor/google.golang.org/protobuf:
+  skip: 1
+
+vendor/github.com/gorilla/schema*:
+  'override-copyright': 2012, Rodrigo Moraes
+  license: BSD-3-clause
diff --git a/debian/fix.scanned.copyright b/debian/fix.scanned.copyright
new file mode 100644
index 0000000..0c08a31
--- /dev/null
+++ b/debian/fix.scanned.copyright
@@ -0,0 +1,11 @@
+! Copyright License:"Expat"
+! Copyright License:"Apache-2.0"
+
+! Files:"pkg/util/camelcase/*"
+  Copyright="2015, Fatih Arslan"
+  License short_name=Expat
+  full_license~
+
+! Files:"vendor/github.com/gorilla/schema/*"
+  Copyright="2012, Rodrigo Moraes"
+  License short_name=BSD-3-clause
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..2d3c321
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,4 @@
+[DEFAULT]
+debian-branch = debian/experimental
+upstream-branch = upstream/latest
+upstream-vcs-tag = v%(version%~%-)s
diff --git a/debian/patches/downgrade-checkpoint-restore-criu.patch b/debian/patches/downgrade-checkpoint-restore-criu.patch
new file mode 100644
index 0000000..2d1df85
--- /dev/null
+++ b/debian/patches/downgrade-checkpoint-restore-criu.patch
@@ -0,0 +1,54 @@
+Index: libpod/libpod/container_internal_common.go
+===================================================================
+--- libpod.orig/libpod/container_internal_common.go
++++ libpod/libpod/container_internal_common.go
+@@ -21,7 +21,7 @@ import (
+ 	"time"
+ 
+ 	metadata "github.com/checkpoint-restore/checkpointctl/lib"
+-	"github.com/checkpoint-restore/go-criu/v7/stats"
++	"github.com/checkpoint-restore/go-criu/v6/stats"
+ 	"github.com/containers/buildah"
+ 	"github.com/containers/buildah/pkg/chrootuser"
+ 	"github.com/containers/buildah/pkg/overlay"
+Index: libpod/pkg/checkpoint/crutils/checkpoint_restore_utils.go
+===================================================================
+--- libpod.orig/pkg/checkpoint/crutils/checkpoint_restore_utils.go
++++ libpod/pkg/checkpoint/crutils/checkpoint_restore_utils.go
+@@ -10,7 +10,7 @@ import (
+ 	"path/filepath"
+ 
+ 	metadata "github.com/checkpoint-restore/checkpointctl/lib"
+-	"github.com/checkpoint-restore/go-criu/v7/stats"
++	"github.com/checkpoint-restore/go-criu/v6/stats"
+ 	"github.com/containers/storage/pkg/archive"
+ 	"github.com/opencontainers/selinux/go-selinux/label"
+ )
+Index: libpod/pkg/criu/criu_linux.go
+===================================================================
+--- libpod.orig/pkg/criu/criu_linux.go
++++ libpod/pkg/criu/criu_linux.go
+@@ -6,8 +6,8 @@ package criu
+ import (
+ 	"fmt"
+ 
+-	"github.com/checkpoint-restore/go-criu/v7"
+-	"github.com/checkpoint-restore/go-criu/v7/rpc"
++	"github.com/checkpoint-restore/go-criu/v6"
++	"github.com/checkpoint-restore/go-criu/v6/rpc"
+ 
+ 	"google.golang.org/protobuf/proto"
+ )
+Index: libpod/test/e2e/checkpoint_test.go
+===================================================================
+--- libpod.orig/test/e2e/checkpoint_test.go
++++ libpod/test/e2e/checkpoint_test.go
+@@ -10,7 +10,7 @@ import (
+ 	"strings"
+ 	"time"
+ 
+-	"github.com/checkpoint-restore/go-criu/v7/stats"
++	"github.com/checkpoint-restore/go-criu/v6/stats"
+ 	"github.com/containers/podman/v4/pkg/checkpoint/crutils"
+ 	"github.com/containers/podman/v4/pkg/criu"
+ 	"github.com/containers/podman/v4/pkg/domain/entities"
diff --git a/debian/patches/pkg-fileserver-buildtags.patch b/debian/patches/pkg-fileserver-buildtags.patch
new file mode 100644
index 0000000..6b6f6d8
--- /dev/null
+++ b/debian/patches/pkg-fileserver-buildtags.patch
@@ -0,0 +1,25 @@
+From: Reinhard Tartler <siretart@tauware.de>
+Subject: avoid building pkg/fileserver implemenation
+
+The plan9 server is only relevant for the windows build
+
+Index: libpod/pkg/fileserver/plan9/serve.go
+===================================================================
+--- libpod.orig/pkg/fileserver/plan9/serve.go
++++ libpod/pkg/fileserver/plan9/serve.go
+@@ -1,3 +1,5 @@
++//go:build windows
++// +build windows
+ package plan9
+ 
+ import (
+Index: libpod/pkg/fileserver/server_windows.go
+===================================================================
+--- libpod.orig/pkg/fileserver/server_windows.go
++++ libpod/pkg/fileserver/server_windows.go
+@@ -1,3 +1,5 @@
++//go:build windows
++// +build windows
+ package fileserver
+ 
+ import (
diff --git a/debian/patches/revert-newer-docker.patch b/debian/patches/revert-newer-docker.patch
new file mode 100644
index 0000000..b8aee01
--- /dev/null
+++ b/debian/patches/revert-newer-docker.patch
@@ -0,0 +1,149 @@
+This patch reverts commit e308ba0215baa95be5e177533adc1e15029e0869
+Author: Miloslav Trmač <mitr@redhat.com>
+Date:   Wed Jan 25 19:22:41 2023 +0100
+
+    Vendor c/image after https://github.com/containers/image/pull/1816
+    
+    Also includes unreleased https://github.com/openshift/imagebuilder/pull/246 to work
+    with the updated docker/docker dependency.
+    
+    And updates some references to newly deprecated docker/docker symbols.
+    
+    [NO NEW TESTS NEEDED]
+    
+    Signed-off-by: Miloslav Trmač <mitr@redhat.com>
+
+Index: libpod/pkg/api/handlers/compat/system.go
+===================================================================
+--- libpod.orig/pkg/api/handlers/compat/system.go
++++ libpod/pkg/api/handlers/compat/system.go
+@@ -11,7 +11,6 @@ import (
+ 	"github.com/containers/podman/v4/pkg/domain/entities"
+ 	"github.com/containers/podman/v4/pkg/domain/infra/abi"
+ 	docker "github.com/docker/docker/api/types"
+-	"github.com/docker/docker/api/types/volume"
+ )
+ 
+ func GetDiskUsage(w http.ResponseWriter, r *http.Request) {
+@@ -65,9 +64,9 @@ func GetDiskUsage(w http.ResponseWriter,
+ 		ctnrs[i] = &t
+ 	}
+ 
+-	vols := make([]*volume.Volume, len(df.Volumes))
++	vols := make([]*docker.Volume, len(df.Volumes))
+ 	for i, o := range df.Volumes {
+-		t := volume.Volume{
++		t := docker.Volume{
+ 			CreatedAt:  "",
+ 			Driver:     "",
+ 			Labels:     map[string]string{},
+@@ -76,7 +75,7 @@ func GetDiskUsage(w http.ResponseWriter,
+ 			Options:    nil,
+ 			Scope:      "local",
+ 			Status:     nil,
+-			UsageData: &volume.UsageData{
++			UsageData: &docker.VolumeUsageData{
+ 				RefCount: int64(o.Links),
+ 				Size:     o.Size,
+ 			},
+Index: libpod/pkg/api/handlers/compat/volumes.go
+===================================================================
+--- libpod.orig/pkg/api/handlers/compat/volumes.go
++++ libpod/pkg/api/handlers/compat/volumes.go
+@@ -55,14 +55,14 @@ func ListVolumes(w http.ResponseWriter,
+ 		utils.InternalServerError(w, err)
+ 		return
+ 	}
+-	volumeConfigs := make([]*docker_api_types_volume.Volume, 0, len(vols))
++	volumeConfigs := make([]*docker_api_types.Volume, 0, len(vols))
+ 	for _, v := range vols {
+ 		mp, err := v.MountPoint()
+ 		if err != nil {
+ 			utils.InternalServerError(w, err)
+ 			return
+ 		}
+-		config := docker_api_types_volume.Volume{
++		config := docker_api_types.Volume{
+ 			Name:       v.Name(),
+ 			Driver:     v.Driver(),
+ 			Mountpoint: mp,
+@@ -73,7 +73,7 @@ func ListVolumes(w http.ResponseWriter,
+ 		}
+ 		volumeConfigs = append(volumeConfigs, &config)
+ 	}
+-	response := docker_api_types_volume.ListResponse{
++	response := docker_api_types_volume.VolumeListOKBody{
+ 		Volumes:  volumeConfigs,
+ 		Warnings: []string{},
+ 	}
+@@ -94,7 +94,7 @@ func CreateVolume(w http.ResponseWriter,
+ 		return
+ 	}
+ 	// decode params from body
+-	input := docker_api_types_volume.CreateOptions{}
++	input := docker_api_types_volume.VolumeCreateBody{}
+ 	if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
+ 		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("Decode(): %w", err))
+ 		return
+@@ -121,7 +121,7 @@ func CreateVolume(w http.ResponseWriter,
+ 			utils.InternalServerError(w, err)
+ 			return
+ 		}
+-		response := docker_api_types_volume.Volume{
++		response := docker_api_types.Volume{
+ 			CreatedAt:  existingVolume.CreatedTime().Format(time.RFC3339),
+ 			Driver:     existingVolume.Driver(),
+ 			Labels:     existingVolume.Labels(),
+@@ -166,7 +166,7 @@ func CreateVolume(w http.ResponseWriter,
+ 		utils.InternalServerError(w, err)
+ 		return
+ 	}
+-	volResponse := docker_api_types_volume.Volume{
++	volResponse := docker_api_types.Volume{
+ 		Name:       config.Name,
+ 		Driver:     config.Driver,
+ 		Mountpoint: mp,
+@@ -196,7 +196,7 @@ func InspectVolume(w http.ResponseWriter
+ 		utils.InternalServerError(w, err)
+ 		return
+ 	}
+-	volResponse := docker_api_types_volume.Volume{
++	volResponse := docker_api_types.Volume{
+ 		Name:       vol.Name(),
+ 		Driver:     vol.Driver(),
+ 		Mountpoint: mp,
+Index: libpod/pkg/api/handlers/swagger/responses.go
+===================================================================
+--- libpod.orig/pkg/api/handlers/swagger/responses.go
++++ libpod/pkg/api/handlers/swagger/responses.go
+@@ -240,7 +240,7 @@ type containersList struct {
+ // swagger:response
+ type volumeInspect struct {
+ 	// in:body
+-	Body dockerVolume.Volume
++	Body dockerAPI.Volume
+ }
+ 
+ // Volume prune
+@@ -254,7 +254,7 @@ type volumePruneResponse struct {
+ // swagger:response
+ type volumeList struct {
+ 	// in:body
+-	Body dockerVolume.ListResponse
++	Body dockerVolume.VolumeListOKBody
+ }
+ 
+ // Volume list
+Index: libpod/test/apiv2/45-system.at
+===================================================================
+--- libpod.orig/test/apiv2/45-system.at
++++ libpod/test/apiv2/45-system.at
+@@ -7,7 +7,7 @@
+ t POST 'libpod/system/prune?volumes=true&all=true' params='' 200
+ 
+ ## podman system df
+-t GET system/df 200 '{"LayersSize":0,"Images":[],"Containers":[],"Volumes":[],"BuildCache":[]}'
++t GET system/df 200 '{"LayersSize":0,"Images":[],"Containers":[],"Volumes":[],"BuildCache":[],"BuilderSize":0}'
+ t GET libpod/system/df 200 '{"ImagesSize":0,"Images":[],"Containers":[],"Volumes":[]}'
+ 
+ # Create volume. We expect df to report this volume next invocation of system/df
diff --git a/debian/patches/revert-newer-docker2.patch b/debian/patches/revert-newer-docker2.patch
new file mode 100644
index 0000000..7ce2457
--- /dev/null
+++ b/debian/patches/revert-newer-docker2.patch
@@ -0,0 +1,96 @@
+Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
+Date:   Tue May 16 19:12:07 2023 +0000
+Subject: Revert 6b48e9962cfec5ffb89b40e9e924ccd80ba8df0a
+
+    fix(deps): update module github.com/docker/docker to v24
+    
+    Also reflect removed/deprecated fields in the compat API.
+
+Index: libpod/pkg/api/handlers/compat/auth.go
+===================================================================
+--- libpod.orig/pkg/api/handlers/compat/auth.go
++++ libpod/pkg/api/handlers/compat/auth.go
+@@ -15,11 +15,11 @@ import (
+ 	"github.com/containers/podman/v4/pkg/api/handlers/utils"
+ 	api "github.com/containers/podman/v4/pkg/api/types"
+ 	"github.com/containers/podman/v4/pkg/domain/entities"
+-	"github.com/docker/docker/api/types/registry"
++	docker "github.com/docker/docker/api/types"
+ )
+ 
+ func Auth(w http.ResponseWriter, r *http.Request) {
+-	var authConfig registry.AuthConfig
++	var authConfig docker.AuthConfig
+ 	err := json.NewDecoder(r.Body).Decode(&authConfig)
+ 	if err != nil {
+ 		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("failed to parse request: %w", err))
+Index: libpod/pkg/api/handlers/compat/info.go
+===================================================================
+--- libpod.orig/pkg/api/handlers/compat/info.go
++++ libpod/pkg/api/handlers/compat/info.go
+@@ -62,6 +62,8 @@ func GetInfo(w http.ResponseWriter, r *h
+ 			CPUSet:             sysInfo.Cpuset,
+ 			CPUShares:          sysInfo.CPUShares,
+ 			CgroupDriver:       configInfo.Engine.CgroupManager,
++			ClusterAdvertise:   "",
++			ClusterStore:       "",
+ 			ContainerdCommit:   docker.Commit{},
+ 			Containers:         infoData.Store.ContainerStore.Number,
+ 			ContainersPaused:   stateInfo[define.ContainerStatePaused],
+Index: libpod/pkg/auth/auth.go
+===================================================================
+--- libpod.orig/pkg/auth/auth.go
++++ libpod/pkg/auth/auth.go
+@@ -10,7 +10,7 @@ import (
+ 
+ 	imageAuth "github.com/containers/image/v5/pkg/docker/config"
+ 	"github.com/containers/image/v5/types"
+-	dockerAPITypes "github.com/docker/docker/api/types/registry"
++	dockerAPITypes "github.com/docker/docker/api/types"
+ 	"github.com/sirupsen/logrus"
+ )
+ 
+Index: libpod/pkg/specgen/generate/kube/kube.go
+===================================================================
+--- libpod.orig/pkg/specgen/generate/kube/kube.go
++++ libpod/pkg/specgen/generate/kube/kube.go
+@@ -35,7 +35,7 @@ import (
+ 	"github.com/containers/podman/v4/pkg/specgen/generate"
+ 	systemdDefine "github.com/containers/podman/v4/pkg/systemd/define"
+ 	"github.com/containers/podman/v4/pkg/util"
+-	"github.com/docker/docker/pkg/meminfo"
++	"github.com/docker/docker/pkg/system"
+ 	"github.com/docker/go-units"
+ 	spec "github.com/opencontainers/runtime-spec/specs-go"
+ 	"github.com/sirupsen/logrus"
+@@ -1122,7 +1122,7 @@ func getContainerResources(container v1.
+ 	requests := container.Resources.Requests
+ 
+ 	if limits == nil || limits.Memory().IsZero() {
+-		mi, err := meminfo.Read()
++		mi, err := system.ReadMemInfo()
+ 		if err != nil {
+ 			return result, err
+ 		}
+Index: libpod/pkg/specgen/generate/kube/play_test.go
+===================================================================
+--- libpod.orig/pkg/specgen/generate/kube/play_test.go
++++ libpod/pkg/specgen/generate/kube/play_test.go
+@@ -15,7 +15,7 @@ import (
+ 	v12 "github.com/containers/podman/v4/pkg/k8s.io/apimachinery/pkg/apis/meta/v1"
+ 	"github.com/containers/podman/v4/pkg/k8s.io/apimachinery/pkg/util/intstr"
+ 	"github.com/containers/podman/v4/pkg/specgen"
+-	"github.com/docker/docker/pkg/meminfo"
++	"github.com/docker/docker/pkg/system"
+ 	"github.com/stretchr/testify/assert"
+ 	"sigs.k8s.io/yaml"
+ )
+@@ -448,7 +448,7 @@ func TestEnvVarValue(t *testing.T) {
+ 	secretsManager := createSecrets(t, d)
+ 	stringNumCPUs := strconv.Itoa(runtime.NumCPU())
+ 
+-	mi, err := meminfo.Read()
++	mi, err := system.ReadMemInfo()
+ 	assert.Nil(t, err)
+ 	stringMemTotal := strconv.FormatInt(mi.MemTotal, 10)
+ 
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..92a8c19
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,6 @@
+system-goimports.patch
+downgrade-checkpoint-restore-criu.patch
+revert-newer-docker.patch
+revert-newer-docker2.patch
+sigstore-tests.patch
+pkg-fileserver-buildtags.patch
diff --git a/debian/patches/sigstore-tests.patch b/debian/patches/sigstore-tests.patch
new file mode 100644
index 0000000..96ab794
--- /dev/null
+++ b/debian/patches/sigstore-tests.patch
@@ -0,0 +1,40 @@
+Index: libpod/pkg/trust/policy_test.go
+===================================================================
+--- libpod.orig/pkg/trust/policy_test.go
++++ libpod/pkg/trust/policy_test.go
+@@ -49,11 +49,6 @@ func TestAddPolicyEntries(t *testing.T)
+ 		},
+ 		{
+ 			Scope:       "default",
+-			Type:        "sigstoreSigned",
+-			PubKeyFiles: []string{}, // A key is missing
+-		},
+-		{
+-			Scope:       "default",
+ 			Type:        "this-is-unknown",
+ 			PubKeyFiles: []string{},
+ 		},
+@@ -78,12 +73,6 @@ func TestAddPolicyEntries(t *testing.T)
+ 		PubKeyFiles: []string{"/1.pub", "/2.pub"},
+ 	})
+ 	assert.NoError(t, err)
+-	err = AddPolicyEntries(policyPath, AddPolicyEntriesInput{
+-		Scope:       "quay.io/sigstore-signed",
+-		Type:        "sigstoreSigned",
+-		PubKeyFiles: []string{"/1.pub", "/2.pub"},
+-	})
+-	assert.NoError(t, err)
+ 
+ 	// Test that the outcome is consumable, and compare it with the expected values.
+ 	parsedPolicy, err := signature.NewPolicyFromFile(policyPath)
+@@ -101,10 +90,6 @@ func TestAddPolicyEntries(t *testing.T)
+ 					xNewPRSignedByKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+ 					xNewPRSignedByKeyPath(t, "/2.pub", signature.NewPRMMatchRepoDigestOrExact()),
+ 				},
+-				"quay.io/sigstore-signed": {
+-					xNewPRSigstoreSignedKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+-					xNewPRSigstoreSignedKeyPath(t, "/2.pub", signature.NewPRMMatchRepoDigestOrExact()),
+-				},
+ 			},
+ 		},
+ 	}, parsedPolicy)
diff --git a/debian/patches/system-goimports.patch b/debian/patches/system-goimports.patch
new file mode 100644
index 0000000..1e51ec8
--- /dev/null
+++ b/debian/patches/system-goimports.patch
@@ -0,0 +1,13 @@
+Index: libpod/pkg/bindings/generator/generator.go
+===================================================================
+--- libpod.orig/pkg/bindings/generator/generator.go
++++ libpod/pkg/bindings/generator/generator.go
+@@ -170,7 +170,7 @@ func main() {
+ 		}
+ 
+ 		// go import file
+-		goimport := exec.Command("../../../test/tools/build/goimports", "-w", out.Name())
++		goimport := exec.Command("goimports", "-w", out.Name())
+ 		goimport.Stderr = os.Stdout
+ 		if err := goimport.Run(); err != nil {
+ 			fmt.Println(err)
diff --git a/debian/podman-docker.install b/debian/podman-docker.install
new file mode 100644
index 0000000..b8b05fe
--- /dev/null
+++ b/debian/podman-docker.install
@@ -0,0 +1,3 @@
+usr/bin/docker
+usr/lib/tmpfiles.d/podman-docker.conf
+usr/share/user-tmpfiles.d/podman-docker.conf
diff --git a/debian/podman-docker.manpages b/debian/podman-docker.manpages
new file mode 100644
index 0000000..a7613cb
--- /dev/null
+++ b/debian/podman-docker.manpages
@@ -0,0 +1 @@
+usr/share/man/*/docker*.*
diff --git a/debian/podman-remote.bash-completion b/debian/podman-remote.bash-completion
new file mode 120000
index 0000000..fac8ea9
--- /dev/null
+++ b/debian/podman-remote.bash-completion
@@ -0,0 +1 @@
+../completions/bash/podman-remote
\ No newline at end of file
diff --git a/debian/podman-remote.docs b/debian/podman-remote.docs
new file mode 100644
index 0000000..ea2ddd2
--- /dev/null
+++ b/debian/podman-remote.docs
@@ -0,0 +1 @@
+docs/tutorials/remote_client.md
diff --git a/debian/podman-remote.install b/debian/podman-remote.install
new file mode 100644
index 0000000..f2947d5
--- /dev/null
+++ b/debian/podman-remote.install
@@ -0,0 +1,2 @@
+usr/bin/podman-remote               /usr/bin
+completions/zsh/_podman-remote      /usr/share/zsh/vendor-completions
diff --git a/debian/podman-remote.manpages b/debian/podman-remote.manpages
new file mode 100644
index 0000000..a36be7b
--- /dev/null
+++ b/debian/podman-remote.manpages
@@ -0,0 +1 @@
+usr/share/man/*/podman-remote.*
diff --git a/debian/podman.bash-completion b/debian/podman.bash-completion
new file mode 120000
index 0000000..a821063
--- /dev/null
+++ b/debian/podman.bash-completion
@@ -0,0 +1 @@
+../completions/bash/podman
\ No newline at end of file
diff --git a/debian/podman.dirs b/debian/podman.dirs
new file mode 100644
index 0000000..67d641b
--- /dev/null
+++ b/debian/podman.dirs
@@ -0,0 +1,2 @@
+etc/containers/systemd
+etc/containers/systemd/users
diff --git a/debian/podman.docs b/debian/podman.docs
new file mode 100644
index 0000000..97f3b7c
--- /dev/null
+++ b/debian/podman.docs
@@ -0,0 +1,9 @@
+CONTRIBUTING.md
+SECURITY.md
+README*
+RELEASE_NOTES*
+commands*.md
+rootless.md
+transfer.md
+troubleshooting.md
+docs/tutorials/*_tutorial*.md
diff --git a/debian/podman.examples b/debian/podman.examples
new file mode 100644
index 0000000..09636eb
--- /dev/null
+++ b/debian/podman.examples
@@ -0,0 +1,2 @@
+debian/examples/*
+test/policy.json
diff --git a/debian/podman.install b/debian/podman.install
new file mode 100644
index 0000000..71df451
--- /dev/null
+++ b/debian/podman.install
@@ -0,0 +1,11 @@
+cni/87-podman-bridge.conflist      /etc/cni/net.d/
+completions/zsh/_podman            /usr/share/zsh/vendor-completions
+debian/etc/containers/libpod.conf  /etc/containers/
+usr/bin/podman                     /usr/bin
+usr/bin/quadlet                    /usr/libexec/podman/
+usr/bin/rootlessport               /usr/libexec/podman/
+
+# These were "moved from canonical to aliased", i.e. from /usr/lib to /lib,
+# during buster->bullseye (as reported by dumat). Moving them files back to
+# /usr may cause more problems, though.
+usr/lib/systemd                    /lib/
diff --git a/debian/podman.links b/debian/podman.links
new file mode 100644
index 0000000..3ecedf1
--- /dev/null
+++ b/debian/podman.links
@@ -0,0 +1,3 @@
+usr/libexec/podman/quadlet lib/systemd/system-generators/podman-system-generator
+usr/libexec/podman/quadlet lib/systemd/user-generators/podman-user-generator
+usr/bin/podman usr/bin/podmansh
diff --git a/debian/podman.manpages b/debian/podman.manpages
new file mode 100644
index 0000000..1b657e2
--- /dev/null
+++ b/debian/podman.manpages
@@ -0,0 +1,2 @@
+usr/share/man/*/podman*.*
+usr/share/man/*/quadlet*
diff --git a/debian/podman.postinst b/debian/podman.postinst
new file mode 100644
index 0000000..6ca8247
--- /dev/null
+++ b/debian/podman.postinst
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+    configure)
+        # Podman 3.0 dropped the varlink interface, so we need to cleanup
+        # the related systemd service, cf. #981708
+        if dpkg --compare-versions "$2" le-nl '3.0.0~rc2+dfsg1-3'; then
+            deb-systemd-helper purge  io.podman.service io.podman.socket >/dev/null || true
+            deb-systemd-helper unmask io.podman.service io.podman.socket >/dev/null || true
+        fi
+    ;;
+
+    *)
+    ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/podman.tmpfiles b/debian/podman.tmpfiles
new file mode 120000
index 0000000..6700e8c
--- /dev/null
+++ b/debian/podman.tmpfiles
@@ -0,0 +1 @@
+../contrib/tmpfile/podman.conf
\ No newline at end of file
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..db5debb
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,124 @@
+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+include /usr/share/dpkg/pkg-info.mk
+
+# cf. https://wiki.debian.org/ToolChain/LTO and https://github.com/golang/go/issues/45275
+export DEB_BUILD_MAINT_OPTIONS=optimize=-lto
+
+export GO111MODULE=off
+
+export DH_GOLANG_GO_GENERATE := 1
+
+export DH_GOLANG_INSTALL_EXTRA := cni utils/testdata test/e2e/testdata pkg/trust/testdata
+
+export DH_GOLANG_EXCLUDES := \
+	contrib/perftest \
+	dependencies \
+	hack/podman-registry-go \
+	cmd/podman/machine \
+	pkg/bindings/test \
+	podman/pkg/machine/e2e \
+	test/e2e \
+	test/endpoint \
+	test/framework \
+	test/goecho \
+	test/testvol \
+	test/utils \
+	test/version
+
+# machine/qemu only works on amd64, arm64
+ifneq (,$(filter amd64 arm64,$(DEB_HOST_ARCH)))
+export DH_GOLANG_EXCLUDES += pkg/machine/qemu
+endif
+
+
+export DH_GOLANG_TEST_EXCLUDES := $(DH_GOLANG_EXCLUDES) \
+	hack \
+	lock/file \
+	network/cni \
+	pkg/bindings \
+	pkg/machine \
+	podman/cmd/podman/common
+
+
+export HOME=$(CURDIR)/debian/tmp
+
+## https://podman.io/getting-started/installation#build-tags
+BUILDTAGS := apparmor,seccomp,selinux,systemd,libsubid
+BUILDTAGS_REMOTE := remote,exclude_graphdriver_btrfs,btrfs_noversion,exclude_graphdriver_devicemapper,containers_image_openpgp
+
+# containers_image_openpgp
+
+%:
+	dh $@ --buildsystem=golang --with=golang,bash-completion --builddirectory=_output
+
+execute_after_dh_auto_clean:
+	# this is in addition to the golang cleanups, and cleans up docs among
+	# other things. Use bash, as there is a $(<.gitignore) bashism in there.
+	$(MAKE) clean SHELL=/bin/bash
+
+execute_after_dh_auto_configure:
+	# install extra source
+	install -Dv -t _output/src/github.com/containers/podman/vendor/k8s.io/kubernetes/third_party/forked/golang/expansion debian/expand.go
+
+override_dh_auto_build:
+	$(MAKE) docs docker-docs GOMD2MAN=/usr/bin/go-md2man
+
+#	LDFLAGS_PODMAN="-X main.gitCommit=$(GIT_COMMIT)"
+#   upstream Makefile calls `go build ... -o bin/podman-remote ./cmd/podman`
+#   dont know how I get dh_auto_build to do that.
+	DH_GOLANG_BUILDPKG="github.com/containers/podman/cmd/podman" \
+	dh_auto_build -v  --builddirectory=_output -- -tags "$(BUILDTAGS_REMOTE)" \
+          -ldflags "-X main.buildInfo=$(DEB_VERSION)"
+	mv _output/bin/podman _output/bin/podman-remote
+	DH_GOLANG_BUILDPKG="github.com/containers/podman/cmd/..." \
+	dh_auto_build -v  --builddirectory=_output -- -tags "$(BUILDTAGS)" \
+          -ldflags "-X main.buildInfo=$(DEB_VERSION)"
+
+override_dh_auto_test:
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+	# make test binaries available where the tests expect them
+	ln -sv  ../../../../bin  _output/src/github.com/containers/podman/bin
+	mkdir -p -m700 $(CURDIR)/debian/tmp-home/.cache
+	mkdir -p -m700 $(CURDIR)/debian/tmp-home/.config
+	mkdir -p -m700 $(CURDIR)/debian/tmp-home/.local/share
+	mkdir -p -m700 $(CURDIR)/debian/tmp-home/run
+	env \
+	  HOME=$(CURDIR)/debian/tmp-home/.cache \
+	  XDG_CACHE_HOME=$(CURDIR)/debian/tmp-home/.cache \
+	  XDG_CONFIG_HOME=$(CURDIR)/debian/tmp-home/.config \
+	  XDG_DATA_HOME=$(CURDIR)/debian/tmp-home/.local/share \
+	  XDG_RUNTIME_DIR=$(CURDIR)/debian/tmp-home/run \
+	  PATH="$(CURDIR)/_output/bin:$$PATH" \
+	  DH_GOLANG_EXCLUDES="$${DH_GOLANG_TEST_EXCLUDES}" \
+	dh_auto_test -v --max-parallel=2 -- -tags "$(BUILDTAGS)"
+	rm -rf $(CURDIR)/debian/tmp-home
+endif
+
+override_dh_auto_install:
+	dh_auto_install \
+		--destdir=debian/tmp \
+		--buildsystem=golang \
+		--builddirectory=_output \
+		-- \
+		--no-source
+	# generate and install systemd unit files, manpages, etc.
+	make DESTDIR=debian/tmp PREFIX=/usr \
+		install.systemd install.docker-full install.man
+
+execute_after_dh_installman:
+	# installed in the podman-remote package instead
+	rm -f --verbose $(CURDIR)/debian/podman/usr/share/man/man1/podman-remote.1*
+	# avoid file conflicts with the podman-compose/docker-compose packages, cf. #1054460
+	rm -f --verbose $(CURDIR)/debian/podman/usr/share/man/man1/podman-compose.1*
+	rm -f --verbose $(CURDIR)/debian/podman-docker/usr/share/man/man1/docker-compose.1*
+	# don't ship "dockersh": podmansh is a podman-specific function
+	rm -f --verbose $(CURDIR)/debian/podman-docker/usr/share/man/man1/dockersh.1*
+
+override_dh_installsystemd:
+	dh_installsystemd
+	dh_installsystemd --name=podman-auto-update
+	dh_installsystemd --name=podman-restart
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
new file mode 100644
index 0000000..5715def
--- /dev/null
+++ b/debian/source/lintian-overrides
@@ -0,0 +1 @@
+libpod source: absolute-symbolic-link-target-in-source /tmp/private_file [test/e2e/build/containerignore-symlink/.dockerignore]
diff --git a/debian/tests/builtin-tests b/debian/tests/builtin-tests
new file mode 100644
index 0000000..0f191a1
--- /dev/null
+++ b/debian/tests/builtin-tests
@@ -0,0 +1,18 @@
+#!/bin/sh -ex
+
+export DH_GOLANG_EXCLUDES="
+	contrib/perftest
+	dependencies
+	hack/podman-registry-go
+	pkg/bindings/test
+	podman/pkg/machine/e2e
+	test/e2e
+	test/endpoint
+	test/utils
+"
+
+dh_auto_configure -O--buildsystem=golang -O--builddirectory=_build
+dh_auto_build -O--buildsystem=golang -O--builddirectory=_build
+
+dh_auto_test -O--buildsystem=golang -O--builddirectory=_build --no-parallel -- -timeout 30m
+
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..0a28482
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,16 @@
+Test-Command: podman info
+Restrictions: needs-root, allow-stderr
+
+Tests: builtin-tests
+Depends:
+ @builddeps@,
+ @,
+ buildah,
+ catatonit,
+ containers-storage,
+ dbus-user-session,
+ fuse-overlayfs,
+ iptables,
+ slirp4netns,
+ uidmap,
+Restrictions: allow-stderr, needs-root, flaky
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..213bab8
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,5 @@
+Repository: https://github.com/containers/libpod.git
+Repository-Browse: https://github.com/containers/libpod
+Changelog: https://github.com/containers/podman/blob/main/RELEASE_NOTES.md
+Bug-Database: https://github.com/containers/libpod/issues
+Bug-Submit: https://github.com/containers/libpod/issues/new
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..f7f5d24
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,12 @@
+# uscan(1) configuration file.
+version=4
+
+opts="\
+pgpmode=none,\
+repacksuffix=+ds1,\
+repack,compression=xz,\
+dirversionmangle=s/-rc/~rc/,\
+uversionmangle=s/-rc/~rc/,\
+dversionmangle=s{[+~]ds\d*}{},\
+" https://github.com/containers/podman/tags \
+  .*/v?@ANY_VERSION@@ARCHIVE_EXT@