diff --git a/pkg/docker-engine/Dockerfile b/pkg/docker-engine/Dockerfile
index ddd34e76..90e107d4 100644
--- a/pkg/docker-engine/Dockerfile
+++ b/pkg/docker-engine/Dockerfile
@@ -185,13 +185,13 @@ RUN --mount=type=bind,from=gocross,source=/usr/local/go,target=/usr/local/go,rw
 
 FROM build-base-static AS builder-static
 ARG DEBIAN_FRONTEND
-RUN apt-get install -y --no-install-recommends cmake gcc libc6-dev lld make pkg-config
+RUN apt-get install -y --no-install-recommends clang cmake gcc libc6-dev lld llvm make pkg-config
 ARG PKG_NAME
 ARG DOCKER_ENGINE_REF
 ARG NIGHTLY_BUILD
 WORKDIR /build
 ARG TARGETPLATFORM
-RUN xx-apt-get install -y gcc libc6-dev libapparmor-dev libltdl-dev libseccomp-dev libsecret-1-dev libsystemd-dev libudev-dev pkg-config
+RUN xx-apt-get install -y gcc libc6-dev libapparmor-dev libltdl-dev libsecret-1-dev libsystemd-dev libudev-dev pkg-config
 RUN --mount=type=bind,source=scripts/pkg-static-build.sh,target=/usr/local/bin/pkg-static-build \
     --mount=type=bind,from=common-scripts,source=gen-ver.sh,target=/usr/local/bin/gen-ver \
     --mount=type=bind,from=common-scripts,source=fix-cc.sh,target=/usr/local/bin/fix-cc \
diff --git a/pkg/docker-engine/deb/control b/pkg/docker-engine/deb/control
index bca3ff62..fa1ae06b 100644
--- a/pkg/docker-engine/deb/control
+++ b/pkg/docker-engine/deb/control
@@ -13,8 +13,6 @@ Build-Depends: ca-certificates,
                gcc,
                libc-dev,
                libltdl-dev,
-               libseccomp-dev,
-               libseccomp2,
                libsystemd-dev,
                libtool,
                make,
@@ -25,7 +23,6 @@ Architecture: linux-any
 Depends: containerd.io (>= 1.6.4),
          docker-ce-cli,
          iptables,
-         libseccomp2 (>= 2.3.0),
          ${shlibs:Depends}
 Recommends: apparmor,
             ca-certificates,
@@ -35,11 +32,12 @@ Recommends: apparmor,
             pigz,
             procps,
             xz-utils
-Suggests: aufs-tools [amd64], cgroupfs-mount | cgroup-lite
+Suggests: cgroupfs-mount | cgroup-lite
 Conflicts: docker (<< 1.5~),
            docker-engine,
            docker.io
-Replaces: docker-engine
+Replaces: docker-engine,
+          docker-ce-cli (<< 5:28.0.0)
 Description: Docker: the open-source application container engine
  Docker is a product for you to build, ship and run any application as a
  lightweight container
diff --git a/pkg/docker-engine/deb/docker-ce.dirs b/pkg/docker-engine/deb/docker-ce.dirs
new file mode 100644
index 00000000..ed33a418
--- /dev/null
+++ b/pkg/docker-engine/deb/docker-ce.dirs
@@ -0,0 +1 @@
+/etc/docker
\ No newline at end of file
diff --git a/pkg/docker-engine/deb/docker-ce.manpages b/pkg/docker-engine/deb/docker-ce.manpages
new file mode 100644
index 00000000..38e6d618
--- /dev/null
+++ b/pkg/docker-engine/deb/docker-ce.manpages
@@ -0,0 +1 @@
+engine/man/man*/*
\ No newline at end of file
diff --git a/pkg/docker-engine/deb/rules b/pkg/docker-engine/deb/rules
index a3770065..7a5cf59a 100755
--- a/pkg/docker-engine/deb/rules
+++ b/pkg/docker-engine/deb/rules
@@ -11,6 +11,8 @@ override_dh_auto_build:
 	cd /go/src/github.com/docker/docker && VERSION=$(VERSION) DOCKER_GITCOMMIT=$(REVISION) PRODUCT=docker ./hack/make.sh dynbinary
 	cd /go/src/github.com/docker/docker && TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini
 	cd /go/src/github.com/docker/docker && TMP_GOPATH="/go" hack/dockerfile/install/install.sh rootlesskit dynamic
+	# build man-pages
+	make -C engine/man
 
 override_dh_auto_test:
 	ver="$$(engine/bundles/dynbinary-daemon/dockerd --version)"; \
@@ -34,7 +36,6 @@ override_dh_auto_install:
 
 	# docker-ce-rootless-extras install
 	install -D -m 0755 /usr/local/bin/rootlesskit debian/docker-ce-rootless-extras/usr/bin/rootlesskit
-	install -D -m 0755 /usr/local/bin/rootlesskit-docker-proxy debian/docker-ce-rootless-extras/usr/bin/rootlesskit-docker-proxy
 	install -D -m 0755 engine/contrib/dockerd-rootless.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless.sh
 	install -D -m 0755 engine/contrib/dockerd-rootless-setuptool.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless-setuptool.sh
 	# TODO: how can we install vpnkit?
diff --git a/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec b/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec
index 8ef78d16..34ce92db 100644
--- a/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec
+++ b/pkg/docker-engine/rpm/docker-ce-rootless-extras.spec
@@ -46,13 +46,11 @@ TMP_GOPATH="/go" GITCOMMIT=%{_commit} ${RPM_BUILD_DIR}/src/engine/hack/dockerfil
 install -D -p -m 0755 engine/contrib/dockerd-rootless.sh ${RPM_BUILD_ROOT}%{_bindir}/dockerd-rootless.sh
 install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh ${RPM_BUILD_ROOT}%{_bindir}/dockerd-rootless-setuptool.sh
 install -D -p -m 0755 /usr/local/bin/rootlesskit ${RPM_BUILD_ROOT}%{_bindir}/rootlesskit
-install -D -p -m 0755 /usr/local/bin/rootlesskit-docker-proxy ${RPM_BUILD_ROOT}%{_bindir}/rootlesskit-docker-proxy
 
 %files
 %{_bindir}/dockerd-rootless.sh
 %{_bindir}/dockerd-rootless-setuptool.sh
 %{_bindir}/rootlesskit
-%{_bindir}/rootlesskit-docker-proxy
 
 %post
 
diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec
index 6c351bdc..d0dff700 100644
--- a/pkg/docker-engine/rpm/docker-ce.spec
+++ b/pkg/docker-engine/rpm/docker-ce.spec
@@ -17,8 +17,7 @@ Packager: Docker <support@docker.com>
 Requires: /usr/sbin/groupadd
 Requires: docker-ce-cli
 Recommends: docker-ce-rootless-extras
-Requires: container-selinux >= 2:2.74
-Requires: libseccomp >= 2.3
+Requires: container-selinux
 Requires: systemd
 Requires: iptables
 %if %{undefined rhel} || 0%{?rhel} < 9
@@ -35,14 +34,11 @@ BuildRequires: cmake
 BuildRequires: gcc
 BuildRequires: glibc-static
 BuildRequires: libarchive
-BuildRequires: libseccomp-devel
-BuildRequires: libselinux-devel
 BuildRequires: libtool
 BuildRequires: libtool-ltdl-devel
 BuildRequires: make
 BuildRequires: pkgconfig
 BuildRequires: pkgconfig(systemd)
-BuildRequires: selinux-policy-devel
 BuildRequires: systemd-devel
 BuildRequires: tar
 BuildRequires: which
@@ -78,6 +74,9 @@ TMP_GOPATH="/go" hack/dockerfile/install/install.sh tini
 VERSION=%{_origversion} DOCKER_GITCOMMIT=%{_commit} PRODUCT=docker hack/make.sh dynbinary
 popd
 
+# build man-pages
+make -C ${RPM_BUILD_DIR}/src/engine/man
+
 %check
 ver="$(engine/bundles/dynbinary-daemon/dockerd --version)"; \
     test "$ver" = "Docker version %{_origversion}, build %{_commit}" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($ver) did not match" && exit 1)
@@ -92,12 +91,20 @@ install -D -p -m 0755 /usr/local/bin/docker-init ${RPM_BUILD_ROOT}%{_libexecdir}
 install -D -m 0644 engine/contrib/init/systemd/docker.service ${RPM_BUILD_ROOT}%{_unitdir}/docker.service
 install -D -m 0644 engine/contrib/init/systemd/docker.socket ${RPM_BUILD_ROOT}%{_unitdir}/docker.socket
 
+# install manpages
+make -C ${RPM_BUILD_DIR}/src/engine/man DESTDIR=${RPM_BUILD_ROOT} mandir=%{_mandir} install
+
+# create the config directory
+mkdir -p ${RPM_BUILD_ROOT}/etc/docker
+
 %files
 %{_bindir}/dockerd
 %{_bindir}/docker-proxy
 %{_libexecdir}/docker/docker-init
 %{_unitdir}/docker.service
 %{_unitdir}/docker.socket
+%{_mandir}/man*/*
+%dir /etc/docker
 
 %post
 %systemd_post docker.service
diff --git a/pkg/docker-engine/scripts/pkg-deb-build.sh b/pkg/docker-engine/scripts/pkg-deb-build.sh
index 8efee749..b3aa3f1c 100755
--- a/pkg/docker-engine/scripts/pkg-deb-build.sh
+++ b/pkg/docker-engine/scripts/pkg-deb-build.sh
@@ -66,6 +66,6 @@ mkdir -p "${pkgoutput}"
 
 set -x
 
-chmod -x debian/control debian/docs
+chmod -x debian/control debian/docs debian/docker-ce.dirs debian/docker-ce.maintscript debian/docker-ce.manpages
 VERSION=${GENVER_VERSION} REVISION=${GENVER_COMMIT_SHORT} dpkg-buildpackage $PKG_DEB_BUILDFLAGS --host-arch $(xx-info debian-arch) --target-arch $(xx-info debian-arch)
 cp /root/docker-* "${pkgoutput}"/
diff --git a/pkg/docker-engine/scripts/pkg-static-build.sh b/pkg/docker-engine/scripts/pkg-static-build.sh
index 1e56c832..eaddebbb 100755
--- a/pkg/docker-engine/scripts/pkg-static-build.sh
+++ b/pkg/docker-engine/scripts/pkg-static-build.sh
@@ -43,17 +43,28 @@ done
 xx-go --wrap
 fix-cc
 
+# prefer ld for cross-compiling arm64
+# https://github.com/moby/moby/commit/f676dab8dc58c9eaa83b260c631a92d95a7a0b10
+if [  "$(xx-info arch)" = "arm64" ]; then
+  XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple
+fi
+
 binext=$([ "$(xx-info os)" = "windows" ] && echo ".exe" || true)
 mkdir -p ${BUILDDIR}/${PKG_NAME}
 
 (
   set -x
   pushd ${SRCDIR}
-  CGO_ENABLED=1 VERSION=${GENVER_VERSION} DOCKER_GITCOMMIT=${GENVER_COMMIT} ./hack/make.sh binary
-  mv "./bundles/binary-daemon/dockerd${binext}" "./bundles/binary-daemon/docker-proxy${binext}" "${BUILDDIR}/${PKG_NAME}/"
+    CGO_ENABLED=1 VERSION=${GENVER_VERSION} DOCKER_GITCOMMIT=${GENVER_COMMIT} ./hack/make.sh binary
+    mv "./bundles/binary-daemon/dockerd${binext}" "${BUILDDIR}/${PKG_NAME}/"
+    if [ "$(xx-info os)" != "windows" ]; then
+      mv "./bundles/binary-daemon/docker-proxy${binext}" "${BUILDDIR}/${PKG_NAME}/"
+    fi
   popd
   xx-verify --static "${BUILDDIR}/${PKG_NAME}/dockerd${binext}"
-  xx-verify --static "${BUILDDIR}/${PKG_NAME}/docker-proxy${binext}"
+  if [ "$(xx-info os)" != "windows" ]; then
+    xx-verify --static "${BUILDDIR}/${PKG_NAME}/docker-proxy${binext}"
+  fi
 )
 
 # TODO: build tini for windows