From 945278019a66aac6cc24786db91eae1979c81c47 Mon Sep 17 00:00:00 2001
From: Sergey Katsubo <skatsubo@gmail.com>
Date: Thu, 14 Aug 2025 11:59:30 +0300
Subject: [PATCH 1/6] Add Debian Trixie to the docker-* distro list

---
 src/docker-in-docker/devcontainer-feature.json         | 2 +-
 src/docker-in-docker/install.sh                        | 4 ++--
 src/docker-outside-of-docker/devcontainer-feature.json | 2 +-
 src/docker-outside-of-docker/install.sh                | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/docker-in-docker/devcontainer-feature.json b/src/docker-in-docker/devcontainer-feature.json
index e44f2d666..7194ba0e0 100644
--- a/src/docker-in-docker/devcontainer-feature.json
+++ b/src/docker-in-docker/devcontainer-feature.json
@@ -1,6 +1,6 @@
 {
     "id": "docker-in-docker",
-    "version": "2.12.2",
+    "version": "2.12.3",
     "name": "Docker (Docker-in-Docker)",
     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/docker-in-docker",
     "description": "Create child containers *inside* a container, independent from the host's docker instance. Installs Docker extension in the container along with needed CLIs.",
diff --git a/src/docker-in-docker/install.sh b/src/docker-in-docker/install.sh
index b43a12918..7341c3901 100755
--- a/src/docker-in-docker/install.sh
+++ b/src/docker-in-docker/install.sh
@@ -18,8 +18,8 @@ USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}"
 INSTALL_DOCKER_BUILDX="${INSTALLDOCKERBUILDX:-"true"}"
 INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"true"}"
 MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft.asc"
-DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal jammy noble"
-DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal hirsute impish jammy noble"
+DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="trixie bookworm buster bullseye bionic focal jammy noble"
+DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES="trixie bookworm buster bullseye bionic focal hirsute impish jammy noble"
 DISABLE_IP6_TABLES="${DISABLEIP6TABLES:-false}"
 
 # Default: Exit on any failure.
diff --git a/src/docker-outside-of-docker/devcontainer-feature.json b/src/docker-outside-of-docker/devcontainer-feature.json
index 218df825f..bee1c8a57 100644
--- a/src/docker-outside-of-docker/devcontainer-feature.json
+++ b/src/docker-outside-of-docker/devcontainer-feature.json
@@ -1,6 +1,6 @@
 {
     "id": "docker-outside-of-docker",
-    "version": "1.6.3",
+    "version": "1.6.4",
     "name": "Docker (docker-outside-of-docker)",
     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/docker-outside-of-docker",
     "description": "Re-use the host docker socket, adding the Docker CLI to a container. Feature invokes a script to enable using a forwarded Docker socket within a container to run Docker commands.",
diff --git a/src/docker-outside-of-docker/install.sh b/src/docker-outside-of-docker/install.sh
index 04e35db0f..0ea8431b1 100755
--- a/src/docker-outside-of-docker/install.sh
+++ b/src/docker-outside-of-docker/install.sh
@@ -20,8 +20,8 @@ INSTALL_DOCKER_BUILDX="${INSTALLDOCKERBUILDX:-"true"}"
 INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"true"}"
 
 MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft.asc"
-DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal jammy noble plucky"
-DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal hirsute impish jammy noble plucky"
+DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="trixie bookworm buster bullseye bionic focal jammy noble plucky"
+DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES="trixie bookworm buster bullseye bionic focal hirsute impish jammy noble plucky"
 
 set -e
 

From 0c6168373208bda62d4f5fbd9987a239caf2908d Mon Sep 17 00:00:00 2001
From: Sergey Katsubo <skatsubo@gmail.com>
Date: Thu, 14 Aug 2025 12:13:39 +0300
Subject: [PATCH 2/6] Grammar

---
 src/docker-in-docker/install.sh         | 4 ++--
 src/docker-outside-of-docker/install.sh | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/docker-in-docker/install.sh b/src/docker-in-docker/install.sh
index 7341c3901..5f4715340 100755
--- a/src/docker-in-docker/install.sh
+++ b/src/docker-in-docker/install.sh
@@ -198,14 +198,14 @@ architecture="$(dpkg --print-architecture)"
 if [ "${USE_MOBY}" = "true" ]; then
     if [[ "${DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES}" != *"${VERSION_CODENAME}"* ]]; then
         err "Unsupported  distribution version '${VERSION_CODENAME}'. To resolve, either: (1) set feature option '\"moby\": false' , or (2) choose a compatible OS distribution"
-        err "Support distributions include:  ${DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES}"
+        err "Supported distributions include:  ${DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES}"
         exit 1
     fi
     echo "Distro codename  '${VERSION_CODENAME}'  matched filter  '${DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES}'"
 else
     if [[ "${DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES}" != *"${VERSION_CODENAME}"* ]]; then
         err "Unsupported distribution version '${VERSION_CODENAME}'. To resolve, please choose a compatible OS distribution"
-        err "Support distributions include:  ${DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES}"
+        err "Supported distributions include:  ${DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES}"
         exit 1
     fi
     echo "Distro codename  '${VERSION_CODENAME}'  matched filter  '${DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES}'"
diff --git a/src/docker-outside-of-docker/install.sh b/src/docker-outside-of-docker/install.sh
index 0ea8431b1..ac5a517bb 100755
--- a/src/docker-outside-of-docker/install.sh
+++ b/src/docker-outside-of-docker/install.sh
@@ -205,14 +205,14 @@ architecture="$(dpkg --print-architecture)"
 if [ "${USE_MOBY}" = "true" ]; then
     if [[ "${DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES}" != *"${VERSION_CODENAME}"* ]]; then
         err "Unsupported  distribution version '${VERSION_CODENAME}'. To resolve, either: (1) set feature option '\"moby\": false' , or (2) choose a compatible OS distribution"
-        err "Support distributions include:  ${DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES}"
+        err "Supported distributions include:  ${DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES}"
         exit 1
     fi
     echo "Distro codename  '${VERSION_CODENAME}'  matched filter  '${DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES}'"
 else
     if [[ "${DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES}" != *"${VERSION_CODENAME}"* ]]; then
         err "Unsupported distribution version '${VERSION_CODENAME}'. To resolve, please choose a compatible OS distribution"
-        err "Support distributions include:  ${DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES}"
+        err "Supported distributions include:  ${DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES}"
         exit 1
     fi
     echo "Distro codename  '${VERSION_CODENAME}'  matched filter  '${DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES}'"

From f1a842c298621227fac81a1903f6723b78835ac0 Mon Sep 17 00:00:00 2001
From: Sergey Katsubo <skatsubo@gmail.com>
Date: Wed, 20 Aug 2025 22:19:48 +0300
Subject: [PATCH 3/6] Fix Microsoft signing keys for Debian Trixie in docker-*

---
 src/docker-in-docker/install.sh         | 6 +++++-
 src/docker-outside-of-docker/install.sh | 7 +++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/docker-in-docker/install.sh b/src/docker-in-docker/install.sh
index 5f4715340..41714aa98 100755
--- a/src/docker-in-docker/install.sh
+++ b/src/docker-in-docker/install.sh
@@ -18,6 +18,7 @@ USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}"
 INSTALL_DOCKER_BUILDX="${INSTALLDOCKERBUILDX:-"true"}"
 INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"true"}"
 MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft.asc"
+MICROSOFT_GPG_KEYS_ROLLING_URI="https://packages.microsoft.com/keys/microsoft-rolling.asc"
 DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="trixie bookworm buster bullseye bionic focal jammy noble"
 DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES="trixie bookworm buster bullseye bionic focal hirsute impish jammy noble"
 DISABLE_IP6_TABLES="${DISABLEIP6TABLES:-false}"
@@ -233,7 +234,10 @@ if [ "${USE_MOBY}" = "true" ]; then
     cli_package_name="moby-cli"
 
     # Import key safely and import Microsoft apt repo
-    curl -sSL ${MICROSOFT_GPG_KEYS_URI} | gpg --dearmor > /usr/share/keyrings/microsoft-archive-keyring.gpg
+    {
+        curl -sSL ${MICROSOFT_GPG_KEYS_URI}
+        curl -sSL ${MICROSOFT_GPG_KEYS_ROLLING_URI}
+    } | gpg --dearmor > /usr/share/keyrings/microsoft-archive-keyring.gpg
     echo "deb [arch=${architecture} signed-by=/usr/share/keyrings/microsoft-archive-keyring.gpg] https://packages.microsoft.com/repos/microsoft-${ID}-${VERSION_CODENAME}-prod ${VERSION_CODENAME} main" > /etc/apt/sources.list.d/microsoft.list
 else
     # Name of licensed engine/cli
diff --git a/src/docker-outside-of-docker/install.sh b/src/docker-outside-of-docker/install.sh
index ac5a517bb..1a39f9840 100755
--- a/src/docker-outside-of-docker/install.sh
+++ b/src/docker-outside-of-docker/install.sh
@@ -18,8 +18,8 @@ TARGET_SOCKET="${TARGET_SOCKET:-"/var/run/docker.sock"}"
 USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}"
 INSTALL_DOCKER_BUILDX="${INSTALLDOCKERBUILDX:-"true"}"
 INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"true"}"
-
 MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft.asc"
+MICROSOFT_GPG_KEYS_ROLLING_URI="https://packages.microsoft.com/keys/microsoft-rolling.asc"
 DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="trixie bookworm buster bullseye bionic focal jammy noble plucky"
 DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES="trixie bookworm buster bullseye bionic focal hirsute impish jammy noble plucky"
 
@@ -224,7 +224,10 @@ if [ "${USE_MOBY}" = "true" ]; then
     cli_package_name="moby-cli"
 
     # Import key safely and import Microsoft apt repo
-    curl -sSL ${MICROSOFT_GPG_KEYS_URI} | gpg --dearmor > /usr/share/keyrings/microsoft-archive-keyring.gpg
+    {
+        curl -sSL ${MICROSOFT_GPG_KEYS_URI}
+        curl -sSL ${MICROSOFT_GPG_KEYS_ROLLING_URI}
+    } | gpg --dearmor > /usr/share/keyrings/microsoft-archive-keyring.gpg
     echo "deb [arch=${architecture} signed-by=/usr/share/keyrings/microsoft-archive-keyring.gpg] https://packages.microsoft.com/repos/microsoft-${ID}-${VERSION_CODENAME}-prod ${VERSION_CODENAME} main" > /etc/apt/sources.list.d/microsoft.list
 else
     # Name of proprietary engine package

From b7b830957c1ad831dadc5c3955daa542f404f440 Mon Sep 17 00:00:00 2001
From: Sergey Katsubo <skatsubo@gmail.com>
Date: Thu, 21 Aug 2025 15:40:32 +0300
Subject: [PATCH 4/6] Test docker installation on debian trixie

---
 .../install_moby_on_debian_trixie.sh             |  1 +
 .../docker-in-docker/install_on_debian_trixie.sh | 12 ++++++++++++
 test/docker-in-docker/scenarios.json             | 16 ++++++++++++++++
 .../install_moby_on_debian_trixie.sh             |  1 +
 .../install_on_debian_trixie.sh                  | 12 ++++++++++++
 test/docker-outside-of-docker/scenarios.json     | 16 ++++++++++++++++
 6 files changed, 58 insertions(+)
 create mode 120000 test/docker-in-docker/install_moby_on_debian_trixie.sh
 create mode 100644 test/docker-in-docker/install_on_debian_trixie.sh
 create mode 120000 test/docker-outside-of-docker/install_moby_on_debian_trixie.sh
 create mode 100644 test/docker-outside-of-docker/install_on_debian_trixie.sh

diff --git a/test/docker-in-docker/install_moby_on_debian_trixie.sh b/test/docker-in-docker/install_moby_on_debian_trixie.sh
new file mode 120000
index 000000000..6c5c2a157
--- /dev/null
+++ b/test/docker-in-docker/install_moby_on_debian_trixie.sh
@@ -0,0 +1 @@
+install_on_debian_trixie.sh
\ No newline at end of file
diff --git a/test/docker-in-docker/install_on_debian_trixie.sh b/test/docker-in-docker/install_on_debian_trixie.sh
new file mode 100644
index 000000000..c6c679684
--- /dev/null
+++ b/test/docker-in-docker/install_on_debian_trixie.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+# Import test library
+source dev-container-features-test-lib
+
+# Definition specific tests
+check "docker installed" bash -c "type docker"
+
+# Report results
+reportResults
diff --git a/test/docker-in-docker/scenarios.json b/test/docker-in-docker/scenarios.json
index 1587bda56..0ed2b08fb 100644
--- a/test/docker-in-docker/scenarios.json
+++ b/test/docker-in-docker/scenarios.json
@@ -134,6 +134,22 @@
             }
         }
     },
+    "install_on_debian_trixie": {
+        "image": "debian:trixie",
+        "features": {
+            "docker-in-docker": {
+                "moby": false
+            }
+        }
+    },
+    "install_moby_on_debian_trixie": {
+        "image": "debian:trixie",
+        "features": {
+            "docker-in-docker": {
+                "moby": true
+            }
+        }
+    },
     "docker_specific_moby_buildx": {
         "image": "ubuntu:noble",
         "features": {
diff --git a/test/docker-outside-of-docker/install_moby_on_debian_trixie.sh b/test/docker-outside-of-docker/install_moby_on_debian_trixie.sh
new file mode 120000
index 000000000..6c5c2a157
--- /dev/null
+++ b/test/docker-outside-of-docker/install_moby_on_debian_trixie.sh
@@ -0,0 +1 @@
+install_on_debian_trixie.sh
\ No newline at end of file
diff --git a/test/docker-outside-of-docker/install_on_debian_trixie.sh b/test/docker-outside-of-docker/install_on_debian_trixie.sh
new file mode 100644
index 000000000..c6c679684
--- /dev/null
+++ b/test/docker-outside-of-docker/install_on_debian_trixie.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+# Import test library
+source dev-container-features-test-lib
+
+# Definition specific tests
+check "docker installed" bash -c "type docker"
+
+# Report results
+reportResults
diff --git a/test/docker-outside-of-docker/scenarios.json b/test/docker-outside-of-docker/scenarios.json
index 7125b4715..3dd02590d 100644
--- a/test/docker-outside-of-docker/scenarios.json
+++ b/test/docker-outside-of-docker/scenarios.json
@@ -172,5 +172,21 @@
             }
         },
         "containerUser": "vscode"
+    },
+    "install_on_debian_trixie": {
+        "image": "debian:trixie",
+        "features": {
+            "docker-outside-of-docker": {
+                "moby": false
+            }
+        }
+    },
+    "install_moby_on_debian_trixie": {
+        "image": "debian:trixie",
+        "features": {
+            "docker-outside-of-docker": {
+                "moby": true
+            }
+        }
     }
 }

From 7e668fb81f23e682cb229c25283173b8b72c72f2 Mon Sep 17 00:00:00 2001
From: Sergey Katsubo <skatsubo@gmail.com>
Date: Thu, 21 Aug 2025 17:26:15 +0300
Subject: [PATCH 5/6] Handle possibly missing moby package in
 docker-outside-of-docker installation

---
 src/docker-in-docker/install.sh         | 2 +-
 src/docker-outside-of-docker/install.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/docker-in-docker/install.sh b/src/docker-in-docker/install.sh
index 41714aa98..bf60620f6 100755
--- a/src/docker-in-docker/install.sh
+++ b/src/docker-in-docker/install.sh
@@ -309,7 +309,7 @@ else
         set -e    
         
         if [ ${exit_code} -ne 0 ]; then
-            err "Packages for moby not available in OS ${ID} ${VERSION_CODENAME} (${architecture}). To resolve, either: (1) set feature option '\"moby\": false' , or (2) choose a compatible OS version (eg: 'ubuntu-20.04')."
+            err "Packages for moby not available in OS ${ID} ${VERSION_CODENAME} (${architecture}). To resolve, either: (1) set feature option '\"moby\": false' , or (2) choose a compatible OS version (eg: 'ubuntu-24.04')."
             exit 1
         fi
 
diff --git a/src/docker-outside-of-docker/install.sh b/src/docker-outside-of-docker/install.sh
index 1a39f9840..d8da01979 100755
--- a/src/docker-outside-of-docker/install.sh
+++ b/src/docker-outside-of-docker/install.sh
@@ -305,7 +305,7 @@ else
         if [ "${INSTALL_DOCKER_BUILDX}" = "true" ]; then
             buildx=(moby-buildx${buildx_version_suffix})
         fi
-        apt-get -y install --no-install-recommends ${cli_package_name}${cli_version_suffix} "${buildx[@]}"
+        apt-get -y install --no-install-recommends ${cli_package_name}${cli_version_suffix} "${buildx[@]}" || { err "It seems packages for moby not available in OS ${ID} ${VERSION_CODENAME} (${architecture}). To resolve, either: (1) set feature option '\"moby\": false' , or (2) choose a compatible OS version (eg: 'ubuntu-24.04')." ; exit 1 ; }
         apt-get -y install --no-install-recommends moby-compose || echo "(*) Package moby-compose (Docker Compose v2) not available for OS ${ID} ${VERSION_CODENAME} (${architecture}). Skipping."
     else
         buildx=()

From fd40a996b090bc8c6385a67cc3dcddc1d557aa7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lvaro=20Rausell=20Guiard?=
 <33221237+AlvaroRausell@users.noreply.github.com>
Date: Thu, 28 Aug 2025 01:27:49 -0700
Subject: [PATCH 6/6] Remove trixie test with `moby: true`

---
 test/docker-in-docker/scenarios.json         | 8 --------
 test/docker-outside-of-docker/scenarios.json | 8 --------
 2 files changed, 16 deletions(-)

diff --git a/test/docker-in-docker/scenarios.json b/test/docker-in-docker/scenarios.json
index 0ed2b08fb..428909f8c 100644
--- a/test/docker-in-docker/scenarios.json
+++ b/test/docker-in-docker/scenarios.json
@@ -142,14 +142,6 @@
             }
         }
     },
-    "install_moby_on_debian_trixie": {
-        "image": "debian:trixie",
-        "features": {
-            "docker-in-docker": {
-                "moby": true
-            }
-        }
-    },
     "docker_specific_moby_buildx": {
         "image": "ubuntu:noble",
         "features": {
diff --git a/test/docker-outside-of-docker/scenarios.json b/test/docker-outside-of-docker/scenarios.json
index 3dd02590d..2163e7076 100644
--- a/test/docker-outside-of-docker/scenarios.json
+++ b/test/docker-outside-of-docker/scenarios.json
@@ -180,13 +180,5 @@
                 "moby": false
             }
         }
-    },
-    "install_moby_on_debian_trixie": {
-        "image": "debian:trixie",
-        "features": {
-            "docker-outside-of-docker": {
-                "moby": true
-            }
-        }
     }
 }