diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index f340d66b..ff6da424 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -6,4 +6,4 @@ pkg/cagent/*         @docker/ai-agent-team
 pkg/containerd/*     @docker/engine
 pkg/docker-cli/*     @docker/engine
 pkg/docker-engine/*  @docker/engine
-
+pkg/sbx/*            @docker/coding-agent-sandboxes
diff --git a/.github/labeler.yml b/.github/labeler.yml
index 6e7aa80a..cf6783db 100644
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -45,3 +45,6 @@ area/pkg/model:
   - changed-files:
     - any-glob-to-any-file: 'pkg/model/**'
 
+area/pkg/sbx:
+  - changed-files:
+    - any-glob-to-any-file: 'pkg/sbx/**'
diff --git a/docker-bake.hcl b/docker-bake.hcl
index 5db908bc..096de17f 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -52,7 +52,8 @@ variable "PKGS" {
     "docker-cli",
     "docker-engine",
     "model",
-    "cagent"
+    "cagent",
+    "sbx"
   ]
 }
 
@@ -167,6 +168,31 @@ variable "BUILD_CACHE_REGISTRY_PUSH" {
   default = ""
 }
 
+variable "SBX_SRC" {
+  description = "Path to the sbx source repo checkout. The binary is built by its own Dockerfile."
+  default = "./sandboxes-src"
+}
+
+variable "RUNTIME_SRC" {
+  description = "Path to a directory containing pre-built runtime binaries. Use scripts/fetch-runtime-binaries.sh to populate it."
+  default = "./runtime-bin"
+}
+
+variable "EROFS_UTILS_REPO" {
+  description = "Repository URL for erofs-utils source."
+  default = "https://github.com/erofs/erofs-utils.git"
+}
+
+variable "EROFS_UTILS_VERSION" {
+  description = "Git tag of erofs-utils to build mkfs.erofs from."
+  default = "v1.9.1"
+}
+
+variable "VERSION" {
+  description = "Version of the package to build. Used by sbx; other packages derive this from PKG_REF."
+  default = null
+}
+
 #
 # distros configurations
 #
@@ -586,6 +612,34 @@ target "_pkg-cagent" {
   }
 }
 
+# sbx binary is built by its own Dockerfile.
+target "sbx-binaries" {
+  context = SBX_SRC
+  target = "binaries"
+  platforms = pkgPlatforms("sbx")
+  args = {
+    VERSION = VERSION
+  }
+  secret = ["type=env,id=GITHUB_TOKEN,env=GITHUB_TOKEN"]
+  ssh = ["default"]
+}
+
+target "_pkg-sbx" {
+  args = {
+    PKG_NAME = PKG_NAME != null && PKG_NAME != "" ? PKG_NAME : "docker-sbx"
+    PKG_REPO = PKG_REPO != null && PKG_REPO != "" ? PKG_REPO : "https://github.com/docker/sandboxes.git"
+    PKG_REF = PKG_REF != null && PKG_REF != "" ? PKG_REF : "main"
+    PKG_DEB_EPOCH = PKG_DEB_EPOCH != null && PKG_DEB_EPOCH != "" ? PKG_DEB_EPOCH : ""
+    VERSION = VERSION != null && VERSION != "" ? VERSION : PKG_REF
+    EROFS_UTILS_REPO = EROFS_UTILS_REPO
+    EROFS_UTILS_VERSION = EROFS_UTILS_VERSION
+  }
+  contexts = {
+    sbx-src = "target:sbx-binaries"
+    runtime-src = RUNTIME_SRC
+  }
+}
+
 # Returns the list of supported platforms for a given package.
 function "pkgPlatforms" {
   params = [pkg]
@@ -607,6 +661,8 @@ function "pkgPlatforms" {
     model = ["darwin/amd64", "darwin/arm64", "linux/amd64", "linux/arm64", "linux/arm/v7", "windows/amd64", "windows/arm64"]
     # https://github.com/docker/cagent/blob/1a83a28df2b0769e8cb14d54ac409bdbb98e254c/Taskfile.yml#L66
     cagent = ["darwin/amd64", "linux/arm/v7", "darwin/arm64", "linux/amd64", "linux/arm64", "windows/amd64", "windows/arm64"]
+    # https://github.com/docker/sandboxes/blob/main/docker-bake.hcl
+    sbx = ["linux/amd64"]
   }, pkg, [])
 }
 
diff --git a/pkg/sbx/Dockerfile b/pkg/sbx/Dockerfile
new file mode 100644
index 00000000..f0e98fb3
--- /dev/null
+++ b/pkg/sbx/Dockerfile
@@ -0,0 +1,141 @@
+# syntax=docker/dockerfile:1
+
+# Copyright 2026 Docker Packaging authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG XX_VERSION="1.9.0"
+
+ARG DISTRO_NAME="debian12"
+ARG DISTRO_TYPE="deb"
+ARG DISTRO_RELEASE="debian"
+ARG DISTRO_SUITE="bookworm"
+ARG DISTRO_ID="12"
+ARG DISTRO_IMAGE="debian:bookworm"
+
+ARG PKG_NAME="docker-sbx"
+ARG VERSION
+
+ARG EROFS_UTILS_REPO="https://github.com/erofs/erofs-utils.git"
+ARG EROFS_UTILS_VERSION="v1.9.1"
+
+# stage used as named context that mounts hack/scripts
+# see pkg target in docker-bake.hcl
+FROM scratch AS scripts
+
+# cross compilation helper
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
+
+# Pre-built binary from the sbx repo's own Dockerfile (binaries target).
+# Overridden via named context in docker-bake.hcl.
+FROM scratch AS sbx-src
+
+# Pre-built runtime binaries fetched by scripts/fetch-runtime-binaries.sh.
+# Overridden via named context in docker-bake.hcl.
+FROM scratch AS runtime-src
+
+# Clone erofs-utils source for building inside each distro-specific builder.
+FROM --platform=$BUILDPLATFORM debian:bookworm-slim AS erofs-src
+RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates git
+ARG EROFS_UTILS_REPO
+ARG EROFS_UTILS_VERSION
+RUN git clone --depth 1 --branch "${EROFS_UTILS_VERSION}" "${EROFS_UTILS_REPO}" /src/erofs-utils
+
+# deb
+FROM ${DISTRO_IMAGE} AS builder-deb
+COPY --from=xx / /
+ARG DISTRO_NAME
+RUN apt-get update && apt-get install -y --no-install-recommends apt-utils bash ca-certificates devscripts equivs
+COPY deb /root/package/debian
+COPY THIRD-PARTY-NOTICES /root/package/THIRD-PARTY-NOTICES
+ARG TARGETPLATFORM
+RUN mk-build-deps -t "xx-apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/package/debian/control
+WORKDIR /root/package
+ARG NIGHTLY_BUILD
+ARG VERSION
+ARG DISTRO_RELEASE
+ARG DISTRO_ID
+ARG DISTRO_SUITE
+ARG PKG_NAME
+ARG PKG_PACKAGER
+ARG PKG_DEB_BUILDFLAGS
+ARG PKG_DEB_REVISION
+ARG PKG_DEB_EPOCH
+ARG SOURCE_DATE_EPOCH
+RUN --mount=type=bind,source=scripts/pkg-deb-build.sh,target=/usr/local/bin/pkg-deb-build \
+    --mount=type=bind,source=scripts/build-erofs.sh,target=/usr/local/bin/build-erofs \
+    --mount=type=bind,from=scripts,source=gen-deb-changelog.sh,target=/usr/local/bin/gen-deb-changelog \
+    --mount=type=bind,from=scripts,source=fix-cc.sh,target=/usr/local/bin/fix-cc \
+    --mount=type=bind,from=sbx-src,target=/opt/sbx-bin \
+    --mount=type=bind,from=runtime-src,target=/opt/runtime-bin \
+    --mount=type=bind,from=erofs-src,source=/src/erofs-utils,target=/opt/erofs-src \
+    --mount=type=bind,source=apparmor,target=/opt/apparmor \
+    --mount=type=bind,source=licenses,target=/opt/licenses \
+    OUTDIR=/out pkg-deb-build
+
+# rpm
+FROM ${DISTRO_IMAGE} AS builder-rpm
+COPY --from=xx / /
+ARG DISTRO_NAME
+RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
+  rpm-init $DISTRO_NAME
+COPY rpm /root/rpmbuild/SPECS
+ARG TARGETPLATFORM
+RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
+  rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
+WORKDIR /root/rpmbuild
+ARG NIGHTLY_BUILD
+ARG VERSION
+ARG DISTRO_RELEASE
+ARG DISTRO_ID
+ARG DISTRO_SUITE
+ARG PKG_NAME
+ARG PKG_PACKAGER
+ARG PKG_RPM_BUILDFLAGS
+ARG PKG_RPM_RELEASE
+ARG SOURCE_DATE_EPOCH
+RUN --mount=type=bind,source=scripts/pkg-rpm-build.sh,target=/usr/local/bin/pkg-rpm-build \
+    --mount=type=bind,source=scripts/build-erofs.sh,target=/usr/local/bin/build-erofs \
+    --mount=type=bind,from=scripts,source=fix-cc.sh,target=/usr/local/bin/fix-cc \
+    --mount=type=bind,from=sbx-src,target=/opt/sbx-bin \
+    --mount=type=bind,from=runtime-src,target=/opt/runtime-bin \
+    --mount=type=bind,from=erofs-src,source=/src/erofs-utils,target=/opt/erofs-src \
+    --mount=type=bind,source=apparmor,target=/opt/apparmor \
+    --mount=type=bind,source=THIRD-PARTY-NOTICES,target=/opt/notices/THIRD-PARTY-NOTICES \
+    --mount=type=bind,source=licenses,target=/opt/licenses \
+    OUTDIR=/out pkg-rpm-build
+
+# static
+FROM --platform=$BUILDPLATFORM ${DISTRO_IMAGE} AS builder-static
+COPY --from=xx / /
+RUN apt-get update && apt-get install -y --no-install-recommends bash ca-certificates file zip tar
+ARG PKG_NAME
+ARG VERSION
+ARG NIGHTLY_BUILD
+WORKDIR /build
+ARG TARGETPLATFORM
+RUN --mount=type=bind,source=scripts/pkg-static-build.sh,target=/usr/local/bin/pkg-static-build \
+    --mount=type=bind,source=scripts/build-erofs.sh,target=/usr/local/bin/build-erofs \
+    --mount=type=bind,from=scripts,source=fix-cc.sh,target=/usr/local/bin/fix-cc \
+    --mount=type=bind,from=sbx-src,target=/opt/sbx-bin \
+    --mount=type=bind,from=runtime-src,target=/opt/runtime-bin \
+    --mount=type=bind,from=erofs-src,source=/src/erofs-utils,target=/opt/erofs-src \
+    --mount=type=bind,source=THIRD-PARTY-NOTICES,target=/opt/notices/THIRD-PARTY-NOTICES \
+    --mount=type=bind,source=licenses,target=/opt/licenses \
+    OUTDIR=/out BUILDDIR=/build pkg-static-build
+
+FROM builder-${DISTRO_TYPE} AS build-pkg
+ARG BUILDKIT_SBOM_SCAN_STAGE=true
+
+FROM scratch AS pkg
+COPY --from=build-pkg /out /
diff --git a/pkg/sbx/THIRD-PARTY-NOTICES b/pkg/sbx/THIRD-PARTY-NOTICES
new file mode 100644
index 00000000..dc0d58f5
--- /dev/null
+++ b/pkg/sbx/THIRD-PARTY-NOTICES
@@ -0,0 +1,99 @@
+This file lists the third-party components bundled in the docker-sbx package,
+their copyright holders, and their licenses.
+
+Docker, Inc. offers to provide the complete corresponding source code for
+any GPL-licensed component listed below, for a period of at least three
+years from the date of distribution. To obtain source code, contact
+open-source@docker.com or visit the upstream repositories listed below.
+
+--------------------------------------------------------------------------------
+
+Component: Linux kernel (nerdbox-kernel)
+License: GPL-2.0-only
+Source: https://github.com/torvalds/linux
+Patches: https://github.com/containerd/nerdbox/tree/main/kernel/patches
+SPDX-License-Identifier: GPL-2.0-only
+
+  Copyright (C) Linus Torvalds and Linux kernel contributors.
+
+  This program is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License version 2 as published
+  by the Free Software Foundation.
+
+  The full text of the license is available at
+  https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
+
+--------------------------------------------------------------------------------
+
+Component: erofs-utils (mkfs.erofs)
+License: GPL-2.0+
+Source: https://github.com/erofs/erofs-utils
+SPDX-License-Identifier: GPL-2.0-or-later
+
+  Copyright (C) erofs-utils contributors.
+
+  This program is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published by the
+  Free Software Foundation; either version 2 of the License, or (at your
+  option) any later version.
+
+  The full text of the license is available at
+  https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
+
+--------------------------------------------------------------------------------
+
+Component: e2fsprogs (mkfs.ext4)
+License: GPL-2.0+
+Source: https://github.com/tytso/e2fsprogs
+SPDX-License-Identifier: GPL-2.0-or-later
+
+  Copyright (C) Theodore Ts'o and e2fsprogs contributors.
+
+  This program is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published by the
+  Free Software Foundation; either version 2 of the License, or (at your
+  option) any later version.
+
+  The full text of the license is available at
+  https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
+
+--------------------------------------------------------------------------------
+
+Component: crun (bundled in nerdbox-initrd)
+License: GPL-2.0+
+Source: https://github.com/containers/crun
+SPDX-License-Identifier: GPL-2.0-or-later
+
+  Copyright (C) Giuseppe Scrivano and crun contributors.
+
+  This program is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published by the
+  Free Software Foundation; either version 2 of the License, or (at your
+  option) any later version.
+
+  The full text of the license is available at
+  https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
+
+--------------------------------------------------------------------------------
+
+Component: containerd-shim-nerdbox-v1
+License: Apache-2.0
+Source: https://github.com/containerd/nerdbox
+SPDX-License-Identifier: Apache-2.0
+
+  Copyright The containerd Authors.
+
+  Licensed under the Apache License, Version 2.0.
+  https://www.apache.org/licenses/LICENSE-2.0
+
+--------------------------------------------------------------------------------
+
+Component: vminitd (bundled in nerdbox-initrd)
+License: Apache-2.0
+Source: https://github.com/containerd/nerdbox
+SPDX-License-Identifier: Apache-2.0
+
+  Copyright The containerd Authors.
+
+  Licensed under the Apache License, Version 2.0.
+  https://www.apache.org/licenses/LICENSE-2.0
diff --git a/pkg/sbx/apparmor/docker-sbx-nerdbox-shim b/pkg/sbx/apparmor/docker-sbx-nerdbox-shim
new file mode 100644
index 00000000..870bd89c
--- /dev/null
+++ b/pkg/sbx/apparmor/docker-sbx-nerdbox-shim
@@ -0,0 +1,17 @@
+# AppArmor profile for the containerd-shim-nerdbox-v1 binary.
+#
+# On kernels with kernel.apparmor_restrict_unprivileged_userns=1 (default on
+# Ubuntu 23.10+), unconfined processes cannot create user namespaces.  The
+# nerdbox shim needs user namespaces to set up microVMs, so this profile
+# explicitly allows it.
+#
+# Under ABI 3.0, the presence of a loaded profile is sufficient to permit
+# user namespace creation for the associated binary.
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+/usr/libexec/containerd-shim-nerdbox-v1 flags=(unconfined) {
+  include if exists <local/docker-sbx-nerdbox-shim>
+}
diff --git a/pkg/sbx/deb/control b/pkg/sbx/deb/control
new file mode 100644
index 00000000..c2d29f20
--- /dev/null
+++ b/pkg/sbx/deb/control
@@ -0,0 +1,17 @@
+Source: docker-sbx
+Section: admin
+Priority: optional
+Maintainer: Docker <support@docker.com>
+Homepage: https://www.docker.com
+Standards-Version: 3.9.6
+Build-Depends: bash,
+               dh-apparmor,
+               debhelper-compat (= 12)
+
+Package: docker-sbx
+Priority: optional
+Architecture: linux-any
+Depends: ca-certificates
+Recommends: apparmor
+Description: Docker sbx
+Homepage: https://docs.docker.com/sandbox/
diff --git a/pkg/sbx/deb/copyright b/pkg/sbx/deb/copyright
new file mode 100644
index 00000000..beb79c5b
--- /dev/null
+++ b/pkg/sbx/deb/copyright
@@ -0,0 +1,88 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: docker-sbx
+Source: https://github.com/docker/sandboxes
+
+Files: *
+Copyright: 2026 Docker, Inc.
+License: Proprietary
+ This software is proprietary to Docker, Inc.
+ Use is subject to the Docker Subscription Service Agreement.
+ See https://www.docker.com/legal/docker-subscription-service-agreement
+
+Files: usr/libexec/nerdbox-kernel-*
+Copyright: Linus Torvalds and Linux kernel contributors
+License: GPL-2.0
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License version 2 as published
+ by the Free Software Foundation.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 2 can be found in "/usr/share/common-licenses/GPL-2".
+ .
+ Docker, Inc. offers to provide the complete corresponding source code
+ for a period of at least three years from the date of distribution.
+ Contact open-source@docker.com or see https://github.com/torvalds/linux
+ Patches: https://github.com/containerd/nerdbox/tree/main/kernel/patches
+
+Files: usr/libexec/mkfs.erofs
+Copyright: erofs-utils contributors
+License: GPL-2.0+
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 2 can be found in "/usr/share/common-licenses/GPL-2".
+ .
+ Docker, Inc. offers to provide the complete corresponding source code
+ for a period of at least three years from the date of distribution.
+ Contact open-source@docker.com or see https://github.com/erofs/erofs-utils
+
+Files: usr/libexec/mkfs.ext4
+Copyright: Theodore Ts'o and e2fsprogs contributors
+License: GPL-2.0+
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 2 can be found in "/usr/share/common-licenses/GPL-2".
+ .
+ Docker, Inc. offers to provide the complete corresponding source code
+ for a period of at least three years from the date of distribution.
+ Contact open-source@docker.com or see https://github.com/tytso/e2fsprogs
+
+Files: usr/libexec/nerdbox-initrd-*
+Copyright: Giuseppe Scrivano and crun contributors, The containerd Authors
+License: GPL-2.0+ and Apache-2.0
+ The initrd image contains crun (GPL-2.0+) and vminitd (Apache-2.0).
+ .
+ crun: Copyright (C) Giuseppe Scrivano and crun contributors.
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+ See https://github.com/containers/crun
+ .
+ vminitd: Copyright The containerd Authors.
+ Licensed under the Apache License, Version 2.0.
+ See https://github.com/containerd/nerdbox
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 2 can be found in "/usr/share/common-licenses/GPL-2".
+ The complete text of the Apache License version 2.0 can be found in
+ "/usr/share/common-licenses/Apache-2.0".
+ .
+ Docker, Inc. offers to provide the complete corresponding source code
+ for GPL-licensed components for a period of at least three years from
+ the date of distribution. Contact open-source@docker.com.
+
+Files: usr/libexec/containerd-shim-nerdbox-v1
+Copyright: The containerd Authors
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0.
+ .
+ On Debian systems, the complete text of the Apache License version 2.0
+ can be found in "/usr/share/common-licenses/Apache-2.0".
diff --git a/pkg/sbx/deb/docker-sbx.prerm b/pkg/sbx/deb/docker-sbx.prerm
new file mode 100644
index 00000000..5edf3778
--- /dev/null
+++ b/pkg/sbx/deb/docker-sbx.prerm
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+    remove|purge)
+        # Kill all running sbx processes before uninstalling.
+        killall sbx 2>/dev/null || true
+        ;;
+esac
+
+#DEBHELPER#
diff --git a/pkg/sbx/deb/docs b/pkg/sbx/deb/docs
new file mode 100644
index 00000000..3b2a7689
--- /dev/null
+++ b/pkg/sbx/deb/docs
@@ -0,0 +1 @@
+THIRD-PARTY-NOTICES
diff --git a/pkg/sbx/deb/rules b/pkg/sbx/deb/rules
new file mode 100755
index 00000000..90c54cb6
--- /dev/null
+++ b/pkg/sbx/deb/rules
@@ -0,0 +1,48 @@
+#!/usr/bin/make -f
+
+# force packages to be built with xz compression, as Ubuntu 21.10 and up use
+# zstd compression, which is non-standard, and breaks 'dpkg-sig --verify'
+override_dh_builddeb:
+	dh_builddeb -- -Zxz
+
+override_dh_auto_build:
+	# Binary is pre-built and installed by pkg-deb-build.sh
+
+override_dh_auto_test:
+	/usr/bin/sbx version
+
+override_dh_strip:
+	# Go has lots of problems with stripping, so just don't
+
+# http://manpages.debian.org/dh_dwz
+override_dh_dwz:
+	# dh_dwz in debhelper versions less than 13 has issues with files that are missing debug symbols (once we update to debhelper-compat 13+ this can be removed)
+	@# https://packages.debian.org/debhelper
+	@# https://packages.ubuntu.com/debhelper
+
+override_dh_auto_install:
+	install -D -p -m 0755 /usr/bin/sbx debian/docker-sbx/usr/bin/sbx
+	install -D -p -m 0755 /usr/libexec/containerd-shim-nerdbox-v1 debian/docker-sbx/usr/libexec/containerd-shim-nerdbox-v1
+	install -D -p -m 0755 /usr/libexec/mkfs.erofs debian/docker-sbx/usr/libexec/mkfs.erofs
+	install -D -p -m 0755 /usr/libexec/mkfs.ext4 debian/docker-sbx/usr/libexec/mkfs.ext4
+	for f in /usr/libexec/nerdbox-kernel-* /usr/libexec/nerdbox-initrd-*; do \
+		install -D -p -m 0644 "$$f" "debian/docker-sbx$$f"; \
+	done
+	install -D -p -m 0755 /usr/libexec/lib/libkrun.so debian/docker-sbx/usr/libexec/lib/libkrun.so
+	install -D -p -m 0644 /usr/share/apparmor/docker-sbx-nerdbox-shim debian/docker-sbx/etc/apparmor.d/docker-sbx-nerdbox-shim
+
+override_dh_installinit:
+	dh_installinit
+
+override_dh_shlibdeps:
+	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
+
+override_dh_install:
+	dh_install
+	dh_apparmor --profile-name=docker-sbx-nerdbox-shim -pdocker-sbx
+
+override_dh_gencontrol:
+	dh_gencontrol --remaining-packages
+
+%:
+	dh $@
diff --git a/pkg/sbx/deb/source/format b/pkg/sbx/deb/source/format
new file mode 100644
index 00000000..d3827e75
--- /dev/null
+++ b/pkg/sbx/deb/source/format
@@ -0,0 +1 @@
+1.0
diff --git a/pkg/sbx/licenses/Apache-2.0 b/pkg/sbx/licenses/Apache-2.0
new file mode 100644
index 00000000..f433b1a5
--- /dev/null
+++ b/pkg/sbx/licenses/Apache-2.0
@@ -0,0 +1,177 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
diff --git a/pkg/sbx/licenses/GPL-2.0 b/pkg/sbx/licenses/GPL-2.0
new file mode 100644
index 00000000..76d04dc8
--- /dev/null
+++ b/pkg/sbx/licenses/GPL-2.0
@@ -0,0 +1,280 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
diff --git a/pkg/sbx/licenses/LICENSE b/pkg/sbx/licenses/LICENSE
new file mode 100644
index 00000000..fa13a415
--- /dev/null
+++ b/pkg/sbx/licenses/LICENSE
@@ -0,0 +1,14 @@
+Docker Sandbox (sbx) - Proprietary Software
+
+Copyright (c) 2026 Docker, Inc. All rights reserved.
+
+This software is proprietary to Docker, Inc. Use is subject to the
+Docker Subscription Service Agreement:
+https://www.docker.com/legal/docker-subscription-service-agreement
+
+This package includes third-party open source components distributed
+under their own licenses. See THIRD-PARTY-NOTICES for details. The
+full license texts are provided in the following files:
+
+  GPL-2.0    - GNU General Public License version 2
+  Apache-2.0 - Apache License version 2.0
diff --git a/pkg/sbx/rpm/docker-sbx.spec b/pkg/sbx/rpm/docker-sbx.spec
new file mode 100644
index 00000000..4ca3d6c1
--- /dev/null
+++ b/pkg/sbx/rpm/docker-sbx.spec
@@ -0,0 +1,79 @@
+%global debug_package %{nil}
+
+Name: docker-sbx
+Version: %{_version}
+Release: %{_release}%{?dist}
+Epoch: 0
+Summary: Docker Sandbox
+Group: Tools/Docker
+License: Proprietary AND GPL-2.0-only AND GPL-2.0-or-later AND Apache-2.0
+URL: https://docs.docker.com/sandbox/
+Vendor: Docker
+Packager: Docker <support@docker.com>
+
+BuildRequires: bash
+Requires: ca-certificates
+
+%description
+Docker Sandbox manager.
+
+Provides the 'sbx' command for managing Docker sandboxes.
+
+%build
+test -f /usr/local/bin/sbx
+test -f /usr/local/libexec/containerd-shim-nerdbox-v1
+test -f /usr/local/libexec/mkfs.erofs
+test -f /usr/local/libexec/mkfs.ext4
+test -f /usr/local/libexec/%{_kernel_artifact}
+test -f /usr/local/libexec/%{_initrd_artifact}
+test -f /usr/local/libexec/lib/libkrun.so
+test -f /usr/local/share/apparmor/docker-sbx-nerdbox-shim
+cp /usr/local/share/licenses/docker-sbx/LICENSE .
+cp /usr/local/share/licenses/docker-sbx/GPL-2.0 .
+cp /usr/local/share/licenses/docker-sbx/Apache-2.0 .
+
+%check
+${RPM_BUILD_ROOT}%{_bindir}/sbx version
+
+%install
+install -D -p -m 0755 /usr/local/bin/sbx ${RPM_BUILD_ROOT}%{_bindir}/sbx
+install -D -p -m 0755 /usr/local/libexec/containerd-shim-nerdbox-v1 ${RPM_BUILD_ROOT}%{_libexecdir}/containerd-shim-nerdbox-v1
+install -D -p -m 0755 /usr/local/libexec/mkfs.erofs ${RPM_BUILD_ROOT}%{_libexecdir}/mkfs.erofs
+install -D -p -m 0755 /usr/local/libexec/mkfs.ext4 ${RPM_BUILD_ROOT}%{_libexecdir}/mkfs.ext4
+install -D -p -m 0644 /usr/local/libexec/%{_kernel_artifact} ${RPM_BUILD_ROOT}%{_libexecdir}/%{_kernel_artifact}
+install -D -p -m 0644 /usr/local/libexec/%{_initrd_artifact} ${RPM_BUILD_ROOT}%{_libexecdir}/%{_initrd_artifact}
+install -D -p -m 0755 /usr/local/libexec/lib/libkrun.so ${RPM_BUILD_ROOT}%{_libexecdir}/lib/libkrun.so
+install -D -p -m 0644 /usr/local/share/apparmor/docker-sbx-nerdbox-shim ${RPM_BUILD_ROOT}%{_sysconfdir}/apparmor.d/docker-sbx-nerdbox-shim
+install -D -p -m 0644 /usr/local/share/doc/docker-sbx/THIRD-PARTY-NOTICES ${RPM_BUILD_ROOT}%{_docdir}/docker-sbx/THIRD-PARTY-NOTICES
+
+%files
+%{_bindir}/sbx
+%{_libexecdir}/containerd-shim-nerdbox-v1
+%{_libexecdir}/mkfs.erofs
+%{_libexecdir}/mkfs.ext4
+%{_libexecdir}/%{_kernel_artifact}
+%{_libexecdir}/%{_initrd_artifact}
+%{_libexecdir}/lib/libkrun.so
+%config(noreplace) %{_sysconfdir}/apparmor.d/docker-sbx-nerdbox-shim
+%doc %{_docdir}/docker-sbx/THIRD-PARTY-NOTICES
+%license LICENSE
+%license GPL-2.0
+%license Apache-2.0
+
+%post
+if command -v apparmor_parser >/dev/null 2>&1 && [ -d /sys/kernel/security/apparmor ]; then
+  apparmor_parser -r -W %{_sysconfdir}/apparmor.d/docker-sbx-nerdbox-shim || true
+fi
+
+%preun
+if [ "$1" -eq 0 ]; then
+  # Kill all running sbx processes before uninstalling.
+  killall sbx 2>/dev/null || true
+  if command -v apparmor_parser >/dev/null 2>&1 && [ -d /sys/kernel/security/apparmor ]; then
+    apparmor_parser -R %{_sysconfdir}/apparmor.d/docker-sbx-nerdbox-shim || true
+  fi
+fi
+
+%postun
+
+%changelog
diff --git a/pkg/sbx/scripts/build-erofs.sh b/pkg/sbx/scripts/build-erofs.sh
new file mode 100755
index 00000000..ba1769a7
--- /dev/null
+++ b/pkg/sbx/scripts/build-erofs.sh
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+
+# Copyright 2026 Docker Packaging authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Build mkfs.erofs from a source checkout.
+#
+# Usage: build-erofs <srcdir> <output-binary>
+#
+# Installs distro-appropriate build dependencies, then runs
+# autogen / configure / make inside a temporary copy of <srcdir>.
+
+set -e
+
+SRCDIR="${1:?usage: build-erofs <srcdir> <output-binary>}"
+OUTBIN="${2:?usage: build-erofs <srcdir> <output-binary>}"
+
+# Install build dependencies based on the package manager available.
+if command -v apt-get &>/dev/null; then
+  apt-get update -qq
+  apt-get install -y --no-install-recommends \
+    autoconf automake autotools-dev libtool make pkg-config \
+    gcc libc6-dev \
+    liblz4-dev libzstd-dev zlib1g-dev
+elif command -v dnf &>/dev/null; then
+  dnf install -y \
+    autoconf automake libtool make pkgconfig \
+    gcc \
+    lz4-devel libzstd-devel zlib-devel
+elif command -v yum &>/dev/null; then
+  yum install -y \
+    autoconf automake libtool make pkgconfig \
+    gcc \
+    lz4-devel libzstd-devel zlib-devel
+else
+  echo >&2 "error: unsupported distro — no apt-get, dnf, or yum found"
+  exit 1
+fi
+
+# Build in a temporary directory so the bind-mounted source stays read-only.
+BUILDDIR="$(mktemp -d)"
+cp -a "${SRCDIR}/." "${BUILDDIR}/"
+cd "${BUILDDIR}"
+
+./autogen.sh
+./configure \
+    --disable-silent-rules \
+    --enable-lz4 \
+    --disable-lzma \
+    --without-selinux \
+    --without-uuid \
+    --without-openssl \
+    --disable-fuse \
+    --disable-debug \
+    --disable-static \
+    --disable-dependency-tracking
+
+make -j "$(nproc)"
+
+install -D -p -m 0755 mkfs/mkfs.erofs "${OUTBIN}"
+rm -rf "${BUILDDIR}"
diff --git a/pkg/sbx/scripts/fetch-runtime-binaries.sh b/pkg/sbx/scripts/fetch-runtime-binaries.sh
new file mode 100755
index 00000000..5a553064
--- /dev/null
+++ b/pkg/sbx/scripts/fetch-runtime-binaries.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# Copyright 2026 Docker Packaging authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Fetch all linux runtime binaries from a GitHub release.
+#
+# Usage:
+#   GITHUB_TOKEN=ghp_xxx ./fetch-runtime-binaries.sh <repo> <tag> <outdir>
+#
+# Example:
+#   ./fetch-runtime-binaries.sh docker/docker v0.1.0-beta.29 /tmp/runtime-bin
+
+set -eu
+
+REPO="${1:?usage: $0 <repo> <tag> <outdir>}"
+TAG="${2:?usage: $0 <repo> <tag> <outdir>}"
+OUTDIR="${3:?usage: $0 <repo> <tag> <outdir>}"
+
+mkdir -p "${OUTDIR}"
+
+set -x
+
+gh release download "${TAG}" --repo "${REPO}" --dir "${OUTDIR}" \
+  --clobber \
+  --pattern "containerd-shim-nerdbox-v1-linux-*" \
+  --pattern "mkfs.ext4-linux-*" \
+  --pattern "nerdbox-kernel-*" \
+  --pattern "nerdbox-initrd-*" \
+  --pattern "libkrun-*.so"
diff --git a/pkg/sbx/scripts/pkg-deb-build.sh b/pkg/sbx/scripts/pkg-deb-build.sh
new file mode 100755
index 00000000..91cae5a0
--- /dev/null
+++ b/pkg/sbx/scripts/pkg-deb-build.sh
@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+
+# Copyright 2026 Docker Packaging authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+: "${NIGHTLY_BUILD=}"
+: "${VERSION=}"
+
+: "${DISTRO_NAME=}"
+: "${DISTRO_RELEASE=}"
+: "${DISTRO_ID=}"
+: "${DISTRO_SUITE=}"
+
+: "${PKG_NAME=}"
+: "${PKG_PACKAGER=}"
+: "${PKG_VENDOR=}"
+
+: "${PKG_DEB_REVISION=}"
+: "${PKG_DEB_EPOCH=}"
+
+: "${SOURCE_DATE_EPOCH=}"
+: "${OUTDIR=/out}"
+
+set -e
+
+if [ -z "$VERSION" ]; then
+  echo >&2 "error: VERSION is required"
+  exit 1
+fi
+if [ -z "$DISTRO_NAME" ]; then
+  echo >&2 "error: DISTRO_NAME is required"
+  exit 1
+fi
+if [ -z "$OUTDIR" ]; then
+  echo >&2 "error: OUTDIR is required"
+  exit 1
+fi
+
+mkdir -p "$OUTDIR"
+
+if ! command -v xx-info &> /dev/null; then
+  echo >&2 "error: xx cross compilation helper is required"
+  exit 1
+fi
+
+# Derive deb-compatible package version from VERSION (e.g. v0.1.0-beta.1 -> 0.1.0~beta.1)
+tilde='~'
+pkgVersion="${VERSION#v}"
+pkgVersion="${pkgVersion//-/$tilde}"
+
+gen-deb-changelog "$VERSION" "$pkgVersion" "$DISTRO_RELEASE" "$DISTRO_ID" "$DISTRO_SUITE" "$PKG_DEB_REVISION" "$PKG_DEB_EPOCH"
+
+pkgoutput="${OUTDIR}/${DISTRO_RELEASE}/${DISTRO_SUITE}/$(xx-info arch)"
+if [ -n "$(xx-info variant)" ]; then
+  pkgoutput="${pkgoutput}/$(xx-info variant)"
+fi
+mkdir -p "${pkgoutput}"
+
+set -x
+
+GOARCH="$(xx-info arch)"
+case "${GOARCH}" in
+  amd64) KERNEL_ARTIFACT="nerdbox-kernel-x86_64"; INITRD_ARTIFACT="nerdbox-initrd-x86_64" ;;
+  arm64) KERNEL_ARTIFACT="nerdbox-kernel-arm64_4k"; INITRD_ARTIFACT="nerdbox-initrd-arm64" ;;
+  *)     echo "Unsupported arch: ${GOARCH}" >&2; exit 1 ;;
+esac
+
+# Install pre-built sbx binary
+install -D -p -m 0755 /opt/sbx-bin/sbx /usr/bin/sbx
+
+# Install runtime companion binaries
+install -D -p -m 0755 "/opt/runtime-bin/containerd-shim-nerdbox-v1-linux-${GOARCH}" /usr/libexec/containerd-shim-nerdbox-v1
+build-erofs /opt/erofs-src /usr/libexec/mkfs.erofs
+install -D -p -m 0755 "/opt/runtime-bin/mkfs.ext4-linux-${GOARCH}" /usr/libexec/mkfs.ext4
+install -D -p -m 0644 "/opt/runtime-bin/${KERNEL_ARTIFACT}" "/usr/libexec/${KERNEL_ARTIFACT}"
+install -D -p -m 0644 "/opt/runtime-bin/${INITRD_ARTIFACT}" "/usr/libexec/${INITRD_ARTIFACT}"
+install -D -p -m 0755 "/opt/runtime-bin/libkrun-${GOARCH}.so" /usr/libexec/lib/libkrun.so
+
+# Install AppArmor profile (picked up by dh_apparmor during dpkg-buildpackage)
+install -D -p -m 0644 /opt/apparmor/docker-sbx-nerdbox-shim /usr/share/apparmor/docker-sbx-nerdbox-shim
+
+chmod -x debian/control debian/copyright
+VERSION=${VERSION} dpkg-buildpackage $PKG_DEB_BUILDFLAGS --host-arch $(xx-info debian-arch) --target-arch $(xx-info debian-arch)
+cp /root/docker-* "${pkgoutput}"/
diff --git a/pkg/sbx/scripts/pkg-rpm-build.sh b/pkg/sbx/scripts/pkg-rpm-build.sh
new file mode 100755
index 00000000..7fb82158
--- /dev/null
+++ b/pkg/sbx/scripts/pkg-rpm-build.sh
@@ -0,0 +1,108 @@
+#!/usr/bin/env bash
+
+# Copyright 2026 Docker Packaging authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+: "${NIGHTLY_BUILD=}"
+: "${VERSION=}"
+
+: "${DISTRO_NAME=}"
+: "${DISTRO_RELEASE=}"
+: "${DISTRO_ID=}"
+: "${DISTRO_SUITE=}"
+
+: "${PKG_NAME=}"
+: "${PKG_PACKAGER=}"
+: "${PKG_VENDOR=}"
+
+: "${PKG_RPM_RELEASE=}"
+
+: "${SOURCE_DATE_EPOCH=}"
+: "${OUTDIR=/out}"
+
+set -e
+
+if [ -z "$VERSION" ]; then
+  echo >&2 "error: VERSION is required"
+  exit 1
+fi
+if [ -z "$DISTRO_NAME" ]; then
+  echo >&2 "error: DISTRO_NAME is required"
+  exit 1
+fi
+if [ -z "$OUTDIR" ]; then
+  echo >&2 "error: OUTDIR is required"
+  exit 1
+fi
+
+mkdir -p "$OUTDIR"
+
+if ! command -v xx-info &> /dev/null; then
+  echo >&2 "error: xx cross compilation helper is required"
+  exit 1
+fi
+
+# Derive rpm-compatible package version from VERSION (e.g. v0.1.0-beta.1 -> 0.1.0~beta.1)
+tilde='~'
+pkgVersion="${VERSION#v}"
+pkgVersion="${pkgVersion//-/$tilde}"
+
+GOARCH="$(xx-info arch)"
+case "${GOARCH}" in
+  amd64) KERNEL_ARTIFACT="nerdbox-kernel-x86_64"; INITRD_ARTIFACT="nerdbox-initrd-x86_64" ;;
+  arm64) KERNEL_ARTIFACT="nerdbox-kernel-arm64_4k"; INITRD_ARTIFACT="nerdbox-initrd-arm64" ;;
+  *)     echo "Unsupported arch: ${GOARCH}" >&2; exit 1 ;;
+esac
+
+rpmDefine=(
+  --define "_version ${pkgVersion}"
+  --define "_origversion ${VERSION}"
+  --define "_release ${PKG_RPM_RELEASE:-1}"
+  --define "_kernel_artifact ${KERNEL_ARTIFACT}" --define "_initrd_artifact ${INITRD_ARTIFACT}"
+)
+
+pkgoutput="${OUTDIR}/${DISTRO_RELEASE}/${DISTRO_SUITE}/$(xx-info arch)"
+if [ -n "$(xx-info variant)" ]; then
+  pkgoutput="${pkgoutput}/$(xx-info variant)"
+fi
+
+set -x
+
+# Install pre-built sbx binary
+install -D -p -m 0755 /opt/sbx-bin/sbx /usr/local/bin/sbx
+
+# Install runtime companion binaries
+install -D -p -m 0755 "/opt/runtime-bin/containerd-shim-nerdbox-v1-linux-${GOARCH}" /usr/local/libexec/containerd-shim-nerdbox-v1
+build-erofs /opt/erofs-src /usr/local/libexec/mkfs.erofs
+install -D -p -m 0755 "/opt/runtime-bin/mkfs.ext4-linux-${GOARCH}" /usr/local/libexec/mkfs.ext4
+install -D -p -m 0644 "/opt/runtime-bin/${KERNEL_ARTIFACT}" "/usr/local/libexec/${KERNEL_ARTIFACT}"
+install -D -p -m 0644 "/opt/runtime-bin/${INITRD_ARTIFACT}" "/usr/local/libexec/${INITRD_ARTIFACT}"
+mkdir -p /usr/local/libexec/lib
+install -D -p -m 0755 "/opt/runtime-bin/libkrun-${GOARCH}.so" /usr/local/libexec/lib/libkrun.so
+
+# Install AppArmor profile (picked up by rpmbuild)
+install -D -p -m 0644 /opt/apparmor/docker-sbx-nerdbox-shim /usr/local/share/apparmor/docker-sbx-nerdbox-shim
+
+# Install third-party license notices and license texts
+install -D -p -m 0644 /opt/notices/THIRD-PARTY-NOTICES /usr/local/share/doc/docker-sbx/THIRD-PARTY-NOTICES
+install -D -p -m 0644 /opt/licenses/LICENSE /usr/local/share/licenses/docker-sbx/LICENSE
+install -D -p -m 0644 /opt/licenses/GPL-2.0 /usr/local/share/licenses/docker-sbx/GPL-2.0
+install -D -p -m 0644 /opt/licenses/Apache-2.0 /usr/local/share/licenses/docker-sbx/Apache-2.0
+
+rpmbuild --target $(xx-info rhel-arch) $PKG_RPM_BUILDFLAGS "${rpmDefine[@]}" /root/rpmbuild/SPECS/*.spec
+mkdir -p "${pkgoutput}"
+cp ./RPMS/*/*.* "${pkgoutput}"/
+if [ "$(ls -A ./SRPMS)" ]; then
+  cp ./SRPMS/* "${pkgoutput}"/
+fi
diff --git a/pkg/sbx/scripts/pkg-static-build.sh b/pkg/sbx/scripts/pkg-static-build.sh
new file mode 100755
index 00000000..f6d27e11
--- /dev/null
+++ b/pkg/sbx/scripts/pkg-static-build.sh
@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+
+# Copyright 2026 Docker Packaging authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+: "${NIGHTLY_BUILD=}"
+: "${VERSION=}"
+
+: "${PKG_NAME=}"
+
+: "${BUILDDIR=/work/build}"
+: "${OUTDIR=/out}"
+
+set -e
+
+if [ -z "$VERSION" ]; then
+  echo >&2 "error: VERSION is required"
+  exit 1
+fi
+if [ -z "$OUTDIR" ]; then
+  echo >&2 "error: OUTDIR is required"
+  exit 1
+fi
+
+mkdir -p "$OUTDIR"
+
+if ! command -v xx-info &> /dev/null; then
+  echo >&2 "error: xx cross compilation helper is required"
+  exit 1
+fi
+
+# Determine binary name based on target OS
+binext=$([ "$(xx-info os)" = "windows" ] && echo ".exe" || true)
+
+GOARCH="$(xx-info arch)"
+case "${GOARCH}" in
+  amd64) KERNEL_ARTIFACT="nerdbox-kernel-x86_64"; INITRD_ARTIFACT="nerdbox-initrd-x86_64" ;;
+  arm64) KERNEL_ARTIFACT="nerdbox-kernel-arm64_4k"; INITRD_ARTIFACT="nerdbox-initrd-arm64" ;;
+  *)     echo "Unsupported arch: ${GOARCH}" >&2; exit 1 ;;
+esac
+
+# Copy pre-built binaries
+mkdir -p "${BUILDDIR}/${PKG_NAME}"
+(
+  set -x
+  install -p -m 0755 /opt/sbx-bin/sbx${binext} "${BUILDDIR}/${PKG_NAME}/sbx${binext}"
+  install -p -m 0755 "/opt/runtime-bin/containerd-shim-nerdbox-v1-linux-${GOARCH}" "${BUILDDIR}/${PKG_NAME}/containerd-shim-nerdbox-v1"
+  build-erofs /opt/erofs-src "${BUILDDIR}/${PKG_NAME}/mkfs.erofs"
+  install -p -m 0755 "/opt/runtime-bin/mkfs.ext4-linux-${GOARCH}" "${BUILDDIR}/${PKG_NAME}/mkfs.ext4"
+  install -p -m 0644 "/opt/runtime-bin/${KERNEL_ARTIFACT}" "${BUILDDIR}/${PKG_NAME}/${KERNEL_ARTIFACT}"
+  install -p -m 0644 "/opt/runtime-bin/${INITRD_ARTIFACT}" "${BUILDDIR}/${PKG_NAME}/${INITRD_ARTIFACT}"
+  install -p -m 0755 "/opt/runtime-bin/libkrun-${GOARCH}.so" "${BUILDDIR}/${PKG_NAME}/libkrun.so"
+  install -p -m 0644 /opt/notices/THIRD-PARTY-NOTICES "${BUILDDIR}/${PKG_NAME}/THIRD-PARTY-NOTICES"
+  install -p -m 0644 /opt/licenses/LICENSE "${BUILDDIR}/${PKG_NAME}/LICENSE"
+  install -p -m 0644 /opt/licenses/GPL-2.0 "${BUILDDIR}/${PKG_NAME}/GPL-2.0"
+  install -p -m 0644 /opt/licenses/Apache-2.0 "${BUILDDIR}/${PKG_NAME}/Apache-2.0"
+)
+
+pkgoutput="$OUTDIR/static/$(xx-info os)/$(xx-info arch)"
+if [ -n "$(xx-info variant)" ]; then
+  pkgoutput="${pkgoutput}/$(xx-info variant)"
+fi
+mkdir -p "${pkgoutput}"
+
+cd "$BUILDDIR"
+for pkgname in *; do
+  workdir=$(mktemp -d -t docker-packaging.XXXXXXXXXX)
+  mkdir -p "$workdir/${pkgname}"
+  (
+    set -x
+    cp -r "${pkgname}"/* "$workdir/${pkgname}/"
+  )
+  if [ "$(xx-info os)" = "windows" ]; then
+    (
+      set -x
+      cd "$workdir"
+      zip -r "${pkgoutput}/${pkgname}_${VERSION#v}.zip" "${pkgname}"
+    )
+  else
+    (
+      set -x
+      tar -czf "${pkgoutput}/${pkgname}_${VERSION#v}.tgz" -C "$workdir" "${pkgname}"
+    )
+  fi
+done
diff --git a/pkg/sbx/verify.Dockerfile b/pkg/sbx/verify.Dockerfile
new file mode 100644
index 00000000..af3ff2b4
--- /dev/null
+++ b/pkg/sbx/verify.Dockerfile
@@ -0,0 +1,138 @@
+# syntax=docker/dockerfile:1
+
+# Copyright 2026 Docker Packaging authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG XX_VERSION="1.9.0"
+
+ARG DISTRO_TYPE="deb"
+ARG DISTRO_IMAGE="debian:bookworm"
+
+# cross compilation helper
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
+
+FROM scratch AS bin
+FROM scratch AS scripts
+
+FROM ${DISTRO_IMAGE} AS base
+
+FROM base AS verify-deb
+RUN apt-get update
+COPY --from=xx / /
+ARG DISTRO_RELEASE
+ARG DISTRO_ID
+ARG DISTRO_SUITE
+ARG TARGETPLATFORM
+RUN --mount=from=bin,target=/build <<EOT
+  set -e
+  targetplatform=$(xx-info os)_$(xx-info arch)
+  if [ -n "$(xx-info variant)" ]; then
+    targetplatform="${targetplatform}_$(xx-info variant)"
+  fi
+  dir=/build/${targetplatform}/${DISTRO_RELEASE}/${DISTRO_SUITE}/$(xx-info arch)
+  if [ ! -d "$dir" ]; then
+    echo >&2 "warning: no packages found in $dir"
+    exit 0
+  fi
+  for package in $(find $dir -type f -name '*.deb'); do
+    (
+      set -x
+      dpkg-deb --info $package
+      dpkg -i $package
+    )
+  done
+  set -x
+  sbx version
+  test -x /usr/libexec/containerd-shim-nerdbox-v1
+  test -x /usr/libexec/mkfs.erofs
+  test -x /usr/libexec/mkfs.ext4
+  test -n "$(ls /usr/libexec/nerdbox-kernel-* 2>/dev/null)"
+  test -n "$(ls /usr/libexec/nerdbox-initrd-* 2>/dev/null)"
+  test -f /usr/libexec/lib/libkrun.so
+  test -f /etc/apparmor.d/docker-sbx-nerdbox-shim
+EOT
+
+FROM base AS verify-rpm
+COPY --from=xx / /
+ARG DISTRO_NAME
+ARG DISTRO_RELEASE
+ARG DISTRO_ID
+ARG DISTRO_SUITE
+RUN --mount=type=bind,from=scripts,source=verify-rpm-init.sh,target=/usr/local/bin/verify-rpm-init \
+  verify-rpm-init $DISTRO_NAME
+ARG TARGETPLATFORM
+RUN --mount=from=bin,target=/build <<EOT
+  set -e
+  targetplatform=$(xx-info os)_$(xx-info arch)
+  if [ -n "$(xx-info variant)" ]; then
+    targetplatform="${targetplatform}_$(xx-info variant)"
+  fi
+  dir=/build/${targetplatform}/${DISTRO_RELEASE}/${DISTRO_SUITE}/$(xx-info arch)
+  if [ ! -d "$dir" ]; then
+    echo >&2 "warning: no packages found in $dir"
+    exit 0
+  fi
+  for package in $(find $dir -type f -name '*.rpm'); do
+    (
+      set -x
+      rpm -qilp $package
+      rpm --install --nodeps $package
+    )
+  done
+  set -x
+  sbx version
+  test -x /usr/libexec/containerd-shim-nerdbox-v1
+  test -x /usr/libexec/mkfs.erofs
+  test -x /usr/libexec/mkfs.ext4
+  test -n "$(ls /usr/libexec/nerdbox-kernel-* 2>/dev/null)"
+  test -n "$(ls /usr/libexec/nerdbox-initrd-* 2>/dev/null)"
+  test -f /usr/libexec/lib/libkrun.so
+  test -f /etc/apparmor.d/docker-sbx-nerdbox-shim
+EOT
+
+FROM base AS verify-static
+RUN apt-get update && apt-get install -y --no-install-recommends tar
+COPY --from=xx / /
+ARG DISTRO_RELEASE
+ARG DISTRO_ID
+ARG DISTRO_SUITE
+ARG TARGETPLATFORM
+RUN --mount=from=bin,target=/build <<EOT
+  set -e
+  targetplatform=$(xx-info os)_$(xx-info arch)
+  if [ -n "$(xx-info variant)" ]; then
+    targetplatform="${targetplatform}_$(xx-info variant)"
+  fi
+  dir=/build/${targetplatform}/static/$(xx-info os)/$(xx-info arch)
+  if [ ! -d "$dir" ]; then
+    echo >&2 "warning: no packages found in $dir"
+    exit 0
+  fi
+  for package in $(find $dir -type f -name '*.tgz'); do
+    (
+      set -x
+      tar zxvf $package -C /usr/local --strip-components=1
+    )
+  done
+  set -x
+  sbx version
+  test -x /usr/local/libexec/containerd-shim-nerdbox-v1
+  test -x /usr/local/libexec/mkfs.erofs
+  test -x /usr/local/libexec/mkfs.ext4
+  test -n "$(ls /usr/local/libexec/nerdbox-kernel-* 2>/dev/null)"
+  test -n "$(ls /usr/local/libexec/nerdbox-initrd-* 2>/dev/null)"
+  test -f /usr/local/libexec/lib/libkrun.so
+EOT
+
+FROM verify-${DISTRO_TYPE}