Add patches to docker-engine-29

[koooosh]

Issue number:

#712

Description of changes:

• Add patch to docker-engine based off this commit by @henry118 to always use containerd's transfer service
• Update containerd-2.1 basic config (used by ECS) to enable use of transfer service + import containerd dropins folder for further modification
• Update docker-engine-29 daemon jsons to use overlayfs instead of overlay2 for storage-driver so the containerd snapshotter is used instead of the legacy graphdriver. Looking at the docker source code, we found that it defaults to graphdriver if the path /var/lib/docker/overlay2/ exists, so this change avoids that

Note: Unlike the containerd k8s config file, for the basic config, we cannot set values based on settings.container-runtime as that doesn't exist in the ECS plugin, so resorting to hardcodes for now

Testing done:

• Core-kit builds on both platforms
• Transfer service patch
  Booted an aws-ecs-3 x86 ami from this PR with custom core-kit and ran the following tests on it:

# PROOF PATCH IS APPLIED
bash-5.1# grep -q "transfer/registry" /usr/bin/dockerd && echo "Transfer service patch is present" || echo "Patch not found"
Transfer service patch is present

# TRANSFER PLUGIN LOADED AND RUNNING
bash-5.1# ctr plugins ls | grep transfer
io.containerd.transfer.v1                 local                    -              ok
io.containerd.grpc.v1                     transfer                 -              ok

# CONFIG VERIFICATION
bash-5.1# cat /etc/containerd/config.toml | grep -A 10 "transfer"
[plugins."io.containerd.transfer.v1.local"]
max_concurrent_downloads = 3
concurrent_layer_fetch_buffer = 8388608

[[plugins."io.containerd.transfer.v1.local".unpack_config]]
snapshotter = "overlayfs"
differ = "walking"
platform = "linux/amd64"

# PULL SUCCEEDS
bash-5.1# docker pull nginx:alpine
alpine: Pulling from library/nginx
2d35ebdb57d9: Pull complete
8f6a6833e95d: Pull complete
194fa24e147d: Pull complete
3eaba6cd10a3: Pull complete
df413d6ebdc8: Pull complete
d9a55dab5954: Pull complete
ff8a36d5502a: Pull complete
bdabb0d44271: Pull complete
Digest: sha256:b3c656d55d7ad751196f21b7fd2e8d4da9cb430e32f646adcf92441b72f82b14
Status: Downloaded newer image for nginx:alpine
docker.io/library/nginx:alpine

• Updated daemon jsons
  Booted an aws-ecs-3 aarch64 ami from this PR with custom core-kit and ran the following tests on it:

# VERIFY OVERLAYFS USED INSTEAD OF OVERLAY2
bash-5.1# docker info | grep -i "storage driver"
 Storage Driver: overlayfs
 
bash-5.1# ls -la /var/lib/docker/overlay2/
ls: cannot access '/var/lib/docker/overlay2/': No such file or directory

# VERIFY CONTAINERD SNAPSHOTTER ENABLED 
bash-5.1# docker info | grep -i snapshotter
  driver-type: io.containerd.snapshotter.v1

bash-5.1# journalctl -u docker | grep -i "snapshotter\|overlayfs"
Nov 09 01:39:53 ip-172-31-33-37.us-west-2.compute.internal dockerd[1815]: time="2025-11-09T01:39:53.773378167Z" level=info msg="Starting daemon with containerd snapshotter integration enabled"
Nov 09 01:39:54 ip-172-31-33-37.us-west-2.compute.internal dockerd[1815]: time="2025-11-09T01:39:54.255477883Z" level=info msg="Docker daemon" commit=bb45a3f4a0eaaa3afe8145acc5a901fcad717417 containerd-snapshotter=true storage-driver=overlayfs version=29.0.0-rc.2

# PULL SUCCEEDS
bash-5.1# docker pull nginx:alpine
Digest: sha256:b3c656d55d7ad751196f21b7fd2e8d4da9cb430e32f646adcf92441b72f82b14
Status: Downloaded newer image for nginx:alpine
docker.io/library/nginx:alpine

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[koooosh]

Force push adds a link in the docker-engine-29 Cargo.toml for the patch download

[koooosh]

Force push adds additional patch to force use of containerd snapshotter. Description has been updated with details and testing

[koooosh]

Force push removes the containerd snapshotter patch as we've found we can do this by replacing the overlay2 storage driver value in the daemon json files + updating the max_concurrent_downloads hardcode in basic config to match what's in the daemon jsons