diff --git a/Makefile b/Makefile
index 1490be1b4..2541012d5 100644
--- a/Makefile
+++ b/Makefile
@@ -20,7 +20,7 @@ endif
 
 PREFIX?=/usr/local/
 
-MOBY_COMMIT=a261a33812ec2ba6650dc0b16353f537ade66355
+MOBY_COMMIT=8e720bff08cb9f20488d1ae6f114a5b1e4edf9cd
 MOBY_VERSION=0.0
 bin/moby: tmp_moby_bin.tar | bin
 	tar xf $<
diff --git a/blueprints/docker-for-mac/base.yml b/blueprints/docker-for-mac/base.yml
index 73a28713a..3a65f31fb 100644
--- a/blueprints/docker-for-mac/base.yml
+++ b/blueprints/docker-for-mac/base.yml
@@ -6,7 +6,7 @@ init:
   - linuxkit/vpnkit-expose-port:e2b49a6c56fbf876ea24f0a5ce4ccae5f940d1be # install vpnkit-expose-port and vpnkit-iptables-wrapper on host
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
 onboot:
   # support metadata for optional config in /var/config
   - name: metadata
@@ -53,7 +53,7 @@ services:
     image: linuxkit/acpid:1966310cb75e28ffc668863a6577ee991327f918
   # Enable getty for easier debugging
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
         - INSECURE=true
   # Run ntpd to keep time synchronised in the VM
diff --git a/examples/aws.yml b/examples/aws.yml
index 8d5942f61..2493e7e94 100644
--- a/examples/aws.yml
+++ b/examples/aws.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
@@ -18,7 +18,7 @@ services:
   - name: rngd
     image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b
   - name: sshd
-    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
+    image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee
     binds:
      - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys
   - name: nginx
diff --git a/examples/azure.yml b/examples/azure.yml
index 2550cc2f4..8d3e261d7 100644
--- a/examples/azure.yml
+++ b/examples/azure.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
@@ -15,7 +15,7 @@ services:
   - name: dhcpcd
     image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
   - name: sshd
-    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
+    image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee
 files:
   - path: root/.ssh/authorized_keys
     source: ~/.ssh/id_rsa.pub
diff --git a/examples/docker.yml b/examples/docker.yml
index 85e055422..d151d3cb3 100644
--- a/examples/docker.yml
+++ b/examples/docker.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
@@ -20,7 +20,7 @@ onboot:
     command: ["/mount.sh", "/var/lib/docker"]
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
   - name: rngd
diff --git a/examples/gcp.yml b/examples/gcp.yml
index faaa80b55..8279974df 100644
--- a/examples/gcp.yml
+++ b/examples/gcp.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
@@ -16,13 +16,13 @@ onboot:
     image: linuxkit/metadata:428093dd1c4178e8ba1952af44b46c0fd16f8e79
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
   - name: rngd
     image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b
   - name: sshd
-    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
+    image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee
     binds:
      - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys
   - name: nginx
diff --git a/examples/getty.yml b/examples/getty.yml
index 0deab132a..2d55744f6 100644
--- a/examples/getty.yml
+++ b/examples/getty.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
@@ -14,7 +14,7 @@ onboot:
     command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     # to make insecure with passwordless root login, uncomment following lines
     #env:
     # - INSECURE=true
diff --git a/examples/minimal.yml b/examples/minimal.yml
index 6a9dd58b8..fabcaf14e 100644
--- a/examples/minimal.yml
+++ b/examples/minimal.yml
@@ -4,14 +4,14 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
 onboot:
   - name: dhcpcd
     image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
     command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
 trust:
diff --git a/examples/node_exporter.yml b/examples/node_exporter.yml
index a2db1c83d..bed74d916 100644
--- a/examples/node_exporter.yml
+++ b/examples/node_exporter.yml
@@ -4,10 +4,10 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
   - name: rngd
diff --git a/examples/packet.yml b/examples/packet.yml
index 0bd833ddd..561e7f529 100644
--- a/examples/packet.yml
+++ b/examples/packet.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
@@ -15,7 +15,7 @@ services:
   - name: dhcpcd
     image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
   - name: sshd
-    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
+    image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee
 files:
   - path: root/.ssh/authorized_keys
     source: ~/.ssh/id_rsa.pub
diff --git a/examples/redis-os.yml b/examples/redis-os.yml
index 469296b0a..880a14a09 100644
--- a/examples/redis-os.yml
+++ b/examples/redis-os.yml
@@ -6,14 +6,14 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
 onboot:
   - name: dhcpcd
     image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
     command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
   - name: redis
diff --git a/examples/sshd.yml b/examples/sshd.yml
index e3b022621..2907b4039 100644
--- a/examples/sshd.yml
+++ b/examples/sshd.yml
@@ -4,14 +4,14 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
     image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
   - name: rngd
@@ -19,7 +19,7 @@ services:
   - name: dhcpcd
     image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
   - name: sshd
-    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
+    image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee
 files:
   - path: root/.ssh/authorized_keys
     source: ~/.ssh/id_rsa.pub
diff --git a/examples/swap.yml b/examples/swap.yml
index ea1af90cf..9b3471f04 100644
--- a/examples/swap.yml
+++ b/examples/swap.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
 onboot:
   - name: sysctl
@@ -24,7 +24,7 @@ onboot:
     command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G", "--encrypt"]
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
   - name: rngd
diff --git a/examples/vmware.yml b/examples/vmware.yml
index 6d5506888..cda63bd90 100644
--- a/examples/vmware.yml
+++ b/examples/vmware.yml
@@ -4,14 +4,14 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
     image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
   - name: rngd
diff --git a/examples/vpnkit-forwarder.yml b/examples/vpnkit-forwarder.yml
index 063e2dfb4..a76eeee79 100644
--- a/examples/vpnkit-forwarder.yml
+++ b/examples/vpnkit-forwarder.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
 onboot:
   - name: dhcpcd
     image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
@@ -19,7 +19,7 @@ onboot:
     command: ["sh", "-c", "mkdir /host_var/vpnkit && mount -v -t 9p -o trans=virtio,dfltuid=1001,dfltgid=50,version=9p2000 port /host_var/vpnkit"]
 services:
   - name: sshd
-    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
+    image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee
   - name: vpnkit-forwarder
     image: linuxkit/vpnkit-forwarder:9c1545e7b093d1210118de7661d7346393ec195b
     binds:
diff --git a/examples/vsudd.yml b/examples/vsudd.yml
index 2c23cf371..d0d0bfbf2 100644
--- a/examples/vsudd.yml
+++ b/examples/vsudd.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
 onboot:
   - name: dhcpcd
     image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
diff --git a/examples/vultr.yml b/examples/vultr.yml
index 8c2deb3f5..3e2abf3f8 100644
--- a/examples/vultr.yml
+++ b/examples/vultr.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
@@ -16,13 +16,13 @@ onboot:
     image: linuxkit/metadata:428093dd1c4178e8ba1952af44b46c0fd16f8e79
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
   - name: rngd
     image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b
   - name: sshd
-    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
+    image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee
     binds:
      - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys
   - name: nginx
diff --git a/linuxkit.yml b/linuxkit.yml
index dc9c7526c..66c8464ea 100644
--- a/linuxkit.yml
+++ b/linuxkit.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
@@ -20,7 +20,7 @@ onshutdown:
     command: ["/bin/echo", "so long and thanks for all the fish"]
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
   - name: rngd
diff --git a/pkg/containerd/Dockerfile b/pkg/containerd/Dockerfile
index 76523bfda..48184b5f8 100644
--- a/pkg/containerd/Dockerfile
+++ b/pkg/containerd/Dockerfile
@@ -1,4 +1,4 @@
-FROM linuxkit/alpine:6832775a7e861ee2d7842e157688ece52d007142 as alpine
+FROM linuxkit/alpine:a39a433162a873519910a07beeb3e8db22529956 as alpine
 RUN \
   apk add \
   btrfs-progs-dev \
@@ -18,7 +18,7 @@ RUN mkdir -p $GOPATH/src/github.com/containerd && \
 WORKDIR $GOPATH/src/github.com/containerd/containerd
 RUN git checkout $CONTAINERD_COMMIT
 RUN make binaries EXTRA_FLAGS="-buildmode pie" EXTRA_LDFLAGS="-extldflags \\\"-fno-PIC -static\\\""
-RUN cp bin/containerd bin/ctr bin/containerd-shim bin/dist /usr/bin/
+RUN cp bin/containerd bin/ctr bin/containerd-shim /usr/bin/
 
 ADD cmd /go/src/cmd
 RUN cd /go/src/cmd/service && ./skanky-vendor.sh $GOPATH/src/github.com/containerd/containerd
@@ -30,7 +30,7 @@ COPY . .
 FROM scratch
 ENTRYPOINT []
 WORKDIR /
-COPY --from=alpine /usr/bin/containerd /usr/bin/ctr /usr/bin/dist /usr/bin/containerd-shim /go/bin/service /usr/bin/
+COPY --from=alpine /usr/bin/containerd /usr/bin/ctr /usr/bin/containerd-shim /go/bin/service /usr/bin/
 COPY --from=alpine /etc/containerd/config.toml /etc/containerd/
 COPY --from=alpine /usr/share/zoneinfo/UTC /etc/localtime
 COPY etc etc/
diff --git a/pkg/containerd/cmd/service/system_init.go b/pkg/containerd/cmd/service/system_init.go
index b3aa8b840..b412e707b 100644
--- a/pkg/containerd/cmd/service/system_init.go
+++ b/pkg/containerd/cmd/service/system_init.go
@@ -10,6 +10,7 @@ import (
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/namespaces"
 	"github.com/pkg/errors"
 )
@@ -17,7 +18,7 @@ import (
 func cleanupTask(ctx context.Context, ctr containerd.Container) error {
 	task, err := ctr.Task(ctx, nil)
 	if err != nil {
-		if err == containerd.ErrNoRunningTask {
+		if errdefs.IsNotFound(err) {
 			return nil
 		}
 		return errors.Wrap(err, "getting task")
@@ -36,7 +37,7 @@ func cleanupTask(ctx context.Context, ctr containerd.Container) error {
 	}(deleteCtx, deleteErr)
 
 	sig := syscall.SIGKILL
-	if err := task.Kill(ctx, sig); err != nil && err != containerd.ErrProcessExited {
+	if err := task.Kill(ctx, sig); err != nil && !errdefs.IsNotFound(err) {
 		return errors.Wrapf(err, "killing task with %q", sig)
 	}
 
diff --git a/pkg/getty/Dockerfile b/pkg/getty/Dockerfile
index c1f26bf57..031d172cf 100644
--- a/pkg/getty/Dockerfile
+++ b/pkg/getty/Dockerfile
@@ -29,4 +29,4 @@ COPY --from=mirror /out/ /
 COPY usr/ /usr/
 COPY etc/ /etc/
 CMD ["/usr/bin/rungetty.sh"]
-LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/usr/bin/dist:/usr/bin/dist", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'
+LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'
diff --git a/pkg/sshd/Dockerfile b/pkg/sshd/Dockerfile
index ea7247389..44c52d901 100644
--- a/pkg/sshd/Dockerfile
+++ b/pkg/sshd/Dockerfile
@@ -20,4 +20,4 @@ COPY etc/ /etc/
 COPY usr/ /usr/
 RUN mkdir -p /etc/ssh /root/.ssh && chmod 0700 /root/.ssh
 CMD ["/sbin/tini", "/usr/bin/ssh.sh"]
-LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/usr/bin/dist:/usr/bin/dist", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'
+LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'
diff --git a/projects/compose/compose-dynamic.yml b/projects/compose/compose-dynamic.yml
index c08451f23..ac29c01e7 100644
--- a/projects/compose/compose-dynamic.yml
+++ b/projects/compose/compose-dynamic.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
diff --git a/projects/compose/compose-static.yml b/projects/compose/compose-static.yml
index 80c4ee49a..83b61581d 100644
--- a/projects/compose/compose-static.yml
+++ b/projects/compose/compose-static.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
diff --git a/projects/etcd/etcd.yml b/projects/etcd/etcd.yml
index 088b2a14e..59ec6f70c 100644
--- a/projects/etcd/etcd.yml
+++ b/projects/etcd/etcd.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:12348442d56c2ee9abf13ff38dff2e36b515bd1e
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
diff --git a/projects/ima-namespace/ima-namespace.yml b/projects/ima-namespace/ima-namespace.yml
index d819dc266..81601748f 100644
--- a/projects/ima-namespace/ima-namespace.yml
+++ b/projects/ima-namespace/ima-namespace.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
   - linuxkit/ima-utils:dfeb3896fd29308b80ff9ba7fe5b8b767e40ca29
 onboot:
diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml
index c8060c19a..d05c10d37 100644
--- a/projects/kubernetes/kube-master.yml
+++ b/projects/kubernetes/kube-master.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
@@ -27,7 +27,7 @@ onboot:
       - /var/lib:/var/lib
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
   - name: rngd
@@ -37,7 +37,7 @@ services:
   - name: ntpd
     image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
   - name: sshd
-    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
+    image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee
   - name: docker
     image: docker:17.06.0-ce-dind
     capabilities:
diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml
index bd2e9e3a3..be538c8ca 100644
--- a/projects/kubernetes/kube-node.yml
+++ b/projects/kubernetes/kube-node.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
@@ -27,7 +27,7 @@ onboot:
       - /var/lib:/var/lib
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
   - name: rngd
@@ -37,7 +37,7 @@ services:
   - name: ntpd
     image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
   - name: sshd
-    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
+    image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee
   - name: docker
     image: docker:17.06.0-ce-dind
     capabilities:
diff --git a/projects/logging/examples/logging.yml b/projects/logging/examples/logging.yml
index 0347bb530..b56bdfc68 100644
--- a/projects/logging/examples/logging.yml
+++ b/projects/logging/examples/logging.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:12348442d56c2ee9abf13ff38dff2e36b515bd1e # with runc, logwrite, startmemlogd
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
   - linuxkit/memlogd:9b5834189f598f43c507f6938077113906f51012
 onboot:
diff --git a/projects/miragesdk/examples/fdd.yml b/projects/miragesdk/examples/fdd.yml
index cf8f2c6b1..31ef13d23 100644
--- a/projects/miragesdk/examples/fdd.yml
+++ b/projects/miragesdk/examples/fdd.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
   - samoht/fdd
 onboot:
diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml
index 76815d0c9..6f50e5cdb 100644
--- a/projects/miragesdk/examples/mirage-dhcp.yml
+++ b/projects/miragesdk/examples/mirage-dhcp.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
 onboot:
   - name: sysctl
     image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0
@@ -28,9 +28,9 @@ onboot:
      - /lib:/lib     # for ifconfig
 services:
   - name: sshd
-    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
+    image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
 files:
diff --git a/projects/okernel/examples/okernel_simple.yaml b/projects/okernel/examples/okernel_simple.yaml
index 91b90ecc9..752bb673b 100644
--- a/projects/okernel/examples/okernel_simple.yaml
+++ b/projects/okernel/examples/okernel_simple.yaml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
@@ -15,7 +15,7 @@ services:
   - name: dhcpcd
     image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
   - name: sshd
-    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
+    image: linuxkit/sshd:a00846032891f77f4f78b8a197e94e13a476a3ee
 files:
   - path: root/.ssh/authorized_keys
     source: ~/.ssh/id_rsa.pub
diff --git a/projects/shiftfs/shiftfs.yml b/projects/shiftfs/shiftfs.yml
index 25462163e..e13230fc9 100644
--- a/projects/shiftfs/shiftfs.yml
+++ b/projects/shiftfs/shiftfs.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
@@ -16,7 +16,7 @@ onboot:
     command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
     env:
      - INSECURE=true
   - name: rngd
diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml
index cc1be5b9a..78d67ee31 100644
--- a/projects/swarmd/swarmd.yml
+++ b/projects/swarmd/swarmd.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
diff --git a/projects/wireguard/wireguard.yml b/projects/wireguard/wireguard.yml
index c555e66c1..0fb0f5e6e 100644
--- a/projects/wireguard/wireguard.yml
+++ b/projects/wireguard/wireguard.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:4e9a83e890e6477dcd25029fc4f1ced61d0642f4
   - linuxkit/wireguard-utils:26fe3d38455f2d441549e3c54bdec1b26ac819b8
 onboot:
diff --git a/test/cases/010_platforms/010_hyperkit/010_acpi/test.yml b/test/cases/010_platforms/010_hyperkit/010_acpi/test.yml
index 9be90bc3f..4867cf6cb 100644
--- a/test/cases/010_platforms/010_hyperkit/010_acpi/test.yml
+++ b/test/cases/010_platforms/010_hyperkit/010_acpi/test.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
 services:
   - name: acpid
     image: linuxkit/acpid:1966310cb75e28ffc668863a6577ee991327f918
diff --git a/test/cases/030_security/000_docker-bench/test-docker-bench.yml b/test/cases/030_security/000_docker-bench/test-docker-bench.yml
index 877f0de26..6d2940376 100644
--- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml
+++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
diff --git a/test/cases/040_packages/003_containerd/test-containerd.yml b/test/cases/040_packages/003_containerd/test-containerd.yml
index 775bbe5d7..8cc540913 100644
--- a/test/cases/040_packages/003_containerd/test-containerd.yml
+++ b/test/cases/040_packages/003_containerd/test-containerd.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: sysctl
diff --git a/test/cases/040_packages/007_getty-containerd/test-ctr.yml b/test/cases/040_packages/007_getty-containerd/test-ctr.yml
index b5ac3ad6b..0072d425a 100644
--- a/test/cases/040_packages/007_getty-containerd/test-ctr.yml
+++ b/test/cases/040_packages/007_getty-containerd/test-ctr.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
   - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
 onboot:
   - name: dhcpcd
@@ -12,7 +12,7 @@ onboot:
     command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
 services:
   - name: getty
-    image: linuxkit/getty:0a2955f3d7a10a0e71972791c3ba6400118f327e
+    image: linuxkit/getty:9c32352b2a7b2f233de8741396afeb26b58f9a05
 files:
   - path: etc/getty.shadow
     # sample sets password for root to "abcdefgh" (without quotes)
diff --git a/test/cases/040_packages/007_getty-containerd/test.exp b/test/cases/040_packages/007_getty-containerd/test.exp
index 6b0c96e05..c6fd4b7f6 100755
--- a/test/cases/040_packages/007_getty-containerd/test.exp
+++ b/test/cases/040_packages/007_getty-containerd/test.exp
@@ -40,22 +40,22 @@ expect {
 
 expect {
     timeout {
-        puts "FAILED dist pull"
+        puts "FAILED ctr pull"
         exec kill -9 $pid
         exit 1
     }
     $prompt {
-	send "dist pull $image\n"
+	send "ctr pull $image\n"
     }
 }
 expect {
     timeout {
-        puts "FAILED dist pull"
+        puts "FAILED ctr pull"
         exec kill -9 $pid
         exit 1
     }
     $prompt {
-	puts "SUCCESS dist pull"
+	puts "SUCCESS ctr pull"
 	send "ctr run -t $image test\n"
     }
 }
diff --git a/test/hack/test-ltp.yml b/test/hack/test-ltp.yml
index e8018f051..4d4bff27e 100644
--- a/test/hack/test-ltp.yml
+++ b/test/hack/test-ltp.yml
@@ -4,7 +4,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
 onboot:
   - name: ltp
     image: linuxkit/test-ltp:6df23ac196332cafb9c0f8e32f328e22d612267d
diff --git a/test/hack/test.yml b/test/hack/test.yml
index 3a9b4f59d..6b2e207a1 100644
--- a/test/hack/test.yml
+++ b/test/hack/test.yml
@@ -6,7 +6,7 @@ kernel:
 init:
   - linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
   - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
-  - linuxkit/containerd:b6ffbb669248e3369081a6c4427026aa968a2385
+  - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
 onboot:
   - name: dhcpcd
     image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
diff --git a/tools/alpine/Dockerfile b/tools/alpine/Dockerfile
index 2018615b4..259935b49 100644
--- a/tools/alpine/Dockerfile
+++ b/tools/alpine/Dockerfile
@@ -50,5 +50,6 @@ COPY --from=mirror /Dockerfile /Dockerfile
 
 RUN apk update && apk upgrade -a
 
+# v1.0.0-alpha1 plus https://github.com/containerd/containerd/pull/1141
 ENV CONTAINERD_REPO=https://github.com/ijc/containerd.git
-ENV CONTAINERD_COMMIT=3455ffc08c553db0ca9fe60b4ba2b3e8a2dc960b
+ENV CONTAINERD_COMMIT=d42cb88ba2b08d2ca6c8c017d629b394bf1dd08c
diff --git a/tools/alpine/packages b/tools/alpine/packages
index e0912112e..2c7fd5ca2 100644
--- a/tools/alpine/packages
+++ b/tools/alpine/packages
@@ -85,4 +85,5 @@ xorriso
 xz
 xz-dev
 zfs
+xfsprogs-extra
 zlib-dev
diff --git a/tools/alpine/versions b/tools/alpine/versions
index 0fa55b7fa..cfa0d8456 100644
--- a/tools/alpine/versions
+++ b/tools/alpine/versions
@@ -1,6 +1,6 @@
-# linuxkit/alpine:3744607156e6b67e3e7d083b15be9e7722215e73
+# linuxkit/alpine:a39a433162a873519910a07beeb3e8db22529956
 # automatically generated list of installed packages
-abuild-3.0.0_rc2-r7
+abuild-3.0.0_rc2-r8
 alpine-baselayout-3.0.4-r0
 alpine-keys-2.1-r1
 alsa-lib-1.1.3-r0
@@ -216,6 +216,8 @@ vde2-libs-2.3.2-r7
 vim-8.0.0595-r0
 wayland-1.13.0-r0
 xfsprogs-4.5.0-r0
+xfsprogs-extra-4.5.0-r0
+xfsprogs-libs-4.5.0-r0
 xorriso-1.4.6-r0
 xz-5.2.3-r0
 xz-dev-5.2.3-r0