Bumped version to 0.3.1

* Registry: Improve checksum

CHANGELOG.md

@@ -1,6 +1,57 @@
 # Changelog
 
-## 0.2.0 (2012-04-23)
+## 0.3.1 (2013-05-08)
+ + Builder: Implement the autorun capability within docker builder
+ + Builder: Add caching to docker builder
+ + Builder: Add support for docker builder with native API as top level command
+ + Runtime: Add go version to debug infos
+ + Builder: Implement ENV within docker builder
+ + Registry: Add docker search top level command in order to search a repository
+ + Images: output graph of images to dot (graphviz)
+ + Documentation: new introduction and high-level overview
+ + Documentation: Add the documentation for docker builder
+ + Website: new high-level overview
+ - Makefile: Swap "go get" for "go get -d", especially to compile on go1.1rc
+ - Images: fix ByParent function
+ - Builder: Check the command existance prior create and add Unit tests for the case
+ - Registry: Fix pull for official images with specific tag
+ - Registry: Fix issue when login in with a different user and trying to push
+ - Documentation: CSS fix for docker documentation to make REST API docs look better.
+ - Documentation: Fixed CouchDB example page header mistake
+ - Documentation: fixed README formatting
+ * Registry: Improve checksum - async calculation
+ * Runtime: kernel version - don't show the dash if flavor is empty
+ * Documentation: updated www.docker.io website.
+ * Builder: use any whitespaces instead of tabs
+ * Packaging: packaging ubuntu; issue #510: Use goland-stable PPA package to build docker
+
+## 0.3.0 (2013-05-06)
+ + Registry: Implement the new registry
+ + Documentation: new example: sharing data between 2 couchdb databases
+ - Runtime: Fix the command existance check
+ - Runtime: strings.Split may return an empty string on no match
+ - Runtime: Fix an index out of range crash if cgroup memory is not
+ * Documentation: Various improvments
+ * Vagrant: Use only one deb line in /etc/apt
+
+## 0.2.2 (2013-05-03)
+ + Support for data volumes ('docker run -v=PATH')
+ + Share data volumes between containers ('docker run -volumes-from')
+ + Improved documentation
+ * Upgrade to Go 1.0.3
+ * Various upgrades to the dev environment for contributors
+
+## 0.2.1 (2013-05-01)
+ + 'docker commit -run' bundles a layer with default runtime options: command, ports etc.
+ * Improve install process on Vagrant
+ + New Dockerfile operation: "maintainer"
+ + New Dockerfile operation: "expose"
+ + New Dockerfile operation: "cmd"
+ + Contrib script to build a Debian base layer
+ + 'docker -d -r': restart crashed containers at daemon startup
+ * Runtime: improve test coverage
+
+## 0.2.0 (2013-04-23)
  - Runtime: ghost containers can be killed and waited for
  * Documentation: update install intructions
  - Packaging: fix Vagrantfile
@@ -8,13 +59,12 @@
  + Add a changelog
  - Various bugfixes
 
-
 ## 0.1.8 (2013-04-22)
  - Dynamically detect cgroup capabilities
  - Issue stability warning on kernels <3.8
  - 'docker push' buffers on disk instead of memory
  - Fix 'docker diff' for removed files
- - Fix 'docker stop' for ghost containers 
+ - Fix 'docker stop' for ghost containers
  - Fix handling of pidfile
  - Various bugfixes and stability improvements
 
@@ -35,7 +85,7 @@
  - Improve diagnosis of missing system capabilities
  - Allow disabling memory limits at compile time
  - Add debian packaging
- - Documentation: installing on Arch Linux 
+ - Documentation: installing on Arch Linux
  - Documentation: running Redis on docker
  - Fixed lxc 0.9 compatibility
  - Automatically load aufs module

Makefile

@@ -38,14 +38,15 @@ $(DOCKER_BIN): $(DOCKER_DIR)
 
 $(DOCKER_DIR):
 	@mkdir -p $(dir $@)
-	@rm -f $@
-	@ln -sf $(CURDIR)/ $@
-	@(cd $(DOCKER_MAIN); go get $(GO_OPTIONS))
+	@if [ -h $@ ]; then rm -f $@; fi; ln -sf $(CURDIR)/ $@
+	@(cd $(DOCKER_MAIN); go get -d $(GO_OPTIONS))
 
 whichrelease:
 	echo $(RELEASE_VERSION)
 
 release: $(BINRELEASE)
+	s3cmd -P put $(BINRELEASE) s3://get.docker.io/builds/`uname -s`/`uname -m`/docker-$(RELEASE_VERSION).tgz
+
 srcrelease: $(SRCRELEASE)
 deps: $(DOCKER_DIR)
 
@@ -75,4 +76,7 @@ fmt:
 	@gofmt -s -l -w .
 
 hack:
-	cd $(CURDIR)/buildbot && vagrant up
+	cd $(CURDIR)/hack && vagrant up
+
+ssh-dev:
+	cd $(CURDIR)/hack && vagrant ssh

README.md

@@ -1,37 +1,94 @@
-Docker: the Linux container runtime
-===================================
+Docker: the Linux container engine
+==================================
 
-Docker complements LXC with a high-level API which operates at the process level. It runs unix processes with strong guarantees of isolation and repeatability across servers.
+Docker is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers.
 
-Docker is a great building block for automating distributed systems: large-scale web deployments, database clusters, continuous deployment systems, private PaaS, service-oriented architectures, etc.
+Docker containers are both *hardware-agnostic* and *platform-agnostic*. This means that they can run anywhere, from your
+laptop to the largest EC2 compute instance and everything in between - and they don't require that you use a particular
+language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases
+and backend services without depending on a particular stack or provider.
+
+Docker is an open-source implementation of the deployment engine which powers [dotCloud](http://dotcloud.com), a popular Platform-as-a-Service.
+It benefits directly from the experience accumulated over several years of large-scale operation and support of hundreds of thousands
+of applications and databases.
 
 ![Docker L](docs/sources/static_files/lego_docker.jpg "Docker")
 
-* *Heterogeneous payloads*: any combination of binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, you name it. No more juggling between domain-specific tools. Docker can deploy and run them all.
+## Better than VMs
 
-* *Any server*: docker can run on any x64 machine with a modern linux kernel - whether it's a laptop, a bare metal server or a VM. This makes it perfect for multi-cloud deployments.
+A common method for distributing applications and sandbox their execution is to use virtual machines, or VMs. Typical VM formats
+are VMWare's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In theory these formats should allow every developer to
+automatically package their application into a "machine" for easy distribution and deployment. In practice, that almost never
+happens, for a few reasons:
 
-* *Isolation*: docker isolates processes from each other and from the underlying host, using lightweight containers.
+  * *Size*: VMs are very large which makes them impractical to store and transfer.
+  * *Performance*: running VMs consumes significant CPU and memory, which makes them impractical in many scenarios, for example local development of multi-tier applications, and
+  	large-scale deployment of cpu and memory-intensive applications on large numbers of machines.
+  * *Portability*: competing VM environments don't play well with each other. Although conversion tools do exist, they are limited and add even more overhead.
+  * *Hardware-centric*: VMs were designed with machine operators in mind, not software developers. As a result, they offer very limited tooling for what developers need most:
+  	building, testing and running their software. For example, VMs offer no facilities for application versioning, monitoring, configuration, logging or service discovery.
 
-* *Repeatability*: because containers are isolated in their own filesystem, they behave the same regardless of where, when, and alongside what they run.
+By contrast, Docker relies on a different sandboxing method known as *containerization*. Unlike traditional virtualization,
+containerization takes place at the kernel level. Most modern operating system kernels now support the primitives necessary
+for containerization, including Linux with [openvz](http://openvz.org), [vserver](http://linux-vserver.org) and more recently [lxc](http://lxc.sourceforge.net),
+	Solaris with [zones](http://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc) and FreeBSD with [Jails](http://www.freebsd.org/doc/handbook/jails.html).
+
+Docker builds on top of these low-level primitives to offer developers a portable format and runtime environment that solves
+all 4 problems. Docker containers are small (and their transfer can be optimized with layers), they have basically zero memory and cpu overhead,
+the are completely portable and are designed from the ground up with an application-centric design.
+
+The best part: because docker operates at the OS level, it can still be run inside a VM!
+
+## Plays well with others
+
+Docker does not require that you buy into a particular programming language, framework, packaging system or configuration language.
+
+Is your application a unix process? Does it use files, tcp connections, environment variables, standard unix streams and command-line
+arguments as inputs and outputs? Then docker can run it.
+
+Can your application's build be expressed a sequence of such commands? Then docker can build it.
 
 
-Notable features
------------------
+## Escape dependency hell
 
-* Filesystem isolation: each process container runs in a completely separate root filesystem.
+A common problem for developers is the difficulty of managing all their application's dependencies in a simple and automated way.
 
-* Resource isolation: system resources like cpu and memory can be allocated differently to each process container, using cgroups.
+This is usually difficult for several reasons:
 
-* Network isolation: each process container runs in its own network namespace, with a virtual interface and IP address of its own.
+  * *Cross-platform dependencies*. Modern applications often depend on a combination of system libraries and binaries, language-specific packages, framework-specific modules,
+  	internal components developed for another project, etc. These dependencies live in different "worlds" and require different tools - these tools typically don't work
+	well with each other, requiring awkward custom integrations.
 
-* Copy-on-write: root filesystems are created using copy-on-write, which makes deployment extremely fast, memory-cheap and disk-cheap.
+  * Conflicting dependencies. Different applications may depend on different versions of the same dependency. Packaging tools handle these situations with various degrees of ease -
+  	but they all handle them in different and incompatible ways, which again forces the developer to do extra work.
+  
+  * Custom dependencies. A developer may need to prepare a custom version of his application's dependency. Some packaging systems can handle custom versions of a dependency,
+  	others can't - and all of them handle it differently.
 
-* Logging: the standard streams (stdout/stderr/stdin) of each process container are collected and logged for real-time or batch retrieval.
 
-* Change management: changes to a container's filesystem can be committed into a new image and re-used to create more containers. No templating or manual configuration required.
+Docker solves dependency hell by giving the developer a simple way to express *all* his application's dependencies in one place,
+and streamline the process of assembling them. If this makes you think of [XKCD 927](http://xkcd.com/927/), don't worry. Docker doesn't
+*replace* your favorite packaging systems. It simply orchestrates their use in a simple and repeatable way. How does it do that? With layers.
+
+Docker defines a build as running a sequence unix commands, one after the other, in the same container. Build commands modify the contents of the container
+(usually by installing new files on the filesystem), the next command modifies it some more, etc. Since each build command inherits the result of the previous
+commands, the *order* in which the commands are executed expresses *dependencies*.
+
+Here's a typical docker build process:
+
+```bash
+from	ubuntu:12.10
+run	apt-get update
+run	apt-get install python
+run	apt-get install python-pip
+run	pip install django
+run	apt-get install curl
+run	curl http://github.com/shykes/helloflask/helloflask/master.tar.gz | tar -zxv
+run	cd master && pip install -r requirements.txt
+```
+
+Note that Docker doesn't care *how* dependencies are built - as long as they can be built by running a unix command in a container.
 
-* Interactive shell: docker can allocate a pseudo-tty and attach to the standard input of any container, for example to run a throwaway interactive shell.
 
 Install instructions
 ==================

Vagrantfile

@@ -1,55 +1,27 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 
-def v10(config)
-  config.vm.box = 'precise64'
-  config.vm.box_url = 'http://files.vagrantup.com/precise64.box'
+BOX_NAME = ENV['BOX_NAME'] || "ubuntu"
+BOX_URI = ENV['BOX_URI'] || "http://files.vagrantup.com/precise64.box"
+PPA_KEY = "E61D797F63561DC6"
 
-  # Install ubuntu packaging dependencies and create ubuntu packages
-  config.vm.provision :shell, :inline => "echo 'deb http://ppa.launchpad.net/dotcloud/lxc-docker/ubuntu precise main' >>/etc/apt/sources.list"
-  config.vm.provision :shell, :inline => 'export DEBIAN_FRONTEND=noninteractive; apt-get -qq update; apt-get install -qq -y --force-yes lxc-docker'
-end
-
-Vagrant::VERSION < "1.1.0" and Vagrant::Config.run do |config|
-  v10(config)
-end
-
-Vagrant::VERSION >= "1.1.0" and Vagrant.configure("1") do |config|
-  v10(config)
+Vagrant::Config.run do |config|
+  # Setup virtual machine box. This VM configuration code is always executed.
+  config.vm.box = BOX_NAME
+  config.vm.box_url = BOX_URI
+  # Add docker PPA key to the local repository and install docker
+  pkg_cmd = "apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys #{PPA_KEY}; "
+  pkg_cmd << "echo 'deb http://ppa.launchpad.net/dotcloud/lxc-docker/ubuntu precise main' >/etc/apt/sources.list.d/lxc-docker.list; "
+  pkg_cmd << "apt-get update -qq; apt-get install -q -y lxc-docker"
+  if ARGV.include?("--provider=aws".downcase)
+    # Add AUFS dependency to amazon's VM
+    pkg_cmd << "; apt-get install linux-image-extra-3.2.0-40-virtual"
+  end
+  config.vm.provision :shell, :inline => pkg_cmd
 end
 
+# Providers were added on Vagrant >= 1.1.0
 Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
-  config.vm.provider :aws do |aws|
-    config.vm.box = "dummy"
-    config.vm.box_url = "https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box"
-    aws.access_key_id = ENV["AWS_ACCESS_KEY_ID"]
-    aws.secret_access_key =     ENV["AWS_SECRET_ACCESS_KEY"]
-    aws.keypair_name = ENV["AWS_KEYPAIR_NAME"]
-    aws.ssh_private_key_path = ENV["AWS_SSH_PRIVKEY"]
-    aws.region = "us-east-1"
-    aws.ami = "ami-d0f89fb9"
-    aws.ssh_username = "ubuntu"
-    aws.instance_type = "t1.micro"
-  end
-
-  config.vm.provider :rackspace do |rs|
-    config.vm.box = "dummy"
-    config.vm.box_url = "https://github.com/mitchellh/vagrant-rackspace/raw/master/dummy.box"
-    config.ssh.private_key_path = ENV["RS_PRIVATE_KEY"]
-    rs.username = ENV["RS_USERNAME"]
-    rs.api_key  = ENV["RS_API_KEY"]
-    rs.public_key_path = ENV["RS_PUBLIC_KEY"]
-    rs.flavor   = /512MB/
-    rs.image    = /Ubuntu/
-  end
-
-  config.vm.provider :virtualbox do |vb|
-    config.vm.box = 'precise64'
-    config.vm.box_url = 'http://files.vagrantup.com/precise64.box'
-  end
-end
-
-Vagrant::VERSION >= "1.2.0" and Vagrant.configure("2") do |config|
   config.vm.provider :aws do |aws, override|
     config.vm.box = "dummy"
     config.vm.box_url = "https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box"
@@ -75,8 +47,7 @@ Vagrant::VERSION >= "1.2.0" and Vagrant.configure("2") do |config|
   end
 
   config.vm.provider :virtualbox do |vb|
-    config.vm.box = 'precise64'
-    config.vm.box_url = 'http://files.vagrantup.com/precise64.box'
+    config.vm.box = BOX_NAME
+    config.vm.box_url = BOX_URI
   end
-
 end

auth/auth.go

@@ -3,7 +3,6 @@ package auth
 import (
 	"encoding/base64"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -16,7 +15,7 @@ import (
 const CONFIGFILE = ".dockercfg"
 
 // the registry server we want to login against
-const REGISTRY_SERVER = "https://registry.docker.io"
+const INDEX_SERVER = "https://index.docker.io"
 
 type AuthConfig struct {
 	Username string `json:"username"`
@@ -76,6 +75,9 @@ func LoadConfig(rootPath string) (*AuthConfig, error) {
 		return nil, err
 	}
 	arr := strings.Split(string(b), "\n")
+	if len(arr) < 2 {
+		return nil, fmt.Errorf("The Auth config file is empty")
+	}
 	origAuth := strings.Split(arr[0], " = ")
 	origEmail := strings.Split(arr[1], " = ")
 	authConfig, err := DecodeAuth(origAuth[1])
@@ -89,9 +91,14 @@ func LoadConfig(rootPath string) (*AuthConfig, error) {
 
 // save the auth config
 func saveConfig(rootPath, authStr string, email string) error {
+	confFile := path.Join(rootPath, CONFIGFILE)
+	if len(email) == 0 {
+		os.Remove(confFile)
+		return nil
+	}
 	lines := "auth = " + authStr + "\n" + "email = " + email + "\n"
 	b := []byte(lines)
-	err := ioutil.WriteFile(path.Join(rootPath, CONFIGFILE), b, 0600)
+	err := ioutil.WriteFile(confFile, b, 0600)
 	if err != nil {
 		return err
 	}
@@ -101,40 +108,38 @@ func saveConfig(rootPath, authStr string, email string) error {
 // try to register/login to the registry server
 func Login(authConfig *AuthConfig) (string, error) {
 	storeConfig := false
+	client := &http.Client{}
 	reqStatusCode := 0
 	var status string
-	var errMsg string
 	var reqBody []byte
 	jsonBody, err := json.Marshal(authConfig)
 	if err != nil {
-		errMsg = fmt.Sprintf("Config Error: %s", err)
-		return "", errors.New(errMsg)
+		return "", fmt.Errorf("Config Error: %s", err)
 	}
 
 	// using `bytes.NewReader(jsonBody)` here causes the server to respond with a 411 status.
 	b := strings.NewReader(string(jsonBody))
-	req1, err := http.Post(REGISTRY_SERVER+"/v1/users", "application/json; charset=utf-8", b)
+	req1, err := http.Post(INDEX_SERVER+"/v1/users/", "application/json; charset=utf-8", b)
 	if err != nil {
-		errMsg = fmt.Sprintf("Server Error: %s", err)
-		return "", errors.New(errMsg)
+		return "", fmt.Errorf("Server Error: %s", err)
 	}
-
 	reqStatusCode = req1.StatusCode
 	defer req1.Body.Close()
 	reqBody, err = ioutil.ReadAll(req1.Body)
 	if err != nil {
-		errMsg = fmt.Sprintf("Server Error: [%#v] %s", reqStatusCode, err)
-		return "", errors.New(errMsg)
+		return "", fmt.Errorf("Server Error: [%#v] %s", reqStatusCode, err)
 	}
 
 	if reqStatusCode == 201 {
-		status = "Account Created\n"
+		status = "Account created. Please use the confirmation link we sent" +
+			" to your e-mail to activate it.\n"
 		storeConfig = true
+	} else if reqStatusCode == 403 {
+		return "", fmt.Errorf("Login: Your account hasn't been activated. " +
+			"Please check your e-mail for a confirmation link.")
 	} else if reqStatusCode == 400 {
-		// FIXME: This should be 'exists', not 'exist'. Need to change on the server first.
-		if string(reqBody) == "Username or email already exist" {
-			client := &http.Client{}
-			req, err := http.NewRequest("GET", REGISTRY_SERVER+"/v1/users", nil)
+		if string(reqBody) == "\"Username or email already exists\"" {
+			req, err := http.NewRequest("GET", INDEX_SERVER+"/v1/users/", nil)
 			req.SetBasicAuth(authConfig.Username, authConfig.Password)
 			resp, err := client.Do(req)
 			if err != nil {
@@ -148,17 +153,18 @@ func Login(authConfig *AuthConfig) (string, error) {
 			if resp.StatusCode == 200 {
 				status = "Login Succeeded\n"
 				storeConfig = true
+			} else if resp.StatusCode == 401 {
+				saveConfig(authConfig.rootPath, "", "")
+				return "", fmt.Errorf("Wrong login/password, please try again")
 			} else {
-				status = fmt.Sprintf("Login: %s", body)
-				return "", errors.New(status)
+				return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,
+					resp.StatusCode, resp.Header)
 			}
 		} else {
-			status = fmt.Sprintf("Registration: %s", reqBody)
-			return "", errors.New(status)
+			return "", fmt.Errorf("Registration: %s", reqBody)
 		}
 	} else {
-		status = fmt.Sprintf("[%s] : %s", reqStatusCode, reqBody)
-		return "", errors.New(status)
+		return "", fmt.Errorf("Unexpected status code [%d] : %s", reqStatusCode, reqBody)
 	}
 	if storeConfig {
 		authStr := EncodeAuth(authConfig)

builder.go

@@ -2,47 +2,156 @@ package docker
 
 import (
 	"bufio"
+	"encoding/json"
 	"fmt"
 	"io"
+	"os"
+	"path"
 	"strings"
+	"time"
 )
 
 type Builder struct {
-	runtime *Runtime
+	runtime      *Runtime
+	repositories *TagStore
+	graph        *Graph
 }
 
 func NewBuilder(runtime *Runtime) *Builder {
 	return &Builder{
-		runtime: runtime,
+		runtime:      runtime,
+		graph:        runtime.graph,
+		repositories: runtime.repositories,
 	}
 }
 
-func (builder *Builder) Run(image *Image, cmd ...string) (*Container, error) {
-	// FIXME: pass a NopWriter instead of nil
-	config, err := ParseRun(append([]string{"-d", image.Id}, cmd...), nil, builder.runtime.capabilities)
-	if config.Image == "" {
-		return nil, fmt.Errorf("Image not specified")
+func (builder *Builder) mergeConfig(userConf, imageConf *Config) {
+	if userConf.Hostname != "" {
+		userConf.Hostname = imageConf.Hostname
 	}
-	if len(config.Cmd) == 0 {
-		return nil, fmt.Errorf("Command not specified")
+	if userConf.User != "" {
+		userConf.User = imageConf.User
 	}
-	if config.Tty {
-		return nil, fmt.Errorf("The tty mode is not supported within the builder")
+	if userConf.Memory == 0 {
+		userConf.Memory = imageConf.Memory
 	}
+	if userConf.MemorySwap == 0 {
+		userConf.MemorySwap = imageConf.MemorySwap
+	}
+	if userConf.PortSpecs == nil || len(userConf.PortSpecs) == 0 {
+		userConf.PortSpecs = imageConf.PortSpecs
+	}
+	if !userConf.Tty {
+		userConf.Tty = userConf.Tty
+	}
+	if !userConf.OpenStdin {
+		userConf.OpenStdin = imageConf.OpenStdin
+	}
+	if !userConf.StdinOnce {
+		userConf.StdinOnce = imageConf.StdinOnce
+	}
+	if userConf.Env == nil || len(userConf.Env) == 0 {
+		userConf.Env = imageConf.Env
+	}
+	if userConf.Cmd == nil || len(userConf.Cmd) == 0 {
+		userConf.Cmd = imageConf.Cmd
+	}
+	if userConf.Dns == nil || len(userConf.Dns) == 0 {
+		userConf.Dns = imageConf.Dns
+	}
+}
 
-	// Create new container
-	container, err := builder.runtime.Create(config)
+func (builder *Builder) Create(config *Config) (*Container, error) {
+	// Lookup image
+	img, err := builder.repositories.LookupImage(config.Image)
 	if err != nil {
 		return nil, err
 	}
-	if err := container.Start(); err != nil {
+
+	if img.Config != nil {
+		builder.mergeConfig(config, img.Config)
+	}
+
+	if config.Cmd == nil || len(config.Cmd) == 0 {
+		return nil, fmt.Errorf("No command specified")
+	}
+
+	// Generate id
+	id := GenerateId()
+	// Generate default hostname
+	// FIXME: the lxc template no longer needs to set a default hostname
+	if config.Hostname == "" {
+		config.Hostname = id[:12]
+	}
+
+	container := &Container{
+		// FIXME: we should generate the ID here instead of receiving it as an argument
+		Id:              id,
+		Created:         time.Now(),
+		Path:            config.Cmd[0],
+		Args:            config.Cmd[1:], //FIXME: de-duplicate from config
+		Config:          config,
+		Image:           img.Id, // Always use the resolved image id
+		NetworkSettings: &NetworkSettings{},
+		// FIXME: do we need to store this in the container?
+		SysInitPath: sysInitPath,
+	}
+	container.root = builder.runtime.containerRoot(container.Id)
+	// Step 1: create the container directory.
+	// This doubles as a barrier to avoid race conditions.
+	if err := os.Mkdir(container.root, 0700); err != nil {
+		return nil, err
+	}
+
+	// If custom dns exists, then create a resolv.conf for the container
+	if len(config.Dns) > 0 {
+		container.ResolvConfPath = path.Join(container.root, "resolv.conf")
+		f, err := os.Create(container.ResolvConfPath)
+		if err != nil {
+			return nil, err
+		}
+		defer f.Close()
+		for _, dns := range config.Dns {
+			if _, err := f.Write([]byte("nameserver " + dns + "\n")); err != nil {
+				return nil, err
+			}
+		}
+	} else {
+		container.ResolvConfPath = "/etc/resolv.conf"
+	}
+
+	// Step 2: save the container json
+	if err := container.ToDisk(); err != nil {
+		return nil, err
+	}
+	// Step 3: register the container
+	if err := builder.runtime.Register(container); err != nil {
 		return nil, err
 	}
 	return container, nil
 }
 
-func (builder *Builder) Commit(container *Container, repository, tag, comment, author string) (*Image, error) {
-	return builder.runtime.Commit(container.Id, repository, tag, comment, author)
+// Commit creates a new filesystem image from the current state of a container.
+// The image can optionally be tagged into a repository
+func (builder *Builder) Commit(container *Container, repository, tag, comment, author string, config *Config) (*Image, error) {
+	// FIXME: freeze the container before copying it to avoid data corruption?
+	// FIXME: this shouldn't be in commands.
+	rwTar, err := container.ExportRw()
+	if err != nil {
+		return nil, err
+	}
+	// Create a new image from the container's base layers + a new layer from container changes
+	img, err := builder.graph.Create(rwTar, container, comment, author, config)
+	if err != nil {
+		return nil, err
+	}
+	// Register the image if needed
+	if repository != "" {
+		if err := builder.repositories.Set(repository, tag, img.Id, true); err != nil {
+			return img, err
+		}
+	}
+	return img, nil
 }
 
 func (builder *Builder) clearTmp(containers, images map[string]struct{}) {
@@ -57,9 +166,41 @@ func (builder *Builder) clearTmp(containers, images map[string]struct{}) {
 	}
 }
 
-func (builder *Builder) Build(dockerfile io.Reader, stdout io.Writer) error {
+func (builder *Builder) getCachedImage(image *Image, config *Config) (*Image, error) {
+	// Retrieve all images
+	images, err := builder.graph.All()
+	if err != nil {
+		return nil, err
+	}
+
+	// Store the tree in a map of map (map[parentId][childId])
+	imageMap := make(map[string]map[string]struct{})
+	for _, img := range images {
+		if _, exists := imageMap[img.Parent]; !exists {
+			imageMap[img.Parent] = make(map[string]struct{})
+		}
+		imageMap[img.Parent][img.Id] = struct{}{}
+	}
+
+	// Loop on the children of the given image and check the config
+	for elem := range imageMap[image.Id] {
+		img, err := builder.graph.Get(elem)
+		if err != nil {
+			return nil, err
+		}
+		if CompareConfig(&img.ContainerConfig, config) {
+			return img, nil
+		}
+	}
+	return nil, nil
+}
+
+func (builder *Builder) Build(dockerfile io.Reader, stdout io.Writer) (*Image, error) {
 	var (
 		image, base   *Image
+		config        *Config
+		maintainer    string
+		env           map[string]string   = make(map[string]string)
 		tmpContainers map[string]struct{} = make(map[string]struct{})
 		tmpImages     map[string]struct{} = make(map[string]struct{})
 	)
@@ -72,88 +213,242 @@ func (builder *Builder) Build(dockerfile io.Reader, stdout io.Writer) error {
 			if err == io.EOF {
 				break
 			}
-			return err
+			return nil, err
 		}
-		line = strings.TrimSpace(line)
+		line = strings.Replace(strings.TrimSpace(line), "	", " ", 1)
 		// Skip comments and empty line
 		if len(line) == 0 || line[0] == '#' {
 			continue
 		}
-		tmp := strings.SplitN(line, "	", 2)
+		tmp := strings.SplitN(line, " ", 2)
 		if len(tmp) != 2 {
-			return fmt.Errorf("Invalid Dockerfile format")
+			return nil, fmt.Errorf("Invalid Dockerfile format")
 		}
-		switch tmp[0] {
+		instruction := strings.Trim(tmp[0], " ")
+		arguments := strings.Trim(tmp[1], " ")
+		switch strings.ToLower(instruction) {
 		case "from":
-			fmt.Fprintf(stdout, "FROM %s\n", tmp[1])
-			image, err = builder.runtime.repositories.LookupImage(tmp[1])
+			fmt.Fprintf(stdout, "FROM %s\n", arguments)
+			image, err = builder.runtime.repositories.LookupImage(arguments)
 			if err != nil {
-				return err
+				if builder.runtime.graph.IsNotExist(err) {
+
+					var tag, remote string
+					if strings.Contains(arguments, ":") {
+						remoteParts := strings.Split(arguments, ":")
+						tag = remoteParts[1]
+						remote = remoteParts[0]
+					} else {
+						remote = arguments
+					}
+
+					if err := builder.runtime.graph.PullRepository(stdout, remote, tag, builder.runtime.repositories, builder.runtime.authConfig); err != nil {
+						return nil, err
+					}
+
+					image, err = builder.runtime.repositories.LookupImage(arguments)
+					if err != nil {
+						return nil, err
+					}
+				} else {
+					return nil, err
+				}
 			}
+			config = &Config{}
+
+			break
+		case "maintainer":
+			fmt.Fprintf(stdout, "MAINTAINER %s\n", arguments)
+			maintainer = arguments
 			break
 		case "run":
-			fmt.Fprintf(stdout, "RUN %s\n", tmp[1])
+			fmt.Fprintf(stdout, "RUN %s\n", arguments)
 			if image == nil {
-				return fmt.Errorf("Please provide a source image with `from` prior to run")
+				return nil, fmt.Errorf("Please provide a source image with `from` prior to run")
+			}
+			config, err := ParseRun([]string{image.Id, "/bin/sh", "-c", arguments}, nil, builder.runtime.capabilities)
+			if err != nil {
+				return nil, err
 			}
 
+			for key, value := range env {
+				config.Env = append(config.Env, fmt.Sprintf("%s=%s", key, value))
+			}
+
+			if cache, err := builder.getCachedImage(image, config); err != nil {
+				return nil, err
+			} else if cache != nil {
+				image = cache
+				fmt.Fprintf(stdout, "===> %s\n", image.ShortId())
+				break
+			}
+
+			Debugf("Env -----> %v ------ %v\n", config.Env, env)
+
 			// Create the container and start it
-			c, err := builder.Run(image, "/bin/sh", "-c", tmp[1])
+			c, err := builder.Create(config)
 			if err != nil {
-				return err
+				return nil, err
+			}
+
+			if os.Getenv("DEBUG") != "" {
+				out, _ := c.StdoutPipe()
+				err2, _ := c.StderrPipe()
+				go io.Copy(os.Stdout, out)
+				go io.Copy(os.Stdout, err2)
+			}
+
+			if err := c.Start(); err != nil {
+				return nil, err
 			}
 			tmpContainers[c.Id] = struct{}{}
 
 			// Wait for it to finish
 			if result := c.Wait(); result != 0 {
-				return fmt.Errorf("!!! '%s' return non-zero exit code '%d'. Aborting.", tmp[1], result)
+				return nil, fmt.Errorf("!!! '%s' return non-zero exit code '%d'. Aborting.", arguments, result)
 			}
 
 			// Commit the container
-			base, err = builder.Commit(c, "", "", "", "")
+			base, err = builder.Commit(c, "", "", "", maintainer, nil)
 			if err != nil {
-				return err
+				return nil, err
 			}
 			tmpImages[base.Id] = struct{}{}
 
 			fmt.Fprintf(stdout, "===> %s\n", base.ShortId())
-			break
-		case "copy":
-			if image == nil {
-				return fmt.Errorf("Please provide a source image with `from` prior to copy")
-			}
-			tmp2 := strings.SplitN(tmp[1], " ", 2)
-			if len(tmp) != 2 {
-				return fmt.Errorf("Invalid COPY format")
-			}
-			fmt.Fprintf(stdout, "COPY %s to %s in %s\n", tmp2[0], tmp2[1], base.ShortId())
 
-			file, err := Download(tmp2[0], stdout)
+			// use the base as the new image
+			image = base
+
+			break
+		case "env":
+			tmp := strings.SplitN(arguments, " ", 2)
+			if len(tmp) != 2 {
+				return nil, fmt.Errorf("Invalid ENV format")
+			}
+			key := strings.Trim(tmp[0], " ")
+			value := strings.Trim(tmp[1], " ")
+			fmt.Fprintf(stdout, "ENV %s %s\n", key, value)
+			env[key] = value
+			if image != nil {
+				fmt.Fprintf(stdout, "===> %s\n", image.ShortId())
+			} else {
+				fmt.Fprintf(stdout, "===> <nil>\n")
+			}
+			break
+		case "cmd":
+			fmt.Fprintf(stdout, "CMD %s\n", arguments)
+
+			// Create the container and start it
+			c, err := builder.Create(&Config{Image: image.Id, Cmd: []string{"", ""}})
 			if err != nil {
-				return err
+				return nil, err
+			}
+			if err := c.Start(); err != nil {
+				return nil, err
+			}
+			tmpContainers[c.Id] = struct{}{}
+
+			cmd := []string{}
+			if err := json.Unmarshal([]byte(arguments), &cmd); err != nil {
+				return nil, err
+			}
+			config.Cmd = cmd
+
+			// Commit the container
+			base, err = builder.Commit(c, "", "", "", maintainer, config)
+			if err != nil {
+				return nil, err
+			}
+			tmpImages[base.Id] = struct{}{}
+
+			fmt.Fprintf(stdout, "===> %s\n", base.ShortId())
+			image = base
+			break
+		case "expose":
+			ports := strings.Split(arguments, " ")
+
+			fmt.Fprintf(stdout, "EXPOSE %v\n", ports)
+			if image == nil {
+				return nil, fmt.Errorf("Please provide a source image with `from` prior to copy")
+			}
+
+			// Create the container and start it
+			c, err := builder.Create(&Config{Image: image.Id, Cmd: []string{"", ""}})
+			if err != nil {
+				return nil, err
+			}
+			if err := c.Start(); err != nil {
+				return nil, err
+			}
+			tmpContainers[c.Id] = struct{}{}
+
+			config.PortSpecs = append(ports, config.PortSpecs...)
+
+			// Commit the container
+			base, err = builder.Commit(c, "", "", "", maintainer, config)
+			if err != nil {
+				return nil, err
+			}
+			tmpImages[base.Id] = struct{}{}
+
+			fmt.Fprintf(stdout, "===> %s\n", base.ShortId())
+			image = base
+			break
+		case "insert":
+			if image == nil {
+				return nil, fmt.Errorf("Please provide a source image with `from` prior to copy")
+			}
+			tmp = strings.SplitN(arguments, " ", 2)
+			if len(tmp) != 2 {
+				return nil, fmt.Errorf("Invalid INSERT format")
+			}
+			sourceUrl := strings.Trim(tmp[0], " ")
+			destPath := strings.Trim(tmp[1], " ")
+			fmt.Fprintf(stdout, "COPY %s to %s in %s\n", sourceUrl, destPath, base.ShortId())
+
+			file, err := Download(sourceUrl, stdout)
+			if err != nil {
+				return nil, err
 			}
 			defer file.Body.Close()
 
-			c, err := builder.Run(base, "echo", "insert", tmp2[0], tmp2[1])
+			config, err := ParseRun([]string{base.Id, "echo", "insert", sourceUrl, destPath}, nil, builder.runtime.capabilities)
 			if err != nil {
-				return err
+				return nil, err
+			}
+			c, err := builder.Create(config)
+			if err != nil {
+				return nil, err
 			}
 
-			if err := c.Inject(file.Body, tmp2[1]); err != nil {
-				return err
+			if err := c.Start(); err != nil {
+				return nil, err
 			}
 
-			base, err = builder.Commit(c, "", "", "", "")
+			// Wait for echo to finish
+			if result := c.Wait(); result != 0 {
+				return nil, fmt.Errorf("!!! '%s' return non-zero exit code '%d'. Aborting.", arguments, result)
+			}
+
+			if err := c.Inject(file.Body, destPath); err != nil {
+				return nil, err
+			}
+
+			base, err = builder.Commit(c, "", "", "", maintainer, nil)
 			if err != nil {
-				return err
+				return nil, err
 			}
 			fmt.Fprintf(stdout, "===> %s\n", base.ShortId())
+
+			image = base
+
 			break
 		default:
-			fmt.Fprintf(stdout, "Skipping unknown op %s\n", tmp[0])
+			fmt.Fprintf(stdout, "Skipping unknown instruction %s\n", strings.ToUpper(instruction))
 		}
 	}
-	if base != nil {
+	if image != nil {
 		// The build is successful, keep the temporary containers and images
 		for i := range tmpImages {
 			delete(tmpImages, i)
@@ -161,9 +456,8 @@ func (builder *Builder) Build(dockerfile io.Reader, stdout io.Writer) error {
 		for i := range tmpContainers {
 			delete(tmpContainers, i)
 		}
-		fmt.Fprintf(stdout, "Build finished. image id: %s\n", base.ShortId())
-	} else {
-		fmt.Fprintf(stdout, "An error occured during the build\n")
+		fmt.Fprintf(stdout, "Build finished. image id: %s\n", image.ShortId())
+		return image, nil
 	}
-	return nil
+	return nil, fmt.Errorf("An error occured during the build\n")
 }

builder_test.go

@@ -0,0 +1,88 @@
+package docker
+
+import (
+	"strings"
+	"testing"
+)
+
+const Dockerfile = `
+# VERSION		0.1
+# DOCKER-VERSION	0.2
+
+from   ` + unitTestImageName + `
+run    sh -c 'echo root:testpass > /tmp/passwd'
+run    mkdir -p /var/run/sshd
+insert https://raw.github.com/dotcloud/docker/master/CHANGELOG.md /tmp/CHANGELOG.md
+`
+
+func TestBuild(t *testing.T) {
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	builder := NewBuilder(runtime)
+
+	img, err := builder.Build(strings.NewReader(Dockerfile), &nopWriter{})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	container, err := builder.Create(
+		&Config{
+			Image: img.Id,
+			Cmd:   []string{"cat", "/tmp/passwd"},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container)
+
+	output, err := container.Output()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(output) != "root:testpass\n" {
+		t.Fatalf("Unexpected output. Read '%s', expected '%s'", output, "root:testpass\n")
+	}
+
+	container2, err := builder.Create(
+		&Config{
+			Image: img.Id,
+			Cmd:   []string{"ls", "-d", "/var/run/sshd"},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container2)
+
+	output, err = container2.Output()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(output) != "/var/run/sshd\n" {
+		t.Fatal("/var/run/sshd has not been created")
+	}
+
+	container3, err := builder.Create(
+		&Config{
+			Image: img.Id,
+			Cmd:   []string{"cat", "/tmp/CHANGELOG.md"},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container3)
+
+	output, err = container3.Output()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(output) == 0 {
+		t.Fatal("/tmp/CHANGELOG.md has not been copied")
+	}
+}

commands.go

@@ -6,11 +6,13 @@ import (
 	"fmt"
 	"github.com/dotcloud/docker/auth"
 	"github.com/dotcloud/docker/rcli"
+	"github.com/shin-/cookiejar"
 	"io"
 	"log"
 	"net/http"
 	"net/url"
 	"os"
+	"path/filepath"
 	"runtime"
 	"strconv"
 	"strings"
@@ -19,7 +21,7 @@ import (
 	"unicode"
 )
 
-const VERSION = "0.2.0"
+const VERSION = "0.3.1"
 
 var (
 	GIT_COMMIT string
@@ -34,7 +36,7 @@ func (srv *Server) Help() string {
 	help := "Usage: docker COMMAND [arg...]\n\nA self-sufficient runtime for linux containers.\n\nCommands:\n"
 	for _, cmd := range [][]string{
 		{"attach", "Attach to a running container"},
-		{"build", "Build a container from Dockerfile"},
+		{"build", "Build a container from Dockerfile via stdin"},
 		{"commit", "Create a new image from a container's changes"},
 		{"diff", "Inspect changes on a container's filesystem"},
 		{"export", "Stream the contents of a container as a tar archive"},
@@ -55,6 +57,7 @@ func (srv *Server) Help() string {
 		{"rm", "Remove a container"},
 		{"rmi", "Remove an image"},
 		{"run", "Run a command in a new container"},
+		{"search", "Search for an image in the docker index"},
 		{"start", "Start a stopped container"},
 		{"stop", "Stop a running container"},
 		{"tag", "Tag an image into a repository"},
@@ -90,8 +93,13 @@ func (srv *Server) CmdInsert(stdin io.ReadCloser, stdout rcli.DockerConn, args .
 	}
 	defer file.Body.Close()
 
+	config, err := ParseRun([]string{img.Id, "echo", "insert", url, path}, nil, srv.runtime.capabilities)
+	if err != nil {
+		return err
+	}
+
 	b := NewBuilder(srv.runtime)
-	c, err := b.Run(img, "echo", "insert", url, path)
+	c, err := b.Create(config)
 	if err != nil {
 		return err
 	}
@@ -100,7 +108,7 @@ func (srv *Server) CmdInsert(stdin io.ReadCloser, stdout rcli.DockerConn, args .
 		return err
 	}
 	// FIXME: Handle custom repo, tag comment, author
-	img, err = b.Commit(c, "", "", img.Comment, img.Author)
+	img, err = b.Commit(c, "", "", img.Comment, img.Author, nil)
 	if err != nil {
 		return err
 	}
@@ -110,28 +118,16 @@ func (srv *Server) CmdInsert(stdin io.ReadCloser, stdout rcli.DockerConn, args .
 
 func (srv *Server) CmdBuild(stdin io.ReadCloser, stdout rcli.DockerConn, args ...string) error {
 	stdout.Flush()
-	cmd := rcli.Subcmd(stdout, "build", "[Dockerfile|-]", "Build a container from Dockerfile")
+	cmd := rcli.Subcmd(stdout, "build", "-", "Build a container from Dockerfile via stdin")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
-	dockerfile := cmd.Arg(0)
-	if dockerfile == "" {
-		dockerfile = "Dockerfile"
+	img, err := NewBuilder(srv.runtime).Build(stdin, stdout)
+	if err != nil {
+		return err
 	}
-
-	var file io.Reader
-
-	if dockerfile != "-" {
-		f, err := os.Open(dockerfile)
-		if err != nil {
-			return err
-		}
-		defer f.Close()
-		file = f
-	} else {
-		file = stdin
-	}
-	return NewBuilder(srv.runtime).Build(file, stdout)
+	fmt.Fprintf(stdout, "%s\n", img.ShortId())
+	return nil
 }
 
 // 'docker login': login / register a user to registry service.
@@ -224,6 +220,7 @@ func (srv *Server) CmdLogin(stdin io.ReadCloser, stdout rcli.DockerConn, args ..
 	if err != nil {
 		fmt.Fprintf(stdout, "Error: %s\r\n", err)
 	} else {
+		srv.runtime.graph.getHttpClient().Jar = cookiejar.NewCookieJar()
 		srv.runtime.authConfig = newAuthConfig
 	}
 	if status != "" {
@@ -287,10 +284,12 @@ func (srv *Server) CmdInfo(stdin io.ReadCloser, stdout io.Writer, args ...string
 		len(srv.runtime.List()),
 		VERSION,
 		imgcount)
+	fmt.Fprintf(stdout, "Go version: %s\n", runtime.Version())
 
-	if !rcli.DEBUG_FLAG {
+	if os.Getenv("DEBUG") == "" {
 		return nil
 	}
+
 	fmt.Fprintln(stdout, "debug mode enabled")
 	fmt.Fprintf(stdout, "fds: %d\ngoroutines: %d\n", getTotalUsedFds(), runtime.NumGoroutine())
 	return nil
@@ -471,7 +470,8 @@ func (srv *Server) CmdHistory(stdin io.ReadCloser, stdout io.Writer, args ...str
 }
 
 func (srv *Server) CmdRm(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	cmd := rcli.Subcmd(stdout, "rm", "CONTAINER [CONTAINER...]", "Remove a container")
+	cmd := rcli.Subcmd(stdout, "rm", "[OPTIONS] CONTAINER [CONTAINER...]", "Remove a container")
+	v := cmd.Bool("v", false, "Remove the volumes associated to the container")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -479,15 +479,40 @@ func (srv *Server) CmdRm(stdin io.ReadCloser, stdout io.Writer, args ...string)
 		cmd.Usage()
 		return nil
 	}
+	volumes := make(map[string]struct{})
 	for _, name := range cmd.Args() {
 		container := srv.runtime.Get(name)
 		if container == nil {
 			return fmt.Errorf("No such container: %s", name)
 		}
+		// Store all the deleted containers volumes
+		for _, volumeId := range container.Volumes {
+			volumes[volumeId] = struct{}{}
+		}
 		if err := srv.runtime.Destroy(container); err != nil {
 			fmt.Fprintln(stdout, "Error destroying container "+name+": "+err.Error())
 		}
 	}
+	if *v {
+		// Retrieve all volumes from all remaining containers
+		usedVolumes := make(map[string]*Container)
+		for _, container := range srv.runtime.List() {
+			for _, containerVolumeId := range container.Volumes {
+				usedVolumes[containerVolumeId] = container
+			}
+		}
+
+		for volumeId := range volumes {
+			// If the requested volu
+			if c, exists := usedVolumes[volumeId]; exists {
+				fmt.Fprintf(stdout, "The volume %s is used by the container %s. Impossible to remove it. Skipping.\n", volumeId, c.Id)
+				continue
+			}
+			if err := srv.runtime.volumes.Delete(volumeId); err != nil {
+				return err
+			}
+		}
+	}
 	return nil
 }
 
@@ -548,7 +573,7 @@ func (srv *Server) CmdImport(stdin io.ReadCloser, stdout rcli.DockerConn, args .
 		}
 		archive = ProgressReader(resp.Body, int(resp.ContentLength), stdout, "Importing %v/%v (%v)")
 	}
-	img, err := srv.runtime.graph.Create(archive, nil, "Imported from "+src, "")
+	img, err := srv.runtime.graph.Create(archive, nil, "Imported from "+src, "", nil)
 	if err != nil {
 		return err
 	}
@@ -565,6 +590,7 @@ func (srv *Server) CmdImport(stdin io.ReadCloser, stdout rcli.DockerConn, args .
 
 func (srv *Server) CmdPush(stdin io.ReadCloser, stdout rcli.DockerConn, args ...string) error {
 	cmd := rcli.Subcmd(stdout, "push", "NAME", "Push an image or a repository to the registry")
+	registry := cmd.String("registry", "", "Registry host to push the image to")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -575,8 +601,8 @@ func (srv *Server) CmdPush(stdin io.ReadCloser, stdout rcli.DockerConn, args ...
 		return nil
 	}
 
-	// If the login failed, abort
-	if srv.runtime.authConfig == nil || srv.runtime.authConfig.Username == "" {
+	// If the login failed AND we're using the index, abort
+	if *registry == "" && (srv.runtime.authConfig == nil || srv.runtime.authConfig.Username == "") {
 		if err := srv.CmdLogin(stdin, stdout, args...); err != nil {
 			return err
 		}
@@ -599,9 +625,6 @@ func (srv *Server) CmdPush(stdin io.ReadCloser, stdout rcli.DockerConn, args ...
 	Debugf("Pushing [%s] to [%s]\n", local, remote)
 
 	// Try to get the image
-	// FIXME: Handle lookup
-	// FIXME: Also push the tags in case of ./docker push myrepo:mytag
-	//	img, err := srv.runtime.LookupImage(cmd.Arg(0))
 	img, err := srv.runtime.graph.Get(local)
 	if err != nil {
 		Debugf("The push refers to a repository [%s] (len: %d)\n", local, len(srv.runtime.repositories.Repositories[local]))
@@ -615,7 +638,7 @@ func (srv *Server) CmdPush(stdin io.ReadCloser, stdout rcli.DockerConn, args ...
 
 		return err
 	}
-	err = srv.runtime.graph.PushImage(stdout, img, srv.runtime.authConfig)
+	err = srv.runtime.graph.PushImage(stdout, img, *registry, nil)
 	if err != nil {
 		return err
 	}
@@ -624,6 +647,8 @@ func (srv *Server) CmdPush(stdin io.ReadCloser, stdout rcli.DockerConn, args ...
 
 func (srv *Server) CmdPull(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
 	cmd := rcli.Subcmd(stdout, "pull", "NAME", "Pull an image or a repository from the registry")
+	tag := cmd.String("t", "", "Download tagged image in repository")
+	registry := cmd.String("registry", "", "Registry to download from. Necessary if image is pulled by ID")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -633,15 +658,20 @@ func (srv *Server) CmdPull(stdin io.ReadCloser, stdout io.Writer, args ...string
 		return nil
 	}
 
+	if strings.Contains(remote, ":") {
+		remoteParts := strings.Split(remote, ":")
+		tag = &remoteParts[1]
+		remote = remoteParts[0]
+	}
+
 	// FIXME: CmdPull should be a wrapper around Runtime.Pull()
-	if srv.runtime.graph.LookupRemoteImage(remote, srv.runtime.authConfig) {
-		if err := srv.runtime.graph.PullImage(stdout, remote, srv.runtime.authConfig); err != nil {
+	if *registry != "" {
+		if err := srv.runtime.graph.PullImage(stdout, remote, *registry, nil); err != nil {
 			return err
 		}
 		return nil
 	}
-	// FIXME: Allow pull repo:tag
-	if err := srv.runtime.graph.PullRepository(stdout, remote, "", srv.runtime.repositories, srv.runtime.authConfig); err != nil {
+	if err := srv.runtime.graph.PullRepository(stdout, remote, *tag, srv.runtime.repositories, srv.runtime.authConfig); err != nil {
 		return err
 	}
 	return nil
@@ -652,85 +682,126 @@ func (srv *Server) CmdImages(stdin io.ReadCloser, stdout io.Writer, args ...stri
 	//limit := cmd.Int("l", 0, "Only show the N most recent versions of each image")
 	quiet := cmd.Bool("q", false, "only show numeric IDs")
 	flAll := cmd.Bool("a", false, "show all images")
+	flViz := cmd.Bool("viz", false, "output graph in graphviz format")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
-	if cmd.NArg() > 1 {
-		cmd.Usage()
-		return nil
-	}
-	var nameFilter string
-	if cmd.NArg() == 1 {
-		nameFilter = cmd.Arg(0)
-	}
-	w := tabwriter.NewWriter(stdout, 20, 1, 3, ' ', 0)
-	if !*quiet {
-		fmt.Fprintln(w, "REPOSITORY\tTAG\tID\tCREATED")
-	}
-	var allImages map[string]*Image
-	var err error
-	if *flAll {
-		allImages, err = srv.runtime.graph.Map()
-	} else {
-		allImages, err = srv.runtime.graph.Heads()
-	}
-	if err != nil {
-		return err
-	}
-	for name, repository := range srv.runtime.repositories.Repositories {
-		if nameFilter != "" && name != nameFilter {
-			continue
+
+	if *flViz {
+		images, _ := srv.runtime.graph.All()
+		if images == nil {
+			return nil
 		}
-		for tag, id := range repository {
-			image, err := srv.runtime.graph.Get(id)
+
+		fmt.Fprintf(stdout, "digraph docker {\n")
+
+		var parentImage *Image
+		var err error
+		for _, image := range images {
+			parentImage, err = image.GetParent()
 			if err != nil {
-				log.Printf("Warning: couldn't load %s from %s/%s: %s", id, name, tag, err)
+				fmt.Errorf("Error while getting parent image: %v", err)
+				return nil
+			}
+			if parentImage != nil {
+				fmt.Fprintf(stdout, "  \"%s\" -> \"%s\"\n", parentImage.ShortId(), image.ShortId())
+			} else {
+				fmt.Fprintf(stdout, "  base -> \"%s\" [style=invis]\n", image.ShortId())
+			}
+		}
+
+		reporefs := make(map[string][]string)
+
+		for name, repository := range srv.runtime.repositories.Repositories {
+			for tag, id := range repository {
+				reporefs[TruncateId(id)] = append(reporefs[TruncateId(id)], fmt.Sprintf("%s:%s", name, tag))
+			}
+		}
+
+		for id, repos := range reporefs {
+			fmt.Fprintf(stdout, "  \"%s\" [label=\"%s\\n%s\",shape=box,fillcolor=\"paleturquoise\",style=\"filled,rounded\"];\n", id, id, strings.Join(repos, "\\n"))
+		}
+
+		fmt.Fprintf(stdout, "  base [style=invisible]\n")
+		fmt.Fprintf(stdout, "}\n")
+	} else {
+		if cmd.NArg() > 1 {
+			cmd.Usage()
+			return nil
+		}
+		var nameFilter string
+		if cmd.NArg() == 1 {
+			nameFilter = cmd.Arg(0)
+		}
+		w := tabwriter.NewWriter(stdout, 20, 1, 3, ' ', 0)
+		if !*quiet {
+			fmt.Fprintln(w, "REPOSITORY\tTAG\tID\tCREATED")
+		}
+		var allImages map[string]*Image
+		var err error
+		if *flAll {
+			allImages, err = srv.runtime.graph.Map()
+		} else {
+			allImages, err = srv.runtime.graph.Heads()
+		}
+		if err != nil {
+			return err
+		}
+		for name, repository := range srv.runtime.repositories.Repositories {
+			if nameFilter != "" && name != nameFilter {
 				continue
 			}
-			delete(allImages, id)
-			if !*quiet {
-				for idx, field := range []string{
-					/* REPOSITORY */ name,
-					/* TAG */ tag,
-					/* ID */ TruncateId(id),
-					/* CREATED */ HumanDuration(time.Now().Sub(image.Created)) + " ago",
-				} {
-					if idx == 0 {
-						w.Write([]byte(field))
-					} else {
-						w.Write([]byte("\t" + field))
-					}
+			for tag, id := range repository {
+				image, err := srv.runtime.graph.Get(id)
+				if err != nil {
+					log.Printf("Warning: couldn't load %s from %s/%s: %s", id, name, tag, err)
+					continue
+				}
+				delete(allImages, id)
+				if !*quiet {
+					for idx, field := range []string{
+						/* REPOSITORY */ name,
+						/* TAG */ tag,
+						/* ID */ TruncateId(id),
+						/* CREATED */ HumanDuration(time.Now().Sub(image.Created)) + " ago",
+					} {
+						if idx == 0 {
+							w.Write([]byte(field))
+						} else {
+							w.Write([]byte("\t" + field))
+						}
+					}
+					w.Write([]byte{'\n'})
+				} else {
+					stdout.Write([]byte(image.ShortId() + "\n"))
 				}
-				w.Write([]byte{'\n'})
-			} else {
-				stdout.Write([]byte(image.ShortId() + "\n"))
 			}
 		}
-	}
-	// Display images which aren't part of a
-	if nameFilter == "" {
-		for id, image := range allImages {
-			if !*quiet {
-				for idx, field := range []string{
-					/* REPOSITORY */ "<none>",
-					/* TAG */ "<none>",
-					/* ID */ TruncateId(id),
-					/* CREATED */ HumanDuration(time.Now().Sub(image.Created)) + " ago",
-				} {
-					if idx == 0 {
-						w.Write([]byte(field))
-					} else {
-						w.Write([]byte("\t" + field))
+		// Display images which aren't part of a
+		if nameFilter == "" {
+			for id, image := range allImages {
+				if !*quiet {
+					for idx, field := range []string{
+						/* REPOSITORY */ "<none>",
+						/* TAG */ "<none>",
+						/* ID */ TruncateId(id),
+						/* CREATED */ HumanDuration(time.Now().Sub(image.Created)) + " ago",
+					} {
+						if idx == 0 {
+							w.Write([]byte(field))
+						} else {
+							w.Write([]byte("\t" + field))
+						}
 					}
+					w.Write([]byte{'\n'})
+				} else {
+					stdout.Write([]byte(image.ShortId() + "\n"))
 				}
-				w.Write([]byte{'\n'})
-			} else {
-				stdout.Write([]byte(image.ShortId() + "\n"))
 			}
 		}
-	}
-	if !*quiet {
-		w.Flush()
+		if !*quiet {
+			w.Flush()
+		}
 	}
 	return nil
 }
@@ -797,6 +868,7 @@ func (srv *Server) CmdCommit(stdin io.ReadCloser, stdout io.Writer, args ...stri
 		"Create a new image from a container's changes")
 	flComment := cmd.String("m", "", "Commit message")
 	flAuthor := cmd.String("author", "", "Author (eg. \"John Hannibal Smith <hannibal@a-team.com>\"")
+	flConfig := cmd.String("run", "", "Config automatically applied when the image is run. "+`(ex: {"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')`)
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -805,7 +877,21 @@ func (srv *Server) CmdCommit(stdin io.ReadCloser, stdout io.Writer, args ...stri
 		cmd.Usage()
 		return nil
 	}
-	img, err := srv.runtime.Commit(containerName, repository, tag, *flComment, *flAuthor)
+
+	var config *Config
+	if *flConfig != "" {
+		config = &Config{}
+		if err := json.Unmarshal([]byte(*flConfig), config); err != nil {
+			return err
+		}
+	}
+
+	container := srv.runtime.Get(containerName)
+	if container == nil {
+		return fmt.Errorf("No such container: %s", containerName)
+	}
+
+	img, err := NewBuilder(srv.runtime).Commit(container, repository, tag, *flComment, *flAuthor, config)
 	if err != nil {
 		return err
 	}
@@ -919,6 +1005,34 @@ func (srv *Server) CmdAttach(stdin io.ReadCloser, stdout rcli.DockerConn, args .
 	return <-container.Attach(stdin, nil, stdout, stdout)
 }
 
+func (srv *Server) CmdSearch(stdin io.ReadCloser, stdout rcli.DockerConn, args ...string) error {
+	cmd := rcli.Subcmd(stdout, "search", "NAME", "Search the docker index for images")
+	if err := cmd.Parse(args); err != nil {
+		return nil
+	}
+	if cmd.NArg() != 1 {
+		cmd.Usage()
+		return nil
+	}
+	term := cmd.Arg(0)
+	results, err := srv.runtime.graph.SearchRepositories(stdout, term)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(stdout, "Found %d results matching your query (\"%s\")\n", results.NumResults, results.Query)
+	w := tabwriter.NewWriter(stdout, 20, 1, 3, ' ', 0)
+	fmt.Fprintf(w, "NAME\tDESCRIPTION\n")
+	for _, repo := range results.Results {
+		description := repo["description"]
+		if len(description) > 45 {
+			description = Trunc(description, 42) + "..."
+		}
+		fmt.Fprintf(w, "%s\t%s\n", repo["name"], description)
+	}
+	w.Flush()
+	return nil
+}
+
 // Ports type - Used to parse multiple -p flags
 type ports []int
 
@@ -974,6 +1088,25 @@ func (opts AttachOpts) Get(val string) bool {
 	return false
 }
 
+// PathOpts stores a unique set of absolute paths
+type PathOpts map[string]struct{}
+
+func NewPathOpts() PathOpts {
+	return make(PathOpts)
+}
+
+func (opts PathOpts) String() string {
+	return fmt.Sprintf("%v", map[string]struct{}(opts))
+}
+
+func (opts PathOpts) Set(val string) error {
+	if !filepath.IsAbs(val) {
+		return fmt.Errorf("%s is not an absolute path", val)
+	}
+	opts[filepath.Clean(val)] = struct{}{}
+	return nil
+}
+
 func (srv *Server) CmdTag(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
 	cmd := rcli.Subcmd(stdout, "tag", "[OPTIONS] IMAGE REPOSITORY [TAG]", "Tag an image into a repository")
 	force := cmd.Bool("f", false, "Force")
@@ -996,10 +1129,6 @@ func (srv *Server) CmdRun(stdin io.ReadCloser, stdout rcli.DockerConn, args ...s
 		fmt.Fprintln(stdout, "Error: Image not specified")
 		return fmt.Errorf("Image not specified")
 	}
-	if len(config.Cmd) == 0 {
-		fmt.Fprintln(stdout, "Error: Command not specified")
-		return fmt.Errorf("Command not specified")
-	}
 
 	if config.Tty {
 		stdout.SetOptionRawTerminal()
@@ -1008,8 +1137,10 @@ func (srv *Server) CmdRun(stdin io.ReadCloser, stdout rcli.DockerConn, args ...s
 	// or tell the client there is no options
 	stdout.Flush()
 
+	b := NewBuilder(srv.runtime)
+
 	// Create new container
-	container, err := srv.runtime.Create(config)
+	container, err := b.Create(config)
 	if err != nil {
 		// If container not found, try to pull it
 		if srv.runtime.graph.IsNotExist(err) {
@@ -1017,7 +1148,7 @@ func (srv *Server) CmdRun(stdin io.ReadCloser, stdout rcli.DockerConn, args ...s
 			if err = srv.CmdPull(stdin, stdout, config.Image); err != nil {
 				return err
 			}
-			if container, err = srv.runtime.Create(config); err != nil {
+			if container, err = b.Create(config); err != nil {
 				return err
 			}
 		} else {
@@ -1064,11 +1195,11 @@ func (srv *Server) CmdRun(stdin io.ReadCloser, stdout rcli.DockerConn, args ...s
 	return nil
 }
 
-func NewServer() (*Server, error) {
+func NewServer(autoRestart bool) (*Server, error) {
 	if runtime.GOARCH != "amd64" {
 		log.Fatalf("The docker runtime currently only supports amd64 (not %s). This will change in the future. Aborting.", runtime.GOARCH)
 	}
-	runtime, err := NewRuntime()
+	runtime, err := NewRuntime(autoRestart)
 	if err != nil {
 		return nil, err
 	}

commands_test.go

@@ -73,6 +73,77 @@ func cmdWait(srv *Server, container *Container) error {
 	return closeWrap(stdout, stdoutPipe)
 }
 
+func cmdImages(srv *Server, args ...string) (string, error) {
+	stdout, stdoutPipe := io.Pipe()
+
+	go func() {
+		if err := srv.CmdImages(nil, stdoutPipe, args...); err != nil {
+			return
+		}
+
+		// force the pipe closed, so that the code below gets an EOF
+		stdoutPipe.Close()
+	}()
+
+	output, err := ioutil.ReadAll(stdout)
+	if err != nil {
+		return "", err
+	}
+
+	// Cleanup pipes
+	return string(output), closeWrap(stdout, stdoutPipe)
+}
+
+// TestImages checks that 'docker images' displays information correctly
+func TestImages(t *testing.T) {
+
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	srv := &Server{runtime: runtime}
+
+	output, err := cmdImages(srv)
+
+	if !strings.Contains(output, "REPOSITORY") {
+		t.Fatal("'images' should have a header")
+	}
+	if !strings.Contains(output, "docker-ut") {
+		t.Fatal("'images' should show the docker-ut image")
+	}
+	if !strings.Contains(output, "e9aa60c60128") {
+		t.Fatal("'images' should show the docker-ut image id")
+	}
+
+	output, err = cmdImages(srv, "-q")
+
+	if strings.Contains(output, "REPOSITORY") {
+		t.Fatal("'images -q' should not have a header")
+	}
+	if strings.Contains(output, "docker-ut") {
+		t.Fatal("'images' should not show the docker-ut image name")
+	}
+	if !strings.Contains(output, "e9aa60c60128") {
+		t.Fatal("'images' should show the docker-ut image id")
+	}
+
+	output, err = cmdImages(srv, "-viz")
+
+	if !strings.HasPrefix(output, "digraph docker {") {
+		t.Fatal("'images -v' should start with the dot header")
+	}
+	if !strings.HasSuffix(output, "}\n") {
+		t.Fatal("'images -v' should end with a '}'")
+	}
+	if !strings.Contains(output, "base -> \"e9aa60c60128\" [style=invis]") {
+		t.Fatal("'images -v' should have the docker-ut image id node")
+	}
+
+	// todo: add checks for -a
+}
+
 // TestRunHostname checks that 'docker run -h' correctly sets a custom hostname
 func TestRunHostname(t *testing.T) {
 	runtime, err := newTestRuntime()
@@ -339,7 +410,7 @@ func TestAttachDisconnect(t *testing.T) {
 
 	srv := &Server{runtime: runtime}
 
-	container, err := runtime.Create(
+	container, err := NewBuilder(runtime).Create(
 		&Config{
 			Image:     GetTestImage(runtime).Id,
 			Memory:    33554432,
@@ -394,4 +465,5 @@ func TestAttachDisconnect(t *testing.T) {
 	// Try to avoid the timeoout in destroy. Best effort, don't check error
 	cStdin, _ := container.StdinPipe()
 	cStdin.Close()
+	container.Wait()
 }

container.go

@@ -48,6 +48,7 @@ type Container struct {
 	runtime *Runtime
 
 	waitLock chan struct{}
+	Volumes  map[string]string
 }
 
 type Config struct {
@@ -66,6 +67,8 @@ type Config struct {
 	Cmd          []string
 	Dns          []string
 	Image        string // Name of the image as it was passed by the operator (eg. could be symbolic)
+	Volumes      map[string]struct{}
+	VolumesFrom  string
 }
 
 func ParseRun(args []string, stdout io.Writer, capabilities *Capabilities) (*Config, error) {
@@ -97,6 +100,11 @@ func ParseRun(args []string, stdout io.Writer, capabilities *Capabilities) (*Con
 	var flDns ListOpts
 	cmd.Var(&flDns, "dns", "Set custom dns servers")
 
+	flVolumes := NewPathOpts()
+	cmd.Var(flVolumes, "v", "Attach a data volume")
+
+	flVolumesFrom := cmd.String("volumes-from", "", "Mount volumes from the specified container")
+
 	if err := cmd.Parse(args); err != nil {
 		return nil, err
 	}
@@ -136,6 +144,8 @@ func ParseRun(args []string, stdout io.Writer, capabilities *Capabilities) (*Con
 		Cmd:          runCmd,
 		Dns:          flDns,
 		Image:        image,
+		Volumes:      flVolumes,
+		VolumesFrom:  *flVolumesFrom,
 	}
 
 	if *flMemory > 0 && !capabilities.SwapLimit {
@@ -411,10 +421,40 @@ func (container *Container) Start() error {
 		log.Printf("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n")
 		container.Config.MemorySwap = -1
 	}
+	container.Volumes = make(map[string]string)
+
+	// Create the requested volumes volumes
+	for volPath := range container.Config.Volumes {
+		if c, err := container.runtime.volumes.Create(nil, container, "", "", nil); err != nil {
+			return err
+		} else {
+			if err := os.MkdirAll(path.Join(container.RootfsPath(), volPath), 0755); err != nil {
+				return nil
+			}
+			container.Volumes[volPath] = c.Id
+		}
+	}
+
+	if container.Config.VolumesFrom != "" {
+		c := container.runtime.Get(container.Config.VolumesFrom)
+		if c == nil {
+			return fmt.Errorf("Container %s not found. Impossible to mount its volumes", container.Id)
+		}
+		for volPath, id := range c.Volumes {
+			if _, exists := container.Volumes[volPath]; exists {
+				return fmt.Errorf("The requested volume %s overlap one of the volume of the container %s", volPath, c.Id)
+			}
+			if err := os.MkdirAll(path.Join(container.RootfsPath(), volPath), 0755); err != nil {
+				return nil
+			}
+			container.Volumes[volPath] = id
+		}
+	}
 
 	if err := container.generateLXCConfig(); err != nil {
 		return err
 	}
+
 	params := []string{
 		"-n", container.Id,
 		"-f", container.lxcConfigPath(),
@@ -473,6 +513,7 @@ func (container *Container) Start() error {
 
 	// Init the lock
 	container.waitLock = make(chan struct{})
+
 	container.ToDisk()
 	go container.monitor()
 	return nil
@@ -712,6 +753,14 @@ func (container *Container) ExportRw() (Archive, error) {
 	return Tar(container.rwPath(), Uncompressed)
 }
 
+func (container *Container) RwChecksum() (string, error) {
+	rwData, err := Tar(container.rwPath(), Xz)
+	if err != nil {
+		return "", err
+	}
+	return HashData(rwData)
+}
+
 func (container *Container) Export() (Archive, error) {
 	if err := container.EnsureMounted(); err != nil {
 		return nil, err
@@ -804,6 +853,22 @@ func (container *Container) RootfsPath() string {
 	return path.Join(container.root, "rootfs")
 }
 
+func (container *Container) GetVolumes() (map[string]string, error) {
+	ret := make(map[string]string)
+	for volPath, id := range container.Volumes {
+		volume, err := container.runtime.volumes.Get(id)
+		if err != nil {
+			return nil, err
+		}
+		root, err := volume.root()
+		if err != nil {
+			return nil, err
+		}
+		ret[volPath] = path.Join(root, "layer")
+	}
+	return ret, nil
+}
+
 func (container *Container) rwPath() string {
 	return path.Join(container.root, "rw")
 }

container_test.go

@@ -20,11 +20,10 @@ func TestIdFormat(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container1, err := runtime.Create(
+	container1, err := NewBuilder(runtime).Create(
 		&Config{
-			Image:  GetTestImage(runtime).Id,
-			Cmd:    []string{"/bin/sh", "-c", "echo hello world"},
-			Memory: 33554432,
+			Image: GetTestImage(runtime).Id,
+			Cmd:   []string{"/bin/sh", "-c", "echo hello world"},
 		},
 	)
 	if err != nil {
@@ -45,12 +44,11 @@ func TestMultipleAttachRestart(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(
+	container, err := NewBuilder(runtime).Create(
 		&Config{
 			Image: GetTestImage(runtime).Id,
 			Cmd: []string{"/bin/sh", "-c",
 				"i=1; while [ $i -le 5 ]; do i=`expr $i + 1`;  echo hello; done"},
-			Memory: 33554432,
 		},
 	)
 	if err != nil {
@@ -116,8 +114,8 @@ func TestMultipleAttachRestart(t *testing.T) {
 	if err := container.Start(); err != nil {
 		t.Fatal(err)
 	}
-	timeout := make(chan bool)
-	go func() {
+
+	setTimeout(t, "Timeout reading from the process", 3*time.Second, func() {
 		l1, err = bufio.NewReader(stdout1).ReadString('\n')
 		if err != nil {
 			t.Fatal(err)
@@ -139,15 +137,8 @@ func TestMultipleAttachRestart(t *testing.T) {
 		if strings.Trim(l3, " \r\n") != "hello" {
 			t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l3)
 		}
-		timeout <- false
-	}()
-	go func() {
-		time.Sleep(3 * time.Second)
-		timeout <- true
-	}()
-	if <-timeout {
-		t.Fatalf("Timeout reading from the process")
-	}
+	})
+	container.Wait()
 }
 
 func TestDiff(t *testing.T) {
@@ -157,8 +148,10 @@ func TestDiff(t *testing.T) {
 	}
 	defer nuke(runtime)
 
+	builder := NewBuilder(runtime)
+
 	// Create a container and remove a file
-	container1, err := runtime.Create(
+	container1, err := builder.Create(
 		&Config{
 			Image: GetTestImage(runtime).Id,
 			Cmd:   []string{"/bin/rm", "/etc/passwd"},
@@ -193,13 +186,13 @@ func TestDiff(t *testing.T) {
 	if err != nil {
 		t.Error(err)
 	}
-	img, err := runtime.graph.Create(rwTar, container1, "unit test commited image - diff", "")
+	img, err := runtime.graph.Create(rwTar, container1, "unit test commited image - diff", "", nil)
 	if err != nil {
 		t.Error(err)
 	}
 
 	// Create a new container from the commited image
-	container2, err := runtime.Create(
+	container2, err := builder.Create(
 		&Config{
 			Image: img.Id,
 			Cmd:   []string{"cat", "/etc/passwd"},
@@ -226,17 +219,18 @@ func TestDiff(t *testing.T) {
 	}
 }
 
-func TestCommitRun(t *testing.T) {
+func TestCommitAutoRun(t *testing.T) {
 	runtime, err := newTestRuntime()
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container1, err := runtime.Create(
+
+	builder := NewBuilder(runtime)
+	container1, err := builder.Create(
 		&Config{
-			Image:  GetTestImage(runtime).Id,
-			Cmd:    []string{"/bin/sh", "-c", "echo hello > /world"},
-			Memory: 33554432,
+			Image: GetTestImage(runtime).Id,
+			Cmd:   []string{"/bin/sh", "-c", "echo hello > /world"},
 		},
 	)
 	if err != nil {
@@ -258,18 +252,97 @@ func TestCommitRun(t *testing.T) {
 	if err != nil {
 		t.Error(err)
 	}
-	img, err := runtime.graph.Create(rwTar, container1, "unit test commited image", "")
+	img, err := runtime.graph.Create(rwTar, container1, "unit test commited image", "", &Config{Cmd: []string{"cat", "/world"}})
+	if err != nil {
+		t.Error(err)
+	}
+
+	// FIXME: Make a TestCommit that stops here and check docker.root/layers/img.id/world
+	container2, err := builder.Create(
+		&Config{
+			Image: img.Id,
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container2)
+	stdout, err := container2.StdoutPipe()
+	if err != nil {
+		t.Fatal(err)
+	}
+	stderr, err := container2.StderrPipe()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := container2.Start(); err != nil {
+		t.Fatal(err)
+	}
+	container2.Wait()
+	output, err := ioutil.ReadAll(stdout)
+	if err != nil {
+		t.Fatal(err)
+	}
+	output2, err := ioutil.ReadAll(stderr)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := stdout.Close(); err != nil {
+		t.Fatal(err)
+	}
+	if err := stderr.Close(); err != nil {
+		t.Fatal(err)
+	}
+	if string(output) != "hello\n" {
+		t.Fatalf("Unexpected output. Expected %s, received: %s (err: %s)", "hello\n", output, output2)
+	}
+}
+
+func TestCommitRun(t *testing.T) {
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	builder := NewBuilder(runtime)
+
+	container1, err := builder.Create(
+		&Config{
+			Image: GetTestImage(runtime).Id,
+			Cmd:   []string{"/bin/sh", "-c", "echo hello > /world"},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container1)
+
+	if container1.State.Running {
+		t.Errorf("Container shouldn't be running")
+	}
+	if err := container1.Run(); err != nil {
+		t.Fatal(err)
+	}
+	if container1.State.Running {
+		t.Errorf("Container shouldn't be running")
+	}
+
+	rwTar, err := container1.ExportRw()
+	if err != nil {
+		t.Error(err)
+	}
+	img, err := runtime.graph.Create(rwTar, container1, "unit test commited image", "", nil)
 	if err != nil {
 		t.Error(err)
 	}
 
 	// FIXME: Make a TestCommit that stops here and check docker.root/layers/img.id/world
 
-	container2, err := runtime.Create(
+	container2, err := builder.Create(
 		&Config{
-			Image:  img.Id,
-			Memory: 33554432,
-			Cmd:    []string{"cat", "/world"},
+			Image: img.Id,
+			Cmd:   []string{"cat", "/world"},
 		},
 	)
 	if err != nil {
@@ -313,7 +386,7 @@ func TestStart(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(
+	container, err := NewBuilder(runtime).Create(
 		&Config{
 			Image:     GetTestImage(runtime).Id,
 			Memory:    33554432,
@@ -352,11 +425,10 @@ func TestRun(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(
+	container, err := NewBuilder(runtime).Create(
 		&Config{
-			Image:  GetTestImage(runtime).Id,
-			Memory: 33554432,
-			Cmd:    []string{"ls", "-al"},
+			Image: GetTestImage(runtime).Id,
+			Cmd:   []string{"ls", "-al"},
 		},
 	)
 	if err != nil {
@@ -381,7 +453,7 @@ func TestOutput(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(
+	container, err := NewBuilder(runtime).Create(
 		&Config{
 			Image: GetTestImage(runtime).Id,
 			Cmd:   []string{"echo", "-n", "foobar"},
@@ -406,7 +478,7 @@ func TestKillDifferentUser(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"tail", "-f", "/etc/resolv.conf"},
 		User:  "daemon",
@@ -454,7 +526,7 @@ func TestKill(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"cat", "/dev/zero"},
 	},
@@ -500,7 +572,9 @@ func TestExitCode(t *testing.T) {
 	}
 	defer nuke(runtime)
 
-	trueContainer, err := runtime.Create(&Config{
+	builder := NewBuilder(runtime)
+
+	trueContainer, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"/bin/true", ""},
 	})
@@ -515,7 +589,7 @@ func TestExitCode(t *testing.T) {
 		t.Errorf("Unexpected exit code %d (expected 0)", trueContainer.State.ExitCode)
 	}
 
-	falseContainer, err := runtime.Create(&Config{
+	falseContainer, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"/bin/false", ""},
 	})
@@ -537,7 +611,7 @@ func TestRestart(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"echo", "-n", "foobar"},
 	},
@@ -570,7 +644,7 @@ func TestRestartStdin(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"cat"},
 
@@ -649,8 +723,10 @@ func TestUser(t *testing.T) {
 	}
 	defer nuke(runtime)
 
+	builder := NewBuilder(runtime)
+
 	// Default user must be root
-	container, err := runtime.Create(&Config{
+	container, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"id"},
 	},
@@ -668,7 +744,7 @@ func TestUser(t *testing.T) {
 	}
 
 	// Set a username
-	container, err = runtime.Create(&Config{
+	container, err = builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"id"},
 
@@ -688,7 +764,7 @@ func TestUser(t *testing.T) {
 	}
 
 	// Set a UID
-	container, err = runtime.Create(&Config{
+	container, err = builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"id"},
 
@@ -708,7 +784,7 @@ func TestUser(t *testing.T) {
 	}
 
 	// Set a different user by uid
-	container, err = runtime.Create(&Config{
+	container, err = builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"id"},
 
@@ -730,7 +806,7 @@ func TestUser(t *testing.T) {
 	}
 
 	// Set a different user by username
-	container, err = runtime.Create(&Config{
+	container, err = builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"id"},
 
@@ -757,7 +833,9 @@ func TestMultipleContainers(t *testing.T) {
 	}
 	defer nuke(runtime)
 
-	container1, err := runtime.Create(&Config{
+	builder := NewBuilder(runtime)
+
+	container1, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"cat", "/dev/zero"},
 	},
@@ -767,7 +845,7 @@ func TestMultipleContainers(t *testing.T) {
 	}
 	defer runtime.Destroy(container1)
 
-	container2, err := runtime.Create(&Config{
+	container2, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"cat", "/dev/zero"},
 	},
@@ -813,7 +891,7 @@ func TestStdin(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"cat"},
 
@@ -860,7 +938,7 @@ func TestTty(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"cat"},
 
@@ -907,7 +985,7 @@ func TestEnv(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"/usr/bin/env"},
 	},
@@ -981,7 +1059,7 @@ func TestLXCConfig(t *testing.T) {
 	memMin := 33554432
 	memMax := 536870912
 	mem := memMin + rand.Intn(memMax-memMin)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"/bin/true"},
 
@@ -1008,7 +1086,7 @@ func BenchmarkRunSequencial(b *testing.B) {
 	}
 	defer nuke(runtime)
 	for i := 0; i < b.N; i++ {
-		container, err := runtime.Create(&Config{
+		container, err := NewBuilder(runtime).Create(&Config{
 			Image: GetTestImage(runtime).Id,
 			Cmd:   []string{"echo", "-n", "foo"},
 		},
@@ -1043,7 +1121,7 @@ func BenchmarkRunParallel(b *testing.B) {
 		complete := make(chan error)
 		tasks = append(tasks, complete)
 		go func(i int, complete chan error) {
-			container, err := runtime.Create(&Config{
+			container, err := NewBuilder(runtime).Create(&Config{
 				Image: GetTestImage(runtime).Id,
 				Cmd:   []string{"echo", "-n", "foo"},
 			},

contrib/crashTest.go

@@ -1,17 +1,22 @@
 package main
 
 import (
+	"fmt"
 	"io"
 	"log"
+	"net"
 	"os"
 	"os/exec"
+	"path"
 	"time"
 )
 
-const DOCKER_PATH = "/home/creack/dotcloud/docker/docker/docker"
+var DOCKER_PATH string = path.Join(os.Getenv("DOCKERPATH"), "docker")
 
+// WARNING: this crashTest will 1) crash your host, 2) remove all containers
 func runDaemon() (*exec.Cmd, error) {
 	os.Remove("/var/run/docker.pid")
+	exec.Command("rm", "-rf", "/var/lib/docker/containers").Run()
 	cmd := exec.Command(DOCKER_PATH, "-d")
 	outPipe, err := cmd.StdoutPipe()
 	if err != nil {
@@ -38,19 +43,43 @@ func crashTest() error {
 		return err
 	}
 
+	var endpoint string
+	if ep := os.Getenv("TEST_ENDPOINT"); ep == "" {
+		endpoint = "192.168.56.1:7979"
+	} else {
+		endpoint = ep
+	}
+
+	c := make(chan bool)
+	var conn io.Writer
+
+	go func() {
+		conn, _ = net.Dial("tcp", endpoint)
+		c <- false
+	}()
+	go func() {
+		time.Sleep(2 * time.Second)
+		c <- true
+	}()
+	<-c
+
+	restartCount := 0
+	totalTestCount := 1
 	for {
 		daemon, err := runDaemon()
 		if err != nil {
 			return err
 		}
+		restartCount++
 		//		time.Sleep(5000 * time.Millisecond)
 		var stop bool
 		go func() error {
 			stop = false
-			for i := 0; i < 100 && !stop; i++ {
+			for i := 0; i < 100 && !stop; {
 				func() error {
-					cmd := exec.Command(DOCKER_PATH, "run", "base", "echo", "hello", "world")
-					log.Printf("%d", i)
+					cmd := exec.Command(DOCKER_PATH, "run", "base", "echo", fmt.Sprintf("%d", totalTestCount))
+					i++
+					totalTestCount++
 					outPipe, err := cmd.StdoutPipe()
 					if err != nil {
 						return err
@@ -62,9 +91,10 @@ func crashTest() error {
 					if err := cmd.Start(); err != nil {
 						return err
 					}
-					go func() {
-						io.Copy(os.Stdout, outPipe)
-					}()
+					if conn != nil {
+						go io.Copy(conn, outPipe)
+					}
+
 					// Expecting error, do not check
 					inPipe.Write([]byte("hello world!!!!!\n"))
 					go inPipe.Write([]byte("hello world!!!!!\n"))

contrib/docker-build/docker-build

@@ -49,26 +49,39 @@ def docker(args, stdin=None):
 def image_exists(img):
 	return docker(["inspect", img]).read().strip() != ""
 
-def run_and_commit(img_in, cmd, stdin=None):
+def image_config(img):
+	return json.loads(docker(["inspect", img]).read()).get("config", {})
+
+def run_and_commit(img_in, cmd, stdin=None, author=None, run=None):
 	run_id = docker(["run"] + (["-i", "-a", "stdin"] if stdin else ["-d"]) + [img_in, "/bin/sh", "-c", cmd], stdin=stdin).read().rstrip()
 	print "---> Waiting for " + run_id
 	result=int(docker(["wait", run_id]).read().rstrip())
 	if result != 0:
 		print "!!! '{}' return non-zero exit code '{}'. Aborting.".format(cmd, result)
 		sys.exit(1)
-	return docker(["commit", run_id]).read().rstrip()
+	return docker(["commit"] + (["-author", author] if author else []) + (["-run", json.dumps(run)] if run is not None else []) + [run_id]).read().rstrip()
 
-def insert(base, src, dst):
+def insert(base, src, dst, author=None):
 	print "COPY {} to {} in {}".format(src, dst, base)
 	if dst == "":
 		raise Exception("Missing destination path")
 	stdin = file(src)
 	stdin.seek(0)
-	return run_and_commit(base, "cat > {0}; chmod +x {0}".format(dst), stdin=stdin)
-	
+	return run_and_commit(base, "cat > {0}; chmod +x {0}".format(dst), stdin=stdin, author=author)
+
+def add(base, src, dst, author=None):
+	print "PUSH to {} in {}".format(dst, base)
+	if src == ".":
+		tar = subprocess.Popen(["tar", "-c", "."], stdout=subprocess.PIPE).stdout
+	else:
+		tar = subprocess.Popen(["curl", src], stdout=subprocess.PIPE).stdout
+	if dst == "":
+		raise Exception("Missing argument to push")
+	return run_and_commit(base, "mkdir -p '{0}' && tar -C '{0}' -x".format(dst), stdin=tar, author=author)
 
 def main():
 	base=""
+	maintainer=""
 	steps = []
 	try:
 		for line in sys.stdin.readlines():
@@ -76,23 +89,48 @@ def main():
 			# Skip comments and empty lines
 			if line == "" or line[0] == "#":
 				continue
-			op, param = line.split("	", 1)
+			op, param = line.split(None, 1)
+			print op.upper() + " " + param
 			if op == "from":
-				print "FROM " + param
 				base = param
 				steps.append(base)
+			elif op == "maintainer":
+				maintainer = param
 			elif op == "run":
-				print "RUN " + param
-				result = run_and_commit(base, param)
+				result = run_and_commit(base, param, author=maintainer)
 				steps.append(result)
 				base = result
 				print "===> " + base
 			elif op == "copy":
 				src, dst = param.split("	", 1)
-				result = insert(base, src, dst)
+				result = insert(base, src, dst, author=maintainer)
 				steps.append(result)
 				base = result
 				print "===> " + base
+			elif op == "add":
+				src, dst = param.split("	", 1)
+				result = add(base, src, dst, author=maintainer)
+				steps.append(result)
+				base=result
+				print "===> " + base
+			elif op == "expose":
+				config = image_config(base)
+				if config.get("PortSpecs") is None:
+					config["PortSpecs"] = []
+				portspec = param.strip()
+				config["PortSpecs"].append(portspec)
+				result = run_and_commit(base, "# (nop) expose port {}".format(portspec), author=maintainer, run=config)
+				steps.append(result)
+				base=result
+				print "===> " + base
+			elif op == "cmd":
+				config  = image_config(base)
+				cmd = list(json.loads(param))
+				config["Cmd"] = cmd
+				result = run_and_commit(base, "# (nop) set default command to '{}'".format(" ".join(cmd)), author=maintainer, run=config)
+				steps.append(result)
+				base=result
+				print "===> " + base
 			else:
 				print "Skipping uknown op " + op
 	except:

contrib/docker-build/example.changefile

@@ -1,11 +1,13 @@
 # Start build from a know base image
+maintainer	Solomon Hykes <solomon@dotcloud.com>
 from	base:ubuntu-12.10
 # Update ubuntu sources
 run	echo 'deb http://archive.ubuntu.com/ubuntu quantal main universe multiverse' > /etc/apt/sources.list
 run	apt-get update
 # Install system packages
 run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q git
-run DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl
-run DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang
+run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl
+run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang
 # Insert files from the host (./myscript must be present in the current directory)
-copy	myscript /usr/local/bin/myscript
+copy	myscript	/usr/local/bin/myscript
+push	/src

contrib/docker-build/myscript

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo hello, world!

contrib/install.sh

@@ -36,9 +36,9 @@ else
 fi
 
 echo "Downloading docker binary and uncompressing into /usr/local/bin..."
-curl -s http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-master.tgz |
+curl -s http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-latest.tgz |
 tar -C /usr/local/bin --strip-components=1 -zxf- \
-docker-master/docker
+docker-latest/docker
 
 if [ -f /etc/init/dockerd.conf ]
 then

contrib/mkimage-debian.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+set -e
+
+# these should match the names found at http://www.debian.org/releases/
+stableSuite='squeeze'
+testingSuite='wheezy'
+unstableSuite='sid'
+
+# if suite is equal to this, it gets the "latest" tag
+latestSuite="$testingSuite"
+
+variant='minbase'
+include='iproute,iputils-ping'
+
+repo="$1"
+suite="${2:-$latestSuite}"
+mirror="${3:-}" # stick to the default debootstrap mirror if one is not provided
+
+if [ ! "$repo" ]; then
+	echo >&2 "usage: $0 repo [suite [mirror]]"
+	echo >&2 "   ie: $0 tianon/debian squeeze"
+	exit 1
+fi
+
+target="/tmp/docker-rootfs-debian-$suite-$$-$RANDOM"
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+returnTo="$(pwd -P)"
+
+set -x
+
+# bootstrap
+mkdir -p "$target"
+sudo debootstrap --verbose --variant="$variant" --include="$include" "$suite" "$target" "$mirror"
+
+cd "$target"
+
+# create the image
+img=$(sudo tar -c . | docker import -)
+
+# tag suite
+docker tag $img $repo $suite
+
+if [ "$suite" = "$latestSuite" ]; then
+	# tag latest
+	docker tag $img $repo latest
+fi
+
+# test the image
+docker run -i -t $repo:$suite echo success
+
+# unstable's version numbers match testing (since it's mostly just a sandbox for testing), so it doesn't get a version number tag
+if [ "$suite" != "$unstableSuite" -a "$suite" != 'unstable' ]; then
+	# tag the specific version
+	ver=$(docker run $repo:$suite cat /etc/debian_version)
+	docker tag $img $repo $ver
+fi
+
+# cleanup
+cd "$returnTo"
+sudo rm -rf "$target"

docker/docker.go

@@ -28,6 +28,7 @@ func main() {
 	// FIXME: Switch d and D ? (to be more sshd like)
 	flDaemon := flag.Bool("d", false, "Daemon mode")
 	flDebug := flag.Bool("D", false, "Debug mode")
+	flAutoRestart := flag.Bool("r", false, "Restart previously running containers")
 	bridgeName := flag.String("b", "", "Attach containers to a pre-existing network bridge")
 	pidfile := flag.String("p", "/var/run/docker.pid", "File containing process PID")
 	flag.Parse()
@@ -45,7 +46,7 @@ func main() {
 			flag.Usage()
 			return
 		}
-		if err := daemon(*pidfile); err != nil {
+		if err := daemon(*pidfile, *flAutoRestart); err != nil {
 			log.Fatal(err)
 		}
 	} else {
@@ -82,7 +83,7 @@ func removePidFile(pidfile string) {
 	}
 }
 
-func daemon(pidfile string) error {
+func daemon(pidfile string, autoRestart bool) error {
 	if err := createPidFile(pidfile); err != nil {
 		log.Fatal(err)
 	}
@@ -97,7 +98,7 @@ func daemon(pidfile string) error {
 		os.Exit(0)
 	}()
 
-	service, err := docker.NewServer()
+	service, err := docker.NewServer(autoRestart)
 	if err != nil {
 		return err
 	}

docs/README.md

@@ -15,6 +15,7 @@ Installation
 
 * Work in your own fork of the code, we accept pull requests.
 * Install sphinx: ``pip install sphinx``
+* Install sphinx httpdomain contrib package ``sphinxcontrib-httpdomain``
 * If pip is not available you can probably install it using your favorite package manager as **python-pip**
 
 Usage

docs/requirements.txt

@@ -0,0 +1,2 @@
+Sphinx==1.1.3
+sphinxcontrib-httpdomain==1.1.8

docs/sources/builder/basics.rst

@@ -0,0 +1,130 @@
+==============
+Docker Builder
+==============
+
+.. contents:: Table of Contents
+
+1. Format
+=========
+
+The Docker builder format is quite simple:
+
+    ``instruction arguments``
+
+The first instruction must be `FROM`
+
+All instruction are to be placed in a file named `Dockerfile`
+
+In order to place comments within a Dockerfile, simply prefix the line with "`#`"
+
+2. Instructions
+===============
+
+Docker builder comes with a set of instructions:
+
+1. FROM: Set from what image to build
+2. RUN: Execute a command
+3. INSERT: Insert a remote file (http) into the image
+
+2.1 FROM
+--------
+    ``FROM <image>``
+
+The `FROM` instruction must be the first one in order for Builder to know from where to run commands.
+
+`FROM` can also be used in order to build multiple images within a single Dockerfile
+
+2.2 MAINTAINER
+--------------
+    ``MAINTAINER <name>``
+
+The `MAINTAINER` instruction allow you to set the Author field of the generated images.
+This instruction is never automatically reset.
+
+2.3 RUN
+-------
+    ``RUN <command>``
+
+The `RUN` instruction is the main one, it allows you to execute any commands on the `FROM` image and to save the results.
+You can use as many `RUN` as you want within a Dockerfile, the commands will be executed on the result of the previous command.
+
+
+2.4 CMD
+-------
+    ``CMD <command>``
+
+The `CMD` instruction sets the command to be executed when running the image.
+It is equivalent to do `docker commit -run '{"Cmd": <command>}'` outside the builder.
+
+.. note::
+    Do not confuse `RUN` with `CMD`. `RUN` actually run a command and save the result, `CMD` does not execute anything.
+
+2.5 EXPOSE
+----------
+    ``EXPOSE <port> [<port>...]``
+
+The `EXPOSE` instruction sets ports to be publicly exposed when running the image.
+This is equivalent to do `docker commit -run '{"PortSpecs": ["<port>", "<port2>"]}'` outside the builder.
+
+2.6 ENV
+-------
+    ``ENV <key> <value>``
+
+The `ENV` instruction set as environment variable `<key>` with the value `<value>`. This value will be passed to all future ``RUN`` instructions.
+
+.. note::
+    The environment variables are local to the Dockerfile, they will not be set as autorun.
+
+2.7 INSERT
+----------
+
+    ``INSERT <file url> <path>``
+
+The `INSERT` instruction will download the file at the given url and place it within the image at the given path.
+
+.. note::
+    The path must include the file name.
+
+
+3. Dockerfile Examples
+======================
+
+::
+
+    # Nginx
+    #
+    # VERSION               0.0.1
+    # DOCKER-VERSION        0.2
+    
+    from      ubuntu
+    maintainer Guillaume J. Charmes "guillaume@dotcloud.com"
+    
+    # make sure the package repository is up to date
+    run echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
+    run apt-get update
+    
+    run apt-get install -y inotify-tools nginx apache openssh-server
+    insert https://raw.github.com/creack/docker-vps/master/nginx-wrapper.sh /usr/sbin/nginx-wrapper
+
+::
+
+    # Firefox over VNC
+    #
+    # VERSION               0.3
+    # DOCKER-VERSION        0.2
+    
+    from ubuntu
+    # make sure the package repository is up to date
+    run echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
+    run apt-get update
+    
+    # Install vnc, xvfb in order to create a 'fake' display and firefox
+    run apt-get install -y x11vnc xvfb firefox
+    run mkdir /.vnc
+    # Setup a password
+    run x11vnc -storepasswd 1234 ~/.vnc/passwd
+    # Autostart firefox (might not be the best way to do it, but it does the trick)
+    run bash -c 'echo "firefox" >> /.bashrc'
+    
+    expose 5900
+    cmd    ["x11vnc", "-forever", "-usepw", "-create"]

docs/sources/builder/index.rst

@@ -0,0 +1,14 @@
+:title: docker documentation
+:description: Documentation for docker builder
+:keywords: docker, builder, dockerfile
+
+
+Builder
+=======
+
+Contents:
+
+.. toctree::
+  :maxdepth: 2
+
+  basics

docs/sources/commandline/cli.rst

@@ -27,6 +27,7 @@ Available Commands
    :maxdepth: 1
 
    command/attach
+   command/build
    command/commit
    command/diff
    command/export
@@ -46,6 +47,7 @@ Available Commands
    command/rm
    command/rmi
    command/run
+   command/search
    command/start
    command/stop
    command/tag

docs/sources/commandline/command/build.rst

@@ -0,0 +1,9 @@
+===========================================
+``build`` -- Build a container from Dockerfile via stdin
+===========================================
+
+::
+
+    Usage: docker build -
+    Example: cat Dockerfile | docker build -
+    Build a new image from the Dockerfile passed via stdin

docs/sources/commandline/command/commit.rst

@@ -9,3 +9,19 @@
     Create a new image from a container's changes
 
       -m="": Commit message
+      -author="": Author (eg. "John Hannibal Smith <hannibal@a-team.com>"
+      -run="": Config automatically applied when the image is run. "+`(ex: {"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')
+
+Full -run example::
+
+    {"Hostname": "",
+     "User": "",
+     "Memory": 0,
+     "MemorySwap": 0,
+     "PortSpecs": ["22", "80", "443"],
+     "Tty": true,
+     "OpenStdin": true,
+     "StdinOnce": true,
+     "Env": ["FOO=BAR", "FOO2=BAR2"],
+     "Cmd": ["cat", "-e", "/etc/resolv.conf"],
+     "Dns": ["8.8.8.8", "8.8.4.4"]}

docs/sources/commandline/command/images.rst

@@ -10,3 +10,13 @@
 
       -a=false: show all images
       -q=false: only show numeric IDs
+      -viz=false: output in graphviz format
+
+Displaying images visually
+--------------------------
+
+::
+
+    docker images -viz | dot -Tpng -o docker.png
+
+.. image:: images/docker_images.gif

docs/sources/commandline/command/run.rst

@@ -17,3 +17,6 @@
       -p=[]: Map a network port to the container
       -t=false: Allocate a pseudo-tty
       -u="": Username or UID
+      -d=[]: Set custom dns servers for the container
+      -v=[]: Creates a new volumes and mount it at the specified path.
+      -volumes-from="": Mount all volumes from the given container.

docs/sources/commandline/command/search.rst

@@ -0,0 +1,10 @@
+===================================================================
+``search`` -- Search for an image in the docker index
+===================================================================
+
+::
+
+    Usage: docker search TERM
+
+    Searches for the TERM parameter on the Docker index and prints out a list of repositories
+    that match.

docs/sources/commandline/index.rst

@@ -9,7 +9,7 @@ Commands
 Contents:
 
 .. toctree::
-  :maxdepth: 2
+  :maxdepth: 3
 
   basics
   workingwithrepository

docs/sources/concepts/buildingblocks.rst

@@ -12,7 +12,7 @@ Images
 ------
 An original container image. These are stored on disk and are comparable with what you normally expect from a stopped virtual machine image. Images are stored (and retrieved from) repository
 
-Images are stored on your local file system under /var/lib/docker/images
+Images are stored on your local file system under /var/lib/docker/graph
 
 
 .. _containers:

docs/sources/conf.py

@@ -25,7 +25,7 @@ import sys, os
 
 # Add any Sphinx extension module names here, as strings. They can be extensions
 # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
-extensions = []
+extensions = ['sphinxcontrib.httpdomain']
 
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ['_templates']

docs/sources/examples/couchdb_data_volumes.rst

@@ -0,0 +1,53 @@
+:title: Sharing data between 2 couchdb databases
+:description: Sharing data between 2 couchdb databases
+:keywords: docker, example, package installation, networking, couchdb, data volumes
+
+.. _running_couchdb_service:
+
+Create a CouchDB service
+======================
+
+.. include:: example_header.inc
+
+Here's an example of using data volumes to share the same data between 2 couchdb containers.
+This could be used for hot upgrades, testing different versions of couchdb on the same data, etc.
+
+Create first database
+---------------------
+
+Note that we're marking /var/lib/couchdb as a data volume.
+
+.. code-block:: bash
+
+    COUCH1=$(docker run -d -v /var/lib/couchdb shykes/couchdb:2013-05-03)
+
+Add data to the first database
+------------------------------
+
+We're assuming your docker host is reachable at `localhost`. If not, replace `localhost` with the public IP of your docker host.
+
+.. code-block:: bash
+
+    HOST=localhost
+    URL="http://$HOST:$(docker port $COUCH1 5984)/_utils/"
+    echo "Navigate to $URL in your browser, and use the couch interface to add data"
+
+Create second database
+----------------------
+
+This time, we're requesting shared access to $COUCH1's volumes.
+
+.. code-block:: bash
+
+    COUCH2=$(docker run -d -volumes-from $COUCH1) shykes/couchdb:2013-05-03)
+
+Browse data on the second database
+----------------------------------
+
+.. code-block:: bash
+
+    HOST=localhost
+    URL="http://$HOST:$(docker port $COUCH2 5984)/_utils/"
+    echo "Navigate to $URL in your browser. You should see the same data as in the first database!"
+
+Congratulations, you are running 2 Couchdb containers, completely isolated from each other *except* for their data.

docs/sources/examples/index.rst

@@ -18,3 +18,4 @@ Contents:
    python_web_app
    running_redis_service
    running_ssh_service
+   couchdb_data_volumes

docs/sources/index.html

@@ -7,7 +7,8 @@
 <head>
     <meta charset="utf-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
-    <title>Docker - the Linux container runtime</title>
+    <meta name="google-site-verification" content="UxV66EKuPe87dgnH1sbrldrx6VsoWMrx5NjwkgUFxXI" />
+    <title>Docker - the Linux container engine</title>
 
     <meta name="description" content="Docker encapsulates heterogeneous payloads in standard containers">
     <meta name="viewport" content="width=device-width">
@@ -23,6 +24,29 @@
     <script src="_static/js/vendor/jquery-1.9.1.min.js" type="text/javascript" ></script>
     <script src="_static/js/vendor/modernizr-2.6.2-respond-1.1.0.min.js" type="text/javascript" ></script>
 
+    <style>
+        .indexlabel {
+            float: left;
+            width: 150px;
+            display: block;
+            padding: 10px 20px 10px;
+            font-size: 20px;
+            font-weight: 200;
+            background-color: #a30000;
+            color: white;
+            height: 22px;
+        }
+        .searchbutton {
+            font-size: 20px;
+            height: 40px;
+        }
+
+        .debug {
+            border: 1px red dotted;
+        }
+
+    </style>
+
 </head>
 
 
@@ -49,49 +73,40 @@
 </div>
 
 
-<div class="container">
-    <div class="row">
-        <div class="text-center">
-            <img src="_static/img/docker-letters-logo.gif">
-        </div>
-    </div>
-</div>
-
-<div class="container">
+<div class="container" style="margin-top: 30px;">
     <div class="row">
 
         <div class="span12">
             <section class="contentblock header">
 
-                <div class="span6" style="margin:10px 0px 0px 30px; float: right; ">
+                <div class="span5" style="margin-bottom: 15px;">
+                    <div style="text-align: center;" >
+                        <img src="_static/img/docker_letters_500px.png">
+
+                        <h2>The Linux container engine</h2>
+                    </div>
+
+                    <div style="display: block; text-align: center; margin-top: 20px;">
+
+                        <h5>
+                            Docker is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers which are independent of hardware, language, framework, packaging system and hosting provider.
+                        </h5>
+
+                    </div>
+
+
+                    <div style="display: block; text-align: center; margin-top: 30px;">
+                        <a class="btn btn-custom btn-large" href="gettingstarted/">Let's get started</a>
+                    </div>
+
+                </div>
+
+                <div class="span6" >
                     <div class="js-video" >
-                        <iframe width="640" height="360" src="http://www.youtube.com/embed/wW9CAH9nSLs?feature=player_detailpage&rel=0&modestbranding=1&start=11" frameborder="0" allowfullscreen></iframe>
+                        <iframe width="600" height="360" src="http://www.youtube.com/embed/wW9CAH9nSLs?feature=player_detailpage&rel=0&modestbranding=1&start=11" frameborder="0" allowfullscreen></iframe>
                     </div>
                 </div>
 
-                <div style="text-align: center; padding: 50px 30px 50px 30px;">
-		    <h1>Docker</h1>
-		    <h2>The Linux container runtime</h2>
-                </div>
-
-                <div style="display: block; text-align: center; padding: 10px 30px 50px 30px;">
-			<p>
-			Docker complements LXC with a high-level API which operates at the process level.
-			It runs unix processes with strong guarantees of isolation and repeatability across servers.
-			</p>
-
-			<p>
-			Docker is a great building block for automating distributed systems: large-scale web deployments, database clusters, continuous deployment systems, private PaaS, service-oriented architectures, etc.
-			</p>
-                </div>
-
-
-                <div style="display: block; text-align: center;">
-                    <a class="btn btn-custom btn-large" href="gettingstarted/">Let's get started</a>
-                </div>
-
-
-
                 <br style="clear: both"/>
             </section>
         </div>
@@ -101,31 +116,56 @@
 <div class="container">
     <div class="row">
 
-        <div class="span3">
+        <div class="span6">
             <section class="contentblock">
                 <h4>Heterogeneous payloads</h4>
                 <p>Any combination of binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, you name it. No more juggling between domain-specific tools. Docker can deploy and run them all.</p>
-            </section>
-        </div>
-        <div class="span3">
-            <section class="contentblock">
                 <h4>Any server</h4>
                 <p>Docker can run on any x64 machine with a modern linux kernel - whether it's a laptop, a bare metal server or a VM. This makes it perfect for multi-cloud deployments.</p>
-            </section>
-        </div>
-        <div class="span3">
-            <section class="contentblock">
                 <h4>Isolation</h4>
-                <p>docker isolates processes from each other and from the underlying host, using lightweight containers.</p>
+                <p>Docker isolates processes from each other and from the underlying host, using lightweight containers.</p>
+                <h4>Repeatability</h4>
+                <p>Because each container is isolated in its own filesystem, they behave the same regardless of where, when, and alongside what they run.</p>
             </section>
         </div>
-        <div class="span3">
+        <div class="span6">
             <section class="contentblock">
-                <h4>Repeatability</h4>
-                <p>Because containers are isolated in their own filesystem, they behave the same regardless of where, when, and alongside what they run.</p>
+                <h1>New! Docker Index</h1>
+                On the Docker Index you can find and explore pre-made container images. It allows you to share your images and download them.
+
+                <br><br>
+                <a href="https://index.docker.io" target="_blank">
+                    <div class="indexlabel">
+                        DOCKER index
+                    </div>
+                </a>
+                &nbsp;
+                <input type="button" class="searchbutton" type="submit" value="Search images"
+                       onClick="window.open('https://index.docker.io')" />
+
+            </section>
+            <section class="contentblock">
+                <div id="wufoo-z7x3p3">
+                    Fill out my <a href="http://dotclouddocker.wufoo.com/forms/z7x3p3">online form</a>.
+                </div>
+                <script type="text/javascript">var z7x3p3;(function(d, t) {
+                    var s = d.createElement(t), options = {
+                        'userName':'dotclouddocker',
+                        'formHash':'z7x3p3',
+                        'autoResize':true,
+                        'height':'577',
+                        'async':true,
+                        'header':'show'};
+                    s.src = ('https:' == d.location.protocol ? 'https://' : 'http://') + 'wufoo.com/scripts/embed/form.js';
+                    s.onload = s.onreadystatechange = function() {
+                        var rs = this.readyState; if (rs) if (rs != 'complete') if (rs != 'loaded') return;
+                        try { z7x3p3 = new WufooForm();z7x3p3.initialize(options);z7x3p3.display(); } catch (e) {}};
+                    var scr = d.getElementsByTagName(t)[0], par = scr.parentNode; par.insertBefore(s, scr);
+                })(document, 'script');</script>
             </section>
         </div>
     </div>
+
 </div>
 
 <style>
@@ -173,18 +213,12 @@
     </div>
 </div>
 
-<!--         <p>Docker encapsulates heterogeneous payloads in <a href="#container">Standard Containers</a>, and runs them on any server with strong guarantees of isolation and repeatability.</p>
-
-        <p>It is a great building block for automating distributed systems: large-scale web deployments, database clusters, continuous deployment systems, private PaaS, service-oriented architectures, etc.</p>
-
- -->
 <div class="container">
     <div class="row">
         <div class="span6">
 
             <section class="contentblock">
 
-                <!-- <img src="_static/lego_docker.jpg" width="600px" style="float:right; margin-left: 10px"> -->
                 <h2>Notable features</h2>
 
                 <ul>
@@ -208,35 +242,26 @@
                     <li><a href="http://lxc.sourceforge.net/">lxc</a>, a set of convenience scripts to simplify the creation of linux containers.</li>
                 </ul>
 
+                <h2>Who started it</h2>
+                <p>
+                    Docker is an open-source implementation of the deployment engine which powers <a href="http://dotcloud.com">dotCloud</a>, a popular Platform-as-a-Service.</p>
+
+                <p>It benefits directly from the experience accumulated over several years of large-scale operation and support of hundreds of thousands
+                    of applications and databases.
+                </p>
+
             </section>
         </div>
 
         <div class="span6">
-            <section class="contentblock">
-                <div id="wufoo-z7x3p3">
-                    Fill out my <a href="http://dotclouddocker.wufoo.com/forms/z7x3p3">online form</a>.
-                </div>
-                <script type="text/javascript">var z7x3p3;(function(d, t) {
-                    var s = d.createElement(t), options = {
-                        'userName':'dotclouddocker',
-                        'formHash':'z7x3p3',
-                        'autoResize':true,
-                        'height':'577',
-                        'async':true,
-                        'header':'show'};
-                    s.src = ('https:' == d.location.protocol ? 'https://' : 'http://') + 'wufoo.com/scripts/embed/form.js';
-                    s.onload = s.onreadystatechange = function() {
-                        var rs = this.readyState; if (rs) if (rs != 'complete') if (rs != 'loaded') return;
-                        try { z7x3p3 = new WufooForm();z7x3p3.initialize(options);z7x3p3.display(); } catch (e) {}};
-                    var scr = d.getElementsByTagName(t)[0], par = scr.parentNode; par.insertBefore(s, scr);
-                })(document, 'script');</script>
-            </section>
+
 
             <section class="contentblock">
                 <h3 id="twitter">Twitter</h3>
                 <a class="twitter-timeline" href="https://twitter.com/getdocker" data-widget-id="312730839718957056">Tweets by @getdocker</a>
                 <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
             </section>
+
         </div>
     </div>
 

docs/sources/index.rst

@@ -15,7 +15,10 @@ This documentation has the following resources:
    examples/index
    contributing/index
    commandline/index
+   registry/index
+   index/index
+   builder/index
    faq
 
 
-.. image:: http://www.docker.io/_static/lego_docker.jpg
+.. image:: http://www.docker.io/_static/lego_docker.jpg

docs/sources/index/index.rst

@@ -0,0 +1,15 @@
+:title: Docker Index documentation
+:description: Documentation for docker Index
+:keywords: docker, index, api
+
+
+
+Index
+=====
+
+Contents:
+
+.. toctree::
+   :maxdepth: 2
+
+   search

docs/sources/index/search.rst

@@ -0,0 +1,38 @@
+=======================
+Docker Index Search API
+=======================
+
+Search
+------
+
+.. http:get:: /v1/search
+
+   Search the Index given a search term. It accepts :http:method:`get` only.
+
+   **Example request**:
+
+   .. sourcecode:: http
+
+      GET /v1/search?q=search_term HTTP/1.1
+      Host: example.com
+      Accept: application/json
+
+   **Example response**:
+
+   .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Vary: Accept
+      Content-Type: application/json
+
+      {"query":"search_term",
+        "num_results": 2,
+        "results" : [
+           {"name": "dotcloud/base", "description": "A base ubuntu64  image..."},
+           {"name": "base2", "description": "A base ubuntu64  image..."},
+         ]
+       }
+   
+   :query q: what you want to search for
+   :statuscode 200: no error
+   :statuscode 500: server error

docs/sources/installation/binaries.rst

@@ -26,9 +26,9 @@ Install the docker binary:
 
 ::
 
-    wget http://get.docker.io/builds/Linux/x86_64/docker-master.tgz
-    tar -xf docker-master.tgz
-    sudo cp ./docker-master /usr/local/bin
+    wget http://get.docker.io/builds/Linux/x86_64/docker-latest.tgz
+    tar -xf docker-latest.tgz
+    sudo cp ./docker-latest/docker /usr/local/bin
 
 Note: docker currently only supports 64-bit Linux hosts.
 
@@ -50,4 +50,4 @@ Run your first container!
 
 
 
-Continue with the :ref:`hello_world` example.
+Continue with the :ref:`hello_world` example.

docs/sources/installation/ubuntulinux.rst

@@ -18,7 +18,7 @@ The linux-image-extra package is only needed on standard Ubuntu EC2 AMIs in orde
 
 .. code-block:: bash
 
-   sudo apt-get install linux-image-extra-`uname -r`
+   sudo apt-get install linux-image-extra-`uname -r` lxc bsdtar
 
 
 Installation
@@ -48,7 +48,7 @@ Now install it, you will see another warning that the package cannot be authenti
 
 .. code-block:: bash
 
-   sudo apt-get install lxc-docker
+    curl get.docker.io | sudo sh -x
 
 
 Verify it worked

docs/sources/installation/upgrading.rst

@@ -11,7 +11,7 @@ Get the latest docker binary:
 
 ::
 
-  wget http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-master.tgz
+  wget http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-latest.tgz
 
 
 
@@ -19,7 +19,7 @@ Unpack it to your current dir
 
 ::
 
-   tar -xf docker-master.tgz
+   tar -xf docker-latest.tgz
 
 
 Stop your current daemon. How you stop your daemon depends on how you started it.
@@ -38,4 +38,4 @@ Now start the daemon
    sudo ./docker -d &
 
 
-Alternatively you can replace the docker binary in ``/usr/local/bin``
+Alternatively you can replace the docker binary in ``/usr/local/bin``

docs/sources/registry/api.rst

@@ -0,0 +1,468 @@
+===================
+Docker Registry API
+===================
+
+.. contents:: Table of Contents
+
+1. The 3 roles
+===============
+
+1.1 Index
+---------
+
+The Index is responsible for centralizing information about:
+- User accounts
+- Checksums of the images
+- Public namespaces
+
+The Index has different components:
+- Web UI
+- Meta-data store (comments, stars, list public repositories)
+- Authentication service
+- Tokenization
+
+The index is authoritative for those information.
+
+We expect that there will be only one instance of the index, run and managed by dotCloud.
+
+1.2 Registry
+------------
+- It stores the images and the graph for a set of repositories
+- It does not have user accounts data
+- It has no notion of user accounts or authorization
+- It delegates authentication and authorization to the Index Auth service using tokens
+- It supports different storage backends (S3, cloud files, local FS)
+- It doesn’t have a local database
+- It will be open-sourced at some point
+
+We expect that there will be multiple registries out there. To help to grasp the context, here are some examples of registries:
+
+- **sponsor registry**: such a registry is provided by a third-party hosting infrastructure as a convenience for their customers and the docker community as a whole. Its costs are supported by the third party, but the management and operation of the registry are supported by dotCloud. It features read/write access, and delegates authentication and authorization to the Index.
+- **mirror registry**: such a registry is provided by a third-party hosting infrastructure but is targeted at their customers only. Some mechanism (unspecified to date) ensures that public images are pulled from a sponsor registry to the mirror registry, to make sure that the customers of the third-party provider can “docker pull” those images locally.
+- **vendor registry**: such a registry is provided by a software vendor, who wants to distribute docker images. It would be operated and managed by the vendor. Only users authorized by the vendor would be able to get write access. Some images would be public (accessible for anyone), others private (accessible only for authorized users). Authentication and authorization would be delegated to the Index. The goal of vendor registries is to let someone do “docker pull basho/riak1.3” and automatically push from the vendor registry (instead of a sponsor registry); i.e. get all the convenience of a sponsor registry, while retaining control on the asset distribution.
+- **private registry**: such a registry is located behind a firewall, or protected by an additional security layer (HTTP authorization, SSL client-side certificates, IP address authorization...). The registry is operated by a private entity, outside of dotCloud’s control. It can optionally delegate additional authorization to the Index, but it is not mandatory.
+
+.. note::
+
+    Mirror registries and private registries which do not use the Index don’t even need to run the registry code. They can be implemented by any kind of transport implementing HTTP GET and PUT. Read-only registries can be powered by a simple static HTTP server. 
+
+.. note::
+
+    The latter implies that while HTTP is the protocol of choice for a registry, multiple schemes are possible (and in some cases, trivial):
+        - HTTP with GET (and PUT for read-write registries);
+        - local mount point;
+        - remote docker addressed through SSH.
+
+The latter would only require two new commands in docker, e.g. “registryget” and “registryput”, wrapping access to the local filesystem (and optionally doing consistency checks). Authentication and authorization are then delegated to SSH (e.g. with public keys).
+
+1.3 Docker
+----------
+
+On top of being a runtime for LXC, Docker is the Registry client. It supports:
+- Push / Pull on the registry
+- Client authentication on the Index
+
+2. Workflow
+===========
+
+2.1 Pull
+--------
+
+.. image:: /static_files/docker_pull_chart.png
+
+1. Contact the Index to know where I should download “samalba/busybox”
+2. Index replies:
+   a. “samalba/busybox” is on Registry A
+   b. here are the checksums for “samalba/busybox” (for all layers)
+   c. token
+3. Contact Registry A to receive the layers for “samalba/busybox” (all of them to the base image). Registry A is authoritative for “samalba/busybox” but keeps a copy of all inherited layers and serve them all from the same location.
+4. registry contacts index to verify if token/user is allowed to download images
+5. Index returns true/false lettings registry know if it should proceed or error out
+6. Get the payload for all layers
+
+It’s possible to run docker pull https://<registry>/repositories/samalba/busybox. In this case, docker bypasses the Index. However the security is not guaranteed (in case Registry A is corrupted) because there won’t be any checksum checks.
+
+Currently registry redirects to s3 urls for downloads, going forward all downloads need to be streamed through the registry. The Registry will then abstract the calls to S3 by a top-level class which implements sub-classes for S3 and local storage.
+
+Token is only returned when the 'X-Docker-Token' header is sent with request.
+
+Basic Auth is required to pull private repos. Basic auth isn't required for pulling public repos, but if one is provided, it needs to be valid and for an active account.
+
+API (pulling repository foo/bar):
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. (Docker -> Index) GET /v1/repositories/foo/bar/images
+    **Headers**:
+        Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+        X-Docker-Token: true
+    **Action**:
+        (looking up the foo/bar in db and gets images and checksums for that repo (all if no tag is specified, if tag, only checksums for those tags) see part 4.4.1)
+
+2. (Index -> Docker) HTTP 200 OK
+
+    **Headers**:
+        - Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+        - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io]
+    **Body**:
+        Jsonified checksums (see part 4.4.1)
+
+3. (Docker -> Registry) GET /v1/repositories/foo/bar/tags/latest
+    **Headers**: 
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+
+4. (Registry -> Index) GET /v1/repositories/foo/bar/images
+
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=read
+
+    **Body**:
+        <ids and checksums in payload>
+
+    **Action**:
+        ( Lookup token see if they have access to pull.)
+
+        If good: 
+            HTTP 200 OK
+            Index will invalidate the token
+        If bad: 
+            HTTP 401 Unauthorized
+
+5. (Docker -> Registry) GET /v1/images/928374982374/ancestry
+    **Action**:
+        (for each image id returned in the registry, fetch /json + /layer)
+
+.. note::
+
+    If someone makes a second request, then we will always give a new token, never reuse tokens.
+
+2.2 Push
+--------
+
+.. image:: /static_files/docker_push_chart.png
+
+1. Contact the index to allocate the repository name “samalba/busybox” (authentication required with user credentials)
+2. If authentication works and namespace available, “samalba/busybox” is allocated and a temporary token is returned (namespace is marked as initialized in index)
+3. Push the image on the registry (along with the token)
+4. Registry A contacts the Index to verify the token (token must corresponds to the repository name)
+5. Index validates the token. Registry A starts reading the stream pushed by docker and store the repository (with its images)
+6. docker contacts the index to give checksums for upload images
+
+.. note::
+
+    **It’s possible not to use the Index at all!** In this case, a deployed version of the Registry is deployed to store and serve images. Those images are not authentified and the security is not guaranteed.
+
+.. note::
+
+    **Index can be replaced!** For a private Registry deployed, a custom Index can be used to serve and validate token according to different policies.
+
+Docker computes the checksums and submit them to the Index at the end of the push. When a repository name does not have checksums on the Index, it means that the push is in progress (since checksums are submitted at the end).
+
+API (pushing repos foo/bar):
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. (Docker -> Index) PUT /v1/repositories/foo/bar/
+    **Headers**:
+        Authorization: Basic sdkjfskdjfhsdkjfh==
+        X-Docker-Token: true
+
+    **Action**::
+        - in index, we allocated a new repository, and set to initialized
+
+    **Body**::
+        (The body contains the list of images that are going to be pushed, with empty checksums. The checksums will be set at the end of the push)::
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}]
+
+2. (Index -> Docker) 200 Created
+    **Headers**:
+        - WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=write
+        - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io]
+
+3. (Docker -> Registry) PUT /v1/images/98765432_parent/json
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+
+4. (Registry->Index) GET /v1/repositories/foo/bar/images
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+    **Action**::
+        - Index: 
+            will invalidate the token.
+        - Registry: 
+            grants a session (if token is approved) and fetches the images id
+
+5. (Docker -> Registry) PUT /v1/images/98765432_parent/json
+    **Headers**::
+        - Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+        - Cookie: (Cookie provided by the Registry)
+
+6. (Docker -> Registry) PUT /v1/images/98765432/json
+    **Headers**:
+        Cookie: (Cookie provided by the Registry)
+
+7. (Docker -> Registry) PUT /v1/images/98765432_parent/layer
+    **Headers**:
+        Cookie: (Cookie provided by the Registry)
+
+8. (Docker -> Registry) PUT /v1/images/98765432/layer
+    **Headers**:
+        X-Docker-Checksum: sha256:436745873465fdjkhdfjkgh
+
+9. (Docker -> Registry) PUT /v1/repositories/foo/bar/tags/latest
+    **Headers**:
+        Cookie: (Cookie provided by the Registry)
+    **Body**:
+        “98765432”
+
+10. (Docker -> Index) PUT /v1/repositories/foo/bar/images
+
+    **Headers**:
+        Authorization: Basic 123oislifjsldfj==
+        X-Docker-Endpoints: registry1.docker.io (no validation on this right now)
+
+    **Body**:
+        (The image, id’s, tags and checksums)
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, 
+        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+
+    **Return** HTTP 204
+
+.. note::
+
+     If push fails and they need to start again, what happens in the index, there will already be a record for the namespace/name, but it will be initialized. Should we allow it, or mark as name already used? One edge case could be if someone pushes the same thing at the same time with two different shells.
+
+     If it's a retry on the Registry, Docker has a cookie (provided by the registry after token validation). So the Index won’t have to provide a new token.
+
+3. How to use the Registry in standalone mode
+=============================================
+
+The Index has two main purposes (along with its fancy social features):
+
+- Resolve short names (to avoid passing absolute URLs all the time)
+   - username/projectname -> https://registry.docker.io/users/<username>/repositories/<projectname>/
+   - team/projectname -> https://registry.docker.io/team/<team>/repositories/<projectname>/
+- Authenticate a user as a repos owner (for a central referenced repository)
+
+3.1 Without an Index
+--------------------
+Using the Registry without the Index can be useful to store the images on a private network without having to rely on an external entity controlled by dotCloud.
+
+In this case, the registry will be launched in a special mode (--standalone? --no-index?). In this mode, the only thing which changes is that Registry will never contact the Index to verify a token. It will be the Registry owner responsibility to authenticate the user who pushes (or even pulls) an image using any mechanism (HTTP auth, IP based, etc...).
+
+In this scenario, the Registry is responsible for the security in case of data corruption since the checksums are not delivered by a trusted entity.
+
+As hinted previously, a standalone registry can also be implemented by any HTTP server handling GET/PUT requests (or even only GET requests if no write access is necessary).
+
+3.2 With an Index
+-----------------
+
+The Index data needed by the Registry are simple:
+- Serve the checksums
+- Provide and authorize a Token
+
+In the scenario of a Registry running on a private network with the need of centralizing and authorizing, it’s easy to use a custom Index.
+
+The only challenge will be to tell Docker to contact (and trust) this custom Index. Docker will be configurable at some point to use a specific Index, it’ll be the private entity responsibility (basically the organization who uses Docker in a private environment) to maintain the Index and the Docker’s configuration among its consumers.
+
+4. The API
+==========
+
+The first version of the api is available here: https://github.com/jpetazzo/docker/blob/acd51ecea8f5d3c02b00a08176171c59442df8b3/docs/images-repositories-push-pull.md
+
+4.1 Images
+----------
+
+The format returned in the images is not defined here (for layer and json), basically because Registry stores exactly the same kind of information as Docker uses to manage them.
+
+The format of ancestry is a line-separated list of image ids, in age order. I.e. the image’s parent is on the last line, the parent of the parent on the next-to-last line, etc.; if the image has no parent, the file is empty.
+
+GET /v1/images/<image_id>/layer
+PUT /v1/images/<image_id>/layer
+GET /v1/images/<image_id>/json
+PUT /v1/images/<image_id>/json
+GET /v1/images/<image_id>/ancestry
+PUT /v1/images/<image_id>/ancestry
+
+4.2 Users
+---------
+
+4.2.1 Create a user (Index)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+POST /v1/users
+
+**Body**:
+    {"email": "sam@dotcloud.com", "password": "toto42", "username": "foobar"'}
+
+**Validation**:
+    - **username** : min 4 character, max 30 characters, all lowercase no special characters. 
+    - **password**: min 5 characters
+
+**Valid**: return HTTP 200
+
+Errors: HTTP 400 (we should create error codes for possible errors)
+- invalid json
+- missing field
+- wrong format (username, password, email, etc)
+- forbidden name
+- name already exists
+
+.. note::
+
+    A user account will be valid only if the email has been validated (a validation link is sent to the email address).
+
+4.2.2 Update a user (Index)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+PUT /v1/users/<username>
+
+**Body**:
+    {"password": "toto"}
+
+.. note::
+
+    We can also update email address, if they do, they will need to reverify their new email address.
+
+4.2.3 Login (Index)
+^^^^^^^^^^^^^^^^^^^
+Does nothing else but asking for a user authentication. Can be used to validate credentials. HTTP Basic Auth for now, maybe change in future.
+
+GET /v1/users
+
+**Return**:
+    - Valid: HTTP 200
+    - Invalid login: HTTP 401
+    - Account inactive: HTTP 403 Account is not Active
+
+4.3 Tags (Registry)
+-------------------
+
+The Registry does not know anything about users. Even though repositories are under usernames, it’s just a namespace for the registry. Allowing us to implement organizations or different namespaces per user later, without modifying the Registry’s API.
+
+4.3.1 Get all tags
+^^^^^^^^^^^^^^^^^^
+
+GET /v1/repositories/<namespace>/<repository_name>/tags
+
+**Return**: HTTP 200
+    {
+    "latest": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f",
+    “0.1.1”:  “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”
+    }
+
+4.3.2 Read the content of a tag (resolve the image id)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+GET /v1/repositories/<namespace>/<repo_name>/tags/<tag>
+
+**Return**:
+    "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f"
+
+4.3.3 Delete a tag (registry)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+DELETE /v1/repositories/<namespace>/<repo_name>/tags/<tag>
+
+4.4 Images (Index)
+------------------
+
+For the Index to “resolve” the repository name to a Registry location, it uses the X-Docker-Endpoints header. In other terms, this requests always add a “X-Docker-Endpoints” to indicate the location of the registry which hosts this repository.
+
+4.4.1 Get the images
+^^^^^^^^^^^^^^^^^^^^^
+
+GET /v1/repositories/<namespace>/<repo_name>/images
+
+**Return**: HTTP 200
+    [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+
+
+4.4.2 Add/update the images
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You always add images, you never remove them.
+
+PUT /v1/repositories/<namespace>/<repo_name>/images
+
+**Body**:
+    [ {“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”} ]
+    
+**Return** 204
+
+5. Chaining Registries
+======================
+
+It’s possible to chain Registries server for several reasons:
+- Load balancing
+- Delegate the next request to another server
+
+When a Registry is a reference for a repository, it should host the entire images chain in order to avoid breaking the chain during the download.
+
+The Index and Registry use this mechanism to redirect on one or the other.
+
+Example with an image download:
+On every request, a special header can be returned:
+
+X-Docker-Endpoints: server1,server2
+
+On the next request, the client will always pick a server from this list.
+
+6. Authentication & Authorization
+=================================
+
+6.1 On the Index
+-----------------
+
+The Index supports both “Basic” and “Token” challenges. Usually when there is a “401 Unauthorized”, the Index replies this::
+
+    401 Unauthorized
+    WWW-Authenticate: Basic realm="auth required",Token
+
+You have 3 options:
+
+1. Provide user credentials and ask for a token
+
+    **Header**:
+        - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+        - X-Docker-Token: true
+
+    In this case, along with the 200 response, you’ll get a new token (if user auth is ok):
+    If authorization isn't correct you get a 401 response.
+    If account isn't active you will get a 403 response.
+
+    **Response**:
+        - 200 OK
+        - X-Docker-Token: Token signature=123abc,repository=”foo/bar”,access=read
+
+2. Provide user credentials only
+
+    **Header**:
+        Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+
+3. Provide Token
+
+    **Header**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=read
+
+6.2 On the Registry
+-------------------
+
+The Registry only supports the Token challenge::
+
+    401 Unauthorized
+    WWW-Authenticate: Token
+
+The only way is to provide a token on “401 Unauthorized” responses::
+
+    Authorization: Token signature=123abc,repository=”foo/bar”,access=read
+
+Usually, the Registry provides a Cookie when a Token verification succeeded. Every time the Registry passes a Cookie, you have to pass it back the same cookie.::
+
+    200 OK
+    Set-Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=&timestamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="; Path=/; HttpOnly
+
+Next request::
+
+    GET /(...)
+    Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=&timestamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="

docs/sources/registry/index.rst

@@ -0,0 +1,15 @@
+:title: docker Registry documentation
+:description: Documentation for docker Registry and Registry API
+:keywords: docker, registry, api, index
+
+
+
+Registry
+========
+
+Contents:
+
+.. toctree::
+   :maxdepth: 2
+
+   api

docs/theme/docker/layout.html

@@ -6,6 +6,7 @@
 <head>
     <meta charset="utf-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+    <meta name="google-site-verification" content="UxV66EKuPe87dgnH1sbrldrx6VsoWMrx5NjwkgUFxXI" />
 
     <title>Docker - {{ meta['title'] if meta and meta['title'] else title }}</title>
 
@@ -74,7 +75,7 @@
             </div>
 
             <div style="margin-left: -12px; float: left;">
-                <a href="{{ pathto('./', 1) }}"><img style="margin-top: 12px; height: 38px" src="{{ pathto('_static/img/docker-letters-logo.gif', 1) }}"></a>
+                <a href="http://www.docker.io"><img style="margin-top: 12px; height: 38px" src="{{ pathto('_static/img/docker-letters-logo.gif', 1) }}"></a>
             </div>
         </div>
 

docs/theme/docker/static/css/main.css

@@ -82,7 +82,7 @@ h4 {
 .btn-custom {
   background-color: #292929 !important;
   background-repeat: repeat-x;
-  filter: progid:DXImageTransform.Microsoft.gradient(startColorstr="#515151", endColorstr="#282828");
+  filter: progid:dximagetransform.microsoft.gradient(startColorstr="#515151", endColorstr="#282828");
   background-image: -khtml-gradient(linear, left top, left bottom, from(#515151), to(#282828));
   background-image: -moz-linear-gradient(top, #515151, #282828);
   background-image: -ms-linear-gradient(top, #515151, #282828);
@@ -330,3 +330,7 @@ section.header {
 @media (max-width: 480px) {
   
 }
+/* Misc fixes */
+table th {
+  text-align: left;
+}

docs/theme/docker/static/css/main.less

@@ -449,4 +449,9 @@ section.header {
 @media (max-width: 480px) {
 
 
+}
+
+/* Misc fixes */
+table th {
+  text-align: left;
 }

graph.go

@@ -4,17 +4,23 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"net/http"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
+	"sync"
 	"time"
 )
 
 // A Graph is a store for versioned filesystem images and the relationship between them.
 type Graph struct {
-	Root    string
-	idIndex *TruncIndex
+	Root         string
+	idIndex      *TruncIndex
+	httpClient   *http.Client
+	checksumLock map[string]*sync.Mutex
+	lockSumFile  *sync.Mutex
+	lockSumMap   *sync.Mutex
 }
 
 // NewGraph instantiates a new graph at the given root path in the filesystem.
@@ -25,12 +31,15 @@ func NewGraph(root string) (*Graph, error) {
 		return nil, err
 	}
 	// Create the root directory if it doesn't exists
-	if err := os.Mkdir(root, 0700); err != nil && !os.IsExist(err) {
+	if err := os.MkdirAll(root, 0700); err != nil && !os.IsExist(err) {
 		return nil, err
 	}
 	graph := &Graph{
-		Root:    abspath,
-		idIndex: NewTruncIndex(),
+		Root:         abspath,
+		idIndex:      NewTruncIndex(),
+		checksumLock: make(map[string]*sync.Mutex),
+		lockSumFile:  &sync.Mutex{},
+		lockSumMap:   &sync.Mutex{},
 	}
 	if err := graph.restore(); err != nil {
 		return nil, err
@@ -80,17 +89,23 @@ func (graph *Graph) Get(name string) (*Image, error) {
 		return nil, fmt.Errorf("Image stored at '%s' has wrong id '%s'", id, img.Id)
 	}
 	img.graph = graph
+	graph.lockSumMap.Lock()
+	defer graph.lockSumMap.Unlock()
+	if _, exists := graph.checksumLock[img.Id]; !exists {
+		graph.checksumLock[img.Id] = &sync.Mutex{}
+	}
 	return img, nil
 }
 
 // Create creates a new image and registers it in the graph.
-func (graph *Graph) Create(layerData Archive, container *Container, comment, author string) (*Image, error) {
+func (graph *Graph) Create(layerData Archive, container *Container, comment, author string, config *Config) (*Image, error) {
 	img := &Image{
 		Id:            GenerateId(),
 		Comment:       comment,
 		Created:       time.Now(),
 		DockerVersion: VERSION,
 		Author:        author,
+		Config:        config,
 	}
 	if container != nil {
 		img.Parent = container.Image
@@ -100,6 +115,7 @@ func (graph *Graph) Create(layerData Archive, container *Container, comment, aut
 	if err := graph.Register(layerData, img); err != nil {
 		return nil, err
 	}
+	go img.Checksum()
 	return img, nil
 }
 
@@ -127,6 +143,7 @@ func (graph *Graph) Register(layerData Archive, img *Image) error {
 	}
 	img.graph = graph
 	graph.idIndex.Add(img.Id)
+	graph.checksumLock[img.Id] = &sync.Mutex{}
 	return nil
 }
 
@@ -249,14 +266,14 @@ func (graph *Graph) WalkAll(handler func(*Image)) error {
 func (graph *Graph) ByParent() (map[string][]*Image, error) {
 	byParent := make(map[string][]*Image)
 	err := graph.WalkAll(func(image *Image) {
-		image, err := graph.Get(image.Parent)
+		parent, err := graph.Get(image.Parent)
 		if err != nil {
 			return
 		}
-		if children, exists := byParent[image.Parent]; exists {
-			byParent[image.Parent] = []*Image{image}
+		if children, exists := byParent[parent.Id]; exists {
+			byParent[parent.Id] = []*Image{image}
 		} else {
-			byParent[image.Parent] = append(children, image)
+			byParent[parent.Id] = append(children, image)
 		}
 	})
 	return byParent, err

graph_test.go

@@ -62,7 +62,7 @@ func TestGraphCreate(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	image, err := graph.Create(archive, nil, "Testing", "")
+	image, err := graph.Create(archive, nil, "Testing", "", nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -122,7 +122,7 @@ func TestMount(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	image, err := graph.Create(archive, nil, "Testing", "")
+	image, err := graph.Create(archive, nil, "Testing", "", nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -166,7 +166,7 @@ func createTestImage(graph *Graph, t *testing.T) *Image {
 	if err != nil {
 		t.Fatal(err)
 	}
-	img, err := graph.Create(archive, nil, "Test image", "")
+	img, err := graph.Create(archive, nil, "Test image", "", nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -181,7 +181,7 @@ func TestDelete(t *testing.T) {
 		t.Fatal(err)
 	}
 	assertNImages(graph, t, 0)
-	img, err := graph.Create(archive, nil, "Bla bla", "")
+	img, err := graph.Create(archive, nil, "Bla bla", "", nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -192,11 +192,11 @@ func TestDelete(t *testing.T) {
 	assertNImages(graph, t, 0)
 
 	// Test 2 create (same name) / 1 delete
-	img1, err := graph.Create(archive, nil, "Testing", "")
+	img1, err := graph.Create(archive, nil, "Testing", "", nil)
 	if err != nil {
 		t.Fatal(err)
 	}
-	if _, err = graph.Create(archive, nil, "Testing", ""); err != nil {
+	if _, err = graph.Create(archive, nil, "Testing", "", nil); err != nil {
 		t.Fatal(err)
 	}
 	assertNImages(graph, t, 2)

hack/README.md

@@ -1 +0,0 @@
-This directory contains material helpful for hacking on docker.

hack/README.rst

@@ -0,0 +1,27 @@
+This directory contains material helpful for hacking on docker.
+
+make hack
+=========
+
+Set up an Ubuntu 13.04 virtual machine for developers including kernel 3.8
+and buildbot. The environment is setup in a way that can be used through
+the usual go workflow and/or the root Makefile. You can either edit on
+your host, or inside the VM (using make ssh-dev) and run and test docker
+inside the VM.
+
+dependencies: vagrant, virtualbox packages and python package requests
+
+
+Buildbot
+~~~~~~~~
+
+Buildbot is a continuous integration system designed to automate the
+build/test cycle. By automatically rebuilding and testing the tree each time
+something has changed, build problems are pinpointed quickly, before other
+developers are inconvenienced by the failure.
+
+When running 'make hack' at the docker root directory, it spawns a virtual
+machine in the background running a buildbot instance and adds a git
+post-commit hook that automatically run docker tests for you.
+
+You can check your buildbot instance at http://192.168.33.21:8010/waterfall

hack/Vagrantfile

@@ -0,0 +1,35 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+BOX_NAME = "ubuntu-dev"
+BOX_URI = "http://cloud-images.ubuntu.com/raring/current/raring-server-cloudimg-vagrant-amd64-disk1.box"
+VM_IP = "192.168.33.21"
+USER = "vagrant"
+GOPATH = "/data/docker"
+DOCKER_PATH = "#{GOPATH}/src/github.com/dotcloud/docker"
+CFG_PATH = "#{DOCKER_PATH}/hack/environment"
+BUILDBOT_PATH = "/data/buildbot"
+
+Vagrant::Config.run do |config|
+  # Setup virtual machine box
+  config.vm.box = BOX_NAME
+  config.vm.box_url = BOX_URI
+  config.vm.share_folder "v-data", DOCKER_PATH, "#{File.dirname(__FILE__)}/.."
+  config.vm.network :hostonly, VM_IP
+  # Stop if deployment has been done
+  config.vm.provision :shell, :inline => "[ ! -f /usr/bin/git ]"
+  # Touch for makefile
+  pkg_cmd = "touch #{DOCKER_PATH}; "
+  # Install docker dependencies
+  pkg_cmd << "export DEBIAN_FRONTEND=noninteractive; apt-get -qq update; " \
+    "apt-get install -q -y lxc bsdtar git golang make linux-image-extra-3.8.0-19-generic; " \
+    "chown -R #{USER}.#{USER} #{GOPATH}; " \
+    "install -m 0664 #{CFG_PATH}/bash_profile /home/#{USER}/.bash_profile"
+  config.vm.provision :shell, :inline => pkg_cmd
+  # Deploy buildbot CI
+  pkg_cmd = "apt-get install -q -y python-dev python-pip supervisor; " \
+    "pip install -r #{CFG_PATH}/requirements.txt; " \
+    "chown #{USER}.#{USER} /data; cd /data; " \
+    "#{CFG_PATH}/setup.sh #{USER} #{GOPATH} #{DOCKER_PATH} #{CFG_PATH} #{BUILDBOT_PATH}"
+  config.vm.provision :shell, :inline => pkg_cmd
+end

hack/dockerbuilder/Dockerfile

@@ -1,17 +1,23 @@
 # This will build a container capable of producing an official binary build of docker and
 # uploading it to S3
+maintainer	Solomon Hykes <solomon@dotcloud.com>
 from	ubuntu:12.10
 run	apt-get update
 run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q s3cmd
+run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl
 # Packages required to checkout and build docker
-run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang
+run	curl -s -o /go.tar.gz https://go.googlecode.com/files/go1.0.3.linux-amd64.tar.gz
+run	tar -C /usr/local -xzf /go.tar.gz
+run	echo "export PATH=$PATH:/usr/local/go/bin" > /.bashrc
+run	echo "export PATH=$PATH:/usr/local/go/bin" > /.bash_profile
 run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q git
 run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q build-essential
 # Packages required to build an ubuntu package
 run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q debhelper
 run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q autotools-dev
 copy	fake_initctl	/usr/local/bin/initctl
-run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q devscripts
-copy	dockerbuilder	/usr/local/bin/dockerbuilder
-copy	s3cfg	/.s3cfg
-# run $img dockerbuilder $REVISION_OR_TAG $S3_ID $S3_KEY
+run	apt-get install -y -q devscripts
+add	.	/src
+run	cp /src/dockerbuilder /usr/local/bin/ && chmod +x /usr/local/bin/dockerbuilder
+run	cp /src/s3cfg /.s3cfg
+cmd	["dockerbuilder"]

hack/dockerbuilder/dockerbuilder

@@ -2,6 +2,8 @@
 set -x
 set -e
 
+export PATH=$PATH:/usr/local/go/bin
+
 PACKAGE=github.com/dotcloud/docker
 
 if [ $# -gt 1 ]; then
@@ -13,12 +15,10 @@ export REVISION=$1
 
 if [ -z "$AWS_ID" ]; then
 	echo "Warning: environment variable AWS_ID is not set. Won't upload to S3."
-	NO_S3=1
 fi
 
 if [ -z "$AWS_KEY" ]; then
 	echo "Warning: environment variable AWS_KEY is not set. Won't upload to S3."
-	NO_S3=1
 fi
 
 if [ -z "$GPG_KEY" ]; then
@@ -26,28 +26,15 @@ if [ -z "$GPG_KEY" ]; then
 	NO_UBUNTU=1
 fi
 
-if [ -z "$REVISION" ]; then
-	rm -fr docker-master
-	git clone https://github.com/dotcloud/docker docker-master
-	cd docker-master
-else 
-	rm -fr docker-$REVISION
-	git init docker-$REVISION
-	cd docker-$REVISION
-	git fetch -t https://github.com/dotcloud/docker $REVISION
-	git reset --hard FETCH_HEAD
-fi
-
+rm -fr docker-release
+git clone https://github.com/dotcloud/docker docker-release
+cd docker-release
 if [ -z "$REVISION" ]; then
 	make release
 else
 	make release RELEASE_VERSION=$REVISION
 fi
 
-if [ -z "$NO_S3" ]; then
-	s3cmd -P put docker-$REVISION.tgz s3://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-$REVISION.tgz
-fi
-
 if [ -z "$NO_UBUNTU" ]; then
 	(cd packaging/ubuntu && make ubuntu)
 fi

hack/environment/README.rst

@@ -0,0 +1 @@
+Files used to setup the developer virtual machine

hack/environment/bash_profile

@@ -0,0 +1,19 @@
+# ~/.bash_profile : executed by the command interpreter for login shells.
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+        . "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+[ -d "$HOME/bin" ] && PATH="$HOME/bin:$PATH"
+
+docker=/data/docker/src/github.com/dotcloud/docker
+[ -d $docker ] && cd $docker
+
+export GOPATH=/data/docker
+export PATH=$PATH:$GOPATH/bin
+

hack/environment/master.cfg

@@ -13,8 +13,8 @@ TEST_USER = 'buildbot'  # Credential to authenticate build triggers
 TEST_PWD = 'docker'     # Credential to authenticate build triggers
 BUILDER_NAME = 'docker'
 BUILDPASSWORD = 'pass-docker'  # Credential to authenticate buildworkers
-DOCKER_PATH = '/data/docker'
-
+GOPATH = '/data/docker'
+DOCKER_PATH = '{0}/src/github.com/dotcloud/docker'.format(GOPATH)
 
 c = BuildmasterConfig = {}
 
@@ -28,10 +28,7 @@ c['slavePortnum'] = PORT_MASTER
 c['schedulers'] = [ForceScheduler(name='trigger',builderNames=[BUILDER_NAME])]
 
 # Docker test command
-test_cmd = """(
-    cd {0}/..; rm -rf docker-tmp; git clone docker docker-tmp;
-    cd docker-tmp; make test; exit_status=$?;
-    cd ..; rm -rf docker-tmp; exit $exit_status)""".format(DOCKER_PATH)
+test_cmd = "GOPATH={0} make -C {1} test".format(GOPATH,DOCKER_PATH)
 
 # Builder
 factory = BuildFactory()

hack/environment/requirements.txt

@@ -0,0 +1,6 @@
+sqlalchemy<=0.7.9
+sqlalchemy-migrate>=0.7.2
+buildbot==0.8.7p1
+buildbot_slave==0.8.7p1
+nose==1.2.1
+requests==1.1.0

hack/environment/setup.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Setup of buildbot configuration. Package installation is being done by
+# Vagrantfile
+# Dependencies: buildbot, buildbot-slave, supervisor
+
+USER=$1
+GOPATH=$2
+DOCKER_PATH=$3
+CFG_PATH=$4
+BUILDBOT_PATH=$5
+SLAVE_NAME="buildworker"
+SLAVE_SOCKET="localhost:9989"
+BUILDBOT_PWD="pass-docker"
+IP=$(sed -nE 's/VM_IP = "(.+)"/\1/p' ${DOCKER_PATH}/hack/Vagrantfile)
+export PATH="/bin:sbin:/usr/bin:/usr/sbin:/usr/local/bin"
+
+function run { su $USER -c "$1"; }
+
+# Exit if buildbot has already been installed
+[ -d "$BUILDBOT_PATH" ] && exit 0
+
+# Setup buildbot
+run "mkdir -p $BUILDBOT_PATH"
+cd $BUILDBOT_PATH
+run "buildbot create-master master"
+run "cp $CFG_PATH/master.cfg master"
+run "sed -i 's/localhost/$IP/' master/master.cfg"
+run "sed -i -E 's#(GOPATH = ).+#\1\"$GOPATH\"#' master/master.cfg"
+run "sed -i -E 's#(DOCKER_PATH = ).+#\1\"$DOCKER_PATH\"#' master/master.cfg"
+run "buildslave create-slave slave $SLAVE_SOCKET $SLAVE_NAME $BUILDBOT_PWD"
+
+# Allow buildbot subprocesses (docker tests) to properly run in containers,
+# in particular with docker -u
+run "sed -i 's/^umask = None/umask = 000/' slave/buildbot.tac"
+
+# Setup supervisor
+cp $CFG_PATH/buildbot.conf /etc/supervisor/conf.d/buildbot.conf
+sed -i -E "s/^chmod=0700.+/chmod=0770\nchown=root:$USER/" /etc/supervisor/supervisord.conf
+kill -HUP $(pgrep -f "/usr/bin/python /usr/bin/supervisord")
+
+# Add git hook
+cp $CFG_PATH/post-commit $DOCKER_PATH/.git/hooks
+sed -i "s/localhost/$IP/" $DOCKER_PATH/.git/hooks/post-commit
+

image.go

@@ -2,6 +2,7 @@ package docker
 
 import (
 	"crypto/rand"
+	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
@@ -24,6 +25,7 @@ type Image struct {
 	ContainerConfig Config    `json:"container_config,omitempty"`
 	DockerVersion   string    `json:"docker_version,omitempty"`
 	Author          string    `json:"author,omitempty"`
+	Config          *Config   `json:"config,omitempty"`
 	graph           *Graph
 }
 
@@ -33,8 +35,9 @@ func LoadImage(root string) (*Image, error) {
 	if err != nil {
 		return nil, err
 	}
-	var img Image
-	if err := json.Unmarshal(jsonData, &img); err != nil {
+	img := &Image{}
+
+	if err := json.Unmarshal(jsonData, img); err != nil {
 		return nil, err
 	}
 	if err := ValidateId(img.Id); err != nil {
@@ -50,7 +53,7 @@ func LoadImage(root string) (*Image, error) {
 	} else if !stat.IsDir() {
 		return nil, fmt.Errorf("Couldn't load image %s: %s is not a directory", img.Id, layerPath(root))
 	}
-	return &img, nil
+	return img, nil
 }
 
 func StoreImage(img *Image, layerData Archive, root string) error {
@@ -256,3 +259,71 @@ func (img *Image) layer() (string, error) {
 	}
 	return layerPath(root), nil
 }
+
+func (img *Image) Checksum() (string, error) {
+	img.graph.checksumLock[img.Id].Lock()
+	defer img.graph.checksumLock[img.Id].Unlock()
+
+	root, err := img.root()
+	if err != nil {
+		return "", err
+	}
+
+	checksumDictPth := path.Join(root, "..", "..", "checksums")
+	checksums := make(map[string]string)
+
+	if checksumDict, err := ioutil.ReadFile(checksumDictPth); err == nil {
+		if err := json.Unmarshal(checksumDict, &checksums); err != nil {
+			return "", err
+		}
+		if checksum, ok := checksums[img.Id]; ok {
+			return checksum, nil
+		}
+	}
+
+	layer, err := img.layer()
+	if err != nil {
+		return "", err
+	}
+	jsonData, err := ioutil.ReadFile(jsonPath(root))
+	if err != nil {
+		return "", err
+	}
+
+	layerData, err := Tar(layer, Xz)
+	if err != nil {
+		return "", err
+	}
+
+	h := sha256.New()
+	if _, err := h.Write(jsonData); err != nil {
+		return "", err
+	}
+	if _, err := h.Write([]byte("\n")); err != nil {
+		return "", err
+	}
+
+	if _, err := io.Copy(h, layerData); err != nil {
+		return "", err
+	}
+
+	hash := "sha256:" + hex.EncodeToString(h.Sum(nil))
+	checksums[img.Id] = hash
+
+	// Reload the json file to make sure not to overwrite faster sums
+	img.graph.lockSumFile.Lock()
+	defer img.graph.lockSumFile.Unlock()
+	if checksumDict, err := ioutil.ReadFile(checksumDictPth); err == nil {
+		if err := json.Unmarshal(checksumDict, &checksums); err != nil {
+			return "", err
+		}
+	}
+	checksumJson, err := json.Marshal(checksums)
+	if err != nil {
+		return hash, err
+	}
+	if err := ioutil.WriteFile(checksumDictPth, checksumJson, 0600); err != nil {
+		return hash, err
+	}
+	return hash, nil
+}

lxc_template.go

@@ -79,7 +79,11 @@ lxc.mount.entry = {{.SysInitPath}} {{$ROOTFS}}/sbin/init none bind,ro 0 0
 
 # In order to get a working DNS environment, mount bind (ro) the host's /etc/resolv.conf into the container
 lxc.mount.entry = {{.ResolvConfPath}} {{$ROOTFS}}/etc/resolv.conf none bind,ro 0 0
-
+{{if .Volumes}}
+{{range $virtualPath, $realPath := .GetVolumes}}
+lxc.mount.entry = {{$realPath}} {{$ROOTFS}}/{{$virtualPath}} none bind,rw 0 0
+{{end}}
+{{end}}
 
 # drop linux capabilities (apply mainly to the user root in the container)
 lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setfcap setpcap sys_admin sys_boot sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config

packaging/ubuntu/Vagrantfile

@@ -1,12 +1,15 @@
-BUILDBOT_IP = '192.168.33.32'
+GOPHERS_KEY = "308C15A29AD198E9"
 
 Vagrant::Config.run do |config|
   config.vm.box = 'precise64'
   config.vm.box_url = 'http://files.vagrantup.com/precise64.box'
   config.vm.share_folder 'v-data', '/data/docker', "#{File.dirname(__FILE__)}/../.."
-  config.vm.network :hostonly,BUILDBOT_IP
 
+  # Add docker PPA key to the local repository and install docker
+  pkg_cmd = "apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys #{GOPHERS_KEY}; " \
+    "echo 'deb http://ppa.launchpad.net/gophers/go/ubuntu precise main' >/etc/apt/sources.list.d/gophers-go.list; " \
   # Install ubuntu packaging dependencies and create ubuntu packages
-  config.vm.provision :shell, :inline => 'export DEBIAN_FRONTEND=noninteractive; apt-get -qq update; apt-get install -qq -y git debhelper autotools-dev devscripts golang'
-  config.vm.provision :shell, :inline => "export GPG_KEY='#{ENV['GPG_KEY']}'; cd /data/docker/packaging/ubuntu; make ubuntu"
+  pkg_cmd << "export DEBIAN_FRONTEND=noninteractive; apt-get -qq update; apt-get install -qq -y git debhelper autotools-dev devscripts golang-stable; " \
+    "export GPG_KEY='#{ENV['GPG_KEY']}'; cd /data/docker/packaging/ubuntu; make ubuntu"
+  config.vm.provision :shell, :inline => pkg_cmd
 end

packaging/ubuntu/changelog

@@ -1,3 +1,66 @@
+lxc-docker (0.3.1-1) precise; urgency=low
+ - Builder: Implement the autorun capability within docker builder
+ - Builder: Add caching to docker builder
+ - Builder: Add support for docker builder with native API as top level command
+ - Runtime: Add go version to debug infos
+ - Builder: Implement ENV within docker builder
+ - Registry: Add docker search top level command in order to search a repository
+ - Images: output graph of images to dot (graphviz)
+ - Documentation: new introduction and high-level overview
+ - Documentation: Add the documentation for docker builder
+ - Website: new high-level overview
+ - Makefile: Swap "go get" for "go get -d", especially to compile on go1.1rc
+ - Images: fix ByParent function
+ - Builder: Check the command existance prior create and add Unit tests for the case
+ - Registry: Fix pull for official images with specific tag
+ - Registry: Fix issue when login in with a different user and trying to push
+ - Documentation: CSS fix for docker documentation to make REST API docs look better.
+ - Documentation: Fixed CouchDB example page header mistake
+ - Documentation: fixed README formatting
+ - Registry: Improve checksum - async calculation
+ - Runtime: kernel version - don't show the dash if flavor is empty
+ - Documentation: updated www.docker.io website.
+ - Builder: use any whitespaces instead of tabs
+ - Packaging: packaging ubuntu; issue #510: Use goland-stable PPA package to build docker
+
+ -- dotCloud <ops@dotcloud.com>  Fri, 8 May 2013 00:00:00 -0700
+
+lxc-docker (0.3.0-1) precise; urgency=low
+  - Registry: Implement the new registry
+  - Documentation: new example: sharing data between 2 couchdb databases
+  - Runtime: Fix the command existance check
+  - Runtime: strings.Split may return an empty string on no match
+  - Runtime: Fix an index out of range crash if cgroup memory is not
+  - Documentation: Various improvments
+  - Vagrant: Use only one deb line in /etc/apt
+
+ -- dotCloud <ops@dotcloud.com>  Fri, 5 May 2013 00:00:00 -0700
+
+
+lxc-docker (0.2.2-1) precise; urgency=low
+  - Support for data volumes ('docker run -v=PATH')
+  - Share data volumes between containers ('docker run -volumes-from')
+  - Improved documentation
+  - Upgrade to Go 1.0.3
+  - Various upgrades to the dev environment for contributors
+
+ -- dotCloud <ops@dotcloud.com>  Fri, 3 May 2013 00:00:00 -0700
+
+
+lxc-docker (0.2.1-1) precise; urgency=low
+
+  - 'docker commit -run' bundles a layer with default runtime options: command, ports etc.
+  - Improve install process on Vagrant
+  - New Dockerfile operation: "maintainer"
+  - New Dockerfile operation: "expose"
+  - New Dockerfile operation: "cmd"
+  - Contrib script to build a Debian base layer
+  - 'docker -d -r': restart crashed containers at daemon startup
+  - Runtime: improve test coverage
+
+ -- dotCloud <ops@dotcloud.com>  Wed, 1 May 2013 00:00:00 -0700
+
+
 lxc-docker (0.2.0-1) precise; urgency=low
 
   - Runtime: ghost containers can be killed and waited for

packaging/ubuntu/control

@@ -2,7 +2,7 @@ Source: lxc-docker
 Section: misc
 Priority: extra
 Maintainer: Daniel Mizyrycki <daniel@dotcloud.com>
-Build-Depends: debhelper,autotools-dev,devscripts,golang
+Build-Depends: debhelper,autotools-dev,devscripts,golang-stable
 Standards-Version: 3.9.3
 Homepage: http://github.com/dotcloud/docker
 

puppet/manifests/quantal64.pp

@@ -1,17 +0,0 @@
-node default {
-    exec {
-        "apt_update" : 
-            command => "/usr/bin/apt-get update"
-    }
-
-    Package {
-        require => Exec['apt_update']
-    }
-
-    group { "puppet":
-        ensure => "present"
-    }
-
-    include "docker"
-
-}

puppet/modules/docker/manifests/init.pp

@@ -1,99 +0,0 @@
-class virtualbox {
-    Package { ensure => "installed" }
-
-    # remove some files from the base vagrant image because they're old
-    file { "/home/vagrant/docker-master":
-        ensure => absent,
-        recurse => true,
-        force => true,
-        purge => true,
-    }
-    file { "/usr/local/bin/dockerd":
-        ensure => absent,
-    }
-    file { "/usr/local/bin/docker":
-        ensure => absent,
-    }
-
-    # Set up VirtualBox guest utils
-    package { "virtualbox-guest-utils": }
-    exec { "vbox-add" :
-        command => "/etc/init.d/vboxadd setup",
-        require => [
-            Package["virtualbox-guest-utils"],
-            Package["linux-headers-3.5.0-25-generic"], ],
-    }
-}
-
-class docker {
-    # update this with latest go binary dist
-    $go_url = "http://go.googlecode.com/files/go1.0.3.linux-amd64.tar.gz"
-
-    Package { ensure => "installed" }
-
-    package { ["lxc", "debootstrap", "wget", "bsdtar", "git",
-               "linux-image-3.5.0-25-generic",
-               "linux-image-extra-3.5.0-25-generic",
-               "linux-headers-3.5.0-25-generic"]: }
-
-    $ec2_version = file("/etc/ec2_version", "/dev/null")
-    $rax_version = inline_template("<%= %x{/usr/bin/xenstore-read vm-data/provider_data/provider} %>")
-
-    if ($ec2_version) {
-        $vagrant_user = "ubuntu"
-        $vagrant_home = "/home/ubuntu"
-    } elsif ($rax_version) {
-        $vagrant_user = "root"
-        $vagrant_home = "/root"
-    } else {
-        # virtualbox is the vagrant default, so it should be safe to assume
-        $vagrant_user = "vagrant"
-        $vagrant_home = "/home/vagrant"
-        include virtualbox
-    }
-
-    exec { "fetch-go":
-        require => Package["wget"],
-        command => "/usr/bin/wget -O - $go_url | /bin/tar xz -C /usr/local",
-        creates => "/usr/local/go/bin/go",
-    }
-
-    file { "/etc/init/dockerd.conf":
-        mode => 600,
-        owner => "root",
-        group => "root",
-        content => template("docker/dockerd.conf"),
-    }
-
-    file { "/opt/go":
-        owner => $vagrant_user,
-        group => $vagrant_user,
-        recurse => true,
-    }
-
-    file { "${vagrant_home}/.profile":
-        mode => 644,
-        owner => $vagrant_user,
-        group => $vagrant_user,
-        content => template("docker/profile"),
-    }
-
-     exec { "build-docker" :
-        cwd  => "/opt/go/src/github.com/dotcloud/docker",
-        user => $vagrant_user,
-        environment => "GOPATH=/opt/go",
-        command => "/usr/local/go/bin/go get -v ./... && /usr/local/go/bin/go install ./docker",
-        creates => "/opt/go/bin/docker",
-        logoutput => "on_failure",
-        require => [ Exec["fetch-go"], File["/opt/go"] ],
-    }
-
-    service { "dockerd" :
-        ensure => "running",
-        start => "/sbin/initctl start dockerd",
-        stop => "/sbin/initctl stop dockerd",
-        require => [ Exec["build-docker"], File["/etc/init/dockerd.conf"] ],
-        name => "dockerd",
-        provider => "base"
-    }
-}

puppet/modules/docker/templates/dockerd.conf

@@ -1,12 +0,0 @@
-description     "Run dockerd"
-
-stop on runlevel [!2345]
-start on runlevel [3]
-
-# if you want it to automatically restart if it crashes, leave the next line in
-respawn
-
-script
-    test -f /etc/default/locale && . /etc/default/locale || true
-    LANG=$LANG LC_ALL=$LANG /opt/go/bin/docker -d >> /var/log/dockerd 2>&1
-end script

puppet/modules/docker/templates/profile

@@ -1,30 +0,0 @@
-# ~/.profile: executed by the command interpreter for login shells.
-# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
-# exists.
-# see /usr/share/doc/bash/examples/startup-files for examples.
-# the files are located in the bash-doc package.
-
-# the default umask is set in /etc/profile; for setting the umask
-# for ssh logins, install and configure the libpam-umask package.
-#umask 022
-
-# if running bash
-if [ -n "$BASH_VERSION" ]; then
-    # include .bashrc if it exists
-    if [ -f "$HOME/.bashrc" ]; then
-        . "$HOME/.bashrc"
-    fi
-fi
-
-# set PATH so it includes user's private bin if it exists
-if [ -d "$HOME/bin" ] ; then
-    PATH="$HOME/bin:$PATH"
-fi
-
-export GOPATH=/opt/go
-export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-
-docker=/opt/go/src/github.com/dotcloud/docker
-if [ -d $docker ]; then
-  cd $docker
-fi

registry.go

@@ -1,20 +1,21 @@
 package docker
 
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"github.com/dotcloud/docker/auth"
+	"github.com/shin-/cookiejar"
 	"io"
 	"io/ioutil"
 	"net/http"
-	"os"
+	"net/url"
 	"path"
 	"strings"
 )
 
 //FIXME: Set the endpoint in a conf file or via commandline
-//const REGISTRY_ENDPOINT = "http://registry-creack.dotcloud.com/v1"
-const REGISTRY_ENDPOINT = auth.REGISTRY_SERVER + "/v1"
+const INDEX_ENDPOINT = auth.INDEX_SERVER + "/v1"
 
 // Build an Image object from raw json data
 func NewImgJson(src []byte) (*Image, error) {
@@ -28,34 +29,23 @@ func NewImgJson(src []byte) (*Image, error) {
 	return ret, nil
 }
 
-// Build an Image object list from a raw json data
-// FIXME: Do this in "stream" mode
-func NewMultipleImgJson(src []byte) ([]*Image, error) {
-	ret := []*Image{}
-
-	dec := json.NewDecoder(strings.NewReader(string(src)))
-	for {
-		m := &Image{}
-		if err := dec.Decode(m); err == io.EOF {
-			break
-		} else if err != nil {
-			return nil, err
-		}
-		ret = append(ret, m)
+func doWithCookies(c *http.Client, req *http.Request) (*http.Response, error) {
+	for _, cookie := range c.Jar.Cookies(req.URL) {
+		req.AddCookie(cookie)
 	}
-	return ret, nil
+	return c.Do(req)
 }
 
 // Retrieve the history of a given image from the Registry.
 // Return a list of the parent's json (requested image included)
-func (graph *Graph) getRemoteHistory(imgId string, authConfig *auth.AuthConfig) ([]*Image, error) {
-	client := &http.Client{}
+func (graph *Graph) getRemoteHistory(imgId, registry string, token []string) ([]string, error) {
+	client := graph.getHttpClient()
 
-	req, err := http.NewRequest("GET", REGISTRY_ENDPOINT+"/images/"+imgId+"/history", nil)
+	req, err := http.NewRequest("GET", registry+"/images/"+imgId+"/ancestry", nil)
 	if err != nil {
 		return nil, err
 	}
-	req.SetBasicAuth(authConfig.Username, authConfig.Password)
+	req.Header.Set("Authorization", "Token "+strings.Join(token, ", "))
 	res, err := client.Do(req)
 	if err != nil || res.StatusCode != 200 {
 		if res != nil {
@@ -70,41 +60,83 @@ func (graph *Graph) getRemoteHistory(imgId string, authConfig *auth.AuthConfig)
 		return nil, fmt.Errorf("Error while reading the http response: %s\n", err)
 	}
 
-	history, err := NewMultipleImgJson(jsonString)
-	if err != nil {
-		return nil, fmt.Errorf("Error while parsing the json: %s\n", err)
+	Debugf("Ancestry: %s", jsonString)
+	history := new([]string)
+	if err := json.Unmarshal(jsonString, history); err != nil {
+		return nil, err
 	}
-	return history, nil
+	return *history, nil
+}
+
+func (graph *Graph) getHttpClient() *http.Client {
+	if graph.httpClient == nil {
+		graph.httpClient = &http.Client{}
+		graph.httpClient.Jar = cookiejar.NewCookieJar()
+	}
+	return graph.httpClient
 }
 
 // Check if an image exists in the Registry
-func (graph *Graph) LookupRemoteImage(imgId string, authConfig *auth.AuthConfig) bool {
+func (graph *Graph) LookupRemoteImage(imgId, registry string, authConfig *auth.AuthConfig) bool {
 	rt := &http.Transport{Proxy: http.ProxyFromEnvironment}
 
-	req, err := http.NewRequest("GET", REGISTRY_ENDPOINT+"/images/"+imgId+"/json", nil)
+	req, err := http.NewRequest("GET", registry+"/images/"+imgId+"/json", nil)
 	if err != nil {
 		return false
 	}
 	req.SetBasicAuth(authConfig.Username, authConfig.Password)
 	res, err := rt.RoundTrip(req)
-	if err != nil || res.StatusCode != 307 {
-		return false
+	return err == nil && res.StatusCode == 307
+}
+
+func (graph *Graph) getImagesInRepository(repository string, authConfig *auth.AuthConfig) ([]map[string]string, error) {
+	u := INDEX_ENDPOINT + "/repositories/" + repository + "/images"
+	req, err := http.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, err
 	}
-	return res.StatusCode == 307
+	if authConfig != nil && len(authConfig.Username) > 0 {
+		req.SetBasicAuth(authConfig.Username, authConfig.Password)
+	}
+	res, err := graph.getHttpClient().Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+
+	// Repository doesn't exist yet
+	if res.StatusCode == 404 {
+		return nil, nil
+	}
+
+	jsonData, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	imageList := []map[string]string{}
+
+	err = json.Unmarshal(jsonData, &imageList)
+	if err != nil {
+		Debugf("Body: %s (%s)\n", res.Body, u)
+		return nil, err
+	}
+
+	return imageList, nil
 }
 
 // Retrieve an image from the Registry.
 // Returns the Image object as well as the layer as an Archive (io.Reader)
-func (graph *Graph) getRemoteImage(stdout io.Writer, imgId string, authConfig *auth.AuthConfig) (*Image, Archive, error) {
-	client := &http.Client{}
+func (graph *Graph) getRemoteImage(stdout io.Writer, imgId, registry string, token []string) (*Image, Archive, error) {
+	client := graph.getHttpClient()
 
 	fmt.Fprintf(stdout, "Pulling %s metadata\r\n", imgId)
 	// Get the Json
-	req, err := http.NewRequest("GET", REGISTRY_ENDPOINT+"/images/"+imgId+"/json", nil)
+	req, err := http.NewRequest("GET", registry+"/images/"+imgId+"/json", nil)
 	if err != nil {
 		return nil, nil, fmt.Errorf("Failed to download json: %s", err)
 	}
-	req.SetBasicAuth(authConfig.Username, authConfig.Password)
+	req.Header.Set("Authorization", "Token "+strings.Join(token, ", "))
 	res, err := client.Do(req)
 	if err != nil {
 		return nil, nil, fmt.Errorf("Failed to download json: %s", err)
@@ -127,11 +159,11 @@ func (graph *Graph) getRemoteImage(stdout io.Writer, imgId string, authConfig *a
 
 	// Get the layer
 	fmt.Fprintf(stdout, "Pulling %s fs layer\r\n", imgId)
-	req, err = http.NewRequest("GET", REGISTRY_ENDPOINT+"/images/"+imgId+"/layer", nil)
+	req, err = http.NewRequest("GET", registry+"/images/"+imgId+"/layer", nil)
 	if err != nil {
 		return nil, nil, fmt.Errorf("Error while getting from the server: %s\n", err)
 	}
-	req.SetBasicAuth(authConfig.Username, authConfig.Password)
+	req.Header.Set("Authorization", "Token "+strings.Join(token, ", "))
 	res, err = client.Do(req)
 	if err != nil {
 		return nil, nil, err
@@ -139,16 +171,90 @@ func (graph *Graph) getRemoteImage(stdout io.Writer, imgId string, authConfig *a
 	return img, ProgressReader(res.Body, int(res.ContentLength), stdout, "Downloading %v/%v (%v)"), nil
 }
 
-func (graph *Graph) PullImage(stdout io.Writer, imgId string, authConfig *auth.AuthConfig) error {
-	history, err := graph.getRemoteHistory(imgId, authConfig)
+func (graph *Graph) getRemoteTags(stdout io.Writer, registries []string, repository string, token []string) (map[string]string, error) {
+	client := graph.getHttpClient()
+	if strings.Count(repository, "/") == 0 {
+		// This will be removed once the Registry supports auto-resolution on
+		// the "library" namespace
+		repository = "library/" + repository
+	}
+	for _, host := range registries {
+		endpoint := fmt.Sprintf("https://%s/v1/repositories/%s/tags", host, repository)
+		req, err := http.NewRequest("GET", endpoint, nil)
+		if err != nil {
+			return nil, err
+		}
+		req.Header.Set("Authorization", "Token "+strings.Join(token, ", "))
+		res, err := client.Do(req)
+		defer res.Body.Close()
+		Debugf("Got status code %d from %s", res.StatusCode, endpoint)
+		if err != nil || (res.StatusCode != 200 && res.StatusCode != 404) {
+			continue
+		} else if res.StatusCode == 404 {
+			return nil, fmt.Errorf("Repository not found")
+		}
+
+		result := make(map[string]string)
+
+		rawJson, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return nil, err
+		}
+		if err = json.Unmarshal(rawJson, &result); err != nil {
+			return nil, err
+		}
+		return result, nil
+	}
+	return nil, fmt.Errorf("Could not reach any registry endpoint")
+}
+
+func (graph *Graph) getImageForTag(stdout io.Writer, tag, remote, registry string, token []string) (string, error) {
+	client := graph.getHttpClient()
+
+	if !strings.Contains(remote, "/") {
+		remote = "library/" + remote
+	}
+
+	registryEndpoint := "https://" + registry + "/v1"
+	repositoryTarget := registryEndpoint + "/repositories/" + remote + "/tags/" + tag
+
+	req, err := http.NewRequest("GET", repositoryTarget, nil)
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set("Authorization", "Token "+strings.Join(token, ", "))
+	res, err := client.Do(req)
+	if err != nil {
+		return "", fmt.Errorf("Error while retrieving repository info: %v", err)
+	}
+	defer res.Body.Close()
+	if res.StatusCode == 403 {
+		return "", fmt.Errorf("You aren't authorized to access this resource")
+	} else if res.StatusCode != 200 {
+		return "", fmt.Errorf("HTTP code: %d", res.StatusCode)
+	}
+
+	var imgId string
+	rawJson, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return "", err
+	}
+	if err = json.Unmarshal(rawJson, &imgId); err != nil {
+		return "", err
+	}
+	return imgId, nil
+}
+
+func (graph *Graph) PullImage(stdout io.Writer, imgId, registry string, token []string) error {
+	history, err := graph.getRemoteHistory(imgId, registry, token)
 	if err != nil {
 		return err
 	}
 	// FIXME: Try to stream the images?
-	// FIXME: Lunch the getRemoteImage() in goroutines
-	for _, j := range history {
-		if !graph.Exists(j.Id) {
-			img, layer, err := graph.getRemoteImage(stdout, j.Id, authConfig)
+	// FIXME: Launch the getRemoteImage() in goroutines
+	for _, id := range history {
+		if !graph.Exists(id) {
+			img, layer, err := graph.getRemoteImage(stdout, id, registry, token)
 			if err != nil {
 				// FIXME: Keep goging in case of error?
 				return err
@@ -161,165 +267,245 @@ func (graph *Graph) PullImage(stdout io.Writer, imgId string, authConfig *auth.A
 	return nil
 }
 
-// FIXME: Handle the askedTag parameter
 func (graph *Graph) PullRepository(stdout io.Writer, remote, askedTag string, repositories *TagStore, authConfig *auth.AuthConfig) error {
-	client := &http.Client{}
+	client := graph.getHttpClient()
 
-	fmt.Fprintf(stdout, "Pulling repository %s\r\n", remote)
-
-	var repositoryTarget string
-	// If we are asking for 'root' repository, lookup on the Library's registry
-	if strings.Index(remote, "/") == -1 {
-		repositoryTarget = REGISTRY_ENDPOINT + "/library/" + remote
-	} else {
-		repositoryTarget = REGISTRY_ENDPOINT + "/users/" + remote
-	}
+	fmt.Fprintf(stdout, "Pulling repository %s from %s\r\n", remote, INDEX_ENDPOINT)
+	repositoryTarget := INDEX_ENDPOINT + "/repositories/" + remote + "/images"
 
 	req, err := http.NewRequest("GET", repositoryTarget, nil)
 	if err != nil {
 		return err
 	}
-	req.SetBasicAuth(authConfig.Username, authConfig.Password)
+	if authConfig != nil && len(authConfig.Username) > 0 {
+		req.SetBasicAuth(authConfig.Username, authConfig.Password)
+	}
+	req.Header.Set("X-Docker-Token", "true")
+
 	res, err := client.Do(req)
 	if err != nil {
 		return err
 	}
 	defer res.Body.Close()
+	if res.StatusCode == 401 {
+		return fmt.Errorf("Please login first (HTTP code %d)", res.StatusCode)
+	}
+	// TODO: Right now we're ignoring checksums in the response body.
+	// In the future, we need to use them to check image validity.
 	if res.StatusCode != 200 {
 		return fmt.Errorf("HTTP code: %d", res.StatusCode)
 	}
-	rawJson, err := ioutil.ReadAll(res.Body)
+
+	var token, endpoints []string
+	if res.Header.Get("X-Docker-Token") != "" {
+		token = res.Header["X-Docker-Token"]
+	}
+	if res.Header.Get("X-Docker-Endpoints") != "" {
+		endpoints = res.Header["X-Docker-Endpoints"]
+	} else {
+		return fmt.Errorf("Index response didn't contain any endpoints")
+	}
+
+	checksumsJson, err := ioutil.ReadAll(res.Body)
 	if err != nil {
 		return err
 	}
-	t := map[string]string{}
-	if err = json.Unmarshal(rawJson, &t); err != nil {
+
+	// Reload the json file to make sure not to overwrite faster sums
+	err = func() error {
+		localChecksums := make(map[string]string)
+		remoteChecksums := []struct {
+			Id       string `json: "id"`
+			Checksum string `json: "checksum"`
+		}{}
+		checksumDictPth := path.Join(graph.Root, "..", "checksums")
+
+		if err := json.Unmarshal(checksumsJson, &remoteChecksums); err != nil {
+			return err
+		}
+
+		graph.lockSumFile.Lock()
+		defer graph.lockSumFile.Unlock()
+
+		if checksumDict, err := ioutil.ReadFile(checksumDictPth); err == nil {
+			if err := json.Unmarshal(checksumDict, &localChecksums); err != nil {
+				return err
+			}
+		}
+
+		for _, elem := range remoteChecksums {
+			localChecksums[elem.Id] = elem.Checksum
+		}
+
+		checksumsJson, err = json.Marshal(localChecksums)
+		if err != nil {
+			return err
+		}
+		if err := ioutil.WriteFile(checksumDictPth, checksumsJson, 0600); err != nil {
+			return err
+		}
+		return nil
+	}()
+	if err != nil {
 		return err
 	}
-	for tag, rev := range t {
-		fmt.Fprintf(stdout, "Pulling tag %s:%s\r\n", remote, tag)
-		if err = graph.PullImage(stdout, rev, authConfig); err != nil {
+
+	var tagsList map[string]string
+	if askedTag == "" {
+		tagsList, err = graph.getRemoteTags(stdout, endpoints, remote, token)
+		if err != nil {
 			return err
 		}
-		if err = repositories.Set(remote, tag, rev, true); err != nil {
-			return err
+	} else {
+		tagsList = map[string]string{askedTag: ""}
+	}
+
+	for askedTag, imgId := range tagsList {
+		fmt.Fprintf(stdout, "Resolving tag \"%s:%s\" from %s\n", remote, askedTag, endpoints)
+		success := false
+		for _, registry := range endpoints {
+			if imgId == "" {
+				imgId, err = graph.getImageForTag(stdout, askedTag, remote, registry, token)
+				if err != nil {
+					fmt.Fprintf(stdout, "Error while retrieving image for tag: %v (%v) ; "+
+						"checking next endpoint", askedTag, err)
+					continue
+				}
+			}
+
+			if err := graph.PullImage(stdout, imgId, "https://"+registry+"/v1", token); err != nil {
+				return err
+			}
+
+			if err = repositories.Set(remote, askedTag, imgId, true); err != nil {
+				return err
+			}
+			success = true
+		}
+
+		if !success {
+			return fmt.Errorf("Could not find repository on any of the indexed registries.")
 		}
 	}
+
 	if err = repositories.Save(); err != nil {
 		return err
 	}
+
+	return nil
+}
+
+func pushImageRec(graph *Graph, stdout io.Writer, img *Image, registry string, token []string) error {
+	if parent, err := img.GetParent(); err != nil {
+		return err
+	} else if parent != nil {
+		if err := pushImageRec(graph, stdout, parent, registry, token); err != nil {
+			return err
+		}
+	}
+	client := graph.getHttpClient()
+	jsonRaw, err := ioutil.ReadFile(path.Join(graph.Root, img.Id, "json"))
+	if err != nil {
+		return fmt.Errorf("Error while retreiving the path for {%s}: %s", img.Id, err)
+	}
+
+	fmt.Fprintf(stdout, "Pushing %s metadata\r\n", img.Id)
+
+	// FIXME: try json with UTF8
+	jsonData := strings.NewReader(string(jsonRaw))
+	req, err := http.NewRequest("PUT", registry+"/images/"+img.Id+"/json", jsonData)
+	if err != nil {
+		return err
+	}
+	req.Header.Add("Content-type", "application/json")
+	req.Header.Set("Authorization", "Token "+strings.Join(token, ","))
+
+	checksum, err := img.Checksum()
+	if err != nil {
+		return fmt.Errorf("Error while retrieving checksum for %s: %v", img.Id, err)
+	}
+	req.Header.Set("X-Docker-Checksum", checksum)
+	res, err := doWithCookies(client, req)
+	if err != nil {
+		return fmt.Errorf("Failed to upload metadata: %s", err)
+	}
+	defer res.Body.Close()
+	if len(res.Cookies()) > 0 {
+		client.Jar.SetCookies(req.URL, res.Cookies())
+	}
+	if res.StatusCode != 200 {
+		errBody, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return fmt.Errorf("HTTP code %d while uploading metadata and error when"+
+				" trying to parse response body: %v", res.StatusCode, err)
+		}
+		var jsonBody map[string]string
+		if err := json.Unmarshal(errBody, &jsonBody); err != nil {
+			errBody = []byte(err.Error())
+		} else if jsonBody["error"] == "Image already exists" {
+			fmt.Fprintf(stdout, "Image %v already uploaded ; skipping\n", img.Id)
+			return nil
+		}
+		return fmt.Errorf("HTTP code %d while uploading metadata: %s", res.StatusCode, errBody)
+	}
+
+	fmt.Fprintf(stdout, "Pushing %s fs layer\r\n", img.Id)
+
+	layerData, err := graph.TempLayerArchive(img.Id, Xz, stdout)
+	if err != nil {
+		return fmt.Errorf("Failed to generate layer archive: %s", err)
+	}
+
+	req3, err := http.NewRequest("PUT", registry+"/images/"+img.Id+"/layer",
+		ProgressReader(layerData, -1, stdout, ""))
+	if err != nil {
+		return err
+	}
+
+	req3.ContentLength = -1
+	req3.TransferEncoding = []string{"chunked"}
+	req3.Header.Set("Authorization", "Token "+strings.Join(token, ","))
+	res3, err := doWithCookies(client, req3)
+	if err != nil {
+		return fmt.Errorf("Failed to upload layer: %s", err)
+	}
+	defer res3.Body.Close()
+
+	if res3.StatusCode != 200 {
+		errBody, err := ioutil.ReadAll(res3.Body)
+		if err != nil {
+			return fmt.Errorf("HTTP code %d while uploading metadata and error when"+
+				" trying to parse response body: %v", res.StatusCode, err)
+		}
+		return fmt.Errorf("Received HTTP code %d while uploading layer: %s", res3.StatusCode, errBody)
+	}
 	return nil
 }
 
 // Push a local image to the registry with its history if needed
-func (graph *Graph) PushImage(stdout io.Writer, imgOrig *Image, authConfig *auth.AuthConfig) error {
-	client := &http.Client{}
-
-	// FIXME: Factorize the code
-	// FIXME: Do the puts in goroutines
-	if err := imgOrig.WalkHistory(func(img *Image) error {
-
-		jsonRaw, err := ioutil.ReadFile(path.Join(graph.Root, img.Id, "json"))
-		if err != nil {
-			return fmt.Errorf("Error while retreiving the path for {%s}: %s", img.Id, err)
-		}
-
-		fmt.Fprintf(stdout, "Pushing %s metadata\r\n", img.Id)
-
-		// FIXME: try json with UTF8
-		jsonData := strings.NewReader(string(jsonRaw))
-		req, err := http.NewRequest("PUT", REGISTRY_ENDPOINT+"/images/"+img.Id+"/json", jsonData)
-		if err != nil {
-			return err
-		}
-		req.Header.Add("Content-type", "application/json")
-		req.SetBasicAuth(authConfig.Username, authConfig.Password)
-		res, err := client.Do(req)
-		if err != nil {
-			return fmt.Errorf("Failed to upload metadata: %s", err)
-		}
-		defer res.Body.Close()
-		if res.StatusCode != 200 {
-			switch res.StatusCode {
-			case 204:
-				// Case where the image is already on the Registry
-				// FIXME: Do not be silent?
-				return nil
-			default:
-				errBody, err := ioutil.ReadAll(res.Body)
-				if err != nil {
-					errBody = []byte(err.Error())
-				}
-				return fmt.Errorf("HTTP code %d while uploading metadata: %s", res.StatusCode, errBody)
-			}
-		}
-
-		fmt.Fprintf(stdout, "Pushing %s fs layer\r\n", img.Id)
-		req2, err := http.NewRequest("PUT", REGISTRY_ENDPOINT+"/images/"+img.Id+"/layer", nil)
-		req2.SetBasicAuth(authConfig.Username, authConfig.Password)
-		res2, err := client.Do(req2)
-		if err != nil {
-			return fmt.Errorf("Registry returned error: %s", err)
-		}
-		res2.Body.Close()
-		if res2.StatusCode != 307 {
-			return fmt.Errorf("Registry returned unexpected HTTP status code %d, expected 307", res2.StatusCode)
-		}
-		url, err := res2.Location()
-		if err != nil || url == nil {
-			return fmt.Errorf("Failed to retrieve layer upload location: %s", err)
-		}
-
-		// FIXME: stream the archive directly to the registry instead of buffering it on disk. This requires either:
-		//	a) Implementing S3's proprietary streaming logic, or
-		//	b) Stream directly to the registry instead of S3.
-		// I prefer option b. because it doesn't lock us into a proprietary cloud service.
-		tmpLayer, err := graph.TempLayerArchive(img.Id, Xz, stdout)
-		if err != nil {
-			return err
-		}
-		defer os.Remove(tmpLayer.Name())
-		req3, err := http.NewRequest("PUT", url.String(), ProgressReader(tmpLayer, int(tmpLayer.Size), stdout, "Uploading %v/%v (%v)"))
-		if err != nil {
-			return err
-		}
-		req3.ContentLength = int64(tmpLayer.Size)
-
-		req3.TransferEncoding = []string{"none"}
-		res3, err := client.Do(req3)
-		if err != nil {
-			return fmt.Errorf("Failed to upload layer: %s", err)
-		}
-		res3.Body.Close()
-		if res3.StatusCode != 200 {
-			return fmt.Errorf("Received HTTP code %d while uploading layer", res3.StatusCode)
-		}
-		return nil
-	}); err != nil {
-		return err
-	}
-	return nil
+func (graph *Graph) PushImage(stdout io.Writer, imgOrig *Image, registry string, token []string) error {
+	registry = "https://" + registry + "/v1"
+	return pushImageRec(graph, stdout, imgOrig, registry, token)
 }
 
 // push a tag on the registry.
 // Remote has the format '<user>/<repo>
-func (graph *Graph) pushTag(remote, revision, tag string, authConfig *auth.AuthConfig) error {
-
-	// Keep this for backward compatibility
-	if tag == "" {
-		tag = "lastest"
-	}
-
+func (graph *Graph) pushTag(remote, revision, tag, registry string, token []string) error {
 	// "jsonify" the string
 	revision = "\"" + revision + "\""
+	registry = "https://" + registry + "/v1"
 
-	Debugf("Pushing tags for rev [%s] on {%s}\n", revision, REGISTRY_ENDPOINT+"/users/"+remote+"/"+tag)
+	Debugf("Pushing tags for rev [%s] on {%s}\n", revision, registry+"/users/"+remote+"/"+tag)
 
-	client := &http.Client{}
-	req, err := http.NewRequest("PUT", REGISTRY_ENDPOINT+"/users/"+remote+"/"+tag, strings.NewReader(revision))
+	client := graph.getHttpClient()
+	req, err := http.NewRequest("PUT", registry+"/repositories/"+remote+"/tags/"+tag, strings.NewReader(revision))
+	if err != nil {
+		return err
+	}
 	req.Header.Add("Content-type", "application/json")
-	req.SetBasicAuth(authConfig.Username, authConfig.Password)
-	res, err := client.Do(req)
+	req.Header.Set("Authorization", "Token "+strings.Join(token, ","))
+	req.ContentLength = int64(len(revision))
+	res, err := doWithCookies(client, req)
 	if err != nil {
 		return err
 	}
@@ -327,62 +513,25 @@ func (graph *Graph) pushTag(remote, revision, tag string, authConfig *auth.AuthC
 	if res.StatusCode != 200 && res.StatusCode != 201 {
 		return fmt.Errorf("Internal server error: %d trying to push tag %s on %s", res.StatusCode, tag, remote)
 	}
-	Debugf("Result of push tag: %d\n", res.StatusCode)
-	switch res.StatusCode {
-	default:
-		return fmt.Errorf("Error %d\n", res.StatusCode)
-	case 200:
-	case 201:
-	}
 	return nil
 }
 
-func (graph *Graph) LookupRemoteRepository(remote string, authConfig *auth.AuthConfig) bool {
-	rt := &http.Transport{Proxy: http.ProxyFromEnvironment}
-
-	var repositoryTarget string
-	// If we are asking for 'root' repository, lookup on the Library's registry
-	if strings.Index(remote, "/") == -1 {
-		repositoryTarget = REGISTRY_ENDPOINT + "/library/" + remote + "/lookup"
-	} else {
-		repositoryTarget = REGISTRY_ENDPOINT + "/users/" + remote + "/lookup"
-	}
-	Debugf("Checking for permissions on: %s", repositoryTarget)
-	req, err := http.NewRequest("PUT", repositoryTarget, strings.NewReader("\"\""))
-	if err != nil {
-		Debugf("%s\n", err)
-		return false
-	}
-	req.SetBasicAuth(authConfig.Username, authConfig.Password)
-	req.Header.Add("Content-type", "application/json")
-	res, err := rt.RoundTrip(req)
-	if err != nil || res.StatusCode != 404 {
-		errBody, err := ioutil.ReadAll(res.Body)
-		if err != nil {
-			errBody = []byte(err.Error())
-		}
-		Debugf("Lookup status code: %d (body: %s)", res.StatusCode, errBody)
-		return false
-	}
-	return true
-}
-
 // FIXME: this should really be PushTag
-func (graph *Graph) pushPrimitive(stdout io.Writer, remote, tag, imgId string, authConfig *auth.AuthConfig) error {
+func (graph *Graph) pushPrimitive(stdout io.Writer, remote, tag, imgId, registry string, token []string) error {
 	// Check if the local impage exists
 	img, err := graph.Get(imgId)
 	if err != nil {
 		fmt.Fprintf(stdout, "Skipping tag %s:%s: %s does not exist\r\n", remote, tag, imgId)
 		return nil
 	}
-	fmt.Fprintf(stdout, "Pushing tag %s:%s\r\n", remote, tag)
+	fmt.Fprintf(stdout, "Pushing image %s:%s\r\n", remote, tag)
 	// Push the image
-	if err = graph.PushImage(stdout, img, authConfig); err != nil {
+	if err = graph.PushImage(stdout, img, registry, token); err != nil {
 		return err
 	}
 	fmt.Fprintf(stdout, "Registering tag %s:%s\r\n", remote, tag)
 	// And then the tag
-	if err = graph.pushTag(remote, imgId, tag, authConfig); err != nil {
+	if err = graph.pushTag(remote, imgId, tag, registry, token); err != nil {
 		return err
 	}
 	return nil
@@ -391,18 +540,184 @@ func (graph *Graph) pushPrimitive(stdout io.Writer, remote, tag, imgId string, a
 // Push a repository to the registry.
 // Remote has the format '<user>/<repo>
 func (graph *Graph) PushRepository(stdout io.Writer, remote string, localRepo Repository, authConfig *auth.AuthConfig) error {
-	// Check if the remote repository exists/if we have the permission
-	if !graph.LookupRemoteRepository(remote, authConfig) {
-		return fmt.Errorf("Permission denied on repository %s\n", remote)
+	client := graph.getHttpClient()
+
+	checksums, err := graph.Checksums(stdout, localRepo)
+	if err != nil {
+		return err
 	}
 
-	fmt.Fprintf(stdout, "Pushing repository %s (%d tags)\r\n", remote, len(localRepo))
-	// For each image within the repo, push them
-	for tag, imgId := range localRepo {
-		if err := graph.pushPrimitive(stdout, remote, tag, imgId, authConfig); err != nil {
-			// FIXME: Continue on error?
-			return err
+	imgList := make([]map[string]string, len(checksums))
+	checksums2 := make([]map[string]string, len(checksums))
+
+	uploadedImages, err := graph.getImagesInRepository(remote, authConfig)
+	if err != nil {
+		return fmt.Errorf("Error occured while fetching the list: %s", err)
+	}
+
+	// Filter list to only send images/checksums not already uploaded
+	i := 0
+	for _, obj := range checksums {
+		found := false
+		for _, uploadedImg := range uploadedImages {
+			if obj["id"] == uploadedImg["id"] && uploadedImg["checksum"] != "" {
+				found = true
+				break
+			}
+		}
+		if !found {
+			imgList[i] = map[string]string{"id": obj["id"]}
+			checksums2[i] = obj
+			i += 1
 		}
 	}
+	checksums = checksums2[:i]
+	imgList = imgList[:i]
+
+	imgListJson, err := json.Marshal(imgList)
+	if err != nil {
+		return err
+	}
+
+	req, err := http.NewRequest("PUT", INDEX_ENDPOINT+"/repositories/"+remote+"/", bytes.NewReader(imgListJson))
+	if err != nil {
+		return err
+	}
+	req.SetBasicAuth(authConfig.Username, authConfig.Password)
+	req.ContentLength = int64(len(imgListJson))
+	req.Header.Set("X-Docker-Token", "true")
+	res, err := client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer res.Body.Close()
+	for res.StatusCode >= 300 && res.StatusCode < 400 {
+		Debugf("Redirected to %s\n", res.Header.Get("Location"))
+		req, err = http.NewRequest("PUT", res.Header.Get("Location"), bytes.NewReader(imgListJson))
+		if err != nil {
+			return err
+		}
+		req.SetBasicAuth(authConfig.Username, authConfig.Password)
+		req.ContentLength = int64(len(imgListJson))
+		req.Header.Set("X-Docker-Token", "true")
+		res, err = client.Do(req)
+		if err != nil {
+			return err
+		}
+		defer res.Body.Close()
+	}
+
+	if res.StatusCode != 200 && res.StatusCode != 201 {
+		return fmt.Errorf("Error: Status %d trying to push repository %s", res.StatusCode, remote)
+	}
+
+	var token, endpoints []string
+	if res.Header.Get("X-Docker-Token") != "" {
+		token = res.Header["X-Docker-Token"]
+		Debugf("Auth token: %v", token)
+	} else {
+		return fmt.Errorf("Index response didn't contain an access token")
+	}
+	if res.Header.Get("X-Docker-Endpoints") != "" {
+		endpoints = res.Header["X-Docker-Endpoints"]
+	} else {
+		return fmt.Errorf("Index response didn't contain any endpoints")
+	}
+
+	for _, registry := range endpoints {
+		fmt.Fprintf(stdout, "Pushing repository %s to %s (%d tags)\r\n", remote, registry,
+			len(localRepo))
+		// For each image within the repo, push them
+		for tag, imgId := range localRepo {
+			if err := graph.pushPrimitive(stdout, remote, tag, imgId, registry, token); err != nil {
+				// FIXME: Continue on error?
+				return err
+			}
+		}
+	}
+	checksumsJson, err := json.Marshal(checksums)
+	if err != nil {
+		return err
+	}
+
+	req2, err := http.NewRequest("PUT", INDEX_ENDPOINT+"/repositories/"+remote+"/images", bytes.NewReader(checksumsJson))
+	if err != nil {
+		return err
+	}
+	req2.SetBasicAuth(authConfig.Username, authConfig.Password)
+	req2.Header["X-Docker-Endpoints"] = endpoints
+	req2.ContentLength = int64(len(checksumsJson))
+	res2, err := client.Do(req2)
+	if err != nil {
+		return err
+	}
+	res2.Body.Close()
+	if res2.StatusCode != 204 {
+		return fmt.Errorf("Error: Status %d trying to push checksums %s", res.StatusCode, remote)
+	}
+
 	return nil
 }
+
+func (graph *Graph) Checksums(output io.Writer, repo Repository) ([]map[string]string, error) {
+	checksums := make(map[string]string)
+	for _, id := range repo {
+		img, err := graph.Get(id)
+		if err != nil {
+			return nil, err
+		}
+		err = img.WalkHistory(func(image *Image) error {
+			fmt.Fprintf(output, "Computing checksum for image %s\n", image.Id)
+			if _, exists := checksums[image.Id]; !exists {
+				checksums[image.Id], err = image.Checksum()
+				if err != nil {
+					return err
+				}
+			}
+			return nil
+		})
+		if err != nil {
+			return nil, err
+		}
+	}
+	i := 0
+	result := make([]map[string]string, len(checksums))
+	for id, sum := range checksums {
+		result[i] = map[string]string{
+			"id":       id,
+			"checksum": sum,
+		}
+		i++
+	}
+	return result, nil
+}
+
+type SearchResults struct {
+	Query      string              `json:"query"`
+	NumResults int                 `json:"num_results"`
+	Results    []map[string]string `json:"results"`
+}
+
+func (graph *Graph) SearchRepositories(stdout io.Writer, term string) (*SearchResults, error) {
+	client := graph.getHttpClient()
+	u := INDEX_ENDPOINT + "/search?q=" + url.QueryEscape(term)
+	req, err := http.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, err
+	}
+	res, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != 200 {
+		return nil, fmt.Errorf("Unexepected status code %d", res.StatusCode)
+	}
+	rawData, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return nil, err
+	}
+	result := new(SearchResults)
+	err = json.Unmarshal(rawData, result)
+	return result, err
+}

runtime.go

@@ -12,7 +12,6 @@ import (
 	"path"
 	"sort"
 	"strings"
-	"time"
 )
 
 type Capabilities struct {
@@ -31,6 +30,8 @@ type Runtime struct {
 	idIndex        *TruncIndex
 	capabilities   *Capabilities
 	kernelVersion  *KernelVersionInfo
+	autoRestart    bool
+	volumes        *Graph
 }
 
 var sysInitPath string
@@ -77,67 +78,6 @@ func (runtime *Runtime) containerRoot(id string) string {
 	return path.Join(runtime.repository, id)
 }
 
-func (runtime *Runtime) Create(config *Config) (*Container, error) {
-	// Lookup image
-	img, err := runtime.repositories.LookupImage(config.Image)
-	if err != nil {
-		return nil, err
-	}
-	// Generate id
-	id := GenerateId()
-	// Generate default hostname
-	// FIXME: the lxc template no longer needs to set a default hostname
-	if config.Hostname == "" {
-		config.Hostname = id[:12]
-	}
-
-	container := &Container{
-		// FIXME: we should generate the ID here instead of receiving it as an argument
-		Id:              id,
-		Created:         time.Now(),
-		Path:            config.Cmd[0],
-		Args:            config.Cmd[1:], //FIXME: de-duplicate from config
-		Config:          config,
-		Image:           img.Id, // Always use the resolved image id
-		NetworkSettings: &NetworkSettings{},
-		// FIXME: do we need to store this in the container?
-		SysInitPath: sysInitPath,
-	}
-	container.root = runtime.containerRoot(container.Id)
-	// Step 1: create the container directory.
-	// This doubles as a barrier to avoid race conditions.
-	if err := os.Mkdir(container.root, 0700); err != nil {
-		return nil, err
-	}
-
-	// If custom dns exists, then create a resolv.conf for the container
-	if len(config.Dns) > 0 {
-		container.ResolvConfPath = path.Join(container.root, "resolv.conf")
-		f, err := os.Create(container.ResolvConfPath)
-		if err != nil {
-			return nil, err
-		}
-		defer f.Close()
-		for _, dns := range config.Dns {
-			if _, err := f.Write([]byte("nameserver " + dns + "\n")); err != nil {
-				return nil, err
-			}
-		}
-	} else {
-		container.ResolvConfPath = "/etc/resolv.conf"
-	}
-
-	// Step 2: save the container json
-	if err := container.ToDisk(); err != nil {
-		return nil, err
-	}
-	// Step 3: register the container
-	if err := runtime.Register(container); err != nil {
-		return nil, err
-	}
-	return container, nil
-}
-
 func (runtime *Runtime) Load(id string) (*Container, error) {
 	container := &Container{root: runtime.containerRoot(id)}
 	if err := container.FromDisk(); err != nil {
@@ -167,23 +107,6 @@ func (runtime *Runtime) Register(container *Container) error {
 	// init the wait lock
 	container.waitLock = make(chan struct{})
 
-	// FIXME: if the container is supposed to be running but is not, auto restart it?
-	//        if so, then we need to restart monitor and init a new lock
-	// If the container is supposed to be running, make sure of it
-	if container.State.Running {
-		if output, err := exec.Command("lxc-info", "-n", container.Id).CombinedOutput(); err != nil {
-			return err
-		} else {
-			if !strings.Contains(string(output), "RUNNING") {
-				Debugf("Container %s was supposed to be running be is not.", container.Id)
-				container.State.setStopped(-127)
-				if err := container.ToDisk(); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
 	// Even if not running, we init the lock (prevents races in start/stop/kill)
 	container.State.initLock()
 
@@ -202,11 +125,43 @@ func (runtime *Runtime) Register(container *Container) error {
 	runtime.containers.PushBack(container)
 	runtime.idIndex.Add(container.Id)
 
+	// When we actually restart, Start() do the monitoring.
+	// However, when we simply 'reattach', we have to restart a monitor
+	nomonitor := false
+
+	// FIXME: if the container is supposed to be running but is not, auto restart it?
+	//        if so, then we need to restart monitor and init a new lock
+	// If the container is supposed to be running, make sure of it
+	if container.State.Running {
+		if output, err := exec.Command("lxc-info", "-n", container.Id).CombinedOutput(); err != nil {
+			return err
+		} else {
+			if !strings.Contains(string(output), "RUNNING") {
+				Debugf("Container %s was supposed to be running be is not.", container.Id)
+				if runtime.autoRestart {
+					Debugf("Restarting")
+					container.State.Ghost = false
+					container.State.setStopped(0)
+					if err := container.Start(); err != nil {
+						return err
+					}
+					nomonitor = true
+				} else {
+					Debugf("Marking as stopped")
+					container.State.setStopped(-127)
+					if err := container.ToDisk(); err != nil {
+						return err
+					}
+				}
+			}
+		}
+	}
+
 	// If the container is not running or just has been flagged not running
 	// then close the wait lock chan (will be reset upon start)
 	if !container.State.Running {
 		close(container.waitLock)
-	} else {
+	} else if !nomonitor {
 		container.allocateNetwork()
 		go container.monitor()
 	}
@@ -223,6 +178,10 @@ func (runtime *Runtime) LogToDisk(src *writeBroadcaster, dst string) error {
 }
 
 func (runtime *Runtime) Destroy(container *Container) error {
+	if container == nil {
+		return fmt.Errorf("The given container is <nil>")
+	}
+
 	element := runtime.getContainerElement(container.Id)
 	if element == nil {
 		return fmt.Errorf("Container %v not found - maybe it was already destroyed?", container.Id)
@@ -247,33 +206,6 @@ func (runtime *Runtime) Destroy(container *Container) error {
 	return nil
 }
 
-// Commit creates a new filesystem image from the current state of a container.
-// The image can optionally be tagged into a repository
-func (runtime *Runtime) Commit(id, repository, tag, comment, author string) (*Image, error) {
-	container := runtime.Get(id)
-	if container == nil {
-		return nil, fmt.Errorf("No such container: %s", id)
-	}
-	// FIXME: freeze the container before copying it to avoid data corruption?
-	// FIXME: this shouldn't be in commands.
-	rwTar, err := container.ExportRw()
-	if err != nil {
-		return nil, err
-	}
-	// Create a new image from the container's base layers + a new layer from container changes
-	img, err := runtime.graph.Create(rwTar, container, comment, author)
-	if err != nil {
-		return nil, err
-	}
-	// Register the image if needed
-	if repository != "" {
-		if err := runtime.repositories.Set(repository, tag, img.Id, true); err != nil {
-			return img, err
-		}
-	}
-	return img, nil
-}
-
 func (runtime *Runtime) restore() error {
 	dir, err := ioutil.ReadDir(runtime.repository)
 	if err != nil {
@@ -291,9 +223,30 @@ func (runtime *Runtime) restore() error {
 	return nil
 }
 
+func (runtime *Runtime) UpdateCapabilities(quiet bool) {
+	if cgroupMemoryMountpoint, err := FindCgroupMountpoint("memory"); err != nil {
+		if !quiet {
+			log.Printf("WARNING: %s\n", err)
+		}
+	} else {
+		_, err1 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.limit_in_bytes"))
+		_, err2 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.soft_limit_in_bytes"))
+		runtime.capabilities.MemoryLimit = err1 == nil && err2 == nil
+		if !runtime.capabilities.MemoryLimit && !quiet {
+			log.Printf("WARNING: Your kernel does not support cgroup memory limit.")
+		}
+
+		_, err = ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.memsw.limit_in_bytes"))
+		runtime.capabilities.SwapLimit = err == nil
+		if !runtime.capabilities.SwapLimit && !quiet {
+			log.Printf("WARNING: Your kernel does not support cgroup swap limit.")
+		}
+	}
+}
+
 // FIXME: harmonize with NewGraph()
-func NewRuntime() (*Runtime, error) {
-	runtime, err := NewRuntimeFromDirectory("/var/lib/docker")
+func NewRuntime(autoRestart bool) (*Runtime, error) {
+	runtime, err := NewRuntimeFromDirectory("/var/lib/docker", autoRestart)
 	if err != nil {
 		return nil, err
 	}
@@ -306,27 +259,11 @@ func NewRuntime() (*Runtime, error) {
 			log.Printf("WARNING: You are running linux kernel version %s, which might be unstable running docker. Please upgrade your kernel to 3.8.0.", k.String())
 		}
 	}
-
-	if cgroupMemoryMountpoint, err := FindCgroupMountpoint("memory"); err != nil {
-		log.Printf("WARNING: %s\n", err)
-	} else {
-		_, err1 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.limit_in_bytes"))
-		_, err2 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.soft_limit_in_bytes"))
-		runtime.capabilities.MemoryLimit = err1 == nil && err2 == nil
-		if !runtime.capabilities.MemoryLimit {
-		   	log.Printf("WARNING: Your kernel does not support cgroup memory limit.")
-		}
-
-		_, err = ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.memsw.limit_in_bytes"))
-		runtime.capabilities.SwapLimit = err == nil
-		if !runtime.capabilities.SwapLimit {
-		   	log.Printf("WARNING: Your kernel does not support cgroup swap limit.")
-		}
-	}
+	runtime.UpdateCapabilities(false)
 	return runtime, nil
 }
 
-func NewRuntimeFromDirectory(root string) (*Runtime, error) {
+func NewRuntimeFromDirectory(root string, autoRestart bool) (*Runtime, error) {
 	runtimeRepo := path.Join(root, "containers")
 
 	if err := os.MkdirAll(runtimeRepo, 0700); err != nil && !os.IsExist(err) {
@@ -337,6 +274,10 @@ func NewRuntimeFromDirectory(root string) (*Runtime, error) {
 	if err != nil {
 		return nil, err
 	}
+	volumes, err := NewGraph(path.Join(root, "volumes"))
+	if err != nil {
+		return nil, err
+	}
 	repositories, err := NewTagStore(path.Join(root, "repositories"), g)
 	if err != nil {
 		return nil, fmt.Errorf("Couldn't create Tag store: %s", err)
@@ -363,6 +304,8 @@ func NewRuntimeFromDirectory(root string) (*Runtime, error) {
 		authConfig:     authConfig,
 		idIndex:        NewTruncIndex(),
 		capabilities:   &Capabilities{},
+		autoRestart:    autoRestart,
+		volumes:        volumes,
 	}
 
 	if err := runtime.restore(); err != nil {

runtime_test.go

@@ -60,8 +60,10 @@ func init() {
 		panic("docker tests needs to be run as root")
 	}
 
+	NetworkBridgeIface = "testdockbr0"
+
 	// Make it our Store root
-	runtime, err := NewRuntimeFromDirectory(unitTestStoreBase)
+	runtime, err := NewRuntimeFromDirectory(unitTestStoreBase, false)
 	if err != nil {
 		panic(err)
 	}
@@ -87,11 +89,11 @@ func newTestRuntime() (*Runtime, error) {
 		return nil, err
 	}
 
-	runtime, err := NewRuntimeFromDirectory(root)
+	runtime, err := NewRuntimeFromDirectory(root, false)
 	if err != nil {
 		return nil, err
 	}
-
+	runtime.UpdateCapabilities(true)
 	return runtime, nil
 }
 
@@ -116,7 +118,10 @@ func TestRuntimeCreate(t *testing.T) {
 	if len(runtime.List()) != 0 {
 		t.Errorf("Expected 0 containers, %v found", len(runtime.List()))
 	}
-	container, err := runtime.Create(&Config{
+
+	builder := NewBuilder(runtime)
+
+	container, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"ls", "-al"},
 	},
@@ -155,6 +160,26 @@ func TestRuntimeCreate(t *testing.T) {
 	if !runtime.Exists(container.Id) {
 		t.Errorf("Exists() returned false for a newly created container")
 	}
+
+	// Make sure crete with bad parameters returns an error
+	_, err = builder.Create(
+		&Config{
+			Image: GetTestImage(runtime).Id,
+		},
+	)
+	if err == nil {
+		t.Fatal("Builder.Create should throw an error when Cmd is missing")
+	}
+
+	_, err = builder.Create(
+		&Config{
+			Image: GetTestImage(runtime).Id,
+			Cmd:   []string{},
+		},
+	)
+	if err == nil {
+		t.Fatal("Builder.Create should throw an error when Cmd is empty")
+	}
 }
 
 func TestDestroy(t *testing.T) {
@@ -163,7 +188,7 @@ func TestDestroy(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"ls", "-al"},
 	},
@@ -210,7 +235,10 @@ func TestGet(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container1, err := runtime.Create(&Config{
+
+	builder := NewBuilder(runtime)
+
+	container1, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"ls", "-al"},
 	},
@@ -220,7 +248,7 @@ func TestGet(t *testing.T) {
 	}
 	defer runtime.Destroy(container1)
 
-	container2, err := runtime.Create(&Config{
+	container2, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"ls", "-al"},
 	},
@@ -230,7 +258,7 @@ func TestGet(t *testing.T) {
 	}
 	defer runtime.Destroy(container2)
 
-	container3, err := runtime.Create(&Config{
+	container3, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"ls", "-al"},
 	},
@@ -260,7 +288,7 @@ func TestAllocatePortLocalhost(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image:     GetTestImage(runtime).Id,
 		Cmd:       []string{"sh", "-c", "echo well hello there | nc -l -p 5555"},
 		PortSpecs: []string{"5555"},
@@ -273,7 +301,16 @@ func TestAllocatePortLocalhost(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer container.Kill()
-	time.Sleep(600 * time.Millisecond) // Wait for the container to run
+
+	setTimeout(t, "Waiting for the container to be started timed out", 2*time.Second, func() {
+		for {
+			if container.State.Running {
+				break
+			}
+			time.Sleep(10 * time.Millisecond)
+		}
+	})
+
 	conn, err := net.Dial("tcp",
 		fmt.Sprintf(
 			"localhost:%s", container.NetworkSettings.PortMapping["5555"],
@@ -293,6 +330,7 @@ func TestAllocatePortLocalhost(t *testing.T) {
 			string(output),
 		)
 	}
+	container.Wait()
 }
 
 func TestRestore(t *testing.T) {
@@ -308,13 +346,15 @@ func TestRestore(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	runtime1, err := NewRuntimeFromDirectory(root)
+	runtime1, err := NewRuntimeFromDirectory(root, false)
 	if err != nil {
 		t.Fatal(err)
 	}
 
+	builder := NewBuilder(runtime1)
+
 	// Create a container with one instance of docker
-	container1, err := runtime1.Create(&Config{
+	container1, err := builder.Create(&Config{
 		Image: GetTestImage(runtime1).Id,
 		Cmd:   []string{"ls", "-al"},
 	},
@@ -325,7 +365,7 @@ func TestRestore(t *testing.T) {
 	defer runtime1.Destroy(container1)
 
 	// Create a second container meant to be killed
-	container2, err := runtime1.Create(&Config{
+	container2, err := builder.Create(&Config{
 		Image:     GetTestImage(runtime1).Id,
 		Cmd:       []string{"/bin/cat"},
 		OpenStdin: true,
@@ -367,7 +407,7 @@ func TestRestore(t *testing.T) {
 
 	// Here are are simulating a docker restart - that is, reloading all containers
 	// from scratch
-	runtime2, err := NewRuntimeFromDirectory(root)
+	runtime2, err := NewRuntimeFromDirectory(root, false)
 	if err != nil {
 		t.Fatal(err)
 	}

utils.go

@@ -2,6 +2,8 @@ package docker
 
 import (
 	"bytes"
+	"crypto/sha256"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"github.com/dotcloud/docker/rcli"
@@ -12,7 +14,6 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
-	"regexp"
 	"runtime"
 	"strings"
 	"sync"
@@ -154,6 +155,13 @@ func SelfPath() string {
 	return path
 }
 
+type nopWriter struct {
+}
+
+func (w *nopWriter) Write(buf []byte) (int, error) {
+	return len(buf), nil
+}
+
 type nopWriteCloser struct {
 	io.Writer
 }
@@ -396,6 +404,14 @@ func CopyEscapable(dst io.Writer, src io.ReadCloser) (written int64, err error)
 	return written, err
 }
 
+func HashData(src io.Reader) (string, error) {
+	h := sha256.New()
+	if _, err := io.Copy(h, src); err != nil {
+		return "", err
+	}
+	return "sha256:" + hex.EncodeToString(h.Sum(nil)), nil
+}
+
 type KernelVersionInfo struct {
 	Kernel int
 	Major  int
@@ -409,7 +425,11 @@ func GetKernelVersion() (*KernelVersionInfo, error) {
 }
 
 func (k *KernelVersionInfo) String() string {
-	return fmt.Sprintf("%d.%d.%d-%s", k.Kernel, k.Major, k.Minor, k.Flavor)
+	flavor := ""
+	if len(k.Flavor) > 0 {
+		flavor = fmt.Sprintf("-%s", k.Flavor)
+	}
+	return fmt.Sprintf("%d.%d.%d%s", k.Kernel, k.Major, k.Minor, flavor)
 }
 
 // Compare two KernelVersionInfo struct.
@@ -437,17 +457,70 @@ func CompareKernelVersion(a, b *KernelVersionInfo) int {
 }
 
 func FindCgroupMountpoint(cgroupType string) (string, error) {
-	output, err := exec.Command("mount").CombinedOutput()
+	output, err := ioutil.ReadFile("/proc/mounts")
 	if err != nil {
 		return "", err
 	}
 
-	reg := regexp.MustCompile(`^.* on (.*) type cgroup \(.*` + cgroupType + `[,\)]`)
+	// /proc/mounts has 6 fields per line, one mount per line, e.g.
+	// cgroup /sys/fs/cgroup/devices cgroup rw,relatime,devices 0 0
 	for _, line := range strings.Split(string(output), "\n") {
-		r := reg.FindStringSubmatch(line)
-		if len(r) == 2 {
-			return r[1], nil
+		parts := strings.Split(line, " ")
+		if len(parts) == 6 && parts[2] == "cgroup" {
+			for _, opt := range strings.Split(parts[3], ",") {
+				if opt == cgroupType {
+					return parts[1], nil
+				}
+			}
 		}
 	}
+
 	return "", fmt.Errorf("cgroup mountpoint not found for %s", cgroupType)
 }
+
+// Compare two Config struct. Do not compare the "Image" nor "Hostname" fields
+// If OpenStdin is set, then it differs
+func CompareConfig(a, b *Config) bool {
+	if a == nil || b == nil ||
+		a.OpenStdin || b.OpenStdin {
+		return false
+	}
+	if a.AttachStdout != b.AttachStdout ||
+		a.AttachStderr != b.AttachStderr ||
+		a.User != b.User ||
+		a.Memory != b.Memory ||
+		a.MemorySwap != b.MemorySwap ||
+		a.OpenStdin != b.OpenStdin ||
+		a.Tty != b.Tty {
+		return false
+	}
+	if len(a.Cmd) != len(b.Cmd) ||
+		len(a.Dns) != len(b.Dns) ||
+		len(a.Env) != len(b.Env) ||
+		len(a.PortSpecs) != len(b.PortSpecs) {
+		return false
+	}
+
+	for i := 0; i < len(a.Cmd); i++ {
+		if a.Cmd[i] != b.Cmd[i] {
+			return false
+		}
+	}
+	for i := 0; i < len(a.Dns); i++ {
+		if a.Dns[i] != b.Dns[i] {
+			return false
+		}
+	}
+	for i := 0; i < len(a.Env); i++ {
+		if a.Env[i] != b.Env[i] {
+			return false
+		}
+	}
+	for i := 0; i < len(a.PortSpecs); i++ {
+		if a.PortSpecs[i] != b.PortSpecs[i] {
+			return false
+		}
+	}
+
+	return true
+}