bump version to rc5

Signed-off-by: Victor Vieux <vieux@docker.com>

.gitignore

@@ -17,6 +17,7 @@ bundles/
 cmd/dockerd/dockerd
 cmd/docker/docker
 dockerversion/version_autogen.go
+dockerversion/version_autogen_unix.go
 docs/AWS_S3_BUCKET
 docs/GITCOMMIT
 docs/GIT_BRANCH

CHANGELOG.md

@@ -5,7 +5,23 @@ information on the list of deprecated flags and APIs please have a look at
 https://docs.docker.com/engine/deprecated/ where target removal dates can also
 be found.
 
-## 1.13.0 (2016-12-08)
+## 1.13.0 (2017-01-10)
+
+**IMPORTANT**: In Docker 1.13, the managed plugin api changed, as compared to the experimental
+version introduced in Docker 1.12. You must **uninstall** plugins which you installed with Docker 1.12
+_before_ upgrading to Docker 1.13. You can uninstall plugins using the `docker plugin rm` command.
+
+If you have already upgraded to Docker 1.13 without uninstalling
+previously-installed plugins, you may see this message when the Docker daemon
+starts:
+
+    Error starting daemon: json: cannot unmarshal string into Go value of type types.PluginEnv
+
+To manually remove all plugins and resolve this problem, take the following steps:
+
+1. Remove plugins.json from: `/var/lib/docker/plugins/`.
+2. Restart Docker. Verify that the Docker daemon starts with no errors.
+3. Reinstall your plugins.
 
 ### Builder
 + Add capability to specify images used as a cache source on build. These images do not need to have local parent chain and can be pulled from other registries [#26839](https://github.com/docker/docker/pull/26839)
@@ -18,15 +34,19 @@ be found.
 - Fix image layer inconsistencies when using the overlay storage driver [#27209](https://github.com/docker/docker/pull/27209)
 * Unused build-args are now allowed. A warning is presented instead of an error and failed build [#27412](https://github.com/docker/docker/pull/27412)
 - Fix builder cache issue on Windows [#27805](https://github.com/docker/docker/pull/27805)
++ Allow `USER` in builder on Windows [#28415](https://github.com/docker/docker/pull/28415)
++ Handle env case-insensitive on Windows [#28725](https://github.com/docker/docker/pull/28725)
 
 ### Contrib
-+ Add support for building docker debs for Ubuntu Xenial on PPC64 [#23438](https://github.com/docker/docker/pull/23438)
-+ Add support for building docker debs for Ubuntu Xenial on s390x [#26104](https://github.com/docker/docker/pull/26104)
++ Add support for building docker debs for Ubuntu 16.04 Xenial on PPC64LE [#23438](https://github.com/docker/docker/pull/23438)
++ Add support for building docker debs for Ubuntu 16.04 Xenial on s390x [#26104](https://github.com/docker/docker/pull/26104)
++ Add support for building docker debs for Ubuntu 16.10 Yakkety Yak on PPC64LE [#28046](https://github.com/docker/docker/pull/28046)
 - Add RPM builder for VMWare Photon OS [#24116](https://github.com/docker/docker/pull/24116)
 + Add shell completions to tgz [#27735](https://github.com/docker/docker/pull/27735)
 * Update the install script to allow using the mirror in China [#27005](https://github.com/docker/docker/pull/27005)
 + Add DEB builder for Ubuntu 16.10 Yakkety Yak [#27993](https://github.com/docker/docker/pull/27993)
 + Add RPM builder for Fedora 25 [#28222](https://github.com/docker/docker/pull/28222)
++ Add `make deb` support for aarch64 [#27625](https://github.com/docker/docker/pull/27625)
 
 ### Distribution
 
@@ -52,11 +72,14 @@ be found.
 + Unix socket support for fluentd [#26088](https://github.com/docker/docker/pull/26088)
 * Enable fluentd logging driver on Windows [#28189](https://github.com/docker/docker/pull/28189)
 - Sanitize docker labels when used as journald field names [#23725](https://github.com/docker/docker/pull/23725)
+- Fix an issue where `docker logs --tail` returned less lines than expected [#28203](https://github.com/docker/docker/pull/28203)
+- Splunk Logging Driver: performance and reliability improvements [#26207](https://github.com/docker/docker/pull/26207)
+- Splunk Logging Driver: configurable formats and skip for verifying connection [#25786](https://github.com/docker/docker/pull/25786)
 
 ### Networking
 
 + Add `--attachable` network support to enable `docker run` to work in swarm-mode overlay network [#25962](https://github.com/docker/docker/pull/25962)
-+ Add support for host port PublishMode in services using the `--port` option in `docker service create` [#27917](https://github.com/docker/docker/pull/27917)
++ Add support for host port PublishMode in services using the `--publish` option in `docker service create` [#27917](https://github.com/docker/docker/pull/27917) and [#28943](https://github.com/docker/docker/pull/28943)
 + Add support for Windows server 2016 overlay network driver (requires upcoming ws2016 update) [#28182](https://github.com/docker/docker/pull/28182)
 * Change the default `FORWARD` policy to `DROP` [#28257](https://github.com/docker/docker/pull/28257)
 + Add support for specifying static IP addresses for predefined network on windows [#22208](https://github.com/docker/docker/pull/22208)
@@ -77,6 +100,7 @@ be found.
 + Add `docker plugin create` command [#28164](https://github.com/docker/docker/pull/28164)
 * Send request's TLS peer certificates to authorization plugins [#27383](https://github.com/docker/docker/pull/27383)
 * Support for global-scoped network and ipam plugins in swarm-mode [#27287](https://github.com/docker/docker/pull/27287)
+* Split `docker plugin install` into two API call `/privileges` and `/pull` [#28963](https://github.com/docker/docker/pull/28963)
 
 ### Remote API (v1.25) & Client
 
@@ -90,14 +114,13 @@ be found.
 + Add `--format` on `docker stats` [#24987](https://github.com/docker/docker/pull/24987)
 + Make `docker node ps` default to `self` in swarm node [#25214](https://github.com/docker/docker/pull/25214)
 + Add `--group` in `docker service create` [#25317](https://github.com/docker/docker/pull/25317)
-+ Add `--no-trunc` to service/node/stack ps output [#25337(https://github.com/docker/docker/pull/25337)
++ Add `--no-trunc` to service/node/stack ps output [#25337](https://github.com/docker/docker/pull/25337)
 + Add Logs to `ContainerAttachOptions` so go clients can request to retrieve container logs as part of the attach process [#26718](https://github.com/docker/docker/pull/26718)
 + Allow client to talk to an older server [#27745](https://github.com/docker/docker/pull/27745)
 * Inform user client-side that a container removal is in progress [#26074](https://github.com/docker/docker/pull/26074)
 + Add `Isolation` to the /info endpoint [#26255](https://github.com/docker/docker/pull/26255)
 + Add `userns` to the /info endpoint [#27840](https://github.com/docker/docker/pull/27840)
 - Do not allow more than one mode be requested at once in the services endpoint [#26643](https://github.com/docker/docker/pull/26643)
-+ Add `--mount` flag to `docker create` and `docker run` [#26825](https://github.com/docker/docker/pull/26825)[#28150](https://github.com/docker/docker/pull/28150)
 + Add capability to /containers/create API to specify mounts in a more granular and safer way [#22373](https://github.com/docker/docker/pull/22373)
 + Add `--format` flag to `network ls` and `volume ls` [#23475](https://github.com/docker/docker/pull/23475)
 * Allow the top-level `docker inspect` command to inspect any kind of resource [#23614](https://github.com/docker/docker/pull/23614)
@@ -132,7 +155,7 @@ be found.
 - Fix a race condition between device deferred removal and resume device, when using the devicemapper graphdriver [#23497](https://github.com/docker/docker/pull/23497)
 - Add `docker stats` support in Windows [#25737](https://github.com/docker/docker/pull/25737)
 - Allow using `--pid=host` and `--net=host` when `--userns=host` [#25771](https://github.com/docker/docker/pull/25771)
-+ (experimental) Add metrics output [#25820](https://github.com/docker/docker/pull/25820)
++ (experimental) Add metrics (Prometheus) output for basic `container`, `image`, and `daemon` operations [#25820](https://github.com/docker/docker/pull/25820)
 - Fix issue in `docker stats` with `NetworkDisabled=true` [#25905](https://github.com/docker/docker/pull/25905)
 + Add `docker top` support in Windows [#25891](https://github.com/docker/docker/pull/25891)
 + Record pid of exec'd process [#27470](https://github.com/docker/docker/pull/27470)
@@ -150,10 +173,10 @@ be found.
 ### Swarm Mode
 
 + Add secret management [#27794](https://github.com/docker/docker/pull/27794)
++ Add support for templating service options (hostname, mounts, and environment variables) [#28025](https://github.com/docker/docker/pull/28025)
 * Display the endpoint mode in the output of `docker service inspect --pretty` [#26906](https://github.com/docker/docker/pull/26906)
 * Make `docker service ps` output more bearable by shortening service IDs in task names [#28088](https://github.com/docker/docker/pull/28088)
-* `docker node ps` now defaults to the current node [#25214](https://github.com/docker/docker/pull/25214)
-+ Add `-a`/`--all` flags to `docker service ps` and `docker node ps` to show all results [#25983](https://github.com/docker/docker/pull/25983)
+* Make `docker node ps` default to the current node [#25214](https://github.com/docker/docker/pull/25214)
 + Add `--dns`, -`-dns-opt`, and `--dns-search` to service create. [#27567](https://github.com/docker/docker/pull/27567)
 + Add `--force` to `docker service update` [#27596](https://github.com/docker/docker/pull/27596)
 + Add `-q` to `docker service ps` [#27654](https://github.com/docker/docker/pull/27654)
@@ -161,21 +184,26 @@ be found.
 - Remove `--name` flag from `docker service update`. This flag is only functional on `docker service create`, so was removed from the `update` command [#26988](https://github.com/docker/docker/pull/26988)
 - Fix worker nodes failing to recover because of transient networking issues [#26646](https://github.com/docker/docker/issues/26646)
 * Add support for health aware load balancing and DNS records [#27279](https://github.com/docker/docker/pull/27279)
-* Add `--hostname` to `docker service create` [#27857](https://github.com/docker/docker/pull/27857)
-- Add `--tty` flag to `docker service create`/`update` [#28076](https://github.com/docker/docker/pull/28076)
++ Add `--hostname` to `docker service create` [#27857](https://github.com/docker/docker/pull/27857)
++ Add `--host` to `docker service create`, and `--host-add`, `--host-rm` to `docker service update` [#28031](https://github.com/docker/docker/pull/28031)
++ Add `--tty` flag to `docker service create`/`update` [#28076](https://github.com/docker/docker/pull/28076)
 * Autodetect, store, and expose node IP address as seen by the manager [#27910](https://github.com/docker/docker/pull/27910)
 * Encryption at rest of manager keys and raft data [#27967](https://github.com/docker/docker/pull/27967)
 + Add `--update-max-failure-ratio`, `--update-monitor` and `--rollback` flags to `docker service update` [#26421](https://github.com/docker/docker/pull/26421)
 - Fix an issue with address autodiscovery on `docker swarm init` running inside a container [#26457](https://github.com/docker/docker/pull/26457)
 + (experimental) Add `docker service logs` command to view logs for a service [#28089](https://github.com/docker/docker/pull/28089)
-- Pin images by digest for `docker service create` and `update` [#28173](https://github.com/docker/docker/pull/28173)
-- Add short (`-f`) flag for `docker node rm --force` and `docker swarm leave --force` [#28196](https://github.com/docker/docker/pull/28196)
-+ Don't repull image if pinned by digest [#28265](https://github.com/docker/docker/pull/28265)
-+ swarm-mode support for indows [#27838](https://github.com/docker/docker/pull/27838)
++ Pin images by digest for `docker service create` and `update` [#28173](https://github.com/docker/docker/pull/28173)
+* Add short (`-f`) flag for `docker node rm --force` and `docker swarm leave --force` [#28196](https://github.com/docker/docker/pull/28196)
++ Add options to customize Raft snapshots (`--max-snapshots`, `--snapshot-interval`) [#27997](https://github.com/docker/docker/pull/27997)
+- Don't repull image if pinned by digest [#28265](https://github.com/docker/docker/pull/28265)
++ Swarm-mode support for Windows [#27838](https://github.com/docker/docker/pull/27838)
++ Allow hostname to be updated on service [#28771](https://github.com/docker/docker/pull/28771)
++ Support v2 plugins [#29433](https://github.com/docker/docker/pull/29433)
++ Add content trust for services [#29469](https://github.com/docker/docker/pull/29469)
 
 ### Volume
 
-+ Add support for labels on volumes [#25628](https://github.com/docker/docker/pull/21567)
++ Add support for labels on volumes [#21270](https://github.com/docker/docker/pull/21270)
 + Add support for filtering volumes by label [#25628](https://github.com/docker/docker/pull/25628)
 * Add a `--force` flag in `docker volume rm` to forcefully purge the data of the volume that has already been deleted [#23436](https://github.com/docker/docker/pull/23436)
 * Enhance `docker volume inspect` to show all options used when creating the volume [#26671](https://github.com/docker/docker/pull/26671)
@@ -192,10 +220,13 @@ be found.
 - Deprecate unversioned API endpoints [#28208](https://github.com/docker/docker/pull/28208)
 - Remove Ubuntu 15.10 (Wily Werewolf) as supported platform. Ubuntu 15.10 is EOL, and no longer receives updates [#27042](https://github.com/docker/docker/pull/27042)
 - Remove Fedora 22 as supported platform. Fedora 22 is EOL, and no longer receives updates [#27432](https://github.com/docker/docker/pull/27432)
+- Remove Fedora 23 as supported platform. Fedora 23 is EOL, and no longer receives updates [#29455](https://github.com/docker/docker/pull/29455)
 - Deprecate the `repo:shortid` syntax on `docker pull` [#27207](https://github.com/docker/docker/pull/27207)
-- Deprecate backing filesystem without d_type for overlay/overlay2 storage drivers [#27433](https://github.com/docker/docker/pull/27433)
-- Deprecate MAINTAINER in Dockerfile [#25466](https://github.com/docker/docker/pull/25466)
-- Deprecated filter param for endpoint `/images/json` [#27872](https://github.com/docker/docker/pull/27872)
+- Deprecate backing filesystem without `d_type` for overlay and overlay2 storage drivers [#27433](https://github.com/docker/docker/pull/27433)
+- Deprecate `MAINTAINER` in Dockerfile [#25466](https://github.com/docker/docker/pull/25466)
+- Deprecate `filter` param for endpoint `/images/json` [#27872](https://github.com/docker/docker/pull/27872)
+- Deprecate setting duplicate engine labels [#24533](https://github.com/docker/docker/pull/24533)
+- Deprecate "top-level" network information in `NetworkSettings` [#28437](https://github.com/docker/docker/pull/28437)
 
 ## 1.12.3 (2016-10-26)
 
@@ -584,7 +615,7 @@ installing docker, please make sure to update them accordingly.
 
 
 ### DEPRECATION
-* Environment variables `DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and `DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` have been renamed  
+* Environment variables `DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and `DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` have been renamed
   to `DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE` and `DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE` respectively [#22574](https://github.com/docker/docker/pull/22574)
 * Remove deprecated `syslog-tag`, `gelf-tag`, `fluentd-tag` log option in favor of the more generic `tag` one [#22620](https://github.com/docker/docker/pull/22620)
 * Remove deprecated feature of passing HostConfig at API container start [#22570](https://github.com/docker/docker/pull/22570)
@@ -755,7 +786,7 @@ installing docker, please make sure to update them accordingly.
 - Fix a panic that could occur when cleanup after a container started with invalid parameters ([#21716](https://github.com/docker/docker/pull/21716))
 - Fix a race with event timers stopping early ([#21692](https://github.com/docker/docker/pull/21692))
 - Fix race conditions in the layer store, potentially corrupting the map and crashing the process ([#21677](https://github.com/docker/docker/pull/21677))
-- Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](https://github.com/docker/docker/pull/21666))  
+- Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](https://github.com/docker/docker/pull/21666))
   Docker 1.9, but was decided to be too much of a backward-incompatible change, so it was decided to keep the feature.
 + It is now possible for containers to share the NET and IPC namespaces when `userns` is enabled ([#21383](https://github.com/docker/docker/pull/21383))
 + `docker inspect <image-id>` will now expose the rootfs layers ([#21370](https://github.com/docker/docker/pull/21370))

Dockerfile

@@ -25,16 +25,15 @@
 
 FROM debian:jessie
 
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
 # Add zfs ppa
 RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61 \
 	|| apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61
 RUN echo deb http://ppa.launchpad.net/zfs-native/stable/ubuntu trusty main > /etc/apt/sources.list.d/zfs.list
 
-
-# Allow replacing httpredir mirror
-ARG APT_MIRROR=httpredir.debian.org
-RUN sed -i s/httpredir.debian.org/$APT_MIRROR/g /etc/apt/sources.list
-
 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
 	apparmor \

Dockerfile.armhf

@@ -17,6 +17,10 @@
 
 FROM armhf/debian:jessie
 
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
 	apparmor \

Dockerfile.ppc64le

@@ -18,6 +18,10 @@
 # ppc64le/golang is a debian:jessie based image with golang installed
 FROM ppc64le/golang:1.6.3
 
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
 	apparmor \

Dockerfile.simple

@@ -7,6 +7,10 @@
 
 FROM debian:jessie
 
+# allow replacing httpredir or deb mirror
+ARG APT_MIRROR=deb.debian.org
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+
 # Compile and runtime deps
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies

Dockerfile.windows

@@ -2,7 +2,7 @@
 
 # -----------------------------------------------------------------------------------------
 # This file describes the standard way to build Docker in a container on Windows
-# Server 2016.
+# Server 2016 or Windows 10.
 #
 # Maintainer: @jhowardmsft
 # -----------------------------------------------------------------------------------------
@@ -11,21 +11,25 @@
 # Prerequisites:
 # --------------
 #
-# 1. Windows Server 2016 with all Windows updates applied. Pre-release versions
-#    of Windows are not supported (eg Windows Server 2016 TP5). The build number
-#    must be at least 14393. This can be confirmed, for example, by running the
-#    following from an elevated PowerShell prompt - this sample output is from a 
-#    fully up to date machine as at late October 2016:
+# 1. Windows Server 2016 or Windows 10 with all Windows updates applied. The major 
+#    build number must be at least 14393. This can be confirmed, for example, by 
+#    running the following from an elevated PowerShell prompt - this sample output 
+#    is from a fully up to date machine as at mid-November 2016:
 #
 #    >> PS C:\> $(gin).WindowsBuildLabEx
-#    >> 14393.321.amd64fre.rs1_release_inmarket.161004-2338
+#    >> 14393.447.amd64fre.rs1_release_inmarket.161102-0100
 #
 # 2. Git for Windows (or another git client) must be installed. https://git-scm.com/download/win.
 #
 # 3. The machine must be configured to run containers. For example, by following
 #    the quick start guidance at https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start or
 #    https://github.com/docker/labs/blob/master/windows/windows-containers/Setup.md
-
+#
+# 4. If building in a Hyper-V VM: For Windows Server 2016 using Windows Server
+#    containers as the default option, it is recommended you have at least 1GB 
+#    of memory assigned; For Windows 10 where Hyper-V Containers are employed, you
+#    should have at least 4GB of memory assigned. Note also, to run Hyper-V 
+#    containers in a VM, it is necessary to configure the VM for nested virtualization.
 
 # -----------------------------------------------------------------------------------------
 
@@ -58,23 +62,24 @@
 #    >>   cd C:\go\src\github.com\docker\docker 
 #
 #
-# 3. Build a docker image with the components required to build the docker binaries from source:
+# 3. Build a docker image with the components required to build the docker binaries from source
+#    by running one of the following:
 #
-#    >>   docker build -t nativebuildimage -f Dockerfile.windows .
+#    >>   docker build -t nativebuildimage -f Dockerfile.windows .          
+#    >>   docker build -t nativebuildimage -f Dockerfile.windows -m 2GB .    (if using Hyper-V containers)
 #
 #
-# 4. Build the docker executable binaries in a container:
+# 4. Build the docker executable binaries by running one of the following:
 #
-#    >>   docker run --name binaries nativebuildimage sh -c 'cd /c/go/src/github.com/docker/docker; hack/make.sh binary'
+#    >>   docker run --name binaries nativebuildimage hack\make.ps1 -Binary
+#    >>   docker run --name binaries -m 2GB nativebuildimage hack\make.ps1 -Binary    (if using Hyper-V containers)
 #
 #
-# 5. Copy the binaries out of the above container, replacing HostPath with an appropriate destination 
+# 5. Copy the binaries out of the container, replacing HostPath with an appropriate destination 
 #    folder on the host system where you want the binaries to be located.
 #
-#    >>   $v=$(Get-Content ".\VERSION" -raw).ToString().Replace("`n","").Trim()
-#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\$v\binary-client\docker-$v.exe C:\HostPath\docker.exe
-#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\$v\binary-daemon\dockerd.exe C:\HostPath\dockerd.exe
-#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\$v\binary-daemon\docker-proxy-$v.exe C:\HostPath\docker-proxy.exe
+#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\docker.exe C:\HostPath\docker.exe
+#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\dockerd.exe C:\HostPath\dockerd.exe
 #
 #
 # 6. (Optional) Remove the interim container holding the built executable binaries:
@@ -88,7 +93,42 @@
 #    image which has all the components required to build the binaries already installed.
 #
 #    >>    docker rmi nativebuildimage
+#
 
+# -----------------------------------------------------------------------------------------
+
+
+#  The validation tests can either run in a container, or directly on the host. To run in a
+#  container, ensure you have created the nativebuildimage above. Then run one of the
+#  following from an (elevated) Windows PowerShell prompt:
+#
+#    >>   docker run --rm nativebuildimage hack\make.ps1 -DCO -PkgImports -GoFormat
+#    >>   docker run --rm -m 2GB nativebuildimage hack\make.ps1 -DCO -PkgImports -GoFormat    (if using Hyper-V containers)
+
+# To run the validation tests on the host, from the root of the repository, run the
+# following from a Windows PowerShell prompt (elevation is not required): (Note Go
+# must be installed to run these tests)
+#
+#    >>   hack\make.ps1 -DCO -PkgImports -GoFormat
+
+# -----------------------------------------------------------------------------------------
+
+
+#  To run unit tests, ensure you have created the nativebuildimage above. Then run one of
+#  the following from an (elevated) Windows PowerShell prompt:
+#
+#    >>   docker run --rm nativebuildimage hack\make.ps1 -TestUnit
+#    >>   docker run --rm -m 2GB nativebuildimage hack\make.ps1 -TestUnit    (if using Hyper-V containers)
+
+
+# -----------------------------------------------------------------------------------------
+
+
+#  To run all tests and binary build, ensure you have created the nativebuildimage above. Then 
+#  run one of the following from an (elevated) Windows PowerShell prompt:
+#
+#    >>   docker run nativebuildimage hack\make.ps1 -All
+#    >>   docker run -m 2GB nativebuildimage hack\make.ps1 -All    (if using Hyper-V containers)
 
 # -----------------------------------------------------------------------------------------
 
@@ -96,28 +136,26 @@
 # Important notes:
 # ---------------
 #
-# The posix utilities from git aren't usable interactively as at October 2016. This
-# is because they require a console window which isn't present in a container in Windows.
-# See the example at the top of this file. Do NOT use -it in that docker run. It will not work.
+# Don't attempt to use a bind-mount to pass a local directory as the bundles target
+# directory. It does not work (golang attempts for follow a mapped folder incorrectly). 
+# Instead, use docker cp as per the example.
 #
-# Don't attempt to use a volume for passing the source through to the container. The posix utilities will
-# balk at reparse points. 
+# go.zip is not removed from the image as it is used by the Windows CI servers
+# to ensure the host and image are running consistent versions of go.
 #
-# The downloaded files are not cleared from the image. go.zip is used by the Windows
-# CI servers to ensure the host and image are running consistent versions of go.
+# Nanoserver support is a work in progress. Although the image will build if the 
+# FROM statement is updated, it will not work when running autogen through hack\make.ps1. 
+# It is suspected that the required GCC utilities (eg gcc, windres, windmc) silently
+# quit due to the use of console hooks which are not available.
 #
-# The GIT installer isn't very good at unattended install. We use techniques described
-# at the links below to force it to set the path and other options accordingly. 
-# >> http://superuser.com/questions/944576/git-for-windows-silent-install-silent-arguments 
-# and follow through to installer at
-# >> https://github.com/ferventcoder/chocolatey-packages/blob/master/automatic/git.install/tools/chocolateyInstall.ps1
+# The docker integration tests do not currently run in a container on Windows, predominantly
+# due to Windows not supporting privileged mode, so anything using a volume would fail.
+# They (along with the rest of the docker CI suite) can be run using 
+# https://github.com/jhowardmsft/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1.
 #
-# As of October 2016, this does not work on Windows 10 client, just Windows Server 2016,
-# and only with the default isolation mode (process). It does not work with isolation mode
-# set to Hyper-V containers (hyperv).
-
 # -----------------------------------------------------------------------------------------
 
+
 # The number of build steps below are explicitly minimised to improve performance.
 FROM microsoft/windowsservercore
 
@@ -128,55 +166,102 @@ SHELL ["powershell", "-command"]
 #  - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
 #  - FROM_DOCKERFILE is used for detection of building within a container.
 ENV GO_VERSION=1.7.3 `
-    GIT_LOCATION=https://github.com/git-for-windows/git/releases/download/v2.10.1.windows.1/Git-2.10.1-64-bit.exe `
+    GIT_VERSION=2.10.2 `
     GOPATH=C:\go `
     FROM_DOCKERFILE=1
 
-WORKDIR C:\
-
 RUN `
-  setx /M Path $($Env:PATH+';C:\gcc\bin;C:\go\bin'); `
-  `
   $ErrorActionPreference = 'Stop'; `
+  $ProgressPreference = 'SilentlyContinue'; `
+  `
+  Function Test-Nano() { `
+    $EditionId = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'EditionID').EditionId; `
+    return (($EditionId -eq 'ServerStandardNano') -or ($EditionId -eq 'ServerDataCenterNano') -or ($EditionId -eq 'NanoServer')); `
+  }`
+  `
   Function Download-File([string] $source, [string] $target) { `
-    $wc = New-Object net.webclient; $wc.Downloadfile($source, $target) `
+    if (Test-Nano) { `
+      $handler = New-Object System.Net.Http.HttpClientHandler; `
+      $client = New-Object System.Net.Http.HttpClient($handler); `
+      $client.Timeout = New-Object System.TimeSpan(0, 30, 0); `
+      $cancelTokenSource = [System.Threading.CancellationTokenSource]::new(); `
+      $responseMsg = $client.GetAsync([System.Uri]::new($source), $cancelTokenSource.Token); `
+      $responseMsg.Wait(); `
+      if (!$responseMsg.IsCanceled) { `
+        $response = $responseMsg.Result; `
+        if ($response.IsSuccessStatusCode) { `
+          $downloadedFileStream = [System.IO.FileStream]::new($target, [System.IO.FileMode]::Create, [System.IO.FileAccess]::Write); `
+          $copyStreamOp = $response.Content.CopyToAsync($downloadedFileStream); `
+          $copyStreamOp.Wait(); `
+          $downloadedFileStream.Close(); `
+          if ($copyStreamOp.Exception -ne $null) { throw $copyStreamOp.Exception } `
+        } `
+      } else { `
+      Throw ("Failed to download " + $source) `
+      }`
+    } else { `
+      $webClient = New-Object System.Net.WebClient; `
+      $webClient.DownloadFile($source, $target); `
+    } `
   } `
   `
+  setx /M PATH $('C:\git\bin;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin'); `
+  `
   Write-Host INFO: Downloading git...; `
-  Download-File $Env:GIT_LOCATION gitsetup.exe; `
+  $location='https://github.com/git-for-windows/git/releases/download/v'+$env:GIT_VERSION+'.windows.1/PortableGit-'+$env:GIT_VERSION+'-64-bit.7z.exe'; `
+  Download-File $location C:\gitsetup.7z.exe; `
   `
   Write-Host INFO: Downloading go...; `
-  Download-File $('https://golang.org/dl/go'+$Env:GO_VERSION+'.windows-amd64.zip') go.zip; `
+  Download-File $('https://golang.org/dl/go'+$Env:GO_VERSION+'.windows-amd64.zip') C:\go.zip; `
   `
   Write-Host INFO: Downloading compiler 1 of 3...; `
-  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/gcc.zip gcc.zip; `
+  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/gcc.zip C:\gcc.zip; `
   `
   Write-Host INFO: Downloading compiler 2 of 3...; `
-  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/runtime.zip runtime.zip; `
+  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/runtime.zip C:\runtime.zip; `
   `
   Write-Host INFO: Downloading compiler 3 of 3...; `
-  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/binutils.zip binutils.zip; `
+  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/binutils.zip C:\binutils.zip; `
   `
-  Write-Host INFO: Installing git...; `
-  $installPath = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'; `
-  $installItem = 'Git_is1'; `
-  New-Item -Path $installPath -Name $installItem -Force; `
-  $installKey = $installPath+'\'+$installItem; `
-  New-ItemProperty $installKey -Name 'Inno Setup CodeFile: Path Option' -Value 'CmdTools' -PropertyType 'String' -Force; `
-  New-ItemProperty $installKey -Name 'Inno Setup CodeFile: Bash Terminal Option' -Value 'ConHost' -PropertyType 'String' -Force; `
-  New-ItemProperty $installKey -Name 'Inno Setup CodeFile: CRLF Option' -Value 'CRLFCommitAsIs' -PropertyType 'String' -Force; `
-  Start-Process gitsetup.exe -ArgumentList '/VERYSILENT /SUPPRESSMSGBOXES /CLOSEAPPLICATIONS /DIR=C:\git\' -Wait; `
+  Write-Host INFO: Installing PS7Zip package...; `
+  Install-Package PS7Zip -Force | Out-Null; `
+  Write-Host INFO: Importing PS7Zip...; `
+  Import-Module PS7Zip -Force; `
+  New-Item C:\git -ItemType Directory | Out-Null ; `
+  cd C:\git; `
+  Write-Host INFO: Extracting git...; `
+  Expand-7Zip C:\gitsetup.7z.exe | Out-Null; `
+  cd C:\; `
   `
   Write-Host INFO: Expanding go...; `
   Expand-Archive C:\go.zip -DestinationPath C:\; `
   `
-  Write-Host INFO: Expanding compiler...; `
+  Write-Host INFO: Expanding compiler 1 of 3...; `
   Expand-Archive C:\gcc.zip -DestinationPath C:\gcc -Force; `
+  Write-Host INFO: Expanding compiler 2 of 3...; `
   Expand-Archive C:\runtime.zip -DestinationPath C:\gcc -Force; `
+  Write-Host INFO: Expanding compiler 3 of 3...; `
   Expand-Archive C:\binutils.zip -DestinationPath C:\gcc -Force; `
   `
+  Write-Host INFO: Removing downloaded files...; `
+  Remove-Item C:\gcc.zip; `
+  Remove-Item C:\runtime.zip; `
+  Remove-Item C:\binutils.zip; `
+  Remove-Item C:\gitsetup.7z.exe; `
+  `
+  Write-Host INFO: Creating source directory...; `
+  New-Item -ItemType Directory -Path C:\go\src\github.com\docker\docker | Out-Null; `
+  `
+  Write-Host INFO: Configuring git core.autocrlf...; `
+  C:\git\bin\git config --global core.autocrlf true; `
+  `
   Write-Host INFO: Completed
 
-# Prepare for building
-COPY . C:\go\src\github.com\docker\docker
+# Make PowerShell the default entrypoint
+ENTRYPOINT ["powershell.exe"]
 
+# Set the working directory to the location of the sources
+WORKDIR C:\go\src\github.com\docker\docker
+
+# Copy the sources into the container
+COPY . .

Makefile

@@ -144,4 +144,4 @@ swagger-gen:
 		-w /go/src/github.com/docker/docker \
 		--entrypoint hack/generate-swagger-api.sh \
 		-e GOPATH=/go \
-		quay.io/goswagger/swagger
+		quay.io/goswagger/swagger:0.7.4

VERSION

@@ -1 +1 @@
-1.13.0-dev
+1.13.0-rc5

api/README.md

@@ -1,5 +1,42 @@
-This directory contains code pertaining to the Docker API:
+# Working on the Engine API
 
- - Used by the docker client when communicating with the docker daemon
+The Engine API is an HTTP API used by the command-line client to communicate with the daemon. It can also be used by third-party software to control the daemon.
 
- - Used by third party tools wishing to interface with the docker daemon
+It consists of various components in this repository:
+
+- `api/swagger.yaml` A Swagger definition of the API.
+- `api/types/` Types shared by both the client and server, representing various objects, options, responses, etc. Most are written manually, but some are automatically generated from the Swagger definition. See [#27919](https://github.com/docker/docker/issues/27919) for progress on this.
+- `cli/` The command-line client.
+- `client/` The Go client used by the command-line client. It can also be used by third-party Go programs.
+- `daemon/` The daemon, which serves the API.
+
+## Swagger definition
+
+The API is defined by the [Swagger](http://swagger.io/specification/) definition in `api/swagger.yaml`. This definition can be used to:
+
+1. To automatically generate documentation.
+2. To automatically generate the Go server and client. (A work-in-progress.)
+3. Provide a machine readable version of the API for introspecting what it can do, automatically generating clients for other languages, etc.
+
+## Updating the API documentation
+
+The API documentation is generated entirely from `api/swagger.yaml`. If you make updates to the API, you'll need to edit this file to represent the change in the documentation.
+
+The file is split into two main sections:
+
+- `definitions`, which defines re-usable objects used in requests and responses
+- `paths`, which defines the API endpoints (and some inline objects which don't need to be reusable)
+
+To make an edit, first look for the endpoint you want to edit under `paths`, then make the required edits. Endpoints may reference reusable objects with `$ref`, which can be found in the `definitions` section.
+
+There is hopefully enough example material in the file for you to copy a similar pattern from elsewhere in the file (e.g. adding new fields or endpoints), but for the full reference, see the [Swagger specification](https://github.com/docker/docker/issues/27919)
+
+`swagger.yaml` is validated by `hack/validate/swagger` to ensure it is a valid Swagger definition. This is useful for when you are making edits to ensure you are doing the right thing.
+
+## Viewing the API documentation
+
+When you make edits to `swagger.yaml`, you may want to check the generated API documentation to ensure it renders correctly.
+
+All the documentation generation is done in the documentation repository, [docker/docker.github.io](https://github.com/docker/docker.github.io). The Swagger definition is vendored periodically into this repository, but you can manually copy over the Swagger definition to test changes.
+
+Copy `api/swagger.yaml` in this repository to `engine/api/[VERSION_NUMBER]/swagger.yaml` in the documentation repository, overwriting what is already there. Then, run `docker-compose up` in the documentation repository and browse to [http://localhost:4000/engine/api/](http://localhost:4000/engine/api/) when it finishes rendering.

api/server/httputils/errors.go

@@ -28,7 +28,7 @@ type inputValidationError interface {
 	IsValidationError() bool
 }
 
-// GetHTTPErrorStatusCode retrieve status code from error message
+// GetHTTPErrorStatusCode retrieves status code from error message
 func GetHTTPErrorStatusCode(err error) int {
 	if err == nil {
 		logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling")
@@ -49,20 +49,23 @@ func GetHTTPErrorStatusCode(err error) int {
 		// If we need to differentiate between different possible error types,
 		// we should create appropriate error types that implement the httpStatusError interface.
 		errStr := strings.ToLower(errMsg)
-		for keyword, status := range map[string]int{
-			"not found":             http.StatusNotFound,
-			"no such":               http.StatusNotFound,
-			"bad parameter":         http.StatusBadRequest,
-			"no command":            http.StatusBadRequest,
-			"conflict":              http.StatusConflict,
-			"impossible":            http.StatusNotAcceptable,
-			"wrong login/password":  http.StatusUnauthorized,
-			"unauthorized":          http.StatusUnauthorized,
-			"hasn't been activated": http.StatusForbidden,
-			"this node":             http.StatusNotAcceptable,
+		for _, status := range []struct {
+			keyword string
+			code    int
+		}{
+			{"not found", http.StatusNotFound},
+			{"no such", http.StatusNotFound},
+			{"bad parameter", http.StatusBadRequest},
+			{"no command", http.StatusBadRequest},
+			{"conflict", http.StatusConflict},
+			{"impossible", http.StatusNotAcceptable},
+			{"wrong login/password", http.StatusUnauthorized},
+			{"unauthorized", http.StatusUnauthorized},
+			{"hasn't been activated", http.StatusForbidden},
+			{"this node", http.StatusServiceUnavailable},
 		} {
-			if strings.Contains(errStr, keyword) {
-				statusCode = status
+			if strings.Contains(errStr, status.keyword) {
+				statusCode = status.code
 				break
 			}
 		}

api/server/router/build/build_routes.go

@@ -84,14 +84,28 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 		options.Ulimits = buildUlimits
 	}
 
-	var buildArgs = map[string]string{}
+	var buildArgs = map[string]*string{}
 	buildArgsJSON := r.FormValue("buildargs")
+
+	// Note that there are two ways a --build-arg might appear in the
+	// json of the query param:
+	//     "foo":"bar"
+	// and "foo":nil
+	// The first is the normal case, ie. --build-arg foo=bar
+	// or  --build-arg foo
+	// where foo's value was picked up from an env var.
+	// The second ("foo":nil) is where they put --build-arg foo
+	// but "foo" isn't set as an env var. In that case we can't just drop
+	// the fact they mentioned it, we need to pass that along to the builder
+	// so that it can print a warning about "foo" being unused if there is
+	// no "ARG foo" in the Dockerfile.
 	if buildArgsJSON != "" {
 		if err := json.Unmarshal([]byte(buildArgsJSON), &buildArgs); err != nil {
 			return nil, err
 		}
 		options.BuildArgs = buildArgs
 	}
+
 	var labels = map[string]string{}
 	labelsJSON := r.FormValue("labels")
 	if labelsJSON != "" {

api/server/router/checkpoint/checkpoint.go

@@ -29,8 +29,8 @@ func (r *checkpointRouter) Routes() []router.Route {
 
 func (r *checkpointRouter) initRoutes() {
 	r.routes = []router.Route{
-		router.NewGetRoute("/containers/{name:.*}/checkpoints", r.getContainerCheckpoints),
-		router.NewPostRoute("/containers/{name:.*}/checkpoints", r.postContainerCheckpoint),
-		router.NewDeleteRoute("/containers/{name}/checkpoints/{checkpoint}", r.deleteContainerCheckpoint),
+		router.Experimental(router.NewGetRoute("/containers/{name:.*}/checkpoints", r.getContainerCheckpoints)),
+		router.Experimental(router.NewPostRoute("/containers/{name:.*}/checkpoints", r.postContainerCheckpoint)),
+		router.Experimental(router.NewDeleteRoute("/containers/{name}/checkpoints/{checkpoint}", r.deleteContainerCheckpoint)),
 	}
 }

api/server/router/container/backend.go

@@ -9,6 +9,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/backend"
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/pkg/archive"
 )
 
@@ -32,17 +33,17 @@ type copyBackend interface {
 
 // stateBackend includes functions to implement to provide container state lifecycle functionality.
 type stateBackend interface {
-	ContainerCreate(config types.ContainerCreateConfig, validateHostname bool) (container.ContainerCreateCreatedBody, error)
+	ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
 	ContainerKill(name string, sig uint64) error
 	ContainerPause(name string) error
 	ContainerRename(oldName, newName string) error
 	ContainerResize(name string, height, width int) error
 	ContainerRestart(name string, seconds *int) error
 	ContainerRm(name string, config *types.ContainerRmConfig) error
-	ContainerStart(name string, hostConfig *container.HostConfig, validateHostname bool, checkpoint string, checkpointDir string) error
+	ContainerStart(name string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error
 	ContainerStop(name string, seconds *int) error
 	ContainerUnpause(name string) error
-	ContainerUpdate(name string, hostConfig *container.HostConfig, validateHostname bool) (container.ContainerUpdateOKBody, error)
+	ContainerUpdate(name string, hostConfig *container.HostConfig) (container.ContainerUpdateOKBody, error)
 	ContainerWait(name string, timeout time.Duration) (int, error)
 }
 
@@ -64,7 +65,7 @@ type attachBackend interface {
 
 // systemBackend includes functions to implement to provide system wide containers functionality
 type systemBackend interface {
-	ContainersPrune(config *types.ContainersPruneConfig) (*types.ContainersPruneReport, error)
+	ContainersPrune(pruneFilters filters.Args) (*types.ContainersPruneReport, error)
 }
 
 // Backend is all the methods that need to be implemented to provide container specific functionality.

api/server/router/container/container_routes.go

@@ -156,8 +156,7 @@ func (s *containerRouter) postContainersStart(ctx context.Context, w http.Respon
 
 	checkpoint := r.Form.Get("checkpoint")
 	checkpointDir := r.Form.Get("checkpoint-dir")
-	validateHostname := versions.GreaterThanOrEqualTo(version, "1.24")
-	if err := s.backend.ContainerStart(vars["name"], hostConfig, validateHostname, checkpoint, checkpointDir); err != nil {
+	if err := s.backend.ContainerStart(vars["name"], hostConfig, checkpoint, checkpointDir); err != nil {
 		return err
 	}
 
@@ -332,7 +331,6 @@ func (s *containerRouter) postContainerUpdate(ctx context.Context, w http.Respon
 		return err
 	}
 
-	version := httputils.VersionFromContext(ctx)
 	var updateConfig container.UpdateConfig
 
 	decoder := json.NewDecoder(r.Body)
@@ -346,8 +344,7 @@ func (s *containerRouter) postContainerUpdate(ctx context.Context, w http.Respon
 	}
 
 	name := vars["name"]
-	validateHostname := versions.GreaterThanOrEqualTo(version, "1.24")
-	resp, err := s.backend.ContainerUpdate(name, hostConfig, validateHostname)
+	resp, err := s.backend.ContainerUpdate(name, hostConfig)
 	if err != nil {
 		return err
 	}
@@ -372,14 +369,13 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 	version := httputils.VersionFromContext(ctx)
 	adjustCPUShares := versions.LessThan(version, "1.19")
 
-	validateHostname := versions.GreaterThanOrEqualTo(version, "1.24")
 	ccr, err := s.backend.ContainerCreate(types.ContainerCreateConfig{
 		Name:             name,
 		Config:           config,
 		HostConfig:       hostConfig,
 		NetworkingConfig: networkingConfig,
 		AdjustCPUShares:  adjustCPUShares,
-	}, validateHostname)
+	})
 	if err != nil {
 		return err
 	}
@@ -545,16 +541,12 @@ func (s *containerRouter) postContainersPrune(ctx context.Context, w http.Respon
 		return err
 	}
 
-	if err := httputils.CheckForJSON(r); err != nil {
+	pruneFilters, err := filters.FromParam(r.Form.Get("filters"))
+	if err != nil {
 		return err
 	}
 
-	var cfg types.ContainersPruneConfig
-	if err := json.NewDecoder(r.Body).Decode(&cfg); err != nil {
-		return err
-	}
-
-	pruneReport, err := s.backend.ContainersPrune(&cfg)
+	pruneReport, err := s.backend.ContainersPrune(pruneFilters)
 	if err != nil {
 		return err
 	}

api/server/router/container/exec.go

@@ -92,11 +92,17 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res
 		defer httputils.CloseStreams(inStream, outStream)
 
 		if _, ok := r.Header["Upgrade"]; ok {
-			fmt.Fprintf(outStream, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n")
+			fmt.Fprint(outStream, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n")
 		} else {
-			fmt.Fprintf(outStream, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
+			fmt.Fprint(outStream, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n")
 		}
 
+		// copy headers that were removed as part of hijack
+		if err := w.Header().WriteSubset(outStream, nil); err != nil {
+			return err
+		}
+		fmt.Fprint(outStream, "\r\n")
+
 		stdin = inStream
 		stdout = outStream
 		if !execStartCheck.Tty {

api/server/router/experimental.go

@@ -0,0 +1,67 @@
+package router
+
+import (
+	"errors"
+	"net/http"
+
+	"golang.org/x/net/context"
+
+	apierrors "github.com/docker/docker/api/errors"
+	"github.com/docker/docker/api/server/httputils"
+)
+
+var (
+	errExperimentalFeature = errors.New("This experimental feature is disabled by default. Start the Docker daemon with --experimental in order to enable it.")
+)
+
+// ExperimentalRoute defines an experimental API route that can be enabled or disabled.
+type ExperimentalRoute interface {
+	Route
+
+	Enable()
+	Disable()
+}
+
+// experimentalRoute defines an experimental API route that can be enabled or disabled.
+// It implements ExperimentalRoute
+type experimentalRoute struct {
+	local   Route
+	handler httputils.APIFunc
+}
+
+// Enable enables this experimental route
+func (r *experimentalRoute) Enable() {
+	r.handler = r.local.Handler()
+}
+
+// Disable disables the experimental route
+func (r *experimentalRoute) Disable() {
+	r.handler = experimentalHandler
+}
+
+func experimentalHandler(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	return apierrors.NewErrorWithStatusCode(errExperimentalFeature, http.StatusNotImplemented)
+}
+
+// Handler returns returns the APIFunc to let the server wrap it in middlewares.
+func (r *experimentalRoute) Handler() httputils.APIFunc {
+	return r.handler
+}
+
+// Method returns the http method that the route responds to.
+func (r *experimentalRoute) Method() string {
+	return r.local.Method()
+}
+
+// Path returns the subpath where the route responds to.
+func (r *experimentalRoute) Path() string {
+	return r.local.Path()
+}
+
+// Experimental will mark a route as experimental.
+func Experimental(r Route) Route {
+	return &experimentalRoute{
+		local:   r,
+		handler: experimentalHandler,
+	}
+}

api/server/router/image/backend.go

@@ -29,7 +29,7 @@ type imageBackend interface {
 	Images(imageFilters filters.Args, all bool, withExtraAttrs bool) ([]*types.ImageSummary, error)
 	LookupImage(name string) (*types.ImageInspect, error)
 	TagImage(imageName, repository, tag string) error
-	ImagesPrune(config *types.ImagesPruneConfig) (*types.ImagesPruneReport, error)
+	ImagesPrune(pruneFilters filters.Args) (*types.ImagesPruneReport, error)
 }
 
 type importExportBackend interface {

api/server/router/image/image_routes.go

@@ -331,16 +331,12 @@ func (s *imageRouter) postImagesPrune(ctx context.Context, w http.ResponseWriter
 		return err
 	}
 
-	if err := httputils.CheckForJSON(r); err != nil {
+	pruneFilters, err := filters.FromParam(r.Form.Get("filters"))
+	if err != nil {
 		return err
 	}
 
-	var cfg types.ImagesPruneConfig
-	if err := json.NewDecoder(r.Body).Decode(&cfg); err != nil {
-		return err
-	}
-
-	pruneReport, err := s.backend.ImagesPrune(&cfg)
+	pruneReport, err := s.backend.ImagesPrune(pruneFilters)
 	if err != nil {
 		return err
 	}

api/server/router/network/backend.go

@@ -2,6 +2,7 @@ package network
 
 import (
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/libnetwork"
 )
@@ -17,5 +18,5 @@ type Backend interface {
 	ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error
 	DisconnectContainerFromNetwork(containerName string, networkName string, force bool) error
 	DeleteNetwork(name string) error
-	NetworksPrune(config *types.NetworksPruneConfig) (*types.NetworksPruneReport, error)
+	NetworksPrune(pruneFilters filters.Args) (*types.NetworksPruneReport, error)
 }

api/server/router/network/network_routes.go

@@ -80,7 +80,7 @@ func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWr
 		return err
 	}
 
-	if _, err := n.clusterProvider.GetNetwork(create.Name); err == nil {
+	if nws, err := n.clusterProvider.GetNetworksByName(create.Name); err == nil && len(nws) > 0 {
 		return libnetwork.NetworkNameError(create.Name)
 	}
 
@@ -172,10 +172,10 @@ func (n *networkRouter) buildNetworkResource(nw libnetwork.Network) *types.Netwo
 	r.Driver = nw.Type()
 	r.EnableIPv6 = info.IPv6Enabled()
 	r.Internal = info.Internal()
+	r.Attachable = info.Attachable()
 	r.Options = info.DriverOptions()
 	r.Containers = make(map[string]types.EndpointResource)
 	buildIpamResources(r, info)
-	r.Internal = info.Internal()
 	r.Labels = info.Labels()
 
 	peers := info.Peers()
@@ -259,6 +259,9 @@ func buildIpamResources(r *types.NetworkResource, nwInfo libnetwork.NetworkInfo)
 
 	if !hasIpv6Conf {
 		for _, ip6Info := range ipv6Info {
+			if ip6Info.IPAMData.Pool == nil {
+				continue
+			}
 			iData := network.IPAMConfig{}
 			iData.Subnet = ip6Info.IPAMData.Pool.String()
 			iData.Gateway = ip6Info.IPAMData.Gateway.String()
@@ -297,16 +300,7 @@ func (n *networkRouter) postNetworksPrune(ctx context.Context, w http.ResponseWr
 		return err
 	}
 
-	if err := httputils.CheckForJSON(r); err != nil {
-		return err
-	}
-
-	var cfg types.NetworksPruneConfig
-	if err := json.NewDecoder(r.Body).Decode(&cfg); err != nil {
-		return err
-	}
-
-	pruneReport, err := n.backend.NetworksPrune(&cfg)
+	pruneReport, err := n.backend.NetworksPrune(filters.Args{})
 	if err != nil {
 		return err
 	}

api/server/router/plugin/backend.go

@@ -5,18 +5,20 @@ import (
 	"net/http"
 
 	enginetypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/reference"
 	"golang.org/x/net/context"
 )
 
 // Backend for Plugin
 type Backend interface {
-	Disable(name string) error
-	Enable(name string) error
+	Disable(name string, config *enginetypes.PluginDisableConfig) error
+	Enable(name string, config *enginetypes.PluginEnableConfig) error
 	List() ([]enginetypes.Plugin, error)
-	Inspect(name string) (enginetypes.Plugin, error)
+	Inspect(name string) (*enginetypes.Plugin, error)
 	Remove(name string, config *enginetypes.PluginRmConfig) error
 	Set(name string, args []string) error
-	Pull(name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig) (enginetypes.PluginPrivileges, error)
-	Push(name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig) error
-	CreateFromContext(ctx context.Context, tarCtx io.Reader, options *enginetypes.PluginCreateOptions) error
+	Privileges(ctx context.Context, ref reference.Named, metaHeaders http.Header, authConfig *enginetypes.AuthConfig) (enginetypes.PluginPrivileges, error)
+	Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer) error
+	Push(ctx context.Context, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, outStream io.Writer) error
+	CreateFromContext(ctx context.Context, tarCtx io.ReadCloser, options *enginetypes.PluginCreateOptions) error
 }

api/server/router/plugin/plugin.go

@@ -25,12 +25,13 @@ func (r *pluginRouter) Routes() []router.Route {
 func (r *pluginRouter) initRoutes() {
 	r.routes = []router.Route{
 		router.NewGetRoute("/plugins", r.listPlugins),
-		router.NewGetRoute("/plugins/{name:.*}", r.inspectPlugin),
+		router.NewGetRoute("/plugins/{name:.*}/json", r.inspectPlugin),
+		router.NewGetRoute("/plugins/privileges", r.getPrivileges),
 		router.NewDeleteRoute("/plugins/{name:.*}", r.removePlugin),
 		router.NewPostRoute("/plugins/{name:.*}/enable", r.enablePlugin), // PATCH?
 		router.NewPostRoute("/plugins/{name:.*}/disable", r.disablePlugin),
-		router.NewPostRoute("/plugins/pull", r.pullPlugin),
-		router.NewPostRoute("/plugins/{name:.*}/push", r.pushPlugin),
+		router.Cancellable(router.NewPostRoute("/plugins/pull", r.pullPlugin)),
+		router.Cancellable(router.NewPostRoute("/plugins/{name:.*}/push", r.pushPlugin)),
 		router.NewPostRoute("/plugins/{name:.*}/set", r.setPlugin),
 		router.NewPostRoute("/plugins/create", r.createPlugin),
 	}

api/server/router/plugin/plugin_routes.go

@@ -4,27 +4,30 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"net/http"
+	"strconv"
 	"strings"
 
+	distreference "github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/reference"
+	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 )
 
-func (pr *pluginRouter) pullPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	if err := httputils.ParseForm(r); err != nil {
-		return err
-	}
+func parseHeaders(headers http.Header) (map[string][]string, *types.AuthConfig) {
 
 	metaHeaders := map[string][]string{}
-	for k, v := range r.Header {
+	for k, v := range headers {
 		if strings.HasPrefix(k, "X-Meta-") {
 			metaHeaders[k] = v
 		}
 	}
 
 	// Get X-Registry-Auth
-	authEncoded := r.Header.Get("X-Registry-Auth")
+	authEncoded := headers.Get("X-Registry-Auth")
 	authConfig := &types.AuthConfig{}
 	if authEncoded != "" {
 		authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
@@ -33,13 +36,135 @@ func (pr *pluginRouter) pullPlugin(ctx context.Context, w http.ResponseWriter, r
 		}
 	}
 
-	privileges, err := pr.backend.Pull(r.FormValue("name"), metaHeaders, authConfig)
+	return metaHeaders, authConfig
+}
+
+// parseRemoteRef parses the remote reference into a reference.Named
+// returning the tag associated with the reference. In the case the
+// given reference string includes both digest and tag, the returned
+// reference will have the digest without the tag, but the tag will
+// be returned.
+func parseRemoteRef(remote string) (reference.Named, string, error) {
+	// Parse remote reference, supporting remotes with name and tag
+	// NOTE: Using distribution reference to handle references
+	// containing both a name and digest
+	remoteRef, err := distreference.ParseNamed(remote)
+	if err != nil {
+		return nil, "", err
+	}
+
+	var tag string
+	if t, ok := remoteRef.(distreference.Tagged); ok {
+		tag = t.Tag()
+	}
+
+	// Convert distribution reference to docker reference
+	// TODO: remove when docker reference changes reconciled upstream
+	ref, err := reference.WithName(remoteRef.Name())
+	if err != nil {
+		return nil, "", err
+	}
+	if d, ok := remoteRef.(distreference.Digested); ok {
+		ref, err = reference.WithDigest(ref, d.Digest())
+		if err != nil {
+			return nil, "", err
+		}
+	} else if tag != "" {
+		ref, err = reference.WithTag(ref, tag)
+		if err != nil {
+			return nil, "", err
+		}
+	} else {
+		ref = reference.WithDefaultTag(ref)
+	}
+
+	return ref, tag, nil
+}
+
+func (pr *pluginRouter) getPrivileges(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	metaHeaders, authConfig := parseHeaders(r.Header)
+
+	ref, _, err := parseRemoteRef(r.FormValue("remote"))
+	if err != nil {
+		return err
+	}
+
+	privileges, err := pr.backend.Privileges(ctx, ref, metaHeaders, authConfig)
 	if err != nil {
 		return err
 	}
 	return httputils.WriteJSON(w, http.StatusOK, privileges)
 }
 
+func (pr *pluginRouter) pullPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := httputils.ParseForm(r); err != nil {
+		return errors.Wrap(err, "failed to parse form")
+	}
+
+	var privileges types.PluginPrivileges
+	dec := json.NewDecoder(r.Body)
+	if err := dec.Decode(&privileges); err != nil {
+		return errors.Wrap(err, "failed to parse privileges")
+	}
+	if dec.More() {
+		return errors.New("invalid privileges")
+	}
+
+	metaHeaders, authConfig := parseHeaders(r.Header)
+
+	ref, tag, err := parseRemoteRef(r.FormValue("remote"))
+	if err != nil {
+		return err
+	}
+
+	name := r.FormValue("name")
+	if name == "" {
+		if _, ok := ref.(reference.Canonical); ok {
+			trimmed := reference.TrimNamed(ref)
+			if tag != "" {
+				nt, err := reference.WithTag(trimmed, tag)
+				if err != nil {
+					return err
+				}
+				name = nt.String()
+			} else {
+				name = reference.WithDefaultTag(trimmed).String()
+			}
+		} else {
+			name = ref.String()
+		}
+	} else {
+		localRef, err := reference.ParseNamed(name)
+		if err != nil {
+			return err
+		}
+		if _, ok := localRef.(reference.Canonical); ok {
+			return errors.New("cannot use digest in plugin tag")
+		}
+		if distreference.IsNameOnly(localRef) {
+			// TODO: log change in name to out stream
+			name = reference.WithDefaultTag(localRef).String()
+		}
+	}
+	w.Header().Set("Docker-Plugin-Name", name)
+
+	w.Header().Set("Content-Type", "application/json")
+	output := ioutils.NewWriteFlusher(w)
+
+	if err := pr.backend.Pull(ctx, ref, name, metaHeaders, authConfig, privileges, output); err != nil {
+		if !output.Flushed() {
+			return err
+		}
+		output.Write(streamformatter.NewJSONStreamFormatter().FormatError(err))
+	}
+
+	return nil
+}
+
 func (pr *pluginRouter) createPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
 		return err
@@ -51,16 +176,37 @@ func (pr *pluginRouter) createPlugin(ctx context.Context, w http.ResponseWriter,
 	if err := pr.backend.CreateFromContext(ctx, r.Body, options); err != nil {
 		return err
 	}
+	//TODO: send progress bar
 	w.WriteHeader(http.StatusNoContent)
 	return nil
 }
 
 func (pr *pluginRouter) enablePlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	return pr.backend.Enable(vars["name"])
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	name := vars["name"]
+	timeout, err := strconv.Atoi(r.Form.Get("timeout"))
+	if err != nil {
+		return err
+	}
+	config := &types.PluginEnableConfig{Timeout: timeout}
+
+	return pr.backend.Enable(name, config)
 }
 
 func (pr *pluginRouter) disablePlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	return pr.backend.Disable(vars["name"])
+	if err := httputils.ParseForm(r); err != nil {
+		return err
+	}
+
+	name := vars["name"]
+	config := &types.PluginDisableConfig{
+		ForceDisable: httputils.BoolValue(r, "force"),
+	}
+
+	return pr.backend.Disable(name, config)
 }
 
 func (pr *pluginRouter) removePlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -77,26 +223,21 @@ func (pr *pluginRouter) removePlugin(ctx context.Context, w http.ResponseWriter,
 
 func (pr *pluginRouter) pushPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := httputils.ParseForm(r); err != nil {
-		return err
+		return errors.Wrap(err, "failed to parse form")
 	}
 
-	metaHeaders := map[string][]string{}
-	for k, v := range r.Header {
-		if strings.HasPrefix(k, "X-Meta-") {
-			metaHeaders[k] = v
-		}
-	}
+	metaHeaders, authConfig := parseHeaders(r.Header)
 
-	// Get X-Registry-Auth
-	authEncoded := r.Header.Get("X-Registry-Auth")
-	authConfig := &types.AuthConfig{}
-	if authEncoded != "" {
-		authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
-		if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {
-			authConfig = &types.AuthConfig{}
+	w.Header().Set("Content-Type", "application/json")
+	output := ioutils.NewWriteFlusher(w)
+
+	if err := pr.backend.Push(ctx, vars["name"], metaHeaders, authConfig, output); err != nil {
+		if !output.Flushed() {
+			return err
 		}
+		output.Write(streamformatter.NewJSONStreamFormatter().FormatError(err))
 	}
-	return pr.backend.Push(vars["name"], metaHeaders, authConfig)
+	return nil
 }
 
 func (pr *pluginRouter) setPlugin(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {

api/server/router/swarm/backend.go

@@ -18,8 +18,8 @@ type Backend interface {
 	UnlockSwarm(req types.UnlockRequest) error
 	GetServices(basictypes.ServiceListOptions) ([]types.Service, error)
 	GetService(string) (types.Service, error)
-	CreateService(types.ServiceSpec, string) (string, error)
-	UpdateService(string, uint64, types.ServiceSpec, string, string) error
+	CreateService(types.ServiceSpec, string) (*basictypes.ServiceCreateResponse, error)
+	UpdateService(string, uint64, types.ServiceSpec, string, string) (*basictypes.ServiceUpdateResponse, error)
 	RemoveService(string) error
 	ServiceLogs(context.Context, string, *backend.ContainerLogsConfig, chan struct{}) error
 	GetNodes(basictypes.NodeListOptions) ([]types.Node, error)

api/server/router/swarm/cluster.go

@@ -1,9 +1,6 @@
 package swarm
 
-import (
-	"github.com/docker/docker/api/server/router"
-	"github.com/docker/docker/daemon"
-)
+import "github.com/docker/docker/api/server/router"
 
 // swarmRouter is a router to talk with the build controller
 type swarmRouter struct {
@@ -12,14 +9,11 @@ type swarmRouter struct {
 }
 
 // NewRouter initializes a new build router
-func NewRouter(d *daemon.Daemon, b Backend) router.Router {
+func NewRouter(b Backend) router.Router {
 	r := &swarmRouter{
 		backend: b,
 	}
 	r.initRoutes()
-	if d.HasExperimental() {
-		r.addExperimentalRoutes()
-	}
 	return r
 }
 
@@ -28,12 +22,6 @@ func (sr *swarmRouter) Routes() []router.Route {
 	return sr.routes
 }
 
-func (sr *swarmRouter) addExperimentalRoutes() {
-	sr.routes = append(sr.routes,
-		router.Cancellable(router.NewGetRoute("/services/{id}/logs", sr.getServiceLogs)),
-	)
-}
-
 func (sr *swarmRouter) initRoutes() {
 	sr.routes = []router.Route{
 		router.NewPostRoute("/swarm/init", sr.initCluster),
@@ -48,6 +36,7 @@ func (sr *swarmRouter) initRoutes() {
 		router.NewPostRoute("/services/create", sr.createService),
 		router.NewPostRoute("/services/{id}/update", sr.updateService),
 		router.NewDeleteRoute("/services/{id}", sr.removeService),
+		router.Experimental(router.Cancellable(router.NewGetRoute("/services/{id}/logs", sr.getServiceLogs))),
 		router.NewGetRoute("/nodes", sr.getNodes),
 		router.NewGetRoute("/nodes/{id}", sr.getNode),
 		router.NewDeleteRoute("/nodes/{id}", sr.removeNode),
@@ -55,7 +44,7 @@ func (sr *swarmRouter) initRoutes() {
 		router.NewGetRoute("/tasks", sr.getTasks),
 		router.NewGetRoute("/tasks/{id}", sr.getTask),
 		router.NewGetRoute("/secrets", sr.getSecrets),
-		router.NewPostRoute("/secrets", sr.createSecret),
+		router.NewPostRoute("/secrets/create", sr.createSecret),
 		router.NewDeleteRoute("/secrets/{id}", sr.removeSecret),
 		router.NewGetRoute("/secrets/{id}", sr.getSecret),
 		router.NewPostRoute("/secrets/{id}/update", sr.updateSecret),

api/server/router/swarm/cluster_routes.go

@@ -166,15 +166,13 @@ func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter,
 	// Get returns "" if the header does not exist
 	encodedAuth := r.Header.Get("X-Registry-Auth")
 
-	id, err := sr.backend.CreateService(service, encodedAuth)
+	resp, err := sr.backend.CreateService(service, encodedAuth)
 	if err != nil {
 		logrus.Errorf("Error creating service %s: %v", service.Name, err)
 		return err
 	}
 
-	return httputils.WriteJSON(w, http.StatusCreated, &basictypes.ServiceCreateResponse{
-		ID: id,
-	})
+	return httputils.WriteJSON(w, http.StatusCreated, resp)
 }
 
 func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -194,11 +192,12 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter,
 
 	registryAuthFrom := r.URL.Query().Get("registryAuthFrom")
 
-	if err := sr.backend.UpdateService(vars["id"], version, service, encodedAuth, registryAuthFrom); err != nil {
+	resp, err := sr.backend.UpdateService(vars["id"], version, service, encodedAuth, registryAuthFrom)
+	if err != nil {
 		logrus.Errorf("Error updating service %s: %v", vars["id"], err)
 		return err
 	}
-	return nil
+	return httputils.WriteJSON(w, http.StatusOK, resp)
 }
 
 func (sr *swarmRouter) removeService(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -238,10 +237,6 @@ func (sr *swarmRouter) getServiceLogs(ctx context.Context, w http.ResponseWriter
 		OutStream: w,
 	}
 
-	if !logsConfig.Follow {
-		return fmt.Errorf("Bad parameters: Only follow mode is currently supported")
-	}
-
 	if logsConfig.Details {
 		return fmt.Errorf("Bad parameters: details is not currently supported")
 	}
@@ -388,6 +383,7 @@ func (sr *swarmRouter) removeSecret(ctx context.Context, w http.ResponseWriter,
 	if err := sr.backend.RemoveSecret(vars["id"]); err != nil {
 		return err
 	}
+	w.WriteHeader(http.StatusNoContent)
 
 	return nil
 }

api/server/router/system/system_routes.go

@@ -16,7 +16,6 @@ import (
 	"github.com/docker/docker/api/types/registry"
 	timetypes "github.com/docker/docker/api/types/time"
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/api/types/versions/v1p24"
 	"github.com/docker/docker/pkg/ioutils"
 	"golang.org/x/net/context"
 )
@@ -42,16 +41,24 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht
 
 	if versions.LessThan(httputils.VersionFromContext(ctx), "1.25") {
 		// TODO: handle this conversion in engine-api
-		oldInfo := &v1p24.Info{
-			InfoBase:        info.InfoBase,
+		type oldInfo struct {
+			*types.Info
+			ExecutionDriver string
+		}
+		old := &oldInfo{
+			Info:            info,
 			ExecutionDriver: "<not supported>",
 		}
-		for _, s := range info.SecurityOptions {
-			if s.Key == "Name" {
-				oldInfo.SecurityOptions = append(oldInfo.SecurityOptions, s.Value)
-			}
+		nameOnlySecurityOptions := []string{}
+		kvSecOpts, err := types.DecodeSecurityOptions(old.SecurityOptions)
+		if err != nil {
+			return err
 		}
-		return httputils.WriteJSON(w, http.StatusOK, oldInfo)
+		for _, s := range kvSecOpts {
+			nameOnlySecurityOptions = append(nameOnlySecurityOptions, s.Name)
+		}
+		old.SecurityOptions = nameOnlySecurityOptions
+		return httputils.WriteJSON(w, http.StatusOK, old)
 	}
 	return httputils.WriteJSON(w, http.StatusOK, info)
 }

api/server/router/volume/backend.go

@@ -3,6 +3,7 @@ package volume
 import (
 	// TODO return types need to be refactored into pkg
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
 )
 
 // Backend is the methods that need to be implemented to provide
@@ -12,5 +13,5 @@ type Backend interface {
 	VolumeInspect(name string) (*types.Volume, error)
 	VolumeCreate(name, driverName string, opts, labels map[string]string) (*types.Volume, error)
 	VolumeRm(name string, force bool) error
-	VolumesPrune(config *types.VolumesPruneConfig) (*types.VolumesPruneReport, error)
+	VolumesPrune(pruneFilters filters.Args) (*types.VolumesPruneReport, error)
 }

api/server/router/volume/volume_routes.go

@@ -5,7 +5,7 @@ import (
 	"net/http"
 
 	"github.com/docker/docker/api/server/httputils"
-	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
 	volumetypes "github.com/docker/docker/api/types/volume"
 	"golang.org/x/net/context"
 )
@@ -72,16 +72,7 @@ func (v *volumeRouter) postVolumesPrune(ctx context.Context, w http.ResponseWrit
 		return err
 	}
 
-	if err := httputils.CheckForJSON(r); err != nil {
-		return err
-	}
-
-	var cfg types.VolumesPruneConfig
-	if err := json.NewDecoder(r.Body).Decode(&cfg); err != nil {
-		return err
-	}
-
-	pruneReport, err := v.backend.VolumesPrune(&cfg)
+	pruneReport, err := v.backend.VolumesPrune(filters.Args{})
 	if err != nil {
 		return err
 	}

api/server/server.go

@@ -102,7 +102,7 @@ func (s *Server) serveAPI() error {
 }
 
 // HTTPServer contains an instance of http server and the listener.
-// srv *http.Server, contains configuration to create a http server and a mux router with all api end points.
+// srv *http.Server, contains configuration to create an http server and a mux router with all api end points.
 // l   net.Listener, is a TCP or Socket listener that dispatches incoming request to the router.
 type HTTPServer struct {
 	srv *http.Server

api/types/client.go

@@ -160,10 +160,13 @@ type ImageBuildOptions struct {
 	ShmSize        int64
 	Dockerfile     string
 	Ulimits        []*units.Ulimit
-	BuildArgs      map[string]string
-	AuthConfigs    map[string]AuthConfig
-	Context        io.Reader
-	Labels         map[string]string
+	// See the parsing of buildArgs in api/server/router/build/build_routes.go
+	// for an explaination of why BuildArgs needs to use *string instead of
+	// just a string
+	BuildArgs   map[string]*string
+	AuthConfigs map[string]AuthConfig
+	Context     io.Reader
+	Labels      map[string]string
 	// squash the resulting image's layers to the parent
 	// preserves the original image and creates a new one from the parent with all
 	// the changes applied to a single layer
@@ -285,10 +288,12 @@ type ServiceCreateOptions struct {
 }
 
 // ServiceCreateResponse contains the information returned to a client
-// on the  creation of a new service.
+// on the creation of a new service.
 type ServiceCreateResponse struct {
 	// ID is the ID of the created service.
 	ID string
+	// Warnings is a set of non-fatal warning messages to pass on to the user.
+	Warnings []string `json:",omitempty"`
 }
 
 // Values for RegistryAuthFrom in ServiceUpdateOptions
@@ -330,11 +335,22 @@ type PluginRemoveOptions struct {
 	Force bool
 }
 
+// PluginEnableOptions holds parameters to enable plugins.
+type PluginEnableOptions struct {
+	Timeout int
+}
+
+// PluginDisableOptions holds parameters to disable plugins.
+type PluginDisableOptions struct {
+	Force bool
+}
+
 // PluginInstallOptions holds parameters to install a plugin.
 type PluginInstallOptions struct {
 	Disabled              bool
 	AcceptAllPermissions  bool
 	RegistryAuth          string // RegistryAuth is the base64 encoded credentials for the registry
+	RemoteRef             string // RemoteRef is the plugin name on the registry
 	PrivilegeFunc         RequestPrivilegeFunc
 	AcceptPermissionsFunc func(PluginPrivileges) (bool, error)
 	Args                  []string
@@ -349,7 +365,7 @@ type SecretRequestOption struct {
 	Mode   os.FileMode
 }
 
-// SwarmUnlockKeyResponse contains the response for Remote API:
+// SwarmUnlockKeyResponse contains the response for Engine API:
 // GET /swarm/unlockkey
 type SwarmUnlockKeyResponse struct {
 	// UnlockKey is the unlock key in ASCII-armored format.

api/types/configs.go

@@ -53,9 +53,17 @@ type ExecConfig struct {
 	Cmd          []string // Execution commands and args
 }
 
-// PluginRmConfig holds arguments for the plugin remove
-// operation. This struct is used to tell the backend what operations
-// to perform.
+// PluginRmConfig holds arguments for plugin remove.
 type PluginRmConfig struct {
 	ForceRemove bool
 }
+
+// PluginEnableConfig holds arguments for plugin enable
+type PluginEnableConfig struct {
+	Timeout int
+}
+
+// PluginDisableConfig holds arguments for plugin disable.
+type PluginDisableConfig struct {
+	ForceDisable bool
+}

api/types/container/config.go

@@ -34,29 +34,29 @@ type HealthConfig struct {
 // All fields added to this struct must be marked `omitempty` to keep getting
 // predictable hashes from the old `v1Compatibility` configuration.
 type Config struct {
-	Hostname        string                // Hostname
-	Domainname      string                // Domainname
-	User            string                // User that will run the command(s) inside the container, also support user:group
-	AttachStdin     bool                  // Attach the standard input, makes possible user interaction
-	AttachStdout    bool                  // Attach the standard output
-	AttachStderr    bool                  // Attach the standard error
-	ExposedPorts    map[nat.Port]struct{} `json:",omitempty"` // List of exposed ports
-	Tty             bool                  // Attach standard streams to a tty, including stdin if it is not closed.
-	OpenStdin       bool                  // Open stdin
-	StdinOnce       bool                  // If true, close stdin after the 1 attached client disconnects.
-	Env             []string              // List of environment variable to set in the container
-	Cmd             strslice.StrSlice     // Command to run when starting the container
-	Healthcheck     *HealthConfig         `json:",omitempty"` // Healthcheck describes how to check the container is healthy
-	ArgsEscaped     bool                  `json:",omitempty"` // True if command is already escaped (Windows specific)
-	Image           string                // Name of the image as it was passed by the operator (e.g. could be symbolic)
-	Volumes         map[string]struct{}   // List of volumes (mounts) used for the container
-	WorkingDir      string                // Current directory (PWD) in the command will be launched
-	Entrypoint      strslice.StrSlice     // Entrypoint to run when starting the container
-	NetworkDisabled bool                  `json:",omitempty"` // Is network disabled
-	MacAddress      string                `json:",omitempty"` // Mac Address of the container
-	OnBuild         []string              // ONBUILD metadata that were defined on the image Dockerfile
-	Labels          map[string]string     // List of labels set to this container
-	StopSignal      string                `json:",omitempty"` // Signal to stop a container
-	StopTimeout     *int                  `json:",omitempty"` // Timeout (in seconds) to stop a container
-	Shell           strslice.StrSlice     `json:",omitempty"` // Shell for shell-form of RUN, CMD, ENTRYPOINT
+	Hostname        string              // Hostname
+	Domainname      string              // Domainname
+	User            string              // User that will run the command(s) inside the container, also support user:group
+	AttachStdin     bool                // Attach the standard input, makes possible user interaction
+	AttachStdout    bool                // Attach the standard output
+	AttachStderr    bool                // Attach the standard error
+	ExposedPorts    nat.PortSet         `json:",omitempty"` // List of exposed ports
+	Tty             bool                // Attach standard streams to a tty, including stdin if it is not closed.
+	OpenStdin       bool                // Open stdin
+	StdinOnce       bool                // If true, close stdin after the 1 attached client disconnects.
+	Env             []string            // List of environment variable to set in the container
+	Cmd             strslice.StrSlice   // Command to run when starting the container
+	Healthcheck     *HealthConfig       `json:",omitempty"` // Healthcheck describes how to check the container is healthy
+	ArgsEscaped     bool                `json:",omitempty"` // True if command is already escaped (Windows specific)
+	Image           string              // Name of the image as it was passed by the operator (e.g. could be symbolic)
+	Volumes         map[string]struct{} // List of volumes (mounts) used for the container
+	WorkingDir      string              // Current directory (PWD) in the command will be launched
+	Entrypoint      strslice.StrSlice   // Entrypoint to run when starting the container
+	NetworkDisabled bool                `json:",omitempty"` // Is network disabled
+	MacAddress      string              `json:",omitempty"` // Mac Address of the container
+	OnBuild         []string            // ONBUILD metadata that were defined on the image Dockerfile
+	Labels          map[string]string   // List of labels set to this container
+	StopSignal      string              `json:",omitempty"` // Signal to stop a container
+	StopTimeout     *int                `json:",omitempty"` // Timeout (in seconds) to stop a container
+	Shell           strslice.StrSlice   `json:",omitempty"` // Shell for shell-form of RUN, CMD, ENTRYPOINT
 }

api/types/container/secret.go

@@ -1,14 +0,0 @@
-package container
-
-import "os"
-
-// ContainerSecret represents a secret in a container.  This gets realized
-// in the container tmpfs
-type ContainerSecret struct {
-	Name   string
-	Target string
-	Data   []byte
-	UID    string
-	GID    string
-	Mode   os.FileMode
-}

api/types/filters/parse.go

@@ -144,6 +144,9 @@ func (filters Args) Add(name, value string) {
 func (filters Args) Del(name, value string) {
 	if _, ok := filters.fields[name]; ok {
 		delete(filters.fields[name], value)
+		if len(filters.fields[name]) == 0 {
+			delete(filters.fields, name)
+		}
 	}
 }
 

api/types/plugin.go

@@ -3,7 +3,7 @@ package types
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 
-// Plugin A plugin for the Remote API
+// Plugin A plugin for the Engine API
 // swagger:model Plugin
 type Plugin struct {
 
@@ -25,10 +25,6 @@ type Plugin struct {
 	// settings
 	// Required: true
 	Settings PluginSettings `json:"Settings"`
-
-	// tag
-	// Required: true
-	Tag string `json:"Tag"`
 }
 
 // PluginConfig The config of a plugin.
@@ -39,18 +35,10 @@ type PluginConfig struct {
 	// Required: true
 	Args PluginConfigArgs `json:"Args"`
 
-	// capabilities
-	// Required: true
-	Capabilities []string `json:"Capabilities"`
-
 	// description
 	// Required: true
 	Description string `json:"Description"`
 
-	// devices
-	// Required: true
-	Devices []PluginDevice `json:"Devices"`
-
 	// documentation
 	// Required: true
 	Documentation string `json:"Documentation"`
@@ -67,6 +55,10 @@ type PluginConfig struct {
 	// Required: true
 	Interface PluginConfigInterface `json:"Interface"`
 
+	// linux
+	// Required: true
+	Linux PluginConfigLinux `json:"Linux"`
+
 	// mounts
 	// Required: true
 	Mounts []PluginMount `json:"Mounts"`
@@ -75,12 +67,19 @@ type PluginConfig struct {
 	// Required: true
 	Network PluginConfigNetwork `json:"Network"`
 
+	// propagated mount
+	// Required: true
+	PropagatedMount string `json:"PropagatedMount"`
+
 	// user
 	User PluginConfigUser `json:"User,omitempty"`
 
-	// workdir
+	// work dir
 	// Required: true
-	Workdir string `json:"Workdir"`
+	WorkDir string `json:"WorkDir"`
+
+	// rootfs
+	Rootfs *PluginConfigRootfs `json:"rootfs,omitempty"`
 }
 
 // PluginConfigArgs plugin config args
@@ -117,6 +116,23 @@ type PluginConfigInterface struct {
 	Types []PluginInterfaceType `json:"Types"`
 }
 
+// PluginConfigLinux plugin config linux
+// swagger:model PluginConfigLinux
+type PluginConfigLinux struct {
+
+	// capabilities
+	// Required: true
+	Capabilities []string `json:"Capabilities"`
+
+	// device creation
+	// Required: true
+	DeviceCreation bool `json:"DeviceCreation"`
+
+	// devices
+	// Required: true
+	Devices []PluginDevice `json:"Devices"`
+}
+
 // PluginConfigNetwork plugin config network
 // swagger:model PluginConfigNetwork
 type PluginConfigNetwork struct {
@@ -126,6 +142,17 @@ type PluginConfigNetwork struct {
 	Type string `json:"Type"`
 }
 
+// PluginConfigRootfs plugin config rootfs
+// swagger:model PluginConfigRootfs
+type PluginConfigRootfs struct {
+
+	// diff ids
+	DiffIds []string `json:"diff_ids"`
+
+	// type
+	Type string `json:"type,omitempty"`
+}
+
 // PluginConfigUser plugin config user
 // swagger:model PluginConfigUser
 type PluginConfigUser struct {

api/types/plugin_responses.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 )
 
-// PluginsListResponse contains the response for the remote API
+// PluginsListResponse contains the response for the Engine API
 type PluginsListResponse []*Plugin
 
 const (

api/types/service_update_response.go

@@ -0,0 +1,12 @@
+package types
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// ServiceUpdateResponse service update response
+// swagger:model ServiceUpdateResponse
+type ServiceUpdateResponse struct {
+
+	// Optional warning messages
+	Warnings []string `json:"Warnings"`
+}

api/types/swarm/common.go

@@ -19,3 +19,9 @@ type Annotations struct {
 	Name   string            `json:",omitempty"`
 	Labels map[string]string `json:",omitempty"`
 }
+
+// Driver represents a driver (network, logging).
+type Driver struct {
+	Name    string            `json:",omitempty"`
+	Options map[string]string `json:",omitempty"`
+}

api/types/swarm/network.go

@@ -109,9 +109,3 @@ type IPAMConfig struct {
 	Range   string `json:",omitempty"`
 	Gateway string `json:",omitempty"`
 }
-
-// Driver represents a network driver.
-type Driver struct {
-	Name    string            `json:",omitempty"`
-	Options map[string]string `json:",omitempty"`
-}

api/types/swarm/secret.go

@@ -6,9 +6,7 @@ import "os"
 type Secret struct {
 	ID string
 	Meta
-	Spec       SecretSpec
-	Digest     string
-	SecretSize int64
+	Spec SecretSpec
 }
 
 // SecretSpec represents a secret specification from a secret in swarm
@@ -27,7 +25,7 @@ type SecretReferenceFileTarget struct {
 
 // SecretReference is a reference to a secret in swarm
 type SecretReference struct {
+	File       *SecretReferenceFileTarget
 	SecretID   string
 	SecretName string
-	Target     *SecretReferenceFileTarget
 }

api/types/swarm/service.go

@@ -74,7 +74,7 @@ const (
 type UpdateConfig struct {
 	// Maximum number of tasks to be updated in one iteration.
 	// 0 means unlimited parallelism.
-	Parallelism uint64 `json:",omitempty"`
+	Parallelism uint64
 
 	// Amount of time between updates.
 	Delay time.Duration `json:",omitempty"`

api/types/types.go

@@ -1,8 +1,11 @@
 package types
 
 import (
+	"errors"
+	"fmt"
 	"io"
 	"os"
+	"strings"
 	"time"
 
 	"github.com/docker/docker/api/types/container"
@@ -14,14 +17,14 @@ import (
 	"github.com/docker/go-connections/nat"
 )
 
-// ContainerChange contains response of Remote API:
+// ContainerChange contains response of Engine API:
 // GET "/containers/{name:.*}/changes"
 type ContainerChange struct {
 	Kind int
 	Path string
 }
 
-// ImageHistory contains response of Remote API:
+// ImageHistory contains response of Engine API:
 // GET "/images/{name:.*}/history"
 type ImageHistory struct {
 	ID        string `json:"Id"`
@@ -32,7 +35,7 @@ type ImageHistory struct {
 	Comment   string
 }
 
-// ImageDelete contains response of Remote API:
+// ImageDelete contains response of Engine API:
 // DELETE "/images/{name:.*}"
 type ImageDelete struct {
 	Untagged string `json:",omitempty"`
@@ -53,7 +56,7 @@ type RootFS struct {
 	BaseLayer string   `json:",omitempty"`
 }
 
-// ImageInspect contains response of Remote API:
+// ImageInspect contains response of Engine API:
 // GET "/images/{name:.*}/json"
 type ImageInspect struct {
 	ID              string `json:"Id"`
@@ -76,7 +79,7 @@ type ImageInspect struct {
 	RootFS          RootFS
 }
 
-// Container contains response of Remote API:
+// Container contains response of Engine API:
 // GET "/containers/json"
 type Container struct {
 	ID         string `json:"Id"`
@@ -98,7 +101,7 @@ type Container struct {
 	Mounts          []MountPoint
 }
 
-// CopyConfig contains request body of Remote API:
+// CopyConfig contains request body of Engine API:
 // POST "/containers/"+containerID+"/copy"
 type CopyConfig struct {
 	Resource string
@@ -115,28 +118,28 @@ type ContainerPathStat struct {
 	LinkTarget string      `json:"linkTarget"`
 }
 
-// ContainerStats contains response of Remote API:
+// ContainerStats contains response of Engine API:
 // GET "/stats"
 type ContainerStats struct {
 	Body   io.ReadCloser `json:"body"`
 	OSType string        `json:"ostype"`
 }
 
-// ContainerProcessList contains response of Remote API:
+// ContainerProcessList contains response of Engine API:
 // GET "/containers/{name:.*}/top"
 type ContainerProcessList struct {
 	Processes [][]string
 	Titles    []string
 }
 
-// Ping contains response of Remote API:
+// Ping contains response of Engine API:
 // GET "/_ping"
 type Ping struct {
 	APIVersion   string
 	Experimental bool
 }
 
-// Version contains response of Remote API:
+// Version contains response of Engine API:
 // GET "/version"
 type Version struct {
 	Version       string
@@ -158,9 +161,9 @@ type Commit struct {
 	Expected string
 }
 
-// InfoBase contains the base response of Remote API:
+// Info contains response of Engine API:
 // GET "/info"
-type InfoBase struct {
+type Info struct {
 	ID                 string
 	Containers         int
 	ContainersRunning  int
@@ -219,18 +222,49 @@ type InfoBase struct {
 	ContainerdCommit   Commit
 	RuncCommit         Commit
 	InitCommit         Commit
+	SecurityOptions    []string
 }
 
-// SecurityOpt holds key/value pair about a security option
-type SecurityOpt struct {
+// KeyValue holds a key/value pair
+type KeyValue struct {
 	Key, Value string
 }
 
-// Info contains response of Remote API:
-// GET "/info"
-type Info struct {
-	*InfoBase
-	SecurityOptions []SecurityOpt
+// SecurityOpt contains the name and options of a security option
+type SecurityOpt struct {
+	Name    string
+	Options []KeyValue
+}
+
+// DecodeSecurityOptions decodes a security options string slice to a type safe
+// SecurityOpt
+func DecodeSecurityOptions(opts []string) ([]SecurityOpt, error) {
+	so := []SecurityOpt{}
+	for _, opt := range opts {
+		// support output from a < 1.13 docker daemon
+		if !strings.Contains(opt, "=") {
+			so = append(so, SecurityOpt{Name: opt})
+			continue
+		}
+		secopt := SecurityOpt{}
+		split := strings.Split(opt, ",")
+		for _, s := range split {
+			kv := strings.SplitN(s, "=", 2)
+			if len(kv) != 2 {
+				return nil, fmt.Errorf("invalid security option %q", s)
+			}
+			if kv[0] == "" || kv[1] == "" {
+				return nil, errors.New("invalid empty security option")
+			}
+			if kv[0] == "name" {
+				secopt.Name = kv[1]
+				continue
+			}
+			secopt.Options = append(secopt.Options, KeyValue{Key: kv[0], Value: kv[1]})
+		}
+		so = append(so, secopt)
+	}
+	return so, nil
 }
 
 // PluginsInfo is a temp struct holding Plugins name
@@ -305,7 +339,7 @@ type ContainerNode struct {
 	Labels    map[string]string
 }
 
-// ContainerJSONBase contains response of Remote API:
+// ContainerJSONBase contains response of Engine API:
 // GET "/containers/{name:.*}/json"
 type ContainerJSONBase struct {
 	ID              string `json:"Id"`
@@ -466,7 +500,7 @@ type Runtime struct {
 	Args []string `json:"runtimeArgs,omitempty"`
 }
 
-// DiskUsage contains response of Remote API:
+// DiskUsage contains response of Engine API:
 // GET "/system/df"
 type DiskUsage struct {
 	LayersSize int64
@@ -475,49 +509,28 @@ type DiskUsage struct {
 	Volumes    []*Volume
 }
 
-// ImagesPruneConfig contains the configuration for Remote API:
-// POST "/images/prune"
-type ImagesPruneConfig struct {
-	DanglingOnly bool
-}
-
-// ContainersPruneConfig contains the configuration for Remote API:
-// POST "/images/prune"
-type ContainersPruneConfig struct {
-}
-
-// VolumesPruneConfig contains the configuration for Remote API:
-// POST "/images/prune"
-type VolumesPruneConfig struct {
-}
-
-// NetworksPruneConfig contains the configuration for Remote API:
-// POST "/networks/prune"
-type NetworksPruneConfig struct {
-}
-
-// ContainersPruneReport contains the response for Remote API:
+// ContainersPruneReport contains the response for Engine API:
 // POST "/containers/prune"
 type ContainersPruneReport struct {
 	ContainersDeleted []string
 	SpaceReclaimed    uint64
 }
 
-// VolumesPruneReport contains the response for Remote API:
+// VolumesPruneReport contains the response for Engine API:
 // POST "/volumes/prune"
 type VolumesPruneReport struct {
 	VolumesDeleted []string
 	SpaceReclaimed uint64
 }
 
-// ImagesPruneReport contains the response for Remote API:
+// ImagesPruneReport contains the response for Engine API:
 // POST "/images/prune"
 type ImagesPruneReport struct {
 	ImagesDeleted  []ImageDelete
 	SpaceReclaimed uint64
 }
 
-// NetworksPruneReport contains the response for Remote API:
+// NetworksPruneReport contains the response for Engine API:
 // POST "/networks/prune"
 type NetworksPruneReport struct {
 	NetworksDeleted []string

api/types/versions/v1p24/types.go

@@ -1,10 +0,0 @@
-// Package v1p24 provides specific API types for the API version 1, patch 24.
-package v1p24
-
-import "github.com/docker/docker/api/types"
-
-type Info struct {
-	*types.InfoBase
-	ExecutionDriver string
-	SecurityOptions []string
-}

api/types/volume.go

@@ -11,7 +11,7 @@ type Volume struct {
 	// Required: true
 	Driver string `json:"Driver"`
 
-	// A mapping of abitrary key/value data set on this volume.
+	// User-defined key/value metadata.
 	// Required: true
 	Labels map[string]string `json:"Labels"`
 

api/types/volume/volumes_create.go

@@ -19,7 +19,7 @@ type VolumesCreateBody struct {
 	// Required: true
 	DriverOpts map[string]string `json:"DriverOpts"`
 
-	// A mapping of arbitrary key/value data to set on the volume.
+	// User-defined key/value metadata.
 	// Required: true
 	Labels map[string]string `json:"Labels"`
 

builder/builder.go

@@ -116,7 +116,7 @@ type Backend interface {
 	// ContainerAttachRaw attaches to container.
 	ContainerAttachRaw(cID string, stdin io.ReadCloser, stdout, stderr io.Writer, stream bool) error
 	// ContainerCreate creates a new Docker container and returns potential warnings
-	ContainerCreate(config types.ContainerCreateConfig, validateHostname bool) (container.ContainerCreateCreatedBody, error)
+	ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error)
 	// ContainerRm removes a container specified by `id`.
 	ContainerRm(name string, config *types.ContainerRmConfig) error
 	// Commit creates a new Docker image from an existing Docker container.
@@ -124,11 +124,13 @@ type Backend interface {
 	// ContainerKill stops the container execution abruptly.
 	ContainerKill(containerID string, sig uint64) error
 	// ContainerStart starts a new container
-	ContainerStart(containerID string, hostConfig *container.HostConfig, validateHostname bool, checkpoint string, checkpointDir string) error
+	ContainerStart(containerID string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error
 	// ContainerWait stops processing until the given container is stopped.
 	ContainerWait(containerID string, timeout time.Duration) (int, error)
 	// ContainerUpdateCmdOnBuild updates container.Path and container.Args
 	ContainerUpdateCmdOnBuild(containerID string, cmd []string) error
+	// ContainerCreateWorkdir creates the workdir (currently only used on Windows)
+	ContainerCreateWorkdir(containerID string) error
 
 	// ContainerCopy copies/extracts a source FileInfo to a destination path inside a container
 	// specified by a container object.

builder/dockerfile/builder.go

@@ -125,7 +125,7 @@ func NewBuilder(clientCtx context.Context, config *types.ImageBuildOptions, back
 		config = new(types.ImageBuildOptions)
 	}
 	if config.BuildArgs == nil {
-		config.BuildArgs = make(map[string]string)
+		config.BuildArgs = make(map[string]*string)
 	}
 	ctx, cancel := context.WithCancel(clientCtx)
 	b = &Builder{

builder/dockerfile/dispatchers.go

@@ -18,6 +18,7 @@ import (
 
 	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/docker/builder"
@@ -70,14 +71,20 @@ func env(b *Builder, args []string, attributes map[string]bool, original string)
 		if len(args[j]) == 0 {
 			return errBlankCommandNames("ENV")
 		}
-
 		newVar := args[j] + "=" + args[j+1] + ""
 		commitStr += " " + newVar
 
 		gotOne := false
 		for i, envVar := range b.runConfig.Env {
 			envParts := strings.SplitN(envVar, "=", 2)
-			if envParts[0] == args[j] {
+			compareFrom := envParts[0]
+			compareTo := args[j]
+			if runtime.GOOS == "windows" {
+				// Case insensitive environment variables on Windows
+				compareFrom = strings.ToUpper(compareFrom)
+				compareTo = strings.ToUpper(compareTo)
+			}
+			if compareFrom == compareTo {
 				b.runConfig.Env[i] = newVar
 				gotOne = true
 				break
@@ -279,12 +286,37 @@ func workdir(b *Builder, args []string, attributes map[string]bool, original str
 		return err
 	}
 
-	// NOTE: You won't find the "mkdir" for the directory in here. Rather we
-	// just set the value in the image's runConfig.WorkingDir property
-	// and container.SetupWorkingDirectory() will create it automatically
-	// for us the next time the image is used to create a container.
+	// For performance reasons, we explicitly do a create/mkdir now
+	// This avoids having an unnecessary expensive mount/unmount calls
+	// (on Windows in particular) during each container create.
+	// Prior to 1.13, the mkdir was deferred and not executed at this step.
+	if b.disableCommit {
+		// Don't call back into the daemon if we're going through docker commit --change "WORKDIR /foo".
+		// We've already updated the runConfig and that's enough.
+		return nil
+	}
+	b.runConfig.Image = b.image
 
-	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("WORKDIR %v", b.runConfig.WorkingDir))
+	if hit, err := b.probeCache(); err != nil {
+		return err
+	} else if hit {
+		return nil
+	}
+
+	// Actually copy the struct
+	workdirConfig := *b.runConfig
+	workdirConfig.Cmd = strslice.StrSlice(append(getShell(b.runConfig), fmt.Sprintf("#(nop) WORKDIR %s", b.runConfig.WorkingDir)))
+
+	container, err := b.docker.ContainerCreate(types.ContainerCreateConfig{Config: &workdirConfig})
+	if err != nil {
+		return err
+	}
+	b.tmpContainers[container.ID] = struct{}{}
+	if err := b.docker.ContainerCreateWorkdir(container.ID); err != nil {
+		return err
+	}
+
+	return b.commit(container.ID, b.runConfig.Cmd, "WORKDIR "+b.runConfig.WorkingDir)
 }
 
 // RUN some command yo
@@ -352,8 +384,8 @@ func run(b *Builder, args []string, attributes map[string]bool, original string)
 			// the entire file (see 'leftoverArgs' processing in evaluator.go )
 			continue
 		}
-		if _, ok := configEnv[key]; !ok {
-			cmdBuildEnv = append(cmdBuildEnv, fmt.Sprintf("%s=%s", key, val))
+		if _, ok := configEnv[key]; !ok && val != nil {
+			cmdBuildEnv = append(cmdBuildEnv, fmt.Sprintf("%s=%s", key, *val))
 		}
 	}
 
@@ -696,7 +728,7 @@ func arg(b *Builder, args []string, attributes map[string]bool, original string)
 
 	var (
 		name       string
-		value      string
+		newValue   string
 		hasDefault bool
 	)
 
@@ -713,7 +745,7 @@ func arg(b *Builder, args []string, attributes map[string]bool, original string)
 		}
 
 		name = parts[0]
-		value = parts[1]
+		newValue = parts[1]
 		hasDefault = true
 	} else {
 		name = arg
@@ -724,9 +756,12 @@ func arg(b *Builder, args []string, attributes map[string]bool, original string)
 
 	// If there is a default value associated with this arg then add it to the
 	// b.buildArgs if one is not already passed to the builder. The args passed
-	// to builder override the default value of 'arg'.
-	if _, ok := b.options.BuildArgs[name]; !ok && hasDefault {
-		b.options.BuildArgs[name] = value
+	// to builder override the default value of 'arg'. Note that a 'nil' for
+	// a value means that the user specified "--build-arg FOO" and "FOO" wasn't
+	// defined as an env var - and in that case we DO want to use the default
+	// value specified in the ARG cmd.
+	if baValue, ok := b.options.BuildArgs[name]; (!ok || baValue == nil) && hasDefault {
+		b.options.BuildArgs[name] = &newValue
 	}
 
 	return b.commit("", b.runConfig.Cmd, fmt.Sprintf("ARG %s", arg))

builder/dockerfile/dispatchers_test.go

@@ -460,7 +460,7 @@ func TestStopSignal(t *testing.T) {
 }
 
 func TestArg(t *testing.T) {
-	buildOptions := &types.ImageBuildOptions{BuildArgs: make(map[string]string)}
+	buildOptions := &types.ImageBuildOptions{BuildArgs: make(map[string]*string)}
 
 	b := &Builder{flags: &BFlags{}, runConfig: &container.Config{}, disableCommit: true, allowedBuildArgs: make(map[string]bool), options: buildOptions}
 
@@ -488,7 +488,7 @@ func TestArg(t *testing.T) {
 		t.Fatalf("%s argument should be a build arg", argName)
 	}
 
-	if val != "bar" {
+	if *val != "bar" {
 		t.Fatalf("%s argument should have default value 'bar', got %s", argName, val)
 	}
 }

builder/dockerfile/envVarTest

@@ -1,112 +1,116 @@
-hello                    |     hello
-he'll'o                  |     hello
-he'llo                   |     hello
-he\'llo                  |     he'llo
-he\\'llo                 |     he\llo
-abc\tdef                 |     abctdef
-"abc\tdef"               |     abc\tdef
-'abc\tdef'               |     abc\tdef
-hello\                   |     hello
-hello\\                  |     hello\
-"hello                   |     hello
-"hello\"                 |     hello"
-"hel'lo"                 |     hel'lo
-'hello                   |     hello
-'hello\'                 |     hello\
-"''"                     |     ''
-$.                       |     $.
-$1                       |
-he$1x                    |     hex
-he$.x                    |     he$.x
-he$pwd.                  |     he.
-he$PWD                   |     he/home
-he\$PWD                  |     he$PWD
-he\\$PWD                 |     he\/home
-he\${}                   |     he${}
-he\${}xx                 |     he${}xx
-he${}                    |     he
-he${}xx                  |     hexx
-he${hi}                  |     he
-he${hi}xx                |     hexx
-he${PWD}                 |     he/home
-he${.}                   |     error
-he${XXX:-000}xx          |     he000xx
-he${PWD:-000}xx          |     he/homexx
-he${XXX:-$PWD}xx         |     he/homexx
-he${XXX:-${PWD:-yyy}}xx  |     he/homexx
-he${XXX:-${YYY:-yyy}}xx  |     heyyyxx
-he${XXX:YYY}             |     error
-he${XXX:+${PWD}}xx       |     hexx
-he${PWD:+${XXX}}xx       |     hexx
-he${PWD:+${SHELL}}xx     |     hebashxx
-he${XXX:+000}xx          |     hexx
-he${PWD:+000}xx          |     he000xx
-'he${XX}'                |     he${XX}
-"he${PWD}"               |     he/home
-"he'$PWD'"               |     he'/home'
-"$PWD"                   |     /home
-'$PWD'                   |     $PWD
-'\$PWD'                  |     \$PWD
-'"hello"'                |     "hello"
-he\$PWD                  |     he$PWD
-"he\$PWD"                |     he$PWD
-'he\$PWD'                |     he\$PWD
-he${PWD                  |     error
-he${PWD:=000}xx          |     error
-he${PWD:+${PWD}:}xx      |     he/home:xx
-he${XXX:-\$PWD:}xx       |     he$PWD:xx
-he${XXX:-\${PWD}z}xx     |     he${PWDz}xx
-안녕하세요                 |     안녕하세요
-안'녕'하세요               |     안녕하세요
-안'녕하세요                |     안녕하세요
-안녕\'하세요               |     안녕'하세요
-안\\'녕하세요              |     안\녕하세요
-안녕\t하세요               |     안녕t하세요
-"안녕\t하세요"             |     안녕\t하세요
-'안녕\t하세요              |     안녕\t하세요
-안녕하세요\                |     안녕하세요
-안녕하세요\\               |     안녕하세요\
-"안녕하세요                |     안녕하세요
-"안녕하세요\"              |     안녕하세요"
-"안녕'하세요"              |     안녕'하세요
-'안녕하세요                |     안녕하세요
-'안녕하세요\'              |     안녕하세요\
-안녕$1x                    |     안녕x
-안녕$.x                    |     안녕$.x
-안녕$pwd.                  |     안녕.
-안녕$PWD                   |     안녕/home
-안녕\$PWD                  |     안녕$PWD
-안녕\\$PWD                 |     안녕\/home
-안녕\${}                   |     안녕${}
-안녕\${}xx                 |     안녕${}xx
-안녕${}                    |     안녕
-안녕${}xx                  |     안녕xx
-안녕${hi}                  |     안녕
-안녕${hi}xx                |     안녕xx
-안녕${PWD}                 |     안녕/home
-안녕${.}                   |     error
-안녕${XXX:-000}xx          |     안녕000xx
-안녕${PWD:-000}xx          |     안녕/homexx
-안녕${XXX:-$PWD}xx         |     안녕/homexx
-안녕${XXX:-${PWD:-yyy}}xx  |     안녕/homexx
-안녕${XXX:-${YYY:-yyy}}xx  |     안녕yyyxx
-안녕${XXX:YYY}             |     error
-안녕${XXX:+${PWD}}xx       |     안녕xx
-안녕${PWD:+${XXX}}xx       |     안녕xx
-안녕${PWD:+${SHELL}}xx     |     안녕bashxx
-안녕${XXX:+000}xx          |     안녕xx
-안녕${PWD:+000}xx          |     안녕000xx
-'안녕${XX}'                |     안녕${XX}
-"안녕${PWD}"               |     안녕/home
-"안녕'$PWD'"               |     안녕'/home'
-'"안녕"'                   |     "안녕"
-안녕\$PWD                  |     안녕$PWD
-"안녕\$PWD"                |     안녕$PWD
-'안녕\$PWD'                |     안녕\$PWD
-안녕${PWD                  |     error
-안녕${PWD:=000}xx          |     error
-안녕${PWD:+${PWD}:}xx      |     안녕/home:xx
-안녕${XXX:-\$PWD:}xx       |     안녕$PWD:xx
-안녕${XXX:-\${PWD}z}xx     |     안녕${PWDz}xx
-$KOREAN                    |     한국어
-안녕$KOREAN                |     안녕한국어
+A|hello                    |     hello
+A|he'll'o                  |     hello
+A|he'llo                   |     hello
+A|he\'llo                  |     he'llo
+A|he\\'llo                 |     he\llo
+A|abc\tdef                 |     abctdef
+A|"abc\tdef"               |     abc\tdef
+A|'abc\tdef'               |     abc\tdef
+A|hello\                   |     hello
+A|hello\\                  |     hello\
+A|"hello                   |     hello
+A|"hello\"                 |     hello"
+A|"hel'lo"                 |     hel'lo
+A|'hello                   |     hello
+A|'hello\'                 |     hello\
+A|"''"                     |     ''
+A|$.                       |     $.
+A|$1                       |
+A|he$1x                    |     hex
+A|he$.x                    |     he$.x
+# Next one is different on Windows as $pwd==$PWD
+U|he$pwd.                  |     he.
+W|he$pwd.                  |     he/home.
+A|he$PWD                   |     he/home
+A|he\$PWD                  |     he$PWD
+A|he\\$PWD                 |     he\/home
+A|he\${}                   |     he${}
+A|he\${}xx                 |     he${}xx
+A|he${}                    |     he
+A|he${}xx                  |     hexx
+A|he${hi}                  |     he
+A|he${hi}xx                |     hexx
+A|he${PWD}                 |     he/home
+A|he${.}                   |     error
+A|he${XXX:-000}xx          |     he000xx
+A|he${PWD:-000}xx          |     he/homexx
+A|he${XXX:-$PWD}xx         |     he/homexx
+A|he${XXX:-${PWD:-yyy}}xx  |     he/homexx
+A|he${XXX:-${YYY:-yyy}}xx  |     heyyyxx
+A|he${XXX:YYY}             |     error
+A|he${XXX:+${PWD}}xx       |     hexx
+A|he${PWD:+${XXX}}xx       |     hexx
+A|he${PWD:+${SHELL}}xx     |     hebashxx
+A|he${XXX:+000}xx          |     hexx
+A|he${PWD:+000}xx          |     he000xx
+A|'he${XX}'                |     he${XX}
+A|"he${PWD}"               |     he/home
+A|"he'$PWD'"               |     he'/home'
+A|"$PWD"                   |     /home
+A|'$PWD'                   |     $PWD
+A|'\$PWD'                  |     \$PWD
+A|'"hello"'                |     "hello"
+A|he\$PWD                  |     he$PWD
+A|"he\$PWD"                |     he$PWD
+A|'he\$PWD'                |     he\$PWD
+A|he${PWD                  |     error
+A|he${PWD:=000}xx          |     error
+A|he${PWD:+${PWD}:}xx      |     he/home:xx
+A|he${XXX:-\$PWD:}xx       |     he$PWD:xx
+A|he${XXX:-\${PWD}z}xx     |     he${PWDz}xx
+A|안녕하세요                 |     안녕하세요
+A|안'녕'하세요               |     안녕하세요
+A|안'녕하세요                |     안녕하세요
+A|안녕\'하세요               |     안녕'하세요
+A|안\\'녕하세요              |     안\녕하세요
+A|안녕\t하세요               |     안녕t하세요
+A|"안녕\t하세요"             |     안녕\t하세요
+A|'안녕\t하세요              |     안녕\t하세요
+A|안녕하세요\                |     안녕하세요
+A|안녕하세요\\               |     안녕하세요\
+A|"안녕하세요                |     안녕하세요
+A|"안녕하세요\"              |     안녕하세요"
+A|"안녕'하세요"              |     안녕'하세요
+A|'안녕하세요                |     안녕하세요
+A|'안녕하세요\'              |     안녕하세요\
+A|안녕$1x                    |     안녕x
+A|안녕$.x                    |     안녕$.x
+# Next one is different on Windows as $pwd==$PWD
+U|안녕$pwd.                  |     안녕.
+W|안녕$pwd.                  |     안녕/home.
+A|안녕$PWD                   |     안녕/home
+A|안녕\$PWD                  |     안녕$PWD
+A|안녕\\$PWD                 |     안녕\/home
+A|안녕\${}                   |     안녕${}
+A|안녕\${}xx                 |     안녕${}xx
+A|안녕${}                    |     안녕
+A|안녕${}xx                  |     안녕xx
+A|안녕${hi}                  |     안녕
+A|안녕${hi}xx                |     안녕xx
+A|안녕${PWD}                 |     안녕/home
+A|안녕${.}                   |     error
+A|안녕${XXX:-000}xx          |     안녕000xx
+A|안녕${PWD:-000}xx          |     안녕/homexx
+A|안녕${XXX:-$PWD}xx         |     안녕/homexx
+A|안녕${XXX:-${PWD:-yyy}}xx  |     안녕/homexx
+A|안녕${XXX:-${YYY:-yyy}}xx  |     안녕yyyxx
+A|안녕${XXX:YYY}             |     error
+A|안녕${XXX:+${PWD}}xx       |     안녕xx
+A|안녕${PWD:+${XXX}}xx       |     안녕xx
+A|안녕${PWD:+${SHELL}}xx     |     안녕bashxx
+A|안녕${XXX:+000}xx          |     안녕xx
+A|안녕${PWD:+000}xx          |     안녕000xx
+A|'안녕${XX}'                |     안녕${XX}
+A|"안녕${PWD}"               |     안녕/home
+A|"안녕'$PWD'"               |     안녕'/home'
+A|'"안녕"'                   |     "안녕"
+A|안녕\$PWD                  |     안녕$PWD
+A|"안녕\$PWD"                |     안녕$PWD
+A|'안녕\$PWD'                |     안녕\$PWD
+A|안녕${PWD                  |     error
+A|안녕${PWD:=000}xx          |     error
+A|안녕${PWD:+${PWD}:}xx      |     안녕/home:xx
+A|안녕${XXX:-\$PWD:}xx       |     안녕$PWD:xx
+A|안녕${XXX:-\${PWD}z}xx     |     안녕${PWDz}xx
+A|$KOREAN                    |     한국어
+A|안녕$KOREAN                |     안녕한국어

builder/dockerfile/evaluator.go

@@ -158,7 +158,7 @@ func (b *Builder) dispatch(stepN int, stepTotal int, ast *parser.Node) error {
 			// the entire file (see 'leftoverArgs' processing in evaluator.go )
 			continue
 		}
-		envs = append(envs, fmt.Sprintf("%s=%s", key, val))
+		envs = append(envs, fmt.Sprintf("%s=%s", key, *val))
 	}
 	for ast.Next != nil {
 		ast = ast.Next

builder/dockerfile/evaluator_windows.go

@@ -6,7 +6,7 @@ import "fmt"
 // a command not supported on the platform.
 func platformSupports(command string) error {
 	switch command {
-	case "user", "stopsignal":
+	case "stopsignal":
 		return fmt.Errorf("The daemon on this platform does not support the command '%s'", command)
 	}
 	return nil

builder/dockerfile/internals.go

@@ -180,7 +180,7 @@ func (b *Builder) runContextCommand(args []string, allowRemote bool, allowLocalD
 		return nil
 	}
 
-	container, err := b.docker.ContainerCreate(types.ContainerCreateConfig{Config: b.runConfig}, true)
+	container, err := b.docker.ContainerCreate(types.ContainerCreateConfig{Config: b.runConfig})
 	if err != nil {
 		return err
 	}
@@ -496,7 +496,7 @@ func (b *Builder) create() (string, error) {
 	c, err := b.docker.ContainerCreate(types.ContainerCreateConfig{
 		Config:     b.runConfig,
 		HostConfig: hostConfig,
-	}, true)
+	})
 	if err != nil {
 		return "", err
 	}
@@ -537,7 +537,7 @@ func (b *Builder) run(cID string) (err error) {
 		}
 	}()
 
-	if err := b.docker.ContainerStart(cID, nil, true, "", ""); err != nil {
+	if err := b.docker.ContainerStart(cID, nil, "", ""); err != nil {
 		close(finished)
 		if cancelErr := <-cancelErrCh; cancelErr != nil {
 			logrus.Debugf("Build cancelled (%v) and got an error from ContainerStart: %v",

builder/dockerfile/parser/parser.go

@@ -176,17 +176,10 @@ func Parse(rwc io.Reader, d *Directive) (*Node, error) {
 				newline := scanner.Text()
 				currentLine++
 
-				// If escape followed by a comment line then stop
-				// Note here that comment line starts with `#` at
-				// the first pos of the line
-				if stripComments(newline) == "" {
-					break
+				if stripComments(strings.TrimSpace(newline)) == "" {
+					continue
 				}
 
-				// If escape followed by an empty line then stop
-				if strings.TrimSpace(newline) == "" {
-					break
-				}
 				line, child, err = ParseLine(line+newline, d, false)
 				if err != nil {
 					return nil, err

builder/dockerfile/parser/parser_test.go

@@ -150,8 +150,8 @@ func TestLineInformation(t *testing.T) {
 		t.Fatalf("Error parsing dockerfile %s: %v", testFileLineInfo, err)
 	}
 
-	if ast.StartLine != 5 || ast.EndLine != 27 {
-		fmt.Fprintf(os.Stderr, "Wrong root line information: expected(%d-%d), actual(%d-%d)\n", 5, 27, ast.StartLine, ast.EndLine)
+	if ast.StartLine != 5 || ast.EndLine != 31 {
+		fmt.Fprintf(os.Stderr, "Wrong root line information: expected(%d-%d), actual(%d-%d)\n", 5, 31, ast.StartLine, ast.EndLine)
 		t.Fatalf("Root line information doesn't match result.")
 	}
 	if len(ast.Children) != 3 {
@@ -161,7 +161,7 @@ func TestLineInformation(t *testing.T) {
 	expected := [][]int{
 		{5, 5},
 		{11, 12},
-		{17, 27},
+		{17, 31},
 	}
 	for i, child := range ast.Children {
 		if child.StartLine != expected[i][0] || child.EndLine != expected[i][1] {

builder/dockerfile/parser/testfile-line/Dockerfile

@@ -16,11 +16,15 @@ ENV GOPATH \
 # Install the packages we need, clean up after them and us
 RUN apt-get update \
 	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.clean \
+
+
     && apt-get install -y --no-install-recommends git golang ca-certificates \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists \
+
 	&& go get -v github.com/brimstone/consuldock \
     && mv $GOPATH/bin/consuldock /usr/local/bin/consuldock \
+
 	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \
 	&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \
 	&& rm /tmp/dpkg.* \

builder/dockerfile/parser/testfiles/brimstone-consuldock/Dockerfile

@@ -16,8 +16,10 @@ RUN apt-get update \
     && apt-get install -y --no-install-recommends git golang ca-certificates \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists \
+
 	&& go get -v github.com/brimstone/consuldock \
     && mv $GOPATH/bin/consuldock /usr/local/bin/consuldock \
+
 	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \
 	&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \
 	&& rm /tmp/dpkg.* \

builder/dockerfile/parser/testfiles/brimstone-docker-consul/Dockerfile

@@ -23,12 +23,14 @@ RUN apt-get update \
     && apt-get install -y --no-install-recommends unzip wget \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists \
+
     && cd /tmp \
     && wget https://dl.bintray.com/mitchellh/consul/0.3.1_web_ui.zip \
        -O web_ui.zip \
     && unzip web_ui.zip \
     && mv dist /webui \
     && rm web_ui.zip \
+
 	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \
 	&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \
 	&& rm /tmp/dpkg.*
@@ -40,8 +42,10 @@ RUN apt-get update \
     && apt-get install -y --no-install-recommends git golang ca-certificates build-essential \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists \
+
 	&& go get -v github.com/hashicorp/consul \
 	&& mv $GOPATH/bin/consul /usr/bin/consul \
+
 	&& dpkg -l | awk '/^ii/ {print $2}' > /tmp/dpkg.dirty \
 	&& apt-get remove --purge -y $(diff /tmp/dpkg.clean /tmp/dpkg.dirty | awk '/^>/ {print $2}') \
 	&& rm /tmp/dpkg.* \

builder/dockerfile/parser/testfiles/continueIndent/Dockerfile

@@ -27,5 +27,8 @@ bye\
 frog
 
 RUN echo hello \
-# this is a comment that breaks escape continuation
-RUN echo this is some more useful stuff
+# this is a comment
+
+# this is a comment with a blank line surrounding it
+
+this is some more useful stuff

builder/dockerfile/parser/testfiles/continueIndent/result

@@ -6,5 +6,4 @@
 (run "echo hi   world  goodnight")
 (run "echo goodbyefrog")
 (run "echo goodbyefrog")
-(run "echo hello")
-(run "echo this is some more useful stuff")
+(run "echo hello this is some more useful stuff")

builder/dockerfile/parser/testfiles/empty-line-after-escape/Dockerfile

@@ -1,15 +0,0 @@
-FROM busybox
-
-# The following will create two instructions
-# `Run foo`
-# `bar`
-# because empty line will break the escape.
-# The parser will generate the following:
-# (from "busybox")
-# (run "foo")
-# (bar "")
-# And `bar` will return an error instruction later
-# Note: Parse() will not immediately error out.
-RUN foo \
-
-bar

builder/dockerfile/parser/testfiles/empty-line-after-escape/result

@@ -1,3 +0,0 @@
-(from "busybox")
-(run "foo")
-(bar "")

builder/dockerfile/parser/testfiles/escapes/Dockerfile

@@ -6,7 +6,9 @@ RUN apt-get \update && \
 ADD \conf\\" /.znc
 
 RUN foo \
+
 bar \
+
 baz
 
 CMD [ "\/usr\\\"/bin/znc", "-f", "-r" ]

builder/dockerfile/shell_parser.go

@@ -8,6 +8,7 @@ package dockerfile
 
 import (
 	"fmt"
+	"runtime"
 	"strings"
 	"text/scanner"
 	"unicode"
@@ -298,9 +299,16 @@ func (sw *shellWord) processName() string {
 }
 
 func (sw *shellWord) getEnv(name string) string {
+	if runtime.GOOS == "windows" {
+		// Case-insensitive environment variables on Windows
+		name = strings.ToUpper(name)
+	}
 	for _, env := range sw.envs {
 		i := strings.Index(env, "=")
 		if i < 0 {
+			if runtime.GOOS == "windows" {
+				env = strings.ToUpper(env)
+			}
 			if name == env {
 				// Should probably never get here, but just in case treat
 				// it like "var" and "var=" are the same
@@ -308,7 +316,11 @@ func (sw *shellWord) getEnv(name string) string {
 			}
 			continue
 		}
-		if name != env[:i] {
+		compareName := env[:i]
+		if runtime.GOOS == "windows" {
+			compareName = strings.ToUpper(compareName)
+		}
+		if name != compareName {
 			continue
 		}
 		return env[i+1:]

builder/dockerfile/shell_parser_test.go

@@ -3,12 +3,14 @@ package dockerfile
 import (
 	"bufio"
 	"os"
+	"runtime"
 	"strings"
 	"testing"
 )
 
 func TestShellParser4EnvVars(t *testing.T) {
 	fn := "envVarTest"
+	lineCount := 0
 
 	file, err := os.Open(fn)
 	if err != nil {
@@ -20,6 +22,7 @@ func TestShellParser4EnvVars(t *testing.T) {
 	envs := []string{"PWD=/home", "SHELL=bash", "KOREAN=한국어"}
 	for scanner.Scan() {
 		line := scanner.Text()
+		lineCount++
 
 		// Trim comments and blank lines
 		i := strings.Index(line, "#")
@@ -33,21 +36,30 @@ func TestShellParser4EnvVars(t *testing.T) {
 		}
 
 		words := strings.Split(line, "|")
-		if len(words) != 2 {
+		if len(words) != 3 {
 			t.Fatalf("Error in '%s' - should be exactly one | in:%q", fn, line)
 		}
 
 		words[0] = strings.TrimSpace(words[0])
 		words[1] = strings.TrimSpace(words[1])
+		words[2] = strings.TrimSpace(words[2])
 
-		newWord, err := ProcessWord(words[0], envs, '\\')
-
-		if err != nil {
-			newWord = "error"
+		// Key W=Windows; A=All; U=Unix
+		if (words[0] != "W") && (words[0] != "A") && (words[0] != "U") {
+			t.Fatalf("Invalid tag %s at line %d of %s. Must be W, A or U", words[0], lineCount, fn)
 		}
 
-		if newWord != words[1] {
-			t.Fatalf("Error. Src: %s  Calc: %s  Expected: %s", words[0], newWord, words[1])
+		if ((words[0] == "W" || words[0] == "A") && runtime.GOOS == "windows") ||
+			((words[0] == "U" || words[0] == "A") && runtime.GOOS != "windows") {
+			newWord, err := ProcessWord(words[1], envs, '\\')
+
+			if err != nil {
+				newWord = "error"
+			}
+
+			if newWord != words[2] {
+				t.Fatalf("Error. Src: %s  Calc: %s  Expected: %s at line %d", words[1], newWord, words[2], lineCount)
+			}
 		}
 	}
 }

cli/cobra.go

@@ -2,6 +2,7 @@ package cli
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/spf13/cobra"
 )
@@ -17,6 +18,7 @@ func SetupRootCommand(rootCmd *cobra.Command) {
 	rootCmd.SetUsageTemplate(usageTemplate)
 	rootCmd.SetHelpTemplate(helpTemplate)
 	rootCmd.SetFlagErrorFunc(FlagErrorFunc)
+	rootCmd.SetHelpCommand(helpCommand)
 
 	rootCmd.PersistentFlags().BoolP("help", "h", false, "Print usage")
 	rootCmd.PersistentFlags().MarkShorthandDeprecated("help", "please use --help")
@@ -39,6 +41,23 @@ func FlagErrorFunc(cmd *cobra.Command, err error) error {
 	}
 }
 
+var helpCommand = &cobra.Command{
+	Use:               "help [command]",
+	Short:             "Help about the command",
+	PersistentPreRun:  func(cmd *cobra.Command, args []string) {},
+	PersistentPostRun: func(cmd *cobra.Command, args []string) {},
+	RunE: func(c *cobra.Command, args []string) error {
+		cmd, args, e := c.Root().Find(args)
+		if cmd == nil || e != nil || len(args) > 0 {
+			return fmt.Errorf("unknown help topic: %v", strings.Join(args, " "))
+		}
+
+		helpFunc := cmd.HelpFunc()
+		helpFunc(cmd, args)
+		return nil
+	},
+}
+
 func hasSubCommands(cmd *cobra.Command) bool {
 	return len(operationSubCommands(cmd)) > 0
 }

cli/command/checkpoint/cmd.go

@@ -12,11 +12,8 @@ func NewCheckpointCommand(dockerCli *command.DockerCli) *cobra.Command {
 		Use:   "checkpoint",
 		Short: "Manage checkpoints",
 		Args:  cli.NoArgs,
-		Run: func(cmd *cobra.Command, args []string) {
-			cmd.SetOutput(dockerCli.Err())
-			cmd.HelpFunc()(cmd, args)
-		},
-		Tags: map[string]string{"experimental": "", "version": "1.25"},
+		RunE:  dockerCli.ShowHelp,
+		Tags:  map[string]string{"experimental": "", "version": "1.25"},
 	}
 	cmd.AddCommand(
 		newCreateCommand(dockerCli),

cli/command/checkpoint/create.go

@@ -1,6 +1,8 @@
 package checkpoint
 
 import (
+	"fmt"
+
 	"golang.org/x/net/context"
 
 	"github.com/docker/docker/api/types"
@@ -51,5 +53,6 @@ func runCreate(dockerCli *command.DockerCli, opts createOptions) error {
 		return err
 	}
 
+	fmt.Fprintf(dockerCli.Out(), "%s\n", opts.checkpoint)
 	return nil
 }

cli/command/cli.go

@@ -10,6 +10,7 @@ import (
 	"runtime"
 
 	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/versions"
 	cliflags "github.com/docker/docker/cli/flags"
 	"github.com/docker/docker/cliconfig"
@@ -20,6 +21,7 @@ import (
 	dopts "github.com/docker/docker/opts"
 	"github.com/docker/go-connections/sockets"
 	"github.com/docker/go-connections/tlsconfig"
+	"github.com/spf13/cobra"
 	"golang.org/x/net/context"
 )
 
@@ -73,20 +75,67 @@ func (cli *DockerCli) In() *InStream {
 	return cli.in
 }
 
+// ShowHelp shows the command help.
+func (cli *DockerCli) ShowHelp(cmd *cobra.Command, args []string) error {
+	cmd.SetOutput(cli.err)
+	cmd.HelpFunc()(cmd, args)
+	return nil
+}
+
 // ConfigFile returns the ConfigFile
 func (cli *DockerCli) ConfigFile() *configfile.ConfigFile {
 	return cli.configFile
 }
 
+// GetAllCredentials returns all of the credentials stored in all of the
+// configured credential stores.
+func (cli *DockerCli) GetAllCredentials() (map[string]types.AuthConfig, error) {
+	auths := make(map[string]types.AuthConfig)
+	for registry := range cli.configFile.CredentialHelpers {
+		helper := cli.CredentialsStore(registry)
+		newAuths, err := helper.GetAll()
+		if err != nil {
+			return nil, err
+		}
+		addAll(auths, newAuths)
+	}
+	defaultStore := cli.CredentialsStore("")
+	newAuths, err := defaultStore.GetAll()
+	if err != nil {
+		return nil, err
+	}
+	addAll(auths, newAuths)
+	return auths, nil
+}
+
+func addAll(to, from map[string]types.AuthConfig) {
+	for reg, ac := range from {
+		to[reg] = ac
+	}
+}
+
 // CredentialsStore returns a new credentials store based
-// on the settings provided in the configuration file.
-func (cli *DockerCli) CredentialsStore() credentials.Store {
-	if cli.configFile.CredentialsStore != "" {
-		return credentials.NewNativeStore(cli.configFile)
+// on the settings provided in the configuration file. Empty string returns
+// the default credential store.
+func (cli *DockerCli) CredentialsStore(serverAddress string) credentials.Store {
+	if helper := getConfiguredCredentialStore(cli.configFile, serverAddress); helper != "" {
+		return credentials.NewNativeStore(cli.configFile, helper)
 	}
 	return credentials.NewFileStore(cli.configFile)
 }
 
+// getConfiguredCredentialStore returns the credential helper configured for the
+// given registry, the default credsStore, or the empty string if neither are
+// configured.
+func getConfiguredCredentialStore(c *configfile.ConfigFile, serverAddress string) string {
+	if c.CredentialHelpers != nil && serverAddress != "" {
+		if helper, exists := c.CredentialHelpers[serverAddress]; exists {
+			return helper
+		}
+	}
+	return c.CredentialsStore
+}
+
 // Initialize the dockerCli runs initialization that must happen after command
 // line flags are parsed.
 func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions) error {

cli/command/container/attach.go

@@ -118,7 +118,7 @@ func runAttach(dockerCli *command.DockerCli, opts *attachOptions) error {
 		return errAttach
 	}
 
-	_, status, err := getExitCode(dockerCli, ctx, opts.container)
+	_, status, err := getExitCode(ctx, dockerCli, opts.container)
 	if err != nil {
 		return err
 	}

cli/command/container/cmd.go

@@ -13,10 +13,7 @@ func NewContainerCommand(dockerCli *command.DockerCli) *cobra.Command {
 		Use:   "container",
 		Short: "Manage containers",
 		Args:  cli.NoArgs,
-		Run: func(cmd *cobra.Command, args []string) {
-			cmd.SetOutput(dockerCli.Err())
-			cmd.HelpFunc()(cmd, args)
-		},
+		RunE:  dockerCli.ShowHelp,
 	}
 	cmd.AddCommand(
 		NewAttachCommand(dockerCli),

cli/command/container/create.go

@@ -170,7 +170,7 @@ func createContainer(ctx context.Context, dockerCli *command.DockerCli, config *
 
 		if ref, ok := ref.(reference.NamedTagged); ok && command.IsTrusted() {
 			var err error
-			trustedRef, err = image.TrustedReference(ctx, dockerCli, ref)
+			trustedRef, err = image.TrustedReference(ctx, dockerCli, ref, nil)
 			if err != nil {
 				return nil, err
 			}

cli/command/container/exec.go

@@ -170,7 +170,7 @@ func getExecExitCode(ctx context.Context, client apiclient.ContainerAPIClient, e
 	resp, err := client.ContainerExecInspect(ctx, execID)
 	if err != nil {
 		// If we can't connect, then the daemon probably died.
-		if err != apiclient.ErrConnectionFailed {
+		if !apiclient.IsErrConnectionFailed(err) {
 			return false, -1, err
 		}
 		return false, -1, nil

cli/command/container/list.go

@@ -59,21 +59,18 @@ func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return &cmd
 }
 
-type preProcessor struct {
-	types.Container
-	opts *types.ContainerListOptions
-}
+// listOptionsProcessor is used to set any container list options which may only
+// be embedded in the format template.
+// This is passed directly into tmpl.Execute in order to allow the preprocessor
+// to set any list options that were not provided by flags (e.g. `.Size`).
+// It is using a `map[string]bool` so that unknown fields passed into the
+// template format do not cause errors. These errors will get picked up when
+// running through the actual template processor.
+type listOptionsProcessor map[string]bool
 
-// Size sets the size option when called by a template execution.
-func (p *preProcessor) Size() bool {
-	p.opts.Size = true
-	return true
-}
-
-// Networks does nothing but return true.
-// It is needed to avoid the template check to fail as this field
-// doesn't exist in `types.Container`
-func (p *preProcessor) Networks() bool {
+// Size sets the size of the map when called by a template execution.
+func (o listOptionsProcessor) Size() bool {
+	o["size"] = true
 	return true
 }
 
@@ -89,20 +86,20 @@ func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, er
 		options.Limit = 1
 	}
 
-	// Currently only used with Size, so we can determine if the user
-	// put {{.Size}} in their format.
-	pre := &preProcessor{opts: options}
 	tmpl, err := templates.Parse(opts.format)
 
 	if err != nil {
 		return nil, err
 	}
 
+	optionsProcessor := listOptionsProcessor{}
 	// This shouldn't error out but swallowing the error makes it harder
 	// to track down if preProcessor issues come up. Ref #24696
-	if err := tmpl.Execute(ioutil.Discard, pre); err != nil {
+	if err := tmpl.Execute(ioutil.Discard, optionsProcessor); err != nil {
 		return nil, err
 	}
+	// At the moment all we need is to capture .Size for preprocessor
+	options.Size = opts.size || optionsProcessor["size"]
 
 	return options, nil
 }

cli/command/container/prune.go

@@ -5,7 +5,7 @@ import (
 
 	"golang.org/x/net/context"
 
-	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/cli"
 	"github.com/docker/docker/cli/command"
 	units "github.com/docker/go-units"
@@ -52,7 +52,7 @@ func runPrune(dockerCli *command.DockerCli, opts pruneOptions) (spaceReclaimed u
 		return
 	}
 
-	report, err := dockerCli.Client().ContainersPrune(context.Background(), types.ContainersPruneConfig{})
+	report, err := dockerCli.Client().ContainersPrune(context.Background(), filters.Args{})
 	if err != nil {
 		return
 	}

cli/command/container/ps_test.go

@@ -46,6 +46,57 @@ func TestBuildContainerListOptions(t *testing.T) {
 			expectedLimit:   1,
 			expectedFilters: make(map[string]string),
 		},
+		{
+			psOpts: &psOptions{
+				all:    true,
+				size:   false,
+				last:   5,
+				filter: filters,
+				// With .Size, size should be true
+				format: "{{.Size}}",
+			},
+			expectedAll:   true,
+			expectedSize:  true,
+			expectedLimit: 5,
+			expectedFilters: map[string]string{
+				"foo": "bar",
+				"baz": "foo",
+			},
+		},
+		{
+			psOpts: &psOptions{
+				all:    true,
+				size:   false,
+				last:   5,
+				filter: filters,
+				// With .Size, size should be true
+				format: "{{.Size}} {{.CreatedAt}} {{.Networks}}",
+			},
+			expectedAll:   true,
+			expectedSize:  true,
+			expectedLimit: 5,
+			expectedFilters: map[string]string{
+				"foo": "bar",
+				"baz": "foo",
+			},
+		},
+		{
+			psOpts: &psOptions{
+				all:    true,
+				size:   false,
+				last:   5,
+				filter: filters,
+				// Without .Size, size should be false
+				format: "{{.CreatedAt}} {{.Networks}}",
+			},
+			expectedAll:   true,
+			expectedSize:  false,
+			expectedLimit: 5,
+			expectedFilters: map[string]string{
+				"foo": "bar",
+				"baz": "foo",
+			},
+		},
 	}
 
 	for _, c := range contexts {

cli/command/container/run.go

@@ -211,7 +211,7 @@ func runRun(dockerCli *command.DockerCli, flags *pflag.FlagSet, opts *runOptions
 		})
 	}
 
-	statusChan := waitExitOrRemoved(dockerCli, ctx, createResponse.ID, hostConfig.AutoRemove)
+	statusChan := waitExitOrRemoved(ctx, dockerCli, createResponse.ID, hostConfig.AutoRemove)
 
 	//start the container
 	if err := client.ContainerStart(ctx, createResponse.ID, types.ContainerStartOptions{}); err != nil {

cli/command/container/start.go

@@ -111,7 +111,7 @@ func runStart(dockerCli *command.DockerCli, opts *startOptions) error {
 
 		// 3. We should open a channel for receiving status code of the container
 		// no matter it's detached, removed on daemon side(--rm) or exit normally.
-		statusChan := waitExitOrRemoved(dockerCli, ctx, c.ID, c.HostConfig.AutoRemove)
+		statusChan := waitExitOrRemoved(ctx, dockerCli, c.ID, c.HostConfig.AutoRemove)
 		startOptions := types.ContainerStartOptions{
 			CheckpointID:  opts.checkpoint,
 			CheckpointDir: opts.checkpointDir,

cli/command/container/stats.go

@@ -108,7 +108,7 @@ func runStats(dockerCli *command.DockerCli, opts *statsOptions) error {
 			s := formatter.NewContainerStats(container.ID[:12], daemonOSType)
 			if cStats.add(s) {
 				waitFirst.Add(1)
-				go collect(s, ctx, dockerCli.Client(), !opts.noStream, waitFirst)
+				go collect(ctx, s, dockerCli.Client(), !opts.noStream, waitFirst)
 			}
 		}
 	}
@@ -125,7 +125,7 @@ func runStats(dockerCli *command.DockerCli, opts *statsOptions) error {
 				s := formatter.NewContainerStats(e.ID[:12], daemonOSType)
 				if cStats.add(s) {
 					waitFirst.Add(1)
-					go collect(s, ctx, dockerCli.Client(), !opts.noStream, waitFirst)
+					go collect(ctx, s, dockerCli.Client(), !opts.noStream, waitFirst)
 				}
 			}
 		})
@@ -134,7 +134,7 @@ func runStats(dockerCli *command.DockerCli, opts *statsOptions) error {
 			s := formatter.NewContainerStats(e.ID[:12], daemonOSType)
 			if cStats.add(s) {
 				waitFirst.Add(1)
-				go collect(s, ctx, dockerCli.Client(), !opts.noStream, waitFirst)
+				go collect(ctx, s, dockerCli.Client(), !opts.noStream, waitFirst)
 			}
 		})
 
@@ -160,7 +160,7 @@ func runStats(dockerCli *command.DockerCli, opts *statsOptions) error {
 			s := formatter.NewContainerStats(name, daemonOSType)
 			if cStats.add(s) {
 				waitFirst.Add(1)
-				go collect(s, ctx, dockerCli.Client(), !opts.noStream, waitFirst)
+				go collect(ctx, s, dockerCli.Client(), !opts.noStream, waitFirst)
 			}
 		}
 

cli/command/container/stats_helpers.go

@@ -53,7 +53,7 @@ func (s *stats) isKnownContainer(cid string) (int, bool) {
 	return -1, false
 }
 
-func collect(s *formatter.ContainerStats, ctx context.Context, cli client.APIClient, streamStats bool, waitFirst *sync.WaitGroup) {
+func collect(ctx context.Context, s *formatter.ContainerStats, cli client.APIClient, streamStats bool, waitFirst *sync.WaitGroup) {
 	logrus.Debugf("collecting stats for %s", s.Container)
 	var (
 		getFirst       bool

cli/command/container/utils.go

@@ -9,21 +9,32 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/versions"
 	"github.com/docker/docker/cli/command"
 	clientapi "github.com/docker/docker/client"
 )
 
-func waitExitOrRemoved(dockerCli *command.DockerCli, ctx context.Context, containerID string, waitRemove bool) chan int {
+func waitExitOrRemoved(ctx context.Context, dockerCli *command.DockerCli, containerID string, waitRemove bool) chan int {
 	if len(containerID) == 0 {
 		// containerID can never be empty
 		panic("Internal Error: waitExitOrRemoved needs a containerID as parameter")
 	}
 
+	var removeErr error
 	statusChan := make(chan int)
 	exitCode := 125
 
-	eventProcessor := func(e events.Message) bool {
+	// Get events via Events API
+	f := filters.NewArgs()
+	f.Add("type", "container")
+	f.Add("container", containerID)
+	options := types.EventsOptions{
+		Filters: f,
+	}
+	eventCtx, cancel := context.WithCancel(ctx)
+	eventq, errq := dockerCli.Client().Events(eventCtx, options)
 
+	eventProcessor := func(e events.Message) bool {
 		stopProcessing := false
 		switch e.Status {
 		case "die":
@@ -37,6 +48,18 @@ func waitExitOrRemoved(dockerCli *command.DockerCli, ctx context.Context, contai
 			}
 			if !waitRemove {
 				stopProcessing = true
+			} else {
+				// If we are talking to an older daemon, `AutoRemove` is not supported.
+				// We need to fall back to the old behavior, which is client-side removal
+				if versions.LessThan(dockerCli.Client().ClientVersion(), "1.25") {
+					go func() {
+						removeErr = dockerCli.Client().ContainerRemove(ctx, containerID, types.ContainerRemoveOptions{RemoveVolumes: true})
+						if removeErr != nil {
+							logrus.Errorf("error removing container: %v", removeErr)
+							cancel() // cancel the event Q
+						}
+					}()
+				}
 			}
 		case "detach":
 			exitCode = 0
@@ -44,39 +67,27 @@ func waitExitOrRemoved(dockerCli *command.DockerCli, ctx context.Context, contai
 		case "destroy":
 			stopProcessing = true
 		}
-
-		if stopProcessing {
-			statusChan <- exitCode
-			return true
-		}
-
-		return false
+		return stopProcessing
 	}
 
-	// Get events via Events API
-	f := filters.NewArgs()
-	f.Add("type", "container")
-	f.Add("container", containerID)
-	options := types.EventsOptions{
-		Filters: f,
-	}
-
-	eventCtx, cancel := context.WithCancel(ctx)
-	eventq, errq := dockerCli.Client().Events(eventCtx, options)
-
 	go func() {
-		defer cancel()
+		defer func() {
+			statusChan <- exitCode // must always send an exit code or the caller will block
+			cancel()
+		}()
 
 		for {
 			select {
+			case <-eventCtx.Done():
+				if removeErr != nil {
+					return
+				}
 			case evt := <-eventq:
 				if eventProcessor(evt) {
 					return
 				}
-
 			case err := <-errq:
 				logrus.Errorf("error getting events from daemon: %v", err)
-				statusChan <- exitCode
 				return
 			}
 		}
@@ -87,11 +98,11 @@ func waitExitOrRemoved(dockerCli *command.DockerCli, ctx context.Context, contai
 
 // getExitCode performs an inspect on the container. It returns
 // the running state and the exit code.
-func getExitCode(dockerCli *command.DockerCli, ctx context.Context, containerID string) (bool, int, error) {
+func getExitCode(ctx context.Context, dockerCli *command.DockerCli, containerID string) (bool, int, error) {
 	c, err := dockerCli.Client().ContainerInspect(ctx, containerID)
 	if err != nil {
 		// If we can't connect, then the daemon probably died.
-		if err != clientapi.ErrConnectionFailed {
+		if !clientapi.IsErrConnectionFailed(err) {
 			return false, -1, err
 		}
 		return false, -1, nil

cli/command/formatter/container_test.go

@@ -370,3 +370,29 @@ func TestContainerContextWriteJSONField(t *testing.T) {
 		assert.Equal(t, s, containers[i].ID)
 	}
 }
+
+func TestContainerBackCompat(t *testing.T) {
+	containers := []types.Container{{ID: "brewhaha"}}
+	cases := []string{
+		"ID",
+		"Names",
+		"Image",
+		"Command",
+		"CreatedAt",
+		"RunningFor",
+		"Ports",
+		"Status",
+		"Size",
+		"Labels",
+		"Mounts",
+	}
+	buf := bytes.NewBuffer(nil)
+	for _, c := range cases {
+		ctx := Context{Format: Format(fmt.Sprintf("{{ .%s }}", c)), Output: buf}
+		if err := ContainerWrite(ctx, containers); err != nil {
+			t.Logf("could not render template for field '%s': %v", c, err)
+			t.Fail()
+		}
+		buf.Reset()
+	}
+}

cli/command/formatter/service.go

@@ -263,6 +263,9 @@ func (ctx *serviceInspectContext) HasResources() bool {
 }
 
 func (ctx *serviceInspectContext) HasResourceReservations() bool {
+	if ctx.Service.Spec.TaskTemplate.Resources == nil || ctx.Service.Spec.TaskTemplate.Resources.Reservations == nil {
+		return false
+	}
 	return ctx.Service.Spec.TaskTemplate.Resources.Reservations.NanoCPUs > 0 || ctx.Service.Spec.TaskTemplate.Resources.Reservations.MemoryBytes > 0
 }
 
@@ -281,6 +284,9 @@ func (ctx *serviceInspectContext) ResourceReservationMemory() string {
 }
 
 func (ctx *serviceInspectContext) HasResourceLimits() bool {
+	if ctx.Service.Spec.TaskTemplate.Resources == nil || ctx.Service.Spec.TaskTemplate.Resources.Limits == nil {
+		return false
+	}
 	return ctx.Service.Spec.TaskTemplate.Resources.Limits.NanoCPUs > 0 || ctx.Service.Spec.TaskTemplate.Resources.Limits.MemoryBytes > 0
 }
 

cli/command/image/build.go

@@ -67,7 +67,7 @@ func NewBuildCommand(dockerCli *command.DockerCli) *cobra.Command {
 	ulimits := make(map[string]*units.Ulimit)
 	options := buildOptions{
 		tags:      opts.NewListOpts(validateTag),
-		buildArgs: opts.NewListOpts(runconfigopts.ValidateArg),
+		buildArgs: opts.NewListOpts(runconfigopts.ValidateEnv),
 		ulimits:   runconfigopts.NewUlimitOpt(&ulimits),
 		labels:    opts.NewListOpts(runconfigopts.ValidateEnv),
 	}
@@ -107,7 +107,7 @@ func NewBuildCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags.StringSliceVar(&options.cacheFrom, "cache-from", []string{}, "Images to consider as cache sources")
 	flags.BoolVar(&options.compress, "compress", false, "Compress the build context using gzip")
 	flags.StringSliceVar(&options.securityOpt, "security-opt", []string{}, "Security options")
-	flags.StringVar(&options.networkMode, "network", "default", "Connect a container to a network")
+	flags.StringVar(&options.networkMode, "network", "default", "Set the networking mode for the RUN instructions during build")
 
 	command.AddTrustedFlags(flags, true)
 
@@ -235,7 +235,7 @@ func runBuild(dockerCli *command.DockerCli, options buildOptions) error {
 	var resolvedTags []*resolvedTag
 	if command.IsTrusted() {
 		translator := func(ctx context.Context, ref reference.NamedTagged) (reference.Canonical, error) {
-			return TrustedReference(ctx, dockerCli, ref)
+			return TrustedReference(ctx, dockerCli, ref, nil)
 		}
 		// Wrap the tar archive to replace the Dockerfile entry with the rewritten
 		// Dockerfile which uses trusted pulls.
@@ -280,7 +280,7 @@ func runBuild(dockerCli *command.DockerCli, options buildOptions) error {
 		}
 	}
 
-	authConfig, _ := dockerCli.CredentialsStore().GetAll()
+	authConfigs, _ := dockerCli.GetAllCredentials()
 	buildOptions := types.ImageBuildOptions{
 		Memory:         memory,
 		MemorySwap:     memorySwap,
@@ -300,8 +300,8 @@ func runBuild(dockerCli *command.DockerCli, options buildOptions) error {
 		Dockerfile:     relDockerfile,
 		ShmSize:        shmSize,
 		Ulimits:        options.ulimits.GetList(),
-		BuildArgs:      runconfigopts.ConvertKVStringsToMap(options.buildArgs.GetAll()),
-		AuthConfigs:    authConfig,
+		BuildArgs:      runconfigopts.ConvertKVStringsToMapWithNil(options.buildArgs.GetAll()),
+		AuthConfigs:    authConfigs,
 		Labels:         runconfigopts.ConvertKVStringsToMap(options.labels.GetAll()),
 		CacheFrom:      options.cacheFrom,
 		SecurityOpt:    options.securityOpt,

cli/command/image/cmd.go

@@ -13,10 +13,7 @@ func NewImageCommand(dockerCli *command.DockerCli) *cobra.Command {
 		Use:   "image",
 		Short: "Manage images",
 		Args:  cli.NoArgs,
-		Run: func(cmd *cobra.Command, args []string) {
-			cmd.SetOutput(dockerCli.Err())
-			cmd.HelpFunc()(cmd, args)
-		},
+		RunE:  dockerCli.ShowHelp,
 	}
 	cmd.AddCommand(
 		NewBuildCommand(dockerCli),

cli/command/image/load.go

@@ -3,13 +3,13 @@ package image
 import (
 	"fmt"
 	"io"
-	"os"
 
 	"golang.org/x/net/context"
 
 	"github.com/docker/docker/cli"
 	"github.com/docker/docker/cli/command"
 	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/pkg/system"
 	"github.com/spf13/cobra"
 )
 
@@ -43,7 +43,9 @@ func runLoad(dockerCli *command.DockerCli, opts loadOptions) error {
 
 	var input io.Reader = dockerCli.In()
 	if opts.input != "" {
-		file, err := os.Open(opts.input)
+		// We use system.OpenSequential to use sequential file access on Windows, avoiding
+		// depleting the standby list un-necessarily. On Linux, this equates to a regular os.Open.
+		file, err := system.OpenSequential(opts.input)
 		if err != nil {
 			return err
 		}

cli/command/image/prune.go

@@ -5,7 +5,7 @@ import (
 
 	"golang.org/x/net/context"
 
-	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/cli"
 	"github.com/docker/docker/cli/command"
 	units "github.com/docker/go-units"
@@ -54,6 +54,9 @@ Are you sure you want to continue?`
 )
 
 func runPrune(dockerCli *command.DockerCli, opts pruneOptions) (spaceReclaimed uint64, output string, err error) {
+	pruneFilters := filters.NewArgs()
+	pruneFilters.Add("dangling", fmt.Sprintf("%v", !opts.all))
+
 	warning := danglingWarning
 	if opts.all {
 		warning = allImageWarning
@@ -62,9 +65,7 @@ func runPrune(dockerCli *command.DockerCli, opts pruneOptions) (spaceReclaimed u
 		return
 	}
 
-	report, err := dockerCli.Client().ImagesPrune(context.Background(), types.ImagesPruneConfig{
-		DanglingOnly: !opts.all,
-	})
+	report, err := dockerCli.Client().ImagesPrune(context.Background(), pruneFilters)
 	if err != nil {
 		return
 	}

cli/command/image/pull.go

@@ -55,16 +55,6 @@ func runPull(dockerCli *command.DockerCli, opts pullOptions) error {
 		fmt.Fprintf(dockerCli.Out(), "Using default tag: %s\n", reference.DefaultTag)
 	}
 
-	var tag string
-	switch x := distributionRef.(type) {
-	case reference.Canonical:
-		tag = x.Digest().String()
-	case reference.NamedTagged:
-		tag = x.Tag()
-	}
-
-	registryRef := registry.ParseReference(tag)
-
 	// Resolve the Repository name from fqn to RepositoryInfo
 	repoInfo, err := registry.ParseRepositoryInfo(distributionRef)
 	if err != nil {
@@ -76,14 +66,15 @@ func runPull(dockerCli *command.DockerCli, opts pullOptions) error {
 	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
 	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, repoInfo.Index, "pull")
 
-	if command.IsTrusted() && !registryRef.HasDigest() {
-		// Check if tag is digest
-		err = trustedPull(ctx, dockerCli, repoInfo, registryRef, authConfig, requestPrivilege)
+	// Check if reference has a digest
+	_, isCanonical := distributionRef.(reference.Canonical)
+	if command.IsTrusted() && !isCanonical {
+		err = trustedPull(ctx, dockerCli, repoInfo, distributionRef, authConfig, requestPrivilege)
 	} else {
 		err = imagePullPrivileged(ctx, dockerCli, authConfig, distributionRef.String(), requestPrivilege, opts.all)
 	}
 	if err != nil {
-		if strings.Contains(err.Error(), "target is a plugin") {
+		if strings.Contains(err.Error(), "target is plugin") {
 			return errors.New(err.Error() + " - Use `docker plugin install`")
 		}
 		return err

cli/command/image/tag.go

@@ -18,8 +18,8 @@ func NewTagCommand(dockerCli *command.DockerCli) *cobra.Command {
 	var opts tagOptions
 
 	cmd := &cobra.Command{
-		Use:   "tag IMAGE[:TAG] IMAGE[:TAG]",
-		Short: "Tag an image into a repository",
+		Use:   "tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]",
+		Short: "Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE",
 		Args:  cli.ExactArgs(2),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.image = args[0]

cli/command/image/trust.go

@@ -6,49 +6,28 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
 	"path"
-	"path/filepath"
 	"sort"
-	"time"
 
 	"golang.org/x/net/context"
 
 	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution/digest"
-	"github.com/docker/distribution/registry/client/auth"
-	"github.com/docker/distribution/registry/client/auth/challenge"
-	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/docker/api/types"
-	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/cli/command"
-	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/cli/trust"
 	"github.com/docker/docker/distribution"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"github.com/docker/go-connections/tlsconfig"
-	"github.com/docker/notary"
 	"github.com/docker/notary/client"
-	"github.com/docker/notary/passphrase"
-	"github.com/docker/notary/storage"
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/trustpinning"
 	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/signed"
-)
-
-var (
-	releasesRole = path.Join(data.CanonicalTargetsRole, "releases")
 )
 
 type target struct {
-	reference registry.Reference
-	digest    digest.Digest
-	size      int64
+	name   string
+	digest digest.Digest
+	size   int64
 }
 
 // trustedPush handles content trust pushing of an image
@@ -60,6 +39,11 @@ func trustedPush(ctx context.Context, cli *command.DockerCli, repoInfo *registry
 
 	defer responseBody.Close()
 
+	return PushTrustedReference(cli, repoInfo, ref, authConfig, responseBody)
+}
+
+// PushTrustedReference pushes a canonical reference to the trust server.
+func PushTrustedReference(cli *command.DockerCli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, in io.Reader) error {
 	// If it is a trusted push we would like to find the target entry which match the
 	// tag provided in the function and then do an AddTarget later.
 	target := &client.Target{}
@@ -81,7 +65,7 @@ func trustedPush(ctx context.Context, cli *command.DockerCli, repoInfo *registry
 				target = nil
 				return
 			}
-			target.Name = registry.ParseReference(pushResult.Tag).String()
+			target.Name = pushResult.Tag
 			target.Hashes = data.Hashes{string(pushResult.Digest.Algorithm()): h}
 			target.Length = int64(pushResult.Size)
 		}
@@ -93,19 +77,17 @@ func trustedPush(ctx context.Context, cli *command.DockerCli, repoInfo *registry
 		return errors.New("cannot push a digest reference")
 	case reference.NamedTagged:
 		tag = x.Tag()
-	}
-
-	// We want trust signatures to always take an explicit tag,
-	// otherwise it will act as an untrusted push.
-	if tag == "" {
-		if err = jsonmessage.DisplayJSONMessagesToStream(responseBody, cli.Out(), nil); err != nil {
+	default:
+		// We want trust signatures to always take an explicit tag,
+		// otherwise it will act as an untrusted push.
+		if err := jsonmessage.DisplayJSONMessagesToStream(in, cli.Out(), nil); err != nil {
 			return err
 		}
 		fmt.Fprintln(cli.Out(), "No tag specified, skipping trust metadata push")
 		return nil
 	}
 
-	if err = jsonmessage.DisplayJSONMessagesToStream(responseBody, cli.Out(), handleTarget); err != nil {
+	if err := jsonmessage.DisplayJSONMessagesToStream(in, cli.Out(), handleTarget); err != nil {
 		return err
 	}
 
@@ -120,7 +102,7 @@ func trustedPush(ctx context.Context, cli *command.DockerCli, repoInfo *registry
 
 	fmt.Fprintln(cli.Out(), "Signing and pushing trust metadata")
 
-	repo, err := GetNotaryRepository(cli, repoInfo, authConfig, "push", "pull")
+	repo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "push", "pull")
 	if err != nil {
 		fmt.Fprintf(cli.Out(), "Error establishing connection to notary repository: %s\n", err)
 		return err
@@ -147,7 +129,7 @@ func trustedPush(ctx context.Context, cli *command.DockerCli, repoInfo *registry
 
 		// Initialize the notary repository with a remotely managed snapshot key
 		if err := repo.Initialize([]string{rootKeyID}, data.CanonicalSnapshotRole); err != nil {
-			return notaryError(repoInfo.FullName(), err)
+			return trust.NotaryError(repoInfo.FullName(), err)
 		}
 		fmt.Fprintf(cli.Out(), "Finished initializing %q\n", repoInfo.FullName())
 		err = repo.AddTarget(target, data.CanonicalTargetsRole)
@@ -155,7 +137,7 @@ func trustedPush(ctx context.Context, cli *command.DockerCli, repoInfo *registry
 		// already initialized and we have successfully downloaded the latest metadata
 		err = addTargetToAllSignableRoles(repo, target)
 	default:
-		return notaryError(repoInfo.FullName(), err)
+		return trust.NotaryError(repoInfo.FullName(), err)
 	}
 
 	if err == nil {
@@ -164,7 +146,7 @@ func trustedPush(ctx context.Context, cli *command.DockerCli, repoInfo *registry
 
 	if err != nil {
 		fmt.Fprintf(cli.Out(), "Failed to sign %q:%s - %s\n", repoInfo.FullName(), tag, err.Error())
-		return notaryError(repoInfo.FullName(), err)
+		return trust.NotaryError(repoInfo.FullName(), err)
 	}
 
 	fmt.Fprintf(cli.Out(), "Successfully signed %q:%s\n", repoInfo.FullName(), tag)
@@ -234,20 +216,20 @@ func imagePushPrivileged(ctx context.Context, cli *command.DockerCli, authConfig
 }
 
 // trustedPull handles content trust pulling of an image
-func trustedPull(ctx context.Context, cli *command.DockerCli, repoInfo *registry.RepositoryInfo, ref registry.Reference, authConfig types.AuthConfig, requestPrivilege types.RequestPrivilegeFunc) error {
+func trustedPull(ctx context.Context, cli *command.DockerCli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, requestPrivilege types.RequestPrivilegeFunc) error {
 	var refs []target
 
-	notaryRepo, err := GetNotaryRepository(cli, repoInfo, authConfig, "pull")
+	notaryRepo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "pull")
 	if err != nil {
 		fmt.Fprintf(cli.Out(), "Error establishing connection to trust repository: %s\n", err)
 		return err
 	}
 
-	if ref.String() == "" {
+	if tagged, isTagged := ref.(reference.NamedTagged); !isTagged {
 		// List all targets
-		targets, err := notaryRepo.ListTargets(releasesRole, data.CanonicalTargetsRole)
+		targets, err := notaryRepo.ListTargets(trust.ReleasesRole, data.CanonicalTargetsRole)
 		if err != nil {
-			return notaryError(repoInfo.FullName(), err)
+			return trust.NotaryError(repoInfo.FullName(), err)
 		}
 		for _, tgt := range targets {
 			t, err := convertTarget(tgt.Target)
@@ -257,23 +239,23 @@ func trustedPull(ctx context.Context, cli *command.DockerCli, repoInfo *registry
 			}
 			// Only list tags in the top level targets role or the releases delegation role - ignore
 			// all other delegation roles
-			if tgt.Role != releasesRole && tgt.Role != data.CanonicalTargetsRole {
+			if tgt.Role != trust.ReleasesRole && tgt.Role != data.CanonicalTargetsRole {
 				continue
 			}
 			refs = append(refs, t)
 		}
 		if len(refs) == 0 {
-			return notaryError(repoInfo.FullName(), fmt.Errorf("No trusted tags for %s", repoInfo.FullName()))
+			return trust.NotaryError(repoInfo.FullName(), fmt.Errorf("No trusted tags for %s", repoInfo.FullName()))
 		}
 	} else {
-		t, err := notaryRepo.GetTargetByName(ref.String(), releasesRole, data.CanonicalTargetsRole)
+		t, err := notaryRepo.GetTargetByName(tagged.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
 		if err != nil {
-			return notaryError(repoInfo.FullName(), err)
+			return trust.NotaryError(repoInfo.FullName(), err)
 		}
 		// Only get the tag if it's in the top level targets role or the releases delegation role
 		// ignore it if it's in any other delegation roles
-		if t.Role != releasesRole && t.Role != data.CanonicalTargetsRole {
-			return notaryError(repoInfo.FullName(), fmt.Errorf("No trust data for %s", ref.String()))
+		if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
+			return trust.NotaryError(repoInfo.FullName(), fmt.Errorf("No trust data for %s", tagged.Tag()))
 		}
 
 		logrus.Debugf("retrieving target for %s role\n", t.Role)
@@ -286,7 +268,7 @@ func trustedPull(ctx context.Context, cli *command.DockerCli, repoInfo *registry
 	}
 
 	for i, r := range refs {
-		displayTag := r.reference.String()
+		displayTag := r.name
 		if displayTag != "" {
 			displayTag = ":" + displayTag
 		}
@@ -300,19 +282,16 @@ func trustedPull(ctx context.Context, cli *command.DockerCli, repoInfo *registry
 			return err
 		}
 
-		// If reference is not trusted, tag by trusted reference
-		if !r.reference.HasDigest() {
-			tagged, err := reference.WithTag(repoInfo, r.reference.String())
-			if err != nil {
-				return err
-			}
-			trustedRef, err := reference.WithDigest(reference.TrimNamed(repoInfo), r.digest)
-			if err != nil {
-				return err
-			}
-			if err := TagTrusted(ctx, cli, trustedRef, tagged); err != nil {
-				return err
-			}
+		tagged, err := reference.WithTag(repoInfo, r.name)
+		if err != nil {
+			return err
+		}
+		trustedRef, err := reference.WithDigest(reference.TrimNamed(repoInfo), r.digest)
+		if err != nil {
+			return err
+		}
+		if err := TagTrusted(ctx, cli, trustedRef, tagged); err != nil {
+			return err
 		}
 	}
 	return nil
@@ -340,162 +319,17 @@ func imagePullPrivileged(ctx context.Context, cli *command.DockerCli, authConfig
 	return jsonmessage.DisplayJSONMessagesToStream(responseBody, cli.Out(), nil)
 }
 
-func trustDirectory() string {
-	return filepath.Join(cliconfig.ConfigDir(), "trust")
-}
-
-// certificateDirectory returns the directory containing
-// TLS certificates for the given server. An error is
-// returned if there was an error parsing the server string.
-func certificateDirectory(server string) (string, error) {
-	u, err := url.Parse(server)
-	if err != nil {
-		return "", err
-	}
-
-	return filepath.Join(cliconfig.ConfigDir(), "tls", u.Host), nil
-}
-
-func trustServer(index *registrytypes.IndexInfo) (string, error) {
-	if s := os.Getenv("DOCKER_CONTENT_TRUST_SERVER"); s != "" {
-		urlObj, err := url.Parse(s)
-		if err != nil || urlObj.Scheme != "https" {
-			return "", fmt.Errorf("valid https URL required for trust server, got %s", s)
-		}
-
-		return s, nil
-	}
-	if index.Official {
-		return registry.NotaryServer, nil
-	}
-	return "https://" + index.Name, nil
-}
-
-type simpleCredentialStore struct {
-	auth types.AuthConfig
-}
-
-func (scs simpleCredentialStore) Basic(u *url.URL) (string, string) {
-	return scs.auth.Username, scs.auth.Password
-}
-
-func (scs simpleCredentialStore) RefreshToken(u *url.URL, service string) string {
-	return scs.auth.IdentityToken
-}
-
-func (scs simpleCredentialStore) SetRefreshToken(*url.URL, string, string) {
-}
-
-// GetNotaryRepository returns a NotaryRepository which stores all the
-// information needed to operate on a notary repository.
-// It creates an HTTP transport providing authentication support.
-// TODO: move this too
-func GetNotaryRepository(streams command.Streams, repoInfo *registry.RepositoryInfo, authConfig types.AuthConfig, actions ...string) (*client.NotaryRepository, error) {
-	server, err := trustServer(repoInfo.Index)
-	if err != nil {
-		return nil, err
-	}
-
-	var cfg = tlsconfig.ClientDefault()
-	cfg.InsecureSkipVerify = !repoInfo.Index.Secure
-
-	// Get certificate base directory
-	certDir, err := certificateDirectory(server)
-	if err != nil {
-		return nil, err
-	}
-	logrus.Debugf("reading certificate directory: %s", certDir)
-
-	if err := registry.ReadCertsDirectory(cfg, certDir); err != nil {
-		return nil, err
-	}
-
-	base := &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		Dial: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-			DualStack: true,
-		}).Dial,
-		TLSHandshakeTimeout: 10 * time.Second,
-		TLSClientConfig:     cfg,
-		DisableKeepAlives:   true,
-	}
-
-	// Skip configuration headers since request is not going to Docker daemon
-	modifiers := registry.DockerHeaders(command.UserAgent(), http.Header{})
-	authTransport := transport.NewTransport(base, modifiers...)
-	pingClient := &http.Client{
-		Transport: authTransport,
-		Timeout:   5 * time.Second,
-	}
-	endpointStr := server + "/v2/"
-	req, err := http.NewRequest("GET", endpointStr, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	challengeManager := challenge.NewSimpleManager()
-
-	resp, err := pingClient.Do(req)
-	if err != nil {
-		// Ignore error on ping to operate in offline mode
-		logrus.Debugf("Error pinging notary server %q: %s", endpointStr, err)
-	} else {
-		defer resp.Body.Close()
-
-		// Add response to the challenge manager to parse out
-		// authentication header and register authentication method
-		if err := challengeManager.AddResponse(resp); err != nil {
-			return nil, err
-		}
-	}
-
-	creds := simpleCredentialStore{auth: authConfig}
-	tokenHandler := auth.NewTokenHandler(authTransport, creds, repoInfo.FullName(), actions...)
-	basicHandler := auth.NewBasicHandler(creds)
-	modifiers = append(modifiers, transport.RequestModifier(auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler)))
-	tr := transport.NewTransport(base, modifiers...)
-
-	return client.NewNotaryRepository(
-		trustDirectory(),
-		repoInfo.FullName(),
-		server,
-		tr,
-		getPassphraseRetriever(streams),
-		trustpinning.TrustPinConfig{})
-}
-
-func getPassphraseRetriever(streams command.Streams) notary.PassRetriever {
-	aliasMap := map[string]string{
-		"root":     "root",
-		"snapshot": "repository",
-		"targets":  "repository",
-		"default":  "repository",
-	}
-	baseRetriever := passphrase.PromptRetrieverWithInOut(streams.In(), streams.Out(), aliasMap)
-	env := map[string]string{
-		"root":     os.Getenv("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE"),
-		"snapshot": os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"),
-		"targets":  os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"),
-		"default":  os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"),
-	}
-
-	return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) {
-		if v := env[alias]; v != "" {
-			return v, numAttempts > 1, nil
-		}
-		// For non-root roles, we can also try the "default" alias if it is specified
-		if v := env["default"]; v != "" && alias != data.CanonicalRootRole {
-			return v, numAttempts > 1, nil
-		}
-		return baseRetriever(keyName, alias, createNew, numAttempts)
-	}
-}
-
 // TrustedReference returns the canonical trusted reference for an image reference
-func TrustedReference(ctx context.Context, cli *command.DockerCli, ref reference.NamedTagged) (reference.Canonical, error) {
-	repoInfo, err := registry.ParseRepositoryInfo(ref)
+func TrustedReference(ctx context.Context, cli *command.DockerCli, ref reference.NamedTagged, rs registry.Service) (reference.Canonical, error) {
+	var (
+		repoInfo *registry.RepositoryInfo
+		err      error
+	)
+	if rs != nil {
+		repoInfo, err = rs.ResolveRepository(ref)
+	} else {
+		repoInfo, err = registry.ParseRepositoryInfo(ref)
+	}
 	if err != nil {
 		return nil, err
 	}
@@ -503,20 +337,20 @@ func TrustedReference(ctx context.Context, cli *command.DockerCli, ref reference
 	// Resolve the Auth config relevant for this server
 	authConfig := command.ResolveAuthConfig(ctx, cli, repoInfo.Index)
 
-	notaryRepo, err := GetNotaryRepository(cli, repoInfo, authConfig, "pull")
+	notaryRepo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "pull")
 	if err != nil {
 		fmt.Fprintf(cli.Out(), "Error establishing connection to trust repository: %s\n", err)
 		return nil, err
 	}
 
-	t, err := notaryRepo.GetTargetByName(ref.Tag(), releasesRole, data.CanonicalTargetsRole)
+	t, err := notaryRepo.GetTargetByName(ref.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
 	if err != nil {
-		return nil, err
+		return nil, trust.NotaryError(repoInfo.FullName(), err)
 	}
 	// Only list tags in the top level targets role or the releases delegation role - ignore
 	// all other delegation roles
-	if t.Role != releasesRole && t.Role != data.CanonicalTargetsRole {
-		return nil, notaryError(repoInfo.FullName(), fmt.Errorf("No trust data for %s", ref.Tag()))
+	if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
+		return nil, trust.NotaryError(repoInfo.FullName(), fmt.Errorf("No trust data for %s", ref.Tag()))
 	}
 	r, err := convertTarget(t.Target)
 	if err != nil {
@@ -533,9 +367,9 @@ func convertTarget(t client.Target) (target, error) {
 		return target{}, errors.New("no valid hash, expecting sha256")
 	}
 	return target{
-		reference: registry.ParseReference(t.Name),
-		digest:    digest.NewDigestFromHex("sha256", hex.EncodeToString(h)),
-		size:      t.Length,
+		name:   t.Name,
+		digest: digest.NewDigestFromHex("sha256", hex.EncodeToString(h)),
+		size:   t.Length,
 	}, nil
 }
 
@@ -545,34 +379,3 @@ func TagTrusted(ctx context.Context, cli *command.DockerCli, trustedRef referenc
 
 	return cli.Client().ImageTag(ctx, trustedRef.String(), ref.String())
 }
-
-// notaryError formats an error message received from the notary service
-func notaryError(repoName string, err error) error {
-	switch err.(type) {
-	case *json.SyntaxError:
-		logrus.Debugf("Notary syntax error: %s", err)
-		return fmt.Errorf("Error: no trust data available for remote repository %s. Try running notary server and setting DOCKER_CONTENT_TRUST_SERVER to its HTTPS address?", repoName)
-	case signed.ErrExpired:
-		return fmt.Errorf("Error: remote repository %s out-of-date: %v", repoName, err)
-	case trustmanager.ErrKeyNotFound:
-		return fmt.Errorf("Error: signing keys for remote repository %s not found: %v", repoName, err)
-	case storage.NetworkError:
-		return fmt.Errorf("Error: error contacting notary server: %v", err)
-	case storage.ErrMetaNotFound:
-		return fmt.Errorf("Error: trust data missing for remote repository %s or remote repository not found: %v", repoName, err)
-	case trustpinning.ErrRootRotationFail, trustpinning.ErrValidationFail, signed.ErrInvalidKeyType:
-		return fmt.Errorf("Warning: potential malicious behavior - trust data mismatch for remote repository %s: %v", repoName, err)
-	case signed.ErrNoKeys:
-		return fmt.Errorf("Error: could not find signing keys for remote repository %s, or could not decrypt signing key: %v", repoName, err)
-	case signed.ErrLowVersion:
-		return fmt.Errorf("Warning: potential malicious behavior - trust data version is lower than expected for remote repository %s: %v", repoName, err)
-	case signed.ErrRoleThreshold:
-		return fmt.Errorf("Warning: potential malicious behavior - trust data has insufficient signatures for remote repository %s: %v", repoName, err)
-	case client.ErrRepositoryNotExist:
-		return fmt.Errorf("Error: remote trust data does not exist for %s: %v", repoName, err)
-	case signed.ErrInsufficientSignatures:
-		return fmt.Errorf("Error: could not produce valid signature for %s.  If Yubikey was used, was touch input provided?: %v", repoName, err)
-	}
-
-	return err
-}

cli/command/image/trust_test.go

@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/cli/trust"
 	"github.com/docker/docker/registry"
 )
 
@@ -19,7 +20,7 @@ func TestENVTrustServer(t *testing.T) {
 	if err := os.Setenv("DOCKER_CONTENT_TRUST_SERVER", "https://notary-test.com:5000"); err != nil {
 		t.Fatal("Failed to set ENV variable")
 	}
-	output, err := trustServer(indexInfo)
+	output, err := trust.Server(indexInfo)
 	expectedStr := "https://notary-test.com:5000"
 	if err != nil || output != expectedStr {
 		t.Fatalf("Expected server to be %s, got %s", expectedStr, output)
@@ -32,7 +33,7 @@ func TestHTTPENVTrustServer(t *testing.T) {
 	if err := os.Setenv("DOCKER_CONTENT_TRUST_SERVER", "http://notary-test.com:5000"); err != nil {
 		t.Fatal("Failed to set ENV variable")
 	}
-	_, err := trustServer(indexInfo)
+	_, err := trust.Server(indexInfo)
 	if err == nil {
 		t.Fatal("Expected error with invalid scheme")
 	}
@@ -40,7 +41,7 @@ func TestHTTPENVTrustServer(t *testing.T) {
 
 func TestOfficialTrustServer(t *testing.T) {
 	indexInfo := &registrytypes.IndexInfo{Name: "testserver", Official: true}
-	output, err := trustServer(indexInfo)
+	output, err := trust.Server(indexInfo)
 	if err != nil || output != registry.NotaryServer {
 		t.Fatalf("Expected server to be %s, got %s", registry.NotaryServer, output)
 	}
@@ -48,7 +49,7 @@ func TestOfficialTrustServer(t *testing.T) {
 
 func TestNonOfficialTrustServer(t *testing.T) {
 	indexInfo := &registrytypes.IndexInfo{Name: "testserver", Official: false}
-	output, err := trustServer(indexInfo)
+	output, err := trust.Server(indexInfo)
 	expectedStr := "https://" + indexInfo.Name
 	if err != nil || output != expectedStr {
 		t.Fatalf("Expected server to be %s, got %s", expectedStr, output)

cli/command/network/cmd.go

@@ -13,10 +13,7 @@ func NewNetworkCommand(dockerCli *command.DockerCli) *cobra.Command {
 		Use:   "network",
 		Short: "Manage networks",
 		Args:  cli.NoArgs,
-		Run: func(cmd *cobra.Command, args []string) {
-			cmd.SetOutput(dockerCli.Err())
-			cmd.HelpFunc()(cmd, args)
-		},
+		RunE:  dockerCli.ShowHelp,
 	}
 	cmd.AddCommand(
 		newConnectCommand(dockerCli),

cli/command/network/list.go

@@ -43,7 +43,7 @@ func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display network IDs")
 	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate the output")
 	flags.StringVar(&opts.format, "format", "", "Pretty-print networks using a Go template")
-	flags.VarP(&opts.filter, "filter", "f", "Provide filter values (i.e. 'dangling=true')")
+	flags.VarP(&opts.filter, "filter", "f", "Provide filter values (e.g. 'driver=bridge')")
 
 	return cmd
 }

cli/command/network/prune.go

@@ -5,7 +5,7 @@ import (
 
 	"golang.org/x/net/context"
 
-	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/cli"
 	"github.com/docker/docker/cli/command"
 	"github.com/spf13/cobra"
@@ -50,7 +50,7 @@ func runPrune(dockerCli *command.DockerCli, opts pruneOptions) (output string, e
 		return
 	}
 
-	report, err := dockerCli.Client().NetworksPrune(context.Background(), types.NetworksPruneConfig{})
+	report, err := dockerCli.Client().NetworksPrune(context.Background(), filters.Args{})
 	if err != nil {
 		return
 	}

cli/command/node/cmd.go

@@ -14,10 +14,7 @@ func NewNodeCommand(dockerCli *command.DockerCli) *cobra.Command {
 		Use:   "node",
 		Short: "Manage Swarm nodes",
 		Args:  cli.NoArgs,
-		Run: func(cmd *cobra.Command, args []string) {
-			cmd.SetOutput(dockerCli.Err())
-			cmd.HelpFunc()(cmd, args)
-		},
+		RunE:  dockerCli.ShowHelp,
 	}
 	cmd.AddCommand(
 		newDemoteCommand(dockerCli),

cli/command/node/ps.go

@@ -17,7 +17,6 @@ import (
 
 type psOptions struct {
 	nodeIDs   []string
-	all       bool
 	noResolve bool
 	noTrunc   bool
 	filter    opts.FilterOpt
@@ -44,7 +43,6 @@ func newPsCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate output")
 	flags.BoolVar(&opts.noResolve, "no-resolve", false, "Do not map IDs to Names")
 	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
-	flags.BoolVarP(&opts.all, "all", "a", false, "Show all tasks (default shows tasks that are or will be running)")
 
 	return cmd
 }
@@ -74,11 +72,6 @@ func runPs(dockerCli *command.DockerCli, opts psOptions) error {
 		filter := opts.filter.Value()
 		filter.Add("node", node.ID)
 
-		if !opts.all && !filter.Include("desired-state") {
-			filter.Add("desired-state", string(swarm.TaskStateRunning))
-			filter.Add("desired-state", string(swarm.TaskStateAccepted))
-		}
-
 		nodeTasks, err := client.TaskList(ctx, types.TaskListOptions{Filters: filter})
 		if err != nil {
 			errs = append(errs, err.Error())

cli/command/plugin/cmd.go

@@ -12,10 +12,7 @@ func NewPluginCommand(dockerCli *command.DockerCli) *cobra.Command {
 		Use:   "plugin",
 		Short: "Manage plugins",
 		Args:  cli.NoArgs,
-		Run: func(cmd *cobra.Command, args []string) {
-			cmd.SetOutput(dockerCli.Err())
-			cmd.HelpFunc()(cmd, args)
-		},
+		RunE:  dockerCli.ShowHelp,
 	}
 
 	cmd.AddCommand(