Bump VERSION to v1.12.2

Signed-off-by: Victor Vieux <vieux@docker.com>
Merge pull request #27216 from andrewhsu/add-missing-changelog
2026-01-12 19:21:41 +00:00 · 2016-10-11 05:23:52 +00:00 · 2016-10-10 07:32:00 -07:00 · 2016-10-07 13:10:44 -07:00 · 2016-10-06 21:27:01 +00:00 · 2016-10-06 14:26:27 -07:00
2473 changed files with 284428 additions and 50057 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -19,5 +19,12 @@ Please provide the following information:

 **- How to verify it**

+**- Description for the changelog**
+<!--
+Write a short (one line) summary that describes the changes in this
+pull request for inclusion in the changelog:
+-->
+
+
 **- A picture of a cute animal (not mandatory but encouraged)**

--- a/.gitignore
+++ b/.gitignore
@@ -7,10 +7,13 @@
 *.test
 .*.swp
 .DS_Store
+# a .bashrc may be added to customize the build environment
+.bashrc
 .gopath/
 autogen/
 bundles/
-docker/docker
+cmd/dockerd/dockerd
+cmd/docker/docker
 dockerversion/version_autogen.go
 docs/AWS_S3_BUCKET
 docs/GITCOMMIT
--- a/.mailmap
+++ b/.mailmap
@@ -90,10 +90,12 @@ Sven Dowideit <SvenDowideit@home.org.au>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@fosiki.com>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@docker.com>
 Sven Dowideit <SvenDowideit@home.org.au> <¨SvenDowideit@home.org.au¨>
+Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@home.org.au>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@users.noreply.github.com>
 Sven Dowideit <SvenDowideit@home.org.au> <sven@t440s.home.gateway>
 <alexl@redhat.com> <alexander.larsson@gmail.com>
-Alexandr Morozov <lk4d4math@gmail.com>
+Alexander Morozov <lk4d4@docker.com> <lk4d4math@gmail.com>
+Alexander Morozov <lk4d4@docker.com>
 <git.nivoc@neverbox.com> <kuehnle@online.de>
 O.S. Tezer <ostezer@gmail.com>
 <ostezer@gmail.com> <ostezer@users.noreply.github.com>
@@ -106,7 +108,9 @@ Roberto G. Hashioka <roberto.hashioka@docker.com> <roberto_hashioka@hotmail.com>
 Sridhar Ratnakumar <sridharr@activestate.com>
 Sridhar Ratnakumar <sridharr@activestate.com> <github@srid.name>
 Liang-Chi Hsieh <viirya@gmail.com>
-Aleksa Sarai <cyphar@cyphar.com>
+Aleksa Sarai <asarai@suse.de>
+Aleksa Sarai <asarai@suse.de> <asarai@suse.com>
+Aleksa Sarai <asarai@suse.de> <cyphar@cyphar.com>
 Will Weaver <monkey@buildingbananas.com>
 Timothy Hobbs <timothyhobbs@seznam.cz>
 Nathan LeClaire <nathan.leclaire@docker.com> <nathan.leclaire@gmail.com>
@@ -117,24 +121,27 @@ Nathan LeClaire <nathan.leclaire@docker.com> <nathanleclaire@gmail.com>
 <marc@marc-abramowitz.com> <msabramo@gmail.com>
 Matthew Heon <mheon@redhat.com> <mheon@mheonlaptop.redhat.com>
 <bernat@luffy.cx> <vincent@bernat.im>
+<bernat@luffy.cx> <Vincent.Bernat@exoscale.ch>
 <p@pwaller.net> <peter@scraperwiki.com>
 <andrew.weiss@outlook.com> <andrew.weiss@microsoft.com>
 Francisco Carriedo <fcarriedo@gmail.com>
 <julienbordellier@gmail.com> <git@julienbordellier.com>
 <ahmetb@microsoft.com> <ahmetalpbalkan@gmail.com>
-<lk4d4@docker.com> <lk4d4math@gmail.com>
 <arnaud.porterie@docker.com> <icecrime@gmail.com>
 <baloo@gandi.net> <superbaloo+registrations.github@superbaloo.net>
 Brian Goff <cpuguy83@gmail.com>
 <cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.home>
-<ewindisch@docker.com> <eric@windisch.us>
+<eric@windisch.us> <ewindisch@docker.com>
 <frank.rosquin+github@gmail.com> <frank.rosquin@gmail.com>
 Hollie Teal <hollie@docker.com>
 <hollie@docker.com> <hollie.teal@docker.com>
 <hollie@docker.com> <hollietealok@users.noreply.github.com>
 <huu@prismskylabs.com> <whoshuu@gmail.com>
-Jessica Frazelle <jess@docker.com> Jessie Frazelle <jfrazelle@users.noreply.github.com>
-<jess@docker.com> <jfrazelle@users.noreply.github.com>
+Jessica Frazelle <jess@mesosphere.com>
+Jessica Frazelle <jess@mesosphere.com> <jfrazelle@users.noreply.github.com>
+Jessica Frazelle <jess@mesosphere.com> <acidburn@docker.com>
+Jessica Frazelle <jess@mesosphere.com> <jess@docker.com>
+Jessica Frazelle <jess@mesosphere.com> <princess@docker.com>
 <konrad.wilhelm.kleine@gmail.com> <kwk@users.noreply.github.com>
 <tintypemolly@gmail.com> <tintypemolly@Ohui-MacBook-Pro.local>
 <estesp@linux.vnet.ibm.com> <estesp@gmail.com>
@@ -142,6 +149,8 @@ Jessica Frazelle <jess@docker.com> Jessie Frazelle <jfrazelle@users.noreply.gith
 Thomas LEVEIL <thomasleveil@gmail.com> Thomas LÉVEIL <thomasleveil@users.noreply.github.com>
 <oi@truffles.me.uk> <timruffles@googlemail.com>
 <Vincent.Bernat@exoscale.ch> <bernat@luffy.cx>
+Antonio Murdaca <antonio.murdaca@gmail.com> <amurdaca@redhat.com>
+Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@redhat.com>
 Antonio Murdaca <antonio.murdaca@gmail.com> <me@runcom.ninja>
 Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@linux.com>
 Antonio Murdaca <antonio.murdaca@gmail.com> <runcom@users.noreply.github.com>
@@ -151,8 +160,10 @@ Deshi Xiao <dxiao@redhat.com> <xiaods@gmail.com>
 Doug Davis <dug@us.ibm.com> <duglin@users.noreply.github.com>
 Jacob Atzen <jacob@jacobatzen.dk> <jatzen@gmail.com>
 Jeff Nickoloff <jeff.nickoloff@gmail.com> <jeff@allingeek.com>
-<jess@docker.com> <princess@docker.com>
-John Howard (VM) <John.Howard@microsoft.com> John Howard <jhoward@microsoft.com>
+John Howard (VM) <John.Howard@microsoft.com> <jhowardmsft@users.noreply.github.com>
+John Howard (VM) <John.Howard@microsoft.com>
+John Howard (VM) <John.Howard@microsoft.com> <john.howard@microsoft.com>
+John Howard (VM) <John.Howard@microsoft.com> <jhoward@microsoft.com>
 Madhu Venugopal <madhu@socketplane.io> <madhu@docker.com>
 Mary Anthony <mary.anthony@docker.com> <mary@docker.com>
 Mary Anthony <mary.anthony@docker.com> moxiegirl <mary@docker.com>
@@ -169,3 +180,75 @@ bin liu <liubin0329@users.noreply.github.com> <liubin0329@gmail.com>
 John Howard (VM) <John.Howard@microsoft.com> jhowardmsft <jhoward@microsoft.com>
 Ankush Agarwal <ankushagarwal11@gmail.com> <ankushagarwal@users.noreply.github.com>
 Tangi COLIN <tangicolin@gmail.com> tangicolin <tangicolin@gmail.com>
+Allen Sun <allen.sun@daocloud.io>
+Adrien Gallouët <adrien@gallouet.fr> <angt@users.noreply.github.com>
+<aanm90@gmail.com> <martins@noironetworks.com>
+Anuj Bahuguna <anujbahuguna.dev@gmail.com>
+Anusha Ragunathan <anusha.ragunathan@docker.com> <anusha@docker.com>
+Avi Miller <avi.miller@oracle.com> <avi.miller@gmail.com>
+Brent Salisbury <brent.salisbury@docker.com> <brent@docker.com>
+Chander G <chandergovind@gmail.com>
+Chun Chen <ramichen@tencent.com> <chenchun.feed@gmail.com>
+Ying Li <cyli@twistedmatrix.com>
+Daehyeok Mun <daehyeok@gmail.com> <daehyeok@daehyeok-ui-MacBook-Air.local>
+<dqminh@cloudflare.com> <dqminh89@gmail.com>
+Daniel, Dao Quang Minh <dqminh@cloudflare.com>
+Daniel Nephin <dnephin@docker.com> <dnephin@gmail.com>
+Dave Tucker <dt@docker.com> <dave@dtucker.co.uk>
+Doug Tangren <d.tangren@gmail.com>
+Frederick F. Kautz IV <fkautz@redhat.com> <fkautz@alumni.cmu.edu>
+Ben Golub <ben.golub@dotcloud.com>
+Harold Cooper <hrldcpr@gmail.com>
+hsinko <21551195@zju.edu.cn> <hsinko@users.noreply.github.com>
+Josh Hawn <josh.hawn@docker.com> <jlhawn@berkeley.edu>
+Justin Cormack <justin.cormack@docker.com>
+<justin.cormack@docker.com> <justin.cormack@unikernel.com>
+<justin.cormack@docker.com> <justin@specialbusservice.com>
+Kamil Domański <kamil@domanski.co>
+Lei Jitang <leijitang@huawei.com>
+<leijitang@huawei.com> <leijitang@gmail.com>
+Linus Heckemann <lheckemann@twig-world.com>
+<lheckemann@twig-world.com> <anonymouse2048@gmail.com>
+Lynda O'Leary <lyndaoleary29@gmail.com>
+<lyndaoleary29@gmail.com> <lyndaoleary@hotmail.com>
+Marianna Tessel <mtesselh@gmail.com>
+Michael Huettermann <michael@huettermann.net>
+Moysés Borges <moysesb@gmail.com>
+<moysesb@gmail.com> <moyses.furtado@wplex.com.br>
+Nigel Poulton <nigelpoulton@hotmail.com>
+Qiang Huang <h.huangqiang@huawei.com>
+<h.huangqiang@huawei.com> <qhuang@10.0.2.15>
+Boaz Shuster <ripcurld.github@gmail.com>
+Shuwei Hao <haosw@cn.ibm.com>
+<haosw@cn.ibm.com> <haoshuwei24@gmail.com>
+Soshi Katsuta <soshi.katsuta@gmail.com>
+<soshi.katsuta@gmail.com> <katsuta_soshi@cyberagent.co.jp>
+Stefan Berger <stefanb@linux.vnet.ibm.com>
+<stefanb@linux.vnet.ibm.com> <stefanb@us.ibm.com>
+Stephen Day <stephen.day@docker.com>
+<stephen.day@docker.com> <stevvooe@users.noreply.github.com>
+Toli Kuznets <toli@docker.com>
+Tristan Carel <tristan@cogniteev.com>
+<tristan@cogniteev.com> <tristan.carel@gmail.com>
+Vincent Demeester <vincent@sbr.pm>
+<vincent@sbr.pm> <vincent+github@demeester.fr>
+Vishnu Kannan <vishnuk@google.com>
+xlgao-zju <xlgao@zju.edu.cn> xlgao <xlgao@zju.edu.cn>
+yuchangchun <yuchangchun1@huawei.com> y00277921 <yuchangchun1@huawei.com> 
+<zij@case.edu> <zjaffee@us.ibm.com>
+<anujbahuguna.dev@gmail.com> <abahuguna@fiberlink.com>
+<eungjun.yi@navercorp.com> <semtlenori@gmail.com>
+<haosw@cn.ibm.com> <haoshuwei1989@163.com>
+Hao Shu Wei <haosw@cn.ibm.com>
+<matt.bentley@docker.com> <mbentley@mbentley.net>
+<MihaiBorob@gmail.com> <MihaiBorobocea@gmail.com>
+<redmond.martin@gmail.com> <xgithub@redmond5.com>
+<redmond.martin@gmail.com> <martin@tinychat.com>
+<srbrahma@us.ibm.com> <sbrahma@us.ibm.com>
+<suda.akihiro@lab.ntt.co.jp> <suda.kyoto@gmail.com>
+<thomas@gazagnaire.org> <thomas@gazagnaire.com>
+Shengbo Song <thomassong@tencent.com> mYmNeo <mymneo@163.com>
+Shengbo Song <thomassong@tencent.com>
+<sylvain@ascribe.io> <sylvain.bellemare@ezeep.com>
+Sylvain Bellemare <sylvain@ascribe.io>
+
--- a/533
+++ b/533
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,9 +2,548 @@

 Items starting with `DEPRECATE` are important deprecation notices. For more
 information on the list of deprecated flags and APIs please have a look at
-https://docs.docker.com/misc/deprecated/ where target removal dates can also
+https://docs.docker.com/engine/deprecated/ where target removal dates can also
 be found.

+## 1.12.2 (2016-10-11)
+
+**IMPORTANT**: Docker 1.12 ships with an updated systemd unit file for rpm
+based installs (which includes RHEL, Fedora, CentOS, and Oracle Linux 7). When
+upgrading from an older version of docker, the upgrade process may not
+automatically install the updated version of the unit file, or fail to start
+the docker service if;
+
+- the systemd unit file (`/usr/lib/systemd/system/docker.service`) contains local changes, or
+- a systemd drop-in file is present, and contains `-H fd://` in the `ExecStart` directive
+
+Starting the docker service will produce an error:
+
+    Failed to start docker.service: Unit docker.socket failed to load: No such file or directory.
+
+or
+
+    no sockets found via socket activation: make sure the service was started by systemd.
+
+To resolve this:
+
+- Backup the current version of the unit file, and replace the file with the
+  [version that ships with docker 1.12](https://raw.githubusercontent.com/docker/docker/v1.12.0/contrib/init/systemd/docker.service.rpm)
+- Remove the `Requires=docker.socket` directive from the `/usr/lib/systemd/system/docker.service` file if present
+- Remove `-H fd://` from the `ExecStart` directive (both in the main unit file, and in any drop-in files present).
+
+After making those changes, run `sudo systemctl daemon-reload`, and `sudo
+systemctl restart docker` to reload changes and (re)start the docker daemon.
+
+
+### Runtime
+
+- Fix a panic due to a race condition filtering `docker ps` [#26049](https://github.com/docker/docker/pull/26049)
+* Implement retry logic to prevent "Unable to remove filesystem" errors when using the aufs storage driver [#26536](https://github.com/docker/docker/pull/26536)
+* Prevent devicemapper from removing device symlinks if `dm.use_deferred_removal` is enabled [#24740](https://github.com/docker/docker/pull/24740)
+- Fix an issue where the CLI did not return correct exit codes if a command was run with invalid options [#26777](https://github.com/docker/docker/pull/26777)
+- Fix a panic due to a bug in stdout / stderr processing in health checks [#26507](https://github.com/docker/docker/pull/26507)
+- Fix exec's children handling [#26874](https://github.com/docker/docker/pull/26874)
+- Fix exec form of HEALTHCHECK CMD [#26208](https://github.com/docker/docker/pull/26208)
+
+### Networking
+
+- Fix a daemon start panic on armv5 [#24315](https://github.com/docker/docker/issues/24315)
+* Vendor libnetwork [#26879](https://github.com/docker/docker/pull/26879) [#26953](https://github.com/docker/docker/pull/26953)
+ * Avoid returning early on agent join failures [docker/libnetwork#1473](https://github.com/docker/libnetwork/pull/1473)
+ - Fix service published port cleanup issues [docker/libetwork#1432](https://github.com/docker/libnetwork/pull/1432) [docker/libnetwork#1433](https://github.com/docker/libnetwork/pull/1433)
+ * Recover properly from transient gossip failures [docker/libnetwork#1446](https://github.com/docker/libnetwork/pull/1446)
+ * Disambiguate node names known to gossip cluster to avoid node name collision [docker/libnetwork#1451](https://github.com/docker/libnetwork/pull/1451)
+ * Honor user provided listen address for gossip  [docker/libnetwork#1460](https://github.com/docker/libnetwork/pull/1460)
+ * Allow reachability via published port across services on the same host [docker/libnetwork#1398](https://github.com/docker/libnetwork/pull/1398)
+ * Change the ingress sandbox name from random id to just `ingress_sbox` [docker/libnetwork#1449](https://github.com/docker/libnetwork/pull/1449)
+ - Disable service discovery in ingress network [docker/libnetwork#1489](https://github.com/docker/libnetwork/pull/1489)
+
+### Swarm Mode
+
+* Fix remote detection of a node's address when it joins the cluster [#26211](https://github.com/docker/docker/pull/26211)
+* Vendor SwarmKit [#26765](https://github.com/docker/docker/pull/26765)
+ * Bounce session after failed status update [docker/swarmkit#1539](https://github.com/docker/swarmkit/pull/1539)
+ - Fix possible raft deadlocks [docker/swarmkit#1537](https://github.com/docker/swarmkit/pull/1537)
+ - Fix panic and endpoint leak when a service is updated with no endpoints [docker/swarmkit#1481](https://github.com/docker/swarmkit/pull/1481)
+ * Produce an error if the same port is published twice on `service create` or `service update` [docker/swarmkit#1495](https://github.com/docker/swarmkit/pull/1495)
+ - Fix an issue where changes to a service were not detected, resulting in the service not being updated [docker/swarmkit#1497](https://github.com/docker/swarmkit/pull/1497)
+ - Do not allow service creation on ingress network [docker/swarmkit#1600](https://github.com/docker/swarmkit/pull/1600)
+
+### Contrib
+
+* Update the debian sysv-init script to use `dockerd` instead of `docker daemon` [#25869](https://github.com/docker/docker/pull/25869)
+* Improve stability when running the docker client on MacOS Sierra [#26875](https://github.com/docker/docker/pull/26875)
+- Fix installation on debian stretch [#27184](https://github.com/docker/docker/pull/27184)
+
+### Windows
+
+- Fix an issue where arrow-navigation did not work when running the docker client in ConEmu [#25578](https://github.com/docker/docker/pull/25578)
+
+## 1.12.1 (2016-08-18)
+
+**IMPORTANT**: Docker 1.12 ships with an updated systemd unit file for rpm
+based installs (which includes RHEL, Fedora, CentOS, and Oracle Linux 7). When
+upgrading from an older version of docker, the upgrade process may not
+automatically install the updated version of the unit file, or fail to start
+the docker service if;
+
+- the systemd unit file (`/usr/lib/systemd/system/docker.service`) contains local changes, or
+- a systemd drop-in file is present, and contains `-H fd://` in the `ExecStart` directive
+
+Starting the docker service will produce an error:
+
+    Failed to start docker.service: Unit docker.socket failed to load: No such file or directory.
+
+or
+
+    no sockets found via socket activation: make sure the service was started by systemd.
+
+To resolve this:
+
+- Backup the current version of the unit file, and replace the file with the
+  [version that ships with docker 1.12](https://raw.githubusercontent.com/docker/docker/v1.12.0/contrib/init/systemd/docker.service.rpm)
+- Remove the `Requires=docker.socket` directive from the `/usr/lib/systemd/system/docker.service` file if present
+- Remove `-H fd://` from the `ExecStart` directive (both in the main unit file, and in any drop-in files present).
+
+After making those changes, run `sudo systemctl daemon-reload`, and `sudo
+systemctl restart docker` to reload changes and (re)start the docker daemon.
+
+
+### Client
+
+* Add `Joined at` information in `node inspect --pretty` [#25512](https://github.com/docker/docker/pull/25512)
+- Fix a crash on `service inspect` [#25454](https://github.com/docker/docker/pull/25454)
+- Fix issue preventing `service update --env-add` to work as intended [#25427](https://github.com/docker/docker/pull/25427)
+- Fix issue preventing `service update --publish-add` to work as intended [#25428](https://github.com/docker/docker/pull/25428)
+- Remove `service update --network-add` and `service update --network-rm` flags
+  because this feature is not yet implemented in 1.12, but was inadvertently added
+  to the client in 1.12.0 [#25646](https://github.com/docker/docker/pull/25646) 
+
+### Contrib
+
+ Official ARM installation for Debian Jessie, Ubuntu Trusty, and Raspbian Jessie [#24815](https://github.com/docker/docker/pull/24815) [#25591](https://github.com/docker/docker/pull/25637)
+- Add selinux policy per distro/version, fixing issue preventing successful installation on Fedora 24, and Oracle Linux [#25334](https://github.com/docker/docker/pull/25334) [#25593](https://github.com/docker/docker/pull/25593)
+
+### Networking
+
+- Fix issue that prevented containers to be accessed by hostname with Docker overlay driver in Swarm Mode [#25603](https://github.com/docker/docker/pull/25603) [#25648](https://github.com/docker/docker/pull/25648)
+- Fix random network issues on service with published port [#25603](https://github.com/docker/docker/pull/25603)
+- Fix unreliable inter-service communication after scaling down and up [#25603](https://github.com/docker/docker/pull/25603)
+- Fix issue where removing all tasks on a node and adding them back breaks connectivity with other services [#25603](https://github.com/docker/docker/pull/25603)
+- Fix issue where a task that fails to start results in a race, causing a `network xxx not found` error that masks the actual error [#25550](https://github.com/docker/docker/pull/25550)
+- Relax validation of SRV records for external services that use SRV records not formatted according to RFC 2782 [#25739](https://github.com/docker/docker/pull/25739)
+
+### Plugins (experimental)
+
+* Make daemon events listen for plugin lifecycle events [#24760](https://github.com/docker/docker/pull/24760)
+* Check for plugin state before enabling plugin [#25033](https://github.com/docker/docker/pull/25033)
+- Remove plugin root from filesystem on `plugin rm` [#25187](https://github.com/docker/docker/pull/25187)
+- Prevent deadlock when more than one plugin is installed [#25384](https://github.com/docker/docker/pull/25384)
+
+### Runtime
+
+* Mask join tokens in daemon logs [#25346](https://github.com/docker/docker/pull/25346)
+- Fix `docker ps --filter` causing the results to no longer be sorted by creation time [#25387](https://github.com/docker/docker/pull/25387)
+- Fix various crashes [#25053](https://github.com/docker/docker/pull/25053)
+
+### Security
+
+* Add `/proc/timer_list` to the masked paths list to prevent information leak from the host [#25630](https://github.com/docker/docker/pull/25630)
+* Allow systemd to run with only `--cap-add SYS_ADMIN` rather than having to also add `--cap-add DAC_READ_SEARCH` or disabling seccomp filtering [#25567](https://github.com/docker/docker/pull/25567)
+
+### Swarm
+
+- Fix an issue where the swarm can get stuck electing a new leader after quorum is lost [#25055](https://github.com/docker/docker/issues/25055)
+- Fix unwanted rescheduling of containers after a leader failover [#25017](https://github.com/docker/docker/issues/25017)
+- Change swarm root CA key to P256 curve [swarmkit#1376](https://github.com/docker/swarmkit/pull/1376)
+- Allow forced removal of a node from a swarm [#25159](https://github.com/docker/docker/pull/25159)
+- Fix connection leak when a node leaves a swarm [swarmkit/#1277](https://github.com/docker/swarmkit/pull/1277)
+- Backdate swarm certificates by one hour to tolerate more clock skew [swarmkit/#1243](https://github.com/docker/swarmkit/pull/1243)
+- Avoid high CPU use with many unschedulable tasks [swarmkit/#1287](https://github.com/docker/swarmkit/pull/1287)
+- Fix issue with global tasks not starting up [swarmkit/#1295](https://github.com/docker/swarmkit/pull/1295)
+- Garbage collect raft logs [swarmkit/#1327](https://github.com/docker/swarmkit/pull/1327)
+
+### Volume
+
+- Persist local volume options after a daemon restart [#25316](https://github.com/docker/docker/pull/25316)
+- Fix an issue where the mount ID was not returned on volume unmount [#25333](https://github.com/docker/docker/pull/25333)
+- Fix an issue where a volume mount could inadvertently create a bind mount [#25309](https://github.com/docker/docker/pull/25309)
+- `docker service create --mount type=bind,...` now correctly validates if the source path exists, instead of creating it [#25494](https://github.com/docker/docker/pull/25494)
+
+## 1.12.0 (2016-07-28)
+
+
+**IMPORTANT**: Docker 1.12.0 ships with an updated systemd unit file for rpm
+based installs (which includes RHEL, Fedora, CentOS, and Oracle Linux 7). When
+upgrading from an older version of docker, the upgrade process may not
+automatically install the updated version of the unit file, or fail to start
+the docker service if;
+
+- the systemd unit file (`/usr/lib/systemd/system/docker.service`) contains local changes, or
+- a systemd drop-in file is present, and contains `-H fd://` in the `ExecStart` directive
+
+Starting the docker service will produce an error:
+
+    Failed to start docker.service: Unit docker.socket failed to load: No such file or directory.
+
+or
+
+    no sockets found via socket activation: make sure the service was started by systemd.
+
+To resolve this:
+
+- Backup the current version of the unit file, and replace the file with the
+  [version that ships with docker 1.12](https://raw.githubusercontent.com/docker/docker/v1.12.0/contrib/init/systemd/docker.service.rpm)
+- Remove the `Requires=docker.socket` directive from the `/usr/lib/systemd/system/docker.service` file if present
+- Remove `-H fd://` from the `ExecStart` directive (both in the main unit file, and in any drop-in files present).
+
+After making those changes, run `sudo systemctl daemon-reload`, and `sudo
+systemctl restart docker` to reload changes and (re)start the docker daemon.
+
+**IMPORTANT**: With Docker 1.12, a Linux docker installation now has two
+additional binaries; `dockerd`, and `docker-proxy`. If you have scripts for
+installing docker, please make sure to update them accordingly.
+
+### Builder
+
+ New `HEALTHCHECK` Dockerfile instruction to support user-defined healthchecks [#23218](https://github.com/docker/docker/pull/23218)
+ New `SHELL` Dockerfile instruction to specify the default shell when using the shell form for commands in a Dockerfile [#22489](https://github.com/docker/docker/pull/22489)
+ Add `#escape=` Dockerfile directive to support platform-specific parsing of file paths in Dockerfile [#22268](https://github.com/docker/docker/pull/22268)
+ Add support for comments in `.dockerignore` [#23111](https://github.com/docker/docker/pull/23111)
+* Support for UTF-8 in Dockerfiles [#23372](https://github.com/docker/docker/pull/23372)
+* Skip UTF-8 BOM bytes from `Dockerfile` and `.dockerignore` if exist [#23234](https://github.com/docker/docker/pull/23234)
+* Windows: support for `ARG` to match Linux [#22508](https://github.com/docker/docker/pull/22508)
+- Fix error message when building using a daemon with the bridge network disabled [#22932](https://github.com/docker/docker/pull/22932)
+
+### Contrib
+
+* Enable seccomp for Centos 7 and Oracle Linux 7 [#22344](https://github.com/docker/docker/pull/22344)
+- Remove MountFlags in systemd unit to allow shared mount propagation [#22806](https://github.com/docker/docker/pull/22806)
+
+### Distribution
+
+ Add `--max-concurrent-downloads` and `--max-concurrent-uploads` daemon flags useful for situations where network connections don't support multiple downloads/uploads [#22445](https://github.com/docker/docker/pull/22445)
+* Registry operations now honor the `ALL_PROXY` environment variable [#22316](https://github.com/docker/docker/pull/22316)
+* Provide more information to the user on `docker load` [#23377](https://github.com/docker/docker/pull/23377)
+* Always save registry digest metadata about images pushed and pulled [#23996](https://github.com/docker/docker/pull/23996)
+
+### Logging
+
+ Syslog logging driver now supports DGRAM sockets [#21613](https://github.com/docker/docker/pull/21613)
+ Add `--details` option to `docker logs` to also display log tags [#21889](https://github.com/docker/docker/pull/21889)
+ Enable syslog logger to have access to env and labels [#21724](https://github.com/docker/docker/pull/21724)
+ An additional syslog-format option `rfc5424micro` to allow microsecond resolution in syslog timestamp [#21844](https://github.com/docker/docker/pull/21844)
+* Inherit the daemon log options when creating containers [#21153](https://github.com/docker/docker/pull/21153)
+* Remove `docker/` prefix from log messages tag and replace it with `{{.DaemonName}}` so that users have the option of changing the prefix [#22384](https://github.com/docker/docker/pull/22384)
+
+### Networking
+
+ Built-in Virtual-IP based  internal and ingress load-balancing using IPVS [#23361](https://github.com/docker/docker/pull/23361)
+ Routing Mesh using ingress overlay network [#23361](https://github.com/docker/docker/pull/23361)
+ Secured multi-host overlay networking using encrypted control-plane and Data-plane [#23361](https://github.com/docker/docker/pull/23361)
+ MacVlan driver is out of experimental [#23524](https://github.com/docker/docker/pull/23524)
+ Add `driver` filter to `network ls` [#22319](https://github.com/docker/docker/pull/22319)
+ Adding `network` filter to `docker ps --filter` [#23300](https://github.com/docker/docker/pull/23300)
+ Add `--link-local-ip` flag to `create`, `run` and `network connect` to specify a container's link-local address [#23415](https://github.com/docker/docker/pull/23415)
+ Add network label filter support [#21495](https://github.com/docker/docker/pull/21495)
+* Removed dependency on external KV-Store for Overlay networking in Swarm-Mode  [#23361](https://github.com/docker/docker/pull/23361)
+* Add container's short-id as default network alias [#21901](https://github.com/docker/docker/pull/21901)
+* `run` options `--dns` and `--net=host` are no longer mutually exclusive [#22408](https://github.com/docker/docker/pull/22408)
+- Fix DNS issue when renaming containers with generated names [#22716](https://github.com/docker/docker/pull/22716)
+- Allow both `network inspect -f {{.Id}}` and `network inspect -f {{.ID}}` to address inconsistency with inspect output [#23226](https://github.com/docker/docker/pull/23226)
+
+### Plugins (experimental)
+
+ New `plugin` command to manager plugins with `install`, `enable`, `disable`, `rm`, `inspect`, `set` subcommands [#23446](https://github.com/docker/docker/pull/23446)
+
+### Remote API (v1.24) & Client
+
+ Split the binary into two: `docker` (client) and `dockerd` (daemon) [#20639](https://github.com/docker/docker/pull/20639)
+ Add `before` and `since` filters to `docker images --filter` [#22908](https://github.com/docker/docker/pull/22908)
+ Add `--limit` option to `docker search` [#23107](https://github.com/docker/docker/pull/23107)
+ Add `--filter` option to `docker search` [#22369](https://github.com/docker/docker/pull/22369)
+ Add security options to `docker info` output [#21172](https://github.com/docker/docker/pull/21172) [#23520](https://github.com/docker/docker/pull/23520)
+ Add insecure registries to `docker info` output [#20410](https://github.com/docker/docker/pull/20410)
+ Extend Docker authorization with TLS user information [#21556](https://github.com/docker/docker/pull/21556)
+ devicemapper: expose Mininum Thin Pool Free Space through `docker info` [#21945](https://github.com/docker/docker/pull/21945)
+* API now returns a JSON object when an error occurs making it more consistent [#22880](https://github.com/docker/docker/pull/22880)
+- Prevent `docker run -i --restart` from hanging on exit [#22777](https://github.com/docker/docker/pull/22777)
+- Fix API/CLI discrepancy on hostname validation [#21641](https://github.com/docker/docker/pull/21641)
+- Fix discrepancy in the format of sizes in `stats` from HumanSize to BytesSize [#21773](https://github.com/docker/docker/pull/21773)
+- authz: when request is denied return forbbiden exit code (403) [#22448](https://github.com/docker/docker/pull/22448)
+- Windows: fix tty-related displaying issues [#23878](https://github.com/docker/docker/pull/23878)
+
+### Runtime
+
+ Split the userland proxy to a separate binary (`docker-proxy`) [#23312](https://github.com/docker/docker/pull/23312)
+ Add `--live-restore` daemon flag to keep containers running when daemon shuts down, and regain control on startup [#23213](https://github.com/docker/docker/pull/23213)
+ Ability to add OCI-compatible runtimes (via `--add-runtime` daemon flag) and select one with `--runtime` on `create` and `run` [#22983](https://github.com/docker/docker/pull/22983)
+ New `overlay2` graphdriver for Linux 4.0+ with multiple lower directory support [#22126](https://github.com/docker/docker/pull/22126)
+ New load/save image events [#22137](https://github.com/docker/docker/pull/22137)
+ Add support for reloading daemon configuration through systemd [#22446](https://github.com/docker/docker/pull/22446)
+ Add disk quota support for btrfs [#19651](https://github.com/docker/docker/pull/19651)
+ Add disk quota support for zfs [#21946](https://github.com/docker/docker/pull/21946)
+ Add support for `docker run --pid=container:<id>` [#22481](https://github.com/docker/docker/pull/22481)
+ Align default seccomp profile with selected capabilities [#22554](https://github.com/docker/docker/pull/22554)
+ Add a `daemon reload` event when the daemon reloads its configuration [#22590](https://github.com/docker/docker/pull/22590)
+ Add `trace` capability in the pprof profiler to show execution traces in binary form [#22715](https://github.com/docker/docker/pull/22715)
+ Add a `detach` event [#22898](https://github.com/docker/docker/pull/22898)
+ Add support for setting sysctls with `--sysctl` [#19265](https://github.com/docker/docker/pull/19265)
+ Add `--storage-opt` flag to `create` and `run` allowing to set `size` on devicemapper [#19367](https://github.com/docker/docker/pull/19367)
+ Add `--oom-score-adjust` daemon flag with a default value of `-500` making the daemon less likely to be killed before containers [#24516](https://github.com/docker/docker/pull/24516)
+* Undeprecate the `-c` short alias of `--cpu-shares` on `run`, `build`, `create`, `update` [#22621](https://github.com/docker/docker/pull/22621)
+* Prevent from using aufs and overlay graphdrivers on an eCryptfs mount [#23121](https://github.com/docker/docker/pull/23121)
+- Fix issues with tmpfs mount ordering [#22329](https://github.com/docker/docker/pull/22329)
+- Created containers are no longer listed on `docker ps -a -f exited=0` [#21947](https://github.com/docker/docker/pull/21947)
+- Fix an issue where containers are stuck in a "Removal In Progress" state [#22423](https://github.com/docker/docker/pull/22423)
+- Fix bug that was returning an HTTP 500 instead of a 400 when not specifying a command on run/create [#22762](https://github.com/docker/docker/pull/22762)
+- Fix bug with `--detach-keys` whereby input matching a prefix of the detach key was not preserved [#22943](https://github.com/docker/docker/pull/22943)
+- SELinux labeling is now disabled when using `--privileged` mode [#22993](https://github.com/docker/docker/pull/22993)
+- If volume-mounted into a container, `/etc/hosts`, `/etc/resolv.conf`, `/etc/hostname` are no longer SELinux-relabeled [#22993](https://github.com/docker/docker/pull/22993)
+- Fix inconsistency in `--tmpfs` behavior regarding mount options [#22438](https://github.com/docker/docker/pull/22438)
+- Fix an issue where daemon hangs at startup [#23148](https://github.com/docker/docker/pull/23148)
+- Ignore SIGPIPE events to prevent journald restarts to crash docker in some cases [#22460](https://github.com/docker/docker/pull/22460)
+- Containers are not removed from stats list on error [#20835](https://github.com/docker/docker/pull/20835)
+- Fix `on-failure` restart policy when daemon restarts [#20853](https://github.com/docker/docker/pull/20853)
+- Fix an issue with `stats` when a container is using another container's network [#21904](https://github.com/docker/docker/pull/21904)
+
+### Swarm Mode
+
+ New `swarm` command to manage swarms with `init`, `join`, `join-token`, `leave`, `update` subcommands [#23361](https://github.com/docker/docker/pull/23361) [#24823](https://github.com/docker/docker/pull/24823)
+ New `service` command to manage swarm-wide services with `create`, `inspect`, `update`, `rm`, `ps` subcommands [#23361](https://github.com/docker/docker/pull/23361) [#25140](https://github.com/docker/docker/pull/25140)
+ New `node` command to manage nodes with `accept`, `promote`, `demote`, `inspect`, `update`, `ps`, `ls` and `rm` subcommands [#23361](https://github.com/docker/docker/pull/23361) [#25140](https://github.com/docker/docker/pull/25140)
+ (experimental) New `stack` and `deploy` commands to manage and deploy multi-service applications [#23522](https://github.com/docker/docker/pull/23522) [#25140](https://github.com/docker/docker/pull/25140)
+
+### Volume
+
+ Add support for local and global volume scopes (analogous to network scopes) [#22077](https://github.com/docker/docker/pull/22077)
+ Allow volume drivers to provide a `Status` field [#21006](https://github.com/docker/docker/pull/21006)
+ Add name/driver filter support for volume [#21361](https://github.com/docker/docker/pull/21361)
+* Mount/Unmount operations now receives an opaque ID to allow volume drivers to differentiate between two callers [#21015](https://github.com/docker/docker/pull/21015)
+- Fix issue preventing to remove a volume in a corner case [#22103](https://github.com/docker/docker/pull/22103)
+- Windows: Enable auto-creation of host-path to match Linux [#22094](https://github.com/docker/docker/pull/22094)
+
+
+### DEPRECATION
+* Environment variables `DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and `DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` have been renamed  
+  to `DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE` and `DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE` respectively [#22574](https://github.com/docker/docker/pull/22574)
+* Remove deprecated `syslog-tag`, `gelf-tag`, `fluentd-tag` log option in favor of the more generic `tag` one [#22620](https://github.com/docker/docker/pull/22620)
+* Remove deprecated feature of passing HostConfig at API container start [#22570](https://github.com/docker/docker/pull/22570)
+* Remove deprecated `-f`/`--force` flag on docker tag [#23090](https://github.com/docker/docker/pull/23090)
+* Remove deprecated `/containers/<id|name>/copy` endpoint [#22149](https://github.com/docker/docker/pull/22149)
+* Remove deprecated `docker ps` flags `--since` and `--before` [#22138](https://github.com/docker/docker/pull/22138)
+* Deprecate the old 3-args form of `docker import` [#23273](https://github.com/docker/docker/pull/23273)
+
+## 1.11.2 (2016-05-31)
+
+### Networking
+
+- Fix a stale endpoint issue on overlay networks during ungraceful restart ([#23015](https://github.com/docker/docker/pull/23015))
+- Fix an issue where the wrong port could be reported by `docker inspect/ps/port` ([#22997](https://github.com/docker/docker/pull/22997))
+
+### Runtime
+
+- Fix a potential panic when running `docker build` ([#23032](https://github.com/docker/docker/pull/23032))
+- Fix interpretation of `--user` parameter ([#22998](https://github.com/docker/docker/pull/22998))
+- Fix a bug preventing container statistics to be correctly reported ([#22955](https://github.com/docker/docker/pull/22955))
+- Fix an issue preventing container to be restarted after daemon restart ([#22947](https://github.com/docker/docker/pull/22947))
+- Fix issues when running 32 bit binaries on Ubuntu 16.04 ([#22922](https://github.com/docker/docker/pull/22922))
+- Fix a possible deadlock on image deletion and container attach ([#22918](https://github.com/docker/docker/pull/22918))
+- Fix an issue where containers fail to start after a daemon restart if they depend on a containerized cluster store ([#22561](https://github.com/docker/docker/pull/22561))
+- Fix an issue causing `docker ps` to hang on CentOS when using devicemapper ([#22168](https://github.com/docker/docker/pull/22168), [#23067](https://github.com/docker/docker/pull/23067))
+- Fix a bug preventing to `docker exec` into a container when using devicemapper ([#22168](https://github.com/docker/docker/pull/22168), [#23067](https://github.com/docker/docker/pull/23067))
+
+
+## 1.11.1 (2016-04-26)
+
+### Distribution
+
+- Fix schema2 manifest media type to be of type `application/vnd.docker.container.image.v1+json` ([#21949](https://github.com/docker/docker/pull/21949))
+
+### Documentation
+
+ Add missing API documentation for changes introduced with 1.11.0 ([#22048](https://github.com/docker/docker/pull/22048))
+
+### Builder
+
+* Append label passed to `docker build` as arguments as an implicit `LABEL` command at the end of the processed `Dockerfile` ([#22184](https://github.com/docker/docker/pull/22184))
+
+### Networking
+
+- Fix a panic that would occur when forwarding DNS query ([#22261](https://github.com/docker/docker/pull/22261))
+- Fix an issue where OS threads could end up within an incorrect network namespace when using user defined networks ([#22261](https://github.com/docker/docker/pull/22261))
+
+### Runtime
+
+- Fix a bug preventing labels configuration to be reloaded via the config file ([#22299](https://github.com/docker/docker/pull/22299))
+- Fix a regression where container mounting `/var/run` would prevent other containers from being removed ([#22256](https://github.com/docker/docker/pull/22256))
+- Fix an issue where it would be impossible to update both `memory-swap` and `memory` value together ([#22255](https://github.com/docker/docker/pull/22255))
+- Fix a regression from 1.11.0 where the `/auth` endpoint would not initialize `serveraddress` if it is not provided ([#22254](https://github.com/docker/docker/pull/22254))
+- Add missing cleanup of container temporary files when cancelling a schedule restart ([#22237](https://github.com/docker/docker/pull/22237))
+- Remove scary error message when no restart policy is specified ([#21993](https://github.com/docker/docker/pull/21993))
+- Fix a panic that would occur when the plugins were activated via the json spec ([#22191](https://github.com/docker/docker/pull/22191))
+- Fix restart backoff logic to correctly reset delay if container ran for at least 10secs ([#22125](https://github.com/docker/docker/pull/22125))
+- Remove error message when a container restart get cancelled ([#22123](https://github.com/docker/docker/pull/22123))
+- Fix an issue where `docker` would not correctly clean up after `docker exec` ([#22121](https://github.com/docker/docker/pull/22121))
+- Fix a panic that could occur when serving concurrent `docker stats` commands ([#22120](https://github.com/docker/docker/pull/22120))`
+- Revert deprecation of non-existent host directories auto-creation ([#22065](https://github.com/docker/docker/pull/22065))
+- Hide misleading rpc error on daemon shutdown ([#22058](https://github.com/docker/docker/pull/22058))
+
+## 1.11.0 (2016-04-13)
+
+**IMPORTANT**: With Docker 1.11, a Linux docker installation is now made of 4 binaries (`docker`, [`docker-containerd`](https://github.com/docker/containerd), [`docker-containerd-shim`](https://github.com/docker/containerd) and [`docker-runc`](https://github.com/opencontainers/runc)). If you have scripts relying on docker being a single static binaries, please make sure to update them. Interaction with the daemon stay the same otherwise, the usage of the other binaries should be transparent. A Windows docker installation remains a single binary, `docker.exe`.
+
+### Builder
+
+- Fix a bug where Docker would not use the correct uid/gid when processing the `WORKDIR` command ([#21033](https://github.com/docker/docker/pull/21033))
+- Fix a bug where copy operations with userns would not use the proper uid/gid ([#20782](https://github.com/docker/docker/pull/20782), [#21162](https://github.com/docker/docker/pull/21162))
+
+### Client
+
+* Usage of the `:` separator for security option has been deprecated. `=` should be used instead ([#21232](https://github.com/docker/docker/pull/21232))
+ The client user agent is now passed to the registry on `pull`, `build`, `push`, `login` and `search` operations ([#21306](https://github.com/docker/docker/pull/21306), [#21373](https://github.com/docker/docker/pull/21373))
+* Allow setting the Domainname and Hostname separately through the API ([#20200](https://github.com/docker/docker/pull/20200))
+* Docker info will now warn users if it can not detect the kernel version or the operating system ([#21128](https://github.com/docker/docker/pull/21128))
+- Fix an issue where `docker stats --no-stream` output could be all 0s ([#20803](https://github.com/docker/docker/pull/20803))
+- Fix a bug where some newly started container would not appear in a running `docker stats` command ([#20792](https://github.com/docker/docker/pull/20792))
+* Post processing is no longer enabled for linux-cgo terminals ([#20587](https://github.com/docker/docker/pull/20587))
+- Values to `--hostname` are now refused if they do not comply with [RFC1123](https://tools.ietf.org/html/rfc1123) ([#20566](https://github.com/docker/docker/pull/20566))
+ Docker learned how to use a SOCKS proxy ([#20366](https://github.com/docker/docker/pull/20366), [#18373](https://github.com/docker/docker/pull/18373))
+ Docker now supports external credential stores ([#20107](https://github.com/docker/docker/pull/20107))
+* `docker ps` now supports displaying the list of volumes mounted inside a container ([#20017](https://github.com/docker/docker/pull/20017))
+* `docker info` now also reports Docker's root directory location ([#19986](https://github.com/docker/docker/pull/19986))
+- Docker now prohibits login in with an empty username (spaces are trimmed) ([#19806](https://github.com/docker/docker/pull/19806))
+* Docker events attributes are now sorted by key ([#19761](https://github.com/docker/docker/pull/19761))
+* `docker ps` no longer shows exported port for stopped containers ([#19483](https://github.com/docker/docker/pull/19483))
+- Docker now cleans after itself if a save/export command fails ([#17849](https://github.com/docker/docker/pull/17849))
+* Docker load learned how to display a progress bar ([#17329](https://github.com/docker/docker/pull/17329), [#120078](https://github.com/docker/docker/pull/20078))
+
+### Distribution
+
+- Fix a panic that occurred when pulling an image with 0 layers ([#21222](https://github.com/docker/docker/pull/21222))
+- Fix a panic that could occur on error while pushing to a registry with a misconfigured token service ([#21212](https://github.com/docker/docker/pull/21212))
+ All first-level delegation roles are now signed when doing a trusted push ([#21046](https://github.com/docker/docker/pull/21046))
+ OAuth support for registries was added ([#20970](https://github.com/docker/docker/pull/20970))
+* `docker login` now handles token using the implementation found in [docker/distribution](https://github.com/docker/distribution) ([#20832](https://github.com/docker/docker/pull/20832))
+* `docker login` will no longer prompt for an email ([#20565](https://github.com/docker/docker/pull/20565))
+* Docker will now fallback to registry V1 if no basic auth credentials are available ([#20241](https://github.com/docker/docker/pull/20241))
+* Docker will now try to resume layer download where it left off after a network error/timeout ([#19840](https://github.com/docker/docker/pull/19840))
+- Fix generated manifest mediaType when pushing cross-repository ([#19509](https://github.com/docker/docker/pull/19509))
+- Fix docker requesting additional push credentials when pulling an image if Content Trust is enabled ([#20382](https://github.com/docker/docker/pull/20382))
+
+### Logging
+
+- Fix a race in the journald log driver ([#21311](https://github.com/docker/docker/pull/21311))
+* Docker syslog driver now uses the RFC-5424 format when emitting logs ([#20121](https://github.com/docker/docker/pull/20121))
+* Docker GELF log driver now allows to specify the compression algorithm and level via the `gelf-compression-type` and `gelf-compression-level` options ([#19831](https://github.com/docker/docker/pull/19831))
+* Docker daemon learned to output uncolorized logs via the `--raw-logs` options ([#19794](https://github.com/docker/docker/pull/19794))
+ Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named `etwlogs` ([#19689](https://github.com/docker/docker/pull/19689))
+* Journald log driver learned how to handle tags ([#19564](https://github.com/docker/docker/pull/19564))
+ The fluentd log driver learned the following options: `fluentd-address`, `fluentd-buffer-limit`, `fluentd-retry-wait`, `fluentd-max-retries` and `fluentd-async-connect` ([#19439](https://github.com/docker/docker/pull/19439))
+ Docker learned to send log to Google Cloud via the new `gcplogs` logging driver. ([#18766](https://github.com/docker/docker/pull/18766))
+
+
+### Misc
+
+ When saving linked images together with `docker save` a subsequent `docker load` will correctly restore their parent/child relationship ([#21385](https://github.com/docker/docker/pull/21385))
+ Support for building the Docker cli for OpenBSD was added ([#21325](https://github.com/docker/docker/pull/21325))
+ Labels can now be applied at network, volume and image creation ([#21270](https://github.com/docker/docker/pull/21270))
+* The `dockremap` is now created as a system user ([#21266](https://github.com/docker/docker/pull/21266))
+- Fix a few response body leaks ([#21258](https://github.com/docker/docker/pull/21258))
+- Docker, when run as a service with systemd, will now properly manage its processes cgroups ([#20633](https://github.com/docker/docker/pull/20633))
+* `docker info` now reports the value of cgroup KernelMemory or emits a warning if it is not supported ([#20863](https://github.com/docker/docker/pull/20863))
+* `docker info` now also reports the cgroup driver in use ([#20388](https://github.com/docker/docker/pull/20388))
+* Docker completion is now available on PowerShell ([#19894](https://github.com/docker/docker/pull/19894))
+* `dockerinit` is no more ([#19490](https://github.com/docker/docker/pull/19490),[#19851](https://github.com/docker/docker/pull/19851))
+ Support for building Docker on arm64 was added ([#19013](https://github.com/docker/docker/pull/19013))
+ Experimental support for building docker.exe in a native Windows Docker installation ([#18348](https://github.com/docker/docker/pull/18348))
+
+### Networking
+
+- Fix panic if a node is forcibly removed from the cluster ([#21671](https://github.com/docker/docker/pull/21671))
+- Fix "error creating vxlan interface" when starting a container in a Swarm cluster ([#21671](https://github.com/docker/docker/pull/21671))
+* `docker network inspect` will now report all endpoints whether they have an active container or not ([#21160](https://github.com/docker/docker/pull/21160))
+ Experimental support for the MacVlan and IPVlan network drivers has been added ([#21122](https://github.com/docker/docker/pull/21122))
+* Output of `docker network ls` is now sorted by network name ([#20383](https://github.com/docker/docker/pull/20383))
+- Fix a bug where Docker would allow a network to be created with the reserved `default` name ([#19431](https://github.com/docker/docker/pull/19431))
+* `docker network inspect` returns whether a network is internal or not ([#19357](https://github.com/docker/docker/pull/19357))
+ Control IPv6 via explicit option when creating a network (`docker network create --ipv6`). This shows up as a new `EnableIPv6` field in `docker network inspect` ([#17513](https://github.com/docker/docker/pull/17513))
+* Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server ([#21396](https://github.com/docker/docker/pull/21396))
+- Fix to not forward docker domain IPv6 queries to external servers ([#21396](https://github.com/docker/docker/pull/21396))
+* Multiple A/AAAA records from embedded DNS Server for DNS Round robin ([#21019](https://github.com/docker/docker/pull/21019))
+- Fix endpoint count inconsistency after an ungraceful dameon restart ([#21261](https://github.com/docker/docker/pull/21261))
+- Move the ownership of exposed ports and port-mapping options from Endpoint to Sandbox ([#21019](https://github.com/docker/docker/pull/21019))
+- Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 ([#21019](https://github.com/docker/docker/pull/21019))
+- Added inbuilt nil IPAM driver ([#21019](https://github.com/docker/docker/pull/21019))
+- Fixed bug in iptables.Exists() logic [#21019](https://github.com/docker/docker/pull/21019)
+- Fixed a Veth interface leak when using overlay network ([#21019](https://github.com/docker/docker/pull/21019))
+- Fixed a bug which prevents docker reload after a network delete during shutdown ([#20214](https://github.com/docker/docker/pull/20214))
+- Make sure iptables chains are recreated on firewalld reload ([#20419](https://github.com/docker/docker/pull/20419))
+- Allow to pass global datastore during config reload ([#20419](https://github.com/docker/docker/pull/20419))
+- For anonymous containers use the alias name for IP to name mapping, ie:DNS PTR record ([#21019](https://github.com/docker/docker/pull/21019))
+- Fix a panic when deleting an entry from /etc/hosts file  ([#21019](https://github.com/docker/docker/pull/21019))
+- Source the forwarded DNS queries from the container net namespace  ([#21019](https://github.com/docker/docker/pull/21019))
+- Fix to retain the network internal mode config for bridge networks on daemon reload ([#21780] (https://github.com/docker/docker/pull/21780))
+- Fix to retain IPAM driver option configs on daemon reload ([#21914] (https://github.com/docker/docker/pull/21914))
+
+### Plugins
+
+- Fix a file descriptor leak that would occur every time plugins were enumerated ([#20686](https://github.com/docker/docker/pull/20686))
+- Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data ([#20602](https://github.com/docker/docker/pull/20602))
+
+### Runtime
+
+- Fix a panic that could occur when cleanup after a container started with invalid parameters ([#21716](https://github.com/docker/docker/pull/21716))
+- Fix a race with event timers stopping early ([#21692](https://github.com/docker/docker/pull/21692))
+- Fix race conditions in the layer store, potentially corrupting the map and crashing the process ([#21677](https://github.com/docker/docker/pull/21677))
+- Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](https://github.com/docker/docker/pull/21666))  
+  Docker 1.9, but was decided to be too much of a backward-incompatible change, so it was decided to keep the feature.
+ It is now possible for containers to share the NET and IPC namespaces when `userns` is enabled ([#21383](https://github.com/docker/docker/pull/21383))
+ `docker inspect <image-id>` will now expose the rootfs layers ([#21370](https://github.com/docker/docker/pull/21370))
+ Docker Windows gained a minimal `top` implementation ([#21354](https://github.com/docker/docker/pull/21354))
+* Docker learned to report the faulty exe when a container cannot be started due to its condition ([#21345](https://github.com/docker/docker/pull/21345))
+* Docker with device mapper will now refuse to run if `udev sync` is not available ([#21097](https://github.com/docker/docker/pull/21097))
+- Fix a bug where Docker would not validate the config file upon configuration reload ([#21089](https://github.com/docker/docker/pull/21089))
+- Fix a hang that would happen on attach if initial start was to fail ([#21048](https://github.com/docker/docker/pull/21048))
+- Fix an issue where registry service options in the daemon configuration file were not properly taken into account ([#21045](https://github.com/docker/docker/pull/21045))
+- Fix a race between the exec and resize operations ([#21022](https://github.com/docker/docker/pull/21022))
+- Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events ([#21013](https://github.com/docker/docker/pull/21013))
+- Fix the handling of Docker command when passed a 64 bytes id ([#21002](https://github.com/docker/docker/pull/21002))
+* Docker will now return a `204` (i.e http.StatusNoContent) code when it successfully deleted a network ([#20977](https://github.com/docker/docker/pull/20977))
+- Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own ([#20967](https://github.com/docker/docker/pull/20967)
+* The devmapper driver learned the `dm.min_free_space` option. If the mapped device free space reaches the passed value, new device creation will be prohibited. ([#20786](https://github.com/docker/docker/pull/20786))
+ Docker can now prevent processes in container to gain new privileges via the `--security-opt=no-new-privileges` flag ([#20727](https://github.com/docker/docker/pull/20727))
+- Starting a container with the `--device` option will now correctly resolves symlinks ([#20684](https://github.com/docker/docker/pull/20684))
+ Docker now relies on [`containerd`](https://github.com/docker/containerd) and [`runc`](https://github.com/opencontainers/runc) to spawn containers. ([#20662](https://github.com/docker/docker/pull/20662))
+- Fix docker configuration reloading to only alter value present in the given config file ([#20604](https://github.com/docker/docker/pull/20604))
+ Docker now allows setting a container hostname via the `--hostname` flag when `--net=host` ([#20177](https://github.com/docker/docker/pull/20177))
+ Docker now allows executing privileged container while running with `--userns-remap` if both `--privileged` and the new `--userns=host` flag are specified ([#20111](https://github.com/docker/docker/pull/20111))
+- Fix Docker not cleaning up correctly old containers upon restarting after a crash ([#19679](https://github.com/docker/docker/pull/19679))
+* Docker will now error out if it doesn't recognize a configuration key within the config file ([#19517](https://github.com/docker/docker/pull/19517))
+- Fix container loading, on daemon startup, when they depends on a plugin running within a container ([#19500](https://github.com/docker/docker/pull/19500))
+* `docker update` learned how to change a container restart policy ([#19116](https://github.com/docker/docker/pull/19116))
+* `docker inspect` now also returns a new `State` field containing the container state in a human readable way (i.e. one of `created`, `restarting`, `running`, `paused`, `exited` or `dead`)([#18966](https://github.com/docker/docker/pull/18966))
+ Docker learned to limit the number of active pids (i.e. processes) within the container via the `pids-limit` flags. NOTE: This requires `CGROUP_PIDS=y` to be in the kernel configuration. ([#18697](https://github.com/docker/docker/pull/18697))
+- `docker load` now has a `--quiet` option to suppress the load output ([#20078](https://github.com/docker/docker/pull/20078))
+- Fix a bug in neighbor discovery for IPv6 peers ([#20842](https://github.com/docker/docker/pull/20842))
+- Fix a panic during cleanup if a container was started with invalid options ([#21802](https://github.com/docker/docker/pull/21802))
+- Fix a situation where a container cannot be stopped if the terminal is closed ([#21840](https://github.com/docker/docker/pull/21840))
+
+### Security
+
+* Object with the `pcp_pmcd_t` selinux type were given management access to `/var/lib/docker(/.*)?` ([#21370](https://github.com/docker/docker/pull/21370))
+* `restart_syscall`, `copy_file_range`, `mlock2` joined the list of allowed calls in the default seccomp profile ([#21117](https://github.com/docker/docker/pull/21117), [#21262](https://github.com/docker/docker/pull/21262))
+* `send`, `recv` and `x32` were added to the list of allowed syscalls and arch in the default seccomp profile ([#19432](https://github.com/docker/docker/pull/19432))
+* Docker Content Trust now requests the server to perform snapshot signing ([#21046](https://github.com/docker/docker/pull/21046))
+* Support for using YubiKeys for Content Trust signing has been moved out of experimental ([#21591](https://github.com/docker/docker/pull/21591))
+
+### Volumes
+
+* Output of `docker volume ls` is now sorted by volume name ([#20389](https://github.com/docker/docker/pull/20389))
+* Local volumes can now accept options similar to the unix `mount` tool ([#20262](https://github.com/docker/docker/pull/20262))
+- Fix an issue where one letter directory name could not be used as source for volumes ([#21106](https://github.com/docker/docker/pull/21106))
+ `docker run -v` now accepts a new flag `nocopy`. This tells the runtime not to copy the container path content into the volume (which is the default behavior) ([#21223](https://github.com/docker/docker/pull/21223))
+
 ## 1.10.3 (2016-03-10)

 ### Runtime
@@ -25,9 +564,9 @@ be found.

 ### Security

- Fix linux32 emulation to fail during docker build [#20672](https://github.com/docker/docker/pull/20672)  
+- Fix linux32 emulation to fail during docker build [#20672](https://github.com/docker/docker/pull/20672)
  It was due to the `personality` syscall being blocked by the default seccomp profile.
- Fix Oracle XE 10g failing to start in a container [#20981](https://github.com/docker/docker/pull/20981)  
+- Fix Oracle XE 10g failing to start in a container [#20981](https://github.com/docker/docker/pull/20981)
  It was due to the `ipc` syscall being blocked by the default seccomp profile.
 - Fix user namespaces not working on Linux From Scratch [#20685](https://github.com/docker/docker/pull/20685)
 - Fix issue preventing daemon to start if userns is enabled and the `subuid` or `subgid` files contain comments [#20725](https://github.com/docker/docker/pull/20725)
@@ -113,7 +652,7 @@ Engine 1.10 migrator can be found on Docker Hub: https://hub.docker.com/r/docker
 + Add `--tmpfs` flag to `docker run` to create a tmpfs mount in a container [#13587](https://github.com/docker/docker/pull/13587)
 + Add `--format` flag to `docker images` command [#17692](https://github.com/docker/docker/pull/17692)
 + Allow to set daemon configuration in a file and hot-reload it with the `SIGHUP` signal [#18587](https://github.com/docker/docker/pull/18587)
-+ Updated docker events to include more meta-data and event types [#18888](https://github.com/docker/docker/pull/18888)  
+ Updated docker events to include more meta-data and event types [#18888](https://github.com/docker/docker/pull/18888)
  This change is backward compatible in the API, but not on the CLI.
 + Add `--blkio-weight-device` flag to `docker run` [#13959](https://github.com/docker/docker/pull/13959)
 + Add `--device-read-bps` and `--device-write-bps` flags to `docker run` [#14466](https://github.com/docker/docker/pull/14466)
@@ -148,18 +687,18 @@ Engine 1.10 migrator can be found on Docker Hub: https://hub.docker.com/r/docker
 + Add support for custom seccomp profiles in `--security-opt` [#17989](https://github.com/docker/docker/pull/17989)
 + Add default seccomp profile [#18780](https://github.com/docker/docker/pull/18780)
 + Add `--authorization-plugin` flag to `daemon` to customize ACLs [#15365](https://github.com/docker/docker/pull/15365)
-+ Docker Content Trust now supports the ability to read and write user delegations [#18887](https://github.com/docker/docker/pull/18887)  
-  This is an optional, opt-in feature that requires the explicit use of the Notary command-line utility in order to be enabled.  
+ Docker Content Trust now supports the ability to read and write user delegations [#18887](https://github.com/docker/docker/pull/18887)
+  This is an optional, opt-in feature that requires the explicit use of the Notary command-line utility in order to be enabled.
  Enabling delegation support in a specific repository will break the ability of Docker 1.9 and 1.8 to pull from that repository, if content trust is enabled.
 * Allow SELinux to run in a container when using the BTRFS storage driver [#16452](https://github.com/docker/docker/pull/16452)

 ### Distribution

-* Use content-addressable storage for images and layers [#17924](https://github.com/docker/docker/pull/17924)  
-  Note that a migration is performed the first time docker is run; it can take a significant amount of time depending on the number of images and containers present.  
-  Images no longer depend on the parent chain but contain a list of layer references.  
+* Use content-addressable storage for images and layers [#17924](https://github.com/docker/docker/pull/17924)
+  Note that a migration is performed the first time docker is run; it can take a significant amount of time depending on the number of images and containers present.
+  Images no longer depend on the parent chain but contain a list of layer references.
  `docker load`/`docker save` tarballs now also contain content-addressable image configurations.
-  For more information: https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration  
+  For more information: https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
 * Add support for the new [manifest format ("schema2")](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md) [#18785](https://github.com/docker/docker/pull/18785)
 * Lots of improvements for push and pull: performance++, retries on failed downloads, cancelling on client disconnect [#18353](https://github.com/docker/docker/pull/18353), [#18418](https://github.com/docker/docker/pull/18418), [#19109](https://github.com/docker/docker/pull/19109), [#18353](https://github.com/docker/docker/pull/18353)
 * Limit v1 protocol fallbacks [#18590](https://github.com/docker/docker/pull/18590)
@@ -201,8 +740,8 @@ Engine 1.10 migrator can be found on Docker Hub: https://hub.docker.com/r/docker
 ### Volumes

 + Add support to set the mount propagation mode for a volume [#17034](https://github.com/docker/docker/pull/17034)
-* Add `ls` and `inspect` endpoints to volume plugin API [#16534](https://github.com/docker/docker/pull/16534)  
-  Existing plugins need to make use of these new APIs to satisfy users' expectation  
+* Add `ls` and `inspect` endpoints to volume plugin API [#16534](https://github.com/docker/docker/pull/16534)
+  Existing plugins need to make use of these new APIs to satisfy users' expectation
  For that, please use the new MIME type `application/vnd.docker.plugins.v1.2+json` [#19549](https://github.com/docker/docker/pull/19549)
 - Fix data not being copied to named volumes [#19175](https://github.com/docker/docker/pull/19175)
 - Fix issues preventing volume drivers from being containerized [#19500](https://github.com/docker/docker/pull/19500)
@@ -681,7 +1220,7 @@ by another client (#15489)
 #### Security
 - Fix tar breakout vulnerability
 * Extractions are now sandboxed chroot
- Security options are no longer committed to images
+- Security options are no longer comitted to images

 #### Runtime
 - Fix deadlock in `docker ps -f exited=1`
@@ -890,7 +1429,7 @@ by another client (#15489)

 #### Runtime
 * Support hairpin NAT without going through Docker server.
- devicemapper: succeed immediately when removing non-existing devices.
+- devicemapper: succeed immediately when removing non-existent devices.
 - devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time and unlock while sleeping).
 - devicemapper: increase timeout in waitClose to 10 seconds.
 - devicemapper: ensure we shut down thin pool cleanly.
@@ -1011,7 +1550,7 @@ by another client (#15489)
 - Improve deprecation message.
 - Fix attach exit on darwin.
 - devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time, unlock while sleeping).
- devicemapper: succeed immediately when removing non-existing devices.
+- devicemapper: succeed immediately when removing non-existent devices.
 - devicemapper: increase timeout in waitClose to 10 seconds.
 - Remove goroutine leak on error.
 - Update parseLxcInfo to comply with new lxc1.0 format.
@@ -1107,7 +1646,7 @@ by another client (#15489)
 * Update issue filing instructions
 * Warn against the use of symlinks for Docker's storage folder
 * Replace the Firefox example with an IceWeasel example
-* Rewrite the PostgresSQL example using a Dockerfile and add more details to it
+* Rewrite the PostgreSQL example using a Dockerfile and add more details to it
 * Improve the OS X documentation

 #### Remote API
@@ -1531,7 +2070,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
 + Add -rm to docker run for removing a container on exit
 - Remove error messages which are not actually errors
 - Fix `docker rm` with volumes
- Fix some error cases where a HTTP body might not be closed
+- Fix some error cases where an HTTP body might not be closed
 - Fix panic with wrong dockercfg file
 - Fix the attach behavior with -i
 * Record termination time in state.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -4,7 +4,7 @@ Want to hack on Docker? Awesome!  We have a contributor's guide that explains
 [setting up a Docker development environment and the contribution
 process](https://docs.docker.com/opensource/project/who-written-for/). 

-![Contributors guide](docs/static_files/contributors.png)
+[![Contributors guide](docs/static_files/contributors.png)](https://docs.docker.com/opensource/project/who-written-for/)

 This page contains information about reporting issues as well as some tips and
 guidelines useful to experienced open source contributors. Finally, make sure
@@ -58,51 +58,11 @@ When sending lengthy log-files, consider posting them as a gist (https://gist.gi
 Don't forget to remove sensitive data from your logfiles before posting (you can
 replace those parts with "REDACTED").

-**Issue Report Template**:
-
-```
-Description of problem:
-
-
-`docker version`:
-
-
-`docker info`:
-
-
-`uname -a`:
-
-
-Environment details (AWS, VirtualBox, physical, etc.):
-
-
-How reproducible:
-
-
-Steps to Reproduce:
-1.
-2.
-3.
-
-
-Actual Results:
-
-
-Expected Results:
-
-
-Additional info:
-
-
-
-```
-
-
-##Quick contribution tips and guidelines
+## Quick contribution tips and guidelines

 This section gives the experienced contributor some tips and guidelines.

-###Pull requests are always welcome
+### Pull requests are always welcome

 Not sure if that typo is worth a pull request? Found a bug and know how to fix
 it? Do it! We will appreciate it. Any significant improvement should be
@@ -132,6 +92,14 @@ However, there might be a way to implement that feature *on top of* Docker.
 <table class="tg">
  <col width="45%">
  <col width="65%">
+  <tr>
+    <td>Forums</td>
+    <td>
+      A public forum for users to discuss questions and explore current design patterns and
+      best practices about Docker and related projects in the Docker Ecosystem. To participate,
+      just log in with your Docker Hub account on <a href="https://forums.docker.com" target="_blank">https://forums.docker.com</a>.
+    </td>
+  </tr>
  <tr>
    <td>Internet&nbsp;Relay&nbsp;Chat&nbsp;(IRC)</td>
    <td>
@@ -142,19 +110,19 @@ However, there might be a way to implement that feature *on top of* Docker.
        IRC is a rich chat protocol but it can overwhelm new users. You can search
        <a href="https://botbot.me/freenode/docker/#" target="_blank">our chat archives</a>.
      </p>
-      Read our <a href="https://docs.docker.com/opensource/get-help/#irc-quickstart" target="_blank">IRC quickstart guide</a> for an easy way to get started.
+      <p>
+        Read our <a href="https://docs.docker.com/opensource/get-help/#irc-quickstart" target="_blank">IRC quickstart guide</a>
+        for an easy way to get started.
+      </p>
    </td>
  </tr>
  <tr>
-    <td>Google Groups</td>
+    <td>Google Group</td>
    <td>
-      There are two groups.
-      <a href="https://groups.google.com/forum/#!forum/docker-user" target="_blank">Docker-user</a>
-      is for people using Docker containers.
      The <a href="https://groups.google.com/forum/#!forum/docker-dev" target="_blank">docker-dev</a>
-      group is for contributors and other people contributing to the Docker
-      project.
-      You can join them without an google account by sending an email to e.g. "docker-user+subscribe@googlegroups.com".
+      group is for contributors and other people contributing to the Docker project.
+      You can join them without a google account by sending an email to 
+      <a href="mailto:docker-dev+subscribe@googlegroups.com">docker-dev+subscribe@googlegroups.com</a>.
      After receiving the join-request message, you can simply reply to that to confirm the subscribtion.
    </td>
  </tr>
@@ -308,10 +276,6 @@ Use your real name (sorry, no pseudonyms or anonymous contributions.)
 If you set your `user.name` and `user.email` git configs, you can sign your
 commit automatically with `git commit -s`.

-Note that the old-style `Docker-DCO-1.1-Signed-off-by: ...` format is still
-accepted, so there is no need to update outstanding pull requests to the new
-format right away, but please do adjust your processes for future contributions.
-
 ### How can I become a maintainer?

 The procedures for adding new maintainers are explained in the 
@@ -414,7 +378,7 @@ The rules:
 5. Document _all_ declarations and methods, even private ones. Declare
   expectations, caveats and anything else that may be important. If a type
   gets exported, having the comments already there will ensure it's ready.
-6. Variable name length should be proportional to it's context and no longer.
+6. Variable name length should be proportional to its context and no longer.
   `noCommaALongVariableNameLikeThisIsNotMoreClearWhenASimpleCommentWouldDo`.
   In practice, short methods will have short variable names and globals will
   have longer names.
@@ -422,7 +386,7 @@ The rules:
   and re-examine why you need a compound name. If you still think you need a
   compound name, lose the underscore.
 8. No utils or helpers packages. If a function is not general enough to
-   warrant it's own package, it has not been written generally enough to be a
+   warrant its own package, it has not been written generally enough to be a
   part of a util package. Just leave it unexported and well-documented.
 9. All tests should run with `go test` and outside tooling should not be
   required. No, we don't need another unit testing framework. Assertion
@@ -431,6 +395,6 @@ The rules:
    guidelines. Since you've read all the rules, you now know that.

 If you are having trouble getting into the mood of idiomatic Go, we recommend
-reading through [Effective Go](http://golang.org/doc/effective_go.html). The
-[Go Blog](http://blog.golang.org/) is also a great resource. Drinking the
+reading through [Effective Go](https://golang.org/doc/effective_go.html). The
+[Go Blog](https://blog.golang.org) is also a great resource. Drinking the
 kool-aid is a lot easier than going thirsty.
--- a/85
+++ b/85
@@ -30,20 +30,23 @@ RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys E87
 	|| apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61
 RUN echo deb http://ppa.launchpad.net/zfs-native/stable/ubuntu trusty main > /etc/apt/sources.list.d/zfs.list

-# add llvm repo
-RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421 \
-	|| apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421
-RUN echo deb http://llvm.org/apt/trusty/ llvm-toolchain-trusty main > /etc/apt/sources.list.d/llvm.list
+
+# allow replacing httpredir mirror
+ARG APT_MIRROR=httpredir.debian.org
+RUN sed -i s/httpredir.debian.org/$APT_MIRROR/g /etc/apt/sources.list

 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
 	apparmor \
+	apt-utils \
 	aufs-tools \
 	automake \
 	bash-completion \
+	binutils-mingw-w64 \
+	bsdmainutils \
 	btrfs-tools \
 	build-essential \
-	clang-3.8 \
+	clang \
 	createrepo \
 	curl \
 	dpkg-sig \
@@ -64,15 +67,13 @@ RUN apt-get update && apt-get install -y \
 	python-mock \
 	python-pip \
 	python-websocket \
-	s3cmd=1.5.0* \
 	ubuntu-zfs \
 	xfsprogs \
 	libzfs-dev \
 	tar \
+	zip \
 	--no-install-recommends \
-	&& ln -snf /usr/bin/clang-3.8 /usr/local/bin/clang \
-	&& ln -snf /usr/bin/clang++-3.8 /usr/local/bin/clang++
-
+	&& pip install awscli==1.10.15
 # Get lvm2 source for compiling statically
 ENV LVM2_VERSION 2.02.103
 RUN mkdir -p /usr/local/lvm2 \
@@ -96,12 +97,12 @@ RUN set -x \
 	&& export OSXCROSS_PATH="/osxcross" \
 	&& git clone https://github.com/tpoechtrager/osxcross.git $OSXCROSS_PATH \
 	&& ( cd $OSXCROSS_PATH && git checkout -q $OSX_CROSS_COMMIT) \
-	&& curl -sSL https://s3.dockerproject.org/darwin/${OSX_SDK}.tar.xz -o "${OSXCROSS_PATH}/tarballs/${OSX_SDK}.tar.xz" \
+	&& curl -sSL https://s3.dockerproject.org/darwin/v2/${OSX_SDK}.tar.xz -o "${OSXCROSS_PATH}/tarballs/${OSX_SDK}.tar.xz" \
 	&& UNATTENDED=yes OSX_VERSION_MIN=10.6 ${OSXCROSS_PATH}/build.sh
 ENV PATH /osxcross/target/bin:$PATH

 # install seccomp: the version shipped in trusty is too old
-ENV SECCOMP_VERSION 2.3.0
+ENV SECCOMP_VERSION 2.3.1
 RUN set -x \
 	&& export SECCOMP_PATH="$(mktemp -d)" \
 	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
@@ -119,11 +120,7 @@ RUN set -x \
 # IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
 #            will need updating, to avoid errors. Ping #docker-maintainers on IRC
 #            with a heads-up.
-ENV GO_VERSION 1.6
-RUN curl -fsSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" \
-	| tar -xzC /usr/local
-ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go:/go/src/github.com/docker/docker/vendor
+ENV GO_VERSION 1.6.3

 # Compile Go for cross compilation
 ENV DOCKER_CROSSPLATFORMS \
@@ -132,6 +129,20 @@ ENV DOCKER_CROSSPLATFORMS \
 	freebsd/amd64 freebsd/386 freebsd/arm \
 	windows/amd64 windows/386

+RUN curl -fsSL "https://storage.googleapis.com/golang/go1.4.3.linux-amd64.tar.gz" \
+	| tar -xzC /root && \
+	mv /root/go /root/go1.4 && \
+	cd /usr/local && \
+	curl -fsSL "https://storage.googleapis.com/golang/go$GO_VERSION.src.tar.gz" \
+	| tar -xzC /usr/local && \
+	cd go && \
+	printf 'diff --git a/src/runtime/sys_darwin_amd64.s b/src/runtime/sys_darwin_amd64.s\nindex e09b906..fa8ff2f 100644\n--- a/src/runtime/sys_darwin_amd64.s\n+++ b/src/runtime/sys_darwin_amd64.s\n@@ -157,6 +157,7 @@ systime:\n\t// Fall back to system call (usually first call in this thread).\n\tMOVQ\tSP, DI\n\tMOVQ\t$0, SI\n+\tMOVQ\t$0, DX  // required as of Sierra; Issue 16570\n\tMOVL\t$(0x2000000+116), AX\n\tSYSCALL\n\tCMPQ\tAX, $0\n' | patch -p1 && \
+	cd src && \
+	./make.bash
+
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go:/go/src/github.com/docker/docker/vendor
+
 # This has been commented out and kept as reference because we don't support compiling with older Go anymore.
 # ENV GOFMT_VERSION 1.3.3
 # RUN curl -sSL https://storage.googleapis.com/golang/go${GOFMT_VERSION}.$(go env GOOS)-$(go env GOARCH).tar.gz | tar -C /go/bin -xz --strip-components=2 go/bin/gofmt
@@ -167,32 +178,25 @@ RUN set -x \
 		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
 	&& rm -rf "$GOPATH"

-# Install notary server
-ENV NOTARY_VERSION docker-v1.11-3
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.3.0
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
 	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
 		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
 		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
 	&& rm -rf "$GOPATH"

 # Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
+ENV DOCKER_PY_COMMIT 7befe694bd21e3c54bb1d7825270ea4bd6864c13
 RUN git clone https://github.com/docker/docker-py.git /docker-py \
 	&& cd /docker-py \
 	&& git checkout -q $DOCKER_PY_COMMIT \
 	&& pip install -r test-requirements.txt

-# Setup s3cmd config
-RUN { \
-		echo '[default]'; \
-		echo 'access_key=$AWS_ACCESS_KEY'; \
-		echo 'secret_key=$AWS_SECRET_KEY'; \
-	} > ~/.s3cfg
-
 # Set user.email so crosbymichael's in-container merge commits go smoothly
 RUN git config --global user.email 'docker-dummy@example.com'

@@ -222,7 +226,7 @@ RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
 # Download man page generator
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone --depth 1 -b v1.0.4 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
+	&& git clone --depth 1 -b v1.0.5 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
 	&& git clone --depth 1 -b v1.4 https://github.com/russross/blackfriday.git "$GOPATH/src/github.com/russross/blackfriday" \
 	&& go get -v -d github.com/cpuguy83/go-md2man \
 	&& go build -v -o /usr/local/bin/go-md2man github.com/cpuguy83/go-md2man \
@@ -237,36 +241,29 @@ RUN set -x \
 	&& go build -v -o /usr/local/bin/tomlv github.com/BurntSushi/toml/cmd/tomlv \
 	&& rm -rf "$GOPATH"

-# Build/install the tool for embedding resources in Windows binaries
-ENV RSRC_COMMIT ba14da1f827188454a4591717fff29999010887f
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/akavel/rsrc.git "$GOPATH/src/github.com/akavel/rsrc" \
-	&& (cd "$GOPATH/src/github.com/akavel/rsrc" && git checkout -q "$RSRC_COMMIT") \
-	&& go build -v -o /usr/local/bin/rsrc github.com/akavel/rsrc \
-	&& rm -rf "$GOPATH"
-
 # Install runc
-ENV RUNC_COMMIT bbde9c426ff363d813b8722f0744115c13b408b6
+ENV RUNC_COMMIT 02f8fa7863dd3f82909a73e2061897828460d52f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
 	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
 	&& git checkout -q "$RUNC_COMMIT" \
 	&& make static BUILDTAGS="seccomp apparmor selinux" \
-	&& cp runc /usr/local/bin/docker-runc
+	&& cp runc /usr/local/bin/docker-runc \
+	&& rm -rf "$GOPATH"

 # Install containerd
-ENV CONTAINERD_COMMIT 142e22a4dce86f3b8ce068a0b043489d21976bb8
+ENV CONTAINERD_COMMIT 0366d7e9693c930cf18c0f50cc16acec064e96c5
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& git clone https://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
 	&& cd "$GOPATH/src/github.com/docker/containerd" \
 	&& git checkout -q "$CONTAINERD_COMMIT" \
 	&& make static \
 	&& cp bin/containerd /usr/local/bin/docker-containerd \
 	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
-	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
+	&& rm -rf "$GOPATH"

 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -36,6 +36,7 @@ RUN apt-get update && apt-get install -y \
 	libapparmor-dev \
 	libc6-dev \
 	libcap-dev \
+	libltdl-dev \
 	libsqlite3-dev \
 	libsystemd-dev \
 	mercurial \
@@ -78,7 +79,7 @@ RUN cd /usr/local/lvm2 \
 # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL

 # install seccomp: the version shipped in trusty is too old
-ENV SECCOMP_VERSION 2.3.0
+ENV SECCOMP_VERSION 2.3.1
 RUN set -x \
 	&& export SECCOMP_PATH="$(mktemp -d)" \
 	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
@@ -96,7 +97,7 @@ RUN set -x \
 # We don't have official binary tarballs for ARM64, eigher for Go or bootstrap,
 # so we use the official armv6 released binaries as a GOROOT_BOOTSTRAP, and
 # build Go from source code.
-ENV GO_VERSION 1.5.3
+ENV GO_VERSION 1.6.3
 RUN mkdir /usr/src/go && curl -fsSL https://storage.googleapis.com/golang/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
 	&& cd /usr/src/go/src \
 	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash
@@ -116,32 +117,25 @@ RUN set -x \
 		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
 	&& rm -rf "$GOPATH"

-# Install notary server
-ENV NOTARY_VERSION docker-v1.11-3
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.3.0
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
 	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
 		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
 		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
 	&& rm -rf "$GOPATH"

 # Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
+ENV DOCKER_PY_COMMIT 7befe694bd21e3c54bb1d7825270ea4bd6864c13
 RUN git clone https://github.com/docker/docker-py.git /docker-py \
 	&& cd /docker-py \
 	&& git checkout -q $DOCKER_PY_COMMIT \
 	&& pip install -r test-requirements.txt

-# Setup s3cmd config
-RUN { \
-		echo '[default]'; \
-		echo 'access_key=$AWS_ACCESS_KEY'; \
-		echo 'secret_key=$AWS_SECRET_KEY'; \
-	} > ~/.s3cfg
-
 # Set user.email so crosbymichael's in-container merge commits go smoothly
 RUN git config --global user.email 'docker-dummy@example.com'

@@ -171,7 +165,7 @@ RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
 # Download man page generator
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone --depth 1 -b v1.0.4 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
+	&& git clone --depth 1 -b v1.0.5 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
 	&& git clone --depth 1 -b v1.4 https://github.com/russross/blackfriday.git "$GOPATH/src/github.com/russross/blackfriday" \
 	&& go get -v -d github.com/cpuguy83/go-md2man \
 	&& go build -v -o /usr/local/bin/go-md2man github.com/cpuguy83/go-md2man \
@@ -187,26 +181,28 @@ RUN set -x \
 	&& rm -rf "$GOPATH"

 # Install runc
-ENV RUNC_COMMIT bbde9c426ff363d813b8722f0744115c13b408b6
+ENV RUNC_COMMIT 02f8fa7863dd3f82909a73e2061897828460d52f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
 	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
 	&& git checkout -q "$RUNC_COMMIT" \
 	&& make static BUILDTAGS="seccomp apparmor selinux" \
-	&& cp runc /usr/local/bin/docker-runc
+	&& cp runc /usr/local/bin/docker-runc \
+	&& rm -rf "$GOPATH"

 # Install containerd
-ENV CONTAINERD_COMMIT 142e22a4dce86f3b8ce068a0b043489d21976bb8
+ENV CONTAINERD_COMMIT 0366d7e9693c930cf18c0f50cc16acec064e96c5
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& git clone https://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
 	&& cd "$GOPATH/src/github.com/docker/containerd" \
 	&& git checkout -q "$CONTAINERD_COMMIT" \
 	&& make static \
 	&& cp bin/containerd /usr/local/bin/docker-containerd \
 	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
-	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
+	&& rm -rf "$GOPATH"

 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
--- a/Dockerfile.armhf
+++ b/Dockerfile.armhf
@@ -46,7 +46,8 @@ RUN apt-get update && apt-get install -y \
 	python-websocket \
 	xfsprogs \
 	tar \
-	--no-install-recommends
+	--no-install-recommends \
+	&& pip install awscli==1.10.15

 # Get lvm2 source for compiling statically
 ENV LVM2_VERSION 2.02.103
@@ -65,7 +66,7 @@ RUN cd /usr/local/lvm2 \
 # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL

 # Install Go
-ENV GO_VERSION 1.6
+ENV GO_VERSION 1.6.3
 RUN curl -fsSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-armv6l.tar.gz" \
 	| tar -xzC /usr/local
 ENV PATH /go/bin:/usr/local/go/bin:$PATH
@@ -94,7 +95,7 @@ RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint
 	&& go install -v github.com/golang/lint/golint

 # install seccomp: the version shipped in trusty is too old
-ENV SECCOMP_VERSION 2.3.0
+ENV SECCOMP_VERSION 2.3.1
 RUN set -x \
 	&& export SECCOMP_PATH="$(mktemp -d)" \
 	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
@@ -125,20 +126,20 @@ RUN set -x \
 		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
 	&& rm -rf "$GOPATH"

-# Install notary server
-ENV NOTARY_VERSION docker-v1.11-3
+# Install notary and notary-server
+ENV NOTARY_VERSION v0.3.0
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
 	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
 		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
 		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
 	&& rm -rf "$GOPATH"

 # Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
+ENV DOCKER_PY_COMMIT 7befe694bd21e3c54bb1d7825270ea4bd6864c13
 RUN git clone https://github.com/docker/docker-py.git /docker-py \
 	&& cd /docker-py \
 	&& git checkout -q $DOCKER_PY_COMMIT \
@@ -173,7 +174,7 @@ RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
 # Download man page generator
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone --depth 1 -b v1.0.4 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
+	&& git clone --depth 1 -b v1.0.5 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
 	&& git clone --depth 1 -b v1.4 https://github.com/russross/blackfriday.git "$GOPATH/src/github.com/russross/blackfriday" \
 	&& go get -v -d github.com/cpuguy83/go-md2man \
 	&& go build -v -o /usr/local/bin/go-md2man github.com/cpuguy83/go-md2man \
@@ -188,35 +189,29 @@ RUN set -x \
 	&& go build -v -o /usr/local/bin/tomlv github.com/BurntSushi/toml/cmd/tomlv \
 	&& rm -rf "$GOPATH"

-# Build/install the tool for embedding resources in Windows binaries
-ENV RSRC_VERSION v2
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone --depth 1 -b "$RSRC_VERSION" https://github.com/akavel/rsrc.git "$GOPATH/src/github.com/akavel/rsrc" \
-	&& go build -v -o /usr/local/bin/rsrc github.com/akavel/rsrc \
-	&& rm -rf "$GOPATH"
-
 # Install runc
-ENV RUNC_COMMIT bbde9c426ff363d813b8722f0744115c13b408b6
+ENV RUNC_COMMIT 02f8fa7863dd3f82909a73e2061897828460d52f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
 	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
 	&& git checkout -q "$RUNC_COMMIT" \
 	&& make static BUILDTAGS="seccomp apparmor selinux" \
-	&& cp runc /usr/local/bin/docker-runc
+	&& cp runc /usr/local/bin/docker-runc \
+	&& rm -rf "$GOPATH"

 # Install containerd
-ENV CONTAINERD_COMMIT 142e22a4dce86f3b8ce068a0b043489d21976bb8
+ENV CONTAINERD_COMMIT 0366d7e9693c930cf18c0f50cc16acec064e96c5
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& git clone https://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
 	&& cd "$GOPATH/src/github.com/docker/containerd" \
 	&& git checkout -q "$CONTAINERD_COMMIT" \
 	&& make static \
 	&& cp bin/containerd /usr/local/bin/docker-containerd \
 	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
-	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
+	&& rm -rf "$GOPATH"

 ENTRYPOINT ["hack/dind"]

--- a/Dockerfile.gccgo
+++ b/Dockerfile.gccgo
@@ -6,7 +6,7 @@
 # docker build -t docker -f Dockerfile.gccgo .
 #

-FROM gcc:5.3
+FROM gcc:6.1

 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
@@ -43,7 +43,7 @@ RUN cd /usr/local/lvm2 \
 # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL

 # install seccomp: the version shipped in jessie is too old
-ENV SECCOMP_VERSION v2.3.0
+ENV SECCOMP_VERSION v2.3.1
 RUN set -x \
    && export SECCOMP_PATH=$(mktemp -d) \
    && git clone https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
@@ -60,7 +60,7 @@ RUN set -x \
 ENV GOPATH /go:/go/src/github.com/docker/docker/vendor

 # Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
+ENV DOCKER_PY_COMMIT 7befe694bd21e3c54bb1d7825270ea4bd6864c13
 RUN git clone https://github.com/docker/docker-py.git /docker-py \
 	&& cd /docker-py \
 	&& git checkout -q $DOCKER_PY_COMMIT
@@ -74,26 +74,28 @@ WORKDIR /go/src/github.com/docker/docker
 ENV DOCKER_BUILDTAGS apparmor seccomp selinux

 # Install runc
-ENV RUNC_COMMIT bbde9c426ff363d813b8722f0744115c13b408b6
+ENV RUNC_COMMIT 02f8fa7863dd3f82909a73e2061897828460d52f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+    && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
 	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
 	&& git checkout -q "$RUNC_COMMIT" \
 	&& make static BUILDTAGS="seccomp apparmor selinux" \
-	&& cp runc /usr/local/bin/docker-runc
+	&& cp runc /usr/local/bin/docker-runc \
+	&& rm -rf "$GOPATH"

 # Install containerd
-ENV CONTAINERD_COMMIT 142e22a4dce86f3b8ce068a0b043489d21976bb8
+ENV CONTAINERD_COMMIT 0366d7e9693c930cf18c0f50cc16acec064e96c5
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& git clone https://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
 	&& cd "$GOPATH/src/github.com/docker/containerd" \
 	&& git checkout -q "$CONTAINERD_COMMIT" \
 	&& make static \
 	&& cp bin/containerd /usr/local/bin/docker-containerd \
 	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
-	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
+	&& rm -rf "$GOPATH"

 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
--- a/Dockerfile.ppc64le
+++ b/Dockerfile.ppc64le
@@ -15,7 +15,7 @@
 # the case. Therefore, you don't have to disable it anymore.
 #

-FROM ppc64le/gcc:5.3
+FROM ppc64le/gcc:6.1

 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
@@ -71,17 +71,29 @@ RUN cd /usr/local/lvm2 \
 	&& make install_device-mapper
 # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL

-# TODO install Go, using gccgo as GOROOT_BOOTSTRAP (Go 1.5+ supports ppc64le properly)
-# possibly a ppc64le/golang image?
+# install seccomp: the version shipped in jessie is too old
+ENV SECCOMP_VERSION 2.3.1
+RUN set -x \
+        && export SECCOMP_PATH="$(mktemp -d)" \
+        && curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
+                | tar -xzC "$SECCOMP_PATH" --strip-components=1 \
+        && ( \
+                cd "$SECCOMP_PATH" \
+                && ./configure --prefix=/usr/local \
+                && make \
+                && make install \
+                && ldconfig \
+        ) \
+        && rm -rf "$SECCOMP_PATH"
+

 ## BUILD GOLANG 1.6
-ENV GO_VERSION 1.6
+# NOTE: ppc64le has compatibility issues with older versions of go, so make sure the version >= 1.6
+ENV GO_VERSION 1.6.3
 ENV GO_DOWNLOAD_URL https://golang.org/dl/go${GO_VERSION}.src.tar.gz
-ENV GO_DOWNLOAD_SHA256 a96cce8ce43a9bf9b2a4c7d470bc7ee0cb00410da815980681c8353218dcf146
 ENV GOROOT_BOOTSTRAP /usr/local

 RUN curl -fsSL "$GO_DOWNLOAD_URL" -o golang.tar.gz \
-    && echo "$GO_DOWNLOAD_SHA256  golang.tar.gz" | sha256sum -c - \
    && tar -C /usr/src -xzf golang.tar.gz \
    && rm golang.tar.gz \
    && cd /usr/src/go/src && ./make.bash 2>&1
@@ -127,7 +139,7 @@ RUN set -x \
 	&& rm -rf "$GOPATH"

 # Install notary and notary-server
-ENV NOTARY_VERSION docker-v1.11-3
+ENV NOTARY_VERSION v0.3.0
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
@@ -139,7 +151,7 @@ RUN set -x \
 	&& rm -rf "$GOPATH"

 # Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
+ENV DOCKER_PY_COMMIT 7befe694bd21e3c54bb1d7825270ea4bd6864c13
 RUN git clone https://github.com/docker/docker-py.git /docker-py \
 	&& cd /docker-py \
 	&& git checkout -q $DOCKER_PY_COMMIT \
@@ -154,7 +166,7 @@ RUN useradd --create-home --gid docker unprivilegeduser

 VOLUME /var/lib/docker
 WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux

 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
@@ -174,7 +186,7 @@ RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
 # Download man page generator
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone --depth 1 -b v1.0.4 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
+	&& git clone --depth 1 -b v1.0.5 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
 	&& git clone --depth 1 -b v1.4 https://github.com/russross/blackfriday.git "$GOPATH/src/github.com/russross/blackfriday" \
 	&& go get -v -d github.com/cpuguy83/go-md2man \
 	&& go build -v -o /usr/local/bin/go-md2man github.com/cpuguy83/go-md2man \
@@ -189,35 +201,29 @@ RUN set -x \
 	&& go build -v -o /usr/local/bin/tomlv github.com/BurntSushi/toml/cmd/tomlv \
 	&& rm -rf "$GOPATH"

-# Build/install the tool for embedding resources in Windows binaries
-ENV RSRC_VERSION v2
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone --depth 1 -b "$RSRC_VERSION" https://github.com/akavel/rsrc.git "$GOPATH/src/github.com/akavel/rsrc" \
-	&& go build -v -o /usr/local/bin/rsrc github.com/akavel/rsrc \
-	&& rm -rf "$GOPATH"
-
 # Install runc
-ENV RUNC_COMMIT bbde9c426ff363d813b8722f0744115c13b408b6
+ENV RUNC_COMMIT 02f8fa7863dd3f82909a73e2061897828460d52f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
 	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
 	&& git checkout -q "$RUNC_COMMIT" \
-	&& make static BUILDTAGS="seccomp apparmor selinux" \
-	&& cp runc /usr/local/bin/docker-runc
+	&& make static BUILDTAGS="apparmor seccomp selinux" \
+	&& cp runc /usr/local/bin/docker-runc \
+	&& rm -rf "$GOPATH"

 # Install containerd
-ENV CONTAINERD_COMMIT 142e22a4dce86f3b8ce068a0b043489d21976bb8
+ENV CONTAINERD_COMMIT 0366d7e9693c930cf18c0f50cc16acec064e96c5
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& git clone https://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
 	&& cd "$GOPATH/src/github.com/docker/containerd" \
 	&& git checkout -q "$CONTAINERD_COMMIT" \
 	&& make static \
 	&& cp bin/containerd /usr/local/bin/docker-containerd \
 	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
-	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
+	&& rm -rf "$GOPATH"

 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
--- a/Dockerfile.s390x
+++ b/Dockerfile.s390x
@@ -15,7 +15,7 @@
 # the case. Therefore, you don't have to disable it anymore.
 #

-FROM s390x/gcc:5.3
+FROM s390x/gcc:6.1

 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
@@ -48,6 +48,21 @@ RUN apt-get update && apt-get install -y \
 	tar \
 	--no-install-recommends

+# install seccomp: the version shipped in jessie is too old
+ENV SECCOMP_VERSION 2.3.1
+RUN set -x \
+	&& export SECCOMP_PATH="$(mktemp -d)" \
+	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
+		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
+	&& ( \
+		cd "$SECCOMP_PATH" \
+		&& ./configure --prefix=/usr/local \
+		&& make \
+		&& make install \
+		&& ldconfig \
+	) \
+	&& rm -rf "$SECCOMP_PATH"
+
 # Get lvm2 source for compiling statically
 ENV LVM2_VERSION 2.02.103
 RUN mkdir -p /usr/local/lvm2 \
@@ -97,28 +112,41 @@ RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint
 	&& go install -v github.com/golang/lint/golint


-# Install registry
-ENV REGISTRY_COMMIT ec87e9b6971d831f0eff752ddb54fb64693e51cd
+# Install two versions of the registry. The first is an older version that
+# only supports schema1 manifests. The second is a newer version that supports
+# both. This allows integration-cli tests to cover push/pull with both schema1
+# and schema2 manifests.
+ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
+ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
 	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
 	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
 		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
+	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
+		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
 	&& rm -rf "$GOPATH"

-# Install notary server
-ENV NOTARY_VERSION docker-v1.11-3
+# Install notary and notary-server
+#
+# Note: We have to explicitly set GO15VENDOREXPERIMENT=0 because gccgo does not
+# support vendoring: https://github.com/golang/go/issues/15628
+ENV NOTARY_VERSION v0.3.0
 RUN set -x \
+	&& export GO15VENDOREXPERIMENT=0 \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
-	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
-		go build -gccgoflags=-lpthread -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
+	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION" && ln -s . vendor/src) \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
+		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
 	&& rm -rf "$GOPATH"

 # Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
+ENV DOCKER_PY_COMMIT 7befe694bd21e3c54bb1d7825270ea4bd6864c13
 RUN git clone https://github.com/docker/docker-py.git /docker-py \
 	&& cd /docker-py \
 	&& git checkout -q $DOCKER_PY_COMMIT \
@@ -133,7 +161,7 @@ RUN useradd --create-home --gid docker unprivilegeduser

 VOLUME /var/lib/docker
 WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
+ENV DOCKER_BUILDTAGS apparmor selinux seccomp

 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
@@ -153,7 +181,7 @@ RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
 # Download man page generator
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone --depth 1 -b v1.0.4 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
+	&& git clone --depth 1 -b v1.0.5 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
 	&& git clone --depth 1 -b v1.4 https://github.com/russross/blackfriday.git "$GOPATH/src/github.com/russross/blackfriday" \
 	&& go get -v -d github.com/cpuguy83/go-md2man \
 	&& go build -v -o /usr/local/bin/go-md2man github.com/cpuguy83/go-md2man \
@@ -168,35 +196,29 @@ RUN set -x \
 	&& go build -v -o /usr/local/bin/tomlv github.com/BurntSushi/toml/cmd/tomlv \
 	&& rm -rf "$GOPATH"

-# Build/install the tool for embedding resources in Windows binaries
-ENV RSRC_VERSION v2
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone --depth 1 -b "$RSRC_VERSION" https://github.com/akavel/rsrc.git "$GOPATH/src/github.com/akavel/rsrc" \
-	&& go build -v -o /usr/local/bin/rsrc github.com/akavel/rsrc \
-	&& rm -rf "$GOPATH"
-
 # Install runc
-ENV RUNC_COMMIT bbde9c426ff363d813b8722f0744115c13b408b6
+ENV RUNC_COMMIT 02f8fa7863dd3f82909a73e2061897828460d52f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
 	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
 	&& git checkout -q "$RUNC_COMMIT" \
 	&& make static BUILDTAGS="seccomp apparmor selinux" \
-	&& cp runc /usr/local/bin/docker-runc
+	&& cp runc /usr/local/bin/docker-runc \
+	&& rm -rf "$GOPATH"

 # Install containerd
-ENV CONTAINERD_COMMIT 142e22a4dce86f3b8ce068a0b043489d21976bb8
+ENV CONTAINERD_COMMIT 0366d7e9693c930cf18c0f50cc16acec064e96c5
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& git clone https://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
 	&& cd "$GOPATH/src/github.com/docker/containerd" \
 	&& git checkout -q "$CONTAINERD_COMMIT" \
 	&& make static \
 	&& cp bin/containerd /usr/local/bin/docker-containerd \
 	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
-	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
+	&& rm -rf "$GOPATH"

 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
--- a/Dockerfile.simple
+++ b/Dockerfile.simple
@@ -12,10 +12,11 @@ FROM debian:jessie
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends \
 		btrfs-tools \
+		build-essential \
 		curl \
 		gcc \
 		git \
-		golang \
+		libapparmor-dev \
 		libdevmapper-dev \
 		libsqlite3-dev \
 		\
@@ -29,27 +30,55 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		aufs-tools \
 	&& rm -rf /var/lib/apt/lists/*

+# install seccomp: the version shipped in trusty is too old
+ENV SECCOMP_VERSION 2.3.1
+RUN set -x \
+	&& export SECCOMP_PATH="$(mktemp -d)" \
+	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
+		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
+	&& ( \
+		cd "$SECCOMP_PATH" \
+		&& ./configure --prefix=/usr/local \
+		&& make \
+		&& make install \
+		&& ldconfig \
+	) \
+	&& rm -rf "$SECCOMP_PATH"
+
+# Install Go
+# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
+#            will need updating, to avoid errors. Ping #docker-maintainers on IRC
+#            with a heads-up.
+ENV GO_VERSION 1.6.3
+RUN curl -fsSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" \
+	| tar -xzC /usr/local
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go:/go/src/github.com/docker/docker/vendor
+ENV CGO_LDFLAGS -L/lib
+
 # Install runc
-ENV RUNC_COMMIT bbde9c426ff363d813b8722f0744115c13b408b6
+ENV RUNC_COMMIT 02f8fa7863dd3f82909a73e2061897828460d52f
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
 	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
 	&& git checkout -q "$RUNC_COMMIT" \
 	&& make static BUILDTAGS="seccomp apparmor selinux" \
-	&& cp runc /usr/local/bin/docker-runc
+	&& cp runc /usr/local/bin/docker-runc \
+	&& rm -rf "$GOPATH"

 # Install containerd
-ENV CONTAINERD_COMMIT 142e22a4dce86f3b8ce068a0b043489d21976bb8
+ENV CONTAINERD_COMMIT 0366d7e9693c930cf18c0f50cc16acec064e96c5
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
-	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& git clone https://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
 	&& cd "$GOPATH/src/github.com/docker/containerd" \
 	&& git checkout -q "$CONTAINERD_COMMIT" \
 	&& make static \
 	&& cp bin/containerd /usr/local/bin/docker-containerd \
 	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
-	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
+	&& rm -rf "$GOPATH"

 ENV AUTO_GOPATH 1
 WORKDIR /usr/src/docker
--- a/Dockerfile.windows
+++ b/Dockerfile.windows
@@ -1,10 +1,10 @@
-# This file describes the standard way to build Docker, using a docker container on Windows 
+# This file describes the standard way to build Docker, using a docker container on Windows
 # Server 2016
 #
 # Usage:
 #
 # # Assemble the full dev environment. This is slow the first time. Run this from
-# # a directory containing the sources you are validating. For example from 
+# # a directory containing the sources you are validating. For example from
 # # c:\go\src\github.com\docker\docker
 #
 # docker build -t docker -f Dockerfile.windows .
@@ -19,30 +19,23 @@
 # Important notes:
 # ---------------
 #
-# 'Start-Sleep' is a deliberate workaround for a current problem on containers in Windows 
-# Server 2016. It ensures that the network is up and available for when the command is
-# network related. This bug is being tracked internally at Microsoft and exists in TP4.
-# Generally sleep 1 or 2 is probably enough, but making it 5 to make the build file
-# as bullet proof as possible. This isn't a big deal as this only runs the first time.
-#
-# The cygwin posix utilities from GIT aren't usable interactively as at January 2016. This
+# The posix utilities from GIT aren't usable interactively as at January 2016. This
 # is because they require a console window which isn't present in a container in Windows.
-# See the example at the top of this file. Do NOT use -it in that docker run!!! 
+# See the example at the top of this file. Do NOT use -it in that docker run!!!
 #
-# Don't try to use a volume for passing the source through. The cygwin posix utilities will
+# Don't try to use a volume for passing the source through. The posix utilities will
 # balk at reparse points. Again, see the example at the top of this file on how use a volume
 # to get the built binary out of the container.
 #
-# The steps are minimised dramatically to improve performance (TP4 is slow on commit)
+# The steps are minimised dramatically to improve performance

 FROM windowsservercore

 # Environment variable notes:
-#  - GOLANG_VERSION must consistent with 'Dockerfile' used by Linux'.
+#  - GO_VERSION must consistent with 'Dockerfile' used by Linux'.
 #  - FROM_DOCKERFILE is used for detection of building within a container.
-ENV GOLANG_VERSION=1.6 \
+ENV GO_VERSION=1.6.3 \
    GIT_LOCATION=https://github.com/git-for-windows/git/releases/download/v2.7.2.windows.1/Git-2.7.2-64-bit.exe \
-    RSRC_COMMIT=ba14da1f827188454a4591717fff29999010887f \
    GOPATH=C:/go;C:/go/src/github.com/docker/docker/vendor \
    FROM_DOCKERFILE=1

@@ -54,16 +47,15 @@ RUN \
 setx GOROOT "c:\go" && \
 powershell -command \
  $ErrorActionPreference = 'Stop'; \
-  Start-Sleep -Seconds 5; \
  Function Download-File([string] $source, [string] $target) { \
   $wc = New-Object net.webclient; $wc.Downloadfile($source, $target) \
  } \
  \
-  Write-Host INFO: Downloading git...; \		
+  Write-Host INFO: Downloading git...; \
  Download-File %GIT_LOCATION% gitsetup.exe; \
  \
  Write-Host INFO: Downloading go...; \
-  Download-File https://storage.googleapis.com/golang/go%GOLANG_VERSION%.windows-amd64.msi go.msi; \
+  Download-File https://storage.googleapis.com/golang/go%GO_VERSION%.windows-amd64.msi go.msi; \
  \
  Write-Host INFO: Downloading compiler 1 of 3...; \
  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/gcc.zip gcc.zip; \
@@ -90,12 +82,8 @@ RUN \
  Remove-Item go.msi; \
  Remove-Item gitsetup.exe; \
  \
-  Write-Host INFO: Cloning and installing RSRC; \
-  c:\git\bin\git.exe clone https://github.com/akavel/rsrc.git c:\go\src\github.com\akavel\rsrc; \
-  cd \go\src\github.com\akavel\rsrc; c:\git\bin\git.exe checkout -q %RSRC_COMMIT%; c:\go\bin\go.exe install -v; \
-  \
  Write-Host INFO: Completed
-  
+
 # Prepare for building
 COPY . /go/src/github.com/docker/docker

--- a/45
+++ b/45
@@ -35,15 +35,15 @@
 			"estesp",
 			"icecrime",
 			"jhowardmsft",
-			"jfrazelle",
+			"justincormack",
 			"lk4d4",
+			"mavenugo",
 			"mhbauer",
 			"runcom",
 			"tianon",
 			"tibor",
 			"tonistiigi",
 			"unclejack",
-			"vbatts",
 			"vdemeester"
 		]

@@ -90,6 +90,37 @@
 			# still stumble into him in our issue tracker, or on IRC.
 			"erikh",

+			# Jessica Frazelle, also known as the "Keyser Söze of containers",
+			# runs *everything* in containers. She started contributing to
+			# Docker with a (fun fun) change involving both iptables and regular
+			# expressions (coz, YOLO!) on July 10, 2014
+			# https://github.com/docker/docker/pull/6950/commits/f3a68ffa390fb851115c77783fa4031f1d3b2995.
+			# Jess was Release Captain for Docker 1.4, 1.6 and 1.7, and contributed
+			# many features and improvement, among which "seccomp profiles" (making 
+			# containers a lot more secure). Besides being a maintainer, she
+			# set up the CI infrastructure for the project, giving everyone
+			# something to shout at if a PR failed ("noooo Janky!").
+			# Jess is currently working on the DCOS security team at Mesosphere,
+			# and contributing to various open source projects.
+			# Be sure you don't miss her talks at a conference near you (a must-see),
+			# read her blog at https://blog.jessfraz.com (a must-read), and
+			# check out her open source projects on GitHub https://github.com/jfrazelle (a must-try).
+			"jfrazelle",
+
+			# Vincent "vbatts!" Batts made his first contribution to the project
+			# in November 2013, to become a maintainer a few months later, on 
+			# May 10, 2014 (https://github.com/docker/docker/commit/d6e666a87a01a5634c250358a94c814bf26cb778).
+			# As a maintainer, Vincent made important contributions to core elements
+			# of Docker, such as "distribution" (tarsum) and graphdrivers (btrfs, devicemapper).
+			# He also contributed the "tar-split" library, an important element
+			# for the content-addressable store.
+			# Vincent is currently a member of the Open Containers Initiative
+			# Technical Oversight Board (TOB), besides his work at Red Hat and
+			# Project Atomic. You can still find him regularly hanging out in
+			# our repository and the #docker-dev and #docker-maintainers IRC channels
+			# for a chat, as he's always a lot of fun.
+			"vbatts",
+
 			# Victor is one of the earliest contributors to Docker, having worked on the
 			# project when it was still "dotCloud" in April 2013. He's been responsible
 			# for multiple releases (https://github.com/docker/docker/pulls?q=is%3Apr+bump+in%3Atitle+author%3Avieux),
@@ -174,11 +205,21 @@
 	Email = "jess@linux.com"
 	GitHub = "jfrazelle"

+	[people.justincormack]
+	Name = "Justin Cormack"
+	Email = "justin.cormack@docker.com"
+	GitHub = "justincormack"
+
 	[people.lk4d4]
 	Name = "Alexander Morozov"
 	Email = "lk4d4@docker.com"
 	GitHub = "lk4d4"

+	[people.mavenugo]
+	Name = "Madhu Venugopal"
+	Email = "madhu@docker.com"
+	GitHub = "mavenugo"
+
 	[people.mhbauer]
 	Name = "Morgan Bauer"
 	Email = "mbauer@us.ibm.com"
--- a/65
+++ b/65
@@ -1,21 +1,24 @@
-.PHONY: all binary build cross default docs docs-build docs-shell shell test test-docker-py test-integration-cli test-unit validate
+.PHONY: all binary build build-gccgo cross default docs docs-build docs-shell shell gccgo test test-docker-py test-integration-cli test-unit validate help
+
+# set the graph driver as the current graphdriver if not set
+DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info 2>&1 | grep "Storage Driver" | sed 's/.*: //'))

 # get OS/Arch of docker engine
 DOCKER_OSARCH := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKER_ENGINE_OSARCH:-$$DOCKER_CLIENT_OSARCH}')
 DOCKERFILE := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKERFILE}')

 # env vars passed through directly to Docker's build scripts
-# to allow things like `make DOCKER_CLIENTONLY=1 binary` easily
+# to allow things like `make KEEPBUNDLE=1 binary` easily
 # `docs/sources/contributing/devenvironment.md ` and `project/PACKAGERS.md` have some limited documentation of some of these
 DOCKER_ENVS := \
 	-e BUILDFLAGS \
 	-e KEEPBUNDLE \
 	-e DOCKER_BUILD_GOGC \
 	-e DOCKER_BUILD_PKGS \
-	-e DOCKER_CLIENTONLY \
 	-e DOCKER_DEBUG \
 	-e DOCKER_EXPERIMENTAL \
-	-e DOCKER_GRAPHDRIVER \
+	-e DOCKER_GITCOMMIT \
+	-e DOCKER_GRAPHDRIVER=$(DOCKER_GRAPHDRIVER) \
 	-e DOCKER_INCREMENTAL_BINARY \
 	-e DOCKER_REMAP_ROOT \
 	-e DOCKER_STORAGE_OPTS \
@@ -37,8 +40,9 @@ DOCKER_MOUNT := $(if $(BIND_DIR),-v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/do
 DOCKER_MOUNT := $(if $(DOCKER_MOUNT),$(DOCKER_MOUNT),-v "/go/src/github.com/docker/docker/bundles")

 GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
-DOCKER_IMAGE := docker-dev$(if $(GIT_BRANCH),:$(GIT_BRANCH))
-DOCKER_DOCS_IMAGE := docker-docs$(if $(GIT_BRANCH),:$(GIT_BRANCH))
+GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g")
+DOCKER_IMAGE := docker-dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
+DOCKER_DOCS_IMAGE := docker-docs$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))

 DOCKER_FLAGS := docker run --rm -i --privileged $(DOCKER_ENVS) $(DOCKER_MOUNT)

@@ -54,52 +58,69 @@ DOCKER_RUN_DOCKER := $(DOCKER_FLAGS) "$(DOCKER_IMAGE)"

 default: binary

-all: build
+all: build ## validate all checks, build linux binaries, run all tests\ncross build non-linux binaries and generate archives
 	$(DOCKER_RUN_DOCKER) hack/make.sh

-binary: build
+binary: build ## build the linux binaries
 	$(DOCKER_RUN_DOCKER) hack/make.sh binary

 build: bundles
 	docker build ${DOCKER_BUILD_ARGS} -t "$(DOCKER_IMAGE)" -f "$(DOCKERFILE)" .

+build-gccgo: bundles
+	docker build ${DOCKER_BUILD_ARGS} -t "$(DOCKER_IMAGE)-gccgo" -f Dockerfile.gccgo .
+
 bundles:
 	mkdir bundles

-cross: build
+cross: build ## cross build the binaries for darwin, freebsd and\nwindows
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross

-
-win: build
+win: build ## cross build the binary for windows
 	$(DOCKER_RUN_DOCKER) hack/make.sh win

+tgz: build ## build the archives (.zip on windows and .tgz\notherwise) containing the binaries
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross tgz

-deb: build
+deb: build  ## build the deb packages
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-deb

-docs:
+docs: ## build the docs
 	$(MAKE) -C docs docs

-gccgo: build
-	$(DOCKER_RUN_DOCKER) hack/make.sh gccgo
+gccgo: build-gccgo ## build the gcc-go linux binaries
+	$(DOCKER_FLAGS) "$(DOCKER_IMAGE)-gccgo" hack/make.sh gccgo

-rpm: build
+install: ## install the linux binaries
+	KEEPBUNDLE=1 hack/make.sh install-binary
+
+rpm: build ## build the rpm packages
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-rpm

-shell: build
+shell: build ## start a shell inside the build env
 	$(DOCKER_RUN_DOCKER) bash

-test: build
+test: build ## run the unit, integration and docker-py tests
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary cross test-unit test-integration-cli test-docker-py

-test-docker-py: build
+test-docker-py: build ## run the docker-py tests
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-docker-py

-test-integration-cli: build
+test-integration-cli: build ## run the integration tests
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-integration-cli

-test-unit: build
+test-unit: build ## run the unit tests
 	$(DOCKER_RUN_DOCKER) hack/make.sh test-unit

-validate: build
+validate: build ## validate DCO, Seccomp profile generation, gofmt,\n./pkg/ isolation, golint, tests, tomls, go vet and vendor 
 	$(DOCKER_RUN_DOCKER) hack/make.sh validate-dco validate-default-seccomp validate-gofmt validate-pkg validate-lint validate-test validate-toml validate-vet validate-vendor
+
+manpages: ## Generate man pages from go source and markdown
+	docker build -t docker-manpage-dev -f "man/$(DOCKERFILE)" ./man
+	docker run \
+		-v $(PWD):/go/src/github.com/docker/docker/ \
+		docker-manpage-dev
+
+help: ## this help
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+
--- a/README.md
+++ b/README.md
@@ -13,17 +13,17 @@ databases, and backend services without depending on a particular stack
 or provider.

 Docker began as an open-source implementation of the deployment engine which
-powers [dotCloud](https://www.dotcloud.com), a popular Platform-as-a-Service.
-It benefits directly from the experience accumulated over several years
-of large-scale operation and support of hundreds of thousands of
-applications and databases.
+powered [dotCloud](http://web.archive.org/web/20130530031104/https://www.dotcloud.com/),
+a popular Platform-as-a-Service. It benefits directly from the experience
+accumulated over several years of large-scale operation and support of hundreds
+of thousands of applications and databases.

-![](docs/static_files/docker-logo-compressed.png "Docker")
+![Docker logo](docs/static_files/docker-logo-compressed.png "Docker")

 ## Security Disclosure

-Security is very important to us. If you have any issue regarding security, 
-please disclose the information responsibly by sending an email to 
+Security is very important to us. If you have any issue regarding security,
+please disclose the information responsibly by sending an email to
 security@docker.com and not by creating a github issue.

 ## Better than VMs
@@ -148,9 +148,6 @@ on servers for running them. To get started, [check out the installation
 instructions in the
 documentation](https://docs.docker.com/engine/installation/).

-We also offer an [interactive tutorial](https://www.docker.com/tryit/)
-for quickly learning the basics of using Docker.
-
 Usage examples
 ==============

@@ -191,8 +188,8 @@ feels wrong or incomplete. Better yet, submit a PR and improve them yourself.
 Getting the development builds
 ==============================

-Want to run Docker from a master build? You can download 
-master builds at [master.dockerproject.org](https://master.dockerproject.org). 
+Want to run Docker from a master build? You can download
+master builds at [master.dockerproject.org](https://master.dockerproject.org).
 They are updated with each commit merged into the master branch.

 Don't know how to use that super cool new feature in the master build? Check
@@ -225,17 +222,23 @@ We are always open to suggestions on process improvements, and are always lookin
      Read our <a href="https://docs.docker.com/project/get-help/#irc-quickstart" target="_blank">IRC quickstart guide</a> for an easy way to get started.
    </td>
  </tr>
+  <tr>
+    <td>Docker Community Forums</td>
+    <td>
+      The <a href="https://forums.docker.com/c/open-source-projects/de" target="_blank">Docker Engine</a>
+      group is for users of the Docker Engine project.
+    </td>
+  </tr>
  <tr>
    <td>Google Groups</td>
    <td>
-      There are two groups.
-      <a href="https://groups.google.com/forum/#!forum/docker-user" target="_blank">Docker-user</a>
-      is for people using Docker containers.
-      The <a href="https://groups.google.com/forum/#!forum/docker-dev" target="_blank">docker-dev</a>
-      group is for contributors and other people contributing to the Docker
-      project.
-      You can join them without an google account by sending an email to e.g. "docker-user+subscribe@googlegroups.com".
-      After receiving the join-request message, you can simply reply to that to confirm the subscribtion.
+      The <a href="https://groups.google.com/forum/#!forum/docker-dev"
+      target="_blank">docker-dev</a> group is for contributors and other people
+      contributing to the Docker project.  You can join this group without a
+      Google account by sending an email to <a
+      href="mailto:docker-dev+subscribe@googlegroups.com">docker-dev+subscribe@googlegroups.com</a>.
+      You'll receive a join-request message; simply reply to the message to
+      confirm your subscribtion.
    </td>
  </tr>
  <tr>
@@ -282,18 +285,18 @@ There are a number of projects under development that are based on Docker's
 core technology. These projects expand the tooling built around the
 Docker platform to broaden its application and utility.

-* [Docker Registry](https://github.com/docker/distribution): Registry 
+* [Docker Registry](https://github.com/docker/distribution): Registry
 server for Docker (hosting/delivery of repositories and images)
-* [Docker Machine](https://github.com/docker/machine): Machine management 
+* [Docker Machine](https://github.com/docker/machine): Machine management
 for a container-centric world
-* [Docker Swarm](https://github.com/docker/swarm): A Docker-native clustering 
+* [Docker Swarm](https://github.com/docker/swarm): A Docker-native clustering
 system
-* [Docker Compose](https://github.com/docker/compose) (formerly Fig): 
+* [Docker Compose](https://github.com/docker/compose) (formerly Fig):
 Define and run multi-container apps
-* [Kitematic](https://github.com/docker/kitematic): The easiest way to use 
+* [Kitematic](https://github.com/docker/kitematic): The easiest way to use
 Docker on Mac and Windows

-If you know of another project underway that should be listed here, please help 
+If you know of another project underway that should be listed here, please help
 us keep this list up-to-date by submitting a PR.

 Awesome-Docker
--- a/VENDORING.md
+++ b/VENDORING.md
@@ -38,7 +38,7 @@ to the MAJOR.MINOR.PATCH format."

 ## Vendoring cadence
 In order to avoid huge vendoring changes, it is recommended to have a regular
-cadence for vendoring updates. eg. monthly.
+cadence for vendoring updates. e.g. monthly.

 ## Pre-merge vendoring tests
 All related repos will be vendored into docker/docker.
--- a/2
+++ b/2
@@ -1 +1 @@
-1.11.0-dev
+1.12.2
--- a/api/client/attach.go
+++ b/api/client/attach.go
@@ -1,109 +0,0 @@
-package client
-
-import (
-	"fmt"
-	"io"
-
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
-	Cli "github.com/docker/docker/cli"
-	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/pkg/signal"
-	"github.com/docker/engine-api/types"
-)
-
-// CmdAttach attaches to a running container.
-//
-// Usage: docker attach [OPTIONS] CONTAINER
-func (cli *DockerCli) CmdAttach(args ...string) error {
-	cmd := Cli.Subcmd("attach", []string{"CONTAINER"}, Cli.DockerCommands["attach"].Description, true)
-	noStdin := cmd.Bool([]string{"-no-stdin"}, false, "Do not attach STDIN")
-	proxy := cmd.Bool([]string{"-sig-proxy"}, true, "Proxy all received signals to the process")
-	detachKeys := cmd.String([]string{"-detach-keys"}, "", "Override the key sequence for detaching a container")
-
-	cmd.Require(flag.Exact, 1)
-
-	cmd.ParseFlags(args, true)
-
-	c, err := cli.client.ContainerInspect(context.Background(), cmd.Arg(0))
-	if err != nil {
-		return err
-	}
-
-	if !c.State.Running {
-		return fmt.Errorf("You cannot attach to a stopped container, start it first")
-	}
-
-	if c.State.Paused {
-		return fmt.Errorf("You cannot attach to a paused container, unpause it first")
-	}
-
-	if err := cli.CheckTtyInput(!*noStdin, c.Config.Tty); err != nil {
-		return err
-	}
-
-	if *detachKeys != "" {
-		cli.configFile.DetachKeys = *detachKeys
-	}
-
-	options := types.ContainerAttachOptions{
-		ContainerID: cmd.Arg(0),
-		Stream:      true,
-		Stdin:       !*noStdin && c.Config.OpenStdin,
-		Stdout:      true,
-		Stderr:      true,
-		DetachKeys:  cli.configFile.DetachKeys,
-	}
-
-	var in io.ReadCloser
-	if options.Stdin {
-		in = cli.in
-	}
-
-	if *proxy && !c.Config.Tty {
-		sigc := cli.forwardAllSignals(options.ContainerID)
-		defer signal.StopCatch(sigc)
-	}
-
-	resp, err := cli.client.ContainerAttach(context.Background(), options)
-	if err != nil {
-		return err
-	}
-	defer resp.Close()
-	if in != nil && c.Config.Tty {
-		if err := cli.setRawTerminal(); err != nil {
-			return err
-		}
-		defer cli.restoreTerminal(in)
-	}
-
-	if c.Config.Tty && cli.isTerminalOut {
-		height, width := cli.getTtySize()
-		// To handle the case where a user repeatedly attaches/detaches without resizing their
-		// terminal, the only way to get the shell prompt to display for attaches 2+ is to artificially
-		// resize it, then go back to normal. Without this, every attach after the first will
-		// require the user to manually resize or hit enter.
-		cli.resizeTtyTo(cmd.Arg(0), height+1, width+1, false)
-
-		// After the above resizing occurs, the call to monitorTtySize below will handle resetting back
-		// to the actual size.
-		if err := cli.monitorTtySize(cmd.Arg(0), false); err != nil {
-			logrus.Debugf("Error monitoring TTY size: %s", err)
-		}
-	}
-
-	if err := cli.holdHijackedConnection(c.Config.Tty, in, cli.out, cli.err, resp); err != nil {
-		return err
-	}
-
-	_, status, err := getExitCode(cli, options.ContainerID)
-	if err != nil {
-		return err
-	}
-	if status != 0 {
-		return Cli.StatusError{StatusCode: status}
-	}
-
-	return nil
-}
--- a/api/client/bundlefile/bundlefile.go
+++ b/api/client/bundlefile/bundlefile.go
@@ -0,0 +1,71 @@
+// +build experimental
+
+package bundlefile
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+)
+
+// Bundlefile stores the contents of a bundlefile
+type Bundlefile struct {
+	Version  string
+	Services map[string]Service
+}
+
+// Service is a service from a bundlefile
+type Service struct {
+	Image      string
+	Command    []string          `json:",omitempty"`
+	Args       []string          `json:",omitempty"`
+	Env        []string          `json:",omitempty"`
+	Labels     map[string]string `json:",omitempty"`
+	Ports      []Port            `json:",omitempty"`
+	WorkingDir *string           `json:",omitempty"`
+	User       *string           `json:",omitempty"`
+	Networks   []string          `json:",omitempty"`
+}
+
+// Port is a port as defined in a bundlefile
+type Port struct {
+	Protocol string
+	Port     uint32
+}
+
+// LoadFile loads a bundlefile from a path to the file
+func LoadFile(reader io.Reader) (*Bundlefile, error) {
+	bundlefile := &Bundlefile{}
+
+	decoder := json.NewDecoder(reader)
+	if err := decoder.Decode(bundlefile); err != nil {
+		switch jsonErr := err.(type) {
+		case *json.SyntaxError:
+			return nil, fmt.Errorf(
+				"JSON syntax error at byte %v: %s",
+				jsonErr.Offset,
+				jsonErr.Error())
+		case *json.UnmarshalTypeError:
+			return nil, fmt.Errorf(
+				"Unexpected type at byte %v. Expected %s but received %s.",
+				jsonErr.Offset,
+				jsonErr.Type,
+				jsonErr.Value)
+		}
+		return nil, err
+	}
+
+	return bundlefile, nil
+}
+
+// Print writes the contents of the bundlefile to the output writer
+// as human readable json
+func Print(out io.Writer, bundle *Bundlefile) error {
+	bytes, err := json.MarshalIndent(*bundle, "", "    ")
+	if err != nil {
+		return err
+	}
+
+	_, err = out.Write(bytes)
+	return err
+}
--- a/api/client/bundlefile/bundlefile_test.go
+++ b/api/client/bundlefile/bundlefile_test.go
@@ -0,0 +1,79 @@
+// +build experimental
+
+package bundlefile
+
+import (
+	"bytes"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/pkg/testutil/assert"
+)
+
+func TestLoadFileV01Success(t *testing.T) {
+	reader := strings.NewReader(`{
+		"Version": "0.1",
+		"Services": {
+			"redis": {
+				"Image": "redis@sha256:4b24131101fa0117bcaa18ac37055fffd9176aa1a240392bb8ea85e0be50f2ce",
+				"Networks": ["default"]
+			},
+			"web": {
+				"Image": "dockercloud/hello-world@sha256:fe79a2cfbd17eefc344fb8419420808df95a1e22d93b7f621a7399fd1e9dca1d",
+				"Networks": ["default"],
+				"User": "web"
+			}
+		}
+	}`)
+
+	bundle, err := LoadFile(reader)
+	assert.NilError(t, err)
+	assert.Equal(t, bundle.Version, "0.1")
+	assert.Equal(t, len(bundle.Services), 2)
+}
+
+func TestLoadFileSyntaxError(t *testing.T) {
+	reader := strings.NewReader(`{
+		"Version": "0.1",
+		"Services": unquoted string
+	}`)
+
+	_, err := LoadFile(reader)
+	assert.Error(t, err, "syntax error at byte 37: invalid character 'u'")
+}
+
+func TestLoadFileTypeError(t *testing.T) {
+	reader := strings.NewReader(`{
+		"Version": "0.1",
+		"Services": {
+			"web": {
+				"Image": "redis",
+				"Networks": "none"
+			}
+		}
+	}`)
+
+	_, err := LoadFile(reader)
+	assert.Error(t, err, "Unexpected type at byte 94. Expected []string but received string")
+}
+
+func TestPrint(t *testing.T) {
+	var buffer bytes.Buffer
+	bundle := &Bundlefile{
+		Version: "0.1",
+		Services: map[string]Service{
+			"web": {
+				Image:   "image",
+				Command: []string{"echo", "something"},
+			},
+		},
+	}
+	assert.NilError(t, Print(&buffer, bundle))
+	output := buffer.String()
+	assert.Contains(t, output, "\"Image\": \"image\"")
+	assert.Contains(t, output,
+		`"Command": [
+                "echo",
+                "something"
+            ]`)
+}
--- a/api/client/cli.go
+++ b/api/client/cli.go
@@ -9,8 +9,9 @@ import (
 	"runtime"

 	"github.com/docker/docker/api"
-	"github.com/docker/docker/cli"
+	cliflags "github.com/docker/docker/cli/flags"
 	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/cliconfig/configfile"
 	"github.com/docker/docker/cliconfig/credentials"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/opts"
@@ -27,7 +28,7 @@ type DockerCli struct {
 	init func() error

 	// configFile has the client configuration file
-	configFile *cliconfig.ConfigFile
+	configFile *configfile.ConfigFile
 	// in holds the input stream and closer (io.ReadCloser) for the client.
 	in io.ReadCloser
 	// out holds the output stream (io.Writer) for the client.
@@ -46,8 +47,10 @@ type DockerCli struct {
 	isTerminalOut bool
 	// client is the http client that performs all API operations
 	client client.APIClient
-	// state holds the terminal state
-	state *term.State
+	// state holds the terminal input state
+	inState *term.State
+	// outState holds the terminal output state
+	outState *term.State
 }

 // Initialize calls the init function that will setup the configuration for the client
@@ -59,6 +62,41 @@ func (cli *DockerCli) Initialize() error {
 	return cli.init()
 }

+// Client returns the APIClient
+func (cli *DockerCli) Client() client.APIClient {
+	return cli.client
+}
+
+// Out returns the writer used for stdout
+func (cli *DockerCli) Out() io.Writer {
+	return cli.out
+}
+
+// Err returns the writer used for stderr
+func (cli *DockerCli) Err() io.Writer {
+	return cli.err
+}
+
+// In returns the reader used for stdin
+func (cli *DockerCli) In() io.ReadCloser {
+	return cli.in
+}
+
+// ConfigFile returns the ConfigFile
+func (cli *DockerCli) ConfigFile() *configfile.ConfigFile {
+	return cli.configFile
+}
+
+// IsTerminalOut returns true if the clients stdin is a TTY
+func (cli *DockerCli) IsTerminalOut() bool {
+	return cli.isTerminalOut
+}
+
+// OutFd returns the fd for the stdout stream
+func (cli *DockerCli) OutFd() uintptr {
+	return cli.outFd
+}
+
 // CheckTtyInput checks if we are trying to attach to a container tty
 // from a non-tty client input stream, and if so, returns an error.
 func (cli *DockerCli) CheckTtyInput(attachStdin, ttyMode bool) error {
@@ -66,7 +104,11 @@ func (cli *DockerCli) CheckTtyInput(attachStdin, ttyMode bool) error {
 	// be a tty itself: redirecting or piping the client standard input is
 	// incompatible with `docker run -t`, `docker exec -t` or `docker attach`.
 	if ttyMode && attachStdin && !cli.isTerminalIn {
-		return errors.New("cannot enable tty mode on non tty input")
+		eText := "the input device is not a TTY"
+		if runtime.GOOS == "windows" {
+			return errors.New(eText + ".  If you are using mintty, try prefixing the command with 'winpty'")
+		}
+		return errors.New(eText)
 	}
 	return nil
 }
@@ -84,19 +126,31 @@ func (cli *DockerCli) ImagesFormat() string {
 }

 func (cli *DockerCli) setRawTerminal() error {
-	if cli.isTerminalIn && os.Getenv("NORAW") == "" {
-		state, err := term.SetRawTerminal(cli.inFd)
-		if err != nil {
-			return err
+	if os.Getenv("NORAW") == "" {
+		if cli.isTerminalIn {
+			state, err := term.SetRawTerminal(cli.inFd)
+			if err != nil {
+				return err
+			}
+			cli.inState = state
+		}
+		if cli.isTerminalOut {
+			state, err := term.SetRawTerminalOutput(cli.outFd)
+			if err != nil {
+				return err
+			}
+			cli.outState = state
 		}
-		cli.state = state
 	}
 	return nil
 }

 func (cli *DockerCli) restoreTerminal(in io.Closer) error {
-	if cli.state != nil {
-		term.RestoreTerminal(cli.inFd, cli.state)
+	if cli.inState != nil {
+		term.RestoreTerminal(cli.inFd, cli.inState)
+	}
+	if cli.outState != nil {
+		term.RestoreTerminal(cli.outFd, cli.outState)
 	}
 	// WARNING: DO NOT REMOVE THE OS CHECK !!!
 	// For some reason this Close call blocks on darwin..
@@ -112,7 +166,7 @@ func (cli *DockerCli) restoreTerminal(in io.Closer) error {
 // The key file, protocol (i.e. unix) and address are passed in as strings, along with the tls.Config. If the tls.Config
 // is set the client scheme will be set to https.
 // The client will be given a 32-second timeout (see https://github.com/docker/docker/pull/8035).
-func NewDockerCli(in io.ReadCloser, out, err io.Writer, clientFlags *cli.ClientFlags) *DockerCli {
+func NewDockerCli(in io.ReadCloser, out, err io.Writer, clientFlags *cliflags.ClientFlags) *DockerCli {
 	cli := &DockerCli{
 		in:      in,
 		out:     out,
@@ -122,40 +176,13 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, clientFlags *cli.ClientF

 	cli.init = func() error {
 		clientFlags.PostParse()
-		configFile, e := cliconfig.Load(cliconfig.ConfigDir())
-		if e != nil {
-			fmt.Fprintf(cli.err, "WARNING: Error loading config file:%v\n", e)
-		}
-		if !configFile.ContainsAuth() {
-			credentials.DetectDefaultStore(configFile)
-		}
-		cli.configFile = configFile
+		cli.configFile = LoadDefaultConfigFile(err)

-		host, err := getServerHost(clientFlags.Common.Hosts, clientFlags.Common.TLSOptions)
+		client, err := NewAPIClientFromFlags(clientFlags, cli.configFile)
 		if err != nil {
 			return err
 		}

-		customHeaders := cli.configFile.HTTPHeaders
-		if customHeaders == nil {
-			customHeaders = map[string]string{}
-		}
-		customHeaders["User-Agent"] = clientUserAgent()
-
-		verStr := api.DefaultVersion.String()
-		if tmpStr := os.Getenv("DOCKER_API_VERSION"); tmpStr != "" {
-			verStr = tmpStr
-		}
-
-		httpClient, err := newHTTPClient(host, clientFlags.Common.TLSOptions)
-		if err != nil {
-			return err
-		}
-
-		client, err := client.NewClient(host, verStr, httpClient, customHeaders)
-		if err != nil {
-			return err
-		}
 		cli.client = client

 		if cli.in != nil {
@@ -171,6 +198,45 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, clientFlags *cli.ClientF
 	return cli
 }

+// LoadDefaultConfigFile attempts to load the default config file and returns
+// an initialized ConfigFile struct if none is found.
+func LoadDefaultConfigFile(err io.Writer) *configfile.ConfigFile {
+	configFile, e := cliconfig.Load(cliconfig.ConfigDir())
+	if e != nil {
+		fmt.Fprintf(err, "WARNING: Error loading config file:%v\n", e)
+	}
+	if !configFile.ContainsAuth() {
+		credentials.DetectDefaultStore(configFile)
+	}
+	return configFile
+}
+
+// NewAPIClientFromFlags creates a new APIClient from command line flags
+func NewAPIClientFromFlags(clientFlags *cliflags.ClientFlags, configFile *configfile.ConfigFile) (client.APIClient, error) {
+	host, err := getServerHost(clientFlags.Common.Hosts, clientFlags.Common.TLSOptions)
+	if err != nil {
+		return &client.Client{}, err
+	}
+
+	customHeaders := configFile.HTTPHeaders
+	if customHeaders == nil {
+		customHeaders = map[string]string{}
+	}
+	customHeaders["User-Agent"] = clientUserAgent()
+
+	verStr := api.DefaultVersion
+	if tmpStr := os.Getenv("DOCKER_API_VERSION"); tmpStr != "" {
+		verStr = tmpStr
+	}
+
+	httpClient, err := newHTTPClient(host, clientFlags.Common.TLSOptions)
+	if err != nil {
+		return &client.Client{}, err
+	}
+
+	return client.NewClient(host, verStr, httpClient, customHeaders)
+}
+
 func getServerHost(hosts []string, tlsOptions *tlsconfig.Options) (host string, err error) {
 	switch len(hosts) {
 	case 0:
--- a/api/client/commands.go
+++ b/api/client/commands.go
@@ -0,0 +1,11 @@
+package client
+
+// Command returns a cli command handler if one exists
+func (cli *DockerCli) Command(name string) func(...string) error {
+	return map[string]func(...string) error{
+		"exec":    cli.CmdExec,
+		"info":    cli.CmdInfo,
+		"inspect": cli.CmdInspect,
+		"update":  cli.CmdUpdate,
+	}[name]
+}
--- a/api/client/commit.go
+++ b/api/client/commit.go
@@ -1,85 +0,0 @@
-package client
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	Cli "github.com/docker/docker/cli"
-	"github.com/docker/docker/opts"
-	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/reference"
-	"github.com/docker/engine-api/types"
-	"github.com/docker/engine-api/types/container"
-)
-
-// CmdCommit creates a new image from a container's changes.
-//
-// Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
-func (cli *DockerCli) CmdCommit(args ...string) error {
-	cmd := Cli.Subcmd("commit", []string{"CONTAINER [REPOSITORY[:TAG]]"}, Cli.DockerCommands["commit"].Description, true)
-	flPause := cmd.Bool([]string{"p", "-pause"}, true, "Pause container during commit")
-	flComment := cmd.String([]string{"m", "-message"}, "", "Commit message")
-	flAuthor := cmd.String([]string{"a", "-author"}, "", "Author (e.g., \"John Hannibal Smith <hannibal@a-team.com>\")")
-	flChanges := opts.NewListOpts(nil)
-	cmd.Var(&flChanges, []string{"c", "-change"}, "Apply Dockerfile instruction to the created image")
-	// FIXME: --run is deprecated, it will be replaced with inline Dockerfile commands.
-	flConfig := cmd.String([]string{"#-run"}, "", "This option is deprecated and will be removed in a future version in favor of inline Dockerfile-compatible commands")
-	cmd.Require(flag.Max, 2)
-	cmd.Require(flag.Min, 1)
-
-	cmd.ParseFlags(args, true)
-
-	var (
-		name             = cmd.Arg(0)
-		repositoryAndTag = cmd.Arg(1)
-		repositoryName   string
-		tag              string
-	)
-
-	//Check if the given image name can be resolved
-	if repositoryAndTag != "" {
-		ref, err := reference.ParseNamed(repositoryAndTag)
-		if err != nil {
-			return err
-		}
-
-		repositoryName = ref.Name()
-
-		switch x := ref.(type) {
-		case reference.Canonical:
-			return errors.New("cannot commit to digest reference")
-		case reference.NamedTagged:
-			tag = x.Tag()
-		}
-	}
-
-	var config *container.Config
-	if *flConfig != "" {
-		config = &container.Config{}
-		if err := json.Unmarshal([]byte(*flConfig), config); err != nil {
-			return err
-		}
-	}
-
-	options := types.ContainerCommitOptions{
-		ContainerID:    name,
-		RepositoryName: repositoryName,
-		Tag:            tag,
-		Comment:        *flComment,
-		Author:         *flAuthor,
-		Changes:        flChanges.GetAll(),
-		Pause:          *flPause,
-		Config:         config,
-	}
-
-	response, err := cli.client.ContainerCommit(context.Background(), options)
-	if err != nil {
-		return err
-	}
-
-	fmt.Fprintln(cli.out, response.ID)
-	return nil
-}
--- a/api/client/container/attach.go
+++ b/api/client/container/attach.go
@@ -0,0 +1,129 @@
+package container
+
+import (
+	"fmt"
+	"io"
+	"net/http/httputil"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/engine-api/types"
+	"github.com/spf13/cobra"
+)
+
+type attachOptions struct {
+	noStdin    bool
+	proxy      bool
+	detachKeys string
+
+	container string
+}
+
+// NewAttachCommand creats a new cobra.Command for `docker attach`
+func NewAttachCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts attachOptions
+
+	cmd := &cobra.Command{
+		Use:   "attach [OPTIONS] CONTAINER",
+		Short: "Attach to a running container",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			return runAttach(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVar(&opts.noStdin, "no-stdin", false, "Do not attach STDIN")
+	flags.BoolVar(&opts.proxy, "sig-proxy", true, "Proxy all received signals to the process")
+	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
+	return cmd
+}
+
+func runAttach(dockerCli *client.DockerCli, opts *attachOptions) error {
+	ctx := context.Background()
+
+	c, err := dockerCli.Client().ContainerInspect(ctx, opts.container)
+	if err != nil {
+		return err
+	}
+
+	if !c.State.Running {
+		return fmt.Errorf("You cannot attach to a stopped container, start it first")
+	}
+
+	if c.State.Paused {
+		return fmt.Errorf("You cannot attach to a paused container, unpause it first")
+	}
+
+	if err := dockerCli.CheckTtyInput(!opts.noStdin, c.Config.Tty); err != nil {
+		return err
+	}
+
+	if opts.detachKeys != "" {
+		dockerCli.ConfigFile().DetachKeys = opts.detachKeys
+	}
+
+	options := types.ContainerAttachOptions{
+		Stream:     true,
+		Stdin:      !opts.noStdin && c.Config.OpenStdin,
+		Stdout:     true,
+		Stderr:     true,
+		DetachKeys: dockerCli.ConfigFile().DetachKeys,
+	}
+
+	var in io.ReadCloser
+	if options.Stdin {
+		in = dockerCli.In()
+	}
+
+	if opts.proxy && !c.Config.Tty {
+		sigc := dockerCli.ForwardAllSignals(ctx, opts.container)
+		defer signal.StopCatch(sigc)
+	}
+
+	resp, errAttach := dockerCli.Client().ContainerAttach(ctx, opts.container, options)
+	if errAttach != nil && errAttach != httputil.ErrPersistEOF {
+		// ContainerAttach returns an ErrPersistEOF (connection closed)
+		// means server met an error and put it in Hijacked connection
+		// keep the error and read detailed error message from hijacked connection later
+		return errAttach
+	}
+	defer resp.Close()
+
+	if c.Config.Tty && dockerCli.IsTerminalOut() {
+		height, width := dockerCli.GetTtySize()
+		// To handle the case where a user repeatedly attaches/detaches without resizing their
+		// terminal, the only way to get the shell prompt to display for attaches 2+ is to artificially
+		// resize it, then go back to normal. Without this, every attach after the first will
+		// require the user to manually resize or hit enter.
+		dockerCli.ResizeTtyTo(ctx, opts.container, height+1, width+1, false)
+
+		// After the above resizing occurs, the call to MonitorTtySize below will handle resetting back
+		// to the actual size.
+		if err := dockerCli.MonitorTtySize(ctx, opts.container, false); err != nil {
+			logrus.Debugf("Error monitoring TTY size: %s", err)
+		}
+	}
+	if err := dockerCli.HoldHijackedConnection(ctx, c.Config.Tty, in, dockerCli.Out(), dockerCli.Err(), resp); err != nil {
+		return err
+	}
+
+	if errAttach != nil {
+		return errAttach
+	}
+
+	_, status, err := getExitCode(dockerCli, ctx, opts.container)
+	if err != nil {
+		return err
+	}
+	if status != 0 {
+		return cli.StatusError{StatusCode: status}
+	}
+
+	return nil
+}
--- a/api/client/container/commit.go
+++ b/api/client/container/commit.go
@@ -0,0 +1,92 @@
+package container
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	dockeropts "github.com/docker/docker/opts"
+	"github.com/docker/engine-api/types"
+	containertypes "github.com/docker/engine-api/types/container"
+	"github.com/spf13/cobra"
+)
+
+type commitOptions struct {
+	container string
+	reference string
+
+	pause   bool
+	comment string
+	author  string
+	changes dockeropts.ListOpts
+	config  string
+}
+
+// NewCommitCommand creats a new cobra.Command for `docker commit`
+func NewCommitCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts commitOptions
+
+	cmd := &cobra.Command{
+		Use:   "commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]",
+		Short: "Create a new image from a container's changes",
+		Args:  cli.RequiresRangeArgs(1, 2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			if len(args) > 1 {
+				opts.reference = args[1]
+			}
+			return runCommit(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.SetInterspersed(false)
+
+	flags.BoolVarP(&opts.pause, "pause", "p", true, "Pause container during commit")
+	flags.StringVarP(&opts.comment, "message", "m", "", "Commit message")
+	flags.StringVarP(&opts.author, "author", "a", "", "Author (e.g., \"John Hannibal Smith <hannibal@a-team.com>\")")
+
+	opts.changes = dockeropts.NewListOpts(nil)
+	flags.VarP(&opts.changes, "change", "c", "Apply Dockerfile instruction to the created image")
+
+	// FIXME: --run is deprecated, it will be replaced with inline Dockerfile commands.
+	flags.StringVar(&opts.config, "run", "", "This option is deprecated and will be removed in a future version in favor of inline Dockerfile-compatible commands")
+	flags.MarkDeprecated("run", "it will be replaced with inline Dockerfile commands.")
+
+	return cmd
+}
+
+func runCommit(dockerCli *client.DockerCli, opts *commitOptions) error {
+	ctx := context.Background()
+
+	name := opts.container
+	reference := opts.reference
+
+	var config *containertypes.Config
+	if opts.config != "" {
+		config = &containertypes.Config{}
+		if err := json.Unmarshal([]byte(opts.config), config); err != nil {
+			return err
+		}
+	}
+
+	options := types.ContainerCommitOptions{
+		Reference: reference,
+		Comment:   opts.comment,
+		Author:    opts.author,
+		Changes:   opts.changes.GetAll(),
+		Pause:     opts.pause,
+		Config:    config,
+	}
+
+	response, err := dockerCli.Client().ContainerCommit(ctx, name, options)
+	if err != nil {
+		return err
+	}
+
+	fmt.Fprintln(dockerCli.Out(), response.ID)
+	return nil
+}
--- a/api/client/container/cp.go
+++ b/api/client/container/cp.go
@@ -1,4 +1,4 @@
-package client
+package container

 import (
 	"fmt"
@@ -9,13 +9,20 @@ import (

 	"golang.org/x/net/context"

-	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
 	"github.com/docker/docker/pkg/archive"
-	flag "github.com/docker/docker/pkg/mflag"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/engine-api/types"
+	"github.com/spf13/cobra"
 )

+type copyOptions struct {
+	source      string
+	destination string
+	followLink  bool
+}
+
 type copyDirection int

 const (
@@ -28,46 +35,45 @@ type cpConfig struct {
 	followLink bool
 }

-// CmdCp copies files/folders to or from a path in a container.
-//
-// When copying from a container, if DEST_PATH is '-' the data is written as a
-// tar archive file to STDOUT.
-//
-// When copying to a container, if SRC_PATH is '-' the data is read as a tar
-// archive file from STDIN, and the destination CONTAINER:DEST_PATH, must specify
-// a directory.
-//
-// Usage:
-// 	docker cp CONTAINER:SRC_PATH DEST_PATH|-
-// 	docker cp SRC_PATH|- CONTAINER:DEST_PATH
-func (cli *DockerCli) CmdCp(args ...string) error {
-	cmd := Cli.Subcmd(
-		"cp",
-		[]string{"CONTAINER:SRC_PATH DEST_PATH|-", "SRC_PATH|- CONTAINER:DEST_PATH"},
-		strings.Join([]string{
-			Cli.DockerCommands["cp"].Description,
+// NewCopyCommand creates a new `docker cp` command
+func NewCopyCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts copyOptions
+
+	cmd := &cobra.Command{
+		Use: `cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
+	docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH`,
+		Short: "Copy files/folders between a container and the local filesystem",
+		Long: strings.Join([]string{
+			"Copy files/folders between a container and the local filesystem\n",
 			"\nUse '-' as the source to read a tar archive from stdin\n",
 			"and extract it to a directory destination in a container.\n",
 			"Use '-' as the destination to stream a tar archive of a\n",
 			"container source to stdout.",
 		}, ""),
-		true,
-	)
-
-	followLink := cmd.Bool([]string{"L", "-follow-link"}, false, "Always follow symbol link in SRC_PATH")
-
-	cmd.Require(flag.Exact, 2)
-	cmd.ParseFlags(args, true)
-
-	if cmd.Arg(0) == "" {
-		return fmt.Errorf("source can not be empty")
-	}
-	if cmd.Arg(1) == "" {
-		return fmt.Errorf("destination can not be empty")
+		Args: cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if args[0] == "" {
+				return fmt.Errorf("source can not be empty")
+			}
+			if args[1] == "" {
+				return fmt.Errorf("destination can not be empty")
+			}
+			opts.source = args[0]
+			opts.destination = args[1]
+			return runCopy(dockerCli, opts)
+		},
 	}

-	srcContainer, srcPath := splitCpArg(cmd.Arg(0))
-	dstContainer, dstPath := splitCpArg(cmd.Arg(1))
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.followLink, "follow-link", "L", false, "Always follow symbol link in SRC_PATH")
+
+	return cmd
+}
+
+func runCopy(dockerCli *client.DockerCli, opts copyOptions) error {
+	srcContainer, srcPath := splitCpArg(opts.source)
+	dstContainer, dstPath := splitCpArg(opts.destination)

 	var direction copyDirection
 	if srcContainer != "" {
@@ -78,14 +84,16 @@ func (cli *DockerCli) CmdCp(args ...string) error {
 	}

 	cpParam := &cpConfig{
-		followLink: *followLink,
+		followLink: opts.followLink,
 	}

+	ctx := context.Background()
+
 	switch direction {
 	case fromContainer:
-		return cli.copyFromContainer(srcContainer, srcPath, dstPath, cpParam)
+		return copyFromContainer(ctx, dockerCli, srcContainer, srcPath, dstPath, cpParam)
 	case toContainer:
-		return cli.copyToContainer(srcPath, dstContainer, dstPath, cpParam)
+		return copyToContainer(ctx, dockerCli, srcPath, dstContainer, dstPath, cpParam)
 	case acrossContainers:
 		// Copying between containers isn't supported.
 		return fmt.Errorf("copying between containers is not supported")
@@ -95,39 +103,8 @@ func (cli *DockerCli) CmdCp(args ...string) error {
 	}
 }

-// We use `:` as a delimiter between CONTAINER and PATH, but `:` could also be
-// in a valid LOCALPATH, like `file:name.txt`. We can resolve this ambiguity by
-// requiring a LOCALPATH with a `:` to be made explicit with a relative or
-// absolute path:
-// 	`/path/to/file:name.txt` or `./file:name.txt`
-//
-// This is apparently how `scp` handles this as well:
-// 	http://www.cyberciti.biz/faq/rsync-scp-file-name-with-colon-punctuation-in-it/
-//
-// We can't simply check for a filepath separator because container names may
-// have a separator, e.g., "host0/cname1" if container is in a Docker cluster,
-// so we have to check for a `/` or `.` prefix. Also, in the case of a Windows
-// client, a `:` could be part of an absolute Windows path, in which case it
-// is immediately proceeded by a backslash.
-func splitCpArg(arg string) (container, path string) {
-	if system.IsAbs(arg) {
-		// Explicit local absolute path, e.g., `C:\foo` or `/foo`.
-		return "", arg
-	}
-
-	parts := strings.SplitN(arg, ":", 2)
-
-	if len(parts) == 1 || strings.HasPrefix(parts[0], ".") {
-		// Either there's no `:` in the arg
-		// OR it's an explicit local relative path like `./file:name.txt`.
-		return "", arg
-	}
-
-	return parts[0], parts[1]
-}
-
-func (cli *DockerCli) statContainerPath(containerName, path string) (types.ContainerPathStat, error) {
-	return cli.client.ContainerStatPath(context.Background(), containerName, path)
+func statContainerPath(ctx context.Context, dockerCli *client.DockerCli, containerName, path string) (types.ContainerPathStat, error) {
+	return dockerCli.Client().ContainerStatPath(ctx, containerName, path)
 }

 func resolveLocalPath(localPath string) (absPath string, err error) {
@@ -138,7 +115,7 @@ func resolveLocalPath(localPath string) (absPath string, err error) {
 	return archive.PreserveTrailingDotOrSeparator(absPath, localPath), nil
 }

-func (cli *DockerCli) copyFromContainer(srcContainer, srcPath, dstPath string, cpParam *cpConfig) (err error) {
+func copyFromContainer(ctx context.Context, dockerCli *client.DockerCli, srcContainer, srcPath, dstPath string, cpParam *cpConfig) (err error) {
 	if dstPath != "-" {
 		// Get an absolute destination path.
 		dstPath, err = resolveLocalPath(dstPath)
@@ -150,7 +127,7 @@ func (cli *DockerCli) copyFromContainer(srcContainer, srcPath, dstPath string, c
 	// if client requests to follow symbol link, then must decide target file to be copied
 	var rebaseName string
 	if cpParam.followLink {
-		srcStat, err := cli.statContainerPath(srcContainer, srcPath)
+		srcStat, err := statContainerPath(ctx, dockerCli, srcContainer, srcPath)

 		// If the destination is a symbolic link, we should follow it.
 		if err == nil && srcStat.Mode&os.ModeSymlink != 0 {
@@ -167,7 +144,7 @@ func (cli *DockerCli) copyFromContainer(srcContainer, srcPath, dstPath string, c

 	}

-	content, stat, err := cli.client.CopyFromContainer(context.Background(), srcContainer, srcPath)
+	content, stat, err := dockerCli.Client().CopyFromContainer(ctx, srcContainer, srcPath)
 	if err != nil {
 		return err
 	}
@@ -199,7 +176,7 @@ func (cli *DockerCli) copyFromContainer(srcContainer, srcPath, dstPath string, c
 	return archive.CopyTo(preArchive, srcInfo, dstPath)
 }

-func (cli *DockerCli) copyToContainer(srcPath, dstContainer, dstPath string, cpParam *cpConfig) (err error) {
+func copyToContainer(ctx context.Context, dockerCli *client.DockerCli, srcPath, dstContainer, dstPath string, cpParam *cpConfig) (err error) {
 	if srcPath != "-" {
 		// Get an absolute source path.
 		srcPath, err = resolveLocalPath(srcPath)
@@ -215,7 +192,7 @@ func (cli *DockerCli) copyToContainer(srcPath, dstContainer, dstPath string, cpP

 	// Prepare destination copy info by stat-ing the container path.
 	dstInfo := archive.CopyInfo{Path: dstPath}
-	dstStat, err := cli.statContainerPath(dstContainer, dstPath)
+	dstStat, err := statContainerPath(ctx, dockerCli, dstContainer, dstPath)

 	// If the destination is a symbolic link, we should evaluate it.
 	if err == nil && dstStat.Mode&os.ModeSymlink != 0 {
@@ -227,7 +204,7 @@ func (cli *DockerCli) copyToContainer(srcPath, dstContainer, dstPath string, cpP
 		}

 		dstInfo.Path = linkTarget
-		dstStat, err = cli.statContainerPath(dstContainer, linkTarget)
+		dstStat, err = statContainerPath(ctx, dockerCli, dstContainer, linkTarget)
 	}

 	// Ignore any error and assume that the parent directory of the destination
@@ -288,11 +265,39 @@ func (cli *DockerCli) copyToContainer(srcPath, dstContainer, dstPath string, cpP
 	}

 	options := types.CopyToContainerOptions{
-		ContainerID:               dstContainer,
-		Path:                      resolvedDstPath,
-		Content:                   content,
 		AllowOverwriteDirWithFile: false,
 	}

-	return cli.client.CopyToContainer(context.Background(), options)
+	return dockerCli.Client().CopyToContainer(ctx, dstContainer, resolvedDstPath, content, options)
+}
+
+// We use `:` as a delimiter between CONTAINER and PATH, but `:` could also be
+// in a valid LOCALPATH, like `file:name.txt`. We can resolve this ambiguity by
+// requiring a LOCALPATH with a `:` to be made explicit with a relative or
+// absolute path:
+// 	`/path/to/file:name.txt` or `./file:name.txt`
+//
+// This is apparently how `scp` handles this as well:
+// 	http://www.cyberciti.biz/faq/rsync-scp-file-name-with-colon-punctuation-in-it/
+//
+// We can't simply check for a filepath separator because container names may
+// have a separator, e.g., "host0/cname1" if container is in a Docker cluster,
+// so we have to check for a `/` or `.` prefix. Also, in the case of a Windows
+// client, a `:` could be part of an absolute Windows path, in which case it
+// is immediately proceeded by a backslash.
+func splitCpArg(arg string) (container, path string) {
+	if system.IsAbs(arg) {
+		// Explicit local absolute path, e.g., `C:\foo` or `/foo`.
+		return "", arg
+	}
+
+	parts := strings.SplitN(arg, ":", 2)
+
+	if len(parts) == 1 || strings.HasPrefix(parts[0], ".") {
+		// Either there's no `:` in the arg
+		// OR it's an explicit local relative path like `./file:name.txt`.
+		return "", arg
+	}
+
+	return parts[0], parts[1]
 }
--- a/api/client/container/create.go
+++ b/api/client/container/create.go
@@ -0,0 +1,217 @@
+package container
+
+import (
+	"fmt"
+	"io"
+	"os"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/jsonmessage"
+	// FIXME migrate to docker/distribution/reference
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	apiclient "github.com/docker/engine-api/client"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/container"
+	networktypes "github.com/docker/engine-api/types/network"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+type createOptions struct {
+	name string
+}
+
+// NewCreateCommand creats a new cobra.Command for `docker create`
+func NewCreateCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts createOptions
+	var copts *runconfigopts.ContainerOptions
+
+	cmd := &cobra.Command{
+		Use:   "create [OPTIONS] IMAGE [COMMAND] [ARG...]",
+		Short: "Create a new container",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			copts.Image = args[0]
+			if len(args) > 1 {
+				copts.Args = args[1:]
+			}
+			return runCreate(dockerCli, cmd.Flags(), &opts, copts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.SetInterspersed(false)
+
+	flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
+
+	// Add an explicit help that doesn't have a `-h` to prevent the conflict
+	// with hostname
+	flags.Bool("help", false, "Print usage")
+
+	client.AddTrustedFlags(flags, true)
+	copts = runconfigopts.AddFlags(flags)
+	return cmd
+}
+
+func runCreate(dockerCli *client.DockerCli, flags *pflag.FlagSet, opts *createOptions, copts *runconfigopts.ContainerOptions) error {
+	config, hostConfig, networkingConfig, err := runconfigopts.Parse(flags, copts)
+	if err != nil {
+		reportError(dockerCli.Err(), "create", err.Error(), true)
+		return cli.StatusError{StatusCode: 125}
+	}
+	response, err := createContainer(context.Background(), dockerCli, config, hostConfig, networkingConfig, hostConfig.ContainerIDFile, opts.name)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(dockerCli.Out(), "%s\n", response.ID)
+	return nil
+}
+
+func pullImage(ctx context.Context, dockerCli *client.DockerCli, image string, out io.Writer) error {
+	ref, err := reference.ParseNamed(image)
+	if err != nil {
+		return err
+	}
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
+	if err != nil {
+		return err
+	}
+
+	authConfig := dockerCli.ResolveAuthConfig(ctx, repoInfo.Index)
+	encodedAuth, err := client.EncodeAuthToBase64(authConfig)
+	if err != nil {
+		return err
+	}
+
+	options := types.ImageCreateOptions{
+		RegistryAuth: encodedAuth,
+	}
+
+	responseBody, err := dockerCli.Client().ImageCreate(ctx, image, options)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	return jsonmessage.DisplayJSONMessagesStream(
+		responseBody,
+		out,
+		dockerCli.OutFd(),
+		dockerCli.IsTerminalOut(),
+		nil)
+}
+
+type cidFile struct {
+	path    string
+	file    *os.File
+	written bool
+}
+
+func (cid *cidFile) Close() error {
+	cid.file.Close()
+
+	if !cid.written {
+		if err := os.Remove(cid.path); err != nil {
+			return fmt.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
+		}
+	}
+
+	return nil
+}
+
+func (cid *cidFile) Write(id string) error {
+	if _, err := cid.file.Write([]byte(id)); err != nil {
+		return fmt.Errorf("Failed to write the container ID to the file: %s", err)
+	}
+	cid.written = true
+	return nil
+}
+
+func newCIDFile(path string) (*cidFile, error) {
+	if _, err := os.Stat(path); err == nil {
+		return nil, fmt.Errorf("Container ID file found, make sure the other container isn't running or delete %s", path)
+	}
+
+	f, err := os.Create(path)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to create the container ID file: %s", err)
+	}
+
+	return &cidFile{path: path, file: f}, nil
+}
+
+func createContainer(ctx context.Context, dockerCli *client.DockerCli, config *container.Config, hostConfig *container.HostConfig, networkingConfig *networktypes.NetworkingConfig, cidfile, name string) (*types.ContainerCreateResponse, error) {
+	stderr := dockerCli.Err()
+
+	var containerIDFile *cidFile
+	if cidfile != "" {
+		var err error
+		if containerIDFile, err = newCIDFile(cidfile); err != nil {
+			return nil, err
+		}
+		defer containerIDFile.Close()
+	}
+
+	var trustedRef reference.Canonical
+	_, ref, err := reference.ParseIDOrReference(config.Image)
+	if err != nil {
+		return nil, err
+	}
+	if ref != nil {
+		ref = reference.WithDefaultTag(ref)
+
+		if ref, ok := ref.(reference.NamedTagged); ok && client.IsTrusted() {
+			var err error
+			trustedRef, err = dockerCli.TrustedReference(ctx, ref)
+			if err != nil {
+				return nil, err
+			}
+			config.Image = trustedRef.String()
+		}
+	}
+
+	//create the container
+	response, err := dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, name)
+
+	//if image not found try to pull it
+	if err != nil {
+		if apiclient.IsErrImageNotFound(err) && ref != nil {
+			fmt.Fprintf(stderr, "Unable to find image '%s' locally\n", ref.String())
+
+			// we don't want to write to stdout anything apart from container.ID
+			if err = pullImage(ctx, dockerCli, config.Image, stderr); err != nil {
+				return nil, err
+			}
+			if ref, ok := ref.(reference.NamedTagged); ok && trustedRef != nil {
+				if err := dockerCli.TagTrusted(ctx, trustedRef, ref); err != nil {
+					return nil, err
+				}
+			}
+			// Retry
+			var retryErr error
+			response, retryErr = dockerCli.Client().ContainerCreate(ctx, config, hostConfig, networkingConfig, name)
+			if retryErr != nil {
+				return nil, retryErr
+			}
+		} else {
+			return nil, err
+		}
+	}
+
+	for _, warning := range response.Warnings {
+		fmt.Fprintf(stderr, "WARNING: %s\n", warning)
+	}
+	if containerIDFile != nil {
+		if err = containerIDFile.Write(response.ID); err != nil {
+			return nil, err
+		}
+	}
+	return &response, nil
+}
--- a/api/client/container/diff.go
+++ b/api/client/container/diff.go
@@ -0,0 +1,60 @@
+package container
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/spf13/cobra"
+)
+
+type diffOptions struct {
+	container string
+}
+
+// NewDiffCommand creates a new cobra.Command for `docker diff`
+func NewDiffCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts diffOptions
+
+	cmd := &cobra.Command{
+		Use:   "diff CONTAINER",
+		Short: "Inspect changes on a container's filesystem",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			return runDiff(dockerCli, &opts)
+		},
+	}
+
+	return cmd
+}
+
+func runDiff(dockerCli *client.DockerCli, opts *diffOptions) error {
+	if opts.container == "" {
+		return fmt.Errorf("Container name cannot be empty")
+	}
+	ctx := context.Background()
+
+	changes, err := dockerCli.Client().ContainerDiff(ctx, opts.container)
+	if err != nil {
+		return err
+	}
+
+	for _, change := range changes {
+		var kind string
+		switch change.Kind {
+		case archive.ChangeModify:
+			kind = "C"
+		case archive.ChangeAdd:
+			kind = "A"
+		case archive.ChangeDelete:
+			kind = "D"
+		}
+		fmt.Fprintf(dockerCli.Out(), "%s %s\n", kind, change.Path)
+	}
+
+	return nil
+}
--- a/api/client/container/export.go
+++ b/api/client/container/export.go
@@ -0,0 +1,59 @@
+package container
+
+import (
+	"errors"
+	"io"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type exportOptions struct {
+	container string
+	output    string
+}
+
+// NewExportCommand creates a new `docker export` command
+func NewExportCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts exportOptions
+
+	cmd := &cobra.Command{
+		Use:   "export [OPTIONS] CONTAINER",
+		Short: "Export a container's filesystem as a tar archive",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			return runExport(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.StringVarP(&opts.output, "output", "o", "", "Write to a file, instead of STDOUT")
+
+	return cmd
+}
+
+func runExport(dockerCli *client.DockerCli, opts exportOptions) error {
+	if opts.output == "" && dockerCli.IsTerminalOut() {
+		return errors.New("Cowardly refusing to save to a terminal. Use the -o flag or redirect.")
+	}
+
+	clnt := dockerCli.Client()
+
+	responseBody, err := clnt.ContainerExport(context.Background(), opts.container)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	if opts.output == "" {
+		_, err := io.Copy(dockerCli.Out(), responseBody)
+		return err
+	}
+
+	return client.CopyToFile(opts.output, responseBody)
+}
--- a/api/client/container/kill.go
+++ b/api/client/container/kill.go
@@ -0,0 +1,53 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type killOptions struct {
+	signal string
+
+	containers []string
+}
+
+// NewKillCommand creats a new cobra.Command for `docker kill`
+func NewKillCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts killOptions
+
+	cmd := &cobra.Command{
+		Use:   "kill [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Kill one or more running containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runKill(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.signal, "signal", "s", "KILL", "Signal to send to the container")
+	return cmd
+}
+
+func runKill(dockerCli *client.DockerCli, opts *killOptions) error {
+	var errs []string
+	ctx := context.Background()
+	for _, name := range opts.containers {
+		if err := dockerCli.Client().ContainerKill(ctx, name, opts.signal); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", name)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/container/logs.go
+++ b/api/client/container/logs.go
@@ -0,0 +1,87 @@
+package container
+
+import (
+	"fmt"
+	"io"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/docker/engine-api/types"
+	"github.com/spf13/cobra"
+)
+
+var validDrivers = map[string]bool{
+	"json-file": true,
+	"journald":  true,
+}
+
+type logsOptions struct {
+	follow     bool
+	since      string
+	timestamps bool
+	details    bool
+	tail       string
+
+	container string
+}
+
+// NewLogsCommand creats a new cobra.Command for `docker logs`
+func NewLogsCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts logsOptions
+
+	cmd := &cobra.Command{
+		Use:   "logs [OPTIONS] CONTAINER",
+		Short: "Fetch the logs of a container",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			return runLogs(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.follow, "follow", "f", false, "Follow log output")
+	flags.StringVar(&opts.since, "since", "", "Show logs since timestamp")
+	flags.BoolVarP(&opts.timestamps, "timestamps", "t", false, "Show timestamps")
+	flags.BoolVar(&opts.details, "details", false, "Show extra details provided to logs")
+	flags.StringVar(&opts.tail, "tail", "all", "Number of lines to show from the end of the logs")
+	return cmd
+}
+
+func runLogs(dockerCli *client.DockerCli, opts *logsOptions) error {
+	ctx := context.Background()
+
+	c, err := dockerCli.Client().ContainerInspect(ctx, opts.container)
+	if err != nil {
+		return err
+	}
+
+	if !validDrivers[c.HostConfig.LogConfig.Type] {
+		return fmt.Errorf("\"logs\" command is supported only for \"json-file\" and \"journald\" logging drivers (got: %s)", c.HostConfig.LogConfig.Type)
+	}
+
+	options := types.ContainerLogsOptions{
+		ShowStdout: true,
+		ShowStderr: true,
+		Since:      opts.since,
+		Timestamps: opts.timestamps,
+		Follow:     opts.follow,
+		Tail:       opts.tail,
+		Details:    opts.details,
+	}
+	responseBody, err := dockerCli.Client().ContainerLogs(ctx, opts.container, options)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	if c.Config.Tty {
+		_, err = io.Copy(dockerCli.Out(), responseBody)
+	} else {
+		_, err = stdcopy.StdCopy(dockerCli.Out(), dockerCli.Err(), responseBody)
+	}
+	return err
+}
--- a/api/client/container/pause.go
+++ b/api/client/container/pause.go
@@ -0,0 +1,50 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type pauseOptions struct {
+	containers []string
+}
+
+// NewPauseCommand creats a new cobra.Command for `docker pause`
+func NewPauseCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts pauseOptions
+
+	cmd := &cobra.Command{
+		Use:   "pause CONTAINER [CONTAINER...]",
+		Short: "Pause all processes within one or more containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runPause(dockerCli, &opts)
+		},
+	}
+
+	return cmd
+}
+
+func runPause(dockerCli *client.DockerCli, opts *pauseOptions) error {
+	ctx := context.Background()
+
+	var errs []string
+	for _, container := range opts.containers {
+		if err := dockerCli.Client().ContainerPause(ctx, container); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/container/port.go
+++ b/api/client/container/port.go
@@ -0,0 +1,79 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/go-connections/nat"
+	"github.com/spf13/cobra"
+)
+
+type portOptions struct {
+	container string
+
+	port string
+}
+
+// NewPortCommand creats a new cobra.Command for `docker port`
+func NewPortCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts portOptions
+
+	cmd := &cobra.Command{
+		Use:   "port CONTAINER [PRIVATE_PORT[/PROTO]]",
+		Short: "List port mappings or a specific mapping for the container",
+		Args:  cli.RequiresRangeArgs(1, 2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			if len(args) > 1 {
+				opts.port = args[1]
+			}
+			return runPort(dockerCli, &opts)
+		},
+	}
+
+	return cmd
+}
+
+func runPort(dockerCli *client.DockerCli, opts *portOptions) error {
+	ctx := context.Background()
+
+	c, err := dockerCli.Client().ContainerInspect(ctx, opts.container)
+	if err != nil {
+		return err
+	}
+
+	if opts.port != "" {
+		port := opts.port
+		proto := "tcp"
+		parts := strings.SplitN(port, "/", 2)
+
+		if len(parts) == 2 && len(parts[1]) != 0 {
+			port = parts[0]
+			proto = parts[1]
+		}
+		natPort := port + "/" + proto
+		newP, err := nat.NewPort(proto, port)
+		if err != nil {
+			return err
+		}
+		if frontends, exists := c.NetworkSettings.Ports[newP]; exists && frontends != nil {
+			for _, frontend := range frontends {
+				fmt.Fprintf(dockerCli.Out(), "%s:%s\n", frontend.HostIP, frontend.HostPort)
+			}
+			return nil
+		}
+		return fmt.Errorf("Error: No public port '%s' published for %s", natPort, opts.container)
+	}
+
+	for from, frontends := range c.NetworkSettings.Ports {
+		for _, frontend := range frontends {
+			fmt.Fprintf(dockerCli.Out(), "%s -> %s:%s\n", from, frontend.HostIP, frontend.HostPort)
+		}
+	}
+
+	return nil
+}
--- a/api/client/container/ps.go
+++ b/api/client/container/ps.go
@@ -0,0 +1,125 @@
+package container
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/api/client/formatter"
+	"github.com/docker/docker/cli"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/filters"
+
+	"github.com/docker/docker/utils/templates"
+	"github.com/spf13/cobra"
+	"io/ioutil"
+)
+
+type psOptions struct {
+	quiet   bool
+	size    bool
+	all     bool
+	noTrunc bool
+	nLatest bool
+	last    int
+	format  string
+	filter  []string
+}
+
+type preProcessor struct {
+	opts *types.ContainerListOptions
+}
+
+// Size sets the size option when called by a template execution.
+func (p *preProcessor) Size() bool {
+	p.opts.Size = true
+	return true
+}
+
+// NewPsCommand creates a new cobra.Command for `docker ps`
+func NewPsCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts psOptions
+
+	cmd := &cobra.Command{
+		Use:   "ps [OPTIONS]",
+		Short: "List containers",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runPs(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display numeric IDs")
+	flags.BoolVarP(&opts.size, "size", "s", false, "Display total file sizes")
+	flags.BoolVarP(&opts.all, "all", "a", false, "Show all containers (default shows just running)")
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
+	flags.BoolVarP(&opts.nLatest, "latest", "l", false, "Show the latest created container (includes all states)")
+	flags.IntVarP(&opts.last, "last", "n", -1, "Show n last created containers (includes all states)")
+	flags.StringVarP(&opts.format, "format", "", "", "Pretty-print containers using a Go template")
+	flags.StringSliceVarP(&opts.filter, "filter", "f", []string{}, "Filter output based on conditions provided")
+
+	return cmd
+}
+
+func runPs(dockerCli *client.DockerCli, opts *psOptions) error {
+	ctx := context.Background()
+
+	if opts.nLatest && opts.last == -1 {
+		opts.last = 1
+	}
+
+	containerFilterArgs := filters.NewArgs()
+	for _, f := range opts.filter {
+		var err error
+		containerFilterArgs, err = filters.ParseFlag(f, containerFilterArgs)
+		if err != nil {
+			return err
+		}
+	}
+
+	options := types.ContainerListOptions{
+		All:    opts.all,
+		Limit:  opts.last,
+		Size:   opts.size,
+		Filter: containerFilterArgs,
+	}
+
+	pre := &preProcessor{opts: &options}
+	tmpl, err := templates.Parse(opts.format)
+
+	if err != nil {
+		return err
+	}
+
+	_ = tmpl.Execute(ioutil.Discard, pre)
+
+	containers, err := dockerCli.Client().ContainerList(ctx, options)
+	if err != nil {
+		return err
+	}
+
+	f := opts.format
+	if len(f) == 0 {
+		if len(dockerCli.PsFormat()) > 0 && !opts.quiet {
+			f = dockerCli.PsFormat()
+		} else {
+			f = "table"
+		}
+	}
+
+	psCtx := formatter.ContainerContext{
+		Context: formatter.Context{
+			Output: dockerCli.Out(),
+			Format: f,
+			Quiet:  opts.quiet,
+			Trunc:  !opts.noTrunc,
+		},
+		Size:       opts.size,
+		Containers: containers,
+	}
+
+	psCtx.Write()
+
+	return nil
+}
--- a/api/client/container/rename.go
+++ b/api/client/container/rename.go
@@ -0,0 +1,52 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type renameOptions struct {
+	oldName string
+	newName string
+}
+
+// NewRenameCommand creats a new cobra.Command for `docker rename`
+func NewRenameCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts renameOptions
+
+	cmd := &cobra.Command{
+		Use:   "rename CONTAINER NEW_NAME",
+		Short: "Rename a container",
+		Args:  cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.oldName = args[0]
+			opts.newName = args[1]
+			return runRename(dockerCli, &opts)
+		},
+	}
+
+	return cmd
+}
+
+func runRename(dockerCli *client.DockerCli, opts *renameOptions) error {
+	ctx := context.Background()
+
+	oldName := strings.TrimSpace(opts.oldName)
+	newName := strings.TrimSpace(opts.newName)
+
+	if oldName == "" || newName == "" {
+		return fmt.Errorf("Error: Neither old nor new names may be empty")
+	}
+
+	if err := dockerCli.Client().ContainerRename(ctx, oldName, newName); err != nil {
+		fmt.Fprintf(dockerCli.Err(), "%s\n", err)
+		return fmt.Errorf("Error: failed to rename container named %s", oldName)
+	}
+	return nil
+}
--- a/api/client/container/restart.go
+++ b/api/client/container/restart.go
@@ -0,0 +1,55 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type restartOptions struct {
+	nSeconds int
+
+	containers []string
+}
+
+// NewRestartCommand creates a new cobra.Command for `docker restart`
+func NewRestartCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts restartOptions
+
+	cmd := &cobra.Command{
+		Use:   "restart [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Restart a container",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runRestart(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.IntVarP(&opts.nSeconds, "time", "t", 10, "Seconds to wait for stop before killing the container")
+	return cmd
+}
+
+func runRestart(dockerCli *client.DockerCli, opts *restartOptions) error {
+	ctx := context.Background()
+	var errs []string
+	for _, name := range opts.containers {
+		timeout := time.Duration(opts.nSeconds) * time.Second
+		if err := dockerCli.Client().ContainerRestart(ctx, name, &timeout); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", name)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/container/rm.go
+++ b/api/client/container/rm.go
@@ -0,0 +1,76 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/engine-api/types"
+	"github.com/spf13/cobra"
+)
+
+type rmOptions struct {
+	rmVolumes bool
+	rmLink    bool
+	force     bool
+
+	containers []string
+}
+
+// NewRmCommand creates a new cobra.Command for `docker rm`
+func NewRmCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts rmOptions
+
+	cmd := &cobra.Command{
+		Use:   "rm [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Remove one or more containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runRm(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.rmVolumes, "volumes", "v", false, "Remove the volumes associated with the container")
+	flags.BoolVarP(&opts.rmLink, "link", "l", false, "Remove the specified link")
+	flags.BoolVarP(&opts.force, "force", "f", false, "Force the removal of a running container (uses SIGKILL)")
+	return cmd
+}
+
+func runRm(dockerCli *client.DockerCli, opts *rmOptions) error {
+	ctx := context.Background()
+
+	var errs []string
+	for _, name := range opts.containers {
+		if name == "" {
+			return fmt.Errorf("Container name cannot be empty")
+		}
+		name = strings.Trim(name, "/")
+
+		if err := removeContainer(dockerCli, ctx, name, opts.rmVolumes, opts.rmLink, opts.force); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", name)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
+
+func removeContainer(dockerCli *client.DockerCli, ctx context.Context, container string, removeVolumes, removeLinks, force bool) error {
+	options := types.ContainerRemoveOptions{
+		RemoveVolumes: removeVolumes,
+		RemoveLinks:   removeLinks,
+		Force:         force,
+	}
+	if err := dockerCli.Client().ContainerRemove(ctx, container, options); err != nil {
+		return err
+	}
+	return nil
+}
--- a/api/client/container/run.go
+++ b/api/client/container/run.go
@@ -0,0 +1,326 @@
+package container
+
+import (
+	"fmt"
+	"io"
+	"net/http/httputil"
+	"os"
+	"runtime"
+	"strings"
+	"syscall"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	opttypes "github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/promise"
+	"github.com/docker/docker/pkg/signal"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/libnetwork/resolvconf/dns"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+const (
+	errCmdNotFound          = "not found or does not exist"
+	errCmdCouldNotBeInvoked = "could not be invoked"
+)
+
+type runOptions struct {
+	autoRemove bool
+	detach     bool
+	sigProxy   bool
+	name       string
+	detachKeys string
+}
+
+// NewRunCommand create a new `docker run` command
+func NewRunCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts runOptions
+	var copts *runconfigopts.ContainerOptions
+
+	cmd := &cobra.Command{
+		Use:   "run [OPTIONS] IMAGE [COMMAND] [ARG...]",
+		Short: "Run a command in a new container",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			copts.Image = args[0]
+			if len(args) > 1 {
+				copts.Args = args[1:]
+			}
+			return runRun(dockerCli, cmd.Flags(), &opts, copts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.SetInterspersed(false)
+
+	// These are flags not stored in Config/HostConfig
+	flags.BoolVar(&opts.autoRemove, "rm", false, "Automatically remove the container when it exits")
+	flags.BoolVarP(&opts.detach, "detach", "d", false, "Run container in background and print container ID")
+	flags.BoolVar(&opts.sigProxy, "sig-proxy", true, "Proxy received signals to the process")
+	flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
+	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
+
+	// Add an explicit help that doesn't have a `-h` to prevent the conflict
+	// with hostname
+	flags.Bool("help", false, "Print usage")
+
+	client.AddTrustedFlags(flags, true)
+	copts = runconfigopts.AddFlags(flags)
+	return cmd
+}
+
+func runRun(dockerCli *client.DockerCli, flags *pflag.FlagSet, opts *runOptions, copts *runconfigopts.ContainerOptions) error {
+	stdout, stderr, stdin := dockerCli.Out(), dockerCli.Err(), dockerCli.In()
+	client := dockerCli.Client()
+	// TODO: pass this as an argument
+	cmdPath := "run"
+
+	var (
+		flAttach                              *opttypes.ListOpts
+		ErrConflictAttachDetach               = fmt.Errorf("Conflicting options: -a and -d")
+		ErrConflictRestartPolicyAndAutoRemove = fmt.Errorf("Conflicting options: --restart and --rm")
+		ErrConflictDetachAutoRemove           = fmt.Errorf("Conflicting options: --rm and -d")
+	)
+
+	config, hostConfig, networkingConfig, err := runconfigopts.Parse(flags, copts)
+
+	// just in case the Parse does not exit
+	if err != nil {
+		reportError(stderr, cmdPath, err.Error(), true)
+		return cli.StatusError{StatusCode: 125}
+	}
+
+	if hostConfig.OomKillDisable != nil && *hostConfig.OomKillDisable && hostConfig.Memory == 0 {
+		fmt.Fprintf(stderr, "WARNING: Disabling the OOM killer on containers without setting a '-m/--memory' limit may be dangerous.\n")
+	}
+
+	if len(hostConfig.DNS) > 0 {
+		// check the DNS settings passed via --dns against
+		// localhost regexp to warn if they are trying to
+		// set a DNS to a localhost address
+		for _, dnsIP := range hostConfig.DNS {
+			if dns.IsLocalhost(dnsIP) {
+				fmt.Fprintf(stderr, "WARNING: Localhost DNS setting (--dns=%s) may fail in containers.\n", dnsIP)
+				break
+			}
+		}
+	}
+
+	config.ArgsEscaped = false
+
+	if !opts.detach {
+		if err := dockerCli.CheckTtyInput(config.AttachStdin, config.Tty); err != nil {
+			return err
+		}
+	} else {
+		if fl := flags.Lookup("attach"); fl != nil {
+			flAttach = fl.Value.(*opttypes.ListOpts)
+			if flAttach.Len() != 0 {
+				return ErrConflictAttachDetach
+			}
+		}
+		if opts.autoRemove {
+			return ErrConflictDetachAutoRemove
+		}
+
+		config.AttachStdin = false
+		config.AttachStdout = false
+		config.AttachStderr = false
+		config.StdinOnce = false
+	}
+
+	// Disable sigProxy when in TTY mode
+	if config.Tty {
+		opts.sigProxy = false
+	}
+
+	// Telling the Windows daemon the initial size of the tty during start makes
+	// a far better user experience rather than relying on subsequent resizes
+	// to cause things to catch up.
+	if runtime.GOOS == "windows" {
+		hostConfig.ConsoleSize[0], hostConfig.ConsoleSize[1] = dockerCli.GetTtySize()
+	}
+
+	ctx, cancelFun := context.WithCancel(context.Background())
+
+	createResponse, err := createContainer(ctx, dockerCli, config, hostConfig, networkingConfig, hostConfig.ContainerIDFile, opts.name)
+	if err != nil {
+		reportError(stderr, cmdPath, err.Error(), true)
+		return runStartContainerErr(err)
+	}
+	if opts.sigProxy {
+		sigc := dockerCli.ForwardAllSignals(ctx, createResponse.ID)
+		defer signal.StopCatch(sigc)
+	}
+	var (
+		waitDisplayID chan struct{}
+		errCh         chan error
+	)
+	if !config.AttachStdout && !config.AttachStderr {
+		// Make this asynchronous to allow the client to write to stdin before having to read the ID
+		waitDisplayID = make(chan struct{})
+		go func() {
+			defer close(waitDisplayID)
+			fmt.Fprintf(stdout, "%s\n", createResponse.ID)
+		}()
+	}
+	if opts.autoRemove && (hostConfig.RestartPolicy.IsAlways() || hostConfig.RestartPolicy.IsOnFailure()) {
+		return ErrConflictRestartPolicyAndAutoRemove
+	}
+	attach := config.AttachStdin || config.AttachStdout || config.AttachStderr
+	if attach {
+		var (
+			out, cerr io.Writer
+			in        io.ReadCloser
+		)
+		if config.AttachStdin {
+			in = stdin
+		}
+		if config.AttachStdout {
+			out = stdout
+		}
+		if config.AttachStderr {
+			if config.Tty {
+				cerr = stdout
+			} else {
+				cerr = stderr
+			}
+		}
+
+		if opts.detachKeys != "" {
+			dockerCli.ConfigFile().DetachKeys = opts.detachKeys
+		}
+
+		options := types.ContainerAttachOptions{
+			Stream:     true,
+			Stdin:      config.AttachStdin,
+			Stdout:     config.AttachStdout,
+			Stderr:     config.AttachStderr,
+			DetachKeys: dockerCli.ConfigFile().DetachKeys,
+		}
+
+		resp, errAttach := client.ContainerAttach(ctx, createResponse.ID, options)
+		if errAttach != nil && errAttach != httputil.ErrPersistEOF {
+			// ContainerAttach returns an ErrPersistEOF (connection closed)
+			// means server met an error and put it in Hijacked connection
+			// keep the error and read detailed error message from hijacked connection later
+			return errAttach
+		}
+		defer resp.Close()
+
+		errCh = promise.Go(func() error {
+			errHijack := dockerCli.HoldHijackedConnection(ctx, config.Tty, in, out, cerr, resp)
+			if errHijack == nil {
+				return errAttach
+			}
+			return errHijack
+		})
+	}
+
+	if opts.autoRemove {
+		defer func() {
+			// Explicitly not sharing the context as it could be "Done" (by calling cancelFun)
+			// and thus the container would not be removed.
+			if err := removeContainer(dockerCli, context.Background(), createResponse.ID, true, false, true); err != nil {
+				fmt.Fprintf(stderr, "%v\n", err)
+			}
+		}()
+	}
+
+	//start the container
+	if err := client.ContainerStart(ctx, createResponse.ID, types.ContainerStartOptions{}); err != nil {
+		// If we have holdHijackedConnection, we should notify
+		// holdHijackedConnection we are going to exit and wait
+		// to avoid the terminal are not restored.
+		if attach {
+			cancelFun()
+			<-errCh
+		}
+
+		reportError(stderr, cmdPath, err.Error(), false)
+		return runStartContainerErr(err)
+	}
+
+	if (config.AttachStdin || config.AttachStdout || config.AttachStderr) && config.Tty && dockerCli.IsTerminalOut() {
+		if err := dockerCli.MonitorTtySize(ctx, createResponse.ID, false); err != nil {
+			fmt.Fprintf(stderr, "Error monitoring TTY size: %s\n", err)
+		}
+	}
+
+	if errCh != nil {
+		if err := <-errCh; err != nil {
+			logrus.Debugf("Error hijack: %s", err)
+			return err
+		}
+	}
+
+	// Detached mode: wait for the id to be displayed and return.
+	if !config.AttachStdout && !config.AttachStderr {
+		// Detached mode
+		<-waitDisplayID
+		return nil
+	}
+
+	var status int
+
+	// Attached mode
+	if opts.autoRemove {
+		// Autoremove: wait for the container to finish, retrieve
+		// the exit code and remove the container
+		if status, err = client.ContainerWait(ctx, createResponse.ID); err != nil {
+			return runStartContainerErr(err)
+		}
+		if _, status, err = getExitCode(dockerCli, ctx, createResponse.ID); err != nil {
+			return err
+		}
+	} else {
+		// No Autoremove: Simply retrieve the exit code
+		if !config.Tty && hostConfig.RestartPolicy.IsNone() {
+			// In non-TTY mode, we can't detach, so we must wait for container exit
+			if status, err = client.ContainerWait(ctx, createResponse.ID); err != nil {
+				return err
+			}
+		} else {
+			// In TTY mode, there is a race: if the process dies too slowly, the state could
+			// be updated after the getExitCode call and result in the wrong exit code being reported
+			if _, status, err = getExitCode(dockerCli, ctx, createResponse.ID); err != nil {
+				return err
+			}
+		}
+	}
+	if status != 0 {
+		return cli.StatusError{StatusCode: status}
+	}
+	return nil
+}
+
+// reportError is a utility method that prints a user-friendly message
+// containing the error that occurred during parsing and a suggestion to get help
+func reportError(stderr io.Writer, name string, str string, withHelp bool) {
+	if withHelp {
+		str += ".\nSee '" + os.Args[0] + " " + name + " --help'"
+	}
+	fmt.Fprintf(stderr, "%s: %s.\n", os.Args[0], str)
+}
+
+// if container start fails with 'not found'/'no such' error, return 127
+// if container start fails with 'permission denied' error, return 126
+// return 125 for generic docker daemon failures
+func runStartContainerErr(err error) error {
+	trimmedErr := strings.TrimPrefix(err.Error(), "Error response from daemon: ")
+	statusError := cli.StatusError{StatusCode: 125}
+	if strings.Contains(trimmedErr, "executable file not found") ||
+		strings.Contains(trimmedErr, "no such file or directory") ||
+		strings.Contains(trimmedErr, "system cannot find the file specified") {
+		statusError = cli.StatusError{StatusCode: 127}
+	} else if strings.Contains(trimmedErr, syscall.EACCES.Error()) {
+		statusError = cli.StatusError{StatusCode: 126}
+	}
+
+	return statusError
+}
--- a/api/client/container/start.go
+++ b/api/client/container/start.go
@@ -0,0 +1,152 @@
+package container
+
+import (
+	"fmt"
+	"io"
+	"net/http/httputil"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/promise"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/engine-api/types"
+	"github.com/spf13/cobra"
+)
+
+type startOptions struct {
+	attach     bool
+	openStdin  bool
+	detachKeys string
+
+	containers []string
+}
+
+// NewStartCommand creats a new cobra.Command for `docker start`
+func NewStartCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts startOptions
+
+	cmd := &cobra.Command{
+		Use:   "start [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Start one or more stopped containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runStart(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.attach, "attach", "a", false, "Attach STDOUT/STDERR and forward signals")
+	flags.BoolVarP(&opts.openStdin, "interactive", "i", false, "Attach container's STDIN")
+	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
+	return cmd
+}
+
+func runStart(dockerCli *client.DockerCli, opts *startOptions) error {
+	ctx, cancelFun := context.WithCancel(context.Background())
+
+	if opts.attach || opts.openStdin {
+		// We're going to attach to a container.
+		// 1. Ensure we only have one container.
+		if len(opts.containers) > 1 {
+			return fmt.Errorf("You cannot start and attach multiple containers at once.")
+		}
+
+		// 2. Attach to the container.
+		container := opts.containers[0]
+		c, err := dockerCli.Client().ContainerInspect(ctx, container)
+		if err != nil {
+			return err
+		}
+
+		// We always use c.ID instead of container to maintain consistency during `docker start`
+		if !c.Config.Tty {
+			sigc := dockerCli.ForwardAllSignals(ctx, c.ID)
+			defer signal.StopCatch(sigc)
+		}
+
+		if opts.detachKeys != "" {
+			dockerCli.ConfigFile().DetachKeys = opts.detachKeys
+		}
+
+		options := types.ContainerAttachOptions{
+			Stream:     true,
+			Stdin:      opts.openStdin && c.Config.OpenStdin,
+			Stdout:     true,
+			Stderr:     true,
+			DetachKeys: dockerCli.ConfigFile().DetachKeys,
+		}
+
+		var in io.ReadCloser
+
+		if options.Stdin {
+			in = dockerCli.In()
+		}
+
+		resp, errAttach := dockerCli.Client().ContainerAttach(ctx, c.ID, options)
+		if errAttach != nil && errAttach != httputil.ErrPersistEOF {
+			// ContainerAttach return an ErrPersistEOF (connection closed)
+			// means server met an error and put it in Hijacked connection
+			// keep the error and read detailed error message from hijacked connection
+			return errAttach
+		}
+		defer resp.Close()
+		cErr := promise.Go(func() error {
+			errHijack := dockerCli.HoldHijackedConnection(ctx, c.Config.Tty, in, dockerCli.Out(), dockerCli.Err(), resp)
+			if errHijack == nil {
+				return errAttach
+			}
+			return errHijack
+		})
+
+		// 3. Start the container.
+		if err := dockerCli.Client().ContainerStart(ctx, c.ID, types.ContainerStartOptions{}); err != nil {
+			cancelFun()
+			<-cErr
+			return err
+		}
+
+		// 4. Wait for attachment to break.
+		if c.Config.Tty && dockerCli.IsTerminalOut() {
+			if err := dockerCli.MonitorTtySize(ctx, c.ID, false); err != nil {
+				fmt.Fprintf(dockerCli.Err(), "Error monitoring TTY size: %s\n", err)
+			}
+		}
+		if attchErr := <-cErr; attchErr != nil {
+			return attchErr
+		}
+		_, status, err := getExitCode(dockerCli, ctx, c.ID)
+		if err != nil {
+			return err
+		}
+		if status != 0 {
+			return cli.StatusError{StatusCode: status}
+		}
+	} else {
+		// We're not going to attach to anything.
+		// Start as many containers as we want.
+		return startContainersWithoutAttachments(dockerCli, ctx, opts.containers)
+	}
+
+	return nil
+}
+
+func startContainersWithoutAttachments(dockerCli *client.DockerCli, ctx context.Context, containers []string) error {
+	var failedContainers []string
+	for _, container := range containers {
+		if err := dockerCli.Client().ContainerStart(ctx, container, types.ContainerStartOptions{}); err != nil {
+			fmt.Fprintf(dockerCli.Err(), "%s\n", err)
+			failedContainers = append(failedContainers, container)
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
+		}
+	}
+
+	if len(failedContainers) > 0 {
+		return fmt.Errorf("Error: failed to start containers: %v", strings.Join(failedContainers, ", "))
+	}
+	return nil
+}
--- a/api/client/container/stats.go
+++ b/api/client/container/stats.go
@@ -1,4 +1,4 @@
-package client
+package container

 import (
 	"fmt"
@@ -10,28 +10,51 @@ import (

 	"golang.org/x/net/context"

-	Cli "github.com/docker/docker/cli"
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/api/client/system"
+	"github.com/docker/docker/cli"
 	"github.com/docker/engine-api/types"
 	"github.com/docker/engine-api/types/events"
 	"github.com/docker/engine-api/types/filters"
+	"github.com/spf13/cobra"
 )

-// CmdStats displays a live stream of resource usage statistics for one or more containers.
-//
+type statsOptions struct {
+	all      bool
+	noStream bool
+
+	containers []string
+}
+
+// NewStatsCommand creats a new cobra.Command for `docker stats`
+func NewStatsCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts statsOptions
+
+	cmd := &cobra.Command{
+		Use:   "stats [OPTIONS] [CONTAINER...]",
+		Short: "Display a live stream of container(s) resource usage statistics",
+		Args:  cli.RequiresMinArgs(0),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runStats(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.all, "all", "a", false, "Show all containers (default shows just running)")
+	flags.BoolVar(&opts.noStream, "no-stream", false, "Disable streaming stats and only pull the first result")
+	return cmd
+}
+
+// runStats displays a live stream of resource usage statistics for one or more containers.
 // This shows real-time information on CPU usage, memory usage, and network I/O.
-//
-// Usage: docker stats [OPTIONS] [CONTAINER...]
-func (cli *DockerCli) CmdStats(args ...string) error {
-	cmd := Cli.Subcmd("stats", []string{"[CONTAINER...]"}, Cli.DockerCommands["stats"].Description, true)
-	all := cmd.Bool([]string{"a", "-all"}, false, "Show all containers (default shows just running)")
-	noStream := cmd.Bool([]string{"-no-stream"}, false, "Disable streaming stats and only pull the first result")
-
-	cmd.ParseFlags(args, true)
-
-	names := cmd.Args()
-	showAll := len(names) == 0
+func runStats(dockerCli *client.DockerCli, opts *statsOptions) error {
+	showAll := len(opts.containers) == 0
 	closeChan := make(chan error)

+	ctx := context.Background()
+
 	// monitorContainerEvents watches for container creation and removal (only
 	// used when calling `docker stats` without arguments).
 	monitorContainerEvents := func(started chan<- struct{}, c chan events.Message) {
@@ -40,7 +63,7 @@ func (cli *DockerCli) CmdStats(args ...string) error {
 		options := types.EventsOptions{
 			Filters: f,
 		}
-		resBody, err := cli.client.Events(context.Background(), options)
+		resBody, err := dockerCli.Client().Events(ctx, options)
 		// Whether we successfully subscribed to events or not, we can now
 		// unblock the main goroutine.
 		close(started)
@@ -50,7 +73,7 @@ func (cli *DockerCli) CmdStats(args ...string) error {
 		}
 		defer resBody.Close()

-		decodeEvents(resBody, func(event events.Message, err error) error {
+		system.DecodeEvents(resBody, func(event events.Message, err error) error {
 			if err != nil {
 				closeChan <- err
 				return nil
@@ -68,9 +91,9 @@ func (cli *DockerCli) CmdStats(args ...string) error {
 	// containers (only used when calling `docker stats` without arguments).
 	getContainerList := func() {
 		options := types.ContainerListOptions{
-			All: *all,
+			All: opts.all,
 		}
-		cs, err := cli.client.ContainerList(context.Background(), options)
+		cs, err := dockerCli.Client().ContainerList(ctx, options)
 		if err != nil {
 			closeChan <- err
 		}
@@ -78,7 +101,7 @@ func (cli *DockerCli) CmdStats(args ...string) error {
 			s := &containerStats{Name: container.ID[:12]}
 			if cStats.add(s) {
 				waitFirst.Add(1)
-				go s.Collect(cli.client, !*noStream, waitFirst)
+				go s.Collect(ctx, dockerCli.Client(), !opts.noStream, waitFirst)
 			}
 		}
 	}
@@ -89,13 +112,13 @@ func (cli *DockerCli) CmdStats(args ...string) error {
 		// retrieving the list of running containers to avoid a race where we
 		// would "miss" a creation.
 		started := make(chan struct{})
-		eh := eventHandler{handlers: make(map[string]func(events.Message))}
+		eh := system.InitEventHandler()
 		eh.Handle("create", func(e events.Message) {
-			if *all {
+			if opts.all {
 				s := &containerStats{Name: e.ID[:12]}
 				if cStats.add(s) {
 					waitFirst.Add(1)
-					go s.Collect(cli.client, !*noStream, waitFirst)
+					go s.Collect(ctx, dockerCli.Client(), !opts.noStream, waitFirst)
 				}
 			}
 		})
@@ -104,12 +127,12 @@ func (cli *DockerCli) CmdStats(args ...string) error {
 			s := &containerStats{Name: e.ID[:12]}
 			if cStats.add(s) {
 				waitFirst.Add(1)
-				go s.Collect(cli.client, !*noStream, waitFirst)
+				go s.Collect(ctx, dockerCli.Client(), !opts.noStream, waitFirst)
 			}
 		})

 		eh.Handle("die", func(e events.Message) {
-			if !*all {
+			if !opts.all {
 				cStats.remove(e.ID[:12])
 			}
 		})
@@ -126,11 +149,11 @@ func (cli *DockerCli) CmdStats(args ...string) error {
 	} else {
 		// Artificially send creation events for the containers we were asked to
 		// monitor (same code path than we use when monitoring all containers).
-		for _, name := range names {
+		for _, name := range opts.containers {
 			s := &containerStats{Name: name}
 			if cStats.add(s) {
 				waitFirst.Add(1)
-				go s.Collect(cli.client, !*noStream, waitFirst)
+				go s.Collect(ctx, dockerCli.Client(), !opts.noStream, waitFirst)
 			}
 		}

@@ -158,34 +181,36 @@ func (cli *DockerCli) CmdStats(args ...string) error {
 	// before print to screen, make sure each container get at least one valid stat data
 	waitFirst.Wait()

-	w := tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
+	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
 	printHeader := func() {
-		if !*noStream {
-			fmt.Fprint(cli.out, "\033[2J")
-			fmt.Fprint(cli.out, "\033[H")
+		if !opts.noStream {
+			fmt.Fprint(dockerCli.Out(), "\033[2J")
+			fmt.Fprint(dockerCli.Out(), "\033[H")
 		}
 		io.WriteString(w, "CONTAINER\tCPU %\tMEM USAGE / LIMIT\tMEM %\tNET I/O\tBLOCK I/O\tPIDS\n")
 	}

 	for range time.Tick(500 * time.Millisecond) {
 		printHeader()
-		toRemove := []int{}
+		toRemove := []string{}
 		cStats.mu.Lock()
-		for i, s := range cStats.cs {
-			if err := s.Display(w); err != nil && !*noStream {
-				toRemove = append(toRemove, i)
+		for _, s := range cStats.cs {
+			if err := s.Display(w); err != nil && !opts.noStream {
+				logrus.Debugf("stats: got error for %s: %v", s.Name, err)
+				if err == io.EOF {
+					toRemove = append(toRemove, s.Name)
+				}
 			}
 		}
-		for j := len(toRemove) - 1; j >= 0; j-- {
-			i := toRemove[j]
-			cStats.cs = append(cStats.cs[:i], cStats.cs[i+1:]...)
+		cStats.mu.Unlock()
+		for _, name := range toRemove {
+			cStats.remove(name)
 		}
 		if len(cStats.cs) == 0 && !showAll {
 			return nil
 		}
-		cStats.mu.Unlock()
 		w.Flush()
-		if *noStream {
+		if opts.noStream {
 			break
 		}
 		select {
--- a/api/client/container/stats_helpers.go
+++ b/api/client/container/stats_helpers.go
@@ -1,13 +1,15 @@
-package client
+package container

 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"strings"
 	"sync"
 	"time"

+	"github.com/Sirupsen/logrus"
 	"github.com/docker/engine-api/client"
 	"github.com/docker/engine-api/types"
 	"github.com/docker/go-units"
@@ -25,7 +27,7 @@ type containerStats struct {
 	BlockRead        float64
 	BlockWrite       float64
 	PidsCurrent      uint64
-	mu               sync.RWMutex
+	mu               sync.Mutex
 	err              error
 }

@@ -61,7 +63,8 @@ func (s *stats) isKnownContainer(cid string) (int, bool) {
 	return -1, false
 }

-func (s *containerStats) Collect(cli client.APIClient, streamStats bool, waitFirst *sync.WaitGroup) {
+func (s *containerStats) Collect(ctx context.Context, cli client.APIClient, streamStats bool, waitFirst *sync.WaitGroup) {
+	logrus.Debugf("collecting stats for %s", s.Name)
 	var (
 		getFirst       bool
 		previousCPU    uint64
@@ -77,7 +80,7 @@ func (s *containerStats) Collect(cli client.APIClient, streamStats bool, waitFir
 		}
 	}()

-	responseBody, err := cli.ContainerStats(context.Background(), s.Name, streamStats)
+	responseBody, err := cli.ContainerStats(ctx, s.Name, streamStats)
 	if err != nil {
 		s.mu.Lock()
 		s.err = err
@@ -90,9 +93,15 @@ func (s *containerStats) Collect(cli client.APIClient, streamStats bool, waitFir
 	go func() {
 		for {
 			var v *types.StatsJSON
+
 			if err := dec.Decode(&v); err != nil {
+				dec = json.NewDecoder(io.MultiReader(dec.Buffered(), responseBody))
 				u <- err
-				return
+				if err == io.EOF {
+					break
+				}
+				time.Sleep(100 * time.Millisecond)
+				continue
 			}

 			var memPercent = 0.0
@@ -139,6 +148,7 @@ func (s *containerStats) Collect(cli client.APIClient, streamStats bool, waitFir
 			s.BlockRead = 0
 			s.BlockWrite = 0
 			s.PidsCurrent = 0
+			s.err = errors.New("timeout waiting for stats")
 			s.mu.Unlock()
 			// if this is the first stat you get, release WaitGroup
 			if !getFirst {
@@ -150,8 +160,9 @@ func (s *containerStats) Collect(cli client.APIClient, streamStats bool, waitFir
 				s.mu.Lock()
 				s.err = err
 				s.mu.Unlock()
-				return
+				continue
 			}
+			s.err = nil
 			// if this is the first stat you get, release WaitGroup
 			if !getFirst {
 				getFirst = true
@@ -165,15 +176,23 @@ func (s *containerStats) Collect(cli client.APIClient, streamStats bool, waitFir
 }

 func (s *containerStats) Display(w io.Writer) error {
-	s.mu.RLock()
-	defer s.mu.RUnlock()
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	// NOTE: if you change this format, you must also change the err format below!
+	format := "%s\t%.2f%%\t%s / %s\t%.2f%%\t%s / %s\t%s / %s\t%d\n"
 	if s.err != nil {
-		return s.err
+		format = "%s\t%s\t%s / %s\t%s\t%s / %s\t%s / %s\t%s\n"
+		errStr := "--"
+		fmt.Fprintf(w, format,
+			s.Name, errStr, errStr, errStr, errStr, errStr, errStr, errStr, errStr, errStr,
+		)
+		err := s.err
+		return err
 	}
-	fmt.Fprintf(w, "%s\t%.2f%%\t%s / %s\t%.2f%%\t%s / %s\t%s / %s\t%d\n",
+	fmt.Fprintf(w, format,
 		s.Name,
 		s.CPUPercentage,
-		units.HumanSize(s.Memory), units.HumanSize(s.MemoryLimit),
+		units.BytesSize(s.Memory), units.BytesSize(s.MemoryLimit),
 		s.MemoryPercentage,
 		units.HumanSize(s.NetworkRx), units.HumanSize(s.NetworkTx),
 		units.HumanSize(s.BlockRead), units.HumanSize(s.BlockWrite),
--- a/api/client/container/stats_unit_test.go
+++ b/api/client/container/stats_unit_test.go
@@ -1,8 +1,7 @@
-package client
+package container

 import (
 	"bytes"
-	"sync"
 	"testing"

 	"github.com/docker/engine-api/types"
@@ -20,14 +19,13 @@ func TestDisplay(t *testing.T) {
 		BlockRead:        100 * 1024 * 1024,
 		BlockWrite:       800 * 1024 * 1024,
 		PidsCurrent:      1,
-		mu:               sync.RWMutex{},
 	}
 	var b bytes.Buffer
 	if err := c.Display(&b); err != nil {
 		t.Fatalf("c.Display() gave error: %s", err)
 	}
 	got := b.String()
-	want := "app\t30.00%\t104.9 MB / 2.147 GB\t4.88%\t104.9 MB / 838.9 MB\t104.9 MB / 838.9 MB\t1\n"
+	want := "app\t30.00%\t100 MiB / 2 GiB\t4.88%\t104.9 MB / 838.9 MB\t104.9 MB / 838.9 MB\t1\n"
 	if got != want {
 		t.Fatalf("c.Display() = %q, want %q", got, want)
 	}
--- a/api/client/container/stop.go
+++ b/api/client/container/stop.go
@@ -0,0 +1,56 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type stopOptions struct {
+	time int
+
+	containers []string
+}
+
+// NewStopCommand creats a new cobra.Command for `docker stop`
+func NewStopCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts stopOptions
+
+	cmd := &cobra.Command{
+		Use:   "stop [OPTIONS] CONTAINER [CONTAINER...]",
+		Short: "Stop one or more running containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runStop(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.IntVarP(&opts.time, "time", "t", 10, "Seconds to wait for stop before killing it")
+	return cmd
+}
+
+func runStop(dockerCli *client.DockerCli, opts *stopOptions) error {
+	ctx := context.Background()
+
+	var errs []string
+	for _, container := range opts.containers {
+		timeout := time.Duration(opts.time) * time.Second
+		if err := dockerCli.Client().ContainerStop(ctx, container, &timeout); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/container/top.go
+++ b/api/client/container/top.go
@@ -0,0 +1,58 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type topOptions struct {
+	container string
+
+	args []string
+}
+
+// NewTopCommand creates a new cobra.Command for `docker top`
+func NewTopCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts topOptions
+
+	cmd := &cobra.Command{
+		Use:   "top CONTAINER [ps OPTIONS]",
+		Short: "Display the running processes of a container",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.container = args[0]
+			opts.args = args[1:]
+			return runTop(dockerCli, &opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.SetInterspersed(false)
+
+	return cmd
+}
+
+func runTop(dockerCli *client.DockerCli, opts *topOptions) error {
+	ctx := context.Background()
+
+	procList, err := dockerCli.Client().ContainerTop(ctx, opts.container, opts.args)
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
+	fmt.Fprintln(w, strings.Join(procList.Titles, "\t"))
+
+	for _, proc := range procList.Processes {
+		fmt.Fprintln(w, strings.Join(proc, "\t"))
+	}
+	w.Flush()
+	return nil
+}
--- a/api/client/container/unpause.go
+++ b/api/client/container/unpause.go
@@ -0,0 +1,50 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type unpauseOptions struct {
+	containers []string
+}
+
+// NewUnpauseCommand creats a new cobra.Command for `docker unpause`
+func NewUnpauseCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts unpauseOptions
+
+	cmd := &cobra.Command{
+		Use:   "unpause CONTAINER [CONTAINER...]",
+		Short: "Unpause all processes within one or more containers",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runUnpause(dockerCli, &opts)
+		},
+	}
+
+	return cmd
+}
+
+func runUnpause(dockerCli *client.DockerCli, opts *unpauseOptions) error {
+	ctx := context.Background()
+
+	var errs []string
+	for _, container := range opts.containers {
+		if err := dockerCli.Client().ContainerUnpause(ctx, container); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%s\n", container)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/container/utils.go
+++ b/api/client/container/utils.go
@@ -0,0 +1,22 @@
+package container
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	clientapi "github.com/docker/engine-api/client"
+)
+
+// getExitCode performs an inspect on the container. It returns
+// the running state and the exit code.
+func getExitCode(dockerCli *client.DockerCli, ctx context.Context, containerID string) (bool, int, error) {
+	c, err := dockerCli.Client().ContainerInspect(ctx, containerID)
+	if err != nil {
+		// If we can't connect, then the daemon probably died.
+		if err != clientapi.ErrConnectionFailed {
+			return false, -1, err
+		}
+		return false, -1, nil
+	}
+	return c.State.Running, c.State.ExitCode, nil
+}
--- a/api/client/container/wait.go
+++ b/api/client/container/wait.go
@@ -0,0 +1,51 @@
+package container
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type waitOptions struct {
+	containers []string
+}
+
+// NewWaitCommand creates a new cobra.Command for `docker wait`
+func NewWaitCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts waitOptions
+
+	cmd := &cobra.Command{
+		Use:   "wait CONTAINER [CONTAINER...]",
+		Short: "Block until a container stops, then print its exit code",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.containers = args
+			return runWait(dockerCli, &opts)
+		},
+	}
+
+	return cmd
+}
+
+func runWait(dockerCli *client.DockerCli, opts *waitOptions) error {
+	ctx := context.Background()
+
+	var errs []string
+	for _, container := range opts.containers {
+		status, err := dockerCli.Client().ContainerWait(ctx, container)
+		if err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(dockerCli.Out(), "%d\n", status)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/create.go
+++ b/api/client/create.go
@@ -1,180 +0,0 @@
-package client
-
-import (
-	"fmt"
-	"io"
-	"os"
-
-	"golang.org/x/net/context"
-
-	Cli "github.com/docker/docker/cli"
-	"github.com/docker/docker/pkg/jsonmessage"
-	"github.com/docker/docker/reference"
-	"github.com/docker/docker/registry"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/docker/engine-api/client"
-	"github.com/docker/engine-api/types"
-	"github.com/docker/engine-api/types/container"
-	networktypes "github.com/docker/engine-api/types/network"
-)
-
-func (cli *DockerCli) pullImage(image string) error {
-	return cli.pullImageCustomOut(image, cli.out)
-}
-
-func (cli *DockerCli) pullImageCustomOut(image string, out io.Writer) error {
-	ref, err := reference.ParseNamed(image)
-	if err != nil {
-		return err
-	}
-
-	var tag string
-	switch x := reference.WithDefaultTag(ref).(type) {
-	case reference.Canonical:
-		tag = x.Digest().String()
-	case reference.NamedTagged:
-		tag = x.Tag()
-	}
-
-	// Resolve the Repository name from fqn to RepositoryInfo
-	repoInfo, err := registry.ParseRepositoryInfo(ref)
-	if err != nil {
-		return err
-	}
-
-	authConfig := cli.resolveAuthConfig(repoInfo.Index)
-	encodedAuth, err := encodeAuthToBase64(authConfig)
-	if err != nil {
-		return err
-	}
-
-	options := types.ImageCreateOptions{
-		Parent:       ref.Name(),
-		Tag:          tag,
-		RegistryAuth: encodedAuth,
-	}
-
-	responseBody, err := cli.client.ImageCreate(context.Background(), options)
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	return jsonmessage.DisplayJSONMessagesStream(responseBody, out, cli.outFd, cli.isTerminalOut, nil)
-}
-
-type cidFile struct {
-	path    string
-	file    *os.File
-	written bool
-}
-
-func newCIDFile(path string) (*cidFile, error) {
-	if _, err := os.Stat(path); err == nil {
-		return nil, fmt.Errorf("Container ID file found, make sure the other container isn't running or delete %s", path)
-	}
-
-	f, err := os.Create(path)
-	if err != nil {
-		return nil, fmt.Errorf("Failed to create the container ID file: %s", err)
-	}
-
-	return &cidFile{path: path, file: f}, nil
-}
-
-func (cli *DockerCli) createContainer(config *container.Config, hostConfig *container.HostConfig, networkingConfig *networktypes.NetworkingConfig, cidfile, name string) (*types.ContainerCreateResponse, error) {
-	var containerIDFile *cidFile
-	if cidfile != "" {
-		var err error
-		if containerIDFile, err = newCIDFile(cidfile); err != nil {
-			return nil, err
-		}
-		defer containerIDFile.Close()
-	}
-
-	var trustedRef reference.Canonical
-	_, ref, err := reference.ParseIDOrReference(config.Image)
-	if err != nil {
-		return nil, err
-	}
-	if ref != nil {
-		ref = reference.WithDefaultTag(ref)
-
-		if ref, ok := ref.(reference.NamedTagged); ok && isTrusted() {
-			var err error
-			trustedRef, err = cli.trustedReference(ref)
-			if err != nil {
-				return nil, err
-			}
-			config.Image = trustedRef.String()
-		}
-	}
-
-	//create the container
-	response, err := cli.client.ContainerCreate(context.Background(), config, hostConfig, networkingConfig, name)
-
-	//if image not found try to pull it
-	if err != nil {
-		if client.IsErrImageNotFound(err) && ref != nil {
-			fmt.Fprintf(cli.err, "Unable to find image '%s' locally\n", ref.String())
-
-			// we don't want to write to stdout anything apart from container.ID
-			if err = cli.pullImageCustomOut(config.Image, cli.err); err != nil {
-				return nil, err
-			}
-			if ref, ok := ref.(reference.NamedTagged); ok && trustedRef != nil {
-				if err := cli.tagTrusted(trustedRef, ref); err != nil {
-					return nil, err
-				}
-			}
-			// Retry
-			var retryErr error
-			response, retryErr = cli.client.ContainerCreate(context.Background(), config, hostConfig, networkingConfig, name)
-			if retryErr != nil {
-				return nil, retryErr
-			}
-		} else {
-			return nil, err
-		}
-	}
-
-	for _, warning := range response.Warnings {
-		fmt.Fprintf(cli.err, "WARNING: %s\n", warning)
-	}
-	if containerIDFile != nil {
-		if err = containerIDFile.Write(response.ID); err != nil {
-			return nil, err
-		}
-	}
-	return &response, nil
-}
-
-// CmdCreate creates a new container from a given image.
-//
-// Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
-func (cli *DockerCli) CmdCreate(args ...string) error {
-	cmd := Cli.Subcmd("create", []string{"IMAGE [COMMAND] [ARG...]"}, Cli.DockerCommands["create"].Description, true)
-	addTrustedFlags(cmd, true)
-
-	// These are flags not stored in Config/HostConfig
-	var (
-		flName = cmd.String([]string{"-name"}, "", "Assign a name to the container")
-	)
-
-	config, hostConfig, networkingConfig, cmd, err := runconfigopts.Parse(cmd, args)
-
-	if err != nil {
-		cmd.ReportError(err.Error(), true)
-		os.Exit(1)
-	}
-	if config.Image == "" {
-		cmd.Usage()
-		return nil
-	}
-	response, err := cli.createContainer(config, hostConfig, networkingConfig, hostConfig.ContainerIDFile, *flName)
-	if err != nil {
-		return err
-	}
-	fmt.Fprintf(cli.out, "%s\n", response.ID)
-	return nil
-}
--- a/api/client/credentials.go
+++ b/api/client/credentials.go
@@ -0,0 +1,44 @@
+package client
+
+import (
+	"github.com/docker/docker/cliconfig/configfile"
+	"github.com/docker/docker/cliconfig/credentials"
+	"github.com/docker/engine-api/types"
+)
+
+// GetCredentials loads the user credentials from a credentials store.
+// The store is determined by the config file settings.
+func GetCredentials(c *configfile.ConfigFile, serverAddress string) (types.AuthConfig, error) {
+	s := LoadCredentialsStore(c)
+	return s.Get(serverAddress)
+}
+
+// GetAllCredentials loads all credentials from a credentials store.
+// The store is determined by the config file settings.
+func GetAllCredentials(c *configfile.ConfigFile) (map[string]types.AuthConfig, error) {
+	s := LoadCredentialsStore(c)
+	return s.GetAll()
+}
+
+// StoreCredentials saves the user credentials in a credentials store.
+// The store is determined by the config file settings.
+func StoreCredentials(c *configfile.ConfigFile, auth types.AuthConfig) error {
+	s := LoadCredentialsStore(c)
+	return s.Store(auth)
+}
+
+// EraseCredentials removes the user credentials from a credentials store.
+// The store is determined by the config file settings.
+func EraseCredentials(c *configfile.ConfigFile, serverAddress string) error {
+	s := LoadCredentialsStore(c)
+	return s.Erase(serverAddress)
+}
+
+// LoadCredentialsStore initializes a new credentials store based
+// in the settings provided in the configuration file.
+func LoadCredentialsStore(c *configfile.ConfigFile) credentials.Store {
+	if c.CredentialsStore != "" {
+		return credentials.NewNativeStore(c)
+	}
+	return credentials.NewFileStore(c)
+}
--- a/api/client/diff.go
+++ b/api/client/diff.go
@@ -1,49 +0,0 @@
-package client
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-
-	Cli "github.com/docker/docker/cli"
-	"github.com/docker/docker/pkg/archive"
-	flag "github.com/docker/docker/pkg/mflag"
-)
-
-// CmdDiff shows changes on a container's filesystem.
-//
-// Each changed file is printed on a separate line, prefixed with a single
-// character that indicates the status of the file: C (modified), A (added),
-// or D (deleted).
-//
-// Usage: docker diff CONTAINER
-func (cli *DockerCli) CmdDiff(args ...string) error {
-	cmd := Cli.Subcmd("diff", []string{"CONTAINER"}, Cli.DockerCommands["diff"].Description, true)
-	cmd.Require(flag.Exact, 1)
-
-	cmd.ParseFlags(args, true)
-
-	if cmd.Arg(0) == "" {
-		return fmt.Errorf("Container name cannot be empty")
-	}
-
-	changes, err := cli.client.ContainerDiff(context.Background(), cmd.Arg(0))
-	if err != nil {
-		return err
-	}
-
-	for _, change := range changes {
-		var kind string
-		switch change.Kind {
-		case archive.ChangeModify:
-			kind = "C"
-		case archive.ChangeAdd:
-			kind = "A"
-		case archive.ChangeDelete:
-			kind = "D"
-		}
-		fmt.Fprintf(cli.out, "%s %s\n", kind, change.Path)
-	}
-
-	return nil
-}
--- a/api/client/events.go
+++ b/api/client/events.go
@@ -1,146 +0,0 @@
-package client
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"sort"
-	"strings"
-	"sync"
-	"time"
-
-	"golang.org/x/net/context"
-
-	"github.com/Sirupsen/logrus"
-	Cli "github.com/docker/docker/cli"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/jsonlog"
-	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/engine-api/types"
-	eventtypes "github.com/docker/engine-api/types/events"
-	"github.com/docker/engine-api/types/filters"
-)
-
-// CmdEvents prints a live stream of real time events from the server.
-//
-// Usage: docker events [OPTIONS]
-func (cli *DockerCli) CmdEvents(args ...string) error {
-	cmd := Cli.Subcmd("events", nil, Cli.DockerCommands["events"].Description, true)
-	since := cmd.String([]string{"-since"}, "", "Show all events created since timestamp")
-	until := cmd.String([]string{"-until"}, "", "Stream events until this timestamp")
-	flFilter := opts.NewListOpts(nil)
-	cmd.Var(&flFilter, []string{"f", "-filter"}, "Filter output based on conditions provided")
-	cmd.Require(flag.Exact, 0)
-
-	cmd.ParseFlags(args, true)
-
-	eventFilterArgs := filters.NewArgs()
-
-	// Consolidate all filter flags, and sanity check them early.
-	// They'll get process in the daemon/server.
-	for _, f := range flFilter.GetAll() {
-		var err error
-		eventFilterArgs, err = filters.ParseFlag(f, eventFilterArgs)
-		if err != nil {
-			return err
-		}
-	}
-
-	options := types.EventsOptions{
-		Since:   *since,
-		Until:   *until,
-		Filters: eventFilterArgs,
-	}
-
-	responseBody, err := cli.client.Events(context.Background(), options)
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	return streamEvents(responseBody, cli.out)
-}
-
-// streamEvents decodes prints the incoming events in the provided output.
-func streamEvents(input io.Reader, output io.Writer) error {
-	return decodeEvents(input, func(event eventtypes.Message, err error) error {
-		if err != nil {
-			return err
-		}
-		printOutput(event, output)
-		return nil
-	})
-}
-
-type eventProcessor func(event eventtypes.Message, err error) error
-
-func decodeEvents(input io.Reader, ep eventProcessor) error {
-	dec := json.NewDecoder(input)
-	for {
-		var event eventtypes.Message
-		err := dec.Decode(&event)
-		if err != nil && err == io.EOF {
-			break
-		}
-
-		if procErr := ep(event, err); procErr != nil {
-			return procErr
-		}
-	}
-	return nil
-}
-
-// printOutput prints all types of event information.
-// Each output includes the event type, actor id, name and action.
-// Actor attributes are printed at the end if the actor has any.
-func printOutput(event eventtypes.Message, output io.Writer) {
-	if event.TimeNano != 0 {
-		fmt.Fprintf(output, "%s ", time.Unix(0, event.TimeNano).Format(jsonlog.RFC3339NanoFixed))
-	} else if event.Time != 0 {
-		fmt.Fprintf(output, "%s ", time.Unix(event.Time, 0).Format(jsonlog.RFC3339NanoFixed))
-	}
-
-	fmt.Fprintf(output, "%s %s %s", event.Type, event.Action, event.Actor.ID)
-
-	if len(event.Actor.Attributes) > 0 {
-		var attrs []string
-		var keys []string
-		for k := range event.Actor.Attributes {
-			keys = append(keys, k)
-		}
-		sort.Strings(keys)
-		for _, k := range keys {
-			v := event.Actor.Attributes[k]
-			attrs = append(attrs, fmt.Sprintf("%s=%s", k, v))
-		}
-		fmt.Fprintf(output, " (%s)", strings.Join(attrs, ", "))
-	}
-	fmt.Fprint(output, "\n")
-}
-
-type eventHandler struct {
-	handlers map[string]func(eventtypes.Message)
-	mu       sync.Mutex
-}
-
-func (w *eventHandler) Handle(action string, h func(eventtypes.Message)) {
-	w.mu.Lock()
-	w.handlers[action] = h
-	w.mu.Unlock()
-}
-
-// Watch ranges over the passed in event chan and processes the events based on the
-// handlers created for a given action.
-// To stop watching, close the event chan.
-func (w *eventHandler) Watch(c <-chan eventtypes.Message) {
-	for e := range c {
-		w.mu.Lock()
-		h, exists := w.handlers[e.Action]
-		w.mu.Unlock()
-		if !exists {
-			continue
-		}
-		logrus.Debugf("event handler: received event: %v", e)
-		go h(e)
-	}
-}
--- a/api/client/exec.go
+++ b/api/client/exec.go
@@ -17,12 +17,13 @@ import (
 //
 // Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
 func (cli *DockerCli) CmdExec(args ...string) error {
-	cmd := Cli.Subcmd("exec", []string{"CONTAINER COMMAND [ARG...]"}, Cli.DockerCommands["exec"].Description, true)
+	cmd := Cli.Subcmd("exec", []string{"[OPTIONS] CONTAINER COMMAND [ARG...]"}, Cli.DockerCommands["exec"].Description, true)
 	detachKeys := cmd.String([]string{"-detach-keys"}, "", "Override the key sequence for detaching a container")

 	execConfig, err := ParseExec(cmd, args)
+	container := cmd.Arg(0)
 	// just in case the ParseExec does not exit
-	if execConfig.Container == "" || err != nil {
+	if container == "" || err != nil {
 		return Cli.StatusError{StatusCode: 1}
 	}

@@ -33,7 +34,9 @@ func (cli *DockerCli) CmdExec(args ...string) error {
 	// Send client escape keys
 	execConfig.DetachKeys = cli.configFile.DetachKeys

-	response, err := cli.client.ContainerExecCreate(context.Background(), *execConfig)
+	ctx := context.Background()
+
+	response, err := cli.client.ContainerExecCreate(ctx, container, *execConfig)
 	if err != nil {
 		return err
 	}
@@ -55,7 +58,7 @@ func (cli *DockerCli) CmdExec(args ...string) error {
 			Tty:    execConfig.Tty,
 		}

-		if err := cli.client.ContainerExecStart(context.Background(), execID, execStartCheck); err != nil {
+		if err := cli.client.ContainerExecStart(ctx, execID, execStartCheck); err != nil {
 			return err
 		}
 		// For now don't print this - wait for when we support exec wait()
@@ -84,23 +87,17 @@ func (cli *DockerCli) CmdExec(args ...string) error {
 		}
 	}

-	resp, err := cli.client.ContainerExecAttach(context.Background(), execID, *execConfig)
+	resp, err := cli.client.ContainerExecAttach(ctx, execID, *execConfig)
 	if err != nil {
 		return err
 	}
 	defer resp.Close()
-	if in != nil && execConfig.Tty {
-		if err := cli.setRawTerminal(); err != nil {
-			return err
-		}
-		defer cli.restoreTerminal(in)
-	}
 	errCh = promise.Go(func() error {
-		return cli.holdHijackedConnection(execConfig.Tty, in, out, stderr, resp)
+		return cli.HoldHijackedConnection(ctx, execConfig.Tty, in, out, stderr, resp)
 	})

 	if execConfig.Tty && cli.isTerminalIn {
-		if err := cli.monitorTtySize(execID, true); err != nil {
+		if err := cli.MonitorTtySize(ctx, execID, true); err != nil {
 			fmt.Fprintf(cli.err, "Error monitoring TTY size: %s\n", err)
 		}
 	}
@@ -111,7 +108,7 @@ func (cli *DockerCli) CmdExec(args ...string) error {
 	}

 	var status int
-	if _, status, err = getExecExitCode(cli, execID); err != nil {
+	if _, status, err = cli.getExecExitCode(ctx, execID); err != nil {
 		return err
 	}

@@ -134,13 +131,11 @@ func ParseExec(cmd *flag.FlagSet, args []string) (*types.ExecConfig, error) {
 		flUser       = cmd.String([]string{"u", "-user"}, "", "Username or UID (format: <name|uid>[:<group|gid>])")
 		flPrivileged = cmd.Bool([]string{"-privileged"}, false, "Give extended privileges to the command")
 		execCmd      []string
-		container    string
 	)
 	cmd.Require(flag.Min, 2)
 	if err := cmd.ParseFlags(args, true); err != nil {
 		return nil, err
 	}
-	container = cmd.Arg(0)
 	parsedArgs := cmd.Args()
 	execCmd = parsedArgs[1:]

@@ -149,7 +144,6 @@ func ParseExec(cmd *flag.FlagSet, args []string) (*types.ExecConfig, error) {
 		Privileged: *flPrivileged,
 		Tty:        *flTty,
 		Cmd:        execCmd,
-		Container:  container,
 		Detach:     *flDetach,
 	}

--- a/api/client/exec_test.go
+++ b/api/client/exec_test.go
@@ -23,7 +23,6 @@ func TestParseExec(t *testing.T) {
 		&arguments{
 			[]string{"container", "command"},
 		}: {
-			Container:    "container",
 			Cmd:          []string{"command"},
 			AttachStdout: true,
 			AttachStderr: true,
@@ -31,7 +30,6 @@ func TestParseExec(t *testing.T) {
 		&arguments{
 			[]string{"container", "command1", "command2"},
 		}: {
-			Container:    "container",
 			Cmd:          []string{"command1", "command2"},
 			AttachStdout: true,
 			AttachStderr: true,
@@ -44,7 +42,6 @@ func TestParseExec(t *testing.T) {
 			AttachStdout: true,
 			AttachStderr: true,
 			Tty:          true,
-			Container:    "container",
 			Cmd:          []string{"command"},
 		},
 		&arguments{
@@ -54,7 +51,6 @@ func TestParseExec(t *testing.T) {
 			AttachStdout: false,
 			AttachStderr: false,
 			Detach:       true,
-			Container:    "container",
 			Cmd:          []string{"command"},
 		},
 		&arguments{
@@ -65,7 +61,6 @@ func TestParseExec(t *testing.T) {
 			AttachStderr: false,
 			Detach:       true,
 			Tty:          true,
-			Container:    "container",
 			Cmd:          []string{"command"},
 		},
 	}
@@ -103,9 +98,6 @@ func compareExecConfig(config1 *types.ExecConfig, config2 *types.ExecConfig) boo
 	if config1.AttachStdout != config2.AttachStdout {
 		return false
 	}
-	if config1.Container != config2.Container {
-		return false
-	}
 	if config1.Detach != config2.Detach {
 		return false
 	}
--- a/api/client/export.go
+++ b/api/client/export.go
@@ -1,42 +0,0 @@
-package client
-
-import (
-	"errors"
-	"io"
-
-	"golang.org/x/net/context"
-
-	Cli "github.com/docker/docker/cli"
-	flag "github.com/docker/docker/pkg/mflag"
-)
-
-// CmdExport exports a filesystem as a tar archive.
-//
-// The tar archive is streamed to STDOUT by default or written to a file.
-//
-// Usage: docker export [OPTIONS] CONTAINER
-func (cli *DockerCli) CmdExport(args ...string) error {
-	cmd := Cli.Subcmd("export", []string{"CONTAINER"}, Cli.DockerCommands["export"].Description, true)
-	outfile := cmd.String([]string{"o", "-output"}, "", "Write to a file, instead of STDOUT")
-	cmd.Require(flag.Exact, 1)
-
-	cmd.ParseFlags(args, true)
-
-	if *outfile == "" && cli.isTerminalOut {
-		return errors.New("Cowardly refusing to save to a terminal. Use the -o flag or redirect.")
-	}
-
-	responseBody, err := cli.client.ContainerExport(context.Background(), cmd.Arg(0))
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	if *outfile == "" {
-		_, err := io.Copy(cli.out, responseBody)
-		return err
-	}
-
-	return copyToFile(*outfile, responseBody)
-
-}
--- a/api/client/formatter/custom.go
+++ b/api/client/formatter/custom.go
@@ -234,9 +234,10 @@ func (c *baseSubContext) addHeader(header string) {
 }

 func stripNamePrefix(ss []string) []string {
+	sss := make([]string, len(ss))
 	for i, s := range ss {
-		ss[i] = s[1:]
+		sss[i] = s[1:]
 	}

-	return ss
+	return sss
 }
--- a/api/client/formatter/formatter.go
+++ b/api/client/formatter/formatter.go
@@ -114,35 +114,27 @@ type ImageContext struct {
 func (ctx ContainerContext) Write() {
 	switch ctx.Format {
 	case tableFormatKey:
-		ctx.Format = defaultContainerTableFormat
 		if ctx.Quiet {
 			ctx.Format = defaultQuietFormat
+		} else {
+			ctx.Format = defaultContainerTableFormat
+			if ctx.Size {
+				ctx.Format += `\t{{.Size}}`
+			}
 		}
 	case rawFormatKey:
 		if ctx.Quiet {
 			ctx.Format = `container_id: {{.ID}}`
 		} else {
-			ctx.Format = `container_id: {{.ID}}
-image: {{.Image}}
-command: {{.Command}}
-created_at: {{.CreatedAt}}
-status: {{.Status}}
-names: {{.Names}}
-labels: {{.Labels}}
-ports: {{.Ports}}
-`
+			ctx.Format = `container_id: {{.ID}}\nimage: {{.Image}}\ncommand: {{.Command}}\ncreated_at: {{.CreatedAt}}\nstatus: {{.Status}}\nnames: {{.Names}}\nlabels: {{.Labels}}\nports: {{.Ports}}\n`
 			if ctx.Size {
-				ctx.Format += `size: {{.Size}}
-`
+				ctx.Format += `size: {{.Size}}\n`
 			}
 		}
 	}

 	ctx.buffer = bytes.NewBufferString("")
 	ctx.preformat()
-	if ctx.table && ctx.Size {
-		ctx.finalFormat += "\t{{.Size}}"
-	}

 	tmpl, err := ctx.parseFormat()
 	if err != nil {
@@ -163,6 +155,10 @@ ports: {{.Ports}}
 	ctx.postformat(tmpl, &containerContext{})
 }

+func isDangling(image types.Image) bool {
+	return len(image.RepoTags) == 1 && image.RepoTags[0] == "<none>:<none>" && len(image.RepoDigests) == 1 && image.RepoDigests[0] == "<none>@<none>"
+}
+
 func (ctx ImageContext) Write() {
 	switch ctx.Format {
 	case tableFormatKey:
@@ -208,42 +204,98 @@ virtual_size: {{.Size}}
 	}

 	for _, image := range ctx.Images {
+		images := []*imageContext{}
+		if isDangling(image) {
+			images = append(images, &imageContext{
+				trunc:  ctx.Trunc,
+				i:      image,
+				repo:   "<none>",
+				tag:    "<none>",
+				digest: "<none>",
+			})
+		} else {
+			repoTags := map[string][]string{}
+			repoDigests := map[string][]string{}

-		repoTags := image.RepoTags
-		repoDigests := image.RepoDigests
-
-		if len(repoTags) == 1 && repoTags[0] == "<none>:<none>" && len(repoDigests) == 1 && repoDigests[0] == "<none>@<none>" {
-			// dangling image - clear out either repoTags or repoDigests so we only show it once below
-			repoDigests = []string{}
-		}
-		// combine the tags and digests lists
-		tagsAndDigests := append(repoTags, repoDigests...)
-		for _, repoAndRef := range tagsAndDigests {
-			repo := "<none>"
-			tag := "<none>"
-			digest := "<none>"
-
-			if !strings.HasPrefix(repoAndRef, "<none>") {
-				ref, err := reference.ParseNamed(repoAndRef)
+			for _, refString := range append(image.RepoTags) {
+				ref, err := reference.ParseNamed(refString)
 				if err != nil {
 					continue
 				}
-				repo = ref.Name()
-
-				switch x := ref.(type) {
-				case reference.Canonical:
-					digest = x.Digest().String()
-				case reference.NamedTagged:
-					tag = x.Tag()
+				if nt, ok := ref.(reference.NamedTagged); ok {
+					repoTags[ref.Name()] = append(repoTags[ref.Name()], nt.Tag())
 				}
 			}
-			imageCtx := &imageContext{
-				trunc:  ctx.Trunc,
-				i:      image,
-				repo:   repo,
-				tag:    tag,
-				digest: digest,
+			for _, refString := range append(image.RepoDigests) {
+				ref, err := reference.ParseNamed(refString)
+				if err != nil {
+					continue
+				}
+				if c, ok := ref.(reference.Canonical); ok {
+					repoDigests[ref.Name()] = append(repoDigests[ref.Name()], c.Digest().String())
+				}
 			}
+
+			for repo, tags := range repoTags {
+				digests := repoDigests[repo]
+
+				// Do not display digests as their own row
+				delete(repoDigests, repo)
+
+				if !ctx.Digest {
+					// Ignore digest references, just show tag once
+					digests = nil
+				}
+
+				for _, tag := range tags {
+					if len(digests) == 0 {
+						images = append(images, &imageContext{
+							trunc:  ctx.Trunc,
+							i:      image,
+							repo:   repo,
+							tag:    tag,
+							digest: "<none>",
+						})
+						continue
+					}
+					// Display the digests for each tag
+					for _, dgst := range digests {
+						images = append(images, &imageContext{
+							trunc:  ctx.Trunc,
+							i:      image,
+							repo:   repo,
+							tag:    tag,
+							digest: dgst,
+						})
+					}
+
+				}
+			}
+
+			// Show rows for remaining digest only references
+			for repo, digests := range repoDigests {
+				// If digests are displayed, show row per digest
+				if ctx.Digest {
+					for _, dgst := range digests {
+						images = append(images, &imageContext{
+							trunc:  ctx.Trunc,
+							i:      image,
+							repo:   repo,
+							tag:    "<none>",
+							digest: dgst,
+						})
+					}
+				} else {
+					images = append(images, &imageContext{
+						trunc: ctx.Trunc,
+						i:     image,
+						repo:  repo,
+						tag:   "<none>",
+					})
+				}
+			}
+		}
+		for _, imageCtx := range images {
 			err = ctx.contextFormat(tmpl, imageCtx)
 			if err != nil {
 				return
--- a/api/client/formatter/formatter_test.go
+++ b/api/client/formatter/formatter_test.go
@@ -63,7 +63,7 @@ containerID2        ubuntu              ""                  24 hours ago
 				},
 				Size: true,
 			},
-			"IMAGE               SIZE\nubuntu              0 B\nubuntu              0 B\n",
+			"IMAGE\nubuntu\nubuntu\n",
 		},
 		{
 			ContainerContext{
@@ -230,6 +230,25 @@ func TestContainerContextWriteWithNoContainers(t *testing.T) {
 				},
 				Size: true,
 			},
+			"IMAGE\n",
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "table {{.Image}}\t{{.Size}}",
+					Output: out,
+				},
+			},
+			"IMAGE               SIZE\n",
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "table {{.Image}}\t{{.Size}}",
+					Output: out,
+				},
+				Size: true,
+			},
 			"IMAGE               SIZE\n",
 		},
 	}
@@ -282,7 +301,6 @@ func TestImageContextWrite(t *testing.T) {
 			},
 			`REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
 image               tag1                imageID1            24 hours ago        0 B
-image               <none>              imageID1            24 hours ago        0 B
 image               tag2                imageID2            24 hours ago        0 B
 <none>              <none>              imageID3            24 hours ago        0 B
 `,
@@ -293,7 +311,7 @@ image               tag2                imageID2            24 hours ago
 					Format: "table {{.Repository}}",
 				},
 			},
-			"REPOSITORY\nimage\nimage\nimage\n<none>\n",
+			"REPOSITORY\nimage\nimage\n<none>\n",
 		},
 		{
 			ImageContext{
@@ -303,7 +321,6 @@ image               tag2                imageID2            24 hours ago
 				Digest: true,
 			},
 			`REPOSITORY          DIGEST
-image               <none>
 image               sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
 image               <none>
 <none>              <none>
@@ -316,7 +333,7 @@ image               <none>
 					Quiet:  true,
 				},
 			},
-			"REPOSITORY\nimage\nimage\nimage\n<none>\n",
+			"REPOSITORY\nimage\nimage\n<none>\n",
 		},
 		{
 			ImageContext{
@@ -325,7 +342,7 @@ image               <none>
 					Quiet:  true,
 				},
 			},
-			"imageID1\nimageID1\nimageID2\nimageID3\n",
+			"imageID1\nimageID2\nimageID3\n",
 		},
 		{
 			ImageContext{
@@ -336,8 +353,7 @@ image               <none>
 				Digest: true,
 			},
 			`REPOSITORY          TAG                 DIGEST                                                                    IMAGE ID            CREATED             SIZE
-image               tag1                <none>                                                                    imageID1            24 hours ago        0 B
-image               <none>              sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf   imageID1            24 hours ago        0 B
+image               tag1                sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf   imageID1            24 hours ago        0 B
 image               tag2                <none>                                                                    imageID2            24 hours ago        0 B
 <none>              <none>              <none>                                                                    imageID3            24 hours ago        0 B
 `,
@@ -350,7 +366,7 @@ image               tag2                <none>
 				},
 				Digest: true,
 			},
-			"imageID1\nimageID1\nimageID2\nimageID3\n",
+			"imageID1\nimageID2\nimageID3\n",
 		},
 		// Raw Format
 		{
@@ -365,12 +381,6 @@ image_id: imageID1
 created_at: %s
 virtual_size: 0 B

-repository: image
-tag: <none>
-image_id: imageID1
-created_at: %s
-virtual_size: 0 B
-
 repository: image
 tag: tag2
 image_id: imageID2
@@ -383,7 +393,7 @@ image_id: imageID3
 created_at: %s
 virtual_size: 0 B

-`, expectedTime, expectedTime, expectedTime, expectedTime),
+`, expectedTime, expectedTime, expectedTime),
 		},
 		{
 			ImageContext{
@@ -394,13 +404,6 @@ virtual_size: 0 B
 			},
 			fmt.Sprintf(`repository: image
 tag: tag1
-digest: <none>
-image_id: imageID1
-created_at: %s
-virtual_size: 0 B
-
-repository: image
-tag: <none>
 digest: sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
 image_id: imageID1
 created_at: %s
@@ -420,7 +423,7 @@ image_id: imageID3
 created_at: %s
 virtual_size: 0 B

-`, expectedTime, expectedTime, expectedTime, expectedTime),
+`, expectedTime, expectedTime, expectedTime),
 		},
 		{
 			ImageContext{
@@ -430,7 +433,6 @@ virtual_size: 0 B
 				},
 			},
 			`image_id: imageID1
-image_id: imageID1
 image_id: imageID2
 image_id: imageID3
 `,
@@ -442,7 +444,7 @@ image_id: imageID3
 					Format: "{{.Repository}}",
 				},
 			},
-			"image\nimage\nimage\n<none>\n",
+			"image\nimage\n<none>\n",
 		},
 		{
 			ImageContext{
@@ -451,7 +453,7 @@ image_id: imageID3
 				},
 				Digest: true,
 			},
-			"image\nimage\nimage\n<none>\n",
+			"image\nimage\n<none>\n",
 		},
 	}

--- a/api/client/hijack.go
+++ b/api/client/hijack.go
@@ -2,24 +2,51 @@ package client

 import (
 	"io"
+	"sync"
+
+	"golang.org/x/net/context"

 	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/docker/engine-api/types"
 )

-func (cli *DockerCli) holdHijackedConnection(tty bool, inputStream io.ReadCloser, outputStream, errorStream io.Writer, resp types.HijackedResponse) error {
-	var err error
+// HoldHijackedConnection handles copying input to and output from streams to the
+// connection
+func (cli *DockerCli) HoldHijackedConnection(ctx context.Context, tty bool, inputStream io.ReadCloser, outputStream, errorStream io.Writer, resp types.HijackedResponse) error {
+	var (
+		err         error
+		restoreOnce sync.Once
+	)
+	if inputStream != nil && tty {
+		if err := cli.setRawTerminal(); err != nil {
+			return err
+		}
+		defer func() {
+			restoreOnce.Do(func() {
+				cli.restoreTerminal(inputStream)
+			})
+		}()
+	}
+
 	receiveStdout := make(chan error, 1)
 	if outputStream != nil || errorStream != nil {
 		go func() {
 			// When TTY is ON, use regular copy
 			if tty && outputStream != nil {
 				_, err = io.Copy(outputStream, resp.Reader)
+				// we should restore the terminal as soon as possible once connection end
+				// so any following print messages will be in normal type.
+				if inputStream != nil {
+					restoreOnce.Do(func() {
+						cli.restoreTerminal(inputStream)
+					})
+				}
 			} else {
 				_, err = stdcopy.StdCopy(outputStream, errorStream, resp.Reader)
 			}
-			logrus.Debugf("[hijack] End of stdout")
+
+			logrus.Debug("[hijack] End of stdout")
 			receiveStdout <- err
 		}()
 	}
@@ -28,7 +55,14 @@ func (cli *DockerCli) holdHijackedConnection(tty bool, inputStream io.ReadCloser
 	go func() {
 		if inputStream != nil {
 			io.Copy(resp.Conn, inputStream)
-			logrus.Debugf("[hijack] End of stdin")
+			// we should restore the terminal as soon as possible once connection end
+			// so any following print messages will be in normal type.
+			if tty {
+				restoreOnce.Do(func() {
+					cli.restoreTerminal(inputStream)
+				})
+			}
+			logrus.Debug("[hijack] End of stdin")
 		}

 		if err := resp.CloseWrite(); err != nil {
@@ -45,11 +79,16 @@ func (cli *DockerCli) holdHijackedConnection(tty bool, inputStream io.ReadCloser
 		}
 	case <-stdinDone:
 		if outputStream != nil || errorStream != nil {
-			if err := <-receiveStdout; err != nil {
-				logrus.Debugf("Error receiveStdout: %s", err)
-				return err
+			select {
+			case err := <-receiveStdout:
+				if err != nil {
+					logrus.Debugf("Error receiveStdout: %s", err)
+					return err
+				}
+			case <-ctx.Done():
 			}
 		}
+	case <-ctx.Done():
 	}

 	return nil
--- a/api/client/history.go
+++ b/api/client/history.go
@@ -1,76 +0,0 @@
-package client
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-	"text/tabwriter"
-	"time"
-
-	"golang.org/x/net/context"
-
-	Cli "github.com/docker/docker/cli"
-	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/stringutils"
-	"github.com/docker/go-units"
-)
-
-// CmdHistory shows the history of an image.
-//
-// Usage: docker history [OPTIONS] IMAGE
-func (cli *DockerCli) CmdHistory(args ...string) error {
-	cmd := Cli.Subcmd("history", []string{"IMAGE"}, Cli.DockerCommands["history"].Description, true)
-	human := cmd.Bool([]string{"H", "-human"}, true, "Print sizes and dates in human readable format")
-	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Only show numeric IDs")
-	noTrunc := cmd.Bool([]string{"-no-trunc"}, false, "Don't truncate output")
-	cmd.Require(flag.Exact, 1)
-
-	cmd.ParseFlags(args, true)
-
-	history, err := cli.client.ImageHistory(context.Background(), cmd.Arg(0))
-	if err != nil {
-		return err
-	}
-
-	w := tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
-
-	if *quiet {
-		for _, entry := range history {
-			if *noTrunc {
-				fmt.Fprintf(w, "%s\n", entry.ID)
-			} else {
-				fmt.Fprintf(w, "%s\n", stringid.TruncateID(entry.ID))
-			}
-		}
-		w.Flush()
-		return nil
-	}
-
-	var imageID string
-	var createdBy string
-	var created string
-	var size string
-
-	fmt.Fprintln(w, "IMAGE\tCREATED\tCREATED BY\tSIZE\tCOMMENT")
-	for _, entry := range history {
-		imageID = entry.ID
-		createdBy = strings.Replace(entry.CreatedBy, "\t", " ", -1)
-		if *noTrunc == false {
-			createdBy = stringutils.Truncate(createdBy, 45)
-			imageID = stringid.TruncateID(entry.ID)
-		}
-
-		if *human {
-			created = units.HumanDuration(time.Now().UTC().Sub(time.Unix(entry.Created, 0))) + " ago"
-			size = units.HumanSize(float64(entry.Size))
-		} else {
-			created = time.Unix(entry.Created, 0).Format(time.RFC3339)
-			size = strconv.FormatInt(entry.Size, 10)
-		}
-
-		fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\n", imageID, created, createdBy, size, entry.Comment)
-	}
-	w.Flush()
-	return nil
-}
--- a/api/client/idresolver/idresolver.go
+++ b/api/client/idresolver/idresolver.go
@@ -0,0 +1,70 @@
+package idresolver
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/engine-api/client"
+	"github.com/docker/engine-api/types/swarm"
+)
+
+// IDResolver provides ID to Name resolution.
+type IDResolver struct {
+	client    client.APIClient
+	noResolve bool
+	cache     map[string]string
+}
+
+// New creates a new IDResolver.
+func New(client client.APIClient, noResolve bool) *IDResolver {
+	return &IDResolver{
+		client:    client,
+		noResolve: noResolve,
+		cache:     make(map[string]string),
+	}
+}
+
+func (r *IDResolver) get(ctx context.Context, t interface{}, id string) (string, error) {
+	switch t.(type) {
+	case swarm.Node:
+		node, _, err := r.client.NodeInspectWithRaw(ctx, id)
+		if err != nil {
+			return id, nil
+		}
+		if node.Spec.Annotations.Name != "" {
+			return node.Spec.Annotations.Name, nil
+		}
+		if node.Description.Hostname != "" {
+			return node.Description.Hostname, nil
+		}
+		return id, nil
+	case swarm.Service:
+		service, _, err := r.client.ServiceInspectWithRaw(ctx, id)
+		if err != nil {
+			return id, nil
+		}
+		return service.Spec.Annotations.Name, nil
+	default:
+		return "", fmt.Errorf("unsupported type")
+	}
+
+}
+
+// Resolve will attempt to resolve an ID to a Name by querying the manager.
+// Results are stored into a cache.
+// If the `-n` flag is used in the command-line, resolution is disabled.
+func (r *IDResolver) Resolve(ctx context.Context, t interface{}, id string) (string, error) {
+	if r.noResolve {
+		return id, nil
+	}
+	if name, ok := r.cache[id]; ok {
+		return name, nil
+	}
+	name, err := r.get(ctx, t, id)
+	if err != nil {
+		return "", err
+	}
+	r.cache[id] = name
+	return name, nil
+}
--- a/api/client/image/build.go
+++ b/api/client/image/build.go
@@ -1,4 +1,4 @@
-package client
+package image

 import (
 	"archive/tar"
@@ -14,14 +14,14 @@ import (
 	"golang.org/x/net/context"

 	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/client"
 	"github.com/docker/docker/builder"
 	"github.com/docker/docker/builder/dockerignore"
-	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/cli"
 	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/fileutils"
 	"github.com/docker/docker/pkg/jsonmessage"
-	flag "github.com/docker/docker/pkg/mflag"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/docker/docker/pkg/urlutil"
@@ -30,58 +30,89 @@ import (
 	"github.com/docker/engine-api/types"
 	"github.com/docker/engine-api/types/container"
 	"github.com/docker/go-units"
+	"github.com/spf13/cobra"
 )

-type translatorFunc func(reference.NamedTagged) (reference.Canonical, error)
-
-// CmdBuild builds a new image from the source code at a given path.
-//
-// If '-' is provided instead of a path or URL, Docker will build an image from either a Dockerfile or tar archive read from STDIN.
-//
-// Usage: docker build [OPTIONS] PATH | URL | -
-func (cli *DockerCli) CmdBuild(args ...string) error {
-	cmd := Cli.Subcmd("build", []string{"PATH | URL | -"}, Cli.DockerCommands["build"].Description, true)
-	flTags := opts.NewListOpts(validateTag)
-	cmd.Var(&flTags, []string{"t", "-tag"}, "Name and optionally a tag in the 'name:tag' format")
-	suppressOutput := cmd.Bool([]string{"q", "-quiet"}, false, "Suppress the build output and print image ID on success")
-	noCache := cmd.Bool([]string{"-no-cache"}, false, "Do not use cache when building the image")
-	rm := cmd.Bool([]string{"-rm"}, true, "Remove intermediate containers after a successful build")
-	forceRm := cmd.Bool([]string{"-force-rm"}, false, "Always remove intermediate containers")
-	pull := cmd.Bool([]string{"-pull"}, false, "Always attempt to pull a newer version of the image")
-	dockerfileName := cmd.String([]string{"f", "-file"}, "", "Name of the Dockerfile (Default is 'PATH/Dockerfile')")
-	flMemoryString := cmd.String([]string{"m", "-memory"}, "", "Memory limit")
-	flMemorySwap := cmd.String([]string{"-memory-swap"}, "", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap")
-	flShmSize := cmd.String([]string{"-shm-size"}, "", "Size of /dev/shm, default value is 64MB")
-	flCPUShares := cmd.Int64([]string{"#c", "-cpu-shares"}, 0, "CPU shares (relative weight)")
-	flCPUPeriod := cmd.Int64([]string{"-cpu-period"}, 0, "Limit the CPU CFS (Completely Fair Scheduler) period")
-	flCPUQuota := cmd.Int64([]string{"-cpu-quota"}, 0, "Limit the CPU CFS (Completely Fair Scheduler) quota")
-	flCPUSetCpus := cmd.String([]string{"-cpuset-cpus"}, "", "CPUs in which to allow execution (0-3, 0,1)")
-	flCPUSetMems := cmd.String([]string{"-cpuset-mems"}, "", "MEMs in which to allow execution (0-3, 0,1)")
-	flCgroupParent := cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
-	flBuildArg := opts.NewListOpts(runconfigopts.ValidateEnv)
-	cmd.Var(&flBuildArg, []string{"-build-arg"}, "Set build-time variables")
-	isolation := cmd.String([]string{"-isolation"}, "", "Container isolation technology")
-
-	flLabels := opts.NewListOpts(nil)
-	cmd.Var(&flLabels, []string{"-label"}, "Set metadata for an image")
+type buildOptions struct {
+	context        string
+	dockerfileName string
+	tags           opts.ListOpts
+	labels         opts.ListOpts
+	buildArgs      opts.ListOpts
+	ulimits        *runconfigopts.UlimitOpt
+	memory         string
+	memorySwap     string
+	shmSize        string
+	cpuShares      int64
+	cpuPeriod      int64
+	cpuQuota       int64
+	cpuSetCpus     string
+	cpuSetMems     string
+	cgroupParent   string
+	isolation      string
+	quiet          bool
+	noCache        bool
+	rm             bool
+	forceRm        bool
+	pull           bool
+}

+// NewBuildCommand creates a new `docker build` command
+func NewBuildCommand(dockerCli *client.DockerCli) *cobra.Command {
 	ulimits := make(map[string]*units.Ulimit)
-	flUlimits := runconfigopts.NewUlimitOpt(&ulimits)
-	cmd.Var(flUlimits, []string{"-ulimit"}, "Ulimit options")
+	options := buildOptions{
+		tags:      opts.NewListOpts(validateTag),
+		buildArgs: opts.NewListOpts(runconfigopts.ValidateEnv),
+		ulimits:   runconfigopts.NewUlimitOpt(&ulimits),
+		labels:    opts.NewListOpts(runconfigopts.ValidateEnv),
+	}

-	cmd.Require(flag.Exact, 1)
+	cmd := &cobra.Command{
+		Use:   "build [OPTIONS] PATH | URL | -",
+		Short: "Build an image from a Dockerfile",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			options.context = args[0]
+			return runBuild(dockerCli, options)
+		},
+	}

-	// For trusted pull on "FROM <image>" instruction.
-	addTrustedFlags(cmd, true)
+	flags := cmd.Flags()

-	cmd.ParseFlags(args, true)
+	flags.VarP(&options.tags, "tag", "t", "Name and optionally a tag in the 'name:tag' format")
+	flags.Var(&options.buildArgs, "build-arg", "Set build-time variables")
+	flags.Var(options.ulimits, "ulimit", "Ulimit options")
+	flags.StringVarP(&options.dockerfileName, "file", "f", "", "Name of the Dockerfile (Default is 'PATH/Dockerfile')")
+	flags.StringVarP(&options.memory, "memory", "m", "", "Memory limit")
+	flags.StringVar(&options.memorySwap, "memory-swap", "", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap")
+	flags.StringVar(&options.shmSize, "shm-size", "", "Size of /dev/shm, default value is 64MB")
+	flags.Int64VarP(&options.cpuShares, "cpu-shares", "c", 0, "CPU shares (relative weight)")
+	flags.Int64Var(&options.cpuPeriod, "cpu-period", 0, "Limit the CPU CFS (Completely Fair Scheduler) period")
+	flags.Int64Var(&options.cpuQuota, "cpu-quota", 0, "Limit the CPU CFS (Completely Fair Scheduler) quota")
+	flags.StringVar(&options.cpuSetCpus, "cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)")
+	flags.StringVar(&options.cpuSetMems, "cpuset-mems", "", "MEMs in which to allow execution (0-3, 0,1)")
+	flags.StringVar(&options.cgroupParent, "cgroup-parent", "", "Optional parent cgroup for the container")
+	flags.StringVar(&options.isolation, "isolation", "", "Container isolation technology")
+	flags.Var(&options.labels, "label", "Set metadata for an image")
+	flags.BoolVar(&options.noCache, "no-cache", false, "Do not use cache when building the image")
+	flags.BoolVar(&options.rm, "rm", true, "Remove intermediate containers after a successful build")
+	flags.BoolVar(&options.forceRm, "force-rm", false, "Always remove intermediate containers")
+	flags.BoolVarP(&options.quiet, "quiet", "q", false, "Suppress the build output and print image ID on success")
+	flags.BoolVar(&options.pull, "pull", false, "Always attempt to pull a newer version of the image")
+
+	client.AddTrustedFlags(flags, true)
+
+	return cmd
+}
+
+func runBuild(dockerCli *client.DockerCli, options buildOptions) error {

 	var (
-		ctx io.ReadCloser
-		err error
+		buildCtx io.ReadCloser
+		err      error
 	)

-	specifiedContext := cmd.Arg(0)
+	specifiedContext := options.context

 	var (
 		contextDir    string
@@ -91,27 +122,27 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 		buildBuff     io.Writer
 	)

-	progBuff = cli.out
-	buildBuff = cli.out
-	if *suppressOutput {
+	progBuff = dockerCli.Out()
+	buildBuff = dockerCli.Out()
+	if options.quiet {
 		progBuff = bytes.NewBuffer(nil)
 		buildBuff = bytes.NewBuffer(nil)
 	}

 	switch {
 	case specifiedContext == "-":
-		ctx, relDockerfile, err = builder.GetContextFromReader(cli.in, *dockerfileName)
+		buildCtx, relDockerfile, err = builder.GetContextFromReader(dockerCli.In(), options.dockerfileName)
 	case urlutil.IsGitURL(specifiedContext):
-		tempDir, relDockerfile, err = builder.GetContextFromGitURL(specifiedContext, *dockerfileName)
+		tempDir, relDockerfile, err = builder.GetContextFromGitURL(specifiedContext, options.dockerfileName)
 	case urlutil.IsURL(specifiedContext):
-		ctx, relDockerfile, err = builder.GetContextFromURL(progBuff, specifiedContext, *dockerfileName)
+		buildCtx, relDockerfile, err = builder.GetContextFromURL(progBuff, specifiedContext, options.dockerfileName)
 	default:
-		contextDir, relDockerfile, err = builder.GetContextFromLocalDir(specifiedContext, *dockerfileName)
+		contextDir, relDockerfile, err = builder.GetContextFromLocalDir(specifiedContext, options.dockerfileName)
 	}

 	if err != nil {
-		if *suppressOutput && urlutil.IsURL(specifiedContext) {
-			fmt.Fprintln(cli.err, progBuff)
+		if options.quiet && urlutil.IsURL(specifiedContext) {
+			fmt.Fprintln(dockerCli.Err(), progBuff)
 		}
 		return fmt.Errorf("unable to prepare context: %s", err)
 	}
@@ -121,7 +152,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 		contextDir = tempDir
 	}

-	if ctx == nil {
+	if buildCtx == nil {
 		// And canonicalize dockerfile name to a platform-independent one
 		relDockerfile, err = archive.CanonicalTarNameForPath(relDockerfile)
 		if err != nil {
@@ -159,7 +190,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 			includes = append(includes, ".dockerignore", relDockerfile)
 		}

-		ctx, err = archive.TarWithOptions(contextDir, &archive.TarOptions{
+		buildCtx, err = archive.TarWithOptions(contextDir, &archive.TarOptions{
 			Compression:     archive.Uncompressed,
 			ExcludePatterns: excludes,
 			IncludeFiles:    includes,
@@ -169,21 +200,23 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 		}
 	}

+	ctx := context.Background()
+
 	var resolvedTags []*resolvedTag
-	if isTrusted() {
+	if client.IsTrusted() {
 		// Wrap the tar archive to replace the Dockerfile entry with the rewritten
 		// Dockerfile which uses trusted pulls.
-		ctx = replaceDockerfileTarWrapper(ctx, relDockerfile, cli.trustedReference, &resolvedTags)
+		buildCtx = replaceDockerfileTarWrapper(ctx, buildCtx, relDockerfile, dockerCli.TrustedReference, &resolvedTags)
 	}

 	// Setup an upload progress bar
 	progressOutput := streamformatter.NewStreamFormatter().NewProgressOutput(progBuff, true)

-	var body io.Reader = progress.NewProgressReader(ctx, progressOutput, 0, "", "Sending build context to Docker daemon")
+	var body io.Reader = progress.NewProgressReader(buildCtx, progressOutput, 0, "", "Sending build context to Docker daemon")

 	var memory int64
-	if *flMemoryString != "" {
-		parsedMemory, err := units.RAMInBytes(*flMemoryString)
+	if options.memory != "" {
+		parsedMemory, err := units.RAMInBytes(options.memory)
 		if err != nil {
 			return err
 		}
@@ -191,11 +224,11 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 	}

 	var memorySwap int64
-	if *flMemorySwap != "" {
-		if *flMemorySwap == "-1" {
+	if options.memorySwap != "" {
+		if options.memorySwap == "-1" {
 			memorySwap = -1
 		} else {
-			parsedMemorySwap, err := units.RAMInBytes(*flMemorySwap)
+			parsedMemorySwap, err := units.RAMInBytes(options.memorySwap)
 			if err != nil {
 				return err
 			}
@@ -204,75 +237,74 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 	}

 	var shmSize int64
-	if *flShmSize != "" {
-		shmSize, err = units.RAMInBytes(*flShmSize)
+	if options.shmSize != "" {
+		shmSize, err = units.RAMInBytes(options.shmSize)
 		if err != nil {
 			return err
 		}
 	}

-	options := types.ImageBuildOptions{
-		Context:        body,
+	buildOptions := types.ImageBuildOptions{
 		Memory:         memory,
 		MemorySwap:     memorySwap,
-		Tags:           flTags.GetAll(),
-		SuppressOutput: *suppressOutput,
-		NoCache:        *noCache,
-		Remove:         *rm,
-		ForceRemove:    *forceRm,
-		PullParent:     *pull,
-		Isolation:      container.Isolation(*isolation),
-		CPUSetCPUs:     *flCPUSetCpus,
-		CPUSetMems:     *flCPUSetMems,
-		CPUShares:      *flCPUShares,
-		CPUQuota:       *flCPUQuota,
-		CPUPeriod:      *flCPUPeriod,
-		CgroupParent:   *flCgroupParent,
+		Tags:           options.tags.GetAll(),
+		SuppressOutput: options.quiet,
+		NoCache:        options.noCache,
+		Remove:         options.rm,
+		ForceRemove:    options.forceRm,
+		PullParent:     options.pull,
+		Isolation:      container.Isolation(options.isolation),
+		CPUSetCPUs:     options.cpuSetCpus,
+		CPUSetMems:     options.cpuSetMems,
+		CPUShares:      options.cpuShares,
+		CPUQuota:       options.cpuQuota,
+		CPUPeriod:      options.cpuPeriod,
+		CgroupParent:   options.cgroupParent,
 		Dockerfile:     relDockerfile,
 		ShmSize:        shmSize,
-		Ulimits:        flUlimits.GetList(),
-		BuildArgs:      runconfigopts.ConvertKVStringsToMap(flBuildArg.GetAll()),
-		AuthConfigs:    cli.retrieveAuthConfigs(),
-		Labels:         runconfigopts.ConvertKVStringsToMap(flLabels.GetAll()),
+		Ulimits:        options.ulimits.GetList(),
+		BuildArgs:      runconfigopts.ConvertKVStringsToMap(options.buildArgs.GetAll()),
+		AuthConfigs:    dockerCli.RetrieveAuthConfigs(),
+		Labels:         runconfigopts.ConvertKVStringsToMap(options.labels.GetAll()),
 	}

-	response, err := cli.client.ImageBuild(context.Background(), options)
+	response, err := dockerCli.Client().ImageBuild(ctx, body, buildOptions)
 	if err != nil {
 		return err
 	}
 	defer response.Body.Close()

-	err = jsonmessage.DisplayJSONMessagesStream(response.Body, buildBuff, cli.outFd, cli.isTerminalOut, nil)
+	err = jsonmessage.DisplayJSONMessagesStream(response.Body, buildBuff, dockerCli.OutFd(), dockerCli.IsTerminalOut(), nil)
 	if err != nil {
 		if jerr, ok := err.(*jsonmessage.JSONError); ok {
 			// If no error code is set, default to 1
 			if jerr.Code == 0 {
 				jerr.Code = 1
 			}
-			if *suppressOutput {
-				fmt.Fprintf(cli.err, "%s%s", progBuff, buildBuff)
+			if options.quiet {
+				fmt.Fprintf(dockerCli.Err(), "%s%s", progBuff, buildBuff)
 			}
-			return Cli.StatusError{Status: jerr.Message, StatusCode: jerr.Code}
+			return cli.StatusError{Status: jerr.Message, StatusCode: jerr.Code}
 		}
 	}

 	// Windows: show error message about modified file permissions if the
 	// daemon isn't running Windows.
 	if response.OSType != "windows" && runtime.GOOS == "windows" {
-		fmt.Fprintln(cli.err, `SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.`)
+		fmt.Fprintln(dockerCli.Err(), `SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.`)
 	}

 	// Everything worked so if -q was provided the output from the daemon
 	// should be just the image ID and we'll print that to stdout.
-	if *suppressOutput {
-		fmt.Fprintf(cli.out, "%s", buildBuff)
+	if options.quiet {
+		fmt.Fprintf(dockerCli.Out(), "%s", buildBuff)
 	}

-	if isTrusted() {
+	if client.IsTrusted() {
 		// Since the build was successful, now we must tag any of the resolved
 		// images from the above Dockerfile rewrite.
 		for _, resolved := range resolvedTags {
-			if err := cli.tagTrusted(resolved.digestRef, resolved.tagRef); err != nil {
+			if err := dockerCli.TagTrusted(ctx, resolved.digestRef, resolved.tagRef); err != nil {
 				return err
 			}
 		}
@@ -281,6 +313,8 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 	return nil
 }

+type translatorFunc func(context.Context, reference.NamedTagged) (reference.Canonical, error)
+
 // validateTag checks if the given image name can be resolved.
 func validateTag(rawRepo string) (string, error) {
 	_, err := reference.ParseNamed(rawRepo)
@@ -304,7 +338,7 @@ type resolvedTag struct {
 // "FROM <image>" instructions to a digest reference. `translator` is a
 // function that takes a repository name and tag reference and returns a
 // trusted digest reference.
-func rewriteDockerfileFrom(dockerfile io.Reader, translator translatorFunc) (newDockerfile []byte, resolvedTags []*resolvedTag, err error) {
+func rewriteDockerfileFrom(ctx context.Context, dockerfile io.Reader, translator translatorFunc) (newDockerfile []byte, resolvedTags []*resolvedTag, err error) {
 	scanner := bufio.NewScanner(dockerfile)
 	buf := bytes.NewBuffer(nil)

@@ -320,8 +354,8 @@ func rewriteDockerfileFrom(dockerfile io.Reader, translator translatorFunc) (new
 				return nil, nil, err
 			}
 			ref = reference.WithDefaultTag(ref)
-			if ref, ok := ref.(reference.NamedTagged); ok && isTrusted() {
-				trustedRef, err := translator(ref)
+			if ref, ok := ref.(reference.NamedTagged); ok && client.IsTrusted() {
+				trustedRef, err := translator(ctx, ref)
 				if err != nil {
 					return nil, nil, err
 				}
@@ -347,7 +381,7 @@ func rewriteDockerfileFrom(dockerfile io.Reader, translator translatorFunc) (new
 // replaces the entry with the given Dockerfile name with the contents of the
 // new Dockerfile. Returns a new tar archive stream with the replaced
 // Dockerfile.
-func replaceDockerfileTarWrapper(inputTarStream io.ReadCloser, dockerfileName string, translator translatorFunc, resolvedTags *[]*resolvedTag) io.ReadCloser {
+func replaceDockerfileTarWrapper(ctx context.Context, inputTarStream io.ReadCloser, dockerfileName string, translator translatorFunc, resolvedTags *[]*resolvedTag) io.ReadCloser {
 	pipeReader, pipeWriter := io.Pipe()
 	go func() {
 		tarReader := tar.NewReader(inputTarStream)
@@ -374,7 +408,7 @@ func replaceDockerfileTarWrapper(inputTarStream io.ReadCloser, dockerfileName st
 				// generated from a directory on the local filesystem, the
 				// Dockerfile will only appear once in the archive.
 				var newDockerfile []byte
-				newDockerfile, *resolvedTags, err = rewriteDockerfileFrom(content, translator)
+				newDockerfile, *resolvedTags, err = rewriteDockerfileFrom(ctx, content, translator)
 				if err != nil {
 					pipeWriter.CloseWithError(err)
 					return
--- a/api/client/image/history.go
+++ b/api/client/image/history.go
@@ -0,0 +1,99 @@
+package image
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"text/tabwriter"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/go-units"
+	"github.com/spf13/cobra"
+)
+
+type historyOptions struct {
+	image string
+
+	human   bool
+	quiet   bool
+	noTrunc bool
+}
+
+// NewHistoryCommand create a new `docker history` command
+func NewHistoryCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts historyOptions
+
+	cmd := &cobra.Command{
+		Use:   "history [OPTIONS] IMAGE",
+		Short: "Show the history of an image",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.image = args[0]
+			return runHistory(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.human, "human", "H", true, "Print sizes and dates in human readable format")
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only show numeric IDs")
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
+
+	return cmd
+}
+
+func runHistory(dockerCli *client.DockerCli, opts historyOptions) error {
+	ctx := context.Background()
+
+	history, err := dockerCli.Client().ImageHistory(ctx, opts.image)
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
+
+	if opts.quiet {
+		for _, entry := range history {
+			if opts.noTrunc {
+				fmt.Fprintf(w, "%s\n", entry.ID)
+			} else {
+				fmt.Fprintf(w, "%s\n", stringid.TruncateID(entry.ID))
+			}
+		}
+		w.Flush()
+		return nil
+	}
+
+	var imageID string
+	var createdBy string
+	var created string
+	var size string
+
+	fmt.Fprintln(w, "IMAGE\tCREATED\tCREATED BY\tSIZE\tCOMMENT")
+	for _, entry := range history {
+		imageID = entry.ID
+		createdBy = strings.Replace(entry.CreatedBy, "\t", " ", -1)
+		if opts.noTrunc == false {
+			createdBy = stringutils.Truncate(createdBy, 45)
+			imageID = stringid.TruncateID(entry.ID)
+		}
+
+		if opts.human {
+			created = units.HumanDuration(time.Now().UTC().Sub(time.Unix(entry.Created, 0))) + " ago"
+			size = units.HumanSize(float64(entry.Size))
+		} else {
+			created = time.Unix(entry.Created, 0).Format(time.RFC3339)
+			size = strconv.FormatInt(entry.Size, 10)
+		}
+
+		fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\n", imageID, created, createdBy, size, entry.Comment)
+	}
+	w.Flush()
+	return nil
+}
--- a/api/client/image/images.go
+++ b/api/client/image/images.go
@@ -0,0 +1,103 @@
+package image
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/api/client/formatter"
+	"github.com/docker/docker/cli"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/filters"
+	"github.com/spf13/cobra"
+)
+
+type imagesOptions struct {
+	matchName string
+
+	quiet       bool
+	all         bool
+	noTrunc     bool
+	showDigests bool
+	format      string
+	filter      []string
+}
+
+// NewImagesCommand create a new `docker images` command
+func NewImagesCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts imagesOptions
+
+	cmd := &cobra.Command{
+		Use:   "images [OPTIONS] [REPOSITORY[:TAG]]",
+		Short: "List images",
+		Args:  cli.RequiresMaxArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				opts.matchName = args[0]
+			}
+			return runImages(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only show numeric IDs")
+	flags.BoolVarP(&opts.all, "all", "a", false, "Show all images (default hides intermediate images)")
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
+	flags.BoolVar(&opts.showDigests, "digests", false, "Show digests")
+	flags.StringVar(&opts.format, "format", "", "Pretty-print images using a Go template")
+	flags.StringSliceVarP(&opts.filter, "filter", "f", []string{}, "Filter output based on conditions provided")
+
+	return cmd
+}
+
+func runImages(dockerCli *client.DockerCli, opts imagesOptions) error {
+	ctx := context.Background()
+
+	// Consolidate all filter flags, and sanity check them early.
+	// They'll get process in the daemon/server.
+	imageFilterArgs := filters.NewArgs()
+	for _, f := range opts.filter {
+		var err error
+		imageFilterArgs, err = filters.ParseFlag(f, imageFilterArgs)
+		if err != nil {
+			return err
+		}
+	}
+
+	matchName := opts.matchName
+
+	options := types.ImageListOptions{
+		MatchName: matchName,
+		All:       opts.all,
+		Filters:   imageFilterArgs,
+	}
+
+	images, err := dockerCli.Client().ImageList(ctx, options)
+	if err != nil {
+		return err
+	}
+
+	f := opts.format
+	if len(f) == 0 {
+		if len(dockerCli.ImagesFormat()) > 0 && !opts.quiet {
+			f = dockerCli.ImagesFormat()
+		} else {
+			f = "table"
+		}
+	}
+
+	imagesCtx := formatter.ImageContext{
+		Context: formatter.Context{
+			Output: dockerCli.Out(),
+			Format: f,
+			Quiet:  opts.quiet,
+			Trunc:  !opts.noTrunc,
+		},
+		Digest: opts.showDigests,
+		Images: images,
+	}
+
+	imagesCtx.Write()
+
+	return nil
+}
--- a/api/client/image/import.go
+++ b/api/client/image/import.go
@@ -0,0 +1,86 @@
+package image
+
+import (
+	"io"
+	"os"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/pkg/urlutil"
+	"github.com/docker/engine-api/types"
+	"github.com/spf13/cobra"
+)
+
+type importOptions struct {
+	source    string
+	reference string
+	changes   []string
+	message   string
+}
+
+// NewImportCommand creates a new `docker import` command
+func NewImportCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts importOptions
+
+	cmd := &cobra.Command{
+		Use:   "import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]",
+		Short: "Import the contents from a tarball to create a filesystem image",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.source = args[0]
+			if len(args) > 1 {
+				opts.reference = args[1]
+			}
+			return runImport(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.StringSliceVarP(&opts.changes, "change", "c", []string{}, "Apply Dockerfile instruction to the created image")
+	flags.StringVarP(&opts.message, "message", "m", "", "Set commit message for imported image")
+
+	return cmd
+}
+
+func runImport(dockerCli *client.DockerCli, opts importOptions) error {
+	var (
+		in      io.Reader
+		srcName = opts.source
+	)
+
+	if opts.source == "-" {
+		in = dockerCli.In()
+	} else if !urlutil.IsURL(opts.source) {
+		srcName = "-"
+		file, err := os.Open(opts.source)
+		if err != nil {
+			return err
+		}
+		defer file.Close()
+		in = file
+	}
+
+	source := types.ImageImportSource{
+		Source:     in,
+		SourceName: srcName,
+	}
+
+	options := types.ImageImportOptions{
+		Message: opts.message,
+		Changes: opts.changes,
+	}
+
+	clnt := dockerCli.Client()
+
+	responseBody, err := clnt.ImageImport(context.Background(), source, opts.reference, options)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	return jsonmessage.DisplayJSONMessagesStream(responseBody, dockerCli.Out(), dockerCli.OutFd(), dockerCli.IsTerminalOut(), nil)
+}
--- a/api/client/image/load.go
+++ b/api/client/image/load.go
@@ -0,0 +1,67 @@
+package image
+
+import (
+	"io"
+	"os"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/spf13/cobra"
+)
+
+type loadOptions struct {
+	input string
+	quiet bool
+}
+
+// NewLoadCommand creates a new `docker load` command
+func NewLoadCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts loadOptions
+
+	cmd := &cobra.Command{
+		Use:   "load [OPTIONS]",
+		Short: "Load an image from a tar archive or STDIN",
+		Args:  cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runLoad(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.StringVarP(&opts.input, "input", "i", "", "Read from tar archive file, instead of STDIN")
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Suppress the load output")
+
+	return cmd
+}
+
+func runLoad(dockerCli *client.DockerCli, opts loadOptions) error {
+
+	var input io.Reader = dockerCli.In()
+	if opts.input != "" {
+		file, err := os.Open(opts.input)
+		if err != nil {
+			return err
+		}
+		defer file.Close()
+		input = file
+	}
+	if !dockerCli.IsTerminalOut() {
+		opts.quiet = true
+	}
+	response, err := dockerCli.Client().ImageLoad(context.Background(), input, opts.quiet)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.Body != nil && response.JSON {
+		return jsonmessage.DisplayJSONMessagesStream(response.Body, dockerCli.Out(), dockerCli.OutFd(), dockerCli.IsTerminalOut(), nil)
+	}
+
+	_, err = io.Copy(dockerCli.Out(), response.Body)
+	return err
+}
--- a/api/client/image/pull.go
+++ b/api/client/image/pull.go
@@ -0,0 +1,85 @@
+package image
+
+import (
+	"errors"
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/spf13/cobra"
+)
+
+type pullOptions struct {
+	remote string
+	all    bool
+}
+
+// NewPullCommand creates a new `docker pull` command
+func NewPullCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts pullOptions
+
+	cmd := &cobra.Command{
+		Use:   "pull [OPTIONS] NAME[:TAG|@DIGEST]",
+		Short: "Pull an image or a repository from a registry",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.remote = args[0]
+			return runPull(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.all, "all-tags", "a", false, "Download all tagged images in the repository")
+	client.AddTrustedFlags(flags, true)
+
+	return cmd
+}
+
+func runPull(dockerCli *client.DockerCli, opts pullOptions) error {
+	distributionRef, err := reference.ParseNamed(opts.remote)
+	if err != nil {
+		return err
+	}
+	if opts.all && !reference.IsNameOnly(distributionRef) {
+		return errors.New("tag can't be used with --all-tags/-a")
+	}
+
+	if !opts.all && reference.IsNameOnly(distributionRef) {
+		distributionRef = reference.WithDefaultTag(distributionRef)
+		fmt.Fprintf(dockerCli.Out(), "Using default tag: %s\n", reference.DefaultTag)
+	}
+
+	var tag string
+	switch x := distributionRef.(type) {
+	case reference.Canonical:
+		tag = x.Digest().String()
+	case reference.NamedTagged:
+		tag = x.Tag()
+	}
+
+	registryRef := registry.ParseReference(tag)
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(distributionRef)
+	if err != nil {
+		return err
+	}
+
+	ctx := context.Background()
+
+	authConfig := dockerCli.ResolveAuthConfig(ctx, repoInfo.Index)
+	requestPrivilege := dockerCli.RegistryAuthenticationPrivilegedFunc(repoInfo.Index, "pull")
+
+	if client.IsTrusted() && !registryRef.HasDigest() {
+		// Check if tag is digest
+		return dockerCli.TrustedPull(ctx, repoInfo, registryRef, authConfig, requestPrivilege)
+	}
+
+	return dockerCli.ImagePullPrivileged(ctx, authConfig, distributionRef.String(), requestPrivilege, opts.all)
+
+}
--- a/api/client/image/push.go
+++ b/api/client/image/push.go
@@ -0,0 +1,62 @@
+package image
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/spf13/cobra"
+)
+
+// NewPushCommand creates a new `docker push` command
+func NewPushCommand(dockerCli *client.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "push [OPTIONS] NAME[:TAG]",
+		Short: "Push an image or a repository to a registry",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runPush(dockerCli, args[0])
+		},
+	}
+
+	flags := cmd.Flags()
+
+	client.AddTrustedFlags(flags, true)
+
+	return cmd
+}
+
+func runPush(dockerCli *client.DockerCli, remote string) error {
+	ref, err := reference.ParseNamed(remote)
+	if err != nil {
+		return err
+	}
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
+	if err != nil {
+		return err
+	}
+
+	ctx := context.Background()
+
+	// Resolve the Auth config relevant for this server
+	authConfig := dockerCli.ResolveAuthConfig(ctx, repoInfo.Index)
+	requestPrivilege := dockerCli.RegistryAuthenticationPrivilegedFunc(repoInfo.Index, "push")
+
+	if client.IsTrusted() {
+		return dockerCli.TrustedPush(ctx, repoInfo, ref, authConfig, requestPrivilege)
+	}
+
+	responseBody, err := dockerCli.ImagePushPrivileged(ctx, authConfig, ref.String(), requestPrivilege)
+	if err != nil {
+		return err
+	}
+
+	defer responseBody.Close()
+
+	return jsonmessage.DisplayJSONMessagesStream(responseBody, dockerCli.Out(), dockerCli.OutFd(), dockerCli.IsTerminalOut(), nil)
+}
--- a/api/client/image/remove.go
+++ b/api/client/image/remove.go
@@ -0,0 +1,70 @@
+package image
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/engine-api/types"
+	"github.com/spf13/cobra"
+)
+
+type removeOptions struct {
+	force   bool
+	noPrune bool
+}
+
+// NewRemoveCommand create a new `docker remove` command
+func NewRemoveCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts removeOptions
+
+	cmd := &cobra.Command{
+		Use:   "rmi [OPTIONS] IMAGE [IMAGE...]",
+		Short: "Remove one or more images",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runRemove(dockerCli, opts, args)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVarP(&opts.force, "force", "f", false, "Force removal of the image")
+	flags.BoolVar(&opts.noPrune, "no-prune", false, "Do not delete untagged parents")
+
+	return cmd
+}
+
+func runRemove(dockerCli *client.DockerCli, opts removeOptions, images []string) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	options := types.ImageRemoveOptions{
+		Force:         opts.force,
+		PruneChildren: !opts.noPrune,
+	}
+
+	var errs []string
+	for _, image := range images {
+		dels, err := client.ImageRemove(ctx, image, options)
+		if err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			for _, del := range dels {
+				if del.Deleted != "" {
+					fmt.Fprintf(dockerCli.Out(), "Deleted: %s\n", del.Deleted)
+				} else {
+					fmt.Fprintf(dockerCli.Out(), "Untagged: %s\n", del.Untagged)
+				}
+			}
+		}
+	}
+
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/image/save.go
+++ b/api/client/image/save.go
@@ -0,0 +1,57 @@
+package image
+
+import (
+	"errors"
+	"io"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type saveOptions struct {
+	images []string
+	output string
+}
+
+// NewSaveCommand creates a new `docker save` command
+func NewSaveCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts saveOptions
+
+	cmd := &cobra.Command{
+		Use:   "save [OPTIONS] IMAGE [IMAGE...]",
+		Short: "Save one or more images to a tar archive (streamed to STDOUT by default)",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.images = args
+			return runSave(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.StringVarP(&opts.output, "output", "o", "", "Write to a file, instead of STDOUT")
+
+	return cmd
+}
+
+func runSave(dockerCli *client.DockerCli, opts saveOptions) error {
+	if opts.output == "" && dockerCli.IsTerminalOut() {
+		return errors.New("Cowardly refusing to save to a terminal. Use the -o flag or redirect.")
+	}
+
+	responseBody, err := dockerCli.Client().ImageSave(context.Background(), opts.images)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	if opts.output == "" {
+		_, err := io.Copy(dockerCli.Out(), responseBody)
+		return err
+	}
+
+	return client.CopyToFile(opts.output, responseBody)
+}
--- a/api/client/image/search.go
+++ b/api/client/image/search.go
@@ -0,0 +1,135 @@
+package image
+
+import (
+	"fmt"
+	"sort"
+	"strings"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/docker/registry"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/filters"
+	registrytypes "github.com/docker/engine-api/types/registry"
+	"github.com/spf13/cobra"
+)
+
+type searchOptions struct {
+	term    string
+	noTrunc bool
+	limit   int
+	filter  []string
+
+	// Deprecated
+	stars     uint
+	automated bool
+}
+
+// NewSearchCommand create a new `docker search` command
+func NewSearchCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts searchOptions
+
+	cmd := &cobra.Command{
+		Use:   "search [OPTIONS] TERM",
+		Short: "Search the Docker Hub for images",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.term = args[0]
+			return runSearch(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Don't truncate output")
+	flags.StringSliceVarP(&opts.filter, "filter", "f", []string{}, "Filter output based on conditions provided")
+	flags.IntVar(&opts.limit, "limit", registry.DefaultSearchLimit, "Max number of search results")
+
+	flags.BoolVar(&opts.automated, "automated", false, "Only show automated builds")
+	flags.UintVarP(&opts.stars, "stars", "s", 0, "Only displays with at least x stars")
+
+	flags.MarkDeprecated("automated", "use --filter=automated=true instead")
+	flags.MarkDeprecated("stars", "use --filter=stars=3 instead")
+
+	return cmd
+}
+
+func runSearch(dockerCli *client.DockerCli, opts searchOptions) error {
+	indexInfo, err := registry.ParseSearchIndexInfo(opts.term)
+	if err != nil {
+		return err
+	}
+
+	ctx := context.Background()
+
+	authConfig := dockerCli.ResolveAuthConfig(ctx, indexInfo)
+	requestPrivilege := dockerCli.RegistryAuthenticationPrivilegedFunc(indexInfo, "search")
+
+	encodedAuth, err := client.EncodeAuthToBase64(authConfig)
+	if err != nil {
+		return err
+	}
+
+	searchFilters := filters.NewArgs()
+	for _, f := range opts.filter {
+		var err error
+		searchFilters, err = filters.ParseFlag(f, searchFilters)
+		if err != nil {
+			return err
+		}
+	}
+
+	options := types.ImageSearchOptions{
+		RegistryAuth:  encodedAuth,
+		PrivilegeFunc: requestPrivilege,
+		Filters:       searchFilters,
+		Limit:         opts.limit,
+	}
+
+	clnt := dockerCli.Client()
+
+	unorderedResults, err := clnt.ImageSearch(ctx, opts.term, options)
+	if err != nil {
+		return err
+	}
+
+	results := searchResultsByStars(unorderedResults)
+	sort.Sort(results)
+
+	w := tabwriter.NewWriter(dockerCli.Out(), 10, 1, 3, ' ', 0)
+	fmt.Fprintf(w, "NAME\tDESCRIPTION\tSTARS\tOFFICIAL\tAUTOMATED\n")
+	for _, res := range results {
+		// --automated and -s, --stars are deprecated since Docker 1.12
+		if (opts.automated && !res.IsAutomated) || (int(opts.stars) > res.StarCount) {
+			continue
+		}
+		desc := strings.Replace(res.Description, "\n", " ", -1)
+		desc = strings.Replace(desc, "\r", " ", -1)
+		if !opts.noTrunc && len(desc) > 45 {
+			desc = stringutils.Truncate(desc, 42) + "..."
+		}
+		fmt.Fprintf(w, "%s\t%s\t%d\t", res.Name, desc, res.StarCount)
+		if res.IsOfficial {
+			fmt.Fprint(w, "[OK]")
+
+		}
+		fmt.Fprint(w, "\t")
+		if res.IsAutomated {
+			fmt.Fprint(w, "[OK]")
+		}
+		fmt.Fprint(w, "\n")
+	}
+	w.Flush()
+	return nil
+}
+
+// SearchResultsByStars sorts search results in descending order by number of stars.
+type searchResultsByStars []registrytypes.SearchResult
+
+func (r searchResultsByStars) Len() int           { return len(r) }
+func (r searchResultsByStars) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
+func (r searchResultsByStars) Less(i, j int) bool { return r[j].StarCount < r[i].StarCount }
--- a/api/client/image/tag.go
+++ b/api/client/image/tag.go
@@ -0,0 +1,41 @@
+package image
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type tagOptions struct {
+	image string
+	name  string
+}
+
+// NewTagCommand create a new `docker tag` command
+func NewTagCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts tagOptions
+
+	cmd := &cobra.Command{
+		Use:   "tag IMAGE[:TAG] IMAGE[:TAG]",
+		Short: "Tag an image into a repository",
+		Args:  cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.image = args[0]
+			opts.name = args[1]
+			return runTag(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.SetInterspersed(false)
+
+	return cmd
+}
+
+func runTag(dockerCli *client.DockerCli, opts tagOptions) error {
+	ctx := context.Background()
+
+	return dockerCli.Client().ImageTag(ctx, opts.image, opts.name)
+}
--- a/api/client/images.go
+++ b/api/client/images.go
@@ -1,81 +0,0 @@
-package client
-
-import (
-	"golang.org/x/net/context"
-
-	"github.com/docker/docker/api/client/formatter"
-	Cli "github.com/docker/docker/cli"
-	"github.com/docker/docker/opts"
-	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/engine-api/types"
-	"github.com/docker/engine-api/types/filters"
-)
-
-// CmdImages lists the images in a specified repository, or all top-level images if no repository is specified.
-//
-// Usage: docker images [OPTIONS] [REPOSITORY]
-func (cli *DockerCli) CmdImages(args ...string) error {
-	cmd := Cli.Subcmd("images", []string{"[REPOSITORY[:TAG]]"}, Cli.DockerCommands["images"].Description, true)
-	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Only show numeric IDs")
-	all := cmd.Bool([]string{"a", "-all"}, false, "Show all images (default hides intermediate images)")
-	noTrunc := cmd.Bool([]string{"-no-trunc"}, false, "Don't truncate output")
-	showDigests := cmd.Bool([]string{"-digests"}, false, "Show digests")
-	format := cmd.String([]string{"-format"}, "", "Pretty-print images using a Go template")
-
-	flFilter := opts.NewListOpts(nil)
-	cmd.Var(&flFilter, []string{"f", "-filter"}, "Filter output based on conditions provided")
-	cmd.Require(flag.Max, 1)
-
-	cmd.ParseFlags(args, true)
-
-	// Consolidate all filter flags, and sanity check them early.
-	// They'll get process in the daemon/server.
-	imageFilterArgs := filters.NewArgs()
-	for _, f := range flFilter.GetAll() {
-		var err error
-		imageFilterArgs, err = filters.ParseFlag(f, imageFilterArgs)
-		if err != nil {
-			return err
-		}
-	}
-
-	var matchName string
-	if cmd.NArg() == 1 {
-		matchName = cmd.Arg(0)
-	}
-
-	options := types.ImageListOptions{
-		MatchName: matchName,
-		All:       *all,
-		Filters:   imageFilterArgs,
-	}
-
-	images, err := cli.client.ImageList(context.Background(), options)
-	if err != nil {
-		return err
-	}
-
-	f := *format
-	if len(f) == 0 {
-		if len(cli.ImagesFormat()) > 0 && !*quiet {
-			f = cli.ImagesFormat()
-		} else {
-			f = "table"
-		}
-	}
-
-	imagesCtx := formatter.ImageContext{
-		Context: formatter.Context{
-			Output: cli.out,
-			Format: f,
-			Quiet:  *quiet,
-			Trunc:  !*noTrunc,
-		},
-		Digest: *showDigests,
-		Images: images,
-	}
-
-	imagesCtx.Write()
-
-	return nil
-}
--- a/api/client/import.go
+++ b/api/client/import.go
@@ -1,82 +0,0 @@
-package client
-
-import (
-	"fmt"
-	"io"
-	"os"
-
-	"golang.org/x/net/context"
-
-	Cli "github.com/docker/docker/cli"
-	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/jsonmessage"
-	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/pkg/urlutil"
-	"github.com/docker/docker/reference"
-	"github.com/docker/engine-api/types"
-)
-
-// CmdImport creates an empty filesystem image, imports the contents of the tarball into the image, and optionally tags the image.
-//
-// The URL argument is the address of a tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) file or a path to local file relative to docker client. If the URL is '-', then the tar file is read from STDIN.
-//
-// Usage: docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
-func (cli *DockerCli) CmdImport(args ...string) error {
-	cmd := Cli.Subcmd("import", []string{"file|URL|- [REPOSITORY[:TAG]]"}, Cli.DockerCommands["import"].Description, true)
-	flChanges := opts.NewListOpts(nil)
-	cmd.Var(&flChanges, []string{"c", "-change"}, "Apply Dockerfile instruction to the created image")
-	message := cmd.String([]string{"m", "-message"}, "", "Set commit message for imported image")
-	cmd.Require(flag.Min, 1)
-
-	cmd.ParseFlags(args, true)
-
-	var (
-		in         io.Reader
-		tag        string
-		src        = cmd.Arg(0)
-		srcName    = src
-		repository = cmd.Arg(1)
-		changes    = flChanges.GetAll()
-	)
-
-	if cmd.NArg() == 3 {
-		fmt.Fprintf(cli.err, "[DEPRECATED] The format 'file|URL|- [REPOSITORY [TAG]]' has been deprecated. Please use file|URL|- [REPOSITORY[:TAG]]\n")
-		tag = cmd.Arg(2)
-	}
-
-	if repository != "" {
-		//Check if the given image name can be resolved
-		if _, err := reference.ParseNamed(repository); err != nil {
-			return err
-		}
-	}
-
-	if src == "-" {
-		in = cli.in
-	} else if !urlutil.IsURL(src) {
-		srcName = "-"
-		file, err := os.Open(src)
-		if err != nil {
-			return err
-		}
-		defer file.Close()
-		in = file
-	}
-
-	options := types.ImageImportOptions{
-		Source:         in,
-		SourceName:     srcName,
-		RepositoryName: repository,
-		Message:        *message,
-		Tag:            tag,
-		Changes:        changes,
-	}
-
-	responseBody, err := cli.client.ImageImport(context.Background(), options)
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	return jsonmessage.DisplayJSONMessagesStream(responseBody, cli.out, cli.outFd, cli.isTerminalOut, nil)
-}
--- a/api/client/info.go
+++ b/api/client/info.go
@@ -3,6 +3,7 @@ package client
 import (
 	"fmt"
 	"strings"
+	"time"

 	"golang.org/x/net/context"

@@ -10,6 +11,7 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 	flag "github.com/docker/docker/pkg/mflag"
 	"github.com/docker/docker/utils"
+	"github.com/docker/engine-api/types/swarm"
 	"github.com/docker/go-units"
 )

@@ -22,7 +24,8 @@ func (cli *DockerCli) CmdInfo(args ...string) error {

 	cmd.ParseFlags(args, true)

-	info, err := cli.client.Info(context.Background())
+	ctx := context.Background()
+	info, err := cli.client.Info(ctx)
 	if err != nil {
 		return err
 	}
@@ -40,7 +43,7 @@ func (cli *DockerCli) CmdInfo(args ...string) error {

 			// print a warning if devicemapper is using a loopback file
 			if pair[0] == "Data loop file" {
-				fmt.Fprintln(cli.err, " WARNING: Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.")
+				fmt.Fprintln(cli.err, " WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.")
 			}
 		}

@@ -50,11 +53,10 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 			fmt.Fprintf(cli.out, "%s: %s\n", pair[0], pair[1])
 		}
 	}
-	ioutils.FprintfIfNotEmpty(cli.out, "Execution Driver: %s\n", info.ExecutionDriver)
 	ioutils.FprintfIfNotEmpty(cli.out, "Logging Driver: %s\n", info.LoggingDriver)
 	ioutils.FprintfIfNotEmpty(cli.out, "Cgroup Driver: %s\n", info.CgroupDriver)

-	fmt.Fprintf(cli.out, "Plugins: \n")
+	fmt.Fprintf(cli.out, "Plugins:\n")
 	fmt.Fprintf(cli.out, " Volume:")
 	fmt.Fprintf(cli.out, " %s", strings.Join(info.Plugins.Volume, " "))
 	fmt.Fprintf(cli.out, "\n")
@@ -68,6 +70,50 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 		fmt.Fprintf(cli.out, "\n")
 	}

+	fmt.Fprintf(cli.out, "Swarm: %v\n", info.Swarm.LocalNodeState)
+	if info.Swarm.LocalNodeState != swarm.LocalNodeStateInactive {
+		fmt.Fprintf(cli.out, " NodeID: %s\n", info.Swarm.NodeID)
+		if info.Swarm.Error != "" {
+			fmt.Fprintf(cli.out, " Error: %v\n", info.Swarm.Error)
+		}
+		fmt.Fprintf(cli.out, " Is Manager: %v\n", info.Swarm.ControlAvailable)
+		if info.Swarm.ControlAvailable {
+			fmt.Fprintf(cli.out, " ClusterID: %s\n", info.Swarm.Cluster.ID)
+			fmt.Fprintf(cli.out, " Managers: %d\n", info.Swarm.Managers)
+			fmt.Fprintf(cli.out, " Nodes: %d\n", info.Swarm.Nodes)
+			fmt.Fprintf(cli.out, " Orchestration:\n")
+			fmt.Fprintf(cli.out, "  Task History Retention Limit: %d\n", info.Swarm.Cluster.Spec.Orchestration.TaskHistoryRetentionLimit)
+			fmt.Fprintf(cli.out, " Raft:\n")
+			fmt.Fprintf(cli.out, "  Snapshot Interval: %d\n", info.Swarm.Cluster.Spec.Raft.SnapshotInterval)
+			fmt.Fprintf(cli.out, "  Heartbeat Tick: %d\n", info.Swarm.Cluster.Spec.Raft.HeartbeatTick)
+			fmt.Fprintf(cli.out, "  Election Tick: %d\n", info.Swarm.Cluster.Spec.Raft.ElectionTick)
+			fmt.Fprintf(cli.out, " Dispatcher:\n")
+			fmt.Fprintf(cli.out, "  Heartbeat Period: %s\n", units.HumanDuration(time.Duration(info.Swarm.Cluster.Spec.Dispatcher.HeartbeatPeriod)))
+			fmt.Fprintf(cli.out, " CA Configuration:\n")
+			fmt.Fprintf(cli.out, "  Expiry Duration: %s\n", units.HumanDuration(info.Swarm.Cluster.Spec.CAConfig.NodeCertExpiry))
+			if len(info.Swarm.Cluster.Spec.CAConfig.ExternalCAs) > 0 {
+				fmt.Fprintf(cli.out, "  External CAs:\n")
+				for _, entry := range info.Swarm.Cluster.Spec.CAConfig.ExternalCAs {
+					fmt.Fprintf(cli.out, "    %s: %s\n", entry.Protocol, entry.URL)
+				}
+			}
+		}
+		fmt.Fprintf(cli.out, " Node Address: %s\n", info.Swarm.NodeAddr)
+	}
+
+	if len(info.Runtimes) > 0 {
+		fmt.Fprintf(cli.out, "Runtimes:")
+		for name := range info.Runtimes {
+			fmt.Fprintf(cli.out, " %s", name)
+		}
+		fmt.Fprint(cli.out, "\n")
+		fmt.Fprintf(cli.out, "Default Runtime: %s\n", info.DefaultRuntime)
+	}
+
+	fmt.Fprintf(cli.out, "Security Options:")
+	ioutils.FprintfIfNotEmpty(cli.out, " %s", strings.Join(info.SecurityOptions, " "))
+	fmt.Fprintf(cli.out, "\n")
+
 	ioutils.FprintfIfNotEmpty(cli.out, "Kernel Version: %s\n", info.KernelVersion)
 	ioutils.FprintfIfNotEmpty(cli.out, "Operating System: %s\n", info.OperatingSystem)
 	ioutils.FprintfIfNotEmpty(cli.out, "OSType: %s\n", info.OSType)
@@ -77,8 +123,8 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 	ioutils.FprintfIfNotEmpty(cli.out, "Name: %s\n", info.Name)
 	ioutils.FprintfIfNotEmpty(cli.out, "ID: %s\n", info.ID)
 	fmt.Fprintf(cli.out, "Docker Root Dir: %s\n", info.DockerRootDir)
-	fmt.Fprintf(cli.out, "Debug mode (client): %v\n", utils.IsDebugEnabled())
-	fmt.Fprintf(cli.out, "Debug mode (server): %v\n", info.Debug)
+	fmt.Fprintf(cli.out, "Debug Mode (client): %v\n", utils.IsDebugEnabled())
+	fmt.Fprintf(cli.out, "Debug Mode (server): %v\n", info.Debug)

 	if info.Debug {
 		fmt.Fprintf(cli.out, " File Descriptors: %d\n", info.NFd)
@@ -145,11 +191,25 @@ func (cli *DockerCli) CmdInfo(args ...string) error {

 	ioutils.FprintfIfTrue(cli.out, "Experimental: %v\n", info.ExperimentalBuild)
 	if info.ClusterStore != "" {
-		fmt.Fprintf(cli.out, "Cluster store: %s\n", info.ClusterStore)
+		fmt.Fprintf(cli.out, "Cluster Store: %s\n", info.ClusterStore)
 	}

 	if info.ClusterAdvertise != "" {
-		fmt.Fprintf(cli.out, "Cluster advertise: %s\n", info.ClusterAdvertise)
+		fmt.Fprintf(cli.out, "Cluster Advertise: %s\n", info.ClusterAdvertise)
+	}
+
+	if info.RegistryConfig != nil && (len(info.RegistryConfig.InsecureRegistryCIDRs) > 0 || len(info.RegistryConfig.IndexConfigs) > 0) {
+		fmt.Fprintln(cli.out, "Insecure Registries:")
+		for _, registry := range info.RegistryConfig.IndexConfigs {
+			if registry.Secure == false {
+				fmt.Fprintf(cli.out, " %s\n", registry.Name)
+			}
+		}
+
+		for _, registry := range info.RegistryConfig.InsecureRegistryCIDRs {
+			mask, _ := registry.Mask.Size()
+			fmt.Fprintf(cli.out, " %s/%d\n", registry.IP.String(), mask)
+		}
 	}
 	return nil
 }
--- a/api/client/inspect.go
+++ b/api/client/inspect.go
@@ -8,120 +8,88 @@ import (
 	"github.com/docker/docker/api/client/inspect"
 	Cli "github.com/docker/docker/cli"
 	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/utils/templates"
 	"github.com/docker/engine-api/client"
 )

-// CmdInspect displays low-level information on one or more containers or images.
+// CmdInspect displays low-level information on one or more containers, images or tasks.
 //
-// Usage: docker inspect [OPTIONS] CONTAINER|IMAGE [CONTAINER|IMAGE...]
+// Usage: docker inspect [OPTIONS] CONTAINER|IMAGE|TASK [CONTAINER|IMAGE|TASK...]
 func (cli *DockerCli) CmdInspect(args ...string) error {
-	cmd := Cli.Subcmd("inspect", []string{"CONTAINER|IMAGE [CONTAINER|IMAGE...]"}, Cli.DockerCommands["inspect"].Description, true)
+	cmd := Cli.Subcmd("inspect", []string{"[OPTIONS] CONTAINER|IMAGE|TASK [CONTAINER|IMAGE|TASK...]"}, Cli.DockerCommands["inspect"].Description, true)
 	tmplStr := cmd.String([]string{"f", "-format"}, "", "Format the output using the given go template")
-	inspectType := cmd.String([]string{"-type"}, "", "Return JSON for specified type, (e.g image or container)")
+	inspectType := cmd.String([]string{"-type"}, "", "Return JSON for specified type, (e.g image, container or task)")
 	size := cmd.Bool([]string{"s", "-size"}, false, "Display total file sizes if the type is container")
 	cmd.Require(flag.Min, 1)

 	cmd.ParseFlags(args, true)

-	if *inspectType != "" && *inspectType != "container" && *inspectType != "image" {
+	if *inspectType != "" && *inspectType != "container" && *inspectType != "image" && *inspectType != "task" {
 		return fmt.Errorf("%q is not a valid value for --type", *inspectType)
 	}

-	var elementSearcher inspectSearcher
+	ctx := context.Background()
+
+	var elementSearcher inspect.GetRefFunc
 	switch *inspectType {
 	case "container":
-		elementSearcher = cli.inspectContainers(*size)
+		elementSearcher = cli.inspectContainers(ctx, *size)
 	case "image":
-		elementSearcher = cli.inspectImages(*size)
+		elementSearcher = cli.inspectImages(ctx, *size)
+	case "task":
+		if *size {
+			fmt.Fprintln(cli.err, "WARNING: --size ignored for tasks")
+		}
+		elementSearcher = cli.inspectTasks(ctx)
 	default:
-		elementSearcher = cli.inspectAll(*size)
+		elementSearcher = cli.inspectAll(ctx, *size)
 	}

-	return cli.inspectElements(*tmplStr, cmd.Args(), elementSearcher)
+	return inspect.Inspect(cli.out, cmd.Args(), *tmplStr, elementSearcher)
 }

-func (cli *DockerCli) inspectContainers(getSize bool) inspectSearcher {
+func (cli *DockerCli) inspectContainers(ctx context.Context, getSize bool) inspect.GetRefFunc {
 	return func(ref string) (interface{}, []byte, error) {
-		return cli.client.ContainerInspectWithRaw(context.Background(), ref, getSize)
+		return cli.client.ContainerInspectWithRaw(ctx, ref, getSize)
 	}
 }

-func (cli *DockerCli) inspectImages(getSize bool) inspectSearcher {
+func (cli *DockerCli) inspectImages(ctx context.Context, getSize bool) inspect.GetRefFunc {
 	return func(ref string) (interface{}, []byte, error) {
-		return cli.client.ImageInspectWithRaw(context.Background(), ref, getSize)
+		return cli.client.ImageInspectWithRaw(ctx, ref, getSize)
 	}
 }

-func (cli *DockerCli) inspectAll(getSize bool) inspectSearcher {
+func (cli *DockerCli) inspectTasks(ctx context.Context) inspect.GetRefFunc {
 	return func(ref string) (interface{}, []byte, error) {
-		c, rawContainer, err := cli.client.ContainerInspectWithRaw(context.Background(), ref, getSize)
+		return cli.client.TaskInspectWithRaw(ctx, ref)
+	}
+}
+
+func (cli *DockerCli) inspectAll(ctx context.Context, getSize bool) inspect.GetRefFunc {
+	return func(ref string) (interface{}, []byte, error) {
+		c, rawContainer, err := cli.client.ContainerInspectWithRaw(ctx, ref, getSize)
 		if err != nil {
 			// Search for image with that id if a container doesn't exist.
 			if client.IsErrContainerNotFound(err) {
-				i, rawImage, err := cli.client.ImageInspectWithRaw(context.Background(), ref, getSize)
+				i, rawImage, err := cli.client.ImageInspectWithRaw(ctx, ref, getSize)
 				if err != nil {
 					if client.IsErrImageNotFound(err) {
-						return nil, nil, fmt.Errorf("Error: No such image or container: %s", ref)
+						// Search for task with that id if an image doesn't exists.
+						t, rawTask, err := cli.client.TaskInspectWithRaw(ctx, ref)
+						if err != nil {
+							return nil, nil, fmt.Errorf("Error: No such image, container or task: %s", ref)
+						}
+						if getSize {
+							fmt.Fprintln(cli.err, "WARNING: --size ignored for tasks")
+						}
+						return t, rawTask, nil
 					}
 					return nil, nil, err
 				}
-				return i, rawImage, err
+				return i, rawImage, nil
 			}
 			return nil, nil, err
 		}
-		return c, rawContainer, err
+		return c, rawContainer, nil
 	}
 }
-
-type inspectSearcher func(ref string) (interface{}, []byte, error)
-
-func (cli *DockerCli) inspectElements(tmplStr string, references []string, searchByReference inspectSearcher) error {
-	elementInspector, err := cli.newInspectorWithTemplate(tmplStr)
-	if err != nil {
-		return Cli.StatusError{StatusCode: 64, Status: err.Error()}
-	}
-
-	var inspectErr error
-	for _, ref := range references {
-		element, raw, err := searchByReference(ref)
-		if err != nil {
-			inspectErr = err
-			break
-		}
-
-		if err := elementInspector.Inspect(element, raw); err != nil {
-			inspectErr = err
-			break
-		}
-	}
-
-	if err := elementInspector.Flush(); err != nil {
-		cli.inspectErrorStatus(err)
-	}
-
-	if status := cli.inspectErrorStatus(inspectErr); status != 0 {
-		return Cli.StatusError{StatusCode: status}
-	}
-	return nil
-}
-
-func (cli *DockerCli) inspectErrorStatus(err error) (status int) {
-	if err != nil {
-		fmt.Fprintf(cli.err, "%s\n", err)
-		status = 1
-	}
-	return
-}
-
-func (cli *DockerCli) newInspectorWithTemplate(tmplStr string) (inspect.Inspector, error) {
-	elementInspector := inspect.NewIndentedInspector(cli.out)
-	if tmplStr != "" {
-		tmpl, err := templates.Parse(tmplStr)
-		if err != nil {
-			return nil, fmt.Errorf("Template parsing error: %s", err)
-		}
-		elementInspector = inspect.NewTemplateInspector(cli.out, tmpl)
-	}
-	return elementInspector, nil
-}
--- a/api/client/inspect/inspector.go
+++ b/api/client/inspect/inspector.go
@@ -6,6 +6,10 @@ import (
 	"fmt"
 	"io"
 	"text/template"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/utils/templates"
 )

 // Inspector defines an interface to implement to process elements
@@ -30,6 +34,56 @@ func NewTemplateInspector(outputStream io.Writer, tmpl *template.Template) Inspe
 	}
 }

+// NewTemplateInspectorFromString creates a new TemplateInspector from a string
+// which is compiled into a template.
+func NewTemplateInspectorFromString(out io.Writer, tmplStr string) (Inspector, error) {
+	if tmplStr == "" {
+		return NewIndentedInspector(out), nil
+	}
+
+	tmpl, err := templates.Parse(tmplStr)
+	if err != nil {
+		return nil, fmt.Errorf("Template parsing error: %s", err)
+	}
+	return NewTemplateInspector(out, tmpl), nil
+}
+
+// GetRefFunc is a function which used by Inspect to fetch an object from a
+// reference
+type GetRefFunc func(ref string) (interface{}, []byte, error)
+
+// Inspect fetches objects by reference using GetRefFunc and writes the json
+// representation to the output writer.
+func Inspect(out io.Writer, references []string, tmplStr string, getRef GetRefFunc) error {
+	inspector, err := NewTemplateInspectorFromString(out, tmplStr)
+	if err != nil {
+		return cli.StatusError{StatusCode: 64, Status: err.Error()}
+	}
+
+	var inspectErr error
+	for _, ref := range references {
+		element, raw, err := getRef(ref)
+		if err != nil {
+			inspectErr = err
+			break
+		}
+
+		if err := inspector.Inspect(element, raw); err != nil {
+			inspectErr = err
+			break
+		}
+	}
+
+	if err := inspector.Flush(); err != nil {
+		logrus.Errorf("%s\n", err)
+	}
+
+	if inspectErr != nil {
+		return cli.StatusError{StatusCode: 1, Status: inspectErr.Error()}
+	}
+	return nil
+}
+
 // Inspect executes the inspect template.
 // It decodes the raw element into a map if the initial execution fails.
 // This allows docker cli to parse inspect structs injected with Swarm fields.
@@ -39,13 +93,35 @@ func (i *TemplateInspector) Inspect(typedElement interface{}, rawElement []byte)
 		if rawElement == nil {
 			return fmt.Errorf("Template parsing error: %v", err)
 		}
-		return i.tryRawInspectFallback(rawElement, err)
+		return i.tryRawInspectFallback(rawElement)
 	}
 	i.buffer.Write(buffer.Bytes())
 	i.buffer.WriteByte('\n')
 	return nil
 }

+// tryRawInspectFallback executes the inspect template with a raw interface.
+// This allows docker cli to parse inspect structs injected with Swarm fields.
+func (i *TemplateInspector) tryRawInspectFallback(rawElement []byte) error {
+	var raw interface{}
+	buffer := new(bytes.Buffer)
+	rdr := bytes.NewReader(rawElement)
+	dec := json.NewDecoder(rdr)
+
+	if rawErr := dec.Decode(&raw); rawErr != nil {
+		return fmt.Errorf("unable to read inspect data: %v", rawErr)
+	}
+
+	tmplMissingKey := i.tmpl.Option("missingkey=error")
+	if rawErr := tmplMissingKey.Execute(buffer, raw); rawErr != nil {
+		return fmt.Errorf("Template parsing error: %v", rawErr)
+	}
+
+	i.buffer.Write(buffer.Bytes())
+	i.buffer.WriteByte('\n')
+	return nil
+}
+
 // Flush write the result of inspecting all elements into the output stream.
 func (i *TemplateInspector) Flush() error {
 	if i.buffer.Len() == 0 {
--- a/api/client/inspect/inspector_go14.go
+++ b/api/client/inspect/inspector_go14.go
@@ -1,40 +0,0 @@
-// +build !go1.5
-
-package inspect
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"strings"
-)
-
-// tryeRawInspectFallback executes the inspect template with a raw interface.
-// This allows docker cli to parse inspect structs injected with Swarm fields.
-// Unfortunately, go 1.4 doesn't fail executing invalid templates when the input is an interface.
-// It doesn't allow to modify this behavior either, sending <no value> messages to the output.
-// We assume that the template is invalid when there is a <no value>, if the template was valid
-// we'd get <nil> or "" values. In that case we fail with the original error raised executing the
-// template with the typed input.
-func (i *TemplateInspector) tryRawInspectFallback(rawElement []byte, originalErr error) error {
-	var raw interface{}
-	buffer := new(bytes.Buffer)
-	rdr := bytes.NewReader(rawElement)
-	dec := json.NewDecoder(rdr)
-
-	if rawErr := dec.Decode(&raw); rawErr != nil {
-		return fmt.Errorf("unable to read inspect data: %v", rawErr)
-	}
-
-	if rawErr := i.tmpl.Execute(buffer, raw); rawErr != nil {
-		return fmt.Errorf("Template parsing error: %v", rawErr)
-	}
-
-	if strings.Contains(buffer.String(), "<no value>") {
-		return fmt.Errorf("Template parsing error: %v", originalErr)
-	}
-
-	i.buffer.Write(buffer.Bytes())
-	i.buffer.WriteByte('\n')
-	return nil
-}
--- a/api/client/inspect/inspector_go15.go
+++ b/api/client/inspect/inspector_go15.go
@@ -1,29 +0,0 @@
-// +build go1.5
-
-package inspect
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-)
-
-func (i *TemplateInspector) tryRawInspectFallback(rawElement []byte, _ error) error {
-	var raw interface{}
-	buffer := new(bytes.Buffer)
-	rdr := bytes.NewReader(rawElement)
-	dec := json.NewDecoder(rdr)
-
-	if rawErr := dec.Decode(&raw); rawErr != nil {
-		return fmt.Errorf("unable to read inspect data: %v", rawErr)
-	}
-
-	tmplMissingKey := i.tmpl.Option("missingkey=error")
-	if rawErr := tmplMissingKey.Execute(buffer, raw); rawErr != nil {
-		return fmt.Errorf("Template parsing error: %v", rawErr)
-	}
-
-	i.buffer.Write(buffer.Bytes())
-	i.buffer.WriteByte('\n')
-	return nil
-}
--- a/api/client/kill.go
+++ b/api/client/kill.go
@@ -1,35 +0,0 @@
-package client
-
-import (
-	"fmt"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	Cli "github.com/docker/docker/cli"
-	flag "github.com/docker/docker/pkg/mflag"
-)
-
-// CmdKill kills one or more running container using SIGKILL or a specified signal.
-//
-// Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...]
-func (cli *DockerCli) CmdKill(args ...string) error {
-	cmd := Cli.Subcmd("kill", []string{"CONTAINER [CONTAINER...]"}, Cli.DockerCommands["kill"].Description, true)
-	signal := cmd.String([]string{"s", "-signal"}, "KILL", "Signal to send to the container")
-	cmd.Require(flag.Min, 1)
-
-	cmd.ParseFlags(args, true)
-
-	var errs []string
-	for _, name := range cmd.Args() {
-		if err := cli.client.ContainerKill(context.Background(), name, *signal); err != nil {
-			errs = append(errs, err.Error())
-		} else {
-			fmt.Fprintf(cli.out, "%s\n", name)
-		}
-	}
-	if len(errs) > 0 {
-		return fmt.Errorf("%s", strings.Join(errs, "\n"))
-	}
-	return nil
-}
--- a/api/client/load.go
+++ b/api/client/load.go
@@ -1,50 +0,0 @@
-package client
-
-import (
-	"io"
-	"os"
-
-	"golang.org/x/net/context"
-
-	Cli "github.com/docker/docker/cli"
-	"github.com/docker/docker/pkg/jsonmessage"
-	flag "github.com/docker/docker/pkg/mflag"
-)
-
-// CmdLoad loads an image from a tar archive.
-//
-// The tar archive is read from STDIN by default, or from a tar archive file.
-//
-// Usage: docker load [OPTIONS]
-func (cli *DockerCli) CmdLoad(args ...string) error {
-	cmd := Cli.Subcmd("load", nil, Cli.DockerCommands["load"].Description, true)
-	infile := cmd.String([]string{"i", "-input"}, "", "Read from a tar archive file, instead of STDIN")
-	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Suppress the load output")
-	cmd.Require(flag.Exact, 0)
-	cmd.ParseFlags(args, true)
-
-	var input io.Reader = cli.in
-	if *infile != "" {
-		file, err := os.Open(*infile)
-		if err != nil {
-			return err
-		}
-		defer file.Close()
-		input = file
-	}
-	if !cli.isTerminalOut {
-		*quiet = true
-	}
-	response, err := cli.client.ImageLoad(context.Background(), input, *quiet)
-	if err != nil {
-		return err
-	}
-	defer response.Body.Close()
-
-	if response.JSON {
-		return jsonmessage.DisplayJSONMessagesStream(response.Body, cli.out, cli.outFd, cli.isTerminalOut, nil)
-	}
-
-	_, err = io.Copy(cli.out, response.Body)
-	return err
-}
--- a/api/client/login.go
+++ b/api/client/login.go
@@ -1,177 +0,0 @@
-package client
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"os"
-	"runtime"
-	"strings"
-
-	"golang.org/x/net/context"
-
-	Cli "github.com/docker/docker/cli"
-	"github.com/docker/docker/cliconfig"
-	"github.com/docker/docker/cliconfig/credentials"
-	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/pkg/term"
-	"github.com/docker/engine-api/types"
-)
-
-// CmdLogin logs in a user to a Docker registry service.
-//
-// If no server is specified, the user will be logged into or registered to the registry's index server.
-//
-// Usage: docker login SERVER
-func (cli *DockerCli) CmdLogin(args ...string) error {
-	cmd := Cli.Subcmd("login", []string{"[SERVER]"}, Cli.DockerCommands["login"].Description+".\nIf no server is specified, the default is defined by the daemon.", true)
-	cmd.Require(flag.Max, 1)
-
-	flUser := cmd.String([]string{"u", "-username"}, "", "Username")
-	flPassword := cmd.String([]string{"p", "-password"}, "", "Password")
-
-	// Deprecated in 1.11: Should be removed in docker 1.13
-	cmd.String([]string{"#e", "#-email"}, "", "Email")
-
-	cmd.ParseFlags(args, true)
-
-	// On Windows, force the use of the regular OS stdin stream. Fixes #14336/#14210
-	if runtime.GOOS == "windows" {
-		cli.in = os.Stdin
-	}
-
-	var serverAddress string
-	var isDefaultRegistry bool
-	if len(cmd.Args()) > 0 {
-		serverAddress = cmd.Arg(0)
-	} else {
-		serverAddress = cli.electAuthServer()
-		isDefaultRegistry = true
-	}
-
-	authConfig, err := cli.configureAuth(*flUser, *flPassword, serverAddress, isDefaultRegistry)
-	if err != nil {
-		return err
-	}
-
-	response, err := cli.client.RegistryLogin(context.Background(), authConfig)
-	if err != nil {
-		return err
-	}
-
-	if response.IdentityToken != "" {
-		authConfig.Password = ""
-		authConfig.IdentityToken = response.IdentityToken
-	}
-	if err := storeCredentials(cli.configFile, authConfig); err != nil {
-		return fmt.Errorf("Error saving credentials: %v", err)
-	}
-
-	if response.Status != "" {
-		fmt.Fprintln(cli.out, response.Status)
-	}
-	return nil
-}
-
-func (cli *DockerCli) promptWithDefault(prompt string, configDefault string) {
-	if configDefault == "" {
-		fmt.Fprintf(cli.out, "%s: ", prompt)
-	} else {
-		fmt.Fprintf(cli.out, "%s (%s): ", prompt, configDefault)
-	}
-}
-
-func (cli *DockerCli) configureAuth(flUser, flPassword, serverAddress string, isDefaultRegistry bool) (types.AuthConfig, error) {
-	authconfig, err := getCredentials(cli.configFile, serverAddress)
-	if err != nil {
-		return authconfig, err
-	}
-
-	authconfig.Username = strings.TrimSpace(authconfig.Username)
-
-	if flUser = strings.TrimSpace(flUser); flUser == "" {
-		if isDefaultRegistry {
-			// if this is a defauly registry (docker hub), then display the following message.
-			fmt.Fprintln(cli.out, "Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.")
-		}
-		cli.promptWithDefault("Username", authconfig.Username)
-		flUser = readInput(cli.in, cli.out)
-		flUser = strings.TrimSpace(flUser)
-		if flUser == "" {
-			flUser = authconfig.Username
-		}
-	}
-
-	if flUser == "" {
-		return authconfig, fmt.Errorf("Error: Non-null Username Required")
-	}
-
-	if flPassword == "" {
-		oldState, err := term.SaveState(cli.inFd)
-		if err != nil {
-			return authconfig, err
-		}
-		fmt.Fprintf(cli.out, "Password: ")
-		term.DisableEcho(cli.inFd, oldState)
-
-		flPassword = readInput(cli.in, cli.out)
-		fmt.Fprint(cli.out, "\n")
-
-		term.RestoreTerminal(cli.inFd, oldState)
-		if flPassword == "" {
-			return authconfig, fmt.Errorf("Error: Password Required")
-		}
-	}
-
-	authconfig.Username = flUser
-	authconfig.Password = flPassword
-	authconfig.ServerAddress = serverAddress
-	authconfig.IdentityToken = ""
-
-	return authconfig, nil
-}
-
-func readInput(in io.Reader, out io.Writer) string {
-	reader := bufio.NewReader(in)
-	line, _, err := reader.ReadLine()
-	if err != nil {
-		fmt.Fprintln(out, err.Error())
-		os.Exit(1)
-	}
-	return string(line)
-}
-
-// getCredentials loads the user credentials from a credentials store.
-// The store is determined by the config file settings.
-func getCredentials(c *cliconfig.ConfigFile, serverAddress string) (types.AuthConfig, error) {
-	s := loadCredentialsStore(c)
-	return s.Get(serverAddress)
-}
-
-func getAllCredentials(c *cliconfig.ConfigFile) (map[string]types.AuthConfig, error) {
-	s := loadCredentialsStore(c)
-	return s.GetAll()
-}
-
-// storeCredentials saves the user credentials in a credentials store.
-// The store is determined by the config file settings.
-func storeCredentials(c *cliconfig.ConfigFile, auth types.AuthConfig) error {
-	s := loadCredentialsStore(c)
-	return s.Store(auth)
-}
-
-// eraseCredentials removes the user credentials from a credentials store.
-// The store is determined by the config file settings.
-func eraseCredentials(c *cliconfig.ConfigFile, serverAddress string) error {
-	s := loadCredentialsStore(c)
-	return s.Erase(serverAddress)
-}
-
-// loadCredentialsStore initializes a new credentials store based
-// in the settings provided in the configuration file.
-func loadCredentialsStore(c *cliconfig.ConfigFile) credentials.Store {
-	if c.CredentialsStore != "" {
-		return credentials.NewNativeStore(c)
-	}
-	return credentials.NewFileStore(c)
-}
--- a/api/client/logout.go
+++ b/api/client/logout.go
@@ -1,41 +0,0 @@
-package client
-
-import (
-	"fmt"
-
-	Cli "github.com/docker/docker/cli"
-	flag "github.com/docker/docker/pkg/mflag"
-)
-
-// CmdLogout logs a user out from a Docker registry.
-//
-// If no server is specified, the user will be logged out from the registry's index server.
-//
-// Usage: docker logout [SERVER]
-func (cli *DockerCli) CmdLogout(args ...string) error {
-	cmd := Cli.Subcmd("logout", []string{"[SERVER]"}, Cli.DockerCommands["logout"].Description+".\nIf no server is specified, the default is defined by the daemon.", true)
-	cmd.Require(flag.Max, 1)
-
-	cmd.ParseFlags(args, true)
-
-	var serverAddress string
-	if len(cmd.Args()) > 0 {
-		serverAddress = cmd.Arg(0)
-	} else {
-		serverAddress = cli.electAuthServer()
-	}
-
-	// check if we're logged in based on the records in the config file
-	// which means it couldn't have user/pass cause they may be in the creds store
-	if _, ok := cli.configFile.AuthConfigs[serverAddress]; !ok {
-		fmt.Fprintf(cli.out, "Not logged in to %s\n", serverAddress)
-		return nil
-	}
-
-	fmt.Fprintf(cli.out, "Remove login credentials for %s\n", serverAddress)
-	if err := eraseCredentials(cli.configFile, serverAddress); err != nil {
-		fmt.Fprintf(cli.out, "WARNING: could not erase credentials: %v\n", err)
-	}
-
-	return nil
-}
--- a/api/client/logs.go
+++ b/api/client/logs.go
@@ -1,65 +0,0 @@
-package client
-
-import (
-	"fmt"
-	"io"
-
-	"golang.org/x/net/context"
-
-	Cli "github.com/docker/docker/cli"
-	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/pkg/stdcopy"
-	"github.com/docker/engine-api/types"
-)
-
-var validDrivers = map[string]bool{
-	"json-file": true,
-	"journald":  true,
-}
-
-// CmdLogs fetches the logs of a given container.
-//
-// docker logs [OPTIONS] CONTAINER
-func (cli *DockerCli) CmdLogs(args ...string) error {
-	cmd := Cli.Subcmd("logs", []string{"CONTAINER"}, Cli.DockerCommands["logs"].Description, true)
-	follow := cmd.Bool([]string{"f", "-follow"}, false, "Follow log output")
-	since := cmd.String([]string{"-since"}, "", "Show logs since timestamp")
-	times := cmd.Bool([]string{"t", "-timestamps"}, false, "Show timestamps")
-	tail := cmd.String([]string{"-tail"}, "all", "Number of lines to show from the end of the logs")
-	cmd.Require(flag.Exact, 1)
-
-	cmd.ParseFlags(args, true)
-
-	name := cmd.Arg(0)
-
-	c, err := cli.client.ContainerInspect(context.Background(), name)
-	if err != nil {
-		return err
-	}
-
-	if !validDrivers[c.HostConfig.LogConfig.Type] {
-		return fmt.Errorf("\"logs\" command is supported only for \"json-file\" and \"journald\" logging drivers (got: %s)", c.HostConfig.LogConfig.Type)
-	}
-
-	options := types.ContainerLogsOptions{
-		ContainerID: name,
-		ShowStdout:  true,
-		ShowStderr:  true,
-		Since:       *since,
-		Timestamps:  *times,
-		Follow:      *follow,
-		Tail:        *tail,
-	}
-	responseBody, err := cli.client.ContainerLogs(context.Background(), options)
-	if err != nil {
-		return err
-	}
-	defer responseBody.Close()
-
-	if c.Config.Tty {
-		_, err = io.Copy(cli.out, responseBody)
-	} else {
-		_, err = stdcopy.StdCopy(cli.out, cli.err, responseBody)
-	}
-	return err
-}
--- a/api/client/network.go
+++ b/api/client/network.go
@@ -1,392 +0,0 @@
-package client
-
-import (
-	"fmt"
-	"net"
-	"sort"
-	"strings"
-	"text/tabwriter"
-
-	"golang.org/x/net/context"
-
-	Cli "github.com/docker/docker/cli"
-	"github.com/docker/docker/opts"
-	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/pkg/stringid"
-	runconfigopts "github.com/docker/docker/runconfig/opts"
-	"github.com/docker/engine-api/types"
-	"github.com/docker/engine-api/types/filters"
-	"github.com/docker/engine-api/types/network"
-)
-
-// CmdNetwork is the parent subcommand for all network commands
-//
-// Usage: docker network <COMMAND> [OPTIONS]
-func (cli *DockerCli) CmdNetwork(args ...string) error {
-	cmd := Cli.Subcmd("network", []string{"COMMAND [OPTIONS]"}, networkUsage(), false)
-	cmd.Require(flag.Min, 1)
-	err := cmd.ParseFlags(args, true)
-	cmd.Usage()
-	return err
-}
-
-// CmdNetworkCreate creates a new network with a given name
-//
-// Usage: docker network create [OPTIONS] <NETWORK-NAME>
-func (cli *DockerCli) CmdNetworkCreate(args ...string) error {
-	cmd := Cli.Subcmd("network create", []string{"NETWORK-NAME"}, "Creates a new network with a name specified by the user", false)
-	flDriver := cmd.String([]string{"d", "-driver"}, "bridge", "Driver to manage the Network")
-	flOpts := opts.NewMapOpts(nil, nil)
-
-	flIpamDriver := cmd.String([]string{"-ipam-driver"}, "default", "IP Address Management Driver")
-	flIpamSubnet := opts.NewListOpts(nil)
-	flIpamIPRange := opts.NewListOpts(nil)
-	flIpamGateway := opts.NewListOpts(nil)
-	flIpamAux := opts.NewMapOpts(nil, nil)
-	flIpamOpt := opts.NewMapOpts(nil, nil)
-	flLabels := opts.NewListOpts(nil)
-
-	cmd.Var(&flIpamSubnet, []string{"-subnet"}, "subnet in CIDR format that represents a network segment")
-	cmd.Var(&flIpamIPRange, []string{"-ip-range"}, "allocate container ip from a sub-range")
-	cmd.Var(&flIpamGateway, []string{"-gateway"}, "ipv4 or ipv6 Gateway for the master subnet")
-	cmd.Var(flIpamAux, []string{"-aux-address"}, "auxiliary ipv4 or ipv6 addresses used by Network driver")
-	cmd.Var(flOpts, []string{"o", "-opt"}, "set driver specific options")
-	cmd.Var(flIpamOpt, []string{"-ipam-opt"}, "set IPAM driver specific options")
-	cmd.Var(&flLabels, []string{"-label"}, "set metadata on a network")
-
-	flInternal := cmd.Bool([]string{"-internal"}, false, "restricts external access to the network")
-	flIPv6 := cmd.Bool([]string{"-ipv6"}, false, "enable IPv6 networking")
-
-	cmd.Require(flag.Exact, 1)
-	err := cmd.ParseFlags(args, true)
-	if err != nil {
-		return err
-	}
-
-	// Set the default driver to "" if the user didn't set the value.
-	// That way we can know whether it was user input or not.
-	driver := *flDriver
-	if !cmd.IsSet("-driver") && !cmd.IsSet("d") {
-		driver = ""
-	}
-
-	ipamCfg, err := consolidateIpam(flIpamSubnet.GetAll(), flIpamIPRange.GetAll(), flIpamGateway.GetAll(), flIpamAux.GetAll())
-	if err != nil {
-		return err
-	}
-
-	// Construct network create request body
-	nc := types.NetworkCreate{
-		Name:           cmd.Arg(0),
-		Driver:         driver,
-		IPAM:           network.IPAM{Driver: *flIpamDriver, Config: ipamCfg, Options: flIpamOpt.GetAll()},
-		Options:        flOpts.GetAll(),
-		CheckDuplicate: true,
-		Internal:       *flInternal,
-		EnableIPv6:     *flIPv6,
-		Labels:         runconfigopts.ConvertKVStringsToMap(flLabels.GetAll()),
-	}
-
-	resp, err := cli.client.NetworkCreate(context.Background(), nc)
-	if err != nil {
-		return err
-	}
-	fmt.Fprintf(cli.out, "%s\n", resp.ID)
-	return nil
-}
-
-// CmdNetworkRm deletes one or more networks
-//
-// Usage: docker network rm NETWORK-NAME|NETWORK-ID [NETWORK-NAME|NETWORK-ID...]
-func (cli *DockerCli) CmdNetworkRm(args ...string) error {
-	cmd := Cli.Subcmd("network rm", []string{"NETWORK [NETWORK...]"}, "Deletes one or more networks", false)
-	cmd.Require(flag.Min, 1)
-	if err := cmd.ParseFlags(args, true); err != nil {
-		return err
-	}
-
-	status := 0
-	for _, net := range cmd.Args() {
-		if err := cli.client.NetworkRemove(context.Background(), net); err != nil {
-			fmt.Fprintf(cli.err, "%s\n", err)
-			status = 1
-			continue
-		}
-	}
-	if status != 0 {
-		return Cli.StatusError{StatusCode: status}
-	}
-	return nil
-}
-
-// CmdNetworkConnect connects a container to a network
-//
-// Usage: docker network connect [OPTIONS] <NETWORK> <CONTAINER>
-func (cli *DockerCli) CmdNetworkConnect(args ...string) error {
-	cmd := Cli.Subcmd("network connect", []string{"NETWORK CONTAINER"}, "Connects a container to a network", false)
-	flIPAddress := cmd.String([]string{"-ip"}, "", "IP Address")
-	flIPv6Address := cmd.String([]string{"-ip6"}, "", "IPv6 Address")
-	flLinks := opts.NewListOpts(runconfigopts.ValidateLink)
-	cmd.Var(&flLinks, []string{"-link"}, "Add link to another container")
-	flAliases := opts.NewListOpts(nil)
-	cmd.Var(&flAliases, []string{"-alias"}, "Add network-scoped alias for the container")
-	cmd.Require(flag.Min, 2)
-	if err := cmd.ParseFlags(args, true); err != nil {
-		return err
-	}
-	epConfig := &network.EndpointSettings{
-		IPAMConfig: &network.EndpointIPAMConfig{
-			IPv4Address: *flIPAddress,
-			IPv6Address: *flIPv6Address,
-		},
-		Links:   flLinks.GetAll(),
-		Aliases: flAliases.GetAll(),
-	}
-	return cli.client.NetworkConnect(context.Background(), cmd.Arg(0), cmd.Arg(1), epConfig)
-}
-
-// CmdNetworkDisconnect disconnects a container from a network
-//
-// Usage: docker network disconnect <NETWORK> <CONTAINER>
-func (cli *DockerCli) CmdNetworkDisconnect(args ...string) error {
-	cmd := Cli.Subcmd("network disconnect", []string{"NETWORK CONTAINER"}, "Disconnects container from a network", false)
-	force := cmd.Bool([]string{"f", "-force"}, false, "Force the container to disconnect from a network")
-	cmd.Require(flag.Exact, 2)
-	if err := cmd.ParseFlags(args, true); err != nil {
-		return err
-	}
-
-	return cli.client.NetworkDisconnect(context.Background(), cmd.Arg(0), cmd.Arg(1), *force)
-}
-
-// CmdNetworkLs lists all the networks managed by docker daemon
-//
-// Usage: docker network ls [OPTIONS]
-func (cli *DockerCli) CmdNetworkLs(args ...string) error {
-	cmd := Cli.Subcmd("network ls", nil, "Lists networks", true)
-	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Only display numeric IDs")
-	noTrunc := cmd.Bool([]string{"-no-trunc"}, false, "Do not truncate the output")
-
-	flFilter := opts.NewListOpts(nil)
-	cmd.Var(&flFilter, []string{"f", "-filter"}, "Filter output based on conditions provided")
-
-	cmd.Require(flag.Exact, 0)
-	err := cmd.ParseFlags(args, true)
-	if err != nil {
-		return err
-	}
-
-	// Consolidate all filter flags, and sanity check them early.
-	// They'll get process after get response from server.
-	netFilterArgs := filters.NewArgs()
-	for _, f := range flFilter.GetAll() {
-		if netFilterArgs, err = filters.ParseFlag(f, netFilterArgs); err != nil {
-			return err
-		}
-	}
-
-	options := types.NetworkListOptions{
-		Filters: netFilterArgs,
-	}
-
-	networkResources, err := cli.client.NetworkList(context.Background(), options)
-	if err != nil {
-		return err
-	}
-
-	wr := tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
-
-	// unless quiet (-q) is specified, print field titles
-	if !*quiet {
-		fmt.Fprintln(wr, "NETWORK ID\tNAME\tDRIVER")
-	}
-	sort.Sort(byNetworkName(networkResources))
-	for _, networkResource := range networkResources {
-		ID := networkResource.ID
-		netName := networkResource.Name
-		if !*noTrunc {
-			ID = stringid.TruncateID(ID)
-		}
-		if *quiet {
-			fmt.Fprintln(wr, ID)
-			continue
-		}
-		driver := networkResource.Driver
-		fmt.Fprintf(wr, "%s\t%s\t%s\t",
-			ID,
-			netName,
-			driver)
-		fmt.Fprint(wr, "\n")
-	}
-	wr.Flush()
-	return nil
-}
-
-type byNetworkName []types.NetworkResource
-
-func (r byNetworkName) Len() int           { return len(r) }
-func (r byNetworkName) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
-func (r byNetworkName) Less(i, j int) bool { return r[i].Name < r[j].Name }
-
-// CmdNetworkInspect inspects the network object for more details
-//
-// Usage: docker network inspect [OPTIONS] <NETWORK> [NETWORK...]
-func (cli *DockerCli) CmdNetworkInspect(args ...string) error {
-	cmd := Cli.Subcmd("network inspect", []string{"NETWORK [NETWORK...]"}, "Displays detailed information on one or more networks", false)
-	tmplStr := cmd.String([]string{"f", "-format"}, "", "Format the output using the given go template")
-	cmd.Require(flag.Min, 1)
-
-	if err := cmd.ParseFlags(args, true); err != nil {
-		return err
-	}
-
-	inspectSearcher := func(name string) (interface{}, []byte, error) {
-		i, err := cli.client.NetworkInspect(context.Background(), name)
-		return i, nil, err
-	}
-
-	return cli.inspectElements(*tmplStr, cmd.Args(), inspectSearcher)
-}
-
-// Consolidates the ipam configuration as a group from different related configurations
-// user can configure network with multiple non-overlapping subnets and hence it is
-// possible to correlate the various related parameters and consolidate them.
-// consoidateIpam consolidates subnets, ip-ranges, gateways and auxiliary addresses into
-// structured ipam data.
-func consolidateIpam(subnets, ranges, gateways []string, auxaddrs map[string]string) ([]network.IPAMConfig, error) {
-	if len(subnets) < len(ranges) || len(subnets) < len(gateways) {
-		return nil, fmt.Errorf("every ip-range or gateway must have a corresponding subnet")
-	}
-	iData := map[string]*network.IPAMConfig{}
-
-	// Populate non-overlapping subnets into consolidation map
-	for _, s := range subnets {
-		for k := range iData {
-			ok1, err := subnetMatches(s, k)
-			if err != nil {
-				return nil, err
-			}
-			ok2, err := subnetMatches(k, s)
-			if err != nil {
-				return nil, err
-			}
-			if ok1 || ok2 {
-				return nil, fmt.Errorf("multiple overlapping subnet configuration is not supported")
-			}
-		}
-		iData[s] = &network.IPAMConfig{Subnet: s, AuxAddress: map[string]string{}}
-	}
-
-	// Validate and add valid ip ranges
-	for _, r := range ranges {
-		match := false
-		for _, s := range subnets {
-			ok, err := subnetMatches(s, r)
-			if err != nil {
-				return nil, err
-			}
-			if !ok {
-				continue
-			}
-			if iData[s].IPRange != "" {
-				return nil, fmt.Errorf("cannot configure multiple ranges (%s, %s) on the same subnet (%s)", r, iData[s].IPRange, s)
-			}
-			d := iData[s]
-			d.IPRange = r
-			match = true
-		}
-		if !match {
-			return nil, fmt.Errorf("no matching subnet for range %s", r)
-		}
-	}
-
-	// Validate and add valid gateways
-	for _, g := range gateways {
-		match := false
-		for _, s := range subnets {
-			ok, err := subnetMatches(s, g)
-			if err != nil {
-				return nil, err
-			}
-			if !ok {
-				continue
-			}
-			if iData[s].Gateway != "" {
-				return nil, fmt.Errorf("cannot configure multiple gateways (%s, %s) for the same subnet (%s)", g, iData[s].Gateway, s)
-			}
-			d := iData[s]
-			d.Gateway = g
-			match = true
-		}
-		if !match {
-			return nil, fmt.Errorf("no matching subnet for gateway %s", g)
-		}
-	}
-
-	// Validate and add aux-addresses
-	for key, aa := range auxaddrs {
-		match := false
-		for _, s := range subnets {
-			ok, err := subnetMatches(s, aa)
-			if err != nil {
-				return nil, err
-			}
-			if !ok {
-				continue
-			}
-			iData[s].AuxAddress[key] = aa
-			match = true
-		}
-		if !match {
-			return nil, fmt.Errorf("no matching subnet for aux-address %s", aa)
-		}
-	}
-
-	idl := []network.IPAMConfig{}
-	for _, v := range iData {
-		idl = append(idl, *v)
-	}
-	return idl, nil
-}
-
-func subnetMatches(subnet, data string) (bool, error) {
-	var (
-		ip net.IP
-	)
-
-	_, s, err := net.ParseCIDR(subnet)
-	if err != nil {
-		return false, fmt.Errorf("Invalid subnet %s : %v", s, err)
-	}
-
-	if strings.Contains(data, "/") {
-		ip, _, err = net.ParseCIDR(data)
-		if err != nil {
-			return false, fmt.Errorf("Invalid cidr %s : %v", data, err)
-		}
-	} else {
-		ip = net.ParseIP(data)
-	}
-
-	return s.Contains(ip), nil
-}
-
-func networkUsage() string {
-	networkCommands := map[string]string{
-		"create":     "Create a network",
-		"connect":    "Connect container to a network",
-		"disconnect": "Disconnect container from a network",
-		"inspect":    "Display detailed network information",
-		"ls":         "List all networks",
-		"rm":         "Remove a network",
-	}
-
-	help := "Commands:\n"
-
-	for cmd, description := range networkCommands {
-		help += fmt.Sprintf("  %-25.25s%s\n", cmd, description)
-	}
-
-	help += fmt.Sprintf("\nRun 'docker network COMMAND --help' for more information on a command.")
-	return help
-}
--- a/api/client/network/cmd.go
+++ b/api/client/network/cmd.go
@@ -0,0 +1,31 @@
+package network
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+)
+
+// NewNetworkCommand returns a cobra command for `network` subcommands
+func NewNetworkCommand(dockerCli *client.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "network",
+		Short: "Manage Docker networks",
+		Args:  cli.NoArgs,
+		Run: func(cmd *cobra.Command, args []string) {
+			fmt.Fprintf(dockerCli.Err(), "\n"+cmd.UsageString())
+		},
+	}
+	cmd.AddCommand(
+		newConnectCommand(dockerCli),
+		newCreateCommand(dockerCli),
+		newDisconnectCommand(dockerCli),
+		newInspectCommand(dockerCli),
+		newListCommand(dockerCli),
+		newRemoveCommand(dockerCli),
+	)
+	return cmd
+}
--- a/api/client/network/connect.go
+++ b/api/client/network/connect.go
@@ -0,0 +1,64 @@
+package network
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/engine-api/types/network"
+	"github.com/spf13/cobra"
+)
+
+type connectOptions struct {
+	network      string
+	container    string
+	ipaddress    string
+	ipv6address  string
+	links        opts.ListOpts
+	aliases      []string
+	linklocalips []string
+}
+
+func newConnectCommand(dockerCli *client.DockerCli) *cobra.Command {
+	opts := connectOptions{
+		links: opts.NewListOpts(runconfigopts.ValidateLink),
+	}
+
+	cmd := &cobra.Command{
+		Use:   "connect [OPTIONS] NETWORK CONTAINER",
+		Short: "Connect a container to a network",
+		Args:  cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.network = args[0]
+			opts.container = args[1]
+			return runConnect(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVar(&opts.ipaddress, "ip", "", "IP Address")
+	flags.StringVar(&opts.ipv6address, "ip6", "", "IPv6 Address")
+	flags.Var(&opts.links, "link", "Add link to another container")
+	flags.StringSliceVar(&opts.aliases, "alias", []string{}, "Add network-scoped alias for the container")
+	flags.StringSliceVar(&opts.linklocalips, "link-local-ip", []string{}, "Add a link-local address for the container")
+
+	return cmd
+}
+
+func runConnect(dockerCli *client.DockerCli, opts connectOptions) error {
+	client := dockerCli.Client()
+
+	epConfig := &network.EndpointSettings{
+		IPAMConfig: &network.EndpointIPAMConfig{
+			IPv4Address:  opts.ipaddress,
+			IPv6Address:  opts.ipv6address,
+			LinkLocalIPs: opts.linklocalips,
+		},
+		Links:   opts.links.GetAll(),
+		Aliases: opts.aliases,
+	}
+
+	return client.NetworkConnect(context.Background(), opts.network, opts.container, epConfig)
+}
--- a/api/client/network/create.go
+++ b/api/client/network/create.go
@@ -0,0 +1,222 @@
+package network
+
+import (
+	"fmt"
+	"net"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/network"
+	"github.com/spf13/cobra"
+)
+
+type createOptions struct {
+	name       string
+	driver     string
+	driverOpts opts.MapOpts
+	labels     []string
+	internal   bool
+	ipv6       bool
+
+	ipamDriver  string
+	ipamSubnet  []string
+	ipamIPRange []string
+	ipamGateway []string
+	ipamAux     opts.MapOpts
+	ipamOpt     opts.MapOpts
+}
+
+func newCreateCommand(dockerCli *client.DockerCli) *cobra.Command {
+	opts := createOptions{
+		driverOpts: *opts.NewMapOpts(nil, nil),
+		ipamAux:    *opts.NewMapOpts(nil, nil),
+		ipamOpt:    *opts.NewMapOpts(nil, nil),
+	}
+
+	cmd := &cobra.Command{
+		Use:   "create [OPTIONS] NETWORK",
+		Short: "Create a network",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.name = args[0]
+			return runCreate(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.driver, "driver", "d", "bridge", "Driver to manage the Network")
+	flags.VarP(&opts.driverOpts, "opt", "o", "Set driver specific options")
+	flags.StringSliceVar(&opts.labels, "label", []string{}, "Set metadata on a network")
+	flags.BoolVar(&opts.internal, "internal", false, "Restrict external access to the network")
+	flags.BoolVar(&opts.ipv6, "ipv6", false, "Enable IPv6 networking")
+
+	flags.StringVar(&opts.ipamDriver, "ipam-driver", "default", "IP Address Management Driver")
+	flags.StringSliceVar(&opts.ipamSubnet, "subnet", []string{}, "Subnet in CIDR format that represents a network segment")
+	flags.StringSliceVar(&opts.ipamIPRange, "ip-range", []string{}, "Allocate container ip from a sub-range")
+	flags.StringSliceVar(&opts.ipamGateway, "gateway", []string{}, "IPv4 or IPv6 Gateway for the master subnet")
+
+	flags.Var(&opts.ipamAux, "aux-address", "Auxiliary IPv4 or IPv6 addresses used by Network driver")
+	flags.Var(&opts.ipamOpt, "ipam-opt", "Set IPAM driver specific options")
+
+	return cmd
+}
+
+func runCreate(dockerCli *client.DockerCli, opts createOptions) error {
+	client := dockerCli.Client()
+
+	ipamCfg, err := consolidateIpam(opts.ipamSubnet, opts.ipamIPRange, opts.ipamGateway, opts.ipamAux.GetAll())
+	if err != nil {
+		return err
+	}
+
+	// Construct network create request body
+	nc := types.NetworkCreate{
+		Driver:  opts.driver,
+		Options: opts.driverOpts.GetAll(),
+		IPAM: network.IPAM{
+			Driver:  opts.ipamDriver,
+			Config:  ipamCfg,
+			Options: opts.ipamOpt.GetAll(),
+		},
+		CheckDuplicate: true,
+		Internal:       opts.internal,
+		EnableIPv6:     opts.ipv6,
+		Labels:         runconfigopts.ConvertKVStringsToMap(opts.labels),
+	}
+
+	resp, err := client.NetworkCreate(context.Background(), opts.name, nc)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(dockerCli.Out(), "%s\n", resp.ID)
+	return nil
+}
+
+// Consolidates the ipam configuration as a group from different related configurations
+// user can configure network with multiple non-overlapping subnets and hence it is
+// possible to correlate the various related parameters and consolidate them.
+// consoidateIpam consolidates subnets, ip-ranges, gateways and auxiliary addresses into
+// structured ipam data.
+func consolidateIpam(subnets, ranges, gateways []string, auxaddrs map[string]string) ([]network.IPAMConfig, error) {
+	if len(subnets) < len(ranges) || len(subnets) < len(gateways) {
+		return nil, fmt.Errorf("every ip-range or gateway must have a corresponding subnet")
+	}
+	iData := map[string]*network.IPAMConfig{}
+
+	// Populate non-overlapping subnets into consolidation map
+	for _, s := range subnets {
+		for k := range iData {
+			ok1, err := subnetMatches(s, k)
+			if err != nil {
+				return nil, err
+			}
+			ok2, err := subnetMatches(k, s)
+			if err != nil {
+				return nil, err
+			}
+			if ok1 || ok2 {
+				return nil, fmt.Errorf("multiple overlapping subnet configuration is not supported")
+			}
+		}
+		iData[s] = &network.IPAMConfig{Subnet: s, AuxAddress: map[string]string{}}
+	}
+
+	// Validate and add valid ip ranges
+	for _, r := range ranges {
+		match := false
+		for _, s := range subnets {
+			ok, err := subnetMatches(s, r)
+			if err != nil {
+				return nil, err
+			}
+			if !ok {
+				continue
+			}
+			if iData[s].IPRange != "" {
+				return nil, fmt.Errorf("cannot configure multiple ranges (%s, %s) on the same subnet (%s)", r, iData[s].IPRange, s)
+			}
+			d := iData[s]
+			d.IPRange = r
+			match = true
+		}
+		if !match {
+			return nil, fmt.Errorf("no matching subnet for range %s", r)
+		}
+	}
+
+	// Validate and add valid gateways
+	for _, g := range gateways {
+		match := false
+		for _, s := range subnets {
+			ok, err := subnetMatches(s, g)
+			if err != nil {
+				return nil, err
+			}
+			if !ok {
+				continue
+			}
+			if iData[s].Gateway != "" {
+				return nil, fmt.Errorf("cannot configure multiple gateways (%s, %s) for the same subnet (%s)", g, iData[s].Gateway, s)
+			}
+			d := iData[s]
+			d.Gateway = g
+			match = true
+		}
+		if !match {
+			return nil, fmt.Errorf("no matching subnet for gateway %s", g)
+		}
+	}
+
+	// Validate and add aux-addresses
+	for key, aa := range auxaddrs {
+		match := false
+		for _, s := range subnets {
+			ok, err := subnetMatches(s, aa)
+			if err != nil {
+				return nil, err
+			}
+			if !ok {
+				continue
+			}
+			iData[s].AuxAddress[key] = aa
+			match = true
+		}
+		if !match {
+			return nil, fmt.Errorf("no matching subnet for aux-address %s", aa)
+		}
+	}
+
+	idl := []network.IPAMConfig{}
+	for _, v := range iData {
+		idl = append(idl, *v)
+	}
+	return idl, nil
+}
+
+func subnetMatches(subnet, data string) (bool, error) {
+	var (
+		ip net.IP
+	)
+
+	_, s, err := net.ParseCIDR(subnet)
+	if err != nil {
+		return false, fmt.Errorf("Invalid subnet %s : %v", s, err)
+	}
+
+	if strings.Contains(data, "/") {
+		ip, _, err = net.ParseCIDR(data)
+		if err != nil {
+			return false, fmt.Errorf("Invalid cidr %s : %v", data, err)
+		}
+	} else {
+		ip = net.ParseIP(data)
+	}
+
+	return s.Contains(ip), nil
+}
--- a/api/client/network/disconnect.go
+++ b/api/client/network/disconnect.go
@@ -0,0 +1,41 @@
+package network
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type disconnectOptions struct {
+	network   string
+	container string
+	force     bool
+}
+
+func newDisconnectCommand(dockerCli *client.DockerCli) *cobra.Command {
+	opts := disconnectOptions{}
+
+	cmd := &cobra.Command{
+		Use:   "disconnect [OPTIONS] NETWORK CONTAINER",
+		Short: "Disconnect a container from a network",
+		Args:  cli.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.network = args[0]
+			opts.container = args[1]
+			return runDisconnect(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.force, "force", "f", false, "Force the container to disconnect from a network")
+
+	return cmd
+}
+
+func runDisconnect(dockerCli *client.DockerCli, opts disconnectOptions) error {
+	client := dockerCli.Client()
+
+	return client.NetworkDisconnect(context.Background(), opts.network, opts.container, opts.force)
+}
--- a/api/client/network/inspect.go
+++ b/api/client/network/inspect.go
@@ -0,0 +1,45 @@
+package network
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/api/client/inspect"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+type inspectOptions struct {
+	format string
+	names  []string
+}
+
+func newInspectCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts inspectOptions
+
+	cmd := &cobra.Command{
+		Use:   "inspect [OPTIONS] NETWORK [NETWORK...]",
+		Short: "Display detailed information on one or more networks",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.names = args
+			return runInspect(dockerCli, opts)
+		},
+	}
+
+	cmd.Flags().StringVarP(&opts.format, "format", "f", "", "Format the output using the given go template")
+
+	return cmd
+}
+
+func runInspect(dockerCli *client.DockerCli, opts inspectOptions) error {
+	client := dockerCli.Client()
+
+	ctx := context.Background()
+
+	getNetFunc := func(name string) (interface{}, []byte, error) {
+		return client.NetworkInspectWithRaw(ctx, name)
+	}
+
+	return inspect.Inspect(dockerCli.Out(), opts.names, opts.format, getNetFunc)
+}
--- a/api/client/network/list.go
+++ b/api/client/network/list.go
@@ -0,0 +1,100 @@
+package network
+
+import (
+	"fmt"
+	"sort"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/filters"
+	"github.com/spf13/cobra"
+)
+
+type byNetworkName []types.NetworkResource
+
+func (r byNetworkName) Len() int           { return len(r) }
+func (r byNetworkName) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
+func (r byNetworkName) Less(i, j int) bool { return r[i].Name < r[j].Name }
+
+type listOptions struct {
+	quiet   bool
+	noTrunc bool
+	filter  []string
+}
+
+func newListCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts listOptions
+
+	cmd := &cobra.Command{
+		Use:     "ls [OPTIONS]",
+		Aliases: []string{"list"},
+		Short:   "List networks",
+		Args:    cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runList(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display network IDs")
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate the output")
+	flags.StringSliceVarP(&opts.filter, "filter", "f", []string{}, "Provide filter values (i.e. 'dangling=true')")
+
+	return cmd
+}
+
+func runList(dockerCli *client.DockerCli, opts listOptions) error {
+	client := dockerCli.Client()
+
+	netFilterArgs := filters.NewArgs()
+	for _, f := range opts.filter {
+		var err error
+		netFilterArgs, err = filters.ParseFlag(f, netFilterArgs)
+		if err != nil {
+			return err
+		}
+	}
+
+	options := types.NetworkListOptions{
+		Filters: netFilterArgs,
+	}
+
+	networkResources, err := client.NetworkList(context.Background(), options)
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(dockerCli.Out(), 20, 1, 3, ' ', 0)
+	if !opts.quiet {
+		fmt.Fprintf(w, "NETWORK ID\tNAME\tDRIVER\tSCOPE")
+		fmt.Fprintf(w, "\n")
+	}
+
+	sort.Sort(byNetworkName(networkResources))
+	for _, networkResource := range networkResources {
+		ID := networkResource.ID
+		netName := networkResource.Name
+		driver := networkResource.Driver
+		scope := networkResource.Scope
+		if !opts.noTrunc {
+			ID = stringid.TruncateID(ID)
+		}
+		if opts.quiet {
+			fmt.Fprintln(w, ID)
+			continue
+		}
+		fmt.Fprintf(w, "%s\t%s\t%s\t%s\t",
+			ID,
+			netName,
+			driver,
+			scope)
+		fmt.Fprint(w, "\n")
+	}
+	w.Flush()
+	return nil
+}
--- a/api/client/network/remove.go
+++ b/api/client/network/remove.go
@@ -0,0 +1,43 @@
+package network
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/spf13/cobra"
+)
+
+func newRemoveCommand(dockerCli *client.DockerCli) *cobra.Command {
+	return &cobra.Command{
+		Use:     "rm NETWORK [NETWORK...]",
+		Aliases: []string{"remove"},
+		Short:   "Remove one or more networks",
+		Args:    cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runRemove(dockerCli, args)
+		},
+	}
+}
+
+func runRemove(dockerCli *client.DockerCli, networks []string) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+	status := 0
+
+	for _, name := range networks {
+		if err := client.NetworkRemove(ctx, name); err != nil {
+			fmt.Fprintf(dockerCli.Err(), "%s\n", err)
+			status = 1
+			continue
+		}
+		fmt.Fprintf(dockerCli.Out(), "%s\n", name)
+	}
+
+	if status != 0 {
+		return cli.StatusError{StatusCode: status}
+	}
+	return nil
+}
--- a/api/client/node/cmd.go
+++ b/api/client/node/cmd.go
@@ -0,0 +1,49 @@
+package node
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/spf13/cobra"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	apiclient "github.com/docker/engine-api/client"
+)
+
+// NewNodeCommand returns a cobra command for `node` subcommands
+func NewNodeCommand(dockerCli *client.DockerCli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "node",
+		Short: "Manage Docker Swarm nodes",
+		Args:  cli.NoArgs,
+		Run: func(cmd *cobra.Command, args []string) {
+			fmt.Fprintf(dockerCli.Err(), "\n"+cmd.UsageString())
+		},
+	}
+	cmd.AddCommand(
+		newDemoteCommand(dockerCli),
+		newInspectCommand(dockerCli),
+		newListCommand(dockerCli),
+		newPromoteCommand(dockerCli),
+		newRemoveCommand(dockerCli),
+		newPSCommand(dockerCli),
+		newUpdateCommand(dockerCli),
+	)
+	return cmd
+}
+
+// Reference returns the reference of a node. The special value "self" for a node
+// reference is mapped to the current node, hence the node ID is retrieved using
+// the `/info` endpoint.
+func Reference(client apiclient.APIClient, ctx context.Context, ref string) (string, error) {
+	if ref == "self" {
+		info, err := client.Info(ctx)
+		if err != nil {
+			return "", err
+		}
+		return info.Swarm.NodeID, nil
+	}
+	return ref, nil
+}
--- a/api/client/node/demote.go
+++ b/api/client/node/demote.go
@@ -0,0 +1,32 @@
+package node
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/engine-api/types/swarm"
+	"github.com/spf13/cobra"
+)
+
+func newDemoteCommand(dockerCli *client.DockerCli) *cobra.Command {
+	return &cobra.Command{
+		Use:   "demote NODE [NODE...]",
+		Short: "Demote one or more nodes from manager in the swarm",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runDemote(dockerCli, args)
+		},
+	}
+}
+
+func runDemote(dockerCli *client.DockerCli, nodes []string) error {
+	demote := func(node *swarm.Node) error {
+		node.Spec.Role = swarm.NodeRoleWorker
+		return nil
+	}
+	success := func(nodeID string) {
+		fmt.Fprintf(dockerCli.Out(), "Manager %s demoted in the swarm.\n", nodeID)
+	}
+	return updateNodes(dockerCli, nodes, demote, success)
+}
--- a/api/client/node/inspect.go
+++ b/api/client/node/inspect.go
@@ -0,0 +1,144 @@
+package node
+
+import (
+	"fmt"
+	"io"
+	"sort"
+	"strings"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/api/client/inspect"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/engine-api/types/swarm"
+	"github.com/docker/go-units"
+	"github.com/spf13/cobra"
+	"golang.org/x/net/context"
+)
+
+type inspectOptions struct {
+	nodeIds []string
+	format  string
+	pretty  bool
+}
+
+func newInspectCommand(dockerCli *client.DockerCli) *cobra.Command {
+	var opts inspectOptions
+
+	cmd := &cobra.Command{
+		Use:   "inspect [OPTIONS] self|NODE [NODE...]",
+		Short: "Display detailed information on one or more nodes",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.nodeIds = args
+			return runInspect(dockerCli, opts)
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given go template")
+	flags.BoolVar(&opts.pretty, "pretty", false, "Print the information in a human friendly format.")
+	return cmd
+}
+
+func runInspect(dockerCli *client.DockerCli, opts inspectOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+	getRef := func(ref string) (interface{}, []byte, error) {
+		nodeRef, err := Reference(client, ctx, ref)
+		if err != nil {
+			return nil, nil, err
+		}
+		node, _, err := client.NodeInspectWithRaw(ctx, nodeRef)
+		return node, nil, err
+	}
+
+	if !opts.pretty {
+		return inspect.Inspect(dockerCli.Out(), opts.nodeIds, opts.format, getRef)
+	}
+	return printHumanFriendly(dockerCli.Out(), opts.nodeIds, getRef)
+}
+
+func printHumanFriendly(out io.Writer, refs []string, getRef inspect.GetRefFunc) error {
+	for idx, ref := range refs {
+		obj, _, err := getRef(ref)
+		if err != nil {
+			return err
+		}
+		printNode(out, obj.(swarm.Node))
+
+		// TODO: better way to do this?
+		// print extra space between objects, but not after the last one
+		if idx+1 != len(refs) {
+			fmt.Fprintf(out, "\n\n")
+		} else {
+			fmt.Fprintf(out, "\n")
+		}
+	}
+	return nil
+}
+
+// TODO: use a template
+func printNode(out io.Writer, node swarm.Node) {
+	fmt.Fprintf(out, "ID:\t\t\t%s\n", node.ID)
+	ioutils.FprintfIfNotEmpty(out, "Name:\t\t\t%s\n", node.Spec.Name)
+	if node.Spec.Labels != nil {
+		fmt.Fprintln(out, "Labels:")
+		for k, v := range node.Spec.Labels {
+			fmt.Fprintf(out, " - %s = %s\n", k, v)
+		}
+	}
+
+	ioutils.FprintfIfNotEmpty(out, "Hostname:\t\t%s\n", node.Description.Hostname)
+	fmt.Fprintf(out, "Joined at:\t\t%s\n", client.PrettyPrint(node.CreatedAt))
+	fmt.Fprintln(out, "Status:")
+	fmt.Fprintf(out, " State:\t\t\t%s\n", client.PrettyPrint(node.Status.State))
+	ioutils.FprintfIfNotEmpty(out, " Message:\t\t%s\n", client.PrettyPrint(node.Status.Message))
+	fmt.Fprintf(out, " Availability:\t\t%s\n", client.PrettyPrint(node.Spec.Availability))
+
+	if node.ManagerStatus != nil {
+		fmt.Fprintln(out, "Manager Status:")
+		fmt.Fprintf(out, " Address:\t\t%s\n", node.ManagerStatus.Addr)
+		fmt.Fprintf(out, " Raft Status:\t\t%s\n", client.PrettyPrint(node.ManagerStatus.Reachability))
+		leader := "No"
+		if node.ManagerStatus.Leader {
+			leader = "Yes"
+		}
+		fmt.Fprintf(out, " Leader:\t\t%s\n", leader)
+	}
+
+	fmt.Fprintln(out, "Platform:")
+	fmt.Fprintf(out, " Operating System:\t%s\n", node.Description.Platform.OS)
+	fmt.Fprintf(out, " Architecture:\t\t%s\n", node.Description.Platform.Architecture)
+
+	fmt.Fprintln(out, "Resources:")
+	fmt.Fprintf(out, " CPUs:\t\t\t%d\n", node.Description.Resources.NanoCPUs/1e9)
+	fmt.Fprintf(out, " Memory:\t\t%s\n", units.BytesSize(float64(node.Description.Resources.MemoryBytes)))
+
+	var pluginTypes []string
+	pluginNamesByType := map[string][]string{}
+	for _, p := range node.Description.Engine.Plugins {
+		// append to pluginTypes only if not done previously
+		if _, ok := pluginNamesByType[p.Type]; !ok {
+			pluginTypes = append(pluginTypes, p.Type)
+		}
+		pluginNamesByType[p.Type] = append(pluginNamesByType[p.Type], p.Name)
+	}
+
+	if len(pluginTypes) > 0 {
+		fmt.Fprintln(out, "Plugins:")
+		sort.Strings(pluginTypes) // ensure stable output
+		for _, pluginType := range pluginTypes {
+			fmt.Fprintf(out, "  %s:\t\t%s\n", pluginType, strings.Join(pluginNamesByType[pluginType], ", "))
+		}
+	}
+	fmt.Fprintf(out, "Engine Version:\t\t%s\n", node.Description.Engine.EngineVersion)
+
+	if len(node.Description.Engine.Labels) != 0 {
+		fmt.Fprintln(out, "Engine Labels:")
+		for k, v := range node.Description.Engine.Labels {
+			fmt.Fprintf(out, " - %s = %s", k, v)
+		}
+	}
+
+}
--- a/api/client/node/list.go
+++ b/api/client/node/list.go
@@ -0,0 +1,111 @@
+package node
+
+import (
+	"fmt"
+	"io"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/swarm"
+	"github.com/spf13/cobra"
+)
+
+const (
+	listItemFmt = "%s\t%s\t%s\t%s\t%s\n"
+)
+
+type listOptions struct {
+	quiet  bool
+	filter opts.FilterOpt
+}
+
+func newListCommand(dockerCli *client.DockerCli) *cobra.Command {
+	opts := listOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:     "ls [OPTIONS]",
+		Aliases: []string{"list"},
+		Short:   "List nodes in the swarm",
+		Args:    cli.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runList(dockerCli, opts)
+		},
+	}
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Only display IDs")
+	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
+
+	return cmd
+}
+
+func runList(dockerCli *client.DockerCli, opts listOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	nodes, err := client.NodeList(
+		ctx,
+		types.NodeListOptions{Filter: opts.filter.Value()})
+	if err != nil {
+		return err
+	}
+
+	info, err := client.Info(ctx)
+	if err != nil {
+		return err
+	}
+
+	out := dockerCli.Out()
+	if opts.quiet {
+		printQuiet(out, nodes)
+	} else {
+		printTable(out, nodes, info)
+	}
+	return nil
+}
+
+func printTable(out io.Writer, nodes []swarm.Node, info types.Info) {
+	writer := tabwriter.NewWriter(out, 0, 4, 2, ' ', 0)
+
+	// Ignore flushing errors
+	defer writer.Flush()
+
+	fmt.Fprintf(writer, listItemFmt, "ID", "HOSTNAME", "STATUS", "AVAILABILITY", "MANAGER STATUS")
+	for _, node := range nodes {
+		name := node.Description.Hostname
+		availability := string(node.Spec.Availability)
+
+		reachability := ""
+		if node.ManagerStatus != nil {
+			if node.ManagerStatus.Leader {
+				reachability = "Leader"
+			} else {
+				reachability = string(node.ManagerStatus.Reachability)
+			}
+		}
+
+		ID := node.ID
+		if node.ID == info.Swarm.NodeID {
+			ID = ID + " *"
+		}
+
+		fmt.Fprintf(
+			writer,
+			listItemFmt,
+			ID,
+			name,
+			client.PrettyPrint(string(node.Status.State)),
+			client.PrettyPrint(availability),
+			client.PrettyPrint(reachability))
+	}
+}
+
+func printQuiet(out io.Writer, nodes []swarm.Node) {
+	for _, node := range nodes {
+		fmt.Fprintln(out, node.ID)
+	}
+}
--- a/api/client/node/opts.go
+++ b/api/client/node/opts.go
@@ -0,0 +1,60 @@
+package node
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/opts"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/engine-api/types/swarm"
+)
+
+type nodeOptions struct {
+	annotations
+	role         string
+	availability string
+}
+
+type annotations struct {
+	name   string
+	labels opts.ListOpts
+}
+
+func newNodeOptions() *nodeOptions {
+	return &nodeOptions{
+		annotations: annotations{
+			labels: opts.NewListOpts(nil),
+		},
+	}
+}
+
+func (opts *nodeOptions) ToNodeSpec() (swarm.NodeSpec, error) {
+	var spec swarm.NodeSpec
+
+	spec.Annotations.Name = opts.annotations.name
+	spec.Annotations.Labels = runconfigopts.ConvertKVStringsToMap(opts.annotations.labels.GetAll())
+
+	switch swarm.NodeRole(strings.ToLower(opts.role)) {
+	case swarm.NodeRoleWorker:
+		spec.Role = swarm.NodeRoleWorker
+	case swarm.NodeRoleManager:
+		spec.Role = swarm.NodeRoleManager
+	case "":
+	default:
+		return swarm.NodeSpec{}, fmt.Errorf("invalid role %q, only worker and manager are supported", opts.role)
+	}
+
+	switch swarm.NodeAvailability(strings.ToLower(opts.availability)) {
+	case swarm.NodeAvailabilityActive:
+		spec.Availability = swarm.NodeAvailabilityActive
+	case swarm.NodeAvailabilityPause:
+		spec.Availability = swarm.NodeAvailabilityPause
+	case swarm.NodeAvailabilityDrain:
+		spec.Availability = swarm.NodeAvailabilityDrain
+	case "":
+	default:
+		return swarm.NodeSpec{}, fmt.Errorf("invalid availability %q, only active, pause and drain are supported", opts.availability)
+	}
+
+	return spec, nil
+}
--- a/api/client/node/promote.go
+++ b/api/client/node/promote.go
@@ -0,0 +1,32 @@
+package node
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/cli"
+	"github.com/docker/engine-api/types/swarm"
+	"github.com/spf13/cobra"
+)
+
+func newPromoteCommand(dockerCli *client.DockerCli) *cobra.Command {
+	return &cobra.Command{
+		Use:   "promote NODE [NODE...]",
+		Short: "Promote one or more nodes to manager in the swarm",
+		Args:  cli.RequiresMinArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runPromote(dockerCli, args)
+		},
+	}
+}
+
+func runPromote(dockerCli *client.DockerCli, nodes []string) error {
+	promote := func(node *swarm.Node) error {
+		node.Spec.Role = swarm.NodeRoleManager
+		return nil
+	}
+	success := func(nodeID string) {
+		fmt.Fprintf(dockerCli.Out(), "Node %s promoted to a manager in the swarm.\n", nodeID)
+	}
+	return updateNodes(dockerCli, nodes, promote, success)
+}
--- a/api/client/node/ps.go
+++ b/api/client/node/ps.go
@@ -0,0 +1,63 @@
+package node
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/api/client/idresolver"
+	"github.com/docker/docker/api/client/task"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	"github.com/docker/engine-api/types"
+	"github.com/spf13/cobra"
+)
+
+type psOptions struct {
+	nodeID    string
+	noResolve bool
+	filter    opts.FilterOpt
+}
+
+func newPSCommand(dockerCli *client.DockerCli) *cobra.Command {
+	opts := psOptions{filter: opts.NewFilterOpt()}
+
+	cmd := &cobra.Command{
+		Use:   "ps [OPTIONS] self|NODE",
+		Short: "List tasks running on a node",
+		Args:  cli.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			opts.nodeID = args[0]
+			return runPS(dockerCli, opts)
+		},
+	}
+	flags := cmd.Flags()
+	flags.BoolVar(&opts.noResolve, "no-resolve", false, "Do not map IDs to Names")
+	flags.VarP(&opts.filter, "filter", "f", "Filter output based on conditions provided")
+
+	return cmd
+}
+
+func runPS(dockerCli *client.DockerCli, opts psOptions) error {
+	client := dockerCli.Client()
+	ctx := context.Background()
+
+	nodeRef, err := Reference(client, ctx, opts.nodeID)
+	if err != nil {
+		return nil
+	}
+	node, _, err := client.NodeInspectWithRaw(ctx, nodeRef)
+	if err != nil {
+		return err
+	}
+
+	filter := opts.filter.Value()
+	filter.Add("node", node.ID)
+	tasks, err := client.TaskList(
+		ctx,
+		types.TaskListOptions{Filter: filter})
+	if err != nil {
+		return err
+	}
+
+	return task.Print(dockerCli, ctx, tasks, idresolver.New(client, opts.noResolve))
+}
--- a/Show More
+++ b/Show More