Bumped version to 0.3.2

Merge pull request #568 from dotcloud/improve_checksum-2
* Runtime: Store the actual archive on commit * Registry: Improve the checksum process - Registry: Fix error 400 on push
2026-01-15 01:41:39 +00:00 · 2013-05-09 13:51:32 -07:00 · 2013-05-09 13:25:15 -07:00 · 2013-05-09 13:24:00 -07:00 · 2013-05-09 13:05:18 -06:00 · 2013-05-09 11:12:37 -07:00
179 changed files with 8002 additions and 2274 deletions
--- a/.mailmap
+++ b/.mailmap
@@ -14,3 +14,6 @@ Joffrey F <joffrey@dotcloud.com>
 <joffrey@dotcloud.com> <f.joffrey@gmail.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
 Andy Smith <github@anarkystic.com>
+<kalessin@kalessin.fr> <louis@dotcloud.com>
+<victor.vieux@dotcloud.com> <victor@dotcloud.com>
+<dominik@honnef.co> <dominikh@fork-bomb.org>
--- a/8
+++ b/8
@@ -10,6 +10,8 @@ Daniel Robinson <gottagetmac@gmail.com>
 Dominik Honnef <dominik@honnef.co>
 Don Spaulding <donspauldingii@gmail.com>
 ezbercih <cem.ezberci@gmail.com>
+Flavio Castelli <fcastelli@suse.com>
+Francisco Souza <f@souza.cc>
 Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
 Guillaume J. Charmes <guillaume.charmes@dotcloud.com>
 Hunter Blanks <hunter@twilio.com>
@@ -21,11 +23,15 @@ Jonathan Rudenberg <jonathan@titanous.com>
 Julien Barbier <write0@gmail.com>
 Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>
 Ken Cochrane <kencochrane@gmail.com>
+Kevin J. Lynagh <kevin@keminglabs.com>
 Louis Opter <kalessin@kalessin.fr>
+Maxim Treskin <zerthurd@gmail.com>
 Mikhail Sobolev <mss@mawhrin.net>
 Nelson Chen <crazysim@gmail.com>
 Niall O'Higgins <niallo@unworkable.org>
+Paul Hammond <paul@paulhammond.org>
 Piotr Bogdan <ppbogdan@gmail.com>
+Robert Obryk <robryk@gmail.com>
 Sam Alba <sam.alba@gmail.com>
 Shawn Siefkas <shawn.siefkas@meredith.com>
 Silas Sewell <silas@sewell.org>
@@ -34,4 +40,6 @@ Sridhar Ratnakumar <sridharr@activestate.com>
 Thatcher Peskens <thatcher@dotcloud.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
 Troy Howard <thoward37@gmail.com>
+unclejack <unclejacksons@gmail.com>
+Victor Vieux <victor.vieux@dotcloud.com>
 Vivek Agarwal <me@vivek.im>
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1,143 @@
+# Changelog
+
+## 0.3.2 (2013-05-09)
+ * Runtime: Store the actual archive on commit
+ * Registry: Improve the checksum process
+ * Registry: Use the size to have a good progress bar while pushing
+ * Registry: Use the actual archive if it exists in order to speed up the push
+ - Registry: Fix error 400 on push
+
+## 0.3.1 (2013-05-08)
+ + Builder: Implement the autorun capability within docker builder
+ + Builder: Add caching to docker builder
+ + Builder: Add support for docker builder with native API as top level command
+ + Runtime: Add go version to debug infos
+ + Builder: Implement ENV within docker builder
+ + Registry: Add docker search top level command in order to search a repository
+ + Images: output graph of images to dot (graphviz)
+ + Documentation: new introduction and high-level overview
+ + Documentation: Add the documentation for docker builder
+ + Website: new high-level overview
+ - Makefile: Swap "go get" for "go get -d", especially to compile on go1.1rc
+ - Images: fix ByParent function
+ - Builder: Check the command existance prior create and add Unit tests for the case
+ - Registry: Fix pull for official images with specific tag
+ - Registry: Fix issue when login in with a different user and trying to push
+ - Documentation: CSS fix for docker documentation to make REST API docs look better.
+ - Documentation: Fixed CouchDB example page header mistake
+ - Documentation: fixed README formatting
+ * Registry: Improve checksum - async calculation
+ * Runtime: kernel version - don't show the dash if flavor is empty
+ * Documentation: updated www.docker.io website.
+ * Builder: use any whitespaces instead of tabs
+ * Packaging: packaging ubuntu; issue #510: Use goland-stable PPA package to build docker
+
+## 0.3.0 (2013-05-06)
+ + Registry: Implement the new registry
+ + Documentation: new example: sharing data between 2 couchdb databases
+ - Runtime: Fix the command existance check
+ - Runtime: strings.Split may return an empty string on no match
+ - Runtime: Fix an index out of range crash if cgroup memory is not
+ * Documentation: Various improvments
+ * Vagrant: Use only one deb line in /etc/apt
+
+## 0.2.2 (2013-05-03)
+ + Support for data volumes ('docker run -v=PATH')
+ + Share data volumes between containers ('docker run -volumes-from')
+ + Improved documentation
+ * Upgrade to Go 1.0.3
+ * Various upgrades to the dev environment for contributors
+
+## 0.2.1 (2013-05-01)
+ + 'docker commit -run' bundles a layer with default runtime options: command, ports etc.
+ * Improve install process on Vagrant
+ + New Dockerfile operation: "maintainer"
+ + New Dockerfile operation: "expose"
+ + New Dockerfile operation: "cmd"
+ + Contrib script to build a Debian base layer
+ + 'docker -d -r': restart crashed containers at daemon startup
+ * Runtime: improve test coverage
+
+## 0.2.0 (2013-04-23)
+ - Runtime: ghost containers can be killed and waited for
+ * Documentation: update install intructions
+ - Packaging: fix Vagrantfile
+ - Development: automate releasing binaries and ubuntu packages
+ + Add a changelog
+ - Various bugfixes
+
+## 0.1.8 (2013-04-22)
+ - Dynamically detect cgroup capabilities
+ - Issue stability warning on kernels <3.8
+ - 'docker push' buffers on disk instead of memory
+ - Fix 'docker diff' for removed files
+ - Fix 'docker stop' for ghost containers
+ - Fix handling of pidfile
+ - Various bugfixes and stability improvements
+
+## 0.1.7 (2013-04-18)
+ - Container ports are available on localhost
+ - 'docker ps' shows allocated TCP ports
+ - Contributors can run 'make hack' to start a continuous integration VM
+ - Streamline ubuntu packaging & uploading
+ - Various bugfixes and stability improvements
+
+## 0.1.6 (2013-04-17)
+ - Record the author an image with 'docker commit -author'
+
+## 0.1.5 (2013-04-17)
+ - Disable standalone mode
+ - Use a custom DNS resolver with 'docker -d -dns'
+ - Detect ghost containers
+ - Improve diagnosis of missing system capabilities
+ - Allow disabling memory limits at compile time
+ - Add debian packaging
+ - Documentation: installing on Arch Linux
+ - Documentation: running Redis on docker
+ - Fixed lxc 0.9 compatibility
+ - Automatically load aufs module
+ - Various bugfixes and stability improvements
+
+## 0.1.4 (2013-04-09)
+ - Full support for TTY emulation
+ - Detach from a TTY session with the escape sequence `C-p C-q`
+ - Various bugfixes and stability improvements
+ - Minor UI improvements
+ - Automatically create our own bridge interface 'docker0'
+
+## 0.1.3 (2013-04-04)
+ - Choose TCP frontend port with '-p :PORT'
+ - Layer format is versioned
+ - Major reliability improvements to the process manager
+ - Various bugfixes and stability improvements
+
+## 0.1.2 (2013-04-03)
+ - Set container hostname with 'docker run -h'
+ - Selective attach at run with 'docker run -a [stdin[,stdout[,stderr]]]'
+ - Various bugfixes and stability improvements
+ - UI polish
+ - Progress bar on push/pull
+ - Use XZ compression by default
+ - Make IP allocator lazy
+
+## 0.1.1 (2013-03-31)
+ - Display shorthand IDs for convenience
+ - Stabilize process management
+ - Layers can include a commit message
+ - Simplified 'docker attach'
+ - Fixed support for re-attaching
+ - Various bugfixes and stability improvements
+ - Auto-download at run
+ - Auto-login on push
+ - Beefed up documentation
+
+## 0.1.0 (2013-03-23)
+ - First release
+ - Implement registry in order to push/pull images
+ - TCP port allocation
+ - Fix termcaps on Linux
+ - Add documentation
+ - Add Vagrant support with Vagrantfile
+ - Add unit tests
+ - Add repository/tags to ease image management
+ - Improve the layer implementation
--- a/37
+++ b/37
@@ -1,5 +1,9 @@
 DOCKER_PACKAGE := github.com/dotcloud/docker
+RELEASE_VERSION := $(shell git tag | grep -E "v[0-9\.]+$$" | sort -nr | head -n 1)
+SRCRELEASE := docker-$(RELEASE_VERSION)
+BINRELEASE := docker-$(RELEASE_VERSION).tgz

+GIT_ROOT := $(shell git rev-parse --show-toplevel)
 BUILD_DIR := $(CURDIR)/.gopath

 GOPATH ?= $(BUILD_DIR)
@@ -23,18 +27,39 @@ DOCKER_MAIN := $(DOCKER_DIR)/docker
 DOCKER_BIN_RELATIVE := bin/docker
 DOCKER_BIN := $(CURDIR)/$(DOCKER_BIN_RELATIVE)

-.PHONY: all clean test
+.PHONY: all clean test hack release srcrelease $(BINRELEASE) $(SRCRELEASE) $(DOCKER_BIN) $(DOCKER_DIR)

 all: $(DOCKER_BIN)

 $(DOCKER_BIN): $(DOCKER_DIR)
 	@mkdir -p  $(dir $@)
-	@(cd $(DOCKER_MAIN); go get $(GO_OPTIONS); go build $(GO_OPTIONS) $(BUILD_OPTIONS) -o $@)
+	@(cd $(DOCKER_MAIN); go build $(GO_OPTIONS) $(BUILD_OPTIONS) -o $@)
 	@echo $(DOCKER_BIN_RELATIVE) is created.

 $(DOCKER_DIR):
 	@mkdir -p $(dir $@)
-	@ln -sf $(CURDIR)/ $@
+	@if [ -h $@ ]; then rm -f $@; fi; ln -sf $(CURDIR)/ $@
+	@(cd $(DOCKER_MAIN); go get -d $(GO_OPTIONS))
+
+whichrelease:
+	echo $(RELEASE_VERSION)
+
+release: $(BINRELEASE)
+	s3cmd -P put $(BINRELEASE) s3://get.docker.io/builds/`uname -s`/`uname -m`/docker-$(RELEASE_VERSION).tgz
+
+srcrelease: $(SRCRELEASE)
+deps: $(DOCKER_DIR)
+
+# A clean checkout of $RELEASE_VERSION, with vendored dependencies
+$(SRCRELEASE):
+	rm -fr $(SRCRELEASE)
+	git clone $(GIT_ROOT) $(SRCRELEASE)
+	cd $(SRCRELEASE); git checkout -q $(RELEASE_VERSION)
+
+# A binary release ready to be uploaded to a mirror
+$(BINRELEASE): $(SRCRELEASE)
+	rm -f $(BINRELEASE)
+	cd $(SRCRELEASE); make; cp -R bin docker-$(RELEASE_VERSION); tar -f ../$(BINRELEASE) -zv -c docker-$(RELEASE_VERSION)

 clean:
 	@rm -rf $(dir $(DOCKER_BIN))
@@ -49,3 +74,9 @@ test: all

 fmt:
 	@gofmt -s -l -w .
+
+hack:
+	cd $(CURDIR)/hack && vagrant up
+
+ssh-dev:
+	cd $(CURDIR)/hack && vagrant ssh
--- a/README.md
+++ b/README.md
@@ -1,39 +1,227 @@
-Docker: the Linux container runtime
-===================================
+Docker: the Linux container engine
+==================================

-Docker complements LXC with a high-level API which operates at the process level. It runs unix processes with strong guarantees of isolation and repeatability across servers.
+Docker is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers.

-Docker is a great building block for automating distributed systems: large-scale web deployments, database clusters, continuous deployment systems, private PaaS, service-oriented architectures, etc.
+Docker containers are both *hardware-agnostic* and *platform-agnostic*. This means that they can run anywhere, from your
+laptop to the largest EC2 compute instance and everything in between - and they don't require that you use a particular
+language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases
+and backend services without depending on a particular stack or provider.
+
+Docker is an open-source implementation of the deployment engine which powers [dotCloud](http://dotcloud.com), a popular Platform-as-a-Service.
+It benefits directly from the experience accumulated over several years of large-scale operation and support of hundreds of thousands
+of applications and databases.

 ![Docker L](docs/sources/static_files/lego_docker.jpg "Docker")

-* *Heterogeneous payloads*: any combination of binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, you name it. No more juggling between domain-specific tools. Docker can deploy and run them all.
+## Better than VMs

-* *Any server*: docker can run on any x64 machine with a modern linux kernel - whether it's a laptop, a bare metal server or a VM. This makes it perfect for multi-cloud deployments.
+A common method for distributing applications and sandbox their execution is to use virtual machines, or VMs. Typical VM formats
+are VMWare's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In theory these formats should allow every developer to
+automatically package their application into a "machine" for easy distribution and deployment. In practice, that almost never
+happens, for a few reasons:

-* *Isolation*: docker isolates processes from each other and from the underlying host, using lightweight containers.
+  * *Size*: VMs are very large which makes them impractical to store and transfer.
+  * *Performance*: running VMs consumes significant CPU and memory, which makes them impractical in many scenarios, for example local development of multi-tier applications, and
+  	large-scale deployment of cpu and memory-intensive applications on large numbers of machines.
+  * *Portability*: competing VM environments don't play well with each other. Although conversion tools do exist, they are limited and add even more overhead.
+  * *Hardware-centric*: VMs were designed with machine operators in mind, not software developers. As a result, they offer very limited tooling for what developers need most:
+  	building, testing and running their software. For example, VMs offer no facilities for application versioning, monitoring, configuration, logging or service discovery.

-* *Repeatability*: because containers are isolated in their own filesystem, they behave the same regardless of where, when, and alongside what they run.
+By contrast, Docker relies on a different sandboxing method known as *containerization*. Unlike traditional virtualization,
+containerization takes place at the kernel level. Most modern operating system kernels now support the primitives necessary
+for containerization, including Linux with [openvz](http://openvz.org), [vserver](http://linux-vserver.org) and more recently [lxc](http://lxc.sourceforge.net),
+	Solaris with [zones](http://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc) and FreeBSD with [Jails](http://www.freebsd.org/doc/handbook/jails.html).
+
+Docker builds on top of these low-level primitives to offer developers a portable format and runtime environment that solves
+all 4 problems. Docker containers are small (and their transfer can be optimized with layers), they have basically zero memory and cpu overhead,
+the are completely portable and are designed from the ground up with an application-centric design.
+
+The best part: because docker operates at the OS level, it can still be run inside a VM!
+
+## Plays well with others
+
+Docker does not require that you buy into a particular programming language, framework, packaging system or configuration language.
+
+Is your application a unix process? Does it use files, tcp connections, environment variables, standard unix streams and command-line
+arguments as inputs and outputs? Then docker can run it.
+
+Can your application's build be expressed a sequence of such commands? Then docker can build it.


-Notable features
-----------------
+## Escape dependency hell

-* Filesystem isolation: each process container runs in a completely separate root filesystem.
+A common problem for developers is the difficulty of managing all their application's dependencies in a simple and automated way.

-* Resource isolation: system resources like cpu and memory can be allocated differently to each process container, using cgroups.
+This is usually difficult for several reasons:

-* Network isolation: each process container runs in its own network namespace, with a virtual interface and IP address of its own.
+  * *Cross-platform dependencies*. Modern applications often depend on a combination of system libraries and binaries, language-specific packages, framework-specific modules,
+  	internal components developed for another project, etc. These dependencies live in different "worlds" and require different tools - these tools typically don't work
+	well with each other, requiring awkward custom integrations.

-* Copy-on-write: root filesystems are created using copy-on-write, which makes deployment extremely fast, memory-cheap and disk-cheap.
-
-* Logging: the standard streams (stdout/stderr/stdin) of each process container are collected and logged for real-time or batch retrieval.
-
-* Change management: changes to a container's filesystem can be committed into a new image and re-used to create more containers. No templating or manual configuration required.
-
-* Interactive shell: docker can allocate a pseudo-tty and attach to the standard input of any container, for example to run a throwaway interactive shell.
+  * Conflicting dependencies. Different applications may depend on different versions of the same dependency. Packaging tools handle these situations with various degrees of ease -
+  	but they all handle them in different and incompatible ways, which again forces the developer to do extra work.
+  
+  * Custom dependencies. A developer may need to prepare a custom version of his application's dependency. Some packaging systems can handle custom versions of a dependency,
+  	others can't - and all of them handle it differently.


+Docker solves dependency hell by giving the developer a simple way to express *all* his application's dependencies in one place,
+and streamline the process of assembling them. If this makes you think of [XKCD 927](http://xkcd.com/927/), don't worry. Docker doesn't
+*replace* your favorite packaging systems. It simply orchestrates their use in a simple and repeatable way. How does it do that? With layers.
+
+Docker defines a build as running a sequence unix commands, one after the other, in the same container. Build commands modify the contents of the container
+(usually by installing new files on the filesystem), the next command modifies it some more, etc. Since each build command inherits the result of the previous
+commands, the *order* in which the commands are executed expresses *dependencies*.
+
+Here's a typical docker build process:
+
+```bash
+from	ubuntu:12.10
+run	apt-get update
+run	apt-get install python
+run	apt-get install python-pip
+run	pip install django
+run	apt-get install curl
+run	curl http://github.com/shykes/helloflask/helloflask/master.tar.gz | tar -zxv
+run	cd master && pip install -r requirements.txt
+```
+
+Note that Docker doesn't care *how* dependencies are built - as long as they can be built by running a unix command in a container.
+
+
+Install instructions
+==================
+
+Quick install on Ubuntu 12.04 and 12.10
+---------------------------------------
+
+```bash
+curl get.docker.io | sh -x
+```
+
+Binary installs
+----------------
+
+Docker supports the following binary installation methods.
+Note that some methods are community contributions and not yet officially supported.
+
+* [Ubuntu 12.04 and 12.10 (officially supported)](http://docs.docker.io/en/latest/installation/ubuntulinux/)
+* [Arch Linux](http://docs.docker.io/en/latest/installation/archlinux/)
+* [MacOS X (with Vagrant)](http://docs.docker.io/en/latest/installation/macos/)
+* [Windows (with Vagrant)](http://docs.docker.io/en/latest/installation/windows/)
+* [Amazon EC2 (with Vagrant)](http://docs.docker.io/en/latest/installation/amazon/)
+
+Installing from source
+----------------------
+
+1. Make sure you have a [Go language](http://golang.org/doc/install) compiler and [git](http://git-scm.com) installed.
+
+2. Checkout the source code
+
+   ```bash
+   git clone http://github.com/dotcloud/docker
+   ```
+
+3. Build the docker binary
+
+   ```bash
+   cd docker
+   make VERBOSE=1
+   sudo cp ./bin/docker /usr/local/bin/docker
+   ```
+
+Usage examples
+==============
+
+First run the docker daemon
+---------------------------
+
+All the examples assume your machine is running the docker daemon. To run the docker daemon in the background, simply type:
+
+```bash
+# On a production system you want this running in an init script
+sudo docker -d &
+```
+
+Now you can run docker in client mode: all commands will be forwarded to the docker daemon, so the client can run from any account.
+
+```bash
+# Now you can run docker commands from any account.
+docker help
+```
+
+
+Throwaway shell in a base ubuntu image
+--------------------------------------
+
+```bash
+docker pull ubuntu:12.10
+
+# Run an interactive shell, allocate a tty, attach stdin and stdout
+# To detach the tty without exiting the shell, use the escape sequence Ctrl-p + Ctrl-q
+docker run -i -t ubuntu:12.10 /bin/bash
+```
+
+Starting a long-running worker process
+--------------------------------------
+
+```bash
+# Start a very useful long-running process
+JOB=$(docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done")
+
+# Collect the output of the job so far
+docker logs $JOB
+
+# Kill the job
+docker kill $JOB
+```
+
+Running an irc bouncer
+----------------------
+
+```bash
+BOUNCER_ID=$(docker run -d -p 6667 -u irc shykes/znc $USER $PASSWORD)
+echo "Configure your irc client to connect to port $(docker port $BOUNCER_ID 6667) of this machine"
+```
+
+Running Redis
+-------------
+
+```bash
+REDIS_ID=$(docker run -d -p 6379 shykes/redis redis-server)
+echo "Configure your redis client to connect to port $(docker port $REDIS_ID 6379) of this machine"
+```
+
+Share your own image!
+---------------------
+
+```bash
+CONTAINER=$(docker run -d ubuntu:12.10 apt-get install -y curl)
+docker commit -m "Installed curl" $CONTAINER $USER/betterbase
+docker push $USER/betterbase
+```
+
+A list of publicly available images is [available here](https://github.com/dotcloud/docker/wiki/Public-docker-images).
+
+Expose a service on a TCP port
+------------------------------
+
+```bash
+# Expose port 4444 of this container, and tell netcat to listen on it
+JOB=$(docker run -d -p 4444 base /bin/nc -l -p 4444)
+
+# Which public port is NATed to my container?
+PORT=$(docker port $JOB 4444)
+
+# Connect to the public port via the host's public address
+# Please note that because of how routing works connecting to localhost or 127.0.0.1 $PORT will not work.
+IP=$(ifconfig eth0 | perl -n -e 'if (m/inet addr:([\d\.]+)/g) { print $1 }')
+echo hello world | nc $IP $PORT
+
+# Verify that the network connection worked
+echo "Daemon received: $(docker logs $JOB)"
+```

 Under the hood
 --------------
@@ -50,144 +238,6 @@ Under the hood, Docker is built on the following components:
 * [lxc](http://lxc.sourceforge.net/), a set of convenience scripts to simplify the creation of linux containers.


-Install instructions
-==================
-
-Building from source
--------------------
-
-1. Make sure you have a [Go language](http://golang.org) compiler.
-
-    On a Debian/wheezy or Ubuntu 12.10 install the package:
-
-    ```bash
-
-    $ sudo apt-get install golang-go
-    ```
-
-2. Execute ``make``
-
-   This command will install all necessary dependencies and build the
-   executable that you can find in ``bin/docker``
-
-3. Should you like to see what's happening, run ``make`` with ``VERBOSE=1`` parameter:
-
-    ```bash
-
-    $ make VERBOSE=1
-    ```
-
-Installing on Ubuntu 12.04 and 12.10
------------------------------------
-
-1. Install dependencies:
-
-    ```bash
-    sudo apt-get install lxc wget bsdtar curl
-    sudo apt-get install linux-image-extra-`uname -r`
-    ```
-
-    The `linux-image-extra` package is needed on standard Ubuntu EC2 AMIs in order to install the aufs kernel module.
-
-2. Install the latest docker binary:
-
-    ```bash
-    wget http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-master.tgz
-    tar -xf docker-master.tgz
-    ```
-
-3. Run your first container!
-
-    ```bash
-    cd docker-master
-    sudo ./docker pull base
-    sudo ./docker run -i -t base /bin/bash
-    ```
-
-    Consider adding docker to your `PATH` for simplicity.
-
-Installing on other Linux distributions
---------------------------------------
-
-Right now, the officially supported distributions are:
-
-* Ubuntu 12.04 (precise LTS)
-* Ubuntu 12.10 (quantal)
-
-Docker probably works on other distributions featuring a recent kernel, the AUFS patch, and up-to-date lxc. However this has not been tested.
-
-Some streamlined (but possibly outdated) installation paths' are available from the website: http://docker.io/documentation/ 
-
-
-Usage examples
-==============
-
-Running an interactive shell
----------------------------
-
-```bash
-# Download a base image
-docker pull base
-
-# Run an interactive shell in the base image,
-# allocate a tty, attach stdin and stdout
-docker run -i -t base /bin/bash
-```
-
-
-Starting a long-running worker process
--------------------------------------
-
-```bash
-# Run docker in daemon mode
-(docker -d || echo "Docker daemon already running") &
-
-# Start a very useful long-running process
-JOB=$(docker run -d base /bin/sh -c "while true; do echo Hello world; sleep 1; done")
-
-# Collect the output of the job so far
-docker logs $JOB
-
-# Kill the job
-docker kill $JOB
-```
-
-
-Listing all running containers
------------------------------
-
-```bash
-docker ps
-```
-
-
-Share your own image!
---------------------
-
-```bash
-docker pull base
-CONTAINER=$(docker run -d base apt-get install -y curl)
-docker commit -m "Installed curl" $CONTAINER $USER/betterbase
-docker push $USER/betterbase
-```
-
-
-Expose a service on a TCP port
------------------------------
-
-```bash
-# Expose port 4444 of this container, and tell netcat to listen on it
-JOB=$(docker run -d -p 4444 base /bin/nc -l -p 4444)
-
-# Which public port is NATed to my container?
-PORT=$(docker port $JOB 4444)
-
-# Connect to the public port via the host's public address
-echo hello world | nc $(hostname) $PORT
-
-# Verify that the network connection worked
-echo "Daemon received: $(docker logs $JOB)"
-```

 Contributing to Docker
 ======================
--- a/SPECS/data-volumes.md
+++ b/SPECS/data-volumes.md
@@ -0,0 +1,71 @@
+
+## Spec for data volumes
+
+Spec owner: Solomon Hykes <solomon@dotcloud.com>
+
+Data volumes (issue #111) are a much-requested feature which trigger much discussion and debate. Below is the current authoritative spec for implementing data volumes.
+This spec will be deprecated once the feature is fully implemented.
+
+Discussion, requests, trolls, demands, offerings, threats and other forms of supplications concerning this spec should be addressed to Solomon here: https://github.com/dotcloud/docker/issues/111
+
+
+### 1. Creating data volumes
+
+At container creation, parts of a container's filesystem can be mounted as separate data volumes. Volumes are defined with the -v flag.
+
+For example:
+
+```bash
+$ docker run -v /var/lib/postgres -v /var/log postgres /usr/bin/postgres
+```
+
+In this example, a new container is created from the 'postgres' image. At the same time, docker creates 2 new data volumes: one will be mapped to the container at /var/lib/postgres, the other at /var/log.
+
+2 important notes:
+
+1) Volumes don't have top-level names. At no point does the user provide a name, or is a name given to him. Volumes are identified by the path at which they are mounted inside their container.
+
+2) The user doesn't choose the source of the volume. Docker only mounts volumes it created itself, in the same way that it only runs containers that it created itself. That is by design.
+
+
+### 2. Sharing data volumes
+
+Instead of creating its own volumes, a container can share another container's volumes. For example:
+
+```bash
+$ docker run --volumes-from $OTHER_CONTAINER_ID postgres /usr/local/bin/postgres-backup
+```
+
+In this example, a new container is created from the 'postgres' example. At the same time, docker will *re-use* the 2 data volumes created in the previous example. One volume will be mounted on the /var/lib/postgres of *both* containers, and the other will be mounted on the /var/log of both containers.
+
+### 3. Under the hood
+
+Docker stores volumes in /var/lib/docker/volumes. Each volume receives a globally unique ID at creation, and is stored at /var/lib/docker/volumes/ID.
+
+At creation, volumes are attached to a single container - the source of truth for this mapping will be the container's configuration.
+
+Mounting a volume consists of calling "mount --bind" from the volume's directory to the appropriate sub-directory of the container mountpoint. This may be done by Docker itself, or farmed out to lxc (which supports mount-binding) if possible.
+
+
+### 4. Backups, transfers and other volume operations
+
+Volumes sometimes need to be backed up, transfered between hosts, synchronized, etc. These operations typically are application-specific or site-specific, eg. rsync vs. S3 upload vs. replication vs...
+
+Rather than attempting to implement all these scenarios directly, Docker will allow for custom implementations using an extension mechanism.
+
+### 5. Custom volume handlers
+
+Docker allows for arbitrary code to be executed against a container's volumes, to implement any custom action: backup, transfer, synchronization across hosts, etc.
+
+Here's an example:
+
+```bash
+$ DB=$(docker run -d -v /var/lib/postgres -v /var/log postgres /usr/bin/postgres)
+
+$ BACKUP_JOB=$(docker run -d --volumes-from $DB shykes/backuper /usr/local/bin/backup-postgres --s3creds=$S3CREDS)
+
+$ docker wait $BACKUP_JOB
+```
+
+Congratulations, you just implemented a custom volume handler, using Docker's built-in ability to 1) execute arbitrary code and 2) share volumes between containers.
+
--- a/48
+++ b/48
@@ -1,41 +1,37 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :

-def v10(config)
-  config.vm.box = "quantal64_3.5.0-25"
-  config.vm.box_url = "http://get.docker.io/vbox/ubuntu/12.10/quantal64_3.5.0-25.box"
+BOX_NAME = ENV['BOX_NAME'] || "ubuntu"
+BOX_URI = ENV['BOX_URI'] || "http://files.vagrantup.com/precise64.box"
+PPA_KEY = "E61D797F63561DC6"

-  config.vm.share_folder "v-data", "/opt/go/src/github.com/dotcloud/docker", File.dirname(__FILE__)
-
-  # Ensure puppet is installed on the instance
-  config.vm.provision :shell, :inline => "apt-get -qq update; apt-get install -y puppet"
-
-  config.vm.provision :puppet do |puppet|
-    puppet.manifests_path = "puppet/manifests"
-    puppet.manifest_file  = "quantal64.pp"
-    puppet.module_path = "puppet/modules"
+Vagrant::Config.run do |config|
+  # Setup virtual machine box. This VM configuration code is always executed.
+  config.vm.box = BOX_NAME
+  config.vm.box_url = BOX_URI
+  # Add docker PPA key to the local repository and install docker
+  pkg_cmd = "apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys #{PPA_KEY}; "
+  pkg_cmd << "echo 'deb http://ppa.launchpad.net/dotcloud/lxc-docker/ubuntu precise main' >/etc/apt/sources.list.d/lxc-docker.list; "
+  pkg_cmd << "apt-get update -qq; apt-get install -q -y lxc-docker"
+  if ARGV.include?("--provider=aws".downcase)
+    # Add AUFS dependency to amazon's VM
+    pkg_cmd << "; apt-get install linux-image-extra-3.2.0-40-virtual"
  end
+  config.vm.provision :shell, :inline => pkg_cmd
 end

-Vagrant::VERSION < "1.1.0" and Vagrant::Config.run do |config|
-  v10(config)
-end
-
-Vagrant::VERSION >= "1.1.0" and Vagrant.configure("1") do |config|
-  v10(config)
-end
-
+# Providers were added on Vagrant >= 1.1.0
 Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
-  config.vm.provider :aws do |aws|
+  config.vm.provider :aws do |aws, override|
    config.vm.box = "dummy"
    config.vm.box_url = "https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box"
    aws.access_key_id = ENV["AWS_ACCESS_KEY_ID"]
    aws.secret_access_key = ENV["AWS_SECRET_ACCESS_KEY"]
    aws.keypair_name = ENV["AWS_KEYPAIR_NAME"]
-    aws.ssh_private_key_path = ENV["AWS_SSH_PRIVKEY"]
+    override.ssh.private_key_path = ENV["AWS_SSH_PRIVKEY"]
+    override.ssh.username = "ubuntu"
    aws.region = "us-east-1"
-    aws.ami = "ami-ae9806c7"
-    aws.ssh_username = "ubuntu"
+    aws.ami = "ami-d0f89fb9"
    aws.instance_type = "t1.micro"
  end

@@ -51,7 +47,7 @@ Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
  end

  config.vm.provider :virtualbox do |vb|
-    config.vm.box = "quantal64_3.5.0-25"
-    config.vm.box_url = "http://get.docker.io/vbox/ubuntu/12.10/quantal64_3.5.0-25.box"
+    config.vm.box = BOX_NAME
+    config.vm.box_url = BOX_URI
  end
 end
--- a/archive.go
+++ b/archive.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"io"
 	"io/ioutil"
+	"os"
 	"os/exec"
 )

@@ -86,3 +87,38 @@ func CmdStream(cmd *exec.Cmd) (io.Reader, error) {
 	}
 	return pipeR, nil
 }
+
+// NewTempArchive reads the content of src into a temporary file, and returns the contents
+// of that file as an archive. The archive can only be read once - as soon as reading completes,
+// the file will be deleted.
+func NewTempArchive(src Archive, dir string) (*TempArchive, error) {
+	f, err := ioutil.TempFile(dir, "")
+	if err != nil {
+		return nil, err
+	}
+	if _, err := io.Copy(f, src); err != nil {
+		return nil, err
+	}
+	if _, err := f.Seek(0, 0); err != nil {
+		return nil, err
+	}
+	st, err := f.Stat()
+	if err != nil {
+		return nil, err
+	}
+	size := st.Size()
+	return &TempArchive{f, size}, nil
+}
+
+type TempArchive struct {
+	*os.File
+	Size int64 // Pre-computed from Stat().Size() as a convenience
+}
+
+func (archive *TempArchive) Read(data []byte) (int, error) {
+	n, err := archive.File.Read(data)
+	if err != nil {
+		os.Remove(archive.File.Name())
+	}
+	return n, err
+}
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -3,7 +3,6 @@ package auth
 import (
 	"encoding/base64"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -16,7 +15,7 @@ import (
 const CONFIGFILE = ".dockercfg"

 // the registry server we want to login against
-const REGISTRY_SERVER = "https://registry.docker.io"
+const INDEX_SERVER = "https://index.docker.io"

 type AuthConfig struct {
 	Username string `json:"username"`
@@ -76,6 +75,9 @@ func LoadConfig(rootPath string) (*AuthConfig, error) {
 		return nil, err
 	}
 	arr := strings.Split(string(b), "\n")
+	if len(arr) < 2 {
+		return nil, fmt.Errorf("The Auth config file is empty")
+	}
 	origAuth := strings.Split(arr[0], " = ")
 	origEmail := strings.Split(arr[1], " = ")
 	authConfig, err := DecodeAuth(origAuth[1])
@@ -89,9 +91,14 @@ func LoadConfig(rootPath string) (*AuthConfig, error) {

 // save the auth config
 func saveConfig(rootPath, authStr string, email string) error {
+	confFile := path.Join(rootPath, CONFIGFILE)
+	if len(email) == 0 {
+		os.Remove(confFile)
+		return nil
+	}
 	lines := "auth = " + authStr + "\n" + "email = " + email + "\n"
 	b := []byte(lines)
-	err := ioutil.WriteFile(path.Join(rootPath, CONFIGFILE), b, 0600)
+	err := ioutil.WriteFile(confFile, b, 0600)
 	if err != nil {
 		return err
 	}
@@ -101,40 +108,38 @@ func saveConfig(rootPath, authStr string, email string) error {
 // try to register/login to the registry server
 func Login(authConfig *AuthConfig) (string, error) {
 	storeConfig := false
+	client := &http.Client{}
 	reqStatusCode := 0
 	var status string
-	var errMsg string
 	var reqBody []byte
 	jsonBody, err := json.Marshal(authConfig)
 	if err != nil {
-		errMsg = fmt.Sprintf("Config Error: %s", err)
-		return "", errors.New(errMsg)
+		return "", fmt.Errorf("Config Error: %s", err)
 	}

 	// using `bytes.NewReader(jsonBody)` here causes the server to respond with a 411 status.
 	b := strings.NewReader(string(jsonBody))
-	req1, err := http.Post(REGISTRY_SERVER+"/v1/users", "application/json; charset=utf-8", b)
+	req1, err := http.Post(INDEX_SERVER+"/v1/users/", "application/json; charset=utf-8", b)
 	if err != nil {
-		errMsg = fmt.Sprintf("Server Error: %s", err)
-		return "", errors.New(errMsg)
+		return "", fmt.Errorf("Server Error: %s", err)
 	}
-
 	reqStatusCode = req1.StatusCode
 	defer req1.Body.Close()
 	reqBody, err = ioutil.ReadAll(req1.Body)
 	if err != nil {
-		errMsg = fmt.Sprintf("Server Error: [%#v] %s", reqStatusCode, err)
-		return "", errors.New(errMsg)
+		return "", fmt.Errorf("Server Error: [%#v] %s", reqStatusCode, err)
 	}

 	if reqStatusCode == 201 {
-		status = "Account Created\n"
+		status = "Account created. Please use the confirmation link we sent" +
+			" to your e-mail to activate it.\n"
 		storeConfig = true
+	} else if reqStatusCode == 403 {
+		return "", fmt.Errorf("Login: Your account hasn't been activated. " +
+			"Please check your e-mail for a confirmation link.")
 	} else if reqStatusCode == 400 {
-		// FIXME: This should be 'exists', not 'exist'. Need to change on the server first.
-		if string(reqBody) == "Username or email already exist" {
-			client := &http.Client{}
-			req, err := http.NewRequest("GET", REGISTRY_SERVER+"/v1/users", nil)
+		if string(reqBody) == "\"Username or email already exists\"" {
+			req, err := http.NewRequest("GET", INDEX_SERVER+"/v1/users/", nil)
 			req.SetBasicAuth(authConfig.Username, authConfig.Password)
 			resp, err := client.Do(req)
 			if err != nil {
@@ -148,17 +153,18 @@ func Login(authConfig *AuthConfig) (string, error) {
 			if resp.StatusCode == 200 {
 				status = "Login Succeeded\n"
 				storeConfig = true
+			} else if resp.StatusCode == 401 {
+				saveConfig(authConfig.rootPath, "", "")
+				return "", fmt.Errorf("Wrong login/password, please try again")
 			} else {
-				status = fmt.Sprintf("Login: %s", body)
-				return "", errors.New(status)
+				return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,
+					resp.StatusCode, resp.Header)
 			}
 		} else {
-			status = fmt.Sprintf("Registration: %s", reqBody)
-			return "", errors.New(status)
+			return "", fmt.Errorf("Registration: %s", reqBody)
 		}
 	} else {
-		status = fmt.Sprintf("[%s] : %s", reqStatusCode, reqBody)
-		return "", errors.New(status)
+		return "", fmt.Errorf("Unexpected status code [%d] : %s", reqStatusCode, reqBody)
 	}
 	if storeConfig {
 		authStr := EncodeAuth(authConfig)
--- a/buildbot/README.rst
+++ b/buildbot/README.rst
@@ -0,0 +1,20 @@
+Buildbot
+========
+
+Buildbot is a continuous integration system designed to automate the
+build/test cycle. By automatically rebuilding and testing the tree each time
+something has changed, build problems are pinpointed quickly, before other
+developers are inconvenienced by the failure.
+
+When running 'make hack' at the docker root directory, it spawns a virtual
+machine in the background running a buildbot instance and adds a git
+post-commit hook that automatically run docker tests for you.
+
+You can check your buildbot instance at http://192.168.33.21:8010/waterfall
+
+
+Buildbot dependencies
+---------------------
+
+vagrant, virtualbox packages and python package requests
+
--- a/buildbot/Vagrantfile
+++ b/buildbot/Vagrantfile
@@ -0,0 +1,28 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+$BUILDBOT_IP = '192.168.33.21'
+
+def v10(config)
+  config.vm.box = "quantal64_3.5.0-25"
+  config.vm.box_url = "http://get.docker.io/vbox/ubuntu/12.10/quantal64_3.5.0-25.box"
+  config.vm.share_folder 'v-data', '/data/docker', File.dirname(__FILE__) + '/..'
+  config.vm.network :hostonly, $BUILDBOT_IP
+
+  # Ensure puppet is installed on the instance
+  config.vm.provision :shell, :inline => 'apt-get -qq update; apt-get install -y puppet'
+
+  config.vm.provision :puppet do |puppet|
+    puppet.manifests_path = '.'
+    puppet.manifest_file  = 'buildbot.pp'
+    puppet.options = ['--templatedir','.']
+  end
+end
+
+Vagrant::VERSION < '1.1.0' and Vagrant::Config.run do |config|
+  v10(config)
+end
+
+Vagrant::VERSION >= '1.1.0' and Vagrant.configure('1') do |config|
+  v10(config)
+end
--- a/buildbot/buildbot-cfg/buildbot-cfg.sh
+++ b/buildbot/buildbot-cfg/buildbot-cfg.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Auto setup of buildbot configuration. Package installation is being done
+# on buildbot.pp
+# Dependencies: buildbot, buildbot-slave, supervisor
+
+SLAVE_NAME='buildworker'
+SLAVE_SOCKET='localhost:9989'
+BUILDBOT_PWD='pass-docker'
+USER='vagrant'
+ROOT_PATH='/data/buildbot'
+DOCKER_PATH='/data/docker'
+BUILDBOT_CFG="$DOCKER_PATH/buildbot/buildbot-cfg"
+IP=$(grep BUILDBOT_IP /data/docker/buildbot/Vagrantfile | awk -F "'" '{ print $2; }')
+
+function run { su $USER -c "$1"; }
+
+export PATH=/bin:sbin:/usr/bin:/usr/sbin:/usr/local/bin
+
+# Exit if buildbot has already been installed
+[ -d "$ROOT_PATH" ] && exit 0
+
+# Setup buildbot
+run "mkdir -p ${ROOT_PATH}"
+cd ${ROOT_PATH}
+run "buildbot create-master master"
+run "cp $BUILDBOT_CFG/master.cfg master"
+run "sed -i 's/localhost/$IP/' master/master.cfg"
+run "buildslave create-slave slave $SLAVE_SOCKET $SLAVE_NAME $BUILDBOT_PWD"
+
+# Allow buildbot subprocesses (docker tests) to properly run in containers,
+# in particular with docker -u
+run "sed -i 's/^umask = None/umask = 000/' ${ROOT_PATH}/slave/buildbot.tac"
+
+# Setup supervisor
+cp $BUILDBOT_CFG/buildbot.conf /etc/supervisor/conf.d/buildbot.conf
+sed -i "s/^chmod=0700.*0700./chmod=0770\nchown=root:$USER/" /etc/supervisor/supervisord.conf
+kill -HUP `pgrep -f "/usr/bin/python /usr/bin/supervisord"`
+
+# Add git hook
+cp $BUILDBOT_CFG/post-commit $DOCKER_PATH/.git/hooks
+sed -i "s/localhost/$IP/" $DOCKER_PATH/.git/hooks/post-commit
+
--- a/buildbot/buildbot.pp
+++ b/buildbot/buildbot.pp
@@ -0,0 +1,32 @@
+node default {
+    $USER = 'vagrant'
+    $ROOT_PATH = '/data/buildbot'
+    $DOCKER_PATH = '/data/docker'
+
+    exec {'apt_update': command => '/usr/bin/apt-get update' }
+    Package { require => Exec['apt_update'] }
+    group {'puppet': ensure => 'present'}
+
+    # Install dependencies
+    Package { ensure => 'installed' }
+    package { ['python-dev','python-pip','supervisor','lxc','bsdtar','git','golang']: }
+
+    file{[ '/data' ]:
+        owner => $USER, group => $USER, ensure => 'directory' }
+
+    file {'/var/tmp/requirements.txt':
+        content => template('requirements.txt') }
+
+    exec {'requirements':
+        require => [ Package['python-dev'], Package['python-pip'],
+            File['/var/tmp/requirements.txt'] ],
+        cwd     => '/var/tmp',
+        command => "/bin/sh -c '(/usr/bin/pip install -r requirements.txt;
+            rm /var/tmp/requirements.txt)'" }
+
+    exec {'buildbot-cfg-sh':
+        require => [ Package['supervisor'], Exec['requirements']],
+        path    => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin',
+        cwd     => '/data',
+        command => "$DOCKER_PATH/buildbot/buildbot-cfg/buildbot-cfg.sh" }
+}
--- a/buildbot/requirements.txt
+++ b/buildbot/requirements.txt
@@ -0,0 +1,6 @@
+sqlalchemy<=0.7.9
+sqlalchemy-migrate>=0.7.2
+buildbot==0.8.7p1
+buildbot_slave==0.8.7p1
+nose==1.2.1
+requests==1.1.0
--- a/builder.go
+++ b/builder.go
@@ -0,0 +1,463 @@
+package docker
+
+import (
+	"bufio"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"path"
+	"strings"
+	"time"
+)
+
+type Builder struct {
+	runtime      *Runtime
+	repositories *TagStore
+	graph        *Graph
+}
+
+func NewBuilder(runtime *Runtime) *Builder {
+	return &Builder{
+		runtime:      runtime,
+		graph:        runtime.graph,
+		repositories: runtime.repositories,
+	}
+}
+
+func (builder *Builder) mergeConfig(userConf, imageConf *Config) {
+	if userConf.Hostname != "" {
+		userConf.Hostname = imageConf.Hostname
+	}
+	if userConf.User != "" {
+		userConf.User = imageConf.User
+	}
+	if userConf.Memory == 0 {
+		userConf.Memory = imageConf.Memory
+	}
+	if userConf.MemorySwap == 0 {
+		userConf.MemorySwap = imageConf.MemorySwap
+	}
+	if userConf.PortSpecs == nil || len(userConf.PortSpecs) == 0 {
+		userConf.PortSpecs = imageConf.PortSpecs
+	}
+	if !userConf.Tty {
+		userConf.Tty = userConf.Tty
+	}
+	if !userConf.OpenStdin {
+		userConf.OpenStdin = imageConf.OpenStdin
+	}
+	if !userConf.StdinOnce {
+		userConf.StdinOnce = imageConf.StdinOnce
+	}
+	if userConf.Env == nil || len(userConf.Env) == 0 {
+		userConf.Env = imageConf.Env
+	}
+	if userConf.Cmd == nil || len(userConf.Cmd) == 0 {
+		userConf.Cmd = imageConf.Cmd
+	}
+	if userConf.Dns == nil || len(userConf.Dns) == 0 {
+		userConf.Dns = imageConf.Dns
+	}
+}
+
+func (builder *Builder) Create(config *Config) (*Container, error) {
+	// Lookup image
+	img, err := builder.repositories.LookupImage(config.Image)
+	if err != nil {
+		return nil, err
+	}
+
+	if img.Config != nil {
+		builder.mergeConfig(config, img.Config)
+	}
+
+	if config.Cmd == nil || len(config.Cmd) == 0 {
+		return nil, fmt.Errorf("No command specified")
+	}
+
+	// Generate id
+	id := GenerateId()
+	// Generate default hostname
+	// FIXME: the lxc template no longer needs to set a default hostname
+	if config.Hostname == "" {
+		config.Hostname = id[:12]
+	}
+
+	container := &Container{
+		// FIXME: we should generate the ID here instead of receiving it as an argument
+		Id:              id,
+		Created:         time.Now(),
+		Path:            config.Cmd[0],
+		Args:            config.Cmd[1:], //FIXME: de-duplicate from config
+		Config:          config,
+		Image:           img.Id, // Always use the resolved image id
+		NetworkSettings: &NetworkSettings{},
+		// FIXME: do we need to store this in the container?
+		SysInitPath: sysInitPath,
+	}
+	container.root = builder.runtime.containerRoot(container.Id)
+	// Step 1: create the container directory.
+	// This doubles as a barrier to avoid race conditions.
+	if err := os.Mkdir(container.root, 0700); err != nil {
+		return nil, err
+	}
+
+	// If custom dns exists, then create a resolv.conf for the container
+	if len(config.Dns) > 0 {
+		container.ResolvConfPath = path.Join(container.root, "resolv.conf")
+		f, err := os.Create(container.ResolvConfPath)
+		if err != nil {
+			return nil, err
+		}
+		defer f.Close()
+		for _, dns := range config.Dns {
+			if _, err := f.Write([]byte("nameserver " + dns + "\n")); err != nil {
+				return nil, err
+			}
+		}
+	} else {
+		container.ResolvConfPath = "/etc/resolv.conf"
+	}
+
+	// Step 2: save the container json
+	if err := container.ToDisk(); err != nil {
+		return nil, err
+	}
+	// Step 3: register the container
+	if err := builder.runtime.Register(container); err != nil {
+		return nil, err
+	}
+	return container, nil
+}
+
+// Commit creates a new filesystem image from the current state of a container.
+// The image can optionally be tagged into a repository
+func (builder *Builder) Commit(container *Container, repository, tag, comment, author string, config *Config) (*Image, error) {
+	// FIXME: freeze the container before copying it to avoid data corruption?
+	// FIXME: this shouldn't be in commands.
+	rwTar, err := container.ExportRw()
+	if err != nil {
+		return nil, err
+	}
+	// Create a new image from the container's base layers + a new layer from container changes
+	img, err := builder.graph.Create(rwTar, container, comment, author, config)
+	if err != nil {
+		return nil, err
+	}
+	// Register the image if needed
+	if repository != "" {
+		if err := builder.repositories.Set(repository, tag, img.Id, true); err != nil {
+			return img, err
+		}
+	}
+	return img, nil
+}
+
+func (builder *Builder) clearTmp(containers, images map[string]struct{}) {
+	for c := range containers {
+		tmp := builder.runtime.Get(c)
+		builder.runtime.Destroy(tmp)
+		Debugf("Removing container %s", c)
+	}
+	for i := range images {
+		builder.runtime.graph.Delete(i)
+		Debugf("Removing image %s", i)
+	}
+}
+
+func (builder *Builder) getCachedImage(image *Image, config *Config) (*Image, error) {
+	// Retrieve all images
+	images, err := builder.graph.All()
+	if err != nil {
+		return nil, err
+	}
+
+	// Store the tree in a map of map (map[parentId][childId])
+	imageMap := make(map[string]map[string]struct{})
+	for _, img := range images {
+		if _, exists := imageMap[img.Parent]; !exists {
+			imageMap[img.Parent] = make(map[string]struct{})
+		}
+		imageMap[img.Parent][img.Id] = struct{}{}
+	}
+
+	// Loop on the children of the given image and check the config
+	for elem := range imageMap[image.Id] {
+		img, err := builder.graph.Get(elem)
+		if err != nil {
+			return nil, err
+		}
+		if CompareConfig(&img.ContainerConfig, config) {
+			return img, nil
+		}
+	}
+	return nil, nil
+}
+
+func (builder *Builder) Build(dockerfile io.Reader, stdout io.Writer) (*Image, error) {
+	var (
+		image, base   *Image
+		config        *Config
+		maintainer    string
+		env           map[string]string   = make(map[string]string)
+		tmpContainers map[string]struct{} = make(map[string]struct{})
+		tmpImages     map[string]struct{} = make(map[string]struct{})
+	)
+	defer builder.clearTmp(tmpContainers, tmpImages)
+
+	file := bufio.NewReader(dockerfile)
+	for {
+		line, err := file.ReadString('\n')
+		if err != nil {
+			if err == io.EOF {
+				break
+			}
+			return nil, err
+		}
+		line = strings.Replace(strings.TrimSpace(line), "	", " ", 1)
+		// Skip comments and empty line
+		if len(line) == 0 || line[0] == '#' {
+			continue
+		}
+		tmp := strings.SplitN(line, " ", 2)
+		if len(tmp) != 2 {
+			return nil, fmt.Errorf("Invalid Dockerfile format")
+		}
+		instruction := strings.Trim(tmp[0], " ")
+		arguments := strings.Trim(tmp[1], " ")
+		switch strings.ToLower(instruction) {
+		case "from":
+			fmt.Fprintf(stdout, "FROM %s\n", arguments)
+			image, err = builder.runtime.repositories.LookupImage(arguments)
+			if err != nil {
+				if builder.runtime.graph.IsNotExist(err) {
+
+					var tag, remote string
+					if strings.Contains(arguments, ":") {
+						remoteParts := strings.Split(arguments, ":")
+						tag = remoteParts[1]
+						remote = remoteParts[0]
+					} else {
+						remote = arguments
+					}
+
+					if err := builder.runtime.graph.PullRepository(stdout, remote, tag, builder.runtime.repositories, builder.runtime.authConfig); err != nil {
+						return nil, err
+					}
+
+					image, err = builder.runtime.repositories.LookupImage(arguments)
+					if err != nil {
+						return nil, err
+					}
+				} else {
+					return nil, err
+				}
+			}
+			config = &Config{}
+
+			break
+		case "maintainer":
+			fmt.Fprintf(stdout, "MAINTAINER %s\n", arguments)
+			maintainer = arguments
+			break
+		case "run":
+			fmt.Fprintf(stdout, "RUN %s\n", arguments)
+			if image == nil {
+				return nil, fmt.Errorf("Please provide a source image with `from` prior to run")
+			}
+			config, err := ParseRun([]string{image.Id, "/bin/sh", "-c", arguments}, nil, builder.runtime.capabilities)
+			if err != nil {
+				return nil, err
+			}
+
+			for key, value := range env {
+				config.Env = append(config.Env, fmt.Sprintf("%s=%s", key, value))
+			}
+
+			if cache, err := builder.getCachedImage(image, config); err != nil {
+				return nil, err
+			} else if cache != nil {
+				image = cache
+				fmt.Fprintf(stdout, "===> %s\n", image.ShortId())
+				break
+			}
+
+			Debugf("Env -----> %v ------ %v\n", config.Env, env)
+
+			// Create the container and start it
+			c, err := builder.Create(config)
+			if err != nil {
+				return nil, err
+			}
+
+			if os.Getenv("DEBUG") != "" {
+				out, _ := c.StdoutPipe()
+				err2, _ := c.StderrPipe()
+				go io.Copy(os.Stdout, out)
+				go io.Copy(os.Stdout, err2)
+			}
+
+			if err := c.Start(); err != nil {
+				return nil, err
+			}
+			tmpContainers[c.Id] = struct{}{}
+
+			// Wait for it to finish
+			if result := c.Wait(); result != 0 {
+				return nil, fmt.Errorf("!!! '%s' return non-zero exit code '%d'. Aborting.", arguments, result)
+			}
+
+			// Commit the container
+			base, err = builder.Commit(c, "", "", "", maintainer, nil)
+			if err != nil {
+				return nil, err
+			}
+			tmpImages[base.Id] = struct{}{}
+
+			fmt.Fprintf(stdout, "===> %s\n", base.ShortId())
+
+			// use the base as the new image
+			image = base
+
+			break
+		case "env":
+			tmp := strings.SplitN(arguments, " ", 2)
+			if len(tmp) != 2 {
+				return nil, fmt.Errorf("Invalid ENV format")
+			}
+			key := strings.Trim(tmp[0], " ")
+			value := strings.Trim(tmp[1], " ")
+			fmt.Fprintf(stdout, "ENV %s %s\n", key, value)
+			env[key] = value
+			if image != nil {
+				fmt.Fprintf(stdout, "===> %s\n", image.ShortId())
+			} else {
+				fmt.Fprintf(stdout, "===> <nil>\n")
+			}
+			break
+		case "cmd":
+			fmt.Fprintf(stdout, "CMD %s\n", arguments)
+
+			// Create the container and start it
+			c, err := builder.Create(&Config{Image: image.Id, Cmd: []string{"", ""}})
+			if err != nil {
+				return nil, err
+			}
+			if err := c.Start(); err != nil {
+				return nil, err
+			}
+			tmpContainers[c.Id] = struct{}{}
+
+			cmd := []string{}
+			if err := json.Unmarshal([]byte(arguments), &cmd); err != nil {
+				return nil, err
+			}
+			config.Cmd = cmd
+
+			// Commit the container
+			base, err = builder.Commit(c, "", "", "", maintainer, config)
+			if err != nil {
+				return nil, err
+			}
+			tmpImages[base.Id] = struct{}{}
+
+			fmt.Fprintf(stdout, "===> %s\n", base.ShortId())
+			image = base
+			break
+		case "expose":
+			ports := strings.Split(arguments, " ")
+
+			fmt.Fprintf(stdout, "EXPOSE %v\n", ports)
+			if image == nil {
+				return nil, fmt.Errorf("Please provide a source image with `from` prior to copy")
+			}
+
+			// Create the container and start it
+			c, err := builder.Create(&Config{Image: image.Id, Cmd: []string{"", ""}})
+			if err != nil {
+				return nil, err
+			}
+			if err := c.Start(); err != nil {
+				return nil, err
+			}
+			tmpContainers[c.Id] = struct{}{}
+
+			config.PortSpecs = append(ports, config.PortSpecs...)
+
+			// Commit the container
+			base, err = builder.Commit(c, "", "", "", maintainer, config)
+			if err != nil {
+				return nil, err
+			}
+			tmpImages[base.Id] = struct{}{}
+
+			fmt.Fprintf(stdout, "===> %s\n", base.ShortId())
+			image = base
+			break
+		case "insert":
+			if image == nil {
+				return nil, fmt.Errorf("Please provide a source image with `from` prior to copy")
+			}
+			tmp = strings.SplitN(arguments, " ", 2)
+			if len(tmp) != 2 {
+				return nil, fmt.Errorf("Invalid INSERT format")
+			}
+			sourceUrl := strings.Trim(tmp[0], " ")
+			destPath := strings.Trim(tmp[1], " ")
+			fmt.Fprintf(stdout, "COPY %s to %s in %s\n", sourceUrl, destPath, base.ShortId())
+
+			file, err := Download(sourceUrl, stdout)
+			if err != nil {
+				return nil, err
+			}
+			defer file.Body.Close()
+
+			config, err := ParseRun([]string{base.Id, "echo", "insert", sourceUrl, destPath}, nil, builder.runtime.capabilities)
+			if err != nil {
+				return nil, err
+			}
+			c, err := builder.Create(config)
+			if err != nil {
+				return nil, err
+			}
+
+			if err := c.Start(); err != nil {
+				return nil, err
+			}
+
+			// Wait for echo to finish
+			if result := c.Wait(); result != 0 {
+				return nil, fmt.Errorf("!!! '%s' return non-zero exit code '%d'. Aborting.", arguments, result)
+			}
+
+			if err := c.Inject(file.Body, destPath); err != nil {
+				return nil, err
+			}
+
+			base, err = builder.Commit(c, "", "", "", maintainer, nil)
+			if err != nil {
+				return nil, err
+			}
+			fmt.Fprintf(stdout, "===> %s\n", base.ShortId())
+
+			image = base
+
+			break
+		default:
+			fmt.Fprintf(stdout, "Skipping unknown instruction %s\n", strings.ToUpper(instruction))
+		}
+	}
+	if image != nil {
+		// The build is successful, keep the temporary containers and images
+		for i := range tmpImages {
+			delete(tmpImages, i)
+		}
+		for i := range tmpContainers {
+			delete(tmpContainers, i)
+		}
+		fmt.Fprintf(stdout, "Build finished. image id: %s\n", image.ShortId())
+		return image, nil
+	}
+	return nil, fmt.Errorf("An error occured during the build\n")
+}
--- a/builder_test.go
+++ b/builder_test.go
@@ -0,0 +1,88 @@
+package docker
+
+import (
+	"strings"
+	"testing"
+)
+
+const Dockerfile = `
+# VERSION		0.1
+# DOCKER-VERSION	0.2
+
+from   ` + unitTestImageName + `
+run    sh -c 'echo root:testpass > /tmp/passwd'
+run    mkdir -p /var/run/sshd
+insert https://raw.github.com/dotcloud/docker/master/CHANGELOG.md /tmp/CHANGELOG.md
+`
+
+func TestBuild(t *testing.T) {
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	builder := NewBuilder(runtime)
+
+	img, err := builder.Build(strings.NewReader(Dockerfile), &nopWriter{})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	container, err := builder.Create(
+		&Config{
+			Image: img.Id,
+			Cmd:   []string{"cat", "/tmp/passwd"},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container)
+
+	output, err := container.Output()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(output) != "root:testpass\n" {
+		t.Fatalf("Unexpected output. Read '%s', expected '%s'", output, "root:testpass\n")
+	}
+
+	container2, err := builder.Create(
+		&Config{
+			Image: img.Id,
+			Cmd:   []string{"ls", "-d", "/var/run/sshd"},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container2)
+
+	output, err = container2.Output()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(output) != "/var/run/sshd\n" {
+		t.Fatal("/var/run/sshd has not been created")
+	}
+
+	container3, err := builder.Create(
+		&Config{
+			Image: img.Id,
+			Cmd:   []string{"cat", "/tmp/CHANGELOG.md"},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container3)
+
+	output, err = container3.Output()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(output) == 0 {
+		t.Fatal("/tmp/CHANGELOG.md has not been copied")
+	}
+}
--- a/commands.go
+++ b/commands.go
@@ -6,10 +6,13 @@ import (
 	"fmt"
 	"github.com/dotcloud/docker/auth"
 	"github.com/dotcloud/docker/rcli"
+	"github.com/shin-/cookiejar"
 	"io"
 	"log"
 	"net/http"
 	"net/url"
+	"os"
+	"path/filepath"
 	"runtime"
 	"strconv"
 	"strings"
@@ -18,9 +21,11 @@ import (
 	"unicode"
 )

-const VERSION = "0.1.2"
+const VERSION = "0.3.2"

-var GIT_COMMIT string
+var (
+	GIT_COMMIT string
+)

 func (srv *Server) Name() string {
 	return "docker"
@@ -31,6 +36,7 @@ func (srv *Server) Help() string {
 	help := "Usage: docker COMMAND [arg...]\n\nA self-sufficient runtime for linux containers.\n\nCommands:\n"
 	for _, cmd := range [][]string{
 		{"attach", "Attach to a running container"},
+		{"build", "Build a container from Dockerfile via stdin"},
 		{"commit", "Create a new image from a container's changes"},
 		{"diff", "Inspect changes on a container's filesystem"},
 		{"export", "Stream the contents of a container as a tar archive"},
@@ -38,6 +44,7 @@ func (srv *Server) Help() string {
 		{"images", "List images"},
 		{"import", "Create a new filesystem image from the contents of a tarball"},
 		{"info", "Display system-wide information"},
+		{"insert", "Insert a file in an image"},
 		{"inspect", "Return low-level information on a container"},
 		{"kill", "Kill a running container"},
 		{"login", "Register or Login to the docker registry server"},
@@ -50,6 +57,7 @@ func (srv *Server) Help() string {
 		{"rm", "Remove a container"},
 		{"rmi", "Remove an image"},
 		{"run", "Run a command in a new container"},
+		{"search", "Search for an image in the docker index"},
 		{"start", "Start a stopped container"},
 		{"stop", "Stop a running container"},
 		{"tag", "Tag an image into a repository"},
@@ -61,8 +69,69 @@ func (srv *Server) Help() string {
 	return help
 }

+func (srv *Server) CmdInsert(stdin io.ReadCloser, stdout rcli.DockerConn, args ...string) error {
+	stdout.Flush()
+	cmd := rcli.Subcmd(stdout, "insert", "IMAGE URL PATH", "Insert a file from URL in the IMAGE at PATH")
+	if err := cmd.Parse(args); err != nil {
+		return nil
+	}
+	if cmd.NArg() != 3 {
+		cmd.Usage()
+		return nil
+	}
+	imageId := cmd.Arg(0)
+	url := cmd.Arg(1)
+	path := cmd.Arg(2)
+
+	img, err := srv.runtime.repositories.LookupImage(imageId)
+	if err != nil {
+		return err
+	}
+	file, err := Download(url, stdout)
+	if err != nil {
+		return err
+	}
+	defer file.Body.Close()
+
+	config, err := ParseRun([]string{img.Id, "echo", "insert", url, path}, nil, srv.runtime.capabilities)
+	if err != nil {
+		return err
+	}
+
+	b := NewBuilder(srv.runtime)
+	c, err := b.Create(config)
+	if err != nil {
+		return err
+	}
+
+	if err := c.Inject(ProgressReader(file.Body, int(file.ContentLength), stdout, "Downloading %v/%v (%v)"), path); err != nil {
+		return err
+	}
+	// FIXME: Handle custom repo, tag comment, author
+	img, err = b.Commit(c, "", "", img.Comment, img.Author, nil)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(stdout, "%s\n", img.Id)
+	return nil
+}
+
+func (srv *Server) CmdBuild(stdin io.ReadCloser, stdout rcli.DockerConn, args ...string) error {
+	stdout.Flush()
+	cmd := rcli.Subcmd(stdout, "build", "-", "Build a container from Dockerfile via stdin")
+	if err := cmd.Parse(args); err != nil {
+		return nil
+	}
+	img, err := NewBuilder(srv.runtime).Build(stdin, stdout)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(stdout, "%s\n", img.ShortId())
+	return nil
+}
+
 // 'docker login': login / register a user to registry service.
-func (srv *Server) CmdLogin(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
+func (srv *Server) CmdLogin(stdin io.ReadCloser, stdout rcli.DockerConn, args ...string) error {
 	// Read a line on raw terminal with support for simple backspace
 	// sequences and echo.
 	//
@@ -79,7 +148,7 @@ func (srv *Server) CmdLogin(stdin io.ReadCloser, stdout io.Writer, args ...strin
 			n, err := stdin.Read(char)
 			if n > 0 {
 				if char[0] == '\r' || char[0] == '\n' {
-					stdout.Write([]byte{'\n'})
+					stdout.Write([]byte{'\r', '\n'})
 					break
 				} else if char[0] == 127 || char[0] == '\b' {
 					if i > 0 {
@@ -99,7 +168,7 @@ func (srv *Server) CmdLogin(stdin io.ReadCloser, stdout io.Writer, args ...strin
 			}
 			if err != nil {
 				if err != io.EOF {
-					fmt.Fprint(stdout, "Read error: %v\n", err)
+					fmt.Fprintf(stdout, "Read error: %v\r\n", err)
 				}
 				break
 			}
@@ -113,6 +182,8 @@ func (srv *Server) CmdLogin(stdin io.ReadCloser, stdout io.Writer, args ...strin
 		return readStringOnRawTerminal(stdin, stdout, false)
 	}

+	stdout.SetOptionRawTerminal()
+
 	cmd := rcli.Subcmd(stdout, "login", "", "Register or Login to the docker registry server")
 	if err := cmd.Parse(args); err != nil {
 		return nil
@@ -147,8 +218,9 @@ func (srv *Server) CmdLogin(stdin io.ReadCloser, stdout io.Writer, args ...strin
 	newAuthConfig := auth.NewAuthConfig(username, password, email, srv.runtime.root)
 	status, err := auth.Login(newAuthConfig)
 	if err != nil {
-		fmt.Fprintln(stdout, "Error:", err)
+		fmt.Fprintf(stdout, "Error: %s\r\n", err)
 	} else {
+		srv.runtime.graph.getHttpClient().Jar = cookiejar.NewCookieJar()
 		srv.runtime.authConfig = newAuthConfig
 	}
 	if status != "" {
@@ -159,7 +231,7 @@ func (srv *Server) CmdLogin(stdin io.ReadCloser, stdout io.Writer, args ...strin

 // 'docker wait': block until a container stops
 func (srv *Server) CmdWait(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	cmd := rcli.Subcmd(stdout, "wait", "[OPTIONS] NAME", "Block until a container stops, then print its exit code.")
+	cmd := rcli.Subcmd(stdout, "wait", "CONTAINER [CONTAINER...]", "Block until a container stops, then print its exit code.")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -179,8 +251,15 @@ func (srv *Server) CmdWait(stdin io.ReadCloser, stdout io.Writer, args ...string

 // 'docker version': show version information
 func (srv *Server) CmdVersion(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	fmt.Fprintf(stdout, "Version:%s\n", VERSION)
-	fmt.Fprintf(stdout, "Git Commit:%s\n", GIT_COMMIT)
+	fmt.Fprintf(stdout, "Version: %s\n", VERSION)
+	fmt.Fprintf(stdout, "Git Commit: %s\n", GIT_COMMIT)
+	fmt.Fprintf(stdout, "Kernel: %s\n", srv.runtime.kernelVersion)
+	if !srv.runtime.capabilities.MemoryLimit {
+		fmt.Fprintf(stdout, "WARNING: No memory limit support\n")
+	}
+	if !srv.runtime.capabilities.SwapLimit {
+		fmt.Fprintf(stdout, "WARNING: No swap limit support\n")
+	}
 	return nil
 }

@@ -205,17 +284,20 @@ func (srv *Server) CmdInfo(stdin io.ReadCloser, stdout io.Writer, args ...string
 		len(srv.runtime.List()),
 		VERSION,
 		imgcount)
+	fmt.Fprintf(stdout, "Go version: %s\n", runtime.Version())

-	if !rcli.DEBUG_FLAG {
+	if os.Getenv("DEBUG") == "" {
 		return nil
 	}
+
 	fmt.Fprintln(stdout, "debug mode enabled")
 	fmt.Fprintf(stdout, "fds: %d\ngoroutines: %d\n", getTotalUsedFds(), runtime.NumGoroutine())
 	return nil
 }

 func (srv *Server) CmdStop(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	cmd := rcli.Subcmd(stdout, "stop", "[OPTIONS] NAME", "Stop a running container")
+	cmd := rcli.Subcmd(stdout, "stop", "[OPTIONS] CONTAINER [CONTAINER...]", "Stop a running container")
+	nSeconds := cmd.Int("t", 10, "wait t seconds before killing the container")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -225,7 +307,7 @@ func (srv *Server) CmdStop(stdin io.ReadCloser, stdout io.Writer, args ...string
 	}
 	for _, name := range cmd.Args() {
 		if container := srv.runtime.Get(name); container != nil {
-			if err := container.Stop(); err != nil {
+			if err := container.Stop(*nSeconds); err != nil {
 				return err
 			}
 			fmt.Fprintln(stdout, container.ShortId())
@@ -237,7 +319,8 @@ func (srv *Server) CmdStop(stdin io.ReadCloser, stdout io.Writer, args ...string
 }

 func (srv *Server) CmdRestart(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	cmd := rcli.Subcmd(stdout, "restart", "[OPTIONS] NAME", "Restart a running container")
+	cmd := rcli.Subcmd(stdout, "restart", "CONTAINER [CONTAINER...]", "Restart a running container")
+	nSeconds := cmd.Int("t", 10, "wait t seconds before killing the container")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -247,7 +330,7 @@ func (srv *Server) CmdRestart(stdin io.ReadCloser, stdout io.Writer, args ...str
 	}
 	for _, name := range cmd.Args() {
 		if container := srv.runtime.Get(name); container != nil {
-			if err := container.Restart(); err != nil {
+			if err := container.Restart(*nSeconds); err != nil {
 				return err
 			}
 			fmt.Fprintln(stdout, container.ShortId())
@@ -259,7 +342,7 @@ func (srv *Server) CmdRestart(stdin io.ReadCloser, stdout io.Writer, args ...str
 }

 func (srv *Server) CmdStart(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	cmd := rcli.Subcmd(stdout, "start", "[OPTIONS] NAME", "Start a stopped container")
+	cmd := rcli.Subcmd(stdout, "start", "CONTAINER [CONTAINER...]", "Start a stopped container")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -281,7 +364,7 @@ func (srv *Server) CmdStart(stdin io.ReadCloser, stdout io.Writer, args ...strin
 }

 func (srv *Server) CmdInspect(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	cmd := rcli.Subcmd(stdout, "inspect", "[OPTIONS] CONTAINER", "Return low-level information on a container")
+	cmd := rcli.Subcmd(stdout, "inspect", "CONTAINER", "Return low-level information on a container")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -316,7 +399,7 @@ func (srv *Server) CmdInspect(stdin io.ReadCloser, stdout io.Writer, args ...str
 }

 func (srv *Server) CmdPort(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	cmd := rcli.Subcmd(stdout, "port", "[OPTIONS] CONTAINER PRIVATE_PORT", "Lookup the public-facing port which is NAT-ed to PRIVATE_PORT")
+	cmd := rcli.Subcmd(stdout, "port", "CONTAINER PRIVATE_PORT", "Lookup the public-facing port which is NAT-ed to PRIVATE_PORT")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -338,9 +421,9 @@ func (srv *Server) CmdPort(stdin io.ReadCloser, stdout io.Writer, args ...string
 	return nil
 }

-// 'docker rmi NAME' removes all images with the name NAME
+// 'docker rmi IMAGE' removes all images with the name IMAGE
 func (srv *Server) CmdRmi(stdin io.ReadCloser, stdout io.Writer, args ...string) (err error) {
-	cmd := rcli.Subcmd(stdout, "rmimage", "[OPTIONS] IMAGE", "Remove an image")
+	cmd := rcli.Subcmd(stdout, "rmimage", "IMAGE [IMAGE...]", "Remove an image")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -349,7 +432,11 @@ func (srv *Server) CmdRmi(stdin io.ReadCloser, stdout io.Writer, args ...string)
 		return nil
 	}
 	for _, name := range cmd.Args() {
-		if err := srv.runtime.graph.Delete(name); err != nil {
+		img, err := srv.runtime.repositories.LookupImage(name)
+		if err != nil {
+			return err
+		}
+		if err := srv.runtime.graph.Delete(img.Id); err != nil {
 			return err
 		}
 	}
@@ -357,7 +444,7 @@ func (srv *Server) CmdRmi(stdin io.ReadCloser, stdout io.Writer, args ...string)
 }

 func (srv *Server) CmdHistory(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	cmd := rcli.Subcmd(stdout, "history", "[OPTIONS] IMAGE", "Show the history of an image")
+	cmd := rcli.Subcmd(stdout, "history", "IMAGE", "Show the history of an image")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -383,28 +470,62 @@ func (srv *Server) CmdHistory(stdin io.ReadCloser, stdout io.Writer, args ...str
 }

 func (srv *Server) CmdRm(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	cmd := rcli.Subcmd(stdout, "rm", "[OPTIONS] CONTAINER", "Remove a container")
+	cmd := rcli.Subcmd(stdout, "rm", "[OPTIONS] CONTAINER [CONTAINER...]", "Remove a container")
+	v := cmd.Bool("v", false, "Remove the volumes associated to the container")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
+	if cmd.NArg() < 1 {
+		cmd.Usage()
+		return nil
+	}
+	volumes := make(map[string]struct{})
 	for _, name := range cmd.Args() {
 		container := srv.runtime.Get(name)
 		if container == nil {
 			return fmt.Errorf("No such container: %s", name)
 		}
+		// Store all the deleted containers volumes
+		for _, volumeId := range container.Volumes {
+			volumes[volumeId] = struct{}{}
+		}
 		if err := srv.runtime.Destroy(container); err != nil {
 			fmt.Fprintln(stdout, "Error destroying container "+name+": "+err.Error())
 		}
 	}
+	if *v {
+		// Retrieve all volumes from all remaining containers
+		usedVolumes := make(map[string]*Container)
+		for _, container := range srv.runtime.List() {
+			for _, containerVolumeId := range container.Volumes {
+				usedVolumes[containerVolumeId] = container
+			}
+		}
+
+		for volumeId := range volumes {
+			// If the requested volu
+			if c, exists := usedVolumes[volumeId]; exists {
+				fmt.Fprintf(stdout, "The volume %s is used by the container %s. Impossible to remove it. Skipping.\n", volumeId, c.Id)
+				continue
+			}
+			if err := srv.runtime.volumes.Delete(volumeId); err != nil {
+				return err
+			}
+		}
+	}
 	return nil
 }

 // 'docker kill NAME' kills a running container
 func (srv *Server) CmdKill(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	cmd := rcli.Subcmd(stdout, "kill", "[OPTIONS] CONTAINER [CONTAINER...]", "Kill a running container")
+	cmd := rcli.Subcmd(stdout, "kill", "CONTAINER [CONTAINER...]", "Kill a running container")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
+	if cmd.NArg() < 1 {
+		cmd.Usage()
+		return nil
+	}
 	for _, name := range cmd.Args() {
 		container := srv.runtime.Get(name)
 		if container == nil {
@@ -417,18 +538,21 @@ func (srv *Server) CmdKill(stdin io.ReadCloser, stdout io.Writer, args ...string
 	return nil
 }

-func (srv *Server) CmdImport(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	cmd := rcli.Subcmd(stdout, "import", "[OPTIONS] URL|- [REPOSITORY [TAG]]", "Create a new filesystem image from the contents of a tarball")
+func (srv *Server) CmdImport(stdin io.ReadCloser, stdout rcli.DockerConn, args ...string) error {
+	stdout.Flush()
+	cmd := rcli.Subcmd(stdout, "import", "URL|- [REPOSITORY [TAG]]", "Create a new filesystem image from the contents of a tarball")
 	var archive io.Reader
 	var resp *http.Response

 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
+	if cmd.NArg() < 1 {
+		cmd.Usage()
+		return nil
+	}
 	src := cmd.Arg(0)
-	if src == "" {
-		return fmt.Errorf("Not enough arguments")
-	} else if src == "-" {
+	if src == "-" {
 		archive = stdin
 	} else {
 		u, err := url.Parse(src)
@@ -447,9 +571,9 @@ func (srv *Server) CmdImport(stdin io.ReadCloser, stdout io.Writer, args ...stri
 		if err != nil {
 			return err
 		}
-		archive = ProgressReader(resp.Body, int(resp.ContentLength), stdout)
+		archive = ProgressReader(resp.Body, int(resp.ContentLength), stdout, "Importing %v/%v (%v)")
 	}
-	img, err := srv.runtime.graph.Create(archive, nil, "Imported from "+src)
+	img, err := srv.runtime.graph.Create(archive, nil, "Imported from "+src, "", nil)
 	if err != nil {
 		return err
 	}
@@ -464,8 +588,9 @@ func (srv *Server) CmdImport(stdin io.ReadCloser, stdout io.Writer, args ...stri
 	return nil
 }

-func (srv *Server) CmdPush(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
+func (srv *Server) CmdPush(stdin io.ReadCloser, stdout rcli.DockerConn, args ...string) error {
 	cmd := rcli.Subcmd(stdout, "push", "NAME", "Push an image or a repository to the registry")
+	registry := cmd.String("registry", "", "Registry host to push the image to")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -476,8 +601,8 @@ func (srv *Server) CmdPush(stdin io.ReadCloser, stdout io.Writer, args ...string
 		return nil
 	}

-	// If the login failed, abort
-	if srv.runtime.authConfig == nil || srv.runtime.authConfig.Username == "" {
+	// If the login failed AND we're using the index, abort
+	if *registry == "" && (srv.runtime.authConfig == nil || srv.runtime.authConfig.Username == "") {
 		if err := srv.CmdLogin(stdin, stdout, args...); err != nil {
 			return err
 		}
@@ -500,9 +625,6 @@ func (srv *Server) CmdPush(stdin io.ReadCloser, stdout io.Writer, args ...string
 	Debugf("Pushing [%s] to [%s]\n", local, remote)

 	// Try to get the image
-	// FIXME: Handle lookup
-	// FIXME: Also push the tags in case of ./docker push myrepo:mytag
-	//	img, err := srv.runtime.LookupImage(cmd.Arg(0))
 	img, err := srv.runtime.graph.Get(local)
 	if err != nil {
 		Debugf("The push refers to a repository [%s] (len: %d)\n", local, len(srv.runtime.repositories.Repositories[local]))
@@ -512,12 +634,11 @@ func (srv *Server) CmdPush(stdin io.ReadCloser, stdout io.Writer, args ...string
 				return err
 			}
 			return nil
-		} else {
-			return err
 		}
-		return nil
+
+		return err
 	}
-	err = srv.runtime.graph.PushImage(stdout, img, srv.runtime.authConfig)
+	err = srv.runtime.graph.PushImage(stdout, img, *registry, nil)
 	if err != nil {
 		return err
 	}
@@ -526,6 +647,8 @@ func (srv *Server) CmdPush(stdin io.ReadCloser, stdout io.Writer, args ...string

 func (srv *Server) CmdPull(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
 	cmd := rcli.Subcmd(stdout, "pull", "NAME", "Pull an image or a repository from the registry")
+	tag := cmd.String("t", "", "Download tagged image in repository")
+	registry := cmd.String("registry", "", "Registry to download from. Necessary if image is pulled by ID")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -535,15 +658,20 @@ func (srv *Server) CmdPull(stdin io.ReadCloser, stdout io.Writer, args ...string
 		return nil
 	}

+	if strings.Contains(remote, ":") {
+		remoteParts := strings.Split(remote, ":")
+		tag = &remoteParts[1]
+		remote = remoteParts[0]
+	}
+
 	// FIXME: CmdPull should be a wrapper around Runtime.Pull()
-	if srv.runtime.graph.LookupRemoteImage(remote, srv.runtime.authConfig) {
-		if err := srv.runtime.graph.PullImage(stdout, remote, srv.runtime.authConfig); err != nil {
+	if *registry != "" {
+		if err := srv.runtime.graph.PullImage(stdout, remote, *registry, nil); err != nil {
 			return err
 		}
 		return nil
 	}
-	// FIXME: Allow pull repo:tag
-	if err := srv.runtime.graph.PullRepository(stdout, remote, "", srv.runtime.repositories, srv.runtime.authConfig); err != nil {
+	if err := srv.runtime.graph.PullRepository(stdout, remote, *tag, srv.runtime.repositories, srv.runtime.authConfig); err != nil {
 		return err
 	}
 	return nil
@@ -554,87 +682,126 @@ func (srv *Server) CmdImages(stdin io.ReadCloser, stdout io.Writer, args ...stri
 	//limit := cmd.Int("l", 0, "Only show the N most recent versions of each image")
 	quiet := cmd.Bool("q", false, "only show numeric IDs")
 	flAll := cmd.Bool("a", false, "show all images")
+	flViz := cmd.Bool("viz", false, "output graph in graphviz format")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
-	if cmd.NArg() > 1 {
-		cmd.Usage()
-		return nil
-	}
-	var nameFilter string
-	if cmd.NArg() == 1 {
-		nameFilter = cmd.Arg(0)
-	}
-	w := tabwriter.NewWriter(stdout, 20, 1, 3, ' ', 0)
-	if !*quiet {
-		fmt.Fprintln(w, "REPOSITORY\tTAG\tID\tCREATED\tPARENT")
-	}
-	var allImages map[string]*Image
-	var err error
-	if *flAll {
-		allImages, err = srv.runtime.graph.Map()
-	} else {
-		allImages, err = srv.runtime.graph.Heads()
-	}
-	if err != nil {
-		return err
-	}
-	for name, repository := range srv.runtime.repositories.Repositories {
-		if nameFilter != "" && name != nameFilter {
-			continue
+
+	if *flViz {
+		images, _ := srv.runtime.graph.All()
+		if images == nil {
+			return nil
 		}
-		for tag, id := range repository {
-			image, err := srv.runtime.graph.Get(id)
+
+		fmt.Fprintf(stdout, "digraph docker {\n")
+
+		var parentImage *Image
+		var err error
+		for _, image := range images {
+			parentImage, err = image.GetParent()
 			if err != nil {
-				log.Printf("Warning: couldn't load %s from %s/%s: %s", id, name, tag, err)
+				fmt.Errorf("Error while getting parent image: %v", err)
+				return nil
+			}
+			if parentImage != nil {
+				fmt.Fprintf(stdout, "  \"%s\" -> \"%s\"\n", parentImage.ShortId(), image.ShortId())
+			} else {
+				fmt.Fprintf(stdout, "  base -> \"%s\" [style=invis]\n", image.ShortId())
+			}
+		}
+
+		reporefs := make(map[string][]string)
+
+		for name, repository := range srv.runtime.repositories.Repositories {
+			for tag, id := range repository {
+				reporefs[TruncateId(id)] = append(reporefs[TruncateId(id)], fmt.Sprintf("%s:%s", name, tag))
+			}
+		}
+
+		for id, repos := range reporefs {
+			fmt.Fprintf(stdout, "  \"%s\" [label=\"%s\\n%s\",shape=box,fillcolor=\"paleturquoise\",style=\"filled,rounded\"];\n", id, id, strings.Join(repos, "\\n"))
+		}
+
+		fmt.Fprintf(stdout, "  base [style=invisible]\n")
+		fmt.Fprintf(stdout, "}\n")
+	} else {
+		if cmd.NArg() > 1 {
+			cmd.Usage()
+			return nil
+		}
+		var nameFilter string
+		if cmd.NArg() == 1 {
+			nameFilter = cmd.Arg(0)
+		}
+		w := tabwriter.NewWriter(stdout, 20, 1, 3, ' ', 0)
+		if !*quiet {
+			fmt.Fprintln(w, "REPOSITORY\tTAG\tID\tCREATED")
+		}
+		var allImages map[string]*Image
+		var err error
+		if *flAll {
+			allImages, err = srv.runtime.graph.Map()
+		} else {
+			allImages, err = srv.runtime.graph.Heads()
+		}
+		if err != nil {
+			return err
+		}
+		for name, repository := range srv.runtime.repositories.Repositories {
+			if nameFilter != "" && name != nameFilter {
 				continue
 			}
-			delete(allImages, id)
-			if !*quiet {
-				for idx, field := range []string{
-					/* REPOSITORY */ name,
-					/* TAG */ tag,
-					/* ID */ TruncateId(id),
-					/* CREATED */ HumanDuration(time.Now().Sub(image.Created)) + " ago",
-					/* PARENT */ srv.runtime.repositories.ImageName(image.Parent),
-				} {
-					if idx == 0 {
-						w.Write([]byte(field))
-					} else {
-						w.Write([]byte("\t" + field))
-					}
+			for tag, id := range repository {
+				image, err := srv.runtime.graph.Get(id)
+				if err != nil {
+					log.Printf("Warning: couldn't load %s from %s/%s: %s", id, name, tag, err)
+					continue
+				}
+				delete(allImages, id)
+				if !*quiet {
+					for idx, field := range []string{
+						/* REPOSITORY */ name,
+						/* TAG */ tag,
+						/* ID */ TruncateId(id),
+						/* CREATED */ HumanDuration(time.Now().Sub(image.Created)) + " ago",
+					} {
+						if idx == 0 {
+							w.Write([]byte(field))
+						} else {
+							w.Write([]byte("\t" + field))
+						}
+					}
+					w.Write([]byte{'\n'})
+				} else {
+					stdout.Write([]byte(image.ShortId() + "\n"))
 				}
-				w.Write([]byte{'\n'})
-			} else {
-				stdout.Write([]byte(image.ShortId() + "\n"))
 			}
 		}
-	}
-	// Display images which aren't part of a
-	if nameFilter == "" {
-		for id, image := range allImages {
-			if !*quiet {
-				for idx, field := range []string{
-					/* REPOSITORY */ "<none>",
-					/* TAG */ "<none>",
-					/* ID */ TruncateId(id),
-					/* CREATED */ HumanDuration(time.Now().Sub(image.Created)) + " ago",
-					/* PARENT */ srv.runtime.repositories.ImageName(image.Parent),
-				} {
-					if idx == 0 {
-						w.Write([]byte(field))
-					} else {
-						w.Write([]byte("\t" + field))
+		// Display images which aren't part of a
+		if nameFilter == "" {
+			for id, image := range allImages {
+				if !*quiet {
+					for idx, field := range []string{
+						/* REPOSITORY */ "<none>",
+						/* TAG */ "<none>",
+						/* ID */ TruncateId(id),
+						/* CREATED */ HumanDuration(time.Now().Sub(image.Created)) + " ago",
+					} {
+						if idx == 0 {
+							w.Write([]byte(field))
+						} else {
+							w.Write([]byte("\t" + field))
+						}
 					}
+					w.Write([]byte{'\n'})
+				} else {
+					stdout.Write([]byte(image.ShortId() + "\n"))
 				}
-				w.Write([]byte{'\n'})
-			} else {
-				stdout.Write([]byte(image.ShortId() + "\n"))
 			}
 		}
-	}
-	if !*quiet {
-		w.Flush()
+		if !*quiet {
+			w.Flush()
+		}
 	}
 	return nil
 }
@@ -645,17 +812,25 @@ func (srv *Server) CmdPs(stdin io.ReadCloser, stdout io.Writer, args ...string)
 	quiet := cmd.Bool("q", false, "Only display numeric IDs")
 	flAll := cmd.Bool("a", false, "Show all containers. Only running containers are shown by default.")
 	flFull := cmd.Bool("notrunc", false, "Don't truncate output")
+	latest := cmd.Bool("l", false, "Show only the latest created container, include non-running ones.")
+	nLast := cmd.Int("n", -1, "Show n last created containers, include non-running ones.")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
+	if *nLast == -1 && *latest {
+		*nLast = 1
+	}
 	w := tabwriter.NewWriter(stdout, 12, 1, 3, ' ', 0)
 	if !*quiet {
-		fmt.Fprintln(w, "ID\tIMAGE\tCOMMAND\tCREATED\tSTATUS\tCOMMENT")
+		fmt.Fprintln(w, "ID\tIMAGE\tCOMMAND\tCREATED\tSTATUS\tCOMMENT\tPORTS")
 	}
-	for _, container := range srv.runtime.List() {
-		if !container.State.Running && !*flAll {
+	for i, container := range srv.runtime.List() {
+		if !container.State.Running && !*flAll && *nLast == -1 {
 			continue
 		}
+		if i == *nLast {
+			break
+		}
 		if !*quiet {
 			command := fmt.Sprintf("%s %s", container.Path, strings.Join(container.Args, " "))
 			if !*flFull {
@@ -668,6 +843,7 @@ func (srv *Server) CmdPs(stdin io.ReadCloser, stdout io.Writer, args ...string)
 				/* CREATED */ HumanDuration(time.Now().Sub(container.Created)) + " ago",
 				/* STATUS */ container.State.String(),
 				/* COMMENT */ "",
+				/* PORTS */ container.NetworkSettings.PortMappingHuman(),
 			} {
 				if idx == 0 {
 					w.Write([]byte(field))
@@ -691,6 +867,8 @@ func (srv *Server) CmdCommit(stdin io.ReadCloser, stdout io.Writer, args ...stri
 		"commit", "[OPTIONS] CONTAINER [REPOSITORY [TAG]]",
 		"Create a new image from a container's changes")
 	flComment := cmd.String("m", "", "Commit message")
+	flAuthor := cmd.String("author", "", "Author (eg. \"John Hannibal Smith <hannibal@a-team.com>\"")
+	flConfig := cmd.String("run", "", "Config automatically applied when the image is run. "+`(ex: {"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')`)
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -699,7 +877,21 @@ func (srv *Server) CmdCommit(stdin io.ReadCloser, stdout io.Writer, args ...stri
 		cmd.Usage()
 		return nil
 	}
-	img, err := srv.runtime.Commit(containerName, repository, tag, *flComment)
+
+	var config *Config
+	if *flConfig != "" {
+		config = &Config{}
+		if err := json.Unmarshal([]byte(*flConfig), config); err != nil {
+			return err
+		}
+	}
+
+	container := srv.runtime.Get(containerName)
+	if container == nil {
+		return fmt.Errorf("No such container: %s", containerName)
+	}
+
+	img, err := NewBuilder(srv.runtime).Commit(container, repository, tag, *flComment, *flAuthor, config)
 	if err != nil {
 		return err
 	}
@@ -731,13 +923,14 @@ func (srv *Server) CmdExport(stdin io.ReadCloser, stdout io.Writer, args ...stri

 func (srv *Server) CmdDiff(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
 	cmd := rcli.Subcmd(stdout,
-		"diff", "CONTAINER [OPTIONS]",
+		"diff", "CONTAINER",
 		"Inspect changes on a container's filesystem")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
 	if cmd.NArg() < 1 {
-		return fmt.Errorf("Not enough arguments")
+		cmd.Usage()
+		return nil
 	}
 	if container := srv.runtime.Get(cmd.Arg(0)); container == nil {
 		return fmt.Errorf("No such container")
@@ -754,7 +947,7 @@ func (srv *Server) CmdDiff(stdin io.ReadCloser, stdout io.Writer, args ...string
 }

 func (srv *Server) CmdLogs(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	cmd := rcli.Subcmd(stdout, "logs", "[OPTIONS] CONTAINER", "Fetch the logs of a container")
+	cmd := rcli.Subcmd(stdout, "logs", "CONTAINER", "Fetch the logs of a container")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -785,7 +978,7 @@ func (srv *Server) CmdLogs(stdin io.ReadCloser, stdout io.Writer, args ...string
 	return fmt.Errorf("No such container: %s", cmd.Arg(0))
 }

-func (srv *Server) CmdAttach(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
+func (srv *Server) CmdAttach(stdin io.ReadCloser, stdout rcli.DockerConn, args ...string) error {
 	cmd := rcli.Subcmd(stdout, "attach", "CONTAINER", "Attach to a running container")
 	if err := cmd.Parse(args); err != nil {
 		return nil
@@ -799,7 +992,45 @@ func (srv *Server) CmdAttach(stdin io.ReadCloser, stdout io.Writer, args ...stri
 	if container == nil {
 		return fmt.Errorf("No such container: %s", name)
 	}
-	return <-container.Attach(stdin, stdout, stdout)
+
+	if container.State.Ghost {
+		return fmt.Errorf("Impossible to attach to a ghost container")
+	}
+
+	if container.Config.Tty {
+		stdout.SetOptionRawTerminal()
+	}
+	// Flush the options to make sure the client sets the raw mode
+	stdout.Flush()
+	return <-container.Attach(stdin, nil, stdout, stdout)
+}
+
+func (srv *Server) CmdSearch(stdin io.ReadCloser, stdout rcli.DockerConn, args ...string) error {
+	cmd := rcli.Subcmd(stdout, "search", "NAME", "Search the docker index for images")
+	if err := cmd.Parse(args); err != nil {
+		return nil
+	}
+	if cmd.NArg() != 1 {
+		cmd.Usage()
+		return nil
+	}
+	term := cmd.Arg(0)
+	results, err := srv.runtime.graph.SearchRepositories(stdout, term)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(stdout, "Found %d results matching your query (\"%s\")\n", results.NumResults, results.Query)
+	w := tabwriter.NewWriter(stdout, 20, 1, 3, ' ', 0)
+	fmt.Fprintf(w, "NAME\tDESCRIPTION\n")
+	for _, repo := range results.Results {
+		description := repo["description"]
+		if len(description) > 45 {
+			description = Trunc(description, 42) + "..."
+		}
+		fmt.Fprintf(w, "%s\t%s\n", repo["name"], description)
+	}
+	w.Flush()
+	return nil
 }

 // Ports type - Used to parse multiple -p flags
@@ -833,30 +1064,49 @@ func (opts *ListOpts) Set(value string) error {
 // AttachOpts stores arguments to 'docker run -a', eg. which streams to attach to
 type AttachOpts map[string]bool

-func NewAttachOpts() *AttachOpts {
-	opts := make(map[string]bool)
-	return (*AttachOpts)(&opts)
+func NewAttachOpts() AttachOpts {
+	return make(AttachOpts)
 }

-func (opts *AttachOpts) String() string {
-	return fmt.Sprint(*opts)
+func (opts AttachOpts) String() string {
+	// Cast to underlying map type to avoid infinite recursion
+	return fmt.Sprintf("%v", map[string]bool(opts))
 }

-func (opts *AttachOpts) Set(val string) error {
+func (opts AttachOpts) Set(val string) error {
 	if val != "stdin" && val != "stdout" && val != "stderr" {
 		return fmt.Errorf("Unsupported stream name: %s", val)
 	}
-	(*opts)[val] = true
+	opts[val] = true
 	return nil
 }

-func (opts *AttachOpts) Get(val string) bool {
-	if res, exists := (*opts)[val]; exists {
+func (opts AttachOpts) Get(val string) bool {
+	if res, exists := opts[val]; exists {
 		return res
 	}
 	return false
 }

+// PathOpts stores a unique set of absolute paths
+type PathOpts map[string]struct{}
+
+func NewPathOpts() PathOpts {
+	return make(PathOpts)
+}
+
+func (opts PathOpts) String() string {
+	return fmt.Sprintf("%v", map[string]struct{}(opts))
+}
+
+func (opts PathOpts) Set(val string) error {
+	if !filepath.IsAbs(val) {
+		return fmt.Errorf("%s is not an absolute path", val)
+	}
+	opts[filepath.Clean(val)] = struct{}{}
+	return nil
+}
+
 func (srv *Server) CmdTag(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
 	cmd := rcli.Subcmd(stdout, "tag", "[OPTIONS] IMAGE REPOSITORY [TAG]", "Tag an image into a repository")
 	force := cmd.Bool("f", false, "Force")
@@ -870,8 +1120,8 @@ func (srv *Server) CmdTag(stdin io.ReadCloser, stdout io.Writer, args ...string)
 	return srv.runtime.repositories.Set(cmd.Arg(1), cmd.Arg(2), cmd.Arg(0), *force)
 }

-func (srv *Server) CmdRun(stdin io.ReadCloser, stdout io.Writer, args ...string) error {
-	config, err := ParseRun(args, stdout)
+func (srv *Server) CmdRun(stdin io.ReadCloser, stdout rcli.DockerConn, args ...string) error {
+	config, err := ParseRun(args, stdout, srv.runtime.capabilities)
 	if err != nil {
 		return err
 	}
@@ -879,21 +1129,26 @@ func (srv *Server) CmdRun(stdin io.ReadCloser, stdout io.Writer, args ...string)
 		fmt.Fprintln(stdout, "Error: Image not specified")
 		return fmt.Errorf("Image not specified")
 	}
-	if len(config.Cmd) == 0 {
-		fmt.Fprintln(stdout, "Error: Command not specified")
-		return fmt.Errorf("Command not specified")
+
+	if config.Tty {
+		stdout.SetOptionRawTerminal()
 	}
+	// Flush the options to make sure the client sets the raw mode
+	// or tell the client there is no options
+	stdout.Flush()
+
+	b := NewBuilder(srv.runtime)

 	// Create new container
-	container, err := srv.runtime.Create(config)
+	container, err := b.Create(config)
 	if err != nil {
 		// If container not found, try to pull it
 		if srv.runtime.graph.IsNotExist(err) {
-			fmt.Fprintf(stdout, "Image %s not found, trying to pull it from registry.\n", config.Image)
+			fmt.Fprintf(stdout, "Image %s not found, trying to pull it from registry.\r\n", config.Image)
 			if err = srv.CmdPull(stdin, stdout, config.Image); err != nil {
 				return err
 			}
-			if container, err = srv.runtime.Create(config); err != nil {
+			if container, err = b.Create(config); err != nil {
 				return err
 			}
 		} else {
@@ -901,11 +1156,17 @@ func (srv *Server) CmdRun(stdin io.ReadCloser, stdout io.Writer, args ...string)
 		}
 	}
 	var (
-		cStdin           io.Reader
+		cStdin           io.ReadCloser
 		cStdout, cStderr io.Writer
 	)
 	if config.AttachStdin {
-		cStdin = stdin
+		r, w := io.Pipe()
+		go func() {
+			defer w.Close()
+			defer Debugf("Closing buffered stdin pipe")
+			io.Copy(w, stdin)
+		}()
+		cStdin = r
 	}
 	if config.AttachStdout {
 		cStdout = stdout
@@ -913,7 +1174,8 @@ func (srv *Server) CmdRun(stdin io.ReadCloser, stdout io.Writer, args ...string)
 	if config.AttachStderr {
 		cStderr = stdout // FIXME: rcli can't differentiate stdout from stderr
 	}
-	attachErr := container.Attach(cStdin, cStdout, cStderr)
+
+	attachErr := container.Attach(cStdin, stdin, cStdout, cStderr)
 	Debugf("Starting\n")
 	if err := container.Start(); err != nil {
 		return err
@@ -922,14 +1184,22 @@ func (srv *Server) CmdRun(stdin io.ReadCloser, stdout io.Writer, args ...string)
 		fmt.Fprintln(stdout, container.ShortId())
 	}
 	Debugf("Waiting for attach to return\n")
-	return <-attachErr
+	<-attachErr
+	// Expecting I/O pipe error, discarding
+
+	// If we are in stdinonce mode, wait for the process to end
+	// otherwise, simply return
+	if config.StdinOnce && !config.Tty {
+		container.Wait()
+	}
+	return nil
 }

-func NewServer() (*Server, error) {
+func NewServer(autoRestart bool) (*Server, error) {
 	if runtime.GOARCH != "amd64" {
 		log.Fatalf("The docker runtime currently only supports amd64 (not %s). This will change in the future. Aborting.", runtime.GOARCH)
 	}
-	runtime, err := NewRuntime()
+	runtime, err := NewRuntime(autoRestart)
 	if err != nil {
 		return nil, err
 	}
--- a/commands_test.go
+++ b/commands_test.go
@@ -2,8 +2,8 @@ package docker

 import (
 	"bufio"
-	"bytes"
 	"fmt"
+	"github.com/dotcloud/docker/rcli"
 	"io"
 	"io/ioutil"
 	"strings"
@@ -59,6 +59,91 @@ func assertPipe(input, output string, r io.Reader, w io.Writer, count int) error
 	return nil
 }

+func cmdWait(srv *Server, container *Container) error {
+	stdout, stdoutPipe := io.Pipe()
+
+	go func() {
+		srv.CmdWait(nil, stdoutPipe, container.Id)
+	}()
+
+	if _, err := bufio.NewReader(stdout).ReadString('\n'); err != nil {
+		return err
+	}
+	// Cleanup pipes
+	return closeWrap(stdout, stdoutPipe)
+}
+
+func cmdImages(srv *Server, args ...string) (string, error) {
+	stdout, stdoutPipe := io.Pipe()
+
+	go func() {
+		if err := srv.CmdImages(nil, stdoutPipe, args...); err != nil {
+			return
+		}
+
+		// force the pipe closed, so that the code below gets an EOF
+		stdoutPipe.Close()
+	}()
+
+	output, err := ioutil.ReadAll(stdout)
+	if err != nil {
+		return "", err
+	}
+
+	// Cleanup pipes
+	return string(output), closeWrap(stdout, stdoutPipe)
+}
+
+// TestImages checks that 'docker images' displays information correctly
+func TestImages(t *testing.T) {
+
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	srv := &Server{runtime: runtime}
+
+	output, err := cmdImages(srv)
+
+	if !strings.Contains(output, "REPOSITORY") {
+		t.Fatal("'images' should have a header")
+	}
+	if !strings.Contains(output, "docker-ut") {
+		t.Fatal("'images' should show the docker-ut image")
+	}
+	if !strings.Contains(output, "e9aa60c60128") {
+		t.Fatal("'images' should show the docker-ut image id")
+	}
+
+	output, err = cmdImages(srv, "-q")
+
+	if strings.Contains(output, "REPOSITORY") {
+		t.Fatal("'images -q' should not have a header")
+	}
+	if strings.Contains(output, "docker-ut") {
+		t.Fatal("'images' should not show the docker-ut image name")
+	}
+	if !strings.Contains(output, "e9aa60c60128") {
+		t.Fatal("'images' should show the docker-ut image id")
+	}
+
+	output, err = cmdImages(srv, "-viz")
+
+	if !strings.HasPrefix(output, "digraph docker {") {
+		t.Fatal("'images -v' should start with the dot header")
+	}
+	if !strings.HasSuffix(output, "}\n") {
+		t.Fatal("'images -v' should end with a '}'")
+	}
+	if !strings.Contains(output, "base -> \"e9aa60c60128\" [style=invis]") {
+		t.Fatal("'images -v' should have the docker-ut image id node")
+	}
+
+	// todo: add checks for -a
+}
+
 // TestRunHostname checks that 'docker run -h' correctly sets a custom hostname
 func TestRunHostname(t *testing.T) {
 	runtime, err := newTestRuntime()
@@ -69,14 +154,80 @@ func TestRunHostname(t *testing.T) {

 	srv := &Server{runtime: runtime}

-	var stdin, stdout bytes.Buffer
+	stdin, _ := io.Pipe()
+	stdout, stdoutPipe := io.Pipe()
+
+	c := make(chan struct{})
+	go func() {
+		if err := srv.CmdRun(stdin, rcli.NewDockerLocalConn(stdoutPipe), "-h", "foobar", GetTestImage(runtime).Id, "hostname"); err != nil {
+			t.Fatal(err)
+		}
+		close(c)
+	}()
+	cmdOutput, err := bufio.NewReader(stdout).ReadString('\n')
+	if err != nil {
+		t.Fatal(err)
+	}
+	if cmdOutput != "foobar\n" {
+		t.Fatalf("'hostname' should display '%s', not '%s'", "foobar\n", cmdOutput)
+	}
+
 	setTimeout(t, "CmdRun timed out", 2*time.Second, func() {
-		if err := srv.CmdRun(ioutil.NopCloser(&stdin), &nopWriteCloser{&stdout}, "-h", "foobar", GetTestImage(runtime).Id, "hostname"); err != nil {
+		<-c
+		cmdWait(srv, srv.runtime.List()[0])
+	})
+
+}
+
+func TestRunExit(t *testing.T) {
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	srv := &Server{runtime: runtime}
+
+	stdin, stdinPipe := io.Pipe()
+	stdout, stdoutPipe := io.Pipe()
+	c1 := make(chan struct{})
+	go func() {
+		srv.CmdRun(stdin, rcli.NewDockerLocalConn(stdoutPipe), "-i", GetTestImage(runtime).Id, "/bin/cat")
+		close(c1)
+	}()
+
+	setTimeout(t, "Read/Write assertion timed out", 2*time.Second, func() {
+		if err := assertPipe("hello\n", "hello", stdout, stdinPipe, 15); err != nil {
 			t.Fatal(err)
 		}
 	})
-	if output := string(stdout.Bytes()); output != "foobar\n" {
-		t.Fatalf("'hostname' should display '%s', not '%s'", "foobar\n", output)
+
+	container := runtime.List()[0]
+
+	// Closing /bin/cat stdin, expect it to exit
+	p, err := container.StdinPipe()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := p.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	// as the process exited, CmdRun must finish and unblock. Wait for it
+	setTimeout(t, "Waiting for CmdRun timed out", 2*time.Second, func() {
+		<-c1
+		cmdWait(srv, container)
+	})
+
+	// Make sure that the client has been disconnected
+	setTimeout(t, "The client should have been disconnected once the remote process exited.", 2*time.Second, func() {
+		// Expecting pipe i/o error, just check that read does not block
+		stdin.Read([]byte{})
+	})
+
+	// Cleanup pipes
+	if err := closeWrap(stdin, stdinPipe, stdout, stdoutPipe); err != nil {
+		t.Fatal(err)
 	}
 }

@@ -96,7 +247,7 @@ func TestRunDisconnect(t *testing.T) {
 	go func() {
 		// We're simulating a disconnect so the return value doesn't matter. What matters is the
 		// fact that CmdRun returns.
-		srv.CmdRun(stdin, stdoutPipe, "-i", GetTestImage(runtime).Id, "/bin/cat")
+		srv.CmdRun(stdin, rcli.NewDockerLocalConn(stdoutPipe), "-i", GetTestImage(runtime).Id, "/bin/cat")
 		close(c1)
 	}()

@@ -128,10 +279,66 @@ func TestRunDisconnect(t *testing.T) {
 	})
 }

+// Expected behaviour: the process dies when the client disconnects
+func TestRunDisconnectTty(t *testing.T) {
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	srv := &Server{runtime: runtime}
+
+	stdin, stdinPipe := io.Pipe()
+	stdout, stdoutPipe := io.Pipe()
+	c1 := make(chan struct{})
+	go func() {
+		// We're simulating a disconnect so the return value doesn't matter. What matters is the
+		// fact that CmdRun returns.
+		srv.CmdRun(stdin, rcli.NewDockerLocalConn(stdoutPipe), "-i", "-t", GetTestImage(runtime).Id, "/bin/cat")
+		close(c1)
+	}()
+
+	setTimeout(t, "Waiting for the container to be started timed out", 2*time.Second, func() {
+		for {
+			// Client disconnect after run -i should keep stdin out in TTY mode
+			l := runtime.List()
+			if len(l) == 1 && l[0].State.Running {
+				break
+			}
+
+			time.Sleep(10 * time.Millisecond)
+		}
+	})
+
+	// Client disconnect after run -i should keep stdin out in TTY mode
+	container := runtime.List()[0]
+
+	setTimeout(t, "Read/Write assertion timed out", 2*time.Second, func() {
+		if err := assertPipe("hello\n", "hello", stdout, stdinPipe, 15); err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	// Close pipes (simulate disconnect)
+	if err := closeWrap(stdin, stdinPipe, stdout, stdoutPipe); err != nil {
+		t.Fatal(err)
+	}
+
+	// In tty mode, we expect the process to stay alive even after client's stdin closes.
+	// Do not wait for run to finish
+
+	// Give some time to monitor to do his thing
+	container.WaitTimeout(500 * time.Millisecond)
+	if !container.State.Running {
+		t.Fatalf("/bin/cat should  still be running after closing stdin (tty mode)")
+	}
+}
+
 // TestAttachStdin checks attaching to stdin without stdout and stderr.
 // 'docker run -i -a stdin' should sends the client's stdin to the command,
 // then detach from it and print the container id.
-func TestAttachStdin(t *testing.T) {
+func TestRunAttachStdin(t *testing.T) {
 	runtime, err := newTestRuntime()
 	if err != nil {
 		t.Fatal(err)
@@ -139,31 +346,41 @@ func TestAttachStdin(t *testing.T) {
 	defer nuke(runtime)
 	srv := &Server{runtime: runtime}

-	stdinR, stdinW := io.Pipe()
-	var stdout bytes.Buffer
+	stdin, stdinPipe := io.Pipe()
+	stdout, stdoutPipe := io.Pipe()

 	ch := make(chan struct{})
 	go func() {
-		srv.CmdRun(stdinR, &stdout, "-i", "-a", "stdin", GetTestImage(runtime).Id, "sh", "-c", "echo hello; cat")
+		srv.CmdRun(stdin, rcli.NewDockerLocalConn(stdoutPipe), "-i", "-a", "stdin", GetTestImage(runtime).Id, "sh", "-c", "echo hello; cat")
 		close(ch)
 	}()

-	// Send input to the command, close stdin, wait for CmdRun to return
-	setTimeout(t, "Read/Write timed out", 2*time.Second, func() {
-		if _, err := stdinW.Write([]byte("hi there\n")); err != nil {
+	// Send input to the command, close stdin
+	setTimeout(t, "Write timed out", 2*time.Second, func() {
+		if _, err := stdinPipe.Write([]byte("hi there\n")); err != nil {
+			t.Fatal(err)
+		}
+		if err := stdinPipe.Close(); err != nil {
 			t.Fatal(err)
 		}
-		stdinW.Close()
-		<-ch
 	})

-	// Check output
-	cmdOutput := string(stdout.Bytes())
 	container := runtime.List()[0]
+
+	// Check output
+	cmdOutput, err := bufio.NewReader(stdout).ReadString('\n')
+	if err != nil {
+		t.Fatal(err)
+	}
 	if cmdOutput != container.ShortId()+"\n" {
 		t.Fatalf("Wrong output: should be '%s', not '%s'\n", container.ShortId()+"\n", cmdOutput)
 	}

+	// wait for CmdRun to return
+	setTimeout(t, "Waiting for CmdRun timed out", 2*time.Second, func() {
+		<-ch
+	})
+
 	setTimeout(t, "Waiting for command to exit timed out", 2*time.Second, func() {
 		container.Wait()
 	})
@@ -193,7 +410,7 @@ func TestAttachDisconnect(t *testing.T) {

 	srv := &Server{runtime: runtime}

-	container, err := runtime.Create(
+	container, err := NewBuilder(runtime).Create(
 		&Config{
 			Image:     GetTestImage(runtime).Id,
 			Memory:    33554432,
@@ -219,7 +436,7 @@ func TestAttachDisconnect(t *testing.T) {
 	go func() {
 		// We're simulating a disconnect so the return value doesn't matter. What matters is the
 		// fact that CmdAttach returns.
-		srv.CmdAttach(stdin, stdoutPipe, container.Id)
+		srv.CmdAttach(stdin, rcli.NewDockerLocalConn(stdoutPipe), container.Id)
 		close(c1)
 	}()

@@ -237,6 +454,7 @@ func TestAttachDisconnect(t *testing.T) {
 	setTimeout(t, "Waiting for CmdAttach timed out", 2*time.Second, func() {
 		<-c1
 	})
+
 	// We closed stdin, expect /bin/cat to still be running
 	// Wait a little bit to make sure container.monitor() did his thing
 	err = container.WaitTimeout(500 * time.Millisecond)
@@ -247,4 +465,5 @@ func TestAttachDisconnect(t *testing.T) {
 	// Try to avoid the timeoout in destroy. Best effort, don't check error
 	cStdin, _ := container.StdinPipe()
 	cStdin.Close()
+	container.Wait()
 }
--- a/container.go
+++ b/container.go
@@ -11,7 +11,9 @@ import (
 	"os"
 	"os/exec"
 	"path"
+	"sort"
 	"strconv"
+	"strings"
 	"syscall"
 	"time"
 )
@@ -33,18 +35,20 @@ type Container struct {
 	network         *NetworkInterface
 	NetworkSettings *NetworkSettings

-	SysInitPath string
-	cmd         *exec.Cmd
-	stdout      *writeBroadcaster
-	stderr      *writeBroadcaster
-	stdin       io.ReadCloser
-	stdinPipe   io.WriteCloser
+	SysInitPath    string
+	ResolvConfPath string

-	ptyStdinMaster  io.Closer
-	ptyStdoutMaster io.Closer
-	ptyStderrMaster io.Closer
+	cmd       *exec.Cmd
+	stdout    *writeBroadcaster
+	stderr    *writeBroadcaster
+	stdin     io.ReadCloser
+	stdinPipe io.WriteCloser
+	ptyMaster io.Closer

 	runtime *Runtime
+
+	waitLock chan struct{}
+	Volumes  map[string]string
 }

 type Config struct {
@@ -55,16 +59,19 @@ type Config struct {
 	AttachStdin  bool
 	AttachStdout bool
 	AttachStderr bool
-	Ports        []int
+	PortSpecs    []string
 	Tty          bool // Attach standard streams to a tty, including stdin if it is not closed.
 	OpenStdin    bool // Open stdin
 	StdinOnce    bool // If true, close stdin after the 1 attached client disconnects.
 	Env          []string
 	Cmd          []string
+	Dns          []string
 	Image        string // Name of the image as it was passed by the operator (eg. could be symbolic)
+	Volumes      map[string]struct{}
+	VolumesFrom  string
 }

-func ParseRun(args []string, stdout io.Writer) (*Config, error) {
+func ParseRun(args []string, stdout io.Writer, capabilities *Capabilities) (*Config, error) {
 	cmd := rcli.Subcmd(stdout, "run", "[OPTIONS] IMAGE COMMAND [ARG...]", "Run a command in a new container")
 	if len(args) > 0 && args[0] != "--help" {
 		cmd.SetOutput(ioutil.Discard)
@@ -79,20 +86,33 @@ func ParseRun(args []string, stdout io.Writer) (*Config, error) {
 	flTty := cmd.Bool("t", false, "Allocate a pseudo-tty")
 	flMemory := cmd.Int64("m", 0, "Memory limit (in bytes)")

-	var flPorts ports
-	cmd.Var(&flPorts, "p", "Map a network port to the container")
+	if *flMemory > 0 && !capabilities.MemoryLimit {
+		fmt.Fprintf(stdout, "WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.\n")
+		*flMemory = 0
+	}
+
+	var flPorts ListOpts
+	cmd.Var(&flPorts, "p", "Expose a container's port to the host (use 'docker port' to see the actual mapping)")

 	var flEnv ListOpts
 	cmd.Var(&flEnv, "e", "Set environment variables")

+	var flDns ListOpts
+	cmd.Var(&flDns, "dns", "Set custom dns servers")
+
+	flVolumes := NewPathOpts()
+	cmd.Var(flVolumes, "v", "Attach a data volume")
+
+	flVolumesFrom := cmd.String("volumes-from", "", "Mount volumes from the specified container")
+
 	if err := cmd.Parse(args); err != nil {
 		return nil, err
 	}
-	if *flDetach && len(*flAttach) > 0 {
+	if *flDetach && len(flAttach) > 0 {
 		return nil, fmt.Errorf("Conflicting options: -a and -d")
 	}
 	// If neither -d or -a are set, attach to everything by default
-	if len(*flAttach) == 0 && !*flDetach {
+	if len(flAttach) == 0 && !*flDetach {
 		if !*flDetach {
 			flAttach.Set("stdout")
 			flAttach.Set("stderr")
@@ -112,7 +132,7 @@ func ParseRun(args []string, stdout io.Writer) (*Config, error) {
 	}
 	config := &Config{
 		Hostname:     *flHostname,
-		Ports:        flPorts,
+		PortSpecs:    flPorts,
 		User:         *flUser,
 		Tty:          *flTty,
 		OpenStdin:    *flStdin,
@@ -122,8 +142,17 @@ func ParseRun(args []string, stdout io.Writer) (*Config, error) {
 		AttachStderr: flAttach.Get("stderr"),
 		Env:          flEnv,
 		Cmd:          runCmd,
+		Dns:          flDns,
 		Image:        image,
+		Volumes:      flVolumes,
+		VolumesFrom:  *flVolumesFrom,
 	}
+
+	if *flMemory > 0 && !capabilities.SwapLimit {
+		fmt.Fprintf(stdout, "WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n")
+		config.MemorySwap = -1
+	}
+
 	// When allocating stdin in attached mode, close stdin at client disconnect
 	if config.OpenStdin && config.AttachStdin {
 		config.StdinOnce = true
@@ -135,9 +164,37 @@ type NetworkSettings struct {
 	IpAddress   string
 	IpPrefixLen int
 	Gateway     string
+	Bridge      string
 	PortMapping map[string]string
 }

+// String returns a human-readable description of the port mapping defined in the settings
+func (settings *NetworkSettings) PortMappingHuman() string {
+	var mapping []string
+	for private, public := range settings.PortMapping {
+		mapping = append(mapping, fmt.Sprintf("%s->%s", public, private))
+	}
+	sort.Strings(mapping)
+	return strings.Join(mapping, ", ")
+}
+
+// Inject the io.Reader at the given path. Note: do not close the reader
+func (container *Container) Inject(file io.Reader, pth string) error {
+	// Make sure the directory exists
+	if err := os.MkdirAll(path.Join(container.rwPath(), path.Dir(pth)), 0755); err != nil {
+		return err
+	}
+	// FIXME: Handle permissions/already existing dest
+	dest, err := os.Create(path.Join(container.rwPath(), pth))
+	if err != nil {
+		return err
+	}
+	if _, err := io.Copy(dest, file); err != nil {
+		return err
+	}
+	return nil
+}
+
 func (container *Container) Cmd() *exec.Cmd {
 	return container.cmd
 }
@@ -179,63 +236,37 @@ func (container *Container) generateLXCConfig() error {
 }

 func (container *Container) startPty() error {
-	stdoutMaster, stdoutSlave, err := pty.Open()
+	ptyMaster, ptySlave, err := pty.Open()
 	if err != nil {
 		return err
 	}
-	container.ptyStdoutMaster = stdoutMaster
-	container.cmd.Stdout = stdoutSlave
-
-	stderrMaster, stderrSlave, err := pty.Open()
-	if err != nil {
-		return err
-	}
-	container.ptyStderrMaster = stderrMaster
-	container.cmd.Stderr = stderrSlave
+	container.ptyMaster = ptyMaster
+	container.cmd.Stdout = ptySlave
+	container.cmd.Stderr = ptySlave

 	// Copy the PTYs to our broadcasters
 	go func() {
 		defer container.stdout.CloseWriters()
 		Debugf("[startPty] Begin of stdout pipe")
-		io.Copy(container.stdout, stdoutMaster)
+		io.Copy(container.stdout, ptyMaster)
 		Debugf("[startPty] End of stdout pipe")
 	}()

-	go func() {
-		defer container.stderr.CloseWriters()
-		Debugf("[startPty] Begin of stderr pipe")
-		io.Copy(container.stderr, stderrMaster)
-		Debugf("[startPty] End of stderr pipe")
-	}()
-
 	// stdin
-	var stdinSlave io.ReadCloser
 	if container.Config.OpenStdin {
-		var stdinMaster io.WriteCloser
-		stdinMaster, stdinSlave, err = pty.Open()
-		if err != nil {
-			return err
-		}
-		container.ptyStdinMaster = stdinMaster
-		container.cmd.Stdin = stdinSlave
-		// FIXME: The following appears to be broken.
-		// "cannot set terminal process group (-1): Inappropriate ioctl for device"
-		// container.cmd.SysProcAttr = &syscall.SysProcAttr{Setctty: true, Setsid: true}
+		container.cmd.Stdin = ptySlave
+		container.cmd.SysProcAttr = &syscall.SysProcAttr{Setctty: true, Setsid: true}
 		go func() {
 			defer container.stdin.Close()
 			Debugf("[startPty] Begin of stdin pipe")
-			io.Copy(stdinMaster, container.stdin)
+			io.Copy(ptyMaster, container.stdin)
 			Debugf("[startPty] End of stdin pipe")
 		}()
 	}
 	if err := container.cmd.Start(); err != nil {
 		return err
 	}
-	stdoutSlave.Close()
-	stderrSlave.Close()
-	if stdinSlave != nil {
-		stdinSlave.Close()
-	}
+	ptySlave.Close()
 	return nil
 }

@@ -257,9 +288,9 @@ func (container *Container) start() error {
 	return container.cmd.Start()
 }

-func (container *Container) Attach(stdin io.Reader, stdout io.Writer, stderr io.Writer) chan error {
-	var cStdout io.ReadCloser
-	var cStderr io.ReadCloser
+func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, stdout io.Writer, stderr io.Writer) chan error {
+	var cStdout, cStderr io.ReadCloser
+
 	var nJobs int
 	errors := make(chan error, 3)
 	if stdin != nil && container.Config.OpenStdin {
@@ -269,15 +300,27 @@ func (container *Container) Attach(stdin io.Reader, stdout io.Writer, stderr io.
 		} else {
 			go func() {
 				Debugf("[start] attach stdin\n")
-				defer Debugf("[end]  attach stdin\n")
-				if container.Config.StdinOnce {
+				defer Debugf("[end] attach stdin\n")
+				// No matter what, when stdin is closed (io.Copy unblock), close stdout and stderr
+				if cStdout != nil {
+					defer cStdout.Close()
+				}
+				if cStderr != nil {
+					defer cStderr.Close()
+				}
+				if container.Config.StdinOnce && !container.Config.Tty {
 					defer cStdin.Close()
 				}
-				_, err := io.Copy(cStdin, stdin)
-				if err != nil {
-					Debugf("[error] attach stdout: %s\n", err)
+				if container.Config.Tty {
+					_, err = CopyEscapable(cStdin, stdin)
+				} else {
+					_, err = io.Copy(cStdin, stdin)
 				}
-				errors <- err
+				if err != nil {
+					Debugf("[error] attach stdin: %s\n", err)
+				}
+				// Discard error, expecting pipe error
+				errors <- nil
 			}()
 		}
 	}
@@ -290,6 +333,15 @@ func (container *Container) Attach(stdin io.Reader, stdout io.Writer, stderr io.
 			go func() {
 				Debugf("[start] attach stdout\n")
 				defer Debugf("[end]  attach stdout\n")
+				// If we are in StdinOnce mode, then close stdin
+				if container.Config.StdinOnce {
+					if stdin != nil {
+						defer stdin.Close()
+					}
+					if stdinCloser != nil {
+						defer stdinCloser.Close()
+					}
+				}
 				_, err := io.Copy(stdout, cStdout)
 				if err != nil {
 					Debugf("[error] attach stdout: %s\n", err)
@@ -307,6 +359,15 @@ func (container *Container) Attach(stdin io.Reader, stdout io.Writer, stderr io.
 			go func() {
 				Debugf("[start] attach stderr\n")
 				defer Debugf("[end]  attach stderr\n")
+				// If we are in StdinOnce mode, then close stdin
+				if container.Config.StdinOnce {
+					if stdin != nil {
+						defer stdin.Close()
+					}
+					if stdinCloser != nil {
+						defer stdinCloser.Close()
+					}
+				}
 				_, err := io.Copy(stderr, cStderr)
 				if err != nil {
 					Debugf("[error] attach stderr: %s\n", err)
@@ -338,6 +399,9 @@ func (container *Container) Attach(stdin io.Reader, stdout io.Writer, stderr io.
 }

 func (container *Container) Start() error {
+	container.State.lock()
+	defer container.State.unlock()
+
 	if container.State.Running {
 		return fmt.Errorf("The container %s is already running.", container.Id)
 	}
@@ -347,9 +411,50 @@ func (container *Container) Start() error {
 	if err := container.allocateNetwork(); err != nil {
 		return err
 	}
+
+	// Make sure the config is compatible with the current kernel
+	if container.Config.Memory > 0 && !container.runtime.capabilities.MemoryLimit {
+		log.Printf("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.\n")
+		container.Config.Memory = 0
+	}
+	if container.Config.Memory > 0 && !container.runtime.capabilities.SwapLimit {
+		log.Printf("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n")
+		container.Config.MemorySwap = -1
+	}
+	container.Volumes = make(map[string]string)
+
+	// Create the requested volumes volumes
+	for volPath := range container.Config.Volumes {
+		if c, err := container.runtime.volumes.Create(nil, container, "", "", nil); err != nil {
+			return err
+		} else {
+			if err := os.MkdirAll(path.Join(container.RootfsPath(), volPath), 0755); err != nil {
+				return nil
+			}
+			container.Volumes[volPath] = c.Id
+		}
+	}
+
+	if container.Config.VolumesFrom != "" {
+		c := container.runtime.Get(container.Config.VolumesFrom)
+		if c == nil {
+			return fmt.Errorf("Container %s not found. Impossible to mount its volumes", container.Id)
+		}
+		for volPath, id := range c.Volumes {
+			if _, exists := container.Volumes[volPath]; exists {
+				return fmt.Errorf("The requested volume %s overlap one of the volume of the container %s", volPath, c.Id)
+			}
+			if err := os.MkdirAll(path.Join(container.RootfsPath(), volPath), 0755); err != nil {
+				return nil
+			}
+			container.Volumes[volPath] = id
+		}
+	}
+
 	if err := container.generateLXCConfig(); err != nil {
 		return err
 	}
+
 	params := []string{
 		"-n", container.Id,
 		"-f", container.lxcConfigPath(),
@@ -365,21 +470,26 @@ func (container *Container) Start() error {
 		params = append(params, "-u", container.Config.User)
 	}

+	if container.Config.Tty {
+		params = append(params, "-e", "TERM=xterm")
+	}
+
+	// Setup environment
+	params = append(params,
+		"-e", "HOME=/",
+		"-e", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+	)
+
+	for _, elem := range container.Config.Env {
+		params = append(params, "-e", elem)
+	}
+
 	// Program
 	params = append(params, "--", container.Path)
 	params = append(params, container.Args...)

 	container.cmd = exec.Command("lxc-start", params...)

-	// Setup environment
-	container.cmd.Env = append(
-		[]string{
-			"HOME=/",
-			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
-		},
-		container.Config.Env...,
-	)
-
 	// Setup logging of stdout and stderr to disk
 	if err := container.runtime.LogToDisk(container.stdout, container.logPath("stdout")); err != nil {
 		return err
@@ -390,10 +500,6 @@ func (container *Container) Start() error {

 	var err error
 	if container.Config.Tty {
-		container.cmd.Env = append(
-			[]string{"TERM=xterm"},
-			container.cmd.Env...,
-		)
 		err = container.startPty()
 	} else {
 		err = container.start()
@@ -404,6 +510,10 @@ func (container *Container) Start() error {
 	// FIXME: save state on disk *first*, then converge
 	// this way disk state is used as a journal, eg. we can restore after crash etc.
 	container.State.setRunning(container.cmd.Process.Pid)
+
+	// Init the lock
+	container.waitLock = make(chan struct{})
+
 	container.ToDisk()
 	go container.monitor()
 	return nil
@@ -456,15 +566,16 @@ func (container *Container) allocateNetwork() error {
 		return err
 	}
 	container.NetworkSettings.PortMapping = make(map[string]string)
-	for _, port := range container.Config.Ports {
-		if extPort, err := iface.AllocatePort(port); err != nil {
+	for _, spec := range container.Config.PortSpecs {
+		if nat, err := iface.AllocatePort(spec); err != nil {
 			iface.Release()
 			return err
 		} else {
-			container.NetworkSettings.PortMapping[strconv.Itoa(port)] = strconv.Itoa(extPort)
+			container.NetworkSettings.PortMapping[strconv.Itoa(nat.Backend)] = strconv.Itoa(nat.Frontend)
 		}
 	}
 	container.network = iface
+	container.NetworkSettings.Bridge = container.runtime.networkManager.bridgeIface
 	container.NetworkSettings.IpAddress = iface.IPNet.IP.String()
 	container.NetworkSettings.IpPrefixLen, _ = iface.IPNet.Mask.Size()
 	container.NetworkSettings.Gateway = iface.Gateway.String()
@@ -477,16 +588,42 @@ func (container *Container) releaseNetwork() {
 	container.NetworkSettings = &NetworkSettings{}
 }

+// FIXME: replace this with a control socket within docker-init
+func (container *Container) waitLxc() error {
+	for {
+		if output, err := exec.Command("lxc-info", "-n", container.Id).CombinedOutput(); err != nil {
+			return err
+		} else {
+			if !strings.Contains(string(output), "RUNNING") {
+				return nil
+			}
+		}
+		time.Sleep(500 * time.Millisecond)
+	}
+	return nil
+}
+
 func (container *Container) monitor() {
 	// Wait for the program to exit
 	Debugf("Waiting for process")
-	if err := container.cmd.Wait(); err != nil {
-		// Discard the error as any signals or non 0 returns will generate an error
-		Debugf("%s: Process: %s", container.Id, err)
+
+	// If the command does not exists, try to wait via lxc
+	if container.cmd == nil {
+		if err := container.waitLxc(); err != nil {
+			Debugf("%s: Process: %s", container.Id, err)
+		}
+	} else {
+		if err := container.cmd.Wait(); err != nil {
+			// Discard the error as any signals or non 0 returns will generate an error
+			Debugf("%s: Process: %s", container.Id, err)
+		}
 	}
 	Debugf("Process finished")

-	exitCode := container.cmd.ProcessState.Sys().(syscall.WaitStatus).ExitStatus()
+	var exitCode int = -1
+	if container.cmd != nil {
+		exitCode = container.cmd.ProcessState.Sys().(syscall.WaitStatus).ExitStatus()
+	}

 	// Cleanup
 	container.releaseNetwork()
@@ -502,19 +639,9 @@ func (container *Container) monitor() {
 		Debugf("%s: Error close stderr: %s", container.Id, err)
 	}

-	if container.ptyStdinMaster != nil {
-		if err := container.ptyStdinMaster.Close(); err != nil {
-			Debugf("%s: Error close pty stdin master: %s", container.Id, err)
-		}
-	}
-	if container.ptyStdoutMaster != nil {
-		if err := container.ptyStdoutMaster.Close(); err != nil {
-			Debugf("%s: Error close pty stdout master: %s", container.Id, err)
-		}
-	}
-	if container.ptyStderrMaster != nil {
-		if err := container.ptyStderrMaster.Close(); err != nil {
-			Debugf("%s: Error close pty stderr master: %s", container.Id, err)
+	if container.ptyMaster != nil {
+		if err := container.ptyMaster.Close(); err != nil {
+			Debugf("%s: Error closing Pty master: %s", container.Id, err)
 		}
 	}

@@ -529,6 +656,10 @@ func (container *Container) monitor() {

 	// Report status back
 	container.State.setStopped(exitCode)
+
+	// Release the lock
+	close(container.waitLock)
+
 	if err := container.ToDisk(); err != nil {
 		// FIXME: there is a race condition here which causes this to fail during the unit tests.
 		// If another goroutine was waiting for Wait() to return before removing the container's root
@@ -541,25 +672,44 @@ func (container *Container) monitor() {
 }

 func (container *Container) kill() error {
-	if container.cmd == nil {
+	if !container.State.Running {
 		return nil
 	}
-	if err := container.cmd.Process.Kill(); err != nil {
-		return err
+
+	// Sending SIGKILL to the process via lxc
+	output, err := exec.Command("lxc-kill", "-n", container.Id, "9").CombinedOutput()
+	if err != nil {
+		log.Printf("error killing container %s (%s, %s)", container.Id, output, err)
 	}
+
+	// 2. Wait for the process to die, in last resort, try to kill the process directly
+	if err := container.WaitTimeout(10 * time.Second); err != nil {
+		if container.cmd == nil {
+			return fmt.Errorf("lxc-kill failed, impossible to kill the container %s", container.Id)
+		}
+		log.Printf("Container %s failed to exit within 10 seconds of lxc SIGKILL - trying direct SIGKILL", container.Id)
+		if err := container.cmd.Process.Kill(); err != nil {
+			return err
+		}
+	}
+
 	// Wait for the container to be actually stopped
 	container.Wait()
 	return nil
 }

 func (container *Container) Kill() error {
+	container.State.lock()
+	defer container.State.unlock()
 	if !container.State.Running {
 		return nil
 	}
 	return container.kill()
 }

-func (container *Container) Stop() error {
+func (container *Container) Stop(seconds int) error {
+	container.State.lock()
+	defer container.State.unlock()
 	if !container.State.Running {
 		return nil
 	}
@@ -568,23 +718,23 @@ func (container *Container) Stop() error {
 	if output, err := exec.Command("lxc-kill", "-n", container.Id, "15").CombinedOutput(); err != nil {
 		log.Print(string(output))
 		log.Print("Failed to send SIGTERM to the process, force killing")
-		if err := container.Kill(); err != nil {
+		if err := container.kill(); err != nil {
 			return err
 		}
 	}

 	// 2. Wait for the process to exit on its own
-	if err := container.WaitTimeout(10 * time.Second); err != nil {
-		log.Printf("Container %v failed to exit within 10 seconds of SIGTERM - using the force", container.Id)
-		if err := container.Kill(); err != nil {
+	if err := container.WaitTimeout(time.Duration(seconds) * time.Second); err != nil {
+		log.Printf("Container %v failed to exit within %d seconds of SIGTERM - using the force", container.Id, seconds)
+		if err := container.kill(); err != nil {
 			return err
 		}
 	}
 	return nil
 }

-func (container *Container) Restart() error {
-	if err := container.Stop(); err != nil {
+func (container *Container) Restart(seconds int) error {
+	if err := container.Stop(seconds); err != nil {
 		return err
 	}
 	if err := container.Start(); err != nil {
@@ -595,10 +745,7 @@ func (container *Container) Restart() error {

 // Wait blocks until the container stops running, then returns its exit code.
 func (container *Container) Wait() int {
-
-	for container.State.Running {
-		container.State.wait()
-	}
+	<-container.waitLock
 	return container.State.ExitCode
 }

@@ -606,6 +753,14 @@ func (container *Container) ExportRw() (Archive, error) {
 	return Tar(container.rwPath(), Uncompressed)
 }

+func (container *Container) RwChecksum() (string, error) {
+	rwData, err := Tar(container.rwPath(), Xz)
+	if err != nil {
+		return "", err
+	}
+	return HashData(rwData)
+}
+
 func (container *Container) Export() (Archive, error) {
 	if err := container.EnsureMounted(); err != nil {
 		return nil, err
@@ -626,7 +781,7 @@ func (container *Container) WaitTimeout(timeout time.Duration) error {
 	case <-done:
 		return nil
 	}
-	return nil
+	panic("unreachable")
 }

 func (container *Container) EnsureMounted() error {
@@ -698,6 +853,22 @@ func (container *Container) RootfsPath() string {
 	return path.Join(container.root, "rootfs")
 }

+func (container *Container) GetVolumes() (map[string]string, error) {
+	ret := make(map[string]string)
+	for volPath, id := range container.Volumes {
+		volume, err := container.runtime.volumes.Get(id)
+		if err != nil {
+			return nil, err
+		}
+		root, err := volume.root()
+		if err != nil {
+			return nil, err
+		}
+		ret[volPath] = path.Join(root, "layer")
+	}
+	return ret, nil
+}
+
 func (container *Container) rwPath() string {
 	return path.Join(container.root, "rw")
 }
--- a/container_test.go
+++ b/container_test.go
@@ -20,11 +20,10 @@ func TestIdFormat(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container1, err := runtime.Create(
+	container1, err := NewBuilder(runtime).Create(
 		&Config{
-			Image:  GetTestImage(runtime).Id,
-			Cmd:    []string{"/bin/sh", "-c", "echo hello world"},
-			Memory: 33554432,
+			Image: GetTestImage(runtime).Id,
+			Cmd:   []string{"/bin/sh", "-c", "echo hello world"},
 		},
 	)
 	if err != nil {
@@ -45,12 +44,11 @@ func TestMultipleAttachRestart(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(
+	container, err := NewBuilder(runtime).Create(
 		&Config{
 			Image: GetTestImage(runtime).Id,
 			Cmd: []string{"/bin/sh", "-c",
 				"i=1; while [ $i -le 5 ]; do i=`expr $i + 1`;  echo hello; done"},
-			Memory: 33554432,
 		},
 	)
 	if err != nil {
@@ -97,7 +95,7 @@ func TestMultipleAttachRestart(t *testing.T) {
 		t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l3)
 	}

-	if err := container.Stop(); err != nil {
+	if err := container.Stop(10); err != nil {
 		t.Fatal(err)
 	}

@@ -116,8 +114,8 @@ func TestMultipleAttachRestart(t *testing.T) {
 	if err := container.Start(); err != nil {
 		t.Fatal(err)
 	}
-	timeout := make(chan bool)
-	go func() {
+
+	setTimeout(t, "Timeout reading from the process", 3*time.Second, func() {
 		l1, err = bufio.NewReader(stdout1).ReadString('\n')
 		if err != nil {
 			t.Fatal(err)
@@ -139,28 +137,100 @@ func TestMultipleAttachRestart(t *testing.T) {
 		if strings.Trim(l3, " \r\n") != "hello" {
 			t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l3)
 		}
-		timeout <- false
-	}()
-	go func() {
-		time.Sleep(3 * time.Second)
-		timeout <- true
-	}()
-	if <-timeout {
-		t.Fatalf("Timeout reading from the process")
-	}
+	})
+	container.Wait()
 }

-func TestCommitRun(t *testing.T) {
+func TestDiff(t *testing.T) {
 	runtime, err := newTestRuntime()
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container1, err := runtime.Create(
+
+	builder := NewBuilder(runtime)
+
+	// Create a container and remove a file
+	container1, err := builder.Create(
 		&Config{
-			Image:  GetTestImage(runtime).Id,
-			Cmd:    []string{"/bin/sh", "-c", "echo hello > /world"},
-			Memory: 33554432,
+			Image: GetTestImage(runtime).Id,
+			Cmd:   []string{"/bin/rm", "/etc/passwd"},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container1)
+
+	if err := container1.Run(); err != nil {
+		t.Fatal(err)
+	}
+
+	// Check the changelog
+	c, err := container1.Changes()
+	if err != nil {
+		t.Fatal(err)
+	}
+	success := false
+	for _, elem := range c {
+		if elem.Path == "/etc/passwd" && elem.Kind == 2 {
+			success = true
+		}
+	}
+	if !success {
+		t.Fatalf("/etc/passwd as been removed but is not present in the diff")
+	}
+
+	// Commit the container
+	rwTar, err := container1.ExportRw()
+	if err != nil {
+		t.Error(err)
+	}
+	img, err := runtime.graph.Create(rwTar, container1, "unit test commited image - diff", "", nil)
+	if err != nil {
+		t.Error(err)
+	}
+
+	// Create a new container from the commited image
+	container2, err := builder.Create(
+		&Config{
+			Image: img.Id,
+			Cmd:   []string{"cat", "/etc/passwd"},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container2)
+
+	if err := container2.Run(); err != nil {
+		t.Fatal(err)
+	}
+
+	// Check the changelog
+	c, err = container2.Changes()
+	if err != nil {
+		t.Fatal(err)
+	}
+	for _, elem := range c {
+		if elem.Path == "/etc/passwd" {
+			t.Fatalf("/etc/passwd should not be present in the diff after commit.")
+		}
+	}
+}
+
+func TestCommitAutoRun(t *testing.T) {
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	builder := NewBuilder(runtime)
+	container1, err := builder.Create(
+		&Config{
+			Image: GetTestImage(runtime).Id,
+			Cmd:   []string{"/bin/sh", "-c", "echo hello > /world"},
 		},
 	)
 	if err != nil {
@@ -182,18 +252,97 @@ func TestCommitRun(t *testing.T) {
 	if err != nil {
 		t.Error(err)
 	}
-	img, err := runtime.graph.Create(rwTar, container1, "unit test commited image")
+	img, err := runtime.graph.Create(rwTar, container1, "unit test commited image", "", &Config{Cmd: []string{"cat", "/world"}})
+	if err != nil {
+		t.Error(err)
+	}
+
+	// FIXME: Make a TestCommit that stops here and check docker.root/layers/img.id/world
+	container2, err := builder.Create(
+		&Config{
+			Image: img.Id,
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container2)
+	stdout, err := container2.StdoutPipe()
+	if err != nil {
+		t.Fatal(err)
+	}
+	stderr, err := container2.StderrPipe()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := container2.Start(); err != nil {
+		t.Fatal(err)
+	}
+	container2.Wait()
+	output, err := ioutil.ReadAll(stdout)
+	if err != nil {
+		t.Fatal(err)
+	}
+	output2, err := ioutil.ReadAll(stderr)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := stdout.Close(); err != nil {
+		t.Fatal(err)
+	}
+	if err := stderr.Close(); err != nil {
+		t.Fatal(err)
+	}
+	if string(output) != "hello\n" {
+		t.Fatalf("Unexpected output. Expected %s, received: %s (err: %s)", "hello\n", output, output2)
+	}
+}
+
+func TestCommitRun(t *testing.T) {
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	builder := NewBuilder(runtime)
+
+	container1, err := builder.Create(
+		&Config{
+			Image: GetTestImage(runtime).Id,
+			Cmd:   []string{"/bin/sh", "-c", "echo hello > /world"},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container1)
+
+	if container1.State.Running {
+		t.Errorf("Container shouldn't be running")
+	}
+	if err := container1.Run(); err != nil {
+		t.Fatal(err)
+	}
+	if container1.State.Running {
+		t.Errorf("Container shouldn't be running")
+	}
+
+	rwTar, err := container1.ExportRw()
+	if err != nil {
+		t.Error(err)
+	}
+	img, err := runtime.graph.Create(rwTar, container1, "unit test commited image", "", nil)
 	if err != nil {
 		t.Error(err)
 	}

 	// FIXME: Make a TestCommit that stops here and check docker.root/layers/img.id/world

-	container2, err := runtime.Create(
+	container2, err := builder.Create(
 		&Config{
-			Image:  img.Id,
-			Memory: 33554432,
-			Cmd:    []string{"cat", "/world"},
+			Image: img.Id,
+			Cmd:   []string{"cat", "/world"},
 		},
 	)
 	if err != nil {
@@ -237,7 +386,7 @@ func TestStart(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(
+	container, err := NewBuilder(runtime).Create(
 		&Config{
 			Image:     GetTestImage(runtime).Id,
 			Memory:    33554432,
@@ -267,6 +416,7 @@ func TestStart(t *testing.T) {
 	// Try to avoid the timeoout in destroy. Best effort, don't check error
 	cStdin, _ := container.StdinPipe()
 	cStdin.Close()
+	container.WaitTimeout(2 * time.Second)
 }

 func TestRun(t *testing.T) {
@@ -275,11 +425,10 @@ func TestRun(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(
+	container, err := NewBuilder(runtime).Create(
 		&Config{
-			Image:  GetTestImage(runtime).Id,
-			Memory: 33554432,
-			Cmd:    []string{"ls", "-al"},
+			Image: GetTestImage(runtime).Id,
+			Cmd:   []string{"ls", "-al"},
 		},
 	)
 	if err != nil {
@@ -304,7 +453,7 @@ func TestOutput(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(
+	container, err := NewBuilder(runtime).Create(
 		&Config{
 			Image: GetTestImage(runtime).Id,
 			Cmd:   []string{"echo", "-n", "foobar"},
@@ -323,13 +472,61 @@ func TestOutput(t *testing.T) {
 	}
 }

+func TestKillDifferentUser(t *testing.T) {
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+	container, err := NewBuilder(runtime).Create(&Config{
+		Image: GetTestImage(runtime).Id,
+		Cmd:   []string{"tail", "-f", "/etc/resolv.conf"},
+		User:  "daemon",
+	},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container)
+
+	if container.State.Running {
+		t.Errorf("Container shouldn't be running")
+	}
+	if err := container.Start(); err != nil {
+		t.Fatal(err)
+	}
+
+	// Give some time to lxc to spawn the process (setuid might take some time)
+	container.WaitTimeout(500 * time.Millisecond)
+
+	if !container.State.Running {
+		t.Errorf("Container should be running")
+	}
+
+	if err := container.Kill(); err != nil {
+		t.Fatal(err)
+	}
+
+	if container.State.Running {
+		t.Errorf("Container shouldn't be running")
+	}
+	container.Wait()
+	if container.State.Running {
+		t.Errorf("Container shouldn't be running")
+	}
+	// Try stopping twice
+	if err := container.Kill(); err != nil {
+		t.Fatal(err)
+	}
+}
+
 func TestKill(t *testing.T) {
 	runtime, err := newTestRuntime()
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"cat", "/dev/zero"},
 	},
@@ -345,6 +542,10 @@ func TestKill(t *testing.T) {
 	if err := container.Start(); err != nil {
 		t.Fatal(err)
 	}
+
+	// Give some time to lxc to spawn the process
+	container.WaitTimeout(500 * time.Millisecond)
+
 	if !container.State.Running {
 		t.Errorf("Container should be running")
 	}
@@ -371,7 +572,9 @@ func TestExitCode(t *testing.T) {
 	}
 	defer nuke(runtime)

-	trueContainer, err := runtime.Create(&Config{
+	builder := NewBuilder(runtime)
+
+	trueContainer, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"/bin/true", ""},
 	})
@@ -386,7 +589,7 @@ func TestExitCode(t *testing.T) {
 		t.Errorf("Unexpected exit code %d (expected 0)", trueContainer.State.ExitCode)
 	}

-	falseContainer, err := runtime.Create(&Config{
+	falseContainer, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"/bin/false", ""},
 	})
@@ -408,7 +611,7 @@ func TestRestart(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"echo", "-n", "foobar"},
 	},
@@ -441,7 +644,7 @@ func TestRestartStdin(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"cat"},

@@ -520,8 +723,10 @@ func TestUser(t *testing.T) {
 	}
 	defer nuke(runtime)

+	builder := NewBuilder(runtime)
+
 	// Default user must be root
-	container, err := runtime.Create(&Config{
+	container, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"id"},
 	},
@@ -539,7 +744,7 @@ func TestUser(t *testing.T) {
 	}

 	// Set a username
-	container, err = runtime.Create(&Config{
+	container, err = builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"id"},

@@ -559,7 +764,7 @@ func TestUser(t *testing.T) {
 	}

 	// Set a UID
-	container, err = runtime.Create(&Config{
+	container, err = builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"id"},

@@ -579,7 +784,7 @@ func TestUser(t *testing.T) {
 	}

 	// Set a different user by uid
-	container, err = runtime.Create(&Config{
+	container, err = builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"id"},

@@ -601,7 +806,7 @@ func TestUser(t *testing.T) {
 	}

 	// Set a different user by username
-	container, err = runtime.Create(&Config{
+	container, err = builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"id"},

@@ -628,7 +833,9 @@ func TestMultipleContainers(t *testing.T) {
 	}
 	defer nuke(runtime)

-	container1, err := runtime.Create(&Config{
+	builder := NewBuilder(runtime)
+
+	container1, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"cat", "/dev/zero"},
 	},
@@ -638,7 +845,7 @@ func TestMultipleContainers(t *testing.T) {
 	}
 	defer runtime.Destroy(container1)

-	container2, err := runtime.Create(&Config{
+	container2, err := builder.Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"cat", "/dev/zero"},
 	},
@@ -656,6 +863,10 @@ func TestMultipleContainers(t *testing.T) {
 		t.Fatal(err)
 	}

+	// Make sure they are running before trying to kill them
+	container1.WaitTimeout(250 * time.Millisecond)
+	container2.WaitTimeout(250 * time.Millisecond)
+
 	// If we are here, both containers should be running
 	if !container1.State.Running {
 		t.Fatal("Container not running")
@@ -680,7 +891,7 @@ func TestStdin(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"cat"},

@@ -727,7 +938,7 @@ func TestTty(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"cat"},

@@ -774,7 +985,7 @@ func TestEnv(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"/usr/bin/env"},
 	},
@@ -848,7 +1059,7 @@ func TestLXCConfig(t *testing.T) {
 	memMin := 33554432
 	memMax := 536870912
 	mem := memMin + rand.Intn(memMax-memMin)
-	container, err := runtime.Create(&Config{
+	container, err := NewBuilder(runtime).Create(&Config{
 		Image: GetTestImage(runtime).Id,
 		Cmd:   []string{"/bin/true"},

@@ -875,7 +1086,7 @@ func BenchmarkRunSequencial(b *testing.B) {
 	}
 	defer nuke(runtime)
 	for i := 0; i < b.N; i++ {
-		container, err := runtime.Create(&Config{
+		container, err := NewBuilder(runtime).Create(&Config{
 			Image: GetTestImage(runtime).Id,
 			Cmd:   []string{"echo", "-n", "foo"},
 		},
@@ -910,7 +1121,7 @@ func BenchmarkRunParallel(b *testing.B) {
 		complete := make(chan error)
 		tasks = append(tasks, complete)
 		go func(i int, complete chan error) {
-			container, err := runtime.Create(&Config{
+			container, err := NewBuilder(runtime).Create(&Config{
 				Image: GetTestImage(runtime).Id,
 				Cmd:   []string{"echo", "-n", "foo"},
 			},
--- a/contrib/crashTest.go
+++ b/contrib/crashTest.go
@@ -0,0 +1,126 @@
+package main
+
+import (
+	"fmt"
+	"io"
+	"log"
+	"net"
+	"os"
+	"os/exec"
+	"path"
+	"time"
+)
+
+var DOCKER_PATH string = path.Join(os.Getenv("DOCKERPATH"), "docker")
+
+// WARNING: this crashTest will 1) crash your host, 2) remove all containers
+func runDaemon() (*exec.Cmd, error) {
+	os.Remove("/var/run/docker.pid")
+	exec.Command("rm", "-rf", "/var/lib/docker/containers").Run()
+	cmd := exec.Command(DOCKER_PATH, "-d")
+	outPipe, err := cmd.StdoutPipe()
+	if err != nil {
+		return nil, err
+	}
+	errPipe, err := cmd.StderrPipe()
+	if err != nil {
+		return nil, err
+	}
+	if err := cmd.Start(); err != nil {
+		return nil, err
+	}
+	go func() {
+		io.Copy(os.Stdout, outPipe)
+	}()
+	go func() {
+		io.Copy(os.Stderr, errPipe)
+	}()
+	return cmd, nil
+}
+
+func crashTest() error {
+	if err := exec.Command("/bin/bash", "-c", "while true; do true; done").Start(); err != nil {
+		return err
+	}
+
+	var endpoint string
+	if ep := os.Getenv("TEST_ENDPOINT"); ep == "" {
+		endpoint = "192.168.56.1:7979"
+	} else {
+		endpoint = ep
+	}
+
+	c := make(chan bool)
+	var conn io.Writer
+
+	go func() {
+		conn, _ = net.Dial("tcp", endpoint)
+		c <- false
+	}()
+	go func() {
+		time.Sleep(2 * time.Second)
+		c <- true
+	}()
+	<-c
+
+	restartCount := 0
+	totalTestCount := 1
+	for {
+		daemon, err := runDaemon()
+		if err != nil {
+			return err
+		}
+		restartCount++
+		//		time.Sleep(5000 * time.Millisecond)
+		var stop bool
+		go func() error {
+			stop = false
+			for i := 0; i < 100 && !stop; {
+				func() error {
+					cmd := exec.Command(DOCKER_PATH, "run", "base", "echo", fmt.Sprintf("%d", totalTestCount))
+					i++
+					totalTestCount++
+					outPipe, err := cmd.StdoutPipe()
+					if err != nil {
+						return err
+					}
+					inPipe, err := cmd.StdinPipe()
+					if err != nil {
+						return err
+					}
+					if err := cmd.Start(); err != nil {
+						return err
+					}
+					if conn != nil {
+						go io.Copy(conn, outPipe)
+					}
+
+					// Expecting error, do not check
+					inPipe.Write([]byte("hello world!!!!!\n"))
+					go inPipe.Write([]byte("hello world!!!!!\n"))
+					go inPipe.Write([]byte("hello world!!!!!\n"))
+					inPipe.Close()
+
+					if err := cmd.Wait(); err != nil {
+						return err
+					}
+					outPipe.Close()
+					return nil
+				}()
+			}
+			return nil
+		}()
+		time.Sleep(20 * time.Second)
+		stop = true
+		if err := daemon.Process.Kill(); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func main() {
+	if err := crashTest(); err != nil {
+		log.Println(err)
+	}
+}
--- a/contrib/docker-build/README
+++ b/contrib/docker-build/README
@@ -0,0 +1,68 @@
+# docker-build: build your software with docker
+
+## Description
+
+docker-build is a script to build docker images from source. It will be deprecated once the 'build' feature is incorporated into docker itself (See https://github.com/dotcloud/docker/issues/278)
+
+Author: Solomon Hykes <solomon@dotcloud.com>
+
+
+## Install
+
+docker-builder requires:
+
+1) A reasonably recent Python setup (tested on 2.7.2).
+
+2) A running docker daemon at version 0.1.4 or more recent (http://www.docker.io/gettingstarted)
+
+
+## Usage
+
+First create a valid Changefile, which defines a sequence of changes to apply to a base image.
+
+    $ cat Changefile
+    # Start build from a know base image
+    from	base:ubuntu-12.10
+    # Update ubuntu sources
+    run	echo 'deb http://archive.ubuntu.com/ubuntu quantal main universe multiverse' > /etc/apt/sources.list
+    run	apt-get update
+    # Install system packages
+    run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q git
+    run DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl
+    run DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang
+    # Insert files from the host (./myscript must be present in the current directory)
+    copy	myscript /usr/local/bin/myscript
+
+
+Run docker-build, and pass the contents of your Changefile as standard input.
+
+    $ IMG=$(./docker-build < Changefile)
+
+This will take a while: for each line of the changefile, docker-build will:
+
+1. Create a new container to execute the given command or insert the given file
+2. Wait for the container to complete execution
+3. Commit the resulting changes as a new image
+4. Use the resulting image as the input of the next step
+
+
+If all the steps succeed, the result will be an image containing the combined results of each build step.
+You can trace back those build steps by inspecting the image's history:
+
+    $ docker history $IMG
+    ID                  CREATED             CREATED BY
+    1e9e2045de86        A few seconds ago   /bin/sh -c cat > /usr/local/bin/myscript; chmod +x /usr/local/bin/git
+    77db140aa62a        A few seconds ago   /bin/sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang
+    77db140aa62a        A few seconds ago   /bin/sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl
+    77db140aa62a        A few seconds ago   /bin/sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -q git 
+    83e85d155451        A few seconds ago   /bin/sh -c apt-get update
+    bfd53b36d9d3        A few seconds ago   /bin/sh -c echo 'deb http://archive.ubuntu.com/ubuntu quantal main universe multiverse' > /etc/apt/sources.list
+    base		2 weeks ago         /bin/bash
+    27cf78414709        2 weeks ago
+
+
+Note that your build started from 'base', as instructed by your Changefile. But that base image itself seems to have been built in 2 steps - hence the extra step in the history.
+
+
+You can use this build technique to create any image you want: a database, a web application, or anything else that can be build by a sequence of unix commands - in other words, anything else.
+
--- a/contrib/docker-build/docker-build
+++ b/contrib/docker-build/docker-build
@@ -0,0 +1,142 @@
+#!/usr/bin/env python
+
+# docker-build is a script to build docker images from source.
+# It will be deprecated once the 'build' feature is incorporated into docker itself.
+# (See https://github.com/dotcloud/docker/issues/278)
+#
+# Author: Solomon Hykes <solomon@dotcloud.com>
+
+
+
+# First create a valid Changefile, which defines a sequence of changes to apply to a base image.
+# 
+#     $ cat Changefile
+#     # Start build from a know base image
+#     from	base:ubuntu-12.10
+#     # Update ubuntu sources
+#     run	echo 'deb http://archive.ubuntu.com/ubuntu quantal main universe multiverse' > /etc/apt/sources.list
+#     run	apt-get update
+#     # Install system packages
+#     run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q git
+#     run DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl
+#     run DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang
+#     # Insert files from the host (./myscript must be present in the current directory)
+#     copy	myscript /usr/local/bin/myscript
+# 
+# 
+# Run docker-build, and pass the contents of your Changefile as standard input.
+# 
+#     $ IMG=$(./docker-build < Changefile)
+# 
+# This will take a while: for each line of the changefile, docker-build will:
+# 
+# 1. Create a new container to execute the given command or insert the given file
+# 2. Wait for the container to complete execution
+# 3. Commit the resulting changes as a new image
+# 4. Use the resulting image as the input of the next step
+
+
+import sys
+import subprocess
+import json
+import hashlib
+
+def docker(args, stdin=None):
+	print "# docker " + " ".join(args)
+	p = subprocess.Popen(["docker"] + list(args), stdin=stdin, stdout=subprocess.PIPE)
+	return p.stdout
+
+def image_exists(img):
+	return docker(["inspect", img]).read().strip() != ""
+
+def image_config(img):
+	return json.loads(docker(["inspect", img]).read()).get("config", {})
+
+def run_and_commit(img_in, cmd, stdin=None, author=None, run=None):
+	run_id = docker(["run"] + (["-i", "-a", "stdin"] if stdin else ["-d"]) + [img_in, "/bin/sh", "-c", cmd], stdin=stdin).read().rstrip()
+	print "---> Waiting for " + run_id
+	result=int(docker(["wait", run_id]).read().rstrip())
+	if result != 0:
+		print "!!! '{}' return non-zero exit code '{}'. Aborting.".format(cmd, result)
+		sys.exit(1)
+	return docker(["commit"] + (["-author", author] if author else []) + (["-run", json.dumps(run)] if run is not None else []) + [run_id]).read().rstrip()
+
+def insert(base, src, dst, author=None):
+	print "COPY {} to {} in {}".format(src, dst, base)
+	if dst == "":
+		raise Exception("Missing destination path")
+	stdin = file(src)
+	stdin.seek(0)
+	return run_and_commit(base, "cat > {0}; chmod +x {0}".format(dst), stdin=stdin, author=author)
+
+def add(base, src, dst, author=None):
+	print "PUSH to {} in {}".format(dst, base)
+	if src == ".":
+		tar = subprocess.Popen(["tar", "-c", "."], stdout=subprocess.PIPE).stdout
+	else:
+		tar = subprocess.Popen(["curl", src], stdout=subprocess.PIPE).stdout
+	if dst == "":
+		raise Exception("Missing argument to push")
+	return run_and_commit(base, "mkdir -p '{0}' && tar -C '{0}' -x".format(dst), stdin=tar, author=author)
+
+def main():
+	base=""
+	maintainer=""
+	steps = []
+	try:
+		for line in sys.stdin.readlines():
+			line = line.strip()
+			# Skip comments and empty lines
+			if line == "" or line[0] == "#":
+				continue
+			op, param = line.split(None, 1)
+			print op.upper() + " " + param
+			if op == "from":
+				base = param
+				steps.append(base)
+			elif op == "maintainer":
+				maintainer = param
+			elif op == "run":
+				result = run_and_commit(base, param, author=maintainer)
+				steps.append(result)
+				base = result
+				print "===> " + base
+			elif op == "copy":
+				src, dst = param.split("	", 1)
+				result = insert(base, src, dst, author=maintainer)
+				steps.append(result)
+				base = result
+				print "===> " + base
+			elif op == "add":
+				src, dst = param.split("	", 1)
+				result = add(base, src, dst, author=maintainer)
+				steps.append(result)
+				base=result
+				print "===> " + base
+			elif op == "expose":
+				config = image_config(base)
+				if config.get("PortSpecs") is None:
+					config["PortSpecs"] = []
+				portspec = param.strip()
+				config["PortSpecs"].append(portspec)
+				result = run_and_commit(base, "# (nop) expose port {}".format(portspec), author=maintainer, run=config)
+				steps.append(result)
+				base=result
+				print "===> " + base
+			elif op == "cmd":
+				config  = image_config(base)
+				cmd = list(json.loads(param))
+				config["Cmd"] = cmd
+				result = run_and_commit(base, "# (nop) set default command to '{}'".format(" ".join(cmd)), author=maintainer, run=config)
+				steps.append(result)
+				base=result
+				print "===> " + base
+			else:
+				print "Skipping uknown op " + op
+	except:
+		docker(["rmi"] + steps[1:])
+		raise
+	print base
+
+if __name__ == "__main__":
+	main()
--- a/contrib/docker-build/example.changefile
+++ b/contrib/docker-build/example.changefile
@@ -0,0 +1,13 @@
+# Start build from a know base image
+maintainer	Solomon Hykes <solomon@dotcloud.com>
+from	base:ubuntu-12.10
+# Update ubuntu sources
+run	echo 'deb http://archive.ubuntu.com/ubuntu quantal main universe multiverse' > /etc/apt/sources.list
+run	apt-get update
+# Install system packages
+run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q git
+run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl
+run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang
+# Insert files from the host (./myscript must be present in the current directory)
+copy	myscript	/usr/local/bin/myscript
+push	/src
--- a/contrib/docker-build/myscript
+++ b/contrib/docker-build/myscript
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo hello, world!
--- a/contrib/install.sh
+++ b/contrib/install.sh
@@ -36,16 +36,16 @@ else
 fi

 echo "Downloading docker binary and uncompressing into /usr/local/bin..."
-curl -s http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-master.tgz |
+curl -s http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-latest.tgz |
 tar -C /usr/local/bin --strip-components=1 -zxf- \
-docker-master/docker
+docker-latest/docker

 if [ -f /etc/init/dockerd.conf ]
 then
  echo "Upstart script already exists."
 else
  echo "Creating /etc/init/dockerd.conf..."
-  echo "exec /usr/local/bin/docker -d" > /etc/init/dockerd.conf
+  echo "exec env LANG=\"en_US.UTF-8\" /usr/local/bin/docker -d" > /etc/init/dockerd.conf
 fi

 echo "Starting dockerd..."
--- a/contrib/mkimage-debian.sh
+++ b/contrib/mkimage-debian.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+set -e
+
+# these should match the names found at http://www.debian.org/releases/
+stableSuite='squeeze'
+testingSuite='wheezy'
+unstableSuite='sid'
+
+# if suite is equal to this, it gets the "latest" tag
+latestSuite="$testingSuite"
+
+variant='minbase'
+include='iproute,iputils-ping'
+
+repo="$1"
+suite="${2:-$latestSuite}"
+mirror="${3:-}" # stick to the default debootstrap mirror if one is not provided
+
+if [ ! "$repo" ]; then
+	echo >&2 "usage: $0 repo [suite [mirror]]"
+	echo >&2 "   ie: $0 tianon/debian squeeze"
+	exit 1
+fi
+
+target="/tmp/docker-rootfs-debian-$suite-$$-$RANDOM"
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+returnTo="$(pwd -P)"
+
+set -x
+
+# bootstrap
+mkdir -p "$target"
+sudo debootstrap --verbose --variant="$variant" --include="$include" "$suite" "$target" "$mirror"
+
+cd "$target"
+
+# create the image
+img=$(sudo tar -c . | docker import -)
+
+# tag suite
+docker tag $img $repo $suite
+
+if [ "$suite" = "$latestSuite" ]; then
+	# tag latest
+	docker tag $img $repo latest
+fi
+
+# test the image
+docker run -i -t $repo:$suite echo success
+
+# unstable's version numbers match testing (since it's mostly just a sandbox for testing), so it doesn't get a version number tag
+if [ "$suite" != "$unstableSuite" -a "$suite" != 'unstable' ]; then
+	# tag the specific version
+	ver=$(docker run $repo:$suite cat /etc/debian_version)
+	docker tag $img $repo $ver
+fi
+
+# cleanup
+cd "$returnTo"
+sudo rm -rf "$target"
--- a/contrib/vagrant-docker/README.md
+++ b/contrib/vagrant-docker/README.md
@@ -0,0 +1,3 @@
+# Vagrant-docker
+
+This is a placeholder for the official vagrant-docker, a plugin for Vagrant (http://vagrantup.com) which exposes Docker as a provider.
--- a/deb/Makefile
+++ b/deb/Makefile
@@ -1 +0,0 @@
-../Makefile
--- a/deb/Makefile.deb
+++ b/deb/Makefile.deb
@@ -1,73 +0,0 @@
-PKG_NAME=dotcloud-docker
-PKG_ARCH=amd64
-PKG_VERSION=1
-ROOT_PATH:=$(PWD)
-BUILD_PATH=build	# Do not change, decided by dpkg-buildpackage
-BUILD_SRC=build_src
-GITHUB_PATH=src/github.com/dotcloud/docker
-INSDIR=usr/bin
-SOURCE_PACKAGE=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz
-DEB_PACKAGE=$(PKG_NAME)_$(PKG_VERSION)_$(PKG_ARCH).deb
-EXTRA_GO_PKG=./auth
-
-TMPDIR=$(shell mktemp -d -t XXXXXX)
-
-
-# Build a debian source package
-all: clean build_in_deb
-
-build_in_deb:
-	echo "GOPATH = " $(ROOT_PATH)
-	mkdir bin
-	cd $(GITHUB_PATH)/docker; GOPATH=$(ROOT_PATH) go build -o $(ROOT_PATH)/bin/docker
-
-# DESTDIR provided by Debian packaging
-install:
-	# Call this from a go environment (as packaged for deb source package)
-	mkdir -p $(DESTDIR)/$(INSDIR)
-	mkdir -p $(DESTDIR)/etc/init
-	install -m 0755 bin/docker $(DESTDIR)/$(INSDIR)
-	install -o root -m 0755 etc/docker.upstart $(DESTDIR)/etc/init/docker.conf
-
-$(BUILD_SRC): clean
-	# Copy ourselves into $BUILD_SRC to comply with unusual golang constraints
-	tar --exclude=*.tar.gz --exclude=checkout.tgz -f checkout.tgz -cz *
-	mkdir -p $(BUILD_SRC)/$(GITHUB_PATH)
-	tar -f checkout.tgz -C $(BUILD_SRC)/$(GITHUB_PATH) -xz
-	cd $(BUILD_SRC)/$(GITHUB_PATH)/docker; GOPATH=$(ROOT_PATH)/$(BUILD_SRC) go get -d
-	for d in `find $(BUILD_SRC) -name '.git*'`; do rm -rf $$d; done
-	# Populate source build with debian stuff
-	cp -R -L ./deb/* $(BUILD_SRC)
-
-$(SOURCE_PACKAGE): $(BUILD_SRC)
-	rm -f $(SOURCE_PACKAGE)
-	# Create the debian source package
-	tar -f $(SOURCE_PACKAGE) -C ${ROOT_PATH}/${BUILD_SRC} -cz .
-
-# Build deb package fetching go dependencies and cleaning up git repositories
-deb: $(DEB_PACKAGE)
-
-$(DEB_PACKAGE): $(SOURCE_PACKAGE)
-	# dpkg-buildpackage looks for source package tarball in ../
-	cd $(BUILD_SRC); dpkg-buildpackage
-	rm -rf $(BUILD_PATH) debian/$(PKG_NAME)* debian/files
-
-debsrc: $(SOURCE_PACKAGE)
-
-# Build local sources
-#$(PKG_NAME): build_local
-
-build_local:
-	-@mkdir -p bin
-	cd docker && go build -o ../bin/docker
-
-gotest:
-	@echo "\033[36m[Testing]\033[00m docker..."
-	@sudo -E GOPATH=$(ROOT_PATH)/$(BUILD_SRC) go test -v . $(EXTRA_GO_PKG) && \
-		echo -n "\033[32m[OK]\033[00m" || \
-		echo -n "\033[31m[FAIL]\033[00m"; \
-		echo " docker"
-	@sudo rm -rf /tmp/docker-*
-
-clean:
-	rm -rf $(BUILD_PATH) debian/$(PKG_NAME)* debian/files $(BUILD_SRC) checkout.tgz bin
--- a/deb/README.md
+++ b/deb/README.md
@@ -1 +0,0 @@
-../README.md
--- a/deb/debian/changelog
+++ b/deb/debian/changelog
@@ -1,5 +0,0 @@
-dotcloud-docker (1) precise; urgency=low
-
-  * Initial release
-
- -- dotCloud <ops@dotcloud.com>  Mon, 14 Mar 2013 04:43:21 -0700
--- a/deb/debian/control
+++ b/deb/debian/control
@@ -1,20 +0,0 @@
-Source: dotcloud-docker
-Section: misc
-Priority: extra
-Homepage: https://github.com/dotcloud/docker
-Maintainer: Daniel Mizyrycki <daniel@dotcloud.com>
-Build-Depends: debhelper (>= 8.0.0), git, golang
-Vcs-Git: https://github.com/dotcloud/docker.git
-Standards-Version: 3.9.2
-
-Package: dotcloud-docker
-Architecture: amd64
-Provides: dotcloud-docker
-Depends: lxc, wget, bsdtar, curl
-Conflicts: docker
-Description: A process manager with superpowers
-    It encapsulates heterogeneous payloads in Standard Containers, and runs
-    them on any server with strong guarantees of isolation and repeatability.
-    Is is a great building block for automating distributed systems:
-    large-scale web deployments, database clusters, continuous deployment
-    systems, private PaaS, service-oriented architectures, etc.
--- a/deb/debian/copyright
+++ b/deb/debian/copyright
@@ -1,209 +0,0 @@
-Format: http://dep.debian.net/deps/dep5
-Upstream-Name: dotcloud-docker
-Source: https://github.com/dotcloud/docker
-
-Files: *
-Copyright: 2012 DotCloud Inc (opensource@dotcloud.com)
-License: Apache License Version 2.0
-
-                                Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!) The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright 2012 DotCloud Inc (opensource@dotcloud.com)
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
--- a/deb/etc/docker-dev.upstart
+++ b/deb/etc/docker-dev.upstart
@@ -1,10 +0,0 @@
-description     "Run docker"
-
-start on runlevel [2345]
-stop on starting rc RUNLEVEL=[016]
-respawn
-
-script
-    test -f /etc/default/locale && . /etc/default/locale || true
-    LANG=$LANG LC_ALL=$LANG /usr/bin/docker -d
-end script
--- a/docker/docker.go
+++ b/docker/docker.go
@@ -2,16 +2,22 @@ package main

 import (
 	"flag"
+	"fmt"
 	"github.com/dotcloud/docker"
 	"github.com/dotcloud/docker/rcli"
 	"github.com/dotcloud/docker/term"
 	"io"
+	"io/ioutil"
 	"log"
 	"os"
 	"os/signal"
+	"strconv"
+	"syscall"
 )

-var GIT_COMMIT string
+var (
+	GIT_COMMIT string
+)

 func main() {
 	if docker.SelfPath() == "/sbin/init" {
@@ -22,7 +28,15 @@ func main() {
 	// FIXME: Switch d and D ? (to be more sshd like)
 	flDaemon := flag.Bool("d", false, "Daemon mode")
 	flDebug := flag.Bool("D", false, "Debug mode")
+	flAutoRestart := flag.Bool("r", false, "Restart previously running containers")
+	bridgeName := flag.String("b", "", "Attach containers to a pre-existing network bridge")
+	pidfile := flag.String("p", "/var/run/docker.pid", "File containing process PID")
 	flag.Parse()
+	if *bridgeName != "" {
+		docker.NetworkBridgeIface = *bridgeName
+	} else {
+		docker.NetworkBridgeIface = docker.DefaultNetworkBridge
+	}
 	if *flDebug {
 		os.Setenv("DEBUG", "1")
 	}
@@ -32,7 +46,7 @@ func main() {
 			flag.Usage()
 			return
 		}
-		if err := daemon(); err != nil {
+		if err := daemon(*pidfile, *flAutoRestart); err != nil {
 			log.Fatal(err)
 		}
 	} else {
@@ -42,8 +56,49 @@ func main() {
 	}
 }

-func daemon() error {
-	service, err := docker.NewServer()
+func createPidFile(pidfile string) error {
+	if pidString, err := ioutil.ReadFile(pidfile); err == nil {
+		pid, err := strconv.Atoi(string(pidString))
+		if err == nil {
+			if _, err := os.Stat(fmt.Sprintf("/proc/%d/", pid)); err == nil {
+				return fmt.Errorf("pid file found, ensure docker is not running or delete %s", pidfile)
+			}
+		}
+	}
+
+	file, err := os.Create(pidfile)
+	if err != nil {
+		return err
+	}
+
+	defer file.Close()
+
+	_, err = fmt.Fprintf(file, "%d", os.Getpid())
+	return err
+}
+
+func removePidFile(pidfile string) {
+	if err := os.Remove(pidfile); err != nil {
+		log.Printf("Error removing %s: %s", pidfile, err)
+	}
+}
+
+func daemon(pidfile string, autoRestart bool) error {
+	if err := createPidFile(pidfile); err != nil {
+		log.Fatal(err)
+	}
+	defer removePidFile(pidfile)
+
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, os.Interrupt, os.Kill, os.Signal(syscall.SIGTERM))
+	go func() {
+		sig := <-c
+		log.Printf("Received signal '%v', exiting\n", sig)
+		removePidFile(pidfile)
+		os.Exit(0)
+	}()
+
+	service, err := docker.NewServer(autoRestart)
 	if err != nil {
 		return err
 	}
@@ -51,29 +106,21 @@ func daemon() error {
 }

 func runCommand(args []string) error {
-	var oldState *term.State
-	var err error
-	if term.IsTerminal(int(os.Stdin.Fd())) && os.Getenv("NORAW") == "" {
-		oldState, err = term.MakeRaw(int(os.Stdin.Fd()))
-		if err != nil {
-			return err
-		}
-		defer term.Restore(int(os.Stdin.Fd()), oldState)
-		c := make(chan os.Signal, 1)
-		signal.Notify(c, os.Interrupt)
-		go func() {
-			for _ = range c {
-				term.Restore(int(os.Stdin.Fd()), oldState)
-				log.Printf("\nSIGINT received\n")
-				os.Exit(0)
-			}
-		}()
-	}
 	// FIXME: we want to use unix sockets here, but net.UnixConn doesn't expose
 	// CloseWrite(), which we need to cleanly signal that stdin is closed without
 	// closing the connection.
 	// See http://code.google.com/p/go/issues/detail?id=3345
 	if conn, err := rcli.Call("tcp", "127.0.0.1:4242", args...); err == nil {
+		options := conn.GetOptions()
+		if options.RawTerminal &&
+			term.IsTerminal(int(os.Stdin.Fd())) &&
+			os.Getenv("NORAW") == "" {
+			if oldState, err := rcli.SetRawTerminal(); err != nil {
+				return err
+			} else {
+				defer rcli.RestoreTerminal(oldState)
+			}
+		}
 		receiveStdout := docker.Go(func() error {
 			_, err := io.Copy(os.Stdout, conn)
 			return err
@@ -94,16 +141,7 @@ func runCommand(args []string) error {
 			}
 		}
 	} else {
-		service, err := docker.NewServer()
-		if err != nil {
-			return err
-		}
-		if err := rcli.LocalCall(service, os.Stdin, os.Stdout, args...); err != nil {
-			return err
-		}
-	}
-	if oldState != nil {
-		term.Restore(int(os.Stdin.Fd()), oldState)
+		return fmt.Errorf("Can't connect to docker daemon. Is 'docker -d' running on this host?")
 	}
 	return nil
 }
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -46,22 +46,24 @@ clean:
 docs:
 	-rm -rf $(BUILDDIR)/*
 	$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/html
-	cp sources/index.html $(BUILDDIR)/html/
-	cp -r sources/gettingstarted $(BUILDDIR)/html/
-	cp sources/dotcloud.yml $(BUILDDIR)/html/
-	cp sources/CNAME $(BUILDDIR)/html/
-	cp sources/.nojekyll $(BUILDDIR)/html/
 	@echo
-	@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
+	@echo "Build finished. The documentation pages are now in $(BUILDDIR)/html."
+
+
+site:
+	cp -r website $(BUILDDIR)/
+	cp -r theme/docker/static/ $(BUILDDIR)/website/
+	@echo
+	@echo "The Website pages are in $(BUILDDIR)/site."

 connect:
-	@echo pushing changes to staging site
-	@cd _build/html/ ; \
-	@dotcloud list ; \
+	@echo connecting dotcloud to www.docker.io website, make sure to use user 1
+	@cd _build/website/ ; \
+	dotcloud list ; \
 	dotcloud connect dockerwebsite

 push:
-	@cd _build/html/ ; \
+	@cd _build/website/ ; \
 	dotcloud push

 github-deploy: docs
--- a/docs/README.md
+++ b/docs/README.md
@@ -15,6 +15,7 @@ Installation

 * Work in your own fork of the code, we accept pull requests.
 * Install sphinx: ``pip install sphinx``
+* Install sphinx httpdomain contrib package ``sphinxcontrib-httpdomain``
 * If pip is not available you can probably install it using your favorite package manager as **python-pip**

 Usage
@@ -39,4 +40,36 @@ Notes
 * The index.html and gettingstarted.html files are copied from the source dir to the output dir without modification.
 So changes to those pages should be made directly in html
 * For the template the css is compiled from less. When changes are needed they can be compiled using
-lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css``
+lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css``
+
+
+Guides on using sphinx
+----------------------
+* To make links to certain pages create a link target like so:
+
+  ```
+    .. _hello_world:
+
+    Hello world
+    ===========
+
+    This is.. (etc.)
+  ```
+
+  The ``_hello_world:`` will make it possible to link to this position (page and marker) from all other pages.
+
+* Notes, warnings and alarms
+
+  ```
+    # a note (use when something is important)
+    .. note::
+
+    # a warning (orange)
+    .. warning::
+
+    # danger (red, use sparsely)
+    .. danger::
+
+* Code examples
+
+  Start without $, so it's easy to copy and paste.
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -0,0 +1,2 @@
+Sphinx==1.1.3
+sphinxcontrib-httpdomain==1.1.8
--- a/docs/sources/.nojekyll
+++ b/docs/sources/.nojekyll
--- a/docs/sources/CNAME
+++ b/docs/sources/CNAME
@@ -1 +0,0 @@
-docker.io
--- a/docs/sources/builder/basics.rst
+++ b/docs/sources/builder/basics.rst
@@ -0,0 +1,130 @@
+==============
+Docker Builder
+==============
+
+.. contents:: Table of Contents
+
+1. Format
+=========
+
+The Docker builder format is quite simple:
+
+    ``instruction arguments``
+
+The first instruction must be `FROM`
+
+All instruction are to be placed in a file named `Dockerfile`
+
+In order to place comments within a Dockerfile, simply prefix the line with "`#`"
+
+2. Instructions
+===============
+
+Docker builder comes with a set of instructions:
+
+1. FROM: Set from what image to build
+2. RUN: Execute a command
+3. INSERT: Insert a remote file (http) into the image
+
+2.1 FROM
+--------
+    ``FROM <image>``
+
+The `FROM` instruction must be the first one in order for Builder to know from where to run commands.
+
+`FROM` can also be used in order to build multiple images within a single Dockerfile
+
+2.2 MAINTAINER
+--------------
+    ``MAINTAINER <name>``
+
+The `MAINTAINER` instruction allow you to set the Author field of the generated images.
+This instruction is never automatically reset.
+
+2.3 RUN
+-------
+    ``RUN <command>``
+
+The `RUN` instruction is the main one, it allows you to execute any commands on the `FROM` image and to save the results.
+You can use as many `RUN` as you want within a Dockerfile, the commands will be executed on the result of the previous command.
+
+
+2.4 CMD
+-------
+    ``CMD <command>``
+
+The `CMD` instruction sets the command to be executed when running the image.
+It is equivalent to do `docker commit -run '{"Cmd": <command>}'` outside the builder.
+
+.. note::
+    Do not confuse `RUN` with `CMD`. `RUN` actually run a command and save the result, `CMD` does not execute anything.
+
+2.5 EXPOSE
+----------
+    ``EXPOSE <port> [<port>...]``
+
+The `EXPOSE` instruction sets ports to be publicly exposed when running the image.
+This is equivalent to do `docker commit -run '{"PortSpecs": ["<port>", "<port2>"]}'` outside the builder.
+
+2.6 ENV
+-------
+    ``ENV <key> <value>``
+
+The `ENV` instruction set as environment variable `<key>` with the value `<value>`. This value will be passed to all future ``RUN`` instructions.
+
+.. note::
+    The environment variables are local to the Dockerfile, they will not be set as autorun.
+
+2.7 INSERT
+----------
+
+    ``INSERT <file url> <path>``
+
+The `INSERT` instruction will download the file at the given url and place it within the image at the given path.
+
+.. note::
+    The path must include the file name.
+
+
+3. Dockerfile Examples
+======================
+
+::
+
+    # Nginx
+    #
+    # VERSION               0.0.1
+    # DOCKER-VERSION        0.2
+    
+    from      ubuntu
+    maintainer Guillaume J. Charmes "guillaume@dotcloud.com"
+    
+    # make sure the package repository is up to date
+    run echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
+    run apt-get update
+    
+    run apt-get install -y inotify-tools nginx apache2 openssh-server
+    insert https://raw.github.com/creack/docker-vps/master/nginx-wrapper.sh /usr/sbin/nginx-wrapper
+
+::
+
+    # Firefox over VNC
+    #
+    # VERSION               0.3
+    # DOCKER-VERSION        0.2
+    
+    from ubuntu
+    # make sure the package repository is up to date
+    run echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
+    run apt-get update
+    
+    # Install vnc, xvfb in order to create a 'fake' display and firefox
+    run apt-get install -y x11vnc xvfb firefox
+    run mkdir /.vnc
+    # Setup a password
+    run x11vnc -storepasswd 1234 ~/.vnc/passwd
+    # Autostart firefox (might not be the best way to do it, but it does the trick)
+    run bash -c 'echo "firefox" >> /.bashrc'
+    
+    expose 5900
+    cmd    ["x11vnc", "-forever", "-usepw", "-create"]
--- a/docs/sources/builder/index.rst
+++ b/docs/sources/builder/index.rst
@@ -0,0 +1,14 @@
+:title: docker documentation
+:description: Documentation for docker builder
+:keywords: docker, builder, dockerfile
+
+
+Builder
+=======
+
+Contents:
+
+.. toctree::
+  :maxdepth: 2
+
+  basics
--- a/docs/sources/commandline/basics.rst
+++ b/docs/sources/commandline/basics.rst
@@ -69,7 +69,8 @@ Expose a service on a TCP port

  # Connect to the public port via the host's public address
  # Please note that because of how routing works connecting to localhost or 127.0.0.1 $PORT will not work.
-  echo hello world | nc $(hostname) $PORT
+  IP=$(ifconfig eth0 | perl -n -e 'if (m/inet addr:([\d\.]+)/g) { print $1 }')
+  echo hello world | nc $IP $PORT

  # Verify that the network connection worked
  echo "Daemon received: $(docker logs $JOB)"
--- a/docs/sources/commandline/cli.rst
+++ b/docs/sources/commandline/cli.rst
@@ -10,312 +10,46 @@ Command Line Interface
 Docker Usage
 ~~~~~~~~~~~~

-::
+To list available commands, either run ``docker`` with no parameters or execute
+``docker help``::

  $ docker
    Usage: docker COMMAND [arg...]

    A self-sufficient runtime for linux containers.

-    Commands:
-        attach    Attach to a running container
-        commit    Create a new image from a container's changes
-        diff      Inspect changes on a container's filesystem
-        export    Stream the contents of a container as a tar archive
-        history   Show the history of an image
-        images    List images
-        import    Create a new filesystem image from the contents of a tarball
-        info      Display system-wide information
-        inspect   Return low-level information on a container
-        kill      Kill a running container
-        login     Register or Login to the docker registry server
-        logs      Fetch the logs of a container
-        port      Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
-        ps        List containers
-        pull      Pull an image or a repository to the docker registry server
-        push      Push an image or a repository to the docker registry server
-        restart   Restart a running container
-        rm        Remove a container
-        rmi       Remove an image
-        run       Run a command in a new container
-        start     Start a stopped container
-        stop      Stop a running container
-        tag       Tag an image into a repository
-        version   Show the docker version information
-        wait      Block until a container stops, then print its exit code
-
-
-attach
-~~~~~~
-
-::
-
-  Usage: docker attach [OPTIONS]
-
-  Attach to a running container
-
-    -e=true: Attach to stderr
-    -i=false: Attach to stdin
-    -o=true: Attach to stdout
-
-
-commit
-~~~~~~
-
-::
-
-  Usage: docker commit [OPTIONS] CONTAINER [DEST]
-
-  Create a new image from a container's changes
-
-  -m="": Commit message
-
-
-diff
-~~~~
-
-::
-
-  Usage: docker diff CONTAINER [OPTIONS]
-
-  Inspect changes on a container's filesystem
-
-
-export
-~~~~~~
-
-::
-
-    Usage: docker export CONTAINER
-
-    Export the contents of a filesystem as a tar archive
-
-
-history
-~~~~~~~
-
-::
-
-    Usage: docker history [OPTIONS] IMAGE
-
-    Show the history of an image
-
-
-images
-~~~~~~
-
-::
-
-  Usage: docker images [OPTIONS] [NAME]
-
-  List images
-
-    -a=false: show all images
-    -q=false: only show numeric IDs
-
-
-import
-~~~~~~
-
-::
-
-    Usage: docker import [OPTIONS] URL|- [REPOSITORY [TAG]]
-
-    Create a new filesystem image from the contents of a tarball
-
-
-info
-~~~~
-
-::
-
-  Usage: docker info
-
-  Display system-wide information.
-
-
-inspect
-~~~~~~~
-
-::
-
-  Usage: docker inspect [OPTIONS] CONTAINER
-
-  Return low-level information on a container
-
-
-kill
-~~~~
-
-::
-
-  Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...]
-
-  Kill a running container
-
-
-login
-~~~~~
-
-::
-
-  Usage: docker login
-
-  Register or Login to the docker registry server
-
-
-logs
-~~~~
-
-::
-
-  Usage: docker logs [OPTIONS] CONTAINER
-
-  Fetch the logs of a container
-
-
-port
-~~~~
-
-::
-
-    Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT
-
-    Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
-
-
-ps
-~~
-
-::
-
-    Usage: docker ps [OPTIONS]
-
-    List containers
-
-      -a=false: Show all containers. Only running containers are shown by default.
-      -notrunc=false: Don't truncate output
-      -q=false: Only display numeric IDs
-
-
-pull
-~~~~
-
-::
-
-    Usage: docker pull NAME
-
-    Pull an image or a repository from the registry
-
-push
-~~~~
-
-::
-
-    Usage: docker push NAME
-
-    Push an image or a repository to the registry
-
-
-restart
-~~~~~~~
-
-::
-
-  Usage: docker restart [OPTIONS] NAME
-
-  Restart a running container
-
-
-rm
-~~
-
-::
-
-  Usage: docker rm [OPTIONS] CONTAINER
-
-  Remove a container
-
-
-rmi
-~~~
-
-::
-
-  Usage: docker rmi [OPTIONS] IMAGE
-
-  Remove an image
-
-    -a=false: Use IMAGE as a path and remove ALL images in this path
-    -r=false: Use IMAGE as a regular expression instead of an exact name
-
-
-run
-~~~
-
-::
-
-  Usage: docker run [OPTIONS] IMAGE COMMAND [ARG...]
-
-  Run a command in a new container
-
-    -c="": Comment
-    -i=false: Keep stdin open even if not attached
-    -m=0: Memory limit (in bytes)
-    -p=[]: Map a network port to the container
-    -t=false: Allocate a pseudo-tty
-    -h="": Container host name
-    -u="": Username or UID
-
-
-start
-~~~~~
-
-::
-
-  Usage: docker start [OPTIONS] NAME
-
-  Start a stopped container
-
-
-stop
-~~~~
-
-::
-
-  Usage: docker stop [OPTIONS] NAME
-
-  Stop a running container
-
-
-tag
-~~~
-
-::
-
-    Usage: docker tag [OPTIONS] IMAGE REPOSITORY [TAG]
-
-    Tag an image into a repository
-
-      -f=false: Force
-
-
-version
-~~~~~~~
-
-::
-
-  Usage: docker version
-
-  Show the docker version information
-
-
-wait
-~~~~
-
-::
-
-  Usage: docker wait [OPTIONS] NAME
-
-  Block until a container stops, then print its exit code.
-
+    ...
+
+Available Commands
+~~~~~~~~~~~~~~~~~~
+
+.. toctree::
+   :maxdepth: 1
+
+   command/attach
+   command/build
+   command/commit
+   command/diff
+   command/export
+   command/history
+   command/images
+   command/import
+   command/info
+   command/inspect
+   command/kill
+   command/login
+   command/logs
+   command/port
+   command/ps
+   command/pull
+   command/push
+   command/restart
+   command/rm
+   command/rmi
+   command/run
+   command/search
+   command/start
+   command/stop
+   command/tag
+   command/version
+   command/wait
--- a/docs/sources/commandline/command/attach.rst
+++ b/docs/sources/commandline/command/attach.rst
@@ -0,0 +1,9 @@
+===========================================
+``attach`` -- Attach to a running container
+===========================================
+
+::
+
+    Usage: docker attach CONTAINER
+
+    Attach to a running container
--- a/docs/sources/commandline/command/build.rst
+++ b/docs/sources/commandline/command/build.rst
@@ -0,0 +1,9 @@
+========================================================
+``build`` -- Build a container from Dockerfile via stdin
+========================================================
+
+::
+
+    Usage: docker build -
+    Example: cat Dockerfile | docker build -
+    Build a new image from the Dockerfile passed via stdin
--- a/docs/sources/commandline/command/commit.rst
+++ b/docs/sources/commandline/command/commit.rst
@@ -0,0 +1,27 @@
+===========================================================
+``commit`` -- Create a new image from a container's changes
+===========================================================
+
+::
+
+    Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY [TAG]]
+
+    Create a new image from a container's changes
+
+      -m="": Commit message
+      -author="": Author (eg. "John Hannibal Smith <hannibal@a-team.com>"
+      -run="": Config automatically applied when the image is run. "+`(ex: {"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')
+
+Full -run example::
+
+    {"Hostname": "",
+     "User": "",
+     "Memory": 0,
+     "MemorySwap": 0,
+     "PortSpecs": ["22", "80", "443"],
+     "Tty": true,
+     "OpenStdin": true,
+     "StdinOnce": true,
+     "Env": ["FOO=BAR", "FOO2=BAR2"],
+     "Cmd": ["cat", "-e", "/etc/resolv.conf"],
+     "Dns": ["8.8.8.8", "8.8.4.4"]}
--- a/docs/sources/commandline/command/diff.rst
+++ b/docs/sources/commandline/command/diff.rst
@@ -0,0 +1,9 @@
+=======================================================
+``diff`` -- Inspect changes on a container's filesystem
+=======================================================
+
+::
+
+    Usage: docker diff CONTAINER [OPTIONS]
+
+    Inspect changes on a container's filesystem
--- a/docs/sources/commandline/command/export.rst
+++ b/docs/sources/commandline/command/export.rst
@@ -0,0 +1,9 @@
+=================================================================
+``export`` -- Stream the contents of a container as a tar archive
+=================================================================
+
+::
+
+    Usage: docker export CONTAINER
+
+    Export the contents of a filesystem as a tar archive
--- a/docs/sources/commandline/command/history.rst
+++ b/docs/sources/commandline/command/history.rst
@@ -0,0 +1,9 @@
+===========================================
+``history`` -- Show the history of an image
+===========================================
+
+::
+
+    Usage: docker history [OPTIONS] IMAGE
+
+    Show the history of an image
--- a/docs/sources/commandline/command/images.rst
+++ b/docs/sources/commandline/command/images.rst
@@ -0,0 +1,22 @@
+=========================
+``images`` -- List images
+=========================
+
+::
+
+    Usage: docker images [OPTIONS] [NAME]
+
+    List images
+
+      -a=false: show all images
+      -q=false: only show numeric IDs
+      -viz=false: output in graphviz format
+
+Displaying images visually
+--------------------------
+
+::
+
+    docker images -viz | dot -Tpng -o docker.png
+
+.. image:: images/docker_images.gif
--- a/docs/sources/commandline/command/images/docker_images.gif
+++ b/docs/sources/commandline/command/images/docker_images.gif
--- a/docs/sources/commandline/command/import.rst
+++ b/docs/sources/commandline/command/import.rst
@@ -0,0 +1,9 @@
+==========================================================================
+``import`` -- Create a new filesystem image from the contents of a tarball
+==========================================================================
+
+::
+
+    Usage: docker import [OPTIONS] URL|- [REPOSITORY [TAG]]
+
+    Create a new filesystem image from the contents of a tarball
--- a/docs/sources/commandline/command/info.rst
+++ b/docs/sources/commandline/command/info.rst
@@ -0,0 +1,9 @@
+===========================================
+``info`` -- Display system-wide information
+===========================================
+
+::
+
+    Usage: docker info
+
+    Display system-wide information.
--- a/docs/sources/commandline/command/inspect.rst
+++ b/docs/sources/commandline/command/inspect.rst
@@ -0,0 +1,9 @@
+==========================================================
+``inspect`` -- Return low-level information on a container
+==========================================================
+
+::
+
+    Usage: docker inspect [OPTIONS] CONTAINER
+
+    Return low-level information on a container
--- a/docs/sources/commandline/command/kill.rst
+++ b/docs/sources/commandline/command/kill.rst
@@ -0,0 +1,9 @@
+====================================
+``kill`` -- Kill a running container
+====================================
+
+::
+
+    Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...]
+
+    Kill a running container
--- a/docs/sources/commandline/command/login.rst
+++ b/docs/sources/commandline/command/login.rst
@@ -0,0 +1,9 @@
+============================================================
+``login`` -- Register or Login to the docker registry server
+============================================================
+
+::
+
+    Usage: docker login
+
+    Register or Login to the docker registry server
--- a/docs/sources/commandline/command/logs.rst
+++ b/docs/sources/commandline/command/logs.rst
@@ -0,0 +1,9 @@
+=========================================
+``logs`` -- Fetch the logs of a container
+=========================================
+
+::
+
+    Usage: docker logs [OPTIONS] CONTAINER
+
+    Fetch the logs of a container
--- a/docs/sources/commandline/command/port.rst
+++ b/docs/sources/commandline/command/port.rst
@@ -0,0 +1,9 @@
+=========================================================================
+``port`` -- Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
+=========================================================================
+
+::
+
+    Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT
+
+    Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
--- a/docs/sources/commandline/command/ps.rst
+++ b/docs/sources/commandline/command/ps.rst
@@ -0,0 +1,13 @@
+=========================
+``ps`` -- List containers
+=========================
+
+::
+
+    Usage: docker ps [OPTIONS]
+
+    List containers
+
+      -a=false: Show all containers. Only running containers are shown by default.
+      -notrunc=false: Don't truncate output
+      -q=false: Only display numeric IDs
--- a/docs/sources/commandline/command/pull.rst
+++ b/docs/sources/commandline/command/pull.rst
@@ -0,0 +1,9 @@
+=========================================================================
+``pull`` -- Pull an image or a repository from the docker registry server
+=========================================================================
+
+::
+
+    Usage: docker pull NAME
+
+    Pull an image or a repository from the registry
--- a/docs/sources/commandline/command/push.rst
+++ b/docs/sources/commandline/command/push.rst
@@ -0,0 +1,9 @@
+=======================================================================
+``push`` -- Push an image or a repository to the docker registry server
+=======================================================================
+
+::
+
+    Usage: docker push NAME
+
+    Push an image or a repository to the registry
--- a/docs/sources/commandline/command/restart.rst
+++ b/docs/sources/commandline/command/restart.rst
@@ -0,0 +1,9 @@
+==========================================
+``restart`` -- Restart a running container
+==========================================
+
+::
+
+    Usage: docker restart [OPTIONS] NAME
+
+    Restart a running container
--- a/docs/sources/commandline/command/rm.rst
+++ b/docs/sources/commandline/command/rm.rst
@@ -0,0 +1,9 @@
+============================
+``rm`` -- Remove a container
+============================
+
+::
+
+    Usage: docker rm [OPTIONS] CONTAINER
+
+    Remove a container
--- a/docs/sources/commandline/command/rmi.rst
+++ b/docs/sources/commandline/command/rmi.rst
@@ -0,0 +1,9 @@
+==========================
+``rmi`` -- Remove an image
+==========================
+
+::
+
+    Usage: docker rmimage [OPTIONS] IMAGE
+
+    Remove an image
--- a/docs/sources/commandline/command/run.rst
+++ b/docs/sources/commandline/command/run.rst
@@ -0,0 +1,22 @@
+===========================================
+``run`` -- Run a command in a new container
+===========================================
+
+::
+
+    Usage: docker run [OPTIONS] IMAGE COMMAND [ARG...]
+
+    Run a command in a new container
+
+      -a=map[]: Attach to stdin, stdout or stderr.
+      -d=false: Detached mode: leave the container running in the background
+      -e=[]: Set environment variables
+      -h="": Container host name
+      -i=false: Keep stdin open even if not attached
+      -m=0: Memory limit (in bytes)
+      -p=[]: Map a network port to the container
+      -t=false: Allocate a pseudo-tty
+      -u="": Username or UID
+      -d=[]: Set custom dns servers for the container
+      -v=[]: Creates a new volumes and mount it at the specified path.
+      -volumes-from="": Mount all volumes from the given container.
--- a/docs/sources/commandline/command/search.rst
+++ b/docs/sources/commandline/command/search.rst
@@ -0,0 +1,10 @@
+===================================================================
+``search`` -- Search for an image in the docker index
+===================================================================
+
+::
+
+    Usage: docker search TERM
+
+    Searches for the TERM parameter on the Docker index and prints out a list of repositories
+    that match.
--- a/docs/sources/commandline/command/start.rst
+++ b/docs/sources/commandline/command/start.rst
@@ -0,0 +1,9 @@
+======================================
+``start`` -- Start a stopped container
+======================================
+
+::
+
+    Usage: docker start [OPTIONS] NAME
+
+    Start a stopped container
--- a/docs/sources/commandline/command/stop.rst
+++ b/docs/sources/commandline/command/stop.rst
@@ -0,0 +1,9 @@
+====================================
+``stop`` -- Stop a running container
+====================================
+
+::
+
+    Usage: docker stop [OPTIONS] NAME
+
+    Stop a running container
--- a/docs/sources/commandline/command/tag.rst
+++ b/docs/sources/commandline/command/tag.rst
@@ -0,0 +1,11 @@
+=========================================
+``tag`` -- Tag an image into a repository
+=========================================
+
+::
+
+    Usage: docker tag [OPTIONS] IMAGE REPOSITORY [TAG]
+
+    Tag an image into a repository
+
+      -f=false: Force
--- a/docs/sources/commandline/command/version.rst
+++ b/docs/sources/commandline/command/version.rst
@@ -0,0 +1,3 @@
+==================================================
+``version`` -- Show the docker version information
+==================================================
--- a/docs/sources/commandline/command/wait.rst
+++ b/docs/sources/commandline/command/wait.rst
@@ -0,0 +1,9 @@
+===================================================================
+``wait`` -- Block until a container stops, then print its exit code
+===================================================================
+
+::
+
+    Usage: docker wait [OPTIONS] NAME
+
+    Block until a container stops, then print its exit code.
--- a/docs/sources/commandline/index.rst
+++ b/docs/sources/commandline/index.rst
@@ -9,7 +9,7 @@ Commands
 Contents:

 .. toctree::
-  :maxdepth: 2
+  :maxdepth: 3

  basics
  workingwithrepository
--- a/docs/sources/concepts/buildingblocks.rst
+++ b/docs/sources/concepts/buildingblocks.rst
@@ -10,9 +10,9 @@ Building blocks

 Images
 ------
-An original container image. These are stored on disk and are comparable with what you normally expect from a stoppped virtual machine image. Images are stored (and retrieved from) repository
+An original container image. These are stored on disk and are comparable with what you normally expect from a stopped virtual machine image. Images are stored (and retrieved from) repository

-Images are stored on your local file system under /var/lib/docker/images
+Images are stored on your local file system under /var/lib/docker/graph


 .. _containers:
--- a/docs/sources/concepts/containers.rst
+++ b/docs/sources/concepts/containers.rst
@@ -5,124 +5,4 @@

 :note: This version of the introduction is temporary, just to make sure we don't break the links from the website when the documentation is updated

-
-Introduction
-============
-
-Docker - The Linux container runtime
------------------------------------
-
-Docker complements LXC with a high-level API which operates at the process level. It runs unix processes with strong guarantees of isolation and repeatability across servers.
-
-Docker is a great building block for automating distributed systems: large-scale web deployments, database clusters, continuous deployment systems, private PaaS, service-oriented architectures, etc.
-
-
- **Heterogeneous payloads** Any combination of binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, you name it. No more juggling between domain-specific tools. Docker can deploy and run them all.
- **Any server** Docker can run on any x64 machine with a modern linux kernel - whether it's a laptop, a bare metal server or a VM. This makes it perfect for multi-cloud deployments.
- **Isolation** docker isolates processes from each other and from the underlying host, using lightweight containers.
- **Repeatability** Because containers are isolated in their own filesystem, they behave the same regardless of where, when, and alongside what they run.
-
-
-
-What is a Standard Container?
-----------------------------
-
-Docker defines a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in
-a format that is self-describing and portable, so that any compliant runtime can run it without extra dependency, regardless of the underlying machine and the contents of the container.
-
-The spec for Standard Containers is currently work in progress, but it is very straightforward. It mostly defines 1) an image format, 2) a set of standard operations, and 3) an execution environment.
-
-A great analogy for this is the shipping container. Just like Standard Containers are a fundamental unit of software delivery, shipping containers (http://bricks.argz.com/ins/7823-1/12) are a fundamental unit of physical delivery.
-
-Standard operations
-~~~~~~~~~~~~~~~~~~~
-
-Just like shipping containers, Standard Containers define a set of STANDARD OPERATIONS. Shipping containers can be lifted, stacked, locked, loaded, unloaded and labelled. Similarly, standard containers can be started, stopped, copied, snapshotted, downloaded, uploaded and tagged.
-
-
-Content-agnostic
-~~~~~~~~~~~~~~~~~~~
-
-Just like shipping containers, Standard Containers are CONTENT-AGNOSTIC: all standard operations have the same effect regardless of the contents. A shipping container will be stacked in exactly the same way whether it contains Vietnamese powder coffee or spare Maserati parts. Similarly, Standard Containers are started or uploaded in the same way whether they contain a postgres database, a php application with its dependencies and application server, or Java build artifacts.
-
-
-Infrastructure-agnostic
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be transported to thousands of facilities around the world, and manipulated by a wide variety of equipment. A shipping container can be packed in a factory in Ukraine, transported by truck to the nearest routing center, stacked onto a train, loaded into a German boat by an Australian-built crane, stored in a warehouse at a US facility, etc. Similarly, a standard container can be bundled on my laptop, uploaded to S3, downloaded, run and snapshotted by a build server at Equinix in Virginia, uploaded to 10 staging servers in a home-made Openstack cluster, then sent to 30 production instances across 3 EC2 regions.
-
-
-Designed for automation
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Because they offer the same standard operations regardless of content and infrastructure, Standard Containers, just like their physical counterpart, are extremely well-suited for automation. In fact, you could say automation is their secret weapon.
-
-Many things that once required time-consuming and error-prone human effort can now be programmed. Before shipping containers, a bag of powder coffee was hauled, dragged, dropped, rolled and stacked by 10 different people in 10 different locations by the time it reached its destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The process was slow, inefficient and cost a fortune - and was entirely different depending on the facility and the type of goods.
-
-Similarly, before Standard Containers, by the time a software component ran in production, it had been individually built, configured, bundled, documented, patched, vendored, templated, tweaked and instrumented by 10 different people on 10 different computers. Builds failed, libraries conflicted, mirrors crashed, post-it notes were lost, logs were misplaced, cluster updates were half-broken. The process was slow, inefficient and cost a fortune - and was entirely different depending on the language and infrastructure provider.
-
-
-Industrial-grade delivery
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-There are 17 million shipping containers in existence, packed with every physical good imaginable. Every single one of them can be loaded on the same boats, by the same cranes, in the same facilities, and sent anywhere in the World with incredible efficiency. It is embarrassing to think that a 30 ton shipment of coffee can safely travel half-way across the World in *less time* than it takes a software team to deliver its code from one datacenter to another sitting 10 miles away.
-
-With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.
-
-
-Standard Container Specification
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-(TODO)
-
-Image format
-~~~~~~~~~~~~
-
-Standard operations
-~~~~~~~~~~~~~~~~~~~
-
-  Copy
-  Run
-  Stop
-  Wait
-  Commit
-  Attach standard streams
-  List filesystem changes
-  ...
-
-Execution environment
-~~~~~~~~~~~~~~~~~~~~~
-
-Root filesystem
-^^^^^^^^^^^^^^^
-
-Environment variables
-^^^^^^^^^^^^^^^^^^^^^
-
-Process arguments
-^^^^^^^^^^^^^^^^^
-
-Networking
-^^^^^^^^^^
-
-Process namespacing
-^^^^^^^^^^^^^^^^^^^
-
-Resource limits
-^^^^^^^^^^^^^^^
-
-Process monitoring
-^^^^^^^^^^^^^^^^^^
-
-Logging
-^^^^^^^
-
-Signals
-^^^^^^^
-
-Pseudo-terminal allocation
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Security
-^^^^^^^^
-
+This document has been moved to  :ref:`introduction`, please update your bookmarks.
--- a/docs/sources/concepts/introduction.rst
+++ b/docs/sources/concepts/introduction.rst
@@ -2,7 +2,7 @@
 :description: An introduction to docker and standard containers?
 :keywords: containers, lxc, concepts, explanation

-
+.. _introduction:

 Introduction
 ============
--- a/docs/sources/conf.py
+++ b/docs/sources/conf.py
@@ -25,7 +25,7 @@ import sys, os

 # Add any Sphinx extension module names here, as strings. They can be extensions
 # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
-extensions = []
+extensions = ['sphinxcontrib.httpdomain']

 # Add any paths that contain templates here, relative to this directory.
 templates_path = ['_templates']
--- a/docs/sources/examples/couchdb_data_volumes.rst
+++ b/docs/sources/examples/couchdb_data_volumes.rst
@@ -0,0 +1,53 @@
+:title: Sharing data between 2 couchdb databases
+:description: Sharing data between 2 couchdb databases
+:keywords: docker, example, package installation, networking, couchdb, data volumes
+
+.. _running_couchdb_service:
+
+Create a CouchDB service
+======================
+
+.. include:: example_header.inc
+
+Here's an example of using data volumes to share the same data between 2 couchdb containers.
+This could be used for hot upgrades, testing different versions of couchdb on the same data, etc.
+
+Create first database
+---------------------
+
+Note that we're marking /var/lib/couchdb as a data volume.
+
+.. code-block:: bash
+
+    COUCH1=$(docker run -d -v /var/lib/couchdb shykes/couchdb:2013-05-03)
+
+Add data to the first database
+------------------------------
+
+We're assuming your docker host is reachable at `localhost`. If not, replace `localhost` with the public IP of your docker host.
+
+.. code-block:: bash
+
+    HOST=localhost
+    URL="http://$HOST:$(docker port $COUCH1 5984)/_utils/"
+    echo "Navigate to $URL in your browser, and use the couch interface to add data"
+
+Create second database
+----------------------
+
+This time, we're requesting shared access to $COUCH1's volumes.
+
+.. code-block:: bash
+
+    COUCH2=$(docker run -d -volumes-from $COUCH1) shykes/couchdb:2013-05-03)
+
+Browse data on the second database
+----------------------------------
+
+.. code-block:: bash
+
+    HOST=localhost
+    URL="http://$HOST:$(docker port $COUCH2 5984)/_utils/"
+    echo "Navigate to $URL in your browser. You should see the same data as in the first database!"
+
+Congratulations, you are running 2 Couchdb containers, completely isolated from each other *except* for their data.
--- a/docs/sources/examples/example_header.inc
+++ b/docs/sources/examples/example_header.inc
@@ -0,0 +1,4 @@
+
+.. note::
+    
+    This example assumes you have Docker running in daemon mode. For more information please see :ref:`running_examples`
--- a/docs/sources/examples/hello_world.rst
+++ b/docs/sources/examples/hello_world.rst
@@ -6,8 +6,10 @@

 Hello World
 ===========
-This is the most basic example available for using Docker. The example assumes you have Docker installed.

+.. include:: example_header.inc
+
+This is the most basic example available for using Docker.

 Download the base container

--- a/docs/sources/examples/hello_world_daemon.rst
+++ b/docs/sources/examples/hello_world_daemon.rst
@@ -6,6 +6,9 @@

 Hello World Daemon
 ==================
+
+.. include:: example_header.inc
+
 The most boring daemon ever written.

 This example assumes you have Docker installed and with the base image already imported ``docker pull base``.
@@ -18,7 +21,7 @@ out every second. It will continue to do this until we stop it.

    CONTAINER_ID=$(docker run -d base /bin/sh -c "while true; do echo hello world; sleep 1; done")

-We are going to run a simple hello world daemon in a new container made from the busybox daemon.
+We are going to run a simple hello world daemon in a new container made from the base image.

 - **"docker run -d "** run a command in a new container. We pass "-d" so it runs as a daemon.
 - **"base"** is the image we want to run the command inside of.
--- a/docs/sources/examples/index.rst
+++ b/docs/sources/examples/index.rst
@@ -12,7 +12,10 @@ Contents:
 .. toctree::
   :maxdepth: 1

+   running_examples
   hello_world
   hello_world_daemon
   python_web_app
-   runningsshservice
+   running_redis_service
+   running_ssh_service
+   couchdb_data_volumes
--- a/docs/sources/examples/python_web_app.rst
+++ b/docs/sources/examples/python_web_app.rst
@@ -6,6 +6,9 @@

 Building a python web app
 =========================
+
+.. include:: example_header.inc
+
 The goal of this example is to show you how you can author your own docker images using a parent image, making changes to it, and then saving the results as a new image. We will do that by making a simple hello flask web application image.

 **Steps:**
@@ -45,6 +48,11 @@ Save the changed we just made in the container to a new image called "_/builds/g

    WEB_WORKER=$(docker run -d -p 5000 $BUILD_IMG /usr/local/bin/runapp)

+- **"docker run -d "** run a command in a new container. We pass "-d" so it runs as a daemon.
+- **"-p 5000"** the web app is going to listen on this port, so it must be mapped from the container to the host system.
+- **"$BUILD_IMG"** is the image we want to run the command inside of.
+- **/usr/local/bin/runapp** is the command which starts the web app.
+
 Use the new image we just created and create a new container with network port 5000, and return the container id and store in the WEB_WORKER variable.

 .. code-block:: bash
@@ -54,6 +62,18 @@ Use the new image we just created and create a new container with network port 5

 view the logs for the new container using the WEB_WORKER variable, and if everything worked as planned you should see the line "Running on http://0.0.0.0:5000/" in the log output.

+.. code-block:: bash
+
+    WEB_PORT=$(docker port $WEB_WORKER 5000)
+
+lookup the public-facing port which is NAT-ed store the private port used by the container and store it inside of the WEB_PORT variable.
+
+.. code-block:: bash
+
+    curl http://`hostname`:$WEB_PORT
+      Hello world!
+
+access the web app using curl. If everything worked as planned you should see the line "Hello world!" inside of your console.

 **Video:**

@@ -65,6 +85,4 @@ See the example in action
      <iframe width="720" height="350" src="http://ascii.io/a/2573/raw" frameborder="0"></iframe>
    </div>

-Continue to the `base commands`_
-
-.. _base commands: ../commandline/basecommands.html
+Continue to :ref:`running_ssh_service`.
--- a/docs/sources/examples/running_examples.rst
+++ b/docs/sources/examples/running_examples.rst
@@ -0,0 +1,22 @@
+:title: Running the Examples
+:description: An overview on how to run the docker examples
+:keywords: docker, examples, how to
+
+.. _running_examples:
+
+Running The Examples
+--------------------
+
+All the examples assume your machine is running the docker daemon. To run the docker daemon in the background, simply type:
+
+   .. code-block:: bash
+
+      sudo docker -d &
+
+Now you can run docker in client mode: all commands will be forwarded to the docker daemon, so the client
+can run from any account.
+
+   .. code-block:: bash
+
+      # now you can run docker commands from any account.
+      docker help
--- a/docs/sources/examples/running_redis_service.rst
+++ b/docs/sources/examples/running_redis_service.rst
@@ -0,0 +1,81 @@
+:title: Running a Redis service
+:description: Installing and running an redis service
+:keywords: docker, example, package installation, networking, redis
+
+.. _running_redis_service:
+
+Create a redis service
+======================
+
+.. include:: example_header.inc
+
+Very simple, no frills, redis service.
+
+Open a docker container
+-----------------------
+
+.. code-block:: bash
+
+    docker run -i -t base /bin/bash
+
+Building your image
+-------------------
+
+Update your docker container, install the redis server.  Once installed, exit out of docker.
+
+.. code-block:: bash
+
+    apt-get update
+    apt-get install redis-server
+    exit
+
+Snapshot the installation
+-------------------------
+
+.. code-block:: bash
+
+    docker ps -a  # grab the container id (this will be the last one in the list)
+    docker commit <container_id> <your username>/redis
+
+Run the service
+---------------
+
+Running the service with `-d` runs the container in detached mode, leaving the
+container running in the background. Use your snapshot.
+
+.. code-block:: bash
+
+    docker run -d -p 6379 <your username>/redis /usr/bin/redis-server
+
+Test 1
++++++
+
+Connect to the container with the redis-cli.
+
+.. code-block:: bash
+
+    docker ps  # grab the new container id
+    docker inspect <container_id>    # grab the ipaddress of the container
+    redis-cli -h <ipaddress> -p 6379
+    redis 10.0.3.32:6379> set docker awesome
+    OK
+    redis 10.0.3.32:6379> get docker
+    "awesome"
+    redis 10.0.3.32:6379> exit
+
+Test 2
++++++
+
+Connect to the host os with the redis-cli.
+
+.. code-block:: bash
+
+    docker ps  # grab the new container id
+    docker port <container_id> 6379  # grab the external port
+    ifconfig   # grab the host ip address
+    redis-cli -h <host ipaddress> -p <external port>
+    redis 192.168.0.1:49153> set docker awesome
+    OK
+    redis 192.168.0.1:49153> get docker
+    "awesome"
+    redis 192.168.0.1:49153> exit
--- a/docs/sources/examples/running_ssh_service.rst
+++ b/docs/sources/examples/running_ssh_service.rst
@@ -1,8 +1,13 @@
+:title: Running an SSH service
+:description: A screencast of installing and running an sshd service
+:keywords: docker, example, package installation, networking
+
+.. _running_ssh_service:

 Create an ssh daemon service
 ============================

-
+.. include:: example_header.inc


 **Video:**
--- a/docs/sources/index.rst
+++ b/docs/sources/index.rst
@@ -15,7 +15,10 @@ This documentation has the following resources:
   examples/index
   contributing/index
   commandline/index
+   registry/index
+   index/index
+   builder/index
   faq


-.. image:: http://www.docker.io/_static/lego_docker.jpg
+.. image:: http://www.docker.io/_static/lego_docker.jpg
--- a/docs/sources/index/index.rst
+++ b/docs/sources/index/index.rst
@@ -0,0 +1,15 @@
+:title: Docker Index documentation
+:description: Documentation for docker Index
+:keywords: docker, index, api
+
+
+
+Index
+=====
+
+Contents:
+
+.. toctree::
+   :maxdepth: 2
+
+   search
--- a/docs/sources/index/search.rst
+++ b/docs/sources/index/search.rst
@@ -0,0 +1,38 @@
+=======================
+Docker Index Search API
+=======================
+
+Search
+------
+
+.. http:get:: /v1/search
+
+   Search the Index given a search term. It accepts :http:method:`get` only.
+
+   **Example request**:
+
+   .. sourcecode:: http
+
+      GET /v1/search?q=search_term HTTP/1.1
+      Host: example.com
+      Accept: application/json
+
+   **Example response**:
+
+   .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Vary: Accept
+      Content-Type: application/json
+
+      {"query":"search_term",
+        "num_results": 2,
+        "results" : [
+           {"name": "dotcloud/base", "description": "A base ubuntu64  image..."},
+           {"name": "base2", "description": "A base ubuntu64  image..."},
+         ]
+       }
+   
+   :query q: what you want to search for
+   :statuscode 200: no error
+   :statuscode 500: server error
--- a/docs/sources/installation/amazon.rst
+++ b/docs/sources/installation/amazon.rst
@@ -1,8 +1,9 @@
 Amazon EC2
 ==========

-    Please note this is a community contributed installation path. The only 'official' installation is using the :ref:`ubuntu_linux` installation path. This version
-    may be out of date because it depends on some binaries to be updated and published
+  Please note this is a community contributed installation path. The only 'official' installation is using the
+  :ref:`ubuntu_linux` installation path. This version may sometimes be out of date.
+

 Installation
 ------------
@@ -17,7 +18,7 @@ Docker can now be installed on Amazon EC2 with a single vagrant command. Vagrant
       vagrant plugin install vagrant-aws


-3. Get the docker sources, this will give you the latest Vagrantfile and puppet manifests.
+3. Get the docker sources, this will give you the latest Vagrantfile.

   ::

--- a/docs/sources/installation/archlinux.rst
+++ b/docs/sources/installation/archlinux.rst
@@ -0,0 +1,65 @@
+.. _arch_linux:
+
+Arch Linux
+==========
+
+  Please note this is a community contributed installation path. The only 'official' installation is using the
+  :ref:`ubuntu_linux` installation path. This version may sometimes be out of date.
+
+
+Installing on Arch Linux is not officially supported but can be handled via 
+either of the following AUR packages:
+
+* `lxc-docker <https://aur.archlinux.org/packages/lxc-docker/>`_
+* `lxc-docker-git <https://aur.archlinux.org/packages/lxc-docker-git/>`_
+
+The lxc-docker package will install the latest tagged version of docker. 
+The lxc-docker-git package will build from the current master branch.
+
+Dependencies
+------------
+
+Docker depends on several packages which are specified as dependencies in
+either AUR package.
+
+* aufs3
+* bridge-utils
+* go
+* iproute2
+* linux-aufs_friendly
+* lxc
+
+Installation
+------------
+
+The instructions here assume **yaourt** is installed.  See 
+`Arch User Repository <https://wiki.archlinux.org/index.php/Arch_User_Repository#Installing_packages>`_
+for information on building and installing packages from the AUR if you have not
+done so before.
+
+Keep in mind that if **linux-aufs_friendly** is not already installed that a
+new kernel will be compiled and this can take quite a while.
+
+::
+
+    yaourt -S lxc-docker-git
+
+
+Starting Docker
+---------------
+
+Prior to starting docker modify your bootloader to use the 
+**linux-aufs_friendly** kernel and reboot your system.
+
+There is a systemd service unit created for docker.  To start the docker service:
+
+::
+
+    sudo systemctl start docker
+
+
+To start on system boot:
+
+::
+
+    sudo systemctl enable docker
--- a/docs/sources/installation/binaries.rst
+++ b/docs/sources/installation/binaries.rst
@@ -0,0 +1,53 @@
+.. _binaries:
+
+Binaries
+========
+
+  **Please note this project is currently under heavy development. It should not be used in production.**
+
+
+Right now, the officially supported distributions are:
+
+- Ubuntu 12.04 (precise LTS) (64-bit)
+- Ubuntu 12.10 (quantal) (64-bit)
+
+
+Install dependencies:
+---------------------
+
+::
+
+    sudo apt-get install lxc bsdtar
+    sudo apt-get install linux-image-extra-`uname -r`
+
+The linux-image-extra package is needed on standard Ubuntu EC2 AMIs in order to install the aufs kernel module.
+
+Install the docker binary:
+
+::
+
+    wget http://get.docker.io/builds/Linux/x86_64/docker-latest.tgz
+    tar -xf docker-latest.tgz
+    sudo cp ./docker-latest/docker /usr/local/bin
+
+Note: docker currently only supports 64-bit Linux hosts.
+
+
+Run the docker daemon
+---------------------
+
+::
+
+    sudo docker -d &
+
+
+Run your first container!
+-------------------------
+
+::
+
+    docker run -i -t ubuntu /bin/bash
+
+
+
+Continue with the :ref:`hello_world` example.
--- a/docs/sources/installation/index.rst
+++ b/docs/sources/installation/index.rst
@@ -13,7 +13,9 @@ Contents:
   :maxdepth: 1

   ubuntulinux
-   macos
+   binaries
+   archlinux
+   vagrant
   windows
   amazon
   upgrading
--- a/docs/sources/installation/macos.rst
+++ b/docs/sources/installation/macos.rst
@@ -1,66 +0,0 @@
-
-Mac OS X and other linux
-========================
-
-  Please note this is a community contributed installation path. The only 'official' installation is using the :ref:`ubuntu_linux` installation path. This version
-  may be out of date because it depends on some binaries to be updated and published
-
-
-Requirements
------------
-
-We currently rely on some Ubuntu-linux specific packages, this will change in the future, but for now we provide a
-streamlined path to install Virtualbox with a Ubuntu 12.10 image using Vagrant.
-
-1. Install virtualbox from https://www.virtualbox.org/ (or use your package manager)
-2. Install vagrant from http://www.vagrantup.com/ (or use your package manager)
-3. Install git if you had not installed it before, check if it is installed by running
-   ``git`` in a terminal window
-
-We recommend having at least about 2Gb of free disk space and 2Gb RAM (or more).
-
-Installation
------------
-
-1. Fetch the docker sources
-
-.. code-block:: bash
-
-   git clone https://github.com/dotcloud/docker.git
-
-2. Run vagrant from the sources directory
-
-.. code-block:: bash
-
-    vagrant up
-
-Vagrant will:
-
-* Download the Quantal64 base ubuntu virtual machine image from get.docker.io/
-* Boot this image in virtualbox
-
-Then it will use Puppet to perform an initial setup in this machine:
-
-* Download & untar the most recent docker binary tarball to vagrant homedir.
-* Debootstrap to /var/lib/docker/images/ubuntu.
-* Install & run dockerd as service.
-* Put docker in /usr/local/bin.
-* Put latest Go toolchain in /usr/local/go.
-
-You now have a Ubuntu Virtual Machine running with docker pre-installed.
-
-To access the VM and use Docker, Run ``vagrant ssh`` from the same directory as where you ran
-``vagrant up``. Vagrant will make sure to connect you to the correct VM.
-
-.. code-block:: bash
-
-    vagrant ssh
-
-Now you are in the VM, run docker
-
-.. code-block:: bash
-
-    docker
-
-
-Continue with the :ref:`hello_world` example.
--- a/docs/sources/installation/ubuntulinux.rst
+++ b/docs/sources/installation/ubuntulinux.rst
@@ -6,51 +6,56 @@ Ubuntu Linux
  **Please note this project is currently under heavy development. It should not be used in production.**


-
-Installing on Ubuntu 12.04 and 12.10
-
 Right now, the officially supported distributions are:

-Ubuntu 12.04 (precise LTS)
-Ubuntu 12.10 (quantal)
-Docker probably works on other distributions featuring a recent kernel, the AUFS patch, and up-to-date lxc. However this has not been tested.
+- Ubuntu 12.04 (precise LTS) (64-bit)
+- Ubuntu 12.10 (quantal) (64-bit)

-Install dependencies:
---------------------
+Dependencies
+------------

-::
+The linux-image-extra package is only needed on standard Ubuntu EC2 AMIs in order to install the aufs kernel module.

-    sudo apt-get install lxc wget bsdtar curl
-    sudo apt-get install linux-image-extra-`uname -r`
+.. code-block:: bash

-The linux-image-extra package is needed on standard Ubuntu EC2 AMIs in order to install the aufs kernel module.
-
-Install the latest docker binary:
-
-::
-
-    wget http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-master.tgz
-    tar -xf docker-master.tgz
-
-Run your first container!
-
-::
-
-    cd docker-master
-
-::
-
-    sudo ./docker run -i -t base /bin/bash
+   sudo apt-get install linux-image-extra-`uname -r` lxc bsdtar


-To run docker as a daemon, in the background, and allow non-root users to run ``docker`` start
-docker -d
+Installation
+------------

-::
-
-    sudo ./docker -d &
+Docker is available as a Ubuntu PPA (Personal Package Archive),
+`hosted on launchpad  <https://launchpad.net/~dotcloud/+archive/lxc-docker>`_
+which makes installing Docker on Ubuntu very easy.


-Consider adding docker to your PATH for simplicity.

-Continue with the :ref:`hello_world` example.
+Add the custom package sources to your apt sources list. Copy and paste the following lines at once.
+
+.. code-block:: bash
+
+   sudo sh -c "echo 'deb http://ppa.launchpad.net/dotcloud/lxc-docker/ubuntu precise main' >> /etc/apt/sources.list"
+
+
+Update your sources. You will see a warning that GPG signatures cannot be verified.
+
+.. code-block:: bash
+
+   sudo apt-get update
+
+
+Now install it, you will see another warning that the package cannot be authenticated. Confirm install.
+
+.. code-block:: bash
+
+    curl get.docker.io | sudo sh -x
+
+
+Verify it worked
+
+.. code-block:: bash
+
+   docker
+
+
+**Done!**, now continue with the :ref:`hello_world` example.
--- a/docs/sources/installation/upgrading.rst
+++ b/docs/sources/installation/upgrading.rst
@@ -3,14 +3,15 @@
 Upgrading
 ============

-   We assume you are upgrading from within the operating system which runs your docker daemon.
+These instructions are for upgrading your Docker binary for when you had a custom (non package manager) installation.
+If you istalled docker using apt-get, use that to upgrade.


 Get the latest docker binary:

 ::

-  wget http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-master.tgz
+  wget http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-latest.tgz



@@ -18,7 +19,7 @@ Unpack it to your current dir

 ::

-   tar -xf docker-master.tgz
+   tar -xf docker-latest.tgz


 Stop your current daemon. How you stop your daemon depends on how you started it.
@@ -37,4 +38,4 @@ Now start the daemon
   sudo ./docker -d &


-Alternatively you can replace the docker binary in ``/usr/local/bin``
+Alternatively you can replace the docker binary in ``/usr/local/bin``
--- a/docs/sources/installation/vagrant.rst
+++ b/docs/sources/installation/vagrant.rst
@@ -0,0 +1,70 @@
+
+.. _install_using_vagrant:
+
+Using Vagrant
+=============
+
+  Please note this is a community contributed installation path. The only 'official' installation is using the
+  :ref:`ubuntu_linux` installation path. This version may sometimes be out of date.
+
+**Requirements:**
+This guide will setup a new virtual machine with docker installed on your computer. This works on most operating
+systems, including MacOX, Windows, Linux, FreeBSD and others. If you can install these and have at least 400Mb RAM
+to spare you should be good.
+
+
+Install Vagrant and Virtualbox
+------------------------------
+
+1. Install virtualbox from https://www.virtualbox.org/ (or use your package manager)
+2. Install vagrant from http://www.vagrantup.com/ (or use your package manager)
+3. Install git if you had not installed it before, check if it is installed by running
+   ``git`` in a terminal window
+
+
+Spin it up
+----------
+
+1. Fetch the docker sources (this includes the Vagrantfile for machine setup).
+
+   .. code-block:: bash
+
+      git clone https://github.com/dotcloud/docker.git
+
+2. Run vagrant from the sources directory
+
+   .. code-block:: bash
+
+      vagrant up
+
+   Vagrant will:
+
+   * Download the 'official' Precise64 base ubuntu virtual machine image from vagrantup.com
+   * Boot this image in virtualbox
+   * Add the `Docker PPA sources <https://launchpad.net/~dotcloud/+archive/lxc-docker>`_ to /etc/apt/sources.lst
+   * Update your sources
+   * Install lxc-docker
+
+   You now have a Ubuntu Virtual Machine running with docker pre-installed.
+
+Connect
+-------
+
+To access the VM and use Docker, Run ``vagrant ssh`` from the same directory as where you ran
+``vagrant up``. Vagrant will connect you to the correct VM.
+
+.. code-block:: bash
+
+   vagrant ssh
+
+Run
+-----
+
+Now you are in the VM, run docker
+
+.. code-block:: bash
+
+   docker
+
+
+Continue with the :ref:`hello_world` example.
--- a/docs/sources/installation/windows.rst
+++ b/docs/sources/installation/windows.rst
@@ -3,8 +3,8 @@
 :keywords: Docker, Docker documentation, Windows, requirements, virtualbox, vagrant, git, ssh, putty, cygwin


-Windows
-=========
+Windows (with Vagrant)
+======================

  Please note this is a community contributed installation path. The only 'official' installation is using the :ref:`ubuntu_linux` installation path. This version
  may be out of date because it depends on some binaries to be updated and published
--- a/docs/sources/registry/api.rst
+++ b/docs/sources/registry/api.rst
@@ -0,0 +1,468 @@
+===================
+Docker Registry API
+===================
+
+.. contents:: Table of Contents
+
+1. The 3 roles
+===============
+
+1.1 Index
+---------
+
+The Index is responsible for centralizing information about:
+- User accounts
+- Checksums of the images
+- Public namespaces
+
+The Index has different components:
+- Web UI
+- Meta-data store (comments, stars, list public repositories)
+- Authentication service
+- Tokenization
+
+The index is authoritative for those information.
+
+We expect that there will be only one instance of the index, run and managed by dotCloud.
+
+1.2 Registry
+------------
+- It stores the images and the graph for a set of repositories
+- It does not have user accounts data
+- It has no notion of user accounts or authorization
+- It delegates authentication and authorization to the Index Auth service using tokens
+- It supports different storage backends (S3, cloud files, local FS)
+- It doesn’t have a local database
+- It will be open-sourced at some point
+
+We expect that there will be multiple registries out there. To help to grasp the context, here are some examples of registries:
+
+- **sponsor registry**: such a registry is provided by a third-party hosting infrastructure as a convenience for their customers and the docker community as a whole. Its costs are supported by the third party, but the management and operation of the registry are supported by dotCloud. It features read/write access, and delegates authentication and authorization to the Index.
+- **mirror registry**: such a registry is provided by a third-party hosting infrastructure but is targeted at their customers only. Some mechanism (unspecified to date) ensures that public images are pulled from a sponsor registry to the mirror registry, to make sure that the customers of the third-party provider can “docker pull” those images locally.
+- **vendor registry**: such a registry is provided by a software vendor, who wants to distribute docker images. It would be operated and managed by the vendor. Only users authorized by the vendor would be able to get write access. Some images would be public (accessible for anyone), others private (accessible only for authorized users). Authentication and authorization would be delegated to the Index. The goal of vendor registries is to let someone do “docker pull basho/riak1.3” and automatically push from the vendor registry (instead of a sponsor registry); i.e. get all the convenience of a sponsor registry, while retaining control on the asset distribution.
+- **private registry**: such a registry is located behind a firewall, or protected by an additional security layer (HTTP authorization, SSL client-side certificates, IP address authorization...). The registry is operated by a private entity, outside of dotCloud’s control. It can optionally delegate additional authorization to the Index, but it is not mandatory.
+
+.. note::
+
+    Mirror registries and private registries which do not use the Index don’t even need to run the registry code. They can be implemented by any kind of transport implementing HTTP GET and PUT. Read-only registries can be powered by a simple static HTTP server. 
+
+.. note::
+
+    The latter implies that while HTTP is the protocol of choice for a registry, multiple schemes are possible (and in some cases, trivial):
+        - HTTP with GET (and PUT for read-write registries);
+        - local mount point;
+        - remote docker addressed through SSH.
+
+The latter would only require two new commands in docker, e.g. “registryget” and “registryput”, wrapping access to the local filesystem (and optionally doing consistency checks). Authentication and authorization are then delegated to SSH (e.g. with public keys).
+
+1.3 Docker
+----------
+
+On top of being a runtime for LXC, Docker is the Registry client. It supports:
+- Push / Pull on the registry
+- Client authentication on the Index
+
+2. Workflow
+===========
+
+2.1 Pull
+--------
+
+.. image:: /static_files/docker_pull_chart.png
+
+1. Contact the Index to know where I should download “samalba/busybox”
+2. Index replies:
+   a. “samalba/busybox” is on Registry A
+   b. here are the checksums for “samalba/busybox” (for all layers)
+   c. token
+3. Contact Registry A to receive the layers for “samalba/busybox” (all of them to the base image). Registry A is authoritative for “samalba/busybox” but keeps a copy of all inherited layers and serve them all from the same location.
+4. registry contacts index to verify if token/user is allowed to download images
+5. Index returns true/false lettings registry know if it should proceed or error out
+6. Get the payload for all layers
+
+It’s possible to run docker pull https://<registry>/repositories/samalba/busybox. In this case, docker bypasses the Index. However the security is not guaranteed (in case Registry A is corrupted) because there won’t be any checksum checks.
+
+Currently registry redirects to s3 urls for downloads, going forward all downloads need to be streamed through the registry. The Registry will then abstract the calls to S3 by a top-level class which implements sub-classes for S3 and local storage.
+
+Token is only returned when the 'X-Docker-Token' header is sent with request.
+
+Basic Auth is required to pull private repos. Basic auth isn't required for pulling public repos, but if one is provided, it needs to be valid and for an active account.
+
+API (pulling repository foo/bar):
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. (Docker -> Index) GET /v1/repositories/foo/bar/images
+    **Headers**:
+        Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+        X-Docker-Token: true
+    **Action**:
+        (looking up the foo/bar in db and gets images and checksums for that repo (all if no tag is specified, if tag, only checksums for those tags) see part 4.4.1)
+
+2. (Index -> Docker) HTTP 200 OK
+
+    **Headers**:
+        - Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+        - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io]
+    **Body**:
+        Jsonified checksums (see part 4.4.1)
+
+3. (Docker -> Registry) GET /v1/repositories/foo/bar/tags/latest
+    **Headers**: 
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+
+4. (Registry -> Index) GET /v1/repositories/foo/bar/images
+
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=read
+
+    **Body**:
+        <ids and checksums in payload>
+
+    **Action**:
+        ( Lookup token see if they have access to pull.)
+
+        If good: 
+            HTTP 200 OK
+            Index will invalidate the token
+        If bad: 
+            HTTP 401 Unauthorized
+
+5. (Docker -> Registry) GET /v1/images/928374982374/ancestry
+    **Action**:
+        (for each image id returned in the registry, fetch /json + /layer)
+
+.. note::
+
+    If someone makes a second request, then we will always give a new token, never reuse tokens.
+
+2.2 Push
+--------
+
+.. image:: /static_files/docker_push_chart.png
+
+1. Contact the index to allocate the repository name “samalba/busybox” (authentication required with user credentials)
+2. If authentication works and namespace available, “samalba/busybox” is allocated and a temporary token is returned (namespace is marked as initialized in index)
+3. Push the image on the registry (along with the token)
+4. Registry A contacts the Index to verify the token (token must corresponds to the repository name)
+5. Index validates the token. Registry A starts reading the stream pushed by docker and store the repository (with its images)
+6. docker contacts the index to give checksums for upload images
+
+.. note::
+
+    **It’s possible not to use the Index at all!** In this case, a deployed version of the Registry is deployed to store and serve images. Those images are not authentified and the security is not guaranteed.
+
+.. note::
+
+    **Index can be replaced!** For a private Registry deployed, a custom Index can be used to serve and validate token according to different policies.
+
+Docker computes the checksums and submit them to the Index at the end of the push. When a repository name does not have checksums on the Index, it means that the push is in progress (since checksums are submitted at the end).
+
+API (pushing repos foo/bar):
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. (Docker -> Index) PUT /v1/repositories/foo/bar/
+    **Headers**:
+        Authorization: Basic sdkjfskdjfhsdkjfh==
+        X-Docker-Token: true
+
+    **Action**::
+        - in index, we allocated a new repository, and set to initialized
+
+    **Body**::
+        (The body contains the list of images that are going to be pushed, with empty checksums. The checksums will be set at the end of the push)::
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}]
+
+2. (Index -> Docker) 200 Created
+    **Headers**:
+        - WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=write
+        - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io]
+
+3. (Docker -> Registry) PUT /v1/images/98765432_parent/json
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+
+4. (Registry->Index) GET /v1/repositories/foo/bar/images
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+    **Action**::
+        - Index: 
+            will invalidate the token.
+        - Registry: 
+            grants a session (if token is approved) and fetches the images id
+
+5. (Docker -> Registry) PUT /v1/images/98765432_parent/json
+    **Headers**::
+        - Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+        - Cookie: (Cookie provided by the Registry)
+
+6. (Docker -> Registry) PUT /v1/images/98765432/json
+    **Headers**:
+        Cookie: (Cookie provided by the Registry)
+
+7. (Docker -> Registry) PUT /v1/images/98765432_parent/layer
+    **Headers**:
+        Cookie: (Cookie provided by the Registry)
+
+8. (Docker -> Registry) PUT /v1/images/98765432/layer
+    **Headers**:
+        X-Docker-Checksum: sha256:436745873465fdjkhdfjkgh
+
+9. (Docker -> Registry) PUT /v1/repositories/foo/bar/tags/latest
+    **Headers**:
+        Cookie: (Cookie provided by the Registry)
+    **Body**:
+        “98765432”
+
+10. (Docker -> Index) PUT /v1/repositories/foo/bar/images
+
+    **Headers**:
+        Authorization: Basic 123oislifjsldfj==
+        X-Docker-Endpoints: registry1.docker.io (no validation on this right now)
+
+    **Body**:
+        (The image, id’s, tags and checksums)
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, 
+        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+
+    **Return** HTTP 204
+
+.. note::
+
+     If push fails and they need to start again, what happens in the index, there will already be a record for the namespace/name, but it will be initialized. Should we allow it, or mark as name already used? One edge case could be if someone pushes the same thing at the same time with two different shells.
+
+     If it's a retry on the Registry, Docker has a cookie (provided by the registry after token validation). So the Index won’t have to provide a new token.
+
+3. How to use the Registry in standalone mode
+=============================================
+
+The Index has two main purposes (along with its fancy social features):
+
+- Resolve short names (to avoid passing absolute URLs all the time)
+   - username/projectname -> https://registry.docker.io/users/<username>/repositories/<projectname>/
+   - team/projectname -> https://registry.docker.io/team/<team>/repositories/<projectname>/
+- Authenticate a user as a repos owner (for a central referenced repository)
+
+3.1 Without an Index
+--------------------
+Using the Registry without the Index can be useful to store the images on a private network without having to rely on an external entity controlled by dotCloud.
+
+In this case, the registry will be launched in a special mode (--standalone? --no-index?). In this mode, the only thing which changes is that Registry will never contact the Index to verify a token. It will be the Registry owner responsibility to authenticate the user who pushes (or even pulls) an image using any mechanism (HTTP auth, IP based, etc...).
+
+In this scenario, the Registry is responsible for the security in case of data corruption since the checksums are not delivered by a trusted entity.
+
+As hinted previously, a standalone registry can also be implemented by any HTTP server handling GET/PUT requests (or even only GET requests if no write access is necessary).
+
+3.2 With an Index
+-----------------
+
+The Index data needed by the Registry are simple:
+- Serve the checksums
+- Provide and authorize a Token
+
+In the scenario of a Registry running on a private network with the need of centralizing and authorizing, it’s easy to use a custom Index.
+
+The only challenge will be to tell Docker to contact (and trust) this custom Index. Docker will be configurable at some point to use a specific Index, it’ll be the private entity responsibility (basically the organization who uses Docker in a private environment) to maintain the Index and the Docker’s configuration among its consumers.
+
+4. The API
+==========
+
+The first version of the api is available here: https://github.com/jpetazzo/docker/blob/acd51ecea8f5d3c02b00a08176171c59442df8b3/docs/images-repositories-push-pull.md
+
+4.1 Images
+----------
+
+The format returned in the images is not defined here (for layer and json), basically because Registry stores exactly the same kind of information as Docker uses to manage them.
+
+The format of ancestry is a line-separated list of image ids, in age order. I.e. the image’s parent is on the last line, the parent of the parent on the next-to-last line, etc.; if the image has no parent, the file is empty.
+
+GET /v1/images/<image_id>/layer
+PUT /v1/images/<image_id>/layer
+GET /v1/images/<image_id>/json
+PUT /v1/images/<image_id>/json
+GET /v1/images/<image_id>/ancestry
+PUT /v1/images/<image_id>/ancestry
+
+4.2 Users
+---------
+
+4.2.1 Create a user (Index)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+POST /v1/users
+
+**Body**:
+    {"email": "sam@dotcloud.com", "password": "toto42", "username": "foobar"'}
+
+**Validation**:
+    - **username** : min 4 character, max 30 characters, all lowercase no special characters. 
+    - **password**: min 5 characters
+
+**Valid**: return HTTP 200
+
+Errors: HTTP 400 (we should create error codes for possible errors)
+- invalid json
+- missing field
+- wrong format (username, password, email, etc)
+- forbidden name
+- name already exists
+
+.. note::
+
+    A user account will be valid only if the email has been validated (a validation link is sent to the email address).
+
+4.2.2 Update a user (Index)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+PUT /v1/users/<username>
+
+**Body**:
+    {"password": "toto"}
+
+.. note::
+
+    We can also update email address, if they do, they will need to reverify their new email address.
+
+4.2.3 Login (Index)
+^^^^^^^^^^^^^^^^^^^
+Does nothing else but asking for a user authentication. Can be used to validate credentials. HTTP Basic Auth for now, maybe change in future.
+
+GET /v1/users
+
+**Return**:
+    - Valid: HTTP 200
+    - Invalid login: HTTP 401
+    - Account inactive: HTTP 403 Account is not Active
+
+4.3 Tags (Registry)
+-------------------
+
+The Registry does not know anything about users. Even though repositories are under usernames, it’s just a namespace for the registry. Allowing us to implement organizations or different namespaces per user later, without modifying the Registry’s API.
+
+4.3.1 Get all tags
+^^^^^^^^^^^^^^^^^^
+
+GET /v1/repositories/<namespace>/<repository_name>/tags
+
+**Return**: HTTP 200
+    {
+    "latest": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f",
+    “0.1.1”:  “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”
+    }
+
+4.3.2 Read the content of a tag (resolve the image id)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+GET /v1/repositories/<namespace>/<repo_name>/tags/<tag>
+
+**Return**:
+    "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f"
+
+4.3.3 Delete a tag (registry)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+DELETE /v1/repositories/<namespace>/<repo_name>/tags/<tag>
+
+4.4 Images (Index)
+------------------
+
+For the Index to “resolve” the repository name to a Registry location, it uses the X-Docker-Endpoints header. In other terms, this requests always add a “X-Docker-Endpoints” to indicate the location of the registry which hosts this repository.
+
+4.4.1 Get the images
+^^^^^^^^^^^^^^^^^^^^^
+
+GET /v1/repositories/<namespace>/<repo_name>/images
+
+**Return**: HTTP 200
+    [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+
+
+4.4.2 Add/update the images
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You always add images, you never remove them.
+
+PUT /v1/repositories/<namespace>/<repo_name>/images
+
+**Body**:
+    [ {“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”} ]
+    
+**Return** 204
+
+5. Chaining Registries
+======================
+
+It’s possible to chain Registries server for several reasons:
+- Load balancing
+- Delegate the next request to another server
+
+When a Registry is a reference for a repository, it should host the entire images chain in order to avoid breaking the chain during the download.
+
+The Index and Registry use this mechanism to redirect on one or the other.
+
+Example with an image download:
+On every request, a special header can be returned:
+
+X-Docker-Endpoints: server1,server2
+
+On the next request, the client will always pick a server from this list.
+
+6. Authentication & Authorization
+=================================
+
+6.1 On the Index
+-----------------
+
+The Index supports both “Basic” and “Token” challenges. Usually when there is a “401 Unauthorized”, the Index replies this::
+
+    401 Unauthorized
+    WWW-Authenticate: Basic realm="auth required",Token
+
+You have 3 options:
+
+1. Provide user credentials and ask for a token
+
+    **Header**:
+        - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+        - X-Docker-Token: true
+
+    In this case, along with the 200 response, you’ll get a new token (if user auth is ok):
+    If authorization isn't correct you get a 401 response.
+    If account isn't active you will get a 403 response.
+
+    **Response**:
+        - 200 OK
+        - X-Docker-Token: Token signature=123abc,repository=”foo/bar”,access=read
+
+2. Provide user credentials only
+
+    **Header**:
+        Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+
+3. Provide Token
+
+    **Header**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=read
+
+6.2 On the Registry
+-------------------
+
+The Registry only supports the Token challenge::
+
+    401 Unauthorized
+    WWW-Authenticate: Token
+
+The only way is to provide a token on “401 Unauthorized” responses::
+
+    Authorization: Token signature=123abc,repository=”foo/bar”,access=read
+
+Usually, the Registry provides a Cookie when a Token verification succeeded. Every time the Registry passes a Cookie, you have to pass it back the same cookie.::
+
+    200 OK
+    Set-Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=&timestamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="; Path=/; HttpOnly
+
+Next request::
+
+    GET /(...)
+    Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=&timestamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="
--- a/Show More
+++ b/Show More