Bump to v0.5.2

Change daemon to listen on unix socket by default
Conflicts: docs/sources/api/docker_remote_api.rst
2026-01-16 18:31:41 +00:00 · 2013-08-09 00:17:35 +00:00 · 2013-08-09 00:16:43 +00:00 · 2013-08-08 23:27:55 +00:00 · 2013-08-08 23:22:14 +00:00 · 2013-08-05 12:10:03 -07:00
262 changed files with 27852 additions and 4991 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,4 @@ docs/_build
 docs/_static
 docs/_templates
 .gopath/
+.dotcloud
--- a/.mailmap
+++ b/.mailmap
@@ -2,7 +2,7 @@
 <charles.hooper@dotcloud.com> <chooper@plumata.com> 
 <daniel.mizyrycki@dotcloud.com> <daniel@dotcloud.com>
 <daniel.mizyrycki@dotcloud.com> <mzdaniel@glidelink.net>
-Guillaume J. Charmes <guillaume.charmes@dotcloud.com> creack <charmes.guillaume@gmail.com>
+Guillaume J. Charmes <guillaume.charmes@dotcloud.com> <charmes.guillaume@gmail.com>
 <guillaume.charmes@dotcloud.com> <guillaume@dotcloud.com>
 <kencochrane@gmail.com> <KenCochrane@gmail.com>
 <sridharr@activestate.com> <github@srid.name>
@@ -14,3 +14,14 @@ Joffrey F <joffrey@dotcloud.com>
 <joffrey@dotcloud.com> <f.joffrey@gmail.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
 Andy Smith <github@anarkystic.com>
+<kalessin@kalessin.fr> <louis@dotcloud.com>
+<victor.vieux@dotcloud.com> <victor@dotcloud.com>
+<victor.vieux@dotcloud.com> <dev@vvieux.com>
+<dominik@honnef.co> <dominikh@fork-bomb.org>
+Thatcher Peskens <thatcher@dotcloud.com>
+<ehanchrow@ine.com> <eric.hanchrow@gmail.com>
+Walter Stanish <walter@pratyeka.org>
+<daniel@gasienica.ch> <dgasienica@zynga.com>
+Roberto Hashioka <roberto_hashioka@hotmail.com>
+Konstantin Pelykh <kpelykh@zettaset.com>
+David Sissitka <me@dsissitka.com>
--- a/77
+++ b/77
@@ -1,38 +1,113 @@
+# This file lists all individuals having contributed content to the repository.
+# If you're submitting a patch, please add your name here in alphabetical order as part of the patch.
+#
+# For a list of active project maintainers, see the MAINTAINERS file.
+#
+Al Tobey <al@ooyala.com>
+Alex Gaynor <alex.gaynor@gmail.com>
+Alexey Shamrin <shamrin@gmail.com>
 Andrea Luzzardi <aluzzardi@gmail.com>
+Andreas Tiefenthaler <at@an-ti.eu>
+Andrew Munsell <andrew@wizardapps.net>
+Andrews Medina <andrewsmedina@gmail.com>
 Andy Rothfusz <github@metaliveblog.com>
 Andy Smith <github@anarkystic.com>
+Anthony Bishopric <git@anthonybishopric.com>
 Antony Messerli <amesserl@rackspace.com>
+Barry Allard <barry.allard@gmail.com>
+Brandon Liu <bdon@bdon.org>
 Brian McCallister <brianm@skife.org>
+Bruno Bigras <bigras.bruno@gmail.com>
 Caleb Spare <cespare@gmail.com>
+Calen Pennington <cale@edx.org>
 Charles Hooper <charles.hooper@dotcloud.com>
+Christopher Currie <codemonkey+github@gmail.com>
+Daniel Gasienica <daniel@gasienica.ch>
 Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com>
 Daniel Robinson <gottagetmac@gmail.com>
+Daniel Von Fange <daniel@leancoder.com>
+Daniel YC Lin <dlin.tw@gmail.com>
+David Calavera <david.calavera@gmail.com>
+David Sissitka <me@dsissitka.com>
 Dominik Honnef <dominik@honnef.co>
 Don Spaulding <donspauldingii@gmail.com>
+Dr Nic Williams <drnicwilliams@gmail.com>
+Elias Probst <mail@eliasprobst.eu>
+Eric Hanchrow <ehanchrow@ine.com>
+Eric Myhre <hash@exultant.us>
+Erno Hopearuoho <erno.hopearuoho@gmail.com>
+Evan Wies <evan@neomantra.net>
 ezbercih <cem.ezberci@gmail.com>
+Fabrizio Regini <freegenie@gmail.com>
+Flavio Castelli <fcastelli@suse.com>
+Francisco Souza <f@souza.cc>
 Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
+Gabriel Monroy <gabriel@opdemand.com>
+Gareth Rushgrove <gareth@morethanseven.net>
 Guillaume J. Charmes <guillaume.charmes@dotcloud.com>
+Harley Laue <losinggeneration@gmail.com>
 Hunter Blanks <hunter@twilio.com>
 Jeff Lindsay <progrium@gmail.com>
 Jeremy Grosser <jeremy@synack.me>
 Joffrey F <joffrey@dotcloud.com>
+Johan Euphrosine <proppy@google.com>
 John Costa <john.costa@gmail.com>
+Jon Wedaman <jweede@gmail.com>
+Jonas Pfenniger <jonas@pfenniger.name>
 Jonathan Rudenberg <jonathan@titanous.com>
+Joseph Anthony Pasquale Holsten <joseph@josephholsten.com>
 Julien Barbier <write0@gmail.com>
 Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>
+Karan Lyons <karan@karanlyons.com>
+Keli Hu <dev@keli.hu>
 Ken Cochrane <kencochrane@gmail.com>
 Kevin J. Lynagh <kevin@keminglabs.com>
+kim0 <email.ahmedkamal@googlemail.com>
+Kimbro Staken <kstaken@kstaken.com>
+Kiran Gangadharan <kiran.daredevil@gmail.com>
+Konstantin Pelykh <kpelykh@zettaset.com>
 Louis Opter <kalessin@kalessin.fr>
+Marco Hennings <marco.hennings@freiheit.com>
+Marcus Farkas <toothlessgear@finitebox.com>
+Mark McGranaghan <mmcgrana@gmail.com>
+Maxim Treskin <zerthurd@gmail.com>
+meejah <meejah@meejah.ca>
+Michael Crosby <crosby.michael@gmail.com>
+Mike Gaffney <mike@uberu.com>
 Mikhail Sobolev <mss@mawhrin.net>
+Nan Monnand Deng <monnand@gmail.com>
+Nate Jones <nate@endot.org>
 Nelson Chen <crazysim@gmail.com>
 Niall O'Higgins <niallo@unworkable.org>
+Nick Stenning <nick.stenning@digital.cabinet-office.gov.uk>
+Nick Stinemates <nick@stinemates.org>
+odk- <github@odkurzacz.org>
+Paul Bowsher <pbowsher@globalpersonals.co.uk>
+Paul Hammond <paul@paulhammond.org>
+Phil Spitler <pspitler@gmail.com>
 Piotr Bogdan <ppbogdan@gmail.com>
+Renato Riccieri Santos Zannon <renato.riccieri@gmail.com>
+Rhys Hiltner <rhys@twitch.tv>
+Robert Obryk <robryk@gmail.com>
+Roberto Hashioka <roberto_hashioka@hotmail.com>
+Ryan Fowler <rwfowler@gmail.com>
 Sam Alba <sam.alba@gmail.com>
+Sam J Sharpe <sam.sharpe@digital.cabinet-office.gov.uk>
 Shawn Siefkas <shawn.siefkas@meredith.com>
 Silas Sewell <silas@sewell.org>
 Solomon Hykes <solomon@dotcloud.com>
 Sridhar Ratnakumar <sridharr@activestate.com>
+Stefan Praszalowicz <stefan@greplin.com>
 Thatcher Peskens <thatcher@dotcloud.com>
+Thomas Bikeev <thomas.bikeev@mac.com>
+Thomas Hansen <thomas.hansen@gmail.com>
+Tianon Gravi <admwiggin@gmail.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
-Troy Howard <thoward37@gmail.com>
+Tobias Bieniek <Tobias.Bieniek@gmx.de>
+Tobias Schwab <tobias.schwab@dynport.de>
+Tom Hulihan <hulihan.tom159@gmail.com>
+unclejack <unclejacksons@gmail.com>
+Victor Vieux <victor.vieux@dotcloud.com>
 Vivek Agarwal <me@vivek.im>
+Walter Stanish <walter@pratyeka.org>
+Will Dietz <w@wdtz.org>
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1,268 @@
+# Changelog
+
+## 0.5.2 (2013-08-08)
+ * Builder: Forbid certain paths within docker build ADD
+ - Runtime: Change network range to avoid conflict with EC2 DNS
+ * API: Change daemon to listen on unix socket by default
+
+## 0.5.1 (2013-07-30)
+ + API: Docker client now sets useragent (RFC 2616)
+ + Runtime: Add `ps` args to `docker top`
+ + Runtime: Add support for container ID files (pidfile like)
+ + Runtime: Add container=lxc in default env
+ + Runtime: Support networkless containers with `docker run -n` and `docker -d -b=none`
+ + API: Add /events endpoint
+ + Builder: ADD command now understands URLs
+ + Builder: CmdAdd and CmdEnv now respect Dockerfile-set ENV variables
+ * Hack: Simplify unit tests with helpers
+ * Hack: Improve docker.upstart event
+ * Hack: Add coverage testing into docker-ci
+ * Runtime: Stdout/stderr logs are now stored in the same file as JSON
+ * Runtime: Allocate a /16 IP range by default, with fallback to /24. Try 12 ranges instead of 3.
+ * Runtime: Change .dockercfg format to json and support multiple auth remote
+ - Runtime: Do not override volumes from config
+ - Runtime: Fix issue with EXPOSE override
+ - Builder: Create directories with 755 instead of 700 within ADD instruction
+
+## 0.5.0 (2013-07-17)
+ + Runtime: List all processes running inside a container with 'docker top'
+ + Runtime: Host directories can be mounted as volumes with 'docker run -v'
+ + Runtime: Containers can expose public UDP ports (eg, '-p 123/udp')
+ + Runtime: Optionally specify an exact public port (eg. '-p 80:4500')
+ + Registry: New image naming scheme inspired by Go packaging convention allows arbitrary combinations of registries
+ + Builder: ENTRYPOINT instruction sets a default binary entry point to a container
+ + Builder: VOLUME instruction marks a part of the container as persistent data
+ * Builder: 'docker build' displays the full output of a build by default
+ * Runtime: 'docker login' supports additional options
+ - Runtime: Dont save a container's hostname when committing an image.
+ - Registry: Fix issues when uploading images to a private registry
+
+## 0.4.8 (2013-07-01)
+ + Builder: New build operation ENTRYPOINT adds an executable entry point to the container.
+ - Runtime: Fix a bug which caused 'docker run -d' to no longer print the container ID.
+ - Tests: Fix issues in the test suite
+
+## 0.4.7 (2013-06-28)
+ * Registry: easier push/pull to a custom registry
+ * Remote API: the progress bar updates faster when downloading and uploading large files
+ - Remote API: fix a bug in the optional unix socket transport
+ * Runtime: improve detection of kernel version
+ + Runtime: host directories can be mounted as volumes with 'docker run -b'
+ - Runtime: fix an issue when only attaching to stdin
+ * Runtime: use 'tar --numeric-owner' to avoid uid mismatch across multiple hosts
+ * Hack: improve test suite and dev environment
+ * Hack: remove dependency on unit tests on 'os/user'
+ + Documentation: add terminology section
+
+## 0.4.6 (2013-06-22)
+ - Runtime: fix a bug which caused creation of empty images (and volumes) to crash.
+
+## 0.4.5 (2013-06-21)
+ + Builder: 'docker build git://URL' fetches and builds a remote git repository
+ * Runtime: 'docker ps -s' optionally prints container size
+ * Tests: Improved and simplified
+ - Runtime: fix a regression introduced in 0.4.3 which caused the logs command to fail.
+ - Builder: fix a regression when using ADD with single regular file.
+
+## 0.4.4 (2013-06-19)
+ - Builder: fix a regression introduced in 0.4.3 which caused builds to fail on new clients.
+
+## 0.4.3 (2013-06-19)
+ + Builder: ADD of a local file will detect tar archives and unpack them
+ * Runtime: Remove bsdtar dependency
+ * Runtime: Add unix socket and multiple -H support
+ * Runtime: Prevent rm of running containers
+ * Runtime: Use go1.1 cookiejar
+ * Builder: ADD improvements: use tar for copy + automatically unpack local archives
+ * Builder: ADD uses tar/untar for copies instead of calling 'cp -ar'
+ * Builder: nicer output for 'docker build'
+ * Builder: fixed the behavior of ADD to be (mostly) reverse-compatible, predictable and well-documented.
+ * Client: HumanReadable ProgressBar sizes in pull
+ * Client: Fix docker version's git commit output
+ * API: Send all tags on History API call
+ * API: Add tag lookup to history command. Fixes #882
+ - Runtime: Fix issue detaching from running TTY container
+ - Runtime: Forbid parralel push/pull for a single image/repo. Fixes #311
+ - Runtime: Fix race condition within Run command when attaching.
+ - Builder: fix a bug which caused builds to fail if ADD was the first command
+ - Documentation: fix missing command in irc bouncer example
+
+## 0.4.2 (2013-06-17)
+ - Packaging: Bumped version to work around an Ubuntu bug
+
+## 0.4.1 (2013-06-17)
+ + Remote Api: Add flag to enable cross domain requests
+ + Remote Api/Client: Add images and containers sizes in docker ps and docker images
+ + Runtime: Configure dns configuration host-wide with 'docker -d -dns'
+ + Runtime: Detect faulty DNS configuration and replace it with a public default
+ + Runtime: allow docker run <name>:<id>
+ + Runtime: you can now specify public port (ex: -p 80:4500)
+ * Client: allow multiple params in inspect
+ * Client: Print the container id before the hijack in `docker run`
+ * Registry: add regexp check on repo's name
+ * Registry: Move auth to the client
+ * Runtime: improved image removal to garbage-collect unreferenced parents
+ * Vagrantfile: Add the rest api port to vagrantfile's port_forward
+ * Upgrade to Go 1.1
+ - Builder: don't ignore last line in Dockerfile when it doesn't end with \n
+ - Registry: Remove login check on pull
+
+## 0.4.0 (2013-06-03)
+ + Introducing Builder: 'docker build' builds a container, layer by layer, from a source repository containing a Dockerfile
+ + Introducing Remote API: control Docker programmatically using a simple HTTP/json API
+ * Runtime: various reliability and usability improvements
+
+## 0.3.4 (2013-05-30)
+ + Builder: 'docker build' builds a container, layer by layer, from a source repository containing a Dockerfile
+ + Builder: 'docker build -t FOO' applies the tag FOO to the newly built container.
+ + Runtime: interactive TTYs correctly handle window resize
+ * Runtime: fix how configuration is merged between layers
+ + Remote API: split stdout and stderr on 'docker run'
+ + Remote API: optionally listen on a different IP and port (use at your own risk)
+ * Documentation: improved install instructions.
+
+## 0.3.3 (2013-05-23)
+ - Registry: Fix push regression
+ - Various bugfixes
+
+## 0.3.2 (2013-05-09)
+ * Runtime: Store the actual archive on commit
+ * Registry: Improve the checksum process
+ * Registry: Use the size to have a good progress bar while pushing
+ * Registry: Use the actual archive if it exists in order to speed up the push
+ - Registry: Fix error 400 on push
+
+## 0.3.1 (2013-05-08)
+ + Builder: Implement the autorun capability within docker builder
+ + Builder: Add caching to docker builder
+ + Builder: Add support for docker builder with native API as top level command
+ + Runtime: Add go version to debug infos
+ + Builder: Implement ENV within docker builder
+ + Registry: Add docker search top level command in order to search a repository
+ + Images: output graph of images to dot (graphviz)
+ + Documentation: new introduction and high-level overview
+ + Documentation: Add the documentation for docker builder
+ + Website: new high-level overview
+ - Makefile: Swap "go get" for "go get -d", especially to compile on go1.1rc
+ - Images: fix ByParent function
+ - Builder: Check the command existance prior create and add Unit tests for the case
+ - Registry: Fix pull for official images with specific tag
+ - Registry: Fix issue when login in with a different user and trying to push
+ - Documentation: CSS fix for docker documentation to make REST API docs look better.
+ - Documentation: Fixed CouchDB example page header mistake
+ - Documentation: fixed README formatting
+ * Registry: Improve checksum - async calculation
+ * Runtime: kernel version - don't show the dash if flavor is empty
+ * Documentation: updated www.docker.io website.
+ * Builder: use any whitespaces instead of tabs
+ * Packaging: packaging ubuntu; issue #510: Use goland-stable PPA package to build docker
+
+## 0.3.0 (2013-05-06)
+ + Registry: Implement the new registry
+ + Documentation: new example: sharing data between 2 couchdb databases
+ - Runtime: Fix the command existance check
+ - Runtime: strings.Split may return an empty string on no match
+ - Runtime: Fix an index out of range crash if cgroup memory is not
+ * Documentation: Various improvments
+ * Vagrant: Use only one deb line in /etc/apt
+
+## 0.2.2 (2013-05-03)
+ + Support for data volumes ('docker run -v=PATH')
+ + Share data volumes between containers ('docker run -volumes-from')
+ + Improved documentation
+ * Upgrade to Go 1.0.3
+ * Various upgrades to the dev environment for contributors
+
+## 0.2.1 (2013-05-01)
+ + 'docker commit -run' bundles a layer with default runtime options: command, ports etc.
+ * Improve install process on Vagrant
+ + New Dockerfile operation: "maintainer"
+ + New Dockerfile operation: "expose"
+ + New Dockerfile operation: "cmd"
+ + Contrib script to build a Debian base layer
+ + 'docker -d -r': restart crashed containers at daemon startup
+ * Runtime: improve test coverage
+
+## 0.2.0 (2013-04-23)
+ - Runtime: ghost containers can be killed and waited for
+ * Documentation: update install intructions
+ - Packaging: fix Vagrantfile
+ - Development: automate releasing binaries and ubuntu packages
+ + Add a changelog
+ - Various bugfixes
+
+## 0.1.8 (2013-04-22)
+ - Dynamically detect cgroup capabilities
+ - Issue stability warning on kernels <3.8
+ - 'docker push' buffers on disk instead of memory
+ - Fix 'docker diff' for removed files
+ - Fix 'docker stop' for ghost containers
+ - Fix handling of pidfile
+ - Various bugfixes and stability improvements
+
+## 0.1.7 (2013-04-18)
+ - Container ports are available on localhost
+ - 'docker ps' shows allocated TCP ports
+ - Contributors can run 'make hack' to start a continuous integration VM
+ - Streamline ubuntu packaging & uploading
+ - Various bugfixes and stability improvements
+
+## 0.1.6 (2013-04-17)
+ - Record the author an image with 'docker commit -author'
+
+## 0.1.5 (2013-04-17)
+ - Disable standalone mode
+ - Use a custom DNS resolver with 'docker -d -dns'
+ - Detect ghost containers
+ - Improve diagnosis of missing system capabilities
+ - Allow disabling memory limits at compile time
+ - Add debian packaging
+ - Documentation: installing on Arch Linux
+ - Documentation: running Redis on docker
+ - Fixed lxc 0.9 compatibility
+ - Automatically load aufs module
+ - Various bugfixes and stability improvements
+
+## 0.1.4 (2013-04-09)
+ - Full support for TTY emulation
+ - Detach from a TTY session with the escape sequence `C-p C-q`
+ - Various bugfixes and stability improvements
+ - Minor UI improvements
+ - Automatically create our own bridge interface 'docker0'
+
+## 0.1.3 (2013-04-04)
+ - Choose TCP frontend port with '-p :PORT'
+ - Layer format is versioned
+ - Major reliability improvements to the process manager
+ - Various bugfixes and stability improvements
+
+## 0.1.2 (2013-04-03)
+ - Set container hostname with 'docker run -h'
+ - Selective attach at run with 'docker run -a [stdin[,stdout[,stderr]]]'
+ - Various bugfixes and stability improvements
+ - UI polish
+ - Progress bar on push/pull
+ - Use XZ compression by default
+ - Make IP allocator lazy
+
+## 0.1.1 (2013-03-31)
+ - Display shorthand IDs for convenience
+ - Stabilize process management
+ - Layers can include a commit message
+ - Simplified 'docker attach'
+ - Fixed support for re-attaching
+ - Various bugfixes and stability improvements
+ - Auto-download at run
+ - Auto-login on push
+ - Beefed up documentation
+
+## 0.1.0 (2013-03-23)
+ - First release
+ - Implement registry in order to push/pull images
+ - TCP port allocation
+ - Fix termcaps on Linux
+ - Add documentation
+ - Add Vagrant support with Vagrantfile
+ - Add unit tests
+ - Add repository/tags to ease image management
+ - Improve the layer implementation
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,9 +1,6 @@
 # Contributing to Docker

-Want to hack on Docker? Awesome! There are instructions to get you
-started on the website: http://docker.io/gettingstarted.html
-
-They are probably not perfect, please let us know if anything feels
+Want to hack on Docker? Awesome! Here are instructions to get you started. They are probably not perfect, please let us know if anything feels
 wrong or incomplete.

 ## Contribution guidelines
@@ -91,3 +88,73 @@ Add your name to the AUTHORS file, but make sure the list is sorted and your
 name and email address match your git configuration. The AUTHORS file is
 regenerated occasionally from the git commit history, so a mismatch may result
 in your changes being overwritten.
+
+
+## Decision process
+
+### How are decisions made?
+
+Short answer: with pull requests to the docker repository.
+
+Docker is an open-source project with an open design philosophy. This means that the repository is the source of truth for EVERY aspect of the project,
+including its philosophy, design, roadmap and APIs. *If it's part of the project, it's in the repo. It's in the repo, it's part of the project.*
+
+As a result, all decisions can be expressed as changes to the repository. An implementation change is a change to the source code. An API change is a change to
+the API specification. A philosophy change is a change to the philosophy manifesto. And so on.
+
+All decisions affecting docker, big and small, follow the same 3 steps:
+
+* Step 1: Open a pull request. Anyone can do this.
+
+* Step 2: Discuss the pull request. Anyone can do this.
+
+* Step 3: Accept or refuse a pull request. The relevant maintainer does this (see below "Who decides what?")
+
+
+### Who decides what?
+
+So all decisions are pull requests, and the relevant maintainer makes the decision by accepting or refusing the pull request.
+But how do we identify the relevant maintainer for a given pull request?
+
+Docker follows the timeless, highly efficient and totally unfair system known as [Benevolent dictator for life](http://en.wikipedia.org/wiki/Benevolent_Dictator_for_Life),
+with yours truly, Solomon Hykes, in the role of BDFL.
+This means that all decisions are made by default by me. Since making every decision myself would be highly unscalable, in practice decisions are spread across multiple maintainers.
+
+The relevant maintainer for a pull request is assigned in 3 steps:
+
+* Step 1: Determine the subdirectory affected by the pull request. This might be src/registry, docs/source/api, or any other part of the repo.
+
+* Step 2: Find the MAINTAINERS file which affects this directory. If the directory itself does not have a MAINTAINERS file, work your way up the the repo hierarchy until you find one.
+
+* Step 3: The first maintainer listed is the primary maintainer. The pull request is assigned to him. He may assign it to other listed maintainers, at his discretion.
+
+
+### I'm a maintainer, should I make pull requests too?
+
+Primary maintainers are not required to create pull requests when changing their own subdirectory, but secondary maintainers are.
+
+### Who assigns maintainers?
+
+Solomon.
+
+### How can I become a maintainer?
+
+* Step 1: learn the component inside out
+* Step 2: make yourself useful by contributing code, bugfixes, support etc.
+* Step 3: volunteer on the irc channel (#docker@freenode)
+
+Don't forget: being a maintainer is a time investment. Make sure you will have time to make yourself available.
+You don't have to be a maintainer to make a difference on the project!
+
+### What are a maintainer's responsibility?
+
+It is every maintainer's responsibility to:
+
+* 1) Expose a clear roadmap for improving their component.
+* 2) Deliver prompt feedback and decisions on pull requests.
+* 3) Be available to anyone with questions, bug reports, criticism etc. on their component. This includes irc, github requests and the mailing list.
+* 4) Make sure their component respects the philosophy, design and roadmap of the project.
+
+### How is this process changed?
+
+Just like everything else: by making a pull request :)
--- a/30
+++ b/30
@@ -0,0 +1,30 @@
+# This file describes the standard way to build Docker, using docker
+docker-version 0.4.2
+from	ubuntu:12.04
+maintainer	Solomon Hykes <solomon@dotcloud.com>
+# Build dependencies
+run	apt-get install -y -q curl
+run	apt-get install -y -q git
+# Install Go
+run	curl -s https://go.googlecode.com/files/go1.1.1.linux-amd64.tar.gz | tar -v -C /usr/local -xz
+env	PATH	/usr/local/go/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
+env	GOPATH	/go
+env	CGO_ENABLED 0
+run	cd /tmp && echo 'package main' > t.go && go test -a -i -v
+# Download dependencies
+run	PKG=github.com/kr/pty REV=27435c699;		 git clone http://$PKG /go/src/$PKG && cd /go/src/$PKG && git checkout -f $REV
+run	PKG=github.com/gorilla/context/ REV=708054d61e5; git clone http://$PKG /go/src/$PKG && cd /go/src/$PKG && git checkout -f $REV
+run	PKG=github.com/gorilla/mux/ REV=9b36453141c;	 git clone http://$PKG /go/src/$PKG && cd /go/src/$PKG && git checkout -f $REV
+# Run dependencies
+run	apt-get install -y iptables
+# lxc requires updating ubuntu sources
+run	echo 'deb http://archive.ubuntu.com/ubuntu precise main universe' > /etc/apt/sources.list
+run	apt-get update
+run	apt-get install -y lxc
+run	apt-get install -y aufs-tools
+# Upload docker source
+add	.       /go/src/github.com/dotcloud/docker
+# Build the binary
+run	cd /go/src/github.com/dotcloud/docker/docker && go install -ldflags "-X main.GITCOMMIT '??' -d -w"
+env	PATH	/usr/local/go/bin:/go/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
+cmd	["docker"]
--- a/36
+++ b/36
@@ -0,0 +1,36 @@
+
+## FIXME
+
+This file is a loose collection of things to improve in the codebase, for the internal
+use of the maintainers.
+
+They are not big enough to be in the roadmap, not user-facing enough to be github issues,
+and not important enough to be discussed in the mailing list.
+
+They are just like FIXME comments in the source code, except we're not sure where in the source
+to put them - so we put them here :)
+
+
+* Merge Runtime, Server and Builder into Runtime
+* Run linter on codebase
+* Unify build commands and regular commands
+* Move source code into src/ subdir for clarity
+* Clean up the Makefile, it's a mess
+* docker build: on non-existent local path for ADD, don't show full absolute path on the host
+* mount into /dockerinit rather than /sbin/init
+* docker tag foo REPO:TAG
+* use size header for progress bar in pull
+* Clean up context upload in build!!!
+* Parallel pull
+* Ensure /proc/sys/net/ipv4/ip_forward is 1
+* Force DNS to public!
+* Always generate a resolv.conf per container, to avoid changing resolv.conf under thne container's feet
+* Save metadata with import/export
+* Upgrade dockerd without stopping containers
+* bring back git revision info, looks like it was lost
+* Simple command to remove all untagged images
+* Simple command to clean up containers for disk space
+* Caching after an ADD
+* entry point config
+* bring back git revision info, looks like it was lost
+* Clean up the ProgressReader api, it's a PITA to use
--- a/5
+++ b/5
@@ -0,0 +1,5 @@
+Solomon Hykes <solomon@dotcloud.com>
+Guillaume Charmes <guillaume@dotcloud.com>
+Victor Vieux <victor@dotcloud.com>
+api.go: Victor Vieux <victor@dotcloud.com>
+Vagrantfile: Daniel Mizyrycki <daniel@dotcloud.com>
--- a/58
+++ b/58
@@ -1,11 +1,17 @@
 DOCKER_PACKAGE := github.com/dotcloud/docker
+RELEASE_VERSION := $(shell git tag | grep -E "v[0-9\.]+$$" | sort -nr | head -n 1)
+SRCRELEASE := docker-$(RELEASE_VERSION)
+BINRELEASE := docker-$(RELEASE_VERSION).tgz
+BUILD_SRC := build_src
+BUILD_PATH := ${BUILD_SRC}/src/${DOCKER_PACKAGE}

+GIT_ROOT := $(shell git rev-parse --show-toplevel)
 BUILD_DIR := $(CURDIR)/.gopath

 GOPATH ?= $(BUILD_DIR)
 export GOPATH

-GO_OPTIONS ?=
+GO_OPTIONS ?= -a -ldflags='-w -d'
 ifeq ($(VERBOSE), 1)
 GO_OPTIONS += -v
 endif
@@ -13,7 +19,7 @@ endif
 GIT_COMMIT = $(shell git rev-parse --short HEAD)
 GIT_STATUS = $(shell test -n "`git status --porcelain`" && echo "+CHANGES")

-BUILD_OPTIONS = -ldflags "-X main.GIT_COMMIT $(GIT_COMMIT)$(GIT_STATUS)"
+BUILD_OPTIONS = -a -ldflags "-X main.GITCOMMIT $(GIT_COMMIT)$(GIT_STATUS) -d -w"

 SRC_DIR := $(GOPATH)/src

@@ -23,18 +29,42 @@ DOCKER_MAIN := $(DOCKER_DIR)/docker
 DOCKER_BIN_RELATIVE := bin/docker
 DOCKER_BIN := $(CURDIR)/$(DOCKER_BIN_RELATIVE)

-.PHONY: all clean test
+.PHONY: all clean test hack release srcrelease $(BINRELEASE) $(SRCRELEASE) $(DOCKER_BIN) $(DOCKER_DIR)

 all: $(DOCKER_BIN)

 $(DOCKER_BIN): $(DOCKER_DIR)
 	@mkdir -p  $(dir $@)
-	@(cd $(DOCKER_MAIN); go get $(GO_OPTIONS); go build $(GO_OPTIONS) $(BUILD_OPTIONS) -o $@)
+	@(cd $(DOCKER_MAIN); CGO_ENABLED=0 go build $(GO_OPTIONS) $(BUILD_OPTIONS) -o $@)
 	@echo $(DOCKER_BIN_RELATIVE) is created.

 $(DOCKER_DIR):
 	@mkdir -p $(dir $@)
-	@ln -sf $(CURDIR)/ $@
+	@if [ -h $@ ]; then rm -f $@; fi; ln -sf $(CURDIR)/ $@
+	@(cd $(DOCKER_MAIN); go get -d $(GO_OPTIONS))
+
+whichrelease:
+	echo $(RELEASE_VERSION)
+
+release: $(BINRELEASE)
+	s3cmd -P put $(BINRELEASE) s3://get.docker.io/builds/`uname -s`/`uname -m`/docker-$(RELEASE_VERSION).tgz
+	s3cmd -P put docker-latest.tgz s3://get.docker.io/builds/`uname -s`/`uname -m`/docker-latest.tgz
+	s3cmd -P put $(SRCRELEASE)/bin/docker s3://get.docker.io/builds/`uname -s`/`uname -m`/docker
+
+srcrelease: $(SRCRELEASE)
+deps: $(DOCKER_DIR)
+
+# A clean checkout of $RELEASE_VERSION, with vendored dependencies
+$(SRCRELEASE):
+	rm -fr $(SRCRELEASE)
+	git clone $(GIT_ROOT) $(SRCRELEASE)
+	cd $(SRCRELEASE); git checkout -q $(RELEASE_VERSION)
+
+# A binary release ready to be uploaded to a mirror
+$(BINRELEASE): $(SRCRELEASE)
+	rm -f $(BINRELEASE)
+	cd $(SRCRELEASE); make; cp -R bin docker-$(RELEASE_VERSION); tar -f ../$(BINRELEASE) -zv -c docker-$(RELEASE_VERSION)
+	cd $(SRCRELEASE); cp -R bin docker-latest; tar -f ../docker-latest.tgz -zv -c docker-latest

 clean:
 	@rm -rf $(dir $(DOCKER_BIN))
@@ -44,8 +74,22 @@ else ifneq ($(DOCKER_DIR), $(realpath $(DOCKER_DIR)))
 	@rm -f $(DOCKER_DIR)
 endif

-test: all
-	@(cd $(DOCKER_DIR); sudo -E go test $(GO_OPTIONS))
+test:
+	# Copy docker source and dependencies for testing
+	rm -rf ${BUILD_SRC}; mkdir -p ${BUILD_PATH}
+	tar --exclude=${BUILD_SRC} -cz . | tar -xz -C ${BUILD_PATH}
+	GOPATH=${CURDIR}/${BUILD_SRC} go get -d
+	# Do the test
+	sudo -E GOPATH=${CURDIR}/${BUILD_SRC} CGO_ENABLED=0 go test ${GO_OPTIONS}
+
+testall: all
+	@(cd $(DOCKER_DIR); CGO_ENABLED=0 sudo -E go test ./... $(GO_OPTIONS))

 fmt:
 	@gofmt -s -l -w .
+
+hack:
+	cd $(CURDIR)/hack && vagrant up
+
+ssh-dev:
+	cd $(CURDIR)/hack && vagrant ssh
--- a/7
+++ b/7
@@ -3,4 +3,9 @@ Copyright 2012-2013 dotCloud, inc.

 This product includes software developed at dotCloud, inc. (http://www.dotcloud.com).

-This product contains software (https://github.com/kr/pty) developed by Keith Rarick, licensed under the MIT License.
+This product contains software (https://github.com/kr/pty) developed by Keith Rarick, licensed under the MIT License.
+
+Transfers of Docker shall be in accordance with applicable export controls of any country and all other applicable
+legal requirements.  Docker shall not be distributed or downloaded to or in Cuba, Iran, North Korea, Sudan or Syria
+and shall not be distributed or downloaded to any person on the Denied Persons List administered by the U.S.
+Department of Commerce.
--- a/README.md
+++ b/README.md
@@ -1,149 +1,228 @@
-Docker: the Linux container runtime
-===================================
+Docker: the Linux container engine
+==================================

-Docker complements LXC with a high-level API which operates at the process level. It runs unix processes with strong guarantees of isolation and repeatability across servers.
+Docker is an open-source engine which automates the deployment of
+applications as highly portable, self-sufficient containers.

-Docker is a great building block for automating distributed systems: large-scale web deployments, database clusters, continuous deployment systems, private PaaS, service-oriented architectures, etc.
+Docker containers are both *hardware-agnostic* and
+*platform-agnostic*. This means that they can run anywhere, from your
+laptop to the largest EC2 compute instance and everything in between -
+and they don't require that you use a particular language, framework
+or packaging system. That makes them great building blocks for
+deploying and scaling web apps, databases and backend services without
+depending on a particular stack or provider.

-![Docker L](docs/sources/static_files/lego_docker.jpg "Docker")
+Docker is an open-source implementation of the deployment engine which
+powers [dotCloud](http://dotcloud.com), a popular
+Platform-as-a-Service.  It benefits directly from the experience
+accumulated over several years of large-scale operation and support of
+hundreds of thousands of applications and databases.

-* *Heterogeneous payloads*: any combination of binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, you name it. No more juggling between domain-specific tools. Docker can deploy and run them all.
+![Docker L](docs/sources/concepts/images/dockerlogo-h.png "Docker")

-* *Any server*: docker can run on any x64 machine with a modern linux kernel - whether it's a laptop, a bare metal server or a VM. This makes it perfect for multi-cloud deployments.
+## Better than VMs

-* *Isolation*: docker isolates processes from each other and from the underlying host, using lightweight containers.
+A common method for distributing applications and sandbox their
+execution is to use virtual machines, or VMs. Typical VM formats are
+VMWare's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In
+theory these formats should allow every developer to automatically
+package their application into a "machine" for easy distribution and
+deployment. In practice, that almost never happens, for a few reasons:

-* *Repeatability*: because containers are isolated in their own filesystem, they behave the same regardless of where, when, and alongside what they run.
+  * *Size*: VMs are very large which makes them impractical to store
+     and transfer.
+  * *Performance*: running VMs consumes significant CPU and memory,
+    which makes them impractical in many scenarios, for example local
+    development of multi-tier applications, and large-scale deployment
+    of cpu and memory-intensive applications on large numbers of
+    machines.
+  * *Portability*: competing VM environments don't play well with each
+     other. Although conversion tools do exist, they are limited and
+     add even more overhead.
+  * *Hardware-centric*: VMs were designed with machine operators in
+    mind, not software developers. As a result, they offer very
+    limited tooling for what developers need most: building, testing
+    and running their software. For example, VMs offer no facilities
+    for application versioning, monitoring, configuration, logging or
+    service discovery.
+
+By contrast, Docker relies on a different sandboxing method known as
+*containerization*. Unlike traditional virtualization,
+containerization takes place at the kernel level. Most modern
+operating system kernels now support the primitives necessary for
+containerization, including Linux with [openvz](http://openvz.org),
+[vserver](http://linux-vserver.org) and more recently
+[lxc](http://lxc.sourceforge.net), Solaris with
+[zones](http://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc)
+and FreeBSD with
+[Jails](http://www.freebsd.org/doc/handbook/jails.html).
+
+Docker builds on top of these low-level primitives to offer developers
+a portable format and runtime environment that solves all 4
+problems. Docker containers are small (and their transfer can be
+optimized with layers), they have basically zero memory and cpu
+overhead, they are completely portable and are designed from the
+ground up with an application-centric design.
+
+The best part: because ``docker`` operates at the OS level, it can
+still be run inside a VM!
+
+## Plays well with others
+
+Docker does not require that you buy into a particular programming
+language, framework, packaging system or configuration language.
+
+Is your application a Unix process? Does it use files, tcp
+connections, environment variables, standard Unix streams and
+command-line arguments as inputs and outputs? Then ``docker`` can run
+it.
+
+Can your application's build be expressed as a sequence of such
+commands? Then ``docker`` can build it.


-Notable features
-----------------
+## Escape dependency hell

-* Filesystem isolation: each process container runs in a completely separate root filesystem.
+A common problem for developers is the difficulty of managing all
+their application's dependencies in a simple and automated way.

-* Resource isolation: system resources like cpu and memory can be allocated differently to each process container, using cgroups.
+This is usually difficult for several reasons:

-* Network isolation: each process container runs in its own network namespace, with a virtual interface and IP address of its own.
+  * *Cross-platform dependencies*. Modern applications often depend on
+    a combination of system libraries and binaries, language-specific
+    packages, framework-specific modules, internal components
+    developed for another project, etc. These dependencies live in
+    different "worlds" and require different tools - these tools
+    typically don't work well with each other, requiring awkward
+    custom integrations.

-* Copy-on-write: root filesystems are created using copy-on-write, which makes deployment extremely fast, memory-cheap and disk-cheap.
-
-* Logging: the standard streams (stdout/stderr/stdin) of each process container are collected and logged for real-time or batch retrieval.
-
-* Change management: changes to a container's filesystem can be committed into a new image and re-used to create more containers. No templating or manual configuration required.
-
-* Interactive shell: docker can allocate a pseudo-tty and attach to the standard input of any container, for example to run a throwaway interactive shell.
+  * Conflicting dependencies. Different applications may depend on
+    different versions of the same dependency. Packaging tools handle
+    these situations with various degrees of ease - but they all
+    handle them in different and incompatible ways, which again forces
+    the developer to do extra work.
+  
+  * Custom dependencies. A developer may need to prepare a custom
+    version of their application's dependency. Some packaging systems
+    can handle custom versions of a dependency, others can't - and all
+    of them handle it differently.


+Docker solves dependency hell by giving the developer a simple way to
+express *all* their application's dependencies in one place, and
+streamline the process of assembling them. If this makes you think of
+[XKCD 927](http://xkcd.com/927/), don't worry. Docker doesn't
+*replace* your favorite packaging systems. It simply orchestrates
+their use in a simple and repeatable way. How does it do that? With
+layers.

-Under the hood
--------------
+Docker defines a build as running a sequence of Unix commands, one
+after the other, in the same container. Build commands modify the
+contents of the container (usually by installing new files on the
+filesystem), the next command modifies it some more, etc. Since each
+build command inherits the result of the previous commands, the
+*order* in which the commands are executed expresses *dependencies*.

-Under the hood, Docker is built on the following components:
+Here's a typical Docker build process:

+```bash
+from ubuntu:12.10
+run apt-get update
+run DEBIAN_FRONTEND=noninteractive apt-get install -q -y python
+run DEBIAN_FRONTEND=noninteractive apt-get install -q -y python-pip
+run pip install django
+run DEBIAN_FRONTEND=noninteractive apt-get install -q -y curl
+run curl -L https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
+run cd helloflask-master && pip install -r requirements.txt
+```

-* The [cgroup](http://blog.dotcloud.com/kernel-secrets-from-the-paas-garage-part-24-c) and [namespacing](http://blog.dotcloud.com/under-the-hood-linux-kernels-on-dotcloud-part) capabilities of the Linux kernel;
-
-* [AUFS](http://aufs.sourceforge.net/aufs.html), a powerful union filesystem with copy-on-write capabilities;
-
-* The [Go](http://golang.org) programming language;
-
-* [lxc](http://lxc.sourceforge.net/), a set of convenience scripts to simplify the creation of linux containers.
+Note that Docker doesn't care *how* dependencies are built - as long
+as they can be built by running a Unix command in a container.


 Install instructions
 ==================

-Building from source
--------------------
-
-1. Make sure you have a [Go language](http://golang.org) compiler.
-
-    On a Debian/wheezy or Ubuntu 12.10 install the package:
-
-    ```bash
-
-    $ sudo apt-get install golang-go
-    ```
-
-2. Execute ``make``
-
-   This command will install all necessary dependencies and build the
-   executable that you can find in ``bin/docker``
-
-3. Should you like to see what's happening, run ``make`` with ``VERBOSE=1`` parameter:
-
-    ```bash
-
-    $ make VERBOSE=1
-    ```
-
-Installing on Ubuntu 12.04 and 12.10
------------------------------------
-
-1. Install dependencies:
-
-    ```bash
-    sudo apt-get install lxc wget bsdtar curl
-    sudo apt-get install linux-image-extra-`uname -r`
-    ```
-
-    The `linux-image-extra` package is needed on standard Ubuntu EC2 AMIs in order to install the aufs kernel module.
-
-2. Install the latest docker binary:
-
-    ```bash
-    wget http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-master.tgz
-    tar -xf docker-master.tgz
-    ```
-
-3. Run your first container!
-
-    ```bash
-    cd docker-master
-    sudo ./docker pull base
-    sudo ./docker run -i -t base /bin/bash
-    ```
-
-    Consider adding docker to your `PATH` for simplicity.
-
-Installing on other Linux distributions
+Quick install on Ubuntu 12.04 and 12.10
 ---------------------------------------

-Right now, the officially supported distributions are:
+```bash
+curl get.docker.io | sudo sh -x
+```

-* Ubuntu 12.04 (precise LTS)
-* Ubuntu 12.10 (quantal)
+Binary installs
+----------------

-Docker probably works on other distributions featuring a recent kernel, the AUFS patch, and up-to-date lxc. However this has not been tested.
+Docker supports the following binary installation methods.  Note that
+some methods are community contributions and not yet officially
+supported.

-Some streamlined (but possibly outdated) installation paths' are available from the website: http://docker.io/documentation/ 
+* [Ubuntu 12.04 and 12.10 (officially supported)](http://docs.docker.io/en/latest/installation/ubuntulinux/)
+* [Arch Linux](http://docs.docker.io/en/latest/installation/archlinux/)
+* [Mac OS X (with Vagrant)](http://docs.docker.io/en/latest/installation/vagrant/)
+* [Windows (with Vagrant)](http://docs.docker.io/en/latest/installation/windows/)
+* [Amazon EC2 (with Vagrant)](http://docs.docker.io/en/latest/installation/amazon/)

+Installing from source
+----------------------
+
+1. Make sure you have a [Go language](http://golang.org/doc/install)
+compiler >= 1.1 and [git](http://git-scm.com) installed.
+2. Checkout the source code
+
+   ```bash
+   git clone http://github.com/dotcloud/docker
+   ```
+
+3. Build the ``docker`` binary
+
+   ```bash
+   cd docker
+   make VERBOSE=1
+   sudo cp ./bin/docker /usr/local/bin/docker
+   ```

 Usage examples
 ==============

-Running an interactive shell
----------------------------
+First run the ``docker`` daemon
+-------------------------------
+
+All the examples assume your machine is running the ``docker``
+daemon. To run the ``docker`` daemon in the background, simply type:

 ```bash
-# Download a base image
-docker pull base
-
-# Run an interactive shell in the base image,
-# allocate a tty, attach stdin and stdout
-docker run -i -t base /bin/bash
+# On a production system you want this running in an init script
+sudo docker -d &
 ```

+Now you can run ``docker`` in client mode: all commands will be
+forwarded to the ``docker`` daemon, so the client can run from any
+account.
+
+```bash
+# Now you can run docker commands from any account.
+docker help
+```
+
+
+Throwaway shell in a base Ubuntu image
+--------------------------------------
+
+```bash
+docker pull ubuntu:12.10
+
+# Run an interactive shell, allocate a tty, attach stdin and stdout
+# To detach the tty without exiting the shell, use the escape sequence Ctrl-p + Ctrl-q
+docker run -i -t ubuntu:12.10 /bin/bash
+```

 Starting a long-running worker process
 --------------------------------------

 ```bash
-# Run docker in daemon mode
-(docker -d || echo "Docker daemon already running") &
-
 # Start a very useful long-running process
-JOB=$(docker run -d base /bin/sh -c "while true; do echo Hello world; sleep 1; done")
+JOB=$(docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done")

 # Collect the output of the job so far
 docker logs $JOB
@@ -152,25 +231,33 @@ docker logs $JOB
 docker kill $JOB
 ```

-
-Listing all running containers
------------------------------
+Running an irc bouncer
+----------------------

 ```bash
-docker ps
+BOUNCER_ID=$(docker run -d -p 6667 -u irc shykes/znc zncrun $USER $PASSWORD)
+echo "Configure your irc client to connect to port $(docker port $BOUNCER_ID 6667) of this machine"
 ```

+Running Redis
+-------------
+
+```bash
+REDIS_ID=$(docker run -d -p 6379 shykes/redis redis-server)
+echo "Configure your redis client to connect to port $(docker port $REDIS_ID 6379) of this machine"
+```

 Share your own image!
 ---------------------

 ```bash
-docker pull base
-CONTAINER=$(docker run -d base apt-get install -y curl)
+CONTAINER=$(docker run -d ubuntu:12.10 apt-get install -y curl)
 docker commit -m "Installed curl" $CONTAINER $USER/betterbase
 docker push $USER/betterbase
 ```

+A list of publicly available images is [available
+here](https://github.com/dotcloud/docker/wiki/Public-docker-images).

 Expose a service on a TCP port
 ------------------------------
@@ -183,27 +270,54 @@ JOB=$(docker run -d -p 4444 base /bin/nc -l -p 4444)
 PORT=$(docker port $JOB 4444)

 # Connect to the public port via the host's public address
-echo hello world | nc $(hostname) $PORT
+# Please note that because of how routing works connecting to localhost or 127.0.0.1 $PORT will not work.
+# Replace *eth0* according to your local interface name.
+IP=$(ip -o -4 addr list eth0 | perl -n -e 'if (m{inet\s([\d\.]+)\/\d+\s}xms) { print $1 }')
+echo hello world | nc $IP $PORT

 # Verify that the network connection worked
 echo "Daemon received: $(docker logs $JOB)"
 ```

+Under the hood
+--------------
+
+Under the hood, Docker is built on the following components:
+
+* The
+  [cgroup](http://blog.dotcloud.com/kernel-secrets-from-the-paas-garage-part-24-c)
+  and
+  [namespacing](http://blog.dotcloud.com/under-the-hood-linux-kernels-on-dotcloud-part)
+  capabilities of the Linux kernel;
+* [AUFS](http://aufs.sourceforge.net/aufs.html), a powerful union
+  filesystem with copy-on-write capabilities;
+* The [Go](http://golang.org) programming language;
+* [lxc](http://lxc.sourceforge.net/), a set of convenience scripts to
+  simplify the creation of Linux containers.
+
+
+
 Contributing to Docker
 ======================

-Want to hack on Docker? Awesome! There are instructions to get you started on the website: http://docs.docker.io/en/latest/contributing/contributing/
+Want to hack on Docker? Awesome! There are instructions to get you
+started on the website:
+http://docs.docker.io/en/latest/contributing/contributing/

-They are probably not perfect, please let us know if anything feels wrong or incomplete.
+They are probably not perfect, please let us know if anything feels
+wrong or incomplete.


 Note
 ----

-We also keep the documentation in this repository. The website documentation is generated using sphinx using these sources.
-Please find it under docs/sources/ and read more about it https://github.com/dotcloud/docker/master/docs/README.md
+We also keep the documentation in this repository. The website
+documentation is generated using Sphinx using these sources.  Please
+find it under docs/sources/ and read more about it
+https://github.com/dotcloud/docker/tree/master/docs/README.md

-Please feel free to fix / update the documentation and send us pull requests. More tutorials are also welcome.
+Please feel free to fix / update the documentation and send us pull
+requests. More tutorials are also welcome.


 Setting up a dev environment
@@ -212,14 +326,14 @@ Setting up a dev environment
 Instructions that have been verified to work on Ubuntu 12.10,

 ```bash
-sudo apt-get -y install lxc wget bsdtar curl golang git
+sudo apt-get -y install lxc curl xz-utils golang git

 export GOPATH=~/go/
 export PATH=$GOPATH/bin:$PATH

 mkdir -p $GOPATH/src/github.com/dotcloud
 cd $GOPATH/src/github.com/dotcloud
-git clone git@github.com:dotcloud/docker.git
+git clone https://github.com/dotcloud/docker.git
 cd docker

 go get -v github.com/dotcloud/docker/...
@@ -238,87 +352,104 @@ Run the `go install` command (above) to recompile docker.
 What is a Standard Container?
 =============================

-Docker defines a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in
-a format that is self-describing and portable, so that any compliant runtime can run it without extra dependencies, regardless of the underlying machine and the contents of the container.
+Docker defines a unit of software delivery called a Standard
+Container. The goal of a Standard Container is to encapsulate a
+software component and all its dependencies in a format that is
+self-describing and portable, so that any compliant runtime can run it
+without extra dependencies, regardless of the underlying machine and
+the contents of the container.

-The spec for Standard Containers is currently a work in progress, but it is very straightforward. It mostly defines 1) an image format, 2) a set of standard operations, and 3) an execution environment.
+The spec for Standard Containers is currently a work in progress, but
+it is very straightforward. It mostly defines 1) an image format, 2) a
+set of standard operations, and 3) an execution environment.

-A great analogy for this is the shipping container. Just like Standard Containers are a fundamental unit of software delivery, shipping containers (http://bricks.argz.com/ins/7823-1/12) are a fundamental unit of physical delivery.
+A great analogy for this is the shipping container. Just like how
+Standard Containers are a fundamental unit of software delivery,
+shipping containers are a fundamental unit of physical delivery.

 ### 1. STANDARD OPERATIONS

-Just like shipping containers, Standard Containers define a set of STANDARD OPERATIONS. Shipping containers can be lifted, stacked, locked, loaded, unloaded and labelled. Similarly, standard containers can be started, stopped, copied, snapshotted, downloaded, uploaded and tagged.
+Just like shipping containers, Standard Containers define a set of
+STANDARD OPERATIONS. Shipping containers can be lifted, stacked,
+locked, loaded, unloaded and labelled. Similarly, Standard Containers
+can be started, stopped, copied, snapshotted, downloaded, uploaded and
+tagged.


 ### 2. CONTENT-AGNOSTIC

-Just like shipping containers, Standard Containers are CONTENT-AGNOSTIC: all standard operations have the same effect regardless of the contents. A shipping container will be stacked in exactly the same way whether it contains Vietnamese powder coffee or spare Maserati parts. Similarly, Standard Containers are started or uploaded in the same way whether they contain a postgres database, a php application with its dependencies and application server, or Java build artifacts.
+Just like shipping containers, Standard Containers are
+CONTENT-AGNOSTIC: all standard operations have the same effect
+regardless of the contents. A shipping container will be stacked in
+exactly the same way whether it contains Vietnamese powder coffee or
+spare Maserati parts. Similarly, Standard Containers are started or
+uploaded in the same way whether they contain a postgres database, a
+php application with its dependencies and application server, or Java
+build artifacts.


 ### 3. INFRASTRUCTURE-AGNOSTIC

-Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be transported to thousands of facilities around the world, and manipulated by a wide variety of equipment. A shipping container can be packed in a factory in Ukraine, transported by truck to the nearest routing center, stacked onto a train, loaded into a German boat by an Australian-built crane, stored in a warehouse at a US facility, etc. Similarly, a standard container can be bundled on my laptop, uploaded to S3, downloaded, run and snapshotted by a build server at Equinix in Virginia, uploaded to 10 staging servers in a home-made Openstack cluster, then sent to 30 production instances across 3 EC2 regions.
+Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be
+transported to thousands of facilities around the world, and
+manipulated by a wide variety of equipment. A shipping container can
+be packed in a factory in Ukraine, transported by truck to the nearest
+routing center, stacked onto a train, loaded into a German boat by an
+Australian-built crane, stored in a warehouse at a US facility,
+etc. Similarly, a standard container can be bundled on my laptop,
+uploaded to S3, downloaded, run and snapshotted by a build server at
+Equinix in Virginia, uploaded to 10 staging servers in a home-made
+Openstack cluster, then sent to 30 production instances across 3 EC2
+regions.


 ### 4. DESIGNED FOR AUTOMATION

-Because they offer the same standard operations regardless of content and infrastructure, Standard Containers, just like their physical counterpart, are extremely well-suited for automation. In fact, you could say automation is their secret weapon.
+Because they offer the same standard operations regardless of content
+and infrastructure, Standard Containers, just like their physical
+counterparts, are extremely well-suited for automation. In fact, you
+could say automation is their secret weapon.

-Many things that once required time-consuming and error-prone human effort can now be programmed. Before shipping containers, a bag of powder coffee was hauled, dragged, dropped, rolled and stacked by 10 different people in 10 different locations by the time it reached its destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The process was slow, inefficient and cost a fortune - and was entirely different depending on the facility and the type of goods.
+Many things that once required time-consuming and error-prone human
+effort can now be programmed. Before shipping containers, a bag of
+powder coffee was hauled, dragged, dropped, rolled and stacked by 10
+different people in 10 different locations by the time it reached its
+destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The
+process was slow, inefficient and cost a fortune - and was entirely
+different depending on the facility and the type of goods.

-Similarly, before Standard Containers, by the time a software component ran in production, it had been individually built, configured, bundled, documented, patched, vendored, templated, tweaked and instrumented by 10 different people on 10 different computers. Builds failed, libraries conflicted, mirrors crashed, post-it notes were lost, logs were misplaced, cluster updates were half-broken. The process was slow, inefficient and cost a fortune - and was entirely different depending on the language and infrastructure provider.
+Similarly, before Standard Containers, by the time a software
+component ran in production, it had been individually built,
+configured, bundled, documented, patched, vendored, templated, tweaked
+and instrumented by 10 different people on 10 different
+computers. Builds failed, libraries conflicted, mirrors crashed,
+post-it notes were lost, logs were misplaced, cluster updates were
+half-broken. The process was slow, inefficient and cost a fortune -
+and was entirely different depending on the language and
+infrastructure provider.


 ### 5. INDUSTRIAL-GRADE DELIVERY

-There are 17 million shipping containers in existence, packed with every physical good imaginable. Every single one of them can be loaded on the same boats, by the same cranes, in the same facilities, and sent anywhere in the World with incredible efficiency. It is embarrassing to think that a 30 ton shipment of coffee can safely travel half-way across the World in *less time* than it takes a software team to deliver its code from one datacenter to another sitting 10 miles away.
+There are 17 million shipping containers in existence, packed with
+every physical good imaginable. Every single one of them can be loaded
+onto the same boats, by the same cranes, in the same facilities, and
+sent anywhere in the World with incredible efficiency. It is
+embarrassing to think that a 30 ton shipment of coffee can safely
+travel half-way across the World in *less time* than it takes a
+software team to deliver its code from one datacenter to another
+sitting 10 miles away.

-With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.
+With Standard Containers we can put an end to that embarrassment, by
+making INDUSTRIAL-GRADE DELIVERY of software a reality.


+### Legal

-
-Standard Container Specification
--------------------------------
-
-(TODO)
-
-### Image format
-
-
-### Standard operations
-
-* Copy
-* Run
-* Stop
-* Wait
-* Commit
-* Attach standard streams
-* List filesystem changes
-* ...
-
-### Execution environment
-
-#### Root filesystem
-
-#### Environment variables
-
-#### Process arguments
-
-#### Networking
-
-#### Process namespacing
-
-#### Resource limits
-
-#### Process monitoring
-
-#### Logging
-
-#### Signals
-
-#### Pseudo-terminal allocation
-
-#### Security
-
+Transfers of Docker shall be in accordance with applicable export
+controls of any country and all other applicable legal requirements.
+Docker shall not be distributed or downloaded to or in Cuba, Iran,
+North Korea, Sudan or Syria and shall not be distributed or downloaded
+to any person on the Denied Persons List administered by the U.S.
+Department of Commerce.

--- a/99
+++ b/99
@@ -1,47 +1,67 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :

-def v10(config)
-  config.vm.box = "quantal64_3.5.0-25"
-  config.vm.box_url = "http://get.docker.io/vbox/ubuntu/12.10/quantal64_3.5.0-25.box"
+BOX_NAME = ENV['BOX_NAME'] || "ubuntu"
+BOX_URI = ENV['BOX_URI'] || "http://files.vagrantup.com/precise64.box"
+VF_BOX_URI = ENV['BOX_URI'] || "http://files.vagrantup.com/precise64_vmware_fusion.box"
+AWS_REGION = ENV['AWS_REGION'] || "us-east-1"
+AWS_AMI    = ENV['AWS_AMI']    || "ami-d0f89fb9"
+FORWARD_DOCKER_PORTS = ENV['FORWARD_DOCKER_PORTS']

-  config.vm.share_folder "v-data", "/opt/go/src/github.com/dotcloud/docker", File.dirname(__FILE__)
+Vagrant::Config.run do |config|
+  # Setup virtual machine box. This VM configuration code is always executed.
+  config.vm.box = BOX_NAME
+  config.vm.box_url = BOX_URI
+  config.vm.forward_port 4243, 4243

-  # Ensure puppet is installed on the instance
-  config.vm.provision :shell, :inline => "apt-get -qq update; apt-get install -y puppet"
-
-  config.vm.provision :puppet do |puppet|
-    puppet.manifests_path = "puppet/manifests"
-    puppet.manifest_file  = "quantal64.pp"
-    puppet.module_path = "puppet/modules"
+  # Provision docker and new kernel if deployment was not done
+  if Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty?
+    # Add lxc-docker package
+    pkg_cmd = "apt-get update -qq; apt-get install -q -y python-software-properties; " \
+      "add-apt-repository -y ppa:dotcloud/lxc-docker; apt-get update -qq; " \
+      "apt-get install -q -y lxc-docker; "
+    # Listen on all interfaces so that the daemon is accessible from the host
+    pkg_cmd << "sed -i -E 's|    /usr/bin/docker -d|    /usr/bin/docker -d -H 0.0.0.0|' /etc/init/docker.conf;"
+    # Add X.org Ubuntu backported 3.8 kernel
+    pkg_cmd << "add-apt-repository -y ppa:ubuntu-x-swat/r-lts-backport; " \
+      "apt-get update -qq; apt-get install -q -y linux-image-3.8.0-19-generic; "
+    # Add guest additions if local vbox VM
+    is_vbox = true
+    ARGV.each do |arg| is_vbox &&= !arg.downcase.start_with?("--provider") end
+    if is_vbox
+      pkg_cmd << "apt-get install -q -y linux-headers-3.8.0-19-generic dkms; " \
+        "echo 'Downloading VBox Guest Additions...'; " \
+        "wget -q http://dlc.sun.com.edgesuite.net/virtualbox/4.2.12/VBoxGuestAdditions_4.2.12.iso; "
+      # Prepare the VM to add guest additions after reboot
+      pkg_cmd << "echo -e 'mount -o loop,ro /home/vagrant/VBoxGuestAdditions_4.2.12.iso /mnt\n" \
+        "echo yes | /mnt/VBoxLinuxAdditions.run\numount /mnt\n" \
+          "rm /root/guest_additions.sh; ' > /root/guest_additions.sh; " \
+        "chmod 700 /root/guest_additions.sh; " \
+        "sed -i -E 's#^exit 0#[ -x /root/guest_additions.sh ] \\&\\& /root/guest_additions.sh#' /etc/rc.local; " \
+        "echo 'Installation of VBox Guest Additions is proceeding in the background.'; " \
+        "echo '\"vagrant reload\" can be used in about 2 minutes to activate the new guest additions.'; "
+    end
+    # Activate new kernel
+    pkg_cmd << "shutdown -r +1; "
+    config.vm.provision :shell, :inline => pkg_cmd
  end
 end

-Vagrant::VERSION < "1.1.0" and Vagrant::Config.run do |config|
-  v10(config)
-end
-
-Vagrant::VERSION >= "1.1.0" and Vagrant.configure("1") do |config|
-  v10(config)
-end

+# Providers were added on Vagrant >= 1.1.0
 Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
-  config.vm.provider :aws do |aws|
-    config.vm.box = "dummy"
-    config.vm.box_url = "https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box"
+  config.vm.provider :aws do |aws, override|
    aws.access_key_id = ENV["AWS_ACCESS_KEY_ID"]
    aws.secret_access_key = ENV["AWS_SECRET_ACCESS_KEY"]
    aws.keypair_name = ENV["AWS_KEYPAIR_NAME"]
-    aws.ssh_private_key_path = ENV["AWS_SSH_PRIVKEY"]
-    aws.region = "us-east-1"
-    aws.ami = "ami-ae9806c7"
-    aws.ssh_username = "ubuntu"
+    override.ssh.private_key_path = ENV["AWS_SSH_PRIVKEY"]
+    override.ssh.username = "ubuntu"
+    aws.region = AWS_REGION
+    aws.ami    = AWS_AMI
    aws.instance_type = "t1.micro"
  end

  config.vm.provider :rackspace do |rs|
-    config.vm.box = "dummy"
-    config.vm.box_url = "https://github.com/mitchellh/vagrant-rackspace/raw/master/dummy.box"
    config.ssh.private_key_path = ENV["RS_PRIVATE_KEY"]
    rs.username = ENV["RS_USERNAME"]
    rs.api_key  = ENV["RS_API_KEY"]
@@ -50,8 +70,29 @@ Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
    rs.image    = /Ubuntu/
  end

+  config.vm.provider :vmware_fusion do |f, override|
+    override.vm.box = BOX_NAME
+    override.vm.box_url = VF_BOX_URI
+    override.vm.synced_folder ".", "/vagrant", disabled: true
+    f.vmx["displayName"] = "docker"
+  end
+
  config.vm.provider :virtualbox do |vb|
-    config.vm.box = "quantal64_3.5.0-25"
-    config.vm.box_url = "http://get.docker.io/vbox/ubuntu/12.10/quantal64_3.5.0-25.box"
+    config.vm.box = BOX_NAME
+    config.vm.box_url = BOX_URI
  end
 end
+
+if !FORWARD_DOCKER_PORTS.nil?
+    Vagrant::VERSION < "1.1.0" and Vagrant::Config.run do |config|
+        (49000..49900).each do |port|
+            config.vm.forward_port port, port
+        end
+    end
+
+    Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
+        (49000..49900).each do |port|
+            config.vm.network :forwarded_port, :host => port, :guest => port
+        end
+    end
+end
--- a/api.go
+++ b/api.go
@@ -0,0 +1,981 @@
+package docker
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/dotcloud/docker/auth"
+	"github.com/dotcloud/docker/utils"
+	"github.com/gorilla/mux"
+	"io"
+	"io/ioutil"
+	"log"
+	"net"
+	"net/http"
+	"os"
+	"os/exec"
+	"strconv"
+	"strings"
+)
+
+const APIVERSION = 1.4
+const DEFAULTHTTPHOST = "127.0.0.1"
+const DEFAULTHTTPPORT = 4243
+const DEFAULTUNIXSOCKET = "/var/run/docker.sock"
+
+func hijackServer(w http.ResponseWriter) (io.ReadCloser, io.Writer, error) {
+	conn, _, err := w.(http.Hijacker).Hijack()
+	if err != nil {
+		return nil, nil, err
+	}
+	// Flush the options to make sure the client sets the raw mode
+	conn.Write([]byte{})
+	return conn, conn, nil
+}
+
+//If we don't do this, POST method without Content-type (even with empty body) will fail
+func parseForm(r *http.Request) error {
+	if err := r.ParseForm(); err != nil && !strings.HasPrefix(err.Error(), "mime:") {
+		return err
+	}
+	return nil
+}
+
+func parseMultipartForm(r *http.Request) error {
+	if err := r.ParseMultipartForm(4096); err != nil && !strings.HasPrefix(err.Error(), "mime:") {
+		return err
+	}
+	return nil
+}
+
+func httpError(w http.ResponseWriter, err error) {
+	statusCode := http.StatusInternalServerError
+	if strings.HasPrefix(err.Error(), "No such") {
+		statusCode = http.StatusNotFound
+	} else if strings.HasPrefix(err.Error(), "Bad parameter") {
+		statusCode = http.StatusBadRequest
+	} else if strings.HasPrefix(err.Error(), "Conflict") {
+		statusCode = http.StatusConflict
+	} else if strings.HasPrefix(err.Error(), "Impossible") {
+		statusCode = http.StatusNotAcceptable
+	} else if strings.HasPrefix(err.Error(), "Wrong login/password") {
+		statusCode = http.StatusUnauthorized
+	} else if strings.Contains(err.Error(), "hasn't been activated") {
+		statusCode = http.StatusForbidden
+	}
+	utils.Debugf("[error %d] %s", statusCode, err)
+	http.Error(w, err.Error(), statusCode)
+}
+
+func writeJSON(w http.ResponseWriter, b []byte) {
+	w.Header().Set("Content-Type", "application/json")
+	w.Write(b)
+}
+
+func getBoolParam(value string) (bool, error) {
+	if value == "" {
+		return false, nil
+	}
+	ret, err := strconv.ParseBool(value)
+	if err != nil {
+		return false, fmt.Errorf("Bad parameter")
+	}
+	return ret, nil
+}
+
+func postAuth(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	authConfig := &auth.AuthConfig{}
+	err := json.NewDecoder(r.Body).Decode(authConfig)
+	if err != nil {
+		return err
+	}
+	status, err := auth.Login(authConfig)
+	if err != nil {
+		return err
+	}
+	if status != "" {
+		b, err := json.Marshal(&APIAuth{Status: status})
+		if err != nil {
+			return err
+		}
+		writeJSON(w, b)
+		return nil
+	}
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func getVersion(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	m := srv.DockerVersion()
+	b, err := json.Marshal(m)
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func postContainersKill(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+	if err := srv.ContainerKill(name); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func getContainersExport(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+
+	if err := srv.ContainerExport(name, w); err != nil {
+		utils.Debugf("%s", err)
+		return err
+	}
+	return nil
+}
+
+func getImagesJSON(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+
+	all, err := getBoolParam(r.Form.Get("all"))
+	if err != nil {
+		return err
+	}
+	filter := r.Form.Get("filter")
+
+	outs, err := srv.Images(all, filter)
+	if err != nil {
+		return err
+	}
+	b, err := json.Marshal(outs)
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func getImagesViz(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := srv.ImagesViz(w); err != nil {
+		return err
+	}
+	return nil
+}
+
+func getInfo(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	out := srv.DockerInfo()
+	b, err := json.Marshal(out)
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func getEvents(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	sendEvent := func(wf *utils.WriteFlusher, event *utils.JSONMessage) error {
+		b, err := json.Marshal(event)
+		if err != nil {
+			return fmt.Errorf("JSON error")
+		}
+		_, err = wf.Write(b)
+		if err != nil {
+			// On error, evict the listener
+			utils.Debugf("%s", err)
+			srv.Lock()
+			delete(srv.listeners, r.RemoteAddr)
+			srv.Unlock()
+			return err
+		}
+		return nil
+	}
+
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	listener := make(chan utils.JSONMessage)
+	srv.Lock()
+	srv.listeners[r.RemoteAddr] = listener
+	srv.Unlock()
+	since, err := strconv.ParseInt(r.Form.Get("since"), 10, 0)
+	if err != nil {
+		since = 0
+	}
+	w.Header().Set("Content-Type", "application/json")
+	wf := utils.NewWriteFlusher(w)
+	if since != 0 {
+		// If since, send previous events that happened after the timestamp
+		for _, event := range srv.events {
+			if event.Time >= since {
+				err := sendEvent(wf, &event)
+				if err != nil && err.Error() == "JSON error" {
+					continue
+				}
+				if err != nil {
+					return err
+				}
+			}
+		}
+	}
+	for {
+		event := <-listener
+		err := sendEvent(wf, &event)
+		if err != nil && err.Error() == "JSON error" {
+			continue
+		}
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func getImagesHistory(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+	outs, err := srv.ImageHistory(name)
+	if err != nil {
+		return err
+	}
+	b, err := json.Marshal(outs)
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func getContainersChanges(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+	changesStr, err := srv.ContainerChanges(name)
+	if err != nil {
+		return err
+	}
+	b, err := json.Marshal(changesStr)
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func getContainersTop(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if version < 1.4 {
+		return fmt.Errorf("top was improved a lot since 1.3, Please upgrade your docker client.")
+	}
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	name := vars["name"]
+	ps_args := r.Form.Get("ps_args")
+	procsStr, err := srv.ContainerTop(name, ps_args)
+	if err != nil {
+		return err
+	}
+	b, err := json.Marshal(procsStr)
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func getContainersJSON(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	all, err := getBoolParam(r.Form.Get("all"))
+	if err != nil {
+		return err
+	}
+	size, err := getBoolParam(r.Form.Get("size"))
+	if err != nil {
+		return err
+	}
+	since := r.Form.Get("since")
+	before := r.Form.Get("before")
+	n, err := strconv.Atoi(r.Form.Get("limit"))
+	if err != nil {
+		n = -1
+	}
+
+	outs := srv.Containers(all, size, n, since, before)
+	b, err := json.Marshal(outs)
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func postImagesTag(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	repo := r.Form.Get("repo")
+	tag := r.Form.Get("tag")
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+	force, err := getBoolParam(r.Form.Get("force"))
+	if err != nil {
+		return err
+	}
+
+	if err := srv.ContainerTag(name, repo, tag, force); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusCreated)
+	return nil
+}
+
+func postCommit(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	config := &Config{}
+	if err := json.NewDecoder(r.Body).Decode(config); err != nil {
+		utils.Debugf("%s", err)
+	}
+	repo := r.Form.Get("repo")
+	tag := r.Form.Get("tag")
+	container := r.Form.Get("container")
+	author := r.Form.Get("author")
+	comment := r.Form.Get("comment")
+	id, err := srv.ContainerCommit(container, repo, tag, author, comment, config)
+	if err != nil {
+		return err
+	}
+	b, err := json.Marshal(&APIID{id})
+	if err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusCreated)
+	writeJSON(w, b)
+	return nil
+}
+
+// Creates an image from Pull or from Import
+func postImagesCreate(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+
+	src := r.Form.Get("fromSrc")
+	image := r.Form.Get("fromImage")
+	tag := r.Form.Get("tag")
+	repo := r.Form.Get("repo")
+
+	if version > 1.0 {
+		w.Header().Set("Content-Type", "application/json")
+	}
+	sf := utils.NewStreamFormatter(version > 1.0)
+	if image != "" { //pull
+		if err := srv.ImagePull(image, tag, w, sf, &auth.AuthConfig{}); err != nil {
+			if sf.Used() {
+				w.Write(sf.FormatError(err))
+				return nil
+			}
+			return err
+		}
+	} else { //import
+		if err := srv.ImageImport(src, repo, tag, r.Body, w, sf); err != nil {
+			if sf.Used() {
+				w.Write(sf.FormatError(err))
+				return nil
+			}
+			return err
+		}
+	}
+	return nil
+}
+
+func getImagesSearch(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+
+	term := r.Form.Get("term")
+	outs, err := srv.ImagesSearch(term)
+	if err != nil {
+		return err
+	}
+	b, err := json.Marshal(outs)
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func postImagesInsert(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+
+	url := r.Form.Get("url")
+	path := r.Form.Get("path")
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+	if version > 1.0 {
+		w.Header().Set("Content-Type", "application/json")
+	}
+	sf := utils.NewStreamFormatter(version > 1.0)
+	imgID, err := srv.ImageInsert(name, url, path, w, sf)
+	if err != nil {
+		if sf.Used() {
+			w.Write(sf.FormatError(err))
+			return nil
+		}
+	}
+	b, err := json.Marshal(&APIID{ID: imgID})
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func postImagesPush(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	authConfig := &auth.AuthConfig{}
+	if err := json.NewDecoder(r.Body).Decode(authConfig); err != nil {
+		return err
+	}
+	if err := parseForm(r); err != nil {
+		return err
+	}
+
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+	if version > 1.0 {
+		w.Header().Set("Content-Type", "application/json")
+	}
+	sf := utils.NewStreamFormatter(version > 1.0)
+	if err := srv.ImagePush(name, w, sf, authConfig); err != nil {
+		if sf.Used() {
+			w.Write(sf.FormatError(err))
+			return nil
+		}
+		return err
+	}
+	return nil
+}
+
+func postContainersCreate(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	config := &Config{}
+	out := &APIRun{}
+
+	if err := json.NewDecoder(r.Body).Decode(config); err != nil {
+		return err
+	}
+
+	if len(config.Dns) == 0 && len(srv.runtime.Dns) == 0 && utils.CheckLocalDns() {
+		out.Warnings = append(out.Warnings, fmt.Sprintf("Docker detected local DNS server on resolv.conf. Using default external servers: %v", defaultDns))
+		config.Dns = defaultDns
+	}
+
+	id, err := srv.ContainerCreate(config)
+	if err != nil {
+		return err
+	}
+	out.ID = id
+
+	if config.Memory > 0 && !srv.runtime.capabilities.MemoryLimit {
+		log.Println("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.")
+		out.Warnings = append(out.Warnings, "Your kernel does not support memory limit capabilities. Limitation discarded.")
+	}
+	if config.Memory > 0 && !srv.runtime.capabilities.SwapLimit {
+		log.Println("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.")
+		out.Warnings = append(out.Warnings, "Your kernel does not support memory swap capabilities. Limitation discarded.")
+	}
+
+	b, err := json.Marshal(out)
+	if err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusCreated)
+	writeJSON(w, b)
+	return nil
+}
+
+func postContainersRestart(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	t, err := strconv.Atoi(r.Form.Get("t"))
+	if err != nil || t < 0 {
+		t = 10
+	}
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+	if err := srv.ContainerRestart(name, t); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func deleteContainers(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+	removeVolume, err := getBoolParam(r.Form.Get("v"))
+	if err != nil {
+		return err
+	}
+
+	if err := srv.ContainerDestroy(name, removeVolume); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func deleteImages(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+	imgs, err := srv.ImageDelete(name, version > 1.1)
+	if err != nil {
+		return err
+	}
+	if imgs != nil {
+		if len(imgs) != 0 {
+			b, err := json.Marshal(imgs)
+			if err != nil {
+				return err
+			}
+			writeJSON(w, b)
+		} else {
+			return fmt.Errorf("Conflict, %s wasn't deleted", name)
+		}
+	} else {
+		w.WriteHeader(http.StatusNoContent)
+	}
+	return nil
+}
+
+func postContainersStart(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	hostConfig := &HostConfig{}
+
+	// allow a nil body for backwards compatibility
+	if r.Body != nil {
+		if r.Header.Get("Content-Type") == "application/json" {
+			if err := json.NewDecoder(r.Body).Decode(hostConfig); err != nil {
+				return err
+			}
+		}
+	}
+
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+	if err := srv.ContainerStart(name, hostConfig); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func postContainersStop(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	t, err := strconv.Atoi(r.Form.Get("t"))
+	if err != nil || t < 0 {
+		t = 10
+	}
+
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+
+	if err := srv.ContainerStop(name, t); err != nil {
+		return err
+	}
+	w.WriteHeader(http.StatusNoContent)
+	return nil
+}
+
+func postContainersWait(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+	status, err := srv.ContainerWait(name)
+	if err != nil {
+		return err
+	}
+	b, err := json.Marshal(&APIWait{StatusCode: status})
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func postContainersResize(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	height, err := strconv.Atoi(r.Form.Get("h"))
+	if err != nil {
+		return err
+	}
+	width, err := strconv.Atoi(r.Form.Get("w"))
+	if err != nil {
+		return err
+	}
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+	if err := srv.ContainerResize(name, height, width); err != nil {
+		return err
+	}
+	return nil
+}
+
+func postContainersAttach(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	logs, err := getBoolParam(r.Form.Get("logs"))
+	if err != nil {
+		return err
+	}
+	stream, err := getBoolParam(r.Form.Get("stream"))
+	if err != nil {
+		return err
+	}
+	stdin, err := getBoolParam(r.Form.Get("stdin"))
+	if err != nil {
+		return err
+	}
+	stdout, err := getBoolParam(r.Form.Get("stdout"))
+	if err != nil {
+		return err
+	}
+	stderr, err := getBoolParam(r.Form.Get("stderr"))
+	if err != nil {
+		return err
+	}
+
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+
+	if _, err := srv.ContainerInspect(name); err != nil {
+		return err
+	}
+
+	in, out, err := hijackServer(w)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if tcpc, ok := in.(*net.TCPConn); ok {
+			tcpc.CloseWrite()
+		} else {
+			in.Close()
+		}
+	}()
+	defer func() {
+		if tcpc, ok := out.(*net.TCPConn); ok {
+			tcpc.CloseWrite()
+		} else if closer, ok := out.(io.Closer); ok {
+			closer.Close()
+		}
+	}()
+
+	fmt.Fprintf(out, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
+	if err := srv.ContainerAttach(name, logs, stream, stdin, stdout, stderr, in, out); err != nil {
+		fmt.Fprintf(out, "Error: %s\n", err)
+	}
+	return nil
+}
+
+func getContainersByName(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+
+	container, err := srv.ContainerInspect(name)
+	if err != nil {
+		return err
+	}
+	b, err := json.Marshal(container)
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func getImagesByName(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	name := vars["name"]
+
+	image, err := srv.ImageInspect(name)
+	if err != nil {
+		return err
+	}
+	b, err := json.Marshal(image)
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func postImagesGetCache(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	apiConfig := &APIImageConfig{}
+	if err := json.NewDecoder(r.Body).Decode(apiConfig); err != nil {
+		return err
+	}
+
+	image, err := srv.ImageGetCached(apiConfig.ID, apiConfig.Config)
+	if err != nil {
+		return err
+	}
+	if image == nil {
+		w.WriteHeader(http.StatusNotFound)
+		return nil
+	}
+	apiID := &APIID{ID: image.ID}
+	b, err := json.Marshal(apiID)
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func postBuild(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if version < 1.3 {
+		return fmt.Errorf("Multipart upload for build is no longer supported. Please upgrade your docker client.")
+	}
+	remoteURL := r.FormValue("remote")
+	repoName := r.FormValue("t")
+	rawSuppressOutput := r.FormValue("q")
+	tag := ""
+	if strings.Contains(repoName, ":") {
+		remoteParts := strings.Split(repoName, ":")
+		tag = remoteParts[1]
+		repoName = remoteParts[0]
+	}
+
+	var context io.Reader
+
+	if remoteURL == "" {
+		context = r.Body
+	} else if utils.IsGIT(remoteURL) {
+		if !strings.HasPrefix(remoteURL, "git://") {
+			remoteURL = "https://" + remoteURL
+		}
+		root, err := ioutil.TempDir("", "docker-build-git")
+		if err != nil {
+			return err
+		}
+		defer os.RemoveAll(root)
+
+		if output, err := exec.Command("git", "clone", remoteURL, root).CombinedOutput(); err != nil {
+			return fmt.Errorf("Error trying to use git: %s (%s)", err, output)
+		}
+
+		c, err := Tar(root, Bzip2)
+		if err != nil {
+			return err
+		}
+		context = c
+	} else if utils.IsURL(remoteURL) {
+		f, err := utils.Download(remoteURL, ioutil.Discard)
+		if err != nil {
+			return err
+		}
+		defer f.Body.Close()
+		dockerFile, err := ioutil.ReadAll(f.Body)
+		if err != nil {
+			return err
+		}
+		c, err := mkBuildContext(string(dockerFile), nil)
+		if err != nil {
+			return err
+		}
+		context = c
+	}
+
+	suppressOutput, err := getBoolParam(rawSuppressOutput)
+	if err != nil {
+		return err
+	}
+
+	b := NewBuildFile(srv, utils.NewWriteFlusher(w), !suppressOutput)
+	id, err := b.Build(context)
+	if err != nil {
+		fmt.Fprintf(w, "Error build: %s\n", err)
+		return err
+	}
+	if repoName != "" {
+		srv.runtime.repositories.Set(repoName, tag, id, false)
+	}
+	return nil
+}
+
+func optionsHandler(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	w.WriteHeader(http.StatusOK)
+	return nil
+}
+func writeCorsHeaders(w http.ResponseWriter, r *http.Request) {
+	w.Header().Add("Access-Control-Allow-Origin", "*")
+	w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
+	w.Header().Add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS")
+}
+
+func createRouter(srv *Server, logging bool) (*mux.Router, error) {
+	r := mux.NewRouter()
+
+	m := map[string]map[string]func(*Server, float64, http.ResponseWriter, *http.Request, map[string]string) error{
+		"GET": {
+			"/events":                       getEvents,
+			"/info":                         getInfo,
+			"/version":                      getVersion,
+			"/images/json":                  getImagesJSON,
+			"/images/viz":                   getImagesViz,
+			"/images/search":                getImagesSearch,
+			"/images/{name:.*}/history":     getImagesHistory,
+			"/images/{name:.*}/json":        getImagesByName,
+			"/containers/ps":                getContainersJSON,
+			"/containers/json":              getContainersJSON,
+			"/containers/{name:.*}/export":  getContainersExport,
+			"/containers/{name:.*}/changes": getContainersChanges,
+			"/containers/{name:.*}/json":    getContainersByName,
+			"/containers/{name:.*}/top":     getContainersTop,
+		},
+		"POST": {
+			"/auth":                         postAuth,
+			"/commit":                       postCommit,
+			"/build":                        postBuild,
+			"/images/create":                postImagesCreate,
+			"/images/{name:.*}/insert":      postImagesInsert,
+			"/images/{name:.*}/push":        postImagesPush,
+			"/images/{name:.*}/tag":         postImagesTag,
+			"/images/getCache":              postImagesGetCache,
+			"/containers/create":            postContainersCreate,
+			"/containers/{name:.*}/kill":    postContainersKill,
+			"/containers/{name:.*}/restart": postContainersRestart,
+			"/containers/{name:.*}/start":   postContainersStart,
+			"/containers/{name:.*}/stop":    postContainersStop,
+			"/containers/{name:.*}/wait":    postContainersWait,
+			"/containers/{name:.*}/resize":  postContainersResize,
+			"/containers/{name:.*}/attach":  postContainersAttach,
+		},
+		"DELETE": {
+			"/containers/{name:.*}": deleteContainers,
+			"/images/{name:.*}":     deleteImages,
+		},
+		"OPTIONS": {
+			"": optionsHandler,
+		},
+	}
+
+	for method, routes := range m {
+		for route, fct := range routes {
+			utils.Debugf("Registering %s, %s", method, route)
+			// NOTE: scope issue, make sure the variables are local and won't be changed
+			localRoute := route
+			localMethod := method
+			localFct := fct
+			f := func(w http.ResponseWriter, r *http.Request) {
+				utils.Debugf("Calling %s %s from %s", localMethod, localRoute, r.RemoteAddr)
+
+				if logging {
+					log.Println(r.Method, r.RequestURI)
+				}
+				if strings.Contains(r.Header.Get("User-Agent"), "Docker-Client/") {
+					userAgent := strings.Split(r.Header.Get("User-Agent"), "/")
+					if len(userAgent) == 2 && userAgent[1] != VERSION {
+						utils.Debugf("Warning: client and server don't have the same version (client: %s, server: %s)", userAgent[1], VERSION)
+					}
+				}
+				version, err := strconv.ParseFloat(mux.Vars(r)["version"], 64)
+				if err != nil {
+					version = APIVERSION
+				}
+				if srv.enableCors {
+					writeCorsHeaders(w, r)
+				}
+				if version == 0 || version > APIVERSION {
+					w.WriteHeader(http.StatusNotFound)
+					return
+				}
+
+				if err := localFct(srv, version, w, r, mux.Vars(r)); err != nil {
+					httpError(w, err)
+				}
+			}
+
+			if localRoute == "" {
+				r.Methods(localMethod).HandlerFunc(f)
+			} else {
+				r.Path("/v{version:[0-9.]+}" + localRoute).Methods(localMethod).HandlerFunc(f)
+				r.Path(localRoute).Methods(localMethod).HandlerFunc(f)
+			}
+		}
+	}
+	return r, nil
+}
+
+func ListenAndServe(proto, addr string, srv *Server, logging bool) error {
+	log.Printf("Listening for HTTP on %s (%s)\n", addr, proto)
+
+	r, err := createRouter(srv, logging)
+	if err != nil {
+		return err
+	}
+	l, e := net.Listen(proto, addr)
+	if e != nil {
+		return e
+	}
+	if proto == "unix" {
+		os.Chmod(addr, 0700)
+	}
+	httpSrv := http.Server{Addr: addr, Handler: r}
+	return httpSrv.Serve(l)
+}
--- a/api_params.go
+++ b/api_params.go
@@ -0,0 +1,88 @@
+package docker
+
+type APIHistory struct {
+	ID        string   `json:"Id"`
+	Tags      []string `json:",omitempty"`
+	Created   int64
+	CreatedBy string `json:",omitempty"`
+}
+
+type APIImages struct {
+	Repository  string `json:",omitempty"`
+	Tag         string `json:",omitempty"`
+	ID          string `json:"Id"`
+	Created     int64
+	Size        int64
+	VirtualSize int64
+}
+
+type APIInfo struct {
+	Debug           bool
+	Containers      int
+	Images          int
+	NFd             int    `json:",omitempty"`
+	NGoroutines     int    `json:",omitempty"`
+	MemoryLimit     bool   `json:",omitempty"`
+	SwapLimit       bool   `json:",omitempty"`
+	LXCVersion      string `json:",omitempty"`
+	NEventsListener int    `json:",omitempty"`
+	KernelVersion   string `json:",omitempty"`
+}
+
+type APITop struct {
+	Titles    []string
+	Processes [][]string
+}
+
+type APIRmi struct {
+	Deleted  string `json:",omitempty"`
+	Untagged string `json:",omitempty"`
+}
+
+type APIContainers struct {
+	ID         string `json:"Id"`
+	Image      string
+	Command    string
+	Created    int64
+	Status     string
+	Ports      string
+	SizeRw     int64
+	SizeRootFs int64
+}
+
+type APISearch struct {
+	Name        string
+	Description string
+}
+
+type APIID struct {
+	ID string `json:"Id"`
+}
+
+type APIRun struct {
+	ID       string   `json:"Id"`
+	Warnings []string `json:",omitempty"`
+}
+
+type APIPort struct {
+	Port string
+}
+
+type APIVersion struct {
+	Version   string
+	GitCommit string `json:",omitempty"`
+	GoVersion string `json:",omitempty"`
+}
+
+type APIWait struct {
+	StatusCode int
+}
+
+type APIAuth struct {
+	Status string
+}
+
+type APIImageConfig struct {
+	ID string `json:"Id"`
+	*Config
+}
--- a/api_test.go
+++ b/api_test.go
--- a/archive.go
+++ b/archive.go
@@ -1,10 +1,16 @@
 package docker

 import (
-	"errors"
+	"archive/tar"
+	"bytes"
+	"fmt"
+	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
+	"os"
 	"os/exec"
+	"path"
+	"path/filepath"
 )

 type Archive io.Reader
@@ -18,6 +24,33 @@ const (
 	Xz
 )

+func DetectCompression(source []byte) Compression {
+	sourceLen := len(source)
+	for compression, m := range map[Compression][]byte{
+		Bzip2: {0x42, 0x5A, 0x68},
+		Gzip:  {0x1F, 0x8B, 0x08},
+		Xz:    {0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00},
+	} {
+		fail := false
+		if len(m) > sourceLen {
+			utils.Debugf("Len too short")
+			continue
+		}
+		i := 0
+		for _, b := range m {
+			if b != source[i] {
+				fail = true
+				break
+			}
+			i++
+		}
+		if !fail {
+			return compression
+		}
+	}
+	return Uncompressed
+}
+
 func (compression *Compression) Flag() string {
 	switch *compression {
 	case Bzip2:
@@ -30,21 +63,167 @@ func (compression *Compression) Flag() string {
 	return ""
 }

-func Tar(path string, compression Compression) (io.Reader, error) {
-	cmd := exec.Command("bsdtar", "-f", "-", "-C", path, "-c"+compression.Flag(), ".")
-	return CmdStream(cmd)
+func (compression *Compression) Extension() string {
+	switch *compression {
+	case Uncompressed:
+		return "tar"
+	case Bzip2:
+		return "tar.bz2"
+	case Gzip:
+		return "tar.gz"
+	case Xz:
+		return "tar.xz"
+	}
+	return ""
 }

+// Tar creates an archive from the directory at `path`, and returns it as a
+// stream of bytes.
+func Tar(path string, compression Compression) (io.Reader, error) {
+	return TarFilter(path, compression, nil)
+}
+
+// Tar creates an archive from the directory at `path`, only including files whose relative
+// paths are included in `filter`. If `filter` is nil, then all files are included.
+func TarFilter(path string, compression Compression, filter []string) (io.Reader, error) {
+	args := []string{"tar", "--numeric-owner", "-f", "-", "-C", path}
+	if filter == nil {
+		filter = []string{"."}
+	}
+	for _, f := range filter {
+		args = append(args, "-c"+compression.Flag(), f)
+	}
+	return CmdStream(exec.Command(args[0], args[1:]...))
+}
+
+// Untar reads a stream of bytes from `archive`, parses it as a tar archive,
+// and unpacks it into the directory at `path`.
+// The archive may be compressed with one of the following algorithgms:
+//  identity (uncompressed), gzip, bzip2, xz.
+// FIXME: specify behavior when target path exists vs. doesn't exist.
 func Untar(archive io.Reader, path string) error {
-	cmd := exec.Command("bsdtar", "-f", "-", "-C", path, "-x")
-	cmd.Stdin = archive
+	if archive == nil {
+		return fmt.Errorf("Empty archive")
+	}
+
+	buf := make([]byte, 10)
+	totalN := 0
+	for totalN < 10 {
+		if n, err := archive.Read(buf[totalN:]); err != nil {
+			if err == io.EOF {
+				return fmt.Errorf("Tarball too short")
+			}
+			return err
+		} else {
+			totalN += n
+			utils.Debugf("[tar autodetect] n: %d", n)
+		}
+	}
+	compression := DetectCompression(buf)
+
+	utils.Debugf("Archive compression detected: %s", compression.Extension())
+
+	cmd := exec.Command("tar", "--numeric-owner", "-f", "-", "-C", path, "-x"+compression.Flag())
+	cmd.Stdin = io.MultiReader(bytes.NewReader(buf), archive)
+	// Hardcode locale environment for predictable outcome regardless of host configuration.
+	//   (see https://github.com/dotcloud/docker/issues/355)
+	cmd.Env = []string{"LANG=en_US.utf-8", "LC_ALL=en_US.utf-8"}
 	output, err := cmd.CombinedOutput()
 	if err != nil {
-		return errors.New(err.Error() + ": " + string(output))
+		return fmt.Errorf("%s: %s", err, output)
 	}
 	return nil
 }

+// TarUntar is a convenience function which calls Tar and Untar, with
+// the output of one piped into the other. If either Tar or Untar fails,
+// TarUntar aborts and returns the error.
+func TarUntar(src string, filter []string, dst string) error {
+	utils.Debugf("TarUntar(%s %s %s)", src, filter, dst)
+	archive, err := TarFilter(src, Uncompressed, filter)
+	if err != nil {
+		return err
+	}
+	return Untar(archive, dst)
+}
+
+// UntarPath is a convenience function which looks for an archive
+// at filesystem path `src`, and unpacks it at `dst`.
+func UntarPath(src, dst string) error {
+	if archive, err := os.Open(src); err != nil {
+		return err
+	} else if err := Untar(archive, dst); err != nil {
+		return err
+	}
+	return nil
+}
+
+// CopyWithTar creates a tar archive of filesystem path `src`, and
+// unpacks it at filesystem path `dst`.
+// The archive is streamed directly with fixed buffering and no
+// intermediary disk IO.
+//
+func CopyWithTar(src, dst string) error {
+	srcSt, err := os.Stat(src)
+	if err != nil {
+		return err
+	}
+	if !srcSt.IsDir() {
+		return CopyFileWithTar(src, dst)
+	}
+	// Create dst, copy src's content into it
+	utils.Debugf("Creating dest directory: %s", dst)
+	if err := os.MkdirAll(dst, 0700); err != nil && !os.IsExist(err) {
+		return err
+	}
+	utils.Debugf("Calling TarUntar(%s, %s)", src, dst)
+	return TarUntar(src, nil, dst)
+}
+
+// CopyFileWithTar emulates the behavior of the 'cp' command-line
+// for a single file. It copies a regular file from path `src` to
+// path `dst`, and preserves all its metadata.
+//
+// If `dst` ends with a trailing slash '/', the final destination path
+// will be `dst/base(src)`.
+func CopyFileWithTar(src, dst string) error {
+	utils.Debugf("CopyFileWithTar(%s, %s)", src, dst)
+	srcSt, err := os.Stat(src)
+	if err != nil {
+		return err
+	}
+	if srcSt.IsDir() {
+		return fmt.Errorf("Can't copy a directory")
+	}
+	// Clean up the trailing /
+	if dst[len(dst)-1] == '/' {
+		dst = path.Join(dst, filepath.Base(src))
+	}
+	// Create the holding directory if necessary
+	if err := os.MkdirAll(filepath.Dir(dst), 0700); err != nil && !os.IsExist(err) {
+		return err
+	}
+	buf := new(bytes.Buffer)
+	tw := tar.NewWriter(buf)
+	hdr, err := tar.FileInfoHeader(srcSt, "")
+	if err != nil {
+		return err
+	}
+	hdr.Name = filepath.Base(dst)
+	if err := tw.WriteHeader(hdr); err != nil {
+		return err
+	}
+	srcF, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	if _, err := io.Copy(tw, srcF); err != nil {
+		return err
+	}
+	tw.Close()
+	return Untar(buf, filepath.Dir(dst))
+}
+
 // CmdStream executes a command, and returns its stdout as a stream.
 // If the command fails to run or doesn't complete successfully, an error
 // will be returned, including anything written on stderr.
@@ -75,7 +254,7 @@ func CmdStream(cmd *exec.Cmd) (io.Reader, error) {
 		}
 		errText := <-errChan
 		if err := cmd.Wait(); err != nil {
-			pipeW.CloseWithError(errors.New(err.Error() + ": " + string(errText)))
+			pipeW.CloseWithError(fmt.Errorf("%s: %s", err, errText))
 		} else {
 			pipeW.Close()
 		}
@@ -86,3 +265,38 @@ func CmdStream(cmd *exec.Cmd) (io.Reader, error) {
 	}
 	return pipeR, nil
 }
+
+// NewTempArchive reads the content of src into a temporary file, and returns the contents
+// of that file as an archive. The archive can only be read once - as soon as reading completes,
+// the file will be deleted.
+func NewTempArchive(src Archive, dir string) (*TempArchive, error) {
+	f, err := ioutil.TempFile(dir, "")
+	if err != nil {
+		return nil, err
+	}
+	if _, err := io.Copy(f, src); err != nil {
+		return nil, err
+	}
+	if _, err := f.Seek(0, 0); err != nil {
+		return nil, err
+	}
+	st, err := f.Stat()
+	if err != nil {
+		return nil, err
+	}
+	size := st.Size()
+	return &TempArchive{f, size}, nil
+}
+
+type TempArchive struct {
+	*os.File
+	Size int64 // Pre-computed from Stat().Size() as a convenience
+}
+
+func (archive *TempArchive) Read(data []byte) (int, error) {
+	n, err := archive.File.Read(data)
+	if err != nil {
+		os.Remove(archive.File.Name())
+	}
+	return n, err
+}
--- a/archive_test.go
+++ b/archive_test.go
@@ -1,10 +1,13 @@
 package docker

 import (
+	"bytes"
+	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
 	"os/exec"
+	"path"
 	"testing"
 	"time"
 )
@@ -13,7 +16,7 @@ func TestCmdStreamLargeStderr(t *testing.T) {
 	cmd := exec.Command("/bin/sh", "-c", "dd if=/dev/zero bs=1k count=1000 of=/dev/stderr; echo hello")
 	out, err := CmdStream(cmd)
 	if err != nil {
-		t.Fatalf("Failed to start command: " + err.Error())
+		t.Fatalf("Failed to start command: %s", err)
 	}
 	errCh := make(chan error)
 	go func() {
@@ -23,7 +26,7 @@ func TestCmdStreamLargeStderr(t *testing.T) {
 	select {
 	case err := <-errCh:
 		if err != nil {
-			t.Fatalf("Command should not have failed (err=%s...)", err.Error()[:100])
+			t.Fatalf("Command should not have failed (err=%.100s...)", err)
 		}
 	case <-time.After(5 * time.Second):
 		t.Fatalf("Command did not complete in 5 seconds; probable deadlock")
@@ -34,12 +37,12 @@ func TestCmdStreamBad(t *testing.T) {
 	badCmd := exec.Command("/bin/sh", "-c", "echo hello; echo >&2 error couldn\\'t reverse the phase pulser; exit 1")
 	out, err := CmdStream(badCmd)
 	if err != nil {
-		t.Fatalf("Failed to start command: " + err.Error())
+		t.Fatalf("Failed to start command: %s", err)
 	}
 	if output, err := ioutil.ReadAll(out); err == nil {
 		t.Fatalf("Command should have failed")
 	} else if err.Error() != "exit status 1: error couldn't reverse the phase pulser\n" {
-		t.Fatalf("Wrong error value (%s)", err.Error())
+		t.Fatalf("Wrong error value (%s)", err)
 	} else if s := string(output); s != "hello\n" {
 		t.Fatalf("Command output should be '%s', not '%s'", "hello\\n", output)
 	}
@@ -58,20 +61,58 @@ func TestCmdStreamGood(t *testing.T) {
 	}
 }

-func TestTarUntar(t *testing.T) {
-	archive, err := Tar(".", Uncompressed)
+func tarUntar(t *testing.T, origin string, compression Compression) error {
+	archive, err := Tar(origin, compression)
 	if err != nil {
 		t.Fatal(err)
 	}
+
+	buf := make([]byte, 10)
+	if _, err := archive.Read(buf); err != nil {
+		return err
+	}
+	archive = io.MultiReader(bytes.NewReader(buf), archive)
+
+	detectedCompression := DetectCompression(buf)
+	if detectedCompression.Extension() != compression.Extension() {
+		return fmt.Errorf("Wrong compression detected. Actual compression: %s, found %s", compression.Extension(), detectedCompression.Extension())
+	}
+
 	tmp, err := ioutil.TempDir("", "docker-test-untar")
 	if err != nil {
-		t.Fatal(err)
+		return err
 	}
 	defer os.RemoveAll(tmp)
 	if err := Untar(archive, tmp); err != nil {
-		t.Fatal(err)
+		return err
 	}
 	if _, err := os.Stat(tmp); err != nil {
-		t.Fatalf("Error stating %s: %s", tmp, err.Error())
+		return err
+	}
+	return nil
+}
+
+func TestTarUntar(t *testing.T) {
+	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(origin)
+	if err := ioutil.WriteFile(path.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(path.Join(origin, "2"), []byte("welcome!"), 0700); err != nil {
+		t.Fatal(err)
+	}
+
+	for _, c := range []Compression{
+		Uncompressed,
+		Gzip,
+		Bzip2,
+		Xz,
+	} {
+		if err := tarUntar(t, origin, c); err != nil {
+			t.Fatalf("Error tar/untar for compression %s: %s", c.Extension(), err)
+		}
 	}
 }
--- a/auth/MAINTAINERS
+++ b/auth/MAINTAINERS
@@ -0,0 +1 @@
+../registry/MAINTAINERS
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -15,27 +15,33 @@ import (
 // Where we store the config file
 const CONFIGFILE = ".dockercfg"

-// the registry server we want to login against
-const REGISTRY_SERVER = "https://registry.docker.io"
+// Only used for user auth + account creation
+const INDEXSERVER = "https://index.docker.io/v1/"
+
+//const INDEXSERVER = "http://indexstaging-docker.dotcloud.com/"
+
+var (
+	ErrConfigFileMissing = errors.New("The Auth config file is missing")
+)

 type AuthConfig struct {
-	Username string `json:"username"`
-	Password string `json:"password"`
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+	Auth     string `json:"auth"`
 	Email    string `json:"email"`
-	rootPath string `json:-`
 }

-func NewAuthConfig(username, password, email, rootPath string) *AuthConfig {
-	return &AuthConfig{
-		Username: username,
-		Password: password,
-		Email:    email,
-		rootPath: rootPath,
-	}
+type ConfigFile struct {
+	Configs  map[string]AuthConfig `json:"configs,omitempty"`
+	rootPath string
+}
+
+func IndexServerAddress() string {
+	return INDEXSERVER
 }

 // create a base64 encoded auth string to store in config
-func EncodeAuth(authConfig *AuthConfig) string {
+func encodeAuth(authConfig *AuthConfig) string {
 	authStr := authConfig.Username + ":" + authConfig.Password
 	msg := []byte(authStr)
 	encoded := make([]byte, base64.StdEncoding.EncodedLen(len(msg)))
@@ -44,54 +50,89 @@ func EncodeAuth(authConfig *AuthConfig) string {
 }

 // decode the auth string
-func DecodeAuth(authStr string) (*AuthConfig, error) {
+func decodeAuth(authStr string) (string, string, error) {
 	decLen := base64.StdEncoding.DecodedLen(len(authStr))
 	decoded := make([]byte, decLen)
 	authByte := []byte(authStr)
 	n, err := base64.StdEncoding.Decode(decoded, authByte)
 	if err != nil {
-		return nil, err
+		return "", "", err
 	}
 	if n > decLen {
-		return nil, fmt.Errorf("Something went wrong decoding auth config")
+		return "", "", fmt.Errorf("Something went wrong decoding auth config")
 	}
 	arr := strings.Split(string(decoded), ":")
 	if len(arr) != 2 {
-		return nil, fmt.Errorf("Invalid auth configuration file")
+		return "", "", fmt.Errorf("Invalid auth configuration file")
 	}
 	password := strings.Trim(arr[1], "\x00")
-	return &AuthConfig{Username: arr[0], Password: password}, nil
-
+	return arr[0], password, nil
 }

 // load up the auth config information and return values
 // FIXME: use the internal golang config parser
-func LoadConfig(rootPath string) (*AuthConfig, error) {
+func LoadConfig(rootPath string) (*ConfigFile, error) {
+	configFile := ConfigFile{Configs: make(map[string]AuthConfig), rootPath: rootPath}
 	confFile := path.Join(rootPath, CONFIGFILE)
 	if _, err := os.Stat(confFile); err != nil {
-		return &AuthConfig{}, fmt.Errorf("The Auth config file is missing")
+		return &configFile, ErrConfigFileMissing
 	}
 	b, err := ioutil.ReadFile(confFile)
 	if err != nil {
 		return nil, err
 	}
-	arr := strings.Split(string(b), "\n")
-	origAuth := strings.Split(arr[0], " = ")
-	origEmail := strings.Split(arr[1], " = ")
-	authConfig, err := DecodeAuth(origAuth[1])
-	if err != nil {
-		return nil, err
+
+	if err := json.Unmarshal(b, &configFile.Configs); err != nil {
+		arr := strings.Split(string(b), "\n")
+		if len(arr) < 2 {
+			return nil, fmt.Errorf("The Auth config file is empty")
+		}
+		authConfig := AuthConfig{}
+		origAuth := strings.Split(arr[0], " = ")
+		authConfig.Username, authConfig.Password, err = decodeAuth(origAuth[1])
+		if err != nil {
+			return nil, err
+		}
+		origEmail := strings.Split(arr[1], " = ")
+		authConfig.Email = origEmail[1]
+		configFile.Configs[IndexServerAddress()] = authConfig
+	} else {
+		for k, authConfig := range configFile.Configs {
+			authConfig.Username, authConfig.Password, err = decodeAuth(authConfig.Auth)
+			if err != nil {
+				return nil, err
+			}
+			authConfig.Auth = ""
+			configFile.Configs[k] = authConfig
+		}
 	}
-	authConfig.Email = origEmail[1]
-	authConfig.rootPath = rootPath
-	return authConfig, nil
+	return &configFile, nil
 }

 // save the auth config
-func saveConfig(rootPath, authStr string, email string) error {
-	lines := "auth = " + authStr + "\n" + "email = " + email + "\n"
-	b := []byte(lines)
-	err := ioutil.WriteFile(path.Join(rootPath, CONFIGFILE), b, 0600)
+func SaveConfig(configFile *ConfigFile) error {
+	confFile := path.Join(configFile.rootPath, CONFIGFILE)
+	if len(configFile.Configs) == 0 {
+		os.Remove(confFile)
+		return nil
+	}
+
+	configs := make(map[string]AuthConfig, len(configFile.Configs))
+	for k, authConfig := range configFile.Configs {
+		authCopy := authConfig
+
+		authCopy.Auth = encodeAuth(&authCopy)
+		authCopy.Username = ""
+		authCopy.Password = ""
+
+		configs[k] = authCopy
+	}
+
+	b, err := json.Marshal(configs)
+	if err != nil {
+		return err
+	}
+	err = ioutil.WriteFile(confFile, b, 0600)
 	if err != nil {
 		return err
 	}
@@ -100,41 +141,37 @@ func saveConfig(rootPath, authStr string, email string) error {

 // try to register/login to the registry server
 func Login(authConfig *AuthConfig) (string, error) {
-	storeConfig := false
+	client := &http.Client{}
 	reqStatusCode := 0
 	var status string
-	var errMsg string
 	var reqBody []byte
 	jsonBody, err := json.Marshal(authConfig)
 	if err != nil {
-		errMsg = fmt.Sprintf("Config Error: %s", err)
-		return "", errors.New(errMsg)
+		return "", fmt.Errorf("Config Error: %s", err)
 	}

 	// using `bytes.NewReader(jsonBody)` here causes the server to respond with a 411 status.
 	b := strings.NewReader(string(jsonBody))
-	req1, err := http.Post(REGISTRY_SERVER+"/v1/users", "application/json; charset=utf-8", b)
+	req1, err := http.Post(IndexServerAddress()+"users/", "application/json; charset=utf-8", b)
 	if err != nil {
-		errMsg = fmt.Sprintf("Server Error: %s", err)
-		return "", errors.New(errMsg)
+		return "", fmt.Errorf("Server Error: %s", err)
 	}
-
 	reqStatusCode = req1.StatusCode
 	defer req1.Body.Close()
 	reqBody, err = ioutil.ReadAll(req1.Body)
 	if err != nil {
-		errMsg = fmt.Sprintf("Server Error: [%#v] %s", reqStatusCode, err)
-		return "", errors.New(errMsg)
+		return "", fmt.Errorf("Server Error: [%#v] %s", reqStatusCode, err)
 	}

 	if reqStatusCode == 201 {
-		status = "Account Created\n"
-		storeConfig = true
+		status = "Account created. Please use the confirmation link we sent" +
+			" to your e-mail to activate it."
+	} else if reqStatusCode == 403 {
+		return "", fmt.Errorf("Login: Your account hasn't been activated. " +
+			"Please check your e-mail for a confirmation link.")
 	} else if reqStatusCode == 400 {
-		// FIXME: This should be 'exists', not 'exist'. Need to change on the server first.
-		if string(reqBody) == "Username or email already exist" {
-			client := &http.Client{}
-			req, err := http.NewRequest("GET", REGISTRY_SERVER+"/v1/users", nil)
+		if string(reqBody) == "\"Username or email already exists\"" {
+			req, err := http.NewRequest("GET", IndexServerAddress()+"users/", nil)
 			req.SetBasicAuth(authConfig.Username, authConfig.Password)
 			resp, err := client.Do(req)
 			if err != nil {
@@ -146,23 +183,18 @@ func Login(authConfig *AuthConfig) (string, error) {
 				return "", err
 			}
 			if resp.StatusCode == 200 {
-				status = "Login Succeeded\n"
-				storeConfig = true
+				status = "Login Succeeded"
+			} else if resp.StatusCode == 401 {
+				return "", fmt.Errorf("Wrong login/password, please try again")
 			} else {
-				status = fmt.Sprintf("Login: %s", body)
-				return "", errors.New(status)
+				return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,
+					resp.StatusCode, resp.Header)
 			}
 		} else {
-			status = fmt.Sprintf("Registration: %s", reqBody)
-			return "", errors.New(status)
+			return "", fmt.Errorf("Registration: %s", reqBody)
 		}
 	} else {
-		status = fmt.Sprintf("[%s] : %s", reqStatusCode, reqBody)
-		return "", errors.New(status)
-	}
-	if storeConfig {
-		authStr := EncodeAuth(authConfig)
-		saveConfig(authConfig.rootPath, authStr, authConfig.Email)
+		return "", fmt.Errorf("Unexpected status code [%d] : %s", reqStatusCode, reqBody)
 	}
 	return status, nil
 }
--- a/auth/auth_test.go
+++ b/auth/auth_test.go
@@ -1,13 +1,20 @@
 package auth

 import (
+	"crypto/rand"
+	"encoding/hex"
+	"io/ioutil"
+	"os"
+	"strings"
 	"testing"
 )

 func TestEncodeAuth(t *testing.T) {
 	newAuthConfig := &AuthConfig{Username: "ken", Password: "test", Email: "test@example.com"}
-	authStr := EncodeAuth(newAuthConfig)
-	decAuthConfig, err := DecodeAuth(authStr)
+	authStr := encodeAuth(newAuthConfig)
+	decAuthConfig := &AuthConfig{}
+	var err error
+	decAuthConfig.Username, decAuthConfig.Password, err = decodeAuth(authStr)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -21,3 +28,85 @@ func TestEncodeAuth(t *testing.T) {
 		t.Fatal("AuthString encoding isn't correct.")
 	}
 }
+
+func TestLogin(t *testing.T) {
+	os.Setenv("DOCKER_INDEX_URL", "https://indexstaging-docker.dotcloud.com")
+	defer os.Setenv("DOCKER_INDEX_URL", "")
+	authConfig := &AuthConfig{Username: "unittester", Password: "surlautrerivejetattendrai", Email: "noise+unittester@dotcloud.com"}
+	status, err := Login(authConfig)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if status != "Login Succeeded" {
+		t.Fatalf("Expected status \"Login Succeeded\", found \"%s\" instead", status)
+	}
+}
+
+func TestCreateAccount(t *testing.T) {
+	os.Setenv("DOCKER_INDEX_URL", "https://indexstaging-docker.dotcloud.com")
+	defer os.Setenv("DOCKER_INDEX_URL", "")
+	tokenBuffer := make([]byte, 16)
+	_, err := rand.Read(tokenBuffer)
+	if err != nil {
+		t.Fatal(err)
+	}
+	token := hex.EncodeToString(tokenBuffer)[:12]
+	username := "ut" + token
+	authConfig := &AuthConfig{Username: username, Password: "test42", Email: "docker-ut+" + token + "@example.com"}
+	status, err := Login(authConfig)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expectedStatus := "Account created. Please use the confirmation link we sent" +
+		" to your e-mail to activate it."
+	if status != expectedStatus {
+		t.Fatalf("Expected status: \"%s\", found \"%s\" instead.", expectedStatus, status)
+	}
+
+	status, err = Login(authConfig)
+	if err == nil {
+		t.Fatalf("Expected error but found nil instead")
+	}
+
+	expectedError := "Login: Account is not Active"
+
+	if !strings.Contains(err.Error(), expectedError) {
+		t.Fatalf("Expected message \"%s\" but found \"%s\" instead", expectedError, err)
+	}
+}
+
+func TestSameAuthDataPostSave(t *testing.T) {
+	root, err := ioutil.TempDir("", "docker-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	configFile := &ConfigFile{
+		rootPath: root,
+		Configs:  make(map[string]AuthConfig, 1),
+	}
+
+	configFile.Configs["testIndex"] = AuthConfig{
+		Username: "docker-user",
+		Password: "docker-pass",
+		Email:    "docker@docker.io",
+	}
+
+	err = SaveConfig(configFile)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	authConfig := configFile.Configs["testIndex"]
+	if authConfig.Username != "docker-user" {
+		t.Fail()
+	}
+	if authConfig.Password != "docker-pass" {
+		t.Fail()
+	}
+	if authConfig.Email != "docker@docker.io" {
+		t.Fail()
+	}
+	if authConfig.Auth != "" {
+		t.Fail()
+	}
+}
--- a/builder.go
+++ b/builder.go
@@ -0,0 +1,147 @@
+package docker
+
+import (
+	"fmt"
+	"github.com/dotcloud/docker/utils"
+	"os"
+	"path"
+	"time"
+)
+
+var defaultDns = []string{"8.8.8.8", "8.8.4.4"}
+
+type Builder struct {
+	runtime      *Runtime
+	repositories *TagStore
+	graph        *Graph
+
+	config *Config
+	image  *Image
+}
+
+func NewBuilder(runtime *Runtime) *Builder {
+	return &Builder{
+		runtime:      runtime,
+		graph:        runtime.graph,
+		repositories: runtime.repositories,
+	}
+}
+
+func (builder *Builder) Create(config *Config) (*Container, error) {
+	// Lookup image
+	img, err := builder.repositories.LookupImage(config.Image)
+	if err != nil {
+		return nil, err
+	}
+
+	if img.Config != nil {
+		MergeConfig(config, img.Config)
+	}
+
+	if config.Cmd == nil || len(config.Cmd) == 0 {
+		return nil, fmt.Errorf("No command specified")
+	}
+
+	// Generate id
+	id := GenerateID()
+	// Generate default hostname
+	// FIXME: the lxc template no longer needs to set a default hostname
+	if config.Hostname == "" {
+		config.Hostname = id[:12]
+	}
+
+	var args []string
+	var entrypoint string
+
+	if len(config.Entrypoint) != 0 {
+		entrypoint = config.Entrypoint[0]
+		args = append(config.Entrypoint[1:], config.Cmd...)
+	} else {
+		entrypoint = config.Cmd[0]
+		args = config.Cmd[1:]
+	}
+
+	container := &Container{
+		// FIXME: we should generate the ID here instead of receiving it as an argument
+		ID:              id,
+		Created:         time.Now(),
+		Path:            entrypoint,
+		Args:            args, //FIXME: de-duplicate from config
+		Config:          config,
+		Image:           img.ID, // Always use the resolved image id
+		NetworkSettings: &NetworkSettings{},
+		// FIXME: do we need to store this in the container?
+		SysInitPath: sysInitPath,
+	}
+	container.root = builder.runtime.containerRoot(container.ID)
+	// Step 1: create the container directory.
+	// This doubles as a barrier to avoid race conditions.
+	if err := os.Mkdir(container.root, 0700); err != nil {
+		return nil, err
+	}
+
+	if len(config.Dns) == 0 && len(builder.runtime.Dns) == 0 && utils.CheckLocalDns() {
+		//"WARNING: Docker detected local DNS server on resolv.conf. Using default external servers: %v", defaultDns
+		builder.runtime.Dns = defaultDns
+	}
+
+	// If custom dns exists, then create a resolv.conf for the container
+	if len(config.Dns) > 0 || len(builder.runtime.Dns) > 0 {
+		var dns []string
+		if len(config.Dns) > 0 {
+			dns = config.Dns
+		} else {
+			dns = builder.runtime.Dns
+		}
+		container.ResolvConfPath = path.Join(container.root, "resolv.conf")
+		f, err := os.Create(container.ResolvConfPath)
+		if err != nil {
+			return nil, err
+		}
+		defer f.Close()
+		for _, dns := range dns {
+			if _, err := f.Write([]byte("nameserver " + dns + "\n")); err != nil {
+				return nil, err
+			}
+		}
+	} else {
+		container.ResolvConfPath = "/etc/resolv.conf"
+	}
+
+	// Step 2: save the container json
+	if err := container.ToDisk(); err != nil {
+		return nil, err
+	}
+	// Step 3: register the container
+	if err := builder.runtime.Register(container); err != nil {
+		return nil, err
+	}
+	return container, nil
+}
+
+// Commit creates a new filesystem image from the current state of a container.
+// The image can optionally be tagged into a repository
+func (builder *Builder) Commit(container *Container, repository, tag, comment, author string, config *Config) (*Image, error) {
+	// FIXME: freeze the container before copying it to avoid data corruption?
+	// FIXME: this shouldn't be in commands.
+	if err := container.EnsureMounted(); err != nil {
+		return nil, err
+	}
+
+	rwTar, err := container.ExportRw()
+	if err != nil {
+		return nil, err
+	}
+	// Create a new image from the container's base layers + a new layer from container changes
+	img, err := builder.graph.Create(rwTar, container, comment, author, config)
+	if err != nil {
+		return nil, err
+	}
+	// Register the image if needed
+	if repository != "" {
+		if err := builder.repositories.Set(repository, tag, img.ID, true); err != nil {
+			return img, err
+		}
+	}
+	return img, nil
+}
--- a/buildfile.go
+++ b/buildfile.go
@@ -0,0 +1,517 @@
+package docker
+
+import (
+	"bufio"
+	"encoding/json"
+	"fmt"
+	"github.com/dotcloud/docker/utils"
+	"io"
+	"io/ioutil"
+	"net/url"
+	"os"
+	"path"
+	"reflect"
+	"regexp"
+	"strings"
+)
+
+type BuildFile interface {
+	Build(io.Reader) (string, error)
+	CmdFrom(string) error
+	CmdRun(string) error
+}
+
+type buildFile struct {
+	runtime *Runtime
+	builder *Builder
+	srv     *Server
+
+	image      string
+	maintainer string
+	config     *Config
+	context    string
+	verbose    bool
+
+	tmpContainers map[string]struct{}
+	tmpImages     map[string]struct{}
+
+	out io.Writer
+}
+
+func (b *buildFile) clearTmp(containers, images map[string]struct{}) {
+	for c := range containers {
+		tmp := b.runtime.Get(c)
+		b.runtime.Destroy(tmp)
+		utils.Debugf("Removing container %s", c)
+	}
+	for i := range images {
+		b.runtime.graph.Delete(i)
+		utils.Debugf("Removing image %s", i)
+	}
+}
+
+func (b *buildFile) CmdFrom(name string) error {
+	image, err := b.runtime.repositories.LookupImage(name)
+	if err != nil {
+		if b.runtime.graph.IsNotExist(err) {
+			remote, tag := utils.ParseRepositoryTag(name)
+			if err := b.srv.ImagePull(remote, tag, b.out, utils.NewStreamFormatter(false), nil); err != nil {
+				return err
+			}
+			image, err = b.runtime.repositories.LookupImage(name)
+			if err != nil {
+				return err
+			}
+		} else {
+			return err
+		}
+	}
+	b.image = image.ID
+	b.config = &Config{}
+	if b.config.Env == nil || len(b.config.Env) == 0 {
+		b.config.Env = append(b.config.Env, "HOME=/", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin")
+	}
+	return nil
+}
+
+func (b *buildFile) CmdMaintainer(name string) error {
+	b.maintainer = name
+	return b.commit("", b.config.Cmd, fmt.Sprintf("MAINTAINER %s", name))
+}
+
+func (b *buildFile) CmdRun(args string) error {
+	if b.image == "" {
+		return fmt.Errorf("Please provide a source image with `from` prior to run")
+	}
+	config, _, _, err := ParseRun([]string{b.image, "/bin/sh", "-c", args}, nil)
+	if err != nil {
+		return err
+	}
+
+	cmd := b.config.Cmd
+	b.config.Cmd = nil
+	MergeConfig(b.config, config)
+
+	utils.Debugf("Command to be executed: %v", b.config.Cmd)
+
+	if cache, err := b.srv.ImageGetCached(b.image, b.config); err != nil {
+		return err
+	} else if cache != nil {
+		fmt.Fprintf(b.out, " ---> Using cache\n")
+		utils.Debugf("[BUILDER] Use cached version")
+		b.image = cache.ID
+		return nil
+	} else {
+		utils.Debugf("[BUILDER] Cache miss")
+	}
+
+	cid, err := b.run()
+	if err != nil {
+		return err
+	}
+	if err := b.commit(cid, cmd, "run"); err != nil {
+		return err
+	}
+	b.config.Cmd = cmd
+	return nil
+}
+
+func (b *buildFile) FindEnvKey(key string) int {
+	for k, envVar := range b.config.Env {
+		envParts := strings.SplitN(envVar, "=", 2)
+		if key == envParts[0] {
+			return k
+		}
+	}
+	return -1
+}
+
+func (b *buildFile) ReplaceEnvMatches(value string) (string, error) {
+	exp, err := regexp.Compile("(\\\\\\\\+|[^\\\\]|\\b|\\A)\\$({?)([[:alnum:]_]+)(}?)")
+	if err != nil {
+		return value, err
+	}
+	matches := exp.FindAllString(value, -1)
+	for _, match := range matches {
+		match = match[strings.Index(match, "$"):]
+		matchKey := strings.Trim(match, "${}")
+
+		for _, envVar := range b.config.Env {
+			envParts := strings.SplitN(envVar, "=", 2)
+			envKey := envParts[0]
+			envValue := envParts[1]
+
+			if envKey == matchKey {
+				value = strings.Replace(value, match, envValue, -1)
+				break
+			}
+		}
+	}
+	return value, nil
+}
+
+func (b *buildFile) CmdEnv(args string) error {
+	tmp := strings.SplitN(args, " ", 2)
+	if len(tmp) != 2 {
+		return fmt.Errorf("Invalid ENV format")
+	}
+	key := strings.Trim(tmp[0], " \t")
+	value := strings.Trim(tmp[1], " \t")
+
+	envKey := b.FindEnvKey(key)
+	replacedValue, err := b.ReplaceEnvMatches(value)
+	if err != nil {
+		return err
+	}
+	replacedVar := fmt.Sprintf("%s=%s", key, replacedValue)
+
+	if envKey >= 0 {
+		b.config.Env[envKey] = replacedVar
+		return nil
+	}
+	b.config.Env = append(b.config.Env, replacedVar)
+	return b.commit("", b.config.Cmd, fmt.Sprintf("ENV %s", replacedVar))
+}
+
+func (b *buildFile) CmdCmd(args string) error {
+	var cmd []string
+	if err := json.Unmarshal([]byte(args), &cmd); err != nil {
+		utils.Debugf("Error unmarshalling: %s, setting cmd to /bin/sh -c", err)
+		cmd = []string{"/bin/sh", "-c", args}
+	}
+	if err := b.commit("", cmd, fmt.Sprintf("CMD %v", cmd)); err != nil {
+		return err
+	}
+	b.config.Cmd = cmd
+	return nil
+}
+
+func (b *buildFile) CmdExpose(args string) error {
+	ports := strings.Split(args, " ")
+	b.config.PortSpecs = append(ports, b.config.PortSpecs...)
+	return b.commit("", b.config.Cmd, fmt.Sprintf("EXPOSE %v", ports))
+}
+
+func (b *buildFile) CmdInsert(args string) error {
+	return fmt.Errorf("INSERT has been deprecated. Please use ADD instead")
+}
+
+func (b *buildFile) CmdCopy(args string) error {
+	return fmt.Errorf("COPY has been deprecated. Please use ADD instead")
+}
+
+func (b *buildFile) CmdEntrypoint(args string) error {
+	if args == "" {
+		return fmt.Errorf("Entrypoint cannot be empty")
+	}
+
+	var entrypoint []string
+	if err := json.Unmarshal([]byte(args), &entrypoint); err != nil {
+		b.config.Entrypoint = []string{"/bin/sh", "-c", args}
+	} else {
+		b.config.Entrypoint = entrypoint
+	}
+	if err := b.commit("", b.config.Cmd, fmt.Sprintf("ENTRYPOINT %s", args)); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (b *buildFile) CmdVolume(args string) error {
+	if args == "" {
+		return fmt.Errorf("Volume cannot be empty")
+	}
+
+	var volume []string
+	if err := json.Unmarshal([]byte(args), &volume); err != nil {
+		volume = []string{args}
+	}
+	if b.config.Volumes == nil {
+		b.config.Volumes = NewPathOpts()
+	}
+	for _, v := range volume {
+		b.config.Volumes[v] = struct{}{}
+	}
+	if err := b.commit("", b.config.Cmd, fmt.Sprintf("VOLUME %s", args)); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (b *buildFile) addRemote(container *Container, orig, dest string) error {
+	file, err := utils.Download(orig, ioutil.Discard)
+	if err != nil {
+		return err
+	}
+	defer file.Body.Close()
+
+	// If the destination is a directory, figure out the filename.
+	if strings.HasSuffix(dest, "/") {
+		u, err := url.Parse(orig)
+		if err != nil {
+			return err
+		}
+		path := u.Path
+		if strings.HasSuffix(path, "/") {
+			path = path[:len(path)-1]
+		}
+		parts := strings.Split(path, "/")
+		filename := parts[len(parts)-1]
+		if filename == "" {
+			return fmt.Errorf("cannot determine filename from url: %s", u)
+		}
+		dest = dest + filename
+	}
+
+	return container.Inject(file.Body, dest)
+}
+
+func (b *buildFile) addContext(container *Container, orig, dest string) error {
+	origPath := path.Join(b.context, orig)
+	destPath := path.Join(container.RootfsPath(), dest)
+	// Preserve the trailing '/'
+	if strings.HasSuffix(dest, "/") {
+		destPath = destPath + "/"
+	}
+	if !strings.HasPrefix(origPath, b.context) {
+		return fmt.Errorf("Forbidden path: %s", origPath)
+	}
+	fi, err := os.Stat(origPath)
+	if err != nil {
+		return err
+	}
+	if fi.IsDir() {
+		if err := CopyWithTar(origPath, destPath); err != nil {
+			return err
+		}
+		// First try to unpack the source as an archive
+	} else if err := UntarPath(origPath, destPath); err != nil {
+		utils.Debugf("Couldn't untar %s to %s: %s", origPath, destPath, err)
+		// If that fails, just copy it as a regular file
+		if err := os.MkdirAll(path.Dir(destPath), 0755); err != nil {
+			return err
+		}
+		if err := CopyWithTar(origPath, destPath); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (b *buildFile) CmdAdd(args string) error {
+	if b.context == "" {
+		return fmt.Errorf("No context given. Impossible to use ADD")
+	}
+	tmp := strings.SplitN(args, " ", 2)
+	if len(tmp) != 2 {
+		return fmt.Errorf("Invalid ADD format")
+	}
+
+	orig, err := b.ReplaceEnvMatches(strings.Trim(tmp[0], " \t"))
+	if err != nil {
+		return err
+	}
+
+	dest, err := b.ReplaceEnvMatches(strings.Trim(tmp[1], " \t"))
+	if err != nil {
+		return err
+	}
+
+	cmd := b.config.Cmd
+	b.config.Cmd = []string{"/bin/sh", "-c", fmt.Sprintf("#(nop) ADD %s in %s", orig, dest)}
+
+	b.config.Image = b.image
+	// Create the container and start it
+	container, err := b.builder.Create(b.config)
+	if err != nil {
+		return err
+	}
+	b.tmpContainers[container.ID] = struct{}{}
+
+	if err := container.EnsureMounted(); err != nil {
+		return err
+	}
+	defer container.Unmount()
+
+	if utils.IsURL(orig) {
+		if err := b.addRemote(container, orig, dest); err != nil {
+			return err
+		}
+	} else {
+		if err := b.addContext(container, orig, dest); err != nil {
+			return err
+		}
+	}
+
+	if err := b.commit(container.ID, cmd, fmt.Sprintf("ADD %s in %s", orig, dest)); err != nil {
+		return err
+	}
+	b.config.Cmd = cmd
+	return nil
+}
+
+func (b *buildFile) run() (string, error) {
+	if b.image == "" {
+		return "", fmt.Errorf("Please provide a source image with `from` prior to run")
+	}
+	b.config.Image = b.image
+
+	// Create the container and start it
+	c, err := b.builder.Create(b.config)
+	if err != nil {
+		return "", err
+	}
+	b.tmpContainers[c.ID] = struct{}{}
+	fmt.Fprintf(b.out, " ---> Running in %s\n", utils.TruncateID(c.ID))
+
+	// override the entry point that may have been picked up from the base image
+	c.Path = b.config.Cmd[0]
+	c.Args = b.config.Cmd[1:]
+
+	//start the container
+	hostConfig := &HostConfig{}
+	if err := c.Start(hostConfig); err != nil {
+		return "", err
+	}
+
+	if b.verbose {
+		err = <-c.Attach(nil, nil, b.out, b.out)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	// Wait for it to finish
+	if ret := c.Wait(); ret != 0 {
+		return "", fmt.Errorf("The command %v returned a non-zero code: %d", b.config.Cmd, ret)
+	}
+
+	return c.ID, nil
+}
+
+// Commit the container <id> with the autorun command <autoCmd>
+func (b *buildFile) commit(id string, autoCmd []string, comment string) error {
+	if b.image == "" {
+		return fmt.Errorf("Please provide a source image with `from` prior to commit")
+	}
+	b.config.Image = b.image
+	if id == "" {
+		cmd := b.config.Cmd
+		b.config.Cmd = []string{"/bin/sh", "-c", "#(nop) " + comment}
+		defer func(cmd []string) { b.config.Cmd = cmd }(cmd)
+
+		if cache, err := b.srv.ImageGetCached(b.image, b.config); err != nil {
+			return err
+		} else if cache != nil {
+			fmt.Fprintf(b.out, " ---> Using cache\n")
+			utils.Debugf("[BUILDER] Use cached version")
+			b.image = cache.ID
+			return nil
+		} else {
+			utils.Debugf("[BUILDER] Cache miss")
+		}
+		container, err := b.builder.Create(b.config)
+		if err != nil {
+			return err
+		}
+		b.tmpContainers[container.ID] = struct{}{}
+		fmt.Fprintf(b.out, " ---> Running in %s\n", utils.TruncateID(container.ID))
+		id = container.ID
+		if err := container.EnsureMounted(); err != nil {
+			return err
+		}
+		defer container.Unmount()
+	}
+
+	container := b.runtime.Get(id)
+	if container == nil {
+		return fmt.Errorf("An error occured while creating the container")
+	}
+
+	// Note: Actually copy the struct
+	autoConfig := *b.config
+	autoConfig.Cmd = autoCmd
+	// Commit the container
+	image, err := b.builder.Commit(container, "", "", "", b.maintainer, &autoConfig)
+	if err != nil {
+		return err
+	}
+	b.tmpImages[image.ID] = struct{}{}
+	b.image = image.ID
+	return nil
+}
+
+func (b *buildFile) Build(context io.Reader) (string, error) {
+	// FIXME: @creack any reason for using /tmp instead of ""?
+	// FIXME: @creack "name" is a terrible variable name
+	name, err := ioutil.TempDir("/tmp", "docker-build")
+	if err != nil {
+		return "", err
+	}
+	if err := Untar(context, name); err != nil {
+		return "", err
+	}
+	defer os.RemoveAll(name)
+	b.context = name
+	dockerfile, err := os.Open(path.Join(name, "Dockerfile"))
+	if err != nil {
+		return "", fmt.Errorf("Can't build a directory with no Dockerfile")
+	}
+	// FIXME: "file" is also a terrible variable name ;)
+	file := bufio.NewReader(dockerfile)
+	stepN := 0
+	for {
+		line, err := file.ReadString('\n')
+		if err != nil {
+			if err == io.EOF && line == "" {
+				break
+			} else if err != io.EOF {
+				return "", err
+			}
+		}
+		line = strings.Trim(strings.Replace(line, "\t", " ", -1), " \t\r\n")
+		// Skip comments and empty line
+		if len(line) == 0 || line[0] == '#' {
+			continue
+		}
+		tmp := strings.SplitN(line, " ", 2)
+		if len(tmp) != 2 {
+			return "", fmt.Errorf("Invalid Dockerfile format")
+		}
+		instruction := strings.ToLower(strings.Trim(tmp[0], " "))
+		arguments := strings.Trim(tmp[1], " ")
+		stepN += 1
+		// FIXME: only count known instructions as build steps
+		fmt.Fprintf(b.out, "Step %d : %s %s\n", stepN, strings.ToUpper(instruction), arguments)
+
+		method, exists := reflect.TypeOf(b).MethodByName("Cmd" + strings.ToUpper(instruction[:1]) + strings.ToLower(instruction[1:]))
+		if !exists {
+			fmt.Fprintf(b.out, "# Skipping unknown instruction %s\n", strings.ToUpper(instruction))
+			continue
+		}
+		ret := method.Func.Call([]reflect.Value{reflect.ValueOf(b), reflect.ValueOf(arguments)})[0].Interface()
+		if ret != nil {
+			return "", ret.(error)
+		}
+
+		fmt.Fprintf(b.out, " ---> %v\n", utils.TruncateID(b.image))
+	}
+	if b.image != "" {
+		fmt.Fprintf(b.out, "Successfully built %s\n", utils.TruncateID(b.image))
+		return b.image, nil
+	}
+	return "", fmt.Errorf("An error occured during the build\n")
+}
+
+func NewBuildFile(srv *Server, out io.Writer, verbose bool) BuildFile {
+	return &buildFile{
+		builder:       NewBuilder(srv.runtime),
+		runtime:       srv.runtime,
+		srv:           srv,
+		config:        &Config{},
+		out:           out,
+		tmpContainers: make(map[string]struct{}),
+		tmpImages:     make(map[string]struct{}),
+		verbose:       verbose,
+	}
+}
--- a/buildfile_test.go
+++ b/buildfile_test.go
@@ -0,0 +1,376 @@
+package docker
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+)
+
+// mkTestContext generates a build context from the contents of the provided dockerfile.
+// This context is suitable for use as an argument to BuildFile.Build()
+func mkTestContext(dockerfile string, files [][2]string, t *testing.T) Archive {
+	context, err := mkBuildContext(dockerfile, files)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return context
+}
+
+// A testContextTemplate describes a build context and how to test it
+type testContextTemplate struct {
+	// Contents of the Dockerfile
+	dockerfile string
+	// Additional files in the context, eg [][2]string{"./passwd", "gordon"}
+	files [][2]string
+	// Additional remote files to host on a local HTTP server.
+	remoteFiles [][2]string
+}
+
+// A table of all the contexts to build and test.
+// A new docker runtime will be created and torn down for each context.
+var testContexts = []testContextTemplate{
+	{
+		`
+from   {IMAGE}
+run    sh -c 'echo root:testpass > /tmp/passwd'
+run    mkdir -p /var/run/sshd
+run    [ "$(cat /tmp/passwd)" = "root:testpass" ]
+run    [ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]
+`,
+		nil,
+		nil,
+	},
+
+	{
+		`
+from {IMAGE}
+add foo /usr/lib/bla/bar
+run [ "$(cat /usr/lib/bla/bar)" = 'hello' ]
+add http://{SERVERADDR}/baz /usr/lib/baz/quux
+run [ "$(cat /usr/lib/baz/quux)" = 'world!' ]
+`,
+		[][2]string{{"foo", "hello"}},
+		[][2]string{{"/baz", "world!"}},
+	},
+
+	{
+		`
+from {IMAGE}
+add f /
+run [ "$(cat /f)" = "hello" ]
+add f /abc
+run [ "$(cat /abc)" = "hello" ]
+add f /x/y/z
+run [ "$(cat /x/y/z)" = "hello" ]
+add f /x/y/d/
+run [ "$(cat /x/y/d/f)" = "hello" ]
+add d /
+run [ "$(cat /ga)" = "bu" ]
+add d /somewhere
+run [ "$(cat /somewhere/ga)" = "bu" ]
+add d /anotherplace/
+run [ "$(cat /anotherplace/ga)" = "bu" ]
+add d /somewheeeere/over/the/rainbooow
+run [ "$(cat /somewheeeere/over/the/rainbooow/ga)" = "bu" ]
+`,
+		[][2]string{
+			{"f", "hello"},
+			{"d/ga", "bu"},
+		},
+		nil,
+	},
+
+	{
+		`
+from {IMAGE}
+add http://{SERVERADDR}/x /a/b/c
+run [ "$(cat /a/b/c)" = "hello" ]
+add http://{SERVERADDR}/x?foo=bar /
+run [ "$(cat /x)" = "hello" ]
+add http://{SERVERADDR}/x /d/
+run [ "$(cat /d/x)" = "hello" ]
+add http://{SERVERADDR} /e
+run [ "$(cat /e)" = "blah" ]
+`,
+		nil,
+		[][2]string{{"/x", "hello"}, {"/", "blah"}},
+	},
+
+	{
+		`
+from   {IMAGE}
+env    FOO BAR
+run    [ "$FOO" = "BAR" ]
+`,
+		nil,
+		nil,
+	},
+
+	{
+		`
+from {IMAGE}
+ENTRYPOINT /bin/echo
+CMD Hello world
+`,
+		nil,
+		nil,
+	},
+
+	{
+		`
+from {IMAGE}
+VOLUME /test
+CMD Hello world
+`,
+		nil,
+		nil,
+	},
+
+	{
+		`
+from {IMAGE}
+env    FOO /foo/baz
+env    BAR /bar
+env    BAZ $BAR
+env    FOOPATH $PATH:$FOO
+run    [ "$BAR" = "$BAZ" ]
+run    [ "$FOOPATH" = "$PATH:/foo/baz" ]
+`,
+		nil,
+		nil,
+	},
+
+	{
+		`
+from {IMAGE}
+env    FOO /bar
+env    TEST testdir
+env    BAZ /foobar
+add    testfile $BAZ/
+add    $TEST $FOO
+run    [ "$(cat /foobar/testfile)" = "test1" ]
+run    [ "$(cat /bar/withfile)" = "test2" ]
+`,
+		[][2]string{
+			{"testfile", "test1"},
+			{"testdir/withfile", "test2"},
+		},
+		nil,
+	},
+}
+
+// FIXME: test building with 2 successive overlapping ADD commands
+
+func constructDockerfile(template string, ip net.IP, port string) string {
+	serverAddr := fmt.Sprintf("%s:%s", ip, port)
+	replacer := strings.NewReplacer("{IMAGE}", unitTestImageID, "{SERVERADDR}", serverAddr)
+	return replacer.Replace(template)
+}
+
+func mkTestingFileServer(files [][2]string) (*httptest.Server, error) {
+	mux := http.NewServeMux()
+	for _, file := range files {
+		name, contents := file[0], file[1]
+		mux.HandleFunc(name, func(w http.ResponseWriter, r *http.Request) {
+			w.Write([]byte(contents))
+		})
+	}
+
+	// This is how httptest.NewServer sets up a net.Listener, except that our listener must accept remote
+	// connections (from the container).
+	listener, err := net.Listen("tcp", ":0")
+	if err != nil {
+		return nil, err
+	}
+
+	s := httptest.NewUnstartedServer(mux)
+	s.Listener = listener
+	s.Start()
+	return s, nil
+}
+
+func TestBuild(t *testing.T) {
+	for _, ctx := range testContexts {
+		buildImage(ctx, t)
+	}
+}
+
+func buildImage(context testContextTemplate, t *testing.T) *Image {
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	srv := &Server{
+		runtime:     runtime,
+		pullingPool: make(map[string]struct{}),
+		pushingPool: make(map[string]struct{}),
+	}
+
+	httpServer, err := mkTestingFileServer(context.remoteFiles)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer httpServer.Close()
+
+	idx := strings.LastIndex(httpServer.URL, ":")
+	if idx < 0 {
+		t.Fatalf("could not get port from test http server address %s", httpServer.URL)
+	}
+	port := httpServer.URL[idx+1:]
+
+	ip := runtime.networkManager.bridgeNetwork.IP
+	dockerfile := constructDockerfile(context.dockerfile, ip, port)
+
+	buildfile := NewBuildFile(srv, ioutil.Discard, false)
+	id, err := buildfile.Build(mkTestContext(dockerfile, context.files, t))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	img, err := srv.ImageInspect(id)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return img
+}
+
+func TestVolume(t *testing.T) {
+	img := buildImage(testContextTemplate{`
+        from {IMAGE}
+        volume /test
+        cmd Hello world
+    `, nil, nil}, t)
+
+	if len(img.Config.Volumes) == 0 {
+		t.Fail()
+	}
+	for key := range img.Config.Volumes {
+		if key != "/test" {
+			t.Fail()
+		}
+	}
+}
+
+func TestBuildMaintainer(t *testing.T) {
+	img := buildImage(testContextTemplate{`
+        from {IMAGE}
+        maintainer dockerio
+    `, nil, nil}, t)
+
+	if img.Author != "dockerio" {
+		t.Fail()
+	}
+}
+
+func TestBuildEnv(t *testing.T) {
+	img := buildImage(testContextTemplate{`
+        from {IMAGE}
+        env port 4243
+        `,
+		nil, nil}, t)
+	hasEnv := false
+	for _, envVar := range img.Config.Env {
+		if envVar == "port=4243" {
+			hasEnv = true
+			break
+		}
+	}
+	if !hasEnv {
+		t.Fail()
+	}
+}
+
+func TestBuildCmd(t *testing.T) {
+	img := buildImage(testContextTemplate{`
+        from {IMAGE}
+        cmd ["/bin/echo", "Hello World"]
+        `,
+		nil, nil}, t)
+
+	if img.Config.Cmd[0] != "/bin/echo" {
+		t.Log(img.Config.Cmd[0])
+		t.Fail()
+	}
+	if img.Config.Cmd[1] != "Hello World" {
+		t.Log(img.Config.Cmd[1])
+		t.Fail()
+	}
+}
+
+func TestBuildExpose(t *testing.T) {
+	img := buildImage(testContextTemplate{`
+        from {IMAGE}
+        expose 4243
+        `,
+		nil, nil}, t)
+
+	if img.Config.PortSpecs[0] != "4243" {
+		t.Fail()
+	}
+}
+
+func TestBuildEntrypoint(t *testing.T) {
+	img := buildImage(testContextTemplate{`
+        from {IMAGE}
+        entrypoint ["/bin/echo"]
+        `,
+		nil, nil}, t)
+
+	if img.Config.Entrypoint[0] != "/bin/echo" {
+	}
+}
+
+func TestForbiddenContextPath(t *testing.T) {
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	srv := &Server{
+		runtime:     runtime,
+		pullingPool: make(map[string]struct{}),
+		pushingPool: make(map[string]struct{}),
+	}
+
+	context := testContextTemplate{`
+        from {IMAGE}
+        maintainer dockerio
+        add ../../ test/
+        `,
+		[][2]string{{"test.txt", "test1"}, {"other.txt", "other"}}, nil}
+
+	httpServer, err := mkTestingFileServer(context.remoteFiles)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer httpServer.Close()
+
+	idx := strings.LastIndex(httpServer.URL, ":")
+	if idx < 0 {
+		t.Fatalf("could not get port from test http server address %s", httpServer.URL)
+	}
+	port := httpServer.URL[idx+1:]
+
+	ip := srv.runtime.networkManager.bridgeNetwork.IP
+	dockerfile := constructDockerfile(context.dockerfile, ip, port)
+
+	buildfile := NewBuildFile(srv, ioutil.Discard, false)
+	_, err = buildfile.Build(mkTestContext(dockerfile, context.files, t))
+
+	if err == nil {
+		t.Log("Error should not be nil")
+		t.Fail()
+	}
+
+	if err.Error() != "Forbidden path: /" {
+		t.Logf("Error message is not expected: %s", err.Error())
+		t.Fail()
+	}
+}
--- a/changes.go
+++ b/changes.go
@@ -65,7 +65,7 @@ func Changes(layers []string, rw string) ([]Change, error) {
 		file := filepath.Base(path)
 		// If there is a whiteout, then the file was removed
 		if strings.HasPrefix(file, ".wh.") {
-			originalFile := strings.TrimLeft(file, ".wh.")
+			originalFile := file[len(".wh."):]
 			change.Path = filepath.Join(filepath.Dir(path), originalFile)
 			change.Kind = ChangeDelete
 		} else {
--- a/commands.go
+++ b/commands.go
--- a/commands_test.go
+++ b/commands_test.go
@@ -2,8 +2,8 @@ package docker

 import (
 	"bufio"
-	"bytes"
 	"fmt"
+	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
 	"strings"
@@ -38,7 +38,7 @@ func setTimeout(t *testing.T, msg string, d time.Duration, f func()) {
 		f()
 		c <- false
 	}()
-	if <-c {
+	if <-c && msg != "" {
 		t.Fatal(msg)
 	}
 }
@@ -61,39 +61,45 @@ func assertPipe(input, output string, r io.Reader, w io.Writer, count int) error

 // TestRunHostname checks that 'docker run -h' correctly sets a custom hostname
 func TestRunHostname(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer nuke(runtime)
+	stdout, stdoutPipe := io.Pipe()

-	srv := &Server{runtime: runtime}
+	cli := NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalRuntime)

-	var stdin, stdout bytes.Buffer
-	setTimeout(t, "CmdRun timed out", 2*time.Second, func() {
-		if err := srv.CmdRun(ioutil.NopCloser(&stdin), &nopWriteCloser{&stdout}, "-h", "foobar", GetTestImage(runtime).Id, "hostname"); err != nil {
+	c := make(chan struct{})
+	go func() {
+		defer close(c)
+		if err := cli.CmdRun("-h", "foobar", unitTestImageID, "hostname"); err != nil {
 			t.Fatal(err)
 		}
+	}()
+
+	setTimeout(t, "Reading command output time out", 2*time.Second, func() {
+		cmdOutput, err := bufio.NewReader(stdout).ReadString('\n')
+		if err != nil {
+			t.Fatal(err)
+		}
+		if cmdOutput != "foobar\n" {
+			t.Fatalf("'hostname' should display '%s', not '%s'", "foobar\n", cmdOutput)
+		}
 	})
-	if output := string(stdout.Bytes()); output != "foobar\n" {
-		t.Fatalf("'hostname' should display '%s', not '%s'", "foobar\n", output)
-	}
+
+	setTimeout(t, "CmdRun timed out", 5*time.Second, func() {
+		<-c
+	})
+
 }

 func TestRunExit(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer nuke(runtime)
-
-	srv := &Server{runtime: runtime}
-
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
+
+	cli := NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalRuntime)
+
 	c1 := make(chan struct{})
 	go func() {
-		srv.CmdRun(stdin, stdoutPipe, "-i", GetTestImage(runtime).Id, "/bin/cat")
+		cli.CmdRun("-i", unitTestImageID, "/bin/cat")
 		close(c1)
 	}()

@@ -103,20 +109,24 @@ func TestRunExit(t *testing.T) {
 		}
 	})

-	container := runtime.List()[0]
+	container := globalRuntime.List()[0]

 	// Closing /bin/cat stdin, expect it to exit
-	p, err := container.StdinPipe()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err := p.Close(); err != nil {
+	if err := stdin.Close(); err != nil {
 		t.Fatal(err)
 	}

 	// as the process exited, CmdRun must finish and unblock. Wait for it
-	setTimeout(t, "Waiting for CmdRun timed out", 2*time.Second, func() {
+	setTimeout(t, "Waiting for CmdRun timed out", 10*time.Second, func() {
 		<-c1
+
+		go func() {
+			cli.CmdWait(container.ID)
+		}()
+
+		if _, err := bufio.NewReader(stdout).ReadString('\n'); err != nil {
+			t.Fatal(err)
+		}
 	})

 	// Make sure that the client has been disconnected
@@ -133,21 +143,18 @@ func TestRunExit(t *testing.T) {

 // Expected behaviour: the process dies when the client disconnects
 func TestRunDisconnect(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer nuke(runtime)
-
-	srv := &Server{runtime: runtime}

 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
+
+	cli := NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalRuntime)
+
 	c1 := make(chan struct{})
 	go func() {
 		// We're simulating a disconnect so the return value doesn't matter. What matters is the
 		// fact that CmdRun returns.
-		srv.CmdRun(stdin, stdoutPipe, "-i", GetTestImage(runtime).Id, "/bin/cat")
+		cli.CmdRun("-i", unitTestImageID, "/bin/cat")
 		close(c1)
 	}()

@@ -171,7 +178,7 @@ func TestRunDisconnect(t *testing.T) {
 	// Client disconnect after run -i should cause stdin to be closed, which should
 	// cause /bin/cat to exit.
 	setTimeout(t, "Waiting for /bin/cat to exit timed out", 2*time.Second, func() {
-		container := runtime.List()[0]
+		container := globalRuntime.List()[0]
 		container.Wait()
 		if container.State.Running {
 			t.Fatalf("/bin/cat is still running after closing stdin")
@@ -179,56 +186,124 @@ func TestRunDisconnect(t *testing.T) {
 	})
 }

+// Expected behaviour: the process dies when the client disconnects
+func TestRunDisconnectTty(t *testing.T) {
+
+	stdin, stdinPipe := io.Pipe()
+	stdout, stdoutPipe := io.Pipe()
+
+	cli := NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalRuntime)
+
+	c1 := make(chan struct{})
+	go func() {
+		// We're simulating a disconnect so the return value doesn't matter. What matters is the
+		// fact that CmdRun returns.
+		if err := cli.CmdRun("-i", "-t", unitTestImageID, "/bin/cat"); err != nil {
+			utils.Debugf("Error CmdRun: %s\n", err)
+		}
+
+		close(c1)
+	}()
+
+	setTimeout(t, "Waiting for the container to be started timed out", 10*time.Second, func() {
+		for {
+			// Client disconnect after run -i should keep stdin out in TTY mode
+			l := globalRuntime.List()
+			if len(l) == 1 && l[0].State.Running {
+				break
+			}
+			time.Sleep(10 * time.Millisecond)
+		}
+	})
+
+	// Client disconnect after run -i should keep stdin out in TTY mode
+	container := globalRuntime.List()[0]
+
+	setTimeout(t, "Read/Write assertion timed out", 2000*time.Second, func() {
+		if err := assertPipe("hello\n", "hello", stdout, stdinPipe, 15); err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	// Close pipes (simulate disconnect)
+	if err := closeWrap(stdin, stdinPipe, stdout, stdoutPipe); err != nil {
+		t.Fatal(err)
+	}
+
+	// In tty mode, we expect the process to stay alive even after client's stdin closes.
+	// Do not wait for run to finish
+
+	// Give some time to monitor to do his thing
+	container.WaitTimeout(500 * time.Millisecond)
+	if !container.State.Running {
+		t.Fatalf("/bin/cat should  still be running after closing stdin (tty mode)")
+	}
+}
+
 // TestAttachStdin checks attaching to stdin without stdout and stderr.
 // 'docker run -i -a stdin' should sends the client's stdin to the command,
 // then detach from it and print the container id.
-func TestAttachStdin(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer nuke(runtime)
-	srv := &Server{runtime: runtime}
+func TestRunAttachStdin(t *testing.T) {

-	stdinR, stdinW := io.Pipe()
-	var stdout bytes.Buffer
+	stdin, stdinPipe := io.Pipe()
+	stdout, stdoutPipe := io.Pipe()
+
+	cli := NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalRuntime)

 	ch := make(chan struct{})
 	go func() {
-		srv.CmdRun(stdinR, &stdout, "-i", "-a", "stdin", GetTestImage(runtime).Id, "sh", "-c", "echo hello; cat")
-		close(ch)
+		defer close(ch)
+		cli.CmdRun("-i", "-a", "stdin", unitTestImageID, "sh", "-c", "echo hello && cat")
 	}()

-	// Send input to the command, close stdin, wait for CmdRun to return
-	setTimeout(t, "Read/Write timed out", 2*time.Second, func() {
-		if _, err := stdinW.Write([]byte("hi there\n")); err != nil {
+	// Send input to the command, close stdin
+	setTimeout(t, "Write timed out", 10*time.Second, func() {
+		if _, err := stdinPipe.Write([]byte("hi there\n")); err != nil {
 			t.Fatal(err)
 		}
-		stdinW.Close()
+		if err := stdinPipe.Close(); err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	container := globalRuntime.List()[0]
+
+	// Check output
+	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
+		cmdOutput, err := bufio.NewReader(stdout).ReadString('\n')
+		if err != nil {
+			t.Fatal(err)
+		}
+		if cmdOutput != container.ShortID()+"\n" {
+			t.Fatalf("Wrong output: should be '%s', not '%s'\n", container.ShortID()+"\n", cmdOutput)
+		}
+	})
+
+	// wait for CmdRun to return
+	setTimeout(t, "Waiting for CmdRun timed out", 5*time.Second, func() {
+		// Unblock hijack end
+		stdout.Read([]byte{})
 		<-ch
 	})

-	// Check output
-	cmdOutput := string(stdout.Bytes())
-	container := runtime.List()[0]
-	if cmdOutput != container.ShortId()+"\n" {
-		t.Fatalf("Wrong output: should be '%s', not '%s'\n", container.ShortId()+"\n", cmdOutput)
-	}
-
-	setTimeout(t, "Waiting for command to exit timed out", 2*time.Second, func() {
+	setTimeout(t, "Waiting for command to exit timed out", 5*time.Second, func() {
 		container.Wait()
 	})

 	// Check logs
-	if cmdLogs, err := container.ReadLog("stdout"); err != nil {
+	if cmdLogs, err := container.ReadLog("json"); err != nil {
 		t.Fatal(err)
 	} else {
 		if output, err := ioutil.ReadAll(cmdLogs); err != nil {
 			t.Fatal(err)
 		} else {
-			expectedLog := "hello\nhi there\n"
-			if string(output) != expectedLog {
-				t.Fatalf("Unexpected logs: should be '%s', not '%s'\n", expectedLog, output)
+			expectedLogs := []string{"{\"log\":\"hello\\n\",\"stream\":\"stdout\"", "{\"log\":\"hi there\\n\",\"stream\":\"stdout\""}
+			for _, expectedLog := range expectedLogs {
+				if !strings.Contains(string(output), expectedLog) {
+					t.Fatalf("Unexpected logs: should contains '%s', it is not '%s'\n", expectedLog, output)
+				}
 			}
 		}
 	}
@@ -236,41 +311,43 @@ func TestAttachStdin(t *testing.T) {

 // Expected behaviour, the process stays alive when the client disconnects
 func TestAttachDisconnect(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer nuke(runtime)
-
-	srv := &Server{runtime: runtime}
-
-	container, err := runtime.Create(
-		&Config{
-			Image:     GetTestImage(runtime).Id,
-			Memory:    33554432,
-			Cmd:       []string{"/bin/cat"},
-			OpenStdin: true,
-		},
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer runtime.Destroy(container)
-
-	// Start the process
-	if err := container.Start(); err != nil {
-		t.Fatal(err)
-	}
-
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()

+	cli := NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalRuntime)
+
+	go func() {
+		// Start a process in daemon mode
+		if err := cli.CmdRun("-d", "-i", unitTestImageID, "/bin/cat"); err != nil {
+			utils.Debugf("Error CmdRun: %s\n", err)
+		}
+	}()
+
+	setTimeout(t, "Waiting for CmdRun timed out", 10*time.Second, func() {
+		if _, err := bufio.NewReader(stdout).ReadString('\n'); err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	setTimeout(t, "Waiting for the container to be started timed out", 10*time.Second, func() {
+		for {
+			l := globalRuntime.List()
+			if len(l) == 1 && l[0].State.Running {
+				break
+			}
+			time.Sleep(10 * time.Millisecond)
+		}
+	})
+
+	container := globalRuntime.List()[0]
+
 	// Attach to it
 	c1 := make(chan struct{})
 	go func() {
 		// We're simulating a disconnect so the return value doesn't matter. What matters is the
 		// fact that CmdAttach returns.
-		srv.CmdAttach(stdin, stdoutPipe, container.Id)
+		cli.CmdAttach(container.ID)
 		close(c1)
 	}()

@@ -291,7 +368,7 @@ func TestAttachDisconnect(t *testing.T) {

 	// We closed stdin, expect /bin/cat to still be running
 	// Wait a little bit to make sure container.monitor() did his thing
-	err = container.WaitTimeout(500 * time.Millisecond)
+	err := container.WaitTimeout(500 * time.Millisecond)
 	if err == nil || !container.State.Running {
 		t.Fatalf("/bin/cat is not running after closing stdin")
 	}
@@ -299,4 +376,5 @@ func TestAttachDisconnect(t *testing.T) {
 	// Try to avoid the timeoout in destroy. Best effort, don't check error
 	cStdin, _ := container.StdinPipe()
 	cStdin.Close()
+	container.Wait()
 }
--- a/container.go
+++ b/container.go
--- a/container_test.go
+++ b/container_test.go
--- a/contrib/MAINTAINERS
+++ b/contrib/MAINTAINERS
@@ -0,0 +1 @@
+# Maintainer wanted! Enroll on #docker@freenode
--- a/contrib/crashTest.go
+++ b/contrib/crashTest.go
@@ -0,0 +1,125 @@
+package main
+
+import (
+	"fmt"
+	"io"
+	"log"
+	"net"
+	"os"
+	"os/exec"
+	"path"
+	"time"
+)
+
+var DOCKERPATH = path.Join(os.Getenv("DOCKERPATH"), "docker")
+
+// WARNING: this crashTest will 1) crash your host, 2) remove all containers
+func runDaemon() (*exec.Cmd, error) {
+	os.Remove("/var/run/docker.pid")
+	exec.Command("rm", "-rf", "/var/lib/docker/containers").Run()
+	cmd := exec.Command(DOCKERPATH, "-d")
+	outPipe, err := cmd.StdoutPipe()
+	if err != nil {
+		return nil, err
+	}
+	errPipe, err := cmd.StderrPipe()
+	if err != nil {
+		return nil, err
+	}
+	if err := cmd.Start(); err != nil {
+		return nil, err
+	}
+	go func() {
+		io.Copy(os.Stdout, outPipe)
+	}()
+	go func() {
+		io.Copy(os.Stderr, errPipe)
+	}()
+	return cmd, nil
+}
+
+func crashTest() error {
+	if err := exec.Command("/bin/bash", "-c", "while true; do true; done").Start(); err != nil {
+		return err
+	}
+
+	var endpoint string
+	if ep := os.Getenv("TEST_ENDPOINT"); ep == "" {
+		endpoint = "192.168.56.1:7979"
+	} else {
+		endpoint = ep
+	}
+
+	c := make(chan bool)
+	var conn io.Writer
+
+	go func() {
+		conn, _ = net.Dial("tcp", endpoint)
+		c <- false
+	}()
+	go func() {
+		time.Sleep(2 * time.Second)
+		c <- true
+	}()
+	<-c
+
+	restartCount := 0
+	totalTestCount := 1
+	for {
+		daemon, err := runDaemon()
+		if err != nil {
+			return err
+		}
+		restartCount++
+		//		time.Sleep(5000 * time.Millisecond)
+		var stop bool
+		go func() error {
+			stop = false
+			for i := 0; i < 100 && !stop; {
+				func() error {
+					cmd := exec.Command(DOCKERPATH, "run", "base", "echo", fmt.Sprintf("%d", totalTestCount))
+					i++
+					totalTestCount++
+					outPipe, err := cmd.StdoutPipe()
+					if err != nil {
+						return err
+					}
+					inPipe, err := cmd.StdinPipe()
+					if err != nil {
+						return err
+					}
+					if err := cmd.Start(); err != nil {
+						return err
+					}
+					if conn != nil {
+						go io.Copy(conn, outPipe)
+					}
+
+					// Expecting error, do not check
+					inPipe.Write([]byte("hello world!!!!!\n"))
+					go inPipe.Write([]byte("hello world!!!!!\n"))
+					go inPipe.Write([]byte("hello world!!!!!\n"))
+					inPipe.Close()
+
+					if err := cmd.Wait(); err != nil {
+						return err
+					}
+					outPipe.Close()
+					return nil
+				}()
+			}
+			return nil
+		}()
+		time.Sleep(20 * time.Second)
+		stop = true
+		if err := daemon.Process.Kill(); err != nil {
+			return err
+		}
+	}
+}
+
+func main() {
+	if err := crashTest(); err != nil {
+		log.Println(err)
+	}
+}
--- a/contrib/install.sh
+++ b/contrib/install.sh
@@ -8,7 +8,7 @@

 echo "Ensuring basic dependencies are installed..."
 apt-get -qq update
-apt-get -qq install lxc wget bsdtar
+apt-get -qq install lxc wget

 echo "Looking in /proc/filesystems to see if we have AUFS support..."
 if grep -q aufs /proc/filesystems
@@ -36,16 +36,16 @@ else
 fi

 echo "Downloading docker binary and uncompressing into /usr/local/bin..."
-curl -s http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-master.tgz |
+curl -s http://get.docker.io/builds/$(uname -s)/$(uname -m)/docker-latest.tgz |
 tar -C /usr/local/bin --strip-components=1 -zxf- \
-docker-master/docker
+docker-latest/docker

 if [ -f /etc/init/dockerd.conf ]
 then
  echo "Upstart script already exists."
 else
  echo "Creating /etc/init/dockerd.conf..."
-  echo "exec /usr/local/bin/docker -d" > /etc/init/dockerd.conf
+  echo "exec env LANG=\"en_US.UTF-8\" /usr/local/bin/docker -d" > /etc/init/dockerd.conf
 fi

 echo "Starting dockerd..."
--- a/contrib/mkimage-debian.sh
+++ b/contrib/mkimage-debian.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+set -e
+
+# these should match the names found at http://www.debian.org/releases/
+stableSuite='wheezy'
+testingSuite='jessie'
+unstableSuite='sid'
+
+variant='minbase'
+include='iproute,iputils-ping'
+
+repo="$1"
+suite="${2:-$stableSuite}"
+mirror="${3:-}" # stick to the default debootstrap mirror if one is not provided
+
+if [ ! "$repo" ]; then
+	echo >&2 "usage: $0 repo [suite [mirror]]"
+	echo >&2 "   ie: $0 tianon/debian squeeze"
+	exit 1
+fi
+
+target="/tmp/docker-rootfs-debian-$suite-$$-$RANDOM"
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+returnTo="$(pwd -P)"
+
+set -x
+
+# bootstrap
+mkdir -p "$target"
+sudo debootstrap --verbose --variant="$variant" --include="$include" "$suite" "$target" "$mirror"
+
+cd "$target"
+
+# create the image
+img=$(sudo tar -c . | docker import -)
+
+# tag suite
+docker tag $img $repo $suite
+
+# test the image
+docker run -i -t $repo:$suite echo success
+
+if [ "$suite" = "$stableSuite" -o "$suite" = 'stable' ]; then
+	# tag latest
+	docker tag $img $repo latest
+	
+	# tag the specific debian release version
+	ver=$(docker run $repo:$suite cat /etc/debian_version)
+	docker tag $img $repo $ver
+fi
+
+# cleanup
+cd "$returnTo"
+sudo rm -rf "$target"
--- a/contrib/mkimage-unittest.sh
+++ b/contrib/mkimage-unittest.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+# Generate a very minimal filesystem based on busybox-static,
+# and load it into the local docker under the name "docker-ut".
+
+missing_pkg() {
+    echo "Sorry, I could not locate $1"
+    echo "Try 'apt-get install ${2:-$1}'?"
+    exit 1
+}
+
+BUSYBOX=$(which busybox)
+[ "$BUSYBOX" ] || missing_pkg busybox busybox-static
+SOCAT=$(which socat)
+[ "$SOCAT" ] || missing_pkg socat
+
+shopt -s extglob
+set -ex
+ROOTFS=`mktemp -d /tmp/rootfs-busybox.XXXXXXXXXX`
+trap "rm -rf $ROOTFS" INT QUIT TERM
+cd $ROOTFS
+
+mkdir bin etc dev dev/pts lib proc sys tmp
+touch etc/resolv.conf
+cp /etc/nsswitch.conf etc/nsswitch.conf
+echo root:x:0:0:root:/:/bin/sh > etc/passwd
+echo daemon:x:1:1:daemon:/usr/sbin:/bin/sh >> etc/passwd
+echo root:x:0: > etc/group
+echo daemon:x:1: >> etc/group
+ln -s lib lib64
+ln -s bin sbin
+cp $BUSYBOX $SOCAT bin
+for X in $(busybox --list)
+do
+    ln -s busybox bin/$X
+done
+rm bin/init
+ln bin/busybox bin/init
+cp -P /lib/x86_64-linux-gnu/lib{pthread*,c*(-*),dl*(-*),nsl*(-*),nss_*,util*(-*),wrap,z}.so* lib
+cp /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 lib
+cp -P /usr/lib/x86_64-linux-gnu/lib{crypto,ssl}.so* lib
+for X in console null ptmx random stdin stdout stderr tty urandom zero
+do
+    cp -a /dev/$X dev
+done
+
+chmod 0755 $ROOTFS # See #486
+tar -cf- . | docker import - docker-ut
+docker run -i -u root docker-ut /bin/echo Success.
+rm -rf $ROOTFS
--- a/contrib/vagrant-docker/README.md
+++ b/contrib/vagrant-docker/README.md
@@ -0,0 +1,3 @@
+# Vagrant-docker
+
+This is a placeholder for the official vagrant-docker, a plugin for Vagrant (http://vagrantup.com) which exposes Docker as a provider.
--- a/deb/Makefile
+++ b/deb/Makefile
@@ -1 +0,0 @@
-../Makefile
--- a/deb/Makefile.deb
+++ b/deb/Makefile.deb
@@ -1,73 +0,0 @@
-PKG_NAME=dotcloud-docker
-PKG_ARCH=amd64
-PKG_VERSION=1
-ROOT_PATH:=$(PWD)
-BUILD_PATH=build	# Do not change, decided by dpkg-buildpackage
-BUILD_SRC=build_src
-GITHUB_PATH=src/github.com/dotcloud/docker
-INSDIR=usr/bin
-SOURCE_PACKAGE=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz
-DEB_PACKAGE=$(PKG_NAME)_$(PKG_VERSION)_$(PKG_ARCH).deb
-EXTRA_GO_PKG=./auth
-
-TMPDIR=$(shell mktemp -d -t XXXXXX)
-
-
-# Build a debian source package
-all: clean build_in_deb
-
-build_in_deb:
-	echo "GOPATH = " $(ROOT_PATH)
-	mkdir bin
-	cd $(GITHUB_PATH)/docker; GOPATH=$(ROOT_PATH) go build -o $(ROOT_PATH)/bin/docker
-
-# DESTDIR provided by Debian packaging
-install:
-	# Call this from a go environment (as packaged for deb source package)
-	mkdir -p $(DESTDIR)/$(INSDIR)
-	mkdir -p $(DESTDIR)/etc/init
-	install -m 0755 bin/docker $(DESTDIR)/$(INSDIR)
-	install -o root -m 0755 etc/docker.upstart $(DESTDIR)/etc/init/docker.conf
-
-$(BUILD_SRC): clean
-	# Copy ourselves into $BUILD_SRC to comply with unusual golang constraints
-	tar --exclude=*.tar.gz --exclude=checkout.tgz -f checkout.tgz -cz *
-	mkdir -p $(BUILD_SRC)/$(GITHUB_PATH)
-	tar -f checkout.tgz -C $(BUILD_SRC)/$(GITHUB_PATH) -xz
-	cd $(BUILD_SRC)/$(GITHUB_PATH)/docker; GOPATH=$(ROOT_PATH)/$(BUILD_SRC) go get -d
-	for d in `find $(BUILD_SRC) -name '.git*'`; do rm -rf $$d; done
-	# Populate source build with debian stuff
-	cp -R -L ./deb/* $(BUILD_SRC)
-
-$(SOURCE_PACKAGE): $(BUILD_SRC)
-	rm -f $(SOURCE_PACKAGE)
-	# Create the debian source package
-	tar -f $(SOURCE_PACKAGE) -C ${ROOT_PATH}/${BUILD_SRC} -cz .
-
-# Build deb package fetching go dependencies and cleaning up git repositories
-deb: $(DEB_PACKAGE)
-
-$(DEB_PACKAGE): $(SOURCE_PACKAGE)
-	# dpkg-buildpackage looks for source package tarball in ../
-	cd $(BUILD_SRC); dpkg-buildpackage
-	rm -rf $(BUILD_PATH) debian/$(PKG_NAME)* debian/files
-
-debsrc: $(SOURCE_PACKAGE)
-
-# Build local sources
-#$(PKG_NAME): build_local
-
-build_local:
-	-@mkdir -p bin
-	cd docker && go build -o ../bin/docker
-
-gotest:
-	@echo "\033[36m[Testing]\033[00m docker..."
-	@sudo -E GOPATH=$(ROOT_PATH)/$(BUILD_SRC) go test -v . $(EXTRA_GO_PKG) && \
-		echo -n "\033[32m[OK]\033[00m" || \
-		echo -n "\033[31m[FAIL]\033[00m"; \
-		echo " docker"
-	@sudo rm -rf /tmp/docker-*
-
-clean:
-	rm -rf $(BUILD_PATH) debian/$(PKG_NAME)* debian/files $(BUILD_SRC) checkout.tgz bin
--- a/deb/README.md
+++ b/deb/README.md
@@ -1 +0,0 @@
-../README.md
--- a/deb/debian/changelog
+++ b/deb/debian/changelog
@@ -1,5 +0,0 @@
-dotcloud-docker (1) precise; urgency=low
-
-  * Initial release
-
- -- dotCloud <ops@dotcloud.com>  Mon, 14 Mar 2013 04:43:21 -0700
--- a/deb/debian/control
+++ b/deb/debian/control
@@ -1,20 +0,0 @@
-Source: dotcloud-docker
-Section: misc
-Priority: extra
-Homepage: https://github.com/dotcloud/docker
-Maintainer: Daniel Mizyrycki <daniel@dotcloud.com>
-Build-Depends: debhelper (>= 8.0.0), git, golang
-Vcs-Git: https://github.com/dotcloud/docker.git
-Standards-Version: 3.9.2
-
-Package: dotcloud-docker
-Architecture: amd64
-Provides: dotcloud-docker
-Depends: lxc, wget, bsdtar, curl
-Conflicts: docker
-Description: A process manager with superpowers
-    It encapsulates heterogeneous payloads in Standard Containers, and runs
-    them on any server with strong guarantees of isolation and repeatability.
-    Is is a great building block for automating distributed systems:
-    large-scale web deployments, database clusters, continuous deployment
-    systems, private PaaS, service-oriented architectures, etc.
--- a/deb/debian/copyright
+++ b/deb/debian/copyright
@@ -1,209 +0,0 @@
-Format: http://dep.debian.net/deps/dep5
-Upstream-Name: dotcloud-docker
-Source: https://github.com/dotcloud/docker
-
-Files: *
-Copyright: 2012 DotCloud Inc (opensource@dotcloud.com)
-License: Apache License Version 2.0
-
-                                Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!) The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright 2012 DotCloud Inc (opensource@dotcloud.com)
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
--- a/deb/etc/docker-dev.upstart
+++ b/deb/etc/docker-dev.upstart
@@ -1,10 +0,0 @@
-description     "Run docker"
-
-start on runlevel [2345]
-stop on starting rc RUNLEVEL=[016]
-respawn
-
-script
-    test -f /etc/default/locale && . /etc/default/locale || true
-    LANG=$LANG LC_ALL=$LANG /usr/bin/docker -d
-end script
--- a/deb/etc/docker.upstart
+++ b/deb/etc/docker.upstart
@@ -1,10 +0,0 @@
-description     "Run docker"
-
-start on runlevel [2345]
-stop on starting rc RUNLEVEL=[016]
-respawn
-
-script
-    test -f /etc/default/locale && . /etc/default/locale || true
-    LANG=$LANG LC_ALL=$LANG /usr/bin/docker -d
-end script
--- a/docker/docker.go
+++ b/docker/docker.go
@@ -2,19 +2,24 @@ package main

 import (
 	"flag"
+	"fmt"
 	"github.com/dotcloud/docker"
-	"github.com/dotcloud/docker/rcli"
-	"github.com/dotcloud/docker/term"
-	"io"
+	"github.com/dotcloud/docker/utils"
+	"io/ioutil"
 	"log"
 	"os"
 	"os/signal"
+	"strconv"
+	"strings"
+	"syscall"
 )

-var GIT_COMMIT string
+var (
+	GITCOMMIT string
+)

 func main() {
-	if docker.SelfPath() == "/sbin/init" {
+	if utils.SelfPath() == "/sbin/init" {
 		// Running in init mode
 		docker.SysInit()
 		return
@@ -22,88 +27,124 @@ func main() {
 	// FIXME: Switch d and D ? (to be more sshd like)
 	flDaemon := flag.Bool("d", false, "Daemon mode")
 	flDebug := flag.Bool("D", false, "Debug mode")
+	flAutoRestart := flag.Bool("r", false, "Restart previously running containers")
+	bridgeName := flag.String("b", "", "Attach containers to a pre-existing network bridge. Use 'none' to disable container networking")
+	pidfile := flag.String("p", "/var/run/docker.pid", "File containing process PID")
+	flGraphPath := flag.String("g", "/var/lib/docker", "Path to graph storage base dir.")
+	flEnableCors := flag.Bool("api-enable-cors", false, "Enable CORS requests in the remote api.")
+	flDns := flag.String("dns", "", "Set custom dns servers")
+	flHosts := docker.ListOpts{fmt.Sprintf("unix://%s", docker.DEFAULTUNIXSOCKET)}
+	flag.Var(&flHosts, "H", "tcp://host:port to bind/connect to or unix://path/to/socket to use")
 	flag.Parse()
+	if len(flHosts) > 1 {
+		flHosts = flHosts[1:] //trick to display a nice defaul value in the usage
+	}
+	for i, flHost := range flHosts {
+		flHosts[i] = utils.ParseHost(docker.DEFAULTHTTPHOST, docker.DEFAULTHTTPPORT, flHost)
+	}
+
+	if *bridgeName != "" {
+		docker.NetworkBridgeIface = *bridgeName
+	} else {
+		docker.NetworkBridgeIface = docker.DefaultNetworkBridge
+	}
 	if *flDebug {
 		os.Setenv("DEBUG", "1")
 	}
-	docker.GIT_COMMIT = GIT_COMMIT
+	docker.GITCOMMIT = GITCOMMIT
 	if *flDaemon {
 		if flag.NArg() != 0 {
 			flag.Usage()
 			return
 		}
-		if err := daemon(); err != nil {
+		if err := daemon(*pidfile, *flGraphPath, flHosts, *flAutoRestart, *flEnableCors, *flDns); err != nil {
 			log.Fatal(err)
+			os.Exit(-1)
 		}
 	} else {
-		if err := runCommand(flag.Args()); err != nil {
+		if len(flHosts) > 1 {
+			log.Fatal("Please specify only one -H")
+			return
+		}
+		protoAddrParts := strings.SplitN(flHosts[0], "://", 2)
+		if err := docker.ParseCommands(protoAddrParts[0], protoAddrParts[1], flag.Args()...); err != nil {
 			log.Fatal(err)
+			os.Exit(-1)
 		}
 	}
 }

-func daemon() error {
-	service, err := docker.NewServer()
+func createPidFile(pidfile string) error {
+	if pidString, err := ioutil.ReadFile(pidfile); err == nil {
+		pid, err := strconv.Atoi(string(pidString))
+		if err == nil {
+			if _, err := os.Stat(fmt.Sprintf("/proc/%d/", pid)); err == nil {
+				return fmt.Errorf("pid file found, ensure docker is not running or delete %s", pidfile)
+			}
+		}
+	}
+
+	file, err := os.Create(pidfile)
 	if err != nil {
 		return err
 	}
-	return rcli.ListenAndServe("tcp", "127.0.0.1:4242", service)
+
+	defer file.Close()
+
+	_, err = fmt.Fprintf(file, "%d", os.Getpid())
+	return err
 }

-func runCommand(args []string) error {
-	var oldState *term.State
-	var err error
-	if term.IsTerminal(int(os.Stdin.Fd())) && os.Getenv("NORAW") == "" {
-		oldState, err = term.MakeRaw(int(os.Stdin.Fd()))
-		if err != nil {
-			return err
-		}
-		defer term.Restore(int(os.Stdin.Fd()), oldState)
-		c := make(chan os.Signal, 1)
-		signal.Notify(c, os.Interrupt)
-		go func() {
-			for _ = range c {
-				term.Restore(int(os.Stdin.Fd()), oldState)
-				log.Printf("\nSIGINT received\n")
-				os.Exit(0)
+func removePidFile(pidfile string) {
+	if err := os.Remove(pidfile); err != nil {
+		log.Printf("Error removing %s: %s", pidfile, err)
+	}
+}
+
+func daemon(pidfile string, flGraphPath string, protoAddrs []string, autoRestart, enableCors bool, flDns string) error {
+	if err := createPidFile(pidfile); err != nil {
+		log.Fatal(err)
+	}
+	defer removePidFile(pidfile)
+
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, os.Interrupt, os.Kill, os.Signal(syscall.SIGTERM))
+	go func() {
+		sig := <-c
+		log.Printf("Received signal '%v', exiting\n", sig)
+		removePidFile(pidfile)
+		os.Exit(0)
+	}()
+	var dns []string
+	if flDns != "" {
+		dns = []string{flDns}
+	}
+	server, err := docker.NewServer(flGraphPath, autoRestart, enableCors, dns)
+	if err != nil {
+		return err
+	}
+	chErrors := make(chan error, len(protoAddrs))
+	for _, protoAddr := range protoAddrs {
+		protoAddrParts := strings.SplitN(protoAddr, "://", 2)
+		if protoAddrParts[0] == "unix" {
+			syscall.Unlink(protoAddrParts[1])
+		} else if protoAddrParts[0] == "tcp" {
+			if !strings.HasPrefix(protoAddrParts[1], "127.0.0.1") {
+				log.Println("/!\\ DON'T BIND ON ANOTHER IP ADDRESS THAN 127.0.0.1 IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
 			}
+		} else {
+			log.Fatal("Invalid protocol format.")
+			os.Exit(-1)
+		}
+		go func() {
+			chErrors <- docker.ListenAndServe(protoAddrParts[0], protoAddrParts[1], server, true)
 		}()
 	}
-	// FIXME: we want to use unix sockets here, but net.UnixConn doesn't expose
-	// CloseWrite(), which we need to cleanly signal that stdin is closed without
-	// closing the connection.
-	// See http://code.google.com/p/go/issues/detail?id=3345
-	if conn, err := rcli.Call("tcp", "127.0.0.1:4242", args...); err == nil {
-		receiveStdout := docker.Go(func() error {
-			_, err := io.Copy(os.Stdout, conn)
-			return err
-		})
-		sendStdin := docker.Go(func() error {
-			_, err := io.Copy(conn, os.Stdin)
-			if err := conn.CloseWrite(); err != nil {
-				log.Printf("Couldn't send EOF: " + err.Error())
-			}
-			return err
-		})
-		if err := <-receiveStdout; err != nil {
-			return err
-		}
-		if !term.IsTerminal(int(os.Stdin.Fd())) {
-			if err := <-sendStdin; err != nil {
-				return err
-			}
-		}
-	} else {
-		service, err := docker.NewServer()
+	for i := 0; i < len(protoAddrs); i += 1 {
+		err := <-chErrors
 		if err != nil {
 			return err
 		}
-		if err := rcli.LocalCall(service, os.Stdin, os.Stdout, args...); err != nil {
-			return err
-		}
-	}
-	if oldState != nil {
-		term.Restore(int(os.Stdin.Fd()), oldState)
 	}
 	return nil
 }
--- a/docs/MAINTAINERS
+++ b/docs/MAINTAINERS
@@ -0,0 +1,2 @@
+Andy Rothfusz <andy@dotcloud.com>
+Ken Cochrane <ken@dotcloud.com>
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -6,6 +6,7 @@ SPHINXOPTS    =
 SPHINXBUILD   = sphinx-build
 PAPER         =
 BUILDDIR      = _build
+PYTHON        = python

 # Internal variables.
 PAPEROPT_a4     = -D latex_paper_size=a4
@@ -38,37 +39,37 @@ help:
 #	@echo "  linkcheck  to check all external links for integrity"
 #	@echo "  doctest    to run all doctests embedded in the documentation (if enabled)"
 	@echo "  docs       to build the docs and copy the static files to the outputdir"
+	@echo "  server     to serve the docs in your browser under \`http://localhost:8000\`"
 	@echo "  publish    to publish the app to dotcloud"

 clean:
 	-rm -rf $(BUILDDIR)/*

 docs:
-	-rm -rf $(BUILDDIR)/*
 	$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/html
-	cp sources/index.html $(BUILDDIR)/html/
-	cp -r sources/gettingstarted $(BUILDDIR)/html/
-	cp sources/dotcloud.yml $(BUILDDIR)/html/
-	cp sources/CNAME $(BUILDDIR)/html/
-	cp sources/.nojekyll $(BUILDDIR)/html/
 	@echo
-	@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
+	@echo "Build finished. The documentation pages are now in $(BUILDDIR)/html."
+
+server: docs
+	@cd $(BUILDDIR)/html; $(PYTHON) -m SimpleHTTPServer 8000
+
+site:
+	cp -r website $(BUILDDIR)/
+	cp -r theme/docker/static/ $(BUILDDIR)/website/
+	@echo
+	@echo "The Website pages are in $(BUILDDIR)/site."

 connect:
-	@echo pushing changes to staging site
-	@cd _build/html/ ; \
-	@dotcloud list ; \
-	dotcloud connect dockerwebsite
+	@echo connecting dotcloud to www.docker.io website, make sure to use user 1
+	@echo or create your own "dockerwebsite" app
+	@cd $(BUILDDIR)/website/ ; \
+	dotcloud connect dockerwebsite ; \
+	dotcloud list

 push:
-	@cd _build/html/ ; \
+	@cd $(BUILDDIR)/website/ ; \
 	dotcloud push

-github-deploy: docs
-	rm -fr github-deploy
-	git clone ssh://git@github.com/dotcloud/docker github-deploy
-	cd github-deploy && git checkout -f gh-pages && git rm -r * && rsync -avH ../_build/html/ ./ && touch .nojekyll && echo "docker.io" > CNAME && git add * && git commit -m "Updating docs"
-
 $(VERSIONS):
 	@echo "Hello world"

--- a/docs/README.md
+++ b/docs/README.md
@@ -14,19 +14,22 @@ Installation
 ------------

 * Work in your own fork of the code, we accept pull requests.
-* Install sphinx: ``pip install sphinx``
+* Install sphinx: `pip install sphinx`
+    * Mac OS X: `[sudo] pip-2.7 install sphinx`)
+* Install sphinx httpdomain contrib package: `pip install sphinxcontrib-httpdomain`
+    * Mac OS X: `[sudo] pip-2.7 install sphinxcontrib-httpdomain`
 * If pip is not available you can probably install it using your favorite package manager as **python-pip**

 Usage
 -----
-* change the .rst files with your favorite editor to your liking
-* run *make docs* to clean up old files and generate new ones
-* your static website can now be found in the _build dir
-* to preview what you have generated, cd into _build/html and then run 'python -m SimpleHTTPServer 8000'
+* Change the `.rst` files with your favorite editor to your liking.
+* Run `make docs` to clean up old files and generate new ones.
+* Your static website can now be found in the `_build` directory.
+* To preview what you have generated run `make server` and open <http://localhost:8000/> in your favorite browser.

-Working using github's file editor
+Working using GitHub's file editor
 ----------------------------------
-Alternatively, for small changes and typo's you might want to use github's built in file editor. It allows
+Alternatively, for small changes and typo's you might want to use GitHub's built in file editor. It allows
 you to preview your changes right online. Just be carefull not to create many commits.

 Images
@@ -39,4 +42,36 @@ Notes
 * The index.html and gettingstarted.html files are copied from the source dir to the output dir without modification.
 So changes to those pages should be made directly in html
 * For the template the css is compiled from less. When changes are needed they can be compiled using
-lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css``
+lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css``
+
+
+Guides on using sphinx
+----------------------
+* To make links to certain pages create a link target like so:
+
+  ```
+    .. _hello_world:
+
+    Hello world
+    ===========
+
+    This is.. (etc.)
+  ```
+
+  The ``_hello_world:`` will make it possible to link to this position (page and marker) from all other pages.
+
+* Notes, warnings and alarms
+
+  ```
+    # a note (use when something is important)
+    .. note::
+
+    # a warning (orange)
+    .. warning::
+
+    # danger (red, use sparsely)
+    .. danger::
+
+* Code examples
+
+  Start without $, so it's easy to copy and paste.
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -0,0 +1,2 @@
+Sphinx==1.1.3
+sphinxcontrib-httpdomain==1.1.8
--- a/docs/sources/.nojekyll
+++ b/docs/sources/.nojekyll
--- a/docs/sources/CNAME
+++ b/docs/sources/CNAME
@@ -1 +0,0 @@
-docker.io
--- a/docs/sources/api/MAINTAINERS
+++ b/docs/sources/api/MAINTAINERS
@@ -0,0 +1 @@
+Solomon Hykes <solomon@dotcloud.com>
--- a/docs/sources/api/README.md
+++ b/docs/sources/api/README.md
@@ -0,0 +1,5 @@
+This directory holds the authoritative specifications of APIs defined and implemented by Docker. Currently this includes:
+
+* The remote API by which a docker node can be queried over HTTP
+* The registry API by which a docker node can download and upload container images for storage and sharing
+* The index search API by which a docker node can search the public index for images to download
--- a/docs/sources/api/docker_remote_api.rst
+++ b/docs/sources/api/docker_remote_api.rst
@@ -0,0 +1,182 @@
+:title: Remote API
+:description: API Documentation for Docker
+:keywords: API, Docker, rcli, REST, documentation
+
+.. COMMENT use http://pythonhosted.org/sphinxcontrib-httpdomain/ to
+.. document the REST API.
+
+=================
+Docker Remote API
+=================
+
+.. contents:: Table of Contents
+
+1. Brief introduction
+=====================
+
+- The Remote API is replacing rcli
+- By default the Docker daemon listens on unix:///var/run/docker.sock and the client must have root access to interact with the daemon
+- The API tends to be REST, but for some complex commands, like attach
+  or pull, the HTTP connection is hijacked to transport stdout stdin
+  and stderr
+- Since API version 1.2, the auth configuration is now handled client
+  side, so the client has to send the authConfig as POST in
+  /images/(name)/push
+
+2. Versions
+===========
+
+The current verson of the API is 1.4
+
+Calling /images/<name>/insert is the same as calling
+/v1.4/images/<name>/insert 
+
+You can still call an old version of the api using
+/v1.0/images/<name>/insert
+
+:doc:`docker_remote_api_v1.4`
+*****************************
+
+What's new
+----------
+
+.. http:get:: /containers/(id)/top
+
+   **New!** You can now use ps args with docker top, like `docker top <container_id> aux`
+
+:doc:`docker_remote_api_v1.3`
+*****************************
+
+docker v0.5.0 51f6c4a_
+
+What's new
+----------
+
+.. http:get:: /containers/(id)/top
+
+   List the processes running inside a container.
+
+.. http:get:: /events:
+
+   **New!** Monitor docker's events via streaming or via polling
+
+Builder (/build):
+
+- Simplify the upload of the build context
+- Simply stream a tarball instead of multipart upload with 4
+  intermediary buffers
+- Simpler, less memory usage, less disk usage and faster
+
+.. Warning::
+
+  The /build improvements are not reverse-compatible. Pre 1.3 clients
+  will break on /build.
+
+List containers (/containers/json):
+
+- You can use size=1 to get the size of the containers
+
+Start containers (/containers/<id>/start):
+
+- You can now pass host-specific configuration (e.g. bind mounts) in
+  the POST body for start calls
+
+:doc:`docker_remote_api_v1.2`
+*****************************
+
+docker v0.4.2 2e7649b_
+
+What's new
+----------
+
+The auth configuration is now handled by the client.
+
+The client should send it's authConfig as POST on each call of
+/images/(name)/push
+
+.. http:get:: /auth 
+
+  **Deprecated.**
+
+.. http:post:: /auth 
+
+  Only checks the configuration but doesn't store it on the server
+
+  Deleting an image is now improved, will only untag the image if it
+  has chidren and remove all the untagged parents if has any.
+
+.. http:post:: /images/<name>/delete 
+
+  Now returns a JSON structure with the list of images
+  deleted/untagged.
+
+
+:doc:`docker_remote_api_v1.1`
+*****************************
+
+docker v0.4.0 a8ae398_
+
+What's new
+----------
+
+.. http:post:: /images/create
+.. http:post:: /images/(name)/insert
+.. http:post:: /images/(name)/push
+
+   Uses json stream instead of HTML hijack, it looks like this:
+
+        .. sourcecode:: http
+
+           HTTP/1.1 200 OK
+	   Content-Type: application/json
+
+	   {"status":"Pushing..."}
+	   {"status":"Pushing", "progress":"1/? (n/a)"}
+	   {"error":"Invalid..."}
+	   ...
+
+
+:doc:`docker_remote_api_v1.0`
+*****************************
+
+docker v0.3.4 8d73740_
+
+What's new
+----------
+
+Initial version
+
+
+.. _a8ae398: https://github.com/dotcloud/docker/commit/a8ae398bf52e97148ee7bd0d5868de2e15bd297f
+.. _8d73740: https://github.com/dotcloud/docker/commit/8d73740343778651c09160cde9661f5f387b36f4
+.. _2e7649b: https://github.com/dotcloud/docker/commit/2e7649beda7c820793bd46766cbc2cfeace7b168
+.. _51f6c4a: https://github.com/dotcloud/docker/commit/51f6c4a7372450d164c61e0054daf0223ddbd909
+
+==================================
+Docker Remote API Client Libraries
+==================================
+
+These libraries have been not tested by the Docker Maintainers for
+compatibility. Please file issues with the library owners.  If you
+find more library implementations, please list them in Docker doc bugs
+and we will add the libraries here.
+
+----------------------+----------------+--------------------------------------------+
+| Language/Framework   | Name           | Repository                                 |
+======================+================+============================================+
+| Python               | docker-py      | https://github.com/dotcloud/docker-py      |
+----------------------+----------------+--------------------------------------------+
+| Ruby                 | docker-ruby    | https://github.com/ActiveState/docker-ruby |
+----------------------+----------------+--------------------------------------------+
+| Ruby                 | docker-client  | https://github.com/geku/docker-client      |
+----------------------+----------------+--------------------------------------------+
+| Ruby                 | docker-api     | https://github.com/swipely/docker-api      |
+----------------------+----------------+--------------------------------------------+
+| Javascript           | docker-js      | https://github.com/dgoujard/docker-js      |
+----------------------+----------------+--------------------------------------------+
+| Javascript (Angular) | dockerui       | https://github.com/crosbymichael/dockerui  |
+| **WebUI**            |                |                                            |
+----------------------+----------------+--------------------------------------------+
+| Java                 | docker-java    | https://github.com/kpelykh/docker-java     |
+----------------------+----------------+--------------------------------------------+
+
--- a/docs/sources/api/docker_remote_api_v1.0.rst
+++ b/docs/sources/api/docker_remote_api_v1.0.rst
--- a/docs/sources/api/docker_remote_api_v1.1.rst
+++ b/docs/sources/api/docker_remote_api_v1.1.rst
--- a/docs/sources/api/docker_remote_api_v1.2.rst
+++ b/docs/sources/api/docker_remote_api_v1.2.rst
--- a/docs/sources/api/docker_remote_api_v1.3.rst
+++ b/docs/sources/api/docker_remote_api_v1.3.rst
--- a/docs/sources/api/docker_remote_api_v1.4.rst
+++ b/docs/sources/api/docker_remote_api_v1.4.rst
--- a/docs/sources/api/index.rst
+++ b/docs/sources/api/index.rst
@@ -0,0 +1,18 @@
+:title: API Documentation
+:description: docker documentation
+:keywords: docker, ipa, documentation
+
+APIs
+====
+
+Your programs and scripts can access Docker's functionality via these interfaces:
+
+.. toctree::
+  :maxdepth: 3
+
+  registry_index_spec
+  registry_api
+  index_api
+  docker_remote_api
+
+
--- a/docs/sources/api/index_api.rst
+++ b/docs/sources/api/index_api.rst
@@ -0,0 +1,553 @@
+:title: Index API
+:description: API Documentation for Docker Index
+:keywords: API, Docker, index, REST, documentation
+
+=================
+Docker Index API
+=================
+
+.. contents:: Table of Contents
+
+1. Brief introduction
+=====================
+
+- This is the REST API for the Docker index
+- Authorization is done with basic auth over SSL
+- Not all commands require authentication, only those noted as such.
+
+2. Endpoints
+============
+
+2.1 Repository
+^^^^^^^^^^^^^^
+
+Repositories
+*************
+
+User Repo
+~~~~~~~~~
+
+.. http:put:: /v1/repositories/(namespace)/(repo_name)/
+
+    Create a user repository with the given ``namespace`` and ``repo_name``.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foo/bar/ HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+        X-Docker-Token: true
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}]
+
+    :parameter namespace: the namespace for the repo
+    :parameter repo_name: the name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+        WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=write
+        X-Docker-Endpoints: registry-1.docker.io [, registry-2.docker.io]
+
+        ""
+
+    :statuscode 200: Created
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active
+
+
+.. http:delete:: /v1/repositories/(namespace)/(repo_name)/
+
+    Delete a user repository with the given ``namespace`` and ``repo_name``.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        DELETE /v1/repositories/foo/bar/ HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+        X-Docker-Token: true
+
+        ""
+
+    :parameter namespace: the namespace for the repo
+    :parameter repo_name: the name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 202
+        Vary: Accept
+        Content-Type: application/json
+        WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=delete
+        X-Docker-Endpoints: registry-1.docker.io [, registry-2.docker.io]
+
+        ""
+
+    :statuscode 200: Deleted
+    :statuscode 202: Accepted
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active
+
+Library Repo
+~~~~~~~~~~~~
+
+.. http:put:: /v1/repositories/(repo_name)/
+
+    Create a library repository with the given ``repo_name``.
+    This is a restricted feature only available to docker admins.
+    
+    When namespace is missing, it is assumed to be ``library``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foobar/ HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+        X-Docker-Token: true
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}]
+
+    :parameter repo_name:  the library name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+        WWW-Authenticate: Token signature=123abc,repository=”library/foobar”,access=write
+        X-Docker-Endpoints: registry-1.docker.io [, registry-2.docker.io]
+
+        ""
+
+    :statuscode 200: Created
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active
+
+.. http:delete:: /v1/repositories/(repo_name)/
+
+    Delete a library repository with the given ``repo_name``.
+    This is a restricted feature only available to docker admins.
+    
+    When namespace is missing, it is assumed to be ``library``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        DELETE /v1/repositories/foobar/ HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+        X-Docker-Token: true
+
+        ""
+
+    :parameter repo_name:  the library name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 202
+        Vary: Accept
+        Content-Type: application/json
+        WWW-Authenticate: Token signature=123abc,repository=”library/foobar”,access=delete
+        X-Docker-Endpoints: registry-1.docker.io [, registry-2.docker.io]
+
+        ""
+
+    :statuscode 200: Deleted
+    :statuscode 202: Accepted
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active
+
+Repository Images
+*****************
+
+User Repo Images
+~~~~~~~~~~~~~~~~
+
+.. http:put:: /v1/repositories/(namespace)/(repo_name)/images
+
+    Update the images for a user repo.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foo/bar/images HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”,
+        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+
+    :parameter namespace: the namespace for the repo
+    :parameter repo_name: the name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 204
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 204: Created
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active or permission denied
+
+
+.. http:get:: /v1/repositories/(namespace)/(repo_name)/images
+
+    get the images for a user repo.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/repositories/foo/bar/images HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+
+    :parameter namespace: the namespace for the repo
+    :parameter repo_name: the name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”,
+        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”},
+        {“id”: “ertwetewtwe38722009fe6857087b486531f9a779a0c1dfddgfgsdgdsgds”,
+        “checksum”: “34t23f23fc17e3ed29dae8f12c4f9e89cc6f0bsdfgfsdgdsgdsgerwgew”}]
+
+    :statuscode 200: OK
+    :statuscode 404: Not found
+
+Library Repo Images
+~~~~~~~~~~~~~~~~~~~
+
+.. http:put:: /v1/repositories/(repo_name)/images
+
+    Update the images for a library repo.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foobar/images HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”,
+        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+
+    :parameter repo_name: the library name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 204
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 204: Created
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active or permission denied
+
+
+.. http:get:: /v1/repositories/(repo_name)/images
+
+    get the images for a library repo.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/repositories/foobar/images HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+
+    :parameter repo_name: the library name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”,
+        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”},
+        {“id”: “ertwetewtwe38722009fe6857087b486531f9a779a0c1dfddgfgsdgdsgds”,
+        “checksum”: “34t23f23fc17e3ed29dae8f12c4f9e89cc6f0bsdfgfsdgdsgdsgerwgew”}]
+
+    :statuscode 200: OK
+    :statuscode 404: Not found
+
+
+Repository Authorization
+************************
+
+Library Repo
+~~~~~~~~~~~~
+
+.. http:put:: /v1/repositories/(repo_name)/auth
+
+    authorize a token for a library repo
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foobar/auth HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Authorization: Token signature=123abc,repository="library/foobar",access=write
+
+    :parameter repo_name: the library name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        "OK"
+
+    :statuscode 200: OK
+    :statuscode 403: Permission denied
+    :statuscode 404: Not found
+
+
+User Repo
+~~~~~~~~~
+
+.. http:put:: /v1/repositories/(namespace)/(repo_name)/auth
+
+    authorize a token for a user repo
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foo/bar/auth HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Authorization: Token signature=123abc,repository="foo/bar",access=write
+
+    :parameter namespace: the namespace for the repo
+    :parameter repo_name: the name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        "OK"
+
+    :statuscode 200: OK
+    :statuscode 403: Permission denied
+    :statuscode 404: Not found
+
+
+2.2 Users
+^^^^^^^^^
+
+User Login
+**********
+
+.. http:get:: /v1/users
+
+    If you want to check your login, you can try this endpoint
+    
+    **Example Request**:
+    
+    .. sourcecode:: http
+    
+        GET /v1/users HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Authorization: Basic akmklmasadalkm==
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200 OK
+        Vary: Accept
+        Content-Type: application/json
+
+        OK
+
+    :statuscode 200: no error
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active
+
+
+User Register
+*************
+
+.. http:post:: /v1/users
+
+    Registering a new account.
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+        POST /v1/users HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+
+        {"email": "sam@dotcloud.com",
+         "password": "toto42",
+         "username": "foobar"'}
+
+    :jsonparameter email: valid email address, that needs to be confirmed
+    :jsonparameter username: min 4 character, max 30 characters, must match the regular expression [a-z0-9\_].
+    :jsonparameter password: min 5 characters
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 201 OK
+        Vary: Accept
+        Content-Type: application/json
+
+        "User Created"
+
+    :statuscode 201: User Created
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+
+Update User
+***********
+
+.. http:put:: /v1/users/(username)/
+
+    Change a password or email address for given user. If you pass in an email,
+    it will add it to your account, it will not remove the old one. Passwords will
+    be updated.
+
+    It is up to the client to verify that that password that is sent is the one that
+    they want. Common approach is to have them type it twice.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/users/fakeuser/ HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+
+        {"email": "sam@dotcloud.com",
+         "password": "toto42"}
+
+    :parameter username: username for the person you want to update
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 204
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 204: User Updated
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active
+    :statuscode 404: User not found
+
+
+2.3 Search
+^^^^^^^^^^
+If you need to search the index, this is the endpoint you would use.
+
+Search
+******
+
+.. http:get:: /v1/search
+
+   Search the Index given a search term. It accepts :http:method:`get` only.
+
+   **Example request**:
+
+   .. sourcecode:: http
+
+      GET /v1/search?q=search_term HTTP/1.1
+      Host: example.com
+      Accept: application/json
+
+
+   **Example response**:
+
+   .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Vary: Accept
+      Content-Type: application/json
+
+      {"query":"search_term",
+        "num_results": 2,
+        "results" : [
+           {"name": "dotcloud/base", "description": "A base ubuntu64  image..."},
+           {"name": "base2", "description": "A base ubuntu64  image..."},
+         ]
+       }
+
+   :query q: what you want to search for
+   :statuscode 200: no error
+   :statuscode 500: server error
--- a/docs/sources/api/registry_api.rst
+++ b/docs/sources/api/registry_api.rst
@@ -0,0 +1,463 @@
+:title: Registry API
+:description: API Documentation for Docker Registry
+:keywords: API, Docker, index, registry, REST, documentation
+
+===================
+Docker Registry API
+===================
+
+.. contents:: Table of Contents
+
+1. Brief introduction
+=====================
+
+- This is the REST API for the Docker Registry
+- It stores the images and the graph for a set of repositories
+- It does not have user accounts data
+- It has no notion of user accounts or authorization
+- It delegates authentication and authorization to the Index Auth service using tokens
+- It supports different storage backends (S3, cloud files, local FS)
+- It doesn’t have a local database
+- It will be open-sourced at some point
+
+We expect that there will be multiple registries out there. To help to grasp the context, here are some examples of registries:
+
+- **sponsor registry**: such a registry is provided by a third-party hosting infrastructure as a convenience for their customers and the docker community as a whole. Its costs are supported by the third party, but the management and operation of the registry are supported by dotCloud. It features read/write access, and delegates authentication and authorization to the Index.
+- **mirror registry**: such a registry is provided by a third-party hosting infrastructure but is targeted at their customers only. Some mechanism (unspecified to date) ensures that public images are pulled from a sponsor registry to the mirror registry, to make sure that the customers of the third-party provider can “docker pull” those images locally.
+- **vendor registry**: such a registry is provided by a software vendor, who wants to distribute docker images. It would be operated and managed by the vendor. Only users authorized by the vendor would be able to get write access. Some images would be public (accessible for anyone), others private (accessible only for authorized users). Authentication and authorization would be delegated to the Index. The goal of vendor registries is to let someone do “docker pull basho/riak1.3” and automatically push from the vendor registry (instead of a sponsor registry); i.e. get all the convenience of a sponsor registry, while retaining control on the asset distribution.
+- **private registry**: such a registry is located behind a firewall, or protected by an additional security layer (HTTP authorization, SSL client-side certificates, IP address authorization...). The registry is operated by a private entity, outside of dotCloud’s control. It can optionally delegate additional authorization to the Index, but it is not mandatory.
+
+.. note::
+
+    Mirror registries and private registries which do not use the Index don’t even need to run the registry code. They can be implemented by any kind of transport implementing HTTP GET and PUT. Read-only registries can be powered by a simple static HTTP server.
+
+.. note::
+
+    The latter implies that while HTTP is the protocol of choice for a registry, multiple schemes are possible (and in some cases, trivial):
+        - HTTP with GET (and PUT for read-write registries);
+        - local mount point;
+        - remote docker addressed through SSH.
+
+The latter would only require two new commands in docker, e.g. “registryget” and “registryput”, wrapping access to the local filesystem (and optionally doing consistency checks). Authentication and authorization are then delegated to SSH (e.g. with public keys).
+
+2. Endpoints
+============
+
+2.1 Images
+----------
+
+Layer
+*****
+
+.. http:get:: /v1/images/(image_id)/layer 
+
+    get image layer for a given ``image_id``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/layer HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Token akmklmasadalkmsdfgsdgdge33
+
+    :parameter image_id: the id for the layer you want to get
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+        {
+            id: "088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c",
+            parent: "aeee6396d62273d180a49c96c62e45438d87c7da4a5cf5d2be6bee4e21bc226f",
+            created: "2013-04-30T17:46:10.843673+03:00",
+            container: "8305672a76cc5e3d168f97221106ced35a76ec7ddbb03209b0f0d96bf74f6ef7",
+            container_config: {
+                Hostname: "host-test",
+                User: "",
+                Memory: 0,
+                MemorySwap: 0,
+                AttachStdin: false,
+                AttachStdout: false,
+                AttachStderr: false,
+                PortSpecs: null,
+                Tty: false,
+                OpenStdin: false,
+                StdinOnce: false,
+                Env: null,
+                Cmd: [
+                "/bin/bash",
+                "-c",
+                "apt-get -q -yy -f install libevent-dev"
+                ],
+                Dns: null,
+                Image: "imagename/blah",
+                Volumes: { },
+                VolumesFrom: ""
+            },
+            docker_version: "0.1.7"
+        }
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Image not found
+
+
+.. http:put:: /v1/images/(image_id)/layer 
+
+    put image layer for a given ``image_id``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/layer HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Token akmklmasadalkmsdfgsdgdge33
+
+        {
+            id: "088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c",
+            parent: "aeee6396d62273d180a49c96c62e45438d87c7da4a5cf5d2be6bee4e21bc226f",
+            created: "2013-04-30T17:46:10.843673+03:00",
+            container: "8305672a76cc5e3d168f97221106ced35a76ec7ddbb03209b0f0d96bf74f6ef7",
+            container_config: {
+                Hostname: "host-test",
+                User: "",
+                Memory: 0,
+                MemorySwap: 0,
+                AttachStdin: false,
+                AttachStdout: false,
+                AttachStderr: false,
+                PortSpecs: null,
+                Tty: false,
+                OpenStdin: false,
+                StdinOnce: false,
+                Env: null,
+                Cmd: [
+                "/bin/bash",
+                "-c",
+                "apt-get -q -yy -f install libevent-dev"
+                ],
+                Dns: null,
+                Image: "imagename/blah",
+                Volumes: { },
+                VolumesFrom: ""
+            },
+            docker_version: "0.1.7"
+        }
+
+    :parameter image_id: the id for the layer you want to get
+
+
+    **Example Response**:
+
+    .. sourcecode:: http
+    
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Image not found
+
+
+Image
+*****
+
+.. http:put:: /v1/images/(image_id)/json
+
+    put image for a given ``image_id``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/json HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+        {
+         “id”: “088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c”,
+         “checksum”:  “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”
+         }
+
+    :parameter image_id: the id for the layer you want to get
+
+
+    **Example Response**:
+
+    .. sourcecode:: http
+    
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+
+.. http:get:: /v1/images/(image_id)/json
+
+    get image for a given ``image_id``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/json HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+    :parameter image_id: the id for the layer you want to get
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        {
+         “id”: “088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c”,
+         “checksum”:  “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”
+         }
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Image not found
+
+
+Ancestry
+********
+
+.. http:get:: /v1/images/(image_id)/ancestry
+
+    get ancestry for an image given an ``image_id``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/ancestry HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+    :parameter image_id: the id for the layer you want to get
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        ["088b4502f51920fbd9b7c503e87c7a2c05aa3adc3d35e79c031fa126b403200f",
+         "aeee63968d87c7da4a5cf5d2be6bee4e21bc226fd62273d180a49c96c62e4543",
+         "bfa4c5326bc764280b0863b46a4b20d940bc1897ef9c1dfec060604bdc383280",
+         "6ab5893c6927c15a15665191f2c6cf751f5056d8b95ceee32e43c5e8a3648544"]
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Image not found
+
+
+2.2 Tags
+--------
+
+.. http:get:: /v1/repositories/(namespace)/(repository)/tags
+
+    get all of the tags for the given repo.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/repositories/foo/bar/tags HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+    :parameter namespace: namespace for the repo
+    :parameter repository: name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        {
+            "latest": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f",
+            “0.1.1”:  “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”
+        }
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Repository not found
+
+
+.. http:get:: /v1/repositories/(namespace)/(repository)/tags/(tag)
+
+    get a tag for the given repo.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/repositories/foo/bar/tags/latest HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+    :parameter namespace: namespace for the repo
+    :parameter repository: name for the repo
+    :parameter tag: name of tag you want to get
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f"
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Tag not found
+
+.. http:delete:: /v1/repositories/(namespace)/(repository)/tags/(tag)
+
+    delete the tag for the repo
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        DELETE /v1/repositories/foo/bar/tags/latest HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+    :parameter namespace: namespace for the repo
+    :parameter repository: name for the repo
+    :parameter tag: name of tag you want to delete
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Tag not found
+
+
+.. http:put:: /v1/repositories/(namespace)/(repository)/tags/(tag)
+
+    put a tag for the given repo.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foo/bar/tags/latest HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+        “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”
+
+    :parameter namespace: namespace for the repo
+    :parameter repository: name for the repo
+    :parameter tag: name of tag you want to add
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 200: OK
+    :statuscode 400: Invalid data
+    :statuscode 401: Requires authorization
+    :statuscode 404: Image not found
+
+2.3 Repositories
+----------------
+
+.. http:delete:: /v1/repositories/(namespace)/(repository)/
+
+    delete a repository
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        DELETE /v1/repositories/foo/bar/ HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+        ""
+
+    :parameter namespace: namespace for the repo
+    :parameter repository: name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Repository not found
+
+3.0 Authorization
+=================
+This is where we describe the authorization process, including the tokens and cookies. 
+
+TODO: add more info.
--- a/docs/sources/api/registry_index_spec.rst
+++ b/docs/sources/api/registry_index_spec.rst
@@ -0,0 +1,570 @@
+:title: Registry Documentation
+:description: Documentation for docker Registry and Registry API
+:keywords: docker, registry, api, index
+
+
+=====================
+Registry & index Spec
+=====================
+
+.. contents:: Table of Contents
+
+1. The 3 roles
+===============
+
+1.1 Index
+---------
+
+The Index is responsible for centralizing information about:
+- User accounts
+- Checksums of the images
+- Public namespaces
+
+The Index has different components:
+- Web UI
+- Meta-data store (comments, stars, list public repositories)
+- Authentication service
+- Tokenization
+
+The index is authoritative for those information.
+
+We expect that there will be only one instance of the index, run and managed by dotCloud.
+
+1.2 Registry
+------------
+- It stores the images and the graph for a set of repositories
+- It does not have user accounts data
+- It has no notion of user accounts or authorization
+- It delegates authentication and authorization to the Index Auth service using tokens
+- It supports different storage backends (S3, cloud files, local FS)
+- It doesn’t have a local database
+- It will be open-sourced at some point
+
+We expect that there will be multiple registries out there. To help to grasp the context, here are some examples of registries:
+
+- **sponsor registry**: such a registry is provided by a third-party hosting infrastructure as a convenience for their customers and the docker community as a whole. Its costs are supported by the third party, but the management and operation of the registry are supported by dotCloud. It features read/write access, and delegates authentication and authorization to the Index.
+- **mirror registry**: such a registry is provided by a third-party hosting infrastructure but is targeted at their customers only. Some mechanism (unspecified to date) ensures that public images are pulled from a sponsor registry to the mirror registry, to make sure that the customers of the third-party provider can “docker pull” those images locally.
+- **vendor registry**: such a registry is provided by a software vendor, who wants to distribute docker images. It would be operated and managed by the vendor. Only users authorized by the vendor would be able to get write access. Some images would be public (accessible for anyone), others private (accessible only for authorized users). Authentication and authorization would be delegated to the Index. The goal of vendor registries is to let someone do “docker pull basho/riak1.3” and automatically push from the vendor registry (instead of a sponsor registry); i.e. get all the convenience of a sponsor registry, while retaining control on the asset distribution.
+- **private registry**: such a registry is located behind a firewall, or protected by an additional security layer (HTTP authorization, SSL client-side certificates, IP address authorization...). The registry is operated by a private entity, outside of dotCloud’s control. It can optionally delegate additional authorization to the Index, but it is not mandatory.
+
+.. note::
+
+    Mirror registries and private registries which do not use the Index don’t even need to run the registry code. They can be implemented by any kind of transport implementing HTTP GET and PUT. Read-only registries can be powered by a simple static HTTP server.
+
+.. note::
+
+    The latter implies that while HTTP is the protocol of choice for a registry, multiple schemes are possible (and in some cases, trivial):
+        - HTTP with GET (and PUT for read-write registries);
+        - local mount point;
+        - remote docker addressed through SSH.
+
+The latter would only require two new commands in docker, e.g. “registryget” and “registryput”, wrapping access to the local filesystem (and optionally doing consistency checks). Authentication and authorization are then delegated to SSH (e.g. with public keys).
+
+1.3 Docker
+----------
+
+On top of being a runtime for LXC, Docker is the Registry client. It supports:
+- Push / Pull on the registry
+- Client authentication on the Index
+
+2. Workflow
+===========
+
+2.1 Pull
+--------
+
+.. image:: /static_files/docker_pull_chart.png
+
+1. Contact the Index to know where I should download “samalba/busybox”
+2. Index replies:
+   a. “samalba/busybox” is on Registry A
+   b. here are the checksums for “samalba/busybox” (for all layers)
+   c. token
+3. Contact Registry A to receive the layers for “samalba/busybox” (all of them to the base image). Registry A is authoritative for “samalba/busybox” but keeps a copy of all inherited layers and serve them all from the same location.
+4. registry contacts index to verify if token/user is allowed to download images
+5. Index returns true/false lettings registry know if it should proceed or error out
+6. Get the payload for all layers
+
+It’s possible to run docker pull \https://<registry>/repositories/samalba/busybox. In this case, docker bypasses the Index. However the security is not guaranteed (in case Registry A is corrupted) because there won’t be any checksum checks.
+
+Currently registry redirects to s3 urls for downloads, going forward all downloads need to be streamed through the registry. The Registry will then abstract the calls to S3 by a top-level class which implements sub-classes for S3 and local storage.
+
+Token is only returned when the 'X-Docker-Token' header is sent with request.
+
+Basic Auth is required to pull private repos. Basic auth isn't required for pulling public repos, but if one is provided, it needs to be valid and for an active account.
+
+API (pulling repository foo/bar):
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. (Docker -> Index) GET /v1/repositories/foo/bar/images
+    **Headers**:
+        Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+        X-Docker-Token: true
+    **Action**:
+        (looking up the foo/bar in db and gets images and checksums for that repo (all if no tag is specified, if tag, only checksums for those tags) see part 4.4.1)
+
+2. (Index -> Docker) HTTP 200 OK
+
+    **Headers**:
+        - Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+        - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io]
+    **Body**:
+        Jsonified checksums (see part 4.4.1)
+
+3. (Docker -> Registry) GET /v1/repositories/foo/bar/tags/latest
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+
+4. (Registry -> Index) GET /v1/repositories/foo/bar/images
+
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=read
+
+    **Body**:
+        <ids and checksums in payload>
+
+    **Action**:
+        ( Lookup token see if they have access to pull.)
+
+        If good:
+            HTTP 200 OK
+            Index will invalidate the token
+        If bad:
+            HTTP 401 Unauthorized
+
+5. (Docker -> Registry) GET /v1/images/928374982374/ancestry
+    **Action**:
+        (for each image id returned in the registry, fetch /json + /layer)
+
+.. note::
+
+    If someone makes a second request, then we will always give a new token, never reuse tokens.
+
+2.2 Push
+--------
+
+.. image:: /static_files/docker_push_chart.png
+
+1. Contact the index to allocate the repository name “samalba/busybox” (authentication required with user credentials)
+2. If authentication works and namespace available, “samalba/busybox” is allocated and a temporary token is returned (namespace is marked as initialized in index)
+3. Push the image on the registry (along with the token)
+4. Registry A contacts the Index to verify the token (token must corresponds to the repository name)
+5. Index validates the token. Registry A starts reading the stream pushed by docker and store the repository (with its images)
+6. docker contacts the index to give checksums for upload images
+
+.. note::
+
+    **It’s possible not to use the Index at all!** In this case, a deployed version of the Registry is deployed to store and serve images. Those images are not authentified and the security is not guaranteed.
+
+.. note::
+
+    **Index can be replaced!** For a private Registry deployed, a custom Index can be used to serve and validate token according to different policies.
+
+Docker computes the checksums and submit them to the Index at the end of the push. When a repository name does not have checksums on the Index, it means that the push is in progress (since checksums are submitted at the end).
+
+API (pushing repos foo/bar):
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. (Docker -> Index) PUT /v1/repositories/foo/bar/
+    **Headers**:
+        Authorization: Basic sdkjfskdjfhsdkjfh==
+        X-Docker-Token: true
+
+    **Action**::
+        - in index, we allocated a new repository, and set to initialized
+
+    **Body**::
+        (The body contains the list of images that are going to be pushed, with empty checksums. The checksums will be set at the end of the push)::
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}]
+
+2. (Index -> Docker) 200 Created
+    **Headers**:
+        - WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=write
+        - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io]
+
+3. (Docker -> Registry) PUT /v1/images/98765432_parent/json
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+
+4. (Registry->Index) GET /v1/repositories/foo/bar/images
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+    **Action**::
+        - Index:
+            will invalidate the token.
+        - Registry:
+            grants a session (if token is approved) and fetches the images id
+
+5. (Docker -> Registry) PUT /v1/images/98765432_parent/json
+    **Headers**::
+        - Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+        - Cookie: (Cookie provided by the Registry)
+
+6. (Docker -> Registry) PUT /v1/images/98765432/json
+    **Headers**:
+        Cookie: (Cookie provided by the Registry)
+
+7. (Docker -> Registry) PUT /v1/images/98765432_parent/layer
+    **Headers**:
+        Cookie: (Cookie provided by the Registry)
+
+8. (Docker -> Registry) PUT /v1/images/98765432/layer
+    **Headers**:
+        X-Docker-Checksum: sha256:436745873465fdjkhdfjkgh
+
+9. (Docker -> Registry) PUT /v1/repositories/foo/bar/tags/latest
+    **Headers**:
+        Cookie: (Cookie provided by the Registry)
+    **Body**:
+        “98765432”
+
+10. (Docker -> Index) PUT /v1/repositories/foo/bar/images
+
+    **Headers**:
+        Authorization: Basic 123oislifjsldfj==
+        X-Docker-Endpoints: registry1.docker.io (no validation on this right now)
+
+    **Body**:
+        (The image, id’s, tags and checksums)
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”,
+        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+
+    **Return** HTTP 204
+
+.. note::
+
+     If push fails and they need to start again, what happens in the index, there will already be a record for the namespace/name, but it will be initialized. Should we allow it, or mark as name already used? One edge case could be if someone pushes the same thing at the same time with two different shells.
+
+     If it's a retry on the Registry, Docker has a cookie (provided by the registry after token validation). So the Index won’t have to provide a new token.
+
+2.3 Delete
+----------
+
+If you need to delete something from the index or registry, we need a nice clean way to do that. Here is the workflow.
+
+1. Docker contacts the index to request a delete of a repository “samalba/busybox” (authentication required with user credentials)
+2. If authentication works and repository is valid, “samalba/busybox” is marked as deleted and a temporary token is returned
+3. Send a delete request to the registry for the repository (along with the token)
+4. Registry A contacts the Index to verify the token (token must corresponds to the repository name)
+5. Index validates the token. Registry A deletes the repository and everything associated to it.
+6. docker contacts the index to let it know it was removed from the registry, the index removes all records from the database.
+
+.. note::
+
+    The Docker client should present an "Are you sure?" prompt to confirm the deletion before starting the process. Once it starts it can't be undone.
+
+API (deleting repository foo/bar):
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. (Docker -> Index) DELETE /v1/repositories/foo/bar/
+    **Headers**:
+        Authorization: Basic sdkjfskdjfhsdkjfh==
+        X-Docker-Token: true
+
+    **Action**::
+        - in index, we make sure it is a valid repository, and set to deleted (logically)
+
+    **Body**::
+        Empty
+
+2. (Index -> Docker) 202 Accepted
+    **Headers**:
+        - WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=delete
+        - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io]   # list of endpoints where this repo lives.
+
+3. (Docker -> Registry) DELETE /v1/repositories/foo/bar/
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=delete
+
+4. (Registry->Index) PUT /v1/repositories/foo/bar/auth
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=delete
+    **Action**::
+        - Index:
+            will invalidate the token.
+        - Registry:
+            deletes the repository (if token is approved)
+
+5. (Registry -> Docker) 200 OK
+        200 If success 
+        403 if forbidden
+        400 if bad request
+        404 if repository isn't found
+
+6. (Docker -> Index) DELETE /v1/repositories/foo/bar/
+
+    **Headers**:
+        Authorization: Basic 123oislifjsldfj==
+        X-Docker-Endpoints: registry-1.docker.io (no validation on this right now)
+
+    **Body**:
+        Empty
+
+    **Return** HTTP 200
+
+
+3. How to use the Registry in standalone mode
+=============================================
+
+The Index has two main purposes (along with its fancy social features):
+
+- Resolve short names (to avoid passing absolute URLs all the time)
+   - username/projectname -> \https://registry.docker.io/users/<username>/repositories/<projectname>/
+   - team/projectname -> \https://registry.docker.io/team/<team>/repositories/<projectname>/
+- Authenticate a user as a repos owner (for a central referenced repository)
+
+3.1 Without an Index
+--------------------
+Using the Registry without the Index can be useful to store the images on a private network without having to rely on an external entity controlled by dotCloud.
+
+In this case, the registry will be launched in a special mode (--standalone? --no-index?). In this mode, the only thing which changes is that Registry will never contact the Index to verify a token. It will be the Registry owner responsibility to authenticate the user who pushes (or even pulls) an image using any mechanism (HTTP auth, IP based, etc...).
+
+In this scenario, the Registry is responsible for the security in case of data corruption since the checksums are not delivered by a trusted entity.
+
+As hinted previously, a standalone registry can also be implemented by any HTTP server handling GET/PUT requests (or even only GET requests if no write access is necessary).
+
+3.2 With an Index
+-----------------
+
+The Index data needed by the Registry are simple:
+- Serve the checksums
+- Provide and authorize a Token
+
+In the scenario of a Registry running on a private network with the need of centralizing and authorizing, it’s easy to use a custom Index.
+
+The only challenge will be to tell Docker to contact (and trust) this custom Index. Docker will be configurable at some point to use a specific Index, it’ll be the private entity responsibility (basically the organization who uses Docker in a private environment) to maintain the Index and the Docker’s configuration among its consumers.
+
+4. The API
+==========
+
+The first version of the api is available here: https://github.com/jpetazzo/docker/blob/acd51ecea8f5d3c02b00a08176171c59442df8b3/docs/images-repositories-push-pull.md
+
+4.1 Images
+----------
+
+The format returned in the images is not defined here (for layer and json), basically because Registry stores exactly the same kind of information as Docker uses to manage them.
+
+The format of ancestry is a line-separated list of image ids, in age order. I.e. the image’s parent is on the last line, the parent of the parent on the next-to-last line, etc.; if the image has no parent, the file is empty.
+
+GET /v1/images/<image_id>/layer
+PUT /v1/images/<image_id>/layer
+GET /v1/images/<image_id>/json
+PUT /v1/images/<image_id>/json
+GET /v1/images/<image_id>/ancestry
+PUT /v1/images/<image_id>/ancestry
+
+4.2 Users
+---------
+
+4.2.1 Create a user (Index)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+POST /v1/users
+
+**Body**:
+    {"email": "sam@dotcloud.com", "password": "toto42", "username": "foobar"'}
+
+**Validation**:
+    - **username**: min 4 character, max 30 characters, must match the regular
+      expression [a-z0-9\_].
+    - **password**: min 5 characters
+
+**Valid**: return HTTP 200
+
+Errors: HTTP 400 (we should create error codes for possible errors)
+- invalid json
+- missing field
+- wrong format (username, password, email, etc)
+- forbidden name
+- name already exists
+
+.. note::
+
+    A user account will be valid only if the email has been validated (a validation link is sent to the email address).
+
+4.2.2 Update a user (Index)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+PUT /v1/users/<username>
+
+**Body**:
+    {"password": "toto"}
+
+.. note::
+
+    We can also update email address, if they do, they will need to reverify their new email address.
+
+4.2.3 Login (Index)
+^^^^^^^^^^^^^^^^^^^
+Does nothing else but asking for a user authentication. Can be used to validate credentials. HTTP Basic Auth for now, maybe change in future.
+
+GET /v1/users
+
+**Return**:
+    - Valid: HTTP 200
+    - Invalid login: HTTP 401
+    - Account inactive: HTTP 403 Account is not Active
+
+4.3 Tags (Registry)
+-------------------
+
+The Registry does not know anything about users. Even though repositories are under usernames, it’s just a namespace for the registry. Allowing us to implement organizations or different namespaces per user later, without modifying the Registry’s API.
+
+The following naming restrictions apply:
+
+- Namespaces must match the same regular expression as usernames (See 4.2.1.)
+- Repository names must match the regular expression [a-zA-Z0-9-_.]
+
+4.3.1 Get all tags
+^^^^^^^^^^^^^^^^^^
+
+GET /v1/repositories/<namespace>/<repository_name>/tags
+
+**Return**: HTTP 200
+    {
+    "latest": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f",
+    “0.1.1”:  “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”
+    }
+
+4.3.2 Read the content of a tag (resolve the image id)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+GET /v1/repositories/<namespace>/<repo_name>/tags/<tag>
+
+**Return**:
+    "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f"
+
+4.3.3 Delete a tag (registry)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+DELETE /v1/repositories/<namespace>/<repo_name>/tags/<tag>
+
+4.4 Images (Index)
+------------------
+
+For the Index to “resolve” the repository name to a Registry location, it uses the X-Docker-Endpoints header. In other terms, this requests always add a “X-Docker-Endpoints” to indicate the location of the registry which hosts this repository.
+
+4.4.1 Get the images
+^^^^^^^^^^^^^^^^^^^^^
+
+GET /v1/repositories/<namespace>/<repo_name>/images
+
+**Return**: HTTP 200
+    [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+
+
+4.4.2 Add/update the images
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You always add images, you never remove them.
+
+PUT /v1/repositories/<namespace>/<repo_name>/images
+
+**Body**:
+    [ {“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”} ]
+
+**Return** 204
+
+4.5 Repositories
+----------------
+
+4.5.1 Remove a Repository (Registry)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+DELETE /v1/repositories/<namespace>/<repo_name>
+
+Return 200 OK
+
+4.5.2 Remove a Repository (Index)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+This starts the delete process. see 2.3 for more details.
+
+DELETE /v1/repositories/<namespace>/<repo_name>
+
+Return 202 OK
+
+5. Chaining Registries
+======================
+
+It’s possible to chain Registries server for several reasons:
+- Load balancing
+- Delegate the next request to another server
+
+When a Registry is a reference for a repository, it should host the entire images chain in order to avoid breaking the chain during the download.
+
+The Index and Registry use this mechanism to redirect on one or the other.
+
+Example with an image download:
+On every request, a special header can be returned:
+
+X-Docker-Endpoints: server1,server2
+
+On the next request, the client will always pick a server from this list.
+
+6. Authentication & Authorization
+=================================
+
+6.1 On the Index
+-----------------
+
+The Index supports both “Basic” and “Token” challenges. Usually when there is a “401 Unauthorized”, the Index replies this::
+
+    401 Unauthorized
+    WWW-Authenticate: Basic realm="auth required",Token
+
+You have 3 options:
+
+1. Provide user credentials and ask for a token
+
+    **Header**:
+        - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+        - X-Docker-Token: true
+
+    In this case, along with the 200 response, you’ll get a new token (if user auth is ok):
+    If authorization isn't correct you get a 401 response.
+    If account isn't active you will get a 403 response.
+
+    **Response**:
+        - 200 OK
+        - X-Docker-Token: Token signature=123abc,repository=”foo/bar”,access=read
+
+2. Provide user credentials only
+
+    **Header**:
+        Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+
+3. Provide Token
+
+    **Header**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=read
+
+6.2 On the Registry
+-------------------
+
+The Registry only supports the Token challenge::
+
+    401 Unauthorized
+    WWW-Authenticate: Token
+
+The only way is to provide a token on “401 Unauthorized” responses::
+
+    Authorization: Token signature=123abc,repository=”foo/bar”,access=read
+
+Usually, the Registry provides a Cookie when a Token verification succeeded. Every time the Registry passes a Cookie, you have to pass it back the same cookie.::
+
+    200 OK
+    Set-Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=&timestamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="; Path=/; HttpOnly
+
+Next request::
+
+    GET /(...)
+    Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=&timestamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="
+
+
+7.0 Document Version
+---------------------
+
+- 1.0 : May 6th 2013 : initial release 
+- 1.1 : June 1st 2013 : Added Delete Repository and way to handle new source namespace.
--- a/docs/sources/commandline/cli.rst
+++ b/docs/sources/commandline/cli.rst
@@ -4,7 +4,7 @@

 .. _cli:

-Command Line Interface
+Overview
 ======================

 Docker Usage
@@ -14,7 +14,8 @@ To list available commands, either run ``docker`` with no parameters or execute
 ``docker help``::

  $ docker
-    Usage: docker COMMAND [arg...]
+    Usage: docker [OPTIONS] COMMAND [arg...]
+      -H=[tcp://127.0.0.1:4243]: tcp://host:port to bind/connect to or unix://path/to/socket to use

    A self-sufficient runtime for linux containers.

@@ -24,9 +25,10 @@ Available Commands
 ~~~~~~~~~~~~~~~~~~

 .. toctree::
-   :maxdepth: 1
+   :maxdepth: 2

   command/attach
+   command/build
   command/commit
   command/diff
   command/export
@@ -46,8 +48,10 @@ Available Commands
   command/rm
   command/rmi
   command/run
+   command/search
   command/start
   command/stop
   command/tag
+   command/top
   command/version
   command/wait
--- a/docs/sources/commandline/command/attach.rst
+++ b/docs/sources/commandline/command/attach.rst
@@ -1,3 +1,7 @@
+:title: Attach Command
+:description: Attach to a running container
+:keywords: attach, container, docker, documentation
+
 ===========================================
 ``attach`` -- Attach to a running container
 ===========================================
--- a/docs/sources/commandline/command/build.rst
+++ b/docs/sources/commandline/command/build.rst
@@ -0,0 +1,44 @@
+:title: Build Command
+:description: Build a new image from the Dockerfile passed via stdin
+:keywords: build, docker, container, documentation
+
+================================================
+``build`` -- Build a container from a Dockerfile
+================================================
+
+::
+
+    Usage: docker build [OPTIONS] PATH | URL | -
+    Build a new container image from the source code at PATH
+      -t="": Tag to be applied to the resulting image in case of success.
+      -q=false: Suppress verbose build output.
+    When a single Dockerfile is given as URL, then no context is set. When a git repository is set as URL, the repository is used as context
+
+
+Examples
+--------
+
+.. code-block:: bash
+
+    docker build .
+
+| This will read the Dockerfile from the current directory. It will also send any other files and directories found in the current directory to the docker daemon.
+| The contents of this directory would be used by ADD commands found within the Dockerfile.
+| This will send a lot of data to the docker daemon if the current directory contains a lot of data.
+| If the absolute path is provided instead of '.', only the files and directories required by the ADD commands from the Dockerfile will be added to the context and transferred to the docker daemon.
+|
+
+.. code-block:: bash
+
+    docker build - < Dockerfile
+
+| This will read a Dockerfile from Stdin without context. Due to the lack of a context, no contents of any local directory will be sent to the docker daemon.
+| ADD doesn't work when running in this mode due to the absence of the context, thus having no source files to copy to the container.
+
+
+.. code-block:: bash
+
+    docker build github.com/creack/docker-firefox
+
+| This will clone the github repository and use it as context. The Dockerfile at the root of the repository is used as Dockerfile.
+| Note that you can specify an arbitrary git repository by using the 'git://' schema.
--- a/docs/sources/commandline/command/commit.rst
+++ b/docs/sources/commandline/command/commit.rst
@@ -1,3 +1,7 @@
+:title: Commit Command
+:description: Create a new image from a container's changes
+:keywords: commit, docker, container, documentation
+
 ===========================================================
 ``commit`` -- Create a new image from a container's changes
 ===========================================================
@@ -9,3 +13,20 @@
    Create a new image from a container's changes

      -m="": Commit message
+      -author="": Author (eg. "John Hannibal Smith <hannibal@a-team.com>"
+      -run="": Config automatically applied when the image is run. "+`(ex: {"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')
+
+Full -run example::
+
+    {"Hostname": "",
+     "User": "",
+     "CpuShares": 0,
+     "Memory": 0,
+     "MemorySwap": 0,
+     "PortSpecs": ["22", "80", "443"],
+     "Tty": true,
+     "OpenStdin": true,
+     "StdinOnce": true,
+     "Env": ["FOO=BAR", "FOO2=BAR2"],
+     "Cmd": ["cat", "-e", "/etc/resolv.conf"],
+     "Dns": ["8.8.8.8", "8.8.4.4"]}
--- a/docs/sources/commandline/command/diff.rst
+++ b/docs/sources/commandline/command/diff.rst
@@ -1,3 +1,7 @@
+:title: Diff Command
+:description: Inspect changes on a container's filesystem
+:keywords: diff, docker, container, documentation
+
 =======================================================
 ``diff`` -- Inspect changes on a container's filesystem
 =======================================================
--- a/docs/sources/commandline/command/export.rst
+++ b/docs/sources/commandline/command/export.rst
@@ -1,3 +1,7 @@
+:title: Export Command
+:description: Export the contents of a filesystem as a tar archive
+:keywords: export, docker, container, documentation
+
 =================================================================
 ``export`` -- Stream the contents of a container as a tar archive
 =================================================================
--- a/docs/sources/commandline/command/history.rst
+++ b/docs/sources/commandline/command/history.rst
@@ -1,3 +1,7 @@
+:title: History Command
+:description: Show the history of an image
+:keywords: history, docker, container, documentation
+
 ===========================================
 ``history`` -- Show the history of an image
 ===========================================
--- a/docs/sources/commandline/command/images.rst
+++ b/docs/sources/commandline/command/images.rst
@@ -1,3 +1,7 @@
+:title: Images Command
+:description: List images
+:keywords: images, docker, container, documentation
+
 =========================
 ``images`` -- List images
 =========================
@@ -10,3 +14,13 @@

      -a=false: show all images
      -q=false: only show numeric IDs
+      -viz=false: output in graphviz format
+
+Displaying images visually
+--------------------------
+
+::
+
+    docker images -viz | dot -Tpng -o docker.png
+
+.. image:: images/docker_images.gif
--- a/docs/sources/commandline/command/images/docker_images.gif
+++ b/docs/sources/commandline/command/images/docker_images.gif
--- a/docs/sources/commandline/command/import.rst
+++ b/docs/sources/commandline/command/import.rst
@@ -1,9 +1,41 @@
+:title: Import Command
+:description: Create a new filesystem image from the contents of a tarball
+:keywords: import, tarball, docker, url, documentation
+
 ==========================================================================
 ``import`` -- Create a new filesystem image from the contents of a tarball
 ==========================================================================

 ::

-    Usage: docker import [OPTIONS] URL|- [REPOSITORY [TAG]]
+    Usage: docker import URL|- [REPOSITORY [TAG]]

    Create a new filesystem image from the contents of a tarball
+
+At this time, the URL must start with ``http`` and point to a single file archive
+(.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz)
+containing a root filesystem. If you would like to import from a local directory or archive,
+you can use the ``-`` parameter to take the data from standard in.
+
+Examples
+--------
+
+Import from a remote location
+.............................
+
+``$ docker import http://example.com/exampleimage.tgz exampleimagerepo``
+
+Import from a local file
+........................
+
+Import to docker via pipe and standard in
+
+``$ cat exampleimage.tgz | docker import - exampleimagelocal``
+
+Import from a local directory
+.............................
+
+``$ sudo tar -c . | docker import - exampleimagedir``
+
+Note the ``sudo`` in this example -- you must preserve the ownership of the files (especially root ownership)
+during the archiving with tar. If you are not root (or sudo) when you tar, then the ownerships might not get preserved.
--- a/docs/sources/commandline/command/info.rst
+++ b/docs/sources/commandline/command/info.rst
@@ -1,3 +1,7 @@
+:title: Info Command
+:description: Display system-wide information.
+:keywords: info, docker, information, documentation
+
 ===========================================
 ``info`` -- Display system-wide information
 ===========================================
--- a/docs/sources/commandline/command/inspect.rst
+++ b/docs/sources/commandline/command/inspect.rst
@@ -1,3 +1,7 @@
+:title: Inspect Command
+:description: Return low-level information on a container
+:keywords: inspect, container, docker, documentation
+
 ==========================================================
 ``inspect`` -- Return low-level information on a container
 ==========================================================
--- a/docs/sources/commandline/command/kill.rst
+++ b/docs/sources/commandline/command/kill.rst
@@ -1,3 +1,7 @@
+:title: Kill Command
+:description: Kill a running container
+:keywords: kill, container, docker, documentation
+
 ====================================
 ``kill`` -- Kill a running container
 ====================================
--- a/docs/sources/commandline/command/login.rst
+++ b/docs/sources/commandline/command/login.rst
@@ -1,9 +1,17 @@
+:title: Login Command
+:description: Register or Login to the docker registry server
+:keywords: login, docker, documentation
+
 ============================================================
 ``login`` -- Register or Login to the docker registry server
 ============================================================

 ::

-    Usage: docker login
+    Usage: docker login [OPTIONS]

    Register or Login to the docker registry server
+
+    -e="": email
+    -p="": password
+    -u="": username
--- a/docs/sources/commandline/command/logs.rst
+++ b/docs/sources/commandline/command/logs.rst
@@ -1,3 +1,7 @@
+:title: Logs Command
+:description: Fetch the logs of a container
+:keywords: logs, container, docker, documentation
+
 =========================================
 ``logs`` -- Fetch the logs of a container
 =========================================
--- a/docs/sources/commandline/command/port.rst
+++ b/docs/sources/commandline/command/port.rst
@@ -1,3 +1,7 @@
+:title: Port Command
+:description: Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
+:keywords: port, docker, container, documentation
+
 =========================================================================
 ``port`` -- Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
 =========================================================================
--- a/docs/sources/commandline/command/ps.rst
+++ b/docs/sources/commandline/command/ps.rst
@@ -1,3 +1,7 @@
+:title: Ps Command
+:description: List containers
+:keywords: ps, docker, documentation, container
+
 =========================
 ``ps`` -- List containers
 =========================
--- a/docs/sources/commandline/command/pull.rst
+++ b/docs/sources/commandline/command/pull.rst
@@ -1,3 +1,7 @@
+:title: Pull Command
+:description: Pull an image or a repository from the registry
+:keywords: pull, image, repo, repository, documentation, docker
+
 =========================================================================
 ``pull`` -- Pull an image or a repository from the docker registry server
 =========================================================================
--- a/docs/sources/commandline/command/push.rst
+++ b/docs/sources/commandline/command/push.rst
@@ -1,3 +1,7 @@
+:title: Push Command
+:description: Push an image or a repository to the registry
+:keywords: push, docker, image, repository, documentation, repo
+
 =======================================================================
 ``push`` -- Push an image or a repository to the docker registry server
 =======================================================================
--- a/docs/sources/commandline/command/restart.rst
+++ b/docs/sources/commandline/command/restart.rst
@@ -1,3 +1,7 @@
+:title: Restart Command
+:description: Restart a running container
+:keywords: restart, container, docker, documentation
+
 ==========================================
 ``restart`` -- Restart a running container
 ==========================================
--- a/docs/sources/commandline/command/rm.rst
+++ b/docs/sources/commandline/command/rm.rst
@@ -1,3 +1,7 @@
+:title: Rm Command
+:description: Remove a container
+:keywords: remove, container, docker, documentation, rm
+
 ============================
 ``rm`` -- Remove a container
 ============================
@@ -6,4 +10,4 @@

    Usage: docker rm [OPTIONS] CONTAINER

-    Remove a container
+    Remove one or more containers
--- a/docs/sources/commandline/command/rmi.rst
+++ b/docs/sources/commandline/command/rmi.rst
@@ -1,9 +1,13 @@
+:title: Rmi Command
+:description: Remove an image
+:keywords: rmi, remove, image, docker, documentation
+
 ==========================
 ``rmi`` -- Remove an image
 ==========================

 ::

-    Usage: docker rmimage [OPTIONS] IMAGE
+    Usage: docker rmi IMAGE [IMAGE...]

-    Remove an image
+    Remove one or more images
--- a/docs/sources/commandline/command/run.rst
+++ b/docs/sources/commandline/command/run.rst
@@ -1,19 +1,40 @@
+:title: Run Command
+:description: Run a command in a new container
+:keywords: run, container, docker, documentation 
+
 ===========================================
 ``run`` -- Run a command in a new container
 ===========================================

 ::

-    Usage: docker run [OPTIONS] IMAGE COMMAND [ARG...]
+    Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

    Run a command in a new container

      -a=map[]: Attach to stdin, stdout or stderr.
-      -d=false: Detached mode: leave the container running in the background
+      -c=0: CPU shares (relative weight)
+      -cidfile="": Write the container ID to the file
+      -d=false: Detached mode: Run container in the background, print new container id
      -e=[]: Set environment variables
      -h="": Container host name
      -i=false: Keep stdin open even if not attached
      -m=0: Memory limit (in bytes)
+      -n=true: Enable networking for this container
      -p=[]: Map a network port to the container
      -t=false: Allocate a pseudo-tty
      -u="": Username or UID
+      -d=[]: Set custom dns servers for the container
+      -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. If "host-dir" is missing, then docker creates a new volume.
+      -volumes-from="": Mount all volumes from the given container.
+      -entrypoint="": Overwrite the default entrypoint set by the image.
+
+
+Examples
+--------
+
+.. code-block:: bash
+
+    docker run -cidfile /tmp/docker_test.cid ubuntu echo "test"
+
+| This will create a container and print "test" to the console. The cidfile flag makes docker attempt to create a new file and write the container ID to it. If the file exists already, docker will return an error. Docker will close this file when docker run exits.
--- a/docs/sources/commandline/command/search.rst
+++ b/docs/sources/commandline/command/search.rst
@@ -0,0 +1,14 @@
+:title: Search Command
+:description: Searches for the TERM parameter on the Docker index and prints out a list of repositories that match.
+:keywords: search, docker, image, documentation 
+
+===================================================================
+``search`` -- Search for an image in the docker index
+===================================================================
+
+::
+
+    Usage: docker search TERM
+
+    Searches for the TERM parameter on the Docker index and prints out a list of repositories
+    that match.
--- a/docs/sources/commandline/command/start.rst
+++ b/docs/sources/commandline/command/start.rst
@@ -1,3 +1,7 @@
+:title: Start Command
+:description: Start a stopped container
+:keywords: start, docker, container, documentation
+
 ======================================
 ``start`` -- Start a stopped container
 ======================================
--- a/docs/sources/commandline/command/stop.rst
+++ b/docs/sources/commandline/command/stop.rst
@@ -1,9 +1,15 @@
+:title: Stop Command
+:description: Stop a running container
+:keywords: stop, container, docker, documentation
+
 ====================================
 ``stop`` -- Stop a running container
 ====================================

 ::

-    Usage: docker stop [OPTIONS] NAME
+    Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...]

    Stop a running container
+
+      -t=10: Number of seconds to wait for the container to stop before killing it.
--- a/docs/sources/commandline/command/tag.rst
+++ b/docs/sources/commandline/command/tag.rst
@@ -1,3 +1,7 @@
+:title: Tag Command
+:description: Tag an image into a repository
+:keywords: tag, docker, image, repository, documentation, repo
+
 =========================================
 ``tag`` -- Tag an image into a repository
 =========================================
--- a/docs/sources/commandline/command/top.rst
+++ b/docs/sources/commandline/command/top.rst
@@ -0,0 +1,13 @@
+:title: Top Command
+:description: Lookup the running processes of a container
+:keywords: top, docker, container, documentation
+
+=======================================================
+``top`` -- Lookup the running processes of a container
+=======================================================
+
+::
+
+    Usage: docker top CONTAINER
+
+    Lookup the running processes of a container
--- a/docs/sources/commandline/command/version.rst
+++ b/docs/sources/commandline/command/version.rst
@@ -1,3 +1,7 @@
+:title: Version Command
+:description: 
+:keywords: version, docker, documentation
+
 ==================================================
 ``version`` -- Show the docker version information
 ==================================================
--- a/docs/sources/commandline/command/wait.rst
+++ b/docs/sources/commandline/command/wait.rst
@@ -1,3 +1,7 @@
+:title: Wait Command
+:description: Block until a container stops, then print its exit code.
+:keywords: wait, docker, container, documentation
+
 ===================================================================
 ``wait`` -- Block until a container stops, then print its exit code
 ===================================================================
--- a/docs/sources/commandline/index.rst
+++ b/docs/sources/commandline/index.rst
@@ -1,6 +1,6 @@
-:title: docker documentation
+:title: Commands
 :description: -- todo: change me
-:keywords: todo: change me
+:keywords: todo, commands, command line, help, docker, documentation


 Commands
@@ -9,8 +9,34 @@ Commands
 Contents:

 .. toctree::
-  :maxdepth: 2
+  :maxdepth: 1

-  basics
-  workingwithrepository
-  cli
+  cli
+  attach  <command/attach>
+  build   <command/build>
+  commit  <command/commit>
+  diff    <command/diff>
+  export  <command/export>
+  history <command/history>
+  images  <command/images>
+  import  <command/import>
+  info    <command/info>
+  inspect <command/inspect>
+  kill    <command/kill>
+  login   <command/login>
+  logs    <command/logs>
+  port    <command/port>
+  ps      <command/ps>
+  pull    <command/pull>
+  push    <command/push>
+  restart <command/restart>
+  rm      <command/rm>
+  rmi     <command/rmi>
+  run     <command/run>
+  search  <command/search>
+  start   <command/start>
+  stop    <command/stop>
+  tag     <command/tag>
+  top     <command/top>
+  version <command/version>
+  wait    <command/wait>
--- a/docs/sources/commandline/workingwithrepository.rst
+++ b/docs/sources/commandline/workingwithrepository.rst
@@ -1,42 +0,0 @@
-.. _working_with_the_repository:
-
-Working with the repository
-============================
-
-Connecting to the repository
----------------------------
-
-You create a user on the central docker repository by running
-
-.. code-block:: bash
-
-    docker login
-
-
-If your username does not exist it will prompt you to also enter a password and your e-mail address. It will then
-automatically log you in.
-
-
-Committing a container to a named image
---------------------------------------
-
-In order to commit to the repository it is required to have committed your container to an image with your namespace.
-
-.. code-block:: bash
-
-    # for example docker commit $CONTAINER_ID dhrp/kickassapp
-    docker commit <container_id> <your username>/<some_name>
-
-
-Pushing a container to the repository
-----------------------------------------
-
-In order to push an image to the repository you need to have committed your container to a named image (see above)
-
-Now you can commit this image to the repository
-
-.. code-block:: bash
-
-    # for example docker push dhrp/kickassapp
-    docker push <image-name>
-
--- a/docs/sources/concepts/buildingblocks.rst
+++ b/docs/sources/concepts/buildingblocks.rst
@@ -1,25 +0,0 @@
-:title: Building blocks
-:description: An introduction to docker and standard containers?
-:keywords: containers, lxc, concepts, explanation
-
-
-Building blocks
-===============
-
-.. _images:
-
-Images
------
-An original container image. These are stored on disk and are comparable with what you normally expect from a stoppped virtual machine image. Images are stored (and retrieved from) repository
-
-Images are stored on your local file system under /var/lib/docker/images
-
-
-.. _containers:
-
-Containers
----------
-A container is a local version of an image. It can be running or stopped, The equivalent would be a virtual machine instance.
-
-Containers are stored on your local file system under /var/lib/docker/containers
-
--- a/docs/sources/concepts/containers.rst
+++ b/docs/sources/concepts/containers.rst
@@ -1,128 +0,0 @@
-:title: Introduction
-:description: An introduction to docker and standard containers?
-:keywords: containers, lxc, concepts, explanation
-
-
-:note: This version of the introduction is temporary, just to make sure we don't break the links from the website when the documentation is updated
-
-
-Introduction
-============
-
-Docker - The Linux container runtime
------------------------------------
-
-Docker complements LXC with a high-level API which operates at the process level. It runs unix processes with strong guarantees of isolation and repeatability across servers.
-
-Docker is a great building block for automating distributed systems: large-scale web deployments, database clusters, continuous deployment systems, private PaaS, service-oriented architectures, etc.
-
-
- **Heterogeneous payloads** Any combination of binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, you name it. No more juggling between domain-specific tools. Docker can deploy and run them all.
- **Any server** Docker can run on any x64 machine with a modern linux kernel - whether it's a laptop, a bare metal server or a VM. This makes it perfect for multi-cloud deployments.
- **Isolation** docker isolates processes from each other and from the underlying host, using lightweight containers.
- **Repeatability** Because containers are isolated in their own filesystem, they behave the same regardless of where, when, and alongside what they run.
-
-
-
-What is a Standard Container?
-----------------------------
-
-Docker defines a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in
-a format that is self-describing and portable, so that any compliant runtime can run it without extra dependency, regardless of the underlying machine and the contents of the container.
-
-The spec for Standard Containers is currently work in progress, but it is very straightforward. It mostly defines 1) an image format, 2) a set of standard operations, and 3) an execution environment.
-
-A great analogy for this is the shipping container. Just like Standard Containers are a fundamental unit of software delivery, shipping containers (http://bricks.argz.com/ins/7823-1/12) are a fundamental unit of physical delivery.
-
-Standard operations
-~~~~~~~~~~~~~~~~~~~
-
-Just like shipping containers, Standard Containers define a set of STANDARD OPERATIONS. Shipping containers can be lifted, stacked, locked, loaded, unloaded and labelled. Similarly, standard containers can be started, stopped, copied, snapshotted, downloaded, uploaded and tagged.
-
-
-Content-agnostic
-~~~~~~~~~~~~~~~~~~~
-
-Just like shipping containers, Standard Containers are CONTENT-AGNOSTIC: all standard operations have the same effect regardless of the contents. A shipping container will be stacked in exactly the same way whether it contains Vietnamese powder coffee or spare Maserati parts. Similarly, Standard Containers are started or uploaded in the same way whether they contain a postgres database, a php application with its dependencies and application server, or Java build artifacts.
-
-
-Infrastructure-agnostic
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be transported to thousands of facilities around the world, and manipulated by a wide variety of equipment. A shipping container can be packed in a factory in Ukraine, transported by truck to the nearest routing center, stacked onto a train, loaded into a German boat by an Australian-built crane, stored in a warehouse at a US facility, etc. Similarly, a standard container can be bundled on my laptop, uploaded to S3, downloaded, run and snapshotted by a build server at Equinix in Virginia, uploaded to 10 staging servers in a home-made Openstack cluster, then sent to 30 production instances across 3 EC2 regions.
-
-
-Designed for automation
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Because they offer the same standard operations regardless of content and infrastructure, Standard Containers, just like their physical counterpart, are extremely well-suited for automation. In fact, you could say automation is their secret weapon.
-
-Many things that once required time-consuming and error-prone human effort can now be programmed. Before shipping containers, a bag of powder coffee was hauled, dragged, dropped, rolled and stacked by 10 different people in 10 different locations by the time it reached its destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The process was slow, inefficient and cost a fortune - and was entirely different depending on the facility and the type of goods.
-
-Similarly, before Standard Containers, by the time a software component ran in production, it had been individually built, configured, bundled, documented, patched, vendored, templated, tweaked and instrumented by 10 different people on 10 different computers. Builds failed, libraries conflicted, mirrors crashed, post-it notes were lost, logs were misplaced, cluster updates were half-broken. The process was slow, inefficient and cost a fortune - and was entirely different depending on the language and infrastructure provider.
-
-
-Industrial-grade delivery
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-There are 17 million shipping containers in existence, packed with every physical good imaginable. Every single one of them can be loaded on the same boats, by the same cranes, in the same facilities, and sent anywhere in the World with incredible efficiency. It is embarrassing to think that a 30 ton shipment of coffee can safely travel half-way across the World in *less time* than it takes a software team to deliver its code from one datacenter to another sitting 10 miles away.
-
-With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.
-
-
-Standard Container Specification
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-(TODO)
-
-Image format
-~~~~~~~~~~~~
-
-Standard operations
-~~~~~~~~~~~~~~~~~~~
-
-  Copy
-  Run
-  Stop
-  Wait
-  Commit
-  Attach standard streams
-  List filesystem changes
-  ...
-
-Execution environment
-~~~~~~~~~~~~~~~~~~~~~
-
-Root filesystem
-^^^^^^^^^^^^^^^
-
-Environment variables
-^^^^^^^^^^^^^^^^^^^^^
-
-Process arguments
-^^^^^^^^^^^^^^^^^
-
-Networking
-^^^^^^^^^^
-
-Process namespacing
-^^^^^^^^^^^^^^^^^^^
-
-Resource limits
-^^^^^^^^^^^^^^^
-
-Process monitoring
-^^^^^^^^^^^^^^^^^^
-
-Logging
-^^^^^^^
-
-Signals
-^^^^^^^
-
-Pseudo-terminal allocation
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Security
-^^^^^^^^
-
--- a/docs/sources/concepts/images/dockerlogo-h.png
+++ b/docs/sources/concepts/images/dockerlogo-h.png
--- a/docs/sources/concepts/images/dockerlogo-v.png
+++ b/docs/sources/concepts/images/dockerlogo-v.png
--- a/docs/sources/concepts/images/lego_docker.jpg
+++ b/docs/sources/concepts/images/lego_docker.jpg
--- a/docs/sources/concepts/index.rst
+++ b/docs/sources/concepts/index.rst
@@ -1,10 +1,10 @@
-:title: docker documentation
-:description: -- todo: change me
-:keywords: todo: change me
+:title: Overview
+:description: Docker documentation summary
+:keywords: concepts, documentation, docker, containers



-Concepts
+Overview
 ========

 Contents:
@@ -12,6 +12,5 @@ Contents:
 .. toctree::
   :maxdepth: 1

-   introduction
-   buildingblocks
-
+   ../index
+   manifesto
--- a/docs/sources/concepts/introduction.rst
+++ b/docs/sources/concepts/introduction.rst
@@ -1,127 +0,0 @@
-:title: Introduction
-:description: An introduction to docker and standard containers?
-:keywords: containers, lxc, concepts, explanation
-
-
-
-Introduction
-============
-
-Docker - The Linux container runtime
------------------------------------
-
-Docker complements LXC with a high-level API which operates at the process level. It runs unix processes with strong guarantees of isolation and repeatability across servers.
-
-Docker is a great building block for automating distributed systems: large-scale web deployments, database clusters, continuous deployment systems, private PaaS, service-oriented architectures, etc.
-
-
- **Heterogeneous payloads** Any combination of binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, you name it. No more juggling between domain-specific tools. Docker can deploy and run them all.
- **Any server** Docker can run on any x64 machine with a modern linux kernel - whether it's a laptop, a bare metal server or a VM. This makes it perfect for multi-cloud deployments.
- **Isolation** docker isolates processes from each other and from the underlying host, using lightweight containers.
- **Repeatability** Because containers are isolated in their own filesystem, they behave the same regardless of where, when, and alongside what they run.
-
-.. image:: http://www.docker.io/_static/lego_docker.jpg
-
-
-What is a Standard Container?
-----------------------------
-
-Docker defines a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in
-a format that is self-describing and portable, so that any compliant runtime can run it without extra dependency, regardless of the underlying machine and the contents of the container.
-
-The spec for Standard Containers is currently work in progress, but it is very straightforward. It mostly defines 1) an image format, 2) a set of standard operations, and 3) an execution environment.
-
-A great analogy for this is the shipping container. Just like Standard Containers are a fundamental unit of software delivery, shipping containers (http://bricks.argz.com/ins/7823-1/12) are a fundamental unit of physical delivery.
-
-Standard operations
-~~~~~~~~~~~~~~~~~~~
-
-Just like shipping containers, Standard Containers define a set of STANDARD OPERATIONS. Shipping containers can be lifted, stacked, locked, loaded, unloaded and labelled. Similarly, standard containers can be started, stopped, copied, snapshotted, downloaded, uploaded and tagged.
-
-
-Content-agnostic
-~~~~~~~~~~~~~~~~~~~
-
-Just like shipping containers, Standard Containers are CONTENT-AGNOSTIC: all standard operations have the same effect regardless of the contents. A shipping container will be stacked in exactly the same way whether it contains Vietnamese powder coffee or spare Maserati parts. Similarly, Standard Containers are started or uploaded in the same way whether they contain a postgres database, a php application with its dependencies and application server, or Java build artifacts.
-
-
-Infrastructure-agnostic
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be transported to thousands of facilities around the world, and manipulated by a wide variety of equipment. A shipping container can be packed in a factory in Ukraine, transported by truck to the nearest routing center, stacked onto a train, loaded into a German boat by an Australian-built crane, stored in a warehouse at a US facility, etc. Similarly, a standard container can be bundled on my laptop, uploaded to S3, downloaded, run and snapshotted by a build server at Equinix in Virginia, uploaded to 10 staging servers in a home-made Openstack cluster, then sent to 30 production instances across 3 EC2 regions.
-
-
-Designed for automation
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Because they offer the same standard operations regardless of content and infrastructure, Standard Containers, just like their physical counterpart, are extremely well-suited for automation. In fact, you could say automation is their secret weapon.
-
-Many things that once required time-consuming and error-prone human effort can now be programmed. Before shipping containers, a bag of powder coffee was hauled, dragged, dropped, rolled and stacked by 10 different people in 10 different locations by the time it reached its destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The process was slow, inefficient and cost a fortune - and was entirely different depending on the facility and the type of goods.
-
-Similarly, before Standard Containers, by the time a software component ran in production, it had been individually built, configured, bundled, documented, patched, vendored, templated, tweaked and instrumented by 10 different people on 10 different computers. Builds failed, libraries conflicted, mirrors crashed, post-it notes were lost, logs were misplaced, cluster updates were half-broken. The process was slow, inefficient and cost a fortune - and was entirely different depending on the language and infrastructure provider.
-
-
-Industrial-grade delivery
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-There are 17 million shipping containers in existence, packed with every physical good imaginable. Every single one of them can be loaded on the same boats, by the same cranes, in the same facilities, and sent anywhere in the World with incredible efficiency. It is embarrassing to think that a 30 ton shipment of coffee can safely travel half-way across the World in *less time* than it takes a software team to deliver its code from one datacenter to another sitting 10 miles away.
-
-With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.
-
-
-Standard Container Specification
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-(TODO)
-
-Image format
-~~~~~~~~~~~~
-
-Standard operations
-~~~~~~~~~~~~~~~~~~~
-
-  Copy
-  Run
-  Stop
-  Wait
-  Commit
-  Attach standard streams
-  List filesystem changes
-  ...
-
-Execution environment
-~~~~~~~~~~~~~~~~~~~~~
-
-Root filesystem
-^^^^^^^^^^^^^^^
-
-Environment variables
-^^^^^^^^^^^^^^^^^^^^^
-
-Process arguments
-^^^^^^^^^^^^^^^^^
-
-Networking
-^^^^^^^^^^
-
-Process namespacing
-^^^^^^^^^^^^^^^^^^^
-
-Resource limits
-^^^^^^^^^^^^^^^
-
-Process monitoring
-^^^^^^^^^^^^^^^^^^
-
-Logging
-^^^^^^^
-
-Signals
-^^^^^^^
-
-Pseudo-terminal allocation
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Security
-^^^^^^^^
-
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`# Maintainer wanted! Enroll on #docker@freenode`