Update changelog to include hostname commit

Sometimes `ip route` will show mask-less IPs, so net.ParseCIDR will fail. If it does we check if we can net.ParseIP, and fail only if we can't.
Fixes #1214
Fixes #362

.gitignore

@@ -15,3 +15,4 @@ docs/_build
 docs/_static
 docs/_templates
 .gopath/
+.dotcloud

.mailmap

@@ -19,3 +19,9 @@ Andy Smith <github@anarkystic.com>
 <victor.vieux@dotcloud.com> <dev@vvieux.com>
 <dominik@honnef.co> <dominikh@fork-bomb.org>
 Thatcher Peskens <thatcher@dotcloud.com>
+<ehanchrow@ine.com> <eric.hanchrow@gmail.com>
+Walter Stanish <walter@pratyeka.org>
+<daniel@gasienica.ch> <dgasienica@zynga.com>
+Roberto Hashioka <roberto_hashioka@hotmail.com>
+Konstantin Pelykh <kpelykh@zettaset.com>
+David Sissitka <me@dsissitka.com>

AUTHORS

@@ -4,63 +4,110 @@
 # For a list of active project maintainers, see the MAINTAINERS file.
 #
 Al Tobey <al@ooyala.com>
+Alex Gaynor <alex.gaynor@gmail.com>
 Alexey Shamrin <shamrin@gmail.com>
 Andrea Luzzardi <aluzzardi@gmail.com>
+Andreas Tiefenthaler <at@an-ti.eu>
+Andrew Munsell <andrew@wizardapps.net>
+Andrews Medina <andrewsmedina@gmail.com>
 Andy Rothfusz <github@metaliveblog.com>
 Andy Smith <github@anarkystic.com>
+Anthony Bishopric <git@anthonybishopric.com>
 Antony Messerli <amesserl@rackspace.com>
 Barry Allard <barry.allard@gmail.com>
 Brandon Liu <bdon@bdon.org>
 Brian McCallister <brianm@skife.org>
 Bruno Bigras <bigras.bruno@gmail.com>
 Caleb Spare <cespare@gmail.com>
+Calen Pennington <cale@edx.org>
 Charles Hooper <charles.hooper@dotcloud.com>
+Christopher Currie <codemonkey+github@gmail.com>
 Daniel Gasienica <daniel@gasienica.ch>
 Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com>
 Daniel Robinson <gottagetmac@gmail.com>
 Daniel Von Fange <daniel@leancoder.com>
+Daniel YC Lin <dlin.tw@gmail.com>
+David Calavera <david.calavera@gmail.com>
+David Sissitka <me@dsissitka.com>
 Dominik Honnef <dominik@honnef.co>
 Don Spaulding <donspauldingii@gmail.com>
 Dr Nic Williams <drnicwilliams@gmail.com>
+Elias Probst <mail@eliasprobst.eu>
+Eric Hanchrow <ehanchrow@ine.com>
+Eric Myhre <hash@exultant.us>
+Erno Hopearuoho <erno.hopearuoho@gmail.com>
 Evan Wies <evan@neomantra.net>
 ezbercih <cem.ezberci@gmail.com>
+Fabrizio Regini <freegenie@gmail.com>
 Flavio Castelli <fcastelli@suse.com>
 Francisco Souza <f@souza.cc>
 Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
+Gabriel Monroy <gabriel@opdemand.com>
+Gareth Rushgrove <gareth@morethanseven.net>
 Guillaume J. Charmes <guillaume.charmes@dotcloud.com>
 Harley Laue <losinggeneration@gmail.com>
 Hunter Blanks <hunter@twilio.com>
 Jeff Lindsay <progrium@gmail.com>
 Jeremy Grosser <jeremy@synack.me>
 Joffrey F <joffrey@dotcloud.com>
+Johan Euphrosine <proppy@google.com>
 John Costa <john.costa@gmail.com>
+Jon Wedaman <jweede@gmail.com>
 Jonas Pfenniger <jonas@pfenniger.name>
 Jonathan Rudenberg <jonathan@titanous.com>
+Joseph Anthony Pasquale Holsten <joseph@josephholsten.com>
 Julien Barbier <write0@gmail.com>
 Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>
+Karan Lyons <karan@karanlyons.com>
+Keli Hu <dev@keli.hu>
 Ken Cochrane <kencochrane@gmail.com>
 Kevin J. Lynagh <kevin@keminglabs.com>
+kim0 <email.ahmedkamal@googlemail.com>
+Kimbro Staken <kstaken@kstaken.com>
+Kiran Gangadharan <kiran.daredevil@gmail.com>
+Konstantin Pelykh <kpelykh@zettaset.com>
 Louis Opter <kalessin@kalessin.fr>
+Marco Hennings <marco.hennings@freiheit.com>
+Marcus Farkas <toothlessgear@finitebox.com>
+Mark McGranaghan <mmcgrana@gmail.com>
 Maxim Treskin <zerthurd@gmail.com>
+meejah <meejah@meejah.ca>
+Michael Crosby <crosby.michael@gmail.com>
+Mike Gaffney <mike@uberu.com>
 Mikhail Sobolev <mss@mawhrin.net>
+Nan Monnand Deng <monnand@gmail.com>
 Nate Jones <nate@endot.org>
 Nelson Chen <crazysim@gmail.com>
 Niall O'Higgins <niallo@unworkable.org>
+Nick Stenning <nick.stenning@digital.cabinet-office.gov.uk>
+Nick Stinemates <nick@stinemates.org>
 odk- <github@odkurzacz.org>
 Paul Bowsher <pbowsher@globalpersonals.co.uk>
 Paul Hammond <paul@paulhammond.org>
+Phil Spitler <pspitler@gmail.com>
 Piotr Bogdan <ppbogdan@gmail.com>
+Renato Riccieri Santos Zannon <renato.riccieri@gmail.com>
+Rhys Hiltner <rhys@twitch.tv>
 Robert Obryk <robryk@gmail.com>
+Roberto Hashioka <roberto_hashioka@hotmail.com>
+Ryan Fowler <rwfowler@gmail.com>
 Sam Alba <sam.alba@gmail.com>
+Sam J Sharpe <sam.sharpe@digital.cabinet-office.gov.uk>
 Shawn Siefkas <shawn.siefkas@meredith.com>
 Silas Sewell <silas@sewell.org>
 Solomon Hykes <solomon@dotcloud.com>
 Sridhar Ratnakumar <sridharr@activestate.com>
+Stefan Praszalowicz <stefan@greplin.com>
 Thatcher Peskens <thatcher@dotcloud.com>
 Thomas Bikeev <thomas.bikeev@mac.com>
+Thomas Hansen <thomas.hansen@gmail.com>
 Tianon Gravi <admwiggin@gmail.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
-Troy Howard <thoward37@gmail.com>
+Tobias Bieniek <Tobias.Bieniek@gmx.de>
+Tobias Schwab <tobias.schwab@dynport.de>
+Tom Hulihan <hulihan.tom159@gmail.com>
 unclejack <unclejacksons@gmail.com>
 Victor Vieux <victor.vieux@dotcloud.com>
 Vivek Agarwal <me@vivek.im>
+Walter Stanish <walter@pratyeka.org>
+Will Dietz <w@wdtz.org>

CHANGELOG.md

@@ -1,5 +1,119 @@
 # Changelog
 
+## 0.5.3 (2013-08-13)
+* Runtime: Use docker group for socket permissions
+- Runtime: Spawn shell within upstart script
+- Builder: Make sure ENV instruction within build perform a commit each time
+- Runtime: Handle ip route showing mask-less IP addresses
+- Runtime: Add hostname to environment
+
+## 0.5.2 (2013-08-08)
+ * Builder: Forbid certain paths within docker build ADD
+ - Runtime: Change network range to avoid conflict with EC2 DNS
+ * API: Change daemon to listen on unix socket by default
+
+## 0.5.1 (2013-07-30)
+ + API: Docker client now sets useragent (RFC 2616)
+ + Runtime: Add `ps` args to `docker top`
+ + Runtime: Add support for container ID files (pidfile like)
+ + Runtime: Add container=lxc in default env
+ + Runtime: Support networkless containers with `docker run -n` and `docker -d -b=none`
+ + API: Add /events endpoint
+ + Builder: ADD command now understands URLs
+ + Builder: CmdAdd and CmdEnv now respect Dockerfile-set ENV variables
+ * Hack: Simplify unit tests with helpers
+ * Hack: Improve docker.upstart event
+ * Hack: Add coverage testing into docker-ci
+ * Runtime: Stdout/stderr logs are now stored in the same file as JSON
+ * Runtime: Allocate a /16 IP range by default, with fallback to /24. Try 12 ranges instead of 3.
+ * Runtime: Change .dockercfg format to json and support multiple auth remote
+ - Runtime: Do not override volumes from config
+ - Runtime: Fix issue with EXPOSE override
+ - Builder: Create directories with 755 instead of 700 within ADD instruction
+
+## 0.5.0 (2013-07-17)
+ + Runtime: List all processes running inside a container with 'docker top'
+ + Runtime: Host directories can be mounted as volumes with 'docker run -v'
+ + Runtime: Containers can expose public UDP ports (eg, '-p 123/udp')
+ + Runtime: Optionally specify an exact public port (eg. '-p 80:4500')
+ + Registry: New image naming scheme inspired by Go packaging convention allows arbitrary combinations of registries
+ + Builder: ENTRYPOINT instruction sets a default binary entry point to a container
+ + Builder: VOLUME instruction marks a part of the container as persistent data
+ * Builder: 'docker build' displays the full output of a build by default
+ * Runtime: 'docker login' supports additional options
+ - Runtime: Dont save a container's hostname when committing an image.
+ - Registry: Fix issues when uploading images to a private registry
+
+## 0.4.8 (2013-07-01)
+ + Builder: New build operation ENTRYPOINT adds an executable entry point to the container.
+ - Runtime: Fix a bug which caused 'docker run -d' to no longer print the container ID.
+ - Tests: Fix issues in the test suite
+
+## 0.4.7 (2013-06-28)
+ * Registry: easier push/pull to a custom registry
+ * Remote API: the progress bar updates faster when downloading and uploading large files
+ - Remote API: fix a bug in the optional unix socket transport
+ * Runtime: improve detection of kernel version
+ + Runtime: host directories can be mounted as volumes with 'docker run -b'
+ - Runtime: fix an issue when only attaching to stdin
+ * Runtime: use 'tar --numeric-owner' to avoid uid mismatch across multiple hosts
+ * Hack: improve test suite and dev environment
+ * Hack: remove dependency on unit tests on 'os/user'
+ + Documentation: add terminology section
+
+## 0.4.6 (2013-06-22)
+ - Runtime: fix a bug which caused creation of empty images (and volumes) to crash.
+
+## 0.4.5 (2013-06-21)
+ + Builder: 'docker build git://URL' fetches and builds a remote git repository
+ * Runtime: 'docker ps -s' optionally prints container size
+ * Tests: Improved and simplified
+ - Runtime: fix a regression introduced in 0.4.3 which caused the logs command to fail.
+ - Builder: fix a regression when using ADD with single regular file.
+
+## 0.4.4 (2013-06-19)
+ - Builder: fix a regression introduced in 0.4.3 which caused builds to fail on new clients.
+
+## 0.4.3 (2013-06-19)
+ + Builder: ADD of a local file will detect tar archives and unpack them
+ * Runtime: Remove bsdtar dependency
+ * Runtime: Add unix socket and multiple -H support
+ * Runtime: Prevent rm of running containers
+ * Runtime: Use go1.1 cookiejar
+ * Builder: ADD improvements: use tar for copy + automatically unpack local archives
+ * Builder: ADD uses tar/untar for copies instead of calling 'cp -ar'
+ * Builder: nicer output for 'docker build'
+ * Builder: fixed the behavior of ADD to be (mostly) reverse-compatible, predictable and well-documented.
+ * Client: HumanReadable ProgressBar sizes in pull
+ * Client: Fix docker version's git commit output
+ * API: Send all tags on History API call
+ * API: Add tag lookup to history command. Fixes #882
+ - Runtime: Fix issue detaching from running TTY container
+ - Runtime: Forbid parralel push/pull for a single image/repo. Fixes #311
+ - Runtime: Fix race condition within Run command when attaching.
+ - Builder: fix a bug which caused builds to fail if ADD was the first command
+ - Documentation: fix missing command in irc bouncer example
+
+## 0.4.2 (2013-06-17)
+ - Packaging: Bumped version to work around an Ubuntu bug
+
+## 0.4.1 (2013-06-17)
+ + Remote Api: Add flag to enable cross domain requests
+ + Remote Api/Client: Add images and containers sizes in docker ps and docker images
+ + Runtime: Configure dns configuration host-wide with 'docker -d -dns'
+ + Runtime: Detect faulty DNS configuration and replace it with a public default
+ + Runtime: allow docker run <name>:<id>
+ + Runtime: you can now specify public port (ex: -p 80:4500)
+ * Client: allow multiple params in inspect
+ * Client: Print the container id before the hijack in `docker run`
+ * Registry: add regexp check on repo's name
+ * Registry: Move auth to the client
+ * Runtime: improved image removal to garbage-collect unreferenced parents
+ * Vagrantfile: Add the rest api port to vagrantfile's port_forward
+ * Upgrade to Go 1.1
+ - Builder: don't ignore last line in Dockerfile when it doesn't end with \n
+ - Registry: Remove login check on pull
+
 ## 0.4.0 (2013-06-03)
  + Introducing Builder: 'docker build' builds a container, layer by layer, from a source repository containing a Dockerfile
  + Introducing Remote API: control Docker programmatically using a simple HTTP/json API

Dockerfile

@@ -0,0 +1,30 @@
+# This file describes the standard way to build Docker, using docker
+docker-version 0.4.2
+from	ubuntu:12.04
+maintainer	Solomon Hykes <solomon@dotcloud.com>
+# Build dependencies
+run	apt-get install -y -q curl
+run	apt-get install -y -q git
+# Install Go
+run	curl -s https://go.googlecode.com/files/go1.1.1.linux-amd64.tar.gz | tar -v -C /usr/local -xz
+env	PATH	/usr/local/go/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
+env	GOPATH	/go
+env	CGO_ENABLED 0
+run	cd /tmp && echo 'package main' > t.go && go test -a -i -v
+# Download dependencies
+run	PKG=github.com/kr/pty REV=27435c699;		 git clone http://$PKG /go/src/$PKG && cd /go/src/$PKG && git checkout -f $REV
+run	PKG=github.com/gorilla/context/ REV=708054d61e5; git clone http://$PKG /go/src/$PKG && cd /go/src/$PKG && git checkout -f $REV
+run	PKG=github.com/gorilla/mux/ REV=9b36453141c;	 git clone http://$PKG /go/src/$PKG && cd /go/src/$PKG && git checkout -f $REV
+# Run dependencies
+run	apt-get install -y iptables
+# lxc requires updating ubuntu sources
+run	echo 'deb http://archive.ubuntu.com/ubuntu precise main universe' > /etc/apt/sources.list
+run	apt-get update
+run	apt-get install -y lxc
+run	apt-get install -y aufs-tools
+# Upload docker source
+add	.       /go/src/github.com/dotcloud/docker
+# Build the binary
+run	cd /go/src/github.com/dotcloud/docker/docker && go install -ldflags "-X main.GITCOMMIT '??' -d -w"
+env	PATH	/usr/local/go/bin:/go/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
+cmd	["docker"]

FIXME

@@ -0,0 +1,36 @@
+
+## FIXME
+
+This file is a loose collection of things to improve in the codebase, for the internal
+use of the maintainers.
+
+They are not big enough to be in the roadmap, not user-facing enough to be github issues,
+and not important enough to be discussed in the mailing list.
+
+They are just like FIXME comments in the source code, except we're not sure where in the source
+to put them - so we put them here :)
+
+
+* Merge Runtime, Server and Builder into Runtime
+* Run linter on codebase
+* Unify build commands and regular commands
+* Move source code into src/ subdir for clarity
+* Clean up the Makefile, it's a mess
+* docker build: on non-existent local path for ADD, don't show full absolute path on the host
+* mount into /dockerinit rather than /sbin/init
+* docker tag foo REPO:TAG
+* use size header for progress bar in pull
+* Clean up context upload in build!!!
+* Parallel pull
+* Ensure /proc/sys/net/ipv4/ip_forward is 1
+* Force DNS to public!
+* Always generate a resolv.conf per container, to avoid changing resolv.conf under thne container's feet
+* Save metadata with import/export
+* Upgrade dockerd without stopping containers
+* bring back git revision info, looks like it was lost
+* Simple command to remove all untagged images
+* Simple command to clean up containers for disk space
+* Caching after an ADD
+* entry point config
+* bring back git revision info, looks like it was lost
+* Clean up the ProgressReader api, it's a PITA to use

Makefile

@@ -2,6 +2,8 @@ DOCKER_PACKAGE := github.com/dotcloud/docker
 RELEASE_VERSION := $(shell git tag | grep -E "v[0-9\.]+$$" | sort -nr | head -n 1)
 SRCRELEASE := docker-$(RELEASE_VERSION)
 BINRELEASE := docker-$(RELEASE_VERSION).tgz
+BUILD_SRC := build_src
+BUILD_PATH := ${BUILD_SRC}/src/${DOCKER_PACKAGE}
 
 GIT_ROOT := $(shell git rev-parse --show-toplevel)
 BUILD_DIR := $(CURDIR)/.gopath
@@ -9,7 +11,7 @@ BUILD_DIR := $(CURDIR)/.gopath
 GOPATH ?= $(BUILD_DIR)
 export GOPATH
 
-GO_OPTIONS ?=
+GO_OPTIONS ?= -a -ldflags='-w -d'
 ifeq ($(VERBOSE), 1)
 GO_OPTIONS += -v
 endif
@@ -17,7 +19,7 @@ endif
 GIT_COMMIT = $(shell git rev-parse --short HEAD)
 GIT_STATUS = $(shell test -n "`git status --porcelain`" && echo "+CHANGES")
 
-BUILD_OPTIONS = -ldflags "-X main.GIT_COMMIT $(GIT_COMMIT)$(GIT_STATUS)"
+BUILD_OPTIONS = -a -ldflags "-X main.GITCOMMIT $(GIT_COMMIT)$(GIT_STATUS) -d -w"
 
 SRC_DIR := $(GOPATH)/src
 
@@ -33,7 +35,7 @@ all: $(DOCKER_BIN)
 
 $(DOCKER_BIN): $(DOCKER_DIR)
 	@mkdir -p  $(dir $@)
-	@(cd $(DOCKER_MAIN); go build $(GO_OPTIONS) $(BUILD_OPTIONS) -o $@)
+	@(cd $(DOCKER_MAIN); CGO_ENABLED=0 go build $(GO_OPTIONS) $(BUILD_OPTIONS) -o $@)
 	@echo $(DOCKER_BIN_RELATIVE) is created.
 
 $(DOCKER_DIR):
@@ -46,6 +48,8 @@ whichrelease:
 
 release: $(BINRELEASE)
 	s3cmd -P put $(BINRELEASE) s3://get.docker.io/builds/`uname -s`/`uname -m`/docker-$(RELEASE_VERSION).tgz
+	s3cmd -P put docker-latest.tgz s3://get.docker.io/builds/`uname -s`/`uname -m`/docker-latest.tgz
+	s3cmd -P put $(SRCRELEASE)/bin/docker s3://get.docker.io/builds/`uname -s`/`uname -m`/docker
 
 srcrelease: $(SRCRELEASE)
 deps: $(DOCKER_DIR)
@@ -60,6 +64,7 @@ $(SRCRELEASE):
 $(BINRELEASE): $(SRCRELEASE)
 	rm -f $(BINRELEASE)
 	cd $(SRCRELEASE); make; cp -R bin docker-$(RELEASE_VERSION); tar -f ../$(BINRELEASE) -zv -c docker-$(RELEASE_VERSION)
+	cd $(SRCRELEASE); cp -R bin docker-latest; tar -f ../docker-latest.tgz -zv -c docker-latest
 
 clean:
 	@rm -rf $(dir $(DOCKER_BIN))
@@ -69,8 +74,16 @@ else ifneq ($(DOCKER_DIR), $(realpath $(DOCKER_DIR)))
 	@rm -f $(DOCKER_DIR)
 endif
 
-test: all
-	@(cd $(DOCKER_DIR); sudo -E go test $(GO_OPTIONS))
+test:
+	# Copy docker source and dependencies for testing
+	rm -rf ${BUILD_SRC}; mkdir -p ${BUILD_PATH}
+	tar --exclude=${BUILD_SRC} -cz . | tar -xz -C ${BUILD_PATH}
+	GOPATH=${CURDIR}/${BUILD_SRC} go get -d
+	# Do the test
+	sudo -E GOPATH=${CURDIR}/${BUILD_SRC} CGO_ENABLED=0 go test ${GO_OPTIONS}
+
+testall: all
+	@(cd $(DOCKER_DIR); CGO_ENABLED=0 sudo -E go test ./... $(GO_OPTIONS))
 
 fmt:
 	@gofmt -s -l -w .

NOTICE

@@ -3,4 +3,9 @@ Copyright 2012-2013 dotCloud, inc.
 
 This product includes software developed at dotCloud, inc. (http://www.dotcloud.com).
 
-This product contains software (https://github.com/kr/pty) developed by Keith Rarick, licensed under the MIT License.
+This product contains software (https://github.com/kr/pty) developed by Keith Rarick, licensed under the MIT License.
+
+Transfers of Docker shall be in accordance with applicable export controls of any country and all other applicable
+legal requirements.  Docker shall not be distributed or downloaded to or in Cuba, Iran, North Korea, Sudan or Syria
+and shall not be distributed or downloaded to any person on the Denied Persons List administered by the U.S.
+Department of Commerce.

README.md

@@ -1,80 +1,129 @@
 Docker: the Linux container engine
 ==================================
 
-Docker is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers.
+Docker is an open-source engine which automates the deployment of
+applications as highly portable, self-sufficient containers.
 
-Docker containers are both *hardware-agnostic* and *platform-agnostic*. This means that they can run anywhere, from your
-laptop to the largest EC2 compute instance and everything in between - and they don't require that you use a particular
-language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases
-and backend services without depending on a particular stack or provider.
+Docker containers are both *hardware-agnostic* and
+*platform-agnostic*. This means that they can run anywhere, from your
+laptop to the largest EC2 compute instance and everything in between -
+and they don't require that you use a particular language, framework
+or packaging system. That makes them great building blocks for
+deploying and scaling web apps, databases and backend services without
+depending on a particular stack or provider.
 
-Docker is an open-source implementation of the deployment engine which powers [dotCloud](http://dotcloud.com), a popular Platform-as-a-Service.
-It benefits directly from the experience accumulated over several years of large-scale operation and support of hundreds of thousands
-of applications and databases.
+Docker is an open-source implementation of the deployment engine which
+powers [dotCloud](http://dotcloud.com), a popular
+Platform-as-a-Service.  It benefits directly from the experience
+accumulated over several years of large-scale operation and support of
+hundreds of thousands of applications and databases.
 
-![Docker L](docs/sources/concepts/images/lego_docker.jpg "Docker")
+![Docker L](docs/sources/concepts/images/dockerlogo-h.png "Docker")
 
 ## Better than VMs
 
-A common method for distributing applications and sandbox their execution is to use virtual machines, or VMs. Typical VM formats
-are VMWare's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In theory these formats should allow every developer to
-automatically package their application into a "machine" for easy distribution and deployment. In practice, that almost never
-happens, for a few reasons:
+A common method for distributing applications and sandbox their
+execution is to use virtual machines, or VMs. Typical VM formats are
+VMWare's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In
+theory these formats should allow every developer to automatically
+package their application into a "machine" for easy distribution and
+deployment. In practice, that almost never happens, for a few reasons:
 
-  * *Size*: VMs are very large which makes them impractical to store and transfer.
-  * *Performance*: running VMs consumes significant CPU and memory, which makes them impractical in many scenarios, for example local development of multi-tier applications, and
-  	large-scale deployment of cpu and memory-intensive applications on large numbers of machines.
-  * *Portability*: competing VM environments don't play well with each other. Although conversion tools do exist, they are limited and add even more overhead.
-  * *Hardware-centric*: VMs were designed with machine operators in mind, not software developers. As a result, they offer very limited tooling for what developers need most:
-  	building, testing and running their software. For example, VMs offer no facilities for application versioning, monitoring, configuration, logging or service discovery.
+  * *Size*: VMs are very large which makes them impractical to store
+     and transfer.
+  * *Performance*: running VMs consumes significant CPU and memory,
+    which makes them impractical in many scenarios, for example local
+    development of multi-tier applications, and large-scale deployment
+    of cpu and memory-intensive applications on large numbers of
+    machines.
+  * *Portability*: competing VM environments don't play well with each
+     other. Although conversion tools do exist, they are limited and
+     add even more overhead.
+  * *Hardware-centric*: VMs were designed with machine operators in
+    mind, not software developers. As a result, they offer very
+    limited tooling for what developers need most: building, testing
+    and running their software. For example, VMs offer no facilities
+    for application versioning, monitoring, configuration, logging or
+    service discovery.
 
-By contrast, Docker relies on a different sandboxing method known as *containerization*. Unlike traditional virtualization,
-containerization takes place at the kernel level. Most modern operating system kernels now support the primitives necessary
-for containerization, including Linux with [openvz](http://openvz.org), [vserver](http://linux-vserver.org) and more recently [lxc](http://lxc.sourceforge.net),
-	Solaris with [zones](http://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc) and FreeBSD with [Jails](http://www.freebsd.org/doc/handbook/jails.html).
+By contrast, Docker relies on a different sandboxing method known as
+*containerization*. Unlike traditional virtualization,
+containerization takes place at the kernel level. Most modern
+operating system kernels now support the primitives necessary for
+containerization, including Linux with [openvz](http://openvz.org),
+[vserver](http://linux-vserver.org) and more recently
+[lxc](http://lxc.sourceforge.net), Solaris with
+[zones](http://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc)
+and FreeBSD with
+[Jails](http://www.freebsd.org/doc/handbook/jails.html).
 
-Docker builds on top of these low-level primitives to offer developers a portable format and runtime environment that solves
-all 4 problems. Docker containers are small (and their transfer can be optimized with layers), they have basically zero memory and cpu overhead,
-they are completely portable and are designed from the ground up with an application-centric design.
+Docker builds on top of these low-level primitives to offer developers
+a portable format and runtime environment that solves all 4
+problems. Docker containers are small (and their transfer can be
+optimized with layers), they have basically zero memory and cpu
+overhead, they are completely portable and are designed from the
+ground up with an application-centric design.
 
-The best part: because docker operates at the OS level, it can still be run inside a VM!
+The best part: because ``docker`` operates at the OS level, it can
+still be run inside a VM!
 
 ## Plays well with others
 
-Docker does not require that you buy into a particular programming language, framework, packaging system or configuration language.
+Docker does not require that you buy into a particular programming
+language, framework, packaging system or configuration language.
 
-Is your application a unix process? Does it use files, tcp connections, environment variables, standard unix streams and command-line
-arguments as inputs and outputs? Then docker can run it.
+Is your application a Unix process? Does it use files, tcp
+connections, environment variables, standard Unix streams and
+command-line arguments as inputs and outputs? Then ``docker`` can run
+it.
 
-Can your application's build be expressed as a sequence of such commands? Then docker can build it.
+Can your application's build be expressed as a sequence of such
+commands? Then ``docker`` can build it.
 
 
 ## Escape dependency hell
 
-A common problem for developers is the difficulty of managing all their application's dependencies in a simple and automated way.
+A common problem for developers is the difficulty of managing all
+their application's dependencies in a simple and automated way.
 
 This is usually difficult for several reasons:
 
-  * *Cross-platform dependencies*. Modern applications often depend on a combination of system libraries and binaries, language-specific packages, framework-specific modules,
-  	internal components developed for another project, etc. These dependencies live in different "worlds" and require different tools - these tools typically don't work
-	well with each other, requiring awkward custom integrations.
+  * *Cross-platform dependencies*. Modern applications often depend on
+    a combination of system libraries and binaries, language-specific
+    packages, framework-specific modules, internal components
+    developed for another project, etc. These dependencies live in
+    different "worlds" and require different tools - these tools
+    typically don't work well with each other, requiring awkward
+    custom integrations.
 
-  * Conflicting dependencies. Different applications may depend on different versions of the same dependency. Packaging tools handle these situations with various degrees of ease -
-  	but they all handle them in different and incompatible ways, which again forces the developer to do extra work.
+  * Conflicting dependencies. Different applications may depend on
+    different versions of the same dependency. Packaging tools handle
+    these situations with various degrees of ease - but they all
+    handle them in different and incompatible ways, which again forces
+    the developer to do extra work.
   
-  * Custom dependencies. A developer may need to prepare a custom version of his application's dependency. Some packaging systems can handle custom versions of a dependency,
-  	others can't - and all of them handle it differently.
+  * Custom dependencies. A developer may need to prepare a custom
+    version of their application's dependency. Some packaging systems
+    can handle custom versions of a dependency, others can't - and all
+    of them handle it differently.
 
 
-Docker solves dependency hell by giving the developer a simple way to express *all* his application's dependencies in one place,
-and streamline the process of assembling them. If this makes you think of [XKCD 927](http://xkcd.com/927/), don't worry. Docker doesn't
-*replace* your favorite packaging systems. It simply orchestrates their use in a simple and repeatable way. How does it do that? With layers.
+Docker solves dependency hell by giving the developer a simple way to
+express *all* their application's dependencies in one place, and
+streamline the process of assembling them. If this makes you think of
+[XKCD 927](http://xkcd.com/927/), don't worry. Docker doesn't
+*replace* your favorite packaging systems. It simply orchestrates
+their use in a simple and repeatable way. How does it do that? With
+layers.
 
-Docker defines a build as running a sequence of unix commands, one after the other, in the same container. Build commands modify the contents of the container
-(usually by installing new files on the filesystem), the next command modifies it some more, etc. Since each build command inherits the result of the previous
-commands, the *order* in which the commands are executed expresses *dependencies*.
+Docker defines a build as running a sequence of Unix commands, one
+after the other, in the same container. Build commands modify the
+contents of the container (usually by installing new files on the
+filesystem), the next command modifies it some more, etc. Since each
+build command inherits the result of the previous commands, the
+*order* in which the commands are executed expresses *dependencies*.
 
-Here's a typical docker build process:
+Here's a typical Docker build process:
 
 ```bash
 from ubuntu:12.10
@@ -87,7 +136,8 @@ run curl -L https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xz
 run cd helloflask-master && pip install -r requirements.txt
 ```
 
-Note that Docker doesn't care *how* dependencies are built - as long as they can be built by running a unix command in a container.
+Note that Docker doesn't care *how* dependencies are built - as long
+as they can be built by running a Unix command in a container.
 
 
 Install instructions
@@ -97,33 +147,34 @@ Quick install on Ubuntu 12.04 and 12.10
 ---------------------------------------
 
 ```bash
-curl get.docker.io | sh -x
+curl get.docker.io | sudo sh -x
 ```
 
 Binary installs
 ----------------
 
-Docker supports the following binary installation methods.
-Note that some methods are community contributions and not yet officially supported.
+Docker supports the following binary installation methods.  Note that
+some methods are community contributions and not yet officially
+supported.
 
 * [Ubuntu 12.04 and 12.10 (officially supported)](http://docs.docker.io/en/latest/installation/ubuntulinux/)
 * [Arch Linux](http://docs.docker.io/en/latest/installation/archlinux/)
-* [MacOS X (with Vagrant)](http://docs.docker.io/en/latest/installation/macos/)
+* [Mac OS X (with Vagrant)](http://docs.docker.io/en/latest/installation/vagrant/)
 * [Windows (with Vagrant)](http://docs.docker.io/en/latest/installation/windows/)
 * [Amazon EC2 (with Vagrant)](http://docs.docker.io/en/latest/installation/amazon/)
 
 Installing from source
 ----------------------
 
-1. Make sure you have a [Go language](http://golang.org/doc/install) compiler and [git](http://git-scm.com) installed.
-
+1. Make sure you have a [Go language](http://golang.org/doc/install)
+compiler >= 1.1 and [git](http://git-scm.com) installed.
 2. Checkout the source code
 
    ```bash
    git clone http://github.com/dotcloud/docker
    ```
 
-3. Build the docker binary
+3. Build the ``docker`` binary
 
    ```bash
    cd docker
@@ -134,17 +185,20 @@ Installing from source
 Usage examples
 ==============
 
-First run the docker daemon
----------------------------
+First run the ``docker`` daemon
+-------------------------------
 
-All the examples assume your machine is running the docker daemon. To run the docker daemon in the background, simply type:
+All the examples assume your machine is running the ``docker``
+daemon. To run the ``docker`` daemon in the background, simply type:
 
 ```bash
 # On a production system you want this running in an init script
 sudo docker -d &
 ```
 
-Now you can run docker in client mode: all commands will be forwarded to the docker daemon, so the client can run from any account.
+Now you can run ``docker`` in client mode: all commands will be
+forwarded to the ``docker`` daemon, so the client can run from any
+account.
 
 ```bash
 # Now you can run docker commands from any account.
@@ -152,7 +206,7 @@ docker help
 ```
 
 
-Throwaway shell in a base ubuntu image
+Throwaway shell in a base Ubuntu image
 --------------------------------------
 
 ```bash
@@ -181,7 +235,7 @@ Running an irc bouncer
 ----------------------
 
 ```bash
-BOUNCER_ID=$(docker run -d -p 6667 -u irc shykes/znc $USER $PASSWORD)
+BOUNCER_ID=$(docker run -d -p 6667 -u irc shykes/znc zncrun $USER $PASSWORD)
 echo "Configure your irc client to connect to port $(docker port $BOUNCER_ID 6667) of this machine"
 ```
 
@@ -202,7 +256,8 @@ docker commit -m "Installed curl" $CONTAINER $USER/betterbase
 docker push $USER/betterbase
 ```
 
-A list of publicly available images is [available here](https://github.com/dotcloud/docker/wiki/Public-docker-images).
+A list of publicly available images is [available
+here](https://github.com/dotcloud/docker/wiki/Public-docker-images).
 
 Expose a service on a TCP port
 ------------------------------
@@ -216,7 +271,8 @@ PORT=$(docker port $JOB 4444)
 
 # Connect to the public port via the host's public address
 # Please note that because of how routing works connecting to localhost or 127.0.0.1 $PORT will not work.
-IP=$(ifconfig eth0 | perl -n -e 'if (m/inet addr:([\d\.]+)/g) { print $1 }')
+# Replace *eth0* according to your local interface name.
+IP=$(ip -o -4 addr list eth0 | perl -n -e 'if (m{inet\s([\d\.]+)\/\d+\s}xms) { print $1 }')
 echo hello world | nc $IP $PORT
 
 # Verify that the network connection worked
@@ -228,32 +284,40 @@ Under the hood
 
 Under the hood, Docker is built on the following components:
 
-
-* The [cgroup](http://blog.dotcloud.com/kernel-secrets-from-the-paas-garage-part-24-c) and [namespacing](http://blog.dotcloud.com/under-the-hood-linux-kernels-on-dotcloud-part) capabilities of the Linux kernel;
-
-* [AUFS](http://aufs.sourceforge.net/aufs.html), a powerful union filesystem with copy-on-write capabilities;
-
+* The
+  [cgroup](http://blog.dotcloud.com/kernel-secrets-from-the-paas-garage-part-24-c)
+  and
+  [namespacing](http://blog.dotcloud.com/under-the-hood-linux-kernels-on-dotcloud-part)
+  capabilities of the Linux kernel;
+* [AUFS](http://aufs.sourceforge.net/aufs.html), a powerful union
+  filesystem with copy-on-write capabilities;
 * The [Go](http://golang.org) programming language;
-
-* [lxc](http://lxc.sourceforge.net/), a set of convenience scripts to simplify the creation of linux containers.
+* [lxc](http://lxc.sourceforge.net/), a set of convenience scripts to
+  simplify the creation of Linux containers.
 
 
 
 Contributing to Docker
 ======================
 
-Want to hack on Docker? Awesome! There are instructions to get you started on the website: http://docs.docker.io/en/latest/contributing/contributing/
+Want to hack on Docker? Awesome! There are instructions to get you
+started on the website:
+http://docs.docker.io/en/latest/contributing/contributing/
 
-They are probably not perfect, please let us know if anything feels wrong or incomplete.
+They are probably not perfect, please let us know if anything feels
+wrong or incomplete.
 
 
 Note
 ----
 
-We also keep the documentation in this repository. The website documentation is generated using sphinx using these sources.
-Please find it under docs/sources/ and read more about it https://github.com/dotcloud/docker/master/docs/README.md
+We also keep the documentation in this repository. The website
+documentation is generated using Sphinx using these sources.  Please
+find it under docs/sources/ and read more about it
+https://github.com/dotcloud/docker/tree/master/docs/README.md
 
-Please feel free to fix / update the documentation and send us pull requests. More tutorials are also welcome.
+Please feel free to fix / update the documentation and send us pull
+requests. More tutorials are also welcome.
 
 
 Setting up a dev environment
@@ -262,14 +326,14 @@ Setting up a dev environment
 Instructions that have been verified to work on Ubuntu 12.10,
 
 ```bash
-sudo apt-get -y install lxc wget bsdtar curl golang git
+sudo apt-get -y install lxc curl xz-utils golang git
 
 export GOPATH=~/go/
 export PATH=$GOPATH/bin:$PATH
 
 mkdir -p $GOPATH/src/github.com/dotcloud
 cd $GOPATH/src/github.com/dotcloud
-git clone git@github.com:dotcloud/docker.git
+git clone https://github.com/dotcloud/docker.git
 cd docker
 
 go get -v github.com/dotcloud/docker/...
@@ -288,87 +352,104 @@ Run the `go install` command (above) to recompile docker.
 What is a Standard Container?
 =============================
 
-Docker defines a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in
-a format that is self-describing and portable, so that any compliant runtime can run it without extra dependencies, regardless of the underlying machine and the contents of the container.
+Docker defines a unit of software delivery called a Standard
+Container. The goal of a Standard Container is to encapsulate a
+software component and all its dependencies in a format that is
+self-describing and portable, so that any compliant runtime can run it
+without extra dependencies, regardless of the underlying machine and
+the contents of the container.
 
-The spec for Standard Containers is currently a work in progress, but it is very straightforward. It mostly defines 1) an image format, 2) a set of standard operations, and 3) an execution environment.
+The spec for Standard Containers is currently a work in progress, but
+it is very straightforward. It mostly defines 1) an image format, 2) a
+set of standard operations, and 3) an execution environment.
 
-A great analogy for this is the shipping container. Just like how Standard Containers are a fundamental unit of software delivery, shipping containers (http://bricks.argz.com/ins/7823-1/12) are a fundamental unit of physical delivery.
+A great analogy for this is the shipping container. Just like how
+Standard Containers are a fundamental unit of software delivery,
+shipping containers are a fundamental unit of physical delivery.
 
 ### 1. STANDARD OPERATIONS
 
-Just like shipping containers, Standard Containers define a set of STANDARD OPERATIONS. Shipping containers can be lifted, stacked, locked, loaded, unloaded and labelled. Similarly, standard containers can be started, stopped, copied, snapshotted, downloaded, uploaded and tagged.
+Just like shipping containers, Standard Containers define a set of
+STANDARD OPERATIONS. Shipping containers can be lifted, stacked,
+locked, loaded, unloaded and labelled. Similarly, Standard Containers
+can be started, stopped, copied, snapshotted, downloaded, uploaded and
+tagged.
 
 
 ### 2. CONTENT-AGNOSTIC
 
-Just like shipping containers, Standard Containers are CONTENT-AGNOSTIC: all standard operations have the same effect regardless of the contents. A shipping container will be stacked in exactly the same way whether it contains Vietnamese powder coffee or spare Maserati parts. Similarly, Standard Containers are started or uploaded in the same way whether they contain a postgres database, a php application with its dependencies and application server, or Java build artifacts.
+Just like shipping containers, Standard Containers are
+CONTENT-AGNOSTIC: all standard operations have the same effect
+regardless of the contents. A shipping container will be stacked in
+exactly the same way whether it contains Vietnamese powder coffee or
+spare Maserati parts. Similarly, Standard Containers are started or
+uploaded in the same way whether they contain a postgres database, a
+php application with its dependencies and application server, or Java
+build artifacts.
 
 
 ### 3. INFRASTRUCTURE-AGNOSTIC
 
-Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be transported to thousands of facilities around the world, and manipulated by a wide variety of equipment. A shipping container can be packed in a factory in Ukraine, transported by truck to the nearest routing center, stacked onto a train, loaded into a German boat by an Australian-built crane, stored in a warehouse at a US facility, etc. Similarly, a standard container can be bundled on my laptop, uploaded to S3, downloaded, run and snapshotted by a build server at Equinix in Virginia, uploaded to 10 staging servers in a home-made Openstack cluster, then sent to 30 production instances across 3 EC2 regions.
+Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be
+transported to thousands of facilities around the world, and
+manipulated by a wide variety of equipment. A shipping container can
+be packed in a factory in Ukraine, transported by truck to the nearest
+routing center, stacked onto a train, loaded into a German boat by an
+Australian-built crane, stored in a warehouse at a US facility,
+etc. Similarly, a standard container can be bundled on my laptop,
+uploaded to S3, downloaded, run and snapshotted by a build server at
+Equinix in Virginia, uploaded to 10 staging servers in a home-made
+Openstack cluster, then sent to 30 production instances across 3 EC2
+regions.
 
 
 ### 4. DESIGNED FOR AUTOMATION
 
-Because they offer the same standard operations regardless of content and infrastructure, Standard Containers, just like their physical counterpart, are extremely well-suited for automation. In fact, you could say automation is their secret weapon.
+Because they offer the same standard operations regardless of content
+and infrastructure, Standard Containers, just like their physical
+counterparts, are extremely well-suited for automation. In fact, you
+could say automation is their secret weapon.
 
-Many things that once required time-consuming and error-prone human effort can now be programmed. Before shipping containers, a bag of powder coffee was hauled, dragged, dropped, rolled and stacked by 10 different people in 10 different locations by the time it reached its destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The process was slow, inefficient and cost a fortune - and was entirely different depending on the facility and the type of goods.
+Many things that once required time-consuming and error-prone human
+effort can now be programmed. Before shipping containers, a bag of
+powder coffee was hauled, dragged, dropped, rolled and stacked by 10
+different people in 10 different locations by the time it reached its
+destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The
+process was slow, inefficient and cost a fortune - and was entirely
+different depending on the facility and the type of goods.
 
-Similarly, before Standard Containers, by the time a software component ran in production, it had been individually built, configured, bundled, documented, patched, vendored, templated, tweaked and instrumented by 10 different people on 10 different computers. Builds failed, libraries conflicted, mirrors crashed, post-it notes were lost, logs were misplaced, cluster updates were half-broken. The process was slow, inefficient and cost a fortune - and was entirely different depending on the language and infrastructure provider.
+Similarly, before Standard Containers, by the time a software
+component ran in production, it had been individually built,
+configured, bundled, documented, patched, vendored, templated, tweaked
+and instrumented by 10 different people on 10 different
+computers. Builds failed, libraries conflicted, mirrors crashed,
+post-it notes were lost, logs were misplaced, cluster updates were
+half-broken. The process was slow, inefficient and cost a fortune -
+and was entirely different depending on the language and
+infrastructure provider.
 
 
 ### 5. INDUSTRIAL-GRADE DELIVERY
 
-There are 17 million shipping containers in existence, packed with every physical good imaginable. Every single one of them can be loaded onto the same boats, by the same cranes, in the same facilities, and sent anywhere in the World with incredible efficiency. It is embarrassing to think that a 30 ton shipment of coffee can safely travel half-way across the World in *less time* than it takes a software team to deliver its code from one datacenter to another sitting 10 miles away.
+There are 17 million shipping containers in existence, packed with
+every physical good imaginable. Every single one of them can be loaded
+onto the same boats, by the same cranes, in the same facilities, and
+sent anywhere in the World with incredible efficiency. It is
+embarrassing to think that a 30 ton shipment of coffee can safely
+travel half-way across the World in *less time* than it takes a
+software team to deliver its code from one datacenter to another
+sitting 10 miles away.
 
-With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.
+With Standard Containers we can put an end to that embarrassment, by
+making INDUSTRIAL-GRADE DELIVERY of software a reality.
 
 
+### Legal
 
-
-Standard Container Specification
---------------------------------
-
-(TODO)
-
-### Image format
-
-
-### Standard operations
-
-* Copy
-* Run
-* Stop
-* Wait
-* Commit
-* Attach standard streams
-* List filesystem changes
-* ...
-
-### Execution environment
-
-#### Root filesystem
-
-#### Environment variables
-
-#### Process arguments
-
-#### Networking
-
-#### Process namespacing
-
-#### Resource limits
-
-#### Process monitoring
-
-#### Logging
-
-#### Signals
-
-#### Pseudo-terminal allocation
-
-#### Security
-
+Transfers of Docker shall be in accordance with applicable export
+controls of any country and all other applicable legal requirements.
+Docker shall not be distributed or downloaded to or in Cuba, Iran,
+North Korea, Sudan or Syria and shall not be distributed or downloaded
+to any person on the Denied Persons List administered by the U.S.
+Department of Commerce.
 

Vagrantfile

@@ -3,13 +3,16 @@
 
 BOX_NAME = ENV['BOX_NAME'] || "ubuntu"
 BOX_URI = ENV['BOX_URI'] || "http://files.vagrantup.com/precise64.box"
+VF_BOX_URI = ENV['BOX_URI'] || "http://files.vagrantup.com/precise64_vmware_fusion.box"
 AWS_REGION = ENV['AWS_REGION'] || "us-east-1"
 AWS_AMI    = ENV['AWS_AMI']    || "ami-d0f89fb9"
+FORWARD_DOCKER_PORTS = ENV['FORWARD_DOCKER_PORTS']
 
 Vagrant::Config.run do |config|
   # Setup virtual machine box. This VM configuration code is always executed.
   config.vm.box = BOX_NAME
   config.vm.box_url = BOX_URI
+  config.vm.forward_port 4243, 4243
 
   # Provision docker and new kernel if deployment was not done
   if Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty?
@@ -17,6 +20,8 @@ Vagrant::Config.run do |config|
     pkg_cmd = "apt-get update -qq; apt-get install -q -y python-software-properties; " \
       "add-apt-repository -y ppa:dotcloud/lxc-docker; apt-get update -qq; " \
       "apt-get install -q -y lxc-docker; "
+    # Listen on all interfaces so that the daemon is accessible from the host
+    pkg_cmd << "sed -i -E 's|    /usr/bin/docker -d|    /usr/bin/docker -d -H 0.0.0.0|' /etc/init/docker.conf;"
     # Add X.org Ubuntu backported 3.8 kernel
     pkg_cmd << "add-apt-repository -y ppa:ubuntu-x-swat/r-lts-backport; " \
       "apt-get update -qq; apt-get install -q -y linux-image-3.8.0-19-generic; "
@@ -65,8 +70,29 @@ Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
     rs.image    = /Ubuntu/
   end
 
+  config.vm.provider :vmware_fusion do |f, override|
+    override.vm.box = BOX_NAME
+    override.vm.box_url = VF_BOX_URI
+    override.vm.synced_folder ".", "/vagrant", disabled: true
+    f.vmx["displayName"] = "docker"
+  end
+
   config.vm.provider :virtualbox do |vb|
     config.vm.box = BOX_NAME
     config.vm.box_url = BOX_URI
   end
 end
+
+if !FORWARD_DOCKER_PORTS.nil?
+    Vagrant::VERSION < "1.1.0" and Vagrant::Config.run do |config|
+        (49000..49900).each do |port|
+            config.vm.forward_port port, port
+        end
+    end
+
+    Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
+        (49000..49900).each do |port|
+            config.vm.network :forwarded_port, :host => port, :guest => port
+        end
+    end
+end

api.go

@@ -7,13 +7,21 @@ import (
 	"github.com/dotcloud/docker/utils"
 	"github.com/gorilla/mux"
 	"io"
+	"io/ioutil"
 	"log"
+	"net"
 	"net/http"
+	"os"
+	"os/exec"
+	"regexp"
 	"strconv"
 	"strings"
 )
 
-const API_VERSION = 1.1
+const APIVERSION = 1.4
+const DEFAULTHTTPHOST = "127.0.0.1"
+const DEFAULTHTTPPORT = 4243
+const DEFAULTUNIXSOCKET = "/var/run/docker.sock"
 
 func hijackServer(w http.ResponseWriter) (io.ReadCloser, io.Writer, error) {
 	conn, _, err := w.(http.Hijacker).Hijack()
@@ -41,81 +49,56 @@ func parseMultipartForm(r *http.Request) error {
 }
 
 func httpError(w http.ResponseWriter, err error) {
+	statusCode := http.StatusInternalServerError
 	if strings.HasPrefix(err.Error(), "No such") {
-		http.Error(w, err.Error(), http.StatusNotFound)
+		statusCode = http.StatusNotFound
 	} else if strings.HasPrefix(err.Error(), "Bad parameter") {
-		http.Error(w, err.Error(), http.StatusBadRequest)
+		statusCode = http.StatusBadRequest
+	} else if strings.HasPrefix(err.Error(), "Conflict") {
+		statusCode = http.StatusConflict
 	} else if strings.HasPrefix(err.Error(), "Impossible") {
-		http.Error(w, err.Error(), http.StatusNotAcceptable)
-	} else {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
+		statusCode = http.StatusNotAcceptable
+	} else if strings.HasPrefix(err.Error(), "Wrong login/password") {
+		statusCode = http.StatusUnauthorized
+	} else if strings.Contains(err.Error(), "hasn't been activated") {
+		statusCode = http.StatusForbidden
 	}
+	utils.Debugf("[error %d] %s", statusCode, err)
+	http.Error(w, err.Error(), statusCode)
 }
 
-func writeJson(w http.ResponseWriter, b []byte) {
+func writeJSON(w http.ResponseWriter, b []byte) {
 	w.Header().Set("Content-Type", "application/json")
 	w.Write(b)
 }
 
-// FIXME: Use stvconv.ParseBool() instead?
 func getBoolParam(value string) (bool, error) {
-	if value == "1" || strings.ToLower(value) == "true" {
-		return true, nil
-	}
-	if value == "" || value == "0" || strings.ToLower(value) == "false" {
+	if value == "" {
 		return false, nil
 	}
-	return false, fmt.Errorf("Bad parameter")
-}
-
-func getAuth(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	// FIXME: Handle multiple login at once
-	// FIXME: return specific error code if config file missing?
-	authConfig, err := auth.LoadConfig(srv.runtime.root)
+	ret, err := strconv.ParseBool(value)
 	if err != nil {
-		if err != auth.ErrConfigFileMissing {
-			return err
-		}
-		authConfig = &auth.AuthConfig{}
+		return false, fmt.Errorf("Bad parameter")
 	}
-	b, err := json.Marshal(&auth.AuthConfig{Username: authConfig.Username, Email: authConfig.Email})
-	if err != nil {
-		return err
-	}
-	writeJson(w, b)
-	return nil
+	return ret, nil
 }
 
 func postAuth(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	// FIXME: Handle multiple login at once
-	config := &auth.AuthConfig{}
-	if err := json.NewDecoder(r.Body).Decode(config); err != nil {
-		return err
-	}
-
-	authConfig, err := auth.LoadConfig(srv.runtime.root)
-	if err != nil {
-		if err != auth.ErrConfigFileMissing {
-			return err
-		}
-		authConfig = &auth.AuthConfig{}
-	}
-	if config.Username == authConfig.Username {
-		config.Password = authConfig.Password
-	}
-
-	newAuthConfig := auth.NewAuthConfig(config.Username, config.Password, config.Email, srv.runtime.root)
-	status, err := auth.Login(newAuthConfig)
+	authConfig := &auth.AuthConfig{}
+	err := json.NewDecoder(r.Body).Decode(authConfig)
+	if err != nil {
+		return err
+	}
+	status, err := auth.Login(authConfig)
 	if err != nil {
 		return err
 	}
-
 	if status != "" {
-		b, err := json.Marshal(&ApiAuth{Status: status})
+		b, err := json.Marshal(&APIAuth{Status: status})
 		if err != nil {
 			return err
 		}
-		writeJson(w, b)
+		writeJSON(w, b)
 		return nil
 	}
 	w.WriteHeader(http.StatusNoContent)
@@ -128,7 +111,7 @@ func getVersion(srv *Server, version float64, w http.ResponseWriter, r *http.Req
 	if err != nil {
 		return err
 	}
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
@@ -151,13 +134,13 @@ func getContainersExport(srv *Server, version float64, w http.ResponseWriter, r
 	name := vars["name"]
 
 	if err := srv.ContainerExport(name, w); err != nil {
-		utils.Debugf("%s", err.Error())
+		utils.Debugf("%s", err)
 		return err
 	}
 	return nil
 }
 
-func getImagesJson(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func getImagesJSON(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := parseForm(r); err != nil {
 		return err
 	}
@@ -176,7 +159,7 @@ func getImagesJson(srv *Server, version float64, w http.ResponseWriter, r *http.
 	if err != nil {
 		return err
 	}
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
@@ -193,7 +176,65 @@ func getInfo(srv *Server, version float64, w http.ResponseWriter, r *http.Reques
 	if err != nil {
 		return err
 	}
-	writeJson(w, b)
+	writeJSON(w, b)
+	return nil
+}
+
+func getEvents(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	sendEvent := func(wf *utils.WriteFlusher, event *utils.JSONMessage) error {
+		b, err := json.Marshal(event)
+		if err != nil {
+			return fmt.Errorf("JSON error")
+		}
+		_, err = wf.Write(b)
+		if err != nil {
+			// On error, evict the listener
+			utils.Debugf("%s", err)
+			srv.Lock()
+			delete(srv.listeners, r.RemoteAddr)
+			srv.Unlock()
+			return err
+		}
+		return nil
+	}
+
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	listener := make(chan utils.JSONMessage)
+	srv.Lock()
+	srv.listeners[r.RemoteAddr] = listener
+	srv.Unlock()
+	since, err := strconv.ParseInt(r.Form.Get("since"), 10, 0)
+	if err != nil {
+		since = 0
+	}
+	w.Header().Set("Content-Type", "application/json")
+	wf := utils.NewWriteFlusher(w)
+	if since != 0 {
+		// If since, send previous events that happened after the timestamp
+		for _, event := range srv.events {
+			if event.Time >= since {
+				err := sendEvent(wf, &event)
+				if err != nil && err.Error() == "JSON error" {
+					continue
+				}
+				if err != nil {
+					return err
+				}
+			}
+		}
+	}
+	for {
+		event := <-listener
+		err := sendEvent(wf, &event)
+		if err != nil && err.Error() == "JSON error" {
+			continue
+		}
+		if err != nil {
+			return err
+		}
+	}
 	return nil
 }
 
@@ -210,7 +251,7 @@ func getImagesHistory(srv *Server, version float64, w http.ResponseWriter, r *ht
 	if err != nil {
 		return err
 	}
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
@@ -227,11 +268,35 @@ func getContainersChanges(srv *Server, version float64, w http.ResponseWriter, r
 	if err != nil {
 		return err
 	}
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
-func getContainersJson(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func getContainersTop(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if version < 1.4 {
+		return fmt.Errorf("top was improved a lot since 1.3, Please upgrade your docker client.")
+	}
+	if vars == nil {
+		return fmt.Errorf("Missing parameter")
+	}
+	if err := parseForm(r); err != nil {
+		return err
+	}
+	name := vars["name"]
+	ps_args := r.Form.Get("ps_args")
+	procsStr, err := srv.ContainerTop(name, ps_args)
+	if err != nil {
+		return err
+	}
+	b, err := json.Marshal(procsStr)
+	if err != nil {
+		return err
+	}
+	writeJSON(w, b)
+	return nil
+}
+
+func getContainersJSON(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := parseForm(r); err != nil {
 		return err
 	}
@@ -239,6 +304,10 @@ func getContainersJson(srv *Server, version float64, w http.ResponseWriter, r *h
 	if err != nil {
 		return err
 	}
+	size, err := getBoolParam(r.Form.Get("size"))
+	if err != nil {
+		return err
+	}
 	since := r.Form.Get("since")
 	before := r.Form.Get("before")
 	n, err := strconv.Atoi(r.Form.Get("limit"))
@@ -246,12 +315,12 @@ func getContainersJson(srv *Server, version float64, w http.ResponseWriter, r *h
 		n = -1
 	}
 
-	outs := srv.Containers(all, n, since, before)
+	outs := srv.Containers(all, size, n, since, before)
 	b, err := json.Marshal(outs)
 	if err != nil {
 		return err
 	}
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
@@ -283,7 +352,7 @@ func postCommit(srv *Server, version float64, w http.ResponseWriter, r *http.Req
 	}
 	config := &Config{}
 	if err := json.NewDecoder(r.Body).Decode(config); err != nil {
-		utils.Debugf("%s", err.Error())
+		utils.Debugf("%s", err)
 	}
 	repo := r.Form.Get("repo")
 	tag := r.Form.Get("tag")
@@ -294,12 +363,12 @@ func postCommit(srv *Server, version float64, w http.ResponseWriter, r *http.Req
 	if err != nil {
 		return err
 	}
-	b, err := json.Marshal(&ApiId{id})
+	b, err := json.Marshal(&APIID{id})
 	if err != nil {
 		return err
 	}
 	w.WriteHeader(http.StatusCreated)
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
@@ -319,8 +388,7 @@ func postImagesCreate(srv *Server, version float64, w http.ResponseWriter, r *ht
 	}
 	sf := utils.NewStreamFormatter(version > 1.0)
 	if image != "" { //pull
-		registry := r.Form.Get("registry")
-		if err := srv.ImagePull(image, tag, registry, w, sf); err != nil {
+		if err := srv.ImagePull(image, tag, w, sf, &auth.AuthConfig{}); err != nil {
 			if sf.Used() {
 				w.Write(sf.FormatError(err))
 				return nil
@@ -353,7 +421,7 @@ func getImagesSearch(srv *Server, version float64, w http.ResponseWriter, r *htt
 	if err != nil {
 		return err
 	}
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
@@ -372,26 +440,29 @@ func postImagesInsert(srv *Server, version float64, w http.ResponseWriter, r *ht
 		w.Header().Set("Content-Type", "application/json")
 	}
 	sf := utils.NewStreamFormatter(version > 1.0)
-	imgId, err := srv.ImageInsert(name, url, path, w, sf)
+	imgID, err := srv.ImageInsert(name, url, path, w, sf)
 	if err != nil {
 		if sf.Used() {
 			w.Write(sf.FormatError(err))
 			return nil
 		}
 	}
-	b, err := json.Marshal(&ApiId{Id: imgId})
+	b, err := json.Marshal(&APIID{ID: imgID})
 	if err != nil {
 		return err
 	}
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
 func postImagesPush(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	authConfig := &auth.AuthConfig{}
+	if err := json.NewDecoder(r.Body).Decode(authConfig); err != nil {
+		return err
+	}
 	if err := parseForm(r); err != nil {
 		return err
 	}
-	registry := r.Form.Get("registry")
 
 	if vars == nil {
 		return fmt.Errorf("Missing parameter")
@@ -401,7 +472,7 @@ func postImagesPush(srv *Server, version float64, w http.ResponseWriter, r *http
 		w.Header().Set("Content-Type", "application/json")
 	}
 	sf := utils.NewStreamFormatter(version > 1.0)
-	if err := srv.ImagePush(name, registry, w, sf); err != nil {
+	if err := srv.ImagePush(name, w, sf, authConfig); err != nil {
 		if sf.Used() {
 			w.Write(sf.FormatError(err))
 			return nil
@@ -413,17 +484,23 @@ func postImagesPush(srv *Server, version float64, w http.ResponseWriter, r *http
 
 func postContainersCreate(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	config := &Config{}
+	out := &APIRun{}
+
 	if err := json.NewDecoder(r.Body).Decode(config); err != nil {
 		return err
 	}
+
+	if len(config.Dns) == 0 && len(srv.runtime.Dns) == 0 && utils.CheckLocalDns() {
+		out.Warnings = append(out.Warnings, fmt.Sprintf("Docker detected local DNS server on resolv.conf. Using default external servers: %v", defaultDns))
+		config.Dns = defaultDns
+	}
+
 	id, err := srv.ContainerCreate(config)
 	if err != nil {
 		return err
 	}
+	out.ID = id
 
-	out := &ApiRun{
-		Id: id,
-	}
 	if config.Memory > 0 && !srv.runtime.capabilities.MemoryLimit {
 		log.Println("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.")
 		out.Warnings = append(out.Warnings, "Your kernel does not support memory limit capabilities. Limitation discarded.")
@@ -432,12 +509,13 @@ func postContainersCreate(srv *Server, version float64, w http.ResponseWriter, r
 		log.Println("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.")
 		out.Warnings = append(out.Warnings, "Your kernel does not support memory swap capabilities. Limitation discarded.")
 	}
+
 	b, err := json.Marshal(out)
 	if err != nil {
 		return err
 	}
 	w.WriteHeader(http.StatusCreated)
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
@@ -481,23 +559,50 @@ func deleteContainers(srv *Server, version float64, w http.ResponseWriter, r *ht
 }
 
 func deleteImages(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	if err := parseForm(r); err != nil {
+		return err
+	}
 	if vars == nil {
 		return fmt.Errorf("Missing parameter")
 	}
 	name := vars["name"]
-	if err := srv.ImageDelete(name); err != nil {
+	imgs, err := srv.ImageDelete(name, version > 1.1)
+	if err != nil {
 		return err
 	}
-	w.WriteHeader(http.StatusNoContent)
+	if imgs != nil {
+		if len(imgs) != 0 {
+			b, err := json.Marshal(imgs)
+			if err != nil {
+				return err
+			}
+			writeJSON(w, b)
+		} else {
+			return fmt.Errorf("Conflict, %s wasn't deleted", name)
+		}
+	} else {
+		w.WriteHeader(http.StatusNoContent)
+	}
 	return nil
 }
 
 func postContainersStart(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	hostConfig := &HostConfig{}
+
+	// allow a nil body for backwards compatibility
+	if r.Body != nil {
+		if r.Header.Get("Content-Type") == "application/json" {
+			if err := json.NewDecoder(r.Body).Decode(hostConfig); err != nil {
+				return err
+			}
+		}
+	}
+
 	if vars == nil {
 		return fmt.Errorf("Missing parameter")
 	}
 	name := vars["name"]
-	if err := srv.ContainerStart(name); err != nil {
+	if err := srv.ContainerStart(name, hostConfig); err != nil {
 		return err
 	}
 	w.WriteHeader(http.StatusNoContent)
@@ -534,11 +639,11 @@ func postContainersWait(srv *Server, version float64, w http.ResponseWriter, r *
 	if err != nil {
 		return err
 	}
-	b, err := json.Marshal(&ApiWait{StatusCode: status})
+	b, err := json.Marshal(&APIWait{StatusCode: status})
 	if err != nil {
 		return err
 	}
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
@@ -602,7 +707,20 @@ func postContainersAttach(srv *Server, version float64, w http.ResponseWriter, r
 	if err != nil {
 		return err
 	}
-	defer in.Close()
+	defer func() {
+		if tcpc, ok := in.(*net.TCPConn); ok {
+			tcpc.CloseWrite()
+		} else {
+			in.Close()
+		}
+	}()
+	defer func() {
+		if tcpc, ok := out.(*net.TCPConn); ok {
+			tcpc.CloseWrite()
+		} else if closer, ok := out.(io.Closer); ok {
+			closer.Close()
+		}
+	}()
 
 	fmt.Fprintf(out, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
 	if err := srv.ContainerAttach(name, logs, stream, stdin, stdout, stderr, in, out); err != nil {
@@ -625,7 +743,7 @@ func getContainersByName(srv *Server, version float64, w http.ResponseWriter, r
 	if err != nil {
 		return err
 	}
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
@@ -643,17 +761,17 @@ func getImagesByName(srv *Server, version float64, w http.ResponseWriter, r *htt
 	if err != nil {
 		return err
 	}
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
 func postImagesGetCache(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	apiConfig := &ApiImageConfig{}
+	apiConfig := &APIImageConfig{}
 	if err := json.NewDecoder(r.Body).Decode(apiConfig); err != nil {
 		return err
 	}
 
-	image, err := srv.ImageGetCached(apiConfig.Id, apiConfig.Config)
+	image, err := srv.ImageGetCached(apiConfig.ID, apiConfig.Config)
 	if err != nil {
 		return err
 	}
@@ -661,67 +779,115 @@ func postImagesGetCache(srv *Server, version float64, w http.ResponseWriter, r *
 		w.WriteHeader(http.StatusNotFound)
 		return nil
 	}
-	apiId := &ApiId{Id: image.Id}
-	b, err := json.Marshal(apiId)
+	apiID := &APIID{ID: image.ID}
+	b, err := json.Marshal(apiID)
 	if err != nil {
 		return err
 	}
-	writeJson(w, b)
+	writeJSON(w, b)
 	return nil
 }
 
 func postBuild(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	if err := r.ParseMultipartForm(4096); err != nil {
-		return err
+	if version < 1.3 {
+		return fmt.Errorf("Multipart upload for build is no longer supported. Please upgrade your docker client.")
 	}
-	remote := r.FormValue("t")
+	remoteURL := r.FormValue("remote")
+	repoName := r.FormValue("t")
+	rawSuppressOutput := r.FormValue("q")
 	tag := ""
-	if strings.Contains(remote, ":") {
-		remoteParts := strings.Split(remote, ":")
+	if strings.Contains(repoName, ":") {
+		remoteParts := strings.Split(repoName, ":")
 		tag = remoteParts[1]
-		remote = remoteParts[0]
+		repoName = remoteParts[0]
 	}
 
-	dockerfile, _, err := r.FormFile("Dockerfile")
-	if err != nil {
-		return err
-	}
+	var context io.Reader
 
-	context, _, err := r.FormFile("Context")
-	if err != nil {
-		if err != http.ErrMissingFile {
+	if remoteURL == "" {
+		context = r.Body
+	} else if utils.IsGIT(remoteURL) {
+		if !strings.HasPrefix(remoteURL, "git://") {
+			remoteURL = "https://" + remoteURL
+		}
+		root, err := ioutil.TempDir("", "docker-build-git")
+		if err != nil {
 			return err
 		}
+		defer os.RemoveAll(root)
+
+		if output, err := exec.Command("git", "clone", remoteURL, root).CombinedOutput(); err != nil {
+			return fmt.Errorf("Error trying to use git: %s (%s)", err, output)
+		}
+
+		c, err := Tar(root, Bzip2)
+		if err != nil {
+			return err
+		}
+		context = c
+	} else if utils.IsURL(remoteURL) {
+		f, err := utils.Download(remoteURL, ioutil.Discard)
+		if err != nil {
+			return err
+		}
+		defer f.Body.Close()
+		dockerFile, err := ioutil.ReadAll(f.Body)
+		if err != nil {
+			return err
+		}
+		c, err := mkBuildContext(string(dockerFile), nil)
+		if err != nil {
+			return err
+		}
+		context = c
 	}
 
-	b := NewBuildFile(srv, utils.NewWriteFlusher(w))
-	if id, err := b.Build(dockerfile, context); err != nil {
+	suppressOutput, err := getBoolParam(rawSuppressOutput)
+	if err != nil {
+		return err
+	}
+
+	b := NewBuildFile(srv, utils.NewWriteFlusher(w), !suppressOutput)
+	id, err := b.Build(context)
+	if err != nil {
 		fmt.Fprintf(w, "Error build: %s\n", err)
-	} else if remote != "" {
-		srv.runtime.repositories.Set(remote, tag, id, false)
+		return err
+	}
+	if repoName != "" {
+		srv.runtime.repositories.Set(repoName, tag, id, false)
 	}
 	return nil
 }
 
-func ListenAndServe(addr string, srv *Server, logging bool) error {
+func optionsHandler(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+	w.WriteHeader(http.StatusOK)
+	return nil
+}
+func writeCorsHeaders(w http.ResponseWriter, r *http.Request) {
+	w.Header().Add("Access-Control-Allow-Origin", "*")
+	w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
+	w.Header().Add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS")
+}
+
+func createRouter(srv *Server, logging bool) (*mux.Router, error) {
 	r := mux.NewRouter()
-	log.Printf("Listening for HTTP on %s\n", addr)
 
 	m := map[string]map[string]func(*Server, float64, http.ResponseWriter, *http.Request, map[string]string) error{
 		"GET": {
-			"/auth":                         getAuth,
-			"/version":                      getVersion,
+			"/events":                       getEvents,
 			"/info":                         getInfo,
-			"/images/json":                  getImagesJson,
+			"/version":                      getVersion,
+			"/images/json":                  getImagesJSON,
 			"/images/viz":                   getImagesViz,
 			"/images/search":                getImagesSearch,
 			"/images/{name:.*}/history":     getImagesHistory,
 			"/images/{name:.*}/json":        getImagesByName,
-			"/containers/ps":                getContainersJson,
-			"/containers/json":              getContainersJson,
+			"/containers/ps":                getContainersJSON,
+			"/containers/json":              getContainersJSON,
 			"/containers/{name:.*}/export":  getContainersExport,
 			"/containers/{name:.*}/changes": getContainersChanges,
 			"/containers/{name:.*}/json":    getContainersByName,
+			"/containers/{name:.*}/top":     getContainersTop,
 		},
 		"POST": {
 			"/auth":                         postAuth,
@@ -745,6 +911,9 @@ func ListenAndServe(addr string, srv *Server, logging bool) error {
 			"/containers/{name:.*}": deleteContainers,
 			"/images/{name:.*}":     deleteImages,
 		},
+		"OPTIONS": {
+			"": optionsHandler,
+		},
 	}
 
 	for method, routes := range m {
@@ -755,7 +924,8 @@ func ListenAndServe(addr string, srv *Server, logging bool) error {
 			localMethod := method
 			localFct := fct
 			f := func(w http.ResponseWriter, r *http.Request) {
-				utils.Debugf("Calling %s %s", localMethod, localRoute)
+				utils.Debugf("Calling %s %s from %s", localMethod, localRoute, r.RemoteAddr)
+
 				if logging {
 					log.Println(r.Method, r.RequestURI)
 				}
@@ -767,19 +937,59 @@ func ListenAndServe(addr string, srv *Server, logging bool) error {
 				}
 				version, err := strconv.ParseFloat(mux.Vars(r)["version"], 64)
 				if err != nil {
-					version = API_VERSION
+					version = APIVERSION
 				}
-				if version == 0 || version > API_VERSION {
+				if srv.enableCors {
+					writeCorsHeaders(w, r)
+				}
+				if version == 0 || version > APIVERSION {
 					w.WriteHeader(http.StatusNotFound)
 					return
 				}
+
 				if err := localFct(srv, version, w, r, mux.Vars(r)); err != nil {
 					httpError(w, err)
 				}
 			}
-			r.Path("/v{version:[0-9.]+}" + localRoute).Methods(localMethod).HandlerFunc(f)
-			r.Path(localRoute).Methods(localMethod).HandlerFunc(f)
+
+			if localRoute == "" {
+				r.Methods(localMethod).HandlerFunc(f)
+			} else {
+				r.Path("/v{version:[0-9.]+}" + localRoute).Methods(localMethod).HandlerFunc(f)
+				r.Path(localRoute).Methods(localMethod).HandlerFunc(f)
+			}
 		}
 	}
-	return http.ListenAndServe(addr, r)
+	return r, nil
+}
+
+func ListenAndServe(proto, addr string, srv *Server, logging bool) error {
+	log.Printf("Listening for HTTP on %s (%s)\n", addr, proto)
+
+	r, err := createRouter(srv, logging)
+	if err != nil {
+		return err
+	}
+	l, e := net.Listen(proto, addr)
+	if e != nil {
+		return e
+	}
+	if proto == "unix" {
+		os.Chmod(addr, 0660)
+		groups, err := ioutil.ReadFile("/etc/group")
+		if err != nil {
+			return err
+		}
+		re := regexp.MustCompile("(^|\n)docker:.*?:([0-9]+)")
+		if gidMatch := re.FindStringSubmatch(string(groups)); gidMatch != nil {
+			gid, err := strconv.Atoi(gidMatch[2])
+			if err != nil {
+				return err
+			}
+			utils.Debugf("docker group found. gid: %d", gid)
+			os.Chown(addr, 0, gid)
+		}
+	}
+	httpSrv := http.Server{Addr: addr, Handler: r}
+	return httpSrv.Serve(l)
 }

api_params.go

@@ -1,70 +1,88 @@
 package docker
 
-type ApiHistory struct {
-	Id        string
+type APIHistory struct {
+	ID        string   `json:"Id"`
+	Tags      []string `json:",omitempty"`
 	Created   int64
 	CreatedBy string `json:",omitempty"`
 }
 
-type ApiImages struct {
-	Repository string `json:",omitempty"`
-	Tag        string `json:",omitempty"`
-	Id         string
+type APIImages struct {
+	Repository  string `json:",omitempty"`
+	Tag         string `json:",omitempty"`
+	ID          string `json:"Id"`
+	Created     int64
+	Size        int64
+	VirtualSize int64
+}
+
+type APIInfo struct {
+	Debug           bool
+	Containers      int
+	Images          int
+	NFd             int    `json:",omitempty"`
+	NGoroutines     int    `json:",omitempty"`
+	MemoryLimit     bool   `json:",omitempty"`
+	SwapLimit       bool   `json:",omitempty"`
+	LXCVersion      string `json:",omitempty"`
+	NEventsListener int    `json:",omitempty"`
+	KernelVersion   string `json:",omitempty"`
+}
+
+type APITop struct {
+	Titles    []string
+	Processes [][]string
+}
+
+type APIRmi struct {
+	Deleted  string `json:",omitempty"`
+	Untagged string `json:",omitempty"`
+}
+
+type APIContainers struct {
+	ID         string `json:"Id"`
+	Image      string
+	Command    string
 	Created    int64
+	Status     string
+	Ports      string
+	SizeRw     int64
+	SizeRootFs int64
 }
 
-type ApiInfo struct {
-	Debug       bool
-	Containers  int
-	Images      int
-	NFd         int  `json:",omitempty"`
-	NGoroutines int  `json:",omitempty"`
-	MemoryLimit bool `json:",omitempty"`
-	SwapLimit   bool `json:",omitempty"`
-}
-
-type ApiContainers struct {
-	Id      string
-	Image   string
-	Command string
-	Created int64
-	Status  string
-	Ports   string
-}
-
-type ApiSearch struct {
+type APISearch struct {
 	Name        string
 	Description string
 }
 
-type ApiId struct {
-	Id string
+type APIID struct {
+	ID string `json:"Id"`
 }
 
-type ApiRun struct {
-	Id       string
+type APIRun struct {
+	ID       string   `json:"Id"`
 	Warnings []string `json:",omitempty"`
 }
 
-type ApiPort struct {
+type APIPort struct {
 	Port string
 }
 
-type ApiVersion struct {
+type APIVersion struct {
 	Version   string
 	GitCommit string `json:",omitempty"`
 	GoVersion string `json:",omitempty"`
 }
 
-type ApiWait struct {
+type APIWait struct {
 	StatusCode int
 }
 
-type ApiAuth struct {
+type APIAuth struct {
 	Status string
 }
 
-type ApiImageConfig struct {
-	Id string
+type APIImageConfig struct {
+	ID string `json:"Id"`
 	*Config
 }

archive.go

@@ -1,12 +1,16 @@
 package docker
 
 import (
-	"errors"
+	"archive/tar"
+	"bytes"
 	"fmt"
+	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
 	"os"
 	"os/exec"
+	"path"
+	"path/filepath"
 )
 
 type Archive io.Reader
@@ -20,6 +24,33 @@ const (
 	Xz
 )
 
+func DetectCompression(source []byte) Compression {
+	sourceLen := len(source)
+	for compression, m := range map[Compression][]byte{
+		Bzip2: {0x42, 0x5A, 0x68},
+		Gzip:  {0x1F, 0x8B, 0x08},
+		Xz:    {0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00},
+	} {
+		fail := false
+		if len(m) > sourceLen {
+			utils.Debugf("Len too short")
+			continue
+		}
+		i := 0
+		for _, b := range m {
+			if b != source[i] {
+				fail = true
+				break
+			}
+			i++
+		}
+		if !fail {
+			return compression
+		}
+	}
+	return Uncompressed
+}
+
 func (compression *Compression) Flag() string {
 	switch *compression {
 	case Bzip2:
@@ -46,14 +77,54 @@ func (compression *Compression) Extension() string {
 	return ""
 }
 
+// Tar creates an archive from the directory at `path`, and returns it as a
+// stream of bytes.
 func Tar(path string, compression Compression) (io.Reader, error) {
-	cmd := exec.Command("bsdtar", "-f", "-", "-C", path, "-c"+compression.Flag(), ".")
-	return CmdStream(cmd)
+	return TarFilter(path, compression, nil)
 }
 
+// Tar creates an archive from the directory at `path`, only including files whose relative
+// paths are included in `filter`. If `filter` is nil, then all files are included.
+func TarFilter(path string, compression Compression, filter []string) (io.Reader, error) {
+	args := []string{"tar", "--numeric-owner", "-f", "-", "-C", path}
+	if filter == nil {
+		filter = []string{"."}
+	}
+	for _, f := range filter {
+		args = append(args, "-c"+compression.Flag(), f)
+	}
+	return CmdStream(exec.Command(args[0], args[1:]...))
+}
+
+// Untar reads a stream of bytes from `archive`, parses it as a tar archive,
+// and unpacks it into the directory at `path`.
+// The archive may be compressed with one of the following algorithgms:
+//  identity (uncompressed), gzip, bzip2, xz.
+// FIXME: specify behavior when target path exists vs. doesn't exist.
 func Untar(archive io.Reader, path string) error {
-	cmd := exec.Command("bsdtar", "-f", "-", "-C", path, "-x")
-	cmd.Stdin = archive
+	if archive == nil {
+		return fmt.Errorf("Empty archive")
+	}
+
+	buf := make([]byte, 10)
+	totalN := 0
+	for totalN < 10 {
+		if n, err := archive.Read(buf[totalN:]); err != nil {
+			if err == io.EOF {
+				return fmt.Errorf("Tarball too short")
+			}
+			return err
+		} else {
+			totalN += n
+			utils.Debugf("[tar autodetect] n: %d", n)
+		}
+	}
+	compression := DetectCompression(buf)
+
+	utils.Debugf("Archive compression detected: %s", compression.Extension())
+
+	cmd := exec.Command("tar", "--numeric-owner", "-f", "-", "-C", path, "-x"+compression.Flag())
+	cmd.Stdin = io.MultiReader(bytes.NewReader(buf), archive)
 	// Hardcode locale environment for predictable outcome regardless of host configuration.
 	//   (see https://github.com/dotcloud/docker/issues/355)
 	cmd.Env = []string{"LANG=en_US.utf-8", "LC_ALL=en_US.utf-8"}
@@ -64,6 +135,95 @@ func Untar(archive io.Reader, path string) error {
 	return nil
 }
 
+// TarUntar is a convenience function which calls Tar and Untar, with
+// the output of one piped into the other. If either Tar or Untar fails,
+// TarUntar aborts and returns the error.
+func TarUntar(src string, filter []string, dst string) error {
+	utils.Debugf("TarUntar(%s %s %s)", src, filter, dst)
+	archive, err := TarFilter(src, Uncompressed, filter)
+	if err != nil {
+		return err
+	}
+	return Untar(archive, dst)
+}
+
+// UntarPath is a convenience function which looks for an archive
+// at filesystem path `src`, and unpacks it at `dst`.
+func UntarPath(src, dst string) error {
+	if archive, err := os.Open(src); err != nil {
+		return err
+	} else if err := Untar(archive, dst); err != nil {
+		return err
+	}
+	return nil
+}
+
+// CopyWithTar creates a tar archive of filesystem path `src`, and
+// unpacks it at filesystem path `dst`.
+// The archive is streamed directly with fixed buffering and no
+// intermediary disk IO.
+//
+func CopyWithTar(src, dst string) error {
+	srcSt, err := os.Stat(src)
+	if err != nil {
+		return err
+	}
+	if !srcSt.IsDir() {
+		return CopyFileWithTar(src, dst)
+	}
+	// Create dst, copy src's content into it
+	utils.Debugf("Creating dest directory: %s", dst)
+	if err := os.MkdirAll(dst, 0700); err != nil && !os.IsExist(err) {
+		return err
+	}
+	utils.Debugf("Calling TarUntar(%s, %s)", src, dst)
+	return TarUntar(src, nil, dst)
+}
+
+// CopyFileWithTar emulates the behavior of the 'cp' command-line
+// for a single file. It copies a regular file from path `src` to
+// path `dst`, and preserves all its metadata.
+//
+// If `dst` ends with a trailing slash '/', the final destination path
+// will be `dst/base(src)`.
+func CopyFileWithTar(src, dst string) error {
+	utils.Debugf("CopyFileWithTar(%s, %s)", src, dst)
+	srcSt, err := os.Stat(src)
+	if err != nil {
+		return err
+	}
+	if srcSt.IsDir() {
+		return fmt.Errorf("Can't copy a directory")
+	}
+	// Clean up the trailing /
+	if dst[len(dst)-1] == '/' {
+		dst = path.Join(dst, filepath.Base(src))
+	}
+	// Create the holding directory if necessary
+	if err := os.MkdirAll(filepath.Dir(dst), 0700); err != nil && !os.IsExist(err) {
+		return err
+	}
+	buf := new(bytes.Buffer)
+	tw := tar.NewWriter(buf)
+	hdr, err := tar.FileInfoHeader(srcSt, "")
+	if err != nil {
+		return err
+	}
+	hdr.Name = filepath.Base(dst)
+	if err := tw.WriteHeader(hdr); err != nil {
+		return err
+	}
+	srcF, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	if _, err := io.Copy(tw, srcF); err != nil {
+		return err
+	}
+	tw.Close()
+	return Untar(buf, filepath.Dir(dst))
+}
+
 // CmdStream executes a command, and returns its stdout as a stream.
 // If the command fails to run or doesn't complete successfully, an error
 // will be returned, including anything written on stderr.
@@ -94,7 +254,7 @@ func CmdStream(cmd *exec.Cmd) (io.Reader, error) {
 		}
 		errText := <-errChan
 		if err := cmd.Wait(); err != nil {
-			pipeW.CloseWithError(errors.New(err.Error() + ": " + string(errText)))
+			pipeW.CloseWithError(fmt.Errorf("%s: %s", err, errText))
 		} else {
 			pipeW.Close()
 		}

archive_test.go

@@ -1,10 +1,13 @@
 package docker
 
 import (
+	"bytes"
+	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
 	"os/exec"
+	"path"
 	"testing"
 	"time"
 )
@@ -13,7 +16,7 @@ func TestCmdStreamLargeStderr(t *testing.T) {
 	cmd := exec.Command("/bin/sh", "-c", "dd if=/dev/zero bs=1k count=1000 of=/dev/stderr; echo hello")
 	out, err := CmdStream(cmd)
 	if err != nil {
-		t.Fatalf("Failed to start command: " + err.Error())
+		t.Fatalf("Failed to start command: %s", err)
 	}
 	errCh := make(chan error)
 	go func() {
@@ -23,7 +26,7 @@ func TestCmdStreamLargeStderr(t *testing.T) {
 	select {
 	case err := <-errCh:
 		if err != nil {
-			t.Fatalf("Command should not have failed (err=%s...)", err.Error()[:100])
+			t.Fatalf("Command should not have failed (err=%.100s...)", err)
 		}
 	case <-time.After(5 * time.Second):
 		t.Fatalf("Command did not complete in 5 seconds; probable deadlock")
@@ -34,12 +37,12 @@ func TestCmdStreamBad(t *testing.T) {
 	badCmd := exec.Command("/bin/sh", "-c", "echo hello; echo >&2 error couldn\\'t reverse the phase pulser; exit 1")
 	out, err := CmdStream(badCmd)
 	if err != nil {
-		t.Fatalf("Failed to start command: " + err.Error())
+		t.Fatalf("Failed to start command: %s", err)
 	}
 	if output, err := ioutil.ReadAll(out); err == nil {
 		t.Fatalf("Command should have failed")
 	} else if err.Error() != "exit status 1: error couldn't reverse the phase pulser\n" {
-		t.Fatalf("Wrong error value (%s)", err.Error())
+		t.Fatalf("Wrong error value (%s)", err)
 	} else if s := string(output); s != "hello\n" {
 		t.Fatalf("Command output should be '%s', not '%s'", "hello\\n", output)
 	}
@@ -58,20 +61,58 @@ func TestCmdStreamGood(t *testing.T) {
 	}
 }
 
-func TestTarUntar(t *testing.T) {
-	archive, err := Tar(".", Uncompressed)
+func tarUntar(t *testing.T, origin string, compression Compression) error {
+	archive, err := Tar(origin, compression)
 	if err != nil {
 		t.Fatal(err)
 	}
+
+	buf := make([]byte, 10)
+	if _, err := archive.Read(buf); err != nil {
+		return err
+	}
+	archive = io.MultiReader(bytes.NewReader(buf), archive)
+
+	detectedCompression := DetectCompression(buf)
+	if detectedCompression.Extension() != compression.Extension() {
+		return fmt.Errorf("Wrong compression detected. Actual compression: %s, found %s", compression.Extension(), detectedCompression.Extension())
+	}
+
 	tmp, err := ioutil.TempDir("", "docker-test-untar")
 	if err != nil {
-		t.Fatal(err)
+		return err
 	}
 	defer os.RemoveAll(tmp)
 	if err := Untar(archive, tmp); err != nil {
-		t.Fatal(err)
+		return err
 	}
 	if _, err := os.Stat(tmp); err != nil {
-		t.Fatalf("Error stating %s: %s", tmp, err.Error())
+		return err
+	}
+	return nil
+}
+
+func TestTarUntar(t *testing.T) {
+	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(origin)
+	if err := ioutil.WriteFile(path.Join(origin, "1"), []byte("hello world"), 0700); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(path.Join(origin, "2"), []byte("welcome!"), 0700); err != nil {
+		t.Fatal(err)
+	}
+
+	for _, c := range []Compression{
+		Uncompressed,
+		Gzip,
+		Bzip2,
+		Xz,
+	} {
+		if err := tarUntar(t, origin, c); err != nil {
+			t.Fatalf("Error tar/untar for compression %s: %s", c.Extension(), err)
+		}
 	}
 }

auth/auth.go

@@ -15,40 +15,33 @@ import (
 // Where we store the config file
 const CONFIGFILE = ".dockercfg"
 
-// the registry server we want to login against
-const INDEX_SERVER = "https://index.docker.io/v1"
+// Only used for user auth + account creation
+const INDEXSERVER = "https://index.docker.io/v1/"
 
-//const INDEX_SERVER = "http://indexstaging-docker.dotcloud.com/"
+//const INDEXSERVER = "http://indexstaging-docker.dotcloud.com/"
 
 var (
-	ErrConfigFileMissing error = errors.New("The Auth config file is missing")
+	ErrConfigFileMissing = errors.New("The Auth config file is missing")
 )
 
 type AuthConfig struct {
-	Username string `json:"username"`
-	Password string `json:"password"`
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+	Auth     string `json:"auth"`
 	Email    string `json:"email"`
+}
+
+type ConfigFile struct {
+	Configs  map[string]AuthConfig `json:"configs,omitempty"`
 	rootPath string
 }
 
-func NewAuthConfig(username, password, email, rootPath string) *AuthConfig {
-	return &AuthConfig{
-		Username: username,
-		Password: password,
-		Email:    email,
-		rootPath: rootPath,
-	}
-}
-
 func IndexServerAddress() string {
-	if os.Getenv("DOCKER_INDEX_URL") != "" {
-		return os.Getenv("DOCKER_INDEX_URL") + "/v1"
-	}
-	return INDEX_SERVER
+	return INDEXSERVER
 }
 
 // create a base64 encoded auth string to store in config
-func EncodeAuth(authConfig *AuthConfig) string {
+func encodeAuth(authConfig *AuthConfig) string {
 	authStr := authConfig.Username + ":" + authConfig.Password
 	msg := []byte(authStr)
 	encoded := make([]byte, base64.StdEncoding.EncodedLen(len(msg)))
@@ -57,62 +50,89 @@ func EncodeAuth(authConfig *AuthConfig) string {
 }
 
 // decode the auth string
-func DecodeAuth(authStr string) (*AuthConfig, error) {
+func decodeAuth(authStr string) (string, string, error) {
 	decLen := base64.StdEncoding.DecodedLen(len(authStr))
 	decoded := make([]byte, decLen)
 	authByte := []byte(authStr)
 	n, err := base64.StdEncoding.Decode(decoded, authByte)
 	if err != nil {
-		return nil, err
+		return "", "", err
 	}
 	if n > decLen {
-		return nil, fmt.Errorf("Something went wrong decoding auth config")
+		return "", "", fmt.Errorf("Something went wrong decoding auth config")
 	}
 	arr := strings.Split(string(decoded), ":")
 	if len(arr) != 2 {
-		return nil, fmt.Errorf("Invalid auth configuration file")
+		return "", "", fmt.Errorf("Invalid auth configuration file")
 	}
 	password := strings.Trim(arr[1], "\x00")
-	return &AuthConfig{Username: arr[0], Password: password}, nil
-
+	return arr[0], password, nil
 }
 
 // load up the auth config information and return values
 // FIXME: use the internal golang config parser
-func LoadConfig(rootPath string) (*AuthConfig, error) {
+func LoadConfig(rootPath string) (*ConfigFile, error) {
+	configFile := ConfigFile{Configs: make(map[string]AuthConfig), rootPath: rootPath}
 	confFile := path.Join(rootPath, CONFIGFILE)
 	if _, err := os.Stat(confFile); err != nil {
-		return nil, ErrConfigFileMissing
+		return &configFile, ErrConfigFileMissing
 	}
 	b, err := ioutil.ReadFile(confFile)
 	if err != nil {
 		return nil, err
 	}
-	arr := strings.Split(string(b), "\n")
-	if len(arr) < 2 {
-		return nil, fmt.Errorf("The Auth config file is empty")
+
+	if err := json.Unmarshal(b, &configFile.Configs); err != nil {
+		arr := strings.Split(string(b), "\n")
+		if len(arr) < 2 {
+			return nil, fmt.Errorf("The Auth config file is empty")
+		}
+		authConfig := AuthConfig{}
+		origAuth := strings.Split(arr[0], " = ")
+		authConfig.Username, authConfig.Password, err = decodeAuth(origAuth[1])
+		if err != nil {
+			return nil, err
+		}
+		origEmail := strings.Split(arr[1], " = ")
+		authConfig.Email = origEmail[1]
+		configFile.Configs[IndexServerAddress()] = authConfig
+	} else {
+		for k, authConfig := range configFile.Configs {
+			authConfig.Username, authConfig.Password, err = decodeAuth(authConfig.Auth)
+			if err != nil {
+				return nil, err
+			}
+			authConfig.Auth = ""
+			configFile.Configs[k] = authConfig
+		}
 	}
-	origAuth := strings.Split(arr[0], " = ")
-	origEmail := strings.Split(arr[1], " = ")
-	authConfig, err := DecodeAuth(origAuth[1])
-	if err != nil {
-		return nil, err
-	}
-	authConfig.Email = origEmail[1]
-	authConfig.rootPath = rootPath
-	return authConfig, nil
+	return &configFile, nil
 }
 
 // save the auth config
-func SaveConfig(rootPath, authStr string, email string) error {
-	confFile := path.Join(rootPath, CONFIGFILE)
-	if len(email) == 0 {
+func SaveConfig(configFile *ConfigFile) error {
+	confFile := path.Join(configFile.rootPath, CONFIGFILE)
+	if len(configFile.Configs) == 0 {
 		os.Remove(confFile)
 		return nil
 	}
-	lines := "auth = " + authStr + "\n" + "email = " + email + "\n"
-	b := []byte(lines)
-	err := ioutil.WriteFile(confFile, b, 0600)
+
+	configs := make(map[string]AuthConfig, len(configFile.Configs))
+	for k, authConfig := range configFile.Configs {
+		authCopy := authConfig
+
+		authCopy.Auth = encodeAuth(&authCopy)
+		authCopy.Username = ""
+		authCopy.Password = ""
+
+		configs[k] = authCopy
+	}
+
+	b, err := json.Marshal(configs)
+	if err != nil {
+		return err
+	}
+	err = ioutil.WriteFile(confFile, b, 0600)
 	if err != nil {
 		return err
 	}
@@ -121,7 +141,6 @@ func SaveConfig(rootPath, authStr string, email string) error {
 
 // try to register/login to the registry server
 func Login(authConfig *AuthConfig) (string, error) {
-	storeConfig := false
 	client := &http.Client{}
 	reqStatusCode := 0
 	var status string
@@ -133,7 +152,7 @@ func Login(authConfig *AuthConfig) (string, error) {
 
 	// using `bytes.NewReader(jsonBody)` here causes the server to respond with a 411 status.
 	b := strings.NewReader(string(jsonBody))
-	req1, err := http.Post(IndexServerAddress()+"/users/", "application/json; charset=utf-8", b)
+	req1, err := http.Post(IndexServerAddress()+"users/", "application/json; charset=utf-8", b)
 	if err != nil {
 		return "", fmt.Errorf("Server Error: %s", err)
 	}
@@ -146,14 +165,13 @@ func Login(authConfig *AuthConfig) (string, error) {
 
 	if reqStatusCode == 201 {
 		status = "Account created. Please use the confirmation link we sent" +
-			" to your e-mail to activate it.\n"
-		storeConfig = true
+			" to your e-mail to activate it."
 	} else if reqStatusCode == 403 {
 		return "", fmt.Errorf("Login: Your account hasn't been activated. " +
 			"Please check your e-mail for a confirmation link.")
 	} else if reqStatusCode == 400 {
 		if string(reqBody) == "\"Username or email already exists\"" {
-			req, err := http.NewRequest("GET", IndexServerAddress()+"/users/", nil)
+			req, err := http.NewRequest("GET", IndexServerAddress()+"users/", nil)
 			req.SetBasicAuth(authConfig.Username, authConfig.Password)
 			resp, err := client.Do(req)
 			if err != nil {
@@ -165,12 +183,8 @@ func Login(authConfig *AuthConfig) (string, error) {
 				return "", err
 			}
 			if resp.StatusCode == 200 {
-				status = "Login Succeeded\n"
-				storeConfig = true
+				status = "Login Succeeded"
 			} else if resp.StatusCode == 401 {
-				if err := SaveConfig(authConfig.rootPath, "", ""); err != nil {
-					return "", err
-				}
 				return "", fmt.Errorf("Wrong login/password, please try again")
 			} else {
 				return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,
@@ -182,11 +196,5 @@ func Login(authConfig *AuthConfig) (string, error) {
 	} else {
 		return "", fmt.Errorf("Unexpected status code [%d] : %s", reqStatusCode, reqBody)
 	}
-	if storeConfig {
-		authStr := EncodeAuth(authConfig)
-		if err := SaveConfig(authConfig.rootPath, authStr, authConfig.Email); err != nil {
-			return "", err
-		}
-	}
 	return status, nil
 }

auth/auth_test.go

@@ -3,6 +3,7 @@ package auth
 import (
 	"crypto/rand"
 	"encoding/hex"
+	"io/ioutil"
 	"os"
 	"strings"
 	"testing"
@@ -10,8 +11,10 @@ import (
 
 func TestEncodeAuth(t *testing.T) {
 	newAuthConfig := &AuthConfig{Username: "ken", Password: "test", Email: "test@example.com"}
-	authStr := EncodeAuth(newAuthConfig)
-	decAuthConfig, err := DecodeAuth(authStr)
+	authStr := encodeAuth(newAuthConfig)
+	decAuthConfig := &AuthConfig{}
+	var err error
+	decAuthConfig.Username, decAuthConfig.Password, err = decodeAuth(authStr)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -29,12 +32,12 @@ func TestEncodeAuth(t *testing.T) {
 func TestLogin(t *testing.T) {
 	os.Setenv("DOCKER_INDEX_URL", "https://indexstaging-docker.dotcloud.com")
 	defer os.Setenv("DOCKER_INDEX_URL", "")
-	authConfig := NewAuthConfig("unittester", "surlautrerivejetattendrai", "noise+unittester@dotcloud.com", "/tmp")
+	authConfig := &AuthConfig{Username: "unittester", Password: "surlautrerivejetattendrai", Email: "noise+unittester@dotcloud.com"}
 	status, err := Login(authConfig)
 	if err != nil {
 		t.Fatal(err)
 	}
-	if status != "Login Succeeded\n" {
+	if status != "Login Succeeded" {
 		t.Fatalf("Expected status \"Login Succeeded\", found \"%s\" instead", status)
 	}
 }
@@ -49,13 +52,13 @@ func TestCreateAccount(t *testing.T) {
 	}
 	token := hex.EncodeToString(tokenBuffer)[:12]
 	username := "ut" + token
-	authConfig := NewAuthConfig(username, "test42", "docker-ut+"+token+"@example.com", "/tmp")
+	authConfig := &AuthConfig{Username: username, Password: "test42", Email: "docker-ut+" + token + "@example.com"}
 	status, err := Login(authConfig)
 	if err != nil {
 		t.Fatal(err)
 	}
 	expectedStatus := "Account created. Please use the confirmation link we sent" +
-		" to your e-mail to activate it.\n"
+		" to your e-mail to activate it."
 	if status != expectedStatus {
 		t.Fatalf("Expected status: \"%s\", found \"%s\" instead.", expectedStatus, status)
 	}
@@ -68,6 +71,42 @@ func TestCreateAccount(t *testing.T) {
 	expectedError := "Login: Account is not Active"
 
 	if !strings.Contains(err.Error(), expectedError) {
-		t.Fatalf("Expected message \"%s\" but found \"%s\" instead", expectedError, err.Error())
+		t.Fatalf("Expected message \"%s\" but found \"%s\" instead", expectedError, err)
+	}
+}
+
+func TestSameAuthDataPostSave(t *testing.T) {
+	root, err := ioutil.TempDir("", "docker-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	configFile := &ConfigFile{
+		rootPath: root,
+		Configs:  make(map[string]AuthConfig, 1),
+	}
+
+	configFile.Configs["testIndex"] = AuthConfig{
+		Username: "docker-user",
+		Password: "docker-pass",
+		Email:    "docker@docker.io",
+	}
+
+	err = SaveConfig(configFile)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	authConfig := configFile.Configs["testIndex"]
+	if authConfig.Username != "docker-user" {
+		t.Fail()
+	}
+	if authConfig.Password != "docker-pass" {
+		t.Fail()
+	}
+	if authConfig.Email != "docker@docker.io" {
+		t.Fail()
+	}
+	if authConfig.Auth != "" {
+		t.Fail()
 	}
 }

builder.go

@@ -2,11 +2,14 @@ package docker
 
 import (
 	"fmt"
+	"github.com/dotcloud/docker/utils"
 	"os"
 	"path"
 	"time"
 )
 
+var defaultDns = []string{"8.8.8.8", "8.8.4.4"}
+
 type Builder struct {
 	runtime      *Runtime
 	repositories *TagStore
@@ -40,41 +43,63 @@ func (builder *Builder) Create(config *Config) (*Container, error) {
 	}
 
 	// Generate id
-	id := GenerateId()
+	id := GenerateID()
 	// Generate default hostname
 	// FIXME: the lxc template no longer needs to set a default hostname
 	if config.Hostname == "" {
 		config.Hostname = id[:12]
 	}
 
+	var args []string
+	var entrypoint string
+
+	if len(config.Entrypoint) != 0 {
+		entrypoint = config.Entrypoint[0]
+		args = append(config.Entrypoint[1:], config.Cmd...)
+	} else {
+		entrypoint = config.Cmd[0]
+		args = config.Cmd[1:]
+	}
+
 	container := &Container{
 		// FIXME: we should generate the ID here instead of receiving it as an argument
-		Id:              id,
+		ID:              id,
 		Created:         time.Now(),
-		Path:            config.Cmd[0],
-		Args:            config.Cmd[1:], //FIXME: de-duplicate from config
+		Path:            entrypoint,
+		Args:            args, //FIXME: de-duplicate from config
 		Config:          config,
-		Image:           img.Id, // Always use the resolved image id
+		Image:           img.ID, // Always use the resolved image id
 		NetworkSettings: &NetworkSettings{},
 		// FIXME: do we need to store this in the container?
 		SysInitPath: sysInitPath,
 	}
-	container.root = builder.runtime.containerRoot(container.Id)
+	container.root = builder.runtime.containerRoot(container.ID)
 	// Step 1: create the container directory.
 	// This doubles as a barrier to avoid race conditions.
 	if err := os.Mkdir(container.root, 0700); err != nil {
 		return nil, err
 	}
 
+	if len(config.Dns) == 0 && len(builder.runtime.Dns) == 0 && utils.CheckLocalDns() {
+		//"WARNING: Docker detected local DNS server on resolv.conf. Using default external servers: %v", defaultDns
+		builder.runtime.Dns = defaultDns
+	}
+
 	// If custom dns exists, then create a resolv.conf for the container
-	if len(config.Dns) > 0 {
+	if len(config.Dns) > 0 || len(builder.runtime.Dns) > 0 {
+		var dns []string
+		if len(config.Dns) > 0 {
+			dns = config.Dns
+		} else {
+			dns = builder.runtime.Dns
+		}
 		container.ResolvConfPath = path.Join(container.root, "resolv.conf")
 		f, err := os.Create(container.ResolvConfPath)
 		if err != nil {
 			return nil, err
 		}
 		defer f.Close()
-		for _, dns := range config.Dns {
+		for _, dns := range dns {
 			if _, err := f.Write([]byte("nameserver " + dns + "\n")); err != nil {
 				return nil, err
 			}
@@ -99,6 +124,10 @@ func (builder *Builder) Create(config *Config) (*Container, error) {
 func (builder *Builder) Commit(container *Container, repository, tag, comment, author string, config *Config) (*Image, error) {
 	// FIXME: freeze the container before copying it to avoid data corruption?
 	// FIXME: this shouldn't be in commands.
+	if err := container.EnsureMounted(); err != nil {
+		return nil, err
+	}
+
 	rwTar, err := container.ExportRw()
 	if err != nil {
 		return nil, err
@@ -110,7 +139,7 @@ func (builder *Builder) Commit(container *Container, repository, tag, comment, a
 	}
 	// Register the image if needed
 	if repository != "" {
-		if err := builder.repositories.Set(repository, tag, img.Id, true); err != nil {
+		if err := builder.repositories.Set(repository, tag, img.ID, true); err != nil {
 			return img, err
 		}
 	}

builder_client.go

@@ -1,314 +0,0 @@
-package docker
-
-import (
-	"bufio"
-	"encoding/json"
-	"fmt"
-	"github.com/dotcloud/docker/utils"
-	"io"
-	"net/url"
-	"os"
-	"reflect"
-	"strings"
-)
-
-type builderClient struct {
-	cli *DockerCli
-
-	image      string
-	maintainer string
-	config     *Config
-
-	tmpContainers map[string]struct{}
-	tmpImages     map[string]struct{}
-
-	needCommit bool
-}
-
-func (b *builderClient) clearTmp(containers, images map[string]struct{}) {
-	for i := range images {
-		if _, _, err := b.cli.call("DELETE", "/images/"+i, nil); err != nil {
-			utils.Debugf("%s", err)
-		}
-		utils.Debugf("Removing image %s", i)
-	}
-}
-
-func (b *builderClient) CmdFrom(name string) error {
-	obj, statusCode, err := b.cli.call("GET", "/images/"+name+"/json", nil)
-	if statusCode == 404 {
-
-		remote := name
-		var tag string
-		if strings.Contains(remote, ":") {
-			remoteParts := strings.Split(remote, ":")
-			tag = remoteParts[1]
-			remote = remoteParts[0]
-		}
-		var out io.Writer
-		if os.Getenv("DEBUG") != "" {
-			out = os.Stdout
-		} else {
-			out = &utils.NopWriter{}
-		}
-		if err := b.cli.stream("POST", "/images/create?fromImage="+remote+"&tag="+tag, nil, out); err != nil {
-			return err
-		}
-		obj, _, err = b.cli.call("GET", "/images/"+name+"/json", nil)
-		if err != nil {
-			return err
-		}
-	}
-	if err != nil {
-		return err
-	}
-
-	img := &ApiId{}
-	if err := json.Unmarshal(obj, img); err != nil {
-		return err
-	}
-	b.image = img.Id
-	utils.Debugf("Using image %s", b.image)
-	return nil
-}
-
-func (b *builderClient) CmdMaintainer(name string) error {
-	b.needCommit = true
-	b.maintainer = name
-	return nil
-}
-
-func (b *builderClient) CmdRun(args string) error {
-	if b.image == "" {
-		return fmt.Errorf("Please provide a source image with `from` prior to run")
-	}
-	config, _, err := ParseRun([]string{b.image, "/bin/sh", "-c", args}, nil)
-	if err != nil {
-		return err
-	}
-
-	cmd, env := b.config.Cmd, b.config.Env
-	b.config.Cmd = nil
-	MergeConfig(b.config, config)
-
-	body, statusCode, err := b.cli.call("POST", "/images/getCache", &ApiImageConfig{Id: b.image, Config: b.config})
-	if err != nil {
-		if statusCode != 404 {
-			return err
-		}
-	}
-	if statusCode != 404 {
-		apiId := &ApiId{}
-		if err := json.Unmarshal(body, apiId); err != nil {
-			return err
-		}
-		utils.Debugf("Use cached version")
-		b.image = apiId.Id
-		return nil
-	}
-	cid, err := b.run()
-	if err != nil {
-		return err
-	}
-	b.config.Cmd, b.config.Env = cmd, env
-	return b.commit(cid)
-}
-
-func (b *builderClient) CmdEnv(args string) error {
-	b.needCommit = true
-	tmp := strings.SplitN(args, " ", 2)
-	if len(tmp) != 2 {
-		return fmt.Errorf("Invalid ENV format")
-	}
-	key := strings.Trim(tmp[0], " ")
-	value := strings.Trim(tmp[1], " ")
-
-	for i, elem := range b.config.Env {
-		if strings.HasPrefix(elem, key+"=") {
-			b.config.Env[i] = key + "=" + value
-			return nil
-		}
-	}
-	b.config.Env = append(b.config.Env, key+"="+value)
-	return nil
-}
-
-func (b *builderClient) CmdCmd(args string) error {
-	b.needCommit = true
-	var cmd []string
-	if err := json.Unmarshal([]byte(args), &cmd); err != nil {
-		utils.Debugf("Error unmarshalling: %s, using /bin/sh -c", err)
-		b.config.Cmd = []string{"/bin/sh", "-c", args}
-	} else {
-		b.config.Cmd = cmd
-	}
-	return nil
-}
-
-func (b *builderClient) CmdExpose(args string) error {
-	ports := strings.Split(args, " ")
-	b.config.PortSpecs = append(ports, b.config.PortSpecs...)
-	return nil
-}
-
-func (b *builderClient) CmdInsert(args string) error {
-	// tmp := strings.SplitN(args, "\t ", 2)
-	// sourceUrl, destPath := tmp[0], tmp[1]
-
-	// v := url.Values{}
-	// v.Set("url", sourceUrl)
-	// v.Set("path", destPath)
-	// body, _, err := b.cli.call("POST", "/images/insert?"+v.Encode(), nil)
-	// if err != nil {
-	// 	return err
-	// }
-
-	// apiId := &ApiId{}
-	// if err := json.Unmarshal(body, apiId); err != nil {
-	// 	return err
-	// }
-
-	// FIXME: Reimplement this, we need to retrieve the resulting Id
-	return fmt.Errorf("INSERT not implemented")
-}
-
-func (b *builderClient) run() (string, error) {
-	if b.image == "" {
-		return "", fmt.Errorf("Please provide a source image with `from` prior to run")
-	}
-	b.config.Image = b.image
-	body, _, err := b.cli.call("POST", "/containers/create", b.config)
-	if err != nil {
-		return "", err
-	}
-
-	apiRun := &ApiRun{}
-	if err := json.Unmarshal(body, apiRun); err != nil {
-		return "", err
-	}
-	for _, warning := range apiRun.Warnings {
-		fmt.Fprintln(os.Stderr, "WARNING: ", warning)
-	}
-
-	//start the container
-	_, _, err = b.cli.call("POST", "/containers/"+apiRun.Id+"/start", nil)
-	if err != nil {
-		return "", err
-	}
-	b.tmpContainers[apiRun.Id] = struct{}{}
-
-	// Wait for it to finish
-	body, _, err = b.cli.call("POST", "/containers/"+apiRun.Id+"/wait", nil)
-	if err != nil {
-		return "", err
-	}
-	apiWait := &ApiWait{}
-	if err := json.Unmarshal(body, apiWait); err != nil {
-		return "", err
-	}
-	if apiWait.StatusCode != 0 {
-		return "", fmt.Errorf("The command %v returned a non-zero code: %d", b.config.Cmd, apiWait.StatusCode)
-	}
-
-	return apiRun.Id, nil
-}
-
-func (b *builderClient) commit(id string) error {
-	if b.image == "" {
-		return fmt.Errorf("Please provide a source image with `from` prior to run")
-	}
-	b.config.Image = b.image
-
-	if id == "" {
-		cmd := b.config.Cmd
-		b.config.Cmd = []string{"true"}
-		if cid, err := b.run(); err != nil {
-			return err
-		} else {
-			id = cid
-		}
-		b.config.Cmd = cmd
-	}
-
-	// Commit the container
-	v := url.Values{}
-	v.Set("container", id)
-	v.Set("author", b.maintainer)
-
-	body, _, err := b.cli.call("POST", "/commit?"+v.Encode(), b.config)
-	if err != nil {
-		return err
-	}
-	apiId := &ApiId{}
-	if err := json.Unmarshal(body, apiId); err != nil {
-		return err
-	}
-	b.tmpImages[apiId.Id] = struct{}{}
-	b.image = apiId.Id
-	b.needCommit = false
-	return nil
-}
-
-func (b *builderClient) Build(dockerfile, context io.Reader) (string, error) {
-	defer b.clearTmp(b.tmpContainers, b.tmpImages)
-	file := bufio.NewReader(dockerfile)
-	for {
-		line, err := file.ReadString('\n')
-		if err != nil {
-			if err == io.EOF {
-				break
-			}
-			return "", err
-		}
-		line = strings.Replace(strings.TrimSpace(line), "	", " ", 1)
-		// Skip comments and empty line
-		if len(line) == 0 || line[0] == '#' {
-			continue
-		}
-		tmp := strings.SplitN(line, " ", 2)
-		if len(tmp) != 2 {
-			return "", fmt.Errorf("Invalid Dockerfile format")
-		}
-		instruction := strings.ToLower(strings.Trim(tmp[0], " "))
-		arguments := strings.Trim(tmp[1], " ")
-
-		fmt.Fprintf(os.Stderr, "%s %s (%s)\n", strings.ToUpper(instruction), arguments, b.image)
-
-		method, exists := reflect.TypeOf(b).MethodByName("Cmd" + strings.ToUpper(instruction[:1]) + strings.ToLower(instruction[1:]))
-		if !exists {
-			fmt.Fprintf(os.Stderr, "Skipping unknown instruction %s\n", strings.ToUpper(instruction))
-		}
-		ret := method.Func.Call([]reflect.Value{reflect.ValueOf(b), reflect.ValueOf(arguments)})[0].Interface()
-		if ret != nil {
-			return "", ret.(error)
-		}
-
-		fmt.Fprintf(os.Stderr, "===> %v\n", b.image)
-	}
-	if b.needCommit {
-		if err := b.commit(""); err != nil {
-			return "", err
-		}
-	}
-	if b.image != "" {
-		// The build is successful, keep the temporary containers and images
-		for i := range b.tmpImages {
-			delete(b.tmpImages, i)
-		}
-		for i := range b.tmpContainers {
-			delete(b.tmpContainers, i)
-		}
-		fmt.Fprintf(os.Stderr, "Build finished. image id: %s\n", b.image)
-		return b.image, nil
-	}
-	return "", fmt.Errorf("An error occured during the build\n")
-}
-
-func NewBuilderClient(addr string, port int) BuildFile {
-	return &builderClient{
-		cli:           NewDockerCli(addr, port),
-		config:        &Config{},
-		tmpContainers: make(map[string]struct{}),
-		tmpImages:     make(map[string]struct{}),
-	}
-}

buildfile.go

@@ -7,14 +7,16 @@ import (
 	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
+	"net/url"
 	"os"
 	"path"
 	"reflect"
+	"regexp"
 	"strings"
 )
 
 type BuildFile interface {
-	Build(io.Reader, io.Reader) (string, error)
+	Build(io.Reader) (string, error)
 	CmdFrom(string) error
 	CmdRun(string) error
 }
@@ -28,6 +30,7 @@ type buildFile struct {
 	maintainer string
 	config     *Config
 	context    string
+	verbose    bool
 
 	tmpContainers map[string]struct{}
 	tmpImages     map[string]struct{}
@@ -51,20 +54,10 @@ func (b *buildFile) CmdFrom(name string) error {
 	image, err := b.runtime.repositories.LookupImage(name)
 	if err != nil {
 		if b.runtime.graph.IsNotExist(err) {
-
-			var tag, remote string
-			if strings.Contains(name, ":") {
-				remoteParts := strings.Split(name, ":")
-				tag = remoteParts[1]
-				remote = remoteParts[0]
-			} else {
-				remote = name
-			}
-
-			if err := b.srv.ImagePull(remote, tag, "", b.out, utils.NewStreamFormatter(false)); err != nil {
+			remote, tag := utils.ParseRepositoryTag(name)
+			if err := b.srv.ImagePull(remote, tag, b.out, utils.NewStreamFormatter(false), nil); err != nil {
 				return err
 			}
-
 			image, err = b.runtime.repositories.LookupImage(name)
 			if err != nil {
 				return err
@@ -73,8 +66,11 @@ func (b *buildFile) CmdFrom(name string) error {
 			return err
 		}
 	}
-	b.image = image.Id
+	b.image = image.ID
 	b.config = &Config{}
+	if b.config.Env == nil || len(b.config.Env) == 0 {
+		b.config.Env = append(b.config.Env, "HOME=/", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin")
+	}
 	return nil
 }
 
@@ -87,7 +83,7 @@ func (b *buildFile) CmdRun(args string) error {
 	if b.image == "" {
 		return fmt.Errorf("Please provide a source image with `from` prior to run")
 	}
-	config, _, err := ParseRun([]string{b.image, "/bin/sh", "-c", args}, nil)
+	config, _, _, err := ParseRun([]string{b.image, "/bin/sh", "-c", args}, nil)
 	if err != nil {
 		return err
 	}
@@ -101,8 +97,9 @@ func (b *buildFile) CmdRun(args string) error {
 	if cache, err := b.srv.ImageGetCached(b.image, b.config); err != nil {
 		return err
 	} else if cache != nil {
+		fmt.Fprintf(b.out, " ---> Using cache\n")
 		utils.Debugf("[BUILDER] Use cached version")
-		b.image = cache.Id
+		b.image = cache.ID
 		return nil
 	} else {
 		utils.Debugf("[BUILDER] Cache miss")
@@ -119,28 +116,67 @@ func (b *buildFile) CmdRun(args string) error {
 	return nil
 }
 
+func (b *buildFile) FindEnvKey(key string) int {
+	for k, envVar := range b.config.Env {
+		envParts := strings.SplitN(envVar, "=", 2)
+		if key == envParts[0] {
+			return k
+		}
+	}
+	return -1
+}
+
+func (b *buildFile) ReplaceEnvMatches(value string) (string, error) {
+	exp, err := regexp.Compile("(\\\\\\\\+|[^\\\\]|\\b|\\A)\\$({?)([[:alnum:]_]+)(}?)")
+	if err != nil {
+		return value, err
+	}
+	matches := exp.FindAllString(value, -1)
+	for _, match := range matches {
+		match = match[strings.Index(match, "$"):]
+		matchKey := strings.Trim(match, "${}")
+
+		for _, envVar := range b.config.Env {
+			envParts := strings.SplitN(envVar, "=", 2)
+			envKey := envParts[0]
+			envValue := envParts[1]
+
+			if envKey == matchKey {
+				value = strings.Replace(value, match, envValue, -1)
+				break
+			}
+		}
+	}
+	return value, nil
+}
+
 func (b *buildFile) CmdEnv(args string) error {
 	tmp := strings.SplitN(args, " ", 2)
 	if len(tmp) != 2 {
 		return fmt.Errorf("Invalid ENV format")
 	}
-	key := strings.Trim(tmp[0], " ")
-	value := strings.Trim(tmp[1], " ")
+	key := strings.Trim(tmp[0], " \t")
+	value := strings.Trim(tmp[1], " \t")
 
-	for i, elem := range b.config.Env {
-		if strings.HasPrefix(elem, key+"=") {
-			b.config.Env[i] = key + "=" + value
-			return nil
-		}
+	envKey := b.FindEnvKey(key)
+	replacedValue, err := b.ReplaceEnvMatches(value)
+	if err != nil {
+		return err
 	}
-	b.config.Env = append(b.config.Env, key+"="+value)
-	return b.commit("", b.config.Cmd, fmt.Sprintf("ENV %s=%s", key, value))
+	replacedVar := fmt.Sprintf("%s=%s", key, replacedValue)
+
+	if envKey >= 0 {
+		b.config.Env[envKey] = replacedVar
+	} else {
+		b.config.Env = append(b.config.Env, replacedVar)
+	}
+	return b.commit("", b.config.Cmd, fmt.Sprintf("ENV %s", replacedVar))
 }
 
 func (b *buildFile) CmdCmd(args string) error {
 	var cmd []string
 	if err := json.Unmarshal([]byte(args), &cmd); err != nil {
-		utils.Debugf("Error unmarshalling: %s, using /bin/sh -c", err)
+		utils.Debugf("Error unmarshalling: %s, setting cmd to /bin/sh -c", err)
 		cmd = []string{"/bin/sh", "-c", args}
 	}
 	if err := b.commit("", cmd, fmt.Sprintf("CMD %v", cmd)); err != nil {
@@ -164,6 +200,104 @@ func (b *buildFile) CmdCopy(args string) error {
 	return fmt.Errorf("COPY has been deprecated. Please use ADD instead")
 }
 
+func (b *buildFile) CmdEntrypoint(args string) error {
+	if args == "" {
+		return fmt.Errorf("Entrypoint cannot be empty")
+	}
+
+	var entrypoint []string
+	if err := json.Unmarshal([]byte(args), &entrypoint); err != nil {
+		b.config.Entrypoint = []string{"/bin/sh", "-c", args}
+	} else {
+		b.config.Entrypoint = entrypoint
+	}
+	if err := b.commit("", b.config.Cmd, fmt.Sprintf("ENTRYPOINT %s", args)); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (b *buildFile) CmdVolume(args string) error {
+	if args == "" {
+		return fmt.Errorf("Volume cannot be empty")
+	}
+
+	var volume []string
+	if err := json.Unmarshal([]byte(args), &volume); err != nil {
+		volume = []string{args}
+	}
+	if b.config.Volumes == nil {
+		b.config.Volumes = NewPathOpts()
+	}
+	for _, v := range volume {
+		b.config.Volumes[v] = struct{}{}
+	}
+	if err := b.commit("", b.config.Cmd, fmt.Sprintf("VOLUME %s", args)); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (b *buildFile) addRemote(container *Container, orig, dest string) error {
+	file, err := utils.Download(orig, ioutil.Discard)
+	if err != nil {
+		return err
+	}
+	defer file.Body.Close()
+
+	// If the destination is a directory, figure out the filename.
+	if strings.HasSuffix(dest, "/") {
+		u, err := url.Parse(orig)
+		if err != nil {
+			return err
+		}
+		path := u.Path
+		if strings.HasSuffix(path, "/") {
+			path = path[:len(path)-1]
+		}
+		parts := strings.Split(path, "/")
+		filename := parts[len(parts)-1]
+		if filename == "" {
+			return fmt.Errorf("cannot determine filename from url: %s", u)
+		}
+		dest = dest + filename
+	}
+
+	return container.Inject(file.Body, dest)
+}
+
+func (b *buildFile) addContext(container *Container, orig, dest string) error {
+	origPath := path.Join(b.context, orig)
+	destPath := path.Join(container.RootfsPath(), dest)
+	// Preserve the trailing '/'
+	if strings.HasSuffix(dest, "/") {
+		destPath = destPath + "/"
+	}
+	if !strings.HasPrefix(origPath, b.context) {
+		return fmt.Errorf("Forbidden path: %s", origPath)
+	}
+	fi, err := os.Stat(origPath)
+	if err != nil {
+		return err
+	}
+	if fi.IsDir() {
+		if err := CopyWithTar(origPath, destPath); err != nil {
+			return err
+		}
+		// First try to unpack the source as an archive
+	} else if err := UntarPath(origPath, destPath); err != nil {
+		utils.Debugf("Couldn't untar %s to %s: %s", origPath, destPath, err)
+		// If that fails, just copy it as a regular file
+		if err := os.MkdirAll(path.Dir(destPath), 0755); err != nil {
+			return err
+		}
+		if err := CopyWithTar(origPath, destPath); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func (b *buildFile) CmdAdd(args string) error {
 	if b.context == "" {
 		return fmt.Errorf("No context given. Impossible to use ADD")
@@ -172,55 +306,44 @@ func (b *buildFile) CmdAdd(args string) error {
 	if len(tmp) != 2 {
 		return fmt.Errorf("Invalid ADD format")
 	}
-	orig := strings.Trim(tmp[0], " ")
-	dest := strings.Trim(tmp[1], " ")
 
-	cmd := b.config.Cmd
-	b.config.Cmd = []string{"/bin/sh", "-c", fmt.Sprintf("#(nop) ADD %s in %s", orig, dest)}
-	cid, err := b.run()
+	orig, err := b.ReplaceEnvMatches(strings.Trim(tmp[0], " \t"))
 	if err != nil {
 		return err
 	}
 
-	container := b.runtime.Get(cid)
-	if container == nil {
-		return fmt.Errorf("Error while creating the container (CmdAdd)")
+	dest, err := b.ReplaceEnvMatches(strings.Trim(tmp[1], " \t"))
+	if err != nil {
+		return err
 	}
+
+	cmd := b.config.Cmd
+	b.config.Cmd = []string{"/bin/sh", "-c", fmt.Sprintf("#(nop) ADD %s in %s", orig, dest)}
+
+	b.config.Image = b.image
+	// Create the container and start it
+	container, err := b.builder.Create(b.config)
+	if err != nil {
+		return err
+	}
+	b.tmpContainers[container.ID] = struct{}{}
+
 	if err := container.EnsureMounted(); err != nil {
 		return err
 	}
 	defer container.Unmount()
 
-	origPath := path.Join(b.context, orig)
-	destPath := path.Join(container.RootfsPath(), dest)
-
-	fi, err := os.Stat(origPath)
-	if err != nil {
-		return err
-	}
-	if fi.IsDir() {
-		if err := os.MkdirAll(destPath, 0700); err != nil {
+	if utils.IsURL(orig) {
+		if err := b.addRemote(container, orig, dest); err != nil {
 			return err
 		}
-
-		files, err := ioutil.ReadDir(path.Join(b.context, orig))
-		if err != nil {
-			return err
-		}
-		for _, fi := range files {
-			if err := utils.CopyDirectory(path.Join(origPath, fi.Name()), path.Join(destPath, fi.Name())); err != nil {
-				return err
-			}
-		}
 	} else {
-		if err := os.MkdirAll(path.Dir(destPath), 0700); err != nil {
-			return err
-		}
-		if err := utils.CopyDirectory(origPath, destPath); err != nil {
+		if err := b.addContext(container, orig, dest); err != nil {
 			return err
 		}
 	}
-	if err := b.commit(cid, cmd, fmt.Sprintf("ADD %s in %s", orig, dest)); err != nil {
+
+	if err := b.commit(container.ID, cmd, fmt.Sprintf("ADD %s in %s", orig, dest)); err != nil {
 		return err
 	}
 	b.config.Cmd = cmd
@@ -238,19 +361,32 @@ func (b *buildFile) run() (string, error) {
 	if err != nil {
 		return "", err
 	}
-	b.tmpContainers[c.Id] = struct{}{}
+	b.tmpContainers[c.ID] = struct{}{}
+	fmt.Fprintf(b.out, " ---> Running in %s\n", utils.TruncateID(c.ID))
+
+	// override the entry point that may have been picked up from the base image
+	c.Path = b.config.Cmd[0]
+	c.Args = b.config.Cmd[1:]
 
 	//start the container
-	if err := c.Start(); err != nil {
+	hostConfig := &HostConfig{}
+	if err := c.Start(hostConfig); err != nil {
 		return "", err
 	}
 
+	if b.verbose {
+		err = <-c.Attach(nil, nil, b.out, b.out)
+		if err != nil {
+			return "", err
+		}
+	}
+
 	// Wait for it to finish
 	if ret := c.Wait(); ret != 0 {
 		return "", fmt.Errorf("The command %v returned a non-zero code: %d", b.config.Cmd, ret)
 	}
 
-	return c.Id, nil
+	return c.ID, nil
 }
 
 // Commit the container <id> with the autorun command <autoCmd>
@@ -260,23 +396,31 @@ func (b *buildFile) commit(id string, autoCmd []string, comment string) error {
 	}
 	b.config.Image = b.image
 	if id == "" {
+		cmd := b.config.Cmd
 		b.config.Cmd = []string{"/bin/sh", "-c", "#(nop) " + comment}
+		defer func(cmd []string) { b.config.Cmd = cmd }(cmd)
 
 		if cache, err := b.srv.ImageGetCached(b.image, b.config); err != nil {
 			return err
 		} else if cache != nil {
+			fmt.Fprintf(b.out, " ---> Using cache\n")
 			utils.Debugf("[BUILDER] Use cached version")
-			b.image = cache.Id
+			b.image = cache.ID
 			return nil
 		} else {
 			utils.Debugf("[BUILDER] Cache miss")
 		}
-
-		if cid, err := b.run(); err != nil {
+		container, err := b.builder.Create(b.config)
+		if err != nil {
 			return err
-		} else {
-			id = cid
 		}
+		b.tmpContainers[container.ID] = struct{}{}
+		fmt.Fprintf(b.out, " ---> Running in %s\n", utils.TruncateID(container.ID))
+		id = container.ID
+		if err := container.EnsureMounted(); err != nil {
+			return err
+		}
+		defer container.Unmount()
 	}
 
 	container := b.runtime.Get(id)
@@ -292,33 +436,40 @@ func (b *buildFile) commit(id string, autoCmd []string, comment string) error {
 	if err != nil {
 		return err
 	}
-	b.tmpImages[image.Id] = struct{}{}
-	b.image = image.Id
+	b.tmpImages[image.ID] = struct{}{}
+	b.image = image.ID
 	return nil
 }
 
-func (b *buildFile) Build(dockerfile, context io.Reader) (string, error) {
-	if context != nil {
-		name, err := ioutil.TempDir("/tmp", "docker-build")
-		if err != nil {
-			return "", err
-		}
-		if err := Untar(context, name); err != nil {
-			return "", err
-		}
-		defer os.RemoveAll(name)
-		b.context = name
+func (b *buildFile) Build(context io.Reader) (string, error) {
+	// FIXME: @creack any reason for using /tmp instead of ""?
+	// FIXME: @creack "name" is a terrible variable name
+	name, err := ioutil.TempDir("/tmp", "docker-build")
+	if err != nil {
+		return "", err
 	}
+	if err := Untar(context, name); err != nil {
+		return "", err
+	}
+	defer os.RemoveAll(name)
+	b.context = name
+	dockerfile, err := os.Open(path.Join(name, "Dockerfile"))
+	if err != nil {
+		return "", fmt.Errorf("Can't build a directory with no Dockerfile")
+	}
+	// FIXME: "file" is also a terrible variable name ;)
 	file := bufio.NewReader(dockerfile)
+	stepN := 0
 	for {
 		line, err := file.ReadString('\n')
 		if err != nil {
-			if err == io.EOF {
+			if err == io.EOF && line == "" {
 				break
+			} else if err != io.EOF {
+				return "", err
 			}
-			return "", err
 		}
-		line = strings.Replace(strings.TrimSpace(line), "	", " ", 1)
+		line = strings.Trim(strings.Replace(line, "\t", " ", -1), " \t\r\n")
 		// Skip comments and empty line
 		if len(line) == 0 || line[0] == '#' {
 			continue
@@ -329,12 +480,13 @@ func (b *buildFile) Build(dockerfile, context io.Reader) (string, error) {
 		}
 		instruction := strings.ToLower(strings.Trim(tmp[0], " "))
 		arguments := strings.Trim(tmp[1], " ")
-
-		fmt.Fprintf(b.out, "%s %s (%s)\n", strings.ToUpper(instruction), arguments, b.image)
+		stepN += 1
+		// FIXME: only count known instructions as build steps
+		fmt.Fprintf(b.out, "Step %d : %s %s\n", stepN, strings.ToUpper(instruction), arguments)
 
 		method, exists := reflect.TypeOf(b).MethodByName("Cmd" + strings.ToUpper(instruction[:1]) + strings.ToLower(instruction[1:]))
 		if !exists {
-			fmt.Fprintf(b.out, "Skipping unknown instruction %s\n", strings.ToUpper(instruction))
+			fmt.Fprintf(b.out, "# Skipping unknown instruction %s\n", strings.ToUpper(instruction))
 			continue
 		}
 		ret := method.Func.Call([]reflect.Value{reflect.ValueOf(b), reflect.ValueOf(arguments)})[0].Interface()
@@ -342,16 +494,16 @@ func (b *buildFile) Build(dockerfile, context io.Reader) (string, error) {
 			return "", ret.(error)
 		}
 
-		fmt.Fprintf(b.out, "===> %v\n", b.image)
+		fmt.Fprintf(b.out, " ---> %v\n", utils.TruncateID(b.image))
 	}
 	if b.image != "" {
-		fmt.Fprintf(b.out, "Build successful.\n===> %s\n", b.image)
+		fmt.Fprintf(b.out, "Successfully built %s\n", utils.TruncateID(b.image))
 		return b.image, nil
 	}
 	return "", fmt.Errorf("An error occured during the build\n")
 }
 
-func NewBuildFile(srv *Server, out io.Writer) BuildFile {
+func NewBuildFile(srv *Server, out io.Writer, verbose bool) BuildFile {
 	return &buildFile{
 		builder:       NewBuilder(srv.runtime),
 		runtime:       srv.runtime,
@@ -360,5 +512,6 @@ func NewBuildFile(srv *Server, out io.Writer) BuildFile {
 		out:           out,
 		tmpContainers: make(map[string]struct{}),
 		tmpImages:     make(map[string]struct{}),
+		verbose:       verbose,
 	}
 }

buildfile_test.go

@@ -1,72 +1,376 @@
 package docker
 
 import (
-	"github.com/dotcloud/docker/utils"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httptest"
 	"strings"
 	"testing"
 )
 
-const Dockerfile = `
-# VERSION		0.1
-# DOCKER-VERSION	0.2
+// mkTestContext generates a build context from the contents of the provided dockerfile.
+// This context is suitable for use as an argument to BuildFile.Build()
+func mkTestContext(dockerfile string, files [][2]string, t *testing.T) Archive {
+	context, err := mkBuildContext(dockerfile, files)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return context
+}
 
-from   ` + unitTestImageName + `
+// A testContextTemplate describes a build context and how to test it
+type testContextTemplate struct {
+	// Contents of the Dockerfile
+	dockerfile string
+	// Additional files in the context, eg [][2]string{"./passwd", "gordon"}
+	files [][2]string
+	// Additional remote files to host on a local HTTP server.
+	remoteFiles [][2]string
+}
+
+// A table of all the contexts to build and test.
+// A new docker runtime will be created and torn down for each context.
+var testContexts = []testContextTemplate{
+	{
+		`
+from   {IMAGE}
 run    sh -c 'echo root:testpass > /tmp/passwd'
 run    mkdir -p /var/run/sshd
-`
+run    [ "$(cat /tmp/passwd)" = "root:testpass" ]
+run    [ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]
+`,
+		nil,
+		nil,
+	},
+
+	{
+		`
+from {IMAGE}
+add foo /usr/lib/bla/bar
+run [ "$(cat /usr/lib/bla/bar)" = 'hello' ]
+add http://{SERVERADDR}/baz /usr/lib/baz/quux
+run [ "$(cat /usr/lib/baz/quux)" = 'world!' ]
+`,
+		[][2]string{{"foo", "hello"}},
+		[][2]string{{"/baz", "world!"}},
+	},
+
+	{
+		`
+from {IMAGE}
+add f /
+run [ "$(cat /f)" = "hello" ]
+add f /abc
+run [ "$(cat /abc)" = "hello" ]
+add f /x/y/z
+run [ "$(cat /x/y/z)" = "hello" ]
+add f /x/y/d/
+run [ "$(cat /x/y/d/f)" = "hello" ]
+add d /
+run [ "$(cat /ga)" = "bu" ]
+add d /somewhere
+run [ "$(cat /somewhere/ga)" = "bu" ]
+add d /anotherplace/
+run [ "$(cat /anotherplace/ga)" = "bu" ]
+add d /somewheeeere/over/the/rainbooow
+run [ "$(cat /somewheeeere/over/the/rainbooow/ga)" = "bu" ]
+`,
+		[][2]string{
+			{"f", "hello"},
+			{"d/ga", "bu"},
+		},
+		nil,
+	},
+
+	{
+		`
+from {IMAGE}
+add http://{SERVERADDR}/x /a/b/c
+run [ "$(cat /a/b/c)" = "hello" ]
+add http://{SERVERADDR}/x?foo=bar /
+run [ "$(cat /x)" = "hello" ]
+add http://{SERVERADDR}/x /d/
+run [ "$(cat /d/x)" = "hello" ]
+add http://{SERVERADDR} /e
+run [ "$(cat /e)" = "blah" ]
+`,
+		nil,
+		[][2]string{{"/x", "hello"}, {"/", "blah"}},
+	},
+
+	{
+		`
+from   {IMAGE}
+env    FOO BAR
+run    [ "$FOO" = "BAR" ]
+`,
+		nil,
+		nil,
+	},
+
+	{
+		`
+from {IMAGE}
+ENTRYPOINT /bin/echo
+CMD Hello world
+`,
+		nil,
+		nil,
+	},
+
+	{
+		`
+from {IMAGE}
+VOLUME /test
+CMD Hello world
+`,
+		nil,
+		nil,
+	},
+
+	{
+		`
+from {IMAGE}
+env    FOO /foo/baz
+env    BAR /bar
+env    BAZ $BAR
+env    FOOPATH $PATH:$FOO
+run    [ "$BAR" = "$BAZ" ]
+run    [ "$FOOPATH" = "$PATH:/foo/baz" ]
+`,
+		nil,
+		nil,
+	},
+
+	{
+		`
+from {IMAGE}
+env    FOO /bar
+env    TEST testdir
+env    BAZ /foobar
+add    testfile $BAZ/
+add    $TEST $FOO
+run    [ "$(cat /foobar/testfile)" = "test1" ]
+run    [ "$(cat /bar/withfile)" = "test2" ]
+`,
+		[][2]string{
+			{"testfile", "test1"},
+			{"testdir/withfile", "test2"},
+		},
+		nil,
+	},
+}
+
+// FIXME: test building with 2 successive overlapping ADD commands
+
+func constructDockerfile(template string, ip net.IP, port string) string {
+	serverAddr := fmt.Sprintf("%s:%s", ip, port)
+	replacer := strings.NewReplacer("{IMAGE}", unitTestImageID, "{SERVERADDR}", serverAddr)
+	return replacer.Replace(template)
+}
+
+func mkTestingFileServer(files [][2]string) (*httptest.Server, error) {
+	mux := http.NewServeMux()
+	for _, file := range files {
+		name, contents := file[0], file[1]
+		mux.HandleFunc(name, func(w http.ResponseWriter, r *http.Request) {
+			w.Write([]byte(contents))
+		})
+	}
+
+	// This is how httptest.NewServer sets up a net.Listener, except that our listener must accept remote
+	// connections (from the container).
+	listener, err := net.Listen("tcp", ":0")
+	if err != nil {
+		return nil, err
+	}
+
+	s := httptest.NewUnstartedServer(mux)
+	s.Listener = listener
+	s.Start()
+	return s, nil
+}
 
 func TestBuild(t *testing.T) {
+	for _, ctx := range testContexts {
+		buildImage(ctx, t)
+	}
+}
+
+func buildImage(context testContextTemplate, t *testing.T) *Image {
 	runtime, err := newTestRuntime()
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer nuke(runtime)
 
-	srv := &Server{runtime: runtime}
+	srv := &Server{
+		runtime:     runtime,
+		pullingPool: make(map[string]struct{}),
+		pushingPool: make(map[string]struct{}),
+	}
 
-	buildfile := NewBuildFile(srv, &utils.NopWriter{})
+	httpServer, err := mkTestingFileServer(context.remoteFiles)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer httpServer.Close()
 
-	imgId, err := buildfile.Build(strings.NewReader(Dockerfile), nil)
+	idx := strings.LastIndex(httpServer.URL, ":")
+	if idx < 0 {
+		t.Fatalf("could not get port from test http server address %s", httpServer.URL)
+	}
+	port := httpServer.URL[idx+1:]
+
+	ip := runtime.networkManager.bridgeNetwork.IP
+	dockerfile := constructDockerfile(context.dockerfile, ip, port)
+
+	buildfile := NewBuildFile(srv, ioutil.Discard, false)
+	id, err := buildfile.Build(mkTestContext(dockerfile, context.files, t))
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	builder := NewBuilder(runtime)
-	container, err := builder.Create(
-		&Config{
-			Image: imgId,
-			Cmd:   []string{"cat", "/tmp/passwd"},
-		},
-	)
+	img, err := srv.ImageInspect(id)
 	if err != nil {
 		t.Fatal(err)
 	}
-	defer runtime.Destroy(container)
+	return img
+}
 
-	output, err := container.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if string(output) != "root:testpass\n" {
-		t.Fatalf("Unexpected output. Read '%s', expected '%s'", output, "root:testpass\n")
-	}
+func TestVolume(t *testing.T) {
+	img := buildImage(testContextTemplate{`
+        from {IMAGE}
+        volume /test
+        cmd Hello world
+    `, nil, nil}, t)
 
-	container2, err := builder.Create(
-		&Config{
-			Image: imgId,
-			Cmd:   []string{"ls", "-d", "/var/run/sshd"},
-		},
-	)
-	if err != nil {
-		t.Fatal(err)
+	if len(img.Config.Volumes) == 0 {
+		t.Fail()
 	}
-	defer runtime.Destroy(container2)
-
-	output, err = container2.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if string(output) != "/var/run/sshd\n" {
-		t.Fatal("/var/run/sshd has not been created")
+	for key := range img.Config.Volumes {
+		if key != "/test" {
+			t.Fail()
+		}
+	}
+}
+
+func TestBuildMaintainer(t *testing.T) {
+	img := buildImage(testContextTemplate{`
+        from {IMAGE}
+        maintainer dockerio
+    `, nil, nil}, t)
+
+	if img.Author != "dockerio" {
+		t.Fail()
+	}
+}
+
+func TestBuildEnv(t *testing.T) {
+	img := buildImage(testContextTemplate{`
+        from {IMAGE}
+        env port 4243
+        `,
+		nil, nil}, t)
+	hasEnv := false
+	for _, envVar := range img.Config.Env {
+		if envVar == "port=4243" {
+			hasEnv = true
+			break
+		}
+	}
+	if !hasEnv {
+		t.Fail()
+	}
+}
+
+func TestBuildCmd(t *testing.T) {
+	img := buildImage(testContextTemplate{`
+        from {IMAGE}
+        cmd ["/bin/echo", "Hello World"]
+        `,
+		nil, nil}, t)
+
+	if img.Config.Cmd[0] != "/bin/echo" {
+		t.Log(img.Config.Cmd[0])
+		t.Fail()
+	}
+	if img.Config.Cmd[1] != "Hello World" {
+		t.Log(img.Config.Cmd[1])
+		t.Fail()
+	}
+}
+
+func TestBuildExpose(t *testing.T) {
+	img := buildImage(testContextTemplate{`
+        from {IMAGE}
+        expose 4243
+        `,
+		nil, nil}, t)
+
+	if img.Config.PortSpecs[0] != "4243" {
+		t.Fail()
+	}
+}
+
+func TestBuildEntrypoint(t *testing.T) {
+	img := buildImage(testContextTemplate{`
+        from {IMAGE}
+        entrypoint ["/bin/echo"]
+        `,
+		nil, nil}, t)
+
+	if img.Config.Entrypoint[0] != "/bin/echo" {
+	}
+}
+
+func TestForbiddenContextPath(t *testing.T) {
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	srv := &Server{
+		runtime:     runtime,
+		pullingPool: make(map[string]struct{}),
+		pushingPool: make(map[string]struct{}),
+	}
+
+	context := testContextTemplate{`
+        from {IMAGE}
+        maintainer dockerio
+        add ../../ test/
+        `,
+		[][2]string{{"test.txt", "test1"}, {"other.txt", "other"}}, nil}
+
+	httpServer, err := mkTestingFileServer(context.remoteFiles)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer httpServer.Close()
+
+	idx := strings.LastIndex(httpServer.URL, ":")
+	if idx < 0 {
+		t.Fatalf("could not get port from test http server address %s", httpServer.URL)
+	}
+	port := httpServer.URL[idx+1:]
+
+	ip := srv.runtime.networkManager.bridgeNetwork.IP
+	dockerfile := constructDockerfile(context.dockerfile, ip, port)
+
+	buildfile := NewBuildFile(srv, ioutil.Discard, false)
+	_, err = buildfile.Build(mkTestContext(dockerfile, context.files, t))
+
+	if err == nil {
+		t.Log("Error should not be nil")
+		t.Fail()
+	}
+
+	if err.Error() != "Forbidden path: /" {
+		t.Logf("Error message is not expected: %s", err.Error())
+		t.Fail()
 	}
 }

commands_test.go

@@ -3,8 +3,9 @@ package docker
 import (
 	"bufio"
 	"fmt"
+	"github.com/dotcloud/docker/utils"
 	"io"
-	_ "io/ioutil"
+	"io/ioutil"
 	"strings"
 	"testing"
 	"time"
@@ -37,7 +38,7 @@ func setTimeout(t *testing.T, msg string, d time.Duration, f func()) {
 		f()
 		c <- false
 	}()
-	if <-c {
+	if <-c && msg != "" {
 		t.Fatal(msg)
 	}
 }
@@ -58,141 +59,47 @@ func assertPipe(input, output string, r io.Reader, w io.Writer, count int) error
 	return nil
 }
 
-/*TODO
-func cmdWait(srv *Server, container *Container) error {
-	stdout, stdoutPipe := io.Pipe()
-
-	go func() {
-		srv.CmdWait(nil, stdoutPipe, container.Id)
-	}()
-
-	if _, err := bufio.NewReader(stdout).ReadString('\n'); err != nil {
-		return err
-	}
-	// Cleanup pipes
-	return closeWrap(stdout, stdoutPipe)
-}
-
-func cmdImages(srv *Server, args ...string) (string, error) {
-	stdout, stdoutPipe := io.Pipe()
-
-	go func() {
-		if err := srv.CmdImages(nil, stdoutPipe, args...); err != nil {
-			return
-		}
-
-		// force the pipe closed, so that the code below gets an EOF
-		stdoutPipe.Close()
-	}()
-
-	output, err := ioutil.ReadAll(stdout)
-	if err != nil {
-		return "", err
-	}
-
-	// Cleanup pipes
-	return string(output), closeWrap(stdout, stdoutPipe)
-}
-
-// TestImages checks that 'docker images' displays information correctly
-func TestImages(t *testing.T) {
-
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer nuke(runtime)
-
-	srv := &Server{runtime: runtime}
-
-	output, err := cmdImages(srv)
-
-	if !strings.Contains(output, "REPOSITORY") {
-		t.Fatal("'images' should have a header")
-	}
-	if !strings.Contains(output, "docker-ut") {
-		t.Fatal("'images' should show the docker-ut image")
-	}
-	if !strings.Contains(output, "e9aa60c60128") {
-		t.Fatal("'images' should show the docker-ut image id")
-	}
-
-	output, err = cmdImages(srv, "-q")
-
-	if strings.Contains(output, "REPOSITORY") {
-		t.Fatal("'images -q' should not have a header")
-	}
-	if strings.Contains(output, "docker-ut") {
-		t.Fatal("'images' should not show the docker-ut image name")
-	}
-	if !strings.Contains(output, "e9aa60c60128") {
-		t.Fatal("'images' should show the docker-ut image id")
-	}
-
-	output, err = cmdImages(srv, "-viz")
-
-	if !strings.HasPrefix(output, "digraph docker {") {
-		t.Fatal("'images -v' should start with the dot header")
-	}
-	if !strings.HasSuffix(output, "}\n") {
-		t.Fatal("'images -v' should end with a '}'")
-	}
-	if !strings.Contains(output, "base -> \"e9aa60c60128\" [style=invis]") {
-		t.Fatal("'images -v' should have the docker-ut image id node")
-	}
-
-	// todo: add checks for -a
-}
-
 // TestRunHostname checks that 'docker run -h' correctly sets a custom hostname
 func TestRunHostname(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer nuke(runtime)
-
-	srv := &Server{runtime: runtime}
-
-	stdin, _ := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
+	cli := NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalRuntime)
+
 	c := make(chan struct{})
 	go func() {
-		if err := srv.CmdRun(stdin, rcli.NewDockerLocalConn(stdoutPipe), "-h", "foobar", GetTestImage(runtime).Id, "hostname"); err != nil {
+		defer close(c)
+		if err := cli.CmdRun("-h", "foobar", unitTestImageID, "hostname"); err != nil {
 			t.Fatal(err)
 		}
-		close(c)
 	}()
-	cmdOutput, err := bufio.NewReader(stdout).ReadString('\n')
-	if err != nil {
-		t.Fatal(err)
-	}
-	if cmdOutput != "foobar\n" {
-		t.Fatalf("'hostname' should display '%s', not '%s'", "foobar\n", cmdOutput)
-	}
 
-	setTimeout(t, "CmdRun timed out", 2*time.Second, func() {
+	setTimeout(t, "Reading command output time out", 2*time.Second, func() {
+		cmdOutput, err := bufio.NewReader(stdout).ReadString('\n')
+		if err != nil {
+			t.Fatal(err)
+		}
+		if cmdOutput != "foobar\n" {
+			t.Fatalf("'hostname' should display '%s', not '%s'", "foobar\n", cmdOutput)
+		}
+	})
+
+	setTimeout(t, "CmdRun timed out", 5*time.Second, func() {
 		<-c
-		cmdWait(srv, srv.runtime.List()[0])
 	})
 
 }
 
 func TestRunExit(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer nuke(runtime)
-
-	srv := &Server{runtime: runtime}
-
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
+
+	cli := NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalRuntime)
+
 	c1 := make(chan struct{})
 	go func() {
-		srv.CmdRun(stdin, rcli.NewDockerLocalConn(stdoutPipe), "-i", GetTestImage(runtime).Id, "/bin/cat")
+		cli.CmdRun("-i", unitTestImageID, "/bin/cat")
 		close(c1)
 	}()
 
@@ -202,21 +109,24 @@ func TestRunExit(t *testing.T) {
 		}
 	})
 
-	container := runtime.List()[0]
+	container := globalRuntime.List()[0]
 
 	// Closing /bin/cat stdin, expect it to exit
-	p, err := container.StdinPipe()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err := p.Close(); err != nil {
+	if err := stdin.Close(); err != nil {
 		t.Fatal(err)
 	}
 
 	// as the process exited, CmdRun must finish and unblock. Wait for it
-	setTimeout(t, "Waiting for CmdRun timed out", 2*time.Second, func() {
+	setTimeout(t, "Waiting for CmdRun timed out", 10*time.Second, func() {
 		<-c1
-		cmdWait(srv, container)
+
+		go func() {
+			cli.CmdWait(container.ID)
+		}()
+
+		if _, err := bufio.NewReader(stdout).ReadString('\n'); err != nil {
+			t.Fatal(err)
+		}
 	})
 
 	// Make sure that the client has been disconnected
@@ -233,21 +143,18 @@ func TestRunExit(t *testing.T) {
 
 // Expected behaviour: the process dies when the client disconnects
 func TestRunDisconnect(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer nuke(runtime)
-
-	srv := &Server{runtime: runtime}
 
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
+
+	cli := NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalRuntime)
+
 	c1 := make(chan struct{})
 	go func() {
 		// We're simulating a disconnect so the return value doesn't matter. What matters is the
 		// fact that CmdRun returns.
-		srv.CmdRun(stdin, rcli.NewDockerLocalConn(stdoutPipe), "-i", GetTestImage(runtime).Id, "/bin/cat")
+		cli.CmdRun("-i", unitTestImageID, "/bin/cat")
 		close(c1)
 	}()
 
@@ -271,7 +178,7 @@ func TestRunDisconnect(t *testing.T) {
 	// Client disconnect after run -i should cause stdin to be closed, which should
 	// cause /bin/cat to exit.
 	setTimeout(t, "Waiting for /bin/cat to exit timed out", 2*time.Second, func() {
-		container := runtime.List()[0]
+		container := globalRuntime.List()[0]
 		container.Wait()
 		if container.State.Running {
 			t.Fatalf("/bin/cat is still running after closing stdin")
@@ -281,40 +188,39 @@ func TestRunDisconnect(t *testing.T) {
 
 // Expected behaviour: the process dies when the client disconnects
 func TestRunDisconnectTty(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer nuke(runtime)
-
-	srv := &Server{runtime: runtime}
 
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
+
+	cli := NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalRuntime)
+
 	c1 := make(chan struct{})
 	go func() {
 		// We're simulating a disconnect so the return value doesn't matter. What matters is the
 		// fact that CmdRun returns.
-		srv.CmdRun(stdin, rcli.NewDockerLocalConn(stdoutPipe), "-i", "-t", GetTestImage(runtime).Id, "/bin/cat")
+		if err := cli.CmdRun("-i", "-t", unitTestImageID, "/bin/cat"); err != nil {
+			utils.Debugf("Error CmdRun: %s\n", err)
+		}
+
 		close(c1)
 	}()
 
-	setTimeout(t, "Waiting for the container to be started timed out", 2*time.Second, func() {
+	setTimeout(t, "Waiting for the container to be started timed out", 10*time.Second, func() {
 		for {
 			// Client disconnect after run -i should keep stdin out in TTY mode
-			l := runtime.List()
+			l := globalRuntime.List()
 			if len(l) == 1 && l[0].State.Running {
 				break
 			}
-
 			time.Sleep(10 * time.Millisecond)
 		}
 	})
 
 	// Client disconnect after run -i should keep stdin out in TTY mode
-	container := runtime.List()[0]
+	container := globalRuntime.List()[0]
 
-	setTimeout(t, "Read/Write assertion timed out", 2*time.Second, func() {
+	setTimeout(t, "Read/Write assertion timed out", 2000*time.Second, func() {
 		if err := assertPipe("hello\n", "hello", stdout, stdinPipe, 15); err != nil {
 			t.Fatal(err)
 		}
@@ -339,24 +245,21 @@ func TestRunDisconnectTty(t *testing.T) {
 // 'docker run -i -a stdin' should sends the client's stdin to the command,
 // then detach from it and print the container id.
 func TestRunAttachStdin(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer nuke(runtime)
-	srv := &Server{runtime: runtime}
 
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
+	cli := NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalRuntime)
+
 	ch := make(chan struct{})
 	go func() {
-		srv.CmdRun(stdin, rcli.NewDockerLocalConn(stdoutPipe), "-i", "-a", "stdin", GetTestImage(runtime).Id, "sh", "-c", "echo hello; cat")
-		close(ch)
+		defer close(ch)
+		cli.CmdRun("-i", "-a", "stdin", unitTestImageID, "sh", "-c", "echo hello && cat")
 	}()
 
 	// Send input to the command, close stdin
-	setTimeout(t, "Write timed out", 2*time.Second, func() {
+	setTimeout(t, "Write timed out", 10*time.Second, func() {
 		if _, err := stdinPipe.Write([]byte("hi there\n")); err != nil {
 			t.Fatal(err)
 		}
@@ -365,36 +268,42 @@ func TestRunAttachStdin(t *testing.T) {
 		}
 	})
 
-	container := runtime.List()[0]
+	container := globalRuntime.List()[0]
 
 	// Check output
-	cmdOutput, err := bufio.NewReader(stdout).ReadString('\n')
-	if err != nil {
-		t.Fatal(err)
-	}
-	if cmdOutput != container.ShortId()+"\n" {
-		t.Fatalf("Wrong output: should be '%s', not '%s'\n", container.ShortId()+"\n", cmdOutput)
-	}
+	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
+		cmdOutput, err := bufio.NewReader(stdout).ReadString('\n')
+		if err != nil {
+			t.Fatal(err)
+		}
+		if cmdOutput != container.ShortID()+"\n" {
+			t.Fatalf("Wrong output: should be '%s', not '%s'\n", container.ShortID()+"\n", cmdOutput)
+		}
+	})
 
 	// wait for CmdRun to return
-	setTimeout(t, "Waiting for CmdRun timed out", 2*time.Second, func() {
+	setTimeout(t, "Waiting for CmdRun timed out", 5*time.Second, func() {
+		// Unblock hijack end
+		stdout.Read([]byte{})
 		<-ch
 	})
 
-	setTimeout(t, "Waiting for command to exit timed out", 2*time.Second, func() {
+	setTimeout(t, "Waiting for command to exit timed out", 5*time.Second, func() {
 		container.Wait()
 	})
 
 	// Check logs
-	if cmdLogs, err := container.ReadLog("stdout"); err != nil {
+	if cmdLogs, err := container.ReadLog("json"); err != nil {
 		t.Fatal(err)
 	} else {
 		if output, err := ioutil.ReadAll(cmdLogs); err != nil {
 			t.Fatal(err)
 		} else {
-			expectedLog := "hello\nhi there\n"
-			if string(output) != expectedLog {
-				t.Fatalf("Unexpected logs: should be '%s', not '%s'\n", expectedLog, output)
+			expectedLogs := []string{"{\"log\":\"hello\\n\",\"stream\":\"stdout\"", "{\"log\":\"hi there\\n\",\"stream\":\"stdout\""}
+			for _, expectedLog := range expectedLogs {
+				if !strings.Contains(string(output), expectedLog) {
+					t.Fatalf("Unexpected logs: should contains '%s', it is not '%s'\n", expectedLog, output)
+				}
 			}
 		}
 	}
@@ -402,42 +311,43 @@ func TestRunAttachStdin(t *testing.T) {
 
 // Expected behaviour, the process stays alive when the client disconnects
 func TestAttachDisconnect(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer nuke(runtime)
-
-	srv := &Server{runtime: runtime}
-
-	container, err := NewBuilder(runtime).Create(
-		&Config{
-			Image:     GetTestImage(runtime).Id,
-			CpuShares: 1000,
-			Memory:    33554432,
-			Cmd:       []string{"/bin/cat"},
-			OpenStdin: true,
-		},
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer runtime.Destroy(container)
-
-	// Start the process
-	if err := container.Start(); err != nil {
-		t.Fatal(err)
-	}
-
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
+	cli := NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalRuntime)
+
+	go func() {
+		// Start a process in daemon mode
+		if err := cli.CmdRun("-d", "-i", unitTestImageID, "/bin/cat"); err != nil {
+			utils.Debugf("Error CmdRun: %s\n", err)
+		}
+	}()
+
+	setTimeout(t, "Waiting for CmdRun timed out", 10*time.Second, func() {
+		if _, err := bufio.NewReader(stdout).ReadString('\n'); err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	setTimeout(t, "Waiting for the container to be started timed out", 10*time.Second, func() {
+		for {
+			l := globalRuntime.List()
+			if len(l) == 1 && l[0].State.Running {
+				break
+			}
+			time.Sleep(10 * time.Millisecond)
+		}
+	})
+
+	container := globalRuntime.List()[0]
+
 	// Attach to it
 	c1 := make(chan struct{})
 	go func() {
 		// We're simulating a disconnect so the return value doesn't matter. What matters is the
 		// fact that CmdAttach returns.
-		srv.CmdAttach(stdin, rcli.NewDockerLocalConn(stdoutPipe), container.Id)
+		cli.CmdAttach(container.ID)
 		close(c1)
 	}()
 
@@ -458,7 +368,7 @@ func TestAttachDisconnect(t *testing.T) {
 
 	// We closed stdin, expect /bin/cat to still be running
 	// Wait a little bit to make sure container.monitor() did his thing
-	err = container.WaitTimeout(500 * time.Millisecond)
+	err := container.WaitTimeout(500 * time.Millisecond)
 	if err == nil || !container.State.Running {
 		t.Fatalf("/bin/cat is not running after closing stdin")
 	}
@@ -468,4 +378,3 @@ func TestAttachDisconnect(t *testing.T) {
 	cStdin.Close()
 	container.Wait()
 }
-*/

container.go

@@ -13,6 +13,7 @@ import (
 	"os"
 	"os/exec"
 	"path"
+	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"
@@ -23,7 +24,7 @@ import (
 type Container struct {
 	root string
 
-	Id string
+	ID string
 
 	Created time.Time
 
@@ -51,43 +52,62 @@ type Container struct {
 
 	waitLock chan struct{}
 	Volumes  map[string]string
+	// Store rw/ro in a separate structure to preserve reverse-compatibility on-disk.
+	// Easier than migrating older container configs :)
+	VolumesRW map[string]bool
 }
 
 type Config struct {
-	Hostname     string
-	User         string
-	Memory       int64 // Memory limit (in bytes)
-	MemorySwap   int64 // Total memory usage (memory + swap); set `-1' to disable swap
-	CpuShares    int64 // CPU shares (relative weight vs. other containers)
-	AttachStdin  bool
-	AttachStdout bool
-	AttachStderr bool
-	PortSpecs    []string
-	Tty          bool // Attach standard streams to a tty, including stdin if it is not closed.
-	OpenStdin    bool // Open stdin
-	StdinOnce    bool // If true, close stdin after the 1 attached client disconnects.
-	Env          []string
-	Cmd          []string
-	Dns          []string
-	Image        string // Name of the image as it was passed by the operator (eg. could be symbolic)
-	Volumes      map[string]struct{}
-	VolumesFrom  string
+	Hostname        string
+	User            string
+	Memory          int64 // Memory limit (in bytes)
+	MemorySwap      int64 // Total memory usage (memory + swap); set `-1' to disable swap
+	CpuShares       int64 // CPU shares (relative weight vs. other containers)
+	AttachStdin     bool
+	AttachStdout    bool
+	AttachStderr    bool
+	PortSpecs       []string
+	Tty             bool // Attach standard streams to a tty, including stdin if it is not closed.
+	OpenStdin       bool // Open stdin
+	StdinOnce       bool // If true, close stdin after the 1 attached client disconnects.
+	Env             []string
+	Cmd             []string
+	Dns             []string
+	Image           string // Name of the image as it was passed by the operator (eg. could be symbolic)
+	Volumes         map[string]struct{}
+	VolumesFrom     string
+	Entrypoint      []string
+	NetworkDisabled bool
 }
 
-func ParseRun(args []string, capabilities *Capabilities) (*Config, *flag.FlagSet, error) {
-	cmd := Subcmd("run", "[OPTIONS] IMAGE COMMAND [ARG...]", "Run a command in a new container")
+type HostConfig struct {
+	Binds           []string
+	ContainerIDFile string
+}
+
+type BindMap struct {
+	SrcPath string
+	DstPath string
+	Mode    string
+}
+
+func ParseRun(args []string, capabilities *Capabilities) (*Config, *HostConfig, *flag.FlagSet, error) {
+	cmd := Subcmd("run", "[OPTIONS] IMAGE [COMMAND] [ARG...]", "Run a command in a new container")
 	if len(args) > 0 && args[0] != "--help" {
 		cmd.SetOutput(ioutil.Discard)
+		cmd.Usage = nil
 	}
 
 	flHostname := cmd.String("h", "", "Container host name")
 	flUser := cmd.String("u", "", "Username or UID")
-	flDetach := cmd.Bool("d", false, "Detached mode: leave the container running in the background")
+	flDetach := cmd.Bool("d", false, "Detached mode: Run container in the background, print new container id")
 	flAttach := NewAttachOpts()
 	cmd.Var(flAttach, "a", "Attach to stdin, stdout or stderr.")
 	flStdin := cmd.Bool("i", false, "Keep stdin open even if not attached")
 	flTty := cmd.Bool("t", false, "Allocate a pseudo-tty")
 	flMemory := cmd.Int64("m", 0, "Memory limit (in bytes)")
+	flContainerIDFile := cmd.String("cidfile", "", "Write the container ID to the file")
+	flNetwork := cmd.Bool("n", true, "Enable networking for this container")
 
 	if capabilities != nil && *flMemory > 0 && !capabilities.MemoryLimit {
 		//fmt.Fprintf(stdout, "WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.\n")
@@ -106,15 +126,16 @@ func ParseRun(args []string, capabilities *Capabilities) (*Config, *flag.FlagSet
 	cmd.Var(&flDns, "dns", "Set custom dns servers")
 
 	flVolumes := NewPathOpts()
-	cmd.Var(flVolumes, "v", "Attach a data volume")
+	cmd.Var(flVolumes, "v", "Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)")
 
 	flVolumesFrom := cmd.String("volumes-from", "", "Mount volumes from the specified container")
+	flEntrypoint := cmd.String("entrypoint", "", "Overwrite the default entrypoint of the image")
 
 	if err := cmd.Parse(args); err != nil {
-		return nil, cmd, err
+		return nil, nil, cmd, err
 	}
 	if *flDetach && len(flAttach) > 0 {
-		return nil, cmd, fmt.Errorf("Conflicting options: -a and -d")
+		return nil, nil, cmd, fmt.Errorf("Conflicting options: -a and -d")
 	}
 	// If neither -d or -a are set, attach to everything by default
 	if len(flAttach) == 0 && !*flDetach {
@@ -126,8 +147,23 @@ func ParseRun(args []string, capabilities *Capabilities) (*Config, *flag.FlagSet
 			}
 		}
 	}
+
+	var binds []string
+
+	// add any bind targets to the list of container volumes
+	for bind := range flVolumes {
+		arr := strings.Split(bind, ":")
+		if len(arr) > 1 {
+			dstDir := arr[1]
+			flVolumes[dstDir] = struct{}{}
+			binds = append(binds, bind)
+			delete(flVolumes, bind)
+		}
+	}
+
 	parsedArgs := cmd.Args()
 	runCmd := []string{}
+	entrypoint := []string{}
 	image := ""
 	if len(parsedArgs) >= 1 {
 		image = cmd.Arg(0)
@@ -135,23 +171,33 @@ func ParseRun(args []string, capabilities *Capabilities) (*Config, *flag.FlagSet
 	if len(parsedArgs) > 1 {
 		runCmd = parsedArgs[1:]
 	}
+	if *flEntrypoint != "" {
+		entrypoint = []string{*flEntrypoint}
+	}
+
 	config := &Config{
-		Hostname:     *flHostname,
-		PortSpecs:    flPorts,
-		User:         *flUser,
-		Tty:          *flTty,
-		OpenStdin:    *flStdin,
-		Memory:       *flMemory,
-		CpuShares:    *flCpuShares,
-		AttachStdin:  flAttach.Get("stdin"),
-		AttachStdout: flAttach.Get("stdout"),
-		AttachStderr: flAttach.Get("stderr"),
-		Env:          flEnv,
-		Cmd:          runCmd,
-		Dns:          flDns,
-		Image:        image,
-		Volumes:      flVolumes,
-		VolumesFrom:  *flVolumesFrom,
+		Hostname:        *flHostname,
+		PortSpecs:       flPorts,
+		User:            *flUser,
+		Tty:             *flTty,
+		NetworkDisabled: !*flNetwork,
+		OpenStdin:       *flStdin,
+		Memory:          *flMemory,
+		CpuShares:       *flCpuShares,
+		AttachStdin:     flAttach.Get("stdin"),
+		AttachStdout:    flAttach.Get("stdout"),
+		AttachStderr:    flAttach.Get("stderr"),
+		Env:             flEnv,
+		Cmd:             runCmd,
+		Dns:             flDns,
+		Image:           image,
+		Volumes:         flVolumes,
+		VolumesFrom:     *flVolumesFrom,
+		Entrypoint:      entrypoint,
+	}
+	hostConfig := &HostConfig{
+		Binds:           binds,
+		ContainerIDFile: *flContainerIDFile,
 	}
 
 	if capabilities != nil && *flMemory > 0 && !capabilities.SwapLimit {
@@ -163,23 +209,28 @@ func ParseRun(args []string, capabilities *Capabilities) (*Config, *flag.FlagSet
 	if config.OpenStdin && config.AttachStdin {
 		config.StdinOnce = true
 	}
-	return config, cmd, nil
+	return config, hostConfig, cmd, nil
 }
 
+type PortMapping map[string]string
+
 type NetworkSettings struct {
-	IpAddress   string
-	IpPrefixLen int
+	IPAddress   string
+	IPPrefixLen int
 	Gateway     string
 	Bridge      string
-	PortMapping map[string]string
+	PortMapping map[string]PortMapping
 }
 
 // String returns a human-readable description of the port mapping defined in the settings
 func (settings *NetworkSettings) PortMappingHuman() string {
 	var mapping []string
-	for private, public := range settings.PortMapping {
+	for private, public := range settings.PortMapping["Tcp"] {
 		mapping = append(mapping, fmt.Sprintf("%s->%s", public, private))
 	}
+	for private, public := range settings.PortMapping["Udp"] {
+		mapping = append(mapping, fmt.Sprintf("%s->%s/udp", public, private))
+	}
 	sort.Strings(mapping)
 	return strings.Join(mapping, ", ")
 }
@@ -229,6 +280,26 @@ func (container *Container) ToDisk() (err error) {
 	return ioutil.WriteFile(container.jsonPath(), data, 0666)
 }
 
+func (container *Container) ReadHostConfig() (*HostConfig, error) {
+	data, err := ioutil.ReadFile(container.hostConfigPath())
+	if err != nil {
+		return &HostConfig{}, err
+	}
+	hostConfig := &HostConfig{}
+	if err := json.Unmarshal(data, hostConfig); err != nil {
+		return &HostConfig{}, err
+	}
+	return hostConfig, nil
+}
+
+func (container *Container) SaveHostConfig(hostConfig *HostConfig) (err error) {
+	data, err := json.Marshal(hostConfig)
+	if err != nil {
+		return
+	}
+	return ioutil.WriteFile(container.hostConfigPath(), data, 0666)
+}
+
 func (container *Container) generateLXCConfig() error {
 	fo, err := os.Create(container.lxcConfigPath())
 	if err != nil {
@@ -308,14 +379,15 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s
 				utils.Debugf("[start] attach stdin\n")
 				defer utils.Debugf("[end] attach stdin\n")
 				// No matter what, when stdin is closed (io.Copy unblock), close stdout and stderr
-				if cStdout != nil {
-					defer cStdout.Close()
-				}
-				if cStderr != nil {
-					defer cStderr.Close()
-				}
 				if container.Config.StdinOnce && !container.Config.Tty {
 					defer cStdin.Close()
+				} else {
+					if cStdout != nil {
+						defer cStdout.Close()
+					}
+					if cStderr != nil {
+						defer cStderr.Close()
+					}
 				}
 				if container.Config.Tty {
 					_, err = utils.CopyEscapable(cStdin, stdin)
@@ -355,6 +427,18 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s
 				errors <- err
 			}()
 		}
+	} else {
+		go func() {
+			if stdinCloser != nil {
+				defer stdinCloser.Close()
+			}
+
+			if cStdout, err := container.StdoutPipe(); err != nil {
+				utils.Debugf("Error stdout pipe")
+			} else {
+				io.Copy(&utils.NopWriter{}, cStdout)
+			}
+		}()
 	}
 	if stderr != nil {
 		nJobs += 1
@@ -381,7 +465,20 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s
 				errors <- err
 			}()
 		}
+	} else {
+		go func() {
+			if stdinCloser != nil {
+				defer stdinCloser.Close()
+			}
+
+			if cStderr, err := container.StderrPipe(); err != nil {
+				utils.Debugf("Error stdout pipe")
+			} else {
+				io.Copy(&utils.NopWriter{}, cStderr)
+			}
+		}()
 	}
+
 	return utils.Go(func() error {
 		if cStdout != nil {
 			defer cStdout.Close()
@@ -404,18 +501,26 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s
 	})
 }
 
-func (container *Container) Start() error {
-	container.State.lock()
-	defer container.State.unlock()
+func (container *Container) Start(hostConfig *HostConfig) error {
+	container.State.Lock()
+	defer container.State.Unlock()
+
+	if len(hostConfig.Binds) == 0 {
+		hostConfig, _ = container.ReadHostConfig()
+	}
 
 	if container.State.Running {
-		return fmt.Errorf("The container %s is already running.", container.Id)
+		return fmt.Errorf("The container %s is already running.", container.ID)
 	}
 	if err := container.EnsureMounted(); err != nil {
 		return err
 	}
-	if err := container.allocateNetwork(); err != nil {
-		return err
+	if container.runtime.networkManager.disabled {
+		container.Config.NetworkDisabled = true
+	} else {
+		if err := container.allocateNetwork(); err != nil {
+			return err
+		}
 	}
 
 	// Make sure the config is compatible with the current kernel
@@ -427,33 +532,93 @@ func (container *Container) Start() error {
 		log.Printf("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n")
 		container.Config.MemorySwap = -1
 	}
-	container.Volumes = make(map[string]string)
 
-	// Create the requested volumes volumes
-	for volPath := range container.Config.Volumes {
-		if c, err := container.runtime.volumes.Create(nil, container, "", "", nil); err != nil {
-			return err
+	// Create the requested bind mounts
+	binds := make(map[string]BindMap)
+	// Define illegal container destinations
+	illegalDsts := []string{"/", "."}
+
+	for _, bind := range hostConfig.Binds {
+		// FIXME: factorize bind parsing in parseBind
+		var src, dst, mode string
+		arr := strings.Split(bind, ":")
+		if len(arr) == 2 {
+			src = arr[0]
+			dst = arr[1]
+			mode = "rw"
+		} else if len(arr) == 3 {
+			src = arr[0]
+			dst = arr[1]
+			mode = arr[2]
 		} else {
+			return fmt.Errorf("Invalid bind specification: %s", bind)
+		}
+
+		// Bail if trying to mount to an illegal destination
+		for _, illegal := range illegalDsts {
+			if dst == illegal {
+				return fmt.Errorf("Illegal bind destination: %s", dst)
+			}
+		}
+
+		bindMap := BindMap{
+			SrcPath: src,
+			DstPath: dst,
+			Mode:    mode,
+		}
+		binds[path.Clean(dst)] = bindMap
+	}
+
+	// FIXME: evaluate volumes-from before individual volumes, so that the latter can override the former.
+	// Create the requested volumes volumes
+	if container.Volumes == nil || len(container.Volumes) == 0 {
+		container.Volumes = make(map[string]string)
+		container.VolumesRW = make(map[string]bool)
+
+		for volPath := range container.Config.Volumes {
+			volPath = path.Clean(volPath)
+			// If an external bind is defined for this volume, use that as a source
+			if bindMap, exists := binds[volPath]; exists {
+				container.Volumes[volPath] = bindMap.SrcPath
+				if strings.ToLower(bindMap.Mode) == "rw" {
+					container.VolumesRW[volPath] = true
+				}
+				// Otherwise create an directory in $ROOT/volumes/ and use that
+			} else {
+				c, err := container.runtime.volumes.Create(nil, container, "", "", nil)
+				if err != nil {
+					return err
+				}
+				srcPath, err := c.layer()
+				if err != nil {
+					return err
+				}
+				container.Volumes[volPath] = srcPath
+				container.VolumesRW[volPath] = true // RW by default
+			}
+			// Create the mountpoint
 			if err := os.MkdirAll(path.Join(container.RootfsPath(), volPath), 0755); err != nil {
 				return nil
 			}
-			container.Volumes[volPath] = c.Id
 		}
 	}
 
 	if container.Config.VolumesFrom != "" {
 		c := container.runtime.Get(container.Config.VolumesFrom)
 		if c == nil {
-			return fmt.Errorf("Container %s not found. Impossible to mount its volumes", container.Id)
+			return fmt.Errorf("Container %s not found. Impossible to mount its volumes", container.ID)
 		}
 		for volPath, id := range c.Volumes {
 			if _, exists := container.Volumes[volPath]; exists {
-				return fmt.Errorf("The requested volume %s overlap one of the volume of the container %s", volPath, c.Id)
+				return fmt.Errorf("The requested volume %s overlap one of the volume of the container %s", volPath, c.ID)
 			}
 			if err := os.MkdirAll(path.Join(container.RootfsPath(), volPath), 0755); err != nil {
 				return nil
 			}
 			container.Volumes[volPath] = id
+			if isRW, exists := c.VolumesRW[volPath]; exists {
+				container.VolumesRW[volPath] = isRW
+			}
 		}
 	}
 
@@ -462,14 +627,16 @@ func (container *Container) Start() error {
 	}
 
 	params := []string{
-		"-n", container.Id,
+		"-n", container.ID,
 		"-f", container.lxcConfigPath(),
 		"--",
 		"/sbin/init",
 	}
 
 	// Networking
-	params = append(params, "-g", container.network.Gateway.String())
+	if !container.Config.NetworkDisabled {
+		params = append(params, "-g", container.network.Gateway.String())
+	}
 
 	// User
 	if container.Config.User != "" {
@@ -484,6 +651,8 @@ func (container *Container) Start() error {
 	params = append(params,
 		"-e", "HOME=/",
 		"-e", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+		"-e", "container=lxc",
+		"-e", "HOSTNAME="+container.Config.Hostname,
 	)
 
 	for _, elem := range container.Config.Env {
@@ -497,10 +666,10 @@ func (container *Container) Start() error {
 	container.cmd = exec.Command("lxc-start", params...)
 
 	// Setup logging of stdout and stderr to disk
-	if err := container.runtime.LogToDisk(container.stdout, container.logPath("stdout")); err != nil {
+	if err := container.runtime.LogToDisk(container.stdout, container.logPath("json"), "stdout"); err != nil {
 		return err
 	}
-	if err := container.runtime.LogToDisk(container.stderr, container.logPath("stderr")); err != nil {
+	if err := container.runtime.LogToDisk(container.stderr, container.logPath("json"), "stderr"); err != nil {
 		return err
 	}
 
@@ -521,12 +690,14 @@ func (container *Container) Start() error {
 	container.waitLock = make(chan struct{})
 
 	container.ToDisk()
+	container.SaveHostConfig(hostConfig)
 	go container.monitor()
 	return nil
 }
 
 func (container *Container) Run() error {
-	if err := container.Start(); err != nil {
+	hostConfig := &HostConfig{}
+	if err := container.Start(hostConfig); err != nil {
 		return err
 	}
 	container.Wait()
@@ -539,7 +710,8 @@ func (container *Container) Output() (output []byte, err error) {
 		return nil, err
 	}
 	defer pipe.Close()
-	if err := container.Start(); err != nil {
+	hostConfig := &HostConfig{}
+	if err := container.Start(hostConfig); err != nil {
 		return nil, err
 	}
 	output, err = ioutil.ReadAll(pipe)
@@ -556,39 +728,50 @@ func (container *Container) StdinPipe() (io.WriteCloser, error) {
 
 func (container *Container) StdoutPipe() (io.ReadCloser, error) {
 	reader, writer := io.Pipe()
-	container.stdout.AddWriter(writer)
+	container.stdout.AddWriter(writer, "")
 	return utils.NewBufReader(reader), nil
 }
 
 func (container *Container) StderrPipe() (io.ReadCloser, error) {
 	reader, writer := io.Pipe()
-	container.stderr.AddWriter(writer)
+	container.stderr.AddWriter(writer, "")
 	return utils.NewBufReader(reader), nil
 }
 
 func (container *Container) allocateNetwork() error {
+	if container.Config.NetworkDisabled {
+		return nil
+	}
+
 	iface, err := container.runtime.networkManager.Allocate()
 	if err != nil {
 		return err
 	}
-	container.NetworkSettings.PortMapping = make(map[string]string)
+	container.NetworkSettings.PortMapping = make(map[string]PortMapping)
+	container.NetworkSettings.PortMapping["Tcp"] = make(PortMapping)
+	container.NetworkSettings.PortMapping["Udp"] = make(PortMapping)
 	for _, spec := range container.Config.PortSpecs {
-		if nat, err := iface.AllocatePort(spec); err != nil {
+		nat, err := iface.AllocatePort(spec)
+		if err != nil {
 			iface.Release()
 			return err
-		} else {
-			container.NetworkSettings.PortMapping[strconv.Itoa(nat.Backend)] = strconv.Itoa(nat.Frontend)
 		}
+		proto := strings.Title(nat.Proto)
+		backend, frontend := strconv.Itoa(nat.Backend), strconv.Itoa(nat.Frontend)
+		container.NetworkSettings.PortMapping[proto][backend] = frontend
 	}
 	container.network = iface
 	container.NetworkSettings.Bridge = container.runtime.networkManager.bridgeIface
-	container.NetworkSettings.IpAddress = iface.IPNet.IP.String()
-	container.NetworkSettings.IpPrefixLen, _ = iface.IPNet.Mask.Size()
+	container.NetworkSettings.IPAddress = iface.IPNet.IP.String()
+	container.NetworkSettings.IPPrefixLen, _ = iface.IPNet.Mask.Size()
 	container.NetworkSettings.Gateway = iface.Gateway.String()
 	return nil
 }
 
 func (container *Container) releaseNetwork() {
+	if container.Config.NetworkDisabled {
+		return
+	}
 	container.network.Release()
 	container.network = nil
 	container.NetworkSettings = &NetworkSettings{}
@@ -597,16 +780,15 @@ func (container *Container) releaseNetwork() {
 // FIXME: replace this with a control socket within docker-init
 func (container *Container) waitLxc() error {
 	for {
-		if output, err := exec.Command("lxc-info", "-n", container.Id).CombinedOutput(); err != nil {
+		output, err := exec.Command("lxc-info", "-n", container.ID).CombinedOutput()
+		if err != nil {
 			return err
-		} else {
-			if !strings.Contains(string(output), "RUNNING") {
-				return nil
-			}
+		}
+		if !strings.Contains(string(output), "RUNNING") {
+			return nil
 		}
 		time.Sleep(500 * time.Millisecond)
 	}
-	return nil
 }
 
 func (container *Container) monitor() {
@@ -616,17 +798,19 @@ func (container *Container) monitor() {
 	// If the command does not exists, try to wait via lxc
 	if container.cmd == nil {
 		if err := container.waitLxc(); err != nil {
-			utils.Debugf("%s: Process: %s", container.Id, err)
+			utils.Debugf("%s: Process: %s", container.ID, err)
 		}
 	} else {
 		if err := container.cmd.Wait(); err != nil {
 			// Discard the error as any signals or non 0 returns will generate an error
-			utils.Debugf("%s: Process: %s", container.Id, err)
+			utils.Debugf("%s: Process: %s", container.ID, err)
 		}
 	}
 	utils.Debugf("Process finished")
-
-	var exitCode int = -1
+	if container.runtime != nil && container.runtime.srv != nil {
+		container.runtime.srv.LogEvent("die", container.ShortID())
+	}
+	exitCode := -1
 	if container.cmd != nil {
 		exitCode = container.cmd.ProcessState.Sys().(syscall.WaitStatus).ExitStatus()
 	}
@@ -635,24 +819,24 @@ func (container *Container) monitor() {
 	container.releaseNetwork()
 	if container.Config.OpenStdin {
 		if err := container.stdin.Close(); err != nil {
-			utils.Debugf("%s: Error close stdin: %s", container.Id, err)
+			utils.Debugf("%s: Error close stdin: %s", container.ID, err)
 		}
 	}
 	if err := container.stdout.CloseWriters(); err != nil {
-		utils.Debugf("%s: Error close stdout: %s", container.Id, err)
+		utils.Debugf("%s: Error close stdout: %s", container.ID, err)
 	}
 	if err := container.stderr.CloseWriters(); err != nil {
-		utils.Debugf("%s: Error close stderr: %s", container.Id, err)
+		utils.Debugf("%s: Error close stderr: %s", container.ID, err)
 	}
 
 	if container.ptyMaster != nil {
 		if err := container.ptyMaster.Close(); err != nil {
-			utils.Debugf("%s: Error closing Pty master: %s", container.Id, err)
+			utils.Debugf("%s: Error closing Pty master: %s", container.ID, err)
 		}
 	}
 
 	if err := container.Unmount(); err != nil {
-		log.Printf("%v: Failed to umount filesystem: %v", container.Id, err)
+		log.Printf("%v: Failed to umount filesystem: %v", container.ID, err)
 	}
 
 	// Re-create a brand new stdin pipe once the container exited
@@ -673,7 +857,7 @@ func (container *Container) monitor() {
 		// This is because State.setStopped() has already been called, and has caused Wait()
 		// to return.
 		// FIXME: why are we serializing running state to disk in the first place?
-		//log.Printf("%s: Failed to dump configuration to the disk: %s", container.Id, err)
+		//log.Printf("%s: Failed to dump configuration to the disk: %s", container.ID, err)
 	}
 }
 
@@ -683,17 +867,17 @@ func (container *Container) kill() error {
 	}
 
 	// Sending SIGKILL to the process via lxc
-	output, err := exec.Command("lxc-kill", "-n", container.Id, "9").CombinedOutput()
+	output, err := exec.Command("lxc-kill", "-n", container.ID, "9").CombinedOutput()
 	if err != nil {
-		log.Printf("error killing container %s (%s, %s)", container.Id, output, err)
+		log.Printf("error killing container %s (%s, %s)", container.ID, output, err)
 	}
 
 	// 2. Wait for the process to die, in last resort, try to kill the process directly
 	if err := container.WaitTimeout(10 * time.Second); err != nil {
 		if container.cmd == nil {
-			return fmt.Errorf("lxc-kill failed, impossible to kill the container %s", container.Id)
+			return fmt.Errorf("lxc-kill failed, impossible to kill the container %s", container.ID)
 		}
-		log.Printf("Container %s failed to exit within 10 seconds of lxc SIGKILL - trying direct SIGKILL", container.Id)
+		log.Printf("Container %s failed to exit within 10 seconds of lxc SIGKILL - trying direct SIGKILL", container.ID)
 		if err := container.cmd.Process.Kill(); err != nil {
 			return err
 		}
@@ -705,8 +889,8 @@ func (container *Container) kill() error {
 }
 
 func (container *Container) Kill() error {
-	container.State.lock()
-	defer container.State.unlock()
+	container.State.Lock()
+	defer container.State.Unlock()
 	if !container.State.Running {
 		return nil
 	}
@@ -714,14 +898,14 @@ func (container *Container) Kill() error {
 }
 
 func (container *Container) Stop(seconds int) error {
-	container.State.lock()
-	defer container.State.unlock()
+	container.State.Lock()
+	defer container.State.Unlock()
 	if !container.State.Running {
 		return nil
 	}
 
 	// 1. Send a SIGTERM
-	if output, err := exec.Command("lxc-kill", "-n", container.Id, "15").CombinedOutput(); err != nil {
+	if output, err := exec.Command("lxc-kill", "-n", container.ID, "15").CombinedOutput(); err != nil {
 		log.Print(string(output))
 		log.Print("Failed to send SIGTERM to the process, force killing")
 		if err := container.kill(); err != nil {
@@ -731,7 +915,7 @@ func (container *Container) Stop(seconds int) error {
 
 	// 2. Wait for the process to exit on its own
 	if err := container.WaitTimeout(time.Duration(seconds) * time.Second); err != nil {
-		log.Printf("Container %v failed to exit within %d seconds of SIGTERM - using the force", container.Id, seconds)
+		log.Printf("Container %v failed to exit within %d seconds of SIGTERM - using the force", container.ID, seconds)
 		if err := container.kill(); err != nil {
 			return err
 		}
@@ -743,7 +927,8 @@ func (container *Container) Restart(seconds int) error {
 	if err := container.Stop(seconds); err != nil {
 		return err
 	}
-	if err := container.Start(); err != nil {
+	hostConfig := &HostConfig{}
+	if err := container.Start(hostConfig); err != nil {
 		return err
 	}
 	return nil
@@ -795,7 +980,6 @@ func (container *Container) WaitTimeout(timeout time.Duration) error {
 	case <-done:
 		return nil
 	}
-	panic("unreachable")
 }
 
 func (container *Container) EnsureMounted() error {
@@ -838,22 +1022,26 @@ func (container *Container) Unmount() error {
 	return Unmount(container.RootfsPath())
 }
 
-// ShortId returns a shorthand version of the container's id for convenience.
+// ShortID returns a shorthand version of the container's id for convenience.
 // A collision with other container shorthands is very unlikely, but possible.
 // In case of a collision a lookup with Runtime.Get() will fail, and the caller
 // will need to use a langer prefix, or the full-length container Id.
-func (container *Container) ShortId() string {
-	return utils.TruncateId(container.Id)
+func (container *Container) ShortID() string {
+	return utils.TruncateID(container.ID)
 }
 
 func (container *Container) logPath(name string) string {
-	return path.Join(container.root, fmt.Sprintf("%s-%s.log", container.Id, name))
+	return path.Join(container.root, fmt.Sprintf("%s-%s.log", container.ID, name))
 }
 
 func (container *Container) ReadLog(name string) (io.Reader, error) {
 	return os.Open(container.logPath(name))
 }
 
+func (container *Container) hostConfigPath() string {
+	return path.Join(container.root, "hostconfig.json")
+}
+
 func (container *Container) jsonPath() string {
 	return path.Join(container.root, "config.json")
 }
@@ -867,29 +1055,36 @@ func (container *Container) RootfsPath() string {
 	return path.Join(container.root, "rootfs")
 }
 
-func (container *Container) GetVolumes() (map[string]string, error) {
-	ret := make(map[string]string)
-	for volPath, id := range container.Volumes {
-		volume, err := container.runtime.volumes.Get(id)
-		if err != nil {
-			return nil, err
-		}
-		root, err := volume.root()
-		if err != nil {
-			return nil, err
-		}
-		ret[volPath] = path.Join(root, "layer")
-	}
-	return ret, nil
-}
-
 func (container *Container) rwPath() string {
 	return path.Join(container.root, "rw")
 }
 
-func validateId(id string) error {
+func validateID(id string) error {
 	if id == "" {
 		return fmt.Errorf("Invalid empty id")
 	}
 	return nil
 }
+
+// GetSize, return real size, virtual size
+func (container *Container) GetSize() (int64, int64) {
+	var sizeRw, sizeRootfs int64
+
+	filepath.Walk(container.rwPath(), func(path string, fileInfo os.FileInfo, err error) error {
+		if fileInfo != nil {
+			sizeRw += fileInfo.Size()
+		}
+		return nil
+	})
+
+	_, err := os.Stat(container.RootfsPath())
+	if err == nil {
+		filepath.Walk(container.RootfsPath(), func(path string, fileInfo os.FileInfo, err error) error {
+			if fileInfo != nil {
+				sizeRootfs += fileInfo.Size()
+			}
+			return nil
+		})
+	}
+	return sizeRw, sizeRootfs
+}

container_test.go

@@ -7,6 +7,7 @@ import (
 	"io/ioutil"
 	"math/rand"
 	"os"
+	"path"
 	"regexp"
 	"sort"
 	"strings"
@@ -14,46 +15,35 @@ import (
 	"time"
 )
 
-func TestIdFormat(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+func TestIDFormat(t *testing.T) {
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 	container1, err := NewBuilder(runtime).Create(
 		&Config{
-			Image: GetTestImage(runtime).Id,
+			Image: GetTestImage(runtime).ID,
 			Cmd:   []string{"/bin/sh", "-c", "echo hello world"},
 		},
 	)
 	if err != nil {
 		t.Fatal(err)
 	}
-	match, err := regexp.Match("^[0-9a-f]{64}$", []byte(container1.Id))
+	match, err := regexp.Match("^[0-9a-f]{64}$", []byte(container1.ID))
 	if err != nil {
 		t.Fatal(err)
 	}
 	if !match {
-		t.Fatalf("Invalid container ID: %s", container1.Id)
+		t.Fatalf("Invalid container ID: %s", container1.ID)
 	}
 }
 
 func TestMultipleAttachRestart(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
-	container, err := NewBuilder(runtime).Create(
-		&Config{
-			Image: GetTestImage(runtime).Id,
-			Cmd: []string{"/bin/sh", "-c",
-				"i=1; while [ $i -le 5 ]; do i=`expr $i + 1`;  echo hello; done"},
-		},
+	container, hostConfig, _ := mkContainer(
+		runtime,
+		[]string{"_", "/bin/sh", "-c", "i=1; while [ $i -le 5 ]; do i=`expr $i + 1`;  echo hello; done"},
+		t,
 	)
-	if err != nil {
-		t.Fatal(err)
-	}
 	defer runtime.Destroy(container)
 
 	// Simulate 3 client attaching to the container and stop/restart
@@ -70,7 +60,7 @@ func TestMultipleAttachRestart(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := container.Start(); err != nil {
+	if err := container.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 	l1, err := bufio.NewReader(stdout1).ReadString('\n')
@@ -111,7 +101,7 @@ func TestMultipleAttachRestart(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := container.Start(); err != nil {
+	if err := container.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 
@@ -142,24 +132,10 @@ func TestMultipleAttachRestart(t *testing.T) {
 }
 
 func TestDiff(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
-
-	builder := NewBuilder(runtime)
-
 	// Create a container and remove a file
-	container1, err := builder.Create(
-		&Config{
-			Image: GetTestImage(runtime).Id,
-			Cmd:   []string{"/bin/rm", "/etc/passwd"},
-		},
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
+	container1, _, _ := mkContainer(runtime, []string{"_", "/bin/rm", "/etc/passwd"}, t)
 	defer runtime.Destroy(container1)
 
 	if err := container1.Run(); err != nil {
@@ -192,15 +168,7 @@ func TestDiff(t *testing.T) {
 	}
 
 	// Create a new container from the commited image
-	container2, err := builder.Create(
-		&Config{
-			Image: img.Id,
-			Cmd:   []string{"cat", "/etc/passwd"},
-		},
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
+	container2, _, _ := mkContainer(runtime, []string{img.ID, "cat", "/etc/passwd"}, t)
 	defer runtime.Destroy(container2)
 
 	if err := container2.Run(); err != nil {
@@ -219,15 +187,7 @@ func TestDiff(t *testing.T) {
 	}
 
 	// Create a new containere
-	container3, err := builder.Create(
-		&Config{
-			Image: GetTestImage(runtime).Id,
-			Cmd:   []string{"rm", "/bin/httpd"},
-		},
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
+	container3, _, _ := mkContainer(runtime, []string{"_", "rm", "/bin/httpd"}, t)
 	defer runtime.Destroy(container3)
 
 	if err := container3.Run(); err != nil {
@@ -251,22 +211,9 @@ func TestDiff(t *testing.T) {
 }
 
 func TestCommitAutoRun(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
-
-	builder := NewBuilder(runtime)
-	container1, err := builder.Create(
-		&Config{
-			Image: GetTestImage(runtime).Id,
-			Cmd:   []string{"/bin/sh", "-c", "echo hello > /world"},
-		},
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
+	container1, _, _ := mkContainer(runtime, []string{"_", "/bin/sh", "-c", "echo hello > /world"}, t)
 	defer runtime.Destroy(container1)
 
 	if container1.State.Running {
@@ -289,14 +236,7 @@ func TestCommitAutoRun(t *testing.T) {
 	}
 
 	// FIXME: Make a TestCommit that stops here and check docker.root/layers/img.id/world
-	container2, err := builder.Create(
-		&Config{
-			Image: img.Id,
-		},
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
+	container2, hostConfig, _ := mkContainer(runtime, []string{img.ID}, t)
 	defer runtime.Destroy(container2)
 	stdout, err := container2.StdoutPipe()
 	if err != nil {
@@ -306,7 +246,7 @@ func TestCommitAutoRun(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := container2.Start(); err != nil {
+	if err := container2.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 	container2.Wait()
@@ -330,23 +270,10 @@ func TestCommitAutoRun(t *testing.T) {
 }
 
 func TestCommitRun(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 
-	builder := NewBuilder(runtime)
-
-	container1, err := builder.Create(
-		&Config{
-			Image: GetTestImage(runtime).Id,
-			Cmd:   []string{"/bin/sh", "-c", "echo hello > /world"},
-		},
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
+	container1, hostConfig, _ := mkContainer(runtime, []string{"_", "/bin/sh", "-c", "echo hello > /world"}, t)
 	defer runtime.Destroy(container1)
 
 	if container1.State.Running {
@@ -369,16 +296,7 @@ func TestCommitRun(t *testing.T) {
 	}
 
 	// FIXME: Make a TestCommit that stops here and check docker.root/layers/img.id/world
-
-	container2, err := builder.Create(
-		&Config{
-			Image: img.Id,
-			Cmd:   []string{"cat", "/world"},
-		},
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
+	container2, hostConfig, _ := mkContainer(runtime, []string{img.ID, "cat", "/world"}, t)
 	defer runtime.Destroy(container2)
 	stdout, err := container2.StdoutPipe()
 	if err != nil {
@@ -388,7 +306,7 @@ func TestCommitRun(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := container2.Start(); err != nil {
+	if err := container2.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 	container2.Wait()
@@ -412,23 +330,9 @@ func TestCommitRun(t *testing.T) {
 }
 
 func TestStart(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
-	container, err := NewBuilder(runtime).Create(
-		&Config{
-			Image:     GetTestImage(runtime).Id,
-			Memory:    33554432,
-			CpuShares: 1000,
-			Cmd:       []string{"/bin/cat"},
-			OpenStdin: true,
-		},
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
+	container, hostConfig, _ := mkContainer(runtime, []string{"-m", "33554432", "-c", "1000", "-i", "_", "/bin/cat"}, t)
 	defer runtime.Destroy(container)
 
 	cStdin, err := container.StdinPipe()
@@ -436,7 +340,7 @@ func TestStart(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if err := container.Start(); err != nil {
+	if err := container.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 
@@ -446,7 +350,7 @@ func TestStart(t *testing.T) {
 	if !container.State.Running {
 		t.Errorf("Container should be running")
 	}
-	if err := container.Start(); err == nil {
+	if err := container.Start(hostConfig); err == nil {
 		t.Fatalf("A running containter should be able to be started")
 	}
 
@@ -456,20 +360,9 @@ func TestStart(t *testing.T) {
 }
 
 func TestRun(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
-	container, err := NewBuilder(runtime).Create(
-		&Config{
-			Image: GetTestImage(runtime).Id,
-			Cmd:   []string{"ls", "-al"},
-		},
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
+	container, _, _ := mkContainer(runtime, []string{"_", "ls", "-al"}, t)
 	defer runtime.Destroy(container)
 
 	if container.State.Running {
@@ -484,14 +377,11 @@ func TestRun(t *testing.T) {
 }
 
 func TestOutput(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 	container, err := NewBuilder(runtime).Create(
 		&Config{
-			Image: GetTestImage(runtime).Id,
+			Image: GetTestImage(runtime).ID,
 			Cmd:   []string{"echo", "-n", "foobar"},
 		},
 	)
@@ -509,13 +399,10 @@ func TestOutput(t *testing.T) {
 }
 
 func TestKillDifferentUser(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 	container, err := NewBuilder(runtime).Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"tail", "-f", "/etc/resolv.conf"},
 		User:  "daemon",
 	},
@@ -528,16 +415,19 @@ func TestKillDifferentUser(t *testing.T) {
 	if container.State.Running {
 		t.Errorf("Container shouldn't be running")
 	}
-	if err := container.Start(); err != nil {
+	hostConfig := &HostConfig{}
+	if err := container.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 
-	// Give some time to lxc to spawn the process (setuid might take some time)
-	container.WaitTimeout(500 * time.Millisecond)
+	setTimeout(t, "Waiting for the container to be started timed out", 2*time.Second, func() {
+		for !container.State.Running {
+			time.Sleep(10 * time.Millisecond)
+		}
+	})
 
-	if !container.State.Running {
-		t.Errorf("Container should be running")
-	}
+	// Even if the state is running, lets give some time to lxc to spawn the process
+	container.WaitTimeout(500 * time.Millisecond)
 
 	if err := container.Kill(); err != nil {
 		t.Fatal(err)
@@ -556,15 +446,33 @@ func TestKillDifferentUser(t *testing.T) {
 	}
 }
 
-func TestKill(t *testing.T) {
-	runtime, err := newTestRuntime()
+// Test that creating a container with a volume doesn't crash. Regression test for #995.
+func TestCreateVolume(t *testing.T) {
+	runtime := mkRuntime(t)
+	defer nuke(runtime)
+
+	config, hc, _, err := ParseRun([]string{"-v", "/var/lib/data", GetTestImage(runtime).ID, "echo", "hello", "world"}, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
+	c, err := NewBuilder(runtime).Create(config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(c)
+	if err := c.Start(hc); err != nil {
+		t.Fatal(err)
+	}
+	c.WaitTimeout(500 * time.Millisecond)
+	c.Wait()
+}
+
+func TestKill(t *testing.T) {
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 	container, err := NewBuilder(runtime).Create(&Config{
-		Image: GetTestImage(runtime).Id,
-		Cmd:   []string{"cat", "/dev/zero"},
+		Image: GetTestImage(runtime).ID,
+		Cmd:   []string{"sleep", "2"},
 	},
 	)
 	if err != nil {
@@ -575,7 +483,8 @@ func TestKill(t *testing.T) {
 	if container.State.Running {
 		t.Errorf("Container shouldn't be running")
 	}
-	if err := container.Start(); err != nil {
+	hostConfig := &HostConfig{}
+	if err := container.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 
@@ -602,16 +511,13 @@ func TestKill(t *testing.T) {
 }
 
 func TestExitCode(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 
 	builder := NewBuilder(runtime)
 
 	trueContainer, err := builder.Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"/bin/true", ""},
 	})
 	if err != nil {
@@ -626,7 +532,7 @@ func TestExitCode(t *testing.T) {
 	}
 
 	falseContainer, err := builder.Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"/bin/false", ""},
 	})
 	if err != nil {
@@ -642,13 +548,10 @@ func TestExitCode(t *testing.T) {
 }
 
 func TestRestart(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 	container, err := NewBuilder(runtime).Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"echo", "-n", "foobar"},
 	},
 	)
@@ -675,13 +578,10 @@ func TestRestart(t *testing.T) {
 }
 
 func TestRestartStdin(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 	container, err := NewBuilder(runtime).Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"cat"},
 
 		OpenStdin: true,
@@ -700,7 +600,8 @@ func TestRestartStdin(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := container.Start(); err != nil {
+	hostConfig := &HostConfig{}
+	if err := container.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := io.WriteString(stdin, "hello world"); err != nil {
@@ -730,7 +631,7 @@ func TestRestartStdin(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := container.Start(); err != nil {
+	if err := container.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := io.WriteString(stdin, "hello world #2"); err != nil {
@@ -753,17 +654,14 @@ func TestRestartStdin(t *testing.T) {
 }
 
 func TestUser(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 
 	builder := NewBuilder(runtime)
 
 	// Default user must be root
 	container, err := builder.Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"id"},
 	},
 	)
@@ -781,7 +679,7 @@ func TestUser(t *testing.T) {
 
 	// Set a username
 	container, err = builder.Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"id"},
 
 		User: "root",
@@ -801,7 +699,7 @@ func TestUser(t *testing.T) {
 
 	// Set a UID
 	container, err = builder.Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"id"},
 
 		User: "0",
@@ -821,7 +719,7 @@ func TestUser(t *testing.T) {
 
 	// Set a different user by uid
 	container, err = builder.Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"id"},
 
 		User: "1",
@@ -843,7 +741,7 @@ func TestUser(t *testing.T) {
 
 	// Set a different user by username
 	container, err = builder.Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"id"},
 
 		User: "daemon",
@@ -860,20 +758,34 @@ func TestUser(t *testing.T) {
 	if !strings.Contains(string(output), "uid=1(daemon) gid=1(daemon)") {
 		t.Error(string(output))
 	}
-}
 
-func TestMultipleContainers(t *testing.T) {
-	runtime, err := newTestRuntime()
+	// Test an wrong username
+	container, err = builder.Create(&Config{
+		Image: GetTestImage(runtime).ID,
+		Cmd:   []string{"id"},
+
+		User: "unkownuser",
+	},
+	)
 	if err != nil {
 		t.Fatal(err)
 	}
+	defer runtime.Destroy(container)
+	output, err = container.Output()
+	if container.State.ExitCode == 0 {
+		t.Fatal("Starting container with wrong uid should fail but it passed.")
+	}
+}
+
+func TestMultipleContainers(t *testing.T) {
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 
 	builder := NewBuilder(runtime)
 
 	container1, err := builder.Create(&Config{
-		Image: GetTestImage(runtime).Id,
-		Cmd:   []string{"cat", "/dev/zero"},
+		Image: GetTestImage(runtime).ID,
+		Cmd:   []string{"sleep", "2"},
 	},
 	)
 	if err != nil {
@@ -882,8 +794,8 @@ func TestMultipleContainers(t *testing.T) {
 	defer runtime.Destroy(container1)
 
 	container2, err := builder.Create(&Config{
-		Image: GetTestImage(runtime).Id,
-		Cmd:   []string{"cat", "/dev/zero"},
+		Image: GetTestImage(runtime).ID,
+		Cmd:   []string{"sleep", "2"},
 	},
 	)
 	if err != nil {
@@ -892,10 +804,11 @@ func TestMultipleContainers(t *testing.T) {
 	defer runtime.Destroy(container2)
 
 	// Start both containers
-	if err := container1.Start(); err != nil {
+	hostConfig := &HostConfig{}
+	if err := container1.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
-	if err := container2.Start(); err != nil {
+	if err := container2.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 
@@ -922,13 +835,10 @@ func TestMultipleContainers(t *testing.T) {
 }
 
 func TestStdin(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 	container, err := NewBuilder(runtime).Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"cat"},
 
 		OpenStdin: true,
@@ -947,7 +857,8 @@ func TestStdin(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := container.Start(); err != nil {
+	hostConfig := &HostConfig{}
+	if err := container.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 	defer stdin.Close()
@@ -969,13 +880,10 @@ func TestStdin(t *testing.T) {
 }
 
 func TestTty(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 	container, err := NewBuilder(runtime).Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"cat"},
 
 		OpenStdin: true,
@@ -994,7 +902,8 @@ func TestTty(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := container.Start(); err != nil {
+	hostConfig := &HostConfig{}
+	if err := container.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 	defer stdin.Close()
@@ -1016,14 +925,11 @@ func TestTty(t *testing.T) {
 }
 
 func TestEnv(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 	container, err := NewBuilder(runtime).Create(&Config{
-		Image: GetTestImage(runtime).Id,
-		Cmd:   []string{"/usr/bin/env"},
+		Image: GetTestImage(runtime).ID,
+		Cmd:   []string{"env"},
 	},
 	)
 	if err != nil {
@@ -1036,7 +942,8 @@ func TestEnv(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer stdout.Close()
-	if err := container.Start(); err != nil {
+	hostConfig := &HostConfig{}
+	if err := container.Start(hostConfig); err != nil {
 		t.Fatal(err)
 	}
 	container.Wait()
@@ -1052,6 +959,8 @@ func TestEnv(t *testing.T) {
 	goodEnv := []string{
 		"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
 		"HOME=/",
+		"container=lxc",
+		"HOSTNAME=" + container.ShortID(),
 	}
 	sort.Strings(goodEnv)
 	if len(goodEnv) != len(actualEnv) {
@@ -1064,6 +973,29 @@ func TestEnv(t *testing.T) {
 	}
 }
 
+func TestEntrypoint(t *testing.T) {
+	runtime := mkRuntime(t)
+	defer nuke(runtime)
+	container, err := NewBuilder(runtime).Create(
+		&Config{
+			Image:      GetTestImage(runtime).ID,
+			Entrypoint: []string{"/bin/echo"},
+			Cmd:        []string{"-n", "foobar"},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container)
+	output, err := container.Output()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(output) != "foobar" {
+		t.Error(string(output))
+	}
+}
+
 func grepFile(t *testing.T, path string, pattern string) {
 	f, err := os.Open(path)
 	if err != nil {
@@ -1085,10 +1017,7 @@ func grepFile(t *testing.T, path string, pattern string) {
 }
 
 func TestLXCConfig(t *testing.T) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		t.Fatal(err)
-	}
+	runtime := mkRuntime(t)
 	defer nuke(runtime)
 	// Memory is allocated randomly for testing
 	rand.Seed(time.Now().UTC().UnixNano())
@@ -1100,7 +1029,7 @@ func TestLXCConfig(t *testing.T) {
 	cpuMax := 10000
 	cpu := cpuMin + rand.Intn(cpuMax-cpuMin)
 	container, err := NewBuilder(runtime).Create(&Config{
-		Image: GetTestImage(runtime).Id,
+		Image: GetTestImage(runtime).ID,
 		Cmd:   []string{"/bin/true"},
 
 		Hostname:  "foobar",
@@ -1121,14 +1050,11 @@ func TestLXCConfig(t *testing.T) {
 }
 
 func BenchmarkRunSequencial(b *testing.B) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		b.Fatal(err)
-	}
+	runtime := mkRuntime(b)
 	defer nuke(runtime)
 	for i := 0; i < b.N; i++ {
 		container, err := NewBuilder(runtime).Create(&Config{
-			Image: GetTestImage(runtime).Id,
+			Image: GetTestImage(runtime).ID,
 			Cmd:   []string{"echo", "-n", "foo"},
 		},
 		)
@@ -1150,10 +1076,7 @@ func BenchmarkRunSequencial(b *testing.B) {
 }
 
 func BenchmarkRunParallel(b *testing.B) {
-	runtime, err := newTestRuntime()
-	if err != nil {
-		b.Fatal(err)
-	}
+	runtime := mkRuntime(b)
 	defer nuke(runtime)
 
 	var tasks []chan error
@@ -1163,7 +1086,7 @@ func BenchmarkRunParallel(b *testing.B) {
 		tasks = append(tasks, complete)
 		go func(i int, complete chan error) {
 			container, err := NewBuilder(runtime).Create(&Config{
-				Image: GetTestImage(runtime).Id,
+				Image: GetTestImage(runtime).ID,
 				Cmd:   []string{"echo", "-n", "foo"},
 			},
 			)
@@ -1172,7 +1095,8 @@ func BenchmarkRunParallel(b *testing.B) {
 				return
 			}
 			defer runtime.Destroy(container)
-			if err := container.Start(); err != nil {
+			hostConfig := &HostConfig{}
+			if err := container.Start(hostConfig); err != nil {
 				complete <- err
 				return
 			}
@@ -1201,3 +1125,169 @@ func BenchmarkRunParallel(b *testing.B) {
 		b.Fatal(errors)
 	}
 }
+
+func tempDir(t *testing.T) string {
+	tmpDir, err := ioutil.TempDir("", "docker-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	return tmpDir
+}
+
+func TestBindMounts(t *testing.T) {
+	r := mkRuntime(t)
+	defer nuke(r)
+	tmpDir := tempDir(t)
+	defer os.RemoveAll(tmpDir)
+	writeFile(path.Join(tmpDir, "touch-me"), "", t)
+
+	// Test reading from a read-only bind mount
+	stdout, _ := runContainer(r, []string{"-v", fmt.Sprintf("%s:/tmp:ro", tmpDir), "_", "ls", "/tmp"}, t)
+	if !strings.Contains(stdout, "touch-me") {
+		t.Fatal("Container failed to read from bind mount")
+	}
+
+	// test writing to bind mount
+	runContainer(r, []string{"-v", fmt.Sprintf("%s:/tmp:rw", tmpDir), "_", "touch", "/tmp/holla"}, t)
+	readFile(path.Join(tmpDir, "holla"), t) // Will fail if the file doesn't exist
+
+	// test mounting to an illegal destination directory
+	if _, err := runContainer(r, []string{"-v", fmt.Sprintf("%s:.", tmpDir), "ls", "."}, nil); err == nil {
+		t.Fatal("Container bind mounted illegal directory")
+	}
+}
+
+// Test that VolumesRW values are copied to the new container.  Regression test for #1201
+func TestVolumesFromReadonlyMount(t *testing.T) {
+	runtime := mkRuntime(t)
+	defer nuke(runtime)
+	container, err := NewBuilder(runtime).Create(
+		&Config{
+			Image:   GetTestImage(runtime).ID,
+			Cmd:     []string{"/bin/echo", "-n", "foobar"},
+			Volumes: map[string]struct{}{"/test": {}},
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container)
+	_, err = container.Output()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !container.VolumesRW["/test"] {
+		t.Fail()
+	}
+
+	container2, err := NewBuilder(runtime).Create(
+		&Config{
+			Image:       GetTestImage(runtime).ID,
+			Cmd:         []string{"/bin/echo", "-n", "foobar"},
+			VolumesFrom: container.ID,
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container2)
+
+	_, err = container2.Output()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if container.Volumes["/test"] != container2.Volumes["/test"] {
+		t.Fail()
+	}
+
+	actual, exists := container2.VolumesRW["/test"]
+	if !exists {
+		t.Fail()
+	}
+
+	if container.VolumesRW["/test"] != actual {
+		t.Fail()
+	}
+}
+
+// Test that restarting a container with a volume does not create a new volume on restart. Regression test for #819.
+func TestRestartWithVolumes(t *testing.T) {
+	runtime := mkRuntime(t)
+	defer nuke(runtime)
+
+	container, err := NewBuilder(runtime).Create(&Config{
+		Image:   GetTestImage(runtime).ID,
+		Cmd:     []string{"echo", "-n", "foobar"},
+		Volumes: map[string]struct{}{"/test": {}},
+	},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container)
+
+	for key := range container.Config.Volumes {
+		if key != "/test" {
+			t.Fail()
+		}
+	}
+
+	_, err = container.Output()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := container.Volumes["/test"]
+	if expected == "" {
+		t.Fail()
+	}
+	// Run the container again to verify the volume path persists
+	_, err = container.Output()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	actual := container.Volumes["/test"]
+	if expected != actual {
+		t.Fatalf("Expected volume path: %s Actual path: %s", expected, actual)
+	}
+}
+
+func TestOnlyLoopbackExistsWhenUsingDisableNetworkOption(t *testing.T) {
+	runtime := mkRuntime(t)
+	defer nuke(runtime)
+
+	config, hc, _, err := ParseRun([]string{"-n=false", GetTestImage(runtime).ID, "ip", "addr", "show"}, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	c, err := NewBuilder(runtime).Create(config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	stdout, err := c.StdoutPipe()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	defer runtime.Destroy(c)
+	if err := c.Start(hc); err != nil {
+		t.Fatal(err)
+	}
+	c.WaitTimeout(500 * time.Millisecond)
+	c.Wait()
+	output, err := ioutil.ReadAll(stdout)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	interfaces := regexp.MustCompile(`(?m)^[0-9]+: [a-zA-Z0-9]+`).FindAllString(string(output), -1)
+	if len(interfaces) != 1 {
+		t.Fatalf("Wrong interface count in test container: expected [1: lo], got [%s]", interfaces)
+	}
+	if interfaces[0] != "1: lo" {
+		t.Fatalf("Wrong interface in test container: expected [1: lo], got [%s]", interfaces)
+	}
+
+}

contrib/crashTest.go

@@ -11,13 +11,13 @@ import (
 	"time"
 )
 
-var DOCKER_PATH string = path.Join(os.Getenv("DOCKERPATH"), "docker")
+var DOCKERPATH = path.Join(os.Getenv("DOCKERPATH"), "docker")
 
 // WARNING: this crashTest will 1) crash your host, 2) remove all containers
 func runDaemon() (*exec.Cmd, error) {
 	os.Remove("/var/run/docker.pid")
 	exec.Command("rm", "-rf", "/var/lib/docker/containers").Run()
-	cmd := exec.Command(DOCKER_PATH, "-d")
+	cmd := exec.Command(DOCKERPATH, "-d")
 	outPipe, err := cmd.StdoutPipe()
 	if err != nil {
 		return nil, err
@@ -77,7 +77,7 @@ func crashTest() error {
 			stop = false
 			for i := 0; i < 100 && !stop; {
 				func() error {
-					cmd := exec.Command(DOCKER_PATH, "run", "base", "echo", fmt.Sprintf("%d", totalTestCount))
+					cmd := exec.Command(DOCKERPATH, "run", "base", "echo", fmt.Sprintf("%d", totalTestCount))
 					i++
 					totalTestCount++
 					outPipe, err := cmd.StdoutPipe()
@@ -116,7 +116,6 @@ func crashTest() error {
 			return err
 		}
 	}
-	return nil
 }
 
 func main() {

contrib/docker-build/MAINTAINERS

@@ -1 +0,0 @@
-Solomon Hykes <solomon@dotcloud.com>

contrib/docker-build/README

@@ -1,68 +0,0 @@
-# docker-build: build your software with docker
-
-## Description
-
-docker-build is a script to build docker images from source. It will be deprecated once the 'build' feature is incorporated into docker itself (See https://github.com/dotcloud/docker/issues/278)
-
-Author: Solomon Hykes <solomon@dotcloud.com>
-
-
-## Install
-
-docker-builder requires:
-
-1) A reasonably recent Python setup (tested on 2.7.2).
-
-2) A running docker daemon at version 0.1.4 or more recent (http://www.docker.io/gettingstarted)
-
-
-## Usage
-
-First create a valid Changefile, which defines a sequence of changes to apply to a base image.
-
-    $ cat Changefile
-    # Start build from a know base image
-    from	base:ubuntu-12.10
-    # Update ubuntu sources
-    run	echo 'deb http://archive.ubuntu.com/ubuntu quantal main universe multiverse' > /etc/apt/sources.list
-    run	apt-get update
-    # Install system packages
-    run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q git
-    run DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl
-    run DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang
-    # Insert files from the host (./myscript must be present in the current directory)
-    copy	myscript /usr/local/bin/myscript
-
-
-Run docker-build, and pass the contents of your Changefile as standard input.
-
-    $ IMG=$(./docker-build < Changefile)
-
-This will take a while: for each line of the changefile, docker-build will:
-
-1. Create a new container to execute the given command or insert the given file
-2. Wait for the container to complete execution
-3. Commit the resulting changes as a new image
-4. Use the resulting image as the input of the next step
-
-
-If all the steps succeed, the result will be an image containing the combined results of each build step.
-You can trace back those build steps by inspecting the image's history:
-
-    $ docker history $IMG
-    ID                  CREATED             CREATED BY
-    1e9e2045de86        A few seconds ago   /bin/sh -c cat > /usr/local/bin/myscript; chmod +x /usr/local/bin/git
-    77db140aa62a        A few seconds ago   /bin/sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang
-    77db140aa62a        A few seconds ago   /bin/sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl
-    77db140aa62a        A few seconds ago   /bin/sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -q git 
-    83e85d155451        A few seconds ago   /bin/sh -c apt-get update
-    bfd53b36d9d3        A few seconds ago   /bin/sh -c echo 'deb http://archive.ubuntu.com/ubuntu quantal main universe multiverse' > /etc/apt/sources.list
-    base		2 weeks ago         /bin/bash
-    27cf78414709        2 weeks ago
-
-
-Note that your build started from 'base', as instructed by your Changefile. But that base image itself seems to have been built in 2 steps - hence the extra step in the history.
-
-
-You can use this build technique to create any image you want: a database, a web application, or anything else that can be build by a sequence of unix commands - in other words, anything else.
-

contrib/docker-build/docker-build

@@ -1,142 +0,0 @@
-#!/usr/bin/env python
-
-# docker-build is a script to build docker images from source.
-# It will be deprecated once the 'build' feature is incorporated into docker itself.
-# (See https://github.com/dotcloud/docker/issues/278)
-#
-# Author: Solomon Hykes <solomon@dotcloud.com>
-
-
-
-# First create a valid Changefile, which defines a sequence of changes to apply to a base image.
-# 
-#     $ cat Changefile
-#     # Start build from a know base image
-#     from	base:ubuntu-12.10
-#     # Update ubuntu sources
-#     run	echo 'deb http://archive.ubuntu.com/ubuntu quantal main universe multiverse' > /etc/apt/sources.list
-#     run	apt-get update
-#     # Install system packages
-#     run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q git
-#     run DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl
-#     run DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang
-#     # Insert files from the host (./myscript must be present in the current directory)
-#     copy	myscript /usr/local/bin/myscript
-# 
-# 
-# Run docker-build, and pass the contents of your Changefile as standard input.
-# 
-#     $ IMG=$(./docker-build < Changefile)
-# 
-# This will take a while: for each line of the changefile, docker-build will:
-# 
-# 1. Create a new container to execute the given command or insert the given file
-# 2. Wait for the container to complete execution
-# 3. Commit the resulting changes as a new image
-# 4. Use the resulting image as the input of the next step
-
-
-import sys
-import subprocess
-import json
-import hashlib
-
-def docker(args, stdin=None):
-	print "# docker " + " ".join(args)
-	p = subprocess.Popen(["docker"] + list(args), stdin=stdin, stdout=subprocess.PIPE)
-	return p.stdout
-
-def image_exists(img):
-	return docker(["inspect", img]).read().strip() != ""
-
-def image_config(img):
-	return json.loads(docker(["inspect", img]).read()).get("config", {})
-
-def run_and_commit(img_in, cmd, stdin=None, author=None, run=None):
-	run_id = docker(["run"] + (["-i", "-a", "stdin"] if stdin else ["-d"]) + [img_in, "/bin/sh", "-c", cmd], stdin=stdin).read().rstrip()
-	print "---> Waiting for " + run_id
-	result=int(docker(["wait", run_id]).read().rstrip())
-	if result != 0:
-		print "!!! '{}' return non-zero exit code '{}'. Aborting.".format(cmd, result)
-		sys.exit(1)
-	return docker(["commit"] + (["-author", author] if author else []) + (["-run", json.dumps(run)] if run is not None else []) + [run_id]).read().rstrip()
-
-def insert(base, src, dst, author=None):
-	print "COPY {} to {} in {}".format(src, dst, base)
-	if dst == "":
-		raise Exception("Missing destination path")
-	stdin = file(src)
-	stdin.seek(0)
-	return run_and_commit(base, "cat > {0}; chmod +x {0}".format(dst), stdin=stdin, author=author)
-
-def add(base, src, dst, author=None):
-	print "PUSH to {} in {}".format(dst, base)
-	if src == ".":
-		tar = subprocess.Popen(["tar", "-c", "."], stdout=subprocess.PIPE).stdout
-	else:
-		tar = subprocess.Popen(["curl", src], stdout=subprocess.PIPE).stdout
-	if dst == "":
-		raise Exception("Missing argument to push")
-	return run_and_commit(base, "mkdir -p '{0}' && tar -C '{0}' -x".format(dst), stdin=tar, author=author)
-
-def main():
-	base=""
-	maintainer=""
-	steps = []
-	try:
-		for line in sys.stdin.readlines():
-			line = line.strip()
-			# Skip comments and empty lines
-			if line == "" or line[0] == "#":
-				continue
-			op, param = line.split(None, 1)
-			print op.upper() + " " + param
-			if op == "from":
-				base = param
-				steps.append(base)
-			elif op == "maintainer":
-				maintainer = param
-			elif op == "run":
-				result = run_and_commit(base, param, author=maintainer)
-				steps.append(result)
-				base = result
-				print "===> " + base
-			elif op == "copy":
-				src, dst = param.split("	", 1)
-				result = insert(base, src, dst, author=maintainer)
-				steps.append(result)
-				base = result
-				print "===> " + base
-			elif op == "add":
-				src, dst = param.split("	", 1)
-				result = add(base, src, dst, author=maintainer)
-				steps.append(result)
-				base=result
-				print "===> " + base
-			elif op == "expose":
-				config = image_config(base)
-				if config.get("PortSpecs") is None:
-					config["PortSpecs"] = []
-				portspec = param.strip()
-				config["PortSpecs"].append(portspec)
-				result = run_and_commit(base, "# (nop) expose port {}".format(portspec), author=maintainer, run=config)
-				steps.append(result)
-				base=result
-				print "===> " + base
-			elif op == "cmd":
-				config  = image_config(base)
-				cmd = list(json.loads(param))
-				config["Cmd"] = cmd
-				result = run_and_commit(base, "# (nop) set default command to '{}'".format(" ".join(cmd)), author=maintainer, run=config)
-				steps.append(result)
-				base=result
-				print "===> " + base
-			else:
-				print "Skipping uknown op " + op
-	except:
-		docker(["rmi"] + steps[1:])
-		raise
-	print base
-
-if __name__ == "__main__":
-	main()

contrib/docker-build/example.changefile

@@ -1,13 +0,0 @@
-# Start build from a know base image
-maintainer	Solomon Hykes <solomon@dotcloud.com>
-from	base:ubuntu-12.10
-# Update ubuntu sources
-run	echo 'deb http://archive.ubuntu.com/ubuntu quantal main universe multiverse' > /etc/apt/sources.list
-run	apt-get update
-# Install system packages
-run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q git
-run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl
-run	DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang
-# Insert files from the host (./myscript must be present in the current directory)
-copy	myscript	/usr/local/bin/myscript
-push	/src

contrib/docker-build/myscript

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-echo hello, world!

contrib/install.sh

@@ -8,7 +8,7 @@
 
 echo "Ensuring basic dependencies are installed..."
 apt-get -qq update
-apt-get -qq install lxc wget bsdtar
+apt-get -qq install lxc wget
 
 echo "Looking in /proc/filesystems to see if we have AUFS support..."
 if grep -q aufs /proc/filesystems

contrib/mkimage-unittest.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# Generate a very minimal filesystem based on busybox-static,
+# and load it into the local docker under the name "docker-ut".
+
+missing_pkg() {
+    echo "Sorry, I could not locate $1"
+    echo "Try 'apt-get install ${2:-$1}'?"
+    exit 1
+}
+
+BUSYBOX=$(which busybox)
+[ "$BUSYBOX" ] || missing_pkg busybox busybox-static
+SOCAT=$(which socat)
+[ "$SOCAT" ] || missing_pkg socat
+
+shopt -s extglob
+set -ex
+ROOTFS=`mktemp -d /tmp/rootfs-busybox.XXXXXXXXXX`
+trap "rm -rf $ROOTFS" INT QUIT TERM
+cd $ROOTFS
+
+mkdir bin etc dev dev/pts lib proc sys tmp
+touch etc/resolv.conf
+cp /etc/nsswitch.conf etc/nsswitch.conf
+echo root:x:0:0:root:/:/bin/sh > etc/passwd
+echo daemon:x:1:1:daemon:/usr/sbin:/bin/sh >> etc/passwd
+echo root:x:0: > etc/group
+echo daemon:x:1: >> etc/group
+ln -s lib lib64
+ln -s bin sbin
+cp $BUSYBOX $SOCAT bin
+for X in $(busybox --list)
+do
+    ln -s busybox bin/$X
+done
+rm bin/init
+ln bin/busybox bin/init
+cp -P /lib/x86_64-linux-gnu/lib{pthread*,c*(-*),dl*(-*),nsl*(-*),nss_*,util*(-*),wrap,z}.so* lib
+cp /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 lib
+cp -P /usr/lib/x86_64-linux-gnu/lib{crypto,ssl}.so* lib
+for X in console null ptmx random stdin stdout stderr tty urandom zero
+do
+    cp -a /dev/$X dev
+done
+
+chmod 0755 $ROOTFS # See #486
+tar -cf- . | docker import - docker-ut
+docker run -i -u root docker-ut /bin/echo Success.
+rm -rf $ROOTFS

docker/docker.go

@@ -15,7 +15,7 @@ import (
 )
 
 var (
-	GIT_COMMIT string
+	GITCOMMIT string
 )
 
 func main() {
@@ -24,53 +24,50 @@ func main() {
 		docker.SysInit()
 		return
 	}
-	host := "127.0.0.1"
-	port := 4243
 	// FIXME: Switch d and D ? (to be more sshd like)
 	flDaemon := flag.Bool("d", false, "Daemon mode")
 	flDebug := flag.Bool("D", false, "Debug mode")
 	flAutoRestart := flag.Bool("r", false, "Restart previously running containers")
-	bridgeName := flag.String("b", "", "Attach containers to a pre-existing network bridge")
+	bridgeName := flag.String("b", "", "Attach containers to a pre-existing network bridge. Use 'none' to disable container networking")
 	pidfile := flag.String("p", "/var/run/docker.pid", "File containing process PID")
-	flHost := flag.String("H", fmt.Sprintf("%s:%d", host, port), "Host:port to bind/connect to")
+	flGraphPath := flag.String("g", "/var/lib/docker", "Path to graph storage base dir.")
+	flEnableCors := flag.Bool("api-enable-cors", false, "Enable CORS requests in the remote api.")
+	flDns := flag.String("dns", "", "Set custom dns servers")
+	flHosts := docker.ListOpts{fmt.Sprintf("unix://%s", docker.DEFAULTUNIXSOCKET)}
+	flag.Var(&flHosts, "H", "tcp://host:port to bind/connect to or unix://path/to/socket to use")
 	flag.Parse()
+	if len(flHosts) > 1 {
+		flHosts = flHosts[1:] //trick to display a nice defaul value in the usage
+	}
+	for i, flHost := range flHosts {
+		flHosts[i] = utils.ParseHost(docker.DEFAULTHTTPHOST, docker.DEFAULTHTTPPORT, flHost)
+	}
+
 	if *bridgeName != "" {
 		docker.NetworkBridgeIface = *bridgeName
 	} else {
 		docker.NetworkBridgeIface = docker.DefaultNetworkBridge
 	}
-
-	if strings.Contains(*flHost, ":") {
-		hostParts := strings.Split(*flHost, ":")
-		if len(hostParts) != 2 {
-			log.Fatal("Invalid bind address format.")
-			os.Exit(-1)
-		}
-		if hostParts[0] != "" {
-			host = hostParts[0]
-		}
-		if p, err := strconv.Atoi(hostParts[1]); err == nil {
-			port = p
-		}
-	} else {
-		host = *flHost
-	}
-
 	if *flDebug {
 		os.Setenv("DEBUG", "1")
 	}
-	docker.GIT_COMMIT = GIT_COMMIT
+	docker.GITCOMMIT = GITCOMMIT
 	if *flDaemon {
 		if flag.NArg() != 0 {
 			flag.Usage()
 			return
 		}
-		if err := daemon(*pidfile, host, port, *flAutoRestart); err != nil {
+		if err := daemon(*pidfile, *flGraphPath, flHosts, *flAutoRestart, *flEnableCors, *flDns); err != nil {
 			log.Fatal(err)
 			os.Exit(-1)
 		}
 	} else {
-		if err := docker.ParseCommands(host, port, flag.Args()...); err != nil {
+		if len(flHosts) > 1 {
+			log.Fatal("Please specify only one -H")
+			return
+		}
+		protoAddrParts := strings.SplitN(flHosts[0], "://", 2)
+		if err := docker.ParseCommands(protoAddrParts[0], protoAddrParts[1], flag.Args()...); err != nil {
 			log.Fatal(err)
 			os.Exit(-1)
 		}
@@ -104,10 +101,7 @@ func removePidFile(pidfile string) {
 	}
 }
 
-func daemon(pidfile, addr string, port int, autoRestart bool) error {
-	if addr != "127.0.0.1" {
-		log.Println("/!\\ DON'T BIND ON ANOTHER IP ADDRESS THAN 127.0.0.1 IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
-	}
+func daemon(pidfile string, flGraphPath string, protoAddrs []string, autoRestart, enableCors bool, flDns string) error {
 	if err := createPidFile(pidfile); err != nil {
 		log.Fatal(err)
 	}
@@ -121,11 +115,36 @@ func daemon(pidfile, addr string, port int, autoRestart bool) error {
 		removePidFile(pidfile)
 		os.Exit(0)
 	}()
-
-	server, err := docker.NewServer(autoRestart)
+	var dns []string
+	if flDns != "" {
+		dns = []string{flDns}
+	}
+	server, err := docker.NewServer(flGraphPath, autoRestart, enableCors, dns)
 	if err != nil {
 		return err
 	}
-
-	return docker.ListenAndServe(fmt.Sprintf("%s:%d", addr, port), server, true)
+	chErrors := make(chan error, len(protoAddrs))
+	for _, protoAddr := range protoAddrs {
+		protoAddrParts := strings.SplitN(protoAddr, "://", 2)
+		if protoAddrParts[0] == "unix" {
+			syscall.Unlink(protoAddrParts[1])
+		} else if protoAddrParts[0] == "tcp" {
+			if !strings.HasPrefix(protoAddrParts[1], "127.0.0.1") {
+				log.Println("/!\\ DON'T BIND ON ANOTHER IP ADDRESS THAN 127.0.0.1 IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
+			}
+		} else {
+			log.Fatal("Invalid protocol format.")
+			os.Exit(-1)
+		}
+		go func() {
+			chErrors <- docker.ListenAndServe(protoAddrParts[0], protoAddrParts[1], server, true)
+		}()
+	}
+	for i := 0; i < len(protoAddrs); i += 1 {
+		err := <-chErrors
+		if err != nil {
+			return err
+		}
+	}
+	return nil
 }

docs/Makefile

@@ -46,12 +46,11 @@ clean:
 	-rm -rf $(BUILDDIR)/*
 
 docs:
-	#-rm -rf $(BUILDDIR)/*
 	$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/html
 	@echo
 	@echo "Build finished. The documentation pages are now in $(BUILDDIR)/html."
 
-server:
+server: docs
 	@cd $(BUILDDIR)/html; $(PYTHON) -m SimpleHTTPServer 8000
 
 site:
@@ -62,12 +61,13 @@ site:
 
 connect:
 	@echo connecting dotcloud to www.docker.io website, make sure to use user 1
-	@cd _build/website/ ; \
-	dotcloud connect dockerwebsite ;
+	@echo or create your own "dockerwebsite" app
+	@cd $(BUILDDIR)/website/ ; \
+	dotcloud connect dockerwebsite ; \
 	dotcloud list
 
 push:
-	@cd _build/website/ ; \
+	@cd $(BUILDDIR)/website/ ; \
 	dotcloud push
 
 $(VERSIONS):

docs/sources/api/README.md

@@ -0,0 +1,5 @@
+This directory holds the authoritative specifications of APIs defined and implemented by Docker. Currently this includes:
+
+* The remote API by which a docker node can be queried over HTTP
+* The registry API by which a docker node can download and upload container images for storage and sharing
+* The index search API by which a docker node can search the public index for images to download

docs/sources/api/index.rst

@@ -5,13 +5,14 @@
 APIs
 ====
 
-This following :
+Your programs and scripts can access Docker's functionality via these interfaces:
 
 .. toctree::
   :maxdepth: 3
 
+  registry_index_spec
   registry_api
-  index_search_api
+  index_api
   docker_remote_api
 
 

docs/sources/api/index_api.rst

@@ -0,0 +1,553 @@
+:title: Index API
+:description: API Documentation for Docker Index
+:keywords: API, Docker, index, REST, documentation
+
+=================
+Docker Index API
+=================
+
+.. contents:: Table of Contents
+
+1. Brief introduction
+=====================
+
+- This is the REST API for the Docker index
+- Authorization is done with basic auth over SSL
+- Not all commands require authentication, only those noted as such.
+
+2. Endpoints
+============
+
+2.1 Repository
+^^^^^^^^^^^^^^
+
+Repositories
+*************
+
+User Repo
+~~~~~~~~~
+
+.. http:put:: /v1/repositories/(namespace)/(repo_name)/
+
+    Create a user repository with the given ``namespace`` and ``repo_name``.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foo/bar/ HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+        X-Docker-Token: true
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}]
+
+    :parameter namespace: the namespace for the repo
+    :parameter repo_name: the name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+        WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=write
+        X-Docker-Endpoints: registry-1.docker.io [, registry-2.docker.io]
+
+        ""
+
+    :statuscode 200: Created
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active
+
+
+.. http:delete:: /v1/repositories/(namespace)/(repo_name)/
+
+    Delete a user repository with the given ``namespace`` and ``repo_name``.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        DELETE /v1/repositories/foo/bar/ HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+        X-Docker-Token: true
+
+        ""
+
+    :parameter namespace: the namespace for the repo
+    :parameter repo_name: the name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 202
+        Vary: Accept
+        Content-Type: application/json
+        WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=delete
+        X-Docker-Endpoints: registry-1.docker.io [, registry-2.docker.io]
+
+        ""
+
+    :statuscode 200: Deleted
+    :statuscode 202: Accepted
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active
+
+Library Repo
+~~~~~~~~~~~~
+
+.. http:put:: /v1/repositories/(repo_name)/
+
+    Create a library repository with the given ``repo_name``.
+    This is a restricted feature only available to docker admins.
+    
+    When namespace is missing, it is assumed to be ``library``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foobar/ HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+        X-Docker-Token: true
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}]
+
+    :parameter repo_name:  the library name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+        WWW-Authenticate: Token signature=123abc,repository=”library/foobar”,access=write
+        X-Docker-Endpoints: registry-1.docker.io [, registry-2.docker.io]
+
+        ""
+
+    :statuscode 200: Created
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active
+
+.. http:delete:: /v1/repositories/(repo_name)/
+
+    Delete a library repository with the given ``repo_name``.
+    This is a restricted feature only available to docker admins.
+    
+    When namespace is missing, it is assumed to be ``library``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        DELETE /v1/repositories/foobar/ HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+        X-Docker-Token: true
+
+        ""
+
+    :parameter repo_name:  the library name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 202
+        Vary: Accept
+        Content-Type: application/json
+        WWW-Authenticate: Token signature=123abc,repository=”library/foobar”,access=delete
+        X-Docker-Endpoints: registry-1.docker.io [, registry-2.docker.io]
+
+        ""
+
+    :statuscode 200: Deleted
+    :statuscode 202: Accepted
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active
+
+Repository Images
+*****************
+
+User Repo Images
+~~~~~~~~~~~~~~~~
+
+.. http:put:: /v1/repositories/(namespace)/(repo_name)/images
+
+    Update the images for a user repo.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foo/bar/images HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”,
+        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+
+    :parameter namespace: the namespace for the repo
+    :parameter repo_name: the name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 204
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 204: Created
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active or permission denied
+
+
+.. http:get:: /v1/repositories/(namespace)/(repo_name)/images
+
+    get the images for a user repo.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/repositories/foo/bar/images HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+
+    :parameter namespace: the namespace for the repo
+    :parameter repo_name: the name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”,
+        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”},
+        {“id”: “ertwetewtwe38722009fe6857087b486531f9a779a0c1dfddgfgsdgdsgds”,
+        “checksum”: “34t23f23fc17e3ed29dae8f12c4f9e89cc6f0bsdfgfsdgdsgdsgerwgew”}]
+
+    :statuscode 200: OK
+    :statuscode 404: Not found
+
+Library Repo Images
+~~~~~~~~~~~~~~~~~~~
+
+.. http:put:: /v1/repositories/(repo_name)/images
+
+    Update the images for a library repo.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foobar/images HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”,
+        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+
+    :parameter repo_name: the library name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 204
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 204: Created
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active or permission denied
+
+
+.. http:get:: /v1/repositories/(repo_name)/images
+
+    get the images for a library repo.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/repositories/foobar/images HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+
+    :parameter repo_name: the library name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”,
+        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”},
+        {“id”: “ertwetewtwe38722009fe6857087b486531f9a779a0c1dfddgfgsdgdsgds”,
+        “checksum”: “34t23f23fc17e3ed29dae8f12c4f9e89cc6f0bsdfgfsdgdsgdsgerwgew”}]
+
+    :statuscode 200: OK
+    :statuscode 404: Not found
+
+
+Repository Authorization
+************************
+
+Library Repo
+~~~~~~~~~~~~
+
+.. http:put:: /v1/repositories/(repo_name)/auth
+
+    authorize a token for a library repo
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foobar/auth HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Authorization: Token signature=123abc,repository="library/foobar",access=write
+
+    :parameter repo_name: the library name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        "OK"
+
+    :statuscode 200: OK
+    :statuscode 403: Permission denied
+    :statuscode 404: Not found
+
+
+User Repo
+~~~~~~~~~
+
+.. http:put:: /v1/repositories/(namespace)/(repo_name)/auth
+
+    authorize a token for a user repo
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/repositories/foo/bar/auth HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Authorization: Token signature=123abc,repository="foo/bar",access=write
+
+    :parameter namespace: the namespace for the repo
+    :parameter repo_name: the name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        "OK"
+
+    :statuscode 200: OK
+    :statuscode 403: Permission denied
+    :statuscode 404: Not found
+
+
+2.2 Users
+^^^^^^^^^
+
+User Login
+**********
+
+.. http:get:: /v1/users
+
+    If you want to check your login, you can try this endpoint
+    
+    **Example Request**:
+    
+    .. sourcecode:: http
+    
+        GET /v1/users HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Authorization: Basic akmklmasadalkm==
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200 OK
+        Vary: Accept
+        Content-Type: application/json
+
+        OK
+
+    :statuscode 200: no error
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active
+
+
+User Register
+*************
+
+.. http:post:: /v1/users
+
+    Registering a new account.
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+        POST /v1/users HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+
+        {"email": "sam@dotcloud.com",
+         "password": "toto42",
+         "username": "foobar"'}
+
+    :jsonparameter email: valid email address, that needs to be confirmed
+    :jsonparameter username: min 4 character, max 30 characters, must match the regular expression [a-z0-9\_].
+    :jsonparameter password: min 5 characters
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 201 OK
+        Vary: Accept
+        Content-Type: application/json
+
+        "User Created"
+
+    :statuscode 201: User Created
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+
+Update User
+***********
+
+.. http:put:: /v1/users/(username)/
+
+    Change a password or email address for given user. If you pass in an email,
+    it will add it to your account, it will not remove the old one. Passwords will
+    be updated.
+
+    It is up to the client to verify that that password that is sent is the one that
+    they want. Common approach is to have them type it twice.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/users/fakeuser/ HTTP/1.1
+        Host: index.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Basic akmklmasadalkm==
+
+        {"email": "sam@dotcloud.com",
+         "password": "toto42"}
+
+    :parameter username: username for the person you want to update
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 204
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 204: User Updated
+    :statuscode 400: Errors (invalid json, missing or invalid fields, etc)
+    :statuscode 401: Unauthorized
+    :statuscode 403: Account is not Active
+    :statuscode 404: User not found
+
+
+2.3 Search
+^^^^^^^^^^
+If you need to search the index, this is the endpoint you would use.
+
+Search
+******
+
+.. http:get:: /v1/search
+
+   Search the Index given a search term. It accepts :http:method:`get` only.
+
+   **Example request**:
+
+   .. sourcecode:: http
+
+      GET /v1/search?q=search_term HTTP/1.1
+      Host: example.com
+      Accept: application/json
+
+
+   **Example response**:
+
+   .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Vary: Accept
+      Content-Type: application/json
+
+      {"query":"search_term",
+        "num_results": 2,
+        "results" : [
+           {"name": "dotcloud/base", "description": "A base ubuntu64  image..."},
+           {"name": "base2", "description": "A base ubuntu64  image..."},
+         ]
+       }
+
+   :query q: what you want to search for
+   :statuscode 200: no error
+   :statuscode 500: server error

docs/sources/api/index_search_api.rst

@@ -1,43 +0,0 @@
-:title: Docker Index documentation
-:description: Documentation for docker Index
-:keywords: docker, index, api
-
-
-=======================
-Docker Index Search API
-=======================
-
-Search
-------
-
-.. http:get:: /v1/search
-
-   Search the Index given a search term. It accepts :http:method:`get` only.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /v1/search?q=search_term HTTP/1.1
-      Host: example.com
-      Accept: application/json
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {"query":"search_term",
-        "num_results": 2,
-        "results" : [
-           {"name": "dotcloud/base", "description": "A base ubuntu64  image..."},
-           {"name": "base2", "description": "A base ubuntu64  image..."},
-         ]
-       }
-
-   :query q: what you want to search for
-   :statuscode 200: no error
-   :statuscode 500: server error

docs/sources/api/registry_api.rst

@@ -1,7 +1,6 @@
-:title: Registry Documentation
-:description: Documentation for docker Registry and Registry API
-:keywords: docker, registry, api, index
-
+:title: Registry API
+:description: API Documentation for Docker Registry
+:keywords: API, Docker, index, registry, REST, documentation
 
 ===================
 Docker Registry API
@@ -9,29 +8,10 @@ Docker Registry API
 
 .. contents:: Table of Contents
 
-1. The 3 roles
-===============
+1. Brief introduction
+=====================
 
-1.1 Index
----------
-
-The Index is responsible for centralizing information about:
-- User accounts
-- Checksums of the images
-- Public namespaces
-
-The Index has different components:
-- Web UI
-- Meta-data store (comments, stars, list public repositories)
-- Authentication service
-- Tokenization
-
-The index is authoritative for those information.
-
-We expect that there will be only one instance of the index, run and managed by dotCloud.
-
-1.2 Registry
-------------
+- This is the REST API for the Docker Registry
 - It stores the images and the graph for a set of repositories
 - It does not have user accounts data
 - It has no notion of user accounts or authorization
@@ -60,418 +40,424 @@ We expect that there will be multiple registries out there. To help to grasp the
 
 The latter would only require two new commands in docker, e.g. “registryget” and “registryput”, wrapping access to the local filesystem (and optionally doing consistency checks). Authentication and authorization are then delegated to SSH (e.g. with public keys).
 
-1.3 Docker
+2. Endpoints
+============
+
+2.1 Images
 ----------
 
-On top of being a runtime for LXC, Docker is the Registry client. It supports:
-- Push / Pull on the registry
-- Client authentication on the Index
+Layer
+*****
 
-2. Workflow
-===========
+.. http:get:: /v1/images/(image_id)/layer 
 
-2.1 Pull
+    get image layer for a given ``image_id``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/layer HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Token akmklmasadalkmsdfgsdgdge33
+
+    :parameter image_id: the id for the layer you want to get
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+        {
+            id: "088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c",
+            parent: "aeee6396d62273d180a49c96c62e45438d87c7da4a5cf5d2be6bee4e21bc226f",
+            created: "2013-04-30T17:46:10.843673+03:00",
+            container: "8305672a76cc5e3d168f97221106ced35a76ec7ddbb03209b0f0d96bf74f6ef7",
+            container_config: {
+                Hostname: "host-test",
+                User: "",
+                Memory: 0,
+                MemorySwap: 0,
+                AttachStdin: false,
+                AttachStdout: false,
+                AttachStderr: false,
+                PortSpecs: null,
+                Tty: false,
+                OpenStdin: false,
+                StdinOnce: false,
+                Env: null,
+                Cmd: [
+                "/bin/bash",
+                "-c",
+                "apt-get -q -yy -f install libevent-dev"
+                ],
+                Dns: null,
+                Image: "imagename/blah",
+                Volumes: { },
+                VolumesFrom: ""
+            },
+            docker_version: "0.1.7"
+        }
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Image not found
+
+
+.. http:put:: /v1/images/(image_id)/layer 
+
+    put image layer for a given ``image_id``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/layer HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Authorization: Token akmklmasadalkmsdfgsdgdge33
+
+        {
+            id: "088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c",
+            parent: "aeee6396d62273d180a49c96c62e45438d87c7da4a5cf5d2be6bee4e21bc226f",
+            created: "2013-04-30T17:46:10.843673+03:00",
+            container: "8305672a76cc5e3d168f97221106ced35a76ec7ddbb03209b0f0d96bf74f6ef7",
+            container_config: {
+                Hostname: "host-test",
+                User: "",
+                Memory: 0,
+                MemorySwap: 0,
+                AttachStdin: false,
+                AttachStdout: false,
+                AttachStderr: false,
+                PortSpecs: null,
+                Tty: false,
+                OpenStdin: false,
+                StdinOnce: false,
+                Env: null,
+                Cmd: [
+                "/bin/bash",
+                "-c",
+                "apt-get -q -yy -f install libevent-dev"
+                ],
+                Dns: null,
+                Image: "imagename/blah",
+                Volumes: { },
+                VolumesFrom: ""
+            },
+            docker_version: "0.1.7"
+        }
+
+    :parameter image_id: the id for the layer you want to get
+
+
+    **Example Response**:
+
+    .. sourcecode:: http
+    
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Image not found
+
+
+Image
+*****
+
+.. http:put:: /v1/images/(image_id)/json
+
+    put image for a given ``image_id``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        PUT /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/json HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+        {
+         “id”: “088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c”,
+         “checksum”:  “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”
+         }
+
+    :parameter image_id: the id for the layer you want to get
+
+
+    **Example Response**:
+
+    .. sourcecode:: http
+    
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        ""
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+
+.. http:get:: /v1/images/(image_id)/json
+
+    get image for a given ``image_id``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/json HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+    :parameter image_id: the id for the layer you want to get
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        {
+         “id”: “088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c”,
+         “checksum”:  “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”
+         }
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Image not found
+
+
+Ancestry
+********
+
+.. http:get:: /v1/images/(image_id)/ancestry
+
+    get ancestry for an image given an ``image_id``
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/ancestry HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
+
+    :parameter image_id: the id for the layer you want to get
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        ["088b4502f51920fbd9b7c503e87c7a2c05aa3adc3d35e79c031fa126b403200f",
+         "aeee63968d87c7da4a5cf5d2be6bee4e21bc226fd62273d180a49c96c62e4543",
+         "bfa4c5326bc764280b0863b46a4b20d940bc1897ef9c1dfec060604bdc383280",
+         "6ab5893c6927c15a15665191f2c6cf751f5056d8b95ceee32e43c5e8a3648544"]
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Image not found
+
+
+2.2 Tags
 --------
 
-.. image:: /static_files/docker_pull_chart.png
+.. http:get:: /v1/repositories/(namespace)/(repository)/tags
 
-1. Contact the Index to know where I should download “samalba/busybox”
-2. Index replies:
-   a. “samalba/busybox” is on Registry A
-   b. here are the checksums for “samalba/busybox” (for all layers)
-   c. token
-3. Contact Registry A to receive the layers for “samalba/busybox” (all of them to the base image). Registry A is authoritative for “samalba/busybox” but keeps a copy of all inherited layers and serve them all from the same location.
-4. registry contacts index to verify if token/user is allowed to download images
-5. Index returns true/false lettings registry know if it should proceed or error out
-6. Get the payload for all layers
+    get all of the tags for the given repo.
 
-It’s possible to run docker pull \https://<registry>/repositories/samalba/busybox. In this case, docker bypasses the Index. However the security is not guaranteed (in case Registry A is corrupted) because there won’t be any checksum checks.
+    **Example Request**:
 
-Currently registry redirects to s3 urls for downloads, going forward all downloads need to be streamed through the registry. The Registry will then abstract the calls to S3 by a top-level class which implements sub-classes for S3 and local storage.
+    .. sourcecode:: http
 
-Token is only returned when the 'X-Docker-Token' header is sent with request.
-
-Basic Auth is required to pull private repos. Basic auth isn't required for pulling public repos, but if one is provided, it needs to be valid and for an active account.
-
-API (pulling repository foo/bar):
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-1. (Docker -> Index) GET /v1/repositories/foo/bar/images
-    **Headers**:
-        Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
-        X-Docker-Token: true
-    **Action**:
-        (looking up the foo/bar in db and gets images and checksums for that repo (all if no tag is specified, if tag, only checksums for those tags) see part 4.4.1)
-
-2. (Index -> Docker) HTTP 200 OK
-
-    **Headers**:
-        - Authorization: Token signature=123abc,repository=”foo/bar”,access=write
-        - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io]
-    **Body**:
-        Jsonified checksums (see part 4.4.1)
-
-3. (Docker -> Registry) GET /v1/repositories/foo/bar/tags/latest
-    **Headers**:
-        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
-
-4. (Registry -> Index) GET /v1/repositories/foo/bar/images
-
-    **Headers**:
-        Authorization: Token signature=123abc,repository=”foo/bar”,access=read
-
-    **Body**:
-        <ids and checksums in payload>
-
-    **Action**:
-        ( Lookup token see if they have access to pull.)
-
-        If good:
-            HTTP 200 OK
-            Index will invalidate the token
-        If bad:
-            HTTP 401 Unauthorized
-
-5. (Docker -> Registry) GET /v1/images/928374982374/ancestry
-    **Action**:
-        (for each image id returned in the registry, fetch /json + /layer)
-
-.. note::
-
-    If someone makes a second request, then we will always give a new token, never reuse tokens.
-
-2.2 Push
---------
-
-.. image:: /static_files/docker_push_chart.png
-
-1. Contact the index to allocate the repository name “samalba/busybox” (authentication required with user credentials)
-2. If authentication works and namespace available, “samalba/busybox” is allocated and a temporary token is returned (namespace is marked as initialized in index)
-3. Push the image on the registry (along with the token)
-4. Registry A contacts the Index to verify the token (token must corresponds to the repository name)
-5. Index validates the token. Registry A starts reading the stream pushed by docker and store the repository (with its images)
-6. docker contacts the index to give checksums for upload images
-
-.. note::
-
-    **It’s possible not to use the Index at all!** In this case, a deployed version of the Registry is deployed to store and serve images. Those images are not authentified and the security is not guaranteed.
-
-.. note::
-
-    **Index can be replaced!** For a private Registry deployed, a custom Index can be used to serve and validate token according to different policies.
-
-Docker computes the checksums and submit them to the Index at the end of the push. When a repository name does not have checksums on the Index, it means that the push is in progress (since checksums are submitted at the end).
-
-API (pushing repos foo/bar):
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-1. (Docker -> Index) PUT /v1/repositories/foo/bar/
-    **Headers**:
-        Authorization: Basic sdkjfskdjfhsdkjfh==
-        X-Docker-Token: true
-
-    **Action**::
-        - in index, we allocated a new repository, and set to initialized
-
-    **Body**::
-        (The body contains the list of images that are going to be pushed, with empty checksums. The checksums will be set at the end of the push)::
-
-        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}]
-
-2. (Index -> Docker) 200 Created
-    **Headers**:
-        - WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=write
-        - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io]
-
-3. (Docker -> Registry) PUT /v1/images/98765432_parent/json
-    **Headers**:
-        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
-
-4. (Registry->Index) GET /v1/repositories/foo/bar/images
-    **Headers**:
-        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
-    **Action**::
-        - Index:
-            will invalidate the token.
-        - Registry:
-            grants a session (if token is approved) and fetches the images id
-
-5. (Docker -> Registry) PUT /v1/images/98765432_parent/json
-    **Headers**::
-        - Authorization: Token signature=123abc,repository=”foo/bar”,access=write
-        - Cookie: (Cookie provided by the Registry)
-
-6. (Docker -> Registry) PUT /v1/images/98765432/json
-    **Headers**:
+        GET /v1/repositories/foo/bar/tags HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
         Cookie: (Cookie provided by the Registry)
 
-7. (Docker -> Registry) PUT /v1/images/98765432_parent/layer
-    **Headers**:
+    :parameter namespace: namespace for the repo
+    :parameter repository: name for the repo
+
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        {
+            "latest": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f",
+            “0.1.1”:  “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”
+        }
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Repository not found
+
+
+.. http:get:: /v1/repositories/(namespace)/(repository)/tags/(tag)
+
+    get a tag for the given repo.
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        GET /v1/repositories/foo/bar/tags/latest HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
         Cookie: (Cookie provided by the Registry)
 
-8. (Docker -> Registry) PUT /v1/images/98765432/layer
-    **Headers**:
-        X-Docker-Checksum: sha256:436745873465fdjkhdfjkgh
+    :parameter namespace: namespace for the repo
+    :parameter repository: name for the repo
+    :parameter tag: name of tag you want to get
 
-9. (Docker -> Registry) PUT /v1/repositories/foo/bar/tags/latest
-    **Headers**:
+    **Example Response**:
+
+    .. sourcecode:: http
+
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
+
+        "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f"
+
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Tag not found
+
+.. http:delete:: /v1/repositories/(namespace)/(repository)/tags/(tag)
+
+    delete the tag for the repo
+
+    **Example Request**:
+
+    .. sourcecode:: http
+
+        DELETE /v1/repositories/foo/bar/tags/latest HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
         Cookie: (Cookie provided by the Registry)
-    **Body**:
-        “98765432”
 
-10. (Docker -> Index) PUT /v1/repositories/foo/bar/images
+    :parameter namespace: namespace for the repo
+    :parameter repository: name for the repo
+    :parameter tag: name of tag you want to delete
 
-    **Headers**:
-        Authorization: Basic 123oislifjsldfj==
-        X-Docker-Endpoints: registry1.docker.io (no validation on this right now)
+    **Example Response**:
 
-    **Body**:
-        (The image, id’s, tags and checksums)
+    .. sourcecode:: http
 
-        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”,
-        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
 
-    **Return** HTTP 204
+        ""
 
-.. note::
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Tag not found
 
-     If push fails and they need to start again, what happens in the index, there will already be a record for the namespace/name, but it will be initialized. Should we allow it, or mark as name already used? One edge case could be if someone pushes the same thing at the same time with two different shells.
 
-     If it's a retry on the Registry, Docker has a cookie (provided by the registry after token validation). So the Index won’t have to provide a new token.
+.. http:put:: /v1/repositories/(namespace)/(repository)/tags/(tag)
 
-3. How to use the Registry in standalone mode
-=============================================
+    put a tag for the given repo.
 
-The Index has two main purposes (along with its fancy social features):
+    **Example Request**:
 
-- Resolve short names (to avoid passing absolute URLs all the time)
-   - username/projectname -> \https://registry.docker.io/users/<username>/repositories/<projectname>/
-- Authenticate a user as a repos owner (for a central referenced repository)
+    .. sourcecode:: http
 
-3.1 Without an Index
---------------------
-Using the Registry without the Index can be useful to store the images on a private network without having to rely on an external entity controlled by dotCloud.
+        PUT /v1/repositories/foo/bar/tags/latest HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
 
-In this case, the registry will be launched in a special mode (--standalone? --no-index?). In this mode, the only thing which changes is that Registry will never contact the Index to verify a token. It will be the Registry owner responsibility to authenticate the user who pushes (or even pulls) an image using any mechanism (HTTP auth, IP based, etc...).
+        “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”
 
-In this scenario, the Registry is responsible for the security in case of data corruption since the checksums are not delivered by a trusted entity.
+    :parameter namespace: namespace for the repo
+    :parameter repository: name for the repo
+    :parameter tag: name of tag you want to add
 
-As hinted previously, a standalone registry can also be implemented by any HTTP server handling GET/PUT requests (or even only GET requests if no write access is necessary).
+    **Example Response**:
 
-3.2 With an Index
------------------
+    .. sourcecode:: http
 
-The Index data needed by the Registry are simple:
-- Serve the checksums
-- Provide and authorize a Token
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
 
-In the scenario of a Registry running on a private network with the need of centralizing and authorizing, it’s easy to use a custom Index.
+        ""
 
-The only challenge will be to tell Docker to contact (and trust) this custom Index. Docker will be configurable at some point to use a specific Index, it’ll be the private entity responsibility (basically the organization who uses Docker in a private environment) to maintain the Index and the Docker’s configuration among its consumers.
+    :statuscode 200: OK
+    :statuscode 400: Invalid data
+    :statuscode 401: Requires authorization
+    :statuscode 404: Image not found
 
-4. The API
-==========
+2.3 Repositories
+----------------
 
-The first version of the api is available here: https://github.com/jpetazzo/docker/blob/acd51ecea8f5d3c02b00a08176171c59442df8b3/docs/images-repositories-push-pull.md
+.. http:delete:: /v1/repositories/(namespace)/(repository)/
 
-4.1 Images
-----------
+    delete a repository
 
-The format returned in the images is not defined here (for layer and json), basically because Registry stores exactly the same kind of information as Docker uses to manage them.
+    **Example Request**:
 
-The format of ancestry is a line-separated list of image ids, in age order. I.e. the image’s parent is on the last line, the parent of the parent on the next-to-last line, etc.; if the image has no parent, the file is empty.
+    .. sourcecode:: http
 
-GET /v1/images/<image_id>/layer
-PUT /v1/images/<image_id>/layer
-GET /v1/images/<image_id>/json
-PUT /v1/images/<image_id>/json
-GET /v1/images/<image_id>/ancestry
-PUT /v1/images/<image_id>/ancestry
+        DELETE /v1/repositories/foo/bar/ HTTP/1.1
+        Host: registry-1.docker.io
+        Accept: application/json
+        Content-Type: application/json
+        Cookie: (Cookie provided by the Registry)
 
-4.2 Users
----------
+        ""
 
-4.2.1 Create a user (Index)
-^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    :parameter namespace: namespace for the repo
+    :parameter repository: name for the repo
 
-POST /v1/users
+    **Example Response**:
 
-**Body**:
-    {"email": "sam@dotcloud.com", "password": "toto42", "username": "foobar"'}
+    .. sourcecode:: http
 
-**Validation**:
-    - **username** : min 4 character, max 30 characters, must match the regular expression [a-z0-9_].
-    - **password**: min 5 characters
+        HTTP/1.1 200
+        Vary: Accept
+        Content-Type: application/json
 
-**Valid**: return HTTP 200
+        ""
 
-Errors: HTTP 400 (we should create error codes for possible errors)
-- invalid json
-- missing field
-- wrong format (username, password, email, etc)
-- forbidden name
-- name already exists
+    :statuscode 200: OK
+    :statuscode 401: Requires authorization
+    :statuscode 404: Repository not found
 
-.. note::
+3.0 Authorization
+=================
+This is where we describe the authorization process, including the tokens and cookies. 
 
-    A user account will be valid only if the email has been validated (a validation link is sent to the email address).
-
-4.2.2 Update a user (Index)
-^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-PUT /v1/users/<username>
-
-**Body**:
-    {"password": "toto"}
-
-.. note::
-
-    We can also update email address, if they do, they will need to reverify their new email address.
-
-4.2.3 Login (Index)
-^^^^^^^^^^^^^^^^^^^
-Does nothing else but asking for a user authentication. Can be used to validate credentials. HTTP Basic Auth for now, maybe change in future.
-
-GET /v1/users
-
-**Return**:
-    - Valid: HTTP 200
-    - Invalid login: HTTP 401
-    - Account inactive: HTTP 403 Account is not Active
-
-4.3 Tags (Registry)
--------------------
-
-The Registry does not know anything about users. Even though repositories are under usernames, it’s just a namespace for the registry. Allowing us to implement organizations or different namespaces per user later, without modifying the Registry’s API.
-
-The following naming restrictions apply:
-
-- Namespaces must match the same regular expression as usernames (See 4.2.1.)
-- Repository names must match the regular expression [a-zA-Z0-9-_.]
-
-4.3.1 Get all tags
-^^^^^^^^^^^^^^^^^^
-
-GET /v1/repositories/<namespace>/<repository_name>/tags
-
-**Return**: HTTP 200
-    {
-    "latest": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f",
-    “0.1.1”:  “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”
-    }
-
-4.3.2 Read the content of a tag (resolve the image id)
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-GET /v1/repositories/<namespace>/<repo_name>/tags/<tag>
-
-**Return**:
-    "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f"
-
-4.3.3 Delete a tag (registry)
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-DELETE /v1/repositories/<namespace>/<repo_name>/tags/<tag>
-
-4.4 Images (Index)
-------------------
-
-For the Index to “resolve” the repository name to a Registry location, it uses the X-Docker-Endpoints header. In other terms, this requests always add a “X-Docker-Endpoints” to indicate the location of the registry which hosts this repository.
-
-4.4.1 Get the images
-^^^^^^^^^^^^^^^^^^^^^
-
-GET /v1/repositories/<namespace>/<repo_name>/images
-
-**Return**: HTTP 200
-    [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
-
-
-4.4.2 Add/update the images
-^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-You always add images, you never remove them.
-
-PUT /v1/repositories/<namespace>/<repo_name>/images
-
-**Body**:
-    [ {“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”} ]
-
-**Return** 204
-
-5. Chaining Registries
-======================
-
-It’s possible to chain Registries server for several reasons:
-- Load balancing
-- Delegate the next request to another server
-
-When a Registry is a reference for a repository, it should host the entire images chain in order to avoid breaking the chain during the download.
-
-The Index and Registry use this mechanism to redirect on one or the other.
-
-Example with an image download:
-On every request, a special header can be returned:
-
-X-Docker-Endpoints: server1,server2
-
-On the next request, the client will always pick a server from this list.
-
-6. Authentication & Authorization
-=================================
-
-6.1 On the Index
------------------
-
-The Index supports both “Basic” and “Token” challenges. Usually when there is a “401 Unauthorized”, the Index replies this::
-
-    401 Unauthorized
-    WWW-Authenticate: Basic realm="auth required",Token
-
-You have 3 options:
-
-1. Provide user credentials and ask for a token
-
-    **Header**:
-        - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
-        - X-Docker-Token: true
-
-    In this case, along with the 200 response, you’ll get a new token (if user auth is ok):
-    If authorization isn't correct you get a 401 response.
-    If account isn't active you will get a 403 response.
-
-    **Response**:
-        - 200 OK
-        - X-Docker-Token: Token signature=123abc,repository=”foo/bar”,access=read
-
-2. Provide user credentials only
-
-    **Header**:
-        Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
-
-3. Provide Token
-
-    **Header**:
-        Authorization: Token signature=123abc,repository=”foo/bar”,access=read
-
-6.2 On the Registry
--------------------
-
-The Registry only supports the Token challenge::
-
-    401 Unauthorized
-    WWW-Authenticate: Token
-
-The only way is to provide a token on “401 Unauthorized” responses::
-
-    Authorization: Token signature=123abc,repository=”foo/bar”,access=read
-
-Usually, the Registry provides a Cookie when a Token verification succeeded. Every time the Registry passes a Cookie, you have to pass it back the same cookie.::
-
-    200 OK
-    Set-Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=&timestamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="; Path=/; HttpOnly
-
-Next request::
-
-    GET /(...)
-    Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=&timestamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="
+TODO: add more info.

docs/sources/api/registry_index_spec.rst

@@ -0,0 +1,570 @@
+:title: Registry Documentation
+:description: Documentation for docker Registry and Registry API
+:keywords: docker, registry, api, index
+
+
+=====================
+Registry & index Spec
+=====================
+
+.. contents:: Table of Contents
+
+1. The 3 roles
+===============
+
+1.1 Index
+---------
+
+The Index is responsible for centralizing information about:
+- User accounts
+- Checksums of the images
+- Public namespaces
+
+The Index has different components:
+- Web UI
+- Meta-data store (comments, stars, list public repositories)
+- Authentication service
+- Tokenization
+
+The index is authoritative for those information.
+
+We expect that there will be only one instance of the index, run and managed by dotCloud.
+
+1.2 Registry
+------------
+- It stores the images and the graph for a set of repositories
+- It does not have user accounts data
+- It has no notion of user accounts or authorization
+- It delegates authentication and authorization to the Index Auth service using tokens
+- It supports different storage backends (S3, cloud files, local FS)
+- It doesn’t have a local database
+- It will be open-sourced at some point
+
+We expect that there will be multiple registries out there. To help to grasp the context, here are some examples of registries:
+
+- **sponsor registry**: such a registry is provided by a third-party hosting infrastructure as a convenience for their customers and the docker community as a whole. Its costs are supported by the third party, but the management and operation of the registry are supported by dotCloud. It features read/write access, and delegates authentication and authorization to the Index.
+- **mirror registry**: such a registry is provided by a third-party hosting infrastructure but is targeted at their customers only. Some mechanism (unspecified to date) ensures that public images are pulled from a sponsor registry to the mirror registry, to make sure that the customers of the third-party provider can “docker pull” those images locally.
+- **vendor registry**: such a registry is provided by a software vendor, who wants to distribute docker images. It would be operated and managed by the vendor. Only users authorized by the vendor would be able to get write access. Some images would be public (accessible for anyone), others private (accessible only for authorized users). Authentication and authorization would be delegated to the Index. The goal of vendor registries is to let someone do “docker pull basho/riak1.3” and automatically push from the vendor registry (instead of a sponsor registry); i.e. get all the convenience of a sponsor registry, while retaining control on the asset distribution.
+- **private registry**: such a registry is located behind a firewall, or protected by an additional security layer (HTTP authorization, SSL client-side certificates, IP address authorization...). The registry is operated by a private entity, outside of dotCloud’s control. It can optionally delegate additional authorization to the Index, but it is not mandatory.
+
+.. note::
+
+    Mirror registries and private registries which do not use the Index don’t even need to run the registry code. They can be implemented by any kind of transport implementing HTTP GET and PUT. Read-only registries can be powered by a simple static HTTP server.
+
+.. note::
+
+    The latter implies that while HTTP is the protocol of choice for a registry, multiple schemes are possible (and in some cases, trivial):
+        - HTTP with GET (and PUT for read-write registries);
+        - local mount point;
+        - remote docker addressed through SSH.
+
+The latter would only require two new commands in docker, e.g. “registryget” and “registryput”, wrapping access to the local filesystem (and optionally doing consistency checks). Authentication and authorization are then delegated to SSH (e.g. with public keys).
+
+1.3 Docker
+----------
+
+On top of being a runtime for LXC, Docker is the Registry client. It supports:
+- Push / Pull on the registry
+- Client authentication on the Index
+
+2. Workflow
+===========
+
+2.1 Pull
+--------
+
+.. image:: /static_files/docker_pull_chart.png
+
+1. Contact the Index to know where I should download “samalba/busybox”
+2. Index replies:
+   a. “samalba/busybox” is on Registry A
+   b. here are the checksums for “samalba/busybox” (for all layers)
+   c. token
+3. Contact Registry A to receive the layers for “samalba/busybox” (all of them to the base image). Registry A is authoritative for “samalba/busybox” but keeps a copy of all inherited layers and serve them all from the same location.
+4. registry contacts index to verify if token/user is allowed to download images
+5. Index returns true/false lettings registry know if it should proceed or error out
+6. Get the payload for all layers
+
+It’s possible to run docker pull \https://<registry>/repositories/samalba/busybox. In this case, docker bypasses the Index. However the security is not guaranteed (in case Registry A is corrupted) because there won’t be any checksum checks.
+
+Currently registry redirects to s3 urls for downloads, going forward all downloads need to be streamed through the registry. The Registry will then abstract the calls to S3 by a top-level class which implements sub-classes for S3 and local storage.
+
+Token is only returned when the 'X-Docker-Token' header is sent with request.
+
+Basic Auth is required to pull private repos. Basic auth isn't required for pulling public repos, but if one is provided, it needs to be valid and for an active account.
+
+API (pulling repository foo/bar):
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. (Docker -> Index) GET /v1/repositories/foo/bar/images
+    **Headers**:
+        Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+        X-Docker-Token: true
+    **Action**:
+        (looking up the foo/bar in db and gets images and checksums for that repo (all if no tag is specified, if tag, only checksums for those tags) see part 4.4.1)
+
+2. (Index -> Docker) HTTP 200 OK
+
+    **Headers**:
+        - Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+        - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io]
+    **Body**:
+        Jsonified checksums (see part 4.4.1)
+
+3. (Docker -> Registry) GET /v1/repositories/foo/bar/tags/latest
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+
+4. (Registry -> Index) GET /v1/repositories/foo/bar/images
+
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=read
+
+    **Body**:
+        <ids and checksums in payload>
+
+    **Action**:
+        ( Lookup token see if they have access to pull.)
+
+        If good:
+            HTTP 200 OK
+            Index will invalidate the token
+        If bad:
+            HTTP 401 Unauthorized
+
+5. (Docker -> Registry) GET /v1/images/928374982374/ancestry
+    **Action**:
+        (for each image id returned in the registry, fetch /json + /layer)
+
+.. note::
+
+    If someone makes a second request, then we will always give a new token, never reuse tokens.
+
+2.2 Push
+--------
+
+.. image:: /static_files/docker_push_chart.png
+
+1. Contact the index to allocate the repository name “samalba/busybox” (authentication required with user credentials)
+2. If authentication works and namespace available, “samalba/busybox” is allocated and a temporary token is returned (namespace is marked as initialized in index)
+3. Push the image on the registry (along with the token)
+4. Registry A contacts the Index to verify the token (token must corresponds to the repository name)
+5. Index validates the token. Registry A starts reading the stream pushed by docker and store the repository (with its images)
+6. docker contacts the index to give checksums for upload images
+
+.. note::
+
+    **It’s possible not to use the Index at all!** In this case, a deployed version of the Registry is deployed to store and serve images. Those images are not authentified and the security is not guaranteed.
+
+.. note::
+
+    **Index can be replaced!** For a private Registry deployed, a custom Index can be used to serve and validate token according to different policies.
+
+Docker computes the checksums and submit them to the Index at the end of the push. When a repository name does not have checksums on the Index, it means that the push is in progress (since checksums are submitted at the end).
+
+API (pushing repos foo/bar):
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. (Docker -> Index) PUT /v1/repositories/foo/bar/
+    **Headers**:
+        Authorization: Basic sdkjfskdjfhsdkjfh==
+        X-Docker-Token: true
+
+    **Action**::
+        - in index, we allocated a new repository, and set to initialized
+
+    **Body**::
+        (The body contains the list of images that are going to be pushed, with empty checksums. The checksums will be set at the end of the push)::
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}]
+
+2. (Index -> Docker) 200 Created
+    **Headers**:
+        - WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=write
+        - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io]
+
+3. (Docker -> Registry) PUT /v1/images/98765432_parent/json
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+
+4. (Registry->Index) GET /v1/repositories/foo/bar/images
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+    **Action**::
+        - Index:
+            will invalidate the token.
+        - Registry:
+            grants a session (if token is approved) and fetches the images id
+
+5. (Docker -> Registry) PUT /v1/images/98765432_parent/json
+    **Headers**::
+        - Authorization: Token signature=123abc,repository=”foo/bar”,access=write
+        - Cookie: (Cookie provided by the Registry)
+
+6. (Docker -> Registry) PUT /v1/images/98765432/json
+    **Headers**:
+        Cookie: (Cookie provided by the Registry)
+
+7. (Docker -> Registry) PUT /v1/images/98765432_parent/layer
+    **Headers**:
+        Cookie: (Cookie provided by the Registry)
+
+8. (Docker -> Registry) PUT /v1/images/98765432/layer
+    **Headers**:
+        X-Docker-Checksum: sha256:436745873465fdjkhdfjkgh
+
+9. (Docker -> Registry) PUT /v1/repositories/foo/bar/tags/latest
+    **Headers**:
+        Cookie: (Cookie provided by the Registry)
+    **Body**:
+        “98765432”
+
+10. (Docker -> Index) PUT /v1/repositories/foo/bar/images
+
+    **Headers**:
+        Authorization: Basic 123oislifjsldfj==
+        X-Docker-Endpoints: registry1.docker.io (no validation on this right now)
+
+    **Body**:
+        (The image, id’s, tags and checksums)
+
+        [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”,
+        “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+
+    **Return** HTTP 204
+
+.. note::
+
+     If push fails and they need to start again, what happens in the index, there will already be a record for the namespace/name, but it will be initialized. Should we allow it, or mark as name already used? One edge case could be if someone pushes the same thing at the same time with two different shells.
+
+     If it's a retry on the Registry, Docker has a cookie (provided by the registry after token validation). So the Index won’t have to provide a new token.
+
+2.3 Delete
+----------
+
+If you need to delete something from the index or registry, we need a nice clean way to do that. Here is the workflow.
+
+1. Docker contacts the index to request a delete of a repository “samalba/busybox” (authentication required with user credentials)
+2. If authentication works and repository is valid, “samalba/busybox” is marked as deleted and a temporary token is returned
+3. Send a delete request to the registry for the repository (along with the token)
+4. Registry A contacts the Index to verify the token (token must corresponds to the repository name)
+5. Index validates the token. Registry A deletes the repository and everything associated to it.
+6. docker contacts the index to let it know it was removed from the registry, the index removes all records from the database.
+
+.. note::
+
+    The Docker client should present an "Are you sure?" prompt to confirm the deletion before starting the process. Once it starts it can't be undone.
+
+API (deleting repository foo/bar):
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. (Docker -> Index) DELETE /v1/repositories/foo/bar/
+    **Headers**:
+        Authorization: Basic sdkjfskdjfhsdkjfh==
+        X-Docker-Token: true
+
+    **Action**::
+        - in index, we make sure it is a valid repository, and set to deleted (logically)
+
+    **Body**::
+        Empty
+
+2. (Index -> Docker) 202 Accepted
+    **Headers**:
+        - WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=delete
+        - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io]   # list of endpoints where this repo lives.
+
+3. (Docker -> Registry) DELETE /v1/repositories/foo/bar/
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=delete
+
+4. (Registry->Index) PUT /v1/repositories/foo/bar/auth
+    **Headers**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=delete
+    **Action**::
+        - Index:
+            will invalidate the token.
+        - Registry:
+            deletes the repository (if token is approved)
+
+5. (Registry -> Docker) 200 OK
+        200 If success 
+        403 if forbidden
+        400 if bad request
+        404 if repository isn't found
+
+6. (Docker -> Index) DELETE /v1/repositories/foo/bar/
+
+    **Headers**:
+        Authorization: Basic 123oislifjsldfj==
+        X-Docker-Endpoints: registry-1.docker.io (no validation on this right now)
+
+    **Body**:
+        Empty
+
+    **Return** HTTP 200
+
+
+3. How to use the Registry in standalone mode
+=============================================
+
+The Index has two main purposes (along with its fancy social features):
+
+- Resolve short names (to avoid passing absolute URLs all the time)
+   - username/projectname -> \https://registry.docker.io/users/<username>/repositories/<projectname>/
+   - team/projectname -> \https://registry.docker.io/team/<team>/repositories/<projectname>/
+- Authenticate a user as a repos owner (for a central referenced repository)
+
+3.1 Without an Index
+--------------------
+Using the Registry without the Index can be useful to store the images on a private network without having to rely on an external entity controlled by dotCloud.
+
+In this case, the registry will be launched in a special mode (--standalone? --no-index?). In this mode, the only thing which changes is that Registry will never contact the Index to verify a token. It will be the Registry owner responsibility to authenticate the user who pushes (or even pulls) an image using any mechanism (HTTP auth, IP based, etc...).
+
+In this scenario, the Registry is responsible for the security in case of data corruption since the checksums are not delivered by a trusted entity.
+
+As hinted previously, a standalone registry can also be implemented by any HTTP server handling GET/PUT requests (or even only GET requests if no write access is necessary).
+
+3.2 With an Index
+-----------------
+
+The Index data needed by the Registry are simple:
+- Serve the checksums
+- Provide and authorize a Token
+
+In the scenario of a Registry running on a private network with the need of centralizing and authorizing, it’s easy to use a custom Index.
+
+The only challenge will be to tell Docker to contact (and trust) this custom Index. Docker will be configurable at some point to use a specific Index, it’ll be the private entity responsibility (basically the organization who uses Docker in a private environment) to maintain the Index and the Docker’s configuration among its consumers.
+
+4. The API
+==========
+
+The first version of the api is available here: https://github.com/jpetazzo/docker/blob/acd51ecea8f5d3c02b00a08176171c59442df8b3/docs/images-repositories-push-pull.md
+
+4.1 Images
+----------
+
+The format returned in the images is not defined here (for layer and json), basically because Registry stores exactly the same kind of information as Docker uses to manage them.
+
+The format of ancestry is a line-separated list of image ids, in age order. I.e. the image’s parent is on the last line, the parent of the parent on the next-to-last line, etc.; if the image has no parent, the file is empty.
+
+GET /v1/images/<image_id>/layer
+PUT /v1/images/<image_id>/layer
+GET /v1/images/<image_id>/json
+PUT /v1/images/<image_id>/json
+GET /v1/images/<image_id>/ancestry
+PUT /v1/images/<image_id>/ancestry
+
+4.2 Users
+---------
+
+4.2.1 Create a user (Index)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+POST /v1/users
+
+**Body**:
+    {"email": "sam@dotcloud.com", "password": "toto42", "username": "foobar"'}
+
+**Validation**:
+    - **username**: min 4 character, max 30 characters, must match the regular
+      expression [a-z0-9\_].
+    - **password**: min 5 characters
+
+**Valid**: return HTTP 200
+
+Errors: HTTP 400 (we should create error codes for possible errors)
+- invalid json
+- missing field
+- wrong format (username, password, email, etc)
+- forbidden name
+- name already exists
+
+.. note::
+
+    A user account will be valid only if the email has been validated (a validation link is sent to the email address).
+
+4.2.2 Update a user (Index)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+PUT /v1/users/<username>
+
+**Body**:
+    {"password": "toto"}
+
+.. note::
+
+    We can also update email address, if they do, they will need to reverify their new email address.
+
+4.2.3 Login (Index)
+^^^^^^^^^^^^^^^^^^^
+Does nothing else but asking for a user authentication. Can be used to validate credentials. HTTP Basic Auth for now, maybe change in future.
+
+GET /v1/users
+
+**Return**:
+    - Valid: HTTP 200
+    - Invalid login: HTTP 401
+    - Account inactive: HTTP 403 Account is not Active
+
+4.3 Tags (Registry)
+-------------------
+
+The Registry does not know anything about users. Even though repositories are under usernames, it’s just a namespace for the registry. Allowing us to implement organizations or different namespaces per user later, without modifying the Registry’s API.
+
+The following naming restrictions apply:
+
+- Namespaces must match the same regular expression as usernames (See 4.2.1.)
+- Repository names must match the regular expression [a-zA-Z0-9-_.]
+
+4.3.1 Get all tags
+^^^^^^^^^^^^^^^^^^
+
+GET /v1/repositories/<namespace>/<repository_name>/tags
+
+**Return**: HTTP 200
+    {
+    "latest": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f",
+    “0.1.1”:  “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”
+    }
+
+4.3.2 Read the content of a tag (resolve the image id)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+GET /v1/repositories/<namespace>/<repo_name>/tags/<tag>
+
+**Return**:
+    "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f"
+
+4.3.3 Delete a tag (registry)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+DELETE /v1/repositories/<namespace>/<repo_name>/tags/<tag>
+
+4.4 Images (Index)
+------------------
+
+For the Index to “resolve” the repository name to a Registry location, it uses the X-Docker-Endpoints header. In other terms, this requests always add a “X-Docker-Endpoints” to indicate the location of the registry which hosts this repository.
+
+4.4.1 Get the images
+^^^^^^^^^^^^^^^^^^^^^
+
+GET /v1/repositories/<namespace>/<repo_name>/images
+
+**Return**: HTTP 200
+    [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}]
+
+
+4.4.2 Add/update the images
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You always add images, you never remove them.
+
+PUT /v1/repositories/<namespace>/<repo_name>/images
+
+**Body**:
+    [ {“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”} ]
+
+**Return** 204
+
+4.5 Repositories
+----------------
+
+4.5.1 Remove a Repository (Registry)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+DELETE /v1/repositories/<namespace>/<repo_name>
+
+Return 200 OK
+
+4.5.2 Remove a Repository (Index)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+This starts the delete process. see 2.3 for more details.
+
+DELETE /v1/repositories/<namespace>/<repo_name>
+
+Return 202 OK
+
+5. Chaining Registries
+======================
+
+It’s possible to chain Registries server for several reasons:
+- Load balancing
+- Delegate the next request to another server
+
+When a Registry is a reference for a repository, it should host the entire images chain in order to avoid breaking the chain during the download.
+
+The Index and Registry use this mechanism to redirect on one or the other.
+
+Example with an image download:
+On every request, a special header can be returned:
+
+X-Docker-Endpoints: server1,server2
+
+On the next request, the client will always pick a server from this list.
+
+6. Authentication & Authorization
+=================================
+
+6.1 On the Index
+-----------------
+
+The Index supports both “Basic” and “Token” challenges. Usually when there is a “401 Unauthorized”, the Index replies this::
+
+    401 Unauthorized
+    WWW-Authenticate: Basic realm="auth required",Token
+
+You have 3 options:
+
+1. Provide user credentials and ask for a token
+
+    **Header**:
+        - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+        - X-Docker-Token: true
+
+    In this case, along with the 200 response, you’ll get a new token (if user auth is ok):
+    If authorization isn't correct you get a 401 response.
+    If account isn't active you will get a 403 response.
+
+    **Response**:
+        - 200 OK
+        - X-Docker-Token: Token signature=123abc,repository=”foo/bar”,access=read
+
+2. Provide user credentials only
+
+    **Header**:
+        Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+
+3. Provide Token
+
+    **Header**:
+        Authorization: Token signature=123abc,repository=”foo/bar”,access=read
+
+6.2 On the Registry
+-------------------
+
+The Registry only supports the Token challenge::
+
+    401 Unauthorized
+    WWW-Authenticate: Token
+
+The only way is to provide a token on “401 Unauthorized” responses::
+
+    Authorization: Token signature=123abc,repository=”foo/bar”,access=read
+
+Usually, the Registry provides a Cookie when a Token verification succeeded. Every time the Registry passes a Cookie, you have to pass it back the same cookie.::
+
+    200 OK
+    Set-Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=&timestamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="; Path=/; HttpOnly
+
+Next request::
+
+    GET /(...)
+    Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=&timestamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="
+
+
+7.0 Document Version
+---------------------
+
+- 1.0 : May 6th 2013 : initial release 
+- 1.1 : June 1st 2013 : Added Delete Repository and way to handle new source namespace.

docs/sources/commandline/cli.rst

@@ -15,7 +15,7 @@ To list available commands, either run ``docker`` with no parameters or execute
 
   $ docker
     Usage: docker [OPTIONS] COMMAND [arg...]
-      -H="127.0.0.1:4243": Host:port to bind/connect to
+      -H=[tcp://127.0.0.1:4243]: tcp://host:port to bind/connect to or unix://path/to/socket to use
 
     A self-sufficient runtime for linux containers.
 
@@ -52,5 +52,6 @@ Available Commands
    command/start
    command/stop
    command/tag
+   command/top
    command/version
    command/wait

docs/sources/commandline/command/build.rst

@@ -8,9 +8,12 @@
 
 ::
 
-    Usage: docker build [OPTIONS] PATH | -
+    Usage: docker build [OPTIONS] PATH | URL | -
     Build a new container image from the source code at PATH
       -t="": Tag to be applied to the resulting image in case of success.
+      -q=false: Suppress verbose build output.
+    When a single Dockerfile is given as URL, then no context is set. When a git repository is set as URL, the repository is used as context
+
 
 Examples
 --------
@@ -19,10 +22,23 @@ Examples
 
     docker build .
 
-This will take the local Dockerfile
+| This will read the Dockerfile from the current directory. It will also send any other files and directories found in the current directory to the docker daemon.
+| The contents of this directory would be used by ADD commands found within the Dockerfile.
+| This will send a lot of data to the docker daemon if the current directory contains a lot of data.
+| If the absolute path is provided instead of '.', only the files and directories required by the ADD commands from the Dockerfile will be added to the context and transferred to the docker daemon.
+|
 
 .. code-block:: bash
 
-    docker build -
+    docker build - < Dockerfile
 
-This will read a Dockerfile form Stdin without context
+| This will read a Dockerfile from Stdin without context. Due to the lack of a context, no contents of any local directory will be sent to the docker daemon.
+| ADD doesn't work when running in this mode due to the absence of the context, thus having no source files to copy to the container.
+
+
+.. code-block:: bash
+
+    docker build github.com/creack/docker-firefox
+
+| This will clone the github repository and use it as context. The Dockerfile at the root of the repository is used as Dockerfile.
+| Note that you can specify an arbitrary git repository by using the 'git://' schema.

docs/sources/commandline/command/import.rst

@@ -8,6 +8,34 @@
 
 ::
 
-    Usage: docker import [OPTIONS] URL|- [REPOSITORY [TAG]]
+    Usage: docker import URL|- [REPOSITORY [TAG]]
 
     Create a new filesystem image from the contents of a tarball
+
+At this time, the URL must start with ``http`` and point to a single file archive
+(.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz)
+containing a root filesystem. If you would like to import from a local directory or archive,
+you can use the ``-`` parameter to take the data from standard in.
+
+Examples
+--------
+
+Import from a remote location
+.............................
+
+``$ docker import http://example.com/exampleimage.tgz exampleimagerepo``
+
+Import from a local file
+........................
+
+Import to docker via pipe and standard in
+
+``$ cat exampleimage.tgz | docker import - exampleimagelocal``
+
+Import from a local directory
+.............................
+
+``$ sudo tar -c . | docker import - exampleimagedir``
+
+Note the ``sudo`` in this example -- you must preserve the ownership of the files (especially root ownership)
+during the archiving with tar. If you are not root (or sudo) when you tar, then the ownerships might not get preserved.

docs/sources/commandline/command/login.rst

@@ -8,6 +8,10 @@
 
 ::
 
-    Usage: docker login
+    Usage: docker login [OPTIONS]
 
     Register or Login to the docker registry server
+
+    -e="": email
+    -p="": password
+    -u="": username

docs/sources/commandline/command/rm.rst

@@ -10,4 +10,4 @@
 
     Usage: docker rm [OPTIONS] CONTAINER
 
-    Remove a container
+    Remove one or more containers

docs/sources/commandline/command/rmi.rst

@@ -8,6 +8,6 @@
 
 ::
 
-    Usage: docker rmimage [OPTIONS] IMAGE
+    Usage: docker rmi IMAGE [IMAGE...]
 
-    Remove an image
+    Remove one or more images

docs/sources/commandline/command/run.rst

@@ -8,20 +8,33 @@
 
 ::
 
-    Usage: docker run [OPTIONS] IMAGE COMMAND [ARG...]
+    Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
 
     Run a command in a new container
 
       -a=map[]: Attach to stdin, stdout or stderr.
       -c=0: CPU shares (relative weight)
-      -d=false: Detached mode: leave the container running in the background
+      -cidfile="": Write the container ID to the file
+      -d=false: Detached mode: Run container in the background, print new container id
       -e=[]: Set environment variables
       -h="": Container host name
       -i=false: Keep stdin open even if not attached
       -m=0: Memory limit (in bytes)
+      -n=true: Enable networking for this container
       -p=[]: Map a network port to the container
       -t=false: Allocate a pseudo-tty
       -u="": Username or UID
       -d=[]: Set custom dns servers for the container
-      -v=[]: Creates a new volume and mounts it at the specified path.
+      -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. If "host-dir" is missing, then docker creates a new volume.
       -volumes-from="": Mount all volumes from the given container.
+      -entrypoint="": Overwrite the default entrypoint set by the image.
+
+
+Examples
+--------
+
+.. code-block:: bash
+
+    docker run -cidfile /tmp/docker_test.cid ubuntu echo "test"
+
+| This will create a container and print "test" to the console. The cidfile flag makes docker attempt to create a new file and write the container ID to it. If the file exists already, docker will return an error. Docker will close this file when docker run exits.

docs/sources/commandline/command/stop.rst

@@ -8,6 +8,8 @@
 
 ::
 
-    Usage: docker stop [OPTIONS] NAME
+    Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...]
 
     Stop a running container
+
+      -t=10: Number of seconds to wait for the container to stop before killing it.

docs/sources/commandline/command/top.rst

@@ -0,0 +1,13 @@
+:title: Top Command
+:description: Lookup the running processes of a container
+:keywords: top, docker, container, documentation
+
+=======================================================
+``top`` -- Lookup the running processes of a container
+=======================================================
+
+::
+
+    Usage: docker top CONTAINER
+
+    Lookup the running processes of a container

docs/sources/commandline/index.rst

@@ -37,5 +37,6 @@ Contents:
   start   <command/start>
   stop    <command/stop>
   tag     <command/tag>
+  top     <command/top>
   version <command/version>
-  wait    <command/wait>
+  wait    <command/wait>

docs/sources/concepts/containers.rst

@@ -1,8 +0,0 @@
-:title: Introduction
-:description: An introduction to docker and standard containers?
-:keywords: containers, lxc, concepts, explanation, docker, documentation
-
-
-:note: This version of the introduction is temporary, just to make sure we don't break the links from the website when the documentation is updated
-
-This document has been moved to  :ref:`introduction`, please update your bookmarks.

docs/sources/concepts/index.rst

@@ -1,10 +1,10 @@
-:title: Concepts
-:description: -- todo: change me
+:title: Overview
+:description: Docker documentation summary
 :keywords: concepts, documentation, docker, containers
 
 
 
-Concepts
+Overview
 ========
 
 Contents:
@@ -13,4 +13,4 @@ Contents:
    :maxdepth: 1
 
    ../index
-
+   manifesto

docs/sources/concepts/introduction.rst

@@ -1,125 +0,0 @@
-:title: Introduction
-:description: An introduction to docker and standard containers?
-:keywords: containers, lxc, concepts, explanation
-
-Introduction
-============
-
-Docker -- The Linux container runtime
--------------------------------------
-
-Docker complements LXC with a high-level API which operates at the process level. It runs unix processes with strong guarantees of isolation and repeatability across servers.
-
-Docker is a great building block for automating distributed systems: large-scale web deployments, database clusters, continuous deployment systems, private PaaS, service-oriented architectures, etc.
-
-
-- **Heterogeneous payloads** Any combination of binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, you name it. No more juggling between domain-specific tools. Docker can deploy and run them all.
-- **Any server** Docker can run on any x64 machine with a modern linux kernel - whether it's a laptop, a bare metal server or a VM. This makes it perfect for multi-cloud deployments.
-- **Isolation** docker isolates processes from each other and from the underlying host, using lightweight containers.
-- **Repeatability** Because containers are isolated in their own filesystem, they behave the same regardless of where, when, and alongside what they run.
-
-.. image:: images/lego_docker.jpg
-
-
-What is a Standard Container?
------------------------------
-
-Docker defines a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in
-a format that is self-describing and portable, so that any compliant runtime can run it without extra dependency, regardless of the underlying machine and the contents of the container.
-
-The spec for Standard Containers is currently work in progress, but it is very straightforward. It mostly defines 1) an image format, 2) a set of standard operations, and 3) an execution environment.
-
-A great analogy for this is the shipping container. Just like Standard Containers are a fundamental unit of software delivery, shipping containers (http://bricks.argz.com/ins/7823-1/12) are a fundamental unit of physical delivery.
-
-Standard operations
-~~~~~~~~~~~~~~~~~~~
-
-Just like shipping containers, Standard Containers define a set of STANDARD OPERATIONS. Shipping containers can be lifted, stacked, locked, loaded, unloaded and labelled. Similarly, standard containers can be started, stopped, copied, snapshotted, downloaded, uploaded and tagged.
-
-
-Content-agnostic
-~~~~~~~~~~~~~~~~~~~
-
-Just like shipping containers, Standard Containers are CONTENT-AGNOSTIC: all standard operations have the same effect regardless of the contents. A shipping container will be stacked in exactly the same way whether it contains Vietnamese powder coffee or spare Maserati parts. Similarly, Standard Containers are started or uploaded in the same way whether they contain a postgres database, a php application with its dependencies and application server, or Java build artifacts.
-
-
-Infrastructure-agnostic
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be transported to thousands of facilities around the world, and manipulated by a wide variety of equipment. A shipping container can be packed in a factory in Ukraine, transported by truck to the nearest routing center, stacked onto a train, loaded into a German boat by an Australian-built crane, stored in a warehouse at a US facility, etc. Similarly, a standard container can be bundled on my laptop, uploaded to S3, downloaded, run and snapshotted by a build server at Equinix in Virginia, uploaded to 10 staging servers in a home-made Openstack cluster, then sent to 30 production instances across 3 EC2 regions.
-
-
-Designed for automation
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Because they offer the same standard operations regardless of content and infrastructure, Standard Containers, just like their physical counterpart, are extremely well-suited for automation. In fact, you could say automation is their secret weapon.
-
-Many things that once required time-consuming and error-prone human effort can now be programmed. Before shipping containers, a bag of powder coffee was hauled, dragged, dropped, rolled and stacked by 10 different people in 10 different locations by the time it reached its destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The process was slow, inefficient and cost a fortune - and was entirely different depending on the facility and the type of goods.
-
-Similarly, before Standard Containers, by the time a software component ran in production, it had been individually built, configured, bundled, documented, patched, vendored, templated, tweaked and instrumented by 10 different people on 10 different computers. Builds failed, libraries conflicted, mirrors crashed, post-it notes were lost, logs were misplaced, cluster updates were half-broken. The process was slow, inefficient and cost a fortune - and was entirely different depending on the language and infrastructure provider.
-
-
-Industrial-grade delivery
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-There are 17 million shipping containers in existence, packed with every physical good imaginable. Every single one of them can be loaded on the same boats, by the same cranes, in the same facilities, and sent anywhere in the World with incredible efficiency. It is embarrassing to think that a 30 ton shipment of coffee can safely travel half-way across the World in *less time* than it takes a software team to deliver its code from one datacenter to another sitting 10 miles away.
-
-With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.
-
-
-Standard Container Specification
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-(TODO)
-
-Image format
-~~~~~~~~~~~~
-
-Standard operations
-~~~~~~~~~~~~~~~~~~~
-
--  Copy
--  Run
--  Stop
--  Wait
--  Commit
--  Attach standard streams
--  List filesystem changes
--  ...
-
-Execution environment
-~~~~~~~~~~~~~~~~~~~~~
-
-Root filesystem
-^^^^^^^^^^^^^^^
-
-Environment variables
-^^^^^^^^^^^^^^^^^^^^^
-
-Process arguments
-^^^^^^^^^^^^^^^^^
-
-Networking
-^^^^^^^^^^
-
-Process namespacing
-^^^^^^^^^^^^^^^^^^^
-
-Resource limits
-^^^^^^^^^^^^^^^
-
-Process monitoring
-^^^^^^^^^^^^^^^^^^
-
-Logging
-^^^^^^^
-
-Signals
-^^^^^^^
-
-Pseudo-terminal allocation
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Security
-^^^^^^^^
-

docs/sources/concepts/manifesto.rst

@@ -0,0 +1,129 @@
+:title: Manifesto
+:description: An overview of Docker and standard containers
+:keywords: containers, lxc, concepts, explanation
+
+.. _dockermanifesto:
+
+Docker Manifesto
+----------------
+
+Docker complements LXC with a high-level API which operates at the
+process level. It runs unix processes with strong guarantees of
+isolation and repeatability across servers.
+
+Docker is a great building block for automating distributed systems:
+large-scale web deployments, database clusters, continuous deployment
+systems, private PaaS, service-oriented architectures, etc.
+
+- **Heterogeneous payloads** Any combination of binaries, libraries,
+  configuration files, scripts, virtualenvs, jars, gems, tarballs, you
+  name it. No more juggling between domain-specific tools. Docker can
+  deploy and run them all.
+- **Any server** Docker can run on any x64 machine with a modern linux
+  kernel - whether it's a laptop, a bare metal server or a VM. This
+  makes it perfect for multi-cloud deployments.
+- **Isolation** docker isolates processes from each other and from the
+  underlying host, using lightweight containers.
+- **Repeatability** Because containers are isolated in their own
+  filesystem, they behave the same regardless of where, when, and
+  alongside what they run.
+
+.. image:: images/lego_docker.jpg
+   :target: http://bricks.argz.com/ins/7823-1/12
+
+What is a Standard Container?
+.............................
+
+Docker defines a unit of software delivery called a Standard
+Container. The goal of a Standard Container is to encapsulate a
+software component and all its dependencies in a format that is
+self-describing and portable, so that any compliant runtime can run it
+without extra dependency, regardless of the underlying machine and the
+contents of the container.
+
+The spec for Standard Containers is currently work in progress, but it
+is very straightforward. It mostly defines 1) an image format, 2) a
+set of standard operations, and 3) an execution environment.
+
+A great analogy for this is the shipping container. Just like Standard
+Containers are a fundamental unit of software delivery, shipping
+containers are a fundamental unit of physical delivery.
+
+Standard operations
+~~~~~~~~~~~~~~~~~~~
+
+Just like shipping containers, Standard Containers define a set of
+STANDARD OPERATIONS. Shipping containers can be lifted, stacked,
+locked, loaded, unloaded and labelled. Similarly, standard containers
+can be started, stopped, copied, snapshotted, downloaded, uploaded and
+tagged.
+
+
+Content-agnostic
+~~~~~~~~~~~~~~~~~~~
+
+Just like shipping containers, Standard Containers are
+CONTENT-AGNOSTIC: all standard operations have the same effect
+regardless of the contents. A shipping container will be stacked in
+exactly the same way whether it contains Vietnamese powder coffee or
+spare Maserati parts. Similarly, Standard Containers are started or
+uploaded in the same way whether they contain a postgres database, a
+php application with its dependencies and application server, or Java
+build artifacts.
+
+Infrastructure-agnostic
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be
+transported to thousands of facilities around the world, and
+manipulated by a wide variety of equipment. A shipping container can
+be packed in a factory in Ukraine, transported by truck to the nearest
+routing center, stacked onto a train, loaded into a German boat by an
+Australian-built crane, stored in a warehouse at a US facility,
+etc. Similarly, a standard container can be bundled on my laptop,
+uploaded to S3, downloaded, run and snapshotted by a build server at
+Equinix in Virginia, uploaded to 10 staging servers in a home-made
+Openstack cluster, then sent to 30 production instances across 3 EC2
+regions.
+
+
+Designed for automation
+~~~~~~~~~~~~~~~~~~~~~~~
+
+Because they offer the same standard operations regardless of content
+and infrastructure, Standard Containers, just like their physical
+counterpart, are extremely well-suited for automation. In fact, you
+could say automation is their secret weapon.
+
+Many things that once required time-consuming and error-prone human
+effort can now be programmed. Before shipping containers, a bag of
+powder coffee was hauled, dragged, dropped, rolled and stacked by 10
+different people in 10 different locations by the time it reached its
+destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The
+process was slow, inefficient and cost a fortune - and was entirely
+different depending on the facility and the type of goods.
+
+Similarly, before Standard Containers, by the time a software
+component ran in production, it had been individually built,
+configured, bundled, documented, patched, vendored, templated, tweaked
+and instrumented by 10 different people on 10 different
+computers. Builds failed, libraries conflicted, mirrors crashed,
+post-it notes were lost, logs were misplaced, cluster updates were
+half-broken. The process was slow, inefficient and cost a fortune -
+and was entirely different depending on the language and
+infrastructure provider.
+
+Industrial-grade delivery
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+There are 17 million shipping containers in existence, packed with
+every physical good imaginable. Every single one of them can be loaded
+on the same boats, by the same cranes, in the same facilities, and
+sent anywhere in the World with incredible efficiency. It is
+embarrassing to think that a 30 ton shipment of coffee can safely
+travel half-way across the World in *less time* than it takes a
+software team to deliver its code from one datacenter to another
+sitting 10 miles away.
+
+With Standard Containers we can put an end to that embarrassment, by
+making INDUSTRIAL-GRADE DELIVERY of software a reality.

docs/sources/conf.py

@@ -20,6 +20,21 @@ import sys, os
 
 # -- General configuration -----------------------------------------------------
 
+
+
+# Additional templates that should be rendered to pages, maps page names to
+# template names.
+# the 'redirect_home.html' page redirects using a http meta refresh which, according
+# to official sources is more or less equivalent of a 301.
+
+html_additional_pages = {
+    'concepts/containers': 'redirect_home.html',
+    'concepts/introduction': 'redirect_home.html',
+    'builder/basics': 'redirect_build.html',
+    }
+
+
+
 # If your documentation needs a minimal Sphinx version, state it here.
 #needs_sphinx = '1.0'
 
@@ -120,7 +135,11 @@ html_theme_path = ['../theme']
 # The name of an image file (within the static path) to use as favicon of the
 # docs.  This file should be a Windows icon file (.ico) being 16x16 or 32x32
 # pixels large.
-#html_favicon = None
+
+# We use a png favicon. This is not compatible with internet explorer, but looks
+# much better on all other browsers. However, sphynx doesn't like it (it likes
+# .ico better) so we have just put it in the template rather than used this setting
+# html_favicon = 'favicon.png'
 
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
@@ -138,10 +157,6 @@ html_static_path = ['static_files']
 # Custom sidebar templates, maps document names to template names.
 #html_sidebars = {}
 
-# Additional templates that should be rendered to pages, maps page names to
-# template names.
-#html_additional_pages = {}
-
 # If false, no module index is generated.
 #html_domain_indices = True
 

docs/sources/contributing/contributing.rst

@@ -5,5 +5,5 @@
 Contributing to Docker
 ======================
 
-Want to hack on Docker? Awesome! The repository includes `all the instructions you need to get started <https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md>`.
+Want to hack on Docker? Awesome! The repository includes `all the instructions you need to get started <https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md>`_.
 

docs/sources/contributing/devenvironment.rst

@@ -5,29 +5,54 @@
 Setting Up a Dev Environment
 ============================
 
-Instructions that have been verified to work on Ubuntu 12.10,
+To make it easier to contribute to Docker, we provide a standard development environment. It is important that
+the same environment be used for all tests, builds and releases. The standard development environment defines
+all build dependencies: system libraries and binaries, go environment, go dependencies, etc.
 
-.. code-block:: bash
 
-    sudo apt-get -y install lxc wget bsdtar curl golang git
+Step 1: install docker
+----------------------
 
-    export GOPATH=~/go/
-    export PATH=$GOPATH/bin:$PATH
+Docker's build environment itself is a docker container, so the first step is to install docker on your system.
 
-    mkdir -p $GOPATH/src/github.com/dotcloud
-    cd $GOPATH/src/github.com/dotcloud
-    git clone git://github.com/dotcloud/docker.git
+You can follow the `install instructions most relevant to your system <https://docs.docker.io/en/latest/installation/>`.
+Make sure you have a working, up-to-date docker installation, then continue to the next step.
+
+
+Step 2: check out the source
+----------------------------
+
+::
+
+    git clone http://git@github.com/dotcloud/docker
     cd docker
 
-    go get -v github.com/dotcloud/docker/...
-    go install -v github.com/dotcloud/docker/...
+
+Step 3: build
+-------------
+
+When you are ready to build docker, run this command:
+
+::
+
+    docker build -t docker .
+
+This will build the revision currently checked out in the repository. Feel free to check out the version
+of your choice.
+
+If the build is successful, congratulations! You have produced a clean build of docker, neatly encapsulated
+in a standard build environment.
+
+You can run an interactive session in the newly built container:
+
+::
+
+    docker run -i -t docker bash
 
 
-Then run the docker daemon,
+To extract the binaries from the container:
 
-.. code-block:: bash
+::
 
-    sudo $GOPATH/bin/docker -d
+    docker run docker sh -c 'cat $(which docker)' > docker-build && chmod +x docker-build
 
-
-Run the ``go install`` command (above) to recompile docker.

docs/sources/examples/couchdb_data_volumes.rst

@@ -39,7 +39,7 @@ This time, we're requesting shared access to $COUCH1's volumes.
 
 .. code-block:: bash
 
-    COUCH2=$(docker run -d -volumes-from $COUCH1) shykes/couchdb:2013-05-03)
+    COUCH2=$(docker run -d -volumes-from $COUCH1 shykes/couchdb:2013-05-03)
 
 Browse data on the second database
 ----------------------------------
@@ -48,6 +48,6 @@ Browse data on the second database
 
     HOST=localhost
     URL="http://$HOST:$(docker port $COUCH2 5984)/_utils/"
-    echo "Navigate to $URL in your browser. You should see the same data as in the first database!"
+    echo "Navigate to $URL in your browser. You should see the same data as in the first database"'!'
 
 Congratulations, you are running 2 Couchdb containers, completely isolated from each other *except* for their data.

docs/sources/examples/running_redis_service.rst

@@ -72,7 +72,7 @@ Connect to the host os with the redis-cli.
 
     docker ps  # grab the new container id
     docker port <container_id> 6379  # grab the external port
-    ifconfig   # grab the host ip address
+    ip addr show   # grab the host ip address
     redis-cli -h <host ipaddress> -p <external port>
     redis 192.168.0.1:49153> set docker awesome
     OK

docs/sources/examples/running_ssh_service.rst

@@ -59,6 +59,7 @@ The password is 'screencast'
 	 # it has now given us a port to connect to
 	 # we have to connect using a public ip of our host
 	 $ hostname
+	 # *ifconfig* is deprecated, better use *ip addr show* now
 	 $ ifconfig
 	 $ ssh root@192.168.33.10 -p 49153
 	 # Ah! forgot to set root passwd
@@ -70,6 +71,7 @@ The password is 'screencast'
 	 $ docker commit 9e863f0ca0af31c8b951048ba87641d67c382d08d655c2e4879c51410e0fedc1 dhrp/sshd
 	 $ docker run -d -p 22 dhrp/sshd /usr/sbin/sshd -D
 	 $ docker port a0aaa9558c90cf5c7782648df904a82365ebacce523e4acc085ac1213bfe2206 22
+	 # *ifconfig* is deprecated, better use *ip addr show* now
 	 $ ifconfig
 	 $ ssh root@192.168.33.10 -p 49154
 	 # Thanks for watching, Thatcher thatcher@dotcloud.com

docs/sources/faq.rst

@@ -19,7 +19,8 @@ Most frequently asked questions.
 
 3. **Does Docker run on Mac OS X or Windows?**
 
-   Not at this time, Docker currently only runs on Linux, but you can use VirtualBox to run Docker in a virtual machine on your box, and get the best of both worlds. Check out the MacOSX_ and Windows_ installation guides.
+   Not at this time, Docker currently only runs on Linux, but you can use VirtualBox to run Docker in a
+   virtual machine on your box, and get the best of both worlds. Check out the :ref:`install_using_vagrant` and :ref:`windows` installation guides.
 
 4. **How do containers compare to virtual machines?**
 
@@ -34,15 +35,16 @@ Most frequently asked questions.
 
     You can find more answers on:
 
-    * `IRC: docker on freenode`_
+    * `Docker club mailinglist`_
+    * `IRC, docker on freenode`_
     * `Github`_
     * `Ask questions on Stackoverflow`_
     * `Join the conversation on Twitter`_
 
-    .. _Windows: ../installation/windows/
-    .. _MacOSX: ../installation/vagrant/
+
+    .. _Docker club mailinglist: https://groups.google.com/d/forum/docker-club
     .. _the repo: http://www.github.com/dotcloud/docker
-    .. _IRC\: docker on freenode: irc://chat.freenode.net#docker
+    .. _IRC, docker on freenode: irc://chat.freenode.net#docker
     .. _Github: http://www.github.com/dotcloud/docker
     .. _Ask questions on Stackoverflow: http://stackoverflow.com/search?q=docker
     .. _Join the conversation on Twitter: http://twitter.com/getdocker

docs/sources/index.rst

@@ -1,127 +1,36 @@
-:title: Introduction
-:description: An introduction to docker and standard containers?
+:title: Welcome to the Docker Documentation
+:description: An overview of the Docker Documentation
 :keywords: containers, lxc, concepts, explanation
 
-.. _introduction:
+Welcome
+=======
 
-Introduction
-============
+.. image:: concepts/images/dockerlogo-h.png
 
-Docker -- The Linux container runtime
--------------------------------------
+``docker``, the Linux Container Runtime, runs Unix processes with
+strong guarantees of isolation across servers. Your software runs
+repeatably everywhere because its :ref:`container_def` includes any
+dependencies.
 
-Docker complements LXC with a high-level API which operates at the process level. It runs unix processes with strong guarantees of isolation and repeatability across servers.
+``docker`` runs three ways:
 
-Docker is a great building block for automating distributed systems: large-scale web deployments, database clusters, continuous deployment systems, private PaaS, service-oriented architectures, etc.
+* as a daemon to manage LXC containers on your :ref:`Linux host
+  <kernel>` (``sudo docker -d``)
+* as a :ref:`CLI <cli>` which talks to the daemon's `REST API
+  <api/docker_remote_api>`_ (``docker run ...``)
+* as a client of :ref:`Repositories <working_with_the_repository>`
+  that let you share what you've built (``docker pull, docker
+  commit``).
 
+Each use of ``docker`` is documented here. The features of Docker are
+currently in active development, so this documention will change
+frequently.
 
-- **Heterogeneous payloads** Any combination of binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, you name it. No more juggling between domain-specific tools. Docker can deploy and run them all.
-- **Any server** Docker can run on any x64 machine with a modern linux kernel - whether it's a laptop, a bare metal server or a VM. This makes it perfect for multi-cloud deployments.
-- **Isolation** docker isolates processes from each other and from the underlying host, using lightweight containers.
-- **Repeatability** Because containers are isolated in their own filesystem, they behave the same regardless of where, when, and alongside what they run.
-
-.. image:: concepts/images/lego_docker.jpg
-
-
-What is a Standard Container?
------------------------------
-
-Docker defines a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in
-a format that is self-describing and portable, so that any compliant runtime can run it without extra dependency, regardless of the underlying machine and the contents of the container.
-
-The spec for Standard Containers is currently work in progress, but it is very straightforward. It mostly defines 1) an image format, 2) a set of standard operations, and 3) an execution environment.
-
-A great analogy for this is the shipping container. Just like Standard Containers are a fundamental unit of software delivery, shipping containers (http://bricks.argz.com/ins/7823-1/12) are a fundamental unit of physical delivery.
-
-Standard operations
-~~~~~~~~~~~~~~~~~~~
-
-Just like shipping containers, Standard Containers define a set of STANDARD OPERATIONS. Shipping containers can be lifted, stacked, locked, loaded, unloaded and labelled. Similarly, standard containers can be started, stopped, copied, snapshotted, downloaded, uploaded and tagged.
-
-
-Content-agnostic
-~~~~~~~~~~~~~~~~~~~
-
-Just like shipping containers, Standard Containers are CONTENT-AGNOSTIC: all standard operations have the same effect regardless of the contents. A shipping container will be stacked in exactly the same way whether it contains Vietnamese powder coffee or spare Maserati parts. Similarly, Standard Containers are started or uploaded in the same way whether they contain a postgres database, a php application with its dependencies and application server, or Java build artifacts.
-
-
-Infrastructure-agnostic
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be transported to thousands of facilities around the world, and manipulated by a wide variety of equipment. A shipping container can be packed in a factory in Ukraine, transported by truck to the nearest routing center, stacked onto a train, loaded into a German boat by an Australian-built crane, stored in a warehouse at a US facility, etc. Similarly, a standard container can be bundled on my laptop, uploaded to S3, downloaded, run and snapshotted by a build server at Equinix in Virginia, uploaded to 10 staging servers in a home-made Openstack cluster, then sent to 30 production instances across 3 EC2 regions.
-
-
-Designed for automation
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Because they offer the same standard operations regardless of content and infrastructure, Standard Containers, just like their physical counterpart, are extremely well-suited for automation. In fact, you could say automation is their secret weapon.
-
-Many things that once required time-consuming and error-prone human effort can now be programmed. Before shipping containers, a bag of powder coffee was hauled, dragged, dropped, rolled and stacked by 10 different people in 10 different locations by the time it reached its destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The process was slow, inefficient and cost a fortune - and was entirely different depending on the facility and the type of goods.
-
-Similarly, before Standard Containers, by the time a software component ran in production, it had been individually built, configured, bundled, documented, patched, vendored, templated, tweaked and instrumented by 10 different people on 10 different computers. Builds failed, libraries conflicted, mirrors crashed, post-it notes were lost, logs were misplaced, cluster updates were half-broken. The process was slow, inefficient and cost a fortune - and was entirely different depending on the language and infrastructure provider.
-
-
-Industrial-grade delivery
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-There are 17 million shipping containers in existence, packed with every physical good imaginable. Every single one of them can be loaded on the same boats, by the same cranes, in the same facilities, and sent anywhere in the World with incredible efficiency. It is embarrassing to think that a 30 ton shipment of coffee can safely travel half-way across the World in *less time* than it takes a software team to deliver its code from one datacenter to another sitting 10 miles away.
-
-With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.
-
-
-Standard Container Specification
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-(TODO)
-
-Image format
-~~~~~~~~~~~~
-
-Standard operations
-~~~~~~~~~~~~~~~~~~~
-
--  Copy
--  Run
--  Stop
--  Wait
--  Commit
--  Attach standard streams
--  List filesystem changes
--  ...
-
-Execution environment
-~~~~~~~~~~~~~~~~~~~~~
-
-Root filesystem
-^^^^^^^^^^^^^^^
-
-Environment variables
-^^^^^^^^^^^^^^^^^^^^^
-
-Process arguments
-^^^^^^^^^^^^^^^^^
-
-Networking
-^^^^^^^^^^
-
-Process namespacing
-^^^^^^^^^^^^^^^^^^^
-
-Resource limits
-^^^^^^^^^^^^^^^
-
-Process monitoring
-^^^^^^^^^^^^^^^^^^
-
-Logging
-^^^^^^^
-
-Signals
-^^^^^^^
-
-Pseudo-terminal allocation
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Security
-^^^^^^^^
+For an overview of Docker, please see the `Introduction
+<http://www.docker.io>`_. When you're ready to start working with
+Docker, we have a `quick start <http://www.docker.io/gettingstarted>`_
+and a more in-depth guide to :ref:`ubuntu_linux` and other
+:ref:`installation_list` paths including prebuilt binaries,
+Vagrant-created VMs, Rackspace and Amazon instances.
 
+Enough reading! :ref:`Try it out! <running_examples>`

docs/sources/index/variable.rst

@@ -1,27 +0,0 @@
-:title: Index Environment Variable
-:description: Setting this environment variable on the docker server will change the URL docker index.
-:keywords: docker, index environment variable, documentation 
-
-=================================
-Docker Index Environment Variable
-=================================
-
-Variable
---------
-
-.. code-block:: sh
-
-    DOCKER_INDEX_URL
-
-Setting this environment variable on the docker server will change the URL docker index.
-This address is used in commands such as ``docker login``, ``docker push`` and ``docker pull``.
-The docker daemon doesn't need to be restarted for this parameter to take effect.
-
-Example
--------
-
-.. code-block:: sh
-
-    docker -d &
-    export DOCKER_INDEX_URL="https://index.docker.io"
-

docs/sources/installation/binaries.rst

@@ -30,8 +30,7 @@ Dependencies:
 * 3.8 Kernel (read more about :ref:`kernel`)
 * AUFS filesystem support
 * lxc
-* bsdtar
-
+* xz-utils
 
 Get the docker binary:
 ----------------------

docs/sources/installation/index.rst

@@ -1,12 +1,17 @@
-:title: Documentation
-:description: -- todo: change me
-:keywords: todo, docker, documentation, installation, OS support
-
+:title: Docker Installation
+:description: many ways to install Docker
+:keywords: docker, installation
 
+.. _installation_list:
 
 Installation
 ============
 
+There are a number of ways to install Docker, depending on where you
+want to run the daemon. The :ref:`ubuntu_linux` installation is the
+officially-tested version, and the community adds more techniques for
+installing Docker all the time.
+
 Contents:
 
 .. toctree::

docs/sources/installation/kernel.rst

@@ -100,7 +100,7 @@ Memory and Swap Accounting on Debian/Ubuntu
 If you use Debian or Ubuntu kernels, and want to enable memory and swap
 accounting, you must add the following command-line parameters to your kernel::
 
-    cgroup_enable=memory swapaccount
+    cgroup_enable=memory swapaccount=1
 
 On Debian or Ubuntu systems, if you use the default GRUB bootloader, you can
 add those parameters by editing ``/etc/default/grub`` and extending
@@ -110,6 +110,6 @@ add those parameters by editing ``/etc/default/grub`` and extending
 
 And replace it by the following one::
 
-    GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount"
+    GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
 
 Then run ``update-grub``, and reboot.

docs/sources/installation/ubuntulinux.rst

@@ -92,6 +92,16 @@ have AUFS filesystem support enabled, so we need to install it.
    sudo apt-get update
    sudo apt-get install linux-image-extra-`uname -r`
 
+**add-apt-repository support**
+
+Some installations of Ubuntu 13.04 require ``software-properties-common`` to be
+installed before being able to use add-apt-repository.
+
+.. code-block:: bash
+
+  sudo apt-get install software-properties-common
+
+
 Installation
 ------------
 

docs/sources/installation/windows.rst

@@ -2,6 +2,7 @@
 :description: Docker's tutorial to run docker on Windows
 :keywords: Docker, Docker documentation, Windows, requirements, virtualbox, vagrant, git, ssh, putty, cygwin
 
+.. _windows:
 
 Using Vagrant (Windows)
 =======================

docs/sources/terms/container.rst

@@ -0,0 +1,40 @@
+:title: Container
+:description: Definitions of a container
+:keywords: containers, lxc, concepts, explanation, image, container
+
+.. _container_def:
+
+Container
+=========
+
+.. image:: images/docker-filesystems-busyboxrw.png
+
+Once you start a process in Docker from an :ref:`image_def`, Docker
+fetches the image and its :ref:`parent_image_def`, and repeats the
+process until it reaches the :ref:`base_image_def`. Then the
+:ref:`ufs_def` adds a read-write layer on top. That read-write layer,
+plus the information about its :ref:`parent_image_def` and some
+additional information like its unique id, networking configuration,
+and resource limits is called a **container**.
+
+.. _container_state_def:
+
+Container State
+...............
+
+Containers can change, and so they have state. A container may be
+**running** or **exited**. 
+
+When a container is running, the idea of a "container" also includes a
+tree of processes running on the CPU, isolated from the other
+processes running on the host.
+
+When the container is exited, the state of the file system and
+its exit value is preserved. You can start, stop, and restart a
+container. The processes restart from scratch (their memory state is
+**not** preserved in a container), but the file system is just as it
+was when the container was stopped.
+
+You can promote a container to an :ref:`image_def` with ``docker
+commit``. Once a container is an image, you can use it as a parent for
+new containers.

docs/sources/terms/filesystem.rst

@@ -0,0 +1,38 @@
+:title: File Systems
+:description: How Linux organizes its persistent storage
+:keywords: containers, files, linux
+
+.. _filesystem_def:
+
+File System
+===========
+
+.. image:: images/docker-filesystems-generic.png
+
+In order for a Linux system to run, it typically needs two `file
+systems <http://en.wikipedia.org/wiki/Filesystem>`_:
+
+1. boot file system (bootfs)
+2. root file system (rootfs)
+
+The **boot file system** contains the bootloader and the kernel. The
+user never makes any changes to the boot file system. In fact, soon
+after the boot process is complete, the entire kernel is in memory,
+and the boot file system is unmounted to free up the RAM associated
+with the initrd disk image.
+
+
+The **root file system** includes the typical directory structure we
+associate with Unix-like operating systems: ``/dev, /proc, /bin, /etc,
+/lib, /usr,`` and ``/tmp`` plus all the configuration files, binaries
+and libraries required to run user applications (like bash, ls, and so
+forth). 
+
+While there can be important kernel differences between different
+Linux distributions, the contents and organization of the root file
+system are usually what make your software packages dependent on one
+distribution versus another. Docker can help solve this problem by
+running multiple distributions at the same time.
+
+.. image:: images/docker-filesystems-multiroot.png
+

docs/sources/terms/image.rst

@@ -0,0 +1,38 @@
+:title: Images
+:description: Definition of an image
+:keywords: containers, lxc, concepts, explanation, image, container
+
+.. _image_def:
+
+Image
+=====
+
+.. image:: images/docker-filesystems-debian.png
+
+In Docker terminology, a read-only :ref:`layer_def` is called an
+**image**. An image never changes. 
+
+Since Docker uses a :ref:`ufs_def`, the processes think the whole file
+system is mounted read-write. But all the changes go to the top-most
+writeable layer, and underneath, the original file in the read-only
+image is unchanged. Since images don't change, images do not have state.
+
+.. image:: images/docker-filesystems-debianrw.png
+
+.. _parent_image_def:
+
+Parent Image
+............
+
+.. image:: images/docker-filesystems-multilayer.png
+
+Each image may depend on one more image which forms the layer beneath
+it. We sometimes say that the lower image is the **parent** of the
+upper image.
+
+.. _base_image_def:
+
+Base Image
+..........
+
+An image that has no parent is a **base image**.

docs/sources/terms/index.rst

@@ -0,0 +1,22 @@
+:title: Glossary
+:description: Definitions of terms used in Docker documentation
+:keywords: concepts, documentation, docker, containers
+
+
+
+Glossary
+========
+
+Definitions of terms used in Docker documentation.
+
+Contents:
+
+.. toctree::
+   :maxdepth: 1
+
+   filesystem
+   layer
+   image
+   container
+
+

docs/sources/terms/layer.rst

@@ -0,0 +1,40 @@
+:title: Layers
+:description: Organizing the Docker Root File System
+:keywords: containers, lxc, concepts, explanation, image, container
+
+Layers
+======
+
+In a traditional Linux boot, the kernel first mounts the root
+:ref:`filesystem_def` as read-only, checks its integrity, and then
+switches the whole rootfs volume to read-write mode.
+
+.. _layer_def:
+
+Layer
+.....
+
+When Docker mounts the rootfs, it starts read-only, as in a tradtional
+Linux boot, but then, instead of changing the file system to
+read-write mode, it takes advantage of a `union mount
+<http://en.wikipedia.org/wiki/Union_mount>`_ to add a read-write file
+system *over* the read-only file system. In fact there may be multiple
+read-only file systems stacked on top of each other. We think of each
+one of these file systems as a **layer**.
+
+.. image:: images/docker-filesystems-multilayer.png
+
+At first, the top read-write layer has nothing in it, but any time a
+process creates a file, this happens in the top layer. And if
+something needs to update an existing file in a lower layer, then the
+file gets copied to the upper layer and changes go into the copy. The
+version of the file on the lower layer cannot be seen by the
+applications anymore, but it is there, unchanged.
+
+.. _ufs_def:
+
+Union File System
+.................
+
+We call the union of the read-write layer and all the read-only layers
+a **union file system**.

docs/sources/toctree.rst

@@ -17,6 +17,8 @@ This documentation has the following resources:
    commandline/index
    contributing/index
    api/index
+   terms/index
    faq
 
-.. image:: concepts/images/lego_docker.jpg
+
+

docs/sources/use/basics.rst

@@ -33,19 +33,39 @@ Running an interactive shell
   # allocate a tty, attach stdin and stdout
   docker run -i -t base /bin/bash
 
-Bind Docker to another host/port
---------------------------------
+Bind Docker to another host/port or a unix socket
+-------------------------------------------------
 
-If you want Docker to listen to another port and bind to another ip
-use -host and -port on both deamon and client
+With -H it is possible to make the Docker daemon to listen on a specific ip and port. By default, it will listen on 127.0.0.1:4243 to allow only local connections but you can set it to 0.0.0.0:4243 or a specific host ip to give access to everybody.
+
+Similarly, the Docker client can use -H to connect to a custom port.
+
+-H accepts host and port assignment in the following format: tcp://[host][:port] or unix://path
+For example:
+
+* tcp://host -> tcp connection on host:4243
+* tcp://host:port -> tcp connection on host:port
+* tcp://:port -> tcp connection on 127.0.0.1:port
+* unix://path/to/socket -> unix socket located at path/to/socket
 
 .. code-block:: bash
 
    # Run docker in daemon mode
-   sudo <path to>/docker -H 0.0.0.0:5555 &
+   sudo <path to>/docker -H 0.0.0.0:5555 -d &
    # Download a base image
    docker -H :5555 pull base
 
+You can use multiple -H, for example, if you want to listen
+on both tcp and a unix socket
+
+.. code-block:: bash
+
+   # Run docker in daemon mode
+   sudo <path to>/docker -H tcp://127.0.0.1:4243 -H unix:///var/run/docker.sock -d &
+   # Download a base image
+   docker pull base
+   # OR
+   docker -H unix:///var/run/docker.sock pull base
 
 Starting a long-running worker process
 --------------------------------------
@@ -82,7 +102,8 @@ Expose a service on a TCP port
 
   # Connect to the public port via the host's public address
   # Please note that because of how routing works connecting to localhost or 127.0.0.1 $PORT will not work.
-  IP=$(ifconfig eth0 | perl -n -e 'if (m/inet addr:([\d\.]+)/g) { print $1 }')
+  # Replace *eth0* according to your local interface name.
+  IP=$(ip -o -4 addr list eth0 | perl -n -e 'if (m{inet\s([\d\.]+)\/\d+\s}xms) { print $1 }')
   echo hello world | nc $IP $PORT
 
   # Verify that the network connection worked

docs/sources/use/builder.rst

@@ -1,26 +1,36 @@
-:title: Docker Builder
-:description: Docker Builder specifes a simple DSL which allows you to automate the steps you would normally manually take to create an image.
-:keywords: builder, docker, Docker Builder, automation, image creation
+:title: Dockerfiles for Images
+:description: Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image.
+:keywords: builder, docker, Dockerfile, automation, image creation
 
-==============
-Docker Builder
-==============
+==================
+Dockerfile Builder
+==================
+
+**Docker can act as a builder** and read instructions from a text
+Dockerfile to automate the steps you would otherwise make manually to
+create an image. Executing ``docker build`` will run your steps and
+commit them along the way, giving you a final image.
 
 .. contents:: Table of Contents
 
-Docker Builder specifes a simple DSL which allows you to automate the steps you
-would normally manually take to create an image. Docker Build will run your 
-steps and commit them along the way, giving you a final image.
-
 1. Usage
 ========
 
-To use Docker Builder, assemble the steps into a text file (commonly referred to
-as a Dockerfile) and supply this to `docker build` on STDIN, like so:
+To build an image from a source repository, create a description file
+called ``Dockerfile`` at the root of your repository. This file will
+describe the steps to assemble the image.
 
-    ``docker build < Dockerfile``
+Then call ``docker build`` with the path of your source repository as
+argument:
 
-Docker will run your steps one-by-one, committing the result if necessary, 
+    ``docker build .``
+
+You can specify a repository and tag at which to save the new image if the
+build succeeds:
+
+    ``docker build -t shykes/myapp .``
+
+Docker will run your steps one-by-one, committing the result if necessary,
 before finally outputting the ID of your new image.
 
 2. Format
@@ -28,113 +38,172 @@ before finally outputting the ID of your new image.
 
 The Dockerfile format is quite simple:
 
-    ``instruction arguments``
+::
 
-The Instruction is not case-sensitive, however convention is for them to be 
+    # Comment
+    INSTRUCTION arguments
+
+The Instruction is not case-sensitive, however convention is for them to be
 UPPERCASE in order to distinguish them from arguments more easily.
 
-Dockerfiles are evaluated in order, therefore the first instruction must be 
-`FROM` in order to specify the base image from which you are building.
+Docker evaluates the instructions in a Dockerfile in order. **The first
+instruction must be `FROM`** in order to specify the base image from
+which you are building.
 
-Docker will ignore lines in Dockerfiles prefixed with "`#`", so you may add 
-comment lines. A comment marker in the rest of the line will be treated as an
-argument.
+Docker will ignore **comment lines** *beginning* with ``#``. A comment
+marker anywhere in the rest of the line will be treated as an argument.
 
-2. Instructions
+3. Instructions
 ===============
 
-Docker builder comes with a set of instructions, described below.
+Here is the set of instructions you can use in a ``Dockerfile`` for
+building images.
 
-2.1 FROM
+3.1 FROM
 --------
 
     ``FROM <image>``
 
-The `FROM` instruction sets the base image for subsequent instructions. As such,
-a valid Dockerfile must have it as its first instruction.
+The ``FROM`` instruction sets the :ref:`base_image_def` for subsequent
+instructions. As such, a valid Dockerfile must have ``FROM`` as its
+first instruction.
 
-`FROM` can be included multiple times within a single Dockerfile in order to 
-create multiple images. Simply make a note of the last image id output by the 
-commit before each new `FROM` command.
+``FROM`` must be the first non-comment instruction in the
+``Dockerfile``.
 
-2.2 MAINTAINER
+``FROM`` can appear multiple times within a single Dockerfile in order
+to create multiple images. Simply make a note of the last image id
+output by the commit before each new ``FROM`` command.
+
+3.2 MAINTAINER
 --------------
 
     ``MAINTAINER <name>``
 
-The `MAINTAINER` instruction allows you to set the Author field of the generated 
-images.
+The ``MAINTAINER`` instruction allows you to set the *Author* field of
+the generated images.
 
-2.3 RUN
+3.3 RUN
 -------
 
     ``RUN <command>``
 
-The `RUN` instruction will execute any commands on the current image and commit
-the results. The resulting committed image will be used for the next step in the
-Dockerfile.
+The ``RUN`` instruction will execute any commands on the current image
+and commit the results. The resulting committed image will be used for
+the next step in the Dockerfile.
 
-Layering `RUN` instructions and generating commits conforms to the
-core concepts of Docker where commits are cheap and containers can be created
-from any point in an image's history, much like source control.
+Layering ``RUN`` instructions and generating commits conforms to the
+core concepts of Docker where commits are cheap and containers can be
+created from any point in an image's history, much like source
+control.
 
-2.4 CMD
+3.4 CMD
 -------
 
     ``CMD <command>``
 
-The `CMD` instruction sets the command to be executed when running the image.
-This is functionally equivalent to running 
-`docker commit -run '{"Cmd": <command>}'` outside the builder.
+The ``CMD`` instruction sets the command to be executed when running
+the image.  This is functionally equivalent to running ``docker commit
+-run '{"Cmd": <command>}'`` outside the builder.
 
 .. note::
-    Don't confuse `RUN` with `CMD`. `RUN` actually runs a command and commits 
-    the result; `CMD` does not execute anything at build time, but specifies the
-    intended command for the image.
+    Don't confuse `RUN` with `CMD`. `RUN` actually runs a
+    command and commits the result; `CMD` does not execute anything at
+    build time, but specifies the intended command for the image.
 
-2.5 EXPOSE
+3.5 EXPOSE
 ----------
 
     ``EXPOSE <port> [<port>...]``
 
-The `EXPOSE` instruction sets ports to be publicly exposed when running the 
-image. This is functionally equivalent to running 
-`docker commit -run '{"PortSpecs": ["<port>", "<port2>"]}'` outside the builder.
+The ``EXPOSE`` instruction sets ports to be publicly exposed when
+running the image. This is functionally equivalent to running ``docker
+commit -run '{"PortSpecs": ["<port>", "<port2>"]}'`` outside the
+builder.
 
-2.6 ENV
+3.6 ENV
 -------
 
     ``ENV <key> <value>``
 
-The `ENV` instruction sets the environment variable `<key>` to the value 
-`<value>`. This value will be passed to all future ``RUN`` instructions. This is
-functionally equivalent to prefixing the command with `<key>=<value>`
+The ``ENV`` instruction sets the environment variable ``<key>`` to the
+value ``<value>``. This value will be passed to all future ``RUN``
+instructions. This is functionally equivalent to prefixing the command
+with ``<key>=<value>``
 
 .. note::
-    The environment variables will persist when a container is run from the resulting image.
+    The environment variables will persist when a container is run
+    from the resulting image.
 
-2.7 INSERT
-----------
-
-    ``INSERT <file url> <path>``
-
-The `INSERT` instruction will download the file from the given url to the given
-path within the image. It is similar to `RUN curl -o <path> <url>`, assuming 
-curl was installed within the image.
-
-.. note::
-    The path must include the file name.
-
-2.8 ADD
+3.7 ADD
 -------
 
     ``ADD <src> <dest>``
 
-The `ADD` instruction will insert the files from the `<src>` path of the context into `<dest>` path 
-of the container.
-The context must be set in order to use this instruction. (see examples)
+The ``ADD`` instruction will copy new files from <src> and add them to
+the container's filesystem at path ``<dest>``.
 
-3. Dockerfile Examples
+``<src>`` must be the path to a file or directory relative to the
+source directory being built (also called the *context* of the build) or
+a remote file URL.
+
+``<dest>`` is the path at which the source will be copied in the
+destination container.
+
+The copy obeys the following rules:
+
+* If ``<src>`` is a URL and ``<dest>`` does not end with a trailing slash,
+  then a file is downloaded from the URL and copied to ``<dest>``.
+* If ``<src>`` is a URL and ``<dest>`` does end with a trailing slash,
+  then the filename is inferred from the URL and the file is downloaded to
+  ``<dest>/<filename>``. For instance, ``ADD http://example.com/foobar /``
+  would create the file ``/foobar``. The URL must have a nontrivial path
+  so that an appropriate filename can be discovered in this case
+  (``http://example.com`` will not work).
+* If ``<src>`` is a directory, the entire directory is copied,
+  including filesystem metadata.
+* If ``<src>``` is a tar archive in a recognized compression format
+  (identity, gzip, bzip2 or xz), it is unpacked as a directory.
+
+  When a directory is copied or unpacked, it has the same behavior as
+  ``tar -x``: the result is the union of
+
+  1. whatever existed at the destination path and
+  2. the contents of the source tree,
+
+  with conflicts resolved in favor of 2) on a file-by-file basis.
+
+* If ``<src>`` is any other kind of file, it is copied individually
+  along with its metadata. In this case, if ``<dst>`` ends with a
+  trailing slash ``/``, it will be considered a directory and the
+  contents of ``<src>`` will be written at ``<dst>/base(<src>)``.
+* If ``<dst>`` does not end with a trailing slash, it will be
+  considered a regular file and the contents of ``<src>`` will be
+  written at ``<dst>``.
+* If ``<dest>`` doesn't exist, it is created along with all missing
+  directories in its path. All new files and directories are created
+  with mode 0700, uid and gid 0.
+
+3.8 ENTRYPOINT
+--------------
+
+    ``ENTRYPOINT ["/bin/echo"]``
+
+The ``ENTRYPOINT`` instruction adds an entry command that will not be
+overwritten when arguments are passed to docker run, unlike the
+behavior of ``CMD``.  This allows arguments to be passed to the
+entrypoint.  i.e. ``docker run <image> -d`` will pass the "-d" argument
+to the entrypoint.
+
+3.9 VOLUME
+----------
+
+    ``VOLUME ["/data"]``
+
+The ``VOLUME`` instruction will add one or more new volumes to any
+container created from the image.
+
+4. Dockerfile Examples
 ======================
 
 .. code-block:: bash
@@ -142,28 +211,27 @@ The context must be set in order to use this instruction. (see examples)
     # Nginx
     #
     # VERSION               0.0.1
-    
+
     FROM      ubuntu
     MAINTAINER Guillaume J. Charmes "guillaume@dotcloud.com"
-    
+
     # make sure the package repository is up to date
     RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
     RUN apt-get update
-    
+
     RUN apt-get install -y inotify-tools nginx apache2 openssh-server
-    INSERT https://raw.github.com/creack/docker-vps/master/nginx-wrapper.sh /usr/sbin/nginx-wrapper
 
 .. code-block:: bash
 
     # Firefox over VNC
     #
     # VERSION               0.3
-    
+
     FROM ubuntu
     # make sure the package repository is up to date
     RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
     RUN apt-get update
-    
+
     # Install vnc, xvfb in order to create a 'fake' display and firefox
     RUN apt-get install -y x11vnc xvfb firefox
     RUN mkdir /.vnc
@@ -171,7 +239,7 @@ The context must be set in order to use this instruction. (see examples)
     RUN x11vnc -storepasswd 1234 ~/.vnc/passwd
     # Autostart firefox (might not be the best way, but it does the trick)
     RUN bash -c 'echo "firefox" >> /.bashrc'
-    
+
     EXPOSE 5900
     CMD    ["x11vnc", "-forever", "-usepw", "-create"]
 

docs/sources/use/index.rst

@@ -14,6 +14,7 @@ Contents:
 
    basics
    workingwithrepository
+   port_redirection
    builder
    puppet
 

docs/sources/use/port_redirection.rst

@@ -0,0 +1,25 @@
+:title: Port redirection
+:description: usage about port redirection
+:keywords: Usage, basic port, docker, documentation, examples
+
+
+Port redirection
+================
+
+Docker can redirect public tcp ports to your container, so it can be reached over the network.
+Port redirection is done on ``docker run`` using the -p flag.
+
+A port redirect is specified as PUBLIC:PRIVATE, where tcp port PUBLIC will be redirected to
+tcp port PRIVATE. As a special case, the public port can be omitted, in which case a random
+public port will be allocated.
+
+.. code-block:: bash
+
+    # A random PUBLIC port is redirected to PRIVATE port 80 on the container
+    docker run -p 80 <image> <cmd>
+
+    # PUBLIC port 80 is redirected to PRIVATE port 80
+    docker run -p 80:80 <image> <cmd>
+
+
+Default port redirects can be built into a container with the EXPOSE build command.

docs/sources/use/workingwithrepository.rst

@@ -1,27 +1,75 @@
 :title: Working With Repositories
-:description: Generally, there are two types of repositories: Top-level repositories which are controlled by the people behind Docker, and user repositories.
+:description: Repositories allow users to share images.
 :keywords: repo, repositiores, usage, pull image, push image, image, documentation
 
 .. _working_with_the_repository:
 
-Working with the Repository
-===========================
+Working with Repositories
+=========================
 
+A *repository* is a hosted collection of tagged :ref:`images
+<image_def>` that together create the file system for a container. The
+repository's name is a tag that indicates the provenance of the
+repository, i.e. who created it and where the original copy is
+located.
 
-Top-level repositories and user repositories
---------------------------------------------
+You can find one or more repositories hosted on a *registry*. There
+can be an implicit or explicit host name as part of the repository
+tag. The implicit registry is located at ``index.docker.io``, the home
+of "top-level" repositories and the Central Index. This registry may
+also include public "user" repositories.
 
-Generally, there are two types of repositories: Top-level repositories which are controlled by the people behind
-Docker, and user repositories.
+So Docker is not only a tool for creating and managing your own
+:ref:`containers <container_def>` -- **Docker is also a tool for
+sharing**. The Docker project provides a Central Registry to host
+public repositories, namespaced by user, and a Central Index which
+provides user authentication and search over all the public
+repositories. You can host your own Registry too! Docker acts as a
+client for these services via ``docker search, pull, login`` and
+``push``.
 
-* Top-level repositories can easily be recognized by not having a ``/`` (slash) in their name. These repositories can
-  generally be trusted.
-* User repositories always come in the form of ``<username>/<repo_name>``. This is what your published images will look like.
-* User images are not checked, it is therefore up to you whether or not you trust the creator of this image.
+Top-level, User, and Your Own Repositories
+------------------------------------------
 
+There are two types of public repositories: *top-level* repositories
+which are controlled by the Docker team, and *user* repositories
+created by individual contributors.
 
-Find public images available on the index
------------------------------------------
+* Top-level repositories can easily be recognized by **not** having a
+  ``/`` (slash) in their name. These repositories can generally be
+  trusted.
+* User repositories always come in the form of
+  ``<username>/<repo_name>``. This is what your published images will
+  look like if you push to the public Central Registry.
+* Only the authenticated user can push to their *username* namespace
+  on the Central Registry.
+* User images are not checked, it is therefore up to you whether or
+  not you trust the creator of this image.
+
+Right now (version 0.5), private repositories are only possible by
+hosting `your own registry
+<https://github.com/dotcloud/docker-registry>`_.  To push or pull to a
+repository on your own registry, you must prefix the tag with the
+address of the registry's host, like this:
+
+.. code-block:: bash
+
+    # Tag to create a repository with the full registry location.
+    # The location (e.g. localhost.localdomain:5000) becomes
+    # a permanent part of the repository name
+    docker tag 0u812deadbeef localhost.localdomain:5000/repo_name
+
+    # Push the new repository to its home location on localhost
+    docker push localhost.localdomain:5000/repo_name
+
+Once a repository has your registry's host name as part of the tag,
+you can push and pull it like any other repository, but it will
+**not** be searchable (or indexed at all) in the Central Index, and
+there will be no user name checking performed. Your registry will
+function completely independently from the Central Index.
+
+Find public images available on the Central Index
+-------------------------------------------------
 
 Seach by name, namespace or description
 
@@ -37,43 +85,48 @@ Download them simply by their name
     docker pull <value>
 
 
-Very similarly you can search for and browse the index online on https://index.docker.io
+Very similarly you can search for and browse the index online on
+https://index.docker.io
 
 
-Connecting to the repository
-----------------------------
+Connecting to the Central Registry
+----------------------------------
 
-You can create a user on the central docker repository online, or by running
+You can create a user on the central Docker Index online, or by running
 
 .. code-block:: bash
 
     docker login
 
+This will prompt you for a username, which will become a public
+namespace for your public repositories.
 
-If your username does not exist it will prompt you to also enter a password and your e-mail address. It will then
-automatically log you in.
+If your username does not exist it will prompt you to also enter a
+password and your e-mail address. It will then automatically log you
+in.
 
 
 Committing a container to a named image
 ---------------------------------------
 
-In order to commit to the repository it is required to have committed your container to an image with your namespace.
+In order to commit to the repository it is required to have committed
+your container to an image within your username namespace.
 
 .. code-block:: bash
 
     # for example docker commit $CONTAINER_ID dhrp/kickassapp
-    docker commit <container_id> <your username>/<some_name>
+    docker commit <container_id> <username>/<repo_name>
 
 
-Pushing a container to the repository
------------------------------------------
+Pushing a container to its repository
+-------------------------------------
 
-In order to push an image to the repository you need to have committed your container to a named image (see above)
+In order to push an image to its repository you need to have committed
+your container to a named image (see above)
 
 Now you can commit this image to the repository
 
 .. code-block:: bash
 
     # for example docker push dhrp/kickassapp
-    docker push <image-name>
-
+    docker push <username>/<repo_name>

docs/theme/MAINTAINERS

@@ -1 +1 @@
-Thatcher Penskens <thatcher@dotcloud.com>
+Thatcher Peskens <thatcher@dotcloud.com>

docs/theme/docker/layout.html

@@ -40,6 +40,11 @@
 
     {%- set script_files = script_files + ['_static/js/docs.js'] %}
 
+    {%- if pagename == 'index' %}
+    <link rel="canonical" href="http://docs.docker.io/en/latest/">
+    {% else %}
+    <link rel="canonical" href="http://docs.docker.io/en/latest/{{ pagename }}/">
+    {% endif %}
     {%- for cssfile in css_files %}
     <link rel="stylesheet" href="{{ pathto(cssfile, 1) }}" type="text/css" />
     {%- endfor %}
@@ -48,9 +53,8 @@
     <script type="text/javascript" src="{{ pathto(scriptfile, 1) }}"></script>
     {%- endfor %}
 
-    {%- if favicon %}
-    <link rel="shortcut icon" href="{{ pathto('_static/' + favicon, 1) }}"/>
-    {%- endif %}
+    <link rel="shortcut icon" href="{{ pathto('_static/favicon.png', 1) }}"/>
+
 
     {%- block extrahead %}{% endblock %}
 
@@ -64,18 +68,18 @@
 
             <div style="float: right" class="pull-right">
                 <ul class="nav">
-                    <li><a href="http://www.docker.io/">Introduction</a></li>
-                    <li><a href="http://www.docker.io/gettingstarted/">Getting started</a></li>
-                    <li class="active"><a href="http://docs.docker.io/en/latest/">Documentation</a></li>
+                    <li id="nav-introduction"><a href="http://www.docker.io/" title="Docker Homepage">Home</a></li>
+                    <li id="nav-about"><a href="http://www.docker.io/about/" title="About">About</a></li>
+                    <li id="nav-community"><a href="http://www.docker.io/community/" title="Community">Community</a></li>
+                    <li id="nav-gettingstarted"><a href="http://www.docker.io/gettingstarted/">Getting started</a></li>
+                    <li id="nav-documentation" class="active"><a href="http://docs.docker.io/en/latest/">Documentation</a></li>
+                    <li id="nav-blog"><a href="http://blog.docker.io/" title="Docker Blog">Blog</a></li>
+                    <li id="nav-index"><a href="http://index.docker.io/" title="Docker Image Index, find images here">INDEX <img class="inline-icon" src="{{ pathto('_static/img/external-link-icon.png', 1) }}" title="external link"> </a></li>
                 </ul>
-                <div class="social links" style="float: right; margin-top: 14px; margin-left: 12px">
-                    <a class="twitter" href="http://twitter.com/getdocker">Twitter</a>
-                    <a class="github" href="https://github.com/dotcloud/docker/">GitHub</a>
-                </div>
             </div>
 
             <div style="margin-left: -12px; float: left;">
-                <a href="http://www.docker.io"><img style="margin-top: 12px; height: 38px" src="{{ pathto('_static/img/docker-letters-logo.gif', 1) }}"></a>
+                <a href="http://www.docker.io" title="Docker Homepage"><img style="margin-top: 0px; height: 60px; margin-left: 10px;" src="{{ pathto('_static/img/docker-top-logo.png', 1) }}"></a>
             </div>
         </div>
 
@@ -86,8 +90,13 @@
 
 <div class="container">
     <div class="row">
-        <div class="span12 titlebar"><h1 class="pageheader">DOCUMENTATION</h1>
+        <div class="span12 titlebar">
             <!--<span class="pull-right" style="margin-left: 20px; font-size: 20px">{{version}}</span>-->
+            <div class="pull-right" id="fork-us" style="margin-top: 16px; margin-right: 16px;">
+                <a  href="http://github.com/dotcloud/docker/"><img src="{{ pathto('_static/img/fork-us.png', 1) }}"> Fork us on Github</a>
+            </div>
+            <h1 class="pageheader"><a href="http://docs.docker.io/en/latest/" title="Documentation" style="color: white;">DOCUMENTATION</a></h1>
+
         </div>
     </div>
 
@@ -98,11 +107,8 @@
     <!-- Docs nav
      ================================================== -->
     <div class="row" style="position: relative">
-        <div class="span3" style="height:100%;" >
 
-        </div>
-
-        <div class="span3 sidebar bs-docs-sidebar" style="position: absolute">
+        <div class="span3 sidebar bs-docs-sidebar">
             {{ toctree(collapse=False, maxdepth=3) }}
         </div>
 
@@ -123,8 +129,14 @@
     <div class="row">
 
         <div class="span12 footer">
+            <div class="tbox textright forceleftmargin social links pull-right">
+                <a class="twitter" href="http://twitter.com/getdocker">Twitter</a>
+                <a class="github" href="https://github.com/dotcloud/docker/">GitHub</a>
+            </div>
 
             Docker is a project by <a href="http://www.dotcloud.com">dotCloud</a>
+
+
 {#            {%- if show_source and has_source and sourcename %}#}
 {#            ·#}
 {#            <a href="{{ pathto('_sources/' + sourcename, true)|e }}"#}
@@ -157,7 +169,7 @@
   <!-- script which should be loaded after everything else -->
 <script type="text/javascript">
 
-
+    // Function to make the sticky header possible
     var shiftWindow = function() {
         scrollBy(0, -70);
         console.log("window shifted")

docs/theme/docker/redirect_build.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Page Moved</title>
+    <meta http-equiv="refresh" content="0; url=http://docs.docker.io/en/latest/use/builder/">
+</head>
+<body>
+
+This page has moved. Perhaps you should visit the <a href="http://docs.docker.io/en/latest/use/builder/" title="builder page">Builder page</a>
+
+</body>
+</html>

docs/theme/docker/redirect_home.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Page Moved</title>
+    <meta http-equiv="refresh" content="0; url=http://docs.docker.io/en/latest/">
+</head>
+<body>
+
+This page has moved. Perhaps you should visit the <a href="http://docs.docker.io/" title="documentation homepage">Documentation Homepage</a>
+
+</body>
+</html>

docs/theme/docker/static/css/main.css

@@ -34,12 +34,12 @@ h4 {
 .navbar .nav li a {
   padding: 22px 15px 22px;
 }
-.navbar .brand {
-  padding: 13px 10px 13px 28px ;
-}
 .navbar-dotcloud .container {
   border-bottom: 2px #000000 solid;
 }
+.inline-icon {
+  margin-bottom: 6px;
+}
 /*
 * Responsive YouTube, Vimeo, Embed, and HTML5 Videos with CSS
 * http://www.jonsuh.com
@@ -82,7 +82,7 @@ h4 {
 .btn-custom {
   background-color: #292929 !important;
   background-repeat: repeat-x;
-  filter: progid:dximagetransform.microsoft.gradient(startColorstr="#515151", endColorstr="#282828");
+  filter: progid:DXImageTransform.Microsoft.gradient(startColorstr="#515151", endColorstr="#282828");
   background-image: -khtml-gradient(linear, left top, left bottom, from(#515151), to(#282828));
   background-image: -moz-linear-gradient(top, #515151, #282828);
   background-image: -ms-linear-gradient(top, #515151, #282828);
@@ -168,10 +168,13 @@ section.header {
 .sidebar {
   font-weight: normal;
   float: left;
-  min-height: 475px;
+  /*  min-height: 475px;*/
+
   background: #ececec;
-  border-left: 1px solid #bbbbbb;
-  border-right: 1px solid #cccccc;
+  /*  border-left: 1px solid #bbbbbb;*/
+
+  /*  border-right: 1px solid #cccccc;*/
+
   position: relative;
 }
 .sidebar ul {
@@ -285,6 +288,40 @@ section.header {
 .social .github {
   background-position: -59px 2px;
 }
+#fork-us {
+  /*font-family: 'Maven Pro';*/
+
+  /*font-weight: bold;*/
+
+  font-size: 12px;
+  /*text-transform: uppercase;*/
+
+  display: block;
+  padding: 0px 1em;
+  height: 28px;
+  line-height: 28px;
+  background-color: #43484c;
+  filter: progid:DXImageTransform.Microsoft.gradient(gradientType=0, startColorstr='#FFFF6E56', endColorstr='#FFED4F35');
+  background-image: -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(0%, #747474), color-stop(100%, #43484c));
+  background-image: -webkit-linear-gradient(top, #747474 0%, #43484c 100%);
+  background-image: -moz-linear-gradient(top, #747474 0%, #43484c 100%);
+  background-image: -o-linear-gradient(top, #747474 0%, #43484c 100%);
+  background-image: linear-gradient(top, #747474 0%, #43484c 100%);
+  border: 1px solid #43484c;
+  -webkit-border-radius: 4px;
+  -moz-border-radius: 4px;
+  -ms-border-radius: 4px;
+  -o-border-radius: 4px;
+  border-radius: 4px;
+  -webkit-box-shadow: inset rgba(255, 255, 255, 0.17) 0 1px 1px;
+  -moz-box-shadow: inset rgba(255, 255, 255, 0.17) 0 1px 1px;
+  box-shadow: inset rgba(255, 255, 255, 0.17) 0 1px 1px;
+  margin: 8px;
+}
+#fork-us a {
+  color: #faf2ee;
+  text-shadow: rgba(0, 0, 0, 0.3) 0px 1px 0px;
+}
 /* =======================
    Media size overrides
 ======================= */
@@ -323,12 +360,16 @@ section.header {
   #global {
     /* TODO: Fix this to be relative to the navigation size */
   
-    padding-top: 600px;
+  }
+  #fork-us {
+    display: none;
   }
 }
 /* Landscape phones and down */
 @media (max-width: 480px) {
-  
+  #nav-gettingstarted {
+    display: none;
+  }
 }
 /* Misc fixes */
 table th {