Bump version to v0.10.0

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)

.gitignore

@@ -22,3 +22,4 @@ bundles/
 .git/
 vendor/pkg/
 pyenv
+Vagrantfile

.mailmap

@@ -1,9 +1,11 @@
-# Generate AUTHORS: git log --format='%aN <%aE>' | sort -uf | grep -v vagrant-ubuntu-12
-<charles.hooper@dotcloud.com> <chooper@plumata.com> 
+# Generate AUTHORS: git log --format='%aN <%aE>' | sort -uf
+<charles.hooper@dotcloud.com> <chooper@plumata.com>
 <daniel.mizyrycki@dotcloud.com> <daniel@dotcloud.com>
 <daniel.mizyrycki@dotcloud.com> <mzdaniel@glidelink.net>
-Guillaume J. Charmes <guillaume.charmes@dotcloud.com> <charmes.guillaume@gmail.com>
-<guillaume.charmes@dotcloud.com> <guillaume@dotcloud.com>
+Guillaume J. Charmes <guillaume.charmes@docker.com> <charmes.guillaume@gmail.com>
+<guillaume.charmes@docker.com> <guillaume@dotcloud.com>
+<guillaume.charmes@docker.com> <guillaume@docker.com>
+<guillaume.charmes@docker.com> <guillaume.charmes@dotcloud.com>
 <kencochrane@gmail.com> <KenCochrane@gmail.com>
 <sridharr@activestate.com> <github@srid.name>
 Thatcher Peskens <thatcher@dotcloud.com> dhrp <thatcher@dotcloud.com>
@@ -15,8 +17,11 @@ Joffrey F <joffrey@dotcloud.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
 Andy Smith <github@anarkystic.com>
 <kalessin@kalessin.fr> <louis@dotcloud.com>
-<victor.vieux@dotcloud.com> <victor@dotcloud.com>
-<victor.vieux@dotcloud.com> <dev@vvieux.com>
+<victor.vieux@docker.com> <victor.vieux@dotcloud.com>
+<victor.vieux@docker.com> <victor@dotcloud.com>
+<victor.vieux@docker.com> <dev@vvieux.com>
+<victor.vieux@docker.com> <victor@docker.com>
+<victor.vieux@docker.com> <vieux@docker.com>
 <dominik@honnef.co> <dominikh@fork-bomb.org>
 Thatcher Peskens <thatcher@dotcloud.com>
 <ehanchrow@ine.com> <eric.hanchrow@gmail.com>
@@ -38,3 +43,18 @@ Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
 Matthew Mueller <mattmuelle@gmail.com>
 <mosoni@ebay.com> <mohitsoni1989@gmail.com>
 Shih-Yuan Lee <fourdollars@gmail.com>
+Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com> root <root@vagrant-ubuntu-12.10.vagrantup.com>
+Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
+<proppy@google.com> <proppy@aminche.com>
+<michael@crosbymichael.com> <crosby.michael@gmail.com>
+<github@metaliveblog.com> <github@developersupport.net>
+<brandon@ifup.org> <brandon@ifup.co>
+<dano@spotify.com> <daniel.norberg@gmail.com>
+<danny@codeaholics.org> <Danny.Yates@mailonline.co.uk>
+<gurjeet@singh.im> <singh.gurjeet@gmail.com>
+<shawn@churchofgit.com> <shawnlandden@gmail.com>
+<sjoerd-github@linuxonly.nl> <sjoerd@byte.nl>
+<solomon@dotcloud.com> <solomon.hykes@dotcloud.com>
+<SvenDowideit@home.org.au> <SvenDowideit@fosiki.com>
+Sven Dowideit <SvenDowideit@home.org.au> ¨Sven <¨SvenDowideit@home.org.au¨>
+unclejack <unclejacksons@gmail.com> <unclejack@users.noreply.github.com>

.travis.yml

@@ -13,11 +13,18 @@ before_script:
   - sudo apt-get update -qq
   - sudo apt-get install -qq python-yaml
   - git remote add upstream git://github.com/dotcloud/docker.git
-  - git fetch --append --no-tags upstream refs/heads/master:refs/remotes/upstream/master
+  - upstream=master;
+    if [ "$TRAVIS_PULL_REQUEST" != false ]; then
+      upstream=$TRAVIS_BRANCH;
+    fi;
+    git fetch --append --no-tags upstream refs/heads/$upstream:refs/remotes/upstream/$upstream
 # sometimes we have upstream master already as origin/master (PRs), but other times we don't, so let's just make sure we have a completely unambiguous way to specify "upstream master" from here out
+# but if it's a PR against non-master, we need that upstream branch instead :)
+  - sudo pip install -r docs/requirements.txt
 
 script:
   - hack/travis/dco.py
   - hack/travis/gofmt.py
+  - make -sC docs SPHINXOPTS=-qW docs man
 
 # vim:set sw=2 ts=2:

AUTHORS

@@ -3,29 +3,42 @@
 #
 # For a list of active project maintainers, see the MAINTAINERS file.
 #
-Al Tobey <al@ooyala.com>
-Alex Gaynor <alex.gaynor@gmail.com>
+Aanand Prasad <aanand.prasad@gmail.com>
+Aaron Feng <aaron.feng@gmail.com>
+Abel Muiño <amuino@gmail.com>
 Alexander Larsson <alexl@redhat.com>
 Alexey Shamrin <shamrin@gmail.com>
+Alex Gaynor <alex.gaynor@gmail.com>
+Alexis THOMAS <fr.alexisthomas@gmail.com>
+Al Tobey <al@ooyala.com>
 Andrea Luzzardi <aluzzardi@gmail.com>
 Andreas Savvides <andreas@editd.com>
 Andreas Tiefenthaler <at@an-ti.eu>
+Andrew Duckworth <grillopress@gmail.com>
 Andrew Macgregor <andrew.macgregor@agworld.com.au>
 Andrew Munsell <andrew@wizardapps.net>
 Andrews Medina <andrewsmedina@gmail.com>
+Andy Chambers <anchambers@paypal.com>
+andy diller <dillera@gmail.com>
 Andy Rothfusz <github@metaliveblog.com>
 Andy Smith <github@anarkystic.com>
 Anthony Bishopric <git@anthonybishopric.com>
+Anton Nikitin <anton.k.nikitin@gmail.com>
 Antony Messerli <amesserl@rackspace.com>
+apocas <petermdias@gmail.com>
 Asbjørn Enge <asbjorn@hanafjedle.net>
 Barry Allard <barry.allard@gmail.com>
+Bartłomiej Piotrowski <b@bpiotrowski.pl>
+Benoit Chesneau <bchesneau@gmail.com>
+Ben Sargent <ben@brokendigits.com>
 Ben Toews <mastahyeti@gmail.com>
 Ben Wiklund <ben@daisyowl.com>
-Benoit Chesneau <bchesneau@gmail.com>
 Bhiraj Butala <abhiraj.butala@gmail.com>
 Bouke Haarsma <bouke@webatoom.nl>
 Brandon Liu <bdon@bdon.org>
-Brandon Philips <brandon@ifup.co>
+Brandon Philips <brandon@ifup.org>
+Brian Dorsey <brian@dorseys.org>
+Brian Goff <cpuguy83@gmail.com>
 Brian McCallister <brianm@skife.org>
 Brian Olsen <brian@maven-group.org>
 Brian Shumate <brian@couchbase.com>
@@ -33,168 +46,300 @@ Briehan Lombaard <briehan.lombaard@gmail.com>
 Bruno Bigras <bigras.bruno@gmail.com>
 Caleb Spare <cespare@gmail.com>
 Calen Pennington <cale@edx.org>
+Carl X. Su <bcbcarl@gmail.com>
 Charles Hooper <charles.hooper@dotcloud.com>
+Charles Lindsay <chaz@chazomatic.us>
+Chia-liang Kao <clkao@clkao.org>
+Chris St. Pierre <chris.a.st.pierre@gmail.com>
 Christopher Currie <codemonkey+github@gmail.com>
+Christopher Rigor <crigor@gmail.com>
+Christophe Troestler <christophe.Troestler@umons.ac.be>
+Clayton Coleman <ccoleman@redhat.com>
 Colin Dunklau <colin.dunklau@gmail.com>
 Colin Rice <colin@daedrum.net>
+Cory Forsyth <cory.forsyth@gmail.com>
+cressie176 <github@stephen-cresswell.net>
 Dan Buch <d.buch@modcloth.com>
+Dan Hirsch <thequux@upstandinghackers.com>
+Daniel Exner <dex@dragonslave.de>
 Daniel Garcia <daniel@danielgarcia.info>
 Daniel Gasienica <daniel@gasienica.ch>
 Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com>
+Daniel Norberg <dano@spotify.com>
 Daniel Nordberg <dnordberg@gmail.com>
 Daniel Robinson <gottagetmac@gmail.com>
 Daniel Von Fange <daniel@leancoder.com>
 Daniel YC Lin <dlin.tw@gmail.com>
+Danny Yates <danny@codeaholics.org>
 Darren Coxall <darren@darrencoxall.com>
+David Anderson <dave@natulte.net>
 David Calavera <david.calavera@gmail.com>
+David Mcanulty <github@hellspark.com>
 David Sissitka <me@dsissitka.com>
 Deni Bertovic <deni@kset.org>
+Dinesh Subhraveti <dineshs@altiscale.com>
+dkumor <daniel@dkumor.com>
+Dmitry Demeshchuk <demeshchuk@gmail.com>
 Dominik Honnef <dominik@honnef.co>
 Don Spaulding <donspauldingii@gmail.com>
-Dr Nic Williams <drnicwilliams@gmail.com>
 Dražen Lučanin <kermit666@gmail.com>
+Dr Nic Williams <drnicwilliams@gmail.com>
+Dustin Sallings <dustin@spy.net>
+Edmund Wagner <edmund-wagner@web.de>
 Elias Probst <mail@eliasprobst.eu>
+Emil Hernvall <emil@quench.at>
 Emily Rose <emily@contactvibe.com>
 Eric Hanchrow <ehanchrow@ine.com>
+Eric Lee <thenorthsecedes@gmail.com>
 Eric Myhre <hash@exultant.us>
 Erno Hopearuoho <erno.hopearuoho@gmail.com>
+eugenkrizo <eugen.krizo@gmail.com>
+Evan Krall <krall@yelp.com>
 Evan Phoenix <evan@fallingsnow.net>
 Evan Wies <evan@neomantra.net>
+Eystein Måløy Stenberg <eystein.maloy.stenberg@cfengine.com>
 ezbercih <cem.ezberci@gmail.com>
+Fabio Falci <fabiofalci@gmail.com>
+Fabio Rehm <fgrehm@gmail.com>
 Fabrizio Regini <freegenie@gmail.com>
 Faiz Khan <faizkhan00@gmail.com>
 Fareed Dudhia <fareeddudhia@googlemail.com>
+Fernando <fermayo@gmail.com>
 Flavio Castelli <fcastelli@suse.com>
 Francisco Souza <f@souza.cc>
+Frank Macreery <frank@macreery.com>
 Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
+Frederik Loeffert <frederik@zitrusmedia.de>
+Freek Kalter <freek@kalteronline.org>
+Gabe Rosenhouse <gabe@missionst.com>
 Gabriel Monroy <gabriel@opdemand.com>
+Galen Sampson <galen.sampson@gmail.com>
 Gareth Rushgrove <gareth@morethanseven.net>
+Gereon Frey <gereon.frey@dynport.de>
+Gert van Valkenhoef <g.h.m.van.valkenhoef@rug.nl>
 Graydon Hoare <graydon@pobox.com>
 Greg Thornton <xdissent@me.com>
-Guillaume J. Charmes <guillaume.charmes@dotcloud.com>
+grunny <mwgrunny@gmail.com>
+Guillaume J. Charmes <guillaume.charmes@docker.com>
 Gurjeet Singh <gurjeet@singh.im>
 Guruprasad <lgp171188@gmail.com>
 Harley Laue <losinggeneration@gmail.com>
 Hector Castro <hectcastro@gmail.com>
 Hunter Blanks <hunter@twilio.com>
+inglesp <peter.inglesby@gmail.com>
+Isaac Dupree <antispam@idupree.com>
 Isao Jonas <isao.jonas@gmail.com>
+Jake Moshenko <jake@devtable.com>
+James Allen <jamesallen0108@gmail.com>
 James Carr <james.r.carr@gmail.com>
+James Mills <prologic@shortcircuit.net.au>
 James Turnbull <james@lovedthanlost.net>
+jaseg <jaseg@jaseg.net>
 Jason McVetta <jason.mcvetta@gmail.com>
 Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
+Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
 Jeff Lindsay <progrium@gmail.com>
 Jeremy Grosser <jeremy@synack.me>
+Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>
+Jesse Dubay <jesse@thefortytwo.net>
 Jim Alateras <jima@comware.com.au>
 Jimmy Cuadra <jimmy@jimmycuadra.com>
+Joe Beda <joe.github@bedafamily.com>
 Joe Van Dyk <joe@tanga.com>
 Joffrey F <joffrey@dotcloud.com>
 Johan Euphrosine <proppy@google.com>
+Johannes 'fish' Ziemke <github@freigeist.org>
+Johan Rydberg <johan.rydberg@gmail.com>
 John Costa <john.costa@gmail.com>
-Jon Wedaman <jweede@gmail.com>
+John Feminella <jxf@jxf.me>
+John Gardiner Myers <jgmyers@proofpoint.com>
+John Warwick <jwarwick@gmail.com>
 Jonas Pfenniger <jonas@pfenniger.name>
 Jonathan Mueller <j.mueller@apoveda.ch>
 Jonathan Rudenberg <jonathan@titanous.com>
+Jon Wedaman <jweede@gmail.com>
 Joost Cassee <joost@cassee.net>
 Jordan Arentsen <blissdev@gmail.com>
+Jordan Sissel <jls@semicomplete.com>
 Joseph Anthony Pasquale Holsten <joseph@josephholsten.com>
+Joseph Hager <ajhager@gmail.com>
+Josh Hawn <josh.hawn@docker.com>
 Josh Poimboeuf <jpoimboe@redhat.com>
+JP <jpellerin@leapfrogonline.com>
 Julien Barbier <write0@gmail.com>
-Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>
+Julien Dubois <julien.dubois@gmail.com>
+Justin Force <justin.force@gmail.com>
+Justin Plock <jplock@users.noreply.github.com>
 Karan Lyons <karan@karanlyons.com>
-Karl Grzeszczak <karl@karlgrz.com>
+Karl Grzeszczak <karlgrz@gmail.com>
 Kawsar Saiyeed <kawsar.saiyeed@projiris.com>
 Keli Hu <dev@keli.hu>
 Ken Cochrane <kencochrane@gmail.com>
 Kevin Clark <kevin.clark@gmail.com>
 Kevin J. Lynagh <kevin@keminglabs.com>
+Kevin Wallace <kevin@pentabarf.net>
+Keyvan Fatehi <keyvanfatehi@gmail.com>
 kim0 <email.ahmedkamal@googlemail.com>
+Kim BKC Carlbacker <kim.carlbacker@gmail.com>
 Kimbro Staken <kstaken@kstaken.com>
 Kiran Gangadharan <kiran.daredevil@gmail.com>
 Konstantin Pelykh <kpelykh@zettaset.com>
 Kyle Conroy <kyle.j.conroy@gmail.com>
 Laurie Voss <github@seldo.com>
+Liang-Chi Hsieh <viirya@gmail.com>
+Lokesh Mandvekar <lsm5@redhat.com>
 Louis Opter <kalessin@kalessin.fr>
+lukaspustina <lukas.pustina@centerdevice.com>
+Mahesh Tiyyagura <tmahesh@gmail.com>
 Manuel Meurer <manuel@krautcomputing.com>
-Manuel Woelker <docker@manuel.woelker.org>
+Manuel Woelker <github@manuel.woelker.org>
+Marc Kuo <kuomarc2@gmail.com>
 Marco Hennings <marco.hennings@freiheit.com>
 Marcus Farkas <toothlessgear@finitebox.com>
 Marcus Ramberg <marcus@nordaaker.com>
+Marek Goldmann <marek.goldmann@gmail.com>
+Mark Allen <mrallen1@yahoo.com>
 Mark McGranaghan <mmcgrana@gmail.com>
 Marko Mikulicic <mmikulicic@gmail.com>
 Markus Fix <lispmeister@gmail.com>
+Martijn van Oosterhout <kleptog@svana.org>
 Martin Redmond <martin@tinychat.com>
-Matt Apperson <me@mattapperson.com>
 Mathieu Le Marec - Pasquet <kiorky@cryptelium.net>
+Matt Apperson <me@mattapperson.com>
 Matt Bachmann <bachmann.matt@gmail.com>
+Matt Haggard <haggardii@gmail.com>
 Matthew Mueller <mattmuelle@gmail.com>
+mattymo <raytrac3r@gmail.com>
+Maxime Petazzoni <max@signalfuse.com>
 Maxim Treskin <zerthurd@gmail.com>
 meejah <meejah@meejah.ca>
-Michael Crosby <crosby.michael@gmail.com>
+Michael Crosby <michael@crosbymichael.com>
 Michael Gorsuch <gorsuch@github.com>
+Michael Stapelberg <michael+gh@stapelberg.de>
 Miguel Angel Fernández <elmendalerenda@gmail.com>
 Mike Gaffney <mike@uberu.com>
+Mike Naberezny <mike@naberezny.com>
 Mikhail Sobolev <mss@mawhrin.net>
 Mohit Soni <mosoni@ebay.com>
 Morten Siebuhr <sbhr@sbhr.dk>
 Nan Monnand Deng <monnand@gmail.com>
 Nate Jones <nate@endot.org>
+Nathan Kleyn <nathan@nathankleyn.com>
 Nelson Chen <crazysim@gmail.com>
 Niall O'Higgins <niallo@unworkable.org>
 Nick Payne <nick@kurai.co.uk>
 Nick Stenning <nick.stenning@digital.cabinet-office.gov.uk>
 Nick Stinemates <nick@stinemates.org>
+Nicolas Dudebout <nicolas.dudebout@gatech.edu>
+Nicolas Kaiser <nikai@nikai.net>
 Nolan Darilek <nolan@thewordnerd.info>
 odk- <github@odkurzacz.org>
+Oguz Bilgic <fisyonet@gmail.com>
+Ole Reifschneider <mail@ole-reifschneider.de>
+O.S.Tezer <ostezer@gmail.com>
+pandrew <letters@paulnotcom.se>
 Pascal Borreli <pascal@borreli.com>
+pattichen <craftsbear@gmail.com>
 Paul Bowsher <pbowsher@globalpersonals.co.uk>
 Paul Hammond <paul@paulhammond.org>
+Paul Lietar <paul@lietar.net>
+Paul Morie <pmorie@gmail.com>
 Paul Nasrat <pnasrat@gmail.com>
+Paul <paul9869@gmail.com>
+Peter Braden <peterbraden@peterbraden.co.uk>
+Peter Waller <peter@scraperwiki.com>
 Phil Spitler <pspitler@gmail.com>
+Piergiuliano Bossi <pgbossi@gmail.com>
+Pierre-Alain RIVIERE <pariviere@ippon.fr>
 Piotr Bogdan <ppbogdan@gmail.com>
 pysqz <randomq@126.com>
+Quentin Brossard <qbrossard@gmail.com>
+Rafal Jeczalik <rjeczalik@gmail.com>
+Ramkumar Ramachandra <artagnon@gmail.com>
 Ramon van Alteren <ramon@vanalteren.nl>
 Renato Riccieri Santos Zannon <renato.riccieri@gmail.com>
+rgstephens <greg@udon.org>
 Rhys Hiltner <rhys@twitch.tv>
+Richo Healey <richo@psych0tik.net>
+Rick Bradley <rick@users.noreply.github.com>
 Robert Obryk <robryk@gmail.com>
+Roberto G. Hashioka <roberto.hashioka@docker.com>
 Roberto Hashioka <roberto_hashioka@hotmail.com>
+Rodrigo Vaz <rodrigo.vaz@gmail.com>
+Roel Van Nyen <roel.vannyen@gmail.com>
+Roger Peppe <rogpeppe@gmail.com>
 Ryan Fowler <rwfowler@gmail.com>
+Ryan O'Donnell <odonnellryanc@gmail.com>
+Ryan Seto <ryanseto@yak.net>
 Sam Alba <sam.alba@gmail.com>
 Sam J Sharpe <sam.sharpe@digital.cabinet-office.gov.uk>
+Samuel Andaya <samuel@andaya.net>
 Scott Bessler <scottbessler@gmail.com>
+Sean Cronin <seancron@gmail.com>
 Sean P. Kane <skane@newrelic.com>
+Shawn Landden <shawn@churchofgit.com>
 Shawn Siefkas <shawn.siefkas@meredith.com>
 Shih-Yuan Lee <fourdollars@gmail.com>
+shin- <joffrey@docker.com>
 Silas Sewell <silas@sewell.org>
+Simon Taranto <simon.taranto@gmail.com>
+Sjoerd Langkemper <sjoerd-github@linuxonly.nl>
 Solomon Hykes <solomon@dotcloud.com>
 Song Gao <song@gao.io>
 Sridatta Thatipamala <sthatipamala@gmail.com>
 Sridhar Ratnakumar <sridharr@activestate.com>
 Steeve Morin <steeve.morin@gmail.com>
 Stefan Praszalowicz <stefan@greplin.com>
-Sven Dowideit <SvenDowideit@home.org.au>
+sudosurootdev <sudosurootdev@gmail.com>
+Sven Dowideit <svendowideit@home.org.au>
+Sylvain Bellemare <sylvain.bellemare@ezeep.com>
+tang0th <tang0th@gmx.com>
+Tatsuki Sugiura <sugi@nemui.org>
+Tehmasp Chaudhri <tehmasp@gmail.com>
 Thatcher Peskens <thatcher@dotcloud.com>
 Thermionix <bond711@gmail.com>
 Thijs Terlouw <thijsterlouw@gmail.com>
 Thomas Bikeev <thomas.bikeev@mac.com>
 Thomas Frössman <thomasf@jossystem.se>
 Thomas Hansen <thomas.hansen@gmail.com>
+Thomas LEVEIL <thomasleveil@gmail.com>
 Tianon Gravi <admwiggin@gmail.com>
+Tim Bosse <maztaim@users.noreply.github.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
 Tobias Bieniek <Tobias.Bieniek@gmx.de>
 Tobias Schmidt <ts@soundcloud.com>
 Tobias Schwab <tobias.schwab@dynport.de>
+Todd Lunter <tlunter@gmail.com>
 Tom Hulihan <hulihan.tom159@gmail.com>
 Tommaso Visconti <tommaso.visconti@gmail.com>
+Travis Cline <travis.cline@gmail.com>
 Tyler Brock <tyler.brock@gmail.com>
+Tzu-Jung Lee <roylee17@gmail.com>
+Ulysse Carion <ulyssecarion@gmail.com>
 unclejack <unclejacksons@gmail.com>
+vgeta <gopikannan.venugopalsamy@gmail.com>
 Victor Coisne <victor.coisne@dotcloud.com>
 Victor Lyuboslavsky <victor@victoreda.com>
-Victor Vieux <victor.vieux@dotcloud.com>
+Victor Vieux <victor.vieux@docker.com>
+Vincent Batts <vbatts@redhat.com>
 Vincent Bernat <bernat@luffy.cx>
+Vincent Woo <me@vincentwoo.com>
+Vinod Kulkarni <vinod.kulkarni@gmail.com>
+Vitor Monteiro <vmrmonteiro@gmail.com>
 Vivek Agarwal <me@vivek.im>
 Vladimir Kirillov <proger@wilab.org.ua>
+Vladimir Rutsky <iamironbob@gmail.com>
 Walter Stanish <walter@pratyeka.org>
+WarheadsSE <max@warheads.net>
 Wes Morgan <cap10morgan@gmail.com>
 Will Dietz <w@wdtz.org>
+William Delanoue <william.delanoue@gmail.com>
+Will Rouesnel <w.rouesnel@gmail.com>
+Will Weaver <monkey@buildingbananas.com>
+Xiuming Chen <cc@cxm.cc>
 Yang Bai <hamo.by@gmail.com>
+Yurii Rashkovskii <yrashk@gmail.com>
+Zain Memon <zain@inzain.net>
 Zaiste! <oh@zaiste.net>
+Zilin Du <zilin.du@gmail.com>
+zimbatm <zimbatm@zimbatm.com>

CHANGELOG.md

@@ -1,5 +1,369 @@
 # Changelog
 
+## 0.10.0 (2014-04-08)
+
+#### Builder
+- Fix printing multiple messages on a single line. Fixes broken output during builds.
+- Follow symlinks inside container's root for ADD build instructions.
+- Fix EXPOSE caching.
+
+#### Documentation
+- Add the new options of `docker ps` to the documentation.
+- Add the options of `docker restart` to the documentation.
+- Update daemon docs and help messages for --iptables and --ip-forward.
+- Updated apt-cacher-ng docs example.
+- Remove duplicate description of --mtu from docs.
+- Add missing -t and -v for `docker images` to the docs.
+- Add fixes to the cli docs.
+- Update libcontainer docs.
+- Update images in docs to remove references to AUFS and LXC.
+- Update the nodejs_web_app in the docs to use the new epel RPM address.
+- Fix external link on security of containers.
+- Update remote API docs.
+- Add image size to history docs.
+- Be explicit about binding to all interfaces in redis example.
+- Document DisableNetwork flag in the 1.10 remote api.
+- Document that `--lxc-conf` is lxc only.
+- Add chef usage documentation.
+- Add example for an image with multiple for `docker load`.
+- Explain what `docker run -a` does in the docs.
+
+#### Contrib
+- Add variable for DOCKER_LOGFILE to sysvinit and use append instead of overwrite in opening the logfile.
+- Fix init script cgroup mounting workarounds to be more similar to cgroupfs-mount and thus work properly.
+- Remove inotifywait hack from the upstart host-integration example because it's not necessary any more.
+- Add check-config script to contrib.
+- Fix fish shell completion.
+
+#### Hack
+* Clean up "go test" output from "make test" to be much more readable/scannable.
+* Excluse more "definitely not unit tested Go source code" directories from hack/make/test.
++ Generate md5 and sha256 hashes when building, and upload them via hack/release.sh.
+- Include contributed completions in Ubuntu PPA.
++ Add cli integration tests.
+* Add tweaks to the hack scripts to make them simpler.
+
+#### Remote API
++ Add TLS auth support for API.
+* Move git clone from daemon to client.
+- Fix content-type detection in docker cp.
+* Split API into 2 go packages.
+
+#### Runtime
+* Support hairpin NAT without going through Docker server.
+- devicemapper: succeed immediately when removing non-existing devices.
+- devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time and unlock while sleeping).
+- devicemapper: increase timeout in waitClose to 10 seconds.
+- devicemapper: ensure we shut down thin pool cleanly.
+- devicemapper: pass info, rather than hash to activateDeviceIfNeeded, deactivateDevice, setInitialized, deleteDevice.
+- devicemapper: avoid AB-BA deadlock.
+- devicemapper: make shutdown better/faster.
+- improve alpha sorting in mflag.
+- Remove manual http cookie management because the cookiejar is being used.
+- Use BSD raw mode on Darwin. Fixes nano, tmux and others.
+- Add FreeBSD support for the client.
+- Merge auth package into registry.
+- Add deprecation warning for -t on `docker pull`.
+- Remove goroutine leak on error.
+- Update parseLxcInfo to comply with new lxc1.0 format.
+- Fix attach exit on darwin.
+- Improve deprecation message.
+- Retry to retrieve the layer metadata up to 5 times for `docker pull`.
+- Only unshare the mount namespace for execin.
+- Merge existing config when committing.
+- Disable daemon startup timeout.
+- Fix issue #4681: add loopback interface when networking is disabled.
+- Add failing test case for issue #4681.
+- Send SIGTERM to child, instead of SIGKILL.
+- Show the driver and the kernel version in `docker info` even when not in debug mode.
+- Always symlink /dev/ptmx for libcontainer. This fixes console related problems.
+- Fix issue caused by the absence of /etc/apparmor.d.
+- Don't leave empty cidFile behind when failing to create the container.
+- Mount cgroups automatically if they're not mounted already.
+- Use mock for search tests.
+- Update to double-dash everywhere.
+- Move .dockerenv parsing to lxc driver.
+- Move all bind-mounts in the container inside the namespace.
+- Don't use separate bind mount for container.
+- Always symlink /dev/ptmx for libcontainer.
+- Don't kill by pid for other drivers.
+- Add initial logging to libcontainer.
+* Sort by port in `docker ps`.
+- Move networking drivers into runtime top level package.
++ Add --no-prune to `docker rmi`.
++ Add time since exit in `docker ps`.
+- graphdriver: add build tags.
+- Prevent allocation of previously allocated ports & prevent improve port allocation.
+* Add support for --since/--before in `docker ps`.
+- Clean up container stop.
++ Add support for configurable dns search domains.
+- Add support for relative WORKDIR instructions.
+- Add --output flag for docker save.
+- Remove duplication of DNS entries in config merging.
+- Add cpuset.cpus to cgroups and native driver options.
+- Remove docker-ci.
+- Promote btrfs. btrfs is no longer considered experimental.
+- Add --input flag to `docker load`.
+- Return error when existing bridge doesn't match IP address.
+- Strip comments before parsing line continuations to avoid interpreting instructions as comments.
+- Fix TestOnlyLoopbackExistsWhenUsingDisableNetworkOption to ignore "DOWN" interfaces.
+- Add systemd implementation of cgroups and make containers show up as systemd units.
+- Fix commit and import when no repository is specified.
+- Remount /var/lib/docker as --private to fix scaling issue.
+- Use the environment's proxy when pinging the remote registry.
+- Reduce error level from harmless errors.
+* Allow --volumes-from to be individual files.
+- Fix expanding buffer in StdCopy.
+- Set error regardless of attach or stdin. This fixes #3364.
+- Add support for --env-file to load environment variables from files.
+- Symlink /etc/mtab and /proc/mounts.
+- Allow pushing a single tag.
+- Shut down containers cleanly at shutdown and wait forever for the containers to shut down. This makes container shutdown on daemon shutdown work properly via SIGTERM.
+- Don't throw error when starting an already running container.
+- Fix dynamic port allocation limit.
+- remove setupDev from libcontainer.
+- Add API version to `docker version`.
+- Return correct exit code when receiving signal and make SIGQUIT quit without cleanup.
+- Fix --volumes-from mount failure.
+- Allow non-privileged containers to create device nodes.
+- Skip login tests because of external dependency on a hosted service.
+- Deprecate `docker images --tree` and `docker images --viz`.
+- Deprecate `docker insert`.
+- Include base abstraction for apparmor. This fixes some apparmor related problems on Ubuntu 14.04.
+- Add specific error message when hitting 401 over HTTP on push.
+- Fix absolute volume check.
+- Remove volumes-from from the config.
+- Move DNS options to hostconfig.
+- Update the apparmor profile for libcontainer.
+- Add deprecation notice for `docker commit -run`.
+
+## 0.9.1 (2014-03-24)
+
+#### Builder
+- Fix printing multiple messages on a single line. Fixes broken output during builds.
+
+#### Documentation
+- Fix external link on security of containers.
+
+#### Contrib
+- Fix init script cgroup mounting workarounds to be more similar to cgroupfs-mount and thus work properly.
+- Add variable for DOCKER_LOGFILE to sysvinit and use append instead of overwrite in opening the logfile.
+
+#### Hack
+- Generate md5 and sha256 hashes when building, and upload them via hack/release.sh.
+
+#### Remote API
+- Fix content-type detection in `docker cp`.
+
+#### Runtime
+- Use BSD raw mode on Darwin. Fixes nano, tmux and others.
+- Only unshare the mount namespace for execin.
+- Retry to retrieve the layer metadata up to 5 times for `docker pull`.
+- Merge existing config when committing.
+- Fix panic in monitor.
+- Disable daemon startup timeout.
+- Fix issue #4681: add loopback interface when networking is disabled.
+- Add failing test case for issue #4681.
+- Send SIGTERM to child, instead of SIGKILL.
+- Show the driver and the kernel version in `docker info` even when not in debug mode.
+- Always symlink /dev/ptmx for libcontainer. This fixes console related problems.
+- Fix issue caused by the absence of /etc/apparmor.d.
+- Don't leave empty cidFile behind when failing to create the container.
+- Improve deprecation message.
+- Fix attach exit on darwin.
+- devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time, unlock while sleeping).
+- devicemapper: succeed immediately when removing non-existing devices.
+- devicemapper: increase timeout in waitClose to 10 seconds.
+- Remove goroutine leak on error.
+- Update parseLxcInfo to comply with new lxc1.0 format.
+
+## 0.9.0 (2014-03-10)
+
+#### Builder
+- Avoid extra mount/unmount during build. This fixes mount/unmount related errors during build.
+- Add error to docker build --rm. This adds missing error handling.
+- Forbid chained onbuild, `onbuild from` and  `onbuild maintainer` triggers.
+- Make `--rm` the default for `docker build`.
+
+#### Documentation
+- Download the docker client binary for Mac over https.
+- Update the titles of the install instructions & descriptions.
+* Add instructions for upgrading boot2docker.
+* Add port forwarding example in OS X install docs.
+- Attempt to disentangle repository and registry.
+- Update docs to explain more about `docker ps`.
+- Update sshd example to use a Dockerfile.
+- Rework some examples, including the Python examples.
+- Update docs to include instructions for a container's lifecycle.
+- Update docs documentation to discuss the docs branch.
+- Don't skip cert check for an example & use HTTPS.
+- Bring back the memory and swap accounting section which was lost when the kernel page was removed.
+- Explain DNS warnings and how to fix them on systems running and using a local nameserver.
+
+#### Contrib
+- Add Tanglu support for mkimage-debootstrap.
+- Add SteamOS support for mkimage-debootstrap.
+
+#### Hack
+- Get package coverage when running integration tests.
+- Remove the Vagrantfile. This is being replaced with boot2docker.
+- Fix tests on systems where aufs isn't available.
+- Update packaging instructions and remove the dependency on lxc.
+
+#### Remote API
+* Move code specific to the API to the api package.
+- Fix header content type for the API. Makes all endpoints use proper content type.
+- Fix registry auth & remove ping calls from CmdPush and CmdPull.
+- Add newlines to the JSON stream functions.
+
+#### Runtime
+* Do not ping the registry from the CLI. All requests to registres flow through the daemon.
+- Check for nil information return in the lxc driver. This fixes panics with older lxc versions.
+- Devicemapper: cleanups and fix for unmount. Fixes two problems which were causing unmount to fail intermittently.
+- Devicemapper: remove directory when removing device. Directories don't get left behind when removing the device.
+* Devicemapper: enable skip_block_zeroing. Improves performance by not zeroing blocks.
+- Devicemapper: fix shutdown warnings. Fixes shutdown warnings concerning pool device removal.
+- Ensure docker cp stream is closed properly. Fixes problems with files not being copied by `docker cp`.
+- Stop making `tcp://` default to `127.0.0.1:4243` and remove the default port for tcp.
+- Fix `--run` in `docker commit`. This makes `docker commit --run` work again.
+- Fix custom bridge related options. This makes custom bridges work again.
++ Mount-bind the PTY as container console. This allows tmux/screen to run.
++ Add the pure Go libcontainer library to make it possible to run containers using only features of the Linux kernel.
++ Add native exec driver which uses libcontainer and make it the default exec driver.
+- Add support for handling extended attributes in archives.
+* Set the container MTU to be the same as the host MTU.
++ Add simple sha256 checksums for layers to speed up `docker push`.
+* Improve kernel version parsing.
+* Allow flag grouping (`docker run -it`).
+- Remove chroot exec driver.
+- Fix divide by zero to fix panic.
+- Rewrite `docker rmi`.
+- Fix docker info with lxc 1.0.0.
+- Fix fedora tty with apparmor.
+* Don't always append env vars, replace defaults with vars from config.
+* Fix a goroutine leak.
+* Switch to Go 1.2.1.
+- Fix unique constraint error checks.
+* Handle symlinks for Docker's data directory and for TMPDIR.
+- Add deprecation warnings for flags (-flag is deprecated in favor of --flag)
+- Add apparmor profile for the native execution driver.
+* Move system specific code from archive to pkg/system.
+- Fix duplicate signal for `docker run -i -t` (issue #3336).
+- Return correct process pid for lxc.
+- Add a -G option to specify the group which unix sockets belong to.
++ Add `-f` flag to `docker rm` to force removal of running containers.
++ Kill ghost containers and restart all ghost containers when the docker daemon restarts.
++ Add `DOCKER_RAMDISK` environment variable to make Docker work when the root is on a ramdisk.
+
+## 0.8.1 (2014-02-18)
+
+#### Builder
+
+- Avoid extra mount/unmount during build. This removes an unneeded mount/unmount operation which was causing problems with devicemapper
+- Fix regression with ADD of tar files. This stops Docker from decompressing tarballs added via ADD from the local file system
+- Add error to `docker build --rm`. This adds a missing error check to ensure failures to remove containers are detected and reported
+
+#### Documentation
+
+* Update issue filing instructions
+* Warn against the use of symlinks for Docker's storage folder
+* Replace the Firefox example with an IceWeasel example
+* Rewrite the PostgresSQL example using a Dockerfile and add more details to it
+* Improve the OS X documentation
+
+#### Remote API
+
+- Fix broken images API for version less than 1.7
+- Use the right encoding for all API endpoints which return JSON
+- Move remote api client to api/
+- Queue calls to the API using generic socket wait 
+
+#### Runtime
+
+- Fix the use of custom settings for bridges and custom bridges
+- Refactor the devicemapper code to avoid many mount/unmount race conditions and failures
+- Remove two panics which could make Docker crash in some situations
+- Don't ping registry from the CLI client
+- Enable skip_block_zeroing for devicemapper. This stops devicemapper from always zeroing entire blocks
+- Fix --run in `docker commit`. This makes docker commit store `--run` in the image configuration
+- Remove directory when removing devicemapper device. This cleans up leftover mount directories
+- Drop NET_ADMIN capability for non-privileged containers. Unprivileged containers can't change their network configuration
+- Ensure `docker cp` stream is closed properly
+- Avoid extra mount/unmount during container registration. This removes an unneeded mount/unmount operation which was causing problems with devicemapper
+- Stop allowing tcp:// as a default tcp bin address which binds to 127.0.0.1:4243 and remove the default port
++ Mount-bind the PTY as container console. This allows tmux and screen to run in a container
+- Clean up archive closing. This fixes and improves archive handling
+- Fix engine tests on systems where temp directories are symlinked
+- Add test methods for save and load
+- Avoid temporarily unmounting the container when restarting it. This fixes a race for devicemapper during restart
+- Support submodules when building from a GitHub repository
+- Quote volume path to allow spaces
+- Fix remote tar ADD behavior. This fixes a regression which was causing Docker to extract tarballs
+
+## 0.8.0 (2014-02-04)
+
+#### Notable features since 0.7.0
+
+* Images and containers can be removed much faster
+* Building an image from source with docker build is now much faster
+* The Docker daemon starts and stops much faster
+* The memory footprint of many common operations has been reduced, by streaming files instead of buffering them in memory, fixing memory leaks, and fixing various suboptimal memory allocations
+* Several race conditions were fixed, making Docker more stable under very high concurrency load. This makes Docker more stable and less likely to crash and reduces the memory footprint of many common operations
+* All packaging operations are now built on the Go language’s standard tar implementation, which is bundled with Docker itself. This makes packaging more portable across host distributions, and solves several issues caused by quirks and incompatibilities between different distributions of tar
+* Docker can now create, remove and modify larger numbers of containers and images graciously thanks to more aggressive releasing of system resources. For example the storage driver API now allows Docker to do reference counting on mounts created by the drivers
+With the ongoing changes to the networking and execution subsystems of docker testing these areas have been a focus of the refactoring.  By moving these subsystems into separate packages we can test, analyze, and monitor coverage and quality of these packages
+* Many components have been separated into smaller sub-packages, each with a dedicated test suite. As a result the code is better-tested, more readable and easier to change
+
+* The ADD instruction now supports caching, which avoids unnecessarily re-uploading the same source content again and again when it hasn’t changed
+* The new ONBUILD instruction adds to your image a “trigger” instruction to be executed at a later time, when the image is used as the base for another build
+* Docker now ships with an experimental storage driver which uses the BTRFS filesystem for copy-on-write
+* Docker is officially supported on Mac OSX
+* The Docker daemon supports systemd socket activation
+
+## 0.7.6 (2014-01-14)
+
+#### Builder
+
+* Do not follow symlink outside of build context
+
+#### Runtime
+
+- Remount bind mounts when ro is specified
+* Use https for fetching docker version
+
+#### Other
+
+* Inline the test.docker.io fingerprint
+* Add ca-certificates to packaging documentation
+
+## 0.7.5 (2014-01-09)
+
+#### Builder
+
+* Disable compression for build. More space usage but a much faster upload
+- Fix ADD caching for certain paths
+- Do not compress archive from git build
+
+#### Documentation
+
+- Fix error in GROUP add example
+* Make sure the GPG fingerprint is inline in the documentation
+* Give more specific advice on setting up signing of commits for DCO
+
+#### Runtime
+
+- Fix misspelled container names
+- Do not add hostname when networking is disabled
+* Return most recent image from the cache by date
+- Return all errors from docker wait
+* Add Content-Type Header "application/json" to GET /version and /info responses 
+
+#### Other
+
+* Update DCO to version 1.1
++ Update Makefile to use "docker:GIT_BRANCH" as the generated image name
+* Update Travis to check for new 1.1 DCO version
+
 ## 0.7.4 (2014-01-07)
 
 #### Builder

CONTRIBUTING.md

@@ -7,8 +7,10 @@ feels wrong or incomplete.
 ## Reporting Issues
 
 When reporting [issues](https://github.com/dotcloud/docker/issues) 
-on Github please include your host OS ( Ubuntu 12.04, Fedora 19, etc... )
-and the output of `docker version` along with the output of `docker info` if possible.  
+on GitHub please include your host OS (Ubuntu 12.04, Fedora 19, etc),
+the output of `uname -a` and the output of `docker version` along with
+the output of `docker info`. Please include the steps required to reproduce
+the problem if possible and applicable.
 This information will help us review and fix your issue faster.
 
 ## Build Environment
@@ -45,7 +47,7 @@ else is working on the same thing.
 
 ### Create issues...
 
-Any significant improvement should be documented as [a github
+Any significant improvement should be documented as [a GitHub
 issue](https://github.com/dotcloud/docker/issues) before anybody
 starts working on it.
 
@@ -86,6 +88,8 @@ curl -o .git/hooks/pre-commit https://raw.github.com/edsrzf/gofmt-git-hook/maste
 Pull requests descriptions should be as clear as possible and include a
 reference to all the issues that they address.
 
+Pull requests must not contain commits from other users or branches.
+
 Code review comments may be added to your pull request. Discuss, then make the
 suggested modifications and push additional commits to your feature branch. Be
 sure to post a comment after pushing. The new commits will show up in the pull
@@ -105,46 +109,95 @@ name and email address match your git configuration. The AUTHORS file is
 regenerated occasionally from the git commit history, so a mismatch may result
 in your changes being overwritten.
 
+### Merge approval
+
+Docker maintainers use LGTM (looks good to me) in comments on the code review
+to indicate acceptance.
+
+A change requires LGTMs from an absolute majority of the maintainers of each
+component affected. For example, if a change affects docs/ and registry/, it
+needs an absolute majority from the maintainers of docs/ AND, separately, an
+absolute majority of the maintainers of registry.
+
+For more details see [MAINTAINERS.md](hack/MAINTAINERS.md)
+
 ### Sign your work
 
 The sign-off is a simple line at the end of the explanation for the
 patch, which certifies that you wrote it or otherwise have the right to
 pass it on as an open-source patch.  The rules are pretty simple: if you
-can certify the below:
+can certify the below (from
+[developercertificate.org](http://developercertificate.org/)):
 
 ```
-Docker Developer Grant and Certificate of Origin 1.0
+Developer Certificate of Origin
+Version 1.1
 
-By making a contribution to the Docker Project ("Project"), I represent and warrant that:
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA
 
-a. The contribution was created in whole or in part by me and I have the right to submit the contribution on my own behalf or on behalf of a third party who has authorized me to submit this contribution to the Project; or
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
 
 
-b. The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right and authorization to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license) that I have identified in the contribution; or
+Developer's Certificate of Origin 1.1
 
-c. The contribution was provided directly to me by some other person who represented and warranted (a) or (b) and I have not modified it.
+By making a contribution to this project, I certify that:
 
-d. I understand and agree that this Project and the contribution are publicly known and that a record of the contribution (including all personal information I submit with it, including my sign-off record) is maintained indefinitely and may be redistributed consistent with this Project or the open source license(s) involved.
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
 
-e. I hereby grant to the Project, Docker, Inc and its successors;  and recipients of software distributed by the Project a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, modify, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this contribution and such modifications and derivative works consistent with this Project, the open source license indicated in the previous work or other appropriate open source license specified by the Project and approved by the Open Source Initiative(OSI) at http://www.opensource.org.
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
 ```
 
-then you just add a line saying
+then you just add a line to every git commit message:
 
-    Docker-DCO-1.0-Signed-off-by: Joe Smith <joe.smith@email.com> (github: github_handle)
+    Docker-DCO-1.1-Signed-off-by: Joe Smith <joe.smith@email.com> (github: github_handle)
 
 using your real name (sorry, no pseudonyms or anonymous contributions.)
 
+One way to automate this, is customise your get ``commit.template`` by adding
+a ``prepare-commit-msg`` hook to your docker checkout:
+
+```
+curl -o .git/hooks/prepare-commit-msg https://raw.github.com/dotcloud/docker/master/contrib/prepare-commit-msg.hook && chmod +x .git/hooks/prepare-commit-msg
+```
+
+* Note: the above script expects to find your GitHub user name in ``git config --get github.user``
+
+#### Small patch exception
+
+There are several exceptions to the signing requirement. Currently these are:
+
+* Your patch fixes spelling or grammar errors.
+* Your patch is a single line change to documentation.
+
 If you have any questions, please refer to the FAQ in the [docs](http://docs.docker.io)
 
-
-
 ### How can I become a maintainer?
 
 * Step 1: learn the component inside out
 * Step 2: make yourself useful by contributing code, bugfixes, support etc.
 * Step 3: volunteer on the irc channel (#docker@freenode)
-* Step 4: propose yourself at a scheduled #docker-meeting
+* Step 4: propose yourself at a scheduled docker meeting in #docker-dev
 
 Don't forget: being a maintainer is a time investment. Make sure you will have time to make yourself available.
 You don't have to be a maintainer to make a difference on the project!

Dockerfile

@@ -6,13 +6,13 @@
 # docker build -t docker .
 #
 # # Mount your source in an interactive container for quick testing:
-# docker run -v `pwd`:/go/src/github.com/dotcloud/docker -privileged -i -t docker bash
+# docker run -v `pwd`:/go/src/github.com/dotcloud/docker --privileged -i -t docker bash
 #
 # # Run the test suite:
-# docker run -privileged docker hack/make.sh test
+# docker run --privileged docker hack/make.sh test
 #
 # # Publish a release:
-# docker run -privileged \
+# docker run --privileged \
 #  -e AWS_S3_BUCKET=baz \
 #  -e AWS_ACCESS_KEY=foo \
 #  -e AWS_SECRET_KEY=bar \
@@ -24,23 +24,23 @@
 #
 
 docker-version	0.6.1
-FROM	stackbrew/ubuntu:12.04
+FROM	ubuntu:13.10
 MAINTAINER	Tianon Gravi <admwiggin@gmail.com> (@tianon)
 
-# Add precise-backports to get s3cmd >= 1.1.0 (so we get ENV variable support in our .s3cfg)
-RUN	echo 'deb http://archive.ubuntu.com/ubuntu precise-backports main universe' > /etc/apt/sources.list.d/backports.list
-
 # Packaged dependencies
 RUN	apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \
 	apt-utils \
 	aufs-tools \
+	automake \
+	btrfs-tools \
 	build-essential \
 	curl \
 	dpkg-sig \
 	git \
 	iptables \
+	libapparmor-dev \
+	libcap-dev \
 	libsqlite3-dev \
-	lxc \
 	mercurial \
 	reprepro \
 	ruby1.9.1 \
@@ -48,37 +48,49 @@ RUN	apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \
 	s3cmd=1.1.0* \
 	--no-install-recommends
 
+# Get and compile LXC 0.8 (since it is the most stable)
+RUN	git clone --no-checkout https://github.com/lxc/lxc.git /usr/local/lxc && cd /usr/local/lxc && git checkout -q lxc-0.8.0
+RUN	cd /usr/local/lxc && ./autogen.sh && ./configure --disable-docs && make && make install
+
 # Get lvm2 source for compiling statically
-RUN	git clone https://git.fedorahosted.org/git/lvm2.git /usr/local/lvm2 && cd /usr/local/lvm2 && git checkout -q v2_02_103
+RUN	git clone --no-checkout https://git.fedorahosted.org/git/lvm2.git /usr/local/lvm2 && cd /usr/local/lvm2 && git checkout -q v2_02_103
 # see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
-# note: we can't use "git clone -b" above because it requires at least git 1.7.10 to be able to use that on a tag instead of a branch and we only have 1.7.9.5
+# note: we don't use "git clone -b" above because it then spews big nasty warnings about 'detached HEAD' state that we can't silence as easily as we can silence them using "git checkout" directly
 
 # Compile and install lvm2
 RUN	cd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper && make install_device-mapper
 # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
 
 # Install Go
-RUN	curl -s https://go.googlecode.com/files/go1.2.src.tar.gz | tar -v -C /usr/local -xz
+RUN	curl -s https://go.googlecode.com/files/go1.2.1.src.tar.gz | tar -v -C /usr/local -xz
 ENV	PATH	/usr/local/go/bin:$PATH
 ENV	GOPATH	/go:/go/src/github.com/dotcloud/docker/vendor
 RUN	cd /usr/local/go/src && ./make.bash --no-clean 2>&1
 
 # Compile Go for cross compilation
-ENV	DOCKER_CROSSPLATFORMS	darwin/amd64 darwin/386
-# TODO add linux/386 and linux/arm
+ENV	DOCKER_CROSSPLATFORMS	\
+	linux/386 linux/arm \
+	darwin/amd64 darwin/386 \
+	freebsd/amd64 freebsd/386 freebsd/arm
+# (set an explicit GOARM of 5 for maximum compatibility)
+ENV	GOARM	5
 RUN	cd /usr/local/go/src && bash -xc 'for platform in $DOCKER_CROSSPLATFORMS; do GOOS=${platform%/*} GOARCH=${platform##*/} ./make.bash --no-clean 2>&1; done'
 
 # Grab Go's cover tool for dead-simple code coverage testing
 RUN	go get code.google.com/p/go.tools/cmd/cover
 
 # TODO replace FPM with some very minimal debhelper stuff
-RUN	gem install --no-rdoc --no-ri fpm --version 1.0.1
+RUN	gem install --no-rdoc --no-ri fpm --version 1.0.2
 
 # Setup s3cmd config
 RUN	/bin/echo -e '[default]\naccess_key=$AWS_ACCESS_KEY\nsecret_key=$AWS_SECRET_KEY' > /.s3cfg
 
+# Set user.email so crosbymichael's in-container merge commits go smoothly
+RUN	git config --global user.email 'docker-dummy@example.com'
+
 VOLUME	/var/lib/docker
 WORKDIR	/go/src/github.com/dotcloud/docker
+ENV	DOCKER_BUILDTAGS	apparmor selinux
 
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT	["hack/dind"]

FIXME

@@ -11,20 +11,14 @@ They are just like FIXME comments in the source code, except we're not sure wher
 to put them - so we put them here :)
 
 
-* Merge Runtime, Server and Builder into Runtime
 * Run linter on codebase
 * Unify build commands and regular commands
 * Move source code into src/ subdir for clarity
 * docker build: on non-existent local path for ADD, don't show full absolute path on the host
-* docker tag foo REPO:TAG
 * use size header for progress bar in pull
 * Clean up context upload in build!!!
 * Parallel pull
-* Always generate a resolv.conf per container, to avoid changing resolv.conf under thne container's feet
-* Save metadata with import/export (#1974)
 * Upgrade dockerd without stopping containers
 * Simple command to remove all untagged images (`docker rmi $(docker images | awk '/^<none>/ { print $3 }')`)
 * Simple command to clean up containers for disk space
-* Caching after an ADD (#880)
 * Clean up the ProgressReader api, it's a PITA to use
-* Use netlink instead of iproute2/iptables (#925)

LICENSE

@@ -176,18 +176,7 @@
 
    END OF TERMS AND CONDITIONS
 
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2014 Docker, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

MAINTAINERS

@@ -1,9 +1,7 @@
 Solomon Hykes <solomon@dotcloud.com> (@shykes)
-Guillaume Charmes <guillaume@dotcloud.com> (@creack)
-Victor Vieux <victor@dotcloud.com> (@vieux)
+Guillaume J. Charmes <guillaume@docker.com> (@creack)
+Victor Vieux <vieux@docker.com> (@vieux)
 Michael Crosby <michael@crosbymichael.com> (@crosbymichael)
 .travis.yml: Tianon Gravi <admwiggin@gmail.com> (@tianon)
-api.go: Victor Vieux <victor@dotcloud.com> (@vieux)
 Dockerfile: Tianon Gravi <admwiggin@gmail.com> (@tianon)
 Makefile: Tianon Gravi <admwiggin@gmail.com> (@tianon)
-Vagrantfile: Daniel Mizyrycki <daniel@dotcloud.com> (@mzdaniel)

Makefile

@@ -1,6 +1,17 @@
-.PHONY: all binary build cross default docs shell test
+.PHONY: all binary build cross default docs docs-build docs-shell shell test test-integration test-integration-cli
 
-DOCKER_RUN_DOCKER := docker run -rm -i -t -privileged -e TESTFLAGS -v $(CURDIR)/bundles:/go/src/github.com/dotcloud/docker/bundles docker
+# to allow `make BINDDIR=. shell` or `make BINDDIR= test`
+BINDDIR := bundles
+# to allow `make DOCSPORT=9000 docs`
+DOCSPORT := 8000
+
+GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
+DOCKER_IMAGE := docker$(if $(GIT_BRANCH),:$(GIT_BRANCH))
+DOCKER_DOCS_IMAGE := docker-docs$(if $(GIT_BRANCH),:$(GIT_BRANCH))
+DOCKER_MOUNT := $(if $(BINDDIR),-v "$(CURDIR)/$(BINDDIR):/go/src/github.com/dotcloud/docker/$(BINDDIR)")
+
+DOCKER_RUN_DOCKER := docker run --rm -it --privileged -e TESTFLAGS -e DOCKER_GRAPHDRIVER -e DOCKER_EXECDRIVER $(DOCKER_MOUNT) "$(DOCKER_IMAGE)"
+DOCKER_RUN_DOCS := docker run --rm -it -p $(if $(DOCSPORT),$(DOCSPORT):)8000 "$(DOCKER_DOCS_IMAGE)"
 
 default: binary
 
@@ -13,17 +24,29 @@ binary: build
 cross: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh binary cross
 
-docs:
-	docker build -t docker-docs docs && docker run -p 8000:8000 docker-docs
+docs: docs-build
+	$(DOCKER_RUN_DOCS)
+
+docs-shell: docs-build
+	$(DOCKER_RUN_DOCS) bash
 
 test: build
-	$(DOCKER_RUN_DOCKER) hack/make.sh test test-integration
+	$(DOCKER_RUN_DOCKER) hack/make.sh binary test test-integration test-integration-cli
+
+test-integration: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh test-integration
+
+test-integration-cli: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh binary test-integration-cli
 
 shell: build
 	$(DOCKER_RUN_DOCKER) bash
 
 build: bundles
-	docker build -t docker .
+	docker build -t "$(DOCKER_IMAGE)" .
+
+docs-build:
+	docker build -t "$(DOCKER_DOCS_IMAGE)" docs
 
 bundles:
 	mkdir bundles

NOTICE

@@ -1,5 +1,5 @@
 Docker
-Copyright 2012-2013 Docker, Inc.
+Copyright 2012-2014 Docker, Inc.
 
 This product includes software developed at Docker, Inc. (http://www.docker.com).
 

README.md

@@ -4,30 +4,30 @@ Docker: the Linux container engine
 Docker is an open source project to pack, ship and run any application
 as a lightweight container
 
-Docker containers are both *hardware-agnostic* and
-*platform-agnostic*. This means that they can run anywhere, from your
-laptop to the largest EC2 compute instance and everything in between -
-and they don't require that you use a particular language, framework
-or packaging system. That makes them great building blocks for
-deploying and scaling web apps, databases and backend services without
-depending on a particular stack or provider.
+Docker containers are both *hardware-agnostic* and *platform-agnostic*.
+This means that they can run anywhere, from your laptop to the largest
+EC2 compute instance and everything in between - and they don't require
+that you use a particular language, framework or packaging system. That
+makes them great building blocks for deploying and scaling web apps,
+databases and backend services without depending on a particular stack
+or provider.
 
 Docker is an open-source implementation of the deployment engine which
-powers [dotCloud](http://dotcloud.com), a popular
-Platform-as-a-Service.  It benefits directly from the experience
-accumulated over several years of large-scale operation and support of
-hundreds of thousands of applications and databases.
+powers [dotCloud](http://dotcloud.com), a popular Platform-as-a-Service.
+It benefits directly from the experience accumulated over several years
+of large-scale operation and support of hundreds of thousands of
+applications and databases.
 
 ![Docker L](docs/theme/docker/static/img/dockerlogo-h.png "Docker")
 
 ## Better than VMs
 
-A common method for distributing applications and sandbox their
+A common method for distributing applications and sandboxing their
 execution is to use virtual machines, or VMs. Typical VM formats are
-VMWare's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In
-theory these formats should allow every developer to automatically
-package their application into a "machine" for easy distribution and
-deployment. In practice, that almost never happens, for a few reasons:
+VMWare's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In theory
+these formats should allow every developer to automatically package
+their application into a "machine" for easy distribution and deployment.
+In practice, that almost never happens, for a few reasons:
 
   * *Size*: VMs are very large which makes them impractical to store
      and transfer.
@@ -47,39 +47,37 @@ deployment. In practice, that almost never happens, for a few reasons:
     service discovery.
 
 By contrast, Docker relies on a different sandboxing method known as
-*containerization*. Unlike traditional virtualization,
-containerization takes place at the kernel level. Most modern
-operating system kernels now support the primitives necessary for
-containerization, including Linux with [openvz](http://openvz.org),
+*containerization*. Unlike traditional virtualization, containerization
+takes place at the kernel level. Most modern operating system kernels
+now support the primitives necessary for containerization, including
+Linux with [openvz](http://openvz.org),
 [vserver](http://linux-vserver.org) and more recently
 [lxc](http://lxc.sourceforge.net), Solaris with
 [zones](http://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc)
 and FreeBSD with
 [Jails](http://www.freebsd.org/doc/handbook/jails.html).
 
-Docker builds on top of these low-level primitives to offer developers
-a portable format and runtime environment that solves all 4
-problems. Docker containers are small (and their transfer can be
-optimized with layers), they have basically zero memory and cpu
-overhead, they are completely portable and are designed from the
-ground up with an application-centric design.
+Docker builds on top of these low-level primitives to offer developers a
+portable format and runtime environment that solves all 4 problems.
+Docker containers are small (and their transfer can be optimized with
+layers), they have basically zero memory and cpu overhead, they are
+completely portable and are designed from the ground up with an
+application-centric design.
 
-The best part: because ``docker`` operates at the OS level, it can
-still be run inside a VM!
+The best part: because Docker operates at the OS level, it can still be
+run inside a VM!
 
 ## Plays well with others
 
 Docker does not require that you buy into a particular programming
 language, framework, packaging system or configuration language.
 
-Is your application a Unix process? Does it use files, tcp
-connections, environment variables, standard Unix streams and
-command-line arguments as inputs and outputs? Then ``docker`` can run
-it.
+Is your application a Unix process? Does it use files, tcp connections,
+environment variables, standard Unix streams and command-line arguments
+as inputs and outputs? Then Docker can run it.
 
 Can your application's build be expressed as a sequence of such
-commands? Then ``docker`` can build it.
-
+commands? Then Docker can build it.
 
 ## Escape dependency hell
 
@@ -126,14 +124,11 @@ build command inherits the result of the previous commands, the
 Here's a typical Docker build process:
 
 ```bash
-from ubuntu:12.10
-run apt-get update
-run DEBIAN_FRONTEND=noninteractive apt-get install -q -y python
-run DEBIAN_FRONTEND=noninteractive apt-get install -q -y python-pip
-run pip install django
-run DEBIAN_FRONTEND=noninteractive apt-get install -q -y curl
-run curl -L https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
-run cd helloflask-master && pip install -r requirements.txt
+FROM ubuntu:12.04
+RUN apt-get update
+RUN apt-get install -q -y python python-pip curl
+RUN curl -L https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
+RUN cd helloflask-master && pip install -r requirements.txt
 ```
 
 Note that Docker doesn't care *how* dependencies are built - as long
@@ -143,22 +138,25 @@ as they can be built by running a Unix command in a container.
 Getting started
 ===============
 
-Docker can be installed on your local machine as well as servers - both bare metal and virtualized.
-It is available as a binary on most modern Linux systems, or as a VM on Windows, Mac and other systems.
+Docker can be installed on your local machine as well as servers - both
+bare metal and virtualized.  It is available as a binary on most modern
+Linux systems, or as a VM on Windows, Mac and other systems.
 
-We also offer an interactive tutorial for quickly learning the basics of using Docker.
-
-
-For up-to-date install instructions and online tutorials, see the [Getting Started page](http://www.docker.io/gettingstarted/).
+We also offer an interactive tutorial for quickly learning the basics of
+using Docker.
 
+For up-to-date install instructions and online tutorials, see the
+[Getting Started page](http://www.docker.io/gettingstarted/).
 
 Usage examples
 ==============
 
-Docker can be used to run short-lived commands, long-running daemons (app servers, databases etc.),
-interactive shell sessions, etc.
+Docker can be used to run short-lived commands, long-running daemons
+(app servers, databases etc.), interactive shell sessions, etc.
 
-You can find a [list of real-world examples](http://docs.docker.io/en/latest/examples/) in the documentation.
+You can find a [list of real-world
+examples](http://docs.docker.io/en/latest/examples/) in the
+documentation.
 
 Under the hood
 --------------
@@ -170,13 +168,7 @@ Under the hood, Docker is built on the following components:
   and
   [namespacing](http://blog.dotcloud.com/under-the-hood-linux-kernels-on-dotcloud-part)
   capabilities of the Linux kernel;
-* [AUFS](http://aufs.sourceforge.net/aufs.html), a powerful union
-  filesystem with copy-on-write capabilities;
-* The [Go](http://golang.org) programming language;
-* [lxc](http://lxc.sourceforge.net/), a set of convenience scripts to
-  simplify the creation of Linux containers.
-
-
+* The [Go](http://golang.org) programming language.
 
 Contributing to Docker
 ======================
@@ -187,7 +179,6 @@ started [here](CONTRIBUTING.md).
 They are probably not perfect, please let us know if anything feels
 wrong or incomplete.
 
-
 ### Legal
 
 *Brought to you courtesy of our legal counsel. For more context,

REMOTE_TODO.md

@@ -1,46 +0,0 @@
-```
-**GET**                                                                 
-                                                                        send objects            deprecate       multi-stream
-TODO    "/events":                              getEvents,              N
-ok      "/info":                                getInfo,                1
-ok      "/version":                             getVersion,             1
-...     "/images/json":                         getImagesJSON,          N
-TODO    "/images/viz":                          getImagesViz,           0                       yes
-TODO    "/images/search":                       getImagesSearch,        N
-#3490   "/images/{name:.*}/get":                getImagesGet,           0
-TODO    "/images/{name:.*}/history":            getImagesHistory,       1
-TODO    "/images/{name:.*}/json":               getImagesByName,        1
-TODO    "/containers/ps":                       getContainersJSON,      N
-TODO    "/containers/json":                     getContainersJSON,      1
-ok      "/containers/{name:.*}/export":         getContainersExport,    0
-TODO    "/containers/{name:.*}/changes":        getContainersChanges,   1
-TODO    "/containers/{name:.*}/json":           getContainersByName,    1
-TODO    "/containers/{name:.*}/top":            getContainersTop,       N
-TODO    "/containers/{name:.*}/attach/ws":      wsContainersAttach,     0                                       yes
-
-**POST**
-TODO    "/auth":                                postAuth,               0                       yes
-ok      "/commit":                              postCommit,             0
-TODO    "/build":                               postBuild,              0                       yes
-TODO    "/images/create":                       postImagesCreate,       N                       yes             yes (pull)
-TODO    "/images/{name:.*}/insert":             postImagesInsert,       N                       yes             yes
-TODO    "/images/load":                         postImagesLoad,         1                                       yes (stdin)
-TODO    "/images/{name:.*}/push":               postImagesPush,         N                                       yes
-ok      "/images/{name:.*}/tag":                postImagesTag,          0
-ok      "/containers/create":                   postContainersCreate,   0
-ok      "/containers/{name:.*}/kill":           postContainersKill,     0
-#3476   "/containers/{name:.*}/restart":        postContainersRestart,  0
-ok      "/containers/{name:.*}/start":          postContainersStart,    0
-ok      "/containers/{name:.*}/stop":           postContainersStop,     0
-ok      "/containers/{name:.*}/wait":           postContainersWait,     0
-ok      "/containers/{name:.*}/resize":         postContainersResize,   0
-TODO    "/containers/{name:.*}/attach":         postContainersAttach,   0                                       yes
-TODO    "/containers/{name:.*}/copy":           postContainersCopy,     0                       yes
-
-**DELETE**
-#3180   "/containers/{name:.*}":                deleteContainers,       0
-TODO    "/images/{name:.*}":                    deleteImages,           N
-
-**OPTIONS**
-ok      "":                                     optionsHandler,         0
-```

VERSION

@@ -1 +1 @@
-0.7.4
+0.10.0

Vagrantfile

@@ -1,176 +0,0 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-BOX_NAME = ENV['BOX_NAME'] || "ubuntu"
-BOX_URI = ENV['BOX_URI'] || "http://files.vagrantup.com/precise64.box"
-VF_BOX_URI = ENV['BOX_URI'] || "http://files.vagrantup.com/precise64_vmware_fusion.box"
-AWS_BOX_URI = ENV['BOX_URI'] || "https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box"
-AWS_REGION = ENV['AWS_REGION'] || "us-east-1"
-AWS_AMI = ENV['AWS_AMI'] || "ami-69f5a900"
-AWS_INSTANCE_TYPE = ENV['AWS_INSTANCE_TYPE'] || 't1.micro'
-
-FORWARD_DOCKER_PORTS = ENV['FORWARD_DOCKER_PORTS']
-
-SSH_PRIVKEY_PATH = ENV["SSH_PRIVKEY_PATH"]
-
-# A script to upgrade from the 12.04 kernel to the raring backport kernel (3.8)
-# and install docker.
-$script = <<SCRIPT
-# The username to add to the docker group will be passed as the first argument
-# to the script.  If nothing is passed, default to "vagrant".
-user="$1"
-if [ -z "$user" ]; then
-    user=vagrant
-fi
-
-# Adding an apt gpg key is idempotent.
-wget -q -O - https://get.docker.io/gpg | apt-key add -
-
-# Creating the docker.list file is idempotent, but it may overwrite desired
-# settings if it already exists.  This could be solved with md5sum but it
-# doesn't seem worth it.
-echo 'deb http://get.docker.io/ubuntu docker main' > \
-    /etc/apt/sources.list.d/docker.list
-
-# Update remote package metadata.  'apt-get update' is idempotent.
-apt-get update -q
-
-# Install docker.  'apt-get install' is idempotent.
-apt-get install -q -y lxc-docker
-
-usermod -a -G docker "$user"
-
-tmp=`mktemp -q` && {
-    # Only install the backport kernel, don't bother upgrading if the backport is
-    # already installed.  We want parse the output of apt so we need to save it
-    # with 'tee'.  NOTE: The installation of the kernel will trigger dkms to
-    # install vboxguest if needed.
-    apt-get install -q -y --no-upgrade linux-image-generic-lts-raring | \
-        tee "$tmp"
-
-    # Parse the number of installed packages from the output
-    NUM_INST=`awk '$2 == "upgraded," && $4 == "newly" { print $3 }' "$tmp"`
-    rm "$tmp"
-}
-
-# If the number of installed packages is greater than 0, we want to reboot (the
-# backport kernel was installed but is not running).
-if [ "$NUM_INST" -gt 0 ];
-then
-    echo "Rebooting down to activate new kernel."
-    echo "/vagrant will not be mounted.  Use 'vagrant halt' followed by"
-    echo "'vagrant up' to ensure /vagrant is mounted."
-    shutdown -r now
-fi
-SCRIPT
-
-# We need to install the virtualbox guest additions *before* we do the normal
-# docker installation.  As such this script is prepended to the common docker
-# install script above.  This allows the install of the backport kernel to
-# trigger dkms to build the virtualbox guest module install.
-$vbox_script = <<VBOX_SCRIPT + $script
-# Install the VirtualBox guest additions if they aren't already installed.
-if [ ! -d /opt/VBoxGuestAdditions-4.3.6/ ]; then
-    # Update remote package metadata.  'apt-get update' is idempotent.
-    apt-get update -q
-
-    # Kernel Headers and dkms are required to build the vbox guest kernel
-    # modules.
-    apt-get install -q -y linux-headers-generic-lts-raring dkms
-
-    echo 'Downloading VBox Guest Additions...'
-    wget -cq http://dlc.sun.com.edgesuite.net/virtualbox/4.3.6/VBoxGuestAdditions_4.3.6.iso
-    echo "95648fcdb5d028e64145a2fe2f2f28c946d219da366389295a61fed296ca79f0  VBoxGuestAdditions_4.3.6.iso" | sha256sum --check || exit 1
-
-    mount -o loop,ro /home/vagrant/VBoxGuestAdditions_4.3.6.iso /mnt
-    /mnt/VBoxLinuxAdditions.run --nox11
-    umount /mnt
-fi
-VBOX_SCRIPT
-
-Vagrant::Config.run do |config|
-  # Setup virtual machine box. This VM configuration code is always executed.
-  config.vm.box = BOX_NAME
-  config.vm.box_url = BOX_URI
-
-  # Use the specified private key path if it is specified and not empty.
-  if SSH_PRIVKEY_PATH
-      config.ssh.private_key_path = SSH_PRIVKEY_PATH
-  end
-
-  config.ssh.forward_agent = true
-end
-
-# Providers were added on Vagrant >= 1.1.0
-#
-# NOTE: The vagrant "vm.provision" appends its arguments to a list and executes
-# them in order.  If you invoke "vm.provision :shell, :inline => $script"
-# twice then vagrant will run the script two times.  Unfortunately when you use
-# providers and the override argument to set up provisioners (like the vbox
-# guest extensions) they 1) don't replace the other provisioners (they append
-# to the end of the list) and 2) you can't control the order the provisioners
-# are executed (you can only append to the list).  If you want the virtualbox
-# only script to run before the other script, you have to jump through a lot of
-# hoops.
-#
-# Here is my only repeatable solution: make one script that is common ($script)
-# and another script that is the virtual box guest *prepended* to the common
-# script.  Only ever use "vm.provision" *one time* per provider.  That means
-# every single provider has an override, and every single one configures
-# "vm.provision".  Much saddness, but such is life.
-Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
-  config.vm.provider :aws do |aws, override|
-    username = "ubuntu"
-    override.vm.box_url = AWS_BOX_URI
-    override.vm.provision :shell, :inline => $script, :args => username
-    aws.access_key_id = ENV["AWS_ACCESS_KEY"]
-    aws.secret_access_key = ENV["AWS_SECRET_KEY"]
-    aws.keypair_name = ENV["AWS_KEYPAIR_NAME"]
-    override.ssh.username = username
-    aws.region = AWS_REGION
-    aws.ami    = AWS_AMI
-    aws.instance_type = AWS_INSTANCE_TYPE
-  end
-
-  config.vm.provider :rackspace do |rs, override|
-    override.vm.provision :shell, :inline => $script
-    rs.username = ENV["RS_USERNAME"]
-    rs.api_key  = ENV["RS_API_KEY"]
-    rs.public_key_path = ENV["RS_PUBLIC_KEY"]
-    rs.flavor   = /512MB/
-    rs.image    = /Ubuntu/
-  end
-
-  config.vm.provider :vmware_fusion do |f, override|
-    override.vm.box_url = VF_BOX_URI
-    override.vm.synced_folder ".", "/vagrant", disabled: true
-    override.vm.provision :shell, :inline => $script
-    f.vmx["displayName"] = "docker"
-  end
-
-  config.vm.provider :virtualbox do |vb, override|
-    override.vm.provision :shell, :inline => $vbox_script
-    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
-    vb.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
-  end
-end
-
-# If this is a version 1 config, virtualbox is the only option.  A version 2
-# config would have already been set in the above provider section.
-Vagrant::VERSION < "1.1.0" and Vagrant::Config.run do |config|
-  config.vm.provision :shell, :inline => $vbox_script
-end
-
-if !FORWARD_DOCKER_PORTS.nil?
-  Vagrant::VERSION < "1.1.0" and Vagrant::Config.run do |config|
-    (49000..49900).each do |port|
-      config.vm.forward_port port, port
-    end
-  end
-
-  Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
-    (49000..49900).each do |port|
-      config.vm.network :forwarded_port, :host => port, :guest => port
-    end
-  end
-end

api/MAINTAINERS

@@ -0,0 +1 @@
+Victor Vieux <vieux@docker.com> (@vieux)

api/api_unit_test.go

@@ -0,0 +1,19 @@
+package api
+
+import (
+	"testing"
+)
+
+func TestJsonContentType(t *testing.T) {
+	if !MatchesContentType("application/json", "application/json") {
+		t.Fail()
+	}
+
+	if !MatchesContentType("application/json; charset=utf-8", "application/json") {
+		t.Fail()
+	}
+
+	if MatchesContentType("dockerapplication/json", "application/json") {
+		t.Fail()
+	}
+}

api/client/cli.go

@@ -0,0 +1,102 @@
+package client
+
+import (
+	"crypto/tls"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"reflect"
+	"strings"
+	"text/template"
+
+	flag "github.com/dotcloud/docker/pkg/mflag"
+	"github.com/dotcloud/docker/pkg/term"
+	"github.com/dotcloud/docker/registry"
+)
+
+var funcMap = template.FuncMap{
+	"json": func(v interface{}) string {
+		a, _ := json.Marshal(v)
+		return string(a)
+	},
+}
+
+func (cli *DockerCli) getMethod(name string) (func(...string) error, bool) {
+	methodName := "Cmd" + strings.ToUpper(name[:1]) + strings.ToLower(name[1:])
+	method := reflect.ValueOf(cli).MethodByName(methodName)
+	if !method.IsValid() {
+		return nil, false
+	}
+	return method.Interface().(func(...string) error), true
+}
+
+func (cli *DockerCli) ParseCommands(args ...string) error {
+	if len(args) > 0 {
+		method, exists := cli.getMethod(args[0])
+		if !exists {
+			fmt.Println("Error: Command not found:", args[0])
+			return cli.CmdHelp(args[1:]...)
+		}
+		return method(args[1:]...)
+	}
+	return cli.CmdHelp(args...)
+}
+
+func (cli *DockerCli) Subcmd(name, signature, description string) *flag.FlagSet {
+	flags := flag.NewFlagSet(name, flag.ContinueOnError)
+	flags.Usage = func() {
+		fmt.Fprintf(cli.err, "\nUsage: docker %s %s\n\n%s\n\n", name, signature, description)
+		flags.PrintDefaults()
+		os.Exit(2)
+	}
+	return flags
+}
+
+func (cli *DockerCli) LoadConfigFile() (err error) {
+	cli.configFile, err = registry.LoadConfig(os.Getenv("HOME"))
+	if err != nil {
+		fmt.Fprintf(cli.err, "WARNING: %s\n", err)
+	}
+	return err
+}
+
+func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string, tlsConfig *tls.Config) *DockerCli {
+	var (
+		isTerminal = false
+		terminalFd uintptr
+	)
+
+	if in != nil {
+		if file, ok := in.(*os.File); ok {
+			terminalFd = file.Fd()
+			isTerminal = term.IsTerminal(terminalFd)
+		}
+	}
+
+	if err == nil {
+		err = out
+	}
+	return &DockerCli{
+		proto:      proto,
+		addr:       addr,
+		in:         in,
+		out:        out,
+		err:        err,
+		isTerminal: isTerminal,
+		terminalFd: terminalFd,
+		tlsConfig:  tlsConfig,
+	}
+}
+
+type DockerCli struct {
+	proto      string
+	addr       string
+	configFile *registry.ConfigFile
+	in         io.ReadCloser
+	out        io.Writer
+	err        io.Writer
+	isTerminal bool
+	terminalFd uintptr
+	tlsConfig  *tls.Config
+}

api/client/utils.go

@@ -0,0 +1,390 @@
+package client
+
+import (
+	"bytes"
+	"crypto/tls"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	gosignal "os/signal"
+	"regexp"
+	goruntime "runtime"
+	"strconv"
+	"strings"
+	"syscall"
+
+	"github.com/dotcloud/docker/api"
+	"github.com/dotcloud/docker/dockerversion"
+	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/pkg/term"
+	"github.com/dotcloud/docker/registry"
+	"github.com/dotcloud/docker/utils"
+)
+
+var (
+	ErrConnectionRefused = errors.New("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
+)
+
+func (cli *DockerCli) dial() (net.Conn, error) {
+	if cli.tlsConfig != nil && cli.proto != "unix" {
+		return tls.Dial(cli.proto, cli.addr, cli.tlsConfig)
+	}
+	return net.Dial(cli.proto, cli.addr)
+}
+
+func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo bool) (io.ReadCloser, int, error) {
+	params := bytes.NewBuffer(nil)
+	if data != nil {
+		if env, ok := data.(engine.Env); ok {
+			if err := env.Encode(params); err != nil {
+				return nil, -1, err
+			}
+		} else {
+			buf, err := json.Marshal(data)
+			if err != nil {
+				return nil, -1, err
+			}
+			if _, err := params.Write(buf); err != nil {
+				return nil, -1, err
+			}
+		}
+	}
+	// fixme: refactor client to support redirect
+	re := regexp.MustCompile("/+")
+	path = re.ReplaceAllString(path, "/")
+
+	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), params)
+	if err != nil {
+		return nil, -1, err
+	}
+	if passAuthInfo {
+		cli.LoadConfigFile()
+		// Resolve the Auth config relevant for this server
+		authConfig := cli.configFile.ResolveAuthConfig(registry.IndexServerAddress())
+		getHeaders := func(authConfig registry.AuthConfig) (map[string][]string, error) {
+			buf, err := json.Marshal(authConfig)
+			if err != nil {
+				return nil, err
+			}
+			registryAuthHeader := []string{
+				base64.URLEncoding.EncodeToString(buf),
+			}
+			return map[string][]string{"X-Registry-Auth": registryAuthHeader}, nil
+		}
+		if headers, err := getHeaders(authConfig); err == nil && headers != nil {
+			for k, v := range headers {
+				req.Header[k] = v
+			}
+		}
+	}
+	req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION)
+	req.Host = cli.addr
+	if data != nil {
+		req.Header.Set("Content-Type", "application/json")
+	} else if method == "POST" {
+		req.Header.Set("Content-Type", "plain/text")
+	}
+	dial, err := cli.dial()
+	if err != nil {
+		if strings.Contains(err.Error(), "connection refused") {
+			return nil, -1, ErrConnectionRefused
+		}
+		return nil, -1, err
+	}
+	clientconn := httputil.NewClientConn(dial, nil)
+	resp, err := clientconn.Do(req)
+	if err != nil {
+		clientconn.Close()
+		if strings.Contains(err.Error(), "connection refused") {
+			return nil, -1, ErrConnectionRefused
+		}
+		return nil, -1, err
+	}
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 400 {
+		body, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return nil, -1, err
+		}
+		if len(body) == 0 {
+			return nil, resp.StatusCode, fmt.Errorf("Error: request returned %s for API route and version %s, check if the server supports the requested API version", http.StatusText(resp.StatusCode), req.URL)
+		}
+		return nil, resp.StatusCode, fmt.Errorf("Error: %s", bytes.TrimSpace(body))
+	}
+
+	wrapper := utils.NewReadCloserWrapper(resp.Body, func() error {
+		if resp != nil && resp.Body != nil {
+			resp.Body.Close()
+		}
+		return clientconn.Close()
+	})
+	return wrapper, resp.StatusCode, nil
+}
+
+func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, headers map[string][]string) error {
+	if (method == "POST" || method == "PUT") && in == nil {
+		in = bytes.NewReader([]byte{})
+	}
+
+	// fixme: refactor client to support redirect
+	re := regexp.MustCompile("/+")
+	path = re.ReplaceAllString(path, "/")
+
+	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), in)
+	if err != nil {
+		return err
+	}
+	req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION)
+	req.Host = cli.addr
+	if method == "POST" {
+		req.Header.Set("Content-Type", "plain/text")
+	}
+
+	if headers != nil {
+		for k, v := range headers {
+			req.Header[k] = v
+		}
+	}
+
+	dial, err := cli.dial()
+	if err != nil {
+		if strings.Contains(err.Error(), "connection refused") {
+			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
+		}
+		return err
+	}
+	clientconn := httputil.NewClientConn(dial, nil)
+	resp, err := clientconn.Do(req)
+	defer clientconn.Close()
+	if err != nil {
+		if strings.Contains(err.Error(), "connection refused") {
+			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
+		}
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 400 {
+		body, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return err
+		}
+		if len(body) == 0 {
+			return fmt.Errorf("Error :%s", http.StatusText(resp.StatusCode))
+		}
+		return fmt.Errorf("Error: %s", bytes.TrimSpace(body))
+	}
+
+	if api.MatchesContentType(resp.Header.Get("Content-Type"), "application/json") {
+		return utils.DisplayJSONMessagesStream(resp.Body, out, cli.terminalFd, cli.isTerminal)
+	}
+	if _, err := io.Copy(out, resp.Body); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.ReadCloser, stdout, stderr io.Writer, started chan io.Closer) error {
+	defer func() {
+		if started != nil {
+			close(started)
+		}
+	}()
+	// fixme: refactor client to support redirect
+	re := regexp.MustCompile("/+")
+	path = re.ReplaceAllString(path, "/")
+
+	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), nil)
+	if err != nil {
+		return err
+	}
+	req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION)
+	req.Header.Set("Content-Type", "plain/text")
+	req.Host = cli.addr
+
+	dial, err := cli.dial()
+	if err != nil {
+		if strings.Contains(err.Error(), "connection refused") {
+			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
+		}
+		return err
+	}
+	clientconn := httputil.NewClientConn(dial, nil)
+	defer clientconn.Close()
+
+	// Server hijacks the connection, error 'connection closed' expected
+	clientconn.Do(req)
+
+	rwc, br := clientconn.Hijack()
+	defer rwc.Close()
+
+	if started != nil {
+		started <- rwc
+	}
+
+	var receiveStdout chan error
+
+	var oldState *term.State
+
+	if in != nil && setRawTerminal && cli.isTerminal && os.Getenv("NORAW") == "" {
+		oldState, err = term.SetRawTerminal(cli.terminalFd)
+		if err != nil {
+			return err
+		}
+		defer term.RestoreTerminal(cli.terminalFd, oldState)
+	}
+
+	if stdout != nil || stderr != nil {
+		receiveStdout = utils.Go(func() (err error) {
+			defer func() {
+				if in != nil {
+					if setRawTerminal && cli.isTerminal {
+						term.RestoreTerminal(cli.terminalFd, oldState)
+					}
+					// For some reason this Close call blocks on darwin..
+					// As the client exists right after, simply discard the close
+					// until we find a better solution.
+					if goruntime.GOOS != "darwin" {
+						in.Close()
+					}
+				}
+			}()
+
+			// When TTY is ON, use regular copy
+			if setRawTerminal {
+				_, err = io.Copy(stdout, br)
+			} else {
+				_, err = utils.StdCopy(stdout, stderr, br)
+			}
+			utils.Debugf("[hijack] End of stdout")
+			return err
+		})
+	}
+
+	sendStdin := utils.Go(func() error {
+		if in != nil {
+			io.Copy(rwc, in)
+			utils.Debugf("[hijack] End of stdin")
+		}
+		if tcpc, ok := rwc.(*net.TCPConn); ok {
+			if err := tcpc.CloseWrite(); err != nil {
+				utils.Debugf("Couldn't send EOF: %s\n", err)
+			}
+		} else if unixc, ok := rwc.(*net.UnixConn); ok {
+			if err := unixc.CloseWrite(); err != nil {
+				utils.Debugf("Couldn't send EOF: %s\n", err)
+			}
+		}
+		// Discard errors due to pipe interruption
+		return nil
+	})
+
+	if stdout != nil || stderr != nil {
+		if err := <-receiveStdout; err != nil {
+			utils.Debugf("Error receiveStdout: %s", err)
+			return err
+		}
+	}
+
+	if !cli.isTerminal {
+		if err := <-sendStdin; err != nil {
+			utils.Debugf("Error sendStdin: %s", err)
+			return err
+		}
+	}
+	return nil
+
+}
+
+func (cli *DockerCli) resizeTty(id string) {
+	height, width := cli.getTtySize()
+	if height == 0 && width == 0 {
+		return
+	}
+	v := url.Values{}
+	v.Set("h", strconv.Itoa(height))
+	v.Set("w", strconv.Itoa(width))
+	if _, _, err := readBody(cli.call("POST", "/containers/"+id+"/resize?"+v.Encode(), nil, false)); err != nil {
+		utils.Debugf("Error resize: %s", err)
+	}
+}
+
+func waitForExit(cli *DockerCli, containerId string) (int, error) {
+	stream, _, err := cli.call("POST", "/containers/"+containerId+"/wait", nil, false)
+	if err != nil {
+		return -1, err
+	}
+
+	var out engine.Env
+	if err := out.Decode(stream); err != nil {
+		return -1, err
+	}
+	return out.GetInt("StatusCode"), nil
+}
+
+// getExitCode perform an inspect on the container. It returns
+// the running state and the exit code.
+func getExitCode(cli *DockerCli, containerId string) (bool, int, error) {
+	body, _, err := readBody(cli.call("GET", "/containers/"+containerId+"/json", nil, false))
+	if err != nil {
+		// If we can't connect, then the daemon probably died.
+		if err != ErrConnectionRefused {
+			return false, -1, err
+		}
+		return false, -1, nil
+	}
+	c := &api.Container{}
+	if err := json.Unmarshal(body, c); err != nil {
+		return false, -1, err
+	}
+	return c.State.Running, c.State.ExitCode, nil
+}
+
+func (cli *DockerCli) monitorTtySize(id string) error {
+	cli.resizeTty(id)
+
+	sigchan := make(chan os.Signal, 1)
+	gosignal.Notify(sigchan, syscall.SIGWINCH)
+	go func() {
+		for _ = range sigchan {
+			cli.resizeTty(id)
+		}
+	}()
+	return nil
+}
+
+func (cli *DockerCli) getTtySize() (int, int) {
+	if !cli.isTerminal {
+		return 0, 0
+	}
+	ws, err := term.GetWinsize(cli.terminalFd)
+	if err != nil {
+		utils.Debugf("Error getting size: %s", err)
+		if ws == nil {
+			return 0, 0
+		}
+	}
+	return int(ws.Height), int(ws.Width)
+}
+
+func readBody(stream io.ReadCloser, statusCode int, err error) ([]byte, int, error) {
+	if stream != nil {
+		defer stream.Close()
+	}
+	if err != nil {
+		return nil, statusCode, err
+	}
+	body, err := ioutil.ReadAll(stream)
+	if err != nil {
+		return nil, -1, err
+	}
+	return body, statusCode, nil
+}

api/common.go

@@ -0,0 +1,47 @@
+package api
+
+import (
+	"fmt"
+	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/pkg/version"
+	"github.com/dotcloud/docker/utils"
+	"mime"
+	"strings"
+)
+
+const (
+	APIVERSION        version.Version = "1.10"
+	DEFAULTHTTPHOST                   = "127.0.0.1"
+	DEFAULTUNIXSOCKET                 = "/var/run/docker.sock"
+)
+
+func ValidateHost(val string) (string, error) {
+	host, err := utils.ParseHost(DEFAULTHTTPHOST, DEFAULTUNIXSOCKET, val)
+	if err != nil {
+		return val, err
+	}
+	return host, nil
+}
+
+//TODO remove, used on < 1.5 in getContainersJSON
+func DisplayablePorts(ports *engine.Table) string {
+	result := []string{}
+	ports.SetKey("PublicPort")
+	ports.Sort()
+	for _, port := range ports.Data {
+		if port.Get("IP") == "" {
+			result = append(result, fmt.Sprintf("%d/%s", port.GetInt("PublicPort"), port.Get("Type")))
+		} else {
+			result = append(result, fmt.Sprintf("%s:%d->%d/%s", port.Get("IP"), port.GetInt("PublicPort"), port.GetInt("PrivatePort"), port.Get("Type")))
+		}
+	}
+	return strings.Join(result, ", ")
+}
+
+func MatchesContentType(contentType, expectedType string) bool {
+	mimetype, _, err := mime.ParseMediaType(contentType)
+	if err != nil {
+		utils.Errorf("Error parsing media type: %s error: %s", contentType, err.Error())
+	}
+	return err == nil && mimetype == expectedType
+}

api/container.go

@@ -0,0 +1,18 @@
+package api
+
+import (
+	"github.com/dotcloud/docker/nat"
+	"github.com/dotcloud/docker/runconfig"
+)
+
+type Container struct {
+	Config     runconfig.Config
+	HostConfig runconfig.HostConfig
+	State      struct {
+		Running  bool
+		ExitCode int
+	}
+	NetworkSettings struct {
+		Ports nat.PortMap
+	}
+}

api/server/server_unit_test.go

@@ -0,0 +1,180 @@
+package server
+
+import (
+	"fmt"
+	"github.com/dotcloud/docker/api"
+	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/utils"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"testing"
+)
+
+func TestGetBoolParam(t *testing.T) {
+	if ret, err := getBoolParam("true"); err != nil || !ret {
+		t.Fatalf("true -> true, nil | got %t %s", ret, err)
+	}
+	if ret, err := getBoolParam("True"); err != nil || !ret {
+		t.Fatalf("True -> true, nil | got %t %s", ret, err)
+	}
+	if ret, err := getBoolParam("1"); err != nil || !ret {
+		t.Fatalf("1 -> true, nil | got %t %s", ret, err)
+	}
+	if ret, err := getBoolParam(""); err != nil || ret {
+		t.Fatalf("\"\" -> false, nil | got %t %s", ret, err)
+	}
+	if ret, err := getBoolParam("false"); err != nil || ret {
+		t.Fatalf("false -> false, nil | got %t %s", ret, err)
+	}
+	if ret, err := getBoolParam("0"); err != nil || ret {
+		t.Fatalf("0 -> false, nil | got %t %s", ret, err)
+	}
+	if ret, err := getBoolParam("faux"); err == nil || ret {
+		t.Fatalf("faux -> false, err | got %t %s", ret, err)
+
+	}
+}
+
+func TesthttpError(t *testing.T) {
+	r := httptest.NewRecorder()
+
+	httpError(r, fmt.Errorf("No such method"))
+	if r.Code != http.StatusNotFound {
+		t.Fatalf("Expected %d, got %d", http.StatusNotFound, r.Code)
+	}
+
+	httpError(r, fmt.Errorf("This accound hasn't been activated"))
+	if r.Code != http.StatusForbidden {
+		t.Fatalf("Expected %d, got %d", http.StatusForbidden, r.Code)
+	}
+
+	httpError(r, fmt.Errorf("Some error"))
+	if r.Code != http.StatusInternalServerError {
+		t.Fatalf("Expected %d, got %d", http.StatusInternalServerError, r.Code)
+	}
+}
+
+func TestGetVersion(t *testing.T) {
+	tmp, err := utils.TestDirectory("")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+	eng, err := engine.New(tmp)
+	if err != nil {
+		t.Fatal(err)
+	}
+	var called bool
+	eng.Register("version", func(job *engine.Job) engine.Status {
+		called = true
+		v := &engine.Env{}
+		v.SetJson("Version", "42.1")
+		v.Set("ApiVersion", "1.1.1.1.1")
+		v.Set("GoVersion", "2.42")
+		v.Set("Os", "Linux")
+		v.Set("Arch", "x86_64")
+		if _, err := v.WriteTo(job.Stdout); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	})
+
+	r := httptest.NewRecorder()
+	req, err := http.NewRequest("GET", "/version", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// FIXME getting the version should require an actual running Server
+	if err := ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+		t.Fatal(err)
+	}
+	if !called {
+		t.Fatalf("handler was not called")
+	}
+	out := engine.NewOutput()
+	v, err := out.AddEnv()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := io.Copy(out, r.Body); err != nil {
+		t.Fatal(err)
+	}
+	out.Close()
+	expected := "42.1"
+	if result := v.Get("Version"); result != expected {
+		t.Errorf("Expected version %s, %s found", expected, result)
+	}
+	expected = "application/json"
+	if result := r.HeaderMap.Get("Content-Type"); result != expected {
+		t.Errorf("Expected Content-Type %s, %s found", expected, result)
+	}
+}
+
+func TestGetInfo(t *testing.T) {
+	tmp, err := utils.TestDirectory("")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+	eng, err := engine.New(tmp)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var called bool
+	eng.Register("info", func(job *engine.Job) engine.Status {
+		called = true
+		v := &engine.Env{}
+		v.SetInt("Containers", 1)
+		v.SetInt("Images", 42000)
+		if _, err := v.WriteTo(job.Stdout); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	})
+
+	r := httptest.NewRecorder()
+	req, err := http.NewRequest("GET", "/info", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// FIXME getting the version should require an actual running Server
+	if err := ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+		t.Fatal(err)
+	}
+	if !called {
+		t.Fatalf("handler was not called")
+	}
+
+	out := engine.NewOutput()
+	i, err := out.AddEnv()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := io.Copy(out, r.Body); err != nil {
+		t.Fatal(err)
+	}
+	out.Close()
+	{
+		expected := 42000
+		result := i.GetInt("Images")
+		if expected != result {
+			t.Fatalf("%#v\n", result)
+		}
+	}
+	{
+		expected := 1
+		result := i.GetInt("Containers")
+		if expected != result {
+			t.Fatalf("%#v\n", result)
+		}
+	}
+	{
+		expected := "application/json"
+		if result := r.HeaderMap.Get("Content-Type"); result != expected {
+			t.Fatalf("%#v\n", result)
+		}
+	}
+}

api_params.go

@@ -1,131 +0,0 @@
-package docker
-
-import "strings"
-
-type (
-	APIHistory struct {
-		ID        string   `json:"Id"`
-		Tags      []string `json:",omitempty"`
-		Created   int64
-		CreatedBy string `json:",omitempty"`
-		Size      int64
-	}
-
-	APIImages struct {
-		ID          string   `json:"Id"`
-		RepoTags    []string `json:",omitempty"`
-		Created     int64
-		Size        int64
-		VirtualSize int64
-		ParentId    string `json:",omitempty"`
-	}
-
-	APIImagesOld struct {
-		Repository  string `json:",omitempty"`
-		Tag         string `json:",omitempty"`
-		ID          string `json:"Id"`
-		Created     int64
-		Size        int64
-		VirtualSize int64
-	}
-
-	APITop struct {
-		Titles    []string
-		Processes [][]string
-	}
-
-	APIRmi struct {
-		Deleted  string `json:",omitempty"`
-		Untagged string `json:",omitempty"`
-	}
-
-	APIContainers struct {
-		ID         string `json:"Id"`
-		Image      string
-		Command    string
-		Created    int64
-		Status     string
-		Ports      []APIPort
-		SizeRw     int64
-		SizeRootFs int64
-		Names      []string
-	}
-
-	APIContainersOld struct {
-		ID         string `json:"Id"`
-		Image      string
-		Command    string
-		Created    int64
-		Status     string
-		Ports      string
-		SizeRw     int64
-		SizeRootFs int64
-	}
-
-	APIID struct {
-		ID string `json:"Id"`
-	}
-
-	APIRun struct {
-		ID       string   `json:"Id"`
-		Warnings []string `json:",omitempty"`
-	}
-
-	APIPort struct {
-		PrivatePort int64
-		PublicPort  int64
-		Type        string
-		IP          string
-	}
-
-	APIWait struct {
-		StatusCode int
-	}
-
-	APIAuth struct {
-		Status string
-	}
-
-	APIImageConfig struct {
-		ID string `json:"Id"`
-		*Config
-	}
-
-	APICopy struct {
-		Resource string
-		HostPath string
-	}
-	APIContainer struct {
-		*Container
-		HostConfig *HostConfig
-	}
-)
-
-func (api APIImages) ToLegacy() []APIImagesOld {
-	outs := []APIImagesOld{}
-	for _, repotag := range api.RepoTags {
-		components := strings.SplitN(repotag, ":", 2)
-		outs = append(outs, APIImagesOld{
-			ID:          api.ID,
-			Repository:  components[0],
-			Tag:         components[1],
-			Created:     api.Created,
-			Size:        api.Size,
-			VirtualSize: api.VirtualSize,
-		})
-	}
-	return outs
-}
-
-func (api APIContainers) ToLegacy() *APIContainersOld {
-	return &APIContainersOld{
-		ID:         api.ID,
-		Image:      api.Image,
-		Command:    api.Command,
-		Created:    api.Created,
-		Status:     api.Status,
-		Ports:      displayablePorts(api.Ports),
-		SizeRw:     api.SizeRw,
-		SizeRootFs: api.SizeRootFs,
-	}
-}

api_unit_test.go

@@ -1,19 +0,0 @@
-package docker
-
-import (
-	"testing"
-)
-
-func TestJsonContentType(t *testing.T) {
-	if !matchesContentType("application/json", "application/json") {
-		t.Fail()
-	}
-
-	if !matchesContentType("application/json; charset=utf-8", "application/json") {
-		t.Fail()
-	}
-
-	if matchesContentType("dockerapplication/json", "application/json") {
-		t.Fail()
-	}
-}

archive/archive.go

@@ -1,31 +1,37 @@
 package archive
 
 import (
-	"archive/tar"
 	"bytes"
 	"compress/bzip2"
 	"compress/gzip"
+	"errors"
 	"fmt"
+	"github.com/dotcloud/docker/pkg/system"
 	"github.com/dotcloud/docker/utils"
+	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 	"io"
 	"io/ioutil"
 	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
+	"strings"
+	"syscall"
 )
 
-type Archive io.Reader
+type (
+	Archive       io.ReadCloser
+	ArchiveReader io.Reader
+	Compression   int
+	TarOptions    struct {
+		Includes    []string
+		Compression Compression
+	}
+)
 
-type Compression int
-
-type TarOptions struct {
-	Includes    []string
-	Excludes    []string
-	Recursive   bool
-	Compression Compression
-	CreateFiles []string
-}
+var (
+	ErrNotImplemented = errors.New("Function not implemented")
+)
 
 const (
 	Uncompressed Compression = iota
@@ -61,13 +67,13 @@ func DetectCompression(source []byte) Compression {
 	return Uncompressed
 }
 
-func xzDecompress(archive io.Reader) (io.Reader, error) {
+func xzDecompress(archive io.Reader) (io.ReadCloser, error) {
 	args := []string{"xz", "-d", "-c", "-q"}
 
-	return CmdStream(exec.Command(args[0], args[1:]...), archive, nil)
+	return CmdStream(exec.Command(args[0], args[1:]...), archive)
 }
 
-func DecompressStream(archive io.Reader) (io.Reader, error) {
+func DecompressStream(archive io.Reader) (io.ReadCloser, error) {
 	buf := make([]byte, 10)
 	totalN := 0
 	for totalN < 10 {
@@ -86,11 +92,11 @@ func DecompressStream(archive io.Reader) (io.Reader, error) {
 
 	switch compression {
 	case Uncompressed:
-		return wrap, nil
+		return ioutil.NopCloser(wrap), nil
 	case Gzip:
 		return gzip.NewReader(wrap)
 	case Bzip2:
-		return bzip2.NewReader(wrap), nil
+		return ioutil.NopCloser(bzip2.NewReader(wrap)), nil
 	case Xz:
 		return xzDecompress(wrap)
 	default:
@@ -98,16 +104,20 @@ func DecompressStream(archive io.Reader) (io.Reader, error) {
 	}
 }
 
-func (compression *Compression) Flag() string {
-	switch *compression {
-	case Bzip2:
-		return "j"
+func CompressStream(dest io.WriteCloser, compression Compression) (io.WriteCloser, error) {
+
+	switch compression {
+	case Uncompressed:
+		return utils.NopWriteCloser(dest), nil
 	case Gzip:
-		return "z"
-	case Xz:
-		return "J"
+		return gzip.NewWriter(dest), nil
+	case Bzip2, Xz:
+		// archive/bzip2 does not support writing, and there is no xz support at all
+		// However, this is not a problem as docker only currently generates gzipped tars
+		return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension())
+	default:
+		return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension())
 	}
-	return ""
 }
 
 func (compression *Compression) Extension() string {
@@ -124,10 +134,163 @@ func (compression *Compression) Extension() string {
 	return ""
 }
 
+func addTarFile(path, name string, tw *tar.Writer) error {
+	fi, err := os.Lstat(path)
+	if err != nil {
+		return err
+	}
+
+	link := ""
+	if fi.Mode()&os.ModeSymlink != 0 {
+		if link, err = os.Readlink(path); err != nil {
+			return err
+		}
+	}
+
+	hdr, err := tar.FileInfoHeader(fi, link)
+	if err != nil {
+		return err
+	}
+
+	if fi.IsDir() && !strings.HasSuffix(name, "/") {
+		name = name + "/"
+	}
+
+	hdr.Name = name
+
+	stat, ok := fi.Sys().(*syscall.Stat_t)
+	if ok {
+		// Currently go does not fill in the major/minors
+		if stat.Mode&syscall.S_IFBLK == syscall.S_IFBLK ||
+			stat.Mode&syscall.S_IFCHR == syscall.S_IFCHR {
+			hdr.Devmajor = int64(major(uint64(stat.Rdev)))
+			hdr.Devminor = int64(minor(uint64(stat.Rdev)))
+		}
+
+	}
+
+	capability, _ := system.Lgetxattr(path, "security.capability")
+	if capability != nil {
+		hdr.Xattrs = make(map[string]string)
+		hdr.Xattrs["security.capability"] = string(capability)
+	}
+
+	if err := tw.WriteHeader(hdr); err != nil {
+		return err
+	}
+
+	if hdr.Typeflag == tar.TypeReg {
+		if file, err := os.Open(path); err != nil {
+			return err
+		} else {
+			_, err := io.Copy(tw, file)
+			if err != nil {
+				return err
+			}
+			file.Close()
+		}
+	}
+
+	return nil
+}
+
+func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader) error {
+	// hdr.Mode is in linux format, which we can use for sycalls,
+	// but for os.Foo() calls we need the mode converted to os.FileMode,
+	// so use hdrInfo.Mode() (they differ for e.g. setuid bits)
+	hdrInfo := hdr.FileInfo()
+
+	switch hdr.Typeflag {
+	case tar.TypeDir:
+		// Create directory unless it exists as a directory already.
+		// In that case we just want to merge the two
+		if fi, err := os.Lstat(path); !(err == nil && fi.IsDir()) {
+			if err := os.Mkdir(path, hdrInfo.Mode()); err != nil {
+				return err
+			}
+		}
+
+	case tar.TypeReg, tar.TypeRegA:
+		// Source is regular file
+		file, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, hdrInfo.Mode())
+		if err != nil {
+			return err
+		}
+		if _, err := io.Copy(file, reader); err != nil {
+			file.Close()
+			return err
+		}
+		file.Close()
+
+	case tar.TypeBlock, tar.TypeChar, tar.TypeFifo:
+		mode := uint32(hdr.Mode & 07777)
+		switch hdr.Typeflag {
+		case tar.TypeBlock:
+			mode |= syscall.S_IFBLK
+		case tar.TypeChar:
+			mode |= syscall.S_IFCHR
+		case tar.TypeFifo:
+			mode |= syscall.S_IFIFO
+		}
+
+		if err := syscall.Mknod(path, mode, int(mkdev(hdr.Devmajor, hdr.Devminor))); err != nil {
+			return err
+		}
+
+	case tar.TypeLink:
+		if err := os.Link(filepath.Join(extractDir, hdr.Linkname), path); err != nil {
+			return err
+		}
+
+	case tar.TypeSymlink:
+		if err := os.Symlink(hdr.Linkname, path); err != nil {
+			return err
+		}
+
+	case tar.TypeXGlobalHeader:
+		utils.Debugf("PAX Global Extended Headers found and ignored")
+		return nil
+
+	default:
+		return fmt.Errorf("Unhandled tar header type %d\n", hdr.Typeflag)
+	}
+
+	if err := os.Lchown(path, hdr.Uid, hdr.Gid); err != nil {
+		return err
+	}
+
+	for key, value := range hdr.Xattrs {
+		if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil {
+			return err
+		}
+	}
+
+	// There is no LChmod, so ignore mode for symlink. Also, this
+	// must happen after chown, as that can modify the file mode
+	if hdr.Typeflag != tar.TypeSymlink {
+		if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
+			return err
+		}
+	}
+
+	ts := []syscall.Timespec{timeToTimespec(hdr.AccessTime), timeToTimespec(hdr.ModTime)}
+	// syscall.UtimesNano doesn't support a NOFOLLOW flag atm, and
+	if hdr.Typeflag != tar.TypeSymlink {
+		if err := system.UtimesNano(path, ts); err != nil {
+			return err
+		}
+	} else {
+		if err := system.LUtimesNano(path, ts); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 // Tar creates an archive from the directory at `path`, and returns it as a
 // stream of bytes.
-func Tar(path string, compression Compression) (io.Reader, error) {
-	return TarFilter(path, &TarOptions{Recursive: true, Compression: compression})
+func Tar(path string, compression Compression) (io.ReadCloser, error) {
+	return TarFilter(path, &TarOptions{Compression: compression})
 }
 
 func escapeName(name string) string {
@@ -148,57 +311,58 @@ func escapeName(name string) string {
 
 // Tar creates an archive from the directory at `path`, only including files whose relative
 // paths are included in `filter`. If `filter` is nil, then all files are included.
-func TarFilter(path string, options *TarOptions) (io.Reader, error) {
-	args := []string{"tar", "--numeric-owner", "-f", "-", "-C", path, "-T", "-"}
-	if options.Includes == nil {
-		options.Includes = []string{"."}
-	}
-	args = append(args, "-c"+options.Compression.Flag())
+func TarFilter(srcPath string, options *TarOptions) (io.ReadCloser, error) {
+	pipeReader, pipeWriter := io.Pipe()
 
-	for _, exclude := range options.Excludes {
-		args = append(args, fmt.Sprintf("--exclude=%s", exclude))
+	compressWriter, err := CompressStream(pipeWriter, options.Compression)
+	if err != nil {
+		return nil, err
 	}
 
-	if !options.Recursive {
-		args = append(args, "--no-recursion")
-	}
+	tw := tar.NewWriter(compressWriter)
 
-	files := ""
-	for _, f := range options.Includes {
-		files = files + escapeName(f) + "\n"
-	}
+	go func() {
+		// In general we log errors here but ignore them because
+		// during e.g. a diff operation the container can continue
+		// mutating the filesystem and we can see transient errors
+		// from this
 
-	tmpDir := ""
-
-	if options.CreateFiles != nil {
-		var err error // Can't use := here or we override the outer tmpDir
-		tmpDir, err = ioutil.TempDir("", "docker-tar")
-		if err != nil {
-			return nil, err
+		if options.Includes == nil {
+			options.Includes = []string{"."}
 		}
 
-		files = files + "-C" + tmpDir + "\n"
-		for _, f := range options.CreateFiles {
-			path := filepath.Join(tmpDir, f)
-			err := os.MkdirAll(filepath.Dir(path), 0600)
-			if err != nil {
-				return nil, err
-			}
+		for _, include := range options.Includes {
+			filepath.Walk(filepath.Join(srcPath, include), func(filePath string, f os.FileInfo, err error) error {
+				if err != nil {
+					utils.Debugf("Tar: Can't stat file %s to tar: %s\n", srcPath, err)
+					return nil
+				}
 
-			if file, err := os.OpenFile(path, os.O_CREATE, 0600); err != nil {
-				return nil, err
-			} else {
-				file.Close()
-			}
-			files = files + escapeName(f) + "\n"
-		}
-	}
+				relFilePath, err := filepath.Rel(srcPath, filePath)
+				if err != nil {
+					return nil
+				}
 
-	return CmdStream(exec.Command(args[0], args[1:]...), bytes.NewBufferString(files), func() {
-		if tmpDir != "" {
-			_ = os.RemoveAll(tmpDir)
+				if err := addTarFile(filePath, relFilePath, tw); err != nil {
+					utils.Debugf("Can't add file %s to tar: %s\n", srcPath, err)
+				}
+				return nil
+			})
 		}
-	})
+
+		// Make sure to check the error on Close.
+		if err := tw.Close(); err != nil {
+			utils.Debugf("Can't close tar writer: %s\n", err)
+		}
+		if err := compressWriter.Close(); err != nil {
+			utils.Debugf("Can't close compress writer: %s\n", err)
+		}
+		if err := pipeWriter.Close(); err != nil {
+			utils.Debugf("Can't close pipe writer: %s\n", err)
+		}
+	}()
+
+	return pipeReader, nil
 }
 
 // Untar reads a stream of bytes from `archive`, parses it as a tar archive,
@@ -206,66 +370,105 @@ func TarFilter(path string, options *TarOptions) (io.Reader, error) {
 // The archive may be compressed with one of the following algorithms:
 //  identity (uncompressed), gzip, bzip2, xz.
 // FIXME: specify behavior when target path exists vs. doesn't exist.
-func Untar(archive io.Reader, path string, options *TarOptions) error {
+func Untar(archive io.Reader, dest string, options *TarOptions) error {
 	if archive == nil {
 		return fmt.Errorf("Empty archive")
 	}
 
-	buf := make([]byte, 10)
-	totalN := 0
-	for totalN < 10 {
-		n, err := archive.Read(buf[totalN:])
+	decompressedArchive, err := DecompressStream(archive)
+	if err != nil {
+		return err
+	}
+	defer decompressedArchive.Close()
+
+	tr := tar.NewReader(decompressedArchive)
+
+	var dirs []*tar.Header
+
+	// Iterate through the files in the archive.
+	for {
+		hdr, err := tr.Next()
+		if err == io.EOF {
+			// end of tar archive
+			break
+		}
 		if err != nil {
-			if err == io.EOF {
-				return fmt.Errorf("Tarball too short")
-			}
 			return err
 		}
-		totalN += n
-		utils.Debugf("[tar autodetect] n: %d", n)
-	}
 
-	compression := DetectCompression(buf)
+		// Normalize name, for safety and for a simple is-root check
+		hdr.Name = filepath.Clean(hdr.Name)
 
-	utils.Debugf("Archive compression detected: %s", compression.Extension())
-	args := []string{"--numeric-owner", "-f", "-", "-C", path, "-x" + compression.Flag()}
+		if !strings.HasSuffix(hdr.Name, "/") {
+			// Not the root directory, ensure that the parent directory exists
+			parent := filepath.Dir(hdr.Name)
+			parentPath := filepath.Join(dest, parent)
+			if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
+				err = os.MkdirAll(parentPath, 0777)
+				if err != nil {
+					return err
+				}
+			}
+		}
 
-	if options != nil {
-		for _, exclude := range options.Excludes {
-			args = append(args, fmt.Sprintf("--exclude=%s", exclude))
+		path := filepath.Join(dest, hdr.Name)
+
+		// If path exits we almost always just want to remove and replace it
+		// The only exception is when it is a directory *and* the file from
+		// the layer is also a directory. Then we want to merge them (i.e.
+		// just apply the metadata from the layer).
+		if fi, err := os.Lstat(path); err == nil {
+			if !(fi.IsDir() && hdr.Typeflag == tar.TypeDir) {
+				if err := os.RemoveAll(path); err != nil {
+					return err
+				}
+			}
+		}
+
+		if err := createTarFile(path, dest, hdr, tr); err != nil {
+			return err
+		}
+
+		// Directory mtimes must be handled at the end to avoid further
+		// file creation in them to modify the directory mtime
+		if hdr.Typeflag == tar.TypeDir {
+			dirs = append(dirs, hdr)
 		}
 	}
 
-	cmd := exec.Command("tar", args...)
-	cmd.Stdin = io.MultiReader(bytes.NewReader(buf), archive)
-	// Hardcode locale environment for predictable outcome regardless of host configuration.
-	//   (see https://github.com/dotcloud/docker/issues/355)
-	cmd.Env = []string{"LANG=en_US.utf-8", "LC_ALL=en_US.utf-8"}
-	output, err := cmd.CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("%s: %s", err, output)
+	for _, hdr := range dirs {
+		path := filepath.Join(dest, hdr.Name)
+		ts := []syscall.Timespec{timeToTimespec(hdr.AccessTime), timeToTimespec(hdr.ModTime)}
+		if err := syscall.UtimesNano(path, ts); err != nil {
+			return err
+		}
 	}
+
 	return nil
 }
 
 // TarUntar is a convenience function which calls Tar and Untar, with
 // the output of one piped into the other. If either Tar or Untar fails,
 // TarUntar aborts and returns the error.
-func TarUntar(src string, filter []string, dst string) error {
-	utils.Debugf("TarUntar(%s %s %s)", src, filter, dst)
-	archive, err := TarFilter(src, &TarOptions{Compression: Uncompressed, Includes: filter, Recursive: true})
+func TarUntar(src string, dst string) error {
+	utils.Debugf("TarUntar(%s %s)", src, dst)
+	archive, err := TarFilter(src, &TarOptions{Compression: Uncompressed})
 	if err != nil {
 		return err
 	}
+	defer archive.Close()
 	return Untar(archive, dst, nil)
 }
 
 // UntarPath is a convenience function which looks for an archive
 // at filesystem path `src`, and unpacks it at `dst`.
 func UntarPath(src, dst string) error {
-	if archive, err := os.Open(src); err != nil {
+	archive, err := os.Open(src)
+	if err != nil {
 		return err
-	} else if err := Untar(archive, dst, nil); err != nil {
+	}
+	defer archive.Close()
+	if err := Untar(archive, dst, nil); err != nil {
 		return err
 	}
 	return nil
@@ -290,7 +493,7 @@ func CopyWithTar(src, dst string) error {
 		return err
 	}
 	utils.Debugf("Calling TarUntar(%s, %s)", src, dst)
-	return TarUntar(src, nil, dst)
+	return TarUntar(src, dst)
 }
 
 // CopyFileWithTar emulates the behavior of the 'cp' command-line
@@ -353,13 +556,10 @@ func CopyFileWithTar(src, dst string) (err error) {
 // CmdStream executes a command, and returns its stdout as a stream.
 // If the command fails to run or doesn't complete successfully, an error
 // will be returned, including anything written on stderr.
-func CmdStream(cmd *exec.Cmd, input io.Reader, atEnd func()) (io.Reader, error) {
+func CmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, error) {
 	if input != nil {
 		stdin, err := cmd.StdinPipe()
 		if err != nil {
-			if atEnd != nil {
-				atEnd()
-			}
 			return nil, err
 		}
 		// Write stdin if any
@@ -370,16 +570,10 @@ func CmdStream(cmd *exec.Cmd, input io.Reader, atEnd func()) (io.Reader, error)
 	}
 	stdout, err := cmd.StdoutPipe()
 	if err != nil {
-		if atEnd != nil {
-			atEnd()
-		}
 		return nil, err
 	}
 	stderr, err := cmd.StderrPipe()
 	if err != nil {
-		if atEnd != nil {
-			atEnd()
-		}
 		return nil, err
 	}
 	pipeR, pipeW := io.Pipe()
@@ -404,9 +598,6 @@ func CmdStream(cmd *exec.Cmd, input io.Reader, atEnd func()) (io.Reader, error)
 		} else {
 			pipeW.Close()
 		}
-		if atEnd != nil {
-			atEnd()
-		}
 	}()
 	// Run the command and return the pipe
 	if err := cmd.Start(); err != nil {
@@ -426,6 +617,9 @@ func NewTempArchive(src Archive, dir string) (*TempArchive, error) {
 	if _, err := io.Copy(f, src); err != nil {
 		return nil, err
 	}
+	if err = f.Sync(); err != nil {
+		return nil, err
+	}
 	if _, err := f.Seek(0, 0); err != nil {
 		return nil, err
 	}

archive/archive_test.go

@@ -3,6 +3,7 @@ package archive
 import (
 	"bytes"
 	"fmt"
+	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 	"io"
 	"io/ioutil"
 	"os"
@@ -14,7 +15,7 @@ import (
 
 func TestCmdStreamLargeStderr(t *testing.T) {
 	cmd := exec.Command("/bin/sh", "-c", "dd if=/dev/zero bs=1k count=1000 of=/dev/stderr; echo hello")
-	out, err := CmdStream(cmd, nil, nil)
+	out, err := CmdStream(cmd, nil)
 	if err != nil {
 		t.Fatalf("Failed to start command: %s", err)
 	}
@@ -35,7 +36,7 @@ func TestCmdStreamLargeStderr(t *testing.T) {
 
 func TestCmdStreamBad(t *testing.T) {
 	badCmd := exec.Command("/bin/sh", "-c", "echo hello; echo >&2 error couldn\\'t reverse the phase pulser; exit 1")
-	out, err := CmdStream(badCmd, nil, nil)
+	out, err := CmdStream(badCmd, nil)
 	if err != nil {
 		t.Fatalf("Failed to start command: %s", err)
 	}
@@ -50,7 +51,7 @@ func TestCmdStreamBad(t *testing.T) {
 
 func TestCmdStreamGood(t *testing.T) {
 	cmd := exec.Command("/bin/sh", "-c", "echo hello; exit 0")
-	out, err := CmdStream(cmd, nil, nil)
+	out, err := CmdStream(cmd, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -66,12 +67,13 @@ func tarUntar(t *testing.T, origin string, compression Compression) error {
 	if err != nil {
 		t.Fatal(err)
 	}
+	defer archive.Close()
 
 	buf := make([]byte, 10)
 	if _, err := archive.Read(buf); err != nil {
 		return err
 	}
-	archive = io.MultiReader(bytes.NewReader(buf), archive)
+	wrap := io.MultiReader(bytes.NewReader(buf), archive)
 
 	detectedCompression := DetectCompression(buf)
 	if detectedCompression.Extension() != compression.Extension() {
@@ -83,12 +85,22 @@ func tarUntar(t *testing.T, origin string, compression Compression) error {
 		return err
 	}
 	defer os.RemoveAll(tmp)
-	if err := Untar(archive, tmp, nil); err != nil {
+	if err := Untar(wrap, tmp, nil); err != nil {
 		return err
 	}
 	if _, err := os.Stat(tmp); err != nil {
 		return err
 	}
+
+	changes, err := ChangesDirs(origin, tmp)
+	if err != nil {
+		return err
+	}
+
+	if len(changes) != 0 {
+		t.Fatalf("Unexpected differences after tarUntar: %v", changes)
+	}
+
 	return nil
 }
 
@@ -108,11 +120,20 @@ func TestTarUntar(t *testing.T) {
 	for _, c := range []Compression{
 		Uncompressed,
 		Gzip,
-		Bzip2,
-		Xz,
 	} {
 		if err := tarUntar(t, origin, c); err != nil {
 			t.Fatalf("Error tar/untar for compression %s: %s", c.Extension(), err)
 		}
 	}
 }
+
+// Some tar archives such as http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev21.tar.gz
+// use PAX Global Extended Headers.
+// Failing prevents the archives from being uncompressed during ADD
+func TestTypeXGlobalHeaderDoesNotFail(t *testing.T) {
+	hdr := tar.Header{Typeflag: tar.TypeXGlobalHeader}
+	err := createTarFile("pax_global_header", "some_dir", &hdr, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+}

archive/changes.go

@@ -1,7 +1,12 @@
 package archive
 
 import (
+	"bytes"
 	"fmt"
+	"github.com/dotcloud/docker/pkg/system"
+	"github.com/dotcloud/docker/utils"
+	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"io"
 	"os"
 	"path/filepath"
 	"strings"
@@ -123,10 +128,11 @@ func Changes(layers []string, rw string) ([]Change, error) {
 }
 
 type FileInfo struct {
-	parent   *FileInfo
-	name     string
-	stat     syscall.Stat_t
-	children map[string]*FileInfo
+	parent     *FileInfo
+	name       string
+	stat       syscall.Stat_t
+	children   map[string]*FileInfo
+	capability []byte
 }
 
 func (root *FileInfo) LookUp(path string) *FileInfo {
@@ -197,7 +203,8 @@ func (info *FileInfo) addChanges(oldInfo *FileInfo, changes *[]Change) {
 				oldStat.Rdev != newStat.Rdev ||
 				// Don't look at size for dirs, its not a good measure of change
 				(oldStat.Size != newStat.Size && oldStat.Mode&syscall.S_IFDIR != syscall.S_IFDIR) ||
-				!sameFsTimeSpec(getLastModification(oldStat), getLastModification(newStat)) {
+				!sameFsTimeSpec(system.GetLastModification(oldStat), system.GetLastModification(newStat)) ||
+				bytes.Compare(oldChild.capability, newChild.capability) != 0 {
 				change := Change{
 					Path: newChild.path(),
 					Kind: ChangeModify,
@@ -272,6 +279,8 @@ func collectFileInfo(sourceDir string) (*FileInfo, error) {
 			return err
 		}
 
+		info.capability, _ = system.Lgetxattr(path, "security.capability")
+
 		parent.children[info.name] = info
 
 		return nil
@@ -310,24 +319,51 @@ func ChangesSize(newDir string, changes []Change) int64 {
 	return size
 }
 
-func ExportChanges(dir string, changes []Change) (Archive, error) {
-	files := make([]string, 0)
-	deletions := make([]string, 0)
-	for _, change := range changes {
-		if change.Kind == ChangeModify || change.Kind == ChangeAdd {
-			files = append(files, change.Path)
-		}
-		if change.Kind == ChangeDelete {
-			base := filepath.Base(change.Path)
-			dir := filepath.Dir(change.Path)
-			deletions = append(deletions, filepath.Join(dir, ".wh."+base))
-		}
-	}
-	// FIXME: Why do we create whiteout files inside Tar code ?
-	return TarFilter(dir, &TarOptions{
-		Compression: Uncompressed,
-		Includes:    files,
-		Recursive:   false,
-		CreateFiles: deletions,
-	})
+func major(device uint64) uint64 {
+	return (device >> 8) & 0xfff
+}
+
+func minor(device uint64) uint64 {
+	return (device & 0xff) | ((device >> 12) & 0xfff00)
+}
+
+func ExportChanges(dir string, changes []Change) (Archive, error) {
+	reader, writer := io.Pipe()
+	tw := tar.NewWriter(writer)
+
+	go func() {
+		// In general we log errors here but ignore them because
+		// during e.g. a diff operation the container can continue
+		// mutating the filesystem and we can see transient errors
+		// from this
+		for _, change := range changes {
+			if change.Kind == ChangeDelete {
+				whiteOutDir := filepath.Dir(change.Path)
+				whiteOutBase := filepath.Base(change.Path)
+				whiteOut := filepath.Join(whiteOutDir, ".wh."+whiteOutBase)
+				hdr := &tar.Header{
+					Name:       whiteOut[1:],
+					Size:       0,
+					ModTime:    time.Now(),
+					AccessTime: time.Now(),
+					ChangeTime: time.Now(),
+				}
+				if err := tw.WriteHeader(hdr); err != nil {
+					utils.Debugf("Can't write whiteout header: %s\n", err)
+				}
+			} else {
+				path := filepath.Join(dir, change.Path)
+				if err := addTarFile(path, change.Path[1:], tw); err != nil {
+					utils.Debugf("Can't add file %s to tar: %s\n", path, err)
+				}
+			}
+		}
+
+		// Make sure to check the error on Close.
+		if err := tw.Close(); err != nil {
+			utils.Debugf("Can't close layer: %s\n", err)
+		}
+		writer.Close()
+	}()
+	return reader, nil
 }

archive/changes_test.go

@@ -138,7 +138,7 @@ func mutateSampleDir(t *testing.T, root string) {
 	}
 
 	// Rewrite a file
-	if err := ioutil.WriteFile(path.Join(root, "file2"), []byte("fileN\n"), 0777); err != nil {
+	if err := ioutil.WriteFile(path.Join(root, "file2"), []byte("fileNN\n"), 0777); err != nil {
 		t.Fatal(err)
 	}
 
@@ -146,12 +146,12 @@ func mutateSampleDir(t *testing.T, root string) {
 	if err := os.RemoveAll(path.Join(root, "file3")); err != nil {
 		t.Fatal(err)
 	}
-	if err := ioutil.WriteFile(path.Join(root, "file3"), []byte("fileM\n"), 0404); err != nil {
+	if err := ioutil.WriteFile(path.Join(root, "file3"), []byte("fileMM\n"), 0404); err != nil {
 		t.Fatal(err)
 	}
 
 	// Touch file
-	if err := os.Chtimes(path.Join(root, "file4"), time.Now(), time.Now()); err != nil {
+	if err := os.Chtimes(path.Join(root, "file4"), time.Now().Add(time.Second), time.Now().Add(time.Second)); err != nil {
 		t.Fatal(err)
 	}
 
@@ -195,7 +195,7 @@ func mutateSampleDir(t *testing.T, root string) {
 	}
 
 	// Touch dir
-	if err := os.Chtimes(path.Join(root, "dir3"), time.Now(), time.Now()); err != nil {
+	if err := os.Chtimes(path.Join(root, "dir3"), time.Now().Add(time.Second), time.Now().Add(time.Second)); err != nil {
 		t.Fatal(err)
 	}
 }

archive/diff.go

@@ -1,9 +1,10 @@
 package archive
 
 import (
-	"archive/tar"
-	"github.com/dotcloud/docker/utils"
+	"fmt"
+	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 	"io"
+	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -29,7 +30,7 @@ func timeToTimespec(time time.Time) (ts syscall.Timespec) {
 
 // ApplyLayer parses a diff in the standard layer format from `layer`, and
 // applies it to the directory `dest`.
-func ApplyLayer(dest string, layer Archive) error {
+func ApplyLayer(dest string, layer ArchiveReader) error {
 	// We need to be able to set any perms
 	oldmask := syscall.Umask(0)
 	defer syscall.Umask(oldmask)
@@ -43,6 +44,9 @@ func ApplyLayer(dest string, layer Archive) error {
 
 	var dirs []*tar.Header
 
+	aufsTempdir := ""
+	aufsHardlinks := make(map[string]*tar.Header)
+
 	// Iterate through the files in the archive.
 	for {
 		hdr, err := tr.Next()
@@ -73,6 +77,22 @@ func ApplyLayer(dest string, layer Archive) error {
 
 		// Skip AUFS metadata dirs
 		if strings.HasPrefix(hdr.Name, ".wh..wh.") {
+			// Regular files inside /.wh..wh.plnk can be used as hardlink targets
+			// We don't want this directory, but we need the files in them so that
+			// such hardlinks can be resolved.
+			if strings.HasPrefix(hdr.Name, ".wh..wh.plnk") && hdr.Typeflag == tar.TypeReg {
+				basename := filepath.Base(hdr.Name)
+				aufsHardlinks[basename] = hdr
+				if aufsTempdir == "" {
+					if aufsTempdir, err = ioutil.TempDir("", "dockerplnk"); err != nil {
+						return err
+					}
+					defer os.RemoveAll(aufsTempdir)
+				}
+				if err := createTarFile(filepath.Join(aufsTempdir, basename), dest, hdr, tr); err != nil {
+					return err
+				}
+			}
 			continue
 		}
 
@@ -89,95 +109,41 @@ func ApplyLayer(dest string, layer Archive) error {
 			// The only exception is when it is a directory *and* the file from
 			// the layer is also a directory. Then we want to merge them (i.e.
 			// just apply the metadata from the layer).
-			hasDir := false
 			if fi, err := os.Lstat(path); err == nil {
-				if fi.IsDir() && hdr.Typeflag == tar.TypeDir {
-					hasDir = true
-				} else {
+				if !(fi.IsDir() && hdr.Typeflag == tar.TypeDir) {
 					if err := os.RemoveAll(path); err != nil {
 						return err
 					}
 				}
 			}
 
-			switch hdr.Typeflag {
-			case tar.TypeDir:
-				if !hasDir {
-					err = os.Mkdir(path, os.FileMode(hdr.Mode))
-					if err != nil {
-						return err
-					}
-				}
-				dirs = append(dirs, hdr)
+			srcData := io.Reader(tr)
+			srcHdr := hdr
 
-			case tar.TypeReg, tar.TypeRegA:
-				// Source is regular file
-				file, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, os.FileMode(hdr.Mode))
+			// Hard links into /.wh..wh.plnk don't work, as we don't extract that directory, so
+			// we manually retarget these into the temporary files we extracted them into
+			if hdr.Typeflag == tar.TypeLink && strings.HasPrefix(filepath.Clean(hdr.Linkname), ".wh..wh.plnk") {
+				linkBasename := filepath.Base(hdr.Linkname)
+				srcHdr = aufsHardlinks[linkBasename]
+				if srcHdr == nil {
+					return fmt.Errorf("Invalid aufs hardlink")
+				}
+				tmpFile, err := os.Open(filepath.Join(aufsTempdir, linkBasename))
 				if err != nil {
 					return err
 				}
-				if _, err := io.Copy(file, tr); err != nil {
-					file.Close()
-					return err
-				}
-				file.Close()
-
-			case tar.TypeBlock, tar.TypeChar, tar.TypeFifo:
-				mode := uint32(hdr.Mode & 07777)
-				switch hdr.Typeflag {
-				case tar.TypeBlock:
-					mode |= syscall.S_IFBLK
-				case tar.TypeChar:
-					mode |= syscall.S_IFCHR
-				case tar.TypeFifo:
-					mode |= syscall.S_IFIFO
-				}
-
-				if err := syscall.Mknod(path, mode, int(mkdev(hdr.Devmajor, hdr.Devminor))); err != nil {
-					return err
-				}
-
-			case tar.TypeLink:
-				if err := os.Link(filepath.Join(dest, hdr.Linkname), path); err != nil {
-					return err
-				}
-
-			case tar.TypeSymlink:
-				if err := os.Symlink(hdr.Linkname, path); err != nil {
-					return err
-				}
-
-			default:
-				utils.Debugf("unhandled type %d\n", hdr.Typeflag)
+				defer tmpFile.Close()
+				srcData = tmpFile
 			}
 
-			if err = syscall.Lchown(path, hdr.Uid, hdr.Gid); err != nil {
+			if err := createTarFile(path, dest, srcHdr, srcData); err != nil {
 				return err
 			}
 
-			// There is no LChmod, so ignore mode for symlink. Also, this
-			// must happen after chown, as that can modify the file mode
-			if hdr.Typeflag != tar.TypeSymlink {
-				err = syscall.Chmod(path, uint32(hdr.Mode&07777))
-				if err != nil {
-					return err
-				}
-			}
-
-			// Directories must be handled at the end to avoid further
-			// file creation in them to modify the mtime
-			if hdr.Typeflag != tar.TypeDir {
-				ts := []syscall.Timespec{timeToTimespec(hdr.AccessTime), timeToTimespec(hdr.ModTime)}
-				// syscall.UtimesNano doesn't support a NOFOLLOW flag atm, and
-				if hdr.Typeflag != tar.TypeSymlink {
-					if err := syscall.UtimesNano(path, ts); err != nil {
-						return err
-					}
-				} else {
-					if err := LUtimesNano(path, ts); err != nil {
-						return err
-					}
-				}
+			// Directory mtimes must be handled at the end to avoid further
+			// file creation in them to modify the directory mtime
+			if hdr.Typeflag == tar.TypeDir {
+				dirs = append(dirs, hdr)
 			}
 		}
 	}

archive/stat_darwin.go

@@ -1,15 +0,0 @@
-package archive
-
-import "syscall"
-
-func getLastAccess(stat *syscall.Stat_t) syscall.Timespec {
-	return stat.Atimespec
-}
-
-func getLastModification(stat *syscall.Stat_t) syscall.Timespec {
-	return stat.Mtimespec
-}
-
-func LUtimesNano(path string, ts []syscall.Timespec) error {
-	return nil
-}

archive/wrap.go

@@ -0,0 +1,59 @@
+package archive
+
+import (
+	"bytes"
+	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"io/ioutil"
+)
+
+// Generate generates a new archive from the content provided
+// as input.
+//
+// `files` is a sequence of path/content pairs. A new file is
+// added to the archive for each pair.
+// If the last pair is incomplete, the file is created with an
+// empty content. For example:
+//
+// Generate("foo.txt", "hello world", "emptyfile")
+//
+// The above call will return an archive with 2 files:
+//  * ./foo.txt with content "hello world"
+//  * ./empty with empty content
+//
+// FIXME: stream content instead of buffering
+// FIXME: specify permissions and other archive metadata
+func Generate(input ...string) (Archive, error) {
+	files := parseStringPairs(input...)
+	buf := new(bytes.Buffer)
+	tw := tar.NewWriter(buf)
+	for _, file := range files {
+		name, content := file[0], file[1]
+		hdr := &tar.Header{
+			Name: name,
+			Size: int64(len(content)),
+		}
+		if err := tw.WriteHeader(hdr); err != nil {
+			return nil, err
+		}
+		if _, err := tw.Write([]byte(content)); err != nil {
+			return nil, err
+		}
+	}
+	if err := tw.Close(); err != nil {
+		return nil, err
+	}
+	return ioutil.NopCloser(buf), nil
+}
+
+func parseStringPairs(input ...string) (output [][2]string) {
+	output = make([][2]string, 0, len(input)/2+1)
+	for i := 0; i < len(input); i += 2 {
+		var pair [2]string
+		pair[0] = input[i]
+		if i+1 < len(input) {
+			pair[1] = input[i+1]
+		}
+		output = append(output, pair)
+	}
+	return
+}

auth/MAINTAINERS

@@ -1,3 +0,0 @@
-Sam Alba <sam@dotcloud.com> (@samalba)
-Joffrey Fuhrer <joffrey@dotcloud.com> (@shin-)
-Ken Cochrane <ken@dotcloud.com> (@kencochrane)

builtins/builtins.go

@@ -0,0 +1,38 @@
+package builtins
+
+import (
+	api "github.com/dotcloud/docker/api/server"
+	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/runtime/networkdriver/bridge"
+	"github.com/dotcloud/docker/server"
+)
+
+func Register(eng *engine.Engine) {
+	daemon(eng)
+	remote(eng)
+}
+
+// remote: a RESTful api for cross-docker communication
+func remote(eng *engine.Engine) {
+	eng.Register("serveapi", api.ServeApi)
+}
+
+// daemon: a default execution and storage backend for Docker on Linux,
+// with the following underlying components:
+//
+// * Pluggable storage drivers including aufs, vfs, lvm and btrfs.
+// * Pluggable execution drivers including lxc and chroot.
+//
+// In practice `daemon` still includes most core Docker components, including:
+//
+// * The reference registry client implementation
+// * Image management
+// * The build facility
+// * Logging
+//
+// These components should be broken off into plugins of their own.
+//
+func daemon(eng *engine.Engine) {
+	eng.Register("initserver", server.InitServer)
+	eng.Register("init_networkdriver", bridge.InitDriver)
+}

cgroups/cgroups.go

@@ -1,101 +0,0 @@
-package cgroups
-
-import (
-	"bufio"
-	"fmt"
-	"github.com/dotcloud/docker/mount"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-)
-
-// https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
-
-func FindCgroupMountpoint(subsystem string) (string, error) {
-	mounts, err := mount.GetMounts()
-	if err != nil {
-		return "", err
-	}
-
-	for _, mount := range mounts {
-		if mount.Fstype == "cgroup" {
-			for _, opt := range strings.Split(mount.VfsOpts, ",") {
-				if opt == subsystem {
-					return mount.Mountpoint, nil
-				}
-			}
-		}
-	}
-
-	return "", fmt.Errorf("cgroup mountpoint not found for %s", subsystem)
-}
-
-// Returns the relative path to the cgroup docker is running in.
-func getThisCgroupDir(subsystem string) (string, error) {
-	f, err := os.Open("/proc/self/cgroup")
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-
-	return parseCgroupFile(subsystem, f)
-}
-
-func parseCgroupFile(subsystem string, r io.Reader) (string, error) {
-	s := bufio.NewScanner(r)
-
-	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return "", err
-		}
-		text := s.Text()
-		parts := strings.Split(text, ":")
-		if parts[1] == subsystem {
-			return parts[2], nil
-		}
-	}
-	return "", fmt.Errorf("cgroup '%s' not found in /proc/self/cgroup", subsystem)
-}
-
-// Returns a list of pids for the given container.
-func GetPidsForContainer(id string) ([]int, error) {
-	pids := []int{}
-
-	// memory is chosen randomly, any cgroup used by docker works
-	subsystem := "memory"
-
-	cgroupRoot, err := FindCgroupMountpoint(subsystem)
-	if err != nil {
-		return pids, err
-	}
-
-	cgroupDir, err := getThisCgroupDir(subsystem)
-	if err != nil {
-		return pids, err
-	}
-
-	filename := filepath.Join(cgroupRoot, cgroupDir, id, "tasks")
-	if _, err := os.Stat(filename); os.IsNotExist(err) {
-		// With more recent lxc versions use, cgroup will be in lxc/
-		filename = filepath.Join(cgroupRoot, cgroupDir, "lxc", id, "tasks")
-	}
-
-	output, err := ioutil.ReadFile(filename)
-	if err != nil {
-		return pids, err
-	}
-	for _, p := range strings.Split(string(output), "\n") {
-		if len(p) == 0 {
-			continue
-		}
-		pid, err := strconv.Atoi(p)
-		if err != nil {
-			return pids, fmt.Errorf("Invalid pid '%s': %s", p, err)
-		}
-		pids = append(pids, pid)
-	}
-	return pids, nil
-}

config.go

@@ -1,51 +0,0 @@
-package docker
-
-import (
-	"github.com/dotcloud/docker/engine"
-	"net"
-)
-
-// FIXME: separate runtime configuration from http api configuration
-type DaemonConfig struct {
-	Pidfile                     string
-	Root                        string
-	AutoRestart                 bool
-	EnableCors                  bool
-	Dns                         []string
-	EnableIptables              bool
-	BridgeIface                 string
-	BridgeIp                    string
-	DefaultIp                   net.IP
-	InterContainerCommunication bool
-	GraphDriver                 string
-	Mtu                         int
-}
-
-// ConfigFromJob creates and returns a new DaemonConfig object
-// by parsing the contents of a job's environment.
-func ConfigFromJob(job *engine.Job) *DaemonConfig {
-	var config DaemonConfig
-	config.Pidfile = job.Getenv("Pidfile")
-	config.Root = job.Getenv("Root")
-	config.AutoRestart = job.GetenvBool("AutoRestart")
-	config.EnableCors = job.GetenvBool("EnableCors")
-	if dns := job.GetenvList("Dns"); dns != nil {
-		config.Dns = dns
-	}
-	config.EnableIptables = job.GetenvBool("EnableIptables")
-	if br := job.Getenv("BridgeIface"); br != "" {
-		config.BridgeIface = br
-	} else {
-		config.BridgeIface = DefaultNetworkBridge
-	}
-	config.BridgeIp = job.Getenv("BridgeIp")
-	config.DefaultIp = net.ParseIP(job.Getenv("DefaultIp"))
-	config.InterContainerCommunication = job.GetenvBool("InterContainerCommunication")
-	config.GraphDriver = job.Getenv("GraphDriver")
-	if mtu := job.GetenvInt("Mtu"); mtu != -1 {
-		config.Mtu = mtu
-	} else {
-		config.Mtu = DefaultNetworkMtu
-	}
-	return &config
-}

config_test.go

@@ -1,149 +0,0 @@
-package docker
-
-import (
-	"testing"
-)
-
-func TestCompareConfig(t *testing.T) {
-	volumes1 := make(map[string]struct{})
-	volumes1["/test1"] = struct{}{}
-	config1 := Config{
-		Dns:         []string{"1.1.1.1", "2.2.2.2"},
-		PortSpecs:   []string{"1111:1111", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "11111111",
-		Volumes:     volumes1,
-	}
-	config2 := Config{
-		Dns:         []string{"0.0.0.0", "2.2.2.2"},
-		PortSpecs:   []string{"1111:1111", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "11111111",
-		Volumes:     volumes1,
-	}
-	config3 := Config{
-		Dns:         []string{"1.1.1.1", "2.2.2.2"},
-		PortSpecs:   []string{"0000:0000", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "11111111",
-		Volumes:     volumes1,
-	}
-	config4 := Config{
-		Dns:         []string{"1.1.1.1", "2.2.2.2"},
-		PortSpecs:   []string{"0000:0000", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "22222222",
-		Volumes:     volumes1,
-	}
-	volumes2 := make(map[string]struct{})
-	volumes2["/test2"] = struct{}{}
-	config5 := Config{
-		Dns:         []string{"1.1.1.1", "2.2.2.2"},
-		PortSpecs:   []string{"0000:0000", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "11111111",
-		Volumes:     volumes2,
-	}
-	if CompareConfig(&config1, &config2) {
-		t.Fatalf("CompareConfig should return false, Dns are different")
-	}
-	if CompareConfig(&config1, &config3) {
-		t.Fatalf("CompareConfig should return false, PortSpecs are different")
-	}
-	if CompareConfig(&config1, &config4) {
-		t.Fatalf("CompareConfig should return false, VolumesFrom are different")
-	}
-	if CompareConfig(&config1, &config5) {
-		t.Fatalf("CompareConfig should return false, Volumes are different")
-	}
-	if !CompareConfig(&config1, &config1) {
-		t.Fatalf("CompareConfig should return true")
-	}
-}
-
-func TestMergeConfig(t *testing.T) {
-	volumesImage := make(map[string]struct{})
-	volumesImage["/test1"] = struct{}{}
-	volumesImage["/test2"] = struct{}{}
-	configImage := &Config{
-		Dns:         []string{"1.1.1.1", "2.2.2.2"},
-		PortSpecs:   []string{"1111:1111", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "1111",
-		Volumes:     volumesImage,
-	}
-
-	volumesUser := make(map[string]struct{})
-	volumesUser["/test3"] = struct{}{}
-	configUser := &Config{
-		Dns:       []string{"3.3.3.3"},
-		PortSpecs: []string{"3333:2222", "3333:3333"},
-		Env:       []string{"VAR2=3", "VAR3=3"},
-		Volumes:   volumesUser,
-	}
-
-	if err := MergeConfig(configUser, configImage); err != nil {
-		t.Error(err)
-	}
-
-	if len(configUser.Dns) != 3 {
-		t.Fatalf("Expected 3 dns, 1.1.1.1, 2.2.2.2 and 3.3.3.3, found %d", len(configUser.Dns))
-	}
-	for _, dns := range configUser.Dns {
-		if dns != "1.1.1.1" && dns != "2.2.2.2" && dns != "3.3.3.3" {
-			t.Fatalf("Expected 1.1.1.1 or 2.2.2.2 or 3.3.3.3, found %s", dns)
-		}
-	}
-
-	if len(configUser.ExposedPorts) != 3 {
-		t.Fatalf("Expected 3 ExposedPorts, 1111, 2222 and 3333, found %d", len(configUser.ExposedPorts))
-	}
-	for portSpecs := range configUser.ExposedPorts {
-		if portSpecs.Port() != "1111" && portSpecs.Port() != "2222" && portSpecs.Port() != "3333" {
-			t.Fatalf("Expected 1111 or 2222 or 3333, found %s", portSpecs)
-		}
-	}
-	if len(configUser.Env) != 3 {
-		t.Fatalf("Expected 3 env var, VAR1=1, VAR2=3 and VAR3=3, found %d", len(configUser.Env))
-	}
-	for _, env := range configUser.Env {
-		if env != "VAR1=1" && env != "VAR2=3" && env != "VAR3=3" {
-			t.Fatalf("Expected VAR1=1 or VAR2=3 or VAR3=3, found %s", env)
-		}
-	}
-
-	if len(configUser.Volumes) != 3 {
-		t.Fatalf("Expected 3 volumes, /test1, /test2 and /test3, found %d", len(configUser.Volumes))
-	}
-	for v := range configUser.Volumes {
-		if v != "/test1" && v != "/test2" && v != "/test3" {
-			t.Fatalf("Expected /test1 or /test2 or /test3, found %s", v)
-		}
-	}
-
-	if configUser.VolumesFrom != "1111" {
-		t.Fatalf("Expected VolumesFrom to be 1111, found %s", configUser.VolumesFrom)
-	}
-
-	ports, _, err := parsePortSpecs([]string{"0000"})
-	if err != nil {
-		t.Error(err)
-	}
-	configImage2 := &Config{
-		ExposedPorts: ports,
-	}
-
-	if err := MergeConfig(configUser, configImage2); err != nil {
-		t.Error(err)
-	}
-
-	if len(configUser.ExposedPorts) != 4 {
-		t.Fatalf("Expected 4 ExposedPorts, 0000, 1111, 2222 and 3333, found %d", len(configUser.ExposedPorts))
-	}
-	for portSpecs := range configUser.ExposedPorts {
-		if portSpecs.Port() != "0000" && portSpecs.Port() != "1111" && portSpecs.Port() != "2222" && portSpecs.Port() != "3333" {
-			t.Fatalf("Expected 0000 or 1111 or 2222 or 3333, found %s", portSpecs)
-		}
-	}
-
-}

contrib/check-config.sh

@@ -0,0 +1,146 @@
+#!/usr/bin/env bash
+set -e
+
+# bits of this were adapted from lxc-checkconfig
+# see also https://github.com/lxc/lxc/blob/lxc-1.0.2/src/lxc/lxc-checkconfig.in
+
+: ${CONFIG:=/proc/config.gz}
+
+if ! command -v zgrep &> /dev/null; then
+	zgrep() {
+		zcat "$2" | grep "$1"
+	}
+fi
+
+is_set() {
+	zgrep "CONFIG_$1=[y|m]" "$CONFIG" > /dev/null
+}
+
+# see http://en.wikipedia.org/wiki/ANSI_escape_code#Colors
+declare -A colors=(
+	[black]=30
+	[red]=31
+	[green]=32
+	[yellow]=33
+	[blue]=34
+	[magenta]=35
+	[cyan]=36
+	[white]=37
+)
+color() {
+	color=()
+	if [ "$1" = 'bold' ]; then
+		color+=( '1' )
+		shift
+	fi
+	if [ $# -gt 0 ] && [ "${colors[$1]}" ]; then
+		color+=( "${colors[$1]}" )
+	fi
+	local IFS=';'
+	echo -en '\033['"${color[*]}"m
+}
+wrap_color() {
+	text="$1"
+	shift
+	color "$@"
+	echo -n "$text"
+	color reset
+	echo
+}
+
+wrap_good() {
+	echo "$(wrap_color "$1" white): $(wrap_color "$2" green)"
+}
+wrap_bad() {
+	echo "$(wrap_color "$1" bold): $(wrap_color "$2" bold red)"
+}
+wrap_warning() {
+	wrap_color >&2 "$*" red
+}
+
+check_flag() {
+	if is_set "$1"; then
+		wrap_good "CONFIG_$1" 'enabled'
+	else
+		wrap_bad "CONFIG_$1" 'missing'
+	fi
+}
+
+check_flags() {
+	for flag in "$@"; do
+		echo "- $(check_flag "$flag")"
+	done
+} 
+
+if [ ! -e "$CONFIG" ]; then
+	wrap_warning "warning: $CONFIG does not exist, searching other paths for kernel config..."
+	for tryConfig in \
+		'/proc/config.gz' \
+		"/boot/config-$(uname -r)" \
+		'/usr/src/linux/.config' \
+	; do
+		if [ -e "$tryConfig" ]; then
+			CONFIG="$tryConfig"
+			break
+		fi
+	done
+	if [ ! -e "$CONFIG" ]; then
+		wrap_warning "error: cannot find kernel config"
+		wrap_warning "  try running this script again, specifying the kernel config:"
+		wrap_warning "    CONFIG=/path/to/kernel/.config $0"
+		exit 1
+	fi
+fi
+
+wrap_color "info: reading kernel config from $CONFIG ..." white
+echo
+
+echo 'Generally Necessary:'
+
+echo -n '- '
+cgroupCpuDir="$(awk '/[, ]cpu([, ]|$)/ && $8 == "cgroup" { print $5 }' /proc/$$/mountinfo | head -n1)"
+cgroupDir="$(dirname "$cgroupCpuDir")"
+if [ -d "$cgroupDir/cpu" ]; then
+	echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]"
+else
+	echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupCpuDir]"
+	echo "    $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)"
+fi
+
+flags=(
+	NAMESPACES {NET,PID,IPC,UTS}_NS
+	DEVPTS_MULTIPLE_INSTANCES
+	CGROUPS CGROUP_DEVICE
+	MACVLAN VETH BRIDGE
+	IP_NF_TARGET_MASQUERADE NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK}
+	NF_NAT NF_NAT_NEEDED
+)
+check_flags "${flags[@]}"
+echo
+
+echo 'Optional Features:'
+flags=(
+	MEMCG_SWAP
+	RESOURCE_COUNTERS
+)
+check_flags "${flags[@]}"
+
+echo '- Storage Drivers:'
+{
+	echo '- "'$(wrap_color 'aufs' blue)'":'
+	check_flags AUFS_FS | sed 's/^/  /'
+	if ! is_set AUFS_FS && grep -q aufs /proc/filesystems; then
+		echo "    $(wrap_color '(note that some kernels include AUFS patches but not the AUFS_FS flag)' bold black)"
+	fi
+
+	echo '- "'$(wrap_color 'btrfs' blue)'":'
+	check_flags BTRFS_FS | sed 's/^/  /'
+
+	echo '- "'$(wrap_color 'devicemapper' blue)'":'
+	check_flags BLK_DEV_DM DM_THIN_PROVISIONING EXT4_FS | sed 's/^/  /'
+} | sed 's/^/  /'
+echo
+
+#echo 'Potential Future Features:'
+#check_flags USER_NS
+#echo

contrib/completion/bash/docker

@@ -21,64 +21,88 @@
 # If the docker daemon is using a unix socket for communication your user
 # must have access to the socket for the completions to function correctly
 
+__docker_q() {
+	docker 2>/dev/null "$@"
+}
+
 __docker_containers_all()
 {
-	local containers
-	containers="$( docker ps -a -q )"
-	names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )"
+	local containers="$( __docker_q ps -a -q )"
+	local names="$( __docker_q inspect --format '{{.Name}}' $containers | sed 's,^/,,' )"
 	COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) )
 }
 
 __docker_containers_running()
 {
-	local containers
-	containers="$( docker ps -q )"
-	names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )"
+	local containers="$( __docker_q ps -q )"
+	local names="$( __docker_q inspect --format '{{.Name}}' $containers | sed 's,^/,,' )"
 	COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) )
 }
 
 __docker_containers_stopped()
 {
-	local containers
-	containers="$( comm -13 <(docker ps -q | sort -u) <(docker ps -a -q | sort -u) )"
-	names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )"
+	local containers="$( { __docker_q ps -a -q; __docker_q ps -q; } | sort | uniq -u )"
+	local names="$( __docker_q inspect --format '{{.Name}}' $containers | sed 's,^/,,' )"
 	COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) )
 }
 
 __docker_image_repos()
 {
-	local repos
-	repos="$( docker images | awk 'NR>1{print $1}' )"
+	local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^<none>$' )"
 	COMPREPLY=( $( compgen -W "$repos" -- "$cur" ) )
 }
 
-__docker_images()
-{
-	local images
-	images="$( docker images | awk 'NR>1{print $1":"$2}' )"
-	COMPREPLY=( $( compgen -W "$images" -- "$cur" ) )
-	__ltrim_colon_completions "$cur"
-}
-
 __docker_image_repos_and_tags()
 {
-	local repos images
-	repos="$( docker images | awk 'NR>1{print $1}' )"
-	images="$( docker images | awk 'NR>1{print $1":"$2}' )"
+	local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^<none>$' )"
+	local images="$( __docker_q images | awk 'NR>1{print $1":"$2}' | grep -v '^<none>:' )"
 	COMPREPLY=( $( compgen -W "$repos $images" -- "$cur" ) )
 	__ltrim_colon_completions "$cur"
 }
 
+__docker_image_repos_and_tags_and_ids()
+{
+	local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^<none>$' )"
+	local images="$( __docker_q images | awk 'NR>1{print $1":"$2}' | grep -v '^<none>:' )"
+	local ids="$( __docker_q images -a -q )"
+	COMPREPLY=( $( compgen -W "$repos $images $ids" -- "$cur" ) )
+	__ltrim_colon_completions "$cur"
+}
+
 __docker_containers_and_images()
 {
-	local containers images
-	containers="$( docker ps -a -q )"
-	names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )"
-	images="$( docker images | awk 'NR>1{print $1":"$2}' )"
-	COMPREPLY=( $( compgen -W "$images $names $containers" -- "$cur" ) )
+	local containers="$( __docker_q ps -a -q )"
+	local names="$( __docker_q inspect --format '{{.Name}}' $containers | sed 's,^/,,' )"
+	local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^<none>$' )"
+	local images="$( __docker_q images | awk 'NR>1{print $1":"$2}' | grep -v '^<none>:' )"
+	local ids="$( __docker_q images -a -q )"
+	COMPREPLY=( $( compgen -W "$containers $names $repos $images $ids" -- "$cur" ) )
 	__ltrim_colon_completions "$cur"
 }
 
+__docker_pos_first_nonflag()
+{
+	local argument_flags=$1
+
+	local counter=$cpos
+	while [ $counter -le $cword ]; do
+		if [ -n "$argument_flags" ] && eval "case '${words[$counter]}' in $argument_flags) true ;; *) false ;; esac"; then
+			(( counter++ ))
+		else
+			case "${words[$counter]}" in
+				-*)
+					;;
+				*)
+					break
+					;;
+			esac
+		fi
+		(( counter++ ))
+	done
+
+	echo $counter
+}
+
 _docker_docker()
 {
 	case "$prev" in
@@ -101,15 +125,24 @@ _docker_docker()
 
 _docker_attach()
 {
-	if [ $cpos -eq $cword ]; then
-		__docker_containers_running
-	fi
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "--no-stdin --sig-proxy" -- "$cur" ) )
+			;;
+		*)
+			local counter="$(__docker_pos_first_nonflag)"
+			if [ $cword -eq $counter ]; then
+				__docker_containers_running
+			fi
+			;;
+	esac
 }
 
 _docker_build()
 {
 	case "$prev" in
-		-t)
+		-t|--tag)
+			__docker_image_repos_and_tags
 			return
 			;;
 		*)
@@ -118,10 +151,13 @@ _docker_build()
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "-no-cache -t -q -rm" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "-t --tag -q --quiet --no-cache --rm" -- "$cur" ) )
 			;;
 		*)
-			_filedir
+			local counter="$(__docker_pos_first_nonflag '-t|--tag')"
+			if [ $cword -eq $counter ]; then
+				_filedir
+			fi
 			;;
 	esac
 }
@@ -129,7 +165,7 @@ _docker_build()
 _docker_commit()
 {
 	case "$prev" in
-		-author|-m|-run)
+		-m|--message|-a|--author|--run)
 			return
 			;;
 		*)
@@ -138,26 +174,20 @@ _docker_commit()
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "-author -m -run" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "-m --message -a --author --run" -- "$cur" ) )
 			;;
 		*)
-			local counter=$cpos
-			while [ $counter -le $cword ]; do
-				case "${words[$counter]}" in
-					-author|-m|-run)
-						(( counter++ ))
-						;;
-					-*)
-						;;
-					*)
-						break
-						;;
-				esac
-				(( counter++ ))
-			done
+			local counter=$(__docker_pos_first_nonflag '-m|--message|-a|--author|--run')
 
-			if [ $counter -eq $cword ]; then
+			if [ $cword -eq $counter ]; then
 				__docker_containers_all
+				return
+			fi
+			(( counter++ ))
+
+			if [ $cword -eq $counter ]; then
+				__docker_image_repos_and_tags
+				return
 			fi
 			;;
 	esac
@@ -165,16 +195,32 @@ _docker_commit()
 
 _docker_cp()
 {
-	if [ $cpos -eq $cword ]; then
-		__docker_containers_all
-	else
+	local counter=$(__docker_pos_first_nonflag)
+	if [ $cword -eq $counter ]; then
+		case "$cur" in
+			*:)
+				return
+				;;
+			*)
+				__docker_containers_all
+				COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) )
+				compopt -o nospace
+				return
+				;;
+		esac
+	fi
+	(( counter++ ))
+
+	if [ $cword -eq $counter ]; then
 		_filedir
+		return
 	fi
 }
 
 _docker_diff()
 {
-	if [ $cpos -eq $cword ]; then
+	local counter=$(__docker_pos_first_nonflag)
+	if [ $cword -eq $counter ]; then
 		__docker_containers_all
 	fi
 }
@@ -182,7 +228,7 @@ _docker_diff()
 _docker_events()
 {
 	case "$prev" in
-		-since)
+		--since)
 			return
 			;;
 		*)
@@ -191,7 +237,7 @@ _docker_events()
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "-since" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "--since" -- "$cur" ) )
 			;;
 		*)
 			;;
@@ -200,45 +246,44 @@ _docker_events()
 
 _docker_export()
 {
-	if [ $cpos -eq $cword ]; then
+	local counter=$(__docker_pos_first_nonflag)
+	if [ $cword -eq $counter ]; then
 		__docker_containers_all
 	fi
 }
 
 _docker_help()
 {
-	if [ $cpos -eq $cword ]; then
+	local counter=$(__docker_pos_first_nonflag)
+	if [ $cword -eq $counter ]; then
 		COMPREPLY=( $( compgen -W "$commands" -- "$cur" ) )
 	fi
 }
 
 _docker_history()
 {
-	if [ $cpos -eq $cword ]; then
-		__docker_image_repos_and_tags
-	fi
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "-q --quiet --no-trunc" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_image_repos_and_tags_and_ids
+			fi
+			;;
+	esac
 }
 
 _docker_images()
 {
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "-a -notrunc -q -viz" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "-q --quiet -a --all --no-trunc -v --viz -t --tree" -- "$cur" ) )
 			;;
 		*)
-			local counter=$cpos
-			while [ $counter -le $cword ]; do
-				case "${words[$counter]}" in
-					-*)
-						;;
-					*)
-						break
-						;;
-				esac
-				(( counter++ ))
-			done
-
-			if [ $counter -eq $cword ]; then
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
 				__docker_image_repos
 			fi
 			;;
@@ -247,7 +292,16 @@ _docker_images()
 
 _docker_import()
 {
-	return
+	local counter=$(__docker_pos_first_nonflag)
+	if [ $cword -eq $counter ]; then
+		return
+	fi
+	(( counter++ ))
+
+	if [ $cword -eq $counter ]; then
+		__docker_image_repos_and_tags
+		return
+	fi
 }
 
 _docker_info()
@@ -257,25 +311,16 @@ _docker_info()
 
 _docker_insert()
 {
-	if [ $cpos -eq $cword ]; then
-		__docker_image_repos_and_tags
+	local counter=$(__docker_pos_first_nonflag)
+	if [ $cword -eq $counter ]; then
+		__docker_image_repos_and_tags_and_ids
 	fi
 }
 
 _docker_inspect()
-{
-	__docker_containers_and_images
-}
-
-_docker_kill()
-{
-	__docker_containers_running
-}
-
-_docker_login()
 {
 	case "$prev" in
-		-e|-p|-u)
+		-f|--format)
 			return
 			;;
 		*)
@@ -284,7 +329,37 @@ _docker_login()
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "-e -p -u" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "-f --format" -- "$cur" ) )
+			;;
+		*)
+			__docker_containers_and_images
+			;;
+	esac
+}
+
+_docker_kill()
+{
+	__docker_containers_running
+}
+
+_docker_load()
+{
+	return
+}
+
+_docker_login()
+{
+	case "$prev" in
+		-u|--username|-p|--password|-e|--email)
+			return
+			;;
+		*)
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "-u --username -p --password -e --email" -- "$cur" ) )
 			;;
 		*)
 			;;
@@ -293,14 +368,23 @@ _docker_login()
 
 _docker_logs()
 {
-	if [ $cpos -eq $cword ]; then
-		__docker_containers_all
-	fi
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "-f --follow" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+			if [ $cword -eq $counter ]; then
+				__docker_containers_all
+			fi
+			;;
+	esac
 }
 
 _docker_port()
 {
-	if [ $cpos -eq $cword ]; then
+	local counter=$(__docker_pos_first_nonflag)
+	if [ $cword -eq $counter ]; then
 		__docker_containers_all
 	fi
 }
@@ -308,7 +392,10 @@ _docker_port()
 _docker_ps()
 {
 	case "$prev" in
-		-beforeId|-n|-sinceId)
+		--since|--before)
+ 			__docker_containers_all
+			;;
+		-n)
 			return
 			;;
 		*)
@@ -317,7 +404,7 @@ _docker_ps()
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "-a -beforeId -l -n -notrunc -q -s -sinceId" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "-q --quiet -s --size -a --all --no-trunc -l --latest --since --before -n" -- "$cur" ) )
 			;;
 		*)
 			;;
@@ -327,7 +414,7 @@ _docker_ps()
 _docker_pull()
 {
 	case "$prev" in
-		-t)
+		-t|--tag)
 			return
 			;;
 		*)
@@ -336,22 +423,31 @@ _docker_pull()
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "-t" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "-t --tag" -- "$cur" ) )
 			;;
 		*)
+			local counter=$(__docker_pos_first_nonflag '-t|--tag')
+			if [ $cword -eq $counter ]; then
+				__docker_image_repos_and_tags
+			fi
 			;;
 	esac
 }
 
 _docker_push()
 {
-	__docker_image_repos
+	local counter=$(__docker_pos_first_nonflag)
+	if [ $cword -eq $counter ]; then
+		__docker_image_repos
+		# TODO replace this with __docker_image_repos_and_tags
+		# see https://github.com/dotcloud/docker/issues/3411
+	fi
 }
 
 _docker_restart()
 {
 	case "$prev" in
-		-t)
+		-t|--time)
 			return
 			;;
 		*)
@@ -360,7 +456,7 @@ _docker_restart()
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "-t" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "-t --time" -- "$cur" ) )
 			;;
 		*)
 			__docker_containers_all
@@ -372,7 +468,7 @@ _docker_rm()
 {
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "-v" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "-v --volumes -l --link" -- "$cur" ) )
 			;;
 		*)
 			__docker_containers_stopped
@@ -382,19 +478,27 @@ _docker_rm()
 
 _docker_rmi()
 {
-	__docker_image_repos_and_tags
+	__docker_image_repos_and_tags_and_ids
 }
 
 _docker_run()
 {
 	case "$prev" in
-		-cidfile)
+		--cidfile)
 			_filedir
 			;;
-		-volumes-from)
+		--volumes-from)
 			__docker_containers_all
 			;;
-		-a|-c|-dns|-e|-entrypoint|-h|-lxc-conf|-m|-p|-u|-v|-w)
+		-v|--volume)
+			# TODO something magical with colons and _filedir ?
+			return
+			;;
+		-e|--env)
+			COMPREPLY=( $( compgen -e -- "$cur" ) )
+			return
+			;;
+		--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf)
 			return
 			;;
 		*)
@@ -403,45 +507,30 @@ _docker_run()
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "-a -c -cidfile -d -dns -e -entrypoint -h -i -lxc-conf -m -n -p -privileged -t -u -v -volumes-from -w" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env -p --publish --expose --dns --volumes-from --lxc-conf" -- "$cur" ) )
 			;;
 		*)
-			local counter=$cpos
-			while [ $counter -le $cword ]; do
-				case "${words[$counter]}" in
-					-a|-c|-cidfile|-dns|-e|-entrypoint|-h|-lxc-conf|-m|-p|-u|-v|-volumes-from|-w)
-						(( counter++ ))
-						;;
-					-*)
-						;;
-					*)
-						break
-						;;
-				esac
-				(( counter++ ))
-			done
+			local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf')
 
-			if [ $counter -eq $cword ]; then
-				__docker_image_repos_and_tags
+			if [ $cword -eq $counter ]; then
+				__docker_image_repos_and_tags_and_ids
 			fi
 			;;
 	esac
 }
 
+_docker_save()
+{
+	local counter=$(__docker_pos_first_nonflag)
+	if [ $cword -eq $counter ]; then
+		__docker_image_repos_and_tags_and_ids
+	fi
+}
+
 _docker_search()
-{
-	COMPREPLY=( $( compgen -W "-notrunc" "-stars" "-trusted" -- "$cur" ) )
-}
-
-_docker_start()
-{
-	__docker_containers_stopped
-}
-
-_docker_stop()
 {
 	case "$prev" in
-		-t)
+		-s|--stars)
 			return
 			;;
 		*)
@@ -450,7 +539,38 @@ _docker_stop()
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "-t" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "--no-trunc -t --trusted -s --stars" -- "$cur" ) )
+			;;
+		*)
+			;;
+	esac
+}
+
+_docker_start()
+{
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "-a --attach -i --interactive" -- "$cur" ) )
+			;;
+		*)
+			__docker_containers_stopped
+			;;
+	esac
+}
+
+_docker_stop()
+{
+	case "$prev" in
+		-t|--time)
+			return
+			;;
+		*)
+			;;
+	esac
+
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "-t --time" -- "$cur" ) )
 			;;
 		*)
 			__docker_containers_running
@@ -460,12 +580,31 @@ _docker_stop()
 
 _docker_tag()
 {
-	COMPREPLY=( $( compgen -W "-f" -- "$cur" ) )
+	case "$cur" in
+		-*)
+			COMPREPLY=( $( compgen -W "-f --force" -- "$cur" ) )
+			;;
+		*)
+			local counter=$(__docker_pos_first_nonflag)
+
+			if [ $cword -eq $counter ]; then
+				__docker_image_repos_and_tags
+				return
+			fi
+			(( counter++ ))
+
+			if [ $cword -eq $counter ]; then
+				__docker_image_repos_and_tags
+				return
+			fi
+			;;
+	esac
 }
 
 _docker_top()
 {
-	if [ $cpos -eq $cword ]; then
+	local counter=$(__docker_pos_first_nonflag)
+	if [ $cword -eq $counter ]; then
 		__docker_containers_running
 	fi
 }
@@ -482,7 +621,6 @@ _docker_wait()
 
 _docker()
 {
-	local cur prev words cword command="docker" counter=1 word cpos
 	local commands="
 			attach
 			build
@@ -498,6 +636,7 @@ _docker()
 			insert
 			inspect
 			kill
+			load
 			login
 			logs
 			port
@@ -508,6 +647,7 @@ _docker()
 			rm
 			rmi
 			run
+			save
 			search
 			start
 			stop
@@ -518,18 +658,20 @@ _docker()
 		"
 
 	COMPREPLY=()
+	local cur prev words cword
 	_get_comp_words_by_ref -n : cur prev words cword
 
+	local command='docker'
+	local counter=1
 	while [ $counter -lt $cword ]; do
-		word="${words[$counter]}"
-		case "$word" in
+		case "${words[$counter]}" in
 			-H)
 				(( counter++ ))
 				;;
 			-*)
 				;;
 			*)
-				command="$word"
+				command="${words[$counter]}"
 				cpos=$counter
 				(( cpos++ ))
 				break

contrib/completion/fish/docker.fish

@@ -0,0 +1,261 @@
+# docker.fish - docker completions for fish shell
+#
+# This file is generated by gen_docker_fish_completions.py from:
+# https://github.com/barnybug/docker-fish-completion
+#
+# To install the completions:
+# mkdir -p ~/.config/fish/completions
+# cp docker.fish ~/.config/fish/completions
+#
+# Completion supported:
+# - parameters
+# - commands
+# - containers
+# - images
+# - repositories
+
+function __fish_docker_no_subcommand --description 'Test if docker has yet to be given the subcommand'
+    for i in (commandline -opc)
+        if contains -- $i attach build commit cp diff events export history images import info insert inspect kill load login logs port ps pull push restart rm rmi run save search start stop tag top version wait
+            return 1
+        end
+    end
+    return 0
+end
+
+function __fish_print_docker_containers --description 'Print a list of docker containers' -a select
+    switch $select
+        case running
+            docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS="  +"}; $5 ~ "^Up" {print $1 "\n" $(NF-1)}' | tr ',' '\n'
+        case stopped
+            docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS="  +"}; $5 ~ "^Exit" {print $1 "\n" $(NF-1)}' | tr ',' '\n'
+        case all
+            docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS="  +"}; {print $1 "\n" $(NF-1)}' | tr ',' '\n'
+    end
+end
+
+function __fish_print_docker_images --description 'Print a list of docker images'
+    docker images | command awk 'NR>1' | command grep -v '<none>' | command awk '{print $1":"$2}'
+end
+
+function __fish_print_docker_repositories --description 'Print a list of docker repositories'
+    docker images | command awk 'NR>1' | command grep -v '<none>' | command awk '{print $1}' | command sort | command uniq
+end
+
+# common options
+complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s G -l group -d "Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group"
+complete -c docker -f -n '__fish_docker_no_subcommand' -s H -l host -d 'tcp://host:port, unix://path/to/socket, fd://* or fd://socketfd to use in daemon mode. Multiple sockets can be specified'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l api-enable-cors -d 'Enable CORS headers in the remote API'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s b -l bridge -d "Attach containers to a pre-existing network bridge; use 'none' to disable container networking"
+complete -c docker -f -n '__fish_docker_no_subcommand' -l bip -d "Use this CIDR notation address for the network bridge's IP, not compatible with -b"
+complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable daemon mode'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force docker to use specific DNS servers'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s e -l exec-driver -d 'Force the docker runtime to use a specific exec driver'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the docker runtime'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Enable inter-container communication'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Disable enabling of net.ipv4.ip_forward'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Disable docker's addition of iptables rules"
+complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s p -l pidfile -d 'Path to use for daemon PID file'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s r -l restart -d 'Restart previously running containers'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s s -l storage-driver -d 'Force the docker runtime to use a specific storage driver'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s v -l version -d 'Print version information and quit'
+
+# subcommands
+# attach
+complete -c docker -f -n '__fish_docker_no_subcommand' -a attach -d 'Attach to a running container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l no-stdin -d 'Do not attach stdin'
+complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d 'Proxify all received signal to the process (even in non-tty mode)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# build
+complete -c docker -f -n '__fish_docker_no_subcommand' -a build -d 'Build a container from a Dockerfile'
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l no-cache -d 'Do not use cache when building the image'
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress the verbose output generated by the containers'
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l rm -d 'Remove intermediate containers after a successful build'
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d 'Repository name (and optionally a tag) to be applied to the resulting image in case of success'
+
+# commit
+complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes"
+complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (eg. "John Hannibal Smith <hannibal@a-team.com>"'
+complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message'
+complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Config automatically applied when the image is run. (ex: -run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')'
+complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container"
+
+# cp
+complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d 'Copy files/folders from the containers filesystem to the host path'
+
+# diff
+complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem"
+complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -a '(__fish_print_docker_containers all)' -d "Container"
+
+# events
+complete -c docker -f -n '__fish_docker_no_subcommand' -a events -d 'Get real time events from the server'
+complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l since -d 'Show previously created events and then stream.'
+
+# export
+complete -c docker -f -n '__fish_docker_no_subcommand' -a export -d 'Stream the contents of a container as a tar archive'
+complete -c docker -A -f -n '__fish_seen_subcommand_from export' -a '(__fish_print_docker_containers all)' -d "Container"
+
+# history
+complete -c docker -f -n '__fish_docker_no_subcommand' -a history -d 'Show the history of an image'
+complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l no-trunc -d "Don't truncate output"
+complete -c docker -A -f -n '__fish_seen_subcommand_from history' -s q -l quiet -d 'Only show numeric IDs'
+complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_print_docker_images)' -d "Image"
+
+# images
+complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate image layers)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output"
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'Only show numeric IDs'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s t -l tree -d 'Output graph in tree format'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s v -l viz -d 'Output graph in graphviz format'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -a '(__fish_print_docker_repositories)' -d "Repository"
+
+# import
+complete -c docker -f -n '__fish_docker_no_subcommand' -a import -d 'Create a new filesystem image from the contents of a tarball'
+
+# info
+complete -c docker -f -n '__fish_docker_no_subcommand' -a info -d 'Display system-wide information'
+
+# insert
+complete -c docker -f -n '__fish_docker_no_subcommand' -a insert -d 'Insert a file in an image'
+complete -c docker -A -f -n '__fish_seen_subcommand_from insert' -a '(__fish_print_docker_images)' -d "Image"
+
+# inspect
+complete -c docker -f -n '__fish_docker_no_subcommand' -a inspect -d 'Return low-level information on a container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s f -l format -d 'Format the output using the given go template.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_images)' -d "Image"
+complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_containers all)' -d "Container"
+
+# kill
+complete -c docker -f -n '__fish_docker_no_subcommand' -a kill -d 'Kill a running container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -s s -l signal -d 'Signal to send to the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# load
+complete -c docker -f -n '__fish_docker_no_subcommand' -a load -d 'Load an image from a tar archive'
+
+# login
+complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Register or Login to the docker registry server'
+complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s e -l email -d 'Email'
+complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'Password'
+complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'Username'
+
+# logs
+complete -c docker -f -n '__fish_docker_no_subcommand' -a logs -d 'Fetch the logs of a container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s f -l follow -d 'Follow log output'
+complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# port
+complete -c docker -f -n '__fish_docker_no_subcommand' -a port -d 'Lookup the public-facing port which is NAT-ed to PRIVATE_PORT'
+complete -c docker -A -f -n '__fish_seen_subcommand_from port' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# ps
+complete -c docker -f -n '__fish_docker_no_subcommand' -a ps -d 'List containers'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s a -l all -d 'Show all containers. Only running containers are shown by default.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l before -d 'Show only container created before Id or Name, include non-running ones.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s l -l latest -d 'Show only the latest created container, include non-running ones.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s n -d 'Show n last created containers, include non-running ones.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l no-trunc -d "Don't truncate output"
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s q -l quiet -d 'Only display numeric IDs'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display sizes'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since -d 'Show only containers created since Id or Name, include non-running ones.'
+
+# pull
+complete -c docker -f -n '__fish_docker_no_subcommand' -a pull -d 'Pull an image or a repository from the docker registry server'
+complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -s t -l tag -d 'Download tagged image in repository'
+complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_images)' -d "Image"
+complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_repositories)' -d "Repository"
+
+# push
+complete -c docker -f -n '__fish_docker_no_subcommand' -a push -d 'Push an image or a repository to the docker registry server'
+complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_images)' -d "Image"
+complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_repositories)' -d "Repository"
+
+# restart
+complete -c docker -f -n '__fish_docker_no_subcommand' -a restart -d 'Restart a running container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -s t -l time -d 'Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10'
+complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# rm
+complete -c docker -f -n '__fish_docker_no_subcommand' -a rm -d 'Remove one or more containers'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -d 'Force removal of running container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s l -l link -d 'Remove the specified link and not the underlying container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated to the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_docker_containers stopped)' -d "Container"
+
+# rmi
+complete -c docker -f -n '__fish_docker_no_subcommand' -a rmi -d 'Remove one or more images'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -s f -l force -d 'Force'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -a '(__fish_print_docker_images)' -d "Image"
+
+# run
+complete -c docker -f -n '__fish_docker_no_subcommand' -a run -d 'Run a command in a new container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to the host interfaces'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s a -l attach -d 'Attach to stdin, stdout or stderr.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s c -l cpu-shares -d 'CPU shares (relative weight)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cidfile -d 'Write the container ID to the file'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s d -l detach -d 'Detached mode: Run container in the background, print new container id'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom dns servers'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Set environment variables'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default entrypoint of the image'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port from the container without publishing it to your host'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep stdin open even if not attached'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container (name:alias)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: <number><optional unit>, where unit = b, k, m or g)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s n -l networking -d 'Enable networking for this container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort) (use 'docker port' to see the actual mapping)"
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l rm -d 'Automatically remove the container when it exits (incompatible with -d)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxify all received signal to the process (even in non-tty mode)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-tty'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l volumes-from -d 'Mount volumes from the specified container(s)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s w -l workdir -d 'Working directory inside the container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -a '(__fish_print_docker_images)' -d "Image"
+
+# save
+complete -c docker -f -n '__fish_docker_no_subcommand' -a save -d 'Save an image to a tar archive'
+complete -c docker -A -f -n '__fish_seen_subcommand_from save' -a '(__fish_print_docker_images)' -d "Image"
+
+# search
+complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image in the docker index'
+complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l no-trunc -d "Don't truncate output"
+complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s s -l stars -d 'Only displays with at least xxx stars'
+complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s t -l trusted -d 'Only show trusted builds'
+
+# start
+complete -c docker -f -n '__fish_docker_no_subcommand' -a start -d 'Start a stopped container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s a -l attach -d "Attach container's stdout/stderr and forward all signals to the process"
+complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s i -l interactive -d "Attach container's stdin"
+complete -c docker -A -f -n '__fish_seen_subcommand_from start' -a '(__fish_print_docker_containers stopped)' -d "Container"
+
+# stop
+complete -c docker -f -n '__fish_docker_no_subcommand' -a stop -d 'Stop a running container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -s t -l time -d 'Number of seconds to wait for the container to stop before killing it.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# tag
+complete -c docker -f -n '__fish_docker_no_subcommand' -a tag -d 'Tag an image into a repository'
+complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -s f -l force -d 'Force'
+complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -a '(__fish_print_docker_images)' -d "Image"
+
+# top
+complete -c docker -f -n '__fish_docker_no_subcommand' -a top -d 'Lookup the running processes of a container'
+complete -c docker -A -f -n '__fish_seen_subcommand_from top' -a '(__fish_print_docker_containers running)' -d "Container"
+
+# version
+complete -c docker -f -n '__fish_docker_no_subcommand' -a version -d 'Show the docker version information'
+
+# wait
+complete -c docker -f -n '__fish_docker_no_subcommand' -a wait -d 'Block until a container stops, then print its exit code'
+complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -a '(__fish_print_docker_containers running)' -d "Container"
+
+

contrib/completion/zsh/_docker

@@ -174,7 +174,7 @@ __docker_subcommand () {
         (ps)
             _arguments '-a[Show all containers. Only running containers are shown by default]' \
                 '-h[Show help]' \
-                '-beforeId=-[Show only container created before Id, include non-running one]:containers:__docker_containers' \
+                '--before-id=-[Show only container created before Id, include non-running one]:containers:__docker_containers' \
             '-n=-[Show n last created containers, include non-running one]:n:(1 5 10 25 50)'
             ;;
         (tag)
@@ -189,9 +189,9 @@ __docker_subcommand () {
                 '-a=-[Attach to stdin, stdout or stderr]:toggle:(true false)' \
                 '-c=-[CPU shares (relative weight)]:CPU shares: ' \
                 '-d[Detached mode: leave the container running in the background]' \
-                '*-dns=[Set custom dns servers]:dns server: ' \
+                '*--dns=[Set custom dns servers]:dns server: ' \
                 '*-e=[Set environment variables]:environment variable: ' \
-                '-entrypoint=-[Overwrite the default entrypoint of the image]:entry point: ' \
+                '--entrypoint=-[Overwrite the default entrypoint of the image]:entry point: ' \
                 '-h=-[Container host name]:hostname:_hosts' \
                 '-i[Keep stdin open even if not attached]' \
                 '-m=-[Memory limit (in bytes)]:limit: ' \
@@ -199,7 +199,7 @@ __docker_subcommand () {
                 '-t=-[Allocate a pseudo-tty]:toggle:(true false)' \
                 '-u=-[Username or UID]:user:_users' \
                 '*-v=-[Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)]:volume: '\
-                '-volumes-from=-[Mount volumes from the specified container]:volume: ' \
+                '--volumes-from=-[Mount volumes from the specified container]:volume: ' \
                 '(-):images:__docker_images' \
                 '(-):command: _command_names -e' \
                 '*::arguments: _normal'

contrib/desktop-integration/README.md

@@ -8,4 +8,4 @@ Examples
 ========
 
 * Data container: ./data/Dockerfile creates a data image sharing /data volume
-* Firefox: ./firefox/Dockerfile shows a way to dockerize a common multimedia application
+* Iceweasel: ./iceweasel/Dockerfile shows a way to dockerize a common multimedia application

contrib/desktop-integration/data/Dockerfile

@@ -9,30 +9,30 @@
 #   wget http://raw.github.com/dotcloud/docker/master/contrib/desktop-integration/data/Dockerfile
 #
 #   # Build data image
-#   docker build -t data -rm .
+#   docker build -t data .
 #
-#   # Create a data container. (eg: firefox-data)
-#   docker run -name firefox-data data true
+#   # Create a data container. (eg: iceweasel-data)
+#   docker run --name iceweasel-data data true
 #
 #   # List data from it
-#   docker run -volumes-from firefox-data busybox ls -al /data
+#   docker run --volumes-from iceweasel-data busybox ls -al /data
 
 docker-version 0.6.5
 
 # Smallest base image, just to launch a container
-from busybox
-maintainer	Daniel Mizyrycki <daniel@docker.com>
+FROM busybox
+MAINTAINER Daniel Mizyrycki <daniel@docker.com>
 
 # Create a regular user
-run echo 'sysadmin:x:1000:1000::/data:/bin/sh' >> /etc/passwd
-run echo 'sysadmin:x:1000:' >> /etc/group
+RUN echo 'sysadmin:x:1000:1000::/data:/bin/sh' >> /etc/passwd
+RUN echo 'sysadmin:x:1000:' >> /etc/group
 
 # Create directory for that user
-run mkdir /data
-run chown sysadmin.sysadmin /data
+RUN mkdir /data
+RUN chown sysadmin.sysadmin /data
 
 # Add content to /data. This will keep sysadmin ownership
-run touch /data/init_volume
+RUN touch /data/init_volume
 
 # Create /data volume
 VOLUME /data

contrib/desktop-integration/firefox/Dockerfile

@@ -1,49 +0,0 @@
-# VERSION:        0.7
-# DESCRIPTION:    Create firefox container with its dependencies
-# AUTHOR:         Daniel Mizyrycki <daniel@dotcloud.com>
-# COMMENTS:
-#   This file describes how to build a Firefox container with all
-#   dependencies installed. It uses native X11 unix socket and alsa
-#   sound devices. Tested on Debian 7.2
-# USAGE:
-#   # Download Firefox Dockerfile
-#   wget http://raw.github.com/dotcloud/docker/master/contrib/desktop-integration/firefox/Dockerfile
-#
-#   # Build firefox image
-#   docker build -t firefox -rm .
-#
-#   # Run stateful data-on-host firefox. For ephemeral, remove -v /data/firefox:/data
-#   docker run -v /data/firefox:/data -v /tmp/.X11-unix:/tmp/.X11-unix \
-#     -v /dev/snd:/dev/snd -lxc-conf='lxc.cgroup.devices.allow = c 116:* rwm' \
-#     -e DISPLAY=unix$DISPLAY firefox
-#
-#   # To run stateful dockerized data containers
-#   docker run -volumes-from firefox-data -v /tmp/.X11-unix:/tmp/.X11-unix \
-#     -v /dev/snd:/dev/snd -lxc-conf='lxc.cgroup.devices.allow = c 116:* rwm' \
-#     -e DISPLAY=unix$DISPLAY firefox
-
-docker-version 0.6.5
-
-# Base docker image
-from tianon/debian:wheezy
-maintainer	Daniel Mizyrycki <daniel@docker.com>
-
-# Install firefox dependencies
-run echo "deb http://ftp.debian.org/debian/ wheezy main contrib" > /etc/apt/sources.list
-run apt-get update
-run DEBIAN_FRONTEND=noninteractive apt-get install -y libXrender1 libasound2 \
-    libdbus-glib-1-2 libgtk2.0-0 libpango1.0-0 libxt6 wget bzip2 sudo
-
-# Install Firefox
-run mkdir /application
-run cd /application; wget -O - \
-    http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/25.0/linux-x86_64/en-US/firefox-25.0.tar.bz2 | tar jx
-
-# create sysadmin account
-run useradd -m -d /data -p saIVpsc0EVTwA sysadmin
-run sed -Ei 's/sudo:x:27:/sudo:x:27:sysadmin/' /etc/group
-run sed -Ei 's/(\%sudo\s+ALL=\(ALL\:ALL\) )ALL/\1 NOPASSWD:ALL/' /etc/sudoers
-
-# Autorun firefox. -no-remote is necessary to create a new container, as firefox
-# appears to communicate with itself through X11.
-cmd ["/bin/sh", "-c", "/usr/bin/sudo -u sysadmin -H -E /application/firefox/firefox -no-remote"]

contrib/desktop-integration/iceweasel/Dockerfile

@@ -0,0 +1,41 @@
+# VERSION:        0.7
+# DESCRIPTION:    Create iceweasel container with its dependencies
+# AUTHOR:         Daniel Mizyrycki <daniel@dotcloud.com>
+# COMMENTS:
+#   This file describes how to build a Iceweasel container with all
+#   dependencies installed. It uses native X11 unix socket and alsa
+#   sound devices. Tested on Debian 7.2
+# USAGE:
+#   # Download Iceweasel Dockerfile
+#   wget http://raw.github.com/dotcloud/docker/master/contrib/desktop-integration/iceweasel/Dockerfile
+#
+#   # Build iceweasel image
+#   docker build -t iceweasel .
+#
+#   # Run stateful data-on-host iceweasel. For ephemeral, remove -v /data/iceweasel:/data
+#   docker run -v /data/iceweasel:/data -v /tmp/.X11-unix:/tmp/.X11-unix \
+#     -v /dev/snd:/dev/snd --lxc-conf='lxc.cgroup.devices.allow = c 116:* rwm' \
+#     -e DISPLAY=unix$DISPLAY iceweasel
+#
+#   # To run stateful dockerized data containers
+#   docker run --volumes-from iceweasel-data -v /tmp/.X11-unix:/tmp/.X11-unix \
+#     -v /dev/snd:/dev/snd --lxc-conf='lxc.cgroup.devices.allow = c 116:* rwm' \
+#     -e DISPLAY=unix$DISPLAY iceweasel
+
+docker-version 0.6.5
+
+# Base docker image
+FROM debian:wheezy
+MAINTAINER Daniel Mizyrycki <daniel@docker.com>
+
+# Install Iceweasel and "sudo"
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq iceweasel sudo
+
+# create sysadmin account
+RUN useradd -m -d /data -p saIVpsc0EVTwA sysadmin
+RUN sed -Ei 's/sudo:x:27:/sudo:x:27:sysadmin/' /etc/group
+RUN sed -Ei 's/(\%sudo\s+ALL=\(ALL\:ALL\) )ALL/\1 NOPASSWD:ALL/' /etc/sudoers
+
+# Autorun iceweasel. -no-remote is necessary to create a new container, as
+# iceweasel appears to communicate with itself through X11.
+CMD ["/usr/bin/sudo", "-u", "sysadmin", "-H", "-E", "/usr/bin/iceweasel", "-no-remote"]

contrib/docker-device-tool/device_tool.go

@@ -3,7 +3,7 @@ package main
 import (
 	"flag"
 	"fmt"
-	"github.com/dotcloud/docker/graphdriver/devmapper"
+	"github.com/dotcloud/docker/runtime/graphdriver/devmapper"
 	"os"
 	"path"
 	"sort"

contrib/host-integration/Dockerfile.dev

@@ -6,7 +6,7 @@
 #
 
 FROM		ubuntu:12.10
-MAINTAINER	Guillaume J. Charmes <guillaume@dotcloud.com>
+MAINTAINER	Guillaume J. Charmes <guillaume@docker.com>
 
 RUN		apt-get update && apt-get install -y wget git mercurial
 

contrib/host-integration/Dockerfile.min

@@ -1,4 +1,4 @@
 FROM		busybox
-MAINTAINER	Guillaume J. Charmes <guillaume@dotcloud.com>
+MAINTAINER	Guillaume J. Charmes <guillaume@docker.com>
 ADD		manager	  /usr/bin/
 ENTRYPOINT	["/usr/bin/manager"]

contrib/host-integration/manager.go

@@ -56,7 +56,7 @@ func main() {
 
 	// Check that the requested process manager is supported
 	if _, exists := templates[*kind]; !exists {
-		panic("Unkown script template")
+		panic("Unknown script template")
 	}
 
 	// Load the requested template
@@ -70,7 +70,7 @@ func main() {
 	bufErr := bytes.NewBuffer(nil)
 
 	// Instanciate the Docker CLI
-	cli := docker.NewDockerCli(nil, bufOut, bufErr, "unix", "/var/run/docker.sock")
+	cli := docker.NewDockerCli(nil, bufOut, bufErr, "unix", "/var/run/docker.sock", false, nil)
 	// Retrieve the container info
 	if err := cli.CmdInspect(flag.Arg(0)); err != nil {
 		// As of docker v0.6.3, CmdInspect always returns nil

contrib/init/systemd/docker.service

@@ -1,11 +1,13 @@
 [Unit]
-Description=Docker Application Container Engine 
+Description=Docker Application Container Engine
 Documentation=http://docs.docker.io
 After=network.target
 
 [Service]
-ExecStartPre=/bin/mount --make-rprivate /
 ExecStart=/usr/bin/docker -d
+Restart=on-failure
+LimitNOFILE=1048576
+LimitNPROC=1048576
 
 [Install]
 WantedBy=multi-user.target

contrib/init/systemd/socket-activation/docker.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=http://docs.docker.io
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/docker -d -H fd://
+Restart=on-failure
+LimitNOFILE=1048576
+LimitNPROC=1048576
+
+[Install]
+WantedBy=multi-user.target

contrib/init/systemd/socket-activation/docker.socket

@@ -0,0 +1,8 @@
+[Unit]
+Description=Docker Socket for the API
+
+[Socket]
+ListenStream=/var/run/docker.sock
+
+[Install]
+WantedBy=sockets.target

contrib/init/sysvinit-debian/docker

@@ -14,13 +14,16 @@
 #  VMs, bare metal, OpenStack clusters, public clouds and more.
 ### END INIT INFO
 
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+
 BASE=$(basename $0)
 
+# modify these in /etc/default/$BASE (/etc/default/docker)
 DOCKER=/usr/bin/$BASE
 DOCKER_PIDFILE=/var/run/$BASE.pid
+DOCKER_LOGFILE=/var/log/$BASE.log
 DOCKER_OPTS=
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+DOCKER_DESC="Docker"
 
 # Get lsb functions
 . /lib/lsb/init-functions
@@ -30,8 +33,8 @@ if [ -f /etc/default/$BASE ]; then
 fi
 
 # see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it)
-if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | /bin/grep -q upstart; then
-	log_failure_msg "Docker is managed via upstart, try using service $BASE $1"
+if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then
+	log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1"
 	exit 1
 fi
 
@@ -43,29 +46,59 @@ fi
 
 fail_unless_root() {
 	if [ "$(id -u)" != '0' ]; then
-		log_failure_msg "Docker must be run as root"
+		log_failure_msg "$DOCKER_DESC must be run as root"
 		exit 1
 	fi
 }
 
+cgroupfs_mount() {
+	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+	if grep -v '^#' /etc/fstab | grep -q cgroup \
+		|| [ ! -e /proc/cgroups ] \
+		|| [ ! -d /sys/fs/cgroup ]; then
+		return
+	fi
+	if ! mountpoint -q /sys/fs/cgroup; then
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+	fi
+	(
+		cd /sys/fs/cgroup
+		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+			mkdir -p $sys
+			if ! mountpoint -q $sys; then
+				if ! mount -n -t cgroup -o $sys cgroup $sys; then
+					rmdir $sys || true
+				fi
+			fi
+		done
+	)
+}
+
 case "$1" in
 	start)
 		fail_unless_root
-		log_begin_msg "Starting Docker: $BASE"
-		mount | grep cgroup >/dev/null || mount -t cgroup none /sys/fs/cgroup 2>/dev/null
+
+		cgroupfs_mount
+
+		touch "$DOCKER_LOGFILE"
+		chgrp docker "$DOCKER_LOGFILE"
+
+		log_begin_msg "Starting $DOCKER_DESC: $BASE"
 		start-stop-daemon --start --background \
+			--no-close \
 			--exec "$DOCKER" \
 			--pidfile "$DOCKER_PIDFILE" \
-			-- -d -p "$DOCKER_PIDFILE" \
-			$DOCKER_OPTS
+			-- \
+				-d -p "$DOCKER_PIDFILE" \
+				$DOCKER_OPTS \
+					>> "$DOCKER_LOGFILE" 2>&1
 		log_end_msg $?
 		;;
 
 	stop)
 		fail_unless_root
-		log_begin_msg "Stopping Docker: $BASE"
-		start-stop-daemon --stop \
-			--pidfile "$DOCKER_PIDFILE"
+		log_begin_msg "Stopping $DOCKER_DESC: $BASE"
+		start-stop-daemon --stop --pidfile "$DOCKER_PIDFILE"
 		log_end_msg $?
 		;;
 

contrib/init/sysvinit-debian/docker.default

@@ -0,0 +1,13 @@
+# Docker Upstart and SysVinit configuration file
+
+# Customize location of Docker binary (especially for development testing).
+#DOCKER="/usr/local/bin/docker"
+
+# Use DOCKER_OPTS to modify the daemon startup options.
+#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"
+
+# If you need Docker to use an HTTP proxy, it can also be specified here.
+#export http_proxy="http://127.0.0.1:3128/"
+
+# This is also a handy place to tweak where Docker's temporary files go.
+#export TMPDIR="/mnt/bigdrive/docker-tmp"

contrib/init/sysvinit-redhat/docker

@@ -0,0 +1,123 @@
+#!/bin/sh
+#
+#       /etc/rc.d/init.d/docker
+#
+#       Daemon for docker.io
+#       
+# chkconfig:   2345 95 95
+# description: Daemon for docker.io
+
+### BEGIN INIT INFO
+# Provides:       docker
+# Required-Start: $network cgconfig
+# Required-Stop:
+# Should-Start:
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop:  0 1 6
+# Short-Description: start and stop docker
+# Description: Daemon for docker.io
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+prog="docker"
+exec="/usr/bin/$prog"
+pidfile="/var/run/$prog.pid"
+lockfile="/var/lock/subsys/$prog"
+logfile="/var/log/$prog"
+
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+prestart() {
+    service cgconfig status > /dev/null
+
+    if [[ $? != 0 ]]; then
+        service cgconfig start
+    fi
+
+}
+
+start() {
+    [ -x $exec ] || exit 5
+
+    if ! [ -f $pidfile ]; then
+        prestart
+        printf "Starting $prog:\t"
+        echo "\n$(date)\n" >> $logfile
+        $exec -d $other_args &>> $logfile &
+        pid=$!
+        touch $lockfile
+        success
+        echo
+    else
+        failure
+        echo
+        printf "$pidfile still exists...\n"
+        exit 7
+    fi
+}
+
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc -p $pidfile $prog
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
+}
+
+restart() {
+    stop
+    start
+}
+
+reload() {
+    restart
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    status -p $pidfile $prog
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
+
+case "$1" in
+    start)
+        rh_status_q && exit 0
+        $1
+        ;;
+    stop)
+        rh_status_q || exit 0
+        $1
+        ;;
+    restart)
+        $1
+        ;;
+    reload)
+        rh_status_q || exit 7
+        $1
+        ;;
+    force-reload)
+        force_reload
+        ;;
+    status)
+        rh_status
+        ;;
+    condrestart|try-restart)
+        rh_status_q || exit 0
+        restart
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+        exit 2
+esac
+
+exit $?

contrib/init/sysvinit-redhat/docker.sysconfig

@@ -0,0 +1,7 @@
+# /etc/sysconfig/docker
+# 
+# Other arguments to pass to the docker daemon process
+# These will be parsed by the sysv initscript and appended
+# to the arguments list passed to docker -d
+
+other_args=""

contrib/init/upstart/docker.conf

@@ -1,15 +1,41 @@
 description "Docker daemon"
 
-start on filesystem and started lxc-net
+start on filesystem
 stop on runlevel [!2345]
+limit nofile 524288 1048576
+limit nproc 524288 1048576
 
 respawn
 
+pre-start script
+	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+	if grep -v '^#' /etc/fstab | grep -q cgroup \
+		|| [ ! -e /proc/cgroups ] \
+		|| [ ! -d /sys/fs/cgroup ]; then
+		exit 0
+	fi
+	if ! mountpoint -q /sys/fs/cgroup; then
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+	fi
+	(
+		cd /sys/fs/cgroup
+		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+			mkdir -p $sys
+			if ! mountpoint -q $sys; then
+				if ! mount -n -t cgroup -o $sys cgroup $sys; then
+					rmdir $sys || true
+				fi
+			fi
+		done
+	)
+end script
+
 script
+	# modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
 	DOCKER=/usr/bin/$UPSTART_JOB
 	DOCKER_OPTS=
 	if [ -f /etc/default/$UPSTART_JOB ]; then
 		. /etc/default/$UPSTART_JOB
 	fi
-	"$DOCKER" -d $DOCKER_OPTS
+	exec "$DOCKER" -d $DOCKER_OPTS
 end script

contrib/man/man1/docker-attach.1

@@ -0,0 +1,56 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-attach.1
+.\"
+.TH "DOCKER" "1" "APRIL 2014" "0.1" "Docker"
+.SH NAME
+docker-attach \- Attach to a running container
+.SH SYNOPSIS
+.B docker attach
+\fB--no-stdin\fR[=\fIfalse\fR] 
+\fB--sig-proxy\fR[=\fItrue\fR] 
+container
+.SH DESCRIPTION
+If you \fBdocker run\fR a container in detached mode (\fB-d\fR), you can reattach to the detached container with \fBdocker attach\fR using the container's ID or name.
+.sp
+You can detach from the container again (and leave it running) with CTRL-c (for a quiet exit) or CTRL-\ to get a stacktrace of the Docker client when it quits. When you detach from the container the exit code will be returned to the client.
+.SH "OPTIONS"
+.TP
+.B --no-stdin=\fItrue\fR|\fIfalse\fR: 
+When set to true, do not attach to stdin. The default is \fIfalse\fR.
+.TP
+.B --sig-proxy=\fItrue\fR|\fIfalse\fR: 
+When set to true, proxify all received signal to the process (even in non-tty mode). The default is \fItrue\fR.
+.sp
+.SH EXAMPLES
+.sp
+.PP
+.B Attaching to a container
+.TP
+In this example the top command is run inside a container, from an image called fedora, in detached mode. The ID from the container is passed into the \fBdocker attach\fR command:
+.sp
+.nf
+.RS
+# ID=$(sudo docker run -d fedora /usr/bin/top -b)
+# sudo docker attach $ID
+top - 02:05:52 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
+Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+Cpu(s):  0.1%us,  0.2%sy,  0.0%ni, 99.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
+Mem:    373572k total,   355560k used,    18012k free,    27872k buffers
+Swap:   786428k total,        0k used,   786428k free,   221740k cached
+
+PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
+1 root      20   0 17200 1116  912 R    0  0.3   0:00.03 top
+
+top - 02:05:55 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
+Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+Cpu(s):  0.0%us,  0.2%sy,  0.0%ni, 99.8%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
+Mem:    373572k total,   355244k used,    18328k free,    27872k buffers
+Swap:   786428k total,        0k used,   786428k free,   221776k cached
+
+PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
+1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top
+.RE
+.fi
+.sp
+.SH HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.

contrib/man/man1/docker-build.1

@@ -0,0 +1,65 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-build.1
+.\"
+.TH "DOCKER" "1" "MARCH 2014" "0.1" "Docker"
+.SH NAME
+docker-build \- Build a container image from a Dockerfile source at PATH
+.SH SYNOPSIS
+.B docker build 
+[\fB--no-cache\fR[=\fIfalse\fR] 
+[\fB-q\fR|\fB--quiet\fR[=\fIfalse\fR] 
+[\fB--rm\fR[=\fitrue\fR]]
+[\fB-t\fR|\fB--tag\fR=\fItag\fR] 
+PATH | URL | -
+.SH DESCRIPTION
+This will read the Dockerfile from the directory specified in \fBPATH\fR. It also sends any other files and directories found in the current directory to the Docker daemon. The contents of this directory would be used by ADD command found within the Dockerfile. 
+Warning, this will send a lot of data to the Docker daemon if the current directory contains a lot of data.
+If the absolute path is provided instead of ‘.’, only the files and directories required by the ADD commands from the Dockerfile will be added to the context and transferred to the Docker daemon.
+.sp
+When a single Dockerfile is given as URL, then no context is set. When a Git repository is set as URL, the repository is used as context.
+.SH "OPTIONS"
+.TP
+.B -q, --quiet=\fItrue\fR|\fIfalse\fR: 
+When set to true, suppress verbose build output. Default is \fIfalse\fR.
+.TP
+.B --rm=\fItrue\fr|\fIfalse\fR:
+When true, remove intermediate containers that are created during the build process. The default is true.
+.TP
+.B -t, --tag=\fItag\fR: 
+Tag to be applied to the resulting image on successful completion of the build.
+.TP
+.B --no-cache=\fItrue\fR|\fIfalse\fR
+When set to true, do not use a cache when building the image. The default is \fIfalse\fR.
+.sp
+.SH EXAMPLES
+.sp
+.sp
+.B Building an image from current directory
+.TP
+USing a Dockerfile, Docker images are built using the build command:
+.sp
+.RS
+docker build .
+.RE
+.sp
+If, for some reasone, you do not what to remove the intermediate containers created during the build you must set--rm=false.
+.sp
+.RS
+docker build --rm=false .
+.sp
+.RE
+.sp
+A good practice is to make a subdirectory with a related name and create the Dockerfile in that directory. E.g. a directory called mongo may contain a Dockerfile for a MongoDB image, or a directory called httpd may contain an Dockerfile for an Apache web server. 
+.sp
+It is also good practice to add the files required for the image to the subdirectory. These files will be then specified with the `ADD` instruction in the Dockerfile. Note: if you include a tar file, which is good practice, then Docker will automatically extract the contents of the tar file specified in the `ADD` instruction into the specified target.  
+.sp
+.B Building an image container using a URL
+.TP
+This will clone the Github repository and use it as context. The Dockerfile at the root of the repository is used as Dockerfile. This only works if the Github repository is a dedicated repository. Note that you can specify an arbitrary Git repository by using the ‘git://’ schema. 
+.sp
+.RS
+docker build github.com/scollier/Fedora-Dockerfiles/tree/master/apache
+.RE
+.sp
+.SH HISTORY
+March 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.

contrib/man/man1/docker-images.1

@@ -0,0 +1,84 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-images.1
+.\"
+.TH "DOCKER" "1" "April 2014" "0.1" "Docker"
+.SH NAME
+docker-images \- List the images in the local repository 
+.SH SYNOPSIS
+.B docker images
+[\fB-a\fR|\fB--all\fR=\fIfalse\fR] 
+[\fB--no-trunc\fR[=\fIfalse\fR] 
+[\fB-q\fR|\fB--quiet\fR[=\fIfalse\fR] 
+[\fB-t\fR|\fB--tree\fR=\fIfalse\fR] 
+[\fB-v\fR|\fB--viz\fR=\fIfalse\fR] 
+[NAME]
+.SH DESCRIPTION
+This command lists the images stored in the local Docker repository. 
+.sp
+By default, intermediate images, used during builds, are not listed. Some of the output, e.g. image ID, is truncated, for space reasons. However the truncated image ID, and often the first few characters, are enough to be used in other Docker commands that use the image ID. The output includes repository, tag, image ID, date created and the virtual size. 
+.sp
+The title REPOSITORY for the first title may seem confusing. It is essentially the image name. However, because you can tag a specific image, and multiple tags (image instances) can be associated with a single name, the name is really a repository for all tagged images of the same name. 
+.SH "OPTIONS"
+.TP
+.B -a, --all=\fItrue\fR|\fIfalse\fR: 
+When set to true, also include all intermediate images in the list. The default is false.
+.TP
+.B --no-trunc=\fItrue\fR|\fIfalse\fR: 
+When set to true, list the full image ID and not the truncated ID. The default is false.
+.TP
+.B -q, --quiet=\fItrue\fR|\fIfalse\fR: 
+When set to true, list the complete image ID as part of the output. The default is false.
+.TP
+.B -t, --tree=\fItrue\fR|\fIfalse\fR: 
+When set to true, list the images in a tree dependency tree (hierarchy) format. The default is false.
+.TP
+.B -v, --viz=\fItrue\fR|\fIfalse\fR
+When set to true, list the graph in graphviz format. The default is \fIfalse\fR.
+.sp
+.SH EXAMPLES
+.sp
+.B Listing the images
+.TP
+To list the images in a local repository (not the registry) run:
+.sp
+.RS
+docker images
+.RE
+.sp
+The list will contain the image repository name, a tag for the image, and an image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG, IMAGE ID, CREATED, and VIRTUAL SIZE.
+.sp
+To get a verbose list of images which contains all the intermediate images used in builds use \fB-a\fR:
+.sp
+.RS
+docker images -a
+.RE
+.sp
+.B List images dependency tree hierarchy
+.TP
+To list the images in the local repository (not the registry) in a dependency tree format then use the \fB-t\fR|\fB--tree=true\fR option. 
+.sp
+.RS
+docker images -t 
+.RE
+.sp
+This displays a staggered hierarchy tree where the less indented image is the oldest with dependent image layers branching inward (to the right) on subsequent lines. The newest or top level image layer is listed last in any tree branch. 
+.sp
+.B List images in GraphViz format
+.TP
+To display the list in a format consumable by a GraphViz tools run with \fB-v\fR|\fB--viz=true\fR. For example to produce a .png graph file of the hierarchy use: 
+.sp
+.RS
+docker images --viz | dot -Tpng -o docker.png
+.sp
+.RE
+.sp
+.B Listing only the shortened image IDs
+.TP
+Listing just the shortened image IDs. This can be useful for some automated tools.
+.sp
+.RS
+docker images -q
+.RE
+.sp
+.SH HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.

contrib/man/man1/docker-info.1

@@ -0,0 +1,39 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-info.1
+.\"
+.TH "DOCKER" "1" "APRIL 2014" "0.1" "Docker"
+.SH NAME
+docker-info \- Display system wide information
+.SH SYNOPSIS
+.B docker info
+.SH DESCRIPTION
+This command displays system wide information regarding the Docker installation. Information displayed includes the number of containers and images, pool name, data file, metadata file, data space used, total data space, metadata space used, total metadata space, execution driver, and the kernel version.
+.sp
+The data file is where the images are stored and the metadata file is where the meta data regarding those images are stored. When run for the first time Docker allocates a certain amount of data space and meta data space from the space available on the volume where /var/lib/docker is mounted.    
+.SH "OPTIONS"
+There are no available options.
+.sp
+.SH EXAMPLES
+.sp
+.B Display Docker system information
+.TP
+Here is a sample output:
+.sp
+.RS
+ # docker info
+ Containers: 18
+ Images: 95
+ Storage Driver: devicemapper
+  Pool Name: docker-8:1-170408448-pool
+  Data file: /var/lib/docker/devicemapper/devicemapper/data
+  Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata
+  Data Space Used: 9946.3 Mb
+  Data Space Total: 102400.0 Mb
+  Metadata Space Used: 9.9 Mb
+  Metadata Space Total: 2048.0 Mb
+ Execution Driver: native-0.1
+ Kernel Version: 3.10.0-116.el7.x86_64
+.RE
+.sp
+.SH HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.

contrib/man/man1/docker-inspect.1

@@ -0,0 +1,237 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-inspect.1
+.\"
+.TH "DOCKER" "1" "APRIL 2014" "0.1" "Docker"
+.SH NAME
+docker-inspect \- Return low-level information on a container/image
+.SH SYNOPSIS
+.B docker inspect 
+[\fB-f\fR|\fB--format\fR="" 
+CONTAINER|IMAGE [CONTAINER|IMAGE...]
+.SH DESCRIPTION
+This displays all the information available in Docker for a given container or image. By default, this will render all results in a JSON array. If a format is specified, the given template will be executed for each result. 
+.SH "OPTIONS"
+.TP
+.B -f, --format="": 
+The text/template package of Go describes all the details of the format. See examples section
+.SH EXAMPLES
+.sp
+.PP
+.B Getting information on a container
+.TP
+To get information on a container use it's ID or instance name
+.sp
+.fi
+.RS
+#docker inspect 1eb5fabf5a03
+
+[{
+    "ID": "1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b",
+    "Created": "2014-04-04T21:33:52.02361335Z",
+    "Path": "/usr/sbin/nginx",
+    "Args": [],
+    "Config": {
+        "Hostname": "1eb5fabf5a03",
+        "Domainname": "",
+        "User": "",
+        "Memory": 0,
+        "MemorySwap": 0,
+        "CpuShares": 0,
+        "AttachStdin": false,
+        "AttachStdout": false,
+        "AttachStderr": false,
+        "PortSpecs": null,
+        "ExposedPorts": {
+            "80/tcp": {}
+        },
+        "Tty": true,
+        "OpenStdin": false,
+        "StdinOnce": false,
+        "Env": [
+            "HOME=/",
+            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        ],
+        "Cmd": [
+            "/usr/sbin/nginx"
+        ],
+        "Dns": null,
+        "DnsSearch": null,
+        "Image": "summit/nginx",
+        "Volumes": null,
+        "VolumesFrom": "",
+        "WorkingDir": "",
+        "Entrypoint": null,
+        "NetworkDisabled": false,
+        "OnBuild": null,
+        "Context": {
+            "mount_label": "system_u:object_r:svirt_sandbox_file_t:s0:c0,c650",
+            "process_label": "system_u:system_r:svirt_lxc_net_t:s0:c0,c650"
+        }
+    },
+    "State": {
+        "Running": true,
+        "Pid": 858,
+        "ExitCode": 0,
+        "StartedAt": "2014-04-04T21:33:54.16259207Z",
+        "FinishedAt": "0001-01-01T00:00:00Z",
+        "Ghost": false
+    },
+    "Image": "df53773a4390e25936f9fd3739e0c0e60a62d024ea7b669282b27e65ae8458e6",
+    "NetworkSettings": {
+        "IPAddress": "172.17.0.2",
+        "IPPrefixLen": 16,
+        "Gateway": "172.17.42.1",
+        "Bridge": "docker0",
+        "PortMapping": null,
+        "Ports": {
+            "80/tcp": [
+                {
+                    "HostIp": "0.0.0.0",
+                    "HostPort": "80"
+                }
+            ]
+        }
+    },
+    "ResolvConfPath": "/etc/resolv.conf",
+    "HostnamePath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hostname",
+    "HostsPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hosts",
+    "Name": "/ecstatic_ptolemy",
+    "Driver": "devicemapper",
+    "ExecDriver": "native-0.1",
+    "Volumes": {},
+    "VolumesRW": {},
+    "HostConfig": {
+        "Binds": null,
+        "ContainerIDFile": "",
+        "LxcConf": [],
+        "Privileged": false,
+        "PortBindings": {
+            "80/tcp": [
+                {
+                    "HostIp": "0.0.0.0",
+                    "HostPort": "80"
+                }
+            ]
+        },
+        "Links": null,
+        "PublishAllPorts": false,
+        "DriverOptions": {
+            "lxc": null
+        },
+        "CliAddress": ""
+    }
+.RE
+.nf
+.sp
+.B Getting the IP address of a container instance
+.TP
+To get the IP address of a container use:
+.sp
+.fi
+.RS
+# docker inspect --format='{{.NetworkSettings.IPAddress}}' 1eb5fabf5a03
+
+172.17.0.2
+.RE
+.nf
+.sp
+.B Listing all port bindings
+.TP
+One can loop over arrays and maps in the results to produce simple text output:
+.sp
+.fi
+.RS
+# docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' 1eb5fabf5a03
+
+80/tcp -> 80 
+.RE
+.nf
+.sp
+.B Getting information on an image
+.TP
+Use an image's ID or name (e.g. repository/name[:tag]) to get information on it.
+.sp
+.fi
+.RS
+docker inspect 58394af37342
+[{
+    "id": "58394af373423902a1b97f209a31e3777932d9321ef10e64feaaa7b4df609cf9",
+    "parent": "8abc22fbb04266308ff408ca61cb8f6f4244a59308f7efc64e54b08b496c58db",
+    "created": "2014-02-03T16:10:40.500814677Z",
+    "container": "f718f19a28a5147da49313c54620306243734bafa63c76942ef6f8c4b4113bc5",
+    "container_config": {
+        "Hostname": "88807319f25e",
+        "Domainname": "",
+        "User": "",
+        "Memory": 0,
+        "MemorySwap": 0,
+        "CpuShares": 0,
+        "AttachStdin": false,
+        "AttachStdout": false,
+        "AttachStderr": false,
+        "PortSpecs": null,
+        "ExposedPorts": null,
+        "Tty": false,
+        "OpenStdin": false,
+        "StdinOnce": false,
+        "Env": [
+            "HOME=/",
+            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        ],
+        "Cmd": [
+            "/bin/sh",
+            "-c",
+            "#(nop) ADD fedora-20-medium.tar.xz in /"
+        ],
+        "Dns": null,
+        "DnsSearch": null,
+        "Image": "8abc22fbb04266308ff408ca61cb8f6f4244a59308f7efc64e54b08b496c58db",
+        "Volumes": null,
+        "VolumesFrom": "",
+        "WorkingDir": "",
+        "Entrypoint": null,
+        "NetworkDisabled": false,
+        "OnBuild": null,
+        "Context": null
+    },
+    "docker_version": "0.6.3",
+    "author": "Lokesh Mandvekar \u003clsm5@redhat.com\u003e - ./buildcontainers.sh",
+    "config": {
+        "Hostname": "88807319f25e",
+        "Domainname": "",
+        "User": "",
+        "Memory": 0,
+        "MemorySwap": 0,
+        "CpuShares": 0,
+        "AttachStdin": false,
+        "AttachStdout": false,
+        "AttachStderr": false,
+        "PortSpecs": null,
+        "ExposedPorts": null,
+        "Tty": false,
+        "OpenStdin": false,
+        "StdinOnce": false,
+        "Env": [
+            "HOME=/",
+            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        ],
+        "Cmd": null,
+        "Dns": null,
+        "DnsSearch": null,
+        "Image": "8abc22fbb04266308ff408ca61cb8f6f4244a59308f7efc64e54b08b496c58db",
+        "Volumes": null,
+        "VolumesFrom": "",
+        "WorkingDir": "",
+        "Entrypoint": null,
+        "NetworkDisabled": false,
+        "OnBuild": null,
+        "Context": null
+    },
+    "architecture": "x86_64",
+    "Size": 385520098
+}]
+.RE
+.nf
+.sp
+.SH HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.

contrib/man/man1/docker-rm.1

@@ -0,0 +1,45 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-rm.1
+.\"
+.TH "DOCKER" "1" "MARCH 2014" "0.1" "Docker"
+.SH NAME
+docker-rm \- Remove one or more containers.
+.SH SYNOPSIS
+.B docker rm 
+[\fB-f\fR|\fB--force\fR[=\fIfalse\fR] 
+[\fB-l\fR|\fB--link\fR[=\fIfalse\fR] 
+[\fB-v\fR|\fB--volumes\fR[=\fIfalse\fR] 
+CONTAINER [CONTAINER...]
+.SH DESCRIPTION
+This will remove one or more containers from the host node. The container name or ID can be used. This does not remove images. You cannot remove a running container unless you use the \fB-f\fR option. To see all containers on a host use the \fBdocker ps -a\fR command.
+.SH "OPTIONS"
+.TP
+.B -f, --force=\fItrue\fR|\fIfalse\fR: 
+When set to true, force the removal of the container. The default is \fIfalse\fR.
+.TP
+.B -l, --link=\fItrue\fR|\fIfalse\fR: 
+When set to true, remove the specified link and not the underlying container. The default is \fIfalse\fR.
+.TP
+.B -v, --volumes=\fItrue\fR|\fIfalse\fR: 
+When set to true, remove the volumes associated to the container. The default is \fIfalse\fR.
+.SH EXAMPLES
+.sp
+.PP
+.B Removing a container using its ID
+.TP
+To remove a container using its ID, find either from a \fBdocker ps -a\fR command, or use the ID returned from the \fBdocker run\fR command, or retrieve it from a file used to store it using the \fBdocker run --cidfile\fR:
+.sp
+.RS
+docker rm abebf7571666
+.RE
+.sp
+.B Removing a container using the container name:
+.TP
+The name of the container can be found using the \fBdocker ps -a\fR command. The use that name as follows:
+.sp
+.RS
+docker rm hopeful_morse
+.RE
+.sp
+.SH HISTORY
+March 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.

contrib/man/man1/docker-rmi.1

@@ -0,0 +1,29 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-run.1
+.\"
+.TH "DOCKER" "1" "MARCH 2014" "0.1" "Docker"
+.SH NAME
+docker-rmi \- Remove one or more images.
+.SH SYNOPSIS
+.B docker rmi
+[\fB-f\fR|\fB--force\fR[=\fIfalse\fR] 
+IMAGE [IMAGE...]
+.SH DESCRIPTION
+This will remove one or more images from the host node. This does not remove images from a registry. You cannot remove an image of a running container unless you use the \fB-f\fR option. To see all images on a host use the \fBdocker images\fR command.
+.SH "OPTIONS"
+.TP
+.B -f, --force=\fItrue\fR|\fIfalse\fR: 
+When set to true, force the removal of the image. The default is \fIfalse\fR.
+.SH EXAMPLES
+.sp
+.PP
+.B Removing an image
+.TP
+Here is an example of removing and image:
+.sp
+.RS
+docker rmi fedora/httpd
+.RE
+.sp
+.SH HISTORY
+March 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.

contrib/man/man1/docker-run.1

@@ -0,0 +1,277 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-run.1
+.\"
+.TH "DOCKER" "1" "MARCH 2014" "0.1" "Docker"
+.SH NAME
+docker-run \- Run a process in an isolated container
+.SH SYNOPSIS
+.B docker run 
+[\fB-a\fR|\fB--attach\fR[=]] [\fB-c\fR|\fB--cpu-shares\fR[=0] [\fB-m\fR|\fB--memory\fR=\fImemory-limit\fR]
+[\fB--cidfile\fR=\fIfile\fR] [\fB-d\fR|\fB--detach\fR[=\fIfalse\fR]] [\fB--dns\fR=\fIIP-address\fR]
+[\fB--name\fR=\fIname\fR] [\fB-u\fR|\fB--user\fR=\fIusername\fR|\fIuid\fR]
+[\fB--link\fR=\fIname\fR:\fIalias\fR] 
+[\fB-e\fR|\fB--env\fR=\fIenvironment\fR] [\fB--entrypoint\fR=\fIcommand\fR] 
+[\fB--expose\fR=\fIport\fR] [\fB-P\fR|\fB--publish-all\fR[=\fIfalse\fR]]
+[\fB-p\fR|\fB--publish\fR=\fIport-mappping\fR] [\fB-h\fR|\fB--hostname\fR=\fIhostname\fR]
+[\fB--rm\fR[=\fIfalse\fR]] [\fB--priviledged\fR[=\fIfalse\fR]
+[\fB-i\fR|\fB--interactive\fR[=\fIfalse\fR] 
+[\fB-t\fR|\fB--tty\fR[=\fIfalse\fR]] [\fB--lxc-conf\fR=\fIoptions\fR]
+[\fB-n\fR|\fB--networking\fR[=\fItrue\fR]]
+[\fB-v\fR|\fB--volume\fR=\fIvolume\fR] [\fB--volumes-from\fR=\fIcontainer-id\fR]
+[\fB-w\fR|\fB--workdir\fR=\fIdirectory\fR] [\fB--sig-proxy\fR[=\fItrue\fR]]
+IMAGE [COMMAND] [ARG...]
+.SH DESCRIPTION
+.PP
+Run a process in a new container. \fBdocker run\fR starts a process with its own file system, its own networking, and its own isolated process tree. The \fIIMAGE\fR which starts the process may define defaults related to the process that will be run in the container, the networking to expose, and more, but \fBdocker run\fR gives final control to the operator or administrator who starts the container from the image. For that reason \fBdocker run\fR has more options than any other docker command.
+
+If the \fIIMAGE\fR is not already loaded then \fBdocker run\fR will pull the \fIIMAGE\fR, and all image dependencies, from the repository in the same way running \fBdocker pull\fR \fIIMAGE\fR, before it starts the container from that image.
+
+
+.SH "OPTIONS"
+
+.TP
+.B  -a, --attach=\fIstdin\fR|\fIstdout\fR|\fIstderr\fR: 
+Attach to stdin, stdout or stderr. In foreground mode (the default when -d is not specified), \fBdocker run\fR can start the process in the container and attach the console to the process’s standard input, output, and standard error. It can even pretend to be a TTY (this is what most commandline executables expect) and pass along signals. The \fB-a\fR option can be set for each of stdin, stdout, and stderr.  
+
+.TP
+.B  -c, --cpu-shares=0: 
+CPU shares in relative weight. You can increase the priority of a container with the -c option. By default, all containers run at the same priority and get the same proportion of CPU cycles, but you can tell the kernel to give more shares of CPU time to one or more containers when you start them via \fBdocker run\fR.
+
+.TP
+.B -m, --memory=\fImemory-limit\fR: 
+Allows you to constrain the memory available to a container. If the host supports swap memory, then the -m memory setting can be larger than physical RAM. The memory limit format: <number><optional unit>, where unit = b, k, m or g.
+
+.TP
+.B --cidfile=\fIfile\fR: 
+Write the container ID to the file specified.
+
+.TP
+.B  -d, --detach=\fItrue\fR|\fIfalse\fR: 
+Detached mode. This runs the container in the background. It outputs the new container's id and and error messages. At any time you can run \fBdocker ps\fR in the other shell to view a list of the running containers. You can reattach to a detached container with \fBdocker attach\fR. If you choose to run a container in the detached mode, then you cannot use the -rm option.
+
+.TP
+.B --dns=\fIIP-address\fR: 
+Set custom DNS servers. This option can be used to override the DNS configuration passed to the container. Typically this is necessary when the host DNS configuration is invalid for the container (eg. 127.0.0.1). When this is the case the \fB-dns\fR flags is necessary for every run.
+
+.TP
+.B  -e, --env=\fIenvironment\fR: 
+Set environment variables. This option allows you to specify arbitrary environment variables that are available for the process that will be launched inside of the container. 
+
+.TP
+.B --entrypoint=\ficommand\fR: 
+This option allows you to overwrite the default entrypoint of the image that is set in the Dockerfile. The ENTRYPOINT of an image is similar to a COMMAND because it specifies what executable to run when the container starts, but it is (purposely) more difficult to override. The ENTRYPOINT gives a container its default nature or behavior, so that when you set an ENTRYPOINT you can run the container as if it were that binary, complete with default options, and you can pass in more options via the COMMAND. But, sometimes an operator may want to run something else inside the container, so you can override the default ENTRYPOINT at runtime by using a \fB--entrypoint\fR and a string to specify the new ENTRYPOINT. 
+
+.TP
+.B --expose=\fIport\fR: 
+Expose a port from the container without publishing it to your host. A containers port can be exposed to other containers in three ways: 1) The developer can expose the port using the EXPOSE parameter of the Dockerfile, 2) the operator can use the \fB--expose\fR option with \fBdocker run\fR, or 3) the container can be started with the \fB--link\fR.
+
+.TP
+.B  -P, --publish-all=\fItrue\fR|\fIfalse\fR: 
+When set to true publish all exposed ports to the host interfaces. The default is false. If the operator uses -P (or -p) then Docker will make the exposed port accessible on the host and the ports will be available to any client that can reach the host. To find the map between the host ports and the exposed ports, use \fBdocker port\fR. 
+
+.TP
+.B -p, --publish=[]: 
+Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort) (use 'docker port' to see the actual mapping)
+
+.TP
+.B -h , --hostname=\fIhostname\fR: 
+Sets the container host name that is available inside the container.
+  
+.TP
+.B -i , --interactive=\fItrue\fR|\fIfalse\fR: 
+When set to true, keep stdin open even if not attached. The default is false.
+
+.TP
+.B --link=\fIname\fR:\fIalias\fR: 
+Add link to another container. The format is name:alias. If the operator uses \fB--link\fR when starting the new client container, then the client container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. 
+
+.TP
+.B -n, --networking=\fItrue\fR|\fIfalse\fR: 
+By default, all containers have networking enabled (true) and can make outgoing connections. The operator can disable networking with \fB--networking\fR to false. This disables all incoming and outgoing networking. In cases like this, I/O can only be performed through files or by using STDIN/STDOUT.
+
+Also by default, the container will use the same DNS servers as the host. but you canThe operator may override this with \fB-dns\fR. 
+
+.TP
+.B  --name=\fIname\fR: 
+Assign a name to the container. The operator can identify a container in three ways:
+.sp
+.nf
+UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”)
+UUID short identifier (“f78375b1c487”)
+Name (“jonah”)
+.fi
+.sp
+The UUID identifiers come from the Docker daemon, and if a name is not assigned to the container with \fB--name\fR then the daemon will also generate a random string name. The name is useful when defining links (see \fB--link\fR) (or any other place you need to identify a container). This works for both background and foreground Docker containers.
+
+.TP
+.B --privileged=\fItrue\fR|\fIfalse\fR: 
+Give extended privileges to this container. By default, Docker containers are “unprivileged” (=false) and cannot, for example, run a Docker daemon inside the Docker container. This is because by default a container is not allowed to access any devices. A “privileged” container is given access to all devices.
+
+When the operator executes \fBdocker run -privileged\fR, Docker will enable access to all devices on the host as well as set some configuration in AppArmor (\fB???\fR) to allow the container nearly all the same access to the host as processes running outside of a container on the host.
+
+.TP
+.B --rm=\fItrue\fR|\fIfalse\fR: 
+If set to \fItrue\fR the container is automatically removed when it exits. The default is \fIfalse\fR. This option is incompatible with \fB-d\fR.
+
+.TP
+.B --sig-proxy=\fItrue\fR|\fIfalse\fR: 
+When set to true, proxify all received signals to the process (even in non-tty mode). The default is true.
+  
+.TP
+.B -t, --tty=\fItrue\fR|\fIfalse\fR: 
+When set to true Docker can allocate a pseudo-tty and attach to the standard input of any container. This can be used, for example, to run a throwaway interactive shell. The default is value is false.
+
+.TP
+.B -u, --user=\fIusername\fR,\fRuid\fR: 
+Set a username or UID for the container.
+
+.TP
+.B -v, --volume=\fIvolume\fR: 
+Bind mount a volume to the container. The \fB-v\fR option can be used one or more times to add one or more mounts to a container. These mounts can then be used in other containers using the \fB--volumes-from\fR option. See examples.
+
+.TP
+.B --volumes-from=\fIcontainer-id\fR: 
+Will mount volumes from the specified container identified by container-id. Once a volume is mounted in a one container it can be shared with other containers using the \fB--volumes-from\fR option when running those other containers. The volumes can be shared even if the original container with the mount is not running. 
+
+.TP
+.B -w, --workdir=\fIdirectory\fR: 
+Working directory inside the container. The default working directory for running binaries within a container is the root directory (/). The developer can set a different default with the Dockerfile WORKDIR instruction. The operator can override the working directory by using the \fB-w\fR option. 
+
+.TP
+.B IMAGE: 
+The image name or ID.
+
+.TP
+.B COMMAND: 
+The command or program to run inside the image.
+
+.TP
+.B ARG: 
+The arguments for the command to be run in the container.
+
+.SH EXAMPLES
+.sp
+.sp
+.B Exposing log messages from the container to the host's log
+.TP
+If you want messages that are logged in your container to show up in the host's syslog/journal then you should bind mount the /var/log directory as follows.
+.sp
+.RS
+docker run -v /dev/log:/dev/log -i -t fedora /bin/bash
+.RE
+.sp
+From inside the container you can test this by sending a message to the log.
+.sp
+.RS
+logger "Hello from my container"
+.sp
+.RE
+Then exit and check the journal.
+.RS
+.sp
+exit
+.sp
+journalctl -b | grep hello
+.RE
+.sp
+This should list the message sent to logger.
+.sp
+.B Attaching to one or more from STDIN, STDOUT, STDERR
+.TP
+If you do not specify -a then Docker will attach everything (stdin,stdout,stderr). You can specify to which of the three standard streams (stdin, stdout, stderr) you’d like to connect instead, as in:
+.sp
+.RS
+docker run -a stdin -a stdout -i -t fedora /bin/bash
+.RE
+.sp
+.B Linking Containers
+.TP
+The link feature allows multiple containers to communicate with each other. For example, a container whose Dockerfile has exposed port 80 can be run and named as follows: 
+.sp
+.RS
+docker run --name=link-test -d -i -t fedora/httpd
+.RE
+.sp
+.TP
+A second container, in this case called linker, can communicate with the httpd container, named link-test, by running with the \fB--link=<name>:<alias>\fR
+.sp
+.RS
+docker run -t -i --link=link-test:lt --name=linker fedora /bin/bash
+.RE
+.sp
+.TP
+Now the container linker is linked to container link-test with the alias lt. Running the \fBenv\fR command in the linker container shows environment variables with the LT (alias) context (\fBLT_\fR)
+.sp
+.nf
+.RS
+# env
+HOSTNAME=668231cb0978
+TERM=xterm
+LT_PORT_80_TCP=tcp://172.17.0.3:80
+LT_PORT_80_TCP_PORT=80
+LT_PORT_80_TCP_PROTO=tcp
+LT_PORT=tcp://172.17.0.3:80
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+PWD=/
+LT_NAME=/linker/lt
+SHLVL=1
+HOME=/
+LT_PORT_80_TCP_ADDR=172.17.0.3
+_=/usr/bin/env
+.RE
+.fi
+.sp
+.TP 
+When linking two containers Docker will use the exposed ports of the container to create a secure tunnel for the parent to access. 
+.TP
+.sp
+.B Mapping Ports for External Usage
+.TP
+The exposed port of an application can be mapped to a host port using the \fB-p\fR flag. For example a httpd port 80 can be mapped to the host port 8080 using the following:
+.sp
+.RS
+docker run -p 8080:80 -d -i -t fedora/httpd
+.RE
+.sp
+.TP
+.B Creating and Mounting a Data Volume Container
+.TP
+Many applications require the sharing of persistent data across several containers. Docker allows you to create a Data Volume Container that other containers can mount from. For example, create a named container that contains directories /var/volume1 and /tmp/volume2. The image will need to contain these directories so a couple of RUN mkdir instructions might be required for you fedora-data image: 
+.sp
+.RS
+docker run --name=data -v /var/volume1 -v /tmp/volume2 -i -t fedora-data true
+.sp
+docker run --volumes-from=data --name=fedora-container1 -i -t fedora bash
+.RE
+.sp
+.TP
+Multiple -volumes-from parameters will bring together multiple data volumes from multiple containers. And it's possible to mount the volumes that came from the DATA container in yet another container via the fedora-container1 intermidiery container, allowing to abstract the actual data source from users of that data:
+.sp
+.RS
+docker run --volumes-from=fedora-container1 --name=fedora-container2 -i -t fedora bash
+.RE
+.TP
+.sp
+.B Mounting External Volumes
+.TP
+To mount a host directory as a container volume, specify the absolute path to the directory and the absolute path for the container directory separated by a colon:  
+.sp
+.RS
+docker run -v /var/db:/data1 -i -t fedora bash
+.RE
+.sp
+.TP
+When using SELinux, be aware that the host has no knowledge of container SELinux policy. Therefore, in the above example, if SELinux policy is enforced, the /var/db directory is not writable to the container. A "Permission Denied" message will occur and an avc: message in the host's syslog. 
+.sp
+.TP
+To work around this, at time of writing this man page, the following command needs to be run in order for the proper SELinux policy type label to be attached to the host directory:  
+.sp
+.RS
+chcon -Rt svirt_sandbox_file_t /var/db
+.RE
+.sp
+.TP
+Now, writing to the /data1 volume in the container will be allowed and the changes will also be reflected on the host in /var/db.
+.sp 
+.SH HISTORY
+March 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.

contrib/man/man1/docker-tag.1

@@ -0,0 +1,49 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-tag.1
+.\"
+.TH "DOCKER" "1" "APRIL 2014" "0.1" "Docker"
+.SH NAME
+docker-tag \- Tag an image in the repository
+.SH SYNOPSIS
+.B docker tag 
+[\fB-f\fR|\fB--force\fR[=\fIfalse\fR] 
+\fBIMAGE\fR [REGISTRYHOST/][USERNAME/]NAME[:TAG]
+.SH DESCRIPTION
+This will tag an image in the repository. 
+.SH "OPTIONS"
+.TP
+.B -f, --force=\fItrue\fR|\fIfalse\fR: 
+When set to true, force the tag name. The default is \fIfalse\fR.
+.TP
+.B REGISTRYHOST:
+The hostname of the registry if required. This may also include the port separated by a ':'
+.TP
+.B USERNAME:
+The username or other qualifying identifier for the image.
+.TP
+.B NAME:
+The image name. 
+.TP
+.B TAG:
+The tag you are assigning to the image.
+.SH EXAMPLES
+.sp
+.PP
+.B Tagging an image
+.TP
+Here is an example where an image is tagged  with the tag 'Version-1.0' :
+.sp
+.RS
+docker tag 0e5574283393 fedora/httpd:Version-1.0
+.RE
+.sp
+.B Tagging an image for an internal repository
+.TP
+To push an image to an internal Registry and not the default docker.io based registry you must tag it with the registry hostname and port (if needed).
+.sp
+.RS
+docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0
+.RE
+.sp
+.SH HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.

contrib/man/man1/docker.1

@@ -0,0 +1,172 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker.1
+.\"
+.TH "DOCKER" "1" "APRIL 2014" "0.1" "Docker"
+.SH NAME
+docker \- Docker image and container command line interface
+.SH SYNOPSIS
+.B docker [OPTIONS] [COMMAND] [arg...]
+.SH DESCRIPTION
+\fBdocker\fR has two distinct functions. It is used for starting the Docker daemon and to run the CLI (i.e., to command the daemon to manage images, containers etc.) So \fBdocker\fR is both a server as deamon and a client to the daemon through the CLI.
+.sp
+To run the Docker deamon you do not specify any of the commands listed below but must specify the \fB-d\fR option.  The other options listed below are for the daemon only.
+.sp
+The Docker CLI has over 30 commands. The commands are listed below and each has its own man page which explain usage and arguements. 
+.sp
+To see the man page for a command run \fBman docker <command>\fR.
+.SH "OPTIONS"
+.B \-D=false: 
+Enable debug mode
+.TP
+.B\-H=[unix:///var/run/docker.sock]: tcp://[host[:port]] to bind or unix://[/path/to/socket] to use. 
+When host=[0.0.0.0], port=[4243] or path
+=[/var/run/docker.sock] is omitted, default values are used.
+.TP
+.B \-\-api-enable-cors=false
+Enable CORS headers in the remote API
+.TP
+.B \-b=""
+Attach containers to a pre\-existing network bridge; use 'none' to disable container networking
+.TP
+.B \-\-bip=""
+Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b
+.TP
+.B \-d=false
+Enable daemon mode
+.TP
+.B \-\-dns=""
+Force Docker to use specific DNS servers
+.TP
+.B \-g="/var/lib/docker"
+Path to use as the root of the Docker runtime
+.TP
+.B \-\-icc=true
+Enable inter\-container communication
+.TP
+.B \-\-ip="0.0.0.0"
+Default IP address to use when binding container ports
+.TP
+.B \-\-iptables=true
+Disable Docker's addition of iptables rules
+.TP
+.B \-\-mtu=1500
+Set the containers network mtu
+.TP
+.B \-p="/var/run/docker.pid"
+Path to use for daemon PID file
+.TP
+.B \-r=true
+Restart previously running containers
+.TP
+.B \-s=""
+Force the Docker runtime to use a specific storage driver
+.TP
+.B \-v=false
+Print version information and quit
+.SH "COMMANDS"
+.TP
+.B attach 
+Attach to a running container
+.TP
+.B build 
+Build a container from a Dockerfile
+.TP
+.B commit 
+Create a new image from a container's changes
+.TP
+.B cp 
+Copy files/folders from the containers filesystem to the host at path
+.TP
+.B diff 
+Inspect changes on a container's filesystem
+    
+.TP
+.B events
+Get real time events from the server
+.TP
+.B export 
+Stream the contents of a container as a tar archive
+.TP
+.B history
+Show the history of an image
+.TP
+.B images
+List images
+.TP
+.B import 
+Create a new filesystem image from the contents of a tarball
+.TP
+.B info 
+Display system-wide information
+.TP
+.B insert 
+Insert a file in an image
+.TP
+.B inspect  
+Return low-level information on a container
+.TP
+.B kill 
+Kill a running container (which includes the wrapper process and everything inside it) 
+.TP
+.B load 
+Load an image from a tar archive
+.TP
+.B login 
+Register or Login to a Docker registry server
+.TP
+.B logs 
+Fetch the logs of a container
+.TP
+.B port 
+Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
+.TP
+.B ps 
+List containers
+.TP
+.B pull 
+Pull an image or a repository from a Docker registry server
+.TP
+.B push 
+Push an image or a repository to a Docker registry server
+.TP
+.B restart 
+Restart a running container
+.TP
+.B rm 
+Remove one or more containers
+.TP
+.B rmi 
+Remove one or more images
+.TP
+.B run 
+Run a command in a new container
+.TP
+.B save 
+Save an image to a tar archive
+.TP
+.B search 
+Search for an image in the Docker index
+.TP
+.B start 
+Start a stopped container
+.TP
+.B stop 
+Stop a running container
+.TP
+.B tag 
+Tag an image into a repository
+.TP
+.B top 
+Lookup the running processes of a container
+.TP
+.B version
+Show the Docker version information
+.TP
+.B wait 
+Block until a container stops, then print its exit code
+.SH EXAMPLES
+.sp
+For specific examples please see the man page for the specific Docker command.
+.sp
+.SH HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.

contrib/mkimage-arch-pacman.conf

@@ -0,0 +1,92 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+#UseDelta    = 0.7
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#Color
+#TotalDownload
+# We cannot check disk space from within a chroot environment
+#CheckSpace
+#VerbosePkgLists
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+#[community-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs
+

contrib/mkimage-arch.sh

@@ -1,30 +1,29 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Generate a minimal filesystem for archlinux and load it into the local
 # docker as "archlinux"
 # requires root
 set -e
 
-PACSTRAP=$(which pacstrap)
-[ "$PACSTRAP" ] || {
+hash pacstrap &>/dev/null || {
     echo "Could not find pacstrap. Run pacman -S arch-install-scripts"
     exit 1
 }
-EXPECT=$(which expect)
-[ "$EXPECT" ] || {
+
+hash expect &>/dev/null || {
     echo "Could not find expect. Run pacman -S expect"
     exit 1
 }
 
-ROOTFS=~/rootfs-arch-$$-$RANDOM
-mkdir $ROOTFS
+ROOTFS=$(mktemp -d /tmp/rootfs-archlinux-XXXXXXXXXX)
+chmod 755 $ROOTFS
 
-#packages to ignore for space savings
+# packages to ignore for space savings
 PKGIGNORE=linux,jfsutils,lvm2,cryptsetup,groff,man-db,man-pages,mdadm,pciutils,pcmciautils,reiserfsprogs,s-nail,xfsprogs
- 
+
 expect <<EOF
   set timeout 60
   set send_slow {1 1}
-  spawn pacstrap -c -d -G -i $ROOTFS base haveged --ignore $PKGIGNORE
+  spawn pacstrap -C ./mkimage-arch-pacman.conf -c -d -G -i $ROOTFS base haveged --ignore $PKGIGNORE
   expect {
     "Install anyway?" { send n\r; exp_continue }
     "(default=all)" { send \r; exp_continue }
@@ -38,29 +37,26 @@ EOF
 
 arch-chroot $ROOTFS /bin/sh -c "haveged -w 1024; pacman-key --init; pkill haveged; pacman -Rs --noconfirm haveged; pacman-key --populate archlinux"
 arch-chroot $ROOTFS /bin/sh -c "ln -s /usr/share/zoneinfo/UTC /etc/localtime"
-cat > $ROOTFS/etc/locale.gen <<DELIM
-en_US.UTF-8 UTF-8
-en_US ISO-8859-1
-DELIM
+echo 'en_US.UTF-8 UTF-8' > $ROOTFS/etc/locale.gen
 arch-chroot $ROOTFS locale-gen
-arch-chroot $ROOTFS /bin/sh -c 'echo "Server = http://mirrors.kernel.org/archlinux/\$repo/os/\$arch" > /etc/pacman.d/mirrorlist'
+arch-chroot $ROOTFS /bin/sh -c 'echo "Server = https://mirrors.kernel.org/archlinux/\$repo/os/\$arch" > /etc/pacman.d/mirrorlist'
 
 # udev doesn't work in containers, rebuild /dev
-DEV=${ROOTFS}/dev
-mv ${DEV} ${DEV}.old
-mkdir -p ${DEV}
-mknod -m 666 ${DEV}/null c 1 3
-mknod -m 666 ${DEV}/zero c 1 5
-mknod -m 666 ${DEV}/random c 1 8
-mknod -m 666 ${DEV}/urandom c 1 9
-mkdir -m 755 ${DEV}/pts
-mkdir -m 1777 ${DEV}/shm
-mknod -m 666 ${DEV}/tty c 5 0
-mknod -m 600 ${DEV}/console c 5 1
-mknod -m 666 ${DEV}/tty0 c 4 0
-mknod -m 666 ${DEV}/full c 1 7
-mknod -m 600 ${DEV}/initctl p
-mknod -m 666 ${DEV}/ptmx c 5 2
+DEV=$ROOTFS/dev
+rm -rf $DEV
+mkdir -p $DEV
+mknod -m 666 $DEV/null c 1 3
+mknod -m 666 $DEV/zero c 1 5
+mknod -m 666 $DEV/random c 1 8
+mknod -m 666 $DEV/urandom c 1 9
+mkdir -m 755 $DEV/pts
+mkdir -m 1777 $DEV/shm
+mknod -m 666 $DEV/tty c 5 0
+mknod -m 600 $DEV/console c 5 1
+mknod -m 666 $DEV/tty0 c 4 0
+mknod -m 666 $DEV/full c 1 7
+mknod -m 600 $DEV/initctl p
+mknod -m 666 $DEV/ptmx c 5 2
 
 tar --numeric-owner -C $ROOTFS -c . | docker import - archlinux
 docker run -i -t archlinux echo Success.

contrib/mkimage-busybox.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Generate a very minimal filesystem based on busybox-static,
 # and load it into the local docker under the name "busybox".
 

contrib/mkimage-crux.sh

@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+# Generate a minimal filesystem for CRUX/Linux and load it into the local
+# docker as "cruxlinux"
+# requires root and the crux iso (http://crux.nu)
+
+set -e
+
+die () {
+    echo >&2 "$@"
+    exit 1
+}
+
+[ "$#" -eq 1 ] || die "1 argument(s) required, $# provided. Usage: ./mkimage-crux.sh /path/to/iso"
+
+ISO=${1}
+
+ROOTFS=$(mktemp -d /tmp/rootfs-crux-XXXXXXXXXX)
+CRUX=$(mktemp -d /tmp/crux-XXXXXXXXXX)
+TMP=$(mktemp -d /tmp/XXXXXXXXXX)
+
+VERSION=$(basename --suffix=.iso $ISO | sed 's/[^0-9.]*\([0-9.]*\).*/\1/')
+
+# Mount the ISO
+mount -o ro,loop $ISO $CRUX
+
+# Extract pkgutils
+tar -C $TMP -xf $CRUX/tools/pkgutils#*.pkg.tar.gz
+
+# Put pkgadd in the $PATH
+export PATH="$TMP/usr/bin:$PATH"
+
+# Install core packages
+mkdir -p $ROOTFS/var/lib/pkg
+touch $ROOTFS/var/lib/pkg/db
+for pkg in $CRUX/crux/core/*; do
+    pkgadd -r $ROOTFS $pkg
+done
+
+# Remove agetty and inittab config
+if (grep agetty ${ROOTFS}/etc/inittab 2>&1 > /dev/null); then
+    echo "Removing agetty from /etc/inittab ..."
+    chroot ${ROOTFS} sed -i -e "/agetty/d" /etc/inittab
+    chroot ${ROOTFS} sed -i -e "/shutdown/d" /etc/inittab
+    chroot ${ROOTFS} sed -i -e "/^$/N;/^\n$/d" /etc/inittab
+fi
+
+# Remove kernel source
+rm -rf $ROOTFS/usr/src/*
+
+# udev doesn't work in containers, rebuild /dev
+DEV=$ROOTFS/dev
+rm -rf $DEV
+mkdir -p $DEV
+mknod -m 666 $DEV/null c 1 3
+mknod -m 666 $DEV/zero c 1 5
+mknod -m 666 $DEV/random c 1 8
+mknod -m 666 $DEV/urandom c 1 9
+mkdir -m 755 $DEV/pts
+mkdir -m 1777 $DEV/shm
+mknod -m 666 $DEV/tty c 5 0
+mknod -m 600 $DEV/console c 5 1
+mknod -m 666 $DEV/tty0 c 4 0
+mknod -m 666 $DEV/full c 1 7
+mknod -m 600 $DEV/initctl p
+mknod -m 666 $DEV/ptmx c 5 2
+
+IMAGE_ID=$(tar --numeric-owner -C $ROOTFS -c . | docker import - crux:$VERSION)
+docker tag $IMAGE_ID crux:latest
+docker run -i -t crux echo Success.
+
+# Cleanup
+umount $CRUX
+rm -rf $ROOTFS
+rm -rf $CRUX
+rm -rf $TMP

contrib/mkimage-debootstrap.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
 variant='minbase'
@@ -44,6 +44,8 @@ debianStable=wheezy
 debianUnstable=sid
 # this should match the name found at http://releases.ubuntu.com/
 ubuntuLatestLTS=precise
+# this should match the name found at http://releases.tanglu.org/
+tangluLatest=aequorea
 
 while getopts v:i:a:p:dst name; do
 	case "$name" in
@@ -117,6 +119,11 @@ target="/tmp/docker-rootfs-debootstrap-$suite-$$-$RANDOM"
 cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
 returnTo="$(pwd -P)"
 
+if [ "$suite" = 'lucid' ]; then
+	# lucid fails and doesn't include gpgv in minbase; "apt-get update" fails
+	include+=',gpgv'
+fi
+
 set -x
 
 # bootstrap
@@ -138,18 +145,26 @@ if [ -z "$strictDebootstrap" ]; then
 	# shrink the image, since apt makes us fat (wheezy: ~157.5MB vs ~120MB)
 	sudo chroot . apt-get clean
 	
-	# while we're at it, apt is unnecessarily slow inside containers
-	#  this forces dpkg not to call sync() after package extraction and speeds up install
-	#    the benefit is huge on spinning disks, and the penalty is nonexistent on SSD or decent server virtualization
-	echo 'force-unsafe-io' | sudo tee etc/dpkg/dpkg.cfg.d/02apt-speedup > /dev/null
-	#  we want to effectively run "apt-get clean" after every install to keep images small (see output of "apt-get clean -s" for context)
+	if strings usr/bin/dpkg | grep -q unsafe-io; then
+		# while we're at it, apt is unnecessarily slow inside containers
+		#  this forces dpkg not to call sync() after package extraction and speeds up install
+		#    the benefit is huge on spinning disks, and the penalty is nonexistent on SSD or decent server virtualization
+		echo 'force-unsafe-io' | sudo tee etc/dpkg/dpkg.cfg.d/02apt-speedup > /dev/null
+		# we have this wrapped up in an "if" because the "force-unsafe-io"
+		# option was added in dpkg 1.15.8.6
+		# (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584254#82),
+		# and ubuntu lucid/10.04 only has 1.15.5.6
+	fi
+	
+	# we want to effectively run "apt-get clean" after every install to keep images small (see output of "apt-get clean -s" for context)
 	{
 		aptGetClean='"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true";'
 		echo "DPkg::Post-Invoke { ${aptGetClean} };"
 		echo "APT::Update::Post-Invoke { ${aptGetClean} };"
 		echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";'
 	} | sudo tee etc/apt/apt.conf.d/no-cache > /dev/null
-	#  and remove the translations, too
+	
+	# and remove the translations, too
 	echo 'Acquire::Languages "none";' | sudo tee etc/apt/apt.conf.d/no-languages > /dev/null
 	
 	# helpful undo lines for each the above tweaks (for lack of a better home to keep track of them):
@@ -188,8 +203,23 @@ if [ -z "$strictDebootstrap" ]; then
 					s/ $suite-updates main/ ${suite}-security main/
 				" etc/apt/sources.list
 				;;
+			Tanglu)
+				# add the updates repository
+				if [ "$suite" = "$tangluLatest" ]; then
+					# ${suite}-updates only applies to stable Tanglu versions
+					sudo sed -i "p; s/ $suite main$/ ${suite}-updates main/" etc/apt/sources.list
+				fi
+				;;
+			SteamOS)
+				# add contrib and non-free
+				sudo sed -i "s/ $suite main$/ $suite main contrib non-free/" etc/apt/sources.list
+				;;
 		esac
 	fi
+	
+	# make sure our packages lists are as up to date as we can get them
+	sudo chroot . apt-get update
+	sudo chroot . apt-get dist-upgrade -y
 fi
 
 if [ "$justTar" ]; then
@@ -232,6 +262,28 @@ else
 					fi
 				fi
 				;;
+			Tanglu)
+				if [ "$suite" = "$tangluLatest" ]; then
+					# tag latest
+					$docker tag $repo:$suite $repo:latest
+				fi
+				if [ -r etc/lsb-release ]; then
+					lsbRelease="$(. etc/lsb-release && echo "$DISTRIB_RELEASE")"
+					if [ "$lsbRelease" ]; then
+						# tag specific Tanglu version number, if available (1.0, 2.0, etc.)
+						$docker tag $repo:$suite $repo:$lsbRelease
+					fi
+				fi
+				;;
+			SteamOS)
+				if [ -r etc/lsb-release ]; then
+					lsbRelease="$(. etc/lsb-release && echo "$DISTRIB_RELEASE")"
+					if [ "$lsbRelease" ]; then
+						# tag specific SteamOS version number, if available (1.0, 2.0, etc.)
+						$docker tag $repo:$suite $repo:$lsbRelease
+					fi
+				fi
+				;;
 		esac
 	fi
 fi

contrib/mkimage-rinse.sh

@@ -1,4 +1,11 @@
-#!/bin/bash
+#!/usr/bin/env bash
+#
+# Create a base CentOS Docker image.
+
+# This script is useful on systems with rinse available (e.g.,
+# building a CentOS image on Debian).  See contrib/mkimage-yum.sh for
+# a way to build CentOS images on systems with yum installed.
+
 set -e
 
 repo="$1"

contrib/mkimage-unittest.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Generate a very minimal filesystem based on busybox-static,
 # and load it into the local docker under the name "docker-ut".
 

contrib/mkimage-yum.sh

@@ -0,0 +1,98 @@
+#!/usr/bin/env bash
+#
+# Create a base CentOS Docker image.
+#
+# This script is useful on systems with yum installed (e.g., building
+# a CentOS image on CentOS).  See contrib/mkimage-rinse.sh for a way
+# to build CentOS images on other systems.
+
+usage() {
+    cat <<EOOPTS
+$(basename $0) [OPTIONS] <name>
+OPTIONS:
+  -y <yumconf>  The path to the yum config to install packages from. The
+                default is /etc/yum.conf.
+EOOPTS
+    exit 1
+}
+
+# option defaults
+yum_config=/etc/yum.conf
+while getopts ":y:h" opt; do
+    case $opt in
+        y)
+            yum_config=$OPTARG
+            ;;
+        h)
+            usage
+            ;;
+        \?)
+            echo "Invalid option: -$OPTARG"
+            usage
+            ;;
+    esac
+done
+shift $((OPTIND - 1))
+name=$1
+
+if [[ -z $name ]]; then
+    usage
+fi
+
+#--------------------
+
+target=$(mktemp -d --tmpdir $(basename $0).XXXXXX)
+
+set -x
+
+mkdir -m 755 "$target"/dev
+mknod -m 600 "$target"/dev/console c 5 1
+mknod -m 600 "$target"/dev/initctl p
+mknod -m 666 "$target"/dev/full c 1 7
+mknod -m 666 "$target"/dev/null c 1 3
+mknod -m 666 "$target"/dev/ptmx c 5 2
+mknod -m 666 "$target"/dev/random c 1 8
+mknod -m 666 "$target"/dev/tty c 5 0
+mknod -m 666 "$target"/dev/tty0 c 4 0
+mknod -m 666 "$target"/dev/urandom c 1 9
+mknod -m 666 "$target"/dev/zero c 1 5
+
+yum -c "$yum_config" --installroot="$target" --setopt=tsflags=nodocs \
+    --setopt=group_package_types=mandatory -y groupinstall Core
+yum -c "$yum_config" --installroot="$target" -y clean all
+
+cat > "$target"/etc/sysconfig/network <<EOF
+NETWORKING=yes
+HOSTNAME=localhost.localdomain
+EOF
+
+# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb
+# --keep-services "$target".  Stolen from mkimage-rinse.sh
+#  locales
+rm -rf "$target"/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
+#  docs
+rm -rf "$target"/usr/share/{man,doc,info,gnome/help}
+#  cracklib
+rm -rf "$target"/usr/share/cracklib
+#  i18n
+rm -rf "$target"/usr/share/i18n
+#  sln
+rm -rf "$target"/sbin/sln
+#  ldconfig
+rm -rf "$target"/etc/ld.so.cache
+rm -rf "$target"/var/cache/ldconfig/*
+
+version=
+if [ -r "$target"/etc/redhat-release ]; then
+    version="$(sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' "$target"/etc/redhat-release)"
+fi
+
+if [ -z "$version" ]; then
+    echo >&2 "warning: cannot autodetect OS version, using '$name' as tag"
+    version=$name
+fi
+
+tar --numeric-owner -c -C "$target" . | docker import - $name:$version
+docker run -i -t $name:$version echo success
+
+rm -rf "$target"

contrib/mkseccomp.pl

@@ -10,7 +10,7 @@
 # can configure the list of syscalls.  When run, this script produces output
 # which, when stored in a file, can be passed to docker as follows:
 #
-# docker run -lxc-conf="lxc.seccomp=$file" <rest of arguments>
+# docker run --lxc-conf="lxc.seccomp=$file" <rest of arguments>
 #
 # The included sample file shows how to cut about a quarter of all syscalls,
 # which affecting most applications.
@@ -41,7 +41,7 @@ use warnings;
 
 if( -t ) {
     print STDERR "Helper script to make seccomp filters for Docker/LXC.\n";
-    print STDERR "Usage: mkseccomp.pl [files...]\n";
+    print STDERR "Usage: mkseccomp.pl < [files...]\n";
     exit 1;
 }
 

contrib/mkseccomp.sample

@@ -195,6 +195,7 @@ shutdown
 socket                 // (*)
 socketcall
 socketpair
+sethostname            // (*)
 
 // Signal related
 pause
@@ -261,7 +262,7 @@ vmsplice
 
 // Process control
 capget
-//capset
+capset                 // (*)
 clone                  // (*)
 execve                 // (*)
 exit                   // (*)
@@ -401,7 +402,6 @@ tkill
 //quotactl
 //reboot
 //setdomainname
-//sethostname
 //setns
 //settimeofday
 //sgetmask             // Obsolete

contrib/prepare-commit-msg.hook

@@ -0,0 +1,10 @@
+#!/bin/sh
+#       Auto sign all commits to allow them to be used by the Docker project.
+#       see https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md#sign-your-work
+#
+GH_USER=$(git config --get github.user)
+SOB=$(git var GIT_AUTHOR_IDENT | sed -n "s/^\(.*>\).*$/Docker-DCO-1.1-Signed-off-by: \1 \(github: $GH_USER\)/p")
+grep -qs "^$SOB" "$1" || { 
+	echo 
+	echo "$SOB" 
+} >> "$1"

contrib/syntax/textmate/Docker.tmbundle/Preferences/Dockerfile.tmPreferences

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>name</key>
+	<string>Comments</string>
+	<key>scope</key>
+	<string>source.dockerfile</string>
+	<key>settings</key>
+	<dict>
+		<key>shellVariables</key>
+		<array>
+			<dict>
+				<key>name</key>
+				<string>TM_COMMENT_START</string>
+				<key>value</key>
+				<string># </string>
+			</dict>
+		</array>
+	</dict>
+	<key>uuid</key>
+	<string>2B215AC0-A7F3-4090-9FF6-F4842BD56CA7</string>
+</dict>
+</plist>

contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage

@@ -12,15 +12,37 @@
 	<array>
 		<dict>
 			<key>match</key>
-			<string>^\s*(FROM|MAINTAINER|RUN|CMD|EXPOSE|ENV|ADD)\s</string>
-			<key>name</key>
-			<string>keyword.control.dockerfile</string>
+			<string>^\s*(ONBUILD\s+)?(FROM|MAINTAINER|RUN|EXPOSE|ENV|ADD|VOLUME|USER|WORKDIR)\s</string>
+			<key>captures</key>
+			<dict>
+				<key>0</key>
+				<dict>
+					<key>name</key>
+					<string>keyword.control.dockerfile</string>					
+				</dict>
+				<key>1</key>
+				<dict>
+					<key>name</key>
+					<string>keyword.other.special-method.dockerfile</string>					
+				</dict>
+			</dict>
 		</dict>
 		<dict>
 			<key>match</key>
-			<string>^\s*(ENTRYPOINT|VOLUME|USER|WORKDIR)\s</string>
-			<key>name</key>
-			<string>keyword.operator.dockerfile</string>
+			<string>^\s*(ONBUILD\s+)?(CMD|ENTRYPOINT)\s</string>
+			<key>captures</key>
+			<dict>
+				<key>0</key>
+				<dict>
+					<key>name</key>
+					<string>keyword.operator.dockerfile</string>					
+				</dict>
+				<key>1</key>
+				<dict>
+					<key>name</key>
+					<string>keyword.other.special-method.dockerfile</string>					
+				</dict>
+			</dict>
 		</dict>
 		<dict>
 			<key>begin</key>
@@ -39,6 +61,23 @@
 				</dict>
 			</array>
 		</dict>
+		<dict>
+			<key>begin</key>
+			<string>'</string>
+			<key>end</key>
+			<string>'</string>
+			<key>name</key>
+			<string>string.quoted.single.dockerfile</string>
+			<key>patterns</key>
+			<array>
+				<dict>
+					<key>match</key>
+					<string>\\.</string>
+					<key>name</key>
+					<string>constant.character.escaped.dockerfile</string>
+				</dict>
+			</array>
+		</dict>
 		<dict>
 			<key>match</key>
 			<string>^\s*#.*$</string>

contrib/syntax/textmate/Docker.tmbundle/info.plist

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>contactEmailRot13</key>
+	<string>germ@andz.com.ar</string>
+	<key>contactName</key>
+	<string>GermanDZ</string>
+	<key>description</key>
+	<string>Helpers for Docker.</string>
+	<key>name</key>
+	<string>Docker</string>
+	<key>uuid</key>
+	<string>8B9DDBAF-E65C-4E12-FFA7-467D4AA535B1</string>
+</dict>
+</plist>

contrib/syntax/textmate/Dockerfile.YAML-tmLanguage

@@ -1,23 +0,0 @@
-# [PackageDev] target_format: plist, ext: tmLanguage
----
-name: Dockerfile
-scopeName: source.dockerfile
-uuid: a39d8795-59d2-49af-aa00-fe74ee29576e
-
-patterns:
-# Keywords
-- name: keyword.control.dockerfile
-  match: ^\s*(FROM|MAINTAINER|RUN|CMD|EXPOSE|ENV|ADD)\s
-- name: keyword.operator.dockerfile
-  match: ^\s*(ENTRYPOINT|VOLUME|USER|WORKDIR)\s
-# String
-- name: string.quoted.double.dockerfile
-  begin: "\""
-  end: "\""
-  patterns:
-  - name: constant.character.escaped.dockerfile
-    match: \\.
-# Comment
-- name: comment.block.dockerfile
-  match: ^\s*#.*$
-...

contrib/syntax/textmate/README.md

@@ -1,9 +1,16 @@
-# Dockerfile.tmLanguage
+# Docker.tmbundle
 
-Pretty basic Dockerfile.tmLanguage for Sublime Text syntax highlighting.
+Dockerfile syntaxt highlighting for TextMate and Sublime Text.
 
-PR's with syntax updates, suggestions etc. are all very much appreciated!
+## Install
 
-I'll get to making this installable via Package Control soon!
+### Sublime Text
+
+Available for Sublime Text under [package control](https://sublime.wbond.net/packages/Dockerfile%20Syntax%20Highlighting).
+Search for *Dockerfile Syntax Highlighting*
+
+### TextMate 2
+
+Copy the directory `Docker.tmbundle` (showed as a Package in OSX) to `~/Library/Application Support/TextMate/Managed/Bundles`
 
 enjoy.

contrib/syntax/vim/syntax/dockerfile.vim

@@ -11,8 +11,7 @@ let b:current_syntax = "dockerfile"
 
 syntax case ignore
 
-syntax match dockerfileKeyword /\v^\s*(FROM|MAINTAINER|RUN|CMD|EXPOSE|ENV|ADD)\s/
-syntax match dockerfileKeyword /\v^\s*(ENTRYPOINT|VOLUME|USER|WORKDIR)\s/
+syntax match dockerfileKeyword /\v^\s*(ONBUILD\s+)?(ADD|CMD|ENTRYPOINT|ENV|EXPOSE|FROM|MAINTAINER|RUN|USER|VOLUME|WORKDIR)\s/
 highlight link dockerfileKeyword Keyword
 
 syntax region dockerfileString start=/\v"/ skip=/\v\\./ end=/\v"/

contrib/vagrant-docker/README.md

@@ -31,7 +31,7 @@ stop on runlevel [!2345]
 respawn
 
 script
-    /usr/bin/docker -d -H=tcp://0.0.0.0:4243/
+    /usr/bin/docker -d -H=tcp://0.0.0.0:4243
 end script
 ```
 

daemonconfig/config.go

@@ -0,0 +1,72 @@
+package daemonconfig
+
+import (
+	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/runtime/networkdriver"
+	"net"
+)
+
+const (
+	defaultNetworkMtu    = 1500
+	DisableNetworkBridge = "none"
+)
+
+// FIXME: separate runtime configuration from http api configuration
+type Config struct {
+	Pidfile                     string
+	Root                        string
+	AutoRestart                 bool
+	Dns                         []string
+	DnsSearch                   []string
+	EnableIptables              bool
+	EnableIpForward             bool
+	DefaultIp                   net.IP
+	BridgeIface                 string
+	BridgeIP                    string
+	InterContainerCommunication bool
+	GraphDriver                 string
+	ExecDriver                  string
+	Mtu                         int
+	DisableNetwork              bool
+	EnableSelinuxSupport        bool
+}
+
+// ConfigFromJob creates and returns a new DaemonConfig object
+// by parsing the contents of a job's environment.
+func ConfigFromJob(job *engine.Job) *Config {
+	config := &Config{
+		Pidfile:                     job.Getenv("Pidfile"),
+		Root:                        job.Getenv("Root"),
+		AutoRestart:                 job.GetenvBool("AutoRestart"),
+		EnableIptables:              job.GetenvBool("EnableIptables"),
+		EnableIpForward:             job.GetenvBool("EnableIpForward"),
+		BridgeIP:                    job.Getenv("BridgeIP"),
+		BridgeIface:                 job.Getenv("BridgeIface"),
+		DefaultIp:                   net.ParseIP(job.Getenv("DefaultIp")),
+		InterContainerCommunication: job.GetenvBool("InterContainerCommunication"),
+		GraphDriver:                 job.Getenv("GraphDriver"),
+		ExecDriver:                  job.Getenv("ExecDriver"),
+		EnableSelinuxSupport:        false, // FIXME: hardcoded default to disable selinux for .10 release
+	}
+	if dns := job.GetenvList("Dns"); dns != nil {
+		config.Dns = dns
+	}
+	if dnsSearch := job.GetenvList("DnsSearch"); dnsSearch != nil {
+		config.DnsSearch = dnsSearch
+	}
+	if mtu := job.GetenvInt("Mtu"); mtu != 0 {
+		config.Mtu = mtu
+	} else {
+		config.Mtu = GetDefaultNetworkMtu()
+	}
+	config.DisableNetwork = config.BridgeIface == DisableNetworkBridge
+
+	return config
+}
+
+func GetDefaultNetworkMtu() int {
+	if iface, err := networkdriver.GetDefaultRouteIface(); err == nil {
+		return iface.MTU
+	}
+	return defaultNetworkMtu
+}

docker/docker.go

@@ -1,49 +1,72 @@
 package main
 
 import (
-	"flag"
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
-	"github.com/dotcloud/docker"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/sysinit"
-	"github.com/dotcloud/docker/utils"
+	"io/ioutil"
 	"log"
 	"os"
 	"strings"
+
+	"github.com/dotcloud/docker/api"
+	"github.com/dotcloud/docker/api/client"
+	"github.com/dotcloud/docker/builtins"
+	"github.com/dotcloud/docker/dockerversion"
+	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/opts"
+	flag "github.com/dotcloud/docker/pkg/mflag"
+	"github.com/dotcloud/docker/sysinit"
+	"github.com/dotcloud/docker/utils"
+)
+
+const (
+	defaultCaFile   = "ca.pem"
+	defaultKeyFile  = "key.pem"
+	defaultCertFile = "cert.pem"
 )
 
 var (
-	GITCOMMIT string
-	VERSION   string
+	dockerConfDir = os.Getenv("HOME") + "/.docker/"
 )
 
 func main() {
-	if selfPath := utils.SelfPath(); selfPath == "/sbin/init" || selfPath == "/.dockerinit" {
+	if selfPath := utils.SelfPath(); strings.Contains(selfPath, ".dockerinit") {
 		// Running in init mode
 		sysinit.SysInit()
 		return
 	}
 
 	var (
-		flVersion            = flag.Bool("v", false, "Print version information and quit")
-		flDaemon             = flag.Bool("d", false, "Enable daemon mode")
-		flDebug              = flag.Bool("D", false, "Enable debug mode")
-		flAutoRestart        = flag.Bool("r", true, "Restart previously running containers")
-		bridgeName           = flag.String("b", "", "Attach containers to a pre-existing network bridge; use 'none' to disable container networking")
-		bridgeIp             = flag.String("bip", "", "Use this CIDR notation address for the network bridge's IP, not compatible with -b")
-		pidfile              = flag.String("p", "/var/run/docker.pid", "Path to use for daemon PID file")
-		flRoot               = flag.String("g", "/var/lib/docker", "Path to use as the root of the docker runtime")
-		flEnableCors         = flag.Bool("api-enable-cors", false, "Enable CORS headers in the remote API")
-		flDns                = docker.NewListOpts(docker.ValidateIp4Address)
-		flEnableIptables     = flag.Bool("iptables", true, "Disable docker's addition of iptables rules")
-		flDefaultIp          = flag.String("ip", "0.0.0.0", "Default IP address to use when binding container ports")
-		flInterContainerComm = flag.Bool("icc", true, "Enable inter-container communication")
-		flGraphDriver        = flag.String("s", "", "Force the docker runtime to use a specific storage driver")
-		flHosts              = docker.NewListOpts(docker.ValidateHost)
-		flMtu                = flag.Int("mtu", docker.DefaultNetworkMtu, "Set the containers network mtu")
+		flVersion            = flag.Bool([]string{"v", "-version"}, false, "Print version information and quit")
+		flDaemon             = flag.Bool([]string{"d", "-daemon"}, false, "Enable daemon mode")
+		flDebug              = flag.Bool([]string{"D", "-debug"}, false, "Enable debug mode")
+		flAutoRestart        = flag.Bool([]string{"r", "-restart"}, true, "Restart previously running containers")
+		bridgeName           = flag.String([]string{"b", "-bridge"}, "", "Attach containers to a pre-existing network bridge; use 'none' to disable container networking")
+		bridgeIp             = flag.String([]string{"#bip", "-bip"}, "", "Use this CIDR notation address for the network bridge's IP, not compatible with -b")
+		pidfile              = flag.String([]string{"p", "-pidfile"}, "/var/run/docker.pid", "Path to use for daemon PID file")
+		flRoot               = flag.String([]string{"g", "-graph"}, "/var/lib/docker", "Path to use as the root of the docker runtime")
+		flSocketGroup        = flag.String([]string{"G", "-group"}, "docker", "Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group")
+		flEnableCors         = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API")
+		flDns                = opts.NewListOpts(opts.ValidateIp4Address)
+		flDnsSearch          = opts.NewListOpts(opts.ValidateDomain)
+		flEnableIptables     = flag.Bool([]string{"#iptables", "-iptables"}, true, "Enable Docker's addition of iptables rules")
+		flEnableIpForward    = flag.Bool([]string{"#ip-forward", "-ip-forward"}, true, "Enable net.ipv4.ip_forward")
+		flDefaultIp          = flag.String([]string{"#ip", "-ip"}, "0.0.0.0", "Default IP address to use when binding container ports")
+		flInterContainerComm = flag.Bool([]string{"#icc", "-icc"}, true, "Enable inter-container communication")
+		flGraphDriver        = flag.String([]string{"s", "-storage-driver"}, "", "Force the docker runtime to use a specific storage driver")
+		flExecDriver         = flag.String([]string{"e", "-exec-driver"}, "native", "Force the docker runtime to use a specific exec driver")
+		flHosts              = opts.NewListOpts(api.ValidateHost)
+		flMtu                = flag.Int([]string{"#mtu", "-mtu"}, 0, "Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available")
+		flTls                = flag.Bool([]string{"-tls"}, false, "Use TLS; implied by tls-verify flags")
+		flTlsVerify          = flag.Bool([]string{"-tlsverify"}, false, "Use TLS and verify the remote (daemon: verify client, client: verify daemon)")
+		flCa                 = flag.String([]string{"-tlscacert"}, dockerConfDir+defaultCaFile, "Trust only remotes providing a certificate signed by the CA given here")
+		flCert               = flag.String([]string{"-tlscert"}, dockerConfDir+defaultCertFile, "Path to TLS certificate file")
+		flKey                = flag.String([]string{"-tlskey"}, dockerConfDir+defaultKeyFile, "Path to TLS key file")
 	)
-	flag.Var(&flDns, "dns", "Force docker to use specific DNS servers")
-	flag.Var(&flHosts, "H", "Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise")
+	flag.Var(&flDns, []string{"#dns", "-dns"}, "Force docker to use specific DNS servers")
+	flag.Var(&flDnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains")
+	flag.Var(&flHosts, []string{"H", "-host"}, "tcp://host:port, unix://path/to/socket, fd://* or fd://socketfd to use in daemon mode. Multiple sockets can be specified")
 
 	flag.Parse()
 
@@ -56,50 +79,96 @@ func main() {
 
 		if defaultHost == "" || *flDaemon {
 			// If we do not have a host, default to unix socket
-			defaultHost = fmt.Sprintf("unix://%s", docker.DEFAULTUNIXSOCKET)
+			defaultHost = fmt.Sprintf("unix://%s", api.DEFAULTUNIXSOCKET)
+		}
+		if _, err := api.ValidateHost(defaultHost); err != nil {
+			log.Fatal(err)
 		}
 		flHosts.Set(defaultHost)
 	}
 
 	if *bridgeName != "" && *bridgeIp != "" {
-		log.Fatal("You specified -b & -bip, mutually exclusive options. Please specify only one.")
+		log.Fatal("You specified -b & --bip, mutually exclusive options. Please specify only one.")
 	}
 
 	if *flDebug {
 		os.Setenv("DEBUG", "1")
 	}
-	docker.GITCOMMIT = GITCOMMIT
-	docker.VERSION = VERSION
+
 	if *flDaemon {
 		if flag.NArg() != 0 {
 			flag.Usage()
 			return
 		}
 
-		eng, err := engine.New(*flRoot)
+		// set up the TempDir to use a canonical path
+		tmp := os.TempDir()
+		realTmp, err := utils.ReadSymlinkedDirectory(tmp)
+		if err != nil {
+			log.Fatalf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
+		}
+		os.Setenv("TMPDIR", realTmp)
+
+		// get the canonical path to the Docker root directory
+		root := *flRoot
+		var realRoot string
+		if _, err := os.Stat(root); err != nil && os.IsNotExist(err) {
+			realRoot = root
+		} else {
+			realRoot, err = utils.ReadSymlinkedDirectory(root)
+			if err != nil {
+				log.Fatalf("Unable to get the full path to root (%s): %s", root, err)
+			}
+		}
+
+		eng, err := engine.New(realRoot)
 		if err != nil {
 			log.Fatal(err)
 		}
-		// Load plugin: httpapi
-		job := eng.Job("initapi")
-		job.Setenv("Pidfile", *pidfile)
-		job.Setenv("Root", *flRoot)
-		job.SetenvBool("AutoRestart", *flAutoRestart)
-		job.SetenvBool("EnableCors", *flEnableCors)
-		job.SetenvList("Dns", flDns.GetAll())
-		job.SetenvBool("EnableIptables", *flEnableIptables)
-		job.Setenv("BridgeIface", *bridgeName)
-		job.Setenv("BridgeIp", *bridgeIp)
-		job.Setenv("DefaultIp", *flDefaultIp)
-		job.SetenvBool("InterContainerCommunication", *flInterContainerComm)
-		job.Setenv("GraphDriver", *flGraphDriver)
-		job.SetenvInt("Mtu", *flMtu)
-		if err := job.Run(); err != nil {
-			log.Fatal(err)
-		}
+		// Load builtins
+		builtins.Register(eng)
+		// load the daemon in the background so we can immediately start
+		// the http api so that connections don't fail while the daemon
+		// is booting
+		go func() {
+			// Load plugin: httpapi
+			job := eng.Job("initserver")
+			job.Setenv("Pidfile", *pidfile)
+			job.Setenv("Root", realRoot)
+			job.SetenvBool("AutoRestart", *flAutoRestart)
+			job.SetenvList("Dns", flDns.GetAll())
+			job.SetenvList("DnsSearch", flDnsSearch.GetAll())
+			job.SetenvBool("EnableIptables", *flEnableIptables)
+			job.SetenvBool("EnableIpForward", *flEnableIpForward)
+			job.Setenv("BridgeIface", *bridgeName)
+			job.Setenv("BridgeIP", *bridgeIp)
+			job.Setenv("DefaultIp", *flDefaultIp)
+			job.SetenvBool("InterContainerCommunication", *flInterContainerComm)
+			job.Setenv("GraphDriver", *flGraphDriver)
+			job.Setenv("ExecDriver", *flExecDriver)
+			job.SetenvInt("Mtu", *flMtu)
+			if err := job.Run(); err != nil {
+				log.Fatal(err)
+			}
+			// after the daemon is done setting up we can tell the api to start
+			// accepting connections
+			if err := eng.Job("acceptconnections").Run(); err != nil {
+				log.Fatal(err)
+			}
+		}()
+
 		// Serve api
-		job = eng.Job("serveapi", flHosts.GetAll()...)
+		job := eng.Job("serveapi", flHosts.GetAll()...)
 		job.SetenvBool("Logging", true)
+		job.SetenvBool("EnableCors", *flEnableCors)
+		job.Setenv("Version", dockerversion.VERSION)
+		job.Setenv("SocketGroup", *flSocketGroup)
+
+		job.SetenvBool("Tls", *flTls)
+		job.SetenvBool("TlsVerify", *flTlsVerify)
+		job.Setenv("TlsCa", *flCa)
+		job.Setenv("TlsCert", *flCert)
+		job.Setenv("TlsKey", *flKey)
 		if err := job.Run(); err != nil {
 			log.Fatal(err)
 		}
@@ -108,7 +177,47 @@ func main() {
 			log.Fatal("Please specify only one -H")
 		}
 		protoAddrParts := strings.SplitN(flHosts.GetAll()[0], "://", 2)
-		if err := docker.ParseCommands(protoAddrParts[0], protoAddrParts[1], flag.Args()...); err != nil {
+
+		var (
+			cli       *client.DockerCli
+			tlsConfig tls.Config
+		)
+		tlsConfig.InsecureSkipVerify = true
+
+		// If we should verify the server, we need to load a trusted ca
+		if *flTlsVerify {
+			*flTls = true
+			certPool := x509.NewCertPool()
+			file, err := ioutil.ReadFile(*flCa)
+			if err != nil {
+				log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err)
+			}
+			certPool.AppendCertsFromPEM(file)
+			tlsConfig.RootCAs = certPool
+			tlsConfig.InsecureSkipVerify = false
+		}
+
+		// If tls is enabled, try to load and send client certificates
+		if *flTls || *flTlsVerify {
+			_, errCert := os.Stat(*flCert)
+			_, errKey := os.Stat(*flKey)
+			if errCert == nil && errKey == nil {
+				*flTls = true
+				cert, err := tls.LoadX509KeyPair(*flCert, *flKey)
+				if err != nil {
+					log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err)
+				}
+				tlsConfig.Certificates = []tls.Certificate{cert}
+			}
+		}
+
+		if *flTls || *flTlsVerify {
+			cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
+		} else {
+			cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], nil)
+		}
+
+		if err := cli.ParseCommands(flag.Args()...); err != nil {
 			if sterr, ok := err.(*utils.StatusError); ok {
 				if sterr.Status != "" {
 					log.Println(sterr.Status)
@@ -121,5 +230,5 @@ func main() {
 }
 
 func showVersion() {
-	fmt.Printf("Docker version %s, build %s\n", VERSION, GITCOMMIT)
+	fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT)
 }

dockerinit/dockerinit.go

@@ -4,11 +4,6 @@ import (
 	"github.com/dotcloud/docker/sysinit"
 )
 
-var (
-	GITCOMMIT string
-	VERSION   string
-)
-
 func main() {
 	// Running in init mode
 	sysinit.SysInit()

dockerversion/dockerversion.go

@@ -0,0 +1,15 @@
+package dockerversion
+
+// FIXME: this should be embedded in the docker/docker.go,
+// but we can't because distro policy requires us to
+// package a separate dockerinit binary, and that binary needs
+// to know its version too.
+
+var (
+	GITCOMMIT string
+	VERSION   string
+
+	IAMSTATIC bool   // whether or not Docker itself was compiled statically via ./hack/make.sh binary
+	INITSHA1  string // sha1sum of separate static dockerinit, if Docker itself was compiled dynamically via ./hack/make.sh dynbinary
+	INITPATH  string // custom location to search for a valid dockerinit binary (available for packagers as a last resort escape hatch)
+)

docs/Dockerfile

@@ -1,20 +1,19 @@
-from ubuntu:12.04
-maintainer Nick Stinemates
+FROM ubuntu:12.04
+MAINTAINER Nick Stinemates
 #
 #    docker build -t docker:docs . && docker run -p 8000:8000 docker:docs
 #
 
-run apt-get update
-run apt-get install -y python-setuptools make
-run easy_install pip
-#from docs/requirements.txt, but here to increase cacheability
-run pip install Sphinx==1.1.3
-run pip install sphinxcontrib-httpdomain==1.1.9
-add . /docs
-run cd /docs; make docs
+# TODO switch to http://packages.ubuntu.com/trusty/python-sphinxcontrib-httpdomain once trusty is released
 
-expose 8000
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq make python-pip python-setuptools
+# pip installs from docs/requirements.txt, but here to increase cacheability
+RUN pip install Sphinx==1.2.1
+RUN pip install sphinxcontrib-httpdomain==1.2.0
+ADD . /docs
+RUN make -C /docs clean docs
 
-workdir /docs/_build/html
-
-entrypoint ["python", "-m", "SimpleHTTPServer"]
+WORKDIR /docs/_build/html
+CMD ["python", "-m", "SimpleHTTPServer"]
+# note, EXPOSE is only last because of https://github.com/dotcloud/docker/issues/3525
+EXPOSE 8000

docs/MAINTAINERS

@@ -1,4 +1,2 @@
-Andy Rothfusz <andy@dotcloud.com> (@metalivedev)
-Ken Cochrane <ken@dotcloud.com> (@kencochrane)
 James Turnbull <james@lovedthanlost.net> (@jamtur01)
 Sven Dowideit <SvenDowideit@fosiki.com> (@SvenDowideit)

docs/README.md

@@ -19,10 +19,24 @@ post-commit hooks. The "release" branch maps to the "latest"
 documentation and the "master" branch maps to the "master"
 documentation. 
 
-**Warning**: The "master" documentation may include features not yet
-part of any official docker release. "Master" docs should be used only
-for understanding bleeding-edge development and "latest" should be
-used for the latest official release.
+## Branches
+
+**There are two branches related to editing docs**: ``master`` and a
+``doc*`` branch (currently ``doc0.8.1``). You should normally edit
+docs on the ``master`` branch. That way your fixes will automatically
+get included in later releases, and docs maintainers can easily
+cherry-pick your changes to bring over to the current docs branch. In
+the rare case where your change is not forward-compatible, then you
+could base your change on the appropriate ``doc*`` branch.
+
+Now that we have a ``doc*`` branch, we can keep the ``latest`` docs
+up to date with any bugs found between ``docker`` code releases.
+
+**Warning**: When *reading* the docs, the ``master`` documentation may
+include features not yet part of any official docker
+release. ``Master`` docs should be used only for understanding
+bleeding-edge development and ``latest`` (which points to the ``doc*``
+branch``) should be used for the latest official release.
 
 If you need to manually trigger a build of an existing branch, then
 you can do that through the [readthedocs
@@ -39,7 +53,7 @@ Getting Started
 To edit and test the docs, you'll need to install the Sphinx tool and
 its dependencies. There are two main ways to install this tool:
 
-###Native Installation
+### Native Installation
 
 Install dependencies from `requirements.txt` file in your `docker/docs`
 directory:
@@ -48,7 +62,7 @@ directory:
 
 * Mac OS X: `[sudo] pip-2.7 install -r docs/requirements.txt`
 
-###Alternative Installation: Docker Container
+### Alternative Installation: Docker Container
 
 If you're running ``docker`` on your development machine then you may
 find it easier and cleaner to use the docs Dockerfile. This installs Sphinx
@@ -59,11 +73,16 @@ docs inside the container, even starting a simple HTTP server on port
 In the ``docker`` source directory, run:
     ```make docs```
 
-This is the equivalent to ``make clean server`` since each container starts clean.
+This is the equivalent to ``make clean server`` since each container
+starts clean.
 
-Usage
------
-* Follow the contribution guidelines (``../CONTRIBUTING.md``)
+# Contributing
+
+## Normal Case:
+
+* Follow the contribution guidelines ([see
+  ``../CONTRIBUTING.md``](../CONTRIBUTING.md)).
+* [Remember to sign your work!](../CONTRIBUTING.md#sign-your-work)
 * Work in your own fork of the code, we accept pull requests.
 * Change the ``.rst`` files with your favorite editor -- try to keep the
   lines short and respect RST and Sphinx conventions. 
@@ -75,6 +94,20 @@ Usage
 
 ``make clean docs`` must complete without any warnings or errors.
 
+## Special Case for RST Newbies:
+
+If you want to write a new doc or make substantial changes to an
+existing doc, but **you don't know RST syntax**, we will accept pull
+requests in Markdown and plain text formats. We really want to
+encourage people to share their knowledge and don't want the markup
+syntax to be the obstacle. So when you make the Pull Request, please
+note in your comment that you need RST markup assistance, and we'll
+make the changes for you, and then we will make a pull request to your
+pull request so that you can get all the changes and learn about the
+markup. You still need to follow the
+[``CONTRIBUTING``](../CONTRIBUTING) guidelines, so please sign your
+commits.
+
 Working using GitHub's file editor
 ----------------------------------
 
@@ -82,6 +115,7 @@ Alternatively, for small changes and typos you might want to use
 GitHub's built in file editor. It allows you to preview your changes
 right online (though there can be some differences between GitHub
 markdown and Sphinx RST). Just be careful not to create many commits.
+And you must still [sign your work!](../CONTRIBUTING.md#sign-your-work)
 
 Images
 ------
@@ -93,8 +127,11 @@ exists.
 
 Notes
 -----
-* For the template the css is compiled from less. When changes are needed they can be compiled using
-lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css``
+
+* For the template the css is compiled from less. When changes are
+  needed they can be compiled using
+
+  lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css``
 
 Guides on using sphinx
 ----------------------
@@ -106,7 +143,8 @@ Guides on using sphinx
     Hello world
     ===========
 
-    This is.. (etc.)
+    This is a reference to :ref:`hello_world` and will work even if we
+    move the target to another file or change the title of the section. 
   ```
 
   The ``_hello_world:`` will make it possible to link to this position

docs/requirements.txt

@@ -1,2 +1,2 @@
-Sphinx==1.1.3
-sphinxcontrib-httpdomain==1.1.9
+Sphinx==1.2.1
+sphinxcontrib-httpdomain==1.2.0

docs/sources/api/MAINTAINERS

@@ -1 +0,0 @@
-Solomon Hykes <solomon@dotcloud.com> (@shykes)

docs/sources/articles/baseimages.rst

@@ -13,8 +13,8 @@ The specific process will depend heavily on the Linux distribution you
 want to package. We have some examples below, and you are encouraged
 to submit pull requests to contribute new ones.
 
-Getting Started
-...............
+Create a full image using tar
+.............................
 
 In general, you'll want to start with a working machine that is
 running the distribution you'd like to package as a base image, though
@@ -34,10 +34,32 @@ It can be as simple as this to create an Ubuntu base image::
   DISTRIB_DESCRIPTION="Ubuntu 13.04"
 
 There are more example scripts for creating base images in the
-Docker Github Repo:
+Docker GitHub Repo:
 
 * `BusyBox <https://github.com/dotcloud/docker/blob/master/contrib/mkimage-busybox.sh>`_
-* `CentOS / Scientific Linux CERN (SLC)
+* CentOS / Scientific Linux CERN (SLC) `on Debian/Ubuntu
   <https://github.com/dotcloud/docker/blob/master/contrib/mkimage-rinse.sh>`_
+  or
+  `on CentOS/RHEL/SLC/etc.
+  <https://github.com/dotcloud/docker/blob/master/contrib/mkimage-yum.sh>`_
 * `Debian / Ubuntu
   <https://github.com/dotcloud/docker/blob/master/contrib/mkimage-debootstrap.sh>`_
+
+
+Creating a simple base image using ``scratch``
+..............................................
+
+There is a special repository in the Docker registry called ``scratch``, which 
+was created using an empty tar file::
+
+    $ tar cv --files-from /dev/null | docker import - scratch
+
+which you can ``docker pull``. You can then use that image to base your new 
+minimal containers ``FROM``::
+
+    FROM scratch
+    ADD true-asm /true
+    CMD ["/true"]
+
+The Dockerfile above is from extremely minimal image - 
+`tianon/true <https://github.com/tianon/dockerfiles/tree/master/true>`_.