Bump version to v1.7.0

Signed-off-by: Jessica Frazelle <princess@docker.com>

.gitignore

@@ -1,33 +1,37 @@
 # Docker project generated files to ignore
 #  if you want to ignore files created by your editor/tools,
 #  please consider a global .gitignore https://help.github.com/articles/ignoring-files
-.vagrant*
-bin
-docker/docker
 *.exe
-.*.swp
-a.out
 *.orig
-build_src
-.flymake*
-.idea
+*.rej
+*.test
+.*.swp
 .DS_Store
+.bashrc
+.dotcloud
+.flymake*
+.git/
+.gopath/
+.hg/
+.idea
+.vagrant*
+Vagrantfile
+a.out
+autogen/
+bin
+build_src
+bundles/
+docker/docker
+docs/AWS_S3_BUCKET
+docs/GITCOMMIT
+docs/GIT_BRANCH
+docs/VERSION
 docs/_build
 docs/_static
 docs/_templates
-.gopath/
-.dotcloud
-*.test
-bundles/
-.hg/
-.git/
-vendor/pkg/
-pyenv
-Vagrantfile
-docs/AWS_S3_BUCKET
-docs/GIT_BRANCH
-docs/VERSION
-docs/GITCOMMIT
 docs/changed-files
-autogen/
-.bashrc
+# generated by man/man/md2man-all.sh
+man/man1
+man/man5
+pyenv
+vendor/pkg/

CHANGELOG.md

@@ -1,5 +1,76 @@
 # Changelog
 
+## 1.7.0 (2015-06-16)
+
+#### Runtime
++ Experimental feature: support for out-of-process volume plugins
++ Experimental feature: support for out-of-process network plugins
+* Logging: syslog logging driver is available
+* The userland proxy can be disabled in favor of hairpin NAT using the daemon’s `--userland-proxy=false` flag
+* The `exec` command supports the `-u|--user` flag to specify the new process owner
++ Default gateway for containers can be specified daemon-wide using the `--default-gateway` and `--default-gateway-v6` flags
++ The CPU CFS (Completely Fair Scheduler) quota can be set in `docker run` using `--cpu-quota`
++ Container block IO can be controlled in `docker run` using`--blkio-weight`
++ ZFS support
++ The `docker logs` command supports a `--since` argument
++ UTS namespace can be shared with the host with `docker run --uts=host`
+
+#### Quality
+* Networking stack was entirely rewritten as part of the libnetwork effort
+* Engine internals refactoring
+* Volumes code was entirely rewritten to support the plugins effort
++ Sending SIGUSR1 to a daemon will dump all goroutines stacks without exiting
+
+#### Build
++ Support ${variable:-value} and ${variable:+value} syntax for environment variables
++ Support resource management flags `--cgroup-parent`, `--cpu-period`, `--cpu-quota`, `--cpuset-cpus`, `--cpuset-mems`
++ git context changes with branches and directories
+* The .dockerignore file support exclusion rules
+
+#### Distribution
++ Client support for v2 mirroring support for the official registry
+
+#### Bugfixes
+* Firewalld is now supported and will automatically be used when available
+* mounting --device recursively
+
+## 1.6.2 (2015-05-13)
+
+####  Runtime
+- Revert change prohibiting mounting into /sys
+
+## 1.6.1 (2015-05-07)
+
+####  Security
+- Fix read/write /proc paths (CVE-2015-3630)
+- Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631)
+- Fix opening of file-descriptor 1 (CVE-2015-3627)
+- Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629)
+- Prohibit mount of /sys
+
+#### Runtime
+- Update Apparmor policy to not allow mounts
+
+## 1.6.0 (2015-04-07)
+
+#### Builder
++ Building images from an image ID
++ Build containers with resource constraints, ie `docker build --cpu-shares=100 --memory=1024m...`
++ `commit --change` to apply specified Dockerfile instructions while committing the image
++ `import --change` to apply specified Dockerfile instructions while importing the image
++ Builds no longer continue in the background when canceled with CTRL-C
+
+#### Client
++ Windows Support
+
+#### Runtime
++ Container and image Labels
++ `--cgroup-parent` for specifying a parent cgroup to place container cgroup within
++ Logging drivers, `json-file`, `syslog`, or `none`
++ Pulling images by ID
++ `--ulimit` to set the ulimit on a container
++ `--default-ulimit` option on the daemon which applies to all created containers (and overwritten by `--ulimit` on run)
+
 ## 1.5.0 (2015-02-10)
 
 #### Builder

CONTRIBUTING.md

@@ -129,12 +129,12 @@ However, there might be a way to implement that feature *on top of* Docker.
   <col width="45%">
   <col width="65%">
   <tr>
-    <td>Internet&nbsp;Relay&nbsp;Chat&nbsp;(IRC)</th>
+    <td>Internet&nbsp;Relay&nbsp;Chat&nbsp;(IRC)</td>
     <td>
       <p>
         IRC a direct line to our most knowledgeable Docker users; we have
-        both the  <code>#docker</code> and <code>#docker-dev</code> group on 
-        <strong>irc.freenode.net</strong>.  
+        both the  <code>#docker</code> and <code>#docker-dev</code> group on
+        <strong>irc.freenode.net</strong>.
         IRC is a rich chat protocol but it can overwhelm new users. You can search
         <a href="https://botbot.me/freenode/docker/#" target="_blank">our chat archives</a>.
       </p>
@@ -146,9 +146,9 @@ However, there might be a way to implement that feature *on top of* Docker.
     <td>
       There are two groups.
       <a href="https://groups.google.com/forum/#!forum/docker-user" target="_blank">Docker-user</a>
-      is for people using Docker containers. 
-      The <a href="https://groups.google.com/forum/#!forum/docker-dev" target="_blank">docker-dev</a> 
-      group is for contributors and other people contributing to the Docker 
+      is for people using Docker containers.
+      The <a href="https://groups.google.com/forum/#!forum/docker-dev" target="_blank">docker-dev</a>
+      group is for contributors and other people contributing to the Docker
       project.
     </td>
   </tr>
@@ -156,15 +156,15 @@ However, there might be a way to implement that feature *on top of* Docker.
     <td>Twitter</td>
     <td>
       You can follow <a href="https://twitter.com/docker/" target="_blank">Docker's Twitter feed</a>
-      to get updates on our products. You can also tweet us questions or just 
+      to get updates on our products. You can also tweet us questions or just
       share blogs or stories.
     </td>
   </tr>
   <tr>
     <td>Stack Overflow</td>
     <td>
-      Stack Overflow has over 7000K Docker questions listed. We regularly 
-      monitor <a href="http://stackoverflow.com/search?tab=newest&q=docker" target="_blank">Docker questions</a>
+      Stack Overflow has over 7000K Docker questions listed. We regularly
+      monitor <a href="https://stackoverflow.com/search?tab=newest&q=docker" target="_blank">Docker questions</a>
       and so do many other knowledgeable Docker users.
     </td>
   </tr>

Dockerfile

@@ -26,11 +26,15 @@
 FROM ubuntu:14.04
 MAINTAINER Tianon Gravi <admwiggin@gmail.com> (@tianon)
 
+RUN	apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61
+RUN	echo deb http://ppa.launchpad.net/zfs-native/stable/ubuntu trusty main > /etc/apt/sources.list.d/zfs.list
+
 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
 	apparmor \
 	aufs-tools \
 	automake \
+	bash-completion \
 	btrfs-tools \
 	build-essential \
 	curl \
@@ -49,6 +53,8 @@ RUN apt-get update && apt-get install -y \
 	ruby1.9.1 \
 	ruby1.9.1-dev \
 	s3cmd=1.1.0* \
+	ubuntu-zfs \
+	libzfs-dev \
 	--no-install-recommends
 
 # Get lvm2 source for compiling statically
@@ -97,12 +103,19 @@ RUN cd /usr/local/go/src \
 			./make.bash --no-clean 2>&1; \
 	done
 
-# We still support compiling with older Go, so need to grab older "gofmt"
-ENV GOFMT_VERSION 1.3.3
-RUN curl -sSL https://storage.googleapis.com/golang/go${GOFMT_VERSION}.$(go env GOOS)-$(go env GOARCH).tar.gz | tar -C /go/bin -xz --strip-components=2 go/bin/gofmt
+# This has been commented out and kept as reference because we don't support compiling with older Go anymore.
+# ENV GOFMT_VERSION 1.3.3
+# RUN curl -sSL https://storage.googleapis.com/golang/go${GOFMT_VERSION}.$(go env GOOS)-$(go env GOARCH).tar.gz | tar -C /go/bin -xz --strip-components=2 go/bin/gofmt
 
+# Update this sha when we upgrade to go 1.5.0
+ENV GO_TOOLS_COMMIT 069d2f3bcb68257b627205f0486d6cc69a231ff9
 # Grab Go's cover tool for dead-simple code coverage testing
-RUN go get golang.org/x/tools/cmd/cover
+# Grab Go's vet tool for examining go code to find suspicious constructs
+# and help prevent errors that the compiler might not catch
+RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
+	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT) \
+	&& go install -v golang.org/x/tools/cmd/cover \
+	&& go install -v golang.org/x/tools/cmd/vet
 
 # TODO replace FPM with some very minimal debhelper stuff
 RUN gem install --no-rdoc --no-ri fpm --version 1.3.2
@@ -113,7 +126,8 @@ RUN set -x \
 	&& git clone https://github.com/docker/distribution.git /go/src/github.com/docker/distribution \
 	&& (cd /go/src/github.com/docker/distribution && git checkout -q $REGISTRY_COMMIT) \
 	&& GOPATH=/go/src/github.com/docker/distribution/Godeps/_workspace:/go \
-		go build -o /go/bin/registry-v2 github.com/docker/distribution/cmd/registry
+		go build -o /go/bin/registry-v2 github.com/docker/distribution/cmd/registry \
+	&& rm -rf /go/src/github.com/docker/distribution/
 
 # Get the "docker-py" source so we can run their integration tests
 ENV DOCKER_PY_COMMIT 91985b239764fe54714fa0a93d52aa362357d251
@@ -137,32 +151,37 @@ RUN useradd --create-home --gid docker unprivilegeduser
 
 VOLUME /var/lib/docker
 WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor selinux btrfs_noversion
+ENV DOCKER_BUILDTAGS apparmor selinux
 
 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
 
+# Register Docker's bash completion.
+RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
+
 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling
 COPY contrib/download-frozen-image.sh /go/src/github.com/docker/docker/contrib/
 RUN ./contrib/download-frozen-image.sh /docker-frozen-images \
 	busybox:latest@4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125 \
-	hello-world:frozen@e45a5af57b00862e5ef5782a9925979a02ba2b12dff832fd0991335f4a11e5c5
+	hello-world:frozen@e45a5af57b00862e5ef5782a9925979a02ba2b12dff832fd0991335f4a11e5c5 \
+	jess/unshare@5c9f6ea50341a2a8eb6677527f2bdedbf331ae894a41714fda770fb130f3314d
 # see also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
 
-# Install man page generator
-COPY vendor /go/src/github.com/docker/docker/vendor
-# (copy vendor/ because go-md2man needs golang.org/x/net)
+# Download man page generator
 RUN set -x \
 	&& git clone -b v1.0.1 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \
-	&& git clone -b v1.2 https://github.com/russross/blackfriday.git /go/src/github.com/russross/blackfriday \
-	&& go install -v github.com/cpuguy83/go-md2man
+	&& git clone -b v1.2 https://github.com/russross/blackfriday.git /go/src/github.com/russross/blackfriday
 
-# install toml validator
+# Download toml validator
 ENV TOMLV_COMMIT 9baf8a8a9f2ed20a8e54160840c492f937eeaf9a
 RUN set -x \
 	&& git clone https://github.com/BurntSushi/toml.git /go/src/github.com/BurntSushi/toml \
-	&& (cd /go/src/github.com/BurntSushi/toml && git checkout -q $TOMLV_COMMIT) \
-	&& go install -v github.com/BurntSushi/toml/cmd/tomlv
+	&& (cd /go/src/github.com/BurntSushi/toml && git checkout -q $TOMLV_COMMIT)
+
+# copy vendor/ because go-md2man needs golang.org/x/net
+COPY vendor /go/src/github.com/docker/docker/vendor
+RUN go install -v github.com/cpuguy83/go-md2man \
+	github.com/BurntSushi/toml/cmd/tomlv
 
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]

LICENSE

@@ -1,7 +1,7 @@
 
                                  Apache License
                            Version 2.0, January 2004
-                        http://www.apache.org/licenses/
+                        https://www.apache.org/licenses/
 
    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 
@@ -182,7 +182,7 @@
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at
 
-       http://www.apache.org/licenses/LICENSE-2.0
+       https://www.apache.org/licenses/LICENSE-2.0
 
    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,

MAINTAINERS

@@ -37,7 +37,7 @@ project from a great one.
 		text = """
 Docker follows the timeless, highly efficient and totally unfair system
 known as [Benevolent dictator for
-life](http://en.wikipedia.org/wiki/Benevolent_Dictator_for_Life), with
+life](https://en.wikipedia.org/wiki/Benevolent_Dictator_for_Life), with
 yours truly, Solomon Hykes, in the role of BDFL. This means that all
 decisions are made, by default, by Solomon. Since making every decision
 myself would be highly un-scalable, in practice decisions are spread
@@ -113,7 +113,7 @@ It is the responsibility of the subsystem maintainers to process patches affecti
 manner.
 
 * If the change affects areas of the code which are not part of a subsystem,
-or if subsystem maintainers are unable to reach a timely decision, it must be approved by 
+or if subsystem maintainers are unable to reach a timely decision, it must be approved by
 the core maintainers.
 
 * If the change affects the UI or public APIs, or if it represents a major change in architecture,
@@ -131,7 +131,7 @@ for each.
 """
 
 		# Triage
-		[Rules.review.states.0-triage]
+		[Rules.review.states.0-needs-triage]
 
 			# Maintainers are expected to triage new incoming pull requests by removing
 			# the `0-triage` label and adding the correct labels (e.g. `1-design-review`)
@@ -149,7 +149,7 @@ for each.
 			1-design-review = "general case"
 
 		# Design review
-		[Rules.review.states.1-design-review]
+		[Rules.review.states.1-needs-design-review]
 
 			# Maintainers are expected to comment on the design of the pull request.
 			# Review of documentation is expected only in the context of design validation,
@@ -166,7 +166,7 @@ for each.
 			2-code-review = "general case"
 
 		# Code review
-		[Rules.review.states.2-code-review]
+		[Rules.review.states.2-needs-code-review]
 
 			# Maintainers are expected to review the code and ensure that it is good
 			# quality and in accordance with the documentation in the PR.
@@ -184,7 +184,7 @@ for each.
 			3-docs-review = "general case"
 
 		# Docs review
-		[Rules.review.states.3-docs-review]
+		[Rules.review.states.3-needs-docs-review]
 
 			# Maintainers are expected to review the documentation in its bigger context,
 			# ensuring consistency, completeness, validity, and breadth of coverage across
@@ -193,6 +193,11 @@ for each.
 			# They should ask for any editorial change that makes the documentation more
 			# consistent and easier to understand.
 			#
+			# Changes and additions to docs must be reviewed and approved (LGTM'd) by a minimum of
+			# two docs sub-project maintainers. If the docs change originates with a docs
+			# maintainer, only one additional LGTM is required (since we assume a docs maintainer
+			# approves of their own PR).
+			#
 			# Once documentation is approved (see below), a maintainer should make sure to remove this
 			# label and add the next one.
 
@@ -200,14 +205,9 @@ for each.
 			2-code-review = "requires more code changes"
 			1-design-review = "raises design concerns"
 			4-merge = "general case"
-			
-		# Docs approval
-		[Rules.review.docs-approval]
-			# Changes and additions to docs must be reviewed and approved (LGTM'd) by a minimum of two docs sub-project maintainers.
-			# If the docs change originates with a docs maintainer, only one additional LGTM is required (since we assume a docs maintainer approves of their own PR). 	
 
 		# Merge
-		[Rules.review.states.4-merge]
+		[Rules.review.states.4-needs-merge]
 
 			# Maintainers are expected to merge this pull request as soon as possible.
 			# They can ask for a rebase, or carry the pull request themselves.
@@ -268,7 +268,7 @@ made through a pull request.
 
 	# The chief architect is responsible for the overall integrity of the technical architecture
 	# across all subsystems, and the consistency of APIs and UI.
-	# 
+	#
 	# Changes to UI, public APIs and overall architecture (for example a plugin system) must
 	# be approved by the chief architect.
 	"Chief Architect" = "shykes"
@@ -296,7 +296,9 @@ made through a pull request.
 		[Org.Operators.security]
 
 			people = [
-				"erw"
+				"erw",
+				"diogomonica",
+				"nathanmccauley"
 			]
 
 		[Org.Operators."monthly meetings"]
@@ -312,13 +314,29 @@ made through a pull request.
 				"jfrazelle",
 				"crosbymichael"
 			]
+		
+		[Org.Operators.community]
+			people = [
+				"theadactyl"
+			]
 
 	# The chief maintainer is responsible for all aspects of quality for the project including
-	# code reviews, usability, stability, security, performance, etc. 
+	# code reviews, usability, stability, security, performance, etc.
 	# The most important function of the chief maintainer is to lead by example. On the first
 	# day of a new maintainer, the best advice should be "follow the C.M.'s example and you'll
 	# be fine".
 	"Chief Maintainer" = "crosbymichael"
+	
+	# The community manager is responsible for serving the project community, including users, 
+	# contributors and partners. This involves:
+	#	- facilitating communication between maintainers, contributors and users
+	#	- organizing contributor and maintainer events
+	#	- helping new contributors get involved
+	#	- anything the project community needs to be successful
+	#
+	# The community manager is a point of contact for any contributor who has questions, concerns 
+	# or feedback about project operations. 
+	"Community Manager" = "theadactyl"
 
 	[Org."Core maintainers"]
 
@@ -339,14 +357,15 @@ made through a pull request.
 
 
 		people = [
-			"unclejack",
 			"crosbymichael",
 			"erikh",
 			"estesp",
 			"icecrime",
 			"jfrazelle",
 			"lk4d4",
+			"runcom",
 			"tibor",
+			"unclejack",
 			"vbatts",
 			"vieux",
 			"vishh"
@@ -359,80 +378,81 @@ made through a pull request.
 	# has a dedicated group of maintainers, which are dedicated to that subsytem and responsible
 	# for its quality.
 	# This "cellular division" is the primary mechanism for scaling maintenance of the project as it grows.
-	# 
+	#
 	# The maintainers of each subsytem are responsible for:
-	# 
+	#
 	# 1. Exposing a clear road map for improving their subsystem.
 	# 2. Deliver prompt feedback and decisions on pull requests affecting their subsystem.
 	# 3. Be available to anyone with questions, bug reports, criticism etc.
-	#   on their component. This includes IRC, GitHub requests and the mailing
-	#   list.
+	#	on their component. This includes IRC, GitHub requests and the mailing
+	#	list.
 	# 4. Make sure their subsystem respects the philosophy, design and
-	#   road map of the project.
+	#	road map of the project.
 	#
 	# #### How to review patches to your subsystem
-	# 
+	#
 	# Accepting pull requests:
-	# 
-	#   - If the pull request appears to be ready to merge, give it a `LGTM`, which
-	#     stands for "Looks Good To Me".
-	#   - If the pull request has some small problems that need to be changed, make
-	#     a comment adressing the issues.
-	#   - If the changes needed to a PR are small, you can add a "LGTM once the
-	#     following comments are adressed..." this will reduce needless back and
-	#     forth.
-	#   - If the PR only needs a few changes before being merged, any MAINTAINER can
-	#     make a replacement PR that incorporates the existing commits and fixes the
-	#     problems before a fast track merge.
-	# 
+	#
+	#	- If the pull request appears to be ready to merge, give it a `LGTM`, which
+	#	  stands for "Looks Good To Me".
+	#	- If the pull request has some small problems that need to be changed, make
+	#	  a comment adressing the issues.
+	#	- If the changes needed to a PR are small, you can add a "LGTM once the
+	#	  following comments are adressed..." this will reduce needless back and
+	#	  forth.
+	#	- If the PR only needs a few changes before being merged, any MAINTAINER can
+	#	  make a replacement PR that incorporates the existing commits and fixes the
+	#	  problems before a fast track merge.
+	#
 	# Closing pull requests:
-	# 
-	#   - If a PR appears to be abandoned, after having attempted to contact the
-	#     original contributor, then a replacement PR may be made.  Once the
-	#     replacement PR is made, any contributor may close the original one.
-	#   - If you are not sure if the pull request implements a good feature or you
-	#     do not understand the purpose of the PR, ask the contributor to provide
-	#     more documentation.  If the contributor is not able to adequately explain
-	#     the purpose of the PR, the PR may be closed by any MAINTAINER.
-	#   - If a MAINTAINER feels that the pull request is sufficiently architecturally
-	#     flawed, or if the pull request needs significantly more design discussion
-	#     before being considered, the MAINTAINER should close the pull request with
-	#     a short explanation of what discussion still needs to be had.  It is
-	#     important not to leave such pull requests open, as this will waste both the
-	#     MAINTAINER's time and the contributor's time.  It is not good to string a
-	#     contributor on for weeks or months, having them make many changes to a PR
-	#     that will eventually be rejected.
+	#
+	#	- If a PR appears to be abandoned, after having attempted to contact the
+	#	  original contributor, then a replacement PR may be made. Once the
+	#	  replacement PR is made, any contributor may close the original one.
+	#	- If you are not sure if the pull request implements a good feature or you
+	#	  do not understand the purpose of the PR, ask the contributor to provide
+	#	  more documentation.  If the contributor is not able to adequately explain
+	#	  the purpose of the PR, the PR may be closed by any MAINTAINER.
+	#	- If a MAINTAINER feels that the pull request is sufficiently architecturally
+	#	  flawed, or if the pull request needs significantly more design discussion
+	#	  before being considered, the MAINTAINER should close the pull request with
+	#	  a short explanation of what discussion still needs to be had.  It is
+	#	  important not to leave such pull requests open, as this will waste both the
+	#	  MAINTAINER's time and the contributor's time.  It is not good to string a
+	#	  contributor on for weeks or months, having them make many changes to a PR
+	#	  that will eventually be rejected.
 
 		[Org.Subsystems.Documentation]
 
 			people = [
 				"fredlf",
 				"james",
-				"sven",
+				"moxiegirl",
+				"thaJeztah",
+				"jamtur01",
 				"spf13",
-				"mary"
+				"sven"
 			]
 
 		[Org.Subsystems.libcontainer]
 
 			people = [
 				"crosbymichael",
-				"vmarmol",
-				"mpatel",
 				"jnagal",
-				"lk4d4"
+				"lk4d4",
+				"mpatel",
+				"vmarmol"
 			]
 
 		[Org.Subsystems.registry]
 
 			people = [
+				"dmcg",
 				"dmp42",
-				"vbatts",
-				"joffrey",
+				"jlhawn",
 				"samalba",
 				"sday",
-				"jlhawn",
-				"dmcg"
+				"vbatts"
 			]
 
 		[Org.Subsystems."build tools"]
@@ -471,11 +491,27 @@ made through a pull request.
 		[Org.Subsystem.builder]
 
 			people = [
+				"duglin",
 				"erikh",
-				"tibor",
-				"duglin"
+				"tibor"
 			]
 
+	[Org.Curators]
+
+	# The curators help ensure that incoming issues and pull requests are properly triaged and
+	# that our various contribution and reviewing processes are respected. With their knowledge of
+	# the repository activity, they can also guide contributors to relevant material or
+	# discussions.
+	#
+	# They are neither code nor docs reviewers, so they are never expected to merge. They can
+	# however:
+	# - close an issue or pull request when it's an exact duplicate
+	# - close an issue or pull request when it's inappropriate or off-topic
+
+	people = [
+		"thajeztah"
+	]
+
 
 [people]
 
@@ -500,11 +536,21 @@ made through a pull request.
 	Email = "ben@firshman.co.uk"
 	GitHub = "bfirsh"
 
+	[people.cpuguy83]
+	Name = "Brian Goff"
+	Email = "cpuguy83@gmail.com"
+	Github = "cpuguy83"
+
 	[people.crosbymichael]
 	Name = "Michael Crosby"
 	Email = "crosbymichael@gmail.com"
 	GitHub = "crosbymichael"
 
+	[people.diogomonica]
+	Name = "Diogo Monica"
+	Email = "diogo@docker.com"
+	GitHub = "diogomonica"
+
 	[people.duglin]
 	Name = "Doug Davis"
 	Email = "dug@us.ibm.com"
@@ -552,7 +598,7 @@ made through a pull request.
 
 	[people.jfrazelle]
 	Name = "Jessie Frazelle"
-	Email = "jess@docker.com"
+	Email = "j@docker.com"
 	GitHub = "jfrazelle"
 
 	[people.jlhawn]
@@ -560,21 +606,26 @@ made through a pull request.
 	Email = "josh.hawn@docker.com"
 	Github = "jlhawn"
 
-	[people.joffrey]
-	Name = "Joffrey Fuhrer"
-	Email = "joffrey@docker.com"
-	Github = "shin-"
-
 	[people.lk4d4]
 	Name = "Alexander Morozov"
 	Email = "lk4d4@docker.com"
 	GitHub = "lk4d4"
 
-	[people.mary]
+	[people.moxiegirl]
 	Name = "Mary Anthony"
 	Email = "mary.anthony@docker.com"
 	GitHub = "moxiegirl"
 
+	[people.nathanmccauley]
+	Name = "Nathan McCauley"
+	Email = "nathan.mccauley@docker.com"
+	GitHub = "nathanmccauley"
+
+	[people.runcom]
+	Name = "Antonio Murdaca"
+	Email = "me@runcom.ninja"
+	GitHub = "runcom"
+
 	[people.sday]
 	Name = "Stephen Day"
 	Email = "stephen.day@docker.com"
@@ -584,17 +635,27 @@ made through a pull request.
 	Name = "Solomon Hykes"
 	Email = "solomon@docker.com"
 	GitHub = "shykes"
-    
+
 	[people.spf13]
 	Name = "Steve Francia"
 	Email = "steve.francia@gmail.com"
 	GitHub = "spf13"
-	
+
 	[people.sven]
 	Name = "Sven Dowideit"
 	Email = "SvenDowideit@home.org.au"
 	GitHub = "SvenDowideit"
 
+	[people.thajeztah]
+	Name = "Sebastiaan van Stijn"
+	Email = "github@gone.nl"
+	GitHub = "thaJeztah"
+	
+	[people.theadactyl]
+	Name = "Thea Lamkin"
+	Email = "thea@docker.com"
+	GitHub = "theadactyl"
+
 	[people.tianon]
 	Name = "Tianon Gravi"
 	Email = "admwiggin@gmail.com"

Makefile

@@ -1,4 +1,4 @@
-.PHONY: all binary build cross default docs docs-build docs-shell shell test test-unit test-integration test-integration-cli test-docker-py validate
+.PHONY: all binary build cross default docs docs-build docs-shell shell test test-unit test-integration-cli test-docker-py validate
 
 # env vars passed through directly to Docker's build scripts
 # to allow things like `make DOCKER_CLIENTONLY=1 binary` easily
@@ -7,7 +7,10 @@ DOCKER_ENVS := \
 	-e BUILDFLAGS \
 	-e DOCKER_CLIENTONLY \
 	-e DOCKER_EXECDRIVER \
+	-e DOCKER_EXPERIMENTAL \
 	-e DOCKER_GRAPHDRIVER \
+	-e DOCKER_STORAGE_OPTS \
+	-e DOCKER_USERLANDPROXY \
 	-e TESTDIRS \
 	-e TESTFLAGS \
 	-e TIMEOUT
@@ -19,14 +22,9 @@ DOCKER_ENVS := \
 BIND_DIR := $(if $(BINDDIR),$(BINDDIR),$(if $(DOCKER_HOST),,bundles))
 DOCKER_MOUNT := $(if $(BIND_DIR),-v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/docker/docker/$(BIND_DIR)")
 
-# to allow `make DOCSDIR=docs docs-shell` (to create a bind mount in docs)
-DOCS_MOUNT := $(if $(DOCSDIR),-v $(CURDIR)/$(DOCSDIR):/$(DOCSDIR))
-
-# to allow `make DOCSPORT=9000 docs`
-DOCSPORT := 8000
 
 GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
-DOCKER_IMAGE := docker$(if $(GIT_BRANCH),:$(GIT_BRANCH))
+DOCKER_IMAGE := docker-dev$(if $(GIT_BRANCH),:$(GIT_BRANCH))
 DOCKER_DOCS_IMAGE := docker-docs$(if $(GIT_BRANCH),:$(GIT_BRANCH))
 
 DOCKER_RUN_DOCKER := docker run --rm -it --privileged $(DOCKER_ENVS) $(DOCKER_MOUNT) "$(DOCKER_IMAGE)"
@@ -47,29 +45,13 @@ binary: build
 cross: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh binary cross
 
-docs: docs-build
-	$(DOCKER_RUN_DOCS) -p $(if $(DOCSPORT),$(DOCSPORT):)8000 "$(DOCKER_DOCS_IMAGE)" mkdocs serve
-
-docs-shell: docs-build
-	$(DOCKER_RUN_DOCS) -p $(if $(DOCSPORT),$(DOCSPORT):)8000 "$(DOCKER_DOCS_IMAGE)" bash
-
-docs-release: docs-build
-	$(DOCKER_RUN_DOCS) -e OPTIONS -e BUILD_ROOT -e DISTRIBUTION_ID \
-		-v $(CURDIR)/docs/awsconfig:/docs/awsconfig \
-		"$(DOCKER_DOCS_IMAGE)" ./release.sh
-
-docs-test: docs-build
-	$(DOCKER_RUN_DOCS) "$(DOCKER_DOCS_IMAGE)" ./test.sh
 
 test: build
-	$(DOCKER_RUN_DOCKER) hack/make.sh binary cross test-unit test-integration test-integration-cli test-docker-py
+	$(DOCKER_RUN_DOCKER) hack/make.sh binary cross test-unit test-integration-cli test-docker-py
 
 test-unit: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh test-unit
 
-test-integration: build
-	$(DOCKER_RUN_DOCKER) hack/make.sh test-integration
-
 test-integration-cli: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh binary test-integration-cli
 
@@ -77,7 +59,7 @@ test-docker-py: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh binary test-docker-py
 
 validate: build
-	$(DOCKER_RUN_DOCKER) hack/make.sh validate-gofmt validate-dco validate-toml
+	$(DOCKER_RUN_DOCKER) hack/make.sh validate-dco validate-gofmt validate-test validate-toml validate-vet
 
 shell: build
 	$(DOCKER_RUN_DOCKER) bash
@@ -85,13 +67,5 @@ shell: build
 build: bundles
 	docker build -t "$(DOCKER_IMAGE)" .
 
-docs-build:
-	cp ./VERSION docs/VERSION
-	echo "$(GIT_BRANCH)" > docs/GIT_BRANCH
-#	echo "$(AWS_S3_BUCKET)" > docs/AWS_S3_BUCKET
-	echo "$(GITCOMMIT)" > docs/GITCOMMIT
-	docker pull docs/base
-	docker build -t "$(DOCKER_DOCS_IMAGE)" docs
-
 bundles:
 	mkdir bundles

NOTICE

@@ -1,7 +1,7 @@
 Docker
 Copyright 2012-2015 Docker, Inc.
 
-This product includes software developed at Docker, Inc. (http://www.docker.com).
+This product includes software developed at Docker, Inc. (https://www.docker.com).
 
 This product contains software (https://github.com/kr/pty) developed
 by Keith Rarick, licensed under the MIT License.
@@ -10,10 +10,10 @@ The following is courtesy of our legal counsel:
 
 
 Use and transfer of Docker may be subject to certain restrictions by the
-United States and other governments.  
+United States and other governments.
 It is your responsibility to ensure that your use and/or transfer does not
-violate applicable laws. 
+violate applicable laws.
 
-For more information, please see http://www.bis.doc.gov
+For more information, please see https://www.bis.doc.gov
 
-See also http://www.apache.org/dev/crypto.html and/or seek legal counsel.
+See also https://www.apache.org/dev/crypto.html and/or seek legal counsel.

README.md

@@ -2,7 +2,7 @@ Docker: the Linux container engine
 ==================================
 
 Docker is an open source project to pack, ship and run any application
-as a lightweight container
+as a lightweight container.
 
 Docker containers are both *hardware-agnostic* and *platform-agnostic*.
 This means they can run anywhere, from your laptop to the largest
@@ -13,7 +13,7 @@ databases, and backend services without depending on a particular stack
 or provider.
 
 Docker began as an open-source implementation of the deployment engine which
-powers [dotCloud](http://dotcloud.com), a popular Platform-as-a-Service.
+powers [dotCloud](https://dotcloud.com), a popular Platform-as-a-Service.
 It benefits directly from the experience accumulated over several years
 of large-scale operation and support of hundreds of thousands of
 applications and databases.
@@ -30,7 +30,7 @@ security@docker.com and not by creating a github issue.
 
 A common method for distributing applications and sandboxing their
 execution is to use virtual machines, or VMs. Typical VM formats are
-VMWare's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In theory
+VMware's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In theory
 these formats should allow every developer to automatically package
 their application into a "machine" for easy distribution and deployment.
 In practice, that almost never happens, for a few reasons:
@@ -56,12 +56,12 @@ By contrast, Docker relies on a different sandboxing method known as
 *containerization*. Unlike traditional virtualization, containerization
 takes place at the kernel level. Most modern operating system kernels
 now support the primitives necessary for containerization, including
-Linux with [openvz](http://openvz.org),
+Linux with [openvz](https://openvz.org),
 [vserver](http://linux-vserver.org) and more recently
 [lxc](http://lxc.sourceforge.net), Solaris with
-[zones](http://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc),
+[zones](https://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc),
 and FreeBSD with
-[Jails](http://www.freebsd.org/doc/handbook/jails.html).
+[Jails](https://www.freebsd.org/doc/handbook/jails.html).
 
 Docker builds on top of these low-level primitives to offer developers a
 portable format and runtime environment that solves all four problems.
@@ -105,7 +105,7 @@ This is usually difficult for several reasons:
     these situations with various degrees of ease - but they all
     handle them in different and incompatible ways, which again forces
     the developer to do extra work.
-  
+
   * *Custom dependencies*. A developer may need to prepare a custom
     version of their application's dependency. Some packaging systems
     can handle custom versions of a dependency, others can't - and all
@@ -115,7 +115,7 @@ This is usually difficult for several reasons:
 Docker solves the problem of dependency hell by giving the developer a simple
 way to express *all* their application's dependencies in one place, while
 streamlining the process of assembling them. If this makes you think of
-[XKCD 927](http://xkcd.com/927/), don't worry. Docker doesn't
+[XKCD 927](https://xkcd.com/927/), don't worry. Docker doesn't
 *replace* your favorite packaging systems. It simply orchestrates
 their use in a simple and repeatable way. How does it do that? With
 layers.
@@ -147,19 +147,19 @@ Docker can be installed on your local machine as well as servers - both
 bare metal and virtualized.  It is available as a binary on most modern
 Linux systems, or as a VM on Windows, Mac and other systems.
 
-We also offer an [interactive tutorial](http://www.docker.com/tryit/)
+We also offer an [interactive tutorial](https://www.docker.com/tryit/)
 for quickly learning the basics of using Docker.
 
-For up-to-date install instructions, see the [Docs](http://docs.docker.com).
+For up-to-date install instructions, see the [Docs](https://docs.docker.com).
 
 Usage examples
 ==============
 
 Docker can be used to run short-lived commands, long-running daemons
-(app servers, databases etc.), interactive shell sessions, etc.
+(app servers, databases, etc.), interactive shell sessions, etc.
 
 You can find a [list of real-world
-examples](http://docs.docker.com/examples/) in the
+examples](https://docs.docker.com/examples/) in the
 documentation.
 
 Under the hood
@@ -171,16 +171,16 @@ Under the hood, Docker is built on the following components:
   [cgroup](http://blog.dotcloud.com/kernel-secrets-from-the-paas-garage-part-24-c)
   and
   [namespacing](http://blog.dotcloud.com/under-the-hood-linux-kernels-on-dotcloud-part)
-  capabilities of the Linux kernel;
-* The [Go](http://golang.org) programming language.
-* The [Docker Image Specification] (https://github.com/docker/docker/blob/master/image/spec/v1.md)
-* The [Libcontainer Specification] (https://github.com/docker/libcontainer/blob/master/SPEC.md)
+  capabilities of the Linux kernel
+* The [Go](https://golang.org) programming language
+* The [Docker Image Specification](https://github.com/docker/docker/blob/master/image/spec/v1.md)
+* The [Libcontainer Specification](https://github.com/docker/libcontainer/blob/master/SPEC.md)
 
 Contributing to Docker
 ======================
 
-[![GoDoc](https://godoc.org/github.com/docker/docker?status.png)](https://godoc.org/github.com/docker/docker)
-[![Jenkins Build Status](https://jenkins.dockerproject.com/job/Docker%20Master/badge/icon)](https://jenkins.dockerproject.com/job/Docker%20Master/)
+[![GoDoc](https://godoc.org/github.com/docker/docker?status.svg)](https://godoc.org/github.com/docker/docker)
+[![Jenkins Build Status](https://jenkins.dockerproject.org/job/Docker%20Master/badge/icon)](https://jenkins.dockerproject.org/job/Docker%20Master/)
 
 Want to hack on Docker? Awesome! We have [instructions to help you get
 started contributing code or documentation.](https://docs.docker.com/project/who-written-for/).
@@ -192,12 +192,12 @@ Getting the development builds
 ==============================
 
 Want to run Docker from a master build? You can download 
-master builds at [master.dockerproject.com](https://master.dockerproject.com). 
+master builds at [master.dockerproject.org](https://master.dockerproject.org). 
 They are updated with each commit merged into the master branch.
 
 Don't know how to use that super cool new feature in the master build? Check
 out the master docs at
-[docs.master.dockerproject.com](http://docs.master.dockerproject.com).
+[docs.master.dockerproject.org](http://docs.master.dockerproject.org).
 
 How the project is run
 ======================
@@ -207,17 +207,65 @@ or want to get more involved, the best place to start is [the project directory]
 
 We are always open to suggestions on process improvements, and are always looking for more maintainers.
 
+### Talking to other Docker users and contributors
+
+<table class="tg">
+  <col width="45%">
+  <col width="65%">
+  <tr>
+    <td>Internet&nbsp;Relay&nbsp;Chat&nbsp;(IRC)</td>
+    <td>
+      <p>
+        IRC a direct line to our most knowledgeable Docker users; we have
+        both the  <code>#docker</code> and <code>#docker-dev</code> group on
+        <strong>irc.freenode.net</strong>.
+        IRC is a rich chat protocol but it can overwhelm new users. You can search
+        <a href="https://botbot.me/freenode/docker/#" target="_blank">our chat archives</a>.
+      </p>
+      Read our <a href="https://docs.docker.com/project/get-help/#irc-quickstart" target="_blank">IRC quickstart guide</a> for an easy way to get started.
+    </td>
+  </tr>
+  <tr>
+    <td>Google Groups</td>
+    <td>
+      There are two groups.
+      <a href="https://groups.google.com/forum/#!forum/docker-user" target="_blank">Docker-user</a>
+      is for people using Docker containers.
+      The <a href="https://groups.google.com/forum/#!forum/docker-dev" target="_blank">docker-dev</a>
+      group is for contributors and other people contributing to the Docker
+      project.
+    </td>
+  </tr>
+  <tr>
+    <td>Twitter</td>
+    <td>
+      You can follow <a href="https://twitter.com/docker/" target="_blank">Docker's Twitter feed</a>
+      to get updates on our products. You can also tweet us questions or just
+      share blogs or stories.
+    </td>
+  </tr>
+  <tr>
+    <td>Stack Overflow</td>
+    <td>
+      Stack Overflow has over 7000K Docker questions listed. We regularly
+      monitor <a href="https://stackoverflow.com/search?tab=newest&q=docker" target="_blank">Docker questions</a>
+      and so do many other knowledgeable Docker users.
+    </td>
+  </tr>
+</table>
+
 ### Legal
 
 *Brought to you courtesy of our legal counsel. For more context,
-please see the "NOTICE" document in this repo.*
+please see the [NOTICE](https://github.com/docker/docker/blob/master/NOTICE) document in this repo.*
 
 Use and transfer of Docker may be subject to certain restrictions by the
-United States and other governments.  
-It is your responsibility to ensure that your use and/or transfer does not
-violate applicable laws. 
+United States and other governments.
 
-For more information, please see http://www.bis.doc.gov
+It is your responsibility to ensure that your use and/or transfer does not
+violate applicable laws.
+
+For more information, please see https://www.bis.doc.gov
 
 
 Licensing
@@ -230,17 +278,18 @@ Other Docker Related Projects
 =============================
 There are a number of projects under development that are based on Docker's
 core technology. These projects expand the tooling built around the
-Docker platform to broaden its application and utility. 
-
-If you know of another project underway that should be listed here, please help
-us keep this list up-to-date by submitting a PR.
+Docker platform to broaden its application and utility.
 
 * [Docker Registry](https://github.com/docker/distribution): Registry 
 server for Docker (hosting/delivery of repositories and images)
 * [Docker Machine](https://github.com/docker/machine): Machine management 
-for a container-centric world 
+for a container-centric world
 * [Docker Swarm](https://github.com/docker/swarm): A Docker-native clustering 
-system 
+system
 * [Docker Compose](https://github.com/docker/compose) (formerly Fig): 
 Define and run multi-container apps
+* [Kitematic](https://github.com/kitematic/kitematic): The easiest way to use 
+Docker on a Mac
 
+If you know of another project underway that should be listed here, please help 
+us keep this list up-to-date by submitting a PR.

VERSION

@@ -1 +1 @@
-1.5.0-dev
+1.7.0-rc4

api/client/attach.go

@@ -0,0 +1,83 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/url"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/signal"
+)
+
+// CmdAttach attaches to a running container.
+//
+// Usage: docker attach [OPTIONS] CONTAINER
+func (cli *DockerCli) CmdAttach(args ...string) error {
+	var (
+		cmd     = cli.Subcmd("attach", "CONTAINER", "Attach to a running container", true)
+		noStdin = cmd.Bool([]string{"#nostdin", "-no-stdin"}, false, "Do not attach STDIN")
+		proxy   = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxy all received signals to the process")
+	)
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+	name := cmd.Arg(0)
+
+	stream, _, err := cli.call("GET", "/containers/"+name+"/json", nil, nil)
+	if err != nil {
+		return err
+	}
+
+	var c types.ContainerJSON
+	if err := json.NewDecoder(stream).Decode(&c); err != nil {
+		return err
+	}
+
+	if !c.State.Running {
+		return fmt.Errorf("You cannot attach to a stopped container, start it first")
+	}
+
+	if err := cli.CheckTtyInput(!*noStdin, c.Config.Tty); err != nil {
+		return err
+	}
+
+	if c.Config.Tty && cli.isTerminalOut {
+		if err := cli.monitorTtySize(cmd.Arg(0), false); err != nil {
+			logrus.Debugf("Error monitoring TTY size: %s", err)
+		}
+	}
+
+	var in io.ReadCloser
+
+	v := url.Values{}
+	v.Set("stream", "1")
+	if !*noStdin && c.Config.OpenStdin {
+		v.Set("stdin", "1")
+		in = cli.in
+	}
+
+	v.Set("stdout", "1")
+	v.Set("stderr", "1")
+
+	if *proxy && !c.Config.Tty {
+		sigc := cli.forwardAllSignals(cmd.Arg(0))
+		defer signal.StopCatch(sigc)
+	}
+
+	if err := cli.hijack("POST", "/containers/"+cmd.Arg(0)+"/attach?"+v.Encode(), c.Config.Tty, in, cli.out, cli.err, nil, nil); err != nil {
+		return err
+	}
+
+	_, status, err := getExitCode(cli, cmd.Arg(0))
+	if err != nil {
+		return err
+	}
+	if status != 0 {
+		return StatusError{StatusCode: status}
+	}
+
+	return nil
+}

api/client/build.go

@@ -0,0 +1,310 @@
+package client
+
+import (
+	"bufio"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"runtime"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/graph/tags"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/fileutils"
+	"github.com/docker/docker/pkg/jsonmessage"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/progressreader"
+	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/pkg/symlink"
+	"github.com/docker/docker/pkg/units"
+	"github.com/docker/docker/pkg/urlutil"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/utils"
+)
+
+const (
+	tarHeaderSize = 512
+)
+
+// CmdBuild builds a new image from the source code at a given path.
+//
+// If '-' is provided instead of a path or URL, Docker will build an image from either a Dockerfile or tar archive read from STDIN.
+//
+// Usage: docker build [OPTIONS] PATH | URL | -
+func (cli *DockerCli) CmdBuild(args ...string) error {
+	cmd := cli.Subcmd("build", "PATH | URL | -", "Build a new image from the source code at PATH", true)
+	tag := cmd.String([]string{"t", "-tag"}, "", "Repository name (and optionally a tag) for the image")
+	suppressOutput := cmd.Bool([]string{"q", "-quiet"}, false, "Suppress the verbose output generated by the containers")
+	noCache := cmd.Bool([]string{"#no-cache", "-no-cache"}, false, "Do not use cache when building the image")
+	rm := cmd.Bool([]string{"#rm", "-rm"}, true, "Remove intermediate containers after a successful build")
+	forceRm := cmd.Bool([]string{"-force-rm"}, false, "Always remove intermediate containers")
+	pull := cmd.Bool([]string{"-pull"}, false, "Always attempt to pull a newer version of the image")
+	dockerfileName := cmd.String([]string{"f", "-file"}, "", "Name of the Dockerfile (Default is 'PATH/Dockerfile')")
+	flMemoryString := cmd.String([]string{"m", "-memory"}, "", "Memory limit")
+	flMemorySwap := cmd.String([]string{"-memory-swap"}, "", "Total memory (memory + swap), '-1' to disable swap")
+	flCPUShares := cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)")
+	flCpuPeriod := cmd.Int64([]string{"-cpu-period"}, 0, "Limit the CPU CFS (Completely Fair Scheduler) period")
+	flCpuQuota := cmd.Int64([]string{"-cpu-quota"}, 0, "Limit the CPU CFS (Completely Fair Scheduler) quota")
+	flCPUSetCpus := cmd.String([]string{"-cpuset-cpus"}, "", "CPUs in which to allow execution (0-3, 0,1)")
+	flCPUSetMems := cmd.String([]string{"-cpuset-mems"}, "", "MEMs in which to allow execution (0-3, 0,1)")
+	flCgroupParent := cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
+
+	cmd.Require(flag.Exact, 1)
+	cmd.ParseFlags(args, true)
+
+	var (
+		context  archive.Archive
+		isRemote bool
+		err      error
+	)
+
+	_, err = exec.LookPath("git")
+	hasGit := err == nil
+	if cmd.Arg(0) == "-" {
+		// As a special case, 'docker build -' will build from either an empty context with the
+		// contents of stdin as a Dockerfile, or a tar-ed context from stdin.
+		buf := bufio.NewReader(cli.in)
+		magic, err := buf.Peek(tarHeaderSize)
+		if err != nil && err != io.EOF {
+			return fmt.Errorf("failed to peek context header from STDIN: %v", err)
+		}
+		if !archive.IsArchive(magic) {
+			dockerfile, err := ioutil.ReadAll(buf)
+			if err != nil {
+				return fmt.Errorf("failed to read Dockerfile from STDIN: %v", err)
+			}
+
+			// -f option has no meaning when we're reading it from stdin,
+			// so just use our default Dockerfile name
+			*dockerfileName = api.DefaultDockerfileName
+			context, err = archive.Generate(*dockerfileName, string(dockerfile))
+		} else {
+			context = ioutil.NopCloser(buf)
+		}
+	} else if urlutil.IsURL(cmd.Arg(0)) && (!urlutil.IsGitURL(cmd.Arg(0)) || !hasGit) {
+		isRemote = true
+	} else {
+		root := cmd.Arg(0)
+		if urlutil.IsGitURL(root) {
+			root, err = utils.GitClone(root)
+			if err != nil {
+				return err
+			}
+			defer os.RemoveAll(root)
+		}
+		if _, err := os.Stat(root); err != nil {
+			return err
+		}
+
+		absRoot, err := filepath.Abs(root)
+		if err != nil {
+			return err
+		}
+
+		filename := *dockerfileName // path to Dockerfile
+
+		if *dockerfileName == "" {
+			// No -f/--file was specified so use the default
+			*dockerfileName = api.DefaultDockerfileName
+			filename = filepath.Join(absRoot, *dockerfileName)
+
+			// Just to be nice ;-) look for 'dockerfile' too but only
+			// use it if we found it, otherwise ignore this check
+			if _, err = os.Lstat(filename); os.IsNotExist(err) {
+				tmpFN := path.Join(absRoot, strings.ToLower(*dockerfileName))
+				if _, err = os.Lstat(tmpFN); err == nil {
+					*dockerfileName = strings.ToLower(*dockerfileName)
+					filename = tmpFN
+				}
+			}
+		}
+
+		origDockerfile := *dockerfileName // used for error msg
+		if filename, err = filepath.Abs(filename); err != nil {
+			return err
+		}
+
+		// Verify that 'filename' is within the build context
+		filename, err = symlink.FollowSymlinkInScope(filename, absRoot)
+		if err != nil {
+			return fmt.Errorf("The Dockerfile (%s) must be within the build context (%s)", origDockerfile, root)
+		}
+
+		// Now reset the dockerfileName to be relative to the build context
+		*dockerfileName, err = filepath.Rel(absRoot, filename)
+		if err != nil {
+			return err
+		}
+		// And canonicalize dockerfile name to a platform-independent one
+		*dockerfileName, err = archive.CanonicalTarNameForPath(*dockerfileName)
+		if err != nil {
+			return fmt.Errorf("Cannot canonicalize dockerfile path %s: %v", *dockerfileName, err)
+		}
+
+		if _, err = os.Lstat(filename); os.IsNotExist(err) {
+			return fmt.Errorf("Cannot locate Dockerfile: %s", origDockerfile)
+		}
+		var includes = []string{"."}
+
+		excludes, err := utils.ReadDockerIgnore(path.Join(root, ".dockerignore"))
+		if err != nil {
+			return err
+		}
+
+		// If .dockerignore mentions .dockerignore or the Dockerfile
+		// then make sure we send both files over to the daemon
+		// because Dockerfile is, obviously, needed no matter what, and
+		// .dockerignore is needed to know if either one needs to be
+		// removed.  The deamon will remove them for us, if needed, after it
+		// parses the Dockerfile.
+		keepThem1, _ := fileutils.Matches(".dockerignore", excludes)
+		keepThem2, _ := fileutils.Matches(*dockerfileName, excludes)
+		if keepThem1 || keepThem2 {
+			includes = append(includes, ".dockerignore", *dockerfileName)
+		}
+
+		if err := utils.ValidateContextDirectory(root, excludes); err != nil {
+			return fmt.Errorf("Error checking context is accessible: '%s'. Please check permissions and try again.", err)
+		}
+		options := &archive.TarOptions{
+			Compression:     archive.Uncompressed,
+			ExcludePatterns: excludes,
+			IncludeFiles:    includes,
+		}
+		context, err = archive.TarWithOptions(root, options)
+		if err != nil {
+			return err
+		}
+	}
+
+	// windows: show error message about modified file permissions
+	// FIXME: this is not a valid warning when the daemon is running windows. should be removed once docker engine for windows can build.
+	if runtime.GOOS == "windows" {
+		fmt.Fprintln(cli.err, `SECURITY WARNING: You are building a Docker image from Windows against a Linux Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.`)
+	}
+
+	var body io.Reader
+	// Setup an upload progress bar
+	// FIXME: ProgressReader shouldn't be this annoying to use
+	if context != nil {
+		sf := streamformatter.NewStreamFormatter()
+		body = progressreader.New(progressreader.Config{
+			In:        context,
+			Out:       cli.out,
+			Formatter: sf,
+			NewLines:  true,
+			ID:        "",
+			Action:    "Sending build context to Docker daemon",
+		})
+	}
+
+	var memory int64
+	if *flMemoryString != "" {
+		parsedMemory, err := units.RAMInBytes(*flMemoryString)
+		if err != nil {
+			return err
+		}
+		memory = parsedMemory
+	}
+
+	var memorySwap int64
+	if *flMemorySwap != "" {
+		if *flMemorySwap == "-1" {
+			memorySwap = -1
+		} else {
+			parsedMemorySwap, err := units.RAMInBytes(*flMemorySwap)
+			if err != nil {
+				return err
+			}
+			memorySwap = parsedMemorySwap
+		}
+	}
+	// Send the build context
+	v := &url.Values{}
+
+	//Check if the given image name can be resolved
+	if *tag != "" {
+		repository, tag := parsers.ParseRepositoryTag(*tag)
+		if err := registry.ValidateRepositoryName(repository); err != nil {
+			return err
+		}
+		if len(tag) > 0 {
+			if err := tags.ValidateTagName(tag); err != nil {
+				return err
+			}
+		}
+	}
+
+	v.Set("t", *tag)
+
+	if *suppressOutput {
+		v.Set("q", "1")
+	}
+	if isRemote {
+		v.Set("remote", cmd.Arg(0))
+	}
+	if *noCache {
+		v.Set("nocache", "1")
+	}
+	if *rm {
+		v.Set("rm", "1")
+	} else {
+		v.Set("rm", "0")
+	}
+
+	if *forceRm {
+		v.Set("forcerm", "1")
+	}
+
+	if *pull {
+		v.Set("pull", "1")
+	}
+
+	v.Set("cpusetcpus", *flCPUSetCpus)
+	v.Set("cpusetmems", *flCPUSetMems)
+	v.Set("cpushares", strconv.FormatInt(*flCPUShares, 10))
+	v.Set("cpuquota", strconv.FormatInt(*flCpuQuota, 10))
+	v.Set("cpuperiod", strconv.FormatInt(*flCpuPeriod, 10))
+	v.Set("memory", strconv.FormatInt(memory, 10))
+	v.Set("memswap", strconv.FormatInt(memorySwap, 10))
+	v.Set("cgroupparent", *flCgroupParent)
+
+	v.Set("dockerfile", *dockerfileName)
+
+	headers := http.Header(make(map[string][]string))
+	buf, err := json.Marshal(cli.configFile.AuthConfigs)
+	if err != nil {
+		return err
+	}
+	headers.Add("X-Registry-Config", base64.URLEncoding.EncodeToString(buf))
+
+	if context != nil {
+		headers.Set("Content-Type", "application/tar")
+	}
+	sopts := &streamOpts{
+		rawTerminal: true,
+		in:          body,
+		out:         cli.out,
+		headers:     headers,
+	}
+	err = cli.stream("POST", fmt.Sprintf("/build?%s", v.Encode()), sopts)
+	if jerr, ok := err.(*jsonmessage.JSONError); ok {
+		// If no error code is set, default to 1
+		if jerr.Code == 0 {
+			jerr.Code = 1
+		}
+		return StatusError{Status: jerr.Message, StatusCode: jerr.Code}
+	}
+	return err
+}

api/client/cli.go

@@ -6,39 +6,52 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"net"
 	"net/http"
-	"os"
+	"path/filepath"
 	"reflect"
 	"strings"
 	"text/template"
-	"time"
 
+	"github.com/docker/docker/cliconfig"
 	"github.com/docker/docker/pkg/homedir"
 	flag "github.com/docker/docker/pkg/mflag"
 	"github.com/docker/docker/pkg/term"
-	"github.com/docker/docker/registry"
+	"github.com/docker/docker/utils"
 )
 
+// DockerCli represents the docker command line client.
+// Instances of the client can be returned from NewDockerCli.
 type DockerCli struct {
-	proto      string
-	addr       string
-	configFile *registry.ConfigFile
-	in         io.ReadCloser
-	out        io.Writer
-	err        io.Writer
-	keyFile    string
-	tlsConfig  *tls.Config
-	scheme     string
-	// inFd holds file descriptor of the client's STDIN, if it's a valid file
+	// proto holds the client protocol i.e. unix.
+	proto string
+	// addr holds the client address.
+	addr string
+
+	// configFile has the client configuration file
+	configFile *cliconfig.ConfigFile
+	// in holds the input stream and closer (io.ReadCloser) for the client.
+	in io.ReadCloser
+	// out holds the output stream (io.Writer) for the client.
+	out io.Writer
+	// err holds the error stream (io.Writer) for the client.
+	err io.Writer
+	// keyFile holds the key file as a string.
+	keyFile string
+	// tlsConfig holds the TLS configuration for the client, and will
+	// set the scheme to https in NewDockerCli if present.
+	tlsConfig *tls.Config
+	// scheme holds the scheme of the client i.e. https.
+	scheme string
+	// inFd holds the file descriptor of the client's STDIN (if valid).
 	inFd uintptr
-	// outFd holds file descriptor of the client's STDOUT, if it's a valid file
+	// outFd holds file descriptor of the client's STDOUT (if valid).
 	outFd uintptr
-	// isTerminalIn describes if client's STDIN is a TTY
+	// isTerminalIn indicates whether the client's STDIN is a TTY
 	isTerminalIn bool
-	// isTerminalOut describes if client's STDOUT is a TTY
+	// isTerminalOut dindicates whether the client's STDOUT is a TTY
 	isTerminalOut bool
-	transport     *http.Transport
+	// transport holds the client transport instance.
+	transport *http.Transport
 }
 
 var funcMap = template.FuncMap{
@@ -48,6 +61,14 @@ var funcMap = template.FuncMap{
 	},
 }
 
+func (cli *DockerCli) Out() io.Writer {
+	return cli.out
+}
+
+func (cli *DockerCli) Err() io.Writer {
+	return cli.err
+}
+
 func (cli *DockerCli) getMethod(args ...string) (func(...string) error, bool) {
 	camelArgs := make([]string, len(args))
 	for i, s := range args {
@@ -64,7 +85,7 @@ func (cli *DockerCli) getMethod(args ...string) (func(...string) error, bool) {
 	return method.Interface().(func(...string) error), true
 }
 
-// Cmd executes the specified command
+// Cmd executes the specified command.
 func (cli *DockerCli) Cmd(args ...string) error {
 	if len(args) > 1 {
 		method, exists := cli.getMethod(args[:2]...)
@@ -75,14 +96,18 @@ func (cli *DockerCli) Cmd(args ...string) error {
 	if len(args) > 0 {
 		method, exists := cli.getMethod(args[0])
 		if !exists {
-			fmt.Fprintf(cli.err, "docker: '%s' is not a docker command. See 'docker --help'.\n", args[0])
-			os.Exit(1)
+			return fmt.Errorf("docker: '%s' is not a docker command.\nSee 'docker --help'.", args[0])
 		}
 		return method(args[1:]...)
 	}
 	return cli.CmdHelp()
 }
 
+// Subcmd is a subcommand of the main "docker" command.
+// A subcommand represents an action that can be performed
+// from the Docker command line client.
+//
+// To see all available subcommands, run "docker --help".
 func (cli *DockerCli) Subcmd(name, signature, description string, exitOnError bool) *flag.FlagSet {
 	var errorHandling flag.ErrorHandling
 	if exitOnError {
@@ -91,30 +116,25 @@ func (cli *DockerCli) Subcmd(name, signature, description string, exitOnError bo
 		errorHandling = flag.ContinueOnError
 	}
 	flags := flag.NewFlagSet(name, errorHandling)
+	if signature != "" {
+		signature = " " + signature
+	}
 	flags.Usage = func() {
+		flags.ShortUsage()
+		flags.PrintDefaults()
+	}
+	flags.ShortUsage = func() {
 		options := ""
-		if signature != "" {
-			signature = " " + signature
-		}
 		if flags.FlagCountUndeprecated() > 0 {
 			options = " [OPTIONS]"
 		}
-		fmt.Fprintf(cli.out, "\nUsage: docker %s%s%s\n\n%s\n\n", name, options, signature, description)
-		flags.SetOutput(cli.out)
-		flags.PrintDefaults()
-		os.Exit(0)
+		fmt.Fprintf(flags.Out(), "\nUsage: docker %s%s%s\n\n%s\n", name, options, signature, description)
 	}
 	return flags
 }
 
-func (cli *DockerCli) LoadConfigFile() (err error) {
-	cli.configFile, err = registry.LoadConfig(homedir.Get())
-	if err != nil {
-		fmt.Fprintf(cli.err, "WARNING: %s\n", err)
-	}
-	return err
-}
-
+// CheckTtyInput checks if we are trying to attach to a container tty
+// from a non-tty client input stream, and if so, returns an error.
 func (cli *DockerCli) CheckTtyInput(attachStdin, ttyMode bool) error {
 	// In order to attach to a container tty, input stream for the client must
 	// be a tty itself: redirecting or piping the client standard input is
@@ -125,6 +145,10 @@ func (cli *DockerCli) CheckTtyInput(attachStdin, ttyMode bool) error {
 	return nil
 }
 
+// NewDockerCli returns a DockerCli instance with IO output and error streams set by in, out and err.
+// The key file, protocol (i.e. unix) and address are passed in as strings, along with the tls.Config. If the tls.Config
+// is set the client scheme will be set to https.
+// The client will be given a 32-second timeout (see https://github.com/docker/docker/pull/8035).
 func NewDockerCli(in io.ReadCloser, out, err io.Writer, keyFile string, proto, addr string, tlsConfig *tls.Config) *DockerCli {
 	var (
 		inFd          uintptr
@@ -149,27 +173,21 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, keyFile string, proto, a
 		err = out
 	}
 
-	// The transport is created here for reuse during the client session
+	// The transport is created here for reuse during the client session.
 	tr := &http.Transport{
 		TLSClientConfig: tlsConfig,
 	}
+	utils.ConfigureTCPTransport(tr, proto, addr)
 
-	// Why 32? See issue 8035
-	timeout := 32 * time.Second
-	if proto == "unix" {
-		// no need in compressing for local communications
-		tr.DisableCompression = true
-		tr.Dial = func(_, _ string) (net.Conn, error) {
-			return net.DialTimeout(proto, addr, timeout)
-		}
-	} else {
-		tr.Proxy = http.ProxyFromEnvironment
-		tr.Dial = (&net.Dialer{Timeout: timeout}).Dial
+	configFile, e := cliconfig.Load(filepath.Join(homedir.Get(), ".docker"))
+	if e != nil {
+		fmt.Fprintf(err, "WARNING: Error loading config file:%v\n", e)
 	}
 
 	return &DockerCli{
 		proto:         proto,
 		addr:          addr,
+		configFile:    configFile,
 		in:            in,
 		out:           out,
 		err:           err,

api/client/client.go

@@ -0,0 +1,17 @@
+// Package client provides a command-line interface for Docker.
+//
+// Run "docker help SUBCOMMAND" or "docker SUBCOMMAND --help" to see more information on any Docker subcommand, including the full list of options supported for the subcommand.
+// See https://docs.docker.com/installation/ for instructions on installing Docker.
+package client
+
+import "fmt"
+
+// An StatusError reports an unsuccessful exit by a command.
+type StatusError struct {
+	Status     string
+	StatusCode int
+}
+
+func (e StatusError) Error() string {
+	return fmt.Sprintf("Status: %s, Code: %d", e.Status, e.StatusCode)
+}

api/client/commit.go

@@ -0,0 +1,80 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/runconfig"
+)
+
+// CmdCommit creates a new image from a container's changes.
+//
+// Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
+func (cli *DockerCli) CmdCommit(args ...string) error {
+	cmd := cli.Subcmd("commit", "CONTAINER [REPOSITORY[:TAG]]", "Create a new image from a container's changes", true)
+	flPause := cmd.Bool([]string{"p", "-pause"}, true, "Pause container during commit")
+	flComment := cmd.String([]string{"m", "-message"}, "", "Commit message")
+	flAuthor := cmd.String([]string{"a", "#author", "-author"}, "", "Author (e.g., \"John Hannibal Smith <hannibal@a-team.com>\")")
+	flChanges := opts.NewListOpts(nil)
+	cmd.Var(&flChanges, []string{"c", "-change"}, "Apply Dockerfile instruction to the created image")
+	// FIXME: --run is deprecated, it will be replaced with inline Dockerfile commands.
+	flConfig := cmd.String([]string{"#run", "#-run"}, "", "This option is deprecated and will be removed in a future version in favor of inline Dockerfile-compatible commands")
+	cmd.Require(flag.Max, 2)
+	cmd.Require(flag.Min, 1)
+	cmd.ParseFlags(args, true)
+
+	var (
+		name            = cmd.Arg(0)
+		repository, tag = parsers.ParseRepositoryTag(cmd.Arg(1))
+	)
+
+	//Check if the given image name can be resolved
+	if repository != "" {
+		if err := registry.ValidateRepositoryName(repository); err != nil {
+			return err
+		}
+	}
+
+	v := url.Values{}
+	v.Set("container", name)
+	v.Set("repo", repository)
+	v.Set("tag", tag)
+	v.Set("comment", *flComment)
+	v.Set("author", *flAuthor)
+	for _, change := range flChanges.GetAll() {
+		v.Add("changes", change)
+	}
+
+	if *flPause != true {
+		v.Set("pause", "0")
+	}
+
+	var (
+		config   *runconfig.Config
+		response types.ContainerCommitResponse
+	)
+
+	if *flConfig != "" {
+		config = &runconfig.Config{}
+		if err := json.Unmarshal([]byte(*flConfig), config); err != nil {
+			return err
+		}
+	}
+	stream, _, err := cli.call("POST", "/commit?"+v.Encode(), config, nil)
+	if err != nil {
+		return err
+	}
+
+	if err := json.NewDecoder(stream).Decode(&response); err != nil {
+		return err
+	}
+
+	fmt.Fprintln(cli.out, response.ID)
+	return nil
+}

api/client/cp.go

@@ -0,0 +1,57 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/archive"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdCp copies files/folders from a path on the container to a directory on the host running the command.
+//
+// If HOSTDIR is '-', the data is written as a tar file to STDOUT.
+//
+// Usage: docker cp CONTAINER:PATH HOSTDIR
+func (cli *DockerCli) CmdCp(args ...string) error {
+	cmd := cli.Subcmd("cp", "CONTAINER:PATH HOSTDIR|-", "Copy files/folders from a PATH on the container to a HOSTDIR on the host\nrunning the command. Use '-' to write the data as a tar file to STDOUT.", true)
+	cmd.Require(flag.Exact, 2)
+
+	cmd.ParseFlags(args, true)
+
+	// deal with path name with `:`
+	info := strings.SplitN(cmd.Arg(0), ":", 2)
+
+	if len(info) != 2 {
+		return fmt.Errorf("Error: Path not specified")
+	}
+
+	cfg := &types.CopyConfig{
+		Resource: info[1],
+	}
+	stream, statusCode, err := cli.call("POST", "/containers/"+info[0]+"/copy", cfg, nil)
+	if stream != nil {
+		defer stream.Close()
+	}
+	if statusCode == 404 {
+		return fmt.Errorf("No such container: %v", info[0])
+	}
+	if err != nil {
+		return err
+	}
+
+	hostPath := cmd.Arg(1)
+	if statusCode == 200 {
+		if hostPath == "-" {
+			_, err = io.Copy(cli.out, stream)
+		} else {
+			err = archive.Untar(stream, hostPath, &archive.TarOptions{NoLchown: true})
+		}
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}

api/client/create.go

@@ -0,0 +1,160 @@
+package client
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/url"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/graph/tags"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
+)
+
+func (cli *DockerCli) pullImage(image string) error {
+	return cli.pullImageCustomOut(image, cli.out)
+}
+
+func (cli *DockerCli) pullImageCustomOut(image string, out io.Writer) error {
+	v := url.Values{}
+	repos, tag := parsers.ParseRepositoryTag(image)
+	// pull only the image tagged 'latest' if no tag was specified
+	if tag == "" {
+		tag = tags.DEFAULTTAG
+	}
+	v.Set("fromImage", repos)
+	v.Set("tag", tag)
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(repos)
+	if err != nil {
+		return err
+	}
+
+	// Resolve the Auth config relevant for this server
+	authConfig := registry.ResolveAuthConfig(cli.configFile, repoInfo.Index)
+	buf, err := json.Marshal(authConfig)
+	if err != nil {
+		return err
+	}
+
+	registryAuthHeader := []string{
+		base64.URLEncoding.EncodeToString(buf),
+	}
+	sopts := &streamOpts{
+		rawTerminal: true,
+		out:         out,
+		headers:     map[string][]string{"X-Registry-Auth": registryAuthHeader},
+	}
+	if err := cli.stream("POST", "/images/create?"+v.Encode(), sopts); err != nil {
+		return err
+	}
+	return nil
+}
+
+type cidFile struct {
+	path    string
+	file    *os.File
+	written bool
+}
+
+func newCIDFile(path string) (*cidFile, error) {
+	if _, err := os.Stat(path); err == nil {
+		return nil, fmt.Errorf("Container ID file found, make sure the other container isn't running or delete %s", path)
+	}
+
+	f, err := os.Create(path)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to create the container ID file: %s", err)
+	}
+
+	return &cidFile{path: path, file: f}, nil
+}
+
+func (cli *DockerCli) createContainer(config *runconfig.Config, hostConfig *runconfig.HostConfig, cidfile, name string) (*types.ContainerCreateResponse, error) {
+	containerValues := url.Values{}
+	if name != "" {
+		containerValues.Set("name", name)
+	}
+
+	mergedConfig := runconfig.MergeConfigs(config, hostConfig)
+
+	var containerIDFile *cidFile
+	if cidfile != "" {
+		var err error
+		if containerIDFile, err = newCIDFile(cidfile); err != nil {
+			return nil, err
+		}
+		defer containerIDFile.Close()
+	}
+
+	//create the container
+	stream, statusCode, err := cli.call("POST", "/containers/create?"+containerValues.Encode(), mergedConfig, nil)
+	//if image not found try to pull it
+	if statusCode == 404 && strings.Contains(err.Error(), config.Image) {
+		repo, tag := parsers.ParseRepositoryTag(config.Image)
+		if tag == "" {
+			tag = tags.DEFAULTTAG
+		}
+		fmt.Fprintf(cli.err, "Unable to find image '%s' locally\n", utils.ImageReference(repo, tag))
+
+		// we don't want to write to stdout anything apart from container.ID
+		if err = cli.pullImageCustomOut(config.Image, cli.err); err != nil {
+			return nil, err
+		}
+		// Retry
+		if stream, _, err = cli.call("POST", "/containers/create?"+containerValues.Encode(), mergedConfig, nil); err != nil {
+			return nil, err
+		}
+	} else if err != nil {
+		return nil, err
+	}
+
+	var response types.ContainerCreateResponse
+	if err := json.NewDecoder(stream).Decode(&response); err != nil {
+		return nil, err
+	}
+	for _, warning := range response.Warnings {
+		fmt.Fprintf(cli.err, "WARNING: %s\n", warning)
+	}
+	if containerIDFile != nil {
+		if err = containerIDFile.Write(response.ID); err != nil {
+			return nil, err
+		}
+	}
+	return &response, nil
+}
+
+// CmdCreate creates a new container from a given image.
+//
+// Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
+func (cli *DockerCli) CmdCreate(args ...string) error {
+	cmd := cli.Subcmd("create", "IMAGE [COMMAND] [ARG...]", "Create a new container", true)
+
+	// These are flags not stored in Config/HostConfig
+	var (
+		flName = cmd.String([]string{"-name"}, "", "Assign a name to the container")
+	)
+
+	config, hostConfig, cmd, err := runconfig.Parse(cmd, args)
+	if err != nil {
+		cmd.ReportError(err.Error(), true)
+		os.Exit(1)
+	}
+	if config.Image == "" {
+		cmd.Usage()
+		return nil
+	}
+	response, err := cli.createContainer(config, hostConfig, hostConfig.ContainerIDFile, *flName)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(cli.out, "%s\n", response.ID)
+	return nil
+}

api/client/diff.go

@@ -0,0 +1,52 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/archive"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdDiff shows changes on a container's filesystem.
+//
+// Each changed file is printed on a separate line, prefixed with a single
+// character that indicates the status of the file: C (modified), A (added),
+// or D (deleted).
+//
+// Usage: docker diff CONTAINER
+func (cli *DockerCli) CmdDiff(args ...string) error {
+	cmd := cli.Subcmd("diff", "CONTAINER", "Inspect changes on a container's filesystem", true)
+	cmd.Require(flag.Exact, 1)
+	cmd.ParseFlags(args, true)
+
+	if cmd.Arg(0) == "" {
+		return fmt.Errorf("Container name cannot be empty")
+	}
+
+	rdr, _, err := cli.call("GET", "/containers/"+cmd.Arg(0)+"/changes", nil, nil)
+	if err != nil {
+		return err
+	}
+
+	changes := []types.ContainerChange{}
+	if err := json.NewDecoder(rdr).Decode(&changes); err != nil {
+		return err
+	}
+
+	for _, change := range changes {
+		var kind string
+		switch change.Kind {
+		case archive.ChangeModify:
+			kind = "C"
+		case archive.ChangeAdd:
+			kind = "A"
+		case archive.ChangeDelete:
+			kind = "D"
+		}
+		fmt.Fprintf(cli.out, "%s %s\n", kind, change.Path)
+	}
+
+	return nil
+}

api/client/events.go

@@ -0,0 +1,60 @@
+package client
+
+import (
+	"net/url"
+
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/parsers/filters"
+	"github.com/docker/docker/pkg/timeutils"
+)
+
+// CmdEvents prints a live stream of real time events from the server.
+//
+// Usage: docker events [OPTIONS]
+func (cli *DockerCli) CmdEvents(args ...string) error {
+	cmd := cli.Subcmd("events", "", "Get real time events from the server", true)
+	since := cmd.String([]string{"#since", "-since"}, "", "Show all events created since timestamp")
+	until := cmd.String([]string{"-until"}, "", "Stream events until this timestamp")
+	flFilter := opts.NewListOpts(nil)
+	cmd.Var(&flFilter, []string{"f", "-filter"}, "Filter output based on conditions provided")
+	cmd.Require(flag.Exact, 0)
+
+	cmd.ParseFlags(args, true)
+
+	var (
+		v               = url.Values{}
+		eventFilterArgs = filters.Args{}
+	)
+
+	// Consolidate all filter flags, and sanity check them early.
+	// They'll get process in the daemon/server.
+	for _, f := range flFilter.GetAll() {
+		var err error
+		eventFilterArgs, err = filters.ParseFlag(f, eventFilterArgs)
+		if err != nil {
+			return err
+		}
+	}
+	if *since != "" {
+		v.Set("since", timeutils.GetTimestamp(*since))
+	}
+	if *until != "" {
+		v.Set("until", timeutils.GetTimestamp(*until))
+	}
+	if len(eventFilterArgs) > 0 {
+		filterJSON, err := filters.ToParam(eventFilterArgs)
+		if err != nil {
+			return err
+		}
+		v.Set("filters", filterJSON)
+	}
+	sopts := &streamOpts{
+		rawTerminal: true,
+		out:         cli.out,
+	}
+	if err := cli.stream("GET", "/events?"+v.Encode(), sopts); err != nil {
+		return err
+	}
+	return nil
+}

api/client/exec.go

@@ -0,0 +1,131 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/promise"
+	"github.com/docker/docker/runconfig"
+)
+
+// CmdExec runs a command in a running container.
+//
+// Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
+func (cli *DockerCli) CmdExec(args ...string) error {
+	cmd := cli.Subcmd("exec", "CONTAINER COMMAND [ARG...]", "Run a command in a running container", true)
+
+	execConfig, err := runconfig.ParseExec(cmd, args)
+	// just in case the ParseExec does not exit
+	if execConfig.Container == "" || err != nil {
+		return StatusError{StatusCode: 1}
+	}
+
+	stream, _, err := cli.call("POST", "/containers/"+execConfig.Container+"/exec", execConfig, nil)
+	if err != nil {
+		return err
+	}
+
+	var response types.ContainerExecCreateResponse
+	if err := json.NewDecoder(stream).Decode(&response); err != nil {
+		return err
+	}
+
+	execID := response.ID
+
+	if execID == "" {
+		fmt.Fprintf(cli.out, "exec ID empty")
+		return nil
+	}
+
+	//Temp struct for execStart so that we don't need to transfer all the execConfig
+	execStartCheck := &types.ExecStartCheck{
+		Detach: execConfig.Detach,
+		Tty:    execConfig.Tty,
+	}
+
+	if !execConfig.Detach {
+		if err := cli.CheckTtyInput(execConfig.AttachStdin, execConfig.Tty); err != nil {
+			return err
+		}
+	} else {
+		if _, _, err := readBody(cli.call("POST", "/exec/"+execID+"/start", execStartCheck, nil)); err != nil {
+			return err
+		}
+		// For now don't print this - wait for when we support exec wait()
+		// fmt.Fprintf(cli.out, "%s\n", execID)
+		return nil
+	}
+
+	// Interactive exec requested.
+	var (
+		out, stderr io.Writer
+		in          io.ReadCloser
+		hijacked    = make(chan io.Closer)
+		errCh       chan error
+	)
+
+	// Block the return until the chan gets closed
+	defer func() {
+		logrus.Debugf("End of CmdExec(), Waiting for hijack to finish.")
+		if _, ok := <-hijacked; ok {
+			fmt.Fprintln(cli.err, "Hijack did not finish (chan still open)")
+		}
+	}()
+
+	if execConfig.AttachStdin {
+		in = cli.in
+	}
+	if execConfig.AttachStdout {
+		out = cli.out
+	}
+	if execConfig.AttachStderr {
+		if execConfig.Tty {
+			stderr = cli.out
+		} else {
+			stderr = cli.err
+		}
+	}
+	errCh = promise.Go(func() error {
+		return cli.hijack("POST", "/exec/"+execID+"/start", execConfig.Tty, in, out, stderr, hijacked, execConfig)
+	})
+
+	// Acknowledge the hijack before starting
+	select {
+	case closer := <-hijacked:
+		// Make sure that hijack gets closed when returning. (result
+		// in closing hijack chan and freeing server's goroutines.
+		if closer != nil {
+			defer closer.Close()
+		}
+	case err := <-errCh:
+		if err != nil {
+			logrus.Debugf("Error hijack: %s", err)
+			return err
+		}
+	}
+
+	if execConfig.Tty && cli.isTerminalIn {
+		if err := cli.monitorTtySize(execID, true); err != nil {
+			fmt.Fprintf(cli.err, "Error monitoring TTY size: %s\n", err)
+		}
+	}
+
+	if err := <-errCh; err != nil {
+		logrus.Debugf("Error hijack: %s", err)
+		return err
+	}
+
+	var status int
+	if _, status, err = getExecExitCode(cli, execID); err != nil {
+		return err
+	}
+
+	if status != 0 {
+		return StatusError{StatusCode: status}
+	}
+
+	return nil
+}

api/client/export.go

@@ -0,0 +1,46 @@
+package client
+
+import (
+	"errors"
+	"io"
+	"os"
+
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdExport exports a filesystem as a tar archive.
+//
+// The tar archive is streamed to STDOUT by default or written to a file.
+//
+// Usage: docker export [OPTIONS] CONTAINER
+func (cli *DockerCli) CmdExport(args ...string) error {
+	cmd := cli.Subcmd("export", "CONTAINER", "Export a filesystem as a tar archive (streamed to STDOUT by default)", true)
+	outfile := cmd.String([]string{"o", "-output"}, "", "Write to a file, instead of STDOUT")
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var (
+		output io.Writer = cli.out
+		err    error
+	)
+	if *outfile != "" {
+		output, err = os.Create(*outfile)
+		if err != nil {
+			return err
+		}
+	} else if cli.isTerminalOut {
+		return errors.New("Cowardly refusing to save to a terminal. Use the -o flag or redirect.")
+	}
+
+	image := cmd.Arg(0)
+	sopts := &streamOpts{
+		rawTerminal: true,
+		out:         output,
+	}
+	if err := cli.stream("GET", "/containers/"+image+"/export", sopts); err != nil {
+		return err
+	}
+
+	return nil
+}

api/client/help.go

@@ -0,0 +1,34 @@
+package client
+
+import (
+	"fmt"
+
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdHelp displays information on a Docker command.
+//
+// If more than one command is specified, information is only shown for the first command.
+//
+// Usage: docker help COMMAND or docker COMMAND --help
+func (cli *DockerCli) CmdHelp(args ...string) error {
+	if len(args) > 1 {
+		method, exists := cli.getMethod(args[:2]...)
+		if exists {
+			method("--help")
+			return nil
+		}
+	}
+	if len(args) > 0 {
+		method, exists := cli.getMethod(args[0])
+		if !exists {
+			return fmt.Errorf("docker: '%s' is not a docker command. See 'docker --help'.", args[0])
+		}
+		method("--help")
+		return nil
+	}
+
+	flag.Usage()
+
+	return nil
+}

api/client/hijack.go

@@ -13,7 +13,7 @@ import (
 	"strings"
 	"time"
 
-	log "github.com/Sirupsen/logrus"
+	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/autogen/dockerversion"
 	"github.com/docker/docker/pkg/promise"
@@ -142,6 +142,13 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 	if err != nil {
 		return err
 	}
+
+	// Add CLI Config's HTTP Headers BEFORE we set the Docker headers
+	// then the user can't change OUR headers
+	for k, v := range cli.configFile.HttpHeaders {
+		req.Header.Set(k, v)
+	}
+
 	req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION)
 	req.Header.Set("Content-Type", "text/plain")
 	req.Header.Set("Connection", "Upgrade")
@@ -211,7 +218,7 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 			} else {
 				_, err = stdcopy.StdCopy(stdout, stderr, br)
 			}
-			log.Debugf("[hijack] End of stdout")
+			logrus.Debugf("[hijack] End of stdout")
 			return err
 		})
 	}
@@ -219,14 +226,14 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 	sendStdin := promise.Go(func() error {
 		if in != nil {
 			io.Copy(rwc, in)
-			log.Debugf("[hijack] End of stdin")
+			logrus.Debugf("[hijack] End of stdin")
 		}
 
 		if conn, ok := rwc.(interface {
 			CloseWrite() error
 		}); ok {
 			if err := conn.CloseWrite(); err != nil {
-				log.Debugf("Couldn't send EOF: %s", err)
+				logrus.Debugf("Couldn't send EOF: %s", err)
 			}
 		}
 		// Discard errors due to pipe interruption
@@ -235,14 +242,14 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 
 	if stdout != nil || stderr != nil {
 		if err := <-receiveStdout; err != nil {
-			log.Debugf("Error receiveStdout: %s", err)
+			logrus.Debugf("Error receiveStdout: %s", err)
 			return err
 		}
 	}
 
 	if !cli.isTerminalIn {
 		if err := <-sendStdin; err != nil {
-			log.Debugf("Error sendStdin: %s", err)
+			logrus.Debugf("Error sendStdin: %s", err)
 			return err
 		}
 	}

api/client/history.go

@@ -0,0 +1,73 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"text/tabwriter"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/docker/pkg/units"
+)
+
+// CmdHistory shows the history of an image.
+//
+// Usage: docker history [OPTIONS] IMAGE
+func (cli *DockerCli) CmdHistory(args ...string) error {
+	cmd := cli.Subcmd("history", "IMAGE", "Show the history of an image", true)
+	human := cmd.Bool([]string{"H", "-human"}, true, "Print sizes and dates in human readable format")
+	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Only show numeric IDs")
+	noTrunc := cmd.Bool([]string{"#notrunc", "-no-trunc"}, false, "Don't truncate output")
+	cmd.Require(flag.Exact, 1)
+	cmd.ParseFlags(args, true)
+
+	rdr, _, err := cli.call("GET", "/images/"+cmd.Arg(0)+"/history", nil, nil)
+	if err != nil {
+		return err
+	}
+
+	history := []types.ImageHistory{}
+	if err := json.NewDecoder(rdr).Decode(&history); err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
+	if !*quiet {
+		fmt.Fprintln(w, "IMAGE\tCREATED\tCREATED BY\tSIZE\tCOMMENT")
+	}
+
+	for _, entry := range history {
+		if *noTrunc {
+			fmt.Fprintf(w, entry.ID)
+		} else {
+			fmt.Fprintf(w, stringid.TruncateID(entry.ID))
+		}
+		if !*quiet {
+			if *human {
+				fmt.Fprintf(w, "\t%s ago\t", units.HumanDuration(time.Now().UTC().Sub(time.Unix(entry.Created, 0))))
+			} else {
+				fmt.Fprintf(w, "\t%s\t", time.Unix(entry.Created, 0).Format(time.RFC3339))
+			}
+
+			if *noTrunc {
+				fmt.Fprintf(w, "%s\t", entry.CreatedBy)
+			} else {
+				fmt.Fprintf(w, "%s\t", stringutils.Truncate(entry.CreatedBy, 45))
+			}
+
+			if *human {
+				fmt.Fprintf(w, "%s\t", units.HumanSize(float64(entry.Size)))
+			} else {
+				fmt.Fprintf(w, "%d\t", entry.Size)
+			}
+
+			fmt.Fprintf(w, "%s", entry.Comment)
+		}
+		fmt.Fprintf(w, "\n")
+	}
+	w.Flush()
+	return nil
+}

api/client/images.go

@@ -0,0 +1,126 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"text/tabwriter"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/parsers/filters"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/units"
+	"github.com/docker/docker/utils"
+)
+
+// CmdImages lists the images in a specified repository, or all top-level images if no repository is specified.
+//
+// Usage: docker images [OPTIONS] [REPOSITORY]
+func (cli *DockerCli) CmdImages(args ...string) error {
+	cmd := cli.Subcmd("images", "[REPOSITORY]", "List images", true)
+	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Only show numeric IDs")
+	all := cmd.Bool([]string{"a", "-all"}, false, "Show all images (default hides intermediate images)")
+	noTrunc := cmd.Bool([]string{"#notrunc", "-no-trunc"}, false, "Don't truncate output")
+	showDigests := cmd.Bool([]string{"-digests"}, false, "Show digests")
+
+	flFilter := opts.NewListOpts(nil)
+	cmd.Var(&flFilter, []string{"f", "-filter"}, "Filter output based on conditions provided")
+	cmd.Require(flag.Max, 1)
+	cmd.ParseFlags(args, true)
+
+	// Consolidate all filter flags, and sanity check them early.
+	// They'll get process in the daemon/server.
+	imageFilterArgs := filters.Args{}
+	for _, f := range flFilter.GetAll() {
+		var err error
+		imageFilterArgs, err = filters.ParseFlag(f, imageFilterArgs)
+		if err != nil {
+			return err
+		}
+	}
+
+	matchName := cmd.Arg(0)
+	v := url.Values{}
+	if len(imageFilterArgs) > 0 {
+		filterJSON, err := filters.ToParam(imageFilterArgs)
+		if err != nil {
+			return err
+		}
+		v.Set("filters", filterJSON)
+	}
+
+	if cmd.NArg() == 1 {
+		// FIXME rename this parameter, to not be confused with the filters flag
+		v.Set("filter", matchName)
+	}
+	if *all {
+		v.Set("all", "1")
+	}
+
+	rdr, _, err := cli.call("GET", "/images/json?"+v.Encode(), nil, nil)
+	if err != nil {
+		return err
+	}
+
+	images := []types.Image{}
+	if err := json.NewDecoder(rdr).Decode(&images); err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
+	if !*quiet {
+		if *showDigests {
+			fmt.Fprintln(w, "REPOSITORY\tTAG\tDIGEST\tIMAGE ID\tCREATED\tVIRTUAL SIZE")
+		} else {
+			fmt.Fprintln(w, "REPOSITORY\tTAG\tIMAGE ID\tCREATED\tVIRTUAL SIZE")
+		}
+	}
+
+	for _, image := range images {
+		ID := image.ID
+		if !*noTrunc {
+			ID = stringid.TruncateID(ID)
+		}
+
+		repoTags := image.RepoTags
+		repoDigests := image.RepoDigests
+
+		if len(repoTags) == 1 && repoTags[0] == "<none>:<none>" && len(repoDigests) == 1 && repoDigests[0] == "<none>@<none>" {
+			// dangling image - clear out either repoTags or repoDigsts so we only show it once below
+			repoDigests = []string{}
+		}
+
+		// combine the tags and digests lists
+		tagsAndDigests := append(repoTags, repoDigests...)
+		for _, repoAndRef := range tagsAndDigests {
+			repo, ref := parsers.ParseRepositoryTag(repoAndRef)
+			// default tag and digest to none - if there's a value, it'll be set below
+			tag := "<none>"
+			digest := "<none>"
+			if utils.DigestReference(ref) {
+				digest = ref
+			} else {
+				tag = ref
+			}
+
+			if !*quiet {
+				if *showDigests {
+					fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s ago\t%s\n", repo, tag, digest, ID, units.HumanDuration(time.Now().UTC().Sub(time.Unix(int64(image.Created), 0))), units.HumanSize(float64(image.VirtualSize)))
+				} else {
+					fmt.Fprintf(w, "%s\t%s\t%s\t%s ago\t%s\n", repo, tag, ID, units.HumanDuration(time.Now().UTC().Sub(time.Unix(int64(image.Created), 0))), units.HumanSize(float64(image.VirtualSize)))
+				}
+			} else {
+				fmt.Fprintln(w, ID)
+			}
+		}
+	}
+
+	if !*quiet {
+		w.Flush()
+	}
+	return nil
+}

api/client/import.go

@@ -0,0 +1,64 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"net/url"
+
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/registry"
+)
+
+// CmdImport creates an empty filesystem image, imports the contents of the tarball into the image, and optionally tags the image.
+//
+// The URL argument is the address of a tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) file. If the URL is '-', then the tar file is read from STDIN.
+//
+// Usage: docker import [OPTIONS] URL [REPOSITORY[:TAG]]
+func (cli *DockerCli) CmdImport(args ...string) error {
+	cmd := cli.Subcmd("import", "URL|- [REPOSITORY[:TAG]]", "Create an empty filesystem image and import the contents of the\ntarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then\noptionally tag it.", true)
+	flChanges := opts.NewListOpts(nil)
+	cmd.Var(&flChanges, []string{"c", "-change"}, "Apply Dockerfile instruction to the created image")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var (
+		v          = url.Values{}
+		src        = cmd.Arg(0)
+		repository = cmd.Arg(1)
+	)
+
+	v.Set("fromSrc", src)
+	v.Set("repo", repository)
+	for _, change := range flChanges.GetAll() {
+		v.Add("changes", change)
+	}
+	if cmd.NArg() == 3 {
+		fmt.Fprintf(cli.err, "[DEPRECATED] The format 'URL|- [REPOSITORY [TAG]]' has been deprecated. Please use URL|- [REPOSITORY[:TAG]]\n")
+		v.Set("tag", cmd.Arg(2))
+	}
+
+	if repository != "" {
+		//Check if the given image name can be resolved
+		repo, _ := parsers.ParseRepositoryTag(repository)
+		if err := registry.ValidateRepositoryName(repo); err != nil {
+			return err
+		}
+	}
+
+	var in io.Reader
+
+	if src == "-" {
+		in = cli.in
+	}
+
+	sopts := &streamOpts{
+		rawTerminal: true,
+		in:          in,
+		out:         cli.out,
+	}
+
+	return cli.stream("POST", "/images/create?"+v.Encode(), sopts)
+}

api/client/info.go

@@ -0,0 +1,91 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/ioutils"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/units"
+)
+
+// CmdInfo displays system-wide information.
+//
+// Usage: docker info
+func (cli *DockerCli) CmdInfo(args ...string) error {
+	cmd := cli.Subcmd("info", "", "Display system-wide information", true)
+	cmd.Require(flag.Exact, 0)
+	cmd.ParseFlags(args, true)
+
+	rdr, _, err := cli.call("GET", "/info", nil, nil)
+	if err != nil {
+		return err
+	}
+
+	info := &types.Info{}
+	if err := json.NewDecoder(rdr).Decode(info); err != nil {
+		return fmt.Errorf("Error reading remote info: %v", err)
+	}
+
+	fmt.Fprintf(cli.out, "Containers: %d\n", info.Containers)
+	fmt.Fprintf(cli.out, "Images: %d\n", info.Images)
+	ioutils.FprintfIfNotEmpty(cli.out, "Storage Driver: %s\n", info.Driver)
+	if info.DriverStatus != nil {
+		for _, pair := range info.DriverStatus {
+			fmt.Fprintf(cli.out, " %s: %s\n", pair[0], pair[1])
+		}
+	}
+	ioutils.FprintfIfNotEmpty(cli.out, "Execution Driver: %s\n", info.ExecutionDriver)
+	ioutils.FprintfIfNotEmpty(cli.out, "Logging Driver: %s\n", info.LoggingDriver)
+	ioutils.FprintfIfNotEmpty(cli.out, "Kernel Version: %s\n", info.KernelVersion)
+	ioutils.FprintfIfNotEmpty(cli.out, "Operating System: %s\n", info.OperatingSystem)
+	fmt.Fprintf(cli.out, "CPUs: %d\n", info.NCPU)
+	fmt.Fprintf(cli.out, "Total Memory: %s\n", units.BytesSize(float64(info.MemTotal)))
+	ioutils.FprintfIfNotEmpty(cli.out, "Name: %s\n", info.Name)
+	ioutils.FprintfIfNotEmpty(cli.out, "ID: %s\n", info.ID)
+
+	if info.Debug {
+		fmt.Fprintf(cli.out, "Debug mode (server): %v\n", info.Debug)
+		fmt.Fprintf(cli.out, "File Descriptors: %d\n", info.NFd)
+		fmt.Fprintf(cli.out, "Goroutines: %d\n", info.NGoroutines)
+		fmt.Fprintf(cli.out, "System Time: %s\n", info.SystemTime)
+		fmt.Fprintf(cli.out, "EventsListeners: %d\n", info.NEventsListener)
+		fmt.Fprintf(cli.out, "Init SHA1: %s\n", info.InitSha1)
+		fmt.Fprintf(cli.out, "Init Path: %s\n", info.InitPath)
+		fmt.Fprintf(cli.out, "Docker Root Dir: %s\n", info.DockerRootDir)
+	}
+
+	ioutils.FprintfIfNotEmpty(cli.out, "Http Proxy: %s\n", info.HttpProxy)
+	ioutils.FprintfIfNotEmpty(cli.out, "Https Proxy: %s\n", info.HttpsProxy)
+	ioutils.FprintfIfNotEmpty(cli.out, "No Proxy: %s\n", info.NoProxy)
+
+	if info.IndexServerAddress != "" {
+		u := cli.configFile.AuthConfigs[info.IndexServerAddress].Username
+		if len(u) > 0 {
+			fmt.Fprintf(cli.out, "Username: %v\n", u)
+			fmt.Fprintf(cli.out, "Registry: %v\n", info.IndexServerAddress)
+		}
+	}
+	if !info.MemoryLimit {
+		fmt.Fprintf(cli.err, "WARNING: No memory limit support\n")
+	}
+	if !info.SwapLimit {
+		fmt.Fprintf(cli.err, "WARNING: No swap limit support\n")
+	}
+	if !info.IPv4Forwarding {
+		fmt.Fprintf(cli.err, "WARNING: IPv4 forwarding is disabled.\n")
+	}
+	if info.Labels != nil {
+		fmt.Fprintln(cli.out, "Labels:")
+		for _, attribute := range info.Labels {
+			fmt.Fprintf(cli.out, " %s\n", attribute)
+		}
+	}
+
+	if info.ExperimentalBuild {
+		fmt.Fprintf(cli.out, "Experimental: true\n")
+	}
+
+	return nil
+}

api/client/inspect.go

@@ -0,0 +1,121 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"strings"
+	"text/template"
+
+	"github.com/docker/docker/api/types"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdInspect displays low-level information on one or more containers or images.
+//
+// Usage: docker inspect [OPTIONS] CONTAINER|IMAGE [CONTAINER|IMAGE...]
+func (cli *DockerCli) CmdInspect(args ...string) error {
+	cmd := cli.Subcmd("inspect", "CONTAINER|IMAGE [CONTAINER|IMAGE...]", "Return low-level information on a container or image", true)
+	tmplStr := cmd.String([]string{"f", "#format", "-format"}, "", "Format the output using the given go template")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var tmpl *template.Template
+	if *tmplStr != "" {
+		var err error
+		if tmpl, err = template.New("").Funcs(funcMap).Parse(*tmplStr); err != nil {
+			return StatusError{StatusCode: 64,
+				Status: "Template parsing error: " + err.Error()}
+		}
+	}
+
+	indented := new(bytes.Buffer)
+	indented.WriteString("[\n")
+	status := 0
+	isImage := false
+
+	for _, name := range cmd.Args() {
+		obj, _, err := readBody(cli.call("GET", "/containers/"+name+"/json", nil, nil))
+		if err != nil {
+			obj, _, err = readBody(cli.call("GET", "/images/"+name+"/json", nil, nil))
+			isImage = true
+			if err != nil {
+				if strings.Contains(err.Error(), "No such") {
+					fmt.Fprintf(cli.err, "Error: No such image or container: %s\n", name)
+				} else {
+					fmt.Fprintf(cli.err, "%s", err)
+				}
+				status = 1
+				continue
+			}
+		}
+
+		if tmpl == nil {
+			if err = json.Indent(indented, obj, "", "    "); err != nil {
+				fmt.Fprintf(cli.err, "%s\n", err)
+				status = 1
+				continue
+			}
+		} else {
+			rdr := bytes.NewReader(obj)
+			dec := json.NewDecoder(rdr)
+
+			if isImage {
+				inspPtr := types.ImageInspect{}
+				if err := dec.Decode(&inspPtr); err != nil {
+					fmt.Fprintf(cli.err, "%s\n", err)
+					status = 1
+					continue
+				}
+				if err := tmpl.Execute(cli.out, inspPtr); err != nil {
+					rdr.Seek(0, 0)
+					var raw interface{}
+					if err := dec.Decode(&raw); err != nil {
+						return err
+					}
+					if err = tmpl.Execute(cli.out, raw); err != nil {
+						return err
+					}
+				}
+			} else {
+				inspPtr := types.ContainerJSON{}
+				if err := dec.Decode(&inspPtr); err != nil {
+					fmt.Fprintf(cli.err, "%s\n", err)
+					status = 1
+					continue
+				}
+				if err := tmpl.Execute(cli.out, inspPtr); err != nil {
+					rdr.Seek(0, 0)
+					var raw interface{}
+					if err := dec.Decode(&raw); err != nil {
+						return err
+					}
+					if err = tmpl.Execute(cli.out, raw); err != nil {
+						return err
+					}
+				}
+			}
+			cli.out.Write([]byte{'\n'})
+		}
+		indented.WriteString(",")
+	}
+
+	if indented.Len() > 1 {
+		// Remove trailing ','
+		indented.Truncate(indented.Len() - 1)
+	}
+	indented.WriteString("]\n")
+
+	if tmpl == nil {
+		if _, err := io.Copy(cli.out, indented); err != nil {
+			return err
+		}
+	}
+
+	if status != 0 {
+		return StatusError{StatusCode: status}
+	}
+	return nil
+}

api/client/kill.go

@@ -0,0 +1,32 @@
+package client
+
+import (
+	"fmt"
+
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdKill kills one or more running container using SIGKILL or a specified signal.
+//
+// Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdKill(args ...string) error {
+	cmd := cli.Subcmd("kill", "CONTAINER [CONTAINER...]", "Kill a running container using SIGKILL or a specified signal", true)
+	signal := cmd.String([]string{"s", "-signal"}, "KILL", "Signal to send to the container")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var errNames []string
+	for _, name := range cmd.Args() {
+		if _, _, err := readBody(cli.call("POST", fmt.Sprintf("/containers/%s/kill?signal=%s", name, *signal), nil, nil)); err != nil {
+			fmt.Fprintf(cli.err, "%s\n", err)
+			errNames = append(errNames, name)
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+	if len(errNames) > 0 {
+		return fmt.Errorf("Error: failed to kill containers: %v", errNames)
+	}
+	return nil
+}

api/client/load.go

@@ -0,0 +1,41 @@
+package client
+
+import (
+	"io"
+	"os"
+
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdLoad loads an image from a tar archive.
+//
+// The tar archive is read from STDIN by default, or from a tar archive file.
+//
+// Usage: docker load [OPTIONS]
+func (cli *DockerCli) CmdLoad(args ...string) error {
+	cmd := cli.Subcmd("load", "", "Load an image from a tar archive on STDIN", true)
+	infile := cmd.String([]string{"i", "-input"}, "", "Read from a tar archive file, instead of STDIN")
+	cmd.Require(flag.Exact, 0)
+
+	cmd.ParseFlags(args, true)
+
+	var (
+		input io.Reader = cli.in
+		err   error
+	)
+	if *infile != "" {
+		input, err = os.Open(*infile)
+		if err != nil {
+			return err
+		}
+	}
+	sopts := &streamOpts{
+		rawTerminal: true,
+		in:          input,
+		out:         cli.out,
+	}
+	if err := cli.stream("POST", "/images/load", sopts); err != nil {
+		return err
+	}
+	return nil
+}

api/client/login.go

@@ -0,0 +1,144 @@
+package client
+
+import (
+	"bufio"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/cliconfig"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/registry"
+)
+
+// CmdLogin logs in or registers a user to a Docker registry service.
+//
+// If no server is specified, the user will be logged into or registered to the registry's index server.
+//
+// Usage: docker login SERVER
+func (cli *DockerCli) CmdLogin(args ...string) error {
+	cmd := cli.Subcmd("login", "[SERVER]", "Register or log in to a Docker registry server, if no server is\nspecified \""+registry.IndexServerAddress()+"\" is the default.", true)
+	cmd.Require(flag.Max, 1)
+
+	var username, password, email string
+
+	cmd.StringVar(&username, []string{"u", "-username"}, "", "Username")
+	cmd.StringVar(&password, []string{"p", "-password"}, "", "Password")
+	cmd.StringVar(&email, []string{"e", "-email"}, "", "Email")
+
+	cmd.ParseFlags(args, true)
+
+	serverAddress := registry.IndexServerAddress()
+	if len(cmd.Args()) > 0 {
+		serverAddress = cmd.Arg(0)
+	}
+
+	promptDefault := func(prompt string, configDefault string) {
+		if configDefault == "" {
+			fmt.Fprintf(cli.out, "%s: ", prompt)
+		} else {
+			fmt.Fprintf(cli.out, "%s (%s): ", prompt, configDefault)
+		}
+	}
+
+	readInput := func(in io.Reader, out io.Writer) string {
+		reader := bufio.NewReader(in)
+		line, _, err := reader.ReadLine()
+		if err != nil {
+			fmt.Fprintln(out, err.Error())
+			os.Exit(1)
+		}
+		return string(line)
+	}
+
+	authconfig, ok := cli.configFile.AuthConfigs[serverAddress]
+	if !ok {
+		authconfig = cliconfig.AuthConfig{}
+	}
+
+	if username == "" {
+		promptDefault("Username", authconfig.Username)
+		username = readInput(cli.in, cli.out)
+		username = strings.Trim(username, " ")
+		if username == "" {
+			username = authconfig.Username
+		}
+	}
+	// Assume that a different username means they may not want to use
+	// the password or email from the config file, so prompt them
+	if username != authconfig.Username {
+		if password == "" {
+			oldState, err := term.SaveState(cli.inFd)
+			if err != nil {
+				return err
+			}
+			fmt.Fprintf(cli.out, "Password: ")
+			term.DisableEcho(cli.inFd, oldState)
+
+			password = readInput(cli.in, cli.out)
+			fmt.Fprint(cli.out, "\n")
+
+			term.RestoreTerminal(cli.inFd, oldState)
+			if password == "" {
+				return fmt.Errorf("Error : Password Required")
+			}
+		}
+
+		if email == "" {
+			promptDefault("Email", authconfig.Email)
+			email = readInput(cli.in, cli.out)
+			if email == "" {
+				email = authconfig.Email
+			}
+		}
+	} else {
+		// However, if they don't override the username use the
+		// password or email from the cmd line if specified. IOW, allow
+		// then to change/override them.  And if not specified, just
+		// use what's in the config file
+		if password == "" {
+			password = authconfig.Password
+		}
+		if email == "" {
+			email = authconfig.Email
+		}
+	}
+	authconfig.Username = username
+	authconfig.Password = password
+	authconfig.Email = email
+	authconfig.ServerAddress = serverAddress
+	cli.configFile.AuthConfigs[serverAddress] = authconfig
+
+	stream, statusCode, err := cli.call("POST", "/auth", cli.configFile.AuthConfigs[serverAddress], nil)
+	if statusCode == 401 {
+		delete(cli.configFile.AuthConfigs, serverAddress)
+		if err2 := cli.configFile.Save(); err2 != nil {
+			fmt.Fprintf(cli.out, "WARNING: could not save config file: %v\n", err2)
+		}
+		return err
+	}
+	if err != nil {
+		return err
+	}
+
+	var response types.AuthResponse
+	if err := json.NewDecoder(stream).Decode(&response); err != nil {
+		// Upon error, remove entry
+		delete(cli.configFile.AuthConfigs, serverAddress)
+		return err
+	}
+
+	if err := cli.configFile.Save(); err != nil {
+		return fmt.Errorf("Error saving config file: %v", err)
+	}
+	fmt.Fprintf(cli.out, "WARNING: login credentials saved in %s\n", cli.configFile.Filename())
+
+	if response.Status != "" {
+		fmt.Fprintf(cli.out, "%s\n", response.Status)
+	}
+	return nil
+}

api/client/logout.go

@@ -0,0 +1,36 @@
+package client
+
+import (
+	"fmt"
+
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/registry"
+)
+
+// CmdLogout logs a user out from a Docker registry.
+//
+// If no server is specified, the user will be logged out from the registry's index server.
+//
+// Usage: docker logout [SERVER]
+func (cli *DockerCli) CmdLogout(args ...string) error {
+	cmd := cli.Subcmd("logout", "[SERVER]", "Log out from a Docker registry, if no server is\nspecified \""+registry.IndexServerAddress()+"\" is the default.", true)
+	cmd.Require(flag.Max, 1)
+
+	cmd.ParseFlags(args, true)
+	serverAddress := registry.IndexServerAddress()
+	if len(cmd.Args()) > 0 {
+		serverAddress = cmd.Arg(0)
+	}
+
+	if _, ok := cli.configFile.AuthConfigs[serverAddress]; !ok {
+		fmt.Fprintf(cli.out, "Not logged in to %s\n", serverAddress)
+	} else {
+		fmt.Fprintf(cli.out, "Remove login credentials for %s\n", serverAddress)
+		delete(cli.configFile.AuthConfigs, serverAddress)
+
+		if err := cli.configFile.Save(); err != nil {
+			return fmt.Errorf("Failed to save docker config: %v", err)
+		}
+	}
+	return nil
+}

api/client/logs.go

@@ -0,0 +1,68 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/timeutils"
+)
+
+// CmdLogs fetches the logs of a given container.
+//
+// docker logs [OPTIONS] CONTAINER
+func (cli *DockerCli) CmdLogs(args ...string) error {
+	var (
+		cmd    = cli.Subcmd("logs", "CONTAINER", "Fetch the logs of a container", true)
+		follow = cmd.Bool([]string{"f", "-follow"}, false, "Follow log output")
+		since  = cmd.String([]string{"-since"}, "", "Show logs since timestamp")
+		times  = cmd.Bool([]string{"t", "-timestamps"}, false, "Show timestamps")
+		tail   = cmd.String([]string{"-tail"}, "all", "Number of lines to show from the end of the logs")
+	)
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+
+	name := cmd.Arg(0)
+
+	stream, _, err := cli.call("GET", "/containers/"+name+"/json", nil, nil)
+	if err != nil {
+		return err
+	}
+
+	var c types.ContainerJSON
+	if err := json.NewDecoder(stream).Decode(&c); err != nil {
+		return err
+	}
+
+	if logType := c.HostConfig.LogConfig.Type; logType != "json-file" {
+		return fmt.Errorf("\"logs\" command is supported only for \"json-file\" logging driver (got: %s)", logType)
+	}
+
+	v := url.Values{}
+	v.Set("stdout", "1")
+	v.Set("stderr", "1")
+
+	if *since != "" {
+		v.Set("since", timeutils.GetTimestamp(*since))
+	}
+
+	if *times {
+		v.Set("timestamps", "1")
+	}
+
+	if *follow {
+		v.Set("follow", "1")
+	}
+	v.Set("tail", *tail)
+
+	sopts := &streamOpts{
+		rawTerminal: c.Config.Tty,
+		out:         cli.out,
+		err:         cli.err,
+	}
+
+	return cli.stream("GET", "/containers/"+name+"/logs?"+v.Encode(), sopts)
+}

api/client/pause.go

@@ -0,0 +1,30 @@
+package client
+
+import (
+	"fmt"
+
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdPause pauses all processes within one or more containers.
+//
+// Usage: docker pause CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdPause(args ...string) error {
+	cmd := cli.Subcmd("pause", "CONTAINER [CONTAINER...]", "Pause all processes within a container", true)
+	cmd.Require(flag.Min, 1)
+	cmd.ParseFlags(args, true)
+
+	var errNames []string
+	for _, name := range cmd.Args() {
+		if _, _, err := readBody(cli.call("POST", fmt.Sprintf("/containers/%s/pause", name), nil, nil)); err != nil {
+			fmt.Fprintf(cli.err, "%s\n", err)
+			errNames = append(errNames, name)
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+	if len(errNames) > 0 {
+		return fmt.Errorf("Error: failed to pause containers: %v", errNames)
+	}
+	return nil
+}

api/client/port.go

@@ -0,0 +1,64 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/nat"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdPort lists port mappings for a container.
+// If a private port is specified, it also shows the public-facing port that is NATed to the private port.
+//
+// Usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]]
+func (cli *DockerCli) CmdPort(args ...string) error {
+	cmd := cli.Subcmd("port", "CONTAINER [PRIVATE_PORT[/PROTO]]", "List port mappings for the CONTAINER, or lookup the public-facing port that\nis NAT-ed to the PRIVATE_PORT", true)
+	cmd.Require(flag.Min, 1)
+	cmd.ParseFlags(args, true)
+
+	stream, _, err := cli.call("GET", "/containers/"+cmd.Arg(0)+"/json", nil, nil)
+	if err != nil {
+		return err
+	}
+
+	var c struct {
+		NetworkSettings struct {
+			Ports nat.PortMap
+		}
+	}
+
+	if err := json.NewDecoder(stream).Decode(&c); err != nil {
+		return err
+	}
+
+	if cmd.NArg() == 2 {
+		var (
+			port  = cmd.Arg(1)
+			proto = "tcp"
+			parts = strings.SplitN(port, "/", 2)
+		)
+
+		if len(parts) == 2 && len(parts[1]) != 0 {
+			port = parts[0]
+			proto = parts[1]
+		}
+		natPort := port + "/" + proto
+		if frontends, exists := c.NetworkSettings.Ports[nat.Port(port+"/"+proto)]; exists && frontends != nil {
+			for _, frontend := range frontends {
+				fmt.Fprintf(cli.out, "%s:%s\n", frontend.HostIp, frontend.HostPort)
+			}
+			return nil
+		}
+		return fmt.Errorf("Error: No public port '%s' published for %s", natPort, cmd.Arg(0))
+	}
+
+	for from, frontends := range c.NetworkSettings.Ports {
+		for _, frontend := range frontends {
+			fmt.Fprintf(cli.out, "%s -> %s:%s\n", from, frontend.HostIp, frontend.HostPort)
+		}
+	}
+
+	return nil
+}

api/client/ps.go

@@ -0,0 +1,175 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"strconv"
+	"strings"
+	"text/tabwriter"
+	"time"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/parsers/filters"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/docker/pkg/units"
+)
+
+// CmdPs outputs a list of Docker containers.
+//
+// Usage: docker ps [OPTIONS]
+func (cli *DockerCli) CmdPs(args ...string) error {
+	var (
+		err error
+
+		psFilterArgs = filters.Args{}
+		v            = url.Values{}
+
+		cmd      = cli.Subcmd("ps", "", "List containers", true)
+		quiet    = cmd.Bool([]string{"q", "-quiet"}, false, "Only display numeric IDs")
+		size     = cmd.Bool([]string{"s", "-size"}, false, "Display total file sizes")
+		all      = cmd.Bool([]string{"a", "-all"}, false, "Show all containers (default shows just running)")
+		noTrunc  = cmd.Bool([]string{"#notrunc", "-no-trunc"}, false, "Don't truncate output")
+		nLatest  = cmd.Bool([]string{"l", "-latest"}, false, "Show the latest created container, include non-running")
+		since    = cmd.String([]string{"#sinceId", "#-since-id", "-since"}, "", "Show created since Id or Name, include non-running")
+		before   = cmd.String([]string{"#beforeId", "#-before-id", "-before"}, "", "Show only container created before Id or Name")
+		last     = cmd.Int([]string{"n"}, -1, "Show n last created containers, include non-running")
+		flFilter = opts.NewListOpts(nil)
+	)
+	cmd.Require(flag.Exact, 0)
+
+	cmd.Var(&flFilter, []string{"f", "-filter"}, "Filter output based on conditions provided")
+
+	cmd.ParseFlags(args, true)
+	if *last == -1 && *nLatest {
+		*last = 1
+	}
+
+	if *all {
+		v.Set("all", "1")
+	}
+
+	if *last != -1 {
+		v.Set("limit", strconv.Itoa(*last))
+	}
+
+	if *since != "" {
+		v.Set("since", *since)
+	}
+
+	if *before != "" {
+		v.Set("before", *before)
+	}
+
+	if *size {
+		v.Set("size", "1")
+	}
+
+	// Consolidate all filter flags, and sanity check them.
+	// They'll get processed in the daemon/server.
+	for _, f := range flFilter.GetAll() {
+		if psFilterArgs, err = filters.ParseFlag(f, psFilterArgs); err != nil {
+			return err
+		}
+	}
+
+	if len(psFilterArgs) > 0 {
+		filterJSON, err := filters.ToParam(psFilterArgs)
+		if err != nil {
+			return err
+		}
+
+		v.Set("filters", filterJSON)
+	}
+
+	rdr, _, err := cli.call("GET", "/containers/json?"+v.Encode(), nil, nil)
+	if err != nil {
+		return err
+	}
+
+	containers := []types.Container{}
+	if err := json.NewDecoder(rdr).Decode(&containers); err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
+	if !*quiet {
+		fmt.Fprint(w, "CONTAINER ID\tIMAGE\tCOMMAND\tCREATED\tSTATUS\tPORTS\tNAMES")
+
+		if *size {
+			fmt.Fprintln(w, "\tSIZE")
+		} else {
+			fmt.Fprint(w, "\n")
+		}
+	}
+
+	stripNamePrefix := func(ss []string) []string {
+		for i, s := range ss {
+			ss[i] = s[1:]
+		}
+
+		return ss
+	}
+
+	for _, container := range containers {
+		ID := container.ID
+
+		if !*noTrunc {
+			ID = stringid.TruncateID(ID)
+		}
+
+		if *quiet {
+			fmt.Fprintln(w, ID)
+
+			continue
+		}
+
+		var (
+			names   = stripNamePrefix(container.Names)
+			command = strconv.Quote(container.Command)
+		)
+
+		if !*noTrunc {
+			command = stringutils.Truncate(command, 20)
+
+			// only display the default name for the container with notrunc is passed
+			for _, name := range names {
+				if len(strings.Split(name, "/")) == 1 {
+					names = []string{name}
+					break
+				}
+			}
+		}
+
+		image := container.Image
+		if image == "" {
+			image = "<no image>"
+		}
+
+		fmt.Fprintf(w, "%s\t%s\t%s\t%s ago\t%s\t%s\t%s\t", ID, image, command,
+			units.HumanDuration(time.Now().UTC().Sub(time.Unix(int64(container.Created), 0))),
+			container.Status, api.DisplayablePorts(container.Ports), strings.Join(names, ","))
+
+		if *size {
+			if container.SizeRootFs > 0 {
+				fmt.Fprintf(w, "%s (virtual %s)\n", units.HumanSize(float64(container.SizeRw)), units.HumanSize(float64(container.SizeRootFs)))
+			} else {
+				fmt.Fprintf(w, "%s\n", units.HumanSize(float64(container.SizeRw)))
+			}
+
+			continue
+		}
+
+		fmt.Fprint(w, "\n")
+	}
+
+	if !*quiet {
+		w.Flush()
+	}
+
+	return nil
+}

api/client/pull.go

@@ -0,0 +1,47 @@
+package client
+
+import (
+	"fmt"
+	"net/url"
+
+	"github.com/docker/docker/graph/tags"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/utils"
+)
+
+// CmdPull pulls an image or a repository from the registry.
+//
+// Usage: docker pull [OPTIONS] IMAGENAME[:TAG|@DIGEST]
+func (cli *DockerCli) CmdPull(args ...string) error {
+	cmd := cli.Subcmd("pull", "NAME[:TAG|@DIGEST]", "Pull an image or a repository from the registry", true)
+	allTags := cmd.Bool([]string{"a", "-all-tags"}, false, "Download all tagged images in the repository")
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var (
+		v         = url.Values{}
+		remote    = cmd.Arg(0)
+		newRemote = remote
+	)
+	taglessRemote, tag := parsers.ParseRepositoryTag(remote)
+	if tag == "" && !*allTags {
+		newRemote = utils.ImageReference(taglessRemote, tags.DEFAULTTAG)
+	}
+	if tag != "" && *allTags {
+		return fmt.Errorf("tag can't be used with --all-tags/-a")
+	}
+
+	v.Set("fromImage", newRemote)
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(taglessRemote)
+	if err != nil {
+		return err
+	}
+
+	_, _, err = cli.clientRequestAttemptLogin("POST", "/images/create?"+v.Encode(), nil, cli.out, repoInfo.Index, "pull")
+	return err
+}

api/client/push.go

@@ -0,0 +1,49 @@
+package client
+
+import (
+	"fmt"
+	"net/url"
+
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/registry"
+)
+
+// CmdPush pushes an image or repository to the registry.
+//
+// Usage: docker push NAME[:TAG]
+func (cli *DockerCli) CmdPush(args ...string) error {
+	cmd := cli.Subcmd("push", "NAME[:TAG]", "Push an image or a repository to the registry", true)
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+
+	name := cmd.Arg(0)
+
+	remote, tag := parsers.ParseRepositoryTag(name)
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(remote)
+	if err != nil {
+		return err
+	}
+	// Resolve the Auth config relevant for this server
+	authConfig := registry.ResolveAuthConfig(cli.configFile, repoInfo.Index)
+	// If we're not using a custom registry, we know the restrictions
+	// applied to repository names and can warn the user in advance.
+	// Custom repositories can have different rules, and we must also
+	// allow pushing by image ID.
+	if repoInfo.Official {
+		username := authConfig.Username
+		if username == "" {
+			username = "<user>"
+		}
+		return fmt.Errorf("You cannot push a \"root\" repository. Please rename your repository to <user>/<repo> (ex: %s/%s)", username, repoInfo.LocalName)
+	}
+
+	v := url.Values{}
+	v.Set("tag", tag)
+
+	_, _, err = cli.clientRequestAttemptLogin("POST", "/images/"+remote+"/push?"+v.Encode(), nil, cli.out, repoInfo.Index, "push")
+	return err
+}

api/client/rename.go

@@ -0,0 +1,25 @@
+package client
+
+import (
+	"fmt"
+
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdRename renames a container.
+//
+// Usage: docker rename OLD_NAME NEW_NAME
+func (cli *DockerCli) CmdRename(args ...string) error {
+	cmd := cli.Subcmd("rename", "OLD_NAME NEW_NAME", "Rename a container", true)
+	cmd.Require(flag.Exact, 2)
+	cmd.ParseFlags(args, true)
+
+	oldName := cmd.Arg(0)
+	newName := cmd.Arg(1)
+
+	if _, _, err := readBody(cli.call("POST", fmt.Sprintf("/containers/%s/rename?name=%s", oldName, newName), nil, nil)); err != nil {
+		fmt.Fprintf(cli.err, "%s\n", err)
+		return fmt.Errorf("Error: failed to rename container named %s", oldName)
+	}
+	return nil
+}

api/client/restart.go

@@ -0,0 +1,38 @@
+package client
+
+import (
+	"fmt"
+	"net/url"
+	"strconv"
+
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdRestart restarts one or more running containers.
+//
+// Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdRestart(args ...string) error {
+	cmd := cli.Subcmd("restart", "CONTAINER [CONTAINER...]", "Restart a running container", true)
+	nSeconds := cmd.Int([]string{"t", "-time"}, 10, "Seconds to wait for stop before killing the container")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	v := url.Values{}
+	v.Set("t", strconv.Itoa(*nSeconds))
+
+	var errNames []string
+	for _, name := range cmd.Args() {
+		_, _, err := readBody(cli.call("POST", "/containers/"+name+"/restart?"+v.Encode(), nil, nil))
+		if err != nil {
+			fmt.Fprintf(cli.err, "%s\n", err)
+			errNames = append(errNames, name)
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+	if len(errNames) > 0 {
+		return fmt.Errorf("Error: failed to restart containers: %v", errNames)
+	}
+	return nil
+}

api/client/rm.go

@@ -0,0 +1,54 @@
+package client
+
+import (
+	"fmt"
+	"net/url"
+	"strings"
+
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdRm removes one or more containers.
+//
+// Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdRm(args ...string) error {
+	cmd := cli.Subcmd("rm", "CONTAINER [CONTAINER...]", "Remove one or more containers", true)
+	v := cmd.Bool([]string{"v", "-volumes"}, false, "Remove the volumes associated with the container")
+	link := cmd.Bool([]string{"l", "#link", "-link"}, false, "Remove the specified link")
+	force := cmd.Bool([]string{"f", "-force"}, false, "Force the removal of a running container (uses SIGKILL)")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	val := url.Values{}
+	if *v {
+		val.Set("v", "1")
+	}
+	if *link {
+		val.Set("link", "1")
+	}
+
+	if *force {
+		val.Set("force", "1")
+	}
+
+	var errNames []string
+	for _, name := range cmd.Args() {
+		if name == "" {
+			return fmt.Errorf("Container name cannot be empty")
+		}
+		name = strings.Trim(name, "/")
+
+		_, _, err := readBody(cli.call("DELETE", "/containers/"+name+"?"+val.Encode(), nil, nil))
+		if err != nil {
+			fmt.Fprintf(cli.err, "%s\n", err)
+			errNames = append(errNames, name)
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+	if len(errNames) > 0 {
+		return fmt.Errorf("Error: failed to remove containers: %v", errNames)
+	}
+	return nil
+}

api/client/rmi.go

@@ -0,0 +1,59 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/url"
+
+	"github.com/docker/docker/api/types"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdRmi removes all images with the specified name(s).
+//
+// Usage: docker rmi [OPTIONS] IMAGE [IMAGE...]
+func (cli *DockerCli) CmdRmi(args ...string) error {
+	var (
+		cmd     = cli.Subcmd("rmi", "IMAGE [IMAGE...]", "Remove one or more images", true)
+		force   = cmd.Bool([]string{"f", "-force"}, false, "Force removal of the image")
+		noprune = cmd.Bool([]string{"-no-prune"}, false, "Do not delete untagged parents")
+	)
+	cmd.Require(flag.Min, 1)
+	cmd.ParseFlags(args, true)
+
+	v := url.Values{}
+	if *force {
+		v.Set("force", "1")
+	}
+	if *noprune {
+		v.Set("noprune", "1")
+	}
+
+	var errNames []string
+	for _, name := range cmd.Args() {
+		rdr, _, err := cli.call("DELETE", "/images/"+name+"?"+v.Encode(), nil, nil)
+		if err != nil {
+			fmt.Fprintf(cli.err, "%s\n", err)
+			errNames = append(errNames, name)
+		} else {
+			dels := []types.ImageDelete{}
+			if err := json.NewDecoder(rdr).Decode(&dels); err != nil {
+				fmt.Fprintf(cli.err, "%s\n", err)
+				errNames = append(errNames, name)
+				continue
+			}
+
+			for _, del := range dels {
+				if del.Deleted != "" {
+					fmt.Fprintf(cli.out, "Deleted: %s\n", del.Deleted)
+				} else {
+					fmt.Fprintf(cli.out, "Untagged: %s\n", del.Untagged)
+				}
+			}
+		}
+	}
+	if len(errNames) > 0 {
+		return fmt.Errorf("Error: failed to remove images: %v", errNames)
+	}
+	return nil
+}

api/client/run.go

@@ -0,0 +1,247 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"net/url"
+	"os"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/promise"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/libnetwork/resolvconf/dns"
+)
+
+func (cid *cidFile) Close() error {
+	cid.file.Close()
+
+	if !cid.written {
+		if err := os.Remove(cid.path); err != nil {
+			return fmt.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
+		}
+	}
+
+	return nil
+}
+
+func (cid *cidFile) Write(id string) error {
+	if _, err := cid.file.Write([]byte(id)); err != nil {
+		return fmt.Errorf("Failed to write the container ID to the file: %s", err)
+	}
+	cid.written = true
+	return nil
+}
+
+// CmdRun runs a command in a new container.
+//
+// Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
+func (cli *DockerCli) CmdRun(args ...string) error {
+	cmd := cli.Subcmd("run", "IMAGE [COMMAND] [ARG...]", "Run a command in a new container", true)
+
+	// These are flags not stored in Config/HostConfig
+	var (
+		flAutoRemove = cmd.Bool([]string{"-rm"}, false, "Automatically remove the container when it exits")
+		flDetach     = cmd.Bool([]string{"d", "-detach"}, false, "Run container in background and print container ID")
+		flSigProxy   = cmd.Bool([]string{"-sig-proxy"}, true, "Proxy received signals to the process")
+		flName       = cmd.String([]string{"-name"}, "", "Assign a name to the container")
+		flAttach     *opts.ListOpts
+
+		ErrConflictAttachDetach               = fmt.Errorf("Conflicting options: -a and -d")
+		ErrConflictRestartPolicyAndAutoRemove = fmt.Errorf("Conflicting options: --restart and --rm")
+		ErrConflictDetachAutoRemove           = fmt.Errorf("Conflicting options: --rm and -d")
+	)
+
+	config, hostConfig, cmd, err := runconfig.Parse(cmd, args)
+	// just in case the Parse does not exit
+	if err != nil {
+		cmd.ReportError(err.Error(), true)
+		os.Exit(1)
+	}
+
+	if len(hostConfig.Dns) > 0 {
+		// check the DNS settings passed via --dns against
+		// localhost regexp to warn if they are trying to
+		// set a DNS to a localhost address
+		for _, dnsIP := range hostConfig.Dns {
+			if dns.IsLocalhost(dnsIP) {
+				fmt.Fprintf(cli.err, "WARNING: Localhost DNS setting (--dns=%s) may fail in containers.\n", dnsIP)
+				break
+			}
+		}
+	}
+	if config.Image == "" {
+		cmd.Usage()
+		return nil
+	}
+
+	if !*flDetach {
+		if err := cli.CheckTtyInput(config.AttachStdin, config.Tty); err != nil {
+			return err
+		}
+	} else {
+		if fl := cmd.Lookup("-attach"); fl != nil {
+			flAttach = fl.Value.(*opts.ListOpts)
+			if flAttach.Len() != 0 {
+				return ErrConflictAttachDetach
+			}
+		}
+		if *flAutoRemove {
+			return ErrConflictDetachAutoRemove
+		}
+
+		config.AttachStdin = false
+		config.AttachStdout = false
+		config.AttachStderr = false
+		config.StdinOnce = false
+	}
+
+	// Disable flSigProxy when in TTY mode
+	sigProxy := *flSigProxy
+	if config.Tty {
+		sigProxy = false
+	}
+
+	createResponse, err := cli.createContainer(config, hostConfig, hostConfig.ContainerIDFile, *flName)
+	if err != nil {
+		return err
+	}
+	if sigProxy {
+		sigc := cli.forwardAllSignals(createResponse.ID)
+		defer signal.StopCatch(sigc)
+	}
+	var (
+		waitDisplayID chan struct{}
+		errCh         chan error
+	)
+	if !config.AttachStdout && !config.AttachStderr {
+		// Make this asynchronous to allow the client to write to stdin before having to read the ID
+		waitDisplayID = make(chan struct{})
+		go func() {
+			defer close(waitDisplayID)
+			fmt.Fprintf(cli.out, "%s\n", createResponse.ID)
+		}()
+	}
+	if *flAutoRemove && (hostConfig.RestartPolicy.IsAlways() || hostConfig.RestartPolicy.IsOnFailure()) {
+		return ErrConflictRestartPolicyAndAutoRemove
+	}
+	// We need to instantiate the chan because the select needs it. It can
+	// be closed but can't be uninitialized.
+	hijacked := make(chan io.Closer)
+	// Block the return until the chan gets closed
+	defer func() {
+		logrus.Debugf("End of CmdRun(), Waiting for hijack to finish.")
+		if _, ok := <-hijacked; ok {
+			fmt.Fprintln(cli.err, "Hijack did not finish (chan still open)")
+		}
+	}()
+	if config.AttachStdin || config.AttachStdout || config.AttachStderr {
+		var (
+			out, stderr io.Writer
+			in          io.ReadCloser
+			v           = url.Values{}
+		)
+		v.Set("stream", "1")
+		if config.AttachStdin {
+			v.Set("stdin", "1")
+			in = cli.in
+		}
+		if config.AttachStdout {
+			v.Set("stdout", "1")
+			out = cli.out
+		}
+		if config.AttachStderr {
+			v.Set("stderr", "1")
+			if config.Tty {
+				stderr = cli.out
+			} else {
+				stderr = cli.err
+			}
+		}
+		errCh = promise.Go(func() error {
+			return cli.hijack("POST", "/containers/"+createResponse.ID+"/attach?"+v.Encode(), config.Tty, in, out, stderr, hijacked, nil)
+		})
+	} else {
+		close(hijacked)
+	}
+	// Acknowledge the hijack before starting
+	select {
+	case closer := <-hijacked:
+		// Make sure that the hijack gets closed when returning (results
+		// in closing the hijack chan and freeing server's goroutines)
+		if closer != nil {
+			defer closer.Close()
+		}
+	case err := <-errCh:
+		if err != nil {
+			logrus.Debugf("Error hijack: %s", err)
+			return err
+		}
+	}
+
+	defer func() {
+		if *flAutoRemove {
+			if _, _, err = readBody(cli.call("DELETE", "/containers/"+createResponse.ID+"?v=1", nil, nil)); err != nil {
+				fmt.Fprintf(cli.err, "Error deleting container: %s\n", err)
+			}
+		}
+	}()
+
+	//start the container
+	if _, _, err = readBody(cli.call("POST", "/containers/"+createResponse.ID+"/start", nil, nil)); err != nil {
+		return err
+	}
+
+	if (config.AttachStdin || config.AttachStdout || config.AttachStderr) && config.Tty && cli.isTerminalOut {
+		if err := cli.monitorTtySize(createResponse.ID, false); err != nil {
+			fmt.Fprintf(cli.err, "Error monitoring TTY size: %s\n", err)
+		}
+	}
+
+	if errCh != nil {
+		if err := <-errCh; err != nil {
+			logrus.Debugf("Error hijack: %s", err)
+			return err
+		}
+	}
+
+	// Detached mode: wait for the id to be displayed and return.
+	if !config.AttachStdout && !config.AttachStderr {
+		// Detached mode
+		<-waitDisplayID
+		return nil
+	}
+
+	var status int
+
+	// Attached mode
+	if *flAutoRemove {
+		// Autoremove: wait for the container to finish, retrieve
+		// the exit code and remove the container
+		if _, _, err := readBody(cli.call("POST", "/containers/"+createResponse.ID+"/wait", nil, nil)); err != nil {
+			return err
+		}
+		if _, status, err = getExitCode(cli, createResponse.ID); err != nil {
+			return err
+		}
+	} else {
+		// No Autoremove: Simply retrieve the exit code
+		if !config.Tty {
+			// In non-TTY mode, we can't detach, so we must wait for container exit
+			if status, err = waitForExit(cli, createResponse.ID); err != nil {
+				return err
+			}
+		} else {
+			// In TTY mode, there is a race: if the process dies too slowly, the state could
+			// be updated after the getExitCode call and result in the wrong exit code being reported
+			if _, status, err = getExitCode(cli, createResponse.ID); err != nil {
+				return err
+			}
+		}
+	}
+	if status != 0 {
+		return StatusError{StatusCode: status}
+	}
+	return nil
+}

api/client/save.go

@@ -0,0 +1,57 @@
+package client
+
+import (
+	"errors"
+	"io"
+	"net/url"
+	"os"
+
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdSave saves one or more images to a tar archive.
+//
+// The tar archive is written to STDOUT by default, or written to a file.
+//
+// Usage: docker save [OPTIONS] IMAGE [IMAGE...]
+func (cli *DockerCli) CmdSave(args ...string) error {
+	cmd := cli.Subcmd("save", "IMAGE [IMAGE...]", "Save an image(s) to a tar archive (streamed to STDOUT by default)", true)
+	outfile := cmd.String([]string{"o", "-output"}, "", "Write to an file, instead of STDOUT")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var (
+		output io.Writer = cli.out
+		err    error
+	)
+	if *outfile != "" {
+		output, err = os.Create(*outfile)
+		if err != nil {
+			return err
+		}
+	} else if cli.isTerminalOut {
+		return errors.New("Cowardly refusing to save to a terminal. Use the -o flag or redirect.")
+	}
+
+	sopts := &streamOpts{
+		rawTerminal: true,
+		out:         output,
+	}
+
+	if len(cmd.Args()) == 1 {
+		image := cmd.Arg(0)
+		if err := cli.stream("GET", "/images/"+image+"/get", sopts); err != nil {
+			return err
+		}
+	} else {
+		v := url.Values{}
+		for _, arg := range cmd.Args() {
+			v.Add("names", arg)
+		}
+		if err := cli.stream("GET", "/images/get?"+v.Encode(), sopts); err != nil {
+			return err
+		}
+	}
+	return nil
+}

api/client/search.go

@@ -0,0 +1,84 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"sort"
+	"strings"
+	"text/tabwriter"
+
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/docker/registry"
+)
+
+// ByStars sorts search results in ascending order by number of stars.
+type ByStars []registry.SearchResult
+
+func (r ByStars) Len() int           { return len(r) }
+func (r ByStars) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
+func (r ByStars) Less(i, j int) bool { return r[i].StarCount < r[j].StarCount }
+
+// CmdSearch searches the Docker Hub for images.
+//
+// Usage: docker search [OPTIONS] TERM
+func (cli *DockerCli) CmdSearch(args ...string) error {
+	cmd := cli.Subcmd("search", "TERM", "Search the Docker Hub for images", true)
+	noTrunc := cmd.Bool([]string{"#notrunc", "-no-trunc"}, false, "Don't truncate output")
+	trusted := cmd.Bool([]string{"#t", "#trusted", "#-trusted"}, false, "Only show trusted builds")
+	automated := cmd.Bool([]string{"-automated"}, false, "Only show automated builds")
+	stars := cmd.Uint([]string{"s", "#stars", "-stars"}, 0, "Only displays with at least x stars")
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+
+	name := cmd.Arg(0)
+	v := url.Values{}
+	v.Set("term", name)
+
+	// Resolve the Repository name from fqn to hostname + name
+	taglessRemote, _ := parsers.ParseRepositoryTag(name)
+	repoInfo, err := registry.ParseRepositoryInfo(taglessRemote)
+	if err != nil {
+		return err
+	}
+
+	rdr, _, err := cli.clientRequestAttemptLogin("GET", "/images/search?"+v.Encode(), nil, nil, repoInfo.Index, "search")
+	if err != nil {
+		return err
+	}
+
+	results := ByStars{}
+	if err := json.NewDecoder(rdr).Decode(&results); err != nil {
+		return err
+	}
+
+	sort.Sort(sort.Reverse(results))
+
+	w := tabwriter.NewWriter(cli.out, 10, 1, 3, ' ', 0)
+	fmt.Fprintf(w, "NAME\tDESCRIPTION\tSTARS\tOFFICIAL\tAUTOMATED\n")
+	for _, res := range results {
+		if ((*automated || *trusted) && (!res.IsTrusted && !res.IsAutomated)) || (int(*stars) > res.StarCount) {
+			continue
+		}
+		desc := strings.Replace(res.Description, "\n", " ", -1)
+		desc = strings.Replace(desc, "\r", " ", -1)
+		if !*noTrunc && len(desc) > 45 {
+			desc = stringutils.Truncate(desc, 42) + "..."
+		}
+		fmt.Fprintf(w, "%s\t%s\t%d\t", res.Name, desc, res.StarCount)
+		if res.IsOfficial {
+			fmt.Fprint(w, "[OK]")
+
+		}
+		fmt.Fprint(w, "\t")
+		if res.IsAutomated || res.IsTrusted {
+			fmt.Fprint(w, "[OK]")
+		}
+		fmt.Fprint(w, "\n")
+	}
+	w.Flush()
+	return nil
+}

api/client/start.go

@@ -0,0 +1,167 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/url"
+	"os"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/promise"
+	"github.com/docker/docker/pkg/signal"
+)
+
+func (cli *DockerCli) forwardAllSignals(cid string) chan os.Signal {
+	sigc := make(chan os.Signal, 128)
+	signal.CatchAll(sigc)
+	go func() {
+		for s := range sigc {
+			if s == signal.SIGCHLD {
+				continue
+			}
+			var sig string
+			for sigStr, sigN := range signal.SignalMap {
+				if sigN == s {
+					sig = sigStr
+					break
+				}
+			}
+			if sig == "" {
+				fmt.Fprintf(cli.err, "Unsupported signal: %v. Discarding.\n", s)
+			}
+			if _, _, err := readBody(cli.call("POST", fmt.Sprintf("/containers/%s/kill?signal=%s", cid, sig), nil, nil)); err != nil {
+				logrus.Debugf("Error sending signal: %s", err)
+			}
+		}
+	}()
+	return sigc
+}
+
+// CmdStart starts one or more stopped containers.
+//
+// Usage: docker start [OPTIONS] CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdStart(args ...string) error {
+	var (
+		cErr chan error
+		tty  bool
+
+		cmd       = cli.Subcmd("start", "CONTAINER [CONTAINER...]", "Start one or more stopped containers", true)
+		attach    = cmd.Bool([]string{"a", "-attach"}, false, "Attach STDOUT/STDERR and forward signals")
+		openStdin = cmd.Bool([]string{"i", "-interactive"}, false, "Attach container's STDIN")
+	)
+
+	cmd.Require(flag.Min, 1)
+	cmd.ParseFlags(args, true)
+
+	if *attach || *openStdin {
+		if cmd.NArg() > 1 {
+			return fmt.Errorf("You cannot start and attach multiple containers at once.")
+		}
+
+		stream, _, err := cli.call("GET", "/containers/"+cmd.Arg(0)+"/json", nil, nil)
+		if err != nil {
+			return err
+		}
+
+		var c types.ContainerJSON
+		if err := json.NewDecoder(stream).Decode(&c); err != nil {
+			return err
+		}
+
+		tty = c.Config.Tty
+
+		if !tty {
+			sigc := cli.forwardAllSignals(cmd.Arg(0))
+			defer signal.StopCatch(sigc)
+		}
+
+		var in io.ReadCloser
+
+		v := url.Values{}
+		v.Set("stream", "1")
+
+		if *openStdin && c.Config.OpenStdin {
+			v.Set("stdin", "1")
+			in = cli.in
+		}
+
+		v.Set("stdout", "1")
+		v.Set("stderr", "1")
+
+		hijacked := make(chan io.Closer)
+		// Block the return until the chan gets closed
+		defer func() {
+			logrus.Debugf("CmdStart() returned, defer waiting for hijack to finish.")
+			if _, ok := <-hijacked; ok {
+				fmt.Fprintln(cli.err, "Hijack did not finish (chan still open)")
+			}
+			cli.in.Close()
+		}()
+		cErr = promise.Go(func() error {
+			return cli.hijack("POST", "/containers/"+cmd.Arg(0)+"/attach?"+v.Encode(), tty, in, cli.out, cli.err, hijacked, nil)
+		})
+
+		// Acknowledge the hijack before starting
+		select {
+		case closer := <-hijacked:
+			// Make sure that the hijack gets closed when returning (results
+			// in closing the hijack chan and freeing server's goroutines)
+			if closer != nil {
+				defer closer.Close()
+			}
+		case err := <-cErr:
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	var encounteredError error
+	var errNames []string
+	for _, name := range cmd.Args() {
+		_, _, err := readBody(cli.call("POST", "/containers/"+name+"/start", nil, nil))
+		if err != nil {
+			if !*attach && !*openStdin {
+				// attach and openStdin is false means it could be starting multiple containers
+				// when a container start failed, show the error message and start next
+				fmt.Fprintf(cli.err, "%s\n", err)
+				errNames = append(errNames, name)
+			} else {
+				encounteredError = err
+			}
+		} else {
+			if !*attach && !*openStdin {
+				fmt.Fprintf(cli.out, "%s\n", name)
+			}
+		}
+	}
+
+	if len(errNames) > 0 {
+		encounteredError = fmt.Errorf("Error: failed to start containers: %v", errNames)
+	}
+	if encounteredError != nil {
+		return encounteredError
+	}
+
+	if *openStdin || *attach {
+		if tty && cli.isTerminalOut {
+			if err := cli.monitorTtySize(cmd.Arg(0), false); err != nil {
+				fmt.Fprintf(cli.err, "Error monitoring TTY size: %s\n", err)
+			}
+		}
+		if attchErr := <-cErr; attchErr != nil {
+			return attchErr
+		}
+		_, status, err := getExitCode(cli, cmd.Arg(0))
+		if err != nil {
+			return err
+		}
+		if status != 0 {
+			return StatusError{StatusCode: status}
+		}
+	}
+	return nil
+}

api/client/stats.go

@@ -0,0 +1,198 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/url"
+	"sort"
+	"strings"
+	"sync"
+	"text/tabwriter"
+	"time"
+
+	"github.com/docker/docker/api/types"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/units"
+)
+
+type containerStats struct {
+	Name             string
+	CPUPercentage    float64
+	Memory           float64
+	MemoryLimit      float64
+	MemoryPercentage float64
+	NetworkRx        float64
+	NetworkTx        float64
+	mu               sync.RWMutex
+	err              error
+}
+
+func (s *containerStats) Collect(cli *DockerCli, streamStats bool) {
+	v := url.Values{}
+	if streamStats {
+		v.Set("stream", "1")
+	} else {
+		v.Set("stream", "0")
+	}
+	stream, _, err := cli.call("GET", "/containers/"+s.Name+"/stats?"+v.Encode(), nil, nil)
+	if err != nil {
+		s.mu.Lock()
+		s.err = err
+		s.mu.Unlock()
+		return
+	}
+	defer stream.Close()
+	var (
+		previousCPU    uint64
+		previousSystem uint64
+		dec            = json.NewDecoder(stream)
+		u              = make(chan error, 1)
+	)
+	go func() {
+		for {
+			var v *types.Stats
+			if err := dec.Decode(&v); err != nil {
+				u <- err
+				return
+			}
+			var (
+				memPercent = float64(v.MemoryStats.Usage) / float64(v.MemoryStats.Limit) * 100.0
+				cpuPercent = 0.0
+			)
+			previousCPU = v.PreCpuStats.CpuUsage.TotalUsage
+			previousSystem = v.PreCpuStats.SystemUsage
+			cpuPercent = calculateCPUPercent(previousCPU, previousSystem, v)
+			s.mu.Lock()
+			s.CPUPercentage = cpuPercent
+			s.Memory = float64(v.MemoryStats.Usage)
+			s.MemoryLimit = float64(v.MemoryStats.Limit)
+			s.MemoryPercentage = memPercent
+			s.NetworkRx = float64(v.Network.RxBytes)
+			s.NetworkTx = float64(v.Network.TxBytes)
+			s.mu.Unlock()
+			u <- nil
+			if !streamStats {
+				return
+			}
+		}
+	}()
+	for {
+		select {
+		case <-time.After(2 * time.Second):
+			// zero out the values if we have not received an update within
+			// the specified duration.
+			s.mu.Lock()
+			s.CPUPercentage = 0
+			s.Memory = 0
+			s.MemoryPercentage = 0
+			s.mu.Unlock()
+		case err := <-u:
+			if err != nil {
+				s.mu.Lock()
+				s.err = err
+				s.mu.Unlock()
+				return
+			}
+		}
+		if !streamStats {
+			return
+		}
+	}
+}
+
+func (s *containerStats) Display(w io.Writer) error {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	if s.err != nil {
+		return s.err
+	}
+	fmt.Fprintf(w, "%s\t%.2f%%\t%s/%s\t%.2f%%\t%s/%s\n",
+		s.Name,
+		s.CPUPercentage,
+		units.HumanSize(s.Memory), units.HumanSize(s.MemoryLimit),
+		s.MemoryPercentage,
+		units.HumanSize(s.NetworkRx), units.HumanSize(s.NetworkTx))
+	return nil
+}
+
+// CmdStats displays a live stream of resource usage statistics for one or more containers.
+//
+// This shows real-time information on CPU usage, memory usage, and network I/O.
+//
+// Usage: docker stats CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdStats(args ...string) error {
+	cmd := cli.Subcmd("stats", "CONTAINER [CONTAINER...]", "Display a live stream of one or more containers' resource usage statistics", true)
+	noStream := cmd.Bool([]string{"-no-stream"}, false, "Disable streaming stats and only pull the first result")
+	cmd.Require(flag.Min, 1)
+	cmd.ParseFlags(args, true)
+
+	names := cmd.Args()
+	sort.Strings(names)
+	var (
+		cStats []*containerStats
+		w      = tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
+	)
+	printHeader := func() {
+		if !*noStream {
+			fmt.Fprint(cli.out, "\033[2J")
+			fmt.Fprint(cli.out, "\033[H")
+		}
+		io.WriteString(w, "CONTAINER\tCPU %\tMEM USAGE/LIMIT\tMEM %\tNET I/O\n")
+	}
+	for _, n := range names {
+		s := &containerStats{Name: n}
+		cStats = append(cStats, s)
+		go s.Collect(cli, !*noStream)
+	}
+	// do a quick pause so that any failed connections for containers that do not exist are able to be
+	// evicted before we display the initial or default values.
+	time.Sleep(1500 * time.Millisecond)
+	var errs []string
+	for _, c := range cStats {
+		c.mu.Lock()
+		if c.err != nil {
+			errs = append(errs, fmt.Sprintf("%s: %v", c.Name, c.err))
+		}
+		c.mu.Unlock()
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, ", "))
+	}
+	for range time.Tick(500 * time.Millisecond) {
+		printHeader()
+		toRemove := []int{}
+		for i, s := range cStats {
+			if err := s.Display(w); err != nil && !*noStream {
+				toRemove = append(toRemove, i)
+			}
+		}
+		for j := len(toRemove) - 1; j >= 0; j-- {
+			i := toRemove[j]
+			cStats = append(cStats[:i], cStats[i+1:]...)
+		}
+		if len(cStats) == 0 {
+			return nil
+		}
+		w.Flush()
+		if *noStream {
+			break
+		}
+	}
+	return nil
+}
+
+func calculateCPUPercent(previousCPU, previousSystem uint64, v *types.Stats) float64 {
+	var (
+		cpuPercent = 0.0
+		// calculate the change for the cpu usage of the container in between readings
+		cpuDelta = float64(v.CpuStats.CpuUsage.TotalUsage - previousCPU)
+		// calculate the change for the entire system between readings
+		systemDelta = float64(v.CpuStats.SystemUsage - previousSystem)
+	)
+
+	if systemDelta > 0.0 && cpuDelta > 0.0 {
+		cpuPercent = (cpuDelta / systemDelta) * float64(len(v.CpuStats.CpuUsage.PercpuUsage)) * 100.0
+	}
+	return cpuPercent
+}

api/client/stats_unit_test.go

@@ -0,0 +1,29 @@
+package client
+
+import (
+	"bytes"
+	"sync"
+	"testing"
+)
+
+func TestDisplay(t *testing.T) {
+	c := &containerStats{
+		Name:             "app",
+		CPUPercentage:    30.0,
+		Memory:           100 * 1024 * 1024.0,
+		MemoryLimit:      2048 * 1024 * 1024.0,
+		MemoryPercentage: 100.0 / 2048.0 * 100.0,
+		NetworkRx:        100 * 1024 * 1024,
+		NetworkTx:        800 * 1024 * 1024,
+		mu:               sync.RWMutex{},
+	}
+	var b bytes.Buffer
+	if err := c.Display(&b); err != nil {
+		t.Fatalf("c.Display() gave error: %s", err)
+	}
+	got := b.String()
+	want := "app\t30.00%\t104.9 MB/2.147 GB\t4.88%\t104.9 MB/838.9 MB\n"
+	if got != want {
+		t.Fatalf("c.Display() = %q, want %q", got, want)
+	}
+}

api/client/stop.go

@@ -0,0 +1,40 @@
+package client
+
+import (
+	"fmt"
+	"net/url"
+	"strconv"
+
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdStop stops one or more running containers.
+//
+// A running container is stopped by first sending SIGTERM and then SIGKILL if the container fails to stop within a grace period (the default is 10 seconds).
+//
+// Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdStop(args ...string) error {
+	cmd := cli.Subcmd("stop", "CONTAINER [CONTAINER...]", "Stop a running container by sending SIGTERM and then SIGKILL after a\ngrace period", true)
+	nSeconds := cmd.Int([]string{"t", "-time"}, 10, "Seconds to wait for stop before killing it")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	v := url.Values{}
+	v.Set("t", strconv.Itoa(*nSeconds))
+
+	var errNames []string
+	for _, name := range cmd.Args() {
+		_, _, err := readBody(cli.call("POST", "/containers/"+name+"/stop?"+v.Encode(), nil, nil))
+		if err != nil {
+			fmt.Fprintf(cli.err, "%s\n", err)
+			errNames = append(errNames, name)
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+	if len(errNames) > 0 {
+		return fmt.Errorf("Error: failed to stop containers: %v", errNames)
+	}
+	return nil
+}

api/client/tag.go

@@ -0,0 +1,41 @@
+package client
+
+import (
+	"net/url"
+
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/registry"
+)
+
+// CmdTag tags an image into a repository.
+//
+// Usage: docker tag [OPTIONS] IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG]
+func (cli *DockerCli) CmdTag(args ...string) error {
+	cmd := cli.Subcmd("tag", "IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG]", "Tag an image into a repository", true)
+	force := cmd.Bool([]string{"f", "#force", "-force"}, false, "Force")
+	cmd.Require(flag.Exact, 2)
+
+	cmd.ParseFlags(args, true)
+
+	var (
+		repository, tag = parsers.ParseRepositoryTag(cmd.Arg(1))
+		v               = url.Values{}
+	)
+
+	//Check if the given image name can be resolved
+	if err := registry.ValidateRepositoryName(repository); err != nil {
+		return err
+	}
+	v.Set("repo", repository)
+	v.Set("tag", tag)
+
+	if *force {
+		v.Set("force", "1")
+	}
+
+	if _, _, err := readBody(cli.call("POST", "/images/"+cmd.Arg(0)+"/tag?"+v.Encode(), nil, nil)); err != nil {
+		return err
+	}
+	return nil
+}

api/client/top.go

@@ -0,0 +1,46 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"strings"
+	"text/tabwriter"
+
+	"github.com/docker/docker/api/types"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdTop displays the running processes of a container.
+//
+// Usage: docker top CONTAINER
+func (cli *DockerCli) CmdTop(args ...string) error {
+	cmd := cli.Subcmd("top", "CONTAINER [ps OPTIONS]", "Display the running processes of a container", true)
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	val := url.Values{}
+	if cmd.NArg() > 1 {
+		val.Set("ps_args", strings.Join(cmd.Args()[1:], " "))
+	}
+
+	stream, _, err := cli.call("GET", "/containers/"+cmd.Arg(0)+"/top?"+val.Encode(), nil, nil)
+	if err != nil {
+		return err
+	}
+
+	procList := types.ContainerProcessList{}
+	if err := json.NewDecoder(stream).Decode(&procList); err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
+	fmt.Fprintln(w, strings.Join(procList.Titles, "\t"))
+
+	for _, proc := range procList.Processes {
+		fmt.Fprintln(w, strings.Join(proc, "\t"))
+	}
+	w.Flush()
+	return nil
+}

api/client/unpause.go

@@ -0,0 +1,30 @@
+package client
+
+import (
+	"fmt"
+
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdUnpause unpauses all processes within a container, for one or more containers.
+//
+// Usage: docker unpause CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdUnpause(args ...string) error {
+	cmd := cli.Subcmd("unpause", "CONTAINER [CONTAINER...]", "Unpause all processes within a container", true)
+	cmd.Require(flag.Min, 1)
+	cmd.ParseFlags(args, true)
+
+	var errNames []string
+	for _, name := range cmd.Args() {
+		if _, _, err := readBody(cli.call("POST", fmt.Sprintf("/containers/%s/unpause", name), nil, nil)); err != nil {
+			fmt.Fprintf(cli.err, "%s\n", err)
+			errNames = append(errNames, name)
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+	if len(errNames) > 0 {
+		return fmt.Errorf("Error: failed to unpause containers: %v", errNames)
+	}
+	return nil
+}

api/client/utils.go

@@ -17,21 +17,23 @@ import (
 	"strings"
 	"time"
 
-	log "github.com/Sirupsen/logrus"
+	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/autogen/dockerversion"
-	"github.com/docker/docker/engine"
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/docker/docker/pkg/term"
 	"github.com/docker/docker/registry"
-	"github.com/docker/docker/utils"
 )
 
 var (
-	ErrConnectionRefused = errors.New("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
+	errConnectionRefused = errors.New("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
 )
 
+// HTTPClient creates a new HTP client with the cli's client transport instance.
 func (cli *DockerCli) HTTPClient() *http.Client {
 	return &http.Client{Transport: cli.transport}
 }
@@ -39,18 +41,8 @@ func (cli *DockerCli) HTTPClient() *http.Client {
 func (cli *DockerCli) encodeData(data interface{}) (*bytes.Buffer, error) {
 	params := bytes.NewBuffer(nil)
 	if data != nil {
-		if env, ok := data.(engine.Env); ok {
-			if err := env.Encode(params); err != nil {
-				return nil, err
-			}
-		} else {
-			buf, err := json.Marshal(data)
-			if err != nil {
-				return nil, err
-			}
-			if _, err := params.Write(buf); err != nil {
-				return nil, err
-			}
+		if err := json.NewEncoder(params).Encode(data); err != nil {
+			return nil, err
 		}
 	}
 	return params, nil
@@ -65,14 +57,23 @@ func (cli *DockerCli) clientRequest(method, path string, in io.Reader, headers m
 	if err != nil {
 		return nil, "", -1, err
 	}
+
+	// Add CLI Config's HTTP Headers BEFORE we set the Docker headers
+	// then the user can't change OUR headers
+	for k, v := range cli.configFile.HttpHeaders {
+		req.Header.Set(k, v)
+	}
+
 	req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION)
 	req.URL.Host = cli.addr
 	req.URL.Scheme = cli.scheme
+
 	if headers != nil {
 		for k, v := range headers {
 			req.Header[k] = v
 		}
 	}
+
 	if expectedPayload && req.Header.Get("Content-Type") == "" {
 		req.Header.Set("Content-Type", "text/plain")
 	}
@@ -84,13 +85,12 @@ func (cli *DockerCli) clientRequest(method, path string, in io.Reader, headers m
 	}
 	if err != nil {
 		if strings.Contains(err.Error(), "connection refused") {
-			return nil, "", statusCode, ErrConnectionRefused
+			return nil, "", statusCode, errConnectionRefused
 		}
 
 		if cli.tlsConfig == nil {
 			return nil, "", statusCode, fmt.Errorf("%v. Are you trying to connect to a TLS-enabled daemon without TLS?", err)
 		}
-
 		return nil, "", statusCode, fmt.Errorf("An error occurred trying to connect: %v", err)
 	}
 
@@ -109,7 +109,7 @@ func (cli *DockerCli) clientRequest(method, path string, in io.Reader, headers m
 }
 
 func (cli *DockerCli) clientRequestAttemptLogin(method, path string, in io.Reader, out io.Writer, index *registry.IndexInfo, cmdName string) (io.ReadCloser, int, error) {
-	cmdAttempt := func(authConfig registry.AuthConfig) (io.ReadCloser, int, error) {
+	cmdAttempt := func(authConfig cliconfig.AuthConfig) (io.ReadCloser, int, error) {
 		buf, err := json.Marshal(authConfig)
 		if err != nil {
 			return nil, -1, err
@@ -140,14 +140,14 @@ func (cli *DockerCli) clientRequestAttemptLogin(method, path string, in io.Reade
 	}
 
 	// Resolve the Auth config relevant for this server
-	authConfig := cli.configFile.ResolveAuthConfig(index)
+	authConfig := registry.ResolveAuthConfig(cli.configFile, index)
 	body, statusCode, err := cmdAttempt(authConfig)
 	if statusCode == http.StatusUnauthorized {
 		fmt.Fprintf(cli.out, "\nPlease login prior to %s:\n", cmdName)
 		if err = cli.CmdLogin(index.GetAuthConfigKey()); err != nil {
 			return nil, -1, err
 		}
-		authConfig = cli.configFile.ResolveAuthConfig(index)
+		authConfig = registry.ResolveAuthConfig(cli.configFile, index)
 		return cmdAttempt(authConfig)
 	}
 	return body, statusCode, err
@@ -169,33 +169,38 @@ func (cli *DockerCli) call(method, path string, data interface{}, headers map[st
 	body, _, statusCode, err := cli.clientRequest(method, path, params, headers)
 	return body, statusCode, err
 }
-func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, headers map[string][]string) error {
-	return cli.streamHelper(method, path, true, in, out, nil, headers)
+
+type streamOpts struct {
+	rawTerminal bool
+	in          io.Reader
+	out         io.Writer
+	err         io.Writer
+	headers     map[string][]string
 }
 
-func (cli *DockerCli) streamHelper(method, path string, setRawTerminal bool, in io.Reader, stdout, stderr io.Writer, headers map[string][]string) error {
-	body, contentType, _, err := cli.clientRequest(method, path, in, headers)
+func (cli *DockerCli) stream(method, path string, opts *streamOpts) error {
+	body, contentType, _, err := cli.clientRequest(method, path, opts.in, opts.headers)
 	if err != nil {
 		return err
 	}
-	return cli.streamBody(body, contentType, setRawTerminal, stdout, stderr)
+	return cli.streamBody(body, contentType, opts.rawTerminal, opts.out, opts.err)
 }
 
-func (cli *DockerCli) streamBody(body io.ReadCloser, contentType string, setRawTerminal bool, stdout, stderr io.Writer) error {
+func (cli *DockerCli) streamBody(body io.ReadCloser, contentType string, rawTerminal bool, stdout, stderr io.Writer) error {
 	defer body.Close()
 
 	if api.MatchesContentType(contentType, "application/json") {
-		return utils.DisplayJSONMessagesStream(body, stdout, cli.outFd, cli.isTerminalOut)
+		return jsonmessage.DisplayJSONMessagesStream(body, stdout, cli.outFd, cli.isTerminalOut)
 	}
 	if stdout != nil || stderr != nil {
 		// When TTY is ON, use regular copy
 		var err error
-		if setRawTerminal {
+		if rawTerminal {
 			_, err = io.Copy(stdout, body)
 		} else {
 			_, err = stdcopy.StdCopy(stdout, stderr, body)
 		}
-		log.Debugf("[stream] End of stdout")
+		logrus.Debugf("[stream] End of stdout")
 		return err
 	}
 	return nil
@@ -218,7 +223,7 @@ func (cli *DockerCli) resizeTty(id string, isExec bool) {
 	}
 
 	if _, _, err := readBody(cli.call("POST", path+v.Encode(), nil, nil)); err != nil {
-		log.Debugf("Error resize: %s", err)
+		logrus.Debugf("Error resize: %s", err)
 	}
 }
 
@@ -228,11 +233,12 @@ func waitForExit(cli *DockerCli, containerID string) (int, error) {
 		return -1, err
 	}
 
-	var out engine.Env
-	if err := out.Decode(stream); err != nil {
+	var res types.ContainerWaitResponse
+	if err := json.NewDecoder(stream).Decode(&res); err != nil {
 		return -1, err
 	}
-	return out.GetInt("StatusCode"), nil
+
+	return res.StatusCode, nil
 }
 
 // getExitCode perform an inspect on the container. It returns
@@ -241,19 +247,18 @@ func getExitCode(cli *DockerCli, containerID string) (bool, int, error) {
 	stream, _, err := cli.call("GET", "/containers/"+containerID+"/json", nil, nil)
 	if err != nil {
 		// If we can't connect, then the daemon probably died.
-		if err != ErrConnectionRefused {
+		if err != errConnectionRefused {
 			return false, -1, err
 		}
 		return false, -1, nil
 	}
 
-	var result engine.Env
-	if err := result.Decode(stream); err != nil {
+	var c types.ContainerJSON
+	if err := json.NewDecoder(stream).Decode(&c); err != nil {
 		return false, -1, err
 	}
 
-	state := result.GetSubEnv("State")
-	return state.GetBool("Running"), state.GetInt("ExitCode"), nil
+	return c.State.Running, c.State.ExitCode, nil
 }
 
 // getExecExitCode perform an inspect on the exec command. It returns
@@ -262,18 +267,24 @@ func getExecExitCode(cli *DockerCli, execID string) (bool, int, error) {
 	stream, _, err := cli.call("GET", "/exec/"+execID+"/json", nil, nil)
 	if err != nil {
 		// If we can't connect, then the daemon probably died.
-		if err != ErrConnectionRefused {
+		if err != errConnectionRefused {
 			return false, -1, err
 		}
 		return false, -1, nil
 	}
 
-	var result engine.Env
-	if err := result.Decode(stream); err != nil {
+	//TODO: Should we reconsider having a type in api/types?
+	//this is a response to exex/id/json not container
+	var c struct {
+		Running  bool
+		ExitCode int
+	}
+
+	if err := json.NewDecoder(stream).Decode(&c); err != nil {
 		return false, -1, err
 	}
 
-	return result.GetBool("Running"), result.GetInt("ExitCode"), nil
+	return c.Running, c.ExitCode, nil
 }
 
 func (cli *DockerCli) monitorTtySize(id string, isExec bool) error {
@@ -281,23 +292,23 @@ func (cli *DockerCli) monitorTtySize(id string, isExec bool) error {
 
 	if runtime.GOOS == "windows" {
 		go func() {
-			prevW, prevH := cli.getTtySize()
+			prevH, prevW := cli.getTtySize()
 			for {
 				time.Sleep(time.Millisecond * 250)
-				w, h := cli.getTtySize()
+				h, w := cli.getTtySize()
 
 				if prevW != w || prevH != h {
 					cli.resizeTty(id, isExec)
 				}
-				prevW = w
 				prevH = h
+				prevW = w
 			}
 		}()
 	} else {
 		sigchan := make(chan os.Signal, 1)
 		gosignal.Notify(sigchan, signal.SIGWINCH)
 		go func() {
-			for _ = range sigchan {
+			for range sigchan {
 				cli.resizeTty(id, isExec)
 			}
 		}()
@@ -311,7 +322,7 @@ func (cli *DockerCli) getTtySize() (int, int) {
 	}
 	ws, err := term.GetWinsize(cli.outFd)
 	if err != nil {
-		log.Debugf("Error getting size: %s", err)
+		logrus.Debugf("Error getting size: %s", err)
 		if ws == nil {
 			return 0, 0
 		}

api/client/version.go

@@ -0,0 +1,61 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"runtime"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/autogen/dockerversion"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/utils"
+)
+
+// CmdVersion shows Docker version information.
+//
+// Available version information is shown for: client Docker version, client API version, client Go version, client Git commit, client OS/Arch, server Docker version, server API version, server Go version, server Git commit, and server OS/Arch.
+//
+// Usage: docker version
+func (cli *DockerCli) CmdVersion(args ...string) error {
+	cmd := cli.Subcmd("version", "", "Show the Docker version information.", true)
+	cmd.Require(flag.Exact, 0)
+
+	cmd.ParseFlags(args, true)
+
+	if dockerversion.VERSION != "" {
+		fmt.Fprintf(cli.out, "Client version: %s\n", dockerversion.VERSION)
+	}
+	fmt.Fprintf(cli.out, "Client API version: %s\n", api.APIVERSION)
+	fmt.Fprintf(cli.out, "Go version (client): %s\n", runtime.Version())
+	if dockerversion.GITCOMMIT != "" {
+		fmt.Fprintf(cli.out, "Git commit (client): %s\n", dockerversion.GITCOMMIT)
+	}
+	fmt.Fprintf(cli.out, "OS/Arch (client): %s/%s\n", runtime.GOOS, runtime.GOARCH)
+	if utils.ExperimentalBuild() {
+		fmt.Fprintf(cli.out, "Experimental (client): true\n")
+	}
+
+	stream, _, err := cli.call("GET", "/version", nil, nil)
+	if err != nil {
+		return err
+	}
+
+	var v types.Version
+	if err := json.NewDecoder(stream).Decode(&v); err != nil {
+		fmt.Fprintf(cli.err, "Error reading remote version: %s\n", err)
+		return err
+	}
+
+	fmt.Fprintf(cli.out, "Server version: %s\n", v.Version)
+	if v.ApiVersion != "" {
+		fmt.Fprintf(cli.out, "Server API version: %s\n", v.ApiVersion)
+	}
+	fmt.Fprintf(cli.out, "Go version (server): %s\n", v.GoVersion)
+	fmt.Fprintf(cli.out, "Git commit (server): %s\n", v.GitCommit)
+	fmt.Fprintf(cli.out, "OS/Arch (server): %s/%s\n", v.Os, v.Arch)
+	if v.Experimental {
+		fmt.Fprintf(cli.out, "Experimental (server): true\n")
+	}
+	return nil
+}

api/client/wait.go

@@ -0,0 +1,34 @@
+package client
+
+import (
+	"fmt"
+
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdWait blocks until a container stops, then prints its exit code.
+//
+// If more than one container is specified, this will wait synchronously on each container.
+//
+// Usage: docker wait CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdWait(args ...string) error {
+	cmd := cli.Subcmd("wait", "CONTAINER [CONTAINER...]", "Block until a container stops, then print its exit code.", true)
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var errNames []string
+	for _, name := range cmd.Args() {
+		status, err := waitForExit(cli, name)
+		if err != nil {
+			fmt.Fprintf(cli.err, "%s\n", err)
+			errNames = append(errNames, name)
+		} else {
+			fmt.Fprintf(cli.out, "%d\n", status)
+		}
+	}
+	if len(errNames) > 0 {
+		return fmt.Errorf("Error: failed to wait containers: %v", errNames)
+	}
+	return nil
+}

api/common.go

@@ -3,34 +3,30 @@ package api
 import (
 	"fmt"
 	"mime"
-	"os"
 	"path/filepath"
+	"sort"
 	"strings"
 
-	log "github.com/Sirupsen/logrus"
-	"github.com/docker/docker/engine"
-	"github.com/docker/docker/pkg/parsers"
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/pkg/version"
 	"github.com/docker/libtrust"
 )
 
+// Common constants for daemon and client.
 const (
-	APIVERSION            version.Version = "1.18"
-	DEFAULTHTTPHOST                       = "127.0.0.1"
-	DEFAULTUNIXSOCKET                     = "/var/run/docker.sock"
-	DefaultDockerfileName string          = "Dockerfile"
+	APIVERSION            version.Version = "1.19"       // Current REST API version
+	DefaultDockerfileName string          = "Dockerfile" // Default filename with Docker commands, read by docker build
 )
 
-func ValidateHost(val string) (string, error) {
-	host, err := parsers.ParseHost(DEFAULTHTTPHOST, DEFAULTUNIXSOCKET, val)
-	if err != nil {
-		return val, err
-	}
-	return host, nil
-}
+type ByPrivatePort []types.Port
 
-// TODO remove, used on < 1.5 in getContainersJSON
-func DisplayablePorts(ports *engine.Table) string {
+func (r ByPrivatePort) Len() int           { return len(r) }
+func (r ByPrivatePort) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
+func (r ByPrivatePort) Less(i, j int) bool { return r[i].PrivatePort < r[j].PrivatePort }
+
+func DisplayablePorts(ports []types.Port) string {
 	var (
 		result          = []string{}
 		hostMappings    = []string{}
@@ -39,21 +35,20 @@ func DisplayablePorts(ports *engine.Table) string {
 	)
 	firstInGroupMap = make(map[string]int)
 	lastInGroupMap = make(map[string]int)
-	ports.SetKey("PrivatePort")
-	ports.Sort()
-	for _, port := range ports.Data {
+	sort.Sort(ByPrivatePort(ports))
+	for _, port := range ports {
 		var (
-			current      = port.GetInt("PrivatePort")
-			portKey      = port.Get("Type")
+			current      = port.PrivatePort
+			portKey      = port.Type
 			firstInGroup int
 			lastInGroup  int
 		)
-		if port.Get("IP") != "" {
-			if port.GetInt("PublicPort") != current {
-				hostMappings = append(hostMappings, fmt.Sprintf("%s:%d->%d/%s", port.Get("IP"), port.GetInt("PublicPort"), port.GetInt("PrivatePort"), port.Get("Type")))
+		if port.IP != "" {
+			if port.PublicPort != current {
+				hostMappings = append(hostMappings, fmt.Sprintf("%s:%d->%d/%s", port.IP, port.PublicPort, port.PrivatePort, port.Type))
 				continue
 			}
-			portKey = fmt.Sprintf("%s/%s", port.Get("IP"), port.Get("Type"))
+			portKey = fmt.Sprintf("%s/%s", port.IP, port.Type)
 		}
 		firstInGroup = firstInGroupMap[portKey]
 		lastInGroup = lastInGroupMap[portKey]
@@ -104,7 +99,7 @@ func FormGroup(key string, start, last int) string {
 func MatchesContentType(contentType, expectedType string) bool {
 	mimetype, _, err := mime.ParseMediaType(contentType)
 	if err != nil {
-		log.Errorf("Error parsing media type: %s error: %v", contentType, err)
+		logrus.Errorf("Error parsing media type: %s error: %v", contentType, err)
 	}
 	return err == nil && mimetype == expectedType
 }
@@ -112,7 +107,7 @@ func MatchesContentType(contentType, expectedType string) bool {
 // LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
 // otherwise generates a new one
 func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
-	err := os.MkdirAll(filepath.Dir(trustKeyPath), 0700)
+	err := system.MkdirAll(filepath.Dir(trustKeyPath), 0700)
 	if err != nil {
 		return nil, err
 	}

api/server/form.go

@@ -0,0 +1,29 @@
+package server
+
+import (
+	"net/http"
+	"strconv"
+	"strings"
+)
+
+func boolValue(r *http.Request, k string) bool {
+	s := strings.ToLower(strings.TrimSpace(r.FormValue(k)))
+	return !(s == "" || s == "0" || s == "no" || s == "false" || s == "none")
+}
+
+// boolValueOrDefault returns the default bool passed if the query param is
+// missing, otherwise it's just a proxy to boolValue above
+func boolValueOrDefault(r *http.Request, k string, d bool) bool {
+	if _, ok := r.Form[k]; !ok {
+		return d
+	}
+	return boolValue(r, k)
+}
+
+func int64ValueOrZero(r *http.Request, k string) int64 {
+	val, err := strconv.ParseInt(r.FormValue(k), 10, 64)
+	if err != nil {
+		return 0
+	}
+	return val
+}

api/server/form_test.go

@@ -0,0 +1,70 @@
+package server
+
+import (
+	"net/http"
+	"net/url"
+	"testing"
+)
+
+func TestBoolValue(t *testing.T) {
+	cases := map[string]bool{
+		"":      false,
+		"0":     false,
+		"no":    false,
+		"false": false,
+		"none":  false,
+		"1":     true,
+		"yes":   true,
+		"true":  true,
+		"one":   true,
+		"100":   true,
+	}
+
+	for c, e := range cases {
+		v := url.Values{}
+		v.Set("test", c)
+		r, _ := http.NewRequest("POST", "", nil)
+		r.Form = v
+
+		a := boolValue(r, "test")
+		if a != e {
+			t.Fatalf("Value: %s, expected: %v, actual: %v", c, e, a)
+		}
+	}
+}
+
+func TestBoolValueOrDefault(t *testing.T) {
+	r, _ := http.NewRequest("GET", "", nil)
+	if !boolValueOrDefault(r, "queryparam", true) {
+		t.Fatal("Expected to get true default value, got false")
+	}
+
+	v := url.Values{}
+	v.Set("param", "")
+	r, _ = http.NewRequest("GET", "", nil)
+	r.Form = v
+	if boolValueOrDefault(r, "param", true) {
+		t.Fatal("Expected not to get true")
+	}
+}
+
+func TestInt64ValueOrZero(t *testing.T) {
+	cases := map[string]int64{
+		"":     0,
+		"asdf": 0,
+		"0":    0,
+		"1":    1,
+	}
+
+	for c, e := range cases {
+		v := url.Values{}
+		v.Set("test", c)
+		r, _ := http.NewRequest("POST", "", nil)
+		r.Form = v
+
+		a := int64ValueOrZero(r, "test")
+		if a != e {
+			t.Fatalf("Value: %s, expected: %v, actual: %v", c, e, a)
+		}
+	}
+}

api/server/profiler.go

@@ -0,0 +1,38 @@
+package server
+
+import (
+	"expvar"
+	"fmt"
+	"net/http"
+	"net/http/pprof"
+
+	"github.com/gorilla/mux"
+)
+
+func ProfilerSetup(mainRouter *mux.Router, path string) {
+	var r = mainRouter.PathPrefix(path).Subrouter()
+	r.HandleFunc("/vars", expVars)
+	r.HandleFunc("/pprof/", pprof.Index)
+	r.HandleFunc("/pprof/cmdline", pprof.Cmdline)
+	r.HandleFunc("/pprof/profile", pprof.Profile)
+	r.HandleFunc("/pprof/symbol", pprof.Symbol)
+	r.HandleFunc("/pprof/block", pprof.Handler("block").ServeHTTP)
+	r.HandleFunc("/pprof/heap", pprof.Handler("heap").ServeHTTP)
+	r.HandleFunc("/pprof/goroutine", pprof.Handler("goroutine").ServeHTTP)
+	r.HandleFunc("/pprof/threadcreate", pprof.Handler("threadcreate").ServeHTTP)
+}
+
+// Replicated from expvar.go as not public.
+func expVars(w http.ResponseWriter, r *http.Request) {
+	first := true
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	fmt.Fprintf(w, "{\n")
+	expvar.Do(func(kv expvar.KeyValue) {
+		if !first {
+			fmt.Fprintf(w, ",\n")
+		}
+		first = false
+		fmt.Fprintf(w, "%q: %s", kv.Key, kv.Value)
+	})
+	fmt.Fprintf(w, "\n}\n")
+}

api/server/server_linux.go

@@ -4,102 +4,95 @@ package server
 
 import (
 	"fmt"
+	"net"
 	"net/http"
-	"os"
-	"syscall"
+	"strconv"
 
-	"github.com/docker/docker/engine"
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/pkg/sockets"
 	"github.com/docker/docker/pkg/systemd"
+	"github.com/docker/libnetwork/portallocator"
 )
 
-// NewServer sets up the required Server and does protocol specific checking.
-func NewServer(proto, addr string, job *engine.Job) (Server, error) {
-	// Basic error and sanity checking
+// newServer sets up the required serverClosers and does protocol specific checking.
+func (s *Server) newServer(proto, addr string) ([]serverCloser, error) {
+	var (
+		err error
+		ls  []net.Listener
+	)
 	switch proto {
 	case "fd":
-		return nil, serveFd(addr, job)
-	case "tcp":
-		return setupTcpHttp(addr, job)
-	case "unix":
-		return setupUnixHttp(addr, job)
-	default:
-		return nil, fmt.Errorf("Invalid protocol format.")
-	}
-}
-
-func setupUnixHttp(addr string, job *engine.Job) (*HttpServer, error) {
-	r := createRouter(job.Eng, job.GetenvBool("Logging"), job.GetenvBool("EnableCors"), job.Getenv("CorsHeaders"), job.Getenv("Version"))
-
-	if err := syscall.Unlink(addr); err != nil && !os.IsNotExist(err) {
-		return nil, err
-	}
-	mask := syscall.Umask(0777)
-	defer syscall.Umask(mask)
-
-	l, err := newListener("unix", addr, job.GetenvBool("BufferRequests"))
-	if err != nil {
-		return nil, err
-	}
-
-	if err := setSocketGroup(addr, job.Getenv("SocketGroup")); err != nil {
-		return nil, err
-	}
-
-	if err := os.Chmod(addr, 0660); err != nil {
-		return nil, err
-	}
-
-	return &HttpServer{&http.Server{Addr: addr, Handler: r}, l}, nil
-}
-
-// serveFd creates an http.Server and sets it up to serve given a socket activated
-// argument.
-func serveFd(addr string, job *engine.Job) error {
-	r := createRouter(job.Eng, job.GetenvBool("Logging"), job.GetenvBool("EnableCors"), job.Getenv("CorsHeaders"), job.Getenv("Version"))
-
-	ls, e := systemd.ListenFD(addr)
-	if e != nil {
-		return e
-	}
-
-	chErrors := make(chan error, len(ls))
-
-	// We don't want to start serving on these sockets until the
-	// daemon is initialized and installed. Otherwise required handlers
-	// won't be ready.
-	<-activationLock
-
-	// Since ListenFD will return one or more sockets we have
-	// to create a go func to spawn off multiple serves
-	for i := range ls {
-		listener := ls[i]
-		go func() {
-			httpSrv := http.Server{Handler: r}
-			chErrors <- httpSrv.Serve(listener)
-		}()
-	}
-
-	for i := 0; i < len(ls); i++ {
-		err := <-chErrors
+		ls, err = systemd.ListenFD(addr)
 		if err != nil {
-			return err
+			return nil, err
 		}
+		// We don't want to start serving on these sockets until the
+		// daemon is initialized and installed. Otherwise required handlers
+		// won't be ready.
+		<-s.start
+	case "tcp":
+		l, err := s.initTcpSocket(addr)
+		if err != nil {
+			return nil, err
+		}
+		ls = append(ls, l)
+	case "unix":
+		l, err := sockets.NewUnixSocket(addr, s.cfg.SocketGroup, s.start)
+		if err != nil {
+			return nil, err
+		}
+		ls = append(ls, l)
+	default:
+		return nil, fmt.Errorf("Invalid protocol format: %q", proto)
 	}
-
-	return nil
+	var res []serverCloser
+	for _, l := range ls {
+		res = append(res, &HttpServer{
+			&http.Server{
+				Addr:    addr,
+				Handler: s.router,
+			},
+			l,
+		})
+	}
+	return res, nil
 }
 
-// Called through eng.Job("acceptconnections")
-func AcceptConnections(job *engine.Job) engine.Status {
+func (s *Server) AcceptConnections(d *daemon.Daemon) {
 	// Tell the init daemon we are accepting requests
+	s.daemon = d
 	go systemd.SdNotify("READY=1")
-
 	// close the lock so the listeners start accepting connections
 	select {
-	case <-activationLock:
+	case <-s.start:
 	default:
-		close(activationLock)
+		close(s.start)
+	}
+}
+
+func allocateDaemonPort(addr string) error {
+	host, port, err := net.SplitHostPort(addr)
+	if err != nil {
+		return err
 	}
 
-	return engine.StatusOK
+	intPort, err := strconv.Atoi(port)
+	if err != nil {
+		return err
+	}
+
+	var hostIPs []net.IP
+	if parsedIP := net.ParseIP(host); parsedIP != nil {
+		hostIPs = append(hostIPs, parsedIP)
+	} else if hostIPs, err = net.LookupIP(host); err != nil {
+		return fmt.Errorf("failed to lookup %s address in host specification", host)
+	}
+
+	pa := portallocator.Get()
+	for _, hostIP := range hostIPs {
+		if _, err := pa.RequestPort(hostIP, "tcp", intPort); err != nil {
+			return fmt.Errorf("failed to allocate daemon listening port %d (err: %v)", intPort, err)
+		}
+	}
+	return nil
 }

api/server/server_unit_test.go

@@ -1,553 +0,0 @@
-package server
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"net/http/httptest"
-	"reflect"
-	"strings"
-	"testing"
-
-	"github.com/docker/docker/api"
-	"github.com/docker/docker/engine"
-	"github.com/docker/docker/pkg/version"
-)
-
-func TestGetBoolParam(t *testing.T) {
-	if ret, err := getBoolParam("true"); err != nil || !ret {
-		t.Fatalf("true -> true, nil | got %t %s", ret, err)
-	}
-	if ret, err := getBoolParam("True"); err != nil || !ret {
-		t.Fatalf("True -> true, nil | got %t %s", ret, err)
-	}
-	if ret, err := getBoolParam("1"); err != nil || !ret {
-		t.Fatalf("1 -> true, nil | got %t %s", ret, err)
-	}
-	if ret, err := getBoolParam(""); err != nil || ret {
-		t.Fatalf("\"\" -> false, nil | got %t %s", ret, err)
-	}
-	if ret, err := getBoolParam("false"); err != nil || ret {
-		t.Fatalf("false -> false, nil | got %t %s", ret, err)
-	}
-	if ret, err := getBoolParam("0"); err != nil || ret {
-		t.Fatalf("0 -> false, nil | got %t %s", ret, err)
-	}
-	if ret, err := getBoolParam("faux"); err == nil || ret {
-		t.Fatalf("faux -> false, err | got %t %s", ret, err)
-
-	}
-}
-
-func TesthttpError(t *testing.T) {
-	r := httptest.NewRecorder()
-
-	httpError(r, fmt.Errorf("No such method"))
-	if r.Code != http.StatusNotFound {
-		t.Fatalf("Expected %d, got %d", http.StatusNotFound, r.Code)
-	}
-
-	httpError(r, fmt.Errorf("This accound hasn't been activated"))
-	if r.Code != http.StatusForbidden {
-		t.Fatalf("Expected %d, got %d", http.StatusForbidden, r.Code)
-	}
-
-	httpError(r, fmt.Errorf("Some error"))
-	if r.Code != http.StatusInternalServerError {
-		t.Fatalf("Expected %d, got %d", http.StatusInternalServerError, r.Code)
-	}
-}
-
-func TestGetVersion(t *testing.T) {
-	eng := engine.New()
-	var called bool
-	eng.Register("version", func(job *engine.Job) engine.Status {
-		called = true
-		v := &engine.Env{}
-		v.SetJson("Version", "42.1")
-		v.Set("ApiVersion", "1.1.1.1.1")
-		v.Set("GoVersion", "2.42")
-		v.Set("Os", "Linux")
-		v.Set("Arch", "x86_64")
-		if _, err := v.WriteTo(job.Stdout); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	})
-	r := serveRequest("GET", "/version", nil, eng, t)
-	if !called {
-		t.Fatalf("handler was not called")
-	}
-	v := readEnv(r.Body, t)
-	if v.Get("Version") != "42.1" {
-		t.Fatalf("%#v\n", v)
-	}
-	if r.HeaderMap.Get("Content-Type") != "application/json" {
-		t.Fatalf("%#v\n", r)
-	}
-}
-
-func TestGetInfo(t *testing.T) {
-	eng := engine.New()
-	var called bool
-	eng.Register("info", func(job *engine.Job) engine.Status {
-		called = true
-		v := &engine.Env{}
-		v.SetInt("Containers", 1)
-		v.SetInt("Images", 42000)
-		if _, err := v.WriteTo(job.Stdout); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	})
-	r := serveRequest("GET", "/info", nil, eng, t)
-	if !called {
-		t.Fatalf("handler was not called")
-	}
-	v := readEnv(r.Body, t)
-	if v.GetInt("Images") != 42000 {
-		t.Fatalf("%#v\n", v)
-	}
-	if v.GetInt("Containers") != 1 {
-		t.Fatalf("%#v\n", v)
-	}
-	assertContentType(r, "application/json", t)
-}
-
-func TestGetImagesJSON(t *testing.T) {
-	eng := engine.New()
-	var called bool
-	eng.Register("images", func(job *engine.Job) engine.Status {
-		called = true
-		v := createEnvFromGetImagesJSONStruct(sampleImage)
-		if _, err := v.WriteTo(job.Stdout); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	})
-	r := serveRequest("GET", "/images/json", nil, eng, t)
-	if !called {
-		t.Fatal("handler was not called")
-	}
-	assertHttpNotError(r, t)
-	assertContentType(r, "application/json", t)
-	var observed getImagesJSONStruct
-	if err := json.Unmarshal(r.Body.Bytes(), &observed); err != nil {
-		t.Fatal(err)
-	}
-	if !reflect.DeepEqual(observed, sampleImage) {
-		t.Errorf("Expected %#v but got %#v", sampleImage, observed)
-	}
-}
-
-func TestGetImagesJSONFilter(t *testing.T) {
-	eng := engine.New()
-	filter := "nothing"
-	eng.Register("images", func(job *engine.Job) engine.Status {
-		filter = job.Getenv("filter")
-		return engine.StatusOK
-	})
-	serveRequest("GET", "/images/json?filter=aaaa", nil, eng, t)
-	if filter != "aaaa" {
-		t.Errorf("%#v", filter)
-	}
-}
-
-func TestGetImagesJSONFilters(t *testing.T) {
-	eng := engine.New()
-	filter := "nothing"
-	eng.Register("images", func(job *engine.Job) engine.Status {
-		filter = job.Getenv("filters")
-		return engine.StatusOK
-	})
-	serveRequest("GET", "/images/json?filters=nnnn", nil, eng, t)
-	if filter != "nnnn" {
-		t.Errorf("%#v", filter)
-	}
-}
-
-func TestGetImagesJSONAll(t *testing.T) {
-	eng := engine.New()
-	allFilter := "-1"
-	eng.Register("images", func(job *engine.Job) engine.Status {
-		allFilter = job.Getenv("all")
-		return engine.StatusOK
-	})
-	serveRequest("GET", "/images/json?all=1", nil, eng, t)
-	if allFilter != "1" {
-		t.Errorf("%#v", allFilter)
-	}
-}
-
-func TestGetImagesJSONLegacyFormat(t *testing.T) {
-	eng := engine.New()
-	var called bool
-	eng.Register("images", func(job *engine.Job) engine.Status {
-		called = true
-		outsLegacy := engine.NewTable("Created", 0)
-		outsLegacy.Add(createEnvFromGetImagesJSONStruct(sampleImage))
-		if _, err := outsLegacy.WriteListTo(job.Stdout); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	})
-	r := serveRequestUsingVersion("GET", "/images/json", "1.6", nil, eng, t)
-	if !called {
-		t.Fatal("handler was not called")
-	}
-	assertHttpNotError(r, t)
-	assertContentType(r, "application/json", t)
-	images := engine.NewTable("Created", 0)
-	if _, err := images.ReadListFrom(r.Body.Bytes()); err != nil {
-		t.Fatal(err)
-	}
-	if images.Len() != 1 {
-		t.Fatalf("Expected 1 image, %d found", images.Len())
-	}
-	image := images.Data[0]
-	if image.Get("Tag") != "test-tag" {
-		t.Errorf("Expected tag 'test-tag', found '%s'", image.Get("Tag"))
-	}
-	if image.Get("Repository") != "test-name" {
-		t.Errorf("Expected repository 'test-name', found '%s'", image.Get("Repository"))
-	}
-}
-
-func TestGetContainersByName(t *testing.T) {
-	eng := engine.New()
-	name := "container_name"
-	var called bool
-	eng.Register("container_inspect", func(job *engine.Job) engine.Status {
-		called = true
-		if job.Args[0] != name {
-			t.Errorf("name != '%s': %#v", name, job.Args[0])
-		}
-		if api.APIVERSION.LessThan("1.12") && !job.GetenvBool("dirty") {
-			t.Errorf("dirty env variable not set")
-		} else if api.APIVERSION.GreaterThanOrEqualTo("1.12") && job.GetenvBool("dirty") {
-			t.Errorf("dirty env variable set when it shouldn't")
-		}
-		v := &engine.Env{}
-		v.SetBool("dirty", true)
-		if _, err := v.WriteTo(job.Stdout); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	})
-	r := serveRequest("GET", "/containers/"+name+"/json", nil, eng, t)
-	if !called {
-		t.Fatal("handler was not called")
-	}
-	assertContentType(r, "application/json", t)
-	var stdoutJson interface{}
-	if err := json.Unmarshal(r.Body.Bytes(), &stdoutJson); err != nil {
-		t.Fatalf("%#v", err)
-	}
-	if stdoutJson.(map[string]interface{})["dirty"].(float64) != 1 {
-		t.Fatalf("%#v", stdoutJson)
-	}
-}
-
-func TestGetEvents(t *testing.T) {
-	eng := engine.New()
-	var called bool
-	eng.Register("events", func(job *engine.Job) engine.Status {
-		called = true
-		since := job.Getenv("since")
-		if since != "1" {
-			t.Fatalf("'since' should be 1, found %#v instead", since)
-		}
-		until := job.Getenv("until")
-		if until != "0" {
-			t.Fatalf("'until' should be 0, found %#v instead", until)
-		}
-		v := &engine.Env{}
-		v.Set("since", since)
-		v.Set("until", until)
-		if _, err := v.WriteTo(job.Stdout); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	})
-	r := serveRequest("GET", "/events?since=1&until=0", nil, eng, t)
-	if !called {
-		t.Fatal("handler was not called")
-	}
-	assertContentType(r, "application/json", t)
-	var stdout_json struct {
-		Since int
-		Until int
-	}
-	if err := json.Unmarshal(r.Body.Bytes(), &stdout_json); err != nil {
-		t.Fatal(err)
-	}
-	if stdout_json.Since != 1 {
-		t.Errorf("since != 1: %#v", stdout_json.Since)
-	}
-	if stdout_json.Until != 0 {
-		t.Errorf("until != 0: %#v", stdout_json.Until)
-	}
-}
-
-func TestLogs(t *testing.T) {
-	eng := engine.New()
-	var inspect bool
-	var logs bool
-	eng.Register("container_inspect", func(job *engine.Job) engine.Status {
-		inspect = true
-		if len(job.Args) == 0 {
-			t.Fatal("Job arguments is empty")
-		}
-		if job.Args[0] != "test" {
-			t.Fatalf("Container name %s, must be test", job.Args[0])
-		}
-		return engine.StatusOK
-	})
-	expected := "logs"
-	eng.Register("logs", func(job *engine.Job) engine.Status {
-		logs = true
-		if len(job.Args) == 0 {
-			t.Fatal("Job arguments is empty")
-		}
-		if job.Args[0] != "test" {
-			t.Fatalf("Container name %s, must be test", job.Args[0])
-		}
-		follow := job.Getenv("follow")
-		if follow != "1" {
-			t.Fatalf("follow: %s, must be 1", follow)
-		}
-		stdout := job.Getenv("stdout")
-		if stdout != "1" {
-			t.Fatalf("stdout %s, must be 1", stdout)
-		}
-		stderr := job.Getenv("stderr")
-		if stderr != "" {
-			t.Fatalf("stderr %s, must be empty", stderr)
-		}
-		timestamps := job.Getenv("timestamps")
-		if timestamps != "1" {
-			t.Fatalf("timestamps %s, must be 1", timestamps)
-		}
-		job.Stdout.Write([]byte(expected))
-		return engine.StatusOK
-	})
-	r := serveRequest("GET", "/containers/test/logs?follow=1&stdout=1&timestamps=1", nil, eng, t)
-	if r.Code != http.StatusOK {
-		t.Fatalf("Got status %d, expected %d", r.Code, http.StatusOK)
-	}
-	if !inspect {
-		t.Fatal("container_inspect job was not called")
-	}
-	if !logs {
-		t.Fatal("logs job was not called")
-	}
-	res := r.Body.String()
-	if res != expected {
-		t.Fatalf("Output %s, expected %s", res, expected)
-	}
-}
-
-func TestLogsNoStreams(t *testing.T) {
-	eng := engine.New()
-	var inspect bool
-	var logs bool
-	eng.Register("container_inspect", func(job *engine.Job) engine.Status {
-		inspect = true
-		if len(job.Args) == 0 {
-			t.Fatal("Job arguments is empty")
-		}
-		if job.Args[0] != "test" {
-			t.Fatalf("Container name %s, must be test", job.Args[0])
-		}
-		return engine.StatusOK
-	})
-	eng.Register("logs", func(job *engine.Job) engine.Status {
-		logs = true
-		return engine.StatusOK
-	})
-	r := serveRequest("GET", "/containers/test/logs", nil, eng, t)
-	if r.Code != http.StatusBadRequest {
-		t.Fatalf("Got status %d, expected %d", r.Code, http.StatusBadRequest)
-	}
-	if inspect {
-		t.Fatal("container_inspect job was called, but it shouldn't")
-	}
-	if logs {
-		t.Fatal("logs job was called, but it shouldn't")
-	}
-	res := strings.TrimSpace(r.Body.String())
-	expected := "Bad parameters: you must choose at least one stream"
-	if !strings.Contains(res, expected) {
-		t.Fatalf("Output %s, expected %s in it", res, expected)
-	}
-}
-
-func TestGetImagesHistory(t *testing.T) {
-	eng := engine.New()
-	imageName := "docker-test-image"
-	var called bool
-	eng.Register("history", func(job *engine.Job) engine.Status {
-		called = true
-		if len(job.Args) == 0 {
-			t.Fatal("Job arguments is empty")
-		}
-		if job.Args[0] != imageName {
-			t.Fatalf("name != '%s': %#v", imageName, job.Args[0])
-		}
-		v := &engine.Env{}
-		if _, err := v.WriteTo(job.Stdout); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	})
-	r := serveRequest("GET", "/images/"+imageName+"/history", nil, eng, t)
-	if !called {
-		t.Fatalf("handler was not called")
-	}
-	if r.Code != http.StatusOK {
-		t.Fatalf("Got status %d, expected %d", r.Code, http.StatusOK)
-	}
-	if r.HeaderMap.Get("Content-Type") != "application/json" {
-		t.Fatalf("%#v\n", r)
-	}
-}
-
-func TestGetImagesByName(t *testing.T) {
-	eng := engine.New()
-	name := "image_name"
-	var called bool
-	eng.Register("image_inspect", func(job *engine.Job) engine.Status {
-		called = true
-		if job.Args[0] != name {
-			t.Fatalf("name != '%s': %#v", name, job.Args[0])
-		}
-		if api.APIVERSION.LessThan("1.12") && !job.GetenvBool("dirty") {
-			t.Fatal("dirty env variable not set")
-		} else if api.APIVERSION.GreaterThanOrEqualTo("1.12") && job.GetenvBool("dirty") {
-			t.Fatal("dirty env variable set when it shouldn't")
-		}
-		v := &engine.Env{}
-		v.SetBool("dirty", true)
-		if _, err := v.WriteTo(job.Stdout); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	})
-	r := serveRequest("GET", "/images/"+name+"/json", nil, eng, t)
-	if !called {
-		t.Fatal("handler was not called")
-	}
-	if r.HeaderMap.Get("Content-Type") != "application/json" {
-		t.Fatalf("%#v\n", r)
-	}
-	var stdoutJson interface{}
-	if err := json.Unmarshal(r.Body.Bytes(), &stdoutJson); err != nil {
-		t.Fatalf("%#v", err)
-	}
-	if stdoutJson.(map[string]interface{})["dirty"].(float64) != 1 {
-		t.Fatalf("%#v", stdoutJson)
-	}
-}
-
-func TestDeleteContainers(t *testing.T) {
-	eng := engine.New()
-	name := "foo"
-	var called bool
-	eng.Register("rm", func(job *engine.Job) engine.Status {
-		called = true
-		if len(job.Args) == 0 {
-			t.Fatalf("Job arguments is empty")
-		}
-		if job.Args[0] != name {
-			t.Fatalf("name != '%s': %#v", name, job.Args[0])
-		}
-		return engine.StatusOK
-	})
-	r := serveRequest("DELETE", "/containers/"+name, nil, eng, t)
-	if !called {
-		t.Fatalf("handler was not called")
-	}
-	if r.Code != http.StatusNoContent {
-		t.Fatalf("Got status %d, expected %d", r.Code, http.StatusNoContent)
-	}
-}
-
-func serveRequest(method, target string, body io.Reader, eng *engine.Engine, t *testing.T) *httptest.ResponseRecorder {
-	return serveRequestUsingVersion(method, target, api.APIVERSION, body, eng, t)
-}
-
-func serveRequestUsingVersion(method, target string, version version.Version, body io.Reader, eng *engine.Engine, t *testing.T) *httptest.ResponseRecorder {
-	r := httptest.NewRecorder()
-	req, err := http.NewRequest(method, target, body)
-	if err != nil {
-		t.Fatal(err)
-	}
-	ServeRequest(eng, version, r, req)
-	return r
-}
-
-func readEnv(src io.Reader, t *testing.T) *engine.Env {
-	out := engine.NewOutput()
-	v, err := out.AddEnv()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := io.Copy(out, src); err != nil {
-		t.Fatal(err)
-	}
-	out.Close()
-	return v
-}
-
-func toJson(data interface{}, t *testing.T) io.Reader {
-	var buf bytes.Buffer
-	if err := json.NewEncoder(&buf).Encode(data); err != nil {
-		t.Fatal(err)
-	}
-	return &buf
-}
-
-func assertContentType(recorder *httptest.ResponseRecorder, content_type string, t *testing.T) {
-	if recorder.HeaderMap.Get("Content-Type") != content_type {
-		t.Fatalf("%#v\n", recorder)
-	}
-}
-
-// XXX: Duplicated from integration/utils_test.go, but maybe that's OK as that
-// should die as soon as we converted all integration tests?
-// assertHttpNotError expect the given response to not have an error.
-// Otherwise the it causes the test to fail.
-func assertHttpNotError(r *httptest.ResponseRecorder, t *testing.T) {
-	// Non-error http status are [200, 400)
-	if r.Code < http.StatusOK || r.Code >= http.StatusBadRequest {
-		t.Fatal(fmt.Errorf("Unexpected http error: %v", r.Code))
-	}
-}
-
-func createEnvFromGetImagesJSONStruct(data getImagesJSONStruct) *engine.Env {
-	v := &engine.Env{}
-	v.SetList("RepoTags", data.RepoTags)
-	v.Set("Id", data.Id)
-	v.SetInt64("Created", data.Created)
-	v.SetInt64("Size", data.Size)
-	v.SetInt64("VirtualSize", data.VirtualSize)
-	return v
-}
-
-type getImagesJSONStruct struct {
-	RepoTags    []string
-	Id          string
-	Created     int64
-	Size        int64
-	VirtualSize int64
-}
-
-var sampleImage getImagesJSONStruct = getImagesJSONStruct{
-	RepoTags:    []string{"test-name:test-tag"},
-	Id:          "ID",
-	Created:     999,
-	Size:        777,
-	VirtualSize: 666,
-}

api/server/server_windows.go

@@ -3,29 +3,48 @@
 package server
 
 import (
-	"fmt"
+	"errors"
+	"net"
+	"net/http"
 
-	"github.com/docker/docker/engine"
+	"github.com/docker/docker/daemon"
 )
 
 // NewServer sets up the required Server and does protocol specific checking.
-func NewServer(proto, addr string, job *engine.Job) (Server, error) {
-	// Basic error and sanity checking
+func (s *Server) newServer(proto, addr string) (serverCloser, error) {
+	var (
+		err error
+		l   net.Listener
+	)
 	switch proto {
 	case "tcp":
-		return setupTcpHttp(addr, job)
+		l, err = s.initTcpSocket(addr)
+		if err != nil {
+			return nil, err
+		}
+
 	default:
 		return nil, errors.New("Invalid protocol format. Windows only supports tcp.")
 	}
+	return &HttpServer{
+		&http.Server{
+			Addr:    addr,
+			Handler: s.router,
+		},
+		l,
+	}, nil
 }
 
-// Called through eng.Job("acceptconnections")
-func AcceptConnections(job *engine.Job) engine.Status {
-
+func (s *Server) AcceptConnections(d *daemon.Daemon) {
+	s.daemon = d
 	// close the lock so the listeners start accepting connections
-	if activationLock != nil {
-		close(activationLock)
+	select {
+	case <-s.start:
+	default:
+		close(s.start)
 	}
-
-	return engine.StatusOK
+}
+
+func allocateDaemonPort(addr string) error {
+	return nil
 }

api/types/stats.go

@@ -81,6 +81,7 @@ type Network struct {
 type Stats struct {
 	Read        time.Time   `json:"read"`
 	Network     Network     `json:"network,omitempty"`
+	PreCpuStats CpuStats    `json:"precpu_stats,omitempty"`
 	CpuStats    CpuStats    `json:"cpu_stats,omitempty"`
 	MemoryStats MemoryStats `json:"memory_stats,omitempty"`
 	BlkioStats  BlkioStats  `json:"blkio_stats,omitempty"`

api/types/types.go

@@ -1,5 +1,13 @@
 package types
 
+import (
+	"time"
+
+	"github.com/docker/docker/daemon/network"
+	"github.com/docker/docker/pkg/version"
+	"github.com/docker/docker/runconfig"
+)
+
 // ContainerCreateResponse contains the information returned to a client on the
 // creation of a new container.
 type ContainerCreateResponse struct {
@@ -9,3 +17,226 @@ type ContainerCreateResponse struct {
 	// Warnings are any warnings encountered during the creation of the container.
 	Warnings []string `json:"Warnings"`
 }
+
+// POST /containers/{name:.*}/exec
+type ContainerExecCreateResponse struct {
+	// ID is the exec ID.
+	ID string `json:"Id"`
+}
+
+// POST /auth
+type AuthResponse struct {
+	// Status is the authentication status
+	Status string `json:"Status"`
+}
+
+// POST "/containers/"+containerID+"/wait"
+type ContainerWaitResponse struct {
+	// StatusCode is the status code of the wait job
+	StatusCode int `json:"StatusCode"`
+}
+
+// POST "/commit?container="+containerID
+type ContainerCommitResponse struct {
+	ID string `json:"Id"`
+}
+
+// GET "/containers/{name:.*}/changes"
+type ContainerChange struct {
+	Kind int
+	Path string
+}
+
+// GET "/images/{name:.*}/history"
+type ImageHistory struct {
+	ID        string `json:"Id"`
+	Created   int64
+	CreatedBy string
+	Tags      []string
+	Size      int64
+	Comment   string
+}
+
+// DELETE "/images/{name:.*}"
+type ImageDelete struct {
+	Untagged string `json:",omitempty"`
+	Deleted  string `json:",omitempty"`
+}
+
+// GET "/images/json"
+type Image struct {
+	ID          string `json:"Id"`
+	ParentId    string
+	RepoTags    []string
+	RepoDigests []string
+	Created     int
+	Size        int
+	VirtualSize int
+	Labels      map[string]string
+}
+
+// GET "/images/{name:.*}/json"
+type ImageInspect struct {
+	Id              string
+	Parent          string
+	Comment         string
+	Created         time.Time
+	Container       string
+	ContainerConfig *runconfig.Config
+	DockerVersion   string
+	Author          string
+	Config          *runconfig.Config
+	Architecture    string
+	Os              string
+	Size            int64
+	VirtualSize     int64
+}
+
+// GET  "/containers/json"
+type Port struct {
+	IP          string `json:",omitempty"`
+	PrivatePort int
+	PublicPort  int `json:",omitempty"`
+	Type        string
+}
+
+type Container struct {
+	ID         string `json:"Id"`
+	Names      []string
+	Image      string
+	Command    string
+	Created    int
+	Ports      []Port
+	SizeRw     int `json:",omitempty"`
+	SizeRootFs int `json:",omitempty"`
+	Labels     map[string]string
+	Status     string
+}
+
+// POST "/containers/"+containerID+"/copy"
+type CopyConfig struct {
+	Resource string
+}
+
+// GET "/containers/{name:.*}/top"
+type ContainerProcessList struct {
+	Processes [][]string
+	Titles    []string
+}
+
+type Version struct {
+	Version       string
+	ApiVersion    version.Version
+	GitCommit     string
+	GoVersion     string
+	Os            string
+	Arch          string
+	KernelVersion string `json:",omitempty"`
+	Experimental  bool   `json:",omitempty"`
+}
+
+// GET "/info"
+type Info struct {
+	ID                 string
+	Containers         int
+	Images             int
+	Driver             string
+	DriverStatus       [][2]string
+	MemoryLimit        bool
+	SwapLimit          bool
+	CpuCfsPeriod       bool
+	CpuCfsQuota        bool
+	IPv4Forwarding     bool
+	Debug              bool
+	NFd                int
+	OomKillDisable     bool
+	NGoroutines        int
+	SystemTime         string
+	ExecutionDriver    string
+	LoggingDriver      string
+	NEventsListener    int
+	KernelVersion      string
+	OperatingSystem    string
+	IndexServerAddress string
+	RegistryConfig     interface{}
+	InitSha1           string
+	InitPath           string
+	NCPU               int
+	MemTotal           int64
+	DockerRootDir      string
+	HttpProxy          string
+	HttpsProxy         string
+	NoProxy            string
+	Name               string
+	Labels             []string
+	ExperimentalBuild  bool
+}
+
+// This struct is a temp struct used by execStart
+// Config fields is part of ExecConfig in runconfig package
+type ExecStartCheck struct {
+	// ExecStart will first check if it's detached
+	Detach bool
+	// Check if there's a tty
+	Tty bool
+}
+
+type ContainerState struct {
+	Running    bool
+	Paused     bool
+	Restarting bool
+	OOMKilled  bool
+	Dead       bool
+	Pid        int
+	ExitCode   int
+	Error      string
+	StartedAt  time.Time
+	FinishedAt time.Time
+}
+
+// GET "/containers/{name:.*}/json"
+type ContainerJSONBase struct {
+	Id              string
+	Created         time.Time
+	Path            string
+	Args            []string
+	State           *ContainerState
+	Image           string
+	NetworkSettings *network.Settings
+	ResolvConfPath  string
+	HostnamePath    string
+	HostsPath       string
+	LogPath         string
+	Name            string
+	RestartCount    int
+	Driver          string
+	ExecDriver      string
+	MountLabel      string
+	ProcessLabel    string
+	Volumes         map[string]string
+	VolumesRW       map[string]bool
+	AppArmorProfile string
+	ExecIDs         []string
+	HostConfig      *runconfig.HostConfig
+}
+
+type ContainerJSON struct {
+	*ContainerJSONBase
+	Config *runconfig.Config
+}
+
+// backcompatibility struct along with ContainerConfig
+type ContainerJSONRaw struct {
+	*ContainerJSONBase
+	Config *ContainerConfig
+}
+
+type ContainerConfig struct {
+	*runconfig.Config
+
+	// backward compatibility, they now live in HostConfig
+	Memory     int64
+	MemorySwap int64
+	CpuShares  int64
+	Cpuset     string
+}

builder/bflag.go

@@ -0,0 +1,155 @@
+package builder
+
+import (
+	"fmt"
+	"strings"
+)
+
+type FlagType int
+
+const (
+	boolType FlagType = iota
+	stringType
+)
+
+type BuilderFlags struct {
+	Args  []string // actual flags/args from cmd line
+	flags map[string]*Flag
+	used  map[string]*Flag
+	Err   error
+}
+
+type Flag struct {
+	bf       *BuilderFlags
+	name     string
+	flagType FlagType
+	Value    string
+}
+
+func NewBuilderFlags() *BuilderFlags {
+	return &BuilderFlags{
+		flags: make(map[string]*Flag),
+		used:  make(map[string]*Flag),
+	}
+}
+
+func (bf *BuilderFlags) AddBool(name string, def bool) *Flag {
+	flag := bf.addFlag(name, boolType)
+	if flag == nil {
+		return nil
+	}
+	if def {
+		flag.Value = "true"
+	} else {
+		flag.Value = "false"
+	}
+	return flag
+}
+
+func (bf *BuilderFlags) AddString(name string, def string) *Flag {
+	flag := bf.addFlag(name, stringType)
+	if flag == nil {
+		return nil
+	}
+	flag.Value = def
+	return flag
+}
+
+func (bf *BuilderFlags) addFlag(name string, flagType FlagType) *Flag {
+	if _, ok := bf.flags[name]; ok {
+		bf.Err = fmt.Errorf("Duplicate flag defined: %s", name)
+		return nil
+	}
+
+	newFlag := &Flag{
+		bf:       bf,
+		name:     name,
+		flagType: flagType,
+	}
+	bf.flags[name] = newFlag
+
+	return newFlag
+}
+
+func (fl *Flag) IsUsed() bool {
+	if _, ok := fl.bf.used[fl.name]; ok {
+		return true
+	}
+	return false
+}
+
+func (fl *Flag) IsTrue() bool {
+	if fl.flagType != boolType {
+		// Should never get here
+		panic(fmt.Errorf("Trying to use IsTrue on a non-boolean: %s", fl.name))
+	}
+	return fl.Value == "true"
+}
+
+func (bf *BuilderFlags) Parse() error {
+	// If there was an error while defining the possible flags
+	// go ahead and bubble it back up here since we didn't do it
+	// earlier in the processing
+	if bf.Err != nil {
+		return fmt.Errorf("Error setting up flags: %s", bf.Err)
+	}
+
+	for _, arg := range bf.Args {
+		if !strings.HasPrefix(arg, "--") {
+			return fmt.Errorf("Arg should start with -- : %s", arg)
+		}
+
+		if arg == "--" {
+			return nil
+		}
+
+		arg = arg[2:]
+		value := ""
+
+		index := strings.Index(arg, "=")
+		if index >= 0 {
+			value = arg[index+1:]
+			arg = arg[:index]
+		}
+
+		flag, ok := bf.flags[arg]
+		if !ok {
+			return fmt.Errorf("Unknown flag: %s", arg)
+		}
+
+		if _, ok = bf.used[arg]; ok {
+			return fmt.Errorf("Duplicate flag specified: %s", arg)
+		}
+
+		bf.used[arg] = flag
+
+		switch flag.flagType {
+		case boolType:
+			// value == "" is only ok if no "=" was specified
+			if index >= 0 && value == "" {
+				return fmt.Errorf("Missing a value on flag: %s", arg)
+			}
+
+			lower := strings.ToLower(value)
+			if lower == "" {
+				flag.Value = "true"
+			} else if lower == "true" || lower == "false" {
+				flag.Value = lower
+			} else {
+				return fmt.Errorf("Expecting boolean value for flag %s, not: %s", arg, value)
+			}
+
+		case stringType:
+			if index < 0 {
+				return fmt.Errorf("Missing a value on flag: %s", arg)
+			}
+			flag.Value = value
+
+		default:
+			panic(fmt.Errorf("No idea what kind of flag we have! Should never get here!"))
+		}
+
+	}
+
+	return nil
+}

builder/bflag_test.go

@@ -0,0 +1,187 @@
+package builder
+
+import (
+	"testing"
+)
+
+func TestBuilderFlags(t *testing.T) {
+	var expected string
+	var err error
+
+	// ---
+
+	bf := NewBuilderFlags()
+	bf.Args = []string{}
+	if err := bf.Parse(); err != nil {
+		t.Fatalf("Test1 of %q was supposed to work: %s", bf.Args, err)
+	}
+
+	// ---
+
+	bf = NewBuilderFlags()
+	bf.Args = []string{"--"}
+	if err := bf.Parse(); err != nil {
+		t.Fatalf("Test2 of %q was supposed to work: %s", bf.Args, err)
+	}
+
+	// ---
+
+	bf = NewBuilderFlags()
+	flStr1 := bf.AddString("str1", "")
+	flBool1 := bf.AddBool("bool1", false)
+	bf.Args = []string{}
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test3 of %q was supposed to work: %s", bf.Args, err)
+	}
+
+	if flStr1.IsUsed() == true {
+		t.Fatalf("Test3 - str1 was not used!")
+	}
+	if flBool1.IsUsed() == true {
+		t.Fatalf("Test3 - bool1 was not used!")
+	}
+
+	// ---
+
+	bf = NewBuilderFlags()
+	flStr1 = bf.AddString("str1", "HI")
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test4 of %q was supposed to work: %s", bf.Args, err)
+	}
+
+	if flStr1.Value != "HI" {
+		t.Fatalf("Str1 was supposed to default to: HI")
+	}
+	if flBool1.IsTrue() {
+		t.Fatalf("Bool1 was supposed to default to: false")
+	}
+	if flStr1.IsUsed() == true {
+		t.Fatalf("Str1 was not used!")
+	}
+	if flBool1.IsUsed() == true {
+		t.Fatalf("Bool1 was not used!")
+	}
+
+	// ---
+
+	bf = NewBuilderFlags()
+	flStr1 = bf.AddString("str1", "HI")
+	bf.Args = []string{"--str1"}
+
+	if err = bf.Parse(); err == nil {
+		t.Fatalf("Test %q was supposed to fail", bf.Args)
+	}
+
+	// ---
+
+	bf = NewBuilderFlags()
+	flStr1 = bf.AddString("str1", "HI")
+	bf.Args = []string{"--str1="}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
+	}
+
+	expected = ""
+	if flStr1.Value != expected {
+		t.Fatalf("Str1 (%q) should be: %q", flStr1.Value, expected)
+	}
+
+	// ---
+
+	bf = NewBuilderFlags()
+	flStr1 = bf.AddString("str1", "HI")
+	bf.Args = []string{"--str1=BYE"}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
+	}
+
+	expected = "BYE"
+	if flStr1.Value != expected {
+		t.Fatalf("Str1 (%q) should be: %q", flStr1.Value, expected)
+	}
+
+	// ---
+
+	bf = NewBuilderFlags()
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{"--bool1"}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
+	}
+
+	if !flBool1.IsTrue() {
+		t.Fatalf("Test-b1 Bool1 was supposed to be true")
+	}
+
+	// ---
+
+	bf = NewBuilderFlags()
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{"--bool1=true"}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
+	}
+
+	if !flBool1.IsTrue() {
+		t.Fatalf("Test-b2 Bool1 was supposed to be true")
+	}
+
+	// ---
+
+	bf = NewBuilderFlags()
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{"--bool1=false"}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
+	}
+
+	if flBool1.IsTrue() {
+		t.Fatalf("Test-b3 Bool1 was supposed to be false")
+	}
+
+	// ---
+
+	bf = NewBuilderFlags()
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{"--bool1=false1"}
+
+	if err = bf.Parse(); err == nil {
+		t.Fatalf("Test %q was supposed to fail", bf.Args)
+	}
+
+	// ---
+
+	bf = NewBuilderFlags()
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{"--bool2"}
+
+	if err = bf.Parse(); err == nil {
+		t.Fatalf("Test %q was supposed to fail", bf.Args)
+	}
+
+	// ---
+
+	bf = NewBuilderFlags()
+	flStr1 = bf.AddString("str1", "HI")
+	flBool1 = bf.AddBool("bool1", false)
+	bf.Args = []string{"--bool1", "--str1=BYE"}
+
+	if err = bf.Parse(); err != nil {
+		t.Fatalf("Test %q was supposed to work: %s", bf.Args, err)
+	}
+
+	if flStr1.Value != "BYE" {
+		t.Fatalf("Teset %s, str1 should be BYE", bf.Args)
+	}
+	if !flBool1.IsTrue() {
+		t.Fatalf("Teset %s, bool1 should be true", bf.Args)
+	}
+}

builder/command/command.go

@@ -16,7 +16,6 @@ const (
 	Expose     = "expose"
 	Volume     = "volume"
 	User       = "user"
-	Insert     = "insert"
 )
 
 // Commands is list of all Dockerfile commands
@@ -35,5 +34,4 @@ var Commands = map[string]struct{}{
 	Expose:     {},
 	Volume:     {},
 	User:       {},
-	Insert:     {},
 }

builder/dispatchers.go

@@ -12,10 +12,11 @@ import (
 	"io/ioutil"
 	"path/filepath"
 	"regexp"
+	"runtime"
 	"sort"
 	"strings"
 
-	log "github.com/Sirupsen/logrus"
+	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/nat"
 	flag "github.com/docker/docker/pkg/mflag"
 	"github.com/docker/docker/runconfig"
@@ -38,6 +39,9 @@ func nullDispatch(b *Builder, args []string, attributes map[string]bool, origina
 // in the dockerfile available from the next statement on via ${foo}.
 //
 func env(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if runtime.GOOS == "windows" {
+		return fmt.Errorf("ENV is not supported on Windows.")
+	}
 	if len(args) == 0 {
 		return fmt.Errorf("ENV requires at least one argument")
 	}
@@ -47,6 +51,26 @@ func env(b *Builder, args []string, attributes map[string]bool, original string)
 		return fmt.Errorf("Bad input to ENV, too many args")
 	}
 
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
+	// TODO/FIXME/NOT USED
+	// Just here to show how to use the builder flags stuff within the
+	// context of a builder command. Will remove once we actually add
+	// a builder command to something!
+	/*
+		flBool1 := b.BuilderFlags.AddBool("bool1", false)
+		flStr1 := b.BuilderFlags.AddString("str1", "HI")
+
+		if err := b.BuilderFlags.Parse(); err != nil {
+			return err
+		}
+
+		fmt.Printf("Bool1:%v\n", flBool1)
+		fmt.Printf("Str1:%v\n", flStr1)
+	*/
+
 	commitStr := "ENV"
 
 	for j := 0; j < len(args); j++ {
@@ -81,6 +105,10 @@ func maintainer(b *Builder, args []string, attributes map[string]bool, original
 		return fmt.Errorf("MAINTAINER requires exactly one argument")
 	}
 
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
 	b.maintainer = args[0]
 	return b.commit("", b.Config.Cmd, fmt.Sprintf("MAINTAINER %s", b.maintainer))
 }
@@ -98,6 +126,10 @@ func label(b *Builder, args []string, attributes map[string]bool, original strin
 		return fmt.Errorf("Bad input to LABEL, too many args")
 	}
 
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
 	commitStr := "LABEL"
 
 	if b.Config.Labels == nil {
@@ -126,6 +158,10 @@ func add(b *Builder, args []string, attributes map[string]bool, original string)
 		return fmt.Errorf("ADD requires at least two arguments")
 	}
 
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
 	return b.runContextCommand(args, true, true, "ADD")
 }
 
@@ -138,6 +174,10 @@ func dispatchCopy(b *Builder, args []string, attributes map[string]bool, origina
 		return fmt.Errorf("COPY requires at least two arguments")
 	}
 
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
 	return b.runContextCommand(args, false, false, "COPY")
 }
 
@@ -150,6 +190,10 @@ func from(b *Builder, args []string, attributes map[string]bool, original string
 		return fmt.Errorf("FROM requires one argument")
 	}
 
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
 	name := args[0]
 
 	if name == NoBaseImageSpecifier {
@@ -166,12 +210,12 @@ func from(b *Builder, args []string, attributes map[string]bool, original string
 		}
 	}
 	if err != nil {
-		if b.Daemon.Graph().IsNotExist(err) {
+		if b.Daemon.Graph().IsNotExist(err, name) {
 			image, err = b.pullImage(name)
 		}
 
 		// note that the top level err will still be !nil here if IsNotExist is
-		// not the error. This approach just simplifies hte logic a bit.
+		// not the error. This approach just simplifies the logic a bit.
 		if err != nil {
 			return err
 		}
@@ -194,6 +238,10 @@ func onbuild(b *Builder, args []string, attributes map[string]bool, original str
 		return fmt.Errorf("ONBUILD requires at least one argument")
 	}
 
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
 	triggerInstruction := strings.ToUpper(strings.TrimSpace(args[0]))
 	switch triggerInstruction {
 	case "ONBUILD":
@@ -217,6 +265,10 @@ func workdir(b *Builder, args []string, attributes map[string]bool, original str
 		return fmt.Errorf("WORKDIR requires exactly one argument")
 	}
 
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
 	workdir := args[0]
 
 	if !filepath.IsAbs(workdir) {
@@ -231,10 +283,11 @@ func workdir(b *Builder, args []string, attributes map[string]bool, original str
 // RUN some command yo
 //
 // run a command and commit the image. Args are automatically prepended with
-// 'sh -c' in the event there is only one argument. The difference in
-// processing:
+// 'sh -c' under linux or 'cmd /S /C' under Windows, in the event there is
+// only one argument. The difference in processing:
 //
-// RUN echo hi          # sh -c echo hi
+// RUN echo hi          # sh -c echo hi       (Linux)
+// RUN echo hi          # cmd /S /C echo hi   (Windows)
 // RUN [ "echo", "hi" ] # echo hi
 //
 func run(b *Builder, args []string, attributes map[string]bool, original string) error {
@@ -242,10 +295,18 @@ func run(b *Builder, args []string, attributes map[string]bool, original string)
 		return fmt.Errorf("Please provide a source image with `from` prior to run")
 	}
 
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
 	args = handleJsonArgs(args, attributes)
 
 	if !attributes["json"] {
-		args = append([]string{"/bin/sh", "-c"}, args...)
+		if runtime.GOOS != "windows" {
+			args = append([]string{"/bin/sh", "-c"}, args...)
+		} else {
+			args = append([]string{"cmd", "/S /C"}, args...)
+		}
 	}
 
 	runCmd := flag.NewFlagSet("run", flag.ContinueOnError)
@@ -262,9 +323,9 @@ func run(b *Builder, args []string, attributes map[string]bool, original string)
 	b.Config.Cmd = config.Cmd
 	runconfig.Merge(b.Config, config)
 
-	defer func(cmd []string) { b.Config.Cmd = cmd }(cmd)
+	defer func(cmd *runconfig.Command) { b.Config.Cmd = cmd }(cmd)
 
-	log.Debugf("[BUILDER] Command to be executed: %v", b.Config.Cmd)
+	logrus.Debugf("[BUILDER] Command to be executed: %v", b.Config.Cmd)
 
 	hit, err := b.probeCache()
 	if err != nil {
@@ -301,13 +362,23 @@ func run(b *Builder, args []string, attributes map[string]bool, original string)
 // Argument handling is the same as RUN.
 //
 func cmd(b *Builder, args []string, attributes map[string]bool, original string) error {
-	b.Config.Cmd = handleJsonArgs(args, attributes)
-
-	if !attributes["json"] {
-		b.Config.Cmd = append([]string{"/bin/sh", "-c"}, b.Config.Cmd...)
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
 	}
 
-	if err := b.commit("", b.Config.Cmd, fmt.Sprintf("CMD %q", b.Config.Cmd)); err != nil {
+	cmdSlice := handleJsonArgs(args, attributes)
+
+	if !attributes["json"] {
+		if runtime.GOOS != "windows" {
+			cmdSlice = append([]string{"/bin/sh", "-c"}, cmdSlice...)
+		} else {
+			cmdSlice = append([]string{"cmd", "/S /C"}, cmdSlice...)
+		}
+	}
+
+	b.Config.Cmd = runconfig.NewCommand(cmdSlice...)
+
+	if err := b.commit("", b.Config.Cmd, fmt.Sprintf("CMD %q", cmdSlice)); err != nil {
 		return err
 	}
 
@@ -320,25 +391,33 @@ func cmd(b *Builder, args []string, attributes map[string]bool, original string)
 
 // ENTRYPOINT /usr/sbin/nginx
 //
-// Set the entrypoint (which defaults to sh -c) to /usr/sbin/nginx. Will
-// accept the CMD as the arguments to /usr/sbin/nginx.
+// Set the entrypoint (which defaults to sh -c on linux, or cmd /S /C on Windows) to
+// /usr/sbin/nginx. Will accept the CMD as the arguments to /usr/sbin/nginx.
 //
 // Handles command processing similar to CMD and RUN, only b.Config.Entrypoint
 // is initialized at NewBuilder time instead of through argument parsing.
 //
 func entrypoint(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
 	parsed := handleJsonArgs(args, attributes)
 
 	switch {
 	case attributes["json"]:
 		// ENTRYPOINT ["echo", "hi"]
-		b.Config.Entrypoint = parsed
+		b.Config.Entrypoint = runconfig.NewEntrypoint(parsed...)
 	case len(parsed) == 0:
 		// ENTRYPOINT []
 		b.Config.Entrypoint = nil
 	default:
 		// ENTRYPOINT echo hi
-		b.Config.Entrypoint = []string{"/bin/sh", "-c", parsed[0]}
+		if runtime.GOOS != "windows" {
+			b.Config.Entrypoint = runconfig.NewEntrypoint("/bin/sh", "-c", parsed[0])
+		} else {
+			b.Config.Entrypoint = runconfig.NewEntrypoint("cmd", "/S /C", parsed[0])
+		}
 	}
 
 	// when setting the entrypoint if a CMD was not explicitly set then
@@ -366,6 +445,10 @@ func expose(b *Builder, args []string, attributes map[string]bool, original stri
 		return fmt.Errorf("EXPOSE requires at least one argument")
 	}
 
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
 	if b.Config.ExposedPorts == nil {
 		b.Config.ExposedPorts = make(nat.PortSet)
 	}
@@ -406,10 +489,18 @@ func expose(b *Builder, args []string, attributes map[string]bool, original stri
 // ENTRYPOINT/CMD at container run time.
 //
 func user(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if runtime.GOOS == "windows" {
+		return fmt.Errorf("USER is not supported on Windows.")
+	}
+
 	if len(args) != 1 {
 		return fmt.Errorf("USER requires exactly one argument")
 	}
 
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
 	b.Config.User = args[0]
 	return b.commit("", b.Config.Cmd, fmt.Sprintf("USER %v", args))
 }
@@ -419,10 +510,17 @@ func user(b *Builder, args []string, attributes map[string]bool, original string
 // Expose the volume /foo for use. Will also accept the JSON array form.
 //
 func volume(b *Builder, args []string, attributes map[string]bool, original string) error {
+	if runtime.GOOS == "windows" {
+		return fmt.Errorf("VOLUME is not supported on Windows.")
+	}
 	if len(args) == 0 {
 		return fmt.Errorf("VOLUME requires at least one argument")
 	}
 
+	if err := b.BuilderFlags.Parse(); err != nil {
+		return err
+	}
+
 	if b.Config.Volumes == nil {
 		b.Config.Volumes = map[string]struct{}{}
 	}
@@ -438,8 +536,3 @@ func volume(b *Builder, args []string, attributes map[string]bool, original stri
 	}
 	return nil
 }
-
-// INSERT is no longer accepted, but we still parse it.
-func insert(b *Builder, args []string, attributes map[string]bool, original string) error {
-	return fmt.Errorf("INSERT has been deprecated. Please use ADD instead")
-}

builder/evaluator.go

@@ -1,4 +1,4 @@
-// builder is the evaluation step in the Dockerfile parse/evaluate pipeline.
+// Package builder is the evaluation step in the Dockerfile parse/evaluate pipeline.
 //
 // It incorporates a dispatch table based on the parser.Node values (see the
 // parser package for more information) that are yielded from the parser itself.
@@ -20,32 +20,27 @@
 package builder
 
 import (
-	"errors"
 	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"strings"
 
-	log "github.com/Sirupsen/logrus"
+	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/builder/command"
 	"github.com/docker/docker/builder/parser"
+	"github.com/docker/docker/cliconfig"
 	"github.com/docker/docker/daemon"
-	"github.com/docker/docker/engine"
-	"github.com/docker/docker/pkg/common"
 	"github.com/docker/docker/pkg/fileutils"
+	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/pkg/symlink"
 	"github.com/docker/docker/pkg/tarsum"
-	"github.com/docker/docker/registry"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
 )
 
-var (
-	ErrDockerfileEmpty = errors.New("Dockerfile cannot be empty")
-)
-
 // Environment variable interpolation will happen on these statements only.
 var replaceEnvAllowed = map[string]struct{}{
 	command.Env:     {},
@@ -76,7 +71,6 @@ func init() {
 		command.Expose:     expose,
 		command.Volume:     volume,
 		command.User:       user,
-		command.Insert:     insert,
 	}
 }
 
@@ -84,7 +78,6 @@ func init() {
 // processing as it evaluates the parsing result.
 type Builder struct {
 	Daemon *daemon.Daemon
-	Engine *engine.Engine
 
 	// effectively stdio for the run. Because it is not stdio, I said
 	// "Effectively". Do not use stdio anywhere in this package for any reason.
@@ -105,12 +98,12 @@ type Builder struct {
 	// the final configs of the Dockerfile but dont want the layers
 	disableCommit bool
 
-	AuthConfig     *registry.AuthConfig
-	AuthConfigFile *registry.ConfigFile
+	AuthConfig *cliconfig.AuthConfig
+	ConfigFile *cliconfig.ConfigFile
 
 	// Deprecated, original writer used for ImagePull. To be removed.
 	OutOld          io.Writer
-	StreamFormatter *utils.StreamFormatter
+	StreamFormatter *streamformatter.StreamFormatter
 
 	Config *runconfig.Config // runconfig for cmd, run, entrypoint etc.
 
@@ -122,15 +115,20 @@ type Builder struct {
 	image          string        // image name for commit processing
 	maintainer     string        // maintainer name. could probably be removed.
 	cmdSet         bool          // indicates is CMD was set in current Dockerfile
+	BuilderFlags   *BuilderFlags // current cmd's BuilderFlags - temporary
 	context        tarsum.TarSum // the context is a tarball that is uploaded by the client
 	contextPath    string        // the path of the temporary directory the local context is unpacked to (server side)
 	noBaseImage    bool          // indicates that this build does not start from any base image, but is being built from an empty file system.
 
 	// Set resource restrictions for build containers
-	cpuSetCpus string
-	cpuShares  int64
-	memory     int64
-	memorySwap int64
+	cpuSetCpus   string
+	cpuSetMems   string
+	cpuShares    int64
+	cpuPeriod    int64
+	cpuQuota     int64
+	cgroupParent string
+	memory       int64
+	memorySwap   int64
 
 	cancelled <-chan struct{} // When closed, job was cancelled.
 }
@@ -154,7 +152,7 @@ func (b *Builder) Run(context io.Reader) (string, error) {
 
 	defer func() {
 		if err := os.RemoveAll(b.contextPath); err != nil {
-			log.Debugf("[BUILDER] failed to remove temporary context: %s", err)
+			logrus.Debugf("[BUILDER] failed to remove temporary context: %s", err)
 		}
 	}()
 
@@ -170,7 +168,7 @@ func (b *Builder) Run(context io.Reader) (string, error) {
 	for i, n := range b.dockerfile.Children {
 		select {
 		case <-b.cancelled:
-			log.Debug("Builder: build cancelled!")
+			logrus.Debug("Builder: build cancelled!")
 			fmt.Fprintf(b.OutStream, "Build cancelled")
 			return "", fmt.Errorf("Build cancelled")
 		default:
@@ -182,7 +180,7 @@ func (b *Builder) Run(context io.Reader) (string, error) {
 			}
 			return "", err
 		}
-		fmt.Fprintf(b.OutStream, " ---> %s\n", common.TruncateID(b.image))
+		fmt.Fprintf(b.OutStream, " ---> %s\n", stringid.TruncateID(b.image))
 		if b.Remove {
 			b.clearTmp()
 		}
@@ -192,7 +190,7 @@ func (b *Builder) Run(context io.Reader) (string, error) {
 		return "", fmt.Errorf("No image was generated. Is your Dockerfile empty?")
 	}
 
-	fmt.Fprintf(b.OutStream, "Successfully built %s\n", common.TruncateID(b.image))
+	fmt.Fprintf(b.OutStream, "Successfully built %s\n", stringid.TruncateID(b.image))
 	return b.image, nil
 }
 
@@ -225,7 +223,7 @@ func (b *Builder) readDockerfile() error {
 		return fmt.Errorf("Cannot locate specified Dockerfile: %s", origFile)
 	}
 	if fi.Size() == 0 {
-		return ErrDockerfileEmpty
+		return fmt.Errorf("The Dockerfile (%s) cannot be empty", origFile)
 	}
 
 	f, err := os.Open(filename)
@@ -280,9 +278,14 @@ func (b *Builder) dispatch(stepN int, ast *parser.Node) error {
 	cmd := ast.Value
 	attrs := ast.Attributes
 	original := ast.Original
+	flags := ast.Flags
 	strs := []string{}
 	msg := fmt.Sprintf("Step %d : %s", stepN, strings.ToUpper(cmd))
 
+	if len(ast.Flags) > 0 {
+		msg += " " + strings.Join(ast.Flags, " ")
+	}
+
 	if cmd == "onbuild" {
 		if ast.Next == nil {
 			return fmt.Errorf("ONBUILD requires at least one argument")
@@ -290,6 +293,11 @@ func (b *Builder) dispatch(stepN int, ast *parser.Node) error {
 		ast = ast.Next.Children[0]
 		strs = append(strs, ast.Value)
 		msg += " " + ast.Value
+
+		if len(ast.Flags) > 0 {
+			msg += " " + strings.Join(ast.Flags, " ")
+		}
+
 	}
 
 	// count the number of nodes that we are going to traverse first
@@ -329,6 +337,8 @@ func (b *Builder) dispatch(stepN int, ast *parser.Node) error {
 	// XXX yes, we skip any cmds that are not valid; the parser should have
 	// picked these out already.
 	if f, ok := evaluateTable[cmd]; ok {
+		b.BuilderFlags = NewBuilderFlags()
+		b.BuilderFlags.Args = flags
 		return f(b, strList, attrs, original)
 	}
 

builder/internals.go

@@ -19,23 +19,24 @@ import (
 	"syscall"
 	"time"
 
-	log "github.com/Sirupsen/logrus"
+	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/builder/parser"
 	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/graph"
 	imagepkg "github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/chrootarchive"
-	"github.com/docker/docker/pkg/common"
+	"github.com/docker/docker/pkg/httputils"
 	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/progressreader"
-	"github.com/docker/docker/pkg/symlink"
+	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/pkg/tarsum"
 	"github.com/docker/docker/pkg/urlutil"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/runconfig"
-	"github.com/docker/docker/utils"
 )
 
 func (b *Builder) readContext(context io.Reader) error {
@@ -61,7 +62,7 @@ func (b *Builder) readContext(context io.Reader) error {
 	return nil
 }
 
-func (b *Builder) commit(id string, autoCmd []string, comment string) error {
+func (b *Builder) commit(id string, autoCmd *runconfig.Command, comment string) error {
 	if b.disableCommit {
 		return nil
 	}
@@ -71,8 +72,8 @@ func (b *Builder) commit(id string, autoCmd []string, comment string) error {
 	b.Config.Image = b.image
 	if id == "" {
 		cmd := b.Config.Cmd
-		b.Config.Cmd = []string{"/bin/sh", "-c", "#(nop) " + comment}
-		defer func(cmd []string) { b.Config.Cmd = cmd }(cmd)
+		b.Config.Cmd = runconfig.NewCommand("/bin/sh", "-c", "#(nop) "+comment)
+		defer func(cmd *runconfig.Command) { b.Config.Cmd = cmd }(cmd)
 
 		hit, err := b.probeCache()
 		if err != nil {
@@ -146,8 +147,16 @@ func (b *Builder) runContextCommand(args []string, allowRemote bool, allowDecomp
 	// do the copy (e.g. hash value if cached).  Don't actually do
 	// the copy until we've looked at all src files
 	for _, orig := range args[0 : len(args)-1] {
-		err := calcCopyInfo(b, cmdName, &copyInfos, orig, dest, allowRemote, allowDecompression)
-		if err != nil {
+		if err := calcCopyInfo(
+			b,
+			cmdName,
+			&copyInfos,
+			orig,
+			dest,
+			allowRemote,
+			allowDecompression,
+			true,
+		); err != nil {
 			return err
 		}
 	}
@@ -182,8 +191,8 @@ func (b *Builder) runContextCommand(args []string, allowRemote bool, allowDecomp
 	}
 
 	cmd := b.Config.Cmd
-	b.Config.Cmd = []string{"/bin/sh", "-c", fmt.Sprintf("#(nop) %s %s in %s", cmdName, srcHash, dest)}
-	defer func(cmd []string) { b.Config.Cmd = cmd }(cmd)
+	b.Config.Cmd = runconfig.NewCommand("/bin/sh", "-c", fmt.Sprintf("#(nop) %s %s in %s", cmdName, srcHash, dest))
+	defer func(cmd *runconfig.Command) { b.Config.Cmd = cmd }(cmd)
 
 	hit, err := b.probeCache()
 	if err != nil {
@@ -217,7 +226,7 @@ func (b *Builder) runContextCommand(args []string, allowRemote bool, allowDecomp
 	return nil
 }
 
-func calcCopyInfo(b *Builder, cmdName string, cInfos *[]*copyInfo, origPath string, destPath string, allowRemote bool, allowDecompression bool) error {
+func calcCopyInfo(b *Builder, cmdName string, cInfos *[]*copyInfo, origPath string, destPath string, allowRemote bool, allowDecompression bool, allowWildcards bool) error {
 
 	if origPath != "" && origPath[0] == '/' && len(origPath) > 1 {
 		origPath = origPath[1:]
@@ -250,7 +259,7 @@ func calcCopyInfo(b *Builder, cmdName string, cInfos *[]*copyInfo, origPath stri
 		*cInfos = append(*cInfos, &ci)
 
 		// Initiate the download
-		resp, err := utils.Download(ci.origPath)
+		resp, err := httputils.Download(ci.origPath)
 		if err != nil {
 			return err
 		}
@@ -342,7 +351,7 @@ func calcCopyInfo(b *Builder, cmdName string, cInfos *[]*copyInfo, origPath stri
 	}
 
 	// Deal with wildcards
-	if ContainsWildcards(origPath) {
+	if allowWildcards && ContainsWildcards(origPath) {
 		for _, fileInfo := range b.context.GetSums() {
 			if fileInfo.Name() == "" {
 				continue
@@ -352,7 +361,9 @@ func calcCopyInfo(b *Builder, cmdName string, cInfos *[]*copyInfo, origPath stri
 				continue
 			}
 
-			calcCopyInfo(b, cmdName, cInfos, fileInfo.Name(), destPath, allowRemote, allowDecompression)
+			// Note we set allowWildcards to false in case the name has
+			// a * in it
+			calcCopyInfo(b, cmdName, cInfos, fileInfo.Name(), destPath, allowRemote, allowDecompression, false)
 		}
 		return nil
 	}
@@ -434,24 +445,27 @@ func (b *Builder) pullImage(name string) (*imagepkg.Image, error) {
 	if tag == "" {
 		tag = "latest"
 	}
-	job := b.Engine.Job("pull", remote, tag)
+
 	pullRegistryAuth := b.AuthConfig
-	if len(b.AuthConfigFile.Configs) > 0 {
+	if len(b.ConfigFile.AuthConfigs) > 0 {
 		// The request came with a full auth config file, we prefer to use that
-		repoInfo, err := registry.ResolveRepositoryInfo(job, remote)
+		repoInfo, err := b.Daemon.RegistryService.ResolveRepository(remote)
 		if err != nil {
 			return nil, err
 		}
-		resolvedAuth := b.AuthConfigFile.ResolveAuthConfig(repoInfo.Index)
+		resolvedAuth := registry.ResolveAuthConfig(b.ConfigFile, repoInfo.Index)
 		pullRegistryAuth = &resolvedAuth
 	}
-	job.SetenvBool("json", b.StreamFormatter.Json())
-	job.SetenvBool("parallel", true)
-	job.SetenvJson("authConfig", pullRegistryAuth)
-	job.Stdout.Add(ioutils.NopWriteCloser(b.OutOld))
-	if err := job.Run(); err != nil {
+
+	imagePullConfig := &graph.ImagePullConfig{
+		AuthConfig: pullRegistryAuth,
+		OutStream:  ioutils.NopWriteCloser(b.OutOld),
+	}
+
+	if err := b.Daemon.Repositories().Pull(remote, tag, imagePullConfig); err != nil {
 		return nil, err
 	}
+
 	image, err := b.Daemon.Repositories().LookupImage(name)
 	if err != nil {
 		return nil, err
@@ -476,7 +490,7 @@ func (b *Builder) processImageFrom(img *imagepkg.Image) error {
 		fmt.Fprintf(b.ErrStream, "# Executing %d build triggers\n", nTriggers)
 	}
 
-	// Copy the ONBUILD triggers, and remove them from the config, since the config will be commited.
+	// Copy the ONBUILD triggers, and remove them from the config, since the config will be committed.
 	onBuildTriggers := b.Config.OnBuild
 	b.Config.OnBuild = []string{}
 
@@ -521,13 +535,13 @@ func (b *Builder) probeCache() (bool, error) {
 		return false, err
 	}
 	if cache == nil {
-		log.Debugf("[BUILDER] Cache miss")
+		logrus.Debugf("[BUILDER] Cache miss")
 		b.cacheBusted = true
 		return false, nil
 	}
 
 	fmt.Fprintf(b.OutStream, " ---> Using cache\n")
-	log.Debugf("[BUILDER] Use cached version")
+	logrus.Debugf("[BUILDER] Use cached version")
 	b.image = cache.ID
 	return true, nil
 }
@@ -539,10 +553,15 @@ func (b *Builder) create() (*daemon.Container, error) {
 	b.Config.Image = b.image
 
 	hostConfig := &runconfig.HostConfig{
-		CpuShares:  b.cpuShares,
-		CpusetCpus: b.cpuSetCpus,
-		Memory:     b.memory,
-		MemorySwap: b.memorySwap,
+		CpuShares:    b.cpuShares,
+		CpuPeriod:    b.cpuPeriod,
+		CpuQuota:     b.cpuQuota,
+		CpusetCpus:   b.cpuSetCpus,
+		CpusetMems:   b.cpuSetMems,
+		CgroupParent: b.cgroupParent,
+		Memory:       b.memory,
+		MemorySwap:   b.memorySwap,
+		NetworkMode:  "bridge",
 	}
 
 	config := *b.Config
@@ -557,14 +576,15 @@ func (b *Builder) create() (*daemon.Container, error) {
 	}
 
 	b.TmpContainers[c.ID] = struct{}{}
-	fmt.Fprintf(b.OutStream, " ---> Running in %s\n", common.TruncateID(c.ID))
+	fmt.Fprintf(b.OutStream, " ---> Running in %s\n", stringid.TruncateID(c.ID))
 
-	if len(config.Cmd) > 0 {
+	if config.Cmd.Len() > 0 {
 		// override the entry point that may have been picked up from the base image
-		c.Path = config.Cmd[0]
-		c.Args = config.Cmd[1:]
+		s := config.Cmd.Slice()
+		c.Path = s[0]
+		c.Args = s[1:]
 	} else {
-		config.Cmd = []string{}
+		config.Cmd = runconfig.NewCommand()
 	}
 
 	return c, nil
@@ -573,7 +593,7 @@ func (b *Builder) create() (*daemon.Container, error) {
 func (b *Builder) run(c *daemon.Container) error {
 	var errCh chan error
 	if b.Verbose {
-		errCh = b.Daemon.Attach(&c.StreamConfig, c.Config.OpenStdin, c.Config.StdinOnce, c.Config.Tty, nil, b.OutStream, b.ErrStream)
+		errCh = c.Attach(nil, b.OutStream, b.ErrStream)
 	}
 
 	//start the container
@@ -586,7 +606,7 @@ func (b *Builder) run(c *daemon.Container) error {
 	go func() {
 		select {
 		case <-b.cancelled:
-			log.Debugln("Build cancelled, killing container:", c.ID)
+			logrus.Debugln("Build cancelled, killing container:", c.ID)
 			c.Kill()
 		case <-finished:
 		}
@@ -601,11 +621,10 @@ func (b *Builder) run(c *daemon.Container) error {
 
 	// Wait for it to finish
 	if ret, _ := c.WaitStop(-1 * time.Second); ret != 0 {
-		err := &utils.JSONError{
-			Message: fmt.Sprintf("The command %v returned a non-zero code: %d", b.Config.Cmd, ret),
+		return &jsonmessage.JSONError{
+			Message: fmt.Sprintf("The command '%s' returned a non-zero code: %d", b.Config.Cmd.ToString(), ret),
 			Code:    ret,
 		}
-		return err
 	}
 
 	return nil
@@ -637,14 +656,12 @@ func (b *Builder) addContext(container *daemon.Container, orig, dest string, dec
 		err        error
 		destExists = true
 		origPath   = path.Join(b.contextPath, orig)
-		destPath   = path.Join(container.RootfsPath(), dest)
+		destPath   string
 	)
 
-	if destPath != container.RootfsPath() {
-		destPath, err = symlink.FollowSymlinkInScope(destPath, container.RootfsPath())
-		if err != nil {
-			return err
-		}
+	destPath, err = container.GetResourcePath(dest)
+	if err != nil {
+		return err
 	}
 
 	// Preserve the trailing '/'
@@ -687,7 +704,7 @@ func (b *Builder) addContext(container *daemon.Container, orig, dest string, dec
 		if err := chrootarchive.UntarPath(origPath, tarDest); err == nil {
 			return nil
 		} else if err != io.EOF {
-			log.Debugf("Couldn't untar %s to %s: %s", origPath, tarDest, err)
+			logrus.Debugf("Couldn't untar %s to %s: %s", origPath, tarDest, err)
 		}
 	}
 
@@ -747,17 +764,15 @@ func fixPermissions(source, destination string, uid, gid int, destExisted bool)
 
 func (b *Builder) clearTmp() {
 	for c := range b.TmpContainers {
-		tmp, err := b.Daemon.Get(c)
-		if err != nil {
-			fmt.Fprint(b.OutStream, err.Error())
+		rmConfig := &daemon.ContainerRmConfig{
+			ForceRemove:  true,
+			RemoveVolume: true,
 		}
-
-		if err := b.Daemon.Rm(tmp); err != nil {
-			fmt.Fprintf(b.OutStream, "Error removing intermediate container %s: %v\n", common.TruncateID(c), err)
+		if err := b.Daemon.ContainerRm(c, rmConfig); err != nil {
+			fmt.Fprintf(b.OutStream, "Error removing intermediate container %s: %v\n", stringid.TruncateID(c), err)
 			return
 		}
-		b.Daemon.DeleteVolumes(tmp.VolumePaths())
 		delete(b.TmpContainers, c)
-		fmt.Fprintf(b.OutStream, "Removing intermediate container %s\n", common.TruncateID(c))
+		fmt.Fprintf(b.OutStream, "Removing intermediate container %s\n", stringid.TruncateID(c))
 	}
 }

builder/job.go

@@ -2,20 +2,22 @@ package builder
 
 import (
 	"bytes"
-	"encoding/json"
+	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"strings"
+	"sync"
 
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/builder/parser"
+	"github.com/docker/docker/cliconfig"
 	"github.com/docker/docker/daemon"
-	"github.com/docker/docker/engine"
-	"github.com/docker/docker/graph"
+	"github.com/docker/docker/graph/tags"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/httputils"
 	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/docker/docker/pkg/urlutil"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/runconfig"
@@ -34,169 +36,171 @@ var validCommitCommands = map[string]bool{
 	"onbuild":    true,
 }
 
-type BuilderJob struct {
-	Engine *engine.Engine
-	Daemon *daemon.Daemon
+type Config struct {
+	DockerfileName string
+	RemoteURL      string
+	RepoName       string
+	SuppressOutput bool
+	NoCache        bool
+	Remove         bool
+	ForceRemove    bool
+	Pull           bool
+	Memory         int64
+	MemorySwap     int64
+	CpuShares      int64
+	CpuPeriod      int64
+	CpuQuota       int64
+	CpuSetCpus     string
+	CpuSetMems     string
+	CgroupParent   string
+	AuthConfig     *cliconfig.AuthConfig
+	ConfigFile     *cliconfig.ConfigFile
+
+	Stdout  io.Writer
+	Context io.ReadCloser
+	// When closed, the job has been cancelled.
+	// Note: not all jobs implement cancellation.
+	// See Job.Cancel() and Job.WaitCancelled()
+	cancelled  chan struct{}
+	cancelOnce sync.Once
 }
 
-func (b *BuilderJob) Install() {
-	b.Engine.Register("build", b.CmdBuild)
-	b.Engine.Register("build_config", b.CmdBuildConfig)
+// When called, causes the Job.WaitCancelled channel to unblock.
+func (b *Config) Cancel() {
+	b.cancelOnce.Do(func() {
+		close(b.cancelled)
+	})
 }
 
-func (b *BuilderJob) CmdBuild(job *engine.Job) engine.Status {
-	if len(job.Args) != 0 {
-		return job.Errorf("Usage: %s\n", job.Name)
+// Returns a channel which is closed ("never blocks") when the job is cancelled.
+func (b *Config) WaitCancelled() <-chan struct{} {
+	return b.cancelled
+}
+
+func NewBuildConfig() *Config {
+	return &Config{
+		AuthConfig: &cliconfig.AuthConfig{},
+		ConfigFile: &cliconfig.ConfigFile{},
+		cancelled:  make(chan struct{}),
 	}
+}
+
+func Build(d *daemon.Daemon, buildConfig *Config) error {
 	var (
-		dockerfileName = job.Getenv("dockerfile")
-		remoteURL      = job.Getenv("remote")
-		repoName       = job.Getenv("t")
-		suppressOutput = job.GetenvBool("q")
-		noCache        = job.GetenvBool("nocache")
-		rm             = job.GetenvBool("rm")
-		forceRm        = job.GetenvBool("forcerm")
-		pull           = job.GetenvBool("pull")
-		memory         = job.GetenvInt64("memory")
-		memorySwap     = job.GetenvInt64("memswap")
-		cpuShares      = job.GetenvInt64("cpushares")
-		cpuSetCpus     = job.Getenv("cpusetcpus")
-		authConfig     = &registry.AuthConfig{}
-		configFile     = &registry.ConfigFile{}
-		tag            string
-		context        io.ReadCloser
+		repoName string
+		tag      string
+		context  io.ReadCloser
 	)
 
-	job.GetenvJson("authConfig", authConfig)
-	job.GetenvJson("configFile", configFile)
-
-	repoName, tag = parsers.ParseRepositoryTag(repoName)
+	repoName, tag = parsers.ParseRepositoryTag(buildConfig.RepoName)
 	if repoName != "" {
 		if err := registry.ValidateRepositoryName(repoName); err != nil {
-			return job.Error(err)
+			return err
 		}
 		if len(tag) > 0 {
-			if err := graph.ValidateTagName(tag); err != nil {
-				return job.Error(err)
+			if err := tags.ValidateTagName(tag); err != nil {
+				return err
 			}
 		}
 	}
 
-	if remoteURL == "" {
-		context = ioutil.NopCloser(job.Stdin)
-	} else if urlutil.IsGitURL(remoteURL) {
-		if !urlutil.IsGitTransport(remoteURL) {
-			remoteURL = "https://" + remoteURL
-		}
-		root, err := ioutil.TempDir("", "docker-build-git")
+	if buildConfig.RemoteURL == "" {
+		context = ioutil.NopCloser(buildConfig.Context)
+	} else if urlutil.IsGitURL(buildConfig.RemoteURL) {
+		root, err := utils.GitClone(buildConfig.RemoteURL)
 		if err != nil {
-			return job.Error(err)
+			return err
 		}
 		defer os.RemoveAll(root)
 
-		if output, err := exec.Command("git", "clone", "--recursive", remoteURL, root).CombinedOutput(); err != nil {
-			return job.Errorf("Error trying to use git: %s (%s)", err, output)
-		}
-
 		c, err := archive.Tar(root, archive.Uncompressed)
 		if err != nil {
-			return job.Error(err)
+			return err
 		}
 		context = c
-	} else if urlutil.IsURL(remoteURL) {
-		f, err := utils.Download(remoteURL)
+	} else if urlutil.IsURL(buildConfig.RemoteURL) {
+		f, err := httputils.Download(buildConfig.RemoteURL)
 		if err != nil {
-			return job.Error(err)
+			return err
 		}
 		defer f.Body.Close()
 		dockerFile, err := ioutil.ReadAll(f.Body)
 		if err != nil {
-			return job.Error(err)
+			return err
 		}
 
 		// When we're downloading just a Dockerfile put it in
 		// the default name - don't allow the client to move/specify it
-		dockerfileName = api.DefaultDockerfileName
+		buildConfig.DockerfileName = api.DefaultDockerfileName
 
-		c, err := archive.Generate(dockerfileName, string(dockerFile))
+		c, err := archive.Generate(buildConfig.DockerfileName, string(dockerFile))
 		if err != nil {
-			return job.Error(err)
+			return err
 		}
 		context = c
 	}
 	defer context.Close()
 
-	sf := utils.NewStreamFormatter(job.GetenvBool("json"))
+	sf := streamformatter.NewJSONStreamFormatter()
 
 	builder := &Builder{
-		Daemon: b.Daemon,
-		Engine: b.Engine,
-		OutStream: &utils.StdoutFormater{
-			Writer:          job.Stdout,
+		Daemon: d,
+		OutStream: &streamformatter.StdoutFormater{
+			Writer:          buildConfig.Stdout,
 			StreamFormatter: sf,
 		},
-		ErrStream: &utils.StderrFormater{
-			Writer:          job.Stdout,
+		ErrStream: &streamformatter.StderrFormater{
+			Writer:          buildConfig.Stdout,
 			StreamFormatter: sf,
 		},
-		Verbose:         !suppressOutput,
-		UtilizeCache:    !noCache,
-		Remove:          rm,
-		ForceRemove:     forceRm,
-		Pull:            pull,
-		OutOld:          job.Stdout,
+		Verbose:         !buildConfig.SuppressOutput,
+		UtilizeCache:    !buildConfig.NoCache,
+		Remove:          buildConfig.Remove,
+		ForceRemove:     buildConfig.ForceRemove,
+		Pull:            buildConfig.Pull,
+		OutOld:          buildConfig.Stdout,
 		StreamFormatter: sf,
-		AuthConfig:      authConfig,
-		AuthConfigFile:  configFile,
-		dockerfileName:  dockerfileName,
-		cpuShares:       cpuShares,
-		cpuSetCpus:      cpuSetCpus,
-		memory:          memory,
-		memorySwap:      memorySwap,
-		cancelled:       job.WaitCancelled(),
+		AuthConfig:      buildConfig.AuthConfig,
+		ConfigFile:      buildConfig.ConfigFile,
+		dockerfileName:  buildConfig.DockerfileName,
+		cpuShares:       buildConfig.CpuShares,
+		cpuPeriod:       buildConfig.CpuPeriod,
+		cpuQuota:        buildConfig.CpuQuota,
+		cpuSetCpus:      buildConfig.CpuSetCpus,
+		cpuSetMems:      buildConfig.CpuSetMems,
+		cgroupParent:    buildConfig.CgroupParent,
+		memory:          buildConfig.Memory,
+		memorySwap:      buildConfig.MemorySwap,
+		cancelled:       buildConfig.WaitCancelled(),
 	}
 
 	id, err := builder.Run(context)
 	if err != nil {
-		return job.Error(err)
+		return err
 	}
 
 	if repoName != "" {
-		b.Daemon.Repositories().Set(repoName, tag, id, true)
+		return d.Repositories().Tag(repoName, tag, id, true)
 	}
-	return engine.StatusOK
+	return nil
 }
 
-func (b *BuilderJob) CmdBuildConfig(job *engine.Job) engine.Status {
-	if len(job.Args) != 0 {
-		return job.Errorf("Usage: %s\n", job.Name)
-	}
-
-	var (
-		changes   = job.GetenvList("changes")
-		newConfig runconfig.Config
-	)
-
-	if err := job.GetenvJson("config", &newConfig); err != nil {
-		return job.Error(err)
-	}
-
+func BuildFromConfig(d *daemon.Daemon, c *runconfig.Config, changes []string) (*runconfig.Config, error) {
 	ast, err := parser.Parse(bytes.NewBufferString(strings.Join(changes, "\n")))
 	if err != nil {
-		return job.Error(err)
+		return nil, err
 	}
 
 	// ensure that the commands are valid
 	for _, n := range ast.Children {
 		if !validCommitCommands[n.Value] {
-			return job.Errorf("%s is not a valid change command", n.Value)
+			return nil, fmt.Errorf("%s is not a valid change command", n.Value)
 		}
 	}
 
 	builder := &Builder{
-		Daemon:        b.Daemon,
-		Engine:        b.Engine,
-		Config:        &newConfig,
+		Daemon:        d,
+		Config:        c,
 		OutStream:     ioutil.Discard,
 		ErrStream:     ioutil.Discard,
 		disableCommit: true,
@@ -204,12 +208,36 @@ func (b *BuilderJob) CmdBuildConfig(job *engine.Job) engine.Status {
 
 	for i, n := range ast.Children {
 		if err := builder.dispatch(i, n); err != nil {
-			return job.Error(err)
+			return nil, err
 		}
 	}
 
-	if err := json.NewEncoder(job.Stdout).Encode(builder.Config); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
+	return builder.Config, nil
+}
+
+func Commit(d *daemon.Daemon, name string, c *daemon.ContainerCommitConfig) (string, error) {
+	container, err := d.Get(name)
+	if err != nil {
+		return "", err
+	}
+
+	if c.Config == nil {
+		c.Config = &runconfig.Config{}
+	}
+
+	newConfig, err := BuildFromConfig(d, c.Config, c.Changes)
+	if err != nil {
+		return "", err
+	}
+
+	if err := runconfig.Merge(newConfig, container.Config); err != nil {
+		return "", err
+	}
+
+	img, err := d.Commit(container, c.Repo, c.Tag, c.Comment, c.Author, c.Pause, newConfig)
+	if err != nil {
+		return "", err
+	}
+
+	return img.ID, nil
 }

builder/parser/line_parsers.go

@@ -233,23 +233,24 @@ func parseString(rest string) (*Node, map[string]bool, error) {
 // parseJSON converts JSON arrays to an AST.
 func parseJSON(rest string) (*Node, map[string]bool, error) {
 	var myJson []interface{}
-	if err := json.Unmarshal([]byte(rest), &myJson); err != nil {
+	if err := json.NewDecoder(strings.NewReader(rest)).Decode(&myJson); err != nil {
 		return nil, nil, err
 	}
 
 	var top, prev *Node
 	for _, str := range myJson {
-		if s, ok := str.(string); !ok {
+		s, ok := str.(string)
+		if !ok {
 			return nil, nil, errDockerfileNotStringArray
-		} else {
-			node := &Node{Value: s}
-			if prev == nil {
-				top = node
-			} else {
-				prev.Next = node
-			}
-			prev = node
 		}
+
+		node := &Node{Value: s}
+		if prev == nil {
+			top = node
+		} else {
+			prev.Next = node
+		}
+		prev = node
 	}
 
 	return top, map[string]bool{"json": true}, nil
@@ -278,7 +279,7 @@ func parseMaybeJSON(rest string) (*Node, map[string]bool, error) {
 }
 
 // parseMaybeJSONToList determines if the argument appears to be a JSON array. If
-// so, passes to parseJSON; if not, attmpts to parse it as a whitespace
+// so, passes to parseJSON; if not, attempts to parse it as a whitespace
 // delimited string.
 func parseMaybeJSONToList(rest string) (*Node, map[string]bool, error) {
 	node, attrs, err := parseJSON(rest)

builder/parser/parser.go

@@ -29,6 +29,7 @@ type Node struct {
 	Children   []*Node         // the children of this sexp
 	Attributes map[string]bool // special attributes for this node
 	Original   string          // original line used before parsing
+	Flags      []string        // only top Node should have this set
 }
 
 var (
@@ -60,7 +61,6 @@ func init() {
 		command.Entrypoint: parseMaybeJSON,
 		command.Expose:     parseStringsWhitespaceDelimited,
 		command.Volume:     parseMaybeJSONToList,
-		command.Insert:     parseIgnore,
 	}
 }
 
@@ -75,7 +75,7 @@ func parseLine(line string) (string, *Node, error) {
 		return line, nil, nil
 	}
 
-	cmd, args, err := splitCommand(line)
+	cmd, flags, args, err := splitCommand(line)
 	if err != nil {
 		return "", nil, err
 	}
@@ -91,6 +91,7 @@ func parseLine(line string) (string, *Node, error) {
 	node.Next = sexp
 	node.Attributes = attrs
 	node.Original = line
+	node.Flags = flags
 
 	return "", node, nil
 }

builder/parser/testfiles/flags/Dockerfile

@@ -0,0 +1,10 @@
+FROM scratch
+COPY foo /tmp/
+COPY --user=me foo /tmp/
+COPY --doit=true foo /tmp/
+COPY --user=me --doit=true foo /tmp/
+COPY --doit=true -- foo /tmp/
+COPY -- foo /tmp/
+CMD --doit [ "a", "b" ]
+CMD --doit=true -- [ "a", "b" ]
+CMD --doit -- [ ]

builder/parser/testfiles/flags/result

@@ -0,0 +1,10 @@
+(from "scratch")
+(copy "foo" "/tmp/")
+(copy ["--user=me"] "foo" "/tmp/")
+(copy ["--doit=true"] "foo" "/tmp/")
+(copy ["--user=me" "--doit=true"] "foo" "/tmp/")
+(copy ["--doit=true"] "foo" "/tmp/")
+(copy "foo" "/tmp/")
+(cmd ["--doit"] "a" "b")
+(cmd ["--doit=true"] "a" "b")
+(cmd ["--doit"])

builder/parser/utils.go

@@ -1,8 +1,10 @@
 package parser
 
 import (
+	"fmt"
 	"strconv"
 	"strings"
+	"unicode"
 )
 
 // dumps the AST defined by `node` as a list of sexps. Returns a string
@@ -11,6 +13,10 @@ func (node *Node) Dump() string {
 	str := ""
 	str += node.Value
 
+	if len(node.Flags) > 0 {
+		str += fmt.Sprintf(" %q", node.Flags)
+	}
+
 	for _, n := range node.Children {
 		str += "(" + n.Dump() + ")\n"
 	}
@@ -48,20 +54,23 @@ func fullDispatch(cmd, args string) (*Node, map[string]bool, error) {
 
 // splitCommand takes a single line of text and parses out the cmd and args,
 // which are used for dispatching to more exact parsing functions.
-func splitCommand(line string) (string, string, error) {
+func splitCommand(line string) (string, []string, string, error) {
 	var args string
+	var flags []string
 
 	// Make sure we get the same results irrespective of leading/trailing spaces
 	cmdline := TOKEN_WHITESPACE.Split(strings.TrimSpace(line), 2)
 	cmd := strings.ToLower(cmdline[0])
 
 	if len(cmdline) == 2 {
-		args = strings.TrimSpace(cmdline[1])
+		var err error
+		args, flags, err = extractBuilderFlags(cmdline[1])
+		if err != nil {
+			return "", nil, "", err
+		}
 	}
 
-	// the cmd should never have whitespace, but it's possible for the args to
-	// have trailing whitespace.
-	return cmd, args, nil
+	return cmd, flags, strings.TrimSpace(args), nil
 }
 
 // covers comments and empty lines. Lines should be trimmed before passing to
@@ -74,3 +83,94 @@ func stripComments(line string) string {
 
 	return line
 }
+
+func extractBuilderFlags(line string) (string, []string, error) {
+	// Parses the BuilderFlags and returns the remaining part of the line
+
+	const (
+		inSpaces = iota // looking for start of a word
+		inWord
+		inQuote
+	)
+
+	words := []string{}
+	phase := inSpaces
+	word := ""
+	quote := '\000'
+	blankOK := false
+	var ch rune
+
+	for pos := 0; pos <= len(line); pos++ {
+		if pos != len(line) {
+			ch = rune(line[pos])
+		}
+
+		if phase == inSpaces { // Looking for start of word
+			if pos == len(line) { // end of input
+				break
+			}
+			if unicode.IsSpace(ch) { // skip spaces
+				continue
+			}
+
+			// Only keep going if the next word starts with --
+			if ch != '-' || pos+1 == len(line) || rune(line[pos+1]) != '-' {
+				return line[pos:], words, nil
+			}
+
+			phase = inWord // found someting with "--", fall thru
+		}
+		if (phase == inWord || phase == inQuote) && (pos == len(line)) {
+			if word != "--" && (blankOK || len(word) > 0) {
+				words = append(words, word)
+			}
+			break
+		}
+		if phase == inWord {
+			if unicode.IsSpace(ch) {
+				phase = inSpaces
+				if word == "--" {
+					return line[pos:], words, nil
+				}
+				if blankOK || len(word) > 0 {
+					words = append(words, word)
+				}
+				word = ""
+				blankOK = false
+				continue
+			}
+			if ch == '\'' || ch == '"' {
+				quote = ch
+				blankOK = true
+				phase = inQuote
+				continue
+			}
+			if ch == '\\' {
+				if pos+1 == len(line) {
+					continue // just skip \ at end
+				}
+				pos++
+				ch = rune(line[pos])
+			}
+			word += string(ch)
+			continue
+		}
+		if phase == inQuote {
+			if ch == quote {
+				phase = inWord
+				continue
+			}
+			if ch == '\\' {
+				if pos+1 == len(line) {
+					phase = inWord
+					continue // just skip \ at end
+				}
+				pos++
+				ch = rune(line[pos])
+			}
+			word += string(ch)
+		}
+	}
+
+	return "", words, nil
+}

builder/shell_parser.go

@@ -157,15 +157,47 @@ func (sw *shellWord) processDollar() (string, error) {
 			sw.next()
 			return sw.getEnv(name), nil
 		}
-		return "", fmt.Errorf("Unsupported ${} substitution: %s", sw.word)
-	} else {
-		// $xxx case
-		name := sw.processName()
-		if name == "" {
-			return "$", nil
+		if ch == ':' {
+			// Special ${xx:...} format processing
+			// Yes it allows for recursive $'s in the ... spot
+
+			sw.next() // skip over :
+			modifier := sw.next()
+
+			word, err := sw.processStopOn('}')
+			if err != nil {
+				return "", err
+			}
+
+			// Grab the current value of the variable in question so we
+			// can use to to determine what to do based on the modifier
+			newValue := sw.getEnv(name)
+
+			switch modifier {
+			case '+':
+				if newValue != "" {
+					newValue = word
+				}
+				return newValue, nil
+
+			case '-':
+				if newValue == "" {
+					newValue = word
+				}
+				return newValue, nil
+
+			default:
+				return "", fmt.Errorf("Unsupported modifier (%c) in substitution: %s", modifier, sw.word)
+			}
 		}
-		return sw.getEnv(name), nil
+		return "", fmt.Errorf("Missing ':' in substitution: %s", sw.word)
 	}
+	// $xxx case
+	name := sw.processName()
+	if name == "" {
+		return "$", nil
+	}
+	return sw.getEnv(name), nil
 }
 
 func (sw *shellWord) processName() string {

builder/words

@@ -15,7 +15,7 @@ hello\\                  |     hello\
 'hello\'                 |     hello\
 "''"                     |     ''
 $.                       |     $.
-$1                       |     
+$1                       |
 he$1x                    |     hex
 he$.x                    |     he$.x
 he$pwd.                  |     he.
@@ -30,6 +30,17 @@ he${hi}                  |     he
 he${hi}xx                |     hexx
 he${PWD}                 |     he/home
 he${.}                   |     error
+he${XXX:-000}xx          |     he000xx
+he${PWD:-000}xx          |     he/homexx
+he${XXX:-$PWD}xx         |     he/homexx
+he${XXX:-${PWD:-yyy}}xx  |     he/homexx
+he${XXX:-${YYY:-yyy}}xx  |     heyyyxx
+he${XXX:YYY}             |     error
+he${XXX:+${PWD}}xx       |     hexx
+he${PWD:+${XXX}}xx       |     hexx
+he${PWD:+${SHELL}}xx     |     hebashxx
+he${XXX:+000}xx          |     hexx
+he${PWD:+000}xx          |     he000xx
 'he${XX}'                |     he${XX}
 "he${PWD}"               |     he/home
 "he'$PWD'"               |     he'/home'
@@ -41,3 +52,7 @@ he\$PWD                  |     he$PWD
 "he\$PWD"                |     he$PWD
 'he\$PWD'                |     he\$PWD
 he${PWD                  |     error
+he${PWD:=000}xx          |     error
+he${PWD:+${PWD}:}xx      |     he/home:xx
+he${XXX:-\$PWD:}xx       |     he$PWD:xx
+he${XXX:-\${PWD}z}xx     |     he${PWDz}xx

builtins/builtins.go

@@ -1,75 +0,0 @@
-package builtins
-
-import (
-	"runtime"
-
-	"github.com/docker/docker/api"
-	apiserver "github.com/docker/docker/api/server"
-	"github.com/docker/docker/autogen/dockerversion"
-	"github.com/docker/docker/daemon/networkdriver/bridge"
-	"github.com/docker/docker/engine"
-	"github.com/docker/docker/events"
-	"github.com/docker/docker/pkg/parsers/kernel"
-)
-
-func Register(eng *engine.Engine) error {
-	if err := daemon(eng); err != nil {
-		return err
-	}
-	if err := remote(eng); err != nil {
-		return err
-	}
-	if err := events.New().Install(eng); err != nil {
-		return err
-	}
-	if err := eng.Register("version", dockerVersion); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// remote: a RESTful api for cross-docker communication
-func remote(eng *engine.Engine) error {
-	if err := eng.Register("serveapi", apiserver.ServeApi); err != nil {
-		return err
-	}
-	return eng.Register("acceptconnections", apiserver.AcceptConnections)
-}
-
-// daemon: a default execution and storage backend for Docker on Linux,
-// with the following underlying components:
-//
-// * Pluggable storage drivers including aufs, vfs, lvm and btrfs.
-// * Pluggable execution drivers including lxc and chroot.
-//
-// In practice `daemon` still includes most core Docker components, including:
-//
-// * The reference registry client implementation
-// * Image management
-// * The build facility
-// * Logging
-//
-// These components should be broken off into plugins of their own.
-//
-func daemon(eng *engine.Engine) error {
-	return eng.Register("init_networkdriver", bridge.InitDriver)
-}
-
-// builtins jobs independent of any subsystem
-func dockerVersion(job *engine.Job) engine.Status {
-	v := &engine.Env{}
-	v.SetJson("Version", dockerversion.VERSION)
-	v.SetJson("ApiVersion", api.APIVERSION)
-	v.SetJson("GitCommit", dockerversion.GITCOMMIT)
-	v.Set("GoVersion", runtime.Version())
-	v.Set("Os", runtime.GOOS)
-	v.Set("Arch", runtime.GOARCH)
-	if kernelVersion, err := kernel.GetKernelVersion(); err == nil {
-		v.Set("KernelVersion", kernelVersion.String())
-	}
-	if _, err := v.WriteTo(job.Stdout); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}

cliconfig/config.go

@@ -0,0 +1,207 @@
+package cliconfig
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/pkg/homedir"
+)
+
+const (
+	// Where we store the config file
+	CONFIGFILE     = "config.json"
+	OLD_CONFIGFILE = ".dockercfg"
+
+	// This constant is only used for really old config files when the
+	// URL wasn't saved as part of the config file and it was just
+	// assumed to be this value.
+	DEFAULT_INDEXSERVER = "https://index.docker.io/v1/"
+)
+
+var (
+	ErrConfigFileMissing = errors.New("The Auth config file is missing")
+)
+
+// Registry Auth Info
+type AuthConfig struct {
+	Username      string `json:"username,omitempty"`
+	Password      string `json:"password,omitempty"`
+	Auth          string `json:"auth"`
+	Email         string `json:"email"`
+	ServerAddress string `json:"serveraddress,omitempty"`
+}
+
+// ~/.docker/config.json file info
+type ConfigFile struct {
+	AuthConfigs map[string]AuthConfig `json:"auths"`
+	HttpHeaders map[string]string     `json:"HttpHeaders,omitempty"`
+	filename    string                // Note: not serialized - for internal use only
+}
+
+func NewConfigFile(fn string) *ConfigFile {
+	return &ConfigFile{
+		AuthConfigs: make(map[string]AuthConfig),
+		HttpHeaders: make(map[string]string),
+		filename:    fn,
+	}
+}
+
+// load up the auth config information and return values
+// FIXME: use the internal golang config parser
+func Load(configDir string) (*ConfigFile, error) {
+	if configDir == "" {
+		configDir = filepath.Join(homedir.Get(), ".docker")
+	}
+
+	configFile := ConfigFile{
+		AuthConfigs: make(map[string]AuthConfig),
+		filename:    filepath.Join(configDir, CONFIGFILE),
+	}
+
+	// Try happy path first - latest config file
+	if _, err := os.Stat(configFile.filename); err == nil {
+		file, err := os.Open(configFile.filename)
+		if err != nil {
+			return &configFile, err
+		}
+		defer file.Close()
+
+		if err := json.NewDecoder(file).Decode(&configFile); err != nil {
+			return &configFile, err
+		}
+
+		for addr, ac := range configFile.AuthConfigs {
+			ac.Username, ac.Password, err = DecodeAuth(ac.Auth)
+			if err != nil {
+				return &configFile, err
+			}
+			ac.Auth = ""
+			ac.ServerAddress = addr
+			configFile.AuthConfigs[addr] = ac
+		}
+
+		return &configFile, nil
+	} else if !os.IsNotExist(err) {
+		// if file is there but we can't stat it for any reason other
+		// than it doesn't exist then stop
+		return &configFile, err
+	}
+
+	// Can't find latest config file so check for the old one
+	confFile := filepath.Join(homedir.Get(), OLD_CONFIGFILE)
+
+	if _, err := os.Stat(confFile); err != nil {
+		return &configFile, nil //missing file is not an error
+	}
+
+	b, err := ioutil.ReadFile(confFile)
+	if err != nil {
+		return &configFile, err
+	}
+
+	if err := json.Unmarshal(b, &configFile.AuthConfigs); err != nil {
+		arr := strings.Split(string(b), "\n")
+		if len(arr) < 2 {
+			return &configFile, fmt.Errorf("The Auth config file is empty")
+		}
+		authConfig := AuthConfig{}
+		origAuth := strings.Split(arr[0], " = ")
+		if len(origAuth) != 2 {
+			return &configFile, fmt.Errorf("Invalid Auth config file")
+		}
+		authConfig.Username, authConfig.Password, err = DecodeAuth(origAuth[1])
+		if err != nil {
+			return &configFile, err
+		}
+		origEmail := strings.Split(arr[1], " = ")
+		if len(origEmail) != 2 {
+			return &configFile, fmt.Errorf("Invalid Auth config file")
+		}
+		authConfig.Email = origEmail[1]
+		authConfig.ServerAddress = DEFAULT_INDEXSERVER
+		configFile.AuthConfigs[DEFAULT_INDEXSERVER] = authConfig
+	} else {
+		for k, authConfig := range configFile.AuthConfigs {
+			authConfig.Username, authConfig.Password, err = DecodeAuth(authConfig.Auth)
+			if err != nil {
+				return &configFile, err
+			}
+			authConfig.Auth = ""
+			authConfig.ServerAddress = k
+			configFile.AuthConfigs[k] = authConfig
+		}
+	}
+	return &configFile, nil
+}
+
+func (configFile *ConfigFile) Save() error {
+	// Encode sensitive data into a new/temp struct
+	tmpAuthConfigs := make(map[string]AuthConfig, len(configFile.AuthConfigs))
+	for k, authConfig := range configFile.AuthConfigs {
+		authCopy := authConfig
+
+		authCopy.Auth = EncodeAuth(&authCopy)
+		authCopy.Username = ""
+		authCopy.Password = ""
+		authCopy.ServerAddress = ""
+		tmpAuthConfigs[k] = authCopy
+	}
+
+	saveAuthConfigs := configFile.AuthConfigs
+	configFile.AuthConfigs = tmpAuthConfigs
+	defer func() { configFile.AuthConfigs = saveAuthConfigs }()
+
+	data, err := json.MarshalIndent(configFile, "", "\t")
+	if err != nil {
+		return err
+	}
+
+	if err := os.MkdirAll(filepath.Dir(configFile.filename), 0700); err != nil {
+		return err
+	}
+
+	if err := ioutil.WriteFile(configFile.filename, data, 0600); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (config *ConfigFile) Filename() string {
+	return config.filename
+}
+
+// create a base64 encoded auth string to store in config
+func EncodeAuth(authConfig *AuthConfig) string {
+	authStr := authConfig.Username + ":" + authConfig.Password
+	msg := []byte(authStr)
+	encoded := make([]byte, base64.StdEncoding.EncodedLen(len(msg)))
+	base64.StdEncoding.Encode(encoded, msg)
+	return string(encoded)
+}
+
+// decode the auth string
+func DecodeAuth(authStr string) (string, string, error) {
+	decLen := base64.StdEncoding.DecodedLen(len(authStr))
+	decoded := make([]byte, decLen)
+	authByte := []byte(authStr)
+	n, err := base64.StdEncoding.Decode(decoded, authByte)
+	if err != nil {
+		return "", "", err
+	}
+	if n > decLen {
+		return "", "", fmt.Errorf("Something went wrong decoding auth config")
+	}
+	arr := strings.SplitN(string(decoded), ":", 2)
+	if len(arr) != 2 {
+		return "", "", fmt.Errorf("Invalid auth configuration file")
+	}
+	password := strings.Trim(arr[1], "\x00")
+	return arr[0], password, nil
+}

cliconfig/config_file_test.go

@@ -0,0 +1,157 @@
+package cliconfig
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/docker/docker/pkg/homedir"
+)
+
+func TestMissingFile(t *testing.T) {
+	tmpHome, _ := ioutil.TempDir("", "config-test")
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on missing file: %q", err)
+	}
+
+	// Now save it and make sure it shows up in new form
+	err = config.Save()
+	if err != nil {
+		t.Fatalf("Failed to save: %q", err)
+	}
+
+	buf, err := ioutil.ReadFile(filepath.Join(tmpHome, CONFIGFILE))
+	if !strings.Contains(string(buf), `"auths":`) {
+		t.Fatalf("Should have save in new form: %s", string(buf))
+	}
+}
+
+func TestSaveFileToDirs(t *testing.T) {
+	tmpHome, _ := ioutil.TempDir("", "config-test")
+
+	tmpHome += "/.docker"
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on missing file: %q", err)
+	}
+
+	// Now save it and make sure it shows up in new form
+	err = config.Save()
+	if err != nil {
+		t.Fatalf("Failed to save: %q", err)
+	}
+
+	buf, err := ioutil.ReadFile(filepath.Join(tmpHome, CONFIGFILE))
+	if !strings.Contains(string(buf), `"auths":`) {
+		t.Fatalf("Should have save in new form: %s", string(buf))
+	}
+}
+
+func TestEmptyFile(t *testing.T) {
+	tmpHome, _ := ioutil.TempDir("", "config-test")
+	fn := filepath.Join(tmpHome, CONFIGFILE)
+	ioutil.WriteFile(fn, []byte(""), 0600)
+
+	_, err := Load(tmpHome)
+	if err == nil {
+		t.Fatalf("Was supposed to fail")
+	}
+}
+
+func TestEmptyJson(t *testing.T) {
+	tmpHome, _ := ioutil.TempDir("", "config-test")
+	fn := filepath.Join(tmpHome, CONFIGFILE)
+	ioutil.WriteFile(fn, []byte("{}"), 0600)
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	// Now save it and make sure it shows up in new form
+	err = config.Save()
+	if err != nil {
+		t.Fatalf("Failed to save: %q", err)
+	}
+
+	buf, err := ioutil.ReadFile(filepath.Join(tmpHome, CONFIGFILE))
+	if !strings.Contains(string(buf), `"auths":`) {
+		t.Fatalf("Should have save in new form: %s", string(buf))
+	}
+}
+
+func TestOldJson(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		return
+	}
+
+	tmpHome, _ := ioutil.TempDir("", "config-test")
+	defer os.RemoveAll(tmpHome)
+
+	homeKey := homedir.Key()
+	homeVal := homedir.Get()
+
+	defer func() { os.Setenv(homeKey, homeVal) }()
+	os.Setenv(homeKey, tmpHome)
+
+	fn := filepath.Join(tmpHome, OLD_CONFIGFILE)
+	js := `{"https://index.docker.io/v1/":{"auth":"am9lam9lOmhlbGxv","email":"user@example.com"}}`
+	ioutil.WriteFile(fn, []byte(js), 0600)
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	ac := config.AuthConfigs["https://index.docker.io/v1/"]
+	if ac.Email != "user@example.com" || ac.Username != "joejoe" || ac.Password != "hello" {
+		t.Fatalf("Missing data from parsing:\n%q", config)
+	}
+
+	// Now save it and make sure it shows up in new form
+	err = config.Save()
+	if err != nil {
+		t.Fatalf("Failed to save: %q", err)
+	}
+
+	buf, err := ioutil.ReadFile(filepath.Join(tmpHome, CONFIGFILE))
+	if !strings.Contains(string(buf), `"auths":`) ||
+		!strings.Contains(string(buf), "user@example.com") {
+		t.Fatalf("Should have save in new form: %s", string(buf))
+	}
+}
+
+func TestNewJson(t *testing.T) {
+	tmpHome, _ := ioutil.TempDir("", "config-test")
+	fn := filepath.Join(tmpHome, CONFIGFILE)
+	js := ` { "auths": { "https://index.docker.io/v1/": { "auth": "am9lam9lOmhlbGxv", "email": "user@example.com" } } }`
+	ioutil.WriteFile(fn, []byte(js), 0600)
+
+	config, err := Load(tmpHome)
+	if err != nil {
+		t.Fatalf("Failed loading on empty json file: %q", err)
+	}
+
+	ac := config.AuthConfigs["https://index.docker.io/v1/"]
+	if ac.Email != "user@example.com" || ac.Username != "joejoe" || ac.Password != "hello" {
+		t.Fatalf("Missing data from parsing:\n%q", config)
+	}
+
+	// Now save it and make sure it shows up in new form
+	err = config.Save()
+	if err != nil {
+		t.Fatalf("Failed to save: %q", err)
+	}
+
+	buf, err := ioutil.ReadFile(filepath.Join(tmpHome, CONFIGFILE))
+	if !strings.Contains(string(buf), `"auths":`) ||
+		!strings.Contains(string(buf), "user@example.com") {
+		t.Fatalf("Should have save in new form: %s", string(buf))
+	}
+}

contrib/builder/deb/README.md

@@ -0,0 +1,5 @@
+# `dockercore/builder-deb`
+
+This image's tags contain the dependencies for building Docker `.deb`s for each of the Debian-based platforms Docker targets.
+
+To add new tags, see [`contrib/builder/deb` in https://github.com/docker/docker](https://github.com/docker/docker/tree/master/contrib/builder/deb), specifically the `generate.sh` script, whose usage is described in a comment at the top of the file.

contrib/builder/deb/build.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+set -x
+./generate.sh
+for d in */; do
+	docker build -t "dockercore/builder-deb:$(basename "$d")" "$d"
+done

contrib/builder/deb/debian-jessie/Dockerfile

@@ -0,0 +1,14 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/generate.sh"!
+#
+
+FROM debian:jessie
+
+RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.4.2
+RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS apparmor selinux

contrib/builder/deb/debian-stretch/Dockerfile

@@ -0,0 +1,14 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/generate.sh"!
+#
+
+FROM debian:stretch
+
+RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.4.2
+RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS apparmor selinux

contrib/builder/deb/debian-wheezy/Dockerfile

@@ -0,0 +1,15 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/generate.sh"!
+#
+
+FROM debian:wheezy
+RUN echo deb http://http.debian.net/debian wheezy-backports main > /etc/apt/sources.list.d/wheezy-backports.list
+
+RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.4.2
+RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS apparmor selinux

contrib/builder/deb/generate.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+set -e
+
+# usage: ./generate.sh [versions]
+#    ie: ./generate.sh
+#        to update all Dockerfiles in this directory
+#    or: ./generate.sh debian-jessie
+#        to only update debian-jessie/Dockerfile
+#    or: ./generate.sh debian-newversion
+#        to create a new folder and a Dockerfile within it
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+versions=( "$@" )
+if [ ${#versions[@]} -eq 0 ]; then
+	versions=( */ )
+fi
+versions=( "${versions[@]%/}" )
+
+for version in "${versions[@]}"; do
+	distro="${version%-*}"
+	suite="${version##*-}"
+	from="${distro}:${suite}"
+
+	mkdir -p "$version"
+	echo "$version -> FROM $from"
+	cat > "$version/Dockerfile" <<-EOF
+		#
+		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/generate.sh"!
+		#
+
+		FROM $from
+	EOF
+
+	case "$from" in
+		debian:wheezy)
+			# add -backports, like our users have to
+			echo "RUN echo deb http://http.debian.net/debian $suite-backports main > /etc/apt/sources.list.d/$suite-backports.list" >> "$version/Dockerfile"
+			;;
+	esac
+
+	echo >> "$version/Dockerfile"
+
+	# this list is sorted alphabetically; please keep it that way
+	packages=(
+		bash-completion # for bash-completion debhelper integration
+		btrfs-tools # for "btrfs/ioctl.h" (and "version.h" if possible)
+		build-essential # "essential for building Debian packages"
+		curl ca-certificates # for downloading Go
+		debhelper # for easy ".deb" building
+		dh-systemd # for systemd debhelper integration
+		git # for "git commit" info in "docker -v"
+		libapparmor-dev # for "sys/apparmor.h"
+		libdevmapper-dev # for "libdevmapper.h"
+		libsqlite3-dev # for "sqlite3.h"
+	)
+	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
+	echo 'RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
+	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
+	awk '$1 == "ENV" && $2 == "DOCKER_BUILDTAGS" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
+done

contrib/builder/deb/ubuntu-debootstrap-trusty/Dockerfile

@@ -0,0 +1,14 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/generate.sh"!
+#
+
+FROM ubuntu-debootstrap:trusty
+
+RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.4.2
+RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS apparmor selinux

contrib/builder/deb/ubuntu-debootstrap-utopic/Dockerfile

@@ -0,0 +1,14 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/generate.sh"!
+#
+
+FROM ubuntu-debootstrap:utopic
+
+RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.4.2
+RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS apparmor selinux

contrib/builder/deb/ubuntu-debootstrap-vivid/Dockerfile

@@ -0,0 +1,14 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/generate.sh"!
+#
+
+FROM ubuntu-debootstrap:vivid
+
+RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
+ENV GO_VERSION 1.4.2
+RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS apparmor selinux

contrib/builder/rpm/README.md

@@ -0,0 +1,5 @@
+# `dockercore/builder-rpm`
+
+This image's tags contain the dependencies for building Docker `.rpm`s for each of the RPM-based platforms Docker targets.
+
+To add new tags, see [`contrib/builder/rpm` in https://github.com/docker/docker](https://github.com/docker/docker/tree/master/contrib/builder/rpm), specifically the `generate.sh` script, whose usage is described in a comment at the top of the file.

contrib/builder/rpm/build.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+set -x
+./generate.sh
+for d in */; do
+	docker build -t "dockercore/builder-rpm:$(basename "$d")" "$d"
+done

contrib/builder/rpm/centos-6/Dockerfile

@@ -0,0 +1,15 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/generate.sh"!
+#
+
+FROM centos:6
+
+RUN yum groupinstall -y "Development Tools"
+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel sqlite-devel tar
+
+ENV GO_VERSION 1.4.2
+RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS selinux exclude_graphdriver_btrfs

contrib/builder/rpm/centos-7/Dockerfile

@@ -0,0 +1,15 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/generate.sh"!
+#
+
+FROM centos:7
+
+RUN yum groupinstall -y "Development Tools"
+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel sqlite-devel tar
+
+ENV GO_VERSION 1.4.2
+RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS selinux

contrib/builder/rpm/fedora-20/Dockerfile

@@ -0,0 +1,15 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/generate.sh"!
+#
+
+FROM fedora:20
+
+RUN yum install -y @development-tools fedora-packager
+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel sqlite-devel tar
+
+ENV GO_VERSION 1.4.2
+RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS selinux

contrib/builder/rpm/fedora-21/Dockerfile

@@ -0,0 +1,15 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/generate.sh"!
+#
+
+FROM fedora:21
+
+RUN yum install -y @development-tools fedora-packager
+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel sqlite-devel tar
+
+ENV GO_VERSION 1.4.2
+RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS selinux

contrib/builder/rpm/fedora-22/Dockerfile

@@ -0,0 +1,15 @@
+#
+# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/generate.sh"!
+#
+
+FROM fedora:22
+
+RUN yum install -y @development-tools fedora-packager
+RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel sqlite-devel tar
+
+ENV GO_VERSION 1.4.2
+RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
+ENV PATH $PATH:/usr/local/go/bin
+
+ENV AUTO_GOPATH 1
+ENV DOCKER_BUILDTAGS selinux

contrib/builder/rpm/generate.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+set -e
+
+# usage: ./generate.sh [versions]
+#    ie: ./generate.sh
+#        to update all Dockerfiles in this directory
+#    or: ./generate.sh
+#        to only update fedora-20/Dockerfile
+#    or: ./generate.sh fedora-newversion
+#        to create a new folder and a Dockerfile within it
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+versions=( "$@" )
+if [ ${#versions[@]} -eq 0 ]; then
+	versions=( */ )
+fi
+versions=( "${versions[@]%/}" )
+
+for version in "${versions[@]}"; do
+	distro="${version%-*}"
+	suite="${version##*-}"
+	from="${distro}:${suite}"
+
+	mkdir -p "$version"
+	echo "$version -> FROM $from"
+	cat > "$version/Dockerfile" <<-EOF
+		#
+		# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/generate.sh"!
+		#
+
+		FROM $from
+	EOF
+
+	echo >> "$version/Dockerfile"
+
+	case "$from" in
+		centos:*)
+			# get "Development Tools" packages dependencies
+			echo 'RUN yum groupinstall -y "Development Tools"' >> "$version/Dockerfile"
+			;;
+		*)
+			echo 'RUN yum install -y @development-tools fedora-packager' >> "$version/Dockerfile"
+			;;
+	esac
+
+	# this list is sorted alphabetically; please keep it that way
+	packages=(
+		btrfs-progs-devel # for "btrfs/ioctl.h" (and "version.h" if possible)
+		device-mapper-devel # for "libdevmapper.h"
+		glibc-static
+		libselinux-devel # for "libselinux.so"
+		sqlite-devel # for "sqlite3.h"
+		tar # older versions of dev-tools don't have tar
+	)
+	echo "RUN yum install -y ${packages[*]}" >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
+	echo 'RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
+	echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
+
+	echo >> "$version/Dockerfile"
+
+	echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
+
+	if [ "$from" == "centos:6" ]; then
+		echo 'ENV DOCKER_BUILDTAGS selinux exclude_graphdriver_btrfs' >> "$version/Dockerfile"
+	else
+		echo 'ENV DOCKER_BUILDTAGS selinux' >> "$version/Dockerfile"
+	fi
+done